New "chroot" feature (from Benjamin Pineau), introducing new configuration

[ngircd-alex.git] / src / ngircd / ngircd.c

diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c
index 597e0dffa34627c57e8ff185724757954691f4d0..8ced6e3f8903c8698e2aa505c8c558a15798b539 100644 (file)
--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@@ -1,22 +1,21 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2004 by Alexander Barton (alex@barton.de)
  *
- * Dieses Programm ist freie Software. Sie koennen es unter den Bedingungen
- * der GNU General Public License (GPL), wie von der Free Software Foundation
- * herausgegeben, weitergeben und/oder modifizieren, entweder unter Version 2
- * der Lizenz oder (wenn Sie es wuenschen) jeder spaeteren Version.
- * Naehere Informationen entnehmen Sie bitter der Datei COPYING. Eine Liste
- * der an ngIRCd beteiligten Autoren finden Sie in der Datei AUTHORS.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: ngircd.c,v 1.58 2002/11/10 13:38:41 alex Exp $
- *
- * ngircd.c: Hier beginnt alles ;-)
+ * Main program -- main()
  */
 
 
 #include "portab.h"
 
+static char UNUSED id[] = "$Id: ngircd.c,v 1.84 2004/05/07 11:19:21 alex Exp $";
+
 #include "imp.h"
 #include <assert.h>
 #include <errno.h>
@@ -25,10 +24,10 @@
 #include <signal.h>
 #include <string.h>
 #include <unistd.h>
+#include <time.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
-#include <time.h>
 #include <pwd.h>
 #include <grp.h>
 
@@ -44,6 +43,10 @@
 #include "parse.h"
 #include "irc.h"
 
+#ifdef RENDEZVOUS
+#include "rendezvous.h"
+#endif
+
 #include "exp.h"
 #include "ngircd.h"
 
@@ -51,8 +54,6 @@
 LOCAL VOID Initialize_Signal_Handler PARAMS(( VOID ));
 LOCAL VOID Signal_Handler PARAMS(( INT Signal ));
 
-LOCAL VOID Initialize_Listen_Ports PARAMS(( VOID ));
-
 LOCAL VOID Show_Version PARAMS(( VOID ));
 LOCAL VOID Show_Help PARAMS(( VOID ));
 
@@ -68,17 +69,16 @@ main( int argc, const char *argv[] )
 
        umask( 0077 );
 
-       NGIRCd_Restart = FALSE;
-       NGIRCd_Quit = FALSE;
-       NGIRCd_NoDaemon = FALSE;
-       NGIRCd_Passive = FALSE;
+       NGIRCd_SignalQuit = NGIRCd_SignalRestart = NGIRCd_SignalRehash = FALSE;
+       NGIRCd_NoDaemon = NGIRCd_Passive = FALSE;
 #ifdef DEBUG
        NGIRCd_Debug = FALSE;
 #endif
 #ifdef SNIFFER
        NGIRCd_Sniffer = FALSE;
 #endif
-       strcpy( NGIRCd_ConfFile, CONFIG_FILE );
+       strlcpy( NGIRCd_ConfFile, SYSCONFDIR, sizeof( NGIRCd_ConfFile ));
+       strlcat( NGIRCd_ConfFile, CONFIG_FILE, sizeof( NGIRCd_ConfFile ));
 
        /* Kommandozeile parsen */
        for( i = 1; i < argc; i++ )
@@ -92,11 +92,10 @@ main( int argc, const char *argv[] )
                        {
                                if( i + 1 < argc )
                                {
-                                       /* Ok, danach kommt noch ein Parameter */
-                                       strncpy( NGIRCd_ConfFile, argv[i + 1], FNAME_LEN - 1 );
-                                       NGIRCd_ConfFile[FNAME_LEN - 1] = '\0';
+                                       /* Ok, there's an parameter left */
+                                       strlcpy( NGIRCd_ConfFile, argv[i + 1], sizeof( NGIRCd_ConfFile ));
 
-                                       /* zum uebernaechsten Parameter */
+                                       /* next parameter */
                                        i++; ok = TRUE;
                                }
                        }
@@ -159,11 +158,10 @@ main( int argc, const char *argv[] )
                                {
                                        if(( ! argv[i][n + 1] ) && ( i + 1 < argc ))
                                        {
-                                               /* Ok, danach kommt ein Leerzeichen */
-                                               strncpy( NGIRCd_ConfFile, argv[i + 1], FNAME_LEN - 1 );
-                                               NGIRCd_ConfFile[FNAME_LEN - 1] = '\0';
+                                               /* Ok, next character is a blank */
+                                               strlcpy( NGIRCd_ConfFile, argv[i + 1], sizeof( NGIRCd_ConfFile ));
 
-                                               /* zum uebernaechsten Parameter */
+                                               /* go to the following parameter */
                                                i++; n = (LONG)strlen( argv[i] );
                                                ok = TRUE;
                                        }
@@ -185,11 +183,16 @@ main( int argc, const char *argv[] )
                                        ok = TRUE;
                                }
 #endif
+                               if( argv[i][n] == 't' )
+                               {
+                                       configtest = TRUE;
+                                       ok = TRUE;
+                               }
 
                                if( ! ok )
                                {
-                                       printf( "%s: invalid option \"-%c\"!\n", PACKAGE, argv[i][n] );
-                                       printf( "Try \"%s --help\" for more information.\n", PACKAGE );
+                                       printf( "%s: invalid option \"-%c\"!\n", PACKAGE_NAME, argv[i][n] );
+                                       printf( "Try \"%s --help\" for more information.\n", PACKAGE_NAME );
                                        exit( 1 );
                                }
                        }
@@ -197,8 +200,8 @@ main( int argc, const char *argv[] )
                }
                if( ! ok )
                {
-                       printf( "%s: invalid option \"%s\"!\n", PACKAGE, argv[i] );
-                       printf( "Try \"%s --help\" for more information.\n", PACKAGE );
+                       printf( "%s: invalid option \"%s\"!\n", PACKAGE_NAME, argv[i] );
+                       printf( "Try \"%s --help\" for more information.\n", PACKAGE_NAME );
                        exit( 1 );
                }
        }
@@ -223,8 +226,40 @@ main( int argc, const char *argv[] )
                exit( Conf_Test( ));
        }
        
-       while( ! NGIRCd_Quit )
+       while( ! NGIRCd_SignalQuit )
        {
+               /* Initialize global variables */
+               NGIRCd_Start = time( NULL );
+               (VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
+
+               NGIRCd_SignalRehash = FALSE;
+               NGIRCd_SignalRestart = FALSE;
+               NGIRCd_SignalQuit = FALSE;
+
+               /* Initialize modules, part I */
+               Log_Init( );
+               Conf_Init( );
+
+               if( Conf_Chroot[0] )
+               {
+                       /* Chroot */
+                       if( chdir( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
+
+                       if( chroot( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Conf_Chroot, strerror( errno ));
+                       else Log( LOG_INFO, "Changed root and working directory to \"%s\".", Conf_Chroot );
+               }
+
+               if( Conf_GID != 0 )
+               {
+                       /* Set new group ID */
+                       if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
+               }
+               if( Conf_UID != 0 )
+               {
+                       /* Set new user ID */
+                       if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror( errno ));
+               }
+
                /* In der Regel wird ein Sub-Prozess ge-fork()'t, der
                 * nicht mehr mit dem Terminal verbunden ist. Mit der
                 * Option "--nodaemon" kann dies (z.B. zum Debuggen)
@@ -241,7 +276,7 @@ main( int argc, const char *argv[] )
                        if( pid < 0 )
                        {
                                /* Fehler */
-                               printf( "%s: Can't fork: %s!\nFatal error, exiting now ...\n", PACKAGE, strerror( errno ));
+                               printf( "%s: Can't fork: %s!\nFatal error, exiting now ...\n", PACKAGE_NAME, strerror( errno ));
                                exit( 1 );
                        }
 
@@ -249,44 +284,27 @@ main( int argc, const char *argv[] )
                        (VOID)setsid( );
                        chdir( "/" );
                }
-       
-               /* Globale Variablen initialisieren */
-               NGIRCd_Start = time( NULL );
-               (VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
-               NGIRCd_Restart = FALSE;
-               NGIRCd_Quit = FALSE;
 
-               /* Module initialisieren */
-               Log_Init( );
+               /* Initialize modules, part II: these functions are eventually
+                * called with already dropped privileges ... */
                Resolve_Init( );
-               Conf_Init( );
                Lists_Init( );
                Channel_Init( );
                Client_Init( );
+#ifdef RENDEZVOUS
+               Rendezvous_Init( );
+#endif
                Conn_Init( );
 
-               /* Wenn als root ausgefuehrt und eine andere UID
-                * konfiguriert ist, jetzt zu dieser wechseln */
-               if( getuid( ) == 0 )
-               {
-                       if( Conf_GID != 0 )
-                       {
-                               /* Neue Group-ID setzen */
-                               if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change Group-ID to %u: %s", Conf_GID, strerror( errno ));
-                       }
-                       if( Conf_UID != 0 )
-                       {
-                               /* Neue User-ID setzen */
-                               if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change User-ID to %u: %s", Conf_UID, strerror( errno ));
-                       }
-               }
-               
-               /* User, Gruppe und Prozess-ID des Daemon ausgeben */
+               /* Show user, group, and PID of the running daemon */
                pwd = getpwuid( getuid( )); grp = getgrgid( getgid( ));
                Log( LOG_INFO, "Running as user %s(%ld), group %s(%ld), with PID %ld.", pwd ? pwd->pw_name : "unknown", (LONG)getuid( ), grp ? grp->gr_name : "unknown", (LONG)getgid( ), (LONG)getpid( ));
 
-               /* stderr in "Error-File" umlenken */
-               Log_InitErrorfile( );
+               /* Redirect stderr handle to "error file" for debugging.
+                * But don't try to write in the chroot jail, since it's more 
+                * secure to have a chroot dir not writable by the daemon.
+                */
+               if( ! Conf_Chroot[0] ) Log_InitErrorfile( );
 
                /* Signal-Handler initialisieren */
                Initialize_Signal_Handler( );
@@ -295,25 +313,39 @@ main( int argc, const char *argv[] )
                 * beim PASS-Befehl verwendete Syntax sowie die erweiterten Flags
                 * sind in doc/Protocol.txt beschrieben. */
 #ifdef IRCPLUS
-               sprintf( NGIRCd_ProtoID, "%s%s %s|%s:%s", PROTOVER, PROTOIRCPLUS, PACKAGE, VERSION, IRCPLUSFLAGS );
+               sprintf( NGIRCd_ProtoID, "%s%s %s|%s:%s", PROTOVER, PROTOIRCPLUS, PACKAGE_NAME, PACKAGE_VERSION, IRCPLUSFLAGS );
+#ifdef ZLIB
+               strcat( NGIRCd_ProtoID, "Z" );
+#endif
                if( Conf_OperCanMode ) strcat( NGIRCd_ProtoID, "o" );
 #else
-               sprintf( NGIRCd_ProtoID, "%s%s %s|%s", PROTOVER, PROTOIRC, PACKAGE, VERSION );
+               sprintf( NGIRCd_ProtoID, "%s%s %s|%s", PROTOVER, PROTOIRC, PACKAGE_NAME, PACKAGE_VERSION );
 #endif
                strcat( NGIRCd_ProtoID, " P" );
+#ifdef ZLIB
+               strcat( NGIRCd_ProtoID, "Z" );
+#endif
                Log( LOG_DEBUG, "Protocol and server ID is \"%s\".", NGIRCd_ProtoID );
 
                /* Vordefinierte Channels anlegen */
                Channel_InitPredefined( );
 
                /* Listen-Ports initialisieren */
-               Initialize_Listen_Ports( );
-
+               if( Conn_InitListeners( ) < 1 )
+               {
+                       Log( LOG_ALERT, "Server isn't listening on a single port!" );
+                       Log( LOG_ALERT, "%s exiting due to fatal errors!", PACKAGE_NAME );
+                       exit( 1 );
+               }
+               
                /* Hauptschleife */
                Conn_Handler( );
 
                /* Alles abmelden */
                Conn_Exit( );
+#ifdef RENDEZVOUS
+               Rendezvous_Exit( );
+#endif
                Client_Exit( );
                Channel_Exit( );
                Lists_Exit( );
@@ -330,9 +362,9 @@ NGIRCd_Version( VOID )
        STATIC CHAR version[126];
        
 #ifdef CVSDATE
-       sprintf( version, "%s %s(%s)-%s", PACKAGE, VERSION, CVSDATE, NGIRCd_VersionAddition( ));
+       sprintf( version, "%s %s(%s)-%s", PACKAGE_NAME, PACKAGE_VERSION, CVSDATE, NGIRCd_VersionAddition( ));
 #else
-       sprintf( version, "%s %s-%s", PACKAGE, VERSION, NGIRCd_VersionAddition( ));
+       sprintf( version, "%s %s-%s", PACKAGE_NAME, PACKAGE_VERSION, NGIRCd_VersionAddition( ));
 #endif
        return version;
 } /* NGIRCd_Version */
@@ -341,14 +373,30 @@ NGIRCd_Version( VOID )
 GLOBAL CHAR *
 NGIRCd_VersionAddition( VOID )
 {
-       STATIC CHAR txt[64];
+       STATIC CHAR txt[200];
 
        strcpy( txt, "" );
 
-#ifdef USE_SYSLOG
+#ifdef SYSLOG
        if( txt[0] ) strcat( txt, "+" );
        strcat( txt, "SYSLOG" );
 #endif
+#ifdef ZLIB
+       if( txt[0] ) strcat( txt, "+" );
+       strcat( txt, "ZLIB" );
+#endif
+#ifdef TCPWRAP
+       if( txt[0] ) strcat( txt, "+" );
+       strcat( txt, "TCPWRAP" );
+#endif
+#ifdef RENDEZVOUS
+       if( txt[0] ) strcat( txt, "+" );
+       strcat( txt, "RENDEZVOUS" );
+#endif
+#ifdef IDENTAUTH
+       if( txt[0] ) strcat( txt, "+" );
+       strcat( txt, "IDENT" );
+#endif
 #ifdef DEBUG
        if( txt[0] ) strcat( txt, "+" );
        strcat( txt, "DEBUG" );
@@ -366,17 +414,54 @@ NGIRCd_VersionAddition( VOID )
        strcat( txt, "IRCPLUS" );
 #endif
        
-       if( txt[0] ) strcat( txt, "-" );
-       strcat( txt, TARGET_CPU );
-       strcat( txt, "/" );
-       strcat( txt, TARGET_VENDOR );
-       strcat( txt, "/" );
-       strcat( txt, TARGET_OS );
+       if( txt[0] ) strlcat( txt, "-", sizeof( txt ));
+       strlcat( txt, TARGET_CPU, sizeof( txt ));
+       strlcat( txt, "/", sizeof( txt ));
+       strlcat( txt, TARGET_VENDOR, sizeof( txt ));
+       strlcat( txt, "/", sizeof( txt ));
+       strlcat( txt, TARGET_OS, sizeof( txt ));
 
        return txt;
 } /* NGIRCd_VersionAddition */
 
 
+GLOBAL VOID
+NGIRCd_Rehash( VOID )
+{
+       CHAR old_name[CLIENT_ID_LEN];
+
+       Log( LOG_NOTICE|LOG_snotice, "Re-reading configuration NOW!" );
+       NGIRCd_SignalRehash = FALSE;
+
+       /* Close down all listening sockets */
+       Conn_ExitListeners( );
+
+       /* Remember old server name */
+       strcpy( old_name, Conf_ServerName );
+
+       /* Re-read configuration ... */
+       Conf_Rehash( );
+
+       /* Recover old server name: it can't be changed during run-time */
+       if( strcmp( old_name, Conf_ServerName ) != 0 )
+       {
+               strcpy( Conf_ServerName, old_name );
+               Log( LOG_ERR, "Can't change \"ServerName\" on runtime! Ignored new name." );
+       }
+
+       /* Create new pre-defined channels */
+       Channel_InitPredefined( );
+       
+       /* Start listening on sockets */
+       Conn_InitListeners( );
+
+       /* Sync configuration with established connections */
+       Conn_SyncServerStruct( );
+
+       Log( LOG_NOTICE|LOG_snotice, "Re-reading of configuration done." );
+} /* NGIRCd_Rehash */
+
+
 LOCAL VOID
 Initialize_Signal_Handler( VOID )
 {
@@ -437,56 +522,30 @@ Signal_Handler( INT Signal )
                case SIGINT:
                case SIGQUIT:
                        /* wir soll(t)en uns wohl beenden ... */
-                       if( Signal == SIGTERM ) Log( LOG_WARNING, "Got TERM signal, terminating now ..." );
-                       else if( Signal == SIGINT ) Log( LOG_WARNING, "Got INT signal, terminating now ..." );
-                       else if( Signal == SIGQUIT ) Log( LOG_WARNING, "Got QUIT signal, terminating now ..." );
-                       NGIRCd_Quit = TRUE;
+                       NGIRCd_SignalQuit = TRUE;
                        break;
                case SIGHUP:
-                       /* neu starten */
-                       Log( LOG_WARNING, "Got HUP signal, restarting now ..." );
-                       NGIRCd_Restart = TRUE;
+                       /* Konfiguration neu einlesen: */
+                       NGIRCd_SignalRehash = TRUE;
                        break;
                case SIGCHLD:
                        /* Child-Prozess wurde beendet. Zombies vermeiden: */
                        while( waitpid( -1, NULL, WNOHANG ) > 0);
                        break;
+#ifdef DEBUG
                default:
                        /* unbekanntes bzw. unbehandeltes Signal */
-                       Log( LOG_NOTICE, "Got signal %d! Ignored.", Signal );
+                       Log( LOG_DEBUG, "Got signal %d! Ignored.", Signal );
+#endif
        }
 } /* Signal_Handler */
 
 
-LOCAL VOID
-Initialize_Listen_Ports( VOID )
-{
-       /* Ports, auf denen der Server Verbindungen entgegennehmen
-        * soll, initialisieren */
-       
-       INT created, i;
-
-       created = 0;
-       for( i = 0; i < Conf_ListenPorts_Count; i++ )
-       {
-               if( Conn_NewListener( Conf_ListenPorts[i] )) created++;
-               else Log( LOG_ERR, "Can't listen on port %u!", Conf_ListenPorts[i] );
-       }
-
-       if( created < 1 )
-       {
-               Log( LOG_ALERT, "Server isn't listening on a single port!" );
-               Log( LOG_ALERT, "%s exiting due to fatal errors!", PACKAGE );
-               exit( 1 );
-       }
-} /* Initialize_Listen_Ports */
-
-
 LOCAL VOID
 Show_Version( VOID )
 {
        puts( NGIRCd_Version( ));
-       puts( "Copyright (c)2001,2002 by Alexander Barton (<alex@barton.de>)." );
+       puts( "Copyright (c)2001-2004 by Alexander Barton (<alex@barton.de>)." );
        puts( "Homepage: <http://arthur.ath.cx/~alex/ngircd/>\n" );
        puts( "This is free software; see the source for copying conditions. There is NO" );
        puts( "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." );
@@ -500,12 +559,12 @@ Show_Help( VOID )
        puts( "  -d, --debug        log extra debug messages" );
 #endif
        puts( "  -f, --config <f>   use file <f> as configuration file" );
-        puts( "  -n, --nodaemon     don't fork and don't detatch from controlling terminal" );
+        puts( "  -n, --nodaemon     don't fork and don't detach from controlling terminal" );
         puts( "  -p, --passive      disable automatic connections to other servers" );
 #ifdef SNIFFER
        puts( "  -s, --sniffer      enable network sniffer and display all IRC traffic" );
 #endif
-       puts( "      --configtest   read, validate and display configuration; then exit" );
+       puts( "  -t, --configtest   read, validate and display configuration; then exit" );
        puts( "      --version      output version information and exit" );
        puts( "      --help         display this help and exit" );
 } /* Show_Help */