1 /*
2 * stunnel TLS offloading and load-balancing proxy
3 * Copyright (C) 1998-2021 Michal Trojnara <Michal.Trojnara@stunnel.org>
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 * See the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, see <http://www.gnu.org/licenses>.
17 *
18 * Linking stunnel statically or dynamically with other modules is making
19 * a combined work based on stunnel. Thus, the terms and conditions of
20 * the GNU General Public License cover the whole combination.
21 *
22 * In addition, as a special exception, the copyright holder of stunnel
23 * gives you permission to combine stunnel with free software programs or
24 * libraries that are released under the GNU LGPL and with code included
25 * in the standard release of OpenSSL under the OpenSSL License (or
26 * modified versions of such code, with unchanged license). You may copy
27 * and distribute such a system following the terms of the GNU GPL for
28 * stunnel and the licenses of the other code concerned.
29 *
30 * Note that people who make modified versions of stunnel are not obligated
31 * to grant this special exception for their modified versions; it is their
32 * choice whether to do so. The GNU General Public License gives permission
33 * to release a modified version without this exception; this exception
34 * also makes it possible to release a modified version which carries
35 * forward this exception.
36 */
37
38 #include "common.h"
39 #include "prototypes.h"
40
41 NOEXPORT int main_unix(int, char*[]);
42 #if !defined(__vms) && !defined(USE_OS2)
43 NOEXPORT int daemonize(int);
44 NOEXPORT int create_pid(void);
45 NOEXPORT void delete_pid(void);
46 #endif
47 #ifndef USE_OS2
48 NOEXPORT void signal_handler(int);
49 #endif
50
main(int argc,char * argv[])51 int main(int argc, char* argv[]) { /* execution begins here 8-) */
52 int retval;
53
54 #ifdef M_MMAP_THRESHOLD
55 mallopt(M_MMAP_THRESHOLD, 4096);
56 #endif
57 tls_init(); /* initialize thread-local storage */
58 retval=main_unix(argc, argv);
59 main_cleanup();
60 return retval;
61 }
62
main_unix(int argc,char * argv[])63 NOEXPORT int main_unix(int argc, char* argv[]) {
64 int configure_status;
65
66 #if !defined(__vms) && !defined(USE_OS2)
67 int fd;
68
69 fd=open("/dev/null", O_RDWR); /* open /dev/null before chroot */
70 if(fd==INVALID_SOCKET)
71 fatal("Could not open /dev/null");
72 #endif
73 main_init();
74 configure_status=main_configure(argc>1 ? argv[1] : NULL,
75 argc>2 ? argv[2] : NULL);
76 switch(configure_status) {
77 case 1: /* error -> exit with 1 to indicate error */
78 close(fd);
79 return 1;
80 case 2: /* information printed -> exit with 0 to indicate success */
81 close(fd);
82 return 0;
83 }
84 if(service_options.next) { /* there are service sections -> daemon mode */
85 #if !defined(__vms) && !defined(USE_OS2)
86 if(daemonize(fd)) {
87 close(fd);
88 return 1;
89 }
90 close(fd);
91 /* create_pid() must be called after drop_privileges()
92 * or it won't be possible to remove the file on exit */
93 /* create_pid() must be called after daemonize()
94 * since the final pid is not known beforehand */
95 if(create_pid())
96 return 1;
97 #endif
98 #ifndef USE_OS2
99 signal(SIGCHLD, signal_handler); /* handle dead children */
100 signal(SIGHUP, signal_handler); /* configuration reload */
101 signal(SIGUSR1, signal_handler); /* log reopen */
102 signal(SIGUSR2, signal_handler); /* connections */
103 signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */
104 if(signal(SIGTERM, SIG_IGN)!=SIG_IGN)
105 signal(SIGTERM, signal_handler); /* fatal */
106 if(signal(SIGQUIT, SIG_IGN)!=SIG_IGN)
107 signal(SIGQUIT, signal_handler); /* fatal */
108 if(signal(SIGINT, SIG_IGN)!=SIG_IGN)
109 signal(SIGINT, signal_handler); /* fatal */
110 #endif
111 #ifdef USE_FORK
112 setpgid(0, 0); /* create a new process group if needed */
113 #endif
114 daemon_loop();
115 #ifdef USE_FORK
116 s_log(LOG_NOTICE, "Terminating service processes");
117 signal(SIGCHLD, SIG_IGN);
118 signal(SIGTERM, SIG_IGN);
119 kill(0, SIGTERM); /* kill the whole process group */
120 while(wait(NULL)!=-1)
121 ;
122 s_log(LOG_NOTICE, "Service processes terminated");
123 #endif
124 #if !defined(__vms) && !defined(USE_OS2)
125 delete_pid();
126 #endif /* standard Unix */
127 } else { /* inetd mode */
128 CLI *c;
129 #if !defined(__vms) && !defined(USE_OS2)
130 close(fd);
131 #endif /* standard Unix */
132 #ifndef USE_OS2
133 signal(SIGCHLD, SIG_IGN); /* ignore dead children */
134 signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */
135 #endif
136 set_nonblock(0, 1); /* stdin */
137 set_nonblock(1, 1); /* stdout */
138 c=alloc_client_session(&service_options, 0, 1);
139 tls_alloc(c, ui_tls, NULL);
140 service_up_ref(&service_options);
141 client_main(c);
142 client_free(c);
143 }
144 return 0;
145 }
146
147 #ifndef USE_OS2
signal_handler(int sig)148 NOEXPORT void signal_handler(int sig) {
149 int saved_errno;
150
151 saved_errno=errno;
152 signal_post((uint8_t)sig);
153 signal(sig, signal_handler);
154 errno=saved_errno;
155 }
156 #endif
157
158 #if !defined(__vms) && !defined(USE_OS2)
159
daemonize(int fd)160 NOEXPORT int daemonize(int fd) { /* go to background */
161 if(global_options.option.foreground)
162 return 0;
163 dup2(fd, 0);
164 dup2(fd, 1);
165 dup2(fd, 2);
166 #if defined(HAVE_DAEMON) && !defined(__BEOS__)
167 /* set noclose option when calling daemon() function,
168 * so it does not require /dev/null device in the chrooted directory */
169 if(daemon(0, 1)==-1) {
170 ioerror("daemon");
171 return 1;
172 }
173 #else
174 chdir("/");
175 switch(fork()) {
176 case -1: /* fork failed */
177 ioerror("fork");
178 return 1;
179 case 0: /* child */
180 break;
181 default: /* parent */
182 exit(0);
183 }
184 #endif
185 tls_alloc(NULL, ui_tls, "main"); /* reuse thread-local storage */
186 #ifdef HAVE_SETSID
187 setsid(); /* ignore the error */
188 #endif
189 return 0;
190 }
191
create_pid(void)192 NOEXPORT int create_pid(void) {
193 int pf;
194 char *pid;
195
196 if(!global_options.pidfile) {
197 s_log(LOG_DEBUG, "No pid file being created");
198 return 0;
199 }
200
201 /* silently remove the old pid file */
202 unlink(global_options.pidfile);
203
204 /* create a new pid file */
205 pf=open(global_options.pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644);
206 if(pf==-1) {
207 s_log(LOG_ERR, "Cannot create pid file %s", global_options.pidfile);
208 ioerror("create");
209 return 1;
210 }
211 pid=str_printf("%lu\n", (unsigned long)getpid());
212 if(write(pf, pid, strlen(pid))<(int)strlen(pid)) {
213 s_log(LOG_ERR, "Cannot write pid file %s", global_options.pidfile);
214 ioerror("write");
215 return 1;
216 }
217 str_free(pid);
218 close(pf);
219 s_log(LOG_DEBUG, "Created pid file %s", global_options.pidfile);
220 return 0;
221 }
222
delete_pid(void)223 NOEXPORT void delete_pid(void) {
224 if(global_options.pidfile) {
225 if(unlink(global_options.pidfile)<0)
226 ioerror(global_options.pidfile); /* not critical */
227 else
228 s_log(LOG_DEBUG, "Removed pid file %s", global_options.pidfile);
229 } else {
230 s_log(LOG_DEBUG, "No pid file to remove");
231 }
232 }
233
234 #endif /* standard Unix */
235
236 /**************************************** options callbacks */
237
ui_config_reloaded(void)238 void ui_config_reloaded(void) {
239 /* no action */
240 }
241
242 #ifdef ICON_IMAGE
243
load_icon_default(ICON_TYPE icon)244 ICON_IMAGE load_icon_default(ICON_TYPE icon) {
245 (void)icon; /* squash the unused parameter warning */
246 return (ICON_IMAGE)0;
247 }
248
load_icon_file(const char * file)249 ICON_IMAGE load_icon_file(const char *file) {
250 (void)file; /* squash the unused parameter warning */
251 return (ICON_IMAGE)0;
252 }
253
254 #endif
255
256 /**************************************** client callbacks */
257
ui_new_chain(const unsigned section_number)258 void ui_new_chain(const unsigned section_number) {
259 (void)section_number; /* squash the unused parameter warning */
260 }
261
ui_clients(const long num)262 void ui_clients(const long num) {
263 (void)num; /* squash the unused parameter warning */
264 }
265
266 /**************************************** s_log callbacks */
267
ui_new_log(const char * line)268 void ui_new_log(const char *line) {
269 fprintf(stderr, "%s\n", line);
270 }
271
272 /**************************************** ctx callbacks */
273
ui_passwd_cb(char * buf,int size,int rwflag,void * userdata)274 int ui_passwd_cb(char *buf, int size, int rwflag, void *userdata) {
275 return PEM_def_callback(buf, size, rwflag, userdata);
276 }
277
278 #ifndef OPENSSL_NO_ENGINE
279
ui_get_opener()280 int (*ui_get_opener()) (UI *) {
281 return UI_method_get_opener(UI_OpenSSL());
282 }
283
ui_get_writer()284 int (*ui_get_writer()) (UI *, UI_STRING *) {
285 return UI_method_get_writer(UI_OpenSSL());
286 }
287
ui_get_reader()288 int (*ui_get_reader()) (UI *, UI_STRING *) {
289 return UI_method_get_reader(UI_OpenSSL());
290 }
291
ui_get_closer()292 int (*ui_get_closer()) (UI *) {
293 return UI_method_get_closer(UI_OpenSSL());
294 }
295
296 #endif
297
298 /* end of ui_unix.c */
299