static void
sighup_handler(int sig)
{
-sig = sig; /* Keep picky compilers happy */
sighup_seen = TRUE;
signal(SIGHUP, sighup_handler);
}
static void
main_sigchld_handler(int sig)
{
-sig = sig; /* Keep picky compilers happy */
os_non_restarting_signal(SIGCHLD, SIG_DFL);
sigchld_seen = TRUE;
}
/*************************************************
*************************************************/
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+static void
+unlink_notifier_socket(void)
+{
+uschar * s = expand_string(notifier_socket);
+DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
+Uunlink(s);
+}
+#endif
+
+
static void
close_daemon_sockets(int daemon_notifier_fd,
int * listen_sockets, int listen_socket_count)
{
-if (daemon_notifier_fd >= 0) (void) close(daemon_notifier_fd);
+if (daemon_notifier_fd >= 0)
+ {
+ (void) close(daemon_notifier_fd);
+ daemon_notifier_fd = -1;
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+ unlink_notifier_socket();
+#endif
+ }
+
for (int i = 0; i < listen_socket_count; i++) (void) close(listen_sockets[i]);
}
this is in the daemon mainline, only fast expansions (such as inline address
checks) should be used. The documentation is full of warnings. */
-if (smtp_accept_max_per_host != NULL)
+if (smtp_accept_max_per_host)
{
uschar *expanded = expand_string(smtp_accept_max_per_host);
- if (expanded == NULL)
+ if (!expanded)
{
if (!f.expand_string_forcedfail)
log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
uschar *s = expanded;
while (isdigit(*s))
max_for_this_host = max_for_this_host * 10 + *s++ - '0';
- if (*s != 0)
+ if (*s)
log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
"for %s contains non-digit: %s", whofrom->s, expanded);
}
per host_address checks. Note that at this stage smtp_accept_count contains the
count of *other* connections, not including this one. */
-if ((max_for_this_host > 0) &&
- (smtp_accept_count >= max_for_this_host))
+if (max_for_this_host > 0 && smtp_accept_count >= max_for_this_host)
{
int host_accept_count = 0;
int other_host_count = 0; /* keep a count of non matches to optimise */
early, either by hitting the target, or finding there are not enough
connections left to make the target. */
- if ((host_accept_count >= max_for_this_host) ||
- ((smtp_accept_count - other_host_count) < max_for_this_host))
+ if ( host_accept_count >= max_for_this_host
+ || smtp_accept_count - other_host_count < max_for_this_host)
break;
}
log_write(L_connection_reject,
LOG_MAIN, "Connection from %s refused: too many connections "
"from that IP address", whofrom->s);
+ search_tidyup();
goto ERROR_RETURN;
}
}
}
if (message_id[0] == 0) continue; /* No message was accepted */
}
- else
+ else /* bad smtp_setup_msg() */
{
if (smtp_out)
{
{
pid_t dpid;
- /* Before forking, ensure that the C output buffer is flushed. Otherwise
- anything that it in it will get duplicated, leading to duplicate copies
- of the pending output. */
-
- mac_smtp_fflush();
+ /* We used to flush smtp_out before forking so that buffered data was not
+ duplicated, but now we want to pipeline the responses for data and quit.
+ Instead, hard-close the fd underlying smtp_out right after fork to discard
+ the data buffer. */
if ((dpid = exim_fork(US"daemon-accept-delivery")) == 0)
{
(void)fclose(smtp_in);
+ (void)close(fileno(smtp_out));
(void)fclose(smtp_out);
/* Don't ever molest the parent's SSL connection, but do clean up
if (!*pid_file_path)
pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
+
+if (pid_file_path[0] != '/')
+ log_write(0, LOG_PANIC_DIE, "pid file path %s must be absolute\n", pid_file_path);
}
}
else
DEBUG(D_any)
- debug_printf("%s\n", string_open_failed(errno, "pid file %s",
- pid_file_path));
+ debug_printf("%s\n", string_open_failed("pid file %s", pid_file_path));
exim_exit(EXIT_SUCCESS);
}
{
int pid;
+DEBUG(D_any) debug_printf("SIGTERM seen\n");
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+tls_watch_invalidate();
+#endif
+
if (daemon_notifier_fd >= 0)
{
close(daemon_notifier_fd);
daemon_notifier_fd = -1;
#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
- {
- uschar * s = expand_string(notifier_socket);
- DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
- Uunlink(s);
- }
+ unlink_notifier_socket();
#endif
}
struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
int len;
+if (!notifier_socket || !*notifier_socket)
+ {
+ DEBUG(D_any) debug_printf("-oY used so not creating notifier socket\n");
+ return;
+ }
if (override_local_interfaces && !override_pid_file_path)
{
DEBUG(D_any)
DEBUG(D_any) debug_printf(" @%s\n", sa_un.sun_path+1);
#else /* filesystem-visible and persistent; will neeed removal */
len = offsetof(struct sockaddr_un, sun_path)
- + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s",
+ + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s",
expand_string(notifier_socket));
DEBUG(D_any) debug_printf(" %s\n", sa_un.sun_path);
#endif
buf[sz] = 0;
switch (buf[0])
{
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
case NOTIFY_MSG_QRUN:
/* this should be a message_id */
DEBUG(D_queue_run)
debug_printf("%s: qrunner trigger: %s\n", __FUNCTION__, buf+1);
memcpy(queuerun_msgid, buf+1, MESSAGE_ID_LENGTH+1);
return TRUE;
-#endif /*EXPERIMENTAL_QUEUE_RAMP*/
+#endif
case NOTIFY_QUEUE_SIZE_REQ:
{
list = tls_in.on_connect_ports;
sep = 0;
+ /* the list isn't expanded so cannot be tainted. If it ever is we will trap here */
while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (!isdigit(*s))
{
}
else
DEBUG(D_any)
- debug_printf("%s\n", string_open_failed(errno, "pid file %s",
- pid_file_path));
+ debug_printf("%s\n", string_open_failed("pid file %s", pid_file_path));
}
/* Set up the handler for SIGHUP, which causes a restart of the daemon. */
#ifdef SUPPORT_SPF
spf_init();
#endif
+#ifndef DISABLE_TLS
+tls_daemon_init();
+#endif
/* Close the log so it can be renamed and moved. In the few cases below where
this long-running process writes to the log (always exceptional conditions), it
else
{
DEBUG(D_any) debug_printf("%s received\n",
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
*queuerun_msgid ? "qrun notification" :
#endif
"SIGALRM");
*p++ = '-';
*p++ = 'q';
if ( f.queue_2stage
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
&& !*queuerun_msgid
#endif
) *p++ = 'q';
extra[0] = *queue_name
? string_sprintf("%sG%s", opt, queue_name) : opt;
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
if (*queuerun_msgid)
{
log_write(0, LOG_MAIN, "notify triggered queue run");
/* No need to re-exec; SIGALRM remains set to the default handler */
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
if (*queuerun_msgid)
{
log_write(0, LOG_MAIN, "notify triggered queue run");
/* Reset the alarm clock */
sigalrm_seen = FALSE;
-#ifdef EXPERIMENTAL_QUEUE_RAMP
+#ifndef DISABLE_QUEUE_RAMP
if (*queuerun_msgid)
*queuerun_msgid = 0;
else
if (f.daemon_listen)
{
- int lcount, select_errno;
+ int lcount;
int max_socket = 0;
BOOL select_failed = FALSE;
fd_set select_listen;
FD_ZERO(&select_listen);
+#ifndef DISABLE_TLS
+ if (tls_watch_fd >= 0)
+ {
+ FD_SET(tls_watch_fd, &select_listen);
+ if (tls_watch_fd > max_socket) max_socket = tls_watch_fd;
+ }
+#endif
if (daemon_notifier_fd >= 0)
+ {
FD_SET(daemon_notifier_fd, &select_listen);
+ if (daemon_notifier_fd > max_socket) max_socket = daemon_notifier_fd;
+ }
for (int sk = 0; sk < listen_socket_count; sk++)
{
FD_SET(listen_sockets[sk], &select_listen);
old one had just finished. Preserve the errno from any select() failure for
the use of the common select/accept error processing below. */
- select_errno = errno;
- handle_ending_processes();
- errno = select_errno;
+ {
+ int select_errno = errno;
+ handle_ending_processes();
#ifndef DISABLE_TLS
- /* Create or rotate any required keys */
- tls_daemon_init();
+ /* Create or rotate any required keys; handle (delayed) filewatch event */
+ tls_daemon_tick();
#endif
+ errno = select_errno;
+ }
/* Loop for all the sockets that are currently ready to go. If select
actually failed, we have set the count to 1 and select_failed=TRUE, so as
if (!select_failed)
{
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+ if (tls_watch_fd >= 0 && FD_ISSET(tls_watch_fd, &select_listen))
+ {
+ FD_CLR(tls_watch_fd, &select_listen);
+ tls_watch_trigger_time = time(NULL); /* Set up delayed event */
+ tls_watch_discard_event(tls_watch_fd);
+ break; /* to top of daemon loop */
+ }
+#endif
if ( daemon_notifier_fd >= 0
&& FD_ISSET(daemon_notifier_fd, &select_listen))
{
accept_retry_errno = errno;
accept_retry_select_failed = select_failed;
}
- else
- {
- if (errno != accept_retry_errno ||
- select_failed != accept_retry_select_failed ||
- accept_retry_count >= 50)
+ else if ( errno != accept_retry_errno
+ || select_failed != accept_retry_select_failed
+ || accept_retry_count >= 50)
{
- log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0),
+ log_write(0, LOG_MAIN | (accept_retry_count >= 50 ? LOG_PANIC : 0),
"%d %s() failure%s: %s",
accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
strerror(accept_retry_errno));
log_close_all();
accept_retry_count = 0;
accept_retry_errno = errno;
accept_retry_select_failed = select_failed;
}
- }
accept_retry_count++;
}
-
- else
- {
- if (accept_retry_count > 0)
- {
- log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
- accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
- strerror(accept_retry_errno));
- log_close_all();
- accept_retry_count = 0;
- }
- }
+ else if (accept_retry_count > 0)
+ {
+ log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
+ accept_retry_count,
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
+ strerror(accept_retry_errno));
+ log_close_all();
+ accept_retry_count = 0;
+ }
/* If select/accept succeeded, deal with the connection. */
if (accept_socket >= 0)
{
+#ifdef TCP_QUICKACK /* Avoid pure-ACKs while in tls protocol pingpong phase */
+ /* Unfortunately we cannot be certain to do this before a TLS-on-connect
+ Client Hello arrives and is acked. We do it as early as possible. */
+ (void) setsockopt(accept_socket, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
if (inetd_wait_timeout)
last_connection_time = time(NULL);
handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,
git://git.exim.org / exim.git / blobdiff