* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
/* Functions concerned with running Exim as a daemon */
static SIGNAL_BOOL sigchld_seen;
static SIGNAL_BOOL sighup_seen;
+static SIGNAL_BOOL sigterm_seen;
static int accept_retry_count = 0;
static int accept_retry_errno;
static void
sighup_handler(int sig)
{
-sig = sig; /* Keep picky compilers happy */
sighup_seen = TRUE;
signal(SIGHUP, sighup_handler);
}
static void
main_sigchld_handler(int sig)
{
-sig = sig; /* Keep picky compilers happy */
os_non_restarting_signal(SIGCHLD, SIG_DFL);
sigchld_seen = TRUE;
}
+/* SIGTERM handler. Try to get the daemon pid file removed
+before exiting. */
+
+static void
+main_sigterm_handler(int sig)
+{
+sigterm_seen = TRUE;
+}
+
+
/*************************************************
+/*************************************************
+*************************************************/
+
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+static void
+unlink_notifier_socket(void)
+{
+uschar * s = expand_string(notifier_socket);
+DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
+Uunlink(s);
+}
+#endif
+
+
+static void
+close_daemon_sockets(int daemon_notifier_fd,
+ struct pollfd * fd_polls, int listen_socket_count)
+{
+if (daemon_notifier_fd >= 0)
+ {
+ (void) close(daemon_notifier_fd);
+ daemon_notifier_fd = -1;
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+ unlink_notifier_socket();
+#endif
+ }
+
+for (int i = 0; i < listen_socket_count; i++) (void) close(fd_polls[i].fd);
+}
+
+
/*************************************************
* Handle a connected SMTP call *
*************************************************/
leak store in this process - reset the stacking pool at the end.
Arguments:
- listen_sockets sockets which are listening for incoming calls
+ fd_polls sockets which are listening for incoming calls
listen_socket_count count of listening sockets
accept_socket socket of the current accepted call
accepted socket information about the current call
*/
static void
-handle_smtp_call(int *listen_sockets, int listen_socket_count,
+handle_smtp_call(struct pollfd *fd_polls, int listen_socket_count,
int accept_socket, struct sockaddr *accepted)
{
pid_t pid;
if (smtp_load_reserve >= 0)
{
load_average = OS_GETLOADAVG();
- if (smtp_reserve_hosts == NULL && load_average > smtp_load_reserve)
+ if (!smtp_reserve_hosts && load_average > smtp_load_reserve)
{
DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n",
(double)load_average/1000.0);
this is in the daemon mainline, only fast expansions (such as inline address
checks) should be used. The documentation is full of warnings. */
-if (smtp_accept_max_per_host != NULL)
+if (smtp_accept_max_per_host)
{
uschar *expanded = expand_string(smtp_accept_max_per_host);
- if (expanded == NULL)
+ if (!expanded)
{
if (!f.expand_string_forcedfail)
log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
uschar *s = expanded;
while (isdigit(*s))
max_for_this_host = max_for_this_host * 10 + *s++ - '0';
- if (*s != 0)
+ if (*s)
log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
"for %s contains non-digit: %s", whofrom->s, expanded);
}
per host_address checks. Note that at this stage smtp_accept_count contains the
count of *other* connections, not including this one. */
-if ((max_for_this_host > 0) &&
- (smtp_accept_count >= max_for_this_host))
+if (max_for_this_host > 0 && smtp_accept_count >= max_for_this_host)
{
int host_accept_count = 0;
int other_host_count = 0; /* keep a count of non matches to optimise */
early, either by hitting the target, or finding there are not enough
connections left to make the target. */
- if ((host_accept_count >= max_for_this_host) ||
- ((smtp_accept_count - other_host_count) < max_for_this_host))
+ if ( host_accept_count >= max_for_this_host
+ || smtp_accept_count - other_host_count < max_for_this_host)
break;
}
log_write(L_connection_reject,
LOG_MAIN, "Connection from %s refused: too many connections "
"from that IP address", whofrom->s);
+ search_tidyup();
goto ERROR_RETURN;
}
}
{
uschar *list = hosts_connection_nolog;
memset(sender_host_cache, 0, sizeof(sender_host_cache));
- if (list != NULL && verify_check_host(&list) == OK)
+ if (list && verify_check_host(&list) == OK)
save_log_selector &= ~L_smtp_connection;
else
log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s "
expansion above did a lookup. */
search_tidyup();
-pid = fork();
+pid = exim_fork(US"daemon-accept");
/* Handle the child process */
if (pid == 0)
{
- int i;
int queue_only_reason = 0;
int old_pool = store_pool;
int save_debug_selector = debug_selector;
BOOL local_queue_only;
BOOL session_local_queue_only;
- #ifdef SA_NOCLDWAIT
+#ifdef SA_NOCLDWAIT
struct sigaction act;
- #endif
+#endif
smtp_accept_count++; /* So that it includes this process */
+ /* If the listen backlog was over the monitoring level, log it. */
+
+ if (smtp_listen_backlog > smtp_backlog_monitor)
+ log_write(0, LOG_MAIN, "listen backlog %d I=[%s]:%d",
+ smtp_listen_backlog, interface_address, interface_port);
+
/* May have been modified for the subprocess */
*log_selector = save_log_selector;
extensive comment before the reception loop in exim.c for a fuller
explanation of this logic. */
- for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
+ close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count);
/* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
to be able to communicate with them, under any circumstances. */
(void)fcntl(dup_accept_socket, F_SETFD,
fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
- #ifdef SA_NOCLDWAIT
+#ifdef SA_NOCLDWAIT
act.sa_handler = SIG_IGN;
sigemptyset(&(act.sa_mask));
act.sa_flags = SA_NOCLDWAIT;
sigaction(SIGCHLD, &act, NULL);
- #else
+#else
signal(SIGCHLD, SIG_IGN);
- #endif
+#endif
+ signal(SIGTERM, SIG_DFL);
+ signal(SIGINT, SIG_DFL);
/* Attempt to get an id from the sending machine via the RFC 1413
protocol. We do this in the sub-process in order not to hold up the
}
if (message_id[0] == 0) continue; /* No message was accepted */
}
- else
+ else /* bad smtp_setup_msg() */
{
if (smtp_out)
{
If we are not root, we have to re-exec exim unless deliveries are being
done unprivileged. */
- else if (!f.queue_only_policy && !f.deliver_freeze)
+ else if ( (!f.queue_only_policy || f.queue_smtp)
+ && !f.deliver_freeze)
{
pid_t dpid;
- /* Before forking, ensure that the C output buffer is flushed. Otherwise
- anything that it in it will get duplicated, leading to duplicate copies
- of the pending output. */
-
- mac_smtp_fflush();
+ /* We used to flush smtp_out before forking so that buffered data was not
+ duplicated, but now we want to pipeline the responses for data and quit.
+ Instead, hard-close the fd underlying smtp_out right after fork to discard
+ the data buffer. */
- if ((dpid = fork()) == 0)
+ if ((dpid = exim_fork(US"daemon-accept-delivery")) == 0)
{
(void)fclose(smtp_in);
+ (void)close(fileno(smtp_out));
(void)fclose(smtp_out);
+ smtp_in = smtp_out = NULL;
/* Don't ever molest the parent's SSL connection, but do clean up
the data structures if necessary. */
signal(SIGHUP, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+ signal(SIGINT, SIG_DFL);
if (geteuid() != root_uid && !deliver_drop_privilege)
{
the incoming host address and an expanded active_hostname. */
log_close_all();
-interface_address =
-sender_host_address = NULL;
+interface_address = sender_host_name = sender_host_address = NULL;
store_reset(reset_point);
-sender_host_address = NULL;
}
}
+static void
+set_pid_file_path(void)
+{
+if (override_pid_file_path)
+ pid_file_path = override_pid_file_path;
+
+if (!*pid_file_path)
+ pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
+
+if (pid_file_path[0] != '/')
+ log_write(0, LOG_PANIC_DIE, "pid file path %s must be absolute\n", pid_file_path);
+}
+
+
+enum pid_op { PID_WRITE, PID_CHECK, PID_DELETE };
+
+/* Do various pid file operations as safe as possible. Ideally we'd just
+drop the privileges for creation of the pid file and not care at all about removal of
+the file. FIXME.
+Returns: true on success, false + errno==EACCES otherwise
+*/
+
+static BOOL
+operate_on_pid_file(const enum pid_op operation, const pid_t pid)
+{
+char pid_line[sizeof(int) * 3 + 2];
+const int pid_len = snprintf(pid_line, sizeof(pid_line), "%d\n", (int)pid);
+BOOL lines_match = FALSE;
+uschar * path, * base, * dir;
+
+const int dir_flags = O_RDONLY | O_NONBLOCK;
+const int base_flags = O_NOFOLLOW | O_NONBLOCK;
+const mode_t base_mode = 0644;
+struct stat sb;
+int cwd_fd = -1, dir_fd = -1, base_fd = -1;
+BOOL success = FALSE;
+errno = EACCES;
+
+set_pid_file_path();
+if (!f.running_in_test_harness && real_uid != root_uid && real_uid != exim_uid) goto cleanup;
+if (pid_len < 2 || pid_len >= (int)sizeof(pid_line)) goto cleanup;
+
+path = string_copy(pid_file_path);
+if ((base = Ustrrchr(path, '/')) == NULL) /* should not happen, but who knows */
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid file path \"%s\" does not contain a '/'", pid_file_path);
+
+dir = base != path ? path : US"/";
+*base++ = '\0';
+
+if (!dir || !*dir || *dir != '/') goto cleanup;
+if (!base || !*base || Ustrchr(base, '/') != NULL) goto cleanup;
+
+cwd_fd = open(".", dir_flags);
+if (cwd_fd < 0 || fstat(cwd_fd, &sb) != 0 || !S_ISDIR(sb.st_mode)) goto cleanup;
+dir_fd = open(CS dir, dir_flags);
+if (dir_fd < 0 || fstat(dir_fd, &sb) != 0 || !S_ISDIR(sb.st_mode)) goto cleanup;
+
+/* emulate openat */
+if (fchdir(dir_fd) != 0) goto cleanup;
+base_fd = open(CS base, O_RDONLY | base_flags);
+if (fchdir(cwd_fd) != 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
+
+if (base_fd >= 0)
+ {
+ char line[sizeof(pid_line)];
+ ssize_t len = -1;
+
+ if (fstat(base_fd, &sb) != 0 || !S_ISREG(sb.st_mode)) goto cleanup;
+ if ((sb.st_mode & 07777) != base_mode || sb.st_nlink != 1) goto cleanup;
+ if (sb.st_size < 2 || sb.st_size >= (off_t)sizeof(line)) goto cleanup;
+
+ len = read(base_fd, line, sizeof(line));
+ if (len != (ssize_t)sb.st_size) goto cleanup;
+ line[len] = '\0';
+
+ if (strspn(line, "0123456789") != (size_t)len-1) goto cleanup;
+ if (line[len-1] != '\n') goto cleanup;
+ lines_match = len == pid_len && strcmp(line, pid_line) == 0;
+ }
+
+if (operation == PID_WRITE)
+ {
+ if (!lines_match)
+ {
+ if (base_fd >= 0)
+ {
+ int error = -1;
+ /* emulate unlinkat */
+ if (fchdir(dir_fd) != 0) goto cleanup;
+ error = unlink(CS base);
+ if (fchdir(cwd_fd) != 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
+ if (error) goto cleanup;
+ (void)close(base_fd);
+ base_fd = -1;
+ }
+ /* emulate openat */
+ if (fchdir(dir_fd) != 0) goto cleanup;
+ base_fd = open(CS base, O_WRONLY | O_CREAT | O_EXCL | base_flags, base_mode);
+ if (fchdir(cwd_fd) != 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
+ if (base_fd < 0) goto cleanup;
+ if (fchmod(base_fd, base_mode) != 0) goto cleanup;
+ if (write(base_fd, pid_line, pid_len) != pid_len) goto cleanup;
+ DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
+ }
+ }
+else
+ {
+ if (!lines_match) goto cleanup;
+ if (operation == PID_DELETE)
+ {
+ int error = -1;
+ /* emulate unlinkat */
+ if (fchdir(dir_fd) != 0) goto cleanup;
+ error = unlink(CS base);
+ if (fchdir(cwd_fd) != 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
+ if (error) goto cleanup;
+ }
+ }
+
+success = TRUE;
+errno = 0;
+
+cleanup:
+if (cwd_fd >= 0) (void)close(cwd_fd);
+if (dir_fd >= 0) (void)close(dir_fd);
+if (base_fd >= 0) (void)close(base_fd);
+return success;
+}
+
+
+/* Remove the daemon's pidfile. Note: runs with root privilege,
+as a direct child of the daemon. Does not return. */
+
+void
+delete_pid_file(void)
+{
+const BOOL success = operate_on_pid_file(PID_DELETE, getppid());
+
+DEBUG(D_any)
+ debug_printf("delete pid file %s %s: %s\n", pid_file_path,
+ success ? "success" : "failure", strerror(errno));
+
+exim_exit(EXIT_SUCCESS);
+}
+
+
+/* Called by the daemon; exec a child to get the pid file deleted
+since we may require privs for the containing directory */
+
+static void
+daemon_die(void)
+{
+int pid;
+
+DEBUG(D_any) debug_printf("SIGTERM/SIGINT seen\n");
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+tls_watch_invalidate();
+#endif
+
+if (daemon_notifier_fd >= 0)
+ {
+ close(daemon_notifier_fd);
+ daemon_notifier_fd = -1;
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+ unlink_notifier_socket();
+#endif
+ }
+
+if (f.running_in_test_harness || write_pid)
+ {
+ if ((pid = exim_fork(US"daemon-del-pidfile")) == 0)
+ {
+ if (override_pid_file_path)
+ (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 3,
+ "-oP", override_pid_file_path, "-oPX");
+ else
+ (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 1, "-oPX");
+
+ /* Control never returns here. */
+ }
+ if (pid > 0)
+ child_close(pid, 1);
+ }
+exim_exit(EXIT_SUCCESS);
+}
+
+
+/*************************************************
+* Listener socket for local work prompts *
+*************************************************/
+
+ssize_t
+daemon_client_sockname(struct sockaddr_un * sup, uschar ** sname)
+{
+#ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+sup->sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
+return offsetof(struct sockaddr_un, sun_path) + 1
+ + snprintf(sup->sun_path+1, sizeof(sup->sun_path)-1, "exim_%d", getpid());
+#else
+*sname = string_sprintf("%s/p_%d", spool_directory, getpid());
+return offsetof(struct sockaddr_un, sun_path)
+ + snprintf(sup->sun_path, sizeof(sup->sun_path), "%s", sname);
+#endif
+}
+
+ssize_t
+daemon_notifier_sockname(struct sockaddr_un * sup)
+{
+#ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+sup->sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
+return offsetof(struct sockaddr_un, sun_path) + 1
+ + snprintf(sup->sun_path+1, sizeof(sup->sun_path)-1, "%s",
+ expand_string(notifier_socket));
+#else
+return offsetof(struct sockaddr_un, sun_path)
+ + snprintf(sup->sun_path, sizeof(sup->sun_path), "%s",
+ expand_string(notifier_socket));
+#endif
+}
+
+
+static void
+daemon_notifier_socket(void)
+{
+int fd;
+const uschar * where;
+struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
+ssize_t len;
+
+if (!notifier_socket || !*notifier_socket)
+ {
+ DEBUG(D_any) debug_printf("-oY used so not creating notifier socket\n");
+ return;
+ }
+if (override_local_interfaces && !override_pid_file_path)
+ {
+ DEBUG(D_any)
+ debug_printf("-oX used without -oP so not creating notifier socket\n");
+ return;
+ }
+
+DEBUG(D_any) debug_printf("creating notifier socket\n");
+
+#ifdef SOCK_CLOEXEC
+if ((fd = socket(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0)
+ { where = US"socket"; goto bad; }
+#else
+if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0)
+ { where = US"socket"; goto bad; }
+(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+len = daemon_notifier_sockname(&sa_un);
+
+#ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+DEBUG(D_any) debug_printf(" @%s\n", sa_un.sun_path+1);
+#else /* filesystem-visible and persistent; will neeed removal */
+DEBUG(D_any) debug_printf(" %s\n", sa_un.sun_path);
+#endif
+
+if (bind(fd, (const struct sockaddr *)&sa_un, (socklen_t)len) < 0)
+ { where = US"bind"; goto bad; }
+
+#ifdef SO_PASSCRED /* Linux */
+if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0)
+ { where = US"SO_PASSCRED"; goto bad2; }
+#elif defined(LOCAL_CREDS) /* FreeBSD-ish */
+if (setsockopt(fd, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
+ { where = US"LOCAL_CREDS"; goto bad2; }
+#endif
+
+/* debug_printf("%s: fd %d\n", __FUNCTION__, fd); */
+daemon_notifier_fd = fd;
+return;
+
+bad2:
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+ Uunlink(sa_un.sun_path);
+#endif
+bad:
+ log_write(0, LOG_MAIN|LOG_PANIC, "%s %s: %s",
+ __FUNCTION__, where, strerror(errno));
+ close(fd);
+ return;
+}
+
+
+static uschar queuerun_msgid[MESSAGE_ID_LENGTH+1];
+
+/* The notifier socket has something to read. Pull the message from it, decode
+and do the action.
+
+Return TRUE if a sigalrm should be emulated */
+
+static BOOL
+daemon_notification(void)
+{
+uschar buf[256], cbuf[256];
+struct sockaddr_un sa_un;
+struct iovec iov = {.iov_base = buf, .iov_len = sizeof(buf)-1};
+struct msghdr msg = { .msg_name = &sa_un,
+ .msg_namelen = sizeof(sa_un),
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ .msg_control = cbuf,
+ .msg_controllen = sizeof(cbuf)
+ };
+ssize_t sz;
+
+buf[sizeof(buf)-1] = 0;
+if ((sz = recvmsg(daemon_notifier_fd, &msg, 0)) <= 0) return FALSE;
+if (sz >= sizeof(buf)) return FALSE;
+
+#ifdef notdef
+debug_printf("addrlen %d\n", msg.msg_namelen);
+#endif
+DEBUG(D_queue_run) debug_printf("%s from addr '%s%.*s'\n", __FUNCTION__,
+ *sa_un.sun_path ? "" : "@",
+ (int)msg.msg_namelen - (*sa_un.sun_path ? 0 : 1),
+ sa_un.sun_path + (*sa_un.sun_path ? 0 : 1));
+
+/* Refuse to handle the item unless the peer has good credentials */
+#ifdef SCM_CREDENTIALS
+# define EXIM_SCM_CR_TYPE SCM_CREDENTIALS
+#elif defined(LOCAL_CREDS) && defined(SCM_CREDS)
+# define EXIM_SCM_CR_TYPE SCM_CREDS
+#else
+ /* The OS has no way to get the creds of the caller (for a unix/datagram socket.
+ Punt; don't try to check. */
+#endif
+
+#ifdef EXIM_SCM_CR_TYPE
+for (struct cmsghdr * cp = CMSG_FIRSTHDR(&msg);
+ cp;
+ cp = CMSG_NXTHDR(&msg, cp))
+ if (cp->cmsg_level == SOL_SOCKET && cp->cmsg_type == EXIM_SCM_CR_TYPE)
+ {
+# ifdef SCM_CREDENTIALS /* Linux */
+ struct ucred * cr = (struct ucred *) CMSG_DATA(cp);
+ if (cr->uid && cr->uid != exim_uid)
+ {
+ DEBUG(D_queue_run) debug_printf("%s: sender creds pid %d uid %d gid %d\n",
+ __FUNCTION__, (int)cr->pid, (int)cr->uid, (int)cr->gid);
+ }
+# elif defined(LOCAL_CREDS) /* BSD-ish */
+ struct sockcred * cr = (struct sockcred *) CMSG_DATA(cp);
+ if (cr->sc_uid && cr->sc_uid != exim_uid)
+ {
+ DEBUG(D_queue_run) debug_printf("%s: sender creds pid ??? uid %d gid %d\n",
+ __FUNCTION__, (int)cr->sc_uid, (int)cr->sc_gid);
+ }
+# endif
+ break;
+ }
+#endif
+
+buf[sz] = 0;
+switch (buf[0])
+ {
+#ifndef DISABLE_QUEUE_RAMP
+ case NOTIFY_MSG_QRUN:
+ /* this should be a message_id */
+ DEBUG(D_queue_run)
+ debug_printf("%s: qrunner trigger: %s\n", __FUNCTION__, buf+1);
+ memcpy(queuerun_msgid, buf+1, MESSAGE_ID_LENGTH+1);
+ return TRUE;
+#endif
+
+ case NOTIFY_QUEUE_SIZE_REQ:
+ {
+ uschar buf[16];
+ int len = snprintf(CS buf, sizeof(buf), "%u", queue_count_cached());
+
+ DEBUG(D_queue_run)
+ debug_printf("%s: queue size request: %s\n", __FUNCTION__, buf);
+
+ if (sendto(daemon_notifier_fd, buf, len, 0,
+ (const struct sockaddr *)&sa_un, msg.msg_namelen) < 0)
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "%s: sendto: %s\n", __FUNCTION__, strerror(errno));
+ break;
+ }
+
+ case NOTIFY_REGEX:
+ regex_at_daemon(buf);
+ break;
+ }
+return FALSE;
+}
+
+
/*************************************************
* Exim Daemon Mainline *
void
daemon_go(void)
{
-struct passwd *pw;
-int *listen_sockets = NULL;
-int listen_socket_count = 0;
-ip_address_item *addresses = NULL;
+struct passwd * pw;
+struct pollfd * fd_polls, * tls_watch_poll = NULL, * dnotify_poll = NULL;
+int listen_socket_count = 0, poll_fd_count;
+ip_address_item * addresses = NULL;
time_t last_connection_time = (time_t)0;
int local_queue_run_max = atoi(CS expand_string(queue_run_max));
+process_purpose = US"daemon";
+
/* If any debugging options are set, turn on the D_pid bit so that all
debugging lines get the pid added. */
DEBUG(D_any|D_v) debug_selector |= D_pid;
+/* Allocate enough pollstructs for inetd mode plus the ancillary sockets;
+also used when there are no listen sockets. */
+
+fd_polls = store_get(sizeof(struct pollfd) * 3, GET_UNTAINTED);
+
if (f.inetd_wait_mode)
{
listen_socket_count = 1;
- listen_sockets = store_get(sizeof(int), FALSE);
(void) close(3);
if (dup2(0, 3) == -1)
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"failed to dup inetd socket safely away: %s", strerror(errno));
- listen_sockets[0] = 3;
+ fd_polls[0].fd = 3;
+ fd_polls[0].events = POLLIN;
(void) close(0);
(void) close(1);
(void) close(2);
for those OS for which this is necessary the first time it is called (in
order to perform an "open" on the kernel memory file). */
- #ifdef LOAD_AVG_NEEDS_ROOT
+#ifdef LOAD_AVG_NEEDS_ROOT
if (queue_only_load >= 0 || smtp_load_reserve >= 0 ||
(deliver_queue_load_max >= 0 && deliver_drop_privilege))
(void)os_getloadavg();
- #endif
+#endif
}
gstring * new_smtp_port = NULL;
gstring * new_local_interfaces = NULL;
- if (override_pid_file_path == NULL) write_pid = FALSE;
+ if (!override_pid_file_path) write_pid = FALSE;
list = override_local_interfaces;
sep = 0;
- while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+ while ((s = string_nextinlist(&list, &sep, NULL, 0)))
{
uschar joinstr[4];
- gstring ** gp;
-
- if (Ustrpbrk(s, ".:") == NULL)
- gp = &new_smtp_port;
- else
- gp = &new_local_interfaces;
+ gstring ** gp = Ustrpbrk(s, ".:") ? &new_local_interfaces : &new_smtp_port;
if (!*gp)
{
list = daemon_smtp_port;
sep = 0;
- while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+ while ((s = string_nextinlist(&list, &sep, NULL, 0)))
pct++;
- default_smtp_port = store_get((pct+1) * sizeof(int), FALSE);
+ default_smtp_port = store_get((pct+1) * sizeof(int), GET_UNTAINTED);
list = daemon_smtp_port;
sep = 0;
for (pct = 0;
- (s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size));
+ (s = string_nextinlist(&list, &sep, NULL, 0));
pct++)
{
if (isdigit(*s))
list = tls_in.on_connect_ports;
sep = 0;
+ /* the list isn't expanded so cannot be tainted. If it ever is we will trap here */
while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (!isdigit(*s))
{
ipa->port = default_smtp_port[0];
for (int i = 1; default_smtp_port[i] > 0; i++)
{
- ip_address_item *new = store_get(sizeof(ip_address_item), FALSE);
+ ip_address_item * new = store_get(sizeof(ip_address_item), GET_UNTAINTED);
memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1);
new->port = default_smtp_port[i];
}
}
- /* Get a vector to remember all the sockets in */
+ /* Get a vector to remember all the sockets in.
+ Two extra elements for the ancillary sockets */
for (ipa = addresses; ipa; ipa = ipa->next)
listen_socket_count++;
- listen_sockets = store_get(sizeof(int) * listen_socket_count, FALSE);
+ fd_polls = store_get(sizeof(struct pollfd) * (listen_socket_count + 2),
+ GET_UNTAINTED);
+ for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count + 2;
+ p++)
+ { p->fd = -1; p->events = POLLIN; }
} /* daemon_listen but not inetd_wait_mode */
if (smtp_accept_max > 0)
{
- smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot), FALSE);
+ smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot), GET_UNTAINTED);
for (int i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot;
}
}
daemon as the result of a SIGHUP. In this case, there is no need to do
anything, because the controlling terminal has long gone. Otherwise, fork, in
case current process is a process group leader (see 'man setsid' for an
- explanation) before calling setsid(). */
+ explanation) before calling setsid().
+ All other forks want daemon_listen cleared. Rather than blow a register, jsut
+ restore it here. */
if (getppid() != 1)
{
- pid_t pid = fork();
+ BOOL daemon_listen = f.daemon_listen;
+ pid_t pid = exim_fork(US"daemon");
if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"fork() failed when starting daemon: %s", strerror(errno));
if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */
(void)setsid(); /* release controlling terminal */
+ f.daemon_listen = daemon_listen;
}
}
/* We are now in the disconnected, daemon process (unless debugging). Set up
the listening sockets if required. */
+daemon_notifier_socket();
+
if (f.daemon_listen && !f.inetd_wait_mode)
{
int sk;
for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++)
{
BOOL wildcard;
- ip_address_item *ipa2;
- int af;
+ ip_address_item * ipa2;
+ int fd, af;
if (Ustrchr(ipa->address, ':') != NULL)
{
wildcard = ipa->address[0] == 0;
}
- if ((listen_sockets[sk] = ip_socket(SOCK_STREAM, af)) < 0)
+ if ((fd_polls[sk].fd = fd = ip_socket(SOCK_STREAM, af)) < 0)
{
if (check_special_case(0, addresses, ipa, FALSE))
{
goto SKIP_SOCKET;
}
log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s",
- (af == AF_INET6)? '6' : '4', strerror(errno));
+ af == AF_INET6 ? '6' : '4', strerror(errno));
}
/* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is
#ifdef IPV6_V6ONLY
if (af == AF_INET6 && wildcard &&
- setsockopt(listen_sockets[sk], IPPROTO_IPV6, IPV6_V6ONLY, CS (&on),
- sizeof(on)) < 0)
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard "
"socket failed (%s): carrying on without it", strerror(errno));
#endif /* IPV6_V6ONLY */
is being handled. Without this, a connection will prevent reuse of the
smtp port for listening. */
- if (setsockopt(listen_sockets[sk], SOL_SOCKET, SO_REUSEADDR,
- US (&on), sizeof(on)) < 0)
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket "
"failed when starting daemon: %s", strerror(errno));
/* Set TCP_NODELAY; Exim does its own buffering. There is a switch to
disable this because it breaks some broken clients. */
- if (tcp_nodelay) setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_NODELAY,
- US (&on), sizeof(on));
+ if (tcp_nodelay) setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
/* Now bind the socket to the required port; if Exim is being restarted
it may not always be possible to bind immediately, even with SO_REUSEADDR
for(;;)
{
uschar *msg, *addr;
- if (ip_bind(listen_sockets[sk], af, ipa->address, ipa->port) >= 0) break;
+ if (ip_bind(fd, af, ipa->address, ipa->port) >= 0) break;
if (check_special_case(errno, addresses, ipa, TRUE))
{
DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 "
"listen() success; EADDRINUSE ignored\n");
- (void)close(listen_sockets[sk]);
+ (void)close(fd);
goto SKIP_SOCKET;
}
msg = US strerror(errno);
else
debug_printf("listening on %s port %d\n", ipa->address, ipa->port);
+ /* Start listening on the bound socket, establishing the maximum backlog of
+ connections that is allowed. On success, add to the set of sockets for select
+ and continue to the next address. */
+
#if defined(TCP_FASTOPEN) && !defined(__APPLE__)
if ( f.tcp_fastopen_ok
- && setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN,
+ && setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN,
&smtp_connect_backlog, sizeof(smtp_connect_backlog)))
{
DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
f.tcp_fastopen_ok = FALSE;
}
#endif
-
- /* Start listening on the bound socket, establishing the maximum backlog of
- connections that is allowed. On success, continue to the next address. */
-
- if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0)
+ if (listen(fd, smtp_connect_backlog) >= 0)
{
#if defined(TCP_FASTOPEN) && defined(__APPLE__)
if ( f.tcp_fastopen_ok
- && setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN,
- &on, sizeof(on)))
+ && setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)))
{
DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
f.tcp_fastopen_ok = FALSE;
}
#endif
+ fd_polls[sk].fd = fd;
continue;
}
DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 "
"listen() success; EADDRINUSE ignored\n");
- (void)close(listen_sockets[sk]);
+ (void)close(fd);
/* Come here if there has been a problem with the socket which we
are going to ignore. We remove the address from the chain, and back up the
if (f.running_in_test_harness || write_pid)
{
- FILE *f;
-
- if (override_pid_file_path)
- pid_file_path = override_pid_file_path;
-
- if (pid_file_path[0] == 0)
- pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
-
- if ((f = modefopen(pid_file_path, "wb", 0644)))
- {
- (void)fprintf(f, "%d\n", (int)getpid());
- (void)fclose(f);
- DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
- }
- else
- DEBUG(D_any)
- debug_printf("%s\n", string_open_failed(errno, "pid file %s",
- pid_file_path));
+ const enum pid_op operation = (f.running_in_test_harness
+ || real_uid == root_uid
+ || (real_uid == exim_uid && !override_pid_file_path)) ? PID_WRITE : PID_CHECK;
+ if (!operate_on_pid_file(operation, getpid()))
+ DEBUG(D_any) debug_printf("%s pid file %s: %s\n", (operation == PID_WRITE) ? "write" : "check", pid_file_path, strerror(errno));
}
/* Set up the handler for SIGHUP, which causes a restart of the daemon. */
if (queue_interval > 0 && local_queue_run_max > 0)
{
- queue_pid_slots = store_get(local_queue_run_max * sizeof(pid_t), FALSE);
+ queue_pid_slots = store_get(local_queue_run_max * sizeof(pid_t), GET_UNTAINTED);
for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0;
}
-/* Set up the handler for termination of child processes. */
+/* Set up the handler for termination of child processes, and the one
+telling us to die. */
sigchld_seen = FALSE;
os_non_restarting_signal(SIGCHLD, main_sigchld_handler);
+sigterm_seen = FALSE;
+os_non_restarting_signal(SIGTERM, main_sigterm_handler);
+os_non_restarting_signal(SIGINT, main_sigterm_handler);
+
/* If we are to run the queue periodically, pretend the alarm has just gone
off. This will cause the first queue-runner to get kicked off straight away. */
set_process_info("daemon(%s): pre-listening socket", version_string);
/* set up the timeout logic */
- sigalrm_seen = 1;
+ sigalrm_seen = TRUE;
}
else if (f.daemon_listen)
ip_address_item * ipa;
uschar * p;
uschar * qinfo = queue_interval > 0
- ? string_sprintf("-q%s", readconf_printtime(queue_interval))
+ ? string_sprintf("-q%s%s",
+ f.queue_2stage ? "q" : "", readconf_printtime(queue_interval))
: US"no queue runs";
/* Build a list of listening addresses in big_buffer, but limit it to 10
if (*--p == '}') *p = '\0'; /* drop EOL */
while (isdigit(*--p)) ; /* char before port */
- i2->log = *p == ':' /* no list yet? */
+ i2->log = *p == ':' /* no list yet? { */
? string_sprintf("%.*s{%s,%d}",
(int)(p - i2->log + 1), i2->log, p+1, ipa->port)
: string_sprintf("%s,%d}", i2->log, ipa->port);
(eg: compile regex) */
dns_pattern_init();
+smtp_deliver_init(); /* Used for callouts */
+
+#ifndef DISABLE_DKIM
+ {
+# ifdef MEASURE_TIMING
+ struct timeval t0;
+ gettimeofday(&t0, NULL);
+# endif
+ dkim_exim_init();
+# ifdef MEASURE_TIMING
+ report_time_since(&t0, US"dkim_exim_init (delta)");
+# endif
+ }
+#endif
#ifdef WITH_CONTENT_SCAN
malware_init();
#ifdef SUPPORT_SPF
spf_init();
#endif
+#ifndef DISABLE_TLS
+tls_daemon_init();
+#endif
+
+/* Add ancillary sockets to the set for select */
+
+poll_fd_count = listen_socket_count;
+#ifndef DISABLE_TLS
+if (tls_watch_fd >= 0)
+ {
+ tls_watch_poll = &fd_polls[poll_fd_count++];
+ tls_watch_poll->fd = tls_watch_fd;
+ tls_watch_poll->events = POLLIN;
+ }
+#endif
+if (daemon_notifier_fd >= 0)
+ {
+ dnotify_poll = &fd_polls[poll_fd_count++];
+ dnotify_poll->fd = daemon_notifier_fd;
+ dnotify_poll->events = POLLIN;
+ }
/* Close the log so it can be renamed and moved. In the few cases below where
this long-running process writes to the log (always exceptional conditions), it
for (;;)
{
- #if HAVE_IPV6
- struct sockaddr_in6 accepted;
- #else
- struct sockaddr_in accepted;
- #endif
-
- EXIM_SOCKLEN_T len;
pid_t pid;
+ if (sigterm_seen)
+ daemon_die(); /* Does not return */
+
/* This code is placed first in the loop, so that it gets obeyed at the
start, before the first wait, for the queue-runner case, so that the first
one can be started immediately.
else
{
- DEBUG(D_any) debug_printf("SIGALRM received\n");
+ DEBUG(D_any) debug_printf("%s received\n",
+#ifndef DISABLE_QUEUE_RAMP
+ *queuerun_msgid ? "qrun notification" :
+#endif
+ "SIGALRM");
/* Do a full queue run in a child process, if required, unless we already
have enough queue runners on the go. If we are not running as root, a
re-exec is required. */
- if (queue_interval > 0 &&
- (local_queue_run_max <= 0 || queue_run_count < local_queue_run_max))
+ if ( queue_interval > 0
+ && (local_queue_run_max <= 0 || queue_run_count < local_queue_run_max))
{
- if ((pid = fork()) == 0)
+ if ((pid = exim_fork(US"queue-runner")) == 0)
{
- DEBUG(D_any) debug_printf("Starting queue-runner: pid %d\n",
- (int)getpid());
-
/* Disable debugging if it's required only for the daemon process. We
leave the above message, because it ties up with the "child ended"
debugging messages. */
/* Close any open listening sockets in the child */
- for (int sk = 0; sk < listen_socket_count; sk++)
- (void)close(listen_sockets[sk]);
+ close_daemon_sockets(daemon_notifier_fd,
+ fd_polls, listen_socket_count);
/* Reset SIGHUP and SIGCHLD in the child in both cases. */
signal(SIGHUP, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+ signal(SIGINT, SIG_DFL);
/* Re-exec if privilege has been given up, unless deliver_drop_
privilege is set. Reset SIGALRM before exec(). */
{
uschar opt[8];
uschar *p = opt;
- uschar *extra[5];
+ uschar *extra[7];
int extracount = 1;
signal(SIGALRM, SIG_DFL);
*p++ = '-';
*p++ = 'q';
- if (f.queue_2stage) *p++ = 'q';
+ if ( f.queue_2stage
+#ifndef DISABLE_QUEUE_RAMP
+ && !*queuerun_msgid
+#endif
+ ) *p++ = 'q';
if (f.queue_run_first_delivery) *p++ = 'i';
if (f.queue_run_force) *p++ = 'f';
if (f.deliver_force_thaw) *p++ = 'f';
if (f.queue_run_local) *p++ = 'l';
*p = 0;
- extra[0] = queue_name
+ extra[0] = *queue_name
? string_sprintf("%sG%s", opt, queue_name) : opt;
+#ifndef DISABLE_QUEUE_RAMP
+ if (*queuerun_msgid)
+ {
+ log_write(0, LOG_MAIN, "notify triggered queue run");
+ extra[extracount++] = queuerun_msgid; /* Trigger only the */
+ extra[extracount++] = queuerun_msgid; /* one message */
+ }
+#endif
+
/* If -R or -S were on the original command line, ensure they get
passed on. */
/* Overlay this process with a new execution. */
- (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, TRUE, extracount,
- extra[0], extra[1], extra[2], extra[3], extra[4]);
+ (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, extracount,
+ extra[0], extra[1], extra[2], extra[3], extra[4], extra[5], extra[6]);
/* Control never returns here. */
}
/* No need to re-exec; SIGALRM remains set to the default handler */
- queue_run(NULL, NULL, FALSE);
+#ifndef DISABLE_QUEUE_RAMP
+ if (*queuerun_msgid)
+ {
+ log_write(0, LOG_MAIN, "notify triggered queue run");
+ f.queue_2stage = FALSE;
+ queue_run(queuerun_msgid, queuerun_msgid, FALSE);
+ }
+ else
+#endif
+ queue_run(NULL, NULL, FALSE);
exim_underbar_exit(EXIT_SUCCESS);
}
/* Reset the alarm clock */
sigalrm_seen = FALSE;
- ALARM(queue_interval);
+#ifndef DISABLE_QUEUE_RAMP
+ if (*queuerun_msgid)
+ *queuerun_msgid = 0;
+ else
+#endif
+ ALARM(queue_interval);
}
} /* sigalrm_seen */
if (f.daemon_listen)
{
- int lcount, select_errno;
- int max_socket = 0;
+ int lcount;
BOOL select_failed = FALSE;
- fd_set select_listen;
-
- FD_ZERO(&select_listen);
- for (int sk = 0; sk < listen_socket_count; sk++)
- {
- FD_SET(listen_sockets[sk], &select_listen);
- if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk];
- }
DEBUG(D_any) debug_printf("Listening...\n");
errno = EINTR;
}
else
- lcount = select(max_socket + 1, (SELECT_ARG2_TYPE *)&select_listen,
- NULL, NULL, NULL);
+ lcount = poll(fd_polls, poll_fd_count, -1);
if (lcount < 0)
{
old one had just finished. Preserve the errno from any select() failure for
the use of the common select/accept error processing below. */
- select_errno = errno;
- handle_ending_processes();
- errno = select_errno;
+ {
+ int select_errno = errno;
+ handle_ending_processes();
#ifndef DISABLE_TLS
- /* Create or rotate any required keys */
- tls_daemon_init();
+ {
+ int old_tfd;
+ /* Create or rotate any required keys; handle (delayed) filewatch event */
+
+ if ((old_tfd = tls_daemon_tick()) >= 0)
+ for (struct pollfd * p = &fd_polls[listen_socket_count];
+ p < fd_polls + poll_fd_count; p++)
+ if (p->fd == old_tfd) { p->fd = tls_watch_fd ; break; }
+ }
#endif
+ errno = select_errno;
+ }
/* Loop for all the sockets that are currently ready to go. If select
actually failed, we have set the count to 1 and select_failed=TRUE, so as
while (lcount-- > 0)
{
int accept_socket = -1;
+#if HAVE_IPV6
+ struct sockaddr_in6 accepted;
+#else
+ struct sockaddr_in accepted;
+#endif
if (!select_failed)
- for (int sk = 0; sk < listen_socket_count; sk++)
- if (FD_ISSET(listen_sockets[sk], &select_listen))
+ {
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+ if (tls_watch_poll && tls_watch_poll->revents & POLLIN)
+ {
+ tls_watch_poll->revents = 0;
+ tls_watch_trigger_time = time(NULL); /* Set up delayed event */
+ tls_watch_discard_event(tls_watch_fd);
+ break; /* to top of daemon loop */
+ }
+#endif
+ if (dnotify_poll && dnotify_poll->revents & POLLIN)
+ {
+ dnotify_poll->revents = 0;
+ sigalrm_seen = daemon_notification();
+ break; /* to top of daemon loop */
+ }
+ for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count;
+ p++)
+ if (p->revents & POLLIN)
{
- len = sizeof(accepted);
- accept_socket = accept(listen_sockets[sk],
- (struct sockaddr *)&accepted, &len);
- FD_CLR(listen_sockets[sk], &select_listen);
+ EXIM_SOCKLEN_T alen = sizeof(accepted);
+#ifdef TCP_INFO
+ struct tcp_info ti;
+ socklen_t tlen = sizeof(ti);
+
+ /* If monitoring the backlog is wanted, grab for later logging */
+
+ smtp_listen_backlog = 0;
+ if ( smtp_backlog_monitor > 0
+ && getsockopt(p->fd, IPPROTO_TCP, TCP_INFO, &ti, &tlen) == 0)
+ {
+# ifdef EXIM_HAVE_TCPI_UNACKED
+ DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n",
+ p->fd, ti.tcpi_sacked, ti.tcpi_unacked);
+ smtp_listen_backlog = ti.tcpi_unacked;
+# elif defined(__FreeBSD__) /* This does not work. Investigate kernel sourcecode. */
+ DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n",
+ p->fd, ti.__tcpi_sacked, ti.__tcpi_unacked);
+ smtp_listen_backlog = ti.__tcpi_unacked;
+# endif
+ }
+#endif
+ p->revents = 0;
+ accept_socket = accept(p->fd, (struct sockaddr *)&accepted, &alen);
break;
}
+ }
/* If select or accept has failed and this was not caused by an
interruption, log the incident and try again. With asymmetric TCP/IP
accept_retry_errno = errno;
accept_retry_select_failed = select_failed;
}
- else
- {
- if (errno != accept_retry_errno ||
- select_failed != accept_retry_select_failed ||
- accept_retry_count >= 50)
- {
- log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0),
- "%d %s() failure%s: %s",
- accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
- strerror(accept_retry_errno));
- log_close_all();
- accept_retry_count = 0;
- accept_retry_errno = errno;
- accept_retry_select_failed = select_failed;
- }
- }
+ else if ( errno != accept_retry_errno
+ || select_failed != accept_retry_select_failed
+ || accept_retry_count >= 50)
+ {
+ log_write(0, LOG_MAIN | (accept_retry_count >= 50 ? LOG_PANIC : 0),
+ "%d %s() failure%s: %s",
+ accept_retry_count,
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
+ strerror(accept_retry_errno));
+ log_close_all();
+ accept_retry_count = 0;
+ accept_retry_errno = errno;
+ accept_retry_select_failed = select_failed;
+ }
accept_retry_count++;
}
-
- else
- {
- if (accept_retry_count > 0)
- {
- log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
- accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
- strerror(accept_retry_errno));
- log_close_all();
- accept_retry_count = 0;
- }
- }
+ else if (accept_retry_count > 0)
+ {
+ log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
+ accept_retry_count,
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
+ strerror(accept_retry_errno));
+ log_close_all();
+ accept_retry_count = 0;
+ }
/* If select/accept succeeded, deal with the connection. */
if (accept_socket >= 0)
{
+#ifdef TCP_QUICKACK /* Avoid pure-ACKs while in tls protocol pingpong phase */
+ /* Unfortunately we cannot be certain to do this before a TLS-on-connect
+ Client Hello arrives and is acked. We do it as early as possible. */
+ (void) setsockopt(accept_socket, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
if (inetd_wait_timeout)
last_connection_time = time(NULL);
- handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,
+ handle_smtp_call(fd_polls, listen_socket_count, accept_socket,
(struct sockaddr *)&accepted);
}
}
else
{
- struct timeval tv;
- tv.tv_sec = queue_interval;
- tv.tv_usec = 0;
- select(0, NULL, NULL, NULL, &tv);
+ struct pollfd p;
+ poll(&p, 0, queue_interval * 1000);
handle_ending_processes();
}
{
log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon",
getpid());
- for (int sk = 0; sk < listen_socket_count; sk++)
- (void)close(listen_sockets[sk]);
+ close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count);
ALARM_CLR(0);
signal(SIGHUP, SIG_IGN);
sighup_argv[0] = exim_path;
git://git.exim.org / exim.git / blobdiff