xref: /freebsd/contrib/unbound/daemon/daemon.c (revision 7d91d6b83e74edf278dde375e6049aca833cbebd)
1 /*
2  * daemon/daemon.c - collection of workers that handles requests.
3  *
4  * Copyright (c) 2007, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * The daemon consists of global settings and a number of workers.
40  */
41 
42 #include "config.h"
43 #ifdef HAVE_OPENSSL_ERR_H
44 #include <openssl/err.h>
45 #endif
46 
47 #ifdef HAVE_OPENSSL_RAND_H
48 #include <openssl/rand.h>
49 #endif
50 
51 #ifdef HAVE_OPENSSL_CONF_H
52 #include <openssl/conf.h>
53 #endif
54 
55 #ifdef HAVE_OPENSSL_ENGINE_H
56 #include <openssl/engine.h>
57 #endif
58 
59 #ifdef HAVE_TIME_H
60 #include <time.h>
61 #endif
62 #include <sys/time.h>
63 
64 #ifdef HAVE_NSS
65 /* nss3 */
66 #include "nss.h"
67 #endif
68 
69 #include "daemon/daemon.h"
70 #include "daemon/worker.h"
71 #include "daemon/remote.h"
72 #include "daemon/acl_list.h"
73 #include "util/log.h"
74 #include "util/config_file.h"
75 #include "util/data/msgreply.h"
76 #include "util/shm_side/shm_main.h"
77 #include "util/storage/lookup3.h"
78 #include "util/storage/slabhash.h"
79 #include "util/tcp_conn_limit.h"
80 #include "util/edns.h"
81 #include "services/listen_dnsport.h"
82 #include "services/cache/rrset.h"
83 #include "services/cache/infra.h"
84 #include "services/localzone.h"
85 #include "services/view.h"
86 #include "services/modstack.h"
87 #include "services/authzone.h"
88 #include "util/module.h"
89 #include "util/random.h"
90 #include "util/tube.h"
91 #include "util/net_help.h"
92 #include "sldns/keyraw.h"
93 #include "respip/respip.h"
94 #include <signal.h>
95 
96 #ifdef HAVE_SYSTEMD
97 #include <systemd/sd-daemon.h>
98 #endif
99 
100 /** How many quit requests happened. */
101 static int sig_record_quit = 0;
102 /** How many reload requests happened. */
103 static int sig_record_reload = 0;
104 
105 #if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
106 /** cleaner ssl memory freeup */
107 static void* comp_meth = NULL;
108 #endif
109 /** remove buffers for parsing and init */
110 int ub_c_lex_destroy(void);
111 
112 /** used when no other sighandling happens, so we don't die
113   * when multiple signals in quick succession are sent to us.
114   * @param sig: signal number.
115   * @return signal handler return type (void or int).
116   */
117 static RETSIGTYPE record_sigh(int sig)
118 {
119 #ifdef LIBEVENT_SIGNAL_PROBLEM
120 	/* cannot log, verbose here because locks may be held */
121 	/* quit on signal, no cleanup and statistics,
122 	   because installed libevent version is not threadsafe */
123 	exit(0);
124 #endif
125 	switch(sig)
126 	{
127 		case SIGTERM:
128 #ifdef SIGQUIT
129 		case SIGQUIT:
130 #endif
131 #ifdef SIGBREAK
132 		case SIGBREAK:
133 #endif
134 		case SIGINT:
135 			sig_record_quit++;
136 			break;
137 #ifdef SIGHUP
138 		case SIGHUP:
139 			sig_record_reload++;
140 			break;
141 #endif
142 #ifdef SIGPIPE
143 		case SIGPIPE:
144 			break;
145 #endif
146 		default:
147 			/* ignoring signal */
148 			break;
149 	}
150 }
151 
152 /**
153  * Signal handling during the time when netevent is disabled.
154  * Stores signals to replay later.
155  */
156 static void
157 signal_handling_record(void)
158 {
159 	if( signal(SIGTERM, record_sigh) == SIG_ERR ||
160 #ifdef SIGQUIT
161 		signal(SIGQUIT, record_sigh) == SIG_ERR ||
162 #endif
163 #ifdef SIGBREAK
164 		signal(SIGBREAK, record_sigh) == SIG_ERR ||
165 #endif
166 #ifdef SIGHUP
167 		signal(SIGHUP, record_sigh) == SIG_ERR ||
168 #endif
169 #ifdef SIGPIPE
170 		signal(SIGPIPE, SIG_IGN) == SIG_ERR ||
171 #endif
172 		signal(SIGINT, record_sigh) == SIG_ERR
173 		)
174 		log_err("install sighandler: %s", strerror(errno));
175 }
176 
177 /**
178  * Replay old signals.
179  * @param wrk: worker that handles signals.
180  */
181 static void
182 signal_handling_playback(struct worker* wrk)
183 {
184 #ifdef SIGHUP
185 	if(sig_record_reload)
186 		worker_sighandler(SIGHUP, wrk);
187 #endif
188 	if(sig_record_quit)
189 		worker_sighandler(SIGTERM, wrk);
190 	sig_record_quit = 0;
191 	sig_record_reload = 0;
192 }
193 
194 struct daemon*
195 daemon_init(void)
196 {
197 	struct daemon* daemon = (struct daemon*)calloc(1,
198 		sizeof(struct daemon));
199 #ifdef USE_WINSOCK
200 	int r;
201 	WSADATA wsa_data;
202 #endif
203 	if(!daemon)
204 		return NULL;
205 #ifdef USE_WINSOCK
206 	r = WSAStartup(MAKEWORD(2,2), &wsa_data);
207 	if(r != 0) {
208 		fatal_exit("could not init winsock. WSAStartup: %s",
209 			wsa_strerror(r));
210 	}
211 #endif /* USE_WINSOCK */
212 	signal_handling_record();
213 #ifdef HAVE_SSL
214 #  ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
215 	ERR_load_crypto_strings();
216 #  endif
217 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
218 	ERR_load_SSL_strings();
219 #endif
220 #  ifdef USE_GOST
221 	(void)sldns_key_EVP_load_gost_id();
222 #  endif
223 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
224 #    ifndef S_SPLINT_S
225 	OpenSSL_add_all_algorithms();
226 #    endif
227 #  else
228 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
229 		| OPENSSL_INIT_ADD_ALL_DIGESTS
230 		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
231 #  endif
232 #  if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
233 	/* grab the COMP method ptr because openssl leaks it */
234 	comp_meth = (void*)SSL_COMP_get_compression_methods();
235 #  endif
236 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
237 	(void)SSL_library_init();
238 #  else
239 	(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
240 #  endif
241 #  if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
242 	if(!ub_openssl_lock_init())
243 		fatal_exit("could not init openssl locks");
244 #  endif
245 #elif defined(HAVE_NSS)
246 	if(NSS_NoDB_Init(NULL) != SECSuccess)
247 		fatal_exit("could not init NSS");
248 #endif /* HAVE_SSL or HAVE_NSS */
249 #ifdef HAVE_TZSET
250 	/* init timezone info while we are not chrooted yet */
251 	tzset();
252 #endif
253 	daemon->need_to_exit = 0;
254 	modstack_init(&daemon->mods);
255 	if(!(daemon->env = (struct module_env*)calloc(1,
256 		sizeof(*daemon->env)))) {
257 		free(daemon);
258 		return NULL;
259 	}
260 	/* init edns_known_options */
261 	if(!edns_known_options_init(daemon->env)) {
262 		free(daemon->env);
263 		free(daemon);
264 		return NULL;
265 	}
266 	alloc_init(&daemon->superalloc, NULL, 0);
267 	daemon->acl = acl_list_create();
268 	if(!daemon->acl) {
269 		edns_known_options_delete(daemon->env);
270 		free(daemon->env);
271 		free(daemon);
272 		return NULL;
273 	}
274 	daemon->tcl = tcl_list_create();
275 	if(!daemon->tcl) {
276 		acl_list_delete(daemon->acl);
277 		edns_known_options_delete(daemon->env);
278 		free(daemon->env);
279 		free(daemon);
280 		return NULL;
281 	}
282 	listen_setup_locks();
283 	if(gettimeofday(&daemon->time_boot, NULL) < 0)
284 		log_err("gettimeofday: %s", strerror(errno));
285 	daemon->time_last_stat = daemon->time_boot;
286 	if((daemon->env->auth_zones = auth_zones_create()) == 0) {
287 		acl_list_delete(daemon->acl);
288 		tcl_list_delete(daemon->tcl);
289 		edns_known_options_delete(daemon->env);
290 		free(daemon->env);
291 		free(daemon);
292 		return NULL;
293 	}
294 	if(!(daemon->env->edns_strings = edns_strings_create())) {
295 		auth_zones_delete(daemon->env->auth_zones);
296 		acl_list_delete(daemon->acl);
297 		tcl_list_delete(daemon->tcl);
298 		edns_known_options_delete(daemon->env);
299 		free(daemon->env);
300 		free(daemon);
301 		return NULL;
302 	}
303 	return daemon;
304 }
305 
306 int
307 daemon_open_shared_ports(struct daemon* daemon)
308 {
309 	log_assert(daemon);
310 	if(daemon->cfg->port != daemon->listening_port) {
311 		char** resif = NULL;
312 		int num_resif = 0;
313 		size_t i;
314 		struct listen_port* p0;
315 		daemon->reuseport = 0;
316 		/* free and close old ports */
317 		if(daemon->ports != NULL) {
318 			for(i=0; i<daemon->num_ports; i++)
319 				listening_ports_free(daemon->ports[i]);
320 			free(daemon->ports);
321 			daemon->ports = NULL;
322 		}
323 		if(!resolve_interface_names(daemon->cfg->ifs,
324 			daemon->cfg->num_ifs, NULL, &resif, &num_resif))
325 			return 0;
326 		/* see if we want to reuseport */
327 #ifdef SO_REUSEPORT
328 		if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
329 			daemon->reuseport = 1;
330 #endif
331 		/* try to use reuseport */
332 		p0 = listening_ports_open(daemon->cfg, resif, num_resif, &daemon->reuseport);
333 		if(!p0) {
334 			listening_ports_free(p0);
335 			config_del_strarray(resif, num_resif);
336 			return 0;
337 		}
338 		if(daemon->reuseport) {
339 			/* reuseport was successful, allocate for it */
340 			daemon->num_ports = (size_t)daemon->cfg->num_threads;
341 		} else {
342 			/* do the normal, singleportslist thing,
343 			 * reuseport not enabled or did not work */
344 			daemon->num_ports = 1;
345 		}
346 		if(!(daemon->ports = (struct listen_port**)calloc(
347 			daemon->num_ports, sizeof(*daemon->ports)))) {
348 			listening_ports_free(p0);
349 			config_del_strarray(resif, num_resif);
350 			return 0;
351 		}
352 		daemon->ports[0] = p0;
353 		if(daemon->reuseport) {
354 			/* continue to use reuseport */
355 			for(i=1; i<daemon->num_ports; i++) {
356 				if(!(daemon->ports[i]=
357 					listening_ports_open(daemon->cfg,
358 						resif, num_resif,
359 						&daemon->reuseport))
360 					|| !daemon->reuseport ) {
361 					for(i=0; i<daemon->num_ports; i++)
362 						listening_ports_free(daemon->ports[i]);
363 					free(daemon->ports);
364 					daemon->ports = NULL;
365 					config_del_strarray(resif, num_resif);
366 					return 0;
367 				}
368 			}
369 		}
370 		config_del_strarray(resif, num_resif);
371 		daemon->listening_port = daemon->cfg->port;
372 	}
373 	if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
374 		listening_ports_free(daemon->rc_ports);
375 		daemon->rc_ports = NULL;
376 		daemon->rc_port = 0;
377 	}
378 	if(daemon->cfg->remote_control_enable &&
379 		daemon->cfg->control_port != daemon->rc_port) {
380 		listening_ports_free(daemon->rc_ports);
381 		if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg)))
382 			return 0;
383 		daemon->rc_port = daemon->cfg->control_port;
384 	}
385 	return 1;
386 }
387 
388 /**
389  * Setup modules. setup module stack.
390  * @param daemon: the daemon
391  */
392 static void daemon_setup_modules(struct daemon* daemon)
393 {
394 	daemon->env->cfg = daemon->cfg;
395 	daemon->env->alloc = &daemon->superalloc;
396 	daemon->env->worker = NULL;
397 	daemon->env->need_to_validate = 0; /* set by module init below */
398 	if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf,
399 		daemon->env)) {
400 		fatal_exit("failed to setup modules");
401 	}
402 	log_edns_known_options(VERB_ALGO, daemon->env);
403 }
404 
405 /**
406  * Obtain allowed port numbers, concatenate the list, and shuffle them
407  * (ready to be handed out to threads).
408  * @param daemon: the daemon. Uses rand and cfg.
409  * @param shufport: the portlist output.
410  * @return number of ports available.
411  */
412 static int daemon_get_shufport(struct daemon* daemon, int* shufport)
413 {
414 	int i, n, k, temp;
415 	int avail = 0;
416 	for(i=0; i<65536; i++) {
417 		if(daemon->cfg->outgoing_avail_ports[i]) {
418 			shufport[avail++] = daemon->cfg->
419 				outgoing_avail_ports[i];
420 		}
421 	}
422 	if(avail == 0)
423 		fatal_exit("no ports are permitted for UDP, add "
424 			"with outgoing-port-permit");
425         /* Knuth shuffle */
426 	n = avail;
427 	while(--n > 0) {
428 		k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */
429 		temp = shufport[k];
430 		shufport[k] = shufport[n];
431 		shufport[n] = temp;
432 	}
433 	return avail;
434 }
435 
436 /**
437  * Allocate empty worker structures. With backptr and thread-number,
438  * from 0..numthread initialised. Used as user arguments to new threads.
439  * Creates the daemon random generator if it does not exist yet.
440  * The random generator stays existing between reloads with a unique state.
441  * @param daemon: the daemon with (new) config settings.
442  */
443 static void
444 daemon_create_workers(struct daemon* daemon)
445 {
446 	int i, numport;
447 	int* shufport;
448 	log_assert(daemon && daemon->cfg);
449 	if(!daemon->rand) {
450 		daemon->rand = ub_initstate(NULL);
451 		if(!daemon->rand)
452 			fatal_exit("could not init random generator");
453 		hash_set_raninit((uint32_t)ub_random(daemon->rand));
454 	}
455 	shufport = (int*)calloc(65536, sizeof(int));
456 	if(!shufport)
457 		fatal_exit("out of memory during daemon init");
458 	numport = daemon_get_shufport(daemon, shufport);
459 	verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
460 
461 	daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
462 	if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
463 		log_warn("cannot reduce num-threads to %d because so-reuseport "
464 			"so continuing with %d threads.", (int)daemon->num,
465 			(int)daemon->num_ports);
466 		daemon->num = (int)daemon->num_ports;
467 	}
468 	daemon->workers = (struct worker**)calloc((size_t)daemon->num,
469 		sizeof(struct worker*));
470 	if(!daemon->workers)
471 		fatal_exit("out of memory during daemon init");
472 	if(daemon->cfg->dnstap) {
473 #ifdef USE_DNSTAP
474 		daemon->dtenv = dt_create(daemon->cfg);
475 		if (!daemon->dtenv)
476 			fatal_exit("dt_create failed");
477 #else
478 		fatal_exit("dnstap enabled in config but not built with dnstap support");
479 #endif
480 	}
481 	for(i=0; i<daemon->num; i++) {
482 		if(!(daemon->workers[i] = worker_create(daemon, i,
483 			shufport+numport*i/daemon->num,
484 			numport*(i+1)/daemon->num - numport*i/daemon->num)))
485 			/* the above is not ports/numthr, due to rounding */
486 			fatal_exit("could not create worker");
487 	}
488 	free(shufport);
489 }
490 
491 #ifdef THREADS_DISABLED
492 /**
493  * Close all pipes except for the numbered thread.
494  * @param daemon: daemon to close pipes in.
495  * @param thr: thread number 0..num-1 of thread to skip.
496  */
497 static void close_other_pipes(struct daemon* daemon, int thr)
498 {
499 	int i;
500 	for(i=0; i<daemon->num; i++)
501 		if(i!=thr) {
502 			if(i==0) {
503 				/* only close read part, need to write stats */
504 				tube_close_read(daemon->workers[i]->cmd);
505 			} else {
506 				/* complete close channel to others */
507 				tube_delete(daemon->workers[i]->cmd);
508 				daemon->workers[i]->cmd = NULL;
509 			}
510 		}
511 }
512 #endif /* THREADS_DISABLED */
513 
514 /**
515  * Function to start one thread.
516  * @param arg: user argument.
517  * @return: void* user return value could be used for thread_join results.
518  */
519 static void*
520 thread_start(void* arg)
521 {
522 	struct worker* worker = (struct worker*)arg;
523 	int port_num = 0;
524 	log_thread_set(&worker->thread_num);
525 	ub_thread_blocksigs();
526 #ifdef THREADS_DISABLED
527 	/* close pipe ends used by main */
528 	tube_close_write(worker->cmd);
529 	close_other_pipes(worker->daemon, worker->thread_num);
530 #endif
531 #ifdef SO_REUSEPORT
532 	if(worker->daemon->cfg->so_reuseport)
533 		port_num = worker->thread_num % worker->daemon->num_ports;
534 	else
535 		port_num = 0;
536 #endif
537 	if(!worker_init(worker, worker->daemon->cfg,
538 			worker->daemon->ports[port_num], 0))
539 		fatal_exit("Could not initialize thread");
540 
541 	worker_work(worker);
542 	return NULL;
543 }
544 
545 /**
546  * Fork and init the other threads. Main thread returns for special handling.
547  * @param daemon: the daemon with other threads to fork.
548  */
549 static void
550 daemon_start_others(struct daemon* daemon)
551 {
552 	int i;
553 	log_assert(daemon);
554 	verbose(VERB_ALGO, "start threads");
555 	/* skip i=0, is this thread */
556 	for(i=1; i<daemon->num; i++) {
557 		ub_thread_create(&daemon->workers[i]->thr_id,
558 			thread_start, daemon->workers[i]);
559 #ifdef THREADS_DISABLED
560 		/* close pipe end of child */
561 		tube_close_read(daemon->workers[i]->cmd);
562 #endif /* no threads */
563 	}
564 }
565 
566 /**
567  * Stop the other threads.
568  * @param daemon: the daemon with other threads.
569  */
570 static void
571 daemon_stop_others(struct daemon* daemon)
572 {
573 	int i;
574 	log_assert(daemon);
575 	verbose(VERB_ALGO, "stop threads");
576 	/* skip i=0, is this thread */
577 	/* use i=0 buffer for sending cmds; because we are #0 */
578 	for(i=1; i<daemon->num; i++) {
579 		worker_send_cmd(daemon->workers[i], worker_cmd_quit);
580 	}
581 	/* wait for them to quit */
582 	for(i=1; i<daemon->num; i++) {
583 		/* join it to make sure its dead */
584 		verbose(VERB_ALGO, "join %d", i);
585 		ub_thread_join(daemon->workers[i]->thr_id);
586 		verbose(VERB_ALGO, "join success %d", i);
587 	}
588 }
589 
590 void
591 daemon_fork(struct daemon* daemon)
592 {
593 	int have_view_respip_cfg = 0;
594 #ifdef HAVE_SYSTEMD
595 	int ret;
596 #endif
597 
598 	log_assert(daemon);
599 	if(!(daemon->views = views_create()))
600 		fatal_exit("Could not create views: out of memory");
601 	/* create individual views and their localzone/data trees */
602 	if(!views_apply_cfg(daemon->views, daemon->cfg))
603 		fatal_exit("Could not set up views");
604 
605 	if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views))
606 		fatal_exit("Could not setup access control list");
607 	if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg))
608 		fatal_exit("Could not setup TCP connection limits");
609 	if(daemon->cfg->dnscrypt) {
610 #ifdef USE_DNSCRYPT
611 		daemon->dnscenv = dnsc_create();
612 		if (!daemon->dnscenv)
613 			fatal_exit("dnsc_create failed");
614 		dnsc_apply_cfg(daemon->dnscenv, daemon->cfg);
615 #else
616 		fatal_exit("dnscrypt enabled in config but unbound was not built with "
617 				   "dnscrypt support");
618 #endif
619 	}
620 	/* create global local_zones */
621 	if(!(daemon->local_zones = local_zones_create()))
622 		fatal_exit("Could not create local zones: out of memory");
623 	if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
624 		fatal_exit("Could not set up local zones");
625 
626 	/* process raw response-ip configuration data */
627 	if(!(daemon->respip_set = respip_set_create()))
628 		fatal_exit("Could not create response IP set");
629 	if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg))
630 		fatal_exit("Could not set up response IP set");
631 	if(!respip_views_apply_cfg(daemon->views, daemon->cfg,
632 		&have_view_respip_cfg))
633 		fatal_exit("Could not set up per-view response IP sets");
634 	daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
635 		have_view_respip_cfg;
636 
637 	/* setup modules */
638 	daemon_setup_modules(daemon);
639 
640 	/* read auth zonefiles */
641 	if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1,
642 		&daemon->use_rpz, daemon->env, &daemon->mods))
643 		fatal_exit("auth_zones could not be setup");
644 
645 	/* Set-up EDNS strings */
646 	if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
647 		fatal_exit("Could not set up EDNS strings");
648 
649 	/* response-ip-xxx options don't work as expected without the respip
650 	 * module.  To avoid run-time operational surprise we reject such
651 	 * configuration. */
652 	if(daemon->use_response_ip &&
653 		modstack_find(&daemon->mods, "respip") < 0)
654 		fatal_exit("response-ip options require respip module");
655 	/* RPZ response ip triggers don't work as expected without the respip
656 	 * module.  To avoid run-time operational surprise we reject such
657 	 * configuration. */
658 	if(daemon->use_rpz &&
659 		modstack_find(&daemon->mods, "respip") < 0)
660 		fatal_exit("RPZ requires the respip module");
661 
662 	/* first create all the worker structures, so we can pass
663 	 * them to the newly created threads.
664 	 */
665 	daemon_create_workers(daemon);
666 
667 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
668 	/* in libev the first inited base gets signals */
669 	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
670 		fatal_exit("Could not initialize main thread");
671 #endif
672 
673 	/* Now create the threads and init the workers.
674 	 * By the way, this is thread #0 (the main thread).
675 	 */
676 	daemon_start_others(daemon);
677 
678 	/* Special handling for the main thread. This is the thread
679 	 * that handles signals and remote control.
680 	 */
681 #if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
682 	/* libevent has the last inited base get signals (or any base) */
683 	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
684 		fatal_exit("Could not initialize main thread");
685 #endif
686 	signal_handling_playback(daemon->workers[0]);
687 
688 	if (!shm_main_init(daemon))
689 		log_warn("SHM has failed");
690 
691 	/* Start resolver service on main thread. */
692 #ifdef HAVE_SYSTEMD
693 	ret = sd_notify(0, "READY=1");
694 	if(ret <= 0 && getenv("NOTIFY_SOCKET"))
695 		fatal_exit("sd_notify failed %s: %s. Make sure that unbound has "
696 				"access/permission to use the socket presented by systemd.",
697 				getenv("NOTIFY_SOCKET"),
698 				(ret==0?"no $NOTIFY_SOCKET": strerror(-ret)));
699 #endif
700 	log_info("start of service (%s).", PACKAGE_STRING);
701 	worker_work(daemon->workers[0]);
702 #ifdef HAVE_SYSTEMD
703 	if (daemon->workers[0]->need_to_exit)
704 		sd_notify(0, "STOPPING=1");
705 	else
706 		sd_notify(0, "RELOADING=1");
707 #endif
708 	log_info("service stopped (%s).", PACKAGE_STRING);
709 
710 	/* we exited! a signal happened! Stop other threads */
711 	daemon_stop_others(daemon);
712 
713 	/* Shutdown SHM */
714 	shm_main_shutdown(daemon);
715 
716 	daemon->need_to_exit = daemon->workers[0]->need_to_exit;
717 }
718 
719 void
720 daemon_cleanup(struct daemon* daemon)
721 {
722 	int i;
723 	log_assert(daemon);
724 	/* before stopping main worker, handle signals ourselves, so we
725 	   don't die on multiple reload signals for example. */
726 	signal_handling_record();
727 	log_thread_set(NULL);
728 	/* clean up caches because
729 	 * a) RRset IDs will be recycled after a reload, causing collisions
730 	 * b) validation config can change, thus rrset, msg, keycache clear */
731 	slabhash_clear(&daemon->env->rrset_cache->table);
732 	slabhash_clear(daemon->env->msg_cache);
733 	local_zones_delete(daemon->local_zones);
734 	daemon->local_zones = NULL;
735 	respip_set_delete(daemon->respip_set);
736 	daemon->respip_set = NULL;
737 	views_delete(daemon->views);
738 	daemon->views = NULL;
739 	if(daemon->env->auth_zones)
740 		auth_zones_cleanup(daemon->env->auth_zones);
741 	/* key cache is cleared by module desetup during next daemon_fork() */
742 	daemon_remote_clear(daemon->rc);
743 	for(i=0; i<daemon->num; i++)
744 		worker_delete(daemon->workers[i]);
745 	free(daemon->workers);
746 	daemon->workers = NULL;
747 	daemon->num = 0;
748 	alloc_clear_special(&daemon->superalloc);
749 #ifdef USE_DNSTAP
750 	dt_delete(daemon->dtenv);
751 	daemon->dtenv = NULL;
752 #endif
753 #ifdef USE_DNSCRYPT
754 	dnsc_delete(daemon->dnscenv);
755 	daemon->dnscenv = NULL;
756 #endif
757 	daemon->cfg = NULL;
758 }
759 
760 void
761 daemon_delete(struct daemon* daemon)
762 {
763 	size_t i;
764 	if(!daemon)
765 		return;
766 	modstack_desetup(&daemon->mods, daemon->env);
767 	daemon_remote_delete(daemon->rc);
768 	for(i = 0; i < daemon->num_ports; i++)
769 		listening_ports_free(daemon->ports[i]);
770 	free(daemon->ports);
771 	listening_ports_free(daemon->rc_ports);
772 	if(daemon->env) {
773 		slabhash_delete(daemon->env->msg_cache);
774 		rrset_cache_delete(daemon->env->rrset_cache);
775 		infra_delete(daemon->env->infra_cache);
776 		edns_known_options_delete(daemon->env);
777 		edns_strings_delete(daemon->env->edns_strings);
778 		auth_zones_delete(daemon->env->auth_zones);
779 	}
780 	ub_randfree(daemon->rand);
781 	alloc_clear(&daemon->superalloc);
782 	acl_list_delete(daemon->acl);
783 	tcl_list_delete(daemon->tcl);
784 	listen_desetup_locks();
785 	free(daemon->chroot);
786 	free(daemon->pidfile);
787 	free(daemon->env);
788 #ifdef HAVE_SSL
789 	listen_sslctx_delete_ticket_keys();
790 	SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
791 	SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
792 #endif
793 	free(daemon);
794 	/* lex cleanup */
795 	ub_c_lex_destroy();
796 	/* libcrypto cleanup */
797 #ifdef HAVE_SSL
798 #  if defined(USE_GOST)
799 	sldns_key_EVP_unload_gost();
800 #  endif
801 #  if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
802 #    ifndef S_SPLINT_S
803 #      if OPENSSL_VERSION_NUMBER < 0x10100000
804 	sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
805 #      endif
806 #    endif
807 #  endif
808 #  ifdef HAVE_OPENSSL_CONFIG
809 	EVP_cleanup();
810 #  if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP)
811 	ENGINE_cleanup();
812 #  endif
813 	CONF_modules_free();
814 #  endif
815 #  ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
816 	CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
817 #  endif
818 #  ifdef HAVE_ERR_FREE_STRINGS
819 	ERR_free_strings();
820 #  endif
821 #  if OPENSSL_VERSION_NUMBER < 0x10100000
822 	RAND_cleanup();
823 #  endif
824 #  if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
825 	ub_openssl_lock_delete();
826 #  endif
827 #ifndef HAVE_ARC4RANDOM
828 	_ARC4_LOCK_DESTROY();
829 #endif
830 #elif defined(HAVE_NSS)
831 	NSS_Shutdown();
832 #endif /* HAVE_SSL or HAVE_NSS */
833 	checklock_stop();
834 #ifdef USE_WINSOCK
835 	if(WSACleanup() != 0) {
836 		log_err("Could not WSACleanup: %s",
837 			wsa_strerror(WSAGetLastError()));
838 	}
839 #endif
840 }
841 
842 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
843 {
844         daemon->cfg = cfg;
845 	config_apply(cfg);
846 	if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
847 	   	cfg->msg_cache_slabs)) {
848 		slabhash_delete(daemon->env->msg_cache);
849 		daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs,
850 			HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size,
851 			msgreply_sizefunc, query_info_compare,
852 			query_entry_delete, reply_info_delete, NULL);
853 		if(!daemon->env->msg_cache) {
854 			fatal_exit("malloc failure updating config settings");
855 		}
856 	}
857 	if((daemon->env->rrset_cache = rrset_cache_adjust(
858 		daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0)
859 		fatal_exit("malloc failure updating config settings");
860 	if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache,
861 		cfg))==0)
862 		fatal_exit("malloc failure updating config settings");
863 }
864