};
/* Command line option variables */
-static bool opt_create_keypair = FALSE;
static char *opt_keypath = NULL;
static char *opt_pkcs = "rsa";
static char *opt_identifier = NULL;
-static int opt_bits = 1024;
+static int opt_bits = 2048;
/* Prints out the usage of silc client */
exit(0);
}
-/* Dies if a *valid* pid file exists already */
+/* Die if a *valid* pid file exists already */
static void silc_server_checkpid(SilcServer silcd)
{
}
}
+/* Drop root privileges. If some system call fails, die. */
+
+static void silc_server_drop_privs(SilcServer server)
+{
+ /* Are we executing silcd as root or a regular user? */
+ if (geteuid()) {
+ SILC_LOG_DEBUG(("Server started as user"));
+ }
+ else {
+ struct passwd *pw;
+ struct group *gr;
+ char *user, *group;
+
+ SILC_LOG_DEBUG(("Server started as root. Dropping privileges."));
+
+ /* Get the values given for user and group in configuration file */
+ user = server->config->server_info->user;
+ group = server->config->server_info->group;
+
+ if (!user || !group) {
+ fprintf(stderr, "Error:"
+ "\tSILC server must not be run as root. For the security of your\n"
+ "\tsystem it is strongly suggested that you run SILC under dedicated\n"
+ "\tuser account. Modify the ServerInfo configuration section to run\n"
+ "\tthe server as non-root user.\n");
+ exit(1);
+ }
+
+ /* Check whether the user/group does not begin with a number */
+ if (isdigit(user[0]) || isdigit(group[0])) {
+ SILC_LOG_DEBUG(("User and/or group starts with a number"));
+ fprintf(stderr, "Invalid user and/or group information\n");
+ fprintf(stderr, "Please assign them as names, not numbers\n");
+ exit(1);
+ }
+
+ if (!(pw = getpwnam(user))) {
+ fprintf(stderr, "Error: No such user %s found.\n", user);
+ exit(1);
+ }
+ if (!(gr = getgrnam(group))) {
+ fprintf(stderr, "Error: No such group %s found.\n", group);
+ exit(1);
+ }
+
+ /* Check whether user and/or group is set to root. If yes, exit
+ immediately. Otherwise, setgid and setuid server to user.group */
+ if ((gr->gr_gid == 0) || (pw->pw_uid == 0)) {
+ fprintf(stderr, "Error:"
+ "\tSILC server must not be run as root. For the security of your\n"
+ "\tsystem it is strongly suggested that you run SILC under dedicated\n"
+ "\tuser account. Modify the ServerInfo configuration section to run\n"
+ "\tthe server as non-root user.\n");
+ exit(1);
+ }
+
+ SILC_LOG_DEBUG(("Changing to group %s (gid=%u)", group, gr->gr_gid));
+ if (setgid(gr->gr_gid) != 0) {
+ fprintf(stderr, "Error: Failed setgid() to %s (gid=%u). Exiting.\n",
+ group, gr->gr_gid);
+ exit(1);
+ }
+#if defined HAVE_SETGROUPS && defined HAVE_INITGROUPS
+ SILC_LOG_DEBUG(("Removing supplementary groups"));
+ if (setgroups(0, NULL) != 0) {
+ fprintf(stderr, "Error: Failed setgroups() to NULL. Exiting.\n");
+ exit(1);
+ }
+ SILC_LOG_DEBUG(("Setting supplementary groups for user %s", user));
+ if (initgroups(user, gr->gr_gid) != 0) {
+ fprintf(stderr, "Error: Failed initgroups() for user %s (gid=%u). "
+ "Exiting.\n", user, gr->gr_gid);
+ exit(1);
+ }
+#endif
+ SILC_LOG_DEBUG(("Changing to user %s (uid=%u)", user, pw->pw_uid));
+ if (setuid(pw->pw_uid) != 0) {
+ fprintf(stderr, "Error: Failed to setuid() to %s (gid=%u). Exiting.\n",
+ user, pw->pw_uid);
+ exit(1);
+ }
+ }
+}
+
+/* Fork server to background */
+
+static void silc_server_daemonise(SilcServer server)
+{
+ int i;
+
+ SILC_LOG_DEBUG(("Forking SILC server to background"));
+
+ if ((i = fork()) < 0) {
+ fprintf(stderr, "Error: fork() failed: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ if (i) /* Kill the parent */
+ exit(0);
+
+ server->background = TRUE;
+ setsid();
+
+ /* XXX close stdin, stdout, stderr -- before this, check that all writes
+ to stderr are changed to SILC_SERVER_LOG_ERROR() */
+}
+
static void signal_handler(int sig)
{
/* Mark the signal to be caller after this signal is over. */
SILC_TASK_CALLBACK(got_hup)
{
/* First, reset all log files (they might have been deleted) */
- /* XXX this may be redundant with the silc_server_config_setlogfiles() call.
- * merge these two with the appropriate checking. */
silc_log_reset_all();
+
/* Rehash the configuration file */
silc_server_rehash(silcd);
}
silc_schedule_stop(silcd->schedule);
}
+/* Dump server statistics into a file into /tmp directory */
+
+SILC_TASK_CALLBACK(dump_stats)
+{
+ FILE *fdd;
+ char filename[256];
+
+ memset(filename, 0, sizeof(filename));
+ snprintf(filename, sizeof(filename) - 1, "/tmp/silcd.%d.stats", getpid());
+ fdd = fopen(filename, "w+");
+ if (!fdd)
+ return;
+
+#define STAT_OUTPUT(fmt, stat) fprintf(fdd, fmt "\n", (int)stat);
+
+ fprintf(fdd, "SILC Server %s Statistics\n\n", silcd->server_name);
+ fprintf(fdd, "Local Stats:\n");
+ STAT_OUTPUT(" My clients : %d", silcd->stat.my_clients);
+ STAT_OUTPUT(" My servers : %d", silcd->stat.my_servers);
+ STAT_OUTPUT(" My routers : %d", silcd->stat.my_routers);
+ STAT_OUTPUT(" My channels : %d", silcd->stat.my_channels);
+ STAT_OUTPUT(" My joined users : %d", silcd->stat.my_chanclients);
+ STAT_OUTPUT(" My aways : %d", silcd->stat.my_aways);
+ STAT_OUTPUT(" My detached clients : %d", silcd->stat.my_detached);
+ STAT_OUTPUT(" My server operators : %d", silcd->stat.my_server_ops);
+ STAT_OUTPUT(" My router operators : %d", silcd->stat.my_router_ops);
+ fprintf(fdd, "\nGlobal Stats:\n");
+ STAT_OUTPUT(" Cell clients : %d", silcd->stat.cell_clients);
+ STAT_OUTPUT(" Cell servers : %d", silcd->stat.cell_servers);
+ STAT_OUTPUT(" Cell channels : %d", silcd->stat.cell_channels);
+ STAT_OUTPUT(" Cell joined users : %d", silcd->stat.cell_chanclients);
+ STAT_OUTPUT(" All clients : %d", silcd->stat.clients);
+ STAT_OUTPUT(" All servers : %d", silcd->stat.servers);
+ STAT_OUTPUT(" All routers : %d", silcd->stat.routers);
+ STAT_OUTPUT(" All channels : %d", silcd->stat.channels);
+ STAT_OUTPUT(" All joined users : %d", silcd->stat.chanclients);
+ STAT_OUTPUT(" All aways : %d", silcd->stat.aways);
+ STAT_OUTPUT(" All detached clients : %d", silcd->stat.detached);
+ STAT_OUTPUT(" All server operators : %d", silcd->stat.server_ops);
+ STAT_OUTPUT(" All router operators : %d", silcd->stat.router_ops);
+ fprintf(fdd, "\nGeneral Stats:\n");
+ STAT_OUTPUT(" Connection attempts : %d", silcd->stat.conn_attempts);
+ STAT_OUTPUT(" Connection failures : %d", silcd->stat.conn_failures);
+ STAT_OUTPUT(" Authentication attempts : %d", silcd->stat.auth_attempts);
+ STAT_OUTPUT(" Authentication failures : %d", silcd->stat.auth_failures);
+ STAT_OUTPUT(" Packets sent : %d", silcd->stat.packets_sent);
+ STAT_OUTPUT(" Packets received : %d", silcd->stat.packets_received);
+
+ fflush(fdd);
+ fclose(fdd);
+}
+
+/* This function should not be called directly but throught the wrapper
+ macro SILC_SERVER_LOG_STDERR() */
+
void silc_server_stderr(char *message)
{
if (silcd->background)
{
int ret, opt, option_index;
bool foreground = FALSE;
+ bool opt_create_keypair = FALSE;
char *silcd_config_file = NULL;
struct sigaction sa;
/* Parse command line arguments */
if (argc > 1) {
- while ((opt = getopt_long(argc, argv, "f:p:d::xhFVC:",
+ while ((opt = getopt_long(argc, argv, "f:p:d:xhFVC:",
long_opts, &option_index)) != EOF) {
- switch(opt)
- {
+ switch(opt) {
case 'h':
silc_usage();
break;
case 'V':
printf("SILCd Secure Internet Live Conferencing daemon, "
"version %s (base: SILC Toolkit %s)\n",
- silc_dist_version, silc_version);
+ silc_dist_version, silc_version);
printf("(c) 1997 - 2002 Pekka Riikonen "
"<priikone@silcnet.org>\n");
exit(0);
default:
silc_usage();
break;
- }
+ }
}
}
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGUSR1, &sa, NULL);
silc_schedule_signal_register(silcd->schedule, SIGHUP, got_hup, NULL);
silc_schedule_signal_register(silcd->schedule, SIGTERM, stop_server, NULL);
silc_schedule_signal_register(silcd->schedule, SIGINT, stop_server, NULL);
+ silc_schedule_signal_register(silcd->schedule, SIGUSR1, dump_stats, NULL);
if (!foreground) {
- /* Drop root. */
- silc_server_drop(silcd);
-
/* Before running the server, fork to background. */
silc_server_daemonise(silcd);
}
}
+ /* Drop root if we are not in debug mode, so you don't need to bother about
+ file writing permissions and so on */
+ if (!silc_debug)
+ silc_server_drop_privs(silcd);
+
/* Run the server. When this returns the server has been stopped
and we will exit. */
silc_server_run(silcd);
/* Stop the server and free it. */
silc_server_stop(silcd);
- silc_server_free(silcd);
silc_server_config_destroy(silcd->config);
+ silc_server_free(silcd);
/* Flush the logging system */
silc_log_flush_all();
+ silc_free(silcd_config_file);
+ silc_free(opt_identifier);
+ silc_free(opt_keypath);
exit(0);
+
fail:
+ silc_free(silcd_config_file);
+ silc_free(opt_identifier);
+ silc_free(opt_keypath);
exit(1);
}
}
if (!bits)
- bits = 1024;
+ bits = 2048;
if (!identifier)
identifier = silc_server_create_identifier();
/* Save public key into file */
key = silc_pkcs_get_public_key(pkcs, &key_len);
- pub_key = silc_pkcs_public_key_alloc(pkcs->pkcs->name, identifier,
+ pub_key = silc_pkcs_public_key_alloc(silc_pkcs_get_name(pkcs), identifier,
key, key_len);
silc_pkcs_save_public_key(pkfile, pub_key, SILC_PKCS_FILE_PEM);
if (ret_pub_key)
/* Save private key into file */
key = silc_pkcs_get_private_key(pkcs, &key_len);
- prv_key = silc_pkcs_private_key_alloc(pkcs->pkcs->name, key, key_len);
+ prv_key = silc_pkcs_private_key_alloc(silc_pkcs_get_name(pkcs),
+ key, key_len);
silc_pkcs_save_private_key(prvfile, prv_key, NULL, SILC_PKCS_FILE_BIN);
if (ret_prv_key)
*ret_prv_key = prv_key;