Browse Source

[core] combine duplicated getrlimit, network_init

combine duplicated getrlimit, network_init code which was duplicated
and only slightly modified for root and non-root.
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
733fa06cdb
  1. 96
      src/server.c

96
src/server.c

@ -736,9 +736,6 @@ int main (int argc, char **argv) {
#ifdef HAVE_SIGACTION
struct sigaction act;
#endif
#ifdef HAVE_GETRLIMIT
struct rlimit rlim;
#endif
#ifdef HAVE_FORK
int parent_pipe_fd = -1;
@ -755,7 +752,7 @@ int main (int argc, char **argv) {
#ifdef HAVE_GETUID
#ifndef HAVE_ISSETUGID
#define issetugid (geteuid() != getuid() || getegid() != getgid())
#define issetugid() (geteuid() != getuid() || getegid() != getgid())
#endif
i_am_root = (0 == getuid());
if (!i_am_root && issetugid()) { /* check as early as possible in main() */
@ -945,16 +942,14 @@ int main (int argc, char **argv) {
srv->max_fds = 4096;
}
if (i_am_root) {
struct group *grp = NULL;
struct passwd *pwd = NULL;
{
#ifdef HAVE_GETRLIMIT
struct rlimit rlim;
int use_rlimit = 1;
#ifdef HAVE_VALGRIND_VALGRIND_H
if (RUNNING_ON_VALGRIND) use_rlimit = 0;
#endif
#ifdef HAVE_GETRLIMIT
if (0 != getrlimit(RLIMIT_NOFILE, &rlim)) {
log_error_write(srv, __FILE__, __LINE__,
"ss", "couldn't get 'max filedescriptors'",
@ -962,11 +957,15 @@ int main (int argc, char **argv) {
return -1;
}
if (use_rlimit && srv->srvconf.max_fds) {
/**
* if we are not root can can't increase the fd-limit above rlim_max, but we can reduce it
*/
if (use_rlimit && srv->srvconf.max_fds
&& (i_am_root || srv->srvconf.max_fds <= rlim.rlim_max)) {
/* set rlimits */
rlim.rlim_cur = srv->srvconf.max_fds;
rlim.rlim_max = srv->srvconf.max_fds;
if (i_am_root) rlim.rlim_max = srv->srvconf.max_fds;
if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
log_error_write(srv, __FILE__, __LINE__,
@ -997,10 +996,22 @@ int main (int argc, char **argv) {
return -1;
}
}
}
/* we need root-perms for port < 1024 */
if (0 != network_init(srv)) {
plugins_free(srv);
server_free(srv);
return -1;
}
if (i_am_root) {
#ifdef HAVE_PWD_H
/* set user and group */
struct group *grp = NULL;
struct passwd *pwd = NULL;
if (!buffer_string_is_empty(srv->srvconf.groupname)) {
if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) {
log_error_write(srv, __FILE__, __LINE__, "sb",
@ -1036,15 +1047,7 @@ int main (int argc, char **argv) {
return -1;
}
}
#endif
/* we need root-perms for port < 1024 */
if (0 != network_init(srv)) {
plugins_free(srv);
server_free(srv);
return -1;
}
#ifdef HAVE_PWD_H
/*
* Change group before chroot, when we have access
* to /etc/group
@ -1094,61 +1097,6 @@ int main (int argc, char **argv) {
prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
}
#endif
} else {
#ifdef HAVE_GETRLIMIT
if (0 != getrlimit(RLIMIT_NOFILE, &rlim)) {
log_error_write(srv, __FILE__, __LINE__,
"ss", "couldn't get 'max filedescriptors'",
strerror(errno));
return -1;
}
/**
* we are not root can can't increase the fd-limit above rlim_max, but we can reduce it
*/
if (srv->srvconf.max_fds && srv->srvconf.max_fds <= rlim.rlim_max) {
/* set rlimits */
rlim.rlim_cur = srv->srvconf.max_fds;
if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
log_error_write(srv, __FILE__, __LINE__,
"ss", "couldn't set 'max filedescriptors'",
strerror(errno));
return -1;
}
}
if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
srv->max_fds = rlim.rlim_cur < (rlim_t)FD_SETSIZE - 200 ? (int)rlim.rlim_cur : (int)FD_SETSIZE - 200;
} else {
srv->max_fds = rlim.rlim_cur;
}
/* set core file rlimit, if enable_cores is set */
if (srv->srvconf.enable_cores && getrlimit(RLIMIT_CORE, &rlim) == 0) {
rlim.rlim_cur = rlim.rlim_max;
setrlimit(RLIMIT_CORE, &rlim);
}
#endif
if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
/* don't raise the limit above FD_SET_SIZE */
if (srv->max_fds > ((int)FD_SETSIZE) - 200) {
log_error_write(srv, __FILE__, __LINE__, "sd",
"can't raise max filedescriptors above", FD_SETSIZE - 200,
"if event-handler is 'select'. Use 'poll' or something else or reduce server.max-fds.");
return -1;
}
}
if (0 != network_init(srv)) {
plugins_free(srv);
server_free(srv);
return -1;
}
}
/* set max-conns */

Loading…
Cancel
Save