X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fchild.c;h=20083b43c80bc49e550297d7c7f9b360fe5baa41;hb=37dd1b19b4304fd3f0b8a3bf2019f435bd7bfb18;hp=1c48a4e4c845792bbb95ce595500d701502406ef;hpb=059ec3d9952740285fb1ebf47961b8aca2eb1b4a;p=exim.git diff --git a/src/src/child.c b/src/src/child.c index 1c48a4e4c..20083b43c 100644 --- a/src/src/child.c +++ b/src/src/child.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/child.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -32,13 +30,13 @@ static void force_fd(int oldfd, int newfd) { if (oldfd == newfd) return; -close(newfd); -dup2(oldfd, newfd); -close(oldfd); +(void)close(newfd); +(void)dup2(oldfd, newfd); +(void)close(oldfd); } - +#ifndef STAND_ALONE /************************************************* * Build argv list and optionally re-exec Exim * *************************************************/ @@ -174,6 +172,11 @@ the new process, and returns that to the caller via fdptr. The function returns the pid of the new process, or -1 if things go wrong. If debug_fd is non-negative, it is passed as stderr. +This interface is now a just wrapper for the more complicated function +child_open_exim2(), which has additional arguments. The wrapper must continue +to exist, even if all calls from within Exim are changed, because it is +documented for use from local_scan(). + Argument: fdptr pointer to int for the stdin fd Returns: pid of the created process or -1 if anything has gone wrong */ @@ -181,6 +184,24 @@ Returns: pid of the created process or -1 if anything has gone wrong pid_t child_open_exim(int *fdptr) { +return child_open_exim2(fdptr, US"<>", bounce_sender_authentication); +} + + +/* This is a more complicated function for creating a child Exim process, with +more arguments. + +Arguments: + fdptr pointer to int for the stdin fd + sender for a sender address (data for -f) + sender_authentication authenticated sender address or NULL + +Returns: pid of the created process or -1 if anything has gone wrong +*/ + +pid_t +child_open_exim2(int *fdptr, uschar *sender, uschar *sender_authentication) +{ int pfd[2]; int save_errno; pid_t pid; @@ -196,28 +217,46 @@ pid = fork(); /* Child process: make the reading end of the pipe into the standard input and close the writing end. If debugging, pass debug_fd as stderr. Then re-exec -Exim. Failure is signalled with EX_EXECFAILED, but this shouldn't occur! */ +Exim with appropriat options. In the test harness, use -odi unless queue_only +is set, so that the bounce is fully delivered before returning. Failure is +signalled with EX_EXECFAILED (specified by CEE_EXEC_EXIT), but this shouldn't +occur. */ if (pid == 0) { force_fd(pfd[pipe_read], 0); - close(pfd[pipe_write]); + (void)close(pfd[pipe_write]); if (debug_fd > 0) force_fd(debug_fd, 2); - if (bounce_sender_authentication != NULL) - child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 8, - US"-t", US"-oem", US"-oi", US"-f", US"<>", US"-oMas", - bounce_sender_authentication, message_id_option); - else - child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 6, - US"-t", US"-oem", US"-oi", US"-f", US"<>", message_id_option); - /* Control does not return here. */ + if (running_in_test_harness && !queue_only) + { + if (sender_authentication != NULL) + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 9, + US "-odi", US"-t", US"-oem", US"-oi", US"-f", sender, US"-oMas", + sender_authentication, message_id_option); + else + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 7, + US "-odi", US"-t", US"-oem", US"-oi", US"-f", sender, + message_id_option); + /* Control does not return here. */ + } + else /* Not test harness */ + { + if (sender_authentication != NULL) + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 8, + US"-t", US"-oem", US"-oi", US"-f", sender, US"-oMas", + sender_authentication, message_id_option); + else + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 6, + US"-t", US"-oem", US"-oi", US"-f", sender, message_id_option); + /* Control does not return here. */ + } } /* Parent process. Save fork() errno and close the reading end of the stdin pipe. */ save_errno = errno; -close(pfd[pipe_read]); +(void)close(pfd[pipe_read]); /* Fork succeeded */ @@ -229,11 +268,11 @@ if (pid > 0) /* Fork failed */ -close(pfd[pipe_write]); +(void)close(pfd[pipe_write]); errno = save_errno; return (pid_t)(-1); } - +#endif /* STAND_ALONE */ @@ -247,7 +286,9 @@ them to the caller. The standard error is cloned to the output. If there are any file descriptors "in the way" in the new process, they are closed. A new umask is supplied for the process, and an optional new uid and gid are also available. These are used by the queryprogram router to set an unprivileged id. -The function returns the pid of the new process, or -1 if things go wrong. +SIGUSR1 is always disabled in the new process, as it is not going to be running +Exim (the function child_open_exim() is provided for that). This function +returns the pid of the new process, or -1 if things go wrong. Arguments: argv the argv for exec in the new process @@ -278,8 +319,8 @@ pid_t pid; if (pipe(inpfd) != 0) return (pid_t)(-1); if (pipe(outpfd) != 0) { - close(inpfd[pipe_read]); - close(inpfd[pipe_write]); + (void)close(inpfd[pipe_read]); + (void)close(inpfd[pipe_write]); return (pid_t)(-1); } @@ -290,39 +331,58 @@ otherwise. Save the old state for resetting on the wait. */ oldsignal = signal(SIGCHLD, SIG_DFL); pid = fork(); -/* The child process becomes a process group leader if requested, and then -organizes the pipes. Any unexpected failure is signalled with EX_EXECFAILED; -these are all "should never occur" failures, except perhaps for exec failing -because the command doesn't exist. */ +/* Handle the child process. First, set the required environment. We must do +this before messing with the pipes, in order to be able to write debugging +output when things go wrong. */ if (pid == 0) { - if (make_leader && setpgid(0,0) < 0) goto CHILD_FAILED; + signal(SIGUSR1, SIG_IGN); + signal(SIGPIPE, SIG_DFL); - close(inpfd[pipe_write]); - force_fd(inpfd[pipe_read], 0); + if (newgid != NULL && setgid(*newgid) < 0) + { + DEBUG(D_any) debug_printf("failed to set gid=%ld in subprocess: %s\n", + (long int)(*newgid), strerror(errno)); + goto CHILD_FAILED; + } - close(outpfd[pipe_read]); - force_fd(outpfd[pipe_write], 1); + if (newuid != NULL && setuid(*newuid) < 0) + { + DEBUG(D_any) debug_printf("failed to set uid=%ld in subprocess: %s\n", + (long int)(*newuid), strerror(errno)); + goto CHILD_FAILED; + } - close(2); - dup2(1, 2); + (void)umask(newumask); + + if (wd != NULL && Uchdir(wd) < 0) + { + DEBUG(D_any) debug_printf("failed to chdir to %s: %s\n", wd, + strerror(errno)); + goto CHILD_FAILED; + } - /* Set the required environment. If changing uid, ensure that - SIGUSR1 is ignored, as the process won't have the privilege to - write to the process log. */ + /* Becomes a process group leader if requested, and then organize the pipes. + Any unexpected failure is signalled with EX_EXECFAILED; these are all "should + never occur" failures, except for exec failing because the command doesn't + exist. */ - if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED; - if (newuid != NULL) + if (make_leader && setpgid(0,0) < 0) { - signal(SIGUSR1, SIG_IGN); - if (setuid(*newuid) < 0) goto CHILD_FAILED; + DEBUG(D_any) debug_printf("failed to set group leader in subprocess: %s\n", + strerror(errno)); + goto CHILD_FAILED; } - (void)umask(newumask); - /* Set the working directory if required */ + (void)close(inpfd[pipe_write]); + force_fd(inpfd[pipe_read], 0); + + (void)close(outpfd[pipe_read]); + force_fd(outpfd[pipe_write], 1); - if (wd != NULL && Uchdir(wd) < 0) goto CHILD_FAILED; + (void)close(2); + (void)dup2(1, 2); /* Now do the exec */ @@ -331,7 +391,7 @@ if (pid == 0) /* Failed to execv. Signal this failure using EX_EXECFAILED. We are losing the actual errno we got back, because there is no way to return - this. */ + this information. */ CHILD_FAILED: _exit(EX_EXECFAILED); /* Note: must be _exit(), NOT exit() */ @@ -341,8 +401,8 @@ if (pid == 0) stdin pipe, and the writing end of the stdout pipe. */ save_errno = errno; -close(inpfd[pipe_read]); -close(outpfd[pipe_write]); +(void)close(inpfd[pipe_read]); +(void)close(outpfd[pipe_write]); /* Fork succeeded; return the input/output pipes and the pid */ @@ -355,8 +415,8 @@ if (pid > 0) /* Fork failed; reset fork errno before returning */ -close(inpfd[pipe_write]); -close(outpfd[pipe_read]); +(void)close(inpfd[pipe_write]); +(void)close(outpfd[pipe_read]); errno = save_errno; return (pid_t)(-1); } @@ -369,9 +429,9 @@ return (pid_t)(-1); *************************************************/ /* This function is a wrapper for child_open_uid() that doesn't have the uid, -gid, and working directory changing arguments. It is provided so as to have a -clean interface for use from local_scan(), but also saves writing NULL -arguments in other calls. +gid and working directory changing arguments. The function is provided so as to +have a clean interface for use from local_scan(), but also saves writing NULL +arguments several calls that would otherwise use child_open_uid(). Arguments: argv the argv for exec in the new process