-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.9 2006/02/07 11:19:03 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2015 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
#include "pipe.h"
+#ifdef HAVE_SETCLASSRESOURCES
+#include <login_cap.h>
+#endif
+
/* Options specific to the pipe transport. They must be in alphabetic
(void *)offsetof(pipe_transport_options_block, environment) },
{ "escape_string", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, escape_string) },
+ { "force_command", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, force_command) },
{ "freeze_exec_fail", opt_bool,
(void *)offsetof(pipe_transport_options_block, freeze_exec_fail) },
+ { "freeze_signal", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, freeze_signal) },
{ "ignore_status", opt_bool,
(void *)offsetof(pipe_transport_options_block, ignore_status) },
{ "log_defer_output", opt_bool | opt_public,
(void *)offsetof(pipe_transport_options_block, message_suffix) },
{ "path", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, path) },
+ { "permit_coredump", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, permit_coredump) },
{ "pipe_as_creator", opt_bool | opt_public,
(void *)offsetof(transport_instance, deliver_as_creator) },
{ "restrict_to_path", opt_bool,
(void *)offsetof(pipe_transport_options_block, umask) },
{ "use_bsmtp", opt_bool,
(void *)offsetof(pipe_transport_options_block, use_bsmtp) },
+ #ifdef HAVE_SETCLASSRESOURCES
+ { "use_classresources", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, use_classresources) },
+ #endif
{ "use_crlf", opt_bool,
(void *)offsetof(pipe_transport_options_block, use_crlf) },
{ "use_shell", opt_bool,
20480, /* max_output */
60*60, /* timeout */
0, /* options */
+ FALSE, /* force_command */
FALSE, /* freeze_exec_fail */
+ FALSE, /* freeze_signal */
FALSE, /* ignore_status */
+ FALSE, /* permit_coredump */
FALSE, /* restrict_to_path */
FALSE, /* timeout_defer */
FALSE, /* use_shell */
FALSE, /* use_bsmtp */
+ FALSE, /* use_classresources */
FALSE /* use_crlf */
};
+/*************************************************
+* Setup entry point *
+*************************************************/
+
+/* Called for each delivery in the privileged state, just before the uid/gid
+are changed and the main entry point is called. In a system that supports the
+login_cap facilities, this function is used to set the class resource limits
+for the user. It may also re-enable coredumps.
+
+Arguments:
+ tblock points to the transport instance
+ addrlist addresses about to be delivered (not used)
+ dummy not used (doesn't pass back data)
+ uid the uid that will be set (not used)
+ gid the gid that will be set (not used)
+ errmsg where to put an error message
+
+Returns: OK, FAIL, or DEFER
+*/
+
+static int
+pipe_transport_setup(transport_instance *tblock, address_item *addrlist,
+ transport_feedback *dummy, uid_t uid, gid_t gid, uschar **errmsg)
+{
+pipe_transport_options_block *ob =
+ (pipe_transport_options_block *)(tblock->options_block);
+
+addrlist = addrlist; /* Keep compiler happy */
+dummy = dummy;
+uid = uid;
+gid = gid;
+errmsg = errmsg;
+ob = ob;
+
+#ifdef HAVE_SETCLASSRESOURCES
+if (ob->use_classresources)
+ {
+ struct passwd *pw = getpwuid(uid);
+ if (pw != NULL)
+ {
+ login_cap_t *lc = login_getpwclass(pw);
+ if (lc != NULL)
+ {
+ setclassresources(lc);
+ login_close(lc);
+ }
+ }
+ }
+#endif
+
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+ {
+ struct rlimit rl;
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0)
+ {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+ if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+ log_write(0, LOG_MAIN,
+ "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s",
+ strerror(errno));
+ }
+ }
+#endif
+
+return OK;
+}
+
+
+
/*************************************************
* Initialization entry point *
*************************************************/
pipe_transport_options_block *ob =
(pipe_transport_options_block *)(tblock->options_block);
+/* Set up the setup entry point, to be called in the privileged state */
+
+tblock->setup = pipe_transport_setup;
+
/* If pipe_as_creator is set, then uid/gid should not be set. */
if (tblock->deliver_as_creator && (tblock->uid_set || tblock->gid_set ||
*/
static BOOL
-set_up_direct_command(uschar ***argvptr, uschar *cmd, BOOL expand_arguments,
- int expand_fail, address_item *addr, uschar *tname,
+set_up_direct_command(const uschar ***argvptr, uschar *cmd,
+ BOOL expand_arguments, int expand_fail, address_item *addr, uschar *tname,
pipe_transport_options_block *ob)
{
BOOL permitted = FALSE;
-uschar **argv;
-uschar buffer[64];
+const uschar **argv;
/* Set up "transport <name>" to be put in any error messages, and then
call the common function for creating an argument list and expanding
the items if necessary. If it fails, this function fails (error information
is in the addresses). */
-sprintf(CS buffer, "%.50s transport", tname);
if (!transport_set_up_command(argvptr, cmd, expand_arguments, expand_fail,
- addr, buffer, NULL))
+ addr, string_sprintf("%.50s transport", tname), NULL))
return FALSE;
/* Point to the set-up arguments. */
/* If allow_commands is set, see if the command is in the permitted list. */
-if (ob->allow_commands != NULL)
+if (ob->allow_commands)
{
int sep = 0;
- uschar *s, *p;
- uschar buffer[256];
+ const uschar *s;
+ uschar *p;
- s = expand_string(ob->allow_commands);
- if (s == NULL)
+ if (!(s = expand_string(ob->allow_commands)))
{
addr->transport_return = DEFER;
addr->message = string_sprintf("failed to expand string \"%s\" "
return FALSE;
}
- while ((p = string_nextinlist(&s, &sep, buffer, sizeof(buffer))) != NULL)
- {
+ while ((p = string_nextinlist(&s, &sep, NULL, 0)))
if (Ustrcmp(p, argv[0]) == 0) { permitted = TRUE; break; }
- }
}
/* If permitted is TRUE it means the command was found in the allowed list, and
}
}
- else if (ob->allow_commands != NULL)
+ else if (ob->allow_commands)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("\"%s\" command not permitted by %s "
{
int sep = 0;
uschar *p;
- uschar *listptr = ob->path;
- uschar buffer[1024];
+ const uschar *listptr = expand_string(ob->path);
- while ((p = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))) != NULL)
+ while ((p = string_nextinlist(&listptr, &sep, NULL, 0)))
{
struct stat statbuf;
sprintf(CS big_buffer, "%.256s/%.256s", p, argv[0]);
break;
}
}
- if (p == NULL)
+ if (!p)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("\"%s\" command not found for %s transport",
*/
static BOOL
-set_up_shell_command(uschar ***argvptr, uschar *cmd, BOOL expand_arguments,
- int expand_fail, address_item *addr, uschar *tname)
+set_up_shell_command(const uschar ***argvptr, uschar *cmd,
+ BOOL expand_arguments, int expand_fail, address_item *addr, uschar *tname)
{
-uschar **argv;
+const uschar **argv;
*argvptr = argv = store_get((4)*sizeof(uschar *));
for (ad = addr; ad != NULL; ad = ad->next)
{
- if (ad != addr) string_cat(s, &size, &offset, US" ", 1);
- string_cat(s, &size, &offset, ad->address, Ustrlen(ad->address));
+ /*XXX string_append_listele() ? */
+ if (ad != addr) s = string_catn(s, &size, &offset, US" ", 1);
+ s = string_cat(s, &size, &offset, ad->address);
}
- string_cat(s, &size, &offset, q, Ustrlen(q));
+ s = string_cat(s, &size, &offset, q);
s[offset] = 0;
}
int timeout = ob->timeout;
BOOL written_ok = FALSE;
BOOL expand_arguments;
-uschar **argv;
+const uschar **argv;
uschar *envp[50];
-uschar *envlist = ob->environment;
+const uschar *envlist = ob->environment;
uschar *cmd, *ss;
-uschar *eol = (ob->use_crlf)? US"\r\n" : US"\n";
+uschar *eol = ob->use_crlf ? US"\r\n" : US"\n";
+transport_ctx tctx = {
+ tblock,
+ addr,
+ ob->check_string,
+ ob->escape_string,
+ ob->options /* set at initialization time */
+};
DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
if (testflag(addr, af_pfr) && addr->local_part[0] == '|')
{
- cmd = addr->local_part + 1;
- while (isspace(*cmd)) cmd++;
- expand_arguments = testflag(addr, af_expand_pipe);
- expand_fail = FAIL;
+ if (ob->force_command)
+ {
+ /* Enables expansion of $address_pipe into seperate arguments */
+ setflag(addr, af_force_command);
+ cmd = ob->cmd;
+ expand_arguments = TRUE;
+ expand_fail = PANIC;
+ }
+ else
+ {
+ cmd = addr->local_part + 1;
+ while (isspace(*cmd)) cmd++;
+ expand_arguments = testflag(addr, af_expand_pipe);
+ expand_fail = FAIL;
+ }
}
else
{
expand_fail = PANIC;
}
-/* If no command has been supplied, we are in trouble. */
+/* If no command has been supplied, we are in trouble.
+ * We also check for an empty string since it may be
+ * coming from addr->local_part[0] == '|'
+ */
-if (cmd == NULL)
+if (cmd == NULL || *cmd == '\0')
{
addr->transport_return = DEFER;
addr->message = string_sprintf("no command specified for %s transport",
and numerical the variables in existence. These are passed in
addr->pipe_expandn for use here. */
-if (expand_arguments && addr->pipe_expandn != NULL)
+if (expand_arguments && addr->pipe_expandn)
{
uschar **ss = addr->pipe_expandn;
expand_nmax = -1;
envp[envcount++] = string_sprintf("DOMAIN=%s", deliver_domain);
envp[envcount++] = string_sprintf("HOME=%#s", deliver_home);
envp[envcount++] = string_sprintf("MESSAGE_ID=%s", message_id);
-envp[envcount++] = string_sprintf("PATH=%s", ob->path);
+envp[envcount++] = string_sprintf("PATH=%s", expand_string(ob->path));
envp[envcount++] = string_sprintf("RECIPIENT=%#s%#s%#s@%#s",
deliver_localpart_prefix, deliver_localpart, deliver_localpart_suffix,
deliver_domain);
/* Add any requested items */
-if (envlist != NULL)
+if (envlist)
{
- envlist = expand_string(envlist);
+ envlist = expand_cstring(envlist);
if (envlist == NULL)
{
addr->transport_return = DEFER;
uid/gid and current directory. Request that the new process be a process group
leader, so we can kill it and all its children on a timeout. */
-if ((pid = child_open(argv, envp, ob->umask, &fd_in, &fd_out, TRUE)) < 0)
+if ((pid = child_open(USS argv, envp, ob->umask, &fd_in, &fd_out, TRUE)) < 0)
{
addr->transport_return = DEFER;
addr->message = string_sprintf(
while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0)
{
if (addr->return_file >= 0)
- write(addr->return_file, big_buffer, rc);
+ if(write(addr->return_file, big_buffer, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
count += rc;
if (count > ob->max_output)
{
- uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n");
if (addr->return_file >= 0)
- write(addr->return_file, message, Ustrlen(message));
+ {
+ uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
+ rc = Ustrlen(message);
+ if(write(addr->return_file, message, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
+ }
killpg(pid, SIGKILL);
break;
}
if (!transport_write_string(fd_in, "MAIL FROM:<%s>%s", return_path, eol))
goto END_WRITE;
- for (a = addr; a != NULL; a = a->next)
- {
+ for (a = addr; a; a = a->next)
if (!transport_write_string(fd_in,
"RCPT TO:<%s>%s",
transport_rcpt_address(a, tblock->rcpt_include_affixes),
eol))
goto END_WRITE;
- }
if (!transport_write_string(fd_in, "DATA%s", eol)) goto END_WRITE;
}
-/* Now the actual message - the options were set at initialization time */
+/* Now the actual message */
-if (!transport_write_message(addr, fd_in, ob->options, 0, tblock->add_headers,
- tblock->remove_headers, ob->check_string, ob->escape_string,
- tblock->rewrite_rules, tblock->rewrite_existflags))
+if (!transport_write_message(fd_in, &tctx, 0))
goto END_WRITE;
/* Now any configured suffix */
-if (ob->message_suffix != NULL)
+if (ob->message_suffix)
{
uschar *suffix = expand_string(ob->message_suffix);
- if (suffix == NULL)
+ if (!suffix)
{
addr->transport_return = search_find_defer? DEFER : PANIC;
addr->message = string_sprintf("Expansion of \"%s\" (suffix for %s "
"transport: %s%s", tblock->name, strerror(errno), tmsg);
}
+ /* Since the transport_filter timed out we assume it has sent the child process
+ a malformed or incomplete data stream. Kill off the child process
+ and prevent checking its exit status as it will has probably exited in error.
+ This prevents the transport_filter timeout message from getting overwritten
+ by the exit error which is not the cause of the problem. */
+
+ else if (transport_filter_timed_out)
+ {
+ killpg(pid, SIGKILL);
+ kill(outpid, SIGKILL);
+ }
+
/* Either the process completed, but yielded a non-zero (necessarily
positive) status, or the process was terminated by a signal (rc will contain
the negation of the signal number). Treat killing by signal as failure unless
- status is being ignored. */
+ status is being ignored. By default, the message is bounced back, unless
+ freeze_signal is set, in which case it is frozen instead. */
else if (rc < 0)
{
- if (!ob->ignore_status)
+ if (ob->freeze_signal)
+ {
+ addr->transport_return = DEFER;
+ addr->special_action = SPECIAL_FREEZE;
+ addr->message = string_sprintf("Child process of %s transport (running "
+ "command \"%s\") was terminated by signal %d (%s)%s", tblock->name, cmd,
+ -rc, os_strsignal(-rc), tmsg);
+ }
+ else if (!ob->ignore_status)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("Child process of %s transport (running "
else
{
- uschar *s = ob->temp_errors;
+ const uschar *s = ob->temp_errors;
uschar *p;
- uschar buffer[64];
int sep = 0;
addr->transport_return = FAIL;
- while ((p = string_nextinlist(&s,&sep,buffer,sizeof(buffer))) != NULL)
- {
+ while ((p = string_nextinlist(&s,&sep,NULL,0)))
if (rc == Uatoi(p)) { addr->transport_return = DEFER; break; }
- }
}
/* Ensure the message contains the expanded command and arguments. This
if (*ss != 0)
{
- addr->message = string_cat(addr->message, &size, &ptr, US" ", 1);
- addr->message = string_cat(addr->message, &size, &ptr,
- ss, Ustrlen(ss));
+ addr->message = string_catn(addr->message, &size, &ptr, US" ", 1);
+ addr->message = string_cat (addr->message, &size, &ptr, ss);
}
/* Now add the command and arguments */
- addr->message = string_cat(addr->message, &size, &ptr,
+ addr->message = string_catn(addr->message, &size, &ptr,
US" from command:", 14);
for (i = 0; i < sizeof(argv)/sizeof(int *) && argv[i] != NULL; i++)
{
BOOL quote = FALSE;
- addr->message = string_cat(addr->message, &size, &ptr, US" ", 1);
+ addr->message = string_catn(addr->message, &size, &ptr, US" ", 1);
if (Ustrpbrk(argv[i], " \t") != NULL)
{
quote = TRUE;
- addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1);
+ addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1);
}
- addr->message = string_cat(addr->message, &size, &ptr, argv[i],
- Ustrlen(argv[i]));
+ addr->message = string_cat(addr->message, &size, &ptr, argv[i]);
if (quote)
- addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1);
+ addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1);
}
/* Add previous filter timeout message, if present. */
- if (*tmsg != 0)
- addr->message = string_cat(addr->message, &size, &ptr, tmsg,
- Ustrlen(tmsg));
+ if (*tmsg)
+ addr->message = string_cat(addr->message, &size, &ptr, tmsg);
addr->message[ptr] = 0; /* Ensure concatenated string terminated */
}
projects / exim.git / blobdiff