X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/059ec3d9952740285fb1ebf47961b8aca2eb1b4a..8c513105fde2b8be3397216a0153f9b266fc7dfb:/src/src/child.c diff --git a/src/src/child.c b/src/src/child.c index 1c48a4e4c..2262678eb 100644 --- a/src/src/child.c +++ b/src/src/child.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/child.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2015 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -12,6 +10,10 @@ static void (*oldsignal)(int); +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) +static uschar tls_requiretls_copy = 0; +#endif + /************************************************* * Ensure an fd has a given value * @@ -32,13 +34,13 @@ static void force_fd(int oldfd, int newfd) { if (oldfd == newfd) return; -close(newfd); -dup2(oldfd, newfd); -close(oldfd); +(void)close(newfd); +(void)dup2(oldfd, newfd); +(void)close(oldfd); } - +#ifndef STAND_ALONE /************************************************* * Build argv list and optionally re-exec Exim * *************************************************/ @@ -74,9 +76,14 @@ child_exec_exim(int exec_type, BOOL kill_v, int *pcount, BOOL minimal, { int first_special = -1; int n = 0; -int extra = (pcount != NULL)? *pcount : 0; -uschar **argv = - store_get((extra + acount + MAX_CLMACROS + 16) * sizeof(char *)); +int extra = pcount ? *pcount : 0; +uschar **argv; + +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) +if (tls_requiretls) extra++; +#endif + +argv = store_get((extra + acount + MAX_CLMACROS + 18) * sizeof(char *)); /* In all case, the list starts out with the path, any macros, and a changed config file. */ @@ -87,7 +94,7 @@ if (clmacro_count > 0) memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *)); n += clmacro_count; } -if (config_changed) +if (f.config_changed) { argv[n++] = US"-C"; argv[n++] = config_main_filename; @@ -110,13 +117,23 @@ if (!minimal) if (debug_selector != 0) argv[n++] = string_sprintf("-d=0x%x", debug_selector); } - if (dont_deliver) argv[n++] = US"-N"; - if (queue_smtp) argv[n++] = US"-odqs"; - if (synchronous_delivery) argv[n++] = US"-odi"; + if (f.dont_deliver) argv[n++] = US"-N"; + if (f.queue_smtp) argv[n++] = US"-odqs"; + if (f.synchronous_delivery) argv[n++] = US"-odi"; if (connection_max_messages >= 0) argv[n++] = string_sprintf("-oB%d", connection_max_messages); + if (*queue_name) + { + argv[n++] = US"-MCG"; + argv[n++] = queue_name; + } } +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) +if (tls_requiretls_copy & REQUIRETLS_MSG) + argv[n++] = US"-MS"; +#endif + /* Now add in any others that are in the call. Remember which they were, for more helpful diagnosis on failure. */ @@ -143,7 +160,7 @@ if (exec_type == CEE_RETURN_ARGV) failure. We know that there will always be at least one extra option in the call when exec() is done here, so it can be used to add to the panic data. */ -DEBUG(D_exec) debug_print_argv(argv); +DEBUG(D_exec) debug_print_argv(CUSS argv); exim_nullstd(); /* Make sure std{in,out,err} exist */ execv(CS argv[0], (char *const *)argv); @@ -174,6 +191,11 @@ the new process, and returns that to the caller via fdptr. The function returns the pid of the new process, or -1 if things go wrong. If debug_fd is non-negative, it is passed as stderr. +This interface is now a just wrapper for the more complicated function +child_open_exim2(), which has additional arguments. The wrapper must continue +to exist, even if all calls from within Exim are changed, because it is +documented for use from local_scan(). + Argument: fdptr pointer to int for the stdin fd Returns: pid of the created process or -1 if anything has gone wrong */ @@ -181,6 +203,24 @@ Returns: pid of the created process or -1 if anything has gone wrong pid_t child_open_exim(int *fdptr) { +return child_open_exim2(fdptr, US"<>", bounce_sender_authentication); +} + + +/* This is a more complicated function for creating a child Exim process, with +more arguments. + +Arguments: + fdptr pointer to int for the stdin fd + sender for a sender address (data for -f) + sender_authentication authenticated sender address or NULL + +Returns: pid of the created process or -1 if anything has gone wrong +*/ + +pid_t +child_open_exim2(int *fdptr, uschar *sender, uschar *sender_authentication) +{ int pfd[2]; int save_errno; pid_t pid; @@ -196,28 +236,49 @@ pid = fork(); /* Child process: make the reading end of the pipe into the standard input and close the writing end. If debugging, pass debug_fd as stderr. Then re-exec -Exim. Failure is signalled with EX_EXECFAILED, but this shouldn't occur! */ +Exim with appropriate options. In the test harness, use -odi unless queue_only +is set, so that the bounce is fully delivered before returning. Failure is +signalled with EX_EXECFAILED (specified by CEE_EXEC_EXIT), but this shouldn't +occur. */ if (pid == 0) { +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) + tls_requiretls_copy = tls_requiretls; +#endif force_fd(pfd[pipe_read], 0); - close(pfd[pipe_write]); + (void)close(pfd[pipe_write]); if (debug_fd > 0) force_fd(debug_fd, 2); - if (bounce_sender_authentication != NULL) - child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 8, - US"-t", US"-oem", US"-oi", US"-f", US"<>", US"-oMas", - bounce_sender_authentication, message_id_option); - else - child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 6, - US"-t", US"-oem", US"-oi", US"-f", US"<>", message_id_option); - /* Control does not return here. */ + if (f.running_in_test_harness && !queue_only) + { + if (sender_authentication != NULL) + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 9, + US "-odi", US"-t", US"-oem", US"-oi", US"-f", sender, US"-oMas", + sender_authentication, message_id_option); + else + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 7, + US "-odi", US"-t", US"-oem", US"-oi", US"-f", sender, + message_id_option); + /* Control does not return here. */ + } + else /* Not test harness */ + { + if (sender_authentication != NULL) + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 8, + US"-t", US"-oem", US"-oi", US"-f", sender, US"-oMas", + sender_authentication, message_id_option); + else + child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 6, + US"-t", US"-oem", US"-oi", US"-f", sender, message_id_option); + /* Control does not return here. */ + } } /* Parent process. Save fork() errno and close the reading end of the stdin pipe. */ save_errno = errno; -close(pfd[pipe_read]); +(void)close(pfd[pipe_read]); /* Fork succeeded */ @@ -229,11 +290,11 @@ if (pid > 0) /* Fork failed */ -close(pfd[pipe_write]); +(void)close(pfd[pipe_write]); errno = save_errno; return (pid_t)(-1); } - +#endif /* STAND_ALONE */ @@ -247,7 +308,9 @@ them to the caller. The standard error is cloned to the output. If there are any file descriptors "in the way" in the new process, they are closed. A new umask is supplied for the process, and an optional new uid and gid are also available. These are used by the queryprogram router to set an unprivileged id. -The function returns the pid of the new process, or -1 if things go wrong. +SIGUSR1 is always disabled in the new process, as it is not going to be running +Exim (the function child_open_exim() is provided for that). This function +returns the pid of the new process, or -1 if things go wrong. Arguments: argv the argv for exec in the new process @@ -266,8 +329,9 @@ Returns: the pid of the created process or -1 if anything has gone wrong */ pid_t -child_open_uid(uschar **argv, uschar **envp, int newumask, uid_t *newuid, - gid_t *newgid, int *infdptr, int *outfdptr, uschar *wd, BOOL make_leader) +child_open_uid(const uschar **argv, const uschar **envp, int newumask, + uid_t *newuid, gid_t *newgid, int *infdptr, int *outfdptr, uschar *wd, + BOOL make_leader) { int save_errno; int inpfd[2], outpfd[2]; @@ -278,8 +342,8 @@ pid_t pid; if (pipe(inpfd) != 0) return (pid_t)(-1); if (pipe(outpfd) != 0) { - close(inpfd[pipe_read]); - close(inpfd[pipe_write]); + (void)close(inpfd[pipe_read]); + (void)close(inpfd[pipe_write]); return (pid_t)(-1); } @@ -290,48 +354,67 @@ otherwise. Save the old state for resetting on the wait. */ oldsignal = signal(SIGCHLD, SIG_DFL); pid = fork(); -/* The child process becomes a process group leader if requested, and then -organizes the pipes. Any unexpected failure is signalled with EX_EXECFAILED; -these are all "should never occur" failures, except perhaps for exec failing -because the command doesn't exist. */ +/* Handle the child process. First, set the required environment. We must do +this before messing with the pipes, in order to be able to write debugging +output when things go wrong. */ if (pid == 0) { - if (make_leader && setpgid(0,0) < 0) goto CHILD_FAILED; + signal(SIGUSR1, SIG_IGN); + signal(SIGPIPE, SIG_DFL); - close(inpfd[pipe_write]); - force_fd(inpfd[pipe_read], 0); + if (newgid != NULL && setgid(*newgid) < 0) + { + DEBUG(D_any) debug_printf("failed to set gid=%ld in subprocess: %s\n", + (long int)(*newgid), strerror(errno)); + goto CHILD_FAILED; + } - close(outpfd[pipe_read]); - force_fd(outpfd[pipe_write], 1); + if (newuid != NULL && setuid(*newuid) < 0) + { + DEBUG(D_any) debug_printf("failed to set uid=%ld in subprocess: %s\n", + (long int)(*newuid), strerror(errno)); + goto CHILD_FAILED; + } - close(2); - dup2(1, 2); + (void)umask(newumask); - /* Set the required environment. If changing uid, ensure that - SIGUSR1 is ignored, as the process won't have the privilege to - write to the process log. */ + if (wd != NULL && Uchdir(wd) < 0) + { + DEBUG(D_any) debug_printf("failed to chdir to %s: %s\n", wd, + strerror(errno)); + goto CHILD_FAILED; + } - if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED; - if (newuid != NULL) + /* Becomes a process group leader if requested, and then organize the pipes. + Any unexpected failure is signalled with EX_EXECFAILED; these are all "should + never occur" failures, except for exec failing because the command doesn't + exist. */ + + if (make_leader && setpgid(0,0) < 0) { - signal(SIGUSR1, SIG_IGN); - if (setuid(*newuid) < 0) goto CHILD_FAILED; + DEBUG(D_any) debug_printf("failed to set group leader in subprocess: %s\n", + strerror(errno)); + goto CHILD_FAILED; } - (void)umask(newumask); - /* Set the working directory if required */ + (void)close(inpfd[pipe_write]); + force_fd(inpfd[pipe_read], 0); + + (void)close(outpfd[pipe_read]); + force_fd(outpfd[pipe_write], 1); - if (wd != NULL && Uchdir(wd) < 0) goto CHILD_FAILED; + (void)close(2); + (void)dup2(1, 2); /* Now do the exec */ if (envp == NULL) execv(CS argv[0], (char *const *)argv); - else execve(CS argv[0], (char *const *)argv, (char *const *)envp); + else execve(CS argv[0], (char *const *)argv, (char *const *)envp); /* Failed to execv. Signal this failure using EX_EXECFAILED. We are losing the actual errno we got back, because there is no way to return - this. */ + this information. */ CHILD_FAILED: _exit(EX_EXECFAILED); /* Note: must be _exit(), NOT exit() */ @@ -341,8 +424,8 @@ if (pid == 0) stdin pipe, and the writing end of the stdout pipe. */ save_errno = errno; -close(inpfd[pipe_read]); -close(outpfd[pipe_write]); +(void)close(inpfd[pipe_read]); +(void)close(outpfd[pipe_write]); /* Fork succeeded; return the input/output pipes and the pid */ @@ -355,8 +438,8 @@ if (pid > 0) /* Fork failed; reset fork errno before returning */ -close(inpfd[pipe_write]); -close(outpfd[pipe_read]); +(void)close(inpfd[pipe_write]); +(void)close(outpfd[pipe_read]); errno = save_errno; return (pid_t)(-1); } @@ -369,9 +452,9 @@ return (pid_t)(-1); *************************************************/ /* This function is a wrapper for child_open_uid() that doesn't have the uid, -gid, and working directory changing arguments. It is provided so as to have a -clean interface for use from local_scan(), but also saves writing NULL -arguments in other calls. +gid and working directory changing arguments. The function is provided so as to +have a clean interface for use from local_scan(), but also saves writing NULL +arguments several calls that would otherwise use child_open_uid(). Arguments: argv the argv for exec in the new process @@ -390,8 +473,8 @@ pid_t child_open(uschar **argv, uschar **envp, int newumask, int *infdptr, int *outfdptr, BOOL make_leader) { -return child_open_uid(argv, envp, newumask, NULL, NULL, infdptr, outfdptr, - NULL, make_leader); +return child_open_uid(CUSS argv, CUSS envp, newumask, NULL, NULL, + infdptr, outfdptr, NULL, make_leader); } @@ -424,7 +507,7 @@ int yield; if (timeout > 0) { sigalrm_seen = FALSE; - alarm(timeout); + ALARM(timeout); } for(;;) @@ -434,18 +517,23 @@ for(;;) if (rc == pid) { int lowbyte = status & 255; - if (lowbyte == 0) yield = (status >> 8) & 255; - else yield = -lowbyte; + yield = lowbyte == 0 ? (status >> 8) & 255 : -lowbyte; break; } if (rc < 0) { - yield = (errno == EINTR && sigalrm_seen)? -256 : -257; + /* This "shouldn't happen" test does happen on MacOS: for some reason + I do not understand we seems to get an alarm signal despite not having + an active alarm set. There seems to be only one, so just go round again. */ + + if (errno == EINTR && sigalrm_seen && timeout <= 0) continue; + + yield = (errno == EINTR && sigalrm_seen) ? -256 : -257; break; } } -if (timeout > 0) alarm(0); +if (timeout > 0) ALARM_CLR(0); signal(SIGCHLD, oldsignal); /* restore */ return yield;