X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d7d7b7b91dd75cec636fc144da7e27eed860f971..803628d5b0b175dfa78f0b19b35213ace01207b1:/src/src/transports/pipe.c diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index cedce6fd9..e3d01974a 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -1,16 +1,18 @@ -/* $Cambridge: exim/src/src/transports/pipe.c,v 1.9 2006/02/07 11:19:03 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2006 */ +/* Copyright (c) University of Cambridge 1995 - 2015 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" #include "pipe.h" +#ifdef HAVE_SETCLASSRESOURCES +#include +#endif + /* Options specific to the pipe transport. They must be in alphabetic @@ -35,8 +37,12 @@ optionlist pipe_transport_options[] = { (void *)offsetof(pipe_transport_options_block, environment) }, { "escape_string", opt_stringptr, (void *)offsetof(pipe_transport_options_block, escape_string) }, + { "force_command", opt_bool, + (void *)offsetof(pipe_transport_options_block, force_command) }, { "freeze_exec_fail", opt_bool, (void *)offsetof(pipe_transport_options_block, freeze_exec_fail) }, + { "freeze_signal", opt_bool, + (void *)offsetof(pipe_transport_options_block, freeze_signal) }, { "ignore_status", opt_bool, (void *)offsetof(pipe_transport_options_block, ignore_status) }, { "log_defer_output", opt_bool | opt_public, @@ -53,6 +59,8 @@ optionlist pipe_transport_options[] = { (void *)offsetof(pipe_transport_options_block, message_suffix) }, { "path", opt_stringptr, (void *)offsetof(pipe_transport_options_block, path) }, + { "permit_coredump", opt_bool, + (void *)offsetof(pipe_transport_options_block, permit_coredump) }, { "pipe_as_creator", opt_bool | opt_public, (void *)offsetof(transport_instance, deliver_as_creator) }, { "restrict_to_path", opt_bool, @@ -71,6 +79,10 @@ optionlist pipe_transport_options[] = { (void *)offsetof(pipe_transport_options_block, umask) }, { "use_bsmtp", opt_bool, (void *)offsetof(pipe_transport_options_block, use_bsmtp) }, + #ifdef HAVE_SETCLASSRESOURCES + { "use_classresources", opt_bool, + (void *)offsetof(pipe_transport_options_block, use_classresources) }, + #endif { "use_crlf", opt_bool, (void *)offsetof(pipe_transport_options_block, use_crlf) }, { "use_shell", opt_bool, @@ -100,17 +112,94 @@ pipe_transport_options_block pipe_transport_option_defaults = { 20480, /* max_output */ 60*60, /* timeout */ 0, /* options */ + FALSE, /* force_command */ FALSE, /* freeze_exec_fail */ + FALSE, /* freeze_signal */ FALSE, /* ignore_status */ + FALSE, /* permit_coredump */ FALSE, /* restrict_to_path */ FALSE, /* timeout_defer */ FALSE, /* use_shell */ FALSE, /* use_bsmtp */ + FALSE, /* use_classresources */ FALSE /* use_crlf */ }; +/************************************************* +* Setup entry point * +*************************************************/ + +/* Called for each delivery in the privileged state, just before the uid/gid +are changed and the main entry point is called. In a system that supports the +login_cap facilities, this function is used to set the class resource limits +for the user. It may also re-enable coredumps. + +Arguments: + tblock points to the transport instance + addrlist addresses about to be delivered (not used) + dummy not used (doesn't pass back data) + uid the uid that will be set (not used) + gid the gid that will be set (not used) + errmsg where to put an error message + +Returns: OK, FAIL, or DEFER +*/ + +static int +pipe_transport_setup(transport_instance *tblock, address_item *addrlist, + transport_feedback *dummy, uid_t uid, gid_t gid, uschar **errmsg) +{ +pipe_transport_options_block *ob = + (pipe_transport_options_block *)(tblock->options_block); + +addrlist = addrlist; /* Keep compiler happy */ +dummy = dummy; +uid = uid; +gid = gid; +errmsg = errmsg; +ob = ob; + +#ifdef HAVE_SETCLASSRESOURCES +if (ob->use_classresources) + { + struct passwd *pw = getpwuid(uid); + if (pw != NULL) + { + login_cap_t *lc = login_getpwclass(pw); + if (lc != NULL) + { + setclassresources(lc); + login_close(lc); + } + } + } +#endif + +#ifdef RLIMIT_CORE +if (ob->permit_coredump) + { + struct rlimit rl; + rl.rlim_cur = RLIM_INFINITY; + rl.rlim_max = RLIM_INFINITY; + if (setrlimit(RLIMIT_CORE, &rl) < 0) + { +#ifdef SETRLIMIT_NOT_SUPPORTED + if (errno != ENOSYS && errno != ENOTSUP) +#endif + log_write(0, LOG_MAIN, + "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s", + strerror(errno)); + } + } +#endif + +return OK; +} + + + /************************************************* * Initialization entry point * *************************************************/ @@ -125,6 +214,10 @@ pipe_transport_init(transport_instance *tblock) pipe_transport_options_block *ob = (pipe_transport_options_block *)(tblock->options_block); +/* Set up the setup entry point, to be called in the privileged state */ + +tblock->setup = pipe_transport_setup; + /* If pipe_as_creator is set, then uid/gid should not be set. */ if (tblock->deliver_as_creator && (tblock->uid_set || tblock->gid_set || @@ -233,12 +326,12 @@ Returns: TRUE if all went well; otherwise an error will be */ static BOOL -set_up_direct_command(uschar ***argvptr, uschar *cmd, BOOL expand_arguments, - int expand_fail, address_item *addr, uschar *tname, +set_up_direct_command(const uschar ***argvptr, uschar *cmd, + BOOL expand_arguments, int expand_fail, address_item *addr, uschar *tname, pipe_transport_options_block *ob) { BOOL permitted = FALSE; -uschar **argv; +const uschar **argv; uschar buffer[64]; /* Set up "transport " to be put in any error messages, and then @@ -260,11 +353,11 @@ argv = *argvptr; if (ob->allow_commands != NULL) { int sep = 0; - uschar *s, *p; + const uschar *s; + uschar *p; uschar buffer[256]; - s = expand_string(ob->allow_commands); - if (s == NULL) + if (!(s = expand_string(ob->allow_commands))) { addr->transport_return = DEFER; addr->message = string_sprintf("failed to expand string \"%s\" " @@ -272,10 +365,8 @@ if (ob->allow_commands != NULL) return FALSE; } - while ((p = string_nextinlist(&s, &sep, buffer, sizeof(buffer))) != NULL) - { + while ((p = string_nextinlist(&s, &sep, buffer, sizeof(buffer)))) if (Ustrcmp(p, argv[0]) == 0) { permitted = TRUE; break; } - } } /* If permitted is TRUE it means the command was found in the allowed list, and @@ -314,7 +405,7 @@ if (argv[0][0] != '/') { int sep = 0; uschar *p; - uschar *listptr = ob->path; + const uschar *listptr = ob->path; uschar buffer[1024]; while ((p = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))) != NULL) @@ -360,10 +451,10 @@ Returns: TRUE if all went well; otherwise an error will be */ static BOOL -set_up_shell_command(uschar ***argvptr, uschar *cmd, BOOL expand_arguments, - int expand_fail, address_item *addr, uschar *tname) +set_up_shell_command(const uschar ***argvptr, uschar *cmd, + BOOL expand_arguments, int expand_fail, address_item *addr, uschar *tname) { -uschar **argv; +const uschar **argv; *argvptr = argv = store_get((4)*sizeof(uschar *)); @@ -398,11 +489,12 @@ if (expand_arguments) for (ad = addr; ad != NULL; ad = ad->next) { - if (ad != addr) string_cat(s, &size, &offset, US" ", 1); - string_cat(s, &size, &offset, ad->address, Ustrlen(ad->address)); + /*XXX string_append_listele() ? */ + if (ad != addr) s = string_catn(s, &size, &offset, US" ", 1); + s = string_cat(s, &size, &offset, ad->address); } - string_cat(s, &size, &offset, q, Ustrlen(q)); + s = string_cat(s, &size, &offset, q); s[offset] = 0; } @@ -458,11 +550,18 @@ pipe_transport_options_block *ob = int timeout = ob->timeout; BOOL written_ok = FALSE; BOOL expand_arguments; -uschar **argv; +const uschar **argv; uschar *envp[50]; -uschar *envlist = ob->environment; +const uschar *envlist = ob->environment; uschar *cmd, *ss; uschar *eol = (ob->use_crlf)? US"\r\n" : US"\n"; +transport_ctx tctx = { + tblock, + addr, + ob->check_string, + ob->escape_string, + ob->options /* set at initialization time */ +}; DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name); @@ -479,10 +578,21 @@ options. */ if (testflag(addr, af_pfr) && addr->local_part[0] == '|') { - cmd = addr->local_part + 1; - while (isspace(*cmd)) cmd++; - expand_arguments = testflag(addr, af_expand_pipe); - expand_fail = FAIL; + if (ob->force_command) + { + /* Enables expansion of $address_pipe into seperate arguments */ + setflag(addr, af_force_command); + cmd = ob->cmd; + expand_arguments = TRUE; + expand_fail = PANIC; + } + else + { + cmd = addr->local_part + 1; + while (isspace(*cmd)) cmd++; + expand_arguments = testflag(addr, af_expand_pipe); + expand_fail = FAIL; + } } else { @@ -491,9 +601,12 @@ else expand_fail = PANIC; } -/* If no command has been supplied, we are in trouble. */ +/* If no command has been supplied, we are in trouble. + * We also check for an empty string since it may be + * coming from addr->local_part[0] == '|' + */ -if (cmd == NULL) +if (cmd == NULL || *cmd == '\0') { addr->transport_return = DEFER; addr->message = string_sprintf("no command specified for %s transport", @@ -562,9 +675,9 @@ else if (timezone_string != NULL && timezone_string[0] != 0) /* Add any requested items */ -if (envlist != NULL) +if (envlist) { - envlist = expand_string(envlist); + envlist = expand_cstring(envlist); if (envlist == NULL) { addr->transport_return = DEFER; @@ -622,7 +735,7 @@ reading of the output pipe. */ uid/gid and current directory. Request that the new process be a process group leader, so we can kill it and all its children on a timeout. */ -if ((pid = child_open(argv, envp, ob->umask, &fd_in, &fd_out, TRUE)) < 0) +if ((pid = child_open(USS argv, envp, ob->umask, &fd_in, &fd_out, TRUE)) < 0) { addr->transport_return = DEFER; addr->message = string_sprintf( @@ -659,14 +772,19 @@ if (outpid == 0) while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0) { if (addr->return_file >= 0) - write(addr->return_file, big_buffer, rc); + if(write(addr->return_file, big_buffer, rc) != rc) + DEBUG(D_transport) debug_printf("Problem writing to return_file\n"); count += rc; if (count > ob->max_output) { - uschar *message = US"\n\n*** Too much output - remainder discarded ***\n"; DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n"); if (addr->return_file >= 0) - write(addr->return_file, message, Ustrlen(message)); + { + uschar *message = US"\n\n*** Too much output - remainder discarded ***\n"; + rc = Ustrlen(message); + if(write(addr->return_file, message, rc) != rc) + DEBUG(D_transport) debug_printf("Problem writing to return_file\n"); + } killpg(pid, SIGKILL); break; } @@ -731,23 +849,19 @@ if (ob->use_bsmtp) if (!transport_write_string(fd_in, "MAIL FROM:<%s>%s", return_path, eol)) goto END_WRITE; - for (a = addr; a != NULL; a = a->next) - { + for (a = addr; a; a = a->next) if (!transport_write_string(fd_in, "RCPT TO:<%s>%s", transport_rcpt_address(a, tblock->rcpt_include_affixes), eol)) goto END_WRITE; - } if (!transport_write_string(fd_in, "DATA%s", eol)) goto END_WRITE; } -/* Now the actual message - the options were set at initialization time */ +/* Now the actual message */ -if (!transport_write_message(addr, fd_in, ob->options, 0, tblock->add_headers, - tblock->remove_headers, ob->check_string, ob->escape_string, - tblock->rewrite_rules, tblock->rewrite_existflags)) +if (!transport_write_message(fd_in, &tctx, 0)) goto END_WRITE; /* Now any configured suffix */ @@ -856,14 +970,35 @@ if ((rc = child_close(pid, timeout)) != 0) "transport: %s%s", tblock->name, strerror(errno), tmsg); } + /* Since the transport_filter timed out we assume it has sent the child process + a malformed or incomplete data stream. Kill off the child process + and prevent checking its exit status as it will has probably exited in error. + This prevents the transport_filter timeout message from getting overwritten + by the exit error which is not the cause of the problem. */ + + else if (transport_filter_timed_out) + { + killpg(pid, SIGKILL); + kill(outpid, SIGKILL); + } + /* Either the process completed, but yielded a non-zero (necessarily positive) status, or the process was terminated by a signal (rc will contain the negation of the signal number). Treat killing by signal as failure unless - status is being ignored. */ + status is being ignored. By default, the message is bounced back, unless + freeze_signal is set, in which case it is frozen instead. */ else if (rc < 0) { - if (!ob->ignore_status) + if (ob->freeze_signal) + { + addr->transport_return = DEFER; + addr->special_action = SPECIAL_FREEZE; + addr->message = string_sprintf("Child process of %s transport (running " + "command \"%s\") was terminated by signal %d (%s)%s", tblock->name, cmd, + -rc, os_strsignal(-rc), tmsg); + } + else if (!ob->ignore_status) { addr->transport_return = FAIL; addr->message = string_sprintf("Child process of %s transport (running " @@ -940,16 +1075,14 @@ if ((rc = child_close(pid, timeout)) != 0) else { - uschar *s = ob->temp_errors; + const uschar *s = ob->temp_errors; uschar *p; uschar buffer[64]; int sep = 0; addr->transport_return = FAIL; - while ((p = string_nextinlist(&s,&sep,buffer,sizeof(buffer))) != NULL) - { + while ((p = string_nextinlist(&s,&sep,buffer,sizeof(buffer)))) if (rc == Uatoi(p)) { addr->transport_return = DEFER; break; } - } } /* Ensure the message contains the expanded command and arguments. This @@ -971,36 +1104,33 @@ if ((rc = child_close(pid, timeout)) != 0) if (*ss != 0) { - addr->message = string_cat(addr->message, &size, &ptr, US" ", 1); - addr->message = string_cat(addr->message, &size, &ptr, - ss, Ustrlen(ss)); + addr->message = string_catn(addr->message, &size, &ptr, US" ", 1); + addr->message = string_cat (addr->message, &size, &ptr, ss); } /* Now add the command and arguments */ - addr->message = string_cat(addr->message, &size, &ptr, + addr->message = string_catn(addr->message, &size, &ptr, US" from command:", 14); for (i = 0; i < sizeof(argv)/sizeof(int *) && argv[i] != NULL; i++) { BOOL quote = FALSE; - addr->message = string_cat(addr->message, &size, &ptr, US" ", 1); + addr->message = string_catn(addr->message, &size, &ptr, US" ", 1); if (Ustrpbrk(argv[i], " \t") != NULL) { quote = TRUE; - addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1); + addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1); } - addr->message = string_cat(addr->message, &size, &ptr, argv[i], - Ustrlen(argv[i])); + addr->message = string_cat(addr->message, &size, &ptr, argv[i]); if (quote) - addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1); + addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1); } /* Add previous filter timeout message, if present. */ - if (*tmsg != 0) - addr->message = string_cat(addr->message, &size, &ptr, tmsg, - Ustrlen(tmsg)); + if (*tmsg) + addr->message = string_cat(addr->message, &size, &ptr, tmsg); addr->message[ptr] = 0; /* Ensure concatenated string terminated */ }