diff options
Diffstat (limited to 'src/postlock/postlock.c')
| -rw-r--r-- | src/postlock/postlock.c | 282 |
1 files changed, 282 insertions, 0 deletions
diff --git a/src/postlock/postlock.c b/src/postlock/postlock.c new file mode 100644 index 0000000..a05d11e --- /dev/null +++ b/src/postlock/postlock.c @@ -0,0 +1,282 @@ +/*++ +/* NAME +/* postlock 1 +/* SUMMARY +/* lock mail folder and execute command +/* SYNOPSIS +/* .fi +/* \fBpostlock\fR [\fB-c \fIconfig_dir\fR] [\fB-l \fIlock_style\fR] +/* [\fB-v\fR] \fIfile command...\fR +/* DESCRIPTION +/* The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive +/* access, and executes \fIcommand\fR. The locking method is +/* compatible with the Postfix UNIX-style local delivery agent. +/* +/* Options: +/* .IP "\fB-c \fIconfig_dir\fR" +/* Read the \fBmain.cf\fR configuration file in the named directory +/* instead of the default configuration directory. +/* .IP "\fB-l \fIlock_style\fR" +/* Override the locking method specified via the +/* \fBmailbox_delivery_lock\fR configuration parameter (see below). +/* .IP \fB-v\fR +/* Enable verbose logging for debugging purposes. Multiple \fB-v\fR +/* options make the software increasingly verbose. +/* .PP +/* Arguments: +/* .IP \fIfile\fR +/* A mailbox file. The user should have read/write permission. +/* .IP \fIcommand...\fR +/* The command to execute while \fIfile\fR is locked for exclusive +/* access. The command is executed directly, i.e. without +/* interpretation by a shell command interpreter. +/* DIAGNOSTICS +/* The result status is 75 (EX_TEMPFAIL) when \fBpostlock\fR(1) +/* could not perform the requested operation. Otherwise, the +/* exit status is the exit status from the command. +/* BUGS +/* With remote file systems, the ability to acquire a lock does not +/* necessarily eliminate access conflicts. Avoid file access by +/* processes running on different machines. +/* ENVIRONMENT +/* .ad +/* .fi +/* .IP \fBMAIL_CONFIG\fR +/* Directory with Postfix configuration files. +/* .IP \fBMAIL_VERBOSE\fR +/* Enable verbose logging for debugging purposes. +/* CONFIGURATION PARAMETERS +/* .ad +/* .fi +/* The following \fBmain.cf\fR parameters are especially relevant to +/* this program. +/* The text below provides only a parameter summary. See +/* \fBpostconf\fR(5) for more details including examples. +/* LOCKING CONTROLS +/* .ad +/* .fi +/* .IP "\fBdeliver_lock_attempts (20)\fR" +/* The maximal number of attempts to acquire an exclusive lock on a +/* mailbox file or \fBbounce\fR(8) logfile. +/* .IP "\fBdeliver_lock_delay (1s)\fR" +/* The time between attempts to acquire an exclusive lock on a mailbox +/* file or \fBbounce\fR(8) logfile. +/* .IP "\fBstale_lock_time (500s)\fR" +/* The time after which a stale exclusive mailbox lockfile is removed. +/* .IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" +/* How to lock a UNIX-style \fBlocal\fR(8) mailbox before attempting delivery. +/* RESOURCE AND RATE CONTROLS +/* .ad +/* .fi +/* .IP "\fBfork_attempts (5)\fR" +/* The maximal number of attempts to fork() a child process. +/* .IP "\fBfork_delay (1s)\fR" +/* The delay between attempts to fork() a child process. +/* MISCELLANEOUS CONTROLS +/* .ad +/* .fi +/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" +/* The default location of the Postfix main.cf and master.cf +/* configuration files. +/* .IP "\fBimport_environment (see 'postconf -d' output)\fR" +/* The list of environment parameters that a privileged Postfix +/* process will import from a non-Postfix parent process, or name=value +/* environment overrides. +/* SEE ALSO +/* postconf(5), configuration parameters +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> + +/* Utility library. */ + +#include <msg.h> +#include <vstring.h> +#include <vstream.h> +#include <msg_vstream.h> +#include <iostuff.h> +#include <warn_stat.h> +#include <clean_env.h> + +/* Global library. */ + +#include <mail_params.h> +#include <mail_version.h> +#include <dot_lockfile.h> +#include <deliver_flock.h> +#include <mail_conf.h> +#include <sys_exits.h> +#include <mbox_conf.h> +#include <mbox_open.h> +#include <dsn_util.h> +#include <mail_parm_split.h> + +/* Application-specific. */ + +/* usage - explain */ + +static NORETURN usage(char *myname) +{ + msg_fatal("usage: %s [-c config_dir] [-l lock_style] [-v] folder command...", myname); +} + +/* fatal_exit - all failures are deemed recoverable */ + +static void fatal_exit(void) +{ + exit(EX_TEMPFAIL); +} + +MAIL_VERSION_STAMP_DECLARE; + +/* main - go for it */ + +int main(int argc, char **argv) +{ + DSN_BUF *why; + char *folder; + char **command; + int ch; + int fd; + struct stat st; + int count; + WAIT_STATUS_T status; + pid_t pid; + int lock_mask; + char *lock_style = 0; + MBOX *mp; + ARGV *import_env; + + /* + * Fingerprint executables and core dumps. + */ + MAIL_VERSION_STAMP_ALLOCATE; + + /* + * Be consistent with file permissions. + */ + umask(022); + + /* + * To minimize confusion, make sure that the standard file descriptors + * are open before opening anything else. XXX Work around for 44BSD where + * fstat can return EBADF on an open file descriptor. + */ + for (fd = 0; fd < 3; fd++) + if (fstat(fd, &st) == -1 + && (close(fd), open("/dev/null", O_RDWR, 0)) != fd) + msg_fatal("open /dev/null: %m"); + + /* + * Process environment options as early as we can. We are not set-uid, + * and we are supposed to be running in a controlled environment. + */ + if (getenv(CONF_ENV_VERB)) + msg_verbose = 1; + + /* + * Set up logging and error handling. Intercept fatal exits so we can + * return a distinguished exit status. + */ + msg_vstream_init(argv[0], VSTREAM_ERR); + msg_cleanup(fatal_exit); + + /* + * Check the Postfix library version as soon as we enable logging. + */ + MAIL_VERSION_CHECK; + + /* + * Parse JCL. + */ + while ((ch = GETOPT(argc, argv, "c:l:v")) > 0) { + switch (ch) { + default: + usage(argv[0]); + break; + case 'c': + if (setenv(CONF_ENV_PATH, optarg, 1) < 0) + msg_fatal("out of memory"); + break; + case 'l': + lock_style = optarg; + break; + case 'v': + msg_verbose++; + break; + } + } + if (optind + 2 > argc) + usage(argv[0]); + folder = argv[optind]; + command = argv + optind + 1; + + /* + * Read the config file. The command line lock style can override the + * configured lock style. + */ + mail_conf_read(); + /* Enforce consistent operation of different Postfix parts. */ + import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ); + update_env(import_env->argv); + argv_free(import_env); + lock_mask = mbox_lock_mask(lock_style ? lock_style : + get_mail_conf_str(VAR_MAILBOX_LOCK, DEF_MAILBOX_LOCK, 1, 0)); + + /* + * Lock the folder for exclusive access. Lose the lock upon exit. The + * command is not supposed to disappear into the background. + */ + why = dsb_create(); + if ((mp = mbox_open(folder, O_APPEND | O_WRONLY | O_CREAT, + S_IRUSR | S_IWUSR, (struct stat *) 0, + -1, -1, lock_mask, "5.2.0", why)) == 0) + msg_fatal("open file %s: %s", folder, vstring_str(why->reason)); + dsb_free(why); + + /* + * Run the command. Remove the lock after completion. + */ + for (count = 1; (pid = fork()) == -1; count++) { + msg_warn("fork %s: %m", command[0]); + if (count >= var_fork_tries) { + mbox_release(mp); + exit(EX_TEMPFAIL); + } + sleep(var_fork_delay); + } + switch (pid) { + case 0: + (void) msg_cleanup((MSG_CLEANUP_FN) 0); + execvp(command[0], command); + msg_fatal("execvp %s: %m", command[0]); + default: + if (waitpid(pid, &status, 0) < 0) + msg_fatal("waitpid: %m"); + vstream_fclose(mp->fp); + mbox_release(mp); + exit(WIFEXITED(status) ? WEXITSTATUS(status) : 1); + } +} |