1 /* $NetBSD: trigger_server.c,v 1.3 2020/03/18 19:05:16 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* trigger_server 3 6 /* SUMMARY 7 /* skeleton triggered mail subsystem 8 /* SYNOPSIS 9 /* #include <mail_server.h> 10 /* 11 /* NORETURN trigger_server_main(argc, argv, service, key, value, ...) 12 /* int argc; 13 /* char **argv; 14 /* void (*service)(char *buf, int len, char *service_name, char **argv); 15 /* int key; 16 /* DESCRIPTION 17 /* This module implements a skeleton for triggered 18 /* mail subsystems: mail subsystem programs that wake up on 19 /* client request and perform some activity without further 20 /* client interaction. This module supports local IPC via FIFOs 21 /* and via UNIX-domain sockets. The resulting program expects to be 22 /* run from the \fBmaster\fR process. 23 /* 24 /* trigger_server_main() is the skeleton entry point. It should be 25 /* called from the application main program. The skeleton does the 26 /* generic command-line options processing, initialization of 27 /* configurable parameters, and connection management. 28 /* The skeleton never returns. 29 /* 30 /* Arguments: 31 /* .IP "void (*service)(char *buf, int len, char *service_name, char **argv)" 32 /* A pointer to a function that is called by the skeleton each time 33 /* a client connects to the program's service port. The function is 34 /* run after the program has irrevocably dropped its privileges. 35 /* The buffer argument specifies the data read from the trigger port; 36 /* this data corresponds to one or more trigger requests. 37 /* The len argument specifies how much client data is available. 38 /* The maximal size of the buffer is specified via the 39 /* TRIGGER_BUF_SIZE manifest constant. 40 /* The service name argument corresponds to the service name in the 41 /* master.cf file. 42 /* The argv argument specifies command-line arguments left over 43 /* after options processing. 44 /* The \fBserver\fR argument provides the following information: 45 /* .PP 46 /* Optional arguments are specified as a null-terminated list 47 /* with macros that have zero or more arguments: 48 /* .IP "CA_MAIL_SERVER_INT_TABLE(CONFIG_INT_TABLE *)" 49 /* A table with configurable parameters, to be loaded from the 50 /* global Postfix configuration file. Tables are loaded in the 51 /* order as specified, and multiple instances of the same type 52 /* are allowed. 53 /* .IP "CA_MAIL_SERVER_LONG_TABLE(CONFIG_LONG_TABLE *)" 54 /* A table with configurable parameters, to be loaded from the 55 /* global Postfix configuration file. Tables are loaded in the 56 /* order as specified, and multiple instances of the same type 57 /* are allowed. 58 /* .IP "CA_MAIL_SERVER_STR_TABLE(CONFIG_STR_TABLE *)" 59 /* A table with configurable parameters, to be loaded from the 60 /* global Postfix configuration file. Tables are loaded in the 61 /* order as specified, and multiple instances of the same type 62 /* are allowed. 63 /* .IP "CA_MAIL_SERVER_BOOL_TABLE(CONFIG_BOOL_TABLE *)" 64 /* A table with configurable parameters, to be loaded from the 65 /* global Postfix configuration file. Tables are loaded in the 66 /* order as specified, and multiple instances of the same type 67 /* are allowed. 68 /* .IP "CA_MAIL_SERVER_TIME_TABLE(CONFIG_TIME_TABLE *)" 69 /* A table with configurable parameters, to be loaded from the 70 /* global Postfix configuration file. Tables are loaded in the 71 /* order as specified, and multiple instances of the same type 72 /* are allowed. 73 /* .IP "CA_MAIL_SERVER_RAW_TABLE(CONFIG_RAW_TABLE *)" 74 /* A table with configurable parameters, to be loaded from the 75 /* global Postfix configuration file. Tables are loaded in the 76 /* order as specified, and multiple instances of the same type 77 /* are allowed. Raw parameters are not subjected to $name 78 /* evaluation. 79 /* .IP "CA_MAIL_SERVER_NINT_TABLE(CONFIG_NINT_TABLE *)" 80 /* A table with configurable parameters, to be loaded from the 81 /* global Postfix configuration file. Tables are loaded in the 82 /* order as specified, and multiple instances of the same type 83 /* are allowed. 84 /* .IP "CA_MAIL_SERVER_NBOOL_TABLE(CONFIG_NBOOL_TABLE *)" 85 /* A table with configurable parameters, to be loaded from the 86 /* global Postfix configuration file. Tables are loaded in the 87 /* order as specified, and multiple instances of the same type 88 /* are allowed. 89 /* .IP "CA_MAIL_SERVER_PRE_INIT(void *(char *service_name, char **argv))" 90 /* A pointer to a function that is called once 91 /* by the skeleton after it has read the global configuration file 92 /* and after it has processed command-line arguments, but before 93 /* the skeleton has optionally relinquished the process privileges. 94 /* .sp 95 /* Only the last instance of this parameter type is remembered. 96 /* .IP "CA_MAIL_SERVER_POST_INIT(void *(char *service_name, char **argv))" 97 /* A pointer to a function that is called once 98 /* by the skeleton after it has optionally relinquished the process 99 /* privileges, but before servicing client connection requests. 100 /* .sp 101 /* Only the last instance of this parameter type is remembered. 102 /* .IP "CA_MAIL_SERVER_LOOP(int *(char *service_name, char **argv))" 103 /* A pointer to function that is executed from 104 /* within the event loop, whenever an I/O or timer event has happened, 105 /* or whenever nothing has happened for a specified amount of time. 106 /* The result value of the function specifies how long to wait until 107 /* the next event. Specify -1 to wait for "as long as it takes". 108 /* .sp 109 /* Only the last instance of this parameter type is remembered. 110 /* .IP "CA_MAIL_SERVER_EXIT(void *(char *service_name, char **argv))" 111 /* A pointer to function that is executed immediately before normal 112 /* process termination. 113 /* .sp 114 /* Only the last instance of this parameter type is remembered. 115 /* .IP "CA_MAIL_SERVER_PRE_ACCEPT(void *(char *service_name, char **argv))" 116 /* Function to be executed prior to accepting a new request. 117 /* .sp 118 /* Only the last instance of this parameter type is remembered. 119 /* .IP "CA_MAIL_SERVER_IN_FLOW_DELAY(none)" 120 /* Pause $in_flow_delay seconds when no "mail flow control token" 121 /* is available. A token is consumed for each connection request. 122 /* .IP CA_MAIL_SERVER_SOLITARY 123 /* This service must be configured with process limit of 1. 124 /* .IP CA_MAIL_SERVER_UNLIMITED 125 /* This service must be configured with process limit of 0. 126 /* .IP CA_MAIL_SERVER_PRIVILEGED 127 /* This service must be configured as privileged. 128 /* .IP "CA_MAIL_SERVER_WATCHDOG(int *)" 129 /* Override the default 1000s watchdog timeout. The value is 130 /* used after command-line and main.cf file processing. 131 /* .IP "CA_MAIL_SERVER_BOUNCE_INIT(const char *, const char **)" 132 /* Initialize the DSN filter for the bounce/defer service 133 /* clients with the specified map source and map names. 134 /* .PP 135 /* The var_use_limit variable limits the number of clients that 136 /* a server can service before it commits suicide. 137 /* This value is taken from the global \fBmain.cf\fR configuration 138 /* file. Setting \fBvar_use_limit\fR to zero disables the client limit. 139 /* 140 /* The var_idle_limit variable limits the time that a service 141 /* receives no client connection requests before it commits suicide. 142 /* This value is taken from the global \fBmain.cf\fR configuration 143 /* file. Setting \fBvar_use_limit\fR to zero disables the idle limit. 144 /* DIAGNOSTICS 145 /* Problems and transactions are logged to \fBsyslogd\fR(8) 146 /* or \fBpostlogd\fR(8). 147 /* BUGS 148 /* Works with FIFO-based services only. 149 /* SEE ALSO 150 /* master(8), master process 151 /* postlogd(8), Postfix logging 152 /* syslogd(8), system logging 153 /* LICENSE 154 /* .ad 155 /* .fi 156 /* The Secure Mailer license must be distributed with this software. 157 /* AUTHOR(S) 158 /* Wietse Venema 159 /* IBM T.J. Watson Research 160 /* P.O. Box 704 161 /* Yorktown Heights, NY 10598, USA 162 /* 163 /* Wietse Venema 164 /* Google, Inc. 165 /* 111 8th Avenue 166 /* New York, NY 10011, USA 167 /*--*/ 168 169 /* System library. */ 170 171 #include <sys_defs.h> 172 #include <sys/socket.h> 173 #include <unistd.h> 174 #include <signal.h> 175 #include <stdlib.h> 176 #include <limits.h> 177 #include <string.h> 178 #include <errno.h> 179 #include <fcntl.h> 180 #include <stdarg.h> 181 #ifdef STRCASECMP_IN_STRINGS_H 182 #include <strings.h> 183 #endif 184 #include <time.h> 185 186 /* Utility library. */ 187 188 #include <msg.h> 189 #include <msg_vstream.h> 190 #include <chroot_uid.h> 191 #include <vstring.h> 192 #include <vstream.h> 193 #include <msg_vstream.h> 194 #include <mymalloc.h> 195 #include <events.h> 196 #include <iostuff.h> 197 #include <stringops.h> 198 #include <sane_accept.h> 199 #include <myflock.h> 200 #include <safe_open.h> 201 #include <listen.h> 202 #include <watchdog.h> 203 #include <split_at.h> 204 205 /* Global library. */ 206 207 #include <mail_params.h> 208 #include <mail_task.h> 209 #include <debug_process.h> 210 #include <mail_conf.h> 211 #include <mail_dict.h> 212 #include <resolve_local.h> 213 #include <mail_flow.h> 214 #include <mail_version.h> 215 #include <bounce.h> 216 #include <maillog_client.h> 217 218 /* Process manager. */ 219 220 #include "master_proto.h" 221 222 /* Application-specific */ 223 224 #include "mail_server.h" 225 226 /* 227 * Global state. 228 */ 229 static int use_count; 230 231 static TRIGGER_SERVER_FN trigger_server_service; 232 static char *trigger_server_name; 233 static char **trigger_server_argv; 234 static void (*trigger_server_accept) (int, void *); 235 static void (*trigger_server_onexit) (char *, char **); 236 static void (*trigger_server_pre_accept) (char *, char **); 237 static VSTREAM *trigger_server_lock; 238 static int trigger_server_in_flow_delay; 239 static unsigned trigger_server_generation; 240 static int trigger_server_watchdog = 1000; 241 242 /* trigger_server_exit - normal termination */ 243 244 static NORETURN trigger_server_exit(void) 245 { 246 if (trigger_server_onexit) 247 trigger_server_onexit(trigger_server_name, trigger_server_argv); 248 exit(0); 249 } 250 251 /* trigger_server_abort - terminate after abnormal master exit */ 252 253 static void trigger_server_abort(int unused_event, void *unused_context) 254 { 255 if (msg_verbose) 256 msg_info("master disconnect -- exiting"); 257 trigger_server_exit(); 258 } 259 260 /* trigger_server_timeout - idle time exceeded */ 261 262 static void trigger_server_timeout(int unused_event, void *unused_context) 263 { 264 if (msg_verbose) 265 msg_info("idle timeout -- exiting"); 266 trigger_server_exit(); 267 } 268 269 /* trigger_server_wakeup - wake up application */ 270 271 static void trigger_server_wakeup(int fd) 272 { 273 char buf[TRIGGER_BUF_SIZE]; 274 ssize_t len; 275 276 /* 277 * Commit suicide when the master process disconnected from us. Don't 278 * drop the already accepted client request after "postfix reload"; that 279 * would be rude. 280 */ 281 if (master_notify(var_pid, trigger_server_generation, MASTER_STAT_TAKEN) < 0) 282 /* void */ ; 283 if (trigger_server_in_flow_delay && mail_flow_get(1) < 0) 284 doze(var_in_flow_delay * 1000000); 285 if ((len = read(fd, buf, sizeof(buf))) >= 0) 286 trigger_server_service(buf, len, trigger_server_name, 287 trigger_server_argv); 288 if (master_notify(var_pid, trigger_server_generation, MASTER_STAT_AVAIL) < 0) 289 trigger_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT); 290 if (var_idle_limit > 0) 291 event_request_timer(trigger_server_timeout, (void *) 0, var_idle_limit); 292 /* Avoid integer wrap-around in a persistent process. */ 293 if (use_count < INT_MAX) 294 use_count++; 295 } 296 297 /* trigger_server_accept_fifo - accept fifo client request */ 298 299 static void trigger_server_accept_fifo(int unused_event, void *context) 300 { 301 const char *myname = "trigger_server_accept_fifo"; 302 int listen_fd = CAST_ANY_PTR_TO_INT(context); 303 304 if (trigger_server_lock != 0 305 && myflock(vstream_fileno(trigger_server_lock), INTERNAL_LOCK, 306 MYFLOCK_OP_NONE) < 0) 307 msg_fatal("select unlock: %m"); 308 309 if (msg_verbose) 310 msg_info("%s: trigger arrived", myname); 311 312 /* 313 * Read whatever the other side wrote into the FIFO. The FIFO read end is 314 * non-blocking so we won't get stuck when multiple processes wake up. 315 */ 316 if (trigger_server_pre_accept) 317 trigger_server_pre_accept(trigger_server_name, trigger_server_argv); 318 trigger_server_wakeup(listen_fd); 319 } 320 321 /* trigger_server_accept_local - accept socket client request */ 322 323 static void trigger_server_accept_local(int unused_event, void *context) 324 { 325 const char *myname = "trigger_server_accept_local"; 326 int listen_fd = CAST_ANY_PTR_TO_INT(context); 327 int time_left = 0; 328 int fd; 329 330 if (msg_verbose) 331 msg_info("%s: trigger arrived", myname); 332 333 /* 334 * Read a message from a socket. Be prepared for accept() to fail because 335 * some other process already got the connection. The socket is 336 * non-blocking so we won't get stuck when multiple processes wake up. 337 * Don't get stuck when the client connects but sends no data. Restart 338 * the idle timer if this was a false alarm. 339 */ 340 if (var_idle_limit > 0) 341 time_left = event_cancel_timer(trigger_server_timeout, (void *) 0); 342 343 if (trigger_server_pre_accept) 344 trigger_server_pre_accept(trigger_server_name, trigger_server_argv); 345 fd = LOCAL_ACCEPT(listen_fd); 346 if (trigger_server_lock != 0 347 && myflock(vstream_fileno(trigger_server_lock), INTERNAL_LOCK, 348 MYFLOCK_OP_NONE) < 0) 349 msg_fatal("select unlock: %m"); 350 if (fd < 0) { 351 if (errno != EAGAIN) 352 msg_error("accept connection: %m"); 353 if (time_left >= 0) 354 event_request_timer(trigger_server_timeout, (void *) 0, time_left); 355 return; 356 } 357 close_on_exec(fd, CLOSE_ON_EXEC); 358 if (read_wait(fd, 10) == 0) 359 trigger_server_wakeup(fd); 360 else if (time_left >= 0) 361 event_request_timer(trigger_server_timeout, (void *) 0, time_left); 362 close(fd); 363 } 364 365 #ifdef MASTER_XPORT_NAME_PASS 366 367 /* trigger_server_accept_pass - accept descriptor */ 368 369 static void trigger_server_accept_pass(int unused_event, void *context) 370 { 371 const char *myname = "trigger_server_accept_pass"; 372 int listen_fd = CAST_ANY_PTR_TO_INT(context); 373 int time_left = 0; 374 int fd; 375 376 if (msg_verbose) 377 msg_info("%s: trigger arrived", myname); 378 379 /* 380 * Read a message from a socket. Be prepared for accept() to fail because 381 * some other process already got the connection. The socket is 382 * non-blocking so we won't get stuck when multiple processes wake up. 383 * Don't get stuck when the client connects but sends no data. Restart 384 * the idle timer if this was a false alarm. 385 */ 386 if (var_idle_limit > 0) 387 time_left = event_cancel_timer(trigger_server_timeout, (void *) 0); 388 389 if (trigger_server_pre_accept) 390 trigger_server_pre_accept(trigger_server_name, trigger_server_argv); 391 fd = pass_accept(listen_fd); 392 if (trigger_server_lock != 0 393 && myflock(vstream_fileno(trigger_server_lock), INTERNAL_LOCK, 394 MYFLOCK_OP_NONE) < 0) 395 msg_fatal("select unlock: %m"); 396 if (fd < 0) { 397 if (errno != EAGAIN) 398 msg_error("accept connection: %m"); 399 if (time_left >= 0) 400 event_request_timer(trigger_server_timeout, (void *) 0, time_left); 401 return; 402 } 403 close_on_exec(fd, CLOSE_ON_EXEC); 404 if (read_wait(fd, 10) == 0) 405 trigger_server_wakeup(fd); 406 else if (time_left >= 0) 407 event_request_timer(trigger_server_timeout, (void *) 0, time_left); 408 close(fd); 409 } 410 411 #endif 412 413 /* trigger_server_main - the real main program */ 414 415 NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,...) 416 { 417 const char *myname = "trigger_server_main"; 418 char *root_dir = 0; 419 char *user_name = 0; 420 int debug_me = 0; 421 int daemon_mode = 1; 422 char *service_name = basename(argv[0]); 423 VSTREAM *stream = 0; 424 int delay; 425 int c; 426 int socket_count = 1; 427 int fd; 428 va_list ap; 429 MAIL_SERVER_INIT_FN pre_init = 0; 430 MAIL_SERVER_INIT_FN post_init = 0; 431 MAIL_SERVER_LOOP_FN loop = 0; 432 int key; 433 char buf[TRIGGER_BUF_SIZE]; 434 ssize_t len; 435 char *transport = 0; 436 char *lock_path; 437 VSTRING *why; 438 int alone = 0; 439 int zerolimit = 0; 440 WATCHDOG *watchdog; 441 char *oname_val; 442 char *oname; 443 char *oval; 444 const char *err; 445 char *generation; 446 int msg_vstream_needed = 0; 447 const char *dsn_filter_title; 448 const char **dsn_filter_maps; 449 450 /* 451 * Process environment options as early as we can. 452 */ 453 if (getenv(CONF_ENV_VERB)) 454 msg_verbose = 1; 455 if (getenv(CONF_ENV_DEBUG)) 456 debug_me = 1; 457 458 /* 459 * Don't die when a process goes away unexpectedly. 460 */ 461 signal(SIGPIPE, SIG_IGN); 462 463 /* 464 * Don't die for frivolous reasons. 465 */ 466 #ifdef SIGXFSZ 467 signal(SIGXFSZ, SIG_IGN); 468 #endif 469 470 /* 471 * May need this every now and then. 472 */ 473 var_procname = mystrdup(basename(argv[0])); 474 set_mail_conf_str(VAR_PROCNAME, var_procname); 475 476 /* 477 * Initialize logging and exit handler. Do the syslog first, so that its 478 * initialization completes before we enter the optional chroot jail. 479 */ 480 maillog_client_init(mail_task(var_procname), MAILLOG_CLIENT_FLAG_NONE); 481 if (msg_verbose) 482 msg_info("daemon started"); 483 484 /* 485 * Check the Postfix library version as soon as we enable logging. 486 */ 487 MAIL_VERSION_CHECK; 488 489 /* 490 * Initialize from the configuration file. Allow command-line options to 491 * override compiled-in defaults or configured parameter values. 492 */ 493 mail_conf_suck(); 494 495 /* 496 * After database open error, continue execution with reduced 497 * functionality. 498 */ 499 dict_allow_surrogate = 1; 500 501 /* 502 * Pick up policy settings from master process. Shut up error messages to 503 * stderr, because no-one is going to see them. 504 */ 505 opterr = 0; 506 while ((c = GETOPT(argc, argv, "cdDi:lm:n:o:s:St:uvVz")) > 0) { 507 switch (c) { 508 case 'c': 509 root_dir = "setme"; 510 break; 511 case 'd': 512 daemon_mode = 0; 513 break; 514 case 'D': 515 debug_me = 1; 516 break; 517 case 'i': 518 mail_conf_update(VAR_MAX_IDLE, optarg); 519 break; 520 case 'l': 521 alone = 1; 522 break; 523 case 'm': 524 mail_conf_update(VAR_MAX_USE, optarg); 525 break; 526 case 'n': 527 service_name = optarg; 528 break; 529 case 'o': 530 oname_val = mystrdup(optarg); 531 if ((err = split_nameval(oname_val, &oname, &oval)) != 0) 532 msg_fatal("invalid \"-o %s\" option value: %s", optarg, err); 533 mail_conf_update(oname, oval); 534 myfree(oname_val); 535 break; 536 case 's': 537 if ((socket_count = atoi(optarg)) <= 0) 538 msg_fatal("invalid socket_count: %s", optarg); 539 break; 540 case 'S': 541 stream = VSTREAM_IN; 542 break; 543 case 't': 544 transport = optarg; 545 break; 546 case 'u': 547 user_name = "setme"; 548 break; 549 case 'v': 550 msg_verbose++; 551 break; 552 case 'V': 553 if (++msg_vstream_needed == 1) 554 msg_vstream_init(mail_task(var_procname), VSTREAM_ERR); 555 break; 556 case 'z': 557 zerolimit = 1; 558 break; 559 default: 560 msg_fatal("invalid option: %c", optopt); 561 break; 562 } 563 } 564 set_mail_conf_str(VAR_SERVNAME, service_name); 565 566 /* 567 * Initialize generic parameters and re-initialize logging in case of a 568 * non-default program name or logging destination. 569 */ 570 mail_params_init(); 571 maillog_client_init(mail_task(var_procname), MAILLOG_CLIENT_FLAG_NONE); 572 573 /* 574 * Register higher-level dictionaries and initialize the support for 575 * dynamically-loaded dictionarles. 576 */ 577 mail_dict_init(); 578 579 /* 580 * If not connected to stdin, stdin must not be a terminal. 581 */ 582 if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) { 583 msg_vstream_init(var_procname, VSTREAM_ERR); 584 msg_fatal("do not run this command by hand"); 585 } 586 587 /* 588 * Application-specific initialization. 589 */ 590 va_start(ap, service); 591 while ((key = va_arg(ap, int)) != 0) { 592 switch (key) { 593 case MAIL_SERVER_INT_TABLE: 594 get_mail_conf_int_table(va_arg(ap, CONFIG_INT_TABLE *)); 595 break; 596 case MAIL_SERVER_LONG_TABLE: 597 get_mail_conf_long_table(va_arg(ap, CONFIG_LONG_TABLE *)); 598 break; 599 case MAIL_SERVER_STR_TABLE: 600 get_mail_conf_str_table(va_arg(ap, CONFIG_STR_TABLE *)); 601 break; 602 case MAIL_SERVER_BOOL_TABLE: 603 get_mail_conf_bool_table(va_arg(ap, CONFIG_BOOL_TABLE *)); 604 break; 605 case MAIL_SERVER_TIME_TABLE: 606 get_mail_conf_time_table(va_arg(ap, CONFIG_TIME_TABLE *)); 607 break; 608 case MAIL_SERVER_RAW_TABLE: 609 get_mail_conf_raw_table(va_arg(ap, CONFIG_RAW_TABLE *)); 610 break; 611 case MAIL_SERVER_NINT_TABLE: 612 get_mail_conf_nint_table(va_arg(ap, CONFIG_NINT_TABLE *)); 613 break; 614 case MAIL_SERVER_NBOOL_TABLE: 615 get_mail_conf_nbool_table(va_arg(ap, CONFIG_NBOOL_TABLE *)); 616 break; 617 case MAIL_SERVER_PRE_INIT: 618 pre_init = va_arg(ap, MAIL_SERVER_INIT_FN); 619 break; 620 case MAIL_SERVER_POST_INIT: 621 post_init = va_arg(ap, MAIL_SERVER_INIT_FN); 622 break; 623 case MAIL_SERVER_LOOP: 624 loop = va_arg(ap, MAIL_SERVER_LOOP_FN); 625 break; 626 case MAIL_SERVER_EXIT: 627 trigger_server_onexit = va_arg(ap, MAIL_SERVER_EXIT_FN); 628 break; 629 case MAIL_SERVER_PRE_ACCEPT: 630 trigger_server_pre_accept = va_arg(ap, MAIL_SERVER_ACCEPT_FN); 631 break; 632 case MAIL_SERVER_IN_FLOW_DELAY: 633 trigger_server_in_flow_delay = 1; 634 break; 635 case MAIL_SERVER_SOLITARY: 636 if (stream == 0 && !alone) 637 msg_fatal("service %s requires a process limit of 1", 638 service_name); 639 break; 640 case MAIL_SERVER_UNLIMITED: 641 if (stream == 0 && !zerolimit) 642 msg_fatal("service %s requires a process limit of 0", 643 service_name); 644 break; 645 case MAIL_SERVER_PRIVILEGED: 646 if (user_name) 647 msg_fatal("service %s requires privileged operation", 648 service_name); 649 break; 650 case MAIL_SERVER_WATCHDOG: 651 trigger_server_watchdog = *va_arg(ap, int *); 652 break; 653 case MAIL_SERVER_BOUNCE_INIT: 654 dsn_filter_title = va_arg(ap, const char *); 655 dsn_filter_maps = va_arg(ap, const char **); 656 bounce_client_init(dsn_filter_title, *dsn_filter_maps); 657 break; 658 default: 659 msg_panic("%s: unknown argument type: %d", myname, key); 660 } 661 } 662 va_end(ap); 663 664 if (root_dir) 665 root_dir = var_queue_dir; 666 if (user_name) 667 user_name = var_mail_owner; 668 669 /* 670 * Can options be required? 671 * 672 * XXX Initially this code was implemented with UNIX-domain sockets, but 673 * Solaris <= 2.5 UNIX-domain sockets misbehave hopelessly when the 674 * client disconnects before the server has accepted the connection. 675 * Symptom: the server accept() fails with EPIPE or EPROTO, but the 676 * socket stays readable, so that the program goes into a wasteful loop. 677 * 678 * The initial fix was to use FIFOs, but those turn out to have their own 679 * problems, witness the workarounds in the fifo_listen() routine. 680 * Therefore we support both FIFOs and UNIX-domain sockets, so that the 681 * user can choose whatever works best. 682 * 683 * Well, I give up. Solaris UNIX-domain sockets still don't work properly, 684 * so it will have to limp along with a streams-specific alternative. 685 */ 686 if (stream == 0) { 687 if (transport == 0) 688 msg_fatal("no transport type specified"); 689 if (strcasecmp(transport, MASTER_XPORT_NAME_UNIX) == 0) 690 trigger_server_accept = trigger_server_accept_local; 691 else if (strcasecmp(transport, MASTER_XPORT_NAME_FIFO) == 0) 692 trigger_server_accept = trigger_server_accept_fifo; 693 #ifdef MASTER_XPORT_NAME_PASS 694 else if (strcasecmp(transport, MASTER_XPORT_NAME_PASS) == 0) 695 trigger_server_accept = trigger_server_accept_pass; 696 #endif 697 else 698 msg_fatal("unsupported transport type: %s", transport); 699 } 700 701 /* 702 * Retrieve process generation from environment. 703 */ 704 if ((generation = getenv(MASTER_GEN_NAME)) != 0) { 705 if (!alldig(generation)) 706 msg_fatal("bad generation: %s", generation); 707 OCTAL_TO_UNSIGNED(trigger_server_generation, generation); 708 if (msg_verbose) 709 msg_info("process generation: %s (%o)", 710 generation, trigger_server_generation); 711 } 712 713 /* 714 * Optionally start the debugger on ourself. 715 */ 716 if (debug_me) 717 debug_process(); 718 719 /* 720 * Traditionally, BSD select() can't handle multiple processes selecting 721 * on the same socket, and wakes up every process in select(). See TCP/IP 722 * Illustrated volume 2 page 532. We avoid select() collisions with an 723 * external lock file. 724 */ 725 if (stream == 0 && !alone) { 726 lock_path = concatenate(DEF_PID_DIR, "/", transport, 727 ".", service_name, (char *) 0); 728 why = vstring_alloc(1); 729 if ((trigger_server_lock = safe_open(lock_path, O_CREAT | O_RDWR, 0600, 730 (struct stat *) 0, -1, -1, why)) == 0) 731 msg_fatal("open lock file %s: %s", lock_path, vstring_str(why)); 732 close_on_exec(vstream_fileno(trigger_server_lock), CLOSE_ON_EXEC); 733 myfree(lock_path); 734 vstring_free(why); 735 } 736 737 /* 738 * Set up call-back info. 739 */ 740 trigger_server_service = service; 741 trigger_server_name = service_name; 742 trigger_server_argv = argv + optind; 743 744 /* 745 * Run pre-jail initialization. 746 */ 747 if (chdir(var_queue_dir) < 0) 748 msg_fatal("chdir(\"%s\"): %m", var_queue_dir); 749 if (pre_init) 750 pre_init(trigger_server_name, trigger_server_argv); 751 752 /* 753 * Optionally, restrict the damage that this process can do. 754 */ 755 resolve_local_init(); 756 tzset(); 757 chroot_uid(root_dir, user_name); 758 759 /* 760 * Run post-jail initialization. 761 */ 762 if (post_init) 763 post_init(trigger_server_name, trigger_server_argv); 764 765 /* 766 * Are we running as a one-shot server with the client connection on 767 * standard input? 768 */ 769 if (stream != 0) { 770 if ((len = read(vstream_fileno(stream), buf, sizeof(buf))) <= 0) 771 msg_fatal("read: %m"); 772 service(buf, len, trigger_server_name, trigger_server_argv); 773 vstream_fflush(stream); 774 trigger_server_exit(); 775 } 776 777 /* 778 * Running as a semi-resident server. Service connection requests. 779 * Terminate when we have serviced a sufficient number of clients, when 780 * no-one has been talking to us for a configurable amount of time, or 781 * when the master process terminated abnormally. 782 */ 783 if (var_idle_limit > 0) 784 event_request_timer(trigger_server_timeout, (void *) 0, var_idle_limit); 785 for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { 786 event_enable_read(fd, trigger_server_accept, CAST_INT_TO_VOID_PTR(fd)); 787 close_on_exec(fd, CLOSE_ON_EXEC); 788 } 789 event_enable_read(MASTER_STATUS_FD, trigger_server_abort, (void *) 0); 790 close_on_exec(MASTER_STATUS_FD, CLOSE_ON_EXEC); 791 close_on_exec(MASTER_FLOW_READ, CLOSE_ON_EXEC); 792 close_on_exec(MASTER_FLOW_WRITE, CLOSE_ON_EXEC); 793 watchdog = watchdog_create(trigger_server_watchdog, 794 (WATCHDOG_FN) 0, (void *) 0); 795 796 /* 797 * The event loop, at last. 798 */ 799 while (var_use_limit == 0 || use_count < var_use_limit) { 800 if (trigger_server_lock != 0) { 801 watchdog_stop(watchdog); 802 if (myflock(vstream_fileno(trigger_server_lock), INTERNAL_LOCK, 803 MYFLOCK_OP_EXCLUSIVE) < 0) 804 msg_fatal("select lock: %m"); 805 } 806 watchdog_start(watchdog); 807 delay = loop ? loop(trigger_server_name, trigger_server_argv) : -1; 808 event_loop(delay); 809 } 810 trigger_server_exit(); 811 } 812