| 1 | /* |
|---|
| 2 | run_email2trac.c |
|---|
| 3 | Authors: Bas van der Vlies, Walter de Jong and Michel Jouvin |
|---|
| 4 | SVN Info: |
|---|
| 5 | $Id: run_email2trac.c 593 2012-05-01 14:03:23Z bas $ |
|---|
| 6 | |
|---|
| 7 | Only nobody can become the user www-data. Postfix uses this |
|---|
| 8 | user to start an program |
|---|
| 9 | |
|---|
| 10 | Licensed to the Apache Software Foundation (ASF) under one |
|---|
| 11 | or more contributor license agreements. See the NOTICE file |
|---|
| 12 | distributed with this work for additional information |
|---|
| 13 | regarding copyright ownership. The ASF licenses this file |
|---|
| 14 | to you under the Apache License, Version 2.0 (the |
|---|
| 15 | "License"); you may not use this file except in compliance |
|---|
| 16 | with the License. You may obtain a copy of the License at |
|---|
| 17 | |
|---|
| 18 | http://www.apache.org/licenses/LICENSE-2.0 |
|---|
| 19 | |
|---|
| 20 | Unless required by applicable law or agreed to in writing, |
|---|
| 21 | software distributed under the License is distributed on an |
|---|
| 22 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
|---|
| 23 | KIND, either express or implied. See the License for the |
|---|
| 24 | specific language governing permissions and limitations |
|---|
| 25 | under the License. |
|---|
| 26 | */ |
|---|
| 27 | #include "config.h" |
|---|
| 28 | |
|---|
| 29 | #include <sys/types.h> |
|---|
| 30 | #include <stdlib.h> |
|---|
| 31 | #include <unistd.h> |
|---|
| 32 | #include <pwd.h> |
|---|
| 33 | #include <sys/stat.h> |
|---|
| 34 | #include <string.h> |
|---|
| 35 | #include <stdio.h> |
|---|
| 36 | #include <limits.h> |
|---|
| 37 | #ifdef HAVE_INITGROUPS |
|---|
| 38 | #include <grp.h> |
|---|
| 39 | #endif |
|---|
| 40 | |
|---|
| 41 | #include "run_email2trac.h" |
|---|
| 42 | |
|---|
| 43 | #ifndef DEBUG |
|---|
| 44 | #define DEBUG 0 |
|---|
| 45 | #endif |
|---|
| 46 | |
|---|
| 47 | void check_username(char *name) |
|---|
| 48 | { |
|---|
| 49 | if ( strlen(name) > 30 ) { |
|---|
| 50 | if ( DEBUG ) printf("MTA_USERNAME is to large; %s\n", name); |
|---|
| 51 | exit(-1); |
|---|
| 52 | } |
|---|
| 53 | } |
|---|
| 54 | |
|---|
| 55 | int main(int argc, char** argv) { |
|---|
| 56 | |
|---|
| 57 | int i,j; |
|---|
| 58 | int caller = getuid(); |
|---|
| 59 | int status; |
|---|
| 60 | |
|---|
| 61 | char **trac_script_args; |
|---|
| 62 | char *python_egg_cache = NULL; |
|---|
| 63 | struct passwd *TRAC; |
|---|
| 64 | struct passwd *MTA; |
|---|
| 65 | struct stat script_attrs; |
|---|
| 66 | const char *trac_script = TRAC_SCRIPT_PATH "/" TRAC_SCRIPT_NAME; |
|---|
| 67 | |
|---|
| 68 | /* |
|---|
| 69 | printf("trac_script = %s\n", trac_script); |
|---|
| 70 | */ |
|---|
| 71 | |
|---|
| 72 | /* First copy arguments passed to the wrapper as scripts arguments |
|---|
| 73 | after filtering out some of the possible script options */ |
|---|
| 74 | |
|---|
| 75 | trac_script_args = (char**) malloc((argc+1)*sizeof(char*)); |
|---|
| 76 | if (trac_script_args == NULL) { |
|---|
| 77 | if ( DEBUG ) printf("malloc failed\n"); |
|---|
| 78 | return 1; |
|---|
| 79 | } |
|---|
| 80 | trac_script_args[0] = TRAC_SCRIPT_NAME; |
|---|
| 81 | for (i=j=1; i<argc; i++) { |
|---|
| 82 | if ( (strcmp(argv[i],"--file") == 0) || |
|---|
| 83 | (strcmp(argv[i],"-f") == 0) ) { |
|---|
| 84 | i++; |
|---|
| 85 | continue; |
|---|
| 86 | } |
|---|
| 87 | else if ( (strcmp(argv[i],"--eggcache") == 0) || |
|---|
| 88 | (strcmp(argv[i],"-e") == 0) ) { |
|---|
| 89 | i++; |
|---|
| 90 | python_egg_cache = argv[i]; |
|---|
| 91 | continue; |
|---|
| 92 | } |
|---|
| 93 | |
|---|
| 94 | trac_script_args[j] = argv[i]; |
|---|
| 95 | j++; |
|---|
| 96 | } |
|---|
| 97 | trac_script_args[j] = NULL; |
|---|
| 98 | |
|---|
| 99 | /* Check caller */ |
|---|
| 100 | check_username(MTA_USER); |
|---|
| 101 | MTA = getpwnam(MTA_USER); |
|---|
| 102 | |
|---|
| 103 | if ( MTA == NULL ) { |
|---|
| 104 | if ( DEBUG ) printf("Invalid MTA user (%s)\n", MTA_USER); |
|---|
| 105 | return -3; /* 253 : MTA user not found */ |
|---|
| 106 | } |
|---|
| 107 | |
|---|
| 108 | if ( caller != MTA->pw_uid ) { |
|---|
| 109 | if ( DEBUG ) printf("Invalid caller UID (%d)\n",caller); |
|---|
| 110 | return -2; /* 254 : Invalid caller */ |
|---|
| 111 | } |
|---|
| 112 | |
|---|
| 113 | /* set UID/GID and supplementary groups to be Trac (or apache) user */ |
|---|
| 114 | check_username(TRAC_USER); |
|---|
| 115 | if ( TRAC = getpwnam(TRAC_USER) ) { |
|---|
| 116 | #ifdef HAVE_INITGROUPS |
|---|
| 117 | if (initgroups(TRAC_USER, TRAC->pw_gid)) { |
|---|
| 118 | if ( DEBUG ) printf("initgroups failed\n"); |
|---|
| 119 | return -7; /* 249 : Can't set supplementary groups */ |
|---|
| 120 | } |
|---|
| 121 | #endif |
|---|
| 122 | if (setgid(TRAC->pw_gid) || setuid(TRAC->pw_uid)) { |
|---|
| 123 | if ( DEBUG ) printf("setgid or setuid failed\n"); |
|---|
| 124 | return -5; /* 251: Can't set gid or uid */ |
|---|
| 125 | } |
|---|
| 126 | } else { |
|---|
| 127 | if ( DEBUG ) printf("Invalid Trac user (%s)\n",TRAC_USER); |
|---|
| 128 | return -6; /* 250 : Trac user not found */ |
|---|
| 129 | } |
|---|
| 130 | |
|---|
| 131 | /* Check that script exists */ |
|---|
| 132 | if ( stat(trac_script,&script_attrs) ) { |
|---|
| 133 | if ( DEBUG ) printf("Script not found (%s)\n",trac_script); |
|---|
| 134 | return -4; /* 252 : script not found */ |
|---|
| 135 | } |
|---|
| 136 | |
|---|
| 137 | /* Set PYTHON_EGG_CACHE env variable if we have been told to do so */ |
|---|
| 138 | if ( python_egg_cache != NULL ) { |
|---|
| 139 | setenv("PYTHON_EGG_CACHE",python_egg_cache ,1); |
|---|
| 140 | } |
|---|
| 141 | |
|---|
| 142 | /* Execute script */ |
|---|
| 143 | status = execv(trac_script, trac_script_args); |
|---|
| 144 | |
|---|
| 145 | if ( DEBUG ) printf("Script %s execution failure (error=%d). Check permission and interpreter path.\n",trac_script,status); |
|---|
| 146 | return -1; /* 255 : should never reach this point */ |
|---|
| 147 | |
|---|
| 148 | } |
|---|
| 149 | |
|---|
| 150 | /* EOB */ |
|---|
