1 | /* |
---|
2 | run_email2trac.c |
---|
3 | Authors: Bas van der Vlies, Walter de Jong and Michel Jouvin |
---|
4 | SVN Info: |
---|
5 | $Id: run_email2trac.c 593 2012-05-01 14:03:23Z bas $ |
---|
6 | |
---|
7 | Only nobody can become the user www-data. Postfix uses this |
---|
8 | user to start an program |
---|
9 | |
---|
10 | Licensed to the Apache Software Foundation (ASF) under one |
---|
11 | or more contributor license agreements. See the NOTICE file |
---|
12 | distributed with this work for additional information |
---|
13 | regarding copyright ownership. The ASF licenses this file |
---|
14 | to you under the Apache License, Version 2.0 (the |
---|
15 | "License"); you may not use this file except in compliance |
---|
16 | with the License. You may obtain a copy of the License at |
---|
17 | |
---|
18 | http://www.apache.org/licenses/LICENSE-2.0 |
---|
19 | |
---|
20 | Unless required by applicable law or agreed to in writing, |
---|
21 | software distributed under the License is distributed on an |
---|
22 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
---|
23 | KIND, either express or implied. See the License for the |
---|
24 | specific language governing permissions and limitations |
---|
25 | under the License. |
---|
26 | */ |
---|
27 | #include "config.h" |
---|
28 | |
---|
29 | #include <sys/types.h> |
---|
30 | #include <stdlib.h> |
---|
31 | #include <unistd.h> |
---|
32 | #include <pwd.h> |
---|
33 | #include <sys/stat.h> |
---|
34 | #include <string.h> |
---|
35 | #include <stdio.h> |
---|
36 | #include <limits.h> |
---|
37 | #ifdef HAVE_INITGROUPS |
---|
38 | #include <grp.h> |
---|
39 | #endif |
---|
40 | |
---|
41 | #include "run_email2trac.h" |
---|
42 | |
---|
43 | #ifndef DEBUG |
---|
44 | #define DEBUG 0 |
---|
45 | #endif |
---|
46 | |
---|
47 | void check_username(char *name) |
---|
48 | { |
---|
49 | if ( strlen(name) > 30 ) { |
---|
50 | if ( DEBUG ) printf("MTA_USERNAME is to large; %s\n", name); |
---|
51 | exit(-1); |
---|
52 | } |
---|
53 | } |
---|
54 | |
---|
55 | int main(int argc, char** argv) { |
---|
56 | |
---|
57 | int i,j; |
---|
58 | int caller = getuid(); |
---|
59 | int status; |
---|
60 | |
---|
61 | char **trac_script_args; |
---|
62 | char *python_egg_cache = NULL; |
---|
63 | struct passwd *TRAC; |
---|
64 | struct passwd *MTA; |
---|
65 | struct stat script_attrs; |
---|
66 | const char *trac_script = TRAC_SCRIPT_PATH "/" TRAC_SCRIPT_NAME; |
---|
67 | |
---|
68 | /* |
---|
69 | printf("trac_script = %s\n", trac_script); |
---|
70 | */ |
---|
71 | |
---|
72 | /* First copy arguments passed to the wrapper as scripts arguments |
---|
73 | after filtering out some of the possible script options */ |
---|
74 | |
---|
75 | trac_script_args = (char**) malloc((argc+1)*sizeof(char*)); |
---|
76 | if (trac_script_args == NULL) { |
---|
77 | if ( DEBUG ) printf("malloc failed\n"); |
---|
78 | return 1; |
---|
79 | } |
---|
80 | trac_script_args[0] = TRAC_SCRIPT_NAME; |
---|
81 | for (i=j=1; i<argc; i++) { |
---|
82 | if ( (strcmp(argv[i],"--file") == 0) || |
---|
83 | (strcmp(argv[i],"-f") == 0) ) { |
---|
84 | i++; |
---|
85 | continue; |
---|
86 | } |
---|
87 | else if ( (strcmp(argv[i],"--eggcache") == 0) || |
---|
88 | (strcmp(argv[i],"-e") == 0) ) { |
---|
89 | i++; |
---|
90 | python_egg_cache = argv[i]; |
---|
91 | continue; |
---|
92 | } |
---|
93 | |
---|
94 | trac_script_args[j] = argv[i]; |
---|
95 | j++; |
---|
96 | } |
---|
97 | trac_script_args[j] = NULL; |
---|
98 | |
---|
99 | /* Check caller */ |
---|
100 | check_username(MTA_USER); |
---|
101 | MTA = getpwnam(MTA_USER); |
---|
102 | |
---|
103 | if ( MTA == NULL ) { |
---|
104 | if ( DEBUG ) printf("Invalid MTA user (%s)\n", MTA_USER); |
---|
105 | return -3; /* 253 : MTA user not found */ |
---|
106 | } |
---|
107 | |
---|
108 | if ( caller != MTA->pw_uid ) { |
---|
109 | if ( DEBUG ) printf("Invalid caller UID (%d)\n",caller); |
---|
110 | return -2; /* 254 : Invalid caller */ |
---|
111 | } |
---|
112 | |
---|
113 | /* set UID/GID and supplementary groups to be Trac (or apache) user */ |
---|
114 | check_username(TRAC_USER); |
---|
115 | if ( TRAC = getpwnam(TRAC_USER) ) { |
---|
116 | #ifdef HAVE_INITGROUPS |
---|
117 | if (initgroups(TRAC_USER, TRAC->pw_gid)) { |
---|
118 | if ( DEBUG ) printf("initgroups failed\n"); |
---|
119 | return -7; /* 249 : Can't set supplementary groups */ |
---|
120 | } |
---|
121 | #endif |
---|
122 | if (setgid(TRAC->pw_gid) || setuid(TRAC->pw_uid)) { |
---|
123 | if ( DEBUG ) printf("setgid or setuid failed\n"); |
---|
124 | return -5; /* 251: Can't set gid or uid */ |
---|
125 | } |
---|
126 | } else { |
---|
127 | if ( DEBUG ) printf("Invalid Trac user (%s)\n",TRAC_USER); |
---|
128 | return -6; /* 250 : Trac user not found */ |
---|
129 | } |
---|
130 | |
---|
131 | /* Check that script exists */ |
---|
132 | if ( stat(trac_script,&script_attrs) ) { |
---|
133 | if ( DEBUG ) printf("Script not found (%s)\n",trac_script); |
---|
134 | return -4; /* 252 : script not found */ |
---|
135 | } |
---|
136 | |
---|
137 | /* Set PYTHON_EGG_CACHE env variable if we have been told to do so */ |
---|
138 | if ( python_egg_cache != NULL ) { |
---|
139 | setenv("PYTHON_EGG_CACHE",python_egg_cache ,1); |
---|
140 | } |
---|
141 | |
---|
142 | /* Execute script */ |
---|
143 | status = execv(trac_script, trac_script_args); |
---|
144 | |
---|
145 | if ( DEBUG ) printf("Script %s execution failure (error=%d). Check permission and interpreter path.\n",trac_script,status); |
---|
146 | return -1; /* 255 : should never reach this point */ |
---|
147 | |
---|
148 | } |
---|
149 | |
---|
150 | /* EOB */ |
---|