postlock.c

[詳解]

/*++
/* NAME
/*  postlock 1
/* SUMMARY
/*  lock mail folder and execute command
/* SYNOPSIS
/* .fi
/*  \fBpostlock\fR [\fB-c \fIconfig_dir\fR] [\fB-l \fIlock_style\fR]
/*      [\fB-v\fR] \fIfile command...\fR
/* DESCRIPTION
/*  The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive
/*  access, and executes \fIcommand\fR. The locking method is
/*  compatible with the Postfix UNIX-style local delivery agent.
/*
/*  Options:
/* .IP "\fB-c \fIconfig_dir\fR"
/*  Read the \fBmain.cf\fR configuration file in the named directory
/*  instead of the default configuration directory.
/* .IP "\fB-l \fIlock_style\fR"
/*  Override the locking method specified via the
/*  \fBmailbox_delivery_lock\fR configuration parameter (see below).
/* .IP \fB-v\fR
/*  Enable verbose logging for debugging purposes. Multiple \fB-v\fR
/*  options make the software increasingly verbose.
/* .PP
/*  Arguments:
/* .IP \fIfile\fR
/*  A mailbox file. The user should have read/write permission.
/* .IP \fIcommand...\fR
/*  The command to execute while \fIfile\fR is locked for exclusive
/*  access.  The command is executed directly, i.e. without
/*  interpretation by a shell command interpreter.
/* DIAGNOSTICS
/*  The result status is 75 (EX_TEMPFAIL) when \fBpostlock\fR(1)
/*  could not perform the requested operation.  Otherwise, the
/*  exit status is the exit status from the command.
/* BUGS
/*  With remote file systems, the ability to acquire a lock does not
/*  necessarily eliminate access conflicts. Avoid file access by
/*  processes running on different machines.
/* ENVIRONMENT
/* .ad
/* .fi
/* .IP \fBMAIL_CONFIG\fR
/*  Directory with Postfix configuration files.
/* .IP \fBMAIL_VERBOSE\fR
/*  Enable verbose logging for debugging purposes.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/*  The following \fBmain.cf\fR parameters are especially relevant to
/*  this program.
/*  The text below provides only a parameter summary. See
/*  \fBpostconf\fR(5) for more details including examples.
/* LOCKING CONTROLS
/* .ad
/* .fi
/* .IP "\fBdeliver_lock_attempts (20)\fR"
/*  The maximal number of attempts to acquire an exclusive lock on a
/*  mailbox file or \fBbounce\fR(8) logfile.
/* .IP "\fBdeliver_lock_delay (1s)\fR"
/*  The time between attempts to acquire an exclusive lock on a mailbox
/*  file or \fBbounce\fR(8) logfile.
/* .IP "\fBstale_lock_time (500s)\fR"
/*  The time after which a stale exclusive mailbox lockfile is removed.
/* .IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR"
/*  How to lock a UNIX-style \fBlocal\fR(8) mailbox before attempting delivery.
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
/* .IP "\fBfork_attempts (5)\fR"
/*  The maximal number of attempts to fork() a child process.
/* .IP "\fBfork_delay (1s)\fR"
/*  The delay between attempts to fork() a child process.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
/*  The default location of the Postfix main.cf and master.cf
/*  configuration files.
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
/*  The list of environment parameters that a privileged Postfix
/*  process will import from a non-Postfix parent process, or name=value
/*  environment overrides.
/* SEE ALSO
/*  postconf(5), configuration parameters
/* LICENSE
/* .ad
/* .fi
/*  The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*  Wietse Venema
/*  IBM T.J. Watson Research
/*  P.O. Box 704
/*  Yorktown Heights, NY 10598, USA
/*
/*  Wietse Venema
/*  Google, Inc.
/*  111 8th Avenue
/*  New York, NY 10011, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>

/* Utility library. */

#include <msg.h>
#include <vstring.h>
#include <vstream.h>
#include <msg_vstream.h>
#include <iostuff.h>
#include <warn_stat.h>
#include <clean_env.h>

/* Global library. */

#include <mail_params.h>
#include <mail_version.h>
#include <dot_lockfile.h>
#include <deliver_flock.h>
#include <mail_conf.h>
#include <sys_exits.h>
#include <mbox_conf.h>
#include <mbox_open.h>
#include <dsn_util.h>
#include <mail_parm_split.h>

/* Application-specific. */

/* usage - explain */

static NORETURN usage(char *myname)
{
    msg_fatal("usage: %s [-c config_dir] [-l lock_style] [-v] folder command...", myname);
}

/* fatal_exit - all failures are deemed recoverable */

static void fatal_exit(void)
{
    exit(EX_TEMPFAIL);
}

MAIL_VERSION_STAMP_DECLARE;

/* main - go for it */

int     main(int argc, char **argv)
{
    DSN_BUF *why;
    char   *folder;
    char  **command;
    int     ch;
    int     fd;
    struct stat st;
    int     count;
    WAIT_STATUS_T status;
    pid_t   pid;
    int     lock_mask;
    char   *lock_style = 0;
    MBOX   *mp;
    ARGV   *import_env;

    /*
     * Fingerprint executables and core dumps.
     */
    MAIL_VERSION_STAMP_ALLOCATE;

    /*
     * Be consistent with file permissions.
     */
    umask(022);

    /*
     * To minimize confusion, make sure that the standard file descriptors
     * are open before opening anything else. XXX Work around for 44BSD where
     * fstat can return EBADF on an open file descriptor.
     */
    for (fd = 0; fd < 3; fd++)
    if (fstat(fd, &st) == -1
        && (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
        msg_fatal("open /dev/null: %m");

    /*
     * Process environment options as early as we can. We are not set-uid,
     * and we are supposed to be running in a controlled environment.
     */
    if (getenv(CONF_ENV_VERB))
    msg_verbose = 1;

    /*
     * Set up logging and error handling. Intercept fatal exits so we can
     * return a distinguished exit status.
     */
    msg_vstream_init(argv[0], VSTREAM_ERR);
    msg_cleanup(fatal_exit);

    /*
     * Parse JCL.
     */
    while ((ch = GETOPT(argc, argv, "c:l:v")) > 0) {
    switch (ch) {
    default:
        usage(argv[0]);
        break;
    case 'c':
        if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
        msg_fatal("out of memory");
        break;
    case 'l':
        lock_style = optarg;
        break;
    case 'v':
        msg_verbose++;
        break;
    }
    }
    if (optind + 2 > argc)
    usage(argv[0]);
    folder = argv[optind];
    command = argv + optind + 1;

    /*
     * Read the config file. The command line lock style can override the
     * configured lock style.
     */
    mail_conf_read();
    /* Enforce consistent operation of different Postfix parts. */
    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
    update_env(import_env->argv);
    argv_free(import_env);
    lock_mask = mbox_lock_mask(lock_style ? lock_style :
           get_mail_conf_str(VAR_MAILBOX_LOCK, DEF_MAILBOX_LOCK, 1, 0));

    /*
     * Lock the folder for exclusive access. Lose the lock upon exit. The
     * command is not supposed to disappear into the background.
     */
    why = dsb_create();
    if ((mp = mbox_open(folder, O_APPEND | O_WRONLY | O_CREAT,
            S_IRUSR | S_IWUSR, (struct stat *) 0,
            -1, -1, lock_mask, "5.2.0", why)) == 0)
    msg_fatal("open file %s: %s", folder, vstring_str(why->reason));
    dsb_free(why);

    /*
     * Run the command. Remove the lock after completion.
     */
    for (count = 1; (pid = fork()) == -1; count++) {
    msg_warn("fork %s: %m", command[0]);
    if (count >= var_fork_tries) {
        mbox_release(mp);
        exit(EX_TEMPFAIL);
    }
    sleep(var_fork_delay);
    }
    switch (pid) {
    case 0:
    (void) msg_cleanup((MSG_CLEANUP_FN) 0);
    execvp(command[0], command);
    msg_fatal("execvp %s: %m", command[0]);
    default:
    if (waitpid(pid, &status, 0) < 0)
        msg_fatal("waitpid: %m");
    vstream_fclose(mp->fp);
    mbox_release(mp);
    exit(WIFEXITED(status) ? WEXITSTATUS(status) : 1);
    }
}