5
/* run external command
7
/* #include <spawn_command.h>
9
/* WAIT_STATUS_T spawn_command(key, value, ...)
12
/* spawn_command() runs a command in a child process and returns
13
/* the command exit status.
17
/* Specifies what value will follow. spawn_command() takes a list
18
/* of (key, value) arguments, terminated by SPAWN_CMD_END. The
19
/* following is a listing of key codes together with the expected
22
/* .IP "SPAWN_CMD_COMMAND (char *)"
23
/* Specifies the command to execute as a string. The string is
24
/* passed to the shell when it contains shell meta characters
25
/* or when it appears to be a shell built-in command, otherwise
26
/* the command is executed without invoking a shell.
27
/* One of SPAWN_CMD_COMMAND or SPAWN_CMD_ARGV must be specified.
28
/* See also the SPAWN_CMD_SHELL attribute below.
29
/* .IP "SPAWN_CMD_ARGV (char **)"
30
/* The command is specified as an argument vector. This vector is
31
/* passed without further inspection to the \fIexecvp\fR() routine.
32
/* One of SPAWN_CMD_COMMAND or SPAWN_CMD_ARGV must be specified.
33
/* .IP "SPAWN_CMD_ENV (char **)"
34
/* Additional environment information, in the form of a null-terminated
35
/* list of name, value, name, value, ... elements. By default only the
36
/* command search path is initialized to _PATH_DEFPATH.
37
/* .IP "SPAWN_CMD_EXPORT (char **)"
38
/* Null-terminated array of names of environment parameters that can
39
/* be exported. By default, everything is exported.
40
/* .IP "SPAWN_CMD_STDIN (int)"
41
/* .IP "SPAWN_CMD_STDOUT (int)"
42
/* .IP "SPAWN_CMD_STDERR (int)"
43
/* Each of these specifies I/O redirection of one of the standard file
44
/* descriptors for the command.
45
/* .IP "SPAWN_CMD_UID (int)"
46
/* The user ID to execute the command as.
47
/* .IP "SPAWN_CMD_GID (int)"
48
/* The group ID to execute the command as.
49
/* .IP "SPAWN_CMD_TIME_LIMIT (int)"
50
/* The amount of time in seconds the command is allowed to run before
51
/* it is terminated with SIGKILL. The default is no time limit.
52
/* .IP "SPAWN_CMD_SHELL (char *)"
53
/* The shell to use when executing the command specified with
54
/* SPAWN_CMD_COMMAND. This shell is invoked regardless of the
58
/* Panic: interface violations (for example, a missing command).
60
/* Fatal error: fork() failure, other system call failures.
62
/* spawn_command() returns the exit status as defined by wait(2).
66
/* The Secure Mailer license must be distributed with this software.
68
/* exec_command(3) execute command
71
/* IBM T.J. Watson Research
73
/* Yorktown Heights, NY 10598, USA
90
/* Utility library. */
93
#include <timed_wait.h>
96
#include <spawn_command.h>
97
#include <exec_command.h>
98
#include <clean_env.h>
100
/* Application-specific. */
103
char **argv; /* argument vector */
104
char *command; /* or a plain string */
105
int stdin_fd; /* read stdin here */
106
int stdout_fd; /* write stdout here */
107
int stderr_fd; /* write stderr here */
108
uid_t uid; /* privileges */
109
gid_t gid; /* privileges */
110
char **env; /* extra environment */
111
char **export; /* exportable environment */
112
char *shell; /* command shell */
113
int time_limit; /* command time limit */
116
/* get_spawn_args - capture the variadic argument list */
118
static void get_spawn_args(struct spawn_args * args, int init_key, va_list ap)
120
char *myname = "get_spawn_args";
124
* First, set the default values.
129
args->stdout_fd = -1;
130
args->stderr_fd = -1;
131
args->uid = (uid_t) - 1;
132
args->gid = (gid_t) - 1;
136
args->time_limit = 0;
139
* Then, override the defaults with user-supplied inputs.
141
for (key = init_key; key != SPAWN_CMD_END; key = va_arg(ap, int)) {
145
msg_panic("%s: specify SPAWN_CMD_ARGV or SPAWN_CMD_COMMAND",
147
args->argv = va_arg(ap, char **);
149
case SPAWN_CMD_COMMAND:
151
msg_panic("%s: specify SPAWN_CMD_ARGV or SPAWN_CMD_COMMAND",
153
args->command = va_arg(ap, char *);
155
case SPAWN_CMD_STDIN:
156
args->stdin_fd = va_arg(ap, int);
158
case SPAWN_CMD_STDOUT:
159
args->stdout_fd = va_arg(ap, int);
161
case SPAWN_CMD_STDERR:
162
args->stderr_fd = va_arg(ap, int);
165
args->uid = va_arg(ap, int); /* in case uid_t is short */
168
args->gid = va_arg(ap, int); /* in case gid_t is short */
170
case SPAWN_CMD_TIME_LIMIT:
171
args->time_limit = va_arg(ap, int);
174
args->env = va_arg(ap, char **);
176
case SPAWN_CMD_EXPORT:
177
args->export = va_arg(ap, char **);
179
case SPAWN_CMD_SHELL:
180
args->shell = va_arg(ap, char *);
183
msg_panic("%s: unknown key: %d", myname, key);
186
if (args->command == 0 && args->argv == 0)
187
msg_panic("%s: missing SPAWN_CMD_ARGV or SPAWN_CMD_COMMAND", myname);
188
if (args->command == 0 && args->shell != 0)
189
msg_panic("%s: SPAWN_CMD_ARGV cannot be used with SPAWN_CMD_SHELL",
193
/* spawn_command - execute command with extreme prejudice */
195
WAIT_STATUS_T spawn_command(int key,...)
197
char *myname = "spawn_comand";
200
WAIT_STATUS_T wait_status;
201
struct spawn_args args;
207
* Process the variadic argument list. This also does sanity checks on
208
* what data the caller is passing to us.
211
get_spawn_args(&args, key, ap);
217
if (args.command == 0)
218
args.command = args.argv[0];
221
* Spawn off a child process and irrevocably change privilege to the
222
* user. This includes revoking all rights on open files (via the close
223
* on exec flag). If we cannot run the command now, try again some time
226
switch (pid = fork()) {
229
* Error. Instead of trying again right now, back off, give the
230
* system a chance to recover, and try again later.
233
msg_fatal("fork: %m");
236
* Child. Run the child in a separate process group so that the
237
* parent can kill not just the child but also its offspring.
240
if (args.uid != (uid_t) - 1 || args.gid != (gid_t) - 1)
241
set_ugid(args.uid, args.gid);
247
if ((args.stdin_fd >= 0 && DUP2(args.stdin_fd, STDIN_FILENO) < 0)
248
|| (args.stdout_fd >= 0 && DUP2(args.stdout_fd, STDOUT_FILENO) < 0)
249
|| (args.stderr_fd >= 0 && DUP2(args.stderr_fd, STDERR_FILENO) < 0))
250
msg_fatal("%s: dup2: %m", myname);
253
* Environment plumbing. Always reset the command search path. XXX
254
* That should probably be done by clean_env().
257
clean_env(args.export);
258
if (setenv("PATH", _PATH_DEFPATH, 1))
259
msg_fatal("%s: setenv: %m", myname);
261
for (cpp = args.env; *cpp; cpp += 2)
262
if (setenv(cpp[0], cpp[1], 1))
263
msg_fatal("setenv: %m");
266
* Process plumbing. If possible, avoid running a shell.
270
execvp(args.argv[0], args.argv);
271
msg_fatal("%s: execvp %s: %m", myname, args.argv[0]);
272
} else if (args.shell && *args.shell) {
273
argv = argv_split(args.shell, " \t\r\n");
274
argv_add(argv, args.command, (char *) 0);
275
argv_terminate(argv);
276
execvp(argv->argv[0], argv->argv);
277
msg_fatal("%s: execvp %s: %m", myname, argv->argv[0]);
279
exec_command(args.command);
289
* Be prepared for the situation that the child does not terminate.
290
* Make sure that the child terminates before the parent attempts to
291
* retrieve its exit status, otherwise the parent could become stuck,
292
* and the mail system would eventually run out of exec daemons. Do a
293
* thorough job, and kill not just the child process but also its
296
if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0
297
&& errno == ETIMEDOUT) {
298
msg_warn("%s: process id %lu: command time limit exceeded",
299
args.command, (unsigned long) pid);
301
err = waitpid(pid, &wait_status, 0);
304
msg_fatal("wait: %m");
305
return (wait_status);