Expand PMF_FN_* macros.

[netbsd-mini2440.git] / external / ibm-public / postfix / dist / src / master / master_wakeup.c

/*      $NetBSD$        */

/*++
/* NAME
/*      master_wakeup 3
/* SUMMARY
/*      Postfix master - start/stop service wakeup timers
/* SYNOPSIS
/*      #include "master.h"
/*
/*      void    master_wakeup_init(serv)
/*      MASTER_SERV *serv;
/*
/*      void    master_wakeup_cleanup(serv)
/*      MASTER_SERV *serv;
/* DESCRIPTION
/*      This module implements automatic service wakeup. In order to
/*      wakeup a service, a wakeup trigger is sent to the corresponding
/*      service port or FIFO, and a timer is started to repeat this sequence
/*      after a configurable amount of time.
/*
/*      master_wakeup_init() wakes up the named service. No wakeup
/*      is done or scheduled when a zero wakeup time is given, or when
/*      the service has been throttled in the mean time.
/*      It is OK to call master_wakeup_init() while a timer is already
/*      running for the named service. The effect is to restart the
/*      wakeup timer.
/*
/*      master_wakeup_cleanup() cancels the wakeup timer for the named
/*      service. It is an error to disable a service while it still has
/*      an active wakeup timer (doing so would cause a dangling reference
/*      to a non-existent service).
/*      It is OK to call master_wakeup_cleanup() even when no timer is
/*      active for the named service.
/* DIAGNOSTICS
/* BUGS
/* SEE ALSO
/*      inet_trigger(3), internet-domain client
/*      unix_trigger(3), unix-domain client
/*      fifo_trigger(3), fifo client
/*      upass_trigger(3), file descriptor passing client
/* LICENSE
/* .ad
/* .fi
/*      The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*      Wietse Venema
/*      IBM T.J. Watson Research
/*      P.O. Box 704
/*      Yorktown Heights, NY 10598, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <unistd.h>
#include <string.h>

/* Utility library. */

#include <msg.h>
#include <trigger.h>
#include <events.h>
#include <set_eugid.h>
#include <set_ugid.h>

/* Global library. */

#include <mail_proto.h>                 /* triggers */
#include <mail_params.h>

/* Application-specific. */

#include "mail_server.h"
#include "master.h"

/* master_wakeup_timer_event - wakeup event handler */

static void master_wakeup_timer_event(int unused_event, char *context)
{
    const char *myname = "master_wakeup_timer_event";
    MASTER_SERV *serv = (MASTER_SERV *) context;
    int     status;
    static char wakeup = TRIGGER_REQ_WAKEUP;

    /*
     * Don't wakeup services whose automatic wakeup feature was turned off in
     * the mean time.
     */
    if (serv->wakeup_time == 0)
        return;

    /*
     * Don't wake up services that are throttled. Find out what transport to
     * use. We can't block here so we choose a short timeout.
     */
#define BRIEFLY 1

    if (MASTER_THROTTLED(serv) == 0) {
        if (msg_verbose)
            msg_info("%s: service %s", myname, serv->name);

        switch (serv->type) {
        case MASTER_SERV_TYPE_INET:
            status = inet_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
            break;
        case MASTER_SERV_TYPE_UNIX:
            status = LOCAL_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
            break;
#ifdef MASTER_SERV_TYPE_PASS
        case MASTER_SERV_TYPE_PASS:
            status = PASS_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
            break;
#endif

            /*
             * If someone compromises the postfix account then this must not
             * overwrite files outside the chroot jail. Countermeasures:
             * 
             * - Limit the damage by accessing the FIFO as postfix not root.
             * 
             * - Have fifo_trigger() call safe_open() so we won't follow
             * arbitrary hard/symlinks to files in/outside the chroot jail.
             * 
             * - All non-chroot postfix-related files must be root owned (or
             * postfix check complains).
             * 
             * - The postfix user and group ID must not be shared with other
             * applications (says the INSTALL documentation).
             * 
             * Result of a discussion with Michael Tokarev, who received his
             * insights from Solar Designer, who tested Postfix with a kernel
             * module that is paranoid about open() calls.
             */
        case MASTER_SERV_TYPE_FIFO:
            set_eugid(var_owner_uid, var_owner_gid);
            status = fifo_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
            set_ugid(getuid(), getgid());
            break;
        default:
            msg_panic("%s: unknown service type: %d", myname, serv->type);
        }
        if (status < 0)
            msg_warn("%s: service %s(%s): %m",
                     myname, serv->ext_name, serv->name);
    }

    /*
     * Schedule another wakeup event.
     */
    event_request_timer(master_wakeup_timer_event, (char *) serv,
                        serv->wakeup_time);
}

/* master_wakeup_init - start automatic service wakeup */

void    master_wakeup_init(MASTER_SERV *serv)
{
    const char *myname = "master_wakeup_init";

    if (serv->wakeup_time == 0 || (serv->flags & MASTER_FLAG_CONDWAKE))
        return;
    if (msg_verbose)
        msg_info("%s: service %s time %d",
                 myname, serv->name, serv->wakeup_time);
    master_wakeup_timer_event(0, (char *) serv);
}

/* master_wakeup_cleanup - cancel wakeup timer */

void    master_wakeup_cleanup(MASTER_SERV *serv)
{
    const char *myname = "master_wakeup_cleanup";

    /*
     * Cleanup, even when the wakeup feature has been turned off. There might
     * still be a pending timer. Don't depend on the code that reloads the
     * config file to reset the wakeup timer when things change.
     */
    if (msg_verbose)
        msg_info("%s: service %s", myname, serv->name);

    event_cancel_timer(master_wakeup_timer_event, (char *) serv);
}