home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
FishMarket 1.0
/
FishMarket v1.0.iso
/
fishies
/
301-325
/
disk_319
/
cnewssrc
/
cnews.src.lzh
/
relay
/
control.c
< prev
next >
Wrap
C/C++ Source or Header
|
1989-07-28
|
8KB
|
262 lines
/*
* Implement the Usenet control messages, as per RFC 1036 (nee 850).
* These are fairly infrequent and can afford to be done by
* separate programs. They are:
*
* cancel message-ID restricted to Sender: else From: or root, in theory
* ihave message-ID-list remotesys generate a sendme from message-ID-list
* sendme message-ID-list remotesys send articles named to remotesys
* (ihave/sendme is semi-documented in the RFCs, kludgey and broken
* in B2.10.)
*
* newgroup groupname must be Approved:
* rmgroup groupname must be Approved:; allow some local control over this
* sendsys mail to Reply-To: else From:
* senduuname ditto
* version ditto
*/
#include <stdio.h>
#include <ctype.h>
#ifndef AMIGA
# include <sys/types.h>
#endif /* AMIGA */
#include "libc.h"
#include "news.h"
#include "config.h"
#include "headers.h"
#include "article.h"
#include "caches.h"
#include "history.h"
#define NO_FILES ""
#define SUBDIR binfile("ctl") /* holds shell scripts */
/*
* These are shell meta-characters, except for /, which is included
* since it allows people to escape from the control directory.
*/
#define SHELLMETAS "<>|&;({$=*?[`'\"/"
/* imports from news */
extern statust snufffiles();
extern void ihave(), sendme();
/* forwards */
FORWARD statust cancelart();
FORWARD void runctlmsg(), bombctlmsg();
/*
* Implement control message specified in "art".
* Because newgroup and rmgroup may modify the active file, for example,
* we must flush in-core caches to disk first and reload them afterward.
* We handle cancels in this process for speed and dbm access.
* We handle ihave & sendme in this process for dbm access and
* to work around syntax restrictions (<>).
*
* In future, one could pass header values to scripts as arguments or
* in environment, as NEWS* variables, to save time in the scripts.
*/
void ctlmsg(art)
struct article *art;
{
int pid, deadpid;
int wstatus;
char *inname = art->a_tmpf, *ctlcmd = art->h.h_ctlcmd;
static char nmcancel[] = "cancel ";
static char nmihave[] = "ihave ";
static char nmsendme[] = "sendme ";
if (STREQN(ctlcmd, nmcancel, STRLEN(nmcancel))) {
art->a_status |= cancelart(ctlcmd + STRLEN(nmcancel));
return;
}
if (STREQN(ctlcmd, nmihave, STRLEN(nmihave))) {
ihave(ctlcmd + STRLEN(nmihave), art);
return;
}
if (STREQN(ctlcmd, nmsendme, STRLEN(nmsendme))) {
sendme(ctlcmd + STRLEN(nmsendme), art);
return;
}
/*
* These "other" ctlmsgs are just plain not handled on an Amiga.
* I did this primarily so that I wouldn't have to write the
* fork() and system() code that Manx left out of the library.
* What a bunch of dildoes!!
*
* I took this #ifdef out since I'm going to write a stub for
* the fork(), system(), popen(), and pclose() routines so that
* I can determine how these routines need to be implemented (at
* least, implemented here).
*/
#ifndef AMIGA
art->a_status |= synccaches();
(void) fflush(stdout);
(void) fflush(stderr);
pid = fork();
if (pid == 0) /* child? */
runctlmsg(ctlcmd, inname);
else if (pid == -1)
warning("fork failed", "");
/* lint complains about &wstatus on 4.2+BSD; too bad, lint's wrong. */
while ((deadpid = wait(&wstatus)) != pid && deadpid != -1)
;
/* wrong kid returned, fork failed or child screwed up? */
if (deadpid == -1 || pid == -1 || wstatus != 0)
art->a_status |= ST_DROPPED; /* admin got err.msg. by mail */
art->a_status |= loadcaches();
#endif /* AMIGA */
}
STATIC boolean safecmd(cmd) /* true if it's safe to system(3) cmd */
char *cmd;
{
register char *s;
printf("** shouldn't be in %s!\n", __FUNC__);
for (s = cmd; *s != '\0'; s++)
if (STREQN(s, "..", STRLEN("..")))
return NO;
for (s = SHELLMETAS; *s != '\0'; s++)
if (index(cmd, *s) != NULL)
return NO;
return YES;
}
/*
* In theory (RFC 1036 nee 850), we should verify that the user issuing
* the cancel (the Sender: of this article or From: if no Sender) is the
* Sender: or From: of the original article or the local super-user.
*
* In practice, this is a lot of work and since anyone can forge news
* (and thus cancel anything), not worth the effort.
*
* Ignore ST_ACCESS while cancelling an already-seen article since the
* article may have been cancelled before or may have a fake history entry
* because the cancel arrived before the article.
*
* If the article being cancelled has not been seen yet, generate a history
* file entry for the cancelled article in case it arrives after the cancel
* control. The history file entry will cause the cancelled article to be
* rejected as a duplicate.
*/
STATIC statust cancelart(msgidstr)
char *msgidstr;
{
register char *wsp;
register char *msgid = strsave(msgidstr);
register int idbytes;
register char *wholemsgid = msgid;
register statust status = ST_OKAY;
/* skip leading whitespace in msgid */
while (*msgid != '\0' && isascii(*msgid) && isspace(*msgid))
++msgid;
/* replace trailing whitespace with NULs; `wsp >= msgid' is not safe */
idbytes = strlen(msgid);
for (wsp = msgid + idbytes - 1; idbytes-- > 0 &&
isascii(*wsp) && isspace(*wsp); --wsp)
*wsp = '\0';
if (alreadyseen(msgid)) {
register char *histent, *filelist;
histent = gethistory(msgid);
if (histent != NULL && (filelist = findfiles(histent)) != NULL)
status |= snufffiles(filelist) & ~ST_ACCESS;
} else {
status |= fakehist(msgid, DEFEXP, NO_FILES); /* start log */
(void) putchar('\n'); /* end log line */
}
free(wholemsgid);
return status;
}
/*
* Execute a non-builtin control message by searching $NEWSCTL/bin and
* $NEWSBIN/ctl for the command named by the control message.
* runctlmsg is called from a child of relaynews, so it must always
* call _exit() rather than exit() to avoid flushing stdio buffers.
*
* Enforce at least minimal security: the environment was standardised at
* startup, including PATH and IFS; close non-standard file descriptors;
* reject shell metacharacters in ctlcmd.
*/
STATIC void runctlmsg(ctlcmd, inname) /* child process */
register char *ctlcmd, *inname;
{
register char *cmd;
register int cmdstat;
printf("** shouldn't be in %s!\n", __FUNC__);
closeall(1);
if (!safecmd(ctlcmd)) {
(void) fprintf(stderr,
"%s: control `%s' looks unsafe to execute\n", progname, ctlcmd);
_exit(1);
}
cmd = malloc((unsigned) STRLEN("PATH=") + strlen(ctlfile("bin")) +
STRLEN(":") + strlen(SUBDIR) + STRLEN(";") + strlen(ctlcmd) +
STRLEN(" <") + strlen(inname) + 1);
if (cmd == NULL) {
warning("can't allocate memory in runctlmsg", "");
_exit(1);
}
(void) strcpy(cmd, "PATH=");
(void) strcat(cmd, ctlfile("bin"));
(void) strcat(cmd, ":");
(void) strcat(cmd, SUBDIR);
(void) strcat(cmd, ";");
(void) strcat(cmd, ctlcmd);
(void) strcat(cmd, " <");
(void) strcat(cmd, inname);
cmdstat = system(cmd);
if (cmdstat != 0)
bombctlmsg(cmd, cmdstat);
free(cmd);
_exit(0);
}
/*
* Notify the local news administrator by mail that "cmd" failed
* with "cmdstat" status, and _exit with bad status (again avoid stdio
* buffer flushing in the child).
*/
STATIC void bombctlmsg(cmd, cmdstat)
char *cmd;
int cmdstat;
{
register char *mailcmd;
register FILE *mailf;
printf("** shouldn't be in %s!\n", __FUNC__);
mailcmd = malloc((unsigned)STRLEN("PATH=") + strlen(newspath()) +
STRLEN(" mail ") + strlen(newsmaster()) + 1);
if (mailcmd == NULL) {
warning("can't allocate memory in bombctlmsg", "");
_exit(1);
}
(void) sprintf(mailcmd, "PATH=%s mail %s", newspath(), newsmaster());
mailf = popen(mailcmd, "w");
if (mailf == NULL)
mailf = stderr;
(void) fprintf(mailf,
"%s: control message `%s' exited with status 0%o\n",
progname, cmd, cmdstat);
if (mailf != stderr)
(void) pclose(mailf);
free(mailcmd);
_exit(1);
}
