The most likely cause is that Mailman was "); printf("configured and installed incorrectly. Please "); printf("read the INSTALL instructions again, paying close "); printf("attention to the --with-cgi-gid configure "); printf("option. This entry is being stored in your syslog:"); printf("\n
\n");
printf(log_entry);
printf("\n");
}
#endif /* HELPFUL */
exit(exitcode);
}
/* Is the parent process allowed to call us?
*/
void
check_caller(const char* ident, gid_t parentgid)
{
gid_t mygid = getgid();
if (parentgid != mygid) {
fatal(ident, GID_MISMATCH,
"Failure to exec script. WANTED gid %d, GOT gid %d. "
"(Reconfigure to take %d?)",
parentgid, mygid, mygid);
}
}
/* Run a Python script out of the script directory
*
* args[0] should be the abs path to the Python script to execute
* argv[1:] are other args for the script
* env may or may not contain PYTHONPATH, we'll substitute our own
*/
int
run_script(const char* script, int argc, char** argv, char** env)
{
const char envstr[] = "PYTHONPATH=";
const int envlen = strlen(envstr);
int envcnt = 0;
int i, j, status;
char** newenv;
char** newargv;
/* We need to set the real gid to the effective gid because there are
* some Linux systems which do not preserve the effective gid across
* popen() calls. This breaks mail delivery unless the ~mailman/data
* directory is chown'd to the uid that runs mail programs, and that
* isn't a viable alternative.
*/
#ifdef HAVE_SETREGID
status = setregid(getegid(), -1);
if (status)
fatal(logident, SETREGID_FAILURE, "%s", strerror(errno));
#endif /* HAVE_SETREGID */
/* We want to tightly control how the CGI scripts get executed.
* For portability and security, the path to the Python executable
* is hard-coded into this C wrapper, rather than encoded in the #!
* line of the script that gets executed. So we invoke those
* scripts by passing the script name on the command line to the
* Python executable.
*
* We also need to hack on the PYTHONPATH environment variable so
* that the path to the installed Mailman modules will show up
* first on sys.path.
*
*/
for (envcnt = 0; env[envcnt]; envcnt++)
;
/* okay to be a little too big */
newenv = (char**)malloc(sizeof(char*) * (envcnt + 2));
/* filter out any existing PYTHONPATH in the environment */
for (i = 0, j = 0; i < envcnt; i++)
if (strncmp(envstr, env[i], envlen)) {
newenv[j] = env[i];
j++;
}
/* Tack on our own version of PYTHONPATH, which should contain only
* the path to the Mailman package modules.
*
* $(PREFIX)/modules
*/
newenv[j] = (char*)malloc(sizeof(char) * (
strlen(envstr) +
strlen(moduledir) +
1));
strcpy(newenv[j], envstr);
strcat(newenv[j], moduledir);
j++;
newenv[j] = NULL;
/* Now put together argv. This will contain first the absolute path
* to the python executable, then the absolute path to the script,
* then any additional args passed in argv above.
*/
newargv = (char**)malloc(sizeof(char*) * (argc + 2));
newargv[0] = python;
newargv[1] = (char*)malloc(sizeof(char) * (
strlen(scriptdir) +
strlen(script) +
1));
strcpy(newargv[1], scriptdir);
strcat(newargv[1], script);
/* now tack on all the rest of the arguments. we can skip argv's
* first two arguments because, for cgi-wrapper there is only argv[0].
* For mail-wrapper, argv[1] is the mail command (e.g. post,
* mailowner, or mailcmd) and argv[2] is the listname. The mail
* command to execute gets passed in as this function's `script'
* parameter and becomes the argument to the python interpreter. The
* list name therefore should become argv[2] to this process.
*
* TBD: have to make sure this works with alias-wrapper.
*/
for (i = 2; i < argc; i++)
newargv[i] = argv[i];
newargv[i] = NULL;
/* return always means failure */
(void)execve(python, &newargv[0], &newenv[0]);
return EXECVE_FAILURE;
}
/*
* Local Variables:
* c-file-style: "python"
* End:
*/