]>
code.delx.au - gnu-emacs/blob - lib-src/movemail.c
1 /* movemail foo bar -- move file foo to file bar,
2 locking file foo the way /bin/mail respects.
3 Copyright (C) 1986, 1992, 1993, 1994, 1996, 1999, 2001, 2002, 2003, 2004,
4 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
6 This file is part of GNU Emacs.
8 GNU Emacs is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 3 of the License, or
11 (at your option) any later version.
13 GNU Emacs is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
22 /* Important notice: defining MAIL_USE_FLOCK or MAIL_USE_LOCKF *will
23 cause loss of mail* if you do it on a system that does not normally
24 use flock as its way of interlocking access to inbox files. The
25 setting of MAIL_USE_FLOCK and MAIL_USE_LOCKF *must agree* with the
26 system's own conventions. It is not a choice that is up to you.
28 So, if your system uses lock files rather than flock, then the only way
29 you can get proper operation is to enable movemail to write lockfiles there.
30 This means you must either give that directory access modes
31 that permit everyone to write lockfiles in it, or you must make movemail
32 a setuid or setgid program. */
35 * Modified January, 1986 by Michael R. Gretzinger (Project Athena)
37 * Added POP (Post Office Protocol) service. When compiled -DMAIL_USE_POP
38 * movemail will accept input filename arguments of the form
39 * "po:username". This will cause movemail to open a connection to
40 * a pop server running on $MAILHOST (environment variable). Movemail
41 * must be setuid to root in order to work with POP.
43 * New module: popmail.c
45 * main - added code within #ifdef MAIL_USE_POP; added setuid (getuid ())
47 * New routines in movemail.c:
48 * get_errmsg - return pointer to system error message
50 * Modified August, 1993 by Jonathan Kamens (OpenVision Technologies)
52 * Move all of the POP code into a separate file, "pop.c".
53 * Use strerror instead of get_errmsg.
58 #include <sys/types.h>
83 #define DIRECTORY_SEP '/'
85 #ifndef IS_DIRECTORY_SEP
86 #define IS_DIRECTORY_SEP(_c_) ((_c_) == DIRECTORY_SEP)
94 #define wait(var) (*(var) = 0)
95 /* Unfortunately, Samba doesn't seem to properly lock Unix files even
96 though the locking call succeeds (and indeed blocks local access from
97 other NT programs). If you have direct file access using an NFS
98 client or something other than Samba, the locking call might work
99 properly - make sure it does before you enable this!
101 [18-Feb-97 andrewi] I now believe my comment above to be incorrect,
102 since it was based on a misunderstanding of how locking calls are
103 implemented and used on Unix. */
104 //#define DISABLE_DIRECT_ACCESS
107 #endif /* WINDOWSNT */
117 #include <sys/locking.h>
120 #ifdef MAIL_USE_LOCKF
121 #define MAIL_USE_SYSTEM_LOCK
124 #ifdef MAIL_USE_FLOCK
125 #define MAIL_USE_SYSTEM_LOCK
129 extern int lk_open (), lk_close ();
132 #if !defined (MAIL_USE_SYSTEM_LOCK) && !defined (MAIL_USE_MMDF) && \
133 (defined (HAVE_LIBMAIL) || defined (HAVE_LIBLOCKFILE)) && \
134 defined (HAVE_MAILLOCK_H)
135 #include <maillock.h>
136 /* We can't use maillock unless we know what directory system mail
139 #define MAIL_USE_MAILLOCK
140 static char *mail_spool_name ();
144 #ifndef HAVE_STRERROR
145 char *strerror (int);
148 static void fatal (const char *s1
, const char *s2
, const char *s3
) NO_RETURN
;
149 static void error (const char *s1
, const char *s2
, const char *s3
);
150 static void pfatal_with_name (char *name
) NO_RETURN
;
151 static void pfatal_and_delete (char *name
) NO_RETURN
;
152 static char *concat (const char *s1
, const char *s2
, const char *s3
);
153 static long *xmalloc (unsigned int size
);
155 static int popmail (char *mailbox
, char *outfile
, int preserve
, char *password
, int reverse_order
);
156 static int pop_retr (popserver server
, int msgno
, FILE *arg
);
157 static int mbx_write (char *line
, int len
, FILE *mbf
);
158 static int mbx_delimit_begin (FILE *mbf
);
159 static int mbx_delimit_end (FILE *mbf
);
162 /* Nonzero means this is name of a lock file to delete on fatal error. */
163 char *delete_lockname
;
166 main (int argc
, char **argv
)
168 char *inname
, *outname
;
172 int c
, preserve_mail
= 0;
174 #ifndef MAIL_USE_SYSTEM_LOCK
181 #endif /* not MAIL_USE_SYSTEM_LOCK */
183 #ifdef MAIL_USE_MAILLOCK
188 int pop_reverse_order
= 0;
190 #else /* ! MAIL_USE_POP */
192 #endif /* MAIL_USE_POP */
194 uid_t real_gid
= getgid();
195 uid_t priv_gid
= getegid();
198 /* Ensure all file i/o is in binary mode. */
204 while ((c
= getopt (argc
, argv
, ARGSTR
)) != EOF
)
209 pop_reverse_order
= 1;
222 (argc
- optind
< 2) || (argc
- optind
> 3)
229 fprintf (stderr
, "Usage: movemail [-p] [-r] inbox destfile%s\n",
232 fprintf (stderr
, "Usage: movemail [-p] inbox destfile%s\n", "");
237 inname
= argv
[optind
];
238 outname
= argv
[optind
+1];
245 fatal ("Destination file name is empty", 0, 0);
248 if (!strncmp (inname
, "po:", 3))
252 status
= popmail (inname
+ 3, outname
, preserve_mail
,
253 (argc
- optind
== 3) ? argv
[optind
+2] : NULL
,
258 if (setuid (getuid ()) < 0)
259 fatal ("Failed to drop privileges", 0, 0);
261 #endif /* MAIL_USE_POP */
263 #ifndef DISABLE_DIRECT_ACCESS
264 #ifndef MAIL_USE_MMDF
265 #ifndef MAIL_USE_SYSTEM_LOCK
266 #ifdef MAIL_USE_MAILLOCK
267 spool_name
= mail_spool_name (inname
);
271 /* Use a lock file named after our first argument with .lock appended:
272 If it exists, the mail file is locked. */
273 /* Note: this locking mechanism is *required* by the mailer
274 (on systems which use it) to prevent loss of mail.
276 On systems that use a lock file, extracting the mail without locking
277 WILL occasionally cause loss of mail due to timing errors!
279 So, if creation of the lock file fails
280 due to access permission on the mail spool directory,
281 you simply MUST change the permission
282 and/or make movemail a setgid program
283 so it can create lock files properly.
285 You might also wish to verify that your system is one
286 which uses lock files for this purpose. Some systems use other methods.
288 If your system uses the `flock' system call for mail locking,
289 define MAIL_USE_SYSTEM_LOCK in config.h or the s-*.h file
290 and recompile movemail. If the s- file for your system
291 should define MAIL_USE_SYSTEM_LOCK but does not, send a bug report
292 to bug-gnu-emacs@prep.ai.mit.edu so we can fix it. */
294 lockname
= concat (inname
, ".lock", "");
295 tempname
= (char *) xmalloc (strlen (inname
) + strlen ("EXXXXXX") + 1);
296 strcpy (tempname
, inname
);
297 p
= tempname
+ strlen (tempname
);
298 while (p
!= tempname
&& !IS_DIRECTORY_SEP (p
[-1]))
301 strcpy (p
, "EXXXXXX");
307 /* Create the lock file, but not under the lock file name. */
308 /* Give up if cannot do that. */
309 desc
= open (tempname
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
312 char *message
= (char *) xmalloc (strlen (tempname
) + 50);
313 sprintf (message
, "creating %s, which would become the lock file",
315 pfatal_with_name (message
);
319 tem
= link (tempname
, lockname
);
322 if (tem
< 0 && errno
== EPERM
)
323 fatal ("Unable to create hard link between %s and %s",
332 /* If lock file is five minutes old, unlock it.
333 Five minutes should be good enough to cope with crashes
334 and wedgitude, and long enough to avoid being fooled
335 by time differences between machines. */
336 if (stat (lockname
, &st
) >= 0)
339 if (st
.st_ctime
< now
- 300)
344 delete_lockname
= lockname
;
346 #endif /* not MAIL_USE_SYSTEM_LOCK */
347 #endif /* not MAIL_USE_MMDF */
353 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
354 time_t touched_lock
, now
;
357 if (setuid (getuid ()) < 0 || setegid (real_gid
) < 0)
358 fatal ("Failed to drop privileges", 0, 0);
360 #ifndef MAIL_USE_MMDF
361 #ifdef MAIL_USE_SYSTEM_LOCK
362 indesc
= open (inname
, O_RDWR
);
363 #else /* if not MAIL_USE_SYSTEM_LOCK */
364 indesc
= open (inname
, O_RDONLY
);
365 #endif /* not MAIL_USE_SYSTEM_LOCK */
366 #else /* MAIL_USE_MMDF */
367 indesc
= lk_open (inname
, O_RDONLY
, 0, 0, 10);
368 #endif /* MAIL_USE_MMDF */
371 pfatal_with_name (inname
);
374 /* In case movemail is setuid to root, make sure the user can
375 read the output file. */
376 /* This is desirable for all systems
377 but I don't want to assume all have the umask system call */
378 umask (umask (0) & 0333);
379 #endif /* BSD_SYSTEM */
380 outdesc
= open (outname
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
382 pfatal_with_name (outname
);
384 if (setegid (priv_gid
) < 0)
385 fatal ("Failed to regain privileges", 0, 0);
387 /* This label exists so we can retry locking
388 after a delay, if it got EAGAIN or EBUSY. */
391 /* Try to lock it. */
392 #ifdef MAIL_USE_MAILLOCK
395 /* The "0 - " is to make it a negative number if maillock returns
397 status
= 0 - maillock (spool_name
, 1);
398 #ifdef HAVE_TOUCHLOCK
399 touched_lock
= time (0);
404 #endif /* MAIL_USE_MAILLOCK */
406 #ifdef MAIL_USE_SYSTEM_LOCK
407 #ifdef MAIL_USE_LOCKF
408 status
= lockf (indesc
, F_LOCK
, 0);
409 #else /* not MAIL_USE_LOCKF */
411 status
= locking (indesc
, LK_RLCK
, -1L);
413 status
= flock (indesc
, LOCK_EX
);
415 #endif /* not MAIL_USE_LOCKF */
416 #endif /* MAIL_USE_SYSTEM_LOCK */
419 /* If it fails, retry up to 5 times
420 for certain failure codes. */
423 if (++lockcount
<= 5)
441 pfatal_with_name (inname
);
449 nread
= read (indesc
, buf
, sizeof buf
);
451 pfatal_with_name (inname
);
452 if (nread
!= write (outdesc
, buf
, nread
))
454 int saved_errno
= errno
;
457 pfatal_with_name (outname
);
459 if (nread
< sizeof buf
)
461 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
465 if (now
- touched_lock
> 60)
471 #endif /* MAIL_USE_MAILLOCK */
476 if (fsync (outdesc
) < 0)
477 pfatal_and_delete (outname
);
480 /* Prevent symlink attacks truncating other users' mailboxes */
481 if (setegid (real_gid
) < 0)
482 fatal ("Failed to drop privileges", 0, 0);
484 /* Check to make sure no errors before we zap the inbox. */
485 if (close (outdesc
) != 0)
486 pfatal_and_delete (outname
);
488 #ifdef MAIL_USE_SYSTEM_LOCK
491 ftruncate (indesc
, 0L);
493 #endif /* MAIL_USE_SYSTEM_LOCK */
496 lk_close (indesc
, 0, 0, 0);
501 #ifndef MAIL_USE_SYSTEM_LOCK
504 /* Delete the input file; if we can't, at least get rid of its
506 #ifdef MAIL_UNLINK_SPOOL
507 /* This is generally bad to do, because it destroys the permissions
508 that were set on the file. Better to just empty the file. */
509 if (unlink (inname
) < 0 && errno
!= ENOENT
)
510 #endif /* MAIL_UNLINK_SPOOL */
511 creat (inname
, 0600);
513 #endif /* not MAIL_USE_SYSTEM_LOCK */
515 /* End of mailbox truncation */
516 if (setegid (priv_gid
) < 0)
517 fatal ("Failed to regain privileges", 0, 0);
519 #ifdef MAIL_USE_MAILLOCK
520 /* This has to occur in the child, i.e., in the process that
521 acquired the lock! */
529 if (!WIFEXITED (status
))
531 else if (WRETCODE (status
) != 0)
532 exit (WRETCODE (status
));
534 #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK)
535 #ifdef MAIL_USE_MAILLOCK
537 #endif /* MAIL_USE_MAILLOCK */
539 #endif /* not MAIL_USE_MMDF and not MAIL_USE_SYSTEM_LOCK */
541 #endif /* ! DISABLE_DIRECT_ACCESS */
546 #ifdef MAIL_USE_MAILLOCK
547 /* This function uses stat to confirm that the mail directory is
548 identical to the directory of the input file, rather than just
549 string-comparing the two paths, because one or both of them might
550 be symbolic links pointing to some other directory. */
552 mail_spool_name (char *inname
)
554 struct stat stat1
, stat2
;
558 if (! (fname
= strrchr (inname
, '/')))
563 if (stat (MAILDIR
, &stat1
) < 0)
566 indir
= (char *) xmalloc (fname
- inname
+ 1);
567 strncpy (indir
, inname
, fname
- inname
);
568 indir
[fname
-inname
] = '\0';
571 status
= stat (indir
, &stat2
);
578 if (stat1
.st_dev
== stat2
.st_dev
579 && stat1
.st_ino
== stat2
.st_ino
)
584 #endif /* MAIL_USE_MAILLOCK */
586 /* Print error message and exit. */
589 fatal (const char *s1
, const char *s2
, const char *s3
)
592 unlink (delete_lockname
);
597 /* Print error message. `s1' is printf control string, `s2' and `s3'
598 are args for it or null. */
601 error (const char *s1
, const char *s2
, const char *s3
)
603 fprintf (stderr
, "movemail: ");
605 fprintf (stderr
, s1
, s2
, s3
);
607 fprintf (stderr
, s1
, s2
);
609 fprintf (stderr
, "%s", s1
);
610 fprintf (stderr
, "\n");
614 pfatal_with_name (char *name
)
616 fatal ("%s for %s", strerror (errno
), name
);
620 pfatal_and_delete (char *name
)
622 char *s
= strerror (errno
);
624 fatal ("%s for %s", s
, name
);
627 /* Return a newly-allocated string whose contents concatenate those of s1, s2, s3. */
630 concat (const char *s1
, const char *s2
, const char *s3
)
632 size_t len1
= strlen (s1
), len2
= strlen (s2
), len3
= strlen (s3
);
633 char *result
= (char *) xmalloc (len1
+ len2
+ len3
+ 1);
636 strcpy (result
+ len1
, s2
);
637 strcpy (result
+ len1
+ len2
, s3
);
638 *(result
+ len1
+ len2
+ len3
) = 0;
643 /* Like malloc but get fatal error if memory is exhausted. */
646 xmalloc (unsigned int size
)
648 long *result
= (long *) malloc (size
);
650 fatal ("virtual memory exhausted", 0, 0);
654 /* This is the guts of the interface to the Post Office Protocol. */
659 #include <sys/socket.h>
660 #include <netinet/in.h>
676 char ibuffer
[BUFSIZ
];
677 char obuffer
[BUFSIZ
];
678 char Errmsg
[200]; /* POP errors, at least, can exceed
679 the original length of 80. */
682 * The full valid syntax for a POP mailbox specification for movemail
683 * is "po:username:hostname". The ":hostname" is optional; if it is
684 * omitted, the MAILHOST environment variable will be consulted. Note
685 * that by the time popmail() is called the "po:" has been stripped
686 * off of the front of the mailbox name.
688 * If the mailbox is in the form "po:username:hostname", then it is
689 * modified by this function -- the second colon is replaced by a
692 * Return a value suitable for passing to `exit'.
696 popmail (char *mailbox
, char *outfile
, int preserve
, char *password
, int reverse_order
)
702 char *getenv (const char *);
704 int start
, end
, increment
;
705 char *user
, *hostname
;
708 if ((hostname
= strchr (mailbox
, ':')))
711 server
= pop_open (hostname
, user
, password
, POP_NO_GETPASS
);
714 error ("Error connecting to POP server: %s", pop_error
, 0);
718 if (pop_stat (server
, &nmsgs
, &nbytes
))
720 error ("Error getting message count from POP server: %s", pop_error
, 0);
730 mbfi
= open (outfile
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
734 error ("Error in open: %s, %s", strerror (errno
), outfile
);
737 fchown (mbfi
, getuid (), -1);
739 if ((mbf
= fdopen (mbfi
, "wb")) == NULL
)
742 error ("Error in fdopen: %s", strerror (errno
), 0);
761 for (i
= start
; i
* increment
<= end
* increment
; i
+= increment
)
763 mbx_delimit_begin (mbf
);
764 if (pop_retr (server
, i
, mbf
) != OK
)
766 error ("%s", Errmsg
, 0);
770 mbx_delimit_end (mbf
);
774 error ("Error in fflush: %s", strerror (errno
), 0);
781 /* On AFS, a call to write only modifies the file in the local
782 * workstation's AFS cache. The changes are not written to the server
783 * until a call to fsync or close is made. Users with AFS home
784 * directories have lost mail when over quota because these checks were
785 * not made in previous versions of movemail. */
788 if (fsync (mbfi
) < 0)
790 error ("Error in fsync: %s", strerror (errno
), 0);
795 if (close (mbfi
) == -1)
797 error ("Error in close: %s", strerror (errno
), 0);
802 for (i
= 1; i
<= nmsgs
; i
++)
804 if (pop_delete (server
, i
))
806 error ("Error from POP server: %s", pop_error
, 0);
812 if (pop_quit (server
))
814 error ("Error from POP server: %s", pop_error
, 0);
822 pop_retr (popserver server
, int msgno
, FILE *arg
)
827 if (pop_retrieve_first (server
, msgno
, &line
))
829 char *error
= concat ("Error from POP server: ", pop_error
, "");
830 strncpy (Errmsg
, error
, sizeof (Errmsg
));
831 Errmsg
[sizeof (Errmsg
)-1] = '\0';
836 while ((ret
= pop_retrieve_next (server
, &line
)) >= 0)
841 if (mbx_write (line
, ret
, arg
) != OK
)
843 strcpy (Errmsg
, strerror (errno
));
851 char *error
= concat ("Error from POP server: ", pop_error
, "");
852 strncpy (Errmsg
, error
, sizeof (Errmsg
));
853 Errmsg
[sizeof (Errmsg
)-1] = '\0';
861 /* Do this as a macro instead of using strcmp to save on execution time. */
862 #define IS_FROM_LINE(a) ((a[0] == 'F') \
869 mbx_write (char *line
, int len
, FILE *mbf
)
871 #ifdef MOVEMAIL_QUOTE_POP_FROM_LINES
872 if (IS_FROM_LINE (line
))
874 if (fputc ('>', mbf
) == EOF
)
878 if (line
[0] == '\037')
880 if (fputs ("^_", mbf
) == EOF
)
885 if (fwrite (line
, 1, len
, mbf
) != len
)
887 if (fputc (0x0a, mbf
) == EOF
)
893 mbx_delimit_begin (FILE *mbf
)
897 char fromline
[40] = "From movemail ";
900 ltime
= localtime (&now
);
902 strcat (fromline
, asctime (ltime
));
904 if (fputs (fromline
, mbf
) == EOF
)
910 mbx_delimit_end (FILE *mbf
)
912 if (putc ('\n', mbf
) == EOF
)
917 #endif /* MAIL_USE_POP */
919 #ifndef HAVE_STRERROR
924 extern char *sys_errlist
[];
927 if (errnum
>= 0 && errnum
< sys_nerr
)
928 return sys_errlist
[errnum
];
929 return (char *) "Unknown error";
932 #endif /* ! HAVE_STRERROR */
934 /* arch-tag: 1c323112-41fe-4fe5-8de9-494de631f73f
935 (do not change this comment) */
937 /* movemail.c ends here */