Commit | Line | Data |
---|---|---|
237e0016 RS |
1 | /* movemail foo bar -- move file foo to file bar, |
2 | locking file foo the way /bin/mail respects. | |
95df8112 | 3 | |
ba318903 | 4 | Copyright (C) 1986, 1992-1994, 1996, 1999, 2001-2014 Free Software |
ab422c4d | 5 | Foundation, Inc. |
237e0016 RS |
6 | |
7 | This file is part of GNU Emacs. | |
8 | ||
294981c7 | 9 | GNU Emacs is free software: you can redistribute it and/or modify |
93320c23 | 10 | it under the terms of the GNU General Public License as published by |
294981c7 GM |
11 | the Free Software Foundation, either version 3 of the License, or |
12 | (at your option) any later version. | |
93320c23 | 13 | |
237e0016 | 14 | GNU Emacs is distributed in the hope that it will be useful, |
93320c23 JA |
15 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | GNU General Public License for more details. | |
237e0016 | 18 | |
93320c23 | 19 | You should have received a copy of the GNU General Public License |
294981c7 GM |
20 | along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */ |
21 | ||
237e0016 | 22 | |
63cf923d RS |
23 | /* Important notice: defining MAIL_USE_FLOCK or MAIL_USE_LOCKF *will |
24 | cause loss of mail* if you do it on a system that does not normally | |
0aa8781f | 25 | use flock/lockf as its way of interlocking access to inbox files. The |
63cf923d RS |
26 | setting of MAIL_USE_FLOCK and MAIL_USE_LOCKF *must agree* with the |
27 | system's own conventions. It is not a choice that is up to you. | |
08d0752f RS |
28 | |
29 | So, if your system uses lock files rather than flock, then the only way | |
30 | you can get proper operation is to enable movemail to write lockfiles there. | |
31 | This means you must either give that directory access modes | |
32 | that permit everyone to write lockfiles in it, or you must make movemail | |
33 | a setuid or setgid program. */ | |
34 | ||
237e0016 RS |
35 | /* |
36 | * Modified January, 1986 by Michael R. Gretzinger (Project Athena) | |
37 | * | |
88c40feb | 38 | * Added POP (Post Office Protocol) service. When compiled -DMAIL_USE_POP |
237e0016 RS |
39 | * movemail will accept input filename arguments of the form |
40 | * "po:username". This will cause movemail to open a connection to | |
41 | * a pop server running on $MAILHOST (environment variable). Movemail | |
42 | * must be setuid to root in order to work with POP. | |
177c0ea7 | 43 | * |
237e0016 RS |
44 | * New module: popmail.c |
45 | * Modified routines: | |
cfa191ff | 46 | * main - added code within #ifdef MAIL_USE_POP; added setuid (getuid ()) |
177c0ea7 | 47 | * after POP code. |
237e0016 RS |
48 | * New routines in movemail.c: |
49 | * get_errmsg - return pointer to system error message | |
50 | * | |
2e82e3c3 RS |
51 | * Modified August, 1993 by Jonathan Kamens (OpenVision Technologies) |
52 | * | |
53 | * Move all of the POP code into a separate file, "pop.c". | |
54 | * Use strerror instead of get_errmsg. | |
55 | * | |
237e0016 RS |
56 | */ |
57 | ||
752fb472 | 58 | #include <config.h> |
237e0016 RS |
59 | #include <sys/types.h> |
60 | #include <sys/stat.h> | |
61 | #include <sys/file.h> | |
e2f9d9af | 62 | #include <stdio.h> |
237e0016 | 63 | #include <errno.h> |
bd41a17d | 64 | #include <time.h> |
cc3b64e8 | 65 | |
fea4325c | 66 | #include <getopt.h> |
f72adc12 | 67 | #include <unistd.h> |
cc3b64e8 | 68 | #include <fcntl.h> |
1725ae55 | 69 | #include <string.h> |
f72adc12 | 70 | #include "syswait.h" |
2e82e3c3 RS |
71 | #ifdef MAIL_USE_POP |
72 | #include "pop.h" | |
73 | #endif | |
237e0016 | 74 | |
91cf09ac RS |
75 | #ifdef MSDOS |
76 | #undef access | |
77 | #endif /* MSDOS */ | |
78 | ||
7f75d5c6 | 79 | #ifdef WINDOWSNT |
677a7bcf | 80 | #include "ntlib.h" |
7f75d5c6 RS |
81 | #undef access |
82 | #undef unlink | |
83 | #define fork() 0 | |
4822b2e5 | 84 | #define wait(var) (*(var) = 0) |
7f75d5c6 RS |
85 | /* Unfortunately, Samba doesn't seem to properly lock Unix files even |
86 | though the locking call succeeds (and indeed blocks local access from | |
87 | other NT programs). If you have direct file access using an NFS | |
88 | client or something other than Samba, the locking call might work | |
677a7bcf RS |
89 | properly - make sure it does before you enable this! |
90 | ||
91 | [18-Feb-97 andrewi] I now believe my comment above to be incorrect, | |
92 | since it was based on a misunderstanding of how locking calls are | |
93 | implemented and used on Unix. */ | |
94 | //#define DISABLE_DIRECT_ACCESS | |
95 | ||
677a7bcf | 96 | #include <fcntl.h> |
7f75d5c6 RS |
97 | #endif /* WINDOWSNT */ |
98 | ||
76ed5e01 | 99 | #ifdef WINDOWSNT |
237e0016 RS |
100 | #include <sys/locking.h> |
101 | #endif | |
102 | ||
0aa8781f GM |
103 | /* If your system uses the `flock' or `lockf' system call for mail locking, |
104 | define MAIL_USE_SYSTEM_LOCK. If your system type should always define | |
105 | MAIL_USE_LOCKF or MAIL_USE_FLOCK but configure does not do this, | |
106 | please make a bug report. */ | |
107 | ||
63cf923d RS |
108 | #ifdef MAIL_USE_LOCKF |
109 | #define MAIL_USE_SYSTEM_LOCK | |
110 | #endif | |
111 | ||
112 | #ifdef MAIL_USE_FLOCK | |
113 | #define MAIL_USE_SYSTEM_LOCK | |
114 | #endif | |
115 | ||
4293ba7f RS |
116 | #ifdef MAIL_USE_MMDF |
117 | extern int lk_open (), lk_close (); | |
118 | #endif | |
119 | ||
a4deff3c | 120 | #if !defined (MAIL_USE_SYSTEM_LOCK) && !defined (MAIL_USE_MMDF) && \ |
dd843b6a DL |
121 | (defined (HAVE_LIBMAIL) || defined (HAVE_LIBLOCKFILE)) && \ |
122 | defined (HAVE_MAILLOCK_H) | |
a4deff3c RS |
123 | #include <maillock.h> |
124 | /* We can't use maillock unless we know what directory system mail | |
125 | files appear in. */ | |
126 | #ifdef MAILDIR | |
127 | #define MAIL_USE_MAILLOCK | |
5a9c1e26 | 128 | static char *mail_spool_name (char *); |
a4deff3c RS |
129 | #endif |
130 | #endif | |
131 | ||
845ca893 | 132 | static _Noreturn void fatal (const char *s1, const char *s2, const char *s3); |
988e88ab | 133 | static void error (const char *s1, const char *s2, const char *s3); |
845ca893 PE |
134 | static _Noreturn void pfatal_with_name (char *name); |
135 | static _Noreturn void pfatal_and_delete (char *name); | |
e2ad23ef | 136 | #ifdef MAIL_USE_POP |
1725ae55 AS |
137 | static int popmail (char *mailbox, char *outfile, int preserve, char *password, int reverse_order); |
138 | static int pop_retr (popserver server, int msgno, FILE *arg); | |
139 | static int mbx_write (char *line, int len, FILE *mbf); | |
140 | static int mbx_delimit_begin (FILE *mbf); | |
141 | static int mbx_delimit_end (FILE *mbf); | |
e2ad23ef | 142 | #endif |
237e0016 | 143 | |
debd9b27 | 144 | #if (defined MAIL_USE_MAILLOCK \ |
c214e35e PE |
145 | || (!defined DISABLE_DIRECT_ACCESS && !defined MAIL_USE_MMDF \ |
146 | && !defined MAIL_USE_SYSTEM_LOCK)) | |
147 | /* Like malloc but get fatal error if memory is exhausted. */ | |
148 | ||
149 | static void * | |
150 | xmalloc (size_t size) | |
151 | { | |
152 | void *result = malloc (size); | |
153 | if (!result) | |
154 | fatal ("virtual memory exhausted", 0, 0); | |
155 | return result; | |
156 | } | |
157 | #endif | |
158 | ||
237e0016 | 159 | /* Nonzero means this is name of a lock file to delete on fatal error. */ |
b23b5a5b | 160 | static char *delete_lockname; |
237e0016 | 161 | |
e2f9d9af | 162 | int |
873fbd0b | 163 | main (int argc, char **argv) |
237e0016 RS |
164 | { |
165 | char *inname, *outname; | |
166 | int indesc, outdesc; | |
728a982d | 167 | ssize_t nread; |
27d41fb4 | 168 | int wait_status; |
fea4325c | 169 | int c, preserve_mail = 0; |
237e0016 | 170 | |
63cf923d | 171 | #ifndef MAIL_USE_SYSTEM_LOCK |
237e0016 | 172 | struct stat st; |
237e0016 | 173 | int tem; |
529a133c | 174 | char *lockname; |
906ad89d | 175 | char *tempname; |
c214e35e | 176 | size_t inname_len, inname_dirlen; |
237e0016 | 177 | int desc; |
63cf923d | 178 | #endif /* not MAIL_USE_SYSTEM_LOCK */ |
237e0016 | 179 | |
a4deff3c RS |
180 | #ifdef MAIL_USE_MAILLOCK |
181 | char *spool_name; | |
182 | #endif | |
183 | ||
a2997b0f KH |
184 | #ifdef MAIL_USE_POP |
185 | int pop_reverse_order = 0; | |
186 | # define ARGSTR "pr" | |
187 | #else /* ! MAIL_USE_POP */ | |
188 | # define ARGSTR "p" | |
189 | #endif /* MAIL_USE_POP */ | |
190 | ||
5e617bc2 JB |
191 | uid_t real_gid = getgid (); |
192 | uid_t priv_gid = getegid (); | |
51a91f9d | 193 | |
9112a2a9 AI |
194 | #ifdef WINDOWSNT |
195 | /* Ensure all file i/o is in binary mode. */ | |
196 | _fmode = _O_BINARY; | |
197 | #endif | |
198 | ||
237e0016 RS |
199 | delete_lockname = 0; |
200 | ||
a2997b0f | 201 | while ((c = getopt (argc, argv, ARGSTR)) != EOF) |
e2f9d9af | 202 | { |
fea4325c | 203 | switch (c) { |
a2997b0f KH |
204 | #ifdef MAIL_USE_POP |
205 | case 'r': | |
206 | pop_reverse_order = 1; | |
207 | break; | |
208 | #endif | |
fea4325c RS |
209 | case 'p': |
210 | preserve_mail++; | |
211 | break; | |
212 | default: | |
65396510 | 213 | exit (EXIT_FAILURE); |
fea4325c RS |
214 | } |
215 | } | |
216 | ||
217 | if ( | |
218 | #ifdef MAIL_USE_POP | |
219 | (argc - optind < 2) || (argc - optind > 3) | |
220 | #else | |
221 | (argc - optind != 2) | |
222 | #endif | |
223 | ) | |
224 | { | |
fea4325c | 225 | #ifdef MAIL_USE_POP |
f213f2c0 | 226 | fprintf (stderr, "Usage: movemail [-p] [-r] inbox destfile%s\n", |
bb5618fe | 227 | " [POP-password]"); |
fea4325c | 228 | #else |
bb5618fe | 229 | fprintf (stderr, "Usage: movemail [-p] inbox destfile%s\n", ""); |
fea4325c | 230 | #endif |
65396510 | 231 | exit (EXIT_FAILURE); |
e2f9d9af | 232 | } |
237e0016 | 233 | |
fea4325c RS |
234 | inname = argv[optind]; |
235 | outname = argv[optind+1]; | |
237e0016 | 236 | |
4293ba7f RS |
237 | #ifdef MAIL_USE_MMDF |
238 | mmdf_init (argv[0]); | |
239 | #endif | |
240 | ||
af7bd34e | 241 | if (*outname == 0) |
a9eedf40 | 242 | fatal ("Destination file name is empty", 0, 0); |
af7bd34e | 243 | |
237e0016 | 244 | #ifdef MAIL_USE_POP |
12a0565a | 245 | if (!strncmp (inname, "po:", 3)) |
237e0016 | 246 | { |
b3112191 | 247 | int status; |
237e0016 | 248 | |
fea4325c | 249 | status = popmail (inname + 3, outname, preserve_mail, |
a2997b0f KH |
250 | (argc - optind == 3) ? argv[optind+2] : NULL, |
251 | pop_reverse_order); | |
237e0016 RS |
252 | exit (status); |
253 | } | |
254 | ||
51a91f9d CY |
255 | if (setuid (getuid ()) < 0) |
256 | fatal ("Failed to drop privileges", 0, 0); | |
257 | ||
237e0016 RS |
258 | #endif /* MAIL_USE_POP */ |
259 | ||
7f75d5c6 | 260 | #ifndef DISABLE_DIRECT_ACCESS |
4293ba7f | 261 | #ifndef MAIL_USE_MMDF |
63cf923d | 262 | #ifndef MAIL_USE_SYSTEM_LOCK |
a4deff3c RS |
263 | #ifdef MAIL_USE_MAILLOCK |
264 | spool_name = mail_spool_name (inname); | |
5a9c1e26 PE |
265 | if (spool_name) |
266 | { | |
267 | #ifdef lint | |
268 | lockname = 0; | |
269 | #endif | |
270 | } | |
271 | else | |
a4deff3c | 272 | #endif |
237e0016 | 273 | { |
a4deff3c RS |
274 | /* Use a lock file named after our first argument with .lock appended: |
275 | If it exists, the mail file is locked. */ | |
276 | /* Note: this locking mechanism is *required* by the mailer | |
277 | (on systems which use it) to prevent loss of mail. | |
278 | ||
279 | On systems that use a lock file, extracting the mail without locking | |
280 | WILL occasionally cause loss of mail due to timing errors! | |
281 | ||
7eaa9e44 GM |
282 | So, if creation of the lock file fails due to access |
283 | permission on the mail spool directory, you simply MUST | |
284 | change the permission and/or make movemail a setgid program | |
a4deff3c RS |
285 | so it can create lock files properly. |
286 | ||
7eaa9e44 | 287 | You might also wish to verify that your system is one which |
0aa8781f | 288 | uses lock files for this purpose. Some systems use other methods. */ |
a4deff3c | 289 | |
c214e35e PE |
290 | inname_len = strlen (inname); |
291 | lockname = xmalloc (inname_len + sizeof ".lock"); | |
292 | strcpy (lockname, inname); | |
293 | strcpy (lockname + inname_len, ".lock"); | |
294 | for (inname_dirlen = inname_len; | |
529a133c PE |
295 | inname_dirlen && !IS_DIRECTORY_SEP (inname[inname_dirlen - 1]); |
296 | inname_dirlen--) | |
297 | continue; | |
e99a530f | 298 | tempname = xmalloc (inname_dirlen + sizeof "EXXXXXX"); |
237e0016 | 299 | |
a4deff3c | 300 | while (1) |
237e0016 | 301 | { |
a4deff3c RS |
302 | /* Create the lock file, but not under the lock file name. */ |
303 | /* Give up if cannot do that. */ | |
529a133c PE |
304 | |
305 | memcpy (tempname, inname, inname_dirlen); | |
306 | strcpy (tempname + inname_dirlen, "EXXXXXX"); | |
e0fdb694 | 307 | desc = mkostemp (tempname, 0); |
a4deff3c RS |
308 | if (desc < 0) |
309 | { | |
e0fdb694 | 310 | int mkostemp_errno = errno; |
644a0faa PE |
311 | error ("error while creating what would become the lock file", |
312 | 0, 0); | |
e0fdb694 | 313 | errno = mkostemp_errno; |
644a0faa | 314 | pfatal_with_name (tempname); |
a4deff3c RS |
315 | } |
316 | close (desc); | |
317 | ||
318 | tem = link (tempname, lockname); | |
097e9c90 | 319 | |
e6bac876 PE |
320 | if (tem < 0 && errno != EEXIST) |
321 | pfatal_with_name (lockname); | |
097e9c90 | 322 | |
a4deff3c RS |
323 | unlink (tempname); |
324 | if (tem >= 0) | |
325 | break; | |
326 | sleep (1); | |
327 | ||
328 | /* If lock file is five minutes old, unlock it. | |
329 | Five minutes should be good enough to cope with crashes | |
330 | and wedgitude, and long enough to avoid being fooled | |
331 | by time differences between machines. */ | |
332 | if (stat (lockname, &st) >= 0) | |
333 | { | |
5a9c1e26 | 334 | time_t now = time (0); |
a4deff3c RS |
335 | if (st.st_ctime < now - 300) |
336 | unlink (lockname); | |
337 | } | |
237e0016 | 338 | } |
237e0016 | 339 | |
a4deff3c RS |
340 | delete_lockname = lockname; |
341 | } | |
63cf923d RS |
342 | #endif /* not MAIL_USE_SYSTEM_LOCK */ |
343 | #endif /* not MAIL_USE_MMDF */ | |
237e0016 | 344 | |
8ca83cfd RS |
345 | if (fork () == 0) |
346 | { | |
25025815 | 347 | int lockcount = 0; |
a4deff3c RS |
348 | int status = 0; |
349 | #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK) | |
5a9c1e26 PE |
350 | time_t touched_lock; |
351 | # ifdef lint | |
352 | touched_lock = 0; | |
353 | # endif | |
a4deff3c | 354 | #endif |
25025815 | 355 | |
fbf4af3a | 356 | if (setuid (getuid ()) < 0 || setregid (-1, real_gid) < 0) |
51a91f9d | 357 | fatal ("Failed to drop privileges", 0, 0); |
8ca83cfd | 358 | |
63cf923d RS |
359 | #ifndef MAIL_USE_MMDF |
360 | #ifdef MAIL_USE_SYSTEM_LOCK | |
8ca83cfd | 361 | indesc = open (inname, O_RDWR); |
63cf923d | 362 | #else /* if not MAIL_USE_SYSTEM_LOCK */ |
8ca83cfd | 363 | indesc = open (inname, O_RDONLY); |
63cf923d | 364 | #endif /* not MAIL_USE_SYSTEM_LOCK */ |
8ca83cfd RS |
365 | #else /* MAIL_USE_MMDF */ |
366 | indesc = lk_open (inname, O_RDONLY, 0, 0, 10); | |
4293ba7f RS |
367 | #endif /* MAIL_USE_MMDF */ |
368 | ||
8ca83cfd RS |
369 | if (indesc < 0) |
370 | pfatal_with_name (inname); | |
237e0016 | 371 | |
9e3edd30 PE |
372 | /* Make sure the user can read the output file. */ |
373 | umask (umask (0) & 0377); | |
374 | ||
8ca83cfd RS |
375 | outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666); |
376 | if (outdesc < 0) | |
377 | pfatal_with_name (outname); | |
25025815 | 378 | |
fbf4af3a | 379 | if (setregid (-1, priv_gid) < 0) |
51a91f9d CY |
380 | fatal ("Failed to regain privileges", 0, 0); |
381 | ||
25025815 RS |
382 | /* This label exists so we can retry locking |
383 | after a delay, if it got EAGAIN or EBUSY. */ | |
384 | retry_lock: | |
385 | ||
386 | /* Try to lock it. */ | |
a4deff3c RS |
387 | #ifdef MAIL_USE_MAILLOCK |
388 | if (spool_name) | |
389 | { | |
390 | /* The "0 - " is to make it a negative number if maillock returns | |
391 | non-zero. */ | |
392 | status = 0 - maillock (spool_name, 1); | |
393 | #ifdef HAVE_TOUCHLOCK | |
394 | touched_lock = time (0); | |
395 | #endif | |
396 | lockcount = 5; | |
397 | } | |
398 | else | |
399 | #endif /* MAIL_USE_MAILLOCK */ | |
400 | { | |
63cf923d RS |
401 | #ifdef MAIL_USE_SYSTEM_LOCK |
402 | #ifdef MAIL_USE_LOCKF | |
a4deff3c | 403 | status = lockf (indesc, F_LOCK, 0); |
63cf923d | 404 | #else /* not MAIL_USE_LOCKF */ |
7f75d5c6 | 405 | #ifdef WINDOWSNT |
a4deff3c | 406 | status = locking (indesc, LK_RLCK, -1L); |
237e0016 | 407 | #else |
a4deff3c | 408 | status = flock (indesc, LOCK_EX); |
237e0016 | 409 | #endif |
63cf923d RS |
410 | #endif /* not MAIL_USE_LOCKF */ |
411 | #endif /* MAIL_USE_SYSTEM_LOCK */ | |
a4deff3c | 412 | } |
237e0016 | 413 | |
25025815 RS |
414 | /* If it fails, retry up to 5 times |
415 | for certain failure codes. */ | |
416 | if (status < 0) | |
417 | { | |
22626a85 | 418 | if (++lockcount <= 5 && (errno == EAGAIN || errno == EBUSY)) |
25025815 | 419 | { |
22626a85 PE |
420 | sleep (1); |
421 | goto retry_lock; | |
25025815 RS |
422 | } |
423 | ||
424 | pfatal_with_name (inname); | |
425 | } | |
177c0ea7 | 426 | |
08564963 | 427 | { |
8ca83cfd RS |
428 | char buf[1024]; |
429 | ||
430 | while (1) | |
08564963 | 431 | { |
8ca83cfd | 432 | nread = read (indesc, buf, sizeof buf); |
5e5b35c7 RS |
433 | if (nread < 0) |
434 | pfatal_with_name (inname); | |
8ca83cfd RS |
435 | if (nread != write (outdesc, buf, nread)) |
436 | { | |
437 | int saved_errno = errno; | |
438 | unlink (outname); | |
439 | errno = saved_errno; | |
440 | pfatal_with_name (outname); | |
441 | } | |
442 | if (nread < sizeof buf) | |
443 | break; | |
a4deff3c RS |
444 | #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK) |
445 | if (spool_name) | |
446 | { | |
5a9c1e26 | 447 | time_t now = time (0); |
a4deff3c RS |
448 | if (now - touched_lock > 60) |
449 | { | |
450 | touchlock (); | |
451 | touched_lock = now; | |
452 | } | |
453 | } | |
454 | #endif /* MAIL_USE_MAILLOCK */ | |
08564963 | 455 | } |
08564963 | 456 | } |
237e0016 | 457 | |
47d7532e | 458 | if (fsync (outdesc) != 0 && errno != EINVAL) |
8ca83cfd | 459 | pfatal_and_delete (outname); |
237e0016 | 460 | |
51a91f9d | 461 | /* Prevent symlink attacks truncating other users' mailboxes */ |
fbf4af3a | 462 | if (setregid (-1, real_gid) < 0) |
51a91f9d CY |
463 | fatal ("Failed to drop privileges", 0, 0); |
464 | ||
8ca83cfd RS |
465 | /* Check to make sure no errors before we zap the inbox. */ |
466 | if (close (outdesc) != 0) | |
467 | pfatal_and_delete (outname); | |
237e0016 | 468 | |
63cf923d | 469 | #ifdef MAIL_USE_SYSTEM_LOCK |
fea4325c RS |
470 | if (! preserve_mail) |
471 | { | |
9055082e PE |
472 | if (ftruncate (indesc, 0L) != 0) |
473 | pfatal_with_name (inname); | |
b1cb2966 | 474 | } |
63cf923d | 475 | #endif /* MAIL_USE_SYSTEM_LOCK */ |
4293ba7f RS |
476 | |
477 | #ifdef MAIL_USE_MMDF | |
8ca83cfd | 478 | lk_close (indesc, 0, 0, 0); |
4293ba7f | 479 | #else |
8ca83cfd | 480 | close (indesc); |
4293ba7f | 481 | #endif |
237e0016 | 482 | |
63cf923d | 483 | #ifndef MAIL_USE_SYSTEM_LOCK |
fea4325c RS |
484 | if (! preserve_mail) |
485 | { | |
486 | /* Delete the input file; if we can't, at least get rid of its | |
487 | contents. */ | |
e97dd183 | 488 | #ifdef MAIL_UNLINK_SPOOL |
fea4325c RS |
489 | /* This is generally bad to do, because it destroys the permissions |
490 | that were set on the file. Better to just empty the file. */ | |
491 | if (unlink (inname) < 0 && errno != ENOENT) | |
e97dd183 | 492 | #endif /* MAIL_UNLINK_SPOOL */ |
fea4325c RS |
493 | creat (inname, 0600); |
494 | } | |
63cf923d | 495 | #endif /* not MAIL_USE_SYSTEM_LOCK */ |
8ca83cfd | 496 | |
51a91f9d | 497 | /* End of mailbox truncation */ |
fbf4af3a | 498 | if (setregid (-1, priv_gid) < 0) |
51a91f9d CY |
499 | fatal ("Failed to regain privileges", 0, 0); |
500 | ||
a4deff3c RS |
501 | #ifdef MAIL_USE_MAILLOCK |
502 | /* This has to occur in the child, i.e., in the process that | |
503 | acquired the lock! */ | |
504 | if (spool_name) | |
505 | mailunlock (); | |
506 | #endif | |
65396510 | 507 | exit (EXIT_SUCCESS); |
8ca83cfd RS |
508 | } |
509 | ||
27d41fb4 PE |
510 | wait (&wait_status); |
511 | if (!WIFEXITED (wait_status)) | |
65396510 | 512 | exit (EXIT_FAILURE); |
13294f95 PE |
513 | else if (WEXITSTATUS (wait_status) != 0) |
514 | exit (WEXITSTATUS (wait_status)); | |
8ca83cfd | 515 | |
63cf923d | 516 | #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK) |
a4deff3c RS |
517 | #ifdef MAIL_USE_MAILLOCK |
518 | if (! spool_name) | |
519 | #endif /* MAIL_USE_MAILLOCK */ | |
520 | unlink (lockname); | |
63cf923d | 521 | #endif /* not MAIL_USE_MMDF and not MAIL_USE_SYSTEM_LOCK */ |
7f75d5c6 RS |
522 | |
523 | #endif /* ! DISABLE_DIRECT_ACCESS */ | |
524 | ||
65396510 | 525 | return EXIT_SUCCESS; |
237e0016 | 526 | } |
a4deff3c RS |
527 | |
528 | #ifdef MAIL_USE_MAILLOCK | |
529 | /* This function uses stat to confirm that the mail directory is | |
530 | identical to the directory of the input file, rather than just | |
531 | string-comparing the two paths, because one or both of them might | |
532 | be symbolic links pointing to some other directory. */ | |
533 | static char * | |
728a982d | 534 | mail_spool_name (char *inname) |
a4deff3c RS |
535 | { |
536 | struct stat stat1, stat2; | |
537 | char *indir, *fname; | |
538 | int status; | |
539 | ||
8966b757 | 540 | if (! (fname = strrchr (inname, '/'))) |
a4deff3c RS |
541 | return NULL; |
542 | ||
543 | fname++; | |
544 | ||
545 | if (stat (MAILDIR, &stat1) < 0) | |
546 | return NULL; | |
547 | ||
e99a530f PE |
548 | indir = xmalloc (fname - inname + 1); |
549 | memcpy (indir, inname, fname - inname); | |
a4deff3c RS |
550 | indir[fname-inname] = '\0'; |
551 | ||
552 | ||
553 | status = stat (indir, &stat2); | |
554 | ||
555 | free (indir); | |
556 | ||
557 | if (status < 0) | |
558 | return NULL; | |
559 | ||
c4009c1f RS |
560 | if (stat1.st_dev == stat2.st_dev |
561 | && stat1.st_ino == stat2.st_ino) | |
a4deff3c RS |
562 | return fname; |
563 | ||
564 | return NULL; | |
565 | } | |
566 | #endif /* MAIL_USE_MAILLOCK */ | |
237e0016 RS |
567 | \f |
568 | /* Print error message and exit. */ | |
569 | ||
1725ae55 | 570 | static void |
988e88ab | 571 | fatal (const char *s1, const char *s2, const char *s3) |
237e0016 RS |
572 | { |
573 | if (delete_lockname) | |
574 | unlink (delete_lockname); | |
a9eedf40 | 575 | error (s1, s2, s3); |
65396510 | 576 | exit (EXIT_FAILURE); |
237e0016 RS |
577 | } |
578 | ||
cc3b64e8 DL |
579 | /* Print error message. `s1' is printf control string, `s2' and `s3' |
580 | are args for it or null. */ | |
237e0016 | 581 | |
1725ae55 | 582 | static void |
988e88ab | 583 | error (const char *s1, const char *s2, const char *s3) |
237e0016 | 584 | { |
e2f9d9af | 585 | fprintf (stderr, "movemail: "); |
cc3b64e8 DL |
586 | if (s3) |
587 | fprintf (stderr, s1, s2, s3); | |
588 | else if (s2) | |
589 | fprintf (stderr, s1, s2); | |
590 | else | |
3b3807f8 | 591 | fprintf (stderr, "%s", s1); |
e2f9d9af | 592 | fprintf (stderr, "\n"); |
237e0016 RS |
593 | } |
594 | ||
1725ae55 | 595 | static void |
873fbd0b | 596 | pfatal_with_name (char *name) |
237e0016 | 597 | { |
a9eedf40 | 598 | fatal ("%s for %s", strerror (errno), name); |
237e0016 RS |
599 | } |
600 | ||
1725ae55 | 601 | static void |
873fbd0b | 602 | pfatal_and_delete (char *name) |
cfa191ff | 603 | { |
a9eedf40 | 604 | char *s = strerror (errno); |
cfa191ff | 605 | unlink (name); |
a9eedf40 | 606 | fatal ("%s for %s", s, name); |
cfa191ff | 607 | } |
237e0016 RS |
608 | \f |
609 | /* This is the guts of the interface to the Post Office Protocol. */ | |
610 | ||
611 | #ifdef MAIL_USE_POP | |
612 | ||
7f75d5c6 | 613 | #ifndef WINDOWSNT |
237e0016 RS |
614 | #include <sys/socket.h> |
615 | #include <netinet/in.h> | |
616 | #include <netdb.h> | |
7f75d5c6 RS |
617 | #else |
618 | #undef _WINSOCKAPI_ | |
619 | #include <winsock.h> | |
620 | #endif | |
cecf0f21 | 621 | #include <pwd.h> |
d228a23c | 622 | #include <string.h> |
237e0016 | 623 | |
237e0016 RS |
624 | #define NOTOK (-1) |
625 | #define OK 0 | |
237e0016 | 626 | |
b23b5a5b | 627 | static char Errmsg[200]; /* POP errors, at least, can exceed |
752fb472 | 628 | the original length of 80. */ |
237e0016 | 629 | |
476b2799 | 630 | /* |
4d90eee4 | 631 | * The full valid syntax for a POP mailbox specification for movemail |
476b2799 GM |
632 | * is "po:username:hostname". The ":hostname" is optional; if it is |
633 | * omitted, the MAILHOST environment variable will be consulted. Note | |
634 | * that by the time popmail() is called the "po:" has been stripped | |
635 | * off of the front of the mailbox name. | |
636 | * | |
637 | * If the mailbox is in the form "po:username:hostname", then it is | |
638 | * modified by this function -- the second colon is replaced by a | |
639 | * null. | |
65396510 TTN |
640 | * |
641 | * Return a value suitable for passing to `exit'. | |
476b2799 GM |
642 | */ |
643 | ||
1725ae55 | 644 | static int |
873fbd0b | 645 | popmail (char *mailbox, char *outfile, int preserve, char *password, int reverse_order) |
237e0016 | 646 | { |
b1ce62a8 | 647 | int nmsgs, nbytes; |
b1ce62a8 RS |
648 | register int i; |
649 | int mbfi; | |
650 | FILE *mbf; | |
b32701a7 | 651 | popserver server; |
a2997b0f | 652 | int start, end, increment; |
476b2799 GM |
653 | char *user, *hostname; |
654 | ||
655 | user = mailbox; | |
8966b757 | 656 | if ((hostname = strchr (mailbox, ':'))) |
476b2799 | 657 | *hostname++ = '\0'; |
237e0016 | 658 | |
476b2799 | 659 | server = pop_open (hostname, user, password, POP_NO_GETPASS); |
2e82e3c3 | 660 | if (! server) |
b1ce62a8 | 661 | { |
cc3b64e8 | 662 | error ("Error connecting to POP server: %s", pop_error, 0); |
65396510 | 663 | return EXIT_FAILURE; |
237e0016 RS |
664 | } |
665 | ||
2e82e3c3 | 666 | if (pop_stat (server, &nmsgs, &nbytes)) |
b1ce62a8 | 667 | { |
cc3b64e8 | 668 | error ("Error getting message count from POP server: %s", pop_error, 0); |
65396510 | 669 | return EXIT_FAILURE; |
237e0016 RS |
670 | } |
671 | ||
b1ce62a8 RS |
672 | if (!nmsgs) |
673 | { | |
2e82e3c3 | 674 | pop_close (server); |
65396510 | 675 | return EXIT_SUCCESS; |
b1ce62a8 RS |
676 | } |
677 | ||
678 | mbfi = open (outfile, O_WRONLY | O_CREAT | O_EXCL, 0666); | |
679 | if (mbfi < 0) | |
680 | { | |
2e82e3c3 RS |
681 | pop_close (server); |
682 | error ("Error in open: %s, %s", strerror (errno), outfile); | |
65396510 | 683 | return EXIT_FAILURE; |
b1ce62a8 | 684 | } |
f0939c31 PE |
685 | |
686 | if (fchown (mbfi, getuid (), -1) != 0) | |
687 | { | |
688 | int fchown_errno = errno; | |
689 | struct stat st; | |
690 | if (fstat (mbfi, &st) != 0 || st.st_uid != getuid ()) | |
691 | { | |
692 | pop_close (server); | |
693 | error ("Error in fchown: %s, %s", strerror (fchown_errno), outfile); | |
694 | return EXIT_FAILURE; | |
695 | } | |
696 | } | |
b1ce62a8 | 697 | |
7f75d5c6 | 698 | if ((mbf = fdopen (mbfi, "wb")) == NULL) |
b1ce62a8 | 699 | { |
2e82e3c3 | 700 | pop_close (server); |
cc3b64e8 | 701 | error ("Error in fdopen: %s", strerror (errno), 0); |
2e82e3c3 RS |
702 | close (mbfi); |
703 | unlink (outfile); | |
65396510 | 704 | return EXIT_FAILURE; |
b1ce62a8 RS |
705 | } |
706 | ||
a2997b0f KH |
707 | if (reverse_order) |
708 | { | |
709 | start = nmsgs; | |
710 | end = 1; | |
711 | increment = -1; | |
712 | } | |
713 | else | |
714 | { | |
715 | start = 1; | |
716 | end = nmsgs; | |
717 | increment = 1; | |
718 | } | |
719 | ||
720 | for (i = start; i * increment <= end * increment; i += increment) | |
b1ce62a8 RS |
721 | { |
722 | mbx_delimit_begin (mbf); | |
ff804ff5 | 723 | if (pop_retr (server, i, mbf) != OK) |
b1ce62a8 | 724 | { |
17a60964 | 725 | error ("%s", Errmsg, 0); |
b1ce62a8 | 726 | close (mbfi); |
65396510 | 727 | return EXIT_FAILURE; |
237e0016 | 728 | } |
b1ce62a8 RS |
729 | mbx_delimit_end (mbf); |
730 | fflush (mbf); | |
2e82e3c3 RS |
731 | if (ferror (mbf)) |
732 | { | |
cc3b64e8 | 733 | error ("Error in fflush: %s", strerror (errno), 0); |
2e82e3c3 RS |
734 | pop_close (server); |
735 | close (mbfi); | |
65396510 | 736 | return EXIT_FAILURE; |
2e82e3c3 | 737 | } |
237e0016 RS |
738 | } |
739 | ||
47d7532e | 740 | if (fsync (mbfi) != 0 && errno != EINVAL) |
cfa191ff | 741 | { |
08fa58c9 | 742 | error ("Error in fsync: %s", strerror (errno), 0); |
47d7532e | 743 | close (mbfi); |
65396510 | 744 | return EXIT_FAILURE; |
cfa191ff RS |
745 | } |
746 | ||
47d7532e | 747 | if (close (mbfi) != 0) |
cfa191ff | 748 | { |
cc3b64e8 | 749 | error ("Error in close: %s", strerror (errno), 0); |
65396510 | 750 | return EXIT_FAILURE; |
cfa191ff RS |
751 | } |
752 | ||
fea4325c RS |
753 | if (! preserve) |
754 | for (i = 1; i <= nmsgs; i++) | |
755 | { | |
756 | if (pop_delete (server, i)) | |
757 | { | |
cc3b64e8 | 758 | error ("Error from POP server: %s", pop_error, 0); |
fea4325c | 759 | pop_close (server); |
65396510 | 760 | return EXIT_FAILURE; |
fea4325c RS |
761 | } |
762 | } | |
237e0016 | 763 | |
2e82e3c3 | 764 | if (pop_quit (server)) |
b1ce62a8 | 765 | { |
cc3b64e8 | 766 | error ("Error from POP server: %s", pop_error, 0); |
65396510 | 767 | return EXIT_FAILURE; |
237e0016 | 768 | } |
177c0ea7 | 769 | |
65396510 | 770 | return EXIT_SUCCESS; |
237e0016 RS |
771 | } |
772 | ||
1725ae55 | 773 | static int |
873fbd0b | 774 | pop_retr (popserver server, int msgno, FILE *arg) |
237e0016 | 775 | { |
2e82e3c3 RS |
776 | char *line; |
777 | int ret; | |
237e0016 | 778 | |
2e82e3c3 | 779 | if (pop_retrieve_first (server, msgno, &line)) |
b1ce62a8 | 780 | { |
e99a530f | 781 | snprintf (Errmsg, sizeof Errmsg, "Error from POP server: %s", pop_error); |
2e82e3c3 | 782 | return (NOTOK); |
237e0016 RS |
783 | } |
784 | ||
d89d0243 | 785 | while ((ret = pop_retrieve_next (server, &line)) >= 0) |
b1ce62a8 | 786 | { |
2e82e3c3 RS |
787 | if (! line) |
788 | break; | |
789 | ||
d89d0243 | 790 | if (mbx_write (line, ret, arg) != OK) |
b1ce62a8 | 791 | { |
2e82e3c3 RS |
792 | strcpy (Errmsg, strerror (errno)); |
793 | pop_close (server); | |
794 | return (NOTOK); | |
237e0016 RS |
795 | } |
796 | } | |
237e0016 | 797 | |
2e82e3c3 | 798 | if (ret) |
b1ce62a8 | 799 | { |
e99a530f | 800 | snprintf (Errmsg, sizeof Errmsg, "Error from POP server: %s", pop_error); |
2e82e3c3 | 801 | return (NOTOK); |
237e0016 RS |
802 | } |
803 | ||
2e82e3c3 | 804 | return (OK); |
237e0016 RS |
805 | } |
806 | ||
1725ae55 | 807 | static int |
873fbd0b | 808 | mbx_write (char *line, int len, FILE *mbf) |
237e0016 | 809 | { |
d04f5031 | 810 | #ifdef MOVEMAIL_QUOTE_POP_FROM_LINES |
5ecec6a7 PE |
811 | /* Do this as a macro instead of using strcmp to save on execution time. */ |
812 | # define IS_FROM_LINE(a) ((a[0] == 'F') \ | |
813 | && (a[1] == 'r') \ | |
814 | && (a[2] == 'o') \ | |
815 | && (a[3] == 'm') \ | |
816 | && (a[4] == ' ')) | |
2e82e3c3 RS |
817 | if (IS_FROM_LINE (line)) |
818 | { | |
819 | if (fputc ('>', mbf) == EOF) | |
820 | return (NOTOK); | |
821 | } | |
d04f5031 PE |
822 | #endif |
823 | if (line[0] == '\037') | |
824 | { | |
825 | if (fputs ("^_", mbf) == EOF) | |
826 | return (NOTOK); | |
827 | line++; | |
828 | len--; | |
829 | } | |
177c0ea7 | 830 | if (fwrite (line, 1, len, mbf) != len) |
2e82e3c3 RS |
831 | return (NOTOK); |
832 | if (fputc (0x0a, mbf) == EOF) | |
833 | return (NOTOK); | |
834 | return (OK); | |
237e0016 RS |
835 | } |
836 | ||
1725ae55 | 837 | static int |
873fbd0b | 838 | mbx_delimit_begin (FILE *mbf) |
237e0016 | 839 | { |
d228a23c GM |
840 | time_t now; |
841 | struct tm *ltime; | |
842 | char fromline[40] = "From movemail "; | |
843 | ||
844 | now = time (NULL); | |
845 | ltime = localtime (&now); | |
846 | ||
847 | strcat (fromline, asctime (ltime)); | |
848 | ||
849 | if (fputs (fromline, mbf) == EOF) | |
2e82e3c3 RS |
850 | return (NOTOK); |
851 | return (OK); | |
237e0016 RS |
852 | } |
853 | ||
1725ae55 | 854 | static int |
873fbd0b | 855 | mbx_delimit_end (FILE *mbf) |
237e0016 | 856 | { |
3f32be22 | 857 | if (putc ('\n', mbf) == EOF) |
2e82e3c3 RS |
858 | return (NOTOK); |
859 | return (OK); | |
237e0016 RS |
860 | } |
861 | ||
862 | #endif /* MAIL_USE_POP */ |