external/ibm-public/postfix/dist/src/local/maildir.c

   1 /*      $NetBSD$        */
   2
   3 /*++
   4 /* NAME
   5 /*      maildir 3
   6 /* SUMMARY
   7 /*      delivery to maildir
   8 /* SYNOPSIS
   9 /*      #include "local.h"
  10 /*
  11 /*      int     deliver_maildir(state, usr_attr, path)
  12 /*      LOCAL_STATE state;
  13 /*      USER_ATTR usr_attr;
  14 /*      char    *path;
  15 /* DESCRIPTION
  16 /*      deliver_maildir() delivers a message to a qmail maildir.
  17 /*
  18 /*      Arguments:
  19 /* .IP state
  20 /*      The attributes that specify the message, recipient and more.
  21 /*      Attributes describing alias, include or forward expansion.
  22 /*      A table with the results from expanding aliases or lists.
  23 /* .IP usr_attr
  24 /*      Attributes describing user rights and environment information.
  25 /* .IP path
  26 /*      The maildir to deliver to, including trailing slash.
  27 /* DIAGNOSTICS
  28 /*      deliver_maildir() always succeeds or it bounces the message.
  29 /* SEE ALSO
  30 /*      bounce(3)
  31 /* LICENSE
  32 /* .ad
  33 /* .fi
  34 /*      The Secure Mailer license must be distributed with this software.
  35 /* AUTHOR(S)
  36 /*      Wietse Venema
  37 /*      IBM T.J. Watson Research
  38 /*      P.O. Box 704
  39 /*      Yorktown Heights, NY 10598, USA
  40 /*--*/
  41
  42 /* System library. */
  43
  44 #include "sys_defs.h"
  45 #include <sys/stat.h>
  46 #include <sys/time.h>
  47 #include <unistd.h>
  48 #include <time.h>
  49 #include <errno.h>
  50
  51 /* Utility library. */
  52
  53 #include <msg.h>
  54 #include <mymalloc.h>
  55 #include <stringops.h>
  56 #include <vstream.h>
  57 #include <vstring.h>
  58 #include <make_dirs.h>
  59 #include <set_eugid.h>
  60 #include <get_hostname.h>
  61 #include <sane_fsops.h>
  62
  63 /* Global library. */
  64
  65 #include <mail_copy.h>
  66 #include <bounce.h>
  67 #include <defer.h>
  68 #include <sent.h>
  69 #include <mail_params.h>
  70 #include <dsn_util.h>
  71 #include <mbox_open.h>
  72
  73 /* Application-specific. */
  74
  75 #include "local.h"
  76
  77 /* deliver_maildir - delivery to maildir-style mailbox */
  78
  79 int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
  80 {
  81     const char *myname = "deliver_maildir";
  82     char   *newdir;
  83     char   *tmpdir;
  84     char   *curdir;
  85     char   *tmpfile;
  86     char   *newfile;
  87     DSN_BUF *why = state.msg_attr.why;
  88     VSTRING *buf;
  89     VSTREAM *dst;
  90     int     mail_copy_status;
  91     int     deliver_status;
  92     int     copy_flags;
  93     struct stat st;
  94     struct timeval starttime;
  95
  96     GETTIMEOFDAY(&starttime);
  97
  98     /*
  99      * Make verbose logging easier to understand.
 100      */
 101     state.level++;
 102     if (msg_verbose)
 103         MSG_LOG_STATE(myname, state);
 104
 105     /*
 106      * Don't deliver trace-only requests.
 107      */
 108     if (DEL_REQ_TRACE_ONLY(state.request->flags)) {
 109         dsb_simple(why, "2.0.0", "delivers to maildir");
 110         return (sent(BOUNCE_FLAGS(state.request), SENT_ATTR(state.msg_attr)));
 111     }
 112
 113     /*
 114      * Initialize. Assume the operation will fail. Set the delivered
 115      * attribute to reflect the final recipient.
 116      */
 117     if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0)
 118         msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp));
 119     if (var_frozen_delivered == 0)
 120         state.msg_attr.delivered = state.msg_attr.rcpt.address;
 121     mail_copy_status = MAIL_COPY_STAT_WRITE;
 122     buf = vstring_alloc(100);
 123
 124     copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH | MAIL_COPY_ORIG_RCPT;
 125     if (local_deliver_hdr_mask & DELIVER_HDR_FILE)
 126         copy_flags |= MAIL_COPY_DELIVERED;
 127
 128     newdir = concatenate(path, "new/", (char *) 0);
 129     tmpdir = concatenate(path, "tmp/", (char *) 0);
 130     curdir = concatenate(path, "cur/", (char *) 0);
 131
 132     /*
 133      * Create and write the file as the recipient, so that file quota work.
 134      * Create any missing directories on the fly. The file name is chosen
 135      * according to ftp://koobera.math.uic.edu/www/proto/maildir.html:
 136      *
 137      * "A unique name has three pieces, separated by dots. On the left is the
 138      * result of time(). On the right is the result of gethostname(). In the
 139      * middle is something that doesn't repeat within one second on a single
 140      * host. I fork a new process for each delivery, so I just use the
 141      * process ID. If you're delivering several messages from one process,
 142      * use starttime.pid_count.host, where starttime is the time that your
 143      * process started, and count is the number of messages you've
 144      * delivered."
 145      *
 146      * Well, that stopped working on fast machines, and on operating systems
 147      * that randomize process ID values. When creating a file in tmp/ we use
 148      * the process ID because it still is an exclusive resource. When moving
 149      * the file to new/ we use the device number and inode number. I do not
 150      * care if this breaks on a remote AFS file system, because people should
 151      * know better.
 152      *
 153      * On January 26, 2003, http://cr.yp.to/proto/maildir.html said:
 154      *
 155      * A unique name has three pieces, separated by dots. On the left is the
 156      * result of time() or the second counter from gettimeofday(). On the
 157      * right is the result of gethostname(). (To deal with invalid host
 158      * names, replace / with \057 and : with \072.) In the middle is a
 159      * delivery identifier, discussed below.
 160      *
 161      * [...]
 162      *
 163      * Modern delivery identifiers are created by concatenating enough of the
 164      * following strings to guarantee uniqueness:
 165      *
 166      * [...]
 167      *
 168      * In, where n is (in hexadecimal) the UNIX inode number of this file.
 169      * Unfortunately, inode numbers aren't always available through NFS.
 170      *
 171      * Vn, where n is (in hexadecimal) the UNIX device number of this file.
 172      * Unfortunately, device numbers aren't always available through NFS.
 173      * (Device numbers are also not helpful with the standard UNIX
 174      * filesystem: a maildir has to be within a single UNIX device for link()
 175      * and rename() to work.)
 176      *
 177      * Mn, where n is (in decimal) the microsecond counter from the same
 178      * gettimeofday() used for the left part of the unique name.
 179      *
 180      * Pn, where n is (in decimal) the process ID.
 181      *
 182      * [...]
 183      */
 184     set_eugid(usr_attr.uid, usr_attr.gid);
 185     vstring_sprintf(buf, "%lu.P%d.%s",
 186                  (unsigned long) starttime.tv_sec, var_pid, get_hostname());
 187     tmpfile = concatenate(tmpdir, STR(buf), (char *) 0);
 188     newfile = 0;
 189     if ((dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0
 190         && (errno != ENOENT
 191             || make_dirs(tmpdir, 0700) < 0
 192             || (dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0)) {
 193         dsb_simple(why, mbox_dsn(errno, "5.2.0"),
 194                    "create maildir file %s: %m", tmpfile);
 195     } else if (fstat(vstream_fileno(dst), &st) < 0) {
 196
 197         /*
 198          * Coverity 200604: file descriptor leak in code that never executes.
 199          * Code replaced by msg_fatal(), as it is not worthwhile to continue
 200          * after an impossible error condition.
 201          */
 202         msg_fatal("fstat %s: %m", tmpfile);
 203     } else {
 204         vstring_sprintf(buf, "%lu.V%lxI%lxM%lu.%s",
 205                         (unsigned long) starttime.tv_sec,
 206                         (unsigned long) st.st_dev,
 207                         (unsigned long) st.st_ino,
 208                         (unsigned long) starttime.tv_usec,
 209                         get_hostname());
 210         newfile = concatenate(newdir, STR(buf), (char *) 0);
 211         if ((mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr),
 212                                           dst, copy_flags, "\n",
 213                                           why)) == 0) {
 214             if (sane_link(tmpfile, newfile) < 0
 215                 && (errno != ENOENT
 216                     || (make_dirs(curdir, 0700), make_dirs(newdir, 0700)) < 0
 217                     || sane_link(tmpfile, newfile) < 0)) {
 218                 dsb_simple(why, mbox_dsn(errno, "5.2.0"),
 219                            "create maildir file %s: %m", newfile);
 220                 mail_copy_status = MAIL_COPY_STAT_WRITE;
 221             }
 222         }
 223         if (unlink(tmpfile) < 0)
 224             msg_warn("remove %s: %m", tmpfile);
 225     }
 226     set_eugid(var_owner_uid, var_owner_gid);
 227
 228     /*
 229      * As the mail system, bounce or defer delivery.
 230      */
 231     if (mail_copy_status & MAIL_COPY_STAT_CORRUPT) {
 232         deliver_status = DEL_STAT_DEFER;
 233     } else if (mail_copy_status != 0) {
 234         if (errno == EACCES) {
 235             msg_warn("maildir access problem for UID/GID=%lu/%lu: %s",
 236                      (long) usr_attr.uid, (long) usr_attr.gid,
 237                      STR(why->reason));
 238             msg_warn("perhaps you need to create the maildirs in advance");
 239         }
 240         vstring_sprintf_prepend(why->reason, "maildir delivery failed: ");
 241         deliver_status =
 242             (STR(why->status)[0] == '4' ?
 243              defer_append : bounce_append)
 244             (BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr));
 245     } else {
 246         dsb_simple(why, "2.0.0", "delivered to maildir");
 247         deliver_status = sent(BOUNCE_FLAGS(state.request),
 248                               SENT_ATTR(state.msg_attr));
 249     }
 250     vstring_free(buf);
 251     myfree(newdir);
 252     myfree(tmpdir);
 253     myfree(curdir);
 254     myfree(tmpfile);
 255     if (newfile)
 256         myfree(newfile);
 257     return (deliver_status);
 258 }