| blob | a457c2939b69d04da3d054f11af86f0be3f98baa |
1 /* $NetBSD$ */
3 /*++
4 /* NAME
5 /* mail_queue 3
6 /* SUMMARY
7 /* mail queue file access
8 /* SYNOPSIS
9 /* #include <mail_queue.h>
10 /*
11 /* VSTREAM *mail_queue_enter(queue_name, mode, tp)
12 /* const char *queue_name;
13 /* mode_t mode;
14 /* struct timeval *tp;
15 /*
16 /* VSTREAM *mail_queue_open(queue_name, queue_id, flags, mode)
17 /* const char *queue_name;
18 /* const char *queue_id;
19 /* int flags;
20 /* mode_t mode;
21 /*
22 /* char *mail_queue_dir(buf, queue_name, queue_id)
23 /* VSTRING *buf;
24 /* const char *queue_name;
25 /* const char *queue_id;
26 /*
27 /* char *mail_queue_path(buf, queue_name, queue_id)
28 /* VSTRING *buf;
29 /* const char *queue_name;
30 /* const char *queue_id;
31 /*
32 /* int mail_queue_mkdirs(path)
33 /* const char *path;
34 /*
35 /* int mail_queue_rename(queue_id, old_queue, new_queue)
36 /* const char *queue_id;
37 /* const char *old_queue;
38 /* const char *new_queue;
39 /*
40 /* int mail_queue_remove(queue_name, queue_id)
41 /* const char *queue_name;
42 /* const char *queue_id;
43 /*
44 /* int mail_queue_name_ok(queue_name)
45 /* const char *queue_name;
46 /*
47 /* int mail_queue_id_ok(queue_id)
48 /* const char *queue_id;
49 /* DESCRIPTION
50 /* This module encapsulates access to the mail queue hierarchy.
51 /* Unlike most other modules, this one does not abort the program
52 /* in case of file access problems. But it does abort when the
53 /* application attempts to use a malformed queue name or queue id.
54 /*
55 /* mail_queue_enter() creates an entry in the named queue. The queue
56 /* id is the file base name, see VSTREAM_PATH(). Queue ids are
57 /* relatively short strings and are recycled in the course of time.
58 /* The only guarantee given is that on a given machine, no two queue
59 /* entries will have the same queue ID at the same time. The tp
60 /* argument, if not a null pointer, receives the time stamp that
61 /* corresponds with the queue ID.
62 /*
63 /* mail_queue_open() opens the named queue file. The \fIflags\fR
64 /* and \fImode\fR arguments are as with open(2). The result is a
65 /* null pointer in case of problems.
66 /*
67 /* mail_queue_dir() returns the directory name of the specified queue
68 /* file. When a null result buffer pointer is provided, the result is
69 /* written to a private buffer that may be overwritten upon the next
70 /* call.
71 /*
72 /* mail_queue_path() returns the pathname of the specified queue
73 /* file. When a null result buffer pointer is provided, the result
74 /* is written to a private buffer that may be overwritten upon the
75 /* next call.
76 /*
77 /* mail_queue_mkdirs() creates missing parent directories
78 /* for the file named in \fBpath\fR. A non-zero result means
79 /* that the operation failed.
80 /*
81 /* mail_queue_rename() renames a queue file. A non-zero result
82 /* means the operation failed.
83 /*
84 /* mail_queue_remove() removes the named queue file. A non-zero result
85 /* means the operation failed.
86 /*
87 /* mail_queue_name_ok() validates a mail queue name and returns
88 /* non-zero (true) if the name contains no nasty characters.
89 /*
90 /* mail_queue_id_ok() does the same thing for mail queue ID names.
91 /* DIAGNOSTICS
92 /* Panic: invalid queue name or id given to mail_queue_path(),
93 /* mail_queue_rename(), or mail_queue_remove().
94 /* Fatal error: out of memory.
95 /* LICENSE
96 /* .ad
97 /* .fi
98 /* The Secure Mailer license must be distributed with this software.
99 /* AUTHOR(S)
100 /* Wietse Venema
101 /* IBM T.J. Watson Research
102 /* P.O. Box 704
103 /* Yorktown Heights, NY 10598, USA
104 /*--*/
106 /* System library. */
108 #include <sys_defs.h>
110 #include <stdlib.h>
111 #include <ctype.h>
112 #include <stdlib.h>
113 #include <unistd.h>
114 #include <fcntl.h>
116 #include <string.h>
117 #include <errno.h>
119 #ifdef STRCASECMP_IN_STRINGS_H
120 #include <strings.h>
121 #endif
123 /* Utility library. */
125 #include <msg.h>
126 #include <vstring.h>
127 #include <vstream.h>
128 #include <mymalloc.h>
129 #include <argv.h>
130 #include <dir_forest.h>
131 #include <make_dirs.h>
132 #include <split_at.h>
133 #include <sane_fsops.h>
134 #include <valid_hostname.h>
136 /* Global library. */
142 #define STR vstring_str
144 /* mail_queue_dir - construct mail queue directory name */
148 {
155 /*
156 * Sanity checks.
157 */
163 /*
164 * Initialize.
165 */
170 }
174 }
176 /*
177 * First, put the basic queue directory name into place.
178 */
182 /*
183 * Then, see if we need to append a little directory forest.
184 */
190 }
191 }
193 }
195 /* mail_queue_path - map mail queue id to path name */
199 {
202 /*
203 * Initialize.
204 */
209 }
211 /*
212 * Append the queue id to the possibly hashed queue directory.
213 */
217 }
219 /* mail_queue_mkdirs - fill in missing directories */
222 {
227 /*
228 * Truncate a copy of the pathname (for safety sake), and create the
229 * missing directories.
230 */
236 }
238 /* mail_queue_rename - move message to another queue */
242 {
247 /*
248 * Try the operation. If it fails, see if it is because of missing
249 * intermediate directories.
250 */
256 /*
257 * Cleanup.
258 */
263 }
265 /* mail_queue_remove - remove mail queue file */
268 {
270 }
272 /* mail_queue_name_ok - validate mail queue name */
275 {
285 }
287 /* mail_queue_id_ok - validate mail queue id */
290 {
293 /*
294 * A file name is either a queue ID (short alphanumeric string in
295 * time+inum form) or a fast flush service logfile name (destination
296 * domain name with non-alphanumeric characters replaced by "_").
297 */
301 /*
302 * OK if in time+inum form or in host_domain_tld form.
303 */
308 }
310 /* mail_queue_enter - make mail queue entry with locally-unique name */
314 {
326 /*
327 * Initialize.
328 */
334 }
338 /*
339 * Create a file with a temporary name that does not collide. The process
340 * ID alone is not sufficiently unique: maildrops can be shared via the
341 * network. Not that I recommend using a network-based queue, or having
342 * multiple hosts write to the same queue, but we should try to avoid
343 * losing mail if we can.
344 *
345 * If someone is racing against us, try to win.
346 */
357 }
359 /*
360 * Rename the file to something that is derived from the file ID. I saw
361 * this idea first being used in Zmailer. On any reasonable file system
362 * the file ID is guaranteed to be unique. Better let the OS resolve
363 * collisions than doing a worse job in an application. Another
364 * attractive property of file IDs is that they can appear in messages
365 * without leaking a significant amount of system information (unlike
366 * process ids). Not so nice is that files need to be renamed when they
367 * are moved to another file system.
368 *
369 * If someone is racing against us, try to win.
370 */
373 /*
374 * XXX Some systems seem to have clocks that correlate with process
375 * scheduling or something. Unfortunately, we cannot add random
376 * quantities to the time, because the non-inode part of a queue ID must
377 * not repeat within the same second. The queue ID is the sole thing that
378 * prevents multiple messages from getting the same Message-ID value.
379 */
391 }
395 }
400 }
402 /* mail_queue_open - open mail queue file */
406 {
410 /*
411 * Try the operation. If file creation fails, see if it is because of a
412 * missing subdirectory.
413 */
419 }