| blob | df1c1137df521ccabf3f7f543ee0b84780b063df |
1 /* movemail foo bar -- move file foo to file bar,
2 locking file foo the way /bin/mail respects.
4 Copyright (C) 1986, 1992-1994, 1996, 1999, 2001-2012
5 Free Software Foundation, Inc.
7 This file is part of GNU Emacs.
9 GNU Emacs is free software: you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation, either version 3 of the License, or
12 (at your option) any later version.
14 GNU Emacs is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
23 /* Important notice: defining MAIL_USE_FLOCK or MAIL_USE_LOCKF *will
24 cause loss of mail* if you do it on a system that does not normally
25 use flock as its way of interlocking access to inbox files. The
26 setting of MAIL_USE_FLOCK and MAIL_USE_LOCKF *must agree* with the
27 system's own conventions. It is not a choice that is up to you.
29 So, if your system uses lock files rather than flock, then the only way
30 you can get proper operation is to enable movemail to write lockfiles there.
31 This means you must either give that directory access modes
32 that permit everyone to write lockfiles in it, or you must make movemail
33 a setuid or setgid program. */
35 /*
36 * Modified January, 1986 by Michael R. Gretzinger (Project Athena)
37 *
38 * Added POP (Post Office Protocol) service. When compiled -DMAIL_USE_POP
39 * movemail will accept input filename arguments of the form
40 * "po:username". This will cause movemail to open a connection to
41 * a pop server running on $MAILHOST (environment variable). Movemail
42 * must be setuid to root in order to work with POP.
43 *
44 * New module: popmail.c
45 * Modified routines:
46 * main - added code within #ifdef MAIL_USE_POP; added setuid (getuid ())
47 * after POP code.
48 * New routines in movemail.c:
49 * get_errmsg - return pointer to system error message
50 *
51 * Modified August, 1993 by Jonathan Kamens (OpenVision Technologies)
52 *
53 * Move all of the POP code into a separate file, "pop.c".
54 * Use strerror instead of get_errmsg.
55 *
56 */
58 #include <config.h>
59 #include <sys/types.h>
60 #include <sys/stat.h>
61 #include <sys/file.h>
62 #include <stdio.h>
63 #include <errno.h>
64 #include <time.h>
66 #include <getopt.h>
67 #include <unistd.h>
68 #ifdef HAVE_FCNTL_H
69 #include <fcntl.h>
70 #endif
71 #include <string.h>
73 #ifdef MAIL_USE_POP
75 #endif
77 #ifdef MSDOS
78 #undef access
81 #ifdef WINDOWSNT
83 #undef access
84 #undef unlink
85 #define fork() 0
86 #define wait(var) (*(var) = 0)
87 /* Unfortunately, Samba doesn't seem to properly lock Unix files even
88 though the locking call succeeds (and indeed blocks local access from
89 other NT programs). If you have direct file access using an NFS
90 client or something other than Samba, the locking call might work
91 properly - make sure it does before you enable this!
93 [18-Feb-97 andrewi] I now believe my comment above to be incorrect,
94 since it was based on a misunderstanding of how locking calls are
95 implemented and used on Unix. */
96 //#define DISABLE_DIRECT_ACCESS
98 #include <fcntl.h>
101 #ifndef F_OK
102 #define F_OK 0
103 #define X_OK 1
104 #define W_OK 2
105 #define R_OK 4
106 #endif
108 #ifdef WINDOWSNT
109 #include <sys/locking.h>
110 #endif
112 #ifdef MAIL_USE_LOCKF
113 #define MAIL_USE_SYSTEM_LOCK
114 #endif
116 #ifdef MAIL_USE_FLOCK
117 #define MAIL_USE_SYSTEM_LOCK
118 #endif
120 #ifdef MAIL_USE_MMDF
122 #endif
124 #if !defined (MAIL_USE_SYSTEM_LOCK) && !defined (MAIL_USE_MMDF) && \
125 (defined (HAVE_LIBMAIL) || defined (HAVE_LIBLOCKFILE)) && \
126 defined (HAVE_MAILLOCK_H)
127 #include <maillock.h>
128 /* We can't use maillock unless we know what directory system mail
129 files appear in. */
130 #ifdef MAILDIR
131 #define MAIL_USE_MAILLOCK
133 #endif
134 #endif
140 #ifdef MAIL_USE_POP
141 static int popmail (char *mailbox, char *outfile, int preserve, char *password, int reverse_order);
146 #endif
148 #if (defined MAIL_USE_MAILLOCK \
149 || (!defined DISABLE_DIRECT_ACCESS && !defined MAIL_USE_MMDF \
150 && !defined MAIL_USE_SYSTEM_LOCK))
151 /* Like malloc but get fatal error if memory is exhausted. */
155 {
160 }
161 #endif
163 /* Nonzero means this is name of a lock file to delete on fatal error. */
166 int
168 {
171 ssize_t nread;
175 #ifndef MAIL_USE_SYSTEM_LOCK
184 #ifdef MAIL_USE_MAILLOCK
186 #endif
188 #ifdef MAIL_USE_POP
198 #ifdef WINDOWSNT
199 /* Ensure all file i/o is in binary mode. */
201 #endif
206 {
208 #ifdef MAIL_USE_POP
212 #endif
214 preserve_mail++;
218 }
219 }
222 #ifdef MAIL_USE_POP
224 #else
226 #endif
227 )
228 {
229 #ifdef MAIL_USE_POP
232 #else
234 #endif
236 }
241 #ifdef MAIL_USE_MMDF
243 #endif
248 #ifdef MAIL_USE_POP
250 {
255 pop_reverse_order);
257 }
264 #ifndef DISABLE_DIRECT_ACCESS
265 #ifndef MAIL_USE_MMDF
266 #ifndef MAIL_USE_SYSTEM_LOCK
267 #ifdef MAIL_USE_MAILLOCK
270 {
271 #ifdef lint
273 #endif
274 }
275 else
276 #endif
277 {
278 #ifndef DIRECTORY_SEP
280 #endif
281 #ifndef IS_DIRECTORY_SEP
282 #define IS_DIRECTORY_SEP(_c_) ((_c_) == DIRECTORY_SEP)
283 #endif
285 /* Use a lock file named after our first argument with .lock appended:
286 If it exists, the mail file is locked. */
287 /* Note: this locking mechanism is *required* by the mailer
288 (on systems which use it) to prevent loss of mail.
290 On systems that use a lock file, extracting the mail without locking
291 WILL occasionally cause loss of mail due to timing errors!
293 So, if creation of the lock file fails due to access
294 permission on the mail spool directory, you simply MUST
295 change the permission and/or make movemail a setgid program
296 so it can create lock files properly.
298 You might also wish to verify that your system is one which
299 uses lock files for this purpose. Some systems use other methods.
301 If your system uses the `flock' system call for mail locking,
302 define MAIL_USE_SYSTEM_LOCK in config.h and recompile movemail.
303 If your system type should always define MAIL_USE_SYSTEM_LOCK
304 but does not, send a bug report to bug-gnu-emacs@gnu.org so we
305 can change the default in configure. */
313 inname_dirlen--)
318 {
319 /* Create the lock file, but not under the lock file name. */
320 /* Give up if cannot do that. */
324 #ifdef HAVE_MKSTEMP
326 #else
330 else
331 {
334 }
335 #endif
337 {
343 }
348 #ifdef EPERM
352 #endif
359 /* If lock file is five minutes old, unlock it.
360 Five minutes should be good enough to cope with crashes
361 and wedgitude, and long enough to avoid being fooled
362 by time differences between machines. */
364 {
368 }
369 }
372 }
377 {
380 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
382 # ifdef lint
384 # endif
385 #endif
390 #ifndef MAIL_USE_MMDF
391 #ifdef MAIL_USE_SYSTEM_LOCK
403 #ifdef BSD_SYSTEM
404 /* In case movemail is setuid to root, make sure the user can
405 read the output file. */
406 /* This is desirable for all systems
407 but I don't want to assume all have the umask system call */
417 /* This label exists so we can retry locking
418 after a delay, if it got EAGAIN or EBUSY. */
419 retry_lock:
421 /* Try to lock it. */
422 #ifdef MAIL_USE_MAILLOCK
424 {
425 /* The "0 - " is to make it a negative number if maillock returns
426 non-zero. */
428 #ifdef HAVE_TOUCHLOCK
430 #endif
432 }
433 else
435 {
436 #ifdef MAIL_USE_SYSTEM_LOCK
437 #ifdef MAIL_USE_LOCKF
440 #ifdef WINDOWSNT
442 #else
444 #endif
447 }
449 /* If it fails, retry up to 5 times
450 for certain failure codes. */
452 {
454 {
455 #ifdef EAGAIN
457 {
460 }
461 #endif
462 #ifdef EBUSY
464 {
467 }
468 #endif
469 }
472 }
474 {
478 {
483 {
488 }
491 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
493 {
496 {
499 }
500 }
502 }
503 }
505 #ifdef BSD_SYSTEM
508 #endif
510 /* Prevent symlink attacks truncating other users' mailboxes */
514 /* Check to make sure no errors before we zap the inbox. */
518 #ifdef MAIL_USE_SYSTEM_LOCK
520 {
523 }
526 #ifdef MAIL_USE_MMDF
528 #else
530 #endif
532 #ifndef MAIL_USE_SYSTEM_LOCK
534 {
535 /* Delete the input file; if we can't, at least get rid of its
536 contents. */
537 #ifdef MAIL_UNLINK_SPOOL
538 /* This is generally bad to do, because it destroys the permissions
539 that were set on the file. Better to just empty the file. */
543 }
546 /* End of mailbox truncation */
550 #ifdef MAIL_USE_MAILLOCK
551 /* This has to occur in the child, i.e., in the process that
552 acquired the lock! */
555 #endif
557 }
565 #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK)
566 #ifdef MAIL_USE_MAILLOCK
575 }
577 #ifdef MAIL_USE_MAILLOCK
578 /* This function uses stat to confirm that the mail directory is
579 identical to the directory of the input file, rather than just
580 string-comparing the two paths, because one or both of them might
581 be symbolic links pointing to some other directory. */
584 {
592 fname++;
614 }
616 \f
617 /* Print error message and exit. */
619 static void
621 {
626 }
628 /* Print error message. `s1' is printf control string, `s2' and `s3'
629 are args for it or null. */
631 static void
633 {
639 else
642 }
644 static void
646 {
648 }
650 static void
652 {
656 }
657 \f
658 /* This is the guts of the interface to the Post Office Protocol. */
660 #ifdef MAIL_USE_POP
662 #ifndef WINDOWSNT
663 #include <sys/socket.h>
664 #include <netinet/in.h>
665 #include <netdb.h>
666 #else
667 #undef _WINSOCKAPI_
668 #include <winsock.h>
669 #endif
670 #include <pwd.h>
671 #include <string.h>
673 #define NOTOK (-1)
674 #define OK 0
677 the original length of 80. */
679 /*
680 * The full valid syntax for a POP mailbox specification for movemail
681 * is "po:username:hostname". The ":hostname" is optional; if it is
682 * omitted, the MAILHOST environment variable will be consulted. Note
683 * that by the time popmail() is called the "po:" has been stripped
684 * off of the front of the mailbox name.
685 *
686 * If the mailbox is in the form "po:username:hostname", then it is
687 * modified by this function -- the second colon is replaced by a
688 * null.
689 *
690 * Return a value suitable for passing to `exit'.
691 */
693 static int
695 {
701 popserver server;
711 {
714 }
717 {
720 }
723 {
726 }
730 {
734 }
737 {
741 {
745 }
746 }
749 {
755 }
758 {
762 }
763 else
764 {
768 }
771 {
774 {
778 }
782 {
787 }
788 }
790 /* On AFS, a call to write only modifies the file in the local
791 * workstation's AFS cache. The changes are not written to the server
792 * until a call to fsync or close is made. Users with AFS home
793 * directories have lost mail when over quota because these checks were
794 * not made in previous versions of movemail. */
796 #ifdef BSD_SYSTEM
798 {
801 }
802 #endif
805 {
808 }
812 {
814 {
818 }
819 }
822 {
825 }
828 }
830 static int
832 {
837 {
840 }
843 {
848 {
852 }
853 }
856 {
859 }
862 }
864 static int
866 {
867 #ifdef MOVEMAIL_QUOTE_POP_FROM_LINES
868 /* Do this as a macro instead of using strcmp to save on execution time. */
875 {
878 }
879 #endif
881 {
884 line++;
885 len--;
886 }
892 }
894 static int
896 {
909 }
911 static int
913 {
917 }