| blob | 0a8806621d311feb7ec514630e0d9018795d3045 |
1 /* movemail foo bar -- move file foo to file bar,
2 locking file foo the way /bin/mail respects.
4 Copyright (C) 1986, 1992-1994, 1996, 1999, 2001-2013 Free Software
5 Foundation, Inc.
7 This file is part of GNU Emacs.
9 GNU Emacs is free software: you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation, either version 3 of the License, or
12 (at your option) any later version.
14 GNU Emacs is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
23 /* Important notice: defining MAIL_USE_FLOCK or MAIL_USE_LOCKF *will
24 cause loss of mail* if you do it on a system that does not normally
25 use flock/lockf as its way of interlocking access to inbox files. The
26 setting of MAIL_USE_FLOCK and MAIL_USE_LOCKF *must agree* with the
27 system's own conventions. It is not a choice that is up to you.
29 So, if your system uses lock files rather than flock, then the only way
30 you can get proper operation is to enable movemail to write lockfiles there.
31 This means you must either give that directory access modes
32 that permit everyone to write lockfiles in it, or you must make movemail
33 a setuid or setgid program. */
35 /*
36 * Modified January, 1986 by Michael R. Gretzinger (Project Athena)
37 *
38 * Added POP (Post Office Protocol) service. When compiled -DMAIL_USE_POP
39 * movemail will accept input filename arguments of the form
40 * "po:username". This will cause movemail to open a connection to
41 * a pop server running on $MAILHOST (environment variable). Movemail
42 * must be setuid to root in order to work with POP.
43 *
44 * New module: popmail.c
45 * Modified routines:
46 * main - added code within #ifdef MAIL_USE_POP; added setuid (getuid ())
47 * after POP code.
48 * New routines in movemail.c:
49 * get_errmsg - return pointer to system error message
50 *
51 * Modified August, 1993 by Jonathan Kamens (OpenVision Technologies)
52 *
53 * Move all of the POP code into a separate file, "pop.c".
54 * Use strerror instead of get_errmsg.
55 *
56 */
58 #include <config.h>
59 #include <sys/types.h>
60 #include <sys/stat.h>
61 #include <sys/file.h>
62 #include <stdio.h>
63 #include <errno.h>
64 #include <time.h>
66 #include <getopt.h>
67 #include <unistd.h>
68 #ifdef HAVE_FCNTL_H
69 #include <fcntl.h>
70 #endif
71 #include <string.h>
73 #ifdef MAIL_USE_POP
75 #endif
77 #ifdef MSDOS
78 #undef access
81 #ifdef WINDOWSNT
83 #undef access
84 #undef unlink
85 #define fork() 0
86 #define wait(var) (*(var) = 0)
87 /* Unfortunately, Samba doesn't seem to properly lock Unix files even
88 though the locking call succeeds (and indeed blocks local access from
89 other NT programs). If you have direct file access using an NFS
90 client or something other than Samba, the locking call might work
91 properly - make sure it does before you enable this!
93 [18-Feb-97 andrewi] I now believe my comment above to be incorrect,
94 since it was based on a misunderstanding of how locking calls are
95 implemented and used on Unix. */
96 //#define DISABLE_DIRECT_ACCESS
98 #include <fcntl.h>
101 #ifndef F_OK
102 #define F_OK 0
103 #define X_OK 1
104 #define W_OK 2
105 #define R_OK 4
106 #endif
108 #ifdef WINDOWSNT
109 #include <sys/locking.h>
110 #endif
112 /* If your system uses the `flock' or `lockf' system call for mail locking,
113 define MAIL_USE_SYSTEM_LOCK. If your system type should always define
114 MAIL_USE_LOCKF or MAIL_USE_FLOCK but configure does not do this,
115 please make a bug report. */
117 #ifdef MAIL_USE_LOCKF
118 #define MAIL_USE_SYSTEM_LOCK
119 #endif
121 #ifdef MAIL_USE_FLOCK
122 #define MAIL_USE_SYSTEM_LOCK
123 #endif
125 #ifdef MAIL_USE_MMDF
127 #endif
129 #if !defined (MAIL_USE_SYSTEM_LOCK) && !defined (MAIL_USE_MMDF) && \
130 (defined (HAVE_LIBMAIL) || defined (HAVE_LIBLOCKFILE)) && \
131 defined (HAVE_MAILLOCK_H)
132 #include <maillock.h>
133 /* We can't use maillock unless we know what directory system mail
134 files appear in. */
135 #ifdef MAILDIR
136 #define MAIL_USE_MAILLOCK
138 #endif
139 #endif
145 #ifdef MAIL_USE_POP
146 static int popmail (char *mailbox, char *outfile, int preserve, char *password, int reverse_order);
151 #endif
153 #if (defined MAIL_USE_MAILLOCK \
154 || (!defined DISABLE_DIRECT_ACCESS && !defined MAIL_USE_MMDF \
155 && !defined MAIL_USE_SYSTEM_LOCK))
156 /* Like malloc but get fatal error if memory is exhausted. */
160 {
165 }
166 #endif
168 /* Nonzero means this is name of a lock file to delete on fatal error. */
171 int
173 {
176 ssize_t nread;
180 #ifndef MAIL_USE_SYSTEM_LOCK
189 #ifdef MAIL_USE_MAILLOCK
191 #endif
193 #ifdef MAIL_USE_POP
203 #ifdef WINDOWSNT
204 /* Ensure all file i/o is in binary mode. */
206 #endif
211 {
213 #ifdef MAIL_USE_POP
217 #endif
219 preserve_mail++;
223 }
224 }
227 #ifdef MAIL_USE_POP
229 #else
231 #endif
232 )
233 {
234 #ifdef MAIL_USE_POP
237 #else
239 #endif
241 }
246 #ifdef MAIL_USE_MMDF
248 #endif
253 #ifdef MAIL_USE_POP
255 {
260 pop_reverse_order);
262 }
269 #ifndef DISABLE_DIRECT_ACCESS
270 #ifndef MAIL_USE_MMDF
271 #ifndef MAIL_USE_SYSTEM_LOCK
272 #ifdef MAIL_USE_MAILLOCK
275 {
276 #ifdef lint
278 #endif
279 }
280 else
281 #endif
282 {
283 /* Use a lock file named after our first argument with .lock appended:
284 If it exists, the mail file is locked. */
285 /* Note: this locking mechanism is *required* by the mailer
286 (on systems which use it) to prevent loss of mail.
288 On systems that use a lock file, extracting the mail without locking
289 WILL occasionally cause loss of mail due to timing errors!
291 So, if creation of the lock file fails due to access
292 permission on the mail spool directory, you simply MUST
293 change the permission and/or make movemail a setgid program
294 so it can create lock files properly.
296 You might also wish to verify that your system is one which
297 uses lock files for this purpose. Some systems use other methods. */
305 inname_dirlen--)
310 {
311 /* Create the lock file, but not under the lock file name. */
312 /* Give up if cannot do that. */
316 #ifdef HAVE_MKSTEMP
318 #else
322 else
323 {
326 }
327 #endif
329 {
335 }
340 #ifdef EPERM
344 #endif
351 /* If lock file is five minutes old, unlock it.
352 Five minutes should be good enough to cope with crashes
353 and wedgitude, and long enough to avoid being fooled
354 by time differences between machines. */
356 {
360 }
361 }
364 }
369 {
372 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
374 # ifdef lint
376 # endif
377 #endif
382 #ifndef MAIL_USE_MMDF
383 #ifdef MAIL_USE_SYSTEM_LOCK
395 #ifdef BSD_SYSTEM
396 /* In case movemail is setuid to root, make sure the user can
397 read the output file. */
398 /* This is desirable for all systems
399 but I don't want to assume all have the umask system call */
409 /* This label exists so we can retry locking
410 after a delay, if it got EAGAIN or EBUSY. */
411 retry_lock:
413 /* Try to lock it. */
414 #ifdef MAIL_USE_MAILLOCK
416 {
417 /* The "0 - " is to make it a negative number if maillock returns
418 non-zero. */
420 #ifdef HAVE_TOUCHLOCK
422 #endif
424 }
425 else
427 {
428 #ifdef MAIL_USE_SYSTEM_LOCK
429 #ifdef MAIL_USE_LOCKF
432 #ifdef WINDOWSNT
434 #else
436 #endif
439 }
441 /* If it fails, retry up to 5 times
442 for certain failure codes. */
444 {
446 {
447 #ifdef EAGAIN
449 {
452 }
453 #endif
454 #ifdef EBUSY
456 {
459 }
460 #endif
461 }
464 }
466 {
470 {
475 {
480 }
483 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
485 {
488 {
491 }
492 }
494 }
495 }
497 #ifdef BSD_SYSTEM
500 #endif
502 /* Prevent symlink attacks truncating other users' mailboxes */
506 /* Check to make sure no errors before we zap the inbox. */
510 #ifdef MAIL_USE_SYSTEM_LOCK
512 {
515 }
518 #ifdef MAIL_USE_MMDF
520 #else
522 #endif
524 #ifndef MAIL_USE_SYSTEM_LOCK
526 {
527 /* Delete the input file; if we can't, at least get rid of its
528 contents. */
529 #ifdef MAIL_UNLINK_SPOOL
530 /* This is generally bad to do, because it destroys the permissions
531 that were set on the file. Better to just empty the file. */
535 }
538 /* End of mailbox truncation */
542 #ifdef MAIL_USE_MAILLOCK
543 /* This has to occur in the child, i.e., in the process that
544 acquired the lock! */
547 #endif
549 }
557 #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK)
558 #ifdef MAIL_USE_MAILLOCK
567 }
569 #ifdef MAIL_USE_MAILLOCK
570 /* This function uses stat to confirm that the mail directory is
571 identical to the directory of the input file, rather than just
572 string-comparing the two paths, because one or both of them might
573 be symbolic links pointing to some other directory. */
576 {
584 fname++;
606 }
608 \f
609 /* Print error message and exit. */
611 static void
613 {
618 }
620 /* Print error message. `s1' is printf control string, `s2' and `s3'
621 are args for it or null. */
623 static void
625 {
631 else
634 }
636 static void
638 {
640 }
642 static void
644 {
648 }
649 \f
650 /* This is the guts of the interface to the Post Office Protocol. */
652 #ifdef MAIL_USE_POP
654 #ifndef WINDOWSNT
655 #include <sys/socket.h>
656 #include <netinet/in.h>
657 #include <netdb.h>
658 #else
659 #undef _WINSOCKAPI_
660 #include <winsock.h>
661 #endif
662 #include <pwd.h>
663 #include <string.h>
665 #define NOTOK (-1)
666 #define OK 0
669 the original length of 80. */
671 /*
672 * The full valid syntax for a POP mailbox specification for movemail
673 * is "po:username:hostname". The ":hostname" is optional; if it is
674 * omitted, the MAILHOST environment variable will be consulted. Note
675 * that by the time popmail() is called the "po:" has been stripped
676 * off of the front of the mailbox name.
677 *
678 * If the mailbox is in the form "po:username:hostname", then it is
679 * modified by this function -- the second colon is replaced by a
680 * null.
681 *
682 * Return a value suitable for passing to `exit'.
683 */
685 static int
687 {
693 popserver server;
703 {
706 }
709 {
712 }
715 {
718 }
722 {
726 }
729 {
733 {
737 }
738 }
741 {
747 }
750 {
754 }
755 else
756 {
760 }
763 {
766 {
770 }
774 {
779 }
780 }
782 /* On AFS, a call to write only modifies the file in the local
783 * workstation's AFS cache. The changes are not written to the server
784 * until a call to fsync or close is made. Users with AFS home
785 * directories have lost mail when over quota because these checks were
786 * not made in previous versions of movemail. */
788 #ifdef BSD_SYSTEM
790 {
793 }
794 #endif
797 {
800 }
804 {
806 {
810 }
811 }
814 {
817 }
820 }
822 static int
824 {
829 {
832 }
835 {
840 {
844 }
845 }
848 {
851 }
854 }
856 static int
858 {
859 #ifdef MOVEMAIL_QUOTE_POP_FROM_LINES
860 /* Do this as a macro instead of using strcmp to save on execution time. */
867 {
870 }
871 #endif
873 {
876 line++;
877 len--;
878 }
884 }
886 static int
888 {
901 }
903 static int
905 {
909 }