1 /* movemail foo bar -- move file foo to file bar,
2 locking file foo the way /bin/mail respects.
3 Copyright (C) 1986, 1992, 1993, 1994, 1996, 1999, 2001, 2002, 2003, 2004,
4 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
6 This file is part of GNU Emacs.
8 GNU Emacs is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 3 of the License, or
11 (at your option) any later version.
13 GNU Emacs is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
22 /* Important notice: defining MAIL_USE_FLOCK or MAIL_USE_LOCKF *will
23 cause loss of mail* if you do it on a system that does not normally
24 use flock as its way of interlocking access to inbox files. The
25 setting of MAIL_USE_FLOCK and MAIL_USE_LOCKF *must agree* with the
26 system's own conventions. It is not a choice that is up to you.
28 So, if your system uses lock files rather than flock, then the only way
29 you can get proper operation is to enable movemail to write lockfiles there.
30 This means you must either give that directory access modes
31 that permit everyone to write lockfiles in it, or you must make movemail
32 a setuid or setgid program. */
35 * Modified January, 1986 by Michael R. Gretzinger (Project Athena)
37 * Added POP (Post Office Protocol) service. When compiled -DMAIL_USE_POP
38 * movemail will accept input filename arguments of the form
39 * "po:username". This will cause movemail to open a connection to
40 * a pop server running on $MAILHOST (environment variable). Movemail
41 * must be setuid to root in order to work with POP.
43 * New module: popmail.c
45 * main - added code within #ifdef MAIL_USE_POP; added setuid (getuid ())
47 * New routines in movemail.c:
48 * get_errmsg - return pointer to system error message
50 * Modified August, 1993 by Jonathan Kamens (OpenVision Technologies)
52 * Move all of the POP code into a separate file, "pop.c".
53 * Use strerror instead of get_errmsg.
58 #include <sys/types.h>
82 #define DIRECTORY_SEP '/'
84 #ifndef IS_DIRECTORY_SEP
85 #define IS_DIRECTORY_SEP(_c_) ((_c_) == DIRECTORY_SEP)
93 #define wait(var) (*(var) = 0)
94 /* Unfortunately, Samba doesn't seem to properly lock Unix files even
95 though the locking call succeeds (and indeed blocks local access from
96 other NT programs). If you have direct file access using an NFS
97 client or something other than Samba, the locking call might work
98 properly - make sure it does before you enable this!
100 [18-Feb-97 andrewi] I now believe my comment above to be incorrect,
101 since it was based on a misunderstanding of how locking calls are
102 implemented and used on Unix. */
103 //#define DISABLE_DIRECT_ACCESS
106 #endif /* WINDOWSNT */
116 #include <sys/locking.h>
119 #ifdef MAIL_USE_LOCKF
120 #define MAIL_USE_SYSTEM_LOCK
123 #ifdef MAIL_USE_FLOCK
124 #define MAIL_USE_SYSTEM_LOCK
128 extern int lk_open (), lk_close ();
131 #if !defined (MAIL_USE_SYSTEM_LOCK) && !defined (MAIL_USE_MMDF) && \
132 (defined (HAVE_LIBMAIL) || defined (HAVE_LIBLOCKFILE)) && \
133 defined (HAVE_MAILLOCK_H)
134 #include <maillock.h>
135 /* We can't use maillock unless we know what directory system mail
138 #define MAIL_USE_MAILLOCK
139 static char *mail_spool_name ();
148 extern char *index
__P ((const char *, int));
151 extern char *rindex
__P((const char *, int));
156 void pfatal_with_name ();
157 void pfatal_and_delete ();
163 int mbx_delimit_begin ();
164 int mbx_delimit_end ();
166 /* Nonzero means this is name of a lock file to delete on fatal error. */
167 char *delete_lockname
;
174 char *inname
, *outname
;
178 int c
, preserve_mail
= 0;
180 #ifndef MAIL_USE_SYSTEM_LOCK
187 #endif /* not MAIL_USE_SYSTEM_LOCK */
189 #ifdef MAIL_USE_MAILLOCK
194 int pop_reverse_order
= 0;
196 #else /* ! MAIL_USE_POP */
198 #endif /* MAIL_USE_POP */
200 uid_t real_gid
= getgid();
201 uid_t priv_gid
= getegid();
204 /* Ensure all file i/o is in binary mode. */
210 while ((c
= getopt (argc
, argv
, ARGSTR
)) != EOF
)
215 pop_reverse_order
= 1;
228 (argc
- optind
< 2) || (argc
- optind
> 3)
235 fprintf (stderr
, "Usage: movemail [-p] [-r] inbox destfile%s\n",
238 fprintf (stderr
, "Usage: movemail [-p] inbox destfile%s\n", "");
243 inname
= argv
[optind
];
244 outname
= argv
[optind
+1];
251 fatal ("Destination file name is empty", 0, 0);
254 if (!strncmp (inname
, "po:", 3))
258 status
= popmail (inname
+ 3, outname
, preserve_mail
,
259 (argc
- optind
== 3) ? argv
[optind
+2] : NULL
,
264 if (setuid (getuid ()) < 0)
265 fatal ("Failed to drop privileges", 0, 0);
267 #endif /* MAIL_USE_POP */
269 #ifndef DISABLE_DIRECT_ACCESS
270 #ifndef MAIL_USE_MMDF
271 #ifndef MAIL_USE_SYSTEM_LOCK
272 #ifdef MAIL_USE_MAILLOCK
273 spool_name
= mail_spool_name (inname
);
277 /* Use a lock file named after our first argument with .lock appended:
278 If it exists, the mail file is locked. */
279 /* Note: this locking mechanism is *required* by the mailer
280 (on systems which use it) to prevent loss of mail.
282 On systems that use a lock file, extracting the mail without locking
283 WILL occasionally cause loss of mail due to timing errors!
285 So, if creation of the lock file fails
286 due to access permission on the mail spool directory,
287 you simply MUST change the permission
288 and/or make movemail a setgid program
289 so it can create lock files properly.
291 You might also wish to verify that your system is one
292 which uses lock files for this purpose. Some systems use other methods.
294 If your system uses the `flock' system call for mail locking,
295 define MAIL_USE_SYSTEM_LOCK in config.h or the s-*.h file
296 and recompile movemail. If the s- file for your system
297 should define MAIL_USE_SYSTEM_LOCK but does not, send a bug report
298 to bug-gnu-emacs@prep.ai.mit.edu so we can fix it. */
300 lockname
= concat (inname
, ".lock", "");
301 tempname
= (char *) xmalloc (strlen (inname
) + strlen ("EXXXXXX") + 1);
302 strcpy (tempname
, inname
);
303 p
= tempname
+ strlen (tempname
);
304 while (p
!= tempname
&& !IS_DIRECTORY_SEP (p
[-1]))
307 strcpy (p
, "EXXXXXX");
313 /* Create the lock file, but not under the lock file name. */
314 /* Give up if cannot do that. */
315 desc
= open (tempname
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
318 char *message
= (char *) xmalloc (strlen (tempname
) + 50);
319 sprintf (message
, "creating %s, which would become the lock file",
321 pfatal_with_name (message
);
325 tem
= link (tempname
, lockname
);
328 if (tem
< 0 && errno
== EPERM
)
329 fatal ("Unable to create hard link between %s and %s",
338 /* If lock file is five minutes old, unlock it.
339 Five minutes should be good enough to cope with crashes
340 and wedgitude, and long enough to avoid being fooled
341 by time differences between machines. */
342 if (stat (lockname
, &st
) >= 0)
345 if (st
.st_ctime
< now
- 300)
350 delete_lockname
= lockname
;
352 #endif /* not MAIL_USE_SYSTEM_LOCK */
353 #endif /* not MAIL_USE_MMDF */
359 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
360 time_t touched_lock
, now
;
363 if (setuid (getuid ()) < 0 || setegid (real_gid
) < 0)
364 fatal ("Failed to drop privileges", 0, 0);
366 #ifndef MAIL_USE_MMDF
367 #ifdef MAIL_USE_SYSTEM_LOCK
368 indesc
= open (inname
, O_RDWR
);
369 #else /* if not MAIL_USE_SYSTEM_LOCK */
370 indesc
= open (inname
, O_RDONLY
);
371 #endif /* not MAIL_USE_SYSTEM_LOCK */
372 #else /* MAIL_USE_MMDF */
373 indesc
= lk_open (inname
, O_RDONLY
, 0, 0, 10);
374 #endif /* MAIL_USE_MMDF */
377 pfatal_with_name (inname
);
380 /* In case movemail is setuid to root, make sure the user can
381 read the output file. */
382 /* This is desirable for all systems
383 but I don't want to assume all have the umask system call */
384 umask (umask (0) & 0333);
385 #endif /* BSD_SYSTEM */
386 outdesc
= open (outname
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
388 pfatal_with_name (outname
);
390 if (setegid (priv_gid
) < 0)
391 fatal ("Failed to regain privileges", 0, 0);
393 /* This label exists so we can retry locking
394 after a delay, if it got EAGAIN or EBUSY. */
397 /* Try to lock it. */
398 #ifdef MAIL_USE_MAILLOCK
401 /* The "0 - " is to make it a negative number if maillock returns
403 status
= 0 - maillock (spool_name
, 1);
404 #ifdef HAVE_TOUCHLOCK
405 touched_lock
= time (0);
410 #endif /* MAIL_USE_MAILLOCK */
412 #ifdef MAIL_USE_SYSTEM_LOCK
413 #ifdef MAIL_USE_LOCKF
414 status
= lockf (indesc
, F_LOCK
, 0);
415 #else /* not MAIL_USE_LOCKF */
417 status
= locking (indesc
, LK_RLCK
, -1L);
419 status
= flock (indesc
, LOCK_EX
);
421 #endif /* not MAIL_USE_LOCKF */
422 #endif /* MAIL_USE_SYSTEM_LOCK */
425 /* If it fails, retry up to 5 times
426 for certain failure codes. */
429 if (++lockcount
<= 5)
447 pfatal_with_name (inname
);
455 nread
= read (indesc
, buf
, sizeof buf
);
457 pfatal_with_name (inname
);
458 if (nread
!= write (outdesc
, buf
, nread
))
460 int saved_errno
= errno
;
463 pfatal_with_name (outname
);
465 if (nread
< sizeof buf
)
467 #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
471 if (now
- touched_lock
> 60)
477 #endif /* MAIL_USE_MAILLOCK */
482 if (fsync (outdesc
) < 0)
483 pfatal_and_delete (outname
);
486 /* Prevent symlink attacks truncating other users' mailboxes */
487 if (setegid (real_gid
) < 0)
488 fatal ("Failed to drop privileges", 0, 0);
490 /* Check to make sure no errors before we zap the inbox. */
491 if (close (outdesc
) != 0)
492 pfatal_and_delete (outname
);
494 #ifdef MAIL_USE_SYSTEM_LOCK
497 ftruncate (indesc
, 0L);
499 #endif /* MAIL_USE_SYSTEM_LOCK */
502 lk_close (indesc
, 0, 0, 0);
507 #ifndef MAIL_USE_SYSTEM_LOCK
510 /* Delete the input file; if we can't, at least get rid of its
512 #ifdef MAIL_UNLINK_SPOOL
513 /* This is generally bad to do, because it destroys the permissions
514 that were set on the file. Better to just empty the file. */
515 if (unlink (inname
) < 0 && errno
!= ENOENT
)
516 #endif /* MAIL_UNLINK_SPOOL */
517 creat (inname
, 0600);
519 #endif /* not MAIL_USE_SYSTEM_LOCK */
521 /* End of mailbox truncation */
522 if (setegid (priv_gid
) < 0)
523 fatal ("Failed to regain privileges", 0, 0);
525 #ifdef MAIL_USE_MAILLOCK
526 /* This has to occur in the child, i.e., in the process that
527 acquired the lock! */
535 if (!WIFEXITED (status
))
537 else if (WRETCODE (status
) != 0)
538 exit (WRETCODE (status
));
540 #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK)
541 #ifdef MAIL_USE_MAILLOCK
543 #endif /* MAIL_USE_MAILLOCK */
545 #endif /* not MAIL_USE_MMDF and not MAIL_USE_SYSTEM_LOCK */
547 #endif /* ! DISABLE_DIRECT_ACCESS */
552 #ifdef MAIL_USE_MAILLOCK
553 /* This function uses stat to confirm that the mail directory is
554 identical to the directory of the input file, rather than just
555 string-comparing the two paths, because one or both of them might
556 be symbolic links pointing to some other directory. */
558 mail_spool_name (inname
)
561 struct stat stat1
, stat2
;
565 if (! (fname
= rindex (inname
, '/')))
570 if (stat (MAILDIR
, &stat1
) < 0)
573 indir
= (char *) xmalloc (fname
- inname
+ 1);
574 strncpy (indir
, inname
, fname
- inname
);
575 indir
[fname
-inname
] = '\0';
578 status
= stat (indir
, &stat2
);
585 if (stat1
.st_dev
== stat2
.st_dev
586 && stat1
.st_ino
== stat2
.st_ino
)
591 #endif /* MAIL_USE_MAILLOCK */
593 /* Print error message and exit. */
600 unlink (delete_lockname
);
605 /* Print error message. `s1' is printf control string, `s2' and `s3'
606 are args for it or null. */
612 fprintf (stderr
, "movemail: ");
614 fprintf (stderr
, s1
, s2
, s3
);
616 fprintf (stderr
, s1
, s2
);
618 fprintf (stderr
, s1
);
619 fprintf (stderr
, "\n");
623 pfatal_with_name (name
)
626 fatal ("%s for %s", strerror (errno
), name
);
630 pfatal_and_delete (name
)
633 char *s
= strerror (errno
);
635 fatal ("%s for %s", s
, name
);
638 /* Return a newly-allocated string whose contents concatenate those of s1, s2, s3. */
644 int len1
= strlen (s1
), len2
= strlen (s2
), len3
= strlen (s3
);
645 char *result
= (char *) xmalloc (len1
+ len2
+ len3
+ 1);
648 strcpy (result
+ len1
, s2
);
649 strcpy (result
+ len1
+ len2
, s3
);
650 *(result
+ len1
+ len2
+ len3
) = 0;
655 /* Like malloc but get fatal error if memory is exhausted. */
661 long *result
= (long *) malloc (size
);
663 fatal ("virtual memory exhausted", 0, 0);
667 /* This is the guts of the interface to the Post Office Protocol. */
672 #include <sys/socket.h>
673 #include <netinet/in.h>
689 char ibuffer
[BUFSIZ
];
690 char obuffer
[BUFSIZ
];
691 char Errmsg
[200]; /* POP errors, at least, can exceed
692 the original length of 80. */
695 * The full valid syntax for a POP mailbox specification for movemail
696 * is "po:username:hostname". The ":hostname" is optional; if it is
697 * omitted, the MAILHOST environment variable will be consulted. Note
698 * that by the time popmail() is called the "po:" has been stripped
699 * off of the front of the mailbox name.
701 * If the mailbox is in the form "po:username:hostname", then it is
702 * modified by this function -- the second colon is replaced by a
705 * Return a value suitable for passing to `exit'.
709 popmail (mailbox
, outfile
, preserve
, password
, reverse_order
)
722 int start
, end
, increment
;
723 char *user
, *hostname
;
726 if ((hostname
= index(mailbox
, ':')))
729 server
= pop_open (hostname
, user
, password
, POP_NO_GETPASS
);
732 error ("Error connecting to POP server: %s", pop_error
, 0);
736 if (pop_stat (server
, &nmsgs
, &nbytes
))
738 error ("Error getting message count from POP server: %s", pop_error
, 0);
748 mbfi
= open (outfile
, O_WRONLY
| O_CREAT
| O_EXCL
, 0666);
752 error ("Error in open: %s, %s", strerror (errno
), outfile
);
755 fchown (mbfi
, getuid (), -1);
757 if ((mbf
= fdopen (mbfi
, "wb")) == NULL
)
760 error ("Error in fdopen: %s", strerror (errno
), 0);
779 for (i
= start
; i
* increment
<= end
* increment
; i
+= increment
)
781 mbx_delimit_begin (mbf
);
782 if (pop_retr (server
, i
, mbf
) != OK
)
784 error ("%s", Errmsg
, 0);
788 mbx_delimit_end (mbf
);
792 error ("Error in fflush: %s", strerror (errno
), 0);
799 /* On AFS, a call to write only modifies the file in the local
800 * workstation's AFS cache. The changes are not written to the server
801 * until a call to fsync or close is made. Users with AFS home
802 * directories have lost mail when over quota because these checks were
803 * not made in previous versions of movemail. */
806 if (fsync (mbfi
) < 0)
808 error ("Error in fsync: %s", strerror (errno
), 0);
813 if (close (mbfi
) == -1)
815 error ("Error in close: %s", strerror (errno
), 0);
820 for (i
= 1; i
<= nmsgs
; i
++)
822 if (pop_delete (server
, i
))
824 error ("Error from POP server: %s", pop_error
, 0);
830 if (pop_quit (server
))
832 error ("Error from POP server: %s", pop_error
, 0);
840 pop_retr (server
, msgno
, arg
)
845 extern char *strerror ();
849 if (pop_retrieve_first (server
, msgno
, &line
))
851 char *error
= concat ("Error from POP server: ", pop_error
, "");
852 strncpy (Errmsg
, error
, sizeof (Errmsg
));
853 Errmsg
[sizeof (Errmsg
)-1] = '\0';
858 while ((ret
= pop_retrieve_next (server
, &line
)) >= 0)
863 if (mbx_write (line
, ret
, arg
) != OK
)
865 strcpy (Errmsg
, strerror (errno
));
873 char *error
= concat ("Error from POP server: ", pop_error
, "");
874 strncpy (Errmsg
, error
, sizeof (Errmsg
));
875 Errmsg
[sizeof (Errmsg
)-1] = '\0';
883 /* Do this as a macro instead of using strcmp to save on execution time. */
884 #define IS_FROM_LINE(a) ((a[0] == 'F') \
891 mbx_write (line
, len
, mbf
)
896 #ifdef MOVEMAIL_QUOTE_POP_FROM_LINES
897 if (IS_FROM_LINE (line
))
899 if (fputc ('>', mbf
) == EOF
)
903 if (line
[0] == '\037')
905 if (fputs ("^_", mbf
) == EOF
)
910 if (fwrite (line
, 1, len
, mbf
) != len
)
912 if (fputc (0x0a, mbf
) == EOF
)
918 mbx_delimit_begin (mbf
)
923 char fromline
[40] = "From movemail ";
926 ltime
= localtime (&now
);
928 strcat (fromline
, asctime (ltime
));
930 if (fputs (fromline
, mbf
) == EOF
)
936 mbx_delimit_end (mbf
)
939 if (putc ('\n', mbf
) == EOF
)
944 #endif /* MAIL_USE_POP */
946 #ifndef HAVE_STRERROR
951 extern char *sys_errlist
[];
954 if (errnum
>= 0 && errnum
< sys_nerr
)
955 return sys_errlist
[errnum
];
956 return (char *) "Unknown error";
959 #endif /* ! HAVE_STRERROR */
961 /* arch-tag: 1c323112-41fe-4fe5-8de9-494de631f73f
962 (do not change this comment) */
964 /* movemail.c ends here */