xref: /netbsd-src/external/ibm-public/postfix/dist/src/local/maildir.c (revision 75f6d617e282811cb173c2ccfbf5df0dd71f7045) 
1 /*	$NetBSD: maildir.c,v 1.1.1.2 2013/01/02 18:59:01 tron Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	maildir 3
6 /* SUMMARY
7 /*	delivery to maildir
8 /* SYNOPSIS
9 /*	#include "local.h"
10 /*
11 /*	int	deliver_maildir(state, usr_attr, path)
12 /*	LOCAL_STATE state;
13 /*	USER_ATTR usr_attr;
14 /*	char	*path;
15 /* DESCRIPTION
16 /*	deliver_maildir() delivers a message to a qmail maildir.
17 /*
18 /*	Arguments:
19 /* .IP state
20 /*	The attributes that specify the message, recipient and more.
21 /*	Attributes describing alias, include or forward expansion.
22 /*	A table with the results from expanding aliases or lists.
23 /* .IP usr_attr
24 /*	Attributes describing user rights and environment information.
25 /* .IP path
26 /*	The maildir to deliver to, including trailing slash.
27 /* DIAGNOSTICS
28 /*	deliver_maildir() always succeeds or it bounces the message.
29 /* SEE ALSO
30 /*	bounce(3)
31 /* LICENSE
32 /* .ad
33 /* .fi
34 /*	The Secure Mailer license must be distributed with this software.
35 /* AUTHOR(S)
36 /*	Wietse Venema
37 /*	IBM T.J. Watson Research
38 /*	P.O. Box 704
39 /*	Yorktown Heights, NY 10598, USA
40 /*--*/
41 
42 /* System library. */
43 
44 #include "sys_defs.h"
45 #include <sys/stat.h>
46 #include <sys/time.h>
47 #include <unistd.h>
48 #include <time.h>
49 #include <errno.h>
50 
51 /* Utility library. */
52 
53 #include <msg.h>
54 #include <mymalloc.h>
55 #include <stringops.h>
56 #include <vstream.h>
57 #include <vstring.h>
58 #include <make_dirs.h>
59 #include <set_eugid.h>
60 #include <get_hostname.h>
61 #include <sane_fsops.h>
62 #include <warn_stat.h>
63 
64 /* Global library. */
65 
66 #include <mail_copy.h>
67 #include <bounce.h>
68 #include <defer.h>
69 #include <sent.h>
70 #include <mail_params.h>
71 #include <dsn_util.h>
72 #include <mbox_open.h>
73 
74 /* Application-specific. */
75 
76 #include "local.h"
77 
78 /* deliver_maildir - delivery to maildir-style mailbox */
79 
80 int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
81 {
82     const char *myname = "deliver_maildir";
83     char   *newdir;
84     char   *tmpdir;
85     char   *curdir;
86     char   *tmpfile;
87     char   *newfile;
88     DSN_BUF *why = state.msg_attr.why;
89     VSTRING *buf;
90     VSTREAM *dst;
91     int     mail_copy_status;
92     int     deliver_status;
93     int     copy_flags;
94     struct stat st;
95     struct timeval starttime;
96 
97     GETTIMEOFDAY(&starttime);
98 
99     /*
100      * Make verbose logging easier to understand.
101      */
102     state.level++;
103     if (msg_verbose)
104 	MSG_LOG_STATE(myname, state);
105 
106     /*
107      * Don't deliver trace-only requests.
108      */
109     if (DEL_REQ_TRACE_ONLY(state.request->flags)) {
110 	dsb_simple(why, "2.0.0", "delivers to maildir");
111 	return (sent(BOUNCE_FLAGS(state.request), SENT_ATTR(state.msg_attr)));
112     }
113 
114     /*
115      * Initialize. Assume the operation will fail. Set the delivered
116      * attribute to reflect the final recipient.
117      */
118     if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0)
119 	msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp));
120     if (var_frozen_delivered == 0)
121 	state.msg_attr.delivered = state.msg_attr.rcpt.address;
122     mail_copy_status = MAIL_COPY_STAT_WRITE;
123     buf = vstring_alloc(100);
124 
125     copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH | MAIL_COPY_ORIG_RCPT;
126     if (local_deliver_hdr_mask & DELIVER_HDR_FILE)
127 	copy_flags |= MAIL_COPY_DELIVERED;
128 
129     newdir = concatenate(path, "new/", (char *) 0);
130     tmpdir = concatenate(path, "tmp/", (char *) 0);
131     curdir = concatenate(path, "cur/", (char *) 0);
132 
133     /*
134      * Create and write the file as the recipient, so that file quota work.
135      * Create any missing directories on the fly. The file name is chosen
136      * according to ftp://koobera.math.uic.edu/www/proto/maildir.html:
137      *
138      * "A unique name has three pieces, separated by dots. On the left is the
139      * result of time(). On the right is the result of gethostname(). In the
140      * middle is something that doesn't repeat within one second on a single
141      * host. I fork a new process for each delivery, so I just use the
142      * process ID. If you're delivering several messages from one process,
143      * use starttime.pid_count.host, where starttime is the time that your
144      * process started, and count is the number of messages you've
145      * delivered."
146      *
147      * Well, that stopped working on fast machines, and on operating systems
148      * that randomize process ID values. When creating a file in tmp/ we use
149      * the process ID because it still is an exclusive resource. When moving
150      * the file to new/ we use the device number and inode number. I do not
151      * care if this breaks on a remote AFS file system, because people should
152      * know better.
153      *
154      * On January 26, 2003, http://cr.yp.to/proto/maildir.html said:
155      *
156      * A unique name has three pieces, separated by dots. On the left is the
157      * result of time() or the second counter from gettimeofday(). On the
158      * right is the result of gethostname(). (To deal with invalid host
159      * names, replace / with \057 and : with \072.) In the middle is a
160      * delivery identifier, discussed below.
161      *
162      * [...]
163      *
164      * Modern delivery identifiers are created by concatenating enough of the
165      * following strings to guarantee uniqueness:
166      *
167      * [...]
168      *
169      * In, where n is (in hexadecimal) the UNIX inode number of this file.
170      * Unfortunately, inode numbers aren't always available through NFS.
171      *
172      * Vn, where n is (in hexadecimal) the UNIX device number of this file.
173      * Unfortunately, device numbers aren't always available through NFS.
174      * (Device numbers are also not helpful with the standard UNIX
175      * filesystem: a maildir has to be within a single UNIX device for link()
176      * and rename() to work.)
177      *
178      * Mn, where n is (in decimal) the microsecond counter from the same
179      * gettimeofday() used for the left part of the unique name.
180      *
181      * Pn, where n is (in decimal) the process ID.
182      *
183      * [...]
184      */
185     set_eugid(usr_attr.uid, usr_attr.gid);
186     vstring_sprintf(buf, "%lu.P%d.%s",
187 		 (unsigned long) starttime.tv_sec, var_pid, get_hostname());
188     tmpfile = concatenate(tmpdir, STR(buf), (char *) 0);
189     newfile = 0;
190     if ((dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0
191 	&& (errno != ENOENT
192 	    || make_dirs(tmpdir, 0700) < 0
193 	    || (dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0)) {
194 	dsb_simple(why, mbox_dsn(errno, "5.2.0"),
195 		   "create maildir file %s: %m", tmpfile);
196     } else if (fstat(vstream_fileno(dst), &st) < 0) {
197 
198 	/*
199 	 * Coverity 200604: file descriptor leak in code that never executes.
200 	 * Code replaced by msg_fatal(), as it is not worthwhile to continue
201 	 * after an impossible error condition.
202 	 */
203 	msg_fatal("fstat %s: %m", tmpfile);
204     } else {
205 	vstring_sprintf(buf, "%lu.V%lxI%lxM%lu.%s",
206 			(unsigned long) starttime.tv_sec,
207 			(unsigned long) st.st_dev,
208 			(unsigned long) st.st_ino,
209 			(unsigned long) starttime.tv_usec,
210 			get_hostname());
211 	newfile = concatenate(newdir, STR(buf), (char *) 0);
212 	if ((mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr),
213 					  dst, copy_flags, "\n",
214 					  why)) == 0) {
215 	    if (sane_link(tmpfile, newfile) < 0
216 		&& (errno != ENOENT
217 		    || (make_dirs(curdir, 0700), make_dirs(newdir, 0700)) < 0
218 		    || sane_link(tmpfile, newfile) < 0)) {
219 		dsb_simple(why, mbox_dsn(errno, "5.2.0"),
220 			   "create maildir file %s: %m", newfile);
221 		mail_copy_status = MAIL_COPY_STAT_WRITE;
222 	    }
223 	}
224 	if (unlink(tmpfile) < 0)
225 	    msg_warn("remove %s: %m", tmpfile);
226     }
227     set_eugid(var_owner_uid, var_owner_gid);
228 
229     /*
230      * As the mail system, bounce or defer delivery.
231      */
232     if (mail_copy_status & MAIL_COPY_STAT_CORRUPT) {
233 	deliver_status = DEL_STAT_DEFER;
234     } else if (mail_copy_status != 0) {
235 	if (errno == EACCES) {
236 	    msg_warn("maildir access problem for UID/GID=%lu/%lu: %s",
237 		     (long) usr_attr.uid, (long) usr_attr.gid,
238 		     STR(why->reason));
239 	    msg_warn("perhaps you need to create the maildirs in advance");
240 	}
241 	vstring_sprintf_prepend(why->reason, "maildir delivery failed: ");
242 	deliver_status =
243 	    (STR(why->status)[0] == '4' ?
244 	     defer_append : bounce_append)
245 	    (BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr));
246     } else {
247 	dsb_simple(why, "2.0.0", "delivered to maildir");
248 	deliver_status = sent(BOUNCE_FLAGS(state.request),
249 			      SENT_ATTR(state.msg_attr));
250     }
251     vstring_free(buf);
252     myfree(newdir);
253     myfree(tmpdir);
254     myfree(curdir);
255     myfree(tmpfile);
256     if (newfile)
257 	myfree(newfile);
258     return (deliver_status);
259 }
260