mail_queue.c revision 1.2 
1/*	$NetBSD: mail_queue.c,v 1.2 2017/02/14 01:16:45 christos Exp $	*/
2
3/*++
4/* NAME
5/*	mail_queue 3
6/* SUMMARY
7/*	mail queue file access
8/* SYNOPSIS
9/*	#include <mail_queue.h>
10/*
11/*	VSTREAM	*mail_queue_enter(queue_name, mode, tp)
12/*	const char *queue_name;
13/*	mode_t	mode;
14/*	struct timeval *tp;
15/*
16/*	VSTREAM	*mail_queue_open(queue_name, queue_id, flags, mode)
17/*	const char *queue_name;
18/*	const char *queue_id;
19/*	int	flags;
20/*	mode_t	mode;
21/*
22/*	char	*mail_queue_dir(buf, queue_name, queue_id)
23/*	VSTRING	*buf;
24/*	const char *queue_name;
25/*	const char *queue_id;
26/*
27/*	char	*mail_queue_path(buf, queue_name, queue_id)
28/*	VSTRING	*buf;
29/*	const char *queue_name;
30/*	const char *queue_id;
31/*
32/*	int	mail_queue_mkdirs(path)
33/*	const char *path;
34/*
35/*	int	mail_queue_rename(queue_id, old_queue, new_queue)
36/*	const char *queue_id;
37/*	const char *old_queue;
38/*	const char *new_queue;
39/*
40/*	int	mail_queue_remove(queue_name, queue_id)
41/*	const char *queue_name;
42/*	const char *queue_id;
43/*
44/*	int	mail_queue_name_ok(queue_name)
45/*	const char *queue_name;
46/*
47/*	int	mail_queue_id_ok(queue_id)
48/*	const char *queue_id;
49/* DESCRIPTION
50/*	This module encapsulates access to the mail queue hierarchy.
51/*	Unlike most other modules, this one does not abort the program
52/*	in case of file access problems. But it does abort when the
53/*	application attempts to use a malformed queue name or queue id.
54/*
55/*	mail_queue_enter() creates an entry in the named queue. The queue
56/*	id is the file base name, see VSTREAM_PATH().  Queue ids are
57/*	relatively short strings and are recycled in the course of time.
58/*	The only guarantee given is that on a given machine, no two queue
59/*	entries will have the same queue ID at the same time. The tp
60/*	argument, if not a null pointer, receives the time stamp that
61/*	corresponds with the queue ID.
62/*
63/*	mail_queue_open() opens the named queue file. The \fIflags\fR
64/*	and \fImode\fR arguments are as with open(2). The result is a
65/*	null pointer in case of problems.
66/*
67/*	mail_queue_dir() returns the directory name of the specified queue
68/*	file. When a null result buffer pointer is provided, the result is
69/*	written to a private buffer that may be overwritten upon the next
70/*	call.
71/*
72/*	mail_queue_path() returns the pathname of the specified queue
73/*	file. When a null result buffer pointer is provided, the result
74/*	is written to a private buffer that may be overwritten upon the
75/*	next call.
76/*
77/*	mail_queue_mkdirs() creates missing parent directories
78/*	for the file named in \fBpath\fR. A non-zero result means
79/*	that the operation failed.
80/*
81/*	mail_queue_rename() renames a queue file. A non-zero result
82/*	means the operation failed.
83/*
84/*	mail_queue_remove() removes the named queue file. A non-zero result
85/*	means the operation failed.
86/*
87/*	mail_queue_name_ok() validates a mail queue name and returns
88/*	non-zero (true) if the name contains no nasty characters.
89/*
90/*	mail_queue_id_ok() does the same thing for mail queue ID names.
91/* DIAGNOSTICS
92/*	Panic: invalid queue name or id given to mail_queue_path(),
93/*	mail_queue_rename(), or mail_queue_remove().
94/*	Fatal error: out of memory.
95/* LICENSE
96/* .ad
97/* .fi
98/*	The Secure Mailer license must be distributed with this software.
99/* AUTHOR(S)
100/*	Wietse Venema
101/*	IBM T.J. Watson Research
102/*	P.O. Box 704
103/*	Yorktown Heights, NY 10598, USA
104/*--*/
105
106/* System library. */
107
108#include <sys_defs.h>
109#include <stdio.h>			/* rename() */
110#include <stdlib.h>
111#include <ctype.h>
112#include <stdlib.h>
113#include <unistd.h>
114#include <fcntl.h>
115#include <sys/time.h>			/* gettimeofday, not in POSIX */
116#include <string.h>
117#include <errno.h>
118
119#ifdef STRCASECMP_IN_STRINGS_H
120#include <strings.h>
121#endif
122
123/* Utility library. */
124
125#include <msg.h>
126#include <vstring.h>
127#include <vstream.h>
128#include <mymalloc.h>
129#include <argv.h>
130#include <dir_forest.h>
131#include <make_dirs.h>
132#include <split_at.h>
133#include <sane_fsops.h>
134#include <valid_hostname.h>
135
136/* Global library. */
137
138#include "file_id.h"
139#include "mail_params.h"
140#define MAIL_QUEUE_INTERNAL
141#include "mail_queue.h"
142
143#define STR	vstring_str
144
145/* mail_queue_dir - construct mail queue directory name */
146
147const char *mail_queue_dir(VSTRING *buf, const char *queue_name,
148			           const char *queue_id)
149{
150    const char *myname = "mail_queue_dir";
151    static VSTRING *private_buf = 0;
152    static VSTRING *hash_buf = 0;
153    static ARGV *hash_queue_names = 0;
154    static VSTRING *usec_buf = 0;
155    const char *delim;
156    char  **cpp;
157
158    /*
159     * Sanity checks.
160     */
161    if (mail_queue_name_ok(queue_name) == 0)
162	msg_panic("%s: bad queue name: %s", myname, queue_name);
163    if (mail_queue_id_ok(queue_id) == 0)
164	msg_panic("%s: bad queue id: %s", myname, queue_id);
165
166    /*
167     * Initialize.
168     */
169    if (buf == 0) {
170	if (private_buf == 0)
171	    private_buf = vstring_alloc(100);
172	buf = private_buf;
173    }
174    if (hash_buf == 0) {
175	hash_buf = vstring_alloc(100);
176	hash_queue_names = argv_split(var_hash_queue_names, CHARS_COMMA_SP);
177    }
178
179    /*
180     * First, put the basic queue directory name into place.
181     */
182    vstring_strcpy(buf, queue_name);
183    vstring_strcat(buf, "/");
184
185    /*
186     * Then, see if we need to append a little directory forest.
187     */
188    for (cpp = hash_queue_names->argv; *cpp; cpp++) {
189	if (strcasecmp(*cpp, queue_name) == 0) {
190	    if (MQID_FIND_LG_INUM_SEPARATOR(delim, queue_id)) {
191		if (usec_buf == 0)
192		    usec_buf = vstring_alloc(20);
193		MQID_LG_GET_HEX_USEC(usec_buf, delim);
194		queue_id = STR(usec_buf);
195	    }
196	    vstring_strcat(buf,
197		      dir_forest(hash_buf, queue_id, var_hash_queue_depth));
198	    break;
199	}
200    }
201    return (STR(buf));
202}
203
204/* mail_queue_path - map mail queue id to path name */
205
206const char *mail_queue_path(VSTRING *buf, const char *queue_name,
207			            const char *queue_id)
208{
209    static VSTRING *private_buf = 0;
210
211    /*
212     * Initialize.
213     */
214    if (buf == 0) {
215	if (private_buf == 0)
216	    private_buf = vstring_alloc(100);
217	buf = private_buf;
218    }
219
220    /*
221     * Append the queue id to the possibly hashed queue directory.
222     */
223    (void) mail_queue_dir(buf, queue_name, queue_id);
224    vstring_strcat(buf, queue_id);
225    return (STR(buf));
226}
227
228/* mail_queue_mkdirs - fill in missing directories */
229
230int     mail_queue_mkdirs(const char *path)
231{
232    const char *myname = "mail_queue_mkdirs";
233    char   *saved_path = mystrdup(path);
234    int     ret;
235
236    /*
237     * Truncate a copy of the pathname (for safety sake), and create the
238     * missing directories.
239     */
240    if (split_at_right(saved_path, '/') == 0)
241	msg_panic("%s: no slash in: %s", myname, saved_path);
242    ret = make_dirs(saved_path, 0700);
243    myfree(saved_path);
244    return (ret);
245}
246
247/* mail_queue_rename - move message to another queue */
248
249int     mail_queue_rename(const char *queue_id, const char *old_queue,
250			          const char *new_queue)
251{
252    VSTRING *old_buf = vstring_alloc(100);
253    VSTRING *new_buf = vstring_alloc(100);
254    int     error;
255
256    /*
257     * Try the operation. If it fails, see if it is because of missing
258     * intermediate directories.
259     */
260    error = sane_rename(mail_queue_path(old_buf, old_queue, queue_id),
261			mail_queue_path(new_buf, new_queue, queue_id));
262    if (error != 0 && mail_queue_mkdirs(STR(new_buf)) == 0)
263	error = sane_rename(STR(old_buf), STR(new_buf));
264
265    /*
266     * Cleanup.
267     */
268    vstring_free(old_buf);
269    vstring_free(new_buf);
270
271    return (error);
272}
273
274/* mail_queue_remove - remove mail queue file */
275
276int     mail_queue_remove(const char *queue_name, const char *queue_id)
277{
278    return (REMOVE(mail_queue_path((VSTRING *) 0, queue_name, queue_id)));
279}
280
281/* mail_queue_name_ok - validate mail queue name */
282
283int     mail_queue_name_ok(const char *queue_name)
284{
285    const char *cp;
286
287    if (*queue_name == 0 || strlen(queue_name) > 100)
288	return (0);
289
290    for (cp = queue_name; *cp; cp++)
291	if (!ISALNUM(*cp))
292	    return (0);
293    return (1);
294}
295
296/* mail_queue_id_ok - validate mail queue id */
297
298int     mail_queue_id_ok(const char *queue_id)
299{
300    const char *cp;
301
302    /*
303     * A file name is either a queue ID (short alphanumeric string in
304     * time+inum form) or a fast flush service logfile name (destination
305     * domain name with non-alphanumeric characters replaced by "_").
306     */
307    if (*queue_id == 0 || strlen(queue_id) > VALID_HOSTNAME_LEN)
308	return (0);
309
310    /*
311     * OK if in time+inum form or in host_domain_tld form.
312     */
313    for (cp = queue_id; *cp; cp++)
314	if (!ISALNUM(*cp) && *cp != '_')
315	    return (0);
316    return (1);
317}
318
319/* mail_queue_enter - make mail queue entry with locally-unique name */
320
321VSTREAM *mail_queue_enter(const char *queue_name, mode_t mode,
322			          struct timeval * tp)
323{
324    const char *myname = "mail_queue_enter";
325    static VSTRING *sec_buf;
326    static VSTRING *usec_buf;
327    static VSTRING *id_buf;
328    static int pid;
329    static VSTRING *path_buf;
330    static VSTRING *temp_path;
331    struct timeval tv;
332    int     fd;
333    const char *file_id;
334    VSTREAM *stream;
335    int     count;
336
337    /*
338     * Initialize.
339     */
340    if (id_buf == 0) {
341	pid = getpid();
342	sec_buf = vstring_alloc(10);
343	usec_buf = vstring_alloc(10);
344	id_buf = vstring_alloc(10);
345	path_buf = vstring_alloc(10);
346	temp_path = vstring_alloc(100);
347    }
348    if (tp == 0)
349	tp = &tv;
350
351    /*
352     * Create a file with a temporary name that does not collide. The process
353     * ID alone is not sufficiently unique: maildrops can be shared via the
354     * network. Not that I recommend using a network-based queue, or having
355     * multiple hosts write to the same queue, but we should try to avoid
356     * losing mail if we can.
357     *
358     * If someone is racing against us, try to win.
359     */
360    for (;;) {
361	GETTIMEOFDAY(tp);
362	vstring_sprintf(temp_path, "%s/%d.%d", queue_name,
363			(int) tp->tv_usec, pid);
364	if ((fd = open(STR(temp_path), O_RDWR | O_CREAT | O_EXCL, mode)) >= 0)
365	    break;
366	if (errno == EEXIST || errno == EISDIR)
367	    continue;
368	msg_warn("%s: create file %s: %m", myname, STR(temp_path));
369	sleep(10);
370    }
371
372    /*
373     * Rename the file to something that is derived from the file ID. I saw
374     * this idea first being used in Zmailer. On any reasonable file system
375     * the file ID is guaranteed to be unique. Better let the OS resolve
376     * collisions than doing a worse job in an application. Another
377     * attractive property of file IDs is that they can appear in messages
378     * without leaking a significant amount of system information (unlike
379     * process ids). Not so nice is that files need to be renamed when they
380     * are moved to another file system.
381     *
382     * If someone is racing against us, try to win.
383     */
384    file_id = get_file_id_fd(fd, var_long_queue_ids);
385
386    /*
387     * XXX Some systems seem to have clocks that correlate with process
388     * scheduling or something. Unfortunately, we cannot add random
389     * quantities to the time, because the non-inode part of a queue ID must
390     * not repeat within the same second. The queue ID is the sole thing that
391     * prevents multiple messages from getting the same Message-ID value.
392     */
393    for (count = 0;; count++) {
394	GETTIMEOFDAY(tp);
395	if (var_long_queue_ids) {
396	    vstring_sprintf(id_buf, "%s%s%c%s",
397			    MQID_LG_ENCODE_SEC(sec_buf, tp->tv_sec),
398			    MQID_LG_ENCODE_USEC(usec_buf, tp->tv_usec),
399			    MQID_LG_INUM_SEP, file_id);
400	} else {
401	    vstring_sprintf(id_buf, "%s%s",
402			    MQID_SH_ENCODE_USEC(usec_buf, tp->tv_usec),
403			    file_id);
404	}
405	mail_queue_path(path_buf, queue_name, STR(id_buf));
406	if (sane_rename(STR(temp_path), STR(path_buf)) == 0)	/* success */
407	    break;
408	if (errno == EPERM || errno == EISDIR)	/* collision. weird. */
409	    continue;
410	if (errno != ENOENT || mail_queue_mkdirs(STR(path_buf)) < 0) {
411	    msg_warn("%s: rename %s to %s: %m", myname,
412		     STR(temp_path), STR(path_buf));
413	}
414	if (count > 1000)			/* XXX whatever */
415	    msg_fatal("%s: rename %s to %s: giving up", myname,
416		      STR(temp_path), STR(path_buf));
417    }
418
419    stream = vstream_fdopen(fd, O_RDWR);
420    vstream_control(stream, CA_VSTREAM_CTL_PATH(STR(path_buf)), CA_VSTREAM_CTL_END);
421    return (stream);
422}
423
424/* mail_queue_open - open mail queue file */
425
426VSTREAM *mail_queue_open(const char *queue_name, const char *queue_id,
427			         int flags, mode_t mode)
428{
429    const char *path = mail_queue_path((VSTRING *) 0, queue_name, queue_id);
430    VSTREAM *fp;
431
432    /*
433     * Try the operation. If file creation fails, see if it is because of a
434     * missing subdirectory.
435     */
436    if ((fp = vstream_fopen(path, flags, mode)) == 0)
437	if (errno == ENOENT)
438	    if ((flags & O_CREAT) == O_CREAT && mail_queue_mkdirs(path) == 0)
439		fp = vstream_fopen(path, flags, mode);
440    return (fp);
441}
442