static int do_hardlink(struct maildir_mailbox *mbox, const char *path,
struct hardlink_ctx *ctx)
{
int ret;
if (mbox->storage->storage.set->mail_nfs_storage)
ret = nfs_safe_link(path, ctx->dest_path, FALSE);
else
ret = link(path, ctx->dest_path);
if (ret < 0) {
if (errno == ENOENT)
return 0;
if (ENOQUOTA(errno)) {
mail_storage_set_error(&mbox->storage->storage,
MAIL_ERROR_NOQUOTA, MAIL_ERRSTR_NO_QUOTA);
return -1;
}
/* we could handle the EEXIST condition by changing the
filename, but it practically never happens so just fallback
to standard copying for the rare cases when it does. */
if (errno == EACCES || ECANTLINK(errno) || errno == EEXIST)
return 1;
mail_storage_set_critical(&mbox->storage->storage,
"link(%s, %s) failed: %m",
path, ctx->dest_path);
return -1;
}
ctx->success = TRUE;
return 1;
}
static int sieve_file_storage_create_tmp
(struct sieve_file_storage *fstorage, const char *scriptname,
const char **fpath_r)
{
struct sieve_storage *storage = &fstorage->storage;
struct stat st;
unsigned int prefix_len;
const char *tmp_fname = NULL;
string_t *path;
int fd;
path = t_str_new(256);
str_append(path, fstorage->path);
str_append(path, "/tmp/");
prefix_len = str_len(path);
for (;;) {
tmp_fname = sieve_generate_tmp_filename(scriptname);
str_truncate(path, prefix_len);
str_append(path, tmp_fname);
/* stat() first to see if it exists. pretty much the only
possibility of that happening is if time had moved
backwards, but even then it's highly unlikely. */
if (stat(str_c(path), &st) == 0) {
/* try another file name */
} else if (errno != ENOENT) {
sieve_storage_set_critical(storage, "save: "
"stat(%s) failed: %m", str_c(path));
return -1;
} else {
/* doesn't exist */
mode_t old_mask = umask(0777 & ~(fstorage->file_create_mode));
fd = open(str_c(path),
O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, 0777);
umask(old_mask);
if (fd != -1 || errno != EEXIST)
break;
/* race condition between stat() and open().
highly unlikely. */
}
}
*fpath_r = str_c(path);
if (fd == -1) {
if (ENOQUOTA(errno)) {
sieve_storage_set_error(storage,
SIEVE_ERROR_NO_QUOTA,
"Not enough disk quota");
} else {
sieve_storage_set_critical(storage, "save: "
"open(%s) failed: %m", str_c(path));
}
}
return fd;
}
static int maildir_create_tmp(struct maildir_mailbox *mbox, const char *dir,
const char **fname_r)
{
struct mailbox *box = &mbox->box;
const struct mailbox_permissions *perm = mailbox_get_permissions(box);
unsigned int prefix_len;
const char *tmp_fname;
string_t *path;
mode_t old_mask;
int fd;
path = t_str_new(256);
str_append(path, dir);
str_append_c(path, '/');
prefix_len = str_len(path);
do {
tmp_fname = maildir_filename_generate();
str_truncate(path, prefix_len);
str_append(path, tmp_fname);
/* the generated filename is unique. the only reason why it
might return an existing filename is if the time moved
backwards. so we'll use O_EXCL anyway, although it's mostly
useless. */
old_mask = umask(0777 & ~perm->file_create_mode);
fd = open(str_c(path),
O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, 0777);
umask(old_mask);
} while (fd == -1 && errno == EEXIST);
*fname_r = tmp_fname;
if (fd == -1) {
if (ENOQUOTA(errno)) {
mail_storage_set_error(box->storage,
MAIL_ERROR_NOQUOTA, MAIL_ERRSTR_NO_QUOTA);
} else {
mail_storage_set_critical(box->storage,
"open(%s) failed: %m", str_c(path));
}
} else if (perm->file_create_gid != (gid_t)-1) {
if (fchown(fd, (uid_t)-1, perm->file_create_gid) < 0) {
if (errno == EPERM) {
mail_storage_set_critical(box->storage, "%s",
eperm_error_get_chgrp("fchown",
str_c(path),
perm->file_create_gid,
perm->file_create_gid_origin));
} else {
mail_storage_set_critical(box->storage,
"fchown(%s) failed: %m", str_c(path));
}
}
}
return fd;
}
int sieve_file_storage_save_finish
(struct sieve_storage_save_context *sctx)
{
struct sieve_file_save_context *fsctx =
(struct sieve_file_save_context *)sctx;
struct sieve_storage *storage = sctx->storage;
int output_errno;
if ( sctx->failed && fsctx->fd == -1 ) {
/* tmp file creation failed */
return -1;
}
T_BEGIN {
output_errno = fsctx->output->stream_errno;
o_stream_destroy(&fsctx->output);
if ( fsync(fsctx->fd) < 0 ) {
sieve_storage_set_critical(storage, "save: "
"fsync(%s) failed: %m", fsctx->tmp_path);
sctx->failed = TRUE;
}
if ( close(fsctx->fd) < 0 ) {
sieve_storage_set_critical(storage, "save: "
"close(%s) failed: %m", fsctx->tmp_path);
sctx->failed = TRUE;
}
fsctx->fd = -1;
if ( sctx->failed ) {
/* delete the tmp file */
if (unlink(fsctx->tmp_path) < 0 && errno != ENOENT) {
sieve_storage_sys_warning(storage, "save: "
"unlink(%s) failed: %m", fsctx->tmp_path);
}
fsctx->tmp_path = NULL;
errno = output_errno;
if ( ENOQUOTA(errno) ) {
sieve_storage_set_error(storage,
SIEVE_ERROR_NO_QUOTA,
"Not enough disk quota");
} else if ( errno != 0 ) {
sieve_storage_set_critical(storage, "save: "
"write(%s) failed: %m", fsctx->tmp_path);
}
}
} T_END;
return ( sctx->failed ? -1 : 0 );
}
void mbox_set_syscall_error(struct mbox_mailbox *mbox, const char *function)
{
i_assert(function != NULL);
if (ENOQUOTA(errno)) {
mail_storage_set_error(&mbox->storage->storage,
MAIL_ERROR_NOQUOTA, MAIL_ERRSTR_NO_QUOTA);
} else {
const char *toobig_error = errno != EFBIG ? "" :
" (process was started with ulimit -f limit)";
mailbox_set_critical(&mbox->box,
"%s failed with mbox: %m%s", function, toobig_error);
}
}
bool mail_error_from_errno(enum mail_error *error_r,
const char **error_string_r)
{
if (ENOACCESS(errno)) {
*error_r = MAIL_ERROR_PERM;
*error_string_r = MAIL_ERRSTR_NO_PERMISSION;
} else if (ENOQUOTA(errno)) {
*error_r = MAIL_ERROR_NOQUOTA;
*error_string_r = MAIL_ERRSTR_NO_QUOTA;
} else if (ENOTFOUND(errno)) {
*error_r = MAIL_ERROR_NOTFOUND;
*error_string_r = errno != ELOOP ? "Not found" :
"Directory structure is broken";
} else {
return FALSE;
}
return TRUE;
}
static int maildir_file_move(struct maildir_save_context *ctx,
struct maildir_filename *mf, const char *destname,
bool newdir)
{
struct mail_storage *storage = &ctx->mbox->storage->storage;
const char *tmp_path, *new_path;
i_assert(*destname != '\0');
i_assert(*mf->tmp_name != '\0');
/* if we have flags, we'll move it to cur/ directly, because files in
new/ directory can't have flags. alternative would be to write it
in new/ and set the flags dirty in index file, but in that case
external MUAs would see wrong flags. */
tmp_path = t_strconcat(ctx->tmpdir, "/", mf->tmp_name, NULL);
new_path = newdir ?
t_strconcat(ctx->newdir, "/", destname, NULL) :
t_strconcat(ctx->curdir, "/", destname, NULL);
/* maildir spec says we should use link() + unlink() here. however
since our filename is guaranteed to be unique, rename() works just
as well, except faster. even if the filename wasn't unique, the
problem could still happen if the file was already moved from
new/ to cur/, so link() doesn't really provide any safety anyway.
Besides the small temporary performance benefits, this rename() is
almost required with OSX's HFS+ filesystem, since it implements
hard links in a pretty ugly way, which makes the performance crawl
when a lot of hard links are used. */
if (rename(tmp_path, new_path) == 0) {
mf->flags |= MAILDIR_FILENAME_FLAG_MOVED;
return 0;
} else if (ENOQUOTA(errno)) {
mail_storage_set_error(storage, MAIL_ERROR_NOQUOTA,
MAIL_ERRSTR_NO_QUOTA);
return -1;
} else {
mail_storage_set_critical(storage, "rename(%s, %s) failed: %m",
tmp_path, new_path);
return -1;
}
}
static int sieve_file_storage_script_move
(struct sieve_file_save_context *fsctx, const char *dst)
{
struct sieve_storage_save_context *sctx = &fsctx->context;
struct sieve_storage *storage = sctx->storage;
int result = 0;
T_BEGIN {
/* Using rename() to ensure existing files are replaced
* without conflicts with other processes using the same
* file. The kernel wont fully delete the original until
* all processes have closed the file.
*/
if (rename(fsctx->tmp_path, dst) == 0)
result = 0;
else {
result = -1;
if ( ENOQUOTA(errno) ) {
sieve_storage_set_error(storage,
SIEVE_ERROR_NO_QUOTA,
"Not enough disk quota");
} else if ( errno == EACCES ) {
sieve_storage_set_critical(storage, "save: "
"Failed to save Sieve script: "
"%s", eacces_error_get("rename", dst));
} else {
sieve_storage_set_critical(storage, "save: "
"rename(%s, %s) failed: %m", fsctx->tmp_path, dst);
}
}
/* Always destroy temp file */
if (unlink(fsctx->tmp_path) < 0 && errno != ENOENT) {
sieve_storage_sys_warning(storage, "save: "
"unlink(%s) failed: %m", fsctx->tmp_path);
}
} T_END;
return result;
}
static int maildir_save_finish_real(struct mail_save_context *_ctx)
{
struct maildir_save_context *ctx = (struct maildir_save_context *)_ctx;
struct mail_storage *storage = &ctx->mbox->storage->storage;
const char *path;
off_t real_size;
uoff_t size;
int output_errno;
ctx->last_save_finished = TRUE;
if (ctx->failed && ctx->fd == -1) {
/* tmp file creation failed */
return -1;
}
path = t_strconcat(ctx->tmpdir, "/", ctx->file_last->tmp_name, NULL);
if (!ctx->failed && o_stream_nfinish(_ctx->data.output) < 0) {
if (!mail_storage_set_error_from_errno(storage)) {
mail_storage_set_critical(storage,
"write(%s) failed: %m", path);
}
ctx->failed = TRUE;
}
if (_ctx->data.save_date != (time_t)-1) {
/* we can't change ctime, but we can add the date to cache */
struct index_mail *mail = (struct index_mail *)_ctx->dest_mail;
uint32_t t = _ctx->data.save_date;
index_mail_cache_add(mail, MAIL_CACHE_SAVE_DATE, &t, sizeof(t));
}
if (maildir_save_finish_received_date(ctx, path) < 0)
ctx->failed = TRUE;
if (ctx->cur_dest_mail != NULL) {
index_mail_cache_parse_deinit(ctx->cur_dest_mail,
ctx->ctx.data.received_date,
!ctx->failed);
}
i_stream_unref(&ctx->input);
/* remember the size in case we want to add it to filename */
ctx->file_last->size = _ctx->data.output->offset;
if (ctx->cur_dest_mail == NULL ||
mail_get_virtual_size(ctx->cur_dest_mail,
&ctx->file_last->vsize) < 0)
ctx->file_last->vsize = (uoff_t)-1;
output_errno = _ctx->data.output->last_failed_errno;
o_stream_destroy(&_ctx->data.output);
if (storage->set->parsed_fsync_mode != FSYNC_MODE_NEVER &&
!ctx->failed) {
if (fsync(ctx->fd) < 0) {
if (!mail_storage_set_error_from_errno(storage)) {
mail_storage_set_critical(storage,
"fsync(%s) failed: %m", path);
}
ctx->failed = TRUE;
}
}
real_size = lseek(ctx->fd, 0, SEEK_END);
if (real_size == (off_t)-1) {
mail_storage_set_critical(storage,
"lseek(%s) failed: %m", path);
} else if (real_size != (off_t)ctx->file_last->size &&
(!maildir_filename_get_size(ctx->file_last->dest_basename,
MAILDIR_EXTRA_FILE_SIZE, &size) ||
size != ctx->file_last->size)) {
/* e.g. zlib plugin was used. the "physical size" must be in
the maildir filename, since stat() will return wrong size */
ctx->file_last->preserve_filename = FALSE;
/* preserve the GUID if needed */
if (ctx->file_last->guid == NULL)
ctx->file_last->guid = ctx->file_last->dest_basename;
/* reset the base name as well, just in case there's a
,W=vsize */
ctx->file_last->dest_basename = ctx->file_last->tmp_name;
}
if (close(ctx->fd) < 0) {
if (!mail_storage_set_error_from_errno(storage)) {
mail_storage_set_critical(storage,
"close(%s) failed: %m", path);
}
ctx->failed = TRUE;
}
ctx->fd = -1;
if (ctx->failed) {
/* delete the tmp file */
i_unlink_if_exists(path);
errno = output_errno;
if (ENOQUOTA(errno)) {
mail_storage_set_error(storage,
MAIL_ERROR_NOQUOTA, MAIL_ERRSTR_NO_QUOTA);
} else if (errno != 0) {
mail_storage_set_critical(storage,
"write(%s) failed: %m", path);
}
maildir_save_remove_last_filename(ctx);
return -1;
}
ctx->file_last = NULL;
return 0;
}
static int
sieve_file_storage_save_to(struct sieve_file_storage *fstorage,
string_t *temp_path, struct istream *input,
const char *target)
{
struct sieve_storage *storage = &fstorage->storage;
struct ostream *output;
int fd;
// FIXME: move this to base class
// FIXME: use io_stream_temp
fd = safe_mkstemp_hostpid
(temp_path, fstorage->file_create_mode, (uid_t)-1, (gid_t)-1);
if ( fd < 0 ) {
if ( errno == EACCES ) {
sieve_storage_set_critical(storage,
"Failed to create temporary file: %s",
eacces_error_get_creating("open", str_c(temp_path)));
} else {
sieve_storage_set_critical(storage,
"Failed to create temporary file: open(%s) failed: %m",
str_c(temp_path));
}
return -1;
}
output = o_stream_create_fd(fd, 0);
switch ( o_stream_send_istream(output, input) ) {
case OSTREAM_SEND_ISTREAM_RESULT_FINISHED:
break;
case OSTREAM_SEND_ISTREAM_RESULT_WAIT_INPUT:
case OSTREAM_SEND_ISTREAM_RESULT_WAIT_OUTPUT:
i_unreached();
case OSTREAM_SEND_ISTREAM_RESULT_ERROR_INPUT:
sieve_storage_set_critical(storage,
"read(%s) failed: %s", i_stream_get_name(input),
i_stream_get_error(input));
o_stream_destroy(&output);
i_unlink(str_c(temp_path));
return -1;
case OSTREAM_SEND_ISTREAM_RESULT_ERROR_OUTPUT:
sieve_storage_set_critical(storage,
"write(%s) failed: %s", str_c(temp_path),
o_stream_get_error(output));
o_stream_destroy(&output);
i_unlink(str_c(temp_path));
return -1;
}
o_stream_destroy(&output);
if ( rename(str_c(temp_path), target) < 0 ) {
if ( ENOQUOTA(errno) ) {
sieve_storage_set_error(storage,
SIEVE_ERROR_NO_QUOTA,
"Not enough disk quota");
} else if ( errno == EACCES ) {
sieve_storage_set_critical(storage,
"%s", eacces_error_get("rename", target));
} else {
sieve_storage_set_critical(storage,
"rename(%s, %s) failed: %m",
str_c(temp_path), target);
}
i_unlink(str_c(temp_path));
}
return 0;
}
