main (argc, argv)
{
AP_ptr ap_fp;
int getach();
mmdf_init ("PARSE");
logptr -> ll_level = LLOGFTR;
if (argc == 2)
debug++;
for (;;)
{
printf ("Parse: ");
ap_fp = ap_fullparse (getach);
if (ap_fp == (AP_ptr) NOTOK) {
printf ("\nNOTOK: on %s\n", namtab[ap_llex]);
} else if (ap_fp == (AP_ptr) DONE) {
printf ("\nNOTOK: on %s\n", namtab[ap_llex]);
} else if (ap_fp == OK) {
printf ("\nOK?: on %s\n", namtab[ap_llex]);
} else {
printf ("\n\nAccept\n");
pretty (ap_fp);
printf ("\n");
while (ap_sqdelete (ap_fp, (AP_ptr)0) != 0);
ap_free (ap_fp); /* delete full string */
ap_fp = (AP_ptr) 0;
continue;
}
break;
}
exit (0);
}
int
main (int argc, char **argv)
{
char *inname, *outname;
int indesc, outdesc;
ssize_t nread;
int wait_status;
int c, preserve_mail = 0;
#ifndef MAIL_USE_SYSTEM_LOCK
struct stat st;
int tem;
char *lockname;
char *tempname;
size_t inname_len, inname_dirlen;
int desc;
#endif /* not MAIL_USE_SYSTEM_LOCK */
#ifdef MAIL_USE_MAILLOCK
char *spool_name;
#endif
#ifdef MAIL_USE_POP
int pop_reverse_order = 0;
# define ARGSTR "pr"
#else /* ! MAIL_USE_POP */
# define ARGSTR "p"
#endif /* MAIL_USE_POP */
uid_t real_gid = getgid ();
uid_t priv_gid = getegid ();
#ifdef WINDOWSNT
/* Ensure all file i/o is in binary mode. */
_fmode = _O_BINARY;
#endif
delete_lockname = 0;
while ((c = getopt (argc, argv, ARGSTR)) != EOF)
{
switch (c) {
#ifdef MAIL_USE_POP
case 'r':
pop_reverse_order = 1;
break;
#endif
case 'p':
preserve_mail++;
break;
default:
exit (EXIT_FAILURE);
}
}
if (
#ifdef MAIL_USE_POP
(argc - optind < 2) || (argc - optind > 3)
#else
(argc - optind != 2)
#endif
)
{
#ifdef MAIL_USE_POP
fprintf (stderr, "Usage: movemail [-p] [-r] inbox destfile%s\n",
" [POP-password]");
#else
fprintf (stderr, "Usage: movemail [-p] inbox destfile%s\n", "");
#endif
exit (EXIT_FAILURE);
}
inname = argv[optind];
outname = argv[optind+1];
#ifdef MAIL_USE_MMDF
mmdf_init (argv[0]);
#endif
if (*outname == 0)
fatal ("Destination file name is empty", 0, 0);
#ifdef MAIL_USE_POP
if (!strncmp (inname, "po:", 3))
{
int status;
status = popmail (inname + 3, outname, preserve_mail,
(argc - optind == 3) ? argv[optind+2] : NULL,
pop_reverse_order);
exit (status);
}
if (setuid (getuid ()) < 0)
fatal ("Failed to drop privileges", 0, 0);
#endif /* MAIL_USE_POP */
#ifndef DISABLE_DIRECT_ACCESS
#ifndef MAIL_USE_MMDF
#ifndef MAIL_USE_SYSTEM_LOCK
#ifdef MAIL_USE_MAILLOCK
spool_name = mail_spool_name (inname);
if (spool_name)
{
#ifdef lint
lockname = 0;
#endif
}
else
#endif
{
/* Use a lock file named after our first argument with .lock appended:
If it exists, the mail file is locked. */
/* Note: this locking mechanism is *required* by the mailer
(on systems which use it) to prevent loss of mail.
On systems that use a lock file, extracting the mail without locking
WILL occasionally cause loss of mail due to timing errors!
So, if creation of the lock file fails due to access
permission on the mail spool directory, you simply MUST
change the permission and/or make movemail a setgid program
so it can create lock files properly.
You might also wish to verify that your system is one which
uses lock files for this purpose. Some systems use other methods. */
inname_len = strlen (inname);
lockname = xmalloc (inname_len + sizeof ".lock");
strcpy (lockname, inname);
strcpy (lockname + inname_len, ".lock");
for (inname_dirlen = inname_len;
inname_dirlen && !IS_DIRECTORY_SEP (inname[inname_dirlen - 1]);
inname_dirlen--)
continue;
tempname = xmalloc (inname_dirlen + sizeof "EXXXXXX");
while (1)
{
/* Create the lock file, but not under the lock file name. */
/* Give up if cannot do that. */
memcpy (tempname, inname, inname_dirlen);
strcpy (tempname + inname_dirlen, "EXXXXXX");
#ifdef HAVE_MKSTEMP
desc = mkstemp (tempname);
#else
mktemp (tempname);
if (!*tempname)
desc = -1;
else
{
unlink (tempname);
desc = open (tempname, O_WRONLY | O_CREAT | O_EXCL, 0600);
}
#endif
if (desc < 0)
{
int mkstemp_errno = errno;
error ("error while creating what would become the lock file",
0, 0);
errno = mkstemp_errno;
pfatal_with_name (tempname);
}
close (desc);
tem = link (tempname, lockname);
#ifdef EPERM
if (tem < 0 && errno == EPERM)
fatal ("Unable to create hard link between %s and %s",
tempname, lockname);
#endif
unlink (tempname);
if (tem >= 0)
break;
sleep (1);
/* If lock file is five minutes old, unlock it.
Five minutes should be good enough to cope with crashes
and wedgitude, and long enough to avoid being fooled
by time differences between machines. */
if (stat (lockname, &st) >= 0)
{
time_t now = time (0);
if (st.st_ctime < now - 300)
unlink (lockname);
}
}
delete_lockname = lockname;
}
#endif /* not MAIL_USE_SYSTEM_LOCK */
#endif /* not MAIL_USE_MMDF */
if (fork () == 0)
{
int lockcount = 0;
int status = 0;
#if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
time_t touched_lock;
# ifdef lint
touched_lock = 0;
# endif
#endif
if (setuid (getuid ()) < 0 || setregid (-1, real_gid) < 0)
fatal ("Failed to drop privileges", 0, 0);
#ifndef MAIL_USE_MMDF
#ifdef MAIL_USE_SYSTEM_LOCK
indesc = open (inname, O_RDWR);
#else /* if not MAIL_USE_SYSTEM_LOCK */
indesc = open (inname, O_RDONLY);
#endif /* not MAIL_USE_SYSTEM_LOCK */
#else /* MAIL_USE_MMDF */
indesc = lk_open (inname, O_RDONLY, 0, 0, 10);
#endif /* MAIL_USE_MMDF */
if (indesc < 0)
pfatal_with_name (inname);
#ifdef BSD_SYSTEM
/* In case movemail is setuid to root, make sure the user can
read the output file. */
/* This is desirable for all systems
but I don't want to assume all have the umask system call */
umask (umask (0) & 0333);
#endif /* BSD_SYSTEM */
outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666);
if (outdesc < 0)
pfatal_with_name (outname);
if (setregid (-1, priv_gid) < 0)
fatal ("Failed to regain privileges", 0, 0);
/* This label exists so we can retry locking
after a delay, if it got EAGAIN or EBUSY. */
retry_lock:
/* Try to lock it. */
#ifdef MAIL_USE_MAILLOCK
if (spool_name)
{
/* The "0 - " is to make it a negative number if maillock returns
non-zero. */
status = 0 - maillock (spool_name, 1);
#ifdef HAVE_TOUCHLOCK
touched_lock = time (0);
#endif
lockcount = 5;
}
else
#endif /* MAIL_USE_MAILLOCK */
{
#ifdef MAIL_USE_SYSTEM_LOCK
#ifdef MAIL_USE_LOCKF
status = lockf (indesc, F_LOCK, 0);
#else /* not MAIL_USE_LOCKF */
#ifdef WINDOWSNT
status = locking (indesc, LK_RLCK, -1L);
#else
status = flock (indesc, LOCK_EX);
#endif
#endif /* not MAIL_USE_LOCKF */
#endif /* MAIL_USE_SYSTEM_LOCK */
}
/* If it fails, retry up to 5 times
for certain failure codes. */
if (status < 0)
{
if (++lockcount <= 5)
{
#ifdef EAGAIN
if (errno == EAGAIN)
{
sleep (1);
goto retry_lock;
}
#endif
#ifdef EBUSY
if (errno == EBUSY)
{
sleep (1);
goto retry_lock;
}
#endif
}
pfatal_with_name (inname);
}
{
char buf[1024];
while (1)
{
nread = read (indesc, buf, sizeof buf);
if (nread < 0)
pfatal_with_name (inname);
if (nread != write (outdesc, buf, nread))
{
int saved_errno = errno;
unlink (outname);
errno = saved_errno;
pfatal_with_name (outname);
}
if (nread < sizeof buf)
break;
#if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK)
if (spool_name)
{
time_t now = time (0);
if (now - touched_lock > 60)
{
touchlock ();
touched_lock = now;
}
}
#endif /* MAIL_USE_MAILLOCK */
}
}
#ifdef BSD_SYSTEM
if (fsync (outdesc) < 0)
pfatal_and_delete (outname);
#endif
/* Prevent symlink attacks truncating other users' mailboxes */
if (setregid (-1, real_gid) < 0)
fatal ("Failed to drop privileges", 0, 0);
/* Check to make sure no errors before we zap the inbox. */
if (close (outdesc) != 0)
pfatal_and_delete (outname);
#ifdef MAIL_USE_SYSTEM_LOCK
if (! preserve_mail)
{
if (ftruncate (indesc, 0L) != 0)
pfatal_with_name (inname);
}
#endif /* MAIL_USE_SYSTEM_LOCK */
#ifdef MAIL_USE_MMDF
lk_close (indesc, 0, 0, 0);
#else
close (indesc);
#endif
#ifndef MAIL_USE_SYSTEM_LOCK
if (! preserve_mail)
{
/* Delete the input file; if we can't, at least get rid of its
contents. */
#ifdef MAIL_UNLINK_SPOOL
/* This is generally bad to do, because it destroys the permissions
that were set on the file. Better to just empty the file. */
if (unlink (inname) < 0 && errno != ENOENT)
#endif /* MAIL_UNLINK_SPOOL */
creat (inname, 0600);
}
#endif /* not MAIL_USE_SYSTEM_LOCK */
/* End of mailbox truncation */
if (setregid (-1, priv_gid) < 0)
fatal ("Failed to regain privileges", 0, 0);
#ifdef MAIL_USE_MAILLOCK
/* This has to occur in the child, i.e., in the process that
acquired the lock! */
if (spool_name)
mailunlock ();
#endif
exit (EXIT_SUCCESS);
}
wait (&wait_status);
if (!WIFEXITED (wait_status))
exit (EXIT_FAILURE);
else if (WEXITSTATUS (wait_status) != 0)
exit (WEXITSTATUS (wait_status));
#if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK)
#ifdef MAIL_USE_MAILLOCK
if (! spool_name)
#endif /* MAIL_USE_MAILLOCK */
unlink (lockname);
#endif /* not MAIL_USE_MMDF and not MAIL_USE_SYSTEM_LOCK */
#endif /* ! DISABLE_DIRECT_ACCESS */
return EXIT_SUCCESS;
}
