void unlockmail(void) { PRIV(mailunlock()); }
int main (int argc, char **argv) { char *inname, *outname; int indesc, outdesc; ssize_t nread; int wait_status; int c, preserve_mail = 0; #ifndef MAIL_USE_SYSTEM_LOCK struct stat st; int tem; char *lockname; char *tempname; size_t inname_len, inname_dirlen; int desc; #endif /* not MAIL_USE_SYSTEM_LOCK */ #ifdef MAIL_USE_MAILLOCK char *spool_name; #endif #ifdef MAIL_USE_POP int pop_reverse_order = 0; # define ARGSTR "pr" #else /* ! MAIL_USE_POP */ # define ARGSTR "p" #endif /* MAIL_USE_POP */ uid_t real_gid = getgid (); uid_t priv_gid = getegid (); #ifdef WINDOWSNT /* Ensure all file i/o is in binary mode. */ _fmode = _O_BINARY; #endif delete_lockname = 0; while ((c = getopt (argc, argv, ARGSTR)) != EOF) { switch (c) { #ifdef MAIL_USE_POP case 'r': pop_reverse_order = 1; break; #endif case 'p': preserve_mail++; break; default: exit (EXIT_FAILURE); } } if ( #ifdef MAIL_USE_POP (argc - optind < 2) || (argc - optind > 3) #else (argc - optind != 2) #endif ) { #ifdef MAIL_USE_POP fprintf (stderr, "Usage: movemail [-p] [-r] inbox destfile%s\n", " [POP-password]"); #else fprintf (stderr, "Usage: movemail [-p] inbox destfile%s\n", ""); #endif exit (EXIT_FAILURE); } inname = argv[optind]; outname = argv[optind+1]; #ifdef MAIL_USE_MMDF mmdf_init (argv[0]); #endif if (*outname == 0) fatal ("Destination file name is empty", 0, 0); #ifdef MAIL_USE_POP if (!strncmp (inname, "po:", 3)) { int status; status = popmail (inname + 3, outname, preserve_mail, (argc - optind == 3) ? argv[optind+2] : NULL, pop_reverse_order); exit (status); } if (setuid (getuid ()) < 0) fatal ("Failed to drop privileges", 0, 0); #endif /* MAIL_USE_POP */ #ifndef DISABLE_DIRECT_ACCESS #ifndef MAIL_USE_MMDF #ifndef MAIL_USE_SYSTEM_LOCK #ifdef MAIL_USE_MAILLOCK spool_name = mail_spool_name (inname); if (spool_name) { #ifdef lint lockname = 0; #endif } else #endif { /* Use a lock file named after our first argument with .lock appended: If it exists, the mail file is locked. */ /* Note: this locking mechanism is *required* by the mailer (on systems which use it) to prevent loss of mail. On systems that use a lock file, extracting the mail without locking WILL occasionally cause loss of mail due to timing errors! So, if creation of the lock file fails due to access permission on the mail spool directory, you simply MUST change the permission and/or make movemail a setgid program so it can create lock files properly. You might also wish to verify that your system is one which uses lock files for this purpose. Some systems use other methods. */ inname_len = strlen (inname); lockname = xmalloc (inname_len + sizeof ".lock"); strcpy (lockname, inname); strcpy (lockname + inname_len, ".lock"); for (inname_dirlen = inname_len; inname_dirlen && !IS_DIRECTORY_SEP (inname[inname_dirlen - 1]); inname_dirlen--) continue; tempname = xmalloc (inname_dirlen + sizeof "EXXXXXX"); while (1) { /* Create the lock file, but not under the lock file name. */ /* Give up if cannot do that. */ memcpy (tempname, inname, inname_dirlen); strcpy (tempname + inname_dirlen, "EXXXXXX"); #ifdef HAVE_MKSTEMP desc = mkstemp (tempname); #else mktemp (tempname); if (!*tempname) desc = -1; else { unlink (tempname); desc = open (tempname, O_WRONLY | O_CREAT | O_EXCL, 0600); } #endif if (desc < 0) { int mkstemp_errno = errno; error ("error while creating what would become the lock file", 0, 0); errno = mkstemp_errno; pfatal_with_name (tempname); } close (desc); tem = link (tempname, lockname); #ifdef EPERM if (tem < 0 && errno == EPERM) fatal ("Unable to create hard link between %s and %s", tempname, lockname); #endif unlink (tempname); if (tem >= 0) break; sleep (1); /* If lock file is five minutes old, unlock it. Five minutes should be good enough to cope with crashes and wedgitude, and long enough to avoid being fooled by time differences between machines. */ if (stat (lockname, &st) >= 0) { time_t now = time (0); if (st.st_ctime < now - 300) unlink (lockname); } } delete_lockname = lockname; } #endif /* not MAIL_USE_SYSTEM_LOCK */ #endif /* not MAIL_USE_MMDF */ if (fork () == 0) { int lockcount = 0; int status = 0; #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK) time_t touched_lock; # ifdef lint touched_lock = 0; # endif #endif if (setuid (getuid ()) < 0 || setregid (-1, real_gid) < 0) fatal ("Failed to drop privileges", 0, 0); #ifndef MAIL_USE_MMDF #ifdef MAIL_USE_SYSTEM_LOCK indesc = open (inname, O_RDWR); #else /* if not MAIL_USE_SYSTEM_LOCK */ indesc = open (inname, O_RDONLY); #endif /* not MAIL_USE_SYSTEM_LOCK */ #else /* MAIL_USE_MMDF */ indesc = lk_open (inname, O_RDONLY, 0, 0, 10); #endif /* MAIL_USE_MMDF */ if (indesc < 0) pfatal_with_name (inname); #ifdef BSD_SYSTEM /* In case movemail is setuid to root, make sure the user can read the output file. */ /* This is desirable for all systems but I don't want to assume all have the umask system call */ umask (umask (0) & 0333); #endif /* BSD_SYSTEM */ outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666); if (outdesc < 0) pfatal_with_name (outname); if (setregid (-1, priv_gid) < 0) fatal ("Failed to regain privileges", 0, 0); /* This label exists so we can retry locking after a delay, if it got EAGAIN or EBUSY. */ retry_lock: /* Try to lock it. */ #ifdef MAIL_USE_MAILLOCK if (spool_name) { /* The "0 - " is to make it a negative number if maillock returns non-zero. */ status = 0 - maillock (spool_name, 1); #ifdef HAVE_TOUCHLOCK touched_lock = time (0); #endif lockcount = 5; } else #endif /* MAIL_USE_MAILLOCK */ { #ifdef MAIL_USE_SYSTEM_LOCK #ifdef MAIL_USE_LOCKF status = lockf (indesc, F_LOCK, 0); #else /* not MAIL_USE_LOCKF */ #ifdef WINDOWSNT status = locking (indesc, LK_RLCK, -1L); #else status = flock (indesc, LOCK_EX); #endif #endif /* not MAIL_USE_LOCKF */ #endif /* MAIL_USE_SYSTEM_LOCK */ } /* If it fails, retry up to 5 times for certain failure codes. */ if (status < 0) { if (++lockcount <= 5) { #ifdef EAGAIN if (errno == EAGAIN) { sleep (1); goto retry_lock; } #endif #ifdef EBUSY if (errno == EBUSY) { sleep (1); goto retry_lock; } #endif } pfatal_with_name (inname); } { char buf[1024]; while (1) { nread = read (indesc, buf, sizeof buf); if (nread < 0) pfatal_with_name (inname); if (nread != write (outdesc, buf, nread)) { int saved_errno = errno; unlink (outname); errno = saved_errno; pfatal_with_name (outname); } if (nread < sizeof buf) break; #if defined (MAIL_USE_MAILLOCK) && defined (HAVE_TOUCHLOCK) if (spool_name) { time_t now = time (0); if (now - touched_lock > 60) { touchlock (); touched_lock = now; } } #endif /* MAIL_USE_MAILLOCK */ } } #ifdef BSD_SYSTEM if (fsync (outdesc) < 0) pfatal_and_delete (outname); #endif /* Prevent symlink attacks truncating other users' mailboxes */ if (setregid (-1, real_gid) < 0) fatal ("Failed to drop privileges", 0, 0); /* Check to make sure no errors before we zap the inbox. */ if (close (outdesc) != 0) pfatal_and_delete (outname); #ifdef MAIL_USE_SYSTEM_LOCK if (! preserve_mail) { if (ftruncate (indesc, 0L) != 0) pfatal_with_name (inname); } #endif /* MAIL_USE_SYSTEM_LOCK */ #ifdef MAIL_USE_MMDF lk_close (indesc, 0, 0, 0); #else close (indesc); #endif #ifndef MAIL_USE_SYSTEM_LOCK if (! preserve_mail) { /* Delete the input file; if we can't, at least get rid of its contents. */ #ifdef MAIL_UNLINK_SPOOL /* This is generally bad to do, because it destroys the permissions that were set on the file. Better to just empty the file. */ if (unlink (inname) < 0 && errno != ENOENT) #endif /* MAIL_UNLINK_SPOOL */ creat (inname, 0600); } #endif /* not MAIL_USE_SYSTEM_LOCK */ /* End of mailbox truncation */ if (setregid (-1, priv_gid) < 0) fatal ("Failed to regain privileges", 0, 0); #ifdef MAIL_USE_MAILLOCK /* This has to occur in the child, i.e., in the process that acquired the lock! */ if (spool_name) mailunlock (); #endif exit (EXIT_SUCCESS); } wait (&wait_status); if (!WIFEXITED (wait_status)) exit (EXIT_FAILURE); else if (WEXITSTATUS (wait_status) != 0) exit (WEXITSTATUS (wait_status)); #if !defined (MAIL_USE_MMDF) && !defined (MAIL_USE_SYSTEM_LOCK) #ifdef MAIL_USE_MAILLOCK if (! spool_name) #endif /* MAIL_USE_MAILLOCK */ unlink (lockname); #endif /* not MAIL_USE_MMDF and not MAIL_USE_SYSTEM_LOCK */ #endif /* ! DISABLE_DIRECT_ACCESS */ return EXIT_SUCCESS; }
void unlock() { mailunlock(); }