Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
80fea873 | 5 | /* Copyright (c) University of Cambridge 1995 - 2016 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions for writing spool files, and moving them about. */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
12 | ||
13 | ||
14 | ||
15 | /************************************************* | |
16 | * Deal with header writing errors * | |
17 | *************************************************/ | |
18 | ||
19 | /* This function is called immediately after errors in writing the spool, with | |
20 | errno still set. It creates and error message, depending on the circumstances. | |
21 | If errmsg is NULL, it logs the message and panic-dies. Otherwise errmsg is set | |
22 | to point to the message, and -1 is returned. This function makes the code of | |
23 | spool_write_header() a bit neater. | |
24 | ||
25 | Arguments: | |
26 | where SW_RECEIVING, SW_DELIVERING, or SW_MODIFYING | |
27 | errmsg where to put the message; NULL => panic-die | |
28 | s text to add to log string | |
29 | temp_name name of temp file to unlink | |
30 | f FILE to close, if not NULL | |
31 | ||
32 | Returns: -1 if errmsg is not NULL; otherwise doesn't return | |
33 | */ | |
34 | ||
35 | static int | |
36 | spool_write_error(int where, uschar **errmsg, uschar *s, uschar *temp_name, | |
37 | FILE *f) | |
38 | { | |
39 | uschar *msg = (where == SW_RECEIVING)? | |
40 | string_sprintf("spool file %s error while receiving from %s: %s", s, | |
41 | (sender_fullhost != NULL)? sender_fullhost : sender_ident, | |
42 | strerror(errno)) | |
43 | : | |
44 | string_sprintf("spool file %s error while %s: %s", s, | |
45 | (where == SW_DELIVERING)? "delivering" : "modifying", | |
46 | strerror(errno)); | |
47 | ||
48 | if (temp_name != NULL) Uunlink(temp_name); | |
f1e894f3 | 49 | if (f != NULL) (void)fclose(f); |
059ec3d9 PH |
50 | |
51 | if (errmsg == NULL) | |
52 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", msg); | |
53 | else | |
54 | *errmsg = msg; | |
55 | ||
56 | return -1; | |
57 | } | |
58 | ||
59 | ||
60 | ||
61 | /************************************************* | |
62 | * Open file under temporary name * | |
63 | *************************************************/ | |
64 | ||
65 | /* This is used for opening spool files under a temporary name, | |
66 | with a single attempt at deleting if they already exist. | |
67 | ||
68 | Argument: temporary name for spool header file | |
69 | Returns: file descriptor of open file, or < 0 on failure, with errno unchanged | |
70 | */ | |
71 | ||
72 | int | |
73 | spool_open_temp(uschar *temp_name) | |
74 | { | |
75 | int fd = Uopen(temp_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); | |
76 | ||
77 | /* If the file already exists, something has gone wrong. This process may well | |
78 | have previously created the file if it is delivering more than one address, but | |
79 | it should have renamed it almost immediately. A file could, however, be left | |
80 | around as a result of a system crash, and by coincidence this process might | |
81 | have the same pid. We therefore have one go at unlinking it before giving up. | |
82 | */ | |
83 | ||
84 | if (fd < 0 && errno == EEXIST) | |
85 | { | |
86 | DEBUG(D_any) debug_printf("%s exists: unlinking\n", temp_name); | |
87 | Uunlink(temp_name); | |
88 | fd = Uopen(temp_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); | |
89 | } | |
90 | ||
91 | /* If the file has been opened, make sure the file's group is the Exim gid, and | |
92 | double-check the mode because the group setting doesn't always get set | |
93 | automatically. */ | |
94 | ||
95 | if (fd >= 0) | |
1ac6b2e7 JH |
96 | if (fchown(fd, exim_uid, exim_gid) || fchmod(fd, SPOOL_MODE)) |
97 | { | |
98 | DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name); | |
99 | (void) close(fd); fd = -1; | |
100 | Uunlink(temp_name); | |
101 | } | |
059ec3d9 PH |
102 | |
103 | return fd; | |
104 | } | |
105 | ||
106 | ||
107 | ||
108 | /************************************************* | |
109 | * Write the header spool file * | |
110 | *************************************************/ | |
111 | ||
112 | /* Returns the size of the file for success; zero for failure. The file is | |
113 | written under a temporary name, and then renamed. It's done this way so that it | |
114 | works with re-writing the file on message deferral as well as for the initial | |
115 | write. Whenever this function is called, the data file for the message should | |
116 | be open and locked, thus preventing any other exim process from working on this | |
117 | message. | |
118 | ||
119 | Argument: | |
120 | id the message id | |
121 | where SW_RECEIVING, SW_DELIVERING, or SW_MODIFYING | |
122 | errmsg where to put an error message; if NULL, panic-die on error | |
123 | ||
124 | Returns: the size of the header texts on success; | |
125 | negative on writing failure, unless errmsg == NULL | |
126 | */ | |
127 | ||
128 | int | |
129 | spool_write_header(uschar *id, int where, uschar **errmsg) | |
130 | { | |
131 | int fd; | |
132 | int i; | |
133 | int size_correction; | |
134 | FILE *f; | |
135 | header_line *h; | |
136 | struct stat statbuf; | |
41313d92 JH |
137 | uschar * tname; |
138 | uschar * fname; | |
059ec3d9 | 139 | |
41313d92 JH |
140 | tname = spool_fname(US"input", message_subdir, |
141 | string_sprintf("hdr.%d", (int)getpid()), US""); | |
a2da3176 | 142 | |
41313d92 | 143 | if ((fd = spool_open_temp(tname)) < 0) |
a2da3176 | 144 | return spool_write_error(where, errmsg, US"open", NULL, NULL); |
059ec3d9 | 145 | f = fdopen(fd, "wb"); |
41313d92 | 146 | DEBUG(D_receive|D_deliver) debug_printf("Writing spool header file: %s\n", tname); |
059ec3d9 PH |
147 | |
148 | /* We now have an open file to which the header data is to be written. Start | |
149 | with the file's leaf name, to make the file self-identifying. Continue with the | |
150 | identity of the submitting user, followed by the sender's address. The sender's | |
151 | address is enclosed in <> because it might be the null address. Then write the | |
152 | received time and the number of warning messages that have been sent. */ | |
153 | ||
154 | fprintf(f, "%s-H\n", message_id); | |
155 | fprintf(f, "%.63s %ld %ld\n", originator_login, (long int)originator_uid, | |
156 | (long int)originator_gid); | |
157 | fprintf(f, "<%s>\n", sender_address); | |
158 | fprintf(f, "%d %d\n", received_time, warning_count); | |
159 | ||
160 | /* If there is information about a sending host, remember it. The HELO | |
161 | data can be set for local SMTP as well as remote. */ | |
162 | ||
163 | if (sender_helo_name != NULL) | |
164 | fprintf(f, "-helo_name %s\n", sender_helo_name); | |
165 | ||
166 | if (sender_host_address != NULL) | |
167 | { | |
168 | fprintf(f, "-host_address %s.%d\n", sender_host_address, sender_host_port); | |
169 | if (sender_host_name != NULL) | |
170 | fprintf(f, "-host_name %s\n", sender_host_name); | |
171 | if (sender_host_authenticated != NULL) | |
172 | fprintf(f, "-host_auth %s\n", sender_host_authenticated); | |
173 | } | |
174 | ||
175 | /* Also about the interface a message came in on */ | |
176 | ||
177 | if (interface_address != NULL) | |
178 | fprintf(f, "-interface_address %s.%d\n", interface_address, interface_port); | |
8e669ac1 | 179 | |
1f5b4c3d | 180 | if (smtp_active_hostname != primary_hostname) |
8e669ac1 | 181 | fprintf(f, "-active_hostname %s\n", smtp_active_hostname); |
059ec3d9 PH |
182 | |
183 | /* Likewise for any ident information; for local messages this is | |
184 | likely to be the same as originator_login, but will be different if | |
185 | the originator was root, forcing a different ident. */ | |
186 | ||
187 | if (sender_ident != NULL) fprintf(f, "-ident %s\n", sender_ident); | |
188 | ||
189 | /* Ditto for the received protocol */ | |
190 | ||
191 | if (received_protocol != NULL) | |
192 | fprintf(f, "-received_protocol %s\n", received_protocol); | |
193 | ||
38a0a95f | 194 | /* Preserve any ACL variables that are set. */ |
059ec3d9 | 195 | |
38a0a95f PH |
196 | tree_walk(acl_var_c, &acl_var_write, f); |
197 | tree_walk(acl_var_m, &acl_var_write, f); | |
059ec3d9 PH |
198 | |
199 | /* Now any other data that needs to be remembered. */ | |
200 | ||
201 | fprintf(f, "-body_linecount %d\n", body_linecount); | |
d677b2f2 | 202 | fprintf(f, "-max_received_linelength %d\n", max_received_linelength); |
059ec3d9 PH |
203 | |
204 | if (body_zerocount > 0) fprintf(f, "-body_zerocount %d\n", body_zerocount); | |
205 | ||
206 | if (authenticated_id != NULL) | |
207 | fprintf(f, "-auth_id %s\n", authenticated_id); | |
208 | if (authenticated_sender != NULL) | |
209 | fprintf(f, "-auth_sender %s\n", authenticated_sender); | |
210 | ||
211 | if (allow_unqualified_recipient) fprintf(f, "-allow_unqualified_recipient\n"); | |
212 | if (allow_unqualified_sender) fprintf(f, "-allow_unqualified_sender\n"); | |
213 | if (deliver_firsttime) fprintf(f, "-deliver_firsttime\n"); | |
19050083 | 214 | if (deliver_freeze) fprintf(f, "-frozen " TIME_T_FMT "\n", deliver_frozen_at); |
059ec3d9 | 215 | if (dont_deliver) fprintf(f, "-N\n"); |
b08b24c8 | 216 | if (host_lookup_deferred) fprintf(f, "-host_lookup_deferred\n"); |
059ec3d9 PH |
217 | if (host_lookup_failed) fprintf(f, "-host_lookup_failed\n"); |
218 | if (sender_local) fprintf(f, "-local\n"); | |
219 | if (local_error_message) fprintf(f, "-localerror\n"); | |
220 | if (local_scan_data != NULL) fprintf(f, "-local_scan %s\n", local_scan_data); | |
8523533c | 221 | #ifdef WITH_CONTENT_SCAN |
3481c572 JH |
222 | if (spam_bar) fprintf(f,"-spam_bar %s\n", spam_bar); |
223 | if (spam_score) fprintf(f,"-spam_score %s\n", spam_score); | |
224 | if (spam_score_int) fprintf(f,"-spam_score_int %s\n", spam_score_int); | |
8523533c | 225 | #endif |
059ec3d9 PH |
226 | if (deliver_manual_thaw) fprintf(f, "-manual_thaw\n"); |
227 | if (sender_set_untrusted) fprintf(f, "-sender_set_untrusted\n"); | |
228 | ||
8523533c TK |
229 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
230 | if (bmi_verdicts != NULL) fprintf(f, "-bmi_verdicts %s\n", bmi_verdicts); | |
231 | #endif | |
232 | ||
059ec3d9 | 233 | #ifdef SUPPORT_TLS |
817d9f57 | 234 | if (tls_in.certificate_verified) fprintf(f, "-tls_certificate_verified\n"); |
9d1c15ef JH |
235 | if (tls_in.cipher) fprintf(f, "-tls_cipher %s\n", tls_in.cipher); |
236 | if (tls_in.peercert) | |
237 | { | |
238 | (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert); | |
239 | fprintf(f, "-tls_peercert %s\n", CS big_buffer); | |
240 | } | |
241 | if (tls_in.peerdn) fprintf(f, "-tls_peerdn %s\n", string_printing(tls_in.peerdn)); | |
242 | if (tls_in.sni) fprintf(f, "-tls_sni %s\n", string_printing(tls_in.sni)); | |
243 | if (tls_in.ourcert) | |
244 | { | |
245 | (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert); | |
246 | fprintf(f, "-tls_ourcert %s\n", CS big_buffer); | |
247 | } | |
44662487 | 248 | if (tls_in.ocsp) fprintf(f, "-tls_ocsp %d\n", tls_in.ocsp); |
7be682ca | 249 | #endif |
059ec3d9 | 250 | |
8c5d388a | 251 | #ifdef SUPPORT_I18N |
3c8b3577 JH |
252 | if (message_smtputf8) |
253 | { | |
254 | fprintf(f, "-smtputf8\n"); | |
255 | if (message_utf8_downconvert) | |
0ec7e948 | 256 | fprintf(f, "-utf8_%sdowncvt\n", message_utf8_downconvert < 0 ? "opt" : ""); |
3c8b3577 | 257 | } |
7ade712c JH |
258 | #endif |
259 | ||
6c1c3d1d WB |
260 | /* Write the dsn flags to the spool header file */ |
261 | DEBUG(D_deliver) debug_printf("DSN: Write SPOOL :-dsn_envid %s\n", dsn_envid); | |
262 | if (dsn_envid != NULL) fprintf(f, "-dsn_envid %s\n", dsn_envid); | |
263 | DEBUG(D_deliver) debug_printf("DSN: Write SPOOL :-dsn_ret %d\n", dsn_ret); | |
264 | if (dsn_ret != 0) fprintf(f, "-dsn_ret %d\n", dsn_ret); | |
6c1c3d1d | 265 | |
059ec3d9 PH |
266 | /* To complete the envelope, write out the tree of non-recipients, followed by |
267 | the list of recipients. These won't be disjoint the first time, when no | |
268 | checking has been done. If a recipient is a "one-time" alias, it is followed by | |
269 | a space and its parent address number (pno). */ | |
270 | ||
271 | tree_write(tree_nonrecipients, f); | |
272 | fprintf(f, "%d\n", recipients_count); | |
273 | for (i = 0; i < recipients_count; i++) | |
274 | { | |
275 | recipient_item *r = recipients_list + i; | |
6e3b198d JH |
276 | |
277 | DEBUG(D_deliver) debug_printf("DSN: Flags :%d\n", r->dsn_flags); | |
278 | ||
50dc7409 | 279 | if (r->pno < 0 && r->errors_to == NULL && r->dsn_flags == 0) |
059ec3d9 PH |
280 | fprintf(f, "%s\n", r->address); |
281 | else | |
282 | { | |
6e3b198d | 283 | uschar * errors_to = r->errors_to ? r->errors_to : US""; |
6c1c3d1d | 284 | /* for DSN SUPPORT extend exim 4 spool in a compatible way by |
6e3b198d JH |
285 | adding new values upfront and add flag 0x02 */ |
286 | uschar * orcpt = r->orcpt ? r->orcpt : US""; | |
287 | ||
288 | fprintf(f, "%s %s %d,%d %s %d,%d#3\n", r->address, orcpt, Ustrlen(orcpt), | |
289 | r->dsn_flags, errors_to, Ustrlen(errors_to), r->pno); | |
059ec3d9 | 290 | } |
94431adb | 291 | |
6e3b198d JH |
292 | DEBUG(D_deliver) debug_printf("DSN: **** SPOOL_OUT - " |
293 | "address: |%s| errorsto: |%s| orcpt: |%s| dsn_flags: %d\n", | |
294 | r->address, r->errors_to, r->orcpt, r->dsn_flags); | |
059ec3d9 PH |
295 | } |
296 | ||
297 | /* Put a blank line before the headers */ | |
298 | ||
299 | fprintf(f, "\n"); | |
300 | ||
301 | /* Save the size of the file so far so we can subtract it from the final length | |
302 | to get the actual size of the headers. */ | |
303 | ||
304 | fflush(f); | |
6e3b198d | 305 | if (fstat(fd, &statbuf)) |
41313d92 | 306 | return spool_write_error(where, errmsg, US"fstat", tname, f); |
059ec3d9 PH |
307 | size_correction = statbuf.st_size; |
308 | ||
309 | /* Finally, write out the message's headers. To make it easier to read them | |
310 | in again, precede each one with the count of its length. Make the count fixed | |
311 | length to aid human eyes when debugging and arrange for it not be included in | |
312 | the size. It is followed by a space for normal headers, a flagging letter for | |
313 | various other headers, or an asterisk for old headers that have been rewritten. | |
314 | These are saved as a record for debugging. Don't included them in the message's | |
315 | size. */ | |
316 | ||
317 | for (h = header_list; h != NULL; h = h->next) | |
318 | { | |
319 | fprintf(f, "%03d%c %s", h->slen, h->type, h->text); | |
320 | size_correction += 5; | |
321 | if (h->type == '*') size_correction += h->slen; | |
322 | } | |
323 | ||
324 | /* Flush and check for any errors while writing */ | |
325 | ||
326 | if (fflush(f) != 0 || ferror(f)) | |
41313d92 | 327 | return spool_write_error(where, errmsg, US"write", tname, f); |
059ec3d9 PH |
328 | |
329 | /* Force the file's contents to be written to disk. Note that fflush() | |
330 | just pushes it out of C, and fclose() doesn't guarantee to do the write | |
331 | either. That's just the way Unix works... */ | |
332 | ||
54fc8428 | 333 | if (EXIMfsync(fileno(f)) < 0) |
41313d92 | 334 | return spool_write_error(where, errmsg, US"sync", tname, f); |
059ec3d9 PH |
335 | |
336 | /* Get the size of the file, and close it. */ | |
337 | ||
d4ff61d1 | 338 | if (fstat(fd, &statbuf) != 0) |
41313d92 | 339 | return spool_write_error(where, errmsg, US"fstat", tname, NULL); |
059ec3d9 | 340 | if (fclose(f) != 0) |
41313d92 | 341 | return spool_write_error(where, errmsg, US"close", tname, NULL); |
059ec3d9 PH |
342 | |
343 | /* Rename the file to its correct name, thereby replacing any previous | |
344 | incarnation. */ | |
345 | ||
41313d92 JH |
346 | fname = spool_fname(US"input", message_subdir, id, US"-H"); |
347 | DEBUG(D_receive|D_deliver) debug_printf("Renaming spool header file: %s\n", fname); | |
059ec3d9 | 348 | |
41313d92 JH |
349 | if (Urename(tname, fname) < 0) |
350 | return spool_write_error(where, errmsg, US"rename", tname, NULL); | |
059ec3d9 PH |
351 | |
352 | /* Linux (and maybe other OS?) does not automatically sync a directory after | |
353 | an operation like rename. We therefore have to do it forcibly ourselves in | |
354 | these cases, to make sure the file is actually accessible on disk, as opposed | |
355 | to just the data being accessible from a file in lost+found. Linux also has | |
356 | O_DIRECTORY, for opening a directory. | |
357 | ||
358 | However, it turns out that some file systems (some versions of NFS?) do not | |
359 | support directory syncing. It seems safe enough to ignore EINVAL to cope with | |
360 | these cases. One hack on top of another... but that's life. */ | |
361 | ||
362 | #ifdef NEED_SYNC_DIRECTORY | |
363 | ||
41313d92 | 364 | tname = spool_fname(US"input", message_subdir, US".", US""); |
059ec3d9 | 365 | |
41313d92 JH |
366 | # ifndef O_DIRECTORY |
367 | # define O_DIRECTORY 0 | |
368 | # endif | |
059ec3d9 | 369 | |
41313d92 JH |
370 | if ((fd = Uopen(tname, O_RDONLY|O_DIRECTORY, 0)) < 0) |
371 | return spool_write_error(where, errmsg, US"directory open", fname, NULL); | |
059ec3d9 | 372 | |
54fc8428 | 373 | if (EXIMfsync(fd) < 0 && errno != EINVAL) |
41313d92 | 374 | return spool_write_error(where, errmsg, US"directory sync", fname, NULL); |
059ec3d9 PH |
375 | |
376 | if (close(fd) < 0) | |
41313d92 | 377 | return spool_write_error(where, errmsg, US"directory close", fname, NULL); |
059ec3d9 PH |
378 | |
379 | #endif /* NEED_SYNC_DIRECTORY */ | |
380 | ||
381 | /* Return the number of characters in the headers, which is the file size, less | |
382 | the prelimary stuff, less the additional count fields on the headers. */ | |
383 | ||
384 | DEBUG(D_receive) debug_printf("Size of headers = %d\n", | |
385 | (int)(statbuf.st_size - size_correction)); | |
386 | ||
387 | return statbuf.st_size - size_correction; | |
388 | } | |
389 | ||
390 | ||
391 | #ifdef SUPPORT_MOVE_FROZEN_MESSAGES | |
392 | ||
393 | /************************************************ | |
394 | * Make a hard link * | |
395 | ************************************************/ | |
396 | ||
397 | /* Used by spool_move_message() below. Note re the use of sprintf(): the value | |
398 | of spool_directory is checked to ensure that it is less than 200 characters at | |
399 | start-up time. | |
400 | ||
401 | Arguments: | |
402 | dir base directory name | |
403 | subdir subdirectory name | |
404 | id message id | |
405 | suffix suffix to add to id | |
406 | from source directory prefix | |
407 | to destination directory prefix | |
408 | noentok if TRUE, absence of file is not an error | |
409 | ||
410 | Returns: TRUE if all went well | |
411 | FALSE, having panic logged if not | |
412 | */ | |
413 | ||
414 | static BOOL | |
415 | make_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, | |
416 | uschar *to, BOOL noentok) | |
417 | { | |
41313d92 JH |
418 | uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); |
419 | uschar * tname = spool_fname(string_sprintf("%s%s", to, dir), subdir, id, suffix); | |
420 | if (Ulink(fname, tname) < 0 && (!noentok || errno != ENOENT)) | |
059ec3d9 PH |
421 | { |
422 | log_write(0, LOG_MAIN|LOG_PANIC, "link(\"%s\", \"%s\") failed while moving " | |
41313d92 | 423 | "message: %s", fname, tname, strerror(errno)); |
059ec3d9 PH |
424 | return FALSE; |
425 | } | |
426 | return TRUE; | |
427 | } | |
428 | ||
429 | ||
430 | ||
431 | /************************************************ | |
432 | * Break a link * | |
433 | ************************************************/ | |
434 | ||
435 | /* Used by spool_move_message() below. Note re the use of sprintf(): the value | |
436 | of spool_directory is checked to ensure that it is less than 200 characters at | |
437 | start-up time. | |
438 | ||
439 | Arguments: | |
440 | dir base directory name | |
441 | subdir subdirectory name | |
442 | id message id | |
443 | suffix suffix to add to id | |
444 | from source directory prefix | |
445 | noentok if TRUE, absence of file is not an error | |
446 | ||
447 | Returns: TRUE if all went well | |
448 | FALSE, having panic logged if not | |
449 | */ | |
450 | ||
451 | static BOOL | |
452 | break_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, | |
453 | BOOL noentok) | |
454 | { | |
41313d92 JH |
455 | uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); |
456 | if (Uunlink(fname) < 0 && (!noentok || errno != ENOENT)) | |
059ec3d9 PH |
457 | { |
458 | log_write(0, LOG_MAIN|LOG_PANIC, "unlink(\"%s\") failed while moving " | |
41313d92 | 459 | "message: %s", fname, strerror(errno)); |
059ec3d9 PH |
460 | return FALSE; |
461 | } | |
462 | return TRUE; | |
463 | } | |
464 | ||
465 | ||
466 | ||
467 | /************************************************ | |
468 | * Move message files * | |
469 | ************************************************/ | |
470 | ||
471 | /* Move the files for a message (-H, -D, and msglog) from one directory (or | |
472 | hierarchy) to another. It is assume that there is no -J file in existence when | |
473 | this is done. At present, this is used only when move_frozen_messages is set, | |
474 | so compile it only when that support is configured. | |
475 | ||
476 | Arguments: | |
477 | id the id of the message to be delivered | |
478 | subdir the subdirectory name, or an empty string | |
479 | from a prefix for "input" or "msglog" for where the message is now | |
480 | to a prefix for "input" or "msglog" for where the message is to go | |
481 | ||
482 | Returns: TRUE if all is well | |
483 | FALSE if not, with error logged in panic and main logs | |
484 | */ | |
485 | ||
486 | BOOL | |
487 | spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to) | |
488 | { | |
489 | /* Create any output directories that do not exist. */ | |
490 | ||
41313d92 JH |
491 | (void) directory_make(spool_directory, |
492 | spool_sname(string_sprintf("%sinput", to), subdir), | |
493 | INPUT_DIRECTORY_MODE, TRUE); | |
494 | (void) directory_make(spool_directory, | |
495 | spool_sname(string_sprintf("%smsglog", to), subdir), | |
496 | INPUT_DIRECTORY_MODE, TRUE); | |
059ec3d9 PH |
497 | |
498 | /* Move the message by first creating new hard links for all the files, and | |
499 | then removing the old links. When moving messages onto the main spool, the -H | |
500 | file should be set up last, because that's the one that tells Exim there is a | |
501 | message to be delivered, so we create its new link last and remove its old link | |
502 | first. Programs that look at the alternate directories should follow the same | |
85ffcba6 | 503 | rule of waiting for a -H file before doing anything. When moving messages off |
059ec3d9 PH |
504 | the mail spool, the -D file should be open and locked at the time, thus keeping |
505 | Exim's hands off. */ | |
506 | ||
507 | if (!make_link(US"msglog", subdir, id, US"", from, to, TRUE) || | |
508 | !make_link(US"input", subdir, id, US"-D", from, to, FALSE) || | |
509 | !make_link(US"input", subdir, id, US"-H", from, to, FALSE)) | |
510 | return FALSE; | |
511 | ||
512 | if (!break_link(US"input", subdir, id, US"-H", from, FALSE) || | |
513 | !break_link(US"input", subdir, id, US"-D", from, FALSE) || | |
514 | !break_link(US"msglog", subdir, id, US"", from, TRUE)) | |
515 | return FALSE; | |
516 | ||
517 | log_write(0, LOG_MAIN, "moved from %sinput, %smsglog to %sinput, %smsglog", | |
518 | from, from, to, to); | |
519 | ||
520 | return TRUE; | |
521 | } | |
522 | ||
523 | #endif | |
524 | ||
525 | /* End of spool_out.c */ | |
3c8b3577 JH |
526 | /* vi: aw ai sw=2 |
527 | */ |