Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
059ec3d9 PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | /* Functions for writing spool files, and moving them about. */ | |
10 | ||
11 | ||
12 | #include "exim.h" | |
13 | ||
14 | ||
15 | ||
16 | /************************************************* | |
17 | * Deal with header writing errors * | |
18 | *************************************************/ | |
19 | ||
20 | /* This function is called immediately after errors in writing the spool, with | |
f5d25c2b | 21 | errno still set. It creates an error message, depending on the circumstances. |
059ec3d9 PH |
22 | If errmsg is NULL, it logs the message and panic-dies. Otherwise errmsg is set |
23 | to point to the message, and -1 is returned. This function makes the code of | |
24 | spool_write_header() a bit neater. | |
25 | ||
26 | Arguments: | |
27 | where SW_RECEIVING, SW_DELIVERING, or SW_MODIFYING | |
28 | errmsg where to put the message; NULL => panic-die | |
29 | s text to add to log string | |
30 | temp_name name of temp file to unlink | |
31 | f FILE to close, if not NULL | |
32 | ||
33 | Returns: -1 if errmsg is not NULL; otherwise doesn't return | |
34 | */ | |
35 | ||
36 | static int | |
37 | spool_write_error(int where, uschar **errmsg, uschar *s, uschar *temp_name, | |
38 | FILE *f) | |
39 | { | |
f5d25c2b JH |
40 | uschar *msg = where == SW_RECEIVING |
41 | ? string_sprintf("spool file %s error while receiving from %s: %s", s, | |
42 | sender_fullhost ? sender_fullhost : sender_ident, | |
43 | strerror(errno)) | |
44 | : string_sprintf("spool file %s error while %s: %s", s, | |
45 | where == SW_DELIVERING ? "delivering" : "modifying", | |
46 | strerror(errno)); | |
47 | ||
48 | if (temp_name) Uunlink(temp_name); | |
49 | if (f) (void)fclose(f); | |
50 | ||
51 | if (errmsg) | |
059ec3d9 | 52 | *errmsg = msg; |
f5d25c2b JH |
53 | else |
54 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", msg); | |
059ec3d9 PH |
55 | |
56 | return -1; | |
57 | } | |
58 | ||
59 | ||
60 | ||
61 | /************************************************* | |
62 | * Open file under temporary name * | |
63 | *************************************************/ | |
64 | ||
65 | /* This is used for opening spool files under a temporary name, | |
66 | with a single attempt at deleting if they already exist. | |
67 | ||
68 | Argument: temporary name for spool header file | |
69 | Returns: file descriptor of open file, or < 0 on failure, with errno unchanged | |
70 | */ | |
71 | ||
72 | int | |
73 | spool_open_temp(uschar *temp_name) | |
74 | { | |
75 | int fd = Uopen(temp_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); | |
76 | ||
77 | /* If the file already exists, something has gone wrong. This process may well | |
78 | have previously created the file if it is delivering more than one address, but | |
79 | it should have renamed it almost immediately. A file could, however, be left | |
80 | around as a result of a system crash, and by coincidence this process might | |
81 | have the same pid. We therefore have one go at unlinking it before giving up. | |
82 | */ | |
83 | ||
84 | if (fd < 0 && errno == EEXIST) | |
85 | { | |
86 | DEBUG(D_any) debug_printf("%s exists: unlinking\n", temp_name); | |
87 | Uunlink(temp_name); | |
88 | fd = Uopen(temp_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); | |
89 | } | |
90 | ||
91 | /* If the file has been opened, make sure the file's group is the Exim gid, and | |
92 | double-check the mode because the group setting doesn't always get set | |
93 | automatically. */ | |
94 | ||
95 | if (fd >= 0) | |
b66fecb4 | 96 | if (exim_fchown(fd, exim_uid, exim_gid, temp_name) || fchmod(fd, SPOOL_MODE)) |
1ac6b2e7 JH |
97 | { |
98 | DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name); | |
99 | (void) close(fd); fd = -1; | |
100 | Uunlink(temp_name); | |
101 | } | |
059ec3d9 PH |
102 | |
103 | return fd; | |
104 | } | |
105 | ||
106 | ||
107 | ||
f3ebb786 JH |
108 | static void |
109 | spool_var_write(FILE * fp, const uschar * name, const uschar * val) | |
110 | { | |
111 | if (is_tainted(val)) putc('-', fp); | |
112 | fprintf(fp, "-%s %s\n", name, val); | |
113 | } | |
114 | ||
059ec3d9 PH |
115 | /************************************************* |
116 | * Write the header spool file * | |
117 | *************************************************/ | |
118 | ||
119 | /* Returns the size of the file for success; zero for failure. The file is | |
120 | written under a temporary name, and then renamed. It's done this way so that it | |
121 | works with re-writing the file on message deferral as well as for the initial | |
122 | write. Whenever this function is called, the data file for the message should | |
123 | be open and locked, thus preventing any other exim process from working on this | |
124 | message. | |
125 | ||
126 | Argument: | |
127 | id the message id | |
128 | where SW_RECEIVING, SW_DELIVERING, or SW_MODIFYING | |
129 | errmsg where to put an error message; if NULL, panic-die on error | |
130 | ||
131 | Returns: the size of the header texts on success; | |
132 | negative on writing failure, unless errmsg == NULL | |
133 | */ | |
134 | ||
135 | int | |
136 | spool_write_header(uschar *id, int where, uschar **errmsg) | |
137 | { | |
138 | int fd; | |
059ec3d9 | 139 | int size_correction; |
8768d548 | 140 | FILE * fp; |
059ec3d9 | 141 | struct stat statbuf; |
41313d92 JH |
142 | uschar * tname; |
143 | uschar * fname; | |
059ec3d9 | 144 | |
cb80814d | 145 | tname = spool_fname(US"input", message_subdir, US"hdr.", message_id); |
a2da3176 | 146 | |
41313d92 | 147 | if ((fd = spool_open_temp(tname)) < 0) |
a2da3176 | 148 | return spool_write_error(where, errmsg, US"open", NULL, NULL); |
8768d548 | 149 | fp = fdopen(fd, "wb"); |
41313d92 | 150 | DEBUG(D_receive|D_deliver) debug_printf("Writing spool header file: %s\n", tname); |
059ec3d9 PH |
151 | |
152 | /* We now have an open file to which the header data is to be written. Start | |
153 | with the file's leaf name, to make the file self-identifying. Continue with the | |
154 | identity of the submitting user, followed by the sender's address. The sender's | |
155 | address is enclosed in <> because it might be the null address. Then write the | |
156 | received time and the number of warning messages that have been sent. */ | |
157 | ||
8768d548 JH |
158 | fprintf(fp, "%s-H\n", message_id); |
159 | fprintf(fp, "%.63s %ld %ld\n", originator_login, (long int)originator_uid, | |
059ec3d9 | 160 | (long int)originator_gid); |
8768d548 JH |
161 | fprintf(fp, "<%s>\n", sender_address); |
162 | fprintf(fp, "%d %d\n", (int)received_time.tv_sec, warning_count); | |
32dfdf8b | 163 | |
8768d548 | 164 | fprintf(fp, "-received_time_usec .%06d\n", (int)received_time.tv_usec); |
059ec3d9 PH |
165 | |
166 | /* If there is information about a sending host, remember it. The HELO | |
167 | data can be set for local SMTP as well as remote. */ | |
168 | ||
f3ebb786 | 169 | if (sender_helo_name) spool_var_write(fp, US"helo_name", sender_helo_name); |
059ec3d9 | 170 | |
32dfdf8b | 171 | if (sender_host_address) |
059ec3d9 | 172 | { |
f3ebb786 | 173 | if (is_tainted(sender_host_address)) putc('-', fp); |
8768d548 | 174 | fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port); |
32dfdf8b | 175 | if (sender_host_name) |
f3ebb786 | 176 | spool_var_write(fp, US"host_name", sender_host_name); |
32dfdf8b | 177 | if (sender_host_authenticated) |
f3ebb786 | 178 | spool_var_write(fp, US"host_auth", sender_host_authenticated); |
059ec3d9 PH |
179 | } |
180 | ||
181 | /* Also about the interface a message came in on */ | |
182 | ||
32dfdf8b | 183 | if (interface_address) |
f3ebb786 JH |
184 | { |
185 | if (is_tainted(interface_address)) putc('-', fp); | |
8768d548 | 186 | fprintf(fp, "-interface_address %s.%d\n", interface_address, interface_port); |
f3ebb786 | 187 | } |
8e669ac1 | 188 | |
1f5b4c3d | 189 | if (smtp_active_hostname != primary_hostname) |
f3ebb786 | 190 | spool_var_write(fp, US"active_hostname", smtp_active_hostname); |
059ec3d9 PH |
191 | |
192 | /* Likewise for any ident information; for local messages this is | |
193 | likely to be the same as originator_login, but will be different if | |
194 | the originator was root, forcing a different ident. */ | |
195 | ||
f3ebb786 JH |
196 | if (sender_ident) |
197 | spool_var_write(fp, US"ident", sender_ident); | |
059ec3d9 PH |
198 | |
199 | /* Ditto for the received protocol */ | |
200 | ||
32dfdf8b | 201 | if (received_protocol) |
f3ebb786 | 202 | spool_var_write(fp, US"received_protocol", received_protocol); |
059ec3d9 | 203 | |
38a0a95f | 204 | /* Preserve any ACL variables that are set. */ |
059ec3d9 | 205 | |
8768d548 JH |
206 | tree_walk(acl_var_c, &acl_var_write, fp); |
207 | tree_walk(acl_var_m, &acl_var_write, fp); | |
059ec3d9 PH |
208 | |
209 | /* Now any other data that needs to be remembered. */ | |
210 | ||
8768d548 JH |
211 | if (f.spool_file_wireformat) |
212 | fprintf(fp, "-spool_file_wireformat\n"); | |
328c5688 | 213 | else |
8768d548 JH |
214 | fprintf(fp, "-body_linecount %d\n", body_linecount); |
215 | fprintf(fp, "-max_received_linelength %d\n", max_received_linelength); | |
059ec3d9 | 216 | |
8768d548 | 217 | if (body_zerocount > 0) fprintf(fp, "-body_zerocount %d\n", body_zerocount); |
059ec3d9 | 218 | |
32dfdf8b | 219 | if (authenticated_id) |
f3ebb786 | 220 | spool_var_write(fp, US"auth_id", authenticated_id); |
32dfdf8b | 221 | if (authenticated_sender) |
f3ebb786 | 222 | spool_var_write(fp, US"auth_sender", authenticated_sender); |
8768d548 JH |
223 | |
224 | if (f.allow_unqualified_recipient) fprintf(fp, "-allow_unqualified_recipient\n"); | |
225 | if (f.allow_unqualified_sender) fprintf(fp, "-allow_unqualified_sender\n"); | |
226 | if (f.deliver_firsttime) fprintf(fp, "-deliver_firsttime\n"); | |
227 | if (f.deliver_freeze) fprintf(fp, "-frozen " TIME_T_FMT "\n", deliver_frozen_at); | |
228 | if (f.dont_deliver) fprintf(fp, "-N\n"); | |
229 | if (host_lookup_deferred) fprintf(fp, "-host_lookup_deferred\n"); | |
230 | if (host_lookup_failed) fprintf(fp, "-host_lookup_failed\n"); | |
231 | if (f.sender_local) fprintf(fp, "-local\n"); | |
232 | if (f.local_error_message) fprintf(fp, "-localerror\n"); | |
9723f966 | 233 | #ifdef HAVE_LOCAL_SCAN |
f3ebb786 | 234 | if (local_scan_data) spool_var_write(fp, US"local_scan", local_scan_data); |
9723f966 | 235 | #endif |
8523533c | 236 | #ifdef WITH_CONTENT_SCAN |
f3ebb786 JH |
237 | if (spam_bar) spool_var_write(fp, US"spam_bar", spam_bar); |
238 | if (spam_score) spool_var_write(fp, US"spam_score", spam_score); | |
239 | if (spam_score_int) spool_var_write(fp, US"spam_score_int", spam_score_int); | |
8523533c | 240 | #endif |
8768d548 JH |
241 | if (f.deliver_manual_thaw) fprintf(fp, "-manual_thaw\n"); |
242 | if (f.sender_set_untrusted) fprintf(fp, "-sender_set_untrusted\n"); | |
059ec3d9 | 243 | |
8523533c | 244 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
f3ebb786 | 245 | if (bmi_verdicts) spool_var_write(fp, US"bmi_verdicts", bmi_verdicts); |
8523533c TK |
246 | #endif |
247 | ||
01603eec | 248 | #ifndef DISABLE_TLS |
8768d548 | 249 | if (tls_in.certificate_verified) fprintf(fp, "-tls_certificate_verified\n"); |
f3ebb786 | 250 | if (tls_in.cipher) spool_var_write(fp, US"tls_cipher", tls_in.cipher); |
9d1c15ef JH |
251 | if (tls_in.peercert) |
252 | { | |
2944124c HSHR |
253 | if (tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert)) |
254 | fprintf(fp, "--tls_peercert %s\n", CS big_buffer); | |
9d1c15ef | 255 | } |
f3ebb786 JH |
256 | if (tls_in.peerdn) spool_var_write(fp, US"tls_peerdn", string_printing(tls_in.peerdn)); |
257 | if (tls_in.sni) spool_var_write(fp, US"tls_sni", string_printing(tls_in.sni)); | |
9d1c15ef JH |
258 | if (tls_in.ourcert) |
259 | { | |
2944124c HSHR |
260 | if (tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert)) |
261 | fprintf(fp, "-tls_ourcert %s\n", CS big_buffer); | |
9d1c15ef | 262 | } |
8768d548 | 263 | if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp); |
b10c87b3 JH |
264 | # ifdef EXPERIMENTAL_TLS_RESUME |
265 | fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption); | |
266 | # endif | |
da40b1ec | 267 | if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver); |
7be682ca | 268 | #endif |
059ec3d9 | 269 | |
8c5d388a | 270 | #ifdef SUPPORT_I18N |
3c8b3577 JH |
271 | if (message_smtputf8) |
272 | { | |
8768d548 | 273 | fprintf(fp, "-smtputf8\n"); |
3c8b3577 | 274 | if (message_utf8_downconvert) |
8768d548 | 275 | fprintf(fp, "-utf8_%sdowncvt\n", message_utf8_downconvert < 0 ? "opt" : ""); |
3c8b3577 | 276 | } |
7ade712c JH |
277 | #endif |
278 | ||
6c1c3d1d | 279 | /* Write the dsn flags to the spool header file */ |
df98a6ff | 280 | DEBUG(D_deliver) debug_printf("DSN: Write SPOOL: -dsn_envid %s\n", dsn_envid); |
8768d548 | 281 | if (dsn_envid) fprintf(fp, "-dsn_envid %s\n", dsn_envid); |
df98a6ff | 282 | DEBUG(D_deliver) debug_printf("DSN: Write SPOOL :-dsn_ret %d\n", dsn_ret); |
8768d548 | 283 | if (dsn_ret) fprintf(fp, "-dsn_ret %d\n", dsn_ret); |
6c1c3d1d | 284 | |
059ec3d9 PH |
285 | /* To complete the envelope, write out the tree of non-recipients, followed by |
286 | the list of recipients. These won't be disjoint the first time, when no | |
287 | checking has been done. If a recipient is a "one-time" alias, it is followed by | |
288 | a space and its parent address number (pno). */ | |
289 | ||
8768d548 JH |
290 | tree_write(tree_nonrecipients, fp); |
291 | fprintf(fp, "%d\n", recipients_count); | |
d7978c0f | 292 | for (int i = 0; i < recipients_count; i++) |
059ec3d9 PH |
293 | { |
294 | recipient_item *r = recipients_list + i; | |
6e3b198d | 295 | |
df98a6ff | 296 | DEBUG(D_deliver) debug_printf("DSN: Flags: 0x%x\n", r->dsn_flags); |
6e3b198d | 297 | |
df98a6ff | 298 | if (r->pno < 0 && !r->errors_to && r->dsn_flags == 0) |
8768d548 | 299 | fprintf(fp, "%s\n", r->address); |
059ec3d9 PH |
300 | else |
301 | { | |
6e3b198d | 302 | uschar * errors_to = r->errors_to ? r->errors_to : US""; |
6c1c3d1d | 303 | /* for DSN SUPPORT extend exim 4 spool in a compatible way by |
6e3b198d JH |
304 | adding new values upfront and add flag 0x02 */ |
305 | uschar * orcpt = r->orcpt ? r->orcpt : US""; | |
306 | ||
8768d548 | 307 | fprintf(fp, "%s %s %d,%d %s %d,%d#3\n", r->address, orcpt, Ustrlen(orcpt), |
6e3b198d | 308 | r->dsn_flags, errors_to, Ustrlen(errors_to), r->pno); |
059ec3d9 | 309 | } |
94431adb | 310 | |
6e3b198d | 311 | DEBUG(D_deliver) debug_printf("DSN: **** SPOOL_OUT - " |
df98a6ff | 312 | "address: <%s> errorsto: <%s> orcpt: <%s> dsn_flags: 0x%x\n", |
6e3b198d | 313 | r->address, r->errors_to, r->orcpt, r->dsn_flags); |
059ec3d9 PH |
314 | } |
315 | ||
316 | /* Put a blank line before the headers */ | |
317 | ||
8768d548 | 318 | fprintf(fp, "\n"); |
059ec3d9 PH |
319 | |
320 | /* Save the size of the file so far so we can subtract it from the final length | |
321 | to get the actual size of the headers. */ | |
322 | ||
8768d548 | 323 | fflush(fp); |
6e3b198d | 324 | if (fstat(fd, &statbuf)) |
8768d548 | 325 | return spool_write_error(where, errmsg, US"fstat", tname, fp); |
059ec3d9 PH |
326 | size_correction = statbuf.st_size; |
327 | ||
328 | /* Finally, write out the message's headers. To make it easier to read them | |
329 | in again, precede each one with the count of its length. Make the count fixed | |
330 | length to aid human eyes when debugging and arrange for it not be included in | |
331 | the size. It is followed by a space for normal headers, a flagging letter for | |
332 | various other headers, or an asterisk for old headers that have been rewritten. | |
333 | These are saved as a record for debugging. Don't included them in the message's | |
334 | size. */ | |
335 | ||
d7978c0f | 336 | for (header_line * h = header_list; h; h = h->next) |
059ec3d9 | 337 | { |
8768d548 | 338 | fprintf(fp, "%03d%c %s", h->slen, h->type, h->text); |
059ec3d9 PH |
339 | size_correction += 5; |
340 | if (h->type == '*') size_correction += h->slen; | |
341 | } | |
342 | ||
343 | /* Flush and check for any errors while writing */ | |
344 | ||
8768d548 JH |
345 | if (fflush(fp) != 0 || ferror(fp)) |
346 | return spool_write_error(where, errmsg, US"write", tname, fp); | |
059ec3d9 PH |
347 | |
348 | /* Force the file's contents to be written to disk. Note that fflush() | |
349 | just pushes it out of C, and fclose() doesn't guarantee to do the write | |
350 | either. That's just the way Unix works... */ | |
351 | ||
8768d548 JH |
352 | if (EXIMfsync(fileno(fp)) < 0) |
353 | return spool_write_error(where, errmsg, US"sync", tname, fp); | |
059ec3d9 PH |
354 | |
355 | /* Get the size of the file, and close it. */ | |
356 | ||
d4ff61d1 | 357 | if (fstat(fd, &statbuf) != 0) |
41313d92 | 358 | return spool_write_error(where, errmsg, US"fstat", tname, NULL); |
8768d548 | 359 | if (fclose(fp) != 0) |
41313d92 | 360 | return spool_write_error(where, errmsg, US"close", tname, NULL); |
059ec3d9 PH |
361 | |
362 | /* Rename the file to its correct name, thereby replacing any previous | |
363 | incarnation. */ | |
364 | ||
41313d92 JH |
365 | fname = spool_fname(US"input", message_subdir, id, US"-H"); |
366 | DEBUG(D_receive|D_deliver) debug_printf("Renaming spool header file: %s\n", fname); | |
059ec3d9 | 367 | |
41313d92 JH |
368 | if (Urename(tname, fname) < 0) |
369 | return spool_write_error(where, errmsg, US"rename", tname, NULL); | |
059ec3d9 PH |
370 | |
371 | /* Linux (and maybe other OS?) does not automatically sync a directory after | |
372 | an operation like rename. We therefore have to do it forcibly ourselves in | |
373 | these cases, to make sure the file is actually accessible on disk, as opposed | |
374 | to just the data being accessible from a file in lost+found. Linux also has | |
375 | O_DIRECTORY, for opening a directory. | |
376 | ||
377 | However, it turns out that some file systems (some versions of NFS?) do not | |
378 | support directory syncing. It seems safe enough to ignore EINVAL to cope with | |
379 | these cases. One hack on top of another... but that's life. */ | |
380 | ||
381 | #ifdef NEED_SYNC_DIRECTORY | |
382 | ||
41313d92 | 383 | tname = spool_fname(US"input", message_subdir, US".", US""); |
059ec3d9 | 384 | |
41313d92 JH |
385 | # ifndef O_DIRECTORY |
386 | # define O_DIRECTORY 0 | |
387 | # endif | |
059ec3d9 | 388 | |
41313d92 JH |
389 | if ((fd = Uopen(tname, O_RDONLY|O_DIRECTORY, 0)) < 0) |
390 | return spool_write_error(where, errmsg, US"directory open", fname, NULL); | |
059ec3d9 | 391 | |
54fc8428 | 392 | if (EXIMfsync(fd) < 0 && errno != EINVAL) |
41313d92 | 393 | return spool_write_error(where, errmsg, US"directory sync", fname, NULL); |
059ec3d9 PH |
394 | |
395 | if (close(fd) < 0) | |
41313d92 | 396 | return spool_write_error(where, errmsg, US"directory close", fname, NULL); |
059ec3d9 PH |
397 | |
398 | #endif /* NEED_SYNC_DIRECTORY */ | |
399 | ||
400 | /* Return the number of characters in the headers, which is the file size, less | |
4c04137d | 401 | the preliminary stuff, less the additional count fields on the headers. */ |
059ec3d9 PH |
402 | |
403 | DEBUG(D_receive) debug_printf("Size of headers = %d\n", | |
404 | (int)(statbuf.st_size - size_correction)); | |
405 | ||
406 | return statbuf.st_size - size_correction; | |
407 | } | |
408 | ||
409 | ||
059ec3d9 PH |
410 | /************************************************ |
411 | * Make a hard link * | |
412 | ************************************************/ | |
413 | ||
414 | /* Used by spool_move_message() below. Note re the use of sprintf(): the value | |
415 | of spool_directory is checked to ensure that it is less than 200 characters at | |
416 | start-up time. | |
417 | ||
418 | Arguments: | |
419 | dir base directory name | |
fc7bae7f | 420 | dq destiinationqueue name |
059ec3d9 PH |
421 | subdir subdirectory name |
422 | id message id | |
423 | suffix suffix to add to id | |
424 | from source directory prefix | |
425 | to destination directory prefix | |
426 | noentok if TRUE, absence of file is not an error | |
427 | ||
428 | Returns: TRUE if all went well | |
429 | FALSE, having panic logged if not | |
430 | */ | |
431 | ||
432 | static BOOL | |
fc7bae7f JH |
433 | make_link(uschar *dir, uschar * dq, uschar *subdir, uschar *id, uschar *suffix, |
434 | uschar *from, uschar *to, BOOL noentok) | |
059ec3d9 | 435 | { |
41313d92 | 436 | uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); |
fc7bae7f | 437 | uschar * tname = spool_q_fname(string_sprintf("%s%s", to, dir), dq, subdir, id, suffix); |
41313d92 | 438 | if (Ulink(fname, tname) < 0 && (!noentok || errno != ENOENT)) |
059ec3d9 PH |
439 | { |
440 | log_write(0, LOG_MAIN|LOG_PANIC, "link(\"%s\", \"%s\") failed while moving " | |
41313d92 | 441 | "message: %s", fname, tname, strerror(errno)); |
059ec3d9 PH |
442 | return FALSE; |
443 | } | |
444 | return TRUE; | |
445 | } | |
446 | ||
447 | ||
448 | ||
449 | /************************************************ | |
450 | * Break a link * | |
451 | ************************************************/ | |
452 | ||
453 | /* Used by spool_move_message() below. Note re the use of sprintf(): the value | |
454 | of spool_directory is checked to ensure that it is less than 200 characters at | |
455 | start-up time. | |
456 | ||
457 | Arguments: | |
458 | dir base directory name | |
459 | subdir subdirectory name | |
460 | id message id | |
461 | suffix suffix to add to id | |
462 | from source directory prefix | |
463 | noentok if TRUE, absence of file is not an error | |
464 | ||
465 | Returns: TRUE if all went well | |
466 | FALSE, having panic logged if not | |
467 | */ | |
468 | ||
469 | static BOOL | |
470 | break_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, | |
471 | BOOL noentok) | |
472 | { | |
41313d92 JH |
473 | uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); |
474 | if (Uunlink(fname) < 0 && (!noentok || errno != ENOENT)) | |
059ec3d9 PH |
475 | { |
476 | log_write(0, LOG_MAIN|LOG_PANIC, "unlink(\"%s\") failed while moving " | |
41313d92 | 477 | "message: %s", fname, strerror(errno)); |
059ec3d9 PH |
478 | return FALSE; |
479 | } | |
480 | return TRUE; | |
481 | } | |
482 | ||
483 | ||
484 | ||
485 | /************************************************ | |
486 | * Move message files * | |
487 | ************************************************/ | |
488 | ||
489 | /* Move the files for a message (-H, -D, and msglog) from one directory (or | |
490 | hierarchy) to another. It is assume that there is no -J file in existence when | |
bc062cd5 | 491 | this is done. |
059ec3d9 PH |
492 | |
493 | Arguments: | |
494 | id the id of the message to be delivered | |
495 | subdir the subdirectory name, or an empty string | |
496 | from a prefix for "input" or "msglog" for where the message is now | |
497 | to a prefix for "input" or "msglog" for where the message is to go | |
498 | ||
499 | Returns: TRUE if all is well | |
500 | FALSE if not, with error logged in panic and main logs | |
501 | */ | |
502 | ||
503 | BOOL | |
504 | spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to) | |
505 | { | |
fc7bae7f JH |
506 | uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name; |
507 | ||
059ec3d9 PH |
508 | /* Create any output directories that do not exist. */ |
509 | ||
41313d92 | 510 | (void) directory_make(spool_directory, |
fc7bae7f | 511 | spool_q_sname(string_sprintf("%sinput", to), dest_qname, subdir), |
41313d92 JH |
512 | INPUT_DIRECTORY_MODE, TRUE); |
513 | (void) directory_make(spool_directory, | |
fc7bae7f | 514 | spool_q_sname(string_sprintf("%smsglog", to), dest_qname, subdir), |
41313d92 | 515 | INPUT_DIRECTORY_MODE, TRUE); |
059ec3d9 PH |
516 | |
517 | /* Move the message by first creating new hard links for all the files, and | |
518 | then removing the old links. When moving messages onto the main spool, the -H | |
519 | file should be set up last, because that's the one that tells Exim there is a | |
520 | message to be delivered, so we create its new link last and remove its old link | |
521 | first. Programs that look at the alternate directories should follow the same | |
85ffcba6 | 522 | rule of waiting for a -H file before doing anything. When moving messages off |
059ec3d9 PH |
523 | the mail spool, the -D file should be open and locked at the time, thus keeping |
524 | Exim's hands off. */ | |
525 | ||
fc7bae7f JH |
526 | if (!make_link(US"msglog", dest_qname, subdir, id, US"", from, to, TRUE) || |
527 | !make_link(US"input", dest_qname, subdir, id, US"-D", from, to, FALSE) || | |
528 | !make_link(US"input", dest_qname, subdir, id, US"-H", from, to, FALSE)) | |
059ec3d9 PH |
529 | return FALSE; |
530 | ||
531 | if (!break_link(US"input", subdir, id, US"-H", from, FALSE) || | |
532 | !break_link(US"input", subdir, id, US"-D", from, FALSE) || | |
533 | !break_link(US"msglog", subdir, id, US"", from, TRUE)) | |
534 | return FALSE; | |
535 | ||
fc7bae7f JH |
536 | log_write(0, LOG_MAIN, "moved from %s%s%s%sinput, %smsglog to %s%s%s%sinput, %smsglog", |
537 | *queue_name?"(":"", *queue_name?queue_name:US"", *queue_name?") ":"", | |
538 | from, from, | |
539 | *dest_qname?"(":"", *dest_qname?dest_qname:US"", *dest_qname?") ":"", | |
540 | to, to); | |
059ec3d9 PH |
541 | |
542 | return TRUE; | |
543 | } | |
544 | ||
059ec3d9 PH |
545 | |
546 | /* End of spool_out.c */ | |
3c8b3577 JH |
547 | /* vi: aw ai sw=2 |
548 | */ |