[exim.git] / src / src / exim_lock.c

/* A program to lock a file exactly as Exim would, for investigation of
interlocking problems.

Options:  -fcntl    use fcntl() lock
          -flock    use flock() lock
          -lockfile use lock file
          -mbx      use mbx locking rules, with either fcntl() or flock()

Default is -fcntl -lockfile.

Argument: the name of the lock file
*/

#include "os.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <errno.h>
#include <time.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
#include <utime.h>
#include <sys/utsname.h>
#include <sys/stat.h>
#include <sys/file.h>
#include <pwd.h>

/* Not all systems have flock() available. Those that do must define LOCK_SH
in sys/file.h. */

#ifndef LOCK_SH
#define NO_FLOCK
#endif


typedef int BOOL;
#define FALSE 0
#define TRUE  1


/* Flag for timeout signal handler */

static int sigalrm_seen = FALSE;


/* We need to pull in strerror() and os_non_restarting_signal() from the
os.c source, if they are required for this OS. However, we don't need any of
the other stuff in os.c, so force the other macros to omit it. */

#ifndef OS_RESTARTING_SIGNAL
  #define OS_RESTARTING_SIGNAL
#endif

#ifndef OS_STRSIGNAL
  #define OS_STRSIGNAL
#endif

#ifndef OS_STREXIT
  #define OS_STREXIT
#endif

#ifndef OS_LOAD_AVERAGE
  #define OS_LOAD_AVERAGE
#endif

#ifndef FIND_RUNNING_INTERFACES
  #define FIND_RUNNING_INTERFACES
#endif

#include "../src/os.c"


/*************************************************
*             Timeout handler                    *
*************************************************/

static void
sigalrm_handler(int sig)
{
sig = sig;      /* Keep picky compilers happy */
sigalrm_seen = TRUE;
}


/*************************************************
*           Give usage and die                   *
*************************************************/

static void
usage(void)
{
printf("usage: exim_lock [-v] [-q] [-lockfile] [-fcntl] [-flock] [-mbx]\n"
       "       [-retries <n>] [-interval <n>] [-timeout <n>] [-restore-times]\n"
       "       <file name> [command]\n");
exit(1);
}


/*************************************************
*         Apply a lock to a file descriptor      *
*************************************************/

static int
apply_lock(int fd, int fcntltype, BOOL dofcntl, int fcntltime, BOOL doflock,
    int flocktime)
{
int yield = 0;
int save_errno;
struct flock lock_data;
lock_data.l_type = fcntltype;
lock_data.l_whence = lock_data.l_start = lock_data.l_len = 0;

sigalrm_seen = FALSE;

if (dofcntl)
  {
  if (fcntltime > 0)
    {
    os_non_restarting_signal(SIGALRM, sigalrm_handler);
    alarm(fcntltime);
    yield = fcntl(fd, F_SETLKW, &lock_data);
    save_errno = errno;
    alarm(0);
    errno = save_errno;
    }
  else yield = fcntl(fd, F_SETLK, &lock_data);
  if (yield < 0) printf("exim_lock: fcntl() failed: %s\n", strerror(errno));
  }

#ifndef NO_FLOCK
if (doflock && (yield >= 0))
  {
  int flocktype = (fcntltype == F_WRLCK)? LOCK_EX : LOCK_SH;
  if (flocktime > 0)
    {
    os_non_restarting_signal(SIGALRM, sigalrm_handler);
    alarm(flocktime);
    yield = flock(fd, flocktype);
    save_errno = errno;
    alarm(0);
    errno = save_errno;
    }
  else yield = flock(fd, flocktype | LOCK_NB);
  if (yield < 0) printf("exim_lock: flock() failed: %s\n", strerror(errno));
  }
#endif

return yield;
}


/*************************************************
*           The exim_lock program                *
*************************************************/

int main(int argc, char **argv)
{
int  lock_retries = 10;
int  lock_interval = 3;
int  lock_fcntl_timeout = 0;
int  lock_flock_timeout = 0;
int  i, j, len;
int  fd = -1;
int  hd = -1;
int  md = -1;
int  yield = 0;
int  now = time(NULL);
BOOL use_lockfile = FALSE;
BOOL use_fcntl = FALSE;
BOOL use_flock = FALSE;
BOOL use_mbx = FALSE;
BOOL verbose = FALSE;
BOOL quiet = FALSE;
BOOL restore_times = FALSE;
char *filename;
char *lockname = NULL, *hitchname = NULL;
char *primary_hostname;
const char *command;
struct utsname s;
char buffer[256];
char tempname[256];

/* Decode options */

for (i = 1; i < argc; i++)
  {
  char *arg = argv[i];
  if (*arg != '-') break;
  if (strcmp(arg, "-fcntl") == 0) use_fcntl = TRUE;
  else if (strcmp(arg, "-flock") == 0) use_flock = TRUE;
  else if (strcmp(arg, "-lockfile") == 0) use_lockfile = TRUE;
  else if (strcmp(arg, "-mbx") == 0) use_mbx = TRUE;
  else if (strcmp(arg, "-v") == 0) verbose = TRUE;
  else if (strcmp(arg, "-q") == 0) quiet = TRUE;
  else if (strcmp(arg, "-restore-times") == 0) restore_times = TRUE;
  else if (++i < argc)
    {
    int value = atoi(argv[i]);
    if (strcmp(arg, "-retries") == 0) lock_retries = value;
    else if (strcmp(arg, "-interval") == 0) lock_interval = value;
    else if (strcmp(arg, "-timeout") == 0)
      lock_fcntl_timeout = lock_flock_timeout = value;
    else usage();
    }
  else usage();
  }

if (quiet) verbose = 0;

/* Can't use flock() if the OS doesn't provide it */

#ifdef NO_FLOCK
if (use_flock)
  {
  printf("exim_lock: can't use flock() because it was not available in the\n"
         "           operating system when exim_lock was compiled\n");
  exit(1);
  }
#endif

/* Default is to use lockfiles and fcntl(). */

if (!use_lockfile && !use_fcntl && !use_flock && !use_mbx)
  use_lockfile = use_fcntl = TRUE;

/* Default fcntl() for use with mbx */

if (use_mbx && !use_fcntl && !use_flock) use_fcntl = TRUE;

/* Unset unused timeouts */

if (!use_fcntl) lock_fcntl_timeout = 0;
if (!use_flock) lock_flock_timeout = 0;

/* A file name is required */

if (i >= argc) usage();

filename = argv[i++];

/* Expand file names starting with ~ */

if (*filename == '~')
  {
  struct passwd *pw;

  if (*(++filename) == '/')
    pw = getpwuid(getuid());
  else
    {
    char *s = buffer;
    while (*filename != 0 && *filename != '/')
      *s++ = *filename++;
    *s = 0;
    pw = getpwnam(buffer);
    }

  if (pw == NULL)
    {
    printf("exim_lock: unable to expand file name %s\n", argv[i-1]);
    exit(1);
    }

  if ((int)strlen(pw->pw_dir) + (int)strlen(filename) + 1 > sizeof(buffer))
    {
    printf("exim_lock: expanded file name %s%s is too long", pw->pw_dir,
      filename);
    exit(1);
    }

  strcpy(buffer, pw->pw_dir);
  strcat(buffer, filename);
  filename = buffer;
  }

/* If using a lock file, prepare by creating the lock file name and
the hitching post name. */

if (use_lockfile)
  {
  if (uname(&s) < 0)
    {
    printf("exim_lock: failed to find host name using uname()\n");
    exit(1);
    }
  primary_hostname = s.nodename;

  len = (int)strlen(filename);
  lockname = malloc(len + 8);
  sprintf(lockname, "%s.lock", filename);
  hitchname = malloc(len + 32 + (int)strlen(primary_hostname));
  sprintf(hitchname, "%s.%s.%08x.%08x", lockname, primary_hostname,
    now, (int)getpid());

  if (verbose)
    printf("exim_lock: lockname =  %s\n           hitchname = %s\n", lockname,
      hitchname);
  }

/* Locking retry loop */

for (j = 0; j < lock_retries; j++)
  {
  int sleep_before_retry = TRUE;
  struct stat statbuf, ostatbuf, lstatbuf, statbuf2;
  int mbx_tmp_oflags;

  /* Try to build a lock file if so configured */

  if (use_lockfile)
    {
    int rc;
    if (verbose) printf("exim_lock: creating lock file\n");
    hd = open(hitchname, O_WRONLY | O_CREAT | O_EXCL, 0440);
    if (hd < 0)
      {
      printf("exim_lock: failed to create hitching post %s: %s\n", hitchname,
        strerror(errno));
      exit(1);
      }

    /* Apply hitching post algorithm. */

    if ((rc = link(hitchname, lockname)) != 0) fstat(hd, &statbuf);
    (void)close(hd);
    unlink(hitchname);

    if (rc != 0 && statbuf.st_nlink != 2)
      {
      printf("exim_lock: failed to link hitching post to lock file\n");
      hd = -1;
      goto RETRY;
      }

    if (!quiet) printf("exim_lock: lock file successfully created\n");
    }

  /* We are done if no other locking required. */

  if (!use_fcntl && !use_flock && !use_mbx) break;

  /* Open the file for writing. */

  fd = open(filename, O_RDWR + O_APPEND);
  if (fd < 0)
    {
    printf("exim_lock: failed to open %s for writing: %s\n", filename,
      strerror(errno));
    yield = 1;
    goto CLEAN_UP;
    }

  /* If there is a timeout, implying blocked locking, we don't want to
  sleep before any retries after this. */

  if (lock_fcntl_timeout > 0 || lock_flock_timeout > 0)
    sleep_before_retry = FALSE;

  /* Lock using fcntl. There are pros and cons to using a blocking call vs
  a non-blocking call and retries. Exim is non-blocking by default, but setting
  a timeout changes it to blocking. */

  if (!use_mbx && (use_fcntl || use_flock))
    {
    if (apply_lock(fd, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
        lock_flock_timeout) >= 0)
      {
      if (!quiet)
        {
        if (use_fcntl) printf("exim_lock: fcntl() lock successfully applied\n");
        if (use_flock) printf("exim_lock: flock() lock successfully applied\n");
        }
      break;
      }
    else goto RETRY;   /* Message already output */
    }

  /* Lock using MBX rules. This is complicated and is documented with the
  source of the c-client library that goes with Pine and IMAP. What has to
  be done to interwork correctly is to take out a shared lock on the mailbox,
  and an exclusive lock on a /tmp file. */

  else
    {
    if (apply_lock(fd, F_RDLCK, use_fcntl, lock_fcntl_timeout, use_flock,
        lock_flock_timeout) >= 0)
      {
      if (!quiet)
        {
        if (use_fcntl)
          printf("exim_lock: fcntl() read lock successfully applied\n");
        if (use_flock)
          printf("exim_lock: fcntl() read lock successfully applied\n");
        }
      }
    else goto RETRY;   /* Message already output */

    if (fstat(fd, &statbuf) < 0)
      {
      printf("exim_lock: fstat() of %s failed: %s\n", filename,
        strerror(errno));
      yield = 1;
      goto CLEAN_UP;
      }

    /* Set up file in /tmp and check its state if already existing. */

    sprintf(tempname, "/tmp/.%lx.%lx", (long)statbuf.st_dev,
      (long)statbuf.st_ino);

    if (lstat(tempname, &statbuf) >= 0)
      {
      if ((statbuf.st_mode & S_IFMT) == S_IFLNK)
        {
        printf("exim_lock: symbolic link on lock name %s\n", tempname);
        yield = 1;
        goto CLEAN_UP;
        }
      if (statbuf.st_nlink > 1)
        {
        printf("exim_lock: hard link to lock name %s\n", tempname);
        yield = 1;
        goto CLEAN_UP;
        }
      }

    mbx_tmp_oflags = O_RDWR | O_CREAT;
#ifdef O_NOFOLLOW
    mbx_tmp_oflags |= O_NOFOLLOW;
#endif
    md = open(tempname, mbx_tmp_oflags, 0600);
    if (md < 0)
      {
      printf("exim_lock: failed to create mbx lock file %s: %s\n",
        tempname, strerror(errno));
      goto CLEAN_UP;
      }

    /* security fixes from 2010-05 */
    if (lstat(tempname, &lstatbuf) < 0)
      {
      printf("exim_lock: failed to lstat(%s) after opening it: %s\n",
          tempname, strerror(errno));
      goto CLEAN_UP;
      }
    if (fstat(md, &statbuf2) < 0)
      {
      printf("exim_lock: failed to fstat() open fd of \"%s\": %s\n",
          tempname, strerror(errno));
      goto CLEAN_UP;
      }
    if ((statbuf2.st_nlink > 1) ||
        (lstatbuf.st_nlink > 1) ||
        (!S_ISREG(lstatbuf.st_mode)) ||
        (lstatbuf.st_dev != statbuf2.st_dev) ||
        (lstatbuf.st_ino != statbuf2.st_ino))
      {
      printf("exim_lock: race condition exploited against us when "
          "locking \"%s\"\n", tempname);
      goto CLEAN_UP;
      }

    (void)chmod(tempname, 0600);

    if (apply_lock(md, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
        lock_flock_timeout) >= 0)
      {
      if (!quiet)
        {
        if (use_fcntl)
          printf("exim_lock: fcntl() lock successfully applied to mbx "
            "lock file %s\n", tempname);
        if (use_flock)
          printf("exim_lock: flock() lock successfully applied to mbx "
            "lock file %s\n", tempname);
        }

      /* This test checks for a race condition */

      if (lstat(tempname, &statbuf) != 0 ||
          fstat(md, &ostatbuf) != 0 ||
          statbuf.st_dev != ostatbuf.st_dev ||
          statbuf.st_ino != ostatbuf.st_ino)
       {
       if (!quiet) printf("exim_lock: mbx lock file %s changed between "
           "creation and locking\n", tempname);
       goto RETRY;
       }
      else break;
      }
    else goto RETRY;   /* Message already output */
    }

  /* Clean up before retrying */

  RETRY:

  if (md >= 0)
    {
    if (close(md) < 0)
      printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
    else
      if (!quiet) printf("exim_lock: %s closed\n", tempname);
    md = -1;
    }

  if (fd >= 0)
    {
    if (close(fd) < 0)
      printf("exim_lock: close failed: %s\n", strerror(errno));
    else
      if (!quiet) printf("exim_lock: file closed\n");
    fd = -1;
    }

  if (hd >= 0)
    {
    if (unlink(lockname) < 0)
      printf("exim_lock: unlink of %s failed: %s\n", lockname, strerror(errno));
    else
      if (!quiet) printf("exim_lock: lock file removed\n");
    hd = -1;
    }

  /* If a blocking call timed out, break the retry loop if the total time
  so far is not less than than retries * interval. */

  if (sigalrm_seen &&
      (j + 1) * ((lock_fcntl_timeout > lock_flock_timeout)?
        lock_fcntl_timeout : lock_flock_timeout) >=
          lock_retries * lock_interval)
    j = lock_retries;

  /* Wait a bit before retrying, except when it was a blocked fcntl() that
  caused the problem. */

  if (j < lock_retries && sleep_before_retry)
    {
    printf(" ... waiting\n");
    sleep(lock_interval);
    }
  }

if (j >= lock_retries)
  {
  printf("exim_lock: locking failed too many times\n");
  yield = 1;
  goto CLEAN_UP;
  }

if (!quiet) printf("exim_lock: locking %s succeeded: ", filename);

/* If there are no further arguments, run the user's shell; otherwise
the next argument is a command to run. */

if (i >= argc)
  {
  command = getenv("SHELL");
  if (command == NULL || *command == 0) command = "/bin/sh";
  if (!quiet) printf("running %s ...\n", command);
  }
else
  {
  command = argv[i];
  if (!quiet) printf("running the command ...\n");
  }

/* Run the command, saving and restoring the times if required. */

if (restore_times)
  {
  struct stat strestore;
  struct utimbuf ut;
  stat(filename, &strestore);
  (void)system(command);
  ut.actime = strestore.st_atime;
  ut.modtime = strestore.st_mtime;
  utime(filename, &ut);
  }
else (void)system(command);

/* Remove the locks and exit. Unlink the /tmp file if we can get an exclusive
lock on the mailbox. This should be a non-blocking lock call, as there is no
point in waiting. */

CLEAN_UP:

if (md >= 0)
  {
  if (apply_lock(fd, F_WRLCK, use_fcntl, 0, use_flock, 0) >= 0)
    {
    if (!quiet) printf("exim_lock: %s unlinked - no sharers\n", tempname);
    unlink(tempname);
    }
  else if (!quiet)
    printf("exim_lock: %s not unlinked - unable to get exclusive mailbox lock\n",
      tempname);
  if (close(md) < 0)
    printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
  else
    if (!quiet) printf("exim_lock: %s closed\n", tempname);
  }

if (fd >= 0)
  {
  if (close(fd) < 0)
    printf("exim_lock: close %s failed: %s\n", filename, strerror(errno));
  else
    if (!quiet) printf("exim_lock: %s closed\n", filename);
  }

if (hd >= 0)
  {
  if (unlink(lockname) < 0)
    printf("exim_lock: unlink %s failed: %s\n", lockname, strerror(errno));
  else
    if (!quiet) printf("exim_lock: lock file removed\n");
  }

return yield;
}

/* End */
Commit	Line	Data
059ec3d9 PH	1	/* A program to lock a file exactly as Exim would, for investigation of
	2	interlocking problems.
	3
	4	Options: -fcntl use fcntl() lock
	5	-flock use flock() lock
	6	-lockfile use lock file
	7	-mbx use mbx locking rules, with either fcntl() or flock()
	8
	9	Default is -fcntl -lockfile.
	10
	11	Argument: the name of the lock file
	12	*/
	13
	14	#include "os.h"
	15
	16	#include <stdio.h>
	17	#include <stdlib.h>
	18	#include <string.h>
	19	#include <signal.h>
	20	#include <errno.h>
	21	#include <time.h>
	22	#include <netdb.h>
	23	#include <fcntl.h>
	24	#include <unistd.h>
	25	#include <utime.h>
	26	#include <sys/utsname.h>
	27	#include <sys/stat.h>
	28	#include <sys/file.h>
	29	#include <pwd.h>
	30
	31	/* Not all systems have flock() available. Those that do must define LOCK_SH
	32	in sys/file.h. */
	33
	34	#ifndef LOCK_SH
	35	#define NO_FLOCK
	36	#endif
	37
	38
	39	typedef int BOOL;
	40	#define FALSE 0
	41	#define TRUE 1
	42
	43
	44	/* Flag for timeout signal handler */
	45
	46	static int sigalrm_seen = FALSE;
	47
	48
	49	/* We need to pull in strerror() and os_non_restarting_signal() from the
	50	os.c source, if they are required for this OS. However, we don't need any of
	51	the other stuff in os.c, so force the other macros to omit it. */
	52
	53	#ifndef OS_RESTARTING_SIGNAL
	54	#define OS_RESTARTING_SIGNAL
	55	#endif
	56
	57	#ifndef OS_STRSIGNAL
	58	#define OS_STRSIGNAL
	59	#endif
	60
	61	#ifndef OS_STREXIT
	62	#define OS_STREXIT
	63	#endif
	64
65	#ifndef OS_LOAD_AVERAGE
66	#define OS_LOAD_AVERAGE
67	#endif
68
69	#ifndef FIND_RUNNING_INTERFACES
70	#define FIND_RUNNING_INTERFACES
71	#endif
72
73	#include "../src/os.c"
74
75
76
77	/*************************************************
78	* Timeout handler *
79	*************************************************/
80
81	static void
82	sigalrm_handler(int sig)
83	{
84	sig = sig; /* Keep picky compilers happy */
85	sigalrm_seen = TRUE;
86	}
87
88
89
90	/*************************************************
91	* Give usage and die *
92	*************************************************/
93
94	static void
95	usage(void)
96	{
97	printf("usage: exim_lock [-v] [-q] [-lockfile] [-fcntl] [-flock] [-mbx]\n"
98	" [-retries <n>] [-interval <n>] [-timeout <n>] [-restore-times]\n"
99	" <file name> [command]\n");
100	exit(1);
101	}
102
103
104
105	/*************************************************
106	* Apply a lock to a file descriptor *
107	*************************************************/
108
109	static int
110	apply_lock(int fd, int fcntltype, BOOL dofcntl, int fcntltime, BOOL doflock,
111	int flocktime)
112	{
113	int yield = 0;
114	int save_errno;
115	struct flock lock_data;
116	lock_data.l_type = fcntltype;
117	lock_data.l_whence = lock_data.l_start = lock_data.l_len = 0;
118
119	sigalrm_seen = FALSE;
120
121	if (dofcntl)
122	{
123	if (fcntltime > 0)
124	{
125	os_non_restarting_signal(SIGALRM, sigalrm_handler);
126	alarm(fcntltime);
127	yield = fcntl(fd, F_SETLKW, &lock_data);
128	save_errno = errno;
129	alarm(0);
130	errno = save_errno;
131	}
132	else yield = fcntl(fd, F_SETLK, &lock_data);
133	if (yield < 0) printf("exim_lock: fcntl() failed: %s\n", strerror(errno));
134	}
135
136	#ifndef NO_FLOCK
137	if (doflock && (yield >= 0))
138	{
139	int flocktype = (fcntltype == F_WRLCK)? LOCK_EX : LOCK_SH;
140	if (flocktime > 0)
141	{
142	os_non_restarting_signal(SIGALRM, sigalrm_handler);
143	alarm(flocktime);
144	yield = flock(fd, flocktype);
145	save_errno = errno;
146	alarm(0);
147	errno = save_errno;
148	}
149	else yield = flock(fd, flocktype \| LOCK_NB);
150	if (yield < 0) printf("exim_lock: flock() failed: %s\n", strerror(errno));
151	}
152	#endif
153
154	return yield;
155	}
156
157
158
159	/*************************************************
160	* The exim_lock program *
161	*************************************************/
162
163	int main(int argc, char **argv)
164	{
165	int lock_retries = 10;
166	int lock_interval = 3;
167	int lock_fcntl_timeout = 0;
168	int lock_flock_timeout = 0;
169	int i, j, len;
170	int fd = -1;
171	int hd = -1;
172	int md = -1;
173	int yield = 0;
174	int now = time(NULL);
175	BOOL use_lockfile = FALSE;
176	BOOL use_fcntl = FALSE;
177	BOOL use_flock = FALSE;
178	BOOL use_mbx = FALSE;
179	BOOL verbose = FALSE;
180	BOOL quiet = FALSE;
181	BOOL restore_times = FALSE;
182	char *filename;
183	char lockname = NULL, hitchname = NULL;
1ba28e2b PP	184	char *primary_hostname;
1ba28e2b PP	185	const char *command;
059ec3d9 PH	186	struct utsname s;
	187	char buffer[256];
	188	char tempname[256];
	189
	190	/* Decode options */
	191
	192	for (i = 1; i < argc; i++)
	193	{
	194	char *arg = argv[i];
	195	if (*arg != '-') break;
	196	if (strcmp(arg, "-fcntl") == 0) use_fcntl = TRUE;
	197	else if (strcmp(arg, "-flock") == 0) use_flock = TRUE;
	198	else if (strcmp(arg, "-lockfile") == 0) use_lockfile = TRUE;
	199	else if (strcmp(arg, "-mbx") == 0) use_mbx = TRUE;
	200	else if (strcmp(arg, "-v") == 0) verbose = TRUE;
	201	else if (strcmp(arg, "-q") == 0) quiet = TRUE;
	202	else if (strcmp(arg, "-restore-times") == 0) restore_times = TRUE;
	203	else if (++i < argc)
	204	{
	205	int value = atoi(argv[i]);
	206	if (strcmp(arg, "-retries") == 0) lock_retries = value;
	207	else if (strcmp(arg, "-interval") == 0) lock_interval = value;
	208	else if (strcmp(arg, "-timeout") == 0)
	209	lock_fcntl_timeout = lock_flock_timeout = value;
	210	else usage();
	211	}
	212	else usage();
	213	}
	214
	215	if (quiet) verbose = 0;
	216
	217	/* Can't use flock() if the OS doesn't provide it */
	218
	219	#ifdef NO_FLOCK
	220	if (use_flock)
	221	{
	222	printf("exim_lock: can't use flock() because it was not available in the\n"
	223	" operating system when exim_lock was compiled\n");
	224	exit(1);
	225	}
	226	#endif
	227
	228	/* Default is to use lockfiles and fcntl(). */
	229
	230	if (!use_lockfile && !use_fcntl && !use_flock && !use_mbx)
	231	use_lockfile = use_fcntl = TRUE;
	232
	233	/* Default fcntl() for use with mbx */
	234
	235	if (use_mbx && !use_fcntl && !use_flock) use_fcntl = TRUE;
	236
	237	/* Unset unused timeouts */
	238
	239	if (!use_fcntl) lock_fcntl_timeout = 0;
	240	if (!use_flock) lock_flock_timeout = 0;
	241
	242	/* A file name is required */
	243
	244	if (i >= argc) usage();
	245
	246	filename = argv[i++];
	247
	248	/* Expand file names starting with ~ */
	249
250	if (*filename == '~')
251	{
252	struct passwd *pw;
253
254	if (*(++filename) == '/')
255	pw = getpwuid(getuid());
256	else
257	{
258	char *s = buffer;
259	while (filename != 0 && filename != '/')
260	s++ = filename++;
261	*s = 0;
262	pw = getpwnam(buffer);
263	}
264
265	if (pw == NULL)
266	{
267	printf("exim_lock: unable to expand file name %s\n", argv[i-1]);
268	exit(1);
269	}
270
271	if ((int)strlen(pw->pw_dir) + (int)strlen(filename) + 1 > sizeof(buffer))
272	{
273	printf("exim_lock: expanded file name %s%s is too long", pw->pw_dir,
274	filename);
275	exit(1);
276	}
277
278	strcpy(buffer, pw->pw_dir);
279	strcat(buffer, filename);
280	filename = buffer;
281	}
282
283	/* If using a lock file, prepare by creating the lock file name and
284	the hitching post name. */
285
286	if (use_lockfile)
287	{
288	if (uname(&s) < 0)
289	{
290	printf("exim_lock: failed to find host name using uname()\n");
291	exit(1);
292	}
293	primary_hostname = s.nodename;
294
295	len = (int)strlen(filename);
296	lockname = malloc(len + 8);
297	sprintf(lockname, "%s.lock", filename);
298	hitchname = malloc(len + 32 + (int)strlen(primary_hostname));
299	sprintf(hitchname, "%s.%s.%08x.%08x", lockname, primary_hostname,
300	now, (int)getpid());
301
302	if (verbose)
303	printf("exim_lock: lockname = %s\n hitchname = %s\n", lockname,
304	hitchname);
305	}
306
307	/* Locking retry loop */
308
309	for (j = 0; j < lock_retries; j++)
310	{
311	int sleep_before_retry = TRUE;
bf83d8d3 PP	312	struct stat statbuf, ostatbuf, lstatbuf, statbuf2;
bf83d8d3 PP	313	int mbx_tmp_oflags;
059ec3d9 PH	314
	315	/* Try to build a lock file if so configured */
	316
	317	if (use_lockfile)
	318	{
	319	int rc;
	320	if (verbose) printf("exim_lock: creating lock file\n");
	321	hd = open(hitchname, O_WRONLY \| O_CREAT \| O_EXCL, 0440);
	322	if (hd < 0)
	323	{
	324	printf("exim_lock: failed to create hitching post %s: %s\n", hitchname,
	325	strerror(errno));
	326	exit(1);
	327	}
	328
	329	/* Apply hitching post algorithm. */
	330
	331	if ((rc = link(hitchname, lockname)) != 0) fstat(hd, &statbuf);
f1e894f3	332	(void)close(hd);
059ec3d9 PH	333	unlink(hitchname);
	334
	335	if (rc != 0 && statbuf.st_nlink != 2)
	336	{
	337	printf("exim_lock: failed to link hitching post to lock file\n");
	338	hd = -1;
	339	goto RETRY;
	340	}
	341
	342	if (!quiet) printf("exim_lock: lock file successfully created\n");
	343	}
	344
	345	/* We are done if no other locking required. */
	346
	347	if (!use_fcntl && !use_flock && !use_mbx) break;
	348
	349	/* Open the file for writing. */
	350
	351	fd = open(filename, O_RDWR + O_APPEND);
	352	if (fd < 0)
	353	{
	354	printf("exim_lock: failed to open %s for writing: %s\n", filename,
	355	strerror(errno));
	356	yield = 1;
	357	goto CLEAN_UP;
	358	}
	359
	360	/* If there is a timeout, implying blocked locking, we don't want to
	361	sleep before any retries after this. */
	362
	363	if (lock_fcntl_timeout > 0 \|\| lock_flock_timeout > 0)
	364	sleep_before_retry = FALSE;
	365
	366	/* Lock using fcntl. There are pros and cons to using a blocking call vs
	367	a non-blocking call and retries. Exim is non-blocking by default, but setting
	368	a timeout changes it to blocking. */
	369
	370	if (!use_mbx && (use_fcntl \|\| use_flock))
	371	{
	372	if (apply_lock(fd, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
	373	lock_flock_timeout) >= 0)
	374	{
	375	if (!quiet)
	376	{
	377	if (use_fcntl) printf("exim_lock: fcntl() lock successfully applied\n");
	378	if (use_flock) printf("exim_lock: flock() lock successfully applied\n");
	379	}
	380	break;
	381	}
	382	else goto RETRY; /* Message already output */
	383	}
	384
	385	/* Lock using MBX rules. This is complicated and is documented with the
	386	source of the c-client library that goes with Pine and IMAP. What has to
	387	be done to interwork correctly is to take out a shared lock on the mailbox,
	388	and an exclusive lock on a /tmp file. */
	389
	390	else
	391	{
	392	if (apply_lock(fd, F_RDLCK, use_fcntl, lock_fcntl_timeout, use_flock,
	393	lock_flock_timeout) >= 0)
	394	{
	395	if (!quiet)
	396	{
397	if (use_fcntl)
398	printf("exim_lock: fcntl() read lock successfully applied\n");
399	if (use_flock)
400	printf("exim_lock: fcntl() read lock successfully applied\n");
401	}
402	}
403	else goto RETRY; /* Message already output */
404
405	if (fstat(fd, &statbuf) < 0)
406	{
407	printf("exim_lock: fstat() of %s failed: %s\n", filename,
408	strerror(errno));
409	yield = 1;
410	goto CLEAN_UP;
411	}
412
413	/* Set up file in /tmp and check its state if already existing. */
414
415	sprintf(tempname, "/tmp/.%lx.%lx", (long)statbuf.st_dev,
416	(long)statbuf.st_ino);
417
418	if (lstat(tempname, &statbuf) >= 0)
419	{
420	if ((statbuf.st_mode & S_IFMT) == S_IFLNK)
421	{
422	printf("exim_lock: symbolic link on lock name %s\n", tempname);
423	yield = 1;
424	goto CLEAN_UP;
425	}
426	if (statbuf.st_nlink > 1)
427	{
428	printf("exim_lock: hard link to lock name %s\n", tempname);
429	yield = 1;
430	goto CLEAN_UP;
431	}
432	}
433
bf83d8d3 PP	434	mbx_tmp_oflags = O_RDWR \| O_CREAT;
	435	#ifdef O_NOFOLLOW
	436	mbx_tmp_oflags \|= O_NOFOLLOW;
	437	#endif
	438	md = open(tempname, mbx_tmp_oflags, 0600);
059ec3d9 PH	439	if (md < 0)
	440	{
	441	printf("exim_lock: failed to create mbx lock file %s: %s\n",
	442	tempname, strerror(errno));
	443	goto CLEAN_UP;
bf83d8d3 PP	444	}
	445
	446	/* security fixes from 2010-05 */
	447	if (lstat(tempname, &lstatbuf) < 0)
	448	{
	449	printf("exim_lock: failed to lstat(%s) after opening it: %s\n",
	450	tempname, strerror(errno));
	451	goto CLEAN_UP;
	452	}
	453	if (fstat(md, &statbuf2) < 0)
	454	{
	455	printf("exim_lock: failed to fstat() open fd of \"%s\": %s\n",
	456	tempname, strerror(errno));
	457	goto CLEAN_UP;
	458	}
	459	if ((statbuf2.st_nlink > 1) \|\|
	460	(lstatbuf.st_nlink > 1) \|\|
	461	(!S_ISREG(lstatbuf.st_mode)) \|\|
	462	(lstatbuf.st_dev != statbuf2.st_dev) \|\|
	463	(lstatbuf.st_ino != statbuf2.st_ino))
	464	{
	465	printf("exim_lock: race condition exploited against us when "
	466	"locking \"%s\"\n", tempname);
	467	goto CLEAN_UP;
059ec3d9 PH	468	}
059ec3d9 PH	469
ff790e47	470	(void)chmod(tempname, 0600);
059ec3d9 PH	471
	472	if (apply_lock(md, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
	473	lock_flock_timeout) >= 0)
	474	{
	475	if (!quiet)
	476	{
	477	if (use_fcntl)
	478	printf("exim_lock: fcntl() lock successfully applied to mbx "
	479	"lock file %s\n", tempname);
	480	if (use_flock)
	481	printf("exim_lock: flock() lock successfully applied to mbx "
	482	"lock file %s\n", tempname);
	483	}
	484
	485	/* This test checks for a race condition */
	486
	487	if (lstat(tempname, &statbuf) != 0 \|\|
	488	fstat(md, &ostatbuf) != 0 \|\|
	489	statbuf.st_dev != ostatbuf.st_dev \|\|
	490	statbuf.st_ino != ostatbuf.st_ino)
	491	{
	492	if (!quiet) printf("exim_lock: mbx lock file %s changed between "
	493	"creation and locking\n", tempname);
	494	goto RETRY;
	495	}
	496	else break;
	497	}
	498	else goto RETRY; /* Message already output */
	499	}
	500
	501	/* Clean up before retrying */
	502
	503	RETRY:
	504
	505	if (md >= 0)
	506	{
	507	if (close(md) < 0)
	508	printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
	509	else
	510	if (!quiet) printf("exim_lock: %s closed\n", tempname);
	511	md = -1;
	512	}
	513
	514	if (fd >= 0)
	515	{
	516	if (close(fd) < 0)
	517	printf("exim_lock: close failed: %s\n", strerror(errno));
	518	else
	519	if (!quiet) printf("exim_lock: file closed\n");
	520	fd = -1;
	521	}
	522
	523	if (hd >= 0)
	524	{
	525	if (unlink(lockname) < 0)
	526	printf("exim_lock: unlink of %s failed: %s\n", lockname, strerror(errno));
	527	else
	528	if (!quiet) printf("exim_lock: lock file removed\n");
	529	hd = -1;
	530	}
	531
	532	/* If a blocking call timed out, break the retry loop if the total time
	533	so far is not less than than retries * interval. */
	534
535	if (sigalrm_seen &&
536	(j + 1) * ((lock_fcntl_timeout > lock_flock_timeout)?
537	lock_fcntl_timeout : lock_flock_timeout) >=
538	lock_retries * lock_interval)
539	j = lock_retries;
540
541	/* Wait a bit before retrying, except when it was a blocked fcntl() that
542	caused the problem. */
543
544	if (j < lock_retries && sleep_before_retry)
545	{
546	printf(" ... waiting\n");
547	sleep(lock_interval);
548	}
549	}
550
551	if (j >= lock_retries)
552	{
553	printf("exim_lock: locking failed too many times\n");
554	yield = 1;
555	goto CLEAN_UP;
556	}
557
558	if (!quiet) printf("exim_lock: locking %s succeeded: ", filename);
559
560	/* If there are no further arguments, run the user's shell; otherwise
561	the next argument is a command to run. */
562
563	if (i >= argc)
564	{
565	command = getenv("SHELL");
566	if (command == NULL \|\| *command == 0) command = "/bin/sh";
567	if (!quiet) printf("running %s ...\n", command);
568	}
569	else
570	{
571	command = argv[i];
572	if (!quiet) printf("running the command ...\n");
573	}
574
575	/* Run the command, saving and restoring the times if required. */
576
577	if (restore_times)
578	{
579	struct stat strestore;
580	struct utimbuf ut;
581	stat(filename, &strestore);
ff790e47	582	(void)system(command);
059ec3d9 PH	583	ut.actime = strestore.st_atime;
	584	ut.modtime = strestore.st_mtime;
	585	utime(filename, &ut);
	586	}
ff790e47	587	else (void)system(command);
059ec3d9 PH	588
	589	/* Remove the locks and exit. Unlink the /tmp file if we can get an exclusive
	590	lock on the mailbox. This should be a non-blocking lock call, as there is no
	591	point in waiting. */
	592
	593	CLEAN_UP:
	594
	595	if (md >= 0)
	596	{
	597	if (apply_lock(fd, F_WRLCK, use_fcntl, 0, use_flock, 0) >= 0)
	598	{
	599	if (!quiet) printf("exim_lock: %s unlinked - no sharers\n", tempname);
	600	unlink(tempname);
	601	}
	602	else if (!quiet)
	603	printf("exim_lock: %s not unlinked - unable to get exclusive mailbox lock\n",
	604	tempname);
	605	if (close(md) < 0)
	606	printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
	607	else
	608	if (!quiet) printf("exim_lock: %s closed\n", tempname);
	609	}
	610
	611	if (fd >= 0)
	612	{
	613	if (close(fd) < 0)
	614	printf("exim_lock: close %s failed: %s\n", filename, strerror(errno));
	615	else
	616	if (!quiet) printf("exim_lock: %s closed\n", filename);
	617	}
	618
	619	if (hd >= 0)
	620	{
	621	if (unlink(lockname) < 0)
	622	printf("exim_lock: unlink %s failed: %s\n", lockname, strerror(errno));
	623	else
	624	if (!quiet) printf("exim_lock: lock file removed\n");
	625	}
	626
	627	return yield;
	628	}
	629
	630	/* End */