1 /* 2 * Copyright (c) 1998-2009, 2011, 2012, 2014 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 #include <sm/sem.h> 16 17 SM_RCSID("@(#)$Id: queue.c,v 8.1000 2013-11-22 20:51:56 ca Exp $") 18 19 #include <sm/sendmail.h> 20 #include <dirent.h> 21 #if _FFR_DMTRIGGER 22 # include <sm/notify.h> 23 #endif 24 25 #define RELEASE_QUEUE (void) 0 26 #define ST_INODE(st) (st).st_ino 27 28 #define sm_file_exists(errno) ((errno) == EEXIST) 29 30 #if HASFLOCK && defined(O_EXLOCK) 31 # define SM_OPEN_EXLOCK 1 32 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL|O_EXLOCK) 33 #else 34 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL) 35 #endif 36 37 #ifndef SM_OPEN_EXLOCK 38 # define SM_OPEN_EXLOCK 0 39 #endif 40 41 /* 42 ** Historical notes: 43 ** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY 44 ** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY 45 ** QF_VERSION == 6 was sendmail 8.12 without _FFR_QUEUEDELAY 46 ** QF_VERSION == 7 was sendmail 8.12 with _FFR_QUEUEDELAY 47 ** QF_VERSION == 8 is sendmail 8.13 48 */ 49 50 /* XREF: op.me: QUEUE FILE FORMAT: V */ 51 #define QF_VERSION 8 /* version number of this queue format */ 52 53 static char queue_letter __P((ENVELOPE *, int)); 54 static bool quarantine_queue_item __P((int, int, ENVELOPE *, char *)); 55 56 /* Naming convention: qgrp: index of queue group, qg: QUEUEGROUP */ 57 58 /* 59 ** Work queue. 60 */ 61 62 struct work 63 { 64 char *w_name; /* name of control file */ 65 char *w_host; /* name of recipient host */ 66 bool w_lock; /* is message locked? */ 67 bool w_tooyoung; /* is it too young to run? */ 68 long w_pri; /* priority of message, see below */ 69 time_t w_ctime; /* creation time */ 70 time_t w_mtime; /* modification time */ 71 int w_qgrp; /* queue group located in */ 72 int w_qdir; /* queue directory located in */ 73 struct work *w_next; /* next in queue */ 74 }; 75 76 typedef struct work WORK; 77 78 static WORK *WorkQ; /* queue of things to be done */ 79 static int NumWorkGroups; /* number of work groups */ 80 static time_t Current_LA_time = 0; 81 82 /* Get new load average every 30 seconds. */ 83 #define GET_NEW_LA_TIME 30 84 85 #define SM_GET_LA(now) \ 86 do \ 87 { \ 88 now = curtime(); \ 89 if (Current_LA_time < now - GET_NEW_LA_TIME) \ 90 { \ 91 sm_getla(); \ 92 Current_LA_time = now; \ 93 } \ 94 } while (0) 95 96 /* 97 ** DoQueueRun indicates that a queue run is needed. 98 ** Notice: DoQueueRun is modified in a signal handler! 99 */ 100 101 static bool volatile DoQueueRun; /* non-interrupt time queue run needed */ 102 103 /* 104 ** Work group definition structure. 105 ** Each work group contains one or more queue groups. This is done 106 ** to manage the number of queue group runners active at the same time 107 ** to be within the constraints of MaxQueueChildren (if it is set). 108 ** The number of queue groups that can be run on the next work run 109 ** is kept track of. The queue groups are run in a round robin. 110 */ 111 112 struct workgrp 113 { 114 int wg_numqgrp; /* number of queue groups in work grp */ 115 int wg_runners; /* total runners */ 116 int wg_curqgrp; /* current queue group */ 117 QUEUEGRP **wg_qgs; /* array of queue groups */ 118 int wg_maxact; /* max # of active runners */ 119 time_t wg_lowqintvl; /* lowest queue interval */ 120 int wg_restart; /* needs restarting? */ 121 int wg_restartcnt; /* count of times restarted */ 122 }; 123 124 typedef struct workgrp WORKGRP; 125 126 static WORKGRP volatile WorkGrp[MAXWORKGROUPS + 1]; /* work groups */ 127 128 #if SM_HEAP_CHECK 129 static SM_DEBUG_T DebugLeakQ = SM_DEBUG_INITIALIZER("leak_q", 130 "@(#)$Debug: leak_q - trace memory leaks during queue processing $"); 131 #endif 132 133 static void grow_wlist __P((int, int)); 134 static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *)); 135 static int gatherq __P((int, int, bool, bool *, bool *, int *)); 136 static int sortq __P((int)); 137 static void printctladdr __P((ADDRESS *, SM_FILE_T *)); 138 static bool readqf __P((ENVELOPE *, bool)); 139 static void restart_work_group __P((int)); 140 static void runner_work __P((ENVELOPE *, int, bool, int, int)); 141 static void schedule_queue_runs __P((bool, int, bool)); 142 static char *strrev __P((char *)); 143 static ADDRESS *setctluser __P((char *, int, ENVELOPE *)); 144 #if _FFR_RHS 145 static int sm_strshufflecmp __P((char *, char *)); 146 static void init_shuffle_alphabet __P(()); 147 #endif 148 149 static int workcmpf0 __P((const void *, const void *)); 150 static int workcmpf1 __P((const void *, const void *)); 151 static int workcmpf2 __P((const void *, const void *)); 152 static int workcmpf3 __P((const void *, const void *)); 153 static int workcmpf4 __P((const void *, const void *)); 154 static int randi = 3; /* index for workcmpf5() */ 155 static int workcmpf5 __P((const void *, const void *)); 156 static int workcmpf6 __P((const void *, const void *)); 157 #if _FFR_RHS 158 static int workcmpf7 __P((const void *, const void *)); 159 #endif 160 161 #if RANDOMSHIFT 162 # define get_rand_mod(m) ((get_random() >> RANDOMSHIFT) % (m)) 163 #else 164 # define get_rand_mod(m) (get_random() % (m)) 165 #endif 166 167 /* 168 ** File system definition. 169 ** Used to keep track of how much free space is available 170 ** on a file system in which one or more queue directories reside. 171 */ 172 173 typedef struct filesys_shared FILESYS; 174 175 struct filesys_shared 176 { 177 dev_t fs_dev; /* unique device id */ 178 long fs_avail; /* number of free blocks available */ 179 long fs_blksize; /* block size, in bytes */ 180 }; 181 182 /* probably kept in shared memory */ 183 static FILESYS FileSys[MAXFILESYS]; /* queue file systems */ 184 static const char *FSPath[MAXFILESYS]; /* pathnames for file systems */ 185 186 #if SM_CONF_SHM 187 # include <ratectrl.h> 188 189 /* 190 ** Shared memory data 191 ** 192 ** Current layout: 193 ** size -- size of shared memory segment 194 ** pid -- pid of owner, should be a unique id to avoid misinterpretations 195 ** by other processes. 196 ** tag -- should be a unique id to avoid misinterpretations by others. 197 ** idea: hash over configuration data that will be stored here. 198 ** NumFileSys -- number of file systems. 199 ** FileSys -- (array of) structure for used file systems. 200 ** RSATmpCnt -- counter for number of uses of ephemeral RSA key. 201 ** [OCC -- ...] 202 ** QShm -- (array of) structure for information about queue directories. 203 ** this must be last as the size is depending on the config. 204 */ 205 206 /* 207 ** Queue data in shared memory 208 */ 209 210 typedef struct queue_shared QUEUE_SHM_T; 211 212 struct queue_shared 213 { 214 int qs_entries; /* number of entries */ 215 /* XXX more to follow? */ 216 }; 217 218 static void *Pshm; /* pointer to shared memory */ 219 static FILESYS *PtrFileSys; /* pointer to queue file system array */ 220 int ShmId = SM_SHM_NO_ID; /* shared memory id */ 221 static QUEUE_SHM_T *QShm; /* pointer to shared queue data */ 222 static size_t shms; 223 224 # define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int)) 225 # define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int)) 226 # define SHM_OFF_HEAD (sizeof(pid_t) + sizeof(int) * 2) 227 228 /* how to access FileSys */ 229 # define FILE_SYS(i) (PtrFileSys[i]) 230 231 /* first entry is a tag, for now just the size */ 232 # define OFF_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD) 233 234 /* offset for PNumFileSys */ 235 # define OFF_NUM_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys)) 236 237 /* offset for PRSATmpCnt */ 238 # define OFF_RSA_TMP_CNT(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int)) 239 int *PRSATmpCnt; 240 241 # if _FFR_OCC 242 # define OFF_OCC_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2) 243 # define OCC_SIZE (sizeof(CHash_T) * CPMHSIZE) 244 static CHash_T *occ = NULL; 245 # else 246 # define OCC_SIZE 0 247 # endif 248 249 /* offset for queue_shm */ 250 # define OFF_QUEUE_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2 + OCC_SIZE) 251 252 # define QSHM_ENTRIES(i) QShm[i].qs_entries 253 254 /* basic size of shared memory segment */ 255 # define SM_T_SIZE (SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2 + OCC_SIZE) 256 257 static unsigned int hash_q __P((char *, unsigned int)); 258 259 /* 260 ** HASH_Q -- simple hash function 261 ** 262 ** Parameters: 263 ** p -- string to hash. 264 ** h -- hash start value (from previous run). 265 ** 266 ** Returns: 267 ** hash value. 268 */ 269 270 static unsigned int 271 hash_q(p, h) 272 char *p; 273 unsigned int h; 274 { 275 int c, d; 276 277 while (*p != '\0') 278 { 279 d = *p++; 280 c = d; 281 c ^= c<<6; 282 h += (c<<11) ^ (c>>1); 283 h ^= (d<<14) + (d<<7) + (d<<4) + d; 284 } 285 return h; 286 } 287 288 #else /* SM_CONF_SHM */ 289 # define FILE_SYS(i) FileSys[i] 290 #endif /* SM_CONF_SHM */ 291 292 /* access to the various components of file system data */ 293 #define FILE_SYS_NAME(i) FSPath[i] 294 #define FILE_SYS_AVAIL(i) FILE_SYS(i).fs_avail 295 #define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize 296 #define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev 297 298 299 /* 300 ** Current qf file field assignments: 301 ** 302 ** A AUTH= parameter 303 ** B body type 304 ** C controlling user 305 ** D data file name (obsolete) 306 ** d data file directory name (added in 8.12) 307 ** E error recipient 308 ** F flag bits 309 ** H header 310 ** I data file's inode number 311 ** K time of last delivery attempt 312 ** L Solaris Content-Length: header (obsolete) 313 ** M message 314 ** N number of delivery attempts 315 ** P message priority 316 ** q quarantine reason 317 ** Q original recipient (ORCPT=) 318 ** r final recipient (Final-Recipient: DSN field) 319 ** R recipient 320 ** S sender 321 ** T init time 322 ** V queue file version 323 ** X free (was: character set if _FFR_SAVE_CHARSET) 324 ** Z original envelope id from ESMTP 325 ** ! deliver by (added in 8.12) 326 ** $ define macro 327 ** . terminate file 328 */ 329 330 /* 331 ** QUEUEUP -- queue a message up for future transmission. 332 ** 333 ** Parameters: 334 ** e -- the envelope to queue up. 335 ** flags -- QUP_FL_*: 336 ** QUP_FL_ANNOUNCE -- tell when queueing up. 337 ** QUP_FL_MSYNC -- fsync() if SuperSafe interactive mode. 338 ** QUP_FL_UNLOCK -- invoke unlockqueue(). 339 ** 340 ** Returns: 341 ** none. 342 ** 343 ** Side Effects: 344 ** The current request is saved in a control file. 345 ** The queue file is left locked. 346 */ 347 348 void 349 queueup(e, flags) 350 register ENVELOPE *e; 351 unsigned int flags; 352 { 353 register SM_FILE_T *tfp; 354 register HDR *h; 355 register ADDRESS *q; 356 int tfd = -1; 357 int i; 358 bool newid; 359 register char *p; 360 MAILER nullmailer; 361 MCI mcibuf; 362 char qf[MAXPATHLEN]; 363 char tf[MAXPATHLEN]; 364 char df[MAXPATHLEN]; 365 char buf[MAXLINE]; 366 367 /* 368 ** Create control file. 369 */ 370 371 #define OPEN_TF do \ 372 { \ 373 MODE_T oldumask = 0; \ 374 \ 375 if (bitset(S_IWGRP, QueueFileMode)) \ 376 oldumask = umask(002); \ 377 tfd = open(tf, TF_OPEN_FLAGS, QueueFileMode); \ 378 if (bitset(S_IWGRP, QueueFileMode)) \ 379 (void) umask(oldumask); \ 380 } while (0) 381 #define QUP_ANNOUNCE bitset(QUP_FL_ANNOUNCE, flags) 382 #define QUP_MSYNC bitset(QUP_FL_MSYNC, flags) 383 #define QUP_UNLOCK bitset(QUP_FL_UNLOCK, flags) 384 385 newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags); 386 (void) sm_strlcpy(tf, queuename(e, NEWQFL_LETTER), sizeof(tf)); 387 tfp = e->e_lockfp; 388 if (tfp == NULL && newid) 389 { 390 /* 391 ** open qf file directly: this will give an error if the file 392 ** already exists and hence prevent problems if a queue-id 393 ** is reused (e.g., because the clock is set back). 394 */ 395 396 (void) sm_strlcpy(tf, queuename(e, ANYQFL_LETTER), sizeof(tf)); 397 OPEN_TF; 398 if (tfd < 0 || 399 #if !SM_OPEN_EXLOCK 400 !lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB) || 401 #endif 402 (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 403 (void *) &tfd, SM_IO_WRONLY, 404 NULL)) == NULL) 405 { 406 int save_errno = errno; 407 408 printopenfds(true); 409 errno = save_errno; 410 syserr("!queueup: cannot create queue file %s, euid=%ld, fd=%d, fp=%p", 411 tf, (long) geteuid(), tfd, (void *)tfp); 412 /* NOTREACHED */ 413 } 414 e->e_lockfp = tfp; 415 upd_qs(e, 1, 0, "queueup"); 416 } 417 418 /* if newid, write the queue file directly (instead of temp file) */ 419 if (!newid) 420 { 421 /* get a locked tf file */ 422 for (i = 0; i < 128; i++) 423 { 424 if (tfd < 0) 425 { 426 OPEN_TF; 427 if (tfd < 0) 428 { 429 if (errno != EEXIST) 430 break; 431 if (LogLevel > 0 && (i % 32) == 0) 432 sm_syslog(LOG_ALERT, e->e_id, 433 "queueup: cannot create %s, euid=%ld: %s", 434 tf, (long) geteuid(), 435 sm_errstring(errno)); 436 } 437 #if SM_OPEN_EXLOCK 438 else 439 break; 440 #endif 441 } 442 if (tfd >= 0) 443 { 444 #if SM_OPEN_EXLOCK 445 /* file is locked by open() */ 446 break; 447 #else 448 if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB)) 449 break; 450 else 451 #endif 452 if (LogLevel > 0 && (i % 32) == 0) 453 sm_syslog(LOG_ALERT, e->e_id, 454 "queueup: cannot lock %s: %s", 455 tf, sm_errstring(errno)); 456 if ((i % 32) == 31) 457 { 458 (void) close(tfd); 459 tfd = -1; 460 } 461 } 462 463 if ((i % 32) == 31) 464 { 465 /* save the old temp file away */ 466 (void) rename(tf, queuename(e, TEMPQF_LETTER)); 467 } 468 else 469 (void) sleep(i % 32); 470 } 471 if (tfd < 0 || (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 472 (void *) &tfd, SM_IO_WRONLY_B, 473 NULL)) == NULL) 474 { 475 int save_errno = errno; 476 477 printopenfds(true); 478 errno = save_errno; 479 syserr("!queueup: cannot create queue temp file %s, uid=%ld", 480 tf, (long) geteuid()); 481 } 482 } 483 484 if (tTd(40, 1)) 485 sm_dprintf("\n>>>>> queueing %s/%s%s >>>>>\n", 486 qid_printqueue(e->e_qgrp, e->e_qdir), 487 queuename(e, ANYQFL_LETTER), 488 newid ? " (new id)" : ""); 489 if (tTd(40, 3)) 490 { 491 sm_dprintf(" e_flags="); 492 printenvflags(e); 493 } 494 if (tTd(40, 32)) 495 { 496 sm_dprintf(" sendq="); 497 printaddr(sm_debug_file(), e->e_sendqueue, true); 498 } 499 if (tTd(40, 9)) 500 { 501 sm_dprintf(" tfp="); 502 dumpfd(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL), true, false); 503 sm_dprintf(" lockfp="); 504 if (e->e_lockfp == NULL) 505 sm_dprintf("NULL\n"); 506 else 507 dumpfd(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL), 508 true, false); 509 } 510 511 /* 512 ** If there is no data file yet, create one. 513 */ 514 515 (void) sm_strlcpy(df, queuename(e, DATAFL_LETTER), sizeof(df)); 516 if (bitset(EF_HAS_DF, e->e_flags)) 517 { 518 if (e->e_dfp != NULL && 519 SuperSafe != SAFE_REALLY && 520 SuperSafe != SAFE_REALLY_POSTMILTER && 521 sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 && 522 errno != EINVAL) 523 { 524 syserr("!queueup: cannot commit data file %s, uid=%ld", 525 queuename(e, DATAFL_LETTER), (long) geteuid()); 526 } 527 if (e->e_dfp != NULL && 528 SuperSafe == SAFE_INTERACTIVE && QUP_MSYNC) 529 { 530 if (tTd(40,32)) 531 sm_syslog(LOG_INFO, e->e_id, 532 "queueup: fsync(e->e_dfp)"); 533 534 if (fsync(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, 535 NULL)) < 0) 536 { 537 if (newid) 538 syserr("!552 Error writing data file %s", 539 df); 540 else 541 syserr("!452 Error writing data file %s", 542 df); 543 } 544 } 545 } 546 else 547 { 548 int dfd; 549 MODE_T oldumask = 0; 550 register SM_FILE_T *dfp = NULL; 551 struct stat stbuf; 552 553 if (e->e_dfp != NULL && 554 sm_io_getinfo(e->e_dfp, SM_IO_WHAT_ISTYPE, BF_FILE_TYPE)) 555 syserr("committing over bf file"); 556 557 if (bitset(S_IWGRP, QueueFileMode)) 558 oldumask = umask(002); 559 dfd = open(df, O_WRONLY|O_CREAT|O_TRUNC|QF_O_EXTRA, 560 QueueFileMode); 561 if (bitset(S_IWGRP, QueueFileMode)) 562 (void) umask(oldumask); 563 if (dfd < 0 || (dfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, 564 (void *) &dfd, SM_IO_WRONLY_B, 565 NULL)) == NULL) 566 syserr("!queueup: cannot create data temp file %s, uid=%ld", 567 df, (long) geteuid()); 568 if (fstat(dfd, &stbuf) < 0) 569 e->e_dfino = -1; 570 else 571 { 572 e->e_dfdev = stbuf.st_dev; 573 e->e_dfino = ST_INODE(stbuf); 574 } 575 e->e_flags |= EF_HAS_DF; 576 memset(&mcibuf, '\0', sizeof(mcibuf)); 577 mcibuf.mci_out = dfp; 578 mcibuf.mci_mailer = FileMailer; 579 (*e->e_putbody)(&mcibuf, e, NULL); 580 581 if (SuperSafe == SAFE_REALLY || 582 SuperSafe == SAFE_REALLY_POSTMILTER || 583 (SuperSafe == SAFE_INTERACTIVE && 584 QUP_MSYNC)) 585 { 586 if (tTd(40,32)) 587 sm_syslog(LOG_INFO, e->e_id, 588 "queueup: fsync(dfp)"); 589 590 if (fsync(sm_io_getinfo(dfp, SM_IO_WHAT_FD, NULL)) < 0) 591 { 592 if (newid) 593 syserr("!552 Error writing data file %s", 594 df); 595 else 596 syserr("!452 Error writing data file %s", 597 df); 598 } 599 } 600 601 if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0) 602 syserr("!queueup: cannot save data temp file %s, uid=%ld", 603 df, (long) geteuid()); 604 e->e_putbody = putbody; 605 } 606 607 /* 608 ** Output future work requests. 609 ** Priority and creation time should be first, since 610 ** they are required by gatherq. 611 */ 612 613 /* output queue version number (must be first!) */ 614 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "V%d\n", QF_VERSION); 615 616 /* output creation time */ 617 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "T%ld\n", (long) e->e_ctime); 618 619 /* output last delivery time */ 620 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "K%ld\n", (long) e->e_dtime); 621 622 /* output number of delivery attempts */ 623 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "N%d\n", e->e_ntries); 624 625 /* output message priority */ 626 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "P%ld\n", e->e_msgpriority); 627 628 /* 629 ** If data file is in a different directory than the queue file, 630 ** output a "d" record naming the directory of the data file. 631 */ 632 633 if (e->e_dfqgrp != e->e_qgrp) 634 { 635 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "d%s\n", 636 Queue[e->e_dfqgrp]->qg_qpaths[e->e_dfqdir].qp_name); 637 } 638 639 /* output inode number of data file */ 640 if (e->e_dfino != -1) 641 { 642 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n", 643 (long) major(e->e_dfdev), 644 (long) minor(e->e_dfdev), 645 (ULONGLONG_T) e->e_dfino); 646 } 647 648 /* output body type */ 649 if (e->e_bodytype != NULL) 650 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "B%s\n", 651 denlstring(e->e_bodytype, true, false)); 652 653 /* quarantine reason */ 654 if (e->e_quarmsg != NULL) 655 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "q%s\n", 656 denlstring(e->e_quarmsg, true, false)); 657 658 /* message from envelope, if it exists */ 659 if (e->e_message != NULL) 660 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n", 661 denlstring(e->e_message, true, false)); 662 663 /* send various flag bits through */ 664 p = buf; 665 if (bitset(EF_WARNING, e->e_flags)) 666 *p++ = 'w'; 667 if (bitset(EF_RESPONSE, e->e_flags)) 668 *p++ = 'r'; 669 if (bitset(EF_HAS8BIT, e->e_flags)) 670 *p++ = '8'; 671 if (bitset(EF_DELETE_BCC, e->e_flags)) 672 *p++ = 'b'; 673 if (bitset(EF_RET_PARAM, e->e_flags)) 674 *p++ = 'd'; 675 if (bitset(EF_NO_BODY_RETN, e->e_flags)) 676 *p++ = 'n'; 677 if (bitset(EF_SPLIT, e->e_flags)) 678 *p++ = 's'; 679 #if USE_EAI 680 if (e->e_smtputf8) 681 *p++ = 'e'; 682 #endif 683 *p++ = '\0'; 684 if (buf[0] != '\0') 685 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "F%s\n", buf); 686 687 /* save $={persistentMacros} macro values */ 688 queueup_macros(macid("{persistentMacros}"), tfp, e); 689 690 /* output name of sender */ 691 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) 692 p = e->e_sender; 693 else 694 p = e->e_from.q_paddr; 695 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "S%s\n", 696 denlstring(p, true, false)); 697 698 /* output ESMTP-supplied "original" information */ 699 if (e->e_envid != NULL) 700 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Z%s\n", 701 denlstring(e->e_envid, true, false)); 702 703 /* output AUTH= parameter */ 704 if (e->e_auth_param != NULL) 705 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "A%s\n", 706 denlstring(e->e_auth_param, true, false)); 707 if (e->e_dlvr_flag != 0) 708 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "!%c %ld\n", 709 (char) e->e_dlvr_flag, e->e_deliver_by); 710 711 /* output list of recipient addresses */ 712 printctladdr(NULL, NULL); 713 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 714 { 715 q->q_flags &= ~QQUEUED; 716 if (!QS_IS_UNDELIVERED(q->q_state)) 717 continue; 718 719 /* message for this recipient, if it exists */ 720 if (q->q_message != NULL) 721 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n", 722 denlstring(q->q_message, true, 723 false)); 724 725 printctladdr(q, tfp); 726 if (q->q_orcpt != NULL) 727 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Q%s\n", 728 denlstring(q->q_orcpt, true, 729 false)); 730 if (q->q_finalrcpt != NULL) 731 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "r%s\n", 732 denlstring(q->q_finalrcpt, true, 733 false)); 734 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'R'); 735 if (bitset(QPRIMARY, q->q_flags)) 736 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'P'); 737 if (bitset(QHASNOTIFY, q->q_flags)) 738 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'N'); 739 if (bitset(QPINGONSUCCESS, q->q_flags)) 740 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'S'); 741 if (bitset(QPINGONFAILURE, q->q_flags)) 742 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'F'); 743 if (bitset(QPINGONDELAY, q->q_flags)) 744 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'D'); 745 if (bitset(QINTBCC, q->q_flags)) 746 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'B'); 747 if (q->q_alias != NULL && 748 bitset(QALIAS, q->q_alias->q_flags)) 749 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'A'); 750 751 /* _FFR_RCPTFLAGS */ 752 if (bitset(QDYNMAILER, q->q_flags)) 753 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, QDYNMAILFLG); 754 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, ':'); 755 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s\n", 756 denlstring(q->q_paddr, true, false)); 757 if (QUP_ANNOUNCE) 758 { 759 char *tag = "queued"; 760 761 if (e->e_quarmsg != NULL) 762 tag = "quarantined"; 763 764 e->e_to = q->q_paddr; 765 message("%s", tag); 766 if (LogLevel > 8) 767 logdelivery(q->q_mailer, NULL, q->q_status, 768 tag, NULL, (time_t) 0, e, q, EX_OK); 769 e->e_to = NULL; 770 } 771 772 /* 773 ** This is only "valid" when the msg is safely in the queue, 774 ** i.e., EF_INQUEUE needs to be set. 775 */ 776 777 q->q_flags |= QQUEUED; 778 779 if (tTd(40, 1)) 780 { 781 sm_dprintf("queueing "); 782 printaddr(sm_debug_file(), q, false); 783 } 784 } 785 786 /* 787 ** Output headers for this message. 788 ** Expand macros completely here. Queue run will deal with 789 ** everything as absolute headers. 790 ** All headers that must be relative to the recipient 791 ** can be cracked later. 792 ** We set up a "null mailer" -- i.e., a mailer that will have 793 ** no effect on the addresses as they are output. 794 */ 795 796 memset((char *) &nullmailer, '\0', sizeof(nullmailer)); 797 nullmailer.m_re_rwset = nullmailer.m_rh_rwset = 798 nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1; 799 nullmailer.m_eol = "\n"; 800 memset(&mcibuf, '\0', sizeof(mcibuf)); 801 mcibuf.mci_mailer = &nullmailer; 802 mcibuf.mci_out = tfp; 803 804 macdefine(&e->e_macro, A_PERM, 'g', "\201f"); 805 for (h = e->e_header; h != NULL; h = h->h_link) 806 { 807 if (h->h_value == NULL) 808 continue; 809 810 /* don't output resent headers on non-resent messages */ 811 if (bitset(H_RESENT, h->h_flags) && 812 !bitset(EF_RESENT, e->e_flags)) 813 continue; 814 815 /* expand macros; if null, don't output header at all */ 816 if (bitset(H_DEFAULT, h->h_flags)) 817 { 818 (void) expand(h->h_value, buf, sizeof(buf), e); 819 if (buf[0] == '\0') 820 continue; 821 if (buf[0] == ' ' && buf[1] == '\0') 822 continue; 823 } 824 825 /* output this header */ 826 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "H?"); 827 828 /* output conditional macro if present */ 829 if (h->h_macro != '\0') 830 { 831 if (bitset(0200, h->h_macro)) 832 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, 833 "${%s}", 834 macname(bitidx(h->h_macro))); 835 else 836 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, 837 "$%c", h->h_macro); 838 } 839 else if (!bitzerop(h->h_mflags) && 840 bitset(H_CHECK|H_ACHECK, h->h_flags)) 841 { 842 int j; 843 844 /* if conditional, output the set of conditions */ 845 for (j = '\0'; j <= '\177'; j++) 846 if (bitnset(j, h->h_mflags)) 847 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 848 j); 849 } 850 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, '?'); 851 852 /* output the header: expand macros, convert addresses */ 853 if (bitset(H_DEFAULT, h->h_flags) && 854 !bitset(H_BINDLATE, h->h_flags)) 855 { 856 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n", 857 h->h_field, 858 denlstring(buf, false, true)); 859 } 860 else if (bitset(H_FROM|H_RCPT, h->h_flags) && 861 !bitset(H_BINDLATE, h->h_flags)) 862 { 863 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags); 864 SM_FILE_T *savetrace = TrafficLogFile; 865 866 TrafficLogFile = NULL; 867 868 if (bitset(H_FROM, h->h_flags)) 869 oldstyle = false; 870 commaize(h, h->h_value, oldstyle, &mcibuf, e, 871 PXLF_HEADER); 872 873 TrafficLogFile = savetrace; 874 } 875 else 876 { 877 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n", 878 h->h_field, 879 denlstring(h->h_value, false, 880 true)); 881 } 882 } 883 884 /* 885 ** Clean up. 886 ** 887 ** Write a terminator record -- this is to prevent 888 ** scurrilous crackers from appending any data. 889 */ 890 891 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ".\n"); 892 893 if (sm_io_flush(tfp, SM_TIME_DEFAULT) != 0 || 894 ((SuperSafe == SAFE_REALLY || 895 SuperSafe == SAFE_REALLY_POSTMILTER || 896 (SuperSafe == SAFE_INTERACTIVE && QUP_MSYNC)) && 897 fsync(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL)) < 0) || 898 sm_io_error(tfp)) 899 { 900 if (newid) 901 syserr("!552 Error writing control file %s", tf); 902 else 903 syserr("!452 Error writing control file %s", tf); 904 } 905 906 if (!newid) 907 { 908 char new = queue_letter(e, ANYQFL_LETTER); 909 910 /* rename (locked) tf to be (locked) [qh]f */ 911 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), 912 sizeof(qf)); 913 if (rename(tf, qf) < 0) 914 syserr("cannot rename(%s, %s), uid=%ld", 915 tf, qf, (long) geteuid()); 916 else 917 { 918 /* 919 ** Check if type has changed and only 920 ** remove the old item if the rename above 921 ** succeeded. 922 */ 923 924 if (e->e_qfletter != '\0' && 925 e->e_qfletter != new) 926 { 927 if (tTd(40, 5)) 928 { 929 sm_dprintf("type changed from %c to %c\n", 930 e->e_qfletter, new); 931 } 932 933 if (unlink(queuename(e, e->e_qfletter)) < 0) 934 { 935 /* XXX: something more drastic? */ 936 if (LogLevel > 0) 937 sm_syslog(LOG_ERR, e->e_id, 938 "queueup: unlink(%s) failed: %s", 939 queuename(e, e->e_qfletter), 940 sm_errstring(errno)); 941 } 942 } 943 } 944 e->e_qfletter = new; 945 946 /* 947 ** fsync() after renaming to make sure metadata is 948 ** written to disk on filesystems in which renames are 949 ** not guaranteed. 950 */ 951 952 if (SuperSafe != SAFE_NO) 953 { 954 /* for softupdates */ 955 if (tfd >= 0 && fsync(tfd) < 0) 956 { 957 syserr("!queueup: cannot fsync queue temp file %s", 958 tf); 959 } 960 SYNC_DIR(qf, true); 961 } 962 963 /* close and unlock old (locked) queue file */ 964 if (e->e_lockfp != NULL) 965 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT); 966 e->e_lockfp = tfp; 967 968 /* save log info */ 969 if (LogLevel > 79) 970 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", qf); 971 } 972 else 973 { 974 /* save log info */ 975 if (LogLevel > 79) 976 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", tf); 977 978 e->e_qfletter = queue_letter(e, ANYQFL_LETTER); 979 } 980 981 errno = 0; 982 e->e_flags |= EF_INQUEUE; 983 984 if (tTd(40, 1)) 985 sm_dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id); 986 #if _FFR_DMTRIGGER 987 if (SM_TRIGGER == e->e_sendmode && !SM_IS_EMPTY(e->e_id)) 988 { 989 char buf[64]; 990 991 if (QUP_UNLOCK) 992 unlockqueue(e); 993 (void) sm_snprintf(buf, sizeof(buf), "N:%d:%d:%s", 994 e->e_qgrp, e->e_qdir, e->e_id); 995 i = sm_notify_snd(buf, strlen(buf)); 996 sm_syslog(LOG_DEBUG, e->e_id, "queueup: mode=%c, id=%s, unlock=%d, snd=%d", 997 e->e_sendmode, e->e_id, QUP_UNLOCK, i); 998 if (i < 0) 999 { 1000 /* 1001 ** What to do about this? 1002 ** Notify caller (change return type)? 1003 ** A queue runner will eventually pick it up. 1004 */ 1005 1006 sm_syslog(LOG_ERR, e->e_id, "queueup: notify_snd=%d", 1007 i); 1008 } 1009 } 1010 #endif /* _FFR_DMTRIGGER */ 1011 return; 1012 #undef QUP_ANNOUNCE 1013 #undef QUP_MSYNC 1014 #undef QUP_UNLOCK 1015 } 1016 1017 /* 1018 ** PRINTCTLADDR -- print control address to file. 1019 ** 1020 ** Parameters: 1021 ** a -- address. 1022 ** tfp -- file pointer. 1023 ** 1024 ** Returns: 1025 ** none. 1026 ** 1027 ** Side Effects: 1028 ** The control address (if changed) is printed to the file. 1029 ** The last control address and uid are saved. 1030 */ 1031 1032 static void 1033 printctladdr(a, tfp) 1034 register ADDRESS *a; 1035 SM_FILE_T *tfp; 1036 { 1037 char *user; 1038 register ADDRESS *q; 1039 uid_t uid; 1040 gid_t gid; 1041 static ADDRESS *lastctladdr = NULL; 1042 static uid_t lastuid; 1043 1044 /* initialization */ 1045 if (a == NULL || a->q_alias == NULL || tfp == NULL) 1046 { 1047 if (lastctladdr != NULL && tfp != NULL) 1048 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C\n"); 1049 lastctladdr = NULL; 1050 lastuid = 0; 1051 return; 1052 } 1053 1054 /* find the active uid */ 1055 q = getctladdr(a); 1056 if (q == NULL) 1057 { 1058 user = NULL; 1059 uid = 0; 1060 gid = 0; 1061 } 1062 else 1063 { 1064 user = q->q_ruser != NULL ? q->q_ruser : q->q_user; 1065 uid = q->q_uid; 1066 gid = q->q_gid; 1067 } 1068 a = a->q_alias; 1069 1070 /* check to see if this is the same as last time */ 1071 if (lastctladdr != NULL && uid == lastuid && 1072 strcmp(lastctladdr->q_paddr, a->q_paddr) == 0) 1073 return; 1074 lastuid = uid; 1075 lastctladdr = a; 1076 1077 if (uid == 0 || user == NULL || user[0] == '\0') 1078 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C"); 1079 else 1080 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C%s:%ld:%ld", 1081 denlstring(user, true, false), (long) uid, 1082 (long) gid); 1083 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ":%s\n", 1084 denlstring(a->q_paddr, true, false)); 1085 } 1086 1087 /* 1088 ** RUNNERS_SIGTERM -- propagate a SIGTERM to queue runner process 1089 ** 1090 ** This propagates the signal to the child processes that are queue 1091 ** runners. This is for a queue runner "cleanup". After all of the 1092 ** child queue runner processes are signaled (it should be SIGTERM 1093 ** being the sig) then the old signal handler (Oldsh) is called 1094 ** to handle any cleanup set for this process (provided it is not 1095 ** SIG_DFL or SIG_IGN). The signal may not be handled immediately 1096 ** if the BlockOldsh flag is set. If the current process doesn't 1097 ** have a parent then handle the signal immediately, regardless of 1098 ** BlockOldsh. 1099 ** 1100 ** Parameters: 1101 ** sig -- the signal number being sent 1102 ** 1103 ** Returns: 1104 ** none. 1105 ** 1106 ** Side Effects: 1107 ** Sets the NoMoreRunners boolean to true to stop more runners 1108 ** from being started in runqueue(). 1109 ** 1110 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 1111 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 1112 ** DOING. 1113 */ 1114 1115 static bool volatile NoMoreRunners = false; 1116 static sigfunc_t Oldsh_term = SIG_DFL; 1117 static sigfunc_t Oldsh_hup = SIG_DFL; 1118 static sigfunc_t volatile Oldsh = SIG_DFL; 1119 static bool BlockOldsh = false; 1120 static int volatile Oldsig = 0; 1121 static SIGFUNC_DECL runners_sigterm __P((int)); 1122 static SIGFUNC_DECL runners_sighup __P((int)); 1123 1124 static SIGFUNC_DECL 1125 runners_sigterm(sig) 1126 int sig; 1127 { 1128 int save_errno = errno; 1129 1130 FIX_SYSV_SIGNAL(sig, runners_sigterm); 1131 errno = save_errno; 1132 CHECK_CRITICAL(sig); 1133 NoMoreRunners = true; 1134 Oldsh = Oldsh_term; 1135 Oldsig = sig; 1136 proc_list_signal(PROC_QUEUE, sig); 1137 1138 if (!BlockOldsh || getppid() <= 1) 1139 { 1140 /* Check that a valid 'old signal handler' is callable */ 1141 if (Oldsh_term != SIG_DFL && Oldsh_term != SIG_IGN && 1142 Oldsh_term != runners_sigterm) 1143 (*Oldsh_term)(sig); 1144 } 1145 errno = save_errno; 1146 return SIGFUNC_RETURN; 1147 } 1148 /* 1149 ** RUNNERS_SIGHUP -- propagate a SIGHUP to queue runner process 1150 ** 1151 ** This propagates the signal to the child processes that are queue 1152 ** runners. This is for a queue runner "cleanup". After all of the 1153 ** child queue runner processes are signaled (it should be SIGHUP 1154 ** being the sig) then the old signal handler (Oldsh) is called to 1155 ** handle any cleanup set for this process (provided it is not SIG_DFL 1156 ** or SIG_IGN). The signal may not be handled immediately if the 1157 ** BlockOldsh flag is set. If the current process doesn't have 1158 ** a parent then handle the signal immediately, regardless of 1159 ** BlockOldsh. 1160 ** 1161 ** Parameters: 1162 ** sig -- the signal number being sent 1163 ** 1164 ** Returns: 1165 ** none. 1166 ** 1167 ** Side Effects: 1168 ** Sets the NoMoreRunners boolean to true to stop more runners 1169 ** from being started in runqueue(). 1170 ** 1171 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 1172 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 1173 ** DOING. 1174 */ 1175 1176 static SIGFUNC_DECL 1177 runners_sighup(sig) 1178 int sig; 1179 { 1180 int save_errno = errno; 1181 1182 FIX_SYSV_SIGNAL(sig, runners_sighup); 1183 errno = save_errno; 1184 CHECK_CRITICAL(sig); 1185 NoMoreRunners = true; 1186 Oldsh = Oldsh_hup; 1187 Oldsig = sig; 1188 proc_list_signal(PROC_QUEUE, sig); 1189 1190 if (!BlockOldsh || getppid() <= 1) 1191 { 1192 /* Check that a valid 'old signal handler' is callable */ 1193 if (Oldsh_hup != SIG_DFL && Oldsh_hup != SIG_IGN && 1194 Oldsh_hup != runners_sighup) 1195 (*Oldsh_hup)(sig); 1196 } 1197 errno = save_errno; 1198 return SIGFUNC_RETURN; 1199 } 1200 /* 1201 ** MARK_WORK_GROUP_RESTART -- mark a work group as needing a restart 1202 ** 1203 ** Sets a workgroup for restarting. 1204 ** 1205 ** Parameters: 1206 ** wgrp -- the work group id to restart. 1207 ** reason -- why (signal?), -1 to turn off restart 1208 ** 1209 ** Returns: 1210 ** none. 1211 ** 1212 ** Side effects: 1213 ** May set global RestartWorkGroup to true. 1214 ** 1215 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 1216 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 1217 ** DOING. 1218 */ 1219 1220 void 1221 mark_work_group_restart(wgrp, reason) 1222 int wgrp; 1223 int reason; 1224 { 1225 if (wgrp < 0 || wgrp > NumWorkGroups) 1226 return; 1227 1228 WorkGrp[wgrp].wg_restart = reason; 1229 if (reason >= 0) 1230 RestartWorkGroup = true; 1231 } 1232 /* 1233 ** RESTART_MARKED_WORK_GROUPS -- restart work groups marked as needing restart 1234 ** 1235 ** Restart any workgroup marked as needing a restart provided more 1236 ** runners are allowed. 1237 ** 1238 ** Parameters: 1239 ** none. 1240 ** 1241 ** Returns: 1242 ** none. 1243 ** 1244 ** Side effects: 1245 ** Sets global RestartWorkGroup to false. 1246 */ 1247 1248 void 1249 restart_marked_work_groups() 1250 { 1251 int i; 1252 int wasblocked; 1253 1254 if (NoMoreRunners) 1255 return; 1256 1257 /* Block SIGCHLD so reapchild() doesn't mess with us */ 1258 wasblocked = sm_blocksignal(SIGCHLD); 1259 1260 for (i = 0; i < NumWorkGroups; i++) 1261 { 1262 if (WorkGrp[i].wg_restart >= 0) 1263 { 1264 if (LogLevel > 8) 1265 sm_syslog(LOG_ERR, NOQID, 1266 "restart queue runner=%d due to signal 0x%x", 1267 i, WorkGrp[i].wg_restart); 1268 restart_work_group(i); 1269 } 1270 } 1271 RestartWorkGroup = false; 1272 1273 if (wasblocked == 0) 1274 (void) sm_releasesignal(SIGCHLD); 1275 } 1276 /* 1277 ** RESTART_WORK_GROUP -- restart a specific work group 1278 ** 1279 ** Restart a specific workgroup provided more runners are allowed. 1280 ** If the requested work group has been restarted too many times log 1281 ** this and refuse to restart. 1282 ** 1283 ** Parameters: 1284 ** wgrp -- the work group id to restart 1285 ** 1286 ** Returns: 1287 ** none. 1288 ** 1289 ** Side Effects: 1290 ** starts another process doing the work of wgrp 1291 */ 1292 1293 #define MAX_PERSIST_RESTART 10 /* max allowed number of restarts */ 1294 1295 static void 1296 restart_work_group(wgrp) 1297 int wgrp; 1298 { 1299 if (NoMoreRunners || 1300 wgrp < 0 || wgrp > NumWorkGroups) 1301 return; 1302 1303 WorkGrp[wgrp].wg_restart = -1; 1304 if (WorkGrp[wgrp].wg_restartcnt < MAX_PERSIST_RESTART) 1305 { 1306 /* avoid overflow; increment here */ 1307 WorkGrp[wgrp].wg_restartcnt++; 1308 (void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL); 1309 } 1310 else 1311 { 1312 sm_syslog(LOG_ERR, NOQID, 1313 "ERROR: persistent queue runner=%d restarted too many times, queue runner lost", 1314 wgrp); 1315 } 1316 } 1317 /* 1318 ** SCHEDULE_QUEUE_RUNS -- schedule the next queue run for a work group. 1319 ** 1320 ** Parameters: 1321 ** runall -- schedule even if individual bit is not set. 1322 ** wgrp -- the work group id to schedule. 1323 ** didit -- the queue run was performed for this work group. 1324 ** 1325 ** Returns: 1326 ** nothing 1327 */ 1328 1329 #define INCR_MOD(v, m) if (++v >= m) \ 1330 v = 0; \ 1331 else 1332 1333 static void 1334 schedule_queue_runs(runall, wgrp, didit) 1335 bool runall; 1336 int wgrp; 1337 bool didit; 1338 { 1339 int qgrp, cgrp, endgrp; 1340 #if _FFR_QUEUE_SCHED_DBG 1341 time_t lastsched; 1342 bool sched; 1343 #endif 1344 time_t now; 1345 time_t minqintvl; 1346 1347 /* 1348 ** This is a bit ugly since we have to duplicate the 1349 ** code that "walks" through a work queue group. 1350 */ 1351 1352 now = curtime(); 1353 minqintvl = 0; 1354 cgrp = endgrp = WorkGrp[wgrp].wg_curqgrp; 1355 do 1356 { 1357 time_t qintvl; 1358 1359 #if _FFR_QUEUE_SCHED_DBG 1360 lastsched = 0; 1361 sched = false; 1362 #endif 1363 qgrp = WorkGrp[wgrp].wg_qgs[cgrp]->qg_index; 1364 if (Queue[qgrp]->qg_queueintvl > 0) 1365 qintvl = Queue[qgrp]->qg_queueintvl; 1366 else if (QueueIntvl > 0) 1367 qintvl = QueueIntvl; 1368 else 1369 qintvl = (time_t) 0; 1370 #if _FFR_QUEUE_SCHED_DBG 1371 lastsched = Queue[qgrp]->qg_nextrun; 1372 #endif 1373 if ((runall || Queue[qgrp]->qg_nextrun <= now) && qintvl > 0) 1374 { 1375 #if _FFR_QUEUE_SCHED_DBG 1376 sched = true; 1377 #endif 1378 if (minqintvl == 0 || qintvl < minqintvl) 1379 minqintvl = qintvl; 1380 1381 /* 1382 ** Only set a new time if a queue run was performed 1383 ** for this queue group. If the queue was not run, 1384 ** we could starve it by setting a new time on each 1385 ** call. 1386 */ 1387 1388 if (didit) 1389 Queue[qgrp]->qg_nextrun += qintvl; 1390 } 1391 #if _FFR_QUEUE_SCHED_DBG 1392 if (tTd(69, 10)) 1393 sm_syslog(LOG_INFO, NOQID, 1394 "sqr: wgrp=%d, cgrp=%d, qgrp=%d, intvl=%ld, QI=%ld, runall=%d, lastrun=%ld, nextrun=%ld, sched=%d", 1395 wgrp, cgrp, qgrp, 1396 (long) Queue[qgrp]->qg_queueintvl, 1397 (long) QueueIntvl, runall, (long) lastsched, 1398 (long) Queue[qgrp]->qg_nextrun, sched); 1399 #endif /* _FFR_QUEUE_SCHED_DBG */ 1400 INCR_MOD(cgrp, WorkGrp[wgrp].wg_numqgrp); 1401 } while (endgrp != cgrp); 1402 if (minqintvl > 0) 1403 (void) sm_setevent(minqintvl, runqueueevent, 0); 1404 } 1405 1406 #if _FFR_QUEUE_RUN_PARANOIA 1407 /* 1408 ** CHECKQUEUERUNNER -- check whether a queue group hasn't been run. 1409 ** 1410 ** Use this if events may get lost and hence queue runners may not 1411 ** be started and mail will pile up in a queue. 1412 ** 1413 ** Parameters: 1414 ** none. 1415 ** 1416 ** Returns: 1417 ** true if a queue run is necessary. 1418 ** 1419 ** Side Effects: 1420 ** may schedule a queue run. 1421 */ 1422 1423 bool 1424 checkqueuerunner() 1425 { 1426 int qgrp; 1427 time_t now, minqintvl; 1428 1429 now = curtime(); 1430 minqintvl = 0; 1431 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++) 1432 { 1433 time_t qintvl; 1434 1435 if (Queue[qgrp]->qg_queueintvl > 0) 1436 qintvl = Queue[qgrp]->qg_queueintvl; 1437 else if (QueueIntvl > 0) 1438 qintvl = QueueIntvl; 1439 else 1440 qintvl = (time_t) 0; 1441 if (Queue[qgrp]->qg_nextrun <= now - qintvl) 1442 { 1443 if (minqintvl == 0 || qintvl < minqintvl) 1444 minqintvl = qintvl; 1445 if (LogLevel > 1) 1446 sm_syslog(LOG_WARNING, NOQID, 1447 "checkqueuerunner: queue %d should have been run at %s, queue interval %ld", 1448 qgrp, 1449 arpadate(ctime(&Queue[qgrp]->qg_nextrun)), 1450 (long) qintvl); 1451 } 1452 } 1453 if (minqintvl > 0) 1454 { 1455 (void) sm_setevent(minqintvl, runqueueevent, 0); 1456 return true; 1457 } 1458 return false; 1459 } 1460 #endif /* _FFR_QUEUE_RUN_PARANOIA */ 1461 1462 /* 1463 ** RUNQUEUE -- run the jobs in the queue. 1464 ** 1465 ** Gets the stuff out of the queue in some presumably logical 1466 ** order and processes them. 1467 ** 1468 ** Parameters: 1469 ** forkflag -- true if the queue scanning should be done in 1470 ** a child process. We double-fork so it is not our 1471 ** child and we don't have to clean up after it. 1472 ** false can be ignored if we have multiple queues. 1473 ** verbose -- if true, print out status information. 1474 ** persistent -- persistent queue runner? 1475 ** runall -- run all groups or only a subset (DoQueueRun)? 1476 ** 1477 ** Returns: 1478 ** true if the queue run successfully began. 1479 ** 1480 ** Side Effects: 1481 ** runs things in the mail queue using run_work_group(). 1482 ** maybe schedules next queue run. 1483 */ 1484 1485 static ENVELOPE QueueEnvelope; /* the queue run envelope */ 1486 static time_t LastQueueTime = 0; /* last time a queue ID assigned */ 1487 static pid_t LastQueuePid = -1; /* last PID which had a queue ID */ 1488 1489 /* values for qp_supdirs */ 1490 #define QP_NOSUB 0x0000 /* No subdirectories */ 1491 #define QP_SUBDF 0x0001 /* "df" subdirectory */ 1492 #define QP_SUBQF 0x0002 /* "qf" subdirectory */ 1493 #define QP_SUBXF 0x0004 /* "xf" subdirectory */ 1494 1495 bool 1496 runqueue(forkflag, verbose, persistent, runall) 1497 bool forkflag; 1498 bool verbose; 1499 bool persistent; 1500 bool runall; 1501 { 1502 int i; 1503 bool ret = true; 1504 static int curnum = 0; 1505 sigfunc_t cursh; 1506 #if SM_HEAP_CHECK 1507 SM_NONVOLATILE int oldgroup = 0; 1508 1509 if (sm_debug_active(&DebugLeakQ, 1)) 1510 { 1511 oldgroup = sm_heap_group(); 1512 sm_heap_newgroup(); 1513 sm_dprintf("runqueue() heap group #%d\n", sm_heap_group()); 1514 } 1515 #endif /* SM_HEAP_CHECK */ 1516 1517 /* queue run has been started, don't do any more this time */ 1518 DoQueueRun = false; 1519 1520 /* more than one queue or more than one directory per queue */ 1521 if (!forkflag && !verbose && 1522 (WorkGrp[0].wg_qgs[0]->qg_numqueues > 1 || NumWorkGroups > 1 || 1523 WorkGrp[0].wg_numqgrp > 1)) 1524 forkflag = true; 1525 1526 /* 1527 ** For controlling queue runners via signals sent to this process. 1528 ** Oldsh* will get called too by runners_sig* (if it is not SIG_IGN 1529 ** or SIG_DFL) to preserve cleanup behavior. Now that this process 1530 ** will have children (and perhaps grandchildren) this handler will 1531 ** be left in place. This is because this process, once it has 1532 ** finished spinning off queue runners, may go back to doing something 1533 ** else (like being a daemon). And we still want on a SIG{TERM,HUP} to 1534 ** clean up the child queue runners. Only install 'runners_sig*' once 1535 ** else we'll get stuck looping forever. 1536 */ 1537 1538 cursh = sm_signal(SIGTERM, runners_sigterm); 1539 if (cursh != runners_sigterm) 1540 Oldsh_term = cursh; 1541 cursh = sm_signal(SIGHUP, runners_sighup); 1542 if (cursh != runners_sighup) 1543 Oldsh_hup = cursh; 1544 1545 for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++) 1546 { 1547 int rwgflags = RWG_NONE; 1548 int wasblocked; 1549 1550 /* 1551 ** If MaxQueueChildren is active then test whether the start 1552 ** of the next queue group's additional queue runners (maximum) 1553 ** will result in MaxQueueChildren being exceeded. 1554 ** 1555 ** Note: do not use continue; even though another workgroup 1556 ** may have fewer queue runners, this would be "unfair", 1557 ** i.e., this work group might "starve" then. 1558 */ 1559 1560 #if _FFR_QUEUE_SCHED_DBG 1561 if (tTd(69, 10)) 1562 sm_syslog(LOG_INFO, NOQID, 1563 "rq: i=%d, curnum=%d, MaxQueueChildren=%d, CurRunners=%d, WorkGrp[curnum].wg_maxact=%d, skip=%d", 1564 i, curnum, MaxQueueChildren, CurRunners, 1565 WorkGrp[curnum].wg_maxact, 1566 MaxQueueChildren > 0 && 1567 CurRunners + WorkGrp[curnum].wg_maxact > 1568 MaxQueueChildren 1569 ); 1570 #endif /* _FFR_QUEUE_SCHED_DBG */ 1571 if (MaxQueueChildren > 0 && 1572 CurRunners + WorkGrp[curnum].wg_maxact > MaxQueueChildren) 1573 break; 1574 1575 /* 1576 ** Pick up where we left off (curnum), in case we 1577 ** used up all the children last time without finishing. 1578 ** This give a round-robin fairness to queue runs. 1579 ** 1580 ** Increment CurRunners before calling run_work_group() 1581 ** to avoid a "race condition" with proc_list_drop() which 1582 ** decrements CurRunners if the queue runners terminate. 1583 ** Notice: CurRunners is an upper limit, in some cases 1584 ** (too few jobs in the queue) this value is larger than 1585 ** the actual number of queue runners. The discrepancy can 1586 ** increase if some queue runners "hang" for a long time. 1587 */ 1588 1589 /* don't let proc_list_drop() change CurRunners */ 1590 wasblocked = sm_blocksignal(SIGCHLD); 1591 CurRunners += WorkGrp[curnum].wg_maxact; 1592 if (wasblocked == 0) 1593 (void) sm_releasesignal(SIGCHLD); 1594 if (forkflag) 1595 rwgflags |= RWG_FORK; 1596 if (verbose) 1597 rwgflags |= RWG_VERBOSE; 1598 if (persistent) 1599 rwgflags |= RWG_PERSISTENT; 1600 if (runall) 1601 rwgflags |= RWG_RUNALL; 1602 ret = run_work_group(curnum, rwgflags); 1603 1604 /* 1605 ** Failure means a message was printed for ETRN 1606 ** and subsequent queues are likely to fail as well. 1607 ** Decrement CurRunners in that case because 1608 ** none have been started. 1609 */ 1610 1611 if (!ret) 1612 { 1613 /* don't let proc_list_drop() change CurRunners */ 1614 wasblocked = sm_blocksignal(SIGCHLD); 1615 CurRunners -= WorkGrp[curnum].wg_maxact; 1616 CHK_CUR_RUNNERS("runqueue", curnum, 1617 WorkGrp[curnum].wg_maxact); 1618 if (wasblocked == 0) 1619 (void) sm_releasesignal(SIGCHLD); 1620 break; 1621 } 1622 1623 if (!persistent) 1624 schedule_queue_runs(runall, curnum, true); 1625 INCR_MOD(curnum, NumWorkGroups); 1626 } 1627 1628 /* schedule left over queue runs */ 1629 if (i < NumWorkGroups && !NoMoreRunners && !persistent) 1630 { 1631 int h; 1632 1633 for (h = curnum; i < NumWorkGroups; i++) 1634 { 1635 schedule_queue_runs(runall, h, false); 1636 INCR_MOD(h, NumWorkGroups); 1637 } 1638 } 1639 1640 1641 #if SM_HEAP_CHECK 1642 if (sm_debug_active(&DebugLeakQ, 1)) 1643 sm_heap_setgroup(oldgroup); 1644 #endif 1645 return ret; 1646 } 1647 1648 #if _FFR_SKIP_DOMAINS 1649 /* 1650 ** SKIP_DOMAINS -- Skip 'skip' number of domains in the WorkQ. 1651 ** 1652 ** Added by Stephen Frost <sfrost@snowman.net> to support 1653 ** having each runner process every N'th domain instead of 1654 ** every N'th message. 1655 ** 1656 ** Parameters: 1657 ** skip -- number of domains in WorkQ to skip. 1658 ** 1659 ** Returns: 1660 ** total number of messages skipped. 1661 ** 1662 ** Side Effects: 1663 ** may change WorkQ 1664 */ 1665 1666 static int 1667 skip_domains(skip) 1668 int skip; 1669 { 1670 int n, seqjump; 1671 1672 for (n = 0, seqjump = 0; n < skip && WorkQ != NULL; seqjump++) 1673 { 1674 if (WorkQ->w_next != NULL) 1675 { 1676 if (WorkQ->w_host != NULL && 1677 WorkQ->w_next->w_host != NULL) 1678 { 1679 if (!SM_STRCASEEQ(WorkQ->w_host, 1680 WorkQ->w_next->w_host)) 1681 n++; 1682 } 1683 else 1684 { 1685 if ((WorkQ->w_host != NULL && 1686 WorkQ->w_next->w_host == NULL) || 1687 (WorkQ->w_host == NULL && 1688 WorkQ->w_next->w_host != NULL)) 1689 n++; 1690 } 1691 } 1692 WorkQ = WorkQ->w_next; 1693 } 1694 return seqjump; 1695 } 1696 #endif /* _FFR_SKIP_DOMAINS */ 1697 1698 /* 1699 ** RUNNER_WORK -- have a queue runner do its work 1700 ** 1701 ** Have a queue runner do its work a list of entries. 1702 ** When work isn't directly being done then this process can take a signal 1703 ** and terminate immediately (in a clean fashion of course). 1704 ** When work is directly being done, it's not to be interrupted 1705 ** immediately: the work should be allowed to finish at a clean point 1706 ** before termination (in a clean fashion of course). 1707 ** 1708 ** Parameters: 1709 ** e -- envelope. 1710 ** sequenceno -- 'th process to run WorkQ. 1711 ** didfork -- did the calling process fork()? 1712 ** skip -- process only each skip'th item. 1713 ** njobs -- number of jobs in WorkQ. 1714 ** 1715 ** Returns: 1716 ** none. 1717 ** 1718 ** Side Effects: 1719 ** runs things in the mail queue. 1720 */ 1721 1722 static void 1723 runner_work(e, sequenceno, didfork, skip, njobs) 1724 register ENVELOPE *e; 1725 int sequenceno; 1726 bool didfork; 1727 int skip; 1728 int njobs; 1729 { 1730 int n, seqjump; 1731 WORK *w; 1732 time_t now; 1733 1734 SM_GET_LA(now); 1735 1736 /* 1737 ** Here we temporarily block the second calling of the handlers. 1738 ** This allows us to handle the signal without terminating in the 1739 ** middle of direct work. If a signal does come, the test for 1740 ** NoMoreRunners will find it. 1741 */ 1742 1743 BlockOldsh = true; 1744 seqjump = skip; 1745 1746 /* process them once at a time */ 1747 while (WorkQ != NULL) 1748 { 1749 #if SM_HEAP_CHECK 1750 SM_NONVOLATILE int oldgroup = 0; 1751 1752 if (sm_debug_active(&DebugLeakQ, 1)) 1753 { 1754 oldgroup = sm_heap_group(); 1755 sm_heap_newgroup(); 1756 sm_dprintf("runner_work(): heap group #%d\n", 1757 sm_heap_group()); 1758 } 1759 #endif /* SM_HEAP_CHECK */ 1760 1761 /* do no more work */ 1762 if (NoMoreRunners) 1763 { 1764 /* Check that a valid signal handler is callable */ 1765 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN && 1766 Oldsh != runners_sighup && 1767 Oldsh != runners_sigterm) 1768 (*Oldsh)(Oldsig); 1769 break; 1770 } 1771 1772 w = WorkQ; /* assign current work item */ 1773 1774 /* 1775 ** Set the head of the WorkQ to the next work item. 1776 ** It is set 'skip' ahead (the number of parallel queue 1777 ** runners working on WorkQ together) since each runner 1778 ** works on every 'skip'th (N-th) item. 1779 #if _FFR_SKIP_DOMAINS 1780 ** In the case of the BYHOST Queue Sort Order, the 'item' 1781 ** is a domain, so we work on every 'skip'th (N-th) domain. 1782 #endif 1783 */ 1784 1785 #if _FFR_SKIP_DOMAINS 1786 if (QueueSortOrder == QSO_BYHOST) 1787 { 1788 seqjump = 1; 1789 if (WorkQ->w_next != NULL) 1790 { 1791 if (WorkQ->w_host != NULL && 1792 WorkQ->w_next->w_host != NULL) 1793 { 1794 if (!SM_STRCASEEQ(WorkQ->w_host, 1795 WorkQ->w_next->w_host)) 1796 seqjump = skip_domains(skip); 1797 else 1798 WorkQ = WorkQ->w_next; 1799 } 1800 else 1801 { 1802 if ((WorkQ->w_host != NULL && 1803 WorkQ->w_next->w_host == NULL) || 1804 (WorkQ->w_host == NULL && 1805 WorkQ->w_next->w_host != NULL)) 1806 seqjump = skip_domains(skip); 1807 else 1808 WorkQ = WorkQ->w_next; 1809 } 1810 } 1811 else 1812 WorkQ = WorkQ->w_next; 1813 } 1814 else 1815 #endif /* _FFR_SKIP_DOMAINS */ 1816 /* "else" in #if code above */ 1817 { 1818 for (n = 0; n < skip && WorkQ != NULL; n++) 1819 WorkQ = WorkQ->w_next; 1820 } 1821 1822 e->e_to = NULL; 1823 1824 /* 1825 ** Ignore jobs that are too expensive for the moment. 1826 ** 1827 ** Get new load average every GET_NEW_LA_TIME seconds. 1828 */ 1829 1830 SM_GET_LA(now); 1831 if (shouldqueue(WkRecipFact, Current_LA_time)) 1832 { 1833 char *msg = "Aborting queue run: load average too high"; 1834 1835 if (Verbose) 1836 message("%s", msg); 1837 if (LogLevel > 8) 1838 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg); 1839 break; 1840 } 1841 if (shouldqueue(w->w_pri, w->w_ctime)) 1842 { 1843 if (Verbose) 1844 message("%s", ""); 1845 if (QueueSortOrder == QSO_BYPRIORITY) 1846 { 1847 if (Verbose) 1848 message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue", 1849 qid_printqueue(w->w_qgrp, 1850 w->w_qdir), 1851 w->w_name + 2, sequenceno, 1852 njobs); 1853 if (LogLevel > 8) 1854 sm_syslog(LOG_INFO, NOQID, 1855 "runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)", 1856 qid_printqueue(w->w_qgrp, 1857 w->w_qdir), 1858 w->w_name + 2, w->w_pri, 1859 CurrentLA, sequenceno, 1860 njobs); 1861 break; 1862 } 1863 else if (Verbose) 1864 message("Skipping %s/%s (sequence %d of %d)", 1865 qid_printqueue(w->w_qgrp, w->w_qdir), 1866 w->w_name + 2, sequenceno, njobs); 1867 } 1868 else 1869 { 1870 if (Verbose) 1871 { 1872 message("%s", ""); 1873 message("Running %s/%s (sequence %d of %d)", 1874 qid_printqueue(w->w_qgrp, w->w_qdir), 1875 w->w_name + 2, sequenceno, njobs); 1876 } 1877 if (didfork && MaxQueueChildren > 0) 1878 { 1879 sm_blocksignal(SIGCHLD); 1880 (void) sm_signal(SIGCHLD, reapchild); 1881 } 1882 if (tTd(63, 100)) 1883 sm_syslog(LOG_DEBUG, NOQID, 1884 "runqueue %s dowork(%s) pid=%d", 1885 qid_printqueue(w->w_qgrp, w->w_qdir), 1886 w->w_name + 2, (int) CurrentPid); 1887 1888 (void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2, 1889 ForkQueueRuns, false, e); 1890 errno = 0; 1891 } 1892 sm_free(w->w_name); /* XXX */ 1893 if (w->w_host != NULL) 1894 sm_free(w->w_host); /* XXX */ 1895 sm_free((char *) w); /* XXX */ 1896 sequenceno += seqjump; /* next sequence number */ 1897 #if SM_HEAP_CHECK 1898 if (sm_debug_active(&DebugLeakQ, 1)) 1899 sm_heap_setgroup(oldgroup); 1900 #endif 1901 #if _FFR_TESTS 1902 if (tTd(76, 101)) 1903 { 1904 int sl; 1905 1906 sl = tTdlevel(76) - 100; 1907 sm_dprintf("runner_work(): sleep=%d\n", sl); 1908 sleep(sl); 1909 } 1910 #endif 1911 } 1912 1913 BlockOldsh = false; 1914 1915 /* check the signals didn't happen during the revert */ 1916 if (NoMoreRunners) 1917 { 1918 /* Check that a valid signal handler is callable */ 1919 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN && 1920 Oldsh != runners_sighup && Oldsh != runners_sigterm) 1921 (*Oldsh)(Oldsig); 1922 } 1923 1924 Oldsh = SIG_DFL; /* after the NoMoreRunners check */ 1925 } 1926 /* 1927 ** RUN_WORK_GROUP -- run the jobs in a queue group from a work group. 1928 ** 1929 ** Gets the stuff out of the queue in some presumably logical 1930 ** order and processes them. 1931 ** 1932 ** Parameters: 1933 ** wgrp -- work group to process. 1934 ** flags -- RWG_* flags 1935 ** 1936 ** Returns: 1937 ** true if the queue run successfully began. 1938 ** 1939 ** Side Effects: 1940 ** runs things in the mail queue. 1941 */ 1942 1943 /* Minimum sleep time for persistent queue runners */ 1944 #define MIN_SLEEP_TIME 5 1945 1946 bool 1947 run_work_group(wgrp, flags) 1948 int wgrp; 1949 int flags; 1950 { 1951 register ENVELOPE *e; 1952 int njobs, qdir; 1953 int sequenceno = 1; 1954 int qgrp, endgrp, h, i; 1955 time_t now; 1956 bool full, more; 1957 SM_RPOOL_T *rpool; 1958 extern ENVELOPE BlankEnvelope; 1959 extern SIGFUNC_DECL reapchild __P((int)); 1960 1961 if (wgrp < 0) 1962 return false; 1963 1964 /* 1965 ** If no work will ever be selected, don't even bother reading 1966 ** the queue. 1967 */ 1968 1969 SM_GET_LA(now); 1970 1971 if (!bitset(RWG_PERSISTENT, flags) && 1972 shouldqueue(WkRecipFact, Current_LA_time)) 1973 { 1974 char *msg = "Skipping queue run -- load average too high"; 1975 1976 if (bitset(RWG_VERBOSE, flags)) 1977 message("458 %s\n", msg); 1978 if (LogLevel > 8) 1979 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg); 1980 return false; 1981 } 1982 1983 /* 1984 ** See if we already have too many children. 1985 */ 1986 1987 if (bitset(RWG_FORK, flags) && 1988 WorkGrp[wgrp].wg_lowqintvl > 0 && 1989 !bitset(RWG_PERSISTENT, flags) && 1990 MaxChildren > 0 && CurChildren >= MaxChildren) 1991 { 1992 char *msg = "Skipping queue run -- too many children"; 1993 1994 if (bitset(RWG_VERBOSE, flags)) 1995 message("458 %s (%d)\n", msg, CurChildren); 1996 if (LogLevel > 8) 1997 sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)", 1998 msg, CurChildren); 1999 return false; 2000 } 2001 2002 /* 2003 ** See if we want to go off and do other useful work. 2004 */ 2005 2006 if (bitset(RWG_FORK, flags)) 2007 { 2008 pid_t pid; 2009 2010 (void) sm_blocksignal(SIGCHLD); 2011 (void) sm_signal(SIGCHLD, reapchild); 2012 2013 pid = dofork(); 2014 if (pid == -1) 2015 { 2016 const char *msg = "Skipping queue run -- fork() failed"; 2017 const char *err = sm_errstring(errno); 2018 2019 if (bitset(RWG_VERBOSE, flags)) 2020 message("458 %s: %s\n", msg, err); 2021 if (LogLevel > 8) 2022 sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s", 2023 msg, err); 2024 (void) sm_releasesignal(SIGCHLD); 2025 return false; 2026 } 2027 if (pid != 0) 2028 { 2029 /* parent -- pick up intermediate zombie */ 2030 (void) sm_blocksignal(SIGALRM); 2031 2032 /* wgrp only used when queue runners are persistent */ 2033 proc_list_add(pid, "Queue runner", PROC_QUEUE, 2034 WorkGrp[wgrp].wg_maxact, 2035 bitset(RWG_PERSISTENT, flags) ? wgrp : -1, 2036 NULL); 2037 (void) sm_releasesignal(SIGALRM); 2038 (void) sm_releasesignal(SIGCHLD); 2039 return true; 2040 } 2041 2042 /* child -- clean up signals */ 2043 2044 /* Reset global flags */ 2045 RestartRequest = NULL; 2046 RestartWorkGroup = false; 2047 ShutdownRequest = NULL; 2048 PendingSignal = 0; 2049 CurrentPid = getpid(); 2050 close_sendmail_pid(); 2051 2052 /* 2053 ** Initialize exception stack and default exception 2054 ** handler for child process. 2055 */ 2056 2057 sm_exc_newthread(fatal_error); 2058 clrcontrol(); 2059 proc_list_clear(); 2060 2061 /* Add parent process as first child item */ 2062 proc_list_add(CurrentPid, "Queue runner child process", 2063 PROC_QUEUE_CHILD, 0, -1, NULL); 2064 (void) sm_releasesignal(SIGCHLD); 2065 (void) sm_signal(SIGCHLD, SIG_DFL); 2066 (void) sm_signal(SIGHUP, SIG_DFL); 2067 (void) sm_signal(SIGTERM, intsig); 2068 } 2069 2070 /* 2071 ** Release any resources used by the daemon code. 2072 */ 2073 2074 clrdaemon(); 2075 2076 /* force it to run expensive jobs */ 2077 NoConnect = false; 2078 2079 /* drop privileges */ 2080 if (geteuid() == (uid_t) 0) 2081 (void) drop_privileges(false); 2082 2083 /* 2084 ** Create ourselves an envelope 2085 */ 2086 2087 CurEnv = &QueueEnvelope; 2088 rpool = sm_rpool_new_x(NULL); 2089 e = newenvelope(&QueueEnvelope, CurEnv, rpool); 2090 e->e_flags = BlankEnvelope.e_flags; 2091 e->e_parent = NULL; 2092 2093 /* make sure we have disconnected from parent */ 2094 if (bitset(RWG_FORK, flags)) 2095 { 2096 disconnect(1, e); 2097 QuickAbort = false; 2098 } 2099 2100 /* 2101 ** If we are running part of the queue, always ignore stored 2102 ** host status. 2103 */ 2104 2105 if (QueueLimitId != NULL || QueueLimitSender != NULL || 2106 QueueLimitQuarantine != NULL || 2107 QueueLimitRecipient != NULL) 2108 { 2109 IgnoreHostStatus = true; 2110 MinQueueAge = 0; 2111 MaxQueueAge = 0; 2112 } 2113 2114 /* 2115 ** Here is where we choose the queue group from the work group. 2116 ** The caller of the "domorework" label must set up a new envelope. 2117 */ 2118 2119 endgrp = WorkGrp[wgrp].wg_curqgrp; /* to not spin endlessly */ 2120 2121 domorework: 2122 2123 /* 2124 ** Run a queue group if: 2125 ** RWG_RUNALL bit is set or the bit for this group is set. 2126 */ 2127 2128 now = curtime(); 2129 for (;;) 2130 { 2131 /* 2132 ** Find the next queue group within the work group that 2133 ** has been marked as needing a run. 2134 */ 2135 2136 qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index; 2137 WorkGrp[wgrp].wg_curqgrp++; /* advance */ 2138 WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */ 2139 if (bitset(RWG_RUNALL, flags) || 2140 (Queue[qgrp]->qg_nextrun <= now && 2141 Queue[qgrp]->qg_nextrun != (time_t) -1)) 2142 break; 2143 if (endgrp == WorkGrp[wgrp].wg_curqgrp) 2144 { 2145 e->e_id = NULL; 2146 if (bitset(RWG_FORK, flags)) 2147 finis(true, true, ExitStat); 2148 return true; /* we're done */ 2149 } 2150 } 2151 2152 qdir = Queue[qgrp]->qg_curnum; /* round-robin init of queue position */ 2153 #if _FFR_QUEUE_SCHED_DBG 2154 if (tTd(69, 12)) 2155 sm_syslog(LOG_INFO, NOQID, 2156 "rwg: wgrp=%d, qgrp=%d, qdir=%d, name=%s, curqgrp=%d, numgrps=%d", 2157 wgrp, qgrp, qdir, qid_printqueue(qgrp, qdir), 2158 WorkGrp[wgrp].wg_curqgrp, WorkGrp[wgrp].wg_numqgrp); 2159 #endif /* _FFR_QUEUE_SCHED_DBG */ 2160 2161 #if HASNICE 2162 /* tweak niceness of queue runs */ 2163 if (Queue[qgrp]->qg_nice > 0) 2164 (void) nice(Queue[qgrp]->qg_nice); 2165 #endif 2166 2167 /* XXX running queue group... */ 2168 sm_setproctitle(true, CurEnv, "running queue: %s", 2169 qid_printqueue(qgrp, qdir)); 2170 2171 if (LogLevel > 69 || tTd(63, 99)) 2172 sm_syslog(LOG_DEBUG, NOQID, 2173 "runqueue %s, pid=%d, forkflag=%d", 2174 qid_printqueue(qgrp, qdir), (int) CurrentPid, 2175 bitset(RWG_FORK, flags)); 2176 2177 /* 2178 ** Start making passes through the queue. 2179 ** First, read and sort the entire queue. 2180 ** Then, process the work in that order. 2181 */ 2182 2183 for (i = 0; i < Queue[qgrp]->qg_numqueues; i++) 2184 { 2185 (void) gatherq(qgrp, qdir, false, &full, &more, &h); 2186 #if SM_CONF_SHM 2187 if (ShmId != SM_SHM_NO_ID) 2188 QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h; 2189 #endif 2190 /* If there are no more items in this queue advance */ 2191 if (!more) 2192 { 2193 /* A round-robin advance */ 2194 qdir++; 2195 qdir %= Queue[qgrp]->qg_numqueues; 2196 } 2197 2198 /* Has the WorkList reached the limit? */ 2199 if (full) 2200 break; /* don't try to gather more */ 2201 } 2202 2203 /* order the existing work requests */ 2204 njobs = sortq(Queue[qgrp]->qg_maxlist); 2205 Queue[qgrp]->qg_curnum = qdir; /* update */ 2206 2207 if (!Verbose && bitnset(QD_FORK, Queue[qgrp]->qg_flags)) 2208 { 2209 int loop, maxrunners; 2210 pid_t pid; 2211 2212 /* 2213 ** For this WorkQ we want to fork off N children (maxrunners) 2214 ** at this point. Each child has a copy of WorkQ. Each child 2215 ** will process every N-th item. The parent will wait for all 2216 ** of the children to finish before moving on to the next 2217 ** queue group within the work group. This saves us forking 2218 ** a new runner-child for each work item. 2219 ** It's valid for qg_maxqrun == 0 since this may be an 2220 ** explicit "don't run this queue" setting. 2221 */ 2222 2223 maxrunners = Queue[qgrp]->qg_maxqrun; 2224 2225 /* 2226 ** If no runners are configured for this group but 2227 ** the queue is "forced" then lets use 1 runner. 2228 */ 2229 2230 if (maxrunners == 0 && bitset(RWG_FORCE, flags)) 2231 maxrunners = 1; 2232 2233 /* No need to have more runners then there are jobs */ 2234 if (maxrunners > njobs) 2235 maxrunners = njobs; 2236 for (loop = 0; loop < maxrunners; loop++) 2237 { 2238 /* 2239 ** Since the delivery may happen in a child and the 2240 ** parent does not wait, the parent may close the 2241 ** maps thereby removing any shared memory used by 2242 ** the map. Therefore, close the maps now so the 2243 ** child will dynamically open them if necessary. 2244 */ 2245 2246 closemaps(false); 2247 2248 pid = fork(); 2249 if (pid < 0) 2250 { 2251 syserr("run_work_group: cannot fork"); 2252 return false; 2253 } 2254 else if (pid > 0) 2255 { 2256 /* parent -- clean out connection cache */ 2257 mci_flush(false, NULL); 2258 #if _FFR_SKIP_DOMAINS 2259 if (QueueSortOrder == QSO_BYHOST) 2260 sequenceno += skip_domains(1); 2261 else 2262 #endif /* _FFR_SKIP_DOMAINS */ 2263 /* "else" in #if code above */ 2264 { 2265 /* for the skip */ 2266 WorkQ = WorkQ->w_next; 2267 sequenceno++; 2268 } 2269 proc_list_add(pid, "Queue child runner process", 2270 PROC_QUEUE_CHILD, 0, -1, NULL); 2271 2272 /* No additional work, no additional runners */ 2273 if (WorkQ == NULL) 2274 break; 2275 } 2276 else 2277 { 2278 /* child -- Reset global flags */ 2279 RestartRequest = NULL; 2280 RestartWorkGroup = false; 2281 ShutdownRequest = NULL; 2282 PendingSignal = 0; 2283 CurrentPid = getpid(); 2284 close_sendmail_pid(); 2285 2286 /* 2287 ** Initialize exception stack and default 2288 ** exception handler for child process. 2289 ** When fork()'d the child now has a private 2290 ** copy of WorkQ at its current position. 2291 */ 2292 2293 sm_exc_newthread(fatal_error); 2294 2295 /* 2296 ** SMTP processes (whether -bd or -bs) set 2297 ** SIGCHLD to reapchild to collect 2298 ** children status. However, at delivery 2299 ** time, that status must be collected 2300 ** by sm_wait() to be dealt with properly 2301 ** (check success of delivery based 2302 ** on status code, etc). Therefore, if we 2303 ** are an SMTP process, reset SIGCHLD 2304 ** back to the default so reapchild 2305 ** doesn't collect status before 2306 ** sm_wait(). 2307 */ 2308 2309 if (OpMode == MD_SMTP || 2310 OpMode == MD_DAEMON || 2311 MaxQueueChildren > 0) 2312 { 2313 proc_list_clear(); 2314 sm_releasesignal(SIGCHLD); 2315 (void) sm_signal(SIGCHLD, SIG_DFL); 2316 } 2317 2318 /* child -- error messages to the transcript */ 2319 QuickAbort = OnlyOneError = false; 2320 runner_work(e, sequenceno, true, 2321 maxrunners, njobs); 2322 2323 /* This child is done */ 2324 finis(true, true, ExitStat); 2325 /* NOTREACHED */ 2326 } 2327 } 2328 2329 sm_releasesignal(SIGCHLD); 2330 2331 /* 2332 ** Wait until all of the runners have completed before 2333 ** seeing if there is another queue group in the 2334 ** work group to process. 2335 ** XXX Future enhancement: don't wait() for all children 2336 ** here, just go ahead and make sure that overall the number 2337 ** of children is not exceeded. 2338 */ 2339 2340 while (CurChildren > 0) 2341 { 2342 int status; 2343 pid_t ret; 2344 2345 while ((ret = sm_wait(&status)) <= 0) 2346 continue; 2347 proc_list_drop(ret, status, NULL); 2348 } 2349 } 2350 else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags)) 2351 { 2352 /* 2353 ** When current process will not fork children to do the work, 2354 ** it will do the work itself. The 'skip' will be 1 since 2355 ** there are no child runners to divide the work across. 2356 */ 2357 2358 runner_work(e, sequenceno, false, 1, njobs); 2359 } 2360 2361 /* free memory allocated by newenvelope() above */ 2362 sm_rpool_free(rpool); 2363 QueueEnvelope.e_rpool = NULL; 2364 QueueEnvelope.e_id = NULL; /* might be allocated from rpool */ 2365 2366 /* Are there still more queues in the work group to process? */ 2367 if (endgrp != WorkGrp[wgrp].wg_curqgrp) 2368 { 2369 rpool = sm_rpool_new_x(NULL); 2370 e = newenvelope(&QueueEnvelope, CurEnv, rpool); 2371 e->e_flags = BlankEnvelope.e_flags; 2372 goto domorework; 2373 } 2374 2375 /* No more queues in work group to process. Now check persistent. */ 2376 if (bitset(RWG_PERSISTENT, flags)) 2377 { 2378 sequenceno = 1; 2379 sm_setproctitle(true, NULL, "running queue: %s", 2380 qid_printqueue(qgrp, qdir)); 2381 2382 /* 2383 ** close bogus maps, i.e., maps which caused a tempfail, 2384 ** so we get fresh map connections on the next lookup. 2385 ** closemaps() is also called when children are started. 2386 */ 2387 2388 closemaps(true); 2389 2390 /* Close any cached connections. */ 2391 mci_flush(true, NULL); 2392 2393 /* Clean out expired related entries. */ 2394 rmexpstab(); 2395 2396 #if NAMED_BIND 2397 /* Update MX records for FallbackMX. */ 2398 if (FallbackMX != NULL) 2399 (void) getfallbackmxrr(FallbackMX); 2400 #endif 2401 2402 #if USERDB 2403 /* close UserDatabase */ 2404 _udbx_close(); 2405 #endif 2406 2407 #if SM_HEAP_CHECK 2408 if (sm_debug_active(&SmHeapCheck, 2) 2409 && access("memdump", F_OK) == 0 2410 ) 2411 { 2412 SM_FILE_T *out; 2413 2414 remove("memdump"); 2415 out = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, 2416 "memdump.out", SM_IO_APPEND, NULL); 2417 if (out != NULL) 2418 { 2419 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, "----------------------\n"); 2420 sm_heap_report(out, 2421 sm_debug_level(&SmHeapCheck) - 1); 2422 (void) sm_io_close(out, SM_TIME_DEFAULT); 2423 } 2424 } 2425 #endif /* SM_HEAP_CHECK */ 2426 2427 /* let me rest for a second to catch my breath */ 2428 if (njobs == 0 && WorkGrp[wgrp].wg_lowqintvl < MIN_SLEEP_TIME) 2429 sleep(MIN_SLEEP_TIME); 2430 else if (WorkGrp[wgrp].wg_lowqintvl <= 0) 2431 sleep(QueueIntvl > 0 ? QueueIntvl : MIN_SLEEP_TIME); 2432 else 2433 sleep(WorkGrp[wgrp].wg_lowqintvl); 2434 2435 /* 2436 ** Get the LA outside the WorkQ loop if necessary. 2437 ** In a persistent queue runner the code is repeated over 2438 ** and over but gatherq() may ignore entries due to 2439 ** shouldqueue() (do we really have to do this twice?). 2440 ** Hence the queue runners would just idle around when once 2441 ** CurrentLA caused all entries in a queue to be ignored. 2442 */ 2443 2444 if (njobs == 0) 2445 SM_GET_LA(now); 2446 rpool = sm_rpool_new_x(NULL); 2447 e = newenvelope(&QueueEnvelope, CurEnv, rpool); 2448 e->e_flags = BlankEnvelope.e_flags; 2449 goto domorework; 2450 } 2451 2452 /* exit without the usual cleanup */ 2453 e->e_id = NULL; 2454 if (bitset(RWG_FORK, flags)) 2455 finis(true, true, ExitStat); 2456 /* NOTREACHED */ 2457 return true; 2458 } 2459 2460 /* 2461 ** DOQUEUERUN -- do a queue run? 2462 */ 2463 2464 bool 2465 doqueuerun() 2466 { 2467 return DoQueueRun; 2468 } 2469 2470 /* 2471 ** RUNQUEUEEVENT -- Sets a flag to indicate that a queue run should be done. 2472 ** 2473 ** Parameters: 2474 ** none. 2475 ** 2476 ** Returns: 2477 ** none. 2478 ** 2479 ** Side Effects: 2480 ** The invocation of this function via an alarm may interrupt 2481 ** a set of actions. Thus errno may be set in that context. 2482 ** We need to restore errno at the end of this function to ensure 2483 ** that any work done here that sets errno doesn't return a 2484 ** misleading/false errno value. Errno may be EINTR upon entry to 2485 ** this function because of non-restartable/continuable system 2486 ** API was active. Iff this is true we will override errno as 2487 ** a timeout (as a more accurate error message). 2488 ** 2489 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 2490 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 2491 ** DOING. 2492 */ 2493 2494 void 2495 runqueueevent(ignore) 2496 int ignore; 2497 { 2498 int save_errno = errno; 2499 2500 /* 2501 ** Set the general bit that we want a queue run, 2502 ** tested in doqueuerun() 2503 */ 2504 2505 DoQueueRun = true; 2506 #if _FFR_QUEUE_SCHED_DBG 2507 if (tTd(69, 10)) 2508 sm_syslog(LOG_INFO, NOQID, "rqe: done"); 2509 #endif 2510 2511 errno = save_errno; 2512 if (errno == EINTR) 2513 errno = ETIMEDOUT; 2514 } 2515 /* 2516 ** GATHERQ -- gather messages from the message queue(s) the work queue. 2517 ** 2518 ** Parameters: 2519 ** qgrp -- the index of the queue group. 2520 ** qdir -- the index of the queue directory. 2521 ** doall -- if set, include everything in the queue (even 2522 ** the jobs that cannot be run because the load 2523 ** average is too high, or MaxQueueRun is reached). 2524 ** Otherwise, exclude those jobs. 2525 ** full -- (optional) to be set 'true' if WorkList is full 2526 ** more -- (optional) to be set 'true' if there are still more 2527 ** messages in this queue not added to WorkList 2528 ** pnentries -- (optional) total nuber of entries in queue 2529 ** 2530 ** Returns: 2531 ** The number of request in the queue (not necessarily 2532 ** the number of requests in WorkList however). 2533 ** 2534 ** Side Effects: 2535 ** prepares available work into WorkList 2536 */ 2537 2538 #define NEED_P 0001 /* 'P': priority */ 2539 #define NEED_T 0002 /* 'T': time */ 2540 #define NEED_R 0004 /* 'R': recipient */ 2541 #define NEED_S 0010 /* 'S': sender */ 2542 #define NEED_H 0020 /* host */ 2543 #define HAS_QUARANTINE 0040 /* has an unexpected 'q' line */ 2544 #define NEED_QUARANTINE 0100 /* 'q': reason */ 2545 2546 static WORK *WorkList = NULL; /* list of unsort work */ 2547 static int WorkListSize = 0; /* current max size of WorkList */ 2548 static int WorkListCount = 0; /* # of work items in WorkList */ 2549 2550 static int 2551 gatherq(qgrp, qdir, doall, full, more, pnentries) 2552 int qgrp; 2553 int qdir; 2554 bool doall; 2555 bool *full; 2556 bool *more; 2557 int *pnentries; 2558 { 2559 register struct dirent *d; 2560 register WORK *w; 2561 register char *p; 2562 DIR *f; 2563 int i, num_ent, wn, nentries; 2564 QUEUE_CHAR *check; 2565 char qd[MAXPATHLEN]; 2566 char qf[MAXPATHLEN]; 2567 2568 wn = WorkListCount - 1; 2569 num_ent = 0; 2570 nentries = 0; 2571 if (qdir == NOQDIR) 2572 (void) sm_strlcpy(qd, ".", sizeof(qd)); 2573 else 2574 (void) sm_strlcpyn(qd, sizeof(qd), 2, 2575 Queue[qgrp]->qg_qpaths[qdir].qp_name, 2576 (bitset(QP_SUBQF, 2577 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs) 2578 ? "/qf" : "")); 2579 2580 if (tTd(41, 1)) 2581 { 2582 sm_dprintf("gatherq: %s\n", qd); 2583 2584 check = QueueLimitId; 2585 while (check != NULL) 2586 { 2587 sm_dprintf("\tQueueLimitId = %s%s\n", 2588 check->queue_negate ? "!" : "", 2589 check->queue_match); 2590 check = check->queue_next; 2591 } 2592 2593 check = QueueLimitSender; 2594 while (check != NULL) 2595 { 2596 sm_dprintf("\tQueueLimitSender = %s%s\n", 2597 check->queue_negate ? "!" : "", 2598 check->queue_match); 2599 check = check->queue_next; 2600 } 2601 2602 check = QueueLimitRecipient; 2603 while (check != NULL) 2604 { 2605 sm_dprintf("\tQueueLimitRecipient = %s%s\n", 2606 check->queue_negate ? "!" : "", 2607 check->queue_match); 2608 check = check->queue_next; 2609 } 2610 2611 if (QueueMode == QM_QUARANTINE) 2612 { 2613 check = QueueLimitQuarantine; 2614 while (check != NULL) 2615 { 2616 sm_dprintf("\tQueueLimitQuarantine = %s%s\n", 2617 check->queue_negate ? "!" : "", 2618 check->queue_match); 2619 check = check->queue_next; 2620 } 2621 } 2622 } 2623 2624 /* open the queue directory */ 2625 f = opendir(qd); 2626 if (f == NULL) 2627 { 2628 syserr("gatherq: cannot open \"%s\"", 2629 qid_printqueue(qgrp, qdir)); 2630 if (full != NULL) 2631 *full = WorkListCount >= MaxQueueRun && MaxQueueRun > 0; 2632 if (more != NULL) 2633 *more = false; 2634 return 0; 2635 } 2636 2637 /* 2638 ** Read the work directory. 2639 */ 2640 2641 while ((d = readdir(f)) != NULL) 2642 { 2643 SM_FILE_T *cf; 2644 int qfver = 0; 2645 char lbuf[MAXNAME_I + 1]; 2646 struct stat sbuf; 2647 2648 if (tTd(41, 50)) 2649 sm_dprintf("gatherq: checking %s..", d->d_name); 2650 2651 /* is this an interesting entry? */ 2652 if (!(((QueueMode == QM_NORMAL && 2653 d->d_name[0] == NORMQF_LETTER) || 2654 (QueueMode == QM_QUARANTINE && 2655 d->d_name[0] == QUARQF_LETTER) || 2656 (QueueMode == QM_LOST && 2657 d->d_name[0] == LOSEQF_LETTER)) && 2658 d->d_name[1] == 'f')) 2659 { 2660 if (tTd(41, 50)) 2661 sm_dprintf(" skipping\n"); 2662 continue; 2663 } 2664 if (tTd(41, 50)) 2665 sm_dprintf("\n"); 2666 2667 if (strlen(d->d_name) >= MAXQFNAME) 2668 { 2669 if (Verbose) 2670 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 2671 "gatherq: %s too long, %d max characters\n", 2672 d->d_name, MAXQFNAME); 2673 if (LogLevel > 0) 2674 sm_syslog(LOG_ALERT, NOQID, 2675 "gatherq: %s too long, %d max characters", 2676 d->d_name, MAXQFNAME); 2677 continue; 2678 } 2679 2680 ++nentries; 2681 check = QueueLimitId; 2682 while (check != NULL) 2683 { 2684 if (strcontainedin(false, check->queue_match, 2685 d->d_name) != check->queue_negate) 2686 break; 2687 else 2688 check = check->queue_next; 2689 } 2690 if (QueueLimitId != NULL && check == NULL) 2691 continue; 2692 2693 /* grow work list if necessary */ 2694 if (++wn >= MaxQueueRun && MaxQueueRun > 0) 2695 { 2696 if (wn == MaxQueueRun && LogLevel > 0) 2697 sm_syslog(LOG_WARNING, NOQID, 2698 "WorkList for %s maxed out at %d", 2699 qid_printqueue(qgrp, qdir), 2700 MaxQueueRun); 2701 if (doall) 2702 continue; /* just count entries */ 2703 break; 2704 } 2705 if (wn >= WorkListSize) 2706 { 2707 grow_wlist(qgrp, qdir); 2708 if (wn >= WorkListSize) 2709 continue; 2710 } 2711 SM_ASSERT(wn >= 0); 2712 w = &WorkList[wn]; 2713 2714 (void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", d->d_name); 2715 if (stat(qf, &sbuf) < 0) 2716 { 2717 if (errno != ENOENT) 2718 sm_syslog(LOG_INFO, NOQID, 2719 "gatherq: can't stat %s/%s", 2720 qid_printqueue(qgrp, qdir), 2721 d->d_name); 2722 wn--; 2723 continue; 2724 } 2725 if (!bitset(S_IFREG, sbuf.st_mode)) 2726 { 2727 /* Yikes! Skip it or we will hang on open! */ 2728 if (!((d->d_name[0] == DATAFL_LETTER || 2729 d->d_name[0] == NORMQF_LETTER || 2730 d->d_name[0] == QUARQF_LETTER || 2731 d->d_name[0] == LOSEQF_LETTER || 2732 d->d_name[0] == XSCRPT_LETTER) && 2733 d->d_name[1] == 'f' && d->d_name[2] == '\0')) 2734 syserr("gatherq: %s/%s is not a regular file", 2735 qid_printqueue(qgrp, qdir), d->d_name); 2736 wn--; 2737 continue; 2738 } 2739 2740 /* avoid work if possible */ 2741 if ((QueueSortOrder == QSO_BYFILENAME || 2742 QueueSortOrder == QSO_BYMODTIME || 2743 QueueSortOrder == QSO_NONE || 2744 QueueSortOrder == QSO_RANDOM) && 2745 QueueLimitQuarantine == NULL && 2746 QueueLimitSender == NULL && 2747 QueueLimitRecipient == NULL) 2748 { 2749 w->w_qgrp = qgrp; 2750 w->w_qdir = qdir; 2751 w->w_name = newstr(d->d_name); 2752 w->w_host = NULL; 2753 w->w_lock = w->w_tooyoung = false; 2754 w->w_pri = 0; 2755 w->w_ctime = 0; 2756 w->w_mtime = sbuf.st_mtime; 2757 ++num_ent; 2758 continue; 2759 } 2760 2761 /* open control file */ 2762 cf = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B, 2763 NULL); 2764 if (cf == NULL && OpMode != MD_PRINT) 2765 { 2766 /* this may be some random person sending hir msgs */ 2767 if (tTd(41, 2)) 2768 sm_dprintf("gatherq: cannot open %s: %s\n", 2769 d->d_name, sm_errstring(errno)); 2770 errno = 0; 2771 wn--; 2772 continue; 2773 } 2774 w->w_qgrp = qgrp; 2775 w->w_qdir = qdir; 2776 w->w_name = newstr(d->d_name); 2777 w->w_host = NULL; 2778 if (cf != NULL) 2779 { 2780 w->w_lock = !lockfile(sm_io_getinfo(cf, SM_IO_WHAT_FD, 2781 NULL), 2782 w->w_name, NULL, 2783 LOCK_SH|LOCK_NB); 2784 } 2785 w->w_tooyoung = false; 2786 2787 /* make sure jobs in creation don't clog queue */ 2788 w->w_pri = 0x7fffffff; 2789 w->w_ctime = 0; 2790 w->w_mtime = sbuf.st_mtime; 2791 2792 /* extract useful information */ 2793 i = NEED_P|NEED_T; 2794 if (QueueSortOrder == QSO_BYHOST 2795 #if _FFR_RHS 2796 || QueueSortOrder == QSO_BYSHUFFLE 2797 #endif 2798 ) 2799 { 2800 /* need w_host set for host sort order */ 2801 i |= NEED_H; 2802 } 2803 if (QueueLimitSender != NULL) 2804 i |= NEED_S; 2805 if (QueueLimitRecipient != NULL) 2806 i |= NEED_R; 2807 if (QueueLimitQuarantine != NULL) 2808 i |= NEED_QUARANTINE; 2809 while (cf != NULL && i != 0 && 2810 sm_io_fgets(cf, SM_TIME_DEFAULT, lbuf, 2811 sizeof(lbuf)) >= 0) 2812 { 2813 int c; 2814 time_t age; 2815 2816 p = strchr(lbuf, '\n'); 2817 if (p != NULL) 2818 *p = '\0'; 2819 else 2820 { 2821 /* flush rest of overly long line */ 2822 while ((c = sm_io_getc(cf, SM_TIME_DEFAULT)) 2823 != SM_IO_EOF && c != '\n') 2824 continue; 2825 } 2826 2827 switch (lbuf[0]) 2828 { 2829 case 'V': 2830 qfver = atoi(&lbuf[1]); 2831 break; 2832 2833 case 'P': 2834 w->w_pri = atol(&lbuf[1]); 2835 i &= ~NEED_P; 2836 break; 2837 2838 case 'T': 2839 w->w_ctime = atol(&lbuf[1]); 2840 i &= ~NEED_T; 2841 break; 2842 2843 case 'q': 2844 if (QueueMode != QM_QUARANTINE && 2845 QueueMode != QM_LOST) 2846 { 2847 if (tTd(41, 49)) 2848 sm_dprintf("%s not marked as quarantined but has a 'q' line\n", 2849 w->w_name); 2850 i |= HAS_QUARANTINE; 2851 } 2852 else if (QueueMode == QM_QUARANTINE) 2853 { 2854 if (QueueLimitQuarantine == NULL) 2855 { 2856 i &= ~NEED_QUARANTINE; 2857 break; 2858 } 2859 p = &lbuf[1]; 2860 check = QueueLimitQuarantine; 2861 while (check != NULL) 2862 { 2863 if (strcontainedin(false, 2864 check->queue_match, 2865 p) != 2866 check->queue_negate) 2867 break; 2868 else 2869 check = check->queue_next; 2870 } 2871 if (check != NULL) 2872 i &= ~NEED_QUARANTINE; 2873 } 2874 break; 2875 2876 case 'R': 2877 if (w->w_host == NULL && 2878 (p = strrchr(&lbuf[1], '@')) != NULL) 2879 { 2880 char *str; 2881 #if _FFR_RHS 2882 if (QueueSortOrder == QSO_BYSHUFFLE) 2883 w->w_host = newstr(&p[1]); 2884 else 2885 #endif 2886 w->w_host = strrev(&p[1]); 2887 str = makelower_a(&w->w_host, NULL); 2888 ASSIGN_IFDIFF(w->w_host, str); 2889 i &= ~NEED_H; 2890 } 2891 if (QueueLimitRecipient == NULL) 2892 { 2893 i &= ~NEED_R; 2894 break; 2895 } 2896 if (qfver > 0) 2897 { 2898 p = strchr(&lbuf[1], ':'); 2899 if (p == NULL) 2900 p = &lbuf[1]; 2901 else 2902 ++p; /* skip over ':' */ 2903 } 2904 else 2905 p = &lbuf[1]; 2906 check = QueueLimitRecipient; 2907 while (check != NULL) 2908 { 2909 if (strcontainedin(true, 2910 check->queue_match, 2911 p) != 2912 check->queue_negate) 2913 break; 2914 else 2915 check = check->queue_next; 2916 } 2917 if (check != NULL) 2918 i &= ~NEED_R; 2919 break; 2920 2921 case 'S': 2922 check = QueueLimitSender; 2923 while (check != NULL) 2924 { 2925 if (strcontainedin(true, 2926 check->queue_match, 2927 &lbuf[1]) != 2928 check->queue_negate) 2929 break; 2930 else 2931 check = check->queue_next; 2932 } 2933 if (check != NULL) 2934 i &= ~NEED_S; 2935 break; 2936 2937 case 'K': 2938 if (MaxQueueAge > 0) 2939 { 2940 time_t lasttry, delay; 2941 2942 lasttry = (time_t) atol(&lbuf[1]); 2943 delay = MIN(lasttry - w->w_ctime, 2944 MaxQueueAge); 2945 age = curtime() - lasttry; 2946 if (age < delay) 2947 w->w_tooyoung = true; 2948 break; 2949 } 2950 2951 age = curtime() - (time_t) atol(&lbuf[1]); 2952 if (age >= 0 && MinQueueAge > 0 && 2953 age < MinQueueAge) 2954 w->w_tooyoung = true; 2955 break; 2956 2957 case 'N': 2958 if (atol(&lbuf[1]) == 0) 2959 w->w_tooyoung = false; 2960 break; 2961 } 2962 } 2963 if (cf != NULL) 2964 (void) sm_io_close(cf, SM_TIME_DEFAULT); 2965 2966 if ((!doall && (shouldqueue(w->w_pri, w->w_ctime) || 2967 w->w_tooyoung)) || 2968 bitset(HAS_QUARANTINE, i) || 2969 bitset(NEED_QUARANTINE, i) || 2970 bitset(NEED_R|NEED_S, i)) 2971 { 2972 /* don't even bother sorting this job in */ 2973 if (tTd(41, 49)) 2974 sm_dprintf("skipping %s (%x)\n", w->w_name, i); 2975 sm_free(w->w_name); /* XXX */ 2976 if (w->w_host != NULL) 2977 sm_free(w->w_host); /* XXX */ 2978 wn--; 2979 } 2980 else 2981 ++num_ent; 2982 } 2983 (void) closedir(f); 2984 wn++; 2985 2986 i = wn - WorkListCount; 2987 WorkListCount += SM_MIN(num_ent, WorkListSize); 2988 2989 if (more != NULL) 2990 *more = WorkListCount < wn; 2991 2992 if (full != NULL) 2993 *full = (wn >= MaxQueueRun && MaxQueueRun > 0) || 2994 (WorkList == NULL && wn > 0); 2995 2996 if (pnentries != NULL) 2997 *pnentries = nentries; 2998 if (tTd(41, 2)) 2999 sm_dprintf("gatherq: %s=%d\n", qd, i); 3000 return i; 3001 } 3002 /* 3003 ** SORTQ -- sort the work list 3004 ** 3005 ** First the old WorkQ is cleared away. Then the WorkList is sorted 3006 ** for all items so that important (higher sorting value) items are not 3007 ** truncated off. Then the most important items are moved from 3008 ** WorkList to WorkQ. The lower count of 'max' or MaxListCount items 3009 ** are moved. 3010 ** 3011 ** Parameters: 3012 ** max -- maximum number of items to be placed in WorkQ 3013 ** 3014 ** Returns: 3015 ** the number of items in WorkQ 3016 ** 3017 ** Side Effects: 3018 ** WorkQ gets released and filled with new work. WorkList 3019 ** gets released. Work items get sorted in order. 3020 */ 3021 3022 static int 3023 sortq(max) 3024 int max; 3025 { 3026 register int i; /* local counter */ 3027 register WORK *w; /* tmp item pointer */ 3028 int wc = WorkListCount; /* trim size for WorkQ */ 3029 3030 if (WorkQ != NULL) 3031 { 3032 WORK *nw; 3033 3034 /* Clear out old WorkQ. */ 3035 for (w = WorkQ; w != NULL; w = nw) 3036 { 3037 nw = w->w_next; 3038 sm_free(w->w_name); /* XXX */ 3039 if (w->w_host != NULL) 3040 sm_free(w->w_host); /* XXX */ 3041 sm_free((char *) w); /* XXX */ 3042 } 3043 WorkQ = NULL; 3044 } 3045 3046 if (WorkList == NULL || wc <= 0) 3047 return 0; 3048 3049 /* 3050 ** The sort now takes place using all of the items in WorkList. 3051 ** The list gets trimmed to the most important items after the sort. 3052 ** If the trim were to happen before the sort then one or more 3053 ** important items might get truncated off -- not what we want. 3054 */ 3055 3056 if (QueueSortOrder == QSO_BYHOST) 3057 { 3058 /* 3059 ** Sort the work directory for the first time, 3060 ** based on host name, lock status, and priority. 3061 */ 3062 3063 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf1); 3064 3065 /* 3066 ** If one message to host is locked, "lock" all messages 3067 ** to that host. 3068 */ 3069 3070 i = 0; 3071 while (i < wc) 3072 { 3073 if (!WorkList[i].w_lock) 3074 { 3075 i++; 3076 continue; 3077 } 3078 w = &WorkList[i]; 3079 while (++i < wc) 3080 { 3081 if (WorkList[i].w_host == NULL && 3082 w->w_host == NULL) 3083 WorkList[i].w_lock = true; 3084 else if (WorkList[i].w_host != NULL && 3085 w->w_host != NULL && 3086 SM_STRCASEEQ(WorkList[i].w_host, 3087 w->w_host)) 3088 WorkList[i].w_lock = true; 3089 else 3090 break; 3091 } 3092 } 3093 3094 /* 3095 ** Sort the work directory for the second time, 3096 ** based on lock status, host name, and priority. 3097 */ 3098 3099 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf2); 3100 } 3101 else if (QueueSortOrder == QSO_BYTIME) 3102 { 3103 /* 3104 ** Simple sort based on submission time only. 3105 */ 3106 3107 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf3); 3108 } 3109 else if (QueueSortOrder == QSO_BYFILENAME) 3110 { 3111 /* 3112 ** Sort based on queue filename. 3113 */ 3114 3115 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf4); 3116 } 3117 else if (QueueSortOrder == QSO_RANDOM) 3118 { 3119 /* 3120 ** Sort randomly. To avoid problems with an instable sort, 3121 ** use a random index into the queue file name to start 3122 ** comparison. 3123 */ 3124 3125 randi = get_rand_mod(MAXQFNAME); 3126 if (randi < 2) 3127 randi = 3; 3128 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf5); 3129 } 3130 else if (QueueSortOrder == QSO_BYMODTIME) 3131 { 3132 /* 3133 ** Simple sort based on modification time of queue file. 3134 ** This puts the oldest items first. 3135 */ 3136 3137 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf6); 3138 } 3139 #if _FFR_RHS 3140 else if (QueueSortOrder == QSO_BYSHUFFLE) 3141 { 3142 /* 3143 ** Simple sort based on shuffled host name. 3144 */ 3145 3146 init_shuffle_alphabet(); 3147 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf7); 3148 } 3149 #endif /* _FFR_RHS */ 3150 else if (QueueSortOrder == QSO_BYPRIORITY) 3151 { 3152 /* 3153 ** Simple sort based on queue priority only. 3154 */ 3155 3156 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf0); 3157 } 3158 /* else don't sort at all */ 3159 3160 /* Check if the per queue group item limit will be exceeded */ 3161 if (wc > max && max > 0) 3162 wc = max; 3163 3164 /* 3165 ** Convert the work list into canonical form. 3166 ** Should be turning it into a list of envelopes here perhaps. 3167 ** Only take the most important items up to the per queue group 3168 ** maximum. 3169 */ 3170 3171 for (i = wc; --i >= 0; ) 3172 { 3173 w = (WORK *) xalloc(sizeof(*w)); 3174 w->w_qgrp = WorkList[i].w_qgrp; 3175 w->w_qdir = WorkList[i].w_qdir; 3176 w->w_name = WorkList[i].w_name; 3177 w->w_host = WorkList[i].w_host; 3178 w->w_lock = WorkList[i].w_lock; 3179 w->w_tooyoung = WorkList[i].w_tooyoung; 3180 w->w_pri = WorkList[i].w_pri; 3181 w->w_ctime = WorkList[i].w_ctime; 3182 w->w_mtime = WorkList[i].w_mtime; 3183 w->w_next = WorkQ; 3184 WorkQ = w; 3185 } 3186 3187 /* free the rest of the list */ 3188 for (i = WorkListCount; --i >= wc; ) 3189 { 3190 sm_free(WorkList[i].w_name); 3191 if (WorkList[i].w_host != NULL) 3192 sm_free(WorkList[i].w_host); 3193 } 3194 3195 if (WorkList != NULL) 3196 sm_free(WorkList); /* XXX */ 3197 WorkList = NULL; 3198 WorkListSize = 0; 3199 WorkListCount = 0; 3200 3201 if (tTd(40, 1)) 3202 { 3203 for (w = WorkQ; w != NULL; w = w->w_next) 3204 { 3205 if (w->w_host != NULL) 3206 sm_dprintf("%22s: pri=%ld %s\n", 3207 w->w_name, w->w_pri, w->w_host); 3208 else 3209 sm_dprintf("%32s: pri=%ld\n", 3210 w->w_name, w->w_pri); 3211 } 3212 } 3213 3214 return wc; /* return number of WorkQ items */ 3215 } 3216 /* 3217 ** GROW_WLIST -- make the work list larger 3218 ** 3219 ** Parameters: 3220 ** qgrp -- the index for the queue group. 3221 ** qdir -- the index for the queue directory. 3222 ** 3223 ** Returns: 3224 ** none. 3225 ** 3226 ** Side Effects: 3227 ** Adds another QUEUESEGSIZE entries to WorkList if possible. 3228 ** It can fail if there isn't enough memory, so WorkListSize 3229 ** should be checked again upon return. 3230 */ 3231 3232 static void 3233 grow_wlist(qgrp, qdir) 3234 int qgrp; 3235 int qdir; 3236 { 3237 if (tTd(41, 1)) 3238 sm_dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize); 3239 if (WorkList == NULL) 3240 { 3241 WorkList = (WORK *) xalloc((sizeof(*WorkList)) * 3242 (QUEUESEGSIZE + 1)); 3243 WorkListSize = QUEUESEGSIZE; 3244 } 3245 else 3246 { 3247 int newsize = WorkListSize + QUEUESEGSIZE; 3248 WORK *newlist = (WORK *) sm_realloc((char *) WorkList, 3249 (unsigned) sizeof(WORK) * (newsize + 1)); 3250 3251 if (newlist != NULL) 3252 { 3253 WorkListSize = newsize; 3254 WorkList = newlist; 3255 if (LogLevel > 1) 3256 { 3257 sm_syslog(LOG_INFO, NOQID, 3258 "grew WorkList for %s to %d", 3259 qid_printqueue(qgrp, qdir), 3260 WorkListSize); 3261 } 3262 } 3263 else if (LogLevel > 0) 3264 { 3265 sm_syslog(LOG_ALERT, NOQID, 3266 "FAILED to grow WorkList for %s to %d", 3267 qid_printqueue(qgrp, qdir), newsize); 3268 } 3269 } 3270 if (tTd(41, 1)) 3271 sm_dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize); 3272 } 3273 /* 3274 ** WORKCMPF0 -- simple priority-only compare function. 3275 ** 3276 ** Parameters: 3277 ** av -- the first argument. 3278 ** bv -- the second argument. 3279 ** 3280 ** Returns: 3281 ** -1 if av < bv 3282 ** 0 if av == bv 3283 ** +1 if av > bv 3284 */ 3285 3286 static int 3287 workcmpf0(av, bv) 3288 const void *av; 3289 const void *bv; 3290 { 3291 long pa = ((WORK *)av)->w_pri; 3292 long pb = ((WORK *)bv)->w_pri; 3293 3294 if (pa == pb) 3295 return 0; 3296 else if (pa > pb) 3297 return 1; 3298 else 3299 return -1; 3300 } 3301 /* 3302 ** WORKCMPF1 -- first compare function for ordering work based on host name. 3303 ** 3304 ** Sorts on host name, lock status, and priority in that order. 3305 ** 3306 ** Parameters: 3307 ** av -- the first argument. 3308 ** bv -- the second argument. 3309 ** 3310 ** Returns: 3311 ** <0 if av < bv 3312 ** 0 if av == bv 3313 ** >0 if av > bv 3314 */ 3315 3316 static int 3317 workcmpf1(av, bv) 3318 const void *av; 3319 const void *bv; 3320 { 3321 int i; 3322 WORK *a = (WORK *)av; 3323 WORK *b = (WORK *)bv; 3324 3325 /* host name */ 3326 if (a->w_host != NULL && b->w_host == NULL) 3327 return 1; 3328 else if (a->w_host == NULL && b->w_host != NULL) 3329 return -1; 3330 if (a->w_host != NULL && b->w_host != NULL && 3331 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0) 3332 return i; 3333 3334 /* lock status */ 3335 if (a->w_lock != b->w_lock) 3336 return b->w_lock - a->w_lock; 3337 3338 /* job priority */ 3339 return workcmpf0(a, b); 3340 } 3341 /* 3342 ** WORKCMPF2 -- second compare function for ordering work based on host name. 3343 ** 3344 ** Sorts on lock status, host name, and priority in that order. 3345 ** 3346 ** Parameters: 3347 ** av -- the first argument. 3348 ** bv -- the second argument. 3349 ** 3350 ** Returns: 3351 ** <0 if av < bv 3352 ** 0 if av == bv 3353 ** >0 if av > bv 3354 */ 3355 3356 static int 3357 workcmpf2(av, bv) 3358 const void *av; 3359 const void *bv; 3360 { 3361 int i; 3362 WORK *a = (WORK *)av; 3363 WORK *b = (WORK *)bv; 3364 3365 /* lock status */ 3366 if (a->w_lock != b->w_lock) 3367 return a->w_lock - b->w_lock; 3368 3369 /* host name */ 3370 if (a->w_host != NULL && b->w_host == NULL) 3371 return 1; 3372 else if (a->w_host == NULL && b->w_host != NULL) 3373 return -1; 3374 if (a->w_host != NULL && b->w_host != NULL && 3375 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0) 3376 return i; 3377 3378 /* job priority */ 3379 return workcmpf0(a, b); 3380 } 3381 /* 3382 ** WORKCMPF3 -- simple submission-time-only compare function. 3383 ** 3384 ** Parameters: 3385 ** av -- the first argument. 3386 ** bv -- the second argument. 3387 ** 3388 ** Returns: 3389 ** -1 if av < bv 3390 ** 0 if av == bv 3391 ** +1 if av > bv 3392 */ 3393 3394 static int 3395 workcmpf3(av, bv) 3396 const void *av; 3397 const void *bv; 3398 { 3399 WORK *a = (WORK *)av; 3400 WORK *b = (WORK *)bv; 3401 3402 if (a->w_ctime > b->w_ctime) 3403 return 1; 3404 else if (a->w_ctime < b->w_ctime) 3405 return -1; 3406 else 3407 return 0; 3408 } 3409 /* 3410 ** WORKCMPF4 -- compare based on file name 3411 ** 3412 ** Parameters: 3413 ** av -- the first argument. 3414 ** bv -- the second argument. 3415 ** 3416 ** Returns: 3417 ** -1 if av < bv 3418 ** 0 if av == bv 3419 ** +1 if av > bv 3420 */ 3421 3422 static int 3423 workcmpf4(av, bv) 3424 const void *av; 3425 const void *bv; 3426 { 3427 WORK *a = (WORK *)av; 3428 WORK *b = (WORK *)bv; 3429 3430 return strcmp(a->w_name, b->w_name); 3431 } 3432 /* 3433 ** WORKCMPF5 -- compare based on assigned random number 3434 ** 3435 ** Parameters: 3436 ** av -- the first argument. 3437 ** bv -- the second argument. 3438 ** 3439 ** Returns: 3440 ** randomly 1/-1 3441 */ 3442 3443 /* ARGSUSED0 */ 3444 static int 3445 workcmpf5(av, bv) 3446 const void *av; 3447 const void *bv; 3448 { 3449 WORK *a = (WORK *)av; 3450 WORK *b = (WORK *)bv; 3451 3452 if (strlen(a->w_name) < randi || strlen(b->w_name) < randi) 3453 return -1; 3454 return a->w_name[randi] - b->w_name[randi]; 3455 } 3456 /* 3457 ** WORKCMPF6 -- simple modification-time-only compare function. 3458 ** 3459 ** Parameters: 3460 ** av -- the first argument. 3461 ** bv -- the second argument. 3462 ** 3463 ** Returns: 3464 ** -1 if av < bv 3465 ** 0 if av == bv 3466 ** +1 if av > bv 3467 */ 3468 3469 static int 3470 workcmpf6(av, bv) 3471 const void *av; 3472 const void *bv; 3473 { 3474 WORK *a = (WORK *)av; 3475 WORK *b = (WORK *)bv; 3476 3477 if (a->w_mtime > b->w_mtime) 3478 return 1; 3479 else if (a->w_mtime < b->w_mtime) 3480 return -1; 3481 else 3482 return 0; 3483 } 3484 #if _FFR_RHS 3485 /* 3486 ** WORKCMPF7 -- compare function for ordering work based on shuffled host name. 3487 ** 3488 ** Sorts on lock status, host name, and priority in that order. 3489 ** 3490 ** Parameters: 3491 ** av -- the first argument. 3492 ** bv -- the second argument. 3493 ** 3494 ** Returns: 3495 ** <0 if av < bv 3496 ** 0 if av == bv 3497 ** >0 if av > bv 3498 */ 3499 3500 static int 3501 workcmpf7(av, bv) 3502 const void *av; 3503 const void *bv; 3504 { 3505 int i; 3506 WORK *a = (WORK *)av; 3507 WORK *b = (WORK *)bv; 3508 3509 /* lock status */ 3510 if (a->w_lock != b->w_lock) 3511 return a->w_lock - b->w_lock; 3512 3513 /* host name */ 3514 if (a->w_host != NULL && b->w_host == NULL) 3515 return 1; 3516 else if (a->w_host == NULL && b->w_host != NULL) 3517 return -1; 3518 if (a->w_host != NULL && b->w_host != NULL && 3519 (i = sm_strshufflecmp(a->w_host, b->w_host)) != 0) 3520 return i; 3521 3522 /* job priority */ 3523 return workcmpf0(a, b); 3524 } 3525 #endif /* _FFR_RHS */ 3526 /* 3527 ** STRREV -- reverse string 3528 ** 3529 ** Returns a pointer to a new string that is the reverse of 3530 ** the string pointed to by fwd. The space for the new 3531 ** string is obtained using xalloc(). 3532 ** 3533 ** Parameters: 3534 ** fwd -- the string to reverse. 3535 ** 3536 ** Returns: 3537 ** the reversed string. 3538 */ 3539 3540 static char * 3541 strrev(fwd) 3542 char *fwd; 3543 { 3544 char *rev = NULL; 3545 int len, cnt; 3546 3547 len = strlen(fwd); 3548 rev = xalloc(len + 1); 3549 for (cnt = 0; cnt < len; ++cnt) 3550 rev[cnt] = fwd[len - cnt - 1]; 3551 rev[len] = '\0'; 3552 return rev; 3553 } 3554 3555 #if _FFR_RHS 3556 3557 # define NASCII 128 3558 # define NCHAR 256 3559 3560 static unsigned char ShuffledAlphabet[NCHAR]; 3561 3562 void 3563 init_shuffle_alphabet() 3564 { 3565 static bool init = false; 3566 int i; 3567 3568 if (init) 3569 return; 3570 3571 /* fill the ShuffledAlphabet */ 3572 for (i = 0; i < NASCII; i++) 3573 ShuffledAlphabet[i] = i; 3574 3575 /* mix it */ 3576 for (i = 1; i < NASCII; i++) 3577 { 3578 register int j = get_random() % NASCII; 3579 register int tmp; 3580 3581 tmp = ShuffledAlphabet[j]; 3582 ShuffledAlphabet[j] = ShuffledAlphabet[i]; 3583 ShuffledAlphabet[i] = tmp; 3584 } 3585 3586 /* make it case insensitive */ 3587 for (i = 'A'; i <= 'Z'; i++) 3588 ShuffledAlphabet[i] = ShuffledAlphabet[i + 'a' - 'A']; 3589 3590 /* fill the upper part */ 3591 for (i = 0; i < NASCII; i++) 3592 ShuffledAlphabet[i + NASCII] = ShuffledAlphabet[i]; 3593 init = true; 3594 } 3595 3596 static int 3597 sm_strshufflecmp(a, b) 3598 char *a; 3599 char *b; 3600 { 3601 const unsigned char *us1 = (const unsigned char *) a; 3602 const unsigned char *us2 = (const unsigned char *) b; 3603 3604 while (ShuffledAlphabet[*us1] == ShuffledAlphabet[*us2++]) 3605 { 3606 if (*us1++ == '\0') 3607 return 0; 3608 } 3609 return (ShuffledAlphabet[*us1] - ShuffledAlphabet[*--us2]); 3610 } 3611 #endif /* _FFR_RHS */ 3612 3613 /* 3614 ** DOWORK -- do a work request. 3615 ** 3616 ** Parameters: 3617 ** qgrp -- the index of the queue group for the job. 3618 ** qdir -- the index of the queue directory for the job. 3619 ** id -- the ID of the job to run. 3620 ** forkflag -- if set, run this in background. 3621 ** requeueflag -- if set, reinstantiate the queue quickly. 3622 ** This is used when expanding aliases in the queue. 3623 ** If forkflag is also set, it doesn't wait for the 3624 ** child. 3625 ** e - the envelope in which to run it. 3626 ** 3627 ** Returns: 3628 ** process id of process that is running the queue job. 3629 ** 3630 ** Side Effects: 3631 ** The work request is satisfied if possible. 3632 */ 3633 3634 pid_t 3635 dowork(qgrp, qdir, id, forkflag, requeueflag, e) 3636 int qgrp; 3637 int qdir; 3638 char *id; 3639 bool forkflag; 3640 bool requeueflag; 3641 register ENVELOPE *e; 3642 { 3643 register pid_t pid; 3644 SM_RPOOL_T *rpool; 3645 3646 if (tTd(40, 1)) 3647 sm_dprintf("dowork(%s/%s), forkflag=%d\n", qid_printqueue(qgrp, qdir), id, forkflag); 3648 3649 /* 3650 ** Fork for work. 3651 */ 3652 3653 if (forkflag) 3654 { 3655 /* 3656 ** Since the delivery may happen in a child and the 3657 ** parent does not wait, the parent may close the 3658 ** maps thereby removing any shared memory used by 3659 ** the map. Therefore, close the maps now so the 3660 ** child will dynamically open them if necessary. 3661 */ 3662 3663 closemaps(false); 3664 3665 pid = fork(); 3666 if (pid < 0) 3667 { 3668 syserr("dowork: cannot fork"); 3669 return 0; 3670 } 3671 else if (pid > 0) 3672 { 3673 /* parent -- clean out connection cache */ 3674 mci_flush(false, NULL); 3675 } 3676 else 3677 { 3678 /* 3679 ** Initialize exception stack and default exception 3680 ** handler for child process. 3681 */ 3682 3683 /* Reset global flags */ 3684 RestartRequest = NULL; 3685 RestartWorkGroup = false; 3686 ShutdownRequest = NULL; 3687 PendingSignal = 0; 3688 CurrentPid = getpid(); 3689 sm_exc_newthread(fatal_error); 3690 3691 /* 3692 ** See note above about SMTP processes and SIGCHLD. 3693 */ 3694 3695 if (OpMode == MD_SMTP || 3696 OpMode == MD_DAEMON || 3697 MaxQueueChildren > 0) 3698 { 3699 proc_list_clear(); 3700 sm_releasesignal(SIGCHLD); 3701 (void) sm_signal(SIGCHLD, SIG_DFL); 3702 } 3703 3704 /* child -- error messages to the transcript */ 3705 QuickAbort = OnlyOneError = false; 3706 } 3707 } 3708 else 3709 { 3710 pid = 0; 3711 } 3712 3713 if (pid == 0) 3714 { 3715 /* 3716 ** CHILD 3717 ** Lock the control file to avoid duplicate deliveries. 3718 ** Then run the file as though we had just read it. 3719 ** We save an idea of the temporary name so we 3720 ** can recover on interrupt. 3721 */ 3722 3723 if (forkflag) 3724 { 3725 /* Reset global flags */ 3726 RestartRequest = NULL; 3727 RestartWorkGroup = false; 3728 ShutdownRequest = NULL; 3729 PendingSignal = 0; 3730 } 3731 3732 /* set basic modes, etc. */ 3733 sm_clear_events(); 3734 clearstats(); 3735 rpool = sm_rpool_new_x(NULL); 3736 clearenvelope(e, false, rpool); 3737 e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS; 3738 set_delivery_mode(SM_DELIVER, e); 3739 e->e_errormode = EM_MAIL; 3740 e->e_id = id; 3741 e->e_qgrp = qgrp; 3742 e->e_qdir = qdir; 3743 GrabTo = UseErrorsTo = false; 3744 ExitStat = EX_OK; 3745 if (forkflag) 3746 { 3747 disconnect(1, e); 3748 set_op_mode(MD_QUEUERUN); 3749 } 3750 sm_setproctitle(true, e, "%s from queue", qid_printname(e)); 3751 if (LogLevel > 76) 3752 sm_syslog(LOG_DEBUG, e->e_id, "dowork, pid=%d", 3753 (int) CurrentPid); 3754 3755 /* don't use the headers from sendmail.cf... */ 3756 e->e_header = NULL; 3757 3758 /* read the queue control file -- return if locked */ 3759 if (!readqf(e, false)) 3760 { 3761 if (tTd(40, 4) && e->e_id != NULL) 3762 sm_dprintf("readqf(%s) failed\n", 3763 qid_printname(e)); 3764 e->e_id = NULL; 3765 if (forkflag) 3766 finis(false, true, EX_OK); 3767 else 3768 { 3769 /* adding this frees 8 bytes */ 3770 clearenvelope(e, false, rpool); 3771 3772 /* adding this frees 12 bytes */ 3773 sm_rpool_free(rpool); 3774 e->e_rpool = NULL; 3775 return 0; 3776 } 3777 } 3778 3779 e->e_flags |= EF_INQUEUE; 3780 eatheader(e, requeueflag, true); 3781 3782 if (requeueflag) 3783 queueup(e, QUP_FL_NONE); 3784 3785 if (tTd(40, 9)) 3786 sm_dprintf("dowork(%s/%s), forkflag=%d, pid=%d, CurRunners=%d\n", 3787 qid_printqueue(qgrp, qdir), id, forkflag, 3788 (int) CurrentPid, CurRunners); 3789 3790 /* do the delivery */ 3791 sendall(e, SM_DELIVER); 3792 3793 /* finish up and exit */ 3794 if (forkflag) 3795 finis(true, true, ExitStat); 3796 else 3797 { 3798 (void) dropenvelope(e, true, false); 3799 sm_rpool_free(rpool); 3800 e->e_rpool = NULL; 3801 e->e_message = NULL; 3802 } 3803 } 3804 e->e_id = NULL; 3805 return pid; 3806 } 3807 3808 /* 3809 ** DOWORKLIST -- process a list of envelopes as work requests 3810 ** 3811 ** Similar to dowork(), except that after forking, it processes an 3812 ** envelope and its siblings, treating each envelope as a work request. 3813 ** 3814 ** Parameters: 3815 ** el -- envelope to be processed including its siblings. 3816 ** forkflag -- if set, run this in background. 3817 ** requeueflag -- if set, reinstantiate the queue quickly. 3818 ** This is used when expanding aliases in the queue. 3819 ** If forkflag is also set, it doesn't wait for the 3820 ** child. 3821 ** 3822 ** Returns: 3823 ** process id of process that is running the queue job. 3824 ** 3825 ** Side Effects: 3826 ** The work request is satisfied if possible. 3827 */ 3828 3829 pid_t 3830 doworklist(el, forkflag, requeueflag) 3831 ENVELOPE *el; 3832 bool forkflag; 3833 bool requeueflag; 3834 { 3835 register pid_t pid; 3836 ENVELOPE *ei; 3837 3838 if (tTd(40, 1)) 3839 sm_dprintf("doworklist()\n"); 3840 3841 /* 3842 ** Fork for work. 3843 */ 3844 3845 if (forkflag) 3846 { 3847 /* 3848 ** Since the delivery may happen in a child and the 3849 ** parent does not wait, the parent may close the 3850 ** maps thereby removing any shared memory used by 3851 ** the map. Therefore, close the maps now so the 3852 ** child will dynamically open them if necessary. 3853 */ 3854 3855 closemaps(false); 3856 3857 pid = fork(); 3858 if (pid < 0) 3859 { 3860 syserr("doworklist: cannot fork"); 3861 return 0; 3862 } 3863 else if (pid > 0) 3864 { 3865 /* parent -- clean out connection cache */ 3866 mci_flush(false, NULL); 3867 } 3868 else 3869 { 3870 /* 3871 ** Initialize exception stack and default exception 3872 ** handler for child process. 3873 */ 3874 3875 /* Reset global flags */ 3876 RestartRequest = NULL; 3877 RestartWorkGroup = false; 3878 ShutdownRequest = NULL; 3879 PendingSignal = 0; 3880 CurrentPid = getpid(); 3881 sm_exc_newthread(fatal_error); 3882 3883 /* 3884 ** See note above about SMTP processes and SIGCHLD. 3885 */ 3886 3887 if (OpMode == MD_SMTP || 3888 OpMode == MD_DAEMON || 3889 MaxQueueChildren > 0) 3890 { 3891 proc_list_clear(); 3892 sm_releasesignal(SIGCHLD); 3893 (void) sm_signal(SIGCHLD, SIG_DFL); 3894 } 3895 3896 /* child -- error messages to the transcript */ 3897 QuickAbort = OnlyOneError = false; 3898 } 3899 } 3900 else 3901 { 3902 pid = 0; 3903 } 3904 3905 if (pid != 0) 3906 return pid; 3907 3908 /* 3909 ** IN CHILD 3910 ** Lock the control file to avoid duplicate deliveries. 3911 ** Then run the file as though we had just read it. 3912 ** We save an idea of the temporary name so we 3913 ** can recover on interrupt. 3914 */ 3915 3916 if (forkflag) 3917 { 3918 /* Reset global flags */ 3919 RestartRequest = NULL; 3920 RestartWorkGroup = false; 3921 ShutdownRequest = NULL; 3922 PendingSignal = 0; 3923 } 3924 3925 /* set basic modes, etc. */ 3926 sm_clear_events(); 3927 clearstats(); 3928 GrabTo = UseErrorsTo = false; 3929 ExitStat = EX_OK; 3930 if (forkflag) 3931 { 3932 disconnect(1, el); 3933 set_op_mode(MD_QUEUERUN); 3934 } 3935 if (LogLevel > 76) 3936 sm_syslog(LOG_DEBUG, el->e_id, "doworklist, pid=%d", 3937 (int) CurrentPid); 3938 3939 for (ei = el; ei != NULL; ei = ei->e_sibling) 3940 { 3941 ENVELOPE e; 3942 SM_RPOOL_T *rpool; 3943 3944 if (WILL_BE_QUEUED(ei->e_sendmode)) 3945 continue; 3946 else if (QueueMode != QM_QUARANTINE && 3947 ei->e_quarmsg != NULL) 3948 continue; 3949 3950 rpool = sm_rpool_new_x(NULL); 3951 clearenvelope(&e, true, rpool); 3952 e.e_flags |= EF_QUEUERUN|EF_GLOBALERRS; 3953 set_delivery_mode(SM_DELIVER, &e); 3954 e.e_errormode = EM_MAIL; 3955 e.e_id = ei->e_id; 3956 e.e_qgrp = ei->e_qgrp; 3957 e.e_qdir = ei->e_qdir; 3958 openxscript(&e); 3959 sm_setproctitle(true, &e, "%s from queue", qid_printname(&e)); 3960 3961 /* don't use the headers from sendmail.cf... */ 3962 e.e_header = NULL; 3963 CurEnv = &e; 3964 3965 /* read the queue control file -- return if locked */ 3966 if (readqf(&e, false)) 3967 { 3968 e.e_flags |= EF_INQUEUE; 3969 eatheader(&e, requeueflag, true); 3970 3971 if (requeueflag) 3972 queueup(&e, QUP_FL_NONE); 3973 3974 /* do the delivery */ 3975 sendall(&e, SM_DELIVER); 3976 (void) dropenvelope(&e, true, false); 3977 } 3978 else 3979 { 3980 if (tTd(40, 4) && e.e_id != NULL) 3981 sm_dprintf("readqf(%s) failed\n", 3982 qid_printname(&e)); 3983 } 3984 sm_rpool_free(rpool); 3985 ei->e_id = NULL; 3986 } 3987 3988 /* restore CurEnv */ 3989 CurEnv = el; 3990 3991 /* finish up and exit */ 3992 if (forkflag) 3993 finis(true, true, ExitStat); 3994 return 0; 3995 } 3996 /* 3997 ** READQF -- read queue file and set up environment. 3998 ** 3999 ** Parameters: 4000 ** e -- the envelope of the job to run. 4001 ** openonly -- only open the qf (returned as e_lockfp) 4002 ** 4003 ** Returns: 4004 ** true if it successfully read the queue file. 4005 ** false otherwise. 4006 ** 4007 ** Side Effects: 4008 ** The queue file is returned locked. 4009 */ 4010 4011 static bool 4012 readqf(e, openonly) 4013 register ENVELOPE *e; 4014 bool openonly; 4015 { 4016 register SM_FILE_T *qfp; 4017 ADDRESS *ctladdr; 4018 struct stat st, stf; 4019 char *bp; 4020 int qfver = 0; 4021 long hdrsize = 0; 4022 register char *p; 4023 char *frcpt = NULL; 4024 char *orcpt = NULL; 4025 bool nomore = false; 4026 bool bogus = false; 4027 MODE_T qsafe; 4028 char *err; 4029 char qf[MAXPATHLEN]; 4030 char buf[MAXLINE]; 4031 int bufsize; 4032 4033 /* 4034 ** Read and process the file. 4035 */ 4036 4037 SM_REQUIRE(e != NULL); 4038 bp = NULL; 4039 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), sizeof(qf)); 4040 qfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDWR_B, NULL); 4041 if (qfp == NULL) 4042 { 4043 int save_errno = errno; 4044 4045 if (tTd(40, 8)) 4046 sm_dprintf("readqf(%s): sm_io_open failure (%s)\n", 4047 qf, sm_errstring(errno)); 4048 errno = save_errno; 4049 if (errno != ENOENT 4050 ) 4051 syserr("readqf: no control file %s", qf); 4052 RELEASE_QUEUE; 4053 return false; 4054 } 4055 4056 if (!lockfile(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), qf, NULL, 4057 LOCK_EX|LOCK_NB)) 4058 { 4059 /* being processed by another queuer */ 4060 if (Verbose) 4061 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4062 "%s: locked\n", e->e_id); 4063 if (tTd(40, 8)) 4064 sm_dprintf("%s: locked\n", e->e_id); 4065 if (LogLevel > 19) 4066 sm_syslog(LOG_DEBUG, e->e_id, "queueup: locked"); 4067 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4068 RELEASE_QUEUE; 4069 return false; 4070 } 4071 4072 RELEASE_QUEUE; 4073 4074 /* 4075 ** Prevent locking race condition. 4076 ** 4077 ** Process A: readqf(): qfp = fopen(qffile) 4078 ** Process B: queueup(): rename(tf, qf) 4079 ** Process B: unlocks(tf) 4080 ** Process A: lockfile(qf); 4081 ** 4082 ** Process A (us) has the old qf file (before the rename deleted 4083 ** the directory entry) and will be delivering based on old data. 4084 ** This can lead to multiple deliveries of the same recipients. 4085 ** 4086 ** Catch this by checking if the underlying qf file has changed 4087 ** *after* acquiring our lock and if so, act as though the file 4088 ** was still locked (i.e., just return like the lockfile() case 4089 ** above. 4090 */ 4091 4092 if (stat(qf, &stf) < 0 || 4093 fstat(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), &st) < 0) 4094 { 4095 /* must have been being processed by someone else */ 4096 if (tTd(40, 8)) 4097 sm_dprintf("readqf(%s): [f]stat failure (%s)\n", 4098 qf, sm_errstring(errno)); 4099 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4100 return false; 4101 } 4102 4103 if (st.st_nlink != stf.st_nlink || 4104 st.st_dev != stf.st_dev || 4105 ST_INODE(st) != ST_INODE(stf) || 4106 #if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */ 4107 st.st_gen != stf.st_gen || 4108 #endif 4109 st.st_uid != stf.st_uid || 4110 st.st_gid != stf.st_gid || 4111 st.st_size != stf.st_size) 4112 { 4113 /* changed after opened */ 4114 if (Verbose) 4115 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4116 "%s: changed\n", e->e_id); 4117 if (tTd(40, 8)) 4118 sm_dprintf("%s: changed\n", e->e_id); 4119 if (LogLevel > 19) 4120 sm_syslog(LOG_DEBUG, e->e_id, "changed"); 4121 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4122 return false; 4123 } 4124 4125 /* 4126 ** Check the queue file for plausibility to avoid attacks. 4127 */ 4128 4129 qsafe = S_IWOTH|S_IWGRP; 4130 if (bitset(S_IWGRP, QueueFileMode)) 4131 qsafe &= ~S_IWGRP; 4132 4133 bogus = st.st_uid != geteuid() && 4134 st.st_uid != TrustedUid && 4135 geteuid() != RealUid; 4136 4137 /* 4138 ** If this qf file results from a set-group-ID binary, then 4139 ** we check whether the directory is group-writable, 4140 ** the queue file mode contains the group-writable bit, and 4141 ** the groups are the same. 4142 ** Notice: this requires that the set-group-ID binary is used to 4143 ** run the queue! 4144 */ 4145 4146 if (bogus && st.st_gid == getegid() && UseMSP) 4147 { 4148 char delim; 4149 struct stat dst; 4150 4151 bp = SM_LAST_DIR_DELIM(qf); 4152 if (bp == NULL) 4153 delim = '\0'; 4154 else 4155 { 4156 delim = *bp; 4157 *bp = '\0'; 4158 } 4159 if (stat(delim == '\0' ? "." : qf, &dst) < 0) 4160 syserr("readqf: cannot stat directory %s", 4161 delim == '\0' ? "." : qf); 4162 else 4163 { 4164 bogus = !(bitset(S_IWGRP, QueueFileMode) && 4165 bitset(S_IWGRP, dst.st_mode) && 4166 dst.st_gid == st.st_gid); 4167 } 4168 if (delim != '\0') 4169 *bp = delim; 4170 bp = NULL; 4171 } 4172 if (!bogus) 4173 bogus = bitset(qsafe, st.st_mode); 4174 if (bogus) 4175 { 4176 if (LogLevel > 0) 4177 { 4178 sm_syslog(LOG_ALERT, e->e_id, 4179 "bogus queue file, uid=%ld, gid=%ld, mode=%o", 4180 (long) st.st_uid, (long) st.st_gid, 4181 (unsigned int) st.st_mode); 4182 } 4183 if (tTd(40, 8)) 4184 sm_dprintf("readqf(%s): bogus file\n", qf); 4185 e->e_flags |= EF_INQUEUE; 4186 if (!openonly) 4187 loseqfile(e, "bogus file uid/gid in mqueue"); 4188 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4189 return false; 4190 } 4191 4192 if (st.st_size == 0) 4193 { 4194 /* must be a bogus file -- if also old, just remove it */ 4195 if (!openonly && st.st_ctime + 10 * 60 < curtime()) 4196 { 4197 (void) xunlink(queuename(e, DATAFL_LETTER)); 4198 (void) xunlink(queuename(e, ANYQFL_LETTER)); 4199 } 4200 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4201 return false; 4202 } 4203 4204 if (st.st_nlink == 0) 4205 { 4206 /* 4207 ** Race condition -- we got a file just as it was being 4208 ** unlinked. Just assume it is zero length. 4209 */ 4210 4211 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4212 return false; 4213 } 4214 4215 #if _FFR_TRUSTED_QF 4216 /* 4217 ** If we don't own the file mark it as unsafe. 4218 ** However, allow TrustedUser to own it as well 4219 ** in case TrustedUser manipulates the queue. 4220 */ 4221 4222 if (st.st_uid != geteuid() && st.st_uid != TrustedUid) 4223 e->e_flags |= EF_UNSAFE; 4224 #else /* _FFR_TRUSTED_QF */ 4225 /* If we don't own the file mark it as unsafe */ 4226 if (st.st_uid != geteuid()) 4227 e->e_flags |= EF_UNSAFE; 4228 #endif /* _FFR_TRUSTED_QF */ 4229 4230 /* good file -- save this lock */ 4231 e->e_lockfp = qfp; 4232 4233 /* Just wanted the open file */ 4234 if (openonly) 4235 return true; 4236 4237 /* do basic system initialization */ 4238 initsys(e); 4239 macdefine(&e->e_macro, A_PERM, 'i', e->e_id); 4240 4241 LineNumber = 0; 4242 e->e_flags |= EF_GLOBALERRS; 4243 set_op_mode(MD_QUEUERUN); 4244 ctladdr = NULL; 4245 e->e_qfletter = queue_letter(e, ANYQFL_LETTER); 4246 e->e_dfqgrp = e->e_qgrp; 4247 e->e_dfqdir = e->e_qdir; 4248 #if _FFR_QUEUE_MACRO 4249 macdefine(&e->e_macro, A_TEMP, macid("{queue}"), 4250 qid_printqueue(e->e_qgrp, e->e_qdir)); 4251 #endif 4252 e->e_dfino = -1; 4253 e->e_msgsize = -1; 4254 while (bufsize = sizeof(buf), 4255 (bp = fgetfolded(buf, &bufsize, qfp)) != NULL) 4256 { 4257 unsigned long qflags; 4258 ADDRESS *q; 4259 int r; 4260 time_t now; 4261 auto char *ep; 4262 4263 if (tTd(40, 4)) 4264 sm_dprintf("+++++ %s\n", bp); 4265 if (nomore) 4266 { 4267 /* hack attack */ 4268 hackattack: 4269 syserr("SECURITY ALERT: extra or bogus data in queue file: %s", 4270 bp); 4271 err = "bogus queue line"; 4272 goto fail; 4273 } 4274 switch (bp[0]) 4275 { 4276 case 'A': /* AUTH= parameter */ 4277 if (!xtextok(&bp[1])) 4278 goto hackattack; 4279 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4280 break; 4281 4282 case 'B': /* body type */ 4283 r = check_bodytype(&bp[1]); 4284 if (!BODYTYPE_VALID(r)) 4285 goto hackattack; 4286 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4287 break; 4288 4289 case 'C': /* specify controlling user */ 4290 ctladdr = setctluser(&bp[1], qfver, e); 4291 break; 4292 4293 case 'D': /* data file name */ 4294 /* obsolete -- ignore */ 4295 break; 4296 4297 case 'd': /* data file directory name */ 4298 { 4299 int qgrp, qdir; 4300 4301 #if _FFR_MSP_PARANOIA 4302 /* forbid queue groups in MSP? */ 4303 if (UseMSP) 4304 goto hackattack; 4305 #endif 4306 for (qgrp = 0; 4307 qgrp < NumQueue && Queue[qgrp] != NULL; 4308 ++qgrp) 4309 { 4310 for (qdir = 0; 4311 qdir < Queue[qgrp]->qg_numqueues; 4312 ++qdir) 4313 { 4314 if (strcmp(&bp[1], 4315 Queue[qgrp]->qg_qpaths[qdir].qp_name) 4316 == 0) 4317 { 4318 e->e_dfqgrp = qgrp; 4319 e->e_dfqdir = qdir; 4320 goto done; 4321 } 4322 } 4323 } 4324 err = "bogus queue file directory"; 4325 goto fail; 4326 done: 4327 break; 4328 } 4329 4330 case 'E': /* specify error recipient */ 4331 /* no longer used */ 4332 break; 4333 4334 case 'F': /* flag bits */ 4335 if (strncmp(bp, "From ", 5) == 0) 4336 { 4337 /* we are being spoofed! */ 4338 syserr("SECURITY ALERT: bogus qf line %s", bp); 4339 err = "bogus queue line"; 4340 goto fail; 4341 } 4342 for (p = &bp[1]; *p != '\0'; p++) 4343 { 4344 switch (*p) 4345 { 4346 case '8': /* has 8 bit data */ 4347 e->e_flags |= EF_HAS8BIT; 4348 break; 4349 4350 case 'b': /* delete Bcc: header */ 4351 e->e_flags |= EF_DELETE_BCC; 4352 break; 4353 4354 case 'd': /* envelope has DSN RET= */ 4355 e->e_flags |= EF_RET_PARAM; 4356 break; 4357 4358 case 'n': /* don't return body */ 4359 e->e_flags |= EF_NO_BODY_RETN; 4360 break; 4361 4362 case 'r': /* response */ 4363 e->e_flags |= EF_RESPONSE; 4364 break; 4365 4366 case 's': /* split */ 4367 e->e_flags |= EF_SPLIT; 4368 break; 4369 4370 case 'w': /* warning sent */ 4371 e->e_flags |= EF_WARNING; 4372 break; 4373 4374 #if USE_EAI 4375 case 'e': /* message requires EAI */ 4376 e->e_smtputf8 = true; 4377 break; 4378 #endif /* USE_EAI */ 4379 } 4380 } 4381 break; 4382 4383 case 'q': /* quarantine reason */ 4384 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4385 macdefine(&e->e_macro, A_PERM, 4386 macid("{quarantine}"), e->e_quarmsg); 4387 break; 4388 4389 case 'H': /* header */ 4390 4391 /* 4392 ** count size before chompheader() destroys the line. 4393 ** this isn't accurate due to macro expansion, but 4394 ** better than before. "-3" to skip H?? at least. 4395 */ 4396 4397 hdrsize += strlen(bp) - 3; 4398 (void) chompheader(&bp[1], CHHDR_QUEUE, NULL, e); 4399 break; 4400 4401 case 'I': /* data file's inode number */ 4402 /* regenerated below */ 4403 break; 4404 4405 case 'K': /* time of last delivery attempt */ 4406 e->e_dtime = atol(&buf[1]); 4407 break; 4408 4409 case 'L': /* Solaris Content-Length: */ 4410 case 'M': /* message */ 4411 /* ignore this; we want a new message next time */ 4412 break; 4413 4414 case 'N': /* number of delivery attempts */ 4415 e->e_ntries = atoi(&buf[1]); 4416 4417 /* if this has been tried recently, let it be */ 4418 now = curtime(); 4419 if (e->e_ntries > 0 && e->e_dtime <= now && 4420 now < e->e_dtime + MinQueueAge) 4421 { 4422 char *howlong; 4423 4424 howlong = pintvl(now - e->e_dtime, true); 4425 if (Verbose) 4426 (void) sm_io_fprintf(smioout, 4427 SM_TIME_DEFAULT, 4428 "%s: too young (%s)\n", 4429 e->e_id, howlong); 4430 if (tTd(40, 8)) 4431 sm_dprintf("%s: too young (%s)\n", 4432 e->e_id, howlong); 4433 if (LogLevel > 19) 4434 sm_syslog(LOG_DEBUG, e->e_id, 4435 "too young (%s)", 4436 howlong); 4437 e->e_id = NULL; 4438 unlockqueue(e); 4439 if (bp != buf) 4440 sm_free(bp); 4441 return false; 4442 } 4443 macdefine(&e->e_macro, A_TEMP, 4444 macid("{ntries}"), &buf[1]); 4445 4446 #if NAMED_BIND 4447 /* adjust BIND parameters immediately */ 4448 if (e->e_ntries == 0) 4449 { 4450 _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; 4451 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; 4452 } 4453 else 4454 { 4455 _res.retry = TimeOuts.res_retry[RES_TO_NORMAL]; 4456 _res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL]; 4457 } 4458 #endif /* NAMED_BIND */ 4459 break; 4460 4461 case 'P': /* message priority */ 4462 e->e_msgpriority = atol(&bp[1]) + WkTimeFact; 4463 break; 4464 4465 case 'Q': /* original recipient */ 4466 orcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4467 break; 4468 4469 case 'r': /* final recipient */ 4470 frcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4471 break; 4472 4473 case 'R': /* specify recipient */ 4474 p = bp; 4475 qflags = 0; 4476 if (qfver >= 1) 4477 { 4478 /* get flag bits */ 4479 while (*++p != '\0' && *p != ':') 4480 { 4481 switch (*p) 4482 { 4483 case 'N': 4484 qflags |= QHASNOTIFY; 4485 break; 4486 4487 case 'S': 4488 qflags |= QPINGONSUCCESS; 4489 break; 4490 4491 case 'F': 4492 qflags |= QPINGONFAILURE; 4493 break; 4494 4495 case 'D': 4496 qflags |= QPINGONDELAY; 4497 break; 4498 4499 case 'P': 4500 qflags |= QPRIMARY; 4501 break; 4502 4503 case 'A': 4504 if (ctladdr != NULL) 4505 ctladdr->q_flags |= QALIAS; 4506 break; 4507 4508 case 'B': 4509 qflags |= QINTBCC; 4510 break; 4511 4512 case QDYNMAILFLG: 4513 qflags |= QDYNMAILER; 4514 break; 4515 4516 default: /* ignore or complain? */ 4517 break; 4518 } 4519 } 4520 } 4521 else 4522 qflags |= QPRIMARY; 4523 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), 4524 ((qflags & QINTBCC) != 0) ? "e b" : "e r"); 4525 /* XXX p must be [i] */ 4526 if (*p != '\0') 4527 q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0', 4528 NULL, e, true); 4529 else 4530 q = NULL; 4531 if (q != NULL) 4532 { 4533 /* make sure we keep the current qgrp */ 4534 if (ISVALIDQGRP(e->e_qgrp)) 4535 q->q_qgrp = e->e_qgrp; 4536 q->q_alias = ctladdr; 4537 if (qfver >= 1) 4538 q->q_flags &= ~Q_PINGFLAGS; 4539 q->q_flags |= qflags; 4540 q->q_finalrcpt = frcpt; 4541 q->q_orcpt = orcpt; 4542 #if _FFR_RCPTFLAGS 4543 if (bitset(QDYNMAILER, qflags)) 4544 newmodmailer(q, QDYNMAILFLG); 4545 #endif 4546 (void) recipient(q, &e->e_sendqueue, 0, e); 4547 } 4548 frcpt = NULL; 4549 orcpt = NULL; 4550 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), 4551 NULL); 4552 break; 4553 4554 case 'S': /* sender */ 4555 setsender(sm_rpool_strdup_x(e->e_rpool, &bp[1]), 4556 e, NULL, '\0', true); 4557 break; 4558 4559 case 'T': /* init time */ 4560 e->e_ctime = atol(&bp[1]); 4561 break; 4562 4563 case 'V': /* queue file version number */ 4564 qfver = atoi(&bp[1]); 4565 if (qfver <= QF_VERSION) 4566 break; 4567 syserr("Version number in queue file (%d) greater than max (%d)", 4568 qfver, QF_VERSION); 4569 err = "unsupported queue file version"; 4570 goto fail; 4571 /* NOTREACHED */ 4572 break; 4573 4574 case 'Z': /* original envelope id from ESMTP */ 4575 e->e_envid = sm_rpool_strdup_x(e->e_rpool, &bp[1]); 4576 macdefine(&e->e_macro, A_PERM, 4577 macid("{dsn_envid}"), e->e_envid); 4578 break; 4579 4580 case '!': /* deliver by */ 4581 4582 /* format: flag (1 char) space long-integer */ 4583 e->e_dlvr_flag = buf[1]; 4584 e->e_deliver_by = strtol(&buf[3], NULL, 10); 4585 4586 case '$': /* define macro */ 4587 { 4588 r = macid_parse(&bp[1], &ep); 4589 if (r == 0) 4590 break; 4591 macdefine(&e->e_macro, A_PERM, r, 4592 sm_rpool_strdup_x(e->e_rpool, ep)); 4593 } 4594 break; 4595 4596 case '.': /* terminate file */ 4597 nomore = true; 4598 break; 4599 4600 default: 4601 syserr("readqf: %s: line %d: bad line \"%s\"", 4602 qf, LineNumber, shortenstring(bp, MAXSHORTSTR)); 4603 err = "unrecognized line"; 4604 goto fail; 4605 } 4606 4607 if (bp != buf) 4608 SM_FREE(bp); 4609 } 4610 4611 /* 4612 ** If we haven't read any lines, this queue file is empty. 4613 ** Arrange to remove it without referencing any null pointers. 4614 */ 4615 4616 if (LineNumber == 0) 4617 { 4618 errno = 0; 4619 e->e_flags |= EF_CLRQUEUE|EF_FATALERRS|EF_RESPONSE; 4620 return true; 4621 } 4622 4623 /* Check to make sure we have a complete queue file read */ 4624 if (!nomore) 4625 { 4626 syserr("readqf: %s: incomplete queue file read", qf); 4627 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4628 return false; 4629 } 4630 4631 #if _FFR_QF_PARANOIA 4632 /* Check to make sure key fields were read */ 4633 if (e->e_from.q_mailer == NULL) 4634 { 4635 syserr("readqf: %s: sender not specified in queue file", qf); 4636 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4637 return false; 4638 } 4639 /* other checks? */ 4640 #endif /* _FFR_QF_PARANOIA */ 4641 4642 /* possibly set ${dsn_ret} macro */ 4643 if (bitset(EF_RET_PARAM, e->e_flags)) 4644 { 4645 if (bitset(EF_NO_BODY_RETN, e->e_flags)) 4646 macdefine(&e->e_macro, A_PERM, 4647 macid("{dsn_ret}"), "hdrs"); 4648 else 4649 macdefine(&e->e_macro, A_PERM, 4650 macid("{dsn_ret}"), "full"); 4651 } 4652 4653 /* 4654 ** Arrange to read the data file. 4655 */ 4656 4657 p = queuename(e, DATAFL_LETTER); 4658 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, p, SM_IO_RDONLY_B, 4659 NULL); 4660 if (e->e_dfp == NULL) 4661 { 4662 syserr("readqf: cannot open %s", p); 4663 } 4664 else 4665 { 4666 e->e_flags |= EF_HAS_DF; 4667 if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &st) 4668 >= 0) 4669 { 4670 e->e_msgsize = st.st_size + hdrsize; 4671 e->e_dfdev = st.st_dev; 4672 e->e_dfino = ST_INODE(st); 4673 (void) sm_snprintf(buf, sizeof(buf), "%ld", 4674 PRT_NONNEGL(e->e_msgsize)); 4675 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), 4676 buf); 4677 } 4678 } 4679 4680 return true; 4681 4682 fail: 4683 /* 4684 ** There was some error reading the qf file (reason is in err var.) 4685 ** Cleanup: 4686 ** close file; clear e_lockfp since it is the same as qfp, 4687 ** hence it is invalid (as file) after qfp is closed; 4688 ** the qf file is on disk, so set the flag to avoid calling 4689 ** queueup() with bogus data. 4690 */ 4691 4692 if (bp != buf) 4693 SM_FREE(bp); 4694 if (qfp != NULL) 4695 (void) sm_io_close(qfp, SM_TIME_DEFAULT); 4696 e->e_lockfp = NULL; 4697 e->e_flags |= EF_INQUEUE; 4698 loseqfile(e, err); 4699 return false; 4700 } 4701 /* 4702 ** PRTSTR -- print a string, "unprintable" characters are shown as \oct 4703 ** 4704 ** Parameters: 4705 ** s -- string to print 4706 ** ml -- maximum length of output 4707 ** 4708 ** Returns: 4709 ** number of entries 4710 ** 4711 ** Side Effects: 4712 ** Prints a string on stdout. 4713 */ 4714 4715 static void prtstr __P((char *, int)); 4716 4717 #if _FFR_BOUNCE_QUEUE 4718 # define IS_BOUNCE_QUEUE(i) ((i) == BounceQueue) 4719 # define SKIP_BOUNCE_QUEUE(i) \ 4720 if (IS_BOUNCE_QUEUE(i)) \ 4721 continue; 4722 #else 4723 # define IS_BOUNCE_QUEUE(i) false 4724 # define SKIP_BOUNCE_QUEUE(i) 4725 #endif 4726 4727 static void 4728 prtstr(s, ml) 4729 char *s; 4730 int ml; 4731 { 4732 int c; 4733 4734 if (s == NULL) 4735 return; 4736 while (ml-- > 0 && ((c = *s++) != '\0')) 4737 { 4738 if (c == '\\') 4739 { 4740 if (ml-- > 0) 4741 { 4742 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c); 4743 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c); 4744 } 4745 } 4746 else if (isascii(c) && isprint(c)) 4747 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c); 4748 else 4749 { 4750 if ((ml -= 3) > 0) 4751 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4752 "\\%03o", c & 0xFF); 4753 } 4754 } 4755 } 4756 /* 4757 ** PRINTNQE -- print out number of entries in the mail queue 4758 ** 4759 ** Parameters: 4760 ** out -- output file pointer. 4761 ** prefix -- string to output in front of each line. 4762 ** 4763 ** Returns: 4764 ** none. 4765 */ 4766 4767 void 4768 printnqe(out, prefix) 4769 SM_FILE_T *out; 4770 char *prefix; 4771 { 4772 #if SM_CONF_SHM 4773 int i, k = 0, nrequests = 0; 4774 bool unknown = false; 4775 4776 if (ShmId == SM_SHM_NO_ID) 4777 { 4778 if (prefix == NULL) 4779 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4780 "Data unavailable: shared memory not updated\n"); 4781 else 4782 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4783 "%sNOTCONFIGURED:-1\r\n", prefix); 4784 return; 4785 } 4786 for (i = 0; i < NumQueue && Queue[i] != NULL; i++) 4787 { 4788 int j; 4789 4790 SKIP_BOUNCE_QUEUE(i) 4791 k++; 4792 for (j = 0; j < Queue[i]->qg_numqueues; j++) 4793 { 4794 int n; 4795 4796 if (StopRequest) 4797 stop_sendmail(); 4798 4799 n = QSHM_ENTRIES(Queue[i]->qg_qpaths[j].qp_idx); 4800 if (prefix != NULL) 4801 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4802 "%s%s:%d\r\n", 4803 prefix, qid_printqueue(i, j), n); 4804 else if (n < 0) 4805 { 4806 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4807 "%s: unknown number of entries\n", 4808 qid_printqueue(i, j)); 4809 unknown = true; 4810 } 4811 else if (n == 0) 4812 { 4813 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4814 "%s is empty\n", 4815 qid_printqueue(i, j)); 4816 } 4817 else if (n > 0) 4818 { 4819 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4820 "%s: entries=%d\n", 4821 qid_printqueue(i, j), n); 4822 nrequests += n; 4823 k++; 4824 } 4825 } 4826 } 4827 if (prefix == NULL && k > 1) 4828 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4829 "\t\tTotal requests: %d%s\n", 4830 nrequests, unknown ? " (about)" : ""); 4831 #else /* SM_CONF_SHM */ 4832 if (prefix == NULL) 4833 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4834 "Data unavailable without shared memory support\n"); 4835 else 4836 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 4837 "%sNOTAVAILABLE:-1\r\n", prefix); 4838 #endif /* SM_CONF_SHM */ 4839 } 4840 /* 4841 ** PRINTQUEUE -- print out a representation of the mail queue 4842 ** 4843 ** Parameters: 4844 ** none. 4845 ** 4846 ** Returns: 4847 ** none. 4848 ** 4849 ** Side Effects: 4850 ** Prints a listing of the mail queue on the standard output. 4851 */ 4852 4853 void 4854 printqueue() 4855 { 4856 int i, k = 0, nrequests = 0; 4857 4858 for (i = 0; i < NumQueue && Queue[i] != NULL; i++) 4859 { 4860 int j; 4861 4862 k++; 4863 for (j = 0; j < Queue[i]->qg_numqueues; j++) 4864 { 4865 if (StopRequest) 4866 stop_sendmail(); 4867 nrequests += print_single_queue(i, j); 4868 k++; 4869 } 4870 } 4871 if (k > 1) 4872 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4873 "\t\tTotal requests: %d\n", 4874 nrequests); 4875 } 4876 /* 4877 ** PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue 4878 ** 4879 ** Parameters: 4880 ** qgrp -- the index of the queue group. 4881 ** qdir -- the queue directory. 4882 ** 4883 ** Returns: 4884 ** number of requests in mail queue. 4885 ** 4886 ** Side Effects: 4887 ** Prints a listing of the mail queue on the standard output. 4888 */ 4889 4890 int 4891 print_single_queue(qgrp, qdir) 4892 int qgrp; 4893 int qdir; 4894 { 4895 register WORK *w; 4896 SM_FILE_T *f; 4897 int nrequests; 4898 char qd[MAXPATHLEN]; 4899 char qddf[MAXPATHLEN]; 4900 char buf[MAXLINE]; 4901 4902 if (qdir == NOQDIR) 4903 { 4904 (void) sm_strlcpy(qd, ".", sizeof(qd)); 4905 (void) sm_strlcpy(qddf, ".", sizeof(qddf)); 4906 } 4907 else 4908 { 4909 (void) sm_strlcpyn(qd, sizeof(qd), 2, 4910 Queue[qgrp]->qg_qpaths[qdir].qp_name, 4911 (bitset(QP_SUBQF, 4912 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs) 4913 ? "/qf" : "")); 4914 (void) sm_strlcpyn(qddf, sizeof(qddf), 2, 4915 Queue[qgrp]->qg_qpaths[qdir].qp_name, 4916 (bitset(QP_SUBDF, 4917 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs) 4918 ? "/df" : "")); 4919 } 4920 4921 /* 4922 ** Check for permission to print the queue 4923 */ 4924 4925 if (bitset(PRIV_RESTRICTMAILQ, PrivacyFlags) && RealUid != 0) 4926 { 4927 struct stat st; 4928 #ifdef NGROUPS_MAX 4929 int n; 4930 extern GIDSET_T InitialGidSet[NGROUPS_MAX]; 4931 #endif 4932 4933 if (stat(qd, &st) < 0) 4934 { 4935 syserr("Cannot stat %s", 4936 qid_printqueue(qgrp, qdir)); 4937 return 0; 4938 } 4939 #ifdef NGROUPS_MAX 4940 n = NGROUPS_MAX; 4941 while (--n >= 0) 4942 { 4943 if (InitialGidSet[n] == st.st_gid) 4944 break; 4945 } 4946 if (n < 0 && RealGid != st.st_gid) 4947 #else /* NGROUPS_MAX */ 4948 if (RealGid != st.st_gid) 4949 #endif /* NGROUPS_MAX */ 4950 { 4951 usrerr("510 You are not permitted to see the queue"); 4952 setstat(EX_NOPERM); 4953 return 0; 4954 } 4955 } 4956 4957 /* 4958 ** Read and order the queue. 4959 */ 4960 4961 nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); 4962 (void) sortq(Queue[qgrp]->qg_maxlist); 4963 4964 /* 4965 ** Print the work list that we have read. 4966 */ 4967 4968 /* first see if there is anything */ 4969 if (nrequests <= 0) 4970 { 4971 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s is empty\n", 4972 qid_printqueue(qgrp, qdir)); 4973 return 0; 4974 } 4975 4976 sm_getla(); /* get load average */ 4977 4978 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\t\t%s (%d request%s", 4979 qid_printqueue(qgrp, qdir), 4980 nrequests, nrequests == 1 ? "" : "s"); 4981 if (MaxQueueRun > 0 && nrequests > MaxQueueRun) 4982 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4983 ", only %d printed", MaxQueueRun); 4984 if (Verbose) 4985 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4986 ")\n-----Q-ID----- --Size-- -Priority- ---Q-Time--- --------Sender/Recipient--------\n"); 4987 else 4988 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 4989 ")\n-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------\n"); 4990 for (w = WorkQ; w != NULL; w = w->w_next) 4991 { 4992 struct stat st; 4993 auto time_t submittime = 0; 4994 long dfsize; 4995 int flags = 0; 4996 int qfver; 4997 char quarmsg[MAXLINE]; 4998 char statmsg[MAXLINE]; 4999 char bodytype[MAXNAME + 1]; /* EAI:ok */ 5000 char qf[MAXPATHLEN]; 5001 5002 if (StopRequest) 5003 stop_sendmail(); 5004 5005 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%13s", 5006 w->w_name + 2); 5007 (void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", w->w_name); 5008 f = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B, 5009 NULL); 5010 if (f == NULL) 5011 { 5012 if (errno == EPERM) 5013 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 5014 " (permission denied)\n"); 5015 else if (errno == ENOENT) 5016 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 5017 " (job completed)\n"); 5018 else 5019 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 5020 " (%s)\n", 5021 sm_errstring(errno)); 5022 errno = 0; 5023 continue; 5024 } 5025 w->w_name[0] = DATAFL_LETTER; 5026 (void) sm_strlcpyn(qf, sizeof(qf), 3, qddf, "/", w->w_name); 5027 if (stat(qf, &st) >= 0) 5028 dfsize = st.st_size; 5029 else 5030 { 5031 ENVELOPE e; 5032 5033 /* 5034 ** Maybe the df file can't be statted because 5035 ** it is in a different directory than the qf file. 5036 ** In order to find out, we must read the qf file. 5037 */ 5038 5039 newenvelope(&e, &BlankEnvelope, sm_rpool_new_x(NULL)); 5040 e.e_id = w->w_name + 2; 5041 e.e_qgrp = qgrp; 5042 e.e_qdir = qdir; 5043 dfsize = -1; 5044 if (readqf(&e, false)) 5045 { 5046 char *df = queuename(&e, DATAFL_LETTER); 5047 if (stat(df, &st) >= 0) 5048 dfsize = st.st_size; 5049 } 5050 SM_CLOSE_FP(e.e_lockfp); 5051 clearenvelope(&e, false, e.e_rpool); 5052 sm_rpool_free(e.e_rpool); 5053 } 5054 if (w->w_lock) 5055 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "*"); 5056 else if (QueueMode == QM_LOST) 5057 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "?"); 5058 else if (w->w_tooyoung) 5059 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "-"); 5060 else if (shouldqueue(w->w_pri, w->w_ctime)) 5061 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "X"); 5062 else 5063 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, " "); 5064 5065 errno = 0; 5066 5067 quarmsg[0] = '\0'; 5068 statmsg[0] = bodytype[0] = '\0'; 5069 qfver = 0; 5070 while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) 5071 { 5072 register int i; 5073 register char *p; 5074 5075 if (StopRequest) 5076 stop_sendmail(); 5077 5078 fixcrlf(buf, true); 5079 switch (buf[0]) 5080 { 5081 case 'V': /* queue file version */ 5082 qfver = atoi(&buf[1]); 5083 break; 5084 5085 case 'M': /* error message */ 5086 if ((i = strlen(&buf[1])) >= sizeof(statmsg)) 5087 i = sizeof(statmsg) - 1; 5088 memmove(statmsg, &buf[1], i); 5089 statmsg[i] = '\0'; 5090 break; 5091 5092 case 'q': /* quarantine reason */ 5093 if ((i = strlen(&buf[1])) >= sizeof(quarmsg)) 5094 i = sizeof(quarmsg) - 1; 5095 memmove(quarmsg, &buf[1], i); 5096 quarmsg[i] = '\0'; 5097 break; 5098 5099 case 'B': /* body type */ 5100 if ((i = strlen(&buf[1])) >= sizeof(bodytype)) 5101 i = sizeof(bodytype) - 1; 5102 memmove(bodytype, &buf[1], i); 5103 bodytype[i] = '\0'; 5104 break; 5105 5106 case 'S': /* sender name */ 5107 if (Verbose) 5108 { 5109 (void) sm_io_fprintf(smioout, 5110 SM_TIME_DEFAULT, 5111 "%8ld %10ld%c%.12s ", 5112 dfsize, 5113 w->w_pri, 5114 bitset(EF_WARNING, flags) 5115 ? '+' : ' ', 5116 ctime(&submittime) + 4); 5117 prtstr(&buf[1], 78); 5118 } 5119 else 5120 { 5121 (void) sm_io_fprintf(smioout, 5122 SM_TIME_DEFAULT, 5123 "%8ld %.16s ", 5124 dfsize, 5125 ctime(&submittime)); 5126 prtstr(&buf[1], 39); 5127 } 5128 5129 if (quarmsg[0] != '\0') 5130 { 5131 (void) sm_io_fprintf(smioout, 5132 SM_TIME_DEFAULT, 5133 "\n QUARANTINE: %.*s", 5134 Verbose ? 100 : 60, 5135 quarmsg); 5136 quarmsg[0] = '\0'; 5137 } 5138 5139 if (statmsg[0] != '\0' || bodytype[0] != '\0') 5140 { 5141 (void) sm_io_fprintf(smioout, 5142 SM_TIME_DEFAULT, 5143 "\n %10.10s", 5144 bodytype); 5145 if (statmsg[0] != '\0') 5146 (void) sm_io_fprintf(smioout, 5147 SM_TIME_DEFAULT, 5148 " (%.*s)", 5149 Verbose ? 100 : 60, 5150 statmsg); 5151 statmsg[0] = '\0'; 5152 } 5153 break; 5154 5155 case 'C': /* controlling user */ 5156 if (Verbose) 5157 (void) sm_io_fprintf(smioout, 5158 SM_TIME_DEFAULT, 5159 "\n\t\t\t\t\t\t(---%.64s---)", 5160 &buf[1]); 5161 break; 5162 5163 case 'R': /* recipient name */ 5164 p = &buf[1]; 5165 if (qfver >= 1) 5166 { 5167 p = strchr(p, ':'); 5168 if (p == NULL) 5169 break; 5170 p++; 5171 } 5172 if (Verbose) 5173 { 5174 (void) sm_io_fprintf(smioout, 5175 SM_TIME_DEFAULT, 5176 "\n\t\t\t\t\t\t"); 5177 prtstr(p, 71); 5178 } 5179 else 5180 { 5181 (void) sm_io_fprintf(smioout, 5182 SM_TIME_DEFAULT, 5183 "\n\t\t\t\t\t "); 5184 prtstr(p, 38); 5185 } 5186 if (Verbose && statmsg[0] != '\0') 5187 { 5188 (void) sm_io_fprintf(smioout, 5189 SM_TIME_DEFAULT, 5190 "\n\t\t (%.100s)", 5191 statmsg); 5192 statmsg[0] = '\0'; 5193 } 5194 break; 5195 5196 case 'T': /* creation time */ 5197 submittime = atol(&buf[1]); 5198 break; 5199 5200 case 'F': /* flag bits */ 5201 for (p = &buf[1]; *p != '\0'; p++) 5202 { 5203 switch (*p) 5204 { 5205 case 'w': 5206 flags |= EF_WARNING; 5207 break; 5208 } 5209 } 5210 } 5211 } 5212 if (submittime == (time_t) 0) 5213 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 5214 " (no control file)"); 5215 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n"); 5216 (void) sm_io_close(f, SM_TIME_DEFAULT); 5217 } 5218 return nrequests; 5219 } 5220 5221 /* 5222 ** QUEUE_LETTER -- get the proper queue letter for the current QueueMode. 5223 ** 5224 ** Parameters: 5225 ** e -- envelope to build it in/from. 5226 ** type -- the file type, used as the first character 5227 ** of the file name. 5228 ** 5229 ** Returns: 5230 ** the letter to use 5231 */ 5232 5233 static char 5234 queue_letter(e, type) 5235 ENVELOPE *e; 5236 int type; 5237 { 5238 /* Change type according to QueueMode */ 5239 if (type == ANYQFL_LETTER) 5240 { 5241 if (e->e_quarmsg != NULL) 5242 type = QUARQF_LETTER; 5243 else 5244 { 5245 switch (QueueMode) 5246 { 5247 case QM_NORMAL: 5248 type = NORMQF_LETTER; 5249 break; 5250 5251 case QM_QUARANTINE: 5252 type = QUARQF_LETTER; 5253 break; 5254 5255 case QM_LOST: 5256 type = LOSEQF_LETTER; 5257 break; 5258 5259 default: 5260 /* should never happen */ 5261 abort(); 5262 /* NOTREACHED */ 5263 } 5264 } 5265 } 5266 return type; 5267 } 5268 5269 /* 5270 ** QUEUENAME -- build a file name in the queue directory for this envelope. 5271 ** 5272 ** Parameters: 5273 ** e -- envelope to build it in/from. 5274 ** type -- the file type, used as the first character 5275 ** of the file name. 5276 ** 5277 ** Returns: 5278 ** a pointer to the queue name (in a static buffer). 5279 ** 5280 ** Side Effects: 5281 ** If no id code is already assigned, queuename() will 5282 ** assign an id code with assign_queueid(). If no queue 5283 ** directory is assigned, one will be set with setnewqueue(). 5284 */ 5285 5286 char * 5287 queuename(e, type) 5288 register ENVELOPE *e; 5289 int type; 5290 { 5291 int qd, qg; 5292 char *sub = "/"; 5293 char pref[3]; 5294 static char buf[MAXPATHLEN]; 5295 5296 /* Assign an ID if needed */ 5297 if (e->e_id == NULL) 5298 { 5299 if (IntSig) 5300 return NULL; 5301 assign_queueid(e); 5302 } 5303 type = queue_letter(e, type); 5304 5305 /* begin of filename */ 5306 pref[0] = (char) type; 5307 pref[1] = 'f'; 5308 pref[2] = '\0'; 5309 5310 /* Assign a queue group/directory if needed */ 5311 if (type == XSCRPT_LETTER) 5312 { 5313 /* 5314 ** We don't want to call setnewqueue() if we are fetching 5315 ** the pathname of the transcript file, because setnewqueue 5316 ** chooses a queue, and sometimes we need to write to the 5317 ** transcript file before we have gathered enough information 5318 ** to choose a queue. 5319 */ 5320 5321 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR) 5322 { 5323 if (e->e_qgrp != NOQGRP && e->e_qdir != NOQDIR) 5324 { 5325 e->e_xfqgrp = e->e_qgrp; 5326 e->e_xfqdir = e->e_qdir; 5327 } 5328 else 5329 { 5330 e->e_xfqgrp = 0; 5331 if (Queue[e->e_xfqgrp]->qg_numqueues <= 1) 5332 e->e_xfqdir = 0; 5333 else 5334 { 5335 e->e_xfqdir = get_rand_mod( 5336 Queue[e->e_xfqgrp]->qg_numqueues); 5337 } 5338 } 5339 } 5340 qd = e->e_xfqdir; 5341 qg = e->e_xfqgrp; 5342 } 5343 else 5344 { 5345 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR) 5346 { 5347 if (IntSig) 5348 return NULL; 5349 (void) setnewqueue(e); 5350 } 5351 if (type == DATAFL_LETTER) 5352 { 5353 qd = e->e_dfqdir; 5354 qg = e->e_dfqgrp; 5355 } 5356 else 5357 { 5358 qd = e->e_qdir; 5359 qg = e->e_qgrp; 5360 } 5361 } 5362 5363 /* xf files always have a valid qd and qg picked above */ 5364 if ((qd == NOQDIR || qg == NOQGRP) && type != XSCRPT_LETTER) 5365 (void) sm_strlcpyn(buf, sizeof(buf), 2, pref, e->e_id); 5366 else 5367 { 5368 switch (type) 5369 { 5370 case DATAFL_LETTER: 5371 if (bitset(QP_SUBDF, Queue[qg]->qg_qpaths[qd].qp_subdirs)) 5372 sub = "/df/"; 5373 break; 5374 5375 case QUARQF_LETTER: 5376 case TEMPQF_LETTER: 5377 case NEWQFL_LETTER: 5378 case LOSEQF_LETTER: 5379 case NORMQF_LETTER: 5380 if (bitset(QP_SUBQF, Queue[qg]->qg_qpaths[qd].qp_subdirs)) 5381 sub = "/qf/"; 5382 break; 5383 5384 case XSCRPT_LETTER: 5385 if (bitset(QP_SUBXF, Queue[qg]->qg_qpaths[qd].qp_subdirs)) 5386 sub = "/xf/"; 5387 break; 5388 5389 default: 5390 if (IntSig) 5391 return NULL; 5392 sm_abort("queuename: bad queue file type %d", type); 5393 } 5394 5395 (void) sm_strlcpyn(buf, sizeof(buf), 4, 5396 Queue[qg]->qg_qpaths[qd].qp_name, 5397 sub, pref, e->e_id); 5398 } 5399 5400 if (tTd(7, 2)) 5401 sm_dprintf("queuename: %s\n", buf); 5402 return buf; 5403 } 5404 5405 /* 5406 ** INIT_QID_ALG -- Initialize the (static) parameters that are used to 5407 ** generate a queue ID. 5408 ** 5409 ** This function is called by the daemon to reset 5410 ** LastQueueTime and LastQueuePid which are used by assign_queueid(). 5411 ** Otherwise the algorithm may cause problems because 5412 ** LastQueueTime and LastQueuePid are set indirectly by main() 5413 ** before the daemon process is started, hence LastQueuePid is not 5414 ** the pid of the daemon and therefore a child of the daemon can 5415 ** actually have the same pid as LastQueuePid which means the section 5416 ** in assign_queueid(): 5417 ** * see if we need to get a new base time/pid * 5418 ** is NOT triggered which will cause the same queue id to be generated. 5419 ** 5420 ** Parameters: 5421 ** none 5422 ** 5423 ** Returns: 5424 ** none. 5425 */ 5426 5427 void 5428 init_qid_alg() 5429 { 5430 LastQueueTime = 0; 5431 LastQueuePid = -1; 5432 } 5433 5434 /* 5435 ** ASSIGN_QUEUEID -- assign a queue ID for this envelope. 5436 ** 5437 ** Assigns an id code if one does not already exist. 5438 ** This code assumes that nothing will remain in the queue for 5439 ** longer than 60 years. It is critical that files with the given 5440 ** name do not already exist in the queue. 5441 ** [No longer initializes e_qdir to NOQDIR.] 5442 ** 5443 ** Parameters: 5444 ** e -- envelope to set it in. 5445 ** 5446 ** Returns: 5447 ** none. 5448 */ 5449 5450 static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 5451 # define QIC_LEN 60 5452 # define QIC_LEN_R 62 5453 5454 /* 5455 ** Note: the length is "officially" 60 because minutes and seconds are 5456 ** usually only 0-59. However (Linux): 5457 ** tm_sec The number of seconds after the minute, normally in 5458 ** the range 0 to 59, but can be up to 61 to allow for 5459 ** leap seconds. 5460 ** Hence the real length of the string is 62 to take this into account. 5461 ** Alternatively % QIC_LEN can (should) be used for access everywhere. 5462 */ 5463 5464 # define queuenextid() CurrentPid 5465 #define QIC_LEN_SQR (QIC_LEN * QIC_LEN) 5466 5467 void 5468 assign_queueid(e) 5469 register ENVELOPE *e; 5470 { 5471 pid_t pid = queuenextid(); 5472 static unsigned int cX = 0; 5473 static unsigned int random_offset; 5474 struct tm *tm; 5475 char idbuf[MAXQFNAME - 2]; 5476 unsigned int seq; 5477 5478 if (e->e_id != NULL) 5479 return; 5480 5481 /* see if we need to get a new base time/pid */ 5482 if (cX >= QIC_LEN_SQR || LastQueueTime == 0 || LastQueuePid != pid) 5483 { 5484 time_t then = LastQueueTime; 5485 5486 /* if the first time through, pick a random offset */ 5487 if (LastQueueTime == 0) 5488 random_offset = ((unsigned int)get_random()) 5489 % QIC_LEN_SQR; 5490 5491 while ((LastQueueTime = curtime()) == then && 5492 LastQueuePid == pid) 5493 { 5494 (void) sleep(1); 5495 } 5496 LastQueuePid = queuenextid(); 5497 cX = 0; 5498 } 5499 5500 /* 5501 ** Generate a new sequence number between 0 and QIC_LEN_SQR-1. 5502 ** This lets us generate up to QIC_LEN_SQR unique queue ids 5503 ** per second, per process. With envelope splitting, 5504 ** a single message can consume many queue ids. 5505 */ 5506 5507 seq = (cX + random_offset) % QIC_LEN_SQR; 5508 ++cX; 5509 if (tTd(7, 50)) 5510 sm_dprintf("assign_queueid: random_offset=%u (%u)\n", 5511 random_offset, seq); 5512 5513 tm = gmtime(&LastQueueTime); 5514 idbuf[0] = QueueIdChars[tm->tm_year % QIC_LEN]; 5515 idbuf[1] = QueueIdChars[tm->tm_mon]; 5516 idbuf[2] = QueueIdChars[tm->tm_mday]; 5517 idbuf[3] = QueueIdChars[tm->tm_hour]; 5518 idbuf[4] = QueueIdChars[tm->tm_min % QIC_LEN_R]; 5519 idbuf[5] = QueueIdChars[tm->tm_sec % QIC_LEN_R]; 5520 idbuf[6] = QueueIdChars[seq / QIC_LEN]; 5521 idbuf[7] = QueueIdChars[seq % QIC_LEN]; 5522 if (tTd(78, 100)) 5523 (void) sm_snprintf(&idbuf[8], sizeof(idbuf) - 8, "%07d", 5524 (int) LastQueuePid); 5525 else 5526 (void) sm_snprintf(&idbuf[8], sizeof(idbuf) - 8, "%06d", 5527 (int) LastQueuePid); 5528 e->e_id = sm_rpool_strdup_x(e->e_rpool, idbuf); 5529 macdefine(&e->e_macro, A_PERM, 'i', e->e_id); 5530 #if 0 5531 /* XXX: inherited from MainEnvelope */ 5532 e->e_qgrp = NOQGRP; /* too early to do anything else */ 5533 e->e_qdir = NOQDIR; 5534 e->e_xfqgrp = NOQGRP; 5535 #endif /* 0 */ 5536 5537 /* New ID means it's not on disk yet */ 5538 e->e_qfletter = '\0'; 5539 5540 if (tTd(7, 1)) 5541 sm_dprintf("assign_queueid: assigned id %s, e=%p\n", 5542 e->e_id, (void *)e); 5543 if (LogLevel > 93) 5544 sm_syslog(LOG_DEBUG, e->e_id, "assigned id"); 5545 } 5546 /* 5547 ** SYNC_QUEUE_TIME -- Assure exclusive PID in any given second 5548 ** 5549 ** Make sure one PID can't be used by two processes in any one second. 5550 ** 5551 ** If the system rotates PIDs fast enough, may get the 5552 ** same pid in the same second for two distinct processes. 5553 ** This will interfere with the queue file naming system. 5554 ** 5555 ** Parameters: 5556 ** none 5557 ** 5558 ** Returns: 5559 ** none 5560 */ 5561 5562 void 5563 sync_queue_time() 5564 { 5565 #if FAST_PID_RECYCLE 5566 if (OpMode != MD_TEST && 5567 OpMode != MD_CHECKCONFIG && 5568 OpMode != MD_VERIFY && 5569 LastQueueTime > 0 && 5570 LastQueuePid == CurrentPid && 5571 curtime() == LastQueueTime) 5572 (void) sleep(1); 5573 #endif /* FAST_PID_RECYCLE */ 5574 } 5575 /* 5576 ** UNLOCKQUEUE -- unlock the queue entry for a specified envelope 5577 ** 5578 ** Parameters: 5579 ** e -- the envelope to unlock. 5580 ** 5581 ** Returns: 5582 ** none 5583 ** 5584 ** Side Effects: 5585 ** unlocks the queue for `e'. 5586 */ 5587 5588 void 5589 unlockqueue(e) 5590 ENVELOPE *e; 5591 { 5592 if (tTd(51, 4)) 5593 sm_dprintf("unlockqueue(%s)\n", 5594 e->e_id == NULL ? "NOQUEUE" : e->e_id); 5595 5596 5597 /* if there is a lock file in the envelope, close it */ 5598 SM_CLOSE_FP(e->e_lockfp); 5599 5600 /* don't create a queue id if we don't already have one */ 5601 if (e->e_id == NULL) 5602 return; 5603 5604 /* remove the transcript */ 5605 if (LogLevel > 87) 5606 sm_syslog(LOG_DEBUG, e->e_id, "unlock"); 5607 if (!tTd(51, 104)) 5608 (void) xunlink(queuename(e, XSCRPT_LETTER)); 5609 } 5610 /* 5611 ** SETCTLUSER -- create a controlling address 5612 ** 5613 ** Create a fake "address" given only a local login name; this is 5614 ** used as a "controlling user" for future recipient addresses. 5615 ** 5616 ** Parameters: 5617 ** user -- the user name of the controlling user. 5618 ** qfver -- the version stamp of this queue file. 5619 ** e -- envelope 5620 ** 5621 ** Returns: 5622 ** An address descriptor for the controlling user, 5623 ** using storage allocated from e->e_rpool. 5624 ** 5625 */ 5626 5627 static ADDRESS * 5628 setctluser(user, qfver, e) 5629 char *user; 5630 int qfver; 5631 ENVELOPE *e; 5632 { 5633 register ADDRESS *a; 5634 struct passwd *pw; 5635 char *p; 5636 5637 /* 5638 ** See if this clears our concept of controlling user. 5639 */ 5640 5641 if (SM_IS_EMPTY(user)) 5642 return NULL; 5643 5644 /* 5645 ** Set up addr fields for controlling user. 5646 */ 5647 5648 a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof(*a)); 5649 memset((char *) a, '\0', sizeof(*a)); 5650 5651 if (*user == ':') 5652 { 5653 p = &user[1]; 5654 a->q_user = sm_rpool_strdup_x(e->e_rpool, p); 5655 } 5656 else 5657 { 5658 p = strtok(user, ":"); 5659 a->q_user = sm_rpool_strdup_x(e->e_rpool, user); 5660 if (qfver >= 2) 5661 { 5662 if ((p = strtok(NULL, ":")) != NULL) 5663 a->q_uid = atoi(p); 5664 if ((p = strtok(NULL, ":")) != NULL) 5665 a->q_gid = atoi(p); 5666 if ((p = strtok(NULL, ":")) != NULL) 5667 { 5668 char *o; 5669 5670 a->q_flags |= QGOODUID; 5671 5672 /* if there is another ':': restore it */ 5673 if ((o = strtok(NULL, ":")) != NULL && o > p) 5674 o[-1] = ':'; 5675 } 5676 } 5677 else if ((pw = sm_getpwnam(user)) != NULL) 5678 { 5679 if (*pw->pw_dir == '\0') 5680 a->q_home = NULL; 5681 else if (strcmp(pw->pw_dir, "/") == 0) 5682 a->q_home = ""; 5683 else 5684 a->q_home = sm_rpool_strdup_x(e->e_rpool, pw->pw_dir); 5685 a->q_uid = pw->pw_uid; 5686 a->q_gid = pw->pw_gid; 5687 a->q_flags |= QGOODUID; 5688 } 5689 } 5690 5691 a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */ 5692 a->q_mailer = LocalMailer; 5693 if (p == NULL) 5694 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_user); 5695 else 5696 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, p); 5697 return a; 5698 } 5699 /* 5700 ** LOSEQFILE -- rename queue file with LOSEQF_LETTER & try to let someone know 5701 ** 5702 ** Parameters: 5703 ** e -- the envelope (e->e_id will be used). 5704 ** why -- reported to whomever can hear. 5705 ** 5706 ** Returns: 5707 ** none. 5708 */ 5709 5710 void 5711 loseqfile(e, why) 5712 register ENVELOPE *e; 5713 char *why; 5714 { 5715 bool loseit = true; 5716 char *p; 5717 char buf[MAXPATHLEN]; 5718 5719 if (e == NULL || e->e_id == NULL) 5720 return; 5721 p = queuename(e, ANYQFL_LETTER); 5722 if (sm_strlcpy(buf, p, sizeof(buf)) >= sizeof(buf)) 5723 return; 5724 if (!bitset(EF_INQUEUE, e->e_flags)) 5725 queueup(e, QUP_FL_MSYNC); 5726 else if (QueueMode == QM_LOST) 5727 loseit = false; 5728 5729 /* if already lost, no need to re-lose */ 5730 if (loseit) 5731 { 5732 p = queuename(e, LOSEQF_LETTER); 5733 if (rename(buf, p) < 0) 5734 syserr("cannot rename(%s, %s), uid=%ld", 5735 buf, p, (long) geteuid()); 5736 else if (LogLevel > 0) 5737 sm_syslog(LOG_ALERT, e->e_id, 5738 "Losing %s: %s", buf, why); 5739 } 5740 SM_CLOSE_FP(e->e_dfp); 5741 e->e_flags &= ~EF_HAS_DF; 5742 } 5743 /* 5744 ** NAME2QID -- translate a queue group name to a queue group id 5745 ** 5746 ** Parameters: 5747 ** queuename -- name of queue group. 5748 ** 5749 ** Returns: 5750 ** queue group id if found. 5751 ** NOQGRP otherwise. 5752 */ 5753 5754 int 5755 name2qid(queuename) 5756 char *queuename; 5757 { 5758 register STAB *s; 5759 5760 s = stab(queuename, ST_QUEUE, ST_FIND); 5761 if (s == NULL) 5762 return NOQGRP; 5763 return s->s_quegrp->qg_index; 5764 } 5765 /* 5766 ** QID_PRINTNAME -- create externally printable version of queue id 5767 ** 5768 ** Parameters: 5769 ** e -- the envelope. 5770 ** 5771 ** Returns: 5772 ** a printable version 5773 */ 5774 5775 char * 5776 qid_printname(e) 5777 ENVELOPE *e; 5778 { 5779 char *id; 5780 static char idbuf[MAXQFNAME + 34]; 5781 5782 if (e == NULL) 5783 return ""; 5784 5785 if (e->e_id == NULL) 5786 id = ""; 5787 else 5788 id = e->e_id; 5789 5790 if (e->e_qdir == NOQDIR) 5791 return id; 5792 5793 (void) sm_snprintf(idbuf, sizeof(idbuf), "%.32s/%s", 5794 Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_name, 5795 id); 5796 return idbuf; 5797 } 5798 /* 5799 ** QID_PRINTQUEUE -- create full version of queue directory for data files 5800 ** 5801 ** Parameters: 5802 ** qgrp -- index in queue group. 5803 ** qdir -- the short version of the queue directory 5804 ** 5805 ** Returns: 5806 ** the full pathname to the queue (might point to a static var) 5807 */ 5808 5809 char * 5810 qid_printqueue(qgrp, qdir) 5811 int qgrp; 5812 int qdir; 5813 { 5814 char *subdir; 5815 static char dir[MAXPATHLEN]; 5816 5817 if (qdir == NOQDIR) 5818 return Queue[qgrp]->qg_qdir; 5819 5820 if (strcmp(Queue[qgrp]->qg_qpaths[qdir].qp_name, ".") == 0) 5821 subdir = NULL; 5822 else 5823 subdir = Queue[qgrp]->qg_qpaths[qdir].qp_name; 5824 5825 (void) sm_strlcpyn(dir, sizeof(dir), 4, 5826 Queue[qgrp]->qg_qdir, 5827 subdir == NULL ? "" : "/", 5828 subdir == NULL ? "" : subdir, 5829 (bitset(QP_SUBDF, 5830 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs) 5831 ? "/df" : "")); 5832 return dir; 5833 } 5834 5835 /* 5836 ** PICKQDIR -- Pick a queue directory from a queue group 5837 ** 5838 ** Parameters: 5839 ** qg -- queue group 5840 ** fsize -- file size in bytes 5841 ** e -- envelope, or NULL 5842 ** 5843 ** Result: 5844 ** NOQDIR if no queue directory in qg has enough free space to 5845 ** hold a file of size 'fsize', otherwise the index of 5846 ** a randomly selected queue directory which resides on a 5847 ** file system with enough disk space. 5848 ** XXX This could be extended to select a queuedir with 5849 ** a few (the fewest?) number of entries. That data 5850 ** is available if shared memory is used. 5851 ** 5852 ** Side Effects: 5853 ** If the request fails and e != NULL then sm_syslog is called. 5854 */ 5855 5856 int 5857 pickqdir(qg, fsize, e) 5858 QUEUEGRP *qg; 5859 long fsize; 5860 ENVELOPE *e; 5861 { 5862 int qdir; 5863 int i; 5864 long avail = 0; 5865 5866 /* Pick a random directory, as a starting point. */ 5867 if (qg->qg_numqueues <= 1) 5868 qdir = 0; 5869 else 5870 qdir = get_rand_mod(qg->qg_numqueues); 5871 5872 #if _FFR_TESTS 5873 if (tTd(4, 101)) 5874 return NOQDIR; 5875 #endif 5876 if (MinBlocksFree <= 0 && fsize <= 0) 5877 return qdir; 5878 5879 /* 5880 ** Now iterate over the queue directories, 5881 ** looking for a directory with enough space for this message. 5882 */ 5883 5884 i = qdir; 5885 do 5886 { 5887 QPATHS *qp = &qg->qg_qpaths[i]; 5888 long needed = 0; 5889 long fsavail = 0; 5890 5891 if (fsize > 0) 5892 needed += fsize / FILE_SYS_BLKSIZE(qp->qp_fsysidx) 5893 + ((fsize % FILE_SYS_BLKSIZE(qp->qp_fsysidx) 5894 > 0) ? 1 : 0); 5895 if (MinBlocksFree > 0) 5896 needed += MinBlocksFree; 5897 fsavail = FILE_SYS_AVAIL(qp->qp_fsysidx); 5898 #if SM_CONF_SHM 5899 if (fsavail <= 0) 5900 { 5901 long blksize; 5902 5903 /* 5904 ** might be not correctly updated, 5905 ** let's try to get the info directly. 5906 */ 5907 5908 fsavail = freediskspace(FILE_SYS_NAME(qp->qp_fsysidx), 5909 &blksize); 5910 if (fsavail < 0) 5911 fsavail = 0; 5912 } 5913 #endif /* SM_CONF_SHM */ 5914 if (needed <= fsavail) 5915 return i; 5916 if (avail < fsavail) 5917 avail = fsavail; 5918 5919 if (qg->qg_numqueues > 0) 5920 i = (i + 1) % qg->qg_numqueues; 5921 } while (i != qdir); 5922 5923 if (e != NULL && LogLevel > 0) 5924 sm_syslog(LOG_ALERT, e->e_id, 5925 "low on space (%s needs %ld bytes + %ld blocks in %s), max avail: %ld", 5926 CurHostName == NULL ? "SMTP-DAEMON" : CurHostName, 5927 fsize, MinBlocksFree, 5928 qg->qg_qdir, avail); 5929 return NOQDIR; 5930 } 5931 /* 5932 ** SETNEWQUEUE -- Sets a new queue group and directory 5933 ** 5934 ** Assign a queue group and directory to an envelope and store the 5935 ** directory in e->e_qdir. 5936 ** 5937 ** Parameters: 5938 ** e -- envelope to assign a queue for. 5939 ** 5940 ** Returns: 5941 ** true if successful 5942 ** false otherwise 5943 ** 5944 ** Side Effects: 5945 ** On success, e->e_qgrp and e->e_qdir are non-negative. 5946 ** On failure (not enough disk space), 5947 ** e->qgrp = NOQGRP, e->e_qdir = NOQDIR 5948 ** and usrerr() is invoked (which could raise an exception). 5949 */ 5950 5951 bool 5952 setnewqueue(e) 5953 ENVELOPE *e; 5954 { 5955 if (tTd(41, 20)) 5956 sm_dprintf("setnewqueue: called\n"); 5957 5958 /* not set somewhere else */ 5959 if (e->e_qgrp == NOQGRP) 5960 { 5961 ADDRESS *q; 5962 5963 /* 5964 ** Use the queue group of the "first" recipient, as set by 5965 ** the "queuegroup" rule set. If that is not defined, then 5966 ** use the queue group of the mailer of the first recipient. 5967 ** If that is not defined either, then use the default 5968 ** queue group. 5969 ** Notice: "first" depends on the sorting of sendqueue 5970 ** in recipient(). 5971 ** To avoid problems with "bad" recipients look 5972 ** for a valid address first. 5973 */ 5974 5975 q = e->e_sendqueue; 5976 while (q != NULL && 5977 (QS_IS_BADADDR(q->q_state) || QS_IS_DEAD(q->q_state))) 5978 { 5979 q = q->q_next; 5980 } 5981 if (q == NULL) 5982 e->e_qgrp = 0; 5983 else if (q->q_qgrp >= 0) 5984 e->e_qgrp = q->q_qgrp; 5985 else if (q->q_mailer != NULL && 5986 ISVALIDQGRP(q->q_mailer->m_qgrp)) 5987 e->e_qgrp = q->q_mailer->m_qgrp; 5988 else 5989 e->e_qgrp = 0; 5990 e->e_dfqgrp = e->e_qgrp; 5991 } 5992 5993 if (ISVALIDQDIR(e->e_qdir) && ISVALIDQDIR(e->e_dfqdir)) 5994 { 5995 if (tTd(41, 20)) 5996 sm_dprintf("setnewqueue: e_qdir already assigned (%s)\n", 5997 qid_printqueue(e->e_qgrp, e->e_qdir)); 5998 return true; 5999 } 6000 6001 filesys_update(); 6002 e->e_qdir = pickqdir(Queue[e->e_qgrp], e->e_msgsize, e); 6003 if (e->e_qdir == NOQDIR) 6004 { 6005 e->e_qgrp = NOQGRP; 6006 if (!bitset(EF_FATALERRS, e->e_flags)) 6007 usrerr("452 4.4.5 Insufficient disk space; try again later"); 6008 e->e_flags |= EF_FATALERRS; 6009 return false; 6010 } 6011 6012 if (tTd(41, 3)) 6013 sm_dprintf("setnewqueue: Assigned queue directory %s\n", 6014 qid_printqueue(e->e_qgrp, e->e_qdir)); 6015 6016 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR) 6017 { 6018 e->e_xfqgrp = e->e_qgrp; 6019 e->e_xfqdir = e->e_qdir; 6020 } 6021 e->e_dfqdir = e->e_qdir; 6022 return true; 6023 } 6024 /* 6025 ** CHKQDIR -- check a queue directory 6026 ** 6027 ** Parameters: 6028 ** name -- name of queue directory 6029 ** sff -- flags for safefile() 6030 ** 6031 ** Returns: 6032 ** is it a queue directory? 6033 */ 6034 6035 static bool chkqdir __P((char *, long)); 6036 6037 static bool 6038 chkqdir(name, sff) 6039 char *name; 6040 long sff; 6041 { 6042 struct stat statb; 6043 int i; 6044 6045 /* skip over . and .. directories */ 6046 if (name[0] == '.' && 6047 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0'))) 6048 return false; 6049 #if HASLSTAT 6050 if (lstat(name, &statb) < 0) 6051 #else 6052 if (stat(name, &statb) < 0) 6053 #endif 6054 { 6055 if (tTd(41, 2)) 6056 sm_dprintf("chkqdir: stat(\"%s\"): %s\n", 6057 name, sm_errstring(errno)); 6058 return false; 6059 } 6060 #if HASLSTAT 6061 if (S_ISLNK(statb.st_mode)) 6062 { 6063 /* 6064 ** For a symlink we need to make sure the 6065 ** target is a directory 6066 */ 6067 6068 if (stat(name, &statb) < 0) 6069 { 6070 if (tTd(41, 2)) 6071 sm_dprintf("chkqdir: stat(\"%s\"): %s\n", 6072 name, sm_errstring(errno)); 6073 return false; 6074 } 6075 } 6076 #endif /* HASLSTAT */ 6077 6078 if (!S_ISDIR(statb.st_mode)) 6079 { 6080 if (tTd(41, 2)) 6081 sm_dprintf("chkqdir: \"%s\": Not a directory\n", 6082 name); 6083 return false; 6084 } 6085 6086 /* Print a warning if unsafe (but still use it) */ 6087 /* XXX do this only if we want the warning? */ 6088 i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0); 6089 if (i != 0) 6090 { 6091 if (tTd(41, 2)) 6092 sm_dprintf("chkqdir: \"%s\": Not safe: %s\n", 6093 name, sm_errstring(i)); 6094 #if _FFR_CHK_QUEUE 6095 if (LogLevel > 8) 6096 sm_syslog(LOG_WARNING, NOQID, 6097 "queue directory \"%s\": Not safe: %s", 6098 name, sm_errstring(i)); 6099 #endif /* _FFR_CHK_QUEUE */ 6100 } 6101 return true; 6102 } 6103 /* 6104 ** MULTIQUEUE_CACHE -- cache a list of paths to queues. 6105 ** 6106 ** Each potential queue is checked as the cache is built. 6107 ** Thereafter, each is blindly trusted. 6108 ** Note that we can be called again after a timeout to rebuild 6109 ** (although code for that is not ready yet). 6110 ** 6111 ** Parameters: 6112 ** basedir -- base of all queue directories. 6113 ** blen -- strlen(basedir). 6114 ** qg -- queue group. 6115 ** qn -- number of queue directories already cached. 6116 ** phash -- pointer to hash value over queue dirs. 6117 #if SM_CONF_SHM 6118 ** only used if shared memory is active. 6119 #endif * SM_CONF_SHM * 6120 ** 6121 ** Returns: 6122 ** new number of queue directories. 6123 */ 6124 6125 #define INITIAL_SLOTS 20 6126 #define ADD_SLOTS 10 6127 6128 static int 6129 multiqueue_cache(basedir, blen, qg, qn, phash) 6130 char *basedir; 6131 int blen; 6132 QUEUEGRP *qg; 6133 int qn; 6134 unsigned int *phash; 6135 { 6136 char *cp; 6137 int i, len; 6138 int slotsleft = 0; 6139 long sff = SFF_ANYFILE; 6140 char qpath[MAXPATHLEN]; 6141 char subdir[MAXPATHLEN]; 6142 char prefix[MAXPATHLEN]; /* dir relative to basedir */ 6143 6144 if (tTd(41, 20)) 6145 sm_dprintf("multiqueue_cache: called\n"); 6146 6147 /* Initialize to current directory */ 6148 prefix[0] = '.'; 6149 prefix[1] = '\0'; 6150 if (qg->qg_numqueues != 0 && qg->qg_qpaths != NULL) 6151 { 6152 for (i = 0; i < qg->qg_numqueues; i++) 6153 { 6154 if (qg->qg_qpaths[i].qp_name != NULL) 6155 (void) sm_free(qg->qg_qpaths[i].qp_name); /* XXX */ 6156 } 6157 (void) sm_free((char *) qg->qg_qpaths); /* XXX */ 6158 qg->qg_qpaths = NULL; 6159 qg->qg_numqueues = 0; 6160 } 6161 6162 /* If running as root, allow safedirpath() checks to use privs */ 6163 if (RunAsUid == 0) 6164 sff |= SFF_ROOTOK; 6165 #if _FFR_CHK_QUEUE 6166 sff |= SFF_SAFEDIRPATH|SFF_NOWWFILES; 6167 if (!UseMSP) 6168 sff |= SFF_NOGWFILES; 6169 #endif 6170 6171 if (!SM_IS_DIR_START(qg->qg_qdir)) 6172 { 6173 /* 6174 ** XXX we could add basedir, but then we have to realloc() 6175 ** the string... Maybe another time. 6176 */ 6177 6178 syserr("QueuePath %s not absolute", qg->qg_qdir); 6179 ExitStat = EX_CONFIG; 6180 return qn; 6181 } 6182 6183 /* qpath: directory of current workgroup */ 6184 len = sm_strlcpy(qpath, qg->qg_qdir, sizeof(qpath)); 6185 if (len >= sizeof(qpath)) 6186 { 6187 syserr("QueuePath %.256s too long (%d max)", 6188 qg->qg_qdir, (int) sizeof(qpath)); 6189 ExitStat = EX_CONFIG; 6190 return qn; 6191 } 6192 6193 /* begin of qpath must be same as basedir */ 6194 if (strncmp(basedir, qpath, blen) != 0 && 6195 (strncmp(basedir, qpath, blen - 1) != 0 || len != blen - 1)) 6196 { 6197 syserr("QueuePath %s not subpath of QueueDirectory %s", 6198 qpath, basedir); 6199 ExitStat = EX_CONFIG; 6200 return qn; 6201 } 6202 6203 /* Do we have a nested subdirectory? */ 6204 if (blen < len && SM_FIRST_DIR_DELIM(qg->qg_qdir + blen) != NULL) 6205 { 6206 6207 /* Copy subdirectory into prefix for later use */ 6208 if (sm_strlcpy(prefix, qg->qg_qdir + blen, sizeof(prefix)) >= 6209 sizeof(prefix)) 6210 { 6211 syserr("QueuePath %.256s too long (%d max)", 6212 qg->qg_qdir, (int) sizeof(qpath)); 6213 ExitStat = EX_CONFIG; 6214 return qn; 6215 } 6216 cp = SM_LAST_DIR_DELIM(prefix); 6217 SM_ASSERT(cp != NULL); 6218 *cp = '\0'; /* cut off trailing / */ 6219 } 6220 6221 /* This is guaranteed by the basedir check above */ 6222 SM_ASSERT(len >= blen - 1); 6223 cp = &qpath[len - 1]; 6224 if (*cp == '*') 6225 { 6226 register DIR *dp; 6227 register struct dirent *d; 6228 int off; 6229 char *delim; 6230 char relpath[MAXPATHLEN]; 6231 6232 *cp = '\0'; /* Overwrite wildcard */ 6233 if ((cp = SM_LAST_DIR_DELIM(qpath)) == NULL) 6234 { 6235 syserr("QueueDirectory: can not wildcard relative path"); 6236 if (tTd(41, 2)) 6237 sm_dprintf("multiqueue_cache: \"%s*\": Can not wildcard relative path.\n", 6238 qpath); 6239 ExitStat = EX_CONFIG; 6240 return qn; 6241 } 6242 if (cp == qpath) 6243 { 6244 /* 6245 ** Special case of top level wildcard, like /foo* 6246 ** Change to //foo* 6247 */ 6248 6249 (void) sm_strlcpy(qpath + 1, qpath, sizeof(qpath) - 1); 6250 ++cp; 6251 } 6252 delim = cp; 6253 *(cp++) = '\0'; /* Replace / with \0 */ 6254 len = strlen(cp); /* Last component of queue directory */ 6255 6256 /* 6257 ** Path relative to basedir, with trailing / 6258 ** It will be modified below to specify the subdirectories 6259 ** so they can be opened without chdir(). 6260 */ 6261 6262 off = sm_strlcpyn(relpath, sizeof(relpath), 2, prefix, "/"); 6263 SM_ASSERT(off < sizeof(relpath)); 6264 6265 if (tTd(41, 2)) 6266 sm_dprintf("multiqueue_cache: prefix=\"%s%s\"\n", 6267 relpath, cp); 6268 6269 /* It is always basedir: we don't need to store it per group */ 6270 /* XXX: optimize this! -> one more global? */ 6271 qg->qg_qdir = newstr(basedir); 6272 qg->qg_qdir[blen - 1] = '\0'; /* cut off trailing / */ 6273 6274 /* 6275 ** XXX Should probably wrap this whole loop in a timeout 6276 ** in case some wag decides to NFS mount the queues. 6277 */ 6278 6279 /* Test path to get warning messages. */ 6280 if (qn == 0) 6281 { 6282 /* XXX qg_runasuid and qg_runasgid for specials? */ 6283 i = safedirpath(basedir, RunAsUid, RunAsGid, NULL, 6284 sff, 0, 0); 6285 if (i != 0 && tTd(41, 2)) 6286 sm_dprintf("multiqueue_cache: \"%s\": Not safe: %s\n", 6287 basedir, sm_errstring(i)); 6288 } 6289 6290 if ((dp = opendir(prefix)) == NULL) 6291 { 6292 syserr("can not opendir(%s/%s)", qg->qg_qdir, prefix); 6293 if (tTd(41, 2)) 6294 sm_dprintf("multiqueue_cache: opendir(\"%s/%s\"): %s\n", 6295 qg->qg_qdir, prefix, 6296 sm_errstring(errno)); 6297 ExitStat = EX_CONFIG; 6298 return qn; 6299 } 6300 while ((d = readdir(dp)) != NULL) 6301 { 6302 /* Skip . and .. directories */ 6303 if (strcmp(d->d_name, ".") == 0 || 6304 strcmp(d->d_name, "..") == 0) 6305 continue; 6306 6307 i = strlen(d->d_name); 6308 if (i < len || strncmp(d->d_name, cp, len) != 0) 6309 { 6310 if (tTd(41, 5)) 6311 sm_dprintf("multiqueue_cache: \"%s\", skipped\n", 6312 d->d_name); 6313 continue; 6314 } 6315 6316 /* Create relative pathname: prefix + local directory */ 6317 i = sizeof(relpath) - off; 6318 if (sm_strlcpy(relpath + off, d->d_name, i) >= i) 6319 continue; /* way too long */ 6320 6321 if (!chkqdir(relpath, sff)) 6322 continue; 6323 6324 if (qg->qg_qpaths == NULL) 6325 { 6326 slotsleft = INITIAL_SLOTS; 6327 qg->qg_qpaths = (QPATHS *)xalloc((sizeof(*qg->qg_qpaths)) * 6328 slotsleft); 6329 qg->qg_numqueues = 0; 6330 } 6331 else if (slotsleft < 1) 6332 { 6333 qg->qg_qpaths = (QPATHS *)sm_realloc((char *)qg->qg_qpaths, 6334 (sizeof(*qg->qg_qpaths)) * 6335 (qg->qg_numqueues + 6336 ADD_SLOTS)); 6337 if (qg->qg_qpaths == NULL) 6338 { 6339 (void) closedir(dp); 6340 return qn; 6341 } 6342 slotsleft += ADD_SLOTS; 6343 } 6344 6345 /* check subdirs */ 6346 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs = QP_NOSUB; 6347 6348 #define CHKRSUBDIR(name, flag) \ 6349 (void) sm_strlcpyn(subdir, sizeof(subdir), 3, relpath, "/", name); \ 6350 if (chkqdir(subdir, sff)) \ 6351 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs |= flag; \ 6352 else 6353 6354 6355 CHKRSUBDIR("qf", QP_SUBQF); 6356 CHKRSUBDIR("df", QP_SUBDF); 6357 CHKRSUBDIR("xf", QP_SUBXF); 6358 6359 /* assert(strlen(d->d_name) < MAXPATHLEN - 14) */ 6360 /* maybe even - 17 (subdirs) */ 6361 6362 if (prefix[0] != '.') 6363 qg->qg_qpaths[qg->qg_numqueues].qp_name = 6364 newstr(relpath); 6365 else 6366 qg->qg_qpaths[qg->qg_numqueues].qp_name = 6367 newstr(d->d_name); 6368 6369 if (tTd(41, 2)) 6370 sm_dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n", 6371 qg->qg_numqueues, relpath, 6372 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs); 6373 #if SM_CONF_SHM 6374 qg->qg_qpaths[qg->qg_numqueues].qp_idx = qn; 6375 *phash = hash_q(relpath, *phash); 6376 #endif 6377 qg->qg_numqueues++; 6378 ++qn; 6379 slotsleft--; 6380 } 6381 (void) closedir(dp); 6382 6383 /* undo damage */ 6384 *delim = '/'; 6385 } 6386 if (qg->qg_numqueues == 0) 6387 { 6388 qg->qg_qpaths = (QPATHS *) xalloc(sizeof(*qg->qg_qpaths)); 6389 6390 /* test path to get warning messages */ 6391 i = safedirpath(qpath, RunAsUid, RunAsGid, NULL, sff, 0, 0); 6392 if (i == ENOENT) 6393 { 6394 syserr("can not opendir(%s)", qpath); 6395 if (tTd(41, 2)) 6396 sm_dprintf("multiqueue_cache: opendir(\"%s\"): %s\n", 6397 qpath, sm_errstring(i)); 6398 ExitStat = EX_CONFIG; 6399 return qn; 6400 } 6401 6402 qg->qg_qpaths[0].qp_subdirs = QP_NOSUB; 6403 qg->qg_numqueues = 1; 6404 6405 /* check subdirs */ 6406 #define CHKSUBDIR(name, flag) \ 6407 (void) sm_strlcpyn(subdir, sizeof(subdir), 3, qg->qg_qdir, "/", name); \ 6408 if (chkqdir(subdir, sff)) \ 6409 qg->qg_qpaths[0].qp_subdirs |= flag; \ 6410 else 6411 6412 CHKSUBDIR("qf", QP_SUBQF); 6413 CHKSUBDIR("df", QP_SUBDF); 6414 CHKSUBDIR("xf", QP_SUBXF); 6415 6416 if (qg->qg_qdir[blen - 1] != '\0' && 6417 qg->qg_qdir[blen] != '\0') 6418 { 6419 /* 6420 ** Copy the last component into qpaths and 6421 ** cut off qdir 6422 */ 6423 6424 qg->qg_qpaths[0].qp_name = newstr(qg->qg_qdir + blen); 6425 qg->qg_qdir[blen - 1] = '\0'; 6426 } 6427 else 6428 qg->qg_qpaths[0].qp_name = newstr("."); 6429 6430 #if SM_CONF_SHM 6431 qg->qg_qpaths[0].qp_idx = qn; 6432 *phash = hash_q(qg->qg_qpaths[0].qp_name, *phash); 6433 #endif 6434 ++qn; 6435 } 6436 return qn; 6437 } 6438 6439 /* 6440 ** FILESYS_FIND -- find entry in FileSys table, or add new one 6441 ** 6442 ** Given the pathname of a directory, determine the file system 6443 ** in which that directory resides, and return a pointer to the 6444 ** entry in the FileSys table that describes the file system. 6445 ** A new entry is added if necessary (and requested). 6446 ** If the directory does not exist, -1 is returned. 6447 ** 6448 ** Parameters: 6449 ** name -- name of directory (must be persistent!) 6450 ** path -- pathname of directory (name plus maybe "/df") 6451 ** add -- add to structure if not found. 6452 ** 6453 ** Returns: 6454 ** >=0: found: index in file system table 6455 ** <0: some error, i.e., 6456 ** FSF_TOO_MANY: too many filesystems (-> syserr()) 6457 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr()) 6458 ** FSF_NOT_FOUND: not in list 6459 */ 6460 6461 static short filesys_find __P((const char *, const char *, bool)); 6462 6463 #define FSF_NOT_FOUND (-1) 6464 #define FSF_STAT_FAIL (-2) 6465 #define FSF_TOO_MANY (-3) 6466 6467 static short 6468 filesys_find(name, path, add) 6469 const char *name; 6470 const char *path; 6471 bool add; 6472 { 6473 struct stat st; 6474 short i; 6475 6476 if (stat(path, &st) < 0) 6477 { 6478 syserr("cannot stat queue directory %s", path); 6479 return FSF_STAT_FAIL; 6480 } 6481 for (i = 0; i < NumFileSys; ++i) 6482 { 6483 if (FILE_SYS_DEV(i) == st.st_dev) 6484 { 6485 /* 6486 ** Make sure the file system (FS) name is set: 6487 ** even though the source code indicates that 6488 ** FILE_SYS_DEV() is only set below, it could be 6489 ** set via shared memory, hence we need to perform 6490 ** this check/assignment here. 6491 */ 6492 6493 if (NULL == FILE_SYS_NAME(i)) 6494 FILE_SYS_NAME(i) = name; 6495 return i; 6496 } 6497 } 6498 if (i >= MAXFILESYS) 6499 { 6500 syserr("too many queue file systems (%d max)", MAXFILESYS); 6501 return FSF_TOO_MANY; 6502 } 6503 if (!add) 6504 return FSF_NOT_FOUND; 6505 6506 ++NumFileSys; 6507 FILE_SYS_NAME(i) = name; 6508 FILE_SYS_DEV(i) = st.st_dev; 6509 FILE_SYS_AVAIL(i) = 0; 6510 FILE_SYS_BLKSIZE(i) = 1024; /* avoid divide by zero */ 6511 return i; 6512 } 6513 6514 /* 6515 ** FILESYS_SETUP -- set up mapping from queue directories to file systems 6516 ** 6517 ** This data structure is used to efficiently check the amount of 6518 ** free space available in a set of queue directories. 6519 ** 6520 ** Parameters: 6521 ** add -- initialize structure if necessary. 6522 ** 6523 ** Returns: 6524 ** 0: success 6525 ** <0: some error, i.e., 6526 ** FSF_NOT_FOUND: not in list 6527 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr()) 6528 ** FSF_TOO_MANY: too many filesystems (-> syserr()) 6529 */ 6530 6531 static int filesys_setup __P((bool)); 6532 6533 static int 6534 filesys_setup(add) 6535 bool add; 6536 { 6537 int i, j; 6538 short fs; 6539 int ret; 6540 6541 ret = 0; 6542 for (i = 0; i < NumQueue && Queue[i] != NULL; i++) 6543 { 6544 for (j = 0; j < Queue[i]->qg_numqueues; ++j) 6545 { 6546 QPATHS *qp = &Queue[i]->qg_qpaths[j]; 6547 char qddf[MAXPATHLEN]; 6548 6549 (void) sm_strlcpyn(qddf, sizeof(qddf), 2, qp->qp_name, 6550 (bitset(QP_SUBDF, qp->qp_subdirs) 6551 ? "/df" : "")); 6552 fs = filesys_find(qp->qp_name, qddf, add); 6553 if (fs >= 0) 6554 qp->qp_fsysidx = fs; 6555 else 6556 qp->qp_fsysidx = 0; 6557 if (fs < ret) 6558 ret = fs; 6559 } 6560 } 6561 return ret; 6562 } 6563 6564 /* 6565 ** FILESYS_UPDATE -- update amount of free space on all file systems 6566 ** 6567 ** The FileSys table is used to cache the amount of free space 6568 ** available on all queue directory file systems. 6569 ** This function updates the cached information if it has expired. 6570 ** 6571 ** Parameters: 6572 ** none. 6573 ** 6574 ** Returns: 6575 ** none. 6576 ** 6577 ** Side Effects: 6578 ** Updates FileSys table. 6579 */ 6580 6581 void 6582 filesys_update() 6583 { 6584 int i; 6585 long avail, blksize; 6586 time_t now; 6587 static time_t nextupdate = 0; 6588 6589 #if SM_CONF_SHM 6590 /* 6591 ** Only the daemon updates the shared memory, i.e., 6592 ** if shared memory is available but the pid is not the 6593 ** one of the daemon, then don't do anything. 6594 */ 6595 6596 if (ShmId != SM_SHM_NO_ID && DaemonPid != CurrentPid) 6597 return; 6598 #endif /* SM_CONF_SHM */ 6599 now = curtime(); 6600 if (now < nextupdate) 6601 return; 6602 nextupdate = now + FILESYS_UPDATE_INTERVAL; 6603 for (i = 0; i < NumFileSys; ++i) 6604 { 6605 FILESYS *fs = &FILE_SYS(i); 6606 6607 avail = freediskspace(FILE_SYS_NAME(i), &blksize); 6608 if (avail < 0 || blksize <= 0) 6609 { 6610 if (LogLevel > 5) 6611 sm_syslog(LOG_ERR, NOQID, 6612 "filesys_update failed: %s, fs=%s, avail=%ld, blocksize=%ld", 6613 sm_errstring(errno), 6614 FILE_SYS_NAME(i), avail, blksize); 6615 fs->fs_avail = 0; 6616 fs->fs_blksize = 1024; /* avoid divide by zero */ 6617 nextupdate = now + 2; /* let's do this soon again */ 6618 } 6619 else 6620 { 6621 fs->fs_avail = avail; 6622 fs->fs_blksize = blksize; 6623 } 6624 } 6625 } 6626 6627 #if _FFR_ANY_FREE_FS 6628 /* 6629 ** FILESYS_FREE -- check whether there is at least one fs with enough space. 6630 ** 6631 ** Parameters: 6632 ** fsize -- file size in bytes 6633 ** 6634 ** Returns: 6635 ** true iff there is one fs with more than fsize bytes free. 6636 */ 6637 6638 bool 6639 filesys_free(fsize) 6640 long fsize; 6641 { 6642 int i; 6643 6644 if (fsize <= 0) 6645 return true; 6646 for (i = 0; i < NumFileSys; ++i) 6647 { 6648 long needed = 0; 6649 6650 if (FILE_SYS_AVAIL(i) < 0 || FILE_SYS_BLKSIZE(i) <= 0) 6651 continue; 6652 needed += fsize / FILE_SYS_BLKSIZE(i) 6653 + ((fsize % FILE_SYS_BLKSIZE(i) 6654 > 0) ? 1 : 0) 6655 + MinBlocksFree; 6656 if (needed <= FILE_SYS_AVAIL(i)) 6657 return true; 6658 } 6659 return false; 6660 } 6661 #endif /* _FFR_ANY_FREE_FS */ 6662 6663 /* 6664 ** DISK_STATUS -- show amount of free space in queue directories 6665 ** 6666 ** Parameters: 6667 ** out -- output file pointer. 6668 ** prefix -- string to output in front of each line. 6669 ** 6670 ** Returns: 6671 ** none. 6672 */ 6673 6674 void 6675 disk_status(out, prefix) 6676 SM_FILE_T *out; 6677 char *prefix; 6678 { 6679 int i; 6680 long avail, blksize; 6681 long free; 6682 6683 for (i = 0; i < NumFileSys; ++i) 6684 { 6685 avail = freediskspace(FILE_SYS_NAME(i), &blksize); 6686 if (avail >= 0 && blksize > 0) 6687 { 6688 free = (long)((double) avail * 6689 ((double) blksize / 1024)); 6690 } 6691 else 6692 free = -1; 6693 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, 6694 "%s%d/%s/%ld\r\n", 6695 prefix, i, 6696 FILE_SYS_NAME(i), 6697 free); 6698 } 6699 } 6700 6701 #if SM_CONF_SHM 6702 6703 /* 6704 ** INIT_SEM -- initialize semaphore system 6705 ** 6706 ** Parameters: 6707 ** owner -- is this the owner of semaphores? 6708 ** 6709 ** Returns: 6710 ** none. 6711 */ 6712 6713 # if _FFR_USE_SEM_LOCKING && SM_CONF_SEM 6714 static int SemId = -1; /* Semaphore Id */ 6715 int SemKey = SM_SEM_KEY; 6716 # define SEM_LOCK(r) \ 6717 do \ 6718 { \ 6719 if (SemId >= 0) \ 6720 r = sm_sem_acq(SemId, 0, 1); \ 6721 } while (0) 6722 # define SEM_UNLOCK(r) \ 6723 do \ 6724 { \ 6725 if (SemId >= 0 && r >= 0) \ 6726 r = sm_sem_rel(SemId, 0, 1); \ 6727 } while (0) 6728 # else /* _FFR_USE_SEM_LOCKING && SM_CONF_SEM */ 6729 # define SEM_LOCK(r) 6730 # define SEM_UNLOCK(r) 6731 # endif /* _FFR_USE_SEM_LOCKING && SM_CONF_SEM */ 6732 6733 static void init_sem __P((bool)); 6734 6735 static void 6736 init_sem(owner) 6737 bool owner; 6738 { 6739 # if _FFR_USE_SEM_LOCKING 6740 # if SM_CONF_SEM 6741 SemId = sm_sem_start(SemKey, 1, 0, owner); 6742 if (SemId < 0) 6743 { 6744 sm_syslog(LOG_ERR, NOQID, 6745 "func=init_sem, sem_key=%ld, sm_sem_start=%d, error=%s", 6746 (long) SemKey, SemId, sm_errstring(-SemId)); 6747 return; 6748 } 6749 if (owner && RunAsUid != 0) 6750 { 6751 int r; 6752 6753 r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660); 6754 if (r != 0) 6755 sm_syslog(LOG_ERR, NOQID, 6756 "key=%ld, sm_semsetowner=%d, RunAsUid=%ld, RunAsGid=%ld", 6757 (long) SemKey, r, (long) RunAsUid, (long) RunAsGid); 6758 } 6759 # endif /* SM_CONF_SEM */ 6760 # endif /* _FFR_USE_SEM_LOCKING */ 6761 return; 6762 } 6763 6764 /* 6765 ** STOP_SEM -- stop semaphore system 6766 ** 6767 ** Parameters: 6768 ** owner -- is this the owner of semaphores? 6769 ** 6770 ** Returns: 6771 ** none. 6772 */ 6773 6774 static void stop_sem __P((bool)); 6775 6776 static void 6777 stop_sem(owner) 6778 bool owner; 6779 { 6780 # if _FFR_USE_SEM_LOCKING 6781 # if SM_CONF_SEM 6782 if (owner && SemId >= 0) 6783 sm_sem_stop(SemId); 6784 # endif 6785 # endif /* _FFR_USE_SEM_LOCKING */ 6786 return; 6787 } 6788 6789 # if _FFR_OCC 6790 /* 6791 ** Todo: call occ_close() 6792 ** when closing a connection to decrease #open connections (and rate!) 6793 ** (currently done as hack in deliver()) 6794 ** must also be done if connection couldn't be opened (see daemon.c: OCC_CLOSE) 6795 */ 6796 6797 /* 6798 ** OCC_EXCEEDED -- is an outgoing connection limit exceeded? 6799 ** 6800 ** Parameters: 6801 ** e -- envelope 6802 ** mci -- mail connection information 6803 ** host -- name of host 6804 ** addr -- address of host 6805 ** 6806 ** Returns: 6807 ** true iff an outgoing connection limit is exceeded 6808 */ 6809 6810 bool 6811 occ_exceeded(e, mci, host, addr) 6812 ENVELOPE *e; 6813 MCI *mci; 6814 const char *host; 6815 SOCKADDR *addr; 6816 { 6817 time_t now; 6818 bool exc; 6819 int r, ratelimit, conclimit; 6820 char *limit; /* allocated from e_rpool by rscheck(), no need to free() */ 6821 6822 /* if necessary, some error checking for a number could be done here */ 6823 #define STR2INT(r, limit, val) \ 6824 do \ 6825 { \ 6826 if ((r) == EX_OK && (limit) != NULL) \ 6827 (val) = atoi((limit)); \ 6828 } while (0); 6829 6830 if (occ == NULL || e == NULL) 6831 return false; 6832 ratelimit = conclimit = 0; 6833 limit = NULL; 6834 r = rscheck("oc_rate", host, anynet_ntoa(addr), e, RSF_ADDR, 6835 12, NULL, NOQID, NULL, &limit); 6836 STR2INT(r, limit, ratelimit); 6837 limit = NULL; 6838 r = rscheck("oc_conc", host, anynet_ntoa(addr), e, RSF_ADDR, 6839 12, NULL, NOQID, NULL, &limit); 6840 STR2INT(r, limit, conclimit); 6841 now = curtime(); 6842 6843 /* lock occ: lock entire shared memory segment */ 6844 SEM_LOCK(r); 6845 exc = (bool) conn_limits(e, now, addr, SM_CLFL_EXC, occ, ratelimit, 6846 conclimit); 6847 SEM_UNLOCK(r); 6848 if (!exc && mci != NULL) 6849 mci->mci_flags |= MCIF_OCC_INCR; 6850 return exc; 6851 } 6852 6853 /* 6854 ** OCC_CLOSE -- "close" an outgoing connection: update connection status 6855 ** 6856 ** Parameters: 6857 ** e -- envelope 6858 ** mci -- mail connection information 6859 ** host -- name of host 6860 ** addr -- address of host 6861 ** 6862 ** Returns: 6863 ** true after successful update 6864 */ 6865 6866 bool 6867 occ_close(e, mci, host, addr) 6868 ENVELOPE *e; 6869 MCI *mci; 6870 const char *host; 6871 SOCKADDR *addr; 6872 { 6873 time_t now; 6874 # if _FFR_USE_SEM_LOCKING && SM_CONF_SEM 6875 int r; 6876 # endif 6877 6878 if (occ == NULL || e == NULL) 6879 return false; 6880 if (mci == NULL || mci->mci_state == MCIS_CLOSED || 6881 bitset(MCIF_CACHED, mci->mci_flags) || 6882 !bitset(MCIF_OCC_INCR, mci->mci_flags)) 6883 return false; 6884 mci->mci_flags &= ~MCIF_OCC_INCR; 6885 6886 now = curtime(); 6887 6888 /* lock occ: lock entire shared memory segment */ 6889 SEM_LOCK(r); 6890 (void) conn_limits(e, now, addr, SM_CLFL_EXC, occ, -1, -1); 6891 SEM_UNLOCK(r); 6892 return true; 6893 } 6894 # endif /* _FFR_OCC */ 6895 6896 /* 6897 ** UPD_QS -- update information about queue when adding/deleting an entry 6898 ** 6899 ** Parameters: 6900 ** e -- envelope. 6901 ** count -- add/remove entry (+1/0/-1: add/no change/remove) 6902 ** space -- update the space available as well. 6903 ** (>0/0/<0: add/no change/remove) 6904 ** where -- caller (for logging) 6905 ** 6906 ** Returns: 6907 ** none. 6908 ** 6909 ** Side Effects: 6910 ** Modifies available space in filesystem. 6911 ** Changes number of entries in queue directory. 6912 */ 6913 6914 void 6915 upd_qs(e, count, space, where) 6916 ENVELOPE *e; 6917 int count; 6918 int space; 6919 char *where; 6920 { 6921 short fidx; 6922 int idx; 6923 # if _FFR_USE_SEM_LOCKING 6924 int r; 6925 # endif 6926 long s; 6927 6928 if (ShmId == SM_SHM_NO_ID || e == NULL) 6929 return; 6930 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR) 6931 return; 6932 idx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_idx; 6933 if (tTd(73,2)) 6934 sm_dprintf("func=upd_qs, count=%d, space=%d, where=%s, idx=%d, entries=%d\n", 6935 count, space, where, idx, QSHM_ENTRIES(idx)); 6936 6937 /* XXX in theory this needs to be protected with a mutex */ 6938 if (QSHM_ENTRIES(idx) >= 0 && count != 0) 6939 { 6940 SEM_LOCK(r); 6941 QSHM_ENTRIES(idx) += count; 6942 SEM_UNLOCK(r); 6943 } 6944 6945 fidx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_fsysidx; 6946 if (fidx < 0) 6947 return; 6948 6949 /* update available space also? (might be loseqfile) */ 6950 if (space == 0) 6951 return; 6952 6953 /* convert size to blocks; this causes rounding errors */ 6954 s = e->e_msgsize / FILE_SYS_BLKSIZE(fidx); 6955 if (s == 0) 6956 return; 6957 6958 /* XXX in theory this needs to be protected with a mutex */ 6959 if (space > 0) 6960 FILE_SYS_AVAIL(fidx) += s; 6961 else 6962 FILE_SYS_AVAIL(fidx) -= s; 6963 6964 } 6965 6966 static bool write_key_file __P((char *, long)); 6967 static long read_key_file __P((char *, long)); 6968 6969 /* 6970 ** WRITE_KEY_FILE -- record some key into a file. 6971 ** 6972 ** Parameters: 6973 ** keypath -- file name. 6974 ** key -- key to write. 6975 ** 6976 ** Returns: 6977 ** true iff file could be written. 6978 ** 6979 ** Side Effects: 6980 ** writes file. 6981 */ 6982 6983 static bool 6984 write_key_file(keypath, key) 6985 char *keypath; 6986 long key; 6987 { 6988 bool ok; 6989 long sff; 6990 SM_FILE_T *keyf; 6991 6992 ok = false; 6993 if (SM_IS_EMPTY(keypath)) 6994 return ok; 6995 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT; 6996 if (TrustedUid != 0 && RealUid == TrustedUid) 6997 sff |= SFF_OPENASROOT; 6998 keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff); 6999 if (keyf == NULL) 7000 { 7001 sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s", 7002 keypath, sm_errstring(errno)); 7003 } 7004 else 7005 { 7006 if (geteuid() == 0 && RunAsUid != 0) 7007 { 7008 # if HASFCHOWN 7009 int fd; 7010 7011 fd = keyf->f_file; 7012 if (fd >= 0 && fchown(fd, RunAsUid, -1) < 0) 7013 { 7014 int err = errno; 7015 7016 sm_syslog(LOG_ALERT, NOQID, 7017 "ownership change on %s to %ld failed: %s", 7018 keypath, (long) RunAsUid, sm_errstring(err)); 7019 } 7020 # endif /* HASFCHOWN */ 7021 } 7022 ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) != 7023 SM_IO_EOF; 7024 ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok; 7025 } 7026 return ok; 7027 } 7028 7029 /* 7030 ** READ_KEY_FILE -- read a key from a file. 7031 ** 7032 ** Parameters: 7033 ** keypath -- file name. 7034 ** key -- default key. 7035 ** 7036 ** Returns: 7037 ** key. 7038 */ 7039 7040 static long 7041 read_key_file(keypath, key) 7042 char *keypath; 7043 long key; 7044 { 7045 int r; 7046 long sff, n; 7047 SM_FILE_T *keyf; 7048 7049 if (SM_IS_EMPTY(keypath)) 7050 return key; 7051 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY; 7052 if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid)) 7053 sff |= SFF_OPENASROOT; 7054 keyf = safefopen(keypath, O_RDONLY, FileMode, sff); 7055 if (keyf == NULL) 7056 { 7057 sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s", 7058 keypath, sm_errstring(errno)); 7059 } 7060 else 7061 { 7062 r = sm_io_fscanf(keyf, SM_TIME_DEFAULT, "%ld", &n); 7063 if (r == 1) 7064 key = n; 7065 (void) sm_io_close(keyf, SM_TIME_DEFAULT); 7066 } 7067 return key; 7068 } 7069 7070 /* 7071 ** INIT_SHM -- initialize shared memory structure 7072 ** 7073 ** Initialize or attach to shared memory segment. 7074 ** Currently it is not a fatal error if this doesn't work. 7075 ** However, it causes us to have a "fallback" storage location 7076 ** for everything that is supposed to be in the shared memory, 7077 ** which makes the code slightly ugly. 7078 ** 7079 ** Parameters: 7080 ** qn -- number of queue directories. 7081 ** owner -- owner of shared memory. 7082 ** hash -- identifies data that is stored in shared memory. 7083 ** 7084 ** Returns: 7085 ** none. 7086 */ 7087 7088 static void init_shm __P((int, bool, unsigned int)); 7089 7090 static void 7091 init_shm(qn, owner, hash) 7092 int qn; 7093 bool owner; 7094 unsigned int hash; 7095 { 7096 int i; 7097 int count; 7098 int save_errno; 7099 bool keyselect; 7100 7101 PtrFileSys = &FileSys[0]; 7102 PNumFileSys = &Numfilesys; 7103 /* if this "key" is specified: select one yourself */ 7104 #define SEL_SHM_KEY ((key_t) -1) 7105 #define FIRST_SHM_KEY 25 7106 7107 /* This allows us to disable shared memory at runtime. */ 7108 if (ShmKey == 0) 7109 return; 7110 7111 count = 0; 7112 shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T); 7113 keyselect = ShmKey == SEL_SHM_KEY; 7114 if (keyselect) 7115 { 7116 if (owner) 7117 ShmKey = FIRST_SHM_KEY; 7118 else 7119 { 7120 errno = 0; 7121 ShmKey = read_key_file(ShmKeyFile, ShmKey); 7122 keyselect = false; 7123 if (ShmKey == SEL_SHM_KEY) 7124 { 7125 save_errno = (errno != 0) ? errno : EINVAL; 7126 goto error; 7127 } 7128 } 7129 } 7130 for (;;) 7131 { 7132 /* allow read/write access for group? */ 7133 Pshm = sm_shmstart(ShmKey, shms, 7134 SHM_R|SHM_W|(SHM_R>>3)|(SHM_W>>3), 7135 &ShmId, owner); 7136 save_errno = errno; 7137 if (Pshm != NULL || !sm_file_exists(save_errno)) 7138 break; 7139 if (++count >= 3) 7140 { 7141 if (keyselect) 7142 { 7143 ++ShmKey; 7144 7145 /* back where we started? */ 7146 if (ShmKey == SEL_SHM_KEY) 7147 break; 7148 continue; 7149 } 7150 break; 7151 } 7152 7153 /* only sleep if we are at the first key */ 7154 if (!keyselect || ShmKey == SEL_SHM_KEY) 7155 sleep(count); 7156 } 7157 if (Pshm != NULL) 7158 { 7159 int *p; 7160 7161 if (keyselect) 7162 (void) write_key_file(ShmKeyFile, (long) ShmKey); 7163 if (owner && RunAsUid != 0) 7164 { 7165 i = sm_shmsetowner(ShmId, RunAsUid, RunAsGid, 0660); 7166 if (i != 0) 7167 sm_syslog(LOG_ERR, NOQID, 7168 "key=%ld, sm_shmsetowner=%d, RunAsUid=%ld, RunAsGid=%ld", 7169 (long) ShmKey, i, (long) RunAsUid, (long) RunAsGid); 7170 } 7171 p = (int *) Pshm; 7172 if (owner) 7173 { 7174 *p = (int) shms; 7175 *((pid_t *) SHM_OFF_PID(Pshm)) = CurrentPid; 7176 p = (int *) SHM_OFF_TAG(Pshm); 7177 *p = hash; 7178 } 7179 else 7180 { 7181 if (*p != (int) shms) 7182 { 7183 save_errno = EINVAL; 7184 cleanup_shm(false); 7185 goto error; 7186 } 7187 p = (int *) SHM_OFF_TAG(Pshm); 7188 if (*p != (int) hash) 7189 { 7190 save_errno = EINVAL; 7191 cleanup_shm(false); 7192 goto error; 7193 } 7194 7195 /* 7196 ** XXX how to check the pid? 7197 ** Read it from the pid-file? That does 7198 ** not need to exist. 7199 ** We could disable shm if we can't confirm 7200 ** that it is the right one. 7201 */ 7202 } 7203 7204 PtrFileSys = (FILESYS *) OFF_FILE_SYS(Pshm); 7205 PNumFileSys = (int *) OFF_NUM_FILE_SYS(Pshm); 7206 QShm = (QUEUE_SHM_T *) OFF_QUEUE_SHM(Pshm); 7207 PRSATmpCnt = (int *) OFF_RSA_TMP_CNT(Pshm); 7208 *PRSATmpCnt = 0; 7209 # if _FFR_OCC 7210 occ = (CHash_T *) OFF_OCC_SHM(Pshm); 7211 # endif 7212 if (owner) 7213 { 7214 /* initialize values in shared memory */ 7215 NumFileSys = 0; 7216 for (i = 0; i < qn; i++) 7217 QShm[i].qs_entries = -1; 7218 # if _FFR_OCC 7219 memset(occ, 0, OCC_SIZE); 7220 # endif 7221 } 7222 init_sem(owner); 7223 return; 7224 } 7225 error: 7226 if (LogLevel > (owner ? 8 : 11)) 7227 { 7228 sm_syslog(owner ? LOG_ERR : LOG_NOTICE, NOQID, 7229 "can't %s shared memory, key=%ld: %s", 7230 owner ? "initialize" : "attach to", 7231 (long) ShmKey, sm_errstring(save_errno)); 7232 } 7233 } 7234 #endif /* SM_CONF_SHM */ 7235 7236 7237 /* 7238 ** SETUP_QUEUES -- set up all queue groups 7239 ** 7240 ** Parameters: 7241 ** owner -- owner of shared memory? 7242 ** 7243 ** Returns: 7244 ** none. 7245 ** 7246 #if SM_CONF_SHM 7247 ** Side Effects: 7248 ** attaches shared memory. 7249 #endif * SM_CONF_SHM * 7250 */ 7251 7252 void 7253 setup_queues(owner) 7254 bool owner; 7255 { 7256 int i, qn, len; 7257 unsigned int hashval; 7258 time_t now; 7259 char basedir[MAXPATHLEN]; 7260 struct stat st; 7261 7262 /* 7263 ** Determine basedir for all queue directories. 7264 ** All queue directories must be (first level) subdirectories 7265 ** of the basedir. The basedir is the QueueDir 7266 ** without wildcards, but with trailing / 7267 */ 7268 7269 hashval = 0; 7270 errno = 0; 7271 len = sm_strlcpy(basedir, QueueDir, sizeof(basedir)); 7272 7273 /* Provide space for trailing '/' */ 7274 if (len >= sizeof(basedir) - 1) 7275 { 7276 syserr("QueueDirectory: path too long: %d, max %d", 7277 len, (int) sizeof(basedir) - 1); 7278 ExitStat = EX_CONFIG; 7279 return; 7280 } 7281 SM_ASSERT(len > 0); 7282 if (basedir[len - 1] == '*') 7283 { 7284 char *cp; 7285 7286 cp = SM_LAST_DIR_DELIM(basedir); 7287 if (cp == NULL) 7288 { 7289 syserr("QueueDirectory: can not wildcard relative path \"%s\"", 7290 QueueDir); 7291 if (tTd(41, 2)) 7292 sm_dprintf("setup_queues: \"%s\": Can not wildcard relative path.\n", 7293 QueueDir); 7294 ExitStat = EX_CONFIG; 7295 return; 7296 } 7297 7298 /* cut off wildcard pattern */ 7299 *++cp = '\0'; 7300 len = cp - basedir; 7301 } 7302 else if (!SM_IS_DIR_DELIM(basedir[len - 1])) 7303 { 7304 /* append trailing slash since it is a directory */ 7305 basedir[len] = '/'; 7306 basedir[++len] = '\0'; 7307 } 7308 7309 /* len counts up to the last directory delimiter */ 7310 SM_ASSERT(basedir[len - 1] == '/'); 7311 7312 if (chdir(basedir) < 0) 7313 { 7314 int save_errno = errno; 7315 7316 syserr("can not chdir(%s)", basedir); 7317 if (save_errno == EACCES) 7318 (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, 7319 "Program mode requires special privileges, e.g., root or TrustedUser.\n"); 7320 if (tTd(41, 2)) 7321 sm_dprintf("setup_queues: \"%s\": %s\n", 7322 basedir, sm_errstring(errno)); 7323 ExitStat = EX_CONFIG; 7324 return; 7325 } 7326 #if SM_CONF_SHM 7327 hashval = hash_q(basedir, hashval); 7328 #endif 7329 7330 /* initialize for queue runs */ 7331 DoQueueRun = false; 7332 now = curtime(); 7333 for (i = 0; i < NumQueue && Queue[i] != NULL; i++) 7334 Queue[i]->qg_nextrun = now; 7335 7336 7337 if (UseMSP && OpMode != MD_TEST) 7338 { 7339 long sff = SFF_CREAT; 7340 7341 if (stat(".", &st) < 0) 7342 { 7343 syserr("can not stat(%s)", basedir); 7344 if (tTd(41, 2)) 7345 sm_dprintf("setup_queues: \"%s\": %s\n", 7346 basedir, sm_errstring(errno)); 7347 ExitStat = EX_CONFIG; 7348 return; 7349 } 7350 if (RunAsUid == 0) 7351 sff |= SFF_ROOTOK; 7352 7353 /* 7354 ** Check queue directory permissions. 7355 ** Can we write to a group writable queue directory? 7356 */ 7357 7358 if (bitset(S_IWGRP, QueueFileMode) && 7359 bitset(S_IWGRP, st.st_mode) && 7360 safefile(" ", RunAsUid, RunAsGid, RunAsUserName, sff, 7361 QueueFileMode, NULL) != 0) 7362 { 7363 syserr("can not write to queue directory %s (RunAsGid=%ld, required=%ld)", 7364 basedir, (long) RunAsGid, (long) st.st_gid); 7365 } 7366 if (bitset(S_IWOTH|S_IXOTH, st.st_mode)) 7367 { 7368 #if _FFR_MSP_PARANOIA 7369 syserr("dangerous permissions=%o on queue directory %s", 7370 (unsigned int) st.st_mode, basedir); 7371 #else 7372 if (LogLevel > 0) 7373 sm_syslog(LOG_ERR, NOQID, 7374 "dangerous permissions=%o on queue directory %s", 7375 (unsigned int) st.st_mode, basedir); 7376 #endif /* _FFR_MSP_PARANOIA */ 7377 } 7378 #if _FFR_MSP_PARANOIA 7379 if (NumQueue > 1) 7380 syserr("can not use multiple queues for MSP"); 7381 #endif 7382 } 7383 7384 /* initial number of queue directories */ 7385 qn = 0; 7386 for (i = 0; i < NumQueue && Queue[i] != NULL; i++) 7387 qn = multiqueue_cache(basedir, len, Queue[i], qn, &hashval); 7388 7389 #if SM_CONF_SHM 7390 init_shm(qn, owner, hashval); 7391 i = filesys_setup(owner || ShmId == SM_SHM_NO_ID); 7392 if (i == FSF_NOT_FOUND) 7393 { 7394 /* 7395 ** We didn't get the right filesystem data 7396 ** This may happen if we don't have the right shared memory. 7397 ** So let's do this without shared memory. 7398 */ 7399 7400 SM_ASSERT(!owner); 7401 cleanup_shm(false); /* release shared memory */ 7402 i = filesys_setup(false); 7403 if (i < 0) 7404 syserr("filesys_setup failed twice, result=%d", i); 7405 else if (LogLevel > 8) 7406 sm_syslog(LOG_WARNING, NOQID, 7407 "shared memory does not contain expected data, ignored"); 7408 } 7409 #else /* SM_CONF_SHM */ 7410 i = filesys_setup(true); 7411 #endif /* SM_CONF_SHM */ 7412 if (i < 0) 7413 ExitStat = EX_CONFIG; 7414 } 7415 7416 #if SM_CONF_SHM 7417 /* 7418 ** CLEANUP_SHM -- do some cleanup work for shared memory etc 7419 ** 7420 ** Parameters: 7421 ** owner -- owner of shared memory? 7422 ** 7423 ** Returns: 7424 ** none. 7425 ** 7426 ** Side Effects: 7427 ** detaches shared memory. 7428 */ 7429 7430 void 7431 cleanup_shm(owner) 7432 bool owner; 7433 { 7434 if (ShmId != SM_SHM_NO_ID) 7435 { 7436 if (sm_shmstop(Pshm, ShmId, owner) < 0 && LogLevel > 8) 7437 sm_syslog(LOG_INFO, NOQID, "sm_shmstop failed=%s", 7438 sm_errstring(errno)); 7439 Pshm = NULL; 7440 ShmId = SM_SHM_NO_ID; 7441 } 7442 stop_sem(owner); 7443 } 7444 #endif /* SM_CONF_SHM */ 7445 7446 /* 7447 ** CLEANUP_QUEUES -- do some cleanup work for queues 7448 ** 7449 ** Parameters: 7450 ** none. 7451 ** 7452 ** Returns: 7453 ** none. 7454 ** 7455 */ 7456 7457 void 7458 cleanup_queues() 7459 { 7460 sync_queue_time(); 7461 } 7462 /* 7463 ** SET_DEF_QUEUEVAL -- set default values for a queue group. 7464 ** 7465 ** Parameters: 7466 ** qg -- queue group 7467 ** all -- set all values (true for default group)? 7468 ** 7469 ** Returns: 7470 ** none. 7471 ** 7472 ** Side Effects: 7473 ** sets default values for the queue group. 7474 */ 7475 7476 void 7477 set_def_queueval(qg, all) 7478 QUEUEGRP *qg; 7479 bool all; 7480 { 7481 if (bitnset(QD_DEFINED, qg->qg_flags)) 7482 return; 7483 if (all) 7484 qg->qg_qdir = QueueDir; 7485 #if _FFR_QUEUE_GROUP_SORTORDER 7486 qg->qg_sortorder = QueueSortOrder; 7487 #endif 7488 qg->qg_maxqrun = all ? MaxRunnersPerQueue : -1; 7489 qg->qg_nice = NiceQueueRun; 7490 } 7491 /* 7492 ** MAKEQUEUE -- define a new queue. 7493 ** 7494 ** Parameters: 7495 ** line -- description of queue. This is in labeled fields. 7496 ** The fields are: 7497 ** F -- the flags associated with the queue 7498 ** I -- the interval between running the queue 7499 ** J -- the maximum # of jobs in work list 7500 ** [M -- the maximum # of jobs in a queue run] 7501 ** N -- the niceness at which to run 7502 ** P -- the path to the queue 7503 ** S -- the queue sorting order 7504 ** R -- number of parallel queue runners 7505 ** r -- max recipients per envelope 7506 ** The first word is the canonical name of the queue. 7507 ** qdef -- this is a 'Q' definition from .cf 7508 ** 7509 ** Returns: 7510 ** none. 7511 ** 7512 ** Side Effects: 7513 ** enters the queue into the queue table. 7514 */ 7515 7516 void 7517 makequeue(line, qdef) 7518 char *line; 7519 bool qdef; 7520 { 7521 register char *p; 7522 register QUEUEGRP *qg; 7523 register STAB *s; 7524 int i; 7525 char fcode; 7526 7527 /* allocate a queue and set up defaults */ 7528 qg = (QUEUEGRP *) xalloc(sizeof(*qg)); 7529 memset((char *) qg, '\0', sizeof(*qg)); 7530 7531 if (line[0] == '\0') 7532 { 7533 syserr("name required for queue"); 7534 return; 7535 } 7536 7537 /* collect the queue name */ 7538 for (p = line; 7539 *p != '\0' && *p != ',' && !(SM_ISSPACE(*p)); 7540 p++) 7541 continue; 7542 if (*p != '\0') 7543 *p++ = '\0'; 7544 qg->qg_name = newstr(line); 7545 7546 /* set default values, can be overridden below */ 7547 set_def_queueval(qg, false); 7548 7549 /* now scan through and assign info from the fields */ 7550 while (*p != '\0') 7551 { 7552 auto char *delimptr; 7553 7554 while (*p != '\0' && (*p == ',' || (SM_ISSPACE(*p)))) 7555 p++; 7556 7557 /* p now points to field code */ 7558 fcode = *p; 7559 while (*p != '\0' && *p != '=' && *p != ',') 7560 p++; 7561 if (*p++ != '=') 7562 { 7563 syserr("queue %s: `=' expected", qg->qg_name); 7564 return; 7565 } 7566 while (SM_ISSPACE(*p)) 7567 p++; 7568 7569 /* p now points to the field body */ 7570 p = munchstring(p, &delimptr, ','); 7571 7572 /* install the field into the queue struct */ 7573 switch (fcode) 7574 { 7575 case 'P': /* pathname */ 7576 if (*p == '\0') 7577 syserr("queue %s: empty path name", 7578 qg->qg_name); 7579 else 7580 qg->qg_qdir = newstr(p); 7581 break; 7582 7583 case 'F': /* flags */ 7584 for (; *p != '\0'; p++) 7585 if (!(SM_ISSPACE(*p))) 7586 setbitn(*p, qg->qg_flags); 7587 break; 7588 7589 /* 7590 ** Do we need two intervals here: 7591 ** One for persistent queue runners, 7592 ** one for "normal" queue runs? 7593 */ 7594 7595 case 'I': /* interval between running the queue */ 7596 qg->qg_queueintvl = convtime(p, 'm'); 7597 break; 7598 7599 case 'N': /* run niceness */ 7600 qg->qg_nice = atoi(p); 7601 break; 7602 7603 case 'R': /* maximum # of runners for the group */ 7604 i = atoi(p); 7605 7606 /* can't have more runners than allowed total */ 7607 if (MaxQueueChildren > 0 && i > MaxQueueChildren) 7608 { 7609 qg->qg_maxqrun = MaxQueueChildren; 7610 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 7611 "Q=%s: R=%d exceeds MaxQueueChildren=%d, set to MaxQueueChildren\n", 7612 qg->qg_name, i, 7613 MaxQueueChildren); 7614 } 7615 else 7616 qg->qg_maxqrun = i; 7617 break; 7618 7619 case 'J': /* maximum # of jobs in work list */ 7620 qg->qg_maxlist = atoi(p); 7621 break; 7622 7623 case 'r': /* max recipients per envelope */ 7624 qg->qg_maxrcpt = atoi(p); 7625 break; 7626 7627 #if _FFR_QUEUE_GROUP_SORTORDER 7628 case 'S': /* queue sorting order */ 7629 switch (*p) 7630 { 7631 case 'h': /* Host first */ 7632 case 'H': 7633 qg->qg_sortorder = QSO_BYHOST; 7634 break; 7635 7636 case 'p': /* Priority order */ 7637 case 'P': 7638 qg->qg_sortorder = QSO_BYPRIORITY; 7639 break; 7640 7641 case 't': /* Submission time */ 7642 case 'T': 7643 qg->qg_sortorder = QSO_BYTIME; 7644 break; 7645 7646 case 'f': /* File name */ 7647 case 'F': 7648 qg->qg_sortorder = QSO_BYFILENAME; 7649 break; 7650 7651 case 'm': /* Modification time */ 7652 case 'M': 7653 qg->qg_sortorder = QSO_BYMODTIME; 7654 break; 7655 7656 case 'r': /* Random */ 7657 case 'R': 7658 qg->qg_sortorder = QSO_RANDOM; 7659 break; 7660 7661 # if _FFR_RHS 7662 case 's': /* Shuffled host name */ 7663 case 'S': 7664 qg->qg_sortorder = QSO_BYSHUFFLE; 7665 break; 7666 # endif /* _FFR_RHS */ 7667 7668 case 'n': /* none */ 7669 case 'N': 7670 qg->qg_sortorder = QSO_NONE; 7671 break; 7672 7673 default: 7674 syserr("Invalid queue sort order \"%s\"", p); 7675 } 7676 break; 7677 #endif /* _FFR_QUEUE_GROUP_SORTORDER */ 7678 7679 default: 7680 syserr("Q%s: unknown queue equate %c=", 7681 qg->qg_name, fcode); 7682 break; 7683 } 7684 7685 p = delimptr; 7686 } 7687 7688 #if !HASNICE 7689 if (qg->qg_nice != NiceQueueRun) 7690 { 7691 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 7692 "Q%s: Warning: N= set on system that doesn't support nice()\n", 7693 qg->qg_name); 7694 } 7695 #endif /* !HASNICE */ 7696 7697 /* do some rationality checking */ 7698 if (NumQueue >= MAXQUEUEGROUPS) 7699 { 7700 syserr("too many queue groups defined (%d max)", 7701 MAXQUEUEGROUPS); 7702 return; 7703 } 7704 7705 if (qg->qg_qdir == NULL) 7706 { 7707 if (SM_IS_EMPTY(QueueDir)) 7708 { 7709 syserr("QueueDir must be defined before queue groups"); 7710 return; 7711 } 7712 qg->qg_qdir = newstr(QueueDir); 7713 } 7714 7715 if (qg->qg_maxqrun > 1 && !bitnset(QD_FORK, qg->qg_flags)) 7716 { 7717 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 7718 "Warning: Q=%s: R=%d: multiple queue runners specified\n\tbut flag '%c' is not set\n", 7719 qg->qg_name, qg->qg_maxqrun, QD_FORK); 7720 } 7721 7722 /* enter the queue into the symbol table */ 7723 if (tTd(37, 8)) 7724 sm_syslog(LOG_INFO, NOQID, 7725 "Adding %s to stab, path: %s", qg->qg_name, 7726 qg->qg_qdir); 7727 s = stab(qg->qg_name, ST_QUEUE, ST_ENTER); 7728 if (s->s_quegrp != NULL) 7729 { 7730 i = s->s_quegrp->qg_index; 7731 7732 /* XXX what about the pointers inside this struct? */ 7733 sm_free(s->s_quegrp); /* XXX */ 7734 } 7735 else 7736 i = NumQueue++; 7737 Queue[i] = s->s_quegrp = qg; 7738 qg->qg_index = i; 7739 7740 /* set default value for max queue runners */ 7741 if (qg->qg_maxqrun < 0) 7742 { 7743 if (MaxRunnersPerQueue > 0) 7744 qg->qg_maxqrun = MaxRunnersPerQueue; 7745 else 7746 qg->qg_maxqrun = 1; 7747 } 7748 if (qdef) 7749 setbitn(QD_DEFINED, qg->qg_flags); 7750 } 7751 #if 0 7752 /* 7753 ** HASHFQN -- calculate a hash value for a fully qualified host name 7754 ** 7755 ** Arguments: 7756 ** fqn -- an all lower-case host.domain string 7757 ** buckets -- the number of buckets (queue directories) 7758 ** 7759 ** Returns: 7760 ** a bucket number (signed integer) 7761 ** -1 on error 7762 ** 7763 ** Contributed by Exactis.com, Inc. 7764 */ 7765 7766 int 7767 hashfqn(fqn, buckets) 7768 register char *fqn; 7769 int buckets; 7770 { 7771 register char *p; 7772 register int h = 0, hash, cnt; 7773 7774 if (fqn == NULL) 7775 return -1; 7776 7777 /* 7778 ** A variation on the gdb hash 7779 ** This is the best as of Feb 19, 1996 --bcx 7780 */ 7781 7782 p = fqn; 7783 h = 0x238F13AF * strlen(p); 7784 for (cnt = 0; *p != 0; ++p, cnt++) 7785 { 7786 h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF; 7787 } 7788 h = (1103515243 * h + 12345) & 0x7FFFFFFF; 7789 if (buckets < 2) 7790 hash = 0; 7791 else 7792 hash = (h % buckets); 7793 7794 return hash; 7795 } 7796 #endif /* 0 */ 7797 7798 /* 7799 ** A structure for sorting Queue according to maxqrun without 7800 ** screwing up Queue itself. 7801 */ 7802 7803 struct sortqgrp 7804 { 7805 int sg_idx; /* original index */ 7806 int sg_maxqrun; /* max queue runners */ 7807 }; 7808 typedef struct sortqgrp SORTQGRP_T; 7809 static int cmpidx __P((const void *, const void *)); 7810 7811 static int 7812 cmpidx(a, b) 7813 const void *a; 7814 const void *b; 7815 { 7816 /* The sort is highest to lowest, so the comparison is reversed */ 7817 if (((SORTQGRP_T *)a)->sg_maxqrun < ((SORTQGRP_T *)b)->sg_maxqrun) 7818 return 1; 7819 else if (((SORTQGRP_T *)a)->sg_maxqrun > ((SORTQGRP_T *)b)->sg_maxqrun) 7820 return -1; 7821 else 7822 return 0; 7823 } 7824 7825 /* 7826 ** MAKEWORKGROUPS -- balance queue groups into work groups per MaxQueueChildren 7827 ** 7828 ** Take the now defined queue groups and assign them to work groups. 7829 ** This is done to balance out the number of concurrently active 7830 ** queue runners such that MaxQueueChildren is not exceeded. This may 7831 ** result in more than one queue group per work group. In such a case 7832 ** the number of running queue groups in that work group will have no 7833 ** more than the work group maximum number of runners (a "fair" portion 7834 ** of MaxQueueRun). All queue groups within a work group will get a 7835 ** chance at running. 7836 ** 7837 ** Parameters: 7838 ** none. 7839 ** 7840 ** Returns: 7841 ** nothing. 7842 ** 7843 ** Side Effects: 7844 ** Sets up WorkGrp structure. 7845 */ 7846 7847 void 7848 makeworkgroups() 7849 { 7850 int i, j, total_runners, dir, h; 7851 SORTQGRP_T si[MAXQUEUEGROUPS + 1]; 7852 7853 total_runners = 0; 7854 if (NumQueue == 1 && strcmp(Queue[0]->qg_name, "mqueue") == 0) 7855 { 7856 /* 7857 ** There is only the "mqueue" queue group (a default) 7858 ** containing all of the queues. We want to provide to 7859 ** this queue group the maximum allowable queue runners. 7860 ** To match older behavior (8.10/8.11) we'll try for 7861 ** 1 runner per queue capping it at MaxQueueChildren. 7862 ** So if there are N queues, then there will be N runners 7863 ** for the "mqueue" queue group (where N is kept less than 7864 ** MaxQueueChildren). 7865 */ 7866 7867 NumWorkGroups = 1; 7868 WorkGrp[0].wg_numqgrp = 1; 7869 WorkGrp[0].wg_qgs = (QUEUEGRP **) xalloc(sizeof(QUEUEGRP *)); 7870 WorkGrp[0].wg_qgs[0] = Queue[0]; 7871 if (MaxQueueChildren > 0 && 7872 Queue[0]->qg_numqueues > MaxQueueChildren) 7873 WorkGrp[0].wg_runners = MaxQueueChildren; 7874 else 7875 WorkGrp[0].wg_runners = Queue[0]->qg_numqueues; 7876 7877 Queue[0]->qg_wgrp = 0; 7878 7879 /* can't have more runners than allowed total */ 7880 if (MaxQueueChildren > 0 && 7881 Queue[0]->qg_maxqrun > MaxQueueChildren) 7882 Queue[0]->qg_maxqrun = MaxQueueChildren; 7883 WorkGrp[0].wg_maxact = Queue[0]->qg_maxqrun; 7884 WorkGrp[0].wg_lowqintvl = Queue[0]->qg_queueintvl; 7885 return; 7886 } 7887 7888 for (i = 0; i < NumQueue; i++) 7889 { 7890 si[i].sg_maxqrun = Queue[i]->qg_maxqrun; 7891 si[i].sg_idx = i; 7892 7893 /* Hack to make sure BounceQueue ends up last */ 7894 if (IS_BOUNCE_QUEUE(i)) 7895 si[i].sg_maxqrun = INT_MIN; 7896 } 7897 qsort(si, NumQueue, sizeof(si[0]), cmpidx); 7898 7899 NumWorkGroups = 0; 7900 for (i = 0; i < NumQueue; i++) 7901 { 7902 SKIP_BOUNCE_QUEUE(i) 7903 total_runners += si[i].sg_maxqrun; 7904 if (MaxQueueChildren <= 0 || total_runners <= MaxQueueChildren) 7905 NumWorkGroups++; 7906 else 7907 break; 7908 } 7909 7910 if (NumWorkGroups < 1) 7911 NumWorkGroups = 1; /* gotta have one at least */ 7912 else if (NumWorkGroups > MAXWORKGROUPS) 7913 NumWorkGroups = MAXWORKGROUPS; /* the limit */ 7914 7915 /* 7916 ** We now know the number of work groups to pack the queue groups 7917 ** into. The queue groups in 'Queue' are sorted from highest 7918 ** to lowest for the number of runners per queue group. 7919 ** We put the queue groups with the largest number of runners 7920 ** into work groups first. Then the smaller ones are fitted in 7921 ** where it looks best. 7922 */ 7923 7924 j = 0; 7925 dir = 1; 7926 for (i = 0; i < NumQueue; i++) 7927 { 7928 h = si[i].sg_idx; 7929 if (tTd(41, 49)) 7930 sm_dprintf("sortqg: i=%d, j=%d, h=%d, runners=%d, skip=%d\n", 7931 i, j, h, Queue[h]->qg_maxqrun, IS_BOUNCE_QUEUE(h)); 7932 SKIP_BOUNCE_QUEUE(h); 7933 7934 /* a to-and-fro packing scheme, continue from last position */ 7935 if (j >= NumWorkGroups) 7936 { 7937 dir = -1; 7938 j = NumWorkGroups - 1; 7939 } 7940 else if (j < 0) 7941 { 7942 j = 0; 7943 dir = 1; 7944 } 7945 7946 if (WorkGrp[j].wg_qgs == NULL) 7947 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_malloc(sizeof(QUEUEGRP *) * 7948 (WorkGrp[j].wg_numqgrp + 1)); 7949 else 7950 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_realloc(WorkGrp[j].wg_qgs, 7951 sizeof(QUEUEGRP *) * 7952 (WorkGrp[j].wg_numqgrp + 1)); 7953 if (WorkGrp[j].wg_qgs == NULL) 7954 { 7955 syserr("!cannot allocate memory for work queues, need %d bytes", 7956 (int) (sizeof(QUEUEGRP *) * 7957 (WorkGrp[j].wg_numqgrp + 1))); 7958 } 7959 7960 WorkGrp[j].wg_qgs[WorkGrp[j].wg_numqgrp] = Queue[h]; 7961 WorkGrp[j].wg_numqgrp++; 7962 WorkGrp[j].wg_runners += Queue[h]->qg_maxqrun; 7963 Queue[h]->qg_wgrp = j; 7964 7965 if (WorkGrp[j].wg_maxact == 0) 7966 { 7967 /* can't have more runners than allowed total */ 7968 if (MaxQueueChildren > 0 && 7969 Queue[h]->qg_maxqrun > MaxQueueChildren) 7970 Queue[h]->qg_maxqrun = MaxQueueChildren; 7971 WorkGrp[j].wg_maxact = Queue[h]->qg_maxqrun; 7972 } 7973 7974 /* 7975 ** XXX: must wg_lowqintvl be the GCD? 7976 ** qg1: 2m, qg2: 3m, minimum: 2m, when do queue runs for 7977 ** qg2 occur? 7978 */ 7979 7980 /* keep track of the lowest interval for a persistent runner */ 7981 if (Queue[h]->qg_queueintvl > 0 && 7982 WorkGrp[j].wg_lowqintvl < Queue[h]->qg_queueintvl) 7983 WorkGrp[j].wg_lowqintvl = Queue[h]->qg_queueintvl; 7984 j += dir; 7985 } 7986 if (tTd(41, 9)) 7987 { 7988 for (i = 0; i < NumWorkGroups; i++) 7989 { 7990 sm_dprintf("Workgroup[%d]=", i); 7991 for (j = 0; j < WorkGrp[i].wg_numqgrp; j++) 7992 { 7993 sm_dprintf("%s, ", 7994 WorkGrp[i].wg_qgs[j]->qg_name); 7995 } 7996 if (tTd(41, 12)) 7997 sm_dprintf("lowqintvl=%d", 7998 (int) WorkGrp[i].wg_lowqintvl); 7999 sm_dprintf("\n"); 8000 } 8001 } 8002 } 8003 8004 /* 8005 ** DUP_DF -- duplicate envelope data file 8006 ** 8007 ** Copy the data file from the 'old' envelope to the 'new' envelope 8008 ** in the most efficient way possible. 8009 ** 8010 ** Create a hard link from the 'old' data file to the 'new' data file. 8011 ** If the old and new queue directories are on different file systems, 8012 ** then the new data file link is created in the old queue directory, 8013 ** and the new queue file will contain a 'd' record pointing to the 8014 ** directory containing the new data file. 8015 ** 8016 ** Parameters: 8017 ** old -- old envelope. 8018 ** new -- new envelope. 8019 ** 8020 ** Results: 8021 ** Returns true on success, false on failure. 8022 ** 8023 ** Side Effects: 8024 ** On success, the new data file is created. 8025 ** On fatal failure, EF_FATALERRS is set in old->e_flags. 8026 */ 8027 8028 static bool dup_df __P((ENVELOPE *, ENVELOPE *)); 8029 8030 static bool 8031 dup_df(old, new) 8032 ENVELOPE *old; 8033 ENVELOPE *new; 8034 { 8035 int ofs, nfs, r; 8036 char opath[MAXPATHLEN]; 8037 char npath[MAXPATHLEN]; 8038 8039 if (!bitset(EF_HAS_DF, old->e_flags)) 8040 { 8041 /* 8042 ** this can happen if: SuperSafe != True 8043 ** and a bounce mail is sent that is split. 8044 */ 8045 8046 queueup(old, QUP_FL_MSYNC); 8047 } 8048 SM_REQUIRE(ISVALIDQGRP(old->e_qgrp) && ISVALIDQDIR(old->e_qdir)); 8049 SM_REQUIRE(ISVALIDQGRP(new->e_qgrp) && ISVALIDQDIR(new->e_qdir)); 8050 8051 (void) sm_strlcpy(opath, queuename(old, DATAFL_LETTER), sizeof(opath)); 8052 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath)); 8053 8054 if (old->e_dfp != NULL) 8055 { 8056 r = sm_io_setinfo(old->e_dfp, SM_BF_COMMIT, NULL); 8057 if (r < 0 && errno != EINVAL) 8058 { 8059 syserr("@can't commit %s", opath); 8060 old->e_flags |= EF_FATALERRS; 8061 return false; 8062 } 8063 } 8064 8065 /* 8066 ** Attempt to create a hard link, if we think both old and new 8067 ** are on the same file system, otherwise copy the file. 8068 ** 8069 ** Don't waste time attempting a hard link unless old and new 8070 ** are on the same file system. 8071 */ 8072 8073 SM_REQUIRE(ISVALIDQGRP(old->e_dfqgrp) && ISVALIDQDIR(old->e_dfqdir)); 8074 SM_REQUIRE(ISVALIDQGRP(new->e_dfqgrp) && ISVALIDQDIR(new->e_dfqdir)); 8075 8076 ofs = Queue[old->e_dfqgrp]->qg_qpaths[old->e_dfqdir].qp_fsysidx; 8077 nfs = Queue[new->e_dfqgrp]->qg_qpaths[new->e_dfqdir].qp_fsysidx; 8078 if (FILE_SYS_DEV(ofs) == FILE_SYS_DEV(nfs)) 8079 { 8080 if (link(opath, npath) == 0) 8081 { 8082 new->e_flags |= EF_HAS_DF; 8083 SYNC_DIR(npath, true); 8084 return true; 8085 } 8086 goto error; 8087 } 8088 8089 /* 8090 ** Can't link across queue directories, so try to create a hard 8091 ** link in the same queue directory as the old df file. 8092 ** The qf file will refer to the new df file using a 'd' record. 8093 */ 8094 8095 new->e_dfqgrp = old->e_dfqgrp; 8096 new->e_dfqdir = old->e_dfqdir; 8097 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath)); 8098 if (link(opath, npath) == 0) 8099 { 8100 new->e_flags |= EF_HAS_DF; 8101 SYNC_DIR(npath, true); 8102 return true; 8103 } 8104 8105 error: 8106 if (LogLevel > 0) 8107 sm_syslog(LOG_ERR, old->e_id, 8108 "dup_df: can't link %s to %s, error=%s, envelope splitting failed", 8109 opath, npath, sm_errstring(errno)); 8110 return false; 8111 } 8112 8113 /* 8114 ** SPLIT_ENV -- Allocate a new envelope based on a given envelope. 8115 ** 8116 ** Parameters: 8117 ** e -- envelope. 8118 ** sendqueue -- sendqueue for new envelope. 8119 ** qgrp -- index of queue group. 8120 ** qdir -- queue directory. 8121 ** 8122 ** Results: 8123 ** new envelope. 8124 ** 8125 */ 8126 8127 static ENVELOPE *split_env __P((ENVELOPE *, ADDRESS *, int, int)); 8128 8129 static ENVELOPE * 8130 split_env(e, sendqueue, qgrp, qdir) 8131 ENVELOPE *e; 8132 ADDRESS *sendqueue; 8133 int qgrp; 8134 int qdir; 8135 { 8136 ENVELOPE *ee; 8137 8138 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, sizeof(*ee)); 8139 STRUCTCOPY(*e, *ee); 8140 ee->e_message = NULL; /* XXX use original message? */ 8141 ee->e_id = NULL; 8142 assign_queueid(ee); 8143 ee->e_sendqueue = sendqueue; 8144 ee->e_flags &= ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS 8145 |EF_SENDRECEIPT|EF_RET_PARAM|EF_HAS_DF); 8146 ee->e_flags |= EF_NORECEIPT; /* XXX really? */ 8147 ee->e_from.q_state = QS_SENDER; 8148 ee->e_dfp = NULL; 8149 ee->e_lockfp = NULL; 8150 if (e->e_xfp != NULL) 8151 ee->e_xfp = sm_io_dup(e->e_xfp); 8152 8153 /* failed to dup e->e_xfp, start a new transcript */ 8154 if (ee->e_xfp == NULL) 8155 openxscript(ee); 8156 8157 ee->e_qgrp = ee->e_dfqgrp = qgrp; 8158 ee->e_qdir = ee->e_dfqdir = qdir; 8159 ee->e_errormode = EM_MAIL; 8160 ee->e_statmsg = NULL; 8161 if (e->e_quarmsg != NULL) 8162 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool, 8163 e->e_quarmsg); 8164 8165 /* 8166 ** XXX Not sure if this copying is necessary. 8167 ** sendall() does this copying, but I (dm) don't know if that is 8168 ** because of the storage management discipline we were using 8169 ** before rpools were introduced, or if it is because these lists 8170 ** can be modified later. 8171 */ 8172 8173 ee->e_header = copyheader(e->e_header, ee->e_rpool); 8174 ee->e_errorqueue = copyqueue(e->e_errorqueue, ee->e_rpool); 8175 8176 return ee; 8177 } 8178 8179 /* return values from split functions, check also below! */ 8180 #define SM_SPLIT_FAIL (0) 8181 #define SM_SPLIT_NONE (1) 8182 #define SM_SPLIT_NEW(n) (1 + (n)) 8183 8184 /* 8185 ** SPLIT_ACROSS_QUEUE_GROUPS 8186 ** 8187 ** This function splits an envelope across multiple queue groups 8188 ** based on the queue group of each recipient. 8189 ** 8190 ** Parameters: 8191 ** e -- envelope. 8192 ** 8193 ** Results: 8194 ** SM_SPLIT_FAIL on failure 8195 ** SM_SPLIT_NONE if no splitting occurred, 8196 ** or 1 + the number of additional envelopes created. 8197 ** 8198 ** Side Effects: 8199 ** On success, e->e_sibling points to a list of zero or more 8200 ** additional envelopes, and the associated data files exist 8201 ** on disk. But the queue files are not created. 8202 ** 8203 ** On failure, e->e_sibling is not changed. 8204 ** The order of recipients in e->e_sendqueue is permuted. 8205 ** Abandoned data files for additional envelopes that failed 8206 ** to be created may exist on disk. 8207 */ 8208 8209 static int q_qgrp_compare __P((const void *, const void *)); 8210 static int e_filesys_compare __P((const void *, const void *)); 8211 8212 static int 8213 q_qgrp_compare(p1, p2) 8214 const void *p1; 8215 const void *p2; 8216 { 8217 ADDRESS **pq1 = (ADDRESS **) p1; 8218 ADDRESS **pq2 = (ADDRESS **) p2; 8219 8220 return (*pq1)->q_qgrp - (*pq2)->q_qgrp; 8221 } 8222 8223 static int 8224 e_filesys_compare(p1, p2) 8225 const void *p1; 8226 const void *p2; 8227 { 8228 ENVELOPE **pe1 = (ENVELOPE **) p1; 8229 ENVELOPE **pe2 = (ENVELOPE **) p2; 8230 int fs1, fs2; 8231 8232 fs1 = Queue[(*pe1)->e_qgrp]->qg_qpaths[(*pe1)->e_qdir].qp_fsysidx; 8233 fs2 = Queue[(*pe2)->e_qgrp]->qg_qpaths[(*pe2)->e_qdir].qp_fsysidx; 8234 if (FILE_SYS_DEV(fs1) < FILE_SYS_DEV(fs2)) 8235 return -1; 8236 if (FILE_SYS_DEV(fs1) > FILE_SYS_DEV(fs2)) 8237 return 1; 8238 return 0; 8239 } 8240 8241 static int split_across_queue_groups __P((ENVELOPE *)); 8242 static int 8243 split_across_queue_groups(e) 8244 ENVELOPE *e; 8245 { 8246 int naddrs, nsplits, i; 8247 bool changed; 8248 char **pvp; 8249 ADDRESS *q, **addrs; 8250 ENVELOPE *ee, *es; 8251 ENVELOPE *splits[MAXQUEUEGROUPS]; 8252 char pvpbuf[PSBUFSIZE]; 8253 8254 SM_REQUIRE(ISVALIDQGRP(e->e_qgrp)); 8255 8256 /* Count addresses and assign queue groups. */ 8257 naddrs = 0; 8258 changed = false; 8259 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 8260 { 8261 if (QS_IS_DEAD(q->q_state)) 8262 continue; 8263 ++naddrs; 8264 8265 /* bad addresses and those already sent stay put */ 8266 if (QS_IS_BADADDR(q->q_state) || 8267 QS_IS_SENT(q->q_state)) 8268 q->q_qgrp = e->e_qgrp; 8269 else if (!ISVALIDQGRP(q->q_qgrp)) 8270 { 8271 /* call ruleset which should return a queue group */ 8272 i = rscap(RS_QUEUEGROUP, q->q_user, NULL, e, &pvp, 8273 pvpbuf, sizeof(pvpbuf)); 8274 if (i == EX_OK && 8275 pvp != NULL && pvp[0] != NULL && 8276 (pvp[0][0] & 0377) == CANONNET && 8277 pvp[1] != NULL && pvp[1][0] != '\0') 8278 { 8279 i = name2qid(pvp[1]); 8280 if (ISVALIDQGRP(i)) 8281 { 8282 q->q_qgrp = i; 8283 changed = true; 8284 if (tTd(20, 4)) 8285 sm_syslog(LOG_INFO, NOQID, 8286 "queue group name %s -> %d", 8287 pvp[1], i); 8288 continue; 8289 } 8290 else if (LogLevel > 10) 8291 sm_syslog(LOG_INFO, NOQID, 8292 "can't find queue group name %s, selection ignored", 8293 pvp[1]); 8294 } 8295 if (q->q_mailer != NULL && 8296 ISVALIDQGRP(q->q_mailer->m_qgrp)) 8297 { 8298 changed = true; 8299 q->q_qgrp = q->q_mailer->m_qgrp; 8300 } 8301 else if (ISVALIDQGRP(e->e_qgrp)) 8302 q->q_qgrp = e->e_qgrp; 8303 else 8304 q->q_qgrp = 0; 8305 } 8306 } 8307 8308 /* only one address? nothing to split. */ 8309 if (naddrs <= 1 && !changed) 8310 return SM_SPLIT_NONE; 8311 8312 /* sort the addresses by queue group */ 8313 addrs = sm_rpool_malloc_x(e->e_rpool, naddrs * sizeof(ADDRESS *)); 8314 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next) 8315 { 8316 if (QS_IS_DEAD(q->q_state)) 8317 continue; 8318 addrs[i++] = q; 8319 } 8320 qsort(addrs, naddrs, sizeof(ADDRESS *), q_qgrp_compare); 8321 8322 /* split into multiple envelopes, by queue group */ 8323 nsplits = 0; 8324 es = NULL; 8325 e->e_sendqueue = NULL; 8326 for (i = 0; i < naddrs; ++i) 8327 { 8328 if (i == naddrs - 1 || addrs[i]->q_qgrp != addrs[i + 1]->q_qgrp) 8329 addrs[i]->q_next = NULL; 8330 else 8331 addrs[i]->q_next = addrs[i + 1]; 8332 8333 /* same queue group as original envelope? */ 8334 if (addrs[i]->q_qgrp == e->e_qgrp) 8335 { 8336 if (e->e_sendqueue == NULL) 8337 e->e_sendqueue = addrs[i]; 8338 continue; 8339 } 8340 8341 /* different queue group than original envelope */ 8342 if (es == NULL || addrs[i]->q_qgrp != es->e_qgrp) 8343 { 8344 ee = split_env(e, addrs[i], addrs[i]->q_qgrp, NOQDIR); 8345 es = ee; 8346 splits[nsplits++] = ee; 8347 } 8348 } 8349 8350 /* no splits? return right now. */ 8351 if (nsplits <= 0) 8352 return SM_SPLIT_NONE; 8353 8354 /* assign a queue directory to each additional envelope */ 8355 for (i = 0; i < nsplits; ++i) 8356 { 8357 es = splits[i]; 8358 #if 0 8359 es->e_qdir = pickqdir(Queue[es->e_qgrp], es->e_msgsize, es); 8360 #endif 8361 if (!setnewqueue(es)) 8362 goto failure; 8363 } 8364 8365 /* sort the additional envelopes by queue file system */ 8366 qsort(splits, nsplits, sizeof(ENVELOPE *), e_filesys_compare); 8367 8368 /* create data files for each additional envelope */ 8369 if (!dup_df(e, splits[0])) 8370 { 8371 i = 0; 8372 goto failure; 8373 } 8374 for (i = 1; i < nsplits; ++i) 8375 { 8376 /* copy or link to the previous data file */ 8377 if (!dup_df(splits[i - 1], splits[i])) 8378 goto failure; 8379 } 8380 8381 /* success: prepend the new envelopes to the e->e_sibling list */ 8382 for (i = 0; i < nsplits; ++i) 8383 { 8384 es = splits[i]; 8385 es->e_sibling = e->e_sibling; 8386 e->e_sibling = es; 8387 } 8388 return SM_SPLIT_NEW(nsplits); 8389 8390 /* failure: clean up */ 8391 failure: 8392 if (i > 0) 8393 { 8394 int j; 8395 8396 for (j = 0; j < i; j++) 8397 (void) unlink(queuename(splits[j], DATAFL_LETTER)); 8398 } 8399 e->e_sendqueue = addrs[0]; 8400 for (i = 0; i < naddrs - 1; ++i) 8401 addrs[i]->q_next = addrs[i + 1]; 8402 addrs[naddrs - 1]->q_next = NULL; 8403 return SM_SPLIT_FAIL; 8404 } 8405 8406 /* 8407 ** SPLIT_WITHIN_QUEUE 8408 ** 8409 ** Split an envelope with multiple recipients into several 8410 ** envelopes within the same queue directory, if the number of 8411 ** recipients exceeds the limit for the queue group. 8412 ** 8413 ** Parameters: 8414 ** e -- envelope. 8415 ** 8416 ** Results: 8417 ** SM_SPLIT_FAIL on failure 8418 ** SM_SPLIT_NONE if no splitting occurred, 8419 ** or 1 + the number of additional envelopes created. 8420 */ 8421 8422 #define SPLIT_LOG_LEVEL 8 8423 8424 static int split_within_queue __P((ENVELOPE *)); 8425 8426 static int 8427 split_within_queue(e) 8428 ENVELOPE *e; 8429 { 8430 int maxrcpt, nrcpt, ndead, nsplit, i; 8431 int j, l; 8432 char *lsplits; 8433 ADDRESS *q, **addrs; 8434 ENVELOPE *ee, *firstsibling; 8435 8436 if (!ISVALIDQGRP(e->e_qgrp) || bitset(EF_SPLIT, e->e_flags)) 8437 return SM_SPLIT_NONE; 8438 8439 /* don't bother if there is no recipient limit */ 8440 maxrcpt = Queue[e->e_qgrp]->qg_maxrcpt; 8441 if (maxrcpt <= 0) 8442 return SM_SPLIT_NONE; 8443 8444 /* count recipients */ 8445 nrcpt = 0; 8446 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 8447 { 8448 if (QS_IS_DEAD(q->q_state)) 8449 continue; 8450 ++nrcpt; 8451 } 8452 if (nrcpt <= maxrcpt) 8453 return SM_SPLIT_NONE; 8454 8455 /* 8456 ** Preserve the recipient list 8457 ** so that we can restore it in case of error. 8458 ** (But we discard dead addresses.) 8459 */ 8460 8461 addrs = sm_rpool_malloc_x(e->e_rpool, nrcpt * sizeof(ADDRESS *)); 8462 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next) 8463 { 8464 if (QS_IS_DEAD(q->q_state)) 8465 continue; 8466 addrs[i++] = q; 8467 } 8468 8469 /* 8470 ** Partition the recipient list so that bad and sent addresses 8471 ** come first. These will go with the original envelope, and 8472 ** do not count towards the maxrcpt limit. 8473 ** addrs[] does not contain QS_IS_DEAD() addresses. 8474 */ 8475 8476 ndead = 0; 8477 for (i = 0; i < nrcpt; ++i) 8478 { 8479 if (QS_IS_BADADDR(addrs[i]->q_state) || 8480 QS_IS_SENT(addrs[i]->q_state) || 8481 QS_IS_DEAD(addrs[i]->q_state)) /* for paranoia's sake */ 8482 { 8483 if (i > ndead) 8484 { 8485 ADDRESS *tmp = addrs[i]; 8486 8487 addrs[i] = addrs[ndead]; 8488 addrs[ndead] = tmp; 8489 } 8490 ++ndead; 8491 } 8492 } 8493 8494 /* Check if no splitting required. */ 8495 if (nrcpt - ndead <= maxrcpt) 8496 return SM_SPLIT_NONE; 8497 8498 /* fix links */ 8499 for (i = 0; i < nrcpt - 1; ++i) 8500 addrs[i]->q_next = addrs[i + 1]; 8501 addrs[nrcpt - 1]->q_next = NULL; 8502 e->e_sendqueue = addrs[0]; 8503 8504 /* prepare buffer for logging */ 8505 if (LogLevel > SPLIT_LOG_LEVEL) 8506 { 8507 l = MAXLINE; 8508 lsplits = sm_malloc(l); 8509 if (lsplits != NULL) 8510 *lsplits = '\0'; 8511 j = 0; 8512 } 8513 else 8514 { 8515 /* get rid of stupid compiler warnings */ 8516 lsplits = NULL; 8517 j = l = 0; 8518 } 8519 8520 /* split the envelope */ 8521 firstsibling = e->e_sibling; 8522 i = maxrcpt + ndead; 8523 nsplit = 0; 8524 for (;;) 8525 { 8526 addrs[i - 1]->q_next = NULL; 8527 ee = split_env(e, addrs[i], e->e_qgrp, e->e_qdir); 8528 if (!dup_df(e, ee)) 8529 { 8530 8531 ee = firstsibling; 8532 while (ee != NULL) 8533 { 8534 (void) unlink(queuename(ee, DATAFL_LETTER)); 8535 ee = ee->e_sibling; 8536 } 8537 8538 /* Error. Restore e's sibling & recipient lists. */ 8539 e->e_sibling = firstsibling; 8540 for (i = 0; i < nrcpt - 1; ++i) 8541 addrs[i]->q_next = addrs[i + 1]; 8542 if (lsplits != NULL) 8543 sm_free(lsplits); 8544 return SM_SPLIT_FAIL; 8545 } 8546 8547 /* prepend the new envelope to e->e_sibling */ 8548 ee->e_sibling = e->e_sibling; 8549 e->e_sibling = ee; 8550 ++nsplit; 8551 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL) 8552 { 8553 if (j >= l - strlen(ee->e_id) - 3) 8554 { 8555 char *p; 8556 8557 l += MAXLINE; 8558 p = sm_realloc(lsplits, l); 8559 if (p == NULL) 8560 { 8561 /* let's try to get this done */ 8562 sm_free(lsplits); 8563 lsplits = NULL; 8564 } 8565 else 8566 lsplits = p; 8567 } 8568 if (lsplits != NULL) 8569 { 8570 if (j == 0) 8571 j += sm_strlcat(lsplits + j, 8572 ee->e_id, 8573 l - j); 8574 else 8575 j += sm_strlcat2(lsplits + j, 8576 "; ", 8577 ee->e_id, 8578 l - j); 8579 SM_ASSERT(j < l); 8580 } 8581 } 8582 if (nrcpt - i <= maxrcpt) 8583 break; 8584 i += maxrcpt; 8585 } 8586 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL) 8587 { 8588 if (nsplit > 0) 8589 { 8590 sm_syslog(LOG_NOTICE, e->e_id, 8591 "split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s", 8592 maxrcpt, nrcpt - ndead, nsplit, 8593 nsplit > 1 ? "s" : "", lsplits); 8594 } 8595 sm_free(lsplits); 8596 } 8597 return SM_SPLIT_NEW(nsplit); 8598 } 8599 /* 8600 ** SPLIT_BY_RECIPIENT 8601 ** 8602 ** Split an envelope with multiple recipients into multiple 8603 ** envelopes as required by the sendmail configuration. 8604 ** 8605 ** Parameters: 8606 ** e -- envelope. 8607 ** 8608 ** Results: 8609 ** Returns true on success, false on failure. 8610 ** 8611 ** Side Effects: 8612 ** see split_across_queue_groups(), split_within_queue(e) 8613 */ 8614 8615 bool 8616 split_by_recipient(e) 8617 ENVELOPE *e; 8618 { 8619 int split, n, i, j, l; 8620 char *lsplits; 8621 ENVELOPE *ee, *next, *firstsibling; 8622 8623 if (OpMode == SM_VERIFY || !ISVALIDQGRP(e->e_qgrp) || 8624 bitset(EF_SPLIT, e->e_flags)) 8625 return true; 8626 n = split_across_queue_groups(e); 8627 if (n == SM_SPLIT_FAIL) 8628 return false; 8629 firstsibling = ee = e->e_sibling; 8630 if (n > 1 && LogLevel > SPLIT_LOG_LEVEL) 8631 { 8632 l = MAXLINE; 8633 lsplits = sm_malloc(l); 8634 if (lsplits != NULL) 8635 *lsplits = '\0'; 8636 j = 0; 8637 } 8638 else 8639 { 8640 /* get rid of stupid compiler warnings */ 8641 lsplits = NULL; 8642 j = l = 0; 8643 } 8644 for (i = 1; i < n; ++i) 8645 { 8646 next = ee->e_sibling; 8647 if (split_within_queue(ee) == SM_SPLIT_FAIL) 8648 { 8649 e->e_sibling = firstsibling; 8650 SM_FREE(lsplits); 8651 return false; 8652 } 8653 ee->e_flags |= EF_SPLIT; 8654 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL) 8655 { 8656 if (j >= l - strlen(ee->e_id) - 3) 8657 { 8658 char *p; 8659 8660 l += MAXLINE; 8661 p = sm_realloc(lsplits, l); 8662 if (p == NULL) 8663 { 8664 /* let's try to get this done */ 8665 SM_FREE(lsplits); 8666 } 8667 else 8668 lsplits = p; 8669 } 8670 if (lsplits != NULL) 8671 { 8672 if (j == 0) 8673 j += sm_strlcat(lsplits + j, 8674 ee->e_id, l - j); 8675 else 8676 j += sm_strlcat2(lsplits + j, "; ", 8677 ee->e_id, l - j); 8678 SM_ASSERT(j < l); 8679 } 8680 } 8681 ee = next; 8682 } 8683 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && n > 1) 8684 { 8685 sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s", 8686 n - 1, n > 2 ? "s" : "", lsplits); 8687 SM_FREE(lsplits); 8688 } 8689 split = split_within_queue(e) != SM_SPLIT_FAIL; 8690 if (split) 8691 e->e_flags |= EF_SPLIT; 8692 return split; 8693 } 8694 8695 /* 8696 ** QUARANTINE_QUEUE_ITEM -- {un,}quarantine a single envelope 8697 ** 8698 ** Add/remove quarantine reason and requeue appropriately. 8699 ** 8700 ** Parameters: 8701 ** qgrp -- queue group for the item 8702 ** qdir -- queue directory in the given queue group 8703 ** e -- envelope information for the item 8704 ** reason -- quarantine reason, NULL means unquarantine. 8705 ** 8706 ** Results: 8707 ** true if item changed, false otherwise 8708 ** 8709 ** Side Effects: 8710 ** Changes quarantine tag in queue file and renames it. 8711 */ 8712 8713 static bool 8714 quarantine_queue_item(qgrp, qdir, e, reason) 8715 int qgrp; 8716 int qdir; 8717 ENVELOPE *e; 8718 char *reason; 8719 { 8720 bool dirty = false; 8721 bool failing = false; 8722 bool foundq = false; 8723 bool finished = false; 8724 int fd; 8725 int flags; 8726 int oldtype; 8727 int newtype; 8728 int save_errno; 8729 MODE_T oldumask = 0; 8730 SM_FILE_T *oldqfp, *tempqfp; 8731 char *bp; 8732 int bufsize; 8733 char oldqf[MAXPATHLEN]; 8734 char tempqf[MAXPATHLEN]; 8735 char newqf[MAXPATHLEN]; 8736 char buf[MAXLINE]; 8737 8738 oldtype = queue_letter(e, ANYQFL_LETTER); 8739 (void) sm_strlcpy(oldqf, queuename(e, ANYQFL_LETTER), sizeof(oldqf)); 8740 (void) sm_strlcpy(tempqf, queuename(e, NEWQFL_LETTER), sizeof(tempqf)); 8741 8742 /* 8743 ** Instead of duplicating all the open 8744 ** and lock code here, tell readqf() to 8745 ** do that work and return the open 8746 ** file pointer in e_lockfp. Note that 8747 ** we must release the locks properly when 8748 ** we are done. 8749 */ 8750 8751 if (!readqf(e, true)) 8752 { 8753 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8754 "Skipping %s\n", qid_printname(e)); 8755 return false; 8756 } 8757 oldqfp = e->e_lockfp; 8758 8759 /* open the new queue file */ 8760 flags = O_CREAT|O_WRONLY|O_EXCL; 8761 if (bitset(S_IWGRP, QueueFileMode)) 8762 oldumask = umask(002); 8763 fd = open(tempqf, flags, QueueFileMode); 8764 if (bitset(S_IWGRP, QueueFileMode)) 8765 (void) umask(oldumask); 8766 RELEASE_QUEUE; 8767 8768 if (fd < 0) 8769 { 8770 save_errno = errno; 8771 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8772 "Skipping %s: Could not open %s: %s\n", 8773 qid_printname(e), tempqf, 8774 sm_errstring(save_errno)); 8775 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT); 8776 return false; 8777 } 8778 if (!lockfile(fd, tempqf, NULL, LOCK_EX|LOCK_NB)) 8779 { 8780 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8781 "Skipping %s: Could not lock %s\n", 8782 qid_printname(e), tempqf); 8783 (void) close(fd); 8784 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT); 8785 return false; 8786 } 8787 8788 tempqfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &fd, 8789 SM_IO_WRONLY_B, NULL); 8790 if (tempqfp == NULL) 8791 { 8792 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8793 "Skipping %s: Could not lock %s\n", 8794 qid_printname(e), tempqf); 8795 (void) close(fd); 8796 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT); 8797 return false; 8798 } 8799 8800 /* Copy the data over, changing the quarantine reason */ 8801 while (bufsize = sizeof(buf), 8802 (bp = fgetfolded(buf, &bufsize, oldqfp)) != NULL) 8803 { 8804 if (tTd(40, 4)) 8805 sm_dprintf("+++++ %s\n", bp); 8806 switch (bp[0]) 8807 { 8808 case 'q': /* quarantine reason */ 8809 foundq = true; 8810 if (reason == NULL) 8811 { 8812 if (Verbose) 8813 { 8814 (void) sm_io_fprintf(smioout, 8815 SM_TIME_DEFAULT, 8816 "%s: Removed quarantine of \"%s\"\n", 8817 e->e_id, &bp[1]); 8818 } 8819 sm_syslog(LOG_INFO, e->e_id, "unquarantine"); 8820 dirty = true; 8821 } 8822 else if (strcmp(reason, &bp[1]) == 0) 8823 { 8824 if (Verbose) 8825 { 8826 (void) sm_io_fprintf(smioout, 8827 SM_TIME_DEFAULT, 8828 "%s: Already quarantined with \"%s\"\n", 8829 e->e_id, reason); 8830 } 8831 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT, 8832 "q%s\n", reason); 8833 } 8834 else 8835 { 8836 if (Verbose) 8837 { 8838 (void) sm_io_fprintf(smioout, 8839 SM_TIME_DEFAULT, 8840 "%s: Quarantine changed from \"%s\" to \"%s\"\n", 8841 e->e_id, &bp[1], 8842 reason); 8843 } 8844 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT, 8845 "q%s\n", reason); 8846 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s", 8847 reason); 8848 dirty = true; 8849 } 8850 break; 8851 8852 case 'S': 8853 /* 8854 ** If we are quarantining an unquarantined item, 8855 ** need to put in a new 'q' line before it's 8856 ** too late. 8857 */ 8858 8859 if (!foundq && reason != NULL) 8860 { 8861 if (Verbose) 8862 { 8863 (void) sm_io_fprintf(smioout, 8864 SM_TIME_DEFAULT, 8865 "%s: Quarantined with \"%s\"\n", 8866 e->e_id, reason); 8867 } 8868 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT, 8869 "q%s\n", reason); 8870 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s", 8871 reason); 8872 foundq = true; 8873 dirty = true; 8874 } 8875 8876 /* Copy the line to the new file */ 8877 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT, 8878 "%s\n", bp); 8879 break; 8880 8881 case '.': 8882 finished = true; 8883 /* FALLTHROUGH */ 8884 8885 default: 8886 /* Copy the line to the new file */ 8887 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT, 8888 "%s\n", bp); 8889 break; 8890 } 8891 if (bp != buf) 8892 sm_free(bp); 8893 } 8894 8895 /* Make sure we read the whole old file */ 8896 errno = sm_io_error(tempqfp); 8897 if (errno != 0 && errno != SM_IO_EOF) 8898 { 8899 save_errno = errno; 8900 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8901 "Skipping %s: Error reading %s: %s\n", 8902 qid_printname(e), oldqf, 8903 sm_errstring(save_errno)); 8904 failing = true; 8905 } 8906 8907 if (!failing && !finished) 8908 { 8909 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8910 "Skipping %s: Incomplete file: %s\n", 8911 qid_printname(e), oldqf); 8912 failing = true; 8913 } 8914 8915 /* Check if we actually changed anything or we can just bail now */ 8916 if (!dirty) 8917 { 8918 /* pretend we failed, even though we technically didn't */ 8919 failing = true; 8920 } 8921 8922 /* Make sure we wrote things out safely */ 8923 if (!failing && 8924 (sm_io_flush(tempqfp, SM_TIME_DEFAULT) != 0 || 8925 ((SuperSafe == SAFE_REALLY || 8926 SuperSafe == SAFE_REALLY_POSTMILTER || 8927 SuperSafe == SAFE_INTERACTIVE) && 8928 fsync(sm_io_getinfo(tempqfp, SM_IO_WHAT_FD, NULL)) < 0) || 8929 ((errno = sm_io_error(tempqfp)) != 0))) 8930 { 8931 save_errno = errno; 8932 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8933 "Skipping %s: Error writing %s: %s\n", 8934 qid_printname(e), tempqf, 8935 sm_errstring(save_errno)); 8936 failing = true; 8937 } 8938 8939 8940 /* Figure out the new filename */ 8941 newtype = (reason == NULL ? NORMQF_LETTER : QUARQF_LETTER); 8942 if (oldtype == newtype) 8943 { 8944 /* going to rename tempqf to oldqf */ 8945 (void) sm_strlcpy(newqf, oldqf, sizeof(newqf)); 8946 } 8947 else 8948 { 8949 /* going to rename tempqf to new name based on newtype */ 8950 (void) sm_strlcpy(newqf, queuename(e, newtype), sizeof(newqf)); 8951 } 8952 8953 save_errno = 0; 8954 8955 /* rename tempqf to newqf */ 8956 if (!failing && 8957 rename(tempqf, newqf) < 0) 8958 save_errno = (errno == 0) ? EINVAL : errno; 8959 8960 /* Check rename() success */ 8961 if (!failing && save_errno != 0) 8962 { 8963 sm_syslog(LOG_DEBUG, e->e_id, 8964 "quarantine_queue_item: rename(%s, %s): %s", 8965 tempqf, newqf, sm_errstring(save_errno)); 8966 8967 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8968 "Error renaming %s to %s: %s\n", 8969 tempqf, newqf, 8970 sm_errstring(save_errno)); 8971 if (oldtype == newtype) 8972 { 8973 /* 8974 ** Bail here since we don't know the state of 8975 ** the filesystem and may need to keep tempqf 8976 ** for the user to rescue us. 8977 */ 8978 8979 RELEASE_QUEUE; 8980 errno = save_errno; 8981 syserr("!452 Error renaming control file %s", tempqf); 8982 /* NOTREACHED */ 8983 } 8984 else 8985 { 8986 /* remove new file (if rename() half completed) */ 8987 if (xunlink(newqf) < 0) 8988 { 8989 save_errno = errno; 8990 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 8991 "Error removing %s: %s\n", 8992 newqf, 8993 sm_errstring(save_errno)); 8994 } 8995 8996 /* tempqf removed below */ 8997 failing = true; 8998 } 8999 9000 } 9001 9002 /* If changing file types, need to remove old type */ 9003 if (!failing && oldtype != newtype) 9004 { 9005 if (xunlink(oldqf) < 0) 9006 { 9007 save_errno = errno; 9008 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 9009 "Error removing %s: %s\n", 9010 oldqf, sm_errstring(save_errno)); 9011 } 9012 } 9013 9014 /* see if anything above failed */ 9015 if (failing) 9016 { 9017 /* Something failed: remove new file, old file still there */ 9018 (void) xunlink(tempqf); 9019 } 9020 9021 /* 9022 ** fsync() after file operations to make sure metadata is 9023 ** written to disk on filesystems in which renames are 9024 ** not guaranteed. It's ok if they fail, mail won't be lost. 9025 */ 9026 9027 if (SuperSafe != SAFE_NO) 9028 { 9029 /* for soft-updates */ 9030 (void) fsync(sm_io_getinfo(tempqfp, 9031 SM_IO_WHAT_FD, NULL)); 9032 9033 if (!failing) 9034 { 9035 /* for soft-updates */ 9036 (void) fsync(sm_io_getinfo(oldqfp, 9037 SM_IO_WHAT_FD, NULL)); 9038 } 9039 9040 /* for other odd filesystems */ 9041 SYNC_DIR(tempqf, false); 9042 } 9043 9044 /* Close up shop */ 9045 RELEASE_QUEUE; 9046 if (tempqfp != NULL) 9047 (void) sm_io_close(tempqfp, SM_TIME_DEFAULT); 9048 if (oldqfp != NULL) 9049 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT); 9050 9051 /* All went well */ 9052 return !failing; 9053 } 9054 9055 /* 9056 ** QUARANTINE_QUEUE -- {un,}quarantine matching items in the queue 9057 ** 9058 ** Read all matching queue items, add/remove quarantine 9059 ** reason, and requeue appropriately. 9060 ** 9061 ** Parameters: 9062 ** reason -- quarantine reason, "." means unquarantine. 9063 ** qgrplimit -- limit to single queue group unless NOQGRP 9064 ** 9065 ** Results: 9066 ** none. 9067 ** 9068 ** Side Effects: 9069 ** Lots of changes to the queue. 9070 */ 9071 9072 void 9073 quarantine_queue(reason, qgrplimit) 9074 char *reason; 9075 int qgrplimit; 9076 { 9077 int changed = 0; 9078 int qgrp; 9079 9080 /* Convert internal representation of unquarantine */ 9081 if (reason != NULL && reason[0] == '.' && reason[1] == '\0') 9082 reason = NULL; 9083 9084 if (reason != NULL) 9085 { 9086 /* clean it; leak does not matter: one time invocation */ 9087 reason = newstr(denlstring(reason, true, true)); 9088 } 9089 9090 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++) 9091 { 9092 int qdir; 9093 9094 if (qgrplimit != NOQGRP && qgrplimit != qgrp) 9095 continue; 9096 9097 for (qdir = 0; qdir < Queue[qgrp]->qg_numqueues; qdir++) 9098 { 9099 int i; 9100 int nrequests; 9101 9102 if (StopRequest) 9103 stop_sendmail(); 9104 9105 nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); 9106 9107 /* first see if there is anything */ 9108 if (nrequests <= 0) 9109 { 9110 if (Verbose) 9111 { 9112 (void) sm_io_fprintf(smioout, 9113 SM_TIME_DEFAULT, "%s: no matches\n", 9114 qid_printqueue(qgrp, qdir)); 9115 } 9116 continue; 9117 } 9118 9119 if (Verbose) 9120 { 9121 (void) sm_io_fprintf(smioout, 9122 SM_TIME_DEFAULT, "Processing %s:\n", 9123 qid_printqueue(qgrp, qdir)); 9124 } 9125 9126 for (i = 0; i < WorkListCount; i++) 9127 { 9128 ENVELOPE e; 9129 9130 if (StopRequest) 9131 stop_sendmail(); 9132 9133 /* set up envelope */ 9134 clearenvelope(&e, true, sm_rpool_new_x(NULL)); 9135 e.e_id = WorkList[i].w_name + 2; 9136 e.e_qgrp = qgrp; 9137 e.e_qdir = qdir; 9138 9139 if (tTd(70, 101)) 9140 { 9141 sm_io_fprintf(smioout, SM_TIME_DEFAULT, 9142 "Would do %s\n", e.e_id); 9143 changed++; 9144 } 9145 else if (quarantine_queue_item(qgrp, qdir, 9146 &e, reason)) 9147 changed++; 9148 9149 /* clean up */ 9150 sm_rpool_free(e.e_rpool); 9151 e.e_rpool = NULL; 9152 } 9153 if (WorkList != NULL) 9154 sm_free(WorkList); /* XXX */ 9155 WorkList = NULL; 9156 WorkListSize = 0; 9157 WorkListCount = 0; 9158 } 9159 } 9160 if (Verbose) 9161 { 9162 if (changed == 0) 9163 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 9164 "No changes\n"); 9165 else 9166 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, 9167 "%d change%s\n", 9168 changed, 9169 changed == 1 ? "" : "s"); 9170 } 9171 } 9172 9173 #if _FFR_DMTRIGGER 9174 /* 9175 ** QM -- queue "manager" 9176 ** 9177 ** Parameters: 9178 ** none. 9179 ** 9180 ** Results: 9181 ** false on error 9182 ** 9183 ** Side Effects: 9184 ** fork()s and runs as process to deliver queue entries 9185 */ 9186 9187 bool 9188 qm() 9189 { 9190 int r; 9191 pid_t pid; 9192 long tmo; 9193 9194 sm_syslog(LOG_DEBUG, NOQID, "queue manager: start"); 9195 9196 (void) sm_blocksignal(SIGCHLD); 9197 (void) sm_signal(SIGCHLD, reapchild); 9198 9199 pid = dofork(); 9200 if (pid == -1) 9201 { 9202 const char *msg = "queue manager -- fork() failed"; 9203 const char *err = sm_errstring(errno); 9204 9205 if (LogLevel > 8) 9206 sm_syslog(LOG_INFO, NOQID, "%s: %s", 9207 msg, err); 9208 (void) sm_releasesignal(SIGCHLD); 9209 return false; 9210 } 9211 if (pid != 0) 9212 { 9213 /* parent -- pick up intermediate zombie */ 9214 (void) sm_releasesignal(SIGCHLD); 9215 return true; 9216 } 9217 9218 /* XXX put this into a macro/function because it is used several times? */ 9219 /* child -- clean up signals */ 9220 9221 /* Reset global flags */ 9222 RestartRequest = NULL; 9223 RestartWorkGroup = false; 9224 ShutdownRequest = NULL; 9225 PendingSignal = 0; 9226 CurrentPid = getpid(); 9227 close_sendmail_pid(); 9228 9229 /* 9230 ** Initialize exception stack and default exception 9231 ** handler for child process. 9232 */ 9233 9234 sm_exc_newthread(fatal_error); 9235 clrcontrol(); 9236 proc_list_clear(); 9237 9238 /* Add parent process as first child item */ 9239 proc_list_add(CurrentPid, "Queue manager", PROC_QM, 0, -1, NULL); 9240 (void) sm_releasesignal(SIGCHLD); 9241 (void) sm_signal(SIGCHLD, SIG_DFL); 9242 (void) sm_signal(SIGHUP, SIG_DFL); 9243 (void) sm_signal(SIGTERM, intsig); 9244 9245 /* drop privileges */ 9246 if (geteuid() == (uid_t) 0) 9247 (void) drop_privileges(false); 9248 disconnect(1, NULL); 9249 QuickAbort = false; 9250 9251 r = sm_notify_start(true, 0); 9252 if (r != 0) 9253 syserr("sm_notify_start() failed=%d", r); 9254 9255 /* 9256 ** Initially wait indefinitely, then only wait 9257 ** until something needs to get done (not yet implemented). 9258 */ 9259 9260 tmo = -1; 9261 while (true) 9262 { 9263 char buf[64]; 9264 ENVELOPE *e; 9265 SM_RPOOL_T *rpool; 9266 9267 /* 9268 ** TODO: This should try to receive multiple ids: 9269 ** after it got one, check for more with a very short timeout 9270 ** and collect them in a list. 9271 ** but them some other code should be used to run all of them. 9272 */ 9273 9274 sm_syslog(LOG_DEBUG, NOQID, "queue manager: rcv=start"); 9275 r = sm_notify_rcv(buf, sizeof(buf), tmo); 9276 if (-ETIMEDOUT == r) 9277 { 9278 sm_syslog(LOG_DEBUG, NOQID, "queue manager: rcv=timed_out"); 9279 continue; 9280 } 9281 if (r < 0) 9282 { 9283 sm_syslog(LOG_DEBUG, NOQID, "queue manager: rcv=%d", r); 9284 goto end; 9285 } 9286 if (r > 0 && r < sizeof(buf)) 9287 buf[r] = '\0'; 9288 buf[sizeof(buf) - 1] = '\0'; 9289 sm_syslog(LOG_DEBUG, NOQID, "queue manager: got=%s", buf); 9290 CurEnv = &QueueEnvelope; 9291 rpool = sm_rpool_new_x(NULL); 9292 e = newenvelope(&QueueEnvelope, CurEnv, rpool); 9293 e->e_flags = BlankEnvelope.e_flags; 9294 e->e_parent = NULL; 9295 r = sm_io_sscanf(buf, "N:%d:%d:%s", &e->e_qgrp, &e->e_qdir, e->e_id); 9296 if (r != 3) 9297 { 9298 sm_syslog(LOG_DEBUG, NOQID, "queue manager: buf=%s, scan=%d", buf, r); 9299 goto end; 9300 } 9301 dowork(e->e_qgrp, e->e_qdir, e->e_id, true, false, e); 9302 } 9303 9304 end: 9305 sm_syslog(LOG_DEBUG, NOQID, "queue manager: stop"); 9306 finis(false, false, EX_OK); 9307 return false; 9308 } 9309 #endif /* _FFR_DMTRIGGER */ 9310