2 * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
17 SM_RCSID("@(#)$Id: queue.c,v 8.975 2007/06/18 20:08:40 ca Exp $")
21 # define RELEASE_QUEUE (void) 0
22 # define ST_INODE(st) (st).st_ino
24 # define sm_file_exists(errno) ((errno) == EEXIST)
26 # if HASFLOCK && defined(O_EXLOCK)
27 # define SM_OPEN_EXLOCK 1
28 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL|O_EXLOCK)
29 # else /* HASFLOCK && defined(O_EXLOCK) */
30 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL)
31 # endif /* HASFLOCK && defined(O_EXLOCK) */
33 #ifndef SM_OPEN_EXLOCK
34 # define SM_OPEN_EXLOCK 0
35 #endif /* ! SM_OPEN_EXLOCK */
39 ** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
40 ** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY
41 ** QF_VERSION == 6 was sendmail 8.12 without _FFR_QUEUEDELAY
42 ** QF_VERSION == 7 was sendmail 8.12 with _FFR_QUEUEDELAY
43 ** QF_VERSION == 8 is sendmail 8.13
46 #define QF_VERSION 8 /* version number of this queue format */
48 static char queue_letter __P((ENVELOPE *, int));
49 static bool quarantine_queue_item __P((int, int, ENVELOPE *, char *));
51 /* Naming convention: qgrp: index of queue group, qg: QUEUEGROUP */
59 char *w_name; /* name of control file */
60 char *w_host; /* name of recipient host */
61 bool w_lock; /* is message locked? */
62 bool w_tooyoung; /* is it too young to run? */
63 long w_pri; /* priority of message, see below */
64 time_t w_ctime; /* creation time */
65 time_t w_mtime; /* modification time */
66 int w_qgrp; /* queue group located in */
67 int w_qdir; /* queue directory located in */
68 struct work *w_next; /* next in queue */
71 typedef struct work WORK;
73 static WORK *WorkQ; /* queue of things to be done */
74 static int NumWorkGroups; /* number of work groups */
75 static time_t Current_LA_time = 0;
77 /* Get new load average every 30 seconds. */
78 #define GET_NEW_LA_TIME 30
80 #define SM_GET_LA(now) \
84 if (Current_LA_time < now - GET_NEW_LA_TIME) \
87 Current_LA_time = now; \
92 ** DoQueueRun indicates that a queue run is needed.
93 ** Notice: DoQueueRun is modified in a signal handler!
96 static bool volatile DoQueueRun; /* non-interrupt time queue run needed */
99 ** Work group definition structure.
100 ** Each work group contains one or more queue groups. This is done
101 ** to manage the number of queue group runners active at the same time
102 ** to be within the constraints of MaxQueueChildren (if it is set).
103 ** The number of queue groups that can be run on the next work run
104 ** is kept track of. The queue groups are run in a round robin.
109 int wg_numqgrp; /* number of queue groups in work grp */
110 int wg_runners; /* total runners */
111 int wg_curqgrp; /* current queue group */
112 QUEUEGRP **wg_qgs; /* array of queue groups */
113 int wg_maxact; /* max # of active runners */
114 time_t wg_lowqintvl; /* lowest queue interval */
115 int wg_restart; /* needs restarting? */
116 int wg_restartcnt; /* count of times restarted */
119 typedef struct workgrp WORKGRP;
121 static WORKGRP volatile WorkGrp[MAXWORKGROUPS + 1]; /* work groups */
124 static SM_DEBUG_T DebugLeakQ = SM_DEBUG_INITIALIZER("leak_q",
125 "@(#)$Debug: leak_q - trace memory leaks during queue processing $");
126 #endif /* SM_HEAP_CHECK */
129 ** We use EmptyString instead of "" to avoid
130 ** 'zero-length format string' warnings from gcc
133 static const char EmptyString[] = "";
135 static void grow_wlist __P((int, int));
136 static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *));
137 static int gatherq __P((int, int, bool, bool *, bool *));
138 static int sortq __P((int));
139 static void printctladdr __P((ADDRESS *, SM_FILE_T *));
140 static bool readqf __P((ENVELOPE *, bool));
141 static void restart_work_group __P((int));
142 static void runner_work __P((ENVELOPE *, int, bool, int, int));
143 static void schedule_queue_runs __P((bool, int, bool));
144 static char *strrev __P((char *));
145 static ADDRESS *setctluser __P((char *, int, ENVELOPE *));
147 static int sm_strshufflecmp __P((char *, char *));
148 static void init_shuffle_alphabet __P(());
149 #endif /* _FFR_RHS */
152 ** Note: workcmpf?() don't use a prototype because it will cause a conflict
153 ** with the qsort() call (which expects something like
154 ** int (*compar)(const void *, const void *), not (WORK *, WORK *))
157 static int workcmpf0();
158 static int workcmpf1();
159 static int workcmpf2();
160 static int workcmpf3();
161 static int workcmpf4();
162 static int randi = 3; /* index for workcmpf5() */
163 static int workcmpf5();
164 static int workcmpf6();
166 static int workcmpf7();
167 #endif /* _FFR_RHS */
170 # define get_rand_mod(m) ((get_random() >> RANDOMSHIFT) % (m))
171 #else /* RANDOMSHIFT */
172 # define get_rand_mod(m) (get_random() % (m))
173 #endif /* RANDOMSHIFT */
176 ** File system definition.
177 ** Used to keep track of how much free space is available
178 ** on a file system in which one or more queue directories reside.
181 typedef struct filesys_shared FILESYS;
183 struct filesys_shared
185 dev_t fs_dev; /* unique device id */
186 long fs_avail; /* number of free blocks available */
187 long fs_blksize; /* block size, in bytes */
190 /* probably kept in shared memory */
191 static FILESYS FileSys[MAXFILESYS]; /* queue file systems */
192 static const char *FSPath[MAXFILESYS]; /* pathnames for file systems */
197 ** Shared memory data
200 ** size -- size of shared memory segment
201 ** pid -- pid of owner, should be a unique id to avoid misinterpretations
202 ** by other processes.
203 ** tag -- should be a unique id to avoid misinterpretations by others.
204 ** idea: hash over configuration data that will be stored here.
205 ** NumFileSys -- number of file systems.
206 ** FileSys -- (arrary of) structure for used file systems.
207 ** RSATmpCnt -- counter for number of uses of ephemeral RSA key.
208 ** QShm -- (array of) structure for information about queue directories.
212 ** Queue data in shared memory
215 typedef struct queue_shared QUEUE_SHM_T;
219 int qs_entries; /* number of entries */
220 /* XXX more to follow? */
223 static void *Pshm; /* pointer to shared memory */
224 static FILESYS *PtrFileSys; /* pointer to queue file system array */
225 int ShmId = SM_SHM_NO_ID; /* shared memory id */
226 static QUEUE_SHM_T *QShm; /* pointer to shared queue data */
229 # define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int))
230 # define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int))
231 # define SHM_OFF_HEAD (sizeof(pid_t) + sizeof(int) * 2)
233 /* how to access FileSys */
234 # define FILE_SYS(i) (PtrFileSys[i])
236 /* first entry is a tag, for now just the size */
237 # define OFF_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD)
239 /* offset for PNumFileSys */
240 # define OFF_NUM_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys))
242 /* offset for PRSATmpCnt */
243 # define OFF_RSA_TMP_CNT(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int))
246 /* offset for queue_shm */
247 # define OFF_QUEUE_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
249 # define QSHM_ENTRIES(i) QShm[i].qs_entries
251 /* basic size of shared memory segment */
252 # define SM_T_SIZE (SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
254 static unsigned int hash_q __P((char *, unsigned int));
257 ** HASH_Q -- simple hash function
260 ** p -- string to hash.
261 ** h -- hash start value (from previous run).
279 h += (c<<11) ^ (c>>1);
280 h ^= (d<<14) + (d<<7) + (d<<4) + d;
286 #else /* SM_CONF_SHM */
287 # define FILE_SYS(i) FileSys[i]
288 #endif /* SM_CONF_SHM */
290 /* access to the various components of file system data */
291 #define FILE_SYS_NAME(i) FSPath[i]
292 #define FILE_SYS_AVAIL(i) FILE_SYS(i).fs_avail
293 #define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize
294 #define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev
298 ** Current qf file field assignments:
302 ** C controlling user
304 ** d data file directory name (added in 8.12)
307 ** G free (was: queue delay algorithm if _FFR_QUEUEDELAY)
309 ** I data file's inode number
310 ** K time of last delivery attempt
311 ** L Solaris Content-Length: header (obsolete)
313 ** N number of delivery attempts
314 ** P message priority
315 ** q quarantine reason
316 ** Q original recipient (ORCPT=)
317 ** r final recipient (Final-Recipient: DSN field)
321 ** V queue file version
322 ** X free (was: character set if _FFR_SAVE_CHARSET)
323 ** Y free (was: current delay if _FFR_QUEUEDELAY)
324 ** Z original envelope id from ESMTP
325 ** ! deliver by (added in 8.12)
331 ** QUEUEUP -- queue a message up for future transmission.
334 ** e -- the envelope to queue up.
335 ** announce -- if true, tell when you are queueing up.
336 ** msync -- if true, then fsync() if SuperSafe interactive mode.
342 ** The current request is saved in a control file.
343 ** The queue file is left locked.
347 queueup(e, announce, msync)
348 register ENVELOPE *e;
352 register SM_FILE_T *tfp;
367 ** Create control file.
372 MODE_T oldumask = 0; \
374 if (bitset(S_IWGRP, QueueFileMode)) \
375 oldumask = umask(002); \
376 tfd = open(tf, TF_OPEN_FLAGS, QueueFileMode); \
377 if (bitset(S_IWGRP, QueueFileMode)) \
378 (void) umask(oldumask); \
382 newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags);
383 (void) sm_strlcpy(tf, queuename(e, NEWQFL_LETTER), sizeof(tf));
385 if (tfp == NULL && newid)
388 ** open qf file directly: this will give an error if the file
389 ** already exists and hence prevent problems if a queue-id
390 ** is reused (e.g., because the clock is set back).
393 (void) sm_strlcpy(tf, queuename(e, ANYQFL_LETTER), sizeof(tf));
397 !lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB) ||
398 #endif /* !SM_OPEN_EXLOCK */
399 (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
400 (void *) &tfd, SM_IO_WRONLY,
403 int save_errno = errno;
407 syserr("!queueup: cannot create queue file %s, euid=%d, fd=%d, fp=%p",
408 tf, (int) geteuid(), tfd, tfp);
412 upd_qs(e, 1, 0, "queueup");
415 /* if newid, write the queue file directly (instead of temp file) */
418 /* get a locked tf file */
419 for (i = 0; i < 128; i++)
428 if (LogLevel > 0 && (i % 32) == 0)
429 sm_syslog(LOG_ALERT, e->e_id,
430 "queueup: cannot create %s, euid=%d: %s",
432 sm_errstring(errno));
437 #endif /* SM_OPEN_EXLOCK */
442 /* file is locked by open() */
444 #else /* SM_OPEN_EXLOCK */
445 if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB))
448 #endif /* SM_OPEN_EXLOCK */
449 if (LogLevel > 0 && (i % 32) == 0)
450 sm_syslog(LOG_ALERT, e->e_id,
451 "queueup: cannot lock %s: %s",
452 tf, sm_errstring(errno));
462 /* save the old temp file away */
463 (void) rename(tf, queuename(e, TEMPQF_LETTER));
466 (void) sleep(i % 32);
468 if (tfd < 0 || (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
469 (void *) &tfd, SM_IO_WRONLY_B,
472 int save_errno = errno;
476 syserr("!queueup: cannot create queue temp file %s, uid=%d",
477 tf, (int) geteuid());
482 sm_dprintf("\n>>>>> queueing %s/%s%s >>>>>\n",
483 qid_printqueue(e->e_qgrp, e->e_qdir),
484 queuename(e, ANYQFL_LETTER),
485 newid ? " (new id)" : "");
488 sm_dprintf(" e_flags=");
493 sm_dprintf(" sendq=");
494 printaddr(sm_debug_file(), e->e_sendqueue, true);
499 dumpfd(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL), true, false);
500 sm_dprintf(" lockfp=");
501 if (e->e_lockfp == NULL)
502 sm_dprintf("NULL\n");
504 dumpfd(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL),
509 ** If there is no data file yet, create one.
512 (void) sm_strlcpy(df, queuename(e, DATAFL_LETTER), sizeof(df));
513 if (bitset(EF_HAS_DF, e->e_flags))
515 if (e->e_dfp != NULL &&
516 SuperSafe != SAFE_REALLY &&
517 SuperSafe != SAFE_REALLY_POSTMILTER &&
518 sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
521 syserr("!queueup: cannot commit data file %s, uid=%d",
522 queuename(e, DATAFL_LETTER), (int) geteuid());
524 if (e->e_dfp != NULL &&
525 SuperSafe == SAFE_INTERACTIVE && msync)
528 sm_syslog(LOG_INFO, e->e_id,
529 "queueup: fsync(e->e_dfp)");
531 if (fsync(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD,
535 syserr("!552 Error writing data file %s",
538 syserr("!452 Error writing data file %s",
547 register SM_FILE_T *dfp = NULL;
550 if (e->e_dfp != NULL &&
551 sm_io_getinfo(e->e_dfp, SM_IO_WHAT_ISTYPE, BF_FILE_TYPE))
552 syserr("committing over bf file");
554 if (bitset(S_IWGRP, QueueFileMode))
555 oldumask = umask(002);
556 dfd = open(df, O_WRONLY|O_CREAT|O_TRUNC|QF_O_EXTRA,
558 if (bitset(S_IWGRP, QueueFileMode))
559 (void) umask(oldumask);
560 if (dfd < 0 || (dfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
561 (void *) &dfd, SM_IO_WRONLY_B,
563 syserr("!queueup: cannot create data temp file %s, uid=%d",
564 df, (int) geteuid());
565 if (fstat(dfd, &stbuf) < 0)
569 e->e_dfdev = stbuf.st_dev;
570 e->e_dfino = ST_INODE(stbuf);
572 e->e_flags |= EF_HAS_DF;
573 memset(&mcibuf, '\0', sizeof(mcibuf));
574 mcibuf.mci_out = dfp;
575 mcibuf.mci_mailer = FileMailer;
576 (*e->e_putbody)(&mcibuf, e, NULL);
578 if (SuperSafe == SAFE_REALLY ||
579 SuperSafe == SAFE_REALLY_POSTMILTER ||
580 (SuperSafe == SAFE_INTERACTIVE && msync))
583 sm_syslog(LOG_INFO, e->e_id,
584 "queueup: fsync(dfp)");
586 if (fsync(sm_io_getinfo(dfp, SM_IO_WHAT_FD, NULL)) < 0)
589 syserr("!552 Error writing data file %s",
592 syserr("!452 Error writing data file %s",
597 if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0)
598 syserr("!queueup: cannot save data temp file %s, uid=%d",
599 df, (int) geteuid());
600 e->e_putbody = putbody;
604 ** Output future work requests.
605 ** Priority and creation time should be first, since
606 ** they are required by gatherq.
609 /* output queue version number (must be first!) */
610 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "V%d\n", QF_VERSION);
612 /* output creation time */
613 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "T%ld\n", (long) e->e_ctime);
615 /* output last delivery time */
616 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "K%ld\n", (long) e->e_dtime);
618 /* output number of delivery attempts */
619 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "N%d\n", e->e_ntries);
621 /* output message priority */
622 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "P%ld\n", e->e_msgpriority);
625 ** If data file is in a different directory than the queue file,
626 ** output a "d" record naming the directory of the data file.
629 if (e->e_dfqgrp != e->e_qgrp)
631 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "d%s\n",
632 Queue[e->e_dfqgrp]->qg_qpaths[e->e_dfqdir].qp_name);
635 /* output inode number of data file */
636 /* XXX should probably include device major/minor too */
637 if (e->e_dfino != -1)
639 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n",
640 (long) major(e->e_dfdev),
641 (long) minor(e->e_dfdev),
642 (ULONGLONG_T) e->e_dfino);
645 /* output body type */
646 if (e->e_bodytype != NULL)
647 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "B%s\n",
648 denlstring(e->e_bodytype, true, false));
650 /* quarantine reason */
651 if (e->e_quarmsg != NULL)
652 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "q%s\n",
653 denlstring(e->e_quarmsg, true, false));
655 /* message from envelope, if it exists */
656 if (e->e_message != NULL)
657 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
658 denlstring(e->e_message, true, false));
660 /* send various flag bits through */
662 if (bitset(EF_WARNING, e->e_flags))
664 if (bitset(EF_RESPONSE, e->e_flags))
666 if (bitset(EF_HAS8BIT, e->e_flags))
668 if (bitset(EF_DELETE_BCC, e->e_flags))
670 if (bitset(EF_RET_PARAM, e->e_flags))
672 if (bitset(EF_NO_BODY_RETN, e->e_flags))
674 if (bitset(EF_SPLIT, e->e_flags))
678 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "F%s\n", buf);
680 /* save $={persistentMacros} macro values */
681 queueup_macros(macid("{persistentMacros}"), tfp, e);
683 /* output name of sender */
684 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
687 p = e->e_from.q_paddr;
688 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "S%s\n",
689 denlstring(p, true, false));
691 /* output ESMTP-supplied "original" information */
692 if (e->e_envid != NULL)
693 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Z%s\n",
694 denlstring(e->e_envid, true, false));
696 /* output AUTH= parameter */
697 if (e->e_auth_param != NULL)
698 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "A%s\n",
699 denlstring(e->e_auth_param, true, false));
700 if (e->e_dlvr_flag != 0)
701 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "!%c %ld\n",
702 (char) e->e_dlvr_flag, e->e_deliver_by);
704 /* output list of recipient addresses */
705 printctladdr(NULL, NULL);
706 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
708 if (!QS_IS_UNDELIVERED(q->q_state))
711 /* message for this recipient, if it exists */
712 if (q->q_message != NULL)
713 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
714 denlstring(q->q_message, true,
717 printctladdr(q, tfp);
718 if (q->q_orcpt != NULL)
719 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Q%s\n",
720 denlstring(q->q_orcpt, true,
722 if (q->q_finalrcpt != NULL)
723 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "r%s\n",
724 denlstring(q->q_finalrcpt, true,
726 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'R');
727 if (bitset(QPRIMARY, q->q_flags))
728 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'P');
729 if (bitset(QHASNOTIFY, q->q_flags))
730 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'N');
731 if (bitset(QPINGONSUCCESS, q->q_flags))
732 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'S');
733 if (bitset(QPINGONFAILURE, q->q_flags))
734 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'F');
735 if (bitset(QPINGONDELAY, q->q_flags))
736 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'D');
737 if (q->q_alias != NULL &&
738 bitset(QALIAS, q->q_alias->q_flags))
739 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'A');
740 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, ':');
741 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s\n",
742 denlstring(q->q_paddr, true, false));
745 char *tag = "queued";
747 if (e->e_quarmsg != NULL)
750 e->e_to = q->q_paddr;
753 logdelivery(q->q_mailer, NULL, q->q_status,
754 tag, NULL, (time_t) 0, e);
759 sm_dprintf("queueing ");
760 printaddr(sm_debug_file(), q, false);
765 ** Output headers for this message.
766 ** Expand macros completely here. Queue run will deal with
767 ** everything as absolute headers.
768 ** All headers that must be relative to the recipient
769 ** can be cracked later.
770 ** We set up a "null mailer" -- i.e., a mailer that will have
771 ** no effect on the addresses as they are output.
774 memset((char *) &nullmailer, '\0', sizeof(nullmailer));
775 nullmailer.m_re_rwset = nullmailer.m_rh_rwset =
776 nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1;
777 nullmailer.m_eol = "\n";
778 memset(&mcibuf, '\0', sizeof(mcibuf));
779 mcibuf.mci_mailer = &nullmailer;
780 mcibuf.mci_out = tfp;
782 macdefine(&e->e_macro, A_PERM, 'g', "\201f");
783 for (h = e->e_header; h != NULL; h = h->h_link)
785 if (h->h_value == NULL)
788 /* don't output resent headers on non-resent messages */
789 if (bitset(H_RESENT, h->h_flags) &&
790 !bitset(EF_RESENT, e->e_flags))
793 /* expand macros; if null, don't output header at all */
794 if (bitset(H_DEFAULT, h->h_flags))
796 (void) expand(h->h_value, buf, sizeof(buf), e);
799 if (buf[0] == ' ' && buf[1] == '\0')
803 /* output this header */
804 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "H?");
806 /* output conditional macro if present */
807 if (h->h_macro != '\0')
809 if (bitset(0200, h->h_macro))
810 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
812 macname(bitidx(h->h_macro)));
814 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
817 else if (!bitzerop(h->h_mflags) &&
818 bitset(H_CHECK|H_ACHECK, h->h_flags))
822 /* if conditional, output the set of conditions */
823 for (j = '\0'; j <= '\177'; j++)
824 if (bitnset(j, h->h_mflags))
825 (void) sm_io_putc(tfp, SM_TIME_DEFAULT,
828 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, '?');
830 /* output the header: expand macros, convert addresses */
831 if (bitset(H_DEFAULT, h->h_flags) &&
832 !bitset(H_BINDLATE, h->h_flags))
834 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n",
836 denlstring(buf, false, true));
838 else if (bitset(H_FROM|H_RCPT, h->h_flags) &&
839 !bitset(H_BINDLATE, h->h_flags))
841 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
842 SM_FILE_T *savetrace = TrafficLogFile;
844 TrafficLogFile = NULL;
846 if (bitset(H_FROM, h->h_flags))
848 commaize(h, h->h_value, oldstyle, &mcibuf, e,
851 TrafficLogFile = savetrace;
855 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n",
857 denlstring(h->h_value, false,
865 ** Write a terminator record -- this is to prevent
866 ** scurrilous crackers from appending any data.
869 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ".\n");
871 if (sm_io_flush(tfp, SM_TIME_DEFAULT) != 0 ||
872 ((SuperSafe == SAFE_REALLY ||
873 SuperSafe == SAFE_REALLY_POSTMILTER ||
874 (SuperSafe == SAFE_INTERACTIVE && msync)) &&
875 fsync(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL)) < 0) ||
879 syserr("!552 Error writing control file %s", tf);
881 syserr("!452 Error writing control file %s", tf);
886 char new = queue_letter(e, ANYQFL_LETTER);
888 /* rename (locked) tf to be (locked) [qh]f */
889 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER),
891 if (rename(tf, qf) < 0)
892 syserr("cannot rename(%s, %s), uid=%d",
893 tf, qf, (int) geteuid());
897 ** Check if type has changed and only
898 ** remove the old item if the rename above
902 if (e->e_qfletter != '\0' &&
903 e->e_qfletter != new)
907 sm_dprintf("type changed from %c to %c\n",
911 if (unlink(queuename(e, e->e_qfletter)) < 0)
913 /* XXX: something more drastic? */
915 sm_syslog(LOG_ERR, e->e_id,
916 "queueup: unlink(%s) failed: %s",
917 queuename(e, e->e_qfletter),
918 sm_errstring(errno));
925 ** fsync() after renaming to make sure metadata is
926 ** written to disk on filesystems in which renames are
930 if (SuperSafe != SAFE_NO)
932 /* for softupdates */
933 if (tfd >= 0 && fsync(tfd) < 0)
935 syserr("!queueup: cannot fsync queue temp file %s",
941 /* close and unlock old (locked) queue file */
942 if (e->e_lockfp != NULL)
943 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
948 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", qf);
954 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", tf);
956 e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
960 e->e_flags |= EF_INQUEUE;
963 sm_dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id);
968 ** PRINTCTLADDR -- print control address to file.
972 ** tfp -- file pointer.
978 ** The control address (if changed) is printed to the file.
979 ** The last control address and uid are saved.
991 static ADDRESS *lastctladdr = NULL;
992 static uid_t lastuid;
995 if (a == NULL || a->q_alias == NULL || tfp == NULL)
997 if (lastctladdr != NULL && tfp != NULL)
998 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C\n");
1004 /* find the active uid */
1014 user = q->q_ruser != NULL ? q->q_ruser : q->q_user;
1020 /* check to see if this is the same as last time */
1021 if (lastctladdr != NULL && uid == lastuid &&
1022 strcmp(lastctladdr->q_paddr, a->q_paddr) == 0)
1027 if (uid == 0 || user == NULL || user[0] == '\0')
1028 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C");
1030 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C%s:%ld:%ld",
1031 denlstring(user, true, false), (long) uid,
1033 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ":%s\n",
1034 denlstring(a->q_paddr, true, false));
1038 ** RUNNERS_SIGTERM -- propagate a SIGTERM to queue runner process
1040 ** This propagates the signal to the child processes that are queue
1041 ** runners. This is for a queue runner "cleanup". After all of the
1042 ** child queue runner processes are signaled (it should be SIGTERM
1043 ** being the sig) then the old signal handler (Oldsh) is called
1044 ** to handle any cleanup set for this process (provided it is not
1045 ** SIG_DFL or SIG_IGN). The signal may not be handled immediately
1046 ** if the BlockOldsh flag is set. If the current process doesn't
1047 ** have a parent then handle the signal immediately, regardless of
1051 ** sig -- the signal number being sent
1057 ** Sets the NoMoreRunners boolean to true to stop more runners
1058 ** from being started in runqueue().
1060 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1061 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1065 static bool volatile NoMoreRunners = false;
1066 static sigfunc_t Oldsh_term = SIG_DFL;
1067 static sigfunc_t Oldsh_hup = SIG_DFL;
1068 static sigfunc_t volatile Oldsh = SIG_DFL;
1069 static bool BlockOldsh = false;
1070 static int volatile Oldsig = 0;
1071 static SIGFUNC_DECL runners_sigterm __P((int));
1072 static SIGFUNC_DECL runners_sighup __P((int));
1075 runners_sigterm(sig)
1078 int save_errno = errno;
1080 FIX_SYSV_SIGNAL(sig, runners_sigterm);
1082 CHECK_CRITICAL(sig);
1083 NoMoreRunners = true;
1086 proc_list_signal(PROC_QUEUE, sig);
1088 if (!BlockOldsh || getppid() <= 1)
1090 /* Check that a valid 'old signal handler' is callable */
1091 if (Oldsh_term != SIG_DFL && Oldsh_term != SIG_IGN &&
1092 Oldsh_term != runners_sigterm)
1096 return SIGFUNC_RETURN;
1099 ** RUNNERS_SIGHUP -- propagate a SIGHUP to queue runner process
1101 ** This propagates the signal to the child processes that are queue
1102 ** runners. This is for a queue runner "cleanup". After all of the
1103 ** child queue runner processes are signaled (it should be SIGHUP
1104 ** being the sig) then the old signal handler (Oldsh) is called to
1105 ** handle any cleanup set for this process (provided it is not SIG_DFL
1106 ** or SIG_IGN). The signal may not be handled immediately if the
1107 ** BlockOldsh flag is set. If the current process doesn't have
1108 ** a parent then handle the signal immediately, regardless of
1112 ** sig -- the signal number being sent
1118 ** Sets the NoMoreRunners boolean to true to stop more runners
1119 ** from being started in runqueue().
1121 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1122 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1130 int save_errno = errno;
1132 FIX_SYSV_SIGNAL(sig, runners_sighup);
1134 CHECK_CRITICAL(sig);
1135 NoMoreRunners = true;
1138 proc_list_signal(PROC_QUEUE, sig);
1140 if (!BlockOldsh || getppid() <= 1)
1142 /* Check that a valid 'old signal handler' is callable */
1143 if (Oldsh_hup != SIG_DFL && Oldsh_hup != SIG_IGN &&
1144 Oldsh_hup != runners_sighup)
1148 return SIGFUNC_RETURN;
1151 ** MARK_WORK_GROUP_RESTART -- mark a work group as needing a restart
1153 ** Sets a workgroup for restarting.
1156 ** wgrp -- the work group id to restart.
1157 ** reason -- why (signal?), -1 to turn off restart
1163 ** May set global RestartWorkGroup to true.
1165 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1166 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1171 mark_work_group_restart(wgrp, reason)
1175 if (wgrp < 0 || wgrp > NumWorkGroups)
1178 WorkGrp[wgrp].wg_restart = reason;
1180 RestartWorkGroup = true;
1183 ** RESTART_MARKED_WORK_GROUPS -- restart work groups marked as needing restart
1185 ** Restart any workgroup marked as needing a restart provided more
1186 ** runners are allowed.
1195 ** Sets global RestartWorkGroup to false.
1199 restart_marked_work_groups()
1207 /* Block SIGCHLD so reapchild() doesn't mess with us */
1208 wasblocked = sm_blocksignal(SIGCHLD);
1210 for (i = 0; i < NumWorkGroups; i++)
1212 if (WorkGrp[i].wg_restart >= 0)
1215 sm_syslog(LOG_ERR, NOQID,
1216 "restart queue runner=%d due to signal 0x%x",
1217 i, WorkGrp[i].wg_restart);
1218 restart_work_group(i);
1221 RestartWorkGroup = false;
1223 if (wasblocked == 0)
1224 (void) sm_releasesignal(SIGCHLD);
1227 ** RESTART_WORK_GROUP -- restart a specific work group
1229 ** Restart a specific workgroup provided more runners are allowed.
1230 ** If the requested work group has been restarted too many times log
1231 ** this and refuse to restart.
1234 ** wgrp -- the work group id to restart
1240 ** starts another process doing the work of wgrp
1243 #define MAX_PERSIST_RESTART 10 /* max allowed number of restarts */
1246 restart_work_group(wgrp)
1249 if (NoMoreRunners ||
1250 wgrp < 0 || wgrp > NumWorkGroups)
1253 WorkGrp[wgrp].wg_restart = -1;
1254 if (WorkGrp[wgrp].wg_restartcnt < MAX_PERSIST_RESTART)
1256 /* avoid overflow; increment here */
1257 WorkGrp[wgrp].wg_restartcnt++;
1258 (void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL);
1262 sm_syslog(LOG_ERR, NOQID,
1263 "ERROR: persistent queue runner=%d restarted too many times, queue runner lost",
1268 ** SCHEDULE_QUEUE_RUNS -- schedule the next queue run for a work group.
1271 ** runall -- schedule even if individual bit is not set.
1272 ** wgrp -- the work group id to schedule.
1273 ** didit -- the queue run was performed for this work group.
1279 #define INCR_MOD(v, m) if (++v >= m) \
1284 schedule_queue_runs(runall, wgrp, didit)
1289 int qgrp, cgrp, endgrp;
1290 #if _FFR_QUEUE_SCHED_DBG
1293 #endif /* _FFR_QUEUE_SCHED_DBG */
1298 ** This is a bit ugly since we have to duplicate the
1299 ** code that "walks" through a work queue group.
1304 cgrp = endgrp = WorkGrp[wgrp].wg_curqgrp;
1309 #if _FFR_QUEUE_SCHED_DBG
1312 #endif /* _FFR_QUEUE_SCHED_DBG */
1313 qgrp = WorkGrp[wgrp].wg_qgs[cgrp]->qg_index;
1314 if (Queue[qgrp]->qg_queueintvl > 0)
1315 qintvl = Queue[qgrp]->qg_queueintvl;
1316 else if (QueueIntvl > 0)
1317 qintvl = QueueIntvl;
1319 qintvl = (time_t) 0;
1320 #if _FFR_QUEUE_SCHED_DBG
1321 lastsched = Queue[qgrp]->qg_nextrun;
1322 #endif /* _FFR_QUEUE_SCHED_DBG */
1323 if ((runall || Queue[qgrp]->qg_nextrun <= now) && qintvl > 0)
1325 #if _FFR_QUEUE_SCHED_DBG
1327 #endif /* _FFR_QUEUE_SCHED_DBG */
1328 if (minqintvl == 0 || qintvl < minqintvl)
1332 ** Only set a new time if a queue run was performed
1333 ** for this queue group. If the queue was not run,
1334 ** we could starve it by setting a new time on each
1339 Queue[qgrp]->qg_nextrun += qintvl;
1341 #if _FFR_QUEUE_SCHED_DBG
1343 sm_syslog(LOG_INFO, NOQID,
1344 "sqr: wgrp=%d, cgrp=%d, qgrp=%d, intvl=%ld, QI=%ld, runall=%d, lastrun=%ld, nextrun=%ld, sched=%d",
1345 wgrp, cgrp, qgrp, Queue[qgrp]->qg_queueintvl,
1346 QueueIntvl, runall, lastsched,
1347 Queue[qgrp]->qg_nextrun, sched);
1348 #endif /* _FFR_QUEUE_SCHED_DBG */
1349 INCR_MOD(cgrp, WorkGrp[wgrp].wg_numqgrp);
1350 } while (endgrp != cgrp);
1352 (void) sm_setevent(minqintvl, runqueueevent, 0);
1355 #if _FFR_QUEUE_RUN_PARANOIA
1357 ** CHECKQUEUERUNNER -- check whether a queue group hasn't been run.
1359 ** Use this if events may get lost and hence queue runners may not
1360 ** be started and mail will pile up in a queue.
1366 ** true if a queue run is necessary.
1369 ** may schedule a queue run.
1376 time_t now, minqintvl;
1380 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
1384 if (Queue[qgrp]->qg_queueintvl > 0)
1385 qintvl = Queue[qgrp]->qg_queueintvl;
1386 else if (QueueIntvl > 0)
1387 qintvl = QueueIntvl;
1389 qintvl = (time_t) 0;
1390 if (Queue[qgrp]->qg_nextrun <= now - qintvl)
1392 if (minqintvl == 0 || qintvl < minqintvl)
1395 sm_syslog(LOG_WARNING, NOQID,
1396 "checkqueuerunner: queue %d should have been run at %s, queue interval %ld",
1398 arpadate(ctime(&Queue[qgrp]->qg_nextrun)),
1404 (void) sm_setevent(minqintvl, runqueueevent, 0);
1409 #endif /* _FFR_QUEUE_RUN_PARANOIA */
1412 ** RUNQUEUE -- run the jobs in the queue.
1414 ** Gets the stuff out of the queue in some presumably logical
1415 ** order and processes them.
1418 ** forkflag -- true if the queue scanning should be done in
1419 ** a child process. We double-fork so it is not our
1420 ** child and we don't have to clean up after it.
1421 ** false can be ignored if we have multiple queues.
1422 ** verbose -- if true, print out status information.
1423 ** persistent -- persistent queue runner?
1424 ** runall -- run all groups or only a subset (DoQueueRun)?
1427 ** true if the queue run successfully began.
1430 ** runs things in the mail queue using run_work_group().
1431 ** maybe schedules next queue run.
1434 static ENVELOPE QueueEnvelope; /* the queue run envelope */
1435 static time_t LastQueueTime = 0; /* last time a queue ID assigned */
1436 static pid_t LastQueuePid = -1; /* last PID which had a queue ID */
1438 /* values for qp_supdirs */
1439 #define QP_NOSUB 0x0000 /* No subdirectories */
1440 #define QP_SUBDF 0x0001 /* "df" subdirectory */
1441 #define QP_SUBQF 0x0002 /* "qf" subdirectory */
1442 #define QP_SUBXF 0x0004 /* "xf" subdirectory */
1445 runqueue(forkflag, verbose, persistent, runall)
1453 static int curnum = 0;
1456 SM_NONVOLATILE int oldgroup = 0;
1458 if (sm_debug_active(&DebugLeakQ, 1))
1460 oldgroup = sm_heap_group();
1462 sm_dprintf("runqueue() heap group #%d\n", sm_heap_group());
1464 #endif /* SM_HEAP_CHECK */
1466 /* queue run has been started, don't do any more this time */
1469 /* more than one queue or more than one directory per queue */
1470 if (!forkflag && !verbose &&
1471 (WorkGrp[0].wg_qgs[0]->qg_numqueues > 1 || NumWorkGroups > 1 ||
1472 WorkGrp[0].wg_numqgrp > 1))
1476 ** For controlling queue runners via signals sent to this process.
1477 ** Oldsh* will get called too by runners_sig* (if it is not SIG_IGN
1478 ** or SIG_DFL) to preserve cleanup behavior. Now that this process
1479 ** will have children (and perhaps grandchildren) this handler will
1480 ** be left in place. This is because this process, once it has
1481 ** finished spinning off queue runners, may go back to doing something
1482 ** else (like being a daemon). And we still want on a SIG{TERM,HUP} to
1483 ** clean up the child queue runners. Only install 'runners_sig*' once
1484 ** else we'll get stuck looping forever.
1487 cursh = sm_signal(SIGTERM, runners_sigterm);
1488 if (cursh != runners_sigterm)
1490 cursh = sm_signal(SIGHUP, runners_sighup);
1491 if (cursh != runners_sighup)
1494 for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++)
1496 int rwgflags = RWG_NONE;
1499 ** If MaxQueueChildren active then test whether the start
1500 ** of the next queue group's additional queue runners (maximum)
1501 ** will result in MaxQueueChildren being exceeded.
1503 ** Note: do not use continue; even though another workgroup
1504 ** may have fewer queue runners, this would be "unfair",
1505 ** i.e., this work group might "starve" then.
1508 #if _FFR_QUEUE_SCHED_DBG
1510 sm_syslog(LOG_INFO, NOQID,
1511 "rq: curnum=%d, MaxQueueChildren=%d, CurRunners=%d, WorkGrp[curnum].wg_maxact=%d",
1512 curnum, MaxQueueChildren, CurRunners,
1513 WorkGrp[curnum].wg_maxact);
1514 #endif /* _FFR_QUEUE_SCHED_DBG */
1515 if (MaxQueueChildren > 0 &&
1516 CurRunners + WorkGrp[curnum].wg_maxact > MaxQueueChildren)
1520 ** Pick up where we left off (curnum), in case we
1521 ** used up all the children last time without finishing.
1522 ** This give a round-robin fairness to queue runs.
1524 ** Increment CurRunners before calling run_work_group()
1525 ** to avoid a "race condition" with proc_list_drop() which
1526 ** decrements CurRunners if the queue runners terminate.
1527 ** Notice: CurRunners is an upper limit, in some cases
1528 ** (too few jobs in the queue) this value is larger than
1529 ** the actual number of queue runners. The discrepancy can
1530 ** increase if some queue runners "hang" for a long time.
1533 CurRunners += WorkGrp[curnum].wg_maxact;
1535 rwgflags |= RWG_FORK;
1537 rwgflags |= RWG_VERBOSE;
1539 rwgflags |= RWG_PERSISTENT;
1541 rwgflags |= RWG_RUNALL;
1542 ret = run_work_group(curnum, rwgflags);
1545 ** Failure means a message was printed for ETRN
1546 ** and subsequent queues are likely to fail as well.
1547 ** Decrement CurRunners in that case because
1548 ** none have been started.
1553 CurRunners -= WorkGrp[curnum].wg_maxact;
1558 schedule_queue_runs(runall, curnum, true);
1559 INCR_MOD(curnum, NumWorkGroups);
1562 /* schedule left over queue runs */
1563 if (i < NumWorkGroups && !NoMoreRunners && !persistent)
1567 for (h = curnum; i < NumWorkGroups; i++)
1569 schedule_queue_runs(runall, h, false);
1570 INCR_MOD(h, NumWorkGroups);
1576 if (sm_debug_active(&DebugLeakQ, 1))
1577 sm_heap_setgroup(oldgroup);
1578 #endif /* SM_HEAP_CHECK */
1582 #if _FFR_SKIP_DOMAINS
1584 ** SKIP_DOMAINS -- Skip 'skip' number of domains in the WorkQ.
1586 ** Added by Stephen Frost <sfrost@snowman.net> to support
1587 ** having each runner process every N'th domain instead of
1588 ** every N'th message.
1591 ** skip -- number of domains in WorkQ to skip.
1594 ** total number of messages skipped.
1606 for (n = 0, seqjump = 0; n < skip && WorkQ != NULL; seqjump++)
1608 if (WorkQ->w_next != NULL)
1610 if (WorkQ->w_host != NULL &&
1611 WorkQ->w_next->w_host != NULL)
1613 if (sm_strcasecmp(WorkQ->w_host,
1614 WorkQ->w_next->w_host) != 0)
1619 if ((WorkQ->w_host != NULL &&
1620 WorkQ->w_next->w_host == NULL) ||
1621 (WorkQ->w_host == NULL &&
1622 WorkQ->w_next->w_host != NULL))
1626 WorkQ = WorkQ->w_next;
1630 #endif /* _FFR_SKIP_DOMAINS */
1633 ** RUNNER_WORK -- have a queue runner do its work
1635 ** Have a queue runner do its work a list of entries.
1636 ** When work isn't directly being done then this process can take a signal
1637 ** and terminate immediately (in a clean fashion of course).
1638 ** When work is directly being done, it's not to be interrupted
1639 ** immediately: the work should be allowed to finish at a clean point
1640 ** before termination (in a clean fashion of course).
1644 ** sequenceno -- 'th process to run WorkQ.
1645 ** didfork -- did the calling process fork()?
1646 ** skip -- process only each skip'th item.
1647 ** njobs -- number of jobs in WorkQ.
1653 ** runs things in the mail queue.
1657 runner_work(e, sequenceno, didfork, skip, njobs)
1658 register ENVELOPE *e;
1671 ** Here we temporarily block the second calling of the handlers.
1672 ** This allows us to handle the signal without terminating in the
1673 ** middle of direct work. If a signal does come, the test for
1674 ** NoMoreRunners will find it.
1680 /* process them once at a time */
1681 while (WorkQ != NULL)
1684 SM_NONVOLATILE int oldgroup = 0;
1686 if (sm_debug_active(&DebugLeakQ, 1))
1688 oldgroup = sm_heap_group();
1690 sm_dprintf("run_queue_group() heap group #%d\n",
1693 #endif /* SM_HEAP_CHECK */
1695 /* do no more work */
1698 /* Check that a valid signal handler is callable */
1699 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
1700 Oldsh != runners_sighup &&
1701 Oldsh != runners_sigterm)
1706 w = WorkQ; /* assign current work item */
1709 ** Set the head of the WorkQ to the next work item.
1710 ** It is set 'skip' ahead (the number of parallel queue
1711 ** runners working on WorkQ together) since each runner
1712 ** works on every 'skip'th (N-th) item.
1713 #if _FFR_SKIP_DOMAINS
1714 ** In the case of the BYHOST Queue Sort Order, the 'item'
1715 ** is a domain, so we work on every 'skip'th (N-th) domain.
1716 #endif * _FFR_SKIP_DOMAINS *
1719 #if _FFR_SKIP_DOMAINS
1720 if (QueueSortOrder == QSO_BYHOST)
1723 if (WorkQ->w_next != NULL)
1725 if (WorkQ->w_host != NULL &&
1726 WorkQ->w_next->w_host != NULL)
1728 if (sm_strcasecmp(WorkQ->w_host,
1729 WorkQ->w_next->w_host)
1731 seqjump = skip_domains(skip);
1733 WorkQ = WorkQ->w_next;
1737 if ((WorkQ->w_host != NULL &&
1738 WorkQ->w_next->w_host == NULL) ||
1739 (WorkQ->w_host == NULL &&
1740 WorkQ->w_next->w_host != NULL))
1741 seqjump = skip_domains(skip);
1743 WorkQ = WorkQ->w_next;
1747 WorkQ = WorkQ->w_next;
1750 #endif /* _FFR_SKIP_DOMAINS */
1752 for (n = 0; n < skip && WorkQ != NULL; n++)
1753 WorkQ = WorkQ->w_next;
1759 ** Ignore jobs that are too expensive for the moment.
1761 ** Get new load average every GET_NEW_LA_TIME seconds.
1765 if (shouldqueue(WkRecipFact, Current_LA_time))
1767 char *msg = "Aborting queue run: load average too high";
1772 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
1775 if (shouldqueue(w->w_pri, w->w_ctime))
1778 message(EmptyString);
1779 if (QueueSortOrder == QSO_BYPRIORITY)
1782 message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue",
1783 qid_printqueue(w->w_qgrp,
1785 w->w_name + 2, sequenceno,
1788 sm_syslog(LOG_INFO, NOQID,
1789 "runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)",
1790 qid_printqueue(w->w_qgrp,
1792 w->w_name + 2, w->w_pri,
1793 CurrentLA, sequenceno,
1798 message("Skipping %s/%s (sequence %d of %d)",
1799 qid_printqueue(w->w_qgrp, w->w_qdir),
1800 w->w_name + 2, sequenceno, njobs);
1806 message(EmptyString);
1807 message("Running %s/%s (sequence %d of %d)",
1808 qid_printqueue(w->w_qgrp, w->w_qdir),
1809 w->w_name + 2, sequenceno, njobs);
1811 if (didfork && MaxQueueChildren > 0)
1813 sm_blocksignal(SIGCHLD);
1814 (void) sm_signal(SIGCHLD, reapchild);
1817 sm_syslog(LOG_DEBUG, NOQID,
1818 "runqueue %s dowork(%s)",
1819 qid_printqueue(w->w_qgrp, w->w_qdir),
1822 (void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2,
1823 ForkQueueRuns, false, e);
1826 sm_free(w->w_name); /* XXX */
1827 if (w->w_host != NULL)
1828 sm_free(w->w_host); /* XXX */
1829 sm_free((char *) w); /* XXX */
1830 sequenceno += seqjump; /* next sequence number */
1832 if (sm_debug_active(&DebugLeakQ, 1))
1833 sm_heap_setgroup(oldgroup);
1834 #endif /* SM_HEAP_CHECK */
1839 /* check the signals didn't happen during the revert */
1842 /* Check that a valid signal handler is callable */
1843 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
1844 Oldsh != runners_sighup && Oldsh != runners_sigterm)
1848 Oldsh = SIG_DFL; /* after the NoMoreRunners check */
1851 ** RUN_WORK_GROUP -- run the jobs in a queue group from a work group.
1853 ** Gets the stuff out of the queue in some presumably logical
1854 ** order and processes them.
1857 ** wgrp -- work group to process.
1858 ** flags -- RWG_* flags
1861 ** true if the queue run successfully began.
1864 ** runs things in the mail queue.
1867 /* Minimum sleep time for persistent queue runners */
1868 #define MIN_SLEEP_TIME 5
1871 run_work_group(wgrp, flags)
1875 register ENVELOPE *e;
1878 int qgrp, endgrp, h, i;
1882 extern ENVELOPE BlankEnvelope;
1883 extern SIGFUNC_DECL reapchild __P((int));
1889 ** If no work will ever be selected, don't even bother reading
1895 if (!bitset(RWG_PERSISTENT, flags) &&
1896 shouldqueue(WkRecipFact, Current_LA_time))
1898 char *msg = "Skipping queue run -- load average too high";
1900 if (bitset(RWG_VERBOSE, flags))
1901 message("458 %s\n", msg);
1903 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
1908 ** See if we already have too many children.
1911 if (bitset(RWG_FORK, flags) &&
1912 WorkGrp[wgrp].wg_lowqintvl > 0 &&
1913 !bitset(RWG_PERSISTENT, flags) &&
1914 MaxChildren > 0 && CurChildren >= MaxChildren)
1916 char *msg = "Skipping queue run -- too many children";
1918 if (bitset(RWG_VERBOSE, flags))
1919 message("458 %s (%d)\n", msg, CurChildren);
1921 sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)",
1927 ** See if we want to go off and do other useful work.
1930 if (bitset(RWG_FORK, flags))
1934 (void) sm_blocksignal(SIGCHLD);
1935 (void) sm_signal(SIGCHLD, reapchild);
1940 const char *msg = "Skipping queue run -- fork() failed";
1941 const char *err = sm_errstring(errno);
1943 if (bitset(RWG_VERBOSE, flags))
1944 message("458 %s: %s\n", msg, err);
1946 sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s",
1948 (void) sm_releasesignal(SIGCHLD);
1953 /* parent -- pick up intermediate zombie */
1954 (void) sm_blocksignal(SIGALRM);
1956 /* wgrp only used when queue runners are persistent */
1957 proc_list_add(pid, "Queue runner", PROC_QUEUE,
1958 WorkGrp[wgrp].wg_maxact,
1959 bitset(RWG_PERSISTENT, flags) ? wgrp : -1,
1961 (void) sm_releasesignal(SIGALRM);
1962 (void) sm_releasesignal(SIGCHLD);
1966 /* child -- clean up signals */
1968 /* Reset global flags */
1969 RestartRequest = NULL;
1970 RestartWorkGroup = false;
1971 ShutdownRequest = NULL;
1973 CurrentPid = getpid();
1974 close_sendmail_pid();
1977 ** Initialize exception stack and default exception
1978 ** handler for child process.
1981 sm_exc_newthread(fatal_error);
1985 /* Add parent process as first child item */
1986 proc_list_add(CurrentPid, "Queue runner child process",
1987 PROC_QUEUE_CHILD, 0, -1, NULL);
1988 (void) sm_releasesignal(SIGCHLD);
1989 (void) sm_signal(SIGCHLD, SIG_DFL);
1990 (void) sm_signal(SIGHUP, SIG_DFL);
1991 (void) sm_signal(SIGTERM, intsig);
1995 ** Release any resources used by the daemon code.
2000 /* force it to run expensive jobs */
2003 /* drop privileges */
2004 if (geteuid() == (uid_t) 0)
2005 (void) drop_privileges(false);
2008 ** Create ourselves an envelope
2011 CurEnv = &QueueEnvelope;
2012 rpool = sm_rpool_new_x(NULL);
2013 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2014 e->e_flags = BlankEnvelope.e_flags;
2017 /* make sure we have disconnected from parent */
2018 if (bitset(RWG_FORK, flags))
2025 ** If we are running part of the queue, always ignore stored
2029 if (QueueLimitId != NULL || QueueLimitSender != NULL ||
2030 QueueLimitQuarantine != NULL ||
2031 QueueLimitRecipient != NULL)
2033 IgnoreHostStatus = true;
2038 ** Here is where we choose the queue group from the work group.
2039 ** The caller of the "domorework" label must setup a new envelope.
2042 endgrp = WorkGrp[wgrp].wg_curqgrp; /* to not spin endlessly */
2047 ** Run a queue group if:
2048 ** RWG_RUNALL bit is set or the bit for this group is set.
2055 ** Find the next queue group within the work group that
2056 ** has been marked as needing a run.
2059 qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index;
2060 WorkGrp[wgrp].wg_curqgrp++; /* advance */
2061 WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */
2062 if (bitset(RWG_RUNALL, flags) ||
2063 (Queue[qgrp]->qg_nextrun <= now &&
2064 Queue[qgrp]->qg_nextrun != (time_t) -1))
2066 if (endgrp == WorkGrp[wgrp].wg_curqgrp)
2069 if (bitset(RWG_FORK, flags))
2070 finis(true, true, ExitStat);
2071 return true; /* we're done */
2075 qdir = Queue[qgrp]->qg_curnum; /* round-robin init of queue position */
2076 #if _FFR_QUEUE_SCHED_DBG
2078 sm_syslog(LOG_INFO, NOQID,
2079 "rwg: wgrp=%d, qgrp=%d, qdir=%d, name=%s, curqgrp=%d, numgrps=%d",
2080 wgrp, qgrp, qdir, qid_printqueue(qgrp, qdir),
2081 WorkGrp[wgrp].wg_curqgrp, WorkGrp[wgrp].wg_numqgrp);
2082 #endif /* _FFR_QUEUE_SCHED_DBG */
2085 /* tweak niceness of queue runs */
2086 if (Queue[qgrp]->qg_nice > 0)
2087 (void) nice(Queue[qgrp]->qg_nice);
2088 #endif /* HASNICE */
2090 /* XXX running queue group... */
2091 sm_setproctitle(true, CurEnv, "running queue: %s",
2092 qid_printqueue(qgrp, qdir));
2094 if (LogLevel > 69 || tTd(63, 99))
2095 sm_syslog(LOG_DEBUG, NOQID,
2096 "runqueue %s, pid=%d, forkflag=%d",
2097 qid_printqueue(qgrp, qdir), (int) CurrentPid,
2098 bitset(RWG_FORK, flags));
2101 ** Start making passes through the queue.
2102 ** First, read and sort the entire queue.
2103 ** Then, process the work in that order.
2104 ** But if you take too long, start over.
2107 for (i = 0; i < Queue[qgrp]->qg_numqueues; i++)
2109 h = gatherq(qgrp, qdir, false, &full, &more);
2111 if (ShmId != SM_SHM_NO_ID)
2112 QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h;
2113 #endif /* SM_CONF_SHM */
2114 /* If there are no more items in this queue advance */
2117 /* A round-robin advance */
2119 qdir %= Queue[qgrp]->qg_numqueues;
2122 /* Has the WorkList reached the limit? */
2124 break; /* don't try to gather more */
2127 /* order the existing work requests */
2128 njobs = sortq(Queue[qgrp]->qg_maxlist);
2129 Queue[qgrp]->qg_curnum = qdir; /* update */
2132 if (!Verbose && bitnset(QD_FORK, Queue[qgrp]->qg_flags))
2134 int loop, maxrunners;
2138 ** For this WorkQ we want to fork off N children (maxrunners)
2139 ** at this point. Each child has a copy of WorkQ. Each child
2140 ** will process every N-th item. The parent will wait for all
2141 ** of the children to finish before moving on to the next
2142 ** queue group within the work group. This saves us forking
2143 ** a new runner-child for each work item.
2144 ** It's valid for qg_maxqrun == 0 since this may be an
2145 ** explicit "don't run this queue" setting.
2148 maxrunners = Queue[qgrp]->qg_maxqrun;
2151 ** If no runners are configured for this group but
2152 ** the queue is "forced" then lets use 1 runner.
2155 if (maxrunners == 0 && bitset(RWG_FORCE, flags))
2158 /* No need to have more runners then there are jobs */
2159 if (maxrunners > njobs)
2161 for (loop = 0; loop < maxrunners; loop++)
2164 ** Since the delivery may happen in a child and the
2165 ** parent does not wait, the parent may close the
2166 ** maps thereby removing any shared memory used by
2167 ** the map. Therefore, close the maps now so the
2168 ** child will dynamically open them if necessary.
2176 syserr("run_work_group: cannot fork");
2181 /* parent -- clean out connection cache */
2182 mci_flush(false, NULL);
2183 #if _FFR_SKIP_DOMAINS
2184 if (QueueSortOrder == QSO_BYHOST)
2186 sequenceno += skip_domains(1);
2189 #endif /* _FFR_SKIP_DOMAINS */
2192 WorkQ = WorkQ->w_next;
2195 proc_list_add(pid, "Queue child runner process",
2196 PROC_QUEUE_CHILD, 0, -1, NULL);
2198 /* No additional work, no additional runners */
2204 /* child -- Reset global flags */
2205 RestartRequest = NULL;
2206 RestartWorkGroup = false;
2207 ShutdownRequest = NULL;
2209 CurrentPid = getpid();
2210 close_sendmail_pid();
2213 ** Initialize exception stack and default
2214 ** exception handler for child process.
2215 ** When fork()'d the child now has a private
2216 ** copy of WorkQ at its current position.
2219 sm_exc_newthread(fatal_error);
2222 ** SMTP processes (whether -bd or -bs) set
2223 ** SIGCHLD to reapchild to collect
2224 ** children status. However, at delivery
2225 ** time, that status must be collected
2226 ** by sm_wait() to be dealt with properly
2227 ** (check success of delivery based
2228 ** on status code, etc). Therefore, if we
2229 ** are an SMTP process, reset SIGCHLD
2230 ** back to the default so reapchild
2231 ** doesn't collect status before
2235 if (OpMode == MD_SMTP ||
2236 OpMode == MD_DAEMON ||
2237 MaxQueueChildren > 0)
2240 sm_releasesignal(SIGCHLD);
2241 (void) sm_signal(SIGCHLD, SIG_DFL);
2244 /* child -- error messages to the transcript */
2245 QuickAbort = OnlyOneError = false;
2246 runner_work(e, sequenceno, true,
2249 /* This child is done */
2250 finis(true, true, ExitStat);
2255 sm_releasesignal(SIGCHLD);
2258 ** Wait until all of the runners have completed before
2259 ** seeing if there is another queue group in the
2260 ** work group to process.
2261 ** XXX Future enhancement: don't wait() for all children
2262 ** here, just go ahead and make sure that overall the number
2263 ** of children is not exceeded.
2266 while (CurChildren > 0)
2271 while ((ret = sm_wait(&status)) <= 0)
2273 proc_list_drop(ret, status, NULL);
2276 else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags))
2279 ** When current process will not fork children to do the work,
2280 ** it will do the work itself. The 'skip' will be 1 since
2281 ** there are no child runners to divide the work across.
2284 runner_work(e, sequenceno, false, 1, njobs);
2287 /* free memory allocated by newenvelope() above */
2288 sm_rpool_free(rpool);
2289 QueueEnvelope.e_rpool = NULL;
2291 /* Are there still more queues in the work group to process? */
2292 if (endgrp != WorkGrp[wgrp].wg_curqgrp)
2294 rpool = sm_rpool_new_x(NULL);
2295 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2296 e->e_flags = BlankEnvelope.e_flags;
2300 /* No more queues in work group to process. Now check persistent. */
2301 if (bitset(RWG_PERSISTENT, flags))
2304 sm_setproctitle(true, CurEnv, "running queue: %s",
2305 qid_printqueue(qgrp, qdir));
2308 ** close bogus maps, i.e., maps which caused a tempfail,
2309 ** so we get fresh map connections on the next lookup.
2310 ** closemaps() is also called when children are started.
2315 /* Close any cached connections. */
2316 mci_flush(true, NULL);
2318 /* Clean out expired related entries. */
2322 /* Update MX records for FallbackMX. */
2323 if (FallbackMX != NULL)
2324 (void) getfallbackmxrr(FallbackMX);
2325 #endif /* NAMED_BIND */
2328 /* close UserDatabase */
2333 if (sm_debug_active(&SmHeapCheck, 2)
2334 && access("memdump", F_OK) == 0
2340 out = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
2341 "memdump.out", SM_IO_APPEND, NULL);
2344 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, "----------------------\n");
2346 sm_debug_level(&SmHeapCheck) - 1);
2347 (void) sm_io_close(out, SM_TIME_DEFAULT);
2350 #endif /* SM_HEAP_CHECK */
2352 /* let me rest for a second to catch my breath */
2353 if (njobs == 0 && WorkGrp[wgrp].wg_lowqintvl < MIN_SLEEP_TIME)
2354 sleep(MIN_SLEEP_TIME);
2355 else if (WorkGrp[wgrp].wg_lowqintvl <= 0)
2356 sleep(QueueIntvl > 0 ? QueueIntvl : MIN_SLEEP_TIME);
2358 sleep(WorkGrp[wgrp].wg_lowqintvl);
2361 ** Get the LA outside the WorkQ loop if necessary.
2362 ** In a persistent queue runner the code is repeated over
2363 ** and over but gatherq() may ignore entries due to
2364 ** shouldqueue() (do we really have to do this twice?).
2365 ** Hence the queue runners would just idle around when once
2366 ** CurrentLA caused all entries in a queue to be ignored.
2371 rpool = sm_rpool_new_x(NULL);
2372 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2373 e->e_flags = BlankEnvelope.e_flags;
2377 /* exit without the usual cleanup */
2379 if (bitset(RWG_FORK, flags))
2380 finis(true, true, ExitStat);
2386 ** DOQUEUERUN -- do a queue run?
2396 ** RUNQUEUEEVENT -- Sets a flag to indicate that a queue run should be done.
2405 ** The invocation of this function via an alarm may interrupt
2406 ** a set of actions. Thus errno may be set in that context.
2407 ** We need to restore errno at the end of this function to ensure
2408 ** that any work done here that sets errno doesn't return a
2409 ** misleading/false errno value. Errno may be EINTR upon entry to
2410 ** this function because of non-restartable/continuable system
2411 ** API was active. Iff this is true we will override errno as
2412 ** a timeout (as a more accurate error message).
2414 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
2415 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
2420 runqueueevent(ignore)
2423 int save_errno = errno;
2426 ** Set the general bit that we want a queue run,
2427 ** tested in doqueuerun()
2431 #if _FFR_QUEUE_SCHED_DBG
2433 sm_syslog(LOG_INFO, NOQID, "rqe: done");
2434 #endif /* _FFR_QUEUE_SCHED_DBG */
2441 ** GATHERQ -- gather messages from the message queue(s) the work queue.
2444 ** qgrp -- the index of the queue group.
2445 ** qdir -- the index of the queue directory.
2446 ** doall -- if set, include everything in the queue (even
2447 ** the jobs that cannot be run because the load
2448 ** average is too high, or MaxQueueRun is reached).
2449 ** Otherwise, exclude those jobs.
2450 ** full -- (optional) to be set 'true' if WorkList is full
2451 ** more -- (optional) to be set 'true' if there are still more
2452 ** messages in this queue not added to WorkList
2455 ** The number of request in the queue (not necessarily
2456 ** the number of requests in WorkList however).
2459 ** prepares available work into WorkList
2462 #define NEED_P 0001 /* 'P': priority */
2463 #define NEED_T 0002 /* 'T': time */
2464 #define NEED_R 0004 /* 'R': recipient */
2465 #define NEED_S 0010 /* 'S': sender */
2466 #define NEED_H 0020 /* host */
2467 #define HAS_QUARANTINE 0040 /* has an unexpected 'q' line */
2468 #define NEED_QUARANTINE 0100 /* 'q': reason */
2470 static WORK *WorkList = NULL; /* list of unsort work */
2471 static int WorkListSize = 0; /* current max size of WorkList */
2472 static int WorkListCount = 0; /* # of work items in WorkList */
2475 gatherq(qgrp, qdir, doall, full, more)
2482 register struct dirent *d;
2489 char qd[MAXPATHLEN];
2490 char qf[MAXPATHLEN];
2492 wn = WorkListCount - 1;
2495 (void) sm_strlcpy(qd, ".", sizeof(qd));
2497 (void) sm_strlcpyn(qd, sizeof(qd), 2,
2498 Queue[qgrp]->qg_qpaths[qdir].qp_name,
2500 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
2505 sm_dprintf("gatherq:\n");
2507 check = QueueLimitId;
2508 while (check != NULL)
2510 sm_dprintf("\tQueueLimitId = %s%s\n",
2511 check->queue_negate ? "!" : "",
2512 check->queue_match);
2513 check = check->queue_next;
2516 check = QueueLimitSender;
2517 while (check != NULL)
2519 sm_dprintf("\tQueueLimitSender = %s%s\n",
2520 check->queue_negate ? "!" : "",
2521 check->queue_match);
2522 check = check->queue_next;
2525 check = QueueLimitRecipient;
2526 while (check != NULL)
2528 sm_dprintf("\tQueueLimitRecipient = %s%s\n",
2529 check->queue_negate ? "!" : "",
2530 check->queue_match);
2531 check = check->queue_next;
2534 if (QueueMode == QM_QUARANTINE)
2536 check = QueueLimitQuarantine;
2537 while (check != NULL)
2539 sm_dprintf("\tQueueLimitQuarantine = %s%s\n",
2540 check->queue_negate ? "!" : "",
2541 check->queue_match);
2542 check = check->queue_next;
2547 /* open the queue directory */
2551 syserr("gatherq: cannot open \"%s\"",
2552 qid_printqueue(qgrp, qdir));
2554 *full = WorkListCount >= MaxQueueRun && MaxQueueRun > 0;
2561 ** Read the work directory.
2564 while ((d = readdir(f)) != NULL)
2568 char lbuf[MAXNAME + 1];
2572 sm_dprintf("gatherq: checking %s..", d->d_name);
2574 /* is this an interesting entry? */
2575 if (!(((QueueMode == QM_NORMAL &&
2576 d->d_name[0] == NORMQF_LETTER) ||
2577 (QueueMode == QM_QUARANTINE &&
2578 d->d_name[0] == QUARQF_LETTER) ||
2579 (QueueMode == QM_LOST &&
2580 d->d_name[0] == LOSEQF_LETTER)) &&
2581 d->d_name[1] == 'f'))
2584 sm_dprintf(" skipping\n");
2590 if (strlen(d->d_name) >= MAXQFNAME)
2593 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
2594 "gatherq: %s too long, %d max characters\n",
2595 d->d_name, MAXQFNAME);
2597 sm_syslog(LOG_ALERT, NOQID,
2598 "gatherq: %s too long, %d max characters",
2599 d->d_name, MAXQFNAME);
2603 check = QueueLimitId;
2604 while (check != NULL)
2606 if (strcontainedin(false, check->queue_match,
2607 d->d_name) != check->queue_negate)
2610 check = check->queue_next;
2612 if (QueueLimitId != NULL && check == NULL)
2615 /* grow work list if necessary */
2616 if (++wn >= MaxQueueRun && MaxQueueRun > 0)
2618 if (wn == MaxQueueRun && LogLevel > 0)
2619 sm_syslog(LOG_WARNING, NOQID,
2620 "WorkList for %s maxed out at %d",
2621 qid_printqueue(qgrp, qdir),
2624 continue; /* just count entries */
2627 if (wn >= WorkListSize)
2629 grow_wlist(qgrp, qdir);
2630 if (wn >= WorkListSize)
2636 (void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", d->d_name);
2637 if (stat(qf, &sbuf) < 0)
2639 if (errno != ENOENT)
2640 sm_syslog(LOG_INFO, NOQID,
2641 "gatherq: can't stat %s/%s",
2642 qid_printqueue(qgrp, qdir),
2647 if (!bitset(S_IFREG, sbuf.st_mode))
2649 /* Yikes! Skip it or we will hang on open! */
2650 if (!((d->d_name[0] == DATAFL_LETTER ||
2651 d->d_name[0] == NORMQF_LETTER ||
2652 d->d_name[0] == QUARQF_LETTER ||
2653 d->d_name[0] == LOSEQF_LETTER ||
2654 d->d_name[0] == XSCRPT_LETTER) &&
2655 d->d_name[1] == 'f' && d->d_name[2] == '\0'))
2656 syserr("gatherq: %s/%s is not a regular file",
2657 qid_printqueue(qgrp, qdir), d->d_name);
2662 /* avoid work if possible */
2663 if ((QueueSortOrder == QSO_BYFILENAME ||
2664 QueueSortOrder == QSO_BYMODTIME ||
2665 QueueSortOrder == QSO_NONE ||
2666 QueueSortOrder == QSO_RANDOM) &&
2667 QueueLimitQuarantine == NULL &&
2668 QueueLimitSender == NULL &&
2669 QueueLimitRecipient == NULL)
2673 w->w_name = newstr(d->d_name);
2675 w->w_lock = w->w_tooyoung = false;
2678 w->w_mtime = sbuf.st_mtime;
2683 /* open control file */
2684 cf = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
2686 if (cf == NULL && OpMode != MD_PRINT)
2688 /* this may be some random person sending hir msgs */
2690 sm_dprintf("gatherq: cannot open %s: %s\n",
2691 d->d_name, sm_errstring(errno));
2698 w->w_name = newstr(d->d_name);
2702 w->w_lock = !lockfile(sm_io_getinfo(cf, SM_IO_WHAT_FD,
2707 w->w_tooyoung = false;
2709 /* make sure jobs in creation don't clog queue */
2710 w->w_pri = 0x7fffffff;
2712 w->w_mtime = sbuf.st_mtime;
2714 /* extract useful information */
2716 if (QueueSortOrder == QSO_BYHOST
2718 || QueueSortOrder == QSO_BYSHUFFLE
2719 #endif /* _FFR_RHS */
2722 /* need w_host set for host sort order */
2725 if (QueueLimitSender != NULL)
2727 if (QueueLimitRecipient != NULL)
2729 if (QueueLimitQuarantine != NULL)
2730 i |= NEED_QUARANTINE;
2731 while (cf != NULL && i != 0 &&
2732 sm_io_fgets(cf, SM_TIME_DEFAULT, lbuf,
2733 sizeof(lbuf)) != NULL)
2738 p = strchr(lbuf, '\n');
2743 /* flush rest of overly long line */
2744 while ((c = sm_io_getc(cf, SM_TIME_DEFAULT))
2745 != SM_IO_EOF && c != '\n')
2752 qfver = atoi(&lbuf[1]);
2756 w->w_pri = atol(&lbuf[1]);
2761 w->w_ctime = atol(&lbuf[1]);
2766 if (QueueMode != QM_QUARANTINE &&
2767 QueueMode != QM_LOST)
2770 sm_dprintf("%s not marked as quarantined but has a 'q' line\n",
2772 i |= HAS_QUARANTINE;
2774 else if (QueueMode == QM_QUARANTINE)
2776 if (QueueLimitQuarantine == NULL)
2778 i &= ~NEED_QUARANTINE;
2782 check = QueueLimitQuarantine;
2783 while (check != NULL)
2785 if (strcontainedin(false,
2788 check->queue_negate)
2791 check = check->queue_next;
2794 i &= ~NEED_QUARANTINE;
2799 if (w->w_host == NULL &&
2800 (p = strrchr(&lbuf[1], '@')) != NULL)
2803 if (QueueSortOrder == QSO_BYSHUFFLE)
2804 w->w_host = newstr(&p[1]);
2806 #endif /* _FFR_RHS */
2807 w->w_host = strrev(&p[1]);
2808 makelower(w->w_host);
2811 if (QueueLimitRecipient == NULL)
2818 p = strchr(&lbuf[1], ':');
2822 ++p; /* skip over ':' */
2826 check = QueueLimitRecipient;
2827 while (check != NULL)
2829 if (strcontainedin(true,
2832 check->queue_negate)
2835 check = check->queue_next;
2842 check = QueueLimitSender;
2843 while (check != NULL)
2845 if (strcontainedin(true,
2848 check->queue_negate)
2851 check = check->queue_next;
2858 age = curtime() - (time_t) atol(&lbuf[1]);
2859 if (age >= 0 && MinQueueAge > 0 &&
2861 w->w_tooyoung = true;
2865 if (atol(&lbuf[1]) == 0)
2866 w->w_tooyoung = false;
2871 (void) sm_io_close(cf, SM_TIME_DEFAULT);
2873 if ((!doall && (shouldqueue(w->w_pri, w->w_ctime) ||
2875 bitset(HAS_QUARANTINE, i) ||
2876 bitset(NEED_QUARANTINE, i) ||
2877 bitset(NEED_R|NEED_S, i))
2879 /* don't even bother sorting this job in */
2881 sm_dprintf("skipping %s (%x)\n", w->w_name, i);
2882 sm_free(w->w_name); /* XXX */
2883 if (w->w_host != NULL)
2884 sm_free(w->w_host); /* XXX */
2893 i = wn - WorkListCount;
2894 WorkListCount += SM_MIN(num_ent, WorkListSize);
2897 *more = WorkListCount < wn;
2900 *full = (wn >= MaxQueueRun && MaxQueueRun > 0) ||
2901 (WorkList == NULL && wn > 0);
2906 ** SORTQ -- sort the work list
2908 ** First the old WorkQ is cleared away. Then the WorkList is sorted
2909 ** for all items so that important (higher sorting value) items are not
2910 ** trunctated off. Then the most important items are moved from
2911 ** WorkList to WorkQ. The lower count of 'max' or MaxListCount items
2915 ** max -- maximum number of items to be placed in WorkQ
2918 ** the number of items in WorkQ
2921 ** WorkQ gets released and filled with new work. WorkList
2922 ** gets released. Work items get sorted in order.
2929 register int i; /* local counter */
2930 register WORK *w; /* tmp item pointer */
2931 int wc = WorkListCount; /* trim size for WorkQ */
2937 /* Clear out old WorkQ. */
2938 for (w = WorkQ; w != NULL; w = nw)
2941 sm_free(w->w_name); /* XXX */
2942 if (w->w_host != NULL)
2943 sm_free(w->w_host); /* XXX */
2944 sm_free((char *) w); /* XXX */
2949 if (WorkList == NULL || wc <= 0)
2953 ** The sort now takes place using all of the items in WorkList.
2954 ** The list gets trimmed to the most important items after the sort.
2955 ** If the trim were to happen before the sort then one or more
2956 ** important items might get truncated off -- not what we want.
2959 if (QueueSortOrder == QSO_BYHOST)
2962 ** Sort the work directory for the first time,
2963 ** based on host name, lock status, and priority.
2966 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf1);
2969 ** If one message to host is locked, "lock" all messages
2976 if (!WorkList[i].w_lock)
2984 if (WorkList[i].w_host == NULL &&
2986 WorkList[i].w_lock = true;
2987 else if (WorkList[i].w_host != NULL &&
2988 w->w_host != NULL &&
2989 sm_strcasecmp(WorkList[i].w_host,
2991 WorkList[i].w_lock = true;
2998 ** Sort the work directory for the second time,
2999 ** based on lock status, host name, and priority.
3002 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf2);
3004 else if (QueueSortOrder == QSO_BYTIME)
3007 ** Simple sort based on submission time only.
3010 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf3);
3012 else if (QueueSortOrder == QSO_BYFILENAME)
3015 ** Sort based on queue filename.
3018 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf4);
3020 else if (QueueSortOrder == QSO_RANDOM)
3023 ** Sort randomly. To avoid problems with an instable sort,
3024 ** use a random index into the queue file name to start
3028 randi = get_rand_mod(MAXQFNAME);
3031 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf5);
3033 else if (QueueSortOrder == QSO_BYMODTIME)
3036 ** Simple sort based on modification time of queue file.
3037 ** This puts the oldest items first.
3040 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf6);
3043 else if (QueueSortOrder == QSO_BYSHUFFLE)
3046 ** Simple sort based on shuffled host name.
3049 init_shuffle_alphabet();
3050 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf7);
3052 #endif /* _FFR_RHS */
3053 else if (QueueSortOrder == QSO_BYPRIORITY)
3056 ** Simple sort based on queue priority only.
3059 qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf0);
3061 /* else don't sort at all */
3063 /* Check if the per queue group item limit will be exceeded */
3064 if (wc > max && max > 0)
3068 ** Convert the work list into canonical form.
3069 ** Should be turning it into a list of envelopes here perhaps.
3070 ** Only take the most important items up to the per queue group
3074 for (i = wc; --i >= 0; )
3076 w = (WORK *) xalloc(sizeof(*w));
3077 w->w_qgrp = WorkList[i].w_qgrp;
3078 w->w_qdir = WorkList[i].w_qdir;
3079 w->w_name = WorkList[i].w_name;
3080 w->w_host = WorkList[i].w_host;
3081 w->w_lock = WorkList[i].w_lock;
3082 w->w_tooyoung = WorkList[i].w_tooyoung;
3083 w->w_pri = WorkList[i].w_pri;
3084 w->w_ctime = WorkList[i].w_ctime;
3085 w->w_mtime = WorkList[i].w_mtime;
3090 /* free the rest of the list */
3091 for (i = WorkListCount; --i >= wc; )
3093 sm_free(WorkList[i].w_name);
3094 if (WorkList[i].w_host != NULL)
3095 sm_free(WorkList[i].w_host);
3098 if (WorkList != NULL)
3099 sm_free(WorkList); /* XXX */
3106 for (w = WorkQ; w != NULL; w = w->w_next)
3108 if (w->w_host != NULL)
3109 sm_dprintf("%22s: pri=%ld %s\n",
3110 w->w_name, w->w_pri, w->w_host);
3112 sm_dprintf("%32s: pri=%ld\n",
3113 w->w_name, w->w_pri);
3117 return wc; /* return number of WorkQ items */
3120 ** GROW_WLIST -- make the work list larger
3123 ** qgrp -- the index for the queue group.
3124 ** qdir -- the index for the queue directory.
3130 ** Adds another QUEUESEGSIZE entries to WorkList if possible.
3131 ** It can fail if there isn't enough memory, so WorkListSize
3132 ** should be checked again upon return.
3136 grow_wlist(qgrp, qdir)
3141 sm_dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize);
3142 if (WorkList == NULL)
3144 WorkList = (WORK *) xalloc((sizeof(*WorkList)) *
3145 (QUEUESEGSIZE + 1));
3146 WorkListSize = QUEUESEGSIZE;
3150 int newsize = WorkListSize + QUEUESEGSIZE;
3151 WORK *newlist = (WORK *) sm_realloc((char *) WorkList,
3152 (unsigned) sizeof(WORK) * (newsize + 1));
3154 if (newlist != NULL)
3156 WorkListSize = newsize;
3160 sm_syslog(LOG_INFO, NOQID,
3161 "grew WorkList for %s to %d",
3162 qid_printqueue(qgrp, qdir),
3166 else if (LogLevel > 0)
3168 sm_syslog(LOG_ALERT, NOQID,
3169 "FAILED to grow WorkList for %s to %d",
3170 qid_printqueue(qgrp, qdir), newsize);
3174 sm_dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize);
3177 ** WORKCMPF0 -- simple priority-only compare function.
3180 ** a -- the first argument.
3181 ** b -- the second argument.
3206 ** WORKCMPF1 -- first compare function for ordering work based on host name.
3208 ** Sorts on host name, lock status, and priority in that order.
3211 ** a -- the first argument.
3212 ** b -- the second argument.
3229 if (a->w_host != NULL && b->w_host == NULL)
3231 else if (a->w_host == NULL && b->w_host != NULL)
3233 if (a->w_host != NULL && b->w_host != NULL &&
3234 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
3238 if (a->w_lock != b->w_lock)
3239 return b->w_lock - a->w_lock;
3242 return workcmpf0(a, b);
3245 ** WORKCMPF2 -- second compare function for ordering work based on host name.
3247 ** Sorts on lock status, host name, and priority in that order.
3250 ** a -- the first argument.
3251 ** b -- the second argument.
3268 if (a->w_lock != b->w_lock)
3269 return a->w_lock - b->w_lock;
3272 if (a->w_host != NULL && b->w_host == NULL)
3274 else if (a->w_host == NULL && b->w_host != NULL)
3276 if (a->w_host != NULL && b->w_host != NULL &&
3277 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
3281 return workcmpf0(a, b);
3284 ** WORKCMPF3 -- simple submission-time-only compare function.
3287 ** a -- the first argument.
3288 ** b -- the second argument.
3302 if (a->w_ctime > b->w_ctime)
3304 else if (a->w_ctime < b->w_ctime)
3310 ** WORKCMPF4 -- compare based on file name
3313 ** a -- the first argument.
3314 ** b -- the second argument.
3328 return strcmp(a->w_name, b->w_name);
3331 ** WORKCMPF5 -- compare based on assigned random number
3334 ** a -- the first argument (ignored).
3335 ** b -- the second argument (ignored).
3347 if (strlen(a->w_name) < randi || strlen(b->w_name) < randi)
3349 return a->w_name[randi] - b->w_name[randi];
3352 ** WORKCMPF6 -- simple modification-time-only compare function.
3355 ** a -- the first argument.
3356 ** b -- the second argument.
3370 if (a->w_mtime > b->w_mtime)
3372 else if (a->w_mtime < b->w_mtime)
3379 ** WORKCMPF7 -- compare function for ordering work based on shuffled host name.
3381 ** Sorts on lock status, host name, and priority in that order.
3384 ** a -- the first argument.
3385 ** b -- the second argument.
3402 if (a->w_lock != b->w_lock)
3403 return a->w_lock - b->w_lock;
3406 if (a->w_host != NULL && b->w_host == NULL)
3408 else if (a->w_host == NULL && b->w_host != NULL)
3410 if (a->w_host != NULL && b->w_host != NULL &&
3411 (i = sm_strshufflecmp(a->w_host, b->w_host)) != 0)
3415 return workcmpf0(a, b);
3417 #endif /* _FFR_RHS */
3419 ** STRREV -- reverse string
3421 ** Returns a pointer to a new string that is the reverse of
3422 ** the string pointed to by fwd. The space for the new
3423 ** string is obtained using xalloc().
3426 ** fwd -- the string to reverse.
3429 ** the reversed string.
3440 rev = xalloc(len + 1);
3441 for (cnt = 0; cnt < len; ++cnt)
3442 rev[cnt] = fwd[len - cnt - 1];
3452 static unsigned char ShuffledAlphabet[NCHAR];
3455 init_shuffle_alphabet()
3457 static bool init = false;
3463 /* fill the ShuffledAlphabet */
3464 for (i = 0; i < NASCII; i++)
3465 ShuffledAlphabet[i] = i;
3468 for (i = 1; i < NASCII; i++)
3470 register int j = get_random() % NASCII;
3473 tmp = ShuffledAlphabet[j];
3474 ShuffledAlphabet[j] = ShuffledAlphabet[i];
3475 ShuffledAlphabet[i] = tmp;
3478 /* make it case insensitive */
3479 for (i = 'A'; i <= 'Z'; i++)
3480 ShuffledAlphabet[i] = ShuffledAlphabet[i + 'a' - 'A'];
3482 /* fill the upper part */
3483 for (i = 0; i < NASCII; i++)
3484 ShuffledAlphabet[i + NASCII] = ShuffledAlphabet[i];
3489 sm_strshufflecmp(a, b)
3493 const unsigned char *us1 = (const unsigned char *) a;
3494 const unsigned char *us2 = (const unsigned char *) b;
3496 while (ShuffledAlphabet[*us1] == ShuffledAlphabet[*us2++])
3501 return (ShuffledAlphabet[*us1] - ShuffledAlphabet[*--us2]);
3503 #endif /* _FFR_RHS */
3506 ** DOWORK -- do a work request.
3509 ** qgrp -- the index of the queue group for the job.
3510 ** qdir -- the index of the queue directory for the job.
3511 ** id -- the ID of the job to run.
3512 ** forkflag -- if set, run this in background.
3513 ** requeueflag -- if set, reinstantiate the queue quickly.
3514 ** This is used when expanding aliases in the queue.
3515 ** If forkflag is also set, it doesn't wait for the
3517 ** e - the envelope in which to run it.
3520 ** process id of process that is running the queue job.
3523 ** The work request is satisfied if possible.
3527 dowork(qgrp, qdir, id, forkflag, requeueflag, e)
3533 register ENVELOPE *e;
3539 sm_dprintf("dowork(%s/%s)\n", qid_printqueue(qgrp, qdir), id);
3548 ** Since the delivery may happen in a child and the
3549 ** parent does not wait, the parent may close the
3550 ** maps thereby removing any shared memory used by
3551 ** the map. Therefore, close the maps now so the
3552 ** child will dynamically open them if necessary.
3560 syserr("dowork: cannot fork");
3565 /* parent -- clean out connection cache */
3566 mci_flush(false, NULL);
3571 ** Initialize exception stack and default exception
3572 ** handler for child process.
3575 /* Reset global flags */
3576 RestartRequest = NULL;
3577 RestartWorkGroup = false;
3578 ShutdownRequest = NULL;
3580 CurrentPid = getpid();
3581 sm_exc_newthread(fatal_error);
3584 ** See note above about SMTP processes and SIGCHLD.
3587 if (OpMode == MD_SMTP ||
3588 OpMode == MD_DAEMON ||
3589 MaxQueueChildren > 0)
3592 sm_releasesignal(SIGCHLD);
3593 (void) sm_signal(SIGCHLD, SIG_DFL);
3596 /* child -- error messages to the transcript */
3597 QuickAbort = OnlyOneError = false;
3609 ** Lock the control file to avoid duplicate deliveries.
3610 ** Then run the file as though we had just read it.
3611 ** We save an idea of the temporary name so we
3612 ** can recover on interrupt.
3617 /* Reset global flags */
3618 RestartRequest = NULL;
3619 RestartWorkGroup = false;
3620 ShutdownRequest = NULL;
3624 /* set basic modes, etc. */
3627 rpool = sm_rpool_new_x(NULL);
3628 clearenvelope(e, false, rpool);
3629 e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
3630 set_delivery_mode(SM_DELIVER, e);
3631 e->e_errormode = EM_MAIL;
3635 GrabTo = UseErrorsTo = false;
3640 set_op_mode(MD_QUEUERUN);
3642 sm_setproctitle(true, e, "%s from queue", qid_printname(e));
3644 sm_syslog(LOG_DEBUG, e->e_id, "dowork, pid=%d",
3647 /* don't use the headers from sendmail.cf... */
3650 /* read the queue control file -- return if locked */
3651 if (!readqf(e, false))
3653 if (tTd(40, 4) && e->e_id != NULL)
3654 sm_dprintf("readqf(%s) failed\n",
3658 finis(false, true, EX_OK);
3661 /* adding this frees 8 bytes */
3662 clearenvelope(e, false, rpool);
3664 /* adding this frees 12 bytes */
3665 sm_rpool_free(rpool);
3671 e->e_flags |= EF_INQUEUE;
3672 eatheader(e, requeueflag, true);
3675 queueup(e, false, false);
3677 /* do the delivery */
3678 sendall(e, SM_DELIVER);
3680 /* finish up and exit */
3682 finis(true, true, ExitStat);
3685 dropenvelope(e, true, false);
3686 sm_rpool_free(rpool);
3695 ** DOWORKLIST -- process a list of envelopes as work requests
3697 ** Similar to dowork(), except that after forking, it processes an
3698 ** envelope and its siblings, treating each envelope as a work request.
3701 ** el -- envelope to be processed including its siblings.
3702 ** forkflag -- if set, run this in background.
3703 ** requeueflag -- if set, reinstantiate the queue quickly.
3704 ** This is used when expanding aliases in the queue.
3705 ** If forkflag is also set, it doesn't wait for the
3709 ** process id of process that is running the queue job.
3712 ** The work request is satisfied if possible.
3716 doworklist(el, forkflag, requeueflag)
3725 sm_dprintf("doworklist()\n");
3734 ** Since the delivery may happen in a child and the
3735 ** parent does not wait, the parent may close the
3736 ** maps thereby removing any shared memory used by
3737 ** the map. Therefore, close the maps now so the
3738 ** child will dynamically open them if necessary.
3746 syserr("doworklist: cannot fork");
3751 /* parent -- clean out connection cache */
3752 mci_flush(false, NULL);
3757 ** Initialize exception stack and default exception
3758 ** handler for child process.
3761 /* Reset global flags */
3762 RestartRequest = NULL;
3763 RestartWorkGroup = false;
3764 ShutdownRequest = NULL;
3766 CurrentPid = getpid();
3767 sm_exc_newthread(fatal_error);
3770 ** See note above about SMTP processes and SIGCHLD.
3773 if (OpMode == MD_SMTP ||
3774 OpMode == MD_DAEMON ||
3775 MaxQueueChildren > 0)
3778 sm_releasesignal(SIGCHLD);
3779 (void) sm_signal(SIGCHLD, SIG_DFL);
3782 /* child -- error messages to the transcript */
3783 QuickAbort = OnlyOneError = false;
3796 ** Lock the control file to avoid duplicate deliveries.
3797 ** Then run the file as though we had just read it.
3798 ** We save an idea of the temporary name so we
3799 ** can recover on interrupt.
3804 /* Reset global flags */
3805 RestartRequest = NULL;
3806 RestartWorkGroup = false;
3807 ShutdownRequest = NULL;
3811 /* set basic modes, etc. */
3814 GrabTo = UseErrorsTo = false;
3819 set_op_mode(MD_QUEUERUN);
3822 sm_syslog(LOG_DEBUG, el->e_id, "doworklist, pid=%d",
3825 for (ei = el; ei != NULL; ei = ei->e_sibling)
3830 if (WILL_BE_QUEUED(ei->e_sendmode))
3832 else if (QueueMode != QM_QUARANTINE &&
3833 ei->e_quarmsg != NULL)
3836 rpool = sm_rpool_new_x(NULL);
3837 clearenvelope(&e, true, rpool);
3838 e.e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
3839 set_delivery_mode(SM_DELIVER, &e);
3840 e.e_errormode = EM_MAIL;
3842 e.e_qgrp = ei->e_qgrp;
3843 e.e_qdir = ei->e_qdir;
3845 sm_setproctitle(true, &e, "%s from queue", qid_printname(&e));
3847 /* don't use the headers from sendmail.cf... */
3851 /* read the queue control file -- return if locked */
3852 if (readqf(&e, false))
3854 e.e_flags |= EF_INQUEUE;
3855 eatheader(&e, requeueflag, true);
3858 queueup(&e, false, false);
3860 /* do the delivery */
3861 sendall(&e, SM_DELIVER);
3862 dropenvelope(&e, true, false);
3866 if (tTd(40, 4) && e.e_id != NULL)
3867 sm_dprintf("readqf(%s) failed\n",
3870 sm_rpool_free(rpool);
3874 /* restore CurEnv */
3877 /* finish up and exit */
3879 finis(true, true, ExitStat);
3883 ** READQF -- read queue file and set up environment.
3886 ** e -- the envelope of the job to run.
3887 ** openonly -- only open the qf (returned as e_lockfp)
3890 ** true if it successfully read the queue file.
3894 ** The queue file is returned locked.
3899 register ENVELOPE *e;
3902 register SM_FILE_T *qfp;
3904 struct stat st, stf;
3911 bool nomore = false;
3915 char qf[MAXPATHLEN];
3920 ** Read and process the file.
3923 SM_REQUIRE(e != NULL);
3925 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), sizeof(qf));
3926 qfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDWR_B, NULL);
3929 int save_errno = errno;
3932 sm_dprintf("readqf(%s): sm_io_open failure (%s)\n",
3933 qf, sm_errstring(errno));
3937 syserr("readqf: no control file %s", qf);
3942 if (!lockfile(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), qf, NULL,
3945 /* being processed by another queuer */
3947 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
3948 "%s: locked\n", e->e_id);
3950 sm_dprintf("%s: locked\n", e->e_id);
3952 sm_syslog(LOG_DEBUG, e->e_id, "locked");
3953 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
3961 ** Prevent locking race condition.
3963 ** Process A: readqf(): qfp = fopen(qffile)
3964 ** Process B: queueup(): rename(tf, qf)
3965 ** Process B: unlocks(tf)
3966 ** Process A: lockfile(qf);
3968 ** Process A (us) has the old qf file (before the rename deleted
3969 ** the directory entry) and will be delivering based on old data.
3970 ** This can lead to multiple deliveries of the same recipients.
3972 ** Catch this by checking if the underlying qf file has changed
3973 ** *after* acquiring our lock and if so, act as though the file
3974 ** was still locked (i.e., just return like the lockfile() case
3978 if (stat(qf, &stf) < 0 ||
3979 fstat(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), &st) < 0)
3981 /* must have been being processed by someone else */
3983 sm_dprintf("readqf(%s): [f]stat failure (%s)\n",
3984 qf, sm_errstring(errno));
3985 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
3989 if (st.st_nlink != stf.st_nlink ||
3990 st.st_dev != stf.st_dev ||
3991 ST_INODE(st) != ST_INODE(stf) ||
3992 #if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
3993 st.st_gen != stf.st_gen ||
3994 #endif /* HAS_ST_GEN && 0 */
3995 st.st_uid != stf.st_uid ||
3996 st.st_gid != stf.st_gid ||
3997 st.st_size != stf.st_size)
3999 /* changed after opened */
4001 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4002 "%s: changed\n", e->e_id);
4004 sm_dprintf("%s: changed\n", e->e_id);
4006 sm_syslog(LOG_DEBUG, e->e_id, "changed");
4007 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4012 ** Check the queue file for plausibility to avoid attacks.
4015 qsafe = S_IWOTH|S_IWGRP;
4016 if (bitset(S_IWGRP, QueueFileMode))
4019 bogus = st.st_uid != geteuid() &&
4020 st.st_uid != TrustedUid &&
4021 geteuid() != RealUid;
4024 ** If this qf file results from a set-group-ID binary, then
4025 ** we check whether the directory is group-writable,
4026 ** the queue file mode contains the group-writable bit, and
4027 ** the groups are the same.
4028 ** Notice: this requires that the set-group-ID binary is used to
4032 if (bogus && st.st_gid == getegid() && UseMSP)
4037 bp = SM_LAST_DIR_DELIM(qf);
4045 if (stat(delim == '\0' ? "." : qf, &dst) < 0)
4046 syserr("readqf: cannot stat directory %s",
4047 delim == '\0' ? "." : qf);
4050 bogus = !(bitset(S_IWGRP, QueueFileMode) &&
4051 bitset(S_IWGRP, dst.st_mode) &&
4052 dst.st_gid == st.st_gid);
4059 bogus = bitset(qsafe, st.st_mode);
4064 sm_syslog(LOG_ALERT, e->e_id,
4065 "bogus queue file, uid=%d, gid=%d, mode=%o",
4066 st.st_uid, st.st_gid, st.st_mode);
4069 sm_dprintf("readqf(%s): bogus file\n", qf);
4070 e->e_flags |= EF_INQUEUE;
4072 loseqfile(e, "bogus file uid/gid in mqueue");
4073 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4077 if (st.st_size == 0)
4079 /* must be a bogus file -- if also old, just remove it */
4080 if (!openonly && st.st_ctime + 10 * 60 < curtime())
4082 (void) xunlink(queuename(e, DATAFL_LETTER));
4083 (void) xunlink(queuename(e, ANYQFL_LETTER));
4085 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4089 if (st.st_nlink == 0)
4092 ** Race condition -- we got a file just as it was being
4093 ** unlinked. Just assume it is zero length.
4096 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4102 ** If we don't own the file mark it as unsafe.
4103 ** However, allow TrustedUser to own it as well
4104 ** in case TrustedUser manipulates the queue.
4107 if (st.st_uid != geteuid() && st.st_uid != TrustedUid)
4108 e->e_flags |= EF_UNSAFE;
4109 #else /* _FFR_TRUSTED_QF */
4110 /* If we don't own the file mark it as unsafe */
4111 if (st.st_uid != geteuid())
4112 e->e_flags |= EF_UNSAFE;
4113 #endif /* _FFR_TRUSTED_QF */
4115 /* good file -- save this lock */
4118 /* Just wanted the open file */
4122 /* do basic system initialization */
4124 macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
4127 e->e_flags |= EF_GLOBALERRS;
4128 set_op_mode(MD_QUEUERUN);
4130 e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
4131 e->e_dfqgrp = e->e_qgrp;
4132 e->e_dfqdir = e->e_qdir;
4133 #if _FFR_QUEUE_MACRO
4134 macdefine(&e->e_macro, A_TEMP, macid("{queue}"),
4135 qid_printqueue(e->e_qgrp, e->e_qdir));
4136 #endif /* _FFR_QUEUE_MACRO */
4139 while (bufsize = sizeof(buf),
4140 (bp = fgetfolded(buf, &bufsize, qfp)) != NULL)
4142 unsigned long qflags;
4149 sm_dprintf("+++++ %s\n", bp);
4154 syserr("SECURITY ALERT: extra or bogus data in queue file: %s",
4156 err = "bogus queue line";
4161 case 'A': /* AUTH= parameter */
4162 if (!xtextok(&bp[1]))
4164 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4167 case 'B': /* body type */
4168 r = check_bodytype(&bp[1]);
4169 if (!BODYTYPE_VALID(r))
4171 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4174 case 'C': /* specify controlling user */
4175 ctladdr = setctluser(&bp[1], qfver, e);
4178 case 'D': /* data file name */
4179 /* obsolete -- ignore */
4182 case 'd': /* data file directory name */
4186 #if _FFR_MSP_PARANOIA
4187 /* forbid queue groups in MSP? */
4190 #endif /* _FFR_MSP_PARANOIA */
4192 qgrp < NumQueue && Queue[qgrp] != NULL;
4196 qdir < Queue[qgrp]->qg_numqueues;
4200 Queue[qgrp]->qg_qpaths[qdir].qp_name)
4209 err = "bogus queue file directory";
4215 case 'E': /* specify error recipient */
4216 /* no longer used */
4219 case 'F': /* flag bits */
4220 if (strncmp(bp, "From ", 5) == 0)
4222 /* we are being spoofed! */
4223 syserr("SECURITY ALERT: bogus qf line %s", bp);
4224 err = "bogus queue line";
4227 for (p = &bp[1]; *p != '\0'; p++)
4231 case '8': /* has 8 bit data */
4232 e->e_flags |= EF_HAS8BIT;
4235 case 'b': /* delete Bcc: header */
4236 e->e_flags |= EF_DELETE_BCC;
4239 case 'd': /* envelope has DSN RET= */
4240 e->e_flags |= EF_RET_PARAM;
4243 case 'n': /* don't return body */
4244 e->e_flags |= EF_NO_BODY_RETN;
4247 case 'r': /* response */
4248 e->e_flags |= EF_RESPONSE;
4251 case 's': /* split */
4252 e->e_flags |= EF_SPLIT;
4255 case 'w': /* warning sent */
4256 e->e_flags |= EF_WARNING;
4262 case 'q': /* quarantine reason */
4263 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4264 macdefine(&e->e_macro, A_PERM,
4265 macid("{quarantine}"), e->e_quarmsg);
4268 case 'H': /* header */
4271 ** count size before chompheader() destroys the line.
4272 ** this isn't accurate due to macro expansion, but
4273 ** better than before. "-3" to skip H?? at least.
4276 hdrsize += strlen(bp) - 3;
4277 (void) chompheader(&bp[1], CHHDR_QUEUE, NULL, e);
4280 case 'I': /* data file's inode number */
4281 /* regenerated below */
4284 case 'K': /* time of last delivery attempt */
4285 e->e_dtime = atol(&buf[1]);
4288 case 'L': /* Solaris Content-Length: */
4289 case 'M': /* message */
4290 /* ignore this; we want a new message next time */
4293 case 'N': /* number of delivery attempts */
4294 e->e_ntries = atoi(&buf[1]);
4296 /* if this has been tried recently, let it be */
4298 if (e->e_ntries > 0 && e->e_dtime <= now &&
4299 now < e->e_dtime + MinQueueAge)
4303 howlong = pintvl(now - e->e_dtime, true);
4305 (void) sm_io_fprintf(smioout,
4307 "%s: too young (%s)\n",
4310 sm_dprintf("%s: too young (%s)\n",
4313 sm_syslog(LOG_DEBUG, e->e_id,
4322 macdefine(&e->e_macro, A_TEMP,
4323 macid("{ntries}"), &buf[1]);
4326 /* adjust BIND parameters immediately */
4327 if (e->e_ntries == 0)
4329 _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
4330 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
4334 _res.retry = TimeOuts.res_retry[RES_TO_NORMAL];
4335 _res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL];
4337 #endif /* NAMED_BIND */
4340 case 'P': /* message priority */
4341 e->e_msgpriority = atol(&bp[1]) + WkTimeFact;
4344 case 'Q': /* original recipient */
4345 orcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4348 case 'r': /* final recipient */
4349 frcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4352 case 'R': /* specify recipient */
4358 while (*++p != '\0' && *p != ':')
4363 qflags |= QHASNOTIFY;
4367 qflags |= QPINGONSUCCESS;
4371 qflags |= QPINGONFAILURE;
4375 qflags |= QPINGONDELAY;
4383 if (ctladdr != NULL)
4384 ctladdr->q_flags |= QALIAS;
4387 default: /* ignore or complain? */
4394 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
4397 q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0',
4403 /* make sure we keep the current qgrp */
4404 if (ISVALIDQGRP(e->e_qgrp))
4405 q->q_qgrp = e->e_qgrp;
4406 q->q_alias = ctladdr;
4408 q->q_flags &= ~Q_PINGFLAGS;
4409 q->q_flags |= qflags;
4410 q->q_finalrcpt = frcpt;
4412 (void) recipient(q, &e->e_sendqueue, 0, e);
4416 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
4420 case 'S': /* sender */
4421 setsender(sm_rpool_strdup_x(e->e_rpool, &bp[1]),
4422 e, NULL, '\0', true);
4425 case 'T': /* init time */
4426 e->e_ctime = atol(&bp[1]);
4429 case 'V': /* queue file version number */
4430 qfver = atoi(&bp[1]);
4431 if (qfver <= QF_VERSION)
4433 syserr("Version number in queue file (%d) greater than max (%d)",
4435 err = "unsupported queue file version";
4440 case 'Z': /* original envelope id from ESMTP */
4441 e->e_envid = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4442 macdefine(&e->e_macro, A_PERM,
4443 macid("{dsn_envid}"), e->e_envid);
4446 case '!': /* deliver by */
4448 /* format: flag (1 char) space long-integer */
4449 e->e_dlvr_flag = buf[1];
4450 e->e_deliver_by = strtol(&buf[3], NULL, 10);
4452 case '$': /* define macro */
4456 /* XXX elimate p? */
4457 r = macid_parse(&bp[1], &ep);
4460 p = sm_rpool_strdup_x(e->e_rpool, ep);
4461 macdefine(&e->e_macro, A_PERM, r, p);
4465 case '.': /* terminate file */
4474 ** Maintain backward compatibility for
4475 ** users who defined _FFR_QUEUEDELAY in
4476 ** previous releases. Remove this
4477 ** code in 8.14 or 8.15.
4480 if (qfver == 5 || qfver == 7)
4483 /* If not qfver 5 or 7, then 'G' or 'Y' is invalid */
4485 #endif /* _FFR_QUEUEDELAY */
4488 syserr("readqf: %s: line %d: bad line \"%s\"",
4489 qf, LineNumber, shortenstring(bp, MAXSHORTSTR));
4490 err = "unrecognized line";
4499 ** If we haven't read any lines, this queue file is empty.
4500 ** Arrange to remove it without referencing any null pointers.
4503 if (LineNumber == 0)
4506 e->e_flags |= EF_CLRQUEUE|EF_FATALERRS|EF_RESPONSE;
4510 /* Check to make sure we have a complete queue file read */
4513 syserr("readqf: %s: incomplete queue file read", qf);
4514 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4518 #if _FFR_QF_PARANOIA
4519 /* Check to make sure key fields were read */
4520 if (e->e_from.q_mailer == NULL)
4522 syserr("readqf: %s: sender not specified in queue file", qf);
4523 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4527 #endif /* _FFR_QF_PARANOIA */
4529 /* possibly set ${dsn_ret} macro */
4530 if (bitset(EF_RET_PARAM, e->e_flags))
4532 if (bitset(EF_NO_BODY_RETN, e->e_flags))
4533 macdefine(&e->e_macro, A_PERM,
4534 macid("{dsn_ret}"), "hdrs");
4536 macdefine(&e->e_macro, A_PERM,
4537 macid("{dsn_ret}"), "full");
4541 ** Arrange to read the data file.
4544 p = queuename(e, DATAFL_LETTER);
4545 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, p, SM_IO_RDONLY_B,
4547 if (e->e_dfp == NULL)
4549 syserr("readqf: cannot open %s", p);
4553 e->e_flags |= EF_HAS_DF;
4554 if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &st)
4557 e->e_msgsize = st.st_size + hdrsize;
4558 e->e_dfdev = st.st_dev;
4559 e->e_dfino = ST_INODE(st);
4560 (void) sm_snprintf(buf, sizeof(buf), "%ld",
4562 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"),
4571 ** There was some error reading the qf file (reason is in err var.)
4573 ** close file; clear e_lockfp since it is the same as qfp,
4574 ** hence it is invalid (as file) after qfp is closed;
4575 ** the qf file is on disk, so set the flag to avoid calling
4576 ** queueup() with bogus data.
4582 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4584 e->e_flags |= EF_INQUEUE;
4589 ** PRTSTR -- print a string, "unprintable" characters are shown as \oct
4592 ** s -- string to print
4593 ** ml -- maximum length of output
4596 ** number of entries
4599 ** Prints a string on stdout.
4602 static void prtstr __P((char *, int));
4613 while (ml-- > 0 && ((c = *s++) != '\0'))
4619 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4620 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4623 else if (isascii(c) && isprint(c))
4624 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4628 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4629 "\\%03o", c & 0xFF);
4634 ** PRINTNQE -- print out number of entries in the mail queue
4637 ** out -- output file pointer.
4638 ** prefix -- string to output in front of each line.
4645 printnqe(out, prefix)
4650 int i, k = 0, nrequests = 0;
4651 bool unknown = false;
4653 if (ShmId == SM_SHM_NO_ID)
4656 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4657 "Data unavailable: shared memory not updated\n");
4659 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4660 "%sNOTCONFIGURED:-1\r\n", prefix);
4663 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
4668 for (j = 0; j < Queue[i]->qg_numqueues; j++)
4675 n = QSHM_ENTRIES(Queue[i]->qg_qpaths[j].qp_idx);
4677 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4679 prefix, qid_printqueue(i, j), n);
4682 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4683 "%s: unknown number of entries\n",
4684 qid_printqueue(i, j));
4689 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4691 qid_printqueue(i, j));
4695 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4697 qid_printqueue(i, j), n);
4703 if (prefix == NULL && k > 1)
4704 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4705 "\t\tTotal requests: %d%s\n",
4706 nrequests, unknown ? " (about)" : "");
4707 #else /* SM_CONF_SHM */
4709 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4710 "Data unavailable without shared memory support\n");
4712 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4713 "%sNOTAVAILABLE:-1\r\n", prefix);
4714 #endif /* SM_CONF_SHM */
4717 ** PRINTQUEUE -- print out a representation of the mail queue
4726 ** Prints a listing of the mail queue on the standard output.
4732 int i, k = 0, nrequests = 0;
4734 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
4739 for (j = 0; j < Queue[i]->qg_numqueues; j++)
4743 nrequests += print_single_queue(i, j);
4748 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4749 "\t\tTotal requests: %d\n",
4753 ** PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue
4756 ** qgrp -- the index of the queue group.
4757 ** qdir -- the queue directory.
4760 ** number of requests in mail queue.
4763 ** Prints a listing of the mail queue on the standard output.
4767 print_single_queue(qgrp, qdir)
4774 char qd[MAXPATHLEN];
4775 char qddf[MAXPATHLEN];
4780 (void) sm_strlcpy(qd, ".", sizeof(qd));
4781 (void) sm_strlcpy(qddf, ".", sizeof(qddf));
4785 (void) sm_strlcpyn(qd, sizeof(qd), 2,
4786 Queue[qgrp]->qg_qpaths[qdir].qp_name,
4788 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
4790 (void) sm_strlcpyn(qddf, sizeof(qddf), 2,
4791 Queue[qgrp]->qg_qpaths[qdir].qp_name,
4793 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
4798 ** Check for permission to print the queue
4801 if (bitset(PRIV_RESTRICTMAILQ, PrivacyFlags) && RealUid != 0)
4806 extern GIDSET_T InitialGidSet[NGROUPS_MAX];
4807 #endif /* NGROUPS_MAX */
4809 if (stat(qd, &st) < 0)
4811 syserr("Cannot stat %s",
4812 qid_printqueue(qgrp, qdir));
4819 if (InitialGidSet[n] == st.st_gid)
4822 if (n < 0 && RealGid != st.st_gid)
4823 #else /* NGROUPS_MAX */
4824 if (RealGid != st.st_gid)
4825 #endif /* NGROUPS_MAX */
4827 usrerr("510 You are not permitted to see the queue");
4834 ** Read and order the queue.
4837 nrequests = gatherq(qgrp, qdir, true, NULL, NULL);
4838 (void) sortq(Queue[qgrp]->qg_maxlist);
4841 ** Print the work list that we have read.
4844 /* first see if there is anything */
4847 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s is empty\n",
4848 qid_printqueue(qgrp, qdir));
4852 sm_getla(); /* get load average */
4854 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\t\t%s (%d request%s",
4855 qid_printqueue(qgrp, qdir),
4856 nrequests, nrequests == 1 ? "" : "s");
4857 if (MaxQueueRun > 0 && nrequests > MaxQueueRun)
4858 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4859 ", only %d printed", MaxQueueRun);
4861 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4862 ")\n-----Q-ID----- --Size-- -Priority- ---Q-Time--- --------Sender/Recipient--------\n");
4864 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4865 ")\n-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------\n");
4866 for (w = WorkQ; w != NULL; w = w->w_next)
4869 auto time_t submittime = 0;
4873 char quarmsg[MAXLINE];
4874 char statmsg[MAXLINE];
4875 char bodytype[MAXNAME + 1];
4876 char qf[MAXPATHLEN];
4881 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%13s",
4883 (void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", w->w_name);
4884 f = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
4889 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4890 " (permission denied)\n");
4891 else if (errno == ENOENT)
4892 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4893 " (job completed)\n");
4895 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4897 sm_errstring(errno));
4901 w->w_name[0] = DATAFL_LETTER;
4902 (void) sm_strlcpyn(qf, sizeof(qf), 3, qddf, "/", w->w_name);
4903 if (stat(qf, &st) >= 0)
4904 dfsize = st.st_size;
4910 ** Maybe the df file can't be statted because
4911 ** it is in a different directory than the qf file.
4912 ** In order to find out, we must read the qf file.
4915 newenvelope(&e, &BlankEnvelope, sm_rpool_new_x(NULL));
4916 e.e_id = w->w_name + 2;
4920 if (readqf(&e, false))
4922 char *df = queuename(&e, DATAFL_LETTER);
4923 if (stat(df, &st) >= 0)
4924 dfsize = st.st_size;
4926 if (e.e_lockfp != NULL)
4928 (void) sm_io_close(e.e_lockfp, SM_TIME_DEFAULT);
4931 clearenvelope(&e, false, e.e_rpool);
4932 sm_rpool_free(e.e_rpool);
4935 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "*");
4936 else if (QueueMode == QM_LOST)
4937 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "?");
4938 else if (w->w_tooyoung)
4939 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "-");
4940 else if (shouldqueue(w->w_pri, w->w_ctime))
4941 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "X");
4943 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, " ");
4948 statmsg[0] = bodytype[0] = '\0';
4950 while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL)
4961 case 'V': /* queue file version */
4962 qfver = atoi(&buf[1]);
4965 case 'M': /* error message */
4966 if ((i = strlen(&buf[1])) >= sizeof(statmsg))
4967 i = sizeof(statmsg) - 1;
4968 memmove(statmsg, &buf[1], i);
4972 case 'q': /* quarantine reason */
4973 if ((i = strlen(&buf[1])) >= sizeof(quarmsg))
4974 i = sizeof(quarmsg) - 1;
4975 memmove(quarmsg, &buf[1], i);
4979 case 'B': /* body type */
4980 if ((i = strlen(&buf[1])) >= sizeof(bodytype))
4981 i = sizeof(bodytype) - 1;
4982 memmove(bodytype, &buf[1], i);
4986 case 'S': /* sender name */
4989 (void) sm_io_fprintf(smioout,
4991 "%8ld %10ld%c%.12s ",
4994 bitset(EF_WARNING, flags)
4996 ctime(&submittime) + 4);
4997 prtstr(&buf[1], 78);
5001 (void) sm_io_fprintf(smioout,
5005 ctime(&submittime));
5006 prtstr(&buf[1], 39);
5009 if (quarmsg[0] != '\0')
5011 (void) sm_io_fprintf(smioout,
5013 "\n QUARANTINE: %.*s",
5019 if (statmsg[0] != '\0' || bodytype[0] != '\0')
5021 (void) sm_io_fprintf(smioout,
5025 if (statmsg[0] != '\0')
5026 (void) sm_io_fprintf(smioout,
5035 case 'C': /* controlling user */
5037 (void) sm_io_fprintf(smioout,
5039 "\n\t\t\t\t\t\t(---%.64s---)",
5043 case 'R': /* recipient name */
5054 (void) sm_io_fprintf(smioout,
5061 (void) sm_io_fprintf(smioout,
5066 if (Verbose && statmsg[0] != '\0')
5068 (void) sm_io_fprintf(smioout,
5076 case 'T': /* creation time */
5077 submittime = atol(&buf[1]);
5080 case 'F': /* flag bits */
5081 for (p = &buf[1]; *p != '\0'; p++)
5086 flags |= EF_WARNING;
5092 if (submittime == (time_t) 0)
5093 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
5094 " (no control file)");
5095 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
5096 (void) sm_io_close(f, SM_TIME_DEFAULT);
5102 ** QUEUE_LETTER -- get the proper queue letter for the current QueueMode.
5105 ** e -- envelope to build it in/from.
5106 ** type -- the file type, used as the first character
5107 ** of the file name.
5110 ** the letter to use
5114 queue_letter(e, type)
5118 /* Change type according to QueueMode */
5119 if (type == ANYQFL_LETTER)
5121 if (e->e_quarmsg != NULL)
5122 type = QUARQF_LETTER;
5128 type = NORMQF_LETTER;
5132 type = QUARQF_LETTER;
5136 type = LOSEQF_LETTER;
5140 /* should never happen */
5150 ** QUEUENAME -- build a file name in the queue directory for this envelope.
5153 ** e -- envelope to build it in/from.
5154 ** type -- the file type, used as the first character
5155 ** of the file name.
5158 ** a pointer to the queue name (in a static buffer).
5161 ** If no id code is already assigned, queuename() will
5162 ** assign an id code with assign_queueid(). If no queue
5163 ** directory is assigned, one will be set with setnewqueue().
5168 register ENVELOPE *e;
5174 static char buf[MAXPATHLEN];
5176 /* Assign an ID if needed */
5177 if (e->e_id == NULL)
5179 type = queue_letter(e, type);
5181 /* begin of filename */
5182 pref[0] = (char) type;
5186 /* Assign a queue group/directory if needed */
5187 if (type == XSCRPT_LETTER)
5190 ** We don't want to call setnewqueue() if we are fetching
5191 ** the pathname of the transcript file, because setnewqueue
5192 ** chooses a queue, and sometimes we need to write to the
5193 ** transcript file before we have gathered enough information
5194 ** to choose a queue.
5197 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
5199 if (e->e_qgrp != NOQGRP && e->e_qdir != NOQDIR)
5201 e->e_xfqgrp = e->e_qgrp;
5202 e->e_xfqdir = e->e_qdir;
5207 if (Queue[e->e_xfqgrp]->qg_numqueues <= 1)
5211 e->e_xfqdir = get_rand_mod(
5212 Queue[e->e_xfqgrp]->qg_numqueues);
5221 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
5222 (void) setnewqueue(e);
5223 if (type == DATAFL_LETTER)
5235 /* xf files always have a valid qd and qg picked above */
5236 if ((qd == NOQDIR || qg == NOQGRP) && type != XSCRPT_LETTER)
5237 (void) sm_strlcpyn(buf, sizeof(buf), 2, pref, e->e_id);
5243 if (bitset(QP_SUBDF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5252 if (bitset(QP_SUBQF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5257 if (bitset(QP_SUBXF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5262 sm_abort("queuename: bad queue file type %d", type);
5265 (void) sm_strlcpyn(buf, sizeof(buf), 4,
5266 Queue[qg]->qg_qpaths[qd].qp_name,
5267 sub, pref, e->e_id);
5271 sm_dprintf("queuename: %s\n", buf);
5276 ** INIT_QID_ALG -- Initialize the (static) parameters that are used to
5277 ** generate a queue ID.
5279 ** This function is called by the daemon to reset
5280 ** LastQueueTime and LastQueuePid which are used by assign_queueid().
5281 ** Otherwise the algorithm may cause problems because
5282 ** LastQueueTime and LastQueuePid are set indirectly by main()
5283 ** before the daemon process is started, hence LastQueuePid is not
5284 ** the pid of the daemon and therefore a child of the daemon can
5285 ** actually have the same pid as LastQueuePid which means the section
5286 ** in assign_queueid():
5287 ** * see if we need to get a new base time/pid *
5288 ** is NOT triggered which will cause the same queue id to be generated.
5305 ** ASSIGN_QUEUEID -- assign a queue ID for this envelope.
5307 ** Assigns an id code if one does not already exist.
5308 ** This code assumes that nothing will remain in the queue for
5309 ** longer than 60 years. It is critical that files with the given
5310 ** name do not already exist in the queue.
5311 ** [No longer initializes e_qdir to NOQDIR.]
5314 ** e -- envelope to set it in.
5320 static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5322 # define QIC_LEN_R 62
5325 ** Note: the length is "officially" 60 because minutes and seconds are
5326 ** usually only 0-59. However (Linux):
5327 ** tm_sec The number of seconds after the minute, normally in
5328 ** the range 0 to 59, but can be up to 61 to allow for
5330 ** Hence the real length of the string is 62 to take this into account.
5331 ** Alternatively % QIC_LEN can (should) be used for access everywhere.
5334 # define queuenextid() CurrentPid
5339 register ENVELOPE *e;
5341 pid_t pid = queuenextid();
5343 static long random_offset;
5345 char idbuf[MAXQFNAME - 2];
5348 if (e->e_id != NULL)
5351 /* see if we need to get a new base time/pid */
5352 if (cX >= QIC_LEN * QIC_LEN || LastQueueTime == 0 ||
5353 LastQueuePid != pid)
5355 time_t then = LastQueueTime;
5357 /* if the first time through, pick a random offset */
5358 if (LastQueueTime == 0)
5359 random_offset = get_random();
5361 while ((LastQueueTime = curtime()) == then &&
5362 LastQueuePid == pid)
5366 LastQueuePid = queuenextid();
5371 ** Generate a new sequence number between 0 and QIC_LEN*QIC_LEN-1.
5372 ** This lets us generate up to QIC_LEN*QIC_LEN unique queue ids
5373 ** per second, per process. With envelope splitting,
5374 ** a single message can consume many queue ids.
5377 seq = (int)((cX + random_offset) % (QIC_LEN * QIC_LEN));
5380 sm_dprintf("assign_queueid: random_offset = %ld (%d)\n",
5381 random_offset, seq);
5383 tm = gmtime(&LastQueueTime);
5384 idbuf[0] = QueueIdChars[tm->tm_year % QIC_LEN];
5385 idbuf[1] = QueueIdChars[tm->tm_mon];
5386 idbuf[2] = QueueIdChars[tm->tm_mday];
5387 idbuf[3] = QueueIdChars[tm->tm_hour];
5388 idbuf[4] = QueueIdChars[tm->tm_min % QIC_LEN_R];
5389 idbuf[5] = QueueIdChars[tm->tm_sec % QIC_LEN_R];
5390 idbuf[6] = QueueIdChars[seq / QIC_LEN];
5391 idbuf[7] = QueueIdChars[seq % QIC_LEN];
5392 (void) sm_snprintf(&idbuf[8], sizeof(idbuf) - 8, "%06d",
5393 (int) LastQueuePid);
5394 e->e_id = sm_rpool_strdup_x(e->e_rpool, idbuf);
5395 macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
5397 /* XXX: inherited from MainEnvelope */
5398 e->e_qgrp = NOQGRP; /* too early to do anything else */
5400 e->e_xfqgrp = NOQGRP;
5403 /* New ID means it's not on disk yet */
5404 e->e_qfletter = '\0';
5407 sm_dprintf("assign_queueid: assigned id %s, e=%p\n",
5410 sm_syslog(LOG_DEBUG, e->e_id, "assigned id");
5413 ** SYNC_QUEUE_TIME -- Assure exclusive PID in any given second
5415 ** Make sure one PID can't be used by two processes in any one second.
5417 ** If the system rotates PIDs fast enough, may get the
5418 ** same pid in the same second for two distinct processes.
5419 ** This will interfere with the queue file naming system.
5431 #if FAST_PID_RECYCLE
5432 if (OpMode != MD_TEST &&
5433 OpMode != MD_VERIFY &&
5434 LastQueueTime > 0 &&
5435 LastQueuePid == CurrentPid &&
5436 curtime() == LastQueueTime)
5438 #endif /* FAST_PID_RECYCLE */
5441 ** UNLOCKQUEUE -- unlock the queue entry for a specified envelope
5444 ** e -- the envelope to unlock.
5450 ** unlocks the queue for `e'.
5458 sm_dprintf("unlockqueue(%s)\n",
5459 e->e_id == NULL ? "NOQUEUE" : e->e_id);
5462 /* if there is a lock file in the envelope, close it */
5463 if (e->e_lockfp != NULL)
5464 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
5467 /* don't create a queue id if we don't already have one */
5468 if (e->e_id == NULL)
5471 /* remove the transcript */
5473 sm_syslog(LOG_DEBUG, e->e_id, "unlock");
5475 (void) xunlink(queuename(e, XSCRPT_LETTER));
5478 ** SETCTLUSER -- create a controlling address
5480 ** Create a fake "address" given only a local login name; this is
5481 ** used as a "controlling user" for future recipient addresses.
5484 ** user -- the user name of the controlling user.
5485 ** qfver -- the version stamp of this queue file.
5489 ** An address descriptor for the controlling user,
5490 ** using storage allocated from e->e_rpool.
5495 setctluser(user, qfver, e)
5500 register ADDRESS *a;
5505 ** See if this clears our concept of controlling user.
5508 if (user == NULL || *user == '\0')
5512 ** Set up addr fields for controlling user.
5515 a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof(*a));
5516 memset((char *) a, '\0', sizeof(*a));
5521 a->q_user = sm_rpool_strdup_x(e->e_rpool, p);
5525 p = strtok(user, ":");
5526 a->q_user = sm_rpool_strdup_x(e->e_rpool, user);
5529 if ((p = strtok(NULL, ":")) != NULL)
5531 if ((p = strtok(NULL, ":")) != NULL)
5533 if ((p = strtok(NULL, ":")) != NULL)
5537 a->q_flags |= QGOODUID;
5539 /* if there is another ':': restore it */
5540 if ((o = strtok(NULL, ":")) != NULL && o > p)
5544 else if ((pw = sm_getpwnam(user)) != NULL)
5546 if (*pw->pw_dir == '\0')
5548 else if (strcmp(pw->pw_dir, "/") == 0)
5551 a->q_home = sm_rpool_strdup_x(e->e_rpool, pw->pw_dir);
5552 a->q_uid = pw->pw_uid;
5553 a->q_gid = pw->pw_gid;
5554 a->q_flags |= QGOODUID;
5558 a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */
5559 a->q_mailer = LocalMailer;
5561 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_user);
5563 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, p);
5567 ** LOSEQFILE -- rename queue file with LOSEQF_LETTER & try to let someone know
5570 ** e -- the envelope (e->e_id will be used).
5571 ** why -- reported to whomever can hear.
5579 register ENVELOPE *e;
5584 char buf[MAXPATHLEN];
5586 if (e == NULL || e->e_id == NULL)
5588 p = queuename(e, ANYQFL_LETTER);
5589 if (sm_strlcpy(buf, p, sizeof(buf)) >= sizeof(buf))
5591 if (!bitset(EF_INQUEUE, e->e_flags))
5592 queueup(e, false, true);
5593 else if (QueueMode == QM_LOST)
5596 /* if already lost, no need to re-lose */
5599 p = queuename(e, LOSEQF_LETTER);
5600 if (rename(buf, p) < 0)
5601 syserr("cannot rename(%s, %s), uid=%d",
5602 buf, p, (int) geteuid());
5603 else if (LogLevel > 0)
5604 sm_syslog(LOG_ALERT, e->e_id,
5605 "Losing %s: %s", buf, why);
5607 if (e->e_dfp != NULL)
5609 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
5612 e->e_flags &= ~EF_HAS_DF;
5615 ** NAME2QID -- translate a queue group name to a queue group id
5618 ** queuename -- name of queue group.
5621 ** queue group id if found.
5622 ** NOQGRP otherwise.
5631 s = stab(queuename, ST_QUEUE, ST_FIND);
5634 return s->s_quegrp->qg_index;
5637 ** QID_PRINTNAME -- create externally printable version of queue id
5640 ** e -- the envelope.
5643 ** a printable version
5651 static char idbuf[MAXQFNAME + 34];
5656 if (e->e_id == NULL)
5661 if (e->e_qdir == NOQDIR)
5664 (void) sm_snprintf(idbuf, sizeof(idbuf), "%.32s/%s",
5665 Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_name,
5670 ** QID_PRINTQUEUE -- create full version of queue directory for data files
5673 ** qgrp -- index in queue group.
5674 ** qdir -- the short version of the queue directory
5677 ** the full pathname to the queue (might point to a static var)
5681 qid_printqueue(qgrp, qdir)
5686 static char dir[MAXPATHLEN];
5689 return Queue[qgrp]->qg_qdir;
5691 if (strcmp(Queue[qgrp]->qg_qpaths[qdir].qp_name, ".") == 0)
5694 subdir = Queue[qgrp]->qg_qpaths[qdir].qp_name;
5696 (void) sm_strlcpyn(dir, sizeof(dir), 4,
5697 Queue[qgrp]->qg_qdir,
5698 subdir == NULL ? "" : "/",
5699 subdir == NULL ? "" : subdir,
5701 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
5707 ** PICKQDIR -- Pick a queue directory from a queue group
5710 ** qg -- queue group
5711 ** fsize -- file size in bytes
5712 ** e -- envelope, or NULL
5715 ** NOQDIR if no queue directory in qg has enough free space to
5716 ** hold a file of size 'fsize', otherwise the index of
5717 ** a randomly selected queue directory which resides on a
5718 ** file system with enough disk space.
5719 ** XXX This could be extended to select a queuedir with
5720 ** a few (the fewest?) number of entries. That data
5721 ** is available if shared memory is used.
5724 ** If the request fails and e != NULL then sm_syslog is called.
5728 pickqdir(qg, fsize, e)
5737 /* Pick a random directory, as a starting point. */
5738 if (qg->qg_numqueues <= 1)
5741 qdir = get_rand_mod(qg->qg_numqueues);
5743 if (MinBlocksFree <= 0 && fsize <= 0)
5747 ** Now iterate over the queue directories,
5748 ** looking for a directory with enough space for this message.
5754 QPATHS *qp = &qg->qg_qpaths[i];
5759 needed += fsize / FILE_SYS_BLKSIZE(qp->qp_fsysidx)
5760 + ((fsize % FILE_SYS_BLKSIZE(qp->qp_fsysidx)
5762 if (MinBlocksFree > 0)
5763 needed += MinBlocksFree;
5764 fsavail = FILE_SYS_AVAIL(qp->qp_fsysidx);
5771 ** might be not correctly updated,
5772 ** let's try to get the info directly.
5775 fsavail = freediskspace(FILE_SYS_NAME(qp->qp_fsysidx),
5780 #endif /* SM_CONF_SHM */
5781 if (needed <= fsavail)
5783 if (avail < fsavail)
5786 if (qg->qg_numqueues > 0)
5787 i = (i + 1) % qg->qg_numqueues;
5788 } while (i != qdir);
5790 if (e != NULL && LogLevel > 0)
5791 sm_syslog(LOG_ALERT, e->e_id,
5792 "low on space (%s needs %ld bytes + %ld blocks in %s), max avail: %ld",
5793 CurHostName == NULL ? "SMTP-DAEMON" : CurHostName,
5794 fsize, MinBlocksFree,
5795 qg->qg_qdir, avail);
5799 ** SETNEWQUEUE -- Sets a new queue group and directory
5801 ** Assign a queue group and directory to an envelope and store the
5802 ** directory in e->e_qdir.
5805 ** e -- envelope to assign a queue for.
5808 ** true if successful
5812 ** On success, e->e_qgrp and e->e_qdir are non-negative.
5813 ** On failure (not enough disk space),
5814 ** e->qgrp = NOQGRP, e->e_qdir = NOQDIR
5815 ** and usrerr() is invoked (which could raise an exception).
5823 sm_dprintf("setnewqueue: called\n");
5825 /* not set somewhere else */
5826 if (e->e_qgrp == NOQGRP)
5831 ** Use the queue group of the "first" recipient, as set by
5832 ** the "queuegroup" rule set. If that is not defined, then
5833 ** use the queue group of the mailer of the first recipient.
5834 ** If that is not defined either, then use the default
5836 ** Notice: "first" depends on the sorting of sendqueue
5838 ** To avoid problems with "bad" recipients look
5839 ** for a valid address first.
5844 (QS_IS_BADADDR(q->q_state) || QS_IS_DEAD(q->q_state)))
5850 else if (q->q_qgrp >= 0)
5851 e->e_qgrp = q->q_qgrp;
5852 else if (q->q_mailer != NULL &&
5853 ISVALIDQGRP(q->q_mailer->m_qgrp))
5854 e->e_qgrp = q->q_mailer->m_qgrp;
5857 e->e_dfqgrp = e->e_qgrp;
5860 if (ISVALIDQDIR(e->e_qdir) && ISVALIDQDIR(e->e_dfqdir))
5863 sm_dprintf("setnewqueue: e_qdir already assigned (%s)\n",
5864 qid_printqueue(e->e_qgrp, e->e_qdir));
5869 e->e_qdir = pickqdir(Queue[e->e_qgrp], e->e_msgsize, e);
5870 if (e->e_qdir == NOQDIR)
5873 if (!bitset(EF_FATALERRS, e->e_flags))
5874 usrerr("452 4.4.5 Insufficient disk space; try again later");
5875 e->e_flags |= EF_FATALERRS;
5880 sm_dprintf("setnewqueue: Assigned queue directory %s\n",
5881 qid_printqueue(e->e_qgrp, e->e_qdir));
5883 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
5885 e->e_xfqgrp = e->e_qgrp;
5886 e->e_xfqdir = e->e_qdir;
5888 e->e_dfqdir = e->e_qdir;
5892 ** CHKQDIR -- check a queue directory
5895 ** name -- name of queue directory
5896 ** sff -- flags for safefile()
5899 ** is it a queue directory?
5902 static bool chkqdir __P((char *, long));
5912 /* skip over . and .. directories */
5913 if (name[0] == '.' &&
5914 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0')))
5917 if (lstat(name, &statb) < 0)
5918 #else /* HASLSTAT */
5919 if (stat(name, &statb) < 0)
5920 #endif /* HASLSTAT */
5923 sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
5924 name, sm_errstring(errno));
5928 if (S_ISLNK(statb.st_mode))
5931 ** For a symlink we need to make sure the
5932 ** target is a directory
5935 if (stat(name, &statb) < 0)
5938 sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
5939 name, sm_errstring(errno));
5943 #endif /* HASLSTAT */
5945 if (!S_ISDIR(statb.st_mode))
5948 sm_dprintf("chkqdir: \"%s\": Not a directory\n",
5953 /* Print a warning if unsafe (but still use it) */
5954 /* XXX do this only if we want the warning? */
5955 i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0);
5959 sm_dprintf("chkqdir: \"%s\": Not safe: %s\n",
5960 name, sm_errstring(i));
5963 sm_syslog(LOG_WARNING, NOQID,
5964 "queue directory \"%s\": Not safe: %s",
5965 name, sm_errstring(i));
5966 #endif /* _FFR_CHK_QUEUE */
5971 ** MULTIQUEUE_CACHE -- cache a list of paths to queues.
5973 ** Each potential queue is checked as the cache is built.
5974 ** Thereafter, each is blindly trusted.
5975 ** Note that we can be called again after a timeout to rebuild
5976 ** (although code for that is not ready yet).
5979 ** basedir -- base of all queue directories.
5980 ** blen -- strlen(basedir).
5981 ** qg -- queue group.
5982 ** qn -- number of queue directories already cached.
5983 ** phash -- pointer to hash value over queue dirs.
5985 ** only used if shared memory is active.
5986 #endif * SM_CONF_SHM *
5989 ** new number of queue directories.
5992 #define INITIAL_SLOTS 20
5993 #define ADD_SLOTS 10
5996 multiqueue_cache(basedir, blen, qg, qn, phash)
6001 unsigned int *phash;
6006 long sff = SFF_ANYFILE;
6007 char qpath[MAXPATHLEN];
6008 char subdir[MAXPATHLEN];
6009 char prefix[MAXPATHLEN]; /* dir relative to basedir */
6012 sm_dprintf("multiqueue_cache: called\n");
6014 /* Initialize to current directory */
6017 if (qg->qg_numqueues != 0 && qg->qg_qpaths != NULL)
6019 for (i = 0; i < qg->qg_numqueues; i++)
6021 if (qg->qg_qpaths[i].qp_name != NULL)
6022 (void) sm_free(qg->qg_qpaths[i].qp_name); /* XXX */
6024 (void) sm_free((char *) qg->qg_qpaths); /* XXX */
6025 qg->qg_qpaths = NULL;
6026 qg->qg_numqueues = 0;
6029 /* If running as root, allow safedirpath() checks to use privs */
6033 sff |= SFF_SAFEDIRPATH|SFF_NOWWFILES;
6035 sff |= SFF_NOGWFILES;
6036 #endif /* _FFR_CHK_QUEUE */
6038 if (!SM_IS_DIR_START(qg->qg_qdir))
6041 ** XXX we could add basedir, but then we have to realloc()
6042 ** the string... Maybe another time.
6045 syserr("QueuePath %s not absolute", qg->qg_qdir);
6046 ExitStat = EX_CONFIG;
6050 /* qpath: directory of current workgroup */
6051 len = sm_strlcpy(qpath, qg->qg_qdir, sizeof(qpath));
6052 if (len >= sizeof(qpath))
6054 syserr("QueuePath %.256s too long (%d max)",
6055 qg->qg_qdir, (int) sizeof(qpath));
6056 ExitStat = EX_CONFIG;
6060 /* begin of qpath must be same as basedir */
6061 if (strncmp(basedir, qpath, blen) != 0 &&
6062 (strncmp(basedir, qpath, blen - 1) != 0 || len != blen - 1))
6064 syserr("QueuePath %s not subpath of QueueDirectory %s",
6066 ExitStat = EX_CONFIG;
6070 /* Do we have a nested subdirectory? */
6071 if (blen < len && SM_FIRST_DIR_DELIM(qg->qg_qdir + blen) != NULL)
6074 /* Copy subdirectory into prefix for later use */
6075 if (sm_strlcpy(prefix, qg->qg_qdir + blen, sizeof(prefix)) >=
6078 syserr("QueuePath %.256s too long (%d max)",
6079 qg->qg_qdir, (int) sizeof(qpath));
6080 ExitStat = EX_CONFIG;
6083 cp = SM_LAST_DIR_DELIM(prefix);
6084 SM_ASSERT(cp != NULL);
6085 *cp = '\0'; /* cut off trailing / */
6088 /* This is guaranteed by the basedir check above */
6089 SM_ASSERT(len >= blen - 1);
6090 cp = &qpath[len - 1];
6094 register struct dirent *d;
6097 char relpath[MAXPATHLEN];
6099 *cp = '\0'; /* Overwrite wildcard */
6100 if ((cp = SM_LAST_DIR_DELIM(qpath)) == NULL)
6102 syserr("QueueDirectory: can not wildcard relative path");
6104 sm_dprintf("multiqueue_cache: \"%s*\": Can not wildcard relative path.\n",
6106 ExitStat = EX_CONFIG;
6112 ** Special case of top level wildcard, like /foo*
6116 (void) sm_strlcpy(qpath + 1, qpath, sizeof(qpath) - 1);
6120 *(cp++) = '\0'; /* Replace / with \0 */
6121 len = strlen(cp); /* Last component of queue directory */
6124 ** Path relative to basedir, with trailing /
6125 ** It will be modified below to specify the subdirectories
6126 ** so they can be opened without chdir().
6129 off = sm_strlcpyn(relpath, sizeof(relpath), 2, prefix, "/");
6130 SM_ASSERT(off < sizeof(relpath));
6133 sm_dprintf("multiqueue_cache: prefix=\"%s%s\"\n",
6136 /* It is always basedir: we don't need to store it per group */
6137 /* XXX: optimize this! -> one more global? */
6138 qg->qg_qdir = newstr(basedir);
6139 qg->qg_qdir[blen - 1] = '\0'; /* cut off trailing / */
6142 ** XXX Should probably wrap this whole loop in a timeout
6143 ** in case some wag decides to NFS mount the queues.
6146 /* Test path to get warning messages. */
6149 /* XXX qg_runasuid and qg_runasgid for specials? */
6150 i = safedirpath(basedir, RunAsUid, RunAsGid, NULL,
6152 if (i != 0 && tTd(41, 2))
6153 sm_dprintf("multiqueue_cache: \"%s\": Not safe: %s\n",
6154 basedir, sm_errstring(i));
6157 if ((dp = opendir(prefix)) == NULL)
6159 syserr("can not opendir(%s/%s)", qg->qg_qdir, prefix);
6161 sm_dprintf("multiqueue_cache: opendir(\"%s/%s\"): %s\n",
6162 qg->qg_qdir, prefix,
6163 sm_errstring(errno));
6164 ExitStat = EX_CONFIG;
6167 while ((d = readdir(dp)) != NULL)
6169 /* Skip . and .. directories */
6170 if (strcmp(d->d_name, ".") == 0 ||
6171 strcmp(d->d_name, "..") == 0)
6174 i = strlen(d->d_name);
6175 if (i < len || strncmp(d->d_name, cp, len) != 0)
6178 sm_dprintf("multiqueue_cache: \"%s\", skipped\n",
6183 /* Create relative pathname: prefix + local directory */
6184 i = sizeof(relpath) - off;
6185 if (sm_strlcpy(relpath + off, d->d_name, i) >= i)
6186 continue; /* way too long */
6188 if (!chkqdir(relpath, sff))
6191 if (qg->qg_qpaths == NULL)
6193 slotsleft = INITIAL_SLOTS;
6194 qg->qg_qpaths = (QPATHS *)xalloc((sizeof(*qg->qg_qpaths)) *
6196 qg->qg_numqueues = 0;
6198 else if (slotsleft < 1)
6200 qg->qg_qpaths = (QPATHS *)sm_realloc((char *)qg->qg_qpaths,
6201 (sizeof(*qg->qg_qpaths)) *
6204 if (qg->qg_qpaths == NULL)
6206 (void) closedir(dp);
6209 slotsleft += ADD_SLOTS;
6213 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs = QP_NOSUB;
6215 #define CHKRSUBDIR(name, flag) \
6216 (void) sm_strlcpyn(subdir, sizeof(subdir), 3, relpath, "/", name); \
6217 if (chkqdir(subdir, sff)) \
6218 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs |= flag; \
6222 CHKRSUBDIR("qf", QP_SUBQF);
6223 CHKRSUBDIR("df", QP_SUBDF);
6224 CHKRSUBDIR("xf", QP_SUBXF);
6226 /* assert(strlen(d->d_name) < MAXPATHLEN - 14) */
6227 /* maybe even - 17 (subdirs) */
6229 if (prefix[0] != '.')
6230 qg->qg_qpaths[qg->qg_numqueues].qp_name =
6233 qg->qg_qpaths[qg->qg_numqueues].qp_name =
6237 sm_dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n",
6238 qg->qg_numqueues, relpath,
6239 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs);
6241 qg->qg_qpaths[qg->qg_numqueues].qp_idx = qn;
6242 *phash = hash_q(relpath, *phash);
6243 #endif /* SM_CONF_SHM */
6248 (void) closedir(dp);
6253 if (qg->qg_numqueues == 0)
6255 qg->qg_qpaths = (QPATHS *) xalloc(sizeof(*qg->qg_qpaths));
6257 /* test path to get warning messages */
6258 i = safedirpath(qpath, RunAsUid, RunAsGid, NULL, sff, 0, 0);
6261 syserr("can not opendir(%s)", qpath);
6263 sm_dprintf("multiqueue_cache: opendir(\"%s\"): %s\n",
6264 qpath, sm_errstring(i));
6265 ExitStat = EX_CONFIG;
6269 qg->qg_qpaths[0].qp_subdirs = QP_NOSUB;
6270 qg->qg_numqueues = 1;
6273 #define CHKSUBDIR(name, flag) \
6274 (void) sm_strlcpyn(subdir, sizeof(subdir), 3, qg->qg_qdir, "/", name); \
6275 if (chkqdir(subdir, sff)) \
6276 qg->qg_qpaths[0].qp_subdirs |= flag; \
6279 CHKSUBDIR("qf", QP_SUBQF);
6280 CHKSUBDIR("df", QP_SUBDF);
6281 CHKSUBDIR("xf", QP_SUBXF);
6283 if (qg->qg_qdir[blen - 1] != '\0' &&
6284 qg->qg_qdir[blen] != '\0')
6287 ** Copy the last component into qpaths and
6291 qg->qg_qpaths[0].qp_name = newstr(qg->qg_qdir + blen);
6292 qg->qg_qdir[blen - 1] = '\0';
6295 qg->qg_qpaths[0].qp_name = newstr(".");
6298 qg->qg_qpaths[0].qp_idx = qn;
6299 *phash = hash_q(qg->qg_qpaths[0].qp_name, *phash);
6300 #endif /* SM_CONF_SHM */
6307 ** FILESYS_FIND -- find entry in FileSys table, or add new one
6309 ** Given the pathname of a directory, determine the file system
6310 ** in which that directory resides, and return a pointer to the
6311 ** entry in the FileSys table that describes the file system.
6312 ** A new entry is added if necessary (and requested).
6313 ** If the directory does not exist, -1 is returned.
6316 ** name -- name of directory (must be persistent!)
6317 ** path -- pathname of directory (name plus maybe "/df")
6318 ** add -- add to structure if not found.
6321 ** >=0: found: index in file system table
6322 ** <0: some error, i.e.,
6323 ** FSF_TOO_MANY: too many filesystems (-> syserr())
6324 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
6325 ** FSF_NOT_FOUND: not in list
6328 static short filesys_find __P((const char *, const char *, bool));
6330 #define FSF_NOT_FOUND (-1)
6331 #define FSF_STAT_FAIL (-2)
6332 #define FSF_TOO_MANY (-3)
6335 filesys_find(name, path, add)
6343 if (stat(path, &st) < 0)
6345 syserr("cannot stat queue directory %s", path);
6346 return FSF_STAT_FAIL;
6348 for (i = 0; i < NumFileSys; ++i)
6350 if (FILE_SYS_DEV(i) == st.st_dev)
6353 ** Make sure the file system (FS) name is set:
6354 ** even though the source code indicates that
6355 ** FILE_SYS_DEV() is only set below, it could be
6356 ** set via shared memory, hence we need to perform
6357 ** this check/assignment here.
6360 if (NULL == FILE_SYS_NAME(i))
6361 FILE_SYS_NAME(i) = name;
6365 if (i >= MAXFILESYS)
6367 syserr("too many queue file systems (%d max)", MAXFILESYS);
6368 return FSF_TOO_MANY;
6371 return FSF_NOT_FOUND;
6374 FILE_SYS_NAME(i) = name;
6375 FILE_SYS_DEV(i) = st.st_dev;
6376 FILE_SYS_AVAIL(i) = 0;
6377 FILE_SYS_BLKSIZE(i) = 1024; /* avoid divide by zero */
6382 ** FILESYS_SETUP -- set up mapping from queue directories to file systems
6384 ** This data structure is used to efficiently check the amount of
6385 ** free space available in a set of queue directories.
6388 ** add -- initialize structure if necessary.
6392 ** <0: some error, i.e.,
6393 ** FSF_NOT_FOUND: not in list
6394 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
6395 ** FSF_TOO_MANY: too many filesystems (-> syserr())
6398 static int filesys_setup __P((bool));
6409 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
6411 for (j = 0; j < Queue[i]->qg_numqueues; ++j)
6413 QPATHS *qp = &Queue[i]->qg_qpaths[j];
6414 char qddf[MAXPATHLEN];
6416 (void) sm_strlcpyn(qddf, sizeof(qddf), 2, qp->qp_name,
6417 (bitset(QP_SUBDF, qp->qp_subdirs)
6419 fs = filesys_find(qp->qp_name, qddf, add);
6421 qp->qp_fsysidx = fs;
6432 ** FILESYS_UPDATE -- update amount of free space on all file systems
6434 ** The FileSys table is used to cache the amount of free space
6435 ** available on all queue directory file systems.
6436 ** This function updates the cached information if it has expired.
6445 ** Updates FileSys table.
6452 long avail, blksize;
6454 static time_t nextupdate = 0;
6458 ** Only the daemon updates the shared memory, i.e.,
6459 ** if shared memory is available but the pid is not the
6460 ** one of the daemon, then don't do anything.
6463 if (ShmId != SM_SHM_NO_ID && DaemonPid != CurrentPid)
6465 #endif /* SM_CONF_SHM */
6467 if (now < nextupdate)
6469 nextupdate = now + FILESYS_UPDATE_INTERVAL;
6470 for (i = 0; i < NumFileSys; ++i)
6472 FILESYS *fs = &FILE_SYS(i);
6474 avail = freediskspace(FILE_SYS_NAME(i), &blksize);
6475 if (avail < 0 || blksize <= 0)
6478 sm_syslog(LOG_ERR, NOQID,
6479 "filesys_update failed: %s, fs=%s, avail=%ld, blocksize=%ld",
6480 sm_errstring(errno),
6481 FILE_SYS_NAME(i), avail, blksize);
6483 fs->fs_blksize = 1024; /* avoid divide by zero */
6484 nextupdate = now + 2; /* let's do this soon again */
6488 fs->fs_avail = avail;
6489 fs->fs_blksize = blksize;
6494 #if _FFR_ANY_FREE_FS
6496 ** FILESYS_FREE -- check whether there is at least one fs with enough space.
6499 ** fsize -- file size in bytes
6502 ** true iff there is one fs with more than fsize bytes free.
6513 for (i = 0; i < NumFileSys; ++i)
6517 if (FILE_SYS_AVAIL(i) < 0 || FILE_SYS_BLKSIZE(i) <= 0)
6519 needed += fsize / FILE_SYS_BLKSIZE(i)
6520 + ((fsize % FILE_SYS_BLKSIZE(i)
6523 if (needed <= FILE_SYS_AVAIL(i))
6528 #endif /* _FFR_ANY_FREE_FS */
6531 ** DISK_STATUS -- show amount of free space in queue directories
6534 ** out -- output file pointer.
6535 ** prefix -- string to output in front of each line.
6542 disk_status(out, prefix)
6547 long avail, blksize;
6550 for (i = 0; i < NumFileSys; ++i)
6552 avail = freediskspace(FILE_SYS_NAME(i), &blksize);
6553 if (avail >= 0 && blksize > 0)
6555 free = (long)((double) avail *
6556 ((double) blksize / 1024));
6560 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
6571 ** INIT_SEM -- initialize semaphore system
6574 ** owner -- is this the owner of semaphores?
6580 #if _FFR_USE_SEM_LOCKING
6582 static int SemId = -1; /* Semaphore Id */
6583 int SemKey = SM_SEM_KEY;
6584 #endif /* SM_CONF_SEM */
6585 #endif /* _FFR_USE_SEM_LOCKING */
6587 static void init_sem __P((bool));
6593 #if _FFR_USE_SEM_LOCKING
6595 SemId = sm_sem_start(SemKey, 1, 0, owner);
6598 sm_syslog(LOG_ERR, NOQID,
6599 "func=init_sem, sem_key=%ld, sm_sem_start=%d",
6600 (long) SemKey, SemId);
6603 #endif /* SM_CONF_SEM */
6604 #endif /* _FFR_USE_SEM_LOCKING */
6609 ** STOP_SEM -- stop semaphore system
6612 ** owner -- is this the owner of semaphores?
6618 static void stop_sem __P((bool));
6624 #if _FFR_USE_SEM_LOCKING
6626 if (owner && SemId >= 0)
6628 #endif /* SM_CONF_SEM */
6629 #endif /* _FFR_USE_SEM_LOCKING */
6634 ** UPD_QS -- update information about queue when adding/deleting an entry
6638 ** count -- add/remove entry (+1/0/-1: add/no change/remove)
6639 ** space -- update the space available as well.
6640 ** (>0/0/<0: add/no change/remove)
6641 ** where -- caller (for logging)
6647 ** Modifies available space in filesystem.
6648 ** Changes number of entries in queue directory.
6652 upd_qs(e, count, space, where)
6660 # if _FFR_USE_SEM_LOCKING
6662 # endif /* _FFR_USE_SEM_LOCKING */
6665 if (ShmId == SM_SHM_NO_ID || e == NULL)
6667 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
6669 idx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_idx;
6671 sm_dprintf("func=upd_qs, count=%d, space=%d, where=%s, idx=%d, entries=%d\n",
6672 count, space, where, idx, QSHM_ENTRIES(idx));
6674 /* XXX in theory this needs to be protected with a mutex */
6675 if (QSHM_ENTRIES(idx) >= 0 && count != 0)
6677 # if _FFR_USE_SEM_LOCKING
6678 r = sm_sem_acq(SemId, 0, 1);
6679 # endif /* _FFR_USE_SEM_LOCKING */
6680 QSHM_ENTRIES(idx) += count;
6681 # if _FFR_USE_SEM_LOCKING
6683 r = sm_sem_rel(SemId, 0, 1);
6684 # endif /* _FFR_USE_SEM_LOCKING */
6687 fidx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_fsysidx;
6691 /* update available space also? (might be loseqfile) */
6695 /* convert size to blocks; this causes rounding errors */
6696 s = e->e_msgsize / FILE_SYS_BLKSIZE(fidx);
6700 /* XXX in theory this needs to be protected with a mutex */
6702 FILE_SYS_AVAIL(fidx) += s;
6704 FILE_SYS_AVAIL(fidx) -= s;
6708 static bool write_key_file __P((char *, long));
6709 static long read_key_file __P((char *, long));
6712 ** WRITE_KEY_FILE -- record some key into a file.
6715 ** keypath -- file name.
6716 ** key -- key to write.
6719 ** true iff file could be written.
6726 write_key_file(keypath, key)
6735 if (keypath == NULL || *keypath == '\0')
6737 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
6738 if (TrustedUid != 0 && RealUid == TrustedUid)
6739 sff |= SFF_OPENASROOT;
6740 keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff);
6743 sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s",
6744 keypath, sm_errstring(errno));
6748 if (geteuid() == 0 && RunAsUid != 0)
6754 if (fd >= 0 && fchown(fd, RunAsUid, -1) < 0)
6758 sm_syslog(LOG_ALERT, NOQID,
6759 "ownership change on %s to %d failed: %s",
6760 keypath, RunAsUid, sm_errstring(err));
6762 # endif /* HASFCHOWN */
6764 ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) !=
6766 ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok;
6772 ** READ_KEY_FILE -- read a key from a file.
6775 ** keypath -- file name.
6776 ** key -- default key.
6783 read_key_file(keypath, key)
6791 if (keypath == NULL || *keypath == '\0')
6793 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY;
6794 if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid))
6795 sff |= SFF_OPENASROOT;
6796 keyf = safefopen(keypath, O_RDONLY, FileMode, sff);
6799 sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s",
6800 keypath, sm_errstring(errno));
6804 r = sm_io_fscanf(keyf, SM_TIME_DEFAULT, "%ld", &n);
6807 (void) sm_io_close(keyf, SM_TIME_DEFAULT);
6813 ** INIT_SHM -- initialize shared memory structure
6815 ** Initialize or attach to shared memory segment.
6816 ** Currently it is not a fatal error if this doesn't work.
6817 ** However, it causes us to have a "fallback" storage location
6818 ** for everything that is supposed to be in the shared memory,
6819 ** which makes the code slightly ugly.
6822 ** qn -- number of queue directories.
6823 ** owner -- owner of shared memory.
6824 ** hash -- identifies data that is stored in shared memory.
6830 static void init_shm __P((int, bool, unsigned int));
6833 init_shm(qn, owner, hash)
6843 PtrFileSys = &FileSys[0];
6844 PNumFileSys = &Numfilesys;
6845 /* if this "key" is specified: select one yourself */
6846 #define SEL_SHM_KEY ((key_t) -1)
6847 #define FIRST_SHM_KEY 25
6849 /* This allows us to disable shared memory at runtime. */
6854 shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T);
6855 keyselect = ShmKey == SEL_SHM_KEY;
6859 ShmKey = FIRST_SHM_KEY;
6863 ShmKey = read_key_file(ShmKeyFile, ShmKey);
6865 if (ShmKey == SEL_SHM_KEY)
6867 save_errno = (errno != 0) ? errno : EINVAL;
6874 /* allow read/write access for group? */
6875 Pshm = sm_shmstart(ShmKey, shms,
6876 SHM_R|SHM_W|(SHM_R>>3)|(SHM_W>>3),
6879 if (Pshm != NULL || !sm_file_exists(save_errno))
6887 /* back where we started? */
6888 if (ShmKey == SEL_SHM_KEY)
6895 /* only sleep if we are at the first key */
6896 if (!keyselect || ShmKey == SEL_SHM_KEY)
6904 (void) write_key_file(ShmKeyFile, (long) ShmKey);
6905 if (owner && RunAsUid != 0)
6907 i = sm_shmsetowner(ShmId, RunAsUid, RunAsGid, 0660);
6909 sm_syslog(LOG_ERR, NOQID,
6910 "key=%ld, sm_shmsetowner=%d, RunAsUid=%d, RunAsGid=%d",
6911 (long) ShmKey, i, RunAsUid, RunAsGid);
6917 *((pid_t *) SHM_OFF_PID(Pshm)) = CurrentPid;
6918 p = (int *) SHM_OFF_TAG(Pshm);
6923 if (*p != (int) shms)
6925 save_errno = EINVAL;
6929 p = (int *) SHM_OFF_TAG(Pshm);
6930 if (*p != (int) hash)
6932 save_errno = EINVAL;
6938 ** XXX how to check the pid?
6939 ** Read it from the pid-file? That does
6940 ** not need to exist.
6941 ** We could disable shm if we can't confirm
6942 ** that it is the right one.
6946 PtrFileSys = (FILESYS *) OFF_FILE_SYS(Pshm);
6947 PNumFileSys = (int *) OFF_NUM_FILE_SYS(Pshm);
6948 QShm = (QUEUE_SHM_T *) OFF_QUEUE_SHM(Pshm);
6949 PRSATmpCnt = (int *) OFF_RSA_TMP_CNT(Pshm);
6953 /* initialize values in shared memory */
6955 for (i = 0; i < qn; i++)
6956 QShm[i].qs_entries = -1;
6962 if (LogLevel > (owner ? 8 : 11))
6964 sm_syslog(owner ? LOG_ERR : LOG_NOTICE, NOQID,
6965 "can't %s shared memory, key=%ld: %s",
6966 owner ? "initialize" : "attach to",
6967 (long) ShmKey, sm_errstring(save_errno));
6970 #endif /* SM_CONF_SHM */
6974 ** SETUP_QUEUES -- set up all queue groups
6977 ** owner -- owner of shared memory?
6984 ** attaches shared memory.
6985 #endif * SM_CONF_SHM *
6993 unsigned int hashval;
6995 char basedir[MAXPATHLEN];
6999 ** Determine basedir for all queue directories.
7000 ** All queue directories must be (first level) subdirectories
7001 ** of the basedir. The basedir is the QueueDir
7002 ** without wildcards, but with trailing /
7007 len = sm_strlcpy(basedir, QueueDir, sizeof(basedir));
7009 /* Provide space for trailing '/' */
7010 if (len >= sizeof(basedir) - 1)
7012 syserr("QueueDirectory: path too long: %d, max %d",
7013 len, (int) sizeof(basedir) - 1);
7014 ExitStat = EX_CONFIG;
7018 if (basedir[len - 1] == '*')
7022 cp = SM_LAST_DIR_DELIM(basedir);
7025 syserr("QueueDirectory: can not wildcard relative path \"%s\"",
7028 sm_dprintf("setup_queues: \"%s\": Can not wildcard relative path.\n",
7030 ExitStat = EX_CONFIG;
7034 /* cut off wildcard pattern */
7038 else if (!SM_IS_DIR_DELIM(basedir[len - 1]))
7040 /* append trailing slash since it is a directory */
7042 basedir[++len] = '\0';
7045 /* len counts up to the last directory delimiter */
7046 SM_ASSERT(basedir[len - 1] == '/');
7048 if (chdir(basedir) < 0)
7050 int save_errno = errno;
7052 syserr("can not chdir(%s)", basedir);
7053 if (save_errno == EACCES)
7054 (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
7055 "Program mode requires special privileges, e.g., root or TrustedUser.\n");
7057 sm_dprintf("setup_queues: \"%s\": %s\n",
7058 basedir, sm_errstring(errno));
7059 ExitStat = EX_CONFIG;
7063 hashval = hash_q(basedir, hashval);
7064 #endif /* SM_CONF_SHM */
7066 /* initialize for queue runs */
7069 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
7070 Queue[i]->qg_nextrun = now;
7073 if (UseMSP && OpMode != MD_TEST)
7075 long sff = SFF_CREAT;
7077 if (stat(".", &st) < 0)
7079 syserr("can not stat(%s)", basedir);
7081 sm_dprintf("setup_queues: \"%s\": %s\n",
7082 basedir, sm_errstring(errno));
7083 ExitStat = EX_CONFIG;
7090 ** Check queue directory permissions.
7091 ** Can we write to a group writable queue directory?
7094 if (bitset(S_IWGRP, QueueFileMode) &&
7095 bitset(S_IWGRP, st.st_mode) &&
7096 safefile(" ", RunAsUid, RunAsGid, RunAsUserName, sff,
7097 QueueFileMode, NULL) != 0)
7099 syserr("can not write to queue directory %s (RunAsGid=%d, required=%d)",
7100 basedir, (int) RunAsGid, (int) st.st_gid);
7102 if (bitset(S_IWOTH|S_IXOTH, st.st_mode))
7104 #if _FFR_MSP_PARANOIA
7105 syserr("dangerous permissions=%o on queue directory %s",
7106 (int) st.st_mode, basedir);
7107 #else /* _FFR_MSP_PARANOIA */
7109 sm_syslog(LOG_ERR, NOQID,
7110 "dangerous permissions=%o on queue directory %s",
7111 (int) st.st_mode, basedir);
7112 #endif /* _FFR_MSP_PARANOIA */
7114 #if _FFR_MSP_PARANOIA
7116 syserr("can not use multiple queues for MSP");
7117 #endif /* _FFR_MSP_PARANOIA */
7120 /* initial number of queue directories */
7122 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
7123 qn = multiqueue_cache(basedir, len, Queue[i], qn, &hashval);
7126 init_shm(qn, owner, hashval);
7127 i = filesys_setup(owner || ShmId == SM_SHM_NO_ID);
7128 if (i == FSF_NOT_FOUND)
7131 ** We didn't get the right filesystem data
7132 ** This may happen if we don't have the right shared memory.
7133 ** So let's do this without shared memory.
7137 cleanup_shm(false); /* release shared memory */
7138 i = filesys_setup(false);
7140 syserr("filesys_setup failed twice, result=%d", i);
7141 else if (LogLevel > 8)
7142 sm_syslog(LOG_WARNING, NOQID,
7143 "shared memory does not contain expected data, ignored");
7145 #else /* SM_CONF_SHM */
7146 i = filesys_setup(true);
7147 #endif /* SM_CONF_SHM */
7149 ExitStat = EX_CONFIG;
7154 ** CLEANUP_SHM -- do some cleanup work for shared memory etc
7157 ** owner -- owner of shared memory?
7163 ** detaches shared memory.
7170 if (ShmId != SM_SHM_NO_ID)
7172 if (sm_shmstop(Pshm, ShmId, owner) < 0 && LogLevel > 8)
7173 sm_syslog(LOG_INFO, NOQID, "sm_shmstop failed=%s",
7174 sm_errstring(errno));
7176 ShmId = SM_SHM_NO_ID;
7180 #endif /* SM_CONF_SHM */
7183 ** CLEANUP_QUEUES -- do some cleanup work for queues
7199 ** SET_DEF_QUEUEVAL -- set default values for a queue group.
7202 ** qg -- queue group
7203 ** all -- set all values (true for default group)?
7209 ** sets default values for the queue group.
7213 set_def_queueval(qg, all)
7217 if (bitnset(QD_DEFINED, qg->qg_flags))
7220 qg->qg_qdir = QueueDir;
7221 #if _FFR_QUEUE_GROUP_SORTORDER
7222 qg->qg_sortorder = QueueSortOrder;
7223 #endif /* _FFR_QUEUE_GROUP_SORTORDER */
7224 qg->qg_maxqrun = all ? MaxRunnersPerQueue : -1;
7225 qg->qg_nice = NiceQueueRun;
7228 ** MAKEQUEUE -- define a new queue.
7231 ** line -- description of queue. This is in labeled fields.
7233 ** F -- the flags associated with the queue
7234 ** I -- the interval between running the queue
7235 ** J -- the maximum # of jobs in work list
7236 ** [M -- the maximum # of jobs in a queue run]
7237 ** N -- the niceness at which to run
7238 ** P -- the path to the queue
7239 ** S -- the queue sorting order
7240 ** R -- number of parallel queue runners
7241 ** r -- max recipients per envelope
7242 ** The first word is the canonical name of the queue.
7243 ** qdef -- this is a 'Q' definition from .cf
7249 ** enters the queue into the queue table.
7253 makequeue(line, qdef)
7258 register QUEUEGRP *qg;
7263 /* allocate a queue and set up defaults */
7264 qg = (QUEUEGRP *) xalloc(sizeof(*qg));
7265 memset((char *) qg, '\0', sizeof(*qg));
7267 if (line[0] == '\0')
7269 syserr("name required for queue");
7273 /* collect the queue name */
7275 *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
7280 qg->qg_name = newstr(line);
7282 /* set default values, can be overridden below */
7283 set_def_queueval(qg, false);
7285 /* now scan through and assign info from the fields */
7288 auto char *delimptr;
7290 while (*p != '\0' &&
7291 (*p == ',' || (isascii(*p) && isspace(*p))))
7294 /* p now points to field code */
7296 while (*p != '\0' && *p != '=' && *p != ',')
7300 syserr("queue %s: `=' expected", qg->qg_name);
7303 while (isascii(*p) && isspace(*p))
7306 /* p now points to the field body */
7307 p = munchstring(p, &delimptr, ',');
7309 /* install the field into the queue struct */
7312 case 'P': /* pathname */
7314 syserr("queue %s: empty path name",
7317 qg->qg_qdir = newstr(p);
7320 case 'F': /* flags */
7321 for (; *p != '\0'; p++)
7322 if (!(isascii(*p) && isspace(*p)))
7323 setbitn(*p, qg->qg_flags);
7327 ** Do we need two intervals here:
7328 ** One for persistent queue runners,
7329 ** one for "normal" queue runs?
7332 case 'I': /* interval between running the queue */
7333 qg->qg_queueintvl = convtime(p, 'm');
7336 case 'N': /* run niceness */
7337 qg->qg_nice = atoi(p);
7340 case 'R': /* maximum # of runners for the group */
7343 /* can't have more runners than allowed total */
7344 if (MaxQueueChildren > 0 && i > MaxQueueChildren)
7346 qg->qg_maxqrun = MaxQueueChildren;
7347 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7348 "Q=%s: R=%d exceeds MaxQueueChildren=%d, set to MaxQueueChildren\n",
7356 case 'J': /* maximum # of jobs in work list */
7357 qg->qg_maxlist = atoi(p);
7360 case 'r': /* max recipients per envelope */
7361 qg->qg_maxrcpt = atoi(p);
7364 #if _FFR_QUEUE_GROUP_SORTORDER
7365 case 'S': /* queue sorting order */
7368 case 'h': /* Host first */
7370 qg->qg_sortorder = QSO_BYHOST;
7373 case 'p': /* Priority order */
7375 qg->qg_sortorder = QSO_BYPRIORITY;
7378 case 't': /* Submission time */
7380 qg->qg_sortorder = QSO_BYTIME;
7383 case 'f': /* File name */
7385 qg->qg_sortorder = QSO_BYFILENAME;
7388 case 'm': /* Modification time */
7390 qg->qg_sortorder = QSO_BYMODTIME;
7393 case 'r': /* Random */
7395 qg->qg_sortorder = QSO_RANDOM;
7399 case 's': /* Shuffled host name */
7401 qg->qg_sortorder = QSO_BYSHUFFLE;
7403 # endif /* _FFR_RHS */
7405 case 'n': /* none */
7407 qg->qg_sortorder = QSO_NONE;
7411 syserr("Invalid queue sort order \"%s\"", p);
7414 #endif /* _FFR_QUEUE_GROUP_SORTORDER */
7417 syserr("Q%s: unknown queue equate %c=",
7418 qg->qg_name, fcode);
7426 if (qg->qg_nice != NiceQueueRun)
7428 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7429 "Q%s: Warning: N= set on system that doesn't support nice()\n",
7432 #endif /* !HASNICE */
7434 /* do some rationality checking */
7435 if (NumQueue >= MAXQUEUEGROUPS)
7437 syserr("too many queue groups defined (%d max)",
7442 if (qg->qg_qdir == NULL)
7444 if (QueueDir == NULL || *QueueDir == '\0')
7446 syserr("QueueDir must be defined before queue groups");
7449 qg->qg_qdir = newstr(QueueDir);
7452 if (qg->qg_maxqrun > 1 && !bitnset(QD_FORK, qg->qg_flags))
7454 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7455 "Warning: Q=%s: R=%d: multiple queue runners specified\n\tbut flag '%c' is not set\n",
7456 qg->qg_name, qg->qg_maxqrun, QD_FORK);
7459 /* enter the queue into the symbol table */
7461 sm_syslog(LOG_INFO, NOQID,
7462 "Adding %s to stab, path: %s", qg->qg_name,
7464 s = stab(qg->qg_name, ST_QUEUE, ST_ENTER);
7465 if (s->s_quegrp != NULL)
7467 i = s->s_quegrp->qg_index;
7469 /* XXX what about the pointers inside this struct? */
7470 sm_free(s->s_quegrp); /* XXX */
7474 Queue[i] = s->s_quegrp = qg;
7477 /* set default value for max queue runners */
7478 if (qg->qg_maxqrun < 0)
7480 if (MaxRunnersPerQueue > 0)
7481 qg->qg_maxqrun = MaxRunnersPerQueue;
7486 setbitn(QD_DEFINED, qg->qg_flags);
7490 ** HASHFQN -- calculate a hash value for a fully qualified host name
7493 ** fqn -- an all lower-case host.domain string
7494 ** buckets -- the number of buckets (queue directories)
7497 ** a bucket number (signed integer)
7500 ** Contributed by Exactis.com, Inc.
7504 hashfqn(fqn, buckets)
7509 register int h = 0, hash, cnt;
7515 ** A variation on the gdb hash
7516 ** This is the best as of Feb 19, 1996 --bcx
7520 h = 0x238F13AF * strlen(p);
7521 for (cnt = 0; *p != 0; ++p, cnt++)
7523 h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF;
7525 h = (1103515243 * h + 12345) & 0x7FFFFFFF;
7529 hash = (h % buckets);
7536 ** A structure for sorting Queue according to maxqrun without
7537 ** screwing up Queue itself.
7542 int sg_idx; /* original index */
7543 int sg_maxqrun; /* max queue runners */
7545 typedef struct sortqgrp SORTQGRP_T;
7546 static int cmpidx __P((const void *, const void *));
7553 /* The sort is highest to lowest, so the comparison is reversed */
7554 if (((SORTQGRP_T *)a)->sg_maxqrun < ((SORTQGRP_T *)b)->sg_maxqrun)
7556 else if (((SORTQGRP_T *)a)->sg_maxqrun > ((SORTQGRP_T *)b)->sg_maxqrun)
7563 ** MAKEWORKGROUP -- balance queue groups into work groups per MaxQueueChildren
7565 ** Take the now defined queue groups and assign them to work groups.
7566 ** This is done to balance out the number of concurrently active
7567 ** queue runners such that MaxQueueChildren is not exceeded. This may
7568 ** result in more than one queue group per work group. In such a case
7569 ** the number of running queue groups in that work group will have no
7570 ** more than the work group maximum number of runners (a "fair" portion
7571 ** of MaxQueueRunners). All queue groups within a work group will get a
7572 ** chance at running.
7581 ** Sets up WorkGrp structure.
7587 int i, j, total_runners, dir, h;
7588 SORTQGRP_T si[MAXQUEUEGROUPS + 1];
7591 if (NumQueue == 1 && strcmp(Queue[0]->qg_name, "mqueue") == 0)
7594 ** There is only the "mqueue" queue group (a default)
7595 ** containing all of the queues. We want to provide to
7596 ** this queue group the maximum allowable queue runners.
7597 ** To match older behavior (8.10/8.11) we'll try for
7598 ** 1 runner per queue capping it at MaxQueueChildren.
7599 ** So if there are N queues, then there will be N runners
7600 ** for the "mqueue" queue group (where N is kept less than
7601 ** MaxQueueChildren).
7605 WorkGrp[0].wg_numqgrp = 1;
7606 WorkGrp[0].wg_qgs = (QUEUEGRP **) xalloc(sizeof(QUEUEGRP *));
7607 WorkGrp[0].wg_qgs[0] = Queue[0];
7608 if (MaxQueueChildren > 0 &&
7609 Queue[0]->qg_numqueues > MaxQueueChildren)
7610 WorkGrp[0].wg_runners = MaxQueueChildren;
7612 WorkGrp[0].wg_runners = Queue[0]->qg_numqueues;
7614 Queue[0]->qg_wgrp = 0;
7616 /* can't have more runners than allowed total */
7617 if (MaxQueueChildren > 0 &&
7618 Queue[0]->qg_maxqrun > MaxQueueChildren)
7619 Queue[0]->qg_maxqrun = MaxQueueChildren;
7620 WorkGrp[0].wg_maxact = Queue[0]->qg_maxqrun;
7621 WorkGrp[0].wg_lowqintvl = Queue[0]->qg_queueintvl;
7625 for (i = 0; i < NumQueue; i++)
7627 si[i].sg_maxqrun = Queue[i]->qg_maxqrun;
7630 qsort(si, NumQueue, sizeof(si[0]), cmpidx);
7633 for (i = 0; i < NumQueue; i++)
7635 total_runners += si[i].sg_maxqrun;
7636 if (MaxQueueChildren <= 0 || total_runners <= MaxQueueChildren)
7642 if (NumWorkGroups < 1)
7643 NumWorkGroups = 1; /* gotta have one at least */
7644 else if (NumWorkGroups > MAXWORKGROUPS)
7645 NumWorkGroups = MAXWORKGROUPS; /* the limit */
7648 ** We now know the number of work groups to pack the queue groups
7649 ** into. The queue groups in 'Queue' are sorted from highest
7650 ** to lowest for the number of runners per queue group.
7651 ** We put the queue groups with the largest number of runners
7652 ** into work groups first. Then the smaller ones are fitted in
7653 ** where it looks best.
7658 for (i = 0; i < NumQueue; i++)
7660 /* a to-and-fro packing scheme, continue from last position */
7661 if (j >= NumWorkGroups)
7664 j = NumWorkGroups - 1;
7672 if (WorkGrp[j].wg_qgs == NULL)
7673 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_malloc(sizeof(QUEUEGRP *) *
7674 (WorkGrp[j].wg_numqgrp + 1));
7676 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_realloc(WorkGrp[j].wg_qgs,
7677 sizeof(QUEUEGRP *) *
7678 (WorkGrp[j].wg_numqgrp + 1));
7679 if (WorkGrp[j].wg_qgs == NULL)
7681 syserr("!cannot allocate memory for work queues, need %d bytes",
7682 (int) (sizeof(QUEUEGRP *) *
7683 (WorkGrp[j].wg_numqgrp + 1)));
7687 WorkGrp[j].wg_qgs[WorkGrp[j].wg_numqgrp] = Queue[h];
7688 WorkGrp[j].wg_numqgrp++;
7689 WorkGrp[j].wg_runners += Queue[h]->qg_maxqrun;
7690 Queue[h]->qg_wgrp = j;
7692 if (WorkGrp[j].wg_maxact == 0)
7694 /* can't have more runners than allowed total */
7695 if (MaxQueueChildren > 0 &&
7696 Queue[h]->qg_maxqrun > MaxQueueChildren)
7697 Queue[h]->qg_maxqrun = MaxQueueChildren;
7698 WorkGrp[j].wg_maxact = Queue[h]->qg_maxqrun;
7702 ** XXX: must wg_lowqintvl be the GCD?
7703 ** qg1: 2m, qg2: 3m, minimum: 2m, when do queue runs for
7707 /* keep track of the lowest interval for a persistent runner */
7708 if (Queue[h]->qg_queueintvl > 0 &&
7709 WorkGrp[j].wg_lowqintvl < Queue[h]->qg_queueintvl)
7710 WorkGrp[j].wg_lowqintvl = Queue[h]->qg_queueintvl;
7715 for (i = 0; i < NumWorkGroups; i++)
7717 sm_dprintf("Workgroup[%d]=", i);
7718 for (j = 0; j < WorkGrp[i].wg_numqgrp; j++)
7721 WorkGrp[i].wg_qgs[j]->qg_name);
7729 ** DUP_DF -- duplicate envelope data file
7731 ** Copy the data file from the 'old' envelope to the 'new' envelope
7732 ** in the most efficient way possible.
7734 ** Create a hard link from the 'old' data file to the 'new' data file.
7735 ** If the old and new queue directories are on different file systems,
7736 ** then the new data file link is created in the old queue directory,
7737 ** and the new queue file will contain a 'd' record pointing to the
7738 ** directory containing the new data file.
7741 ** old -- old envelope.
7742 ** new -- new envelope.
7745 ** Returns true on success, false on failure.
7748 ** On success, the new data file is created.
7749 ** On fatal failure, EF_FATALERRS is set in old->e_flags.
7752 static bool dup_df __P((ENVELOPE *, ENVELOPE *));
7760 char opath[MAXPATHLEN];
7761 char npath[MAXPATHLEN];
7763 if (!bitset(EF_HAS_DF, old->e_flags))
7766 ** this can happen if: SuperSafe != True
7767 ** and a bounce mail is sent that is split.
7770 queueup(old, false, true);
7772 SM_REQUIRE(ISVALIDQGRP(old->e_qgrp) && ISVALIDQDIR(old->e_qdir));
7773 SM_REQUIRE(ISVALIDQGRP(new->e_qgrp) && ISVALIDQDIR(new->e_qdir));
7775 (void) sm_strlcpy(opath, queuename(old, DATAFL_LETTER), sizeof(opath));
7776 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath));
7778 if (old->e_dfp != NULL)
7780 r = sm_io_setinfo(old->e_dfp, SM_BF_COMMIT, NULL);
7781 if (r < 0 && errno != EINVAL)
7783 syserr("@can't commit %s", opath);
7784 old->e_flags |= EF_FATALERRS;
7790 ** Attempt to create a hard link, if we think both old and new
7791 ** are on the same file system, otherwise copy the file.
7793 ** Don't waste time attempting a hard link unless old and new
7794 ** are on the same file system.
7797 SM_REQUIRE(ISVALIDQGRP(old->e_dfqgrp) && ISVALIDQDIR(old->e_dfqdir));
7798 SM_REQUIRE(ISVALIDQGRP(new->e_dfqgrp) && ISVALIDQDIR(new->e_dfqdir));
7800 ofs = Queue[old->e_dfqgrp]->qg_qpaths[old->e_dfqdir].qp_fsysidx;
7801 nfs = Queue[new->e_dfqgrp]->qg_qpaths[new->e_dfqdir].qp_fsysidx;
7802 if (FILE_SYS_DEV(ofs) == FILE_SYS_DEV(nfs))
7804 if (link(opath, npath) == 0)
7806 new->e_flags |= EF_HAS_DF;
7807 SYNC_DIR(npath, true);
7814 ** Can't link across queue directories, so try to create a hard
7815 ** link in the same queue directory as the old df file.
7816 ** The qf file will refer to the new df file using a 'd' record.
7819 new->e_dfqgrp = old->e_dfqgrp;
7820 new->e_dfqdir = old->e_dfqdir;
7821 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath));
7822 if (link(opath, npath) == 0)
7824 new->e_flags |= EF_HAS_DF;
7825 SYNC_DIR(npath, true);
7831 sm_syslog(LOG_ERR, old->e_id,
7832 "dup_df: can't link %s to %s, error=%s, envelope splitting failed",
7833 opath, npath, sm_errstring(errno));
7838 ** SPLIT_ENV -- Allocate a new envelope based on a given envelope.
7842 ** sendqueue -- sendqueue for new envelope.
7843 ** qgrp -- index of queue group.
7844 ** qdir -- queue directory.
7851 static ENVELOPE *split_env __P((ENVELOPE *, ADDRESS *, int, int));
7854 split_env(e, sendqueue, qgrp, qdir)
7862 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, sizeof(*ee));
7863 STRUCTCOPY(*e, *ee);
7864 ee->e_message = NULL; /* XXX use original message? */
7867 ee->e_sendqueue = sendqueue;
7868 ee->e_flags &= ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS
7869 |EF_SENDRECEIPT|EF_RET_PARAM|EF_HAS_DF);
7870 ee->e_flags |= EF_NORECEIPT; /* XXX really? */
7871 ee->e_from.q_state = QS_SENDER;
7873 ee->e_lockfp = NULL;
7874 if (e->e_xfp != NULL)
7875 ee->e_xfp = sm_io_dup(e->e_xfp);
7877 /* failed to dup e->e_xfp, start a new transcript */
7878 if (ee->e_xfp == NULL)
7881 ee->e_qgrp = ee->e_dfqgrp = qgrp;
7882 ee->e_qdir = ee->e_dfqdir = qdir;
7883 ee->e_errormode = EM_MAIL;
7884 ee->e_statmsg = NULL;
7885 if (e->e_quarmsg != NULL)
7886 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool,
7890 ** XXX Not sure if this copying is necessary.
7891 ** sendall() does this copying, but I (dm) don't know if that is
7892 ** because of the storage management discipline we were using
7893 ** before rpools were introduced, or if it is because these lists
7894 ** can be modified later.
7897 ee->e_header = copyheader(e->e_header, ee->e_rpool);
7898 ee->e_errorqueue = copyqueue(e->e_errorqueue, ee->e_rpool);
7903 /* return values from split functions, check also below! */
7904 #define SM_SPLIT_FAIL (0)
7905 #define SM_SPLIT_NONE (1)
7906 #define SM_SPLIT_NEW(n) (1 + (n))
7909 ** SPLIT_ACROSS_QUEUE_GROUPS
7911 ** This function splits an envelope across multiple queue groups
7912 ** based on the queue group of each recipient.
7918 ** SM_SPLIT_FAIL on failure
7919 ** SM_SPLIT_NONE if no splitting occurred,
7920 ** or 1 + the number of additional envelopes created.
7923 ** On success, e->e_sibling points to a list of zero or more
7924 ** additional envelopes, and the associated data files exist
7925 ** on disk. But the queue files are not created.
7927 ** On failure, e->e_sibling is not changed.
7928 ** The order of recipients in e->e_sendqueue is permuted.
7929 ** Abandoned data files for additional envelopes that failed
7930 ** to be created may exist on disk.
7933 static int q_qgrp_compare __P((const void *, const void *));
7934 static int e_filesys_compare __P((const void *, const void *));
7937 q_qgrp_compare(p1, p2)
7941 ADDRESS **pq1 = (ADDRESS **) p1;
7942 ADDRESS **pq2 = (ADDRESS **) p2;
7944 return (*pq1)->q_qgrp - (*pq2)->q_qgrp;
7948 e_filesys_compare(p1, p2)
7952 ENVELOPE **pe1 = (ENVELOPE **) p1;
7953 ENVELOPE **pe2 = (ENVELOPE **) p2;
7956 fs1 = Queue[(*pe1)->e_qgrp]->qg_qpaths[(*pe1)->e_qdir].qp_fsysidx;
7957 fs2 = Queue[(*pe2)->e_qgrp]->qg_qpaths[(*pe2)->e_qdir].qp_fsysidx;
7958 if (FILE_SYS_DEV(fs1) < FILE_SYS_DEV(fs2))
7960 if (FILE_SYS_DEV(fs1) > FILE_SYS_DEV(fs2))
7965 static int split_across_queue_groups __P((ENVELOPE *));
7967 split_across_queue_groups(e)
7970 int naddrs, nsplits, i;
7973 ADDRESS *q, **addrs;
7975 ENVELOPE *splits[MAXQUEUEGROUPS];
7976 char pvpbuf[PSBUFSIZE];
7978 SM_REQUIRE(ISVALIDQGRP(e->e_qgrp));
7980 /* Count addresses and assign queue groups. */
7983 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
7985 if (QS_IS_DEAD(q->q_state))
7989 /* bad addresses and those already sent stay put */
7990 if (QS_IS_BADADDR(q->q_state) ||
7991 QS_IS_SENT(q->q_state))
7992 q->q_qgrp = e->e_qgrp;
7993 else if (!ISVALIDQGRP(q->q_qgrp))
7995 /* call ruleset which should return a queue group */
7996 i = rscap(RS_QUEUEGROUP, q->q_user, NULL, e, &pvp,
7997 pvpbuf, sizeof(pvpbuf));
7999 pvp != NULL && pvp[0] != NULL &&
8000 (pvp[0][0] & 0377) == CANONNET &&
8001 pvp[1] != NULL && pvp[1][0] != '\0')
8003 i = name2qid(pvp[1]);
8009 sm_syslog(LOG_INFO, NOQID,
8010 "queue group name %s -> %d",
8014 else if (LogLevel > 10)
8015 sm_syslog(LOG_INFO, NOQID,
8016 "can't find queue group name %s, selection ignored",
8019 if (q->q_mailer != NULL &&
8020 ISVALIDQGRP(q->q_mailer->m_qgrp))
8023 q->q_qgrp = q->q_mailer->m_qgrp;
8025 else if (ISVALIDQGRP(e->e_qgrp))
8026 q->q_qgrp = e->e_qgrp;
8032 /* only one address? nothing to split. */
8033 if (naddrs <= 1 && !changed)
8034 return SM_SPLIT_NONE;
8036 /* sort the addresses by queue group */
8037 addrs = sm_rpool_malloc_x(e->e_rpool, naddrs * sizeof(ADDRESS *));
8038 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
8040 if (QS_IS_DEAD(q->q_state))
8044 qsort(addrs, naddrs, sizeof(ADDRESS *), q_qgrp_compare);
8046 /* split into multiple envelopes, by queue group */
8049 e->e_sendqueue = NULL;
8050 for (i = 0; i < naddrs; ++i)
8052 if (i == naddrs - 1 || addrs[i]->q_qgrp != addrs[i + 1]->q_qgrp)
8053 addrs[i]->q_next = NULL;
8055 addrs[i]->q_next = addrs[i + 1];
8057 /* same queue group as original envelope? */
8058 if (addrs[i]->q_qgrp == e->e_qgrp)
8060 if (e->e_sendqueue == NULL)
8061 e->e_sendqueue = addrs[i];
8065 /* different queue group than original envelope */
8066 if (es == NULL || addrs[i]->q_qgrp != es->e_qgrp)
8068 ee = split_env(e, addrs[i], addrs[i]->q_qgrp, NOQDIR);
8070 splits[nsplits++] = ee;
8074 /* no splits? return right now. */
8076 return SM_SPLIT_NONE;
8078 /* assign a queue directory to each additional envelope */
8079 for (i = 0; i < nsplits; ++i)
8083 es->e_qdir = pickqdir(Queue[es->e_qgrp], es->e_msgsize, es);
8085 if (!setnewqueue(es))
8089 /* sort the additional envelopes by queue file system */
8090 qsort(splits, nsplits, sizeof(ENVELOPE *), e_filesys_compare);
8092 /* create data files for each additional envelope */
8093 if (!dup_df(e, splits[0]))
8098 for (i = 1; i < nsplits; ++i)
8100 /* copy or link to the previous data file */
8101 if (!dup_df(splits[i - 1], splits[i]))
8105 /* success: prepend the new envelopes to the e->e_sibling list */
8106 for (i = 0; i < nsplits; ++i)
8109 es->e_sibling = e->e_sibling;
8112 return SM_SPLIT_NEW(nsplits);
8114 /* failure: clean up */
8120 for (j = 0; j < i; j++)
8121 (void) unlink(queuename(splits[j], DATAFL_LETTER));
8123 e->e_sendqueue = addrs[0];
8124 for (i = 0; i < naddrs - 1; ++i)
8125 addrs[i]->q_next = addrs[i + 1];
8126 addrs[naddrs - 1]->q_next = NULL;
8127 return SM_SPLIT_FAIL;
8131 ** SPLIT_WITHIN_QUEUE
8133 ** Split an envelope with multiple recipients into several
8134 ** envelopes within the same queue directory, if the number of
8135 ** recipients exceeds the limit for the queue group.
8141 ** SM_SPLIT_FAIL on failure
8142 ** SM_SPLIT_NONE if no splitting occurred,
8143 ** or 1 + the number of additional envelopes created.
8146 #define SPLIT_LOG_LEVEL 8
8148 static int split_within_queue __P((ENVELOPE *));
8151 split_within_queue(e)
8154 int maxrcpt, nrcpt, ndead, nsplit, i;
8157 ADDRESS *q, **addrs;
8158 ENVELOPE *ee, *firstsibling;
8160 if (!ISVALIDQGRP(e->e_qgrp) || bitset(EF_SPLIT, e->e_flags))
8161 return SM_SPLIT_NONE;
8163 /* don't bother if there is no recipient limit */
8164 maxrcpt = Queue[e->e_qgrp]->qg_maxrcpt;
8166 return SM_SPLIT_NONE;
8168 /* count recipients */
8170 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
8172 if (QS_IS_DEAD(q->q_state))
8176 if (nrcpt <= maxrcpt)
8177 return SM_SPLIT_NONE;
8180 ** Preserve the recipient list
8181 ** so that we can restore it in case of error.
8182 ** (But we discard dead addresses.)
8185 addrs = sm_rpool_malloc_x(e->e_rpool, nrcpt * sizeof(ADDRESS *));
8186 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
8188 if (QS_IS_DEAD(q->q_state))
8194 ** Partition the recipient list so that bad and sent addresses
8195 ** come first. These will go with the original envelope, and
8196 ** do not count towards the maxrcpt limit.
8197 ** addrs[] does not contain QS_IS_DEAD() addresses.
8201 for (i = 0; i < nrcpt; ++i)
8203 if (QS_IS_BADADDR(addrs[i]->q_state) ||
8204 QS_IS_SENT(addrs[i]->q_state) ||
8205 QS_IS_DEAD(addrs[i]->q_state)) /* for paranoia's sake */
8209 ADDRESS *tmp = addrs[i];
8211 addrs[i] = addrs[ndead];
8218 /* Check if no splitting required. */
8219 if (nrcpt - ndead <= maxrcpt)
8220 return SM_SPLIT_NONE;
8223 for (i = 0; i < nrcpt - 1; ++i)
8224 addrs[i]->q_next = addrs[i + 1];
8225 addrs[nrcpt - 1]->q_next = NULL;
8226 e->e_sendqueue = addrs[0];
8228 /* prepare buffer for logging */
8229 if (LogLevel > SPLIT_LOG_LEVEL)
8232 lsplits = sm_malloc(l);
8233 if (lsplits != NULL)
8239 /* get rid of stupid compiler warnings */
8244 /* split the envelope */
8245 firstsibling = e->e_sibling;
8246 i = maxrcpt + ndead;
8250 addrs[i - 1]->q_next = NULL;
8251 ee = split_env(e, addrs[i], e->e_qgrp, e->e_qdir);
8258 (void) unlink(queuename(ee, DATAFL_LETTER));
8262 /* Error. Restore e's sibling & recipient lists. */
8263 e->e_sibling = firstsibling;
8264 for (i = 0; i < nrcpt - 1; ++i)
8265 addrs[i]->q_next = addrs[i + 1];
8266 if (lsplits != NULL)
8268 return SM_SPLIT_FAIL;
8271 /* prepend the new envelope to e->e_sibling */
8272 ee->e_sibling = e->e_sibling;
8275 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8277 if (j >= l - strlen(ee->e_id) - 3)
8282 p = sm_realloc(lsplits, l);
8285 /* let's try to get this done */
8292 if (lsplits != NULL)
8295 j += sm_strlcat(lsplits + j,
8299 j += sm_strlcat2(lsplits + j,
8306 if (nrcpt - i <= maxrcpt)
8310 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8314 sm_syslog(LOG_NOTICE, e->e_id,
8315 "split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s",
8316 maxrcpt, nrcpt - ndead, nsplit,
8317 nsplit > 1 ? "s" : "", lsplits);
8321 return SM_SPLIT_NEW(nsplit);
8324 ** SPLIT_BY_RECIPIENT
8326 ** Split an envelope with multiple recipients into multiple
8327 ** envelopes as required by the sendmail configuration.
8333 ** Returns true on success, false on failure.
8336 ** see split_across_queue_groups(), split_within_queue(e)
8340 split_by_recipient(e)
8343 int split, n, i, j, l;
8345 ENVELOPE *ee, *next, *firstsibling;
8347 if (OpMode == SM_VERIFY || !ISVALIDQGRP(e->e_qgrp) ||
8348 bitset(EF_SPLIT, e->e_flags))
8350 n = split_across_queue_groups(e);
8351 if (n == SM_SPLIT_FAIL)
8353 firstsibling = ee = e->e_sibling;
8354 if (n > 1 && LogLevel > SPLIT_LOG_LEVEL)
8357 lsplits = sm_malloc(l);
8358 if (lsplits != NULL)
8364 /* get rid of stupid compiler warnings */
8368 for (i = 1; i < n; ++i)
8370 next = ee->e_sibling;
8371 if (split_within_queue(ee) == SM_SPLIT_FAIL)
8373 e->e_sibling = firstsibling;
8376 ee->e_flags |= EF_SPLIT;
8377 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8379 if (j >= l - strlen(ee->e_id) - 3)
8384 p = sm_realloc(lsplits, l);
8387 /* let's try to get this done */
8394 if (lsplits != NULL)
8397 j += sm_strlcat(lsplits + j,
8400 j += sm_strlcat2(lsplits + j, "; ",
8407 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && n > 1)
8409 sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s",
8410 n - 1, n > 2 ? "s" : "", lsplits);
8413 split = split_within_queue(e) != SM_SPLIT_FAIL;
8415 e->e_flags |= EF_SPLIT;
8420 ** QUARANTINE_QUEUE_ITEM -- {un,}quarantine a single envelope
8422 ** Add/remove quarantine reason and requeue appropriately.
8425 ** qgrp -- queue group for the item
8426 ** qdir -- queue directory in the given queue group
8427 ** e -- envelope information for the item
8428 ** reason -- quarantine reason, NULL means unquarantine.
8431 ** true if item changed, false otherwise
8434 ** Changes quarantine tag in queue file and renames it.
8438 quarantine_queue_item(qgrp, qdir, e, reason)
8445 bool failing = false;
8446 bool foundq = false;
8447 bool finished = false;
8453 MODE_T oldumask = 0;
8454 SM_FILE_T *oldqfp, *tempqfp;
8457 char oldqf[MAXPATHLEN];
8458 char tempqf[MAXPATHLEN];
8459 char newqf[MAXPATHLEN];
8462 oldtype = queue_letter(e, ANYQFL_LETTER);
8463 (void) sm_strlcpy(oldqf, queuename(e, ANYQFL_LETTER), sizeof(oldqf));
8464 (void) sm_strlcpy(tempqf, queuename(e, NEWQFL_LETTER), sizeof(tempqf));
8467 ** Instead of duplicating all the open
8468 ** and lock code here, tell readqf() to
8469 ** do that work and return the open
8470 ** file pointer in e_lockfp. Note that
8471 ** we must release the locks properly when
8475 if (!readqf(e, true))
8477 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8478 "Skipping %s\n", qid_printname(e));
8481 oldqfp = e->e_lockfp;
8483 /* open the new queue file */
8484 flags = O_CREAT|O_WRONLY|O_EXCL;
8485 if (bitset(S_IWGRP, QueueFileMode))
8486 oldumask = umask(002);
8487 fd = open(tempqf, flags, QueueFileMode);
8488 if (bitset(S_IWGRP, QueueFileMode))
8489 (void) umask(oldumask);
8495 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8496 "Skipping %s: Could not open %s: %s\n",
8497 qid_printname(e), tempqf,
8498 sm_errstring(save_errno));
8499 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8502 if (!lockfile(fd, tempqf, NULL, LOCK_EX|LOCK_NB))
8504 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8505 "Skipping %s: Could not lock %s\n",
8506 qid_printname(e), tempqf);
8508 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8512 tempqfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &fd,
8513 SM_IO_WRONLY_B, NULL);
8514 if (tempqfp == NULL)
8516 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8517 "Skipping %s: Could not lock %s\n",
8518 qid_printname(e), tempqf);
8520 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8524 /* Copy the data over, changing the quarantine reason */
8525 while (bufsize = sizeof(buf),
8526 (bp = fgetfolded(buf, &bufsize, oldqfp)) != NULL)
8529 sm_dprintf("+++++ %s\n", bp);
8532 case 'q': /* quarantine reason */
8538 (void) sm_io_fprintf(smioout,
8540 "%s: Removed quarantine of \"%s\"\n",
8543 sm_syslog(LOG_INFO, e->e_id, "unquarantine");
8546 else if (strcmp(reason, &bp[1]) == 0)
8550 (void) sm_io_fprintf(smioout,
8552 "%s: Already quarantined with \"%s\"\n",
8555 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8562 (void) sm_io_fprintf(smioout,
8564 "%s: Quarantine changed from \"%s\" to \"%s\"\n",
8568 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8570 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
8578 ** If we are quarantining an unquarantined item,
8579 ** need to put in a new 'q' line before it's
8583 if (!foundq && reason != NULL)
8587 (void) sm_io_fprintf(smioout,
8589 "%s: Quarantined with \"%s\"\n",
8592 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8594 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
8600 /* Copy the line to the new file */
8601 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8610 /* Copy the line to the new file */
8611 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8619 /* Make sure we read the whole old file */
8620 errno = sm_io_error(tempqfp);
8621 if (errno != 0 && errno != SM_IO_EOF)
8624 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8625 "Skipping %s: Error reading %s: %s\n",
8626 qid_printname(e), oldqf,
8627 sm_errstring(save_errno));
8631 if (!failing && !finished)
8633 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8634 "Skipping %s: Incomplete file: %s\n",
8635 qid_printname(e), oldqf);
8639 /* Check if we actually changed anything or we can just bail now */
8642 /* pretend we failed, even though we technically didn't */
8646 /* Make sure we wrote things out safely */
8648 (sm_io_flush(tempqfp, SM_TIME_DEFAULT) != 0 ||
8649 ((SuperSafe == SAFE_REALLY ||
8650 SuperSafe == SAFE_REALLY_POSTMILTER ||
8651 SuperSafe == SAFE_INTERACTIVE) &&
8652 fsync(sm_io_getinfo(tempqfp, SM_IO_WHAT_FD, NULL)) < 0) ||
8653 ((errno = sm_io_error(tempqfp)) != 0)))
8656 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8657 "Skipping %s: Error writing %s: %s\n",
8658 qid_printname(e), tempqf,
8659 sm_errstring(save_errno));
8664 /* Figure out the new filename */
8665 newtype = (reason == NULL ? NORMQF_LETTER : QUARQF_LETTER);
8666 if (oldtype == newtype)
8668 /* going to rename tempqf to oldqf */
8669 (void) sm_strlcpy(newqf, oldqf, sizeof(newqf));
8673 /* going to rename tempqf to new name based on newtype */
8674 (void) sm_strlcpy(newqf, queuename(e, newtype), sizeof(newqf));
8679 /* rename tempqf to newqf */
8681 rename(tempqf, newqf) < 0)
8682 save_errno = (errno == 0) ? EINVAL : errno;
8684 /* Check rename() success */
8685 if (!failing && save_errno != 0)
8687 sm_syslog(LOG_DEBUG, e->e_id,
8688 "quarantine_queue_item: rename(%s, %s): %s",
8689 tempqf, newqf, sm_errstring(save_errno));
8691 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8692 "Error renaming %s to %s: %s\n",
8694 sm_errstring(save_errno));
8695 if (oldtype == newtype)
8698 ** Bail here since we don't know the state of
8699 ** the filesystem and may need to keep tempqf
8700 ** for the user to rescue us.
8705 syserr("!452 Error renaming control file %s", tempqf);
8710 /* remove new file (if rename() half completed) */
8711 if (xunlink(newqf) < 0)
8714 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8715 "Error removing %s: %s\n",
8717 sm_errstring(save_errno));
8720 /* tempqf removed below */
8726 /* If changing file types, need to remove old type */
8727 if (!failing && oldtype != newtype)
8729 if (xunlink(oldqf) < 0)
8732 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8733 "Error removing %s: %s\n",
8734 oldqf, sm_errstring(save_errno));
8738 /* see if anything above failed */
8741 /* Something failed: remove new file, old file still there */
8742 (void) xunlink(tempqf);
8746 ** fsync() after file operations to make sure metadata is
8747 ** written to disk on filesystems in which renames are
8748 ** not guaranteed. It's ok if they fail, mail won't be lost.
8751 if (SuperSafe != SAFE_NO)
8753 /* for soft-updates */
8754 (void) fsync(sm_io_getinfo(tempqfp,
8755 SM_IO_WHAT_FD, NULL));
8759 /* for soft-updates */
8760 (void) fsync(sm_io_getinfo(oldqfp,
8761 SM_IO_WHAT_FD, NULL));
8764 /* for other odd filesystems */
8765 SYNC_DIR(tempqf, false);
8770 if (tempqfp != NULL)
8771 (void) sm_io_close(tempqfp, SM_TIME_DEFAULT);
8773 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8780 ** QUARANTINE_QUEUE -- {un,}quarantine matching items in the queue
8782 ** Read all matching queue items, add/remove quarantine
8783 ** reason, and requeue appropriately.
8786 ** reason -- quarantine reason, "." means unquarantine.
8787 ** qgrplimit -- limit to single queue group unless NOQGRP
8793 ** Lots of changes to the queue.
8797 quarantine_queue(reason, qgrplimit)
8804 /* Convert internal representation of unquarantine */
8805 if (reason != NULL && reason[0] == '.' && reason[1] == '\0')
8811 reason = newstr(denlstring(reason, true, true));
8814 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
8818 if (qgrplimit != NOQGRP && qgrplimit != qgrp)
8821 for (qdir = 0; qdir < Queue[qgrp]->qg_numqueues; qdir++)
8829 nrequests = gatherq(qgrp, qdir, true, NULL, NULL);
8831 /* first see if there is anything */
8836 (void) sm_io_fprintf(smioout,
8837 SM_TIME_DEFAULT, "%s: no matches\n",
8838 qid_printqueue(qgrp, qdir));
8845 (void) sm_io_fprintf(smioout,
8846 SM_TIME_DEFAULT, "Processing %s:\n",
8847 qid_printqueue(qgrp, qdir));
8850 for (i = 0; i < WorkListCount; i++)
8857 /* setup envelope */
8858 clearenvelope(&e, true, sm_rpool_new_x(NULL));
8859 e.e_id = WorkList[i].w_name + 2;
8865 sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8866 "Would do %s\n", e.e_id);
8869 else if (quarantine_queue_item(qgrp, qdir,
8874 sm_rpool_free(e.e_rpool);
8877 if (WorkList != NULL)
8878 sm_free(WorkList); /* XXX */
8887 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8890 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8893 changed == 1 ? "" : "s");
lentferj's projects / dragonfly.git / blob