X-Git-Url: http://git.marmaro.de/?p=mmh;a=blobdiff_plain;f=uip%2Finc.c;h=e31c6a627076197567c5ca671227096e08098da1;hp=f9aae76ad1fb76c6d5ba38b3e47c72942eec9335;hb=6e9577f324bef90765a5edc02044eb111ec48072;hpb=dc6c45394a06750eab463a2523406eed6c77e2e1 diff --git a/uip/inc.c b/uip/inc.c index f9aae76..e31c6a6 100644 --- a/uip/inc.c +++ b/uip/inc.c @@ -1,104 +1,121 @@ /* - * inc.c -- incorporate messages from a maildrop into a folder - * - * This code is Copyright (c) 2002, by the authors of nmh. See the - * COPYRIGHT file in the root directory of the nmh distribution for - * complete copyright information. - */ +** inc.c -- incorporate messages from a maildrop into a folder +** +** This code is Copyright (c) 2002, by the authors of nmh. See the +** COPYRIGHT file in the root directory of the nmh distribution for +** complete copyright information. +*/ #ifdef MAILGROUP -/* Revised: Sat Apr 14 17:08:17 PDT 1990 (marvit@hplabs) - * Added hpux hacks to set and reset gid to be "mail" as needed. The reset - * is necessary so inc'ed mail is the group of the inc'er, rather than - * "mail". We setgid to egid only when [un]locking the mail file. This - * is also a major security precaution which will not be explained here. - * - * Fri Feb 7 16:04:57 PST 1992 John Romine - * NB: I'm not 100% sure that this setgid stuff is secure even now. - * - * See the *GROUPPRIVS() macros later. I'm reasonably happy with the setgid - * attribute. Running setuid root is probably not a terribly good idea, though. - * -- Peter Maydell , 04/1998 - * - * Peter Maydell's patch slightly modified for nmh 0.28-pre2. - * Ruud de Rooij Wed, 22 Jul 1998 13:24:22 +0200 - */ +/* +** Revised: Sat Apr 14 17:08:17 PDT 1990 (marvit@hplabs) +** Added hpux hacks to set and reset gid to be "mail" as needed. The reset +** is necessary so inc'ed mail is the group of the inc'er, rather than +** "mail". We setgid to egid only when [un]locking the mail file. This +** is also a major security precaution which will not be explained here. +** +** Fri Feb 7 16:04:57 PST 1992 John Romine +** NB: I'm not 100% sure that this setgid stuff is secure even now. +** +** See the *GROUPPRIVS() macros later. I'm reasonably happy with the setgid +** attribute. Running setuid root is probably not a terribly good idea, though. +** -- Peter Maydell , 04/1998 +** +** Peter Maydell's patch slightly modified for nmh 0.28-pre2. +** Ruud de Rooij Wed, 22 Jul 1998 13:24:22 +0200 +*/ #endif #include #include #include - #include #include #include #include -#include #include #include +#include +#include +#include +#include + +#ifdef HAVE_SYS_PARAM_H +# include +#endif static struct swit switches[] = { #define AUDSW 0 { "audit audit-file", 0 }, #define NAUDSW 1 - { "noaudit", 0 }, + { "noaudit", 2 }, #define CHGSW 2 { "changecur", 0 }, #define NCHGSW 3 - { "nochangecur", 0 }, + { "nochangecur", 2 }, #define FILESW 4 { "file name", 0 }, #define FORMSW 5 { "form formatfile", 0 }, -#define FMTSW 6 - { "format string", 5 }, -#define SILSW 7 +#define SILSW 6 { "silent", 0 }, -#define NSILSW 8 - { "nosilent", 0 }, -#define TRNCSW 9 +#define NSILSW 7 + { "nosilent", 2 }, +#define TRNCSW 8 { "truncate", 0 }, -#define NTRNCSW 10 - { "notruncate", 0 }, -#define WIDTHSW 11 +#define NTRNCSW 9 + { "notruncate", 2 }, +#define WIDTHSW 10 { "width columns", 0 }, -#define VERSIONSW 12 - { "version", 0 }, -#define HELPSW 13 +#define VERSIONSW 11 + { "Version", 0 }, +#define HELPSW 12 { "help", 0 }, + { NULL, 0 }, }; -/* This is an attempt to simplify things by putting all the - * privilege ops into macros. - * *GROUPPRIVS() is related to handling the setgid MAIL property, - * and only applies if MAILGROUP is defined. - * Basically, SAVEGROUPPRIVS() is called right at the top of main() - * to initialise things, and then DROPGROUPPRIVS() and GETGROUPPRIVS() - * do the obvious thing. TRYDROPGROUPPRIVS() has to be safe to call - * before DROPUSERPRIVS() is called [this is needed because setgid() - * sets both effective and real uids if euid is root.] - * - * There's probably a better implementation if we're allowed to use - * BSD-style setreuid() rather than using POSIX saved-ids. - * Anyway, if you're euid root it's a bit pointless to drop the group - * permissions... - * - * I'm pretty happy that the security is good provided we aren't setuid root. - * The only things we trust with group=mail privilege are lkfopen() - * and lkfclose(). - */ +char *version=VERSION; + +/* +** This is an attempt to simplify things by putting all the +** privilege ops into macros. +** *GROUPPRIVS() is related to handling the setgid MAIL property, +** and only applies if MAILGROUP is defined. +** Basically, SAVEGROUPPRIVS() is called right at the top of main() +** to initialise things, and then DROPGROUPPRIVS() and GETGROUPPRIVS() +** do the obvious thing. TRYDROPGROUPPRIVS() has to be safe to call +** before DROPUSERPRIVS() is called [this is needed because setgid() +** sets both effective and real uids if euid is root.] +** +** There's probably a better implementation if we're allowed to use +** BSD-style setreuid() rather than using POSIX saved-ids. +** Anyway, if you're euid root it's a bit pointless to drop the group +** permissions... +** +** I'm pretty happy that the security is good provided we aren't setuid root. +** The only things we trust with group=mail privilege are lkfopen() +** and lkfclose(). +*/ /* - * For setting and returning to "mail" gid - */ +** For setting and returning to "mail" gid +*/ #ifdef MAILGROUP static int return_gid; -/* easy case; we're not setuid root, so can drop group privs - * immediately. - */ +/* +** easy case; we're not setuid root, so can drop group privs immediately. +*/ #define TRYDROPGROUPPRIVS() DROPGROUPPRIVS() -#define DROPGROUPPRIVS() setgid(getgid()) -#define GETGROUPPRIVS() setgid(return_gid) +#define DROPGROUPPRIVS() \ + if (setegid(getgid()) != 0) { \ + advise ("setegid", "unable to set group to %ld", (long) getgid()); \ + _exit (EX_OSERR); \ + } +#define GETGROUPPRIVS() \ + if (setegid(return_gid) != 0) { \ + advise ("setegid", "unable to set group to %ld", (long) return_gid); \ + _exit (EX_OSERR); \ + } #define SAVEGROUPPRIVS() return_gid = getegid() #else /* define *GROUPPRIVS() as null; this avoids having lots of "#ifdef MAILGROUP"s */ @@ -108,30 +125,34 @@ static int return_gid; #define SAVEGROUPPRIVS() #endif /* not MAILGROUP */ -/* these variables have to be globals so that done() can correctly clean up the lockfile */ +/* +** these variables have to be globals so that done() can correctly clean +** up the lockfile +*/ static int locked = 0; static char *newmail; static FILE *in; /* - * prototypes - */ -char *map_name(char *); - -static void inc_done(int) NORETURN; +** prototypes +*/ +void inc_done(); int -main (int argc, char **argv) +main(int argc, char **argv) { int chgflag = 1, trnflag = 1; int noisy = 1, width = 0; int hghnum = 0, msgnum = 0; - int incerr = 0; /* <0 if inc hits an error which means it should not truncate mailspool */ + int incerr = 0; /* + ** <0 if inc hits an error which means it should + ** not truncate mailspool + */ char *cp, *maildir = NULL, *folder = NULL; - char *format = NULL, *form = NULL; + char *form = NULL; char *audfile = NULL, *from = NULL; - char buf[BUFSIZ], **argp, *nfs, **arguments; + char buf[BUFSIZ], **argp, *fmtstr, **arguments; struct msgs *mp = NULL; struct stat st, s1; FILE *aud = NULL; @@ -139,51 +160,46 @@ main (int argc, char **argv) /* copy of mail directory because the static gets overwritten */ char *maildir_copy = NULL; -#ifdef MHE - FILE *mhe = NULL; -#endif - - done=inc_done; + if (atexit(inc_done) != 0) { + adios(EX_OSERR, NULL, "atexit failed"); + } -/* absolutely the first thing we do is save our privileges, - * and drop them if we can. - */ + /* + ** absolutely the first thing we do is save our privileges, + ** and drop them if we can. + */ SAVEGROUPPRIVS(); TRYDROPGROUPPRIVS(); -#ifdef LOCALE setlocale(LC_ALL, ""); -#endif - invo_name = r1bindex (argv[0], '/'); + invo_name = mhbasename(argv[0]); - /* read user profile/context */ context_read(); - mts_init (invo_name); - arguments = getarguments (invo_name, argc, argv, 1); + arguments = getarguments(invo_name, argc, argv, 1); argp = arguments; while ((cp = *argp++)) { if (*cp == '-') { - switch (smatch (++cp, switches)) { + switch (smatch(++cp, switches)) { case AMBIGSW: - ambigsw (cp, switches); - done (1); + ambigsw(cp, switches); + exit(EX_USAGE); case UNKWNSW: - adios (NULL, "-%s unknown", cp); + adios(EX_USAGE, NULL, "-%s unknown", cp); case HELPSW: - snprintf (buf, sizeof(buf), "%s [+folder] [switches]", invo_name); - print_help (buf, switches, 1); - done (1); + snprintf(buf, sizeof(buf), "%s [+folder] [switches]", invo_name); + print_help(buf, switches, 1); + exit(argc == 2 ? EX_OK : EX_USAGE); case VERSIONSW: print_version(invo_name); - done (1); + exit(argc == 2 ? EX_OK : EX_USAGE); case AUDSW: if (!(cp = *argp++) || *cp == '-') - adios (NULL, "missing argument to %s", argp[-2]); - audfile = getcpy (m_maildir (cp)); + adios(EX_USAGE, NULL, "missing argument to %s", argp[-2]); + audfile = mh_xstrdup(expanddir(cp)); continue; case NAUDSW: audfile = NULL; @@ -197,12 +213,12 @@ main (int argc, char **argv) continue; /* - * The flag `trnflag' has the value: - * - * 2 if -truncate is given - * 1 by default (truncating is default) - * 0 if -notruncate is given - */ + ** The flag `trnflag' has the value: + ** + ** 2 if -truncate is given + ** 1 by default (truncating is default) + ** 0 if -notruncate is given + */ case TRNCSW: trnflag = 2; continue; @@ -211,14 +227,15 @@ main (int argc, char **argv) continue; case FILESW: - if (!(cp = *argp++) || *cp == '-') - adios (NULL, "missing argument to %s", argp[-2]); - from = path (cp, TFILE); + if (!(cp = *argp++)) + adios(EX_USAGE, NULL, "missing argument to %s", + argp[-2]); + from = (strcmp(cp, "-")==0) ? "-" : mh_xstrdup(expanddir(cp)); /* - * If the truncate file is in default state, - * change to not truncate. - */ + ** If the truncate file is in default state, + ** change to not truncate. + */ if (trnflag == 1) trnflag = 0; continue; @@ -232,104 +249,96 @@ main (int argc, char **argv) case FORMSW: if (!(form = *argp++) || *form == '-') - adios (NULL, "missing argument to %s", argp[-2]); - format = NULL; - continue; - case FMTSW: - if (!(format = *argp++) || *format == '-') - adios (NULL, "missing argument to %s", argp[-2]); - form = NULL; + adios(EX_USAGE, NULL, "missing argument to %s", + argp[-2]); continue; case WIDTHSW: if (!(cp = *argp++) || *cp == '-') - adios (NULL, "missing argument to %s", argp[-2]); - width = atoi (cp); + adios(EX_USAGE, NULL, "missing argument to %s", + argp[-2]); + width = atoi(cp); continue; } } if (*cp == '+' || *cp == '@') { if (folder) - adios (NULL, "only one folder at a time!"); + adios(EX_USAGE, NULL, "only one folder at a time!"); else - folder = pluspath (cp); + folder = mh_xstrdup(expandfol(cp)); } else { - adios (NULL, "usage: %s [+folder] [switches]", invo_name); + adios(EX_USAGE, NULL, "usage: %s [+folder] [switches]", + invo_name); } } - /* NOTE: above this point you should use TRYDROPGROUPPRIVS(), - * not DROPGROUPPRIVS(). - */ - /* guarantee dropping group priveleges; we might not have done so earlier */ + /* + ** NOTE: above this point you should use TRYDROPGROUPPRIVS(), + ** not DROPGROUPPRIVS(). + */ + /* guarantee dropping group privileges; we might not have done so earlier */ DROPGROUPPRIVS(); - /* - * We will get the mail from a file - * (typically the standard maildrop) - */ - if (from) - newmail = from; - else if ((newmail = getenv ("MAILDROP")) && *newmail) - newmail = m_mailpath (newmail); - else if ((newmail = context_find ("maildrop")) && *newmail) - newmail = m_mailpath (newmail); - else { - newmail = concat (MAILDIR, "/", MAILFIL, NULL); - } - if (stat (newmail, &s1) == NOTOK || s1.st_size == 0) - adios (NULL, "no mail to incorporate"); + if (from && strcmp(from, "-")==0) { + /* We'll read mail from stdin. */ + newmail = NULL; + } else { + /* We'll read mail from a file. */ + if (from) + newmail = from; + else if ((newmail = getenv("MAILDROP")) && *newmail) + newmail = toabsdir(newmail); + else if ((newmail = context_find("maildrop")) && *newmail) + newmail = toabsdir(newmail); + else { + newmail = concat(mailspool, "/", getusername(), NULL); + } + if (stat(newmail, &s1) == NOTOK || s1.st_size == 0) + adios(EX_DATAERR, NULL, "no mail to incorporate"); - if ((cp = strdup(newmail)) == (char *)0) - adios (NULL, "error allocating memory to copy newmail"); + if ((cp = strdup(newmail)) == NULL) + adios(EX_OSERR, NULL, "error allocating memory to copy newmail"); - newmail = cp; + newmail = cp; + } - if (!context_find ("path")) - free (path ("./", TFOLDER)); if (!folder) - folder = getfolder (0); - maildir = m_maildir (folder); - - if ((maildir_copy = strdup(maildir)) == (char *)0) - adios (maildir, "error allocating memory to copy maildir"); - - if (!folder_exists(maildir)) { - /* If the folder doesn't exist, and we're given the -silent flag, - * just fail. - */ - if (noisy) - create_folder(maildir, 0, done); - else - done (1); - } + folder = getdeffol(); + maildir = toabsdir(folder); - if (chdir (maildir) == NOTOK) - adios (maildir, "unable to change directory to"); + if ((maildir_copy = strdup(maildir)) == NULL) + adios(EX_OSERR, maildir, "error allocating memory to copy maildir"); - /* read folder and create message structure */ - if (!(mp = folder_read (folder))) - adios (NULL, "unable to read folder %s", folder); + create_folder(maildir, noisy ? 0 : 1, exit); - if (access (newmail, W_OK) != NOTOK) { + if (chdir(maildir) == NOTOK) + adios(EX_OSERR, maildir, "unable to change directory to"); + + if (!(mp = folder_read(folder))) + adios(EX_IOERR, NULL, "unable to read folder %s", folder); + + if (!newmail) { + trnflag = 0; + in = stdin; + } else if (access(newmail, W_OK) != NOTOK) { locked++; if (trnflag) { - SIGNAL (SIGHUP, SIG_IGN); - SIGNAL (SIGINT, SIG_IGN); - SIGNAL (SIGQUIT, SIG_IGN); - SIGNAL (SIGTERM, SIG_IGN); + SIGNAL(SIGHUP, SIG_IGN); + SIGNAL(SIGINT, SIG_IGN); + SIGNAL(SIGQUIT, SIG_IGN); + SIGNAL(SIGTERM, SIG_IGN); } GETGROUPPRIVS(); /* Reset gid to lock mail file */ - in = lkfopen (newmail, "r"); + in = lkfopen(newmail, "r"); DROPGROUPPRIVS(); if (in == NULL) - adios (NULL, "unable to lock and fopen %s", newmail); - fstat (fileno(in), &s1); + adios(EX_IOERR, NULL, "unable to lock and fopen %s", newmail); + fstat(fileno(in), &s1); } else { trnflag = 0; - if ((in = fopen (newmail, "r")) == NULL) - adios (newmail, "unable to read"); + if ((in = fopen(newmail, "r")) == NULL) + adios(EX_IOERR, newmail, "unable to read"); } /* This shouldn't be necessary but it can't hurt. */ @@ -337,191 +346,187 @@ main (int argc, char **argv) if (audfile) { int i; - if ((i = stat (audfile, &st)) == NOTOK) - advise (NULL, "Creating Receive-Audit: %s", audfile); - if ((aud = fopen (audfile, "a")) == NULL) - adios (audfile, "unable to append to"); + if ((i = stat(audfile, &st)) == NOTOK) + advise(NULL, "Creating Receive-Audit: %s", audfile); + if ((aud = fopen(audfile, "a")) == NULL) + adios(EX_IOERR, audfile, "unable to append to"); else if (i == NOTOK) - chmod (audfile, m_gmprot ()); + chmod(audfile, m_gmprot()); - fprintf (aud, from ? "<> %s -ms %s\n" : "<> %s\n", - dtimenow (0), from); + fprintf(aud, from ? "<> %s -ms %s\n" : "<> %s\n", + dtimenow(), from); } -#ifdef MHE - if (context_find ("mhe")) { - int i; - cp = concat (maildir, "/++", NULL); - i = stat (cp, &st); - if ((mhe = fopen (cp, "a")) == NULL) - admonish (cp, "unable to append to"); - else - if (i == NOTOK) - chmod (cp, m_gmprot ()); - free (cp); - } -#endif /* MHE */ - - /* Get new format string */ - nfs = new_fs (form, format, FORMAT); + /* Set format string */ + fmtstr = new_fs(form, scanformat); if (noisy) { - printf ("Incorporating new mail into %s...\n\n", folder); - fflush (stdout); + printf("Incorporating new mail into %s...\n\n", folder); + fflush(stdout); + } + + /* check if readable and nonempty */ + if (!fgets(buf, sizeof(buf), in)) { + if (ferror(in)) { + advise("read", "unable to"); + incerr = SCNFAT; + } else { + incerr = SCNEOF; + } + goto giveup; + } + if (strncmp("From ", buf, 5)!=0) { + advise(NULL, "not in mbox format"); + incerr = SCNFAT; + goto giveup; } /* - * Get the mail from file (usually mail spool) - */ - m_unknown (in); /* the MAGIC invocation... */ + ** Get the mail from file (usually mail spool) + */ hghnum = msgnum = mp->hghmsg; for (;;) { /* - * Check if we need to allocate more space for message status. - * If so, then add space for an additional 100 messages. - */ - if (msgnum >= mp->hghoff - && !(mp = folder_realloc (mp, mp->lowoff, mp->hghoff + 100))) { - advise (NULL, "unable to allocate folder storage"); + ** Check if we need to allocate more space for message status. + ** If so, then add space for an additional 100 messages. + */ + if (msgnum >= mp->hghoff && !(mp = folder_realloc(mp, mp->lowoff, mp->hghoff + 100))) { + advise(NULL, "unable to allocate folder storage"); incerr = NOTOK; break; } /* create scanline for new message */ - switch (incerr = scan (in, msgnum + 1, msgnum + 1, nfs, width, - msgnum == hghnum && chgflag, 1, NULL, 0L, noisy)) { + switch (incerr = scan(in, msgnum + 1, msgnum + 1, + noisy ? fmtstr : NULL, width, + msgnum == hghnum && chgflag, 1)) { case SCNFAT: case SCNEOF: break; case SCNERR: if (aud) - fputs ("inc aborted!\n", aud); + fputs("inc aborted!\n", aud); /* doesn't clean up locks! */ - advise (NULL, "aborted!"); + advise(NULL, "aborted!"); break; case SCNNUM: - advise (NULL, "BUG in %s, number out of range", invo_name); + advise(NULL, "BUG in %s, number out of range", + invo_name); break; default: - advise (NULL, "BUG in %s, scan() botch (%d)", invo_name, incerr); + advise(NULL, "BUG in %s, scan() botch (%d)", + invo_name, incerr); break; case SCNMSG: - case SCNENC: /* - * Run the external program hook on the message. - */ + ** Run the external program hook on the message. + */ - (void)snprintf(b, sizeof (b), "%s/%d", maildir_copy, msgnum + 1); - (void)ext_hook("add-hook", b, (char *)0); + snprintf(b, sizeof (b), "%s/%d", maildir_copy, + msgnum + 1); + ext_hook("add-hook", b, NULL); if (aud) - fputs (scanl, aud); -#ifdef MHE - if (mhe) - fputs (scanl, mhe); -#endif /* MHE */ + fputs(scanl, aud); if (noisy) - fflush (stdout); + fflush(stdout); msgnum++; mp->hghmsg++; mp->nummsg++; if (mp->lowmsg == 0) mp->lowmsg = 1; - clear_msg_flags (mp, msgnum); - set_exists (mp, msgnum); - set_unseen (mp, msgnum); + clear_msg_flags(mp, msgnum); + set_exists(mp, msgnum); + set_unseen(mp, msgnum); mp->msgflags |= SEQMOD; continue; } - /* If we get here there was some sort of error from scan(), - * so stop processing anything more from the spool. - */ + /* + ** If we get here there was some sort of error from scan(), + ** so stop processing anything more from the spool. + */ break; } +giveup:; + mh_free0(&maildir_copy); if (incerr < 0) { /* error */ if (locked) { GETGROUPPRIVS(); /* Be sure we can unlock mail file */ - (void) lkfclose (in, newmail); in = NULL; - DROPGROUPPRIVS(); /* And then return us to normal privileges */ + lkfclose(in, newmail); in = NULL; + DROPGROUPPRIVS(); /* + ** And then return us to normal + ** privileges + */ } else { - fclose (in); in = NULL; + fclose(in); in = NULL; } - adios (NULL, "failed"); + adios(EX_SOFTWARE, NULL, "failed"); } if (aud) - fclose (aud); - -#ifdef MHE - if (mhe) - fclose (mhe); -#endif /* MHE */ + fclose(aud); if (noisy) - fflush (stdout); + fflush(stdout); /* - * truncate file we are incorporating from - */ + ** truncate file we are incorporating from + */ if (trnflag) { - if (stat (newmail, &st) != NOTOK && s1.st_mtime != st.st_mtime) - advise (NULL, "new messages have arrived!\007"); + if (stat(newmail, &st) != NOTOK && s1.st_mtime != st.st_mtime) + advise(NULL, "new messages have arrived!\007"); else { int newfd; - if ((newfd = creat (newmail, 0600)) != NOTOK) - close (newfd); + if ((newfd = creat(newmail, 0600)) != NOTOK) + close(newfd); else - admonish (newmail, "error zero'ing"); - unlink(map_name(newmail)); + admonish(newmail, "error zero'ing"); } - } else { - if (noisy) - printf ("%s not zero'd\n", newmail); + } else if (noisy && newmail) { + printf("%s not zero'd\n", newmail); } if (msgnum == hghnum) { - admonish (NULL, "no messages incorporated"); + admonish(NULL, "no messages incorporated"); } else { - context_replace (pfolder, folder); /* update current folder */ + context_replace(curfolder, folder); /* update current folder */ if (chgflag) mp->curmsg = hghnum + 1; mp->hghmsg = msgnum; if (mp->lowmsg == 0) mp->lowmsg = 1; if (chgflag) /* sigh... */ - seq_setcur (mp, mp->curmsg); + seq_setcur(mp, mp->curmsg); } /* - * unlock the mail spool - */ + ** unlock the mail spool + */ if (locked) { GETGROUPPRIVS(); /* Be sure we can unlock mail file */ - (void) lkfclose (in, newmail); in = NULL; + lkfclose(in, newmail); in = NULL; DROPGROUPPRIVS(); /* And then return us to normal privileges */ } else { - fclose (in); in = NULL; + fclose(in); in = NULL; } - seq_setunseen (mp, 0); /* set the Unseen-Sequence */ - seq_save (mp); /* synchronize sequences */ - context_save (); /* save the context file */ - done (0); - return 1; + seq_setunseen(mp, 1); + seq_save(mp); + context_save(); + return 0; } -static void -inc_done (int status) +void +inc_done() { if (locked) { GETGROUPPRIVS(); lkfclose(in, newmail); DROPGROUPPRIVS(); } - exit (status); }