2 * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: queue.c,v 8.939 2004/08/03 19:57:23 ca Exp $")
20 # define RELEASE_QUEUE (void) 0
21 # define ST_INODE(st) (st).st_ino
23 # define sm_file_exists(errno) ((errno) == EEXIST)
25 # if HASFLOCK && defined(O_EXLOCK)
26 # define SM_OPEN_EXLOCK 1
27 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL|O_EXLOCK)
28 # else /* HASFLOCK && defined(O_EXLOCK) */
29 # define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL)
30 # endif /* HASFLOCK && defined(O_EXLOCK) */
32 #ifndef SM_OPEN_EXLOCK
33 # define SM_OPEN_EXLOCK 0
34 #endif /* ! SM_OPEN_EXLOCK */
38 ** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
39 ** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY
40 ** QF_VERSION == 6 was sendmail 8.12 without _FFR_QUEUEDELAY
41 ** QF_VERSION == 7 was sendmail 8.12 with _FFR_QUEUEDELAY
42 ** QF_VERSION == 8 is sendmail 8.13
45 #define QF_VERSION 8 /* version number of this queue format */
47 static char queue_letter __P((ENVELOPE *, int));
48 static bool quarantine_queue_item __P((int, int, ENVELOPE *, char *));
50 /* Naming convention: qgrp: index of queue group, qg: QUEUEGROUP */
58 char *w_name; /* name of control file */
59 char *w_host; /* name of recipient host */
60 bool w_lock; /* is message locked? */
61 bool w_tooyoung; /* is it too young to run? */
62 long w_pri; /* priority of message, see below */
63 time_t w_ctime; /* creation time */
64 time_t w_mtime; /* modification time */
65 int w_qgrp; /* queue group located in */
66 int w_qdir; /* queue directory located in */
67 struct work *w_next; /* next in queue */
70 typedef struct work WORK;
72 static WORK *WorkQ; /* queue of things to be done */
73 static int NumWorkGroups; /* number of work groups */
74 static time_t Current_LA_time = 0;
76 /* Get new load average every 30 seconds. */
77 #define GET_NEW_LA_TIME 30
79 #define SM_GET_LA(now) \
83 if (Current_LA_time < now - GET_NEW_LA_TIME) \
86 Current_LA_time = now; \
91 ** DoQueueRun indicates that a queue run is needed.
92 ** Notice: DoQueueRun is modified in a signal handler!
95 static bool volatile DoQueueRun; /* non-interrupt time queue run needed */
98 ** Work group definition structure.
99 ** Each work group contains one or more queue groups. This is done
100 ** to manage the number of queue group runners active at the same time
101 ** to be within the constraints of MaxQueueChildren (if it is set).
102 ** The number of queue groups that can be run on the next work run
103 ** is kept track of. The queue groups are run in a round robin.
108 int wg_numqgrp; /* number of queue groups in work grp */
109 int wg_runners; /* total runners */
110 int wg_curqgrp; /* current queue group */
111 QUEUEGRP **wg_qgs; /* array of queue groups */
112 int wg_maxact; /* max # of active runners */
113 time_t wg_lowqintvl; /* lowest queue interval */
114 int wg_restart; /* needs restarting? */
115 int wg_restartcnt; /* count of times restarted */
118 typedef struct workgrp WORKGRP;
120 static WORKGRP volatile WorkGrp[MAXWORKGROUPS + 1]; /* work groups */
123 static SM_DEBUG_T DebugLeakQ = SM_DEBUG_INITIALIZER("leak_q",
124 "@(#)$Debug: leak_q - trace memory leaks during queue processing $");
125 #endif /* SM_HEAP_CHECK */
128 ** We use EmptyString instead of "" to avoid
129 ** 'zero-length format string' warnings from gcc
132 static const char EmptyString[] = "";
134 static void grow_wlist __P((int, int));
135 static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *));
136 static int gatherq __P((int, int, bool, bool *, bool *));
137 static int sortq __P((int));
138 static void printctladdr __P((ADDRESS *, SM_FILE_T *));
139 static bool readqf __P((ENVELOPE *, bool));
140 static void restart_work_group __P((int));
141 static void runner_work __P((ENVELOPE *, int, bool, int, int));
142 static void schedule_queue_runs __P((bool, int, bool));
143 static char *strrev __P((char *));
144 static ADDRESS *setctluser __P((char *, int, ENVELOPE *));
146 static int sm_strshufflecmp __P((char *, char *));
147 static void init_shuffle_alphabet __P(());
148 #endif /* _FFR_RHS */
149 static int workcmpf0();
150 static int workcmpf1();
151 static int workcmpf2();
152 static int workcmpf3();
153 static int workcmpf4();
154 static int randi = 3; /* index for workcmpf5() */
155 static int workcmpf5();
156 static int workcmpf6();
158 static int workcmpf7();
159 #endif /* _FFR_RHS */
162 # define get_rand_mod(m) ((get_random() >> RANDOMSHIFT) % (m))
163 #else /* RANDOMSHIFT */
164 # define get_rand_mod(m) (get_random() % (m))
165 #endif /* RANDOMSHIFT */
168 ** File system definition.
169 ** Used to keep track of how much free space is available
170 ** on a file system in which one or more queue directories reside.
173 typedef struct filesys_shared FILESYS;
175 struct filesys_shared
177 dev_t fs_dev; /* unique device id */
178 long fs_avail; /* number of free blocks available */
179 long fs_blksize; /* block size, in bytes */
182 /* probably kept in shared memory */
183 static FILESYS FileSys[MAXFILESYS]; /* queue file systems */
184 static char *FSPath[MAXFILESYS]; /* pathnames for file systems */
189 ** Shared memory data
192 ** size -- size of shared memory segment
193 ** pid -- pid of owner, should be a unique id to avoid misinterpretations
194 ** by other processes.
195 ** tag -- should be a unique id to avoid misinterpretations by others.
196 ** idea: hash over configuration data that will be stored here.
197 ** NumFileSys -- number of file systems.
198 ** FileSys -- (arrary of) structure for used file systems.
199 ** RSATmpCnt -- counter for number of uses of ephemeral RSA key.
200 ** QShm -- (array of) structure for information about queue directories.
204 ** Queue data in shared memory
207 typedef struct queue_shared QUEUE_SHM_T;
211 int qs_entries; /* number of entries */
212 /* XXX more to follow? */
215 static void *Pshm; /* pointer to shared memory */
216 static FILESYS *PtrFileSys; /* pointer to queue file system array */
217 int ShmId = SM_SHM_NO_ID; /* shared memory id */
218 static QUEUE_SHM_T *QShm; /* pointer to shared queue data */
221 # define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int))
222 # define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int))
223 # define SHM_OFF_HEAD (sizeof(pid_t) + sizeof(int) * 2)
225 /* how to access FileSys */
226 # define FILE_SYS(i) (PtrFileSys[i])
228 /* first entry is a tag, for now just the size */
229 # define OFF_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD)
231 /* offset for PNumFileSys */
232 # define OFF_NUM_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys))
234 /* offset for PRSATmpCnt */
235 # define OFF_RSA_TMP_CNT(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int))
238 /* offset for queue_shm */
239 # define OFF_QUEUE_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
241 # define QSHM_ENTRIES(i) QShm[i].qs_entries
243 /* basic size of shared memory segment */
244 # define SM_T_SIZE (SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
246 static unsigned int hash_q __P((char *, unsigned int));
249 ** HASH_Q -- simple hash function
252 ** p -- string to hash.
253 ** h -- hash start value (from previous run).
271 h += (c<<11) ^ (c>>1);
272 h ^= (d<<14) + (d<<7) + (d<<4) + d;
278 #else /* SM_CONF_SHM */
279 # define FILE_SYS(i) FileSys[i]
280 #endif /* SM_CONF_SHM */
282 /* access to the various components of file system data */
283 #define FILE_SYS_NAME(i) FSPath[i]
284 #define FILE_SYS_AVAIL(i) FILE_SYS(i).fs_avail
285 #define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize
286 #define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev
290 ** Current qf file field assignments:
294 ** C controlling user
296 ** d data file directory name (added in 8.12)
299 ** G free (was: queue delay algorithm if _FFR_QUEUEDELAY)
301 ** I data file's inode number
302 ** K time of last delivery attempt
303 ** L Solaris Content-Length: header (obsolete)
305 ** N number of delivery attempts
306 ** P message priority
307 ** q quarantine reason
308 ** Q original recipient (ORCPT=)
309 ** r final recipient (Final-Recipient: DSN field)
313 ** V queue file version
314 ** X free (was: character set if _FFR_SAVE_CHARSET)
315 ** Y free (was: current delay if _FFR_QUEUEDELAY)
316 ** Z original envelope id from ESMTP
317 ** ! deliver by (added in 8.12)
323 ** QUEUEUP -- queue a message up for future transmission.
326 ** e -- the envelope to queue up.
327 ** announce -- if true, tell when you are queueing up.
328 ** msync -- if true, then fsync() if SuperSafe interactive mode.
334 ** The current request is saved in a control file.
335 ** The queue file is left locked.
339 queueup(e, announce, msync)
340 register ENVELOPE *e;
344 register SM_FILE_T *tfp;
359 ** Create control file.
364 MODE_T oldumask = 0; \
366 if (bitset(S_IWGRP, QueueFileMode)) \
367 oldumask = umask(002); \
368 tfd = open(tf, TF_OPEN_FLAGS, QueueFileMode); \
369 if (bitset(S_IWGRP, QueueFileMode)) \
370 (void) umask(oldumask); \
374 newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags);
375 (void) sm_strlcpy(tf, queuename(e, NEWQFL_LETTER), sizeof tf);
377 if (tfp == NULL && newid)
380 ** open qf file directly: this will give an error if the file
381 ** already exists and hence prevent problems if a queue-id
382 ** is reused (e.g., because the clock is set back).
385 (void) sm_strlcpy(tf, queuename(e, ANYQFL_LETTER), sizeof tf);
389 !lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB) ||
390 #endif /* !SM_OPEN_EXLOCK */
391 (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
392 (void *) &tfd, SM_IO_WRONLY,
395 int save_errno = errno;
399 syserr("!queueup: cannot create queue file %s, euid=%d, fd=%d, fp=%p",
400 tf, (int) geteuid(), tfd, tfp);
406 /* if newid, write the queue file directly (instead of temp file) */
409 /* get a locked tf file */
410 for (i = 0; i < 128; i++)
419 if (LogLevel > 0 && (i % 32) == 0)
420 sm_syslog(LOG_ALERT, e->e_id,
421 "queueup: cannot create %s, uid=%d: %s",
423 sm_errstring(errno));
428 #endif /* SM_OPEN_EXLOCK */
433 /* file is locked by open() */
435 #else /* SM_OPEN_EXLOCK */
436 if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB))
439 #endif /* SM_OPEN_EXLOCK */
440 if (LogLevel > 0 && (i % 32) == 0)
441 sm_syslog(LOG_ALERT, e->e_id,
442 "queueup: cannot lock %s: %s",
443 tf, sm_errstring(errno));
453 /* save the old temp file away */
454 (void) rename(tf, queuename(e, TEMPQF_LETTER));
457 (void) sleep(i % 32);
459 if (tfd < 0 || (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
460 (void *) &tfd, SM_IO_WRONLY_B,
463 int save_errno = errno;
467 syserr("!queueup: cannot create queue temp file %s, uid=%d",
468 tf, (int) geteuid());
473 sm_dprintf("\n>>>>> queueing %s/%s%s >>>>>\n",
474 qid_printqueue(e->e_qgrp, e->e_qdir),
475 queuename(e, ANYQFL_LETTER),
476 newid ? " (new id)" : "");
479 sm_dprintf(" e_flags=");
484 sm_dprintf(" sendq=");
485 printaddr(sm_debug_file(), e->e_sendqueue, true);
490 dumpfd(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL), true, false);
491 sm_dprintf(" lockfp=");
492 if (e->e_lockfp == NULL)
493 sm_dprintf("NULL\n");
495 dumpfd(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL),
500 ** If there is no data file yet, create one.
503 (void) sm_strlcpy(df, queuename(e, DATAFL_LETTER), sizeof df);
504 if (bitset(EF_HAS_DF, e->e_flags))
506 if (e->e_dfp != NULL &&
507 SuperSafe != SAFE_REALLY &&
508 SuperSafe != SAFE_REALLY_POSTMILTER &&
509 sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
512 syserr("!queueup: cannot commit data file %s, uid=%d",
513 queuename(e, DATAFL_LETTER), (int) geteuid());
515 if (e->e_dfp != NULL &&
516 SuperSafe == SAFE_INTERACTIVE && msync)
519 sm_syslog(LOG_INFO, e->e_id,
520 "queueup: fsync(e->e_dfp)");
522 if (fsync(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD,
526 syserr("!552 Error writing data file %s",
529 syserr("!452 Error writing data file %s",
538 register SM_FILE_T *dfp = NULL;
541 if (e->e_dfp != NULL &&
542 sm_io_getinfo(e->e_dfp, SM_IO_WHAT_ISTYPE, BF_FILE_TYPE))
543 syserr("committing over bf file");
545 if (bitset(S_IWGRP, QueueFileMode))
546 oldumask = umask(002);
547 dfd = open(df, O_WRONLY|O_CREAT|O_TRUNC|QF_O_EXTRA,
549 if (bitset(S_IWGRP, QueueFileMode))
550 (void) umask(oldumask);
551 if (dfd < 0 || (dfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
552 (void *) &dfd, SM_IO_WRONLY_B,
554 syserr("!queueup: cannot create data temp file %s, uid=%d",
555 df, (int) geteuid());
556 if (fstat(dfd, &stbuf) < 0)
560 e->e_dfdev = stbuf.st_dev;
561 e->e_dfino = ST_INODE(stbuf);
563 e->e_flags |= EF_HAS_DF;
564 memset(&mcibuf, '\0', sizeof mcibuf);
565 mcibuf.mci_out = dfp;
566 mcibuf.mci_mailer = FileMailer;
567 (*e->e_putbody)(&mcibuf, e, NULL);
569 if (SuperSafe == SAFE_REALLY ||
570 SuperSafe == SAFE_REALLY_POSTMILTER ||
571 (SuperSafe == SAFE_INTERACTIVE && msync))
574 sm_syslog(LOG_INFO, e->e_id,
575 "queueup: fsync(dfp)");
577 if (fsync(sm_io_getinfo(dfp, SM_IO_WHAT_FD, NULL)) < 0)
580 syserr("!552 Error writing data file %s",
583 syserr("!452 Error writing data file %s",
588 if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0)
589 syserr("!queueup: cannot save data temp file %s, uid=%d",
590 df, (int) geteuid());
591 e->e_putbody = putbody;
595 ** Output future work requests.
596 ** Priority and creation time should be first, since
597 ** they are required by gatherq.
600 /* output queue version number (must be first!) */
601 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "V%d\n", QF_VERSION);
603 /* output creation time */
604 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "T%ld\n", (long) e->e_ctime);
606 /* output last delivery time */
607 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "K%ld\n", (long) e->e_dtime);
609 /* output number of delivery attempts */
610 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "N%d\n", e->e_ntries);
612 /* output message priority */
613 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "P%ld\n", e->e_msgpriority);
616 ** If data file is in a different directory than the queue file,
617 ** output a "d" record naming the directory of the data file.
620 if (e->e_dfqgrp != e->e_qgrp)
622 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "d%s\n",
623 Queue[e->e_dfqgrp]->qg_qpaths[e->e_dfqdir].qp_name);
626 /* output inode number of data file */
627 /* XXX should probably include device major/minor too */
628 if (e->e_dfino != -1)
630 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n",
631 (long) major(e->e_dfdev),
632 (long) minor(e->e_dfdev),
633 (ULONGLONG_T) e->e_dfino);
636 /* output body type */
637 if (e->e_bodytype != NULL)
638 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "B%s\n",
639 denlstring(e->e_bodytype, true, false));
641 /* quarantine reason */
642 if (e->e_quarmsg != NULL)
643 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "q%s\n",
644 denlstring(e->e_quarmsg, true, false));
646 /* message from envelope, if it exists */
647 if (e->e_message != NULL)
648 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
649 denlstring(e->e_message, true, false));
651 /* send various flag bits through */
653 if (bitset(EF_WARNING, e->e_flags))
655 if (bitset(EF_RESPONSE, e->e_flags))
657 if (bitset(EF_HAS8BIT, e->e_flags))
659 if (bitset(EF_DELETE_BCC, e->e_flags))
661 if (bitset(EF_RET_PARAM, e->e_flags))
663 if (bitset(EF_NO_BODY_RETN, e->e_flags))
665 if (bitset(EF_SPLIT, e->e_flags))
669 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "F%s\n", buf);
671 /* save $={persistentMacros} macro values */
672 queueup_macros(macid("{persistentMacros}"), tfp, e);
674 /* output name of sender */
675 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
678 p = e->e_from.q_paddr;
679 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "S%s\n",
680 denlstring(p, true, false));
682 /* output ESMTP-supplied "original" information */
683 if (e->e_envid != NULL)
684 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Z%s\n",
685 denlstring(e->e_envid, true, false));
687 /* output AUTH= parameter */
688 if (e->e_auth_param != NULL)
689 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "A%s\n",
690 denlstring(e->e_auth_param, true, false));
691 if (e->e_dlvr_flag != 0)
692 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "!%c %ld\n",
693 (char) e->e_dlvr_flag, e->e_deliver_by);
695 /* output list of recipient addresses */
696 printctladdr(NULL, NULL);
697 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
699 if (!QS_IS_UNDELIVERED(q->q_state))
702 /* message for this recipient, if it exists */
703 if (q->q_message != NULL)
704 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
705 denlstring(q->q_message, true,
708 printctladdr(q, tfp);
709 if (q->q_orcpt != NULL)
710 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Q%s\n",
711 denlstring(q->q_orcpt, true,
713 if (q->q_finalrcpt != NULL)
714 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "r%s\n",
715 denlstring(q->q_finalrcpt, true,
717 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'R');
718 if (bitset(QPRIMARY, q->q_flags))
719 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'P');
720 if (bitset(QHASNOTIFY, q->q_flags))
721 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'N');
722 if (bitset(QPINGONSUCCESS, q->q_flags))
723 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'S');
724 if (bitset(QPINGONFAILURE, q->q_flags))
725 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'F');
726 if (bitset(QPINGONDELAY, q->q_flags))
727 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'D');
728 if (q->q_alias != NULL &&
729 bitset(QALIAS, q->q_alias->q_flags))
730 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'A');
731 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, ':');
732 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s\n",
733 denlstring(q->q_paddr, true, false));
736 char *tag = "queued";
738 if (e->e_quarmsg != NULL)
741 e->e_to = q->q_paddr;
744 logdelivery(q->q_mailer, NULL, q->q_status,
745 tag, NULL, (time_t) 0, e);
750 sm_dprintf("queueing ");
751 printaddr(sm_debug_file(), q, false);
756 ** Output headers for this message.
757 ** Expand macros completely here. Queue run will deal with
758 ** everything as absolute headers.
759 ** All headers that must be relative to the recipient
760 ** can be cracked later.
761 ** We set up a "null mailer" -- i.e., a mailer that will have
762 ** no effect on the addresses as they are output.
765 memset((char *) &nullmailer, '\0', sizeof nullmailer);
766 nullmailer.m_re_rwset = nullmailer.m_rh_rwset =
767 nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1;
768 nullmailer.m_eol = "\n";
769 memset(&mcibuf, '\0', sizeof mcibuf);
770 mcibuf.mci_mailer = &nullmailer;
771 mcibuf.mci_out = tfp;
773 macdefine(&e->e_macro, A_PERM, 'g', "\201f");
774 for (h = e->e_header; h != NULL; h = h->h_link)
776 if (h->h_value == NULL)
779 /* don't output resent headers on non-resent messages */
780 if (bitset(H_RESENT, h->h_flags) &&
781 !bitset(EF_RESENT, e->e_flags))
784 /* expand macros; if null, don't output header at all */
785 if (bitset(H_DEFAULT, h->h_flags))
787 (void) expand(h->h_value, buf, sizeof buf, e);
792 /* output this header */
793 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "H?");
795 /* output conditional macro if present */
796 if (h->h_macro != '\0')
798 if (bitset(0200, h->h_macro))
799 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
801 macname(bitidx(h->h_macro)));
803 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
806 else if (!bitzerop(h->h_mflags) &&
807 bitset(H_CHECK|H_ACHECK, h->h_flags))
811 /* if conditional, output the set of conditions */
812 for (j = '\0'; j <= '\177'; j++)
813 if (bitnset(j, h->h_mflags))
814 (void) sm_io_putc(tfp, SM_TIME_DEFAULT,
817 (void) sm_io_putc(tfp, SM_TIME_DEFAULT, '?');
819 /* output the header: expand macros, convert addresses */
820 if (bitset(H_DEFAULT, h->h_flags) &&
821 !bitset(H_BINDLATE, h->h_flags))
823 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s: %s\n",
825 denlstring(buf, false, true));
827 else if (bitset(H_FROM|H_RCPT, h->h_flags) &&
828 !bitset(H_BINDLATE, h->h_flags))
830 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
831 SM_FILE_T *savetrace = TrafficLogFile;
833 TrafficLogFile = NULL;
835 if (bitset(H_FROM, h->h_flags))
838 commaize(h, h->h_value, oldstyle, &mcibuf, e);
840 TrafficLogFile = savetrace;
844 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s: %s\n",
846 denlstring(h->h_value, false,
854 ** Write a terminator record -- this is to prevent
855 ** scurrilous crackers from appending any data.
858 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ".\n");
860 if (sm_io_flush(tfp, SM_TIME_DEFAULT) != 0 ||
861 ((SuperSafe == SAFE_REALLY ||
862 SuperSafe == SAFE_REALLY_POSTMILTER ||
863 (SuperSafe == SAFE_INTERACTIVE && msync)) &&
864 fsync(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL)) < 0) ||
868 syserr("!552 Error writing control file %s", tf);
870 syserr("!452 Error writing control file %s", tf);
875 char new = queue_letter(e, ANYQFL_LETTER);
877 /* rename (locked) tf to be (locked) [qh]f */
878 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER),
880 if (rename(tf, qf) < 0)
881 syserr("cannot rename(%s, %s), uid=%d",
882 tf, qf, (int) geteuid());
886 ** Check if type has changed and only
887 ** remove the old item if the rename above
891 if (e->e_qfletter != '\0' &&
892 e->e_qfletter != new)
896 sm_dprintf("type changed from %c to %c\n",
900 if (unlink(queuename(e, e->e_qfletter)) < 0)
902 /* XXX: something more drastic? */
904 sm_syslog(LOG_ERR, e->e_id,
905 "queueup: unlink(%s) failed: %s",
906 queuename(e, e->e_qfletter),
907 sm_errstring(errno));
914 ** fsync() after renaming to make sure metadata is
915 ** written to disk on filesystems in which renames are
919 if (SuperSafe != SAFE_NO)
921 /* for softupdates */
922 if (tfd >= 0 && fsync(tfd) < 0)
924 syserr("!queueup: cannot fsync queue temp file %s",
930 /* close and unlock old (locked) queue file */
931 if (e->e_lockfp != NULL)
932 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
937 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", qf);
943 sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", tf);
945 e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
949 e->e_flags |= EF_INQUEUE;
952 sm_dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id);
957 ** PRINTCTLADDR -- print control address to file.
961 ** tfp -- file pointer.
967 ** The control address (if changed) is printed to the file.
968 ** The last control address and uid are saved.
980 static ADDRESS *lastctladdr = NULL;
981 static uid_t lastuid;
984 if (a == NULL || a->q_alias == NULL || tfp == NULL)
986 if (lastctladdr != NULL && tfp != NULL)
987 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C\n");
993 /* find the active uid */
1003 user = q->q_ruser != NULL ? q->q_ruser : q->q_user;
1009 /* check to see if this is the same as last time */
1010 if (lastctladdr != NULL && uid == lastuid &&
1011 strcmp(lastctladdr->q_paddr, a->q_paddr) == 0)
1016 if (uid == 0 || user == NULL || user[0] == '\0')
1017 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C");
1019 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C%s:%ld:%ld",
1020 denlstring(user, true, false), (long) uid,
1022 (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ":%s\n",
1023 denlstring(a->q_paddr, true, false));
1027 ** RUNNERS_SIGTERM -- propagate a SIGTERM to queue runner process
1029 ** This propagates the signal to the child processes that are queue
1030 ** runners. This is for a queue runner "cleanup". After all of the
1031 ** child queue runner processes are signaled (it should be SIGTERM
1032 ** being the sig) then the old signal handler (Oldsh) is called
1033 ** to handle any cleanup set for this process (provided it is not
1034 ** SIG_DFL or SIG_IGN). The signal may not be handled immediately
1035 ** if the BlockOldsh flag is set. If the current process doesn't
1036 ** have a parent then handle the signal immediately, regardless of
1040 ** sig -- the signal number being sent
1046 ** Sets the NoMoreRunners boolean to true to stop more runners
1047 ** from being started in runqueue().
1049 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1050 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1054 static bool volatile NoMoreRunners = false;
1055 static sigfunc_t Oldsh_term = SIG_DFL;
1056 static sigfunc_t Oldsh_hup = SIG_DFL;
1057 static sigfunc_t volatile Oldsh = SIG_DFL;
1058 static bool BlockOldsh = false;
1059 static int volatile Oldsig = 0;
1060 static SIGFUNC_DECL runners_sigterm __P((int));
1061 static SIGFUNC_DECL runners_sighup __P((int));
1064 runners_sigterm(sig)
1067 int save_errno = errno;
1069 FIX_SYSV_SIGNAL(sig, runners_sigterm);
1071 CHECK_CRITICAL(sig);
1072 NoMoreRunners = true;
1075 proc_list_signal(PROC_QUEUE, sig);
1077 if (!BlockOldsh || getppid() <= 1)
1079 /* Check that a valid 'old signal handler' is callable */
1080 if (Oldsh_term != SIG_DFL && Oldsh_term != SIG_IGN &&
1081 Oldsh_term != runners_sigterm)
1085 return SIGFUNC_RETURN;
1088 ** RUNNERS_SIGHUP -- propagate a SIGHUP to queue runner process
1090 ** This propagates the signal to the child processes that are queue
1091 ** runners. This is for a queue runner "cleanup". After all of the
1092 ** child queue runner processes are signaled (it should be SIGHUP
1093 ** being the sig) then the old signal handler (Oldsh) is called to
1094 ** handle any cleanup set for this process (provided it is not SIG_DFL
1095 ** or SIG_IGN). The signal may not be handled immediately if the
1096 ** BlockOldsh flag is set. If the current process doesn't have
1097 ** a parent then handle the signal immediately, regardless of
1101 ** sig -- the signal number being sent
1107 ** Sets the NoMoreRunners boolean to true to stop more runners
1108 ** from being started in runqueue().
1110 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1111 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1119 int save_errno = errno;
1121 FIX_SYSV_SIGNAL(sig, runners_sighup);
1123 CHECK_CRITICAL(sig);
1124 NoMoreRunners = true;
1127 proc_list_signal(PROC_QUEUE, sig);
1129 if (!BlockOldsh || getppid() <= 1)
1131 /* Check that a valid 'old signal handler' is callable */
1132 if (Oldsh_hup != SIG_DFL && Oldsh_hup != SIG_IGN &&
1133 Oldsh_hup != runners_sighup)
1137 return SIGFUNC_RETURN;
1140 ** MARK_WORK_GROUP_RESTART -- mark a work group as needing a restart
1142 ** Sets a workgroup for restarting.
1145 ** wgrp -- the work group id to restart.
1146 ** reason -- why (signal?), -1 to turn off restart
1152 ** May set global RestartWorkGroup to true.
1154 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1155 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1160 mark_work_group_restart(wgrp, reason)
1164 if (wgrp < 0 || wgrp > NumWorkGroups)
1167 WorkGrp[wgrp].wg_restart = reason;
1169 RestartWorkGroup = true;
1172 ** RESTART_MARKED_WORK_GROUPS -- restart work groups marked as needing restart
1174 ** Restart any workgroup marked as needing a restart provided more
1175 ** runners are allowed.
1184 ** Sets global RestartWorkGroup to false.
1188 restart_marked_work_groups()
1196 /* Block SIGCHLD so reapchild() doesn't mess with us */
1197 wasblocked = sm_blocksignal(SIGCHLD);
1199 for (i = 0; i < NumWorkGroups; i++)
1201 if (WorkGrp[i].wg_restart >= 0)
1204 sm_syslog(LOG_ERR, NOQID,
1205 "restart queue runner=%d due to signal 0x%x",
1206 i, WorkGrp[i].wg_restart);
1207 restart_work_group(i);
1210 RestartWorkGroup = false;
1212 if (wasblocked == 0)
1213 (void) sm_releasesignal(SIGCHLD);
1216 ** RESTART_WORK_GROUP -- restart a specific work group
1218 ** Restart a specific workgroup provided more runners are allowed.
1219 ** If the requested work group has been restarted too many times log
1220 ** this and refuse to restart.
1223 ** wgrp -- the work group id to restart
1229 ** starts another process doing the work of wgrp
1232 #define MAX_PERSIST_RESTART 10 /* max allowed number of restarts */
1235 restart_work_group(wgrp)
1238 if (NoMoreRunners ||
1239 wgrp < 0 || wgrp > NumWorkGroups)
1242 WorkGrp[wgrp].wg_restart = -1;
1243 if (WorkGrp[wgrp].wg_restartcnt < MAX_PERSIST_RESTART)
1245 /* avoid overflow; increment here */
1246 WorkGrp[wgrp].wg_restartcnt++;
1247 (void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL);
1251 sm_syslog(LOG_ERR, NOQID,
1252 "ERROR: persistent queue runner=%d restarted too many times, queue runner lost",
1257 ** SCHEDULE_QUEUE_RUNS -- schedule the next queue run for a work group.
1260 ** runall -- schedule even if individual bit is not set.
1261 ** wgrp -- the work group id to schedule.
1262 ** didit -- the queue run was performed for this work group.
1268 #define INCR_MOD(v, m) if (++v >= m) \
1273 schedule_queue_runs(runall, wgrp, didit)
1278 int qgrp, cgrp, endgrp;
1279 #if _FFR_QUEUE_SCHED_DBG
1282 #endif /* _FFR_QUEUE_SCHED_DBG */
1287 ** This is a bit ugly since we have to duplicate the
1288 ** code that "walks" through a work queue group.
1293 cgrp = endgrp = WorkGrp[wgrp].wg_curqgrp;
1298 #if _FFR_QUEUE_SCHED_DBG
1301 #endif /* _FFR_QUEUE_SCHED_DBG */
1302 qgrp = WorkGrp[wgrp].wg_qgs[cgrp]->qg_index;
1303 if (Queue[qgrp]->qg_queueintvl > 0)
1304 qintvl = Queue[qgrp]->qg_queueintvl;
1305 else if (QueueIntvl > 0)
1306 qintvl = QueueIntvl;
1308 qintvl = (time_t) 0;
1309 #if _FFR_QUEUE_SCHED_DBG
1310 lastsched = Queue[qgrp]->qg_nextrun;
1311 #endif /* _FFR_QUEUE_SCHED_DBG */
1312 if ((runall || Queue[qgrp]->qg_nextrun <= now) && qintvl > 0)
1314 #if _FFR_QUEUE_SCHED_DBG
1316 #endif /* _FFR_QUEUE_SCHED_DBG */
1317 if (minqintvl == 0 || qintvl < minqintvl)
1321 ** Only set a new time if a queue run was performed
1322 ** for this queue group. If the queue was not run,
1323 ** we could starve it by setting a new time on each
1328 Queue[qgrp]->qg_nextrun += qintvl;
1330 #if _FFR_QUEUE_SCHED_DBG
1332 sm_syslog(LOG_INFO, NOQID,
1333 "sqr: wgrp=%d, cgrp=%d, qgrp=%d, intvl=%ld, QI=%ld, runall=%d, lastrun=%ld, nextrun=%ld, sched=%d",
1334 wgrp, cgrp, qgrp, Queue[qgrp]->qg_queueintvl,
1335 QueueIntvl, runall, lastsched,
1336 Queue[qgrp]->qg_nextrun, sched);
1337 #endif /* _FFR_QUEUE_SCHED_DBG */
1338 INCR_MOD(cgrp, WorkGrp[wgrp].wg_numqgrp);
1339 } while (endgrp != cgrp);
1341 (void) sm_setevent(minqintvl, runqueueevent, 0);
1344 #if _FFR_QUEUE_RUN_PARANOIA
1346 ** CHECKQUEUERUNNER -- check whether a queue group hasn't been run.
1348 ** Use this if events may get lost and hence queue runners may not
1349 ** be started and mail will pile up in a queue.
1355 ** true if a queue run is necessary.
1358 ** may schedule a queue run.
1365 time_t now, minqintvl;
1369 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
1373 if (Queue[qgrp]->qg_queueintvl > 0)
1374 qintvl = Queue[qgrp]->qg_queueintvl;
1375 else if (QueueIntvl > 0)
1376 qintvl = QueueIntvl;
1378 qintvl = (time_t) 0;
1379 if (Queue[qgrp]->qg_nextrun <= now - qintvl)
1381 if (minqintvl == 0 || qintvl < minqintvl)
1384 sm_syslog(LOG_WARNING, NOQID,
1385 "checkqueuerunner: queue %d should have been run at %s, queue interval %ld",
1387 arpadate(ctime(&Queue[qgrp]->qg_nextrun)),
1393 (void) sm_setevent(minqintvl, runqueueevent, 0);
1398 #endif /* _FFR_QUEUE_RUN_PARANOIA */
1401 ** RUNQUEUE -- run the jobs in the queue.
1403 ** Gets the stuff out of the queue in some presumably logical
1404 ** order and processes them.
1407 ** forkflag -- true if the queue scanning should be done in
1408 ** a child process. We double-fork so it is not our
1409 ** child and we don't have to clean up after it.
1410 ** false can be ignored if we have multiple queues.
1411 ** verbose -- if true, print out status information.
1412 ** persistent -- persistent queue runner?
1413 ** runall -- run all groups or only a subset (DoQueueRun)?
1416 ** true if the queue run successfully began.
1419 ** runs things in the mail queue using run_work_group().
1420 ** maybe schedules next queue run.
1423 static ENVELOPE QueueEnvelope; /* the queue run envelope */
1424 static time_t LastQueueTime = 0; /* last time a queue ID assigned */
1425 static pid_t LastQueuePid = -1; /* last PID which had a queue ID */
1427 /* values for qp_supdirs */
1428 #define QP_NOSUB 0x0000 /* No subdirectories */
1429 #define QP_SUBDF 0x0001 /* "df" subdirectory */
1430 #define QP_SUBQF 0x0002 /* "qf" subdirectory */
1431 #define QP_SUBXF 0x0004 /* "xf" subdirectory */
1434 runqueue(forkflag, verbose, persistent, runall)
1442 static int curnum = 0;
1445 SM_NONVOLATILE int oldgroup = 0;
1447 if (sm_debug_active(&DebugLeakQ, 1))
1449 oldgroup = sm_heap_group();
1451 sm_dprintf("runqueue() heap group #%d\n", sm_heap_group());
1453 #endif /* SM_HEAP_CHECK */
1455 /* queue run has been started, don't do any more this time */
1458 /* more than one queue or more than one directory per queue */
1459 if (!forkflag && !verbose &&
1460 (WorkGrp[0].wg_qgs[0]->qg_numqueues > 1 || NumWorkGroups > 1 ||
1461 WorkGrp[0].wg_numqgrp > 1))
1465 ** For controlling queue runners via signals sent to this process.
1466 ** Oldsh* will get called too by runners_sig* (if it is not SIG_IGN
1467 ** or SIG_DFL) to preserve cleanup behavior. Now that this process
1468 ** will have children (and perhaps grandchildren) this handler will
1469 ** be left in place. This is because this process, once it has
1470 ** finished spinning off queue runners, may go back to doing something
1471 ** else (like being a daemon). And we still want on a SIG{TERM,HUP} to
1472 ** clean up the child queue runners. Only install 'runners_sig*' once
1473 ** else we'll get stuck looping forever.
1476 cursh = sm_signal(SIGTERM, runners_sigterm);
1477 if (cursh != runners_sigterm)
1479 cursh = sm_signal(SIGHUP, runners_sighup);
1480 if (cursh != runners_sighup)
1483 for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++)
1485 int rwgflags = RWG_NONE;
1488 ** If MaxQueueChildren active then test whether the start
1489 ** of the next queue group's additional queue runners (maximum)
1490 ** will result in MaxQueueChildren being exceeded.
1492 ** Note: do not use continue; even though another workgroup
1493 ** may have fewer queue runners, this would be "unfair",
1494 ** i.e., this work group might "starve" then.
1497 #if _FFR_QUEUE_SCHED_DBG
1499 sm_syslog(LOG_INFO, NOQID,
1500 "rq: curnum=%d, MaxQueueChildren=%d, CurRunners=%d, WorkGrp[curnum].wg_maxact=%d",
1501 curnum, MaxQueueChildren, CurRunners,
1502 WorkGrp[curnum].wg_maxact);
1503 #endif /* _FFR_QUEUE_SCHED_DBG */
1504 if (MaxQueueChildren > 0 &&
1505 CurRunners + WorkGrp[curnum].wg_maxact > MaxQueueChildren)
1509 ** Pick up where we left off (curnum), in case we
1510 ** used up all the children last time without finishing.
1511 ** This give a round-robin fairness to queue runs.
1513 ** Increment CurRunners before calling run_work_group()
1514 ** to avoid a "race condition" with proc_list_drop() which
1515 ** decrements CurRunners if the queue runners terminate.
1516 ** Notice: CurRunners is an upper limit, in some cases
1517 ** (too few jobs in the queue) this value is larger than
1518 ** the actual number of queue runners. The discrepancy can
1519 ** increase if some queue runners "hang" for a long time.
1522 CurRunners += WorkGrp[curnum].wg_maxact;
1524 rwgflags |= RWG_FORK;
1526 rwgflags |= RWG_VERBOSE;
1528 rwgflags |= RWG_PERSISTENT;
1530 rwgflags |= RWG_RUNALL;
1531 ret = run_work_group(curnum, rwgflags);
1534 ** Failure means a message was printed for ETRN
1535 ** and subsequent queues are likely to fail as well.
1536 ** Decrement CurRunners in that case because
1537 ** none have been started.
1542 CurRunners -= WorkGrp[curnum].wg_maxact;
1547 schedule_queue_runs(runall, curnum, true);
1548 INCR_MOD(curnum, NumWorkGroups);
1551 /* schedule left over queue runs */
1552 if (i < NumWorkGroups && !NoMoreRunners && !persistent)
1556 for (h = curnum; i < NumWorkGroups; i++)
1558 schedule_queue_runs(runall, h, false);
1559 INCR_MOD(h, NumWorkGroups);
1565 if (sm_debug_active(&DebugLeakQ, 1))
1566 sm_heap_setgroup(oldgroup);
1567 #endif /* SM_HEAP_CHECK */
1571 #if _FFR_SKIP_DOMAINS
1573 ** SKIP_DOMAINS -- Skip 'skip' number of domains in the WorkQ.
1575 ** Added by Stephen Frost <sfrost@snowman.net> to support
1576 ** having each runner process every N'th domain instead of
1577 ** every N'th message.
1580 ** skip -- number of domains in WorkQ to skip.
1583 ** total number of messages skipped.
1595 for (n = 0, seqjump = 0; n < skip && WorkQ != NULL; seqjump++)
1597 if (WorkQ->w_next != NULL)
1599 if (WorkQ->w_host != NULL &&
1600 WorkQ->w_next->w_host != NULL)
1602 if (sm_strcasecmp(WorkQ->w_host,
1603 WorkQ->w_next->w_host) != 0)
1608 if ((WorkQ->w_host != NULL &&
1609 WorkQ->w_next->w_host == NULL) ||
1610 (WorkQ->w_host == NULL &&
1611 WorkQ->w_next->w_host != NULL))
1615 WorkQ = WorkQ->w_next;
1619 #endif /* _FFR_SKIP_DOMAINS */
1622 ** RUNNER_WORK -- have a queue runner do its work
1624 ** Have a queue runner do its work a list of entries.
1625 ** When work isn't directly being done then this process can take a signal
1626 ** and terminate immediately (in a clean fashion of course).
1627 ** When work is directly being done, it's not to be interrupted
1628 ** immediately: the work should be allowed to finish at a clean point
1629 ** before termination (in a clean fashion of course).
1633 ** sequenceno -- 'th process to run WorkQ.
1634 ** didfork -- did the calling process fork()?
1635 ** skip -- process only each skip'th item.
1636 ** njobs -- number of jobs in WorkQ.
1642 ** runs things in the mail queue.
1646 runner_work(e, sequenceno, didfork, skip, njobs)
1647 register ENVELOPE *e;
1660 ** Here we temporarily block the second calling of the handlers.
1661 ** This allows us to handle the signal without terminating in the
1662 ** middle of direct work. If a signal does come, the test for
1663 ** NoMoreRunners will find it.
1669 /* process them once at a time */
1670 while (WorkQ != NULL)
1673 SM_NONVOLATILE int oldgroup = 0;
1675 if (sm_debug_active(&DebugLeakQ, 1))
1677 oldgroup = sm_heap_group();
1679 sm_dprintf("run_queue_group() heap group #%d\n",
1682 #endif /* SM_HEAP_CHECK */
1684 /* do no more work */
1687 /* Check that a valid signal handler is callable */
1688 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
1689 Oldsh != runners_sighup &&
1690 Oldsh != runners_sigterm)
1695 w = WorkQ; /* assign current work item */
1698 ** Set the head of the WorkQ to the next work item.
1699 ** It is set 'skip' ahead (the number of parallel queue
1700 ** runners working on WorkQ together) since each runner
1701 ** works on every 'skip'th (N-th) item.
1702 #if _FFR_SKIP_DOMAINS
1703 ** In the case of the BYHOST Queue Sort Order, the 'item'
1704 ** is a domain, so we work on every 'skip'th (N-th) domain.
1705 #endif * _FFR_SKIP_DOMAINS *
1708 #if _FFR_SKIP_DOMAINS
1709 if (QueueSortOrder == QSO_BYHOST)
1712 if (WorkQ->w_next != NULL)
1714 if (WorkQ->w_host != NULL &&
1715 WorkQ->w_next->w_host != NULL)
1717 if (sm_strcasecmp(WorkQ->w_host,
1718 WorkQ->w_next->w_host)
1720 seqjump = skip_domains(skip);
1722 WorkQ = WorkQ->w_next;
1726 if ((WorkQ->w_host != NULL &&
1727 WorkQ->w_next->w_host == NULL) ||
1728 (WorkQ->w_host == NULL &&
1729 WorkQ->w_next->w_host != NULL))
1730 seqjump = skip_domains(skip);
1732 WorkQ = WorkQ->w_next;
1736 WorkQ = WorkQ->w_next;
1739 #endif /* _FFR_SKIP_DOMAINS */
1741 for (n = 0; n < skip && WorkQ != NULL; n++)
1742 WorkQ = WorkQ->w_next;
1748 ** Ignore jobs that are too expensive for the moment.
1750 ** Get new load average every GET_NEW_LA_TIME seconds.
1754 if (shouldqueue(WkRecipFact, Current_LA_time))
1756 char *msg = "Aborting queue run: load average too high";
1761 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
1764 if (shouldqueue(w->w_pri, w->w_ctime))
1767 message(EmptyString);
1768 if (QueueSortOrder == QSO_BYPRIORITY)
1771 message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue",
1772 qid_printqueue(w->w_qgrp,
1774 w->w_name + 2, sequenceno,
1777 sm_syslog(LOG_INFO, NOQID,
1778 "runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)",
1779 qid_printqueue(w->w_qgrp,
1781 w->w_name + 2, w->w_pri,
1782 CurrentLA, sequenceno,
1787 message("Skipping %s/%s (sequence %d of %d)",
1788 qid_printqueue(w->w_qgrp, w->w_qdir),
1789 w->w_name + 2, sequenceno, njobs);
1795 message(EmptyString);
1796 message("Running %s/%s (sequence %d of %d)",
1797 qid_printqueue(w->w_qgrp, w->w_qdir),
1798 w->w_name + 2, sequenceno, njobs);
1800 if (didfork && MaxQueueChildren > 0)
1802 sm_blocksignal(SIGCHLD);
1803 (void) sm_signal(SIGCHLD, reapchild);
1806 sm_syslog(LOG_DEBUG, NOQID,
1807 "runqueue %s dowork(%s)",
1808 qid_printqueue(w->w_qgrp, w->w_qdir),
1811 (void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2,
1812 ForkQueueRuns, false, e);
1815 sm_free(w->w_name); /* XXX */
1816 if (w->w_host != NULL)
1817 sm_free(w->w_host); /* XXX */
1818 sm_free((char *) w); /* XXX */
1819 sequenceno += seqjump; /* next sequence number */
1821 if (sm_debug_active(&DebugLeakQ, 1))
1822 sm_heap_setgroup(oldgroup);
1823 #endif /* SM_HEAP_CHECK */
1828 /* check the signals didn't happen during the revert */
1831 /* Check that a valid signal handler is callable */
1832 if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
1833 Oldsh != runners_sighup && Oldsh != runners_sigterm)
1837 Oldsh = SIG_DFL; /* after the NoMoreRunners check */
1840 ** RUN_WORK_GROUP -- run the jobs in a queue group from a work group.
1842 ** Gets the stuff out of the queue in some presumably logical
1843 ** order and processes them.
1846 ** wgrp -- work group to process.
1847 ** flags -- RWG_* flags
1850 ** true if the queue run successfully began.
1853 ** runs things in the mail queue.
1856 /* Minimum sleep time for persistent queue runners */
1857 #define MIN_SLEEP_TIME 5
1860 run_work_group(wgrp, flags)
1864 register ENVELOPE *e;
1867 int qgrp, endgrp, h, i;
1871 extern void rmexpstab __P((void));
1872 extern ENVELOPE BlankEnvelope;
1873 extern SIGFUNC_DECL reapchild __P((int));
1879 ** If no work will ever be selected, don't even bother reading
1885 if (!bitset(RWG_PERSISTENT, flags) &&
1886 shouldqueue(WkRecipFact, Current_LA_time))
1888 char *msg = "Skipping queue run -- load average too high";
1890 if (bitset(RWG_VERBOSE, flags))
1891 message("458 %s\n", msg);
1893 sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
1898 ** See if we already have too many children.
1901 if (bitset(RWG_FORK, flags) &&
1902 WorkGrp[wgrp].wg_lowqintvl > 0 &&
1903 !bitset(RWG_PERSISTENT, flags) &&
1904 MaxChildren > 0 && CurChildren >= MaxChildren)
1906 char *msg = "Skipping queue run -- too many children";
1908 if (bitset(RWG_VERBOSE, flags))
1909 message("458 %s (%d)\n", msg, CurChildren);
1911 sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)",
1917 ** See if we want to go off and do other useful work.
1920 if (bitset(RWG_FORK, flags))
1924 (void) sm_blocksignal(SIGCHLD);
1925 (void) sm_signal(SIGCHLD, reapchild);
1930 const char *msg = "Skipping queue run -- fork() failed";
1931 const char *err = sm_errstring(errno);
1933 if (bitset(RWG_VERBOSE, flags))
1934 message("458 %s: %s\n", msg, err);
1936 sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s",
1938 (void) sm_releasesignal(SIGCHLD);
1943 /* parent -- pick up intermediate zombie */
1944 (void) sm_blocksignal(SIGALRM);
1946 /* wgrp only used when queue runners are persistent */
1947 proc_list_add(pid, "Queue runner", PROC_QUEUE,
1948 WorkGrp[wgrp].wg_maxact,
1949 bitset(RWG_PERSISTENT, flags) ? wgrp : -1,
1951 (void) sm_releasesignal(SIGALRM);
1952 (void) sm_releasesignal(SIGCHLD);
1956 /* child -- clean up signals */
1958 /* Reset global flags */
1959 RestartRequest = NULL;
1960 RestartWorkGroup = false;
1961 ShutdownRequest = NULL;
1963 CurrentPid = getpid();
1964 close_sendmail_pid();
1967 ** Initialize exception stack and default exception
1968 ** handler for child process.
1971 sm_exc_newthread(fatal_error);
1975 /* Add parent process as first child item */
1976 proc_list_add(CurrentPid, "Queue runner child process",
1977 PROC_QUEUE_CHILD, 0, -1, NULL);
1978 (void) sm_releasesignal(SIGCHLD);
1979 (void) sm_signal(SIGCHLD, SIG_DFL);
1980 (void) sm_signal(SIGHUP, SIG_DFL);
1981 (void) sm_signal(SIGTERM, intsig);
1985 ** Release any resources used by the daemon code.
1990 /* force it to run expensive jobs */
1993 /* drop privileges */
1994 if (geteuid() == (uid_t) 0)
1995 (void) drop_privileges(false);
1998 ** Create ourselves an envelope
2001 CurEnv = &QueueEnvelope;
2002 rpool = sm_rpool_new_x(NULL);
2003 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2004 e->e_flags = BlankEnvelope.e_flags;
2007 /* make sure we have disconnected from parent */
2008 if (bitset(RWG_FORK, flags))
2015 ** If we are running part of the queue, always ignore stored
2019 if (QueueLimitId != NULL || QueueLimitSender != NULL ||
2020 QueueLimitQuarantine != NULL ||
2021 QueueLimitRecipient != NULL)
2023 IgnoreHostStatus = true;
2028 ** Here is where we choose the queue group from the work group.
2029 ** The caller of the "domorework" label must setup a new envelope.
2032 endgrp = WorkGrp[wgrp].wg_curqgrp; /* to not spin endlessly */
2037 ** Run a queue group if:
2038 ** RWG_RUNALL bit is set or the bit for this group is set.
2045 ** Find the next queue group within the work group that
2046 ** has been marked as needing a run.
2049 qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index;
2050 WorkGrp[wgrp].wg_curqgrp++; /* advance */
2051 WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */
2052 if (bitset(RWG_RUNALL, flags) ||
2053 (Queue[qgrp]->qg_nextrun <= now &&
2054 Queue[qgrp]->qg_nextrun != (time_t) -1))
2056 if (endgrp == WorkGrp[wgrp].wg_curqgrp)
2059 if (bitset(RWG_FORK, flags))
2060 finis(true, true, ExitStat);
2061 return true; /* we're done */
2065 qdir = Queue[qgrp]->qg_curnum; /* round-robin init of queue position */
2066 #if _FFR_QUEUE_SCHED_DBG
2068 sm_syslog(LOG_INFO, NOQID,
2069 "rwg: wgrp=%d, qgrp=%d, qdir=%d, name=%s, curqgrp=%d, numgrps=%d",
2070 wgrp, qgrp, qdir, qid_printqueue(qgrp, qdir),
2071 WorkGrp[wgrp].wg_curqgrp, WorkGrp[wgrp].wg_numqgrp);
2072 #endif /* _FFR_QUEUE_SCHED_DBG */
2075 /* tweak niceness of queue runs */
2076 if (Queue[qgrp]->qg_nice > 0)
2077 (void) nice(Queue[qgrp]->qg_nice);
2078 #endif /* HASNICE */
2080 /* XXX running queue group... */
2081 sm_setproctitle(true, CurEnv, "running queue: %s",
2082 qid_printqueue(qgrp, qdir));
2084 if (LogLevel > 69 || tTd(63, 99))
2085 sm_syslog(LOG_DEBUG, NOQID,
2086 "runqueue %s, pid=%d, forkflag=%d",
2087 qid_printqueue(qgrp, qdir), (int) CurrentPid,
2088 bitset(RWG_FORK, flags));
2091 ** Start making passes through the queue.
2092 ** First, read and sort the entire queue.
2093 ** Then, process the work in that order.
2094 ** But if you take too long, start over.
2097 for (i = 0; i < Queue[qgrp]->qg_numqueues; i++)
2099 h = gatherq(qgrp, qdir, false, &full, &more);
2101 if (ShmId != SM_SHM_NO_ID)
2102 QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h;
2103 #endif /* SM_CONF_SHM */
2104 /* If there are no more items in this queue advance */
2107 /* A round-robin advance */
2109 qdir %= Queue[qgrp]->qg_numqueues;
2112 /* Has the WorkList reached the limit? */
2114 break; /* don't try to gather more */
2117 /* order the existing work requests */
2118 njobs = sortq(Queue[qgrp]->qg_maxlist);
2119 Queue[qgrp]->qg_curnum = qdir; /* update */
2122 if (!Verbose && bitnset(QD_FORK, Queue[qgrp]->qg_flags))
2124 int loop, maxrunners;
2128 ** For this WorkQ we want to fork off N children (maxrunners)
2129 ** at this point. Each child has a copy of WorkQ. Each child
2130 ** will process every N-th item. The parent will wait for all
2131 ** of the children to finish before moving on to the next
2132 ** queue group within the work group. This saves us forking
2133 ** a new runner-child for each work item.
2134 ** It's valid for qg_maxqrun == 0 since this may be an
2135 ** explicit "don't run this queue" setting.
2138 maxrunners = Queue[qgrp]->qg_maxqrun;
2140 /* No need to have more runners then there are jobs */
2141 if (maxrunners > njobs)
2143 for (loop = 0; loop < maxrunners; loop++)
2146 ** Since the delivery may happen in a child and the
2147 ** parent does not wait, the parent may close the
2148 ** maps thereby removing any shared memory used by
2149 ** the map. Therefore, close the maps now so the
2150 ** child will dynamically open them if necessary.
2158 syserr("run_work_group: cannot fork");
2163 /* parent -- clean out connection cache */
2164 mci_flush(false, NULL);
2165 #if _FFR_SKIP_DOMAINS
2166 if (QueueSortOrder == QSO_BYHOST)
2168 sequenceno += skip_domains(1);
2171 #endif /* _FFR_SKIP_DOMAINS */
2174 WorkQ = WorkQ->w_next;
2177 proc_list_add(pid, "Queue child runner process",
2178 PROC_QUEUE_CHILD, 0, -1, NULL);
2180 /* No additional work, no additional runners */
2186 /* child -- Reset global flags */
2187 RestartRequest = NULL;
2188 RestartWorkGroup = false;
2189 ShutdownRequest = NULL;
2191 CurrentPid = getpid();
2192 close_sendmail_pid();
2195 ** Initialize exception stack and default
2196 ** exception handler for child process.
2197 ** When fork()'d the child now has a private
2198 ** copy of WorkQ at its current position.
2201 sm_exc_newthread(fatal_error);
2204 ** SMTP processes (whether -bd or -bs) set
2205 ** SIGCHLD to reapchild to collect
2206 ** children status. However, at delivery
2207 ** time, that status must be collected
2208 ** by sm_wait() to be dealt with properly
2209 ** (check success of delivery based
2210 ** on status code, etc). Therefore, if we
2211 ** are an SMTP process, reset SIGCHLD
2212 ** back to the default so reapchild
2213 ** doesn't collect status before
2217 if (OpMode == MD_SMTP ||
2218 OpMode == MD_DAEMON ||
2219 MaxQueueChildren > 0)
2222 sm_releasesignal(SIGCHLD);
2223 (void) sm_signal(SIGCHLD, SIG_DFL);
2226 /* child -- error messages to the transcript */
2227 QuickAbort = OnlyOneError = false;
2228 runner_work(e, sequenceno, true,
2231 /* This child is done */
2232 finis(true, true, ExitStat);
2237 sm_releasesignal(SIGCHLD);
2240 ** Wait until all of the runners have completed before
2241 ** seeing if there is another queue group in the
2242 ** work group to process.
2243 ** XXX Future enhancement: don't wait() for all children
2244 ** here, just go ahead and make sure that overall the number
2245 ** of children is not exceeded.
2248 while (CurChildren > 0)
2253 while ((ret = sm_wait(&status)) <= 0)
2255 proc_list_drop(ret, status, NULL);
2258 else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags))
2261 ** When current process will not fork children to do the work,
2262 ** it will do the work itself. The 'skip' will be 1 since
2263 ** there are no child runners to divide the work across.
2266 runner_work(e, sequenceno, false, 1, njobs);
2269 /* free memory allocated by newenvelope() above */
2270 sm_rpool_free(rpool);
2271 QueueEnvelope.e_rpool = NULL;
2273 /* Are there still more queues in the work group to process? */
2274 if (endgrp != WorkGrp[wgrp].wg_curqgrp)
2276 rpool = sm_rpool_new_x(NULL);
2277 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2278 e->e_flags = BlankEnvelope.e_flags;
2282 /* No more queues in work group to process. Now check persistent. */
2283 if (bitset(RWG_PERSISTENT, flags))
2286 sm_setproctitle(true, CurEnv, "running queue: %s",
2287 qid_printqueue(qgrp, qdir));
2290 ** close bogus maps, i.e., maps which caused a tempfail,
2291 ** so we get fresh map connections on the next lookup.
2292 ** closemaps() is also called when children are started.
2297 /* Close any cached connections. */
2298 mci_flush(true, NULL);
2300 /* Clean out expired related entries. */
2304 /* Update MX records for FallbackMX. */
2305 if (FallbackMX != NULL)
2306 (void) getfallbackmxrr(FallbackMX);
2307 #endif /* NAMED_BIND */
2310 /* close UserDatabase */
2315 if (sm_debug_active(&SmHeapCheck, 2)
2316 && access("memdump", F_OK) == 0
2322 out = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
2323 "memdump.out", SM_IO_APPEND, NULL);
2326 (void) sm_io_fprintf(out, SM_TIME_DEFAULT, "----------------------\n");
2328 sm_debug_level(&SmHeapCheck) - 1);
2329 (void) sm_io_close(out, SM_TIME_DEFAULT);
2332 #endif /* SM_HEAP_CHECK */
2334 /* let me rest for a second to catch my breath */
2335 if (njobs == 0 && WorkGrp[wgrp].wg_lowqintvl < MIN_SLEEP_TIME)
2336 sleep(MIN_SLEEP_TIME);
2337 else if (WorkGrp[wgrp].wg_lowqintvl <= 0)
2338 sleep(QueueIntvl > 0 ? QueueIntvl : MIN_SLEEP_TIME);
2340 sleep(WorkGrp[wgrp].wg_lowqintvl);
2343 ** Get the LA outside the WorkQ loop if necessary.
2344 ** In a persistent queue runner the code is repeated over
2345 ** and over but gatherq() may ignore entries due to
2346 ** shouldqueue() (do we really have to do this twice?).
2347 ** Hence the queue runners would just idle around when once
2348 ** CurrentLA caused all entries in a queue to be ignored.
2353 rpool = sm_rpool_new_x(NULL);
2354 e = newenvelope(&QueueEnvelope, CurEnv, rpool);
2355 e->e_flags = BlankEnvelope.e_flags;
2359 /* exit without the usual cleanup */
2361 if (bitset(RWG_FORK, flags))
2362 finis(true, true, ExitStat);
2368 ** DOQUEUERUN -- do a queue run?
2378 ** RUNQUEUEEVENT -- Sets a flag to indicate that a queue run should be done.
2387 ** The invocation of this function via an alarm may interrupt
2388 ** a set of actions. Thus errno may be set in that context.
2389 ** We need to restore errno at the end of this function to ensure
2390 ** that any work done here that sets errno doesn't return a
2391 ** misleading/false errno value. Errno may be EINTR upon entry to
2392 ** this function because of non-restartable/continuable system
2393 ** API was active. Iff this is true we will override errno as
2394 ** a timeout (as a more accurate error message).
2396 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
2397 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
2402 runqueueevent(ignore)
2405 int save_errno = errno;
2408 ** Set the general bit that we want a queue run,
2409 ** tested in doqueuerun()
2413 #if _FFR_QUEUE_SCHED_DBG
2415 sm_syslog(LOG_INFO, NOQID, "rqe: done");
2416 #endif /* _FFR_QUEUE_SCHED_DBG */
2423 ** GATHERQ -- gather messages from the message queue(s) the work queue.
2426 ** qgrp -- the index of the queue group.
2427 ** qdir -- the index of the queue directory.
2428 ** doall -- if set, include everything in the queue (even
2429 ** the jobs that cannot be run because the load
2430 ** average is too high, or MaxQueueRun is reached).
2431 ** Otherwise, exclude those jobs.
2432 ** full -- (optional) to be set 'true' if WorkList is full
2433 ** more -- (optional) to be set 'true' if there are still more
2434 ** messages in this queue not added to WorkList
2437 ** The number of request in the queue (not necessarily
2438 ** the number of requests in WorkList however).
2441 ** prepares available work into WorkList
2444 #define NEED_P 0001 /* 'P': priority */
2445 #define NEED_T 0002 /* 'T': time */
2446 #define NEED_R 0004 /* 'R': recipient */
2447 #define NEED_S 0010 /* 'S': sender */
2448 #define NEED_H 0020 /* host */
2449 #define HAS_QUARANTINE 0040 /* has an unexpected 'q' line */
2450 #define NEED_QUARANTINE 0100 /* 'q': reason */
2452 static WORK *WorkList = NULL; /* list of unsort work */
2453 static int WorkListSize = 0; /* current max size of WorkList */
2454 static int WorkListCount = 0; /* # of work items in WorkList */
2457 gatherq(qgrp, qdir, doall, full, more)
2464 register struct dirent *d;
2471 char qd[MAXPATHLEN];
2472 char qf[MAXPATHLEN];
2474 wn = WorkListCount - 1;
2477 (void) sm_strlcpy(qd, ".", sizeof qd);
2479 (void) sm_strlcpyn(qd, sizeof qd, 2,
2480 Queue[qgrp]->qg_qpaths[qdir].qp_name,
2482 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
2487 sm_dprintf("gatherq:\n");
2489 check = QueueLimitId;
2490 while (check != NULL)
2492 sm_dprintf("\tQueueLimitId = %s%s\n",
2493 check->queue_negate ? "!" : "",
2494 check->queue_match);
2495 check = check->queue_next;
2498 check = QueueLimitSender;
2499 while (check != NULL)
2501 sm_dprintf("\tQueueLimitSender = %s%s\n",
2502 check->queue_negate ? "!" : "",
2503 check->queue_match);
2504 check = check->queue_next;
2507 check = QueueLimitRecipient;
2508 while (check != NULL)
2510 sm_dprintf("\tQueueLimitRecipient = %s%s\n",
2511 check->queue_negate ? "!" : "",
2512 check->queue_match);
2513 check = check->queue_next;
2516 if (QueueMode == QM_QUARANTINE)
2518 check = QueueLimitQuarantine;
2519 while (check != NULL)
2521 sm_dprintf("\tQueueLimitQuarantine = %s%s\n",
2522 check->queue_negate ? "!" : "",
2523 check->queue_match);
2524 check = check->queue_next;
2529 /* open the queue directory */
2533 syserr("gatherq: cannot open \"%s\"",
2534 qid_printqueue(qgrp, qdir));
2536 *full = WorkListCount >= MaxQueueRun && MaxQueueRun > 0;
2543 ** Read the work directory.
2546 while ((d = readdir(f)) != NULL)
2550 char lbuf[MAXNAME + 1];
2554 sm_dprintf("gatherq: checking %s..", d->d_name);
2556 /* is this an interesting entry? */
2557 if (!(((QueueMode == QM_NORMAL &&
2558 d->d_name[0] == NORMQF_LETTER) ||
2559 (QueueMode == QM_QUARANTINE &&
2560 d->d_name[0] == QUARQF_LETTER) ||
2561 (QueueMode == QM_LOST &&
2562 d->d_name[0] == LOSEQF_LETTER)) &&
2563 d->d_name[1] == 'f'))
2566 sm_dprintf(" skipping\n");
2572 if (strlen(d->d_name) >= MAXQFNAME)
2575 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
2576 "gatherq: %s too long, %d max characters\n",
2577 d->d_name, MAXQFNAME);
2579 sm_syslog(LOG_ALERT, NOQID,
2580 "gatherq: %s too long, %d max characters",
2581 d->d_name, MAXQFNAME);
2585 check = QueueLimitId;
2586 while (check != NULL)
2588 if (strcontainedin(false, check->queue_match,
2589 d->d_name) != check->queue_negate)
2592 check = check->queue_next;
2594 if (QueueLimitId != NULL && check == NULL)
2597 /* grow work list if necessary */
2598 if (++wn >= MaxQueueRun && MaxQueueRun > 0)
2600 if (wn == MaxQueueRun && LogLevel > 0)
2601 sm_syslog(LOG_WARNING, NOQID,
2602 "WorkList for %s maxed out at %d",
2603 qid_printqueue(qgrp, qdir),
2606 continue; /* just count entries */
2609 if (wn >= WorkListSize)
2611 grow_wlist(qgrp, qdir);
2612 if (wn >= WorkListSize)
2618 (void) sm_strlcpyn(qf, sizeof qf, 3, qd, "/", d->d_name);
2619 if (stat(qf, &sbuf) < 0)
2621 if (errno != ENOENT)
2622 sm_syslog(LOG_INFO, NOQID,
2623 "gatherq: can't stat %s/%s",
2624 qid_printqueue(qgrp, qdir),
2629 if (!bitset(S_IFREG, sbuf.st_mode))
2631 /* Yikes! Skip it or we will hang on open! */
2632 if (!((d->d_name[0] == DATAFL_LETTER ||
2633 d->d_name[0] == NORMQF_LETTER ||
2634 d->d_name[0] == QUARQF_LETTER ||
2635 d->d_name[0] == LOSEQF_LETTER ||
2636 d->d_name[0] == XSCRPT_LETTER) &&
2637 d->d_name[1] == 'f' && d->d_name[2] == '\0'))
2638 syserr("gatherq: %s/%s is not a regular file",
2639 qid_printqueue(qgrp, qdir), d->d_name);
2644 /* avoid work if possible */
2645 if ((QueueSortOrder == QSO_BYFILENAME ||
2646 QueueSortOrder == QSO_BYMODTIME ||
2647 QueueSortOrder == QSO_RANDOM) &&
2648 QueueLimitQuarantine == NULL &&
2649 QueueLimitSender == NULL &&
2650 QueueLimitRecipient == NULL)
2654 w->w_name = newstr(d->d_name);
2656 w->w_lock = w->w_tooyoung = false;
2659 w->w_mtime = sbuf.st_mtime;
2664 /* open control file */
2665 cf = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
2667 if (cf == NULL && OpMode != MD_PRINT)
2669 /* this may be some random person sending hir msgs */
2671 sm_dprintf("gatherq: cannot open %s: %s\n",
2672 d->d_name, sm_errstring(errno));
2679 w->w_name = newstr(d->d_name);
2683 w->w_lock = !lockfile(sm_io_getinfo(cf, SM_IO_WHAT_FD,
2688 w->w_tooyoung = false;
2690 /* make sure jobs in creation don't clog queue */
2691 w->w_pri = 0x7fffffff;
2693 w->w_mtime = sbuf.st_mtime;
2695 /* extract useful information */
2697 if (QueueSortOrder == QSO_BYHOST
2699 || QueueSortOrder == QSO_BYSHUFFLE
2700 #endif /* _FFR_RHS */
2703 /* need w_host set for host sort order */
2706 if (QueueLimitSender != NULL)
2708 if (QueueLimitRecipient != NULL)
2710 if (QueueLimitQuarantine != NULL)
2711 i |= NEED_QUARANTINE;
2712 while (cf != NULL && i != 0 &&
2713 sm_io_fgets(cf, SM_TIME_DEFAULT, lbuf,
2714 sizeof lbuf) != NULL)
2719 p = strchr(lbuf, '\n');
2724 /* flush rest of overly long line */
2725 while ((c = sm_io_getc(cf, SM_TIME_DEFAULT))
2726 != SM_IO_EOF && c != '\n')
2733 qfver = atoi(&lbuf[1]);
2737 w->w_pri = atol(&lbuf[1]);
2742 w->w_ctime = atol(&lbuf[1]);
2747 if (QueueMode != QM_QUARANTINE &&
2748 QueueMode != QM_LOST)
2751 sm_dprintf("%s not marked as quarantined but has a 'q' line\n",
2753 i |= HAS_QUARANTINE;
2755 else if (QueueMode == QM_QUARANTINE)
2757 if (QueueLimitQuarantine == NULL)
2759 i &= ~NEED_QUARANTINE;
2763 check = QueueLimitQuarantine;
2764 while (check != NULL)
2766 if (strcontainedin(false,
2769 check->queue_negate)
2772 check = check->queue_next;
2775 i &= ~NEED_QUARANTINE;
2780 if (w->w_host == NULL &&
2781 (p = strrchr(&lbuf[1], '@')) != NULL)
2784 if (QueueSortOrder == QSO_BYSHUFFLE)
2785 w->w_host = newstr(&p[1]);
2787 #endif /* _FFR_RHS */
2788 w->w_host = strrev(&p[1]);
2789 makelower(w->w_host);
2792 if (QueueLimitRecipient == NULL)
2799 p = strchr(&lbuf[1], ':');
2803 ++p; /* skip over ':' */
2807 check = QueueLimitRecipient;
2808 while (check != NULL)
2810 if (strcontainedin(true,
2813 check->queue_negate)
2816 check = check->queue_next;
2823 check = QueueLimitSender;
2824 while (check != NULL)
2826 if (strcontainedin(true,
2829 check->queue_negate)
2832 check = check->queue_next;
2839 age = curtime() - (time_t) atol(&lbuf[1]);
2840 if (age >= 0 && MinQueueAge > 0 &&
2842 w->w_tooyoung = true;
2846 if (atol(&lbuf[1]) == 0)
2847 w->w_tooyoung = false;
2852 (void) sm_io_close(cf, SM_TIME_DEFAULT);
2854 if ((!doall && shouldqueue(w->w_pri, w->w_ctime)) ||
2855 bitset(HAS_QUARANTINE, i) ||
2856 bitset(NEED_QUARANTINE, i) ||
2857 bitset(NEED_R|NEED_S, i))
2859 /* don't even bother sorting this job in */
2861 sm_dprintf("skipping %s (%x)\n", w->w_name, i);
2862 sm_free(w->w_name); /* XXX */
2863 if (w->w_host != NULL)
2864 sm_free(w->w_host); /* XXX */
2873 i = wn - WorkListCount;
2874 WorkListCount += SM_MIN(num_ent, WorkListSize);
2877 *more = WorkListCount < wn;
2880 *full = (wn >= MaxQueueRun && MaxQueueRun > 0) ||
2881 (WorkList == NULL && wn > 0);
2886 ** SORTQ -- sort the work list
2888 ** First the old WorkQ is cleared away. Then the WorkList is sorted
2889 ** for all items so that important (higher sorting value) items are not
2890 ** trunctated off. Then the most important items are moved from
2891 ** WorkList to WorkQ. The lower count of 'max' or MaxListCount items
2895 ** max -- maximum number of items to be placed in WorkQ
2898 ** the number of items in WorkQ
2901 ** WorkQ gets released and filled with new work. WorkList
2902 ** gets released. Work items get sorted in order.
2909 register int i; /* local counter */
2910 register WORK *w; /* tmp item pointer */
2911 int wc = WorkListCount; /* trim size for WorkQ */
2917 /* Clear out old WorkQ. */
2918 for (w = WorkQ; w != NULL; w = nw)
2921 sm_free(w->w_name); /* XXX */
2922 if (w->w_host != NULL)
2923 sm_free(w->w_host); /* XXX */
2924 sm_free((char *) w); /* XXX */
2929 if (WorkList == NULL || wc <= 0)
2932 /* Check if the per queue group item limit will be exceeded */
2933 if (wc > max && max > 0)
2937 ** The sort now takes place using all of the items in WorkList.
2938 ** The list gets trimmed to the most important items after the sort.
2939 ** If the trim were to happen before the sort then one or more
2940 ** important items might get truncated off -- not what we want.
2943 if (QueueSortOrder == QSO_BYHOST)
2946 ** Sort the work directory for the first time,
2947 ** based on host name, lock status, and priority.
2950 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf1);
2953 ** If one message to host is locked, "lock" all messages
2960 if (!WorkList[i].w_lock)
2968 if (WorkList[i].w_host == NULL &&
2970 WorkList[i].w_lock = true;
2971 else if (WorkList[i].w_host != NULL &&
2972 w->w_host != NULL &&
2973 sm_strcasecmp(WorkList[i].w_host,
2975 WorkList[i].w_lock = true;
2982 ** Sort the work directory for the second time,
2983 ** based on lock status, host name, and priority.
2986 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf2);
2988 else if (QueueSortOrder == QSO_BYTIME)
2991 ** Simple sort based on submission time only.
2994 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf3);
2996 else if (QueueSortOrder == QSO_BYFILENAME)
2999 ** Sort based on queue filename.
3002 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf4);
3004 else if (QueueSortOrder == QSO_RANDOM)
3007 ** Sort randomly. To avoid problems with an instable sort,
3008 ** use a random index into the queue file name to start
3012 randi = get_rand_mod(MAXQFNAME);
3015 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf5);
3017 else if (QueueSortOrder == QSO_BYMODTIME)
3020 ** Simple sort based on modification time of queue file.
3021 ** This puts the oldest items first.
3024 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf6);
3027 else if (QueueSortOrder == QSO_BYSHUFFLE)
3030 ** Simple sort based on shuffled host name.
3033 init_shuffle_alphabet();
3034 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf7);
3036 #endif /* _FFR_RHS */
3037 else if (QueueSortOrder == QSO_BYPRIORITY)
3040 ** Simple sort based on queue priority only.
3043 qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf0);
3045 /* else don't sort at all */
3048 ** Convert the work list into canonical form.
3049 ** Should be turning it into a list of envelopes here perhaps.
3050 ** Only take the most important items up to the per queue group
3054 for (i = wc; --i >= 0; )
3056 w = (WORK *) xalloc(sizeof *w);
3057 w->w_qgrp = WorkList[i].w_qgrp;
3058 w->w_qdir = WorkList[i].w_qdir;
3059 w->w_name = WorkList[i].w_name;
3060 w->w_host = WorkList[i].w_host;
3061 w->w_lock = WorkList[i].w_lock;
3062 w->w_tooyoung = WorkList[i].w_tooyoung;
3063 w->w_pri = WorkList[i].w_pri;
3064 w->w_ctime = WorkList[i].w_ctime;
3065 w->w_mtime = WorkList[i].w_mtime;
3070 /* free the rest of the list */
3071 for (i = WorkListCount; --i >= wc; )
3073 sm_free(WorkList[i].w_name);
3074 if (WorkList[i].w_host != NULL)
3075 sm_free(WorkList[i].w_host);
3078 if (WorkList != NULL)
3079 sm_free(WorkList); /* XXX */
3086 for (w = WorkQ; w != NULL; w = w->w_next)
3088 if (w->w_host != NULL)
3089 sm_dprintf("%22s: pri=%ld %s\n",
3090 w->w_name, w->w_pri, w->w_host);
3092 sm_dprintf("%32s: pri=%ld\n",
3093 w->w_name, w->w_pri);
3097 return wc; /* return number of WorkQ items */
3100 ** GROW_WLIST -- make the work list larger
3103 ** qgrp -- the index for the queue group.
3104 ** qdir -- the index for the queue directory.
3110 ** Adds another QUEUESEGSIZE entries to WorkList if possible.
3111 ** It can fail if there isn't enough memory, so WorkListSize
3112 ** should be checked again upon return.
3116 grow_wlist(qgrp, qdir)
3121 sm_dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize);
3122 if (WorkList == NULL)
3124 WorkList = (WORK *) xalloc((sizeof *WorkList) *
3125 (QUEUESEGSIZE + 1));
3126 WorkListSize = QUEUESEGSIZE;
3130 int newsize = WorkListSize + QUEUESEGSIZE;
3131 WORK *newlist = (WORK *) sm_realloc((char *) WorkList,
3132 (unsigned) sizeof(WORK) * (newsize + 1));
3134 if (newlist != NULL)
3136 WorkListSize = newsize;
3140 sm_syslog(LOG_INFO, NOQID,
3141 "grew WorkList for %s to %d",
3142 qid_printqueue(qgrp, qdir),
3146 else if (LogLevel > 0)
3148 sm_syslog(LOG_ALERT, NOQID,
3149 "FAILED to grow WorkList for %s to %d",
3150 qid_printqueue(qgrp, qdir), newsize);
3154 sm_dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize);
3157 ** WORKCMPF0 -- simple priority-only compare function.
3160 ** a -- the first argument.
3161 ** b -- the second argument.
3186 ** WORKCMPF1 -- first compare function for ordering work based on host name.
3188 ** Sorts on host name, lock status, and priority in that order.
3191 ** a -- the first argument.
3192 ** b -- the second argument.
3209 if (a->w_host != NULL && b->w_host == NULL)
3211 else if (a->w_host == NULL && b->w_host != NULL)
3213 if (a->w_host != NULL && b->w_host != NULL &&
3214 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
3218 if (a->w_lock != b->w_lock)
3219 return b->w_lock - a->w_lock;
3222 return workcmpf0(a, b);
3225 ** WORKCMPF2 -- second compare function for ordering work based on host name.
3227 ** Sorts on lock status, host name, and priority in that order.
3230 ** a -- the first argument.
3231 ** b -- the second argument.
3248 if (a->w_lock != b->w_lock)
3249 return a->w_lock - b->w_lock;
3252 if (a->w_host != NULL && b->w_host == NULL)
3254 else if (a->w_host == NULL && b->w_host != NULL)
3256 if (a->w_host != NULL && b->w_host != NULL &&
3257 (i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
3261 return workcmpf0(a, b);
3264 ** WORKCMPF3 -- simple submission-time-only compare function.
3267 ** a -- the first argument.
3268 ** b -- the second argument.
3282 if (a->w_ctime > b->w_ctime)
3284 else if (a->w_ctime < b->w_ctime)
3290 ** WORKCMPF4 -- compare based on file name
3293 ** a -- the first argument.
3294 ** b -- the second argument.
3308 return strcmp(a->w_name, b->w_name);
3311 ** WORKCMPF5 -- compare based on assigned random number
3314 ** a -- the first argument (ignored).
3315 ** b -- the second argument (ignored).
3327 if (strlen(a->w_name) < randi || strlen(b->w_name) < randi)
3329 return a->w_name[randi] - b->w_name[randi];
3332 ** WORKCMPF6 -- simple modification-time-only compare function.
3335 ** a -- the first argument.
3336 ** b -- the second argument.
3350 if (a->w_mtime > b->w_mtime)
3352 else if (a->w_mtime < b->w_mtime)
3359 ** WORKCMPF7 -- compare function for ordering work based on shuffled host name.
3361 ** Sorts on lock status, host name, and priority in that order.
3364 ** a -- the first argument.
3365 ** b -- the second argument.
3382 if (a->w_lock != b->w_lock)
3383 return a->w_lock - b->w_lock;
3386 if (a->w_host != NULL && b->w_host == NULL)
3388 else if (a->w_host == NULL && b->w_host != NULL)
3390 if (a->w_host != NULL && b->w_host != NULL &&
3391 (i = sm_strshufflecmp(a->w_host, b->w_host)) != 0)
3395 return workcmpf0(a, b);
3397 #endif /* _FFR_RHS */
3399 ** STRREV -- reverse string
3401 ** Returns a pointer to a new string that is the reverse of
3402 ** the string pointed to by fwd. The space for the new
3403 ** string is obtained using xalloc().
3406 ** fwd -- the string to reverse.
3409 ** the reversed string.
3420 rev = xalloc(len + 1);
3421 for (cnt = 0; cnt < len; ++cnt)
3422 rev[cnt] = fwd[len - cnt - 1];
3432 static unsigned char ShuffledAlphabet[NCHAR];
3435 init_shuffle_alphabet()
3437 static bool init = false;
3443 /* fill the ShuffledAlphabet */
3444 for (i = 0; i < NCHAR; i++)
3445 ShuffledAlphabet[i] = i;
3448 for (i = 1; i < NCHAR; i++)
3450 register int j = get_random() % NCHAR;
3453 tmp = ShuffledAlphabet[j];
3454 ShuffledAlphabet[j] = ShuffledAlphabet[i];
3455 ShuffledAlphabet[i] = tmp;
3458 /* make it case insensitive */
3459 for (i = 'A'; i <= 'Z'; i++)
3460 ShuffledAlphabet[i] = ShuffledAlphabet[i + 'a' - 'A'];
3462 /* fill the upper part */
3463 for (i = 0; i < NCHAR; i++)
3464 ShuffledAlphabet[i + NCHAR] = ShuffledAlphabet[i];
3469 sm_strshufflecmp(a, b)
3473 const unsigned char *us1 = (const unsigned char *) a;
3474 const unsigned char *us2 = (const unsigned char *) b;
3476 while (ShuffledAlphabet[*us1] == ShuffledAlphabet[*us2++])
3481 return (ShuffledAlphabet[*us1] - ShuffledAlphabet[*--us2]);
3483 #endif /* _FFR_RHS */
3486 ** DOWORK -- do a work request.
3489 ** qgrp -- the index of the queue group for the job.
3490 ** qdir -- the index of the queue directory for the job.
3491 ** id -- the ID of the job to run.
3492 ** forkflag -- if set, run this in background.
3493 ** requeueflag -- if set, reinstantiate the queue quickly.
3494 ** This is used when expanding aliases in the queue.
3495 ** If forkflag is also set, it doesn't wait for the
3497 ** e - the envelope in which to run it.
3500 ** process id of process that is running the queue job.
3503 ** The work request is satisfied if possible.
3507 dowork(qgrp, qdir, id, forkflag, requeueflag, e)
3513 register ENVELOPE *e;
3519 sm_dprintf("dowork(%s/%s)\n", qid_printqueue(qgrp, qdir), id);
3528 ** Since the delivery may happen in a child and the
3529 ** parent does not wait, the parent may close the
3530 ** maps thereby removing any shared memory used by
3531 ** the map. Therefore, close the maps now so the
3532 ** child will dynamically open them if necessary.
3540 syserr("dowork: cannot fork");
3545 /* parent -- clean out connection cache */
3546 mci_flush(false, NULL);
3551 ** Initialize exception stack and default exception
3552 ** handler for child process.
3555 /* Reset global flags */
3556 RestartRequest = NULL;
3557 RestartWorkGroup = false;
3558 ShutdownRequest = NULL;
3560 CurrentPid = getpid();
3561 sm_exc_newthread(fatal_error);
3564 ** See note above about SMTP processes and SIGCHLD.
3567 if (OpMode == MD_SMTP ||
3568 OpMode == MD_DAEMON ||
3569 MaxQueueChildren > 0)
3572 sm_releasesignal(SIGCHLD);
3573 (void) sm_signal(SIGCHLD, SIG_DFL);
3576 /* child -- error messages to the transcript */
3577 QuickAbort = OnlyOneError = false;
3589 ** Lock the control file to avoid duplicate deliveries.
3590 ** Then run the file as though we had just read it.
3591 ** We save an idea of the temporary name so we
3592 ** can recover on interrupt.
3597 /* Reset global flags */
3598 RestartRequest = NULL;
3599 RestartWorkGroup = false;
3600 ShutdownRequest = NULL;
3604 /* set basic modes, etc. */
3607 rpool = sm_rpool_new_x(NULL);
3608 clearenvelope(e, false, rpool);
3609 e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
3610 set_delivery_mode(SM_DELIVER, e);
3611 e->e_errormode = EM_MAIL;
3615 GrabTo = UseErrorsTo = false;
3620 set_op_mode(MD_QUEUERUN);
3622 sm_setproctitle(true, e, "%s from queue", qid_printname(e));
3624 sm_syslog(LOG_DEBUG, e->e_id, "dowork, pid=%d",
3627 /* don't use the headers from sendmail.cf... */
3630 /* read the queue control file -- return if locked */
3631 if (!readqf(e, false))
3633 if (tTd(40, 4) && e->e_id != NULL)
3634 sm_dprintf("readqf(%s) failed\n",
3638 finis(false, true, EX_OK);
3641 /* adding this frees 8 bytes */
3642 clearenvelope(e, false, rpool);
3644 /* adding this frees 12 bytes */
3645 sm_rpool_free(rpool);
3651 e->e_flags |= EF_INQUEUE;
3652 eatheader(e, requeueflag, true);
3655 queueup(e, false, false);
3657 /* do the delivery */
3658 sendall(e, SM_DELIVER);
3660 /* finish up and exit */
3662 finis(true, true, ExitStat);
3665 dropenvelope(e, true, false);
3666 sm_rpool_free(rpool);
3675 ** DOWORKLIST -- process a list of envelopes as work requests
3677 ** Similar to dowork(), except that after forking, it processes an
3678 ** envelope and its siblings, treating each envelope as a work request.
3681 ** el -- envelope to be processed including its siblings.
3682 ** forkflag -- if set, run this in background.
3683 ** requeueflag -- if set, reinstantiate the queue quickly.
3684 ** This is used when expanding aliases in the queue.
3685 ** If forkflag is also set, it doesn't wait for the
3689 ** process id of process that is running the queue job.
3692 ** The work request is satisfied if possible.
3696 doworklist(el, forkflag, requeueflag)
3705 sm_dprintf("doworklist()\n");
3714 ** Since the delivery may happen in a child and the
3715 ** parent does not wait, the parent may close the
3716 ** maps thereby removing any shared memory used by
3717 ** the map. Therefore, close the maps now so the
3718 ** child will dynamically open them if necessary.
3726 syserr("doworklist: cannot fork");
3731 /* parent -- clean out connection cache */
3732 mci_flush(false, NULL);
3737 ** Initialize exception stack and default exception
3738 ** handler for child process.
3741 /* Reset global flags */
3742 RestartRequest = NULL;
3743 RestartWorkGroup = false;
3744 ShutdownRequest = NULL;
3746 CurrentPid = getpid();
3747 sm_exc_newthread(fatal_error);
3750 ** See note above about SMTP processes and SIGCHLD.
3753 if (OpMode == MD_SMTP ||
3754 OpMode == MD_DAEMON ||
3755 MaxQueueChildren > 0)
3758 sm_releasesignal(SIGCHLD);
3759 (void) sm_signal(SIGCHLD, SIG_DFL);
3762 /* child -- error messages to the transcript */
3763 QuickAbort = OnlyOneError = false;
3776 ** Lock the control file to avoid duplicate deliveries.
3777 ** Then run the file as though we had just read it.
3778 ** We save an idea of the temporary name so we
3779 ** can recover on interrupt.
3784 /* Reset global flags */
3785 RestartRequest = NULL;
3786 RestartWorkGroup = false;
3787 ShutdownRequest = NULL;
3791 /* set basic modes, etc. */
3794 GrabTo = UseErrorsTo = false;
3799 set_op_mode(MD_QUEUERUN);
3802 sm_syslog(LOG_DEBUG, el->e_id, "doworklist, pid=%d",
3805 for (ei = el; ei != NULL; ei = ei->e_sibling)
3810 if (WILL_BE_QUEUED(ei->e_sendmode))
3812 else if (QueueMode != QM_QUARANTINE &&
3813 ei->e_quarmsg != NULL)
3816 rpool = sm_rpool_new_x(NULL);
3817 clearenvelope(&e, true, rpool);
3818 e.e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
3819 set_delivery_mode(SM_DELIVER, &e);
3820 e.e_errormode = EM_MAIL;
3822 e.e_qgrp = ei->e_qgrp;
3823 e.e_qdir = ei->e_qdir;
3825 sm_setproctitle(true, &e, "%s from queue", qid_printname(&e));
3827 /* don't use the headers from sendmail.cf... */
3831 /* read the queue control file -- return if locked */
3832 if (readqf(&e, false))
3834 e.e_flags |= EF_INQUEUE;
3835 eatheader(&e, requeueflag, true);
3838 queueup(&e, false, false);
3840 /* do the delivery */
3841 sendall(&e, SM_DELIVER);
3842 dropenvelope(&e, true, false);
3846 if (tTd(40, 4) && e.e_id != NULL)
3847 sm_dprintf("readqf(%s) failed\n",
3850 sm_rpool_free(rpool);
3854 /* restore CurEnv */
3857 /* finish up and exit */
3859 finis(true, true, ExitStat);
3863 ** READQF -- read queue file and set up environment.
3866 ** e -- the envelope of the job to run.
3867 ** openonly -- only open the qf (returned as e_lockfp)
3870 ** true if it successfully read the queue file.
3874 ** The queue file is returned locked.
3879 register ENVELOPE *e;
3882 register SM_FILE_T *qfp;
3884 struct stat st, stf;
3891 bool nomore = false;
3895 char qf[MAXPATHLEN];
3899 ** Read and process the file.
3902 (void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), sizeof qf);
3903 qfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDWR_B, NULL);
3906 int save_errno = errno;
3909 sm_dprintf("readqf(%s): sm_io_open failure (%s)\n",
3910 qf, sm_errstring(errno));
3914 syserr("readqf: no control file %s", qf);
3919 if (!lockfile(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), qf, NULL,
3922 /* being processed by another queuer */
3924 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
3925 "%s: locked\n", e->e_id);
3927 sm_dprintf("%s: locked\n", e->e_id);
3929 sm_syslog(LOG_DEBUG, e->e_id, "locked");
3930 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
3938 ** Prevent locking race condition.
3940 ** Process A: readqf(): qfp = fopen(qffile)
3941 ** Process B: queueup(): rename(tf, qf)
3942 ** Process B: unlocks(tf)
3943 ** Process A: lockfile(qf);
3945 ** Process A (us) has the old qf file (before the rename deleted
3946 ** the directory entry) and will be delivering based on old data.
3947 ** This can lead to multiple deliveries of the same recipients.
3949 ** Catch this by checking if the underlying qf file has changed
3950 ** *after* acquiring our lock and if so, act as though the file
3951 ** was still locked (i.e., just return like the lockfile() case
3955 if (stat(qf, &stf) < 0 ||
3956 fstat(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), &st) < 0)
3958 /* must have been being processed by someone else */
3960 sm_dprintf("readqf(%s): [f]stat failure (%s)\n",
3961 qf, sm_errstring(errno));
3962 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
3966 if (st.st_nlink != stf.st_nlink ||
3967 st.st_dev != stf.st_dev ||
3968 ST_INODE(st) != ST_INODE(stf) ||
3969 #if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
3970 st.st_gen != stf.st_gen ||
3971 #endif /* HAS_ST_GEN && 0 */
3972 st.st_uid != stf.st_uid ||
3973 st.st_gid != stf.st_gid ||
3974 st.st_size != stf.st_size)
3976 /* changed after opened */
3978 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
3979 "%s: changed\n", e->e_id);
3981 sm_dprintf("%s: changed\n", e->e_id);
3983 sm_syslog(LOG_DEBUG, e->e_id, "changed");
3984 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
3989 ** Check the queue file for plausibility to avoid attacks.
3992 qsafe = S_IWOTH|S_IWGRP;
3993 if (bitset(S_IWGRP, QueueFileMode))
3996 bogus = st.st_uid != geteuid() &&
3997 st.st_uid != TrustedUid &&
3998 geteuid() != RealUid;
4001 ** If this qf file results from a set-group-ID binary, then
4002 ** we check whether the directory is group-writable,
4003 ** the queue file mode contains the group-writable bit, and
4004 ** the groups are the same.
4005 ** Notice: this requires that the set-group-ID binary is used to
4009 if (bogus && st.st_gid == getegid() && UseMSP)
4014 bp = SM_LAST_DIR_DELIM(qf);
4022 if (stat(delim == '\0' ? "." : qf, &dst) < 0)
4023 syserr("readqf: cannot stat directory %s",
4024 delim == '\0' ? "." : qf);
4027 bogus = !(bitset(S_IWGRP, QueueFileMode) &&
4028 bitset(S_IWGRP, dst.st_mode) &&
4029 dst.st_gid == st.st_gid);
4035 bogus = bitset(qsafe, st.st_mode);
4040 sm_syslog(LOG_ALERT, e->e_id,
4041 "bogus queue file, uid=%d, gid=%d, mode=%o",
4042 st.st_uid, st.st_gid, st.st_mode);
4045 sm_dprintf("readqf(%s): bogus file\n", qf);
4046 e->e_flags |= EF_INQUEUE;
4048 loseqfile(e, "bogus file uid/gid in mqueue");
4049 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4053 if (st.st_size == 0)
4055 /* must be a bogus file -- if also old, just remove it */
4056 if (!openonly && st.st_ctime + 10 * 60 < curtime())
4058 (void) xunlink(queuename(e, DATAFL_LETTER));
4059 (void) xunlink(queuename(e, ANYQFL_LETTER));
4061 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4065 if (st.st_nlink == 0)
4068 ** Race condition -- we got a file just as it was being
4069 ** unlinked. Just assume it is zero length.
4072 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4078 ** If we don't own the file mark it as unsafe.
4079 ** However, allow TrustedUser to own it as well
4080 ** in case TrustedUser manipulates the queue.
4083 if (st.st_uid != geteuid() && st.st_uid != TrustedUid)
4084 e->e_flags |= EF_UNSAFE;
4085 #else /* _FFR_TRUSTED_QF */
4086 /* If we don't own the file mark it as unsafe */
4087 if (st.st_uid != geteuid())
4088 e->e_flags |= EF_UNSAFE;
4089 #endif /* _FFR_TRUSTED_QF */
4091 /* good file -- save this lock */
4094 /* Just wanted the open file */
4098 /* do basic system initialization */
4100 macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
4103 e->e_flags |= EF_GLOBALERRS;
4104 set_op_mode(MD_QUEUERUN);
4106 e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
4107 e->e_dfqgrp = e->e_qgrp;
4108 e->e_dfqdir = e->e_qdir;
4109 #if _FFR_QUEUE_MACRO
4110 macdefine(&e->e_macro, A_TEMP, macid("{queue}"),
4111 qid_printqueue(e->e_qgrp, e->e_qdir));
4112 #endif /* _FFR_QUEUE_MACRO */
4115 while ((bp = fgetfolded(buf, sizeof buf, qfp)) != NULL)
4117 unsigned long qflags;
4124 sm_dprintf("+++++ %s\n", bp);
4129 syserr("SECURITY ALERT: extra or bogus data in queue file: %s",
4131 err = "bogus queue line";
4136 case 'A': /* AUTH= parameter */
4137 if (!xtextok(&bp[1]))
4139 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4142 case 'B': /* body type */
4143 r = check_bodytype(&bp[1]);
4144 if (!BODYTYPE_VALID(r))
4146 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4149 case 'C': /* specify controlling user */
4150 ctladdr = setctluser(&bp[1], qfver, e);
4153 case 'D': /* data file name */
4154 /* obsolete -- ignore */
4157 case 'd': /* data file directory name */
4161 #if _FFR_MSP_PARANOIA
4162 /* forbid queue groups in MSP? */
4165 #endif /* _FFR_MSP_PARANOIA */
4167 qgrp < NumQueue && Queue[qgrp] != NULL;
4171 qdir < Queue[qgrp]->qg_numqueues;
4175 Queue[qgrp]->qg_qpaths[qdir].qp_name)
4184 err = "bogus queue file directory";
4190 case 'E': /* specify error recipient */
4191 /* no longer used */
4194 case 'F': /* flag bits */
4195 if (strncmp(bp, "From ", 5) == 0)
4197 /* we are being spoofed! */
4198 syserr("SECURITY ALERT: bogus qf line %s", bp);
4199 err = "bogus queue line";
4202 for (p = &bp[1]; *p != '\0'; p++)
4206 case '8': /* has 8 bit data */
4207 e->e_flags |= EF_HAS8BIT;
4210 case 'b': /* delete Bcc: header */
4211 e->e_flags |= EF_DELETE_BCC;
4214 case 'd': /* envelope has DSN RET= */
4215 e->e_flags |= EF_RET_PARAM;
4218 case 'n': /* don't return body */
4219 e->e_flags |= EF_NO_BODY_RETN;
4222 case 'r': /* response */
4223 e->e_flags |= EF_RESPONSE;
4226 case 's': /* split */
4227 e->e_flags |= EF_SPLIT;
4230 case 'w': /* warning sent */
4231 e->e_flags |= EF_WARNING;
4237 case 'q': /* quarantine reason */
4238 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4239 macdefine(&e->e_macro, A_PERM,
4240 macid("{quarantine}"), e->e_quarmsg);
4243 case 'H': /* header */
4246 ** count size before chompheader() destroys the line.
4247 ** this isn't accurate due to macro expansion, but
4248 ** better than before. "-3" to skip H?? at least.
4251 hdrsize += strlen(bp) - 3;
4252 (void) chompheader(&bp[1], CHHDR_QUEUE, NULL, e);
4255 case 'I': /* data file's inode number */
4256 /* regenerated below */
4259 case 'K': /* time of last delivery attempt */
4260 e->e_dtime = atol(&buf[1]);
4263 case 'L': /* Solaris Content-Length: */
4264 case 'M': /* message */
4265 /* ignore this; we want a new message next time */
4268 case 'N': /* number of delivery attempts */
4269 e->e_ntries = atoi(&buf[1]);
4271 /* if this has been tried recently, let it be */
4273 if (e->e_ntries > 0 && e->e_dtime <= now &&
4274 now < e->e_dtime + MinQueueAge)
4278 howlong = pintvl(now - e->e_dtime, true);
4280 (void) sm_io_fprintf(smioout,
4282 "%s: too young (%s)\n",
4285 sm_dprintf("%s: too young (%s)\n",
4288 sm_syslog(LOG_DEBUG, e->e_id,
4295 macdefine(&e->e_macro, A_TEMP,
4296 macid("{ntries}"), &buf[1]);
4299 /* adjust BIND parameters immediately */
4300 if (e->e_ntries == 0)
4302 _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
4303 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
4307 _res.retry = TimeOuts.res_retry[RES_TO_NORMAL];
4308 _res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL];
4310 #endif /* NAMED_BIND */
4313 case 'P': /* message priority */
4314 e->e_msgpriority = atol(&bp[1]) + WkTimeFact;
4317 case 'Q': /* original recipient */
4318 orcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4321 case 'r': /* final recipient */
4322 frcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4325 case 'R': /* specify recipient */
4331 while (*++p != '\0' && *p != ':')
4336 qflags |= QHASNOTIFY;
4340 qflags |= QPINGONSUCCESS;
4344 qflags |= QPINGONFAILURE;
4348 qflags |= QPINGONDELAY;
4356 if (ctladdr != NULL)
4357 ctladdr->q_flags |= QALIAS;
4360 default: /* ignore or complain? */
4367 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
4370 q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0',
4376 /* make sure we keep the current qgrp */
4377 if (ISVALIDQGRP(e->e_qgrp))
4378 q->q_qgrp = e->e_qgrp;
4379 q->q_alias = ctladdr;
4381 q->q_flags &= ~Q_PINGFLAGS;
4382 q->q_flags |= qflags;
4383 q->q_finalrcpt = frcpt;
4385 (void) recipient(q, &e->e_sendqueue, 0, e);
4389 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
4393 case 'S': /* sender */
4394 setsender(sm_rpool_strdup_x(e->e_rpool, &bp[1]),
4395 e, NULL, '\0', true);
4398 case 'T': /* init time */
4399 e->e_ctime = atol(&bp[1]);
4402 case 'V': /* queue file version number */
4403 qfver = atoi(&bp[1]);
4404 if (qfver <= QF_VERSION)
4406 syserr("Version number in queue file (%d) greater than max (%d)",
4408 err = "unsupported queue file version";
4413 case 'Z': /* original envelope id from ESMTP */
4414 e->e_envid = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
4415 macdefine(&e->e_macro, A_PERM,
4416 macid("{dsn_envid}"), e->e_envid);
4419 case '!': /* deliver by */
4421 /* format: flag (1 char) space long-integer */
4422 e->e_dlvr_flag = buf[1];
4423 e->e_deliver_by = strtol(&buf[3], NULL, 10);
4425 case '$': /* define macro */
4429 /* XXX elimate p? */
4430 r = macid_parse(&bp[1], &ep);
4433 p = sm_rpool_strdup_x(e->e_rpool, ep);
4434 macdefine(&e->e_macro, A_PERM, r, p);
4438 case '.': /* terminate file */
4447 ** Maintain backward compatibility for
4448 ** users who defined _FFR_QUEUEDELAY in
4449 ** previous releases. Remove this
4450 ** code in 8.14 or 8.15.
4453 if (qfver == 5 || qfver == 7)
4456 /* If not qfver 5 or 7, then 'G' or 'Y' is invalid */
4458 #endif /* _FFR_QUEUEDELAY */
4461 syserr("readqf: %s: line %d: bad line \"%s\"",
4462 qf, LineNumber, shortenstring(bp, MAXSHORTSTR));
4463 err = "unrecognized line";
4468 sm_free(bp); /* XXX */
4472 ** If we haven't read any lines, this queue file is empty.
4473 ** Arrange to remove it without referencing any null pointers.
4476 if (LineNumber == 0)
4479 e->e_flags |= EF_CLRQUEUE|EF_FATALERRS|EF_RESPONSE;
4483 /* Check to make sure we have a complete queue file read */
4486 syserr("readqf: %s: incomplete queue file read", qf);
4487 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4491 /* possibly set ${dsn_ret} macro */
4492 if (bitset(EF_RET_PARAM, e->e_flags))
4494 if (bitset(EF_NO_BODY_RETN, e->e_flags))
4495 macdefine(&e->e_macro, A_PERM,
4496 macid("{dsn_ret}"), "hdrs");
4498 macdefine(&e->e_macro, A_PERM,
4499 macid("{dsn_ret}"), "full");
4503 ** Arrange to read the data file.
4506 p = queuename(e, DATAFL_LETTER);
4507 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, p, SM_IO_RDONLY_B,
4509 if (e->e_dfp == NULL)
4511 syserr("readqf: cannot open %s", p);
4515 e->e_flags |= EF_HAS_DF;
4516 if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &st)
4519 e->e_msgsize = st.st_size + hdrsize;
4520 e->e_dfdev = st.st_dev;
4521 e->e_dfino = ST_INODE(st);
4522 (void) sm_snprintf(buf, sizeof buf, "%ld",
4524 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"),
4533 ** There was some error reading the qf file (reason is in err var.)
4535 ** close file; clear e_lockfp since it is the same as qfp,
4536 ** hence it is invalid (as file) after qfp is closed;
4537 ** the qf file is on disk, so set the flag to avoid calling
4538 ** queueup() with bogus data.
4542 (void) sm_io_close(qfp, SM_TIME_DEFAULT);
4544 e->e_flags |= EF_INQUEUE;
4549 ** PRTSTR -- print a string, "unprintable" characters are shown as \oct
4552 ** s -- string to print
4553 ** ml -- maximum length of output
4556 ** number of entries
4559 ** Prints a string on stdout.
4571 while (ml-- > 0 && ((c = *s++) != '\0'))
4577 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4578 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4581 else if (isascii(c) && isprint(c))
4582 (void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
4586 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4587 "\\%03o", c & 0xFF);
4592 ** PRINTNQE -- print out number of entries in the mail queue
4595 ** out -- output file pointer.
4596 ** prefix -- string to output in front of each line.
4603 printnqe(out, prefix)
4608 int i, k = 0, nrequests = 0;
4609 bool unknown = false;
4611 if (ShmId == SM_SHM_NO_ID)
4614 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4615 "Data unavailable: shared memory not updated\n");
4617 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4618 "%sNOTCONFIGURED:-1\r\n", prefix);
4621 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
4626 for (j = 0; j < Queue[i]->qg_numqueues; j++)
4633 n = QSHM_ENTRIES(Queue[i]->qg_qpaths[j].qp_idx);
4635 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4637 prefix, qid_printqueue(i, j), n);
4640 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4641 "%s: unknown number of entries\n",
4642 qid_printqueue(i, j));
4647 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4649 qid_printqueue(i, j));
4653 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4655 qid_printqueue(i, j), n);
4661 if (prefix == NULL && k > 1)
4662 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4663 "\t\tTotal requests: %d%s\n",
4664 nrequests, unknown ? " (about)" : "");
4665 #else /* SM_CONF_SHM */
4667 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4668 "Data unavailable without shared memory support\n");
4670 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
4671 "%sNOTAVAILABLE:-1\r\n", prefix);
4672 #endif /* SM_CONF_SHM */
4675 ** PRINTQUEUE -- print out a representation of the mail queue
4684 ** Prints a listing of the mail queue on the standard output.
4690 int i, k = 0, nrequests = 0;
4692 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
4697 for (j = 0; j < Queue[i]->qg_numqueues; j++)
4701 nrequests += print_single_queue(i, j);
4706 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4707 "\t\tTotal requests: %d\n",
4711 ** PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue
4714 ** qgrp -- the index of the queue group.
4715 ** qdir -- the queue directory.
4718 ** number of requests in mail queue.
4721 ** Prints a listing of the mail queue on the standard output.
4725 print_single_queue(qgrp, qdir)
4732 char qd[MAXPATHLEN];
4733 char qddf[MAXPATHLEN];
4738 (void) sm_strlcpy(qd, ".", sizeof qd);
4739 (void) sm_strlcpy(qddf, ".", sizeof qddf);
4743 (void) sm_strlcpyn(qd, sizeof qd, 2,
4744 Queue[qgrp]->qg_qpaths[qdir].qp_name,
4746 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
4748 (void) sm_strlcpyn(qddf, sizeof qddf, 2,
4749 Queue[qgrp]->qg_qpaths[qdir].qp_name,
4751 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
4756 ** Check for permission to print the queue
4759 if (bitset(PRIV_RESTRICTMAILQ, PrivacyFlags) && RealUid != 0)
4764 extern GIDSET_T InitialGidSet[NGROUPS_MAX];
4765 #endif /* NGROUPS_MAX */
4767 if (stat(qd, &st) < 0)
4769 syserr("Cannot stat %s",
4770 qid_printqueue(qgrp, qdir));
4777 if (InitialGidSet[n] == st.st_gid)
4780 if (n < 0 && RealGid != st.st_gid)
4781 #else /* NGROUPS_MAX */
4782 if (RealGid != st.st_gid)
4783 #endif /* NGROUPS_MAX */
4785 usrerr("510 You are not permitted to see the queue");
4792 ** Read and order the queue.
4795 nrequests = gatherq(qgrp, qdir, true, NULL, NULL);
4796 (void) sortq(Queue[qgrp]->qg_maxlist);
4799 ** Print the work list that we have read.
4802 /* first see if there is anything */
4805 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s is empty\n",
4806 qid_printqueue(qgrp, qdir));
4810 sm_getla(); /* get load average */
4812 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\t\t%s (%d request%s",
4813 qid_printqueue(qgrp, qdir),
4814 nrequests, nrequests == 1 ? "" : "s");
4815 if (MaxQueueRun > 0 && nrequests > MaxQueueRun)
4816 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4817 ", only %d printed", MaxQueueRun);
4819 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4820 ")\n-----Q-ID----- --Size-- -Priority- ---Q-Time--- --------Sender/Recipient--------\n");
4822 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4823 ")\n-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------\n");
4824 for (w = WorkQ; w != NULL; w = w->w_next)
4827 auto time_t submittime = 0;
4831 char quarmsg[MAXLINE];
4832 char statmsg[MAXLINE];
4833 char bodytype[MAXNAME + 1];
4834 char qf[MAXPATHLEN];
4839 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%13s",
4841 (void) sm_strlcpyn(qf, sizeof qf, 3, qd, "/", w->w_name);
4842 f = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
4847 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4848 " (permission denied)\n");
4849 else if (errno == ENOENT)
4850 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4851 " (job completed)\n");
4853 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
4855 sm_errstring(errno));
4859 w->w_name[0] = DATAFL_LETTER;
4860 (void) sm_strlcpyn(qf, sizeof qf, 3, qddf, "/", w->w_name);
4861 if (stat(qf, &st) >= 0)
4862 dfsize = st.st_size;
4868 ** Maybe the df file can't be statted because
4869 ** it is in a different directory than the qf file.
4870 ** In order to find out, we must read the qf file.
4873 newenvelope(&e, &BlankEnvelope, sm_rpool_new_x(NULL));
4874 e.e_id = w->w_name + 2;
4878 if (readqf(&e, false))
4880 char *df = queuename(&e, DATAFL_LETTER);
4881 if (stat(df, &st) >= 0)
4882 dfsize = st.st_size;
4884 if (e.e_lockfp != NULL)
4886 (void) sm_io_close(e.e_lockfp, SM_TIME_DEFAULT);
4889 clearenvelope(&e, false, e.e_rpool);
4890 sm_rpool_free(e.e_rpool);
4893 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "*");
4894 else if (QueueMode == QM_LOST)
4895 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "?");
4896 else if (w->w_tooyoung)
4897 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "-");
4898 else if (shouldqueue(w->w_pri, w->w_ctime))
4899 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "X");
4901 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, " ");
4906 statmsg[0] = bodytype[0] = '\0';
4908 while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof buf) != NULL)
4919 case 'V': /* queue file version */
4920 qfver = atoi(&buf[1]);
4923 case 'M': /* error message */
4924 if ((i = strlen(&buf[1])) >= sizeof statmsg)
4925 i = sizeof statmsg - 1;
4926 memmove(statmsg, &buf[1], i);
4930 case 'q': /* quarantine reason */
4931 if ((i = strlen(&buf[1])) >= sizeof quarmsg)
4932 i = sizeof quarmsg - 1;
4933 memmove(quarmsg, &buf[1], i);
4937 case 'B': /* body type */
4938 if ((i = strlen(&buf[1])) >= sizeof bodytype)
4939 i = sizeof bodytype - 1;
4940 memmove(bodytype, &buf[1], i);
4944 case 'S': /* sender name */
4947 (void) sm_io_fprintf(smioout,
4949 "%8ld %10ld%c%.12s ",
4952 bitset(EF_WARNING, flags)
4954 ctime(&submittime) + 4);
4955 prtstr(&buf[1], 78);
4959 (void) sm_io_fprintf(smioout,
4963 ctime(&submittime));
4964 prtstr(&buf[1], 39);
4967 if (quarmsg[0] != '\0')
4969 (void) sm_io_fprintf(smioout,
4971 "\n QUARANTINE: %.*s",
4977 if (statmsg[0] != '\0' || bodytype[0] != '\0')
4979 (void) sm_io_fprintf(smioout,
4983 if (statmsg[0] != '\0')
4984 (void) sm_io_fprintf(smioout,
4993 case 'C': /* controlling user */
4995 (void) sm_io_fprintf(smioout,
4997 "\n\t\t\t\t\t\t(---%.64s---)",
5001 case 'R': /* recipient name */
5012 (void) sm_io_fprintf(smioout,
5019 (void) sm_io_fprintf(smioout,
5024 if (Verbose && statmsg[0] != '\0')
5026 (void) sm_io_fprintf(smioout,
5034 case 'T': /* creation time */
5035 submittime = atol(&buf[1]);
5038 case 'F': /* flag bits */
5039 for (p = &buf[1]; *p != '\0'; p++)
5044 flags |= EF_WARNING;
5050 if (submittime == (time_t) 0)
5051 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
5052 " (no control file)");
5053 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
5054 (void) sm_io_close(f, SM_TIME_DEFAULT);
5060 ** QUEUE_LETTER -- get the proper queue letter for the current QueueMode.
5063 ** e -- envelope to build it in/from.
5064 ** type -- the file type, used as the first character
5065 ** of the file name.
5068 ** the letter to use
5072 queue_letter(e, type)
5076 /* Change type according to QueueMode */
5077 if (type == ANYQFL_LETTER)
5079 if (e->e_quarmsg != NULL)
5080 type = QUARQF_LETTER;
5086 type = NORMQF_LETTER;
5090 type = QUARQF_LETTER;
5094 type = LOSEQF_LETTER;
5098 /* should never happen */
5108 ** QUEUENAME -- build a file name in the queue directory for this envelope.
5111 ** e -- envelope to build it in/from.
5112 ** type -- the file type, used as the first character
5113 ** of the file name.
5116 ** a pointer to the queue name (in a static buffer).
5119 ** If no id code is already assigned, queuename() will
5120 ** assign an id code with assign_queueid(). If no queue
5121 ** directory is assigned, one will be set with setnewqueue().
5126 register ENVELOPE *e;
5132 static char buf[MAXPATHLEN];
5134 /* Assign an ID if needed */
5135 if (e->e_id == NULL)
5137 type = queue_letter(e, type);
5139 /* begin of filename */
5140 pref[0] = (char) type;
5144 /* Assign a queue group/directory if needed */
5145 if (type == XSCRPT_LETTER)
5148 ** We don't want to call setnewqueue() if we are fetching
5149 ** the pathname of the transcript file, because setnewqueue
5150 ** chooses a queue, and sometimes we need to write to the
5151 ** transcript file before we have gathered enough information
5152 ** to choose a queue.
5155 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
5157 if (e->e_qgrp != NOQGRP && e->e_qdir != NOQDIR)
5159 e->e_xfqgrp = e->e_qgrp;
5160 e->e_xfqdir = e->e_qdir;
5165 if (Queue[e->e_xfqgrp]->qg_numqueues <= 1)
5169 e->e_xfqdir = get_rand_mod(
5170 Queue[e->e_xfqgrp]->qg_numqueues);
5179 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
5181 if (type == DATAFL_LETTER)
5193 /* xf files always have a valid qd and qg picked above */
5194 if (e->e_qdir == NOQDIR && type != XSCRPT_LETTER)
5195 (void) sm_strlcpyn(buf, sizeof buf, 2, pref, e->e_id);
5201 if (bitset(QP_SUBDF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5210 if (bitset(QP_SUBQF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5215 if (bitset(QP_SUBXF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
5220 sm_abort("queuename: bad queue file type %d", type);
5223 (void) sm_strlcpyn(buf, sizeof buf, 4,
5224 Queue[qg]->qg_qpaths[qd].qp_name,
5225 sub, pref, e->e_id);
5229 sm_dprintf("queuename: %s\n", buf);
5234 ** INIT_QID_ALG -- Initialize the (static) parameters that are used to
5235 ** generate a queue ID.
5237 ** This function is called by the daemon to reset
5238 ** LastQueueTime and LastQueuePid which are used by assign_queueid().
5239 ** Otherwise the algorithm may cause problems because
5240 ** LastQueueTime and LastQueuePid are set indirectly by main()
5241 ** before the daemon process is started, hence LastQueuePid is not
5242 ** the pid of the daemon and therefore a child of the daemon can
5243 ** actually have the same pid as LastQueuePid which means the section
5244 ** in assign_queueid():
5245 ** * see if we need to get a new base time/pid *
5246 ** is NOT triggered which will cause the same queue id to be generated.
5263 ** ASSIGN_QUEUEID -- assign a queue ID for this envelope.
5265 ** Assigns an id code if one does not already exist.
5266 ** This code assumes that nothing will remain in the queue for
5267 ** longer than 60 years. It is critical that files with the given
5268 ** name do not already exist in the queue.
5269 ** [No longer initializes e_qdir to NOQDIR.]
5272 ** e -- envelope to set it in.
5278 static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
5280 # define QIC_LEN_R 62
5283 ** Note: the length is "officially" 60 because minutes and seconds are
5284 ** usually only 0-59. However (Linux):
5285 ** tm_sec The number of seconds after the minute, normally in
5286 ** the range 0 to 59, but can be up to 61 to allow for
5288 ** Hence the real length of the string is 62 to take this into account.
5289 ** Alternatively % QIC_LEN can (should) be used for access everywhere.
5292 # define queuenextid() CurrentPid
5297 register ENVELOPE *e;
5299 pid_t pid = queuenextid();
5301 static long random_offset;
5303 char idbuf[MAXQFNAME - 2];
5306 if (e->e_id != NULL)
5309 /* see if we need to get a new base time/pid */
5310 if (cX >= QIC_LEN * QIC_LEN || LastQueueTime == 0 ||
5311 LastQueuePid != pid)
5313 time_t then = LastQueueTime;
5315 /* if the first time through, pick a random offset */
5316 if (LastQueueTime == 0)
5317 random_offset = get_random();
5319 while ((LastQueueTime = curtime()) == then &&
5320 LastQueuePid == pid)
5324 LastQueuePid = queuenextid();
5329 ** Generate a new sequence number between 0 and QIC_LEN*QIC_LEN-1.
5330 ** This lets us generate up to QIC_LEN*QIC_LEN unique queue ids
5331 ** per second, per process. With envelope splitting,
5332 ** a single message can consume many queue ids.
5335 seq = (int)((cX + random_offset) % (QIC_LEN * QIC_LEN));
5338 sm_dprintf("assign_queueid: random_offset = %ld (%d)\n",
5339 random_offset, seq);
5341 tm = gmtime(&LastQueueTime);
5342 idbuf[0] = QueueIdChars[tm->tm_year % QIC_LEN];
5343 idbuf[1] = QueueIdChars[tm->tm_mon];
5344 idbuf[2] = QueueIdChars[tm->tm_mday];
5345 idbuf[3] = QueueIdChars[tm->tm_hour];
5346 idbuf[4] = QueueIdChars[tm->tm_min % QIC_LEN_R];
5347 idbuf[5] = QueueIdChars[tm->tm_sec % QIC_LEN_R];
5348 idbuf[6] = QueueIdChars[seq / QIC_LEN];
5349 idbuf[7] = QueueIdChars[seq % QIC_LEN];
5350 (void) sm_snprintf(&idbuf[8], sizeof idbuf - 8, "%06d",
5351 (int) LastQueuePid);
5352 e->e_id = sm_rpool_strdup_x(e->e_rpool, idbuf);
5353 macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
5355 /* XXX: inherited from MainEnvelope */
5356 e->e_qgrp = NOQGRP; /* too early to do anything else */
5358 e->e_xfqgrp = NOQGRP;
5361 /* New ID means it's not on disk yet */
5362 e->e_qfletter = '\0';
5365 sm_dprintf("assign_queueid: assigned id %s, e=%p\n",
5368 sm_syslog(LOG_DEBUG, e->e_id, "assigned id");
5371 ** SYNC_QUEUE_TIME -- Assure exclusive PID in any given second
5373 ** Make sure one PID can't be used by two processes in any one second.
5375 ** If the system rotates PIDs fast enough, may get the
5376 ** same pid in the same second for two distinct processes.
5377 ** This will interfere with the queue file naming system.
5389 #if FAST_PID_RECYCLE
5390 if (OpMode != MD_TEST &&
5391 OpMode != MD_VERIFY &&
5392 LastQueueTime > 0 &&
5393 LastQueuePid == CurrentPid &&
5394 curtime() == LastQueueTime)
5396 #endif /* FAST_PID_RECYCLE */
5399 ** UNLOCKQUEUE -- unlock the queue entry for a specified envelope
5402 ** e -- the envelope to unlock.
5408 ** unlocks the queue for `e'.
5416 sm_dprintf("unlockqueue(%s)\n",
5417 e->e_id == NULL ? "NOQUEUE" : e->e_id);
5420 /* if there is a lock file in the envelope, close it */
5421 if (e->e_lockfp != NULL)
5422 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
5425 /* don't create a queue id if we don't already have one */
5426 if (e->e_id == NULL)
5429 /* remove the transcript */
5431 sm_syslog(LOG_DEBUG, e->e_id, "unlock");
5433 (void) xunlink(queuename(e, XSCRPT_LETTER));
5436 ** SETCTLUSER -- create a controlling address
5438 ** Create a fake "address" given only a local login name; this is
5439 ** used as a "controlling user" for future recipient addresses.
5442 ** user -- the user name of the controlling user.
5443 ** qfver -- the version stamp of this queue file.
5447 ** An address descriptor for the controlling user,
5448 ** using storage allocated from e->e_rpool.
5453 setctluser(user, qfver, e)
5458 register ADDRESS *a;
5463 ** See if this clears our concept of controlling user.
5466 if (user == NULL || *user == '\0')
5470 ** Set up addr fields for controlling user.
5473 a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof *a);
5474 memset((char *) a, '\0', sizeof *a);
5479 a->q_user = sm_rpool_strdup_x(e->e_rpool, p);
5483 p = strtok(user, ":");
5484 a->q_user = sm_rpool_strdup_x(e->e_rpool, user);
5487 if ((p = strtok(NULL, ":")) != NULL)
5489 if ((p = strtok(NULL, ":")) != NULL)
5491 if ((p = strtok(NULL, ":")) != NULL)
5495 a->q_flags |= QGOODUID;
5497 /* if there is another ':': restore it */
5498 if ((o = strtok(NULL, ":")) != NULL && o > p)
5502 else if ((pw = sm_getpwnam(user)) != NULL)
5504 if (*pw->pw_dir == '\0')
5506 else if (strcmp(pw->pw_dir, "/") == 0)
5509 a->q_home = sm_rpool_strdup_x(e->e_rpool, pw->pw_dir);
5510 a->q_uid = pw->pw_uid;
5511 a->q_gid = pw->pw_gid;
5512 a->q_flags |= QGOODUID;
5516 a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */
5517 a->q_mailer = LocalMailer;
5519 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_user);
5521 a->q_paddr = sm_rpool_strdup_x(e->e_rpool, p);
5525 ** LOSEQFILE -- rename queue file with LOSEQF_LETTER & try to let someone know
5528 ** e -- the envelope (e->e_id will be used).
5529 ** why -- reported to whomever can hear.
5537 register ENVELOPE *e;
5542 char buf[MAXPATHLEN];
5544 if (e == NULL || e->e_id == NULL)
5546 p = queuename(e, ANYQFL_LETTER);
5547 if (sm_strlcpy(buf, p, sizeof buf) >= sizeof buf)
5549 if (!bitset(EF_INQUEUE, e->e_flags))
5550 queueup(e, false, true);
5551 else if (QueueMode == QM_LOST)
5554 /* if already lost, no need to re-lose */
5557 p = queuename(e, LOSEQF_LETTER);
5558 if (rename(buf, p) < 0)
5559 syserr("cannot rename(%s, %s), uid=%d",
5560 buf, p, (int) geteuid());
5561 else if (LogLevel > 0)
5562 sm_syslog(LOG_ALERT, e->e_id,
5563 "Losing %s: %s", buf, why);
5565 if (e->e_dfp != NULL)
5567 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
5570 e->e_flags &= ~EF_HAS_DF;
5573 ** NAME2QID -- translate a queue group name to a queue group id
5576 ** queuename -- name of queue group.
5579 ** queue group id if found.
5580 ** NOQGRP otherwise.
5589 s = stab(queuename, ST_QUEUE, ST_FIND);
5592 return s->s_quegrp->qg_index;
5595 ** QID_PRINTNAME -- create externally printable version of queue id
5598 ** e -- the envelope.
5601 ** a printable version
5609 static char idbuf[MAXQFNAME + 34];
5614 if (e->e_id == NULL)
5619 if (e->e_qdir == NOQDIR)
5622 (void) sm_snprintf(idbuf, sizeof idbuf, "%.32s/%s",
5623 Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_name,
5628 ** QID_PRINTQUEUE -- create full version of queue directory for data files
5631 ** qgrp -- index in queue group.
5632 ** qdir -- the short version of the queue directory
5635 ** the full pathname to the queue (might point to a static var)
5639 qid_printqueue(qgrp, qdir)
5644 static char dir[MAXPATHLEN];
5647 return Queue[qgrp]->qg_qdir;
5649 if (strcmp(Queue[qgrp]->qg_qpaths[qdir].qp_name, ".") == 0)
5652 subdir = Queue[qgrp]->qg_qpaths[qdir].qp_name;
5654 (void) sm_strlcpyn(dir, sizeof dir, 4,
5655 Queue[qgrp]->qg_qdir,
5656 subdir == NULL ? "" : "/",
5657 subdir == NULL ? "" : subdir,
5659 Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
5665 ** PICKQDIR -- Pick a queue directory from a queue group
5668 ** qg -- queue group
5669 ** fsize -- file size in bytes
5670 ** e -- envelope, or NULL
5673 ** NOQDIR if no queue directory in qg has enough free space to
5674 ** hold a file of size 'fsize', otherwise the index of
5675 ** a randomly selected queue directory which resides on a
5676 ** file system with enough disk space.
5677 ** XXX This could be extended to select a queuedir with
5678 ** a few (the fewest?) number of entries. That data
5679 ** is available if shared memory is used.
5682 ** If the request fails and e != NULL then sm_syslog is called.
5686 pickqdir(qg, fsize, e)
5695 /* Pick a random directory, as a starting point. */
5696 if (qg->qg_numqueues <= 1)
5699 qdir = get_rand_mod(qg->qg_numqueues);
5701 if (MinBlocksFree <= 0 && fsize <= 0)
5705 ** Now iterate over the queue directories,
5706 ** looking for a directory with enough space for this message.
5712 QPATHS *qp = &qg->qg_qpaths[i];
5717 needed += fsize / FILE_SYS_BLKSIZE(qp->qp_fsysidx)
5718 + ((fsize % FILE_SYS_BLKSIZE(qp->qp_fsysidx)
5720 if (MinBlocksFree > 0)
5721 needed += MinBlocksFree;
5722 fsavail = FILE_SYS_AVAIL(qp->qp_fsysidx);
5729 ** might be not correctly updated,
5730 ** let's try to get the info directly.
5733 fsavail = freediskspace(FILE_SYS_NAME(qp->qp_fsysidx),
5738 #endif /* SM_CONF_SHM */
5739 if (needed <= fsavail)
5741 if (avail < fsavail)
5744 if (qg->qg_numqueues > 0)
5745 i = (i + 1) % qg->qg_numqueues;
5746 } while (i != qdir);
5748 if (e != NULL && LogLevel > 0)
5749 sm_syslog(LOG_ALERT, e->e_id,
5750 "low on space (%s needs %ld bytes + %ld blocks in %s), max avail: %ld",
5751 CurHostName == NULL ? "SMTP-DAEMON" : CurHostName,
5752 fsize, MinBlocksFree,
5753 qg->qg_qdir, avail);
5757 ** SETNEWQUEUE -- Sets a new queue group and directory
5759 ** Assign a queue group and directory to an envelope and store the
5760 ** directory in e->e_qdir.
5763 ** e -- envelope to assign a queue for.
5766 ** true if successful
5770 ** On success, e->e_qgrp and e->e_qdir are non-negative.
5771 ** On failure (not enough disk space),
5772 ** e->qgrp = NOQGRP, e->e_qdir = NOQDIR
5773 ** and usrerr() is invoked (which could raise an exception).
5781 sm_dprintf("setnewqueue: called\n");
5783 /* not set somewhere else */
5784 if (e->e_qgrp == NOQGRP)
5789 ** Use the queue group of the "first" recipient, as set by
5790 ** the "queuegroup" rule set. If that is not defined, then
5791 ** use the queue group of the mailer of the first recipient.
5792 ** If that is not defined either, then use the default
5794 ** Notice: "first" depends on the sorting of sendqueue
5796 ** To avoid problems with "bad" recipients look
5797 ** for a valid address first.
5802 (QS_IS_BADADDR(q->q_state) || QS_IS_DEAD(q->q_state)))
5808 else if (q->q_qgrp >= 0)
5809 e->e_qgrp = q->q_qgrp;
5810 else if (q->q_mailer != NULL &&
5811 ISVALIDQGRP(q->q_mailer->m_qgrp))
5812 e->e_qgrp = q->q_mailer->m_qgrp;
5815 e->e_dfqgrp = e->e_qgrp;
5818 if (ISVALIDQDIR(e->e_qdir) && ISVALIDQDIR(e->e_dfqdir))
5821 sm_dprintf("setnewqueue: e_qdir already assigned (%s)\n",
5822 qid_printqueue(e->e_qgrp, e->e_qdir));
5827 e->e_qdir = pickqdir(Queue[e->e_qgrp], e->e_msgsize, e);
5828 if (e->e_qdir == NOQDIR)
5831 if (!bitset(EF_FATALERRS, e->e_flags))
5832 usrerr("452 4.4.5 Insufficient disk space; try again later");
5833 e->e_flags |= EF_FATALERRS;
5838 sm_dprintf("setnewqueue: Assigned queue directory %s\n",
5839 qid_printqueue(e->e_qgrp, e->e_qdir));
5841 if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
5843 e->e_xfqgrp = e->e_qgrp;
5844 e->e_xfqdir = e->e_qdir;
5846 e->e_dfqdir = e->e_qdir;
5850 ** CHKQDIR -- check a queue directory
5853 ** name -- name of queue directory
5854 ** sff -- flags for safefile()
5857 ** is it a queue directory?
5868 /* skip over . and .. directories */
5869 if (name[0] == '.' &&
5870 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0')))
5873 if (lstat(name, &statb) < 0)
5874 #else /* HASLSTAT */
5875 if (stat(name, &statb) < 0)
5876 #endif /* HASLSTAT */
5879 sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
5880 name, sm_errstring(errno));
5884 if (S_ISLNK(statb.st_mode))
5887 ** For a symlink we need to make sure the
5888 ** target is a directory
5891 if (stat(name, &statb) < 0)
5894 sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
5895 name, sm_errstring(errno));
5899 #endif /* HASLSTAT */
5901 if (!S_ISDIR(statb.st_mode))
5904 sm_dprintf("chkqdir: \"%s\": Not a directory\n",
5909 /* Print a warning if unsafe (but still use it) */
5910 /* XXX do this only if we want the warning? */
5911 i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0);
5915 sm_dprintf("chkqdir: \"%s\": Not safe: %s\n",
5916 name, sm_errstring(i));
5919 sm_syslog(LOG_WARNING, NOQID,
5920 "queue directory \"%s\": Not safe: %s",
5921 name, sm_errstring(i));
5922 #endif /* _FFR_CHK_QUEUE */
5927 ** MULTIQUEUE_CACHE -- cache a list of paths to queues.
5929 ** Each potential queue is checked as the cache is built.
5930 ** Thereafter, each is blindly trusted.
5931 ** Note that we can be called again after a timeout to rebuild
5932 ** (although code for that is not ready yet).
5935 ** basedir -- base of all queue directories.
5936 ** blen -- strlen(basedir).
5937 ** qg -- queue group.
5938 ** qn -- number of queue directories already cached.
5939 ** phash -- pointer to hash value over queue dirs.
5941 ** only used if shared memory is active.
5942 #endif * SM_CONF_SHM *
5945 ** new number of queue directories.
5948 #define INITIAL_SLOTS 20
5949 #define ADD_SLOTS 10
5952 multiqueue_cache(basedir, blen, qg, qn, phash)
5957 unsigned int *phash;
5962 long sff = SFF_ANYFILE;
5963 char qpath[MAXPATHLEN];
5964 char subdir[MAXPATHLEN];
5965 char prefix[MAXPATHLEN]; /* dir relative to basedir */
5968 sm_dprintf("multiqueue_cache: called\n");
5970 /* Initialize to current directory */
5973 if (qg->qg_numqueues != 0 && qg->qg_qpaths != NULL)
5975 for (i = 0; i < qg->qg_numqueues; i++)
5977 if (qg->qg_qpaths[i].qp_name != NULL)
5978 (void) sm_free(qg->qg_qpaths[i].qp_name); /* XXX */
5980 (void) sm_free((char *) qg->qg_qpaths); /* XXX */
5981 qg->qg_qpaths = NULL;
5982 qg->qg_numqueues = 0;
5985 /* If running as root, allow safedirpath() checks to use privs */
5989 sff |= SFF_SAFEDIRPATH|SFF_NOWWFILES;
5991 sff |= SFF_NOGWFILES;
5992 #endif /* _FFR_CHK_QUEUE */
5994 if (!SM_IS_DIR_START(qg->qg_qdir))
5997 ** XXX we could add basedir, but then we have to realloc()
5998 ** the string... Maybe another time.
6001 syserr("QueuePath %s not absolute", qg->qg_qdir);
6002 ExitStat = EX_CONFIG;
6006 /* qpath: directory of current workgroup */
6007 len = sm_strlcpy(qpath, qg->qg_qdir, sizeof qpath);
6008 if (len >= sizeof qpath)
6010 syserr("QueuePath %.256s too long (%d max)",
6011 qg->qg_qdir, (int) sizeof qpath);
6012 ExitStat = EX_CONFIG;
6016 /* begin of qpath must be same as basedir */
6017 if (strncmp(basedir, qpath, blen) != 0 &&
6018 (strncmp(basedir, qpath, blen - 1) != 0 || len != blen - 1))
6020 syserr("QueuePath %s not subpath of QueueDirectory %s",
6022 ExitStat = EX_CONFIG;
6026 /* Do we have a nested subdirectory? */
6027 if (blen < len && SM_FIRST_DIR_DELIM(qg->qg_qdir + blen) != NULL)
6030 /* Copy subdirectory into prefix for later use */
6031 if (sm_strlcpy(prefix, qg->qg_qdir + blen, sizeof prefix) >=
6034 syserr("QueuePath %.256s too long (%d max)",
6035 qg->qg_qdir, (int) sizeof qpath);
6036 ExitStat = EX_CONFIG;
6039 cp = SM_LAST_DIR_DELIM(prefix);
6040 SM_ASSERT(cp != NULL);
6041 *cp = '\0'; /* cut off trailing / */
6044 /* This is guaranteed by the basedir check above */
6045 SM_ASSERT(len >= blen - 1);
6046 cp = &qpath[len - 1];
6050 register struct dirent *d;
6053 char relpath[MAXPATHLEN];
6055 *cp = '\0'; /* Overwrite wildcard */
6056 if ((cp = SM_LAST_DIR_DELIM(qpath)) == NULL)
6058 syserr("QueueDirectory: can not wildcard relative path");
6060 sm_dprintf("multiqueue_cache: \"%s*\": Can not wildcard relative path.\n",
6062 ExitStat = EX_CONFIG;
6068 ** Special case of top level wildcard, like /foo*
6072 (void) sm_strlcpy(qpath + 1, qpath, sizeof qpath - 1);
6076 *(cp++) = '\0'; /* Replace / with \0 */
6077 len = strlen(cp); /* Last component of queue directory */
6080 ** Path relative to basedir, with trailing /
6081 ** It will be modified below to specify the subdirectories
6082 ** so they can be opened without chdir().
6085 off = sm_strlcpyn(relpath, sizeof relpath, 2, prefix, "/");
6086 SM_ASSERT(off < sizeof relpath);
6089 sm_dprintf("multiqueue_cache: prefix=\"%s%s\"\n",
6092 /* It is always basedir: we don't need to store it per group */
6093 /* XXX: optimize this! -> one more global? */
6094 qg->qg_qdir = newstr(basedir);
6095 qg->qg_qdir[blen - 1] = '\0'; /* cut off trailing / */
6098 ** XXX Should probably wrap this whole loop in a timeout
6099 ** in case some wag decides to NFS mount the queues.
6102 /* Test path to get warning messages. */
6105 /* XXX qg_runasuid and qg_runasgid for specials? */
6106 i = safedirpath(basedir, RunAsUid, RunAsGid, NULL,
6108 if (i != 0 && tTd(41, 2))
6109 sm_dprintf("multiqueue_cache: \"%s\": Not safe: %s\n",
6110 basedir, sm_errstring(i));
6113 if ((dp = opendir(prefix)) == NULL)
6115 syserr("can not opendir(%s/%s)", qg->qg_qdir, prefix);
6117 sm_dprintf("multiqueue_cache: opendir(\"%s/%s\"): %s\n",
6118 qg->qg_qdir, prefix,
6119 sm_errstring(errno));
6120 ExitStat = EX_CONFIG;
6123 while ((d = readdir(dp)) != NULL)
6125 i = strlen(d->d_name);
6126 if (i < len || strncmp(d->d_name, cp, len) != 0)
6129 sm_dprintf("multiqueue_cache: \"%s\", skipped\n",
6134 /* Create relative pathname: prefix + local directory */
6135 i = sizeof(relpath) - off;
6136 if (sm_strlcpy(relpath + off, d->d_name, i) >= i)
6137 continue; /* way too long */
6139 if (!chkqdir(relpath, sff))
6142 if (qg->qg_qpaths == NULL)
6144 slotsleft = INITIAL_SLOTS;
6145 qg->qg_qpaths = (QPATHS *)xalloc((sizeof *qg->qg_qpaths) *
6147 qg->qg_numqueues = 0;
6149 else if (slotsleft < 1)
6151 qg->qg_qpaths = (QPATHS *)sm_realloc((char *)qg->qg_qpaths,
6152 (sizeof *qg->qg_qpaths) *
6155 if (qg->qg_qpaths == NULL)
6157 (void) closedir(dp);
6160 slotsleft += ADD_SLOTS;
6164 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs = QP_NOSUB;
6166 #define CHKRSUBDIR(name, flag) \
6167 (void) sm_strlcpyn(subdir, sizeof subdir, 3, relpath, "/", name); \
6168 if (chkqdir(subdir, sff)) \
6169 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs |= flag; \
6173 CHKRSUBDIR("qf", QP_SUBQF);
6174 CHKRSUBDIR("df", QP_SUBDF);
6175 CHKRSUBDIR("xf", QP_SUBXF);
6177 /* assert(strlen(d->d_name) < MAXPATHLEN - 14) */
6178 /* maybe even - 17 (subdirs) */
6180 if (prefix[0] != '.')
6181 qg->qg_qpaths[qg->qg_numqueues].qp_name =
6184 qg->qg_qpaths[qg->qg_numqueues].qp_name =
6188 sm_dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n",
6189 qg->qg_numqueues, relpath,
6190 qg->qg_qpaths[qg->qg_numqueues].qp_subdirs);
6192 qg->qg_qpaths[qg->qg_numqueues].qp_idx = qn;
6193 *phash = hash_q(relpath, *phash);
6194 #endif /* SM_CONF_SHM */
6199 (void) closedir(dp);
6204 if (qg->qg_numqueues == 0)
6206 qg->qg_qpaths = (QPATHS *) xalloc(sizeof *qg->qg_qpaths);
6208 /* test path to get warning messages */
6209 i = safedirpath(qpath, RunAsUid, RunAsGid, NULL, sff, 0, 0);
6212 syserr("can not opendir(%s)", qpath);
6214 sm_dprintf("multiqueue_cache: opendir(\"%s\"): %s\n",
6215 qpath, sm_errstring(i));
6216 ExitStat = EX_CONFIG;
6220 qg->qg_qpaths[0].qp_subdirs = QP_NOSUB;
6221 qg->qg_numqueues = 1;
6224 #define CHKSUBDIR(name, flag) \
6225 (void) sm_strlcpyn(subdir, sizeof subdir, 3, qg->qg_qdir, "/", name); \
6226 if (chkqdir(subdir, sff)) \
6227 qg->qg_qpaths[0].qp_subdirs |= flag; \
6230 CHKSUBDIR("qf", QP_SUBQF);
6231 CHKSUBDIR("df", QP_SUBDF);
6232 CHKSUBDIR("xf", QP_SUBXF);
6234 if (qg->qg_qdir[blen - 1] != '\0' &&
6235 qg->qg_qdir[blen] != '\0')
6238 ** Copy the last component into qpaths and
6242 qg->qg_qpaths[0].qp_name = newstr(qg->qg_qdir + blen);
6243 qg->qg_qdir[blen - 1] = '\0';
6246 qg->qg_qpaths[0].qp_name = newstr(".");
6249 qg->qg_qpaths[0].qp_idx = qn;
6250 *phash = hash_q(qg->qg_qpaths[0].qp_name, *phash);
6251 #endif /* SM_CONF_SHM */
6258 ** FILESYS_FIND -- find entry in FileSys table, or add new one
6260 ** Given the pathname of a directory, determine the file system
6261 ** in which that directory resides, and return a pointer to the
6262 ** entry in the FileSys table that describes the file system.
6263 ** A new entry is added if necessary (and requested).
6264 ** If the directory does not exist, -1 is returned.
6267 ** path -- pathname of directory
6268 ** add -- add to structure if not found.
6271 ** >=0: found: index in file system table
6272 ** <0: some error, i.e.,
6273 ** FSF_TOO_MANY: too many filesystems (-> syserr())
6274 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
6275 ** FSF_NOT_FOUND: not in list
6278 static short filesys_find __P((char *, bool));
6280 #define FSF_NOT_FOUND (-1)
6281 #define FSF_STAT_FAIL (-2)
6282 #define FSF_TOO_MANY (-3)
6285 filesys_find(path, add)
6292 if (stat(path, &st) < 0)
6294 syserr("cannot stat queue directory %s", path);
6295 return FSF_STAT_FAIL;
6297 for (i = 0; i < NumFileSys; ++i)
6299 if (FILE_SYS_DEV(i) == st.st_dev)
6302 if (i >= MAXFILESYS)
6304 syserr("too many queue file systems (%d max)", MAXFILESYS);
6305 return FSF_TOO_MANY;
6308 return FSF_NOT_FOUND;
6311 FILE_SYS_NAME(i) = path;
6312 FILE_SYS_DEV(i) = st.st_dev;
6313 FILE_SYS_AVAIL(i) = 0;
6314 FILE_SYS_BLKSIZE(i) = 1024; /* avoid divide by zero */
6319 ** FILESYS_SETUP -- set up mapping from queue directories to file systems
6321 ** This data structure is used to efficiently check the amount of
6322 ** free space available in a set of queue directories.
6325 ** add -- initialize structure if necessary.
6329 ** <0: some error, i.e.,
6330 ** FSF_NOT_FOUND: not in list
6331 ** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
6332 ** FSF_TOO_MANY: too many filesystems (-> syserr())
6335 static int filesys_setup __P((bool));
6346 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
6348 for (j = 0; j < Queue[i]->qg_numqueues; ++j)
6350 QPATHS *qp = &Queue[i]->qg_qpaths[j];
6352 fs = filesys_find(qp->qp_name, add);
6354 qp->qp_fsysidx = fs;
6365 ** FILESYS_UPDATE -- update amount of free space on all file systems
6367 ** The FileSys table is used to cache the amount of free space
6368 ** available on all queue directory file systems.
6369 ** This function updates the cached information if it has expired.
6378 ** Updates FileSys table.
6385 long avail, blksize;
6387 static time_t nextupdate = 0;
6390 /* only the daemon updates this structure */
6391 if (ShmId != SM_SHM_NO_ID && DaemonPid != CurrentPid)
6393 #endif /* SM_CONF_SHM */
6395 if (now < nextupdate)
6397 nextupdate = now + FILESYS_UPDATE_INTERVAL;
6398 for (i = 0; i < NumFileSys; ++i)
6400 FILESYS *fs = &FILE_SYS(i);
6402 avail = freediskspace(FILE_SYS_NAME(i), &blksize);
6403 if (avail < 0 || blksize <= 0)
6406 sm_syslog(LOG_ERR, NOQID,
6407 "filesys_update failed: %s, fs=%s, avail=%ld, blocksize=%ld",
6408 sm_errstring(errno),
6409 FILE_SYS_NAME(i), avail, blksize);
6411 fs->fs_blksize = 1024; /* avoid divide by zero */
6412 nextupdate = now + 2; /* let's do this soon again */
6416 fs->fs_avail = avail;
6417 fs->fs_blksize = blksize;
6422 #if _FFR_ANY_FREE_FS
6424 ** FILESYS_FREE -- check whether there is at least one fs with enough space.
6427 ** fsize -- file size in bytes
6430 ** true iff there is one fs with more than fsize bytes free.
6441 for (i = 0; i < NumFileSys; ++i)
6445 if (FILE_SYS_AVAIL(i) < 0 || FILE_SYS_BLKSIZE(i) <= 0)
6447 needed += fsize / FILE_SYS_BLKSIZE(i)
6448 + ((fsize % FILE_SYS_BLKSIZE(i)
6451 if (needed <= FILE_SYS_AVAIL(i))
6456 #endif /* _FFR_ANY_FREE_FS */
6458 #if _FFR_CONTROL_MSTAT
6460 ** DISK_STATUS -- show amount of free space in queue directories
6463 ** out -- output file pointer.
6464 ** prefix -- string to output in front of each line.
6471 disk_status(out, prefix)
6476 long avail, blksize;
6479 for (i = 0; i < NumFileSys; ++i)
6481 avail = freediskspace(FILE_SYS_NAME(i), &blksize);
6482 if (avail >= 0 && blksize > 0)
6484 free = (long)((double) avail *
6485 ((double) blksize / 1024));
6489 (void) sm_io_fprintf(out, SM_TIME_DEFAULT,
6496 #endif /* _FFR_CONTROL_MSTAT */
6500 ** UPD_QS -- update information about queue when adding/deleting an entry
6504 ** delete -- delete/add entry.
6505 ** avail -- update the space available as well.
6511 ** Modifies available space in filesystem.
6512 ** Changes number of entries in queue directory.
6516 upd_qs(e, delete, avail)
6525 if (ShmId == SM_SHM_NO_ID || e == NULL)
6527 if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
6529 idx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_idx;
6531 /* XXX in theory this needs to be protected with a mutex */
6532 if (QSHM_ENTRIES(idx) >= 0)
6535 --QSHM_ENTRIES(idx);
6537 ++QSHM_ENTRIES(idx);
6540 fidx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_fsysidx;
6544 /* update available space also? (might be loseqfile) */
6548 /* convert size to blocks; this causes rounding errors */
6549 s = e->e_msgsize / FILE_SYS_BLKSIZE(fidx);
6553 /* XXX in theory this needs to be protected with a mutex */
6555 FILE_SYS_AVAIL(fidx) += s;
6557 FILE_SYS_AVAIL(fidx) -= s;
6563 static bool write_key_file __P((char *, long));
6564 static long read_key_file __P((char *, long));
6567 ** WRITE_KEY_FILE -- record some key into a file.
6570 ** keypath -- file name.
6571 ** key -- key to write.
6574 ** true iff file could be written.
6581 write_key_file(keypath, key)
6590 if (keypath == NULL || *keypath == '\0')
6592 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
6593 if (TrustedUid != 0 && RealUid == TrustedUid)
6594 sff |= SFF_OPENASROOT;
6595 keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff);
6598 sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s",
6599 keypath, sm_errstring(errno));
6603 ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) !=
6605 ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok;
6611 ** READ_KEY_FILE -- read a key from a file.
6614 ** keypath -- file name.
6615 ** key -- default key.
6622 read_key_file(keypath, key)
6630 if (keypath == NULL || *keypath == '\0')
6632 sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY;
6633 if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid))
6634 sff |= SFF_OPENASROOT;
6635 keyf = safefopen(keypath, O_RDONLY, FileMode, sff);
6638 sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s",
6639 keypath, sm_errstring(errno));
6643 r = sm_io_fscanf(keyf, SM_TIME_DEFAULT, "%ld", &n);
6646 (void) sm_io_close(keyf, SM_TIME_DEFAULT);
6650 #endif /* _FFR_SELECT_SHM */
6653 ** INIT_SHM -- initialize shared memory structure
6655 ** Initialize or attach to shared memory segment.
6656 ** Currently it is not a fatal error if this doesn't work.
6657 ** However, it causes us to have a "fallback" storage location
6658 ** for everything that is supposed to be in the shared memory,
6659 ** which makes the code slightly ugly.
6662 ** qn -- number of queue directories.
6663 ** owner -- owner of shared memory.
6664 ** hash -- identifies data that is stored in shared memory.
6670 static void init_shm __P((int, bool, unsigned int));
6673 init_shm(qn, owner, hash)
6681 #endif /* _FFR_SELECT_SHM */
6683 PtrFileSys = &FileSys[0];
6684 PNumFileSys = &Numfilesys;
6686 /* if this "key" is specified: select one yourself */
6687 # define SEL_SHM_KEY ((key_t) -1)
6688 # define FIRST_SHM_KEY 25
6689 #endif /* _FFR_SELECT_SHM */
6691 /* This allows us to disable shared memory at runtime. */
6698 shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T);
6700 keyselect = ShmKey == SEL_SHM_KEY;
6704 ShmKey = FIRST_SHM_KEY;
6707 ShmKey = read_key_file(ShmKeyFile, ShmKey);
6709 if (ShmKey == SEL_SHM_KEY)
6713 #endif /* _FFR_SELECT_SHM */
6716 /* XXX: maybe allow read access for group? */
6717 Pshm = sm_shmstart(ShmKey, shms, SHM_R|SHM_W, &ShmId,
6720 if (Pshm != NULL || !sm_file_exists(save_errno))
6729 /* back where we started? */
6730 if (ShmKey == SEL_SHM_KEY)
6734 #endif /* _FFR_SELECT_SHM */
6738 /* only sleep if we are at the first key */
6739 if (!keyselect || ShmKey == SEL_SHM_KEY)
6740 #endif /* _FFR_SELECT_SHM */
6749 (void) write_key_file(ShmKeyFile, (long) ShmKey);
6750 #endif /* _FFR_SELECT_SHM */
6755 *((pid_t *) SHM_OFF_PID(Pshm)) = CurrentPid;
6756 p = (int *) SHM_OFF_TAG(Pshm);
6761 if (*p != (int) shms)
6763 save_errno = EINVAL;
6767 p = (int *) SHM_OFF_TAG(Pshm);
6768 if (*p != (int) hash)
6770 save_errno = EINVAL;
6776 ** XXX how to check the pid?
6777 ** Read it from the pid-file? That does
6778 ** not need to exist.
6779 ** We could disable shm if we can't confirm
6780 ** that it is the right one.
6784 PtrFileSys = (FILESYS *) OFF_FILE_SYS(Pshm);
6785 PNumFileSys = (int *) OFF_NUM_FILE_SYS(Pshm);
6786 QShm = (QUEUE_SHM_T *) OFF_QUEUE_SHM(Pshm);
6787 PRSATmpCnt = (int *) OFF_RSA_TMP_CNT(Pshm);
6791 /* initialize values in shared memory */
6793 for (i = 0; i < qn; i++)
6794 QShm[i].qs_entries = -1;
6799 if (LogLevel > (owner ? 8 : 11))
6801 sm_syslog(owner ? LOG_ERR : LOG_NOTICE, NOQID,
6802 "can't %s shared memory, key=%ld: %s",
6803 owner ? "initialize" : "attach to",
6804 (long) ShmKey, sm_errstring(save_errno));
6808 #endif /* SM_CONF_SHM */
6812 ** SETUP_QUEUES -- setup all queue groups
6815 ** owner -- owner of shared memory.
6822 ** attaches shared memory.
6823 #endif * SM_CONF_SHM *
6831 unsigned int hashval;
6833 char basedir[MAXPATHLEN];
6837 ** Determine basedir for all queue directories.
6838 ** All queue directories must be (first level) subdirectories
6839 ** of the basedir. The basedir is the QueueDir
6840 ** without wildcards, but with trailing /
6845 len = sm_strlcpy(basedir, QueueDir, sizeof basedir);
6847 /* Provide space for trailing '/' */
6848 if (len >= sizeof basedir - 1)
6850 syserr("QueueDirectory: path too long: %d, max %d",
6851 len, (int) sizeof basedir - 1);
6852 ExitStat = EX_CONFIG;
6856 if (basedir[len - 1] == '*')
6860 cp = SM_LAST_DIR_DELIM(basedir);
6863 syserr("QueueDirectory: can not wildcard relative path \"%s\"",
6866 sm_dprintf("setup_queues: \"%s\": Can not wildcard relative path.\n",
6868 ExitStat = EX_CONFIG;
6872 /* cut off wildcard pattern */
6876 else if (!SM_IS_DIR_DELIM(basedir[len - 1]))
6878 /* append trailing slash since it is a directory */
6880 basedir[++len] = '\0';
6883 /* len counts up to the last directory delimiter */
6884 SM_ASSERT(basedir[len - 1] == '/');
6886 if (chdir(basedir) < 0)
6888 int save_errno = errno;
6890 syserr("can not chdir(%s)", basedir);
6891 if (save_errno == EACCES)
6892 (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
6893 "Program mode requires special privileges, e.g., root or TrustedUser.\n");
6895 sm_dprintf("setup_queues: \"%s\": %s\n",
6896 basedir, sm_errstring(errno));
6897 ExitStat = EX_CONFIG;
6901 hashval = hash_q(basedir, hashval);
6902 #endif /* SM_CONF_SHM */
6904 /* initialize for queue runs */
6907 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
6908 Queue[i]->qg_nextrun = now;
6911 if (UseMSP && OpMode != MD_TEST)
6913 long sff = SFF_CREAT;
6915 if (stat(".", &st) < 0)
6917 syserr("can not stat(%s)", basedir);
6919 sm_dprintf("setup_queues: \"%s\": %s\n",
6920 basedir, sm_errstring(errno));
6921 ExitStat = EX_CONFIG;
6928 ** Check queue directory permissions.
6929 ** Can we write to a group writable queue directory?
6932 if (bitset(S_IWGRP, QueueFileMode) &&
6933 bitset(S_IWGRP, st.st_mode) &&
6934 safefile(" ", RunAsUid, RunAsGid, RunAsUserName, sff,
6935 QueueFileMode, NULL) != 0)
6937 syserr("can not write to queue directory %s (RunAsGid=%d, required=%d)",
6938 basedir, (int) RunAsGid, (int) st.st_gid);
6940 if (bitset(S_IWOTH|S_IXOTH, st.st_mode))
6942 #if _FFR_MSP_PARANOIA
6943 syserr("dangerous permissions=%o on queue directory %s",
6944 (int) st.st_mode, basedir);
6945 #else /* _FFR_MSP_PARANOIA */
6947 sm_syslog(LOG_ERR, NOQID,
6948 "dangerous permissions=%o on queue directory %s",
6949 (int) st.st_mode, basedir);
6950 #endif /* _FFR_MSP_PARANOIA */
6952 #if _FFR_MSP_PARANOIA
6954 syserr("can not use multiple queues for MSP");
6955 #endif /* _FFR_MSP_PARANOIA */
6958 /* initial number of queue directories */
6960 for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
6961 qn = multiqueue_cache(basedir, len, Queue[i], qn, &hashval);
6964 init_shm(qn, owner, hashval);
6965 i = filesys_setup(owner || ShmId == SM_SHM_NO_ID);
6966 if (i == FSF_NOT_FOUND)
6969 ** We didn't get the right filesystem data
6970 ** This may happen if we don't have the right shared memory.
6971 ** So let's do this without shared memory.
6975 cleanup_shm(false); /* release shared memory */
6976 i = filesys_setup(false);
6978 syserr("filesys_setup failed twice, result=%d", i);
6979 else if (LogLevel > 8)
6980 sm_syslog(LOG_WARNING, NOQID,
6981 "shared memory does not contain expected data, ignored");
6983 #else /* SM_CONF_SHM */
6984 i = filesys_setup(true);
6985 #endif /* SM_CONF_SHM */
6987 ExitStat = EX_CONFIG;
6992 ** CLEANUP_SHM -- do some cleanup work for shared memory etc
6995 ** owner -- owner of shared memory?
7001 ** detaches shared memory.
7008 if (ShmId != SM_SHM_NO_ID)
7010 if (sm_shmstop(Pshm, ShmId, owner) < 0 && LogLevel > 8)
7011 sm_syslog(LOG_INFO, NOQID, "sm_shmstop failed=%s",
7012 sm_errstring(errno));
7014 ShmId = SM_SHM_NO_ID;
7017 #endif /* SM_CONF_SHM */
7020 ** CLEANUP_QUEUES -- do some cleanup work for queues
7036 ** SET_DEF_QUEUEVAL -- set default values for a queue group.
7039 ** qg -- queue group
7040 ** all -- set all values (true for default group)?
7046 ** sets default values for the queue group.
7050 set_def_queueval(qg, all)
7054 if (bitnset(QD_DEFINED, qg->qg_flags))
7057 qg->qg_qdir = QueueDir;
7058 #if _FFR_QUEUE_GROUP_SORTORDER
7059 qg->qg_sortorder = QueueSortOrder;
7060 #endif /* _FFR_QUEUE_GROUP_SORTORDER */
7061 qg->qg_maxqrun = all ? MaxRunnersPerQueue : -1;
7062 qg->qg_nice = NiceQueueRun;
7065 ** MAKEQUEUE -- define a new queue.
7068 ** line -- description of queue. This is in labeled fields.
7070 ** F -- the flags associated with the queue
7071 ** I -- the interval between running the queue
7072 ** J -- the maximum # of jobs in work list
7073 ** [M -- the maximum # of jobs in a queue run]
7074 ** N -- the niceness at which to run
7075 ** P -- the path to the queue
7076 ** S -- the queue sorting order
7077 ** R -- number of parallel queue runners
7078 ** r -- max recipients per envelope
7079 ** The first word is the canonical name of the queue.
7080 ** qdef -- this is a 'Q' definition from .cf
7086 ** enters the queue into the queue table.
7090 makequeue(line, qdef)
7095 register QUEUEGRP *qg;
7100 /* allocate a queue and set up defaults */
7101 qg = (QUEUEGRP *) xalloc(sizeof *qg);
7102 memset((char *) qg, '\0', sizeof *qg);
7104 if (line[0] == '\0')
7106 syserr("name required for queue");
7110 /* collect the queue name */
7112 *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
7117 qg->qg_name = newstr(line);
7119 /* set default values, can be overridden below */
7120 set_def_queueval(qg, false);
7122 /* now scan through and assign info from the fields */
7125 auto char *delimptr;
7127 while (*p != '\0' &&
7128 (*p == ',' || (isascii(*p) && isspace(*p))))
7131 /* p now points to field code */
7133 while (*p != '\0' && *p != '=' && *p != ',')
7137 syserr("queue %s: `=' expected", qg->qg_name);
7140 while (isascii(*p) && isspace(*p))
7143 /* p now points to the field body */
7144 p = munchstring(p, &delimptr, ',');
7146 /* install the field into the queue struct */
7149 case 'P': /* pathname */
7151 syserr("queue %s: empty path name",
7154 qg->qg_qdir = newstr(p);
7157 case 'F': /* flags */
7158 for (; *p != '\0'; p++)
7159 if (!(isascii(*p) && isspace(*p)))
7160 setbitn(*p, qg->qg_flags);
7164 ** Do we need two intervals here:
7165 ** One for persistent queue runners,
7166 ** one for "normal" queue runs?
7169 case 'I': /* interval between running the queue */
7170 qg->qg_queueintvl = convtime(p, 'm');
7173 case 'N': /* run niceness */
7174 qg->qg_nice = atoi(p);
7177 case 'R': /* maximum # of runners for the group */
7180 /* can't have more runners than allowed total */
7181 if (MaxQueueChildren > 0 && i > MaxQueueChildren)
7183 qg->qg_maxqrun = MaxQueueChildren;
7184 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7185 "Q=%s: R=%d exceeds MaxQueueChildren=%d, set to MaxQueueChildren\n",
7193 case 'J': /* maximum # of jobs in work list */
7194 qg->qg_maxlist = atoi(p);
7197 case 'r': /* max recipients per envelope */
7198 qg->qg_maxrcpt = atoi(p);
7201 #if _FFR_QUEUE_GROUP_SORTORDER
7202 case 'S': /* queue sorting order */
7205 case 'h': /* Host first */
7207 qg->qg_sortorder = QSO_BYHOST;
7210 case 'p': /* Priority order */
7212 qg->qg_sortorder = QSO_BYPRIORITY;
7215 case 't': /* Submission time */
7217 qg->qg_sortorder = QSO_BYTIME;
7220 case 'f': /* File name */
7222 qg->qg_sortorder = QSO_BYFILENAME;
7225 case 'm': /* Modification time */
7227 qg->qg_sortorder = QSO_BYMODTIME;
7230 case 'r': /* Random */
7232 qg->qg_sortorder = QSO_RANDOM;
7236 case 's': /* Shuffled host name */
7238 qg->qg_sortorder = QSO_BYSHUFFLE;
7240 # endif /* _FFR_RHS */
7242 case 'n': /* none */
7244 qg->qg_sortorder = QSO_NONE;
7248 syserr("Invalid queue sort order \"%s\"", p);
7251 #endif /* _FFR_QUEUE_GROUP_SORTORDER */
7254 syserr("Q%s: unknown queue equate %c=",
7255 qg->qg_name, fcode);
7263 if (qg->qg_nice != NiceQueueRun)
7265 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7266 "Q%s: Warning: N= set on system that doesn't support nice()\n",
7269 #endif /* !HASNICE */
7271 /* do some rationality checking */
7272 if (NumQueue >= MAXQUEUEGROUPS)
7274 syserr("too many queue groups defined (%d max)",
7279 if (qg->qg_qdir == NULL)
7281 if (QueueDir == NULL || *QueueDir == '\0')
7283 syserr("QueueDir must be defined before queue groups");
7286 qg->qg_qdir = newstr(QueueDir);
7289 if (qg->qg_maxqrun > 1 && !bitnset(QD_FORK, qg->qg_flags))
7291 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
7292 "Warning: Q=%s: R=%d: multiple queue runners specified\n\tbut flag '%c' is not set\n",
7293 qg->qg_name, qg->qg_maxqrun, QD_FORK);
7296 /* enter the queue into the symbol table */
7298 sm_syslog(LOG_INFO, NOQID,
7299 "Adding %s to stab, path: %s", qg->qg_name,
7301 s = stab(qg->qg_name, ST_QUEUE, ST_ENTER);
7302 if (s->s_quegrp != NULL)
7304 i = s->s_quegrp->qg_index;
7306 /* XXX what about the pointers inside this struct? */
7307 sm_free(s->s_quegrp); /* XXX */
7311 Queue[i] = s->s_quegrp = qg;
7314 /* set default value for max queue runners */
7315 if (qg->qg_maxqrun < 0)
7317 if (MaxRunnersPerQueue > 0)
7318 qg->qg_maxqrun = MaxRunnersPerQueue;
7323 setbitn(QD_DEFINED, qg->qg_flags);
7327 ** HASHFQN -- calculate a hash value for a fully qualified host name
7330 ** fqn -- an all lower-case host.domain string
7331 ** buckets -- the number of buckets (queue directories)
7334 ** a bucket number (signed integer)
7337 ** Contributed by Exactis.com, Inc.
7341 hashfqn(fqn, buckets)
7346 register int h = 0, hash, cnt;
7352 ** A variation on the gdb hash
7353 ** This is the best as of Feb 19, 1996 --bcx
7357 h = 0x238F13AF * strlen(p);
7358 for (cnt = 0; *p != 0; ++p, cnt++)
7360 h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF;
7362 h = (1103515243 * h + 12345) & 0x7FFFFFFF;
7366 hash = (h % buckets);
7373 ** A structure for sorting Queue according to maxqrun without
7374 ** screwing up Queue itself.
7379 int sg_idx; /* original index */
7380 int sg_maxqrun; /* max queue runners */
7382 typedef struct sortqgrp SORTQGRP_T;
7383 static int cmpidx __P((const void *, const void *));
7390 /* The sort is highest to lowest, so the comparison is reversed */
7391 if (((SORTQGRP_T *)a)->sg_maxqrun < ((SORTQGRP_T *)b)->sg_maxqrun)
7393 else if (((SORTQGRP_T *)a)->sg_maxqrun > ((SORTQGRP_T *)b)->sg_maxqrun)
7400 ** MAKEWORKGROUP -- balance queue groups into work groups per MaxQueueChildren
7402 ** Take the now defined queue groups and assign them to work groups.
7403 ** This is done to balance out the number of concurrently active
7404 ** queue runners such that MaxQueueChildren is not exceeded. This may
7405 ** result in more than one queue group per work group. In such a case
7406 ** the number of running queue groups in that work group will have no
7407 ** more than the work group maximum number of runners (a "fair" portion
7408 ** of MaxQueueRunners). All queue groups within a work group will get a
7409 ** chance at running.
7418 ** Sets up WorkGrp structure.
7424 int i, j, total_runners, dir, h;
7425 SORTQGRP_T si[MAXQUEUEGROUPS + 1];
7428 if (NumQueue == 1 && strcmp(Queue[0]->qg_name, "mqueue") == 0)
7431 ** There is only the "mqueue" queue group (a default)
7432 ** containing all of the queues. We want to provide to
7433 ** this queue group the maximum allowable queue runners.
7434 ** To match older behavior (8.10/8.11) we'll try for
7435 ** 1 runner per queue capping it at MaxQueueChildren.
7436 ** So if there are N queues, then there will be N runners
7437 ** for the "mqueue" queue group (where N is kept less than
7438 ** MaxQueueChildren).
7442 WorkGrp[0].wg_numqgrp = 1;
7443 WorkGrp[0].wg_qgs = (QUEUEGRP **) xalloc(sizeof(QUEUEGRP *));
7444 WorkGrp[0].wg_qgs[0] = Queue[0];
7445 if (MaxQueueChildren > 0 &&
7446 Queue[0]->qg_numqueues > MaxQueueChildren)
7447 WorkGrp[0].wg_runners = MaxQueueChildren;
7449 WorkGrp[0].wg_runners = Queue[0]->qg_numqueues;
7451 Queue[0]->qg_wgrp = 0;
7453 /* can't have more runners than allowed total */
7454 if (MaxQueueChildren > 0 &&
7455 Queue[0]->qg_maxqrun > MaxQueueChildren)
7456 Queue[0]->qg_maxqrun = MaxQueueChildren;
7457 WorkGrp[0].wg_maxact = Queue[0]->qg_maxqrun;
7458 WorkGrp[0].wg_lowqintvl = Queue[0]->qg_queueintvl;
7462 for (i = 0; i < NumQueue; i++)
7464 si[i].sg_maxqrun = Queue[i]->qg_maxqrun;
7467 qsort(si, NumQueue, sizeof(si[0]), cmpidx);
7470 for (i = 0; i < NumQueue; i++)
7472 total_runners += si[i].sg_maxqrun;
7473 if (MaxQueueChildren <= 0 || total_runners <= MaxQueueChildren)
7479 if (NumWorkGroups < 1)
7480 NumWorkGroups = 1; /* gotta have one at least */
7481 else if (NumWorkGroups > MAXWORKGROUPS)
7482 NumWorkGroups = MAXWORKGROUPS; /* the limit */
7485 ** We now know the number of work groups to pack the queue groups
7486 ** into. The queue groups in 'Queue' are sorted from highest
7487 ** to lowest for the number of runners per queue group.
7488 ** We put the queue groups with the largest number of runners
7489 ** into work groups first. Then the smaller ones are fitted in
7490 ** where it looks best.
7495 for (i = 0; i < NumQueue; i++)
7497 /* a to-and-fro packing scheme, continue from last position */
7498 if (j >= NumWorkGroups)
7501 j = NumWorkGroups - 1;
7509 if (WorkGrp[j].wg_qgs == NULL)
7510 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_malloc(sizeof(QUEUEGRP *) *
7511 (WorkGrp[j].wg_numqgrp + 1));
7513 WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_realloc(WorkGrp[j].wg_qgs,
7514 sizeof(QUEUEGRP *) *
7515 (WorkGrp[j].wg_numqgrp + 1));
7516 if (WorkGrp[j].wg_qgs == NULL)
7518 syserr("!cannot allocate memory for work queues, need %d bytes",
7519 (int) (sizeof(QUEUEGRP *) *
7520 (WorkGrp[j].wg_numqgrp + 1)));
7524 WorkGrp[j].wg_qgs[WorkGrp[j].wg_numqgrp] = Queue[h];
7525 WorkGrp[j].wg_numqgrp++;
7526 WorkGrp[j].wg_runners += Queue[h]->qg_maxqrun;
7527 Queue[h]->qg_wgrp = j;
7529 if (WorkGrp[j].wg_maxact == 0)
7531 /* can't have more runners than allowed total */
7532 if (MaxQueueChildren > 0 &&
7533 Queue[h]->qg_maxqrun > MaxQueueChildren)
7534 Queue[h]->qg_maxqrun = MaxQueueChildren;
7535 WorkGrp[j].wg_maxact = Queue[h]->qg_maxqrun;
7539 ** XXX: must wg_lowqintvl be the GCD?
7540 ** qg1: 2m, qg2: 3m, minimum: 2m, when do queue runs for
7544 /* keep track of the lowest interval for a persistent runner */
7545 if (Queue[h]->qg_queueintvl > 0 &&
7546 WorkGrp[j].wg_lowqintvl < Queue[h]->qg_queueintvl)
7547 WorkGrp[j].wg_lowqintvl = Queue[h]->qg_queueintvl;
7552 for (i = 0; i < NumWorkGroups; i++)
7554 sm_dprintf("Workgroup[%d]=", i);
7555 for (j = 0; j < WorkGrp[i].wg_numqgrp; j++)
7558 WorkGrp[i].wg_qgs[j]->qg_name);
7566 ** DUP_DF -- duplicate envelope data file
7568 ** Copy the data file from the 'old' envelope to the 'new' envelope
7569 ** in the most efficient way possible.
7571 ** Create a hard link from the 'old' data file to the 'new' data file.
7572 ** If the old and new queue directories are on different file systems,
7573 ** then the new data file link is created in the old queue directory,
7574 ** and the new queue file will contain a 'd' record pointing to the
7575 ** directory containing the new data file.
7578 ** old -- old envelope.
7579 ** new -- new envelope.
7582 ** Returns true on success, false on failure.
7585 ** On success, the new data file is created.
7586 ** On fatal failure, EF_FATALERRS is set in old->e_flags.
7589 static bool dup_df __P((ENVELOPE *, ENVELOPE *));
7597 char opath[MAXPATHLEN];
7598 char npath[MAXPATHLEN];
7600 if (!bitset(EF_HAS_DF, old->e_flags))
7603 ** this can happen if: SuperSafe != True
7604 ** and a bounce mail is sent that is split.
7607 queueup(old, false, true);
7609 SM_REQUIRE(ISVALIDQGRP(old->e_qgrp) && ISVALIDQDIR(old->e_qdir));
7610 SM_REQUIRE(ISVALIDQGRP(new->e_qgrp) && ISVALIDQDIR(new->e_qdir));
7612 (void) sm_strlcpy(opath, queuename(old, DATAFL_LETTER), sizeof opath);
7613 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof npath);
7615 if (old->e_dfp != NULL)
7617 r = sm_io_setinfo(old->e_dfp, SM_BF_COMMIT, NULL);
7618 if (r < 0 && errno != EINVAL)
7620 syserr("@can't commit %s", opath);
7621 old->e_flags |= EF_FATALERRS;
7627 ** Attempt to create a hard link, if we think both old and new
7628 ** are on the same file system, otherwise copy the file.
7630 ** Don't waste time attempting a hard link unless old and new
7631 ** are on the same file system.
7634 ofs = Queue[old->e_qgrp]->qg_qpaths[old->e_qdir].qp_fsysidx;
7635 nfs = Queue[new->e_qgrp]->qg_qpaths[new->e_qdir].qp_fsysidx;
7636 if (FILE_SYS_DEV(ofs) == FILE_SYS_DEV(nfs))
7638 if (link(opath, npath) == 0)
7640 new->e_flags |= EF_HAS_DF;
7641 SYNC_DIR(npath, true);
7648 ** Can't link across queue directories, so try to create a hard
7649 ** link in the same queue directory as the old df file.
7650 ** The qf file will refer to the new df file using a 'd' record.
7653 new->e_dfqgrp = old->e_dfqgrp;
7654 new->e_dfqdir = old->e_dfqdir;
7655 (void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof npath);
7656 if (link(opath, npath) == 0)
7658 new->e_flags |= EF_HAS_DF;
7659 SYNC_DIR(npath, true);
7665 sm_syslog(LOG_ERR, old->e_id,
7666 "dup_df: can't link %s to %s, error=%s, envelope splitting failed",
7667 opath, npath, sm_errstring(errno));
7672 ** SPLIT_ENV -- Allocate a new envelope based on a given envelope.
7676 ** sendqueue -- sendqueue for new envelope.
7677 ** qgrp -- index of queue group.
7678 ** qdir -- queue directory.
7685 static ENVELOPE *split_env __P((ENVELOPE *, ADDRESS *, int, int));
7688 split_env(e, sendqueue, qgrp, qdir)
7696 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, sizeof *ee);
7697 STRUCTCOPY(*e, *ee);
7698 ee->e_message = NULL; /* XXX use original message? */
7701 ee->e_sendqueue = sendqueue;
7702 ee->e_flags &= ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS
7703 |EF_SENDRECEIPT|EF_RET_PARAM|EF_HAS_DF);
7704 ee->e_flags |= EF_NORECEIPT; /* XXX really? */
7705 ee->e_from.q_state = QS_SENDER;
7707 ee->e_lockfp = NULL;
7708 if (e->e_xfp != NULL)
7709 ee->e_xfp = sm_io_dup(e->e_xfp);
7711 /* failed to dup e->e_xfp, start a new transcript */
7712 if (ee->e_xfp == NULL)
7715 ee->e_qgrp = ee->e_dfqgrp = qgrp;
7716 ee->e_qdir = ee->e_dfqdir = qdir;
7717 ee->e_errormode = EM_MAIL;
7718 ee->e_statmsg = NULL;
7719 if (e->e_quarmsg != NULL)
7720 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool,
7724 ** XXX Not sure if this copying is necessary.
7725 ** sendall() does this copying, but I (dm) don't know if that is
7726 ** because of the storage management discipline we were using
7727 ** before rpools were introduced, or if it is because these lists
7728 ** can be modified later.
7731 ee->e_header = copyheader(e->e_header, ee->e_rpool);
7732 ee->e_errorqueue = copyqueue(e->e_errorqueue, ee->e_rpool);
7737 /* return values from split functions, check also below! */
7738 #define SM_SPLIT_FAIL (0)
7739 #define SM_SPLIT_NONE (1)
7740 #define SM_SPLIT_NEW(n) (1 + (n))
7743 ** SPLIT_ACROSS_QUEUE_GROUPS
7745 ** This function splits an envelope across multiple queue groups
7746 ** based on the queue group of each recipient.
7752 ** SM_SPLIT_FAIL on failure
7753 ** SM_SPLIT_NONE if no splitting occurred,
7754 ** or 1 + the number of additional envelopes created.
7757 ** On success, e->e_sibling points to a list of zero or more
7758 ** additional envelopes, and the associated data files exist
7759 ** on disk. But the queue files are not created.
7761 ** On failure, e->e_sibling is not changed.
7762 ** The order of recipients in e->e_sendqueue is permuted.
7763 ** Abandoned data files for additional envelopes that failed
7764 ** to be created may exist on disk.
7767 static int q_qgrp_compare __P((const void *, const void *));
7768 static int e_filesys_compare __P((const void *, const void *));
7771 q_qgrp_compare(p1, p2)
7775 ADDRESS **pq1 = (ADDRESS **) p1;
7776 ADDRESS **pq2 = (ADDRESS **) p2;
7778 return (*pq1)->q_qgrp - (*pq2)->q_qgrp;
7782 e_filesys_compare(p1, p2)
7786 ENVELOPE **pe1 = (ENVELOPE **) p1;
7787 ENVELOPE **pe2 = (ENVELOPE **) p2;
7790 fs1 = Queue[(*pe1)->e_qgrp]->qg_qpaths[(*pe1)->e_qdir].qp_fsysidx;
7791 fs2 = Queue[(*pe2)->e_qgrp]->qg_qpaths[(*pe2)->e_qdir].qp_fsysidx;
7792 if (FILE_SYS_DEV(fs1) < FILE_SYS_DEV(fs2))
7794 if (FILE_SYS_DEV(fs1) > FILE_SYS_DEV(fs2))
7800 split_across_queue_groups(e)
7803 int naddrs, nsplits, i;
7806 ADDRESS *q, **addrs;
7808 ENVELOPE *splits[MAXQUEUEGROUPS];
7809 char pvpbuf[PSBUFSIZE];
7811 SM_REQUIRE(ISVALIDQGRP(e->e_qgrp));
7813 /* Count addresses and assign queue groups. */
7816 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
7818 if (QS_IS_DEAD(q->q_state))
7822 /* bad addresses and those already sent stay put */
7823 if (QS_IS_BADADDR(q->q_state) ||
7824 QS_IS_SENT(q->q_state))
7825 q->q_qgrp = e->e_qgrp;
7826 else if (!ISVALIDQGRP(q->q_qgrp))
7828 /* call ruleset which should return a queue group */
7829 i = rscap(RS_QUEUEGROUP, q->q_user, NULL, e, &pvp,
7830 pvpbuf, sizeof(pvpbuf));
7832 pvp != NULL && pvp[0] != NULL &&
7833 (pvp[0][0] & 0377) == CANONNET &&
7834 pvp[1] != NULL && pvp[1][0] != '\0')
7836 i = name2qid(pvp[1]);
7842 sm_syslog(LOG_INFO, NOQID,
7843 "queue group name %s -> %d",
7847 else if (LogLevel > 10)
7848 sm_syslog(LOG_INFO, NOQID,
7849 "can't find queue group name %s, selection ignored",
7852 if (q->q_mailer != NULL &&
7853 ISVALIDQGRP(q->q_mailer->m_qgrp))
7856 q->q_qgrp = q->q_mailer->m_qgrp;
7858 else if (ISVALIDQGRP(e->e_qgrp))
7859 q->q_qgrp = e->e_qgrp;
7865 /* only one address? nothing to split. */
7866 if (naddrs <= 1 && !changed)
7867 return SM_SPLIT_NONE;
7869 /* sort the addresses by queue group */
7870 addrs = sm_rpool_malloc_x(e->e_rpool, naddrs * sizeof(ADDRESS *));
7871 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
7873 if (QS_IS_DEAD(q->q_state))
7877 qsort(addrs, naddrs, sizeof(ADDRESS *), q_qgrp_compare);
7879 /* split into multiple envelopes, by queue group */
7882 e->e_sendqueue = NULL;
7883 for (i = 0; i < naddrs; ++i)
7885 if (i == naddrs - 1 || addrs[i]->q_qgrp != addrs[i + 1]->q_qgrp)
7886 addrs[i]->q_next = NULL;
7888 addrs[i]->q_next = addrs[i + 1];
7890 /* same queue group as original envelope? */
7891 if (addrs[i]->q_qgrp == e->e_qgrp)
7893 if (e->e_sendqueue == NULL)
7894 e->e_sendqueue = addrs[i];
7898 /* different queue group than original envelope */
7899 if (es == NULL || addrs[i]->q_qgrp != es->e_qgrp)
7901 ee = split_env(e, addrs[i], addrs[i]->q_qgrp, NOQDIR);
7903 splits[nsplits++] = ee;
7907 /* no splits? return right now. */
7909 return SM_SPLIT_NONE;
7911 /* assign a queue directory to each additional envelope */
7912 for (i = 0; i < nsplits; ++i)
7916 es->e_qdir = pickqdir(Queue[es->e_qgrp], es->e_msgsize, es);
7918 if (!setnewqueue(es))
7922 /* sort the additional envelopes by queue file system */
7923 qsort(splits, nsplits, sizeof(ENVELOPE *), e_filesys_compare);
7925 /* create data files for each additional envelope */
7926 if (!dup_df(e, splits[0]))
7931 for (i = 1; i < nsplits; ++i)
7933 /* copy or link to the previous data file */
7934 if (!dup_df(splits[i - 1], splits[i]))
7938 /* success: prepend the new envelopes to the e->e_sibling list */
7939 for (i = 0; i < nsplits; ++i)
7942 es->e_sibling = e->e_sibling;
7945 return SM_SPLIT_NEW(nsplits);
7947 /* failure: clean up */
7953 for (j = 0; j < i; j++)
7954 (void) unlink(queuename(splits[j], DATAFL_LETTER));
7956 e->e_sendqueue = addrs[0];
7957 for (i = 0; i < naddrs - 1; ++i)
7958 addrs[i]->q_next = addrs[i + 1];
7959 addrs[naddrs - 1]->q_next = NULL;
7960 return SM_SPLIT_FAIL;
7964 ** SPLIT_WITHIN_QUEUE
7966 ** Split an envelope with multiple recipients into several
7967 ** envelopes within the same queue directory, if the number of
7968 ** recipients exceeds the limit for the queue group.
7974 ** SM_SPLIT_FAIL on failure
7975 ** SM_SPLIT_NONE if no splitting occurred,
7976 ** or 1 + the number of additional envelopes created.
7979 #define SPLIT_LOG_LEVEL 8
7981 static int split_within_queue __P((ENVELOPE *));
7984 split_within_queue(e)
7987 int maxrcpt, nrcpt, ndead, nsplit, i;
7990 ADDRESS *q, **addrs;
7991 ENVELOPE *ee, *firstsibling;
7993 if (!ISVALIDQGRP(e->e_qgrp) || bitset(EF_SPLIT, e->e_flags))
7994 return SM_SPLIT_NONE;
7996 /* don't bother if there is no recipient limit */
7997 maxrcpt = Queue[e->e_qgrp]->qg_maxrcpt;
7999 return SM_SPLIT_NONE;
8001 /* count recipients */
8003 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
8005 if (QS_IS_DEAD(q->q_state))
8009 if (nrcpt <= maxrcpt)
8010 return SM_SPLIT_NONE;
8013 ** Preserve the recipient list
8014 ** so that we can restore it in case of error.
8015 ** (But we discard dead addresses.)
8018 addrs = sm_rpool_malloc_x(e->e_rpool, nrcpt * sizeof(ADDRESS *));
8019 for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
8021 if (QS_IS_DEAD(q->q_state))
8027 ** Partition the recipient list so that bad and sent addresses
8028 ** come first. These will go with the original envelope, and
8029 ** do not count towards the maxrcpt limit.
8030 ** addrs[] does not contain QS_IS_DEAD() addresses.
8034 for (i = 0; i < nrcpt; ++i)
8036 if (QS_IS_BADADDR(addrs[i]->q_state) ||
8037 QS_IS_SENT(addrs[i]->q_state) ||
8038 QS_IS_DEAD(addrs[i]->q_state)) /* for paranoia's sake */
8042 ADDRESS *tmp = addrs[i];
8044 addrs[i] = addrs[ndead];
8051 /* Check if no splitting required. */
8052 if (nrcpt - ndead <= maxrcpt)
8053 return SM_SPLIT_NONE;
8056 for (i = 0; i < nrcpt - 1; ++i)
8057 addrs[i]->q_next = addrs[i + 1];
8058 addrs[nrcpt - 1]->q_next = NULL;
8059 e->e_sendqueue = addrs[0];
8061 /* prepare buffer for logging */
8062 if (LogLevel > SPLIT_LOG_LEVEL)
8065 lsplits = sm_malloc(l);
8066 if (lsplits != NULL)
8072 /* get rid of stupid compiler warnings */
8077 /* split the envelope */
8078 firstsibling = e->e_sibling;
8079 i = maxrcpt + ndead;
8083 addrs[i - 1]->q_next = NULL;
8084 ee = split_env(e, addrs[i], e->e_qgrp, e->e_qdir);
8091 (void) unlink(queuename(ee, DATAFL_LETTER));
8095 /* Error. Restore e's sibling & recipient lists. */
8096 e->e_sibling = firstsibling;
8097 for (i = 0; i < nrcpt - 1; ++i)
8098 addrs[i]->q_next = addrs[i + 1];
8099 if (lsplits != NULL)
8101 return SM_SPLIT_FAIL;
8104 /* prepend the new envelope to e->e_sibling */
8105 ee->e_sibling = e->e_sibling;
8108 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8110 if (j >= l - strlen(ee->e_id) - 3)
8115 p = sm_realloc(lsplits, l);
8118 /* let's try to get this done */
8125 if (lsplits != NULL)
8128 j += sm_strlcat(lsplits + j,
8132 j += sm_strlcat2(lsplits + j,
8139 if (nrcpt - i <= maxrcpt)
8143 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8147 sm_syslog(LOG_NOTICE, e->e_id,
8148 "split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s",
8149 maxrcpt, nrcpt - ndead, nsplit,
8150 nsplit > 1 ? "s" : "", lsplits);
8154 return SM_SPLIT_NEW(nsplit);
8157 ** SPLIT_BY_RECIPIENT
8159 ** Split an envelope with multiple recipients into multiple
8160 ** envelopes as required by the sendmail configuration.
8166 ** Returns true on success, false on failure.
8169 ** see split_across_queue_groups(), split_within_queue(e)
8173 split_by_recipient(e)
8176 int split, n, i, j, l;
8178 ENVELOPE *ee, *next, *firstsibling;
8180 if (OpMode == SM_VERIFY || !ISVALIDQGRP(e->e_qgrp) ||
8181 bitset(EF_SPLIT, e->e_flags))
8183 n = split_across_queue_groups(e);
8184 if (n == SM_SPLIT_FAIL)
8186 firstsibling = ee = e->e_sibling;
8187 if (n > 1 && LogLevel > SPLIT_LOG_LEVEL)
8190 lsplits = sm_malloc(l);
8191 if (lsplits != NULL)
8197 /* get rid of stupid compiler warnings */
8201 for (i = 1; i < n; ++i)
8203 next = ee->e_sibling;
8204 if (split_within_queue(ee) == SM_SPLIT_FAIL)
8206 e->e_sibling = firstsibling;
8209 ee->e_flags |= EF_SPLIT;
8210 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
8212 if (j >= l - strlen(ee->e_id) - 3)
8217 p = sm_realloc(lsplits, l);
8220 /* let's try to get this done */
8227 if (lsplits != NULL)
8230 j += sm_strlcat(lsplits + j,
8233 j += sm_strlcat2(lsplits + j, "; ",
8240 if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && n > 1)
8242 sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s",
8243 n - 1, n > 2 ? "s" : "", lsplits);
8246 split = split_within_queue(e) != SM_SPLIT_FAIL;
8248 e->e_flags |= EF_SPLIT;
8253 ** QUARANTINE_QUEUE_ITEM -- {un,}quarantine a single envelope
8255 ** Add/remove quarantine reason and requeue appropriately.
8258 ** qgrp -- queue group for the item
8259 ** qdir -- queue directory in the given queue group
8260 ** e -- envelope information for the item
8261 ** reason -- quarantine reason, NULL means unquarantine.
8264 ** true if item changed, false otherwise
8267 ** Changes quarantine tag in queue file and renames it.
8271 quarantine_queue_item(qgrp, qdir, e, reason)
8278 bool failing = false;
8279 bool foundq = false;
8280 bool finished = false;
8286 MODE_T oldumask = 0;
8287 SM_FILE_T *oldqfp, *tempqfp;
8289 char oldqf[MAXPATHLEN];
8290 char tempqf[MAXPATHLEN];
8291 char newqf[MAXPATHLEN];
8294 oldtype = queue_letter(e, ANYQFL_LETTER);
8295 (void) sm_strlcpy(oldqf, queuename(e, ANYQFL_LETTER), sizeof oldqf);
8296 (void) sm_strlcpy(tempqf, queuename(e, NEWQFL_LETTER), sizeof tempqf);
8299 ** Instead of duplicating all the open
8300 ** and lock code here, tell readqf() to
8301 ** do that work and return the open
8302 ** file pointer in e_lockfp. Note that
8303 ** we must release the locks properly when
8307 if (!readqf(e, true))
8309 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8310 "Skipping %s\n", qid_printname(e));
8313 oldqfp = e->e_lockfp;
8315 /* open the new queue file */
8316 flags = O_CREAT|O_WRONLY|O_EXCL;
8317 if (bitset(S_IWGRP, QueueFileMode))
8318 oldumask = umask(002);
8319 fd = open(tempqf, flags, QueueFileMode);
8320 if (bitset(S_IWGRP, QueueFileMode))
8321 (void) umask(oldumask);
8327 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8328 "Skipping %s: Could not open %s: %s\n",
8329 qid_printname(e), tempqf,
8330 sm_errstring(save_errno));
8331 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8334 if (!lockfile(fd, tempqf, NULL, LOCK_EX|LOCK_NB))
8336 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8337 "Skipping %s: Could not lock %s\n",
8338 qid_printname(e), tempqf);
8340 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8344 tempqfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &fd,
8345 SM_IO_WRONLY_B, NULL);
8346 if (tempqfp == NULL)
8348 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8349 "Skipping %s: Could not lock %s\n",
8350 qid_printname(e), tempqf);
8352 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8356 /* Copy the data over, changing the quarantine reason */
8357 while ((bp = fgetfolded(buf, sizeof buf, oldqfp)) != NULL)
8360 sm_dprintf("+++++ %s\n", bp);
8363 case 'q': /* quarantine reason */
8369 (void) sm_io_fprintf(smioout,
8371 "%s: Removed quarantine of \"%s\"\n",
8374 sm_syslog(LOG_INFO, e->e_id, "unquarantine");
8378 else if (strcmp(reason, &bp[1]) == 0)
8382 (void) sm_io_fprintf(smioout,
8384 "%s: Already quarantined with \"%s\"\n",
8387 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8394 (void) sm_io_fprintf(smioout,
8396 "%s: Quarantine changed from \"%s\" to \"%s\"\n",
8400 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8402 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
8410 ** If we are quarantining an unquarantined item,
8411 ** need to put in a new 'q' line before it's
8415 if (!foundq && reason != NULL)
8419 (void) sm_io_fprintf(smioout,
8421 "%s: Quarantined with \"%s\"\n",
8424 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8426 sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
8432 /* Copy the line to the new file */
8433 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8442 /* Copy the line to the new file */
8443 (void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
8449 /* Make sure we read the whole old file */
8450 errno = sm_io_error(tempqfp);
8451 if (errno != 0 && errno != SM_IO_EOF)
8454 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8455 "Skipping %s: Error reading %s: %s\n",
8456 qid_printname(e), oldqf,
8457 sm_errstring(save_errno));
8461 if (!failing && !finished)
8463 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8464 "Skipping %s: Incomplete file: %s\n",
8465 qid_printname(e), oldqf);
8469 /* Check if we actually changed anything or we can just bail now */
8472 /* pretend we failed, even though we technically didn't */
8476 /* Make sure we wrote things out safely */
8478 (sm_io_flush(tempqfp, SM_TIME_DEFAULT) != 0 ||
8479 ((SuperSafe == SAFE_REALLY ||
8480 SuperSafe == SAFE_REALLY_POSTMILTER ||
8481 SuperSafe == SAFE_INTERACTIVE) &&
8482 fsync(sm_io_getinfo(tempqfp, SM_IO_WHAT_FD, NULL)) < 0) ||
8483 ((errno = sm_io_error(tempqfp)) != 0)))
8486 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8487 "Skipping %s: Error writing %s: %s\n",
8488 qid_printname(e), tempqf,
8489 sm_errstring(save_errno));
8494 /* Figure out the new filename */
8495 newtype = (reason == NULL ? NORMQF_LETTER : QUARQF_LETTER);
8496 if (oldtype == newtype)
8498 /* going to rename tempqf to oldqf */
8499 (void) sm_strlcpy(newqf, oldqf, sizeof newqf);
8503 /* going to rename tempqf to new name based on newtype */
8504 (void) sm_strlcpy(newqf, queuename(e, newtype), sizeof newqf);
8509 /* rename tempqf to newqf */
8511 rename(tempqf, newqf) < 0)
8512 save_errno = (errno == 0) ? EINVAL : errno;
8514 /* Check rename() success */
8515 if (!failing && save_errno != 0)
8517 sm_syslog(LOG_DEBUG, e->e_id,
8518 "quarantine_queue_item: rename(%s, %s): %s",
8519 tempqf, newqf, sm_errstring(save_errno));
8521 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8522 "Error renaming %s to %s: %s\n",
8524 sm_errstring(save_errno));
8525 if (oldtype == newtype)
8528 ** Bail here since we don't know the state of
8529 ** the filesystem and may need to keep tempqf
8530 ** for the user to rescue us.
8535 syserr("!452 Error renaming control file %s", tempqf);
8540 /* remove new file (if rename() half completed) */
8541 if (xunlink(newqf) < 0)
8544 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8545 "Error removing %s: %s\n",
8547 sm_errstring(save_errno));
8550 /* tempqf removed below */
8556 /* If changing file types, need to remove old type */
8557 if (!failing && oldtype != newtype)
8559 if (xunlink(oldqf) < 0)
8562 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8563 "Error removing %s: %s\n",
8564 oldqf, sm_errstring(save_errno));
8568 /* see if anything above failed */
8571 /* Something failed: remove new file, old file still there */
8572 (void) xunlink(tempqf);
8576 ** fsync() after file operations to make sure metadata is
8577 ** written to disk on filesystems in which renames are
8578 ** not guaranteed. It's ok if they fail, mail won't be lost.
8581 if (SuperSafe != SAFE_NO)
8583 /* for soft-updates */
8584 (void) fsync(sm_io_getinfo(tempqfp,
8585 SM_IO_WHAT_FD, NULL));
8589 /* for soft-updates */
8590 (void) fsync(sm_io_getinfo(oldqfp,
8591 SM_IO_WHAT_FD, NULL));
8594 /* for other odd filesystems */
8595 SYNC_DIR(tempqf, false);
8600 if (tempqfp != NULL)
8601 (void) sm_io_close(tempqfp, SM_TIME_DEFAULT);
8603 (void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
8610 ** QUARANTINE_QUEUE -- {un,}quarantine matching items in the queue
8612 ** Read all matching queue items, add/remove quarantine
8613 ** reason, and requeue appropriately.
8616 ** reason -- quarantine reason, "." means unquarantine.
8617 ** qgrplimit -- limit to single queue group unless NOQGRP
8623 ** Lots of changes to the queue.
8627 quarantine_queue(reason, qgrplimit)
8634 /* Convert internal representation of unquarantine */
8635 if (reason != NULL && reason[0] == '.' && reason[1] == '\0')
8641 reason = newstr(denlstring(reason, true, true));
8644 for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
8648 if (qgrplimit != NOQGRP && qgrplimit != qgrp)
8651 for (qdir = 0; qdir < Queue[qgrp]->qg_numqueues; qdir++)
8659 nrequests = gatherq(qgrp, qdir, true, NULL, NULL);
8661 /* first see if there is anything */
8666 (void) sm_io_fprintf(smioout,
8667 SM_TIME_DEFAULT, "%s: no matches\n",
8668 qid_printqueue(qgrp, qdir));
8675 (void) sm_io_fprintf(smioout,
8676 SM_TIME_DEFAULT, "Processing %s:\n",
8677 qid_printqueue(qgrp, qdir));
8680 for (i = 0; i < WorkListCount; i++)
8687 /* setup envelope */
8688 clearenvelope(&e, true, sm_rpool_new_x(NULL));
8689 e.e_id = WorkList[i].w_name + 2;
8695 sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8696 "Would do %s\n", e.e_id);
8699 else if (quarantine_queue_item(qgrp, qdir,
8704 sm_rpool_free(e.e_rpool);
8707 if (WorkList != NULL)
8708 sm_free(WorkList); /* XXX */
8717 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8720 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
8723 changed == 1 ? "" : "s");