summaryrefslogtreecommitdiffstats
path: root/src/exim_lock.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/exim_lock.c664
1 files changed, 664 insertions, 0 deletions
diff --git a/src/exim_lock.c b/src/exim_lock.c
new file mode 100644
index 0000000..0682168
--- /dev/null
+++ b/src/exim_lock.c
@@ -0,0 +1,664 @@
+/* A program to lock a file exactly as Exim would, for investigation of
+interlocking problems.
+
+Options: -fcntl use fcntl() lock
+ -flock use flock() lock
+ -lockfile use lock file
+ -mbx use mbx locking rules, with either fcntl() or flock()
+
+Default is -fcntl -lockfile.
+
+Argument: the name of the lock file
+
+Copyright (c) The Exim Maintainers 2016
+*/
+
+#include "os.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <errno.h>
+#include <time.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <utime.h>
+#include <sys/utsname.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <pwd.h>
+
+/* Not all systems have flock() available. Those that do must define LOCK_SH
+in sys/file.h. */
+
+#ifndef LOCK_SH
+#define NO_FLOCK
+#endif
+
+
+typedef unsigned BOOL;
+#define FALSE 0
+#define TRUE 1
+
+
+/* Flag for timeout signal handler */
+
+static int sigalrm_seen = FALSE;
+
+
+/* We need to pull in strerror() and os_non_restarting_signal() from the
+os.c source, if they are required for this OS. However, we don't need any of
+the other stuff in os.c, so force the other macros to omit it. */
+
+#ifndef OS_RESTARTING_SIGNAL
+ #define OS_RESTARTING_SIGNAL
+#endif
+
+#ifndef OS_STRSIGNAL
+ #define OS_STRSIGNAL
+#endif
+
+#ifndef OS_STREXIT
+ #define OS_STREXIT
+#endif
+
+#ifndef OS_LOAD_AVERAGE
+ #define OS_LOAD_AVERAGE
+#endif
+
+#ifndef FIND_RUNNING_INTERFACES
+ #define FIND_RUNNING_INTERFACES
+#endif
+
+#ifndef OS_GET_DNS_RESOLVER_RES
+ #define OS_GET_DNS_RESOLVER_RES
+#endif
+
+#include "../src/os.c"
+
+
+
+/*************************************************
+* Timeout handler *
+*************************************************/
+
+static void
+sigalrm_handler(int sig)
+{
+sig = sig; /* Keep picky compilers happy */
+sigalrm_seen = TRUE;
+}
+
+
+
+/*************************************************
+* Give usage and die *
+*************************************************/
+
+static void
+usage(void)
+{
+printf("usage: exim_lock [-v] [-q] [-lockfile] [-fcntl] [-flock] [-mbx]\n"
+ " [-retries <n>] [-interval <n>] [-timeout <n>] [-restore-times]\n"
+ " <file name> [command]\n");
+exit(1);
+}
+
+
+
+/*************************************************
+* Apply a lock to a file descriptor *
+*************************************************/
+
+static int
+apply_lock(int fd, int fcntltype, BOOL dofcntl, int fcntltime, BOOL doflock,
+ int flocktime)
+{
+int yield = 0;
+int save_errno;
+struct flock lock_data;
+lock_data.l_type = fcntltype;
+lock_data.l_whence = lock_data.l_start = lock_data.l_len = 0;
+
+sigalrm_seen = FALSE;
+
+if (dofcntl)
+ {
+ if (fcntltime > 0)
+ {
+ os_non_restarting_signal(SIGALRM, sigalrm_handler);
+ alarm(fcntltime);
+ yield = fcntl(fd, F_SETLKW, &lock_data);
+ save_errno = errno;
+ alarm(0);
+ errno = save_errno;
+ }
+ else yield = fcntl(fd, F_SETLK, &lock_data);
+ if (yield < 0) printf("exim_lock: fcntl() failed: %s\n", strerror(errno));
+ }
+
+#ifndef NO_FLOCK
+if (doflock && (yield >= 0))
+ {
+ int flocktype = (fcntltype == F_WRLCK)? LOCK_EX : LOCK_SH;
+ if (flocktime > 0)
+ {
+ os_non_restarting_signal(SIGALRM, sigalrm_handler);
+ alarm(flocktime);
+ yield = flock(fd, flocktype);
+ save_errno = errno;
+ alarm(0);
+ errno = save_errno;
+ }
+ else yield = flock(fd, flocktype | LOCK_NB);
+ if (yield < 0) printf("exim_lock: flock() failed: %s\n", strerror(errno));
+ }
+#endif
+
+return yield;
+}
+
+
+
+/*************************************************
+* The exim_lock program *
+*************************************************/
+
+int main(int argc, char **argv)
+{
+int lock_retries = 10;
+int lock_interval = 3;
+int lock_fcntl_timeout = 0;
+int lock_flock_timeout = 0;
+int i, j, len;
+int fd = -1;
+int hd = -1;
+int md = -1;
+int yield = 0;
+time_t now = time(NULL);
+BOOL use_lockfile = FALSE;
+BOOL use_fcntl = FALSE;
+BOOL use_flock = FALSE;
+BOOL use_mbx = FALSE;
+BOOL verbose = FALSE;
+BOOL quiet = FALSE;
+BOOL restore_times = FALSE;
+char *filename;
+char *lockname = NULL, *hitchname = NULL;
+char *primary_hostname;
+const char *command;
+struct utsname s;
+char buffer[256];
+char tempname[256];
+
+/* Decode options */
+
+for (i = 1; i < argc; i++)
+ {
+ char *arg = argv[i];
+ if (*arg != '-') break;
+ if (strcmp(arg, "-fcntl") == 0) use_fcntl = TRUE;
+ else if (strcmp(arg, "-flock") == 0) use_flock = TRUE;
+ else if (strcmp(arg, "-lockfile") == 0) use_lockfile = TRUE;
+ else if (strcmp(arg, "-mbx") == 0) use_mbx = TRUE;
+ else if (strcmp(arg, "-v") == 0) verbose = TRUE;
+ else if (strcmp(arg, "-q") == 0) quiet = TRUE;
+ else if (strcmp(arg, "-restore-times") == 0) restore_times = TRUE;
+ else if (++i < argc)
+ {
+ int value = atoi(argv[i]);
+ if (strcmp(arg, "-retries") == 0) lock_retries = value;
+ else if (strcmp(arg, "-interval") == 0) lock_interval = value;
+ else if (strcmp(arg, "-timeout") == 0)
+ lock_fcntl_timeout = lock_flock_timeout = value;
+ else usage();
+ }
+ else usage();
+ }
+
+if (quiet) verbose = FALSE;
+
+/* Can't use flock() if the OS doesn't provide it */
+
+#ifdef NO_FLOCK
+if (use_flock)
+ {
+ printf("exim_lock: can't use flock() because it was not available in the\n"
+ " operating system when exim_lock was compiled\n");
+ exit(1);
+ }
+#endif
+
+/* Default is to use lockfiles and fcntl(). */
+
+if (!use_lockfile && !use_fcntl && !use_flock && !use_mbx)
+ use_lockfile = use_fcntl = TRUE;
+
+/* Default fcntl() for use with mbx */
+
+if (use_mbx && !use_fcntl && !use_flock) use_fcntl = TRUE;
+
+/* Unset unused timeouts */
+
+if (!use_fcntl) lock_fcntl_timeout = 0;
+if (!use_flock) lock_flock_timeout = 0;
+
+/* A file name is required */
+
+if (i >= argc) usage();
+
+filename = argv[i++];
+
+/* Expand file names starting with ~ */
+
+if (*filename == '~')
+ {
+ struct passwd *pw;
+
+ if (*(++filename) == '/')
+ pw = getpwuid(getuid());
+ else
+ {
+ char *s = buffer;
+ while (*filename != 0 && *filename != '/')
+ *s++ = *filename++;
+ *s = 0;
+ pw = getpwnam(buffer);
+ }
+
+ if (pw == NULL)
+ {
+ printf("exim_lock: unable to expand file name %s\n", argv[i-1]);
+ exit(1);
+ }
+
+ if ((int)strlen(pw->pw_dir) + (int)strlen(filename) + 1 > sizeof(buffer))
+ {
+ printf("exim_lock: expanded file name %s%s is too long", pw->pw_dir,
+ filename);
+ exit(1);
+ }
+
+ strcpy(buffer, pw->pw_dir);
+ strcat(buffer, filename);
+ filename = buffer;
+ }
+
+/* If using a lock file, prepare by creating the lock file name and
+the hitching post name. */
+
+if (use_lockfile)
+ {
+ if (uname(&s) < 0)
+ {
+ printf("exim_lock: failed to find host name using uname()\n");
+ exit(1);
+ }
+ primary_hostname = s.nodename;
+
+ len = (int)strlen(filename);
+ lockname = malloc(len + 8);
+ sprintf(lockname, "%s.lock", filename);
+ hitchname = malloc(len + 32 + (int)strlen(primary_hostname));
+
+ /* Presumably, this must match appendfile.c */
+ sprintf(hitchname, "%s.%s.%08x.%08x", lockname, primary_hostname,
+ (unsigned int)now, (unsigned int)getpid());
+
+ if (verbose)
+ printf("exim_lock: lockname = %s\n hitchname = %s\n", lockname,
+ hitchname);
+ }
+
+/* Locking retry loop */
+
+for (j = 0; j < lock_retries; j++)
+ {
+ int sleep_before_retry = TRUE;
+ struct stat statbuf, ostatbuf, lstatbuf, statbuf2;
+ int mbx_tmp_oflags;
+
+ /* Try to build a lock file if so configured */
+
+ if (use_lockfile)
+ {
+ int rc, rc2;
+ if (verbose) printf("exim_lock: creating lock file\n");
+ hd = open(hitchname, O_WRONLY | O_CREAT | O_EXCL, 0440);
+ if (hd < 0)
+ {
+ printf("exim_lock: failed to create hitching post %s: %s\n", hitchname,
+ strerror(errno));
+ exit(1);
+ }
+
+ /* Apply hitching post algorithm. */
+
+ if ((rc = link(hitchname, lockname)) != 0)
+ rc2 = fstat(hd, &statbuf);
+ (void)close(hd);
+ unlink(hitchname);
+
+ if (rc != 0 && (rc2 != 0 || statbuf.st_nlink != 2))
+ {
+ printf("exim_lock: failed to link hitching post to lock file\n");
+ hd = -1;
+ goto RETRY;
+ }
+
+ if (!quiet) printf("exim_lock: lock file successfully created\n");
+ }
+
+ /* We are done if no other locking required. */
+
+ if (!use_fcntl && !use_flock && !use_mbx) break;
+
+ /* Open the file for writing. */
+
+ if ((fd = open(filename, O_RDWR + O_APPEND)) < 0)
+ {
+ printf("exim_lock: failed to open %s for writing: %s\n", filename,
+ strerror(errno));
+ yield = 1;
+ goto CLEAN_UP;
+ }
+
+ /* If there is a timeout, implying blocked locking, we don't want to
+ sleep before any retries after this. */
+
+ if (lock_fcntl_timeout > 0 || lock_flock_timeout > 0)
+ sleep_before_retry = FALSE;
+
+ /* Lock using fcntl. There are pros and cons to using a blocking call vs
+ a non-blocking call and retries. Exim is non-blocking by default, but setting
+ a timeout changes it to blocking. */
+
+ if (!use_mbx && (use_fcntl || use_flock))
+ if (apply_lock(fd, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
+ lock_flock_timeout) >= 0)
+ {
+ if (!quiet)
+ {
+ if (use_fcntl) printf("exim_lock: fcntl() lock successfully applied\n");
+ if (use_flock) printf("exim_lock: flock() lock successfully applied\n");
+ }
+ break;
+ }
+ else
+ goto RETRY; /* Message already output */
+
+ /* Lock using MBX rules. This is complicated and is documented with the
+ source of the c-client library that goes with Pine and IMAP. What has to
+ be done to interwork correctly is to take out a shared lock on the mailbox,
+ and an exclusive lock on a /tmp file. */
+
+ else
+ {
+ if (apply_lock(fd, F_RDLCK, use_fcntl, lock_fcntl_timeout, use_flock,
+ lock_flock_timeout) >= 0)
+ {
+ if (!quiet)
+ {
+ if (use_fcntl)
+ printf("exim_lock: fcntl() read lock successfully applied\n");
+ if (use_flock)
+ printf("exim_lock: fcntl() read lock successfully applied\n");
+ }
+ }
+ else goto RETRY; /* Message already output */
+
+ if (fstat(fd, &statbuf) < 0)
+ {
+ printf("exim_lock: fstat() of %s failed: %s\n", filename,
+ strerror(errno));
+ yield = 1;
+ goto CLEAN_UP;
+ }
+
+ /* Set up file in /tmp and check its state if already existing. */
+
+ sprintf(tempname, "/tmp/.%lx.%lx", (long)statbuf.st_dev,
+ (long)statbuf.st_ino);
+
+ if (lstat(tempname, &statbuf) >= 0)
+ {
+ if ((statbuf.st_mode & S_IFMT) == S_IFLNK)
+ {
+ printf("exim_lock: symbolic link on lock name %s\n", tempname);
+ yield = 1;
+ goto CLEAN_UP;
+ }
+ if (statbuf.st_nlink > 1)
+ {
+ printf("exim_lock: hard link to lock name %s\n", tempname);
+ yield = 1;
+ goto CLEAN_UP;
+ }
+ }
+
+ mbx_tmp_oflags = O_RDWR | O_CREAT;
+#ifdef O_NOFOLLOW
+ mbx_tmp_oflags |= O_NOFOLLOW;
+#endif
+ md = open(tempname, mbx_tmp_oflags, 0600);
+ if (md < 0)
+ {
+ printf("exim_lock: failed to create mbx lock file %s: %s\n",
+ tempname, strerror(errno));
+ goto CLEAN_UP;
+ }
+
+ /* security fixes from 2010-05 */
+ if (lstat(tempname, &lstatbuf) < 0)
+ {
+ printf("exim_lock: failed to lstat(%s) after opening it: %s\n",
+ tempname, strerror(errno));
+ goto CLEAN_UP;
+ }
+ if (fstat(md, &statbuf2) < 0)
+ {
+ printf("exim_lock: failed to fstat() open fd of \"%s\": %s\n",
+ tempname, strerror(errno));
+ goto CLEAN_UP;
+ }
+ if ((statbuf2.st_nlink > 1) ||
+ (lstatbuf.st_nlink > 1) ||
+ (!S_ISREG(lstatbuf.st_mode)) ||
+ (lstatbuf.st_dev != statbuf2.st_dev) ||
+ (lstatbuf.st_ino != statbuf2.st_ino))
+ {
+ printf("exim_lock: race condition exploited against us when "
+ "locking \"%s\"\n", tempname);
+ goto CLEAN_UP;
+ }
+
+ (void)chmod(tempname, 0600);
+
+ if (apply_lock(md, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,
+ lock_flock_timeout) >= 0)
+ {
+ if (!quiet)
+ {
+ if (use_fcntl)
+ printf("exim_lock: fcntl() lock successfully applied to mbx "
+ "lock file %s\n", tempname);
+ if (use_flock)
+ printf("exim_lock: flock() lock successfully applied to mbx "
+ "lock file %s\n", tempname);
+ }
+
+ /* This test checks for a race condition */
+
+ if (lstat(tempname, &statbuf) != 0 ||
+ fstat(md, &ostatbuf) != 0 ||
+ statbuf.st_dev != ostatbuf.st_dev ||
+ statbuf.st_ino != ostatbuf.st_ino)
+ {
+ if (!quiet) printf("exim_lock: mbx lock file %s changed between "
+ "creation and locking\n", tempname);
+ goto RETRY;
+ }
+ else break;
+ }
+ else goto RETRY; /* Message already output */
+ }
+
+ /* Clean up before retrying */
+
+ RETRY:
+
+ if (md >= 0)
+ {
+ if (close(md) < 0)
+ printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: %s closed\n", tempname);
+ md = -1;
+ }
+
+ if (fd >= 0)
+ {
+ if (close(fd) < 0)
+ printf("exim_lock: close failed: %s\n", strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: file closed\n");
+ fd = -1;
+ }
+
+ if (hd >= 0)
+ {
+ if (unlink(lockname) < 0)
+ printf("exim_lock: unlink of %s failed: %s\n", lockname, strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: lock file removed\n");
+ hd = -1;
+ }
+
+ /* If a blocking call timed out, break the retry loop if the total time
+ so far is not less than than retries * interval. */
+
+ if (sigalrm_seen &&
+ (j + 1) * ((lock_fcntl_timeout > lock_flock_timeout)?
+ lock_fcntl_timeout : lock_flock_timeout) >=
+ lock_retries * lock_interval)
+ j = lock_retries;
+
+ /* Wait a bit before retrying, except when it was a blocked fcntl() that
+ caused the problem. */
+
+ if (j < lock_retries && sleep_before_retry)
+ {
+ printf(" ... waiting\n");
+ sleep(lock_interval);
+ }
+ }
+
+if (j >= lock_retries)
+ {
+ printf("exim_lock: locking failed too many times\n");
+ yield = 1;
+ goto CLEAN_UP;
+ }
+
+if (!quiet) printf("exim_lock: locking %s succeeded: ", filename);
+
+/* If there are no further arguments, run the user's shell; otherwise
+the next argument is a command to run. */
+
+if (i >= argc)
+ {
+ command = getenv("SHELL");
+ if (command == NULL || *command == 0) command = "/bin/sh";
+ if (!quiet) printf("running %s ...\n", command);
+ }
+else
+ {
+ command = argv[i];
+ if (!quiet) printf("running the command ...\n");
+ }
+
+/* Run the command, saving and restoring the times if required. */
+
+if (restore_times)
+ {
+ struct stat strestore;
+#ifdef EXIM_HAVE_OPENAT
+ int fd = open(filename, O_RDWR); /* use fd for both get & restore */
+ struct timespec tt[2];
+
+ if (fd < 0)
+ {
+ printf("open '%s': %s\n", filename, strerror(errno));
+ yield = 1;
+ goto CLEAN_UP;
+ }
+ if (fstat(fd, &strestore) != 0)
+ {
+ printf("fstat '%s': %s\n", filename, strerror(errno));
+ yield = 1;
+ close(fd);
+ goto CLEAN_UP;
+ }
+ i = system(command);
+ tt[0] = strestore.st_atim;
+ tt[1] = strestore.st_mtim;
+ (void) futimens(fd, tt);
+ (void) close(fd);
+#else
+ struct utimbuf ut;
+
+ stat(filename, &strestore);
+ i = system(command);
+ ut.actime = strestore.st_atime;
+ ut.modtime = strestore.st_mtime;
+ utime(filename, &ut);
+#endif
+ }
+else i = system(command);
+
+if(i && !quiet) printf("warning: nonzero status %d\n", i);
+
+/* Remove the locks and exit. Unlink the /tmp file if we can get an exclusive
+lock on the mailbox. This should be a non-blocking lock call, as there is no
+point in waiting. */
+
+CLEAN_UP:
+
+if (md >= 0)
+ {
+ if (apply_lock(fd, F_WRLCK, use_fcntl, 0, use_flock, 0) >= 0)
+ {
+ if (!quiet) printf("exim_lock: %s unlinked - no sharers\n", tempname);
+ unlink(tempname);
+ }
+ else if (!quiet)
+ printf("exim_lock: %s not unlinked - unable to get exclusive mailbox lock\n",
+ tempname);
+ if (close(md) < 0)
+ printf("exim_lock: close %s failed: %s\n", tempname, strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: %s closed\n", tempname);
+ }
+
+if (fd >= 0)
+ {
+ if (close(fd) < 0)
+ printf("exim_lock: close %s failed: %s\n", filename, strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: %s closed\n", filename);
+ }
+
+if (hd >= 0)
+ {
+ if (unlink(lockname) < 0)
+ printf("exim_lock: unlink %s failed: %s\n", lockname, strerror(errno));
+ else
+ if (!quiet) printf("exim_lock: lock file removed\n");
+ }
+
+return yield;
+}
+
+/* End */