Removed unnecessary locking. Simplified. Tidied.

1 files changed, 181 insertions, 305 deletions

diff --git a/usr.sbin/ctm/ctm_smail/ctm_smail.c b/usr.sbin/ctm/ctm_smail/ctm_smail.c
index 6be0a0d..56379eb 100644
--- a/usr.sbin/ctm/ctm_smail/ctm_smail.c
+++ b/usr.sbin/ctm/ctm_smail/ctm_smail.c
@@ -1,8 +1,9 @@
 /*
  * Send a compressed CTM delta to a recipient mailing list by encoding it
- * in safe ASCII characters, in mailer-friendly chunks, and passing it
- * to sendmail.  The encoding is almost the same as MIME BASE64, and is
- * protected by a simple checksum.
+ * in safe ASCII characters, in mailer-friendly chunks, and passing them
+ * to sendmail.  Optionally, the chunks can be queued to be sent later by
+ * ctm_dequeue in controlled bursts.  The encoding is almost the same as
+ * MIME BASE64, and is protected by a simple checksum.
  *
  * Author: Stephen McKay
  *
@@ -10,7 +11,7 @@
  * In return you should think about all the nice people who give away software.
  * Maybe you should write some free software too.
  *
- * $Id: ctm_smail.c,v 1.7 1996/09/07 18:48:44 peter Exp $
+ * $Id: ctm_smail.c,v 1.8 1996/09/07 21:06:19 peter Exp $
  */
 
 #include <stdio.h>
@@ -22,38 +23,42 @@
 #include <sys/stat.h>
 #include <errno.h>
 #include <paths.h>
+#include <limits.h>
 #include "error.h"
 #include "options.h"
 
 #define DEF_MAX_MSG	64000	/* Default maximum mail msg minus headers. */
 
-#define LINE_LENGTH	76	/* Chars per encode line. Divisible by 4. */
+#define LINE_LENGTH	76	/* Chars per encoded line. Divisible by 4. */
 
-void chop_and_send(char *delta, off_t ctm_size, long max_msg_size,
+int chop_and_send_or_queue(FILE *dfp, char *delta, off_t ctm_size,
+	long max_msg_size, char *mail_alias, char *queue_dir);
+int chop_and_send(FILE *dfp, char *delta, long msg_size, int npieces,
 	char *mail_alias);
-void chop_and_queue(char *delta, off_t ctm_size, long max_msg_size,
-	char *queue_dir, char *mail_alias);
-unsigned encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size);
+int chop_and_queue(FILE *dfp, char *delta, long msg_size, int npieces,
+	char *mail_alias, char *queue_dir);
+void clean_up_queue(char *queue_dir);
+int encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size, unsigned *sum);
 void write_header(FILE *sfp, char *mail_alias, char *delta, int pce,
 	int npieces);
 void write_trailer(FILE *sfp, unsigned sum);
-void apologise(char *delta, off_t ctm_size, long max_ctm_size,
+int apologise(char *delta, off_t ctm_size, long max_ctm_size,
 	char *mail_alias);
 FILE *open_sendmail(void);
 int close_sendmail(FILE *fp);
-int lock_queuedir(char *queue_dir);
-void free_lock(int lockf, char *queue_dir);
-void add_to_queue(char *queue_dir, char *mail_alias, char *delta, int npieces, char **tempnames);
 
 int
 main(int argc, char **argv)
     {
+    int status = 0;
     char *delta_file;
     char *mail_alias;
     long max_msg_size = DEF_MAX_MSG;
     long max_ctm_size = 0;
     char *log_file = NULL;
     char *queue_dir = NULL;
+    char *delta;
+    FILE *dfp;
     struct stat sb;
 
     err_prog_name(argv[0]);
@@ -74,43 +79,44 @@ main(int argc, char **argv)
     delta_file = argv[1];
     mail_alias = argv[2];
 
-    if (stat(delta_file, &sb) < 0)
+    if ((delta = strrchr(delta_file, '/')) == NULL)
+	delta = delta_file;
+    else
+	delta++;
+
+    if ((dfp = fopen(delta_file, "r")) == NULL || fstat(fileno(dfp), &sb) < 0)
 	{
-	err("%s: %s", delta_file, strerror(errno));
+	err("*%s", delta_file);
 	exit(1);
 	}
 
     if (max_ctm_size != 0 && sb.st_size > max_ctm_size)
-	apologise(delta_file, sb.st_size, max_ctm_size, mail_alias);
-    else if (queue_dir == NULL)
-	chop_and_send(delta_file, sb.st_size, max_msg_size, mail_alias);
+	status = apologise(delta, sb.st_size, max_ctm_size, mail_alias);
     else
-	chop_and_queue(delta_file, sb.st_size, max_msg_size, queue_dir, mail_alias);
+	status = chop_and_send_or_queue(dfp, delta, sb.st_size, max_msg_size,
+		mail_alias, queue_dir);
 
-    return 0;
+    fclose(dfp);
+
+    return status;
     }
 
 
 /*
- * Carve our CTM delta into pieces, encode them, and send them.
+ * Carve our CTM delta into pieces, encode them, and send or queue them.
+ * Returns 0 on success, and 1 on failure.
  */
-void
-chop_and_send(char *delta, off_t ctm_size, long max_msg_size, char *mail_alias)
+int
+chop_and_send_or_queue(FILE *dfp, char *delta, off_t ctm_size,
+	long max_msg_size, char *mail_alias, char *queue_dir)
     {
     int npieces;
     long msg_size;
     long exp_size;
-    int pce;
-    FILE *sfp;
-    FILE *dfp;
-    unsigned sum;
-    char *deltaname;
+    int status;
 
-#ifdef howmany
 #undef howmany
-#endif
-
-#define	howmany(x, y)	(((x) + ((y) - 1)) / (y))
+#define	howmany(x,y)	(((x)+((y)-1)) / (y))
 
     /*
      * Work out how many pieces we need, bearing in mind that each piece
@@ -125,143 +131,160 @@ chop_and_send(char *delta, off_t ctm_size, long max_msg_size, char *mail_alias)
 
 #undef howmany
 
-    if ((dfp = fopen(delta, "r")) == NULL)
+    if (queue_dir == NULL)
+	status = chop_and_send(dfp, delta, msg_size, npieces, mail_alias);
+    else
 	{
-	err("cannot open '%s' for reading.", delta);
-	exit(1);
+	status = chop_and_queue(dfp, delta, msg_size, npieces, mail_alias,
+		queue_dir);
+	if (status)
+	    clean_up_queue(queue_dir);
 	}
 
-    deltaname = strrchr(delta, '/');
-    if (deltaname)
-	deltaname++;	/* skip slash */
-    else
-	deltaname = delta;
+    return status;
+    }
+
+
+/*
+ * Carve our CTM delta into pieces, encode them, and send them.
+ * Returns 0 on success, and 1 on failure.
+ */
+int
+chop_and_send(FILE *dfp, char *delta, long msg_size, int npieces,
+	char *mail_alias)
+    {
+    int pce;
+    FILE *sfp;
+    unsigned sum;
 
+    /*
+     * Send each chunk directly to sendmail as it is generated.
+     * No temporary files necessary.  If things turn ugly, we just
+     * have to live with the fact the we have sent only part of
+     * the delta.
+     */
     for (pce = 1; pce <= npieces; pce++)
 	{
-	sfp = open_sendmail();
-	if (sfp == NULL)
-	    exit(1);
+	int read_error;
+
+	if ((sfp = open_sendmail()) == NULL)
+	    return 1;
+
 	write_header(sfp, mail_alias, delta, pce, npieces);
-	sum = encode_body(sfp, dfp, msg_size);
-	write_trailer(sfp, sum);
-	if (!close_sendmail(sfp))
-	    exit(1);
-	err("%s %d/%d sent to %s", deltaname, pce, npieces, mail_alias);
+	read_error = encode_body(sfp, dfp, msg_size, &sum);
+	if (!read_error)
+	    write_trailer(sfp, sum);
+
+	if (!close_sendmail(sfp) || read_error)
+	    return 1;
+
+	err("%s %d/%d sent to %s", delta, pce, npieces, mail_alias);
 	}
 
-    fclose(dfp);
+    return 0;
     }
 
-/* 
- * Carve our CTM delta into pieces, encode them, and drop them in the
- * queue dir.
- *
- * Basic algorythm:
- *
- * - for (each piece)
- * -   gen. temp. file name (one which the de-queuer will ignore)
- * -   record in array
- * -   open temp. file
- * -   encode delta (including headers) into the temp file
- * -   close temp. file
- * - end
- * - lock queue directory
- * - foreach (temp. file)
- * -   rename to the proper filename
- * - end
- * - unlock queue directory
- *
- * This is probably overkill, but it means that incomplete deltas
- * don't get mailed, and also reduces the window for lock races
- * between ctm_smail and the de-queueing process.
+
+/*
+ * Construct the tmp queue file name of a delta piece.
  */
+#define mk_tmp_name(fn,qd,p) \
+    sprintf((fn), "%s/.%08ld.%03d", (qd), (long)getpid(), (p))
 
-void
-chop_and_queue(char *delta, off_t ctm_size, long max_msg_size, char *queue_dir, char *mail_alias)
-{
-    int npieces, pce, len;
-    long msg_size, exp_size;
-    FILE *sfp, *dfp;
-    unsigned sum;
-    char **tempnames, *tempnam, *sn;
+/*
+ * Construct the final queue file name of a delta piece.
+ */
+#define mk_queue_name(fn,qd,d,p,n) \
+    sprintf((fn), "%s/%s+%03d-%03d", (qd), (d), (p), (n))
 
-#define	howmany(x, y)	(((x) + ((y) - 1)) / (y))
+/*
+ * Carve our CTM delta into pieces, encode them, and queue them.
+ * Returns 0 on success, and 1 on failure.
+ */
+int
+chop_and_queue(FILE *dfp, char *delta, long msg_size, int npieces,
+	char *mail_alias, char *queue_dir)
+    {
+    int pce;
+    FILE *qfp;
+    unsigned sum;
+    char tname[PATH_MAX];
+    char qname[PATH_MAX];
 
     /*
-     * Work out how many pieces we need, bearing in mind that each piece
-     * grows by 4/3 when encoded.  We count the newlines too, but ignore
-     * all mail headers and piece headers.  They are a "small" (almost
-     * constant) per message overhead that we make the user worry about. :-)
+     * Store each piece in the queue directory, but under temporary names,
+     * so that they can be deleted without unpleasant consequences if
+     * anything goes wrong.  We could easily fill up a disk, for example.
      */
-    exp_size = ctm_size * 4 / 3;
-    exp_size += howmany(exp_size, LINE_LENGTH);
-    npieces = howmany(exp_size, max_msg_size);
-    msg_size = howmany(ctm_size, npieces);
+    for (pce = 1; pce <= npieces; pce++)
+	{
+	int write_error;
 
-#undef howmany
+	mk_tmp_name(tname, queue_dir, pce);
+	if ((qfp = fopen(tname, "w")) == NULL)
+	    {
+	    err("cannot open '%s' for writing", tname);
+	    return 1;
+	    }
 
-    /*
-     * allocate space for the array of filenames. Try to be portable
-     * by not assuming anything to do with sizeof(char *)
-     */
-    tempnames = malloc(npieces * sizeof(char *));
-    if (tempnames == NULL)
-    {
-	err("malloc for tempnames failed");
-	exit(1);
-    }
- 
-    len = strlen(queue_dir) + 16;
-    tempnam = malloc(len);
-    if (tempnam == NULL)
-    {
-	err("malloc for tempnames failed");
-	exit(1);
-    }
-    
-    if ((dfp = fopen(delta, "r")) == NULL)
-    {
-	err("cannot open '%s' for reading.", delta);
-	exit(1);
-    }
+	write_header(qfp, mail_alias, delta, pce, npieces);
+	if (encode_body(qfp, dfp, msg_size, &sum))
+	    return 1;
+	write_trailer(qfp, sum);
 
-    if ((sn = strrchr(delta, '/')) == NULL)
-	sn = delta;
-    else
-	sn++;
+	fflush(qfp);
+	write_error = ferror(qfp);
+	fclose(qfp);
+	if (write_error)
+	    {
+	    err("error writing '%s'", tname);
+	    return 1;
+	    }
 
-    for (pce = 1; pce <= npieces; pce++)
-    {
-	if (snprintf(tempnam, len, "%s/.%08d-%03d", queue_dir, getpid(), pce) >= len)
-	    err("Whoops! tempnam isn't long enough");
+	/*
+	 * Give the warm success message now, instead of all in a rush
+	 * during the rename phase.
+	 */
+	err("%s %d/%d queued for %s", delta, pce, npieces, mail_alias);
+	}
 
-	tempnames[pce - 1] = strdup(tempnam);
-	if (tempnames[pce - 1] == NULL)
+    /*
+     * Rename the pieces into place.  If an error occurs now, we are
+     * stuffed, but there is no neat way to back out.  rename() should
+     * only fail now under extreme circumstances.
+     */
+    for (pce = 1; pce <= npieces; pce++)
 	{
-	    err("strdup failed for temp. filename");
-	    exit(1);
+	mk_tmp_name(tname, queue_dir, pce);
+	mk_queue_name(qname, queue_dir, delta, pce, npieces);
+	if (rename(tname, qname) < 0)
+	    {
+	    err("*rename: '%s' to '%s'", tname, qname);
+	    unlink(tname);
+	    }
 	}
 
-	sfp = fopen(tempnam, "w");
-	if (sfp == NULL)
-	    exit(1);
-	
-	write_header(sfp, mail_alias, delta, pce, npieces);
-	sum = encode_body(sfp, dfp, msg_size);
-	write_trailer(sfp, sum);
-
-	if (fclose(sfp) != 0)
-	    exit(1);
-
-	err("%s %d/%d created succesfully", sn, pce, npieces);
+    return 0;
     }
 
-    add_to_queue(queue_dir, mail_alias, delta, npieces, tempnames);
 
-    fclose(dfp);
+/*
+ * There may be temporary files cluttering up the queue directory.
+ */
+void
+clean_up_queue(char *queue_dir)
+    {
+    int pce;
+    char tname[PATH_MAX];
 
-}
+    err("discarding queued delta pieces");
+    for (pce = 1; ; pce++)
+	{
+	mk_tmp_name(tname, queue_dir, pce);
+	if (unlink(tname) < 0)
+	    break;
+	}
+    }
 
 
 /*
@@ -288,8 +311,8 @@ static char to_b64[0x40] =
  * of 4 characters encodes 3 input characters.  Each output character encodes
  * 6 bits.  Thus 64 different characters are needed in this representation.
  */
-unsigned
-encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size)
+int
+encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size, unsigned *sum)
     {
     unsigned short cksum = 0xffff;
     unsigned char *ip;
@@ -344,16 +367,12 @@ encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size)
     if (ferror(delta_fp))
 	{
 	err("error reading input file.");
-	exit(1);
+	return 1;
 	}
 
-    if (ferror(sm_fp))
-	{
-	err("error writing encoded file");
-	exit(1);
-	}
+    *sum = cksum;
 
-    return cksum;
+    return 0;
     }
 
 
@@ -363,18 +382,11 @@ encode_body(FILE *sm_fp, FILE *delta_fp, long msg_size)
 void
 write_header(FILE *sfp, char *mail_alias, char *delta, int pce, int npieces)
     {
-    char *sn;
-
-    if ((sn = strrchr(delta, '/')) == NULL)
-	sn = delta;
-    else
-	sn++;
-
     fprintf(sfp, "From: owner-%s\n", mail_alias);
     fprintf(sfp, "To: %s\n", mail_alias);
-    fprintf(sfp, "Subject: ctm-mail %s %d/%d\n\n", sn, pce, npieces);
+    fprintf(sfp, "Subject: ctm-mail %s %d/%d\n\n", delta, pce, npieces);
 
-    fprintf(sfp, "CTM_MAIL BEGIN %s %d %d\n", sn, pce, npieces);
+    fprintf(sfp, "CTM_MAIL BEGIN %s %d %d\n", delta, pce, npieces);
     }
 
 
@@ -390,32 +402,30 @@ write_trailer(FILE *sfp, unsigned sum)
 
 /*
  * We're terribly sorry, but the delta is too big to send.
+ * Returns 0 on success, 1 on failure.
  */
-void
+int
 apologise(char *delta, off_t ctm_size, long max_ctm_size, char *mail_alias)
     {
     FILE *sfp;
-    char *sn;
 
     sfp = open_sendmail();
     if (sfp == NULL)
-	exit(1);
-
-    if ((sn = strrchr(delta, '/')) == NULL)
-	sn = delta;
-    else
-	sn++;
+	return 1;
 
-    fprintf(sfp, "From: %s-owner\n", mail_alias);
+    fprintf(sfp, "From: owner-%s\n", mail_alias);
     fprintf(sfp, "To: %s\n", mail_alias);
-    fprintf(sfp, "Subject: ctm-notice %s\n\n", sn);
+    fprintf(sfp, "Subject: ctm-notice %s\n\n", delta);
 
-    fprintf(sfp, "%s is %ld bytes.  The limit is %ld bytes.\n\n", sn,
+    fprintf(sfp, "%s is %ld bytes.  The limit is %ld bytes.\n\n", delta,
 	(long)ctm_size, max_ctm_size);
-    fprintf(sfp, "You can retrieve this delta via ftpmail, or your good mate at the university.\n");
+    fprintf(sfp, "You can retrieve this delta via ftpmail, "
+	"or your good mate at the university.\n");
 
     if (!close_sendmail(sfp))
-	exit(1);
+	return 1;
+
+    return 0;
     }
 
 
@@ -457,137 +467,3 @@ close_sendmail(FILE *fp)
 
     return (status == 0);
     }
-
-/*
- * Lock the queuedir so we're the only guy messing about in there.
- */
-int
-lock_queuedir(char *queue_dir)
-{
-    int fp, len;
-    char *buffer;
-    struct stat sb;
-
-    len = strlen(queue_dir) + 8;
-
-    buffer = malloc(len);
-    if (buffer == NULL)
-    {
-	err("malloc failed in lock_queuedir");
-	exit(1);
-    }
-
-    if (snprintf(buffer, len, "%s/.lock", queue_dir) >= len)
-	err("Whoops. lock buffer too small in lock_queuedir");
-
-    /*
-     * We do our own lockfile scanning to avoid unlink races. 60
-     * seconds should be enough to ensure that we won't get more races
-     * happening between the stat and the open/flock.
-     */
-
-    while (stat(buffer, &sb) == 0)
-	sleep(60);
-
-    if ((fp = open(buffer, O_WRONLY | O_CREAT | O_EXLOCK, 0600)) < 0)
-    {
-	err("can't open `%s' in lock_queuedir", buffer);
-	exit(1);
-    }
-
-    snprintf(buffer, len, "%8ld", getpid());
-    write(fp, buffer, 8);
-
-    free(buffer);
-    
-    return(fp);
-}
-
-/*
- * Lock the queuedir so we're the only guy messing about in there.
- */
-void
-free_lock(int lockf, char *queue_dir)
-{
-    int len;
-    char *path;
-
-    /*
-     * Most important: free the lock before we do anything else!
-     */
-
-    close(lockf);
-
-    len = strlen(queue_dir) + 7;
-
-    path = malloc(len);
-    if (path == NULL)
-    {
-	err("malloc failed in free_lock");
-	exit(1);
-    }
-
-    if (snprintf(path, len, "%s/.lock", queue_dir) >= len)
-	err("lock path buffer too small in free_lock");
-
-    if (unlink(path) != 0)
-    {
-	err("can't unlink lockfile `%s'", path);
-	exit(1);
-    }
-
-    free(path);
-}
-
-/* move everything into the queue directory. */
-
-void
-add_to_queue(char *queue_dir, char *mail_alias, char *delta, int npieces, char **tempnames)
-{
-    char *queuefile, *sn;
-    int pce, len, lockf;
-    
-    if ((sn = strrchr(delta, '/')) == NULL)
-	sn = delta;
-    else
-	sn++;
-
-    /* try to malloc all we need BEFORE entering the lock loop */
-    
-    len = strlen(queue_dir) + strlen(sn) + 7;
-    queuefile = malloc(len);
-    if (queuefile == NULL)
-    {
-	err("can't malloc for queuefile");
-	exit(1);
-    }
-
-    /*
-     * We should be the only process mucking around in the queue
-     * directory while we add the new queue files ... it could be
-     * awkward if the de-queue process starts it's job while we're
-     * adding files ...
-     */
-
-    lockf = lock_queuedir(queue_dir);
-    for (pce = 0; pce < npieces; pce++)
-    {
-	struct stat sb;
-
-	if (snprintf(queuefile, len, "%s/%s+%03d", queue_dir, sn, pce + 1) >= len)
-	    err("whoops, queuefile buffer is too small");
-
-	if (stat(queuefile, &sb) == 0)
-	{
-	    err("WOAH! Queue file `%s' already exists! Bailing out.", queuefile);
-	    free_lock(lockf, queue_dir);
-	    exit(1);
-	}
-
-	rename(tempnames[pce], queuefile);
-    }
-    
-    free_lock(lockf, queue_dir);
-
-    free(queuefile);
-}