1 /*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 static char copyright[] = 10 "@(#) Copyright (c) 1990, 1993, 1994\n\ 11 The Regents of the University of California. All rights reserved.\n"; 12 #endif /* not lint */ 13 14 #ifndef lint 15 static char sccsid[] = "@(#)mail.local.c 8.19 (Berkeley) 05/22/95"; 16 #endif /* not lint */ 17 18 /* 19 * This is not intended to compile on System V derived systems 20 * such as Solaris or HP-UX, since they use a totally different 21 * approach to mailboxes (essentially, they have a setgid program 22 * rather than setuid, and they rely on the ability to "give away" 23 * files to do their work). IT IS NOT A BUG that this doesn't 24 * compile on such architectures. 25 */ 26 27 #include <sys/param.h> 28 #include <sys/stat.h> 29 #include <sys/socket.h> 30 31 #include <netinet/in.h> 32 33 #include <errno.h> 34 #include <fcntl.h> 35 #include <netdb.h> 36 #include <pwd.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <sysexits.h> 41 #include <syslog.h> 42 #include <time.h> 43 #include <unistd.h> 44 #include <ctype.h> 45 46 #if __STDC__ 47 #include <stdarg.h> 48 #else 49 #include <varargs.h> 50 #endif 51 52 #ifndef LOCK_EX 53 # include <sys/file.h> 54 #endif 55 56 #ifdef BSD4_4 57 # include "pathnames.h" 58 #endif 59 60 #ifndef __P 61 # ifdef __STDC__ 62 # define __P(protos) protos 63 # else 64 # define __P(protos) () 65 # define const 66 # endif 67 #endif 68 #ifndef __dead 69 # if defined(__GNUC__) && (__GNUC__ < 2 || __GNUC_MINOR__ < 5) && !defined(__STRICT_ANSI__) 70 # define __dead __volatile 71 # else 72 # define __dead 73 # endif 74 #endif 75 76 #ifndef BSD4_4 77 # define _BSD_VA_LIST_ va_list 78 extern char *strerror __P((int)); 79 extern int snprintf __P((char *, int, const char *, ...)); 80 #endif 81 82 /* 83 * Compile with -DHAS_SAVED_IDS=0 if you don't have saved uids. It will 84 * swap the effective uid (root) into the real uid using setreuid(), 85 * setting the effective uid to the recipient user, and then swap root 86 * back to effective uid when done. 87 * 88 * Use -DHAS_SAVED_IDS=1 if you can use seteuid(x) several times for 89 * various values of "x" -- that is, if your system will notice that you 90 * were originally invoked as root, and hence will allow future swaps. 91 * 92 * The following heuristic works for most common systems. Note that 93 * SunOS claims to have _POSIX_SAVED_IDS, but doesn't -- but it does 94 * have an older version of _POSIX_VERSION. 95 * 96 * If you have a pure Posix system that does not have seteuid() or 97 * setreuid() (emulations don't count!) then you are out of luck. 98 */ 99 100 #ifndef HASSAVEDUIDS 101 # if defined(_POSIX_SAVED_IDS) && _POSIX_VERSION >= 199009L 102 # define HAS_SAVED_IDS 1 103 # else 104 # define HAS_SAVED_IDS 0 105 # endif 106 #endif 107 108 #ifdef __hpux 109 # define seteuid(e) setresuid(-1, e, -1) 110 #endif 111 112 #ifndef _PATH_LOCTMP 113 # define _PATH_LOCTMP "/tmp/local.XXXXXX" 114 #endif 115 #ifndef _PATH_MAILDIR 116 # define _PATH_MAILDIR "/var/spool/mail" 117 #endif 118 119 #ifndef S_ISREG 120 # define S_ISREG(mode) (((mode) & _S_IFMT) == S_IFREG) 121 #endif 122 123 int eval = EX_OK; /* sysexits.h error value. */ 124 125 void deliver __P((int, char *)); 126 void e_to_sys __P((int)); 127 __dead void err __P((const char *, ...)); 128 void notifybiff __P((char *)); 129 int store __P((char *)); 130 void usage __P((void)); 131 void vwarn __P((const char *, _BSD_VA_LIST_)); 132 void warn __P((const char *, ...)); 133 134 int 135 main(argc, argv) 136 int argc; 137 char *argv[]; 138 { 139 struct passwd *pw; 140 int ch, fd; 141 uid_t uid; 142 char *from; 143 extern char *optarg; 144 extern int optind; 145 146 /* make sure we have some open file descriptors */ 147 for (fd = 10; fd < 30; fd++) 148 (void) close(fd); 149 150 /* use a reasonable umask */ 151 (void) umask(0077); 152 153 #ifdef LOG_MAIL 154 openlog("mail.local", 0, LOG_MAIL); 155 #else 156 openlog("mail.local", 0); 157 #endif 158 159 from = NULL; 160 while ((ch = getopt(argc, argv, "df:r:")) != EOF) 161 switch(ch) { 162 case 'd': /* Backward compatible. */ 163 break; 164 case 'f': 165 case 'r': /* Backward compatible. */ 166 if (from != NULL) { 167 warn("multiple -f options"); 168 usage(); 169 } 170 from = optarg; 171 break; 172 case '?': 173 default: 174 usage(); 175 } 176 argc -= optind; 177 argv += optind; 178 179 if (!*argv) 180 usage(); 181 182 /* 183 * If from not specified, use the name from getlogin() if the 184 * uid matches, otherwise, use the name from the password file 185 * corresponding to the uid. 186 */ 187 uid = getuid(); 188 if (!from && (!(from = getlogin()) || 189 !(pw = getpwnam(from)) || pw->pw_uid != uid)) 190 from = (pw = getpwuid(uid)) ? pw->pw_name : "???"; 191 192 /* 193 * There is no way to distinguish the error status of one delivery 194 * from the rest of the deliveries. So, if we failed hard on one 195 * or more deliveries, but had no failures on any of the others, we 196 * return a hard failure. If we failed temporarily on one or more 197 * deliveries, we return a temporary failure regardless of the other 198 * failures. This results in the delivery being reattempted later 199 * at the expense of repeated failures and multiple deliveries. 200 */ 201 for (fd = store(from); *argv; ++argv) 202 deliver(fd, *argv); 203 exit(eval); 204 } 205 206 int 207 store(from) 208 char *from; 209 { 210 FILE *fp; 211 time_t tval; 212 int fd, eline; 213 char line[2048]; 214 char tmpbuf[sizeof _PATH_LOCTMP + 1]; 215 216 strcpy(tmpbuf, _PATH_LOCTMP); 217 if ((fd = mkstemp(tmpbuf)) == -1 || (fp = fdopen(fd, "w+")) == NULL) { 218 e_to_sys(errno); 219 err("unable to open temporary file"); 220 } 221 (void)unlink(tmpbuf); 222 223 (void)time(&tval); 224 (void)fprintf(fp, "From %s %s", from, ctime(&tval)); 225 226 line[0] = '\0'; 227 for (eline = 1; fgets(line, sizeof(line), stdin);) { 228 if (line[0] == '\n') 229 eline = 1; 230 else { 231 if (eline && line[0] == 'F' && 232 !memcmp(line, "From ", 5)) 233 (void)putc('>', fp); 234 eline = 0; 235 } 236 (void)fprintf(fp, "%s", line); 237 if (ferror(fp)) { 238 e_to_sys(errno); 239 err("temporary file write error"); 240 } 241 } 242 243 /* If message not newline terminated, need an extra. */ 244 if (!strchr(line, '\n')) 245 (void)putc('\n', fp); 246 /* Output a newline; note, empty messages are allowed. */ 247 (void)putc('\n', fp); 248 249 if (fflush(fp) == EOF || ferror(fp)) { 250 e_to_sys(errno); 251 err("temporary file write error"); 252 } 253 return (fd); 254 } 255 256 void 257 deliver(fd, name) 258 int fd; 259 char *name; 260 { 261 struct stat fsb, sb; 262 struct passwd *pw; 263 int mbfd, nr, nw, off; 264 char *p; 265 char biffmsg[100], buf[8*1024], path[MAXPATHLEN]; 266 off_t curoff; 267 268 /* 269 * Disallow delivery to unknown names -- special mailboxes can be 270 * handled in the sendmail aliases file. 271 */ 272 if (!(pw = getpwnam(name))) { 273 if (eval != EX_TEMPFAIL) 274 eval = EX_UNAVAILABLE; 275 warn("unknown name: %s", name); 276 return; 277 } 278 279 /* 280 * Keep name reasonably short to avoid buffer overruns. 281 * This isn't necessary on BSD because of the proper 282 * definition of snprintf(), but it can cause problems 283 * on other systems. 284 * Also, clear out any bogus characters. 285 */ 286 287 if (strlen(name) > 40) 288 name[40] = '\0'; 289 for (p = name; *p != '\0'; p++) 290 { 291 if (!isascii(*p)) 292 *p &= 0x7f; 293 else if (!isprint(*p)) 294 *p = '.'; 295 } 296 297 (void)snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name); 298 299 /* 300 * If the mailbox is linked or a symlink, fail. There's an obvious 301 * race here, that the file was replaced with a symbolic link after 302 * the lstat returned, but before the open. We attempt to detect 303 * this by comparing the original stat information and information 304 * returned by an fstat of the file descriptor returned by the open. 305 * 306 * NB: this is a symptom of a larger problem, that the mail spooling 307 * directory is writeable by the wrong users. If that directory is 308 * writeable, system security is compromised for other reasons, and 309 * it cannot be fixed here. 310 * 311 * If we created the mailbox, set the owner/group. If that fails, 312 * just return. Another process may have already opened it, so we 313 * can't unlink it. Historically, binmail set the owner/group at 314 * each mail delivery. We no longer do this, assuming that if the 315 * ownership or permissions were changed there was a reason. 316 * 317 * XXX 318 * open(2) should support flock'ing the file. 319 */ 320 tryagain: 321 lockmbox(path); 322 if (lstat(path, &sb)) { 323 mbfd = open(path, 324 O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); 325 if (mbfd == -1) { 326 if (errno == EEXIST) 327 goto tryagain; 328 } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { 329 e_to_sys(errno); 330 warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); 331 goto err1; 332 } 333 } else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode)) { 334 e_to_sys(errno); 335 warn("%s: irregular file", path); 336 goto err0; 337 } else if (sb.st_uid != pw->pw_uid) { 338 warn("%s: wrong ownership (%d)", path, sb.st_uid); 339 unlockmbox(); 340 return; 341 } else { 342 mbfd = open(path, O_APPEND|O_WRONLY, 0); 343 if (mbfd != -1 && 344 (fstat(mbfd, &fsb) || fsb.st_nlink != 1 || 345 !S_ISREG(fsb.st_mode) || sb.st_dev != fsb.st_dev || 346 sb.st_ino != fsb.st_ino || sb.st_uid != fsb.st_uid)) { 347 warn("%s: file changed after open", path); 348 goto err1; 349 } 350 } 351 352 if (mbfd == -1) { 353 e_to_sys(errno); 354 warn("%s: %s", path, strerror(errno)); 355 goto err0; 356 } 357 358 /* Wait until we can get a lock on the file. */ 359 if (flock(mbfd, LOCK_EX)) { 360 e_to_sys(errno); 361 warn("%s: %s", path, strerror(errno)); 362 goto err1; 363 } 364 365 /* Get the starting offset of the new message for biff. */ 366 curoff = lseek(mbfd, (off_t)0, SEEK_END); 367 (void)snprintf(biffmsg, sizeof(biffmsg), 368 sizeof curoff > sizeof(long) ? "%s@%qd\n" : "%s@%ld\n", 369 name, curoff); 370 371 /* Copy the message into the file. */ 372 if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) { 373 e_to_sys(errno); 374 warn("temporary file: %s", strerror(errno)); 375 goto err1; 376 } 377 #if HAS_SAVED_IDS 378 if (seteuid(pw->pw_uid) < 0) { 379 e_to_sys(errno); 380 warn("seteuid(%d): %s", pw->pw_uid, strerror(errno)); 381 goto err1; 382 } 383 #else 384 if (setreuid(0, pw->pw_uid) < 0) { 385 e_to_sys(errno); 386 warn("setreuid(0, %d): %s (r=%d, e=%d)", 387 pw->pw_uid, strerror(errno), getuid(), geteuid()); 388 goto err1; 389 } 390 #endif 391 #ifdef DEBUG 392 printf("new euid = %d\n", geteuid()); 393 #endif 394 while ((nr = read(fd, buf, sizeof(buf))) > 0) 395 for (off = 0; off < nr; off += nw) 396 if ((nw = write(mbfd, buf + off, nr - off)) < 0) { 397 e_to_sys(errno); 398 warn("%s: %s", path, strerror(errno)); 399 goto err3; 400 } 401 if (nr < 0) { 402 e_to_sys(errno); 403 warn("temporary file: %s", strerror(errno)); 404 goto err3; 405 } 406 407 /* Flush to disk, don't wait for update. */ 408 if (fsync(mbfd)) { 409 e_to_sys(errno); 410 warn("%s: %s", path, strerror(errno)); 411 err3: 412 #if !HAS_SAVED_IDS 413 if (setreuid(0, 0) < 0) { 414 e_to_sys(errno); 415 warn("setreuid(0, 0): %s", strerror(errno)); 416 } 417 # ifdef DEBUG 418 printf("reset euid = %d\n", geteuid()); 419 # endif 420 #endif 421 err2: (void)ftruncate(mbfd, curoff); 422 err1: (void)close(mbfd); 423 err0: unlockmbox(); 424 return; 425 } 426 427 /* Close and check -- NFS doesn't write until the close. */ 428 if (close(mbfd)) { 429 e_to_sys(errno); 430 warn("%s: %s", path, strerror(errno)); 431 unlockmbox(); 432 return; 433 } 434 435 #if !HAS_SAVED_IDS 436 if (setreuid(0, 0) < 0) { 437 e_to_sys(errno); 438 warn("setreuid(0, 0): %s", strerror(errno)); 439 } 440 # ifdef DEBUG 441 printf("reset euid = %d\n", geteuid()); 442 # endif 443 #endif 444 unlockmbox(); 445 notifybiff(biffmsg); 446 } 447 448 /* 449 * user.lock files are necessary for compatibility with other 450 * systems, e.g., when the mail spool file is NFS exported. 451 * Alas, mailbox locking is more than just a local matter. 452 * EPA 11/94. 453 */ 454 455 char lockname[MAXPATHLEN]; 456 int locked = 0; 457 458 lockmbox(path) 459 char *path; 460 { 461 int statfailed = 0; 462 463 if (locked) 464 return; 465 sprintf(lockname, "%s.lock", path); 466 for (;; sleep(5)) { 467 int fd; 468 struct stat st; 469 time_t now; 470 471 fd = open(lockname, O_WRONLY|O_EXCL|O_CREAT, 0); 472 if (fd >= 0) { 473 locked = 1; 474 close(fd); 475 return; 476 } 477 if (stat(lockname, &st) < 0) { 478 if (statfailed++ > 5) 479 return; 480 continue; 481 } 482 statfailed = 0; 483 time(&now); 484 if (now < st.st_ctime + 300) 485 continue; 486 unlink(lockname); 487 } 488 } 489 490 unlockmbox() 491 { 492 if (!locked) 493 return; 494 unlink(lockname); 495 locked = 0; 496 } 497 498 void 499 notifybiff(msg) 500 char *msg; 501 { 502 static struct sockaddr_in addr; 503 static int f = -1; 504 struct hostent *hp; 505 struct servent *sp; 506 int len; 507 508 if (!addr.sin_family) { 509 /* Be silent if biff service not available. */ 510 if (!(sp = getservbyname("biff", "udp"))) 511 return; 512 if (!(hp = gethostbyname("localhost"))) { 513 warn("localhost: %s", strerror(errno)); 514 return; 515 } 516 addr.sin_family = hp->h_addrtype; 517 memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); 518 addr.sin_port = sp->s_port; 519 } 520 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { 521 warn("socket: %s", strerror(errno)); 522 return; 523 } 524 len = strlen(msg) + 1; 525 if (sendto(f, msg, len, 0, (struct sockaddr *)&addr, sizeof(addr)) 526 != len) 527 warn("sendto biff: %s", strerror(errno)); 528 } 529 530 void 531 usage() 532 { 533 eval = EX_USAGE; 534 err("usage: mail.local [-f from] user ..."); 535 } 536 537 #if __STDC__ 538 void 539 err(const char *fmt, ...) 540 #else 541 void 542 err(fmt, va_alist) 543 const char *fmt; 544 va_dcl 545 #endif 546 { 547 va_list ap; 548 549 #if __STDC__ 550 va_start(ap, fmt); 551 #else 552 va_start(ap); 553 #endif 554 vwarn(fmt, ap); 555 va_end(ap); 556 557 exit(eval); 558 } 559 560 void 561 #if __STDC__ 562 warn(const char *fmt, ...) 563 #else 564 warn(fmt, va_alist) 565 const char *fmt; 566 va_dcl 567 #endif 568 { 569 va_list ap; 570 571 #if __STDC__ 572 va_start(ap, fmt); 573 #else 574 va_start(ap); 575 #endif 576 vwarn(fmt, ap); 577 va_end(ap); 578 } 579 580 void 581 vwarn(fmt, ap) 582 const char *fmt; 583 _BSD_VA_LIST_ ap; 584 { 585 /* 586 * Log the message to stderr. 587 * 588 * Don't use LOG_PERROR as an openlog() flag to do this, 589 * it's not portable enough. 590 */ 591 if (eval != EX_USAGE) 592 (void)fprintf(stderr, "mail.local: "); 593 (void)vfprintf(stderr, fmt, ap); 594 (void)fprintf(stderr, "\n"); 595 596 #ifndef ultrix 597 /* Log the message to syslog. */ 598 vsyslog(LOG_ERR, fmt, ap); 599 #else 600 { 601 char fmtbuf[10240]; 602 603 (void) sprintf(fmtbuf, fmt, ap); 604 syslog(LOG_ERR, "%s", fmtbuf); 605 } 606 #endif 607 } 608 609 /* 610 * e_to_sys -- 611 * Guess which errno's are temporary. Gag me. 612 */ 613 void 614 e_to_sys(num) 615 int num; 616 { 617 /* Temporary failures override hard errors. */ 618 if (eval == EX_TEMPFAIL) 619 return; 620 621 switch(num) { /* Hopefully temporary errors. */ 622 #ifdef EAGAIN 623 case EAGAIN: /* Resource temporarily unavailable */ 624 #endif 625 #ifdef EDQUOT 626 case EDQUOT: /* Disc quota exceeded */ 627 #endif 628 #ifdef EBUSY 629 case EBUSY: /* Device busy */ 630 #endif 631 #ifdef EPROCLIM 632 case EPROCLIM: /* Too many processes */ 633 #endif 634 #ifdef EUSERS 635 case EUSERS: /* Too many users */ 636 #endif 637 #ifdef ECONNABORTED 638 case ECONNABORTED: /* Software caused connection abort */ 639 #endif 640 #ifdef ECONNREFUSED 641 case ECONNREFUSED: /* Connection refused */ 642 #endif 643 #ifdef ECONNRESET 644 case ECONNRESET: /* Connection reset by peer */ 645 #endif 646 #ifdef EDEADLK 647 case EDEADLK: /* Resource deadlock avoided */ 648 #endif 649 #ifdef EFBIG 650 case EFBIG: /* File too large */ 651 #endif 652 #ifdef EHOSTDOWN 653 case EHOSTDOWN: /* Host is down */ 654 #endif 655 #ifdef EHOSTUNREACH 656 case EHOSTUNREACH: /* No route to host */ 657 #endif 658 #ifdef EMFILE 659 case EMFILE: /* Too many open files */ 660 #endif 661 #ifdef ENETDOWN 662 case ENETDOWN: /* Network is down */ 663 #endif 664 #ifdef ENETRESET 665 case ENETRESET: /* Network dropped connection on reset */ 666 #endif 667 #ifdef ENETUNREACH 668 case ENETUNREACH: /* Network is unreachable */ 669 #endif 670 #ifdef ENFILE 671 case ENFILE: /* Too many open files in system */ 672 #endif 673 #ifdef ENOBUFS 674 case ENOBUFS: /* No buffer space available */ 675 #endif 676 #ifdef ENOMEM 677 case ENOMEM: /* Cannot allocate memory */ 678 #endif 679 #ifdef ENOSPC 680 case ENOSPC: /* No space left on device */ 681 #endif 682 #ifdef EROFS 683 case EROFS: /* Read-only file system */ 684 #endif 685 #ifdef ESTALE 686 case ESTALE: /* Stale NFS file handle */ 687 #endif 688 #ifdef ETIMEDOUT 689 case ETIMEDOUT: /* Connection timed out */ 690 #endif 691 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK 692 case EWOULDBLOCK: /* Operation would block. */ 693 #endif 694 eval = EX_TEMPFAIL; 695 break; 696 default: 697 eval = EX_UNAVAILABLE; 698 break; 699 } 700 } 701 702 #ifndef BSD4_4 703 704 char * 705 strerror(eno) 706 int eno; 707 { 708 extern int sys_nerr; 709 extern char *sys_errlist[]; 710 static char ebuf[60]; 711 712 if (eno >= 0 && eno <= sys_nerr) 713 return sys_errlist[eno]; 714 (void) sprintf(ebuf, "Error %d", eno); 715 return ebuf; 716 } 717 718 #if __STDC__ 719 snprintf(char *buf, int bufsiz, const char *fmt, ...) 720 #else 721 snprintf(buf, bufsiz, fmt, va_alist) 722 char *buf; 723 int bufsiz; 724 const char *fmt; 725 va_dcl 726 #endif 727 { 728 va_list ap; 729 730 #if __STDC__ 731 va_start(ap, fmt); 732 #else 733 va_start(ap); 734 #endif 735 vsprintf(buf, fmt, ap); 736 va_end(ap); 737 } 738 739 #endif 740 741 #ifdef ultrix 742 743 /* 744 * Copyright (c) 1987, 1993 745 * The Regents of the University of California. All rights reserved. 746 * 747 * Redistribution and use in source and binary forms, with or without 748 * modification, are permitted provided that the following conditions 749 * are met: 750 * 1. Redistributions of source code must retain the above copyright 751 * notice, this list of conditions and the following disclaimer. 752 * 2. Redistributions in binary form must reproduce the above copyright 753 * notice, this list of conditions and the following disclaimer in the 754 * documentation and/or other materials provided with the distribution. 755 * 3. All advertising materials mentioning features or use of this software 756 * must display the following acknowledgement: 757 * This product includes software developed by the University of 758 * California, Berkeley and its contributors. 759 * 4. Neither the name of the University nor the names of its contributors 760 * may be used to endorse or promote products derived from this software 761 * without specific prior written permission. 762 * 763 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 764 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 765 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 766 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 767 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 768 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 769 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 770 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 771 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 772 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 773 * SUCH DAMAGE. 774 */ 775 776 #if defined(LIBC_SCCS) && !defined(lint) 777 static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; 778 #endif /* LIBC_SCCS and not lint */ 779 780 #include <sys/types.h> 781 #include <sys/stat.h> 782 #include <fcntl.h> 783 #include <errno.h> 784 #include <stdio.h> 785 #include <ctype.h> 786 787 static int _gettemp(); 788 789 mkstemp(path) 790 char *path; 791 { 792 int fd; 793 794 return (_gettemp(path, &fd) ? fd : -1); 795 } 796 797 /* 798 char * 799 mktemp(path) 800 char *path; 801 { 802 return(_gettemp(path, (int *)NULL) ? path : (char *)NULL); 803 } 804 */ 805 806 static 807 _gettemp(path, doopen) 808 char *path; 809 register int *doopen; 810 { 811 extern int errno; 812 register char *start, *trv; 813 struct stat sbuf; 814 u_int pid; 815 816 pid = getpid(); 817 for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ 818 while (*--trv == 'X') { 819 *trv = (pid % 10) + '0'; 820 pid /= 10; 821 } 822 823 /* 824 * check the target directory; if you have six X's and it 825 * doesn't exist this runs for a *very* long time. 826 */ 827 for (start = trv + 1;; --trv) { 828 if (trv <= path) 829 break; 830 if (*trv == '/') { 831 *trv = '\0'; 832 if (stat(path, &sbuf)) 833 return(0); 834 if (!S_ISDIR(sbuf.st_mode)) { 835 errno = ENOTDIR; 836 return(0); 837 } 838 *trv = '/'; 839 break; 840 } 841 } 842 843 for (;;) { 844 if (doopen) { 845 if ((*doopen = 846 open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) 847 return(1); 848 if (errno != EEXIST) 849 return(0); 850 } 851 else if (stat(path, &sbuf)) 852 return(errno == ENOENT ? 1 : 0); 853 854 /* tricky little algorithm for backward compatibility */ 855 for (trv = start;;) { 856 if (!*trv) 857 return(0); 858 if (*trv == 'z') 859 *trv++ = 'a'; 860 else { 861 if (isdigit(*trv)) 862 *trv = 'a'; 863 else 864 ++*trv; 865 break; 866 } 867 } 868 } 869 /*NOTREACHED*/ 870 } 871 872 #endif 873