Mercurial Mercurial > vmailmgr / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
commands/vcheckquota.cc
author "Tomas Zeman <tzeman@volny.cz>"
Wed, 16 Jan 2008 22:39:43 +0100
changeset 0 6f7a81934006
permissions -rw-r--r--
Imported vmailmgr-0.96.9

// Copyright (C) 1999,2000 Bruce Guenter <bruceg@em.ca>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

#include <config.h>
#include <errno.h>
#include <stdlib.h>
#include <time.h>
#include "config/configrc.h"
#include "cli/cli.h"
#include "fdbuf/fdbuf.h"
#include "vcommand.h"
#include "ac/dirent.h"
#include "misc/itoa.h"
#include "misc/stat_fns.h"
#include "misc/md5.h"
#include "misc/strtou.h"
#include "misc/utoa.h"

const char* cli_program = "vcheckquota";
const char* cli_help_prefix = "vmailmgr quota enforcement program\n";
const char* cli_help_suffix = "
Warning: the soft-message is linked into the users maildir once for each
message that is received while the account is over its soft quota.  This may
result in multiple warning messages.\n";
const char* cli_args_usage = "";
const int cli_args_min = 0;
const int cli_args_max = 0;
static unsigned soft_maxsize = 4096;
static const char* soft_message = 0;

// F<vcheckquota> ensures that the hard and soft quotas are enforced,
// that message counts and sizes are appropriately limited.
// The limits are set by the vadduser or vchattr command.
//
// The following rules are applied:
//
// =over 8
//
// =item 1
//
// If the message is larger than the message size limit, it is rejected.
//
// =item 2
//
// If the user has too many messages in their mailbox,
// further messages are rejected.
//
// =item 3
//
// If the user is over their hard quota, all further messages are rejected
// and no warning messages are linked in.
//
// =item 4
//
// If the user is over their soft quota, and the message is small
// (as defined by I<soft-maxsize>), the message is accepted, otherwise
// it is rejected.  If I<soft-message> is defined, a warning message
// is linked into the mailbox in either case.
//
// =back

cli_option cli_options[] = {
  { 'a', "soft-maxsize", cli_option::uinteger, 0, &soft_maxsize,
    "The maximum message size after soft quota is reached", "4096" },
  { 'm', "soft-message", cli_option::string, 0, &soft_message,
    "The path to the soft quota warning message", "no message" },
  {0}
};

// SEE ALSO
//
// vadduser(1), vchattr(1)

void exit_msg(const char* msg, int code)
{
  fout << "vcheckquota: " << msg << endl;
  exit(code);
}
void die_fail(const char* msg) { exit_msg(msg, 100); }
void die_temp(const char* msg) { exit_msg(msg, 111); }

bool stat_dir(const mystring& dirname, unsigned& count, unsigned long& size) {
  struct stat buf;
  DIR* dir = opendir(dirname.c_str());
  if(!dir) 
    die_temp("Could not maildir\n");

  while(dirent* entry = readdir(dir)) {
    const char* name = entry->d_name;
    if(name[0] == '.' &&
       (NAMLEN(entry) == 1 ||
	(name[1] == '.' && NAMLEN(entry) == 2)))
      continue;

    mystring fullname = dirname + "/" + name;

    if(stat(fullname.c_str(), &buf) == -1) {
      fout << "Cannot stat " << fullname.c_str() << "\n";
      return false;
    }

    if(S_ISREG(buf.st_mode)) {
      ++count;
      size += buf.st_blocks * 512;
    }
  }
  closedir(dir);
  return true;
}

void link_softquota_message(const mystring& mailbox)
{
  mystring newdir = mailbox + "/new/";
  pid_t pid = getpid();
  for(;;) {
    mystring path = newdir + itoa(time(0)) + ".";
    path = path + itoa(pid) + ".softquota-warning";
    if(symlink(soft_message, path.c_str()) == 0)
      return;
    if(errno != EEXIST)
      die_temp("Could not create symlink to soft quota warning message");
    sleep(1);
  }
}

void check_quota(mystring mailbox,
		 unsigned hardquota, unsigned softquota,
		 unsigned maxsize, unsigned maxcount)
{
  /*
   * There are 4 cases to consider when comparing disk useage (du)
   * agains hard and soft quotas:
   *
   * Case 1: soft = 0, hard = 0: user has no quota set
   * Case 2: soft = 0, hard > 0: use hard quota
   * Case 3: soft > 0, hard = 0: treat soft quota as hard
   * Case 4: soft > 0, hard > 0: if du becomes larger
   *         then soft quota, allow message in if 
   *         a) it is small (<2048 bytes), 
   *         b) it would not put du over hard quota.
   */


  //compute message size
  struct stat st;
  if(fstat(0, &st) == -1)
    die_temp("Failed to stat message");
 
  unsigned long msgsize = st.st_blocks * 512;

  if(maxsize != UINT_MAX && msgsize > maxsize)
    //message is too large
    die_fail("Sorry, this message is larger than the current maximum message size limit.\n");

  /* Case 1: no quotas set */
  if(softquota == UINT_MAX && hardquota == UINT_MAX && maxcount == UINT_MAX)
    return;

  mystring dirname = mailbox;
  mystring newdir  = dirname + "/new";
  mystring curdir  = dirname + "/cur";
  unsigned cur_count=0;
  unsigned long cur_size=0;
  unsigned new_count=0;
  unsigned long new_size=0;

  //treat stat_dir failures as temp errors
  if(!stat_dir(newdir, new_count, new_size))
    die_temp("Failed to stat new dir");
  if(!stat_dir(curdir, cur_count, cur_size))
    die_temp("Failed to stat cur dir");

  unsigned long du  = cur_size  + new_size  + msgsize;
  unsigned msgcount = cur_count + new_count + 1;

  //too many messages in the mbox
  if(maxcount != UINT_MAX && msgcount > maxcount)
    die_fail("Sorry, the person you sent this message has too many messages stored in the mailbox\n");

  // No total size quotas are set
  if(hardquota == UINT_MAX)
    if(softquota == UINT_MAX)
      return;
  // Take care of Cases 2 and 3, and make everything look like Case 4
    else
      hardquota = softquota;
  
  // Check hard quota before soft quota, as it has priority
  if(du > hardquota) 
    die_fail("Message would exceed virtual user's disk quota.\n");
  
  // Soft quota allows small (4K default) messages
  // In other words, it only blocks large messages
  if(du > softquota) {
    if(soft_message)
      link_softquota_message(mailbox);
    if(msgsize > soft_maxsize)
      die_fail("Sorry, your message cannot be delivered.\n"
	       "User's disk quota exceeded.\n"
	       "A small message will be delivered should you wish "
	       "to inform this person.\n");
  }
}

int cli_main(int, char**)
{
#define ENV_VAR_REQ(VAR,ENV) const char* tmp__##VAR = getenv(#ENV); if(!tmp__##VAR) die_fail(#ENV " is not set");
#define ENV_VAR_STR(VAR,ENV) ENV_VAR_REQ(VAR,ENV) mystring VAR = tmp__##VAR;
#define ENV_VAR_UINT(VAR,ENV) ENV_VAR_REQ(VAR,ENV) unsigned VAR = strtou(tmp__##VAR, &tmp__##VAR); if(*tmp__##VAR) die_fail(#ENV " is not a valid number");

  ENV_VAR_STR(maildir,  MAILDIR);
  // Always succeed for aliases.
  if(!maildir) 
    return 0;

  ENV_VAR_UINT(maxsize,   VUSER_MSGSIZE);
  ENV_VAR_UINT(maxcount,  VUSER_MSGCOUNT);
  ENV_VAR_UINT(hardquota, VUSER_HARDQUOTA);
  ENV_VAR_UINT(softquota, VUSER_SOFTQUOTA);

  check_quota(maildir, hardquota, softquota, maxsize, maxcount);
  return 0;
}
vmailmgr