1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
|
.. _imap-developer-api-mailbox:
.. Note: This document was converted from the original by Nic Bernstein
(Onlight). Any formatting mistakes are my fault and not the
original author's. Converted via the pandoc tool from HTML.
Mailbox API
===========
Intro
-----
The Mailbox API is implemented in ``imap/mailbox.h`` and
``imap/mailbox.c``. It wraps the data structures of the
``cyrus.header``, ``cyrus.index`` and ``cyrus.cache`` files in a
psuedo-object-oriented way, allowing easy changes to the mailbox while
keeping the internal cached data structures consistent.
Opening and closing
-------------------
::
struct mailbox *mailbox = NULL;
int r;
const char *mboxname = "user.brong";
r = mailbox_open_iwl(mboxname, &mailbox);
// or
r = mailbox_open_irl(mboxname, &mailbox);
// or
r = mailbox_open_exclusive(mboxname, &mailbox);
if (r) return r;
do_stuff(mailbox);
mailbox_close(&mailbox);
It is always necessary to obtain an index lock when opening a mailbox,
because the index header read must be consistent. The locks are as
follows:
+----------------------------+-------------+--------------+
| Function | Namelock | Index Lock |
+============================+=============+==============+
| mailbox\_open\_iwl | Shared | Exclusive |
+----------------------------+-------------+--------------+
| mailbox\_open\_irl | Shared | Shared |
+----------------------------+-------------+--------------+
| mailbox\_open\_exclusive | Exclusive | Exclusive |
+----------------------------+-------------+--------------+
It should never be necessary to call ``mailbox_open_exclusive``, but
it's included for completeness. Use ``mailbox_open_iwl`` if you expect
to need to write to the index (or even if you're not sure) and
``mailbox_open_irl`` when you know you're only reading from the file and
wish to allow other readers to work concurrently.
Many actions are delayed until the mailbox is closed, or even until the
*last* mailbox is closed for things that require an exclusive namelock
to perform like deletion or repack. See below under "delayed actions"
for more detail.
To avoid opening the same file multiple times, the mailbox API refcounts
open mailboxes. If you open the same mailbox again (i.e. a URL fetch or
status command on the currently select mailbox) then the same mailbox
will be returned. It must be unlocked (see below or the open command
will return IMAP\_MAILBOX\_LOCKED). The matching close will reduce the
refcount, and only the final close will do the cleanup actions.
Locking and unlocking
---------------------
You can keep a mailbox "open", maintaining the namelock, while releasing
the index lock to allow other processes to make changes to the mailbox.
By holding the namelock, you know that record numbers won't change, and
the underlying message files won't be deleted.
``mailbox_close`` will call ``mailbox_unlock_index`` if the index is
still locked, so it is not necessary to explicitly unlock the index
before closing.
::
r = mailbox_unlock_index(mailbox, NULL);
// sleep on user input...
r = mailbox_lock_index(mailbox, LOCK_SHARED);
// or
r = mailbox_lock_index(mailbox, LOCK_EXCLUSIVE);
For example, ``mailbox_unlock_index`` and ``mailbox_lock_index`` are
used extensively by the index module, allowing an imap client to
maintain a long lived connection selected to a mailbox and know that
messages won't magically disappear from under it - yet at the same time
allow new mail delivery to happen or other imap connections to query the
mailbox.
If you have built an accurate statuscache item for the locked mailbox,
you can pass this as the second parameter to mailbox\_index\_unlock. If
there have been any changes, mailbox\_index\_unlock will invalidated the
statuscache. If you give it the new value, then it will store that value
instead. For example:
::
struct statusdata sdata;
index_status(state, &sdata);
/* RECENT is zero for everyone else because we wrote a new
* recentuid! */
sdata.recent = 0;
mailbox_unlock_index(state->mailbox, &sdata);
See "delayed actions" below for delayed actions performed during an
unlock.
Creating, renaming and deleting
-------------------------------
**WARNING:** These functions only change the mailbox files on disk. They
don't update the mailboxes.db records or contact murder servers. In most
cases you are probably looking for the ``mboxlist_`` functions instead.
Creating a mailbox is somewhat longwinded - as there are many optional
parameters.
::
int mailbox_create(const char *name, const char *part, const char *acl,
const char *uniqueid, int options, unsigned uidvalidity,
struct mailbox **mailboxptr);
Most interesting to note is that on success, ``mailboxptr`` will contain
the same mailbox that ``mailbox_open_exclusive`` above would have
returned, with an exclusive namelock and an exclusive index lock. This
allows you to perform other consistency operations after creating the
mailbox with a full guarantee that no other process will even be able to
know of the mailbox's existence! You can still roll-back by deleting the
mailbox and the next process will get the namelock and see no mailbox
with that name.
::
int mailbox_rename_copy(struct mailbox *oldmailbox,
const char *newname, const char *newpart,
const char *userid, int ignorequota,
int silent,
struct mailbox **newmailboxptr);
Very similar to mailbox\_create - the new mailbox is created with an
exclusive name lock and returned. The old mailbox must be passed in with
an **exclusive index lock** but is fine with a shared namelock, as it
will be passed to ``mailbox_delete``.
::
int mailbox_delete(struct mailbox **mailboxptr);
Just like ``mailbox_close`` above, this closes the mailbox. Before it
does so, it sets the OPT\_MAILBOX\_DELETED option flag in the index
header. The interesting work is actually done in ``mailbox_close``. See
below under "delayed actions".
``mailbox_delete`` requires an exclusive index lock, but can complete
quite happily with only a shared namelock.
Reading and writing records
---------------------------
Ok - so you have a mailbox, it's opened, and the index is locked. Time
to start reading and writing some records!
At the mailbox level there is no concept of "message numbers" from imap,
only "record numbers". The canonical variable name to refer to record
numbers is ``recno``. All records are read and written using
``struct index_record`` values.
Here at the API definitions used for reading and writing:
::
int mailbox_read_index_record(struct mailbox *mailbox,
uint32_t recno,
struct index_record *record);
int mailbox_rewrite_index_record(struct mailbox *mailbox,
struct index_record *record);
int mailbox_append_index_record(struct mailbox *mailbox,
struct index_record *record);
int mailbox_commit(mailbox);
An example of iterating through a mailbox
::
uint32_t recno;
struct index_record record;
int make_changes;
/* DEPRECATED */
for (recno = 1; recno <= mailbox->i.num_records; recno++) {
if (mailbox_read_index_record(mailbox, recno, &record))
fatal("invalid record", EX_SOFTWARE); // or return an error
if (record.internal_flags & FLAG_INTERNAL_EXPUNGED)
continue; // skip expunged records
make_changes = do_stuff(mailbox, &record);
if (make_changes)
mailbox_rewrite_index_record(mailbox, &record);
}
/* the new way */
int make_change;
const struct index_record *record;
struct mailbox_iter *iter;
iter = mailbox_iter_init(mailbox, 0, ITER_SKIP_EXPUNGED);
while ((record = mailbox_iter_step(iter))) {
make_changes = do_stuff(mailbox, record);
if (make_changes)
mailbox_rewrite_index_record(mailbox, record);
}
mailbox_iter_done(&iter);
NOTE: ``mailbox_rewrite_index_record`` doesn't need a recno, as that's
cached inside the index\_record struct.
NOTE: You need an exclusively locked index to use rewrite or append, but
only a shared index lock to use read.
There are a range of consistency checks done to ensure that a rewrite
doesn't violate IMAP semantics (an expunged message can never be
unexpunged, UIDs can't change, etc) and the internal tracking counts and
quota data are updated as well. They will be committed at unlock time,
see "delayed actions"
If you don't set the ``record.silent`` field to a true value before
rewriting or appending, the ``record.modseq`` and
``record.last_updated`` values will be changed. This allows condstore to
work correctly.
Appending
~~~~~~~~~
To append a record, the file must have already been copied into place
(XXX - plan to move to a stage based system where the mailbox API
handles the staging, but that's not finished yet) and been parsed into
the record struct. The UID must be set already, and must be greater than
the UID of any existing record in the mailbox. There are a range of
consistency checks done.
The internal consistency counts are updated by append as well.
Committing
~~~~~~~~~~
When you have finished making any changes, you need to "commit". This
will write the updated values for any index header fields, rewite the
``cyrus.header`` file if needed and fsync all changes to disk.
It is a fatal error to unlock (or close) a mailbox that has had changes
without committing, as it can leave the mailbox in a corrupted state.
Cache records
~~~~~~~~~~~~~
Cache records are accessed through ``record.crec`` which is not filled
by read\_index\_record. The cache file is only read and mapped into
memory as needed, so you if you want to access cache records, the basic
API is as follows:
::
int mailbox_cacherecord(struct mailbox *mailbox,
struct index_record *record);
const char *cacheitem_base(struct index_record *record, int field);
unsigned cacheitem_size(struct index_record *record, int field);
struct buf *cacheitem_buf(struct index_record *record, int field);
You must always call ``mailbox_cacherecord`` on a record before trying
to access any of the cache items. "``field``" above is the individual
field (there are 10) in the cache record. There's more information on
those fields in the mailbox internal format documentation.
::
for (recno = 1; recno <= mailbox->i.num_records; recno++) {
if (mailbox_read_index_record(mailbox, recno, &record))
fatal("invalid record", EX_SOFTWARE); // or return an error
if (record.internal_flags & FLAG_INTERNAL_EXPUNGED)
continue; // skip expunged records
if (mailbox_cacherecord(mailbox, &record))
fatal("failed to read cache", EX_SOFTWARE);
...
envelope_length = cacheitem_size(&record, CACHE_ENVELOPE);
}
See ``imap/mailbox.h`` for the full list of constants.
Delayed Actions
---------------
Here's the bit you've been waiting for! What happens during unlock and
close
first, unlock
~~~~~~~~~~~~~
Anything that makes any changes sets the mailbox->has\_changed flag. If
this is set, then before the index gets unlocked:
- the updatenotifier (idle) is called
- ``sync_log_mailbox`` (replication) gets called
- the statuscache value gets erased (or replaced if you passed in an
updated value).
then: close
~~~~~~~~~~~
next the index is unlocked (see above)
third, any "unlink" commands scheduled for email files are run. These
can't be done until after the mailbox\_commit to ensure consistency -
the file isn't deleted until the record is written as unlinked! But we
save the unlink until now so that other tasks aren't waiting for the
index lock while the unlinks run. Unlink is expensive in IO and time.
finally we check for MAILBOX\_NEEDS\_REPACK or MAILBOX\_DELETED option
flags. If either is sets, then we make a non-blocking attempt to get an
exclusive namelock. If the non-blocking attempt fails, then another
process has the mailbox open, so save the cleanup for them! If it
succeeds, then go ahead with either ``mailbox_delete_cleanup`` or
``mailbox_index_repack`` as appropriate.
After this it's just a matter of releasing malloc'd memory and finally
releasing the name lock.
|
