Mailbox API
Intro
The Mailbox API is implemented in imap/mailbox.h
and
imap/mailbox.c
. It wraps the data structures of the
cyrus.header
, cyrus.index
and cyrus.cache
files in a
psuedo-object-oriented way, allowing easy changes to the mailbox while
keeping the internal cached data structures consistent.
Opening and closing
struct mailbox *mailbox = NULL;
int r;
const char *mboxname = "user.brong";
r = mailbox_open_iwl(mboxname, &mailbox);
// or
r = mailbox_open_irl(mboxname, &mailbox);
// or
r = mailbox_open_exclusive(mboxname, &mailbox);
if (r) return r;
do_stuff(mailbox);
mailbox_close(&mailbox);
It is always necessary to obtain an index lock when opening a mailbox, because the index header read must be consistent. The locks are as follows:
Function |
Namelock |
Index Lock |
---|---|---|
mailbox_open_iwl |
Shared |
Exclusive |
mailbox_open_irl |
Shared |
Shared |
mailbox_open_exclusive |
Exclusive |
Exclusive |
It should never be necessary to call mailbox_open_exclusive
, but
it’s included for completeness. Use mailbox_open_iwl
if you expect
to need to write to the index (or even if you’re not sure) and
mailbox_open_irl
when you know you’re only reading from the file and
wish to allow other readers to work concurrently.
Many actions are delayed until the mailbox is closed, or even until the last mailbox is closed for things that require an exclusive namelock to perform like deletion or repack. See below under “delayed actions” for more detail.
To avoid opening the same file multiple times, the mailbox API refcounts open mailboxes. If you open the same mailbox again (i.e. a URL fetch or status command on the currently select mailbox) then the same mailbox will be returned. It must be unlocked (see below or the open command will return IMAP_MAILBOX_LOCKED). The matching close will reduce the refcount, and only the final close will do the cleanup actions.
Locking and unlocking
You can keep a mailbox “open”, maintaining the namelock, while releasing the index lock to allow other processes to make changes to the mailbox. By holding the namelock, you know that record numbers won’t change, and the underlying message files won’t be deleted.
mailbox_close
will call mailbox_unlock_index
if the index is
still locked, so it is not necessary to explicitly unlock the index
before closing.
r = mailbox_unlock_index(mailbox, NULL);
// sleep on user input...
r = mailbox_lock_index(mailbox, LOCK_SHARED);
// or
r = mailbox_lock_index(mailbox, LOCK_EXCLUSIVE);
For example, mailbox_unlock_index
and mailbox_lock_index
are
used extensively by the index module, allowing an imap client to
maintain a long lived connection selected to a mailbox and know that
messages won’t magically disappear from under it - yet at the same time
allow new mail delivery to happen or other imap connections to query the
mailbox.
If you have built an accurate statuscache item for the locked mailbox, you can pass this as the second parameter to mailbox_index_unlock. If there have been any changes, mailbox_index_unlock will invalidated the statuscache. If you give it the new value, then it will store that value instead. For example:
struct statusdata sdata;
index_status(state, &sdata);
/* RECENT is zero for everyone else because we wrote a new
* recentuid! */
sdata.recent = 0;
mailbox_unlock_index(state->mailbox, &sdata);
See “delayed actions” below for delayed actions performed during an unlock.
Creating, renaming and deleting
WARNING: These functions only change the mailbox files on disk. They
don’t update the mailboxes.db records or contact murder servers. In most
cases you are probably looking for the mboxlist_
functions instead.
Creating a mailbox is somewhat longwinded - as there are many optional parameters.
int mailbox_create(const char *name, const char *part, const char *acl,
const char *uniqueid, int options, unsigned uidvalidity,
struct mailbox **mailboxptr);
Most interesting to note is that on success, mailboxptr
will contain
the same mailbox that mailbox_open_exclusive
above would have
returned, with an exclusive namelock and an exclusive index lock. This
allows you to perform other consistency operations after creating the
mailbox with a full guarantee that no other process will even be able to
know of the mailbox’s existence! You can still roll-back by deleting the
mailbox and the next process will get the namelock and see no mailbox
with that name.
int mailbox_rename_copy(struct mailbox *oldmailbox,
const char *newname, const char *newpart,
const char *userid, int ignorequota,
int silent,
struct mailbox **newmailboxptr);
Very similar to mailbox_create - the new mailbox is created with an
exclusive name lock and returned. The old mailbox must be passed in with
an exclusive index lock but is fine with a shared namelock, as it
will be passed to mailbox_delete
.
int mailbox_delete(struct mailbox **mailboxptr);
Just like mailbox_close
above, this closes the mailbox. Before it
does so, it sets the OPT_MAILBOX_DELETED option flag in the index
header. The interesting work is actually done in mailbox_close
. See
below under “delayed actions”.
mailbox_delete
requires an exclusive index lock, but can complete
quite happily with only a shared namelock.
Reading and writing records
Ok - so you have a mailbox, it’s opened, and the index is locked. Time to start reading and writing some records!
At the mailbox level there is no concept of “message numbers” from imap,
only “record numbers”. The canonical variable name to refer to record
numbers is recno
. All records are read and written using
struct index_record
values.
Here at the API definitions used for reading and writing:
int mailbox_read_index_record(struct mailbox *mailbox,
uint32_t recno,
struct index_record *record);
int mailbox_rewrite_index_record(struct mailbox *mailbox,
struct index_record *record);
int mailbox_append_index_record(struct mailbox *mailbox,
struct index_record *record);
int mailbox_commit(mailbox);
An example of iterating through a mailbox
uint32_t recno;
struct index_record record;
int make_changes;
/* DEPRECATED */
for (recno = 1; recno <= mailbox->i.num_records; recno++) {
if (mailbox_read_index_record(mailbox, recno, &record))
fatal("invalid record", EX_SOFTWARE); // or return an error
if (record.internal_flags & FLAG_INTERNAL_EXPUNGED)
continue; // skip expunged records
make_changes = do_stuff(mailbox, &record);
if (make_changes)
mailbox_rewrite_index_record(mailbox, &record);
}
/* the new way */
int make_change;
const struct index_record *record;
struct mailbox_iter *iter;
iter = mailbox_iter_init(mailbox, 0, ITER_SKIP_EXPUNGED);
while ((record = mailbox_iter_step(iter))) {
make_changes = do_stuff(mailbox, record);
if (make_changes)
mailbox_rewrite_index_record(mailbox, record);
}
mailbox_iter_done(&iter);
NOTE: mailbox_rewrite_index_record
doesn’t need a recno, as that’s
cached inside the index_record struct.
NOTE: You need an exclusively locked index to use rewrite or append, but only a shared index lock to use read.
There are a range of consistency checks done to ensure that a rewrite doesn’t violate IMAP semantics (an expunged message can never be unexpunged, UIDs can’t change, etc) and the internal tracking counts and quota data are updated as well. They will be committed at unlock time, see “delayed actions”
If you don’t set the record.silent
field to a true value before
rewriting or appending, the record.modseq
and
record.last_updated
values will be changed. This allows condstore to
work correctly.
Appending
To append a record, the file must have already been copied into place (XXX - plan to move to a stage based system where the mailbox API handles the staging, but that’s not finished yet) and been parsed into the record struct. The UID must be set already, and must be greater than the UID of any existing record in the mailbox. There are a range of consistency checks done.
The internal consistency counts are updated by append as well.
Committing
When you have finished making any changes, you need to “commit”. This
will write the updated values for any index header fields, rewite the
cyrus.header
file if needed and fsync all changes to disk.
It is a fatal error to unlock (or close) a mailbox that has had changes without committing, as it can leave the mailbox in a corrupted state.
Cache records
Cache records are accessed through record.crec
which is not filled
by read_index_record. The cache file is only read and mapped into
memory as needed, so you if you want to access cache records, the basic
API is as follows:
int mailbox_cacherecord(struct mailbox *mailbox,
struct index_record *record);
const char *cacheitem_base(struct index_record *record, int field);
unsigned cacheitem_size(struct index_record *record, int field);
struct buf *cacheitem_buf(struct index_record *record, int field);
You must always call mailbox_cacherecord
on a record before trying
to access any of the cache items. “field
” above is the individual
field (there are 10) in the cache record. There’s more information on
those fields in the mailbox internal format documentation.
for (recno = 1; recno <= mailbox->i.num_records; recno++) {
if (mailbox_read_index_record(mailbox, recno, &record))
fatal("invalid record", EX_SOFTWARE); // or return an error
if (record.internal_flags & FLAG_INTERNAL_EXPUNGED)
continue; // skip expunged records
if (mailbox_cacherecord(mailbox, &record))
fatal("failed to read cache", EX_SOFTWARE);
...
envelope_length = cacheitem_size(&record, CACHE_ENVELOPE);
}
See imap/mailbox.h
for the full list of constants.
Delayed Actions
Here’s the bit you’ve been waiting for! What happens during unlock and close
first, unlock
Anything that makes any changes sets the mailbox->has_changed flag. If this is set, then before the index gets unlocked:
the updatenotifier (idle) is called
sync_log_mailbox
(replication) gets calledthe statuscache value gets erased (or replaced if you passed in an updated value).
then: close
next the index is unlocked (see above)
third, any “unlink” commands scheduled for email files are run. These can’t be done until after the mailbox_commit to ensure consistency - the file isn’t deleted until the record is written as unlinked! But we save the unlink until now so that other tasks aren’t waiting for the index lock while the unlinks run. Unlink is expensive in IO and time.
finally we check for MAILBOX_NEEDS_REPACK or MAILBOX_DELETED option
flags. If either is sets, then we make a non-blocking attempt to get an
exclusive namelock. If the non-blocking attempt fails, then another
process has the mailbox open, so save the cleanup for them! If it
succeeds, then go ahead with either mailbox_delete_cleanup
or
mailbox_index_repack
as appropriate.
After this it’s just a matter of releasing malloc’d memory and finally releasing the name lock.