1 /*
2 ** Sendmail
3 ** Copyright (c) 1983 Eric P. Allman
4 ** Berkeley, California
5 **
6 ** Copyright (c) 1983 Regents of the University of California.
7 ** All rights reserved. The Berkeley software License Agreement
8 ** specifies the terms and conditions for redistribution.
9 */
10
11 #ifndef lint
12 static char SccsId[] = "@(#)deliver.c 5.7 (Berkeley) 09/30/85";
13 #endif not lint
14
15 # include <signal.h>
16 # include <errno.h>
17 # include "sendmail.h"
18 # include <sys/stat.h>
19
20 /*
21 ** DELIVER -- Deliver a message to a list of addresses.
22 **
23 ** This routine delivers to everyone on the same host as the
24 ** user on the head of the list. It is clever about mailers
25 ** that don't handle multiple users. It is NOT guaranteed
26 ** that it will deliver to all these addresses however -- so
27 ** deliver should be called once for each address on the
28 ** list.
29 **
30 ** Parameters:
31 ** e -- the envelope to deliver.
32 ** firstto -- head of the address list to deliver to.
33 **
34 ** Returns:
35 ** zero -- successfully delivered.
36 ** else -- some failure, see ExitStat for more info.
37 **
38 ** Side Effects:
39 ** The standard input is passed off to someone.
40 */
41
42 deliver(e, firstto)
43 register ENVELOPE *e;
44 ADDRESS *firstto;
45 {
46 char *host; /* host being sent to */
47 char *user; /* user being sent to */
48 char **pvp;
49 register char **mvp;
50 register char *p;
51 register MAILER *m; /* mailer for this recipient */
52 ADDRESS *ctladdr;
53 register ADDRESS *to = firstto;
54 bool clever = FALSE; /* running user smtp to this mailer */
55 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
56 register int rcode; /* response code */
57 char *pv[MAXPV+1];
58 char tobuf[MAXLINE-50]; /* text line of to people */
59 char buf[MAXNAME];
60 char tfrombuf[MAXNAME]; /* translated from person */
61 extern bool checkcompat();
62 extern ADDRESS *getctladdr();
63 extern char *remotename();
64
65 errno = 0;
66 if (bitset(QDONTSEND, to->q_flags))
67 return (0);
68
69 m = to->q_mailer;
70 host = to->q_host;
71
72 # ifdef DEBUG
73 if (tTd(10, 1))
74 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
75 m->m_mno, host, to->q_user);
76 # endif DEBUG
77
78 /*
79 ** If this mailer is expensive, and if we don't want to make
80 ** connections now, just mark these addresses and return.
81 ** This is useful if we want to batch connections to
82 ** reduce load. This will cause the messages to be
83 ** queued up, and a daemon will come along to send the
84 ** messages later.
85 ** This should be on a per-mailer basis.
86 */
87
88 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
89 !Verbose)
90 {
91 for (; to != NULL; to = to->q_next)
92 {
93 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
94 continue;
95 to->q_flags |= QQUEUEUP|QDONTSEND;
96 e->e_to = to->q_paddr;
97 message(Arpa_Info, "queued");
98 if (LogLevel > 4)
99 logdelivery("queued");
100 }
101 e->e_to = NULL;
102 return (0);
103 }
104
105 /*
106 ** Do initial argv setup.
107 ** Insert the mailer name. Notice that $x expansion is
108 ** NOT done on the mailer name. Then, if the mailer has
109 ** a picky -f flag, we insert it as appropriate. This
110 ** code does not check for 'pv' overflow; this places a
111 ** manifest lower limit of 4 for MAXPV.
112 ** The from address rewrite is expected to make
113 ** the address relative to the other end.
114 */
115
116 /* rewrite from address, using rewriting rules */
117 expand("\001f", buf, &buf[sizeof buf - 1], e);
118 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
119
120 define('g', tfrombuf, e); /* translated sender address */
121 define('h', host, e); /* to host */
122 Errors = 0;
123 pvp = pv;
124 *pvp++ = m->m_argv[0];
125
126 /* insert -f or -r flag as appropriate */
127 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
128 {
129 if (bitnset(M_FOPT, m->m_flags))
130 *pvp++ = "-f";
131 else
132 *pvp++ = "-r";
133 expand("\001g", buf, &buf[sizeof buf - 1], e);
134 *pvp++ = newstr(buf);
135 }
136
137 /*
138 ** Append the other fixed parts of the argv. These run
139 ** up to the first entry containing "$u". There can only
140 ** be one of these, and there are only a few more slots
141 ** in the pv after it.
142 */
143
144 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
145 {
146 while ((p = index(p, '\001')) != NULL)
147 if (*++p == 'u')
148 break;
149 if (p != NULL)
150 break;
151
152 /* this entry is safe -- go ahead and process it */
153 expand(*mvp, buf, &buf[sizeof buf - 1], e);
154 *pvp++ = newstr(buf);
155 if (pvp >= &pv[MAXPV - 3])
156 {
157 syserr("Too many parameters to %s before $u", pv[0]);
158 return (-1);
159 }
160 }
161
162 /*
163 ** If we have no substitution for the user name in the argument
164 ** list, we know that we must supply the names otherwise -- and
165 ** SMTP is the answer!!
166 */
167
168 if (*mvp == NULL)
169 {
170 /* running SMTP */
171 # ifdef SMTP
172 clever = TRUE;
173 *pvp = NULL;
174 # else SMTP
175 /* oops! we don't implement SMTP */
176 syserr("SMTP style mailer");
177 return (EX_SOFTWARE);
178 # endif SMTP
179 }
180
181 /*
182 ** At this point *mvp points to the argument with $u. We
183 ** run through our address list and append all the addresses
184 ** we can. If we run out of space, do not fret! We can
185 ** always send another copy later.
186 */
187
188 tobuf[0] = '\0';
189 e->e_to = tobuf;
190 ctladdr = NULL;
191 for (; to != NULL; to = to->q_next)
192 {
193 /* avoid sending multiple recipients to dumb mailers */
194 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
195 break;
196
197 /* if already sent or not for this host, don't send */
198 if (bitset(QDONTSEND, to->q_flags) ||
199 strcmp(to->q_host, host) != 0 ||
200 to->q_mailer != firstto->q_mailer)
201 continue;
202
203 /* avoid overflowing tobuf */
204 if (sizeof tobuf - (strlen(to->q_paddr) + strlen(tobuf) + 2) < 0)
205 break;
206
207 # ifdef DEBUG
208 if (tTd(10, 1))
209 {
210 printf("\nsend to ");
211 printaddr(to, FALSE);
212 }
213 # endif DEBUG
214
215 /* compute effective uid/gid when sending */
216 if (to->q_mailer == ProgMailer)
217 ctladdr = getctladdr(to);
218
219 user = to->q_user;
220 e->e_to = to->q_paddr;
221 to->q_flags |= QDONTSEND;
222
223 /*
224 ** Check to see that these people are allowed to
225 ** talk to each other.
226 */
227
228 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
229 {
230 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
231 NoReturn = TRUE;
232 giveresponse(EX_UNAVAILABLE, m, e);
233 continue;
234 }
235 if (!checkcompat(to))
236 {
237 giveresponse(EX_UNAVAILABLE, m, e);
238 continue;
239 }
240
241 /*
242 ** Strip quote bits from names if the mailer is dumb
243 ** about them.
244 */
245
246 if (bitnset(M_STRIPQ, m->m_flags))
247 {
248 stripquotes(user, TRUE);
249 stripquotes(host, TRUE);
250 }
251 else
252 {
253 stripquotes(user, FALSE);
254 stripquotes(host, FALSE);
255 }
256
257 /* hack attack -- delivermail compatibility */
258 if (m == ProgMailer && *user == '|')
259 user++;
260
261 /*
262 ** If an error message has already been given, don't
263 ** bother to send to this address.
264 **
265 ** >>>>>>>>>> This clause assumes that the local mailer
266 ** >> NOTE >> cannot do any further aliasing; that
267 ** >>>>>>>>>> function is subsumed by sendmail.
268 */
269
270 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
271 continue;
272
273 /* save statistics.... */
274 markstats(e, to);
275
276 /*
277 ** See if this user name is "special".
278 ** If the user name has a slash in it, assume that this
279 ** is a file -- send it off without further ado. Note
280 ** that this type of addresses is not processed along
281 ** with the others, so we fudge on the To person.
282 */
283
284 if (m == LocalMailer)
285 {
286 if (user[0] == '/')
287 {
288 rcode = mailfile(user, getctladdr(to));
289 giveresponse(rcode, m, e);
290 continue;
291 }
292 }
293
294 /*
295 ** Address is verified -- add this user to mailer
296 ** argv, and add it to the print list of recipients.
297 */
298
299 /* link together the chain of recipients */
300 to->q_tchain = tochain;
301 tochain = to;
302
303 /* create list of users for error messages */
304 (void) strcat(tobuf, ",");
305 (void) strcat(tobuf, to->q_paddr);
306 define('u', user, e); /* to user */
307 define('z', to->q_home, e); /* user's home */
308
309 /*
310 ** Expand out this user into argument list.
311 */
312
313 if (!clever)
314 {
315 expand(*mvp, buf, &buf[sizeof buf - 1], e);
316 *pvp++ = newstr(buf);
317 if (pvp >= &pv[MAXPV - 2])
318 {
319 /* allow some space for trailing parms */
320 break;
321 }
322 }
323 }
324
325 /* see if any addresses still exist */
326 if (tobuf[0] == '\0')
327 {
328 define('g', (char *) NULL, e);
329 return (0);
330 }
331
332 /* print out messages as full list */
333 e->e_to = tobuf + 1;
334
335 /*
336 ** Fill out any parameters after the $u parameter.
337 */
338
339 while (!clever && *++mvp != NULL)
340 {
341 expand(*mvp, buf, &buf[sizeof buf - 1], e);
342 *pvp++ = newstr(buf);
343 if (pvp >= &pv[MAXPV])
344 syserr("deliver: pv overflow after $u for %s", pv[0]);
345 }
346 *pvp++ = NULL;
347
348 /*
349 ** Call the mailer.
350 ** The argument vector gets built, pipes
351 ** are created as necessary, and we fork & exec as
352 ** appropriate.
353 ** If we are running SMTP, we just need to clean up.
354 */
355
356 message(Arpa_Info, "Connecting to %s.%s...", host, m->m_name);
357
358 if (ctladdr == NULL)
359 ctladdr = &e->e_from;
360 # ifdef SMTP
361 if (clever)
362 {
363 /* send the initial SMTP protocol */
364 rcode = smtpinit(m, pv);
365
366 if (rcode == EX_OK)
367 {
368 /* send the recipient list */
369 tobuf[0] = '\0';
370 for (to = tochain; to != NULL; to = to->q_tchain)
371 {
372 int i;
373
374 e->e_to = to->q_paddr;
375 i = smtprcpt(to, m);
376 if (i != EX_OK)
377 {
378 markfailure(e, to, i);
379 giveresponse(i, m, e);
380 }
381 else
382 {
383 (void) strcat(tobuf, ",");
384 (void) strcat(tobuf, to->q_paddr);
385 }
386 }
387
388 /* now send the data */
389 if (tobuf[0] == '\0')
390 e->e_to = NULL;
391 else
392 {
393 e->e_to = tobuf + 1;
394 rcode = smtpdata(m, e);
395 }
396
397 /* now close the connection */
398 smtpquit(m);
399 }
400 }
401 else
402 # endif SMTP
403 rcode = sendoff(e, m, pv, ctladdr);
404
405 /*
406 ** Do final status disposal.
407 ** We check for something in tobuf for the SMTP case.
408 ** If we got a temporary failure, arrange to queue the
409 ** addressees.
410 */
411
412 if (tobuf[0] != '\0')
413 giveresponse(rcode, m, e);
414 if (rcode != EX_OK)
415 {
416 for (to = tochain; to != NULL; to = to->q_tchain)
417 markfailure(e, to, rcode);
418 }
419
420 errno = 0;
421 define('g', (char *) NULL, e);
422 return (rcode);
423 }
424 �/*
425 ** MARKFAILURE -- mark a failure on a specific address.
426 **
427 ** Parameters:
428 ** e -- the envelope we are sending.
429 ** q -- the address to mark.
430 ** rcode -- the code signifying the particular failure.
431 **
432 ** Returns:
433 ** none.
434 **
435 ** Side Effects:
436 ** marks the address (and possibly the envelope) with the
437 ** failure so that an error will be returned or
438 ** the message will be queued, as appropriate.
439 */
440
441 markfailure(e, q, rcode)
442 register ENVELOPE *e;
443 register ADDRESS *q;
444 int rcode;
445 {
446 if (rcode == EX_OK)
447 return;
448 else if (rcode != EX_TEMPFAIL)
449 q->q_flags |= QBADADDR;
450 else if (curtime() > e->e_ctime + TimeOut)
451 {
452 extern char *pintvl();
453 char buf[MAXLINE];
454
455 if (!bitset(EF_TIMEOUT, e->e_flags))
456 {
457 (void) sprintf(buf, "Cannot send message for %s",
458 pintvl(TimeOut, FALSE));
459 if (e->e_message != NULL)
460 free(e->e_message);
461 e->e_message = newstr(buf);
462 message(Arpa_Info, buf);
463 }
464 q->q_flags |= QBADADDR;
465 e->e_flags |= EF_TIMEOUT;
466 }
467 else
468 q->q_flags |= QQUEUEUP;
469 }
470 �/*
471 ** DOFORK -- do a fork, retrying a couple of times on failure.
472 **
473 ** This MUST be a macro, since after a vfork we are running
474 ** two processes on the same stack!!!
475 **
476 ** Parameters:
477 ** none.
478 **
479 ** Returns:
480 ** From a macro??? You've got to be kidding!
481 **
482 ** Side Effects:
483 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
484 ** pid of child in parent, zero in child.
485 ** -1 on unrecoverable error.
486 **
487 ** Notes:
488 ** I'm awfully sorry this looks so awful. That's
489 ** vfork for you.....
490 */
491
492 # define NFORKTRIES 5
493 # ifdef VMUNIX
494 # define XFORK vfork
495 # else VMUNIX
496 # define XFORK fork
497 # endif VMUNIX
498
499 # define DOFORK(fORKfN) \
500 {\
501 register int i;\
502 \
503 for (i = NFORKTRIES; --i >= 0; )\
504 {\
505 pid = fORKfN();\
506 if (pid >= 0)\
507 break;\
508 if (i > 0)\
509 sleep(NFORKTRIES - i);\
510 }\
511 }
512 �/*
513 ** DOFORK -- simple fork interface to DOFORK.
514 **
515 ** Parameters:
516 ** none.
517 **
518 ** Returns:
519 ** pid of child in parent.
520 ** zero in child.
521 ** -1 on error.
522 **
523 ** Side Effects:
524 ** returns twice, once in parent and once in child.
525 */
526
527 dofork()
528 {
529 register int pid;
530
531 DOFORK(fork);
532 return (pid);
533 }
534 �/*
535 ** SENDOFF -- send off call to mailer & collect response.
536 **
537 ** Parameters:
538 ** e -- the envelope to mail.
539 ** m -- mailer descriptor.
540 ** pvp -- parameter vector to send to it.
541 ** ctladdr -- an address pointer controlling the
542 ** user/groupid etc. of the mailer.
543 **
544 ** Returns:
545 ** exit status of mailer.
546 **
547 ** Side Effects:
548 ** none.
549 */
550
551 sendoff(e, m, pvp, ctladdr)
552 register ENVELOPE *e;
553 MAILER *m;
554 char **pvp;
555 ADDRESS *ctladdr;
556 {
557 auto FILE *mfile;
558 auto FILE *rfile;
559 register int i;
560 int pid;
561
562 /*
563 ** Create connection to mailer.
564 */
565
566 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
567 if (pid < 0)
568 return (-1);
569
570 /*
571 ** Format and send message.
572 */
573
574 putfromline(mfile, m);
575 (*e->e_puthdr)(mfile, m, e);
576 putline("\n", mfile, m);
577 (*e->e_putbody)(mfile, m, e);
578 (void) fclose(mfile);
579
580 i = endmailer(pid, pvp[0]);
581
582 /* arrange a return receipt if requested */
583 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
584 {
585 e->e_flags |= EF_SENDRECEIPT;
586 /* do we want to send back more info? */
587 }
588
589 return (i);
590 }
591 �/*
592 ** ENDMAILER -- Wait for mailer to terminate.
593 **
594 ** We should never get fatal errors (e.g., segmentation
595 ** violation), so we report those specially. For other
596 ** errors, we choose a status message (into statmsg),
597 ** and if it represents an error, we print it.
598 **
599 ** Parameters:
600 ** pid -- pid of mailer.
601 ** name -- name of mailer (for error messages).
602 **
603 ** Returns:
604 ** exit code of mailer.
605 **
606 ** Side Effects:
607 ** none.
608 */
609
610 endmailer(pid, name)
611 int pid;
612 char *name;
613 {
614 int st;
615
616 /* in the IPC case there is nothing to wait for */
617 if (pid == 0)
618 return (EX_OK);
619
620 /* wait for the mailer process to die and collect status */
621 st = waitfor(pid);
622 if (st == -1)
623 {
624 syserr("endmailer %s: wait", name);
625 return (EX_SOFTWARE);
626 }
627
628 /* see if it died a horrid death */
629 if ((st & 0377) != 0)
630 {
631 syserr("mailer %s died with signal %o", name, st);
632 ExitStat = EX_TEMPFAIL;
633 return (EX_TEMPFAIL);
634 }
635
636 /* normal death -- return status */
637 st = (st >> 8) & 0377;
638 return (st);
639 }
640 �/*
641 ** OPENMAILER -- open connection to mailer.
642 **
643 ** Parameters:
644 ** m -- mailer descriptor.
645 ** pvp -- parameter vector to pass to mailer.
646 ** ctladdr -- controlling address for user.
647 ** clever -- create a full duplex connection.
648 ** pmfile -- pointer to mfile (to mailer) connection.
649 ** prfile -- pointer to rfile (from mailer) connection.
650 **
651 ** Returns:
652 ** pid of mailer ( > 0 ).
653 ** -1 on error.
654 ** zero on an IPC connection.
655 **
656 ** Side Effects:
657 ** creates a mailer in a subprocess.
658 */
659
660 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
661 MAILER *m;
662 char **pvp;
663 ADDRESS *ctladdr;
664 bool clever;
665 FILE **pmfile;
666 FILE **prfile;
667 {
668 int pid;
669 int mpvect[2];
670 int rpvect[2];
671 FILE *mfile;
672 FILE *rfile;
673 extern FILE *fdopen();
674
675 # ifdef DEBUG
676 if (tTd(11, 1))
677 {
678 printf("openmailer:");
679 printav(pvp);
680 }
681 # endif DEBUG
682 errno = 0;
683
684 CurHostName = m->m_mailer;
685
686 /*
687 ** Deal with the special case of mail handled through an IPC
688 ** connection.
689 ** In this case we don't actually fork. We must be
690 ** running SMTP for this to work. We will return a
691 ** zero pid to indicate that we are running IPC.
692 ** We also handle a debug version that just talks to stdin/out.
693 */
694
695 #ifdef DEBUG
696 /* check for Local Person Communication -- not for mortals!!! */
697 if (strcmp(m->m_mailer, "[LPC]") == 0)
698 {
699 *pmfile = stdout;
700 *prfile = stdin;
701 return (0);
702 }
703 #endif DEBUG
704
705 if (strcmp(m->m_mailer, "[IPC]") == 0)
706 {
707 #ifdef HOSTINFO
708 register STAB *st;
709 extern STAB *stab();
710 #endif HOSTINFO
711 #ifdef DAEMON
712 register int i;
713 register u_short port;
714
715 CurHostName = pvp[1];
716 if (!clever)
717 syserr("non-clever IPC");
718 if (pvp[2] != NULL)
719 port = atoi(pvp[2]);
720 else
721 port = 0;
722 #ifdef HOSTINFO
723 /* see if we have already determined that this host is fried */
724 st = stab(pvp[1], ST_HOST, ST_FIND);
725 if (st == NULL || st->s_host.ho_exitstat == EX_OK)
726 i = makeconnection(pvp[1], port, pmfile, prfile);
727 else
728 {
729 i = st->s_host.ho_exitstat;
730 errno = st->s_host.ho_errno;
731 }
732 #else HOSTINFO
733 i = makeconnection(pvp[1], port, pmfile, prfile);
734 #endif HOSTINFO
735 if (i != EX_OK)
736 {
737 #ifdef HOSTINFO
738 /* enter status of this host */
739 if (st == NULL)
740 st = stab(pvp[1], ST_HOST, ST_ENTER);
741 st->s_host.ho_exitstat = i;
742 st->s_host.ho_errno = errno;
743 #endif HOSTINFO
744 ExitStat = i;
745 return (-1);
746 }
747 else
748 return (0);
749 #else DAEMON
750 syserr("openmailer: no IPC");
751 return (-1);
752 #endif DAEMON
753 }
754
755 /* create a pipe to shove the mail through */
756 if (pipe(mpvect) < 0)
757 {
758 syserr("openmailer: pipe (to mailer)");
759 return (-1);
760 }
761
762 #ifdef SMTP
763 /* if this mailer speaks smtp, create a return pipe */
764 if (clever && pipe(rpvect) < 0)
765 {
766 syserr("openmailer: pipe (from mailer)");
767 (void) close(mpvect[0]);
768 (void) close(mpvect[1]);
769 return (-1);
770 }
771 #endif SMTP
772
773 /*
774 ** Actually fork the mailer process.
775 ** DOFORK is clever about retrying.
776 */
777
778 if (CurEnv->e_xfp != NULL)
779 (void) fflush(CurEnv->e_xfp); /* for debugging */
780 (void) fflush(stdout);
781 DOFORK(XFORK);
782 /* pid is set by DOFORK */
783 if (pid < 0)
784 {
785 /* failure */
786 syserr("openmailer: cannot fork");
787 (void) close(mpvect[0]);
788 (void) close(mpvect[1]);
789 #ifdef SMTP
790 if (clever)
791 {
792 (void) close(rpvect[0]);
793 (void) close(rpvect[1]);
794 }
795 #endif SMTP
796 return (-1);
797 }
798 else if (pid == 0)
799 {
800 int i;
801 extern int DtableSize;
802
803 /* child -- set up input & exec mailer */
804 /* make diagnostic output be standard output */
805 (void) signal(SIGINT, SIG_IGN);
806 (void) signal(SIGHUP, SIG_IGN);
807 (void) signal(SIGTERM, SIG_DFL);
808
809 /* arrange to filter standard & diag output of command */
810 if (clever)
811 {
812 (void) close(rpvect[0]);
813 (void) close(1);
814 (void) dup(rpvect[1]);
815 (void) close(rpvect[1]);
816 }
817 else if (OpMode == MD_SMTP || HoldErrs)
818 {
819 /* put mailer output in transcript */
820 (void) close(1);
821 (void) dup(fileno(CurEnv->e_xfp));
822 }
823 (void) close(2);
824 (void) dup(1);
825
826 /* arrange to get standard input */
827 (void) close(mpvect[1]);
828 (void) close(0);
829 if (dup(mpvect[0]) < 0)
830 {
831 syserr("Cannot dup to zero!");
832 _exit(EX_OSERR);
833 }
834 (void) close(mpvect[0]);
835 if (!bitnset(M_RESTR, m->m_flags))
836 {
837 if (ctladdr == NULL || ctladdr->q_uid == 0)
838 {
839 (void) setgid(DefGid);
840 (void) setuid(DefUid);
841 }
842 else
843 {
844 (void) setgid(ctladdr->q_gid);
845 (void) setuid(ctladdr->q_uid);
846 }
847 }
848
849 /* arrange for all the files to be closed */
850 for (i = 3; i < DtableSize; i++)
851 #ifdef FIOCLEX
852 (void) ioctl(i, FIOCLEX, 0);
853 #else FIOCLEX
854 (void) close(i);
855 #endif FIOCLEX
856
857 /* try to execute the mailer */
858 execve(m->m_mailer, pvp, UserEnviron);
859
860 #ifdef FIOCLEX
861 syserr("Cannot exec %s", m->m_mailer);
862 #else FIOCLEX
863 printf("Cannot exec '%s' errno=%d\n", m->m_mailer, errno);
864 (void) fflush(stdout);
865 #endif FIOCLEX
866 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
867 errno == ENOMEM || errno == EPROCLIM)
868 _exit(EX_TEMPFAIL);
869 else
870 _exit(EX_UNAVAILABLE);
871 }
872
873 /*
874 ** Set up return value.
875 */
876
877 (void) close(mpvect[0]);
878 mfile = fdopen(mpvect[1], "w");
879 if (clever)
880 {
881 (void) close(rpvect[1]);
882 rfile = fdopen(rpvect[0], "r");
883 }
884
885 *pmfile = mfile;
886 *prfile = rfile;
887
888 return (pid);
889 }
890 �/*
891 ** GIVERESPONSE -- Interpret an error response from a mailer
892 **
893 ** Parameters:
894 ** stat -- the status code from the mailer (high byte
895 ** only; core dumps must have been taken care of
896 ** already).
897 ** m -- the mailer descriptor for this mailer.
898 **
899 ** Returns:
900 ** none.
901 **
902 ** Side Effects:
903 ** Errors may be incremented.
904 ** ExitStat may be set.
905 */
906
907 giveresponse(stat, m, e)
908 int stat;
909 register MAILER *m;
910 ENVELOPE *e;
911 {
912 register char *statmsg;
913 extern char *SysExMsg[];
914 register int i;
915 extern int N_SysEx;
916 char buf[MAXLINE];
917
918 #ifdef lint
919 if (m == NULL)
920 return;
921 #endif lint
922
923 /*
924 ** Compute status message from code.
925 */
926
927 i = stat - EX__BASE;
928 if (stat == 0)
929 statmsg = "250 Sent";
930 else if (i < 0 || i > N_SysEx)
931 {
932 (void) sprintf(buf, "554 unknown mailer error %d", stat);
933 stat = EX_UNAVAILABLE;
934 statmsg = buf;
935 }
936 else if (stat == EX_TEMPFAIL)
937 {
938 (void) strcpy(buf, SysExMsg[i]);
939 if (errno != 0)
940 {
941 extern char *errstring();
942
943 statmsg = errstring(errno);
944 }
945 else
946 {
947 #ifdef SMTP
948 extern char SmtpError[];
949
950 statmsg = SmtpError;
951 #else SMTP
952 statmsg = NULL;
953 #endif SMTP
954 }
955 if (statmsg != NULL && statmsg[0] != '\0')
956 {
957 (void) strcat(buf, ": ");
958 (void) strcat(buf, statmsg);
959 }
960 statmsg = buf;
961 }
962 else
963 {
964 statmsg = SysExMsg[i];
965 }
966
967 /*
968 ** Print the message as appropriate
969 */
970
971 if (stat == EX_OK || stat == EX_TEMPFAIL)
972 message(Arpa_Info, &statmsg[4]);
973 else
974 {
975 Errors++;
976 usrerr(statmsg);
977 }
978
979 /*
980 ** Final cleanup.
981 ** Log a record of the transaction. Compute the new
982 ** ExitStat -- if we already had an error, stick with
983 ** that.
984 */
985
986 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
987 logdelivery(&statmsg[4]);
988
989 if (stat != EX_TEMPFAIL)
990 setstat(stat);
991 if (stat != EX_OK)
992 {
993 if (e->e_message != NULL)
994 free(e->e_message);
995 e->e_message = newstr(&statmsg[4]);
996 }
997 errno = 0;
998 }
999 �/*
1000 ** LOGDELIVERY -- log the delivery in the system log
1001 **
1002 ** Parameters:
1003 ** stat -- the message to print for the status
1004 **
1005 ** Returns:
1006 ** none
1007 **
1008 ** Side Effects:
1009 ** none
1010 */
1011
1012 logdelivery(stat)
1013 char *stat;
1014 {
1015 extern char *pintvl();
1016
1017 # ifdef LOG
1018 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1019 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1020 # endif LOG
1021 }
1022 �/*
1023 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1024 **
1025 ** This can be made an arbitrary message separator by changing $l
1026 **
1027 ** One of the ugliest hacks seen by human eyes is contained herein:
1028 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1029 ** does a well-meaning programmer such as myself have to deal with
1030 ** this kind of antique garbage????
1031 **
1032 ** Parameters:
1033 ** fp -- the file to output to.
1034 ** m -- the mailer describing this entry.
1035 **
1036 ** Returns:
1037 ** none
1038 **
1039 ** Side Effects:
1040 ** outputs some text to fp.
1041 */
1042
1043 putfromline(fp, m)
1044 register FILE *fp;
1045 register MAILER *m;
1046 {
1047 char *template = "\001l\n";
1048 char buf[MAXLINE];
1049
1050 if (bitnset(M_NHDR, m->m_flags))
1051 return;
1052
1053 # ifdef UGLYUUCP
1054 if (bitnset(M_UGLYUUCP, m->m_flags))
1055 {
1056 char *bang;
1057 char xbuf[MAXLINE];
1058
1059 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1060 bang = index(buf, '!');
1061 if (bang == NULL)
1062 syserr("No ! in UUCP! (%s)", buf);
1063 else
1064 {
1065 *bang++ = '\0';
1066 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1067 template = xbuf;
1068 }
1069 }
1070 # endif UGLYUUCP
1071 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1072 putline(buf, fp, m);
1073 }
1074 �/*
1075 ** PUTBODY -- put the body of a message.
1076 **
1077 ** Parameters:
1078 ** fp -- file to output onto.
1079 ** m -- a mailer descriptor to control output format.
1080 ** e -- the envelope to put out.
1081 **
1082 ** Returns:
1083 ** none.
1084 **
1085 ** Side Effects:
1086 ** The message is written onto fp.
1087 */
1088
1089 putbody(fp, m, e)
1090 FILE *fp;
1091 MAILER *m;
1092 register ENVELOPE *e;
1093 {
1094 char buf[MAXLINE];
1095
1096 /*
1097 ** Output the body of the message
1098 */
1099
1100 if (e->e_dfp == NULL)
1101 {
1102 if (e->e_df != NULL)
1103 {
1104 e->e_dfp = fopen(e->e_df, "r");
1105 if (e->e_dfp == NULL)
1106 syserr("Cannot open %s", e->e_df);
1107 }
1108 else
1109 putline("<<< No Message Collected >>>", fp, m);
1110 }
1111 if (e->e_dfp != NULL)
1112 {
1113 rewind(e->e_dfp);
1114 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1115 {
1116 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1117 strncmp(buf, "From", 4) == 0)
1118 (void) putc('>', fp);
1119 putline(buf, fp, m);
1120 }
1121
1122 if (ferror(e->e_dfp))
1123 {
1124 syserr("putbody: read error");
1125 ExitStat = EX_IOERR;
1126 }
1127 }
1128
1129 (void) fflush(fp);
1130 if (ferror(fp) && errno != EPIPE)
1131 {
1132 syserr("putbody: write error");
1133 ExitStat = EX_IOERR;
1134 }
1135 errno = 0;
1136 }
1137 �/*
1138 ** MAILFILE -- Send a message to a file.
1139 **
1140 ** If the file has the setuid/setgid bits set, but NO execute
1141 ** bits, sendmail will try to become the owner of that file
1142 ** rather than the real user. Obviously, this only works if
1143 ** sendmail runs as root.
1144 **
1145 ** This could be done as a subordinate mailer, except that it
1146 ** is used implicitly to save messages in ~/dead.letter. We
1147 ** view this as being sufficiently important as to include it
1148 ** here. For example, if the system is dying, we shouldn't have
1149 ** to create another process plus some pipes to save the message.
1150 **
1151 ** Parameters:
1152 ** filename -- the name of the file to send to.
1153 ** ctladdr -- the controlling address header -- includes
1154 ** the userid/groupid to be when sending.
1155 **
1156 ** Returns:
1157 ** The exit code associated with the operation.
1158 **
1159 ** Side Effects:
1160 ** none.
1161 */
1162
1163 mailfile(filename, ctladdr)
1164 char *filename;
1165 ADDRESS *ctladdr;
1166 {
1167 register FILE *f;
1168 register int pid;
1169
1170 /*
1171 ** Fork so we can change permissions here.
1172 ** Note that we MUST use fork, not vfork, because of
1173 ** the complications of calling subroutines, etc.
1174 */
1175
1176 DOFORK(fork);
1177
1178 if (pid < 0)
1179 return (EX_OSERR);
1180 else if (pid == 0)
1181 {
1182 /* child -- actually write to file */
1183 struct stat stb;
1184
1185 (void) signal(SIGINT, SIG_DFL);
1186 (void) signal(SIGHUP, SIG_DFL);
1187 (void) signal(SIGTERM, SIG_DFL);
1188 (void) umask(OldUmask);
1189 if (stat(filename, &stb) < 0)
1190 {
1191 errno = 0;
1192 stb.st_mode = 0666;
1193 }
1194 if (bitset(0111, stb.st_mode))
1195 exit(EX_CANTCREAT);
1196 if (ctladdr == NULL)
1197 ctladdr = &CurEnv->e_from;
1198 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1199 {
1200 if (ctladdr->q_uid == 0)
1201 (void) setgid(DefGid);
1202 else
1203 (void) setgid(ctladdr->q_gid);
1204 }
1205 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1206 {
1207 if (ctladdr->q_uid == 0)
1208 (void) setuid(DefUid);
1209 else
1210 (void) setuid(ctladdr->q_uid);
1211 }
1212 f = dfopen(filename, "a");
1213 if (f == NULL)
1214 exit(EX_CANTCREAT);
1215
1216 putfromline(f, ProgMailer);
1217 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1218 putline("\n", f, ProgMailer);
1219 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1220 putline("\n", f, ProgMailer);
1221 (void) fclose(f);
1222 (void) fflush(stdout);
1223
1224 /* reset ISUID & ISGID bits for paranoid systems */
1225 (void) chmod(filename, (int) stb.st_mode);
1226 exit(EX_OK);
1227 /*NOTREACHED*/
1228 }
1229 else
1230 {
1231 /* parent -- wait for exit status */
1232 int st;
1233
1234 st = waitfor(pid);
1235 if ((st & 0377) != 0)
1236 return (EX_UNAVAILABLE);
1237 else
1238 return ((st >> 8) & 0377);
1239 }
1240 }
1241 �/*
1242 ** SENDALL -- actually send all the messages.
1243 **
1244 ** Parameters:
1245 ** e -- the envelope to send.
1246 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1247 ** the current SendMode.
1248 **
1249 ** Returns:
1250 ** none.
1251 **
1252 ** Side Effects:
1253 ** Scans the send lists and sends everything it finds.
1254 ** Delivers any appropriate error messages.
1255 ** If we are running in a non-interactive mode, takes the
1256 ** appropriate action.
1257 */
1258
1259 sendall(e, mode)
1260 ENVELOPE *e;
1261 char mode;
1262 {
1263 register ADDRESS *q;
1264 bool oldverbose;
1265 int pid;
1266
1267 /* determine actual delivery mode */
1268 if (mode == SM_DEFAULT)
1269 {
1270 extern bool shouldqueue();
1271
1272 if (shouldqueue(e->e_msgpriority))
1273 mode = SM_QUEUE;
1274 else
1275 mode = SendMode;
1276 }
1277
1278 #ifdef DEBUG
1279 if (tTd(13, 1))
1280 {
1281 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1282 printaddr(e->e_sendqueue, TRUE);
1283 }
1284 #endif DEBUG
1285
1286 /*
1287 ** Do any preprocessing necessary for the mode we are running.
1288 ** Check to make sure the hop count is reasonable.
1289 ** Delete sends to the sender in mailing lists.
1290 */
1291
1292 CurEnv = e;
1293
1294 if (e->e_hopcount > MAXHOP)
1295 {
1296 syserr("sendall: too many hops (%d max)", MAXHOP);
1297 return;
1298 }
1299
1300 if (!MeToo)
1301 {
1302 extern ADDRESS *recipient();
1303
1304 e->e_from.q_flags |= QDONTSEND;
1305 (void) recipient(&e->e_from, &e->e_sendqueue);
1306 }
1307
1308 # ifdef QUEUE
1309 if ((mode == SM_QUEUE || mode == SM_FORK ||
1310 (mode != SM_VERIFY && SuperSafe)) &&
1311 !bitset(EF_INQUEUE, e->e_flags))
1312 queueup(e, TRUE, mode == SM_QUEUE);
1313 #endif QUEUE
1314
1315 oldverbose = Verbose;
1316 switch (mode)
1317 {
1318 case SM_VERIFY:
1319 Verbose = TRUE;
1320 break;
1321
1322 case SM_QUEUE:
1323 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1324 return;
1325
1326 case SM_FORK:
1327 if (e->e_xfp != NULL)
1328 (void) fflush(e->e_xfp);
1329 pid = fork();
1330 if (pid < 0)
1331 {
1332 mode = SM_DELIVER;
1333 break;
1334 }
1335 else if (pid > 0)
1336 {
1337 /* be sure we leave the temp files to our child */
1338 e->e_id = e->e_df = NULL;
1339 return;
1340 }
1341
1342 /* double fork to avoid zombies */
1343 if (fork() > 0)
1344 exit(EX_OK);
1345
1346 /* be sure we are immune from the terminal */
1347 disconnect(FALSE);
1348
1349 break;
1350 }
1351
1352 /*
1353 ** Run through the list and send everything.
1354 */
1355
1356 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1357 {
1358 if (mode == SM_VERIFY)
1359 {
1360 e->e_to = q->q_paddr;
1361 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1362 message(Arpa_Info, "deliverable");
1363 }
1364 else
1365 (void) deliver(e, q);
1366 }
1367 Verbose = oldverbose;
1368
1369 /*
1370 ** Now run through and check for errors.
1371 */
1372
1373 if (mode == SM_VERIFY)
1374 return;
1375
1376 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1377 {
1378 register ADDRESS *qq;
1379
1380 # ifdef DEBUG
1381 if (tTd(13, 3))
1382 {
1383 printf("Checking ");
1384 printaddr(q, FALSE);
1385 }
1386 # endif DEBUG
1387
1388 /* only send errors if the message failed */
1389 if (!bitset(QBADADDR, q->q_flags))
1390 continue;
1391
1392 /* we have an address that failed -- find the parent */
1393 for (qq = q; qq != NULL; qq = qq->q_alias)
1394 {
1395 char obuf[MAXNAME + 6];
1396 extern char *aliaslookup();
1397
1398 /* we can only have owners for local addresses */
1399 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1400 continue;
1401
1402 /* see if the owner list exists */
1403 (void) strcpy(obuf, "owner-");
1404 if (strncmp(qq->q_user, "owner-", 6) == 0)
1405 (void) strcat(obuf, "owner");
1406 else
1407 (void) strcat(obuf, qq->q_user);
1408 if (aliaslookup(obuf) == NULL)
1409 continue;
1410
1411 # ifdef DEBUG
1412 if (tTd(13, 4))
1413 printf("Errors to %s\n", obuf);
1414 # endif DEBUG
1415
1416 /* owner list exists -- add it to the error queue */
1417 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1418 ErrorMode = EM_MAIL;
1419 break;
1420 }
1421
1422 /* if we did not find an owner, send to the sender */
1423 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1424 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1425 }
1426
1427 if (mode == SM_FORK)
1428 finis();
1429 }
1430