1 /*
2 * Copyright (c) 1988 Regents of the University of California.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to the University of California at Berkeley. The name of the University
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
11 *
12 * Sendmail
13 * Copyright (c) 1983 Eric P. Allman
14 * Berkeley, California
15 */
16
17 #ifndef lint
18 static char sccsid[] = "@(#)deliver.c 5.19 (Berkeley) 04/01/88";
19 #endif /* not lint */
20
21 #include <sendmail.h>
22 #include <sys/signal.h>
23 #include <sys/stat.h>
24 #include <netdb.h>
25 #include <errno.h>
26
27 /*
28 ** DELIVER -- Deliver a message to a list of addresses.
29 **
30 ** This routine delivers to everyone on the same host as the
31 ** user on the head of the list. It is clever about mailers
32 ** that don't handle multiple users. It is NOT guaranteed
33 ** that it will deliver to all these addresses however -- so
34 ** deliver should be called once for each address on the
35 ** list.
36 **
37 ** Parameters:
38 ** e -- the envelope to deliver.
39 ** firstto -- head of the address list to deliver to.
40 **
41 ** Returns:
42 ** zero -- successfully delivered.
43 ** else -- some failure, see ExitStat for more info.
44 **
45 ** Side Effects:
46 ** The standard input is passed off to someone.
47 */
48
49 deliver(e, firstto)
50 register ENVELOPE *e;
51 ADDRESS *firstto;
52 {
53 char *host; /* host being sent to */
54 char *user; /* user being sent to */
55 char **pvp;
56 register char **mvp;
57 register char *p;
58 register MAILER *m; /* mailer for this recipient */
59 ADDRESS *ctladdr;
60 register ADDRESS *to = firstto;
61 bool clever = FALSE; /* running user smtp to this mailer */
62 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
63 int rcode; /* response code */
64 char *pv[MAXPV+1];
65 char tobuf[MAXLINE-50]; /* text line of to people */
66 char buf[MAXNAME];
67 char tfrombuf[MAXNAME]; /* translated from person */
68 extern bool checkcompat();
69 extern ADDRESS *getctladdr();
70 extern char *remotename();
71
72 errno = 0;
73 if (bitset(QDONTSEND, to->q_flags))
74 return (0);
75
76 m = to->q_mailer;
77 host = to->q_host;
78
79 # ifdef DEBUG
80 if (tTd(10, 1))
81 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
82 m->m_mno, host, to->q_user);
83 # endif DEBUG
84
85 /*
86 ** If this mailer is expensive, and if we don't want to make
87 ** connections now, just mark these addresses and return.
88 ** This is useful if we want to batch connections to
89 ** reduce load. This will cause the messages to be
90 ** queued up, and a daemon will come along to send the
91 ** messages later.
92 ** This should be on a per-mailer basis.
93 */
94
95 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
96 !Verbose)
97 {
98 for (; to != NULL; to = to->q_next)
99 {
100 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
101 continue;
102 to->q_flags |= QQUEUEUP|QDONTSEND;
103 e->e_to = to->q_paddr;
104 message(Arpa_Info, "queued");
105 if (LogLevel > 4)
106 logdelivery("queued");
107 }
108 e->e_to = NULL;
109 return (0);
110 }
111
112 /*
113 ** Do initial argv setup.
114 ** Insert the mailer name. Notice that $x expansion is
115 ** NOT done on the mailer name. Then, if the mailer has
116 ** a picky -f flag, we insert it as appropriate. This
117 ** code does not check for 'pv' overflow; this places a
118 ** manifest lower limit of 4 for MAXPV.
119 ** The from address rewrite is expected to make
120 ** the address relative to the other end.
121 */
122
123 /* rewrite from address, using rewriting rules */
124 expand("\001f", buf, &buf[sizeof buf - 1], e);
125 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
126
127 define('g', tfrombuf, e); /* translated sender address */
128 define('h', host, e); /* to host */
129 Errors = 0;
130 pvp = pv;
131 *pvp++ = m->m_argv[0];
132
133 /* insert -f or -r flag as appropriate */
134 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
135 {
136 if (bitnset(M_FOPT, m->m_flags))
137 *pvp++ = "-f";
138 else
139 *pvp++ = "-r";
140 expand("\001g", buf, &buf[sizeof buf - 1], e);
141 *pvp++ = newstr(buf);
142 }
143
144 /*
145 ** Append the other fixed parts of the argv. These run
146 ** up to the first entry containing "$u". There can only
147 ** be one of these, and there are only a few more slots
148 ** in the pv after it.
149 */
150
151 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
152 {
153 while ((p = index(p, '\001')) != NULL)
154 if (*++p == 'u')
155 break;
156 if (p != NULL)
157 break;
158
159 /* this entry is safe -- go ahead and process it */
160 expand(*mvp, buf, &buf[sizeof buf - 1], e);
161 *pvp++ = newstr(buf);
162 if (pvp >= &pv[MAXPV - 3])
163 {
164 syserr("Too many parameters to %s before $u", pv[0]);
165 return (-1);
166 }
167 }
168
169 /*
170 ** If we have no substitution for the user name in the argument
171 ** list, we know that we must supply the names otherwise -- and
172 ** SMTP is the answer!!
173 */
174
175 if (*mvp == NULL)
176 {
177 /* running SMTP */
178 # ifdef SMTP
179 clever = TRUE;
180 *pvp = NULL;
181 # else SMTP
182 /* oops! we don't implement SMTP */
183 syserr("SMTP style mailer");
184 return (EX_SOFTWARE);
185 # endif SMTP
186 }
187
188 /*
189 ** At this point *mvp points to the argument with $u. We
190 ** run through our address list and append all the addresses
191 ** we can. If we run out of space, do not fret! We can
192 ** always send another copy later.
193 */
194
195 tobuf[0] = '\0';
196 e->e_to = tobuf;
197 ctladdr = NULL;
198 for (; to != NULL; to = to->q_next)
199 {
200 /* avoid sending multiple recipients to dumb mailers */
201 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
202 break;
203
204 /* if already sent or not for this host, don't send */
205 if (bitset(QDONTSEND, to->q_flags) ||
206 strcmp(to->q_host, host) != 0 ||
207 to->q_mailer != firstto->q_mailer)
208 continue;
209
210 /* avoid overflowing tobuf */
211 if (sizeof tobuf - (strlen(to->q_paddr) + strlen(tobuf) + 2) < 0)
212 break;
213
214 # ifdef DEBUG
215 if (tTd(10, 1))
216 {
217 printf("\nsend to ");
218 printaddr(to, FALSE);
219 }
220 # endif DEBUG
221
222 /* compute effective uid/gid when sending */
223 if (to->q_mailer == ProgMailer)
224 ctladdr = getctladdr(to);
225
226 user = to->q_user;
227 e->e_to = to->q_paddr;
228 to->q_flags |= QDONTSEND;
229
230 /*
231 ** Check to see that these people are allowed to
232 ** talk to each other.
233 */
234
235 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
236 {
237 NoReturn = TRUE;
238 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
239 giveresponse(EX_UNAVAILABLE, m, e);
240 continue;
241 }
242 if (!checkcompat(to))
243 {
244 giveresponse(EX_UNAVAILABLE, m, e);
245 continue;
246 }
247
248 /*
249 ** Strip quote bits from names if the mailer is dumb
250 ** about them.
251 */
252
253 if (bitnset(M_STRIPQ, m->m_flags))
254 {
255 stripquotes(user, TRUE);
256 stripquotes(host, TRUE);
257 }
258 else
259 {
260 stripquotes(user, FALSE);
261 stripquotes(host, FALSE);
262 }
263
264 /* hack attack -- delivermail compatibility */
265 if (m == ProgMailer && *user == '|')
266 user++;
267
268 /*
269 ** If an error message has already been given, don't
270 ** bother to send to this address.
271 **
272 ** >>>>>>>>>> This clause assumes that the local mailer
273 ** >> NOTE >> cannot do any further aliasing; that
274 ** >>>>>>>>>> function is subsumed by sendmail.
275 */
276
277 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
278 continue;
279
280 /* save statistics.... */
281 markstats(e, to);
282
283 /*
284 ** See if this user name is "special".
285 ** If the user name has a slash in it, assume that this
286 ** is a file -- send it off without further ado. Note
287 ** that this type of addresses is not processed along
288 ** with the others, so we fudge on the To person.
289 */
290
291 if (m == LocalMailer)
292 {
293 if (user[0] == '/')
294 {
295 rcode = mailfile(user, getctladdr(to));
296 giveresponse(rcode, m, e);
297 continue;
298 }
299 }
300
301 /*
302 ** Address is verified -- add this user to mailer
303 ** argv, and add it to the print list of recipients.
304 */
305
306 /* link together the chain of recipients */
307 to->q_tchain = tochain;
308 tochain = to;
309
310 /* create list of users for error messages */
311 (void) strcat(tobuf, ",");
312 (void) strcat(tobuf, to->q_paddr);
313 define('u', user, e); /* to user */
314 define('z', to->q_home, e); /* user's home */
315
316 /*
317 ** Expand out this user into argument list.
318 */
319
320 if (!clever)
321 {
322 expand(*mvp, buf, &buf[sizeof buf - 1], e);
323 *pvp++ = newstr(buf);
324 if (pvp >= &pv[MAXPV - 2])
325 {
326 /* allow some space for trailing parms */
327 break;
328 }
329 }
330 }
331
332 /* see if any addresses still exist */
333 if (tobuf[0] == '\0')
334 {
335 define('g', (char *) NULL, e);
336 return (0);
337 }
338
339 /* print out messages as full list */
340 e->e_to = tobuf + 1;
341
342 /*
343 ** Fill out any parameters after the $u parameter.
344 */
345
346 while (!clever && *++mvp != NULL)
347 {
348 expand(*mvp, buf, &buf[sizeof buf - 1], e);
349 *pvp++ = newstr(buf);
350 if (pvp >= &pv[MAXPV])
351 syserr("deliver: pv overflow after $u for %s", pv[0]);
352 }
353 *pvp++ = NULL;
354
355 /*
356 ** Call the mailer.
357 ** The argument vector gets built, pipes
358 ** are created as necessary, and we fork & exec as
359 ** appropriate.
360 ** If we are running SMTP, we just need to clean up.
361 */
362
363 if (ctladdr == NULL)
364 ctladdr = &e->e_from;
365 #ifdef SMTP
366 if (clever) {
367 expand("\001w", buf, &buf[sizeof(buf) - 1], e);
368 rcode = EX_OK;
369 if (host[0] == '[') {
370 Nmx = 1;
371 MxHosts[0] = host;
372 }
373 else if ((Nmx = getmxrr(host, MxHosts, buf, &rcode)) >= 0 &&
374 (rcode = smtpinit(m, pv)) == EX_OK) {
375 message(Arpa_Info, "Connecting to %s.%s...", MxHosts[0],
376 m->m_name);
377 /* send the recipient list */
378 tobuf[0] = '\0';
379 for (to = tochain; to; to = to->q_tchain) {
380 register int i;
381 register char *t = tobuf;
382
383 e->e_to = to->q_paddr;
384 i = smtprcpt(to, m);
385 if (i != EX_OK) {
386 markfailure(e, to, i);
387 giveresponse(i, m, e);
388 }
389 else {
390 *t++ = ',';
391 for (p = to->q_paddr; *p; *t++ = *p++);
392 }
393 }
394
395 /* now send the data */
396 if (tobuf[0] == '\0')
397 e->e_to = NULL;
398 else {
399 e->e_to = tobuf + 1;
400 rcode = smtpdata(m, e);
401 }
402
403 /* now close the connection */
404 smtpquit(m);
405 }
406 }
407 else
408 #endif /* SMTP */
409 {
410 message(Arpa_Info, "Connecting to %s.%s...", host, m->m_name);
411 rcode = sendoff(e, m, pv, ctladdr);
412 }
413
414 /*
415 ** Do final status disposal.
416 ** We check for something in tobuf for the SMTP case.
417 ** If we got a temporary failure, arrange to queue the
418 ** addressees.
419 */
420
421 if (tobuf[0] != '\0')
422 giveresponse(rcode, m, e);
423 if (rcode != EX_OK)
424 for (to = tochain; to != NULL; to = to->q_tchain)
425 markfailure(e, to, rcode);
426
427 errno = 0;
428 define('g', (char *) NULL, e);
429 return (rcode);
430 }
431 �/*
432 ** MARKFAILURE -- mark a failure on a specific address.
433 **
434 ** Parameters:
435 ** e -- the envelope we are sending.
436 ** q -- the address to mark.
437 ** rcode -- the code signifying the particular failure.
438 **
439 ** Returns:
440 ** none.
441 **
442 ** Side Effects:
443 ** marks the address (and possibly the envelope) with the
444 ** failure so that an error will be returned or
445 ** the message will be queued, as appropriate.
446 */
447
448 markfailure(e, q, rcode)
449 register ENVELOPE *e;
450 register ADDRESS *q;
451 int rcode;
452 {
453 if (rcode == EX_OK)
454 return;
455 else if (rcode != EX_TEMPFAIL)
456 q->q_flags |= QBADADDR;
457 else if (curtime() > e->e_ctime + TimeOut)
458 {
459 extern char *pintvl();
460 char buf[MAXLINE];
461
462 if (!bitset(EF_TIMEOUT, e->e_flags))
463 {
464 (void) sprintf(buf, "Cannot send message for %s",
465 pintvl(TimeOut, FALSE));
466 if (e->e_message != NULL)
467 free(e->e_message);
468 e->e_message = newstr(buf);
469 message(Arpa_Info, buf);
470 }
471 q->q_flags |= QBADADDR;
472 e->e_flags |= EF_TIMEOUT;
473 }
474 else
475 q->q_flags |= QQUEUEUP;
476 }
477 �/*
478 ** DOFORK -- do a fork, retrying a couple of times on failure.
479 **
480 ** This MUST be a macro, since after a vfork we are running
481 ** two processes on the same stack!!!
482 **
483 ** Parameters:
484 ** none.
485 **
486 ** Returns:
487 ** From a macro??? You've got to be kidding!
488 **
489 ** Side Effects:
490 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
491 ** pid of child in parent, zero in child.
492 ** -1 on unrecoverable error.
493 **
494 ** Notes:
495 ** I'm awfully sorry this looks so awful. That's
496 ** vfork for you.....
497 */
498
499 # define NFORKTRIES 5
500 # ifdef VMUNIX
501 # define XFORK vfork
502 # else VMUNIX
503 # define XFORK fork
504 # endif VMUNIX
505
506 # define DOFORK(fORKfN) \
507 {\
508 register int i;\
509 \
510 for (i = NFORKTRIES; --i >= 0; )\
511 {\
512 pid = fORKfN();\
513 if (pid >= 0)\
514 break;\
515 if (i > 0)\
516 sleep((unsigned) NFORKTRIES - i);\
517 }\
518 }
519 �/*
520 ** DOFORK -- simple fork interface to DOFORK.
521 **
522 ** Parameters:
523 ** none.
524 **
525 ** Returns:
526 ** pid of child in parent.
527 ** zero in child.
528 ** -1 on error.
529 **
530 ** Side Effects:
531 ** returns twice, once in parent and once in child.
532 */
533
534 dofork()
535 {
536 register int pid;
537
538 DOFORK(fork);
539 return (pid);
540 }
541 �/*
542 ** SENDOFF -- send off call to mailer & collect response.
543 **
544 ** Parameters:
545 ** e -- the envelope to mail.
546 ** m -- mailer descriptor.
547 ** pvp -- parameter vector to send to it.
548 ** ctladdr -- an address pointer controlling the
549 ** user/groupid etc. of the mailer.
550 **
551 ** Returns:
552 ** exit status of mailer.
553 **
554 ** Side Effects:
555 ** none.
556 */
557
558 sendoff(e, m, pvp, ctladdr)
559 register ENVELOPE *e;
560 MAILER *m;
561 char **pvp;
562 ADDRESS *ctladdr;
563 {
564 auto FILE *mfile;
565 auto FILE *rfile;
566 register int i;
567 int pid;
568
569 /*
570 ** Create connection to mailer.
571 */
572
573 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
574 if (pid < 0)
575 return (-1);
576
577 /*
578 ** Format and send message.
579 */
580
581 putfromline(mfile, m);
582 (*e->e_puthdr)(mfile, m, e);
583 putline("\n", mfile, m);
584 (*e->e_putbody)(mfile, m, e);
585 (void) fclose(mfile);
586
587 i = endmailer(pid, pvp[0]);
588
589 /* arrange a return receipt if requested */
590 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
591 {
592 e->e_flags |= EF_SENDRECEIPT;
593 /* do we want to send back more info? */
594 }
595
596 return (i);
597 }
598 �/*
599 ** ENDMAILER -- Wait for mailer to terminate.
600 **
601 ** We should never get fatal errors (e.g., segmentation
602 ** violation), so we report those specially. For other
603 ** errors, we choose a status message (into statmsg),
604 ** and if it represents an error, we print it.
605 **
606 ** Parameters:
607 ** pid -- pid of mailer.
608 ** name -- name of mailer (for error messages).
609 **
610 ** Returns:
611 ** exit code of mailer.
612 **
613 ** Side Effects:
614 ** none.
615 */
616
617 endmailer(pid, name)
618 int pid;
619 char *name;
620 {
621 int st;
622
623 /* in the IPC case there is nothing to wait for */
624 if (pid == 0)
625 return (EX_OK);
626
627 /* wait for the mailer process to die and collect status */
628 st = waitfor(pid);
629 if (st == -1)
630 {
631 syserr("endmailer %s: wait", name);
632 return (EX_SOFTWARE);
633 }
634
635 /* see if it died a horrid death */
636 if ((st & 0377) != 0)
637 {
638 syserr("mailer %s died with signal %o", name, st);
639 ExitStat = EX_TEMPFAIL;
640 return (EX_TEMPFAIL);
641 }
642
643 /* normal death -- return status */
644 st = (st >> 8) & 0377;
645 return (st);
646 }
647 �/*
648 ** OPENMAILER -- open connection to mailer.
649 **
650 ** Parameters:
651 ** m -- mailer descriptor.
652 ** pvp -- parameter vector to pass to mailer.
653 ** ctladdr -- controlling address for user.
654 ** clever -- create a full duplex connection.
655 ** pmfile -- pointer to mfile (to mailer) connection.
656 ** prfile -- pointer to rfile (from mailer) connection.
657 **
658 ** Returns:
659 ** pid of mailer ( > 0 ).
660 ** -1 on error.
661 ** zero on an IPC connection.
662 **
663 ** Side Effects:
664 ** creates a mailer in a subprocess.
665 */
666
667 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
668 MAILER *m;
669 char **pvp;
670 ADDRESS *ctladdr;
671 bool clever;
672 FILE **pmfile;
673 FILE **prfile;
674 {
675 int pid;
676 int mpvect[2];
677 int rpvect[2];
678 FILE *mfile;
679 FILE *rfile;
680 extern FILE *fdopen();
681
682 # ifdef DEBUG
683 if (tTd(11, 1))
684 {
685 printf("openmailer:");
686 printav(pvp);
687 }
688 # endif DEBUG
689 errno = 0;
690
691 CurHostName = m->m_mailer;
692
693 /*
694 ** Deal with the special case of mail handled through an IPC
695 ** connection.
696 ** In this case we don't actually fork. We must be
697 ** running SMTP for this to work. We will return a
698 ** zero pid to indicate that we are running IPC.
699 ** We also handle a debug version that just talks to stdin/out.
700 */
701
702 #ifdef DEBUG
703 /* check for Local Person Communication -- not for mortals!!! */
704 if (strcmp(m->m_mailer, "[LPC]") == 0)
705 {
706 *pmfile = stdout;
707 *prfile = stdin;
708 return (0);
709 }
710 #endif DEBUG
711
712 if (strcmp(m->m_mailer, "[IPC]") == 0)
713 {
714 #ifdef HOSTINFO
715 register STAB *st;
716 extern STAB *stab();
717 #endif HOSTINFO
718 #ifdef DAEMON
719 register int i, j;
720 register u_short port;
721
722 CurHostName = pvp[1];
723 if (!clever)
724 syserr("non-clever IPC");
725 if (pvp[2] != NULL)
726 port = atoi(pvp[2]);
727 else
728 port = 0;
729 for (j = 0; j < Nmx; j++)
730 {
731 CurHostName = MxHosts[j];
732 #ifdef HOSTINFO
733 /* see if we have already determined that this host is fried */
734 st = stab(MxHosts[j], ST_HOST, ST_FIND);
735 if (st == NULL || st->s_host.ho_exitstat == EX_OK)
736 i = makeconnection(MxHosts[j], port, pmfile, prfile);
737 else
738 {
739 i = st->s_host.ho_exitstat;
740 errno = st->s_host.ho_errno;
741 }
742 #else HOSTINFO
743 i = makeconnection(MxHosts[j], port, pmfile, prfile);
744 #endif HOSTINFO
745 if (i != EX_OK)
746 {
747 #ifdef HOSTINFO
748 /* enter status of this host */
749 if (st == NULL)
750 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
751 st->s_host.ho_exitstat = i;
752 st->s_host.ho_errno = errno;
753 #endif HOSTINFO
754 ExitStat = i;
755 continue;
756 }
757 else
758 return (0);
759 }
760 return (-1);
761 #else DAEMON
762 syserr("openmailer: no IPC");
763 return (-1);
764 #endif DAEMON
765 }
766
767 /* create a pipe to shove the mail through */
768 if (pipe(mpvect) < 0)
769 {
770 syserr("openmailer: pipe (to mailer)");
771 return (-1);
772 }
773
774 #ifdef SMTP
775 /* if this mailer speaks smtp, create a return pipe */
776 if (clever && pipe(rpvect) < 0)
777 {
778 syserr("openmailer: pipe (from mailer)");
779 (void) close(mpvect[0]);
780 (void) close(mpvect[1]);
781 return (-1);
782 }
783 #endif SMTP
784
785 /*
786 ** Actually fork the mailer process.
787 ** DOFORK is clever about retrying.
788 **
789 ** Dispose of SIGCHLD signal catchers that may be laying
790 ** around so that endmail will get it.
791 */
792
793 if (CurEnv->e_xfp != NULL)
794 (void) fflush(CurEnv->e_xfp); /* for debugging */
795 (void) fflush(stdout);
796 # ifdef SIGCHLD
797 (void) signal(SIGCHLD, SIG_DFL);
798 # endif SIGCHLD
799 DOFORK(XFORK);
800 /* pid is set by DOFORK */
801 if (pid < 0)
802 {
803 /* failure */
804 syserr("openmailer: cannot fork");
805 (void) close(mpvect[0]);
806 (void) close(mpvect[1]);
807 #ifdef SMTP
808 if (clever)
809 {
810 (void) close(rpvect[0]);
811 (void) close(rpvect[1]);
812 }
813 #endif SMTP
814 return (-1);
815 }
816 else if (pid == 0)
817 {
818 int i;
819 extern int DtableSize;
820
821 /* child -- set up input & exec mailer */
822 /* make diagnostic output be standard output */
823 (void) signal(SIGINT, SIG_IGN);
824 (void) signal(SIGHUP, SIG_IGN);
825 (void) signal(SIGTERM, SIG_DFL);
826
827 /* arrange to filter standard & diag output of command */
828 if (clever)
829 {
830 (void) close(rpvect[0]);
831 (void) close(1);
832 (void) dup(rpvect[1]);
833 (void) close(rpvect[1]);
834 }
835 else if (OpMode == MD_SMTP || HoldErrs)
836 {
837 /* put mailer output in transcript */
838 (void) close(1);
839 (void) dup(fileno(CurEnv->e_xfp));
840 }
841 (void) close(2);
842 (void) dup(1);
843
844 /* arrange to get standard input */
845 (void) close(mpvect[1]);
846 (void) close(0);
847 if (dup(mpvect[0]) < 0)
848 {
849 syserr("Cannot dup to zero!");
850 _exit(EX_OSERR);
851 }
852 (void) close(mpvect[0]);
853 if (!bitnset(M_RESTR, m->m_flags))
854 {
855 if (ctladdr == NULL || ctladdr->q_uid == 0)
856 {
857 (void) setgid(DefGid);
858 (void) setuid(DefUid);
859 }
860 else
861 {
862 (void) setgid(ctladdr->q_gid);
863 (void) setuid(ctladdr->q_uid);
864 }
865 }
866
867 /* arrange for all the files to be closed */
868 for (i = 3; i < DtableSize; i++)
869 #ifdef FIOCLEX
870 (void) ioctl(i, FIOCLEX, 0);
871 #else FIOCLEX
872 (void) close(i);
873 #endif FIOCLEX
874
875 /* try to execute the mailer */
876 execve(m->m_mailer, pvp, UserEnviron);
877
878 #ifdef FIOCLEX
879 syserr("Cannot exec %s", m->m_mailer);
880 #else FIOCLEX
881 printf("Cannot exec '%s' errno=%d\n", m->m_mailer, errno);
882 (void) fflush(stdout);
883 #endif FIOCLEX
884 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
885 errno == ENOMEM || errno == EPROCLIM)
886 _exit(EX_TEMPFAIL);
887 else
888 _exit(EX_UNAVAILABLE);
889 }
890
891 /*
892 ** Set up return value.
893 */
894
895 (void) close(mpvect[0]);
896 mfile = fdopen(mpvect[1], "w");
897 if (clever)
898 {
899 (void) close(rpvect[1]);
900 rfile = fdopen(rpvect[0], "r");
901 }
902
903 *pmfile = mfile;
904 *prfile = rfile;
905
906 return (pid);
907 }
908 �/*
909 ** GIVERESPONSE -- Interpret an error response from a mailer
910 **
911 ** Parameters:
912 ** stat -- the status code from the mailer (high byte
913 ** only; core dumps must have been taken care of
914 ** already).
915 ** m -- the mailer descriptor for this mailer.
916 **
917 ** Returns:
918 ** none.
919 **
920 ** Side Effects:
921 ** Errors may be incremented.
922 ** ExitStat may be set.
923 */
924
925 giveresponse(stat, m, e)
926 int stat;
927 register MAILER *m;
928 ENVELOPE *e;
929 {
930 register char *statmsg;
931 extern char *SysExMsg[];
932 register int i;
933 extern int N_SysEx, h_errno;
934 char buf[MAXLINE];
935
936 #ifdef lint
937 if (m == NULL)
938 return;
939 #endif lint
940
941 /*
942 ** Compute status message from code.
943 */
944
945 i = stat - EX__BASE;
946 if (stat == 0)
947 statmsg = "250 Sent";
948 else if (i < 0 || i > N_SysEx)
949 {
950 (void) sprintf(buf, "554 unknown mailer error %d", stat);
951 stat = EX_UNAVAILABLE;
952 statmsg = buf;
953 }
954 else if (stat == EX_TEMPFAIL)
955 {
956 (void) strcpy(buf, SysExMsg[i]);
957 if (h_errno == TRY_AGAIN)
958 {
959 extern char *errstring();
960
961 statmsg = errstring(h_errno+MAX_ERRNO);
962 }
963 else
964 {
965 if (errno != 0)
966 {
967 extern char *errstring();
968
969 statmsg = errstring(errno);
970 }
971 else
972 {
973 #ifdef SMTP
974 extern char SmtpError[];
975
976 statmsg = SmtpError;
977 #else SMTP
978 statmsg = NULL;
979 #endif SMTP
980 }
981 }
982 if (statmsg != NULL && statmsg[0] != '\0')
983 {
984 (void) strcat(buf, ": ");
985 (void) strcat(buf, statmsg);
986 }
987 statmsg = buf;
988 }
989 else
990 {
991 statmsg = SysExMsg[i];
992 }
993
994 /*
995 ** Print the message as appropriate
996 */
997
998 if (stat == EX_OK || stat == EX_TEMPFAIL)
999 message(Arpa_Info, &statmsg[4]);
1000 else
1001 {
1002 Errors++;
1003 usrerr(statmsg);
1004 }
1005
1006 /*
1007 ** Final cleanup.
1008 ** Log a record of the transaction. Compute the new
1009 ** ExitStat -- if we already had an error, stick with
1010 ** that.
1011 */
1012
1013 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1014 logdelivery(&statmsg[4]);
1015
1016 if (stat != EX_TEMPFAIL)
1017 setstat(stat);
1018 if (stat != EX_OK)
1019 {
1020 if (e->e_message != NULL)
1021 free(e->e_message);
1022 e->e_message = newstr(&statmsg[4]);
1023 }
1024 errno = 0;
1025 h_errno = 0;
1026 }
1027 �/*
1028 ** LOGDELIVERY -- log the delivery in the system log
1029 **
1030 ** Parameters:
1031 ** stat -- the message to print for the status
1032 **
1033 ** Returns:
1034 ** none
1035 **
1036 ** Side Effects:
1037 ** none
1038 */
1039
1040 logdelivery(stat)
1041 char *stat;
1042 {
1043 extern char *pintvl();
1044
1045 # ifdef LOG
1046 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1047 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1048 # endif LOG
1049 }
1050 �/*
1051 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1052 **
1053 ** This can be made an arbitrary message separator by changing $l
1054 **
1055 ** One of the ugliest hacks seen by human eyes is contained herein:
1056 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1057 ** does a well-meaning programmer such as myself have to deal with
1058 ** this kind of antique garbage????
1059 **
1060 ** Parameters:
1061 ** fp -- the file to output to.
1062 ** m -- the mailer describing this entry.
1063 **
1064 ** Returns:
1065 ** none
1066 **
1067 ** Side Effects:
1068 ** outputs some text to fp.
1069 */
1070
1071 putfromline(fp, m)
1072 register FILE *fp;
1073 register MAILER *m;
1074 {
1075 char *template = "\001l\n";
1076 char buf[MAXLINE];
1077
1078 if (bitnset(M_NHDR, m->m_flags))
1079 return;
1080
1081 # ifdef UGLYUUCP
1082 if (bitnset(M_UGLYUUCP, m->m_flags))
1083 {
1084 char *bang;
1085 char xbuf[MAXLINE];
1086
1087 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1088 bang = index(buf, '!');
1089 if (bang == NULL)
1090 syserr("No ! in UUCP! (%s)", buf);
1091 else
1092 {
1093 *bang++ = '\0';
1094 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1095 template = xbuf;
1096 }
1097 }
1098 # endif UGLYUUCP
1099 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1100 putline(buf, fp, m);
1101 }
1102 �/*
1103 ** PUTBODY -- put the body of a message.
1104 **
1105 ** Parameters:
1106 ** fp -- file to output onto.
1107 ** m -- a mailer descriptor to control output format.
1108 ** e -- the envelope to put out.
1109 **
1110 ** Returns:
1111 ** none.
1112 **
1113 ** Side Effects:
1114 ** The message is written onto fp.
1115 */
1116
1117 putbody(fp, m, e)
1118 FILE *fp;
1119 MAILER *m;
1120 register ENVELOPE *e;
1121 {
1122 char buf[MAXLINE];
1123
1124 /*
1125 ** Output the body of the message
1126 */
1127
1128 if (e->e_dfp == NULL)
1129 {
1130 if (e->e_df != NULL)
1131 {
1132 e->e_dfp = fopen(e->e_df, "r");
1133 if (e->e_dfp == NULL)
1134 syserr("Cannot open %s", e->e_df);
1135 }
1136 else
1137 putline("<<< No Message Collected >>>", fp, m);
1138 }
1139 if (e->e_dfp != NULL)
1140 {
1141 rewind(e->e_dfp);
1142 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1143 {
1144 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1145 strncmp(buf, "From", 4) == 0)
1146 (void) putc('>', fp);
1147 putline(buf, fp, m);
1148 }
1149
1150 if (ferror(e->e_dfp))
1151 {
1152 syserr("putbody: read error");
1153 ExitStat = EX_IOERR;
1154 }
1155 }
1156
1157 (void) fflush(fp);
1158 if (ferror(fp) && errno != EPIPE)
1159 {
1160 syserr("putbody: write error");
1161 ExitStat = EX_IOERR;
1162 }
1163 errno = 0;
1164 }
1165 �/*
1166 ** MAILFILE -- Send a message to a file.
1167 **
1168 ** If the file has the setuid/setgid bits set, but NO execute
1169 ** bits, sendmail will try to become the owner of that file
1170 ** rather than the real user. Obviously, this only works if
1171 ** sendmail runs as root.
1172 **
1173 ** This could be done as a subordinate mailer, except that it
1174 ** is used implicitly to save messages in ~/dead.letter. We
1175 ** view this as being sufficiently important as to include it
1176 ** here. For example, if the system is dying, we shouldn't have
1177 ** to create another process plus some pipes to save the message.
1178 **
1179 ** Parameters:
1180 ** filename -- the name of the file to send to.
1181 ** ctladdr -- the controlling address header -- includes
1182 ** the userid/groupid to be when sending.
1183 **
1184 ** Returns:
1185 ** The exit code associated with the operation.
1186 **
1187 ** Side Effects:
1188 ** none.
1189 */
1190
1191 mailfile(filename, ctladdr)
1192 char *filename;
1193 ADDRESS *ctladdr;
1194 {
1195 register FILE *f;
1196 register int pid;
1197
1198 /*
1199 ** Fork so we can change permissions here.
1200 ** Note that we MUST use fork, not vfork, because of
1201 ** the complications of calling subroutines, etc.
1202 */
1203
1204 DOFORK(fork);
1205
1206 if (pid < 0)
1207 return (EX_OSERR);
1208 else if (pid == 0)
1209 {
1210 /* child -- actually write to file */
1211 struct stat stb;
1212
1213 (void) signal(SIGINT, SIG_DFL);
1214 (void) signal(SIGHUP, SIG_DFL);
1215 (void) signal(SIGTERM, SIG_DFL);
1216 (void) umask(OldUmask);
1217 if (stat(filename, &stb) < 0)
1218 {
1219 errno = 0;
1220 stb.st_mode = 0666;
1221 }
1222 if (bitset(0111, stb.st_mode))
1223 exit(EX_CANTCREAT);
1224 if (ctladdr == NULL)
1225 ctladdr = &CurEnv->e_from;
1226 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1227 {
1228 if (ctladdr->q_uid == 0)
1229 (void) setgid(DefGid);
1230 else
1231 (void) setgid(ctladdr->q_gid);
1232 }
1233 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1234 {
1235 if (ctladdr->q_uid == 0)
1236 (void) setuid(DefUid);
1237 else
1238 (void) setuid(ctladdr->q_uid);
1239 }
1240 f = dfopen(filename, "a");
1241 if (f == NULL)
1242 exit(EX_CANTCREAT);
1243
1244 putfromline(f, ProgMailer);
1245 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1246 putline("\n", f, ProgMailer);
1247 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1248 putline("\n", f, ProgMailer);
1249 (void) fclose(f);
1250 (void) fflush(stdout);
1251
1252 /* reset ISUID & ISGID bits for paranoid systems */
1253 (void) chmod(filename, (int) stb.st_mode);
1254 exit(EX_OK);
1255 /*NOTREACHED*/
1256 }
1257 else
1258 {
1259 /* parent -- wait for exit status */
1260 int st;
1261
1262 st = waitfor(pid);
1263 if ((st & 0377) != 0)
1264 return (EX_UNAVAILABLE);
1265 else
1266 return ((st >> 8) & 0377);
1267 }
1268 }
1269 �/*
1270 ** SENDALL -- actually send all the messages.
1271 **
1272 ** Parameters:
1273 ** e -- the envelope to send.
1274 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1275 ** the current SendMode.
1276 **
1277 ** Returns:
1278 ** none.
1279 **
1280 ** Side Effects:
1281 ** Scans the send lists and sends everything it finds.
1282 ** Delivers any appropriate error messages.
1283 ** If we are running in a non-interactive mode, takes the
1284 ** appropriate action.
1285 */
1286
1287 sendall(e, mode)
1288 ENVELOPE *e;
1289 char mode;
1290 {
1291 register ADDRESS *q;
1292 bool oldverbose;
1293 int pid;
1294
1295 /* determine actual delivery mode */
1296 if (mode == SM_DEFAULT)
1297 {
1298 extern bool shouldqueue();
1299
1300 if (shouldqueue(e->e_msgpriority))
1301 mode = SM_QUEUE;
1302 else
1303 mode = SendMode;
1304 }
1305
1306 #ifdef DEBUG
1307 if (tTd(13, 1))
1308 {
1309 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1310 printaddr(e->e_sendqueue, TRUE);
1311 }
1312 #endif DEBUG
1313
1314 /*
1315 ** Do any preprocessing necessary for the mode we are running.
1316 ** Check to make sure the hop count is reasonable.
1317 ** Delete sends to the sender in mailing lists.
1318 */
1319
1320 CurEnv = e;
1321
1322 if (e->e_hopcount > MAXHOP)
1323 {
1324 syserr("sendall: too many hops (%d max)", MAXHOP);
1325 return;
1326 }
1327
1328 if (!MeToo)
1329 {
1330 extern ADDRESS *recipient();
1331
1332 e->e_from.q_flags |= QDONTSEND;
1333 (void) recipient(&e->e_from, &e->e_sendqueue);
1334 }
1335
1336 # ifdef QUEUE
1337 if ((mode == SM_QUEUE || mode == SM_FORK ||
1338 (mode != SM_VERIFY && SuperSafe)) &&
1339 !bitset(EF_INQUEUE, e->e_flags))
1340 queueup(e, TRUE, mode == SM_QUEUE);
1341 #endif QUEUE
1342
1343 oldverbose = Verbose;
1344 switch (mode)
1345 {
1346 case SM_VERIFY:
1347 Verbose = TRUE;
1348 break;
1349
1350 case SM_QUEUE:
1351 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1352 return;
1353
1354 case SM_FORK:
1355 if (e->e_xfp != NULL)
1356 (void) fflush(e->e_xfp);
1357 pid = fork();
1358 if (pid < 0)
1359 {
1360 mode = SM_DELIVER;
1361 break;
1362 }
1363 else if (pid > 0)
1364 {
1365 /* be sure we leave the temp files to our child */
1366 e->e_id = e->e_df = NULL;
1367 return;
1368 }
1369
1370 /* double fork to avoid zombies */
1371 if (fork() > 0)
1372 exit(EX_OK);
1373
1374 /* be sure we are immune from the terminal */
1375 disconnect(FALSE);
1376
1377 break;
1378 }
1379
1380 /*
1381 ** Run through the list and send everything.
1382 */
1383
1384 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1385 {
1386 if (mode == SM_VERIFY)
1387 {
1388 e->e_to = q->q_paddr;
1389 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1390 message(Arpa_Info, "deliverable");
1391 }
1392 else
1393 (void) deliver(e, q);
1394 }
1395 Verbose = oldverbose;
1396
1397 /*
1398 ** Now run through and check for errors.
1399 */
1400
1401 if (mode == SM_VERIFY)
1402 return;
1403
1404 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1405 {
1406 register ADDRESS *qq;
1407
1408 # ifdef DEBUG
1409 if (tTd(13, 3))
1410 {
1411 printf("Checking ");
1412 printaddr(q, FALSE);
1413 }
1414 # endif DEBUG
1415
1416 /* only send errors if the message failed */
1417 if (!bitset(QBADADDR, q->q_flags))
1418 continue;
1419
1420 /* we have an address that failed -- find the parent */
1421 for (qq = q; qq != NULL; qq = qq->q_alias)
1422 {
1423 char obuf[MAXNAME + 6];
1424 extern char *aliaslookup();
1425
1426 /* we can only have owners for local addresses */
1427 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1428 continue;
1429
1430 /* see if the owner list exists */
1431 (void) strcpy(obuf, "owner-");
1432 if (strncmp(qq->q_user, "owner-", 6) == 0)
1433 (void) strcat(obuf, "owner");
1434 else
1435 (void) strcat(obuf, qq->q_user);
1436 if (aliaslookup(obuf) == NULL)
1437 continue;
1438
1439 # ifdef DEBUG
1440 if (tTd(13, 4))
1441 printf("Errors to %s\n", obuf);
1442 # endif DEBUG
1443
1444 /* owner list exists -- add it to the error queue */
1445 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1446 ErrorMode = EM_MAIL;
1447 break;
1448 }
1449
1450 /* if we did not find an owner, send to the sender */
1451 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1452 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1453 }
1454
1455 if (mode == SM_FORK)
1456 finis();
1457 }
1458