1 # include <signal.h>
2 # include <errno.h>
3 # include <sys/types.h>
4 # include <sys/stat.h>
5 # include "sendmail.h"
6 # ifdef LOG
7 # include <syslog.h>
8 # endif LOG
9
10 static char SccsId[] = "@(#)deliver.c 3.41 09/20/81";
11
12 /*
13 ** DELIVER -- Deliver a message to a list of addresses.
14 **
15 ** This routine delivers to everyone on the same host as the
16 ** user on the head of the list. It is clever about mailers
17 ** that don't handle multiple users. It is NOT guaranteed
18 ** that it will deliver to all these addresses however -- so
19 ** deliver should be called once for each address on the
20 ** list.
21 **
22 ** Parameters:
23 ** to -- head of the address list to deliver to.
24 ** editfcn -- if non-NULL, we want to call this function
25 ** to output the letter (instead of just out-
26 ** putting it raw).
27 **
28 ** Returns:
29 ** zero -- successfully delivered.
30 ** else -- some failure, see ExitStat for more info.
31 **
32 ** Side Effects:
33 ** The standard input is passed off to someone.
34 */
35
36 deliver(to, editfcn)
37 ADDRESS *to;
38 int (*editfcn)();
39 {
40 char *host;
41 char *user;
42 char **pvp;
43 register char **mvp;
44 register char *p;
45 register struct mailer *m;
46 register int i;
47 extern putmessage();
48 extern bool checkcompat();
49 char *pv[MAXPV+1];
50 char tobuf[MAXLINE];
51 char buf[MAXNAME];
52 ADDRESS *ctladdr;
53 extern ADDRESS *getctladdr();
54
55 if (!ForceMail && bitset(QDONTSEND, to->q_flags))
56 return (0);
57
58 # ifdef DEBUG
59 if (Debug)
60 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
61 to->q_mailer, to->q_host, to->q_user);
62 # endif DEBUG
63
64 /*
65 ** Do initial argv setup.
66 ** Insert the mailer name. Notice that $x expansion is
67 ** NOT done on the mailer name. Then, if the mailer has
68 ** a picky -f flag, we insert it as appropriate. This
69 ** code does not check for 'pv' overflow; this places a
70 ** manifest lower limit of 4 for MAXPV.
71 */
72
73 m = Mailer[to->q_mailer];
74 host = to->q_host;
75 define('g', m->m_from); /* translated from address */
76 define('h', host); /* to host */
77 Errors = 0;
78 errno = 0;
79 pvp = pv;
80 *pvp++ = m->m_argv[0];
81
82 /* insert -f or -r flag as appropriate */
83 if (bitset(M_FOPT|M_ROPT, m->m_flags) && FromFlag)
84 {
85 if (bitset(M_FOPT, m->m_flags))
86 *pvp++ = "-f";
87 else
88 *pvp++ = "-r";
89 (void) expand("$g", buf, &buf[sizeof buf - 1]);
90 *pvp++ = newstr(buf);
91 }
92
93 /*
94 ** Append the other fixed parts of the argv. These run
95 ** up to the first entry containing "$u". There can only
96 ** be one of these, and there are only a few more slots
97 ** in the pv after it.
98 */
99
100 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
101 {
102 while ((p = index(p, '$')) != NULL)
103 if (*++p == 'u')
104 break;
105 if (p != NULL)
106 break;
107
108 /* this entry is safe -- go ahead and process it */
109 (void) expand(*mvp, buf, &buf[sizeof buf - 1]);
110 *pvp++ = newstr(buf);
111 if (pvp >= &pv[MAXPV - 3])
112 {
113 syserr("Too many parameters to %s before $u", pv[0]);
114 return (-1);
115 }
116 }
117 if (*mvp == NULL)
118 syserr("No $u in mailer argv for %s", pv[0]);
119
120 /*
121 ** At this point *mvp points to the argument with $u. We
122 ** run through our address list and append all the addresses
123 ** we can. If we run out of space, do not fret! We can
124 ** always send another copy later.
125 */
126
127 tobuf[0] = '\0';
128 To = tobuf;
129 ctladdr = NULL;
130 for (; to != NULL; to = to->q_next)
131 {
132 /* avoid sending multiple recipients to dumb mailers */
133 if (tobuf[0] != '\0' && !bitset(M_MUSER, m->m_flags))
134 break;
135
136 /* if already sent or not for this host, don't send */
137 if ((!ForceMail && bitset(QDONTSEND, to->q_flags)) ||
138 strcmp(to->q_host, host) != 0)
139 continue;
140
141 /* compute effective uid/gid when sending */
142 if (to->q_mailer == MN_PROG)
143 ctladdr = getctladdr(to);
144
145 user = to->q_user;
146 To = to->q_paddr;
147 to->q_flags |= QDONTSEND;
148 # ifdef DEBUG
149 if (Debug)
150 printf(" send to `%s'\n", user);
151 # endif DEBUG
152
153 /*
154 ** Check to see that these people are allowed to
155 ** talk to each other.
156 */
157
158 if (!checkcompat(to))
159 {
160 giveresponse(EX_UNAVAILABLE, TRUE, m);
161 continue;
162 }
163
164 /*
165 ** Strip quote bits from names if the mailer is dumb
166 ** about them.
167 */
168
169 if (bitset(M_STRIPQ, m->m_flags))
170 {
171 stripquotes(user, TRUE);
172 stripquotes(host, TRUE);
173 }
174 else
175 {
176 stripquotes(user, FALSE);
177 stripquotes(host, FALSE);
178 }
179
180 /*
181 ** If an error message has already been given, don't
182 ** bother to send to this address.
183 **
184 ** >>>>>>>>>> This clause assumes that the local mailer
185 ** >> NOTE >> cannot do any further aliasing; that
186 ** >>>>>>>>>> function is subsumed by sendmail.
187 */
188
189 if (bitset(QBADADDR, to->q_flags))
190 continue;
191
192 /* save statistics.... */
193 Stat.stat_nt[to->q_mailer]++;
194 Stat.stat_bt[to->q_mailer] += kbytes(MsgSize);
195
196 /*
197 ** See if this user name is "special".
198 ** If the user name has a slash in it, assume that this
199 ** is a file -- send it off without further ado.
200 ** Note that this means that editfcn's will not
201 ** be applied to the message. Also note that
202 ** this type of addresses is not processed along
203 ** with the others, so we fudge on the To person.
204 */
205
206 if (m == Mailer[MN_LOCAL])
207 {
208 if (index(user, '/') != NULL)
209 {
210 i = mailfile(user, getctladdr(to));
211 giveresponse(i, TRUE, m);
212 continue;
213 }
214 }
215
216 /*
217 ** Address is verified -- add this user to mailer
218 ** argv, and add it to the print list of recipients.
219 */
220
221 /* create list of users for error messages */
222 if (tobuf[0] != '\0')
223 (void) strcat(tobuf, ",");
224 (void) strcat(tobuf, to->q_paddr);
225 define('u', user); /* to user */
226 define('z', to->q_home); /* user's home */
227
228 /* expand out this user */
229 (void) expand(*mvp, buf, &buf[sizeof buf - 1]);
230 *pvp++ = newstr(buf);
231 if (pvp >= &pv[MAXPV - 2])
232 {
233 /* allow some space for trailing parms */
234 break;
235 }
236 }
237
238 /* see if any addresses still exist */
239 if (tobuf[0] == '\0')
240 return (0);
241
242 /* print out messages as full list */
243 To = tobuf;
244
245 /*
246 ** Fill out any parameters after the $u parameter.
247 */
248
249 while (*++mvp != NULL)
250 {
251 (void) expand(*mvp, buf, &buf[sizeof buf - 1]);
252 *pvp++ = newstr(buf);
253 if (pvp >= &pv[MAXPV])
254 syserr("deliver: pv overflow after $u for %s", pv[0]);
255 }
256 *pvp++ = NULL;
257
258 /*
259 ** Call the mailer.
260 ** The argument vector gets built, pipes
261 ** are created as necessary, and we fork & exec as
262 ** appropriate.
263 */
264
265 if (editfcn == NULL)
266 editfcn = putmessage;
267 if (ctladdr == NULL)
268 ctladdr = &From;
269 i = sendoff(m, pv, editfcn, ctladdr);
270
271 return (i);
272 }
273 �/*
274 ** DOFORK -- do a fork, retrying a couple of times on failure.
275 **
276 ** This MUST be a macro, since after a vfork we are running
277 ** two processes on the same stack!!!
278 **
279 ** Parameters:
280 ** none.
281 **
282 ** Returns:
283 ** From a macro??? You've got to be kidding!
284 **
285 ** Side Effects:
286 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
287 ** pid of child in parent, zero in child.
288 ** -1 on unrecoverable error.
289 **
290 ** Notes:
291 ** I'm awfully sorry this looks so awful. That's
292 ** vfork for you.....
293 */
294
295 # define NFORKTRIES 5
296 # ifdef VFORK
297 # define XFORK vfork
298 # else VFORK
299 # define XFORK fork
300 # endif VFORK
301
302 # define DOFORK(fORKfN) \
303 {\
304 register int i;\
305 \
306 for (i = NFORKTRIES; i-- > 0; )\
307 {\
308 pid = fORKfN();\
309 if (pid >= 0)\
310 break;\
311 sleep((unsigned) NFORKTRIES - i);\
312 }\
313 }
314 �/*
315 ** SENDOFF -- send off call to mailer & collect response.
316 **
317 ** Parameters:
318 ** m -- mailer descriptor.
319 ** pvp -- parameter vector to send to it.
320 ** editfcn -- function to pipe it through.
321 ** ctladdr -- an address pointer controlling the
322 ** user/groupid etc. of the mailer.
323 **
324 ** Returns:
325 ** exit status of mailer.
326 **
327 ** Side Effects:
328 ** none.
329 */
330
331 sendoff(m, pvp, editfcn, ctladdr)
332 struct mailer *m;
333 char **pvp;
334 int (*editfcn)();
335 ADDRESS *ctladdr;
336 {
337 auto int st;
338 register int i;
339 int pid;
340 int pvect[2];
341 FILE *mfile;
342 extern putmessage();
343 extern FILE *fdopen();
344
345 # ifdef DEBUG
346 if (Debug)
347 {
348 printf("Sendoff:\n");
349 printav(pvp);
350 }
351 # endif DEBUG
352
353 /* create a pipe to shove the mail through */
354 if (pipe(pvect) < 0)
355 {
356 syserr("pipe");
357 return (-1);
358 }
359 DOFORK(XFORK);
360 /* pid is set by DOFORK */
361 if (pid < 0)
362 {
363 syserr("Cannot fork");
364 (void) close(pvect[0]);
365 (void) close(pvect[1]);
366 return (-1);
367 }
368 else if (pid == 0)
369 {
370 /* child -- set up input & exec mailer */
371 /* make diagnostic output be standard output */
372 (void) signal(SIGINT, SIG_DFL);
373 (void) signal(SIGHUP, SIG_DFL);
374 (void) signal(SIGTERM, SIG_DFL);
375 (void) close(2);
376 (void) dup(1);
377 (void) close(0);
378 if (dup(pvect[0]) < 0)
379 {
380 syserr("Cannot dup to zero!");
381 _exit(EX_OSERR);
382 }
383 (void) close(pvect[0]);
384 (void) close(pvect[1]);
385 if (!bitset(M_RESTR, m->m_flags))
386 {
387 extern int DefUid, DefGid;
388
389 (void) setuid(ctladdr->q_uid);
390 (void) setgid(ctladdr->q_gid);
391 if (getruid() == 0)
392 {
393 setuid(DefUid);
394 setgid(DefGid);
395 }
396 }
397 # ifndef VFORK
398 /*
399 ** We have to be careful with vfork - we can't mung up the
400 ** memory but we don't want the mailer to inherit any extra
401 ** open files. Chances are the mailer won't
402 ** care about an extra file, but then again you never know.
403 ** Actually, we would like to close(fileno(pwf)), but it's
404 ** declared static so we can't. But if we fclose(pwf), which
405 ** is what endpwent does, it closes it in the parent too and
406 ** the next getpwnam will be slower. If you have a weird
407 ** mailer that chokes on the extra file you should do the
408 ** endpwent().
409 **
410 ** Similar comments apply to log. However, openlog is
411 ** clever enough to set the FIOCLEX mode on the file,
412 ** so it will be closed automatically on the exec.
413 */
414
415 endpwent();
416 # ifdef LOG
417 closelog();
418 # endif LOG
419 # endif VFORK
420 execv(m->m_mailer, pvp);
421 /* syserr fails because log is closed */
422 /* syserr("Cannot exec %s", m->m_mailer); */
423 printf("Cannot exec '%s' errno=%d\n", m->m_mailer, errno);
424 (void) fflush(stdout);
425 _exit(EX_UNAVAILABLE);
426 }
427
428 /* write out message to mailer */
429 (void) close(pvect[0]);
430 (void) signal(SIGPIPE, SIG_IGN);
431 mfile = fdopen(pvect[1], "w");
432 if (editfcn == NULL)
433 editfcn = putmessage;
434 (*editfcn)(mfile, m);
435 (void) fclose(mfile);
436
437 /*
438 ** Wait for child to die and report status.
439 ** We should never get fatal errors (e.g., segmentation
440 ** violation), so we report those specially. For other
441 ** errors, we choose a status message (into statmsg),
442 ** and if it represents an error, we print it.
443 */
444
445 while ((i = wait(&st)) > 0 && i != pid)
446 continue;
447 if (i < 0)
448 {
449 syserr("wait");
450 return (-1);
451 }
452 if ((st & 0377) != 0)
453 {
454 syserr("%s: stat %o", pvp[0], st);
455 ExitStat = EX_UNAVAILABLE;
456 return (-1);
457 }
458 i = (st >> 8) & 0377;
459 giveresponse(i, TRUE, m);
460 return (i);
461 }
462 �/*
463 ** GIVERESPONSE -- Interpret an error response from a mailer
464 **
465 ** Parameters:
466 ** stat -- the status code from the mailer (high byte
467 ** only; core dumps must have been taken care of
468 ** already).
469 ** force -- if set, force an error message output, even
470 ** if the mailer seems to like to print its own
471 ** messages.
472 ** m -- the mailer descriptor for this mailer.
473 **
474 ** Returns:
475 ** none.
476 **
477 ** Side Effects:
478 ** Errors may be incremented.
479 ** ExitStat may be set.
480 */
481
482 giveresponse(stat, force, m)
483 int stat;
484 int force;
485 register struct mailer *m;
486 {
487 register char *statmsg;
488 extern char *SysExMsg[];
489 register int i;
490 extern int N_SysEx;
491 char buf[30];
492
493 /*
494 ** Compute status message from code.
495 */
496
497 i = stat - EX__BASE;
498 if (i < 0 || i > N_SysEx)
499 statmsg = NULL;
500 else
501 statmsg = SysExMsg[i];
502 if (stat == 0)
503 {
504 if (bitset(M_LOCAL, m->m_flags))
505 statmsg = "delivered";
506 else
507 statmsg = "queued";
508 if (Verbose)
509 message(Arpa_Info, statmsg);
510 }
511 else
512 {
513 Errors++;
514 if (statmsg == NULL && m->m_badstat != 0)
515 {
516 stat = m->m_badstat;
517 i = stat - EX__BASE;
518 # ifdef DEBUG
519 if (i < 0 || i >= N_SysEx)
520 syserr("Bad m_badstat %d", stat);
521 else
522 # endif DEBUG
523 statmsg = SysExMsg[i];
524 }
525 if (statmsg == NULL)
526 usrerr("unknown mailer response %d", stat);
527 else if (force || !bitset(M_QUIET, m->m_flags) || Verbose)
528 usrerr("%s", statmsg);
529 }
530
531 /*
532 ** Final cleanup.
533 ** Log a record of the transaction. Compute the new
534 ** ExitStat -- if we already had an error, stick with
535 ** that.
536 */
537
538 if (statmsg == NULL)
539 {
540 (void) sprintf(buf, "error %d", stat);
541 statmsg = buf;
542 }
543
544 # ifdef LOG
545 syslog(LOG_INFO, "%s->%s: %ld: %s", From.q_paddr, To, MsgSize, statmsg);
546 # endif LOG
547 setstat(stat);
548 }
549 �/*
550 ** PUTMESSAGE -- output a message to the final mailer.
551 **
552 ** This routine takes care of recreating the header from the
553 ** in-core copy, etc.
554 **
555 ** Parameters:
556 ** fp -- file to output onto.
557 ** m -- a mailer descriptor.
558 **
559 ** Returns:
560 ** none.
561 **
562 ** Side Effects:
563 ** The message is written onto fp.
564 */
565
566 putmessage(fp, m)
567 FILE *fp;
568 struct mailer *m;
569 {
570 char buf[BUFSIZ];
571 register int i;
572 register HDR *h;
573 extern char *arpadate();
574 bool anyheader = FALSE;
575 extern char *capitalize();
576 extern char *hvalue();
577 extern bool samefrom();
578
579 /*
580 ** Output "From" line unless supressed
581 */
582
583 if (!bitset(M_NHDR, m->m_flags))
584 {
585 (void) expand("$l", buf, &buf[sizeof buf - 1]);
586 fprintf(fp, "%s\n", buf);
587 }
588
589 /*
590 ** Output all header lines
591 */
592
593 for (h = Header; h != NULL; h = h->h_link)
594 {
595 register char *p;
596 char *origfrom = OrigFrom;
597
598 if (bitset(H_CHECK|H_ACHECK, h->h_flags) && !bitset(h->h_mflags, m->m_flags))
599 {
600 p = ")><("; /* can't happen (I hope) */
601 goto checkfrom;
602 }
603 if (strcmp(h->h_field, "from") == 0 && origfrom != NULL &&
604 strcmp(m->m_from, "$f") == 0)
605 {
606 p = origfrom;
607 origfrom = NULL;
608 }
609 else if (bitset(H_DEFAULT, h->h_flags))
610 {
611 (void) expand(h->h_value, buf, &buf[sizeof buf]);
612 p = buf;
613 }
614 else
615 p = h->h_value;
616 if (*p == '\0')
617 continue;
618 fprintf(fp, "%s: %s\n", capitalize(h->h_field), p);
619 h->h_flags |= H_USED;
620 anyheader = TRUE;
621
622 /* hack, hack -- output Original-From field if different */
623 checkfrom:
624 if (strcmp(h->h_field, "from") == 0 && origfrom != NULL &&
625 !samefrom(p, origfrom) && hvalue("original-from") == NULL)
626 {
627 fprintf(fp, "Original-From: %s\n", origfrom);
628 anyheader = TRUE;
629 }
630 }
631 if (anyheader)
632 fprintf(fp, "\n");
633
634 /*
635 ** Output the body of the message
636 */
637
638 rewind(TempFile);
639 while (!ferror(fp) && (i = fread(buf, 1, BUFSIZ, TempFile)) > 0)
640 (void) fwrite(buf, 1, i, fp);
641
642 if (ferror(fp) && errno != EPIPE)
643 {
644 syserr("putmessage: write error");
645 setstat(EX_IOERR);
646 }
647 errno = 0;
648 }
649 �/*
650 ** SAMEFROM -- tell if two text addresses represent the same from address.
651 **
652 ** Parameters:
653 ** ifrom -- internally generated form of from address.
654 ** efrom -- external form of from address.
655 **
656 ** Returns:
657 ** TRUE -- if they convey the same info.
658 ** FALSE -- if any information has been lost.
659 **
660 ** Side Effects:
661 ** none.
662 */
663
664 bool
665 samefrom(ifrom, efrom)
666 char *ifrom;
667 char *efrom;
668 {
669 return (strcmp(ifrom, efrom) == 0);
670 }
671 �/*
672 ** MAILFILE -- Send a message to a file.
673 **
674 ** If the file has the setuid/setgid bits set, but NO execute
675 ** bits, sendmail will try to become the owner of that file
676 ** rather than the real user. Obviously, this only works if
677 ** sendmail runs as root.
678 **
679 ** Parameters:
680 ** filename -- the name of the file to send to.
681 ** ctladdr -- the controlling address header -- includes
682 ** the userid/groupid to be when sending.
683 **
684 ** Returns:
685 ** The exit code associated with the operation.
686 **
687 ** Side Effects:
688 ** none.
689 */
690
691 mailfile(filename, ctladdr)
692 char *filename;
693 ADDRESS *ctladdr;
694 {
695 register FILE *f;
696 register int pid;
697
698 /*
699 ** Fork so we can change permissions here.
700 ** Note that we MUST use fork, not vfork, because of
701 ** the complications of calling subroutines, etc.
702 */
703
704 DOFORK(fork);
705
706 if (pid < 0)
707 return (EX_OSERR);
708 else if (pid == 0)
709 {
710 /* child -- actually write to file */
711 struct stat stb;
712
713 (void) signal(SIGINT, SIG_DFL);
714 (void) signal(SIGHUP, SIG_DFL);
715 (void) signal(SIGTERM, SIG_DFL);
716 umask(OldUmask);
717 if (stat(filename, &stb) < 0)
718 stb.st_mode = 0;
719 if (bitset(0111, stb.st_mode))
720 exit(EX_CANTCREAT);
721 if (ctladdr == NULL)
722 ctladdr = &From;
723 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
724 (void) setgid(ctladdr->q_gid);
725 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
726 (void) setuid(ctladdr->q_uid);
727 f = fopen(filename, "a");
728 if (f == NULL)
729 exit(EX_CANTCREAT);
730
731 putmessage(f, Mailer[1]);
732 fputs("\n", f);
733 (void) fclose(f);
734 (void) fflush(stdout);
735 exit(EX_OK);
736 /*NOTREACHED*/
737 }
738 else
739 {
740 /* parent -- wait for exit status */
741 register int i;
742 auto int stat;
743
744 while ((i = wait(&stat)) != pid)
745 {
746 if (i < 0)
747 {
748 stat = EX_OSERR << 8;
749 break;
750 }
751 }
752 if ((stat & 0377) != 0)
753 stat = EX_UNAVAILABLE << 8;
754 return ((stat >> 8) & 0377);
755 }
756 }
757