122704Sdist /*
222704Sdist ** Sendmail
322704Sdist ** Copyright (c) 1983 Eric P. Allman
422704Sdist ** Berkeley, California
522704Sdist **
622704Sdist ** Copyright (c) 1983 Regents of the University of California.
722704Sdist ** All rights reserved. The Berkeley software License Agreement
822704Sdist ** specifies the terms and conditions for redistribution.
922704Sdist */
1022704Sdist
1122704Sdist #ifndef lint
12*25032Seric static char SccsId[] = "@(#)envelope.c 5.10 (Berkeley) 09/25/85";
1322704Sdist #endif not lint
1422704Sdist
159536Seric #include <pwd.h>
1613587Swnj #include <sys/time.h>
179536Seric #include "sendmail.h"
189536Seric #include <sys/stat.h>
199536Seric
209536Seric /*
219536Seric ** NEWENVELOPE -- allocate a new envelope
229536Seric **
239536Seric ** Supports inheritance.
249536Seric **
259536Seric ** Parameters:
269536Seric ** e -- the new envelope to fill in.
279536Seric **
289536Seric ** Returns:
299536Seric ** e.
309536Seric **
319536Seric ** Side Effects:
329536Seric ** none.
339536Seric */
349536Seric
359536Seric ENVELOPE *
369536Seric newenvelope(e)
379536Seric register ENVELOPE *e;
389536Seric {
399536Seric register HDR *bh;
409536Seric register HDR **nhp;
419536Seric register ENVELOPE *parent;
429536Seric extern putheader(), putbody();
439536Seric extern ENVELOPE BlankEnvelope;
449536Seric
459536Seric parent = CurEnv;
469536Seric if (e == CurEnv)
479536Seric parent = e->e_parent;
4816888Seric bzero((char *) e, sizeof *e);
4924944Seric if (e == CurEnv)
5024944Seric bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
5124944Seric else
5224944Seric bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
539536Seric e->e_parent = parent;
549536Seric e->e_ctime = curtime();
5525014Seric e->e_msgpriority = parent->e_msgsize;
569536Seric e->e_puthdr = putheader;
579536Seric e->e_putbody = putbody;
589536Seric bh = BlankEnvelope.e_header;
599536Seric nhp = &e->e_header;
609536Seric while (bh != NULL)
619536Seric {
629536Seric *nhp = (HDR *) xalloc(sizeof *bh);
6316888Seric bcopy((char *) bh, (char *) *nhp, sizeof *bh);
649536Seric bh = bh->h_link;
659536Seric nhp = &(*nhp)->h_link;
669536Seric }
679536Seric if (CurEnv->e_xfp != NULL)
689536Seric (void) fflush(CurEnv->e_xfp);
699536Seric
709536Seric return (e);
719536Seric }
729536Seric �/*
739536Seric ** DROPENVELOPE -- deallocate an envelope.
749536Seric **
759536Seric ** Parameters:
769536Seric ** e -- the envelope to deallocate.
779536Seric **
789536Seric ** Returns:
799536Seric ** none.
809536Seric **
819536Seric ** Side Effects:
829536Seric ** housekeeping necessary to dispose of an envelope.
839536Seric ** Unlocks this queue file.
849536Seric */
859536Seric
869536Seric dropenvelope(e)
879536Seric register ENVELOPE *e;
889536Seric {
899536Seric bool queueit = FALSE;
909536Seric register ADDRESS *q;
919536Seric
929536Seric #ifdef DEBUG
939536Seric if (tTd(50, 1))
949536Seric {
959536Seric printf("dropenvelope %x id=", e);
969536Seric xputs(e->e_id);
979536Seric printf(" flags=%o\n", e->e_flags);
989536Seric }
999536Seric #endif DEBUG
1009536Seric #ifdef LOG
1019536Seric if (LogLevel > 10)
1029536Seric syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
1039536Seric e->e_id == NULL ? "(none)" : e->e_id,
1049536Seric e->e_flags, getpid());
1059536Seric #endif LOG
1069536Seric
1079536Seric /* we must have an id to remove disk files */
1089536Seric if (e->e_id == NULL)
1099536Seric return;
1109536Seric
1119536Seric /*
1129536Seric ** Extract state information from dregs of send list.
1139536Seric */
1149536Seric
1159536Seric for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1169536Seric {
1179536Seric if (bitset(QQUEUEUP, q->q_flags))
1189536Seric queueit = TRUE;
1199536Seric }
1209536Seric
1219536Seric /*
1229536Seric ** Send back return receipts as requested.
1239536Seric */
1249536Seric
1259536Seric if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
1269536Seric {
12710844Seric auto ADDRESS *rlist = NULL;
1289536Seric
1299621Seric sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist);
1309536Seric (void) returntosender("Return receipt", rlist, FALSE);
1319536Seric }
1329536Seric
1339536Seric /*
1349536Seric ** Arrange to send error messages if there are fatal errors.
1359536Seric */
1369536Seric
13710754Seric if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET)
1389536Seric savemail(e);
1399536Seric
1409536Seric /*
1419536Seric ** Instantiate or deinstantiate the queue.
1429536Seric */
1439536Seric
1449536Seric if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
1459536Seric bitset(EF_CLRQUEUE, e->e_flags))
1469536Seric {
14723497Seric if (e->e_df != NULL)
14823497Seric xunlink(e->e_df);
1499536Seric xunlink(queuename(e, 'q'));
1509536Seric }
1519536Seric else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
15210754Seric {
15310754Seric #ifdef QUEUE
1549536Seric queueup(e, FALSE, FALSE);
15510754Seric #else QUEUE
15610754Seric syserr("dropenvelope: queueup");
15710754Seric #endif QUEUE
15810754Seric }
1599536Seric
1609536Seric /* now unlock the job */
16110196Seric closexscript(e);
1629536Seric unlockqueue(e);
1639536Seric
1649536Seric /* make sure that this envelope is marked unused */
1659536Seric e->e_id = e->e_df = NULL;
16624944Seric if (e->e_dfp != NULL)
16724944Seric (void) fclose(e->e_dfp);
16810196Seric e->e_dfp = NULL;
1699536Seric }
1709536Seric �/*
1719536Seric ** CLEARENVELOPE -- clear an envelope without unlocking
1729536Seric **
1739536Seric ** This is normally used by a child process to get a clean
1749536Seric ** envelope without disturbing the parent.
1759536Seric **
1769536Seric ** Parameters:
1779536Seric ** e -- the envelope to clear.
1789536Seric **
1799536Seric ** Returns:
1809536Seric ** none.
1819536Seric **
1829536Seric ** Side Effects:
1839536Seric ** Closes files associated with the envelope.
1849536Seric ** Marks the envelope as unallocated.
1859536Seric */
1869536Seric
1879536Seric clearenvelope(e)
1889536Seric register ENVELOPE *e;
1899536Seric {
1909536Seric /* clear out any file information */
1919536Seric if (e->e_xfp != NULL)
1929536Seric (void) fclose(e->e_xfp);
1939536Seric if (e->e_dfp != NULL)
1949536Seric (void) fclose(e->e_dfp);
1959536Seric
19624961Seric /* now clear out the data */
19724965Seric STRUCTCOPY(BlankEnvelope, *e);
1989536Seric }
1999536Seric �/*
2009536Seric ** INITSYS -- initialize instantiation of system
2019536Seric **
2029536Seric ** In Daemon mode, this is done in the child.
2039536Seric **
2049536Seric ** Parameters:
2059536Seric ** none.
2069536Seric **
2079536Seric ** Returns:
2089536Seric ** none.
2099536Seric **
2109536Seric ** Side Effects:
2119536Seric ** Initializes the system macros, some global variables,
2129536Seric ** etc. In particular, the current time in various
2139536Seric ** forms is set.
2149536Seric */
2159536Seric
2169536Seric initsys()
2179536Seric {
2189536Seric static char cbuf[5]; /* holds hop count */
2199536Seric static char pbuf[10]; /* holds pid */
22022963Smiriam #ifdef TTYNAME
2219536Seric static char ybuf[10]; /* holds tty id */
2229536Seric register char *p;
22322963Smiriam #endif TTYNAME
2249536Seric extern char *ttyname();
2259536Seric extern char *macvalue();
2269536Seric extern char Version[];
2279536Seric
2289536Seric /*
2299536Seric ** Give this envelope a reality.
2309536Seric ** I.e., an id, a transcript, and a creation time.
2319536Seric */
2329536Seric
2339536Seric openxscript(CurEnv);
2349536Seric CurEnv->e_ctime = curtime();
2359536Seric
2369536Seric /*
2379536Seric ** Set OutChannel to something useful if stdout isn't it.
2389536Seric ** This arranges that any extra stuff the mailer produces
2399536Seric ** gets sent back to the user on error (because it is
2409536Seric ** tucked away in the transcript).
2419536Seric */
2429536Seric
2439536Seric if (OpMode == MD_DAEMON && QueueRun)
2449536Seric OutChannel = CurEnv->e_xfp;
2459536Seric
2469536Seric /*
2479536Seric ** Set up some basic system macros.
2489536Seric */
2499536Seric
2509536Seric /* process id */
2519536Seric (void) sprintf(pbuf, "%d", getpid());
2529536Seric define('p', pbuf, CurEnv);
2539536Seric
2549536Seric /* hop count */
2559536Seric (void) sprintf(cbuf, "%d", CurEnv->e_hopcount);
2569536Seric define('c', cbuf, CurEnv);
2579536Seric
2589536Seric /* time as integer, unix time, arpa time */
25911932Seric settime();
2609536Seric
26117472Seric #ifdef TTYNAME
2629536Seric /* tty name */
2639536Seric if (macvalue('y', CurEnv) == NULL)
2649536Seric {
2659536Seric p = ttyname(2);
2669536Seric if (p != NULL)
2679536Seric {
2689536Seric if (rindex(p, '/') != NULL)
2699536Seric p = rindex(p, '/') + 1;
2709536Seric (void) strcpy(ybuf, p);
2719536Seric define('y', ybuf, CurEnv);
2729536Seric }
2739536Seric }
27417472Seric #endif TTYNAME
2759536Seric }
2769536Seric �/*
27711932Seric ** SETTIME -- set the current time.
27811932Seric **
27911932Seric ** Parameters:
28011932Seric ** none.
28111932Seric **
28211932Seric ** Returns:
28311932Seric ** none.
28411932Seric **
28511932Seric ** Side Effects:
28611932Seric ** Sets the various time macros -- $a, $b, $d, $t.
28711932Seric */
28811932Seric
28911932Seric settime()
29011932Seric {
29111932Seric register char *p;
29211932Seric auto time_t now;
29311932Seric static char tbuf[20]; /* holds "current" time */
29411932Seric static char dbuf[30]; /* holds ctime(tbuf) */
29511932Seric register struct tm *tm;
29611932Seric extern char *arpadate();
29711932Seric extern struct tm *gmtime();
29811932Seric extern char *macvalue();
29911932Seric
30011932Seric now = curtime();
30111932Seric tm = gmtime(&now);
30211932Seric (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1,
30311932Seric tm->tm_mday, tm->tm_hour, tm->tm_min);
30411932Seric define('t', tbuf, CurEnv);
30511932Seric (void) strcpy(dbuf, ctime(&now));
30611932Seric *index(dbuf, '\n') = '\0';
30711932Seric if (macvalue('d', CurEnv) == NULL)
30811932Seric define('d', dbuf, CurEnv);
30911932Seric p = newstr(arpadate(dbuf));
31011932Seric if (macvalue('a', CurEnv) == NULL)
31111932Seric define('a', p, CurEnv);
31211932Seric define('b', p, CurEnv);
31311932Seric }
31411932Seric �/*
3159536Seric ** OPENXSCRIPT -- Open transcript file
3169536Seric **
3179536Seric ** Creates a transcript file for possible eventual mailing or
3189536Seric ** sending back.
3199536Seric **
3209536Seric ** Parameters:
3219536Seric ** e -- the envelope to create the transcript in/for.
3229536Seric **
3239536Seric ** Returns:
3249536Seric ** none
3259536Seric **
3269536Seric ** Side Effects:
3279536Seric ** Creates the transcript file.
3289536Seric */
3299536Seric
3309536Seric openxscript(e)
3319536Seric register ENVELOPE *e;
3329536Seric {
3339536Seric register char *p;
3349536Seric
33510196Seric # ifdef LOG
33610196Seric if (LogLevel > 19)
33710196Seric syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
33810196Seric # endif LOG
3399536Seric if (e->e_xfp != NULL)
3409536Seric return;
3419536Seric p = queuename(e, 'x');
3429536Seric e->e_xfp = fopen(p, "w");
3439536Seric if (e->e_xfp == NULL)
3449536Seric syserr("Can't create %s", p);
3459536Seric else
3469536Seric (void) chmod(p, 0644);
3479536Seric }
3489536Seric �/*
34910196Seric ** CLOSEXSCRIPT -- close the transcript file.
35010196Seric **
35110196Seric ** Parameters:
35210196Seric ** e -- the envelope containing the transcript to close.
35310196Seric **
35410196Seric ** Returns:
35510196Seric ** none.
35610196Seric **
35710196Seric ** Side Effects:
35810196Seric ** none.
35910196Seric */
36010196Seric
36110196Seric closexscript(e)
36210196Seric register ENVELOPE *e;
36310196Seric {
36410196Seric if (e->e_xfp == NULL)
36510196Seric return;
36610196Seric (void) fclose(e->e_xfp);
36710196Seric e->e_xfp = NULL;
36810196Seric }
36910196Seric �/*
3709536Seric ** SETSENDER -- set the person who this message is from
3719536Seric **
3729536Seric ** Under certain circumstances allow the user to say who
3739536Seric ** s/he is (using -f or -r). These are:
3749536Seric ** 1. The user's uid is zero (root).
3759536Seric ** 2. The user's login name is in an approved list (typically
3769536Seric ** from a network server).
3779536Seric ** 3. The address the user is trying to claim has a
3789536Seric ** "!" character in it (since #2 doesn't do it for
3799536Seric ** us if we are dialing out for UUCP).
3809536Seric ** A better check to replace #3 would be if the
3819536Seric ** effective uid is "UUCP" -- this would require me
3829536Seric ** to rewrite getpwent to "grab" uucp as it went by,
3839536Seric ** make getname more nasty, do another passwd file
3849536Seric ** scan, or compile the UID of "UUCP" into the code,
3859536Seric ** all of which are reprehensible.
3869536Seric **
3879536Seric ** Assuming all of these fail, we figure out something
3889536Seric ** ourselves.
3899536Seric **
3909536Seric ** Parameters:
3919536Seric ** from -- the person we would like to believe this message
3929536Seric ** is from, as specified on the command line.
3939536Seric **
3949536Seric ** Returns:
3959536Seric ** none.
3969536Seric **
3979536Seric ** Side Effects:
3989536Seric ** sets sendmail's notion of who the from person is.
3999536Seric */
4009536Seric
4019536Seric setsender(from)
4029536Seric char *from;
4039536Seric {
4049536Seric register char **pvp;
4059536Seric char *realname = NULL;
40618665Seric register struct passwd *pw;
4079536Seric char buf[MAXNAME];
40816913Seric char pvpbuf[PSBUFSIZE];
40918665Seric extern struct passwd *getpwnam();
4109536Seric extern char *macvalue();
4119536Seric extern char **prescan();
4129536Seric extern bool safefile();
4139536Seric extern char *FullName;
4149536Seric
4159536Seric # ifdef DEBUG
4169536Seric if (tTd(45, 1))
41714786Seric printf("setsender(%s)\n", from == NULL ? "" : from);
4189536Seric # endif DEBUG
4199536Seric
4209536Seric /*
4219536Seric ** Figure out the real user executing us.
4229536Seric ** Username can return errno != 0 on non-errors.
4239536Seric */
4249536Seric
4259536Seric if (QueueRun || OpMode == MD_SMTP || OpMode == MD_ARPAFTP)
4269536Seric realname = from;
4279536Seric if (realname == NULL || realname[0] == '\0')
4289536Seric {
4299536Seric extern char *username();
4309536Seric
4319536Seric realname = username();
4329536Seric }
4339536Seric
4349536Seric /*
4359536Seric ** Determine if this real person is allowed to alias themselves.
4369536Seric */
4379536Seric
4389536Seric if (from != NULL)
4399536Seric {
4409536Seric extern bool trusteduser();
4419536Seric
4429536Seric if (!trusteduser(realname) &&
4439536Seric # ifdef DEBUG
4449536Seric (!tTd(1, 9) || getuid() != geteuid()) &&
4459536Seric # endif DEBUG
4469536Seric index(from, '!') == NULL && getuid() != 0)
4479536Seric {
4489536Seric /* network sends -r regardless (why why why?) */
4499536Seric /* syserr("%s, you cannot use the -f flag", realname); */
4509536Seric from = NULL;
4519536Seric }
4529536Seric }
4539536Seric
4549536Seric SuprErrs = TRUE;
45511447Seric if (from == NULL || parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL)
4569536Seric {
45721750Seric /* log garbage addresses for traceback */
45821750Seric if (from != NULL)
45921750Seric {
46024944Seric # ifdef LOG
46124944Seric if (LogLevel >= 1)
46224944Seric syslog(LOG_ERR, "Unparseable user %s wants to be %s",
46324944Seric realname, from);
46424944Seric # endif LOG
46521750Seric }
4669536Seric from = newstr(realname);
46724944Seric if (parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL &&
46824944Seric parseaddr("postmaster", &CurEnv->e_from, 1, '\0') == NULL)
46924944Seric {
47024944Seric syserr("setsender: can't even parse postmaster!");
47124944Seric }
4729536Seric }
4739536Seric else
4749536Seric FromFlag = TRUE;
4759536Seric CurEnv->e_from.q_flags |= QDONTSEND;
47616162Seric loweraddr(&CurEnv->e_from);
4779536Seric SuprErrs = FALSE;
4789536Seric
47918665Seric if (CurEnv->e_from.q_mailer == LocalMailer &&
48018665Seric (pw = getpwnam(CurEnv->e_from.q_user)) != NULL)
4819536Seric {
48217472Seric /*
48317472Seric ** Process passwd file entry.
48417472Seric */
48517472Seric
4869536Seric
4879536Seric /* extract home directory */
4889536Seric CurEnv->e_from.q_home = newstr(pw->pw_dir);
48916481Seric define('z', CurEnv->e_from.q_home, CurEnv);
4909536Seric
49111625Seric /* extract user and group id */
49211625Seric CurEnv->e_from.q_uid = pw->pw_uid;
49311625Seric CurEnv->e_from.q_gid = pw->pw_gid;
49411625Seric
4959536Seric /* if the user has given fullname already, don't redefine */
4969536Seric if (FullName == NULL)
4979536Seric FullName = macvalue('x', CurEnv);
49811932Seric if (FullName != NULL && FullName[0] == '\0')
4999536Seric FullName = NULL;
5009536Seric
5019536Seric /* extract full name from passwd file */
5029582Seric if (FullName == NULL && pw->pw_gecos != NULL &&
5039582Seric strcmp(pw->pw_name, CurEnv->e_from.q_user) == 0)
5049536Seric {
5059536Seric buildfname(pw->pw_gecos, CurEnv->e_from.q_user, buf);
5069536Seric if (buf[0] != '\0')
5079536Seric FullName = newstr(buf);
5089536Seric }
5099536Seric if (FullName != NULL)
5109536Seric define('x', FullName, CurEnv);
5119536Seric }
51211625Seric else
51311625Seric {
5149536Seric #ifndef V6
51511625Seric if (CurEnv->e_from.q_home == NULL)
51611625Seric CurEnv->e_from.q_home = getenv("HOME");
5179536Seric #endif V6
51811625Seric CurEnv->e_from.q_uid = getuid();
51911625Seric CurEnv->e_from.q_gid = getgid();
52011625Seric }
52111625Seric
5229536Seric if (CurEnv->e_from.q_uid != 0)
5239536Seric {
5249536Seric DefUid = CurEnv->e_from.q_uid;
5259536Seric DefGid = CurEnv->e_from.q_gid;
5269536Seric }
5279536Seric
5289536Seric /*
5299536Seric ** Rewrite the from person to dispose of possible implicit
5309536Seric ** links in the net.
5319536Seric */
5329536Seric
53316913Seric pvp = prescan(from, '\0', pvpbuf);
5349536Seric if (pvp == NULL)
5359536Seric {
5369536Seric syserr("cannot prescan from (%s)", from);
5379536Seric finis();
5389536Seric }
5399536Seric rewrite(pvp, 3);
5409536Seric rewrite(pvp, 1);
541*25032Seric rewrite(pvp, 4);
5429536Seric cataddr(pvp, buf, sizeof buf);
5439536Seric define('f', newstr(buf), CurEnv);
5449536Seric
5459536Seric /* save the domain spec if this mailer wants it */
54624944Seric if (CurEnv->e_from.q_mailer != NULL &&
54724944Seric bitnset(M_CANONICAL, CurEnv->e_from.q_mailer->m_flags))
5489536Seric {
5499536Seric extern char **copyplist();
5509536Seric
5519536Seric while (*pvp != NULL && strcmp(*pvp, "@") != 0)
5529536Seric pvp++;
5539536Seric if (*pvp != NULL)
5549536Seric CurEnv->e_fromdomain = copyplist(pvp, TRUE);
5559536Seric }
5569536Seric }
5579536Seric �/*
5589536Seric ** TRUSTEDUSER -- tell us if this user is to be trusted.
5599536Seric **
5609536Seric ** Parameters:
5619536Seric ** user -- the user to be checked.
5629536Seric **
5639536Seric ** Returns:
5649536Seric ** TRUE if the user is in an approved list.
5659536Seric ** FALSE otherwise.
5669536Seric **
5679536Seric ** Side Effects:
5689536Seric ** none.
5699536Seric */
5709536Seric
5719536Seric bool
5729536Seric trusteduser(user)
5739536Seric char *user;
5749536Seric {
5759536Seric register char **ulist;
5769536Seric extern char *TrustedUsers[];
5779536Seric
5789536Seric for (ulist = TrustedUsers; *ulist != NULL; ulist++)
5799536Seric if (strcmp(*ulist, user) == 0)
5809536Seric return (TRUE);
5819536Seric return (FALSE);
5829536Seric }
583