1 #include <pwd.h>
2 #include <time.h>
3 #include "sendmail.h"
4 #include <sys/stat.h>
5
6 SCCSID(@(#)envelope.c 3.6 01/08/83);
7
8 /*
9 ** NEWENVELOPE -- allocate a new envelope
10 **
11 ** Supports inheritance.
12 **
13 ** Parameters:
14 ** e -- the new envelope to fill in.
15 **
16 ** Returns:
17 ** e.
18 **
19 ** Side Effects:
20 ** none.
21 */
22
23 ENVELOPE *
24 newenvelope(e)
25 register ENVELOPE *e;
26 {
27 register HDR *bh;
28 register HDR **nhp;
29 register ENVELOPE *parent;
30 extern putheader(), putbody();
31 extern ENVELOPE BlankEnvelope;
32
33 parent = CurEnv;
34 if (e == CurEnv)
35 parent = e->e_parent;
36 clear((char *) e, sizeof *e);
37 bmove((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
38 e->e_parent = parent;
39 e->e_ctime = curtime();
40 e->e_puthdr = putheader;
41 e->e_putbody = putbody;
42 bh = BlankEnvelope.e_header;
43 nhp = &e->e_header;
44 while (bh != NULL)
45 {
46 *nhp = (HDR *) xalloc(sizeof *bh);
47 bmove((char *) bh, (char *) *nhp, sizeof *bh);
48 bh = bh->h_link;
49 nhp = &(*nhp)->h_link;
50 }
51 if (CurEnv->e_xfp != NULL)
52 (void) fflush(CurEnv->e_xfp);
53
54 return (e);
55 }
56 �/*
57 ** DROPENVELOPE -- deallocate an envelope.
58 **
59 ** Parameters:
60 ** e -- the envelope to deallocate.
61 **
62 ** Returns:
63 ** none.
64 **
65 ** Side Effects:
66 ** housekeeping necessary to dispose of an envelope.
67 ** Unlocks this queue file.
68 */
69
70 dropenvelope(e)
71 register ENVELOPE *e;
72 {
73 bool queueit = FALSE;
74 register ADDRESS *q;
75
76 #ifdef DEBUG
77 if (tTd(50, 1))
78 {
79 printf("dropenvelope %x id=", e);
80 xputs(e->e_id);
81 printf(" flags=%o\n", e->e_flags);
82 }
83 #endif DEBUG
84 #ifdef LOG
85 if (LogLevel > 10)
86 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
87 e->e_id == NULL ? "(none)" : e->e_id,
88 e->e_flags, getpid());
89 #endif LOG
90
91 /* we must have an id to remove disk files */
92 if (e->e_id == NULL)
93 return;
94
95 /*
96 ** Extract state information from dregs of send list.
97 */
98
99 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
100 {
101 if (bitset(QQUEUEUP, q->q_flags))
102 queueit = TRUE;
103 }
104
105 /*
106 ** Send back return receipts as requested.
107 */
108
109 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
110 {
111 auto ADDRESS *rlist;
112
113 sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist);
114 (void) returntosender("Return receipt", rlist, FALSE);
115 }
116
117 /*
118 ** Arrange to send error messages if there are fatal errors.
119 */
120
121 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags))
122 savemail(e);
123
124 /*
125 ** Instantiate or deinstantiate the queue.
126 */
127
128 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
129 bitset(EF_CLRQUEUE, e->e_flags))
130 {
131 if (e->e_dfp != NULL)
132 (void) fclose(e->e_dfp);
133 if (e->e_df != NULL)
134 xunlink(e->e_df);
135 xunlink(queuename(e, 'q'));
136 }
137 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
138 queueup(e, FALSE, FALSE);
139
140 /* now unlock the job */
141 closexscript(e);
142 unlockqueue(e);
143
144 /* make sure that this envelope is marked unused */
145 e->e_id = e->e_df = NULL;
146 e->e_dfp = NULL;
147 }
148 �/*
149 ** CLEARENVELOPE -- clear an envelope without unlocking
150 **
151 ** This is normally used by a child process to get a clean
152 ** envelope without disturbing the parent.
153 **
154 ** Parameters:
155 ** e -- the envelope to clear.
156 **
157 ** Returns:
158 ** none.
159 **
160 ** Side Effects:
161 ** Closes files associated with the envelope.
162 ** Marks the envelope as unallocated.
163 */
164
165 clearenvelope(e)
166 register ENVELOPE *e;
167 {
168 /* clear out any file information */
169 if (e->e_xfp != NULL)
170 (void) fclose(e->e_xfp);
171 if (e->e_dfp != NULL)
172 (void) fclose(e->e_dfp);
173 e->e_xfp = e->e_dfp = NULL;
174
175 /* now expunge names of objects */
176 e->e_df = e->e_id = NULL;
177
178 /* and the flags which are now meaningless */
179 e->e_flags = 0;
180 }
181 �/*
182 ** UNLOCKQUEUE -- unlock the queue entry for a specified envelope
183 **
184 ** Parameters:
185 ** e -- the envelope to unlock.
186 **
187 ** Returns:
188 ** none
189 **
190 ** Side Effects:
191 ** unlocks the queue for `e'.
192 */
193
194 unlockqueue(e)
195 ENVELOPE *e;
196 {
197 /* remove the transcript */
198 #ifdef DEBUG
199 # ifdef LOG
200 if (LogLevel > 19)
201 syslog(LOG_DEBUG, "%s: unlock", e->e_id);
202 # endif LOG
203 if (!tTd(51, 4))
204 #endif DEBUG
205 xunlink(queuename(e, 'x'));
206
207 /* last but not least, remove the lock */
208 xunlink(queuename(e, 'l'));
209 }
210 �/*
211 ** INITSYS -- initialize instantiation of system
212 **
213 ** In Daemon mode, this is done in the child.
214 **
215 ** Parameters:
216 ** none.
217 **
218 ** Returns:
219 ** none.
220 **
221 ** Side Effects:
222 ** Initializes the system macros, some global variables,
223 ** etc. In particular, the current time in various
224 ** forms is set.
225 */
226
227 initsys()
228 {
229 auto time_t now;
230 static char cbuf[5]; /* holds hop count */
231 static char dbuf[30]; /* holds ctime(tbuf) */
232 static char pbuf[10]; /* holds pid */
233 static char tbuf[20]; /* holds "current" time */
234 static char ybuf[10]; /* holds tty id */
235 register char *p;
236 register struct tm *tm;
237 extern char *ttyname();
238 extern char *arpadate();
239 extern struct tm *gmtime();
240 extern char *macvalue();
241 extern char Version[];
242
243 /*
244 ** Give this envelope a reality.
245 ** I.e., an id, a transcript, and a creation time.
246 */
247
248 openxscript(CurEnv);
249 CurEnv->e_ctime = curtime();
250
251 /*
252 ** Set OutChannel to something useful if stdout isn't it.
253 ** This arranges that any extra stuff the mailer produces
254 ** gets sent back to the user on error (because it is
255 ** tucked away in the transcript).
256 */
257
258 if (OpMode == MD_DAEMON && QueueRun)
259 OutChannel = CurEnv->e_xfp;
260
261 /*
262 ** Set up some basic system macros.
263 */
264
265 /* process id */
266 (void) sprintf(pbuf, "%d", getpid());
267 define('p', pbuf, CurEnv);
268
269 /* hop count */
270 (void) sprintf(cbuf, "%d", CurEnv->e_hopcount);
271 define('c', cbuf, CurEnv);
272
273 /* time as integer, unix time, arpa time */
274 now = curtime();
275 tm = gmtime(&now);
276 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon,
277 tm->tm_mday, tm->tm_hour, tm->tm_min);
278 define('t', tbuf, CurEnv);
279 (void) strcpy(dbuf, ctime(&now));
280 *index(dbuf, '\n') = '\0';
281 if (macvalue('d', CurEnv) == NULL)
282 define('d', dbuf, CurEnv);
283 p = newstr(arpadate(dbuf));
284 if (macvalue('a', CurEnv) == NULL)
285 define('a', p, CurEnv);
286 define('b', p, CurEnv);
287
288 /* version */
289 define('v', Version, CurEnv);
290
291 /* tty name */
292 if (macvalue('y', CurEnv) == NULL)
293 {
294 p = ttyname(2);
295 if (p != NULL)
296 {
297 if (rindex(p, '/') != NULL)
298 p = rindex(p, '/') + 1;
299 (void) strcpy(ybuf, p);
300 define('y', ybuf, CurEnv);
301 }
302 }
303 }
304 �/*
305 ** QUEUENAME -- build a file name in the queue directory for this envelope.
306 **
307 ** Assigns an id code if one does not already exist.
308 ** This code is very careful to avoid trashing existing files
309 ** under any circumstances.
310 ** We first create an nf file that is only used when
311 ** assigning an id. This file is always empty, so that
312 ** we can never accidently truncate an lf file.
313 **
314 ** Parameters:
315 ** e -- envelope to build it in/from.
316 ** type -- the file type, used as the first character
317 ** of the file name.
318 **
319 ** Returns:
320 ** a pointer to the new file name (in a static buffer).
321 **
322 ** Side Effects:
323 ** Will create the lf and qf files if no id code is
324 ** already assigned. This will cause the envelope
325 ** to be modified.
326 */
327
328 char *
329 queuename(e, type)
330 register ENVELOPE *e;
331 char type;
332 {
333 static char buf[MAXNAME];
334 static int pid = -1;
335 char c1 = 'A';
336 char c2 = 'A';
337
338 if (e->e_id == NULL)
339 {
340 char qf[20];
341 char lf[20];
342 char nf[20];
343
344 /* find a unique id */
345 if (pid != getpid())
346 {
347 /* new process -- start back at "AA" */
348 pid = getpid();
349 c1 = 'A';
350 c2 = 'A' - 1;
351 }
352 (void) sprintf(qf, "qfAA%05d", pid);
353 strcpy(lf, qf);
354 lf[0] = 'l';
355 strcpy(nf, qf);
356 nf[0] = 'n';
357
358 while (c1 < '~' || c2 < 'Z')
359 {
360 int i;
361
362 if (c2 >= 'Z')
363 {
364 c1++;
365 c2 = 'A' - 1;
366 }
367 qf[2] = lf[2] = nf[2] = c1;
368 qf[3] = lf[3] = nf[3] = ++c2;
369 # ifdef DEBUG
370 if (tTd(7, 20))
371 printf("queuename: trying \"%s\"\n", nf);
372 # endif DEBUG
373 if (access(lf, 0) >= 0 || access(qf, 0) >= 0)
374 continue;
375 errno = 0;
376 i = creat(nf, FileMode);
377 if (i < 0)
378 {
379 (void) unlink(nf); /* kernel bug */
380 continue;
381 }
382 (void) close(i);
383 i = link(nf, lf);
384 (void) unlink(nf);
385 if (i < 0)
386 continue;
387 if (link(lf, qf) >= 0)
388 break;
389 (void) unlink(lf);
390 }
391 if (c1 >= '~' && c2 >= 'Z')
392 {
393 syserr("queuename: Cannot create \"%s\" in \"%s\"",
394 lf, QueueDir);
395 exit(EX_OSERR);
396 }
397 e->e_id = newstr(&qf[2]);
398 define('i', e->e_id, e);
399 # ifdef DEBUG
400 if (tTd(7, 1))
401 printf("queuename: assigned id %s, env=%x\n", e->e_id, e);
402 # ifdef LOG
403 if (LogLevel > 16)
404 syslog(LOG_DEBUG, "%s: assigned id", e->e_id);
405 # endif LOG
406 # endif DEBUG
407 }
408
409 if (type == '\0')
410 return (NULL);
411 (void) sprintf(buf, "%cf%s", type, e->e_id);
412 # ifdef DEBUG
413 if (tTd(7, 2))
414 printf("queuename: %s\n", buf);
415 # endif DEBUG
416 return (buf);
417 }
418 �/*
419 ** OPENXSCRIPT -- Open transcript file
420 **
421 ** Creates a transcript file for possible eventual mailing or
422 ** sending back.
423 **
424 ** Parameters:
425 ** e -- the envelope to create the transcript in/for.
426 **
427 ** Returns:
428 ** none
429 **
430 ** Side Effects:
431 ** Creates the transcript file.
432 */
433
434 openxscript(e)
435 register ENVELOPE *e;
436 {
437 register char *p;
438
439 # ifdef LOG
440 if (LogLevel > 19)
441 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
442 # endif LOG
443 if (e->e_xfp != NULL)
444 return;
445 p = queuename(e, 'x');
446 e->e_xfp = fopen(p, "w");
447 if (e->e_xfp == NULL)
448 syserr("Can't create %s", p);
449 else
450 (void) chmod(p, 0644);
451 }
452 �/*
453 ** CLOSEXSCRIPT -- close the transcript file.
454 **
455 ** Parameters:
456 ** e -- the envelope containing the transcript to close.
457 **
458 ** Returns:
459 ** none.
460 **
461 ** Side Effects:
462 ** none.
463 */
464
465 closexscript(e)
466 register ENVELOPE *e;
467 {
468 if (e->e_xfp == NULL)
469 return;
470 (void) fclose(e->e_xfp);
471 e->e_xfp = NULL;
472 }
473 �/*
474 ** SETSENDER -- set the person who this message is from
475 **
476 ** Under certain circumstances allow the user to say who
477 ** s/he is (using -f or -r). These are:
478 ** 1. The user's uid is zero (root).
479 ** 2. The user's login name is in an approved list (typically
480 ** from a network server).
481 ** 3. The address the user is trying to claim has a
482 ** "!" character in it (since #2 doesn't do it for
483 ** us if we are dialing out for UUCP).
484 ** A better check to replace #3 would be if the
485 ** effective uid is "UUCP" -- this would require me
486 ** to rewrite getpwent to "grab" uucp as it went by,
487 ** make getname more nasty, do another passwd file
488 ** scan, or compile the UID of "UUCP" into the code,
489 ** all of which are reprehensible.
490 **
491 ** Assuming all of these fail, we figure out something
492 ** ourselves.
493 **
494 ** Parameters:
495 ** from -- the person we would like to believe this message
496 ** is from, as specified on the command line.
497 **
498 ** Returns:
499 ** none.
500 **
501 ** Side Effects:
502 ** sets sendmail's notion of who the from person is.
503 */
504
505 setsender(from)
506 char *from;
507 {
508 register char **pvp;
509 register struct passwd *pw = NULL;
510 char *realname = NULL;
511 char buf[MAXNAME];
512 extern char *macvalue();
513 extern char **prescan();
514 extern bool safefile();
515 extern char *FullName;
516
517 # ifdef DEBUG
518 if (tTd(45, 1))
519 printf("setsender(%s)\n", from);
520 # endif DEBUG
521
522 /*
523 ** Figure out the real user executing us.
524 ** Username can return errno != 0 on non-errors.
525 */
526
527 if (QueueRun || OpMode == MD_SMTP || OpMode == MD_ARPAFTP)
528 realname = from;
529 if (realname == NULL || realname[0] == '\0')
530 {
531 extern char *username();
532
533 realname = username();
534 errno = 0;
535 }
536 if (realname == NULL || realname[0] == '\0')
537 {
538 extern struct passwd *getpwuid();
539
540 pw = getpwuid(getruid());
541 if (pw != NULL)
542 realname = pw->pw_name;
543 }
544 if (realname == NULL || realname[0] == '\0')
545 {
546 syserr("Who are you?");
547 realname = "root";
548 }
549
550 /*
551 ** Determine if this real person is allowed to alias themselves.
552 */
553
554 if (from != NULL)
555 {
556 extern bool trusteduser();
557
558 if (!trusteduser(realname) &&
559 # ifdef DEBUG
560 (!tTd(1, 9) || getuid() != geteuid()) &&
561 # endif DEBUG
562 index(from, '!') == NULL && getuid() != 0)
563 {
564 /* network sends -r regardless (why why why?) */
565 /* syserr("%s, you cannot use the -f flag", realname); */
566 from = NULL;
567 }
568 }
569
570 SuprErrs = TRUE;
571 if (from == NULL || parseaddr(from, &CurEnv->e_from, 1) == NULL)
572 {
573 from = newstr(realname);
574 (void) parseaddr(from, &CurEnv->e_from, 1);
575 }
576 else
577 FromFlag = TRUE;
578 CurEnv->e_from.q_flags |= QDONTSEND;
579 SuprErrs = FALSE;
580
581 if (pw == NULL && CurEnv->e_from.q_mailer == LocalMailer)
582 {
583 extern struct passwd *getpwnam();
584
585 pw = getpwnam(CurEnv->e_from.q_user);
586 }
587
588 /*
589 ** Process passwd file entry.
590 */
591
592 if (pw != NULL)
593 {
594 /* extract home directory */
595 CurEnv->e_from.q_home = newstr(pw->pw_dir);
596
597 /* run user's .mailcf file */
598 define('z', CurEnv->e_from.q_home, CurEnv);
599 expand("$z/.mailcf", buf, &buf[sizeof buf - 1], CurEnv);
600 if (safefile(buf, getruid(), S_IREAD))
601 readcf(buf, FALSE);
602
603 /* if the user has given fullname already, don't redefine */
604 if (FullName == NULL)
605 FullName = macvalue('x', CurEnv);
606 if (FullName[0] == '\0')
607 FullName = NULL;
608
609 /* extract full name from passwd file */
610 if (FullName == NULL && pw->pw_gecos != NULL &&
611 strcmp(pw->pw_name, CurEnv->e_from.q_user) == 0)
612 {
613 buildfname(pw->pw_gecos, CurEnv->e_from.q_user, buf);
614 if (buf[0] != '\0')
615 FullName = newstr(buf);
616 }
617 if (FullName != NULL)
618 define('x', FullName, CurEnv);
619 }
620
621 #ifndef V6
622 if (CurEnv->e_from.q_home == NULL)
623 CurEnv->e_from.q_home = getenv("HOME");
624 #endif V6
625 CurEnv->e_from.q_uid = getuid();
626 CurEnv->e_from.q_gid = getgid();
627 if (CurEnv->e_from.q_uid != 0)
628 {
629 DefUid = CurEnv->e_from.q_uid;
630 DefGid = CurEnv->e_from.q_gid;
631 }
632
633 /*
634 ** Rewrite the from person to dispose of possible implicit
635 ** links in the net.
636 */
637
638 pvp = prescan(from, '\0');
639 if (pvp == NULL)
640 {
641 syserr("cannot prescan from (%s)", from);
642 finis();
643 }
644 rewrite(pvp, 3);
645 rewrite(pvp, 1);
646 cataddr(pvp, buf, sizeof buf);
647 define('f', newstr(buf), CurEnv);
648
649 /* save the domain spec if this mailer wants it */
650 if (bitset(M_CANONICAL, CurEnv->e_from.q_mailer->m_flags))
651 {
652 extern char **copyplist();
653
654 while (*pvp != NULL && strcmp(*pvp, "@") != 0)
655 pvp++;
656 if (*pvp != NULL)
657 CurEnv->e_fromdomain = copyplist(pvp, TRUE);
658 }
659 }
660 �/*
661 ** TRUSTEDUSER -- tell us if this user is to be trusted.
662 **
663 ** Parameters:
664 ** user -- the user to be checked.
665 **
666 ** Returns:
667 ** TRUE if the user is in an approved list.
668 ** FALSE otherwise.
669 **
670 ** Side Effects:
671 ** none.
672 */
673
674 bool
675 trusteduser(user)
676 char *user;
677 {
678 register char **ulist;
679 extern char *TrustedUsers[];
680
681 for (ulist = TrustedUsers; *ulist != NULL; ulist++)
682 if (strcmp(*ulist, user) == 0)
683 return (TRUE);
684 return (FALSE);
685 }
686