1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)envelope.c 6.4 (Berkeley) 01/28/93";
11 #endif /* not lint */
12
13 #include <sys/types.h>
14 #include <sys/time.h>
15 #include <sys/stat.h>
16 #include <pwd.h>
17 #include <sys/file.h>
18 #include <sys/fcntl.h>
19 #include "sendmail.h"
20
21 /*
22 ** NEWENVELOPE -- allocate a new envelope
23 **
24 ** Supports inheritance.
25 **
26 ** Parameters:
27 ** e -- the new envelope to fill in.
28 **
29 ** Returns:
30 ** e.
31 **
32 ** Side Effects:
33 ** none.
34 */
35
36 ENVELOPE *
37 newenvelope(e)
38 register ENVELOPE *e;
39 {
40 register ENVELOPE *parent;
41 extern putheader(), putbody();
42 extern ENVELOPE BlankEnvelope;
43
44 parent = CurEnv;
45 if (e == CurEnv && e->e_parent != NULL)
46 parent = e->e_parent;
47 clearenvelope(e, TRUE);
48 if (e == CurEnv)
49 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
50 else
51 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
52 e->e_parent = parent;
53 e->e_ctime = curtime();
54 if (parent != NULL)
55 e->e_msgpriority = parent->e_msgsize;
56 e->e_puthdr = putheader;
57 e->e_putbody = putbody;
58 if (CurEnv->e_xfp != NULL)
59 (void) fflush(CurEnv->e_xfp);
60
61 return (e);
62 }
63 �/*
64 ** DROPENVELOPE -- deallocate an envelope.
65 **
66 ** Parameters:
67 ** e -- the envelope to deallocate.
68 **
69 ** Returns:
70 ** none.
71 **
72 ** Side Effects:
73 ** housekeeping necessary to dispose of an envelope.
74 ** Unlocks this queue file.
75 */
76
77 dropenvelope(e)
78 register ENVELOPE *e;
79 {
80 bool queueit = FALSE;
81 register ADDRESS *q;
82
83 if (tTd(50, 1))
84 {
85 printf("dropenvelope %x id=", e);
86 xputs(e->e_id);
87 printf(" flags=%o\n", e->e_flags);
88 }
89 #ifdef LOG
90 if (LogLevel > 12)
91 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
92 e->e_id == NULL ? "(none)" : e->e_id,
93 e->e_flags, getpid());
94 #endif /* LOG */
95
96 /* we must have an id to remove disk files */
97 if (e->e_id == NULL)
98 return;
99
100 /*
101 ** Extract state information from dregs of send list.
102 */
103
104 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
105 {
106 if (bitset(QQUEUEUP, q->q_flags))
107 queueit = TRUE;
108 }
109
110 /*
111 ** Send back return receipts as requested.
112 */
113
114 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
115 {
116 auto ADDRESS *rlist = NULL;
117
118 sendtolist(e->e_receiptto, (ADDRESS *) NULL, &rlist, e);
119 (void) returntosender("Return receipt", rlist, FALSE, e);
120 }
121
122 /*
123 ** Arrange to send error messages if there are fatal errors.
124 */
125
126 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET)
127 savemail(e);
128
129 /*
130 ** Instantiate or deinstantiate the queue.
131 */
132
133 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
134 bitset(EF_CLRQUEUE, e->e_flags))
135 {
136 if (e->e_df != NULL)
137 xunlink(e->e_df);
138 xunlink(queuename(e, 'q'));
139 }
140 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
141 {
142 #ifdef QUEUE
143 queueup(e, FALSE, FALSE);
144 #else /* QUEUE */
145 syserr("dropenvelope: queueup");
146 #endif /* QUEUE */
147 }
148
149 /* now unlock the job */
150 closexscript(e);
151 unlockqueue(e);
152
153 /* make sure that this envelope is marked unused */
154 e->e_id = e->e_df = NULL;
155 if (e->e_dfp != NULL)
156 (void) fclose(e->e_dfp);
157 e->e_dfp = NULL;
158
159 #ifdef LOG
160 if (LogLevel >= 10)
161 syslog(LOG_INFO, "%s: done", e->e_id);
162 #endif /* LOG */
163 }
164 �/*
165 ** CLEARENVELOPE -- clear an envelope without unlocking
166 **
167 ** This is normally used by a child process to get a clean
168 ** envelope without disturbing the parent.
169 **
170 ** Parameters:
171 ** e -- the envelope to clear.
172 ** fullclear - if set, the current envelope is total
173 ** garbage and should be ignored; otherwise,
174 ** release any resources it may indicate.
175 **
176 ** Returns:
177 ** none.
178 **
179 ** Side Effects:
180 ** Closes files associated with the envelope.
181 ** Marks the envelope as unallocated.
182 */
183
184 clearenvelope(e, fullclear)
185 register ENVELOPE *e;
186 bool fullclear;
187 {
188 register HDR *bh;
189 register HDR **nhp;
190 extern ENVELOPE BlankEnvelope;
191
192 if (!fullclear)
193 {
194 /* clear out any file information */
195 if (e->e_xfp != NULL)
196 (void) fclose(e->e_xfp);
197 if (e->e_dfp != NULL)
198 (void) fclose(e->e_dfp);
199 }
200
201 /* now clear out the data */
202 STRUCTCOPY(BlankEnvelope, *e);
203 bh = BlankEnvelope.e_header;
204 nhp = &e->e_header;
205 while (bh != NULL)
206 {
207 *nhp = (HDR *) xalloc(sizeof *bh);
208 bcopy((char *) bh, (char *) *nhp, sizeof *bh);
209 bh = bh->h_link;
210 nhp = &(*nhp)->h_link;
211 }
212 }
213 �/*
214 ** INITSYS -- initialize instantiation of system
215 **
216 ** In Daemon mode, this is done in the child.
217 **
218 ** Parameters:
219 ** none.
220 **
221 ** Returns:
222 ** none.
223 **
224 ** Side Effects:
225 ** Initializes the system macros, some global variables,
226 ** etc. In particular, the current time in various
227 ** forms is set.
228 */
229
230 initsys(e)
231 register ENVELOPE *e;
232 {
233 static char cbuf[5]; /* holds hop count */
234 static char pbuf[10]; /* holds pid */
235 #ifdef TTYNAME
236 static char ybuf[10]; /* holds tty id */
237 register char *p;
238 #endif /* TTYNAME */
239 extern char *ttyname();
240 extern char *macvalue();
241 extern char Version[];
242
243 /*
244 ** Give this envelope a reality.
245 ** I.e., an id, a transcript, and a creation time.
246 */
247
248 openxscript(e);
249 e->e_ctime = curtime();
250
251 /*
252 ** Set OutChannel to something useful if stdout isn't it.
253 ** This arranges that any extra stuff the mailer produces
254 ** gets sent back to the user on error (because it is
255 ** tucked away in the transcript).
256 */
257
258 if (OpMode == MD_DAEMON && QueueRun)
259 OutChannel = e->e_xfp;
260
261 /*
262 ** Set up some basic system macros.
263 */
264
265 /* process id */
266 (void) sprintf(pbuf, "%d", getpid());
267 define('p', pbuf, e);
268
269 /* hop count */
270 (void) sprintf(cbuf, "%d", e->e_hopcount);
271 define('c', cbuf, e);
272
273 /* time as integer, unix time, arpa time */
274 settime(e);
275
276 #ifdef TTYNAME
277 /* tty name */
278 if (macvalue('y', e) == NULL)
279 {
280 p = ttyname(2);
281 if (p != NULL)
282 {
283 if (strrchr(p, '/') != NULL)
284 p = strrchr(p, '/') + 1;
285 (void) strcpy(ybuf, p);
286 define('y', ybuf, e);
287 }
288 }
289 #endif /* TTYNAME */
290 }
291 �/*
292 ** SETTIME -- set the current time.
293 **
294 ** Parameters:
295 ** none.
296 **
297 ** Returns:
298 ** none.
299 **
300 ** Side Effects:
301 ** Sets the various time macros -- $a, $b, $d, $t.
302 */
303
304 settime(e)
305 register ENVELOPE *e;
306 {
307 register char *p;
308 auto time_t now;
309 static char tbuf[20]; /* holds "current" time */
310 static char dbuf[30]; /* holds ctime(tbuf) */
311 register struct tm *tm;
312 extern char *arpadate();
313 extern struct tm *gmtime();
314 extern char *macvalue();
315
316 now = curtime();
317 tm = gmtime(&now);
318 (void) sprintf(tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900,
319 tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min);
320 define('t', tbuf, e);
321 (void) strcpy(dbuf, ctime(&now));
322 *strchr(dbuf, '\n') = '\0';
323 if (macvalue('d', e) == NULL)
324 define('d', dbuf, e);
325 p = newstr(arpadate(dbuf));
326 if (macvalue('a', e) == NULL)
327 define('a', p, e);
328 define('b', p, e);
329 }
330 �/*
331 ** OPENXSCRIPT -- Open transcript file
332 **
333 ** Creates a transcript file for possible eventual mailing or
334 ** sending back.
335 **
336 ** Parameters:
337 ** e -- the envelope to create the transcript in/for.
338 **
339 ** Returns:
340 ** none
341 **
342 ** Side Effects:
343 ** Creates the transcript file.
344 */
345
346 openxscript(e)
347 register ENVELOPE *e;
348 {
349 register char *p;
350 int fd;
351
352 # ifdef LOG
353 if (LogLevel > 19)
354 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
355 # endif /* LOG */
356 if (e->e_xfp != NULL)
357 return;
358 p = queuename(e, 'x');
359 fd = open(p, O_WRONLY|O_CREAT, 0644);
360 if (fd < 0)
361 syserr("Can't create %s", p);
362 else
363 e->e_xfp = fdopen(fd, "w");
364 }
365 �/*
366 ** CLOSEXSCRIPT -- close the transcript file.
367 **
368 ** Parameters:
369 ** e -- the envelope containing the transcript to close.
370 **
371 ** Returns:
372 ** none.
373 **
374 ** Side Effects:
375 ** none.
376 */
377
378 closexscript(e)
379 register ENVELOPE *e;
380 {
381 if (e->e_xfp == NULL)
382 return;
383 (void) fclose(e->e_xfp);
384 e->e_xfp = NULL;
385 }
386 �/*
387 ** SETSENDER -- set the person who this message is from
388 **
389 ** Under certain circumstances allow the user to say who
390 ** s/he is (using -f or -r). These are:
391 ** 1. The user's uid is zero (root).
392 ** 2. The user's login name is in an approved list (typically
393 ** from a network server).
394 ** 3. The address the user is trying to claim has a
395 ** "!" character in it (since #2 doesn't do it for
396 ** us if we are dialing out for UUCP).
397 ** A better check to replace #3 would be if the
398 ** effective uid is "UUCP" -- this would require me
399 ** to rewrite getpwent to "grab" uucp as it went by,
400 ** make getname more nasty, do another passwd file
401 ** scan, or compile the UID of "UUCP" into the code,
402 ** all of which are reprehensible.
403 **
404 ** Assuming all of these fail, we figure out something
405 ** ourselves.
406 **
407 ** Parameters:
408 ** from -- the person we would like to believe this message
409 ** is from, as specified on the command line.
410 ** e -- the envelope in which we would like the sender set.
411 **
412 ** Returns:
413 ** none.
414 **
415 ** Side Effects:
416 ** sets sendmail's notion of who the from person is.
417 */
418
419 setsender(from, e)
420 char *from;
421 register ENVELOPE *e;
422 {
423 register char **pvp;
424 char *realname = NULL;
425 register struct passwd *pw;
426 char buf[MAXNAME];
427 char pvpbuf[PSBUFSIZE];
428 extern struct passwd *getpwnam();
429 extern char *macvalue();
430 extern char **prescan();
431 extern bool safefile();
432 extern char *FullName;
433
434 if (tTd(45, 1))
435 printf("setsender(%s)\n", from == NULL ? "" : from);
436
437 /*
438 ** Figure out the real user executing us.
439 ** Username can return errno != 0 on non-errors.
440 */
441
442 if (QueueRun || OpMode == MD_SMTP)
443 realname = from;
444 if (realname == NULL || realname[0] == '\0')
445 {
446 extern char *username();
447
448 realname = username();
449 }
450
451 /*
452 ** Determine if this real person is allowed to alias themselves.
453 */
454
455 if (from != NULL)
456 {
457 extern bool trusteduser();
458
459 if (!trusteduser(realname) && getuid() != geteuid() &&
460 strchr(from, '!') == NULL && getuid() != 0)
461 {
462 /* network sends -r regardless (why why why?) */
463 /* syserr("%s, you cannot use the -f flag", realname); */
464 from = NULL;
465 }
466 }
467
468 /*
469 SuprErrs = TRUE;
470 */
471 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0', e) == NULL)
472 {
473 /* log garbage addresses for traceback */
474 # ifdef LOG
475 if (from != NULL && LogLevel >= 1)
476 {
477 char *host = RealHostName;
478
479 if (host == NULL)
480 host = MyHostName;
481 syslog(LOG_NOTICE,
482 "from=%s unparseable, received from %s@%s",
483 from, realname, host);
484 }
485 # endif /* LOG */
486 if (from != NULL)
487 SuprErrs = TRUE;
488 if (from == realname ||
489 parseaddr(from = newstr(realname), &e->e_from, 1, '\0', e) == NULL)
490 {
491 SuprErrs = TRUE;
492 if (parseaddr("postmaster", &e->e_from, 1, '\0', e) == NULL)
493 syserr("setsender: can't even parse postmaster!");
494 }
495 }
496 else
497 FromFlag = TRUE;
498 e->e_from.q_flags |= QDONTSEND;
499 if (tTd(45, 5))
500 {
501 printf("setsender: QDONTSEND ");
502 printaddr(&e->e_from, FALSE);
503 }
504 loweraddr(&e->e_from);
505 SuprErrs = FALSE;
506
507 pvp = NULL;
508 if (e->e_from.q_mailer == LocalMailer)
509 {
510 # ifdef USERDB
511 register char *p;
512 extern char *udbsender();
513 # endif
514
515 /* if the user has given fullname already, don't redefine */
516 if (FullName == NULL)
517 FullName = macvalue('x', e);
518 if (FullName != NULL && FullName[0] == '\0')
519 FullName = NULL;
520
521 # ifdef USERDB
522 p = udbsender(from);
523
524 if (p != NULL)
525 {
526 /*
527 ** We have an alternate address for the sender
528 */
529
530 pvp = prescan(p, '\0', pvpbuf);
531 }
532 # endif /* USERDB */
533
534 if ((pw = getpwnam(e->e_from.q_user)) != NULL)
535 {
536 /*
537 ** Process passwd file entry.
538 */
539
540
541 /* extract home directory */
542 e->e_from.q_home = newstr(pw->pw_dir);
543 define('z', e->e_from.q_home, e);
544
545 /* extract user and group id */
546 e->e_from.q_uid = pw->pw_uid;
547 e->e_from.q_gid = pw->pw_gid;
548
549 /* extract full name from passwd file */
550 if (FullName == NULL && pw->pw_gecos != NULL &&
551 strcmp(pw->pw_name, e->e_from.q_user) == 0)
552 {
553 buildfname(pw->pw_gecos, e->e_from.q_user, buf);
554 if (buf[0] != '\0')
555 FullName = newstr(buf);
556 }
557 }
558 if (FullName != NULL)
559 define('x', FullName, e);
560 }
561 else
562 {
563 if (e->e_from.q_home == NULL)
564 e->e_from.q_home = getenv("HOME");
565 e->e_from.q_uid = getuid();
566 e->e_from.q_gid = getgid();
567 }
568
569 /*
570 ** Rewrite the from person to dispose of possible implicit
571 ** links in the net.
572 */
573
574 if (pvp == NULL)
575 pvp = prescan(from, '\0', pvpbuf);
576 if (pvp == NULL)
577 {
578 # ifdef LOG
579 if (LogLevel >= 1)
580 syslog(LOG_NOTICE, "cannot prescan from (%s)", from);
581 # endif
582 usrerr("cannot prescan from (%s)", from);
583 finis();
584 }
585 rewrite(pvp, 3);
586 rewrite(pvp, 1);
587 rewrite(pvp, 4);
588 cataddr(pvp, buf, sizeof buf);
589 e->e_sender = e->e_returnpath = newstr(buf);
590
591 define('f', e->e_sender, e);
592
593 /* save the domain spec if this mailer wants it */
594 if (e->e_from.q_mailer != NULL &&
595 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
596 {
597 extern char **copyplist();
598
599 while (*pvp != NULL && strcmp(*pvp, "@") != 0)
600 pvp++;
601 if (*pvp != NULL)
602 e->e_fromdomain = copyplist(pvp, TRUE);
603 }
604 }
605 �/*
606 ** TRUSTEDUSER -- tell us if this user is to be trusted.
607 **
608 ** Parameters:
609 ** user -- the user to be checked.
610 **
611 ** Returns:
612 ** TRUE if the user is in an approved list.
613 ** FALSE otherwise.
614 **
615 ** Side Effects:
616 ** none.
617 */
618
619 bool
620 trusteduser(user)
621 char *user;
622 {
623 register char **ulist;
624 extern char *TrustedUsers[];
625
626 for (ulist = TrustedUsers; *ulist != NULL; ulist++)
627 if (strcmp(*ulist, user) == 0)
628 return (TRUE);
629 return (FALSE);
630 }
631