122710Sdist /*
2*33731Sbostic * Copyright (c) 1988 Regents of the University of California.
3*33731Sbostic * All rights reserved.
4*33731Sbostic *
5*33731Sbostic * Redistribution and use in source and binary forms are permitted
6*33731Sbostic * provided that this notice is preserved and that due credit is given
7*33731Sbostic * to the University of California at Berkeley. The name of the University
8*33731Sbostic * may not be used to endorse or promote products derived from this
9*33731Sbostic * software without specific prior written permission. This software
10*33731Sbostic * is provided ``as is'' without express or implied warranty.
11*33731Sbostic *
12*33731Sbostic * Sendmail
13*33731Sbostic * Copyright (c) 1983 Eric P. Allman
14*33731Sbostic * Berkeley, California
15*33731Sbostic */
1622710Sdist
1722710Sdist #ifndef lint
18*33731Sbostic static char sccsid[] = "@(#)recipient.c 5.11 (Berkeley) 03/13/88";
19*33731Sbostic #endif /* not lint */
2022710Sdist
214174Seric # include <pwd.h>
224627Seric # include "sendmail.h"
234329Seric # include <sys/stat.h>
244174Seric
254174Seric /*
269622Seric ** SENDTOLIST -- Designate a send list.
274174Seric **
284174Seric ** The parameter is a comma-separated list of people to send to.
294174Seric ** This routine arranges to send to all of them.
304174Seric **
314174Seric ** Parameters:
324174Seric ** list -- the send list.
334399Seric ** ctladdr -- the address template for the person to
344399Seric ** send to -- effective uid/gid are important.
355006Seric ** This is typically the alias that caused this
365006Seric ** expansion.
375006Seric ** sendq -- a pointer to the head of a queue to put
385006Seric ** these people into.
394174Seric **
404174Seric ** Returns:
414998Seric ** none
424174Seric **
434174Seric ** Side Effects:
444174Seric ** none.
454174Seric */
464174Seric
474174Seric # define MAXRCRSN 10
484174Seric
499622Seric sendtolist(list, ctladdr, sendq)
504174Seric char *list;
514399Seric ADDRESS *ctladdr;
525198Seric ADDRESS **sendq;
534174Seric {
544174Seric register char *p;
558223Seric register ADDRESS *al; /* list of addresses to send to */
564423Seric bool firstone; /* set on first address sent */
574444Seric bool selfref; /* set if this list includes ctladdr */
5811446Seric char delimiter; /* the address delimiter */
594174Seric
604324Seric # ifdef DEBUG
617676Seric if (tTd(25, 1))
624444Seric {
634444Seric printf("sendto: %s\n ctladdr=", list);
644444Seric printaddr(ctladdr, FALSE);
654444Seric }
664324Seric # endif DEBUG
674324Seric
688223Seric /* heuristic to determine old versus new style addresses */
698230Seric if (ctladdr == NULL &&
708230Seric (index(list, ',') != NULL || index(list, ';') != NULL ||
718230Seric index(list, '<') != NULL || index(list, '(') != NULL))
729340Seric CurEnv->e_flags &= ~EF_OLDSTYLE;
7311446Seric delimiter = ' ';
7411446Seric if (!bitset(EF_OLDSTYLE, CurEnv->e_flags) || ctladdr != NULL)
7511446Seric delimiter = ',';
768223Seric
774423Seric firstone = TRUE;
784444Seric selfref = FALSE;
794324Seric al = NULL;
808223Seric
818081Seric for (p = list; *p != '\0'; )
824174Seric {
838081Seric register ADDRESS *a;
848081Seric extern char *DelimChar; /* defined in prescan */
854319Seric
868081Seric /* parse the address */
878081Seric while (isspace(*p) || *p == ',')
884174Seric p++;
8911446Seric a = parseaddr(p, (ADDRESS *) NULL, 1, delimiter);
909297Seric p = DelimChar;
919297Seric if (a == NULL)
924174Seric continue;
934324Seric a->q_next = al;
944399Seric a->q_alias = ctladdr;
954444Seric
964444Seric /* see if this should be marked as a primary address */
974423Seric if (ctladdr == NULL ||
988081Seric (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
994423Seric a->q_flags |= QPRIMARY;
1004444Seric
1014444Seric /* put on send queue or suppress self-reference */
1029379Seric if (ctladdr != NULL && sameaddr(ctladdr, a))
1034444Seric selfref = TRUE;
1044444Seric else
1054444Seric al = a;
1064423Seric firstone = FALSE;
1074324Seric }
1084324Seric
1094444Seric /* if this alias doesn't include itself, delete ctladdr */
1104444Seric if (!selfref && ctladdr != NULL)
1114444Seric ctladdr->q_flags |= QDONTSEND;
1124444Seric
1134324Seric /* arrange to send to everyone on the local send list */
1144324Seric while (al != NULL)
1154324Seric {
1164324Seric register ADDRESS *a = al;
11712613Seric extern ADDRESS *recipient();
1184324Seric
1194324Seric al = a->q_next;
12012613Seric a = recipient(a, sendq);
1214993Seric
1224998Seric /* arrange to inherit full name */
1234998Seric if (a->q_fullname == NULL && ctladdr != NULL)
1244998Seric a->q_fullname = ctladdr->q_fullname;
1254174Seric }
1264324Seric
1276906Seric CurEnv->e_to = NULL;
1284174Seric }
1294174Seric �/*
1304174Seric ** RECIPIENT -- Designate a message recipient
1314174Seric **
1324174Seric ** Saves the named person for future mailing.
1334174Seric **
1344174Seric ** Parameters:
1354174Seric ** a -- the (preparsed) address header for the recipient.
1365006Seric ** sendq -- a pointer to the head of a queue to put the
1375006Seric ** recipient in. Duplicate supression is done
1385006Seric ** in this queue.
1394174Seric **
1404174Seric ** Returns:
14112613Seric ** The actual address in the queue. This will be "a" if
14212613Seric ** the address is not a duplicate, else the original address.
1434174Seric **
1444174Seric ** Side Effects:
1454174Seric ** none.
1464174Seric */
1474174Seric
14812613Seric ADDRESS *
1495006Seric recipient(a, sendq)
1504174Seric register ADDRESS *a;
1515006Seric register ADDRESS **sendq;
1524174Seric {
1534174Seric register ADDRESS *q;
1544319Seric ADDRESS **pq;
1554174Seric register struct mailer *m;
1569210Seric register char *p;
1579210Seric bool quoted = FALSE; /* set if the addr has a quote bit */
1589210Seric char buf[MAXNAME]; /* unquoted image of the user name */
1594399Seric extern ADDRESS *getctladdr();
1604627Seric extern bool safefile();
1614174Seric
1626906Seric CurEnv->e_to = a->q_paddr;
1634600Seric m = a->q_mailer;
1644174Seric errno = 0;
1654174Seric # ifdef DEBUG
1667676Seric if (tTd(26, 1))
1674444Seric {
1684444Seric printf("\nrecipient: ");
1694444Seric printaddr(a, FALSE);
1704444Seric }
1714174Seric # endif DEBUG
1724174Seric
1734174Seric /* break aliasing loops */
1744174Seric if (AliasLevel > MAXRCRSN)
1754174Seric {
1764174Seric usrerr("aliasing/forwarding loop broken");
17712613Seric return (a);
1784174Seric }
1794174Seric
1804174Seric /*
1814627Seric ** Finish setting up address structure.
1824174Seric */
1834174Seric
18416160Seric /* set the queue timeout */
1854627Seric a->q_timeout = TimeOut;
1864627Seric
18716160Seric /* map user & host to lower case if requested on non-aliases */
18816160Seric if (a->q_alias == NULL)
18916160Seric loweraddr(a);
19016160Seric
19116160Seric /* get unquoted user for file, program or user.name check */
1929210Seric (void) strcpy(buf, a->q_user);
1939210Seric for (p = buf; *p != '\0' && !quoted; p++)
1949210Seric {
1959210Seric if (!isascii(*p) && (*p & 0377) != (SpaceSub & 0377))
1969210Seric quoted = TRUE;
1979210Seric }
1989210Seric stripquotes(buf, TRUE);
1999210Seric
2004627Seric /* do sickly crude mapping for program mailing, etc. */
2019210Seric if (m == LocalMailer && buf[0] == '|')
2024174Seric {
2039210Seric a->q_mailer = m = ProgMailer;
2049210Seric a->q_user++;
2059210Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
2064174Seric {
20729915Seric a->q_flags |= QDONTSEND|QBADADDR;
2089210Seric usrerr("Cannot mail directly to programs");
2094174Seric }
2104174Seric }
2114174Seric
2124174Seric /*
2134419Seric ** Look up this person in the recipient list.
2144419Seric ** If they are there already, return, otherwise continue.
2154419Seric ** If the list is empty, just add it. Notice the cute
2164419Seric ** hack to make from addresses suppress things correctly:
2174419Seric ** the QDONTSEND bit will be set in the send list.
2184419Seric ** [Please note: the emphasis is on "hack."]
2194174Seric */
2204174Seric
2215006Seric for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
2224174Seric {
2239379Seric if (!ForceMail && sameaddr(q, a))
2244174Seric {
2254174Seric # ifdef DEBUG
2267676Seric if (tTd(26, 1))
2274444Seric {
2284444Seric printf("%s in sendq: ", a->q_paddr);
2294444Seric printaddr(q, FALSE);
2304444Seric }
2314174Seric # endif DEBUG
2327054Seric if (!bitset(QDONTSEND, a->q_flags))
2334324Seric message(Arpa_Info, "duplicate suppressed");
2344423Seric if (!bitset(QPRIMARY, q->q_flags))
2354423Seric q->q_flags |= a->q_flags;
23612613Seric return (q);
2374174Seric }
2384319Seric }
2394174Seric
2404319Seric /* add address on list */
2414319Seric *pq = a;
2424174Seric a->q_next = NULL;
24324951Seric CurEnv->e_nrcpts++;
2444174Seric
2454174Seric /*
2464174Seric ** Alias the name and handle :include: specs.
2474174Seric */
2484174Seric
2499210Seric if (m == LocalMailer && !bitset(QDONTSEND, a->q_flags))
2504174Seric {
2514174Seric if (strncmp(a->q_user, ":include:", 9) == 0)
2524174Seric {
2534174Seric a->q_flags |= QDONTSEND;
2547676Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
25529915Seric {
25629915Seric a->q_flags |= QBADADDR;
2574399Seric usrerr("Cannot mail directly to :include:s");
25829915Seric }
2594399Seric else
2604399Seric {
2617054Seric message(Arpa_Info, "including file %s", &a->q_user[9]);
2625006Seric include(&a->q_user[9], " sending", a, sendq);
2634399Seric }
2644174Seric }
2654174Seric else
2665006Seric alias(a, sendq);
2674174Seric }
2684174Seric
2694174Seric /*
2704174Seric ** If the user is local and still being sent, verify that
2714174Seric ** the address is good. If it is, try to forward.
2724174Seric ** If the address is already good, we have a forwarding
2734174Seric ** loop. This can be broken by just sending directly to
2744174Seric ** the user (which is probably correct anyway).
2754174Seric */
2764174Seric
2779210Seric if (!bitset(QDONTSEND, a->q_flags) && m == LocalMailer)
2784174Seric {
2794329Seric struct stat stb;
2804329Seric extern bool writable();
2814174Seric
2824174Seric /* see if this is to a file */
2835600Seric if (buf[0] == '/')
2844174Seric {
2855600Seric p = rindex(buf, '/');
2864201Seric /* check if writable or creatable */
2877676Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
2884399Seric {
28929915Seric a->q_flags |= QDONTSEND|QBADADDR;
2904399Seric usrerr("Cannot mail directly to files");
2914399Seric }
2924399Seric else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
2934539Seric (*p = '\0', !safefile(buf, getruid(), S_IWRITE|S_IEXEC)))
2944174Seric {
2954174Seric a->q_flags |= QBADADDR;
29610109Seric giveresponse(EX_CANTCREAT, m, CurEnv);
2974174Seric }
2984174Seric }
2994174Seric else
3004174Seric {
3014174Seric register struct passwd *pw;
3024373Seric extern struct passwd *finduser();
3034373Seric
3044407Seric /* warning -- finduser may trash buf */
3054373Seric pw = finduser(buf);
3064174Seric if (pw == NULL)
3074174Seric {
3084174Seric a->q_flags |= QBADADDR;
30910109Seric giveresponse(EX_NOUSER, m, CurEnv);
3104174Seric }
3114174Seric else
3124174Seric {
3134993Seric char nbuf[MAXNAME];
3144993Seric
3154376Seric if (strcmp(a->q_user, pw->pw_name) != 0)
3164376Seric {
3174376Seric a->q_user = newstr(pw->pw_name);
3187008Seric (void) strcpy(buf, pw->pw_name);
3194376Seric }
3204174Seric a->q_home = newstr(pw->pw_dir);
3214213Seric a->q_uid = pw->pw_uid;
3224399Seric a->q_gid = pw->pw_gid;
3234404Seric a->q_flags |= QGOODUID;
3244998Seric buildfname(pw->pw_gecos, pw->pw_name, nbuf);
3254993Seric if (nbuf[0] != '\0')
3264993Seric a->q_fullname = newstr(nbuf);
3274399Seric if (!quoted)
3285006Seric forward(a, sendq);
3294174Seric }
3304174Seric }
3314174Seric }
33212613Seric return (a);
3334174Seric }
3344174Seric �/*
3354373Seric ** FINDUSER -- find the password entry for a user.
3364373Seric **
3374373Seric ** This looks a lot like getpwnam, except that it may want to
3384373Seric ** do some fancier pattern matching in /etc/passwd.
3394373Seric **
3409379Seric ** This routine contains most of the time of many sendmail runs.
3419379Seric ** It deserves to be optimized.
3429379Seric **
3434373Seric ** Parameters:
3444373Seric ** name -- the name to match against.
3454373Seric **
3464373Seric ** Returns:
3474373Seric ** A pointer to a pw struct.
3484373Seric ** NULL if name is unknown or ambiguous.
3494373Seric **
3504373Seric ** Side Effects:
3514407Seric ** may modify name.
3524373Seric */
3534373Seric
3544373Seric struct passwd *
3554373Seric finduser(name)
3564373Seric char *name;
3574373Seric {
3584376Seric register struct passwd *pw;
3594407Seric register char *p;
36015325Seric extern struct passwd *getpwent();
36115325Seric extern struct passwd *getpwnam();
3624373Seric
36325777Seric /* map upper => lower case */
3644407Seric for (p = name; *p != '\0'; p++)
3654407Seric {
36625777Seric if (isascii(*p) && isupper(*p))
36725568Seric *p = tolower(*p);
3684407Seric }
3694407Seric
37025777Seric /* look up this login name using fast path */
37112634Seric if ((pw = getpwnam(name)) != NULL)
37212634Seric return (pw);
37312634Seric
37412634Seric /* search for a matching full name instead */
37525777Seric for (p = name; *p != '\0'; p++)
37625777Seric {
37725777Seric if (*p == (SpaceSub & 0177) || *p == '_')
37825777Seric *p = ' ';
37925777Seric }
38023107Seric (void) setpwent();
3814376Seric while ((pw = getpwent()) != NULL)
3824376Seric {
3834998Seric char buf[MAXNAME];
3844376Seric
3854998Seric buildfname(pw->pw_gecos, pw->pw_name, buf);
38633725Sbostic if (index(buf, ' ') != NULL && !strcasecmp(buf, name))
3874381Seric {
3887054Seric message(Arpa_Info, "sending to login name %s", pw->pw_name);
3894376Seric return (pw);
3904377Seric }
3914376Seric }
3924376Seric return (NULL);
3934373Seric }
3944373Seric �/*
3954329Seric ** WRITABLE -- predicate returning if the file is writable.
3964329Seric **
3974329Seric ** This routine must duplicate the algorithm in sys/fio.c.
3984329Seric ** Unfortunately, we cannot use the access call since we
3994329Seric ** won't necessarily be the real uid when we try to
4004329Seric ** actually open the file.
4014329Seric **
4024329Seric ** Notice that ANY file with ANY execute bit is automatically
4034329Seric ** not writable. This is also enforced by mailfile.
4044329Seric **
4054329Seric ** Parameters:
4064329Seric ** s -- pointer to a stat struct for the file.
4074329Seric **
4084329Seric ** Returns:
4094329Seric ** TRUE -- if we will be able to write this file.
4104329Seric ** FALSE -- if we cannot write this file.
4114329Seric **
4124329Seric ** Side Effects:
4134329Seric ** none.
4144329Seric */
4154329Seric
4164329Seric bool
4174329Seric writable(s)
4184329Seric register struct stat *s;
4194329Seric {
4204329Seric int euid, egid;
4214329Seric int bits;
4224329Seric
4234329Seric if (bitset(0111, s->st_mode))
4244329Seric return (FALSE);
4254329Seric euid = getruid();
4264329Seric egid = getrgid();
4274329Seric if (geteuid() == 0)
4284329Seric {
4294329Seric if (bitset(S_ISUID, s->st_mode))
4304329Seric euid = s->st_uid;
4314329Seric if (bitset(S_ISGID, s->st_mode))
4324329Seric egid = s->st_gid;
4334329Seric }
4344329Seric
4354329Seric if (euid == 0)
4364329Seric return (TRUE);
4374329Seric bits = S_IWRITE;
4384329Seric if (euid != s->st_uid)
4394329Seric {
4404329Seric bits >>= 3;
4414329Seric if (egid != s->st_gid)
4424329Seric bits >>= 3;
4434329Seric }
4444329Seric return ((s->st_mode & bits) != 0);
4454329Seric }
4464329Seric �/*
4474174Seric ** INCLUDE -- handle :include: specification.
4484174Seric **
4494174Seric ** Parameters:
4504174Seric ** fname -- filename to include.
4514176Seric ** msg -- message to print in verbose mode.
4524399Seric ** ctladdr -- address template to use to fill in these
4534399Seric ** addresses -- effective user/group id are
4544399Seric ** the important things.
4555006Seric ** sendq -- a pointer to the head of the send queue
4565006Seric ** to put these addresses in.
4574174Seric **
4584174Seric ** Returns:
4594174Seric ** none.
4604174Seric **
4614174Seric ** Side Effects:
4624174Seric ** reads the :include: file and sends to everyone
4634174Seric ** listed in that file.
4644174Seric */
4654174Seric
4665006Seric include(fname, msg, ctladdr, sendq)
4674174Seric char *fname;
4684176Seric char *msg;
4694399Seric ADDRESS *ctladdr;
4705006Seric ADDRESS **sendq;
4714174Seric {
4724174Seric char buf[MAXLINE];
4734174Seric register FILE *fp;
4746906Seric char *oldto = CurEnv->e_to;
4759379Seric char *oldfilename = FileName;
4769379Seric int oldlinenumber = LineNumber;
4774174Seric
4784174Seric fp = fopen(fname, "r");
4794174Seric if (fp == NULL)
4804174Seric {
4814174Seric usrerr("Cannot open %s", fname);
4824174Seric return;
4834174Seric }
4844406Seric if (getctladdr(ctladdr) == NULL)
4854406Seric {
4864406Seric struct stat st;
4874174Seric
4884406Seric if (fstat(fileno(fp), &st) < 0)
4894406Seric syserr("Cannot fstat %s!", fname);
4904406Seric ctladdr->q_uid = st.st_uid;
4914406Seric ctladdr->q_gid = st.st_gid;
4924406Seric ctladdr->q_flags |= QGOODUID;
4934406Seric }
4944406Seric
4954174Seric /* read the file -- each line is a comma-separated list. */
4969379Seric FileName = fname;
4979379Seric LineNumber = 0;
4984174Seric while (fgets(buf, sizeof buf, fp) != NULL)
4994174Seric {
5004174Seric register char *p = index(buf, '\n');
5014174Seric
5024174Seric if (p != NULL)
5034174Seric *p = '\0';
5044174Seric if (buf[0] == '\0')
5054174Seric continue;
5066906Seric CurEnv->e_to = oldto;
5077054Seric message(Arpa_Info, "%s to %s", msg, buf);
5084176Seric AliasLevel++;
5099622Seric sendtolist(buf, ctladdr, sendq);
5104176Seric AliasLevel--;
5114174Seric }
5124174Seric
5134319Seric (void) fclose(fp);
5149379Seric FileName = oldfilename;
5159379Seric LineNumber = oldlinenumber;
5164174Seric }
5174324Seric �/*
5184324Seric ** SENDTOARGV -- send to an argument vector.
5194324Seric **
5204324Seric ** Parameters:
5214324Seric ** argv -- argument vector to send to.
5224324Seric **
5234324Seric ** Returns:
5244324Seric ** none.
5254324Seric **
5264324Seric ** Side Effects:
5274324Seric ** puts all addresses on the argument vector onto the
5284324Seric ** send queue.
5294324Seric */
5304324Seric
5314324Seric sendtoargv(argv)
5324324Seric register char **argv;
5334324Seric {
5344324Seric register char *p;
5354324Seric
5364324Seric while ((p = *argv++) != NULL)
5374324Seric {
53833725Sbostic if (argv[0] != NULL && argv[1] != NULL && !strcasecmp(argv[0], "at"))
5394324Seric {
5404324Seric char nbuf[MAXNAME];
5414324Seric
5424324Seric if (strlen(p) + strlen(argv[1]) + 2 > sizeof nbuf)
5434324Seric usrerr("address overflow");
5444324Seric else
5454324Seric {
5464324Seric (void) strcpy(nbuf, p);
5474324Seric (void) strcat(nbuf, "@");
5484324Seric (void) strcat(nbuf, argv[1]);
5494324Seric p = newstr(nbuf);
5504324Seric argv += 2;
5514324Seric }
5524324Seric }
5539622Seric sendtolist(p, (ADDRESS *) NULL, &CurEnv->e_sendqueue);
5544324Seric }
5554324Seric }
5564399Seric �/*
5574399Seric ** GETCTLADDR -- get controlling address from an address header.
5584399Seric **
5594399Seric ** If none, get one corresponding to the effective userid.
5604399Seric **
5614399Seric ** Parameters:
5624399Seric ** a -- the address to find the controller of.
5634399Seric **
5644399Seric ** Returns:
5654399Seric ** the controlling address.
5664399Seric **
5674399Seric ** Side Effects:
5684399Seric ** none.
5694399Seric */
5704399Seric
5714399Seric ADDRESS *
5724399Seric getctladdr(a)
5734399Seric register ADDRESS *a;
5744399Seric {
5754404Seric while (a != NULL && !bitset(QGOODUID, a->q_flags))
5764399Seric a = a->q_alias;
5774399Seric return (a);
5784399Seric }
579