122710Sdist /*
2*34921Sbostic * Copyright (c) 1983 Eric P. Allman
333731Sbostic * Copyright (c) 1988 Regents of the University of California.
433731Sbostic * All rights reserved.
533731Sbostic *
633731Sbostic * Redistribution and use in source and binary forms are permitted
7*34921Sbostic * provided that the above copyright notice and this paragraph are
8*34921Sbostic * duplicated in all such forms and that any documentation,
9*34921Sbostic * advertising materials, and other materials related to such
10*34921Sbostic * distribution and use acknowledge that the software was developed
11*34921Sbostic * by the University of California, Berkeley. The name of the
12*34921Sbostic * University may not be used to endorse or promote products derived
13*34921Sbostic * from this software without specific prior written permission.
14*34921Sbostic * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15*34921Sbostic * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16*34921Sbostic * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
1733731Sbostic */
1822710Sdist
1922710Sdist #ifndef lint
20*34921Sbostic static char sccsid[] = "@(#)recipient.c 5.12 (Berkeley) 06/30/88";
2133731Sbostic #endif /* not lint */
2222710Sdist
234174Seric # include <pwd.h>
244627Seric # include "sendmail.h"
254329Seric # include <sys/stat.h>
264174Seric
274174Seric /*
289622Seric ** SENDTOLIST -- Designate a send list.
294174Seric **
304174Seric ** The parameter is a comma-separated list of people to send to.
314174Seric ** This routine arranges to send to all of them.
324174Seric **
334174Seric ** Parameters:
344174Seric ** list -- the send list.
354399Seric ** ctladdr -- the address template for the person to
364399Seric ** send to -- effective uid/gid are important.
375006Seric ** This is typically the alias that caused this
385006Seric ** expansion.
395006Seric ** sendq -- a pointer to the head of a queue to put
405006Seric ** these people into.
414174Seric **
424174Seric ** Returns:
434998Seric ** none
444174Seric **
454174Seric ** Side Effects:
464174Seric ** none.
474174Seric */
484174Seric
494174Seric # define MAXRCRSN 10
504174Seric
519622Seric sendtolist(list, ctladdr, sendq)
524174Seric char *list;
534399Seric ADDRESS *ctladdr;
545198Seric ADDRESS **sendq;
554174Seric {
564174Seric register char *p;
578223Seric register ADDRESS *al; /* list of addresses to send to */
584423Seric bool firstone; /* set on first address sent */
594444Seric bool selfref; /* set if this list includes ctladdr */
6011446Seric char delimiter; /* the address delimiter */
614174Seric
624324Seric # ifdef DEBUG
637676Seric if (tTd(25, 1))
644444Seric {
654444Seric printf("sendto: %s\n ctladdr=", list);
664444Seric printaddr(ctladdr, FALSE);
674444Seric }
684324Seric # endif DEBUG
694324Seric
708223Seric /* heuristic to determine old versus new style addresses */
718230Seric if (ctladdr == NULL &&
728230Seric (index(list, ',') != NULL || index(list, ';') != NULL ||
738230Seric index(list, '<') != NULL || index(list, '(') != NULL))
749340Seric CurEnv->e_flags &= ~EF_OLDSTYLE;
7511446Seric delimiter = ' ';
7611446Seric if (!bitset(EF_OLDSTYLE, CurEnv->e_flags) || ctladdr != NULL)
7711446Seric delimiter = ',';
788223Seric
794423Seric firstone = TRUE;
804444Seric selfref = FALSE;
814324Seric al = NULL;
828223Seric
838081Seric for (p = list; *p != '\0'; )
844174Seric {
858081Seric register ADDRESS *a;
868081Seric extern char *DelimChar; /* defined in prescan */
874319Seric
888081Seric /* parse the address */
898081Seric while (isspace(*p) || *p == ',')
904174Seric p++;
9111446Seric a = parseaddr(p, (ADDRESS *) NULL, 1, delimiter);
929297Seric p = DelimChar;
939297Seric if (a == NULL)
944174Seric continue;
954324Seric a->q_next = al;
964399Seric a->q_alias = ctladdr;
974444Seric
984444Seric /* see if this should be marked as a primary address */
994423Seric if (ctladdr == NULL ||
1008081Seric (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
1014423Seric a->q_flags |= QPRIMARY;
1024444Seric
1034444Seric /* put on send queue or suppress self-reference */
1049379Seric if (ctladdr != NULL && sameaddr(ctladdr, a))
1054444Seric selfref = TRUE;
1064444Seric else
1074444Seric al = a;
1084423Seric firstone = FALSE;
1094324Seric }
1104324Seric
1114444Seric /* if this alias doesn't include itself, delete ctladdr */
1124444Seric if (!selfref && ctladdr != NULL)
1134444Seric ctladdr->q_flags |= QDONTSEND;
1144444Seric
1154324Seric /* arrange to send to everyone on the local send list */
1164324Seric while (al != NULL)
1174324Seric {
1184324Seric register ADDRESS *a = al;
11912613Seric extern ADDRESS *recipient();
1204324Seric
1214324Seric al = a->q_next;
12212613Seric a = recipient(a, sendq);
1234993Seric
1244998Seric /* arrange to inherit full name */
1254998Seric if (a->q_fullname == NULL && ctladdr != NULL)
1264998Seric a->q_fullname = ctladdr->q_fullname;
1274174Seric }
1284324Seric
1296906Seric CurEnv->e_to = NULL;
1304174Seric }
1314174Seric �/*
1324174Seric ** RECIPIENT -- Designate a message recipient
1334174Seric **
1344174Seric ** Saves the named person for future mailing.
1354174Seric **
1364174Seric ** Parameters:
1374174Seric ** a -- the (preparsed) address header for the recipient.
1385006Seric ** sendq -- a pointer to the head of a queue to put the
1395006Seric ** recipient in. Duplicate supression is done
1405006Seric ** in this queue.
1414174Seric **
1424174Seric ** Returns:
14312613Seric ** The actual address in the queue. This will be "a" if
14412613Seric ** the address is not a duplicate, else the original address.
1454174Seric **
1464174Seric ** Side Effects:
1474174Seric ** none.
1484174Seric */
1494174Seric
15012613Seric ADDRESS *
1515006Seric recipient(a, sendq)
1524174Seric register ADDRESS *a;
1535006Seric register ADDRESS **sendq;
1544174Seric {
1554174Seric register ADDRESS *q;
1564319Seric ADDRESS **pq;
1574174Seric register struct mailer *m;
1589210Seric register char *p;
1599210Seric bool quoted = FALSE; /* set if the addr has a quote bit */
1609210Seric char buf[MAXNAME]; /* unquoted image of the user name */
1614399Seric extern ADDRESS *getctladdr();
1624627Seric extern bool safefile();
1634174Seric
1646906Seric CurEnv->e_to = a->q_paddr;
1654600Seric m = a->q_mailer;
1664174Seric errno = 0;
1674174Seric # ifdef DEBUG
1687676Seric if (tTd(26, 1))
1694444Seric {
1704444Seric printf("\nrecipient: ");
1714444Seric printaddr(a, FALSE);
1724444Seric }
1734174Seric # endif DEBUG
1744174Seric
1754174Seric /* break aliasing loops */
1764174Seric if (AliasLevel > MAXRCRSN)
1774174Seric {
1784174Seric usrerr("aliasing/forwarding loop broken");
17912613Seric return (a);
1804174Seric }
1814174Seric
1824174Seric /*
1834627Seric ** Finish setting up address structure.
1844174Seric */
1854174Seric
18616160Seric /* set the queue timeout */
1874627Seric a->q_timeout = TimeOut;
1884627Seric
18916160Seric /* map user & host to lower case if requested on non-aliases */
19016160Seric if (a->q_alias == NULL)
19116160Seric loweraddr(a);
19216160Seric
19316160Seric /* get unquoted user for file, program or user.name check */
1949210Seric (void) strcpy(buf, a->q_user);
1959210Seric for (p = buf; *p != '\0' && !quoted; p++)
1969210Seric {
1979210Seric if (!isascii(*p) && (*p & 0377) != (SpaceSub & 0377))
1989210Seric quoted = TRUE;
1999210Seric }
2009210Seric stripquotes(buf, TRUE);
2019210Seric
2024627Seric /* do sickly crude mapping for program mailing, etc. */
2039210Seric if (m == LocalMailer && buf[0] == '|')
2044174Seric {
2059210Seric a->q_mailer = m = ProgMailer;
2069210Seric a->q_user++;
2079210Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
2084174Seric {
20929915Seric a->q_flags |= QDONTSEND|QBADADDR;
2109210Seric usrerr("Cannot mail directly to programs");
2114174Seric }
2124174Seric }
2134174Seric
2144174Seric /*
2154419Seric ** Look up this person in the recipient list.
2164419Seric ** If they are there already, return, otherwise continue.
2174419Seric ** If the list is empty, just add it. Notice the cute
2184419Seric ** hack to make from addresses suppress things correctly:
2194419Seric ** the QDONTSEND bit will be set in the send list.
2204419Seric ** [Please note: the emphasis is on "hack."]
2214174Seric */
2224174Seric
2235006Seric for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
2244174Seric {
2259379Seric if (!ForceMail && sameaddr(q, a))
2264174Seric {
2274174Seric # ifdef DEBUG
2287676Seric if (tTd(26, 1))
2294444Seric {
2304444Seric printf("%s in sendq: ", a->q_paddr);
2314444Seric printaddr(q, FALSE);
2324444Seric }
2334174Seric # endif DEBUG
2347054Seric if (!bitset(QDONTSEND, a->q_flags))
2354324Seric message(Arpa_Info, "duplicate suppressed");
2364423Seric if (!bitset(QPRIMARY, q->q_flags))
2374423Seric q->q_flags |= a->q_flags;
23812613Seric return (q);
2394174Seric }
2404319Seric }
2414174Seric
2424319Seric /* add address on list */
2434319Seric *pq = a;
2444174Seric a->q_next = NULL;
24524951Seric CurEnv->e_nrcpts++;
2464174Seric
2474174Seric /*
2484174Seric ** Alias the name and handle :include: specs.
2494174Seric */
2504174Seric
2519210Seric if (m == LocalMailer && !bitset(QDONTSEND, a->q_flags))
2524174Seric {
2534174Seric if (strncmp(a->q_user, ":include:", 9) == 0)
2544174Seric {
2554174Seric a->q_flags |= QDONTSEND;
2567676Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
25729915Seric {
25829915Seric a->q_flags |= QBADADDR;
2594399Seric usrerr("Cannot mail directly to :include:s");
26029915Seric }
2614399Seric else
2624399Seric {
2637054Seric message(Arpa_Info, "including file %s", &a->q_user[9]);
2645006Seric include(&a->q_user[9], " sending", a, sendq);
2654399Seric }
2664174Seric }
2674174Seric else
2685006Seric alias(a, sendq);
2694174Seric }
2704174Seric
2714174Seric /*
2724174Seric ** If the user is local and still being sent, verify that
2734174Seric ** the address is good. If it is, try to forward.
2744174Seric ** If the address is already good, we have a forwarding
2754174Seric ** loop. This can be broken by just sending directly to
2764174Seric ** the user (which is probably correct anyway).
2774174Seric */
2784174Seric
2799210Seric if (!bitset(QDONTSEND, a->q_flags) && m == LocalMailer)
2804174Seric {
2814329Seric struct stat stb;
2824329Seric extern bool writable();
2834174Seric
2844174Seric /* see if this is to a file */
2855600Seric if (buf[0] == '/')
2864174Seric {
2875600Seric p = rindex(buf, '/');
2884201Seric /* check if writable or creatable */
2897676Seric if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
2904399Seric {
29129915Seric a->q_flags |= QDONTSEND|QBADADDR;
2924399Seric usrerr("Cannot mail directly to files");
2934399Seric }
2944399Seric else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
2954539Seric (*p = '\0', !safefile(buf, getruid(), S_IWRITE|S_IEXEC)))
2964174Seric {
2974174Seric a->q_flags |= QBADADDR;
29810109Seric giveresponse(EX_CANTCREAT, m, CurEnv);
2994174Seric }
3004174Seric }
3014174Seric else
3024174Seric {
3034174Seric register struct passwd *pw;
3044373Seric extern struct passwd *finduser();
3054373Seric
3064407Seric /* warning -- finduser may trash buf */
3074373Seric pw = finduser(buf);
3084174Seric if (pw == NULL)
3094174Seric {
3104174Seric a->q_flags |= QBADADDR;
31110109Seric giveresponse(EX_NOUSER, m, CurEnv);
3124174Seric }
3134174Seric else
3144174Seric {
3154993Seric char nbuf[MAXNAME];
3164993Seric
3174376Seric if (strcmp(a->q_user, pw->pw_name) != 0)
3184376Seric {
3194376Seric a->q_user = newstr(pw->pw_name);
3207008Seric (void) strcpy(buf, pw->pw_name);
3214376Seric }
3224174Seric a->q_home = newstr(pw->pw_dir);
3234213Seric a->q_uid = pw->pw_uid;
3244399Seric a->q_gid = pw->pw_gid;
3254404Seric a->q_flags |= QGOODUID;
3264998Seric buildfname(pw->pw_gecos, pw->pw_name, nbuf);
3274993Seric if (nbuf[0] != '\0')
3284993Seric a->q_fullname = newstr(nbuf);
3294399Seric if (!quoted)
3305006Seric forward(a, sendq);
3314174Seric }
3324174Seric }
3334174Seric }
33412613Seric return (a);
3354174Seric }
3364174Seric �/*
3374373Seric ** FINDUSER -- find the password entry for a user.
3384373Seric **
3394373Seric ** This looks a lot like getpwnam, except that it may want to
3404373Seric ** do some fancier pattern matching in /etc/passwd.
3414373Seric **
3429379Seric ** This routine contains most of the time of many sendmail runs.
3439379Seric ** It deserves to be optimized.
3449379Seric **
3454373Seric ** Parameters:
3464373Seric ** name -- the name to match against.
3474373Seric **
3484373Seric ** Returns:
3494373Seric ** A pointer to a pw struct.
3504373Seric ** NULL if name is unknown or ambiguous.
3514373Seric **
3524373Seric ** Side Effects:
3534407Seric ** may modify name.
3544373Seric */
3554373Seric
3564373Seric struct passwd *
3574373Seric finduser(name)
3584373Seric char *name;
3594373Seric {
3604376Seric register struct passwd *pw;
3614407Seric register char *p;
36215325Seric extern struct passwd *getpwent();
36315325Seric extern struct passwd *getpwnam();
3644373Seric
36525777Seric /* map upper => lower case */
3664407Seric for (p = name; *p != '\0'; p++)
3674407Seric {
36825777Seric if (isascii(*p) && isupper(*p))
36925568Seric *p = tolower(*p);
3704407Seric }
3714407Seric
37225777Seric /* look up this login name using fast path */
37312634Seric if ((pw = getpwnam(name)) != NULL)
37412634Seric return (pw);
37512634Seric
37612634Seric /* search for a matching full name instead */
37725777Seric for (p = name; *p != '\0'; p++)
37825777Seric {
37925777Seric if (*p == (SpaceSub & 0177) || *p == '_')
38025777Seric *p = ' ';
38125777Seric }
38223107Seric (void) setpwent();
3834376Seric while ((pw = getpwent()) != NULL)
3844376Seric {
3854998Seric char buf[MAXNAME];
3864376Seric
3874998Seric buildfname(pw->pw_gecos, pw->pw_name, buf);
38833725Sbostic if (index(buf, ' ') != NULL && !strcasecmp(buf, name))
3894381Seric {
3907054Seric message(Arpa_Info, "sending to login name %s", pw->pw_name);
3914376Seric return (pw);
3924377Seric }
3934376Seric }
3944376Seric return (NULL);
3954373Seric }
3964373Seric �/*
3974329Seric ** WRITABLE -- predicate returning if the file is writable.
3984329Seric **
3994329Seric ** This routine must duplicate the algorithm in sys/fio.c.
4004329Seric ** Unfortunately, we cannot use the access call since we
4014329Seric ** won't necessarily be the real uid when we try to
4024329Seric ** actually open the file.
4034329Seric **
4044329Seric ** Notice that ANY file with ANY execute bit is automatically
4054329Seric ** not writable. This is also enforced by mailfile.
4064329Seric **
4074329Seric ** Parameters:
4084329Seric ** s -- pointer to a stat struct for the file.
4094329Seric **
4104329Seric ** Returns:
4114329Seric ** TRUE -- if we will be able to write this file.
4124329Seric ** FALSE -- if we cannot write this file.
4134329Seric **
4144329Seric ** Side Effects:
4154329Seric ** none.
4164329Seric */
4174329Seric
4184329Seric bool
4194329Seric writable(s)
4204329Seric register struct stat *s;
4214329Seric {
4224329Seric int euid, egid;
4234329Seric int bits;
4244329Seric
4254329Seric if (bitset(0111, s->st_mode))
4264329Seric return (FALSE);
4274329Seric euid = getruid();
4284329Seric egid = getrgid();
4294329Seric if (geteuid() == 0)
4304329Seric {
4314329Seric if (bitset(S_ISUID, s->st_mode))
4324329Seric euid = s->st_uid;
4334329Seric if (bitset(S_ISGID, s->st_mode))
4344329Seric egid = s->st_gid;
4354329Seric }
4364329Seric
4374329Seric if (euid == 0)
4384329Seric return (TRUE);
4394329Seric bits = S_IWRITE;
4404329Seric if (euid != s->st_uid)
4414329Seric {
4424329Seric bits >>= 3;
4434329Seric if (egid != s->st_gid)
4444329Seric bits >>= 3;
4454329Seric }
4464329Seric return ((s->st_mode & bits) != 0);
4474329Seric }
4484329Seric �/*
4494174Seric ** INCLUDE -- handle :include: specification.
4504174Seric **
4514174Seric ** Parameters:
4524174Seric ** fname -- filename to include.
4534176Seric ** msg -- message to print in verbose mode.
4544399Seric ** ctladdr -- address template to use to fill in these
4554399Seric ** addresses -- effective user/group id are
4564399Seric ** the important things.
4575006Seric ** sendq -- a pointer to the head of the send queue
4585006Seric ** to put these addresses in.
4594174Seric **
4604174Seric ** Returns:
4614174Seric ** none.
4624174Seric **
4634174Seric ** Side Effects:
4644174Seric ** reads the :include: file and sends to everyone
4654174Seric ** listed in that file.
4664174Seric */
4674174Seric
4685006Seric include(fname, msg, ctladdr, sendq)
4694174Seric char *fname;
4704176Seric char *msg;
4714399Seric ADDRESS *ctladdr;
4725006Seric ADDRESS **sendq;
4734174Seric {
4744174Seric char buf[MAXLINE];
4754174Seric register FILE *fp;
4766906Seric char *oldto = CurEnv->e_to;
4779379Seric char *oldfilename = FileName;
4789379Seric int oldlinenumber = LineNumber;
4794174Seric
4804174Seric fp = fopen(fname, "r");
4814174Seric if (fp == NULL)
4824174Seric {
4834174Seric usrerr("Cannot open %s", fname);
4844174Seric return;
4854174Seric }
4864406Seric if (getctladdr(ctladdr) == NULL)
4874406Seric {
4884406Seric struct stat st;
4894174Seric
4904406Seric if (fstat(fileno(fp), &st) < 0)
4914406Seric syserr("Cannot fstat %s!", fname);
4924406Seric ctladdr->q_uid = st.st_uid;
4934406Seric ctladdr->q_gid = st.st_gid;
4944406Seric ctladdr->q_flags |= QGOODUID;
4954406Seric }
4964406Seric
4974174Seric /* read the file -- each line is a comma-separated list. */
4989379Seric FileName = fname;
4999379Seric LineNumber = 0;
5004174Seric while (fgets(buf, sizeof buf, fp) != NULL)
5014174Seric {
5024174Seric register char *p = index(buf, '\n');
5034174Seric
5044174Seric if (p != NULL)
5054174Seric *p = '\0';
5064174Seric if (buf[0] == '\0')
5074174Seric continue;
5086906Seric CurEnv->e_to = oldto;
5097054Seric message(Arpa_Info, "%s to %s", msg, buf);
5104176Seric AliasLevel++;
5119622Seric sendtolist(buf, ctladdr, sendq);
5124176Seric AliasLevel--;
5134174Seric }
5144174Seric
5154319Seric (void) fclose(fp);
5169379Seric FileName = oldfilename;
5179379Seric LineNumber = oldlinenumber;
5184174Seric }
5194324Seric �/*
5204324Seric ** SENDTOARGV -- send to an argument vector.
5214324Seric **
5224324Seric ** Parameters:
5234324Seric ** argv -- argument vector to send to.
5244324Seric **
5254324Seric ** Returns:
5264324Seric ** none.
5274324Seric **
5284324Seric ** Side Effects:
5294324Seric ** puts all addresses on the argument vector onto the
5304324Seric ** send queue.
5314324Seric */
5324324Seric
5334324Seric sendtoargv(argv)
5344324Seric register char **argv;
5354324Seric {
5364324Seric register char *p;
5374324Seric
5384324Seric while ((p = *argv++) != NULL)
5394324Seric {
54033725Sbostic if (argv[0] != NULL && argv[1] != NULL && !strcasecmp(argv[0], "at"))
5414324Seric {
5424324Seric char nbuf[MAXNAME];
5434324Seric
5444324Seric if (strlen(p) + strlen(argv[1]) + 2 > sizeof nbuf)
5454324Seric usrerr("address overflow");
5464324Seric else
5474324Seric {
5484324Seric (void) strcpy(nbuf, p);
5494324Seric (void) strcat(nbuf, "@");
5504324Seric (void) strcat(nbuf, argv[1]);
5514324Seric p = newstr(nbuf);
5524324Seric argv += 2;
5534324Seric }
5544324Seric }
5559622Seric sendtolist(p, (ADDRESS *) NULL, &CurEnv->e_sendqueue);
5564324Seric }
5574324Seric }
5584399Seric �/*
5594399Seric ** GETCTLADDR -- get controlling address from an address header.
5604399Seric **
5614399Seric ** If none, get one corresponding to the effective userid.
5624399Seric **
5634399Seric ** Parameters:
5644399Seric ** a -- the address to find the controller of.
5654399Seric **
5664399Seric ** Returns:
5674399Seric ** the controlling address.
5684399Seric **
5694399Seric ** Side Effects:
5704399Seric ** none.
5714399Seric */
5724399Seric
5734399Seric ADDRESS *
5744399Seric getctladdr(a)
5754399Seric register ADDRESS *a;
5764399Seric {
5774404Seric while (a != NULL && !bitset(QGOODUID, a->q_flags))
5784399Seric a = a->q_alias;
5794399Seric return (a);
5804399Seric }
581