14174Seric # include <pwd.h>
24627Seric # include "sendmail.h"
34329Seric # include <sys/stat.h>
44174Seric
5*4993Seric static char SccsId[] = "@(#)recipient.c 3.28.1.1 11/21/81";
64174Seric
74174Seric /*
84174Seric ** SENDTO -- Designate a send list.
94174Seric **
104174Seric ** The parameter is a comma-separated list of people to send to.
114174Seric ** This routine arranges to send to all of them.
124174Seric **
13*4993Seric ** The `ctladdr' is the address that expanded to be this one,
14*4993Seric ** e.g., in an alias expansion. This is used for a number of
15*4993Seric ** purposed, most notably inheritance of uid/gid for protection
16*4993Seric ** purposes. It is also used to detect self-reference in group
17*4993Seric ** expansions and the like.
18*4993Seric **
194174Seric ** Parameters:
204174Seric ** list -- the send list.
214174Seric ** copyf -- the copy flag; passed to parse.
224399Seric ** ctladdr -- the address template for the person to
234399Seric ** send to -- effective uid/gid are important.
24*4993Seric ** qflags -- special flags to set in the q_flags field.
254174Seric **
264174Seric ** Returns:
27*4993Seric ** pointer to chain of addresses.
284174Seric **
294174Seric ** Side Effects:
304174Seric ** none.
314174Seric */
324174Seric
334174Seric # define MAXRCRSN 10
344174Seric
35*4993Seric ADDRESS *
36*4993Seric sendto(list, copyf, ctladdr, qflags)
374174Seric char *list;
384174Seric int copyf;
394399Seric ADDRESS *ctladdr;
40*4993Seric u_short qflags;
414174Seric {
424174Seric register char *p;
434319Seric bool more; /* set if more addresses to send to */
444324Seric ADDRESS *al; /* list of addresses to send to */
454423Seric bool firstone; /* set on first address sent */
464444Seric bool selfref; /* set if this list includes ctladdr */
47*4993Seric ADDRESS *sibl; /* sibling pointer in tree */
48*4993Seric ADDRESS *prev; /* previous sibling */
494174Seric
504324Seric # ifdef DEBUG
514324Seric if (Debug > 1)
524444Seric {
534444Seric printf("sendto: %s\n ctladdr=", list);
544444Seric printaddr(ctladdr, FALSE);
554444Seric }
564324Seric # endif DEBUG
574324Seric
584174Seric more = TRUE;
594423Seric firstone = TRUE;
604444Seric selfref = FALSE;
614324Seric al = NULL;
624174Seric for (p = list; more; )
634174Seric {
644319Seric register char *q;
654319Seric register char c;
664319Seric ADDRESS *a;
674319Seric
684174Seric /* find the end of this address */
694174Seric while (*p == ' ' || *p == '\t')
704174Seric p++;
714174Seric q = p;
724174Seric while ((c = *p++) != '\0' && c != ',' && c != '\n')
734174Seric continue;
744174Seric more = c != '\0';
754174Seric *--p = '\0';
764174Seric if (more)
774174Seric p++;
784324Seric if (*q == '\0')
794324Seric continue;
804174Seric
814174Seric /* parse the address */
824174Seric if ((a = parse(q, (ADDRESS *) NULL, copyf)) == NULL)
834174Seric continue;
844324Seric a->q_next = al;
854399Seric a->q_alias = ctladdr;
86*4993Seric if (ctladdr != NULL)
87*4993Seric a->q_flags |= ctladdr->q_flags & ~QPRIMARY;
88*4993Seric a->q_flags |= qflags;
894444Seric
904444Seric /* see if this should be marked as a primary address */
914423Seric if (ctladdr == NULL ||
924423Seric (firstone && !more && bitset(QPRIMARY, ctladdr->q_flags)))
934423Seric a->q_flags |= QPRIMARY;
944444Seric
954444Seric /* put on send queue or suppress self-reference */
964444Seric if (ctladdr != NULL && sameaddr(ctladdr, a, FALSE))
974444Seric selfref = TRUE;
984444Seric else
994444Seric al = a;
1004423Seric firstone = FALSE;
1014324Seric }
1024324Seric
1034444Seric /* if this alias doesn't include itself, delete ctladdr */
1044444Seric if (!selfref && ctladdr != NULL)
1054444Seric ctladdr->q_flags |= QDONTSEND;
1064444Seric
1074324Seric /* arrange to send to everyone on the local send list */
108*4993Seric prev = sibl = NULL;
109*4993Seric if (ctladdr != NULL)
110*4993Seric prev = ctladdr->q_child;
1114324Seric while (al != NULL)
1124324Seric {
1134324Seric register ADDRESS *a = al;
114*4993Seric extern ADDRESS *recipient();
1154324Seric
1164324Seric al = a->q_next;
117*4993Seric sibl = recipient(a);
118*4993Seric if (sibl != NULL)
119*4993Seric {
120*4993Seric extern ADDRESS *addrref();
121*4993Seric
122*4993Seric /* inherit full name */
123*4993Seric if (sibl->q_fullname == NULL && ctladdr != NULL)
124*4993Seric sibl->q_fullname = ctladdr->q_fullname;
125*4993Seric
126*4993Seric /* link tree together (but only if the node is new) */
127*4993Seric if (sibl == a)
128*4993Seric {
129*4993Seric sibl->q_sibling = prev;
130*4993Seric prev = sibl;
131*4993Seric }
132*4993Seric }
1334174Seric }
1344324Seric
1354174Seric To = NULL;
136*4993Seric if (ctladdr != NULL)
137*4993Seric ctladdr->q_child = prev;
138*4993Seric return (prev);
1394174Seric }
1404174Seric �/*
141*4993Seric ** ADDRREF -- return pointer to address that references another address.
142*4993Seric **
143*4993Seric ** Parameters:
144*4993Seric ** a -- address to check.
145*4993Seric ** r -- reference to find.
146*4993Seric **
147*4993Seric ** Returns:
148*4993Seric ** address of node in tree rooted at 'a' that references
149*4993Seric ** 'r'.
150*4993Seric ** NULL if no such node exists.
151*4993Seric **
152*4993Seric ** Side Effects:
153*4993Seric ** none.
154*4993Seric */
155*4993Seric
156*4993Seric ADDRESS *
157*4993Seric addrref(a, r)
158*4993Seric register ADDRESS *a;
159*4993Seric register ADDRESS *r;
160*4993Seric {
161*4993Seric register ADDRESS *q;
162*4993Seric
163*4993Seric while (a != NULL)
164*4993Seric {
165*4993Seric if (a->q_child == r || a->q_sibling == r)
166*4993Seric return (a);
167*4993Seric q = addrref(a->q_child, r);
168*4993Seric if (q != NULL)
169*4993Seric return (q);
170*4993Seric a = a->q_sibling;
171*4993Seric }
172*4993Seric return (NULL);
173*4993Seric }
174*4993Seric �/*
1754174Seric ** RECIPIENT -- Designate a message recipient
1764174Seric **
1774174Seric ** Saves the named person for future mailing.
1784174Seric **
1794174Seric ** Parameters:
1804174Seric ** a -- the (preparsed) address header for the recipient.
1814174Seric **
1824174Seric ** Returns:
183*4993Seric ** pointer to address actually inserted in send list.
1844174Seric **
1854174Seric ** Side Effects:
1864174Seric ** none.
1874174Seric */
1884174Seric
189*4993Seric ADDRESS *
1904174Seric recipient(a)
1914174Seric register ADDRESS *a;
1924174Seric {
1934174Seric register ADDRESS *q;
1944319Seric ADDRESS **pq;
1954174Seric register struct mailer *m;
1964399Seric extern ADDRESS *getctladdr();
1974627Seric extern bool safefile();
1984174Seric
1994174Seric To = a->q_paddr;
2004600Seric m = a->q_mailer;
2014174Seric errno = 0;
2024174Seric # ifdef DEBUG
2034174Seric if (Debug)
2044444Seric {
2054444Seric printf("\nrecipient: ");
2064444Seric printaddr(a, FALSE);
2074444Seric }
2084174Seric # endif DEBUG
2094174Seric
2104174Seric /* break aliasing loops */
2114174Seric if (AliasLevel > MAXRCRSN)
2124174Seric {
2134174Seric usrerr("aliasing/forwarding loop broken");
214*4993Seric return (NULL);
2154174Seric }
2164174Seric
2174174Seric /*
2184627Seric ** Finish setting up address structure.
2194174Seric */
2204174Seric
2214627Seric a->q_timeout = TimeOut;
2224627Seric
2234627Seric /* do sickly crude mapping for program mailing, etc. */
2244600Seric if (a->q_mailer == LocalMailer)
2254174Seric {
2264174Seric if (a->q_user[0] == '|')
2274174Seric {
2284600Seric a->q_mailer = m = ProgMailer;
2294174Seric a->q_user++;
2304627Seric if (a->q_alias == NULL && Debug == 0 && !QueueRun)
2314217Seric {
2324217Seric usrerr("Cannot mail directly to programs");
2334217Seric a->q_flags |= QDONTSEND;
2344217Seric }
2354174Seric }
2364174Seric }
2374174Seric
2384174Seric /*
2394419Seric ** Look up this person in the recipient list.
2404419Seric ** If they are there already, return, otherwise continue.
2414419Seric ** If the list is empty, just add it. Notice the cute
2424419Seric ** hack to make from addresses suppress things correctly:
2434419Seric ** the QDONTSEND bit will be set in the send list.
2444419Seric ** [Please note: the emphasis is on "hack."]
2454174Seric */
2464174Seric
2474319Seric for (pq = &m->m_sendq; (q = *pq) != NULL; pq = &q->q_next)
2484174Seric {
2494319Seric if (!ForceMail && sameaddr(q, a, FALSE))
2504174Seric {
2514174Seric # ifdef DEBUG
2524319Seric if (Debug)
2534444Seric {
2544444Seric printf("%s in sendq: ", a->q_paddr);
2554444Seric printaddr(q, FALSE);
2564444Seric }
2574174Seric # endif DEBUG
258*4993Seric if (Verbose && !bitset(QDONTSEND|QPSEUDO, a->q_flags))
2594324Seric message(Arpa_Info, "duplicate suppressed");
2604423Seric if (!bitset(QPRIMARY, q->q_flags))
2614423Seric q->q_flags |= a->q_flags;
262*4993Seric if (!bitset(QPSEUDO, a->q_flags))
263*4993Seric q->q_flags &= ~QPSEUDO;
264*4993Seric return (q);
2654174Seric }
2664319Seric }
2674174Seric
2684319Seric /* add address on list */
2694319Seric *pq = a;
2704174Seric a->q_next = NULL;
2714247Seric if (DontSend)
2724247Seric a->q_flags |= QDONTSEND;
2734174Seric
2744174Seric /*
2754174Seric ** Alias the name and handle :include: specs.
2764174Seric */
2774174Seric
2784600Seric if (a->q_mailer == LocalMailer)
2794174Seric {
2804174Seric if (strncmp(a->q_user, ":include:", 9) == 0)
2814174Seric {
2824174Seric a->q_flags |= QDONTSEND;
2834627Seric if (a->q_alias == NULL && Debug == 0 && !QueueRun)
2844399Seric usrerr("Cannot mail directly to :include:s");
2854399Seric else
2864399Seric {
2874399Seric if (Verbose)
2884399Seric message(Arpa_Info, "including file %s", &a->q_user[9]);
2894399Seric include(&a->q_user[9], " sending", a);
2904399Seric }
2914174Seric }
2924174Seric else
2934174Seric alias(a);
2944174Seric }
2954174Seric
2964174Seric /*
2974174Seric ** If the user is local and still being sent, verify that
2984174Seric ** the address is good. If it is, try to forward.
2994174Seric ** If the address is already good, we have a forwarding
3004174Seric ** loop. This can be broken by just sending directly to
3014174Seric ** the user (which is probably correct anyway).
3024174Seric */
3034174Seric
3044600Seric if (!bitset(QDONTSEND, a->q_flags) && a->q_mailer == LocalMailer)
3054174Seric {
3064174Seric char buf[MAXNAME];
3074201Seric register char *p;
3084329Seric struct stat stb;
3094329Seric extern bool writable();
3104399Seric bool quoted = FALSE;
3114174Seric
3124174Seric strcpy(buf, a->q_user);
3134399Seric for (p = buf; *p != '\0' && !quoted; p++)
3144399Seric {
315*4993Seric if (!isascii(*p) && (*p & 0377) != (SPACESUB) & 0377)
3164399Seric quoted = TRUE;
3174399Seric }
3184174Seric stripquotes(buf, TRUE);
3194174Seric
3204174Seric /* see if this is to a file */
3214201Seric if ((p = rindex(buf, '/')) != NULL)
3224174Seric {
3234201Seric /* check if writable or creatable */
3244627Seric if (a->q_alias == NULL && Debug == 0 && !QueueRun)
3254399Seric {
3264399Seric usrerr("Cannot mail directly to files");
3274399Seric a->q_flags |= QDONTSEND;
3284399Seric }
3294399Seric else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
3304539Seric (*p = '\0', !safefile(buf, getruid(), S_IWRITE|S_IEXEC)))
3314174Seric {
3324174Seric a->q_flags |= QBADADDR;
3334174Seric giveresponse(EX_CANTCREAT, TRUE, m);
3344174Seric }
3354174Seric }
3364174Seric else
3374174Seric {
3384174Seric register struct passwd *pw;
3394373Seric extern struct passwd *finduser();
3404373Seric
3414407Seric /* warning -- finduser may trash buf */
3424373Seric pw = finduser(buf);
3434174Seric if (pw == NULL)
3444174Seric {
3454174Seric a->q_flags |= QBADADDR;
3464174Seric giveresponse(EX_NOUSER, TRUE, m);
3474174Seric }
3484174Seric else
3494174Seric {
350*4993Seric char nbuf[MAXNAME];
351*4993Seric
3524376Seric if (strcmp(a->q_user, pw->pw_name) != 0)
3534376Seric {
3544376Seric a->q_user = newstr(pw->pw_name);
3554376Seric strcpy(buf, pw->pw_name);
3564376Seric }
3574174Seric a->q_home = newstr(pw->pw_dir);
3584213Seric a->q_uid = pw->pw_uid;
3594399Seric a->q_gid = pw->pw_gid;
3604404Seric a->q_flags |= QGOODUID;
361*4993Seric fullname(pw, nbuf);
362*4993Seric if (nbuf[0] != '\0')
363*4993Seric a->q_fullname = newstr(nbuf);
3644399Seric if (!quoted)
3654174Seric forward(a);
3664174Seric }
3674174Seric }
3684174Seric }
369*4993Seric
370*4993Seric return (a);
3714174Seric }
3724174Seric �/*
3734373Seric ** FINDUSER -- find the password entry for a user.
3744373Seric **
3754373Seric ** This looks a lot like getpwnam, except that it may want to
3764373Seric ** do some fancier pattern matching in /etc/passwd.
3774373Seric **
3784373Seric ** Parameters:
3794373Seric ** name -- the name to match against.
3804373Seric **
3814373Seric ** Returns:
3824373Seric ** A pointer to a pw struct.
3834373Seric ** NULL if name is unknown or ambiguous.
3844373Seric **
3854373Seric ** Side Effects:
3864407Seric ** may modify name.
3874373Seric */
3884373Seric
3894373Seric struct passwd *
3904373Seric finduser(name)
3914373Seric char *name;
3924373Seric {
3934376Seric extern struct passwd *getpwent();
3944376Seric register struct passwd *pw;
3954407Seric register char *p;
3964373Seric
3974407Seric /*
3984407Seric ** Make name canonical.
3994407Seric */
4004407Seric
4014407Seric for (p = name; *p != '\0'; p++)
4024407Seric {
4034407Seric if (*p == (SPACESUB & 0177) || *p == '_')
4044407Seric *p = ' ';
4054407Seric }
4064407Seric
4074376Seric setpwent();
4084376Seric while ((pw = getpwent()) != NULL)
4094376Seric {
410*4993Seric extern bool sameword();
4114376Seric char buf[MAXNAME];
4124376Seric
4134376Seric if (strcmp(pw->pw_name, name) == 0)
4144376Seric return (pw);
415*4993Seric fullname(pw, buf);
4164407Seric if (index(buf, ' ') != NULL && sameword(buf, name))
4174381Seric {
4184377Seric if (Verbose)
419*4993Seric message(Arpa_Info, "sending to %s <%s>",
420*4993Seric buf, pw->pw_name);
4214376Seric return (pw);
4224377Seric }
4234376Seric }
4244376Seric return (NULL);
4254373Seric }
4264373Seric �/*
4274329Seric ** WRITABLE -- predicate returning if the file is writable.
4284329Seric **
4294329Seric ** This routine must duplicate the algorithm in sys/fio.c.
4304329Seric ** Unfortunately, we cannot use the access call since we
4314329Seric ** won't necessarily be the real uid when we try to
4324329Seric ** actually open the file.
4334329Seric **
4344329Seric ** Notice that ANY file with ANY execute bit is automatically
4354329Seric ** not writable. This is also enforced by mailfile.
4364329Seric **
4374329Seric ** Parameters:
4384329Seric ** s -- pointer to a stat struct for the file.
4394329Seric **
4404329Seric ** Returns:
4414329Seric ** TRUE -- if we will be able to write this file.
4424329Seric ** FALSE -- if we cannot write this file.
4434329Seric **
4444329Seric ** Side Effects:
4454329Seric ** none.
4464329Seric */
4474329Seric
4484329Seric bool
4494329Seric writable(s)
4504329Seric register struct stat *s;
4514329Seric {
4524329Seric int euid, egid;
4534329Seric int bits;
4544329Seric
4554329Seric if (bitset(0111, s->st_mode))
4564329Seric return (FALSE);
4574329Seric euid = getruid();
4584329Seric egid = getrgid();
4594329Seric if (geteuid() == 0)
4604329Seric {
4614329Seric if (bitset(S_ISUID, s->st_mode))
4624329Seric euid = s->st_uid;
4634329Seric if (bitset(S_ISGID, s->st_mode))
4644329Seric egid = s->st_gid;
4654329Seric }
4664329Seric
4674329Seric if (euid == 0)
4684329Seric return (TRUE);
4694329Seric bits = S_IWRITE;
4704329Seric if (euid != s->st_uid)
4714329Seric {
4724329Seric bits >>= 3;
4734329Seric if (egid != s->st_gid)
4744329Seric bits >>= 3;
4754329Seric }
4764329Seric return ((s->st_mode & bits) != 0);
4774329Seric }
4784329Seric �/*
4794174Seric ** INCLUDE -- handle :include: specification.
4804174Seric **
4814174Seric ** Parameters:
4824174Seric ** fname -- filename to include.
4834176Seric ** msg -- message to print in verbose mode.
4844399Seric ** ctladdr -- address template to use to fill in these
4854399Seric ** addresses -- effective user/group id are
4864399Seric ** the important things.
4874174Seric **
4884174Seric ** Returns:
4894174Seric ** none.
4904174Seric **
4914174Seric ** Side Effects:
4924174Seric ** reads the :include: file and sends to everyone
4934174Seric ** listed in that file.
4944174Seric */
4954174Seric
4964399Seric include(fname, msg, ctladdr)
4974174Seric char *fname;
4984176Seric char *msg;
4994399Seric ADDRESS *ctladdr;
5004174Seric {
5014174Seric char buf[MAXLINE];
5024174Seric register FILE *fp;
5034178Seric char *oldto = To;
5044174Seric
5054174Seric fp = fopen(fname, "r");
5064174Seric if (fp == NULL)
5074174Seric {
5084174Seric usrerr("Cannot open %s", fname);
5094174Seric return;
5104174Seric }
5114406Seric if (getctladdr(ctladdr) == NULL)
5124406Seric {
5134406Seric struct stat st;
5144174Seric
5154406Seric if (fstat(fileno(fp), &st) < 0)
5164406Seric syserr("Cannot fstat %s!", fname);
5174406Seric ctladdr->q_uid = st.st_uid;
5184406Seric ctladdr->q_gid = st.st_gid;
5194406Seric ctladdr->q_flags |= QGOODUID;
5204406Seric }
5214406Seric
5224174Seric /* read the file -- each line is a comma-separated list. */
5234174Seric while (fgets(buf, sizeof buf, fp) != NULL)
5244174Seric {
5254174Seric register char *p = index(buf, '\n');
5264174Seric
5274174Seric if (p != NULL)
5284174Seric *p = '\0';
5294174Seric if (buf[0] == '\0')
5304174Seric continue;
5314178Seric To = oldto;
5324174Seric if (Verbose)
5334176Seric message(Arpa_Info, "%s to %s", msg, buf);
5344176Seric AliasLevel++;
535*4993Seric sendto(buf, 1, ctladdr, 0);
5364176Seric AliasLevel--;
5374174Seric }
5384174Seric
5394319Seric (void) fclose(fp);
5404174Seric }
5414324Seric �/*
5424324Seric ** SENDTOARGV -- send to an argument vector.
5434324Seric **
5444324Seric ** Parameters:
5454324Seric ** argv -- argument vector to send to.
5464324Seric **
5474324Seric ** Returns:
5484324Seric ** none.
5494324Seric **
5504324Seric ** Side Effects:
5514324Seric ** puts all addresses on the argument vector onto the
5524324Seric ** send queue.
5534324Seric */
5544324Seric
5554324Seric sendtoargv(argv)
5564324Seric register char **argv;
5574324Seric {
5584324Seric register char *p;
5594324Seric extern bool sameword();
5604324Seric
5614324Seric while ((p = *argv++) != NULL)
5624324Seric {
5634324Seric if (argv[0] != NULL && argv[1] != NULL && sameword(argv[0], "at"))
5644324Seric {
5654324Seric char nbuf[MAXNAME];
5664324Seric
5674324Seric if (strlen(p) + strlen(argv[1]) + 2 > sizeof nbuf)
5684324Seric usrerr("address overflow");
5694324Seric else
5704324Seric {
5714324Seric (void) strcpy(nbuf, p);
5724324Seric (void) strcat(nbuf, "@");
5734324Seric (void) strcat(nbuf, argv[1]);
5744324Seric p = newstr(nbuf);
5754324Seric argv += 2;
5764324Seric }
5774324Seric }
578*4993Seric sendto(p, 0, (ADDRESS *) NULL, 0);
5794324Seric }
5804324Seric }
5814399Seric �/*
5824399Seric ** GETCTLADDR -- get controlling address from an address header.
5834399Seric **
5844399Seric ** If none, get one corresponding to the effective userid.
5854399Seric **
5864399Seric ** Parameters:
5874399Seric ** a -- the address to find the controller of.
5884399Seric **
5894399Seric ** Returns:
5904399Seric ** the controlling address.
5914399Seric **
5924399Seric ** Side Effects:
5934399Seric ** none.
5944399Seric */
5954399Seric
5964399Seric ADDRESS *
5974399Seric getctladdr(a)
5984399Seric register ADDRESS *a;
5994399Seric {
6004404Seric while (a != NULL && !bitset(QGOODUID, a->q_flags))
6014399Seric a = a->q_alias;
6024399Seric return (a);
6034399Seric }
604