122710Sdist /*
234921Sbostic * Copyright (c) 1983 Eric P. Allman
333731Sbostic * Copyright (c) 1988 Regents of the University of California.
433731Sbostic * All rights reserved.
533731Sbostic *
642829Sbostic * %sccs.include.redist.c%
733731Sbostic */
822710Sdist
922710Sdist #ifndef lint
10*51317Seric static char sccsid[] = "@(#)recipient.c 5.21 (Berkeley) 10/05/91";
1133731Sbostic #endif /* not lint */
1222710Sdist
1336928Sbostic # include <sys/types.h>
1436928Sbostic # include <sys/stat.h>
154174Seric # include <pwd.h>
164627Seric # include "sendmail.h"
174174Seric
184174Seric /*
199622Seric ** SENDTOLIST -- Designate a send list.
204174Seric **
214174Seric ** The parameter is a comma-separated list of people to send to.
224174Seric ** This routine arranges to send to all of them.
234174Seric **
244174Seric ** Parameters:
254174Seric ** list -- the send list.
264399Seric ** ctladdr -- the address template for the person to
274399Seric ** send to -- effective uid/gid are important.
285006Seric ** This is typically the alias that caused this
295006Seric ** expansion.
305006Seric ** sendq -- a pointer to the head of a queue to put
315006Seric ** these people into.
324174Seric **
334174Seric ** Returns:
344998Seric ** none
354174Seric **
364174Seric ** Side Effects:
374174Seric ** none.
384174Seric */
394174Seric
404174Seric # define MAXRCRSN 10
414174Seric
429622Seric sendtolist(list, ctladdr, sendq)
434174Seric char *list;
444399Seric ADDRESS *ctladdr;
455198Seric ADDRESS **sendq;
464174Seric {
474174Seric register char *p;
488223Seric register ADDRESS *al; /* list of addresses to send to */
494423Seric bool firstone; /* set on first address sent */
504444Seric bool selfref; /* set if this list includes ctladdr */
5111446Seric char delimiter; /* the address delimiter */
524174Seric
537676Seric if (tTd(25, 1))
544444Seric {
554444Seric printf("sendto: %s\n ctladdr=", list);
564444Seric printaddr(ctladdr, FALSE);
574444Seric }
584324Seric
598223Seric /* heuristic to determine old versus new style addresses */
608230Seric if (ctladdr == NULL &&
618230Seric (index(list, ',') != NULL || index(list, ';') != NULL ||
628230Seric index(list, '<') != NULL || index(list, '(') != NULL))
639340Seric CurEnv->e_flags &= ~EF_OLDSTYLE;
6411446Seric delimiter = ' ';
6511446Seric if (!bitset(EF_OLDSTYLE, CurEnv->e_flags) || ctladdr != NULL)
6611446Seric delimiter = ',';
678223Seric
684423Seric firstone = TRUE;
694444Seric selfref = FALSE;
704324Seric al = NULL;
718223Seric
728081Seric for (p = list; *p != '\0'; )
734174Seric {
748081Seric register ADDRESS *a;
758081Seric extern char *DelimChar; /* defined in prescan */
764319Seric
778081Seric /* parse the address */
788081Seric while (isspace(*p) || *p == ',')
794174Seric p++;
8011446Seric a = parseaddr(p, (ADDRESS *) NULL, 1, delimiter);
819297Seric p = DelimChar;
829297Seric if (a == NULL)
834174Seric continue;
844324Seric a->q_next = al;
854399Seric a->q_alias = ctladdr;
864444Seric
874444Seric /* see if this should be marked as a primary address */
884423Seric if (ctladdr == NULL ||
898081Seric (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
904423Seric a->q_flags |= QPRIMARY;
914444Seric
924444Seric /* put on send queue or suppress self-reference */
939379Seric if (ctladdr != NULL && sameaddr(ctladdr, a))
944444Seric selfref = TRUE;
954444Seric else
964444Seric al = a;
974423Seric firstone = FALSE;
984324Seric }
994324Seric
1004444Seric /* if this alias doesn't include itself, delete ctladdr */
1014444Seric if (!selfref && ctladdr != NULL)
1024444Seric ctladdr->q_flags |= QDONTSEND;
1034444Seric
1044324Seric /* arrange to send to everyone on the local send list */
1054324Seric while (al != NULL)
1064324Seric {
1074324Seric register ADDRESS *a = al;
10812613Seric extern ADDRESS *recipient();
1094324Seric
1104324Seric al = a->q_next;
11140973Sbostic setctladdr(a);
11212613Seric a = recipient(a, sendq);
1134993Seric
1144998Seric /* arrange to inherit full name */
1154998Seric if (a->q_fullname == NULL && ctladdr != NULL)
1164998Seric a->q_fullname = ctladdr->q_fullname;
1174174Seric }
1184324Seric
1196906Seric CurEnv->e_to = NULL;
1204174Seric }
1214174Seric �/*
1224174Seric ** RECIPIENT -- Designate a message recipient
1234174Seric **
1244174Seric ** Saves the named person for future mailing.
1254174Seric **
1264174Seric ** Parameters:
1274174Seric ** a -- the (preparsed) address header for the recipient.
1285006Seric ** sendq -- a pointer to the head of a queue to put the
1295006Seric ** recipient in. Duplicate supression is done
1305006Seric ** in this queue.
1314174Seric **
1324174Seric ** Returns:
13312613Seric ** The actual address in the queue. This will be "a" if
13412613Seric ** the address is not a duplicate, else the original address.
1354174Seric **
1364174Seric ** Side Effects:
1374174Seric ** none.
1384174Seric */
1394174Seric
14046928Sbostic extern ADDRESS *getctladdr();
14146928Sbostic
14212613Seric ADDRESS *
1435006Seric recipient(a, sendq)
1444174Seric register ADDRESS *a;
1455006Seric register ADDRESS **sendq;
1464174Seric {
1474174Seric register ADDRESS *q;
1484319Seric ADDRESS **pq;
1494174Seric register struct mailer *m;
1509210Seric register char *p;
1519210Seric bool quoted = FALSE; /* set if the addr has a quote bit */
1529210Seric char buf[MAXNAME]; /* unquoted image of the user name */
1534627Seric extern bool safefile();
1544174Seric
1556906Seric CurEnv->e_to = a->q_paddr;
1564600Seric m = a->q_mailer;
1574174Seric errno = 0;
1587676Seric if (tTd(26, 1))
1594444Seric {
1604444Seric printf("\nrecipient: ");
1614444Seric printaddr(a, FALSE);
1624444Seric }
1634174Seric
1644174Seric /* break aliasing loops */
1654174Seric if (AliasLevel > MAXRCRSN)
1664174Seric {
1674174Seric usrerr("aliasing/forwarding loop broken");
16812613Seric return (a);
1694174Seric }
1704174Seric
1714174Seric /*
1724627Seric ** Finish setting up address structure.
1734174Seric */
1744174Seric
17516160Seric /* set the queue timeout */
1764627Seric a->q_timeout = TimeOut;
1774627Seric
17816160Seric /* map user & host to lower case if requested on non-aliases */
17916160Seric if (a->q_alias == NULL)
18016160Seric loweraddr(a);
18116160Seric
18216160Seric /* get unquoted user for file, program or user.name check */
1839210Seric (void) strcpy(buf, a->q_user);
1849210Seric for (p = buf; *p != '\0' && !quoted; p++)
1859210Seric {
1869210Seric if (!isascii(*p) && (*p & 0377) != (SpaceSub & 0377))
1879210Seric quoted = TRUE;
1889210Seric }
1899210Seric stripquotes(buf, TRUE);
1909210Seric
1914627Seric /* do sickly crude mapping for program mailing, etc. */
1929210Seric if (m == LocalMailer && buf[0] == '|')
1934174Seric {
1949210Seric a->q_mailer = m = ProgMailer;
1959210Seric a->q_user++;
19636231Sbostic if (a->q_alias == NULL && !QueueRun && !ForceMail)
1974174Seric {
19829915Seric a->q_flags |= QDONTSEND|QBADADDR;
1999210Seric usrerr("Cannot mail directly to programs");
2004174Seric }
2014174Seric }
2024174Seric
2034174Seric /*
2044419Seric ** Look up this person in the recipient list.
2054419Seric ** If they are there already, return, otherwise continue.
2064419Seric ** If the list is empty, just add it. Notice the cute
2074419Seric ** hack to make from addresses suppress things correctly:
2084419Seric ** the QDONTSEND bit will be set in the send list.
2094419Seric ** [Please note: the emphasis is on "hack."]
2104174Seric */
2114174Seric
2125006Seric for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
2134174Seric {
2149379Seric if (!ForceMail && sameaddr(q, a))
2154174Seric {
2167676Seric if (tTd(26, 1))
2174444Seric {
2184444Seric printf("%s in sendq: ", a->q_paddr);
2194444Seric printaddr(q, FALSE);
2204444Seric }
2217054Seric if (!bitset(QDONTSEND, a->q_flags))
2224324Seric message(Arpa_Info, "duplicate suppressed");
2234423Seric if (!bitset(QPRIMARY, q->q_flags))
2244423Seric q->q_flags |= a->q_flags;
22512613Seric return (q);
2264174Seric }
2274319Seric }
2284174Seric
2294319Seric /* add address on list */
2304319Seric *pq = a;
2314174Seric a->q_next = NULL;
23224951Seric CurEnv->e_nrcpts++;
2334174Seric
2344174Seric /*
2354174Seric ** Alias the name and handle :include: specs.
2364174Seric */
2374174Seric
2389210Seric if (m == LocalMailer && !bitset(QDONTSEND, a->q_flags))
2394174Seric {
2404174Seric if (strncmp(a->q_user, ":include:", 9) == 0)
2414174Seric {
2424174Seric a->q_flags |= QDONTSEND;
24336231Sbostic if (a->q_alias == NULL && !QueueRun && !ForceMail)
24429915Seric {
24529915Seric a->q_flags |= QBADADDR;
2464399Seric usrerr("Cannot mail directly to :include:s");
24729915Seric }
2484399Seric else
2494399Seric {
2507054Seric message(Arpa_Info, "including file %s", &a->q_user[9]);
2515006Seric include(&a->q_user[9], " sending", a, sendq);
2524399Seric }
2534174Seric }
2544174Seric else
25550556Seric {
25650556Seric /* try aliasing */
2575006Seric alias(a, sendq);
25850556Seric
25950556Seric # ifdef USERDB
26050556Seric /* if not aliased, look it up in the user database */
26150556Seric if (!bitset(QDONTSEND, a->q_flags))
26250556Seric udbexpand(a, sendq);
26350556Seric # endif
26450556Seric }
2654174Seric }
2664174Seric
2674174Seric /*
2684174Seric ** If the user is local and still being sent, verify that
2694174Seric ** the address is good. If it is, try to forward.
2704174Seric ** If the address is already good, we have a forwarding
2714174Seric ** loop. This can be broken by just sending directly to
2724174Seric ** the user (which is probably correct anyway).
2734174Seric */
2744174Seric
275*51317Seric if (bitset(QDONTSEND, a->q_flags) || m != LocalMailer)
276*51317Seric return (a);
277*51317Seric
278*51317Seric /* see if this is to a file */
279*51317Seric if (buf[0] == '/')
2804174Seric {
2814329Seric struct stat stb;
2824329Seric extern bool writable();
2834174Seric
284*51317Seric p = rindex(buf, '/');
285*51317Seric /* check if writable or creatable */
286*51317Seric if (a->q_alias == NULL && !QueueRun && !ForceMail)
2874174Seric {
288*51317Seric a->q_flags |= QDONTSEND|QBADADDR;
289*51317Seric usrerr("Cannot mail directly to files");
2904174Seric }
291*51317Seric else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
292*51317Seric (*p = '\0', !safefile(buf, getruid(), S_IWRITE|S_IEXEC)))
293*51317Seric {
294*51317Seric a->q_flags |= QBADADDR;
295*51317Seric giveresponse(EX_CANTCREAT, m, CurEnv);
296*51317Seric }
297*51317Seric return (a);
298*51317Seric }
299*51317Seric
300*51317Seric /*
301*51317Seric ** If we have a level two config file, then pass the name through
302*51317Seric ** Ruleset 5 before sending it off. Ruleset 5 has the right
303*51317Seric ** to send rewrite it to another mailer. This gives us a hook
304*51317Seric ** after local aliasing has been done.
305*51317Seric */
306*51317Seric
307*51317Seric if (tTd(29, 5))
308*51317Seric {
309*51317Seric printf("recipient: testing local? cl=%d, rr5=%x\n\t",
310*51317Seric ConfigLevel, RewriteRules[5]);
311*51317Seric printaddr(a, FALSE);
312*51317Seric }
313*51317Seric if (!bitset(QNOTREMOTE, a->q_flags) && ConfigLevel >= 2 &&
314*51317Seric RewriteRules[5] != NULL)
315*51317Seric {
316*51317Seric maplocaluser(a, sendq);
317*51317Seric }
318*51317Seric
319*51317Seric /*
320*51317Seric ** If it didn't get rewritten to another mailer, go ahead
321*51317Seric ** and deliver it.
322*51317Seric */
323*51317Seric
324*51317Seric if (!bitset(QDONTSEND, a->q_flags))
325*51317Seric {
326*51317Seric register struct passwd *pw;
327*51317Seric extern struct passwd *finduser();
328*51317Seric
329*51317Seric /* warning -- finduser may trash buf */
330*51317Seric pw = finduser(buf);
331*51317Seric if (pw == NULL)
332*51317Seric {
333*51317Seric a->q_flags |= QBADADDR;
334*51317Seric giveresponse(EX_NOUSER, m, CurEnv);
335*51317Seric }
3364174Seric else
3374174Seric {
338*51317Seric char nbuf[MAXNAME];
3394373Seric
340*51317Seric if (strcmp(a->q_user, pw->pw_name) != 0)
3414174Seric {
342*51317Seric a->q_user = newstr(pw->pw_name);
343*51317Seric (void) strcpy(buf, pw->pw_name);
3444174Seric }
345*51317Seric a->q_home = newstr(pw->pw_dir);
346*51317Seric a->q_uid = pw->pw_uid;
347*51317Seric a->q_gid = pw->pw_gid;
348*51317Seric a->q_flags |= QGOODUID;
349*51317Seric buildfname(pw->pw_gecos, pw->pw_name, nbuf);
350*51317Seric if (nbuf[0] != '\0')
351*51317Seric a->q_fullname = newstr(nbuf);
352*51317Seric if (!quoted)
353*51317Seric forward(a, sendq);
3544174Seric }
3554174Seric }
35612613Seric return (a);
3574174Seric }
3584174Seric �/*
3594373Seric ** FINDUSER -- find the password entry for a user.
3604373Seric **
3614373Seric ** This looks a lot like getpwnam, except that it may want to
3624373Seric ** do some fancier pattern matching in /etc/passwd.
3634373Seric **
3649379Seric ** This routine contains most of the time of many sendmail runs.
3659379Seric ** It deserves to be optimized.
3669379Seric **
3674373Seric ** Parameters:
3684373Seric ** name -- the name to match against.
3694373Seric **
3704373Seric ** Returns:
3714373Seric ** A pointer to a pw struct.
3724373Seric ** NULL if name is unknown or ambiguous.
3734373Seric **
3744373Seric ** Side Effects:
3754407Seric ** may modify name.
3764373Seric */
3774373Seric
3784373Seric struct passwd *
3794373Seric finduser(name)
3804373Seric char *name;
3814373Seric {
3824376Seric register struct passwd *pw;
3834407Seric register char *p;
38415325Seric extern struct passwd *getpwent();
38515325Seric extern struct passwd *getpwnam();
3864373Seric
38725777Seric /* map upper => lower case */
3884407Seric for (p = name; *p != '\0'; p++)
3894407Seric {
39025777Seric if (isascii(*p) && isupper(*p))
39125568Seric *p = tolower(*p);
3924407Seric }
3934407Seric
39425777Seric /* look up this login name using fast path */
39512634Seric if ((pw = getpwnam(name)) != NULL)
39612634Seric return (pw);
39712634Seric
39812634Seric /* search for a matching full name instead */
39925777Seric for (p = name; *p != '\0'; p++)
40025777Seric {
40125777Seric if (*p == (SpaceSub & 0177) || *p == '_')
40225777Seric *p = ' ';
40325777Seric }
40423107Seric (void) setpwent();
4054376Seric while ((pw = getpwent()) != NULL)
4064376Seric {
4074998Seric char buf[MAXNAME];
4084376Seric
4094998Seric buildfname(pw->pw_gecos, pw->pw_name, buf);
41033725Sbostic if (index(buf, ' ') != NULL && !strcasecmp(buf, name))
4114381Seric {
4127054Seric message(Arpa_Info, "sending to login name %s", pw->pw_name);
4134376Seric return (pw);
4144377Seric }
4154376Seric }
4164376Seric return (NULL);
4174373Seric }
4184373Seric �/*
4194329Seric ** WRITABLE -- predicate returning if the file is writable.
4204329Seric **
4214329Seric ** This routine must duplicate the algorithm in sys/fio.c.
4224329Seric ** Unfortunately, we cannot use the access call since we
4234329Seric ** won't necessarily be the real uid when we try to
4244329Seric ** actually open the file.
4254329Seric **
4264329Seric ** Notice that ANY file with ANY execute bit is automatically
4274329Seric ** not writable. This is also enforced by mailfile.
4284329Seric **
4294329Seric ** Parameters:
4304329Seric ** s -- pointer to a stat struct for the file.
4314329Seric **
4324329Seric ** Returns:
4334329Seric ** TRUE -- if we will be able to write this file.
4344329Seric ** FALSE -- if we cannot write this file.
4354329Seric **
4364329Seric ** Side Effects:
4374329Seric ** none.
4384329Seric */
4394329Seric
4404329Seric bool
4414329Seric writable(s)
4424329Seric register struct stat *s;
4434329Seric {
4444329Seric int euid, egid;
4454329Seric int bits;
4464329Seric
4474329Seric if (bitset(0111, s->st_mode))
4484329Seric return (FALSE);
4494329Seric euid = getruid();
4504329Seric egid = getrgid();
4514329Seric if (geteuid() == 0)
4524329Seric {
4534329Seric if (bitset(S_ISUID, s->st_mode))
4544329Seric euid = s->st_uid;
4554329Seric if (bitset(S_ISGID, s->st_mode))
4564329Seric egid = s->st_gid;
4574329Seric }
4584329Seric
4594329Seric if (euid == 0)
4604329Seric return (TRUE);
4614329Seric bits = S_IWRITE;
4624329Seric if (euid != s->st_uid)
4634329Seric {
4644329Seric bits >>= 3;
4654329Seric if (egid != s->st_gid)
4664329Seric bits >>= 3;
4674329Seric }
4684329Seric return ((s->st_mode & bits) != 0);
4694329Seric }
4704329Seric �/*
4714174Seric ** INCLUDE -- handle :include: specification.
4724174Seric **
4734174Seric ** Parameters:
4744174Seric ** fname -- filename to include.
4754176Seric ** msg -- message to print in verbose mode.
4764399Seric ** ctladdr -- address template to use to fill in these
4774399Seric ** addresses -- effective user/group id are
4784399Seric ** the important things.
4795006Seric ** sendq -- a pointer to the head of the send queue
4805006Seric ** to put these addresses in.
4814174Seric **
4824174Seric ** Returns:
4834174Seric ** none.
4844174Seric **
4854174Seric ** Side Effects:
4864174Seric ** reads the :include: file and sends to everyone
4874174Seric ** listed in that file.
4884174Seric */
4894174Seric
4905006Seric include(fname, msg, ctladdr, sendq)
4914174Seric char *fname;
4924176Seric char *msg;
4934399Seric ADDRESS *ctladdr;
4945006Seric ADDRESS **sendq;
4954174Seric {
4964174Seric char buf[MAXLINE];
4974174Seric register FILE *fp;
4986906Seric char *oldto = CurEnv->e_to;
4999379Seric char *oldfilename = FileName;
5009379Seric int oldlinenumber = LineNumber;
5014174Seric
5024174Seric fp = fopen(fname, "r");
5034174Seric if (fp == NULL)
5044174Seric {
5054174Seric usrerr("Cannot open %s", fname);
5064174Seric return;
5074174Seric }
5084406Seric if (getctladdr(ctladdr) == NULL)
5094406Seric {
5104406Seric struct stat st;
5114174Seric
5124406Seric if (fstat(fileno(fp), &st) < 0)
5134406Seric syserr("Cannot fstat %s!", fname);
5144406Seric ctladdr->q_uid = st.st_uid;
5154406Seric ctladdr->q_gid = st.st_gid;
5164406Seric ctladdr->q_flags |= QGOODUID;
5174406Seric }
5184406Seric
5194174Seric /* read the file -- each line is a comma-separated list. */
5209379Seric FileName = fname;
5219379Seric LineNumber = 0;
5224174Seric while (fgets(buf, sizeof buf, fp) != NULL)
5234174Seric {
5244174Seric register char *p = index(buf, '\n');
5254174Seric
52640963Sbostic LineNumber++;
5274174Seric if (p != NULL)
5284174Seric *p = '\0';
5294174Seric if (buf[0] == '\0')
5304174Seric continue;
5316906Seric CurEnv->e_to = oldto;
5327054Seric message(Arpa_Info, "%s to %s", msg, buf);
5334176Seric AliasLevel++;
5349622Seric sendtolist(buf, ctladdr, sendq);
5354176Seric AliasLevel--;
5364174Seric }
5374174Seric
5384319Seric (void) fclose(fp);
5399379Seric FileName = oldfilename;
5409379Seric LineNumber = oldlinenumber;
5414174Seric }
5424324Seric �/*
5434324Seric ** SENDTOARGV -- send to an argument vector.
5444324Seric **
5454324Seric ** Parameters:
5464324Seric ** argv -- argument vector to send to.
5474324Seric **
5484324Seric ** Returns:
5494324Seric ** none.
5504324Seric **
5514324Seric ** Side Effects:
5524324Seric ** puts all addresses on the argument vector onto the
5534324Seric ** send queue.
5544324Seric */
5554324Seric
5564324Seric sendtoargv(argv)
5574324Seric register char **argv;
5584324Seric {
5594324Seric register char *p;
5604324Seric
5614324Seric while ((p = *argv++) != NULL)
5624324Seric {
56333725Sbostic if (argv[0] != NULL && argv[1] != NULL && !strcasecmp(argv[0], "at"))
5644324Seric {
5654324Seric char nbuf[MAXNAME];
5664324Seric
5674324Seric if (strlen(p) + strlen(argv[1]) + 2 > sizeof nbuf)
5684324Seric usrerr("address overflow");
5694324Seric else
5704324Seric {
5714324Seric (void) strcpy(nbuf, p);
5724324Seric (void) strcat(nbuf, "@");
5734324Seric (void) strcat(nbuf, argv[1]);
5744324Seric p = newstr(nbuf);
5754324Seric argv += 2;
5764324Seric }
5774324Seric }
5789622Seric sendtolist(p, (ADDRESS *) NULL, &CurEnv->e_sendqueue);
5794324Seric }
5804324Seric }
5814399Seric �/*
5824399Seric ** GETCTLADDR -- get controlling address from an address header.
5834399Seric **
5844399Seric ** If none, get one corresponding to the effective userid.
5854399Seric **
5864399Seric ** Parameters:
5874399Seric ** a -- the address to find the controller of.
5884399Seric **
5894399Seric ** Returns:
5904399Seric ** the controlling address.
5914399Seric **
5924399Seric ** Side Effects:
5934399Seric ** none.
5944399Seric */
5954399Seric
5964399Seric ADDRESS *
5974399Seric getctladdr(a)
5984399Seric register ADDRESS *a;
5994399Seric {
6004404Seric while (a != NULL && !bitset(QGOODUID, a->q_flags))
6014399Seric a = a->q_alias;
6024399Seric return (a);
6034399Seric }
604