122710Sdist /*
234921Sbostic * Copyright (c) 1983 Eric P. Allman
363589Sbostic * Copyright (c) 1988, 1993
463589Sbostic * The Regents of the University of California. All rights reserved.
533731Sbostic *
642829Sbostic * %sccs.include.redist.c%
733731Sbostic */
822710Sdist
922710Sdist #ifndef lint
10*64131Seric static char sccsid[] = "@(#)recipient.c 8.13 (Berkeley) 08/07/93";
1133731Sbostic #endif /* not lint */
1222710Sdist
1358332Seric # include "sendmail.h"
144174Seric # include <pwd.h>
154174Seric
164174Seric /*
179622Seric ** SENDTOLIST -- Designate a send list.
184174Seric **
194174Seric ** The parameter is a comma-separated list of people to send to.
204174Seric ** This routine arranges to send to all of them.
214174Seric **
224174Seric ** Parameters:
234174Seric ** list -- the send list.
244399Seric ** ctladdr -- the address template for the person to
254399Seric ** send to -- effective uid/gid are important.
265006Seric ** This is typically the alias that caused this
275006Seric ** expansion.
285006Seric ** sendq -- a pointer to the head of a queue to put
295006Seric ** these people into.
3058247Seric ** e -- the envelope in which to add these recipients.
314174Seric **
324174Seric ** Returns:
3358082Seric ** The number of addresses actually on the list.
344174Seric **
354174Seric ** Side Effects:
364174Seric ** none.
374174Seric */
384174Seric
394174Seric # define MAXRCRSN 10
404174Seric
4155012Seric sendtolist(list, ctladdr, sendq, e)
424174Seric char *list;
434399Seric ADDRESS *ctladdr;
445198Seric ADDRESS **sendq;
4555012Seric register ENVELOPE *e;
464174Seric {
474174Seric register char *p;
488223Seric register ADDRESS *al; /* list of addresses to send to */
494423Seric bool firstone; /* set on first address sent */
5011446Seric char delimiter; /* the address delimiter */
5158082Seric int naddrs;
5263847Seric char *oldto = e->e_to;
534174Seric
54*64131Seric if (list == NULL)
55*64131Seric {
56*64131Seric syserr("sendtolist: null list");
57*64131Seric return 0;
58*64131Seric }
59*64131Seric
607676Seric if (tTd(25, 1))
614444Seric {
624444Seric printf("sendto: %s\n ctladdr=", list);
634444Seric printaddr(ctladdr, FALSE);
644444Seric }
654324Seric
668223Seric /* heuristic to determine old versus new style addresses */
678230Seric if (ctladdr == NULL &&
6856795Seric (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
6956795Seric strchr(list, '<') != NULL || strchr(list, '(') != NULL))
7055012Seric e->e_flags &= ~EF_OLDSTYLE;
7111446Seric delimiter = ' ';
7255012Seric if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
7311446Seric delimiter = ',';
748223Seric
754423Seric firstone = TRUE;
764324Seric al = NULL;
7758082Seric naddrs = 0;
788223Seric
798081Seric for (p = list; *p != '\0'; )
804174Seric {
8158333Seric auto char *delimptr;
828081Seric register ADDRESS *a;
834319Seric
848081Seric /* parse the address */
8558050Seric while ((isascii(*p) && isspace(*p)) || *p == ',')
864174Seric p++;
8758333Seric a = parseaddr(p, (ADDRESS *) NULL, 1, delimiter, &delimptr, e);
8858333Seric p = delimptr;
899297Seric if (a == NULL)
904174Seric continue;
914324Seric a->q_next = al;
924399Seric a->q_alias = ctladdr;
934444Seric
944444Seric /* see if this should be marked as a primary address */
954423Seric if (ctladdr == NULL ||
968081Seric (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
974423Seric a->q_flags |= QPRIMARY;
984444Seric
999379Seric if (ctladdr != NULL && sameaddr(ctladdr, a))
10058061Seric ctladdr->q_flags |= QSELFREF;
10157731Seric al = a;
1024423Seric firstone = FALSE;
1034324Seric }
1044324Seric
1054324Seric /* arrange to send to everyone on the local send list */
1064324Seric while (al != NULL)
1074324Seric {
1084324Seric register ADDRESS *a = al;
1094324Seric
1104324Seric al = a->q_next;
11155012Seric a = recipient(a, sendq, e);
1124993Seric
1134998Seric /* arrange to inherit full name */
1144998Seric if (a->q_fullname == NULL && ctladdr != NULL)
1154998Seric a->q_fullname = ctladdr->q_fullname;
11658082Seric naddrs++;
1174174Seric }
1184324Seric
11963847Seric e->e_to = oldto;
12058082Seric return (naddrs);
1214174Seric }
1224174Seric �/*
1234174Seric ** RECIPIENT -- Designate a message recipient
1244174Seric **
1254174Seric ** Saves the named person for future mailing.
1264174Seric **
1274174Seric ** Parameters:
1284174Seric ** a -- the (preparsed) address header for the recipient.
1295006Seric ** sendq -- a pointer to the head of a queue to put the
1305006Seric ** recipient in. Duplicate supression is done
1315006Seric ** in this queue.
13257731Seric ** e -- the current envelope.
1334174Seric **
1344174Seric ** Returns:
13512613Seric ** The actual address in the queue. This will be "a" if
13612613Seric ** the address is not a duplicate, else the original address.
1374174Seric **
1384174Seric ** Side Effects:
1394174Seric ** none.
1404174Seric */
1414174Seric
14212613Seric ADDRESS *
14355012Seric recipient(a, sendq, e)
1444174Seric register ADDRESS *a;
1455006Seric register ADDRESS **sendq;
14655012Seric register ENVELOPE *e;
1474174Seric {
1484174Seric register ADDRESS *q;
1494319Seric ADDRESS **pq;
1504174Seric register struct mailer *m;
1519210Seric register char *p;
1529210Seric bool quoted = FALSE; /* set if the addr has a quote bit */
15353735Seric int findusercount = 0;
1549210Seric char buf[MAXNAME]; /* unquoted image of the user name */
15558247Seric extern int safefile();
1564174Seric
15755012Seric e->e_to = a->q_paddr;
1584600Seric m = a->q_mailer;
1594174Seric errno = 0;
1607676Seric if (tTd(26, 1))
1614444Seric {
1624444Seric printf("\nrecipient: ");
1634444Seric printaddr(a, FALSE);
1644444Seric }
1654174Seric
1664174Seric /* break aliasing loops */
1674174Seric if (AliasLevel > MAXRCRSN)
1684174Seric {
16958151Seric usrerr("554 aliasing/forwarding loop broken");
17012613Seric return (a);
1714174Seric }
1724174Seric
1734174Seric /*
1744627Seric ** Finish setting up address structure.
1754174Seric */
1764174Seric
17716160Seric /* set the queue timeout */
17858737Seric a->q_timeout = TimeOuts.to_q_return;
1794627Seric
18016160Seric /* get unquoted user for file, program or user.name check */
1819210Seric (void) strcpy(buf, a->q_user);
1829210Seric for (p = buf; *p != '\0' && !quoted; p++)
1839210Seric {
18454993Seric if (*p == '\\')
1859210Seric quoted = TRUE;
1869210Seric }
18754983Seric stripquotes(buf);
1889210Seric
18957402Seric /* check for direct mailing to restricted mailers */
19058737Seric if (a->q_alias == NULL && m == ProgMailer &&
19158737Seric !bitset(EF_QUEUERUN, e->e_flags))
1924174Seric {
19358680Seric a->q_flags |= QBADADDR;
19463847Seric usrerr("550 Cannot mail directly to programs");
1954174Seric }
1964174Seric
1974174Seric /*
1984419Seric ** Look up this person in the recipient list.
1994419Seric ** If they are there already, return, otherwise continue.
2004419Seric ** If the list is empty, just add it. Notice the cute
2014419Seric ** hack to make from addresses suppress things correctly:
2024419Seric ** the QDONTSEND bit will be set in the send list.
2034419Seric ** [Please note: the emphasis is on "hack."]
2044174Seric */
2054174Seric
2065006Seric for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
2074174Seric {
20858294Seric if (sameaddr(q, a))
2094174Seric {
2107676Seric if (tTd(26, 1))
2114444Seric {
2124444Seric printf("%s in sendq: ", a->q_paddr);
2134444Seric printaddr(q, FALSE);
2144444Seric }
2154423Seric if (!bitset(QPRIMARY, q->q_flags))
21658065Seric {
21758065Seric if (!bitset(QDONTSEND, a->q_flags))
21858151Seric message("duplicate suppressed");
2194423Seric q->q_flags |= a->q_flags;
22058065Seric }
22163847Seric a = q;
22263847Seric goto testselfdestruct;
2234174Seric }
2244319Seric }
2254174Seric
2264319Seric /* add address on list */
22758884Seric *pq = a;
22858884Seric a->q_next = NULL;
2294174Seric
2304174Seric /*
23157402Seric ** Alias the name and handle special mailer types.
2324174Seric */
2334174Seric
23453735Seric trylocaluser:
23555354Seric if (tTd(29, 7))
23655354Seric printf("at trylocaluser %s\n", a->q_user);
23755354Seric
23858680Seric if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
23963847Seric goto testselfdestruct;
24057402Seric
24157402Seric if (m == InclMailer)
2424174Seric {
24357402Seric a->q_flags |= QDONTSEND;
24458737Seric if (a->q_alias == NULL && !bitset(EF_QUEUERUN, e->e_flags))
2454174Seric {
24658680Seric a->q_flags |= QBADADDR;
24758151Seric usrerr("550 Cannot mail directly to :include:s");
2484174Seric }
2494174Seric else
25050556Seric {
25159563Seric int ret;
25258247Seric
25358151Seric message("including file %s", a->q_user);
25459563Seric ret = include(a->q_user, FALSE, a, sendq, e);
25559563Seric if (transienterror(ret))
25659563Seric {
25759563Seric #ifdef LOG
25859563Seric if (LogLevel > 2)
25959615Seric syslog(LOG_ERR, "%s: include %s: transient error: %e",
26059623Seric e->e_id, a->q_user, errstring(ret));
26159563Seric #endif
26263853Seric a->q_flags |= QQUEUEUP;
26359563Seric usrerr("451 Cannot open %s: %s",
26459563Seric a->q_user, errstring(ret));
26559563Seric }
26659563Seric else if (ret != 0)
26759563Seric {
26863938Seric a->q_flags |= QBADADDR;
26959563Seric usrerr("550 Cannot open %s: %s",
27059563Seric a->q_user, errstring(ret));
27159563Seric }
27250556Seric }
2734174Seric }
27457642Seric else if (m == FileMailer)
2754174Seric {
2764329Seric struct stat stb;
2774329Seric extern bool writable();
2784174Seric
27956795Seric p = strrchr(buf, '/');
28051317Seric /* check if writable or creatable */
28158737Seric if (a->q_alias == NULL && !bitset(EF_QUEUERUN, e->e_flags))
2824174Seric {
28358680Seric a->q_flags |= QBADADDR;
28458151Seric usrerr("550 Cannot mail directly to files");
2854174Seric }
28651317Seric else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
28764083Seric (*p = '\0', safefile(buf, RealUid, RealGid, NULL, TRUE, S_IWRITE|S_IEXEC) != 0))
28851317Seric {
28958680Seric a->q_flags |= QBADADDR;
29058337Seric giveresponse(EX_CANTCREAT, m, NULL, e);
29151317Seric }
29251317Seric }
29351317Seric
29457402Seric if (m != LocalMailer)
29557642Seric {
29657642Seric if (!bitset(QDONTSEND, a->q_flags))
29757642Seric e->e_nrcpts++;
29863847Seric goto testselfdestruct;
29957642Seric }
30057402Seric
30157402Seric /* try aliasing */
30257402Seric alias(a, sendq, e);
30357402Seric
30457402Seric # ifdef USERDB
30557402Seric /* if not aliased, look it up in the user database */
30658918Seric if (!bitset(QDONTSEND|QNOTREMOTE|QVERIFIED, a->q_flags))
30757402Seric {
30857402Seric extern int udbexpand();
30959615Seric extern int errno;
31057402Seric
31157402Seric if (udbexpand(a, sendq, e) == EX_TEMPFAIL)
31257402Seric {
31363853Seric a->q_flags |= QQUEUEUP;
31457402Seric if (e->e_message == NULL)
31557402Seric e->e_message = newstr("Deferred: user database error");
31657402Seric # ifdef LOG
31758020Seric if (LogLevel > 8)
31859623Seric syslog(LOG_INFO, "%s: deferred: udbexpand: %s",
31959623Seric e->e_id, errstring(errno));
32057402Seric # endif
32159615Seric message("queued (user database error): %s",
32259615Seric errstring(errno));
32357642Seric e->e_nrcpts++;
32463847Seric goto testselfdestruct;
32557402Seric }
32657402Seric }
32757402Seric # endif
32857402Seric
32957402Seric /* if it was an alias or a UDB expansion, just return now */
33058247Seric if (bitset(QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags))
33163847Seric goto testselfdestruct;
33257402Seric
33351317Seric /*
33451317Seric ** If we have a level two config file, then pass the name through
33551317Seric ** Ruleset 5 before sending it off. Ruleset 5 has the right
33651317Seric ** to send rewrite it to another mailer. This gives us a hook
33751317Seric ** after local aliasing has been done.
33851317Seric */
33951317Seric
34051317Seric if (tTd(29, 5))
34151317Seric {
34251317Seric printf("recipient: testing local? cl=%d, rr5=%x\n\t",
34351317Seric ConfigLevel, RewriteRules[5]);
34451317Seric printaddr(a, FALSE);
34551317Seric }
34651317Seric if (!bitset(QNOTREMOTE, a->q_flags) && ConfigLevel >= 2 &&
34751317Seric RewriteRules[5] != NULL)
34851317Seric {
34955012Seric maplocaluser(a, sendq, e);
35051317Seric }
35151317Seric
35251317Seric /*
35351317Seric ** If it didn't get rewritten to another mailer, go ahead
35451317Seric ** and deliver it.
35551317Seric */
35651317Seric
35758247Seric if (!bitset(QDONTSEND|QQUEUEUP, a->q_flags))
35851317Seric {
35955354Seric auto bool fuzzy;
36051317Seric register struct passwd *pw;
36151317Seric extern struct passwd *finduser();
36251317Seric
36351317Seric /* warning -- finduser may trash buf */
36455354Seric pw = finduser(buf, &fuzzy);
36551317Seric if (pw == NULL)
36651317Seric {
36758680Seric a->q_flags |= QBADADDR;
36858337Seric giveresponse(EX_NOUSER, m, NULL, e);
36951317Seric }
3704174Seric else
3714174Seric {
37251317Seric char nbuf[MAXNAME];
3734373Seric
37455354Seric if (fuzzy)
3754174Seric {
37653735Seric /* name was a fuzzy match */
37751317Seric a->q_user = newstr(pw->pw_name);
37853735Seric if (findusercount++ > 3)
37953735Seric {
38058680Seric a->q_flags |= QBADADDR;
38158151Seric usrerr("554 aliasing/forwarding loop for %s broken",
38253735Seric pw->pw_name);
38353735Seric return (a);
38453735Seric }
38553735Seric
38653735Seric /* see if it aliases */
38751317Seric (void) strcpy(buf, pw->pw_name);
38853735Seric goto trylocaluser;
3894174Seric }
39051317Seric a->q_home = newstr(pw->pw_dir);
39151317Seric a->q_uid = pw->pw_uid;
39251317Seric a->q_gid = pw->pw_gid;
39359083Seric a->q_ruser = newstr(pw->pw_name);
39451317Seric a->q_flags |= QGOODUID;
39551317Seric buildfname(pw->pw_gecos, pw->pw_name, nbuf);
39651317Seric if (nbuf[0] != '\0')
39751317Seric a->q_fullname = newstr(nbuf);
39851317Seric if (!quoted)
39955012Seric forward(a, sendq, e);
4004174Seric }
4014174Seric }
40257642Seric if (!bitset(QDONTSEND, a->q_flags))
40357642Seric e->e_nrcpts++;
40463847Seric
40563847Seric testselfdestruct:
40663978Seric if (tTd(26, 8))
40763847Seric {
40863978Seric printf("testselfdestruct: ");
40963978Seric printaddr(a, TRUE);
41063978Seric }
41163978Seric if (a->q_alias == NULL && a != &e->e_from &&
41263978Seric bitset(QDONTSEND, a->q_flags))
41363978Seric {
41463978Seric q = *sendq;
41563965Seric while (q != NULL && bitset(QDONTSEND, q->q_flags))
41663847Seric q = q->q_next;
41763978Seric if (q == NULL)
41863847Seric {
41963847Seric a->q_flags |= QBADADDR;
42063847Seric usrerr("554 aliasing/forwarding loop broken");
42163847Seric }
42263847Seric }
42312613Seric return (a);
4244174Seric }
4254174Seric �/*
4264373Seric ** FINDUSER -- find the password entry for a user.
4274373Seric **
4284373Seric ** This looks a lot like getpwnam, except that it may want to
4294373Seric ** do some fancier pattern matching in /etc/passwd.
4304373Seric **
4319379Seric ** This routine contains most of the time of many sendmail runs.
4329379Seric ** It deserves to be optimized.
4339379Seric **
4344373Seric ** Parameters:
4354373Seric ** name -- the name to match against.
43655354Seric ** fuzzyp -- an outarg that is set to TRUE if this entry
43755354Seric ** was found using the fuzzy matching algorithm;
43855354Seric ** set to FALSE otherwise.
4394373Seric **
4404373Seric ** Returns:
4414373Seric ** A pointer to a pw struct.
4424373Seric ** NULL if name is unknown or ambiguous.
4434373Seric **
4444373Seric ** Side Effects:
4454407Seric ** may modify name.
4464373Seric */
4474373Seric
4484373Seric struct passwd *
44955354Seric finduser(name, fuzzyp)
4504373Seric char *name;
45155354Seric bool *fuzzyp;
4524373Seric {
4534376Seric register struct passwd *pw;
4544407Seric register char *p;
45515325Seric extern struct passwd *getpwent();
45615325Seric extern struct passwd *getpwnam();
4574373Seric
45855354Seric if (tTd(29, 4))
45955354Seric printf("finduser(%s): ", name);
46055354Seric
46155354Seric *fuzzyp = FALSE;
4624407Seric
46325777Seric /* look up this login name using fast path */
46412634Seric if ((pw = getpwnam(name)) != NULL)
46555354Seric {
46655354Seric if (tTd(29, 4))
46755354Seric printf("found (non-fuzzy)\n");
46812634Seric return (pw);
46955354Seric }
47012634Seric
47153735Seric #ifdef MATCHGECOS
47253735Seric /* see if fuzzy matching allowed */
47353735Seric if (!MatchGecos)
47455354Seric {
47555354Seric if (tTd(29, 4))
47655354Seric printf("not found (fuzzy disabled)\n");
47753735Seric return NULL;
47855354Seric }
47953735Seric
48012634Seric /* search for a matching full name instead */
48125777Seric for (p = name; *p != '\0'; p++)
48225777Seric {
48325777Seric if (*p == (SpaceSub & 0177) || *p == '_')
48425777Seric *p = ' ';
48525777Seric }
48623107Seric (void) setpwent();
4874376Seric while ((pw = getpwent()) != NULL)
4884376Seric {
4894998Seric char buf[MAXNAME];
4904376Seric
4914998Seric buildfname(pw->pw_gecos, pw->pw_name, buf);
49256795Seric if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
4934381Seric {
49455354Seric if (tTd(29, 4))
49555354Seric printf("fuzzy matches %s\n", pw->pw_name);
49658151Seric message("sending to login name %s", pw->pw_name);
49755354Seric *fuzzyp = TRUE;
4984376Seric return (pw);
4994377Seric }
5004376Seric }
50155354Seric if (tTd(29, 4))
50255354Seric printf("no fuzzy match found\n");
50359015Seric #else
50459015Seric if (tTd(29, 4))
50559015Seric printf("not found (fuzzy disabled)\n");
50659015Seric #endif
5074376Seric return (NULL);
5084373Seric }
5094373Seric �/*
5104329Seric ** WRITABLE -- predicate returning if the file is writable.
5114329Seric **
5124329Seric ** This routine must duplicate the algorithm in sys/fio.c.
5134329Seric ** Unfortunately, we cannot use the access call since we
5144329Seric ** won't necessarily be the real uid when we try to
5154329Seric ** actually open the file.
5164329Seric **
5174329Seric ** Notice that ANY file with ANY execute bit is automatically
5184329Seric ** not writable. This is also enforced by mailfile.
5194329Seric **
5204329Seric ** Parameters:
5214329Seric ** s -- pointer to a stat struct for the file.
5224329Seric **
5234329Seric ** Returns:
5244329Seric ** TRUE -- if we will be able to write this file.
5254329Seric ** FALSE -- if we cannot write this file.
5264329Seric **
5274329Seric ** Side Effects:
5284329Seric ** none.
5294329Seric */
5304329Seric
5314329Seric bool
5324329Seric writable(s)
5334329Seric register struct stat *s;
5344329Seric {
53555372Seric uid_t euid;
53655372Seric gid_t egid;
5374329Seric int bits;
5384329Seric
5394329Seric if (bitset(0111, s->st_mode))
5404329Seric return (FALSE);
54163787Seric euid = RealUid;
54263787Seric egid = RealGid;
5434329Seric if (geteuid() == 0)
5444329Seric {
5454329Seric if (bitset(S_ISUID, s->st_mode))
5464329Seric euid = s->st_uid;
5474329Seric if (bitset(S_ISGID, s->st_mode))
5484329Seric egid = s->st_gid;
5494329Seric }
5504329Seric
5514329Seric if (euid == 0)
5524329Seric return (TRUE);
5534329Seric bits = S_IWRITE;
5544329Seric if (euid != s->st_uid)
5554329Seric {
5564329Seric bits >>= 3;
5574329Seric if (egid != s->st_gid)
5584329Seric bits >>= 3;
5594329Seric }
5604329Seric return ((s->st_mode & bits) != 0);
5614329Seric }
5624329Seric �/*
5634174Seric ** INCLUDE -- handle :include: specification.
5644174Seric **
5654174Seric ** Parameters:
5664174Seric ** fname -- filename to include.
56753037Seric ** forwarding -- if TRUE, we are reading a .forward file.
56853037Seric ** if FALSE, it's a :include: file.
5694399Seric ** ctladdr -- address template to use to fill in these
5704399Seric ** addresses -- effective user/group id are
5714399Seric ** the important things.
5725006Seric ** sendq -- a pointer to the head of the send queue
5735006Seric ** to put these addresses in.
5744174Seric **
5754174Seric ** Returns:
57657136Seric ** open error status
5774174Seric **
5784174Seric ** Side Effects:
5794174Seric ** reads the :include: file and sends to everyone
5804174Seric ** listed in that file.
5814174Seric */
5824174Seric
58353037Seric static jmp_buf CtxIncludeTimeout;
58463937Seric static int includetimeout();
58553037Seric
58657136Seric int
58755012Seric include(fname, forwarding, ctladdr, sendq, e)
5884174Seric char *fname;
58953037Seric bool forwarding;
5904399Seric ADDRESS *ctladdr;
5915006Seric ADDRESS **sendq;
59255012Seric ENVELOPE *e;
5934174Seric {
5944174Seric register FILE *fp;
59555012Seric char *oldto = e->e_to;
5969379Seric char *oldfilename = FileName;
5979379Seric int oldlinenumber = LineNumber;
59853037Seric register EVENT *ev = NULL;
59958082Seric int nincludes;
60058247Seric int ret;
60163581Seric ADDRESS *ca;
60263581Seric uid_t uid;
60364083Seric gid_t gid;
60464083Seric char *uname;
60553037Seric char buf[MAXLINE];
6064174Seric
60757186Seric if (tTd(27, 2))
60857186Seric printf("include(%s)\n", fname);
60963902Seric if (tTd(27, 4))
61063902Seric printf(" ruid=%d euid=%d\n", getuid(), geteuid());
61163581Seric if (tTd(27, 14))
61263581Seric {
61363581Seric printf("ctladdr ");
61463581Seric printaddr(ctladdr, FALSE);
61563581Seric }
61657186Seric
61753037Seric /*
61853037Seric ** If home directory is remote mounted but server is down,
61953037Seric ** this can hang or give errors; use a timeout to avoid this
62053037Seric */
62153037Seric
62263581Seric ca = getctladdr(ctladdr);
62363581Seric if (ca == NULL)
62464083Seric {
62563581Seric uid = 0;
62664083Seric gid = 0;
62764083Seric uname = NULL;
62864083Seric }
62963581Seric else
63064083Seric {
63163581Seric uid = ca->q_uid;
63264083Seric gid = ca->q_gid;
63364083Seric uname = ca->q_user;
63464083Seric }
63563581Seric
63653037Seric if (setjmp(CtxIncludeTimeout) != 0)
63753037Seric {
63863853Seric ctladdr->q_flags |= QQUEUEUP;
63953037Seric errno = 0;
64053037Seric usrerr("451 open timeout on %s", fname);
64163993Seric
64263993Seric /* return pseudo-error code */
64363993Seric return EOPENTIMEOUT;
64453037Seric }
64553037Seric ev = setevent((time_t) 60, includetimeout, 0);
64653037Seric
64763581Seric /* the input file must be marked safe */
64864083Seric ret = safefile(fname, uid, gid, uname, forwarding, S_IREAD);
64964083Seric if (ret != 0)
65053037Seric {
65153037Seric /* don't use this .forward file */
65253037Seric clrevent(ev);
65357186Seric if (tTd(27, 4))
65458247Seric printf("include: not safe (uid=%d): %s\n",
65563581Seric uid, errstring(ret));
65658247Seric return ret;
65753037Seric }
65853037Seric
6594174Seric fp = fopen(fname, "r");
6604174Seric if (fp == NULL)
6614174Seric {
66257136Seric int ret = errno;
66357136Seric
66458061Seric clrevent(ev);
66563902Seric if (tTd(27, 4))
66663902Seric printf("include: open: %s\n", errstring(ret));
66757136Seric return ret;
6684174Seric }
66953037Seric
67063581Seric if (ca == NULL)
6714406Seric {
6724406Seric struct stat st;
6734174Seric
6744406Seric if (fstat(fileno(fp), &st) < 0)
67558061Seric {
67658061Seric int ret = errno;
67758061Seric
67858061Seric clrevent(ev);
6794406Seric syserr("Cannot fstat %s!", fname);
68058061Seric return ret;
68158061Seric }
6824406Seric ctladdr->q_uid = st.st_uid;
6834406Seric ctladdr->q_gid = st.st_gid;
6844406Seric ctladdr->q_flags |= QGOODUID;
6854406Seric }
6864406Seric
68753037Seric clrevent(ev);
68853037Seric
68958092Seric if (bitset(EF_VRFYONLY, e->e_flags))
69058092Seric {
69158092Seric /* don't do any more now */
69258868Seric ctladdr->q_flags |= QVERIFIED;
69358884Seric e->e_nrcpts++;
69458680Seric xfclose(fp, "include", fname);
69558092Seric return 0;
69658092Seric }
69758092Seric
6984174Seric /* read the file -- each line is a comma-separated list. */
6999379Seric FileName = fname;
7009379Seric LineNumber = 0;
70158082Seric ctladdr->q_flags &= ~QSELFREF;
70258082Seric nincludes = 0;
7034174Seric while (fgets(buf, sizeof buf, fp) != NULL)
7044174Seric {
70556795Seric register char *p = strchr(buf, '\n');
7064174Seric
70740963Sbostic LineNumber++;
7084174Seric if (p != NULL)
7094174Seric *p = '\0';
71057186Seric if (buf[0] == '#' || buf[0] == '\0')
71157139Seric continue;
71258008Seric e->e_to = NULL;
71358151Seric message("%s to %s",
71453037Seric forwarding ? "forwarding" : "sending", buf);
71557977Seric #ifdef LOG
71658020Seric if (forwarding && LogLevel > 9)
71757977Seric syslog(LOG_INFO, "%s: forward %s => %s",
71857977Seric e->e_id, oldto, buf);
71957977Seric #endif
72057977Seric
7214176Seric AliasLevel++;
72258082Seric nincludes += sendtolist(buf, ctladdr, sendq, e);
7234176Seric AliasLevel--;
7244174Seric }
72563902Seric
72663902Seric if (ferror(fp) && tTd(27, 3))
72763902Seric printf("include: read error: %s\n", errstring(errno));
72858082Seric if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
72958065Seric {
73058065Seric if (tTd(27, 5))
73158065Seric {
73258065Seric printf("include: QDONTSEND ");
73358065Seric printaddr(ctladdr, FALSE);
73458065Seric }
73558065Seric ctladdr->q_flags |= QDONTSEND;
73658065Seric }
7374174Seric
73858680Seric (void) xfclose(fp, "include", fname);
7399379Seric FileName = oldfilename;
7409379Seric LineNumber = oldlinenumber;
74163847Seric e->e_to = oldto;
74257136Seric return 0;
7434174Seric }
74453037Seric
74553037Seric static
74653037Seric includetimeout()
74753037Seric {
74853037Seric longjmp(CtxIncludeTimeout, 1);
74953037Seric }
7504324Seric �/*
7514324Seric ** SENDTOARGV -- send to an argument vector.
7524324Seric **
7534324Seric ** Parameters:
7544324Seric ** argv -- argument vector to send to.
75558247Seric ** e -- the current envelope.
7564324Seric **
7574324Seric ** Returns:
7584324Seric ** none.
7594324Seric **
7604324Seric ** Side Effects:
7614324Seric ** puts all addresses on the argument vector onto the
7624324Seric ** send queue.
7634324Seric */
7644324Seric
76555012Seric sendtoargv(argv, e)
7664324Seric register char **argv;
76755012Seric register ENVELOPE *e;
7684324Seric {
7694324Seric register char *p;
7704324Seric
7714324Seric while ((p = *argv++) != NULL)
7724324Seric {
77358082Seric (void) sendtolist(p, (ADDRESS *) NULL, &e->e_sendqueue, e);
7744324Seric }
7754324Seric }
7764399Seric �/*
7774399Seric ** GETCTLADDR -- get controlling address from an address header.
7784399Seric **
7794399Seric ** If none, get one corresponding to the effective userid.
7804399Seric **
7814399Seric ** Parameters:
7824399Seric ** a -- the address to find the controller of.
7834399Seric **
7844399Seric ** Returns:
7854399Seric ** the controlling address.
7864399Seric **
7874399Seric ** Side Effects:
7884399Seric ** none.
7894399Seric */
7904399Seric
7914399Seric ADDRESS *
7924399Seric getctladdr(a)
7934399Seric register ADDRESS *a;
7944399Seric {
7954404Seric while (a != NULL && !bitset(QGOODUID, a->q_flags))
7964399Seric a = a->q_alias;
7974399Seric return (a);
7984399Seric }
799