sendmail/src/recipient.c

22710Sdist/*
68839Seric * Copyright (c) 1983, 1995 Eric P. Allman
63589Sbostic * Copyright (c) 1988, 1993
63589Sbostic *	The Regents of the University of California.  All rights reserved.
33731Sbostic *
42829Sbostic * %sccs.include.redist.c%
33731Sbostic */
22710Sdist
22710Sdist#ifndef lint
*69638Sericstatic char sccsid[] = "@(#)recipient.c	8.89 (Berkeley) 05/23/95";
33731Sbostic#endif /* not lint */
22710Sdist
58332Seric# include "sendmail.h"
4174Seric
4174Seric/*
9622Seric**  SENDTOLIST -- Designate a send list.
4174Seric**
4174Seric**	The parameter is a comma-separated list of people to send to.
4174Seric**	This routine arranges to send to all of them.
4174Seric**
4174Seric**	Parameters:
4174Seric**		list -- the send list.
4399Seric**		ctladdr -- the address template for the person to
4399Seric**			send to -- effective uid/gid are important.
5006Seric**			This is typically the alias that caused this
5006Seric**			expansion.
5006Seric**		sendq -- a pointer to the head of a queue to put
5006Seric**			these people into.
68481Seric**		aliaslevel -- the current alias nesting depth -- to
68481Seric**			diagnose loops.
58247Seric**		e -- the envelope in which to add these recipients.
4174Seric**
4174Seric**	Returns:
58082Seric**		The number of addresses actually on the list.
4174Seric**
4174Seric**	Side Effects:
4174Seric**		none.
4174Seric*/
4174Seric
68481Seric#define MAXRCRSN	10	/* maximum levels of alias recursion */
4174Seric
68481Seric/* q_flags bits inherited from ctladdr */
68595Seric#define QINHERITEDBITS	(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY)
68481Seric
68481Sericint
68481Sericsendtolist(list, ctladdr, sendq, aliaslevel, e)
4174Seric	char *list;
4399Seric	ADDRESS *ctladdr;
5198Seric	ADDRESS **sendq;
68481Seric	int aliaslevel;
55012Seric	register ENVELOPE *e;
4174Seric{
4174Seric	register char *p;
8223Seric	register ADDRESS *al;	/* list of addresses to send to */
4423Seric	bool firstone;		/* set on first address sent */
11446Seric	char delimiter;		/* the address delimiter */
58082Seric	int naddrs;
68392Seric	int i;
63847Seric	char *oldto = e->e_to;
68392Seric	char *bufp;
68271Seric	char buf[MAXNAME + 1];
4174Seric
64131Seric	if (list == NULL)
64131Seric	{
64131Seric		syserr("sendtolist: null list");
64131Seric		return 0;
64131Seric	}
64131Seric
7676Seric	if (tTd(25, 1))
4444Seric	{
4444Seric		printf("sendto: %s\n   ctladdr=", list);
4444Seric		printaddr(ctladdr, FALSE);
4444Seric	}
4324Seric
8223Seric	/* heuristic to determine old versus new style addresses */
8230Seric	if (ctladdr == NULL &&
56795Seric	    (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
56795Seric	     strchr(list, '<') != NULL || strchr(list, '(') != NULL))
55012Seric		e->e_flags &= ~EF_OLDSTYLE;
11446Seric	delimiter = ' ';
55012Seric	if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
11446Seric		delimiter = ',';
8223Seric
4423Seric	firstone = TRUE;
4324Seric	al = NULL;
58082Seric	naddrs = 0;
8223Seric
68392Seric	/* make sure we have enough space to copy the string */
68392Seric	i = strlen(list) + 1;
68392Seric	if (i <= sizeof buf)
68271Seric		bufp = buf;
68392Seric	else
68392Seric		bufp = xalloc(i);
68478Seric	strcpy(bufp, denlstring(list, FALSE, TRUE));
68271Seric
68271Seric	for (p = bufp; *p != '\0'; )
68271Seric	{
58333Seric		auto char *delimptr;
8081Seric		register ADDRESS *a;
4319Seric
8081Seric		/* parse the address */
58050Seric		while ((isascii(*p) && isspace(*p)) || *p == ',')
4174Seric			p++;
64284Seric		a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e);
58333Seric		p = delimptr;
9297Seric		if (a == NULL)
4174Seric			continue;
4324Seric		a->q_next = al;
4399Seric		a->q_alias = ctladdr;
4444Seric
68481Seric		/* arrange to inherit attributes from parent */
68481Seric		if (ctladdr != NULL)
68481Seric		{
69544Seric			ADDRESS *b;
69544Seric			extern ADDRESS *self_reference();
69544Seric
68481Seric			/* self reference test */
68481Seric			if (sameaddr(ctladdr, a))
69561Seric			{
69561Seric				if (tTd(27, 5))
69561Seric				{
69561Seric					printf("sendtolist: QSELFREF ");
69561Seric					printaddr(ctladdr, FALSE);
69561Seric				}
68481Seric				ctladdr->q_flags |= QSELFREF;
69561Seric			}
68481Seric
69544Seric			/* check for address loops */
69544Seric			b = self_reference(a, e);
69544Seric			if (b != NULL)
69544Seric			{
69544Seric				b->q_flags |= QSELFREF;
69561Seric				if (tTd(27, 5))
69561Seric				{
69561Seric					printf("sendtolist: QSELFREF ");
69561Seric					printaddr(b, FALSE);
69561Seric				}
69544Seric				if (a != b)
69544Seric				{
69561Seric					if (tTd(27, 5))
69561Seric					{
69561Seric						printf("sendtolist: QDONTSEND ");
69561Seric						printaddr(a, FALSE);
69561Seric					}
69544Seric					a->q_flags |= QDONTSEND;
69544Seric					continue;
69544Seric				}
69544Seric			}
69544Seric
68481Seric			/* full name */
68481Seric			if (a->q_fullname == NULL)
68481Seric				a->q_fullname = ctladdr->q_fullname;
68481Seric
68481Seric			/* various flag bits */
68481Seric			a->q_flags &= ~QINHERITEDBITS;
68481Seric			a->q_flags |= ctladdr->q_flags & QINHERITEDBITS;
68481Seric
68481Seric			/* original recipient information */
68481Seric			a->q_orcpt = ctladdr->q_orcpt;
68481Seric		}
68481Seric
57731Seric		al = a;
4423Seric		firstone = FALSE;
4324Seric	}
4324Seric
4324Seric	/* arrange to send to everyone on the local send list */
4324Seric	while (al != NULL)
4324Seric	{
4324Seric		register ADDRESS *a = al;
4324Seric
4324Seric		al = a->q_next;
68481Seric		a = recipient(a, sendq, aliaslevel, e);
58082Seric		naddrs++;
4174Seric	}
4324Seric
63847Seric	e->e_to = oldto;
68392Seric	if (bufp != buf)
68392Seric		free(bufp);
58082Seric	return (naddrs);
4174Seric}
4174Seric/*
4174Seric**  RECIPIENT -- Designate a message recipient
4174Seric**
4174Seric**	Saves the named person for future mailing.
4174Seric**
4174Seric**	Parameters:
4174Seric**		a -- the (preparsed) address header for the recipient.
5006Seric**		sendq -- a pointer to the head of a queue to put the
5006Seric**			recipient in.  Duplicate supression is done
5006Seric**			in this queue.
68481Seric**		aliaslevel -- the current alias nesting depth.
57731Seric**		e -- the current envelope.
4174Seric**
4174Seric**	Returns:
12613Seric**		The actual address in the queue.  This will be "a" if
12613Seric**		the address is not a duplicate, else the original address.
4174Seric**
4174Seric**	Side Effects:
4174Seric**		none.
4174Seric*/
4174Seric
12613SericADDRESS *
68481Sericrecipient(a, sendq, aliaslevel, e)
4174Seric	register ADDRESS *a;
5006Seric	register ADDRESS **sendq;
68481Seric	int aliaslevel;
55012Seric	register ENVELOPE *e;
4174Seric{
4174Seric	register ADDRESS *q;
4319Seric	ADDRESS **pq;
4174Seric	register struct mailer *m;
9210Seric	register char *p;
9210Seric	bool quoted = FALSE;		/* set if the addr has a quote bit */
53735Seric	int findusercount = 0;
68603Seric	bool initialdontsend = bitset(QDONTSEND, a->q_flags);
68481Seric	int i;
68481Seric	char *buf;
68528Seric	char buf0[MAXNAME + 1];		/* unquoted image of the user name */
58247Seric	extern int safefile();
4174Seric
55012Seric	e->e_to = a->q_paddr;
4600Seric	m = a->q_mailer;
4174Seric	errno = 0;
68603Seric	if (aliaslevel == 0)
68603Seric		a->q_flags |= QPRIMARY;
7676Seric	if (tTd(26, 1))
4444Seric	{
68603Seric		printf("\nrecipient (%d): ", aliaslevel);
4444Seric		printaddr(a, FALSE);
4444Seric	}
4174Seric
64146Seric	/* if this is primary, add it to the original recipient list */
64146Seric	if (a->q_alias == NULL)
64146Seric	{
64146Seric		if (e->e_origrcpt == NULL)
64146Seric			e->e_origrcpt = a->q_paddr;
64146Seric		else if (e->e_origrcpt != a->q_paddr)
64146Seric			e->e_origrcpt = "";
64146Seric	}
64146Seric
4174Seric	/* break aliasing loops */
68481Seric	if (aliaslevel > MAXRCRSN)
4174Seric	{
68857Seric		a->q_status = "5.4.6";
68481Seric		usrerr("554 aliasing/forwarding loop broken (%d aliases deep; %d max",
68481Seric			aliaslevel, MAXRCRSN);
12613Seric		return (a);
4174Seric	}
4174Seric
4174Seric	/*
4627Seric	**  Finish setting up address structure.
4174Seric	*/
4174Seric
16160Seric	/* get unquoted user for file, program or user.name check */
68481Seric	i = strlen(a->q_user);
68528Seric	if (i >= sizeof buf0)
68481Seric		buf = xalloc(i + 1);
68481Seric	else
68481Seric		buf = buf0;
9210Seric	(void) strcpy(buf, a->q_user);
9210Seric	for (p = buf; *p != '\0' && !quoted; p++)
9210Seric	{
54993Seric		if (*p == '\\')
9210Seric			quoted = TRUE;
9210Seric	}
54983Seric	stripquotes(buf);
9210Seric
57402Seric	/* check for direct mailing to restricted mailers */
65496Seric	if (m == ProgMailer)
4174Seric	{
65496Seric		if (a->q_alias == NULL)
65496Seric		{
65496Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
65496Seric			usrerr("550 Cannot mail directly to programs");
65496Seric		}
65496Seric		else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
65496Seric		{
65496Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
65496Seric			usrerr("550 User %s@%s doesn't have a valid shell for mailing to programs",
65496Seric				a->q_alias->q_ruser, MyHostName);
65496Seric		}
65496Seric		else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
65496Seric		{
65496Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
65496Seric			usrerr("550 Address %s is unsafe for mailing to programs",
65496Seric				a->q_alias->q_paddr);
65496Seric		}
4174Seric	}
4174Seric
4174Seric	/*
4419Seric	**  Look up this person in the recipient list.
4419Seric	**	If they are there already, return, otherwise continue.
4419Seric	**	If the list is empty, just add it.  Notice the cute
4419Seric	**	hack to make from addresses suppress things correctly:
4419Seric	**	the QDONTSEND bit will be set in the send list.
4419Seric	**	[Please note: the emphasis is on "hack."]
4174Seric	*/
4174Seric
5006Seric	for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
4174Seric	{
58294Seric		if (sameaddr(q, a))
4174Seric		{
7676Seric			if (tTd(26, 1))
4444Seric			{
4444Seric				printf("%s in sendq: ", a->q_paddr);
4444Seric				printaddr(q, FALSE);
4444Seric			}
65593Seric			if (!bitset(QPRIMARY, q->q_flags))
58065Seric			{
65593Seric				if (!bitset(QDONTSEND, a->q_flags))
58151Seric					message("duplicate suppressed");
65593Seric				q->q_flags |= a->q_flags;
65593Seric			}
65593Seric			else if (bitset(QSELFREF, q->q_flags))
65579Seric				q->q_flags |= a->q_flags & ~QDONTSEND;
63847Seric			a = q;
68481Seric			goto done;
4174Seric		}
4319Seric	}
4174Seric
4319Seric	/* add address on list */
58884Seric	*pq = a;
58884Seric	a->q_next = NULL;
4174Seric
4174Seric	/*
57402Seric	**  Alias the name and handle special mailer types.
4174Seric	*/
4174Seric
53735Seric  trylocaluser:
55354Seric	if (tTd(29, 7))
55354Seric		printf("at trylocaluser %s\n", a->q_user);
55354Seric
58680Seric	if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
63847Seric		goto testselfdestruct;
57402Seric
57402Seric	if (m == InclMailer)
4174Seric	{
57402Seric		a->q_flags |= QDONTSEND;
64761Seric		if (a->q_alias == NULL)
4174Seric		{
58680Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
58151Seric			usrerr("550 Cannot mail directly to :include:s");
4174Seric		}
4174Seric		else
50556Seric		{
59563Seric			int ret;
58247Seric
58151Seric			message("including file %s", a->q_user);
68481Seric			ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e);
59563Seric			if (transienterror(ret))
59563Seric			{
59563Seric#ifdef LOG
59563Seric				if (LogLevel > 2)
66239Seric					syslog(LOG_ERR, "%s: include %s: transient error: %s",
66284Seric						e->e_id == NULL ? "NOQUEUE" : e->e_id,
66284Seric						a->q_user, errstring(ret));
59563Seric#endif
63853Seric				a->q_flags |= QQUEUEUP;
65215Seric				a->q_flags &= ~QDONTSEND;
59563Seric				usrerr("451 Cannot open %s: %s",
59563Seric					a->q_user, errstring(ret));
59563Seric			}
59563Seric			else if (ret != 0)
59563Seric			{
63938Seric				a->q_flags |= QBADADDR;
68857Seric				a->q_status = "5.2.4";
59563Seric				usrerr("550 Cannot open %s: %s",
59563Seric					a->q_user, errstring(ret));
59563Seric			}
50556Seric		}
4174Seric	}
57642Seric	else if (m == FileMailer)
4174Seric	{
4329Seric		extern bool writable();
4174Seric
51317Seric		/* check if writable or creatable */
64761Seric		if (a->q_alias == NULL)
4174Seric		{
58680Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
58151Seric			usrerr("550 Cannot mail directly to files");
4174Seric		}
65496Seric		else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
65496Seric		{
65496Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
65496Seric			usrerr("550 User %s@%s doesn't have a valid shell for mailing to files",
65496Seric				a->q_alias->q_ruser, MyHostName);
65496Seric		}
65496Seric		else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
65496Seric		{
65496Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.7.1";
65496Seric			usrerr("550 Address %s is unsafe for mailing to files",
65496Seric				a->q_alias->q_paddr);
65496Seric		}
68494Seric		else if (!writable(buf, getctladdr(a), SFF_CREAT))
51317Seric		{
58680Seric			a->q_flags |= QBADADDR;
68481Seric			giveresponse(EX_CANTCREAT, m, NULL, a->q_alias,
68481Seric				     (time_t) 0, e);
51317Seric		}
51317Seric	}
51317Seric
57402Seric	/* try aliasing */
68481Seric	if (!bitset(QDONTSEND, a->q_flags) && bitnset(M_ALIASABLE, m->m_flags))
68481Seric		alias(a, sendq, aliaslevel, e);
57402Seric
57402Seric# ifdef USERDB
57402Seric	/* if not aliased, look it up in the user database */
68481Seric	if (!bitset(QDONTSEND|QNOTREMOTE|QVERIFIED, a->q_flags) &&
68481Seric	    bitnset(M_CHECKUDB, m->m_flags))
57402Seric	{
57402Seric		extern int udbexpand();
57402Seric
68481Seric		if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL)
57402Seric		{
63853Seric			a->q_flags |= QQUEUEUP;
57402Seric			if (e->e_message == NULL)
57402Seric				e->e_message = newstr("Deferred: user database error");
57402Seric# ifdef LOG
58020Seric			if (LogLevel > 8)
59623Seric				syslog(LOG_INFO, "%s: deferred: udbexpand: %s",
66284Seric					e->e_id == NULL ? "NOQUEUE" : e->e_id,
66284Seric					errstring(errno));
57402Seric# endif
59615Seric			message("queued (user database error): %s",
59615Seric				errstring(errno));
57642Seric			e->e_nrcpts++;
63847Seric			goto testselfdestruct;
57402Seric		}
57402Seric	}
57402Seric# endif
57402Seric
51317Seric	/*
51317Seric	**  If we have a level two config file, then pass the name through
51317Seric	**  Ruleset 5 before sending it off.  Ruleset 5 has the right
51317Seric	**  to send rewrite it to another mailer.  This gives us a hook
51317Seric	**  after local aliasing has been done.
51317Seric	*/
51317Seric
51317Seric	if (tTd(29, 5))
51317Seric	{
51317Seric		printf("recipient: testing local?  cl=%d, rr5=%x\n\t",
51317Seric			ConfigLevel, RewriteRules[5]);
51317Seric		printaddr(a, FALSE);
51317Seric	}
68481Seric	if (!bitset(QNOTREMOTE|QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags) &&
68481Seric	    ConfigLevel >= 2 && RewriteRules[5] != NULL &&
68481Seric	    bitnset(M_TRYRULESET5, m->m_flags))
51317Seric	{
68603Seric		maplocaluser(a, sendq, aliaslevel + 1, e);
51317Seric	}
51317Seric
51317Seric	/*
51317Seric	**  If it didn't get rewritten to another mailer, go ahead
51317Seric	**  and deliver it.
51317Seric	*/
51317Seric
68481Seric	if (!bitset(QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags) &&
68481Seric	    bitnset(M_HASPWENT, m->m_flags))
51317Seric	{
55354Seric		auto bool fuzzy;
51317Seric		register struct passwd *pw;
51317Seric		extern struct passwd *finduser();
51317Seric
51317Seric		/* warning -- finduser may trash buf */
55354Seric		pw = finduser(buf, &fuzzy);
51317Seric		if (pw == NULL)
51317Seric		{
58680Seric			a->q_flags |= QBADADDR;
68857Seric			a->q_status = "5.1.1";
68481Seric			giveresponse(EX_NOUSER, m, NULL, a->q_alias,
68481Seric				     (time_t) 0, e);
51317Seric		}
4174Seric		else
4174Seric		{
68528Seric			char nbuf[MAXNAME + 1];
4373Seric
55354Seric			if (fuzzy)
4174Seric			{
53735Seric				/* name was a fuzzy match */
51317Seric				a->q_user = newstr(pw->pw_name);
53735Seric				if (findusercount++ > 3)
53735Seric				{
58680Seric					a->q_flags |= QBADADDR;
68857Seric					a->q_status = "5.4.6";
58151Seric					usrerr("554 aliasing/forwarding loop for %s broken",
53735Seric						pw->pw_name);
68481Seric					goto done;
53735Seric				}
53735Seric
53735Seric				/* see if it aliases */
51317Seric				(void) strcpy(buf, pw->pw_name);
53735Seric				goto trylocaluser;
4174Seric			}
65822Seric			if (strcmp(pw->pw_dir, "/") == 0)
65822Seric				a->q_home = "";
65822Seric			else
65822Seric				a->q_home = newstr(pw->pw_dir);
51317Seric			a->q_uid = pw->pw_uid;
51317Seric			a->q_gid = pw->pw_gid;
59083Seric			a->q_ruser = newstr(pw->pw_name);
51317Seric			a->q_flags |= QGOODUID;
51317Seric			buildfname(pw->pw_gecos, pw->pw_name, nbuf);
51317Seric			if (nbuf[0] != '\0')
51317Seric				a->q_fullname = newstr(nbuf);
65211Seric			if (pw->pw_shell != NULL && pw->pw_shell[0] != '\0' &&
65211Seric			    !usershellok(pw->pw_shell))
65206Seric			{
65211Seric				a->q_flags |= QBOGUSSHELL;
65206Seric			}
69619Seric			if (bitset(EF_VRFYONLY, e->e_flags))
69619Seric			{
69619Seric				/* don't do any more now */
69619Seric				a->q_flags |= QVERIFIED;
69619Seric			}
69619Seric			else if (!quoted)
68481Seric				forward(a, sendq, aliaslevel, e);
4174Seric		}
4174Seric	}
57642Seric	if (!bitset(QDONTSEND, a->q_flags))
57642Seric		e->e_nrcpts++;
63847Seric
63847Seric  testselfdestruct:
68603Seric	a->q_flags |= QTHISPASS;
63978Seric	if (tTd(26, 8))
63847Seric	{
63978Seric		printf("testselfdestruct: ");
68603Seric		printaddr(a, FALSE);
68603Seric		if (tTd(26, 10))
68603Seric		{
68603Seric			printf("SENDQ:\n");
68603Seric			printaddr(*sendq, TRUE);
68603Seric			printf("----\n");
68603Seric		}
63978Seric	}
63978Seric	if (a->q_alias == NULL && a != &e->e_from &&
63978Seric	    bitset(QDONTSEND, a->q_flags))
63978Seric	{
68603Seric		for (q = *sendq; q != NULL; q = q->q_next)
68603Seric		{
68603Seric			if (!bitset(QDONTSEND|QBADADDR, q->q_flags) &&
68603Seric			    bitset(QTHISPASS, q->q_flags))
68603Seric				break;
68603Seric		}
63978Seric		if (q == NULL)
63847Seric		{
63847Seric			a->q_flags |= QBADADDR;
68858Seric			a->q_status = "5.4.6";
63847Seric			usrerr("554 aliasing/forwarding loop broken");
63847Seric		}
63847Seric	}
68481Seric
68481Seric  done:
68603Seric	a->q_flags |= QTHISPASS;
68481Seric	if (buf != buf0)
68481Seric		free(buf);
68603Seric
68603Seric	/*
68603Seric	**  If we are at the top level, check to see if this has
68603Seric	**  expanded to exactly one address.  If so, it can inherit
68603Seric	**  the primaryness of the address.
68603Seric	**
68603Seric	**  While we're at it, clear the QTHISPASS bits.
68603Seric	*/
68603Seric
68603Seric	if (aliaslevel == 0)
68603Seric	{
68603Seric		int nrcpts = 0;
68603Seric		ADDRESS *only;
68603Seric
68603Seric		for (q = *sendq; q != NULL; q = q->q_next)
68603Seric		{
68603Seric			if (bitset(QTHISPASS, q->q_flags) &&
68603Seric			    !bitset(QDONTSEND|QBADADDR, q->q_flags))
68603Seric			{
68603Seric				nrcpts++;
68603Seric				only = q;
68603Seric			}
68603Seric			q->q_flags &= ~QTHISPASS;
68603Seric		}
68603Seric		if (nrcpts == 1)
68603Seric		{
68867Seric			/* check to see if this actually got a new owner */
68867Seric			q = only;
68867Seric			while ((q = q->q_alias) != NULL)
68867Seric			{
68867Seric				if (q->q_owner != NULL)
68867Seric					break;
68867Seric			}
68867Seric			if (q == NULL)
68867Seric				only->q_flags |= QPRIMARY;
68867Seric		}
68867Seric		else if (!initialdontsend && nrcpts > 0)
68867Seric		{
68603Seric			/* arrange for return receipt */
68603Seric			e->e_flags |= EF_SENDRECEIPT;
68867Seric			a->q_flags |= QEXPANDED;
68603Seric			if (e->e_xfp != NULL)
68603Seric				fprintf(e->e_xfp,
68603Seric					"%s... expanded to multiple addresses\n",
68603Seric					a->q_paddr);
68603Seric		}
68603Seric	}
68603Seric
12613Seric	return (a);
4174Seric}
4174Seric/*
4373Seric**  FINDUSER -- find the password entry for a user.
4373Seric**
4373Seric**	This looks a lot like getpwnam, except that it may want to
4373Seric**	do some fancier pattern matching in /etc/passwd.
4373Seric**
9379Seric**	This routine contains most of the time of many sendmail runs.
9379Seric**	It deserves to be optimized.
9379Seric**
4373Seric**	Parameters:
4373Seric**		name -- the name to match against.
55354Seric**		fuzzyp -- an outarg that is set to TRUE if this entry
55354Seric**			was found using the fuzzy matching algorithm;
55354Seric**			set to FALSE otherwise.
4373Seric**
4373Seric**	Returns:
4373Seric**		A pointer to a pw struct.
4373Seric**		NULL if name is unknown or ambiguous.
4373Seric**
4373Seric**	Side Effects:
4407Seric**		may modify name.
4373Seric*/
4373Seric
4373Sericstruct passwd *
55354Sericfinduser(name, fuzzyp)
4373Seric	char *name;
55354Seric	bool *fuzzyp;
4373Seric{
4376Seric	register struct passwd *pw;
4407Seric	register char *p;
4373Seric
55354Seric	if (tTd(29, 4))
55354Seric		printf("finduser(%s): ", name);
55354Seric
55354Seric	*fuzzyp = FALSE;
4407Seric
68481Seric#ifdef HESIOD
64673Seric	/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
64673Seric	for (p = name; *p != '\0'; p++)
64673Seric		if (!isascii(*p) || !isdigit(*p))
64673Seric			break;
64673Seric	if (*p == '\0')
64673Seric	{
64673Seric		if (tTd(29, 4))
64673Seric			printf("failed (numeric input)\n");
64673Seric		return NULL;
64673Seric	}
68481Seric#endif
64673Seric
25777Seric	/* look up this login name using fast path */
68693Seric	if ((pw = sm_getpwnam(name)) != NULL)
55354Seric	{
55354Seric		if (tTd(29, 4))
55354Seric			printf("found (non-fuzzy)\n");
12634Seric		return (pw);
55354Seric	}
12634Seric
53735Seric#ifdef MATCHGECOS
53735Seric	/* see if fuzzy matching allowed */
53735Seric	if (!MatchGecos)
55354Seric	{
55354Seric		if (tTd(29, 4))
55354Seric			printf("not found (fuzzy disabled)\n");
53735Seric		return NULL;
55354Seric	}
53735Seric
12634Seric	/* search for a matching full name instead */
25777Seric	for (p = name; *p != '\0'; p++)
25777Seric	{
25777Seric		if (*p == (SpaceSub & 0177) || *p == '_')
25777Seric			*p = ' ';
25777Seric	}
23107Seric	(void) setpwent();
4376Seric	while ((pw = getpwent()) != NULL)
4376Seric	{
68528Seric		char buf[MAXNAME + 1];
4376Seric
4998Seric		buildfname(pw->pw_gecos, pw->pw_name, buf);
56795Seric		if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
4381Seric		{
55354Seric			if (tTd(29, 4))
55354Seric				printf("fuzzy matches %s\n", pw->pw_name);
58151Seric			message("sending to login name %s", pw->pw_name);
55354Seric			*fuzzyp = TRUE;
4376Seric			return (pw);
4377Seric		}
4376Seric	}
55354Seric	if (tTd(29, 4))
55354Seric		printf("no fuzzy match found\n");
59015Seric#else
59015Seric	if (tTd(29, 4))
59015Seric		printf("not found (fuzzy disabled)\n");
59015Seric#endif
4376Seric	return (NULL);
4373Seric}
4373Seric/*
4329Seric**  WRITABLE -- predicate returning if the file is writable.
4329Seric**
4329Seric**	This routine must duplicate the algorithm in sys/fio.c.
4329Seric**	Unfortunately, we cannot use the access call since we
4329Seric**	won't necessarily be the real uid when we try to
4329Seric**	actually open the file.
4329Seric**
4329Seric**	Notice that ANY file with ANY execute bit is automatically
4329Seric**	not writable.  This is also enforced by mailfile.
4329Seric**
4329Seric**	Parameters:
65064Seric**		filename -- the file name to check.
65112Seric**		ctladdr -- the controlling address for this file.
65064Seric**		flags -- SFF_* flags to control the function.
4329Seric**
4329Seric**	Returns:
4329Seric**		TRUE -- if we will be able to write this file.
4329Seric**		FALSE -- if we cannot write this file.
4329Seric**
4329Seric**	Side Effects:
4329Seric**		none.
4329Seric*/
4329Seric
4329Sericbool
65112Sericwritable(filename, ctladdr, flags)
64819Seric	char *filename;
65112Seric	ADDRESS *ctladdr;
65064Seric	int flags;
4329Seric{
55372Seric	uid_t euid;
55372Seric	gid_t egid;
4329Seric	int bits;
64944Seric	register char *p;
64944Seric	char *uname;
4329Seric
64819Seric	if (tTd(29, 5))
68802Seric		printf("writable(%s, 0x%x)\n", filename, flags);
64944Seric
65225Seric#ifdef SUID_ROOT_FILES_OK
65225Seric	/* really ought to be passed down -- and not a good idea */
65225Seric	flags |= SFF_ROOTOK;
65225Seric#endif
65225Seric
64944Seric	/*
64944Seric	**  File does exist -- check that it is writable.
64944Seric	*/
64944Seric
65112Seric	if (ctladdr != NULL && geteuid() == 0)
64944Seric	{
65112Seric		euid = ctladdr->q_uid;
65112Seric		egid = ctladdr->q_gid;
65112Seric		uname = ctladdr->q_user;
64944Seric	}
68802Seric	else if (bitset(SFF_RUNASREALUID, flags))
65112Seric	{
68494Seric		extern char RealUserName[];
68494Seric
65112Seric		euid = RealUid;
65112Seric		egid = RealGid;
65112Seric		uname = RealUserName;
65112Seric	}
68481Seric	else if (FileMailer != NULL)
68481Seric	{
68481Seric		euid = FileMailer->m_uid;
68481Seric		egid = FileMailer->m_gid;
68481Seric	}
68481Seric	else
68481Seric	{
68481Seric		euid = egid = 0;
68481Seric	}
65138Seric	if (euid == 0)
65138Seric	{
65138Seric		euid = DefUid;
65138Seric		uname = DefUser;
65138Seric	}
65138Seric	if (egid == 0)
65138Seric		egid = DefGid;
4329Seric	if (geteuid() == 0)
68494Seric		flags |= SFF_SETUIDOK;
4329Seric
68494Seric	errno = safefile(filename, euid, egid, uname, flags, S_IWRITE, NULL);
65067Seric	return errno == 0;
4329Seric}
4329Seric/*
4174Seric**  INCLUDE -- handle :include: specification.
4174Seric**
4174Seric**	Parameters:
4174Seric**		fname -- filename to include.
53037Seric**		forwarding -- if TRUE, we are reading a .forward file.
53037Seric**			if FALSE, it's a :include: file.
4399Seric**		ctladdr -- address template to use to fill in these
4399Seric**			addresses -- effective user/group id are
4399Seric**			the important things.
5006Seric**		sendq -- a pointer to the head of the send queue
5006Seric**			to put these addresses in.
68481Seric**		aliaslevel -- the alias nesting depth.
68481Seric**		e -- the current envelope.
4174Seric**
4174Seric**	Returns:
57136Seric**		open error status
4174Seric**
4174Seric**	Side Effects:
4174Seric**		reads the :include: file and sends to everyone
4174Seric**		listed in that file.
65909Seric**
65909Seric**	Security Note:
65909Seric**		If you have restricted chown (that is, you can't
65909Seric**		give a file away), it is reasonable to allow programs
65909Seric**		and files called from this :include: file to be to be
65909Seric**		run as the owner of the :include: file.  This is bogus
65909Seric**		if there is any chance of someone giving away a file.
65909Seric**		We assume that pre-POSIX systems can give away files.
65909Seric**
65909Seric**		There is an additional restriction that if you
65909Seric**		forward to a :include: file, it will not take on
65909Seric**		the ownership of the :include: file.  This may not
65909Seric**		be necessary, but shouldn't hurt.
4174Seric*/
4174Seric
53037Sericstatic jmp_buf	CtxIncludeTimeout;
68481Sericstatic void	includetimeout();
53037Seric
57136Sericint
68481Sericinclude(fname, forwarding, ctladdr, sendq, aliaslevel, e)
4174Seric	char *fname;
53037Seric	bool forwarding;
4399Seric	ADDRESS *ctladdr;
5006Seric	ADDRESS **sendq;
68481Seric	int aliaslevel;
55012Seric	ENVELOPE *e;
4174Seric{
68481Seric	FILE *fp = NULL;
55012Seric	char *oldto = e->e_to;
9379Seric	char *oldfilename = FileName;
9379Seric	int oldlinenumber = LineNumber;
53037Seric	register EVENT *ev = NULL;
58082Seric	int nincludes;
64325Seric	register ADDRESS *ca;
64325Seric	uid_t saveduid, uid;
64325Seric	gid_t savedgid, gid;
64083Seric	char *uname;
64325Seric	int rval = 0;
68513Seric	int sfflags = SFF_REGONLY;
65496Seric	struct stat st;
65948Seric	char buf[MAXLINE];
65909Seric#ifdef _POSIX_CHOWN_RESTRICTED
65948Seric# if _POSIX_CHOWN_RESTRICTED == -1
65948Seric#  define safechown	FALSE
65948Seric# else
65948Seric#  define safechown	TRUE
65948Seric# endif
65948Seric#else
65948Seric# ifdef _PC_CHOWN_RESTRICTED
65909Seric	bool safechown;
65948Seric# else
65948Seric#  ifdef BSD
65948Seric#   define safechown	TRUE
65948Seric#  else
65948Seric#   define safechown	FALSE
65948Seric#  endif
65948Seric# endif
65909Seric#endif
65948Seric	extern bool chownsafe();
4174Seric
57186Seric	if (tTd(27, 2))
57186Seric		printf("include(%s)\n", fname);
63902Seric	if (tTd(27, 4))
63902Seric		printf("   ruid=%d euid=%d\n", getuid(), geteuid());
63581Seric	if (tTd(27, 14))
63581Seric	{
63581Seric		printf("ctladdr ");
63581Seric		printaddr(ctladdr, FALSE);
63581Seric	}
57186Seric
64325Seric	if (tTd(27, 9))
64325Seric		printf("include: old uid = %d/%d\n", getuid(), geteuid());
53037Seric
68513Seric	if (forwarding)
69306Seric		sfflags |= SFF_MUSTOWN|SFF_ROOTOK|SFF_NOSLINK;
68513Seric
63581Seric	ca = getctladdr(ctladdr);
63581Seric	if (ca == NULL)
64083Seric	{
64846Seric		uid = DefUid;
64846Seric		gid = DefGid;
64846Seric		uname = DefUser;
64083Seric	}
63581Seric	else
64083Seric	{
63581Seric		uid = ca->q_uid;
64083Seric		gid = ca->q_gid;
64083Seric		uname = ca->q_user;
68481Seric	}
*69638Seric#if HASSETREUID || USESETEUID
68481Seric	saveduid = geteuid();
68481Seric	savedgid = getegid();
68481Seric	if (saveduid == 0)
68481Seric	{
68481Seric		initgroups(uname, gid);
68481Seric		if (uid != 0)
64325Seric		{
*69638Seric# if USESETEUID
*69638Seric			if (seteuid(uid) < 0)
*69638Seric				syserr("seteuid(%d) failure (real=%d, eff=%d)",
*69638Seric					uid, getuid(), geteuid());
*69638Seric# else
68481Seric			if (setreuid(0, uid) < 0)
68481Seric				syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
68481Seric					uid, getuid(), geteuid());
*69638Seric# endif
68481Seric			else
68481Seric				sfflags |= SFF_NOPATHCHECK;
64325Seric		}
68481Seric	}
69544Seric#endif
63581Seric
64325Seric	if (tTd(27, 9))
64325Seric		printf("include: new uid = %d/%d\n", getuid(), geteuid());
64325Seric
64325Seric	/*
64325Seric	**  If home directory is remote mounted but server is down,
64325Seric	**  this can hang or give errors; use a timeout to avoid this
64325Seric	*/
64325Seric
53037Seric	if (setjmp(CtxIncludeTimeout) != 0)
53037Seric	{
63853Seric		ctladdr->q_flags |= QQUEUEUP;
53037Seric		errno = 0;
63993Seric
63993Seric		/* return pseudo-error code */
64325Seric		rval = EOPENTIMEOUT;
64325Seric		goto resetuid;
53037Seric	}
68481Seric	if (TimeOuts.to_fileopen > 0)
68481Seric		ev = setevent(TimeOuts.to_fileopen, includetimeout, 0);
68481Seric	else
68481Seric		ev = NULL;
53037Seric
63581Seric	/* the input file must be marked safe */
68494Seric	rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL);
64329Seric	if (rval != 0)
53037Seric	{
64325Seric		/* don't use this :include: file */
57186Seric		if (tTd(27, 4))
58247Seric			printf("include: not safe (uid=%d): %s\n",
64329Seric				uid, errstring(rval));
53037Seric	}
65496Seric	else
4174Seric	{
65496Seric		fp = fopen(fname, "r");
65496Seric		if (fp == NULL)
58061Seric		{
64329Seric			rval = errno;
65496Seric			if (tTd(27, 4))
65496Seric				printf("include: open: %s\n", errstring(rval));
58061Seric		}
4406Seric	}
68481Seric	if (ev != NULL)
68481Seric		clrevent(ev);
53037Seric
64570Sericresetuid:
64570Seric
*69638Seric#if HASSETREUID || USESETEUID
64570Seric	if (saveduid == 0)
64570Seric	{
64570Seric		if (uid != 0)
68481Seric		{
*69638Seric# if USESETEUID
*69638Seric			if (seteuid(0) < 0)
*69638Seric				syserr("seteuid(0) failure (real=%d, eff=%d)",
*69638Seric					getuid(), geteuid());
*69638Seric# else
68481Seric			if (setreuid(-1, 0) < 0)
68481Seric				syserr("setreuid(-1, 0) failure (real=%d, eff=%d)",
68481Seric					getuid(), geteuid());
68481Seric			if (setreuid(RealUid, 0) < 0)
64570Seric				syserr("setreuid(%d, 0) failure (real=%d, eff=%d)",
64570Seric					RealUid, getuid(), geteuid());
*69638Seric# endif
68481Seric		}
64570Seric		setgid(savedgid);
64570Seric	}
64570Seric#endif
64570Seric
64570Seric	if (tTd(27, 9))
64570Seric		printf("include: reset uid = %d/%d\n", getuid(), geteuid());
64570Seric
65593Seric	if (rval == EOPENTIMEOUT)
65593Seric		usrerr("451 open timeout on %s", fname);
65593Seric
64570Seric	if (fp == NULL)
64570Seric		return rval;
64570Seric
65496Seric	if (fstat(fileno(fp), &st) < 0)
65496Seric	{
65496Seric		rval = errno;
65496Seric		syserr("Cannot fstat %s!", fname);
65496Seric		return rval;
65496Seric	}
65496Seric
65948Seric#ifndef safechown
65948Seric	safechown = chownsafe(fileno(fp));
65948Seric#endif
65909Seric	if (ca == NULL && safechown)
65496Seric	{
65496Seric		ctladdr->q_uid = st.st_uid;
65496Seric		ctladdr->q_gid = st.st_gid;
65496Seric		ctladdr->q_flags |= QGOODUID;
65496Seric	}
65496Seric	if (ca != NULL && ca->q_uid == st.st_uid)
65496Seric	{
65496Seric		/* optimization -- avoid getpwuid if we already have info */
65496Seric		ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL;
65496Seric		ctladdr->q_ruser = ca->q_ruser;
65496Seric	}
65496Seric	else
65496Seric	{
65496Seric		register struct passwd *pw;
65496Seric
68693Seric		pw = sm_getpwuid(st.st_uid);
68481Seric		if (pw == NULL)
68481Seric			ctladdr->q_flags |= QBOGUSSHELL;
68481Seric		else
68478Seric		{
68481Seric			char *sh;
68481Seric
68478Seric			ctladdr->q_ruser = newstr(pw->pw_name);
68478Seric			if (safechown)
68478Seric				sh = pw->pw_shell;
65909Seric			else
68481Seric				sh = "/SENDMAIL/ANY/SHELL/";
68481Seric			if (!usershellok(sh))
68481Seric			{
68481Seric				if (safechown)
68481Seric					ctladdr->q_flags |= QBOGUSSHELL;
68481Seric				else
68481Seric					ctladdr->q_flags |= QUNSAFEADDR;
68481Seric			}
65496Seric		}
65496Seric	}
65496Seric
58092Seric	if (bitset(EF_VRFYONLY, e->e_flags))
58092Seric	{
58092Seric		/* don't do any more now */
58868Seric		ctladdr->q_flags |= QVERIFIED;
58884Seric		e->e_nrcpts++;
58680Seric		xfclose(fp, "include", fname);
64570Seric		return rval;
58092Seric	}
58092Seric
65496Seric	/*
65496Seric	** Check to see if some bad guy can write this file
65496Seric	**
65496Seric	**	This should really do something clever with group
65496Seric	**	permissions; currently we just view world writable
65496Seric	**	as unsafe.  Also, we don't check for writable
65496Seric	**	directories in the path.  We've got to leave
65496Seric	**	something for the local sysad to do.
65496Seric	*/
65496Seric
65496Seric	if (bitset(S_IWOTH, st.st_mode))
65496Seric		ctladdr->q_flags |= QUNSAFEADDR;
65496Seric
4174Seric	/* read the file -- each line is a comma-separated list. */
9379Seric	FileName = fname;
9379Seric	LineNumber = 0;
58082Seric	ctladdr->q_flags &= ~QSELFREF;
58082Seric	nincludes = 0;
4174Seric	while (fgets(buf, sizeof buf, fp) != NULL)
4174Seric	{
56795Seric		register char *p = strchr(buf, '\n');
4174Seric
40963Sbostic		LineNumber++;
4174Seric		if (p != NULL)
4174Seric			*p = '\0';
57186Seric		if (buf[0] == '#' || buf[0] == '\0')
57139Seric			continue;
68787Seric
68787Seric		/* <sp>#@# introduces a comment anywhere */
68787Seric		/* for Japanese character sets */
68787Seric		for (p = buf; (p = strchr(++p, '#')) != NULL; )
68787Seric		{
68787Seric			if (p[1] == '@' && p[2] == '#' &&
68787Seric			    isascii(p[-1]) && isspace(p[-1]) &&
68787Seric			    isascii(p[3]) && isspace(p[3]))
68787Seric			{
68787Seric				p[-1] = '\0';
68787Seric				break;
68787Seric			}
68787Seric		}
68787Seric		if (buf[0] == '\0')
68787Seric			continue;
68787Seric
58008Seric		e->e_to = NULL;
58151Seric		message("%s to %s",
53037Seric			forwarding ? "forwarding" : "sending", buf);
57977Seric#ifdef LOG
58020Seric		if (forwarding && LogLevel > 9)
57977Seric			syslog(LOG_INFO, "%s: forward %s => %s",
66284Seric				e->e_id == NULL ? "NOQUEUE" : e->e_id,
66284Seric				oldto, buf);
57977Seric#endif
57977Seric
68481Seric		nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e);
4174Seric	}
63902Seric
63902Seric	if (ferror(fp) && tTd(27, 3))
63902Seric		printf("include: read error: %s\n", errstring(errno));
58082Seric	if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
58065Seric	{
58065Seric		if (tTd(27, 5))
58065Seric		{
58065Seric			printf("include: QDONTSEND ");
58065Seric			printaddr(ctladdr, FALSE);
58065Seric		}
58065Seric		ctladdr->q_flags |= QDONTSEND;
58065Seric	}
4174Seric
58680Seric	(void) xfclose(fp, "include", fname);
9379Seric	FileName = oldfilename;
9379Seric	LineNumber = oldlinenumber;
63847Seric	e->e_to = oldto;
64325Seric	return rval;
4174Seric}
53037Seric
68481Sericstatic void
53037Sericincludetimeout()
53037Seric{
53037Seric	longjmp(CtxIncludeTimeout, 1);
53037Seric}
4324Seric/*
4324Seric**  SENDTOARGV -- send to an argument vector.
4324Seric**
4324Seric**	Parameters:
4324Seric**		argv -- argument vector to send to.
58247Seric**		e -- the current envelope.
4324Seric**
4324Seric**	Returns:
4324Seric**		none.
4324Seric**
4324Seric**	Side Effects:
4324Seric**		puts all addresses on the argument vector onto the
4324Seric**			send queue.
4324Seric*/
4324Seric
55012Sericsendtoargv(argv, e)
4324Seric	register char **argv;
55012Seric	register ENVELOPE *e;
4324Seric{
4324Seric	register char *p;
4324Seric
4324Seric	while ((p = *argv++) != NULL)
4324Seric	{
68481Seric		(void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e);
4324Seric	}
4324Seric}
4399Seric/*
4399Seric**  GETCTLADDR -- get controlling address from an address header.
4399Seric**
4399Seric**	If none, get one corresponding to the effective userid.
4399Seric**
4399Seric**	Parameters:
4399Seric**		a -- the address to find the controller of.
4399Seric**
4399Seric**	Returns:
4399Seric**		the controlling address.
4399Seric**
4399Seric**	Side Effects:
4399Seric**		none.
4399Seric*/
4399Seric
4399SericADDRESS *
4399Sericgetctladdr(a)
4399Seric	register ADDRESS *a;
4399Seric{
4404Seric	while (a != NULL && !bitset(QGOODUID, a->q_flags))
4399Seric		a = a->q_alias;
4399Seric	return (a);
4399Seric}
69544Seric/*
69544Seric**  SELF_REFERENCE -- check to see if an address references itself
69544Seric**
69544Seric**	The check is done through a chain of aliases.  If it is part of
69544Seric**	a loop, break the loop at the "best" address, that is, the one
69544Seric**	that exists as a real user.
69544Seric**
69544Seric**	This is to handle the case of:
69569Seric**		awc:		Andrew.Chang
69569Seric**		Andrew.Chang:	awc@mail.server
69544Seric**	which is a problem only on mail.server.
69544Seric**
69544Seric**	Parameters:
69544Seric**		a -- the address to check.
69544Seric**		e -- the current envelope.
69544Seric**
69544Seric**	Returns:
69544Seric**		The address that should be retained.
69544Seric*/
69544Seric
69544SericADDRESS *
69544Sericself_reference(a, e)
69544Seric	ADDRESS *a;
69544Seric	ENVELOPE *e;
69544Seric{
69544Seric	ADDRESS *b;		/* top entry in self ref loop */
69544Seric	ADDRESS *c;		/* entry that point to a real mail box */
69544Seric
69544Seric	if (tTd(27, 1))
69544Seric		printf("self_reference(%s)\n", a->q_paddr);
69544Seric
69544Seric	for (b = a->q_alias; b != NULL; b = b->q_alias)
69544Seric	{
69544Seric		if (sameaddr(a, b))
69544Seric			break;
69544Seric	}
69544Seric
69544Seric	if (b == NULL)
69544Seric	{
69544Seric		if (tTd(27, 1))
69544Seric			printf("\t... no self ref\n");
69544Seric		return NULL;
69544Seric	}
69544Seric
69544Seric	/*
69544Seric	**  Pick the first address that resolved to a real mail box
69544Seric	**  i.e has a pw entry.  The returned value will be marked
69544Seric	**  QSELFREF in recipient(), which in turn will disable alias()
69544Seric	**  from marking it QDONTSEND, which mean it will be used
69544Seric	**  as a deliverable address.
69544Seric	**
69544Seric	**  The 2 key thing to note here are:
69544Seric	**	1) we are in a recursive call sequence:
69544Seric	**		alias->sentolist->recipient->alias
69544Seric	**	2) normally, when we return back to alias(), the address
69544Seric	**	   will be marked QDONTSEND, since alias() assumes the
69544Seric	**	   expanded form will be used instead of the current address.
69544Seric	**	   This behaviour is turned off if the address is marked
69544Seric	**	   QSELFREF We set QSELFREF when we return to recipient().
69544Seric	*/
69544Seric
69544Seric	c = a;
69544Seric	while (c != NULL)
69544Seric	{
69544Seric		if (bitnset(M_HASPWENT, c->q_mailer->m_flags))
69544Seric		{
69544Seric			if (tTd(27, 2))
69544Seric				printf("\t... getpwnam(%s)... ", c->q_user);
69544Seric			if (sm_getpwnam(c->q_user) != NULL)
69544Seric			{
69544Seric				if (tTd(27, 2))
69544Seric					printf("found\n");
69544Seric
69544Seric				/* ought to cache results here */
69621Seric				if (sameaddr(b, c))
69621Seric					return b;
69621Seric				else
69621Seric					return c;
69544Seric			}
69544Seric			if (tTd(27, 2))
69544Seric				printf("failed\n");
69544Seric		}
69544Seric		c = c->q_alias;
69544Seric	}
69544Seric
69544Seric	if (tTd(27, 1))
69544Seric		printf("\t... cannot break loop for \"%s\"\n", a->q_paddr);
69544Seric
69544Seric	return NULL;
69544Seric}