1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)recipient.c 8.36 (Berkeley) 01/05/94";
11 #endif /* not lint */
12
13 # include "sendmail.h"
14 # include <pwd.h>
15
16 /*
17 ** SENDTOLIST -- Designate a send list.
18 **
19 ** The parameter is a comma-separated list of people to send to.
20 ** This routine arranges to send to all of them.
21 **
22 ** Parameters:
23 ** list -- the send list.
24 ** ctladdr -- the address template for the person to
25 ** send to -- effective uid/gid are important.
26 ** This is typically the alias that caused this
27 ** expansion.
28 ** sendq -- a pointer to the head of a queue to put
29 ** these people into.
30 ** e -- the envelope in which to add these recipients.
31 **
32 ** Returns:
33 ** The number of addresses actually on the list.
34 **
35 ** Side Effects:
36 ** none.
37 */
38
39 # define MAXRCRSN 10
40
41 sendtolist(list, ctladdr, sendq, e)
42 char *list;
43 ADDRESS *ctladdr;
44 ADDRESS **sendq;
45 register ENVELOPE *e;
46 {
47 register char *p;
48 register ADDRESS *al; /* list of addresses to send to */
49 bool firstone; /* set on first address sent */
50 char delimiter; /* the address delimiter */
51 int naddrs;
52 char *oldto = e->e_to;
53
54 if (list == NULL)
55 {
56 syserr("sendtolist: null list");
57 return 0;
58 }
59
60 if (tTd(25, 1))
61 {
62 printf("sendto: %s\n ctladdr=", list);
63 printaddr(ctladdr, FALSE);
64 }
65
66 /* heuristic to determine old versus new style addresses */
67 if (ctladdr == NULL &&
68 (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
69 strchr(list, '<') != NULL || strchr(list, '(') != NULL))
70 e->e_flags &= ~EF_OLDSTYLE;
71 delimiter = ' ';
72 if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
73 delimiter = ',';
74
75 firstone = TRUE;
76 al = NULL;
77 naddrs = 0;
78
79 for (p = list; *p != '\0'; )
80 {
81 auto char *delimptr;
82 register ADDRESS *a;
83
84 /* parse the address */
85 while ((isascii(*p) && isspace(*p)) || *p == ',')
86 p++;
87 a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e);
88 p = delimptr;
89 if (a == NULL)
90 continue;
91 a->q_next = al;
92 a->q_alias = ctladdr;
93
94 /* see if this should be marked as a primary address */
95 if (ctladdr == NULL ||
96 (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
97 a->q_flags |= QPRIMARY;
98
99 if (ctladdr != NULL && sameaddr(ctladdr, a))
100 ctladdr->q_flags |= QSELFREF;
101 al = a;
102 firstone = FALSE;
103 }
104
105 /* arrange to send to everyone on the local send list */
106 while (al != NULL)
107 {
108 register ADDRESS *a = al;
109
110 al = a->q_next;
111 a = recipient(a, sendq, e);
112
113 /* arrange to inherit full name */
114 if (a->q_fullname == NULL && ctladdr != NULL)
115 a->q_fullname = ctladdr->q_fullname;
116 naddrs++;
117 }
118
119 e->e_to = oldto;
120 return (naddrs);
121 }
122 �/*
123 ** RECIPIENT -- Designate a message recipient
124 **
125 ** Saves the named person for future mailing.
126 **
127 ** Parameters:
128 ** a -- the (preparsed) address header for the recipient.
129 ** sendq -- a pointer to the head of a queue to put the
130 ** recipient in. Duplicate supression is done
131 ** in this queue.
132 ** e -- the current envelope.
133 **
134 ** Returns:
135 ** The actual address in the queue. This will be "a" if
136 ** the address is not a duplicate, else the original address.
137 **
138 ** Side Effects:
139 ** none.
140 */
141
142 ADDRESS *
143 recipient(a, sendq, e)
144 register ADDRESS *a;
145 register ADDRESS **sendq;
146 register ENVELOPE *e;
147 {
148 register ADDRESS *q;
149 ADDRESS **pq;
150 register struct mailer *m;
151 register char *p;
152 bool quoted = FALSE; /* set if the addr has a quote bit */
153 int findusercount = 0;
154 char buf[MAXNAME]; /* unquoted image of the user name */
155 extern int safefile();
156
157 e->e_to = a->q_paddr;
158 m = a->q_mailer;
159 errno = 0;
160 if (tTd(26, 1))
161 {
162 printf("\nrecipient: ");
163 printaddr(a, FALSE);
164 }
165
166 /* if this is primary, add it to the original recipient list */
167 if (a->q_alias == NULL)
168 {
169 if (e->e_origrcpt == NULL)
170 e->e_origrcpt = a->q_paddr;
171 else if (e->e_origrcpt != a->q_paddr)
172 e->e_origrcpt = "";
173 }
174
175 /* break aliasing loops */
176 if (AliasLevel > MAXRCRSN)
177 {
178 usrerr("554 aliasing/forwarding loop broken");
179 return (a);
180 }
181
182 /*
183 ** Finish setting up address structure.
184 */
185
186 /* set the queue timeout */
187 a->q_timeout = TimeOuts.to_q_return;
188
189 /* get unquoted user for file, program or user.name check */
190 (void) strcpy(buf, a->q_user);
191 for (p = buf; *p != '\0' && !quoted; p++)
192 {
193 if (*p == '\\')
194 quoted = TRUE;
195 }
196 stripquotes(buf);
197
198 /* check for direct mailing to restricted mailers */
199 if (m == ProgMailer)
200 {
201 if (a->q_alias == NULL)
202 {
203 a->q_flags |= QBADADDR;
204 usrerr("550 Cannot mail directly to programs");
205 }
206 else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
207 {
208 a->q_flags |= QBADADDR;
209 usrerr("550 User %s@%s doesn't have a valid shell for mailing to programs",
210 a->q_alias->q_ruser, MyHostName);
211 }
212 else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
213 {
214 a->q_flags |= QBADADDR;
215 usrerr("550 Address %s is unsafe for mailing to programs",
216 a->q_alias->q_paddr);
217 }
218 }
219
220 /*
221 ** Look up this person in the recipient list.
222 ** If they are there already, return, otherwise continue.
223 ** If the list is empty, just add it. Notice the cute
224 ** hack to make from addresses suppress things correctly:
225 ** the QDONTSEND bit will be set in the send list.
226 ** [Please note: the emphasis is on "hack."]
227 */
228
229 for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
230 {
231 if (sameaddr(q, a))
232 {
233 if (tTd(26, 1))
234 {
235 printf("%s in sendq: ", a->q_paddr);
236 printaddr(q, FALSE);
237 }
238 if (!bitset(QPRIMARY, q->q_flags))
239 {
240 if (!bitset(QDONTSEND, a->q_flags))
241 message("duplicate suppressed");
242 q->q_flags |= a->q_flags;
243 }
244 a = q;
245 goto testselfdestruct;
246 }
247 }
248
249 /* add address on list */
250 *pq = a;
251 a->q_next = NULL;
252
253 /*
254 ** Alias the name and handle special mailer types.
255 */
256
257 trylocaluser:
258 if (tTd(29, 7))
259 printf("at trylocaluser %s\n", a->q_user);
260
261 if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
262 goto testselfdestruct;
263
264 if (m == InclMailer)
265 {
266 a->q_flags |= QDONTSEND;
267 if (a->q_alias == NULL)
268 {
269 a->q_flags |= QBADADDR;
270 usrerr("550 Cannot mail directly to :include:s");
271 }
272 else
273 {
274 int ret;
275
276 message("including file %s", a->q_user);
277 ret = include(a->q_user, FALSE, a, sendq, e);
278 if (transienterror(ret))
279 {
280 #ifdef LOG
281 if (LogLevel > 2)
282 syslog(LOG_ERR, "%s: include %s: transient error: %e",
283 e->e_id, a->q_user, errstring(ret));
284 #endif
285 a->q_flags |= QQUEUEUP;
286 a->q_flags &= ~QDONTSEND;
287 usrerr("451 Cannot open %s: %s",
288 a->q_user, errstring(ret));
289 }
290 else if (ret != 0)
291 {
292 a->q_flags |= QBADADDR;
293 usrerr("550 Cannot open %s: %s",
294 a->q_user, errstring(ret));
295 }
296 }
297 }
298 else if (m == FileMailer)
299 {
300 extern bool writable();
301
302 /* check if writable or creatable */
303 if (a->q_alias == NULL)
304 {
305 a->q_flags |= QBADADDR;
306 usrerr("550 Cannot mail directly to files");
307 }
308 else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
309 {
310 a->q_flags |= QBADADDR;
311 usrerr("550 User %s@%s doesn't have a valid shell for mailing to files",
312 a->q_alias->q_ruser, MyHostName);
313 }
314 else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
315 {
316 a->q_flags |= QBADADDR;
317 usrerr("550 Address %s is unsafe for mailing to files",
318 a->q_alias->q_paddr);
319 }
320 else if (!writable(buf, getctladdr(a), SFF_ANYFILE))
321 {
322 a->q_flags |= QBADADDR;
323 giveresponse(EX_CANTCREAT, m, NULL, a->q_alias, e);
324 }
325 }
326
327 if (m != LocalMailer)
328 {
329 if (!bitset(QDONTSEND, a->q_flags))
330 e->e_nrcpts++;
331 goto testselfdestruct;
332 }
333
334 /* try aliasing */
335 alias(a, sendq, e);
336
337 # ifdef USERDB
338 /* if not aliased, look it up in the user database */
339 if (!bitset(QDONTSEND|QNOTREMOTE|QVERIFIED, a->q_flags))
340 {
341 extern int udbexpand();
342
343 if (udbexpand(a, sendq, e) == EX_TEMPFAIL)
344 {
345 a->q_flags |= QQUEUEUP;
346 if (e->e_message == NULL)
347 e->e_message = newstr("Deferred: user database error");
348 # ifdef LOG
349 if (LogLevel > 8)
350 syslog(LOG_INFO, "%s: deferred: udbexpand: %s",
351 e->e_id, errstring(errno));
352 # endif
353 message("queued (user database error): %s",
354 errstring(errno));
355 e->e_nrcpts++;
356 goto testselfdestruct;
357 }
358 }
359 # endif
360
361 /* if it was an alias or a UDB expansion, just return now */
362 if (bitset(QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags))
363 goto testselfdestruct;
364
365 /*
366 ** If we have a level two config file, then pass the name through
367 ** Ruleset 5 before sending it off. Ruleset 5 has the right
368 ** to send rewrite it to another mailer. This gives us a hook
369 ** after local aliasing has been done.
370 */
371
372 if (tTd(29, 5))
373 {
374 printf("recipient: testing local? cl=%d, rr5=%x\n\t",
375 ConfigLevel, RewriteRules[5]);
376 printaddr(a, FALSE);
377 }
378 if (!bitset(QNOTREMOTE, a->q_flags) && ConfigLevel >= 2 &&
379 RewriteRules[5] != NULL)
380 {
381 maplocaluser(a, sendq, e);
382 }
383
384 /*
385 ** If it didn't get rewritten to another mailer, go ahead
386 ** and deliver it.
387 */
388
389 if (!bitset(QDONTSEND|QQUEUEUP, a->q_flags))
390 {
391 auto bool fuzzy;
392 register struct passwd *pw;
393 extern struct passwd *finduser();
394
395 /* warning -- finduser may trash buf */
396 pw = finduser(buf, &fuzzy);
397 if (pw == NULL)
398 {
399 a->q_flags |= QBADADDR;
400 giveresponse(EX_NOUSER, m, NULL, a->q_alias, e);
401 }
402 else
403 {
404 char nbuf[MAXNAME];
405
406 if (fuzzy)
407 {
408 /* name was a fuzzy match */
409 a->q_user = newstr(pw->pw_name);
410 if (findusercount++ > 3)
411 {
412 a->q_flags |= QBADADDR;
413 usrerr("554 aliasing/forwarding loop for %s broken",
414 pw->pw_name);
415 return (a);
416 }
417
418 /* see if it aliases */
419 (void) strcpy(buf, pw->pw_name);
420 goto trylocaluser;
421 }
422 a->q_home = newstr(pw->pw_dir);
423 a->q_uid = pw->pw_uid;
424 a->q_gid = pw->pw_gid;
425 a->q_ruser = newstr(pw->pw_name);
426 a->q_flags |= QGOODUID;
427 buildfname(pw->pw_gecos, pw->pw_name, nbuf);
428 if (nbuf[0] != '\0')
429 a->q_fullname = newstr(nbuf);
430 if (pw->pw_shell != NULL && pw->pw_shell[0] != '\0' &&
431 !usershellok(pw->pw_shell))
432 {
433 a->q_flags |= QBOGUSSHELL;
434 }
435 if (!quoted)
436 forward(a, sendq, e);
437 }
438 }
439 if (!bitset(QDONTSEND, a->q_flags))
440 e->e_nrcpts++;
441
442 testselfdestruct:
443 if (tTd(26, 8))
444 {
445 printf("testselfdestruct: ");
446 printaddr(a, TRUE);
447 }
448 if (a->q_alias == NULL && a != &e->e_from &&
449 bitset(QDONTSEND, a->q_flags))
450 {
451 q = *sendq;
452 while (q != NULL && bitset(QDONTSEND, q->q_flags))
453 q = q->q_next;
454 if (q == NULL)
455 {
456 a->q_flags |= QBADADDR;
457 usrerr("554 aliasing/forwarding loop broken");
458 }
459 }
460 return (a);
461 }
462 �/*
463 ** FINDUSER -- find the password entry for a user.
464 **
465 ** This looks a lot like getpwnam, except that it may want to
466 ** do some fancier pattern matching in /etc/passwd.
467 **
468 ** This routine contains most of the time of many sendmail runs.
469 ** It deserves to be optimized.
470 **
471 ** Parameters:
472 ** name -- the name to match against.
473 ** fuzzyp -- an outarg that is set to TRUE if this entry
474 ** was found using the fuzzy matching algorithm;
475 ** set to FALSE otherwise.
476 **
477 ** Returns:
478 ** A pointer to a pw struct.
479 ** NULL if name is unknown or ambiguous.
480 **
481 ** Side Effects:
482 ** may modify name.
483 */
484
485 struct passwd *
486 finduser(name, fuzzyp)
487 char *name;
488 bool *fuzzyp;
489 {
490 register struct passwd *pw;
491 register char *p;
492 extern struct passwd *getpwent();
493 extern struct passwd *getpwnam();
494
495 if (tTd(29, 4))
496 printf("finduser(%s): ", name);
497
498 *fuzzyp = FALSE;
499
500 /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
501 for (p = name; *p != '\0'; p++)
502 if (!isascii(*p) || !isdigit(*p))
503 break;
504 if (*p == '\0')
505 {
506 if (tTd(29, 4))
507 printf("failed (numeric input)\n");
508 return NULL;
509 }
510
511 /* look up this login name using fast path */
512 if ((pw = getpwnam(name)) != NULL)
513 {
514 if (tTd(29, 4))
515 printf("found (non-fuzzy)\n");
516 return (pw);
517 }
518
519 #ifdef MATCHGECOS
520 /* see if fuzzy matching allowed */
521 if (!MatchGecos)
522 {
523 if (tTd(29, 4))
524 printf("not found (fuzzy disabled)\n");
525 return NULL;
526 }
527
528 /* search for a matching full name instead */
529 for (p = name; *p != '\0'; p++)
530 {
531 if (*p == (SpaceSub & 0177) || *p == '_')
532 *p = ' ';
533 }
534 (void) setpwent();
535 while ((pw = getpwent()) != NULL)
536 {
537 char buf[MAXNAME];
538
539 buildfname(pw->pw_gecos, pw->pw_name, buf);
540 if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
541 {
542 if (tTd(29, 4))
543 printf("fuzzy matches %s\n", pw->pw_name);
544 message("sending to login name %s", pw->pw_name);
545 *fuzzyp = TRUE;
546 return (pw);
547 }
548 }
549 if (tTd(29, 4))
550 printf("no fuzzy match found\n");
551 #else
552 if (tTd(29, 4))
553 printf("not found (fuzzy disabled)\n");
554 #endif
555 return (NULL);
556 }
557 �/*
558 ** WRITABLE -- predicate returning if the file is writable.
559 **
560 ** This routine must duplicate the algorithm in sys/fio.c.
561 ** Unfortunately, we cannot use the access call since we
562 ** won't necessarily be the real uid when we try to
563 ** actually open the file.
564 **
565 ** Notice that ANY file with ANY execute bit is automatically
566 ** not writable. This is also enforced by mailfile.
567 **
568 ** Parameters:
569 ** filename -- the file name to check.
570 ** ctladdr -- the controlling address for this file.
571 ** flags -- SFF_* flags to control the function.
572 **
573 ** Returns:
574 ** TRUE -- if we will be able to write this file.
575 ** FALSE -- if we cannot write this file.
576 **
577 ** Side Effects:
578 ** none.
579 */
580
581 bool
582 writable(filename, ctladdr, flags)
583 char *filename;
584 ADDRESS *ctladdr;
585 int flags;
586 {
587 uid_t euid;
588 gid_t egid;
589 int bits;
590 register char *p;
591 char *uname;
592 struct stat stb;
593 extern char RealUserName[];
594
595 if (tTd(29, 5))
596 printf("writable(%s, %x)\n", filename, flags);
597
598 #ifdef HASLSTAT
599 if ((bitset(SFF_NOSLINK, flags) ? lstat(filename, &stb)
600 : stat(filename, &stb)) < 0)
601 #else
602 if (stat(filename, &stb) < 0)
603 #endif
604 {
605 /* file does not exist -- see if directory is safe */
606 p = strrchr(filename, '/');
607 if (p == NULL)
608 {
609 errno = ENOTDIR;
610 return FALSE;
611 }
612 *p = '\0';
613 errno = safefile(filename, RealUid, RealGid, RealUserName,
614 SFF_MUSTOWN, S_IWRITE|S_IEXEC);
615 *p = '/';
616 return errno == 0;
617 }
618
619 #ifdef SUID_ROOT_FILES_OK
620 /* really ought to be passed down -- and not a good idea */
621 flags |= SFF_ROOTOK;
622 #endif
623
624 /*
625 ** File does exist -- check that it is writable.
626 */
627
628 if (bitset(0111, stb.st_mode))
629 {
630 if (tTd(29, 5))
631 printf("failed (mode %o: x bits)\n", stb.st_mode);
632 errno = EPERM;
633 return (FALSE);
634 }
635
636 if (ctladdr != NULL && geteuid() == 0)
637 {
638 euid = ctladdr->q_uid;
639 egid = ctladdr->q_gid;
640 uname = ctladdr->q_user;
641 }
642 else
643 {
644 euid = RealUid;
645 egid = RealGid;
646 uname = RealUserName;
647 }
648 if (euid == 0)
649 {
650 euid = DefUid;
651 uname = DefUser;
652 }
653 if (egid == 0)
654 egid = DefGid;
655 if (geteuid() == 0)
656 {
657 if (bitset(S_ISUID, stb.st_mode) &&
658 (stb.st_uid != 0 || bitset(SFF_ROOTOK, flags)))
659 {
660 euid = stb.st_uid;
661 uname = NULL;
662 }
663 if (bitset(S_ISGID, stb.st_mode) &&
664 (stb.st_gid != 0 || bitset(SFF_ROOTOK, flags)))
665 egid = stb.st_gid;
666 }
667
668 if (tTd(29, 5))
669 printf("\teu/gid=%d/%d, st_u/gid=%d/%d\n",
670 euid, egid, stb.st_uid, stb.st_gid);
671
672 errno = safefile(filename, euid, egid, uname, flags, S_IWRITE);
673 return errno == 0;
674 }
675 �/*
676 ** INCLUDE -- handle :include: specification.
677 **
678 ** Parameters:
679 ** fname -- filename to include.
680 ** forwarding -- if TRUE, we are reading a .forward file.
681 ** if FALSE, it's a :include: file.
682 ** ctladdr -- address template to use to fill in these
683 ** addresses -- effective user/group id are
684 ** the important things.
685 ** sendq -- a pointer to the head of the send queue
686 ** to put these addresses in.
687 **
688 ** Returns:
689 ** open error status
690 **
691 ** Side Effects:
692 ** reads the :include: file and sends to everyone
693 ** listed in that file.
694 */
695
696 static jmp_buf CtxIncludeTimeout;
697 static int includetimeout();
698
699 #ifndef S_IWOTH
700 # define S_IWOTH (S_IWRITE >> 6)
701 #endif
702
703 int
704 include(fname, forwarding, ctladdr, sendq, e)
705 char *fname;
706 bool forwarding;
707 ADDRESS *ctladdr;
708 ADDRESS **sendq;
709 ENVELOPE *e;
710 {
711 register FILE *fp = NULL;
712 char *oldto = e->e_to;
713 char *oldfilename = FileName;
714 int oldlinenumber = LineNumber;
715 register EVENT *ev = NULL;
716 int nincludes;
717 register ADDRESS *ca;
718 uid_t saveduid, uid;
719 gid_t savedgid, gid;
720 char *uname;
721 int rval = 0;
722 int sfflags = forwarding ? SFF_MUSTOWN : SFF_ANYFILE;
723 struct stat st;
724 char buf[MAXLINE];
725
726 if (tTd(27, 2))
727 printf("include(%s)\n", fname);
728 if (tTd(27, 4))
729 printf(" ruid=%d euid=%d\n", getuid(), geteuid());
730 if (tTd(27, 14))
731 {
732 printf("ctladdr ");
733 printaddr(ctladdr, FALSE);
734 }
735
736 if (tTd(27, 9))
737 printf("include: old uid = %d/%d\n", getuid(), geteuid());
738
739 ca = getctladdr(ctladdr);
740 if (ca == NULL)
741 {
742 uid = DefUid;
743 gid = DefGid;
744 uname = DefUser;
745 saveduid = -1;
746 }
747 else
748 {
749 uid = ca->q_uid;
750 gid = ca->q_gid;
751 uname = ca->q_user;
752 #ifdef HASSETREUID
753 saveduid = geteuid();
754 savedgid = getegid();
755 if (saveduid == 0)
756 {
757 initgroups(uname, gid);
758 if (uid != 0)
759 (void) setreuid(0, uid);
760 }
761 #endif
762 }
763
764 if (tTd(27, 9))
765 printf("include: new uid = %d/%d\n", getuid(), geteuid());
766
767 /*
768 ** If home directory is remote mounted but server is down,
769 ** this can hang or give errors; use a timeout to avoid this
770 */
771
772 if (setjmp(CtxIncludeTimeout) != 0)
773 {
774 ctladdr->q_flags |= QQUEUEUP;
775 errno = 0;
776 usrerr("451 open timeout on %s", fname);
777
778 /* return pseudo-error code */
779 rval = EOPENTIMEOUT;
780 goto resetuid;
781 }
782 ev = setevent((time_t) 60, includetimeout, 0);
783
784 /* the input file must be marked safe */
785 rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD);
786 if (rval != 0)
787 {
788 /* don't use this :include: file */
789 if (tTd(27, 4))
790 printf("include: not safe (uid=%d): %s\n",
791 uid, errstring(rval));
792 }
793 else
794 {
795 fp = fopen(fname, "r");
796 if (fp == NULL)
797 {
798 rval = errno;
799 if (tTd(27, 4))
800 printf("include: open: %s\n", errstring(rval));
801 }
802 }
803 clrevent(ev);
804
805 resetuid:
806
807 #ifdef HASSETREUID
808 if (saveduid == 0)
809 {
810 if (uid != 0)
811 if (setreuid(-1, 0) < 0 || setreuid(RealUid, 0) < 0)
812 syserr("setreuid(%d, 0) failure (real=%d, eff=%d)",
813 RealUid, getuid(), geteuid());
814 setgid(savedgid);
815 }
816 #endif
817
818 if (tTd(27, 9))
819 printf("include: reset uid = %d/%d\n", getuid(), geteuid());
820
821 if (fp == NULL)
822 return rval;
823
824 if (fstat(fileno(fp), &st) < 0)
825 {
826 rval = errno;
827 syserr("Cannot fstat %s!", fname);
828 return rval;
829 }
830
831 if (ca == NULL)
832 {
833 ctladdr->q_uid = st.st_uid;
834 ctladdr->q_gid = st.st_gid;
835 ctladdr->q_flags |= QGOODUID;
836 }
837 if (ca != NULL && ca->q_uid == st.st_uid)
838 {
839 /* optimization -- avoid getpwuid if we already have info */
840 ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL;
841 ctladdr->q_ruser = ca->q_ruser;
842 }
843 else
844 {
845 register struct passwd *pw;
846
847 pw = getpwuid(st.st_uid);
848 if (pw == NULL || !usershellok(pw->pw_shell))
849 {
850 ctladdr->q_ruser = newstr(pw->pw_name);
851 ctladdr->q_flags |= QBOGUSSHELL;
852 }
853 }
854
855 if (bitset(EF_VRFYONLY, e->e_flags))
856 {
857 /* don't do any more now */
858 ctladdr->q_flags |= QVERIFIED;
859 e->e_nrcpts++;
860 xfclose(fp, "include", fname);
861 return rval;
862 }
863
864 /*
865 ** Check to see if some bad guy can write this file
866 **
867 ** This should really do something clever with group
868 ** permissions; currently we just view world writable
869 ** as unsafe. Also, we don't check for writable
870 ** directories in the path. We've got to leave
871 ** something for the local sysad to do.
872 */
873
874 if (bitset(S_IWOTH, st.st_mode))
875 ctladdr->q_flags |= QUNSAFEADDR;
876
877 /* read the file -- each line is a comma-separated list. */
878 FileName = fname;
879 LineNumber = 0;
880 ctladdr->q_flags &= ~QSELFREF;
881 nincludes = 0;
882 while (fgets(buf, sizeof buf, fp) != NULL)
883 {
884 register char *p = strchr(buf, '\n');
885
886 LineNumber++;
887 if (p != NULL)
888 *p = '\0';
889 if (buf[0] == '#' || buf[0] == '\0')
890 continue;
891 e->e_to = NULL;
892 message("%s to %s",
893 forwarding ? "forwarding" : "sending", buf);
894 #ifdef LOG
895 if (forwarding && LogLevel > 9)
896 syslog(LOG_INFO, "%s: forward %s => %s",
897 e->e_id, oldto, buf);
898 #endif
899
900 AliasLevel++;
901 nincludes += sendtolist(buf, ctladdr, sendq, e);
902 AliasLevel--;
903 }
904
905 if (ferror(fp) && tTd(27, 3))
906 printf("include: read error: %s\n", errstring(errno));
907 if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
908 {
909 if (tTd(27, 5))
910 {
911 printf("include: QDONTSEND ");
912 printaddr(ctladdr, FALSE);
913 }
914 ctladdr->q_flags |= QDONTSEND;
915 }
916
917 (void) xfclose(fp, "include", fname);
918 FileName = oldfilename;
919 LineNumber = oldlinenumber;
920 e->e_to = oldto;
921 return rval;
922 }
923
924 static
925 includetimeout()
926 {
927 longjmp(CtxIncludeTimeout, 1);
928 }
929 �/*
930 ** SENDTOARGV -- send to an argument vector.
931 **
932 ** Parameters:
933 ** argv -- argument vector to send to.
934 ** e -- the current envelope.
935 **
936 ** Returns:
937 ** none.
938 **
939 ** Side Effects:
940 ** puts all addresses on the argument vector onto the
941 ** send queue.
942 */
943
944 sendtoargv(argv, e)
945 register char **argv;
946 register ENVELOPE *e;
947 {
948 register char *p;
949
950 while ((p = *argv++) != NULL)
951 {
952 (void) sendtolist(p, NULLADDR, &e->e_sendqueue, e);
953 }
954 }
955 �/*
956 ** GETCTLADDR -- get controlling address from an address header.
957 **
958 ** If none, get one corresponding to the effective userid.
959 **
960 ** Parameters:
961 ** a -- the address to find the controller of.
962 **
963 ** Returns:
964 ** the controlling address.
965 **
966 ** Side Effects:
967 ** none.
968 */
969
970 ADDRESS *
971 getctladdr(a)
972 register ADDRESS *a;
973 {
974 while (a != NULL && !bitset(QGOODUID, a->q_flags))
975 a = a->q_alias;
976 return (a);
977 }
978