xref: /openbsd-src/libexec/comsat/comsat.c (revision d13be5d47e4149db2549a9828e244d59dbc43f15) 
1 /*	$OpenBSD: comsat.c,v 1.36 2009/10/27 23:59:31 deraadt Exp $	*/
2 
3 /*
4  * Copyright (c) 1980, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/limits.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/wait.h>
37 
38 #include <netinet/in.h>
39 
40 #include <ctype.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <netdb.h>
44 #include <paths.h>
45 #include <pwd.h>
46 #include <signal.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <syslog.h>
51 #include <termios.h>
52 #include <unistd.h>
53 #include <utmp.h>
54 #include <vis.h>
55 
56 int	debug = 0;
57 #define	dsyslog	if (debug) syslog
58 
59 #define MAXIDLE	120
60 
61 char	hostname[MAXHOSTNAMELEN];
62 struct	utmp *utmp = NULL;
63 time_t	lastmsgtime;
64 int	nutmp, uf;
65 
66 void jkfprintf(FILE *, char[], off_t);
67 void mailfor(char *);
68 void notify(struct utmp *, off_t);
69 void readutmp(int);
70 void doreadutmp(void);
71 void reapchildren(int);
72 
73 volatile sig_atomic_t wantreadutmp;
74 
75 int
76 main(int argc, char *argv[])
77 {
78 	struct sockaddr_storage from;
79 	struct sigaction sa;
80 	ssize_t cc;
81 	socklen_t fromlen;
82 	char msgbuf[100];
83 	sigset_t sigset;
84 
85 	/* verify proper invocation */
86 	fromlen = sizeof(from);
87 	if (getsockname(0, (struct sockaddr *)&from, &fromlen) == -1) {
88 		(void)fprintf(stderr,
89 		    "comsat: getsockname: %s.\n", strerror(errno));
90 		exit(1);
91 	}
92 	openlog("comsat", LOG_PID, LOG_DAEMON);
93 	if (chdir(_PATH_MAILDIR)) {
94 		syslog(LOG_ERR, "chdir: %s: %m", _PATH_MAILDIR);
95 		(void) recv(0, msgbuf, sizeof(msgbuf) - 1, 0);
96 		exit(1);
97 	}
98 	if ((uf = open(_PATH_UTMP, O_RDONLY, 0)) == -1) {
99 		syslog(LOG_ERR, "open: %s: %m", _PATH_UTMP);
100 		(void) recv(0, msgbuf, sizeof(msgbuf) - 1, 0);
101 		exit(1);
102 	}
103 	(void)time(&lastmsgtime);
104 	(void)gethostname(hostname, sizeof(hostname));
105 	doreadutmp();
106 
107 	(void)signal(SIGTTOU, SIG_IGN);
108 
109 	bzero(&sa, sizeof sa);
110 	sigemptyset(&sa.sa_mask);
111 	sa.sa_handler = readutmp;
112 	sa.sa_flags = 0;			/* no SA_RESTART */
113 	(void)sigaction(SIGALRM, &sa, NULL);
114 
115 	sa.sa_handler = reapchildren;
116 	sa.sa_flags = SA_RESTART;
117 	(void)sigaction(SIGCHLD, &sa, NULL);
118 
119 	for (;;) {
120 		if (wantreadutmp) {
121 			wantreadutmp = 0;
122 			doreadutmp();
123 		}
124 
125 		cc = recv(0, msgbuf, sizeof(msgbuf) - 1, 0);
126 		if (cc <= 0) {
127 			if (errno != EINTR)
128 				sleep(1);
129 			continue;
130 		}
131 		if (!nutmp)		/* no one has logged in yet */
132 			continue;
133 		sigemptyset(&sigset);
134 		sigaddset(&sigset, SIGALRM);
135 		sigprocmask(SIG_SETMASK, &sigset, NULL);
136 		msgbuf[cc] = '\0';
137 		(void)time(&lastmsgtime);
138 		mailfor(msgbuf);
139 		sigemptyset(&sigset);
140 		sigprocmask(SIG_SETMASK, &sigset, NULL);
141 	}
142 }
143 
144 /* ARGSUSED */
145 void
146 reapchildren(int signo)
147 {
148 	int save_errno = errno;
149 
150 	while (wait3(NULL, WNOHANG, NULL) > 0)
151 		;
152 	errno = save_errno;
153 }
154 
155 /* ARGSUSED */
156 void
157 readutmp(int signo)
158 {
159 	wantreadutmp = 1;
160 }
161 
162 void
163 doreadutmp(void)
164 {
165 	static u_int utmpsize;		/* last malloced size for utmp */
166 	static time_t utmpmtime;	/* last modification time for utmp */
167 	struct stat statbf;
168 
169 	if (time(NULL) - lastmsgtime >= MAXIDLE)
170 		exit(0);
171 	(void)fstat(uf, &statbf);
172 	if (statbf.st_mtime > utmpmtime) {
173 		utmpmtime = statbf.st_mtime;
174 		/* avoid int overflow */
175 		if (statbf.st_size > INT_MAX - 10 * sizeof(struct utmp)) {
176 			syslog(LOG_ALERT, "utmp file excessively large");
177 			exit(1);
178 		}
179 		if (statbf.st_size > utmpsize) {
180 			u_int nutmpsize = statbf.st_size + 10 *
181 			    sizeof(struct utmp);
182 			struct utmp *u;
183 
184 			if ((u = realloc(utmp, nutmpsize)) == NULL) {
185 				free(utmp);
186 				syslog(LOG_ERR, "%s", strerror(errno));
187 				exit(1);
188 			}
189 			utmp = u;
190 			utmpsize = nutmpsize;
191 		}
192 		(void)lseek(uf, 0, SEEK_SET);
193 		nutmp = read(uf, utmp, statbf.st_size)/sizeof(struct utmp);
194 	}
195 	(void)alarm(15);
196 }
197 
198 void
199 mailfor(char *name)
200 {
201 	struct utmp *utp = &utmp[nutmp];
202 	char utname[UT_NAMESIZE+1];
203 	char *cp;
204 	off_t offset;
205 
206 	if (!(cp = strchr(name, '@')))
207 		return;
208 	*cp = '\0';
209 	offset = atoi(cp + 1);
210 	while (--utp >= utmp) {
211 		memcpy(utname, utp->ut_name, UT_NAMESIZE);
212 		utname[UT_NAMESIZE] = '\0';
213 		if (!strncmp(utname, name, UT_NAMESIZE))
214 			notify(utp, offset);
215 	}
216 }
217 
218 static char *cr;
219 
220 void
221 notify(struct utmp *utp, off_t offset)
222 {
223 	FILE *tp;
224 	struct stat stb;
225 	struct termios ttybuf;
226 	char tty[MAXPATHLEN], name[UT_NAMESIZE + 1];
227 
228 	(void)snprintf(tty, sizeof(tty), "%s%.*s",
229 	    _PATH_DEV, (int)sizeof(utp->ut_line), utp->ut_line);
230 	if (strchr(tty + sizeof(_PATH_DEV) - 1, '/')) {
231 		/* A slash is an attempt to break security... */
232 		syslog(LOG_AUTH | LOG_NOTICE, "'/' in \"%s\"", tty);
233 		return;
234 	}
235 	if (stat(tty, &stb) || !(stb.st_mode & S_IEXEC)) {
236 		dsyslog(LOG_DEBUG, "%.*s: wrong mode on %s",
237 		    (int)sizeof(utp->ut_name), utp->ut_name, tty);
238 		return;
239 	}
240 	dsyslog(LOG_DEBUG, "notify %.*s on %s", (int)sizeof(utp->ut_name),
241 	    utp->ut_name, tty);
242 	if (fork())
243 		return;
244 	(void)signal(SIGALRM, SIG_DFL);
245 	(void)alarm(30);
246 	if ((tp = fopen(tty, "w")) == NULL) {
247 		dsyslog(LOG_ERR, "%s: %s", tty, strerror(errno));
248 		_exit(1);
249 	}
250 	(void)tcgetattr(fileno(tp), &ttybuf);
251 	cr = (ttybuf.c_oflag & ONLCR) && (ttybuf.c_oflag & OPOST) ?
252 	    "\n" : "\n\r";
253 	memcpy(name, utp->ut_name, UT_NAMESIZE);
254 	name[UT_NAMESIZE] = '\0';
255 	(void)fprintf(tp, "%s\007New mail for %s@%.*s\007 has arrived:%s----%s",
256 	    cr, name, (int)sizeof(hostname), hostname, cr, cr);
257 	jkfprintf(tp, name, offset);
258 	(void)fclose(tp);
259 	_exit(0);
260 }
261 
262 void
263 jkfprintf(FILE *tp, char name[], off_t offset)
264 {
265 	char *cp, ch;
266 	char visout[5], *s2;
267 	FILE *fi;
268 	int linecnt, charcnt, inheader;
269 	struct passwd *p;
270 	char line[BUFSIZ];
271 
272 	/* Set effective uid to user in case mail drop is on nfs */
273 	if ((p = getpwnam(name)) != NULL) {
274 		(void) seteuid(p->pw_uid);
275 		(void) setuid(p->pw_uid);
276 	}
277 
278 	if ((fi = fopen(name, "r")) == NULL)
279 		return;
280 
281 	(void)fseeko(fi, offset, SEEK_SET);
282 	/*
283 	 * Print the first 7 lines or 560 characters of the new mail
284 	 * (whichever comes first).  Skip header crap other than
285 	 * From, Subject, To, and Date.
286 	 */
287 	linecnt = 7;
288 	charcnt = 560;
289 	inheader = 1;
290 	while (fgets(line, sizeof(line), fi) != NULL) {
291 		if (inheader) {
292 			if (line[0] == '\n') {
293 				inheader = 0;
294 				continue;
295 			}
296 			if (line[0] == ' ' || line[0] == '\t' ||
297 			    (strncmp(line, "From:", 5) &&
298 			    strncmp(line, "Subject:", 8)))
299 				continue;
300 		}
301 		if (linecnt <= 0 || charcnt <= 0) {
302 			(void)fprintf(tp, "...more...%s", cr);
303 			(void)fclose(fi);
304 			return;
305 		}
306 		/* strip weird stuff so can't trojan horse stupid terminals */
307 		for (cp = line; (ch = *cp) && ch != '\n'; ++cp, --charcnt) {
308 			ch = toascii(ch);
309 			vis(visout, ch, VIS_SAFE|VIS_NOSLASH, cp[1]);
310 			for (s2 = visout; *s2; s2++)
311 				(void)fputc(*s2, tp);
312 		}
313 		(void)fputs(cr, tp);
314 		--linecnt;
315 	}
316 	(void)fprintf(tp, "----%s\n", cr);
317 	(void)fclose(fi);
318 }
319