1 /*
2 * Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #include <sendmail.h>
15
16 SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $")
17
18 /*
19 ** CLRSESSENVELOPE -- clear session oriented data in an envelope
20 **
21 ** Parameters:
22 ** e -- the envelope to clear.
23 **
24 ** Returns:
25 ** none.
26 */
27
28 void
29 clrsessenvelope(e)
30 ENVELOPE *e;
31 {
32 #if SASL
33 macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
34 macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
35 macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
36 macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
37 #endif /* SASL */
38 #if STARTTLS
39 macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
40 macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
41 macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
42 macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
43 macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
44 macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
45 macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
46 macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
47 macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
48 #endif /* STARTTLS */
49 }
50
51 /*
52 ** NEWENVELOPE -- fill in a new envelope
53 **
54 ** Supports inheritance.
55 **
56 ** Parameters:
57 ** e -- the new envelope to fill in.
58 ** parent -- the envelope to be the parent of e.
59 ** rpool -- either NULL, or a pointer to a resource pool
60 ** from which envelope memory is allocated, and
61 ** to which envelope resources are attached.
62 **
63 ** Returns:
64 ** e.
65 **
66 ** Side Effects:
67 ** none.
68 */
69
70 ENVELOPE *
newenvelope(e,parent,rpool)71 newenvelope(e, parent, rpool)
72 register ENVELOPE *e;
73 register ENVELOPE *parent;
74 SM_RPOOL_T *rpool;
75 {
76 int sendmode;
77
78 /*
79 ** This code used to read:
80 ** if (e == parent && e->e_parent != NULL)
81 ** parent = e->e_parent;
82 ** So if e == parent && e->e_parent == NULL then we would
83 ** set e->e_parent = e, which creates a loop in the e_parent chain.
84 ** This meant macvalue() could go into an infinite loop.
85 */
86
87 if (parent != NULL)
88 sendmode = parent->e_sendmode;
89 else
90 sendmode = DM_NOTSET;
91
92 if (e == parent)
93 parent = e->e_parent;
94 clearenvelope(e, true, rpool);
95 if (e == CurEnv)
96 memmove((char *) &e->e_from,
97 (char *) &NullAddress,
98 sizeof(e->e_from));
99 else
100 memmove((char *) &e->e_from,
101 (char *) &CurEnv->e_from,
102 sizeof(e->e_from));
103 e->e_parent = parent;
104 assign_queueid(e);
105 e->e_ctime = curtime();
106 #if _FFR_SESSID
107 e->e_sessid = e->e_id;
108 #endif
109 if (parent != NULL)
110 {
111 e->e_msgpriority = parent->e_msgsize;
112 #if _FFR_SESSID
113 if (parent->e_sessid != NULL)
114 e->e_sessid = sm_rpool_strdup_x(rpool,
115 parent->e_sessid);
116 #endif
117
118 if (parent->e_quarmsg == NULL)
119 {
120 e->e_quarmsg = NULL;
121 macdefine(&e->e_macro, A_PERM,
122 macid("{quarantine}"), "");
123 }
124 else
125 {
126 e->e_quarmsg = sm_rpool_strdup_x(rpool,
127 parent->e_quarmsg);
128 macdefine(&e->e_macro, A_PERM,
129 macid("{quarantine}"), e->e_quarmsg);
130 }
131 }
132 e->e_puthdr = putheader;
133 e->e_putbody = putbody;
134 if (CurEnv->e_xfp != NULL)
135 (void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
136 if (sendmode != DM_NOTSET)
137 set_delivery_mode(sendmode, e);
138
139 return e;
140 }
141
142 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
143 #define MSG_T_O 0x01 /* normal timeout */
144 #define MSG_T_O_NOW 0x02 /* NOW timeout */
145 #define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */
146 #define MSG_WARN 0x10 /* normal queue warning */
147 #define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */
148
149 #define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */
150
151 /* immediate return */
152 #define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
153 #define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */
154
155 /*
156 ** DROPENVELOPE -- deallocate an envelope.
157 **
158 ** Parameters:
159 ** e -- the envelope to deallocate.
160 ** fulldrop -- if set, do return receipts.
161 ** split -- if true, split by recipient if message is queued up
162 **
163 ** Returns:
164 ** EX_* status (currently: 0: success, EX_IOERR on panic)
165 **
166 ** Side Effects:
167 ** housekeeping necessary to dispose of an envelope.
168 ** Unlocks this queue file.
169 */
170
171 int
dropenvelope(e,fulldrop,split)172 dropenvelope(e, fulldrop, split)
173 register ENVELOPE *e;
174 bool fulldrop;
175 bool split;
176 {
177 bool panic = false;
178 bool queueit = false;
179 int msg_timeout = 0;
180 bool failure_return = false;
181 bool delay_return = false;
182 bool success_return = false;
183 bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
184 bool done = false;
185 register ADDRESS *q;
186 char *id = e->e_id;
187 time_t now;
188 char buf[MAXLINE];
189
190 if (tTd(50, 1))
191 {
192 sm_dprintf("dropenvelope %p: id=", (void *)e);
193 xputs(sm_debug_file(), e->e_id);
194 sm_dprintf(", flags=");
195 printenvflags(e);
196 if (tTd(50, 10))
197 {
198 sm_dprintf("sendq=");
199 printaddr(sm_debug_file(), e->e_sendqueue, true);
200 }
201 }
202
203 if (LogLevel > 84)
204 sm_syslog(LOG_DEBUG, id,
205 "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
206 e->e_flags, OpMode, (int) CurrentPid);
207
208 /* we must have an id to remove disk files */
209 if (id == NULL)
210 return EX_OK;
211
212 /* if verify-only mode, we can skip most of this */
213 if (OpMode == MD_VERIFY)
214 goto simpledrop;
215
216 if (tTd(92, 2))
217 sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
218 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
219 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
220 logsender(e, NULL);
221 e->e_flags &= ~EF_LOGSENDER;
222
223 /* post statistics */
224 poststats(StatFile);
225
226 /*
227 ** Extract state information from dregs of send list.
228 */
229
230 now = curtime();
231 if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
232 msg_timeout = MSG_T_O;
233 if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
234 now >= e->e_ctime + e->e_deliver_by &&
235 !bitset(EF_RESPONSE, e->e_flags))
236 {
237 msg_timeout = MSG_NOT_BY;
238 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
239 }
240 else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
241 !bitset(EF_RESPONSE, e->e_flags))
242 {
243 msg_timeout = MSG_T_O_NOW;
244 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
245 }
246
247 #if _FFR_PROXY
248 if (tTd(87, 2))
249 {
250 q = e->e_sendqueue;
251 sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n",
252 e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q,
253 (q == NULL) ? (void *)0 : q->q_next,
254 (q == NULL) ? -1 : q->q_state);
255 }
256 #endif /* _FFR_PROXY */
257
258 e->e_flags &= ~EF_QUEUERUN;
259 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
260 {
261 if (QS_IS_UNDELIVERED(q->q_state))
262 queueit = true;
263
264 #if _FFR_PROXY
265 if (queueit && e->e_sendmode == SM_PROXY)
266 queueit = false;
267 #endif
268
269 /* see if a notification is needed */
270 if (bitset(QPINGONFAILURE, q->q_flags) &&
271 ((IS_MSG_ERR(msg_timeout) &&
272 QS_IS_UNDELIVERED(q->q_state)) ||
273 QS_IS_BADADDR(q->q_state) ||
274 IS_IMM_RET(msg_timeout)))
275 {
276 failure_return = true;
277 if (!done && q->q_owner == NULL &&
278 !emptyaddr(&e->e_from))
279 {
280 (void) sendtolist(e->e_from.q_paddr, NULLADDR,
281 &e->e_errorqueue, 0, e);
282 done = true;
283 }
284 }
285 else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
286 ((QS_IS_SENT(q->q_state) &&
287 bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
288 bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
289 bitset(QBYTRACE, q->q_flags) ||
290 bitset(QBYNRELAY, q->q_flags))
291 {
292 success_return = true;
293 }
294 }
295
296 if (e->e_class < 0)
297 e->e_flags |= EF_NO_BODY_RETN;
298
299 /*
300 ** See if the message timed out.
301 */
302
303 if (!queueit)
304 /* EMPTY */
305 /* nothing to do */ ;
306 else if (IS_MSG_ERR(msg_timeout))
307 {
308 if (failure_return)
309 {
310 if (msg_timeout == MSG_NOT_BY)
311 {
312 (void) sm_snprintf(buf, sizeof(buf),
313 "delivery time expired %lds",
314 e->e_deliver_by);
315 }
316 else
317 {
318 (void) sm_snprintf(buf, sizeof(buf),
319 "Cannot send message for %s",
320 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
321 false));
322 }
323
324 /* don't free, allocated from e_rpool */
325 e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
326 message("%s", buf);
327 e->e_flags |= EF_CLRQUEUE;
328 }
329 if (msg_timeout == MSG_NOT_BY)
330 {
331 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
332 "Delivery time (%lds) expired\n",
333 e->e_deliver_by);
334 }
335 else
336 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
337 "Message could not be delivered for %s\n",
338 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
339 false));
340 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
341 "Message will be deleted from queue\n");
342 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
343 {
344 if (QS_IS_UNDELIVERED(q->q_state))
345 {
346 q->q_state = QS_BADADDR;
347 if (msg_timeout == MSG_NOT_BY)
348 q->q_status = "5.4.7";
349 else
350 q->q_status = "4.4.7";
351 }
352 }
353 }
354 else
355 {
356 if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
357 now >= e->e_ctime +
358 TimeOuts.to_q_warning[e->e_timeoutclass])
359 msg_timeout = MSG_WARN;
360 else if (IS_DLVR_NOTIFY(e) &&
361 e->e_deliver_by > 0 &&
362 now >= e->e_ctime + e->e_deliver_by)
363 msg_timeout = MSG_WARN_BY;
364
365 if (IS_MSG_WARN(msg_timeout))
366 {
367 if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
368 e->e_class >= 0 &&
369 e->e_from.q_paddr != NULL &&
370 strcmp(e->e_from.q_paddr, "<>") != 0 &&
371 sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
372 (strlen(e->e_from.q_paddr) <= 8 ||
373 sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
374 "-request") != 0))
375 {
376 for (q = e->e_sendqueue; q != NULL;
377 q = q->q_next)
378 {
379 if (QS_IS_UNDELIVERED(q->q_state)
380 #if _FFR_NODELAYDSN_ON_HOLD
381 && !bitnset(M_HOLD,
382 q->q_mailer->m_flags)
383 #endif
384 )
385 {
386 if (msg_timeout ==
387 MSG_WARN_BY &&
388 (bitset(QPINGONDELAY,
389 q->q_flags) ||
390 !bitset(QHASNOTIFY,
391 q->q_flags))
392 )
393 {
394 q->q_flags |= QBYNDELAY;
395 delay_return = true;
396 }
397 if (bitset(QPINGONDELAY,
398 q->q_flags))
399 {
400 q->q_flags |= QDELAYED;
401 delay_return = true;
402 }
403 }
404 }
405 }
406 if (delay_return)
407 {
408 if (msg_timeout == MSG_WARN_BY)
409 {
410 (void) sm_snprintf(buf, sizeof(buf),
411 "Warning: Delivery time (%lds) exceeded",
412 e->e_deliver_by);
413 }
414 else
415 (void) sm_snprintf(buf, sizeof(buf),
416 "Warning: could not send message for past %s",
417 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
418 false));
419
420 /* don't free, allocated from e_rpool */
421 e->e_message = sm_rpool_strdup_x(e->e_rpool,
422 buf);
423 message("%s", buf);
424 e->e_flags |= EF_WARNING;
425 }
426 if (msg_timeout == MSG_WARN_BY)
427 {
428 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
429 "Warning: Delivery time (%lds) exceeded\n",
430 e->e_deliver_by);
431 }
432 else
433 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
434 "Warning: message still undelivered after %s\n",
435 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
436 false));
437 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
438 "Will keep trying until message is %s old\n",
439 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
440 false));
441 }
442 }
443
444 if (tTd(50, 2))
445 sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
446 failure_return, delay_return, success_return, queueit);
447
448 /*
449 ** If we had some fatal error, but no addresses are marked as bad,
450 ** mark all OK/VERIFIED addresses as bad (if QPINGONFAILURE).
451 */
452
453 if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
454 {
455 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
456 {
457 if ((QS_IS_OK(q->q_state) ||
458 QS_IS_VERIFIED(q->q_state))
459 && bitset(QPINGONFAILURE, q->q_flags)
460
461 /*
462 ** do not mark an address as bad if
463 ** - the address itself is stored in the queue
464 ** - the DeliveryMode requires queueing
465 ** - the envelope is queued
466 */
467
468 && !(bitset(QQUEUED, q->q_flags)
469 && WILL_BE_QUEUED(e->e_sendmode)
470 && bitset(EF_INQUEUE, e->e_flags)
471 )
472 )
473 {
474 failure_return = true;
475 q->q_state = QS_BADADDR;
476 }
477 }
478 }
479
480 /*
481 ** Send back return receipts as requested.
482 */
483
484 if (success_return && !failure_return && !delay_return && fulldrop &&
485 !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
486 strcmp(e->e_from.q_paddr, "<>") != 0)
487 {
488 auto ADDRESS *rlist = NULL;
489
490 if (tTd(50, 8))
491 sm_dprintf("dropenvelope(%s): sending return receipt\n",
492 id);
493 e->e_flags |= EF_SENDRECEIPT;
494 (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
495 (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
496 }
497 e->e_flags &= ~EF_SENDRECEIPT;
498
499 /*
500 ** Arrange to send error messages if there are fatal errors.
501 */
502
503 if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
504 {
505 if (tTd(50, 8))
506 sm_dprintf("dropenvelope(%s): saving mail\n", id);
507 panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
508 }
509
510 /*
511 ** Arrange to send warning messages to postmaster as requested.
512 */
513
514 if ((failure_return || pmnotify) &&
515 PostMasterCopy != NULL &&
516 !bitset(EF_RESPONSE, e->e_flags) &&
517 e->e_class >= 0)
518 {
519 auto ADDRESS *rlist = NULL;
520 char pcopy[MAXNAME];
521
522 if (failure_return)
523 {
524 expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
525
526 if (tTd(50, 8))
527 sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
528 id, pcopy);
529 (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
530 }
531 if (pmnotify)
532 (void) sendtolist("postmaster", NULLADDR,
533 &rlist, 0, e);
534 (void) returntosender(e->e_message, rlist,
535 RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
536 }
537
538 /*
539 ** Instantiate or deinstantiate the queue.
540 */
541
542 simpledrop:
543 if (tTd(50, 8))
544 sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
545 id, queueit);
546 if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
547 {
548 if (tTd(50, 1))
549 {
550 sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
551 e->e_id, queueit);
552 printenvflags(e);
553 }
554 if (!panic)
555 {
556 if (e->e_dfp != NULL)
557 {
558 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
559 e->e_dfp = NULL;
560 }
561 (void) xunlink(queuename(e, DATAFL_LETTER));
562 }
563 if (panic && QueueMode == QM_LOST)
564 {
565 /*
566 ** leave the Qf file behind as
567 ** the delivery attempt failed.
568 */
569
570 /* EMPTY */
571 }
572 else
573 if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
574 {
575 /* add to available space in filesystem */
576 updfs(e, -1, panic ? 0 : -1, "dropenvelope");
577 }
578
579 if (e->e_ntries > 0 && LogLevel > 9)
580 sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
581 pintvl(curtime() - e->e_ctime, true),
582 e->e_ntries);
583 }
584 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
585 {
586 if (!split)
587 queueup(e, false, true);
588 else
589 {
590 ENVELOPE *oldsib;
591 ENVELOPE *ee;
592
593 /*
594 ** Save old sibling and set it to NULL to avoid
595 ** queueing up the same envelopes again.
596 ** This requires that envelopes in that list have
597 ** been take care of before (or at some other place).
598 */
599
600 oldsib = e->e_sibling;
601 e->e_sibling = NULL;
602 if (!split_by_recipient(e) &&
603 bitset(EF_FATALERRS, e->e_flags))
604 {
605 syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld",
606 e->e_id, queuename(e, DATAFL_LETTER),
607 (long) geteuid());
608 }
609 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
610 queueup(ee, false, true);
611 queueup(e, false, true);
612
613 /* clean up */
614 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
615 {
616 /* now unlock the job */
617 if (tTd(50, 8))
618 sm_dprintf("dropenvelope(%s): unlocking job\n",
619 ee->e_id);
620 closexscript(ee);
621 unlockqueue(ee);
622
623 /* this envelope is marked unused */
624 if (ee->e_dfp != NULL)
625 {
626 (void) sm_io_close(ee->e_dfp,
627 SM_TIME_DEFAULT);
628 ee->e_dfp = NULL;
629 }
630 ee->e_id = NULL;
631 ee->e_flags &= ~EF_HAS_DF;
632 }
633 e->e_sibling = oldsib;
634 }
635 }
636
637 /* now unlock the job */
638 if (tTd(50, 8))
639 sm_dprintf("dropenvelope(%s): unlocking job\n", id);
640 closexscript(e);
641 unlockqueue(e);
642
643 /* make sure that this envelope is marked unused */
644 if (e->e_dfp != NULL)
645 {
646 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
647 e->e_dfp = NULL;
648 }
649 e->e_id = NULL;
650 e->e_flags &= ~EF_HAS_DF;
651 if (panic)
652 return EX_IOERR;
653 return EX_OK;
654 }
655
656 /*
657 ** CLEARENVELOPE -- clear an envelope without unlocking
658 **
659 ** This is normally used by a child process to get a clean
660 ** envelope without disturbing the parent.
661 **
662 ** Parameters:
663 ** e -- the envelope to clear.
664 ** fullclear - if set, the current envelope is total
665 ** garbage and should be ignored; otherwise,
666 ** release any resources it may indicate.
667 ** rpool -- either NULL, or a pointer to a resource pool
668 ** from which envelope memory is allocated, and
669 ** to which envelope resources are attached.
670 **
671 ** Returns:
672 ** none.
673 **
674 ** Side Effects:
675 ** Closes files associated with the envelope.
676 ** Marks the envelope as unallocated.
677 */
678
679 void
clearenvelope(e,fullclear,rpool)680 clearenvelope(e, fullclear, rpool)
681 register ENVELOPE *e;
682 bool fullclear;
683 SM_RPOOL_T *rpool;
684 {
685 register HDR *bh;
686 register HDR **nhp;
687 extern ENVELOPE BlankEnvelope;
688 char **p;
689
690 if (!fullclear)
691 {
692 /* clear out any file information */
693 if (e->e_xfp != NULL)
694 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
695 if (e->e_dfp != NULL)
696 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
697 e->e_xfp = e->e_dfp = NULL;
698 }
699
700 /*
701 ** Copy BlankEnvelope into *e.
702 ** It is not safe to simply copy pointers to strings;
703 ** the strings themselves must be copied (or set to NULL).
704 ** The problem is that when we assign a new string value to
705 ** a member of BlankEnvelope, we free the old string.
706 ** We did not need to do this copying in sendmail 8.11 :-(
707 ** and it is a potential performance hit. Reference counted
708 ** strings are one way out.
709 */
710
711 *e = BlankEnvelope;
712 e->e_message = NULL;
713 e->e_qfletter = '\0';
714 e->e_quarmsg = NULL;
715 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
716
717 /*
718 ** Copy the macro table.
719 ** We might be able to avoid this by zeroing the macro table
720 ** and always searching BlankEnvelope.e_macro after e->e_macro
721 ** in macvalue().
722 */
723
724 for (p = &e->e_macro.mac_table[0];
725 p <= &e->e_macro.mac_table[MAXMACROID];
726 ++p)
727 {
728 if (*p != NULL)
729 *p = sm_rpool_strdup_x(rpool, *p);
730 }
731
732 /*
733 ** XXX There are many strings in the envelope structure
734 ** XXX that we are not attempting to copy here.
735 ** XXX Investigate this further.
736 */
737
738 e->e_rpool = rpool;
739 e->e_macro.mac_rpool = rpool;
740 if (Verbose)
741 set_delivery_mode(SM_DELIVER, e);
742 bh = BlankEnvelope.e_header;
743 nhp = &e->e_header;
744 while (bh != NULL)
745 {
746 *nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
747 memmove((char *) *nhp, (char *) bh, sizeof(*bh));
748 bh = bh->h_link;
749 nhp = &(*nhp)->h_link;
750 }
751 #if _FFR_MILTER_ENHSC
752 e->e_enhsc[0] = '\0';
753 #endif
754 }
755 /*
756 ** INITSYS -- initialize instantiation of system
757 **
758 ** In Daemon mode, this is done in the child.
759 **
760 ** Parameters:
761 ** e -- the envelope to use.
762 **
763 ** Returns:
764 ** none.
765 **
766 ** Side Effects:
767 ** Initializes the system macros, some global variables,
768 ** etc. In particular, the current time in various
769 ** forms is set.
770 */
771
772 void
initsys(e)773 initsys(e)
774 register ENVELOPE *e;
775 {
776 char buf[10];
777 #ifdef TTYNAME
778 static char ybuf[60]; /* holds tty id */
779 register char *p;
780 extern char *ttyname();
781 #endif /* TTYNAME */
782
783 /*
784 ** Give this envelope a reality.
785 ** I.e., an id, a transcript, and a creation time.
786 ** We don't select the queue until all of the recipients are known.
787 */
788
789 openxscript(e);
790 e->e_ctime = curtime();
791 e->e_qfletter = '\0';
792
793 /*
794 ** Set OutChannel to something useful if stdout isn't it.
795 ** This arranges that any extra stuff the mailer produces
796 ** gets sent back to the user on error (because it is
797 ** tucked away in the transcript).
798 */
799
800 if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
801 e->e_xfp != NULL)
802 OutChannel = e->e_xfp;
803
804 /*
805 ** Set up some basic system macros.
806 */
807
808 /* process id */
809 (void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
810 macdefine(&e->e_macro, A_TEMP, 'p', buf);
811
812 /* hop count */
813 (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
814 macdefine(&e->e_macro, A_TEMP, 'c', buf);
815
816 /* time as integer, unix time, arpa time */
817 settime(e);
818
819 /* Load average */
820 sm_getla();
821
822 #ifdef TTYNAME
823 /* tty name */
824 if (macvalue('y', e) == NULL)
825 {
826 p = ttyname(2);
827 if (p != NULL)
828 {
829 if (strrchr(p, '/') != NULL)
830 p = strrchr(p, '/') + 1;
831 (void) sm_strlcpy(ybuf, sizeof(ybuf), p);
832 macdefine(&e->e_macro, A_PERM, 'y', ybuf);
833 }
834 }
835 #endif /* TTYNAME */
836 }
837 /*
838 ** SETTIME -- set the current time.
839 **
840 ** Parameters:
841 ** e -- the envelope in which the macros should be set.
842 **
843 ** Returns:
844 ** none.
845 **
846 ** Side Effects:
847 ** Sets the various time macros -- $a, $b, $d, $t.
848 */
849
850 void
settime(e)851 settime(e)
852 register ENVELOPE *e;
853 {
854 register char *p;
855 auto time_t now;
856 char buf[30];
857 register struct tm *tm;
858
859 now = curtime();
860 (void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
861 macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
862 tm = gmtime(&now);
863 (void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
864 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
865 tm->tm_hour, tm->tm_min);
866 macdefine(&e->e_macro, A_TEMP, 't', buf);
867 (void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
868 p = strchr(buf, '\n');
869 if (p != NULL)
870 *p = '\0';
871 macdefine(&e->e_macro, A_TEMP, 'd', buf);
872 macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
873 if (macvalue('a', e) == NULL)
874 macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
875 }
876 /*
877 ** OPENXSCRIPT -- Open transcript file
878 **
879 ** Creates a transcript file for possible eventual mailing or
880 ** sending back.
881 **
882 ** Parameters:
883 ** e -- the envelope to create the transcript in/for.
884 **
885 ** Returns:
886 ** none
887 **
888 ** Side Effects:
889 ** Creates the transcript file.
890 */
891
892 #ifndef O_APPEND
893 # define O_APPEND 0
894 #endif
895
896 void
openxscript(e)897 openxscript(e)
898 register ENVELOPE *e;
899 {
900 register char *p;
901
902 if (e->e_xfp != NULL)
903 return;
904
905 #if 0
906 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
907 syserr("openxscript: job not locked");
908 #endif
909
910 p = queuename(e, XSCRPT_LETTER);
911 e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
912 SFF_NOTEXCL|SFF_OPENASROOT);
913
914 if (e->e_xfp == NULL)
915 {
916 syserr("Can't create transcript file %s", p);
917 e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
918 SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
919 if (e->e_xfp == NULL)
920 syserr("!Can't open %s", SM_PATH_DEVNULL);
921 }
922 (void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
923 if (tTd(46, 9))
924 {
925 sm_dprintf("openxscript(%s):\n ", p);
926 dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
927 false);
928 }
929 }
930 /*
931 ** CLOSEXSCRIPT -- close the transcript file.
932 **
933 ** Parameters:
934 ** e -- the envelope containing the transcript to close.
935 **
936 ** Returns:
937 ** none.
938 **
939 ** Side Effects:
940 ** none.
941 */
942
943 void
closexscript(e)944 closexscript(e)
945 register ENVELOPE *e;
946 {
947 if (e->e_xfp == NULL)
948 return;
949 #if 0
950 if (e->e_lockfp == NULL)
951 syserr("closexscript: job not locked");
952 #endif
953 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
954 e->e_xfp = NULL;
955 }
956 /*
957 ** SETSENDER -- set the person who this message is from
958 **
959 ** Under certain circumstances allow the user to say who
960 ** s/he is (using -f or -r). These are:
961 ** 1. The user's uid is zero (root).
962 ** 2. The user's login name is in an approved list (typically
963 ** from a network server).
964 ** 3. The address the user is trying to claim has a
965 ** "!" character in it (since #2 doesn't do it for
966 ** us if we are dialing out for UUCP).
967 ** A better check to replace #3 would be if the
968 ** effective uid is "UUCP" -- this would require me
969 ** to rewrite getpwent to "grab" uucp as it went by,
970 ** make getname more nasty, do another passwd file
971 ** scan, or compile the UID of "UUCP" into the code,
972 ** all of which are reprehensible.
973 **
974 ** Assuming all of these fail, we figure out something
975 ** ourselves.
976 **
977 ** Parameters:
978 ** from -- the person we would like to believe this message
979 ** is from, as specified on the command line.
980 ** e -- the envelope in which we would like the sender set.
981 ** delimptr -- if non-NULL, set to the location of the
982 ** trailing delimiter.
983 ** delimchar -- the character that will delimit the sender
984 ** address.
985 ** internal -- set if this address is coming from an internal
986 ** source such as an owner alias.
987 **
988 ** Returns:
989 ** none.
990 **
991 ** Side Effects:
992 ** sets sendmail's notion of who the from person is.
993 */
994
995 void
setsender(from,e,delimptr,delimchar,internal)996 setsender(from, e, delimptr, delimchar, internal)
997 char *from;
998 register ENVELOPE *e;
999 char **delimptr;
1000 int delimchar;
1001 bool internal;
1002 {
1003 register char **pvp;
1004 char *realname = NULL;
1005 char *bp;
1006 char buf[MAXNAME + 2];
1007 char pvpbuf[PSBUFSIZE];
1008 extern char *FullName;
1009
1010 if (tTd(45, 1))
1011 sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
1012
1013 /* may be set from earlier calls */
1014 macdefine(&e->e_macro, A_PERM, 'x', "");
1015
1016 /*
1017 ** Figure out the real user executing us.
1018 ** Username can return errno != 0 on non-errors.
1019 */
1020
1021 if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
1022 OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
1023 realname = from;
1024 if (realname == NULL || realname[0] == '\0')
1025 realname = username();
1026
1027 if (ConfigLevel < 2)
1028 SuprErrs = true;
1029
1030 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1031
1032 /* preset state for then clause in case from == NULL */
1033 e->e_from.q_state = QS_BADADDR;
1034 e->e_from.q_flags = 0;
1035 if (from == NULL ||
1036 parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
1037 delimchar, delimptr, e, false) == NULL ||
1038 QS_IS_BADADDR(e->e_from.q_state) ||
1039 e->e_from.q_mailer == ProgMailer ||
1040 e->e_from.q_mailer == FileMailer ||
1041 e->e_from.q_mailer == InclMailer)
1042 {
1043 /* log garbage addresses for traceback */
1044 if (from != NULL && LogLevel > 2)
1045 {
1046 char *p;
1047 char ebuf[MAXNAME * 2 + 2];
1048
1049 p = macvalue('_', e);
1050 if (p == NULL)
1051 {
1052 char *host = RealHostName;
1053
1054 if (host == NULL)
1055 host = MyHostName;
1056 (void) sm_snprintf(ebuf, sizeof(ebuf),
1057 "%.*s@%.*s", MAXNAME,
1058 realname, MAXNAME, host);
1059 p = ebuf;
1060 }
1061 sm_syslog(LOG_NOTICE, e->e_id,
1062 "setsender: %s: invalid or unparsable, received from %s",
1063 shortenstring(from, 83), p);
1064 }
1065 if (from != NULL)
1066 {
1067 if (!QS_IS_BADADDR(e->e_from.q_state))
1068 {
1069 /* it was a bogus mailer in the from addr */
1070 e->e_status = "5.1.7";
1071 usrerrenh(e->e_status,
1072 "553 Invalid sender address");
1073 }
1074 SuprErrs = true;
1075 }
1076 if (from == realname ||
1077 parseaddr(from = realname,
1078 &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1079 NULL, e, false) == NULL)
1080 {
1081 char nbuf[100];
1082
1083 SuprErrs = true;
1084 expand("\201n", nbuf, sizeof(nbuf), e);
1085 from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1086 if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1087 NULL, e, false) == NULL &&
1088 parseaddr(from = "postmaster", &e->e_from,
1089 RF_COPYALL, ' ', NULL, e, false) == NULL)
1090 syserr("553 5.3.0 setsender: can't even parse postmaster!");
1091 }
1092 }
1093 else
1094 FromFlag = true;
1095 e->e_from.q_state = QS_SENDER;
1096 if (tTd(45, 5))
1097 {
1098 sm_dprintf("setsender: QS_SENDER ");
1099 printaddr(sm_debug_file(), &e->e_from, false);
1100 }
1101 SuprErrs = false;
1102
1103 #if USERDB
1104 if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1105 {
1106 register char *p;
1107
1108 p = udbsender(e->e_from.q_user, e->e_rpool);
1109 if (p != NULL)
1110 from = p;
1111 }
1112 #endif /* USERDB */
1113
1114 if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1115 {
1116 SM_MBDB_T user;
1117
1118 if (!internal)
1119 {
1120 /* if the user already given fullname don't redefine */
1121 if (FullName == NULL)
1122 FullName = macvalue('x', e);
1123 if (FullName != NULL)
1124 {
1125 if (FullName[0] == '\0')
1126 FullName = NULL;
1127 else
1128 FullName = newstr(FullName);
1129 }
1130 }
1131
1132 if (e->e_from.q_user[0] != '\0' &&
1133 sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1134 {
1135 /*
1136 ** Process passwd file entry.
1137 */
1138
1139 /* extract home directory */
1140 if (*user.mbdb_homedir == '\0')
1141 e->e_from.q_home = NULL;
1142 else if (strcmp(user.mbdb_homedir, "/") == 0)
1143 e->e_from.q_home = "";
1144 else
1145 e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1146 user.mbdb_homedir);
1147 macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1148
1149 /* extract user and group id */
1150 if (user.mbdb_uid != SM_NO_UID)
1151 {
1152 e->e_from.q_uid = user.mbdb_uid;
1153 e->e_from.q_gid = user.mbdb_gid;
1154 e->e_from.q_flags |= QGOODUID;
1155 }
1156
1157 /* extract full name from passwd file */
1158 if (FullName == NULL && !internal &&
1159 user.mbdb_fullname[0] != '\0' &&
1160 strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1161 {
1162 FullName = newstr(user.mbdb_fullname);
1163 }
1164 }
1165 else
1166 {
1167 e->e_from.q_home = NULL;
1168 }
1169 if (FullName != NULL && !internal)
1170 macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1171 }
1172 else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1173 {
1174 if (e->e_from.q_home == NULL)
1175 {
1176 e->e_from.q_home = getenv("HOME");
1177 if (e->e_from.q_home != NULL)
1178 {
1179 if (*e->e_from.q_home == '\0')
1180 e->e_from.q_home = NULL;
1181 else if (strcmp(e->e_from.q_home, "/") == 0)
1182 e->e_from.q_home++;
1183 }
1184 }
1185 e->e_from.q_uid = RealUid;
1186 e->e_from.q_gid = RealGid;
1187 e->e_from.q_flags |= QGOODUID;
1188 }
1189
1190 /*
1191 ** Rewrite the from person to dispose of possible implicit
1192 ** links in the net.
1193 */
1194
1195 pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
1196 IntTokenTab, false);
1197 if (pvp == NULL)
1198 {
1199 /* don't need to give error -- prescan did that already */
1200 if (LogLevel > 2)
1201 sm_syslog(LOG_NOTICE, e->e_id,
1202 "cannot prescan from (%s)",
1203 shortenstring(from, MAXSHORTSTR));
1204 finis(true, true, ExitStat);
1205 }
1206 (void) REWRITE(pvp, 3, e);
1207 (void) REWRITE(pvp, 1, e);
1208 (void) REWRITE(pvp, 4, e);
1209 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1210 bp = buf + 1;
1211 cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
1212 if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1213 {
1214 /* heuristic: route-addr: add angle brackets */
1215 (void) sm_strlcat(bp, ">", sizeof(buf) - 1);
1216 *--bp = '<';
1217 }
1218 e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1219 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1220
1221 /* save the domain spec if this mailer wants it */
1222 if (e->e_from.q_mailer != NULL &&
1223 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1224 {
1225 char **lastat;
1226
1227 /* get rid of any pesky angle brackets */
1228 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1229 (void) REWRITE(pvp, 3, e);
1230 (void) REWRITE(pvp, 1, e);
1231 (void) REWRITE(pvp, 4, e);
1232 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1233
1234 /* strip off to the last "@" sign */
1235 for (lastat = NULL; *pvp != NULL; pvp++)
1236 {
1237 if (strcmp(*pvp, "@") == 0)
1238 lastat = pvp;
1239 }
1240 if (lastat != NULL)
1241 {
1242 e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1243 if (tTd(45, 3))
1244 {
1245 sm_dprintf("Saving from domain: ");
1246 printav(sm_debug_file(), e->e_fromdomain);
1247 }
1248 }
1249 }
1250 }
1251 /*
1252 ** PRINTENVFLAGS -- print envelope flags for debugging
1253 **
1254 ** Parameters:
1255 ** e -- the envelope with the flags to be printed.
1256 **
1257 ** Returns:
1258 ** none.
1259 */
1260
1261 struct eflags
1262 {
1263 char *ef_name;
1264 unsigned long ef_bit;
1265 };
1266
1267 static struct eflags EnvelopeFlags[] =
1268 {
1269 { "OLDSTYLE", EF_OLDSTYLE },
1270 { "INQUEUE", EF_INQUEUE },
1271 { "NO_BODY_RETN", EF_NO_BODY_RETN },
1272 { "CLRQUEUE", EF_CLRQUEUE },
1273 { "SENDRECEIPT", EF_SENDRECEIPT },
1274 { "FATALERRS", EF_FATALERRS },
1275 { "DELETE_BCC", EF_DELETE_BCC },
1276 { "RESPONSE", EF_RESPONSE },
1277 { "RESENT", EF_RESENT },
1278 { "VRFYONLY", EF_VRFYONLY },
1279 { "WARNING", EF_WARNING },
1280 { "QUEUERUN", EF_QUEUERUN },
1281 { "GLOBALERRS", EF_GLOBALERRS },
1282 { "PM_NOTIFY", EF_PM_NOTIFY },
1283 { "METOO", EF_METOO },
1284 { "LOGSENDER", EF_LOGSENDER },
1285 { "NORECEIPT", EF_NORECEIPT },
1286 { "HAS8BIT", EF_HAS8BIT },
1287 { "RET_PARAM", EF_RET_PARAM },
1288 { "HAS_DF", EF_HAS_DF },
1289 { "IS_MIME", EF_IS_MIME },
1290 { "DONT_MIME", EF_DONT_MIME },
1291 { "DISCARD", EF_DISCARD },
1292 { "TOOBIG", EF_TOOBIG },
1293 { "SPLIT", EF_SPLIT },
1294 { "UNSAFE", EF_UNSAFE },
1295 { "TOODEEP", EF_TOODEEP },
1296 { "SECURE", EF_SECURE },
1297 { NULL, 0 }
1298 };
1299
1300 void
printenvflags(e)1301 printenvflags(e)
1302 register ENVELOPE *e;
1303 {
1304 register struct eflags *ef;
1305 bool first = true;
1306
1307 sm_dprintf("%lx", e->e_flags);
1308 for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1309 {
1310 if (!bitset(ef->ef_bit, e->e_flags))
1311 continue;
1312 if (first)
1313 sm_dprintf("<%s", ef->ef_name);
1314 else
1315 sm_dprintf(",%s", ef->ef_name);
1316 first = false;
1317 }
1318 if (!first)
1319 sm_dprintf(">\n");
1320 }
1321