1 /* 2 * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #ifndef lint 15 static char id[] = "@(#)$Id: deliver.c,v 8.600.2.1.2.44 2000/09/21 21:52:17 ca Exp $"; 16 #endif /* ! lint */ 17 18 #include <sendmail.h> 19 20 21 #if HASSETUSERCONTEXT 22 # include <login_cap.h> 23 #endif /* HASSETUSERCONTEXT */ 24 25 #if STARTTLS || (SASL && SFIO) 26 # include "sfsasl.h" 27 #endif /* STARTTLS || (SASL && SFIO) */ 28 29 static int deliver __P((ENVELOPE *, ADDRESS *)); 30 static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int)); 31 static void mailfiletimeout __P((void)); 32 static void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool)); 33 static int parse_hostsignature __P((char *, char **, MAILER *)); 34 static void sendenvelope __P((ENVELOPE *, int)); 35 static char *hostsignature __P((MAILER *, char *)); 36 37 #if SMTP 38 # if STARTTLS 39 static int starttls __P((MAILER *, MCI *, ENVELOPE *)); 40 # endif /* STARTTLS */ 41 #endif /* SMTP */ 42 43 /* 44 ** SENDALL -- actually send all the messages. 45 ** 46 ** Parameters: 47 ** e -- the envelope to send. 48 ** mode -- the delivery mode to use. If SM_DEFAULT, use 49 ** the current e->e_sendmode. 50 ** 51 ** Returns: 52 ** none. 53 ** 54 ** Side Effects: 55 ** Scans the send lists and sends everything it finds. 56 ** Delivers any appropriate error messages. 57 ** If we are running in a non-interactive mode, takes the 58 ** appropriate action. 59 */ 60 61 void 62 sendall(e, mode) 63 ENVELOPE *e; 64 int mode; 65 { 66 register ADDRESS *q; 67 char *owner; 68 int otherowners; 69 int save_errno; 70 register ENVELOPE *ee; 71 ENVELOPE *splitenv = NULL; 72 int oldverbose = Verbose; 73 bool somedeliveries = FALSE, expensive = FALSE; 74 pid_t pid; 75 76 /* 77 ** If this message is to be discarded, don't bother sending 78 ** the message at all. 79 */ 80 81 if (bitset(EF_DISCARD, e->e_flags)) 82 { 83 if (tTd(13, 1)) 84 dprintf("sendall: discarding id %s\n", e->e_id); 85 e->e_flags |= EF_CLRQUEUE; 86 if (LogLevel > 4) 87 sm_syslog(LOG_INFO, e->e_id, "discarded"); 88 markstats(e, NULL, TRUE); 89 return; 90 } 91 92 /* 93 ** If we have had global, fatal errors, don't bother sending 94 ** the message at all if we are in SMTP mode. Local errors 95 ** (e.g., a single address failing) will still cause the other 96 ** addresses to be sent. 97 */ 98 99 if (bitset(EF_FATALERRS, e->e_flags) && 100 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 101 { 102 e->e_flags |= EF_CLRQUEUE; 103 return; 104 } 105 106 /* determine actual delivery mode */ 107 if (mode == SM_DEFAULT) 108 { 109 mode = e->e_sendmode; 110 if (mode != SM_VERIFY && mode != SM_DEFER && 111 shouldqueue(e->e_msgpriority, e->e_ctime)) 112 mode = SM_QUEUE; 113 } 114 115 if (tTd(13, 1)) 116 { 117 dprintf("\n===== SENDALL: mode %c, id %s, e_from ", 118 mode, e->e_id); 119 printaddr(&e->e_from, FALSE); 120 dprintf("\te_flags = "); 121 printenvflags(e); 122 dprintf("sendqueue:\n"); 123 printaddr(e->e_sendqueue, TRUE); 124 } 125 126 /* 127 ** Do any preprocessing necessary for the mode we are running. 128 ** Check to make sure the hop count is reasonable. 129 ** Delete sends to the sender in mailing lists. 130 */ 131 132 CurEnv = e; 133 if (tTd(62, 1)) 134 checkfds(NULL); 135 136 if (e->e_hopcount > MaxHopCount) 137 { 138 errno = 0; 139 #if QUEUE 140 queueup(e, mode == SM_QUEUE || mode == SM_DEFER); 141 #endif /* QUEUE */ 142 e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE; 143 ExitStat = EX_UNAVAILABLE; 144 syserr("554 5.0.0 Too many hops %d (%d max): from %s via %s, to %s", 145 e->e_hopcount, MaxHopCount, e->e_from.q_paddr, 146 RealHostName == NULL ? "localhost" : RealHostName, 147 e->e_sendqueue->q_paddr); 148 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 149 { 150 if (QS_IS_DEAD(q->q_state)) 151 continue; 152 q->q_state = QS_BADADDR; 153 q->q_status = "5.4.6"; 154 } 155 return; 156 } 157 158 /* 159 ** Do sender deletion. 160 ** 161 ** If the sender should be queued up, skip this. 162 ** This can happen if the name server is hosed when you 163 ** are trying to send mail. The result is that the sender 164 ** is instantiated in the queue as a recipient. 165 */ 166 167 if (!bitset(EF_METOO, e->e_flags) && 168 !QS_IS_QUEUEUP(e->e_from.q_state)) 169 { 170 if (tTd(13, 5)) 171 { 172 dprintf("sendall: QS_SENDER "); 173 printaddr(&e->e_from, FALSE); 174 } 175 e->e_from.q_state = QS_SENDER; 176 (void) recipient(&e->e_from, &e->e_sendqueue, 0, e); 177 } 178 179 /* 180 ** Handle alias owners. 181 ** 182 ** We scan up the q_alias chain looking for owners. 183 ** We discard owners that are the same as the return path. 184 */ 185 186 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 187 { 188 register struct address *a; 189 190 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias) 191 continue; 192 if (a != NULL) 193 q->q_owner = a->q_owner; 194 195 if (q->q_owner != NULL && 196 !QS_IS_DEAD(q->q_state) && 197 strcmp(q->q_owner, e->e_from.q_paddr) == 0) 198 q->q_owner = NULL; 199 } 200 201 if (tTd(13, 25)) 202 { 203 dprintf("\nAfter first owner pass, sendq =\n"); 204 printaddr(e->e_sendqueue, TRUE); 205 } 206 207 owner = ""; 208 otherowners = 1; 209 while (owner != NULL && otherowners > 0) 210 { 211 if (tTd(13, 28)) 212 dprintf("owner = \"%s\", otherowners = %d\n", 213 owner, otherowners); 214 owner = NULL; 215 otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0; 216 217 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 218 { 219 if (tTd(13, 30)) 220 { 221 dprintf("Checking "); 222 printaddr(q, FALSE); 223 } 224 if (QS_IS_DEAD(q->q_state)) 225 { 226 if (tTd(13, 30)) 227 dprintf(" ... QS_IS_DEAD\n"); 228 continue; 229 } 230 if (tTd(13, 29) && !tTd(13, 30)) 231 { 232 dprintf("Checking "); 233 printaddr(q, FALSE); 234 } 235 236 if (q->q_owner != NULL) 237 { 238 if (owner == NULL) 239 { 240 if (tTd(13, 40)) 241 dprintf(" ... First owner = \"%s\"\n", 242 q->q_owner); 243 owner = q->q_owner; 244 } 245 else if (owner != q->q_owner) 246 { 247 if (strcmp(owner, q->q_owner) == 0) 248 { 249 if (tTd(13, 40)) 250 dprintf(" ... Same owner = \"%s\"\n", 251 owner); 252 253 /* make future comparisons cheap */ 254 q->q_owner = owner; 255 } 256 else 257 { 258 if (tTd(13, 40)) 259 dprintf(" ... Another owner \"%s\"\n", 260 q->q_owner); 261 otherowners++; 262 } 263 owner = q->q_owner; 264 } 265 else if (tTd(13, 40)) 266 dprintf(" ... Same owner = \"%s\"\n", 267 owner); 268 } 269 else 270 { 271 if (tTd(13, 40)) 272 dprintf(" ... Null owner\n"); 273 otherowners++; 274 } 275 276 if (QS_IS_BADADDR(q->q_state)) 277 { 278 if (tTd(13, 30)) 279 dprintf(" ... QS_IS_BADADDR\n"); 280 continue; 281 } 282 283 if (QS_IS_QUEUEUP(q->q_state)) 284 { 285 MAILER *m = q->q_mailer; 286 287 /* 288 ** If we have temporary address failures 289 ** (e.g., dns failure) and a fallback MX is 290 ** set, send directly to the fallback MX host. 291 */ 292 293 if (FallBackMX != NULL && 294 !wordinclass(FallBackMX, 'w') && 295 mode != SM_VERIFY && 296 (strcmp(m->m_mailer, "[IPC]") == 0 || 297 strcmp(m->m_mailer, "[TCP]") == 0) && 298 m->m_argv[0] != NULL && 299 (strcmp(m->m_argv[0], "TCP") == 0 || 300 strcmp(m->m_argv[0], "IPC") == 0)) 301 { 302 int len; 303 char *p; 304 305 if (tTd(13, 30)) 306 dprintf(" ... FallBackMX\n"); 307 308 len = strlen(FallBackMX) + 3; 309 p = xalloc(len); 310 snprintf(p, len, "[%s]", FallBackMX); 311 q->q_state = QS_OK; 312 q->q_host = p; 313 } 314 else 315 { 316 if (tTd(13, 30)) 317 dprintf(" ... QS_IS_QUEUEUP\n"); 318 continue; 319 } 320 } 321 322 /* 323 ** If this mailer is expensive, and if we don't 324 ** want to make connections now, just mark these 325 ** addresses and return. This is useful if we 326 ** want to batch connections to reduce load. This 327 ** will cause the messages to be queued up, and a 328 ** daemon will come along to send the messages later. 329 */ 330 331 if (NoConnect && !Verbose && 332 bitnset(M_EXPENSIVE, q->q_mailer->m_flags)) 333 { 334 if (tTd(13, 30)) 335 dprintf(" ... expensive\n"); 336 q->q_state = QS_QUEUEUP; 337 expensive = TRUE; 338 } 339 else if (bitnset(M_HOLD, q->q_mailer->m_flags) && 340 QueueLimitId == NULL && 341 QueueLimitSender == NULL && 342 QueueLimitRecipient == NULL) 343 { 344 if (tTd(13, 30)) 345 dprintf(" ... hold\n"); 346 q->q_state = QS_QUEUEUP; 347 expensive = TRUE; 348 } 349 else 350 { 351 if (tTd(13, 30)) 352 dprintf(" ... deliverable\n"); 353 somedeliveries = TRUE; 354 } 355 } 356 357 if (owner != NULL && otherowners > 0) 358 { 359 /* 360 ** Split this envelope into two. 361 */ 362 363 ee = (ENVELOPE *) xalloc(sizeof *ee); 364 *ee = *e; 365 ee->e_message = NULL; 366 ee->e_id = NULL; 367 assign_queueid(ee); 368 369 if (tTd(13, 1)) 370 dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n", 371 e->e_id, ee->e_id, owner, otherowners); 372 373 ee->e_header = copyheader(e->e_header); 374 ee->e_sendqueue = copyqueue(e->e_sendqueue); 375 ee->e_errorqueue = copyqueue(e->e_errorqueue); 376 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM); 377 ee->e_flags |= EF_NORECEIPT; 378 setsender(owner, ee, NULL, '\0', TRUE); 379 if (tTd(13, 5)) 380 { 381 dprintf("sendall(split): QS_SENDER "); 382 printaddr(&ee->e_from, FALSE); 383 } 384 ee->e_from.q_state = QS_SENDER; 385 ee->e_dfp = NULL; 386 ee->e_lockfp = NULL; 387 ee->e_xfp = NULL; 388 ee->e_queuedir = e->e_queuedir; 389 ee->e_errormode = EM_MAIL; 390 ee->e_sibling = splitenv; 391 ee->e_statmsg = NULL; 392 splitenv = ee; 393 394 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 395 { 396 if (q->q_owner == owner) 397 { 398 q->q_state = QS_CLONED; 399 if (tTd(13, 6)) 400 dprintf("\t... stripping %s from original envelope\n", 401 q->q_paddr); 402 } 403 } 404 for (q = ee->e_sendqueue; q != NULL; q = q->q_next) 405 { 406 if (q->q_owner != owner) 407 { 408 q->q_state = QS_CLONED; 409 if (tTd(13, 6)) 410 dprintf("\t... dropping %s from cloned envelope\n", 411 q->q_paddr); 412 } 413 else 414 { 415 /* clear DSN parameters */ 416 q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); 417 q->q_flags |= DefaultNotify & ~QPINGONSUCCESS; 418 if (tTd(13, 6)) 419 dprintf("\t... moving %s to cloned envelope\n", 420 q->q_paddr); 421 } 422 } 423 424 if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags)) 425 dup_queue_file(e, ee, 'd'); 426 427 /* 428 ** Give the split envelope access to the parent 429 ** transcript file for errors obtained while 430 ** processing the recipients (done before the 431 ** envelope splitting). 432 */ 433 434 if (e->e_xfp != NULL) 435 ee->e_xfp = bfdup(e->e_xfp); 436 437 /* failed to dup e->e_xfp, start a new transcript */ 438 if (ee->e_xfp == NULL) 439 openxscript(ee); 440 441 if (mode != SM_VERIFY && LogLevel > 4) 442 sm_syslog(LOG_INFO, ee->e_id, 443 "clone %s, owner=%s", 444 e->e_id, owner); 445 } 446 } 447 448 if (owner != NULL) 449 { 450 setsender(owner, e, NULL, '\0', TRUE); 451 if (tTd(13, 5)) 452 { 453 dprintf("sendall(owner): QS_SENDER "); 454 printaddr(&e->e_from, FALSE); 455 } 456 e->e_from.q_state = QS_SENDER; 457 e->e_errormode = EM_MAIL; 458 e->e_flags |= EF_NORECEIPT; 459 e->e_flags &= ~EF_FATALERRS; 460 } 461 462 /* if nothing to be delivered, just queue up everything */ 463 if (!somedeliveries && mode != SM_QUEUE && mode != SM_DEFER && 464 mode != SM_VERIFY) 465 { 466 if (tTd(13, 29)) 467 dprintf("No deliveries: auto-queuing\n"); 468 mode = SM_QUEUE; 469 470 /* treat this as a delivery in terms of counting tries */ 471 e->e_dtime = curtime(); 472 if (!expensive) 473 e->e_ntries++; 474 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 475 { 476 ee->e_dtime = curtime(); 477 if (!expensive) 478 ee->e_ntries++; 479 } 480 } 481 482 #if QUEUE 483 if ((mode == SM_QUEUE || mode == SM_DEFER || mode == SM_FORK || 484 (mode != SM_VERIFY && SuperSafe)) && 485 (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL)) 486 { 487 /* 488 ** Be sure everything is instantiated in the queue. 489 ** Split envelopes first in case the machine crashes. 490 ** If the original were done first, we may lose 491 ** recipients. 492 */ 493 494 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 495 queueup(ee, mode == SM_QUEUE || mode == SM_DEFER); 496 queueup(e, mode == SM_QUEUE || mode == SM_DEFER); 497 } 498 #endif /* QUEUE */ 499 500 if (tTd(62, 10)) 501 checkfds("after envelope splitting"); 502 503 /* 504 ** If we belong in background, fork now. 505 */ 506 507 if (tTd(13, 20)) 508 { 509 dprintf("sendall: final mode = %c\n", mode); 510 if (tTd(13, 21)) 511 { 512 dprintf("\n================ Final Send Queue(s) =====================\n"); 513 dprintf("\n *** Envelope %s, e_from=%s ***\n", 514 e->e_id, e->e_from.q_paddr); 515 printaddr(e->e_sendqueue, TRUE); 516 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 517 { 518 dprintf("\n *** Envelope %s, e_from=%s ***\n", 519 ee->e_id, ee->e_from.q_paddr); 520 printaddr(ee->e_sendqueue, TRUE); 521 } 522 dprintf("==========================================================\n\n"); 523 } 524 } 525 switch (mode) 526 { 527 case SM_VERIFY: 528 Verbose = 2; 529 break; 530 531 case SM_QUEUE: 532 case SM_DEFER: 533 #if HASFLOCK 534 queueonly: 535 #endif /* HASFLOCK */ 536 if (e->e_nrcpts > 0) 537 e->e_flags |= EF_INQUEUE; 538 dropenvelope(e, splitenv != NULL); 539 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 540 { 541 if (ee->e_nrcpts > 0) 542 ee->e_flags |= EF_INQUEUE; 543 dropenvelope(ee, FALSE); 544 } 545 return; 546 547 case SM_FORK: 548 if (e->e_xfp != NULL) 549 (void) fflush(e->e_xfp); 550 551 #if !HASFLOCK 552 /* 553 ** Since fcntl locking has the interesting semantic that 554 ** the lock is owned by a process, not by an open file 555 ** descriptor, we have to flush this to the queue, and 556 ** then restart from scratch in the child. 557 */ 558 559 { 560 /* save id for future use */ 561 char *qid = e->e_id; 562 563 /* now drop the envelope in the parent */ 564 e->e_flags |= EF_INQUEUE; 565 dropenvelope(e, splitenv != NULL); 566 567 /* arrange to reacquire lock after fork */ 568 e->e_id = qid; 569 } 570 571 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 572 { 573 /* save id for future use */ 574 char *qid = ee->e_id; 575 576 /* drop envelope in parent */ 577 ee->e_flags |= EF_INQUEUE; 578 dropenvelope(ee, FALSE); 579 580 /* and save qid for reacquisition */ 581 ee->e_id = qid; 582 } 583 584 #endif /* !HASFLOCK */ 585 586 /* 587 ** Since the delivery may happen in a child and the parent 588 ** does not wait, the parent may close the maps thereby 589 ** removing any shared memory used by the map. Therefore, 590 ** close the maps now so the child will dynamically open 591 ** them if necessary. 592 */ 593 594 closemaps(); 595 596 pid = fork(); 597 if (pid < 0) 598 { 599 syserr("deliver: fork 1"); 600 #if HASFLOCK 601 goto queueonly; 602 #else /* HASFLOCK */ 603 e->e_id = NULL; 604 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 605 ee->e_id = NULL; 606 return; 607 #endif /* HASFLOCK */ 608 } 609 else if (pid > 0) 610 { 611 #if HASFLOCK 612 /* be sure we leave the temp files to our child */ 613 /* close any random open files in the envelope */ 614 closexscript(e); 615 if (e->e_dfp != NULL) 616 (void) bfclose(e->e_dfp); 617 e->e_dfp = NULL; 618 e->e_flags &= ~EF_HAS_DF; 619 620 /* can't call unlockqueue to avoid unlink of xfp */ 621 if (e->e_lockfp != NULL) 622 (void) fclose(e->e_lockfp); 623 else 624 syserr("%s: sendall: null lockfp", e->e_id); 625 e->e_lockfp = NULL; 626 #endif /* HASFLOCK */ 627 628 /* make sure the parent doesn't own the envelope */ 629 e->e_id = NULL; 630 631 /* catch intermediate zombie */ 632 (void) waitfor(pid); 633 return; 634 } 635 636 /* 637 ** Since we have accepted responsbility for the message, 638 ** change the SIGTERM handler. intsig() (the old handler) 639 ** would remove the envelope if this was a command line 640 ** message submission. 641 */ 642 643 (void) setsignal(SIGTERM, SIG_DFL); 644 645 /* double fork to avoid zombies */ 646 pid = fork(); 647 if (pid > 0) 648 exit(EX_OK); 649 save_errno = errno; 650 651 /* be sure we are immune from the terminal */ 652 disconnect(2, e); 653 clearstats(); 654 655 /* prevent parent from waiting if there was an error */ 656 if (pid < 0) 657 { 658 errno = save_errno; 659 syserr("deliver: fork 2"); 660 #if HASFLOCK 661 e->e_flags |= EF_INQUEUE; 662 #else /* HASFLOCK */ 663 e->e_id = NULL; 664 #endif /* HASFLOCK */ 665 finis(TRUE, ExitStat); 666 } 667 668 /* be sure to give error messages in child */ 669 QuickAbort = FALSE; 670 671 /* 672 ** Close any cached connections. 673 ** 674 ** We don't send the QUIT protocol because the parent 675 ** still knows about the connection. 676 ** 677 ** This should only happen when delivering an error 678 ** message. 679 */ 680 681 mci_flush(FALSE, NULL); 682 683 #if HASFLOCK 684 break; 685 #else /* HASFLOCK */ 686 687 /* 688 ** Now reacquire and run the various queue files. 689 */ 690 691 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 692 { 693 ENVELOPE *sibling = ee->e_sibling; 694 695 (void) dowork(ee->e_queuedir, ee->e_id, 696 FALSE, FALSE, ee); 697 ee->e_sibling = sibling; 698 } 699 (void) dowork(e->e_queuedir, e->e_id, 700 FALSE, FALSE, e); 701 finis(TRUE, ExitStat); 702 #endif /* HASFLOCK */ 703 } 704 705 sendenvelope(e, mode); 706 dropenvelope(e, TRUE); 707 for (ee = splitenv; ee != NULL; ee = ee->e_sibling) 708 { 709 CurEnv = ee; 710 if (mode != SM_VERIFY) 711 openxscript(ee); 712 sendenvelope(ee, mode); 713 dropenvelope(ee, TRUE); 714 } 715 CurEnv = e; 716 717 Verbose = oldverbose; 718 if (mode == SM_FORK) 719 finis(TRUE, ExitStat); 720 } 721 722 static void 723 sendenvelope(e, mode) 724 register ENVELOPE *e; 725 int mode; 726 { 727 register ADDRESS *q; 728 bool didany; 729 730 if (tTd(13, 10)) 731 dprintf("sendenvelope(%s) e_flags=0x%lx\n", 732 e->e_id == NULL ? "[NOQUEUE]" : e->e_id, 733 e->e_flags); 734 if (LogLevel > 80) 735 sm_syslog(LOG_DEBUG, e->e_id, 736 "sendenvelope, flags=0x%lx", 737 e->e_flags); 738 739 /* 740 ** If we have had global, fatal errors, don't bother sending 741 ** the message at all if we are in SMTP mode. Local errors 742 ** (e.g., a single address failing) will still cause the other 743 ** addresses to be sent. 744 */ 745 746 if (bitset(EF_FATALERRS, e->e_flags) && 747 (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 748 { 749 e->e_flags |= EF_CLRQUEUE; 750 return; 751 } 752 753 /* Don't attempt deliveries if we want to bounce now */ 754 if (!bitset(EF_RESPONSE, e->e_flags) && 755 TimeOuts.to_q_return[e->e_timeoutclass] == NOW) 756 return; 757 758 /* 759 ** Run through the list and send everything. 760 ** 761 ** Set EF_GLOBALERRS so that error messages during delivery 762 ** result in returned mail. 763 */ 764 765 e->e_nsent = 0; 766 e->e_flags |= EF_GLOBALERRS; 767 768 define(macid("{envid}", NULL), e->e_envid, e); 769 define(macid("{bodytype}", NULL), e->e_bodytype, e); 770 didany = FALSE; 771 772 /* now run through the queue */ 773 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 774 { 775 #if XDEBUG 776 char wbuf[MAXNAME + 20]; 777 778 (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)", 779 MAXNAME, q->q_paddr); 780 checkfd012(wbuf); 781 #endif /* XDEBUG */ 782 if (mode == SM_VERIFY) 783 { 784 e->e_to = q->q_paddr; 785 if (QS_IS_SENDABLE(q->q_state)) 786 { 787 if (q->q_host != NULL && q->q_host[0] != '\0') 788 message("deliverable: mailer %s, host %s, user %s", 789 q->q_mailer->m_name, 790 q->q_host, 791 q->q_user); 792 else 793 message("deliverable: mailer %s, user %s", 794 q->q_mailer->m_name, 795 q->q_user); 796 } 797 } 798 else if (QS_IS_OK(q->q_state)) 799 { 800 #if QUEUE 801 /* 802 ** Checkpoint the send list every few addresses 803 */ 804 805 if (CheckpointInterval > 0 && 806 e->e_nsent >= CheckpointInterval) 807 { 808 queueup(e, FALSE); 809 e->e_nsent = 0; 810 } 811 #endif /* QUEUE */ 812 (void) deliver(e, q); 813 didany = TRUE; 814 } 815 } 816 if (didany) 817 { 818 e->e_dtime = curtime(); 819 e->e_ntries++; 820 } 821 822 #if XDEBUG 823 checkfd012("end of sendenvelope"); 824 #endif /* XDEBUG */ 825 } 826 /* 827 ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue 828 ** 829 ** Parameters: 830 ** e -- the existing envelope 831 ** ee -- the new envelope 832 ** type -- the queue file type (e.g., 'd') 833 ** 834 ** Returns: 835 ** none 836 */ 837 838 static void 839 dup_queue_file(e, ee, type) 840 struct envelope *e, *ee; 841 int type; 842 { 843 char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN]; 844 845 ee->e_dfp = NULL; 846 ee->e_xfp = NULL; 847 848 /* 849 ** Make sure both are in the same directory. 850 */ 851 852 snprintf(f1buf, sizeof f1buf, "%s", queuename(e, type)); 853 snprintf(f2buf, sizeof f2buf, "%s", queuename(ee, type)); 854 if (link(f1buf, f2buf) < 0) 855 { 856 int save_errno = errno; 857 858 syserr("sendall: link(%s, %s)", f1buf, f2buf); 859 if (save_errno == EEXIST) 860 { 861 if (unlink(f2buf) < 0) 862 { 863 syserr("!sendall: unlink(%s): permanent", 864 f2buf); 865 /* NOTREACHED */ 866 } 867 if (link(f1buf, f2buf) < 0) 868 { 869 syserr("!sendall: link(%s, %s): permanent", 870 f1buf, f2buf); 871 /* NOTREACHED */ 872 } 873 } 874 } 875 } 876 /* 877 ** DOFORK -- do a fork, retrying a couple of times on failure. 878 ** 879 ** This MUST be a macro, since after a vfork we are running 880 ** two processes on the same stack!!! 881 ** 882 ** Parameters: 883 ** none. 884 ** 885 ** Returns: 886 ** From a macro??? You've got to be kidding! 887 ** 888 ** Side Effects: 889 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 890 ** pid of child in parent, zero in child. 891 ** -1 on unrecoverable error. 892 ** 893 ** Notes: 894 ** I'm awfully sorry this looks so awful. That's 895 ** vfork for you..... 896 */ 897 898 #define NFORKTRIES 5 899 900 #ifndef FORK 901 # define FORK fork 902 #endif /* ! FORK */ 903 904 #define DOFORK(fORKfN) \ 905 {\ 906 register int i;\ 907 \ 908 for (i = NFORKTRIES; --i >= 0; )\ 909 {\ 910 pid = fORKfN();\ 911 if (pid >= 0)\ 912 break;\ 913 if (i > 0)\ 914 (void) sleep((unsigned) NFORKTRIES - i);\ 915 }\ 916 } 917 /* 918 ** DOFORK -- simple fork interface to DOFORK. 919 ** 920 ** Parameters: 921 ** none. 922 ** 923 ** Returns: 924 ** pid of child in parent. 925 ** zero in child. 926 ** -1 on error. 927 ** 928 ** Side Effects: 929 ** returns twice, once in parent and once in child. 930 */ 931 932 int 933 dofork() 934 { 935 register pid_t pid = -1; 936 937 DOFORK(fork); 938 return pid; 939 } 940 /* 941 ** DELIVER -- Deliver a message to a list of addresses. 942 ** 943 ** This routine delivers to everyone on the same host as the 944 ** user on the head of the list. It is clever about mailers 945 ** that don't handle multiple users. It is NOT guaranteed 946 ** that it will deliver to all these addresses however -- so 947 ** deliver should be called once for each address on the 948 ** list. 949 ** 950 ** Parameters: 951 ** e -- the envelope to deliver. 952 ** firstto -- head of the address list to deliver to. 953 ** 954 ** Returns: 955 ** zero -- successfully delivered. 956 ** else -- some failure, see ExitStat for more info. 957 ** 958 ** Side Effects: 959 ** The standard input is passed off to someone. 960 */ 961 962 #ifndef NO_UID 963 # define NO_UID -1 964 #endif /* ! NO_UID */ 965 #ifndef NO_GID 966 # define NO_GID -1 967 #endif /* ! NO_GID */ 968 969 static int 970 deliver(e, firstto) 971 register ENVELOPE *e; 972 ADDRESS *firstto; 973 { 974 char *host; /* host being sent to */ 975 char *user; /* user being sent to */ 976 char **pvp; 977 register char **mvp; 978 register char *p; 979 register MAILER *m; /* mailer for this recipient */ 980 ADDRESS *volatile ctladdr; 981 ADDRESS *volatile contextaddr = NULL; 982 register MCI *volatile mci; 983 register ADDRESS *to = firstto; 984 volatile bool clever = FALSE; /* running user smtp to this mailer */ 985 ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */ 986 int rcode; /* response code */ 987 int lmtp_rcode = EX_OK; 988 int nummxhosts = 0; /* number of MX hosts available */ 989 int hostnum = 0; /* current MX host index */ 990 char *firstsig; /* signature of firstto */ 991 pid_t pid = -1; 992 char *volatile curhost; 993 register u_short port = 0; 994 #if NETUNIX 995 char *mux_path = NULL; /* path to UNIX domain socket */ 996 #endif /* NETUNIX */ 997 time_t xstart; 998 bool suidwarn; 999 bool anyok; /* at least one address was OK */ 1000 bool goodmxfound = FALSE; /* at least one MX was OK */ 1001 bool ovr; 1002 #if _FFR_DYNAMIC_TOBUF 1003 int strsize; 1004 int rcptcount; 1005 static int tobufsize = 0; 1006 static char *tobuf = NULL; 1007 #else /* _FFR_DYNAMIC_TOBUF */ 1008 char tobuf[TOBUFSIZE]; /* text line of to people */ 1009 #endif /* _FFR_DYNAMIC_TOBUF */ 1010 int mpvect[2]; 1011 int rpvect[2]; 1012 char *mxhosts[MAXMXHOSTS + 1]; 1013 char *pv[MAXPV + 1]; 1014 char buf[MAXNAME + 1]; 1015 char rpathbuf[MAXNAME + 1]; /* translated return path */ 1016 1017 errno = 0; 1018 if (!QS_IS_OK(to->q_state)) 1019 return 0; 1020 1021 suidwarn = geteuid() == 0; 1022 1023 m = to->q_mailer; 1024 host = to->q_host; 1025 CurEnv = e; /* just in case */ 1026 e->e_statmsg = NULL; 1027 #if SMTP 1028 SmtpError[0] = '\0'; 1029 #endif /* SMTP */ 1030 xstart = curtime(); 1031 1032 if (tTd(10, 1)) 1033 dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n", 1034 e->e_id, m->m_name, host, to->q_user); 1035 if (tTd(10, 100)) 1036 printopenfds(FALSE); 1037 1038 /* 1039 ** Clear $&{client_*} macros if this is a bounce message to 1040 ** prevent rejection by check_compat ruleset. 1041 */ 1042 1043 if (bitset(EF_RESPONSE, e->e_flags)) 1044 { 1045 define(macid("{client_name}", NULL), "", e); 1046 define(macid("{client_addr}", NULL), "", e); 1047 define(macid("{client_port}", NULL), "", e); 1048 } 1049 1050 /* 1051 ** Do initial argv setup. 1052 ** Insert the mailer name. Notice that $x expansion is 1053 ** NOT done on the mailer name. Then, if the mailer has 1054 ** a picky -f flag, we insert it as appropriate. This 1055 ** code does not check for 'pv' overflow; this places a 1056 ** manifest lower limit of 4 for MAXPV. 1057 ** The from address rewrite is expected to make 1058 ** the address relative to the other end. 1059 */ 1060 1061 /* rewrite from address, using rewriting rules */ 1062 rcode = EX_OK; 1063 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) 1064 p = e->e_sender; 1065 else 1066 p = e->e_from.q_paddr; 1067 p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); 1068 if (strlen(p) >= (SIZE_T) sizeof rpathbuf) 1069 { 1070 p = shortenstring(p, MAXSHORTSTR); 1071 syserr("remotename: huge return %s", p); 1072 } 1073 snprintf(rpathbuf, sizeof rpathbuf, "%s", p); 1074 define('g', rpathbuf, e); /* translated return path */ 1075 define('h', host, e); /* to host */ 1076 Errors = 0; 1077 pvp = pv; 1078 *pvp++ = m->m_argv[0]; 1079 1080 /* insert -f or -r flag as appropriate */ 1081 if (FromFlag && 1082 (bitnset(M_FOPT, m->m_flags) || 1083 bitnset(M_ROPT, m->m_flags))) 1084 { 1085 if (bitnset(M_FOPT, m->m_flags)) 1086 *pvp++ = "-f"; 1087 else 1088 *pvp++ = "-r"; 1089 *pvp++ = newstr(rpathbuf); 1090 } 1091 1092 /* 1093 ** Append the other fixed parts of the argv. These run 1094 ** up to the first entry containing "$u". There can only 1095 ** be one of these, and there are only a few more slots 1096 ** in the pv after it. 1097 */ 1098 1099 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 1100 { 1101 /* can't use strchr here because of sign extension problems */ 1102 while (*p != '\0') 1103 { 1104 if ((*p++ & 0377) == MACROEXPAND) 1105 { 1106 if (*p == 'u') 1107 break; 1108 } 1109 } 1110 1111 if (*p != '\0') 1112 break; 1113 1114 /* this entry is safe -- go ahead and process it */ 1115 expand(*mvp, buf, sizeof buf, e); 1116 *pvp++ = newstr(buf); 1117 if (pvp >= &pv[MAXPV - 3]) 1118 { 1119 syserr("554 5.3.5 Too many parameters to %s before $u", 1120 pv[0]); 1121 return -1; 1122 } 1123 } 1124 1125 /* 1126 ** If we have no substitution for the user name in the argument 1127 ** list, we know that we must supply the names otherwise -- and 1128 ** SMTP is the answer!! 1129 */ 1130 1131 if (*mvp == NULL) 1132 { 1133 /* running SMTP */ 1134 #if SMTP 1135 clever = TRUE; 1136 *pvp = NULL; 1137 #else /* SMTP */ 1138 /* oops! we don't implement SMTP */ 1139 syserr("554 5.3.5 SMTP style mailer not implemented"); 1140 return EX_SOFTWARE; 1141 #endif /* SMTP */ 1142 } 1143 1144 /* 1145 ** At this point *mvp points to the argument with $u. We 1146 ** run through our address list and append all the addresses 1147 ** we can. If we run out of space, do not fret! We can 1148 ** always send another copy later. 1149 */ 1150 1151 #if _FFR_DYNAMIC_TOBUF 1152 e->e_to = NULL; 1153 strsize = 2; 1154 rcptcount = 0; 1155 #else /* _FFR_DYNAMIC_TOBUF */ 1156 tobuf[0] = '\0'; 1157 e->e_to = tobuf; 1158 #endif /* _FFR_DYNAMIC_TOBUF */ 1159 1160 ctladdr = NULL; 1161 firstsig = hostsignature(firstto->q_mailer, firstto->q_host); 1162 for (; to != NULL; to = to->q_next) 1163 { 1164 /* avoid sending multiple recipients to dumb mailers */ 1165 #if _FFR_DYNAMIC_TOBUF 1166 if (tochain != NULL && !bitnset(M_MUSER, m->m_flags)) 1167 break; 1168 #else /* _FFR_DYNAMIC_TOBUF */ 1169 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) 1170 break; 1171 #endif /* _FFR_DYNAMIC_TOBUF */ 1172 1173 /* if already sent or not for this host, don't send */ 1174 if (!QS_IS_OK(to->q_state) || 1175 to->q_mailer != firstto->q_mailer || 1176 strcmp(hostsignature(to->q_mailer, to->q_host), 1177 firstsig) != 0) 1178 continue; 1179 1180 /* avoid overflowing tobuf */ 1181 #if _FFR_DYNAMIC_TOBUF 1182 strsize += strlen(to->q_paddr) + 1; 1183 if (!clever && strsize > TOBUFSIZE) 1184 break; 1185 1186 if (++rcptcount > to->q_mailer->m_maxrcpt) 1187 break; 1188 #else /* _FFR_DYNAMIC_TOBUF */ 1189 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2)) 1190 break; 1191 #endif /* _FFR_DYNAMIC_TOBUF */ 1192 1193 if (tTd(10, 1)) 1194 { 1195 dprintf("\nsend to "); 1196 printaddr(to, FALSE); 1197 } 1198 1199 /* compute effective uid/gid when sending */ 1200 if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags)) 1201 contextaddr = ctladdr = getctladdr(to); 1202 1203 if (tTd(10, 2)) 1204 { 1205 dprintf("ctladdr="); 1206 printaddr(ctladdr, FALSE); 1207 } 1208 1209 user = to->q_user; 1210 e->e_to = to->q_paddr; 1211 1212 /* 1213 ** Check to see that these people are allowed to 1214 ** talk to each other. 1215 ** Check also for overflow of e_msgsize. 1216 */ 1217 1218 if (m->m_maxsize != 0 && 1219 (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0)) 1220 { 1221 e->e_flags |= EF_NO_BODY_RETN; 1222 if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags)) 1223 to->q_status = "5.2.3"; 1224 else 1225 to->q_status = "5.3.4"; 1226 /* set to->q_rstatus = NULL; or to the following? */ 1227 usrerrenh(to->q_status, 1228 "552 Message is too large; %ld bytes max", 1229 m->m_maxsize); 1230 markfailure(e, to, NULL, EX_UNAVAILABLE, FALSE); 1231 giveresponse(EX_UNAVAILABLE, to->q_status, m, 1232 NULL, ctladdr, xstart, e); 1233 continue; 1234 } 1235 #if NAMED_BIND 1236 h_errno = 0; 1237 #endif /* NAMED_BIND */ 1238 1239 ovr = TRUE; 1240 /* do config file checking of compatibility */ 1241 rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr, 1242 e, TRUE, TRUE, 4); 1243 if (rcode == EX_OK) 1244 { 1245 /* do in-code checking if not discarding */ 1246 if (!bitset(EF_DISCARD, e->e_flags)) 1247 { 1248 rcode = checkcompat(to, e); 1249 ovr = FALSE; 1250 } 1251 } 1252 if (rcode != EX_OK) 1253 { 1254 markfailure(e, to, NULL, rcode, ovr); 1255 giveresponse(rcode, to->q_status, m, 1256 NULL, ctladdr, xstart, e); 1257 continue; 1258 } 1259 if (bitset(EF_DISCARD, e->e_flags)) 1260 { 1261 if (tTd(10, 5)) 1262 { 1263 dprintf("deliver: discarding recipient "); 1264 printaddr(to, FALSE); 1265 } 1266 1267 /* pretend the message was sent */ 1268 /* XXX should we log something here? */ 1269 to->q_state = QS_DISCARDED; 1270 1271 /* 1272 ** Remove discard bit to prevent discard of 1273 ** future recipients. This is safe because the 1274 ** true "global discard" has been handled before 1275 ** we get here. 1276 */ 1277 1278 e->e_flags &= ~EF_DISCARD; 1279 continue; 1280 } 1281 1282 /* 1283 ** Strip quote bits from names if the mailer is dumb 1284 ** about them. 1285 */ 1286 1287 if (bitnset(M_STRIPQ, m->m_flags)) 1288 { 1289 stripquotes(user); 1290 stripquotes(host); 1291 } 1292 1293 /* hack attack -- delivermail compatibility */ 1294 if (m == ProgMailer && *user == '|') 1295 user++; 1296 1297 /* 1298 ** If an error message has already been given, don't 1299 ** bother to send to this address. 1300 ** 1301 ** >>>>>>>>>> This clause assumes that the local mailer 1302 ** >> NOTE >> cannot do any further aliasing; that 1303 ** >>>>>>>>>> function is subsumed by sendmail. 1304 */ 1305 1306 if (!QS_IS_OK(to->q_state)) 1307 continue; 1308 1309 /* 1310 ** See if this user name is "special". 1311 ** If the user name has a slash in it, assume that this 1312 ** is a file -- send it off without further ado. Note 1313 ** that this type of addresses is not processed along 1314 ** with the others, so we fudge on the To person. 1315 */ 1316 1317 if (strcmp(m->m_mailer, "[FILE]") == 0) 1318 { 1319 define('u', user, e); /* to user */ 1320 p = to->q_home; 1321 if (p == NULL && ctladdr != NULL) 1322 p = ctladdr->q_home; 1323 define('z', p, e); /* user's home */ 1324 expand(m->m_argv[1], buf, sizeof buf, e); 1325 if (strlen(buf) > 0) 1326 rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e); 1327 else 1328 { 1329 syserr("empty filename specification for mailer %s", 1330 m->m_name); 1331 rcode = EX_CONFIG; 1332 } 1333 giveresponse(rcode, to->q_status, m, NULL, 1334 ctladdr, xstart, e); 1335 markfailure(e, to, NULL, rcode, TRUE); 1336 e->e_nsent++; 1337 if (rcode == EX_OK) 1338 { 1339 to->q_state = QS_SENT; 1340 if (bitnset(M_LOCALMAILER, m->m_flags) && 1341 bitset(QPINGONSUCCESS, to->q_flags)) 1342 { 1343 to->q_flags |= QDELIVERED; 1344 to->q_status = "2.1.5"; 1345 fprintf(e->e_xfp, "%s... Successfully delivered\n", 1346 to->q_paddr); 1347 } 1348 } 1349 to->q_statdate = curtime(); 1350 markstats(e, to, FALSE); 1351 continue; 1352 } 1353 1354 /* 1355 ** Address is verified -- add this user to mailer 1356 ** argv, and add it to the print list of recipients. 1357 */ 1358 1359 /* link together the chain of recipients */ 1360 to->q_tchain = tochain; 1361 tochain = to; 1362 1363 #if _FFR_DYNAMIC_TOBUF 1364 e->e_to = "[CHAIN]"; 1365 #else /* _FFR_DYNAMIC_TOBUF */ 1366 /* create list of users for error messages */ 1367 (void) strlcat(tobuf, ",", sizeof tobuf); 1368 (void) strlcat(tobuf, to->q_paddr, sizeof tobuf); 1369 #endif /* _FFR_DYNAMIC_TOBUF */ 1370 1371 define('u', user, e); /* to user */ 1372 p = to->q_home; 1373 if (p == NULL && ctladdr != NULL) 1374 p = ctladdr->q_home; 1375 define('z', p, e); /* user's home */ 1376 1377 /* set the ${dsn_notify} macro if applicable */ 1378 if (bitset(QHASNOTIFY, to->q_flags)) 1379 { 1380 char notify[MAXLINE]; 1381 1382 notify[0] = '\0'; 1383 if (bitset(QPINGONSUCCESS, to->q_flags)) 1384 (void) strlcat(notify, "SUCCESS,", 1385 sizeof notify); 1386 if (bitset(QPINGONFAILURE, to->q_flags)) 1387 (void) strlcat(notify, "FAILURE,", 1388 sizeof notify); 1389 if (bitset(QPINGONDELAY, to->q_flags)) 1390 (void) strlcat(notify, "DELAY,", sizeof notify); 1391 1392 /* Set to NEVER or drop trailing comma */ 1393 if (notify[0] == '\0') 1394 (void) strlcat(notify, "NEVER", sizeof notify); 1395 else 1396 notify[strlen(notify) - 1] = '\0'; 1397 1398 define(macid("{dsn_notify}", NULL), newstr(notify), e); 1399 } 1400 else 1401 define(macid("{dsn_notify}", NULL), NULL, e); 1402 1403 /* 1404 ** Expand out this user into argument list. 1405 */ 1406 1407 if (!clever) 1408 { 1409 expand(*mvp, buf, sizeof buf, e); 1410 *pvp++ = newstr(buf); 1411 if (pvp >= &pv[MAXPV - 2]) 1412 { 1413 /* allow some space for trailing parms */ 1414 break; 1415 } 1416 } 1417 } 1418 1419 /* see if any addresses still exist */ 1420 #if _FFR_DYNAMIC_TOBUF 1421 if (tochain == NULL) 1422 #else /* _FFR_DYNAMIC_TOBUF */ 1423 if (tobuf[0] == '\0') 1424 #endif /* _FFR_DYNAMIC_TOBUF */ 1425 { 1426 define('g', (char *) NULL, e); 1427 e->e_to = NULL; 1428 return 0; 1429 } 1430 1431 /* print out messages as full list */ 1432 #if _FFR_DYNAMIC_TOBUF 1433 { 1434 int l = 1; 1435 char *tobufptr; 1436 1437 for (to = tochain; to != NULL; to = to->q_tchain) 1438 l += strlen(to->q_paddr) + 1; 1439 if (l < TOBUFSIZE) 1440 l = TOBUFSIZE; 1441 if (l > tobufsize) 1442 { 1443 if (tobuf != NULL) 1444 free(tobuf); 1445 tobufsize = l; 1446 tobuf = xalloc(tobufsize); 1447 } 1448 tobufptr = tobuf; 1449 *tobufptr = '\0'; 1450 for (to = tochain; to != NULL; to = to->q_tchain) 1451 { 1452 snprintf(tobufptr, tobufsize - (tobufptr - tobuf), 1453 ",%s", to->q_paddr); 1454 tobufptr += strlen(tobufptr); 1455 } 1456 } 1457 #endif /* _FFR_DYNAMIC_TOBUF */ 1458 e->e_to = tobuf + 1; 1459 1460 /* 1461 ** Fill out any parameters after the $u parameter. 1462 */ 1463 1464 while (!clever && *++mvp != NULL) 1465 { 1466 expand(*mvp, buf, sizeof buf, e); 1467 *pvp++ = newstr(buf); 1468 if (pvp >= &pv[MAXPV]) 1469 syserr("554 5.3.0 deliver: pv overflow after $u for %s", 1470 pv[0]); 1471 } 1472 *pvp++ = NULL; 1473 1474 /* 1475 ** Call the mailer. 1476 ** The argument vector gets built, pipes 1477 ** are created as necessary, and we fork & exec as 1478 ** appropriate. 1479 ** If we are running SMTP, we just need to clean up. 1480 */ 1481 1482 /* XXX this seems a bit wierd */ 1483 if (ctladdr == NULL && m != ProgMailer && m != FileMailer && 1484 bitset(QGOODUID, e->e_from.q_flags)) 1485 ctladdr = &e->e_from; 1486 1487 #if NAMED_BIND 1488 if (ConfigLevel < 2) 1489 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 1490 #endif /* NAMED_BIND */ 1491 1492 if (tTd(11, 1)) 1493 { 1494 dprintf("openmailer:"); 1495 printav(pv); 1496 } 1497 errno = 0; 1498 #if NAMED_BIND 1499 h_errno = 0; 1500 #endif /* NAMED_BIND */ 1501 1502 CurHostName = NULL; 1503 1504 /* 1505 ** Deal with the special case of mail handled through an IPC 1506 ** connection. 1507 ** In this case we don't actually fork. We must be 1508 ** running SMTP for this to work. We will return a 1509 ** zero pid to indicate that we are running IPC. 1510 ** We also handle a debug version that just talks to stdin/out. 1511 */ 1512 1513 curhost = NULL; 1514 SmtpPhase = NULL; 1515 mci = NULL; 1516 1517 #if XDEBUG 1518 { 1519 char wbuf[MAXLINE]; 1520 1521 /* make absolutely certain 0, 1, and 2 are in use */ 1522 snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)", 1523 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 1524 checkfd012(wbuf); 1525 } 1526 #endif /* XDEBUG */ 1527 1528 /* check for 8-bit available */ 1529 if (bitset(EF_HAS8BIT, e->e_flags) && 1530 bitnset(M_7BITS, m->m_flags) && 1531 (bitset(EF_DONT_MIME, e->e_flags) || 1532 !(bitset(MM_MIME8BIT, MimeMode) || 1533 (bitset(EF_IS_MIME, e->e_flags) && 1534 bitset(MM_CVTMIME, MimeMode))))) 1535 { 1536 e->e_status = "5.6.3"; 1537 usrerrenh(e->e_status, 1538 "554 Cannot send 8-bit data to 7-bit destination"); 1539 rcode = EX_DATAERR; 1540 goto give_up; 1541 } 1542 1543 if (tTd(62, 8)) 1544 checkfds("before delivery"); 1545 1546 /* check for Local Person Communication -- not for mortals!!! */ 1547 if (strcmp(m->m_mailer, "[LPC]") == 0) 1548 { 1549 mci = (MCI *) xalloc(sizeof *mci); 1550 memset((char *) mci, '\0', sizeof *mci); 1551 mci->mci_in = stdin; 1552 mci->mci_out = stdout; 1553 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN; 1554 mci->mci_mailer = m; 1555 } 1556 else if (strcmp(m->m_mailer, "[IPC]") == 0 || 1557 strcmp(m->m_mailer, "[TCP]") == 0) 1558 { 1559 #if DAEMON 1560 register int i; 1561 1562 if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0') 1563 { 1564 syserr("null destination for %s mailer", m->m_mailer); 1565 rcode = EX_CONFIG; 1566 goto give_up; 1567 } 1568 1569 # if NETUNIX 1570 if (strcmp(pv[0], "FILE") == 0) 1571 { 1572 curhost = CurHostName = "localhost"; 1573 mux_path = pv[1]; 1574 } 1575 else 1576 # endif /* NETUNIX */ 1577 { 1578 CurHostName = pv[1]; 1579 curhost = hostsignature(m, pv[1]); 1580 } 1581 1582 if (curhost == NULL || curhost[0] == '\0') 1583 { 1584 syserr("null host signature for %s", pv[1]); 1585 rcode = EX_CONFIG; 1586 goto give_up; 1587 } 1588 1589 if (!clever) 1590 { 1591 syserr("554 5.3.5 non-clever IPC"); 1592 rcode = EX_CONFIG; 1593 goto give_up; 1594 } 1595 if (pv[2] != NULL 1596 # if NETUNIX 1597 && mux_path == NULL 1598 # endif /* NETUNIX */ 1599 ) 1600 { 1601 port = htons((u_short)atoi(pv[2])); 1602 if (port == 0) 1603 { 1604 # ifdef NO_GETSERVBYNAME 1605 syserr("Invalid port number: %s", pv[2]); 1606 # else /* NO_GETSERVBYNAME */ 1607 struct servent *sp = getservbyname(pv[2], "tcp"); 1608 1609 if (sp == NULL) 1610 syserr("Service %s unknown", pv[2]); 1611 else 1612 port = sp->s_port; 1613 # endif /* NO_GETSERVBYNAME */ 1614 } 1615 } 1616 1617 nummxhosts = parse_hostsignature(curhost, mxhosts, m); 1618 tryhost: 1619 while (hostnum < nummxhosts) 1620 { 1621 char sep = ':'; 1622 char *endp; 1623 static char hostbuf[MAXNAME + 1]; 1624 1625 # if NETINET6 1626 if (*mxhosts[hostnum] == '[') 1627 { 1628 endp = strchr(mxhosts[hostnum] + 1, ']'); 1629 if (endp != NULL) 1630 endp = strpbrk(endp + 1, ":,"); 1631 } 1632 else 1633 endp = strpbrk(mxhosts[hostnum], ":,"); 1634 # else /* NETINET6 */ 1635 endp = strpbrk(mxhosts[hostnum], ":,"); 1636 # endif /* NETINET6 */ 1637 if (endp != NULL) 1638 { 1639 sep = *endp; 1640 *endp = '\0'; 1641 } 1642 1643 if (*mxhosts[hostnum] == '\0') 1644 { 1645 syserr("deliver: null host name in signature"); 1646 hostnum++; 1647 if (endp != NULL) 1648 *endp = sep; 1649 continue; 1650 } 1651 (void) strlcpy(hostbuf, mxhosts[hostnum], 1652 sizeof hostbuf); 1653 hostnum++; 1654 if (endp != NULL) 1655 *endp = sep; 1656 1657 /* see if we already know that this host is fried */ 1658 CurHostName = hostbuf; 1659 mci = mci_get(hostbuf, m); 1660 if (mci->mci_state != MCIS_CLOSED) 1661 { 1662 if (tTd(11, 1)) 1663 { 1664 dprintf("openmailer: "); 1665 mci_dump(mci, FALSE); 1666 } 1667 CurHostName = mci->mci_host; 1668 message("Using cached %sSMTP connection to %s via %s...", 1669 bitset(MCIF_ESMTP, mci->mci_flags) ? "E" : "", 1670 hostbuf, m->m_name); 1671 mci->mci_deliveries++; 1672 break; 1673 } 1674 mci->mci_mailer = m; 1675 if (mci->mci_exitstat != EX_OK) 1676 { 1677 if (mci->mci_exitstat == EX_TEMPFAIL) 1678 goodmxfound = TRUE; 1679 continue; 1680 } 1681 1682 if (mci_lock_host(mci) != EX_OK) 1683 { 1684 mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); 1685 goodmxfound = TRUE; 1686 continue; 1687 } 1688 1689 /* try the connection */ 1690 sm_setproctitle(TRUE, e, "%s %s: %s", 1691 qid_printname(e), 1692 hostbuf, "user open"); 1693 # if NETUNIX 1694 if (mux_path != NULL) 1695 { 1696 message("Connecting to %s via %s...", 1697 mux_path, m->m_name); 1698 i = makeconnection_ds(mux_path, mci); 1699 } 1700 else 1701 # endif /* NETUNIX */ 1702 { 1703 if (port == 0) 1704 message("Connecting to %s via %s...", 1705 hostbuf, m->m_name); 1706 else 1707 message("Connecting to %s port %d via %s...", 1708 hostbuf, ntohs(port), 1709 m->m_name); 1710 i = makeconnection(hostbuf, port, mci, e); 1711 } 1712 mci->mci_lastuse = curtime(); 1713 mci->mci_deliveries = 0; 1714 mci->mci_exitstat = i; 1715 mci->mci_errno = errno; 1716 # if NAMED_BIND 1717 mci->mci_herrno = h_errno; 1718 # endif /* NAMED_BIND */ 1719 if (i == EX_OK) 1720 { 1721 goodmxfound = TRUE; 1722 mci->mci_state = MCIS_OPENING; 1723 mci_cache(mci); 1724 if (TrafficLogFile != NULL) 1725 fprintf(TrafficLogFile, "%05d === CONNECT %s\n", 1726 (int) getpid(), hostbuf); 1727 break; 1728 } 1729 else 1730 { 1731 if (tTd(11, 1)) 1732 dprintf("openmailer: makeconnection => stat=%d, errno=%d\n", 1733 i, errno); 1734 if (i == EX_TEMPFAIL) 1735 goodmxfound = TRUE; 1736 mci_unlock_host(mci); 1737 } 1738 1739 /* enter status of this host */ 1740 setstat(i); 1741 1742 /* should print some message here for -v mode */ 1743 } 1744 if (mci == NULL) 1745 { 1746 syserr("deliver: no host name"); 1747 rcode = EX_SOFTWARE; 1748 goto give_up; 1749 } 1750 mci->mci_pid = 0; 1751 #else /* DAEMON */ 1752 syserr("554 5.3.5 openmailer: no IPC"); 1753 if (tTd(11, 1)) 1754 dprintf("openmailer: NULL\n"); 1755 rcode = EX_UNAVAILABLE; 1756 goto give_up; 1757 #endif /* DAEMON */ 1758 } 1759 else 1760 { 1761 /* flush any expired connections */ 1762 (void) mci_scan(NULL); 1763 mci = NULL; 1764 1765 #if SMTP 1766 if (bitnset(M_LMTP, m->m_flags)) 1767 { 1768 /* try to get a cached connection */ 1769 mci = mci_get(m->m_name, m); 1770 if (mci->mci_host == NULL) 1771 mci->mci_host = m->m_name; 1772 CurHostName = mci->mci_host; 1773 if (mci->mci_state != MCIS_CLOSED) 1774 { 1775 message("Using cached LMTP connection for %s...", 1776 m->m_name); 1777 mci->mci_deliveries++; 1778 goto do_transfer; 1779 } 1780 } 1781 #endif /* SMTP */ 1782 1783 /* announce the connection to verbose listeners */ 1784 if (host == NULL || host[0] == '\0') 1785 message("Connecting to %s...", m->m_name); 1786 else 1787 message("Connecting to %s via %s...", host, m->m_name); 1788 if (TrafficLogFile != NULL) 1789 { 1790 char **av; 1791 1792 fprintf(TrafficLogFile, "%05d === EXEC", (int) getpid()); 1793 for (av = pv; *av != NULL; av++) 1794 fprintf(TrafficLogFile, " %s", *av); 1795 fprintf(TrafficLogFile, "\n"); 1796 } 1797 1798 #if XDEBUG 1799 checkfd012("before creating mail pipe"); 1800 #endif /* XDEBUG */ 1801 1802 /* create a pipe to shove the mail through */ 1803 if (pipe(mpvect) < 0) 1804 { 1805 syserr("%s... openmailer(%s): pipe (to mailer)", 1806 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 1807 if (tTd(11, 1)) 1808 dprintf("openmailer: NULL\n"); 1809 rcode = EX_OSERR; 1810 goto give_up; 1811 } 1812 1813 #if XDEBUG 1814 /* make sure we didn't get one of the standard I/O files */ 1815 if (mpvect[0] < 3 || mpvect[1] < 3) 1816 { 1817 syserr("%s... openmailer(%s): bogus mpvect %d %d", 1818 shortenstring(e->e_to, MAXSHORTSTR), m->m_name, 1819 mpvect[0], mpvect[1]); 1820 printopenfds(TRUE); 1821 if (tTd(11, 1)) 1822 dprintf("openmailer: NULL\n"); 1823 rcode = EX_OSERR; 1824 goto give_up; 1825 } 1826 1827 /* make sure system call isn't dead meat */ 1828 checkfdopen(mpvect[0], "mpvect[0]"); 1829 checkfdopen(mpvect[1], "mpvect[1]"); 1830 if (mpvect[0] == mpvect[1] || 1831 (e->e_lockfp != NULL && 1832 (mpvect[0] == fileno(e->e_lockfp) || 1833 mpvect[1] == fileno(e->e_lockfp)))) 1834 { 1835 if (e->e_lockfp == NULL) 1836 syserr("%s... openmailer(%s): overlapping mpvect %d %d", 1837 shortenstring(e->e_to, MAXSHORTSTR), 1838 m->m_name, mpvect[0], mpvect[1]); 1839 else 1840 syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d", 1841 shortenstring(e->e_to, MAXSHORTSTR), 1842 m->m_name, mpvect[0], mpvect[1], 1843 fileno(e->e_lockfp)); 1844 } 1845 #endif /* XDEBUG */ 1846 1847 /* create a return pipe */ 1848 if (pipe(rpvect) < 0) 1849 { 1850 syserr("%s... openmailer(%s): pipe (from mailer)", 1851 shortenstring(e->e_to, MAXSHORTSTR), 1852 m->m_name); 1853 (void) close(mpvect[0]); 1854 (void) close(mpvect[1]); 1855 if (tTd(11, 1)) 1856 dprintf("openmailer: NULL\n"); 1857 rcode = EX_OSERR; 1858 goto give_up; 1859 } 1860 #if XDEBUG 1861 checkfdopen(rpvect[0], "rpvect[0]"); 1862 checkfdopen(rpvect[1], "rpvect[1]"); 1863 #endif /* XDEBUG */ 1864 1865 /* 1866 ** Actually fork the mailer process. 1867 ** DOFORK is clever about retrying. 1868 ** 1869 ** Dispose of SIGCHLD signal catchers that may be laying 1870 ** around so that endmailer will get it. 1871 */ 1872 1873 if (e->e_xfp != NULL) 1874 (void) fflush(e->e_xfp); /* for debugging */ 1875 (void) fflush(stdout); 1876 (void) setsignal(SIGCHLD, SIG_DFL); 1877 1878 1879 DOFORK(FORK); 1880 /* pid is set by DOFORK */ 1881 1882 if (pid < 0) 1883 { 1884 /* failure */ 1885 syserr("%s... openmailer(%s): cannot fork", 1886 shortenstring(e->e_to, MAXSHORTSTR), m->m_name); 1887 (void) close(mpvect[0]); 1888 (void) close(mpvect[1]); 1889 (void) close(rpvect[0]); 1890 (void) close(rpvect[1]); 1891 if (tTd(11, 1)) 1892 dprintf("openmailer: NULL\n"); 1893 rcode = EX_OSERR; 1894 goto give_up; 1895 } 1896 else if (pid == 0) 1897 { 1898 int i; 1899 int save_errno; 1900 int new_euid = NO_UID; 1901 int new_ruid = NO_UID; 1902 int new_gid = NO_GID; 1903 struct stat stb; 1904 extern int DtableSize; 1905 1906 if (e->e_lockfp != NULL) 1907 (void) close(fileno(e->e_lockfp)); 1908 1909 /* child -- set up input & exec mailer */ 1910 (void) setsignal(SIGINT, SIG_IGN); 1911 (void) setsignal(SIGHUP, SIG_IGN); 1912 (void) setsignal(SIGTERM, SIG_DFL); 1913 1914 if (m != FileMailer || stat(tochain->q_user, &stb) < 0) 1915 stb.st_mode = 0; 1916 1917 # if HASSETUSERCONTEXT 1918 /* 1919 ** Set user resources. 1920 */ 1921 1922 if (contextaddr != NULL) 1923 { 1924 struct passwd *pwd; 1925 1926 if (contextaddr->q_ruser != NULL) 1927 pwd = sm_getpwnam(contextaddr->q_ruser); 1928 else 1929 pwd = sm_getpwnam(contextaddr->q_user); 1930 if (pwd != NULL) 1931 (void) setusercontext(NULL, 1932 pwd, pwd->pw_uid, 1933 LOGIN_SETRESOURCES|LOGIN_SETPRIORITY); 1934 } 1935 # endif /* HASSETUSERCONTEXT */ 1936 1937 /* tweak niceness */ 1938 if (m->m_nice != 0) 1939 (void) nice(m->m_nice); 1940 1941 /* reset group id */ 1942 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 1943 new_gid = m->m_gid; 1944 else if (bitset(S_ISGID, stb.st_mode)) 1945 new_gid = stb.st_gid; 1946 else if (ctladdr != NULL && ctladdr->q_gid != 0) 1947 { 1948 if (!DontInitGroups) 1949 { 1950 char *u = ctladdr->q_ruser; 1951 1952 if (u == NULL) 1953 u = ctladdr->q_user; 1954 1955 if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn) 1956 { 1957 syserr("openmailer: initgroups(%s, %d) failed", 1958 u, ctladdr->q_gid); 1959 exit(EX_TEMPFAIL); 1960 } 1961 } 1962 else 1963 { 1964 GIDSET_T gidset[1]; 1965 1966 gidset[0] = ctladdr->q_gid; 1967 if (setgroups(1, gidset) == -1 && suidwarn) 1968 { 1969 syserr("openmailer: setgroups() failed"); 1970 exit(EX_TEMPFAIL); 1971 } 1972 } 1973 new_gid = ctladdr->q_gid; 1974 } 1975 else 1976 { 1977 if (!DontInitGroups) 1978 { 1979 if (initgroups(DefUser, DefGid) == -1 && suidwarn) 1980 { 1981 syserr("openmailer: initgroups(%s, %d) failed", 1982 DefUser, DefGid); 1983 exit(EX_TEMPFAIL); 1984 } 1985 } 1986 else 1987 { 1988 GIDSET_T gidset[1]; 1989 1990 gidset[0] = DefGid; 1991 if (setgroups(1, gidset) == -1 && suidwarn) 1992 { 1993 syserr("openmailer: setgroups() failed"); 1994 exit(EX_TEMPFAIL); 1995 } 1996 } 1997 if (m->m_gid == 0) 1998 new_gid = DefGid; 1999 else 2000 new_gid = m->m_gid; 2001 } 2002 if (new_gid != NO_GID) 2003 { 2004 if (RunAsUid != 0 && 2005 bitnset(M_SPECIFIC_UID, m->m_flags) && 2006 new_gid != getgid() && 2007 new_gid != getegid()) 2008 { 2009 /* Only root can change the gid */ 2010 syserr("openmailer: insufficient privileges to change gid"); 2011 exit(EX_TEMPFAIL); 2012 } 2013 2014 if (setgid(new_gid) < 0 && suidwarn) 2015 { 2016 syserr("openmailer: setgid(%ld) failed", 2017 (long) new_gid); 2018 exit(EX_TEMPFAIL); 2019 } 2020 } 2021 2022 /* change root to some "safe" directory */ 2023 if (m->m_rootdir != NULL) 2024 { 2025 expand(m->m_rootdir, buf, sizeof buf, e); 2026 if (tTd(11, 20)) 2027 dprintf("openmailer: chroot %s\n", 2028 buf); 2029 if (chroot(buf) < 0) 2030 { 2031 syserr("openmailer: Cannot chroot(%s)", 2032 buf); 2033 exit(EX_TEMPFAIL); 2034 } 2035 if (chdir("/") < 0) 2036 { 2037 syserr("openmailer: cannot chdir(/)"); 2038 exit(EX_TEMPFAIL); 2039 } 2040 } 2041 2042 /* reset user id */ 2043 endpwent(); 2044 if (bitnset(M_SPECIFIC_UID, m->m_flags)) 2045 new_euid = m->m_uid; 2046 else if (bitset(S_ISUID, stb.st_mode)) 2047 new_ruid = stb.st_uid; 2048 else if (ctladdr != NULL && ctladdr->q_uid != 0) 2049 new_ruid = ctladdr->q_uid; 2050 else if (m->m_uid != 0) 2051 new_ruid = m->m_uid; 2052 else 2053 new_ruid = DefUid; 2054 if (new_euid != NO_UID) 2055 { 2056 if (RunAsUid != 0 && new_euid != RunAsUid) 2057 { 2058 /* Only root can change the uid */ 2059 syserr("openmailer: insufficient privileges to change uid"); 2060 exit(EX_TEMPFAIL); 2061 } 2062 2063 vendor_set_uid(new_euid); 2064 # if MAILER_SETUID_METHOD == USE_SETEUID 2065 if (seteuid(new_euid) < 0 && suidwarn) 2066 { 2067 syserr("openmailer: seteuid(%ld) failed", 2068 (long) new_euid); 2069 exit(EX_TEMPFAIL); 2070 } 2071 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */ 2072 # if MAILER_SETUID_METHOD == USE_SETREUID 2073 if (setreuid(new_ruid, new_euid) < 0 && suidwarn) 2074 { 2075 syserr("openmailer: setreuid(%ld, %ld) failed", 2076 (long) new_ruid, (long) new_euid); 2077 exit(EX_TEMPFAIL); 2078 } 2079 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */ 2080 # if MAILER_SETUID_METHOD == USE_SETUID 2081 if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn) 2082 { 2083 syserr("openmailer: setuid(%ld) failed", 2084 (long) new_euid); 2085 exit(EX_TEMPFAIL); 2086 } 2087 # endif /* MAILER_SETUID_METHOD == USE_SETUID */ 2088 } 2089 else if (new_ruid != NO_UID) 2090 { 2091 vendor_set_uid(new_ruid); 2092 if (setuid(new_ruid) < 0 && suidwarn) 2093 { 2094 syserr("openmailer: setuid(%ld) failed", 2095 (long) new_ruid); 2096 exit(EX_TEMPFAIL); 2097 } 2098 } 2099 2100 if (tTd(11, 2)) 2101 dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n", 2102 (int) getuid(), (int) geteuid(), 2103 (int) getgid(), (int) getegid()); 2104 2105 /* move into some "safe" directory */ 2106 if (m->m_execdir != NULL) 2107 { 2108 char *q; 2109 2110 for (p = m->m_execdir; p != NULL; p = q) 2111 { 2112 q = strchr(p, ':'); 2113 if (q != NULL) 2114 *q = '\0'; 2115 expand(p, buf, sizeof buf, e); 2116 if (q != NULL) 2117 *q++ = ':'; 2118 if (tTd(11, 20)) 2119 dprintf("openmailer: trydir %s\n", 2120 buf); 2121 if (buf[0] != '\0' && chdir(buf) >= 0) 2122 break; 2123 } 2124 } 2125 2126 /* arrange to filter std & diag output of command */ 2127 (void) close(rpvect[0]); 2128 if (dup2(rpvect[1], STDOUT_FILENO) < 0) 2129 { 2130 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout", 2131 shortenstring(e->e_to, MAXSHORTSTR), 2132 m->m_name, rpvect[1]); 2133 _exit(EX_OSERR); 2134 } 2135 (void) close(rpvect[1]); 2136 2137 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0) 2138 { 2139 syserr("%s... openmailer(%s): cannot dup stdout for stderr", 2140 shortenstring(e->e_to, MAXSHORTSTR), 2141 m->m_name); 2142 _exit(EX_OSERR); 2143 } 2144 2145 /* arrange to get standard input */ 2146 (void) close(mpvect[1]); 2147 if (dup2(mpvect[0], STDIN_FILENO) < 0) 2148 { 2149 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin", 2150 shortenstring(e->e_to, MAXSHORTSTR), 2151 m->m_name, mpvect[0]); 2152 _exit(EX_OSERR); 2153 } 2154 (void) close(mpvect[0]); 2155 2156 /* arrange for all the files to be closed */ 2157 for (i = 3; i < DtableSize; i++) 2158 { 2159 register int j; 2160 2161 if ((j = fcntl(i, F_GETFD, 0)) != -1) 2162 (void) fcntl(i, F_SETFD, 2163 j | FD_CLOEXEC); 2164 } 2165 2166 /* run disconnected from terminal */ 2167 (void) setsid(); 2168 2169 /* try to execute the mailer */ 2170 (void) execve(m->m_mailer, (ARGV_T) pv, 2171 (ARGV_T) UserEnviron); 2172 save_errno = errno; 2173 syserr("Cannot exec %s", m->m_mailer); 2174 if (bitnset(M_LOCALMAILER, m->m_flags) || 2175 transienterror(save_errno)) 2176 _exit(EX_OSERR); 2177 _exit(EX_UNAVAILABLE); 2178 } 2179 2180 /* 2181 ** Set up return value. 2182 */ 2183 2184 if (mci == NULL) 2185 { 2186 mci = (MCI *) xalloc(sizeof *mci); 2187 memset((char *) mci, '\0', sizeof *mci); 2188 } 2189 mci->mci_mailer = m; 2190 if (clever) 2191 { 2192 mci->mci_state = MCIS_OPENING; 2193 mci_cache(mci); 2194 } 2195 else 2196 { 2197 mci->mci_state = MCIS_OPEN; 2198 } 2199 mci->mci_pid = pid; 2200 (void) close(mpvect[0]); 2201 mci->mci_out = fdopen(mpvect[1], "w"); 2202 if (mci->mci_out == NULL) 2203 { 2204 syserr("deliver: cannot create mailer output channel, fd=%d", 2205 mpvect[1]); 2206 (void) close(mpvect[1]); 2207 (void) close(rpvect[0]); 2208 (void) close(rpvect[1]); 2209 rcode = EX_OSERR; 2210 goto give_up; 2211 } 2212 2213 (void) close(rpvect[1]); 2214 mci->mci_in = fdopen(rpvect[0], "r"); 2215 if (mci->mci_in == NULL) 2216 { 2217 syserr("deliver: cannot create mailer input channel, fd=%d", 2218 mpvect[1]); 2219 (void) close(rpvect[0]); 2220 (void) fclose(mci->mci_out); 2221 mci->mci_out = NULL; 2222 rcode = EX_OSERR; 2223 goto give_up; 2224 } 2225 2226 /* Don't cache non-clever connections */ 2227 if (!clever) 2228 mci->mci_flags |= MCIF_TEMP; 2229 } 2230 2231 /* 2232 ** If we are in SMTP opening state, send initial protocol. 2233 */ 2234 2235 if (bitnset(M_7BITS, m->m_flags) && 2236 (!clever || mci->mci_state == MCIS_OPENING)) 2237 mci->mci_flags |= MCIF_7BIT; 2238 #if SMTP 2239 if (clever && mci->mci_state != MCIS_CLOSED) 2240 { 2241 static u_short again; 2242 # if SASL && SFIO 2243 # define DONE_TLS_B 0x01 2244 # define DONE_TLS bitset(DONE_TLS_B, again) 2245 # endif /* SASL && SFIO */ 2246 # if STARTTLS 2247 # define DONE_STARTTLS_B 0x02 2248 # define DONE_STARTTLS bitset(DONE_STARTTLS_B, again) 2249 # endif /* STARTTLS */ 2250 # define ONLY_HELO_B 0x04 2251 # define ONLY_HELO bitset(ONLY_HELO_B, again) 2252 # define SET_HELO again |= ONLY_HELO_B 2253 # define CLR_HELO again &= ~ONLY_HELO_B 2254 2255 again = 0; 2256 # if STARTTLS || (SASL && SFIO) 2257 reconnect: /* after switching to an authenticated connection */ 2258 # endif /* STARTTLS || (SASL && SFIO) */ 2259 2260 # if SASL 2261 mci->mci_saslcap = NULL; 2262 # endif /* SASL */ 2263 smtpinit(m, mci, e, ONLY_HELO); 2264 CLR_HELO; 2265 2266 # if STARTTLS 2267 /* first TLS then AUTH to provide a security layer */ 2268 if (mci->mci_state != MCIS_CLOSED && !DONE_STARTTLS) 2269 { 2270 int olderrors; 2271 bool hasdot; 2272 bool usetls; 2273 bool saveQuickAbort = QuickAbort; 2274 bool saveSuprErrs = SuprErrs; 2275 # if _FFR_TLS_CLT1 2276 char *p; 2277 # endif /* _FFR_TLS_CLT1 */ 2278 extern SOCKADDR CurHostAddr; 2279 2280 rcode = EX_OK; 2281 usetls = bitset(MCIF_TLS, mci->mci_flags); 2282 # if _FFR_TLS_CLT1 2283 if (usetls && 2284 (p = macvalue(macid("{client_flags}", NULL), e)) 2285 != NULL) 2286 { 2287 for (; *p != '\0'; p++) 2288 { 2289 /* look for just this one flag */ 2290 if (*p == D_CLTNOTLS) 2291 { 2292 usetls = FALSE; 2293 break; 2294 } 2295 } 2296 } 2297 # endif /* _FFR_TLS_CLT1 */ 2298 2299 hasdot = CurHostName[strlen(CurHostName) - 1] == '.'; 2300 if (hasdot) 2301 CurHostName[strlen(CurHostName) - 1] = '\0'; 2302 define(macid("{server_name}", NULL), 2303 newstr(CurHostName), e); 2304 if (CurHostAddr.sa.sa_family != 0) 2305 define(macid("{server_addr}", NULL), 2306 newstr(anynet_ntoa(&CurHostAddr)), e); 2307 else 2308 define(macid("{server_addr}", NULL), NULL, e); 2309 # if _FFR_TLS_O_T 2310 if (usetls) 2311 { 2312 olderrors = Errors; 2313 QuickAbort = FALSE; 2314 SuprErrs = TRUE; 2315 if (rscheck("try_tls", CurHostName, NULL, 2316 e, TRUE, FALSE, 8) != EX_OK 2317 || Errors > olderrors) 2318 usetls = FALSE; 2319 SuprErrs = saveSuprErrs; 2320 QuickAbort = saveQuickAbort; 2321 } 2322 # endif /* _FFR_TLS_O_T */ 2323 2324 /* undo change of CurHostName */ 2325 if (hasdot) 2326 CurHostName[strlen(CurHostName)] = '.'; 2327 if (usetls) 2328 { 2329 if ((rcode = starttls(m, mci, e)) == EX_OK) 2330 { 2331 /* start again without STARTTLS */ 2332 again |= DONE_STARTTLS_B; 2333 mci->mci_flags |= MCIF_TLSACT; 2334 } 2335 else 2336 { 2337 char *s; 2338 2339 /* 2340 ** TLS negotation failed, what to do? 2341 ** fall back to unencrypted connection 2342 ** or abort? How to decide? 2343 ** set a macro and call a ruleset. 2344 */ 2345 mci->mci_flags &= ~MCIF_TLS; 2346 switch (rcode) 2347 { 2348 case EX_TEMPFAIL: 2349 s = "TEMP"; 2350 break; 2351 case EX_USAGE: 2352 s = "USAGE"; 2353 break; 2354 case EX_PROTOCOL: 2355 s = "PROTOCOL"; 2356 break; 2357 case EX_SOFTWARE: 2358 s = "SOFTWARE"; 2359 break; 2360 2361 /* everything else is a failure */ 2362 default: 2363 s = "FAILURE"; 2364 rcode = EX_TEMPFAIL; 2365 } 2366 define(macid("{verify}", NULL), 2367 newstr(s), e); 2368 } 2369 } 2370 else 2371 define(macid("{verify}", NULL), "NONE", e); 2372 olderrors = Errors; 2373 QuickAbort = FALSE; 2374 SuprErrs = TRUE; 2375 2376 /* 2377 ** rcode == EX_SOFTWARE is special: 2378 ** the TLS negotation failed 2379 ** we have to drop the connection no matter what 2380 ** However, we call tls_server to give it the chance 2381 ** to log the problem and return an appropriate 2382 ** error code. 2383 */ 2384 if (rscheck("tls_server", 2385 macvalue(macid("{verify}", NULL), e), 2386 NULL, e, TRUE, TRUE, 6) != EX_OK || 2387 Errors > olderrors || 2388 rcode == EX_SOFTWARE) 2389 { 2390 char enhsc[ENHSCLEN]; 2391 extern char MsgBuf[]; 2392 2393 if (ISSMTPCODE(MsgBuf) && 2394 extenhsc(MsgBuf + 4, ' ', enhsc) > 0) 2395 { 2396 p = newstr(MsgBuf); 2397 } 2398 else 2399 { 2400 p = "403 4.7.0 server not authenticated."; 2401 (void) strlcpy(enhsc, "4.7.0", 2402 sizeof enhsc); 2403 } 2404 SuprErrs = saveSuprErrs; 2405 QuickAbort = saveQuickAbort; 2406 2407 if (rcode == EX_SOFTWARE) 2408 { 2409 /* drop the connection */ 2410 mci->mci_state = MCIS_QUITING; 2411 if (mci->mci_in != NULL) 2412 { 2413 (void) fclose(mci->mci_in); 2414 mci->mci_in = NULL; 2415 } 2416 mci->mci_flags &= ~MCIF_TLSACT; 2417 (void) endmailer(mci, e, pv); 2418 } 2419 else 2420 { 2421 /* abort transfer */ 2422 smtpquit(m, mci, e); 2423 } 2424 2425 /* temp or permanent failure? */ 2426 rcode = (*p == '4') ? EX_TEMPFAIL 2427 : EX_UNAVAILABLE; 2428 mci_setstat(mci, rcode, newstr(enhsc), p); 2429 2430 /* 2431 ** hack to get the error message into 2432 ** the envelope (done in giveresponse()) 2433 */ 2434 (void) strlcpy(SmtpError, p, sizeof SmtpError); 2435 } 2436 QuickAbort = saveQuickAbort; 2437 SuprErrs = saveSuprErrs; 2438 if (DONE_STARTTLS && mci->mci_state != MCIS_CLOSED) 2439 { 2440 SET_HELO; 2441 mci->mci_flags &= ~MCIF_EXTENS; 2442 goto reconnect; 2443 } 2444 } 2445 # endif /* STARTTLS */ 2446 # if SASL 2447 /* if other server supports authentication let's authenticate */ 2448 if (mci->mci_state != MCIS_CLOSED && 2449 mci->mci_saslcap != NULL && 2450 # if SFIO 2451 !DONE_TLS && 2452 # endif /* SFIO */ 2453 SASLInfo != NULL) 2454 { 2455 /* 2456 ** should we require some minimum authentication? 2457 ** XXX ignore result? 2458 */ 2459 if (smtpauth(m, mci, e) == EX_OK) 2460 { 2461 # if SFIO 2462 int result; 2463 sasl_ssf_t *ssf; 2464 2465 /* get security strength (features) */ 2466 result = sasl_getprop(mci->mci_conn, SASL_SSF, 2467 (void **) &ssf); 2468 if (LogLevel > 9) 2469 sm_syslog(LOG_INFO, NOQID, 2470 "SASL: outgoing connection to %.64s: mech=%.16s, bits=%d", 2471 mci->mci_host, 2472 macvalue(macid("{auth_type}", 2473 NULL), e), 2474 *ssf); 2475 /* 2476 ** only switch to encrypted connection 2477 ** if a security layer has been negotiated 2478 */ 2479 if (result == SASL_OK && *ssf > 0) 2480 { 2481 /* 2482 ** convert sfio stuff to use SASL 2483 ** check return values 2484 ** if the call fails, 2485 ** fall back to unencrypted version 2486 ** unless some cf option requires 2487 ** encryption then the connection must 2488 ** be aborted 2489 */ 2490 if (sfdcsasl(mci->mci_in, mci->mci_out, 2491 mci->mci_conn) == 0) 2492 { 2493 again |= DONE_TLS_B; 2494 SET_HELO; 2495 mci->mci_flags &= ~MCIF_EXTENS; 2496 mci->mci_flags |= MCIF_AUTHACT; 2497 goto reconnect; 2498 } 2499 syserr("SASL TLS switch failed in client"); 2500 } 2501 /* else? XXX */ 2502 # endif /* SFIO */ 2503 mci->mci_flags |= MCIF_AUTHACT; 2504 2505 } 2506 } 2507 # endif /* SASL */ 2508 } 2509 2510 #endif /* SMTP */ 2511 2512 do_transfer: 2513 /* clear out per-message flags from connection structure */ 2514 mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 2515 2516 if (bitset(EF_HAS8BIT, e->e_flags) && 2517 !bitset(EF_DONT_MIME, e->e_flags) && 2518 bitnset(M_7BITS, m->m_flags)) 2519 mci->mci_flags |= MCIF_CVT8TO7; 2520 2521 #if MIME7TO8 2522 if (bitnset(M_MAKE8BIT, m->m_flags) && 2523 !bitset(MCIF_7BIT, mci->mci_flags) && 2524 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 2525 (strcasecmp(p, "quoted-printable") == 0 || 2526 strcasecmp(p, "base64") == 0) && 2527 (p = hvalue("Content-Type", e->e_header)) != NULL) 2528 { 2529 /* may want to convert 7 -> 8 */ 2530 /* XXX should really parse it here -- and use a class XXX */ 2531 if (strncasecmp(p, "text/plain", 10) == 0 && 2532 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 2533 mci->mci_flags |= MCIF_CVT7TO8; 2534 } 2535 #endif /* MIME7TO8 */ 2536 2537 if (tTd(11, 1)) 2538 { 2539 dprintf("openmailer: "); 2540 mci_dump(mci, FALSE); 2541 } 2542 2543 if (mci->mci_state != MCIS_OPEN) 2544 { 2545 /* couldn't open the mailer */ 2546 rcode = mci->mci_exitstat; 2547 errno = mci->mci_errno; 2548 #if NAMED_BIND 2549 h_errno = mci->mci_herrno; 2550 #endif /* NAMED_BIND */ 2551 if (rcode == EX_OK) 2552 { 2553 /* shouldn't happen */ 2554 syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s", 2555 (u_long) mci, rcode, errno, mci->mci_state, 2556 firstsig); 2557 mci_dump_all(TRUE); 2558 rcode = EX_SOFTWARE; 2559 } 2560 #if DAEMON 2561 else if (nummxhosts > hostnum) 2562 { 2563 /* try next MX site */ 2564 goto tryhost; 2565 } 2566 #endif /* DAEMON */ 2567 } 2568 else if (!clever) 2569 { 2570 /* 2571 ** Format and send message. 2572 */ 2573 2574 putfromline(mci, e); 2575 (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER); 2576 (*e->e_putbody)(mci, e, NULL); 2577 2578 /* get the exit status */ 2579 rcode = endmailer(mci, e, pv); 2580 } 2581 else 2582 #if SMTP 2583 { 2584 /* 2585 ** Send the MAIL FROM: protocol 2586 */ 2587 2588 rcode = smtpmailfrom(m, mci, e); 2589 if (rcode == EX_OK) 2590 { 2591 register char *t = tobuf; 2592 register int i; 2593 2594 /* send the recipient list */ 2595 tobuf[0] = '\0'; 2596 2597 for (to = tochain; to != NULL; to = to->q_tchain) 2598 { 2599 e->e_to = to->q_paddr; 2600 #if !_FFR_DYNAMIC_TOBUF 2601 if (strlen(to->q_paddr) + 2602 (t - tobuf) + 2 > sizeof tobuf) 2603 { 2604 /* not enough room */ 2605 continue; 2606 } 2607 #endif /* !_FFR_DYNAMIC_TOBUF */ 2608 2609 # if STARTTLS 2610 # if _FFR_TLS_RCPT 2611 i = rscheck("tls_rcpt", to->q_user, NULL, e, 2612 TRUE, TRUE, 4); 2613 if (i != EX_OK) 2614 { 2615 markfailure(e, to, mci, i, FALSE); 2616 giveresponse(i, to->q_status, m, 2617 mci, ctladdr, xstart, e); 2618 continue; 2619 } 2620 # endif /* _FFR_TLS_RCPT */ 2621 # endif /* STARTTLS */ 2622 2623 if ((i = smtprcpt(to, m, mci, e)) != EX_OK) 2624 { 2625 markfailure(e, to, mci, i, FALSE); 2626 giveresponse(i, to->q_status, m, 2627 mci, ctladdr, xstart, e); 2628 } 2629 else 2630 { 2631 *t++ = ','; 2632 for (p = to->q_paddr; *p; *t++ = *p++) 2633 continue; 2634 *t = '\0'; 2635 } 2636 } 2637 2638 /* now send the data */ 2639 if (tobuf[0] == '\0') 2640 { 2641 rcode = EX_OK; 2642 e->e_to = NULL; 2643 if (bitset(MCIF_CACHED, mci->mci_flags)) 2644 smtprset(m, mci, e); 2645 } 2646 else 2647 { 2648 e->e_to = tobuf + 1; 2649 rcode = smtpdata(m, mci, e); 2650 } 2651 } 2652 # if DAEMON 2653 if (rcode == EX_TEMPFAIL && nummxhosts > hostnum) 2654 { 2655 /* try next MX site */ 2656 goto tryhost; 2657 } 2658 # endif /* DAEMON */ 2659 } 2660 #else /* SMTP */ 2661 { 2662 syserr("554 5.3.5 deliver: need SMTP compiled to use clever mailer"); 2663 rcode = EX_CONFIG; 2664 goto give_up; 2665 } 2666 #endif /* SMTP */ 2667 #if NAMED_BIND 2668 if (ConfigLevel < 2) 2669 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 2670 #endif /* NAMED_BIND */ 2671 2672 if (tTd(62, 1)) 2673 checkfds("after delivery"); 2674 2675 /* 2676 ** Do final status disposal. 2677 ** We check for something in tobuf for the SMTP case. 2678 ** If we got a temporary failure, arrange to queue the 2679 ** addressees. 2680 */ 2681 2682 give_up: 2683 #if SMTP 2684 if (bitnset(M_LMTP, m->m_flags)) 2685 { 2686 lmtp_rcode = rcode; 2687 tobuf[0] = '\0'; 2688 anyok = FALSE; 2689 } 2690 else 2691 #endif /* SMTP */ 2692 anyok = rcode == EX_OK; 2693 2694 for (to = tochain; to != NULL; to = to->q_tchain) 2695 { 2696 /* see if address already marked */ 2697 if (!QS_IS_OK(to->q_state)) 2698 continue; 2699 2700 #if SMTP 2701 /* if running LMTP, get the status for each address */ 2702 if (bitnset(M_LMTP, m->m_flags)) 2703 { 2704 if (lmtp_rcode == EX_OK) 2705 rcode = smtpgetstat(m, mci, e); 2706 if (rcode == EX_OK) 2707 { 2708 #if _FFR_DYNAMIC_TOBUF 2709 (void) strlcat(tobuf, ",", tobufsize); 2710 (void) strlcat(tobuf, to->q_paddr, tobufsize); 2711 #else /* _FFR_DYNAMIC_TOBUF */ 2712 if (strlen(to->q_paddr) + 2713 strlen(tobuf) + 2 > sizeof tobuf) 2714 { 2715 syserr("LMTP tobuf overflow"); 2716 } 2717 else 2718 { 2719 (void) strlcat(tobuf, ",", 2720 sizeof tobuf); 2721 (void) strlcat(tobuf, to->q_paddr, 2722 sizeof tobuf); 2723 } 2724 #endif /* _FFR_DYNAMIC_TOBUF */ 2725 anyok = TRUE; 2726 } 2727 else 2728 { 2729 e->e_to = to->q_paddr; 2730 markfailure(e, to, mci, rcode, TRUE); 2731 giveresponse(rcode, to->q_status, m, mci, 2732 ctladdr, xstart, e); 2733 e->e_to = tobuf + 1; 2734 continue; 2735 } 2736 } 2737 else 2738 #endif /* SMTP */ 2739 { 2740 /* mark bad addresses */ 2741 if (rcode != EX_OK) 2742 { 2743 if (goodmxfound && rcode == EX_NOHOST) 2744 rcode = EX_TEMPFAIL; 2745 markfailure(e, to, mci, rcode, TRUE); 2746 continue; 2747 } 2748 } 2749 2750 /* successful delivery */ 2751 to->q_state = QS_SENT; 2752 to->q_statdate = curtime(); 2753 e->e_nsent++; 2754 2755 #if QUEUE 2756 /* 2757 ** Checkpoint the send list every few addresses 2758 */ 2759 2760 if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval) 2761 { 2762 queueup(e, FALSE); 2763 e->e_nsent = 0; 2764 } 2765 #endif /* QUEUE */ 2766 2767 if (bitnset(M_LOCALMAILER, m->m_flags) && 2768 bitset(QPINGONSUCCESS, to->q_flags)) 2769 { 2770 to->q_flags |= QDELIVERED; 2771 to->q_status = "2.1.5"; 2772 fprintf(e->e_xfp, "%s... Successfully delivered\n", 2773 to->q_paddr); 2774 } 2775 else if (bitset(QPINGONSUCCESS, to->q_flags) && 2776 bitset(QPRIMARY, to->q_flags) && 2777 !bitset(MCIF_DSN, mci->mci_flags)) 2778 { 2779 to->q_flags |= QRELAYED; 2780 fprintf(e->e_xfp, "%s... relayed; expect no further notifications\n", 2781 to->q_paddr); 2782 } 2783 } 2784 2785 #if SMTP 2786 if (bitnset(M_LMTP, m->m_flags)) 2787 { 2788 /* 2789 ** Global information applies to the last recipient only; 2790 ** clear it out to avoid bogus errors. 2791 */ 2792 2793 rcode = EX_OK; 2794 e->e_statmsg = NULL; 2795 2796 /* reset the mci state for the next transaction */ 2797 if (mci != NULL && mci->mci_state == MCIS_ACTIVE) 2798 mci->mci_state = MCIS_OPEN; 2799 } 2800 #endif /* SMTP */ 2801 2802 if (tobuf[0] != '\0') 2803 giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e); 2804 if (anyok) 2805 markstats(e, tochain, FALSE); 2806 mci_store_persistent(mci); 2807 2808 #if SMTP 2809 /* now close the connection */ 2810 if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED && 2811 !bitset(MCIF_CACHED, mci->mci_flags)) 2812 smtpquit(m, mci, e); 2813 #endif /* SMTP */ 2814 2815 /* 2816 ** Restore state and return. 2817 */ 2818 2819 #if XDEBUG 2820 { 2821 char wbuf[MAXLINE]; 2822 2823 /* make absolutely certain 0, 1, and 2 are in use */ 2824 snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)", 2825 e->e_to == NULL ? "NO-TO-LIST" 2826 : shortenstring(e->e_to, MAXSHORTSTR), 2827 m->m_name); 2828 checkfd012(wbuf); 2829 } 2830 #endif /* XDEBUG */ 2831 2832 errno = 0; 2833 define('g', (char *) NULL, e); 2834 e->e_to = NULL; 2835 return rcode; 2836 } 2837 2838 /* 2839 ** MARKFAILURE -- mark a failure on a specific address. 2840 ** 2841 ** Parameters: 2842 ** e -- the envelope we are sending. 2843 ** q -- the address to mark. 2844 ** mci -- mailer connection information. 2845 ** rcode -- the code signifying the particular failure. 2846 ** ovr -- override an existing code? 2847 ** 2848 ** Returns: 2849 ** none. 2850 ** 2851 ** Side Effects: 2852 ** marks the address (and possibly the envelope) with the 2853 ** failure so that an error will be returned or 2854 ** the message will be queued, as appropriate. 2855 */ 2856 2857 static void 2858 markfailure(e, q, mci, rcode, ovr) 2859 register ENVELOPE *e; 2860 register ADDRESS *q; 2861 register MCI *mci; 2862 int rcode; 2863 bool ovr; 2864 { 2865 char *status = NULL; 2866 char *rstatus = NULL; 2867 2868 switch (rcode) 2869 { 2870 case EX_OK: 2871 break; 2872 2873 case EX_TEMPFAIL: 2874 case EX_IOERR: 2875 case EX_OSERR: 2876 q->q_state = QS_QUEUEUP; 2877 break; 2878 2879 default: 2880 q->q_state = QS_BADADDR; 2881 break; 2882 } 2883 2884 /* find most specific error code possible */ 2885 if (mci != NULL && mci->mci_status != NULL) 2886 { 2887 status = mci->mci_status; 2888 if (mci->mci_rstatus != NULL) 2889 rstatus = newstr(mci->mci_rstatus); 2890 else 2891 rstatus = NULL; 2892 } 2893 else if (e->e_status != NULL) 2894 { 2895 status = e->e_status; 2896 rstatus = NULL; 2897 } 2898 else 2899 { 2900 switch (rcode) 2901 { 2902 case EX_USAGE: 2903 status = "5.5.4"; 2904 break; 2905 2906 case EX_DATAERR: 2907 status = "5.5.2"; 2908 break; 2909 2910 case EX_NOUSER: 2911 status = "5.1.1"; 2912 break; 2913 2914 case EX_NOHOST: 2915 status = "5.1.2"; 2916 break; 2917 2918 case EX_NOINPUT: 2919 case EX_CANTCREAT: 2920 case EX_NOPERM: 2921 status = "5.3.0"; 2922 break; 2923 2924 case EX_UNAVAILABLE: 2925 case EX_SOFTWARE: 2926 case EX_OSFILE: 2927 case EX_PROTOCOL: 2928 case EX_CONFIG: 2929 status = "5.5.0"; 2930 break; 2931 2932 case EX_OSERR: 2933 case EX_IOERR: 2934 status = "4.5.0"; 2935 break; 2936 2937 case EX_TEMPFAIL: 2938 status = "4.2.0"; 2939 break; 2940 } 2941 } 2942 2943 /* new status? */ 2944 if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL || 2945 *q->q_status == '\0' || *q->q_status < *status)) 2946 { 2947 q->q_status = status; 2948 q->q_rstatus = rstatus; 2949 } 2950 if (rcode != EX_OK && q->q_rstatus == NULL && 2951 q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL && 2952 strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0) 2953 { 2954 char buf[16]; 2955 2956 (void) snprintf(buf, sizeof buf, "%d", rcode); 2957 q->q_rstatus = newstr(buf); 2958 } 2959 2960 q->q_statdate = curtime(); 2961 if (CurHostName != NULL && CurHostName[0] != '\0' && 2962 mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags)) 2963 q->q_statmta = newstr(CurHostName); 2964 } 2965 /* 2966 ** ENDMAILER -- Wait for mailer to terminate. 2967 ** 2968 ** We should never get fatal errors (e.g., segmentation 2969 ** violation), so we report those specially. For other 2970 ** errors, we choose a status message (into statmsg), 2971 ** and if it represents an error, we print it. 2972 ** 2973 ** Parameters: 2974 ** pid -- pid of mailer. 2975 ** e -- the current envelope. 2976 ** pv -- the parameter vector that invoked the mailer 2977 ** (for error messages). 2978 ** 2979 ** Returns: 2980 ** exit code of mailer. 2981 ** 2982 ** Side Effects: 2983 ** none. 2984 */ 2985 2986 static jmp_buf EndWaitTimeout; 2987 2988 static void 2989 endwaittimeout() 2990 { 2991 errno = ETIMEDOUT; 2992 longjmp(EndWaitTimeout, 1); 2993 } 2994 2995 int 2996 endmailer(mci, e, pv) 2997 register MCI *mci; 2998 register ENVELOPE *e; 2999 char **pv; 3000 { 3001 int st; 3002 int save_errno = errno; 3003 char buf[MAXLINE]; 3004 EVENT *ev = NULL; 3005 3006 3007 mci_unlock_host(mci); 3008 3009 #if SASL 3010 /* shutdown SASL */ 3011 if (bitset(MCIF_AUTHACT, mci->mci_flags)) 3012 { 3013 sasl_dispose(&mci->mci_conn); 3014 mci->mci_flags &= ~MCIF_AUTHACT; 3015 } 3016 #endif /* SASL */ 3017 3018 #if STARTTLS 3019 /* shutdown TLS */ 3020 (void) endtlsclt(mci); 3021 #endif /* STARTTLS */ 3022 3023 /* close output to mailer */ 3024 if (mci->mci_out != NULL) 3025 (void) fclose(mci->mci_out); 3026 3027 /* copy any remaining input to transcript */ 3028 if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR && 3029 e->e_xfp != NULL) 3030 { 3031 while (sfgets(buf, sizeof buf, mci->mci_in, 3032 TimeOuts.to_quit, "Draining Input") != NULL) 3033 (void) fputs(buf, e->e_xfp); 3034 } 3035 3036 /* now close the input */ 3037 if (mci->mci_in != NULL) 3038 (void) fclose(mci->mci_in); 3039 mci->mci_in = mci->mci_out = NULL; 3040 mci->mci_state = MCIS_CLOSED; 3041 3042 errno = save_errno; 3043 3044 /* in the IPC case there is nothing to wait for */ 3045 if (mci->mci_pid == 0) 3046 return EX_OK; 3047 3048 /* put a timeout around the wait */ 3049 if (mci->mci_mailer->m_wait > 0) 3050 { 3051 if (setjmp(EndWaitTimeout) == 0) 3052 ev = setevent(mci->mci_mailer->m_wait, 3053 endwaittimeout, 0); 3054 else 3055 { 3056 syserr("endmailer %s: wait timeout (%ld)", 3057 mci->mci_mailer->m_name, 3058 (long) mci->mci_mailer->m_wait); 3059 return EX_TEMPFAIL; 3060 } 3061 } 3062 3063 /* wait for the mailer process, collect status */ 3064 st = waitfor(mci->mci_pid); 3065 save_errno = errno; 3066 if (ev != NULL) 3067 clrevent(ev); 3068 errno = save_errno; 3069 3070 if (st == -1) 3071 { 3072 syserr("endmailer %s: wait", mci->mci_mailer->m_name); 3073 return EX_SOFTWARE; 3074 } 3075 3076 if (WIFEXITED(st)) 3077 { 3078 /* normal death -- return status */ 3079 return (WEXITSTATUS(st)); 3080 } 3081 3082 /* it died a horrid death */ 3083 syserr("451 4.3.0 mailer %s died with signal %d%s", 3084 mci->mci_mailer->m_name, WTERMSIG(st), 3085 WCOREDUMP(st) ? " (core dumped)" : 3086 (WIFSTOPPED(st) ? " (stopped)" : "")); 3087 3088 /* log the arguments */ 3089 if (pv != NULL && e->e_xfp != NULL) 3090 { 3091 register char **av; 3092 3093 fprintf(e->e_xfp, "Arguments:"); 3094 for (av = pv; *av != NULL; av++) 3095 fprintf(e->e_xfp, " %s", *av); 3096 fprintf(e->e_xfp, "\n"); 3097 } 3098 3099 ExitStat = EX_TEMPFAIL; 3100 return EX_TEMPFAIL; 3101 } 3102 /* 3103 ** GIVERESPONSE -- Interpret an error response from a mailer 3104 ** 3105 ** Parameters: 3106 ** status -- the status code from the mailer (high byte 3107 ** only; core dumps must have been taken care of 3108 ** already). 3109 ** dsn -- the DSN associated with the address, if any. 3110 ** m -- the mailer info for this mailer. 3111 ** mci -- the mailer connection info -- can be NULL if the 3112 ** response is given before the connection is made. 3113 ** ctladdr -- the controlling address for the recipient 3114 ** address(es). 3115 ** xstart -- the transaction start time, for computing 3116 ** transaction delays. 3117 ** e -- the current envelope. 3118 ** 3119 ** Returns: 3120 ** none. 3121 ** 3122 ** Side Effects: 3123 ** Errors may be incremented. 3124 ** ExitStat may be set. 3125 */ 3126 3127 void 3128 giveresponse(status, dsn, m, mci, ctladdr, xstart, e) 3129 int status; 3130 char *dsn; 3131 register MAILER *m; 3132 register MCI *mci; 3133 ADDRESS *ctladdr; 3134 time_t xstart; 3135 ENVELOPE *e; 3136 { 3137 register const char *statmsg; 3138 extern char *SysExMsg[]; 3139 register int i; 3140 int errnum = errno; 3141 int off = 4; 3142 extern int N_SysEx; 3143 char dsnbuf[ENHSCLEN]; 3144 char buf[MAXLINE]; 3145 3146 if (e == NULL) 3147 syserr("giveresponse: null envelope"); 3148 3149 /* 3150 ** Compute status message from code. 3151 */ 3152 3153 i = status - EX__BASE; 3154 if (status == 0) 3155 { 3156 statmsg = "250 2.0.0 Sent"; 3157 if (e->e_statmsg != NULL) 3158 { 3159 (void) snprintf(buf, sizeof buf, "%s (%s)", 3160 statmsg, 3161 shortenstring(e->e_statmsg, 403)); 3162 statmsg = buf; 3163 } 3164 } 3165 else if (i < 0 || i >= N_SysEx) 3166 { 3167 (void) snprintf(buf, sizeof buf, 3168 "554 5.3.0 unknown mailer error %d", 3169 status); 3170 status = EX_UNAVAILABLE; 3171 statmsg = buf; 3172 } 3173 else if (status == EX_TEMPFAIL) 3174 { 3175 char *bp = buf; 3176 3177 snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1); 3178 bp += strlen(bp); 3179 #if NAMED_BIND 3180 if (h_errno == TRY_AGAIN) 3181 statmsg = errstring(h_errno+E_DNSBASE); 3182 else 3183 #endif /* NAMED_BIND */ 3184 { 3185 if (errnum != 0) 3186 statmsg = errstring(errnum); 3187 else 3188 { 3189 #if SMTP 3190 statmsg = SmtpError; 3191 #else /* SMTP */ 3192 statmsg = NULL; 3193 #endif /* SMTP */ 3194 } 3195 } 3196 if (statmsg != NULL && statmsg[0] != '\0') 3197 { 3198 switch (errnum) 3199 { 3200 #ifdef ENETDOWN 3201 case ENETDOWN: /* Network is down */ 3202 #endif /* ENETDOWN */ 3203 #ifdef ENETUNREACH 3204 case ENETUNREACH: /* Network is unreachable */ 3205 #endif /* ENETUNREACH */ 3206 #ifdef ENETRESET 3207 case ENETRESET: /* Network dropped connection on reset */ 3208 #endif /* ENETRESET */ 3209 #ifdef ECONNABORTED 3210 case ECONNABORTED: /* Software caused connection abort */ 3211 #endif /* ECONNABORTED */ 3212 #ifdef EHOSTDOWN 3213 case EHOSTDOWN: /* Host is down */ 3214 #endif /* EHOSTDOWN */ 3215 #ifdef EHOSTUNREACH 3216 case EHOSTUNREACH: /* No route to host */ 3217 #endif /* EHOSTUNREACH */ 3218 if (mci->mci_host != NULL) 3219 { 3220 snprintf(bp, SPACELEFT(buf, bp), 3221 ": %s", mci->mci_host); 3222 bp += strlen(bp); 3223 } 3224 break; 3225 } 3226 snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg); 3227 } 3228 statmsg = buf; 3229 } 3230 #if NAMED_BIND 3231 else if (status == EX_NOHOST && h_errno != 0) 3232 { 3233 statmsg = errstring(h_errno + E_DNSBASE); 3234 (void) snprintf(buf, sizeof buf, "%s (%s)", 3235 SysExMsg[i] + 1, statmsg); 3236 statmsg = buf; 3237 } 3238 #endif /* NAMED_BIND */ 3239 else 3240 { 3241 statmsg = SysExMsg[i]; 3242 if (*statmsg++ == ':' && errnum != 0) 3243 { 3244 (void) snprintf(buf, sizeof buf, "%s: %s", 3245 statmsg, errstring(errnum)); 3246 statmsg = buf; 3247 } 3248 } 3249 3250 /* 3251 ** Print the message as appropriate 3252 */ 3253 3254 if (status == EX_OK || status == EX_TEMPFAIL) 3255 { 3256 extern char MsgBuf[]; 3257 3258 if ((off = isenhsc(statmsg + 4, ' ')) > 0) 3259 { 3260 if (dsn == NULL) 3261 { 3262 snprintf(dsnbuf, sizeof dsnbuf, 3263 "%.*s", off, statmsg + 4); 3264 dsn = dsnbuf; 3265 } 3266 off += 5; 3267 } 3268 else 3269 { 3270 off = 4; 3271 } 3272 message("%s", statmsg + off); 3273 if (status == EX_TEMPFAIL && e->e_xfp != NULL) 3274 fprintf(e->e_xfp, "%s\n", &MsgBuf[4]); 3275 } 3276 else 3277 { 3278 char mbuf[ENHSCLEN + 4]; 3279 3280 Errors++; 3281 if ((off = isenhsc(statmsg + 4, ' ')) > 0 && 3282 off < sizeof mbuf - 4) 3283 { 3284 if (dsn == NULL) 3285 { 3286 snprintf(dsnbuf, sizeof dsnbuf, 3287 "%.*s", off, statmsg + 4); 3288 dsn = dsnbuf; 3289 } 3290 off += 5; 3291 (void) strlcpy(mbuf, statmsg, off); 3292 (void) strlcat(mbuf, " %s", sizeof mbuf); 3293 } 3294 else 3295 { 3296 dsnbuf[0] = '\0'; 3297 (void) snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg); 3298 off = 4; 3299 } 3300 usrerr(mbuf, &statmsg[off]); 3301 } 3302 3303 /* 3304 ** Final cleanup. 3305 ** Log a record of the transaction. Compute the new 3306 ** ExitStat -- if we already had an error, stick with 3307 ** that. 3308 */ 3309 3310 if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) && 3311 LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6)) 3312 logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e); 3313 3314 if (tTd(11, 2)) 3315 dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s\n", 3316 status, 3317 dsn == NULL ? "<NULL>" : dsn, 3318 e->e_message == NULL ? "<NULL>" : e->e_message); 3319 3320 if (status != EX_TEMPFAIL) 3321 setstat(status); 3322 if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL)) 3323 { 3324 if (e->e_message != NULL) 3325 free(e->e_message); 3326 e->e_message = newstr(statmsg + off); 3327 } 3328 errno = 0; 3329 #if NAMED_BIND 3330 h_errno = 0; 3331 #endif /* NAMED_BIND */ 3332 } 3333 /* 3334 ** LOGDELIVERY -- log the delivery in the system log 3335 ** 3336 ** Care is taken to avoid logging lines that are too long, because 3337 ** some versions of syslog have an unfortunate proclivity for core 3338 ** dumping. This is a hack, to be sure, that is at best empirical. 3339 ** 3340 ** Parameters: 3341 ** m -- the mailer info. Can be NULL for initial queue. 3342 ** mci -- the mailer connection info -- can be NULL if the 3343 ** log is occurring when no connection is active. 3344 ** dsn -- the DSN attached to the status. 3345 ** status -- the message to print for the status. 3346 ** ctladdr -- the controlling address for the to list. 3347 ** xstart -- the transaction start time, used for 3348 ** computing transaction delay. 3349 ** e -- the current envelope. 3350 ** 3351 ** Returns: 3352 ** none 3353 ** 3354 ** Side Effects: 3355 ** none 3356 */ 3357 3358 void 3359 logdelivery(m, mci, dsn, status, ctladdr, xstart, e) 3360 MAILER *m; 3361 register MCI *mci; 3362 char *dsn; 3363 const char *status; 3364 ADDRESS *ctladdr; 3365 time_t xstart; 3366 register ENVELOPE *e; 3367 { 3368 register char *bp; 3369 register char *p; 3370 int l; 3371 char buf[1024]; 3372 3373 #if (SYSLOG_BUFSIZE) >= 256 3374 /* ctladdr: max 106 bytes */ 3375 bp = buf; 3376 if (ctladdr != NULL) 3377 { 3378 snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s", 3379 shortenstring(ctladdr->q_paddr, 83)); 3380 bp += strlen(bp); 3381 if (bitset(QGOODUID, ctladdr->q_flags)) 3382 { 3383 (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 3384 (int) ctladdr->q_uid, 3385 (int) ctladdr->q_gid); 3386 bp += strlen(bp); 3387 } 3388 } 3389 3390 /* delay & xdelay: max 41 bytes */ 3391 snprintf(bp, SPACELEFT(buf, bp), ", delay=%s", 3392 pintvl(curtime() - e->e_ctime, TRUE)); 3393 bp += strlen(bp); 3394 3395 if (xstart != (time_t) 0) 3396 { 3397 snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", 3398 pintvl(curtime() - xstart, TRUE)); 3399 bp += strlen(bp); 3400 } 3401 3402 /* mailer: assume about 19 bytes (max 10 byte mailer name) */ 3403 if (m != NULL) 3404 { 3405 snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); 3406 bp += strlen(bp); 3407 } 3408 3409 /* pri: changes with each delivery attempt */ 3410 snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", e->e_msgpriority); 3411 bp += strlen(bp); 3412 3413 /* relay: max 66 bytes for IPv4 addresses */ 3414 if (mci != NULL && mci->mci_host != NULL) 3415 { 3416 # if DAEMON 3417 extern SOCKADDR CurHostAddr; 3418 # endif /* DAEMON */ 3419 3420 snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", 3421 shortenstring(mci->mci_host, 40)); 3422 bp += strlen(bp); 3423 3424 # if DAEMON 3425 if (CurHostAddr.sa.sa_family != 0) 3426 { 3427 snprintf(bp, SPACELEFT(buf, bp), " [%s]", 3428 anynet_ntoa(&CurHostAddr)); 3429 } 3430 # endif /* DAEMON */ 3431 } 3432 else if (strcmp(status, "queued") != 0) 3433 { 3434 p = macvalue('h', e); 3435 if (p != NULL && p[0] != '\0') 3436 { 3437 snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", 3438 shortenstring(p, 40)); 3439 } 3440 } 3441 bp += strlen(bp); 3442 3443 /* dsn */ 3444 if (dsn != NULL && *dsn != '\0') 3445 { 3446 snprintf(bp, SPACELEFT(buf, bp), ", dsn=%s", 3447 shortenstring(dsn, ENHSCLEN)); 3448 bp += strlen(bp); 3449 } 3450 3451 # define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4) 3452 # if (STATLEN) < 63 3453 # undef STATLEN 3454 # define STATLEN 63 3455 # endif /* (STATLEN) < 63 */ 3456 # if (STATLEN) > 203 3457 # undef STATLEN 3458 # define STATLEN 203 3459 # endif /* (STATLEN) > 203 */ 3460 3461 /* stat: max 210 bytes */ 3462 if ((bp - buf) > (sizeof buf - ((STATLEN) + 20))) 3463 { 3464 /* desperation move -- truncate data */ 3465 bp = buf + sizeof buf - ((STATLEN) + 17); 3466 (void) strlcpy(bp, "...", SPACELEFT(buf, bp)); 3467 bp += 3; 3468 } 3469 3470 (void) strlcpy(bp, ", stat=", SPACELEFT(buf, bp)); 3471 bp += strlen(bp); 3472 3473 (void) strlcpy(bp, shortenstring(status, STATLEN), SPACELEFT(buf, bp)); 3474 3475 /* id, to: max 13 + TOBUFSIZE bytes */ 3476 l = SYSLOG_BUFSIZE - 100 - strlen(buf); 3477 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 3478 while (strlen(p) >= (SIZE_T) l) 3479 { 3480 register char *q; 3481 3482 #if _FFR_DYNAMIC_TOBUF 3483 for (q = p + l; q > p; q--) 3484 { 3485 if (*q == ',') 3486 break; 3487 } 3488 if (p == q) 3489 break; 3490 #else /* _FFR_DYNAMIC_TOBUF */ 3491 q = strchr(p + l, ','); 3492 if (q == NULL) 3493 break; 3494 #endif /* _FFR_DYNAMIC_TOBUF */ 3495 3496 sm_syslog(LOG_INFO, e->e_id, 3497 "to=%.*s [more]%s", 3498 (int) (++q - p), p, buf); 3499 p = q; 3500 } 3501 #if _FFR_DYNAMIC_TOBUF 3502 sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf); 3503 #else /* _FFR_DYNAMIC_TOBUF */ 3504 sm_syslog(LOG_INFO, e->e_id, "to=%s%s", p, buf); 3505 #endif /* _FFR_DYNAMIC_TOBUF */ 3506 3507 #else /* (SYSLOG_BUFSIZE) >= 256 */ 3508 3509 l = SYSLOG_BUFSIZE - 85; 3510 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; 3511 while (strlen(p) >= (SIZE_T) l) 3512 { 3513 register char *q; 3514 3515 #if _FFR_DYNAMIC_TOBUF 3516 for (q = p + l; q > p; q--) 3517 { 3518 if (*q == ',') 3519 break; 3520 } 3521 if (p == q) 3522 break; 3523 #else /* _FFR_DYNAMIC_TOBUF */ 3524 q = strchr(p + l, ','); 3525 if (q == NULL) 3526 break; 3527 #endif /* _FFR_DYNAMIC_TOBUF */ 3528 3529 sm_syslog(LOG_INFO, e->e_id, 3530 "to=%.*s [more]", 3531 (int) (++q - p), p); 3532 p = q; 3533 } 3534 #if _FFR_DYNAMIC_TOBUF 3535 sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p); 3536 #else /* _FFR_DYNAMIC_TOBUF */ 3537 sm_syslog(LOG_INFO, e->e_id, "to=%s", p); 3538 #endif /* _FFR_DYNAMIC_TOBUF */ 3539 3540 if (ctladdr != NULL) 3541 { 3542 bp = buf; 3543 snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s", 3544 shortenstring(ctladdr->q_paddr, 83)); 3545 bp += strlen(bp); 3546 if (bitset(QGOODUID, ctladdr->q_flags)) 3547 { 3548 (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", 3549 ctladdr->q_uid, ctladdr->q_gid); 3550 bp += strlen(bp); 3551 } 3552 sm_syslog(LOG_INFO, e->e_id, "%s", buf); 3553 } 3554 bp = buf; 3555 snprintf(bp, SPACELEFT(buf, bp), "delay=%s", 3556 pintvl(curtime() - e->e_ctime, TRUE)); 3557 bp += strlen(bp); 3558 if (xstart != (time_t) 0) 3559 { 3560 snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", 3561 pintvl(curtime() - xstart, TRUE)); 3562 bp += strlen(bp); 3563 } 3564 3565 if (m != NULL) 3566 { 3567 snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); 3568 bp += strlen(bp); 3569 } 3570 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 3571 3572 buf[0] = '\0'; 3573 bp = buf; 3574 if (mci != NULL && mci->mci_host != NULL) 3575 { 3576 # if DAEMON 3577 extern SOCKADDR CurHostAddr; 3578 # endif /* DAEMON */ 3579 3580 snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host); 3581 bp += strlen(bp); 3582 3583 # if DAEMON 3584 if (CurHostAddr.sa.sa_family != 0) 3585 snprintf(bp, SPACELEFT(buf, bp), " [%.100s]", 3586 anynet_ntoa(&CurHostAddr)); 3587 # endif /* DAEMON */ 3588 } 3589 else if (strcmp(status, "queued") != 0) 3590 { 3591 p = macvalue('h', e); 3592 if (p != NULL && p[0] != '\0') 3593 snprintf(buf, sizeof buf, "relay=%.100s", p); 3594 } 3595 if (buf[0] != '\0') 3596 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); 3597 3598 sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63)); 3599 #endif /* (SYSLOG_BUFSIZE) >= 256 */ 3600 } 3601 /* 3602 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 3603 ** 3604 ** This can be made an arbitrary message separator by changing $l 3605 ** 3606 ** One of the ugliest hacks seen by human eyes is contained herein: 3607 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 3608 ** does a well-meaning programmer such as myself have to deal with 3609 ** this kind of antique garbage???? 3610 ** 3611 ** Parameters: 3612 ** mci -- the connection information. 3613 ** e -- the envelope. 3614 ** 3615 ** Returns: 3616 ** none 3617 ** 3618 ** Side Effects: 3619 ** outputs some text to fp. 3620 */ 3621 3622 void 3623 putfromline(mci, e) 3624 register MCI *mci; 3625 ENVELOPE *e; 3626 { 3627 char *template = UnixFromLine; 3628 char buf[MAXLINE]; 3629 char xbuf[MAXLINE]; 3630 3631 if (bitnset(M_NHDR, mci->mci_mailer->m_flags)) 3632 return; 3633 3634 mci->mci_flags |= MCIF_INHEADER; 3635 3636 if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags)) 3637 { 3638 char *bang; 3639 3640 expand("\201g", buf, sizeof buf, e); 3641 bang = strchr(buf, '!'); 3642 if (bang == NULL) 3643 { 3644 char *at; 3645 char hname[MAXNAME]; 3646 3647 /* 3648 ** If we can construct a UUCP path, do so 3649 */ 3650 3651 at = strrchr(buf, '@'); 3652 if (at == NULL) 3653 { 3654 expand("\201k", hname, sizeof hname, e); 3655 at = hname; 3656 } 3657 else 3658 *at++ = '\0'; 3659 (void) snprintf(xbuf, sizeof xbuf, 3660 "From %.800s \201d remote from %.100s\n", 3661 buf, at); 3662 } 3663 else 3664 { 3665 *bang++ = '\0'; 3666 (void) snprintf(xbuf, sizeof xbuf, 3667 "From %.800s \201d remote from %.100s\n", 3668 bang, buf); 3669 template = xbuf; 3670 } 3671 } 3672 expand(template, buf, sizeof buf, e); 3673 putxline(buf, strlen(buf), mci, PXLF_HEADER); 3674 } 3675 /* 3676 ** PUTBODY -- put the body of a message. 3677 ** 3678 ** Parameters: 3679 ** mci -- the connection information. 3680 ** e -- the envelope to put out. 3681 ** separator -- if non-NULL, a message separator that must 3682 ** not be permitted in the resulting message. 3683 ** 3684 ** Returns: 3685 ** none. 3686 ** 3687 ** Side Effects: 3688 ** The message is written onto fp. 3689 */ 3690 3691 /* values for output state variable */ 3692 #define OS_HEAD 0 /* at beginning of line */ 3693 #define OS_CR 1 /* read a carriage return */ 3694 #define OS_INLINE 2 /* putting rest of line */ 3695 3696 void 3697 putbody(mci, e, separator) 3698 register MCI *mci; 3699 register ENVELOPE *e; 3700 char *separator; 3701 { 3702 bool dead = FALSE; 3703 char buf[MAXLINE]; 3704 char *boundaries[MAXMIMENESTING + 1]; 3705 3706 /* 3707 ** Output the body of the message 3708 */ 3709 3710 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 3711 { 3712 char *df = queuename(e, 'd'); 3713 3714 e->e_dfp = fopen(df, "r"); 3715 if (e->e_dfp == NULL) 3716 { 3717 char *msg = "!putbody: Cannot open %s for %s from %s"; 3718 3719 if (errno == ENOENT) 3720 msg++; 3721 syserr(msg, df, e->e_to, e->e_from.q_paddr); 3722 } 3723 } 3724 if (e->e_dfp == NULL) 3725 { 3726 if (bitset(MCIF_INHEADER, mci->mci_flags)) 3727 { 3728 putline("", mci); 3729 mci->mci_flags &= ~MCIF_INHEADER; 3730 } 3731 putline("<<< No Message Collected >>>", mci); 3732 goto endofmessage; 3733 } 3734 3735 if (e->e_dfino == (ino_t) 0) 3736 { 3737 struct stat stbuf; 3738 3739 if (fstat(fileno(e->e_dfp), &stbuf) < 0) 3740 e->e_dfino = -1; 3741 else 3742 { 3743 e->e_dfdev = stbuf.st_dev; 3744 e->e_dfino = stbuf.st_ino; 3745 } 3746 } 3747 3748 /* paranoia: the df file should always be in a rewound state */ 3749 (void) bfrewind(e->e_dfp); 3750 3751 #if MIME8TO7 3752 if (bitset(MCIF_CVT8TO7, mci->mci_flags)) 3753 { 3754 /* 3755 ** Do 8 to 7 bit MIME conversion. 3756 */ 3757 3758 /* make sure it looks like a MIME message */ 3759 if (hvalue("MIME-Version", e->e_header) == NULL) 3760 putline("MIME-Version: 1.0", mci); 3761 3762 if (hvalue("Content-Type", e->e_header) == NULL) 3763 { 3764 snprintf(buf, sizeof buf, 3765 "Content-Type: text/plain; charset=%s", 3766 defcharset(e)); 3767 putline(buf, mci); 3768 } 3769 3770 /* now do the hard work */ 3771 boundaries[0] = NULL; 3772 mci->mci_flags |= MCIF_INHEADER; 3773 (void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER); 3774 } 3775 # if MIME7TO8 3776 else if (bitset(MCIF_CVT7TO8, mci->mci_flags)) 3777 { 3778 (void) mime7to8(mci, e->e_header, e); 3779 } 3780 # endif /* MIME7TO8 */ 3781 else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0) 3782 { 3783 bool oldsuprerrs = SuprErrs; 3784 3785 /* Use mime8to7 to check multipart for MIME header overflows */ 3786 boundaries[0] = NULL; 3787 mci->mci_flags |= MCIF_INHEADER; 3788 3789 /* 3790 ** If EF_DONT_MIME is set, we have a broken MIME message 3791 ** and don't want to generate a new bounce message whose 3792 ** body propagates the broken MIME. We can't just not call 3793 ** mime8to7() as is done above since we need the security 3794 ** checks. The best we can do is suppress the errors. 3795 */ 3796 3797 if (bitset(EF_DONT_MIME, e->e_flags)) 3798 SuprErrs = TRUE; 3799 3800 (void) mime8to7(mci, e->e_header, e, boundaries, 3801 M87F_OUTER|M87F_NO8TO7); 3802 3803 /* restore SuprErrs */ 3804 SuprErrs = oldsuprerrs; 3805 } 3806 else 3807 #endif /* MIME8TO7 */ 3808 { 3809 int ostate; 3810 register char *bp; 3811 register char *pbp; 3812 register int c; 3813 register char *xp; 3814 int padc; 3815 char *buflim; 3816 int pos = 0; 3817 char peekbuf[12]; 3818 3819 if (bitset(MCIF_INHEADER, mci->mci_flags)) 3820 { 3821 putline("", mci); 3822 mci->mci_flags &= ~MCIF_INHEADER; 3823 } 3824 3825 /* determine end of buffer; allow for short mailer lines */ 3826 buflim = &buf[sizeof buf - 1]; 3827 if (mci->mci_mailer->m_linelimit > 0 && 3828 mci->mci_mailer->m_linelimit < sizeof buf - 1) 3829 buflim = &buf[mci->mci_mailer->m_linelimit - 1]; 3830 3831 /* copy temp file to output with mapping */ 3832 ostate = OS_HEAD; 3833 bp = buf; 3834 pbp = peekbuf; 3835 while (!ferror(mci->mci_out) && !dead) 3836 { 3837 if (pbp > peekbuf) 3838 c = *--pbp; 3839 else if ((c = getc(e->e_dfp)) == EOF) 3840 break; 3841 if (bitset(MCIF_7BIT, mci->mci_flags)) 3842 c &= 0x7f; 3843 switch (ostate) 3844 { 3845 case OS_HEAD: 3846 #if _FFR_NONULLS 3847 if (c == '\0' && 3848 bitnset(M_NONULLS, mci->mci_mailer->m_flags)) 3849 break; 3850 #endif /* _FFR_NONULLS */ 3851 if (c != '\r' && c != '\n' && bp < buflim) 3852 { 3853 *bp++ = c; 3854 break; 3855 } 3856 3857 /* check beginning of line for special cases */ 3858 *bp = '\0'; 3859 pos = 0; 3860 padc = EOF; 3861 if (buf[0] == 'F' && 3862 bitnset(M_ESCFROM, mci->mci_mailer->m_flags) && 3863 strncmp(buf, "From ", 5) == 0) 3864 { 3865 padc = '>'; 3866 } 3867 if (buf[0] == '-' && buf[1] == '-' && 3868 separator != NULL) 3869 { 3870 /* possible separator */ 3871 int sl = strlen(separator); 3872 3873 if (strncmp(&buf[2], separator, sl) == 0) 3874 padc = ' '; 3875 } 3876 if (buf[0] == '.' && 3877 bitnset(M_XDOT, mci->mci_mailer->m_flags)) 3878 { 3879 padc = '.'; 3880 } 3881 3882 /* now copy out saved line */ 3883 if (TrafficLogFile != NULL) 3884 { 3885 fprintf(TrafficLogFile, "%05d >>> ", 3886 (int) getpid()); 3887 if (padc != EOF) 3888 (void) putc(padc, 3889 TrafficLogFile); 3890 for (xp = buf; xp < bp; xp++) 3891 (void) putc((unsigned char) *xp, 3892 TrafficLogFile); 3893 if (c == '\n') 3894 (void) fputs(mci->mci_mailer->m_eol, 3895 TrafficLogFile); 3896 } 3897 if (padc != EOF) 3898 { 3899 if (putc(padc, mci->mci_out) == EOF) 3900 { 3901 dead = TRUE; 3902 continue; 3903 } 3904 pos++; 3905 } 3906 for (xp = buf; xp < bp; xp++) 3907 { 3908 if (putc((unsigned char) *xp, 3909 mci->mci_out) == EOF) 3910 { 3911 dead = TRUE; 3912 break; 3913 } 3914 3915 /* record progress for DATA timeout */ 3916 DataProgress = TRUE; 3917 } 3918 if (dead) 3919 continue; 3920 if (c == '\n') 3921 { 3922 if (fputs(mci->mci_mailer->m_eol, 3923 mci->mci_out) == EOF) 3924 break; 3925 pos = 0; 3926 } 3927 else 3928 { 3929 pos += bp - buf; 3930 if (c != '\r') 3931 *pbp++ = c; 3932 } 3933 3934 /* record progress for DATA timeout */ 3935 DataProgress = TRUE; 3936 bp = buf; 3937 3938 /* determine next state */ 3939 if (c == '\n') 3940 ostate = OS_HEAD; 3941 else if (c == '\r') 3942 ostate = OS_CR; 3943 else 3944 ostate = OS_INLINE; 3945 continue; 3946 3947 case OS_CR: 3948 if (c == '\n') 3949 { 3950 /* got CRLF */ 3951 if (fputs(mci->mci_mailer->m_eol, 3952 mci->mci_out) == EOF) 3953 continue; 3954 3955 /* record progress for DATA timeout */ 3956 DataProgress = TRUE; 3957 3958 if (TrafficLogFile != NULL) 3959 { 3960 (void) fputs(mci->mci_mailer->m_eol, 3961 TrafficLogFile); 3962 } 3963 ostate = OS_HEAD; 3964 continue; 3965 } 3966 3967 /* had a naked carriage return */ 3968 *pbp++ = c; 3969 c = '\r'; 3970 ostate = OS_INLINE; 3971 goto putch; 3972 3973 case OS_INLINE: 3974 if (c == '\r') 3975 { 3976 ostate = OS_CR; 3977 continue; 3978 } 3979 #if _FFR_NONULLS 3980 if (c == '\0' && 3981 bitnset(M_NONULLS, mci->mci_mailer->m_flags)) 3982 break; 3983 #endif /* _FFR_NONULLS */ 3984 putch: 3985 if (mci->mci_mailer->m_linelimit > 0 && 3986 pos >= mci->mci_mailer->m_linelimit - 1 && 3987 c != '\n') 3988 { 3989 int d; 3990 3991 /* check next character for EOL */ 3992 if (pbp > peekbuf) 3993 d = *(pbp - 1); 3994 else if ((d = getc(e->e_dfp)) != EOF) 3995 *pbp++ = d; 3996 3997 if (d == '\n' || d == EOF) 3998 { 3999 if (TrafficLogFile != NULL) 4000 (void) putc((unsigned char) c, 4001 TrafficLogFile); 4002 if (putc((unsigned char) c, 4003 mci->mci_out) == EOF) 4004 { 4005 dead = TRUE; 4006 continue; 4007 } 4008 pos++; 4009 continue; 4010 } 4011 4012 if (putc('!', mci->mci_out) == EOF || 4013 fputs(mci->mci_mailer->m_eol, 4014 mci->mci_out) == EOF) 4015 { 4016 dead = TRUE; 4017 continue; 4018 } 4019 4020 /* record progress for DATA timeout */ 4021 DataProgress = TRUE; 4022 4023 if (TrafficLogFile != NULL) 4024 { 4025 fprintf(TrafficLogFile, "!%s", 4026 mci->mci_mailer->m_eol); 4027 } 4028 ostate = OS_HEAD; 4029 *pbp++ = c; 4030 continue; 4031 } 4032 if (c == '\n') 4033 { 4034 if (TrafficLogFile != NULL) 4035 (void) fputs(mci->mci_mailer->m_eol, 4036 TrafficLogFile); 4037 if (fputs(mci->mci_mailer->m_eol, 4038 mci->mci_out) == EOF) 4039 continue; 4040 pos = 0; 4041 ostate = OS_HEAD; 4042 } 4043 else 4044 { 4045 if (TrafficLogFile != NULL) 4046 (void) putc((unsigned char) c, 4047 TrafficLogFile); 4048 if (putc((unsigned char) c, 4049 mci->mci_out) == EOF) 4050 { 4051 dead = TRUE; 4052 continue; 4053 } 4054 pos++; 4055 ostate = OS_INLINE; 4056 } 4057 4058 /* record progress for DATA timeout */ 4059 DataProgress = TRUE; 4060 break; 4061 } 4062 } 4063 4064 /* make sure we are at the beginning of a line */ 4065 if (bp > buf) 4066 { 4067 if (TrafficLogFile != NULL) 4068 { 4069 for (xp = buf; xp < bp; xp++) 4070 (void) putc((unsigned char) *xp, 4071 TrafficLogFile); 4072 } 4073 for (xp = buf; xp < bp; xp++) 4074 { 4075 if (putc((unsigned char) *xp, mci->mci_out) == 4076 EOF) 4077 { 4078 dead = TRUE; 4079 break; 4080 } 4081 4082 /* record progress for DATA timeout */ 4083 DataProgress = TRUE; 4084 } 4085 pos += bp - buf; 4086 } 4087 if (!dead && pos > 0) 4088 { 4089 if (TrafficLogFile != NULL) 4090 (void) fputs(mci->mci_mailer->m_eol, 4091 TrafficLogFile); 4092 (void) fputs(mci->mci_mailer->m_eol, mci->mci_out); 4093 4094 /* record progress for DATA timeout */ 4095 DataProgress = TRUE; 4096 } 4097 } 4098 4099 if (ferror(e->e_dfp)) 4100 { 4101 syserr("putbody: %s/df%s: read error", 4102 qid_printqueue(e->e_queuedir), e->e_id); 4103 ExitStat = EX_IOERR; 4104 } 4105 4106 endofmessage: 4107 /* 4108 ** Since mailfile() uses e_dfp in a child process, 4109 ** the file offset in the stdio library for the 4110 ** parent process will not agree with the in-kernel 4111 ** file offset since the file descriptor is shared 4112 ** between the processes. Therefore, it is vital 4113 ** that the file always be rewound. This forces the 4114 ** kernel offset (lseek) and stdio library (ftell) 4115 ** offset to match. 4116 */ 4117 4118 if (e->e_dfp != NULL) 4119 (void) bfrewind(e->e_dfp); 4120 4121 /* some mailers want extra blank line at end of message */ 4122 if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) && 4123 buf[0] != '\0' && buf[0] != '\n') 4124 putline("", mci); 4125 4126 (void) fflush(mci->mci_out); 4127 if (ferror(mci->mci_out) && errno != EPIPE) 4128 { 4129 syserr("putbody: write error"); 4130 ExitStat = EX_IOERR; 4131 } 4132 4133 errno = 0; 4134 } 4135 /* 4136 ** MAILFILE -- Send a message to a file. 4137 ** 4138 ** If the file has the setuid/setgid bits set, but NO execute 4139 ** bits, sendmail will try to become the owner of that file 4140 ** rather than the real user. Obviously, this only works if 4141 ** sendmail runs as root. 4142 ** 4143 ** This could be done as a subordinate mailer, except that it 4144 ** is used implicitly to save messages in ~/dead.letter. We 4145 ** view this as being sufficiently important as to include it 4146 ** here. For example, if the system is dying, we shouldn't have 4147 ** to create another process plus some pipes to save the message. 4148 ** 4149 ** Parameters: 4150 ** filename -- the name of the file to send to. 4151 ** mailer -- mailer definition for recipient -- if NULL, 4152 ** use FileMailer. 4153 ** ctladdr -- the controlling address header -- includes 4154 ** the userid/groupid to be when sending. 4155 ** sfflags -- flags for opening. 4156 ** e -- the current envelope. 4157 ** 4158 ** Returns: 4159 ** The exit code associated with the operation. 4160 ** 4161 ** Side Effects: 4162 ** none. 4163 */ 4164 4165 static jmp_buf CtxMailfileTimeout; 4166 4167 int 4168 mailfile(filename, mailer, ctladdr, sfflags, e) 4169 char *volatile filename; 4170 MAILER *volatile mailer; 4171 ADDRESS *ctladdr; 4172 volatile long sfflags; 4173 register ENVELOPE *e; 4174 { 4175 register FILE *f; 4176 register pid_t pid = -1; 4177 volatile int mode; 4178 int len; 4179 off_t curoff; 4180 bool suidwarn = geteuid() == 0; 4181 char *p; 4182 char *volatile realfile; 4183 EVENT *ev; 4184 char buf[MAXLINE + 1]; 4185 char targetfile[MAXPATHLEN + 1]; 4186 4187 if (tTd(11, 1)) 4188 { 4189 dprintf("mailfile %s\n ctladdr=", filename); 4190 printaddr(ctladdr, FALSE); 4191 } 4192 4193 if (mailer == NULL) 4194 mailer = FileMailer; 4195 4196 if (e->e_xfp != NULL) 4197 (void) fflush(e->e_xfp); 4198 4199 /* 4200 ** Special case /dev/null. This allows us to restrict file 4201 ** delivery to regular files only. 4202 */ 4203 4204 if (strcmp(filename, "/dev/null") == 0) 4205 return EX_OK; 4206 4207 /* check for 8-bit available */ 4208 if (bitset(EF_HAS8BIT, e->e_flags) && 4209 bitnset(M_7BITS, mailer->m_flags) && 4210 (bitset(EF_DONT_MIME, e->e_flags) || 4211 !(bitset(MM_MIME8BIT, MimeMode) || 4212 (bitset(EF_IS_MIME, e->e_flags) && 4213 bitset(MM_CVTMIME, MimeMode))))) 4214 { 4215 e->e_status = "5.6.3"; 4216 usrerrenh(e->e_status, 4217 "554 Cannot send 8-bit data to 7-bit destination"); 4218 return EX_DATAERR; 4219 } 4220 4221 /* Find the actual file */ 4222 if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0') 4223 { 4224 len = strlen(SafeFileEnv); 4225 4226 if (strncmp(SafeFileEnv, filename, len) == 0) 4227 filename += len; 4228 4229 if (len + strlen(filename) + 1 > MAXPATHLEN) 4230 { 4231 syserr("mailfile: filename too long (%s/%s)", 4232 SafeFileEnv, filename); 4233 return EX_CANTCREAT; 4234 } 4235 (void) strlcpy(targetfile, SafeFileEnv, sizeof targetfile); 4236 realfile = targetfile + len; 4237 if (targetfile[len - 1] != '/') 4238 (void) strlcat(targetfile, "/", sizeof targetfile); 4239 if (*filename == '/') 4240 filename++; 4241 (void) strlcat(targetfile, filename, sizeof targetfile); 4242 } 4243 else if (mailer->m_rootdir != NULL) 4244 { 4245 expand(mailer->m_rootdir, targetfile, sizeof targetfile, e); 4246 len = strlen(targetfile); 4247 4248 if (strncmp(targetfile, filename, len) == 0) 4249 filename += len; 4250 4251 if (len + strlen(filename) + 1 > MAXPATHLEN) 4252 { 4253 syserr("mailfile: filename too long (%s/%s)", 4254 targetfile, filename); 4255 return EX_CANTCREAT; 4256 } 4257 realfile = targetfile + len; 4258 if (targetfile[len - 1] != '/') 4259 (void) strlcat(targetfile, "/", sizeof targetfile); 4260 if (*filename == '/') 4261 (void) strlcat(targetfile, filename + 1, 4262 sizeof targetfile); 4263 else 4264 (void) strlcat(targetfile, filename, sizeof targetfile); 4265 } 4266 else 4267 { 4268 if (strlen(filename) > MAXPATHLEN) 4269 { 4270 syserr("mailfile: filename too long (%s)", filename); 4271 return EX_CANTCREAT; 4272 } 4273 (void) strlcpy(targetfile, filename, sizeof targetfile); 4274 realfile = targetfile; 4275 } 4276 4277 /* 4278 ** Fork so we can change permissions here. 4279 ** Note that we MUST use fork, not vfork, because of 4280 ** the complications of calling subroutines, etc. 4281 */ 4282 4283 DOFORK(fork); 4284 4285 if (pid < 0) 4286 return EX_OSERR; 4287 else if (pid == 0) 4288 { 4289 /* child -- actually write to file */ 4290 struct stat stb; 4291 MCI mcibuf; 4292 int err; 4293 volatile int oflags = O_WRONLY|O_APPEND; 4294 4295 if (e->e_lockfp != NULL) 4296 (void) close(fileno(e->e_lockfp)); 4297 4298 (void) setsignal(SIGINT, SIG_DFL); 4299 (void) setsignal(SIGHUP, SIG_DFL); 4300 (void) setsignal(SIGTERM, SIG_DFL); 4301 (void) umask(OldUmask); 4302 e->e_to = filename; 4303 ExitStat = EX_OK; 4304 4305 if (setjmp(CtxMailfileTimeout) != 0) 4306 { 4307 exit(EX_TEMPFAIL); 4308 } 4309 4310 if (TimeOuts.to_fileopen > 0) 4311 ev = setevent(TimeOuts.to_fileopen, mailfiletimeout, 0); 4312 else 4313 ev = NULL; 4314 4315 /* check file mode to see if setuid */ 4316 if (stat(targetfile, &stb) < 0) 4317 mode = FileMode; 4318 else 4319 mode = stb.st_mode; 4320 4321 /* limit the errors to those actually caused in the child */ 4322 errno = 0; 4323 ExitStat = EX_OK; 4324 4325 /* Allow alias expansions to use the S_IS{U,G}ID bits */ 4326 if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) || 4327 bitset(SFF_RUNASREALUID, sfflags)) 4328 { 4329 /* ignore setuid and setgid bits */ 4330 mode &= ~(S_ISGID|S_ISUID); 4331 if (tTd(11, 20)) 4332 dprintf("mailfile: ignoring setuid/setgid bits\n"); 4333 } 4334 4335 /* we have to open the dfile BEFORE setuid */ 4336 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) 4337 { 4338 char *df = queuename(e, 'd'); 4339 4340 e->e_dfp = fopen(df, "r"); 4341 if (e->e_dfp == NULL) 4342 { 4343 syserr("mailfile: Cannot open %s for %s from %s", 4344 df, e->e_to, e->e_from.q_paddr); 4345 } 4346 } 4347 4348 /* select a new user to run as */ 4349 if (!bitset(SFF_RUNASREALUID, sfflags)) 4350 { 4351 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 4352 { 4353 RealUserName = NULL; 4354 RealUid = mailer->m_uid; 4355 if (RunAsUid != 0 && RealUid != RunAsUid) 4356 { 4357 /* Only root can change the uid */ 4358 syserr("mailfile: insufficient privileges to change uid"); 4359 exit(EX_TEMPFAIL); 4360 } 4361 } 4362 else if (bitset(S_ISUID, mode)) 4363 { 4364 RealUserName = NULL; 4365 RealUid = stb.st_uid; 4366 } 4367 else if (ctladdr != NULL && ctladdr->q_uid != 0) 4368 { 4369 if (ctladdr->q_ruser != NULL) 4370 RealUserName = ctladdr->q_ruser; 4371 else 4372 RealUserName = ctladdr->q_user; 4373 RealUid = ctladdr->q_uid; 4374 } 4375 else if (mailer != NULL && mailer->m_uid != 0) 4376 { 4377 RealUserName = DefUser; 4378 RealUid = mailer->m_uid; 4379 } 4380 else 4381 { 4382 RealUserName = DefUser; 4383 RealUid = DefUid; 4384 } 4385 4386 /* select a new group to run as */ 4387 if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) 4388 { 4389 RealGid = mailer->m_gid; 4390 if (RunAsUid != 0 && 4391 (RealGid != getgid() || 4392 RealGid != getegid())) 4393 { 4394 /* Only root can change the gid */ 4395 syserr("mailfile: insufficient privileges to change gid"); 4396 exit(EX_TEMPFAIL); 4397 } 4398 } 4399 else if (bitset(S_ISGID, mode)) 4400 RealGid = stb.st_gid; 4401 else if (ctladdr != NULL && ctladdr->q_uid != 0) 4402 RealGid = ctladdr->q_gid; 4403 else if (ctladdr != NULL && 4404 ctladdr->q_uid == DefUid && 4405 ctladdr->q_gid == 0) 4406 RealGid = DefGid; 4407 else if (mailer != NULL && mailer->m_gid != 0) 4408 RealGid = mailer->m_gid; 4409 else 4410 RealGid = DefGid; 4411 } 4412 4413 /* last ditch */ 4414 if (!bitset(SFF_ROOTOK, sfflags)) 4415 { 4416 if (RealUid == 0) 4417 RealUid = DefUid; 4418 if (RealGid == 0) 4419 RealGid = DefGid; 4420 } 4421 4422 /* set group id list (needs /etc/group access) */ 4423 if (RealUserName != NULL && !DontInitGroups) 4424 { 4425 if (initgroups(RealUserName, RealGid) == -1 && suidwarn) 4426 { 4427 syserr("mailfile: initgroups(%s, %d) failed", 4428 RealUserName, RealGid); 4429 exit(EX_TEMPFAIL); 4430 } 4431 } 4432 else 4433 { 4434 GIDSET_T gidset[1]; 4435 4436 gidset[0] = RealGid; 4437 if (setgroups(1, gidset) == -1 && suidwarn) 4438 { 4439 syserr("mailfile: setgroups() failed"); 4440 exit(EX_TEMPFAIL); 4441 } 4442 } 4443 4444 /* 4445 ** If you have a safe environment, go into it. 4446 */ 4447 4448 if (realfile != targetfile) 4449 { 4450 *realfile = '\0'; 4451 if (tTd(11, 20)) 4452 dprintf("mailfile: chroot %s\n", targetfile); 4453 if (chroot(targetfile) < 0) 4454 { 4455 syserr("mailfile: Cannot chroot(%s)", 4456 targetfile); 4457 exit(EX_CANTCREAT); 4458 } 4459 *realfile = '/'; 4460 } 4461 4462 if (tTd(11, 40)) 4463 dprintf("mailfile: deliver to %s\n", realfile); 4464 4465 if (chdir("/") < 0) 4466 { 4467 syserr("mailfile: cannot chdir(/)"); 4468 exit(EX_CANTCREAT); 4469 } 4470 4471 /* now reset the group and user ids */ 4472 endpwent(); 4473 if (setgid(RealGid) < 0 && suidwarn) 4474 { 4475 syserr("mailfile: setgid(%ld) failed", (long) RealGid); 4476 exit(EX_TEMPFAIL); 4477 } 4478 vendor_set_uid(RealUid); 4479 if (setuid(RealUid) < 0 && suidwarn) 4480 { 4481 syserr("mailfile: setuid(%ld) failed", (long) RealUid); 4482 exit(EX_TEMPFAIL); 4483 } 4484 4485 if (tTd(11, 2)) 4486 dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n", 4487 (int) getuid(), (int) geteuid(), 4488 (int) getgid(), (int) getegid()); 4489 4490 4491 /* move into some "safe" directory */ 4492 if (mailer->m_execdir != NULL) 4493 { 4494 char *q; 4495 4496 for (p = mailer->m_execdir; p != NULL; p = q) 4497 { 4498 q = strchr(p, ':'); 4499 if (q != NULL) 4500 *q = '\0'; 4501 expand(p, buf, sizeof buf, e); 4502 if (q != NULL) 4503 *q++ = ':'; 4504 if (tTd(11, 20)) 4505 dprintf("mailfile: trydir %s\n", buf); 4506 if (buf[0] != '\0' && chdir(buf) >= 0) 4507 break; 4508 } 4509 } 4510 4511 /* 4512 ** Recheck the file after we have assumed the ID of the 4513 ** delivery user to make sure we can deliver to it as 4514 ** that user. This is necessary if sendmail is running 4515 ** as root and the file is on an NFS mount which treats 4516 ** root as nobody. 4517 */ 4518 4519 #if HASLSTAT 4520 if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 4521 err = stat(realfile, &stb); 4522 else 4523 err = lstat(realfile, &stb); 4524 #else /* HASLSTAT */ 4525 err = stat(realfile, &stb); 4526 #endif /* HASLSTAT */ 4527 4528 if (err < 0) 4529 { 4530 stb.st_mode = ST_MODE_NOFILE; 4531 mode = FileMode; 4532 oflags |= O_CREAT|O_EXCL; 4533 } 4534 else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) || 4535 (!bitnset(DBS_FILEDELIVERYTOHARDLINK, 4536 DontBlameSendmail) && 4537 stb.st_nlink != 1) || 4538 (realfile != targetfile && !S_ISREG(mode))) 4539 exit(EX_CANTCREAT); 4540 else 4541 mode = stb.st_mode; 4542 4543 if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) 4544 sfflags |= SFF_NOSLINK; 4545 if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail)) 4546 sfflags |= SFF_NOHLINK; 4547 sfflags &= ~SFF_OPENASROOT; 4548 f = safefopen(realfile, oflags, mode, sfflags); 4549 if (f == NULL) 4550 { 4551 if (transienterror(errno)) 4552 { 4553 usrerr("454 4.3.0 cannot open %s: %s", 4554 shortenstring(realfile, MAXSHORTSTR), 4555 errstring(errno)); 4556 exit(EX_TEMPFAIL); 4557 } 4558 else 4559 { 4560 usrerr("554 5.3.0 cannot open %s: %s", 4561 shortenstring(realfile, MAXSHORTSTR), 4562 errstring(errno)); 4563 exit(EX_CANTCREAT); 4564 } 4565 } 4566 if (filechanged(realfile, fileno(f), &stb)) 4567 { 4568 syserr("554 5.3.0 file changed after open"); 4569 exit(EX_CANTCREAT); 4570 } 4571 if (fstat(fileno(f), &stb) < 0) 4572 { 4573 syserr("554 5.3.0 cannot fstat %s", errstring(errno)); 4574 exit(EX_CANTCREAT); 4575 } 4576 4577 curoff = stb.st_size; 4578 4579 if (ev != NULL) 4580 clrevent(ev); 4581 4582 memset(&mcibuf, '\0', sizeof mcibuf); 4583 mcibuf.mci_mailer = mailer; 4584 mcibuf.mci_out = f; 4585 if (bitnset(M_7BITS, mailer->m_flags)) 4586 mcibuf.mci_flags |= MCIF_7BIT; 4587 4588 /* clear out per-message flags from connection structure */ 4589 mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); 4590 4591 if (bitset(EF_HAS8BIT, e->e_flags) && 4592 !bitset(EF_DONT_MIME, e->e_flags) && 4593 bitnset(M_7BITS, mailer->m_flags)) 4594 mcibuf.mci_flags |= MCIF_CVT8TO7; 4595 4596 #if MIME7TO8 4597 if (bitnset(M_MAKE8BIT, mailer->m_flags) && 4598 !bitset(MCIF_7BIT, mcibuf.mci_flags) && 4599 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && 4600 (strcasecmp(p, "quoted-printable") == 0 || 4601 strcasecmp(p, "base64") == 0) && 4602 (p = hvalue("Content-Type", e->e_header)) != NULL) 4603 { 4604 /* may want to convert 7 -> 8 */ 4605 /* XXX should really parse it here -- and use a class XXX */ 4606 if (strncasecmp(p, "text/plain", 10) == 0 && 4607 (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) 4608 mcibuf.mci_flags |= MCIF_CVT7TO8; 4609 } 4610 #endif /* MIME7TO8 */ 4611 4612 putfromline(&mcibuf, e); 4613 (*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER); 4614 (*e->e_putbody)(&mcibuf, e, NULL); 4615 putline("\n", &mcibuf); 4616 if (fflush(f) < 0 || 4617 (SuperSafe && fsync(fileno(f)) < 0) || 4618 ferror(f)) 4619 { 4620 setstat(EX_IOERR); 4621 #if !NOFTRUNCATE 4622 (void) ftruncate(fileno(f), curoff); 4623 #endif /* !NOFTRUNCATE */ 4624 } 4625 4626 /* reset ISUID & ISGID bits for paranoid systems */ 4627 #if HASFCHMOD 4628 (void) fchmod(fileno(f), (MODE_T) mode); 4629 #else /* HASFCHMOD */ 4630 (void) chmod(filename, (MODE_T) mode); 4631 #endif /* HASFCHMOD */ 4632 if (fclose(f) < 0) 4633 setstat(EX_IOERR); 4634 (void) fflush(stdout); 4635 (void) setuid(RealUid); 4636 exit(ExitStat); 4637 /* NOTREACHED */ 4638 } 4639 else 4640 { 4641 /* parent -- wait for exit status */ 4642 int st; 4643 4644 st = waitfor(pid); 4645 if (st == -1) 4646 { 4647 syserr("mailfile: %s: wait", mailer->m_name); 4648 return EX_SOFTWARE; 4649 } 4650 if (WIFEXITED(st)) 4651 return (WEXITSTATUS(st)); 4652 else 4653 { 4654 syserr("mailfile: %s: child died on signal %d", 4655 mailer->m_name, st); 4656 return EX_UNAVAILABLE; 4657 } 4658 /* NOTREACHED */ 4659 } 4660 return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */ 4661 } 4662 4663 static void 4664 mailfiletimeout() 4665 { 4666 longjmp(CtxMailfileTimeout, 1); 4667 } 4668 /* 4669 ** HOSTSIGNATURE -- return the "signature" for a host. 4670 ** 4671 ** The signature describes how we are going to send this -- it 4672 ** can be just the hostname (for non-Internet hosts) or can be 4673 ** an ordered list of MX hosts. 4674 ** 4675 ** Parameters: 4676 ** m -- the mailer describing this host. 4677 ** host -- the host name. 4678 ** 4679 ** Returns: 4680 ** The signature for this host. 4681 ** 4682 ** Side Effects: 4683 ** Can tweak the symbol table. 4684 */ 4685 #define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */ 4686 4687 static char * 4688 hostsignature(m, host) 4689 register MAILER *m; 4690 char *host; 4691 { 4692 register char *p; 4693 register STAB *s; 4694 #if NAMED_BIND 4695 char sep = ':'; 4696 char prevsep = ':'; 4697 int i; 4698 int len; 4699 int nmx; 4700 int hl; 4701 char *hp; 4702 char *endp; 4703 int oldoptions = _res.options; 4704 char *mxhosts[MAXMXHOSTS + 1]; 4705 u_short mxprefs[MAXMXHOSTS + 1]; 4706 #endif /* NAMED_BIND */ 4707 4708 if (tTd(17, 3)) 4709 dprintf("hostsignature(%s)\n", host); 4710 4711 /* 4712 ** If local delivery, just return a constant. 4713 */ 4714 4715 if (bitnset(M_LOCALMAILER, m->m_flags)) 4716 return "localhost"; 4717 4718 /* 4719 ** Check to see if this uses IPC -- if not, it can't have MX records. 4720 */ 4721 4722 p = m->m_mailer; 4723 if (strcmp(p, "[IPC]") != 0 && 4724 strcmp(p, "[TCP]") != 0) 4725 { 4726 /* just an ordinary mailer */ 4727 return host; 4728 } 4729 #if NETUNIX 4730 else if (m->m_argv[0] != NULL && 4731 strcmp(m->m_argv[0], "FILE") == 0) 4732 { 4733 /* rendezvous in the file system, no MX records */ 4734 return host; 4735 } 4736 #endif /* NETUNIX */ 4737 4738 /* 4739 ** Look it up in the symbol table. 4740 */ 4741 4742 s = stab(host, ST_HOSTSIG, ST_ENTER); 4743 if (s->s_hostsig != NULL) 4744 { 4745 if (tTd(17, 3)) 4746 dprintf("hostsignature(): stab(%s) found %s\n", host, 4747 s->s_hostsig); 4748 return s->s_hostsig; 4749 } 4750 4751 /* 4752 ** Not already there -- create a signature. 4753 */ 4754 4755 #if NAMED_BIND 4756 if (ConfigLevel < 2) 4757 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 4758 4759 for (hp = host; hp != NULL; hp = endp) 4760 { 4761 #if NETINET6 4762 if (*hp == '[') 4763 { 4764 endp = strchr(hp + 1, ']'); 4765 if (endp != NULL) 4766 endp = strpbrk(endp + 1, ":,"); 4767 } 4768 else 4769 endp = strpbrk(hp, ":,"); 4770 #else /* NETINET6 */ 4771 endp = strpbrk(hp, ":,"); 4772 #endif /* NETINET6 */ 4773 if (endp != NULL) 4774 { 4775 sep = *endp; 4776 *endp = '\0'; 4777 } 4778 4779 if (bitnset(M_NOMX, m->m_flags)) 4780 { 4781 /* skip MX lookups */ 4782 nmx = 1; 4783 mxhosts[0] = hp; 4784 } 4785 else 4786 { 4787 auto int rcode; 4788 4789 nmx = getmxrr(hp, mxhosts, mxprefs, TRUE, &rcode); 4790 if (nmx <= 0) 4791 { 4792 register MCI *mci; 4793 4794 /* update the connection info for this host */ 4795 mci = mci_get(hp, m); 4796 mci->mci_errno = errno; 4797 mci->mci_herrno = h_errno; 4798 mci->mci_lastuse = curtime(); 4799 if (rcode == EX_NOHOST) 4800 mci_setstat(mci, rcode, "5.1.2", 4801 "550 Host unknown"); 4802 else 4803 mci_setstat(mci, rcode, NULL, NULL); 4804 4805 /* use the original host name as signature */ 4806 nmx = 1; 4807 mxhosts[0] = hp; 4808 } 4809 if (tTd(17, 3)) 4810 dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n", 4811 nmx, mxhosts[0]); 4812 } 4813 4814 len = 0; 4815 for (i = 0; i < nmx; i++) 4816 len += strlen(mxhosts[i]) + 1; 4817 if (s->s_hostsig != NULL) 4818 len += strlen(s->s_hostsig) + 1; 4819 if (len >= MAXHOSTSIGNATURE) 4820 { 4821 sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d", 4822 host, MAXHOSTSIGNATURE, len); 4823 len = MAXHOSTSIGNATURE; 4824 } 4825 p = xalloc(len); 4826 if (s->s_hostsig != NULL) 4827 { 4828 (void) strlcpy(p, s->s_hostsig, len); 4829 free(s->s_hostsig); 4830 s->s_hostsig = p; 4831 hl = strlen(p); 4832 p += hl; 4833 *p++ = prevsep; 4834 len -= hl + 1; 4835 } 4836 else 4837 s->s_hostsig = p; 4838 for (i = 0; i < nmx; i++) 4839 { 4840 hl = strlen(mxhosts[i]); 4841 if (len - 1 < hl || len <= 1) 4842 { 4843 /* force to drop out of outer loop */ 4844 len = -1; 4845 break; 4846 } 4847 if (i != 0) 4848 { 4849 if (mxprefs[i] == mxprefs[i - 1]) 4850 *p++ = ','; 4851 else 4852 *p++ = ':'; 4853 len--; 4854 } 4855 (void) strlcpy(p, mxhosts[i], len); 4856 p += hl; 4857 len -= hl; 4858 } 4859 4860 /* 4861 ** break out of loop if len exceeded MAXHOSTSIGNATURE 4862 ** because we won't have more space for further hosts 4863 ** anyway (separated by : in the .cf file). 4864 */ 4865 4866 if (len < 0) 4867 break; 4868 if (endp != NULL) 4869 *endp++ = sep; 4870 prevsep = sep; 4871 } 4872 makelower(s->s_hostsig); 4873 if (ConfigLevel < 2) 4874 _res.options = oldoptions; 4875 #else /* NAMED_BIND */ 4876 /* not using BIND -- the signature is just the host name */ 4877 s->s_hostsig = host; 4878 #endif /* NAMED_BIND */ 4879 if (tTd(17, 1)) 4880 dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig); 4881 return s->s_hostsig; 4882 } 4883 /* 4884 ** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array. 4885 ** 4886 ** The signature describes how we are going to send this -- it 4887 ** can be just the hostname (for non-Internet hosts) or can be 4888 ** an ordered list of MX hosts which must be randomized for equal 4889 ** MX preference values. 4890 ** 4891 ** Parameters: 4892 ** sig -- the host signature. 4893 ** mxhosts -- array to populate. 4894 ** 4895 ** Returns: 4896 ** The number of hosts inserted into mxhosts array. 4897 ** 4898 ** Side Effects: 4899 ** Randomizes equal MX preference hosts in mxhosts. 4900 */ 4901 4902 static int 4903 parse_hostsignature(sig, mxhosts, mailer) 4904 char *sig; 4905 char **mxhosts; 4906 MAILER *mailer; 4907 { 4908 int nmx = 0; 4909 int curpref = 0; 4910 int i, j; 4911 char *hp, *endp; 4912 u_short prefer[MAXMXHOSTS]; 4913 long rndm[MAXMXHOSTS]; 4914 4915 for (hp = sig; hp != NULL; hp = endp) 4916 { 4917 char sep = ':'; 4918 4919 #if NETINET6 4920 if (*hp == '[') 4921 { 4922 endp = strchr(hp + 1, ']'); 4923 if (endp != NULL) 4924 endp = strpbrk(endp + 1, ":,"); 4925 } 4926 else 4927 endp = strpbrk(hp, ":,"); 4928 #else /* NETINET6 */ 4929 endp = strpbrk(hp, ":,"); 4930 #endif /* NETINET6 */ 4931 if (endp != NULL) 4932 { 4933 sep = *endp; 4934 *endp = '\0'; 4935 } 4936 4937 mxhosts[nmx] = hp; 4938 prefer[nmx] = curpref; 4939 if (mci_match(hp, mailer)) 4940 rndm[nmx] = 0; 4941 else 4942 rndm[nmx] = get_random(); 4943 4944 if (endp != NULL) 4945 { 4946 /* 4947 ** Since we don't have the original MX prefs, 4948 ** make our own. If the separator is a ':', that 4949 ** means the preference for the next host will be 4950 ** higher than this one, so simply increment curpref. 4951 */ 4952 4953 if (sep == ':') 4954 curpref++; 4955 4956 *endp++ = sep; 4957 } 4958 if (++nmx >= MAXMXHOSTS) 4959 break; 4960 } 4961 4962 /* sort the records using the random factor for equal preferences */ 4963 for (i = 0; i < nmx; i++) 4964 { 4965 for (j = i + 1; j < nmx; j++) 4966 { 4967 /* 4968 ** List is already sorted by MX preference, only 4969 ** need to look for equal preference MX records 4970 */ 4971 4972 if (prefer[i] < prefer[j]) 4973 break; 4974 4975 if (prefer[i] > prefer[j] || 4976 (prefer[i] == prefer[j] && rndm[i] > rndm[j])) 4977 { 4978 register u_short tempp; 4979 register long tempr; 4980 register char *temp1; 4981 4982 tempp = prefer[i]; 4983 prefer[i] = prefer[j]; 4984 prefer[j] = tempp; 4985 temp1 = mxhosts[i]; 4986 mxhosts[i] = mxhosts[j]; 4987 mxhosts[j] = temp1; 4988 tempr = rndm[i]; 4989 rndm[i] = rndm[j]; 4990 rndm[j] = tempr; 4991 } 4992 } 4993 } 4994 return nmx; 4995 } 4996 4997 #if SMTP 4998 # if STARTTLS 4999 static SSL_CTX *clt_ctx = NULL; 5000 5001 /* 5002 ** INITCLTTLS -- initialize client side TLS 5003 ** 5004 ** Parameters: 5005 ** none. 5006 ** 5007 ** Returns: 5008 ** succeeded? 5009 */ 5010 5011 bool 5012 initclttls() 5013 { 5014 if (clt_ctx != NULL) 5015 return TRUE; /* already done */ 5016 return inittls(&clt_ctx, TLS_I_CLT, FALSE, CltCERTfile, Cltkeyfile, 5017 CACERTpath, CACERTfile, DHParams); 5018 } 5019 5020 /* 5021 ** STARTTLS -- try to start secure connection (client side) 5022 ** 5023 ** Parameters: 5024 ** m -- the mailer. 5025 ** mci -- the mailer connection info. 5026 ** e -- the envelope. 5027 ** 5028 ** Returns: 5029 ** success? 5030 ** (maybe this should be some other code than EX_ 5031 ** that denotes which stage failed.) 5032 */ 5033 5034 static int 5035 starttls(m, mci, e) 5036 MAILER *m; 5037 MCI *mci; 5038 ENVELOPE *e; 5039 { 5040 int smtpresult; 5041 int result = 0; 5042 int rfd, wfd; 5043 SSL *clt_ssl = NULL; 5044 5045 if (clt_ctx == NULL && !initclttls()) 5046 return EX_TEMPFAIL; 5047 smtpmessage("STARTTLS", m, mci); 5048 5049 /* get the reply */ 5050 smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, NULL, NULL); 5051 /* which timeout? XXX */ 5052 5053 /* check return code from server */ 5054 if (smtpresult == 454) 5055 return EX_TEMPFAIL; 5056 if (smtpresult == 501) 5057 return EX_USAGE; 5058 if (smtpresult == -1) 5059 return smtpresult; 5060 if (smtpresult != 220) 5061 return EX_PROTOCOL; 5062 5063 if (LogLevel > 13) 5064 sm_syslog(LOG_INFO, e->e_id, "TLS: start client"); 5065 5066 /* start connection */ 5067 if ((clt_ssl = SSL_new(clt_ctx)) == NULL) 5068 { 5069 if (LogLevel > 5) 5070 { 5071 sm_syslog(LOG_ERR, e->e_id, 5072 "TLS: error: client: SSL_new failed"); 5073 if (LogLevel > 9) 5074 tlslogerr(); 5075 } 5076 return EX_SOFTWARE; 5077 } 5078 5079 rfd = fileno(mci->mci_in); 5080 wfd = fileno(mci->mci_out); 5081 5082 /* SSL_clear(clt_ssl); ? */ 5083 if (rfd < 0 || wfd < 0 || 5084 (result = SSL_set_rfd(clt_ssl, rfd)) <= 0 || 5085 (result = SSL_set_wfd(clt_ssl, wfd)) <= 0) 5086 { 5087 if (LogLevel > 5) 5088 { 5089 sm_syslog(LOG_ERR, e->e_id, 5090 "TLS: error: SSL_set_xfd failed=%d", result); 5091 if (LogLevel > 9) 5092 tlslogerr(); 5093 } 5094 return EX_SOFTWARE; 5095 } 5096 SSL_set_connect_state(clt_ssl); 5097 if ((result = SSL_connect(clt_ssl)) <= 0) 5098 { 5099 int i; 5100 5101 /* what to do in this case? */ 5102 i = SSL_get_error(clt_ssl, result); 5103 if (LogLevel > 5) 5104 { 5105 sm_syslog(LOG_ERR, e->e_id, 5106 "TLS: error: SSL_connect failed=%d (%d)", 5107 result, i); 5108 if (LogLevel > 9) 5109 tlslogerr(); 5110 } 5111 SSL_free(clt_ssl); 5112 clt_ssl = NULL; 5113 return EX_SOFTWARE; 5114 } 5115 mci->mci_ssl = clt_ssl; 5116 result = tls_get_info(clt_ssl, e, FALSE, mci->mci_host); 5117 5118 /* switch to use SSL... */ 5119 #if SFIO 5120 if (sfdctls(mci->mci_in, mci->mci_out, mci->mci_ssl) == 0) 5121 return EX_OK; 5122 #else /* SFIO */ 5123 # if _FFR_TLS_TOREK 5124 if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0) 5125 return EX_OK; 5126 # endif /* _FFR_TLS_TOREK */ 5127 #endif /* SFIO */ 5128 5129 /* failure */ 5130 SSL_free(clt_ssl); 5131 clt_ssl = NULL; 5132 return EX_SOFTWARE; 5133 } 5134 5135 /* 5136 ** ENDTLSCLT -- shutdown secure connection (client side) 5137 ** 5138 ** Parameters: 5139 ** mci -- the mailer connection info. 5140 ** 5141 ** Returns: 5142 ** success? 5143 */ 5144 int 5145 endtlsclt(mci) 5146 MCI *mci; 5147 { 5148 int r; 5149 5150 if (!bitset(MCIF_TLSACT, mci->mci_flags)) 5151 return EX_OK; 5152 r = endtls(mci->mci_ssl, "client"); 5153 mci->mci_flags &= ~MCIF_TLSACT; 5154 return r; 5155 } 5156 /* 5157 ** ENDTLS -- shutdown secure connection 5158 ** 5159 ** Parameters: 5160 ** ssl -- SSL connection information. 5161 ** side -- srv/clt (for logging). 5162 ** 5163 ** Returns: 5164 ** success? 5165 */ 5166 5167 int 5168 endtls(ssl, side) 5169 SSL *ssl; 5170 char *side; 5171 { 5172 if (ssl != NULL) 5173 { 5174 int r; 5175 5176 if ((r = SSL_shutdown(ssl)) < 0) 5177 { 5178 if (LogLevel > 11) 5179 sm_syslog(LOG_WARNING, NOQID, 5180 "SSL_shutdown %s failed: %d", 5181 side, r); 5182 return EX_SOFTWARE; 5183 } 5184 else if (r == 0) 5185 { 5186 if (LogLevel > 13) 5187 sm_syslog(LOG_WARNING, NOQID, 5188 "SSL_shutdown %s not done", 5189 side); 5190 return EX_SOFTWARE; 5191 } 5192 SSL_free(ssl); 5193 ssl = NULL; 5194 } 5195 return EX_OK; 5196 } 5197 # endif /* STARTTLS */ 5198 #endif /* SMTP */ 5199