1 /*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 static char copyright[] = 10 "@(#) Copyright (c) 1990, 1993, 1994\n\ 11 The Regents of the University of California. All rights reserved.\n"; 12 #endif /* not lint */ 13 14 #ifndef lint 15 static char sccsid[] = "@(#)mail.local.c 8.15 (Berkeley) 01/18/95"; 16 #endif /* not lint */ 17 18 #include <sys/param.h> 19 #include <sys/stat.h> 20 #include <sys/socket.h> 21 22 #include <netinet/in.h> 23 24 #include <errno.h> 25 #include <fcntl.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <sysexits.h> 32 #include <syslog.h> 33 #include <time.h> 34 #include <unistd.h> 35 36 #if __STDC__ 37 #include <stdarg.h> 38 #else 39 #include <varargs.h> 40 #endif 41 42 #ifndef LOCK_EX 43 # include <sys/file.h> 44 #endif 45 46 #ifdef BSD4_4 47 # include "pathnames.h" 48 #endif 49 50 #ifndef __P 51 # ifdef __STDC__ 52 # define __P(protos) protos 53 # else 54 # define __P(protos) () 55 # define const 56 # endif 57 #endif 58 #ifndef __dead 59 # if defined(__GNUC__) && (__GNUC__ < 2 || __GNUC_MINOR__ < 5) && !defined(__STRICT_ANSI__) 60 # define __dead __volatile 61 # else 62 # define __dead 63 # endif 64 #endif 65 66 #ifndef BSD4_4 67 # define _BSD_VA_LIST_ va_list 68 extern char *strerror __P((int)); 69 #endif 70 71 #ifndef _PATH_LOCTMP 72 # define _PATH_LOCTMP "/tmp/local.XXXXXX" 73 #endif 74 #ifndef _PATH_MAILDIR 75 # define _PATH_MAILDIR "/var/spool/mail" 76 #endif 77 78 #ifndef S_ISREG 79 # define S_ISREG(mode) (((mode) & _S_IFMT) == S_IFREG) 80 #endif 81 82 int eval = EX_OK; /* sysexits.h error value. */ 83 84 void deliver __P((int, char *)); 85 void e_to_sys __P((int)); 86 __dead void err __P((const char *, ...)); 87 void notifybiff __P((char *)); 88 int store __P((char *)); 89 void usage __P((void)); 90 void vwarn __P((const char *, _BSD_VA_LIST_)); 91 void warn __P((const char *, ...)); 92 93 int 94 main(argc, argv) 95 int argc; 96 char *argv[]; 97 { 98 struct passwd *pw; 99 int ch, fd; 100 uid_t uid; 101 char *from; 102 extern char *optarg; 103 extern int optind; 104 105 /* make sure we have some open file descriptors */ 106 for (fd = 10; fd < 30; fd++) 107 (void) close(fd); 108 109 /* use a reasonable umask */ 110 (void) umask(0077) 111 112 #ifdef LOG_MAIL 113 openlog("mail.local", 0, LOG_MAIL); 114 #else 115 openlog("mail.local", 0); 116 #endif 117 118 from = NULL; 119 while ((ch = getopt(argc, argv, "df:r:")) != EOF) 120 switch(ch) { 121 case 'd': /* Backward compatible. */ 122 break; 123 case 'f': 124 case 'r': /* Backward compatible. */ 125 if (from != NULL) { 126 warn("multiple -f options"); 127 usage(); 128 } 129 from = optarg; 130 break; 131 case '?': 132 default: 133 usage(); 134 } 135 argc -= optind; 136 argv += optind; 137 138 if (!*argv) 139 usage(); 140 141 /* 142 * If from not specified, use the name from getlogin() if the 143 * uid matches, otherwise, use the name from the password file 144 * corresponding to the uid. 145 */ 146 uid = getuid(); 147 if (!from && (!(from = getlogin()) || 148 !(pw = getpwnam(from)) || pw->pw_uid != uid)) 149 from = (pw = getpwuid(uid)) ? pw->pw_name : "???"; 150 151 /* 152 * There is no way to distinguish the error status of one delivery 153 * from the rest of the deliveries. So, if we failed hard on one 154 * or more deliveries, but had no failures on any of the others, we 155 * return a hard failure. If we failed temporarily on one or more 156 * deliveries, we return a temporary failure regardless of the other 157 * failures. This results in the delivery being reattempted later 158 * at the expense of repeated failures and multiple deliveries. 159 */ 160 for (fd = store(from); *argv; ++argv) 161 deliver(fd, *argv); 162 exit(eval); 163 } 164 165 int 166 store(from) 167 char *from; 168 { 169 FILE *fp; 170 time_t tval; 171 int fd, eline; 172 char line[2048]; 173 char tmpbuf[sizeof _PATH_LOCTMP + 1]; 174 175 strcpy(tmpbuf, _PATH_LOCTMP); 176 if ((fd = mkstemp(tmpbuf)) == -1 || (fp = fdopen(fd, "w+")) == NULL) { 177 e_to_sys(errno); 178 err("unable to open temporary file"); 179 } 180 (void)unlink(tmpbuf); 181 182 (void)time(&tval); 183 (void)fprintf(fp, "From %s %s", from, ctime(&tval)); 184 185 line[0] = '\0'; 186 for (eline = 1; fgets(line, sizeof(line), stdin);) { 187 if (line[0] == '\n') 188 eline = 1; 189 else { 190 if (eline && line[0] == 'F' && 191 !memcmp(line, "From ", 5)) 192 (void)putc('>', fp); 193 eline = 0; 194 } 195 (void)fprintf(fp, "%s", line); 196 if (ferror(fp)) { 197 e_to_sys(errno); 198 err("temporary file write error"); 199 } 200 } 201 202 /* If message not newline terminated, need an extra. */ 203 if (!strchr(line, '\n')) 204 (void)putc('\n', fp); 205 /* Output a newline; note, empty messages are allowed. */ 206 (void)putc('\n', fp); 207 208 if (fflush(fp) == EOF || ferror(fp)) { 209 e_to_sys(errno); 210 err("temporary file write error"); 211 } 212 return (fd); 213 } 214 215 void 216 deliver(fd, name) 217 int fd; 218 char *name; 219 { 220 struct stat fsb, sb; 221 struct passwd *pw; 222 int mbfd, nr, nw, off; 223 char biffmsg[100], buf[8*1024], path[MAXPATHLEN]; 224 off_t curoff; 225 226 /* 227 * Disallow delivery to unknown names -- special mailboxes can be 228 * handled in the sendmail aliases file. 229 */ 230 if (!(pw = getpwnam(name))) { 231 if (eval != EX_TEMPFAIL) 232 eval = EX_UNAVAILABLE; 233 warn("unknown name: %s", name); 234 return; 235 } 236 237 (void)snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name); 238 239 /* 240 * If the mailbox is linked or a symlink, fail. There's an obvious 241 * race here, that the file was replaced with a symbolic link after 242 * the lstat returned, but before the open. We attempt to detect 243 * this by comparing the original stat information and information 244 * returned by an fstat of the file descriptor returned by the open. 245 * 246 * NB: this is a symptom of a larger problem, that the mail spooling 247 * directory is writeable by the wrong users. If that directory is 248 * writeable, system security is compromised for other reasons, and 249 * it cannot be fixed here. 250 * 251 * If we created the mailbox, set the owner/group. If that fails, 252 * just return. Another process may have already opened it, so we 253 * can't unlink it. Historically, binmail set the owner/group at 254 * each mail delivery. We no longer do this, assuming that if the 255 * ownership or permissions were changed there was a reason. 256 * 257 * XXX 258 * open(2) should support flock'ing the file. 259 */ 260 tryagain: 261 lockmbox(path); 262 if (lstat(path, &sb)) { 263 mbfd = open(path, 264 O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); 265 if (mbfd == -1) { 266 if (errno == EEXIST) 267 goto tryagain; 268 } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { 269 e_to_sys(errno); 270 warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); 271 unlockmbox(); 272 return; 273 } 274 } else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode)) { 275 e_to_sys(errno); 276 warn("%s: irregular file", path); 277 unlockmbox(); 278 return; 279 } else if (sb.st_uid != pw->pw_uid) { 280 warn("%s: wrong ownership (%d)", path, sb.st_uid); 281 unlockmbox(); 282 return; 283 } else { 284 mbfd = open(path, O_APPEND|O_WRONLY, 0); 285 if (mbfd != -1 && 286 (fstat(mbfd, &fsb) || fsb.st_nlink != 1 || 287 !S_ISREG(fsb.st_mode) || sb.st_dev != fsb.st_dev || 288 sb.st_ino != fsb.st_ino || sb.st_uid != fsb.st_uid)) { 289 warn("%s: file changed after open", path); 290 (void)close(mbfd); 291 unlockmbox(); 292 return; 293 } 294 } 295 296 if (mbfd == -1) { 297 e_to_sys(errno); 298 warn("%s: %s", path, strerror(errno)); 299 unlockmbox(); 300 return; 301 } 302 303 /* Wait until we can get a lock on the file. */ 304 if (flock(mbfd, LOCK_EX)) { 305 e_to_sys(errno); 306 warn("%s: %s", path, strerror(errno)); 307 unlockmbox(); 308 goto err1; 309 } 310 311 /* Get the starting offset of the new message for biff. */ 312 curoff = lseek(mbfd, (off_t)0, SEEK_END); 313 (void)snprintf(biffmsg, sizeof(biffmsg), 314 sizeof curoff > sizeof(long) ? "%s@%qd\n" : "%s@%ld\n", 315 name, curoff); 316 317 /* Copy the message into the file. */ 318 if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) { 319 e_to_sys(errno); 320 warn("temporary file: %s", strerror(errno)); 321 goto err1; 322 } 323 while ((nr = read(fd, buf, sizeof(buf))) > 0) 324 for (off = 0; off < nr; nr -= nw, off += nw) 325 if ((nw = write(mbfd, buf + off, nr)) < 0) { 326 e_to_sys(errno); 327 warn("%s: %s", path, strerror(errno)); 328 goto err2;; 329 } 330 if (nr < 0) { 331 e_to_sys(errno); 332 warn("temporary file: %s", strerror(errno)); 333 goto err2;; 334 } 335 336 /* Flush to disk, don't wait for update. */ 337 if (fsync(mbfd)) { 338 e_to_sys(errno); 339 warn("%s: %s", path, strerror(errno)); 340 err2: (void)ftruncate(mbfd, curoff); 341 err1: (void)close(mbfd); 342 unlockmbox(); 343 return; 344 } 345 346 /* Close and check -- NFS doesn't write until the close. */ 347 if (close(mbfd)) { 348 e_to_sys(errno); 349 warn("%s: %s", path, strerror(errno)); 350 unlockmbox(); 351 return; 352 } 353 354 unlockmbox(); 355 notifybiff(biffmsg); 356 } 357 358 /* 359 * user.lock files are necessary for compatibility with other 360 * systems, e.g., when the mail spool file is NFS exported. 361 * Alas, mailbox locking is more than just a local matter. 362 * EPA 11/94. 363 */ 364 365 char lockname[50]; 366 int locked = 0; 367 368 lockmbox(path) 369 char *path; 370 { 371 int statfailed = 0; 372 373 if (locked) 374 return; 375 sprintf(lockname, "%s.lock", path); 376 for (;; sleep(5)) { 377 int fd; 378 struct stat st; 379 time_t now; 380 381 fd = open(lockname, O_WRONLY|O_EXCL|O_CREAT, 0); 382 if (fd >= 0) { 383 locked = 1; 384 close(fd); 385 return; 386 } 387 if (stat(lockname, &st) < 0) { 388 if (statfailed++ > 5) 389 return; 390 continue; 391 } 392 statfailed = 0; 393 time(&now); 394 if (now < st.st_ctime + 300) 395 continue; 396 unlink(lockname); 397 } 398 } 399 400 unlockmbox() 401 { 402 if (!locked) 403 return; 404 unlink(lockname); 405 locked = 0; 406 } 407 408 void 409 notifybiff(msg) 410 char *msg; 411 { 412 static struct sockaddr_in addr; 413 static int f = -1; 414 struct hostent *hp; 415 struct servent *sp; 416 int len; 417 418 if (!addr.sin_family) { 419 /* Be silent if biff service not available. */ 420 if (!(sp = getservbyname("biff", "udp"))) 421 return; 422 if (!(hp = gethostbyname("localhost"))) { 423 warn("localhost: %s", strerror(errno)); 424 return; 425 } 426 addr.sin_family = hp->h_addrtype; 427 memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); 428 addr.sin_port = sp->s_port; 429 } 430 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { 431 warn("socket: %s", strerror(errno)); 432 return; 433 } 434 len = strlen(msg) + 1; 435 if (sendto(f, msg, len, 0, (struct sockaddr *)&addr, sizeof(addr)) 436 != len) 437 warn("sendto biff: %s", strerror(errno)); 438 } 439 440 void 441 usage() 442 { 443 eval = EX_USAGE; 444 err("usage: mail.local [-f from] user ..."); 445 } 446 447 #if __STDC__ 448 void 449 err(const char *fmt, ...) 450 #else 451 void 452 err(fmt, va_alist) 453 const char *fmt; 454 va_dcl 455 #endif 456 { 457 va_list ap; 458 459 #if __STDC__ 460 va_start(ap, fmt); 461 #else 462 va_start(ap); 463 #endif 464 vwarn(fmt, ap); 465 va_end(ap); 466 467 exit(eval); 468 } 469 470 void 471 #if __STDC__ 472 warn(const char *fmt, ...) 473 #else 474 warn(fmt, va_alist) 475 const char *fmt; 476 va_dcl 477 #endif 478 { 479 va_list ap; 480 481 #if __STDC__ 482 va_start(ap, fmt); 483 #else 484 va_start(ap); 485 #endif 486 vwarn(fmt, ap); 487 va_end(ap); 488 } 489 490 void 491 vwarn(fmt, ap) 492 const char *fmt; 493 _BSD_VA_LIST_ ap; 494 { 495 /* 496 * Log the message to stderr. 497 * 498 * Don't use LOG_PERROR as an openlog() flag to do this, 499 * it's not portable enough. 500 */ 501 if (eval != EX_USAGE) 502 (void)fprintf(stderr, "mail.local: "); 503 (void)vfprintf(stderr, fmt, ap); 504 (void)fprintf(stderr, "\n"); 505 506 #ifndef ultrix 507 /* Log the message to syslog. */ 508 vsyslog(LOG_ERR, fmt, ap); 509 #else 510 { 511 char fmtbuf[10240]; 512 513 (void) sprintf(fmtbuf, fmt, ap); 514 syslog(LOG_ERR, "%s", fmtbuf); 515 } 516 #endif 517 } 518 519 /* 520 * e_to_sys -- 521 * Guess which errno's are temporary. Gag me. 522 */ 523 void 524 e_to_sys(num) 525 int num; 526 { 527 /* Temporary failures override hard errors. */ 528 if (eval == EX_TEMPFAIL) 529 return; 530 531 switch(num) { /* Hopefully temporary errors. */ 532 #ifdef EAGAIN 533 case EAGAIN: /* Resource temporarily unavailable */ 534 #endif 535 #ifdef EDQUOT 536 case EDQUOT: /* Disc quota exceeded */ 537 #endif 538 #ifdef EBUSY 539 case EBUSY: /* Device busy */ 540 #endif 541 #ifdef EPROCLIM 542 case EPROCLIM: /* Too many processes */ 543 #endif 544 #ifdef EUSERS 545 case EUSERS: /* Too many users */ 546 #endif 547 #ifdef ECONNABORTED 548 case ECONNABORTED: /* Software caused connection abort */ 549 #endif 550 #ifdef ECONNREFUSED 551 case ECONNREFUSED: /* Connection refused */ 552 #endif 553 #ifdef ECONNRESET 554 case ECONNRESET: /* Connection reset by peer */ 555 #endif 556 #ifdef EDEADLK 557 case EDEADLK: /* Resource deadlock avoided */ 558 #endif 559 #ifdef EFBIG 560 case EFBIG: /* File too large */ 561 #endif 562 #ifdef EHOSTDOWN 563 case EHOSTDOWN: /* Host is down */ 564 #endif 565 #ifdef EHOSTUNREACH 566 case EHOSTUNREACH: /* No route to host */ 567 #endif 568 #ifdef EMFILE 569 case EMFILE: /* Too many open files */ 570 #endif 571 #ifdef ENETDOWN 572 case ENETDOWN: /* Network is down */ 573 #endif 574 #ifdef ENETRESET 575 case ENETRESET: /* Network dropped connection on reset */ 576 #endif 577 #ifdef ENETUNREACH 578 case ENETUNREACH: /* Network is unreachable */ 579 #endif 580 #ifdef ENFILE 581 case ENFILE: /* Too many open files in system */ 582 #endif 583 #ifdef ENOBUFS 584 case ENOBUFS: /* No buffer space available */ 585 #endif 586 #ifdef ENOMEM 587 case ENOMEM: /* Cannot allocate memory */ 588 #endif 589 #ifdef ENOSPC 590 case ENOSPC: /* No space left on device */ 591 #endif 592 #ifdef EROFS 593 case EROFS: /* Read-only file system */ 594 #endif 595 #ifdef ESTALE 596 case ESTALE: /* Stale NFS file handle */ 597 #endif 598 #ifdef ETIMEDOUT 599 case ETIMEDOUT: /* Connection timed out */ 600 #endif 601 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK 602 case EWOULDBLOCK: /* Operation would block. */ 603 #endif 604 eval = EX_TEMPFAIL; 605 break; 606 default: 607 eval = EX_UNAVAILABLE; 608 break; 609 } 610 } 611 612 #ifndef BSD4_4 613 614 char * 615 strerror(eno) 616 int eno; 617 { 618 extern int sys_nerr; 619 extern char *sys_errlist[]; 620 static char ebuf[60]; 621 622 if (eno >= 0 && eno <= sys_nerr) 623 return sys_errlist[eno]; 624 (void) sprintf(ebuf, "Error %d", eno); 625 return ebuf; 626 } 627 628 #if __STDC__ 629 snprintf(char *buf, int bufsiz, const char *fmt, ...) 630 #else 631 snprintf(buf, bufsiz, fmt, va_alist) 632 char *buf; 633 int bufsiz; 634 const char *fmt; 635 va_dcl 636 #endif 637 { 638 va_list ap; 639 640 #if __STDC__ 641 va_start(ap, fmt); 642 #else 643 va_start(ap); 644 #endif 645 vsprintf(buf, fmt, ap); 646 va_end(ap); 647 } 648 649 #endif 650 651 #ifdef ultrix 652 653 /* 654 * Copyright (c) 1987, 1993 655 * The Regents of the University of California. All rights reserved. 656 * 657 * Redistribution and use in source and binary forms, with or without 658 * modification, are permitted provided that the following conditions 659 * are met: 660 * 1. Redistributions of source code must retain the above copyright 661 * notice, this list of conditions and the following disclaimer. 662 * 2. Redistributions in binary form must reproduce the above copyright 663 * notice, this list of conditions and the following disclaimer in the 664 * documentation and/or other materials provided with the distribution. 665 * 3. All advertising materials mentioning features or use of this software 666 * must display the following acknowledgement: 667 * This product includes software developed by the University of 668 * California, Berkeley and its contributors. 669 * 4. Neither the name of the University nor the names of its contributors 670 * may be used to endorse or promote products derived from this software 671 * without specific prior written permission. 672 * 673 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 674 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 675 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 676 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 677 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 678 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 679 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 680 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 681 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 682 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 683 * SUCH DAMAGE. 684 */ 685 686 #if defined(LIBC_SCCS) && !defined(lint) 687 static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; 688 #endif /* LIBC_SCCS and not lint */ 689 690 #include <sys/types.h> 691 #include <sys/stat.h> 692 #include <fcntl.h> 693 #include <errno.h> 694 #include <stdio.h> 695 #include <ctype.h> 696 697 static int _gettemp(); 698 699 mkstemp(path) 700 char *path; 701 { 702 int fd; 703 704 return (_gettemp(path, &fd) ? fd : -1); 705 } 706 707 /* 708 char * 709 mktemp(path) 710 char *path; 711 { 712 return(_gettemp(path, (int *)NULL) ? path : (char *)NULL); 713 } 714 */ 715 716 static 717 _gettemp(path, doopen) 718 char *path; 719 register int *doopen; 720 { 721 extern int errno; 722 register char *start, *trv; 723 struct stat sbuf; 724 u_int pid; 725 726 pid = getpid(); 727 for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ 728 while (*--trv == 'X') { 729 *trv = (pid % 10) + '0'; 730 pid /= 10; 731 } 732 733 /* 734 * check the target directory; if you have six X's and it 735 * doesn't exist this runs for a *very* long time. 736 */ 737 for (start = trv + 1;; --trv) { 738 if (trv <= path) 739 break; 740 if (*trv == '/') { 741 *trv = '\0'; 742 if (stat(path, &sbuf)) 743 return(0); 744 if (!S_ISDIR(sbuf.st_mode)) { 745 errno = ENOTDIR; 746 return(0); 747 } 748 *trv = '/'; 749 break; 750 } 751 } 752 753 for (;;) { 754 if (doopen) { 755 if ((*doopen = 756 open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) 757 return(1); 758 if (errno != EEXIST) 759 return(0); 760 } 761 else if (stat(path, &sbuf)) 762 return(errno == ENOENT ? 1 : 0); 763 764 /* tricky little algorithm for backward compatibility */ 765 for (trv = start;;) { 766 if (!*trv) 767 return(0); 768 if (*trv == 'z') 769 *trv++ = 'a'; 770 else { 771 if (isdigit(*trv)) 772 *trv = 'a'; 773 else 774 ++*trv; 775 break; 776 } 777 } 778 } 779 /*NOTREACHED*/ 780 } 781 782 #endif 783