125a99e2eSeric # include <signal.h> 254aa2b0fSeric # include <errno.h> 3f129ec7dSeric # include <sys/types.h> 4f129ec7dSeric # include <sys/stat.h> 5b20b3270Seric # include "sendmail.h" 625a99e2eSeric # ifdef LOG 7e374fd72Seric # include <syslog.h> 825a99e2eSeric # endif LOG 925a99e2eSeric 10*e36b99e2Seric static char SccsId[] = "@(#)deliver.c 3.42 09/20/81"; 11259cace7Seric 1225a99e2eSeric /* 1313bbc08cSeric ** DELIVER -- Deliver a message to a list of addresses. 1413bbc08cSeric ** 1513bbc08cSeric ** This routine delivers to everyone on the same host as the 1613bbc08cSeric ** user on the head of the list. It is clever about mailers 1713bbc08cSeric ** that don't handle multiple users. It is NOT guaranteed 1813bbc08cSeric ** that it will deliver to all these addresses however -- so 1913bbc08cSeric ** deliver should be called once for each address on the 2013bbc08cSeric ** list. 2125a99e2eSeric ** 2225a99e2eSeric ** Parameters: 2313bbc08cSeric ** to -- head of the address list to deliver to. 2425a99e2eSeric ** editfcn -- if non-NULL, we want to call this function 2525a99e2eSeric ** to output the letter (instead of just out- 2625a99e2eSeric ** putting it raw). 2725a99e2eSeric ** 2825a99e2eSeric ** Returns: 2925a99e2eSeric ** zero -- successfully delivered. 3025a99e2eSeric ** else -- some failure, see ExitStat for more info. 3125a99e2eSeric ** 3225a99e2eSeric ** Side Effects: 3325a99e2eSeric ** The standard input is passed off to someone. 3425a99e2eSeric */ 3525a99e2eSeric 3625a99e2eSeric deliver(to, editfcn) 372a6e0786Seric ADDRESS *to; 3825a99e2eSeric int (*editfcn)(); 3925a99e2eSeric { 4025a99e2eSeric char *host; 4125a99e2eSeric char *user; 4225a99e2eSeric char **pvp; 435dfc646bSeric register char **mvp; 4425a99e2eSeric register char *p; 455dfc646bSeric register struct mailer *m; 465dfc646bSeric register int i; 476328bdf7Seric extern putmessage(); 482a6e0786Seric extern bool checkcompat(); 495dfc646bSeric char *pv[MAXPV+1]; 505dfc646bSeric char tobuf[MAXLINE]; 515dfc646bSeric char buf[MAXNAME]; 526259796dSeric ADDRESS *ctladdr; 536259796dSeric extern ADDRESS *getctladdr(); 5425a99e2eSeric 5506ca012aSeric if (!ForceMail && bitset(QDONTSEND, to->q_flags)) 565dfc646bSeric return (0); 5725a99e2eSeric 5825a99e2eSeric # ifdef DEBUG 5925a99e2eSeric if (Debug) 605dfc646bSeric printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n", 615dfc646bSeric to->q_mailer, to->q_host, to->q_user); 6225a99e2eSeric # endif DEBUG 6325a99e2eSeric 6425a99e2eSeric /* 655dfc646bSeric ** Do initial argv setup. 665dfc646bSeric ** Insert the mailer name. Notice that $x expansion is 675dfc646bSeric ** NOT done on the mailer name. Then, if the mailer has 685dfc646bSeric ** a picky -f flag, we insert it as appropriate. This 695dfc646bSeric ** code does not check for 'pv' overflow; this places a 705dfc646bSeric ** manifest lower limit of 4 for MAXPV. 715dfc646bSeric */ 725dfc646bSeric 735dfc646bSeric m = Mailer[to->q_mailer]; 745dfc646bSeric host = to->q_host; 755dfc646bSeric define('g', m->m_from); /* translated from address */ 765dfc646bSeric define('h', host); /* to host */ 775dfc646bSeric Errors = 0; 785dfc646bSeric errno = 0; 795dfc646bSeric pvp = pv; 805dfc646bSeric *pvp++ = m->m_argv[0]; 815dfc646bSeric 825dfc646bSeric /* insert -f or -r flag as appropriate */ 835dfc646bSeric if (bitset(M_FOPT|M_ROPT, m->m_flags) && FromFlag) 845dfc646bSeric { 855dfc646bSeric if (bitset(M_FOPT, m->m_flags)) 865dfc646bSeric *pvp++ = "-f"; 875dfc646bSeric else 885dfc646bSeric *pvp++ = "-r"; 89db8841e9Seric (void) expand("$g", buf, &buf[sizeof buf - 1]); 905dfc646bSeric *pvp++ = newstr(buf); 915dfc646bSeric } 925dfc646bSeric 935dfc646bSeric /* 945dfc646bSeric ** Append the other fixed parts of the argv. These run 955dfc646bSeric ** up to the first entry containing "$u". There can only 965dfc646bSeric ** be one of these, and there are only a few more slots 975dfc646bSeric ** in the pv after it. 985dfc646bSeric */ 995dfc646bSeric 1005dfc646bSeric for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 1015dfc646bSeric { 1025dfc646bSeric while ((p = index(p, '$')) != NULL) 1035dfc646bSeric if (*++p == 'u') 1045dfc646bSeric break; 1055dfc646bSeric if (p != NULL) 1065dfc646bSeric break; 1075dfc646bSeric 1085dfc646bSeric /* this entry is safe -- go ahead and process it */ 109db8841e9Seric (void) expand(*mvp, buf, &buf[sizeof buf - 1]); 1105dfc646bSeric *pvp++ = newstr(buf); 1115dfc646bSeric if (pvp >= &pv[MAXPV - 3]) 1125dfc646bSeric { 1135dfc646bSeric syserr("Too many parameters to %s before $u", pv[0]); 1145dfc646bSeric return (-1); 1155dfc646bSeric } 1165dfc646bSeric } 1175dfc646bSeric if (*mvp == NULL) 1185dfc646bSeric syserr("No $u in mailer argv for %s", pv[0]); 1195dfc646bSeric 1205dfc646bSeric /* 1215dfc646bSeric ** At this point *mvp points to the argument with $u. We 1225dfc646bSeric ** run through our address list and append all the addresses 1235dfc646bSeric ** we can. If we run out of space, do not fret! We can 1245dfc646bSeric ** always send another copy later. 1255dfc646bSeric */ 1265dfc646bSeric 1275dfc646bSeric tobuf[0] = '\0'; 1285dfc646bSeric To = tobuf; 1296259796dSeric ctladdr = NULL; 1305dfc646bSeric for (; to != NULL; to = to->q_next) 1315dfc646bSeric { 1325dfc646bSeric /* avoid sending multiple recipients to dumb mailers */ 133bea22b26Seric if (tobuf[0] != '\0' && !bitset(M_MUSER, m->m_flags)) 1345dfc646bSeric break; 1355dfc646bSeric 1365dfc646bSeric /* if already sent or not for this host, don't send */ 13706ca012aSeric if ((!ForceMail && bitset(QDONTSEND, to->q_flags)) || 13806ca012aSeric strcmp(to->q_host, host) != 0) 1395dfc646bSeric continue; 1406259796dSeric 1416259796dSeric /* compute effective uid/gid when sending */ 1426259796dSeric if (to->q_mailer == MN_PROG) 1436259796dSeric ctladdr = getctladdr(to); 1446259796dSeric 1455dfc646bSeric user = to->q_user; 1465dfc646bSeric To = to->q_paddr; 1475dfc646bSeric to->q_flags |= QDONTSEND; 1485dfc646bSeric # ifdef DEBUG 1495dfc646bSeric if (Debug) 1505dfc646bSeric printf(" send to `%s'\n", user); 1515dfc646bSeric # endif DEBUG 1525dfc646bSeric 1535dfc646bSeric /* 1545dfc646bSeric ** Check to see that these people are allowed to 1555dfc646bSeric ** talk to each other. 1562a6e0786Seric */ 1572a6e0786Seric 1582a6e0786Seric if (!checkcompat(to)) 1595dfc646bSeric { 1605dfc646bSeric giveresponse(EX_UNAVAILABLE, TRUE, m); 1615dfc646bSeric continue; 1625dfc646bSeric } 1632a6e0786Seric 1642a6e0786Seric /* 1659ec9501bSeric ** Strip quote bits from names if the mailer is dumb 1669ec9501bSeric ** about them. 16725a99e2eSeric */ 16825a99e2eSeric 1692a6e0786Seric if (bitset(M_STRIPQ, m->m_flags)) 17025a99e2eSeric { 1719ec9501bSeric stripquotes(user, TRUE); 1729ec9501bSeric stripquotes(host, TRUE); 1739ec9501bSeric } 1749ec9501bSeric else 1759ec9501bSeric { 1769ec9501bSeric stripquotes(user, FALSE); 1779ec9501bSeric stripquotes(host, FALSE); 17825a99e2eSeric } 17925a99e2eSeric 18025a99e2eSeric /* 1813efaed6eSeric ** If an error message has already been given, don't 1823efaed6eSeric ** bother to send to this address. 1833efaed6eSeric ** 1843efaed6eSeric ** >>>>>>>>>> This clause assumes that the local mailer 1853efaed6eSeric ** >> NOTE >> cannot do any further aliasing; that 1863efaed6eSeric ** >>>>>>>>>> function is subsumed by sendmail. 1873efaed6eSeric */ 1883efaed6eSeric 1893efaed6eSeric if (bitset(QBADADDR, to->q_flags)) 1903efaed6eSeric continue; 1913efaed6eSeric 192f2fec898Seric /* save statistics.... */ 193f2fec898Seric Stat.stat_nt[to->q_mailer]++; 194f2fec898Seric Stat.stat_bt[to->q_mailer] += kbytes(MsgSize); 195f2fec898Seric 1963efaed6eSeric /* 19725a99e2eSeric ** See if this user name is "special". 19825a99e2eSeric ** If the user name has a slash in it, assume that this 19925a99e2eSeric ** is a file -- send it off without further ado. 20025a99e2eSeric ** Note that this means that editfcn's will not 2015dfc646bSeric ** be applied to the message. Also note that 2025dfc646bSeric ** this type of addresses is not processed along 2035dfc646bSeric ** with the others, so we fudge on the To person. 20425a99e2eSeric */ 20525a99e2eSeric 2066cbfa739Seric if (m == Mailer[MN_LOCAL]) 20725a99e2eSeric { 20825a99e2eSeric if (index(user, '/') != NULL) 20925a99e2eSeric { 2106259796dSeric i = mailfile(user, getctladdr(to)); 21125a99e2eSeric giveresponse(i, TRUE, m); 2125dfc646bSeric continue; 21325a99e2eSeric } 21425a99e2eSeric } 21525a99e2eSeric 21613bbc08cSeric /* 21713bbc08cSeric ** Address is verified -- add this user to mailer 21813bbc08cSeric ** argv, and add it to the print list of recipients. 21913bbc08cSeric */ 22013bbc08cSeric 2215dfc646bSeric /* create list of users for error messages */ 2225dfc646bSeric if (tobuf[0] != '\0') 223db8841e9Seric (void) strcat(tobuf, ","); 224db8841e9Seric (void) strcat(tobuf, to->q_paddr); 2255dfc646bSeric define('u', user); /* to user */ 226c2567733Seric define('z', to->q_home); /* user's home */ 2275dfc646bSeric 2285dfc646bSeric /* expand out this user */ 229d4ccc802Seric (void) expand(*mvp, buf, &buf[sizeof buf - 1]); 2305dfc646bSeric *pvp++ = newstr(buf); 2315dfc646bSeric if (pvp >= &pv[MAXPV - 2]) 2325dfc646bSeric { 2335dfc646bSeric /* allow some space for trailing parms */ 2345dfc646bSeric break; 2355dfc646bSeric } 2365dfc646bSeric } 2375dfc646bSeric 238145b49b1Seric /* see if any addresses still exist */ 239145b49b1Seric if (tobuf[0] == '\0') 240145b49b1Seric return (0); 241145b49b1Seric 2425dfc646bSeric /* print out messages as full list */ 2435dfc646bSeric To = tobuf; 2445dfc646bSeric 2455dfc646bSeric /* 2465dfc646bSeric ** Fill out any parameters after the $u parameter. 2475dfc646bSeric */ 2485dfc646bSeric 2495dfc646bSeric while (*++mvp != NULL) 2505dfc646bSeric { 251db8841e9Seric (void) expand(*mvp, buf, &buf[sizeof buf - 1]); 2525dfc646bSeric *pvp++ = newstr(buf); 2535dfc646bSeric if (pvp >= &pv[MAXPV]) 2545dfc646bSeric syserr("deliver: pv overflow after $u for %s", pv[0]); 2555dfc646bSeric } 2565dfc646bSeric *pvp++ = NULL; 2575dfc646bSeric 25825a99e2eSeric /* 25925a99e2eSeric ** Call the mailer. 2606328bdf7Seric ** The argument vector gets built, pipes 26125a99e2eSeric ** are created as necessary, and we fork & exec as 2626328bdf7Seric ** appropriate. 26325a99e2eSeric */ 26425a99e2eSeric 2655dfc646bSeric if (editfcn == NULL) 2665dfc646bSeric editfcn = putmessage; 2676259796dSeric if (ctladdr == NULL) 2686259796dSeric ctladdr = &From; 2696259796dSeric i = sendoff(m, pv, editfcn, ctladdr); 2705dfc646bSeric 2715dfc646bSeric return (i); 27225a99e2eSeric } 2735dfc646bSeric /* 27432d19d43Seric ** DOFORK -- do a fork, retrying a couple of times on failure. 27532d19d43Seric ** 27632d19d43Seric ** This MUST be a macro, since after a vfork we are running 27732d19d43Seric ** two processes on the same stack!!! 27832d19d43Seric ** 27932d19d43Seric ** Parameters: 28032d19d43Seric ** none. 28132d19d43Seric ** 28232d19d43Seric ** Returns: 28332d19d43Seric ** From a macro??? You've got to be kidding! 28432d19d43Seric ** 28532d19d43Seric ** Side Effects: 28632d19d43Seric ** Modifies the ==> LOCAL <== variable 'pid', leaving: 28732d19d43Seric ** pid of child in parent, zero in child. 28832d19d43Seric ** -1 on unrecoverable error. 28932d19d43Seric ** 29032d19d43Seric ** Notes: 29132d19d43Seric ** I'm awfully sorry this looks so awful. That's 29232d19d43Seric ** vfork for you..... 29332d19d43Seric */ 29432d19d43Seric 29532d19d43Seric # define NFORKTRIES 5 29632d19d43Seric # ifdef VFORK 29732d19d43Seric # define XFORK vfork 29832d19d43Seric # else VFORK 29932d19d43Seric # define XFORK fork 30032d19d43Seric # endif VFORK 30132d19d43Seric 30232d19d43Seric # define DOFORK(fORKfN) \ 30332d19d43Seric {\ 30432d19d43Seric register int i;\ 30532d19d43Seric \ 30632d19d43Seric for (i = NFORKTRIES; i-- > 0; )\ 30732d19d43Seric {\ 30832d19d43Seric pid = fORKfN();\ 30932d19d43Seric if (pid >= 0)\ 31032d19d43Seric break;\ 31132d19d43Seric sleep((unsigned) NFORKTRIES - i);\ 31232d19d43Seric }\ 31332d19d43Seric } 31432d19d43Seric /* 3155dfc646bSeric ** SENDOFF -- send off call to mailer & collect response. 3165dfc646bSeric ** 3175dfc646bSeric ** Parameters: 3185dfc646bSeric ** m -- mailer descriptor. 3195dfc646bSeric ** pvp -- parameter vector to send to it. 3205dfc646bSeric ** editfcn -- function to pipe it through. 3216259796dSeric ** ctladdr -- an address pointer controlling the 3226259796dSeric ** user/groupid etc. of the mailer. 3235dfc646bSeric ** 3245dfc646bSeric ** Returns: 3255dfc646bSeric ** exit status of mailer. 3265dfc646bSeric ** 3275dfc646bSeric ** Side Effects: 3285dfc646bSeric ** none. 3295dfc646bSeric */ 3305dfc646bSeric 3316259796dSeric sendoff(m, pvp, editfcn, ctladdr) 3325dfc646bSeric struct mailer *m; 3335dfc646bSeric char **pvp; 3345dfc646bSeric int (*editfcn)(); 3356259796dSeric ADDRESS *ctladdr; 3365dfc646bSeric { 3375dfc646bSeric auto int st; 3385dfc646bSeric register int i; 3395dfc646bSeric int pid; 3405dfc646bSeric int pvect[2]; 3415dfc646bSeric FILE *mfile; 3425dfc646bSeric extern putmessage(); 3435dfc646bSeric extern FILE *fdopen(); 3445dfc646bSeric 3455dfc646bSeric # ifdef DEBUG 3465dfc646bSeric if (Debug) 3475dfc646bSeric { 3485dfc646bSeric printf("Sendoff:\n"); 3495dfc646bSeric printav(pvp); 3505dfc646bSeric } 3515dfc646bSeric # endif DEBUG 3525dfc646bSeric 3536328bdf7Seric /* create a pipe to shove the mail through */ 3546328bdf7Seric if (pipe(pvect) < 0) 35525a99e2eSeric { 35625a99e2eSeric syserr("pipe"); 35725a99e2eSeric return (-1); 35825a99e2eSeric } 35932d19d43Seric DOFORK(XFORK); 360f129ec7dSeric /* pid is set by DOFORK */ 36125a99e2eSeric if (pid < 0) 36225a99e2eSeric { 36325a99e2eSeric syserr("Cannot fork"); 364db8841e9Seric (void) close(pvect[0]); 365db8841e9Seric (void) close(pvect[1]); 36625a99e2eSeric return (-1); 36725a99e2eSeric } 36825a99e2eSeric else if (pid == 0) 36925a99e2eSeric { 37025a99e2eSeric /* child -- set up input & exec mailer */ 37103ab8e55Seric /* make diagnostic output be standard output */ 3720984da9fSeric (void) signal(SIGINT, SIG_DFL); 3730984da9fSeric (void) signal(SIGHUP, SIG_DFL); 3740984da9fSeric (void) signal(SIGTERM, SIG_DFL); 375db8841e9Seric (void) close(2); 376db8841e9Seric (void) dup(1); 377db8841e9Seric (void) close(0); 37825a99e2eSeric if (dup(pvect[0]) < 0) 37925a99e2eSeric { 38025a99e2eSeric syserr("Cannot dup to zero!"); 381a590b978Seric _exit(EX_OSERR); 38225a99e2eSeric } 383db8841e9Seric (void) close(pvect[0]); 384db8841e9Seric (void) close(pvect[1]); 3852a6e0786Seric if (!bitset(M_RESTR, m->m_flags)) 3860984da9fSeric { 387*e36b99e2Seric if (ctladdr->q_uid == 0) 388*e36b99e2Seric { 38969f29479Seric extern int DefUid, DefGid; 39069f29479Seric 391*e36b99e2Seric (void) setgid(DefGid); 392*e36b99e2Seric (void) setuid(DefUid); 393*e36b99e2Seric } 394*e36b99e2Seric else 39569f29479Seric { 396*e36b99e2Seric (void) setgid(ctladdr->q_gid); 397*e36b99e2Seric (void) setuid(ctladdr->q_uid); 39869f29479Seric } 3990984da9fSeric } 400e374fd72Seric # ifndef VFORK 401e374fd72Seric /* 402e374fd72Seric ** We have to be careful with vfork - we can't mung up the 403e374fd72Seric ** memory but we don't want the mailer to inherit any extra 404e374fd72Seric ** open files. Chances are the mailer won't 405e374fd72Seric ** care about an extra file, but then again you never know. 406e374fd72Seric ** Actually, we would like to close(fileno(pwf)), but it's 407e374fd72Seric ** declared static so we can't. But if we fclose(pwf), which 408e374fd72Seric ** is what endpwent does, it closes it in the parent too and 409e374fd72Seric ** the next getpwnam will be slower. If you have a weird 410e374fd72Seric ** mailer that chokes on the extra file you should do the 411e374fd72Seric ** endpwent(). 412e374fd72Seric ** 413e374fd72Seric ** Similar comments apply to log. However, openlog is 414e374fd72Seric ** clever enough to set the FIOCLEX mode on the file, 415e374fd72Seric ** so it will be closed automatically on the exec. 416e374fd72Seric */ 417e374fd72Seric 418e374fd72Seric endpwent(); 41925a99e2eSeric # ifdef LOG 420f9fe028fSeric closelog(); 42125a99e2eSeric # endif LOG 422e374fd72Seric # endif VFORK 42325a99e2eSeric execv(m->m_mailer, pvp); 42425a99e2eSeric /* syserr fails because log is closed */ 42525a99e2eSeric /* syserr("Cannot exec %s", m->m_mailer); */ 42632d19d43Seric printf("Cannot exec '%s' errno=%d\n", m->m_mailer, errno); 427db8841e9Seric (void) fflush(stdout); 428a590b978Seric _exit(EX_UNAVAILABLE); 42925a99e2eSeric } 43025a99e2eSeric 4316328bdf7Seric /* write out message to mailer */ 432db8841e9Seric (void) close(pvect[0]); 43354aa2b0fSeric (void) signal(SIGPIPE, SIG_IGN); 43425a99e2eSeric mfile = fdopen(pvect[1], "w"); 4356328bdf7Seric if (editfcn == NULL) 4366328bdf7Seric editfcn = putmessage; 4376328bdf7Seric (*editfcn)(mfile, m); 438db8841e9Seric (void) fclose(mfile); 43925a99e2eSeric 44025a99e2eSeric /* 44125a99e2eSeric ** Wait for child to die and report status. 44225a99e2eSeric ** We should never get fatal errors (e.g., segmentation 44325a99e2eSeric ** violation), so we report those specially. For other 44425a99e2eSeric ** errors, we choose a status message (into statmsg), 44525a99e2eSeric ** and if it represents an error, we print it. 44625a99e2eSeric */ 44725a99e2eSeric 44825a99e2eSeric while ((i = wait(&st)) > 0 && i != pid) 44925a99e2eSeric continue; 45025a99e2eSeric if (i < 0) 45125a99e2eSeric { 45225a99e2eSeric syserr("wait"); 45325a99e2eSeric return (-1); 45425a99e2eSeric } 45525a99e2eSeric if ((st & 0377) != 0) 45625a99e2eSeric { 45725a99e2eSeric syserr("%s: stat %o", pvp[0], st); 458df2792f7Seric ExitStat = EX_UNAVAILABLE; 45925a99e2eSeric return (-1); 46025a99e2eSeric } 46125a99e2eSeric i = (st >> 8) & 0377; 4622ac087dbSeric giveresponse(i, TRUE, m); 46325a99e2eSeric return (i); 46425a99e2eSeric } 46525a99e2eSeric /* 46625a99e2eSeric ** GIVERESPONSE -- Interpret an error response from a mailer 46725a99e2eSeric ** 46825a99e2eSeric ** Parameters: 46925a99e2eSeric ** stat -- the status code from the mailer (high byte 47025a99e2eSeric ** only; core dumps must have been taken care of 47125a99e2eSeric ** already). 47225a99e2eSeric ** force -- if set, force an error message output, even 47325a99e2eSeric ** if the mailer seems to like to print its own 47425a99e2eSeric ** messages. 47525a99e2eSeric ** m -- the mailer descriptor for this mailer. 47625a99e2eSeric ** 47725a99e2eSeric ** Returns: 478db8841e9Seric ** none. 47925a99e2eSeric ** 48025a99e2eSeric ** Side Effects: 481c1f9df2cSeric ** Errors may be incremented. 48225a99e2eSeric ** ExitStat may be set. 48325a99e2eSeric */ 48425a99e2eSeric 48525a99e2eSeric giveresponse(stat, force, m) 48625a99e2eSeric int stat; 48725a99e2eSeric int force; 48825a99e2eSeric register struct mailer *m; 48925a99e2eSeric { 49025a99e2eSeric register char *statmsg; 49125a99e2eSeric extern char *SysExMsg[]; 49225a99e2eSeric register int i; 49325a99e2eSeric extern int N_SysEx; 49429dd97a3Seric char buf[30]; 49525a99e2eSeric 49613bbc08cSeric /* 49713bbc08cSeric ** Compute status message from code. 49813bbc08cSeric */ 49913bbc08cSeric 50025a99e2eSeric i = stat - EX__BASE; 50125a99e2eSeric if (i < 0 || i > N_SysEx) 50225a99e2eSeric statmsg = NULL; 50325a99e2eSeric else 50425a99e2eSeric statmsg = SysExMsg[i]; 50525a99e2eSeric if (stat == 0) 506c38ba59cSeric { 5076cbfa739Seric if (bitset(M_LOCAL, m->m_flags)) 5083efaed6eSeric statmsg = "delivered"; 5093efaed6eSeric else 5103efaed6eSeric statmsg = "queued"; 511c38ba59cSeric if (Verbose) 512544026c5Seric message(Arpa_Info, statmsg); 513c38ba59cSeric } 51425a99e2eSeric else 51525a99e2eSeric { 516c1f9df2cSeric Errors++; 51725a99e2eSeric if (statmsg == NULL && m->m_badstat != 0) 51825a99e2eSeric { 51925a99e2eSeric stat = m->m_badstat; 52025a99e2eSeric i = stat - EX__BASE; 52125a99e2eSeric # ifdef DEBUG 52225a99e2eSeric if (i < 0 || i >= N_SysEx) 52325a99e2eSeric syserr("Bad m_badstat %d", stat); 52425a99e2eSeric else 52525a99e2eSeric # endif DEBUG 52625a99e2eSeric statmsg = SysExMsg[i]; 52725a99e2eSeric } 52825a99e2eSeric if (statmsg == NULL) 52925a99e2eSeric usrerr("unknown mailer response %d", stat); 530c38ba59cSeric else if (force || !bitset(M_QUIET, m->m_flags) || Verbose) 53125a99e2eSeric usrerr("%s", statmsg); 53225a99e2eSeric } 53325a99e2eSeric 53425a99e2eSeric /* 53525a99e2eSeric ** Final cleanup. 53625a99e2eSeric ** Log a record of the transaction. Compute the new 53725a99e2eSeric ** ExitStat -- if we already had an error, stick with 53825a99e2eSeric ** that. 53925a99e2eSeric */ 54025a99e2eSeric 54125a99e2eSeric if (statmsg == NULL) 54229dd97a3Seric { 543db8841e9Seric (void) sprintf(buf, "error %d", stat); 54429dd97a3Seric statmsg = buf; 54529dd97a3Seric } 54629dd97a3Seric 54729dd97a3Seric # ifdef LOG 548e374fd72Seric syslog(LOG_INFO, "%s->%s: %ld: %s", From.q_paddr, To, MsgSize, statmsg); 54925a99e2eSeric # endif LOG 550243921eeSeric setstat(stat); 55125a99e2eSeric } 55225a99e2eSeric /* 5536328bdf7Seric ** PUTMESSAGE -- output a message to the final mailer. 55425a99e2eSeric ** 5556328bdf7Seric ** This routine takes care of recreating the header from the 5566328bdf7Seric ** in-core copy, etc. 55725a99e2eSeric ** 55825a99e2eSeric ** Parameters: 5596328bdf7Seric ** fp -- file to output onto. 5606328bdf7Seric ** m -- a mailer descriptor. 56125a99e2eSeric ** 56225a99e2eSeric ** Returns: 5636328bdf7Seric ** none. 56425a99e2eSeric ** 56525a99e2eSeric ** Side Effects: 5666328bdf7Seric ** The message is written onto fp. 56725a99e2eSeric */ 56825a99e2eSeric 5696328bdf7Seric putmessage(fp, m) 5706328bdf7Seric FILE *fp; 5716328bdf7Seric struct mailer *m; 57225a99e2eSeric { 5736328bdf7Seric char buf[BUFSIZ]; 5746328bdf7Seric register int i; 57513bbc08cSeric register HDR *h; 5766328bdf7Seric extern char *arpadate(); 5776328bdf7Seric bool anyheader = FALSE; 578e9ff65b0Seric extern char *capitalize(); 57987bd9a02Seric extern char *hvalue(); 58087bd9a02Seric extern bool samefrom(); 58125a99e2eSeric 58213bbc08cSeric /* 58313bbc08cSeric ** Output "From" line unless supressed 58413bbc08cSeric */ 58513bbc08cSeric 58640e4ab56Seric if (!bitset(M_NHDR, m->m_flags)) 5871412cc7cSeric { 5881412cc7cSeric (void) expand("$l", buf, &buf[sizeof buf - 1]); 5891412cc7cSeric fprintf(fp, "%s\n", buf); 5901412cc7cSeric } 59140e4ab56Seric 59213bbc08cSeric /* 59313bbc08cSeric ** Output all header lines 59413bbc08cSeric */ 59513bbc08cSeric 5966328bdf7Seric for (h = Header; h != NULL; h = h->h_link) 5976328bdf7Seric { 59813bbc08cSeric register char *p; 59987bd9a02Seric char *origfrom = OrigFrom; 60013bbc08cSeric 6019e9163a0Seric if (bitset(H_CHECK|H_ACHECK, h->h_flags) && !bitset(h->h_mflags, m->m_flags)) 6025a0dcb5fSeric { 6035a0dcb5fSeric p = ")><("; /* can't happen (I hope) */ 6045a0dcb5fSeric goto checkfrom; 6055a0dcb5fSeric } 60687bd9a02Seric if (strcmp(h->h_field, "from") == 0 && origfrom != NULL && 60787bd9a02Seric strcmp(m->m_from, "$f") == 0) 60887bd9a02Seric { 60987bd9a02Seric p = origfrom; 61087bd9a02Seric origfrom = NULL; 61187bd9a02Seric } 61287bd9a02Seric else if (bitset(H_DEFAULT, h->h_flags)) 6134ae18d0eSeric { 614db8841e9Seric (void) expand(h->h_value, buf, &buf[sizeof buf]); 6154ae18d0eSeric p = buf; 6164ae18d0eSeric } 6174ae18d0eSeric else 6184ae18d0eSeric p = h->h_value; 6199e9163a0Seric if (*p == '\0') 6209e9163a0Seric continue; 6214ae18d0eSeric fprintf(fp, "%s: %s\n", capitalize(h->h_field), p); 6226328bdf7Seric h->h_flags |= H_USED; 6236328bdf7Seric anyheader = TRUE; 6245a0dcb5fSeric 6255a0dcb5fSeric /* hack, hack -- output Original-From field if different */ 6265a0dcb5fSeric checkfrom: 62787bd9a02Seric if (strcmp(h->h_field, "from") == 0 && origfrom != NULL && 62887bd9a02Seric !samefrom(p, origfrom) && hvalue("original-from") == NULL) 6295a0dcb5fSeric { 63087bd9a02Seric fprintf(fp, "Original-From: %s\n", origfrom); 63187bd9a02Seric anyheader = TRUE; 6325a0dcb5fSeric } 6336328bdf7Seric } 6346328bdf7Seric if (anyheader) 6356328bdf7Seric fprintf(fp, "\n"); 6366328bdf7Seric 63713bbc08cSeric /* 63813bbc08cSeric ** Output the body of the message 63913bbc08cSeric */ 64013bbc08cSeric 641b7902a1dSeric rewind(TempFile); 642b7902a1dSeric while (!ferror(fp) && (i = fread(buf, 1, BUFSIZ, TempFile)) > 0) 643db8841e9Seric (void) fwrite(buf, 1, i, fp); 6446328bdf7Seric 64554aa2b0fSeric if (ferror(fp) && errno != EPIPE) 64625a99e2eSeric { 6476328bdf7Seric syserr("putmessage: write error"); 64825a99e2eSeric setstat(EX_IOERR); 64925a99e2eSeric } 65054aa2b0fSeric errno = 0; 65125a99e2eSeric } 65225a99e2eSeric /* 65387bd9a02Seric ** SAMEFROM -- tell if two text addresses represent the same from address. 65487bd9a02Seric ** 65587bd9a02Seric ** Parameters: 65687bd9a02Seric ** ifrom -- internally generated form of from address. 65787bd9a02Seric ** efrom -- external form of from address. 65887bd9a02Seric ** 65987bd9a02Seric ** Returns: 66087bd9a02Seric ** TRUE -- if they convey the same info. 66187bd9a02Seric ** FALSE -- if any information has been lost. 66287bd9a02Seric ** 66387bd9a02Seric ** Side Effects: 66487bd9a02Seric ** none. 66587bd9a02Seric */ 66687bd9a02Seric 66787bd9a02Seric bool 66887bd9a02Seric samefrom(ifrom, efrom) 66987bd9a02Seric char *ifrom; 67087bd9a02Seric char *efrom; 67187bd9a02Seric { 67287bd9a02Seric return (strcmp(ifrom, efrom) == 0); 67387bd9a02Seric } 67487bd9a02Seric /* 67525a99e2eSeric ** MAILFILE -- Send a message to a file. 67625a99e2eSeric ** 677f129ec7dSeric ** If the file has the setuid/setgid bits set, but NO execute 678f129ec7dSeric ** bits, sendmail will try to become the owner of that file 679f129ec7dSeric ** rather than the real user. Obviously, this only works if 680f129ec7dSeric ** sendmail runs as root. 681f129ec7dSeric ** 68225a99e2eSeric ** Parameters: 68325a99e2eSeric ** filename -- the name of the file to send to. 6846259796dSeric ** ctladdr -- the controlling address header -- includes 6856259796dSeric ** the userid/groupid to be when sending. 68625a99e2eSeric ** 68725a99e2eSeric ** Returns: 68825a99e2eSeric ** The exit code associated with the operation. 68925a99e2eSeric ** 69025a99e2eSeric ** Side Effects: 69125a99e2eSeric ** none. 69225a99e2eSeric */ 69325a99e2eSeric 6946259796dSeric mailfile(filename, ctladdr) 69525a99e2eSeric char *filename; 6966259796dSeric ADDRESS *ctladdr; 69725a99e2eSeric { 69825a99e2eSeric register FILE *f; 69932d19d43Seric register int pid; 70025a99e2eSeric 70132d19d43Seric /* 70232d19d43Seric ** Fork so we can change permissions here. 70332d19d43Seric ** Note that we MUST use fork, not vfork, because of 70432d19d43Seric ** the complications of calling subroutines, etc. 70532d19d43Seric */ 70632d19d43Seric 70732d19d43Seric DOFORK(fork); 70832d19d43Seric 70932d19d43Seric if (pid < 0) 71032d19d43Seric return (EX_OSERR); 71132d19d43Seric else if (pid == 0) 71232d19d43Seric { 71332d19d43Seric /* child -- actually write to file */ 714f129ec7dSeric struct stat stb; 715*e36b99e2Seric extern int DefUid, DefGid; 716f129ec7dSeric 7170984da9fSeric (void) signal(SIGINT, SIG_DFL); 7180984da9fSeric (void) signal(SIGHUP, SIG_DFL); 7190984da9fSeric (void) signal(SIGTERM, SIG_DFL); 720f129ec7dSeric umask(OldUmask); 721f129ec7dSeric if (stat(filename, &stb) < 0) 722f129ec7dSeric stb.st_mode = 0; 723f129ec7dSeric if (bitset(0111, stb.st_mode)) 724f129ec7dSeric exit(EX_CANTCREAT); 72503827b5fSeric if (ctladdr == NULL) 72603827b5fSeric ctladdr = &From; 727f129ec7dSeric if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0) 728*e36b99e2Seric { 729*e36b99e2Seric if (ctladdr->q_uid == 0) 730*e36b99e2Seric (void) setgid(DefGid); 731*e36b99e2Seric else 7326259796dSeric (void) setgid(ctladdr->q_gid); 733*e36b99e2Seric } 734f129ec7dSeric if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0) 735*e36b99e2Seric { 736*e36b99e2Seric if (ctladdr->q_uid == 0) 737*e36b99e2Seric (void) setuid(DefUid); 738*e36b99e2Seric else 7396259796dSeric (void) setuid(ctladdr->q_uid); 740*e36b99e2Seric } 74125a99e2eSeric f = fopen(filename, "a"); 74225a99e2eSeric if (f == NULL) 74332d19d43Seric exit(EX_CANTCREAT); 74425a99e2eSeric 74540e4ab56Seric putmessage(f, Mailer[1]); 74625a99e2eSeric fputs("\n", f); 747db8841e9Seric (void) fclose(f); 74832d19d43Seric (void) fflush(stdout); 749*e36b99e2Seric 750*e36b99e2Seric /* reset ISUID & ISGID bits */ 751*e36b99e2Seric (void) chmod(filename, stb.st_mode); 75232d19d43Seric exit(EX_OK); 75313bbc08cSeric /*NOTREACHED*/ 75432d19d43Seric } 75532d19d43Seric else 75632d19d43Seric { 75732d19d43Seric /* parent -- wait for exit status */ 75832d19d43Seric register int i; 75932d19d43Seric auto int stat; 76032d19d43Seric 76132d19d43Seric while ((i = wait(&stat)) != pid) 76232d19d43Seric { 76332d19d43Seric if (i < 0) 76432d19d43Seric { 76532d19d43Seric stat = EX_OSERR << 8; 76632d19d43Seric break; 76732d19d43Seric } 76832d19d43Seric } 7690984da9fSeric if ((stat & 0377) != 0) 7700984da9fSeric stat = EX_UNAVAILABLE << 8; 77132d19d43Seric return ((stat >> 8) & 0377); 77232d19d43Seric } 77325a99e2eSeric } 774