1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)deliver.c 5.40 (Berkeley) 03/12/91"; 11 #endif /* not lint */ 12 13 #include "sendmail.h" 14 #include <sys/signal.h> 15 #include <sys/stat.h> 16 #include <netdb.h> 17 #include <fcntl.h> 18 #include <errno.h> 19 #ifdef NAMED_BIND 20 #include <arpa/nameser.h> 21 #include <resolv.h> 22 #endif 23 24 /* 25 ** DELIVER -- Deliver a message to a list of addresses. 26 ** 27 ** This routine delivers to everyone on the same host as the 28 ** user on the head of the list. It is clever about mailers 29 ** that don't handle multiple users. It is NOT guaranteed 30 ** that it will deliver to all these addresses however -- so 31 ** deliver should be called once for each address on the 32 ** list. 33 ** 34 ** Parameters: 35 ** e -- the envelope to deliver. 36 ** firstto -- head of the address list to deliver to. 37 ** 38 ** Returns: 39 ** zero -- successfully delivered. 40 ** else -- some failure, see ExitStat for more info. 41 ** 42 ** Side Effects: 43 ** The standard input is passed off to someone. 44 */ 45 46 deliver(e, firstto) 47 register ENVELOPE *e; 48 ADDRESS *firstto; 49 { 50 char *host; /* host being sent to */ 51 char *user; /* user being sent to */ 52 char **pvp; 53 register char **mvp; 54 register char *p; 55 register MAILER *m; /* mailer for this recipient */ 56 ADDRESS *ctladdr; 57 register ADDRESS *to = firstto; 58 bool clever = FALSE; /* running user smtp to this mailer */ 59 ADDRESS *tochain = NULL; /* chain of users in this mailer call */ 60 int rcode; /* response code */ 61 char *pv[MAXPV+1]; 62 char tobuf[MAXLINE-50]; /* text line of to people */ 63 char buf[MAXNAME]; 64 char tfrombuf[MAXNAME]; /* translated from person */ 65 extern bool checkcompat(); 66 extern ADDRESS *getctladdr(); 67 extern char *remotename(); 68 69 errno = 0; 70 if (bitset(QDONTSEND, to->q_flags)) 71 return (0); 72 73 #ifdef NAMED_BIND 74 /* unless interactive, try twice, over a minute */ 75 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) { 76 _res.retrans = 30; 77 _res.retry = 2; 78 } 79 #endif 80 81 m = to->q_mailer; 82 host = to->q_host; 83 84 if (tTd(10, 1)) 85 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n", 86 m->m_mno, host, to->q_user); 87 88 /* 89 ** If this mailer is expensive, and if we don't want to make 90 ** connections now, just mark these addresses and return. 91 ** This is useful if we want to batch connections to 92 ** reduce load. This will cause the messages to be 93 ** queued up, and a daemon will come along to send the 94 ** messages later. 95 ** This should be on a per-mailer basis. 96 */ 97 98 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) && 99 !Verbose) 100 { 101 for (; to != NULL; to = to->q_next) 102 { 103 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m) 104 continue; 105 to->q_flags |= QQUEUEUP|QDONTSEND; 106 e->e_to = to->q_paddr; 107 message(Arpa_Info, "queued"); 108 if (LogLevel > 4) 109 logdelivery("queued"); 110 } 111 e->e_to = NULL; 112 return (0); 113 } 114 115 /* 116 ** Do initial argv setup. 117 ** Insert the mailer name. Notice that $x expansion is 118 ** NOT done on the mailer name. Then, if the mailer has 119 ** a picky -f flag, we insert it as appropriate. This 120 ** code does not check for 'pv' overflow; this places a 121 ** manifest lower limit of 4 for MAXPV. 122 ** The from address rewrite is expected to make 123 ** the address relative to the other end. 124 */ 125 126 /* rewrite from address, using rewriting rules */ 127 expand("\001f", buf, &buf[sizeof buf - 1], e); 128 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE)); 129 130 define('g', tfrombuf, e); /* translated sender address */ 131 define('h', host, e); /* to host */ 132 Errors = 0; 133 pvp = pv; 134 *pvp++ = m->m_argv[0]; 135 136 /* insert -f or -r flag as appropriate */ 137 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags))) 138 { 139 if (bitnset(M_FOPT, m->m_flags)) 140 *pvp++ = "-f"; 141 else 142 *pvp++ = "-r"; 143 expand("\001g", buf, &buf[sizeof buf - 1], e); 144 *pvp++ = newstr(buf); 145 } 146 147 /* 148 ** Append the other fixed parts of the argv. These run 149 ** up to the first entry containing "$u". There can only 150 ** be one of these, and there are only a few more slots 151 ** in the pv after it. 152 */ 153 154 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 155 { 156 while ((p = index(p, '\001')) != NULL) 157 if (*++p == 'u') 158 break; 159 if (p != NULL) 160 break; 161 162 /* this entry is safe -- go ahead and process it */ 163 expand(*mvp, buf, &buf[sizeof buf - 1], e); 164 *pvp++ = newstr(buf); 165 if (pvp >= &pv[MAXPV - 3]) 166 { 167 syserr("Too many parameters to %s before $u", pv[0]); 168 return (-1); 169 } 170 } 171 172 /* 173 ** If we have no substitution for the user name in the argument 174 ** list, we know that we must supply the names otherwise -- and 175 ** SMTP is the answer!! 176 */ 177 178 if (*mvp == NULL) 179 { 180 /* running SMTP */ 181 # ifdef SMTP 182 clever = TRUE; 183 *pvp = NULL; 184 # else SMTP 185 /* oops! we don't implement SMTP */ 186 syserr("SMTP style mailer"); 187 return (EX_SOFTWARE); 188 # endif SMTP 189 } 190 191 /* 192 ** At this point *mvp points to the argument with $u. We 193 ** run through our address list and append all the addresses 194 ** we can. If we run out of space, do not fret! We can 195 ** always send another copy later. 196 */ 197 198 tobuf[0] = '\0'; 199 e->e_to = tobuf; 200 ctladdr = NULL; 201 for (; to != NULL; to = to->q_next) 202 { 203 /* avoid sending multiple recipients to dumb mailers */ 204 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) 205 break; 206 207 /* if already sent or not for this host, don't send */ 208 if (bitset(QDONTSEND, to->q_flags) || 209 strcmp(to->q_host, host) != 0 || 210 to->q_mailer != firstto->q_mailer) 211 continue; 212 213 /* avoid overflowing tobuf */ 214 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2)) 215 break; 216 217 if (tTd(10, 1)) 218 { 219 printf("\nsend to "); 220 printaddr(to, FALSE); 221 } 222 223 /* compute effective uid/gid when sending */ 224 if (to->q_mailer == ProgMailer) 225 ctladdr = getctladdr(to); 226 227 user = to->q_user; 228 e->e_to = to->q_paddr; 229 to->q_flags |= QDONTSEND; 230 231 /* 232 ** Check to see that these people are allowed to 233 ** talk to each other. 234 */ 235 236 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize) 237 { 238 NoReturn = TRUE; 239 usrerr("Message is too large; %ld bytes max", m->m_maxsize); 240 giveresponse(EX_UNAVAILABLE, m, e); 241 continue; 242 } 243 if (!checkcompat(to)) 244 { 245 giveresponse(EX_UNAVAILABLE, m, e); 246 continue; 247 } 248 249 /* 250 ** Strip quote bits from names if the mailer is dumb 251 ** about them. 252 */ 253 254 if (bitnset(M_STRIPQ, m->m_flags)) 255 { 256 stripquotes(user, TRUE); 257 stripquotes(host, TRUE); 258 } 259 else 260 { 261 stripquotes(user, FALSE); 262 stripquotes(host, FALSE); 263 } 264 265 /* hack attack -- delivermail compatibility */ 266 if (m == ProgMailer && *user == '|') 267 user++; 268 269 /* 270 ** If an error message has already been given, don't 271 ** bother to send to this address. 272 ** 273 ** >>>>>>>>>> This clause assumes that the local mailer 274 ** >> NOTE >> cannot do any further aliasing; that 275 ** >>>>>>>>>> function is subsumed by sendmail. 276 */ 277 278 if (bitset(QBADADDR|QQUEUEUP, to->q_flags)) 279 continue; 280 281 /* save statistics.... */ 282 markstats(e, to); 283 284 /* 285 ** See if this user name is "special". 286 ** If the user name has a slash in it, assume that this 287 ** is a file -- send it off without further ado. Note 288 ** that this type of addresses is not processed along 289 ** with the others, so we fudge on the To person. 290 */ 291 292 if (m == LocalMailer) 293 { 294 if (user[0] == '/') 295 { 296 rcode = mailfile(user, getctladdr(to)); 297 giveresponse(rcode, m, e); 298 if (rcode == EX_OK) 299 to->q_flags |= QSENT; 300 continue; 301 } 302 } 303 304 /* 305 ** Address is verified -- add this user to mailer 306 ** argv, and add it to the print list of recipients. 307 */ 308 309 /* link together the chain of recipients */ 310 to->q_tchain = tochain; 311 tochain = to; 312 313 /* create list of users for error messages */ 314 (void) strcat(tobuf, ","); 315 (void) strcat(tobuf, to->q_paddr); 316 define('u', user, e); /* to user */ 317 define('z', to->q_home, e); /* user's home */ 318 319 /* 320 ** Expand out this user into argument list. 321 */ 322 323 if (!clever) 324 { 325 expand(*mvp, buf, &buf[sizeof buf - 1], e); 326 *pvp++ = newstr(buf); 327 if (pvp >= &pv[MAXPV - 2]) 328 { 329 /* allow some space for trailing parms */ 330 break; 331 } 332 } 333 } 334 335 /* see if any addresses still exist */ 336 if (tobuf[0] == '\0') 337 { 338 define('g', (char *) NULL, e); 339 return (0); 340 } 341 342 /* print out messages as full list */ 343 e->e_to = tobuf + 1; 344 345 /* 346 ** Fill out any parameters after the $u parameter. 347 */ 348 349 while (!clever && *++mvp != NULL) 350 { 351 expand(*mvp, buf, &buf[sizeof buf - 1], e); 352 *pvp++ = newstr(buf); 353 if (pvp >= &pv[MAXPV]) 354 syserr("deliver: pv overflow after $u for %s", pv[0]); 355 } 356 *pvp++ = NULL; 357 358 /* 359 ** Call the mailer. 360 ** The argument vector gets built, pipes 361 ** are created as necessary, and we fork & exec as 362 ** appropriate. 363 ** If we are running SMTP, we just need to clean up. 364 */ 365 366 if (ctladdr == NULL) 367 ctladdr = &e->e_from; 368 #ifdef NAMED_BIND 369 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 370 #endif 371 #ifdef SMTP 372 if (clever) 373 { 374 rcode = EX_OK; 375 #ifdef NAMED_BIND 376 if (host[0] && host[0] != '[') 377 { 378 expand("\001w", buf, &buf[sizeof(buf) - 1], e); 379 Nmx = getmxrr(host, MxHosts, buf, &rcode); 380 } 381 else 382 #endif 383 { 384 Nmx = 1; 385 MxHosts[0] = host; 386 } 387 if (Nmx >= 0) 388 { 389 message(Arpa_Info, "Connecting to %s (%s)...", 390 MxHosts[0], m->m_name); 391 if ((rcode = smtpinit(m, pv)) == EX_OK) { 392 register char *t = tobuf; 393 register int i; 394 395 /* send the recipient list */ 396 tobuf[0] = '\0'; 397 for (to = tochain; to; to = to->q_tchain) { 398 e->e_to = to->q_paddr; 399 if ((i = smtprcpt(to, m)) != EX_OK) { 400 markfailure(e, to, i); 401 giveresponse(i, m, e); 402 } 403 else { 404 *t++ = ','; 405 for (p = to->q_paddr; *p; *t++ = *p++); 406 } 407 } 408 409 /* now send the data */ 410 if (tobuf[0] == '\0') 411 e->e_to = NULL; 412 else { 413 e->e_to = tobuf + 1; 414 rcode = smtpdata(m, e); 415 } 416 417 /* now close the connection */ 418 smtpquit(m); 419 } 420 } 421 } 422 else 423 #endif /* SMTP */ 424 { 425 static int sendoff(); 426 427 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name); 428 rcode = sendoff(e, m, pv, ctladdr); 429 } 430 #ifdef NAMED_BIND 431 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 432 #endif 433 434 /* 435 ** Do final status disposal. 436 ** We check for something in tobuf for the SMTP case. 437 ** If we got a temporary failure, arrange to queue the 438 ** addressees. 439 */ 440 441 if (tobuf[0] != '\0') 442 giveresponse(rcode, m, e); 443 for (to = tochain; to != NULL; to = to->q_tchain) 444 if (rcode != EX_OK) 445 markfailure(e, to, rcode); 446 else 447 to->q_flags |= QSENT; 448 449 errno = 0; 450 define('g', (char *) NULL, e); 451 return (rcode); 452 } 453 /* 454 ** MARKFAILURE -- mark a failure on a specific address. 455 ** 456 ** Parameters: 457 ** e -- the envelope we are sending. 458 ** q -- the address to mark. 459 ** rcode -- the code signifying the particular failure. 460 ** 461 ** Returns: 462 ** none. 463 ** 464 ** Side Effects: 465 ** marks the address (and possibly the envelope) with the 466 ** failure so that an error will be returned or 467 ** the message will be queued, as appropriate. 468 */ 469 470 markfailure(e, q, rcode) 471 register ENVELOPE *e; 472 register ADDRESS *q; 473 int rcode; 474 { 475 if (rcode == EX_OK) 476 return; 477 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR) 478 q->q_flags |= QBADADDR; 479 else if (curtime() > e->e_ctime + TimeOut) 480 { 481 extern char *pintvl(); 482 char buf[MAXLINE]; 483 484 if (!bitset(EF_TIMEOUT, e->e_flags)) 485 { 486 (void) sprintf(buf, "Cannot send message for %s", 487 pintvl(TimeOut, FALSE)); 488 if (e->e_message != NULL) 489 free(e->e_message); 490 e->e_message = newstr(buf); 491 message(Arpa_Info, buf); 492 } 493 q->q_flags |= QBADADDR; 494 e->e_flags |= EF_TIMEOUT; 495 } 496 else 497 q->q_flags |= QQUEUEUP; 498 } 499 /* 500 ** DOFORK -- do a fork, retrying a couple of times on failure. 501 ** 502 ** This MUST be a macro, since after a vfork we are running 503 ** two processes on the same stack!!! 504 ** 505 ** Parameters: 506 ** none. 507 ** 508 ** Returns: 509 ** From a macro??? You've got to be kidding! 510 ** 511 ** Side Effects: 512 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 513 ** pid of child in parent, zero in child. 514 ** -1 on unrecoverable error. 515 ** 516 ** Notes: 517 ** I'm awfully sorry this looks so awful. That's 518 ** vfork for you..... 519 */ 520 521 # define NFORKTRIES 5 522 # ifdef VMUNIX 523 # define XFORK vfork 524 # else VMUNIX 525 # define XFORK fork 526 # endif VMUNIX 527 528 # define DOFORK(fORKfN) \ 529 {\ 530 register int i;\ 531 \ 532 for (i = NFORKTRIES; --i >= 0; )\ 533 {\ 534 pid = fORKfN();\ 535 if (pid >= 0)\ 536 break;\ 537 if (i > 0)\ 538 sleep((unsigned) NFORKTRIES - i);\ 539 }\ 540 } 541 /* 542 ** DOFORK -- simple fork interface to DOFORK. 543 ** 544 ** Parameters: 545 ** none. 546 ** 547 ** Returns: 548 ** pid of child in parent. 549 ** zero in child. 550 ** -1 on error. 551 ** 552 ** Side Effects: 553 ** returns twice, once in parent and once in child. 554 */ 555 556 dofork() 557 { 558 register int pid; 559 560 DOFORK(fork); 561 return (pid); 562 } 563 /* 564 ** SENDOFF -- send off call to mailer & collect response. 565 ** 566 ** Parameters: 567 ** e -- the envelope to mail. 568 ** m -- mailer descriptor. 569 ** pvp -- parameter vector to send to it. 570 ** ctladdr -- an address pointer controlling the 571 ** user/groupid etc. of the mailer. 572 ** 573 ** Returns: 574 ** exit status of mailer. 575 ** 576 ** Side Effects: 577 ** none. 578 */ 579 static 580 sendoff(e, m, pvp, ctladdr) 581 register ENVELOPE *e; 582 MAILER *m; 583 char **pvp; 584 ADDRESS *ctladdr; 585 { 586 auto FILE *mfile; 587 auto FILE *rfile; 588 register int i; 589 int pid; 590 591 /* 592 ** Create connection to mailer. 593 */ 594 595 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile); 596 if (pid < 0) 597 return (-1); 598 599 /* 600 ** Format and send message. 601 */ 602 603 putfromline(mfile, m); 604 (*e->e_puthdr)(mfile, m, e); 605 putline("\n", mfile, m); 606 (*e->e_putbody)(mfile, m, e); 607 (void) fclose(mfile); 608 if (rfile != NULL) 609 (void) fclose(rfile); 610 611 i = endmailer(pid, pvp[0]); 612 613 /* arrange a return receipt if requested */ 614 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags)) 615 { 616 e->e_flags |= EF_SENDRECEIPT; 617 /* do we want to send back more info? */ 618 } 619 620 return (i); 621 } 622 /* 623 ** ENDMAILER -- Wait for mailer to terminate. 624 ** 625 ** We should never get fatal errors (e.g., segmentation 626 ** violation), so we report those specially. For other 627 ** errors, we choose a status message (into statmsg), 628 ** and if it represents an error, we print it. 629 ** 630 ** Parameters: 631 ** pid -- pid of mailer. 632 ** name -- name of mailer (for error messages). 633 ** 634 ** Returns: 635 ** exit code of mailer. 636 ** 637 ** Side Effects: 638 ** none. 639 */ 640 641 endmailer(pid, name) 642 int pid; 643 char *name; 644 { 645 int st; 646 647 /* in the IPC case there is nothing to wait for */ 648 if (pid == 0) 649 return (EX_OK); 650 651 /* wait for the mailer process to die and collect status */ 652 st = waitfor(pid); 653 if (st == -1) 654 { 655 syserr("endmailer %s: wait", name); 656 return (EX_SOFTWARE); 657 } 658 659 /* see if it died a horrid death */ 660 if ((st & 0377) != 0) 661 { 662 syserr("mailer %s died with signal %o", name, st); 663 ExitStat = EX_TEMPFAIL; 664 return (EX_TEMPFAIL); 665 } 666 667 /* normal death -- return status */ 668 st = (st >> 8) & 0377; 669 return (st); 670 } 671 /* 672 ** OPENMAILER -- open connection to mailer. 673 ** 674 ** Parameters: 675 ** m -- mailer descriptor. 676 ** pvp -- parameter vector to pass to mailer. 677 ** ctladdr -- controlling address for user. 678 ** clever -- create a full duplex connection. 679 ** pmfile -- pointer to mfile (to mailer) connection. 680 ** prfile -- pointer to rfile (from mailer) connection. 681 ** 682 ** Returns: 683 ** pid of mailer ( > 0 ). 684 ** -1 on error. 685 ** zero on an IPC connection. 686 ** 687 ** Side Effects: 688 ** creates a mailer in a subprocess. 689 */ 690 691 openmailer(m, pvp, ctladdr, clever, pmfile, prfile) 692 MAILER *m; 693 char **pvp; 694 ADDRESS *ctladdr; 695 bool clever; 696 FILE **pmfile; 697 FILE **prfile; 698 { 699 int pid; 700 int mpvect[2]; 701 int rpvect[2]; 702 FILE *mfile = NULL; 703 FILE *rfile = NULL; 704 extern FILE *fdopen(); 705 706 if (tTd(11, 1)) 707 { 708 printf("openmailer:"); 709 printav(pvp); 710 } 711 errno = 0; 712 713 CurHostName = m->m_mailer; 714 715 /* 716 ** Deal with the special case of mail handled through an IPC 717 ** connection. 718 ** In this case we don't actually fork. We must be 719 ** running SMTP for this to work. We will return a 720 ** zero pid to indicate that we are running IPC. 721 ** We also handle a debug version that just talks to stdin/out. 722 */ 723 724 /* check for Local Person Communication -- not for mortals!!! */ 725 if (strcmp(m->m_mailer, "[LPC]") == 0) 726 { 727 *pmfile = stdout; 728 *prfile = stdin; 729 return (0); 730 } 731 732 if (strcmp(m->m_mailer, "[IPC]") == 0) 733 { 734 #ifdef HOSTINFO 735 register STAB *st; 736 extern STAB *stab(); 737 #endif HOSTINFO 738 #ifdef DAEMON 739 register int i, j; 740 register u_short port; 741 742 CurHostName = pvp[1]; 743 if (!clever) 744 syserr("non-clever IPC"); 745 if (pvp[2] != NULL) 746 port = atoi(pvp[2]); 747 else 748 port = 0; 749 for (j = 0; j < Nmx; j++) 750 { 751 CurHostName = MxHosts[j]; 752 #ifdef HOSTINFO 753 /* see if we have already determined that this host is fried */ 754 st = stab(MxHosts[j], ST_HOST, ST_FIND); 755 if (st == NULL || st->s_host.ho_exitstat == EX_OK) { 756 if (j > 1) 757 message(Arpa_Info, 758 "Connecting to %s (%s)...", 759 MxHosts[j], m->m_name); 760 i = makeconnection(MxHosts[j], port, pmfile, prfile); 761 } 762 else 763 { 764 i = st->s_host.ho_exitstat; 765 errno = st->s_host.ho_errno; 766 } 767 #else HOSTINFO 768 i = makeconnection(MxHosts[j], port, pmfile, prfile); 769 #endif HOSTINFO 770 if (i != EX_OK) 771 { 772 #ifdef HOSTINFO 773 /* enter status of this host */ 774 if (st == NULL) 775 st = stab(MxHosts[j], ST_HOST, ST_ENTER); 776 st->s_host.ho_exitstat = i; 777 st->s_host.ho_errno = errno; 778 #endif HOSTINFO 779 ExitStat = i; 780 continue; 781 } 782 else 783 return (0); 784 } 785 return (-1); 786 #else DAEMON 787 syserr("openmailer: no IPC"); 788 return (-1); 789 #endif DAEMON 790 } 791 792 /* create a pipe to shove the mail through */ 793 if (pipe(mpvect) < 0) 794 { 795 syserr("openmailer: pipe (to mailer)"); 796 return (-1); 797 } 798 799 #ifdef SMTP 800 /* if this mailer speaks smtp, create a return pipe */ 801 if (clever && pipe(rpvect) < 0) 802 { 803 syserr("openmailer: pipe (from mailer)"); 804 (void) close(mpvect[0]); 805 (void) close(mpvect[1]); 806 return (-1); 807 } 808 #endif SMTP 809 810 /* 811 ** Actually fork the mailer process. 812 ** DOFORK is clever about retrying. 813 ** 814 ** Dispose of SIGCHLD signal catchers that may be laying 815 ** around so that endmail will get it. 816 */ 817 818 if (CurEnv->e_xfp != NULL) 819 (void) fflush(CurEnv->e_xfp); /* for debugging */ 820 (void) fflush(stdout); 821 # ifdef SIGCHLD 822 (void) signal(SIGCHLD, SIG_DFL); 823 # endif SIGCHLD 824 DOFORK(XFORK); 825 /* pid is set by DOFORK */ 826 if (pid < 0) 827 { 828 /* failure */ 829 syserr("openmailer: cannot fork"); 830 (void) close(mpvect[0]); 831 (void) close(mpvect[1]); 832 #ifdef SMTP 833 if (clever) 834 { 835 (void) close(rpvect[0]); 836 (void) close(rpvect[1]); 837 } 838 #endif SMTP 839 return (-1); 840 } 841 else if (pid == 0) 842 { 843 int i; 844 extern int DtableSize; 845 846 /* child -- set up input & exec mailer */ 847 /* make diagnostic output be standard output */ 848 (void) signal(SIGINT, SIG_IGN); 849 (void) signal(SIGHUP, SIG_IGN); 850 (void) signal(SIGTERM, SIG_DFL); 851 852 /* arrange to filter standard & diag output of command */ 853 if (clever) 854 { 855 (void) close(rpvect[0]); 856 (void) close(1); 857 (void) dup(rpvect[1]); 858 (void) close(rpvect[1]); 859 } 860 else if (OpMode == MD_SMTP || HoldErrs) 861 { 862 /* put mailer output in transcript */ 863 (void) close(1); 864 (void) dup(fileno(CurEnv->e_xfp)); 865 } 866 (void) close(2); 867 (void) dup(1); 868 869 /* arrange to get standard input */ 870 (void) close(mpvect[1]); 871 (void) close(0); 872 if (dup(mpvect[0]) < 0) 873 { 874 syserr("Cannot dup to zero!"); 875 _exit(EX_OSERR); 876 } 877 (void) close(mpvect[0]); 878 if (!bitnset(M_RESTR, m->m_flags)) 879 { 880 if (ctladdr == NULL || ctladdr->q_uid == 0) 881 { 882 (void) setgid(DefGid); 883 (void) initgroups(DefUser, DefGid); 884 (void) setuid(DefUid); 885 } 886 else 887 { 888 (void) setgid(ctladdr->q_gid); 889 (void) initgroups(ctladdr->q_ruser? 890 ctladdr->q_ruser: ctladdr->q_user, 891 ctladdr->q_gid); 892 (void) setuid(ctladdr->q_uid); 893 } 894 } 895 896 /* arrange for all the files to be closed */ 897 for (i = 3; i < DtableSize; i++) { 898 register int j; 899 if ((j = fcntl(i, F_GETFD, 0)) != -1) 900 (void)fcntl(i, F_SETFD, j|1); 901 } 902 903 /* try to execute the mailer */ 904 execve(m->m_mailer, pvp, UserEnviron); 905 syserr("Cannot exec %s", m->m_mailer); 906 if (m == LocalMailer || errno == EIO || errno == EAGAIN || 907 errno == ENOMEM || errno == EPROCLIM) 908 _exit(EX_TEMPFAIL); 909 else 910 _exit(EX_UNAVAILABLE); 911 } 912 913 /* 914 ** Set up return value. 915 */ 916 917 (void) close(mpvect[0]); 918 mfile = fdopen(mpvect[1], "w"); 919 if (clever) 920 { 921 (void) close(rpvect[1]); 922 rfile = fdopen(rpvect[0], "r"); 923 } else 924 rfile = NULL; 925 926 *pmfile = mfile; 927 *prfile = rfile; 928 929 return (pid); 930 } 931 /* 932 ** GIVERESPONSE -- Interpret an error response from a mailer 933 ** 934 ** Parameters: 935 ** stat -- the status code from the mailer (high byte 936 ** only; core dumps must have been taken care of 937 ** already). 938 ** m -- the mailer descriptor for this mailer. 939 ** 940 ** Returns: 941 ** none. 942 ** 943 ** Side Effects: 944 ** Errors may be incremented. 945 ** ExitStat may be set. 946 */ 947 948 giveresponse(stat, m, e) 949 int stat; 950 register MAILER *m; 951 ENVELOPE *e; 952 { 953 register char *statmsg; 954 extern char *SysExMsg[]; 955 register int i; 956 extern int N_SysEx; 957 #ifdef NAMED_BIND 958 extern int h_errno; 959 #endif 960 char buf[MAXLINE]; 961 962 #ifdef lint 963 if (m == NULL) 964 return; 965 #endif lint 966 967 /* 968 ** Compute status message from code. 969 */ 970 971 i = stat - EX__BASE; 972 if (stat == 0) 973 statmsg = "250 Sent"; 974 else if (i < 0 || i > N_SysEx) 975 { 976 (void) sprintf(buf, "554 unknown mailer error %d", stat); 977 stat = EX_UNAVAILABLE; 978 statmsg = buf; 979 } 980 else if (stat == EX_TEMPFAIL) 981 { 982 (void) strcpy(buf, SysExMsg[i]); 983 #ifdef NAMED_BIND 984 if (h_errno == TRY_AGAIN) 985 { 986 extern char *errstring(); 987 988 statmsg = errstring(h_errno+MAX_ERRNO); 989 } 990 else 991 #endif 992 { 993 if (errno != 0) 994 { 995 extern char *errstring(); 996 997 statmsg = errstring(errno); 998 } 999 else 1000 { 1001 #ifdef SMTP 1002 extern char SmtpError[]; 1003 1004 statmsg = SmtpError; 1005 #else SMTP 1006 statmsg = NULL; 1007 #endif SMTP 1008 } 1009 } 1010 if (statmsg != NULL && statmsg[0] != '\0') 1011 { 1012 (void) strcat(buf, ": "); 1013 (void) strcat(buf, statmsg); 1014 } 1015 statmsg = buf; 1016 } 1017 else 1018 { 1019 statmsg = SysExMsg[i]; 1020 } 1021 1022 /* 1023 ** Print the message as appropriate 1024 */ 1025 1026 if (stat == EX_OK || stat == EX_TEMPFAIL) 1027 message(Arpa_Info, &statmsg[4]); 1028 else 1029 { 1030 Errors++; 1031 usrerr(statmsg); 1032 } 1033 1034 /* 1035 ** Final cleanup. 1036 ** Log a record of the transaction. Compute the new 1037 ** ExitStat -- if we already had an error, stick with 1038 ** that. 1039 */ 1040 1041 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2)) 1042 logdelivery(&statmsg[4]); 1043 1044 if (stat != EX_TEMPFAIL) 1045 setstat(stat); 1046 if (stat != EX_OK) 1047 { 1048 if (e->e_message != NULL) 1049 free(e->e_message); 1050 e->e_message = newstr(&statmsg[4]); 1051 } 1052 errno = 0; 1053 #ifdef NAMED_BIND 1054 h_errno = 0; 1055 #endif 1056 } 1057 /* 1058 ** LOGDELIVERY -- log the delivery in the system log 1059 ** 1060 ** Parameters: 1061 ** stat -- the message to print for the status 1062 ** 1063 ** Returns: 1064 ** none 1065 ** 1066 ** Side Effects: 1067 ** none 1068 */ 1069 1070 logdelivery(stat) 1071 char *stat; 1072 { 1073 extern char *pintvl(); 1074 1075 # ifdef LOG 1076 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id, 1077 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat); 1078 # endif LOG 1079 } 1080 /* 1081 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 1082 ** 1083 ** This can be made an arbitrary message separator by changing $l 1084 ** 1085 ** One of the ugliest hacks seen by human eyes is contained herein: 1086 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 1087 ** does a well-meaning programmer such as myself have to deal with 1088 ** this kind of antique garbage???? 1089 ** 1090 ** Parameters: 1091 ** fp -- the file to output to. 1092 ** m -- the mailer describing this entry. 1093 ** 1094 ** Returns: 1095 ** none 1096 ** 1097 ** Side Effects: 1098 ** outputs some text to fp. 1099 */ 1100 1101 putfromline(fp, m) 1102 register FILE *fp; 1103 register MAILER *m; 1104 { 1105 char *template = "\001l\n"; 1106 char buf[MAXLINE]; 1107 1108 if (bitnset(M_NHDR, m->m_flags)) 1109 return; 1110 1111 # ifdef UGLYUUCP 1112 if (bitnset(M_UGLYUUCP, m->m_flags)) 1113 { 1114 char *bang; 1115 char xbuf[MAXLINE]; 1116 1117 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv); 1118 bang = index(buf, '!'); 1119 if (bang == NULL) 1120 syserr("No ! in UUCP! (%s)", buf); 1121 else 1122 { 1123 *bang++ = '\0'; 1124 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf); 1125 template = xbuf; 1126 } 1127 } 1128 # endif UGLYUUCP 1129 expand(template, buf, &buf[sizeof buf - 1], CurEnv); 1130 putline(buf, fp, m); 1131 } 1132 /* 1133 ** PUTBODY -- put the body of a message. 1134 ** 1135 ** Parameters: 1136 ** fp -- file to output onto. 1137 ** m -- a mailer descriptor to control output format. 1138 ** e -- the envelope to put out. 1139 ** 1140 ** Returns: 1141 ** none. 1142 ** 1143 ** Side Effects: 1144 ** The message is written onto fp. 1145 */ 1146 1147 putbody(fp, m, e) 1148 FILE *fp; 1149 MAILER *m; 1150 register ENVELOPE *e; 1151 { 1152 char buf[MAXLINE]; 1153 1154 /* 1155 ** Output the body of the message 1156 */ 1157 1158 if (e->e_dfp == NULL) 1159 { 1160 if (e->e_df != NULL) 1161 { 1162 e->e_dfp = fopen(e->e_df, "r"); 1163 if (e->e_dfp == NULL) 1164 syserr("putbody: Cannot open %s for %s from %s", 1165 e->e_df, e->e_to, e->e_from); 1166 } 1167 else 1168 putline("<<< No Message Collected >>>", fp, m); 1169 } 1170 if (e->e_dfp != NULL) 1171 { 1172 rewind(e->e_dfp); 1173 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL) 1174 { 1175 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) && 1176 strncmp(buf, "From ", 5) == 0) 1177 (void) putc('>', fp); 1178 putline(buf, fp, m); 1179 } 1180 1181 if (ferror(e->e_dfp)) 1182 { 1183 syserr("putbody: read error"); 1184 ExitStat = EX_IOERR; 1185 } 1186 } 1187 1188 (void) fflush(fp); 1189 if (ferror(fp) && errno != EPIPE) 1190 { 1191 syserr("putbody: write error"); 1192 ExitStat = EX_IOERR; 1193 } 1194 errno = 0; 1195 } 1196 /* 1197 ** MAILFILE -- Send a message to a file. 1198 ** 1199 ** If the file has the setuid/setgid bits set, but NO execute 1200 ** bits, sendmail will try to become the owner of that file 1201 ** rather than the real user. Obviously, this only works if 1202 ** sendmail runs as root. 1203 ** 1204 ** This could be done as a subordinate mailer, except that it 1205 ** is used implicitly to save messages in ~/dead.letter. We 1206 ** view this as being sufficiently important as to include it 1207 ** here. For example, if the system is dying, we shouldn't have 1208 ** to create another process plus some pipes to save the message. 1209 ** 1210 ** Parameters: 1211 ** filename -- the name of the file to send to. 1212 ** ctladdr -- the controlling address header -- includes 1213 ** the userid/groupid to be when sending. 1214 ** 1215 ** Returns: 1216 ** The exit code associated with the operation. 1217 ** 1218 ** Side Effects: 1219 ** none. 1220 */ 1221 1222 mailfile(filename, ctladdr) 1223 char *filename; 1224 ADDRESS *ctladdr; 1225 { 1226 register FILE *f; 1227 register int pid; 1228 ENVELOPE *e = CurEnv; 1229 1230 /* 1231 ** Fork so we can change permissions here. 1232 ** Note that we MUST use fork, not vfork, because of 1233 ** the complications of calling subroutines, etc. 1234 */ 1235 1236 DOFORK(fork); 1237 1238 if (pid < 0) 1239 return (EX_OSERR); 1240 else if (pid == 0) 1241 { 1242 /* child -- actually write to file */ 1243 struct stat stb; 1244 1245 (void) signal(SIGINT, SIG_DFL); 1246 (void) signal(SIGHUP, SIG_DFL); 1247 (void) signal(SIGTERM, SIG_DFL); 1248 (void) umask(OldUmask); 1249 if (stat(filename, &stb) < 0) 1250 { 1251 errno = 0; 1252 stb.st_mode = 0666; 1253 } 1254 if (bitset(0111, stb.st_mode)) 1255 exit(EX_CANTCREAT); 1256 if (ctladdr == NULL) 1257 ctladdr = &e->e_from; 1258 /* we have to open the dfile BEFORE setuid */ 1259 if (e->e_dfp == NULL && e->e_df != NULL) 1260 { 1261 e->e_dfp = fopen(e->e_df, "r"); 1262 if (e->e_dfp == NULL) { 1263 syserr("mailfile: Cannot open %s for %s from %s", 1264 e->e_df, e->e_to, e->e_from); 1265 } 1266 } 1267 1268 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0) 1269 { 1270 if (ctladdr->q_uid == 0) { 1271 (void) setgid(DefGid); 1272 (void) initgroups(DefUser, DefGid); 1273 } else { 1274 (void) setgid(ctladdr->q_gid); 1275 (void) initgroups(ctladdr->q_ruser? 1276 ctladdr->q_ruser: ctladdr->q_user, 1277 ctladdr->q_gid); 1278 } 1279 } 1280 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0) 1281 { 1282 if (ctladdr->q_uid == 0) 1283 (void) setuid(DefUid); 1284 else 1285 (void) setuid(ctladdr->q_uid); 1286 } 1287 f = dfopen(filename, "a"); 1288 if (f == NULL) 1289 exit(EX_CANTCREAT); 1290 1291 putfromline(f, ProgMailer); 1292 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv); 1293 putline("\n", f, ProgMailer); 1294 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv); 1295 putline("\n", f, ProgMailer); 1296 (void) fclose(f); 1297 (void) fflush(stdout); 1298 1299 /* reset ISUID & ISGID bits for paranoid systems */ 1300 (void) chmod(filename, (int) stb.st_mode); 1301 exit(EX_OK); 1302 /*NOTREACHED*/ 1303 } 1304 else 1305 { 1306 /* parent -- wait for exit status */ 1307 int st; 1308 1309 st = waitfor(pid); 1310 if ((st & 0377) != 0) 1311 return (EX_UNAVAILABLE); 1312 else 1313 return ((st >> 8) & 0377); 1314 /*NOTREACHED*/ 1315 } 1316 } 1317 /* 1318 ** SENDALL -- actually send all the messages. 1319 ** 1320 ** Parameters: 1321 ** e -- the envelope to send. 1322 ** mode -- the delivery mode to use. If SM_DEFAULT, use 1323 ** the current SendMode. 1324 ** 1325 ** Returns: 1326 ** none. 1327 ** 1328 ** Side Effects: 1329 ** Scans the send lists and sends everything it finds. 1330 ** Delivers any appropriate error messages. 1331 ** If we are running in a non-interactive mode, takes the 1332 ** appropriate action. 1333 */ 1334 1335 sendall(e, mode) 1336 ENVELOPE *e; 1337 char mode; 1338 { 1339 register ADDRESS *q; 1340 bool oldverbose; 1341 int pid; 1342 int nsent; 1343 FILE *lockfp = NULL, *queueup(); 1344 1345 /* determine actual delivery mode */ 1346 if (mode == SM_DEFAULT) 1347 { 1348 extern bool shouldqueue(); 1349 1350 if (shouldqueue(e->e_msgpriority)) 1351 mode = SM_QUEUE; 1352 else 1353 mode = SendMode; 1354 } 1355 1356 if (tTd(13, 1)) 1357 { 1358 printf("\nSENDALL: mode %c, sendqueue:\n", mode); 1359 printaddr(e->e_sendqueue, TRUE); 1360 } 1361 1362 /* 1363 ** Do any preprocessing necessary for the mode we are running. 1364 ** Check to make sure the hop count is reasonable. 1365 ** Delete sends to the sender in mailing lists. 1366 */ 1367 1368 CurEnv = e; 1369 1370 if (e->e_hopcount > MAXHOP) 1371 { 1372 errno = 0; 1373 syserr("sendall: too many hops %d (%d max): from %s, to %s", 1374 e->e_hopcount, MAXHOP, e->e_from, e->e_to); 1375 return; 1376 } 1377 1378 if (!MeToo) 1379 { 1380 extern ADDRESS *recipient(); 1381 1382 e->e_from.q_flags |= QDONTSEND; 1383 (void) recipient(&e->e_from, &e->e_sendqueue); 1384 } 1385 1386 # ifdef QUEUE 1387 if ((mode == SM_QUEUE || mode == SM_FORK || 1388 (mode != SM_VERIFY && SuperSafe)) && 1389 !bitset(EF_INQUEUE, e->e_flags)) 1390 lockfp = queueup(e, TRUE, mode == SM_QUEUE); 1391 #endif QUEUE 1392 1393 oldverbose = Verbose; 1394 switch (mode) 1395 { 1396 case SM_VERIFY: 1397 Verbose = TRUE; 1398 break; 1399 1400 case SM_QUEUE: 1401 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE; 1402 return; 1403 1404 case SM_FORK: 1405 if (e->e_xfp != NULL) 1406 (void) fflush(e->e_xfp); 1407 pid = fork(); 1408 if (pid < 0) 1409 { 1410 mode = SM_DELIVER; 1411 break; 1412 } 1413 else if (pid > 0) 1414 { 1415 /* be sure we leave the temp files to our child */ 1416 e->e_id = e->e_df = NULL; 1417 if (lockfp != NULL) 1418 (void) fclose(lockfp); 1419 return; 1420 } 1421 1422 /* double fork to avoid zombies */ 1423 if (fork() > 0) 1424 exit(EX_OK); 1425 1426 /* be sure we are immune from the terminal */ 1427 disconnect(FALSE); 1428 1429 break; 1430 } 1431 1432 /* 1433 ** Run through the list and send everything. 1434 */ 1435 1436 nsent = 0; 1437 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1438 { 1439 if (mode == SM_VERIFY) 1440 { 1441 e->e_to = q->q_paddr; 1442 if (!bitset(QDONTSEND|QBADADDR, q->q_flags)) 1443 message(Arpa_Info, "deliverable"); 1444 } 1445 else if (!bitset(QDONTSEND, q->q_flags)) 1446 { 1447 /* 1448 ** Checkpoint the send list every few addresses 1449 */ 1450 1451 if (nsent >= CheckpointInterval) 1452 { 1453 queueup(e, TRUE, FALSE); 1454 nsent = 0; 1455 } 1456 if (deliver(e, q) == EX_OK) 1457 nsent++; 1458 } 1459 } 1460 Verbose = oldverbose; 1461 1462 /* 1463 ** Now run through and check for errors. 1464 */ 1465 1466 if (mode == SM_VERIFY) { 1467 if (lockfp != NULL) 1468 (void) fclose(lockfp); 1469 return; 1470 } 1471 1472 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1473 { 1474 register ADDRESS *qq; 1475 1476 if (tTd(13, 3)) 1477 { 1478 printf("Checking "); 1479 printaddr(q, FALSE); 1480 } 1481 1482 /* only send errors if the message failed */ 1483 if (!bitset(QBADADDR, q->q_flags)) 1484 continue; 1485 1486 /* we have an address that failed -- find the parent */ 1487 for (qq = q; qq != NULL; qq = qq->q_alias) 1488 { 1489 char obuf[MAXNAME + 6]; 1490 extern char *aliaslookup(); 1491 1492 /* we can only have owners for local addresses */ 1493 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags)) 1494 continue; 1495 1496 /* see if the owner list exists */ 1497 (void) strcpy(obuf, "owner-"); 1498 if (strncmp(qq->q_user, "owner-", 6) == 0) 1499 (void) strcat(obuf, "owner"); 1500 else 1501 (void) strcat(obuf, qq->q_user); 1502 makelower(obuf); 1503 if (aliaslookup(obuf) == NULL) 1504 continue; 1505 1506 if (tTd(13, 4)) 1507 printf("Errors to %s\n", obuf); 1508 1509 /* owner list exists -- add it to the error queue */ 1510 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue); 1511 ErrorMode = EM_MAIL; 1512 break; 1513 } 1514 1515 /* if we did not find an owner, send to the sender */ 1516 if (qq == NULL && bitset(QBADADDR, q->q_flags)) 1517 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue); 1518 } 1519 1520 /* this removes the lock on the file */ 1521 if (lockfp != NULL) 1522 (void) fclose(lockfp); 1523 1524 if (mode == SM_FORK) 1525 finis(); 1526 } 1527