1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)deliver.c 5.53 (Berkeley) 01/05/92"; 11 #endif /* not lint */ 12 13 #include "sendmail.h" 14 #include <sys/signal.h> 15 #include <sys/stat.h> 16 #include <netdb.h> 17 #include <fcntl.h> 18 #include <errno.h> 19 #ifdef NAMED_BIND 20 #include <sys/param.h> 21 #include <arpa/nameser.h> 22 #include <resolv.h> 23 #endif 24 25 /* 26 ** DELIVER -- Deliver a message to a list of addresses. 27 ** 28 ** This routine delivers to everyone on the same host as the 29 ** user on the head of the list. It is clever about mailers 30 ** that don't handle multiple users. It is NOT guaranteed 31 ** that it will deliver to all these addresses however -- so 32 ** deliver should be called once for each address on the 33 ** list. 34 ** 35 ** Parameters: 36 ** e -- the envelope to deliver. 37 ** firstto -- head of the address list to deliver to. 38 ** 39 ** Returns: 40 ** zero -- successfully delivered. 41 ** else -- some failure, see ExitStat for more info. 42 ** 43 ** Side Effects: 44 ** The standard input is passed off to someone. 45 */ 46 47 deliver(e, firstto) 48 register ENVELOPE *e; 49 ADDRESS *firstto; 50 { 51 char *host; /* host being sent to */ 52 char *user; /* user being sent to */ 53 char **pvp; 54 register char **mvp; 55 register char *p; 56 register MAILER *m; /* mailer for this recipient */ 57 ADDRESS *ctladdr; 58 register ADDRESS *to = firstto; 59 bool clever = FALSE; /* running user smtp to this mailer */ 60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */ 61 int rcode; /* response code */ 62 char *from; /* pointer to from person */ 63 char *pv[MAXPV+1]; 64 char tobuf[MAXLINE-50]; /* text line of to people */ 65 char buf[MAXNAME]; 66 char tfrombuf[MAXNAME]; /* translated from person */ 67 char rpathbuf[MAXNAME]; /* translated return path */ 68 extern bool checkcompat(); 69 extern ADDRESS *getctladdr(); 70 extern char *remotename(); 71 72 errno = 0; 73 if (bitset(QDONTSEND, to->q_flags)) 74 return (0); 75 76 #ifdef NAMED_BIND 77 /* unless interactive, try twice, over a minute */ 78 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) { 79 _res.retrans = 30; 80 _res.retry = 2; 81 } 82 #endif 83 84 m = to->q_mailer; 85 host = to->q_host; 86 87 if (tTd(10, 1)) 88 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n", 89 m->m_mno, host, to->q_user); 90 91 /* 92 ** If this mailer is expensive, and if we don't want to make 93 ** connections now, just mark these addresses and return. 94 ** This is useful if we want to batch connections to 95 ** reduce load. This will cause the messages to be 96 ** queued up, and a daemon will come along to send the 97 ** messages later. 98 ** This should be on a per-mailer basis. 99 */ 100 101 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) && 102 !Verbose) 103 { 104 for (; to != NULL; to = to->q_next) 105 { 106 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m) 107 continue; 108 to->q_flags |= QQUEUEUP|QDONTSEND; 109 e->e_to = to->q_paddr; 110 message(Arpa_Info, "queued"); 111 if (LogLevel > 4) 112 logdelivery("queued"); 113 } 114 e->e_to = NULL; 115 return (0); 116 } 117 118 /* 119 ** Do initial argv setup. 120 ** Insert the mailer name. Notice that $x expansion is 121 ** NOT done on the mailer name. Then, if the mailer has 122 ** a picky -f flag, we insert it as appropriate. This 123 ** code does not check for 'pv' overflow; this places a 124 ** manifest lower limit of 4 for MAXPV. 125 ** The from address rewrite is expected to make 126 ** the address relative to the other end. 127 */ 128 129 /* rewrite from address, using rewriting rules */ 130 (void) strcpy(rpathbuf, remotename(e->e_returnpath, m, TRUE, TRUE)); 131 if (e->e_returnpath == e->e_sender) 132 { 133 from = rpathbuf; 134 } 135 else 136 { 137 (void) strcpy(tfrombuf, remotename(e->e_sender, m, TRUE, TRUE)); 138 from = tfrombuf; 139 } 140 141 define('f', e->e_returnpath, e); /* raw return path */ 142 define('<', rpathbuf, e); /* translated return path */ 143 define('g', from, e); /* translated sender */ 144 define('h', host, e); /* to host */ 145 Errors = 0; 146 pvp = pv; 147 *pvp++ = m->m_argv[0]; 148 149 /* insert -f or -r flag as appropriate */ 150 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags))) 151 { 152 if (bitnset(M_FOPT, m->m_flags)) 153 *pvp++ = "-f"; 154 else 155 *pvp++ = "-r"; 156 *pvp++ = newstr(rpathbuf); 157 } 158 159 /* 160 ** Append the other fixed parts of the argv. These run 161 ** up to the first entry containing "$u". There can only 162 ** be one of these, and there are only a few more slots 163 ** in the pv after it. 164 */ 165 166 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 167 { 168 while ((p = index(p, '\001')) != NULL) 169 if (*++p == 'u') 170 break; 171 if (p != NULL) 172 break; 173 174 /* this entry is safe -- go ahead and process it */ 175 expand(*mvp, buf, &buf[sizeof buf - 1], e); 176 *pvp++ = newstr(buf); 177 if (pvp >= &pv[MAXPV - 3]) 178 { 179 syserr("Too many parameters to %s before $u", pv[0]); 180 return (-1); 181 } 182 } 183 184 /* 185 ** If we have no substitution for the user name in the argument 186 ** list, we know that we must supply the names otherwise -- and 187 ** SMTP is the answer!! 188 */ 189 190 if (*mvp == NULL) 191 { 192 /* running SMTP */ 193 # ifdef SMTP 194 clever = TRUE; 195 *pvp = NULL; 196 # else SMTP 197 /* oops! we don't implement SMTP */ 198 syserr("SMTP style mailer"); 199 return (EX_SOFTWARE); 200 # endif SMTP 201 } 202 203 /* 204 ** At this point *mvp points to the argument with $u. We 205 ** run through our address list and append all the addresses 206 ** we can. If we run out of space, do not fret! We can 207 ** always send another copy later. 208 */ 209 210 tobuf[0] = '\0'; 211 e->e_to = tobuf; 212 ctladdr = NULL; 213 for (; to != NULL; to = to->q_next) 214 { 215 /* avoid sending multiple recipients to dumb mailers */ 216 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) 217 break; 218 219 /* if already sent or not for this host, don't send */ 220 if (bitset(QDONTSEND, to->q_flags) || 221 strcmp(to->q_host, host) != 0 || 222 to->q_mailer != firstto->q_mailer) 223 continue; 224 225 /* avoid overflowing tobuf */ 226 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2)) 227 break; 228 229 if (tTd(10, 1)) 230 { 231 printf("\nsend to "); 232 printaddr(to, FALSE); 233 } 234 235 /* compute effective uid/gid when sending */ 236 if (to->q_mailer == ProgMailer) 237 ctladdr = getctladdr(to); 238 239 user = to->q_user; 240 e->e_to = to->q_paddr; 241 to->q_flags |= QDONTSEND; 242 243 /* 244 ** Check to see that these people are allowed to 245 ** talk to each other. 246 */ 247 248 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize) 249 { 250 NoReturn = TRUE; 251 usrerr("Message is too large; %ld bytes max", m->m_maxsize); 252 giveresponse(EX_UNAVAILABLE, m, e); 253 continue; 254 } 255 if (!checkcompat(to)) 256 { 257 giveresponse(EX_UNAVAILABLE, m, e); 258 continue; 259 } 260 261 /* 262 ** Strip quote bits from names if the mailer is dumb 263 ** about them. 264 */ 265 266 if (bitnset(M_STRIPQ, m->m_flags)) 267 { 268 stripquotes(user, TRUE); 269 stripquotes(host, TRUE); 270 } 271 else 272 { 273 stripquotes(user, FALSE); 274 stripquotes(host, FALSE); 275 } 276 277 /* hack attack -- delivermail compatibility */ 278 if (m == ProgMailer && *user == '|') 279 user++; 280 281 /* 282 ** If an error message has already been given, don't 283 ** bother to send to this address. 284 ** 285 ** >>>>>>>>>> This clause assumes that the local mailer 286 ** >> NOTE >> cannot do any further aliasing; that 287 ** >>>>>>>>>> function is subsumed by sendmail. 288 */ 289 290 if (bitset(QBADADDR|QQUEUEUP, to->q_flags)) 291 continue; 292 293 /* save statistics.... */ 294 markstats(e, to); 295 296 /* 297 ** See if this user name is "special". 298 ** If the user name has a slash in it, assume that this 299 ** is a file -- send it off without further ado. Note 300 ** that this type of addresses is not processed along 301 ** with the others, so we fudge on the To person. 302 */ 303 304 if (m == LocalMailer) 305 { 306 if (user[0] == '/') 307 { 308 rcode = mailfile(user, getctladdr(to)); 309 giveresponse(rcode, m, e); 310 if (rcode == EX_OK) 311 to->q_flags |= QSENT; 312 continue; 313 } 314 } 315 316 /* 317 ** Address is verified -- add this user to mailer 318 ** argv, and add it to the print list of recipients. 319 */ 320 321 /* link together the chain of recipients */ 322 to->q_tchain = tochain; 323 tochain = to; 324 325 /* create list of users for error messages */ 326 (void) strcat(tobuf, ","); 327 (void) strcat(tobuf, to->q_paddr); 328 define('u', user, e); /* to user */ 329 define('z', to->q_home, e); /* user's home */ 330 331 /* 332 ** Expand out this user into argument list. 333 */ 334 335 if (!clever) 336 { 337 expand(*mvp, buf, &buf[sizeof buf - 1], e); 338 *pvp++ = newstr(buf); 339 if (pvp >= &pv[MAXPV - 2]) 340 { 341 /* allow some space for trailing parms */ 342 break; 343 } 344 } 345 } 346 347 /* see if any addresses still exist */ 348 if (tobuf[0] == '\0') 349 { 350 define('g', (char *) NULL, e); 351 define('<', (char *) NULL, e); 352 return (0); 353 } 354 355 /* print out messages as full list */ 356 e->e_to = tobuf + 1; 357 358 /* 359 ** Fill out any parameters after the $u parameter. 360 */ 361 362 while (!clever && *++mvp != NULL) 363 { 364 expand(*mvp, buf, &buf[sizeof buf - 1], e); 365 *pvp++ = newstr(buf); 366 if (pvp >= &pv[MAXPV]) 367 syserr("deliver: pv overflow after $u for %s", pv[0]); 368 } 369 *pvp++ = NULL; 370 371 /* 372 ** Call the mailer. 373 ** The argument vector gets built, pipes 374 ** are created as necessary, and we fork & exec as 375 ** appropriate. 376 ** If we are running SMTP, we just need to clean up. 377 */ 378 379 if (ctladdr == NULL) 380 ctladdr = &e->e_from; 381 #ifdef NAMED_BIND 382 if (ConfigLevel < 2) 383 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 384 #endif 385 #ifdef SMTP 386 if (clever) 387 { 388 rcode = EX_OK; 389 #ifdef NAMED_BIND 390 if (host[0] && host[0] != '[') 391 { 392 expand("\001j", buf, &buf[sizeof(buf) - 1], e); 393 Nmx = getmxrr(host, MxHosts, buf, &rcode); 394 } 395 else 396 #endif 397 { 398 Nmx = 1; 399 MxHosts[0] = host; 400 } 401 if (Nmx >= 0) 402 { 403 message(Arpa_Info, "Connecting to %s (%s)...", 404 MxHosts[0], m->m_name); 405 if ((rcode = smtpinit(m, pv)) == EX_OK) { 406 register char *t = tobuf; 407 register int i; 408 409 /* send the recipient list */ 410 tobuf[0] = '\0'; 411 for (to = tochain; to; to = to->q_tchain) { 412 e->e_to = to->q_paddr; 413 if ((i = smtprcpt(to, m)) != EX_OK) { 414 markfailure(e, to, i); 415 giveresponse(i, m, e); 416 } 417 else { 418 *t++ = ','; 419 for (p = to->q_paddr; *p; *t++ = *p++); 420 } 421 } 422 423 /* now send the data */ 424 if (tobuf[0] == '\0') 425 e->e_to = NULL; 426 else { 427 e->e_to = tobuf + 1; 428 rcode = smtpdata(m, e); 429 } 430 431 /* now close the connection */ 432 smtpquit(m); 433 } 434 } 435 } 436 else 437 #endif /* SMTP */ 438 { 439 static int sendoff(); 440 441 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name); 442 rcode = sendoff(e, m, pv, ctladdr); 443 } 444 #ifdef NAMED_BIND 445 if (ConfigLevel < 2) 446 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 447 #endif 448 449 /* 450 ** Do final status disposal. 451 ** We check for something in tobuf for the SMTP case. 452 ** If we got a temporary failure, arrange to queue the 453 ** addressees. 454 */ 455 456 if (tobuf[0] != '\0') 457 giveresponse(rcode, m, e); 458 for (to = tochain; to != NULL; to = to->q_tchain) 459 if (rcode != EX_OK) 460 markfailure(e, to, rcode); 461 else 462 to->q_flags |= QSENT; 463 464 errno = 0; 465 define('g', (char *) NULL, e); 466 define('<', (char *) NULL, e); 467 return (rcode); 468 } 469 /* 470 ** MARKFAILURE -- mark a failure on a specific address. 471 ** 472 ** Parameters: 473 ** e -- the envelope we are sending. 474 ** q -- the address to mark. 475 ** rcode -- the code signifying the particular failure. 476 ** 477 ** Returns: 478 ** none. 479 ** 480 ** Side Effects: 481 ** marks the address (and possibly the envelope) with the 482 ** failure so that an error will be returned or 483 ** the message will be queued, as appropriate. 484 */ 485 486 markfailure(e, q, rcode) 487 register ENVELOPE *e; 488 register ADDRESS *q; 489 int rcode; 490 { 491 if (rcode == EX_OK) 492 return; 493 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR) 494 q->q_flags |= QBADADDR; 495 else if (curtime() > e->e_ctime + TimeOut) 496 { 497 extern char *pintvl(); 498 char buf[MAXLINE]; 499 500 if (!bitset(EF_TIMEOUT, e->e_flags)) 501 { 502 (void) sprintf(buf, "Cannot send message for %s", 503 pintvl(TimeOut, FALSE)); 504 if (e->e_message != NULL) 505 free(e->e_message); 506 e->e_message = newstr(buf); 507 message(Arpa_Info, buf); 508 } 509 q->q_flags |= QBADADDR; 510 e->e_flags |= EF_TIMEOUT; 511 } 512 else 513 q->q_flags |= QQUEUEUP; 514 } 515 /* 516 ** DOFORK -- do a fork, retrying a couple of times on failure. 517 ** 518 ** This MUST be a macro, since after a vfork we are running 519 ** two processes on the same stack!!! 520 ** 521 ** Parameters: 522 ** none. 523 ** 524 ** Returns: 525 ** From a macro??? You've got to be kidding! 526 ** 527 ** Side Effects: 528 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 529 ** pid of child in parent, zero in child. 530 ** -1 on unrecoverable error. 531 ** 532 ** Notes: 533 ** I'm awfully sorry this looks so awful. That's 534 ** vfork for you..... 535 */ 536 537 # define NFORKTRIES 5 538 539 # ifndef FORK 540 # define FORK fork 541 # endif 542 543 # define DOFORK(fORKfN) \ 544 {\ 545 register int i;\ 546 \ 547 for (i = NFORKTRIES; --i >= 0; )\ 548 {\ 549 pid = fORKfN();\ 550 if (pid >= 0)\ 551 break;\ 552 if (i > 0)\ 553 sleep((unsigned) NFORKTRIES - i);\ 554 }\ 555 } 556 /* 557 ** DOFORK -- simple fork interface to DOFORK. 558 ** 559 ** Parameters: 560 ** none. 561 ** 562 ** Returns: 563 ** pid of child in parent. 564 ** zero in child. 565 ** -1 on error. 566 ** 567 ** Side Effects: 568 ** returns twice, once in parent and once in child. 569 */ 570 571 dofork() 572 { 573 register int pid; 574 575 DOFORK(fork); 576 return (pid); 577 } 578 /* 579 ** SENDOFF -- send off call to mailer & collect response. 580 ** 581 ** Parameters: 582 ** e -- the envelope to mail. 583 ** m -- mailer descriptor. 584 ** pvp -- parameter vector to send to it. 585 ** ctladdr -- an address pointer controlling the 586 ** user/groupid etc. of the mailer. 587 ** 588 ** Returns: 589 ** exit status of mailer. 590 ** 591 ** Side Effects: 592 ** none. 593 */ 594 static 595 sendoff(e, m, pvp, ctladdr) 596 register ENVELOPE *e; 597 MAILER *m; 598 char **pvp; 599 ADDRESS *ctladdr; 600 { 601 auto FILE *mfile; 602 auto FILE *rfile; 603 register int i; 604 int pid; 605 606 /* 607 ** Create connection to mailer. 608 */ 609 610 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile); 611 if (pid < 0) 612 return (-1); 613 614 /* 615 ** Format and send message. 616 */ 617 618 putfromline(mfile, m); 619 (*e->e_puthdr)(mfile, m, e); 620 putline("\n", mfile, m); 621 (*e->e_putbody)(mfile, m, e); 622 (void) fclose(mfile); 623 if (rfile != NULL) 624 (void) fclose(rfile); 625 626 i = endmailer(pid, pvp[0]); 627 628 /* arrange a return receipt if requested */ 629 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags)) 630 { 631 e->e_flags |= EF_SENDRECEIPT; 632 /* do we want to send back more info? */ 633 } 634 635 return (i); 636 } 637 /* 638 ** ENDMAILER -- Wait for mailer to terminate. 639 ** 640 ** We should never get fatal errors (e.g., segmentation 641 ** violation), so we report those specially. For other 642 ** errors, we choose a status message (into statmsg), 643 ** and if it represents an error, we print it. 644 ** 645 ** Parameters: 646 ** pid -- pid of mailer. 647 ** name -- name of mailer (for error messages). 648 ** 649 ** Returns: 650 ** exit code of mailer. 651 ** 652 ** Side Effects: 653 ** none. 654 */ 655 656 endmailer(pid, name) 657 int pid; 658 char *name; 659 { 660 int st; 661 662 /* in the IPC case there is nothing to wait for */ 663 if (pid == 0) 664 return (EX_OK); 665 666 /* wait for the mailer process to die and collect status */ 667 st = waitfor(pid); 668 if (st == -1) 669 { 670 syserr("endmailer %s: wait", name); 671 return (EX_SOFTWARE); 672 } 673 674 /* see if it died a horrid death */ 675 if ((st & 0377) != 0) 676 { 677 syserr("mailer %s died with signal %o", name, st); 678 ExitStat = EX_TEMPFAIL; 679 return (EX_TEMPFAIL); 680 } 681 682 /* normal death -- return status */ 683 st = (st >> 8) & 0377; 684 return (st); 685 } 686 /* 687 ** OPENMAILER -- open connection to mailer. 688 ** 689 ** Parameters: 690 ** m -- mailer descriptor. 691 ** pvp -- parameter vector to pass to mailer. 692 ** ctladdr -- controlling address for user. 693 ** clever -- create a full duplex connection. 694 ** pmfile -- pointer to mfile (to mailer) connection. 695 ** prfile -- pointer to rfile (from mailer) connection. 696 ** 697 ** Returns: 698 ** pid of mailer ( > 0 ). 699 ** -1 on error. 700 ** zero on an IPC connection. 701 ** 702 ** Side Effects: 703 ** creates a mailer in a subprocess. 704 */ 705 706 openmailer(m, pvp, ctladdr, clever, pmfile, prfile) 707 MAILER *m; 708 char **pvp; 709 ADDRESS *ctladdr; 710 bool clever; 711 FILE **pmfile; 712 FILE **prfile; 713 { 714 int pid; 715 int mpvect[2]; 716 int rpvect[2]; 717 FILE *mfile = NULL; 718 FILE *rfile = NULL; 719 extern FILE *fdopen(); 720 721 if (tTd(11, 1)) 722 { 723 printf("openmailer:"); 724 printav(pvp); 725 } 726 errno = 0; 727 728 CurHostName = m->m_mailer; 729 730 /* 731 ** Deal with the special case of mail handled through an IPC 732 ** connection. 733 ** In this case we don't actually fork. We must be 734 ** running SMTP for this to work. We will return a 735 ** zero pid to indicate that we are running IPC. 736 ** We also handle a debug version that just talks to stdin/out. 737 */ 738 739 /* check for Local Person Communication -- not for mortals!!! */ 740 if (strcmp(m->m_mailer, "[LPC]") == 0) 741 { 742 *pmfile = stdout; 743 *prfile = stdin; 744 return (0); 745 } 746 747 if (strcmp(m->m_mailer, "[IPC]") == 0 || 748 strcmp(m->m_mailer, "[TCP]") == 0) 749 { 750 #ifdef DAEMON 751 register STAB *st; 752 extern STAB *stab(); 753 register int i, j; 754 register u_short port; 755 756 CurHostName = pvp[1]; 757 if (!clever) 758 syserr("non-clever IPC"); 759 if (pvp[2] != NULL) 760 port = atoi(pvp[2]); 761 else 762 port = 0; 763 for (j = 0; j < Nmx; j++) 764 { 765 CurHostName = MxHosts[j]; 766 /* see if we already know that this host is fried */ 767 st = stab(MxHosts[j], ST_HOST, ST_FIND); 768 if (st == NULL || st->s_host.ho_exitstat == EX_OK) 769 { 770 message(Arpa_Info, "Connecting to %s (%s)...", 771 MxHosts[j], m->m_name); 772 i = makeconnection(MxHosts[j], port, 773 pmfile, prfile, 774 bitnset(M_SECURE_PORT, m->m_flags)); 775 } 776 else 777 { 778 i = st->s_host.ho_exitstat; 779 errno = st->s_host.ho_errno; 780 } 781 if (i != EX_OK) 782 { 783 /* enter status of this host */ 784 if (st == NULL) 785 st = stab(MxHosts[j], ST_HOST, ST_ENTER); 786 st->s_host.ho_exitstat = i; 787 st->s_host.ho_errno = errno; 788 ExitStat = i; 789 continue; 790 } 791 else 792 return (0); 793 } 794 return (-1); 795 #else DAEMON 796 syserr("openmailer: no IPC"); 797 return (-1); 798 #endif DAEMON 799 } 800 801 /* create a pipe to shove the mail through */ 802 if (pipe(mpvect) < 0) 803 { 804 syserr("openmailer: pipe (to mailer)"); 805 return (-1); 806 } 807 808 #ifdef SMTP 809 /* if this mailer speaks smtp, create a return pipe */ 810 if (clever && pipe(rpvect) < 0) 811 { 812 syserr("openmailer: pipe (from mailer)"); 813 (void) close(mpvect[0]); 814 (void) close(mpvect[1]); 815 return (-1); 816 } 817 #endif SMTP 818 819 /* 820 ** Actually fork the mailer process. 821 ** DOFORK is clever about retrying. 822 ** 823 ** Dispose of SIGCHLD signal catchers that may be laying 824 ** around so that endmail will get it. 825 */ 826 827 if (CurEnv->e_xfp != NULL) 828 (void) fflush(CurEnv->e_xfp); /* for debugging */ 829 (void) fflush(stdout); 830 # ifdef SIGCHLD 831 (void) signal(SIGCHLD, SIG_DFL); 832 # endif SIGCHLD 833 DOFORK(FORK); 834 /* pid is set by DOFORK */ 835 if (pid < 0) 836 { 837 /* failure */ 838 syserr("openmailer: cannot fork"); 839 (void) close(mpvect[0]); 840 (void) close(mpvect[1]); 841 #ifdef SMTP 842 if (clever) 843 { 844 (void) close(rpvect[0]); 845 (void) close(rpvect[1]); 846 } 847 #endif SMTP 848 return (-1); 849 } 850 else if (pid == 0) 851 { 852 int i; 853 extern int DtableSize; 854 855 /* child -- set up input & exec mailer */ 856 /* make diagnostic output be standard output */ 857 (void) signal(SIGINT, SIG_IGN); 858 (void) signal(SIGHUP, SIG_IGN); 859 (void) signal(SIGTERM, SIG_DFL); 860 861 /* arrange to filter standard & diag output of command */ 862 if (clever) 863 { 864 (void) close(rpvect[0]); 865 (void) close(1); 866 (void) dup(rpvect[1]); 867 (void) close(rpvect[1]); 868 } 869 else if (OpMode == MD_SMTP || HoldErrs) 870 { 871 /* put mailer output in transcript */ 872 (void) close(1); 873 (void) dup(fileno(CurEnv->e_xfp)); 874 } 875 (void) close(2); 876 (void) dup(1); 877 878 /* arrange to get standard input */ 879 (void) close(mpvect[1]); 880 (void) close(0); 881 if (dup(mpvect[0]) < 0) 882 { 883 syserr("Cannot dup to zero!"); 884 _exit(EX_OSERR); 885 } 886 (void) close(mpvect[0]); 887 if (!bitnset(M_RESTR, m->m_flags)) 888 { 889 if (ctladdr == NULL || ctladdr->q_uid == 0) 890 { 891 (void) setgid(DefGid); 892 (void) initgroups(DefUser, DefGid); 893 (void) setuid(DefUid); 894 } 895 else 896 { 897 (void) setgid(ctladdr->q_gid); 898 (void) initgroups(ctladdr->q_ruser? 899 ctladdr->q_ruser: ctladdr->q_user, 900 ctladdr->q_gid); 901 (void) setuid(ctladdr->q_uid); 902 } 903 } 904 905 /* arrange for all the files to be closed */ 906 for (i = 3; i < DtableSize; i++) { 907 register int j; 908 if ((j = fcntl(i, F_GETFD, 0)) != -1) 909 (void)fcntl(i, F_SETFD, j|1); 910 } 911 912 /* try to execute the mailer */ 913 execve(m->m_mailer, pvp, UserEnviron); 914 syserr("Cannot exec %s", m->m_mailer); 915 if (m == LocalMailer) 916 _exit(EX_TEMPFAIL); 917 switch (errno) 918 { 919 case EIO: 920 case EAGAIN: 921 case ENOMEM: 922 # ifdef EPROCLIM 923 case EPROCLIM: 924 # endif 925 _exit(EX_TEMPFAIL); 926 } 927 _exit(EX_UNAVAILABLE); 928 } 929 930 /* 931 ** Set up return value. 932 */ 933 934 (void) close(mpvect[0]); 935 mfile = fdopen(mpvect[1], "w"); 936 if (clever) 937 { 938 (void) close(rpvect[1]); 939 rfile = fdopen(rpvect[0], "r"); 940 } else 941 rfile = NULL; 942 943 *pmfile = mfile; 944 *prfile = rfile; 945 946 return (pid); 947 } 948 /* 949 ** GIVERESPONSE -- Interpret an error response from a mailer 950 ** 951 ** Parameters: 952 ** stat -- the status code from the mailer (high byte 953 ** only; core dumps must have been taken care of 954 ** already). 955 ** m -- the mailer descriptor for this mailer. 956 ** 957 ** Returns: 958 ** none. 959 ** 960 ** Side Effects: 961 ** Errors may be incremented. 962 ** ExitStat may be set. 963 */ 964 965 giveresponse(stat, m, e) 966 int stat; 967 register MAILER *m; 968 ENVELOPE *e; 969 { 970 register char *statmsg; 971 extern char *SysExMsg[]; 972 register int i; 973 extern int N_SysEx; 974 #ifdef NAMED_BIND 975 extern int h_errno; 976 #endif 977 char buf[MAXLINE]; 978 979 #ifdef lint 980 if (m == NULL) 981 return; 982 #endif lint 983 984 /* 985 ** Compute status message from code. 986 */ 987 988 i = stat - EX__BASE; 989 if (stat == 0) 990 statmsg = "250 Sent"; 991 else if (i < 0 || i > N_SysEx) 992 { 993 (void) sprintf(buf, "554 unknown mailer error %d", stat); 994 stat = EX_UNAVAILABLE; 995 statmsg = buf; 996 } 997 else if (stat == EX_TEMPFAIL) 998 { 999 (void) strcpy(buf, SysExMsg[i]); 1000 #ifdef NAMED_BIND 1001 if (h_errno == TRY_AGAIN) 1002 { 1003 extern char *errstring(); 1004 1005 statmsg = errstring(h_errno+MAX_ERRNO); 1006 } 1007 else 1008 #endif 1009 { 1010 if (errno != 0) 1011 { 1012 extern char *errstring(); 1013 1014 statmsg = errstring(errno); 1015 } 1016 else 1017 { 1018 #ifdef SMTP 1019 extern char SmtpError[]; 1020 1021 statmsg = SmtpError; 1022 #else SMTP 1023 statmsg = NULL; 1024 #endif SMTP 1025 } 1026 } 1027 if (statmsg != NULL && statmsg[0] != '\0') 1028 { 1029 (void) strcat(buf, ": "); 1030 (void) strcat(buf, statmsg); 1031 } 1032 statmsg = buf; 1033 } 1034 else 1035 { 1036 statmsg = SysExMsg[i]; 1037 } 1038 1039 /* 1040 ** Print the message as appropriate 1041 */ 1042 1043 if (stat == EX_OK || stat == EX_TEMPFAIL) 1044 message(Arpa_Info, &statmsg[4]); 1045 else 1046 { 1047 Errors++; 1048 usrerr(statmsg); 1049 } 1050 1051 /* 1052 ** Final cleanup. 1053 ** Log a record of the transaction. Compute the new 1054 ** ExitStat -- if we already had an error, stick with 1055 ** that. 1056 */ 1057 1058 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2)) 1059 logdelivery(&statmsg[4]); 1060 1061 if (stat != EX_TEMPFAIL) 1062 setstat(stat); 1063 if (stat != EX_OK) 1064 { 1065 if (e->e_message != NULL) 1066 free(e->e_message); 1067 e->e_message = newstr(&statmsg[4]); 1068 } 1069 errno = 0; 1070 #ifdef NAMED_BIND 1071 h_errno = 0; 1072 #endif 1073 } 1074 /* 1075 ** LOGDELIVERY -- log the delivery in the system log 1076 ** 1077 ** Parameters: 1078 ** stat -- the message to print for the status 1079 ** 1080 ** Returns: 1081 ** none 1082 ** 1083 ** Side Effects: 1084 ** none 1085 */ 1086 1087 logdelivery(stat) 1088 char *stat; 1089 { 1090 extern char *pintvl(); 1091 1092 # ifdef LOG 1093 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id, 1094 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat); 1095 # endif LOG 1096 } 1097 /* 1098 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 1099 ** 1100 ** This can be made an arbitrary message separator by changing $l 1101 ** 1102 ** One of the ugliest hacks seen by human eyes is contained herein: 1103 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 1104 ** does a well-meaning programmer such as myself have to deal with 1105 ** this kind of antique garbage???? 1106 ** 1107 ** Parameters: 1108 ** fp -- the file to output to. 1109 ** m -- the mailer describing this entry. 1110 ** 1111 ** Returns: 1112 ** none 1113 ** 1114 ** Side Effects: 1115 ** outputs some text to fp. 1116 */ 1117 1118 putfromline(fp, m) 1119 register FILE *fp; 1120 register MAILER *m; 1121 { 1122 char *template = "\001l\n"; 1123 char buf[MAXLINE]; 1124 1125 if (bitnset(M_NHDR, m->m_flags)) 1126 return; 1127 1128 # ifdef UGLYUUCP 1129 if (bitnset(M_UGLYUUCP, m->m_flags)) 1130 { 1131 char *bang; 1132 char xbuf[MAXLINE]; 1133 1134 expand("\001<", buf, &buf[sizeof buf - 1], CurEnv); 1135 bang = index(buf, '!'); 1136 if (bang == NULL) 1137 syserr("No ! in UUCP! (%s)", buf); 1138 else 1139 { 1140 *bang++ = '\0'; 1141 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf); 1142 template = xbuf; 1143 } 1144 } 1145 # endif UGLYUUCP 1146 expand(template, buf, &buf[sizeof buf - 1], CurEnv); 1147 putline(buf, fp, m); 1148 } 1149 /* 1150 ** PUTBODY -- put the body of a message. 1151 ** 1152 ** Parameters: 1153 ** fp -- file to output onto. 1154 ** m -- a mailer descriptor to control output format. 1155 ** e -- the envelope to put out. 1156 ** 1157 ** Returns: 1158 ** none. 1159 ** 1160 ** Side Effects: 1161 ** The message is written onto fp. 1162 */ 1163 1164 putbody(fp, m, e) 1165 FILE *fp; 1166 MAILER *m; 1167 register ENVELOPE *e; 1168 { 1169 char buf[MAXLINE]; 1170 1171 /* 1172 ** Output the body of the message 1173 */ 1174 1175 if (e->e_dfp == NULL) 1176 { 1177 if (e->e_df != NULL) 1178 { 1179 e->e_dfp = fopen(e->e_df, "r"); 1180 if (e->e_dfp == NULL) 1181 syserr("putbody: Cannot open %s for %s from %s", 1182 e->e_df, e->e_to, e->e_from); 1183 } 1184 else 1185 putline("<<< No Message Collected >>>", fp, m); 1186 } 1187 if (e->e_dfp != NULL) 1188 { 1189 rewind(e->e_dfp); 1190 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL) 1191 { 1192 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) && 1193 strncmp(buf, "From ", 5) == 0) 1194 (void) putc('>', fp); 1195 putline(buf, fp, m); 1196 } 1197 1198 if (ferror(e->e_dfp)) 1199 { 1200 syserr("putbody: read error"); 1201 ExitStat = EX_IOERR; 1202 } 1203 } 1204 1205 (void) fflush(fp); 1206 if (ferror(fp) && errno != EPIPE) 1207 { 1208 syserr("putbody: write error"); 1209 ExitStat = EX_IOERR; 1210 } 1211 errno = 0; 1212 } 1213 /* 1214 ** MAILFILE -- Send a message to a file. 1215 ** 1216 ** If the file has the setuid/setgid bits set, but NO execute 1217 ** bits, sendmail will try to become the owner of that file 1218 ** rather than the real user. Obviously, this only works if 1219 ** sendmail runs as root. 1220 ** 1221 ** This could be done as a subordinate mailer, except that it 1222 ** is used implicitly to save messages in ~/dead.letter. We 1223 ** view this as being sufficiently important as to include it 1224 ** here. For example, if the system is dying, we shouldn't have 1225 ** to create another process plus some pipes to save the message. 1226 ** 1227 ** Parameters: 1228 ** filename -- the name of the file to send to. 1229 ** ctladdr -- the controlling address header -- includes 1230 ** the userid/groupid to be when sending. 1231 ** 1232 ** Returns: 1233 ** The exit code associated with the operation. 1234 ** 1235 ** Side Effects: 1236 ** none. 1237 */ 1238 1239 mailfile(filename, ctladdr) 1240 char *filename; 1241 ADDRESS *ctladdr; 1242 { 1243 register FILE *f; 1244 register int pid; 1245 ENVELOPE *e = CurEnv; 1246 1247 /* 1248 ** Fork so we can change permissions here. 1249 ** Note that we MUST use fork, not vfork, because of 1250 ** the complications of calling subroutines, etc. 1251 */ 1252 1253 DOFORK(fork); 1254 1255 if (pid < 0) 1256 return (EX_OSERR); 1257 else if (pid == 0) 1258 { 1259 /* child -- actually write to file */ 1260 struct stat stb; 1261 1262 (void) signal(SIGINT, SIG_DFL); 1263 (void) signal(SIGHUP, SIG_DFL); 1264 (void) signal(SIGTERM, SIG_DFL); 1265 (void) umask(OldUmask); 1266 if (stat(filename, &stb) < 0) 1267 { 1268 errno = 0; 1269 stb.st_mode = 0666; 1270 } 1271 if (bitset(0111, stb.st_mode)) 1272 exit(EX_CANTCREAT); 1273 if (ctladdr == NULL) 1274 ctladdr = &e->e_from; 1275 /* we have to open the dfile BEFORE setuid */ 1276 if (e->e_dfp == NULL && e->e_df != NULL) 1277 { 1278 e->e_dfp = fopen(e->e_df, "r"); 1279 if (e->e_dfp == NULL) { 1280 syserr("mailfile: Cannot open %s for %s from %s", 1281 e->e_df, e->e_to, e->e_from); 1282 } 1283 } 1284 1285 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0) 1286 { 1287 if (ctladdr->q_uid == 0) { 1288 (void) setgid(DefGid); 1289 (void) initgroups(DefUser, DefGid); 1290 } else { 1291 (void) setgid(ctladdr->q_gid); 1292 (void) initgroups(ctladdr->q_ruser? 1293 ctladdr->q_ruser: ctladdr->q_user, 1294 ctladdr->q_gid); 1295 } 1296 } 1297 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0) 1298 { 1299 if (ctladdr->q_uid == 0) 1300 (void) setuid(DefUid); 1301 else 1302 (void) setuid(ctladdr->q_uid); 1303 } 1304 f = dfopen(filename, "a"); 1305 if (f == NULL) 1306 exit(EX_CANTCREAT); 1307 1308 putfromline(f, ProgMailer); 1309 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv); 1310 putline("\n", f, ProgMailer); 1311 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv); 1312 putline("\n", f, ProgMailer); 1313 (void) fclose(f); 1314 (void) fflush(stdout); 1315 1316 /* reset ISUID & ISGID bits for paranoid systems */ 1317 (void) chmod(filename, (int) stb.st_mode); 1318 exit(EX_OK); 1319 /*NOTREACHED*/ 1320 } 1321 else 1322 { 1323 /* parent -- wait for exit status */ 1324 int st; 1325 1326 st = waitfor(pid); 1327 if ((st & 0377) != 0) 1328 return (EX_UNAVAILABLE); 1329 else 1330 return ((st >> 8) & 0377); 1331 /*NOTREACHED*/ 1332 } 1333 } 1334 /* 1335 ** SENDALL -- actually send all the messages. 1336 ** 1337 ** Parameters: 1338 ** e -- the envelope to send. 1339 ** mode -- the delivery mode to use. If SM_DEFAULT, use 1340 ** the current SendMode. 1341 ** 1342 ** Returns: 1343 ** none. 1344 ** 1345 ** Side Effects: 1346 ** Scans the send lists and sends everything it finds. 1347 ** Delivers any appropriate error messages. 1348 ** If we are running in a non-interactive mode, takes the 1349 ** appropriate action. 1350 */ 1351 1352 sendall(e, mode) 1353 ENVELOPE *e; 1354 char mode; 1355 { 1356 register ADDRESS *q; 1357 bool oldverbose; 1358 int pid; 1359 int nsent; 1360 # ifdef LOCKF 1361 struct flock lfd; 1362 # endif 1363 1364 /* determine actual delivery mode */ 1365 if (mode == SM_DEFAULT) 1366 { 1367 extern bool shouldqueue(); 1368 1369 if (shouldqueue(e->e_msgpriority)) 1370 mode = SM_QUEUE; 1371 else 1372 mode = SendMode; 1373 } 1374 1375 if (tTd(13, 1)) 1376 { 1377 printf("\nSENDALL: mode %c, sendqueue:\n", mode); 1378 printaddr(e->e_sendqueue, TRUE); 1379 } 1380 1381 /* 1382 ** Do any preprocessing necessary for the mode we are running. 1383 ** Check to make sure the hop count is reasonable. 1384 ** Delete sends to the sender in mailing lists. 1385 */ 1386 1387 CurEnv = e; 1388 1389 if (e->e_hopcount > MaxHopCount) 1390 { 1391 errno = 0; 1392 syserr("sendall: too many hops %d (%d max): from %s, to %s", 1393 e->e_hopcount, MaxHopCount, e->e_from, e->e_to); 1394 return; 1395 } 1396 1397 if (!MeToo) 1398 { 1399 extern ADDRESS *recipient(); 1400 1401 e->e_from.q_flags |= QDONTSEND; 1402 (void) recipient(&e->e_from, &e->e_sendqueue); 1403 } 1404 1405 # ifdef QUEUE 1406 if ((mode == SM_QUEUE || mode == SM_FORK || 1407 (mode != SM_VERIFY && SuperSafe)) && 1408 !bitset(EF_INQUEUE, e->e_flags)) 1409 queueup(e, TRUE, mode == SM_QUEUE); 1410 #endif QUEUE 1411 1412 oldverbose = Verbose; 1413 switch (mode) 1414 { 1415 case SM_VERIFY: 1416 Verbose = TRUE; 1417 break; 1418 1419 case SM_QUEUE: 1420 queueonly: 1421 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE; 1422 return; 1423 1424 case SM_FORK: 1425 if (e->e_xfp != NULL) 1426 (void) fflush(e->e_xfp); 1427 1428 # ifdef LOCKF 1429 /* 1430 ** Since lockf has the interesting semantic that the 1431 ** lock is lost when we fork, we have to risk losing 1432 ** the lock here by closing before the fork, and then 1433 ** trying to get it back in the child. 1434 */ 1435 1436 if (e->e_lockfp != NULL) 1437 { 1438 (void) fclose(e->e_lockfp); 1439 e->e_lockfp = NULL; 1440 } 1441 # endif /* LOCKF */ 1442 1443 pid = fork(); 1444 if (pid < 0) 1445 { 1446 goto queueonly; 1447 } 1448 else if (pid > 0) 1449 { 1450 /* be sure we leave the temp files to our child */ 1451 e->e_id = e->e_df = NULL; 1452 # ifndef LOCKF 1453 if (e->e_lockfp != NULL) 1454 (void) fclose(e->e_lockfp); 1455 # endif 1456 return; 1457 } 1458 1459 /* double fork to avoid zombies */ 1460 if (fork() > 0) 1461 exit(EX_OK); 1462 1463 /* be sure we are immune from the terminal */ 1464 disconnect(FALSE); 1465 1466 # ifdef LOCKF 1467 /* 1468 ** Now try to get our lock back. 1469 */ 1470 1471 lfd.l_type = F_WRLCK; 1472 lfd.l_whence = lfd.l_start = lfd.l_len = 0; 1473 e->e_lockfp = fopen(queuename(e, 'q'), "r+"); 1474 if (e->e_lockfp == NULL || 1475 fcntl(fileno(e->e_lockfp), F_SETLK, &lfd) < 0) 1476 { 1477 /* oops.... lost it */ 1478 # ifdef LOG 1479 if (LogLevel > 5) 1480 syslog(LOG_NOTICE, "%s: lost lock: %m", 1481 CurEnv->e_id); 1482 # endif /* LOG */ 1483 exit(EX_OK); 1484 } 1485 # endif /* LOCKF */ 1486 1487 break; 1488 } 1489 1490 /* 1491 ** Run through the list and send everything. 1492 */ 1493 1494 nsent = 0; 1495 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1496 { 1497 if (mode == SM_VERIFY) 1498 { 1499 e->e_to = q->q_paddr; 1500 if (!bitset(QDONTSEND|QBADADDR, q->q_flags)) 1501 message(Arpa_Info, "deliverable"); 1502 } 1503 else if (!bitset(QDONTSEND, q->q_flags)) 1504 { 1505 # ifdef QUEUE 1506 /* 1507 ** Checkpoint the send list every few addresses 1508 */ 1509 1510 if (nsent >= CheckpointInterval) 1511 { 1512 queueup(e, TRUE, FALSE); 1513 nsent = 0; 1514 } 1515 # endif /* QUEUE */ 1516 if (deliver(e, q) == EX_OK) 1517 nsent++; 1518 } 1519 } 1520 Verbose = oldverbose; 1521 1522 /* 1523 ** Now run through and check for errors. 1524 */ 1525 1526 if (mode == SM_VERIFY) 1527 return; 1528 1529 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1530 { 1531 register ADDRESS *qq; 1532 1533 if (tTd(13, 3)) 1534 { 1535 printf("Checking "); 1536 printaddr(q, FALSE); 1537 } 1538 1539 /* only send errors if the message failed */ 1540 if (!bitset(QBADADDR, q->q_flags)) 1541 continue; 1542 1543 /* we have an address that failed -- find the parent */ 1544 for (qq = q; qq != NULL; qq = qq->q_alias) 1545 { 1546 char obuf[MAXNAME + 6]; 1547 extern char *aliaslookup(); 1548 1549 /* we can only have owners for local addresses */ 1550 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags)) 1551 continue; 1552 1553 /* see if the owner list exists */ 1554 (void) strcpy(obuf, "owner-"); 1555 if (strncmp(qq->q_user, "owner-", 6) == 0) 1556 (void) strcat(obuf, "owner"); 1557 else 1558 (void) strcat(obuf, qq->q_user); 1559 makelower(obuf); 1560 if (aliaslookup(obuf) == NULL) 1561 continue; 1562 1563 if (tTd(13, 4)) 1564 printf("Errors to %s\n", obuf); 1565 1566 /* owner list exists -- add it to the error queue */ 1567 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue); 1568 ErrorMode = EM_MAIL; 1569 break; 1570 } 1571 1572 /* if we did not find an owner, send to the sender */ 1573 if (qq == NULL && bitset(QBADADDR, q->q_flags)) 1574 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue); 1575 } 1576 1577 if (mode == SM_FORK) 1578 finis(); 1579 } 1580