1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms are permitted
7 * provided that the above copyright notice and this paragraph are
8 * duplicated in all such forms and that any documentation,
9 * advertising materials, and other materials related to such
10 * distribution and use acknowledge that the software was developed
11 * by the University of California, Berkeley. The name of the
12 * University may not be used to endorse or promote products derived
13 * from this software without specific prior written permission.
14 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17 */
18
19 #ifndef lint
20 static char sccsid[] = "@(#)deliver.c 5.24 (Berkeley) 10/22/88";
21 #endif /* not lint */
22
23 #include <sendmail.h>
24 #include <sys/signal.h>
25 #include <sys/stat.h>
26 #include <netdb.h>
27 #include <fcntl.h>
28 #include <errno.h>
29 #ifdef NAMED_BIND
30 #include <arpa/nameser.h>
31 #include <resolv.h>
32 #endif
33
34 /*
35 ** DELIVER -- Deliver a message to a list of addresses.
36 **
37 ** This routine delivers to everyone on the same host as the
38 ** user on the head of the list. It is clever about mailers
39 ** that don't handle multiple users. It is NOT guaranteed
40 ** that it will deliver to all these addresses however -- so
41 ** deliver should be called once for each address on the
42 ** list.
43 **
44 ** Parameters:
45 ** e -- the envelope to deliver.
46 ** firstto -- head of the address list to deliver to.
47 **
48 ** Returns:
49 ** zero -- successfully delivered.
50 ** else -- some failure, see ExitStat for more info.
51 **
52 ** Side Effects:
53 ** The standard input is passed off to someone.
54 */
55
56 deliver(e, firstto)
57 register ENVELOPE *e;
58 ADDRESS *firstto;
59 {
60 char *host; /* host being sent to */
61 char *user; /* user being sent to */
62 char **pvp;
63 register char **mvp;
64 register char *p;
65 register MAILER *m; /* mailer for this recipient */
66 ADDRESS *ctladdr;
67 register ADDRESS *to = firstto;
68 bool clever = FALSE; /* running user smtp to this mailer */
69 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
70 int rcode; /* response code */
71 char *pv[MAXPV+1];
72 char tobuf[MAXLINE-50]; /* text line of to people */
73 char buf[MAXNAME];
74 char tfrombuf[MAXNAME]; /* translated from person */
75 extern bool checkcompat();
76 extern ADDRESS *getctladdr();
77 extern char *remotename();
78
79 errno = 0;
80 if (bitset(QDONTSEND, to->q_flags))
81 return (0);
82
83 #ifdef NAMED_BIND
84 /* unless interactive, try twice, over a minute */
85 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
86 _res.retrans = 30;
87 _res.retry = 2;
88 }
89 #endif NAMED_BIND
90
91 m = to->q_mailer;
92 host = to->q_host;
93
94 # ifdef DEBUG
95 if (tTd(10, 1))
96 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
97 m->m_mno, host, to->q_user);
98 # endif DEBUG
99
100 /*
101 ** If this mailer is expensive, and if we don't want to make
102 ** connections now, just mark these addresses and return.
103 ** This is useful if we want to batch connections to
104 ** reduce load. This will cause the messages to be
105 ** queued up, and a daemon will come along to send the
106 ** messages later.
107 ** This should be on a per-mailer basis.
108 */
109
110 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
111 !Verbose)
112 {
113 for (; to != NULL; to = to->q_next)
114 {
115 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
116 continue;
117 to->q_flags |= QQUEUEUP|QDONTSEND;
118 e->e_to = to->q_paddr;
119 message(Arpa_Info, "queued");
120 if (LogLevel > 4)
121 logdelivery("queued");
122 }
123 e->e_to = NULL;
124 return (0);
125 }
126
127 /*
128 ** Do initial argv setup.
129 ** Insert the mailer name. Notice that $x expansion is
130 ** NOT done on the mailer name. Then, if the mailer has
131 ** a picky -f flag, we insert it as appropriate. This
132 ** code does not check for 'pv' overflow; this places a
133 ** manifest lower limit of 4 for MAXPV.
134 ** The from address rewrite is expected to make
135 ** the address relative to the other end.
136 */
137
138 /* rewrite from address, using rewriting rules */
139 expand("\001f", buf, &buf[sizeof buf - 1], e);
140 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
141
142 define('g', tfrombuf, e); /* translated sender address */
143 define('h', host, e); /* to host */
144 Errors = 0;
145 pvp = pv;
146 *pvp++ = m->m_argv[0];
147
148 /* insert -f or -r flag as appropriate */
149 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
150 {
151 if (bitnset(M_FOPT, m->m_flags))
152 *pvp++ = "-f";
153 else
154 *pvp++ = "-r";
155 expand("\001g", buf, &buf[sizeof buf - 1], e);
156 *pvp++ = newstr(buf);
157 }
158
159 /*
160 ** Append the other fixed parts of the argv. These run
161 ** up to the first entry containing "$u". There can only
162 ** be one of these, and there are only a few more slots
163 ** in the pv after it.
164 */
165
166 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
167 {
168 while ((p = index(p, '\001')) != NULL)
169 if (*++p == 'u')
170 break;
171 if (p != NULL)
172 break;
173
174 /* this entry is safe -- go ahead and process it */
175 expand(*mvp, buf, &buf[sizeof buf - 1], e);
176 *pvp++ = newstr(buf);
177 if (pvp >= &pv[MAXPV - 3])
178 {
179 syserr("Too many parameters to %s before $u", pv[0]);
180 return (-1);
181 }
182 }
183
184 /*
185 ** If we have no substitution for the user name in the argument
186 ** list, we know that we must supply the names otherwise -- and
187 ** SMTP is the answer!!
188 */
189
190 if (*mvp == NULL)
191 {
192 /* running SMTP */
193 # ifdef SMTP
194 clever = TRUE;
195 *pvp = NULL;
196 # else SMTP
197 /* oops! we don't implement SMTP */
198 syserr("SMTP style mailer");
199 return (EX_SOFTWARE);
200 # endif SMTP
201 }
202
203 /*
204 ** At this point *mvp points to the argument with $u. We
205 ** run through our address list and append all the addresses
206 ** we can. If we run out of space, do not fret! We can
207 ** always send another copy later.
208 */
209
210 tobuf[0] = '\0';
211 e->e_to = tobuf;
212 ctladdr = NULL;
213 for (; to != NULL; to = to->q_next)
214 {
215 /* avoid sending multiple recipients to dumb mailers */
216 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
217 break;
218
219 /* if already sent or not for this host, don't send */
220 if (bitset(QDONTSEND, to->q_flags) ||
221 strcmp(to->q_host, host) != 0 ||
222 to->q_mailer != firstto->q_mailer)
223 continue;
224
225 /* avoid overflowing tobuf */
226 if (sizeof tobuf - (strlen(to->q_paddr) + strlen(tobuf) + 2) < 0)
227 break;
228
229 # ifdef DEBUG
230 if (tTd(10, 1))
231 {
232 printf("\nsend to ");
233 printaddr(to, FALSE);
234 }
235 # endif DEBUG
236
237 /* compute effective uid/gid when sending */
238 if (to->q_mailer == ProgMailer)
239 ctladdr = getctladdr(to);
240
241 user = to->q_user;
242 e->e_to = to->q_paddr;
243 to->q_flags |= QDONTSEND;
244
245 /*
246 ** Check to see that these people are allowed to
247 ** talk to each other.
248 */
249
250 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
251 {
252 NoReturn = TRUE;
253 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
254 giveresponse(EX_UNAVAILABLE, m, e);
255 continue;
256 }
257 if (!checkcompat(to))
258 {
259 giveresponse(EX_UNAVAILABLE, m, e);
260 continue;
261 }
262
263 /*
264 ** Strip quote bits from names if the mailer is dumb
265 ** about them.
266 */
267
268 if (bitnset(M_STRIPQ, m->m_flags))
269 {
270 stripquotes(user, TRUE);
271 stripquotes(host, TRUE);
272 }
273 else
274 {
275 stripquotes(user, FALSE);
276 stripquotes(host, FALSE);
277 }
278
279 /* hack attack -- delivermail compatibility */
280 if (m == ProgMailer && *user == '|')
281 user++;
282
283 /*
284 ** If an error message has already been given, don't
285 ** bother to send to this address.
286 **
287 ** >>>>>>>>>> This clause assumes that the local mailer
288 ** >> NOTE >> cannot do any further aliasing; that
289 ** >>>>>>>>>> function is subsumed by sendmail.
290 */
291
292 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
293 continue;
294
295 /* save statistics.... */
296 markstats(e, to);
297
298 /*
299 ** See if this user name is "special".
300 ** If the user name has a slash in it, assume that this
301 ** is a file -- send it off without further ado. Note
302 ** that this type of addresses is not processed along
303 ** with the others, so we fudge on the To person.
304 */
305
306 if (m == LocalMailer)
307 {
308 if (user[0] == '/')
309 {
310 rcode = mailfile(user, getctladdr(to));
311 giveresponse(rcode, m, e);
312 continue;
313 }
314 }
315
316 /*
317 ** Address is verified -- add this user to mailer
318 ** argv, and add it to the print list of recipients.
319 */
320
321 /* link together the chain of recipients */
322 to->q_tchain = tochain;
323 tochain = to;
324
325 /* create list of users for error messages */
326 (void) strcat(tobuf, ",");
327 (void) strcat(tobuf, to->q_paddr);
328 define('u', user, e); /* to user */
329 define('z', to->q_home, e); /* user's home */
330
331 /*
332 ** Expand out this user into argument list.
333 */
334
335 if (!clever)
336 {
337 expand(*mvp, buf, &buf[sizeof buf - 1], e);
338 *pvp++ = newstr(buf);
339 if (pvp >= &pv[MAXPV - 2])
340 {
341 /* allow some space for trailing parms */
342 break;
343 }
344 }
345 }
346
347 /* see if any addresses still exist */
348 if (tobuf[0] == '\0')
349 {
350 define('g', (char *) NULL, e);
351 return (0);
352 }
353
354 /* print out messages as full list */
355 e->e_to = tobuf + 1;
356
357 /*
358 ** Fill out any parameters after the $u parameter.
359 */
360
361 while (!clever && *++mvp != NULL)
362 {
363 expand(*mvp, buf, &buf[sizeof buf - 1], e);
364 *pvp++ = newstr(buf);
365 if (pvp >= &pv[MAXPV])
366 syserr("deliver: pv overflow after $u for %s", pv[0]);
367 }
368 *pvp++ = NULL;
369
370 /*
371 ** Call the mailer.
372 ** The argument vector gets built, pipes
373 ** are created as necessary, and we fork & exec as
374 ** appropriate.
375 ** If we are running SMTP, we just need to clean up.
376 */
377
378 if (ctladdr == NULL)
379 ctladdr = &e->e_from;
380 #ifdef NAMED_BIND
381 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
382 #endif
383 #ifdef SMTP
384 if (clever)
385 {
386 expand("\001w", buf, &buf[sizeof(buf) - 1], e);
387 rcode = EX_OK;
388 #ifdef NAMED_BIND
389 if (host[0] != '[')
390 {
391 Nmx = getmxrr(host, MxHosts, buf, &rcode);
392 }
393 else
394 #endif
395 {
396 Nmx = 1;
397 MxHosts[0] = host;
398 }
399 if (Nmx >= 0)
400 {
401 message(Arpa_Info, "Connecting to %s (%s)...",
402 MxHosts[0], m->m_name);
403 if ((rcode = smtpinit(m, pv)) == EX_OK) {
404 /* send the recipient list */
405 tobuf[0] = '\0';
406 for (to = tochain; to; to = to->q_tchain) {
407 register int i;
408 register char *t = tobuf;
409
410 e->e_to = to->q_paddr;
411 if ((i = smtprcpt(to, m)) != EX_OK) {
412 markfailure(e, to, i);
413 giveresponse(i, m, e);
414 }
415 else {
416 *t++ = ',';
417 for (p = to->q_paddr; *p; *t++ = *p++);
418 }
419 }
420
421 /* now send the data */
422 if (tobuf[0] == '\0')
423 e->e_to = NULL;
424 else {
425 e->e_to = tobuf + 1;
426 rcode = smtpdata(m, e);
427 }
428
429 /* now close the connection */
430 smtpquit(m);
431 }
432 }
433 }
434 else
435 #endif /* SMTP */
436 {
437 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
438 rcode = sendoff(e, m, pv, ctladdr);
439 }
440 #ifdef NAMED_BIND
441 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
442 #endif
443
444 /*
445 ** Do final status disposal.
446 ** We check for something in tobuf for the SMTP case.
447 ** If we got a temporary failure, arrange to queue the
448 ** addressees.
449 */
450
451 if (tobuf[0] != '\0')
452 giveresponse(rcode, m, e);
453 if (rcode != EX_OK)
454 for (to = tochain; to != NULL; to = to->q_tchain)
455 markfailure(e, to, rcode);
456
457 errno = 0;
458 define('g', (char *) NULL, e);
459 return (rcode);
460 }
461 �/*
462 ** MARKFAILURE -- mark a failure on a specific address.
463 **
464 ** Parameters:
465 ** e -- the envelope we are sending.
466 ** q -- the address to mark.
467 ** rcode -- the code signifying the particular failure.
468 **
469 ** Returns:
470 ** none.
471 **
472 ** Side Effects:
473 ** marks the address (and possibly the envelope) with the
474 ** failure so that an error will be returned or
475 ** the message will be queued, as appropriate.
476 */
477
478 markfailure(e, q, rcode)
479 register ENVELOPE *e;
480 register ADDRESS *q;
481 int rcode;
482 {
483 if (rcode == EX_OK)
484 return;
485 else if (rcode != EX_TEMPFAIL)
486 q->q_flags |= QBADADDR;
487 else if (curtime() > e->e_ctime + TimeOut)
488 {
489 extern char *pintvl();
490 char buf[MAXLINE];
491
492 if (!bitset(EF_TIMEOUT, e->e_flags))
493 {
494 (void) sprintf(buf, "Cannot send message for %s",
495 pintvl(TimeOut, FALSE));
496 if (e->e_message != NULL)
497 free(e->e_message);
498 e->e_message = newstr(buf);
499 message(Arpa_Info, buf);
500 }
501 q->q_flags |= QBADADDR;
502 e->e_flags |= EF_TIMEOUT;
503 }
504 else
505 q->q_flags |= QQUEUEUP;
506 }
507 �/*
508 ** DOFORK -- do a fork, retrying a couple of times on failure.
509 **
510 ** This MUST be a macro, since after a vfork we are running
511 ** two processes on the same stack!!!
512 **
513 ** Parameters:
514 ** none.
515 **
516 ** Returns:
517 ** From a macro??? You've got to be kidding!
518 **
519 ** Side Effects:
520 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
521 ** pid of child in parent, zero in child.
522 ** -1 on unrecoverable error.
523 **
524 ** Notes:
525 ** I'm awfully sorry this looks so awful. That's
526 ** vfork for you.....
527 */
528
529 # define NFORKTRIES 5
530 # ifdef VMUNIX
531 # define XFORK vfork
532 # else VMUNIX
533 # define XFORK fork
534 # endif VMUNIX
535
536 # define DOFORK(fORKfN) \
537 {\
538 register int i;\
539 \
540 for (i = NFORKTRIES; --i >= 0; )\
541 {\
542 pid = fORKfN();\
543 if (pid >= 0)\
544 break;\
545 if (i > 0)\
546 sleep((unsigned) NFORKTRIES - i);\
547 }\
548 }
549 �/*
550 ** DOFORK -- simple fork interface to DOFORK.
551 **
552 ** Parameters:
553 ** none.
554 **
555 ** Returns:
556 ** pid of child in parent.
557 ** zero in child.
558 ** -1 on error.
559 **
560 ** Side Effects:
561 ** returns twice, once in parent and once in child.
562 */
563
564 dofork()
565 {
566 register int pid;
567
568 DOFORK(fork);
569 return (pid);
570 }
571 �/*
572 ** SENDOFF -- send off call to mailer & collect response.
573 **
574 ** Parameters:
575 ** e -- the envelope to mail.
576 ** m -- mailer descriptor.
577 ** pvp -- parameter vector to send to it.
578 ** ctladdr -- an address pointer controlling the
579 ** user/groupid etc. of the mailer.
580 **
581 ** Returns:
582 ** exit status of mailer.
583 **
584 ** Side Effects:
585 ** none.
586 */
587 static
588 sendoff(e, m, pvp, ctladdr)
589 register ENVELOPE *e;
590 MAILER *m;
591 char **pvp;
592 ADDRESS *ctladdr;
593 {
594 auto FILE *mfile;
595 auto FILE *rfile;
596 register int i;
597 int pid;
598
599 /*
600 ** Create connection to mailer.
601 */
602
603 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
604 if (pid < 0)
605 return (-1);
606
607 /*
608 ** Format and send message.
609 */
610
611 putfromline(mfile, m);
612 (*e->e_puthdr)(mfile, m, e);
613 putline("\n", mfile, m);
614 (*e->e_putbody)(mfile, m, e);
615 (void) fclose(mfile);
616
617 i = endmailer(pid, pvp[0]);
618
619 /* arrange a return receipt if requested */
620 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
621 {
622 e->e_flags |= EF_SENDRECEIPT;
623 /* do we want to send back more info? */
624 }
625
626 return (i);
627 }
628 �/*
629 ** ENDMAILER -- Wait for mailer to terminate.
630 **
631 ** We should never get fatal errors (e.g., segmentation
632 ** violation), so we report those specially. For other
633 ** errors, we choose a status message (into statmsg),
634 ** and if it represents an error, we print it.
635 **
636 ** Parameters:
637 ** pid -- pid of mailer.
638 ** name -- name of mailer (for error messages).
639 **
640 ** Returns:
641 ** exit code of mailer.
642 **
643 ** Side Effects:
644 ** none.
645 */
646
647 endmailer(pid, name)
648 int pid;
649 char *name;
650 {
651 int st;
652
653 /* in the IPC case there is nothing to wait for */
654 if (pid == 0)
655 return (EX_OK);
656
657 /* wait for the mailer process to die and collect status */
658 st = waitfor(pid);
659 if (st == -1)
660 {
661 syserr("endmailer %s: wait", name);
662 return (EX_SOFTWARE);
663 }
664
665 /* see if it died a horrid death */
666 if ((st & 0377) != 0)
667 {
668 syserr("mailer %s died with signal %o", name, st);
669 ExitStat = EX_TEMPFAIL;
670 return (EX_TEMPFAIL);
671 }
672
673 /* normal death -- return status */
674 st = (st >> 8) & 0377;
675 return (st);
676 }
677 �/*
678 ** OPENMAILER -- open connection to mailer.
679 **
680 ** Parameters:
681 ** m -- mailer descriptor.
682 ** pvp -- parameter vector to pass to mailer.
683 ** ctladdr -- controlling address for user.
684 ** clever -- create a full duplex connection.
685 ** pmfile -- pointer to mfile (to mailer) connection.
686 ** prfile -- pointer to rfile (from mailer) connection.
687 **
688 ** Returns:
689 ** pid of mailer ( > 0 ).
690 ** -1 on error.
691 ** zero on an IPC connection.
692 **
693 ** Side Effects:
694 ** creates a mailer in a subprocess.
695 */
696
697 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
698 MAILER *m;
699 char **pvp;
700 ADDRESS *ctladdr;
701 bool clever;
702 FILE **pmfile;
703 FILE **prfile;
704 {
705 int pid;
706 int mpvect[2];
707 int rpvect[2];
708 FILE *mfile;
709 FILE *rfile;
710 extern FILE *fdopen();
711
712 # ifdef DEBUG
713 if (tTd(11, 1))
714 {
715 printf("openmailer:");
716 printav(pvp);
717 }
718 # endif DEBUG
719 errno = 0;
720
721 CurHostName = m->m_mailer;
722
723 /*
724 ** Deal with the special case of mail handled through an IPC
725 ** connection.
726 ** In this case we don't actually fork. We must be
727 ** running SMTP for this to work. We will return a
728 ** zero pid to indicate that we are running IPC.
729 ** We also handle a debug version that just talks to stdin/out.
730 */
731
732 #ifdef DEBUG
733 /* check for Local Person Communication -- not for mortals!!! */
734 if (strcmp(m->m_mailer, "[LPC]") == 0)
735 {
736 *pmfile = stdout;
737 *prfile = stdin;
738 return (0);
739 }
740 #endif DEBUG
741
742 if (strcmp(m->m_mailer, "[IPC]") == 0)
743 {
744 #ifdef HOSTINFO
745 register STAB *st;
746 extern STAB *stab();
747 #endif HOSTINFO
748 #ifdef DAEMON
749 register int i, j;
750 register u_short port;
751
752 CurHostName = pvp[1];
753 if (!clever)
754 syserr("non-clever IPC");
755 if (pvp[2] != NULL)
756 port = atoi(pvp[2]);
757 else
758 port = 0;
759 for (j = 0; j < Nmx; j++)
760 {
761 CurHostName = MxHosts[j];
762 #ifdef HOSTINFO
763 /* see if we have already determined that this host is fried */
764 st = stab(MxHosts[j], ST_HOST, ST_FIND);
765 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
766 if (j > 1)
767 message(Arpa_Info,
768 "Connecting to %s (%s)...",
769 MxHosts[j], m->m_name);
770 i = makeconnection(MxHosts[j], port, pmfile, prfile);
771 }
772 else
773 {
774 i = st->s_host.ho_exitstat;
775 errno = st->s_host.ho_errno;
776 }
777 #else HOSTINFO
778 i = makeconnection(MxHosts[j], port, pmfile, prfile);
779 #endif HOSTINFO
780 if (i != EX_OK)
781 {
782 #ifdef HOSTINFO
783 /* enter status of this host */
784 if (st == NULL)
785 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
786 st->s_host.ho_exitstat = i;
787 st->s_host.ho_errno = errno;
788 #endif HOSTINFO
789 ExitStat = i;
790 continue;
791 }
792 else
793 return (0);
794 }
795 return (-1);
796 #else DAEMON
797 syserr("openmailer: no IPC");
798 return (-1);
799 #endif DAEMON
800 }
801
802 /* create a pipe to shove the mail through */
803 if (pipe(mpvect) < 0)
804 {
805 syserr("openmailer: pipe (to mailer)");
806 return (-1);
807 }
808
809 #ifdef SMTP
810 /* if this mailer speaks smtp, create a return pipe */
811 if (clever && pipe(rpvect) < 0)
812 {
813 syserr("openmailer: pipe (from mailer)");
814 (void) close(mpvect[0]);
815 (void) close(mpvect[1]);
816 return (-1);
817 }
818 #endif SMTP
819
820 /*
821 ** Actually fork the mailer process.
822 ** DOFORK is clever about retrying.
823 **
824 ** Dispose of SIGCHLD signal catchers that may be laying
825 ** around so that endmail will get it.
826 */
827
828 if (CurEnv->e_xfp != NULL)
829 (void) fflush(CurEnv->e_xfp); /* for debugging */
830 (void) fflush(stdout);
831 # ifdef SIGCHLD
832 (void) signal(SIGCHLD, SIG_DFL);
833 # endif SIGCHLD
834 DOFORK(XFORK);
835 /* pid is set by DOFORK */
836 if (pid < 0)
837 {
838 /* failure */
839 syserr("openmailer: cannot fork");
840 (void) close(mpvect[0]);
841 (void) close(mpvect[1]);
842 #ifdef SMTP
843 if (clever)
844 {
845 (void) close(rpvect[0]);
846 (void) close(rpvect[1]);
847 }
848 #endif SMTP
849 return (-1);
850 }
851 else if (pid == 0)
852 {
853 int i;
854 extern int DtableSize;
855
856 /* child -- set up input & exec mailer */
857 /* make diagnostic output be standard output */
858 (void) signal(SIGINT, SIG_IGN);
859 (void) signal(SIGHUP, SIG_IGN);
860 (void) signal(SIGTERM, SIG_DFL);
861
862 /* arrange to filter standard & diag output of command */
863 if (clever)
864 {
865 (void) close(rpvect[0]);
866 (void) close(1);
867 (void) dup(rpvect[1]);
868 (void) close(rpvect[1]);
869 }
870 else if (OpMode == MD_SMTP || HoldErrs)
871 {
872 /* put mailer output in transcript */
873 (void) close(1);
874 (void) dup(fileno(CurEnv->e_xfp));
875 }
876 (void) close(2);
877 (void) dup(1);
878
879 /* arrange to get standard input */
880 (void) close(mpvect[1]);
881 (void) close(0);
882 if (dup(mpvect[0]) < 0)
883 {
884 syserr("Cannot dup to zero!");
885 _exit(EX_OSERR);
886 }
887 (void) close(mpvect[0]);
888 if (!bitnset(M_RESTR, m->m_flags))
889 {
890 if (ctladdr == NULL || ctladdr->q_uid == 0)
891 {
892 (void) setgid(DefGid);
893 (void) setuid(DefUid);
894 }
895 else
896 {
897 (void) setgid(ctladdr->q_gid);
898 (void) setuid(ctladdr->q_uid);
899 }
900 }
901
902 /* arrange for all the files to be closed */
903 for (i = 3; i < DtableSize; i++) {
904 register int j;
905 if ((j = fcntl(i, F_GETFD, 0)) != -1)
906 (void)fcntl(i, F_SETFD, j|1);
907 }
908
909 /* try to execute the mailer */
910 execve(m->m_mailer, pvp, UserEnviron);
911 syserr("Cannot exec %s", m->m_mailer);
912 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
913 errno == ENOMEM || errno == EPROCLIM)
914 _exit(EX_TEMPFAIL);
915 else
916 _exit(EX_UNAVAILABLE);
917 }
918
919 /*
920 ** Set up return value.
921 */
922
923 (void) close(mpvect[0]);
924 mfile = fdopen(mpvect[1], "w");
925 if (clever)
926 {
927 (void) close(rpvect[1]);
928 rfile = fdopen(rpvect[0], "r");
929 }
930
931 *pmfile = mfile;
932 *prfile = rfile;
933
934 return (pid);
935 }
936 �/*
937 ** GIVERESPONSE -- Interpret an error response from a mailer
938 **
939 ** Parameters:
940 ** stat -- the status code from the mailer (high byte
941 ** only; core dumps must have been taken care of
942 ** already).
943 ** m -- the mailer descriptor for this mailer.
944 **
945 ** Returns:
946 ** none.
947 **
948 ** Side Effects:
949 ** Errors may be incremented.
950 ** ExitStat may be set.
951 */
952
953 giveresponse(stat, m, e)
954 int stat;
955 register MAILER *m;
956 ENVELOPE *e;
957 {
958 register char *statmsg;
959 extern char *SysExMsg[];
960 register int i;
961 extern int N_SysEx, h_errno;
962 char buf[MAXLINE];
963
964 #ifdef lint
965 if (m == NULL)
966 return;
967 #endif lint
968
969 /*
970 ** Compute status message from code.
971 */
972
973 i = stat - EX__BASE;
974 if (stat == 0)
975 statmsg = "250 Sent";
976 else if (i < 0 || i > N_SysEx)
977 {
978 (void) sprintf(buf, "554 unknown mailer error %d", stat);
979 stat = EX_UNAVAILABLE;
980 statmsg = buf;
981 }
982 else if (stat == EX_TEMPFAIL)
983 {
984 (void) strcpy(buf, SysExMsg[i]);
985 if (h_errno == TRY_AGAIN)
986 {
987 extern char *errstring();
988
989 statmsg = errstring(h_errno+MAX_ERRNO);
990 }
991 else
992 {
993 if (errno != 0)
994 {
995 extern char *errstring();
996
997 statmsg = errstring(errno);
998 }
999 else
1000 {
1001 #ifdef SMTP
1002 extern char SmtpError[];
1003
1004 statmsg = SmtpError;
1005 #else SMTP
1006 statmsg = NULL;
1007 #endif SMTP
1008 }
1009 }
1010 if (statmsg != NULL && statmsg[0] != '\0')
1011 {
1012 (void) strcat(buf, ": ");
1013 (void) strcat(buf, statmsg);
1014 }
1015 statmsg = buf;
1016 }
1017 else
1018 {
1019 statmsg = SysExMsg[i];
1020 }
1021
1022 /*
1023 ** Print the message as appropriate
1024 */
1025
1026 if (stat == EX_OK || stat == EX_TEMPFAIL)
1027 message(Arpa_Info, &statmsg[4]);
1028 else
1029 {
1030 Errors++;
1031 usrerr(statmsg);
1032 }
1033
1034 /*
1035 ** Final cleanup.
1036 ** Log a record of the transaction. Compute the new
1037 ** ExitStat -- if we already had an error, stick with
1038 ** that.
1039 */
1040
1041 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1042 logdelivery(&statmsg[4]);
1043
1044 if (stat != EX_TEMPFAIL)
1045 setstat(stat);
1046 if (stat != EX_OK)
1047 {
1048 if (e->e_message != NULL)
1049 free(e->e_message);
1050 e->e_message = newstr(&statmsg[4]);
1051 }
1052 errno = 0;
1053 h_errno = 0;
1054 }
1055 �/*
1056 ** LOGDELIVERY -- log the delivery in the system log
1057 **
1058 ** Parameters:
1059 ** stat -- the message to print for the status
1060 **
1061 ** Returns:
1062 ** none
1063 **
1064 ** Side Effects:
1065 ** none
1066 */
1067
1068 logdelivery(stat)
1069 char *stat;
1070 {
1071 extern char *pintvl();
1072
1073 # ifdef LOG
1074 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1075 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1076 # endif LOG
1077 }
1078 �/*
1079 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1080 **
1081 ** This can be made an arbitrary message separator by changing $l
1082 **
1083 ** One of the ugliest hacks seen by human eyes is contained herein:
1084 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1085 ** does a well-meaning programmer such as myself have to deal with
1086 ** this kind of antique garbage????
1087 **
1088 ** Parameters:
1089 ** fp -- the file to output to.
1090 ** m -- the mailer describing this entry.
1091 **
1092 ** Returns:
1093 ** none
1094 **
1095 ** Side Effects:
1096 ** outputs some text to fp.
1097 */
1098
1099 putfromline(fp, m)
1100 register FILE *fp;
1101 register MAILER *m;
1102 {
1103 char *template = "\001l\n";
1104 char buf[MAXLINE];
1105
1106 if (bitnset(M_NHDR, m->m_flags))
1107 return;
1108
1109 # ifdef UGLYUUCP
1110 if (bitnset(M_UGLYUUCP, m->m_flags))
1111 {
1112 char *bang;
1113 char xbuf[MAXLINE];
1114
1115 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1116 bang = index(buf, '!');
1117 if (bang == NULL)
1118 syserr("No ! in UUCP! (%s)", buf);
1119 else
1120 {
1121 *bang++ = '\0';
1122 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1123 template = xbuf;
1124 }
1125 }
1126 # endif UGLYUUCP
1127 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1128 putline(buf, fp, m);
1129 }
1130 �/*
1131 ** PUTBODY -- put the body of a message.
1132 **
1133 ** Parameters:
1134 ** fp -- file to output onto.
1135 ** m -- a mailer descriptor to control output format.
1136 ** e -- the envelope to put out.
1137 **
1138 ** Returns:
1139 ** none.
1140 **
1141 ** Side Effects:
1142 ** The message is written onto fp.
1143 */
1144
1145 putbody(fp, m, e)
1146 FILE *fp;
1147 MAILER *m;
1148 register ENVELOPE *e;
1149 {
1150 char buf[MAXLINE];
1151
1152 /*
1153 ** Output the body of the message
1154 */
1155
1156 if (e->e_dfp == NULL)
1157 {
1158 if (e->e_df != NULL)
1159 {
1160 e->e_dfp = fopen(e->e_df, "r");
1161 if (e->e_dfp == NULL)
1162 syserr("Cannot open %s", e->e_df);
1163 }
1164 else
1165 putline("<<< No Message Collected >>>", fp, m);
1166 }
1167 if (e->e_dfp != NULL)
1168 {
1169 rewind(e->e_dfp);
1170 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1171 {
1172 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1173 strncmp(buf, "From", 4) == 0)
1174 (void) putc('>', fp);
1175 putline(buf, fp, m);
1176 }
1177
1178 if (ferror(e->e_dfp))
1179 {
1180 syserr("putbody: read error");
1181 ExitStat = EX_IOERR;
1182 }
1183 }
1184
1185 (void) fflush(fp);
1186 if (ferror(fp) && errno != EPIPE)
1187 {
1188 syserr("putbody: write error");
1189 ExitStat = EX_IOERR;
1190 }
1191 errno = 0;
1192 }
1193 �/*
1194 ** MAILFILE -- Send a message to a file.
1195 **
1196 ** If the file has the setuid/setgid bits set, but NO execute
1197 ** bits, sendmail will try to become the owner of that file
1198 ** rather than the real user. Obviously, this only works if
1199 ** sendmail runs as root.
1200 **
1201 ** This could be done as a subordinate mailer, except that it
1202 ** is used implicitly to save messages in ~/dead.letter. We
1203 ** view this as being sufficiently important as to include it
1204 ** here. For example, if the system is dying, we shouldn't have
1205 ** to create another process plus some pipes to save the message.
1206 **
1207 ** Parameters:
1208 ** filename -- the name of the file to send to.
1209 ** ctladdr -- the controlling address header -- includes
1210 ** the userid/groupid to be when sending.
1211 **
1212 ** Returns:
1213 ** The exit code associated with the operation.
1214 **
1215 ** Side Effects:
1216 ** none.
1217 */
1218
1219 mailfile(filename, ctladdr)
1220 char *filename;
1221 ADDRESS *ctladdr;
1222 {
1223 register FILE *f;
1224 register int pid;
1225
1226 /*
1227 ** Fork so we can change permissions here.
1228 ** Note that we MUST use fork, not vfork, because of
1229 ** the complications of calling subroutines, etc.
1230 */
1231
1232 DOFORK(fork);
1233
1234 if (pid < 0)
1235 return (EX_OSERR);
1236 else if (pid == 0)
1237 {
1238 /* child -- actually write to file */
1239 struct stat stb;
1240
1241 (void) signal(SIGINT, SIG_DFL);
1242 (void) signal(SIGHUP, SIG_DFL);
1243 (void) signal(SIGTERM, SIG_DFL);
1244 (void) umask(OldUmask);
1245 if (stat(filename, &stb) < 0)
1246 {
1247 errno = 0;
1248 stb.st_mode = 0666;
1249 }
1250 if (bitset(0111, stb.st_mode))
1251 exit(EX_CANTCREAT);
1252 if (ctladdr == NULL)
1253 ctladdr = &CurEnv->e_from;
1254 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1255 {
1256 if (ctladdr->q_uid == 0)
1257 (void) setgid(DefGid);
1258 else
1259 (void) setgid(ctladdr->q_gid);
1260 }
1261 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1262 {
1263 if (ctladdr->q_uid == 0)
1264 (void) setuid(DefUid);
1265 else
1266 (void) setuid(ctladdr->q_uid);
1267 }
1268 f = dfopen(filename, "a");
1269 if (f == NULL)
1270 exit(EX_CANTCREAT);
1271
1272 putfromline(f, ProgMailer);
1273 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1274 putline("\n", f, ProgMailer);
1275 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1276 putline("\n", f, ProgMailer);
1277 (void) fclose(f);
1278 (void) fflush(stdout);
1279
1280 /* reset ISUID & ISGID bits for paranoid systems */
1281 (void) chmod(filename, (int) stb.st_mode);
1282 exit(EX_OK);
1283 /*NOTREACHED*/
1284 }
1285 else
1286 {
1287 /* parent -- wait for exit status */
1288 int st;
1289
1290 st = waitfor(pid);
1291 if ((st & 0377) != 0)
1292 return (EX_UNAVAILABLE);
1293 else
1294 return ((st >> 8) & 0377);
1295 }
1296 }
1297 �/*
1298 ** SENDALL -- actually send all the messages.
1299 **
1300 ** Parameters:
1301 ** e -- the envelope to send.
1302 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1303 ** the current SendMode.
1304 **
1305 ** Returns:
1306 ** none.
1307 **
1308 ** Side Effects:
1309 ** Scans the send lists and sends everything it finds.
1310 ** Delivers any appropriate error messages.
1311 ** If we are running in a non-interactive mode, takes the
1312 ** appropriate action.
1313 */
1314
1315 sendall(e, mode)
1316 ENVELOPE *e;
1317 char mode;
1318 {
1319 register ADDRESS *q;
1320 bool oldverbose;
1321 int pid;
1322
1323 /* determine actual delivery mode */
1324 if (mode == SM_DEFAULT)
1325 {
1326 extern bool shouldqueue();
1327
1328 if (shouldqueue(e->e_msgpriority))
1329 mode = SM_QUEUE;
1330 else
1331 mode = SendMode;
1332 }
1333
1334 #ifdef DEBUG
1335 if (tTd(13, 1))
1336 {
1337 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1338 printaddr(e->e_sendqueue, TRUE);
1339 }
1340 #endif DEBUG
1341
1342 /*
1343 ** Do any preprocessing necessary for the mode we are running.
1344 ** Check to make sure the hop count is reasonable.
1345 ** Delete sends to the sender in mailing lists.
1346 */
1347
1348 CurEnv = e;
1349
1350 if (e->e_hopcount > MAXHOP)
1351 {
1352 syserr("sendall: too many hops (%d max)", MAXHOP);
1353 return;
1354 }
1355
1356 if (!MeToo)
1357 {
1358 extern ADDRESS *recipient();
1359
1360 e->e_from.q_flags |= QDONTSEND;
1361 (void) recipient(&e->e_from, &e->e_sendqueue);
1362 }
1363
1364 # ifdef QUEUE
1365 if ((mode == SM_QUEUE || mode == SM_FORK ||
1366 (mode != SM_VERIFY && SuperSafe)) &&
1367 !bitset(EF_INQUEUE, e->e_flags))
1368 queueup(e, TRUE, mode == SM_QUEUE);
1369 #endif QUEUE
1370
1371 oldverbose = Verbose;
1372 switch (mode)
1373 {
1374 case SM_VERIFY:
1375 Verbose = TRUE;
1376 break;
1377
1378 case SM_QUEUE:
1379 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1380 return;
1381
1382 case SM_FORK:
1383 if (e->e_xfp != NULL)
1384 (void) fflush(e->e_xfp);
1385 pid = fork();
1386 if (pid < 0)
1387 {
1388 mode = SM_DELIVER;
1389 break;
1390 }
1391 else if (pid > 0)
1392 {
1393 /* be sure we leave the temp files to our child */
1394 e->e_id = e->e_df = NULL;
1395 return;
1396 }
1397
1398 /* double fork to avoid zombies */
1399 if (fork() > 0)
1400 exit(EX_OK);
1401
1402 /* be sure we are immune from the terminal */
1403 disconnect(FALSE);
1404
1405 break;
1406 }
1407
1408 /*
1409 ** Run through the list and send everything.
1410 */
1411
1412 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1413 {
1414 if (mode == SM_VERIFY)
1415 {
1416 e->e_to = q->q_paddr;
1417 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1418 message(Arpa_Info, "deliverable");
1419 }
1420 else
1421 (void) deliver(e, q);
1422 }
1423 Verbose = oldverbose;
1424
1425 /*
1426 ** Now run through and check for errors.
1427 */
1428
1429 if (mode == SM_VERIFY)
1430 return;
1431
1432 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1433 {
1434 register ADDRESS *qq;
1435
1436 # ifdef DEBUG
1437 if (tTd(13, 3))
1438 {
1439 printf("Checking ");
1440 printaddr(q, FALSE);
1441 }
1442 # endif DEBUG
1443
1444 /* only send errors if the message failed */
1445 if (!bitset(QBADADDR, q->q_flags))
1446 continue;
1447
1448 /* we have an address that failed -- find the parent */
1449 for (qq = q; qq != NULL; qq = qq->q_alias)
1450 {
1451 char obuf[MAXNAME + 6];
1452 extern char *aliaslookup();
1453
1454 /* we can only have owners for local addresses */
1455 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1456 continue;
1457
1458 /* see if the owner list exists */
1459 (void) strcpy(obuf, "owner-");
1460 if (strncmp(qq->q_user, "owner-", 6) == 0)
1461 (void) strcat(obuf, "owner");
1462 else
1463 (void) strcat(obuf, qq->q_user);
1464 if (aliaslookup(obuf) == NULL)
1465 continue;
1466
1467 # ifdef DEBUG
1468 if (tTd(13, 4))
1469 printf("Errors to %s\n", obuf);
1470 # endif DEBUG
1471
1472 /* owner list exists -- add it to the error queue */
1473 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1474 ErrorMode = EM_MAIL;
1475 break;
1476 }
1477
1478 /* if we did not find an owner, send to the sender */
1479 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1480 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1481 }
1482
1483 if (mode == SM_FORK)
1484 finis();
1485 }
1486