1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)envelope.c 5.31 (Berkeley) 09/09/92"; 11 #endif /* not lint */ 12 13 #include <sys/types.h> 14 #include <sys/time.h> 15 #include <sys/stat.h> 16 #include <pwd.h> 17 #include <sys/file.h> 18 #include "sendmail.h" 19 20 /* 21 ** NEWENVELOPE -- allocate a new envelope 22 ** 23 ** Supports inheritance. 24 ** 25 ** Parameters: 26 ** e -- the new envelope to fill in. 27 ** 28 ** Returns: 29 ** e. 30 ** 31 ** Side Effects: 32 ** none. 33 */ 34 35 ENVELOPE * 36 newenvelope(e) 37 register ENVELOPE *e; 38 { 39 register ENVELOPE *parent; 40 extern putheader(), putbody(); 41 extern ENVELOPE BlankEnvelope; 42 43 parent = CurEnv; 44 if (e == CurEnv && e->e_parent != NULL) 45 parent = e->e_parent; 46 clearenvelope(e, TRUE); 47 if (e == CurEnv) 48 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from); 49 else 50 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from); 51 e->e_parent = parent; 52 e->e_ctime = curtime(); 53 if (parent != NULL) 54 e->e_msgpriority = parent->e_msgsize; 55 e->e_puthdr = putheader; 56 e->e_putbody = putbody; 57 if (CurEnv->e_xfp != NULL) 58 (void) fflush(CurEnv->e_xfp); 59 60 return (e); 61 } 62 /* 63 ** DROPENVELOPE -- deallocate an envelope. 64 ** 65 ** Parameters: 66 ** e -- the envelope to deallocate. 67 ** 68 ** Returns: 69 ** none. 70 ** 71 ** Side Effects: 72 ** housekeeping necessary to dispose of an envelope. 73 ** Unlocks this queue file. 74 */ 75 76 dropenvelope(e) 77 register ENVELOPE *e; 78 { 79 bool queueit = FALSE; 80 register ADDRESS *q; 81 82 if (tTd(50, 1)) 83 { 84 printf("dropenvelope %x id=", e); 85 xputs(e->e_id); 86 printf(" flags=%o\n", e->e_flags); 87 } 88 #ifdef LOG 89 if (LogLevel > 12) 90 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d", 91 e->e_id == NULL ? "(none)" : e->e_id, 92 e->e_flags, getpid()); 93 #endif LOG 94 95 /* we must have an id to remove disk files */ 96 if (e->e_id == NULL) 97 return; 98 99 /* 100 ** Extract state information from dregs of send list. 101 */ 102 103 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 104 { 105 if (bitset(QQUEUEUP, q->q_flags)) 106 queueit = TRUE; 107 } 108 109 /* 110 ** Send back return receipts as requested. 111 */ 112 113 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags)) 114 { 115 auto ADDRESS *rlist = NULL; 116 117 sendtolist(e->e_receiptto, (ADDRESS *) NULL, &rlist, e); 118 (void) returntosender("Return receipt", rlist, FALSE, e); 119 } 120 121 /* 122 ** Arrange to send error messages if there are fatal errors. 123 */ 124 125 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET) 126 savemail(e); 127 128 /* 129 ** Instantiate or deinstantiate the queue. 130 */ 131 132 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) || 133 bitset(EF_CLRQUEUE, e->e_flags)) 134 { 135 if (e->e_df != NULL) 136 xunlink(e->e_df); 137 xunlink(queuename(e, 'q')); 138 } 139 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 140 { 141 #ifdef QUEUE 142 queueup(e, FALSE, FALSE); 143 #else QUEUE 144 syserr("dropenvelope: queueup"); 145 #endif QUEUE 146 } 147 148 /* now unlock the job */ 149 closexscript(e); 150 unlockqueue(e); 151 152 /* make sure that this envelope is marked unused */ 153 e->e_id = e->e_df = NULL; 154 if (e->e_dfp != NULL) 155 (void) fclose(e->e_dfp); 156 e->e_dfp = NULL; 157 } 158 /* 159 ** CLEARENVELOPE -- clear an envelope without unlocking 160 ** 161 ** This is normally used by a child process to get a clean 162 ** envelope without disturbing the parent. 163 ** 164 ** Parameters: 165 ** e -- the envelope to clear. 166 ** fullclear - if set, the current envelope is total 167 ** garbage and should be ignored; otherwise, 168 ** release any resources it may indicate. 169 ** 170 ** Returns: 171 ** none. 172 ** 173 ** Side Effects: 174 ** Closes files associated with the envelope. 175 ** Marks the envelope as unallocated. 176 */ 177 178 clearenvelope(e, fullclear) 179 register ENVELOPE *e; 180 bool fullclear; 181 { 182 register HDR *bh; 183 register HDR **nhp; 184 extern ENVELOPE BlankEnvelope; 185 186 if (!fullclear) 187 { 188 /* clear out any file information */ 189 if (e->e_xfp != NULL) 190 (void) fclose(e->e_xfp); 191 if (e->e_dfp != NULL) 192 (void) fclose(e->e_dfp); 193 } 194 195 /* now clear out the data */ 196 STRUCTCOPY(BlankEnvelope, *e); 197 bh = BlankEnvelope.e_header; 198 nhp = &e->e_header; 199 while (bh != NULL) 200 { 201 *nhp = (HDR *) xalloc(sizeof *bh); 202 bcopy((char *) bh, (char *) *nhp, sizeof *bh); 203 bh = bh->h_link; 204 nhp = &(*nhp)->h_link; 205 } 206 } 207 /* 208 ** INITSYS -- initialize instantiation of system 209 ** 210 ** In Daemon mode, this is done in the child. 211 ** 212 ** Parameters: 213 ** none. 214 ** 215 ** Returns: 216 ** none. 217 ** 218 ** Side Effects: 219 ** Initializes the system macros, some global variables, 220 ** etc. In particular, the current time in various 221 ** forms is set. 222 */ 223 224 initsys(e) 225 register ENVELOPE *e; 226 { 227 static char cbuf[5]; /* holds hop count */ 228 static char pbuf[10]; /* holds pid */ 229 #ifdef TTYNAME 230 static char ybuf[10]; /* holds tty id */ 231 register char *p; 232 #endif TTYNAME 233 extern char *ttyname(); 234 extern char *macvalue(); 235 extern char Version[]; 236 237 /* 238 ** Give this envelope a reality. 239 ** I.e., an id, a transcript, and a creation time. 240 */ 241 242 openxscript(e); 243 e->e_ctime = curtime(); 244 245 /* 246 ** Set OutChannel to something useful if stdout isn't it. 247 ** This arranges that any extra stuff the mailer produces 248 ** gets sent back to the user on error (because it is 249 ** tucked away in the transcript). 250 */ 251 252 if (OpMode == MD_DAEMON && QueueRun) 253 OutChannel = e->e_xfp; 254 255 /* 256 ** Set up some basic system macros. 257 */ 258 259 /* process id */ 260 (void) sprintf(pbuf, "%d", getpid()); 261 define('p', pbuf, e); 262 263 /* hop count */ 264 (void) sprintf(cbuf, "%d", e->e_hopcount); 265 define('c', cbuf, e); 266 267 /* time as integer, unix time, arpa time */ 268 settime(e); 269 270 #ifdef TTYNAME 271 /* tty name */ 272 if (macvalue('y', e) == NULL) 273 { 274 p = ttyname(2); 275 if (p != NULL) 276 { 277 if (rindex(p, '/') != NULL) 278 p = rindex(p, '/') + 1; 279 (void) strcpy(ybuf, p); 280 define('y', ybuf, e); 281 } 282 } 283 #endif TTYNAME 284 } 285 /* 286 ** SETTIME -- set the current time. 287 ** 288 ** Parameters: 289 ** none. 290 ** 291 ** Returns: 292 ** none. 293 ** 294 ** Side Effects: 295 ** Sets the various time macros -- $a, $b, $d, $t. 296 */ 297 298 settime(e) 299 register ENVELOPE *e; 300 { 301 register char *p; 302 auto time_t now; 303 static char tbuf[20]; /* holds "current" time */ 304 static char dbuf[30]; /* holds ctime(tbuf) */ 305 register struct tm *tm; 306 extern char *arpadate(); 307 extern struct tm *gmtime(); 308 extern char *macvalue(); 309 310 now = curtime(); 311 tm = gmtime(&now); 312 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1, 313 tm->tm_mday, tm->tm_hour, tm->tm_min); 314 define('t', tbuf, e); 315 (void) strcpy(dbuf, ctime(&now)); 316 *index(dbuf, '\n') = '\0'; 317 if (macvalue('d', e) == NULL) 318 define('d', dbuf, e); 319 p = newstr(arpadate(dbuf)); 320 if (macvalue('a', e) == NULL) 321 define('a', p, e); 322 define('b', p, e); 323 } 324 /* 325 ** OPENXSCRIPT -- Open transcript file 326 ** 327 ** Creates a transcript file for possible eventual mailing or 328 ** sending back. 329 ** 330 ** Parameters: 331 ** e -- the envelope to create the transcript in/for. 332 ** 333 ** Returns: 334 ** none 335 ** 336 ** Side Effects: 337 ** Creates the transcript file. 338 */ 339 340 openxscript(e) 341 register ENVELOPE *e; 342 { 343 register char *p; 344 int fd; 345 346 # ifdef LOG 347 if (LogLevel > 19) 348 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)"); 349 # endif LOG 350 if (e->e_xfp != NULL) 351 return; 352 p = queuename(e, 'x'); 353 fd = open(p, O_WRONLY|O_CREAT, 0644); 354 if (fd < 0) 355 syserr("Can't create %s", p); 356 else 357 e->e_xfp = fdopen(fd, "w"); 358 } 359 /* 360 ** CLOSEXSCRIPT -- close the transcript file. 361 ** 362 ** Parameters: 363 ** e -- the envelope containing the transcript to close. 364 ** 365 ** Returns: 366 ** none. 367 ** 368 ** Side Effects: 369 ** none. 370 */ 371 372 closexscript(e) 373 register ENVELOPE *e; 374 { 375 if (e->e_xfp == NULL) 376 return; 377 (void) fclose(e->e_xfp); 378 e->e_xfp = NULL; 379 } 380 /* 381 ** SETSENDER -- set the person who this message is from 382 ** 383 ** Under certain circumstances allow the user to say who 384 ** s/he is (using -f or -r). These are: 385 ** 1. The user's uid is zero (root). 386 ** 2. The user's login name is in an approved list (typically 387 ** from a network server). 388 ** 3. The address the user is trying to claim has a 389 ** "!" character in it (since #2 doesn't do it for 390 ** us if we are dialing out for UUCP). 391 ** A better check to replace #3 would be if the 392 ** effective uid is "UUCP" -- this would require me 393 ** to rewrite getpwent to "grab" uucp as it went by, 394 ** make getname more nasty, do another passwd file 395 ** scan, or compile the UID of "UUCP" into the code, 396 ** all of which are reprehensible. 397 ** 398 ** Assuming all of these fail, we figure out something 399 ** ourselves. 400 ** 401 ** Parameters: 402 ** from -- the person we would like to believe this message 403 ** is from, as specified on the command line. 404 ** e -- the envelope in which we would like the sender set. 405 ** 406 ** Returns: 407 ** none. 408 ** 409 ** Side Effects: 410 ** sets sendmail's notion of who the from person is. 411 */ 412 413 setsender(from, e) 414 char *from; 415 register ENVELOPE *e; 416 { 417 register char **pvp; 418 char *realname = NULL; 419 register struct passwd *pw; 420 char buf[MAXNAME]; 421 char pvpbuf[PSBUFSIZE]; 422 extern struct passwd *getpwnam(); 423 extern char *macvalue(); 424 extern char **prescan(); 425 extern bool safefile(); 426 extern char *FullName; 427 428 if (tTd(45, 1)) 429 printf("setsender(%s)\n", from == NULL ? "" : from); 430 431 /* 432 ** Figure out the real user executing us. 433 ** Username can return errno != 0 on non-errors. 434 */ 435 436 if (QueueRun || OpMode == MD_SMTP) 437 realname = from; 438 if (realname == NULL || realname[0] == '\0') 439 { 440 extern char *username(); 441 442 realname = username(); 443 } 444 445 /* 446 ** Determine if this real person is allowed to alias themselves. 447 */ 448 449 if (from != NULL) 450 { 451 extern bool trusteduser(); 452 453 if (!trusteduser(realname) && getuid() != geteuid() && 454 index(from, '!') == NULL && getuid() != 0) 455 { 456 /* network sends -r regardless (why why why?) */ 457 /* syserr("%s, you cannot use the -f flag", realname); */ 458 from = NULL; 459 } 460 } 461 462 SuprErrs = TRUE; 463 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0', e) == NULL) 464 { 465 /* log garbage addresses for traceback */ 466 # ifdef LOG 467 if (from != NULL && LogLevel >= 1) 468 { 469 char *host = RealHostName; 470 471 if (host == NULL) 472 host = MyHostName; 473 syslog(LOG_NOTICE, 474 "from=%s unparseable, received from %s@%s", 475 from, realname, host); 476 } 477 # endif LOG 478 from = newstr(realname); 479 if (parseaddr(from, &e->e_from, 1, '\0', e) == NULL && 480 parseaddr("postmaster", &e->e_from, 1, '\0', e) == NULL) 481 { 482 syserr("setsender: can't even parse postmaster!"); 483 } 484 } 485 else 486 FromFlag = TRUE; 487 e->e_from.q_flags |= QDONTSEND; 488 loweraddr(&e->e_from); 489 SuprErrs = FALSE; 490 491 pvp = NULL; 492 if (e->e_from.q_mailer == LocalMailer) 493 { 494 # ifdef USERDB 495 register char *p; 496 extern char *udbsender(); 497 # endif 498 499 /* if the user has given fullname already, don't redefine */ 500 if (FullName == NULL) 501 FullName = macvalue('x', e); 502 if (FullName != NULL && FullName[0] == '\0') 503 FullName = NULL; 504 505 # ifdef USERDB 506 p = udbsender(from); 507 508 if (p != NULL) 509 { 510 /* 511 ** We have an alternate address for the sender 512 */ 513 514 pvp = prescan(p, '\0', pvpbuf); 515 } 516 # endif /* USERDB */ 517 518 if ((pw = getpwnam(e->e_from.q_user)) != NULL) 519 { 520 /* 521 ** Process passwd file entry. 522 */ 523 524 525 /* extract home directory */ 526 e->e_from.q_home = newstr(pw->pw_dir); 527 define('z', e->e_from.q_home, e); 528 529 /* extract user and group id */ 530 e->e_from.q_uid = pw->pw_uid; 531 e->e_from.q_gid = pw->pw_gid; 532 533 /* extract full name from passwd file */ 534 if (FullName == NULL && pw->pw_gecos != NULL && 535 strcmp(pw->pw_name, e->e_from.q_user) == 0) 536 { 537 buildfname(pw->pw_gecos, e->e_from.q_user, buf); 538 if (buf[0] != '\0') 539 FullName = newstr(buf); 540 } 541 } 542 if (FullName != NULL) 543 define('x', FullName, e); 544 } 545 else 546 { 547 if (e->e_from.q_home == NULL) 548 e->e_from.q_home = getenv("HOME"); 549 e->e_from.q_uid = getuid(); 550 e->e_from.q_gid = getgid(); 551 } 552 553 /* 554 ** Rewrite the from person to dispose of possible implicit 555 ** links in the net. 556 */ 557 558 if (pvp == NULL) 559 pvp = prescan(from, '\0', pvpbuf); 560 if (pvp == NULL) 561 { 562 # ifdef LOG 563 if (LogLevel >= 1) 564 syslog(LOG_NOTICE, "cannot prescan from (%s)", from); 565 # endif 566 usrerr("cannot prescan from (%s)", from); 567 finis(); 568 } 569 rewrite(pvp, 3); 570 rewrite(pvp, 1); 571 rewrite(pvp, 4); 572 cataddr(pvp, buf, sizeof buf); 573 e->e_sender = e->e_returnpath = newstr(buf); 574 575 define('f', e->e_sender, e); 576 577 /* save the domain spec if this mailer wants it */ 578 if (e->e_from.q_mailer != NULL && 579 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) 580 { 581 extern char **copyplist(); 582 583 while (*pvp != NULL && strcmp(*pvp, "@") != 0) 584 pvp++; 585 if (*pvp != NULL) 586 e->e_fromdomain = copyplist(pvp, TRUE); 587 } 588 } 589 /* 590 ** TRUSTEDUSER -- tell us if this user is to be trusted. 591 ** 592 ** Parameters: 593 ** user -- the user to be checked. 594 ** 595 ** Returns: 596 ** TRUE if the user is in an approved list. 597 ** FALSE otherwise. 598 ** 599 ** Side Effects: 600 ** none. 601 */ 602 603 bool 604 trusteduser(user) 605 char *user; 606 { 607 register char **ulist; 608 extern char *TrustedUsers[]; 609 610 for (ulist = TrustedUsers; *ulist != NULL; ulist++) 611 if (strcmp(*ulist, user) == 0) 612 return (TRUE); 613 return (FALSE); 614 } 615