1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms are permitted 7 * provided that the above copyright notice and this paragraph are 8 * duplicated in all such forms and that any documentation, 9 * advertising materials, and other materials related to such 10 * distribution and use acknowledge that the software was developed 11 * by the University of California, Berkeley. The name of the 12 * University may not be used to endorse or promote products derived 13 * from this software without specific prior written permission. 14 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 16 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 17 */ 18 19 #ifndef lint 20 static char sccsid[] = "@(#)envelope.c 5.17 (Berkeley) 11/17/88"; 21 #endif /* not lint */ 22 23 #include <pwd.h> 24 #include <sys/time.h> 25 #include "sendmail.h" 26 #include <sys/stat.h> 27 28 /* 29 ** NEWENVELOPE -- allocate a new envelope 30 ** 31 ** Supports inheritance. 32 ** 33 ** Parameters: 34 ** e -- the new envelope to fill in. 35 ** 36 ** Returns: 37 ** e. 38 ** 39 ** Side Effects: 40 ** none. 41 */ 42 43 ENVELOPE * 44 newenvelope(e) 45 register ENVELOPE *e; 46 { 47 register ENVELOPE *parent; 48 extern putheader(), putbody(); 49 extern ENVELOPE BlankEnvelope; 50 51 parent = CurEnv; 52 if (e == CurEnv) 53 parent = e->e_parent; 54 clearenvelope(e, TRUE); 55 if (e == CurEnv) 56 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from); 57 else 58 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from); 59 e->e_parent = parent; 60 e->e_ctime = curtime(); 61 e->e_msgpriority = parent->e_msgsize; 62 e->e_puthdr = putheader; 63 e->e_putbody = putbody; 64 if (CurEnv->e_xfp != NULL) 65 (void) fflush(CurEnv->e_xfp); 66 67 return (e); 68 } 69 /* 70 ** DROPENVELOPE -- deallocate an envelope. 71 ** 72 ** Parameters: 73 ** e -- the envelope to deallocate. 74 ** 75 ** Returns: 76 ** none. 77 ** 78 ** Side Effects: 79 ** housekeeping necessary to dispose of an envelope. 80 ** Unlocks this queue file. 81 */ 82 83 dropenvelope(e) 84 register ENVELOPE *e; 85 { 86 bool queueit = FALSE; 87 register ADDRESS *q; 88 89 #ifdef DEBUG 90 if (tTd(50, 1)) 91 { 92 printf("dropenvelope %x id=", e); 93 xputs(e->e_id); 94 printf(" flags=%o\n", e->e_flags); 95 } 96 #endif DEBUG 97 #ifdef LOG 98 if (LogLevel > 10) 99 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d", 100 e->e_id == NULL ? "(none)" : e->e_id, 101 e->e_flags, getpid()); 102 #endif LOG 103 104 /* we must have an id to remove disk files */ 105 if (e->e_id == NULL) 106 return; 107 108 /* 109 ** Extract state information from dregs of send list. 110 */ 111 112 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 113 { 114 if (bitset(QQUEUEUP, q->q_flags)) 115 queueit = TRUE; 116 } 117 118 /* 119 ** Send back return receipts as requested. 120 */ 121 122 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags)) 123 { 124 auto ADDRESS *rlist = NULL; 125 126 sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist); 127 (void) returntosender("Return receipt", rlist, FALSE); 128 } 129 130 /* 131 ** Arrange to send error messages if there are fatal errors. 132 */ 133 134 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET) 135 savemail(e); 136 137 /* 138 ** Instantiate or deinstantiate the queue. 139 */ 140 141 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) || 142 bitset(EF_CLRQUEUE, e->e_flags)) 143 { 144 if (e->e_df != NULL) 145 xunlink(e->e_df); 146 xunlink(queuename(e, 'q')); 147 } 148 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 149 { 150 #ifdef QUEUE 151 queueup(e, FALSE, FALSE); 152 #else QUEUE 153 syserr("dropenvelope: queueup"); 154 #endif QUEUE 155 } 156 157 /* now unlock the job */ 158 closexscript(e); 159 unlockqueue(e); 160 161 /* make sure that this envelope is marked unused */ 162 e->e_id = e->e_df = NULL; 163 if (e->e_dfp != NULL) 164 (void) fclose(e->e_dfp); 165 e->e_dfp = NULL; 166 } 167 /* 168 ** CLEARENVELOPE -- clear an envelope without unlocking 169 ** 170 ** This is normally used by a child process to get a clean 171 ** envelope without disturbing the parent. 172 ** 173 ** Parameters: 174 ** e -- the envelope to clear. 175 ** fullclear - if set, the current envelope is total 176 ** garbage and should be ignored; otherwise, 177 ** release any resources it may indicate. 178 ** 179 ** Returns: 180 ** none. 181 ** 182 ** Side Effects: 183 ** Closes files associated with the envelope. 184 ** Marks the envelope as unallocated. 185 */ 186 187 clearenvelope(e, fullclear) 188 register ENVELOPE *e; 189 bool fullclear; 190 { 191 register HDR *bh; 192 register HDR **nhp; 193 extern ENVELOPE BlankEnvelope; 194 195 if (!fullclear) 196 { 197 /* clear out any file information */ 198 if (e->e_xfp != NULL) 199 (void) fclose(e->e_xfp); 200 if (e->e_dfp != NULL) 201 (void) fclose(e->e_dfp); 202 } 203 204 /* now clear out the data */ 205 STRUCTCOPY(BlankEnvelope, *e); 206 bh = BlankEnvelope.e_header; 207 nhp = &e->e_header; 208 while (bh != NULL) 209 { 210 *nhp = (HDR *) xalloc(sizeof *bh); 211 bcopy((char *) bh, (char *) *nhp, sizeof *bh); 212 bh = bh->h_link; 213 nhp = &(*nhp)->h_link; 214 } 215 } 216 /* 217 ** INITSYS -- initialize instantiation of system 218 ** 219 ** In Daemon mode, this is done in the child. 220 ** 221 ** Parameters: 222 ** none. 223 ** 224 ** Returns: 225 ** none. 226 ** 227 ** Side Effects: 228 ** Initializes the system macros, some global variables, 229 ** etc. In particular, the current time in various 230 ** forms is set. 231 */ 232 233 initsys() 234 { 235 static char cbuf[5]; /* holds hop count */ 236 static char pbuf[10]; /* holds pid */ 237 #ifdef TTYNAME 238 static char ybuf[10]; /* holds tty id */ 239 register char *p; 240 #endif TTYNAME 241 extern char *ttyname(); 242 extern char *macvalue(); 243 extern char Version[]; 244 245 /* 246 ** Give this envelope a reality. 247 ** I.e., an id, a transcript, and a creation time. 248 */ 249 250 openxscript(CurEnv); 251 CurEnv->e_ctime = curtime(); 252 253 /* 254 ** Set OutChannel to something useful if stdout isn't it. 255 ** This arranges that any extra stuff the mailer produces 256 ** gets sent back to the user on error (because it is 257 ** tucked away in the transcript). 258 */ 259 260 if (OpMode == MD_DAEMON && QueueRun) 261 OutChannel = CurEnv->e_xfp; 262 263 /* 264 ** Set up some basic system macros. 265 */ 266 267 /* process id */ 268 (void) sprintf(pbuf, "%d", getpid()); 269 define('p', pbuf, CurEnv); 270 271 /* hop count */ 272 (void) sprintf(cbuf, "%d", CurEnv->e_hopcount); 273 define('c', cbuf, CurEnv); 274 275 /* time as integer, unix time, arpa time */ 276 settime(); 277 278 #ifdef TTYNAME 279 /* tty name */ 280 if (macvalue('y', CurEnv) == NULL) 281 { 282 p = ttyname(2); 283 if (p != NULL) 284 { 285 if (rindex(p, '/') != NULL) 286 p = rindex(p, '/') + 1; 287 (void) strcpy(ybuf, p); 288 define('y', ybuf, CurEnv); 289 } 290 } 291 #endif TTYNAME 292 } 293 /* 294 ** SETTIME -- set the current time. 295 ** 296 ** Parameters: 297 ** none. 298 ** 299 ** Returns: 300 ** none. 301 ** 302 ** Side Effects: 303 ** Sets the various time macros -- $a, $b, $d, $t. 304 */ 305 306 settime() 307 { 308 register char *p; 309 auto time_t now; 310 static char tbuf[20]; /* holds "current" time */ 311 static char dbuf[30]; /* holds ctime(tbuf) */ 312 register struct tm *tm; 313 extern char *arpadate(); 314 extern struct tm *gmtime(); 315 extern char *macvalue(); 316 317 now = curtime(); 318 tm = gmtime(&now); 319 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1, 320 tm->tm_mday, tm->tm_hour, tm->tm_min); 321 define('t', tbuf, CurEnv); 322 (void) strcpy(dbuf, ctime(&now)); 323 *index(dbuf, '\n') = '\0'; 324 if (macvalue('d', CurEnv) == NULL) 325 define('d', dbuf, CurEnv); 326 p = newstr(arpadate(dbuf)); 327 if (macvalue('a', CurEnv) == NULL) 328 define('a', p, CurEnv); 329 define('b', p, CurEnv); 330 } 331 /* 332 ** OPENXSCRIPT -- Open transcript file 333 ** 334 ** Creates a transcript file for possible eventual mailing or 335 ** sending back. 336 ** 337 ** Parameters: 338 ** e -- the envelope to create the transcript in/for. 339 ** 340 ** Returns: 341 ** none 342 ** 343 ** Side Effects: 344 ** Creates the transcript file. 345 */ 346 347 openxscript(e) 348 register ENVELOPE *e; 349 { 350 register char *p; 351 352 # ifdef LOG 353 if (LogLevel > 19) 354 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)"); 355 # endif LOG 356 if (e->e_xfp != NULL) 357 return; 358 p = queuename(e, 'x'); 359 e->e_xfp = fopen(p, "w"); 360 if (e->e_xfp == NULL) 361 syserr("Can't create %s", p); 362 else 363 (void) chmod(p, 0644); 364 } 365 /* 366 ** CLOSEXSCRIPT -- close the transcript file. 367 ** 368 ** Parameters: 369 ** e -- the envelope containing the transcript to close. 370 ** 371 ** Returns: 372 ** none. 373 ** 374 ** Side Effects: 375 ** none. 376 */ 377 378 closexscript(e) 379 register ENVELOPE *e; 380 { 381 if (e->e_xfp == NULL) 382 return; 383 (void) fclose(e->e_xfp); 384 e->e_xfp = NULL; 385 } 386 /* 387 ** SETSENDER -- set the person who this message is from 388 ** 389 ** Under certain circumstances allow the user to say who 390 ** s/he is (using -f or -r). These are: 391 ** 1. The user's uid is zero (root). 392 ** 2. The user's login name is in an approved list (typically 393 ** from a network server). 394 ** 3. The address the user is trying to claim has a 395 ** "!" character in it (since #2 doesn't do it for 396 ** us if we are dialing out for UUCP). 397 ** A better check to replace #3 would be if the 398 ** effective uid is "UUCP" -- this would require me 399 ** to rewrite getpwent to "grab" uucp as it went by, 400 ** make getname more nasty, do another passwd file 401 ** scan, or compile the UID of "UUCP" into the code, 402 ** all of which are reprehensible. 403 ** 404 ** Assuming all of these fail, we figure out something 405 ** ourselves. 406 ** 407 ** Parameters: 408 ** from -- the person we would like to believe this message 409 ** is from, as specified on the command line. 410 ** 411 ** Returns: 412 ** none. 413 ** 414 ** Side Effects: 415 ** sets sendmail's notion of who the from person is. 416 */ 417 418 setsender(from) 419 char *from; 420 { 421 register char **pvp; 422 char *realname = NULL; 423 register struct passwd *pw; 424 char buf[MAXNAME]; 425 char pvpbuf[PSBUFSIZE]; 426 extern struct passwd *getpwnam(); 427 extern char *macvalue(); 428 extern char **prescan(); 429 extern bool safefile(); 430 extern char *FullName; 431 432 # ifdef DEBUG 433 if (tTd(45, 1)) 434 printf("setsender(%s)\n", from == NULL ? "" : from); 435 # endif DEBUG 436 437 /* 438 ** Figure out the real user executing us. 439 ** Username can return errno != 0 on non-errors. 440 */ 441 442 if (QueueRun || OpMode == MD_SMTP || OpMode == MD_ARPAFTP) 443 realname = from; 444 if (realname == NULL || realname[0] == '\0') 445 { 446 extern char *username(); 447 448 realname = username(); 449 } 450 451 /* 452 ** Determine if this real person is allowed to alias themselves. 453 */ 454 455 if (from != NULL) 456 { 457 extern bool trusteduser(); 458 459 if (!trusteduser(realname) && getuid() != geteuid() && 460 index(from, '!') == NULL && getuid() != 0) 461 { 462 /* network sends -r regardless (why why why?) */ 463 /* syserr("%s, you cannot use the -f flag", realname); */ 464 from = NULL; 465 } 466 } 467 468 SuprErrs = TRUE; 469 if (from == NULL || parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL) 470 { 471 /* log garbage addresses for traceback */ 472 if (from != NULL) 473 { 474 # ifdef LOG 475 if (LogLevel >= 1) 476 if (realname == from && RealHostName != NULL) 477 syslog(LOG_NOTICE, 478 "from=%s unparseable, received from %s", 479 from, RealHostName); 480 else 481 syslog(LOG_NOTICE, 482 "Unparseable username %s wants from=%s", 483 realname, from); 484 # endif LOG 485 } 486 from = newstr(realname); 487 if (parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL && 488 parseaddr("postmaster", &CurEnv->e_from, 1, '\0') == NULL) 489 { 490 syserr("setsender: can't even parse postmaster!"); 491 } 492 } 493 else 494 FromFlag = TRUE; 495 CurEnv->e_from.q_flags |= QDONTSEND; 496 loweraddr(&CurEnv->e_from); 497 SuprErrs = FALSE; 498 499 if (CurEnv->e_from.q_mailer == LocalMailer && 500 (pw = getpwnam(CurEnv->e_from.q_user)) != NULL) 501 { 502 /* 503 ** Process passwd file entry. 504 */ 505 506 507 /* extract home directory */ 508 CurEnv->e_from.q_home = newstr(pw->pw_dir); 509 define('z', CurEnv->e_from.q_home, CurEnv); 510 511 /* extract user and group id */ 512 CurEnv->e_from.q_uid = pw->pw_uid; 513 CurEnv->e_from.q_gid = pw->pw_gid; 514 515 /* if the user has given fullname already, don't redefine */ 516 if (FullName == NULL) 517 FullName = macvalue('x', CurEnv); 518 if (FullName != NULL && FullName[0] == '\0') 519 FullName = NULL; 520 521 /* extract full name from passwd file */ 522 if (FullName == NULL && pw->pw_gecos != NULL && 523 strcmp(pw->pw_name, CurEnv->e_from.q_user) == 0) 524 { 525 buildfname(pw->pw_gecos, CurEnv->e_from.q_user, buf); 526 if (buf[0] != '\0') 527 FullName = newstr(buf); 528 } 529 if (FullName != NULL) 530 define('x', FullName, CurEnv); 531 } 532 else 533 { 534 if (CurEnv->e_from.q_home == NULL) 535 CurEnv->e_from.q_home = getenv("HOME"); 536 CurEnv->e_from.q_uid = getuid(); 537 CurEnv->e_from.q_gid = getgid(); 538 } 539 540 if (CurEnv->e_from.q_uid != 0) 541 { 542 DefUid = CurEnv->e_from.q_uid; 543 DefGid = CurEnv->e_from.q_gid; 544 } 545 546 /* 547 ** Rewrite the from person to dispose of possible implicit 548 ** links in the net. 549 */ 550 551 pvp = prescan(from, '\0', pvpbuf); 552 if (pvp == NULL) 553 { 554 # ifdef LOG 555 if (LogLevel >= 1) 556 syslog(LOG_NOTICE, "cannot prescan from (%s)", from); 557 # endif 558 usrerr("cannot prescan from (%s)", from); 559 finis(); 560 } 561 rewrite(pvp, 3); 562 rewrite(pvp, 1); 563 rewrite(pvp, 4); 564 cataddr(pvp, buf, sizeof buf); 565 define('f', newstr(buf), CurEnv); 566 567 /* save the domain spec if this mailer wants it */ 568 if (CurEnv->e_from.q_mailer != NULL && 569 bitnset(M_CANONICAL, CurEnv->e_from.q_mailer->m_flags)) 570 { 571 extern char **copyplist(); 572 573 while (*pvp != NULL && strcmp(*pvp, "@") != 0) 574 pvp++; 575 if (*pvp != NULL) 576 CurEnv->e_fromdomain = copyplist(pvp, TRUE); 577 } 578 } 579 /* 580 ** TRUSTEDUSER -- tell us if this user is to be trusted. 581 ** 582 ** Parameters: 583 ** user -- the user to be checked. 584 ** 585 ** Returns: 586 ** TRUE if the user is in an approved list. 587 ** FALSE otherwise. 588 ** 589 ** Side Effects: 590 ** none. 591 */ 592 593 bool 594 trusteduser(user) 595 char *user; 596 { 597 register char **ulist; 598 extern char *TrustedUsers[]; 599 600 for (ulist = TrustedUsers; *ulist != NULL; ulist++) 601 if (strcmp(*ulist, user) == 0) 602 return (TRUE); 603 return (FALSE); 604 } 605