1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)envelope.c 5.27 (Berkeley) 05/29/92";
11 #endif /* not lint */
12
13 #include <sys/types.h>
14 #include <sys/time.h>
15 #include <sys/stat.h>
16 #include <pwd.h>
17 #include <sys/file.h>
18 #include "sendmail.h"
19
20 /*
21 ** NEWENVELOPE -- allocate a new envelope
22 **
23 ** Supports inheritance.
24 **
25 ** Parameters:
26 ** e -- the new envelope to fill in.
27 **
28 ** Returns:
29 ** e.
30 **
31 ** Side Effects:
32 ** none.
33 */
34
35 ENVELOPE *
36 newenvelope(e)
37 register ENVELOPE *e;
38 {
39 register ENVELOPE *parent;
40 extern putheader(), putbody();
41 extern ENVELOPE BlankEnvelope;
42
43 parent = CurEnv;
44 if (e == CurEnv)
45 parent = e->e_parent;
46 clearenvelope(e, TRUE);
47 if (e == CurEnv)
48 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
49 else
50 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
51 e->e_parent = parent;
52 e->e_ctime = curtime();
53 e->e_msgpriority = parent->e_msgsize;
54 e->e_puthdr = putheader;
55 e->e_putbody = putbody;
56 if (CurEnv->e_xfp != NULL)
57 (void) fflush(CurEnv->e_xfp);
58
59 return (e);
60 }
61 �/*
62 ** DROPENVELOPE -- deallocate an envelope.
63 **
64 ** Parameters:
65 ** e -- the envelope to deallocate.
66 **
67 ** Returns:
68 ** none.
69 **
70 ** Side Effects:
71 ** housekeeping necessary to dispose of an envelope.
72 ** Unlocks this queue file.
73 */
74
75 dropenvelope(e)
76 register ENVELOPE *e;
77 {
78 bool queueit = FALSE;
79 register ADDRESS *q;
80
81 if (tTd(50, 1))
82 {
83 printf("dropenvelope %x id=", e);
84 xputs(e->e_id);
85 printf(" flags=%o\n", e->e_flags);
86 }
87 #ifdef LOG
88 if (LogLevel > 10)
89 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
90 e->e_id == NULL ? "(none)" : e->e_id,
91 e->e_flags, getpid());
92 #endif LOG
93
94 /* we must have an id to remove disk files */
95 if (e->e_id == NULL)
96 return;
97
98 /*
99 ** Extract state information from dregs of send list.
100 */
101
102 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
103 {
104 if (bitset(QQUEUEUP, q->q_flags))
105 queueit = TRUE;
106 }
107
108 /*
109 ** Send back return receipts as requested.
110 */
111
112 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
113 {
114 auto ADDRESS *rlist = NULL;
115
116 sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist);
117 (void) returntosender("Return receipt", rlist, FALSE);
118 }
119
120 /*
121 ** Arrange to send error messages if there are fatal errors.
122 */
123
124 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET)
125 savemail(e);
126
127 /*
128 ** Instantiate or deinstantiate the queue.
129 */
130
131 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
132 bitset(EF_CLRQUEUE, e->e_flags))
133 {
134 if (e->e_df != NULL)
135 xunlink(e->e_df);
136 xunlink(queuename(e, 'q'));
137 }
138 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
139 {
140 #ifdef QUEUE
141 queueup(e, FALSE, FALSE);
142 #else QUEUE
143 syserr("dropenvelope: queueup");
144 #endif QUEUE
145 }
146
147 /* now unlock the job */
148 closexscript(e);
149 unlockqueue(e);
150
151 /* make sure that this envelope is marked unused */
152 e->e_id = e->e_df = NULL;
153 if (e->e_dfp != NULL)
154 (void) fclose(e->e_dfp);
155 e->e_dfp = NULL;
156 }
157 �/*
158 ** CLEARENVELOPE -- clear an envelope without unlocking
159 **
160 ** This is normally used by a child process to get a clean
161 ** envelope without disturbing the parent.
162 **
163 ** Parameters:
164 ** e -- the envelope to clear.
165 ** fullclear - if set, the current envelope is total
166 ** garbage and should be ignored; otherwise,
167 ** release any resources it may indicate.
168 **
169 ** Returns:
170 ** none.
171 **
172 ** Side Effects:
173 ** Closes files associated with the envelope.
174 ** Marks the envelope as unallocated.
175 */
176
177 clearenvelope(e, fullclear)
178 register ENVELOPE *e;
179 bool fullclear;
180 {
181 register HDR *bh;
182 register HDR **nhp;
183 extern ENVELOPE BlankEnvelope;
184
185 if (!fullclear)
186 {
187 /* clear out any file information */
188 if (e->e_xfp != NULL)
189 (void) fclose(e->e_xfp);
190 if (e->e_dfp != NULL)
191 (void) fclose(e->e_dfp);
192 }
193
194 /* now clear out the data */
195 STRUCTCOPY(BlankEnvelope, *e);
196 bh = BlankEnvelope.e_header;
197 nhp = &e->e_header;
198 while (bh != NULL)
199 {
200 *nhp = (HDR *) xalloc(sizeof *bh);
201 bcopy((char *) bh, (char *) *nhp, sizeof *bh);
202 bh = bh->h_link;
203 nhp = &(*nhp)->h_link;
204 }
205 }
206 �/*
207 ** INITSYS -- initialize instantiation of system
208 **
209 ** In Daemon mode, this is done in the child.
210 **
211 ** Parameters:
212 ** none.
213 **
214 ** Returns:
215 ** none.
216 **
217 ** Side Effects:
218 ** Initializes the system macros, some global variables,
219 ** etc. In particular, the current time in various
220 ** forms is set.
221 */
222
223 initsys()
224 {
225 static char cbuf[5]; /* holds hop count */
226 static char pbuf[10]; /* holds pid */
227 #ifdef TTYNAME
228 static char ybuf[10]; /* holds tty id */
229 register char *p;
230 #endif TTYNAME
231 extern char *ttyname();
232 extern char *macvalue();
233 extern char Version[];
234
235 /*
236 ** Give this envelope a reality.
237 ** I.e., an id, a transcript, and a creation time.
238 */
239
240 openxscript(CurEnv);
241 CurEnv->e_ctime = curtime();
242
243 /*
244 ** Set OutChannel to something useful if stdout isn't it.
245 ** This arranges that any extra stuff the mailer produces
246 ** gets sent back to the user on error (because it is
247 ** tucked away in the transcript).
248 */
249
250 if (OpMode == MD_DAEMON && QueueRun)
251 OutChannel = CurEnv->e_xfp;
252
253 /*
254 ** Set up some basic system macros.
255 */
256
257 /* process id */
258 (void) sprintf(pbuf, "%d", getpid());
259 define('p', pbuf, CurEnv);
260
261 /* hop count */
262 (void) sprintf(cbuf, "%d", CurEnv->e_hopcount);
263 define('c', cbuf, CurEnv);
264
265 /* time as integer, unix time, arpa time */
266 settime();
267
268 #ifdef TTYNAME
269 /* tty name */
270 if (macvalue('y', CurEnv) == NULL)
271 {
272 p = ttyname(2);
273 if (p != NULL)
274 {
275 if (rindex(p, '/') != NULL)
276 p = rindex(p, '/') + 1;
277 (void) strcpy(ybuf, p);
278 define('y', ybuf, CurEnv);
279 }
280 }
281 #endif TTYNAME
282 }
283 �/*
284 ** SETTIME -- set the current time.
285 **
286 ** Parameters:
287 ** none.
288 **
289 ** Returns:
290 ** none.
291 **
292 ** Side Effects:
293 ** Sets the various time macros -- $a, $b, $d, $t.
294 */
295
296 settime()
297 {
298 register char *p;
299 auto time_t now;
300 static char tbuf[20]; /* holds "current" time */
301 static char dbuf[30]; /* holds ctime(tbuf) */
302 register struct tm *tm;
303 extern char *arpadate();
304 extern struct tm *gmtime();
305 extern char *macvalue();
306
307 now = curtime();
308 tm = gmtime(&now);
309 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1,
310 tm->tm_mday, tm->tm_hour, tm->tm_min);
311 define('t', tbuf, CurEnv);
312 (void) strcpy(dbuf, ctime(&now));
313 *index(dbuf, '\n') = '\0';
314 if (macvalue('d', CurEnv) == NULL)
315 define('d', dbuf, CurEnv);
316 p = newstr(arpadate(dbuf));
317 if (macvalue('a', CurEnv) == NULL)
318 define('a', p, CurEnv);
319 define('b', p, CurEnv);
320 }
321 �/*
322 ** OPENXSCRIPT -- Open transcript file
323 **
324 ** Creates a transcript file for possible eventual mailing or
325 ** sending back.
326 **
327 ** Parameters:
328 ** e -- the envelope to create the transcript in/for.
329 **
330 ** Returns:
331 ** none
332 **
333 ** Side Effects:
334 ** Creates the transcript file.
335 */
336
337 openxscript(e)
338 register ENVELOPE *e;
339 {
340 register char *p;
341 int fd;
342
343 # ifdef LOG
344 if (LogLevel > 19)
345 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
346 # endif LOG
347 if (e->e_xfp != NULL)
348 return;
349 p = queuename(e, 'x');
350 fd = open(p, O_WRONLY|O_CREAT, 0644);
351 if (fd < 0)
352 syserr("Can't create %s", p);
353 else
354 e->e_xfp = fdopen(fd, "w");
355 }
356 �/*
357 ** CLOSEXSCRIPT -- close the transcript file.
358 **
359 ** Parameters:
360 ** e -- the envelope containing the transcript to close.
361 **
362 ** Returns:
363 ** none.
364 **
365 ** Side Effects:
366 ** none.
367 */
368
369 closexscript(e)
370 register ENVELOPE *e;
371 {
372 if (e->e_xfp == NULL)
373 return;
374 (void) fclose(e->e_xfp);
375 e->e_xfp = NULL;
376 }
377 �/*
378 ** SETSENDER -- set the person who this message is from
379 **
380 ** Under certain circumstances allow the user to say who
381 ** s/he is (using -f or -r). These are:
382 ** 1. The user's uid is zero (root).
383 ** 2. The user's login name is in an approved list (typically
384 ** from a network server).
385 ** 3. The address the user is trying to claim has a
386 ** "!" character in it (since #2 doesn't do it for
387 ** us if we are dialing out for UUCP).
388 ** A better check to replace #3 would be if the
389 ** effective uid is "UUCP" -- this would require me
390 ** to rewrite getpwent to "grab" uucp as it went by,
391 ** make getname more nasty, do another passwd file
392 ** scan, or compile the UID of "UUCP" into the code,
393 ** all of which are reprehensible.
394 **
395 ** Assuming all of these fail, we figure out something
396 ** ourselves.
397 **
398 ** Parameters:
399 ** from -- the person we would like to believe this message
400 ** is from, as specified on the command line.
401 ** e -- the envelope in which we would like the sender set.
402 **
403 ** Returns:
404 ** none.
405 **
406 ** Side Effects:
407 ** sets sendmail's notion of who the from person is.
408 */
409
410 setsender(from, e)
411 char *from;
412 register ENVELOPE *e;
413 {
414 register char **pvp;
415 char *realname = NULL;
416 register struct passwd *pw;
417 char buf[MAXNAME];
418 char pvpbuf[PSBUFSIZE];
419 extern struct passwd *getpwnam();
420 extern char *macvalue();
421 extern char **prescan();
422 extern bool safefile();
423 extern char *FullName;
424
425 if (tTd(45, 1))
426 printf("setsender(%s)\n", from == NULL ? "" : from);
427
428 /*
429 ** Figure out the real user executing us.
430 ** Username can return errno != 0 on non-errors.
431 */
432
433 if (QueueRun || OpMode == MD_SMTP)
434 realname = from;
435 if (realname == NULL || realname[0] == '\0')
436 {
437 extern char *username();
438
439 realname = username();
440 }
441
442 /*
443 ** Determine if this real person is allowed to alias themselves.
444 */
445
446 if (from != NULL)
447 {
448 extern bool trusteduser();
449
450 if (!trusteduser(realname) && getuid() != geteuid() &&
451 index(from, '!') == NULL && getuid() != 0)
452 {
453 /* network sends -r regardless (why why why?) */
454 /* syserr("%s, you cannot use the -f flag", realname); */
455 from = NULL;
456 }
457 }
458
459 SuprErrs = TRUE;
460 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0') == NULL)
461 {
462 /* log garbage addresses for traceback */
463 if (from != NULL)
464 {
465 # ifdef LOG
466 if (LogLevel >= 1)
467 if (realname == from && RealHostName != NULL)
468 syslog(LOG_NOTICE,
469 "from=%s unparseable, received from %s",
470 from, RealHostName);
471 else
472 syslog(LOG_NOTICE,
473 "Unparseable username %s wants from=%s",
474 realname, from);
475 # endif LOG
476 }
477 from = newstr(realname);
478 if (parseaddr(from, &e->e_from, 1, '\0') == NULL &&
479 parseaddr("postmaster", &e->e_from, 1, '\0') == NULL)
480 {
481 syserr("setsender: can't even parse postmaster!");
482 }
483 }
484 else
485 FromFlag = TRUE;
486 e->e_from.q_flags |= QDONTSEND;
487 loweraddr(&e->e_from);
488 SuprErrs = FALSE;
489
490 pvp = NULL;
491 if (e->e_from.q_mailer == LocalMailer)
492 {
493 # ifdef USERDB
494 register char *p;
495 extern char *udbsender();
496 # endif
497
498 /* if the user has given fullname already, don't redefine */
499 if (FullName == NULL)
500 FullName = macvalue('x', e);
501 if (FullName != NULL && FullName[0] == '\0')
502 FullName = NULL;
503
504 # ifdef USERDB
505 p = udbsender(from);
506
507 if (p != NULL)
508 {
509 /*
510 ** We have an alternate address for the sender
511 */
512
513 pvp = prescan(p, '\0', pvpbuf);
514 }
515 # endif /* USERDB */
516
517 if ((pw = getpwnam(e->e_from.q_user)) != NULL)
518 {
519 /*
520 ** Process passwd file entry.
521 */
522
523
524 /* extract home directory */
525 e->e_from.q_home = newstr(pw->pw_dir);
526 define('z', e->e_from.q_home, e);
527
528 /* extract user and group id */
529 e->e_from.q_uid = pw->pw_uid;
530 e->e_from.q_gid = pw->pw_gid;
531
532 /* extract full name from passwd file */
533 if (FullName == NULL && pw->pw_gecos != NULL &&
534 strcmp(pw->pw_name, e->e_from.q_user) == 0)
535 {
536 buildfname(pw->pw_gecos, e->e_from.q_user, buf);
537 if (buf[0] != '\0')
538 FullName = newstr(buf);
539 }
540 }
541 if (FullName != NULL)
542 define('x', FullName, e);
543 }
544 else
545 {
546 if (e->e_from.q_home == NULL)
547 e->e_from.q_home = getenv("HOME");
548 e->e_from.q_uid = getuid();
549 e->e_from.q_gid = getgid();
550 }
551
552 /*
553 ** Rewrite the from person to dispose of possible implicit
554 ** links in the net.
555 */
556
557 if (pvp == NULL)
558 pvp = prescan(from, '\0', pvpbuf);
559 if (pvp == NULL)
560 {
561 # ifdef LOG
562 if (LogLevel >= 1)
563 syslog(LOG_NOTICE, "cannot prescan from (%s)", from);
564 # endif
565 usrerr("cannot prescan from (%s)", from);
566 finis();
567 }
568 rewrite(pvp, 3);
569 rewrite(pvp, 1);
570 rewrite(pvp, 4);
571 cataddr(pvp, buf, sizeof buf);
572 e->e_sender = e->e_returnpath = newstr(buf);
573
574 define('f', e->e_sender, e);
575
576 /* save the domain spec if this mailer wants it */
577 if (e->e_from.q_mailer != NULL &&
578 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
579 {
580 extern char **copyplist();
581
582 while (*pvp != NULL && strcmp(*pvp, "@") != 0)
583 pvp++;
584 if (*pvp != NULL)
585 e->e_fromdomain = copyplist(pvp, TRUE);
586 }
587 }
588 �/*
589 ** TRUSTEDUSER -- tell us if this user is to be trusted.
590 **
591 ** Parameters:
592 ** user -- the user to be checked.
593 **
594 ** Returns:
595 ** TRUE if the user is in an approved list.
596 ** FALSE otherwise.
597 **
598 ** Side Effects:
599 ** none.
600 */
601
602 bool
603 trusteduser(user)
604 char *user;
605 {
606 register char **ulist;
607 extern char *TrustedUsers[];
608
609 for (ulist = TrustedUsers; *ulist != NULL; ulist++)
610 if (strcmp(*ulist, user) == 0)
611 return (TRUE);
612 return (FALSE);
613 }
614