1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)envelope.c 5.27 (Berkeley) 05/29/92"; 11 #endif /* not lint */ 12 13 #include <sys/types.h> 14 #include <sys/time.h> 15 #include <sys/stat.h> 16 #include <pwd.h> 17 #include <sys/file.h> 18 #include "sendmail.h" 19 20 /* 21 ** NEWENVELOPE -- allocate a new envelope 22 ** 23 ** Supports inheritance. 24 ** 25 ** Parameters: 26 ** e -- the new envelope to fill in. 27 ** 28 ** Returns: 29 ** e. 30 ** 31 ** Side Effects: 32 ** none. 33 */ 34 35 ENVELOPE * 36 newenvelope(e) 37 register ENVELOPE *e; 38 { 39 register ENVELOPE *parent; 40 extern putheader(), putbody(); 41 extern ENVELOPE BlankEnvelope; 42 43 parent = CurEnv; 44 if (e == CurEnv) 45 parent = e->e_parent; 46 clearenvelope(e, TRUE); 47 if (e == CurEnv) 48 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from); 49 else 50 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from); 51 e->e_parent = parent; 52 e->e_ctime = curtime(); 53 e->e_msgpriority = parent->e_msgsize; 54 e->e_puthdr = putheader; 55 e->e_putbody = putbody; 56 if (CurEnv->e_xfp != NULL) 57 (void) fflush(CurEnv->e_xfp); 58 59 return (e); 60 } 61 /* 62 ** DROPENVELOPE -- deallocate an envelope. 63 ** 64 ** Parameters: 65 ** e -- the envelope to deallocate. 66 ** 67 ** Returns: 68 ** none. 69 ** 70 ** Side Effects: 71 ** housekeeping necessary to dispose of an envelope. 72 ** Unlocks this queue file. 73 */ 74 75 dropenvelope(e) 76 register ENVELOPE *e; 77 { 78 bool queueit = FALSE; 79 register ADDRESS *q; 80 81 if (tTd(50, 1)) 82 { 83 printf("dropenvelope %x id=", e); 84 xputs(e->e_id); 85 printf(" flags=%o\n", e->e_flags); 86 } 87 #ifdef LOG 88 if (LogLevel > 10) 89 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d", 90 e->e_id == NULL ? "(none)" : e->e_id, 91 e->e_flags, getpid()); 92 #endif LOG 93 94 /* we must have an id to remove disk files */ 95 if (e->e_id == NULL) 96 return; 97 98 /* 99 ** Extract state information from dregs of send list. 100 */ 101 102 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 103 { 104 if (bitset(QQUEUEUP, q->q_flags)) 105 queueit = TRUE; 106 } 107 108 /* 109 ** Send back return receipts as requested. 110 */ 111 112 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags)) 113 { 114 auto ADDRESS *rlist = NULL; 115 116 sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist); 117 (void) returntosender("Return receipt", rlist, FALSE); 118 } 119 120 /* 121 ** Arrange to send error messages if there are fatal errors. 122 */ 123 124 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET) 125 savemail(e); 126 127 /* 128 ** Instantiate or deinstantiate the queue. 129 */ 130 131 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) || 132 bitset(EF_CLRQUEUE, e->e_flags)) 133 { 134 if (e->e_df != NULL) 135 xunlink(e->e_df); 136 xunlink(queuename(e, 'q')); 137 } 138 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 139 { 140 #ifdef QUEUE 141 queueup(e, FALSE, FALSE); 142 #else QUEUE 143 syserr("dropenvelope: queueup"); 144 #endif QUEUE 145 } 146 147 /* now unlock the job */ 148 closexscript(e); 149 unlockqueue(e); 150 151 /* make sure that this envelope is marked unused */ 152 e->e_id = e->e_df = NULL; 153 if (e->e_dfp != NULL) 154 (void) fclose(e->e_dfp); 155 e->e_dfp = NULL; 156 } 157 /* 158 ** CLEARENVELOPE -- clear an envelope without unlocking 159 ** 160 ** This is normally used by a child process to get a clean 161 ** envelope without disturbing the parent. 162 ** 163 ** Parameters: 164 ** e -- the envelope to clear. 165 ** fullclear - if set, the current envelope is total 166 ** garbage and should be ignored; otherwise, 167 ** release any resources it may indicate. 168 ** 169 ** Returns: 170 ** none. 171 ** 172 ** Side Effects: 173 ** Closes files associated with the envelope. 174 ** Marks the envelope as unallocated. 175 */ 176 177 clearenvelope(e, fullclear) 178 register ENVELOPE *e; 179 bool fullclear; 180 { 181 register HDR *bh; 182 register HDR **nhp; 183 extern ENVELOPE BlankEnvelope; 184 185 if (!fullclear) 186 { 187 /* clear out any file information */ 188 if (e->e_xfp != NULL) 189 (void) fclose(e->e_xfp); 190 if (e->e_dfp != NULL) 191 (void) fclose(e->e_dfp); 192 } 193 194 /* now clear out the data */ 195 STRUCTCOPY(BlankEnvelope, *e); 196 bh = BlankEnvelope.e_header; 197 nhp = &e->e_header; 198 while (bh != NULL) 199 { 200 *nhp = (HDR *) xalloc(sizeof *bh); 201 bcopy((char *) bh, (char *) *nhp, sizeof *bh); 202 bh = bh->h_link; 203 nhp = &(*nhp)->h_link; 204 } 205 } 206 /* 207 ** INITSYS -- initialize instantiation of system 208 ** 209 ** In Daemon mode, this is done in the child. 210 ** 211 ** Parameters: 212 ** none. 213 ** 214 ** Returns: 215 ** none. 216 ** 217 ** Side Effects: 218 ** Initializes the system macros, some global variables, 219 ** etc. In particular, the current time in various 220 ** forms is set. 221 */ 222 223 initsys() 224 { 225 static char cbuf[5]; /* holds hop count */ 226 static char pbuf[10]; /* holds pid */ 227 #ifdef TTYNAME 228 static char ybuf[10]; /* holds tty id */ 229 register char *p; 230 #endif TTYNAME 231 extern char *ttyname(); 232 extern char *macvalue(); 233 extern char Version[]; 234 235 /* 236 ** Give this envelope a reality. 237 ** I.e., an id, a transcript, and a creation time. 238 */ 239 240 openxscript(CurEnv); 241 CurEnv->e_ctime = curtime(); 242 243 /* 244 ** Set OutChannel to something useful if stdout isn't it. 245 ** This arranges that any extra stuff the mailer produces 246 ** gets sent back to the user on error (because it is 247 ** tucked away in the transcript). 248 */ 249 250 if (OpMode == MD_DAEMON && QueueRun) 251 OutChannel = CurEnv->e_xfp; 252 253 /* 254 ** Set up some basic system macros. 255 */ 256 257 /* process id */ 258 (void) sprintf(pbuf, "%d", getpid()); 259 define('p', pbuf, CurEnv); 260 261 /* hop count */ 262 (void) sprintf(cbuf, "%d", CurEnv->e_hopcount); 263 define('c', cbuf, CurEnv); 264 265 /* time as integer, unix time, arpa time */ 266 settime(); 267 268 #ifdef TTYNAME 269 /* tty name */ 270 if (macvalue('y', CurEnv) == NULL) 271 { 272 p = ttyname(2); 273 if (p != NULL) 274 { 275 if (rindex(p, '/') != NULL) 276 p = rindex(p, '/') + 1; 277 (void) strcpy(ybuf, p); 278 define('y', ybuf, CurEnv); 279 } 280 } 281 #endif TTYNAME 282 } 283 /* 284 ** SETTIME -- set the current time. 285 ** 286 ** Parameters: 287 ** none. 288 ** 289 ** Returns: 290 ** none. 291 ** 292 ** Side Effects: 293 ** Sets the various time macros -- $a, $b, $d, $t. 294 */ 295 296 settime() 297 { 298 register char *p; 299 auto time_t now; 300 static char tbuf[20]; /* holds "current" time */ 301 static char dbuf[30]; /* holds ctime(tbuf) */ 302 register struct tm *tm; 303 extern char *arpadate(); 304 extern struct tm *gmtime(); 305 extern char *macvalue(); 306 307 now = curtime(); 308 tm = gmtime(&now); 309 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1, 310 tm->tm_mday, tm->tm_hour, tm->tm_min); 311 define('t', tbuf, CurEnv); 312 (void) strcpy(dbuf, ctime(&now)); 313 *index(dbuf, '\n') = '\0'; 314 if (macvalue('d', CurEnv) == NULL) 315 define('d', dbuf, CurEnv); 316 p = newstr(arpadate(dbuf)); 317 if (macvalue('a', CurEnv) == NULL) 318 define('a', p, CurEnv); 319 define('b', p, CurEnv); 320 } 321 /* 322 ** OPENXSCRIPT -- Open transcript file 323 ** 324 ** Creates a transcript file for possible eventual mailing or 325 ** sending back. 326 ** 327 ** Parameters: 328 ** e -- the envelope to create the transcript in/for. 329 ** 330 ** Returns: 331 ** none 332 ** 333 ** Side Effects: 334 ** Creates the transcript file. 335 */ 336 337 openxscript(e) 338 register ENVELOPE *e; 339 { 340 register char *p; 341 int fd; 342 343 # ifdef LOG 344 if (LogLevel > 19) 345 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)"); 346 # endif LOG 347 if (e->e_xfp != NULL) 348 return; 349 p = queuename(e, 'x'); 350 fd = open(p, O_WRONLY|O_CREAT, 0644); 351 if (fd < 0) 352 syserr("Can't create %s", p); 353 else 354 e->e_xfp = fdopen(fd, "w"); 355 } 356 /* 357 ** CLOSEXSCRIPT -- close the transcript file. 358 ** 359 ** Parameters: 360 ** e -- the envelope containing the transcript to close. 361 ** 362 ** Returns: 363 ** none. 364 ** 365 ** Side Effects: 366 ** none. 367 */ 368 369 closexscript(e) 370 register ENVELOPE *e; 371 { 372 if (e->e_xfp == NULL) 373 return; 374 (void) fclose(e->e_xfp); 375 e->e_xfp = NULL; 376 } 377 /* 378 ** SETSENDER -- set the person who this message is from 379 ** 380 ** Under certain circumstances allow the user to say who 381 ** s/he is (using -f or -r). These are: 382 ** 1. The user's uid is zero (root). 383 ** 2. The user's login name is in an approved list (typically 384 ** from a network server). 385 ** 3. The address the user is trying to claim has a 386 ** "!" character in it (since #2 doesn't do it for 387 ** us if we are dialing out for UUCP). 388 ** A better check to replace #3 would be if the 389 ** effective uid is "UUCP" -- this would require me 390 ** to rewrite getpwent to "grab" uucp as it went by, 391 ** make getname more nasty, do another passwd file 392 ** scan, or compile the UID of "UUCP" into the code, 393 ** all of which are reprehensible. 394 ** 395 ** Assuming all of these fail, we figure out something 396 ** ourselves. 397 ** 398 ** Parameters: 399 ** from -- the person we would like to believe this message 400 ** is from, as specified on the command line. 401 ** e -- the envelope in which we would like the sender set. 402 ** 403 ** Returns: 404 ** none. 405 ** 406 ** Side Effects: 407 ** sets sendmail's notion of who the from person is. 408 */ 409 410 setsender(from, e) 411 char *from; 412 register ENVELOPE *e; 413 { 414 register char **pvp; 415 char *realname = NULL; 416 register struct passwd *pw; 417 char buf[MAXNAME]; 418 char pvpbuf[PSBUFSIZE]; 419 extern struct passwd *getpwnam(); 420 extern char *macvalue(); 421 extern char **prescan(); 422 extern bool safefile(); 423 extern char *FullName; 424 425 if (tTd(45, 1)) 426 printf("setsender(%s)\n", from == NULL ? "" : from); 427 428 /* 429 ** Figure out the real user executing us. 430 ** Username can return errno != 0 on non-errors. 431 */ 432 433 if (QueueRun || OpMode == MD_SMTP) 434 realname = from; 435 if (realname == NULL || realname[0] == '\0') 436 { 437 extern char *username(); 438 439 realname = username(); 440 } 441 442 /* 443 ** Determine if this real person is allowed to alias themselves. 444 */ 445 446 if (from != NULL) 447 { 448 extern bool trusteduser(); 449 450 if (!trusteduser(realname) && getuid() != geteuid() && 451 index(from, '!') == NULL && getuid() != 0) 452 { 453 /* network sends -r regardless (why why why?) */ 454 /* syserr("%s, you cannot use the -f flag", realname); */ 455 from = NULL; 456 } 457 } 458 459 SuprErrs = TRUE; 460 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0') == NULL) 461 { 462 /* log garbage addresses for traceback */ 463 if (from != NULL) 464 { 465 # ifdef LOG 466 if (LogLevel >= 1) 467 if (realname == from && RealHostName != NULL) 468 syslog(LOG_NOTICE, 469 "from=%s unparseable, received from %s", 470 from, RealHostName); 471 else 472 syslog(LOG_NOTICE, 473 "Unparseable username %s wants from=%s", 474 realname, from); 475 # endif LOG 476 } 477 from = newstr(realname); 478 if (parseaddr(from, &e->e_from, 1, '\0') == NULL && 479 parseaddr("postmaster", &e->e_from, 1, '\0') == NULL) 480 { 481 syserr("setsender: can't even parse postmaster!"); 482 } 483 } 484 else 485 FromFlag = TRUE; 486 e->e_from.q_flags |= QDONTSEND; 487 loweraddr(&e->e_from); 488 SuprErrs = FALSE; 489 490 pvp = NULL; 491 if (e->e_from.q_mailer == LocalMailer) 492 { 493 # ifdef USERDB 494 register char *p; 495 extern char *udbsender(); 496 # endif 497 498 /* if the user has given fullname already, don't redefine */ 499 if (FullName == NULL) 500 FullName = macvalue('x', e); 501 if (FullName != NULL && FullName[0] == '\0') 502 FullName = NULL; 503 504 # ifdef USERDB 505 p = udbsender(from); 506 507 if (p != NULL) 508 { 509 /* 510 ** We have an alternate address for the sender 511 */ 512 513 pvp = prescan(p, '\0', pvpbuf); 514 } 515 # endif /* USERDB */ 516 517 if ((pw = getpwnam(e->e_from.q_user)) != NULL) 518 { 519 /* 520 ** Process passwd file entry. 521 */ 522 523 524 /* extract home directory */ 525 e->e_from.q_home = newstr(pw->pw_dir); 526 define('z', e->e_from.q_home, e); 527 528 /* extract user and group id */ 529 e->e_from.q_uid = pw->pw_uid; 530 e->e_from.q_gid = pw->pw_gid; 531 532 /* extract full name from passwd file */ 533 if (FullName == NULL && pw->pw_gecos != NULL && 534 strcmp(pw->pw_name, e->e_from.q_user) == 0) 535 { 536 buildfname(pw->pw_gecos, e->e_from.q_user, buf); 537 if (buf[0] != '\0') 538 FullName = newstr(buf); 539 } 540 } 541 if (FullName != NULL) 542 define('x', FullName, e); 543 } 544 else 545 { 546 if (e->e_from.q_home == NULL) 547 e->e_from.q_home = getenv("HOME"); 548 e->e_from.q_uid = getuid(); 549 e->e_from.q_gid = getgid(); 550 } 551 552 /* 553 ** Rewrite the from person to dispose of possible implicit 554 ** links in the net. 555 */ 556 557 if (pvp == NULL) 558 pvp = prescan(from, '\0', pvpbuf); 559 if (pvp == NULL) 560 { 561 # ifdef LOG 562 if (LogLevel >= 1) 563 syslog(LOG_NOTICE, "cannot prescan from (%s)", from); 564 # endif 565 usrerr("cannot prescan from (%s)", from); 566 finis(); 567 } 568 rewrite(pvp, 3); 569 rewrite(pvp, 1); 570 rewrite(pvp, 4); 571 cataddr(pvp, buf, sizeof buf); 572 e->e_sender = e->e_returnpath = newstr(buf); 573 574 define('f', e->e_sender, e); 575 576 /* save the domain spec if this mailer wants it */ 577 if (e->e_from.q_mailer != NULL && 578 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) 579 { 580 extern char **copyplist(); 581 582 while (*pvp != NULL && strcmp(*pvp, "@") != 0) 583 pvp++; 584 if (*pvp != NULL) 585 e->e_fromdomain = copyplist(pvp, TRUE); 586 } 587 } 588 /* 589 ** TRUSTEDUSER -- tell us if this user is to be trusted. 590 ** 591 ** Parameters: 592 ** user -- the user to be checked. 593 ** 594 ** Returns: 595 ** TRUE if the user is in an approved list. 596 ** FALSE otherwise. 597 ** 598 ** Side Effects: 599 ** none. 600 */ 601 602 bool 603 trusteduser(user) 604 char *user; 605 { 606 register char **ulist; 607 extern char *TrustedUsers[]; 608 609 for (ulist = TrustedUsers; *ulist != NULL; ulist++) 610 if (strcmp(*ulist, user) == 0) 611 return (TRUE); 612 return (FALSE); 613 } 614