1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)envelope.c 6.2 (Berkeley) 01/18/93";
11 #endif /* not lint */
12
13 #include <sys/types.h>
14 #include <sys/time.h>
15 #include <sys/stat.h>
16 #include <pwd.h>
17 #include <sys/file.h>
18 #include "sendmail.h"
19
20 /*
21 ** NEWENVELOPE -- allocate a new envelope
22 **
23 ** Supports inheritance.
24 **
25 ** Parameters:
26 ** e -- the new envelope to fill in.
27 **
28 ** Returns:
29 ** e.
30 **
31 ** Side Effects:
32 ** none.
33 */
34
35 ENVELOPE *
36 newenvelope(e)
37 register ENVELOPE *e;
38 {
39 register ENVELOPE *parent;
40 extern putheader(), putbody();
41 extern ENVELOPE BlankEnvelope;
42
43 parent = CurEnv;
44 if (e == CurEnv && e->e_parent != NULL)
45 parent = e->e_parent;
46 clearenvelope(e, TRUE);
47 if (e == CurEnv)
48 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
49 else
50 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
51 e->e_parent = parent;
52 e->e_ctime = curtime();
53 if (parent != NULL)
54 e->e_msgpriority = parent->e_msgsize;
55 e->e_puthdr = putheader;
56 e->e_putbody = putbody;
57 if (CurEnv->e_xfp != NULL)
58 (void) fflush(CurEnv->e_xfp);
59
60 return (e);
61 }
62 �/*
63 ** DROPENVELOPE -- deallocate an envelope.
64 **
65 ** Parameters:
66 ** e -- the envelope to deallocate.
67 **
68 ** Returns:
69 ** none.
70 **
71 ** Side Effects:
72 ** housekeeping necessary to dispose of an envelope.
73 ** Unlocks this queue file.
74 */
75
76 dropenvelope(e)
77 register ENVELOPE *e;
78 {
79 bool queueit = FALSE;
80 register ADDRESS *q;
81
82 if (tTd(50, 1))
83 {
84 printf("dropenvelope %x id=", e);
85 xputs(e->e_id);
86 printf(" flags=%o\n", e->e_flags);
87 }
88 #ifdef LOG
89 if (LogLevel > 12)
90 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
91 e->e_id == NULL ? "(none)" : e->e_id,
92 e->e_flags, getpid());
93 #endif /* LOG */
94
95 /* we must have an id to remove disk files */
96 if (e->e_id == NULL)
97 return;
98
99 /*
100 ** Extract state information from dregs of send list.
101 */
102
103 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
104 {
105 if (bitset(QQUEUEUP, q->q_flags))
106 queueit = TRUE;
107 }
108
109 /*
110 ** Send back return receipts as requested.
111 */
112
113 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
114 {
115 auto ADDRESS *rlist = NULL;
116
117 sendtolist(e->e_receiptto, (ADDRESS *) NULL, &rlist, e);
118 (void) returntosender("Return receipt", rlist, FALSE, e);
119 }
120
121 /*
122 ** Arrange to send error messages if there are fatal errors.
123 */
124
125 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET)
126 savemail(e);
127
128 /*
129 ** Instantiate or deinstantiate the queue.
130 */
131
132 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
133 bitset(EF_CLRQUEUE, e->e_flags))
134 {
135 if (e->e_df != NULL)
136 xunlink(e->e_df);
137 xunlink(queuename(e, 'q'));
138 }
139 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
140 {
141 #ifdef QUEUE
142 queueup(e, FALSE, FALSE);
143 #else /* QUEUE */
144 syserr("dropenvelope: queueup");
145 #endif /* QUEUE */
146 }
147
148 /* now unlock the job */
149 closexscript(e);
150 unlockqueue(e);
151
152 /* make sure that this envelope is marked unused */
153 e->e_id = e->e_df = NULL;
154 if (e->e_dfp != NULL)
155 (void) fclose(e->e_dfp);
156 e->e_dfp = NULL;
157
158 #ifdef LOG
159 if (LogLevel >= 10)
160 syslog(LOG_INFO, "%s: done", e->e_id);
161 #endif /* LOG */
162 }
163 �/*
164 ** CLEARENVELOPE -- clear an envelope without unlocking
165 **
166 ** This is normally used by a child process to get a clean
167 ** envelope without disturbing the parent.
168 **
169 ** Parameters:
170 ** e -- the envelope to clear.
171 ** fullclear - if set, the current envelope is total
172 ** garbage and should be ignored; otherwise,
173 ** release any resources it may indicate.
174 **
175 ** Returns:
176 ** none.
177 **
178 ** Side Effects:
179 ** Closes files associated with the envelope.
180 ** Marks the envelope as unallocated.
181 */
182
183 clearenvelope(e, fullclear)
184 register ENVELOPE *e;
185 bool fullclear;
186 {
187 register HDR *bh;
188 register HDR **nhp;
189 extern ENVELOPE BlankEnvelope;
190
191 if (!fullclear)
192 {
193 /* clear out any file information */
194 if (e->e_xfp != NULL)
195 (void) fclose(e->e_xfp);
196 if (e->e_dfp != NULL)
197 (void) fclose(e->e_dfp);
198 }
199
200 /* now clear out the data */
201 STRUCTCOPY(BlankEnvelope, *e);
202 bh = BlankEnvelope.e_header;
203 nhp = &e->e_header;
204 while (bh != NULL)
205 {
206 *nhp = (HDR *) xalloc(sizeof *bh);
207 bcopy((char *) bh, (char *) *nhp, sizeof *bh);
208 bh = bh->h_link;
209 nhp = &(*nhp)->h_link;
210 }
211 }
212 �/*
213 ** INITSYS -- initialize instantiation of system
214 **
215 ** In Daemon mode, this is done in the child.
216 **
217 ** Parameters:
218 ** none.
219 **
220 ** Returns:
221 ** none.
222 **
223 ** Side Effects:
224 ** Initializes the system macros, some global variables,
225 ** etc. In particular, the current time in various
226 ** forms is set.
227 */
228
229 initsys(e)
230 register ENVELOPE *e;
231 {
232 static char cbuf[5]; /* holds hop count */
233 static char pbuf[10]; /* holds pid */
234 #ifdef TTYNAME
235 static char ybuf[10]; /* holds tty id */
236 register char *p;
237 #endif /* TTYNAME */
238 extern char *ttyname();
239 extern char *macvalue();
240 extern char Version[];
241
242 /*
243 ** Give this envelope a reality.
244 ** I.e., an id, a transcript, and a creation time.
245 */
246
247 openxscript(e);
248 e->e_ctime = curtime();
249
250 /*
251 ** Set OutChannel to something useful if stdout isn't it.
252 ** This arranges that any extra stuff the mailer produces
253 ** gets sent back to the user on error (because it is
254 ** tucked away in the transcript).
255 */
256
257 if (OpMode == MD_DAEMON && QueueRun)
258 OutChannel = e->e_xfp;
259
260 /*
261 ** Set up some basic system macros.
262 */
263
264 /* process id */
265 (void) sprintf(pbuf, "%d", getpid());
266 define('p', pbuf, e);
267
268 /* hop count */
269 (void) sprintf(cbuf, "%d", e->e_hopcount);
270 define('c', cbuf, e);
271
272 /* time as integer, unix time, arpa time */
273 settime(e);
274
275 #ifdef TTYNAME
276 /* tty name */
277 if (macvalue('y', e) == NULL)
278 {
279 p = ttyname(2);
280 if (p != NULL)
281 {
282 if (strrchr(p, '/') != NULL)
283 p = strrchr(p, '/') + 1;
284 (void) strcpy(ybuf, p);
285 define('y', ybuf, e);
286 }
287 }
288 #endif /* TTYNAME */
289 }
290 �/*
291 ** SETTIME -- set the current time.
292 **
293 ** Parameters:
294 ** none.
295 **
296 ** Returns:
297 ** none.
298 **
299 ** Side Effects:
300 ** Sets the various time macros -- $a, $b, $d, $t.
301 */
302
303 settime(e)
304 register ENVELOPE *e;
305 {
306 register char *p;
307 auto time_t now;
308 static char tbuf[20]; /* holds "current" time */
309 static char dbuf[30]; /* holds ctime(tbuf) */
310 register struct tm *tm;
311 extern char *arpadate();
312 extern struct tm *gmtime();
313 extern char *macvalue();
314
315 now = curtime();
316 tm = gmtime(&now);
317 (void) sprintf(tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900,
318 tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min);
319 define('t', tbuf, e);
320 (void) strcpy(dbuf, ctime(&now));
321 *strchr(dbuf, '\n') = '\0';
322 if (macvalue('d', e) == NULL)
323 define('d', dbuf, e);
324 p = newstr(arpadate(dbuf));
325 if (macvalue('a', e) == NULL)
326 define('a', p, e);
327 define('b', p, e);
328 }
329 �/*
330 ** OPENXSCRIPT -- Open transcript file
331 **
332 ** Creates a transcript file for possible eventual mailing or
333 ** sending back.
334 **
335 ** Parameters:
336 ** e -- the envelope to create the transcript in/for.
337 **
338 ** Returns:
339 ** none
340 **
341 ** Side Effects:
342 ** Creates the transcript file.
343 */
344
345 openxscript(e)
346 register ENVELOPE *e;
347 {
348 register char *p;
349 int fd;
350
351 # ifdef LOG
352 if (LogLevel > 19)
353 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
354 # endif /* LOG */
355 if (e->e_xfp != NULL)
356 return;
357 p = queuename(e, 'x');
358 fd = open(p, O_WRONLY|O_CREAT, 0644);
359 if (fd < 0)
360 syserr("Can't create %s", p);
361 else
362 e->e_xfp = fdopen(fd, "w");
363 }
364 �/*
365 ** CLOSEXSCRIPT -- close the transcript file.
366 **
367 ** Parameters:
368 ** e -- the envelope containing the transcript to close.
369 **
370 ** Returns:
371 ** none.
372 **
373 ** Side Effects:
374 ** none.
375 */
376
377 closexscript(e)
378 register ENVELOPE *e;
379 {
380 if (e->e_xfp == NULL)
381 return;
382 (void) fclose(e->e_xfp);
383 e->e_xfp = NULL;
384 }
385 �/*
386 ** SETSENDER -- set the person who this message is from
387 **
388 ** Under certain circumstances allow the user to say who
389 ** s/he is (using -f or -r). These are:
390 ** 1. The user's uid is zero (root).
391 ** 2. The user's login name is in an approved list (typically
392 ** from a network server).
393 ** 3. The address the user is trying to claim has a
394 ** "!" character in it (since #2 doesn't do it for
395 ** us if we are dialing out for UUCP).
396 ** A better check to replace #3 would be if the
397 ** effective uid is "UUCP" -- this would require me
398 ** to rewrite getpwent to "grab" uucp as it went by,
399 ** make getname more nasty, do another passwd file
400 ** scan, or compile the UID of "UUCP" into the code,
401 ** all of which are reprehensible.
402 **
403 ** Assuming all of these fail, we figure out something
404 ** ourselves.
405 **
406 ** Parameters:
407 ** from -- the person we would like to believe this message
408 ** is from, as specified on the command line.
409 ** e -- the envelope in which we would like the sender set.
410 **
411 ** Returns:
412 ** none.
413 **
414 ** Side Effects:
415 ** sets sendmail's notion of who the from person is.
416 */
417
418 setsender(from, e)
419 char *from;
420 register ENVELOPE *e;
421 {
422 register char **pvp;
423 char *realname = NULL;
424 register struct passwd *pw;
425 char buf[MAXNAME];
426 char pvpbuf[PSBUFSIZE];
427 extern struct passwd *getpwnam();
428 extern char *macvalue();
429 extern char **prescan();
430 extern bool safefile();
431 extern char *FullName;
432
433 if (tTd(45, 1))
434 printf("setsender(%s)\n", from == NULL ? "" : from);
435
436 /*
437 ** Figure out the real user executing us.
438 ** Username can return errno != 0 on non-errors.
439 */
440
441 if (QueueRun || OpMode == MD_SMTP)
442 realname = from;
443 if (realname == NULL || realname[0] == '\0')
444 {
445 extern char *username();
446
447 realname = username();
448 }
449
450 /*
451 ** Determine if this real person is allowed to alias themselves.
452 */
453
454 if (from != NULL)
455 {
456 extern bool trusteduser();
457
458 if (!trusteduser(realname) && getuid() != geteuid() &&
459 strchr(from, '!') == NULL && getuid() != 0)
460 {
461 /* network sends -r regardless (why why why?) */
462 /* syserr("%s, you cannot use the -f flag", realname); */
463 from = NULL;
464 }
465 }
466
467 /*
468 SuprErrs = TRUE;
469 */
470 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0', e) == NULL)
471 {
472 /* log garbage addresses for traceback */
473 # ifdef LOG
474 if (from != NULL && LogLevel >= 1)
475 {
476 char *host = RealHostName;
477
478 if (host == NULL)
479 host = MyHostName;
480 syslog(LOG_NOTICE,
481 "from=%s unparseable, received from %s@%s",
482 from, realname, host);
483 }
484 # endif /* LOG */
485 if (from != NULL)
486 SuprErrs = TRUE;
487 if (from == realname ||
488 parseaddr(from = newstr(realname), &e->e_from, 1, '\0', e) == NULL)
489 {
490 SuprErrs = TRUE;
491 if (parseaddr("postmaster", &e->e_from, 1, '\0', e) == NULL)
492 syserr("setsender: can't even parse postmaster!");
493 }
494 }
495 else
496 FromFlag = TRUE;
497 e->e_from.q_flags |= QDONTSEND;
498 loweraddr(&e->e_from);
499 SuprErrs = FALSE;
500
501 pvp = NULL;
502 if (e->e_from.q_mailer == LocalMailer)
503 {
504 # ifdef USERDB
505 register char *p;
506 extern char *udbsender();
507 # endif
508
509 /* if the user has given fullname already, don't redefine */
510 if (FullName == NULL)
511 FullName = macvalue('x', e);
512 if (FullName != NULL && FullName[0] == '\0')
513 FullName = NULL;
514
515 # ifdef USERDB
516 p = udbsender(from);
517
518 if (p != NULL)
519 {
520 /*
521 ** We have an alternate address for the sender
522 */
523
524 pvp = prescan(p, '\0', pvpbuf);
525 }
526 # endif /* USERDB */
527
528 if ((pw = getpwnam(e->e_from.q_user)) != NULL)
529 {
530 /*
531 ** Process passwd file entry.
532 */
533
534
535 /* extract home directory */
536 e->e_from.q_home = newstr(pw->pw_dir);
537 define('z', e->e_from.q_home, e);
538
539 /* extract user and group id */
540 e->e_from.q_uid = pw->pw_uid;
541 e->e_from.q_gid = pw->pw_gid;
542
543 /* extract full name from passwd file */
544 if (FullName == NULL && pw->pw_gecos != NULL &&
545 strcmp(pw->pw_name, e->e_from.q_user) == 0)
546 {
547 buildfname(pw->pw_gecos, e->e_from.q_user, buf);
548 if (buf[0] != '\0')
549 FullName = newstr(buf);
550 }
551 }
552 if (FullName != NULL)
553 define('x', FullName, e);
554 }
555 else
556 {
557 if (e->e_from.q_home == NULL)
558 e->e_from.q_home = getenv("HOME");
559 e->e_from.q_uid = getuid();
560 e->e_from.q_gid = getgid();
561 }
562
563 /*
564 ** Rewrite the from person to dispose of possible implicit
565 ** links in the net.
566 */
567
568 if (pvp == NULL)
569 pvp = prescan(from, '\0', pvpbuf);
570 if (pvp == NULL)
571 {
572 # ifdef LOG
573 if (LogLevel >= 1)
574 syslog(LOG_NOTICE, "cannot prescan from (%s)", from);
575 # endif
576 usrerr("cannot prescan from (%s)", from);
577 finis();
578 }
579 rewrite(pvp, 3);
580 rewrite(pvp, 1);
581 rewrite(pvp, 4);
582 cataddr(pvp, buf, sizeof buf);
583 e->e_sender = e->e_returnpath = newstr(buf);
584
585 define('f', e->e_sender, e);
586
587 /* save the domain spec if this mailer wants it */
588 if (e->e_from.q_mailer != NULL &&
589 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
590 {
591 extern char **copyplist();
592
593 while (*pvp != NULL && strcmp(*pvp, "@") != 0)
594 pvp++;
595 if (*pvp != NULL)
596 e->e_fromdomain = copyplist(pvp, TRUE);
597 }
598 }
599 �/*
600 ** TRUSTEDUSER -- tell us if this user is to be trusted.
601 **
602 ** Parameters:
603 ** user -- the user to be checked.
604 **
605 ** Returns:
606 ** TRUE if the user is in an approved list.
607 ** FALSE otherwise.
608 **
609 ** Side Effects:
610 ** none.
611 */
612
613 bool
614 trusteduser(user)
615 char *user;
616 {
617 register char **ulist;
618 extern char *TrustedUsers[];
619
620 for (ulist = TrustedUsers; *ulist != NULL; ulist++)
621 if (strcmp(*ulist, user) == 0)
622 return (TRUE);
623 return (FALSE);
624 }
625