1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)envelope.c 6.2 (Berkeley) 01/18/93"; 11 #endif /* not lint */ 12 13 #include <sys/types.h> 14 #include <sys/time.h> 15 #include <sys/stat.h> 16 #include <pwd.h> 17 #include <sys/file.h> 18 #include "sendmail.h" 19 20 /* 21 ** NEWENVELOPE -- allocate a new envelope 22 ** 23 ** Supports inheritance. 24 ** 25 ** Parameters: 26 ** e -- the new envelope to fill in. 27 ** 28 ** Returns: 29 ** e. 30 ** 31 ** Side Effects: 32 ** none. 33 */ 34 35 ENVELOPE * 36 newenvelope(e) 37 register ENVELOPE *e; 38 { 39 register ENVELOPE *parent; 40 extern putheader(), putbody(); 41 extern ENVELOPE BlankEnvelope; 42 43 parent = CurEnv; 44 if (e == CurEnv && e->e_parent != NULL) 45 parent = e->e_parent; 46 clearenvelope(e, TRUE); 47 if (e == CurEnv) 48 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from); 49 else 50 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from); 51 e->e_parent = parent; 52 e->e_ctime = curtime(); 53 if (parent != NULL) 54 e->e_msgpriority = parent->e_msgsize; 55 e->e_puthdr = putheader; 56 e->e_putbody = putbody; 57 if (CurEnv->e_xfp != NULL) 58 (void) fflush(CurEnv->e_xfp); 59 60 return (e); 61 } 62 /* 63 ** DROPENVELOPE -- deallocate an envelope. 64 ** 65 ** Parameters: 66 ** e -- the envelope to deallocate. 67 ** 68 ** Returns: 69 ** none. 70 ** 71 ** Side Effects: 72 ** housekeeping necessary to dispose of an envelope. 73 ** Unlocks this queue file. 74 */ 75 76 dropenvelope(e) 77 register ENVELOPE *e; 78 { 79 bool queueit = FALSE; 80 register ADDRESS *q; 81 82 if (tTd(50, 1)) 83 { 84 printf("dropenvelope %x id=", e); 85 xputs(e->e_id); 86 printf(" flags=%o\n", e->e_flags); 87 } 88 #ifdef LOG 89 if (LogLevel > 12) 90 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d", 91 e->e_id == NULL ? "(none)" : e->e_id, 92 e->e_flags, getpid()); 93 #endif /* LOG */ 94 95 /* we must have an id to remove disk files */ 96 if (e->e_id == NULL) 97 return; 98 99 /* 100 ** Extract state information from dregs of send list. 101 */ 102 103 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 104 { 105 if (bitset(QQUEUEUP, q->q_flags)) 106 queueit = TRUE; 107 } 108 109 /* 110 ** Send back return receipts as requested. 111 */ 112 113 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags)) 114 { 115 auto ADDRESS *rlist = NULL; 116 117 sendtolist(e->e_receiptto, (ADDRESS *) NULL, &rlist, e); 118 (void) returntosender("Return receipt", rlist, FALSE, e); 119 } 120 121 /* 122 ** Arrange to send error messages if there are fatal errors. 123 */ 124 125 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET) 126 savemail(e); 127 128 /* 129 ** Instantiate or deinstantiate the queue. 130 */ 131 132 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) || 133 bitset(EF_CLRQUEUE, e->e_flags)) 134 { 135 if (e->e_df != NULL) 136 xunlink(e->e_df); 137 xunlink(queuename(e, 'q')); 138 } 139 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 140 { 141 #ifdef QUEUE 142 queueup(e, FALSE, FALSE); 143 #else /* QUEUE */ 144 syserr("dropenvelope: queueup"); 145 #endif /* QUEUE */ 146 } 147 148 /* now unlock the job */ 149 closexscript(e); 150 unlockqueue(e); 151 152 /* make sure that this envelope is marked unused */ 153 e->e_id = e->e_df = NULL; 154 if (e->e_dfp != NULL) 155 (void) fclose(e->e_dfp); 156 e->e_dfp = NULL; 157 158 #ifdef LOG 159 if (LogLevel >= 10) 160 syslog(LOG_INFO, "%s: done", e->e_id); 161 #endif /* LOG */ 162 } 163 /* 164 ** CLEARENVELOPE -- clear an envelope without unlocking 165 ** 166 ** This is normally used by a child process to get a clean 167 ** envelope without disturbing the parent. 168 ** 169 ** Parameters: 170 ** e -- the envelope to clear. 171 ** fullclear - if set, the current envelope is total 172 ** garbage and should be ignored; otherwise, 173 ** release any resources it may indicate. 174 ** 175 ** Returns: 176 ** none. 177 ** 178 ** Side Effects: 179 ** Closes files associated with the envelope. 180 ** Marks the envelope as unallocated. 181 */ 182 183 clearenvelope(e, fullclear) 184 register ENVELOPE *e; 185 bool fullclear; 186 { 187 register HDR *bh; 188 register HDR **nhp; 189 extern ENVELOPE BlankEnvelope; 190 191 if (!fullclear) 192 { 193 /* clear out any file information */ 194 if (e->e_xfp != NULL) 195 (void) fclose(e->e_xfp); 196 if (e->e_dfp != NULL) 197 (void) fclose(e->e_dfp); 198 } 199 200 /* now clear out the data */ 201 STRUCTCOPY(BlankEnvelope, *e); 202 bh = BlankEnvelope.e_header; 203 nhp = &e->e_header; 204 while (bh != NULL) 205 { 206 *nhp = (HDR *) xalloc(sizeof *bh); 207 bcopy((char *) bh, (char *) *nhp, sizeof *bh); 208 bh = bh->h_link; 209 nhp = &(*nhp)->h_link; 210 } 211 } 212 /* 213 ** INITSYS -- initialize instantiation of system 214 ** 215 ** In Daemon mode, this is done in the child. 216 ** 217 ** Parameters: 218 ** none. 219 ** 220 ** Returns: 221 ** none. 222 ** 223 ** Side Effects: 224 ** Initializes the system macros, some global variables, 225 ** etc. In particular, the current time in various 226 ** forms is set. 227 */ 228 229 initsys(e) 230 register ENVELOPE *e; 231 { 232 static char cbuf[5]; /* holds hop count */ 233 static char pbuf[10]; /* holds pid */ 234 #ifdef TTYNAME 235 static char ybuf[10]; /* holds tty id */ 236 register char *p; 237 #endif /* TTYNAME */ 238 extern char *ttyname(); 239 extern char *macvalue(); 240 extern char Version[]; 241 242 /* 243 ** Give this envelope a reality. 244 ** I.e., an id, a transcript, and a creation time. 245 */ 246 247 openxscript(e); 248 e->e_ctime = curtime(); 249 250 /* 251 ** Set OutChannel to something useful if stdout isn't it. 252 ** This arranges that any extra stuff the mailer produces 253 ** gets sent back to the user on error (because it is 254 ** tucked away in the transcript). 255 */ 256 257 if (OpMode == MD_DAEMON && QueueRun) 258 OutChannel = e->e_xfp; 259 260 /* 261 ** Set up some basic system macros. 262 */ 263 264 /* process id */ 265 (void) sprintf(pbuf, "%d", getpid()); 266 define('p', pbuf, e); 267 268 /* hop count */ 269 (void) sprintf(cbuf, "%d", e->e_hopcount); 270 define('c', cbuf, e); 271 272 /* time as integer, unix time, arpa time */ 273 settime(e); 274 275 #ifdef TTYNAME 276 /* tty name */ 277 if (macvalue('y', e) == NULL) 278 { 279 p = ttyname(2); 280 if (p != NULL) 281 { 282 if (strrchr(p, '/') != NULL) 283 p = strrchr(p, '/') + 1; 284 (void) strcpy(ybuf, p); 285 define('y', ybuf, e); 286 } 287 } 288 #endif /* TTYNAME */ 289 } 290 /* 291 ** SETTIME -- set the current time. 292 ** 293 ** Parameters: 294 ** none. 295 ** 296 ** Returns: 297 ** none. 298 ** 299 ** Side Effects: 300 ** Sets the various time macros -- $a, $b, $d, $t. 301 */ 302 303 settime(e) 304 register ENVELOPE *e; 305 { 306 register char *p; 307 auto time_t now; 308 static char tbuf[20]; /* holds "current" time */ 309 static char dbuf[30]; /* holds ctime(tbuf) */ 310 register struct tm *tm; 311 extern char *arpadate(); 312 extern struct tm *gmtime(); 313 extern char *macvalue(); 314 315 now = curtime(); 316 tm = gmtime(&now); 317 (void) sprintf(tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900, 318 tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min); 319 define('t', tbuf, e); 320 (void) strcpy(dbuf, ctime(&now)); 321 *strchr(dbuf, '\n') = '\0'; 322 if (macvalue('d', e) == NULL) 323 define('d', dbuf, e); 324 p = newstr(arpadate(dbuf)); 325 if (macvalue('a', e) == NULL) 326 define('a', p, e); 327 define('b', p, e); 328 } 329 /* 330 ** OPENXSCRIPT -- Open transcript file 331 ** 332 ** Creates a transcript file for possible eventual mailing or 333 ** sending back. 334 ** 335 ** Parameters: 336 ** e -- the envelope to create the transcript in/for. 337 ** 338 ** Returns: 339 ** none 340 ** 341 ** Side Effects: 342 ** Creates the transcript file. 343 */ 344 345 openxscript(e) 346 register ENVELOPE *e; 347 { 348 register char *p; 349 int fd; 350 351 # ifdef LOG 352 if (LogLevel > 19) 353 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)"); 354 # endif /* LOG */ 355 if (e->e_xfp != NULL) 356 return; 357 p = queuename(e, 'x'); 358 fd = open(p, O_WRONLY|O_CREAT, 0644); 359 if (fd < 0) 360 syserr("Can't create %s", p); 361 else 362 e->e_xfp = fdopen(fd, "w"); 363 } 364 /* 365 ** CLOSEXSCRIPT -- close the transcript file. 366 ** 367 ** Parameters: 368 ** e -- the envelope containing the transcript to close. 369 ** 370 ** Returns: 371 ** none. 372 ** 373 ** Side Effects: 374 ** none. 375 */ 376 377 closexscript(e) 378 register ENVELOPE *e; 379 { 380 if (e->e_xfp == NULL) 381 return; 382 (void) fclose(e->e_xfp); 383 e->e_xfp = NULL; 384 } 385 /* 386 ** SETSENDER -- set the person who this message is from 387 ** 388 ** Under certain circumstances allow the user to say who 389 ** s/he is (using -f or -r). These are: 390 ** 1. The user's uid is zero (root). 391 ** 2. The user's login name is in an approved list (typically 392 ** from a network server). 393 ** 3. The address the user is trying to claim has a 394 ** "!" character in it (since #2 doesn't do it for 395 ** us if we are dialing out for UUCP). 396 ** A better check to replace #3 would be if the 397 ** effective uid is "UUCP" -- this would require me 398 ** to rewrite getpwent to "grab" uucp as it went by, 399 ** make getname more nasty, do another passwd file 400 ** scan, or compile the UID of "UUCP" into the code, 401 ** all of which are reprehensible. 402 ** 403 ** Assuming all of these fail, we figure out something 404 ** ourselves. 405 ** 406 ** Parameters: 407 ** from -- the person we would like to believe this message 408 ** is from, as specified on the command line. 409 ** e -- the envelope in which we would like the sender set. 410 ** 411 ** Returns: 412 ** none. 413 ** 414 ** Side Effects: 415 ** sets sendmail's notion of who the from person is. 416 */ 417 418 setsender(from, e) 419 char *from; 420 register ENVELOPE *e; 421 { 422 register char **pvp; 423 char *realname = NULL; 424 register struct passwd *pw; 425 char buf[MAXNAME]; 426 char pvpbuf[PSBUFSIZE]; 427 extern struct passwd *getpwnam(); 428 extern char *macvalue(); 429 extern char **prescan(); 430 extern bool safefile(); 431 extern char *FullName; 432 433 if (tTd(45, 1)) 434 printf("setsender(%s)\n", from == NULL ? "" : from); 435 436 /* 437 ** Figure out the real user executing us. 438 ** Username can return errno != 0 on non-errors. 439 */ 440 441 if (QueueRun || OpMode == MD_SMTP) 442 realname = from; 443 if (realname == NULL || realname[0] == '\0') 444 { 445 extern char *username(); 446 447 realname = username(); 448 } 449 450 /* 451 ** Determine if this real person is allowed to alias themselves. 452 */ 453 454 if (from != NULL) 455 { 456 extern bool trusteduser(); 457 458 if (!trusteduser(realname) && getuid() != geteuid() && 459 strchr(from, '!') == NULL && getuid() != 0) 460 { 461 /* network sends -r regardless (why why why?) */ 462 /* syserr("%s, you cannot use the -f flag", realname); */ 463 from = NULL; 464 } 465 } 466 467 /* 468 SuprErrs = TRUE; 469 */ 470 if (from == NULL || parseaddr(from, &e->e_from, 1, '\0', e) == NULL) 471 { 472 /* log garbage addresses for traceback */ 473 # ifdef LOG 474 if (from != NULL && LogLevel >= 1) 475 { 476 char *host = RealHostName; 477 478 if (host == NULL) 479 host = MyHostName; 480 syslog(LOG_NOTICE, 481 "from=%s unparseable, received from %s@%s", 482 from, realname, host); 483 } 484 # endif /* LOG */ 485 if (from != NULL) 486 SuprErrs = TRUE; 487 if (from == realname || 488 parseaddr(from = newstr(realname), &e->e_from, 1, '\0', e) == NULL) 489 { 490 SuprErrs = TRUE; 491 if (parseaddr("postmaster", &e->e_from, 1, '\0', e) == NULL) 492 syserr("setsender: can't even parse postmaster!"); 493 } 494 } 495 else 496 FromFlag = TRUE; 497 e->e_from.q_flags |= QDONTSEND; 498 loweraddr(&e->e_from); 499 SuprErrs = FALSE; 500 501 pvp = NULL; 502 if (e->e_from.q_mailer == LocalMailer) 503 { 504 # ifdef USERDB 505 register char *p; 506 extern char *udbsender(); 507 # endif 508 509 /* if the user has given fullname already, don't redefine */ 510 if (FullName == NULL) 511 FullName = macvalue('x', e); 512 if (FullName != NULL && FullName[0] == '\0') 513 FullName = NULL; 514 515 # ifdef USERDB 516 p = udbsender(from); 517 518 if (p != NULL) 519 { 520 /* 521 ** We have an alternate address for the sender 522 */ 523 524 pvp = prescan(p, '\0', pvpbuf); 525 } 526 # endif /* USERDB */ 527 528 if ((pw = getpwnam(e->e_from.q_user)) != NULL) 529 { 530 /* 531 ** Process passwd file entry. 532 */ 533 534 535 /* extract home directory */ 536 e->e_from.q_home = newstr(pw->pw_dir); 537 define('z', e->e_from.q_home, e); 538 539 /* extract user and group id */ 540 e->e_from.q_uid = pw->pw_uid; 541 e->e_from.q_gid = pw->pw_gid; 542 543 /* extract full name from passwd file */ 544 if (FullName == NULL && pw->pw_gecos != NULL && 545 strcmp(pw->pw_name, e->e_from.q_user) == 0) 546 { 547 buildfname(pw->pw_gecos, e->e_from.q_user, buf); 548 if (buf[0] != '\0') 549 FullName = newstr(buf); 550 } 551 } 552 if (FullName != NULL) 553 define('x', FullName, e); 554 } 555 else 556 { 557 if (e->e_from.q_home == NULL) 558 e->e_from.q_home = getenv("HOME"); 559 e->e_from.q_uid = getuid(); 560 e->e_from.q_gid = getgid(); 561 } 562 563 /* 564 ** Rewrite the from person to dispose of possible implicit 565 ** links in the net. 566 */ 567 568 if (pvp == NULL) 569 pvp = prescan(from, '\0', pvpbuf); 570 if (pvp == NULL) 571 { 572 # ifdef LOG 573 if (LogLevel >= 1) 574 syslog(LOG_NOTICE, "cannot prescan from (%s)", from); 575 # endif 576 usrerr("cannot prescan from (%s)", from); 577 finis(); 578 } 579 rewrite(pvp, 3); 580 rewrite(pvp, 1); 581 rewrite(pvp, 4); 582 cataddr(pvp, buf, sizeof buf); 583 e->e_sender = e->e_returnpath = newstr(buf); 584 585 define('f', e->e_sender, e); 586 587 /* save the domain spec if this mailer wants it */ 588 if (e->e_from.q_mailer != NULL && 589 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) 590 { 591 extern char **copyplist(); 592 593 while (*pvp != NULL && strcmp(*pvp, "@") != 0) 594 pvp++; 595 if (*pvp != NULL) 596 e->e_fromdomain = copyplist(pvp, TRUE); 597 } 598 } 599 /* 600 ** TRUSTEDUSER -- tell us if this user is to be trusted. 601 ** 602 ** Parameters: 603 ** user -- the user to be checked. 604 ** 605 ** Returns: 606 ** TRUE if the user is in an approved list. 607 ** FALSE otherwise. 608 ** 609 ** Side Effects: 610 ** none. 611 */ 612 613 bool 614 trusteduser(user) 615 char *user; 616 { 617 register char **ulist; 618 extern char *TrustedUsers[]; 619 620 for (ulist = TrustedUsers; *ulist != NULL; ulist++) 621 if (strcmp(*ulist, user) == 0) 622 return (TRUE); 623 return (FALSE); 624 } 625