1 /*
2  * Copyright (c) 1983 Eric P. Allman
3  * Copyright (c) 1988 Regents of the University of California.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms are permitted
7  * provided that the above copyright notice and this paragraph are
8  * duplicated in all such forms and that any documentation,
9  * advertising materials, and other materials related to such
10  * distribution and use acknowledge that the software was developed
11  * by the University of California, Berkeley.  The name of the
12  * University may not be used to endorse or promote products derived
13  * from this software without specific prior written permission.
14  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17  */
18 
19 #ifndef lint
20 static char sccsid[] = "@(#)envelope.c	5.18 (Berkeley) 01/01/89";
21 #endif /* not lint */
22 
23 #include <pwd.h>
24 #include <sys/time.h>
25 #include "sendmail.h"
26 #include <sys/stat.h>
27 
28 /*
29 **  NEWENVELOPE -- allocate a new envelope
30 **
31 **	Supports inheritance.
32 **
33 **	Parameters:
34 **		e -- the new envelope to fill in.
35 **
36 **	Returns:
37 **		e.
38 **
39 **	Side Effects:
40 **		none.
41 */
42 
43 ENVELOPE *
44 newenvelope(e)
45 	register ENVELOPE *e;
46 {
47 	register ENVELOPE *parent;
48 	extern putheader(), putbody();
49 	extern ENVELOPE BlankEnvelope;
50 
51 	parent = CurEnv;
52 	if (e == CurEnv)
53 		parent = e->e_parent;
54 	clearenvelope(e, TRUE);
55 	if (e == CurEnv)
56 		bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from);
57 	else
58 		bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from);
59 	e->e_parent = parent;
60 	e->e_ctime = curtime();
61 	e->e_msgpriority = parent->e_msgsize;
62 	e->e_puthdr = putheader;
63 	e->e_putbody = putbody;
64 	if (CurEnv->e_xfp != NULL)
65 		(void) fflush(CurEnv->e_xfp);
66 
67 	return (e);
68 }
69 /*
70 **  DROPENVELOPE -- deallocate an envelope.
71 **
72 **	Parameters:
73 **		e -- the envelope to deallocate.
74 **
75 **	Returns:
76 **		none.
77 **
78 **	Side Effects:
79 **		housekeeping necessary to dispose of an envelope.
80 **		Unlocks this queue file.
81 */
82 
83 dropenvelope(e)
84 	register ENVELOPE *e;
85 {
86 	bool queueit = FALSE;
87 	register ADDRESS *q;
88 
89 	if (tTd(50, 1))
90 	{
91 		printf("dropenvelope %x id=", e);
92 		xputs(e->e_id);
93 		printf(" flags=%o\n", e->e_flags);
94 	}
95 #ifdef LOG
96 	if (LogLevel > 10)
97 		syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d",
98 				  e->e_id == NULL ? "(none)" : e->e_id,
99 				  e->e_flags, getpid());
100 #endif LOG
101 
102 	/* we must have an id to remove disk files */
103 	if (e->e_id == NULL)
104 		return;
105 
106 	/*
107 	**  Extract state information from dregs of send list.
108 	*/
109 
110 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
111 	{
112 		if (bitset(QQUEUEUP, q->q_flags))
113 			queueit = TRUE;
114 	}
115 
116 	/*
117 	**  Send back return receipts as requested.
118 	*/
119 
120 	if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags))
121 	{
122 		auto ADDRESS *rlist = NULL;
123 
124 		sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist);
125 		(void) returntosender("Return receipt", rlist, FALSE);
126 	}
127 
128 	/*
129 	**  Arrange to send error messages if there are fatal errors.
130 	*/
131 
132 	if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET)
133 		savemail(e);
134 
135 	/*
136 	**  Instantiate or deinstantiate the queue.
137 	*/
138 
139 	if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) ||
140 	    bitset(EF_CLRQUEUE, e->e_flags))
141 	{
142 		if (e->e_df != NULL)
143 			xunlink(e->e_df);
144 		xunlink(queuename(e, 'q'));
145 	}
146 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
147 	{
148 #ifdef QUEUE
149 		queueup(e, FALSE, FALSE);
150 #else QUEUE
151 		syserr("dropenvelope: queueup");
152 #endif QUEUE
153 	}
154 
155 	/* now unlock the job */
156 	closexscript(e);
157 	unlockqueue(e);
158 
159 	/* make sure that this envelope is marked unused */
160 	e->e_id = e->e_df = NULL;
161 	if (e->e_dfp != NULL)
162 		(void) fclose(e->e_dfp);
163 	e->e_dfp = NULL;
164 }
165 /*
166 **  CLEARENVELOPE -- clear an envelope without unlocking
167 **
168 **	This is normally used by a child process to get a clean
169 **	envelope without disturbing the parent.
170 **
171 **	Parameters:
172 **		e -- the envelope to clear.
173 **		fullclear - if set, the current envelope is total
174 **			garbage and should be ignored; otherwise,
175 **			release any resources it may indicate.
176 **
177 **	Returns:
178 **		none.
179 **
180 **	Side Effects:
181 **		Closes files associated with the envelope.
182 **		Marks the envelope as unallocated.
183 */
184 
185 clearenvelope(e, fullclear)
186 	register ENVELOPE *e;
187 	bool fullclear;
188 {
189 	register HDR *bh;
190 	register HDR **nhp;
191 	extern ENVELOPE BlankEnvelope;
192 
193 	if (!fullclear)
194 	{
195 		/* clear out any file information */
196 		if (e->e_xfp != NULL)
197 			(void) fclose(e->e_xfp);
198 		if (e->e_dfp != NULL)
199 			(void) fclose(e->e_dfp);
200 	}
201 
202 	/* now clear out the data */
203 	STRUCTCOPY(BlankEnvelope, *e);
204 	bh = BlankEnvelope.e_header;
205 	nhp = &e->e_header;
206 	while (bh != NULL)
207 	{
208 		*nhp = (HDR *) xalloc(sizeof *bh);
209 		bcopy((char *) bh, (char *) *nhp, sizeof *bh);
210 		bh = bh->h_link;
211 		nhp = &(*nhp)->h_link;
212 	}
213 }
214 /*
215 **  INITSYS -- initialize instantiation of system
216 **
217 **	In Daemon mode, this is done in the child.
218 **
219 **	Parameters:
220 **		none.
221 **
222 **	Returns:
223 **		none.
224 **
225 **	Side Effects:
226 **		Initializes the system macros, some global variables,
227 **		etc.  In particular, the current time in various
228 **		forms is set.
229 */
230 
231 initsys()
232 {
233 	static char cbuf[5];			/* holds hop count */
234 	static char pbuf[10];			/* holds pid */
235 #ifdef TTYNAME
236 	static char ybuf[10];			/* holds tty id */
237 	register char *p;
238 #endif TTYNAME
239 	extern char *ttyname();
240 	extern char *macvalue();
241 	extern char Version[];
242 
243 	/*
244 	**  Give this envelope a reality.
245 	**	I.e., an id, a transcript, and a creation time.
246 	*/
247 
248 	openxscript(CurEnv);
249 	CurEnv->e_ctime = curtime();
250 
251 	/*
252 	**  Set OutChannel to something useful if stdout isn't it.
253 	**	This arranges that any extra stuff the mailer produces
254 	**	gets sent back to the user on error (because it is
255 	**	tucked away in the transcript).
256 	*/
257 
258 	if (OpMode == MD_DAEMON && QueueRun)
259 		OutChannel = CurEnv->e_xfp;
260 
261 	/*
262 	**  Set up some basic system macros.
263 	*/
264 
265 	/* process id */
266 	(void) sprintf(pbuf, "%d", getpid());
267 	define('p', pbuf, CurEnv);
268 
269 	/* hop count */
270 	(void) sprintf(cbuf, "%d", CurEnv->e_hopcount);
271 	define('c', cbuf, CurEnv);
272 
273 	/* time as integer, unix time, arpa time */
274 	settime();
275 
276 #ifdef TTYNAME
277 	/* tty name */
278 	if (macvalue('y', CurEnv) == NULL)
279 	{
280 		p = ttyname(2);
281 		if (p != NULL)
282 		{
283 			if (rindex(p, '/') != NULL)
284 				p = rindex(p, '/') + 1;
285 			(void) strcpy(ybuf, p);
286 			define('y', ybuf, CurEnv);
287 		}
288 	}
289 #endif TTYNAME
290 }
291 /*
292 **  SETTIME -- set the current time.
293 **
294 **	Parameters:
295 **		none.
296 **
297 **	Returns:
298 **		none.
299 **
300 **	Side Effects:
301 **		Sets the various time macros -- $a, $b, $d, $t.
302 */
303 
304 settime()
305 {
306 	register char *p;
307 	auto time_t now;
308 	static char tbuf[20];			/* holds "current" time */
309 	static char dbuf[30];			/* holds ctime(tbuf) */
310 	register struct tm *tm;
311 	extern char *arpadate();
312 	extern struct tm *gmtime();
313 	extern char *macvalue();
314 
315 	now = curtime();
316 	tm = gmtime(&now);
317 	(void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1,
318 			tm->tm_mday, tm->tm_hour, tm->tm_min);
319 	define('t', tbuf, CurEnv);
320 	(void) strcpy(dbuf, ctime(&now));
321 	*index(dbuf, '\n') = '\0';
322 	if (macvalue('d', CurEnv) == NULL)
323 		define('d', dbuf, CurEnv);
324 	p = newstr(arpadate(dbuf));
325 	if (macvalue('a', CurEnv) == NULL)
326 		define('a', p, CurEnv);
327 	define('b', p, CurEnv);
328 }
329 /*
330 **  OPENXSCRIPT -- Open transcript file
331 **
332 **	Creates a transcript file for possible eventual mailing or
333 **	sending back.
334 **
335 **	Parameters:
336 **		e -- the envelope to create the transcript in/for.
337 **
338 **	Returns:
339 **		none
340 **
341 **	Side Effects:
342 **		Creates the transcript file.
343 */
344 
345 openxscript(e)
346 	register ENVELOPE *e;
347 {
348 	register char *p;
349 
350 # ifdef LOG
351 	if (LogLevel > 19)
352 		syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)");
353 # endif LOG
354 	if (e->e_xfp != NULL)
355 		return;
356 	p = queuename(e, 'x');
357 	e->e_xfp = fopen(p, "w");
358 	if (e->e_xfp == NULL)
359 		syserr("Can't create %s", p);
360 	else
361 		(void) chmod(p, 0644);
362 }
363 /*
364 **  CLOSEXSCRIPT -- close the transcript file.
365 **
366 **	Parameters:
367 **		e -- the envelope containing the transcript to close.
368 **
369 **	Returns:
370 **		none.
371 **
372 **	Side Effects:
373 **		none.
374 */
375 
376 closexscript(e)
377 	register ENVELOPE *e;
378 {
379 	if (e->e_xfp == NULL)
380 		return;
381 	(void) fclose(e->e_xfp);
382 	e->e_xfp = NULL;
383 }
384 /*
385 **  SETSENDER -- set the person who this message is from
386 **
387 **	Under certain circumstances allow the user to say who
388 **	s/he is (using -f or -r).  These are:
389 **	1.  The user's uid is zero (root).
390 **	2.  The user's login name is in an approved list (typically
391 **	    from a network server).
392 **	3.  The address the user is trying to claim has a
393 **	    "!" character in it (since #2 doesn't do it for
394 **	    us if we are dialing out for UUCP).
395 **	A better check to replace #3 would be if the
396 **	effective uid is "UUCP" -- this would require me
397 **	to rewrite getpwent to "grab" uucp as it went by,
398 **	make getname more nasty, do another passwd file
399 **	scan, or compile the UID of "UUCP" into the code,
400 **	all of which are reprehensible.
401 **
402 **	Assuming all of these fail, we figure out something
403 **	ourselves.
404 **
405 **	Parameters:
406 **		from -- the person we would like to believe this message
407 **			is from, as specified on the command line.
408 **
409 **	Returns:
410 **		none.
411 **
412 **	Side Effects:
413 **		sets sendmail's notion of who the from person is.
414 */
415 
416 setsender(from)
417 	char *from;
418 {
419 	register char **pvp;
420 	char *realname = NULL;
421 	register struct passwd *pw;
422 	char buf[MAXNAME];
423 	char pvpbuf[PSBUFSIZE];
424 	extern struct passwd *getpwnam();
425 	extern char *macvalue();
426 	extern char **prescan();
427 	extern bool safefile();
428 	extern char *FullName;
429 
430 	if (tTd(45, 1))
431 		printf("setsender(%s)\n", from == NULL ? "" : from);
432 
433 	/*
434 	**  Figure out the real user executing us.
435 	**	Username can return errno != 0 on non-errors.
436 	*/
437 
438 	if (QueueRun || OpMode == MD_SMTP || OpMode == MD_ARPAFTP)
439 		realname = from;
440 	if (realname == NULL || realname[0] == '\0')
441 	{
442 		extern char *username();
443 
444 		realname = username();
445 	}
446 
447 	/*
448 	**  Determine if this real person is allowed to alias themselves.
449 	*/
450 
451 	if (from != NULL)
452 	{
453 		extern bool trusteduser();
454 
455 		if (!trusteduser(realname) && getuid() != geteuid() &&
456 		    index(from, '!') == NULL && getuid() != 0)
457 		{
458 			/* network sends -r regardless (why why why?) */
459 			/* syserr("%s, you cannot use the -f flag", realname); */
460 			from = NULL;
461 		}
462 	}
463 
464 	SuprErrs = TRUE;
465 	if (from == NULL || parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL)
466 	{
467 		/* log garbage addresses for traceback */
468 		if (from != NULL)
469 		{
470 # ifdef LOG
471 			if (LogLevel >= 1)
472 			    if (realname == from && RealHostName != NULL)
473 				syslog(LOG_NOTICE,
474 				    "from=%s unparseable, received from %s",
475 				    from, RealHostName);
476 			    else
477 				syslog(LOG_NOTICE,
478 				    "Unparseable username %s wants from=%s",
479 				    realname, from);
480 # endif LOG
481 		}
482 		from = newstr(realname);
483 		if (parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL &&
484 		    parseaddr("postmaster", &CurEnv->e_from, 1, '\0') == NULL)
485 		{
486 			syserr("setsender: can't even parse postmaster!");
487 		}
488 	}
489 	else
490 		FromFlag = TRUE;
491 	CurEnv->e_from.q_flags |= QDONTSEND;
492 	loweraddr(&CurEnv->e_from);
493 	SuprErrs = FALSE;
494 
495 	if (CurEnv->e_from.q_mailer == LocalMailer &&
496 	    (pw = getpwnam(CurEnv->e_from.q_user)) != NULL)
497 	{
498 		/*
499 		**  Process passwd file entry.
500 		*/
501 
502 
503 		/* extract home directory */
504 		CurEnv->e_from.q_home = newstr(pw->pw_dir);
505 		define('z', CurEnv->e_from.q_home, CurEnv);
506 
507 		/* extract user and group id */
508 		CurEnv->e_from.q_uid = pw->pw_uid;
509 		CurEnv->e_from.q_gid = pw->pw_gid;
510 
511 		/* if the user has given fullname already, don't redefine */
512 		if (FullName == NULL)
513 			FullName = macvalue('x', CurEnv);
514 		if (FullName != NULL && FullName[0] == '\0')
515 			FullName = NULL;
516 
517 		/* extract full name from passwd file */
518 		if (FullName == NULL && pw->pw_gecos != NULL &&
519 		    strcmp(pw->pw_name, CurEnv->e_from.q_user) == 0)
520 		{
521 			buildfname(pw->pw_gecos, CurEnv->e_from.q_user, buf);
522 			if (buf[0] != '\0')
523 				FullName = newstr(buf);
524 		}
525 		if (FullName != NULL)
526 			define('x', FullName, CurEnv);
527 	}
528 	else
529 	{
530 		if (CurEnv->e_from.q_home == NULL)
531 			CurEnv->e_from.q_home = getenv("HOME");
532 		CurEnv->e_from.q_uid = getuid();
533 		CurEnv->e_from.q_gid = getgid();
534 	}
535 
536 	if (CurEnv->e_from.q_uid != 0)
537 	{
538 		DefUid = CurEnv->e_from.q_uid;
539 		DefGid = CurEnv->e_from.q_gid;
540 	}
541 
542 	/*
543 	**  Rewrite the from person to dispose of possible implicit
544 	**	links in the net.
545 	*/
546 
547 	pvp = prescan(from, '\0', pvpbuf);
548 	if (pvp == NULL)
549 	{
550 # ifdef LOG
551 		if (LogLevel >= 1)
552 			syslog(LOG_NOTICE, "cannot prescan from (%s)", from);
553 # endif
554 		usrerr("cannot prescan from (%s)", from);
555 		finis();
556 	}
557 	rewrite(pvp, 3);
558 	rewrite(pvp, 1);
559 	rewrite(pvp, 4);
560 	cataddr(pvp, buf, sizeof buf);
561 	define('f', newstr(buf), CurEnv);
562 
563 	/* save the domain spec if this mailer wants it */
564 	if (CurEnv->e_from.q_mailer != NULL &&
565 	    bitnset(M_CANONICAL, CurEnv->e_from.q_mailer->m_flags))
566 	{
567 		extern char **copyplist();
568 
569 		while (*pvp != NULL && strcmp(*pvp, "@") != 0)
570 			pvp++;
571 		if (*pvp != NULL)
572 			CurEnv->e_fromdomain = copyplist(pvp, TRUE);
573 	}
574 }
575 /*
576 **  TRUSTEDUSER -- tell us if this user is to be trusted.
577 **
578 **	Parameters:
579 **		user -- the user to be checked.
580 **
581 **	Returns:
582 **		TRUE if the user is in an approved list.
583 **		FALSE otherwise.
584 **
585 **	Side Effects:
586 **		none.
587 */
588 
589 bool
590 trusteduser(user)
591 	char *user;
592 {
593 	register char **ulist;
594 	extern char *TrustedUsers[];
595 
596 	for (ulist = TrustedUsers; *ulist != NULL; ulist++)
597 		if (strcmp(*ulist, user) == 0)
598 			return (TRUE);
599 	return (FALSE);
600 }
601