1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms are permitted 7 * provided that the above copyright notice and this paragraph are 8 * duplicated in all such forms and that any documentation, 9 * advertising materials, and other materials related to such 10 * distribution and use acknowledge that the software was developed 11 * by the University of California, Berkeley. The name of the 12 * University may not be used to endorse or promote products derived 13 * from this software without specific prior written permission. 14 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 16 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 17 */ 18 19 #ifndef lint 20 static char sccsid[] = "@(#)envelope.c 5.15 (Berkeley) 06/30/88"; 21 #endif /* not lint */ 22 23 #include <pwd.h> 24 #include <sys/time.h> 25 #include "sendmail.h" 26 #include <sys/stat.h> 27 28 /* 29 ** NEWENVELOPE -- allocate a new envelope 30 ** 31 ** Supports inheritance. 32 ** 33 ** Parameters: 34 ** e -- the new envelope to fill in. 35 ** 36 ** Returns: 37 ** e. 38 ** 39 ** Side Effects: 40 ** none. 41 */ 42 43 ENVELOPE * 44 newenvelope(e) 45 register ENVELOPE *e; 46 { 47 register ENVELOPE *parent; 48 extern putheader(), putbody(); 49 extern ENVELOPE BlankEnvelope; 50 51 parent = CurEnv; 52 if (e == CurEnv) 53 parent = e->e_parent; 54 clearenvelope(e, TRUE); 55 if (e == CurEnv) 56 bcopy((char *) &NullAddress, (char *) &e->e_from, sizeof e->e_from); 57 else 58 bcopy((char *) &CurEnv->e_from, (char *) &e->e_from, sizeof e->e_from); 59 e->e_parent = parent; 60 e->e_ctime = curtime(); 61 e->e_msgpriority = parent->e_msgsize; 62 e->e_puthdr = putheader; 63 e->e_putbody = putbody; 64 if (CurEnv->e_xfp != NULL) 65 (void) fflush(CurEnv->e_xfp); 66 67 return (e); 68 } 69 /* 70 ** DROPENVELOPE -- deallocate an envelope. 71 ** 72 ** Parameters: 73 ** e -- the envelope to deallocate. 74 ** 75 ** Returns: 76 ** none. 77 ** 78 ** Side Effects: 79 ** housekeeping necessary to dispose of an envelope. 80 ** Unlocks this queue file. 81 */ 82 83 dropenvelope(e) 84 register ENVELOPE *e; 85 { 86 bool queueit = FALSE; 87 register ADDRESS *q; 88 89 #ifdef DEBUG 90 if (tTd(50, 1)) 91 { 92 printf("dropenvelope %x id=", e); 93 xputs(e->e_id); 94 printf(" flags=%o\n", e->e_flags); 95 } 96 #endif DEBUG 97 #ifdef LOG 98 if (LogLevel > 10) 99 syslog(LOG_DEBUG, "dropenvelope, id=%s, flags=%o, pid=%d", 100 e->e_id == NULL ? "(none)" : e->e_id, 101 e->e_flags, getpid()); 102 #endif LOG 103 104 /* we must have an id to remove disk files */ 105 if (e->e_id == NULL) 106 return; 107 108 /* 109 ** Extract state information from dregs of send list. 110 */ 111 112 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 113 { 114 if (bitset(QQUEUEUP, q->q_flags)) 115 queueit = TRUE; 116 } 117 118 /* 119 ** Send back return receipts as requested. 120 */ 121 122 if (e->e_receiptto != NULL && bitset(EF_SENDRECEIPT, e->e_flags)) 123 { 124 auto ADDRESS *rlist = NULL; 125 126 sendtolist(CurEnv->e_receiptto, (ADDRESS *) NULL, &rlist); 127 (void) returntosender("Return receipt", rlist, FALSE); 128 } 129 130 /* 131 ** Arrange to send error messages if there are fatal errors. 132 */ 133 134 if (bitset(EF_FATALERRS|EF_TIMEOUT, e->e_flags) && ErrorMode != EM_QUIET) 135 savemail(e); 136 137 /* 138 ** Instantiate or deinstantiate the queue. 139 */ 140 141 if ((!queueit && !bitset(EF_KEEPQUEUE, e->e_flags)) || 142 bitset(EF_CLRQUEUE, e->e_flags)) 143 { 144 if (e->e_df != NULL) 145 xunlink(e->e_df); 146 xunlink(queuename(e, 'q')); 147 } 148 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 149 { 150 #ifdef QUEUE 151 queueup(e, FALSE, FALSE); 152 #else QUEUE 153 syserr("dropenvelope: queueup"); 154 #endif QUEUE 155 } 156 157 /* now unlock the job */ 158 closexscript(e); 159 unlockqueue(e); 160 161 /* make sure that this envelope is marked unused */ 162 e->e_id = e->e_df = NULL; 163 if (e->e_dfp != NULL) 164 (void) fclose(e->e_dfp); 165 e->e_dfp = NULL; 166 } 167 /* 168 ** CLEARENVELOPE -- clear an envelope without unlocking 169 ** 170 ** This is normally used by a child process to get a clean 171 ** envelope without disturbing the parent. 172 ** 173 ** Parameters: 174 ** e -- the envelope to clear. 175 ** fullclear - if set, the current envelope is total 176 ** garbage and should be ignored; otherwise, 177 ** release any resources it may indicate. 178 ** 179 ** Returns: 180 ** none. 181 ** 182 ** Side Effects: 183 ** Closes files associated with the envelope. 184 ** Marks the envelope as unallocated. 185 */ 186 187 clearenvelope(e, fullclear) 188 register ENVELOPE *e; 189 bool fullclear; 190 { 191 register HDR *bh; 192 register HDR **nhp; 193 extern ENVELOPE BlankEnvelope; 194 195 if (!fullclear) 196 { 197 /* clear out any file information */ 198 if (e->e_xfp != NULL) 199 (void) fclose(e->e_xfp); 200 if (e->e_dfp != NULL) 201 (void) fclose(e->e_dfp); 202 } 203 204 /* now clear out the data */ 205 STRUCTCOPY(BlankEnvelope, *e); 206 bh = BlankEnvelope.e_header; 207 nhp = &e->e_header; 208 while (bh != NULL) 209 { 210 *nhp = (HDR *) xalloc(sizeof *bh); 211 bcopy((char *) bh, (char *) *nhp, sizeof *bh); 212 bh = bh->h_link; 213 nhp = &(*nhp)->h_link; 214 } 215 } 216 /* 217 ** INITSYS -- initialize instantiation of system 218 ** 219 ** In Daemon mode, this is done in the child. 220 ** 221 ** Parameters: 222 ** none. 223 ** 224 ** Returns: 225 ** none. 226 ** 227 ** Side Effects: 228 ** Initializes the system macros, some global variables, 229 ** etc. In particular, the current time in various 230 ** forms is set. 231 */ 232 233 initsys() 234 { 235 static char cbuf[5]; /* holds hop count */ 236 static char pbuf[10]; /* holds pid */ 237 #ifdef TTYNAME 238 static char ybuf[10]; /* holds tty id */ 239 register char *p; 240 #endif TTYNAME 241 extern char *ttyname(); 242 extern char *macvalue(); 243 extern char Version[]; 244 245 /* 246 ** Give this envelope a reality. 247 ** I.e., an id, a transcript, and a creation time. 248 */ 249 250 openxscript(CurEnv); 251 CurEnv->e_ctime = curtime(); 252 253 /* 254 ** Set OutChannel to something useful if stdout isn't it. 255 ** This arranges that any extra stuff the mailer produces 256 ** gets sent back to the user on error (because it is 257 ** tucked away in the transcript). 258 */ 259 260 if (OpMode == MD_DAEMON && QueueRun) 261 OutChannel = CurEnv->e_xfp; 262 263 /* 264 ** Set up some basic system macros. 265 */ 266 267 /* process id */ 268 (void) sprintf(pbuf, "%d", getpid()); 269 define('p', pbuf, CurEnv); 270 271 /* hop count */ 272 (void) sprintf(cbuf, "%d", CurEnv->e_hopcount); 273 define('c', cbuf, CurEnv); 274 275 /* time as integer, unix time, arpa time */ 276 settime(); 277 278 #ifdef TTYNAME 279 /* tty name */ 280 if (macvalue('y', CurEnv) == NULL) 281 { 282 p = ttyname(2); 283 if (p != NULL) 284 { 285 if (rindex(p, '/') != NULL) 286 p = rindex(p, '/') + 1; 287 (void) strcpy(ybuf, p); 288 define('y', ybuf, CurEnv); 289 } 290 } 291 #endif TTYNAME 292 } 293 /* 294 ** SETTIME -- set the current time. 295 ** 296 ** Parameters: 297 ** none. 298 ** 299 ** Returns: 300 ** none. 301 ** 302 ** Side Effects: 303 ** Sets the various time macros -- $a, $b, $d, $t. 304 */ 305 306 settime() 307 { 308 register char *p; 309 auto time_t now; 310 static char tbuf[20]; /* holds "current" time */ 311 static char dbuf[30]; /* holds ctime(tbuf) */ 312 register struct tm *tm; 313 extern char *arpadate(); 314 extern struct tm *gmtime(); 315 extern char *macvalue(); 316 317 now = curtime(); 318 tm = gmtime(&now); 319 (void) sprintf(tbuf, "%02d%02d%02d%02d%02d", tm->tm_year, tm->tm_mon+1, 320 tm->tm_mday, tm->tm_hour, tm->tm_min); 321 define('t', tbuf, CurEnv); 322 (void) strcpy(dbuf, ctime(&now)); 323 *index(dbuf, '\n') = '\0'; 324 if (macvalue('d', CurEnv) == NULL) 325 define('d', dbuf, CurEnv); 326 p = newstr(arpadate(dbuf)); 327 if (macvalue('a', CurEnv) == NULL) 328 define('a', p, CurEnv); 329 define('b', p, CurEnv); 330 } 331 /* 332 ** OPENXSCRIPT -- Open transcript file 333 ** 334 ** Creates a transcript file for possible eventual mailing or 335 ** sending back. 336 ** 337 ** Parameters: 338 ** e -- the envelope to create the transcript in/for. 339 ** 340 ** Returns: 341 ** none 342 ** 343 ** Side Effects: 344 ** Creates the transcript file. 345 */ 346 347 openxscript(e) 348 register ENVELOPE *e; 349 { 350 register char *p; 351 352 # ifdef LOG 353 if (LogLevel > 19) 354 syslog(LOG_DEBUG, "%s: openx%s", e->e_id, e->e_xfp == NULL ? "" : " (no)"); 355 # endif LOG 356 if (e->e_xfp != NULL) 357 return; 358 p = queuename(e, 'x'); 359 e->e_xfp = fopen(p, "w"); 360 if (e->e_xfp == NULL) 361 syserr("Can't create %s", p); 362 else 363 (void) chmod(p, 0644); 364 } 365 /* 366 ** CLOSEXSCRIPT -- close the transcript file. 367 ** 368 ** Parameters: 369 ** e -- the envelope containing the transcript to close. 370 ** 371 ** Returns: 372 ** none. 373 ** 374 ** Side Effects: 375 ** none. 376 */ 377 378 closexscript(e) 379 register ENVELOPE *e; 380 { 381 if (e->e_xfp == NULL) 382 return; 383 (void) fclose(e->e_xfp); 384 e->e_xfp = NULL; 385 } 386 /* 387 ** SETSENDER -- set the person who this message is from 388 ** 389 ** Under certain circumstances allow the user to say who 390 ** s/he is (using -f or -r). These are: 391 ** 1. The user's uid is zero (root). 392 ** 2. The user's login name is in an approved list (typically 393 ** from a network server). 394 ** 3. The address the user is trying to claim has a 395 ** "!" character in it (since #2 doesn't do it for 396 ** us if we are dialing out for UUCP). 397 ** A better check to replace #3 would be if the 398 ** effective uid is "UUCP" -- this would require me 399 ** to rewrite getpwent to "grab" uucp as it went by, 400 ** make getname more nasty, do another passwd file 401 ** scan, or compile the UID of "UUCP" into the code, 402 ** all of which are reprehensible. 403 ** 404 ** Assuming all of these fail, we figure out something 405 ** ourselves. 406 ** 407 ** Parameters: 408 ** from -- the person we would like to believe this message 409 ** is from, as specified on the command line. 410 ** 411 ** Returns: 412 ** none. 413 ** 414 ** Side Effects: 415 ** sets sendmail's notion of who the from person is. 416 */ 417 418 setsender(from) 419 char *from; 420 { 421 register char **pvp; 422 char *realname = NULL; 423 register struct passwd *pw; 424 char buf[MAXNAME]; 425 char pvpbuf[PSBUFSIZE]; 426 extern struct passwd *getpwnam(); 427 extern char *macvalue(); 428 extern char **prescan(); 429 extern bool safefile(); 430 extern char *FullName; 431 432 # ifdef DEBUG 433 if (tTd(45, 1)) 434 printf("setsender(%s)\n", from == NULL ? "" : from); 435 # endif DEBUG 436 437 /* 438 ** Figure out the real user executing us. 439 ** Username can return errno != 0 on non-errors. 440 */ 441 442 if (QueueRun || OpMode == MD_SMTP || OpMode == MD_ARPAFTP) 443 realname = from; 444 if (realname == NULL || realname[0] == '\0') 445 { 446 extern char *username(); 447 448 realname = username(); 449 } 450 451 /* 452 ** Determine if this real person is allowed to alias themselves. 453 */ 454 455 if (from != NULL) 456 { 457 extern bool trusteduser(); 458 459 if (!trusteduser(realname) && 460 # ifdef DEBUG 461 (!tTd(1, 9) || getuid() != geteuid()) && 462 # endif DEBUG 463 index(from, '!') == NULL && getuid() != 0) 464 { 465 /* network sends -r regardless (why why why?) */ 466 /* syserr("%s, you cannot use the -f flag", realname); */ 467 from = NULL; 468 } 469 } 470 471 SuprErrs = TRUE; 472 if (from == NULL || parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL) 473 { 474 /* log garbage addresses for traceback */ 475 if (from != NULL) 476 { 477 # ifdef LOG 478 if (LogLevel >= 1) 479 syslog(LOG_ERR, "Unparseable user %s wants to be %s", 480 realname, from); 481 # endif LOG 482 } 483 from = newstr(realname); 484 if (parseaddr(from, &CurEnv->e_from, 1, '\0') == NULL && 485 parseaddr("postmaster", &CurEnv->e_from, 1, '\0') == NULL) 486 { 487 syserr("setsender: can't even parse postmaster!"); 488 } 489 } 490 else 491 FromFlag = TRUE; 492 CurEnv->e_from.q_flags |= QDONTSEND; 493 loweraddr(&CurEnv->e_from); 494 SuprErrs = FALSE; 495 496 if (CurEnv->e_from.q_mailer == LocalMailer && 497 (pw = getpwnam(CurEnv->e_from.q_user)) != NULL) 498 { 499 /* 500 ** Process passwd file entry. 501 */ 502 503 504 /* extract home directory */ 505 CurEnv->e_from.q_home = newstr(pw->pw_dir); 506 define('z', CurEnv->e_from.q_home, CurEnv); 507 508 /* extract user and group id */ 509 CurEnv->e_from.q_uid = pw->pw_uid; 510 CurEnv->e_from.q_gid = pw->pw_gid; 511 512 /* if the user has given fullname already, don't redefine */ 513 if (FullName == NULL) 514 FullName = macvalue('x', CurEnv); 515 if (FullName != NULL && FullName[0] == '\0') 516 FullName = NULL; 517 518 /* extract full name from passwd file */ 519 if (FullName == NULL && pw->pw_gecos != NULL && 520 strcmp(pw->pw_name, CurEnv->e_from.q_user) == 0) 521 { 522 buildfname(pw->pw_gecos, CurEnv->e_from.q_user, buf); 523 if (buf[0] != '\0') 524 FullName = newstr(buf); 525 } 526 if (FullName != NULL) 527 define('x', FullName, CurEnv); 528 } 529 else 530 { 531 if (CurEnv->e_from.q_home == NULL) 532 CurEnv->e_from.q_home = getenv("HOME"); 533 CurEnv->e_from.q_uid = getuid(); 534 CurEnv->e_from.q_gid = getgid(); 535 } 536 537 if (CurEnv->e_from.q_uid != 0) 538 { 539 DefUid = CurEnv->e_from.q_uid; 540 DefGid = CurEnv->e_from.q_gid; 541 } 542 543 /* 544 ** Rewrite the from person to dispose of possible implicit 545 ** links in the net. 546 */ 547 548 pvp = prescan(from, '\0', pvpbuf); 549 if (pvp == NULL) 550 { 551 syserr("cannot prescan from (%s)", from); 552 finis(); 553 } 554 rewrite(pvp, 3); 555 rewrite(pvp, 1); 556 rewrite(pvp, 4); 557 cataddr(pvp, buf, sizeof buf); 558 define('f', newstr(buf), CurEnv); 559 560 /* save the domain spec if this mailer wants it */ 561 if (CurEnv->e_from.q_mailer != NULL && 562 bitnset(M_CANONICAL, CurEnv->e_from.q_mailer->m_flags)) 563 { 564 extern char **copyplist(); 565 566 while (*pvp != NULL && strcmp(*pvp, "@") != 0) 567 pvp++; 568 if (*pvp != NULL) 569 CurEnv->e_fromdomain = copyplist(pvp, TRUE); 570 } 571 } 572 /* 573 ** TRUSTEDUSER -- tell us if this user is to be trusted. 574 ** 575 ** Parameters: 576 ** user -- the user to be checked. 577 ** 578 ** Returns: 579 ** TRUE if the user is in an approved list. 580 ** FALSE otherwise. 581 ** 582 ** Side Effects: 583 ** none. 584 */ 585 586 bool 587 trusteduser(user) 588 char *user; 589 { 590 register char **ulist; 591 extern char *TrustedUsers[]; 592 593 for (ulist = TrustedUsers; *ulist != NULL; ulist++) 594 if (strcmp(*ulist, user) == 0) 595 return (TRUE); 596 return (FALSE); 597 } 598