1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)recipient.c 8.40 (Berkeley) 01/22/94";
11 #endif /* not lint */
12
13 # include "sendmail.h"
14 # include <pwd.h>
15
16 /*
17 ** SENDTOLIST -- Designate a send list.
18 **
19 ** The parameter is a comma-separated list of people to send to.
20 ** This routine arranges to send to all of them.
21 **
22 ** Parameters:
23 ** list -- the send list.
24 ** ctladdr -- the address template for the person to
25 ** send to -- effective uid/gid are important.
26 ** This is typically the alias that caused this
27 ** expansion.
28 ** sendq -- a pointer to the head of a queue to put
29 ** these people into.
30 ** e -- the envelope in which to add these recipients.
31 **
32 ** Returns:
33 ** The number of addresses actually on the list.
34 **
35 ** Side Effects:
36 ** none.
37 */
38
39 # define MAXRCRSN 10
40
41 sendtolist(list, ctladdr, sendq, e)
42 char *list;
43 ADDRESS *ctladdr;
44 ADDRESS **sendq;
45 register ENVELOPE *e;
46 {
47 register char *p;
48 register ADDRESS *al; /* list of addresses to send to */
49 bool firstone; /* set on first address sent */
50 char delimiter; /* the address delimiter */
51 int naddrs;
52 char *oldto = e->e_to;
53
54 if (list == NULL)
55 {
56 syserr("sendtolist: null list");
57 return 0;
58 }
59
60 if (tTd(25, 1))
61 {
62 printf("sendto: %s\n ctladdr=", list);
63 printaddr(ctladdr, FALSE);
64 }
65
66 /* heuristic to determine old versus new style addresses */
67 if (ctladdr == NULL &&
68 (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
69 strchr(list, '<') != NULL || strchr(list, '(') != NULL))
70 e->e_flags &= ~EF_OLDSTYLE;
71 delimiter = ' ';
72 if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
73 delimiter = ',';
74
75 firstone = TRUE;
76 al = NULL;
77 naddrs = 0;
78
79 for (p = list; *p != '\0'; )
80 {
81 auto char *delimptr;
82 register ADDRESS *a;
83
84 /* parse the address */
85 while ((isascii(*p) && isspace(*p)) || *p == ',')
86 p++;
87 a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e);
88 p = delimptr;
89 if (a == NULL)
90 continue;
91 a->q_next = al;
92 a->q_alias = ctladdr;
93
94 /* see if this should be marked as a primary address */
95 if (ctladdr == NULL ||
96 (firstone && *p == '\0' && bitset(QPRIMARY, ctladdr->q_flags)))
97 a->q_flags |= QPRIMARY;
98
99 if (ctladdr != NULL && sameaddr(ctladdr, a))
100 ctladdr->q_flags |= QSELFREF;
101 al = a;
102 firstone = FALSE;
103 }
104
105 /* arrange to send to everyone on the local send list */
106 while (al != NULL)
107 {
108 register ADDRESS *a = al;
109
110 al = a->q_next;
111 a = recipient(a, sendq, e);
112
113 /* arrange to inherit full name */
114 if (a->q_fullname == NULL && ctladdr != NULL)
115 a->q_fullname = ctladdr->q_fullname;
116 naddrs++;
117 }
118
119 e->e_to = oldto;
120 return (naddrs);
121 }
122 �/*
123 ** RECIPIENT -- Designate a message recipient
124 **
125 ** Saves the named person for future mailing.
126 **
127 ** Parameters:
128 ** a -- the (preparsed) address header for the recipient.
129 ** sendq -- a pointer to the head of a queue to put the
130 ** recipient in. Duplicate supression is done
131 ** in this queue.
132 ** e -- the current envelope.
133 **
134 ** Returns:
135 ** The actual address in the queue. This will be "a" if
136 ** the address is not a duplicate, else the original address.
137 **
138 ** Side Effects:
139 ** none.
140 */
141
142 ADDRESS *
143 recipient(a, sendq, e)
144 register ADDRESS *a;
145 register ADDRESS **sendq;
146 register ENVELOPE *e;
147 {
148 register ADDRESS *q;
149 ADDRESS **pq;
150 register struct mailer *m;
151 register char *p;
152 bool quoted = FALSE; /* set if the addr has a quote bit */
153 int findusercount = 0;
154 char buf[MAXNAME]; /* unquoted image of the user name */
155 extern int safefile();
156
157 e->e_to = a->q_paddr;
158 m = a->q_mailer;
159 errno = 0;
160 if (tTd(26, 1))
161 {
162 printf("\nrecipient: ");
163 printaddr(a, FALSE);
164 }
165
166 /* if this is primary, add it to the original recipient list */
167 if (a->q_alias == NULL)
168 {
169 if (e->e_origrcpt == NULL)
170 e->e_origrcpt = a->q_paddr;
171 else if (e->e_origrcpt != a->q_paddr)
172 e->e_origrcpt = "";
173 }
174
175 /* break aliasing loops */
176 if (AliasLevel > MAXRCRSN)
177 {
178 usrerr("554 aliasing/forwarding loop broken");
179 return (a);
180 }
181
182 /*
183 ** Finish setting up address structure.
184 */
185
186 /* set the queue timeout */
187 a->q_timeout = TimeOuts.to_q_return;
188
189 /* get unquoted user for file, program or user.name check */
190 (void) strcpy(buf, a->q_user);
191 for (p = buf; *p != '\0' && !quoted; p++)
192 {
193 if (*p == '\\')
194 quoted = TRUE;
195 }
196 stripquotes(buf);
197
198 /* check for direct mailing to restricted mailers */
199 if (m == ProgMailer)
200 {
201 if (a->q_alias == NULL)
202 {
203 a->q_flags |= QBADADDR;
204 usrerr("550 Cannot mail directly to programs");
205 }
206 else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
207 {
208 a->q_flags |= QBADADDR;
209 usrerr("550 User %s@%s doesn't have a valid shell for mailing to programs",
210 a->q_alias->q_ruser, MyHostName);
211 }
212 else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
213 {
214 a->q_flags |= QBADADDR;
215 usrerr("550 Address %s is unsafe for mailing to programs",
216 a->q_alias->q_paddr);
217 }
218 }
219
220 /*
221 ** Look up this person in the recipient list.
222 ** If they are there already, return, otherwise continue.
223 ** If the list is empty, just add it. Notice the cute
224 ** hack to make from addresses suppress things correctly:
225 ** the QDONTSEND bit will be set in the send list.
226 ** [Please note: the emphasis is on "hack."]
227 */
228
229 for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
230 {
231 if (sameaddr(q, a))
232 {
233 if (tTd(26, 1))
234 {
235 printf("%s in sendq: ", a->q_paddr);
236 printaddr(q, FALSE);
237 }
238 if (!bitset(QPRIMARY, q->q_flags))
239 {
240 if (!bitset(QDONTSEND, a->q_flags))
241 message("duplicate suppressed");
242 q->q_flags |= a->q_flags;
243 }
244 else if (bitset(QSELFREF, q->q_flags))
245 q->q_flags |= a->q_flags & ~QDONTSEND;
246 a = q;
247 goto testselfdestruct;
248 }
249 }
250
251 /* add address on list */
252 *pq = a;
253 a->q_next = NULL;
254
255 /*
256 ** Alias the name and handle special mailer types.
257 */
258
259 trylocaluser:
260 if (tTd(29, 7))
261 printf("at trylocaluser %s\n", a->q_user);
262
263 if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags))
264 goto testselfdestruct;
265
266 if (m == InclMailer)
267 {
268 a->q_flags |= QDONTSEND;
269 if (a->q_alias == NULL)
270 {
271 a->q_flags |= QBADADDR;
272 usrerr("550 Cannot mail directly to :include:s");
273 }
274 else
275 {
276 int ret;
277
278 message("including file %s", a->q_user);
279 ret = include(a->q_user, FALSE, a, sendq, e);
280 if (transienterror(ret))
281 {
282 #ifdef LOG
283 if (LogLevel > 2)
284 syslog(LOG_ERR, "%s: include %s: transient error: %e",
285 e->e_id, a->q_user, errstring(ret));
286 #endif
287 a->q_flags |= QQUEUEUP;
288 a->q_flags &= ~QDONTSEND;
289 usrerr("451 Cannot open %s: %s",
290 a->q_user, errstring(ret));
291 }
292 else if (ret != 0)
293 {
294 a->q_flags |= QBADADDR;
295 usrerr("550 Cannot open %s: %s",
296 a->q_user, errstring(ret));
297 }
298 }
299 }
300 else if (m == FileMailer)
301 {
302 extern bool writable();
303
304 /* check if writable or creatable */
305 if (a->q_alias == NULL)
306 {
307 a->q_flags |= QBADADDR;
308 usrerr("550 Cannot mail directly to files");
309 }
310 else if (bitset(QBOGUSSHELL, a->q_alias->q_flags))
311 {
312 a->q_flags |= QBADADDR;
313 usrerr("550 User %s@%s doesn't have a valid shell for mailing to files",
314 a->q_alias->q_ruser, MyHostName);
315 }
316 else if (bitset(QUNSAFEADDR, a->q_alias->q_flags))
317 {
318 a->q_flags |= QBADADDR;
319 usrerr("550 Address %s is unsafe for mailing to files",
320 a->q_alias->q_paddr);
321 }
322 else if (!writable(buf, getctladdr(a), SFF_ANYFILE))
323 {
324 a->q_flags |= QBADADDR;
325 giveresponse(EX_CANTCREAT, m, NULL, a->q_alias, e);
326 }
327 }
328
329 if (m != LocalMailer)
330 {
331 if (!bitset(QDONTSEND, a->q_flags))
332 e->e_nrcpts++;
333 goto testselfdestruct;
334 }
335
336 /* try aliasing */
337 alias(a, sendq, e);
338
339 # ifdef USERDB
340 /* if not aliased, look it up in the user database */
341 if (!bitset(QDONTSEND|QNOTREMOTE|QVERIFIED, a->q_flags))
342 {
343 extern int udbexpand();
344
345 if (udbexpand(a, sendq, e) == EX_TEMPFAIL)
346 {
347 a->q_flags |= QQUEUEUP;
348 if (e->e_message == NULL)
349 e->e_message = newstr("Deferred: user database error");
350 # ifdef LOG
351 if (LogLevel > 8)
352 syslog(LOG_INFO, "%s: deferred: udbexpand: %s",
353 e->e_id, errstring(errno));
354 # endif
355 message("queued (user database error): %s",
356 errstring(errno));
357 e->e_nrcpts++;
358 goto testselfdestruct;
359 }
360 }
361 # endif
362
363 /* if it was an alias or a UDB expansion, just return now */
364 if (bitset(QDONTSEND|QQUEUEUP|QVERIFIED, a->q_flags))
365 goto testselfdestruct;
366
367 /*
368 ** If we have a level two config file, then pass the name through
369 ** Ruleset 5 before sending it off. Ruleset 5 has the right
370 ** to send rewrite it to another mailer. This gives us a hook
371 ** after local aliasing has been done.
372 */
373
374 if (tTd(29, 5))
375 {
376 printf("recipient: testing local? cl=%d, rr5=%x\n\t",
377 ConfigLevel, RewriteRules[5]);
378 printaddr(a, FALSE);
379 }
380 if (!bitset(QNOTREMOTE, a->q_flags) && ConfigLevel >= 2 &&
381 RewriteRules[5] != NULL)
382 {
383 maplocaluser(a, sendq, e);
384 }
385
386 /*
387 ** If it didn't get rewritten to another mailer, go ahead
388 ** and deliver it.
389 */
390
391 if (!bitset(QDONTSEND|QQUEUEUP, a->q_flags))
392 {
393 auto bool fuzzy;
394 register struct passwd *pw;
395 extern struct passwd *finduser();
396
397 /* warning -- finduser may trash buf */
398 pw = finduser(buf, &fuzzy);
399 if (pw == NULL)
400 {
401 a->q_flags |= QBADADDR;
402 giveresponse(EX_NOUSER, m, NULL, a->q_alias, e);
403 }
404 else
405 {
406 char nbuf[MAXNAME];
407
408 if (fuzzy)
409 {
410 /* name was a fuzzy match */
411 a->q_user = newstr(pw->pw_name);
412 if (findusercount++ > 3)
413 {
414 a->q_flags |= QBADADDR;
415 usrerr("554 aliasing/forwarding loop for %s broken",
416 pw->pw_name);
417 return (a);
418 }
419
420 /* see if it aliases */
421 (void) strcpy(buf, pw->pw_name);
422 goto trylocaluser;
423 }
424 if (strcmp(pw->pw_dir, "/") == 0)
425 a->q_home = "";
426 else
427 a->q_home = newstr(pw->pw_dir);
428 a->q_uid = pw->pw_uid;
429 a->q_gid = pw->pw_gid;
430 a->q_ruser = newstr(pw->pw_name);
431 a->q_flags |= QGOODUID;
432 buildfname(pw->pw_gecos, pw->pw_name, nbuf);
433 if (nbuf[0] != '\0')
434 a->q_fullname = newstr(nbuf);
435 if (pw->pw_shell != NULL && pw->pw_shell[0] != '\0' &&
436 !usershellok(pw->pw_shell))
437 {
438 a->q_flags |= QBOGUSSHELL;
439 }
440 if (!quoted)
441 forward(a, sendq, e);
442 }
443 }
444 if (!bitset(QDONTSEND, a->q_flags))
445 e->e_nrcpts++;
446
447 testselfdestruct:
448 if (tTd(26, 8))
449 {
450 printf("testselfdestruct: ");
451 printaddr(a, TRUE);
452 }
453 if (a->q_alias == NULL && a != &e->e_from &&
454 bitset(QDONTSEND, a->q_flags))
455 {
456 q = *sendq;
457 while (q != NULL && bitset(QDONTSEND, q->q_flags))
458 q = q->q_next;
459 if (q == NULL)
460 {
461 a->q_flags |= QBADADDR;
462 usrerr("554 aliasing/forwarding loop broken");
463 }
464 }
465 return (a);
466 }
467 �/*
468 ** FINDUSER -- find the password entry for a user.
469 **
470 ** This looks a lot like getpwnam, except that it may want to
471 ** do some fancier pattern matching in /etc/passwd.
472 **
473 ** This routine contains most of the time of many sendmail runs.
474 ** It deserves to be optimized.
475 **
476 ** Parameters:
477 ** name -- the name to match against.
478 ** fuzzyp -- an outarg that is set to TRUE if this entry
479 ** was found using the fuzzy matching algorithm;
480 ** set to FALSE otherwise.
481 **
482 ** Returns:
483 ** A pointer to a pw struct.
484 ** NULL if name is unknown or ambiguous.
485 **
486 ** Side Effects:
487 ** may modify name.
488 */
489
490 struct passwd *
491 finduser(name, fuzzyp)
492 char *name;
493 bool *fuzzyp;
494 {
495 register struct passwd *pw;
496 register char *p;
497 extern struct passwd *getpwent();
498 extern struct passwd *getpwnam();
499
500 if (tTd(29, 4))
501 printf("finduser(%s): ", name);
502
503 *fuzzyp = FALSE;
504
505 /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
506 for (p = name; *p != '\0'; p++)
507 if (!isascii(*p) || !isdigit(*p))
508 break;
509 if (*p == '\0')
510 {
511 if (tTd(29, 4))
512 printf("failed (numeric input)\n");
513 return NULL;
514 }
515
516 /* look up this login name using fast path */
517 if ((pw = getpwnam(name)) != NULL)
518 {
519 if (tTd(29, 4))
520 printf("found (non-fuzzy)\n");
521 return (pw);
522 }
523
524 #ifdef MATCHGECOS
525 /* see if fuzzy matching allowed */
526 if (!MatchGecos)
527 {
528 if (tTd(29, 4))
529 printf("not found (fuzzy disabled)\n");
530 return NULL;
531 }
532
533 /* search for a matching full name instead */
534 for (p = name; *p != '\0'; p++)
535 {
536 if (*p == (SpaceSub & 0177) || *p == '_')
537 *p = ' ';
538 }
539 (void) setpwent();
540 while ((pw = getpwent()) != NULL)
541 {
542 char buf[MAXNAME];
543
544 buildfname(pw->pw_gecos, pw->pw_name, buf);
545 if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
546 {
547 if (tTd(29, 4))
548 printf("fuzzy matches %s\n", pw->pw_name);
549 message("sending to login name %s", pw->pw_name);
550 *fuzzyp = TRUE;
551 return (pw);
552 }
553 }
554 if (tTd(29, 4))
555 printf("no fuzzy match found\n");
556 #else
557 if (tTd(29, 4))
558 printf("not found (fuzzy disabled)\n");
559 #endif
560 return (NULL);
561 }
562 �/*
563 ** WRITABLE -- predicate returning if the file is writable.
564 **
565 ** This routine must duplicate the algorithm in sys/fio.c.
566 ** Unfortunately, we cannot use the access call since we
567 ** won't necessarily be the real uid when we try to
568 ** actually open the file.
569 **
570 ** Notice that ANY file with ANY execute bit is automatically
571 ** not writable. This is also enforced by mailfile.
572 **
573 ** Parameters:
574 ** filename -- the file name to check.
575 ** ctladdr -- the controlling address for this file.
576 ** flags -- SFF_* flags to control the function.
577 **
578 ** Returns:
579 ** TRUE -- if we will be able to write this file.
580 ** FALSE -- if we cannot write this file.
581 **
582 ** Side Effects:
583 ** none.
584 */
585
586 bool
587 writable(filename, ctladdr, flags)
588 char *filename;
589 ADDRESS *ctladdr;
590 int flags;
591 {
592 uid_t euid;
593 gid_t egid;
594 int bits;
595 register char *p;
596 char *uname;
597 struct stat stb;
598 extern char RealUserName[];
599
600 if (tTd(29, 5))
601 printf("writable(%s, %x)\n", filename, flags);
602
603 #ifdef HASLSTAT
604 if ((bitset(SFF_NOSLINK, flags) ? lstat(filename, &stb)
605 : stat(filename, &stb)) < 0)
606 #else
607 if (stat(filename, &stb) < 0)
608 #endif
609 {
610 /* file does not exist -- see if directory is safe */
611 p = strrchr(filename, '/');
612 if (p == NULL)
613 {
614 errno = ENOTDIR;
615 return FALSE;
616 }
617 *p = '\0';
618 errno = safefile(filename, RealUid, RealGid, RealUserName,
619 SFF_MUSTOWN, S_IWRITE|S_IEXEC);
620 *p = '/';
621 return errno == 0;
622 }
623
624 #ifdef SUID_ROOT_FILES_OK
625 /* really ought to be passed down -- and not a good idea */
626 flags |= SFF_ROOTOK;
627 #endif
628
629 /*
630 ** File does exist -- check that it is writable.
631 */
632
633 if (bitset(0111, stb.st_mode))
634 {
635 if (tTd(29, 5))
636 printf("failed (mode %o: x bits)\n", stb.st_mode);
637 errno = EPERM;
638 return (FALSE);
639 }
640
641 if (ctladdr != NULL && geteuid() == 0)
642 {
643 euid = ctladdr->q_uid;
644 egid = ctladdr->q_gid;
645 uname = ctladdr->q_user;
646 }
647 else
648 {
649 euid = RealUid;
650 egid = RealGid;
651 uname = RealUserName;
652 }
653 if (euid == 0)
654 {
655 euid = DefUid;
656 uname = DefUser;
657 }
658 if (egid == 0)
659 egid = DefGid;
660 if (geteuid() == 0)
661 {
662 if (bitset(S_ISUID, stb.st_mode) &&
663 (stb.st_uid != 0 || bitset(SFF_ROOTOK, flags)))
664 {
665 euid = stb.st_uid;
666 uname = NULL;
667 }
668 if (bitset(S_ISGID, stb.st_mode) &&
669 (stb.st_gid != 0 || bitset(SFF_ROOTOK, flags)))
670 egid = stb.st_gid;
671 }
672
673 if (tTd(29, 5))
674 printf("\teu/gid=%d/%d, st_u/gid=%d/%d\n",
675 euid, egid, stb.st_uid, stb.st_gid);
676
677 errno = safefile(filename, euid, egid, uname, flags, S_IWRITE);
678 return errno == 0;
679 }
680 �/*
681 ** INCLUDE -- handle :include: specification.
682 **
683 ** Parameters:
684 ** fname -- filename to include.
685 ** forwarding -- if TRUE, we are reading a .forward file.
686 ** if FALSE, it's a :include: file.
687 ** ctladdr -- address template to use to fill in these
688 ** addresses -- effective user/group id are
689 ** the important things.
690 ** sendq -- a pointer to the head of the send queue
691 ** to put these addresses in.
692 **
693 ** Returns:
694 ** open error status
695 **
696 ** Side Effects:
697 ** reads the :include: file and sends to everyone
698 ** listed in that file.
699 */
700
701 static jmp_buf CtxIncludeTimeout;
702 static int includetimeout();
703
704 #ifndef S_IWOTH
705 # define S_IWOTH (S_IWRITE >> 6)
706 #endif
707
708 int
709 include(fname, forwarding, ctladdr, sendq, e)
710 char *fname;
711 bool forwarding;
712 ADDRESS *ctladdr;
713 ADDRESS **sendq;
714 ENVELOPE *e;
715 {
716 register FILE *fp = NULL;
717 char *oldto = e->e_to;
718 char *oldfilename = FileName;
719 int oldlinenumber = LineNumber;
720 register EVENT *ev = NULL;
721 int nincludes;
722 register ADDRESS *ca;
723 uid_t saveduid, uid;
724 gid_t savedgid, gid;
725 char *uname;
726 int rval = 0;
727 int sfflags = forwarding ? SFF_MUSTOWN : SFF_ANYFILE;
728 struct stat st;
729 char buf[MAXLINE];
730
731 if (tTd(27, 2))
732 printf("include(%s)\n", fname);
733 if (tTd(27, 4))
734 printf(" ruid=%d euid=%d\n", getuid(), geteuid());
735 if (tTd(27, 14))
736 {
737 printf("ctladdr ");
738 printaddr(ctladdr, FALSE);
739 }
740
741 if (tTd(27, 9))
742 printf("include: old uid = %d/%d\n", getuid(), geteuid());
743
744 ca = getctladdr(ctladdr);
745 if (ca == NULL)
746 {
747 uid = DefUid;
748 gid = DefGid;
749 uname = DefUser;
750 saveduid = -1;
751 }
752 else
753 {
754 uid = ca->q_uid;
755 gid = ca->q_gid;
756 uname = ca->q_user;
757 #ifdef HASSETREUID
758 saveduid = geteuid();
759 savedgid = getegid();
760 if (saveduid == 0)
761 {
762 initgroups(uname, gid);
763 if (uid != 0)
764 (void) setreuid(0, uid);
765 }
766 #endif
767 }
768
769 if (tTd(27, 9))
770 printf("include: new uid = %d/%d\n", getuid(), geteuid());
771
772 /*
773 ** If home directory is remote mounted but server is down,
774 ** this can hang or give errors; use a timeout to avoid this
775 */
776
777 if (setjmp(CtxIncludeTimeout) != 0)
778 {
779 ctladdr->q_flags |= QQUEUEUP;
780 errno = 0;
781
782 /* return pseudo-error code */
783 rval = EOPENTIMEOUT;
784 goto resetuid;
785 }
786 ev = setevent((time_t) 60, includetimeout, 0);
787
788 /* the input file must be marked safe */
789 rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD);
790 if (rval != 0)
791 {
792 /* don't use this :include: file */
793 if (tTd(27, 4))
794 printf("include: not safe (uid=%d): %s\n",
795 uid, errstring(rval));
796 }
797 else
798 {
799 fp = fopen(fname, "r");
800 if (fp == NULL)
801 {
802 rval = errno;
803 if (tTd(27, 4))
804 printf("include: open: %s\n", errstring(rval));
805 }
806 }
807 clrevent(ev);
808
809 resetuid:
810
811 #ifdef HASSETREUID
812 if (saveduid == 0)
813 {
814 if (uid != 0)
815 if (setreuid(-1, 0) < 0 || setreuid(RealUid, 0) < 0)
816 syserr("setreuid(%d, 0) failure (real=%d, eff=%d)",
817 RealUid, getuid(), geteuid());
818 setgid(savedgid);
819 }
820 #endif
821
822 if (tTd(27, 9))
823 printf("include: reset uid = %d/%d\n", getuid(), geteuid());
824
825 if (rval == EOPENTIMEOUT)
826 usrerr("451 open timeout on %s", fname);
827
828 if (fp == NULL)
829 return rval;
830
831 if (fstat(fileno(fp), &st) < 0)
832 {
833 rval = errno;
834 syserr("Cannot fstat %s!", fname);
835 return rval;
836 }
837
838 if (ca == NULL)
839 {
840 ctladdr->q_uid = st.st_uid;
841 ctladdr->q_gid = st.st_gid;
842 ctladdr->q_flags |= QGOODUID;
843 }
844 if (ca != NULL && ca->q_uid == st.st_uid)
845 {
846 /* optimization -- avoid getpwuid if we already have info */
847 ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL;
848 ctladdr->q_ruser = ca->q_ruser;
849 }
850 else
851 {
852 register struct passwd *pw;
853
854 pw = getpwuid(st.st_uid);
855 if (pw == NULL || !usershellok(pw->pw_shell))
856 {
857 ctladdr->q_ruser = newstr(pw->pw_name);
858 ctladdr->q_flags |= QBOGUSSHELL;
859 }
860 }
861
862 if (bitset(EF_VRFYONLY, e->e_flags))
863 {
864 /* don't do any more now */
865 ctladdr->q_flags |= QVERIFIED;
866 e->e_nrcpts++;
867 xfclose(fp, "include", fname);
868 return rval;
869 }
870
871 /*
872 ** Check to see if some bad guy can write this file
873 **
874 ** This should really do something clever with group
875 ** permissions; currently we just view world writable
876 ** as unsafe. Also, we don't check for writable
877 ** directories in the path. We've got to leave
878 ** something for the local sysad to do.
879 */
880
881 if (bitset(S_IWOTH, st.st_mode))
882 ctladdr->q_flags |= QUNSAFEADDR;
883
884 /* read the file -- each line is a comma-separated list. */
885 FileName = fname;
886 LineNumber = 0;
887 ctladdr->q_flags &= ~QSELFREF;
888 nincludes = 0;
889 while (fgets(buf, sizeof buf, fp) != NULL)
890 {
891 register char *p = strchr(buf, '\n');
892
893 LineNumber++;
894 if (p != NULL)
895 *p = '\0';
896 if (buf[0] == '#' || buf[0] == '\0')
897 continue;
898 e->e_to = NULL;
899 message("%s to %s",
900 forwarding ? "forwarding" : "sending", buf);
901 #ifdef LOG
902 if (forwarding && LogLevel > 9)
903 syslog(LOG_INFO, "%s: forward %s => %s",
904 e->e_id, oldto, buf);
905 #endif
906
907 AliasLevel++;
908 nincludes += sendtolist(buf, ctladdr, sendq, e);
909 AliasLevel--;
910 }
911
912 if (ferror(fp) && tTd(27, 3))
913 printf("include: read error: %s\n", errstring(errno));
914 if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
915 {
916 if (tTd(27, 5))
917 {
918 printf("include: QDONTSEND ");
919 printaddr(ctladdr, FALSE);
920 }
921 ctladdr->q_flags |= QDONTSEND;
922 }
923
924 (void) xfclose(fp, "include", fname);
925 FileName = oldfilename;
926 LineNumber = oldlinenumber;
927 e->e_to = oldto;
928 return rval;
929 }
930
931 static
932 includetimeout()
933 {
934 longjmp(CtxIncludeTimeout, 1);
935 }
936 �/*
937 ** SENDTOARGV -- send to an argument vector.
938 **
939 ** Parameters:
940 ** argv -- argument vector to send to.
941 ** e -- the current envelope.
942 **
943 ** Returns:
944 ** none.
945 **
946 ** Side Effects:
947 ** puts all addresses on the argument vector onto the
948 ** send queue.
949 */
950
951 sendtoargv(argv, e)
952 register char **argv;
953 register ENVELOPE *e;
954 {
955 register char *p;
956
957 while ((p = *argv++) != NULL)
958 {
959 (void) sendtolist(p, NULLADDR, &e->e_sendqueue, e);
960 }
961 }
962 �/*
963 ** GETCTLADDR -- get controlling address from an address header.
964 **
965 ** If none, get one corresponding to the effective userid.
966 **
967 ** Parameters:
968 ** a -- the address to find the controller of.
969 **
970 ** Returns:
971 ** the controlling address.
972 **
973 ** Side Effects:
974 ** none.
975 */
976
977 ADDRESS *
978 getctladdr(a)
979 register ADDRESS *a;
980 {
981 while (a != NULL && !bitset(QGOODUID, a->q_flags))
982 a = a->q_alias;
983 return (a);
984 }
985