1 /*
2 * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13 /*
14 * Copyright (c) 2016 by Delphix. All rights reserved.
15 */
16 #include <sendmail.h>
17
18 SM_RCSID("@(#)$Id: envelope.c,v 8.310 2009/12/18 17:08:01 ca Exp $")
19
20 /*
21 ** CLRSESSENVELOPE -- clear session oriented data in an envelope
22 **
23 ** Parameters:
24 ** e -- the envelope to clear.
25 **
26 ** Returns:
27 ** none.
28 */
29
30 void
31 clrsessenvelope(e)
32 ENVELOPE *e;
33 {
34 #if SASL
35 macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
36 macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
37 macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
38 macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
39 #endif /* SASL */
40 #if STARTTLS
41 macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
42 macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
43 macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
44 macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
45 macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
46 macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
47 # if _FFR_TLS_1
48 macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
49 macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
50 macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
51 # endif /* _FFR_TLS_1 */
52 #endif /* STARTTLS */
53 }
54
55 /*
56 ** NEWENVELOPE -- fill in a new envelope
57 **
58 ** Supports inheritance.
59 **
60 ** Parameters:
61 ** e -- the new envelope to fill in.
62 ** parent -- the envelope to be the parent of e.
63 ** rpool -- either NULL, or a pointer to a resource pool
64 ** from which envelope memory is allocated, and
65 ** to which envelope resources are attached.
66 **
67 ** Returns:
68 ** e.
69 **
70 ** Side Effects:
71 ** none.
72 */
73
74 ENVELOPE *
newenvelope(e,parent,rpool)75 newenvelope(e, parent, rpool)
76 register ENVELOPE *e;
77 register ENVELOPE *parent;
78 SM_RPOOL_T *rpool;
79 {
80 int sendmode;
81
82 /*
83 ** This code used to read:
84 ** if (e == parent && e->e_parent != NULL)
85 ** parent = e->e_parent;
86 ** So if e == parent && e->e_parent == NULL then we would
87 ** set e->e_parent = e, which creates a loop in the e_parent chain.
88 ** This meant macvalue() could go into an infinite loop.
89 */
90
91 if (parent != NULL)
92 sendmode = parent->e_sendmode;
93 else
94 sendmode = DM_NOTSET;
95
96 if (e == parent)
97 parent = e->e_parent;
98 clearenvelope(e, true, rpool);
99 if (e == CurEnv)
100 memmove((char *) &e->e_from,
101 (char *) &NullAddress,
102 sizeof(e->e_from));
103 else
104 memmove((char *) &e->e_from,
105 (char *) &CurEnv->e_from,
106 sizeof(e->e_from));
107 e->e_parent = parent;
108 assign_queueid(e);
109 e->e_ctime = curtime();
110 #if _FFR_SESSID
111 e->e_sessid = e->e_id;
112 #endif /* _FFR_SESSID */
113 if (parent != NULL)
114 {
115 e->e_msgpriority = parent->e_msgsize;
116 #if _FFR_SESSID
117 if (parent->e_sessid != NULL)
118 e->e_sessid = sm_rpool_strdup_x(rpool,
119 parent->e_sessid);
120 #endif /* _FFR_SESSID */
121
122 if (parent->e_quarmsg == NULL)
123 {
124 e->e_quarmsg = NULL;
125 macdefine(&e->e_macro, A_PERM,
126 macid("{quarantine}"), "");
127 }
128 else
129 {
130 e->e_quarmsg = sm_rpool_strdup_x(rpool,
131 parent->e_quarmsg);
132 macdefine(&e->e_macro, A_PERM,
133 macid("{quarantine}"), e->e_quarmsg);
134 }
135 }
136 e->e_puthdr = putheader;
137 e->e_putbody = putbody;
138 if (CurEnv->e_xfp != NULL)
139 (void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
140 if (sendmode != DM_NOTSET)
141 set_delivery_mode(sendmode, e);
142
143 return e;
144 }
145
146 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
147 #define MSG_T_O 0x01 /* normal timeout */
148 #define MSG_T_O_NOW 0x02 /* NOW timeout */
149 #define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */
150 #define MSG_WARN 0x10 /* normal queue warning */
151 #define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */
152
153 #define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */
154
155 /* immediate return */
156 #define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
157 #define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */
158
159 /*
160 ** DROPENVELOPE -- deallocate an envelope.
161 **
162 ** Parameters:
163 ** e -- the envelope to deallocate.
164 ** fulldrop -- if set, do return receipts.
165 ** split -- if true, split by recipient if message is queued up
166 **
167 ** Returns:
168 ** EX_* status (currently: 0: success, EX_IOERR on panic)
169 **
170 ** Side Effects:
171 ** housekeeping necessary to dispose of an envelope.
172 ** Unlocks this queue file.
173 */
174
175 int
dropenvelope(e,fulldrop,split)176 dropenvelope(e, fulldrop, split)
177 register ENVELOPE *e;
178 bool fulldrop;
179 bool split;
180 {
181 bool panic = false;
182 bool queueit = false;
183 int msg_timeout = 0;
184 bool failure_return = false;
185 bool delay_return = false;
186 bool success_return = false;
187 bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
188 bool done = false;
189 register ADDRESS *q;
190 char *id = e->e_id;
191 time_t now;
192 char buf[MAXLINE];
193
194 if (tTd(50, 1))
195 {
196 sm_dprintf("dropenvelope %p: id=", e);
197 xputs(sm_debug_file(), e->e_id);
198 sm_dprintf(", flags=");
199 printenvflags(e);
200 if (tTd(50, 10))
201 {
202 sm_dprintf("sendq=");
203 printaddr(sm_debug_file(), e->e_sendqueue, true);
204 }
205 }
206
207 if (LogLevel > 84)
208 sm_syslog(LOG_DEBUG, id,
209 "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
210 e->e_flags, OpMode, (int) CurrentPid);
211
212 /* we must have an id to remove disk files */
213 if (id == NULL)
214 return EX_OK;
215
216 /* if verify-only mode, we can skip most of this */
217 if (OpMode == MD_VERIFY)
218 goto simpledrop;
219
220 if (tTd(92, 2))
221 sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
222 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
223 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
224 logsender(e, NULL);
225 e->e_flags &= ~EF_LOGSENDER;
226
227 /* post statistics */
228 poststats(StatFile);
229
230 /*
231 ** Extract state information from dregs of send list.
232 */
233
234 now = curtime();
235 if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
236 msg_timeout = MSG_T_O;
237 if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
238 now >= e->e_ctime + e->e_deliver_by &&
239 !bitset(EF_RESPONSE, e->e_flags))
240 {
241 msg_timeout = MSG_NOT_BY;
242 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
243 }
244 else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
245 !bitset(EF_RESPONSE, e->e_flags))
246 {
247 msg_timeout = MSG_T_O_NOW;
248 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
249 }
250
251 e->e_flags &= ~EF_QUEUERUN;
252 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
253 {
254 if (QS_IS_UNDELIVERED(q->q_state))
255 queueit = true;
256
257 /* see if a notification is needed */
258 if (bitset(QPINGONFAILURE, q->q_flags) &&
259 ((IS_MSG_ERR(msg_timeout) &&
260 QS_IS_UNDELIVERED(q->q_state)) ||
261 QS_IS_BADADDR(q->q_state) ||
262 IS_IMM_RET(msg_timeout)))
263 {
264 failure_return = true;
265 if (!done && q->q_owner == NULL &&
266 !emptyaddr(&e->e_from))
267 {
268 (void) sendtolist(e->e_from.q_paddr, NULLADDR,
269 &e->e_errorqueue, 0, e);
270 done = true;
271 }
272 }
273 else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
274 ((QS_IS_SENT(q->q_state) &&
275 bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
276 bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
277 bitset(QBYTRACE, q->q_flags) ||
278 bitset(QBYNRELAY, q->q_flags))
279 {
280 success_return = true;
281 }
282 }
283
284 if (e->e_class < 0)
285 e->e_flags |= EF_NO_BODY_RETN;
286
287 /*
288 ** See if the message timed out.
289 */
290
291 if (!queueit)
292 /* EMPTY */
293 /* nothing to do */ ;
294 else if (IS_MSG_ERR(msg_timeout))
295 {
296 if (failure_return)
297 {
298 if (msg_timeout == MSG_NOT_BY)
299 {
300 (void) sm_snprintf(buf, sizeof(buf),
301 "delivery time expired %lds",
302 e->e_deliver_by);
303 }
304 else
305 {
306 (void) sm_snprintf(buf, sizeof(buf),
307 "Cannot send message for %s",
308 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
309 false));
310 }
311
312 /* don't free, allocated from e_rpool */
313 e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
314 message(buf);
315 e->e_flags |= EF_CLRQUEUE;
316 }
317 if (msg_timeout == MSG_NOT_BY)
318 {
319 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
320 "Delivery time (%lds) expired\n",
321 e->e_deliver_by);
322 }
323 else
324 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
325 "Message could not be delivered for %s\n",
326 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
327 false));
328 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
329 "Message will be deleted from queue\n");
330 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
331 {
332 if (QS_IS_UNDELIVERED(q->q_state))
333 {
334 q->q_state = QS_BADADDR;
335 if (msg_timeout == MSG_NOT_BY)
336 q->q_status = "5.4.7";
337 else
338 q->q_status = "4.4.7";
339 }
340 }
341 }
342 else
343 {
344 if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
345 now >= e->e_ctime +
346 TimeOuts.to_q_warning[e->e_timeoutclass])
347 msg_timeout = MSG_WARN;
348 else if (IS_DLVR_NOTIFY(e) &&
349 e->e_deliver_by > 0 &&
350 now >= e->e_ctime + e->e_deliver_by)
351 msg_timeout = MSG_WARN_BY;
352
353 if (IS_MSG_WARN(msg_timeout))
354 {
355 if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
356 e->e_class >= 0 &&
357 e->e_from.q_paddr != NULL &&
358 strcmp(e->e_from.q_paddr, "<>") != 0 &&
359 sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
360 (strlen(e->e_from.q_paddr) <= 8 ||
361 sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
362 "-request") != 0))
363 {
364 for (q = e->e_sendqueue; q != NULL;
365 q = q->q_next)
366 {
367 if (QS_IS_UNDELIVERED(q->q_state)
368 #if _FFR_NODELAYDSN_ON_HOLD
369 && !bitnset(M_HOLD,
370 q->q_mailer->m_flags)
371 #endif /* _FFR_NODELAYDSN_ON_HOLD */
372 )
373 {
374 if (msg_timeout ==
375 MSG_WARN_BY &&
376 (bitset(QPINGONDELAY,
377 q->q_flags) ||
378 !bitset(QHASNOTIFY,
379 q->q_flags))
380 )
381 {
382 q->q_flags |= QBYNDELAY;
383 delay_return = true;
384 }
385 if (bitset(QPINGONDELAY,
386 q->q_flags))
387 {
388 q->q_flags |= QDELAYED;
389 delay_return = true;
390 }
391 }
392 }
393 }
394 if (delay_return)
395 {
396 if (msg_timeout == MSG_WARN_BY)
397 {
398 (void) sm_snprintf(buf, sizeof(buf),
399 "Warning: Delivery time (%lds) exceeded",
400 e->e_deliver_by);
401 }
402 else
403 (void) sm_snprintf(buf, sizeof(buf),
404 "Warning: could not send message for past %s",
405 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
406 false));
407
408 /* don't free, allocated from e_rpool */
409 e->e_message = sm_rpool_strdup_x(e->e_rpool,
410 buf);
411 message(buf);
412 e->e_flags |= EF_WARNING;
413 }
414 if (msg_timeout == MSG_WARN_BY)
415 {
416 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
417 "Warning: Delivery time (%lds) exceeded\n",
418 e->e_deliver_by);
419 }
420 else
421 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
422 "Warning: message still undelivered after %s\n",
423 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
424 false));
425 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
426 "Will keep trying until message is %s old\n",
427 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
428 false));
429 }
430 }
431
432 if (tTd(50, 2))
433 sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
434 failure_return, delay_return, success_return, queueit);
435
436 /*
437 ** If we had some fatal error, but no addresses are marked as
438 ** bad, mark them _all_ as bad.
439 */
440
441 if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
442 {
443 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
444 {
445 if ((QS_IS_OK(q->q_state) ||
446 QS_IS_VERIFIED(q->q_state)) &&
447 bitset(QPINGONFAILURE, q->q_flags))
448 {
449 failure_return = true;
450 q->q_state = QS_BADADDR;
451 }
452 }
453 }
454
455 /*
456 ** Send back return receipts as requested.
457 */
458
459 if (success_return && !failure_return && !delay_return && fulldrop &&
460 !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
461 strcmp(e->e_from.q_paddr, "<>") != 0)
462 {
463 auto ADDRESS *rlist = NULL;
464
465 if (tTd(50, 8))
466 sm_dprintf("dropenvelope(%s): sending return receipt\n",
467 id);
468 e->e_flags |= EF_SENDRECEIPT;
469 (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
470 (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
471 }
472 e->e_flags &= ~EF_SENDRECEIPT;
473
474 /*
475 ** Arrange to send error messages if there are fatal errors.
476 */
477
478 if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
479 {
480 if (tTd(50, 8))
481 sm_dprintf("dropenvelope(%s): saving mail\n", id);
482 panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
483 }
484
485 /*
486 ** Arrange to send warning messages to postmaster as requested.
487 */
488
489 if ((failure_return || pmnotify) &&
490 PostMasterCopy != NULL &&
491 !bitset(EF_RESPONSE, e->e_flags) &&
492 e->e_class >= 0)
493 {
494 auto ADDRESS *rlist = NULL;
495 char pcopy[MAXNAME];
496
497 if (failure_return)
498 {
499 expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
500
501 if (tTd(50, 8))
502 sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
503 id, pcopy);
504 (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
505 }
506 if (pmnotify)
507 (void) sendtolist("postmaster", NULLADDR,
508 &rlist, 0, e);
509 (void) returntosender(e->e_message, rlist,
510 RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
511 }
512
513 /*
514 ** Instantiate or deinstantiate the queue.
515 */
516
517 simpledrop:
518 if (tTd(50, 8))
519 sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
520 id, queueit);
521 if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
522 {
523 if (tTd(50, 1))
524 {
525 sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
526 e->e_id, queueit);
527 printenvflags(e);
528 }
529 if (!panic)
530 {
531 if (e->e_dfp != NULL)
532 {
533 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
534 e->e_dfp = NULL;
535 }
536 (void) xunlink(queuename(e, DATAFL_LETTER));
537 }
538 if (panic && QueueMode == QM_LOST)
539 {
540 /*
541 ** leave the Qf file behind as
542 ** the delivery attempt failed.
543 */
544
545 /* EMPTY */
546 }
547 else
548 if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
549 {
550 /* add to available space in filesystem */
551 updfs(e, -1, panic ? 0 : -1, "dropenvelope");
552 }
553
554 if (e->e_ntries > 0 && LogLevel > 9)
555 sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
556 pintvl(curtime() - e->e_ctime, true),
557 e->e_ntries);
558 }
559 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
560 {
561 if (!split)
562 queueup(e, false, true);
563 else
564 {
565 ENVELOPE *oldsib;
566 ENVELOPE *ee;
567
568 /*
569 ** Save old sibling and set it to NULL to avoid
570 ** queueing up the same envelopes again.
571 ** This requires that envelopes in that list have
572 ** been take care of before (or at some other place).
573 */
574
575 oldsib = e->e_sibling;
576 e->e_sibling = NULL;
577 if (!split_by_recipient(e) &&
578 bitset(EF_FATALERRS, e->e_flags))
579 {
580 syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
581 e->e_id, queuename(e, DATAFL_LETTER),
582 (int) geteuid());
583 }
584 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
585 queueup(ee, false, true);
586 queueup(e, false, true);
587
588 /* clean up */
589 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
590 {
591 /* now unlock the job */
592 if (tTd(50, 8))
593 sm_dprintf("dropenvelope(%s): unlocking job\n",
594 ee->e_id);
595 closexscript(ee);
596 unlockqueue(ee);
597
598 /* this envelope is marked unused */
599 if (ee->e_dfp != NULL)
600 {
601 (void) sm_io_close(ee->e_dfp,
602 SM_TIME_DEFAULT);
603 ee->e_dfp = NULL;
604 }
605 ee->e_id = NULL;
606 ee->e_flags &= ~EF_HAS_DF;
607 }
608 e->e_sibling = oldsib;
609 }
610 }
611
612 /* now unlock the job */
613 if (tTd(50, 8))
614 sm_dprintf("dropenvelope(%s): unlocking job\n", id);
615 closexscript(e);
616 unlockqueue(e);
617
618 /* make sure that this envelope is marked unused */
619 if (e->e_dfp != NULL)
620 {
621 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
622 e->e_dfp = NULL;
623 }
624 e->e_id = NULL;
625 e->e_flags &= ~EF_HAS_DF;
626 if (panic)
627 return EX_IOERR;
628 return EX_OK;
629 }
630
631 /*
632 ** CLEARENVELOPE -- clear an envelope without unlocking
633 **
634 ** This is normally used by a child process to get a clean
635 ** envelope without disturbing the parent.
636 **
637 ** Parameters:
638 ** e -- the envelope to clear.
639 ** fullclear - if set, the current envelope is total
640 ** garbage and should be ignored; otherwise,
641 ** release any resources it may indicate.
642 ** rpool -- either NULL, or a pointer to a resource pool
643 ** from which envelope memory is allocated, and
644 ** to which envelope resources are attached.
645 **
646 ** Returns:
647 ** none.
648 **
649 ** Side Effects:
650 ** Closes files associated with the envelope.
651 ** Marks the envelope as unallocated.
652 */
653
654 void
clearenvelope(e,fullclear,rpool)655 clearenvelope(e, fullclear, rpool)
656 register ENVELOPE *e;
657 bool fullclear;
658 SM_RPOOL_T *rpool;
659 {
660 register HDR *bh;
661 register HDR **nhp;
662 extern ENVELOPE BlankEnvelope;
663 char **p;
664
665 if (!fullclear)
666 {
667 /* clear out any file information */
668 if (e->e_xfp != NULL)
669 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
670 if (e->e_dfp != NULL)
671 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
672 e->e_xfp = e->e_dfp = NULL;
673 }
674
675 /*
676 ** Copy BlankEnvelope into *e.
677 ** It is not safe to simply copy pointers to strings;
678 ** the strings themselves must be copied (or set to NULL).
679 ** The problem is that when we assign a new string value to
680 ** a member of BlankEnvelope, we free the old string.
681 ** We did not need to do this copying in sendmail 8.11 :-(
682 ** and it is a potential performance hit. Reference counted
683 ** strings are one way out.
684 */
685
686 *e = BlankEnvelope;
687 e->e_message = NULL;
688 e->e_qfletter = '\0';
689 e->e_quarmsg = NULL;
690 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
691
692 /*
693 ** Copy the macro table.
694 ** We might be able to avoid this by zeroing the macro table
695 ** and always searching BlankEnvelope.e_macro after e->e_macro
696 ** in macvalue().
697 */
698
699 for (p = &e->e_macro.mac_table[0];
700 p <= &e->e_macro.mac_table[MAXMACROID];
701 ++p)
702 {
703 if (*p != NULL)
704 *p = sm_rpool_strdup_x(rpool, *p);
705 }
706
707 /*
708 ** XXX There are many strings in the envelope structure
709 ** XXX that we are not attempting to copy here.
710 ** XXX Investigate this further.
711 */
712
713 e->e_rpool = rpool;
714 e->e_macro.mac_rpool = rpool;
715 if (Verbose)
716 set_delivery_mode(SM_DELIVER, e);
717 bh = BlankEnvelope.e_header;
718 nhp = &e->e_header;
719 while (bh != NULL)
720 {
721 *nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
722 memmove((char *) *nhp, (char *) bh, sizeof(*bh));
723 bh = bh->h_link;
724 nhp = &(*nhp)->h_link;
725 }
726 #if _FFR_MILTER_ENHSC
727 e->e_enhsc[0] = '\0';
728 #endif /* _FFR_MILTER_ENHSC */
729 }
730 /*
731 ** INITSYS -- initialize instantiation of system
732 **
733 ** In Daemon mode, this is done in the child.
734 **
735 ** Parameters:
736 ** e -- the envelope to use.
737 **
738 ** Returns:
739 ** none.
740 **
741 ** Side Effects:
742 ** Initializes the system macros, some global variables,
743 ** etc. In particular, the current time in various
744 ** forms is set.
745 */
746
747 void
initsys(e)748 initsys(e)
749 register ENVELOPE *e;
750 {
751 char buf[10];
752 #ifdef TTYNAME
753 static char ybuf[60]; /* holds tty id */
754 register char *p;
755 extern char *ttyname();
756 #endif /* TTYNAME */
757
758 /*
759 ** Give this envelope a reality.
760 ** I.e., an id, a transcript, and a creation time.
761 ** We don't select the queue until all of the recipients are known.
762 */
763
764 openxscript(e);
765 e->e_ctime = curtime();
766 e->e_qfletter = '\0';
767
768 /*
769 ** Set OutChannel to something useful if stdout isn't it.
770 ** This arranges that any extra stuff the mailer produces
771 ** gets sent back to the user on error (because it is
772 ** tucked away in the transcript).
773 */
774
775 if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
776 e->e_xfp != NULL)
777 OutChannel = e->e_xfp;
778
779 /*
780 ** Set up some basic system macros.
781 */
782
783 /* process id */
784 (void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
785 macdefine(&e->e_macro, A_TEMP, 'p', buf);
786
787 /* hop count */
788 (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
789 macdefine(&e->e_macro, A_TEMP, 'c', buf);
790
791 /* time as integer, unix time, arpa time */
792 settime(e);
793
794 /* Load average */
795 sm_getla();
796
797 #ifdef TTYNAME
798 /* tty name */
799 if (macvalue('y', e) == NULL)
800 {
801 p = ttyname(2);
802 if (p != NULL)
803 {
804 if (strrchr(p, '/') != NULL)
805 p = strrchr(p, '/') + 1;
806 (void) sm_strlcpy(ybuf, sizeof(ybuf), p);
807 macdefine(&e->e_macro, A_PERM, 'y', ybuf);
808 }
809 }
810 #endif /* TTYNAME */
811 }
812 /*
813 ** SETTIME -- set the current time.
814 **
815 ** Parameters:
816 ** e -- the envelope in which the macros should be set.
817 **
818 ** Returns:
819 ** none.
820 **
821 ** Side Effects:
822 ** Sets the various time macros -- $a, $b, $d, $t.
823 */
824
825 void
settime(e)826 settime(e)
827 register ENVELOPE *e;
828 {
829 register char *p;
830 auto time_t now;
831 char buf[30];
832 register struct tm *tm;
833
834 now = curtime();
835 (void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
836 macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
837 tm = gmtime(&now);
838 (void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
839 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
840 tm->tm_hour, tm->tm_min);
841 macdefine(&e->e_macro, A_TEMP, 't', buf);
842 (void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
843 p = strchr(buf, '\n');
844 if (p != NULL)
845 *p = '\0';
846 macdefine(&e->e_macro, A_TEMP, 'd', buf);
847 macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
848 if (macvalue('a', e) == NULL)
849 macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
850 }
851 /*
852 ** OPENXSCRIPT -- Open transcript file
853 **
854 ** Creates a transcript file for possible eventual mailing or
855 ** sending back.
856 **
857 ** Parameters:
858 ** e -- the envelope to create the transcript in/for.
859 **
860 ** Returns:
861 ** none
862 **
863 ** Side Effects:
864 ** Creates the transcript file.
865 */
866
867 #ifndef O_APPEND
868 # define O_APPEND 0
869 #endif /* ! O_APPEND */
870
871 void
openxscript(e)872 openxscript(e)
873 register ENVELOPE *e;
874 {
875 register char *p;
876
877 if (e->e_xfp != NULL)
878 return;
879
880 #if 0
881 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
882 syserr("openxscript: job not locked");
883 #endif /* 0 */
884
885 p = queuename(e, XSCRPT_LETTER);
886 e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
887 SFF_NOTEXCL|SFF_OPENASROOT);
888
889 if (e->e_xfp == NULL)
890 {
891 syserr("Can't create transcript file %s", p);
892 e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
893 SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
894 if (e->e_xfp == NULL)
895 syserr("!Can't open %s", SM_PATH_DEVNULL);
896 }
897 (void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
898 if (tTd(46, 9))
899 {
900 sm_dprintf("openxscript(%s):\n ", p);
901 dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
902 false);
903 }
904 }
905 /*
906 ** CLOSEXSCRIPT -- close the transcript file.
907 **
908 ** Parameters:
909 ** e -- the envelope containing the transcript to close.
910 **
911 ** Returns:
912 ** none.
913 **
914 ** Side Effects:
915 ** none.
916 */
917
918 void
closexscript(e)919 closexscript(e)
920 register ENVELOPE *e;
921 {
922 if (e->e_xfp == NULL)
923 return;
924 #if 0
925 if (e->e_lockfp == NULL)
926 syserr("closexscript: job not locked");
927 #endif /* 0 */
928 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
929 e->e_xfp = NULL;
930 }
931 /*
932 ** SETSENDER -- set the person who this message is from
933 **
934 ** Under certain circumstances allow the user to say who
935 ** they are (using -f or -r). These are:
936 ** 1. The user's uid is zero (root).
937 ** 2. The user's login name is in an approved list (typically
938 ** from a network server).
939 ** 3. The address the user is trying to claim has a
940 ** "!" character in it (since #2 doesn't do it for
941 ** us if we are dialing out for UUCP).
942 ** A better check to replace #3 would be if the
943 ** effective uid is "UUCP" -- this would require me
944 ** to rewrite getpwent to "grab" uucp as it went by,
945 ** make getname more nasty, do another passwd file
946 ** scan, or compile the UID of "UUCP" into the code,
947 ** all of which are reprehensible.
948 **
949 ** Assuming all of these fail, we figure out something
950 ** ourselves.
951 **
952 ** Parameters:
953 ** from -- the person we would like to believe this message
954 ** is from, as specified on the command line.
955 ** e -- the envelope in which we would like the sender set.
956 ** delimptr -- if non-NULL, set to the location of the
957 ** trailing delimiter.
958 ** delimchar -- the character that will delimit the sender
959 ** address.
960 ** internal -- set if this address is coming from an internal
961 ** source such as an owner alias.
962 **
963 ** Returns:
964 ** none.
965 **
966 ** Side Effects:
967 ** sets sendmail's notion of who the from person is.
968 */
969
970 void
setsender(from,e,delimptr,delimchar,internal)971 setsender(from, e, delimptr, delimchar, internal)
972 char *from;
973 register ENVELOPE *e;
974 char **delimptr;
975 int delimchar;
976 bool internal;
977 {
978 register char **pvp;
979 char *realname = NULL;
980 char *bp;
981 char buf[MAXNAME + 2];
982 char pvpbuf[PSBUFSIZE];
983 extern char *FullName;
984
985 if (tTd(45, 1))
986 sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
987
988 /* may be set from earlier calls */
989 macdefine(&e->e_macro, A_PERM, 'x', "");
990
991 /*
992 ** Figure out the real user executing us.
993 ** Username can return errno != 0 on non-errors.
994 */
995
996 if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
997 OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
998 realname = from;
999 if (realname == NULL || realname[0] == '\0')
1000 realname = username();
1001
1002 if (ConfigLevel < 2)
1003 SuprErrs = true;
1004
1005 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1006
1007 /* preset state for then clause in case from == NULL */
1008 e->e_from.q_state = QS_BADADDR;
1009 e->e_from.q_flags = 0;
1010 if (from == NULL ||
1011 parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
1012 delimchar, delimptr, e, false) == NULL ||
1013 QS_IS_BADADDR(e->e_from.q_state) ||
1014 e->e_from.q_mailer == ProgMailer ||
1015 e->e_from.q_mailer == FileMailer ||
1016 e->e_from.q_mailer == InclMailer)
1017 {
1018 /* log garbage addresses for traceback */
1019 if (from != NULL && LogLevel > 2)
1020 {
1021 char *p;
1022 char ebuf[MAXNAME * 2 + 2];
1023
1024 p = macvalue('_', e);
1025 if (p == NULL)
1026 {
1027 char *host = RealHostName;
1028
1029 if (host == NULL)
1030 host = MyHostName;
1031 (void) sm_snprintf(ebuf, sizeof(ebuf),
1032 "%.*s@%.*s", MAXNAME,
1033 realname, MAXNAME, host);
1034 p = ebuf;
1035 }
1036 sm_syslog(LOG_NOTICE, e->e_id,
1037 "setsender: %s: invalid or unparsable, received from %s",
1038 shortenstring(from, 83), p);
1039 }
1040 if (from != NULL)
1041 {
1042 if (!QS_IS_BADADDR(e->e_from.q_state))
1043 {
1044 /* it was a bogus mailer in the from addr */
1045 e->e_status = "5.1.7";
1046 usrerrenh(e->e_status,
1047 "553 Invalid sender address");
1048 }
1049 SuprErrs = true;
1050 }
1051 if (from == realname ||
1052 parseaddr(from = realname,
1053 &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1054 NULL, e, false) == NULL)
1055 {
1056 char nbuf[100];
1057
1058 SuprErrs = true;
1059 expand("\201n", nbuf, sizeof(nbuf), e);
1060 from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1061 if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1062 NULL, e, false) == NULL &&
1063 parseaddr(from = "postmaster", &e->e_from,
1064 RF_COPYALL, ' ', NULL, e, false) == NULL)
1065 syserr("553 5.3.0 setsender: can't even parse postmaster!");
1066 }
1067 }
1068 else
1069 FromFlag = true;
1070 e->e_from.q_state = QS_SENDER;
1071 if (tTd(45, 5))
1072 {
1073 sm_dprintf("setsender: QS_SENDER ");
1074 printaddr(sm_debug_file(), &e->e_from, false);
1075 }
1076 SuprErrs = false;
1077
1078 #if USERDB
1079 if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1080 {
1081 register char *p;
1082
1083 p = udbsender(e->e_from.q_user, e->e_rpool);
1084 if (p != NULL)
1085 from = p;
1086 }
1087 #endif /* USERDB */
1088
1089 if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1090 {
1091 SM_MBDB_T user;
1092
1093 if (!internal)
1094 {
1095 /* if the user already given fullname don't redefine */
1096 if (FullName == NULL)
1097 FullName = macvalue('x', e);
1098 if (FullName != NULL)
1099 {
1100 if (FullName[0] == '\0')
1101 FullName = NULL;
1102 else
1103 FullName = newstr(FullName);
1104 }
1105 }
1106
1107 if (e->e_from.q_user[0] != '\0' &&
1108 sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1109 {
1110 /*
1111 ** Process passwd file entry.
1112 */
1113
1114 /* extract home directory */
1115 if (*user.mbdb_homedir == '\0')
1116 e->e_from.q_home = NULL;
1117 else if (strcmp(user.mbdb_homedir, "/") == 0)
1118 e->e_from.q_home = "";
1119 else
1120 e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1121 user.mbdb_homedir);
1122 macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1123
1124 /* extract user and group id */
1125 if (user.mbdb_uid != SM_NO_UID)
1126 {
1127 e->e_from.q_uid = user.mbdb_uid;
1128 e->e_from.q_gid = user.mbdb_gid;
1129 e->e_from.q_flags |= QGOODUID;
1130 }
1131
1132 /* extract full name from passwd file */
1133 if (FullName == NULL && !internal &&
1134 user.mbdb_fullname[0] != '\0' &&
1135 strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1136 {
1137 FullName = newstr(user.mbdb_fullname);
1138 }
1139 }
1140 else
1141 {
1142 e->e_from.q_home = NULL;
1143 }
1144 if (FullName != NULL && !internal)
1145 macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1146 }
1147 else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1148 {
1149 if (e->e_from.q_home == NULL)
1150 {
1151 e->e_from.q_home = getenv("HOME");
1152 if (e->e_from.q_home != NULL)
1153 {
1154 if (*e->e_from.q_home == '\0')
1155 e->e_from.q_home = NULL;
1156 else if (strcmp(e->e_from.q_home, "/") == 0)
1157 e->e_from.q_home++;
1158 }
1159 }
1160 e->e_from.q_uid = RealUid;
1161 e->e_from.q_gid = RealGid;
1162 e->e_from.q_flags |= QGOODUID;
1163 }
1164
1165 /*
1166 ** Rewrite the from person to dispose of possible implicit
1167 ** links in the net.
1168 */
1169
1170 pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
1171 IntTokenTab, false);
1172 if (pvp == NULL)
1173 {
1174 /* don't need to give error -- prescan did that already */
1175 if (LogLevel > 2)
1176 sm_syslog(LOG_NOTICE, e->e_id,
1177 "cannot prescan from (%s)",
1178 shortenstring(from, MAXSHORTSTR));
1179 finis(true, true, ExitStat);
1180 }
1181 (void) REWRITE(pvp, 3, e);
1182 (void) REWRITE(pvp, 1, e);
1183 (void) REWRITE(pvp, 4, e);
1184 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1185 bp = buf + 1;
1186 cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
1187 if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1188 {
1189 /* heuristic: route-addr: add angle brackets */
1190 (void) sm_strlcat(bp, ">", sizeof(buf) - 1);
1191 *--bp = '<';
1192 }
1193 e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1194 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1195
1196 /* save the domain spec if this mailer wants it */
1197 if (e->e_from.q_mailer != NULL &&
1198 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1199 {
1200 char **lastat;
1201
1202 /* get rid of any pesky angle brackets */
1203 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1204 (void) REWRITE(pvp, 3, e);
1205 (void) REWRITE(pvp, 1, e);
1206 (void) REWRITE(pvp, 4, e);
1207 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1208
1209 /* strip off to the last "@" sign */
1210 for (lastat = NULL; *pvp != NULL; pvp++)
1211 {
1212 if (strcmp(*pvp, "@") == 0)
1213 lastat = pvp;
1214 }
1215 if (lastat != NULL)
1216 {
1217 e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1218 if (tTd(45, 3))
1219 {
1220 sm_dprintf("Saving from domain: ");
1221 printav(sm_debug_file(), e->e_fromdomain);
1222 }
1223 }
1224 }
1225 }
1226 /*
1227 ** PRINTENVFLAGS -- print envelope flags for debugging
1228 **
1229 ** Parameters:
1230 ** e -- the envelope with the flags to be printed.
1231 **
1232 ** Returns:
1233 ** none.
1234 */
1235
1236 struct eflags
1237 {
1238 char *ef_name;
1239 unsigned long ef_bit;
1240 };
1241
1242 static struct eflags EnvelopeFlags[] =
1243 {
1244 { "OLDSTYLE", EF_OLDSTYLE },
1245 { "INQUEUE", EF_INQUEUE },
1246 { "NO_BODY_RETN", EF_NO_BODY_RETN },
1247 { "CLRQUEUE", EF_CLRQUEUE },
1248 { "SENDRECEIPT", EF_SENDRECEIPT },
1249 { "FATALERRS", EF_FATALERRS },
1250 { "DELETE_BCC", EF_DELETE_BCC },
1251 { "RESPONSE", EF_RESPONSE },
1252 { "RESENT", EF_RESENT },
1253 { "VRFYONLY", EF_VRFYONLY },
1254 { "WARNING", EF_WARNING },
1255 { "QUEUERUN", EF_QUEUERUN },
1256 { "GLOBALERRS", EF_GLOBALERRS },
1257 { "PM_NOTIFY", EF_PM_NOTIFY },
1258 { "METOO", EF_METOO },
1259 { "LOGSENDER", EF_LOGSENDER },
1260 { "NORECEIPT", EF_NORECEIPT },
1261 { "HAS8BIT", EF_HAS8BIT },
1262 { "NL_NOT_EOL", EF_NL_NOT_EOL },
1263 { "CRLF_NOT_EOL", EF_CRLF_NOT_EOL },
1264 { "RET_PARAM", EF_RET_PARAM },
1265 { "HAS_DF", EF_HAS_DF },
1266 { "IS_MIME", EF_IS_MIME },
1267 { "DONT_MIME", EF_DONT_MIME },
1268 { "DISCARD", EF_DISCARD },
1269 { "TOOBIG", EF_TOOBIG },
1270 { "SPLIT", EF_SPLIT },
1271 { "UNSAFE", EF_UNSAFE },
1272 { NULL, 0 }
1273 };
1274
1275 void
printenvflags(e)1276 printenvflags(e)
1277 register ENVELOPE *e;
1278 {
1279 register struct eflags *ef;
1280 bool first = true;
1281
1282 sm_dprintf("%lx", e->e_flags);
1283 for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1284 {
1285 if (!bitset(ef->ef_bit, e->e_flags))
1286 continue;
1287 if (first)
1288 sm_dprintf("<%s", ef->ef_name);
1289 else
1290 sm_dprintf(",%s", ef->ef_name);
1291 first = false;
1292 }
1293 if (!first)
1294 sm_dprintf(">\n");
1295 }
1296