xref: /freebsd/contrib/sendmail/mail.local/mail.local.c (revision 6780ab54325a71e7e70112b11657973edde8655e)
1 /*
2  * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1990, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * By using this file, you agree to the terms and conditions set
8  * forth in the LICENSE file which can be found at the top level of
9  * the sendmail distribution.
10  *
11  * $FreeBSD$
12  *
13  */
14 
15 #include <sm/gen.h>
16 
17 SM_IDSTR(copyright,
18 "@(#) Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.\n\
19 	All rights reserved.\n\
20      Copyright (c) 1990, 1993, 1994\n\
21 	The Regents of the University of California.  All rights reserved.\n")
22 
23 SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239 2002/05/24 20:56:32 gshapiro Exp $")
24 
25 #include <stdlib.h>
26 #include <sm/errstring.h>
27 #include <sm/io.h>
28 #include <sm/limits.h>
29 # include <unistd.h>
30 # ifdef EX_OK
31 #  undef EX_OK		/* unistd.h may have another use for this */
32 # endif /* EX_OK */
33 #include <sm/mbdb.h>
34 #include <sm/sysexits.h>
35 
36 /*
37 **  This is not intended to work on System V derived systems
38 **  such as Solaris or HP-UX, since they use a totally different
39 **  approach to mailboxes (essentially, they have a set-group-ID program
40 **  rather than set-user-ID, and they rely on the ability to "give away"
41 **  files to do their work).  IT IS NOT A BUG that this doesn't
42 **  work on such architectures.
43 */
44 
45 
46 #include <stdio.h>
47 #include <errno.h>
48 #include <fcntl.h>
49 #include <sys/types.h>
50 #include <sys/stat.h>
51 #include <time.h>
52 #include <stdlib.h>
53 # include <sys/socket.h>
54 # include <sys/file.h>
55 # include <netinet/in.h>
56 # include <arpa/nameser.h>
57 # include <netdb.h>
58 # include <pwd.h>
59 
60 #include <sm/string.h>
61 #include <syslog.h>
62 #include <ctype.h>
63 
64 #include <sm/conf.h>
65 #include <sendmail/pathnames.h>
66 
67 
68 /* additional mode for open() */
69 # define EXTRA_MODE 0
70 
71 
72 #ifndef LOCKTO_RM
73 # define LOCKTO_RM	300	/* timeout for stale lockfile removal */
74 #endif /* ! LOCKTO_RM */
75 #ifndef LOCKTO_GLOB
76 # define LOCKTO_GLOB	400	/* global timeout for lockfile creation */
77 #endif /* ! LOCKTO_GLOB */
78 
79 /* define a realloc() which works for NULL pointers */
80 #define REALLOC(ptr, size)	(((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
81 
82 /*
83 **  If you don't have flock, you could try using lockf instead.
84 */
85 
86 #ifdef LDA_USE_LOCKF
87 # define flock(a, b)	lockf(a, b, 0)
88 # ifdef LOCK_EX
89 #  undef LOCK_EX
90 # endif /* LOCK_EX */
91 # define LOCK_EX	F_LOCK
92 #endif /* LDA_USE_LOCKF */
93 
94 #ifndef LOCK_EX
95 # include <sys/file.h>
96 #endif /* ! LOCK_EX */
97 
98 /*
99 **  If you don't have setreuid, and you have saved uids, and you have
100 **  a seteuid() call that doesn't try to emulate using setuid(), then
101 **  you can try defining LDA_USE_SETEUID.
102 */
103 
104 #ifdef LDA_USE_SETEUID
105 # define setreuid(r, e)		seteuid(e)
106 #endif /* LDA_USE_SETEUID */
107 
108 #ifdef LDA_CONTENTLENGTH
109 # define CONTENTLENGTH	1
110 #endif /* LDA_CONTENTLENGTH */
111 
112 #ifndef INADDRSZ
113 # define INADDRSZ	4		/* size of an IPv4 address in bytes */
114 #endif /* ! INADDRSZ */
115 
116 #ifdef MAILLOCK
117 # include <maillock.h>
118 #endif /* MAILLOCK */
119 
120 #ifndef MAILER_DAEMON
121 # define MAILER_DAEMON	"MAILER-DAEMON"
122 #endif /* ! MAILER_DAEMON */
123 
124 #ifdef CONTENTLENGTH
125 char	ContentHdr[40] = "Content-Length: ";
126 off_t	HeaderLength;
127 off_t	BodyLength;
128 #endif /* CONTENTLENGTH */
129 
130 bool	EightBitMime = true;		/* advertise 8BITMIME in LMTP */
131 char	ErrBuf[10240];			/* error buffer */
132 int	ExitVal = EX_OK;		/* sysexits.h error value. */
133 bool	nobiff = false;
134 bool	nofsync = false;
135 bool	HoldErrs = false;		/* Hold errors in ErrBuf */
136 bool	LMTPMode = false;
137 bool	BounceQuota = false;		/* permanent error when over quota */
138 char	*HomeMailFile = NULL;		/* store mail in homedir */
139 
140 void	deliver __P((int, char *));
141 int	e_to_sys __P((int));
142 void	notifybiff __P((char *));
143 int	store __P((char *, bool *));
144 void	usage __P((void));
145 int	lockmbox __P((char *));
146 void	unlockmbox __P((void));
147 void	mailerr __P((const char *, const char *, ...));
148 void	flush_error __P((void));
149 
150 
151 int
152 main(argc, argv)
153 	int argc;
154 	char *argv[];
155 {
156 	struct passwd *pw;
157 	int ch, fd;
158 	uid_t uid;
159 	char *from;
160 	char *mbdbname = "pw";
161 	int err;
162 	extern char *optarg;
163 	extern int optind;
164 
165 
166 	/* make sure we have some open file descriptors */
167 	for (fd = 10; fd < 30; fd++)
168 		(void) close(fd);
169 
170 	/* use a reasonable umask */
171 	(void) umask(0077);
172 
173 # ifdef LOG_MAIL
174 	openlog("mail.local", 0, LOG_MAIL);
175 # else /* LOG_MAIL */
176 	openlog("mail.local", 0);
177 # endif /* LOG_MAIL */
178 
179 	from = NULL;
180 	while ((ch = getopt(argc, argv, "7BbdD:f:h:r:ls")) != -1)
181 	{
182 		switch(ch)
183 		{
184 		  case '7':		/* Do not advertise 8BITMIME */
185 			EightBitMime = false;
186 			break;
187 
188 		  case 'B':
189 			nobiff = true;
190 			break;
191 
192 		  case 'b':		/* bounce mail when over quota. */
193 			BounceQuota = true;
194 			break;
195 
196 		  case 'd':		/* Backward compatible. */
197 			break;
198 
199 		  case 'D':		/* mailbox database type */
200 			mbdbname = optarg;
201 			break;
202 
203 		  case 'f':
204 		  case 'r':		/* Backward compatible. */
205 			if (from != NULL)
206 			{
207 				mailerr(NULL, "Multiple -f options");
208 				usage();
209 			}
210 			from = optarg;
211 			break;
212 
213 		  case 'h':
214 			if (optarg != NULL || *optarg != '\0')
215 				HomeMailFile = optarg;
216 			else
217 			{
218 				mailerr(NULL, "-h: missing filename");
219 				usage();
220 			}
221 			break;
222 
223 		  case 'l':
224 			LMTPMode = true;
225 			break;
226 
227 		  case 's':
228 			nofsync++;
229 			break;
230 
231 		  case '?':
232 		  default:
233 			usage();
234 		}
235 	}
236 	argc -= optind;
237 	argv += optind;
238 
239 	/* initialize biff structures */
240 	if (!nobiff)
241 		notifybiff(NULL);
242 
243 	err = sm_mbdb_initialize(mbdbname);
244 	if (err != EX_OK)
245 	{
246 		char *errcode = "521";
247 
248 		if (err == EX_TEMPFAIL)
249 			errcode = "421";
250 
251 		mailerr(errcode, "Can not open mailbox database %s: %s",
252 			mbdbname, sm_strexit(err));
253 		exit(err);
254 	}
255 
256 	if (LMTPMode)
257 	{
258 		extern void dolmtp __P((void));
259 
260 		if (argc > 0)
261 		{
262 			mailerr("421", "Users should not be specified in command line if LMTP required");
263 			exit(EX_TEMPFAIL);
264 		}
265 
266 		dolmtp();
267 		/* NOTREACHED */
268 		exit(EX_OK);
269 	}
270 
271 	/* Non-LMTP from here on out */
272 	if (*argv == '\0')
273 		usage();
274 
275 	/*
276 	**  If from not specified, use the name from getlogin() if the
277 	**  uid matches, otherwise, use the name from the password file
278 	**  corresponding to the uid.
279 	*/
280 
281 	uid = getuid();
282 	if (from == NULL && ((from = getlogin()) == NULL ||
283 			     (pw = getpwnam(from)) == NULL ||
284 			     pw->pw_uid != uid))
285 		from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
286 
287 	/*
288 	**  There is no way to distinguish the error status of one delivery
289 	**  from the rest of the deliveries.  So, if we failed hard on one
290 	**  or more deliveries, but had no failures on any of the others, we
291 	**  return a hard failure.  If we failed temporarily on one or more
292 	**  deliveries, we return a temporary failure regardless of the other
293 	**  failures.  This results in the delivery being reattempted later
294 	**  at the expense of repeated failures and multiple deliveries.
295 	*/
296 
297 	HoldErrs = true;
298 	fd = store(from, NULL);
299 	HoldErrs = false;
300 	if (fd < 0)
301 	{
302 		flush_error();
303 		exit(ExitVal);
304 	}
305 	for (; *argv != NULL; ++argv)
306 		deliver(fd, *argv);
307 	exit(ExitVal);
308 	/* NOTREACHED */
309 	return ExitVal;
310 }
311 
312 char *
313 parseaddr(s, rcpt)
314 	char *s;
315 	bool rcpt;
316 {
317 	char *p;
318 	int l;
319 
320 	if (*s++ != '<')
321 		return NULL;
322 
323 	p = s;
324 
325 	/* at-domain-list */
326 	while (*p == '@')
327 	{
328 		p++;
329 		while (*p != ',' && *p != ':' && *p != '\0')
330 			p++;
331 		if (*p == '\0')
332 			return NULL;
333 
334 		/* Skip over , or : */
335 		p++;
336 	}
337 
338 	s = p;
339 
340 	/* local-part */
341 	while (*p != '\0' && *p != '@' && *p != '>')
342 	{
343 		if (*p == '\\')
344 		{
345 			if (*++p == '\0')
346 				return NULL;
347 		}
348 		else if (*p == '\"')
349 		{
350 			p++;
351 			while (*p != '\0' && *p != '\"')
352 			{
353 				if (*p == '\\')
354 				{
355 					if (*++p == '\0')
356 						return NULL;
357 				}
358 				p++;
359 			}
360 			if (*p == '\0' || *(p + 1) == '\0')
361 				return NULL;
362 		}
363 		/* +detail ? */
364 		if (*p == '+' && rcpt)
365 			*p = '\0';
366 		p++;
367 	}
368 
369 	/* @domain */
370 	if (*p == '@')
371 	{
372 		if (rcpt)
373 			*p++ = '\0';
374 		while (*p != '\0' && *p != '>')
375 			p++;
376 	}
377 
378 	if (*p != '>')
379 		return NULL;
380 	else
381 		*p = '\0';
382 	p++;
383 
384 	if (*p != '\0' && *p != ' ')
385 		return NULL;
386 
387 	if (*s == '\0')
388 		s = MAILER_DAEMON;
389 
390 	l = strlen(s) + 1;
391 	if (l < 0)
392 		return NULL;
393 	p = malloc(l);
394 	if (p == NULL)
395 	{
396 		mailerr("421 4.3.0", "Memory exhausted");
397 		exit(EX_TEMPFAIL);
398 	}
399 
400 	(void) sm_strlcpy(p, s, l);
401 	return p;
402 }
403 
404 char *
405 process_recipient(addr)
406 	char *addr;
407 {
408 	SM_MBDB_T user;
409 
410 	switch (sm_mbdb_lookup(addr, &user))
411 	{
412 	  case EX_OK:
413 		return NULL;
414 
415 	  case EX_NOUSER:
416 		return "550 5.1.1 User unknown";
417 
418 	  case EX_TEMPFAIL:
419 		return "451 4.3.0 User database failure; retry later";
420 
421 	  default:
422 		return "550 5.3.0 User database failure";
423 	}
424 }
425 
426 #define RCPT_GROW	30
427 
428 void
429 dolmtp()
430 {
431 	char *return_path = NULL;
432 	char **rcpt_addr = NULL;
433 	int rcpt_num = 0;
434 	int rcpt_alloc = 0;
435 	bool gotlhlo = false;
436 	char *err;
437 	int msgfd;
438 	char *p;
439 	int i;
440 	char myhostname[1024];
441 	char buf[4096];
442 
443 	memset(myhostname, '\0', sizeof myhostname);
444 	(void) gethostname(myhostname, sizeof myhostname - 1);
445 	if (myhostname[0] == '\0')
446 		sm_strlcpy(myhostname, "localhost", sizeof myhostname);
447 
448 	printf("220 %s LMTP ready\r\n", myhostname);
449 	for (;;)
450 	{
451 		(void) fflush(stdout);
452 		if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
453 			exit(EX_OK);
454 		p = buf + strlen(buf) - 1;
455 		if (p >= buf && *p == '\n')
456 			*p-- = '\0';
457 		if (p >= buf && *p == '\r')
458 			*p-- = '\0';
459 
460 		switch (buf[0])
461 		{
462 		  case 'd':
463 		  case 'D':
464 			if (sm_strcasecmp(buf, "data") == 0)
465 			{
466 				bool inbody = false;
467 
468 				if (rcpt_num == 0)
469 				{
470 					mailerr("503 5.5.1", "No recipients");
471 					continue;
472 				}
473 				HoldErrs = true;
474 				msgfd = store(return_path, &inbody);
475 				HoldErrs = false;
476 				if (msgfd < 0 && !inbody)
477 				{
478 					flush_error();
479 					continue;
480 				}
481 
482 				for (i = 0; i < rcpt_num; i++)
483 				{
484 					if (msgfd < 0)
485 					{
486 						/* print error for rcpt */
487 						flush_error();
488 						continue;
489 					}
490 					p = strchr(rcpt_addr[i], '+');
491 					if (p != NULL)
492 						*p = '\0';
493 					deliver(msgfd, rcpt_addr[i]);
494 				}
495 				if (msgfd >= 0)
496 					(void) close(msgfd);
497 				goto rset;
498 			}
499 			goto syntaxerr;
500 			/* NOTREACHED */
501 			break;
502 
503 		  case 'l':
504 		  case 'L':
505 			if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
506 			{
507 				/* check for duplicate per RFC 1651 4.2 */
508 				if (gotlhlo)
509 				{
510 					mailerr("503", "%s Duplicate LHLO",
511 					       myhostname);
512 					continue;
513 				}
514 				gotlhlo = true;
515 				printf("250-%s\r\n", myhostname);
516 				if (EightBitMime)
517 					printf("250-8BITMIME\r\n");
518 				printf("250-ENHANCEDSTATUSCODES\r\n");
519 				printf("250 PIPELINING\r\n");
520 				continue;
521 			}
522 			goto syntaxerr;
523 			/* NOTREACHED */
524 			break;
525 
526 		  case 'm':
527 		  case 'M':
528 			if (sm_strncasecmp(buf, "mail ", 5) == 0)
529 			{
530 				if (return_path != NULL)
531 				{
532 					mailerr("503 5.5.1",
533 						"Nested MAIL command");
534 					continue;
535 				}
536 				if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
537 				    ((return_path = parseaddr(buf + 10,
538 							      false)) == NULL))
539 				{
540 					mailerr("501 5.5.4",
541 						"Syntax error in parameters");
542 					continue;
543 				}
544 				printf("250 2.5.0 Ok\r\n");
545 				continue;
546 			}
547 			goto syntaxerr;
548 			/* NOTREACHED */
549 			break;
550 
551 		  case 'n':
552 		  case 'N':
553 			if (sm_strcasecmp(buf, "noop") == 0)
554 			{
555 				printf("250 2.0.0 Ok\r\n");
556 				continue;
557 			}
558 			goto syntaxerr;
559 			/* NOTREACHED */
560 			break;
561 
562 		  case 'q':
563 		  case 'Q':
564 			if (sm_strcasecmp(buf, "quit") == 0)
565 			{
566 				printf("221 2.0.0 Bye\r\n");
567 				exit(EX_OK);
568 			}
569 			goto syntaxerr;
570 			/* NOTREACHED */
571 			break;
572 
573 		  case 'r':
574 		  case 'R':
575 			if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
576 			{
577 				if (return_path == NULL)
578 				{
579 					mailerr("503 5.5.1",
580 						"Need MAIL command");
581 					continue;
582 				}
583 				if (rcpt_num >= rcpt_alloc)
584 				{
585 					rcpt_alloc += RCPT_GROW;
586 					rcpt_addr = (char **)
587 						REALLOC((char *) rcpt_addr,
588 							rcpt_alloc *
589 							sizeof(char **));
590 					if (rcpt_addr == NULL)
591 					{
592 						mailerr("421 4.3.0",
593 							"Memory exhausted");
594 						exit(EX_TEMPFAIL);
595 					}
596 				}
597 				if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
598 				    ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
599 								      true)) == NULL))
600 				{
601 					mailerr("501 5.5.4",
602 						"Syntax error in parameters");
603 					continue;
604 				}
605 				err = process_recipient(rcpt_addr[rcpt_num]);
606 				if (err != NULL)
607 				{
608 					mailerr(NULL, "%s", err);
609 					continue;
610 				}
611 				rcpt_num++;
612 				printf("250 2.1.5 Ok\r\n");
613 				continue;
614 			}
615 			else if (sm_strcasecmp(buf, "rset") == 0)
616 			{
617 				printf("250 2.0.0 Ok\r\n");
618 
619 rset:
620 				while (rcpt_num > 0)
621 					free(rcpt_addr[--rcpt_num]);
622 				if (return_path != NULL)
623 					free(return_path);
624 				return_path = NULL;
625 				continue;
626 			}
627 			goto syntaxerr;
628 			/* NOTREACHED */
629 			break;
630 
631 		  case 'v':
632 		  case 'V':
633 			if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
634 			{
635 				printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
636 				continue;
637 			}
638 			goto syntaxerr;
639 			/* NOTREACHED */
640 			break;
641 
642 		  default:
643   syntaxerr:
644 			mailerr("500 5.5.2", "Syntax error");
645 			continue;
646 			/* NOTREACHED */
647 			break;
648 		}
649 	}
650 }
651 
652 int
653 store(from, inbody)
654 	char *from;
655 	bool *inbody;
656 {
657 	FILE *fp = NULL;
658 	time_t tval;
659 	bool eline;		/* previous line was empty */
660 	bool fullline = true;	/* current line is terminated */
661 	bool prevfl;		/* previous line was terminated */
662 	char line[2048];
663 	int fd;
664 	char tmpbuf[sizeof _PATH_LOCTMP + 1];
665 
666 	if (inbody != NULL)
667 		*inbody = false;
668 
669 	(void) umask(0077);
670 	(void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
671 	if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
672 	{
673 		mailerr("451 4.3.0", "Unable to open temporary file");
674 		return -1;
675 	}
676 	(void) unlink(tmpbuf);
677 
678 	if (LMTPMode)
679 	{
680 		printf("354 Go ahead\r\n");
681 		(void) fflush(stdout);
682 	}
683 	if (inbody != NULL)
684 		*inbody = true;
685 
686 	(void) time(&tval);
687 	(void) fprintf(fp, "From %s %s", from, ctime(&tval));
688 
689 #ifdef CONTENTLENGTH
690 	HeaderLength = 0;
691 	BodyLength = -1;
692 #endif /* CONTENTLENGTH */
693 
694 	line[0] = '\0';
695 	eline = true;
696 	while (fgets(line, sizeof(line), stdin) != (char *) NULL)
697 	{
698 		size_t line_len = 0;
699 		int peek;
700 
701 		prevfl = fullline;	/* preserve state of previous line */
702 		while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
703 			line_len++;
704 		line_len++;
705 
706 		/* Check for dot-stuffing */
707 		if (prevfl && LMTPMode && line[0] == '.')
708 		{
709 			if (line[1] == '\n' ||
710 			    (line[1] == '\r' && line[2] == '\n'))
711 				goto lmtpdot;
712 			memcpy(line, line + 1, line_len);
713 			line_len--;
714 		}
715 
716 		/* Check to see if we have the full line from fgets() */
717 		fullline = false;
718 		if (line_len > 0)
719 		{
720 			if (line[line_len - 1] == '\n')
721 			{
722 				if (line_len >= 2 &&
723 				    line[line_len - 2] == '\r')
724 				{
725 					line[line_len - 2] = '\n';
726 					line[line_len - 1] = '\0';
727 					line_len--;
728 				}
729 				fullline = true;
730 			}
731 			else if (line[line_len - 1] == '\r')
732 			{
733 				/* Did we just miss the CRLF? */
734 				peek = fgetc(stdin);
735 				if (peek == '\n')
736 				{
737 					line[line_len - 1] = '\n';
738 					fullline = true;
739 				}
740 				else
741 					(void) ungetc(peek, stdin);
742 			}
743 		}
744 		else
745 			fullline = true;
746 
747 #ifdef CONTENTLENGTH
748 		if (prevfl && line[0] == '\n' && HeaderLength == 0)
749 		{
750 			eline = false;
751 			if (fp != NULL)
752 				HeaderLength = ftell(fp);
753 			if (HeaderLength <= 0)
754 			{
755 				/*
756 				**  shouldn't happen, unless ftell() is
757 				**  badly broken
758 				*/
759 
760 				HeaderLength = -1;
761 			}
762 		}
763 #else /* CONTENTLENGTH */
764 		if (prevfl && line[0] == '\n')
765 			eline = true;
766 #endif /* CONTENTLENGTH */
767 		else
768 		{
769 			if (eline && line[0] == 'F' &&
770 			    fp != NULL &&
771 			    !memcmp(line, "From ", 5))
772 				(void) putc('>', fp);
773 			eline = false;
774 #ifdef CONTENTLENGTH
775 			/* discard existing "Content-Length:" headers */
776 			if (prevfl && HeaderLength == 0 &&
777 			    (line[0] == 'C' || line[0] == 'c') &&
778 			    sm_strncasecmp(line, ContentHdr, 15) == 0)
779 			{
780 				/*
781 				**  be paranoid: clear the line
782 				**  so no "wrong matches" may occur later
783 				*/
784 				line[0] = '\0';
785 				continue;
786 			}
787 #endif /* CONTENTLENGTH */
788 
789 		}
790 		if (fp != NULL)
791 		{
792 			(void) fwrite(line, sizeof(char), line_len, fp);
793 			if (ferror(fp))
794 			{
795 				mailerr("451 4.3.0",
796 					"Temporary file write error");
797 				(void) fclose(fp);
798 				fp = NULL;
799 				continue;
800 			}
801 		}
802 	}
803 
804 	/* check if an error occurred */
805 	if (fp == NULL)
806 		return -1;
807 
808 	if (LMTPMode)
809 	{
810 		/* Got a premature EOF -- toss message and exit */
811 		exit(EX_OK);
812 	}
813 
814 	/* If message not newline terminated, need an extra. */
815 	if (fp != NULL && strchr(line, '\n') == NULL)
816 		(void) putc('\n', fp);
817 
818   lmtpdot:
819 
820 #ifdef CONTENTLENGTH
821 	if (fp != NULL)
822 		BodyLength = ftell(fp);
823 	if (HeaderLength == 0 && BodyLength > 0)	/* empty body */
824 	{
825 		HeaderLength = BodyLength;
826 		BodyLength = 0;
827 	}
828 	else
829 		BodyLength = BodyLength - HeaderLength - 1 ;
830 
831 	if (HeaderLength > 0 && BodyLength >= 0)
832 	{
833 		(void) sm_snprintf(line, sizeof line, "%lld\n",
834 				   (LONGLONG_T) BodyLength);
835 		(void) sm_strlcpy(&ContentHdr[16], line,
836 				  sizeof(ContentHdr) - 16);
837 	}
838 	else
839 		BodyLength = -1;	/* Something is wrong here */
840 #endif /* CONTENTLENGTH */
841 
842 	/* Output a newline; note, empty messages are allowed. */
843 	if (fp != NULL)
844 		(void) putc('\n', fp);
845 
846 	if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
847 	{
848 		mailerr("451 4.3.0", "Temporary file write error");
849 		if (fp != NULL)
850 			(void) fclose(fp);
851 		return -1;
852 	}
853 	return fd;
854 }
855 
856 void
857 deliver(fd, name)
858 	int fd;
859 	char *name;
860 {
861 	struct stat fsb;
862 	struct stat sb;
863 	char path[MAXPATHLEN];
864 	int mbfd = -1, nr = 0, nw, off;
865 	int exitval;
866 	char *p;
867 	char *errcode;
868 	off_t curoff;
869 #ifdef CONTENTLENGTH
870 	off_t headerbytes;
871 	int readamount;
872 #endif /* CONTENTLENGTH */
873 	char biffmsg[100], buf[8 * 1024];
874 	SM_MBDB_T user;
875 
876 	/*
877 	**  Disallow delivery to unknown names -- special mailboxes can be
878 	**  handled in the sendmail aliases file.
879 	*/
880 
881 	exitval = sm_mbdb_lookup(name, &user);
882 	switch (exitval)
883 	{
884 	  case EX_OK:
885 		break;
886 
887 	  case EX_NOUSER:
888 		exitval = EX_UNAVAILABLE;
889 		mailerr("550 5.1.1", "%s: User unknown", name);
890 		break;
891 
892 	  case EX_TEMPFAIL:
893 		mailerr("451 4.3.0", "%s: User database failure; retry later",
894 			name);
895 		break;
896 
897 	  default:
898 		exitval = EX_UNAVAILABLE;
899 		mailerr("550 5.3.0", "%s: User database failure", name);
900 		break;
901 	}
902 
903 	if (exitval != EX_OK)
904 	{
905 		if (ExitVal != EX_TEMPFAIL)
906 			ExitVal = exitval;
907 		return;
908 	}
909 
910 	endpwent();
911 
912 	/*
913 	**  Keep name reasonably short to avoid buffer overruns.
914 	**	This isn't necessary on BSD because of the proper
915 	**	definition of snprintf(), but it can cause problems
916 	**	on other systems.
917 	**  Also, clear out any bogus characters.
918 	*/
919 
920 	if (strlen(name) > 40)
921 		name[40] = '\0';
922 	for (p = name; *p != '\0'; p++)
923 	{
924 		if (!isascii(*p))
925 			*p &= 0x7f;
926 		else if (!isprint(*p))
927 			*p = '.';
928 	}
929 
930 
931 	if (HomeMailFile == NULL)
932 	{
933 		if (sm_snprintf(path, sizeof(path), "%s/%s",
934 				_PATH_MAILDIR, name) >= sizeof(path))
935 		{
936 			exitval = EX_UNAVAILABLE;
937 			mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
938 			return;
939 		}
940 	}
941 	else if (*user.mbdb_homedir == '\0')
942 	{
943 		exitval = EX_UNAVAILABLE;
944 		mailerr("550 5.1.1", "%s: User missing home directory", name);
945 		return;
946 	}
947 	else if (sm_snprintf(path, sizeof(path), "%s/%s",
948 			     user.mbdb_homedir, HomeMailFile) >= sizeof(path))
949 	{
950 		exitval = EX_UNAVAILABLE;
951 		mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
952 		return;
953 	}
954 
955 
956 	/*
957 	**  If the mailbox is linked or a symlink, fail.  There's an obvious
958 	**  race here, that the file was replaced with a symbolic link after
959 	**  the lstat returned, but before the open.  We attempt to detect
960 	**  this by comparing the original stat information and information
961 	**  returned by an fstat of the file descriptor returned by the open.
962 	**
963 	**  NB: this is a symptom of a larger problem, that the mail spooling
964 	**  directory is writeable by the wrong users.  If that directory is
965 	**  writeable, system security is compromised for other reasons, and
966 	**  it cannot be fixed here.
967 	**
968 	**  If we created the mailbox, set the owner/group.  If that fails,
969 	**  just return.  Another process may have already opened it, so we
970 	**  can't unlink it.  Historically, binmail set the owner/group at
971 	**  each mail delivery.  We no longer do this, assuming that if the
972 	**  ownership or permissions were changed there was a reason.
973 	**
974 	**  XXX
975 	**  open(2) should support flock'ing the file.
976 	*/
977 
978 tryagain:
979 #ifdef MAILLOCK
980 	p = name;
981 #else /* MAILLOCK */
982 	p = path;
983 #endif /* MAILLOCK */
984 	if ((off = lockmbox(p)) != 0)
985 	{
986 		if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
987 		{
988 			ExitVal = EX_TEMPFAIL;
989 			errcode = "451 4.3.0";
990 		}
991 		else
992 			errcode = "551 5.3.0";
993 
994 		mailerr(errcode, "lockmailbox %s failed; error code %d %s",
995 			p, off, errno > 0 ? sm_errstring(errno) : "");
996 		return;
997 	}
998 
999 	if (lstat(path, &sb) < 0)
1000 	{
1001 		int save_errno;
1002 		int mode = S_IRUSR|S_IWUSR;
1003 		gid_t gid = user.mbdb_gid;
1004 
1005 #ifdef MAILGID
1006 		(void) umask(0007);
1007 		gid = MAILGID;
1008 		mode |= S_IRGRP|S_IWGRP;
1009 #endif /* MAILGID */
1010 
1011 		mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY|EXTRA_MODE,
1012 			    mode);
1013 		save_errno = errno;
1014 
1015 		if (lstat(path, &sb) < 0)
1016 		{
1017 			ExitVal = EX_CANTCREAT;
1018 			mailerr("550 5.2.0",
1019 				"%s: lstat: file changed after open", path);
1020 			goto err1;
1021 		}
1022 		if (mbfd < 0)
1023 		{
1024 			if (save_errno == EEXIST)
1025 				goto tryagain;
1026 
1027 			/* open failed, don't try again */
1028 			mailerr("450 4.2.0", "%s: %s", path,
1029 				sm_errstring(save_errno));
1030 			goto err0;
1031 		}
1032 		else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
1033 		{
1034 			mailerr("451 4.3.0", "chown %u.%u: %s",
1035 				user.mbdb_uid, gid, name);
1036 			goto err1;
1037 		}
1038 		else
1039 		{
1040 			/*
1041 			**  open() was successful, now close it so can
1042 			**  be opened as the right owner again.
1043 			**  Paranoia: reset mbdf since the file descriptor
1044 			**  is no longer valid; better safe than sorry.
1045 			*/
1046 
1047 			sb.st_uid = user.mbdb_uid;
1048 			(void) close(mbfd);
1049 			mbfd = -1;
1050 		}
1051 	}
1052 	else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode))
1053 	{
1054 		mailerr("550 5.2.0", "%s: irregular file", path);
1055 		goto err0;
1056 	}
1057 	else if (sb.st_uid != user.mbdb_uid)
1058 	{
1059 		ExitVal = EX_CANTCREAT;
1060 		mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1061 			path, (int) sb.st_uid);
1062 		goto err0;
1063 	}
1064 
1065 	/* change UID for quota checks */
1066 	if (setreuid(0, user.mbdb_uid) < 0)
1067 	{
1068 		mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1069 			(int) user.mbdb_uid, sm_errstring(errno),
1070 			(int) getuid(), (int) geteuid());
1071 		goto err1;
1072 	}
1073 #ifdef DEBUG
1074 	fprintf(stderr, "new euid = %d\n", (int) geteuid());
1075 #endif /* DEBUG */
1076 	mbfd = open(path, O_APPEND|O_WRONLY|EXTRA_MODE, 0);
1077 	if (mbfd < 0)
1078 	{
1079 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1080 		goto err0;
1081 	}
1082 	else if (fstat(mbfd, &fsb) < 0 ||
1083 		 fsb.st_nlink != 1 ||
1084 		 sb.st_nlink != 1 ||
1085 		 !S_ISREG(fsb.st_mode) ||
1086 		 sb.st_dev != fsb.st_dev ||
1087 		 sb.st_ino != fsb.st_ino ||
1088 # if HAS_ST_GEN && 0		/* AFS returns random values for st_gen */
1089 		 sb.st_gen != fsb.st_gen ||
1090 # endif /* HAS_ST_GEN && 0 */
1091 		 sb.st_uid != fsb.st_uid)
1092 	{
1093 		ExitVal = EX_TEMPFAIL;
1094 		mailerr("550 5.2.0", "%s: fstat: file changed after open",
1095 			path);
1096 		goto err1;
1097 	}
1098 
1099 #if 0
1100 	/*
1101 	**  This code could be reused if we decide to add a
1102 	**  per-user quota field to the sm_mbdb interface.
1103 	*/
1104 
1105 	/*
1106 	**  Fail if the user has a quota specified, and delivery of this
1107 	**  message would exceed that quota.  We bounce such failures using
1108 	**  EX_UNAVAILABLE, unless there were internal problems, since
1109 	**  storing immense messages for later retries can cause queueing
1110 	**  issues.
1111 	*/
1112 
1113 	if (ui.quota > 0)
1114 	{
1115 		struct stat dsb;
1116 
1117 		if (fstat(fd, &dsb) < 0)
1118 		{
1119 			ExitVal = EX_TEMPFAIL;
1120 			mailerr("451 4.3.0",
1121 				"%s: fstat: can't stat temporary storage: %s",
1122 				ui.mailspool, sm_errstring(errno));
1123 			goto err1;
1124 		}
1125 
1126 		if (dsb.st_size + sb.st_size + 1 > ui.quota)
1127 		{
1128 			ExitVal = EX_UNAVAILABLE;
1129 			mailerr("551 5.2.2",
1130 				"%s: Mailbox full or quota exceeded",
1131 				ui.mailspool);
1132 			goto err1;
1133 		}
1134 	}
1135 #endif /* 0 */
1136 
1137 	/* Wait until we can get a lock on the file. */
1138 	if (flock(mbfd, LOCK_EX) < 0)
1139 	{
1140 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1141 		goto err1;
1142 	}
1143 
1144 	if (!nobiff)
1145 	{
1146 		/* Get the starting offset of the new message for biff. */
1147 		curoff = lseek(mbfd, (off_t) 0, SEEK_END);
1148 		(void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
1149 				   name, (LONGLONG_T) curoff);
1150 	}
1151 
1152 	/* Copy the message into the file. */
1153 	if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
1154 	{
1155 		mailerr("450 4.2.0", "Temporary file: %s",
1156 			sm_errstring(errno));
1157 		goto err1;
1158 	}
1159 #ifdef DEBUG
1160 	fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
1161 #endif /* DEBUG */
1162 #ifdef CONTENTLENGTH
1163 	headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
1164 	for (;;)
1165 	{
1166 		if (headerbytes == 0)
1167 		{
1168 			(void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
1169 			nr = strlen(buf);
1170 			headerbytes = -1;
1171 			readamount = 0;
1172 		}
1173 		else if (headerbytes > sizeof(buf) || headerbytes < 0)
1174 			readamount = sizeof(buf);
1175 		else
1176 			readamount = headerbytes;
1177 		if (readamount != 0)
1178 			nr = read(fd, buf, readamount);
1179 		if (nr <= 0)
1180 			break;
1181 		if (headerbytes > 0)
1182 			headerbytes -= nr ;
1183 
1184 #else /* CONTENTLENGTH */
1185 	while ((nr = read(fd, buf, sizeof(buf))) > 0)
1186 	{
1187 #endif /* CONTENTLENGTH */
1188 		for (off = 0; off < nr; off += nw)
1189 		{
1190 			if ((nw = write(mbfd, buf + off, nr - off)) < 0)
1191 			{
1192 				errcode = "450 4.2.0";
1193 #ifdef EDQUOT
1194 				if (errno == EDQUOT && BounceQuota)
1195 					errcode = "552 5.2.2";
1196 #endif /* EDQUOT */
1197 				mailerr(errcode, "%s: %s",
1198 					path, sm_errstring(errno));
1199 				goto err3;
1200 			}
1201 		}
1202 	}
1203 	if (nr < 0)
1204 	{
1205 		mailerr("450 4.2.0", "Temporary file: %s",
1206 			sm_errstring(errno));
1207 		goto err3;
1208 	}
1209 
1210 	/* Flush to disk, don't wait for update. */
1211 	if (!nofsync && fsync(mbfd) < 0)
1212 	{
1213 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1214 err3:
1215 		(void) setreuid(0, 0);
1216 #ifdef DEBUG
1217 		fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1218 #endif /* DEBUG */
1219 		(void) ftruncate(mbfd, curoff);
1220 err1:		if (mbfd >= 0)
1221 			(void) close(mbfd);
1222 err0:		unlockmbox();
1223 		return;
1224 	}
1225 
1226 	/* Close and check -- NFS doesn't write until the close. */
1227 	if (close(mbfd))
1228 	{
1229 		errcode = "450 4.2.0";
1230 #ifdef EDQUOT
1231 		if (errno == EDQUOT && BounceQuota)
1232 			errcode = "552 5.2.2";
1233 #endif /* EDQUOT */
1234 		mailerr(errcode, "%s: %s", path, sm_errstring(errno));
1235 		(void) truncate(path, curoff);
1236 	}
1237 	else if (!nobiff)
1238 		notifybiff(biffmsg);
1239 
1240 	if (setreuid(0, 0) < 0)
1241 	{
1242 		mailerr("450 4.2.0", "setreuid(0, 0): %s",
1243 			sm_errstring(errno));
1244 		goto err0;
1245 	}
1246 #ifdef DEBUG
1247 	fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1248 #endif /* DEBUG */
1249 	unlockmbox();
1250 	if (LMTPMode)
1251 		printf("250 2.1.5 %s Ok\r\n", name);
1252 }
1253 
1254 /*
1255 **  user.lock files are necessary for compatibility with other
1256 **  systems, e.g., when the mail spool file is NFS exported.
1257 **  Alas, mailbox locking is more than just a local matter.
1258 **  EPA 11/94.
1259 */
1260 
1261 bool	Locked = false;
1262 
1263 #ifdef MAILLOCK
1264 int
1265 lockmbox(name)
1266 	char *name;
1267 {
1268 	int r = 0;
1269 
1270 	if (Locked)
1271 		return 0;
1272 	if ((r = maillock(name, 15)) == L_SUCCESS)
1273 	{
1274 		Locked = true;
1275 		return 0;
1276 	}
1277 	switch (r)
1278 	{
1279 	  case L_TMPLOCK:	/* Can't create tmp file */
1280 	  case L_TMPWRITE:	/* Can't write pid into lockfile */
1281 	  case L_MAXTRYS:	/* Failed after retrycnt attempts */
1282 		errno = 0;
1283 		r = EX_TEMPFAIL;
1284 		break;
1285 	  case L_ERROR:		/* Check errno for reason */
1286 		r = errno;
1287 		break;
1288 	  default:		/* other permanent errors */
1289 		errno = 0;
1290 		r = EX_UNAVAILABLE;
1291 		break;
1292 	}
1293 	return r;
1294 }
1295 
1296 void
1297 unlockmbox()
1298 {
1299 	if (Locked)
1300 		mailunlock();
1301 	Locked = false;
1302 }
1303 #else /* MAILLOCK */
1304 
1305 char	LockName[MAXPATHLEN];
1306 
1307 int
1308 lockmbox(path)
1309 	char *path;
1310 {
1311 	int statfailed = 0;
1312 	time_t start;
1313 
1314 	if (Locked)
1315 		return 0;
1316 	if (strlen(path) + 6 > sizeof LockName)
1317 		return EX_SOFTWARE;
1318 	(void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
1319 	(void) time(&start);
1320 	for (; ; sleep(5))
1321 	{
1322 		int fd;
1323 		struct stat st;
1324 		time_t now;
1325 
1326 		/* global timeout */
1327 		(void) time(&now);
1328 		if (now > start + LOCKTO_GLOB)
1329 		{
1330 			errno = 0;
1331 			return EX_TEMPFAIL;
1332 		}
1333 		fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, 0);
1334 		if (fd >= 0)
1335 		{
1336 			/* defeat lock checking programs which test pid */
1337 			(void) write(fd, "0", 2);
1338 			Locked = true;
1339 			(void) close(fd);
1340 			return 0;
1341 		}
1342 		if (stat(LockName, &st) < 0)
1343 		{
1344 			if (statfailed++ > 5)
1345 			{
1346 				errno = 0;
1347 				return EX_TEMPFAIL;
1348 			}
1349 			continue;
1350 		}
1351 		statfailed = 0;
1352 		(void) time(&now);
1353 		if (now < st.st_ctime + LOCKTO_RM)
1354 			continue;
1355 
1356 		/* try to remove stale lockfile */
1357 		if (unlink(LockName) < 0)
1358 			return errno;
1359 	}
1360 }
1361 
1362 void
1363 unlockmbox()
1364 {
1365 	if (!Locked)
1366 		return;
1367 	(void) unlink(LockName);
1368 	Locked = false;
1369 }
1370 #endif /* MAILLOCK */
1371 
1372 void
1373 notifybiff(msg)
1374 	char *msg;
1375 {
1376 	static bool initialized = false;
1377 	static int f = -1;
1378 	struct hostent *hp;
1379 	struct servent *sp;
1380 	int len;
1381 	static struct sockaddr_in addr;
1382 
1383 	if (!initialized)
1384 	{
1385 		initialized = true;
1386 
1387 		/* Be silent if biff service not available. */
1388 		if ((sp = getservbyname("biff", "udp")) == NULL ||
1389 		    (hp = gethostbyname("localhost")) == NULL ||
1390 		    hp->h_length != INADDRSZ)
1391 			return;
1392 
1393 		addr.sin_family = hp->h_addrtype;
1394 		memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
1395 		addr.sin_port = sp->s_port;
1396 	}
1397 
1398 	/* No message, just return */
1399 	if (msg == NULL)
1400 		return;
1401 
1402 	/* Couldn't initialize addr struct */
1403 	if (addr.sin_family == AF_UNSPEC)
1404 		return;
1405 
1406 	if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1407 		return;
1408 	len = strlen(msg) + 1;
1409 	(void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
1410 }
1411 
1412 void
1413 usage()
1414 {
1415 	ExitVal = EX_USAGE;
1416 	mailerr(NULL, "usage: mail.local [-7] [-B] [-b] [-d] [-l] [-s] [-f from|-r from] [-h filename] user ...");
1417 	exit(ExitVal);
1418 }
1419 
1420 void
1421 /*VARARGS2*/
1422 #ifdef __STDC__
1423 mailerr(const char *hdr, const char *fmt, ...)
1424 #else /* __STDC__ */
1425 mailerr(hdr, fmt, va_alist)
1426 	const char *hdr;
1427 	const char *fmt;
1428 	va_dcl
1429 #endif /* __STDC__ */
1430 {
1431 	size_t len = 0;
1432 	SM_VA_LOCAL_DECL
1433 
1434 	(void) e_to_sys(errno);
1435 
1436 	SM_VA_START(ap, fmt);
1437 
1438 	if (LMTPMode && hdr != NULL)
1439 	{
1440 		sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
1441 		len = strlen(ErrBuf);
1442 	}
1443 	(void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
1444 	SM_VA_END(ap);
1445 
1446 	if (!HoldErrs)
1447 		flush_error();
1448 
1449 	/* Log the message to syslog. */
1450 	if (!LMTPMode)
1451 		syslog(LOG_ERR, "%s", ErrBuf);
1452 }
1453 
1454 void
1455 flush_error()
1456 {
1457 	if (LMTPMode)
1458 		printf("%s\r\n", ErrBuf);
1459 	else
1460 	{
1461 		if (ExitVal != EX_USAGE)
1462 			(void) fprintf(stderr, "mail.local: ");
1463 		fprintf(stderr, "%s\n", ErrBuf);
1464 	}
1465 }
1466 
1467 /*
1468  * e_to_sys --
1469  *	Guess which errno's are temporary.  Gag me.
1470  */
1471 
1472 int
1473 e_to_sys(num)
1474 	int num;
1475 {
1476 	/* Temporary failures override hard errors. */
1477 	if (ExitVal == EX_TEMPFAIL)
1478 		return ExitVal;
1479 
1480 	switch (num)		/* Hopefully temporary errors. */
1481 	{
1482 #ifdef EDQUOT
1483 	  case EDQUOT:		/* Disc quota exceeded */
1484 		if (BounceQuota)
1485 		{
1486 			ExitVal = EX_UNAVAILABLE;
1487 			break;
1488 		}
1489 		/* FALLTHROUGH */
1490 #endif /* EDQUOT */
1491 #ifdef EAGAIN
1492 	  case EAGAIN:		/* Resource temporarily unavailable */
1493 #endif /* EAGAIN */
1494 #ifdef EBUSY
1495 	  case EBUSY:		/* Device busy */
1496 #endif /* EBUSY */
1497 #ifdef EPROCLIM
1498 	  case EPROCLIM:	/* Too many processes */
1499 #endif /* EPROCLIM */
1500 #ifdef EUSERS
1501 	  case EUSERS:		/* Too many users */
1502 #endif /* EUSERS */
1503 #ifdef ECONNABORTED
1504 	  case ECONNABORTED:	/* Software caused connection abort */
1505 #endif /* ECONNABORTED */
1506 #ifdef ECONNREFUSED
1507 	  case ECONNREFUSED:	/* Connection refused */
1508 #endif /* ECONNREFUSED */
1509 #ifdef ECONNRESET
1510 	  case ECONNRESET:	/* Connection reset by peer */
1511 #endif /* ECONNRESET */
1512 #ifdef EDEADLK
1513 	  case EDEADLK:		/* Resource deadlock avoided */
1514 #endif /* EDEADLK */
1515 #ifdef EFBIG
1516 	  case EFBIG:		/* File too large */
1517 #endif /* EFBIG */
1518 #ifdef EHOSTDOWN
1519 	  case EHOSTDOWN:	/* Host is down */
1520 #endif /* EHOSTDOWN */
1521 #ifdef EHOSTUNREACH
1522 	  case EHOSTUNREACH:	/* No route to host */
1523 #endif /* EHOSTUNREACH */
1524 #ifdef EMFILE
1525 	  case EMFILE:		/* Too many open files */
1526 #endif /* EMFILE */
1527 #ifdef ENETDOWN
1528 	  case ENETDOWN:	/* Network is down */
1529 #endif /* ENETDOWN */
1530 #ifdef ENETRESET
1531 	  case ENETRESET:	/* Network dropped connection on reset */
1532 #endif /* ENETRESET */
1533 #ifdef ENETUNREACH
1534 	  case ENETUNREACH:	/* Network is unreachable */
1535 #endif /* ENETUNREACH */
1536 #ifdef ENFILE
1537 	  case ENFILE:		/* Too many open files in system */
1538 #endif /* ENFILE */
1539 #ifdef ENOBUFS
1540 	  case ENOBUFS:		/* No buffer space available */
1541 #endif /* ENOBUFS */
1542 #ifdef ENOMEM
1543 	  case ENOMEM:		/* Cannot allocate memory */
1544 #endif /* ENOMEM */
1545 #ifdef ENOSPC
1546 	  case ENOSPC:		/* No space left on device */
1547 #endif /* ENOSPC */
1548 #ifdef EROFS
1549 	  case EROFS:		/* Read-only file system */
1550 #endif /* EROFS */
1551 #ifdef ESTALE
1552 	  case ESTALE:		/* Stale NFS file handle */
1553 #endif /* ESTALE */
1554 #ifdef ETIMEDOUT
1555 	  case ETIMEDOUT:	/* Connection timed out */
1556 #endif /* ETIMEDOUT */
1557 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1558 	  case EWOULDBLOCK:	/* Operation would block. */
1559 #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
1560 		ExitVal = EX_TEMPFAIL;
1561 		break;
1562 
1563 	  default:
1564 		ExitVal = EX_UNAVAILABLE;
1565 		break;
1566 	}
1567 	return ExitVal;
1568 }
1569 
1570 #if defined(ultrix) || defined(_CRAY)
1571 /*
1572  * Copyright (c) 1987, 1993
1573  *	The Regents of the University of California.  All rights reserved.
1574  *
1575  * Redistribution and use in source and binary forms, with or without
1576  * modification, are permitted provided that the following conditions
1577  * are met:
1578  * 1. Redistributions of source code must retain the above copyright
1579  *    notice, this list of conditions and the following disclaimer.
1580  * 2. Redistributions in binary form must reproduce the above copyright
1581  *    notice, this list of conditions and the following disclaimer in the
1582  *    documentation and/or other materials provided with the distribution.
1583  * 3. All advertising materials mentioning features or use of this software
1584  *    must display the following acknowledgement:
1585  *	This product includes software developed by the University of
1586  *	California, Berkeley and its contributors.
1587  * 4. Neither the name of the University nor the names of its contributors
1588  *    may be used to endorse or promote products derived from this software
1589  *    without specific prior written permission.
1590  *
1591  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1592  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1593  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1594  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1595  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1596  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1597  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1598  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1599  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1600  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1601  * SUCH DAMAGE.
1602  */
1603 
1604 # if defined(LIBC_SCCS) && !defined(lint)
1605 static char sccsid[] = "@(#)mktemp.c	8.1 (Berkeley) 6/4/93";
1606 # endif /* defined(LIBC_SCCS) && !defined(lint) */
1607 
1608 # include <sys/types.h>
1609 # include <sys/stat.h>
1610 # include <fcntl.h>
1611 # include <errno.h>
1612 # include <stdio.h>
1613 # include <ctype.h>
1614 
1615 static int _gettemp();
1616 
1617 mkstemp(path)
1618 	char *path;
1619 {
1620 	int fd;
1621 
1622 	return (_gettemp(path, &fd) ? fd : -1);
1623 }
1624 
1625 static
1626 _gettemp(path, doopen)
1627 	char *path;
1628 	register int *doopen;
1629 {
1630 	extern int errno;
1631 	register char *start, *trv;
1632 	struct stat sbuf;
1633 	unsigned int pid;
1634 
1635 	pid = getpid();
1636 	for (trv = path; *trv; ++trv);		/* extra X's get set to 0's */
1637 	while (*--trv == 'X')
1638 	{
1639 		*trv = (pid % 10) + '0';
1640 		pid /= 10;
1641 	}
1642 
1643 	/*
1644 	 * check the target directory; if you have six X's and it
1645 	 * doesn't exist this runs for a *very* long time.
1646 	 */
1647 	for (start = trv + 1;; --trv)
1648 	{
1649 		if (trv <= path)
1650 			break;
1651 		if (*trv == '/')
1652 		{
1653 			*trv = '\0';
1654 			if (stat(path, &sbuf) < 0)
1655 				return(0);
1656 			if (!S_ISDIR(sbuf.st_mode))
1657 			{
1658 				errno = ENOTDIR;
1659 				return(0);
1660 			}
1661 			*trv = '/';
1662 			break;
1663 		}
1664 	}
1665 
1666 	for (;;)
1667 	{
1668 		if (doopen)
1669 		{
1670 			if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
1671 					    0600)) >= 0)
1672 				return(1);
1673 			if (errno != EEXIST)
1674 				return(0);
1675 		}
1676 		else if (stat(path, &sbuf) < 0)
1677 			return(errno == ENOENT ? 1 : 0);
1678 
1679 		/* tricky little algorithm for backward compatibility */
1680 		for (trv = start;;)
1681 		{
1682 			if (!*trv)
1683 				return(0);
1684 			if (*trv == 'z')
1685 				*trv++ = 'a';
1686 			else
1687 			{
1688 				if (isascii(*trv) && isdigit(*trv))
1689 					*trv = 'a';
1690 				else
1691 					++*trv;
1692 				break;
1693 			}
1694 		}
1695 	}
1696 	/* NOTREACHED */
1697 }
1698 #endif /* defined(ultrix) || defined(_CRAY) */
1699