1 /*
2 * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #ifndef lint
15 static char id[] = "@(#)$Id: deliver.c,v 8.600.2.1.2.86 2001/07/20 21:52:55 gshapiro Exp $";
16 #endif /* ! lint */
17
18 #include <sendmail.h>
19
20
21 #if HASSETUSERCONTEXT
22 # include <login_cap.h>
23 #endif /* HASSETUSERCONTEXT */
24
25 #if STARTTLS || (SASL && SFIO)
26 # include "sfsasl.h"
27 #endif /* STARTTLS || (SASL && SFIO) */
28
29 static int deliver __P((ENVELOPE *, ADDRESS *));
30 static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
31 static void mailfiletimeout __P((void));
32 static void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool));
33 static int parse_hostsignature __P((char *, char **, MAILER *));
34 static void sendenvelope __P((ENVELOPE *, int));
35 static char *hostsignature __P((MAILER *, char *));
36
37 #if SMTP
38 # if STARTTLS
39 static int starttls __P((MAILER *, MCI *, ENVELOPE *));
40 # endif /* STARTTLS */
41 #endif /* SMTP */
42
43 /*
44 ** SENDALL -- actually send all the messages.
45 **
46 ** Parameters:
47 ** e -- the envelope to send.
48 ** mode -- the delivery mode to use. If SM_DEFAULT, use
49 ** the current e->e_sendmode.
50 **
51 ** Returns:
52 ** none.
53 **
54 ** Side Effects:
55 ** Scans the send lists and sends everything it finds.
56 ** Delivers any appropriate error messages.
57 ** If we are running in a non-interactive mode, takes the
58 ** appropriate action.
59 */
60
61 void
62 sendall(e, mode)
63 ENVELOPE *e;
64 int mode;
65 {
66 register ADDRESS *q;
67 char *owner;
68 int otherowners;
69 int save_errno;
70 register ENVELOPE *ee;
71 ENVELOPE *splitenv = NULL;
72 int oldverbose = Verbose;
73 bool somedeliveries = FALSE, expensive = FALSE;
74 pid_t pid;
75
76 /*
77 ** If this message is to be discarded, don't bother sending
78 ** the message at all.
79 */
80
81 if (bitset(EF_DISCARD, e->e_flags))
82 {
83 if (tTd(13, 1))
84 dprintf("sendall: discarding id %s\n", e->e_id);
85 e->e_flags |= EF_CLRQUEUE;
86 if (LogLevel > 4)
87 sm_syslog(LOG_INFO, e->e_id, "discarded");
88 markstats(e, NULL, TRUE);
89 return;
90 }
91
92 /*
93 ** If we have had global, fatal errors, don't bother sending
94 ** the message at all if we are in SMTP mode. Local errors
95 ** (e.g., a single address failing) will still cause the other
96 ** addresses to be sent.
97 */
98
99 if (bitset(EF_FATALERRS, e->e_flags) &&
100 (OpMode == MD_SMTP || OpMode == MD_DAEMON))
101 {
102 e->e_flags |= EF_CLRQUEUE;
103 return;
104 }
105
106 /* determine actual delivery mode */
107 if (mode == SM_DEFAULT)
108 {
109 mode = e->e_sendmode;
110 if (mode != SM_VERIFY && mode != SM_DEFER &&
111 shouldqueue(e->e_msgpriority, e->e_ctime))
112 mode = SM_QUEUE;
113 }
114
115 if (tTd(13, 1))
116 {
117 dprintf("\n===== SENDALL: mode %c, id %s, e_from ",
118 mode, e->e_id);
119 printaddr(&e->e_from, FALSE);
120 dprintf("\te_flags = ");
121 printenvflags(e);
122 dprintf("sendqueue:\n");
123 printaddr(e->e_sendqueue, TRUE);
124 }
125
126 /*
127 ** Do any preprocessing necessary for the mode we are running.
128 ** Check to make sure the hop count is reasonable.
129 ** Delete sends to the sender in mailing lists.
130 */
131
132 CurEnv = e;
133 if (tTd(62, 1))
134 checkfds(NULL);
135
136 if (e->e_hopcount > MaxHopCount)
137 {
138 char *recip;
139
140 if (e->e_sendqueue != NULL &&
141 e->e_sendqueue->q_paddr != NULL)
142 recip = e->e_sendqueue->q_paddr;
143 else
144 recip = "(nobody)";
145
146 errno = 0;
147 #if QUEUE
148 queueup(e, mode == SM_QUEUE || mode == SM_DEFER);
149 #endif /* QUEUE */
150 e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
151 ExitStat = EX_UNAVAILABLE;
152 syserr("554 5.4.6 Too many hops %d (%d max): from %s via %s, to %s",
153 e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
154 RealHostName == NULL ? "localhost" : RealHostName,
155 recip);
156 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
157 {
158 if (QS_IS_DEAD(q->q_state))
159 continue;
160 q->q_state = QS_BADADDR;
161 q->q_status = "5.4.6";
162 q->q_rstatus = "554 5.4.6 Too many hops";
163 }
164 return;
165 }
166
167 /*
168 ** Do sender deletion.
169 **
170 ** If the sender should be queued up, skip this.
171 ** This can happen if the name server is hosed when you
172 ** are trying to send mail. The result is that the sender
173 ** is instantiated in the queue as a recipient.
174 */
175
176 if (!bitset(EF_METOO, e->e_flags) &&
177 !QS_IS_QUEUEUP(e->e_from.q_state))
178 {
179 if (tTd(13, 5))
180 {
181 dprintf("sendall: QS_SENDER ");
182 printaddr(&e->e_from, FALSE);
183 }
184 e->e_from.q_state = QS_SENDER;
185 (void) recipient(&e->e_from, &e->e_sendqueue, 0, e);
186 }
187
188 /*
189 ** Handle alias owners.
190 **
191 ** We scan up the q_alias chain looking for owners.
192 ** We discard owners that are the same as the return path.
193 */
194
195 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
196 {
197 register struct address *a;
198
199 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
200 continue;
201 if (a != NULL)
202 q->q_owner = a->q_owner;
203
204 if (q->q_owner != NULL &&
205 !QS_IS_DEAD(q->q_state) &&
206 strcmp(q->q_owner, e->e_from.q_paddr) == 0)
207 q->q_owner = NULL;
208 }
209
210 if (tTd(13, 25))
211 {
212 dprintf("\nAfter first owner pass, sendq =\n");
213 printaddr(e->e_sendqueue, TRUE);
214 }
215
216 owner = "";
217 otherowners = 1;
218 while (owner != NULL && otherowners > 0)
219 {
220 if (tTd(13, 28))
221 dprintf("owner = \"%s\", otherowners = %d\n",
222 owner, otherowners);
223 owner = NULL;
224 otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0;
225
226 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
227 {
228 if (tTd(13, 30))
229 {
230 dprintf("Checking ");
231 printaddr(q, FALSE);
232 }
233 if (QS_IS_DEAD(q->q_state))
234 {
235 if (tTd(13, 30))
236 dprintf(" ... QS_IS_DEAD\n");
237 continue;
238 }
239 if (tTd(13, 29) && !tTd(13, 30))
240 {
241 dprintf("Checking ");
242 printaddr(q, FALSE);
243 }
244
245 if (q->q_owner != NULL)
246 {
247 if (owner == NULL)
248 {
249 if (tTd(13, 40))
250 dprintf(" ... First owner = \"%s\"\n",
251 q->q_owner);
252 owner = q->q_owner;
253 }
254 else if (owner != q->q_owner)
255 {
256 if (strcmp(owner, q->q_owner) == 0)
257 {
258 if (tTd(13, 40))
259 dprintf(" ... Same owner = \"%s\"\n",
260 owner);
261
262 /* make future comparisons cheap */
263 q->q_owner = owner;
264 }
265 else
266 {
267 if (tTd(13, 40))
268 dprintf(" ... Another owner \"%s\"\n",
269 q->q_owner);
270 otherowners++;
271 }
272 owner = q->q_owner;
273 }
274 else if (tTd(13, 40))
275 dprintf(" ... Same owner = \"%s\"\n",
276 owner);
277 }
278 else
279 {
280 if (tTd(13, 40))
281 dprintf(" ... Null owner\n");
282 otherowners++;
283 }
284
285 if (QS_IS_BADADDR(q->q_state))
286 {
287 if (tTd(13, 30))
288 dprintf(" ... QS_IS_BADADDR\n");
289 continue;
290 }
291
292 if (QS_IS_QUEUEUP(q->q_state))
293 {
294 MAILER *m = q->q_mailer;
295
296 /*
297 ** If we have temporary address failures
298 ** (e.g., dns failure) and a fallback MX is
299 ** set, send directly to the fallback MX host.
300 */
301
302 if (FallBackMX != NULL &&
303 !wordinclass(FallBackMX, 'w') &&
304 mode != SM_VERIFY &&
305 (strcmp(m->m_mailer, "[IPC]") == 0 ||
306 strcmp(m->m_mailer, "[TCP]") == 0) &&
307 m->m_argv[0] != NULL &&
308 (strcmp(m->m_argv[0], "TCP") == 0 ||
309 strcmp(m->m_argv[0], "IPC") == 0))
310 {
311 int len;
312 char *p;
313
314 if (tTd(13, 30))
315 dprintf(" ... FallBackMX\n");
316
317 len = strlen(FallBackMX) + 3;
318 p = xalloc(len);
319 snprintf(p, len, "[%s]", FallBackMX);
320 q->q_state = QS_OK;
321 q->q_host = p;
322 }
323 else
324 {
325 if (tTd(13, 30))
326 dprintf(" ... QS_IS_QUEUEUP\n");
327 continue;
328 }
329 }
330
331 /*
332 ** If this mailer is expensive, and if we don't
333 ** want to make connections now, just mark these
334 ** addresses and return. This is useful if we
335 ** want to batch connections to reduce load. This
336 ** will cause the messages to be queued up, and a
337 ** daemon will come along to send the messages later.
338 */
339
340 if (NoConnect && !Verbose &&
341 bitnset(M_EXPENSIVE, q->q_mailer->m_flags))
342 {
343 if (tTd(13, 30))
344 dprintf(" ... expensive\n");
345 q->q_state = QS_QUEUEUP;
346 expensive = TRUE;
347 }
348 else if (bitnset(M_HOLD, q->q_mailer->m_flags) &&
349 QueueLimitId == NULL &&
350 QueueLimitSender == NULL &&
351 QueueLimitRecipient == NULL)
352 {
353 if (tTd(13, 30))
354 dprintf(" ... hold\n");
355 q->q_state = QS_QUEUEUP;
356 expensive = TRUE;
357 }
358 else
359 {
360 if (tTd(13, 30))
361 dprintf(" ... deliverable\n");
362 somedeliveries = TRUE;
363 }
364 }
365
366 if (owner != NULL && otherowners > 0)
367 {
368 /*
369 ** Split this envelope into two.
370 */
371
372 ee = (ENVELOPE *) xalloc(sizeof *ee);
373 *ee = *e;
374 ee->e_message = NULL;
375 ee->e_id = NULL;
376 assign_queueid(ee);
377
378 if (tTd(13, 1))
379 dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n",
380 e->e_id, ee->e_id, owner, otherowners);
381
382 ee->e_header = copyheader(e->e_header);
383 ee->e_sendqueue = copyqueue(e->e_sendqueue);
384 ee->e_errorqueue = copyqueue(e->e_errorqueue);
385 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM);
386 ee->e_flags |= EF_NORECEIPT;
387 setsender(owner, ee, NULL, '\0', TRUE);
388 if (tTd(13, 5))
389 {
390 dprintf("sendall(split): QS_SENDER ");
391 printaddr(&ee->e_from, FALSE);
392 }
393 ee->e_from.q_state = QS_SENDER;
394 ee->e_dfp = NULL;
395 ee->e_lockfp = NULL;
396 ee->e_xfp = NULL;
397 ee->e_queuedir = e->e_queuedir;
398 ee->e_errormode = EM_MAIL;
399 ee->e_sibling = splitenv;
400 ee->e_statmsg = NULL;
401 splitenv = ee;
402
403 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
404 {
405 if (q->q_owner == owner)
406 {
407 q->q_state = QS_CLONED;
408 if (tTd(13, 6))
409 dprintf("\t... stripping %s from original envelope\n",
410 q->q_paddr);
411 }
412 }
413 for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
414 {
415 if (q->q_owner != owner)
416 {
417 q->q_state = QS_CLONED;
418 if (tTd(13, 6))
419 dprintf("\t... dropping %s from cloned envelope\n",
420 q->q_paddr);
421 }
422 else
423 {
424 /* clear DSN parameters */
425 q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
426 q->q_flags |= DefaultNotify & ~QPINGONSUCCESS;
427 if (tTd(13, 6))
428 dprintf("\t... moving %s to cloned envelope\n",
429 q->q_paddr);
430 }
431 }
432
433 if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags))
434 dup_queue_file(e, ee, 'd');
435
436 /*
437 ** Give the split envelope access to the parent
438 ** transcript file for errors obtained while
439 ** processing the recipients (done before the
440 ** envelope splitting).
441 */
442
443 if (e->e_xfp != NULL)
444 ee->e_xfp = bfdup(e->e_xfp);
445
446 /* failed to dup e->e_xfp, start a new transcript */
447 if (ee->e_xfp == NULL)
448 openxscript(ee);
449
450 if (mode != SM_VERIFY && LogLevel > 4)
451 sm_syslog(LOG_INFO, ee->e_id,
452 "clone %s, owner=%s",
453 e->e_id, owner);
454 }
455 }
456
457 if (owner != NULL)
458 {
459 setsender(owner, e, NULL, '\0', TRUE);
460 if (tTd(13, 5))
461 {
462 dprintf("sendall(owner): QS_SENDER ");
463 printaddr(&e->e_from, FALSE);
464 }
465 e->e_from.q_state = QS_SENDER;
466 e->e_errormode = EM_MAIL;
467 e->e_flags |= EF_NORECEIPT;
468 e->e_flags &= ~EF_FATALERRS;
469 }
470
471 /* if nothing to be delivered, just queue up everything */
472 if (!somedeliveries && mode != SM_QUEUE && mode != SM_DEFER &&
473 mode != SM_VERIFY)
474 {
475 time_t now = curtime();
476
477 if (tTd(13, 29))
478 dprintf("No deliveries: auto-queuing\n");
479 mode = SM_QUEUE;
480
481 /* treat this as a delivery in terms of counting tries */
482 e->e_dtime = now;
483 if (!expensive)
484 e->e_ntries++;
485 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
486 {
487 ee->e_dtime = now;
488 if (!expensive)
489 ee->e_ntries++;
490 }
491 }
492
493 #if QUEUE
494 if ((mode == SM_QUEUE || mode == SM_DEFER || mode == SM_FORK ||
495 (mode != SM_VERIFY && SuperSafe)) &&
496 (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL))
497 {
498 /*
499 ** Be sure everything is instantiated in the queue.
500 ** Split envelopes first in case the machine crashes.
501 ** If the original were done first, we may lose
502 ** recipients.
503 */
504
505 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
506 queueup(ee, mode == SM_QUEUE || mode == SM_DEFER);
507 queueup(e, mode == SM_QUEUE || mode == SM_DEFER);
508 }
509 #endif /* QUEUE */
510
511 if (tTd(62, 10))
512 checkfds("after envelope splitting");
513
514 /*
515 ** If we belong in background, fork now.
516 */
517
518 if (tTd(13, 20))
519 {
520 dprintf("sendall: final mode = %c\n", mode);
521 if (tTd(13, 21))
522 {
523 dprintf("\n================ Final Send Queue(s) =====================\n");
524 dprintf("\n *** Envelope %s, e_from=%s ***\n",
525 e->e_id, e->e_from.q_paddr);
526 printaddr(e->e_sendqueue, TRUE);
527 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
528 {
529 dprintf("\n *** Envelope %s, e_from=%s ***\n",
530 ee->e_id, ee->e_from.q_paddr);
531 printaddr(ee->e_sendqueue, TRUE);
532 }
533 dprintf("==========================================================\n\n");
534 }
535 }
536 switch (mode)
537 {
538 case SM_VERIFY:
539 Verbose = 2;
540 break;
541
542 case SM_QUEUE:
543 case SM_DEFER:
544 #if HASFLOCK
545 queueonly:
546 #endif /* HASFLOCK */
547 if (e->e_nrcpts > 0)
548 e->e_flags |= EF_INQUEUE;
549 dropenvelope(e, splitenv != NULL);
550 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
551 {
552 if (ee->e_nrcpts > 0)
553 ee->e_flags |= EF_INQUEUE;
554 dropenvelope(ee, FALSE);
555 }
556 return;
557
558 case SM_FORK:
559 if (e->e_xfp != NULL)
560 (void) fflush(e->e_xfp);
561
562 #if !HASFLOCK
563 /*
564 ** Since fcntl locking has the interesting semantic that
565 ** the lock is owned by a process, not by an open file
566 ** descriptor, we have to flush this to the queue, and
567 ** then restart from scratch in the child.
568 */
569
570 {
571 /* save id for future use */
572 char *qid = e->e_id;
573
574 /* now drop the envelope in the parent */
575 e->e_flags |= EF_INQUEUE;
576 dropenvelope(e, splitenv != NULL);
577
578 /* arrange to reacquire lock after fork */
579 e->e_id = qid;
580 }
581
582 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
583 {
584 /* save id for future use */
585 char *qid = ee->e_id;
586
587 /* drop envelope in parent */
588 ee->e_flags |= EF_INQUEUE;
589 dropenvelope(ee, FALSE);
590
591 /* and save qid for reacquisition */
592 ee->e_id = qid;
593 }
594
595 #endif /* !HASFLOCK */
596
597 /*
598 ** Since the delivery may happen in a child and the parent
599 ** does not wait, the parent may close the maps thereby
600 ** removing any shared memory used by the map. Therefore,
601 ** close the maps now so the child will dynamically open
602 ** them if necessary.
603 */
604
605 closemaps();
606
607 pid = fork();
608 if (pid < 0)
609 {
610 syserr("deliver: fork 1");
611 #if HASFLOCK
612 goto queueonly;
613 #else /* HASFLOCK */
614 e->e_id = NULL;
615 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
616 ee->e_id = NULL;
617 return;
618 #endif /* HASFLOCK */
619 }
620 else if (pid > 0)
621 {
622 #if HASFLOCK
623 /* be sure we leave the temp files to our child */
624 /* close any random open files in the envelope */
625 closexscript(e);
626 if (e->e_dfp != NULL)
627 (void) bfclose(e->e_dfp);
628 e->e_dfp = NULL;
629 e->e_flags &= ~EF_HAS_DF;
630
631 /* can't call unlockqueue to avoid unlink of xfp */
632 if (e->e_lockfp != NULL)
633 (void) fclose(e->e_lockfp);
634 else
635 syserr("%s: sendall: null lockfp", e->e_id);
636 e->e_lockfp = NULL;
637 #endif /* HASFLOCK */
638
639 /* make sure the parent doesn't own the envelope */
640 e->e_id = NULL;
641
642 /* catch intermediate zombie */
643 (void) waitfor(pid);
644 return;
645 }
646
647 /* Reset global flags */
648 RestartRequest = NULL;
649 ShutdownRequest = NULL;
650 PendingSignal = 0;
651
652 /*
653 ** Since we have accepted responsbility for the message,
654 ** change the SIGTERM handler. intsig() (the old handler)
655 ** would remove the envelope if this was a command line
656 ** message submission.
657 */
658
659 (void) setsignal(SIGTERM, SIG_DFL);
660
661 /* double fork to avoid zombies */
662 pid = fork();
663 if (pid > 0)
664 exit(EX_OK);
665 save_errno = errno;
666
667 /* be sure we are immune from the terminal */
668 disconnect(2, e);
669 clearstats();
670
671 /* prevent parent from waiting if there was an error */
672 if (pid < 0)
673 {
674 errno = save_errno;
675 syserr("deliver: fork 2");
676 #if HASFLOCK
677 e->e_flags |= EF_INQUEUE;
678 #else /* HASFLOCK */
679 e->e_id = NULL;
680 #endif /* HASFLOCK */
681 finis(TRUE, ExitStat);
682 }
683
684 /* be sure to give error messages in child */
685 QuickAbort = FALSE;
686
687 /*
688 ** Close any cached connections.
689 **
690 ** We don't send the QUIT protocol because the parent
691 ** still knows about the connection.
692 **
693 ** This should only happen when delivering an error
694 ** message.
695 */
696
697 mci_flush(FALSE, NULL);
698
699 #if HASFLOCK
700 break;
701 #else /* HASFLOCK */
702
703 /*
704 ** Now reacquire and run the various queue files.
705 */
706
707 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
708 {
709 ENVELOPE *sibling = ee->e_sibling;
710
711 (void) dowork(ee->e_queuedir, ee->e_id,
712 FALSE, FALSE, ee);
713 ee->e_sibling = sibling;
714 }
715 (void) dowork(e->e_queuedir, e->e_id,
716 FALSE, FALSE, e);
717 finis(TRUE, ExitStat);
718 #endif /* HASFLOCK */
719 }
720
721 sendenvelope(e, mode);
722 dropenvelope(e, TRUE);
723 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
724 {
725 CurEnv = ee;
726 if (mode != SM_VERIFY)
727 openxscript(ee);
728 sendenvelope(ee, mode);
729 dropenvelope(ee, TRUE);
730 }
731 CurEnv = e;
732
733 Verbose = oldverbose;
734 if (mode == SM_FORK)
735 finis(TRUE, ExitStat);
736 }
737
738 static void
739 sendenvelope(e, mode)
740 register ENVELOPE *e;
741 int mode;
742 {
743 register ADDRESS *q;
744 bool didany;
745
746 if (tTd(13, 10))
747 dprintf("sendenvelope(%s) e_flags=0x%lx\n",
748 e->e_id == NULL ? "[NOQUEUE]" : e->e_id,
749 e->e_flags);
750 if (LogLevel > 80)
751 sm_syslog(LOG_DEBUG, e->e_id,
752 "sendenvelope, flags=0x%lx",
753 e->e_flags);
754
755 /*
756 ** If we have had global, fatal errors, don't bother sending
757 ** the message at all if we are in SMTP mode. Local errors
758 ** (e.g., a single address failing) will still cause the other
759 ** addresses to be sent.
760 */
761
762 if (bitset(EF_FATALERRS, e->e_flags) &&
763 (OpMode == MD_SMTP || OpMode == MD_DAEMON))
764 {
765 e->e_flags |= EF_CLRQUEUE;
766 return;
767 }
768
769 /* Don't attempt deliveries if we want to bounce now */
770 if (!bitset(EF_RESPONSE, e->e_flags) &&
771 TimeOuts.to_q_return[e->e_timeoutclass] == NOW)
772 return;
773
774 /*
775 ** Run through the list and send everything.
776 **
777 ** Set EF_GLOBALERRS so that error messages during delivery
778 ** result in returned mail.
779 */
780
781 e->e_nsent = 0;
782 e->e_flags |= EF_GLOBALERRS;
783
784 define(macid("{envid}", NULL), e->e_envid, e);
785 define(macid("{bodytype}", NULL), e->e_bodytype, e);
786 didany = FALSE;
787
788 /* now run through the queue */
789 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
790 {
791 #if XDEBUG
792 char wbuf[MAXNAME + 20];
793
794 (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)",
795 MAXNAME, q->q_paddr);
796 checkfd012(wbuf);
797 #endif /* XDEBUG */
798 if (mode == SM_VERIFY)
799 {
800 e->e_to = q->q_paddr;
801 if (QS_IS_SENDABLE(q->q_state))
802 {
803 if (q->q_host != NULL && q->q_host[0] != '\0')
804 message("deliverable: mailer %s, host %s, user %s",
805 q->q_mailer->m_name,
806 q->q_host,
807 q->q_user);
808 else
809 message("deliverable: mailer %s, user %s",
810 q->q_mailer->m_name,
811 q->q_user);
812 }
813 }
814 else if (QS_IS_OK(q->q_state))
815 {
816 #if QUEUE
817 /*
818 ** Checkpoint the send list every few addresses
819 */
820
821 if (CheckpointInterval > 0 &&
822 e->e_nsent >= CheckpointInterval)
823 {
824 queueup(e, FALSE);
825 e->e_nsent = 0;
826 }
827 #endif /* QUEUE */
828 (void) deliver(e, q);
829 didany = TRUE;
830 }
831 }
832 if (didany)
833 {
834 e->e_dtime = curtime();
835 e->e_ntries++;
836 }
837
838 #if XDEBUG
839 checkfd012("end of sendenvelope");
840 #endif /* XDEBUG */
841 }
842 �/*
843 ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue
844 **
845 ** Parameters:
846 ** e -- the existing envelope
847 ** ee -- the new envelope
848 ** type -- the queue file type (e.g., 'd')
849 **
850 ** Returns:
851 ** none
852 */
853
854 static void
855 dup_queue_file(e, ee, type)
856 struct envelope *e, *ee;
857 int type;
858 {
859 char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN];
860
861 ee->e_dfp = NULL;
862 ee->e_xfp = NULL;
863
864 /*
865 ** Make sure both are in the same directory.
866 */
867
868 snprintf(f1buf, sizeof f1buf, "%s", queuename(e, type));
869 snprintf(f2buf, sizeof f2buf, "%s", queuename(ee, type));
870 if (link(f1buf, f2buf) < 0)
871 {
872 int save_errno = errno;
873
874 syserr("sendall: link(%s, %s)", f1buf, f2buf);
875 if (save_errno == EEXIST)
876 {
877 if (unlink(f2buf) < 0)
878 {
879 syserr("!sendall: unlink(%s): permanent",
880 f2buf);
881 /* NOTREACHED */
882 }
883 if (link(f1buf, f2buf) < 0)
884 {
885 syserr("!sendall: link(%s, %s): permanent",
886 f1buf, f2buf);
887 /* NOTREACHED */
888 }
889 }
890 }
891 }
892 �/*
893 ** DOFORK -- do a fork, retrying a couple of times on failure.
894 **
895 ** This MUST be a macro, since after a vfork we are running
896 ** two processes on the same stack!!!
897 **
898 ** Parameters:
899 ** none.
900 **
901 ** Returns:
902 ** From a macro??? You've got to be kidding!
903 **
904 ** Side Effects:
905 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
906 ** pid of child in parent, zero in child.
907 ** -1 on unrecoverable error.
908 **
909 ** Notes:
910 ** I'm awfully sorry this looks so awful. That's
911 ** vfork for you.....
912 */
913
914 #define NFORKTRIES 5
915
916 #ifndef FORK
917 # define FORK fork
918 #endif /* ! FORK */
919
920 #define DOFORK(fORKfN) \
921 {\
922 register int i;\
923 \
924 for (i = NFORKTRIES; --i >= 0; )\
925 {\
926 pid = fORKfN();\
927 if (pid >= 0)\
928 break;\
929 if (i > 0)\
930 (void) sleep((unsigned) NFORKTRIES - i);\
931 }\
932 }
933 �/*
934 ** DOFORK -- simple fork interface to DOFORK.
935 **
936 ** Parameters:
937 ** none.
938 **
939 ** Returns:
940 ** pid of child in parent.
941 ** zero in child.
942 ** -1 on error.
943 **
944 ** Side Effects:
945 ** returns twice, once in parent and once in child.
946 */
947
948 pid_t
949 dofork()
950 {
951 register pid_t pid = -1;
952
953 DOFORK(fork);
954 return pid;
955 }
956 �/*
957 ** DELIVER -- Deliver a message to a list of addresses.
958 **
959 ** This routine delivers to everyone on the same host as the
960 ** user on the head of the list. It is clever about mailers
961 ** that don't handle multiple users. It is NOT guaranteed
962 ** that it will deliver to all these addresses however -- so
963 ** deliver should be called once for each address on the
964 ** list.
965 **
966 ** Parameters:
967 ** e -- the envelope to deliver.
968 ** firstto -- head of the address list to deliver to.
969 **
970 ** Returns:
971 ** zero -- successfully delivered.
972 ** else -- some failure, see ExitStat for more info.
973 **
974 ** Side Effects:
975 ** The standard input is passed off to someone.
976 */
977
978 #ifndef NO_UID
979 # define NO_UID -1
980 #endif /* ! NO_UID */
981 #ifndef NO_GID
982 # define NO_GID -1
983 #endif /* ! NO_GID */
984
985 static int
986 deliver(e, firstto)
987 register ENVELOPE *e;
988 ADDRESS *firstto;
989 {
990 char *host; /* host being sent to */
991 char *user; /* user being sent to */
992 char **pvp;
993 register char **mvp;
994 register char *p;
995 register MAILER *m; /* mailer for this recipient */
996 ADDRESS *volatile ctladdr;
997 ADDRESS *volatile contextaddr = NULL;
998 register MCI *volatile mci;
999 register ADDRESS *to = firstto;
1000 volatile bool clever = FALSE; /* running user smtp to this mailer */
1001 ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */
1002 int rcode; /* response code */
1003 int lmtp_rcode = EX_OK;
1004 int nummxhosts = 0; /* number of MX hosts available */
1005 int hostnum = 0; /* current MX host index */
1006 char *firstsig; /* signature of firstto */
1007 pid_t pid = -1;
1008 char *volatile curhost;
1009 register u_short port = 0;
1010 #if NETUNIX
1011 char *mux_path = NULL; /* path to UNIX domain socket */
1012 #endif /* NETUNIX */
1013 time_t xstart;
1014 bool suidwarn;
1015 bool anyok; /* at least one address was OK */
1016 bool goodmxfound = FALSE; /* at least one MX was OK */
1017 bool ovr;
1018 #if _FFR_DYNAMIC_TOBUF
1019 int strsize;
1020 int rcptcount;
1021 static int tobufsize = 0;
1022 static char *tobuf = NULL;
1023 #else /* _FFR_DYNAMIC_TOBUF */
1024 char tobuf[TOBUFSIZE]; /* text line of to people */
1025 #endif /* _FFR_DYNAMIC_TOBUF */
1026 int mpvect[2];
1027 int rpvect[2];
1028 char *mxhosts[MAXMXHOSTS + 1];
1029 char *pv[MAXPV + 1];
1030 char buf[MAXNAME + 1];
1031 char rpathbuf[MAXNAME + 1]; /* translated return path */
1032
1033 errno = 0;
1034 if (!QS_IS_OK(to->q_state))
1035 return 0;
1036
1037 suidwarn = geteuid() == 0;
1038
1039 m = to->q_mailer;
1040 host = to->q_host;
1041 CurEnv = e; /* just in case */
1042 e->e_statmsg = NULL;
1043 #if SMTP
1044 SmtpError[0] = '\0';
1045 #endif /* SMTP */
1046 xstart = curtime();
1047
1048 if (tTd(10, 1))
1049 dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
1050 e->e_id, m->m_name, host, to->q_user);
1051 if (tTd(10, 100))
1052 printopenfds(FALSE);
1053
1054 /*
1055 ** Clear $&{client_*} macros if this is a bounce message to
1056 ** prevent rejection by check_compat ruleset.
1057 */
1058
1059 if (bitset(EF_RESPONSE, e->e_flags))
1060 {
1061 define(macid("{client_name}", NULL), "", e);
1062 define(macid("{client_addr}", NULL), "", e);
1063 define(macid("{client_port}", NULL), "", e);
1064 }
1065
1066 /*
1067 ** Do initial argv setup.
1068 ** Insert the mailer name. Notice that $x expansion is
1069 ** NOT done on the mailer name. Then, if the mailer has
1070 ** a picky -f flag, we insert it as appropriate. This
1071 ** code does not check for 'pv' overflow; this places a
1072 ** manifest lower limit of 4 for MAXPV.
1073 ** The from address rewrite is expected to make
1074 ** the address relative to the other end.
1075 */
1076
1077 /* rewrite from address, using rewriting rules */
1078 rcode = EX_OK;
1079 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
1080 p = e->e_sender;
1081 else
1082 p = e->e_from.q_paddr;
1083 p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e);
1084 if (strlen(p) >= (SIZE_T) sizeof rpathbuf)
1085 {
1086 p = shortenstring(p, MAXSHORTSTR);
1087 syserr("remotename: huge return %s", p);
1088 }
1089 snprintf(rpathbuf, sizeof rpathbuf, "%s", p);
1090 define('g', rpathbuf, e); /* translated return path */
1091 define('h', host, e); /* to host */
1092 Errors = 0;
1093 pvp = pv;
1094 *pvp++ = m->m_argv[0];
1095
1096 /* insert -f or -r flag as appropriate */
1097 if (FromFlag &&
1098 (bitnset(M_FOPT, m->m_flags) ||
1099 bitnset(M_ROPT, m->m_flags)))
1100 {
1101 if (bitnset(M_FOPT, m->m_flags))
1102 *pvp++ = "-f";
1103 else
1104 *pvp++ = "-r";
1105 *pvp++ = newstr(rpathbuf);
1106 }
1107
1108 /*
1109 ** Append the other fixed parts of the argv. These run
1110 ** up to the first entry containing "$u". There can only
1111 ** be one of these, and there are only a few more slots
1112 ** in the pv after it.
1113 */
1114
1115 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
1116 {
1117 /* can't use strchr here because of sign extension problems */
1118 while (*p != '\0')
1119 {
1120 if ((*p++ & 0377) == MACROEXPAND)
1121 {
1122 if (*p == 'u')
1123 break;
1124 }
1125 }
1126
1127 if (*p != '\0')
1128 break;
1129
1130 /* this entry is safe -- go ahead and process it */
1131 expand(*mvp, buf, sizeof buf, e);
1132 *pvp++ = newstr(buf);
1133 if (pvp >= &pv[MAXPV - 3])
1134 {
1135 syserr("554 5.3.5 Too many parameters to %s before $u",
1136 pv[0]);
1137 return -1;
1138 }
1139 }
1140
1141 /*
1142 ** If we have no substitution for the user name in the argument
1143 ** list, we know that we must supply the names otherwise -- and
1144 ** SMTP is the answer!!
1145 */
1146
1147 if (*mvp == NULL)
1148 {
1149 /* running LMTP or SMTP */
1150 #if SMTP
1151 clever = TRUE;
1152 *pvp = NULL;
1153 #else /* SMTP */
1154 /* oops! we don't implement SMTP */
1155 syserr("554 5.3.5 SMTP style mailer not implemented");
1156 return EX_SOFTWARE;
1157 #endif /* SMTP */
1158 }
1159 else if (bitnset(M_LMTP, m->m_flags))
1160 {
1161 /* not running LMTP */
1162 sm_syslog(LOG_ERR, NULL,
1163 "Warning: mailer %s: LMTP flag (F=z) turned off",
1164 m->m_name);
1165 clrbitn(M_LMTP, m->m_flags);
1166 }
1167
1168 /*
1169 ** At this point *mvp points to the argument with $u. We
1170 ** run through our address list and append all the addresses
1171 ** we can. If we run out of space, do not fret! We can
1172 ** always send another copy later.
1173 */
1174
1175 #if _FFR_DYNAMIC_TOBUF
1176 e->e_to = NULL;
1177 strsize = 2;
1178 rcptcount = 0;
1179 #else /* _FFR_DYNAMIC_TOBUF */
1180 tobuf[0] = '\0';
1181 e->e_to = tobuf;
1182 #endif /* _FFR_DYNAMIC_TOBUF */
1183
1184 ctladdr = NULL;
1185 firstsig = hostsignature(firstto->q_mailer, firstto->q_host);
1186 for (; to != NULL; to = to->q_next)
1187 {
1188 /* avoid sending multiple recipients to dumb mailers */
1189 #if _FFR_DYNAMIC_TOBUF
1190 if (tochain != NULL && !bitnset(M_MUSER, m->m_flags))
1191 break;
1192 #else /* _FFR_DYNAMIC_TOBUF */
1193 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
1194 break;
1195 #endif /* _FFR_DYNAMIC_TOBUF */
1196
1197 /* if already sent or not for this host, don't send */
1198 if (!QS_IS_OK(to->q_state) ||
1199 to->q_mailer != firstto->q_mailer ||
1200 strcmp(hostsignature(to->q_mailer, to->q_host),
1201 firstsig) != 0)
1202 continue;
1203
1204 /* avoid overflowing tobuf */
1205 #if _FFR_DYNAMIC_TOBUF
1206 strsize += strlen(to->q_paddr) + 1;
1207 if (!clever && strsize > TOBUFSIZE)
1208 break;
1209
1210 if (++rcptcount > to->q_mailer->m_maxrcpt)
1211 break;
1212 #else /* _FFR_DYNAMIC_TOBUF */
1213 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
1214 break;
1215 #endif /* _FFR_DYNAMIC_TOBUF */
1216
1217 if (tTd(10, 1))
1218 {
1219 dprintf("\nsend to ");
1220 printaddr(to, FALSE);
1221 }
1222
1223 /* compute effective uid/gid when sending */
1224 if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags))
1225 contextaddr = ctladdr = getctladdr(to);
1226
1227 if (tTd(10, 2))
1228 {
1229 dprintf("ctladdr=");
1230 printaddr(ctladdr, FALSE);
1231 }
1232
1233 user = to->q_user;
1234 e->e_to = to->q_paddr;
1235
1236 /*
1237 ** Check to see that these people are allowed to
1238 ** talk to each other.
1239 ** Check also for overflow of e_msgsize.
1240 */
1241
1242 if (m->m_maxsize != 0 &&
1243 (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0))
1244 {
1245 e->e_flags |= EF_NO_BODY_RETN;
1246 if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags))
1247 to->q_status = "5.2.3";
1248 else
1249 to->q_status = "5.3.4";
1250 /* set to->q_rstatus = NULL; or to the following? */
1251 usrerrenh(to->q_status,
1252 "552 Message is too large; %ld bytes max",
1253 m->m_maxsize);
1254 markfailure(e, to, NULL, EX_UNAVAILABLE, FALSE);
1255 giveresponse(EX_UNAVAILABLE, to->q_status, m,
1256 NULL, ctladdr, xstart, e);
1257 continue;
1258 }
1259 #if NAMED_BIND
1260 SM_SET_H_ERRNO(0);
1261 #endif /* NAMED_BIND */
1262
1263 ovr = TRUE;
1264 /* do config file checking of compatibility */
1265 rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr,
1266 e, TRUE, TRUE, 4, NULL);
1267 if (rcode == EX_OK)
1268 {
1269 /* do in-code checking if not discarding */
1270 if (!bitset(EF_DISCARD, e->e_flags))
1271 {
1272 rcode = checkcompat(to, e);
1273 ovr = FALSE;
1274 }
1275 }
1276 if (rcode != EX_OK)
1277 {
1278 markfailure(e, to, NULL, rcode, ovr);
1279 giveresponse(rcode, to->q_status, m,
1280 NULL, ctladdr, xstart, e);
1281 continue;
1282 }
1283 if (bitset(EF_DISCARD, e->e_flags))
1284 {
1285 if (tTd(10, 5))
1286 {
1287 dprintf("deliver: discarding recipient ");
1288 printaddr(to, FALSE);
1289 }
1290
1291 /* pretend the message was sent */
1292 /* XXX should we log something here? */
1293 to->q_state = QS_DISCARDED;
1294
1295 /*
1296 ** Remove discard bit to prevent discard of
1297 ** future recipients. This is safe because the
1298 ** true "global discard" has been handled before
1299 ** we get here.
1300 */
1301
1302 e->e_flags &= ~EF_DISCARD;
1303 continue;
1304 }
1305
1306 /*
1307 ** Strip quote bits from names if the mailer is dumb
1308 ** about them.
1309 */
1310
1311 if (bitnset(M_STRIPQ, m->m_flags))
1312 {
1313 stripquotes(user);
1314 stripquotes(host);
1315 }
1316
1317 /* hack attack -- delivermail compatibility */
1318 if (m == ProgMailer && *user == '|')
1319 user++;
1320
1321 /*
1322 ** If an error message has already been given, don't
1323 ** bother to send to this address.
1324 **
1325 ** >>>>>>>>>> This clause assumes that the local mailer
1326 ** >> NOTE >> cannot do any further aliasing; that
1327 ** >>>>>>>>>> function is subsumed by sendmail.
1328 */
1329
1330 if (!QS_IS_OK(to->q_state))
1331 continue;
1332
1333 /*
1334 ** See if this user name is "special".
1335 ** If the user name has a slash in it, assume that this
1336 ** is a file -- send it off without further ado. Note
1337 ** that this type of addresses is not processed along
1338 ** with the others, so we fudge on the To person.
1339 */
1340
1341 if (strcmp(m->m_mailer, "[FILE]") == 0)
1342 {
1343 define('u', user, e); /* to user */
1344 p = to->q_home;
1345 if (p == NULL && ctladdr != NULL)
1346 p = ctladdr->q_home;
1347 define('z', p, e); /* user's home */
1348 expand(m->m_argv[1], buf, sizeof buf, e);
1349 if (strlen(buf) > 0)
1350 rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e);
1351 else
1352 {
1353 syserr("empty filename specification for mailer %s",
1354 m->m_name);
1355 rcode = EX_CONFIG;
1356 }
1357 giveresponse(rcode, to->q_status, m, NULL,
1358 ctladdr, xstart, e);
1359 markfailure(e, to, NULL, rcode, TRUE);
1360 e->e_nsent++;
1361 if (rcode == EX_OK)
1362 {
1363 to->q_state = QS_SENT;
1364 if (bitnset(M_LOCALMAILER, m->m_flags) &&
1365 bitset(QPINGONSUCCESS, to->q_flags))
1366 {
1367 to->q_flags |= QDELIVERED;
1368 to->q_status = "2.1.5";
1369 fprintf(e->e_xfp, "%s... Successfully delivered\n",
1370 to->q_paddr);
1371 }
1372 }
1373 to->q_statdate = curtime();
1374 markstats(e, to, FALSE);
1375 continue;
1376 }
1377
1378 /*
1379 ** Address is verified -- add this user to mailer
1380 ** argv, and add it to the print list of recipients.
1381 */
1382
1383 /* link together the chain of recipients */
1384 to->q_tchain = tochain;
1385 tochain = to;
1386
1387 #if _FFR_DYNAMIC_TOBUF
1388 e->e_to = "[CHAIN]";
1389 #else /* _FFR_DYNAMIC_TOBUF */
1390 /* create list of users for error messages */
1391 (void) strlcat(tobuf, ",", sizeof tobuf);
1392 (void) strlcat(tobuf, to->q_paddr, sizeof tobuf);
1393 #endif /* _FFR_DYNAMIC_TOBUF */
1394
1395 define('u', user, e); /* to user */
1396 p = to->q_home;
1397 if (p == NULL && ctladdr != NULL)
1398 p = ctladdr->q_home;
1399 define('z', p, e); /* user's home */
1400
1401 /* set the ${dsn_notify} macro if applicable */
1402 if (bitset(QHASNOTIFY, to->q_flags))
1403 {
1404 char notify[MAXLINE];
1405
1406 notify[0] = '\0';
1407 if (bitset(QPINGONSUCCESS, to->q_flags))
1408 (void) strlcat(notify, "SUCCESS,",
1409 sizeof notify);
1410 if (bitset(QPINGONFAILURE, to->q_flags))
1411 (void) strlcat(notify, "FAILURE,",
1412 sizeof notify);
1413 if (bitset(QPINGONDELAY, to->q_flags))
1414 (void) strlcat(notify, "DELAY,", sizeof notify);
1415
1416 /* Set to NEVER or drop trailing comma */
1417 if (notify[0] == '\0')
1418 (void) strlcat(notify, "NEVER", sizeof notify);
1419 else
1420 notify[strlen(notify) - 1] = '\0';
1421
1422 define(macid("{dsn_notify}", NULL), newstr(notify), e);
1423 }
1424 else
1425 define(macid("{dsn_notify}", NULL), NULL, e);
1426
1427 /*
1428 ** Expand out this user into argument list.
1429 */
1430
1431 if (!clever)
1432 {
1433 expand(*mvp, buf, sizeof buf, e);
1434 *pvp++ = newstr(buf);
1435 if (pvp >= &pv[MAXPV - 2])
1436 {
1437 /* allow some space for trailing parms */
1438 break;
1439 }
1440 }
1441 }
1442
1443 /* see if any addresses still exist */
1444 #if _FFR_DYNAMIC_TOBUF
1445 if (tochain == NULL)
1446 #else /* _FFR_DYNAMIC_TOBUF */
1447 if (tobuf[0] == '\0')
1448 #endif /* _FFR_DYNAMIC_TOBUF */
1449 {
1450 define('g', (char *) NULL, e);
1451 e->e_to = NULL;
1452 return 0;
1453 }
1454
1455 /* print out messages as full list */
1456 #if _FFR_DYNAMIC_TOBUF
1457 {
1458 int l = 1;
1459 char *tobufptr;
1460
1461 for (to = tochain; to != NULL; to = to->q_tchain)
1462 l += strlen(to->q_paddr) + 1;
1463 if (l < TOBUFSIZE)
1464 l = TOBUFSIZE;
1465 if (l > tobufsize)
1466 {
1467 if (tobuf != NULL)
1468 sm_free(tobuf);
1469 tobufsize = l;
1470 tobuf = xalloc(tobufsize);
1471 }
1472 tobufptr = tobuf;
1473 *tobufptr = '\0';
1474 for (to = tochain; to != NULL; to = to->q_tchain)
1475 {
1476 snprintf(tobufptr, tobufsize - (tobufptr - tobuf),
1477 ",%s", to->q_paddr);
1478 tobufptr += strlen(tobufptr);
1479 }
1480 }
1481 #endif /* _FFR_DYNAMIC_TOBUF */
1482 e->e_to = tobuf + 1;
1483
1484 /*
1485 ** Fill out any parameters after the $u parameter.
1486 */
1487
1488 while (!clever && *++mvp != NULL)
1489 {
1490 expand(*mvp, buf, sizeof buf, e);
1491 *pvp++ = newstr(buf);
1492 if (pvp >= &pv[MAXPV])
1493 syserr("554 5.3.0 deliver: pv overflow after $u for %s",
1494 pv[0]);
1495 }
1496 *pvp++ = NULL;
1497
1498 /*
1499 ** Call the mailer.
1500 ** The argument vector gets built, pipes
1501 ** are created as necessary, and we fork & exec as
1502 ** appropriate.
1503 ** If we are running SMTP, we just need to clean up.
1504 */
1505
1506 /* XXX this seems a bit wierd */
1507 if (ctladdr == NULL && m != ProgMailer && m != FileMailer &&
1508 bitset(QGOODUID, e->e_from.q_flags))
1509 ctladdr = &e->e_from;
1510
1511 #if NAMED_BIND
1512 if (ConfigLevel < 2)
1513 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
1514 #endif /* NAMED_BIND */
1515
1516 if (tTd(11, 1))
1517 {
1518 dprintf("openmailer:");
1519 printav(pv);
1520 }
1521 errno = 0;
1522 #if NAMED_BIND
1523 SM_SET_H_ERRNO(0);
1524 #endif /* NAMED_BIND */
1525
1526 CurHostName = NULL;
1527
1528 /*
1529 ** Deal with the special case of mail handled through an IPC
1530 ** connection.
1531 ** In this case we don't actually fork. We must be
1532 ** running SMTP for this to work. We will return a
1533 ** zero pid to indicate that we are running IPC.
1534 ** We also handle a debug version that just talks to stdin/out.
1535 */
1536
1537 curhost = NULL;
1538 SmtpPhase = NULL;
1539 mci = NULL;
1540
1541 #if XDEBUG
1542 {
1543 char wbuf[MAXLINE];
1544
1545 /* make absolutely certain 0, 1, and 2 are in use */
1546 snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)",
1547 shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
1548 checkfd012(wbuf);
1549 }
1550 #endif /* XDEBUG */
1551
1552 /* check for 8-bit available */
1553 if (bitset(EF_HAS8BIT, e->e_flags) &&
1554 bitnset(M_7BITS, m->m_flags) &&
1555 (bitset(EF_DONT_MIME, e->e_flags) ||
1556 !(bitset(MM_MIME8BIT, MimeMode) ||
1557 (bitset(EF_IS_MIME, e->e_flags) &&
1558 bitset(MM_CVTMIME, MimeMode)))))
1559 {
1560 e->e_status = "5.6.3";
1561 usrerrenh(e->e_status,
1562 "554 Cannot send 8-bit data to 7-bit destination");
1563 rcode = EX_DATAERR;
1564 goto give_up;
1565 }
1566
1567 if (tTd(62, 8))
1568 checkfds("before delivery");
1569
1570 /* check for Local Person Communication -- not for mortals!!! */
1571 if (strcmp(m->m_mailer, "[LPC]") == 0)
1572 {
1573 mci = (MCI *) xalloc(sizeof *mci);
1574 memset((char *) mci, '\0', sizeof *mci);
1575 mci->mci_in = stdin;
1576 mci->mci_out = stdout;
1577 mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN;
1578 mci->mci_mailer = m;
1579 }
1580 else if (strcmp(m->m_mailer, "[IPC]") == 0 ||
1581 strcmp(m->m_mailer, "[TCP]") == 0)
1582 {
1583 #if DAEMON
1584 register int i;
1585
1586 if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0')
1587 {
1588 syserr("null destination for %s mailer", m->m_mailer);
1589 rcode = EX_CONFIG;
1590 goto give_up;
1591 }
1592
1593 # if NETUNIX
1594 if (strcmp(pv[0], "FILE") == 0)
1595 {
1596 curhost = CurHostName = "localhost";
1597 mux_path = pv[1];
1598 }
1599 else
1600 # endif /* NETUNIX */
1601 {
1602 CurHostName = pv[1];
1603 curhost = hostsignature(m, pv[1]);
1604 }
1605
1606 if (curhost == NULL || curhost[0] == '\0')
1607 {
1608 syserr("null host signature for %s", pv[1]);
1609 rcode = EX_CONFIG;
1610 goto give_up;
1611 }
1612
1613 if (!clever)
1614 {
1615 syserr("554 5.3.5 non-clever IPC");
1616 rcode = EX_CONFIG;
1617 goto give_up;
1618 }
1619 if (pv[2] != NULL
1620 # if NETUNIX
1621 && mux_path == NULL
1622 # endif /* NETUNIX */
1623 )
1624 {
1625 port = htons((u_short)atoi(pv[2]));
1626 if (port == 0)
1627 {
1628 # ifdef NO_GETSERVBYNAME
1629 syserr("Invalid port number: %s", pv[2]);
1630 # else /* NO_GETSERVBYNAME */
1631 struct servent *sp = getservbyname(pv[2], "tcp");
1632
1633 if (sp == NULL)
1634 syserr("Service %s unknown", pv[2]);
1635 else
1636 port = sp->s_port;
1637 # endif /* NO_GETSERVBYNAME */
1638 }
1639 }
1640
1641 nummxhosts = parse_hostsignature(curhost, mxhosts, m);
1642 tryhost:
1643 while (hostnum < nummxhosts)
1644 {
1645 char sep = ':';
1646 char *endp;
1647 static char hostbuf[MAXNAME + 1];
1648
1649 # if NETINET6
1650 if (*mxhosts[hostnum] == '[')
1651 {
1652 endp = strchr(mxhosts[hostnum] + 1, ']');
1653 if (endp != NULL)
1654 endp = strpbrk(endp + 1, ":,");
1655 }
1656 else
1657 endp = strpbrk(mxhosts[hostnum], ":,");
1658 # else /* NETINET6 */
1659 endp = strpbrk(mxhosts[hostnum], ":,");
1660 # endif /* NETINET6 */
1661 if (endp != NULL)
1662 {
1663 sep = *endp;
1664 *endp = '\0';
1665 }
1666
1667 if (*mxhosts[hostnum] == '\0')
1668 {
1669 syserr("deliver: null host name in signature");
1670 hostnum++;
1671 if (endp != NULL)
1672 *endp = sep;
1673 continue;
1674 }
1675 (void) strlcpy(hostbuf, mxhosts[hostnum],
1676 sizeof hostbuf);
1677 hostnum++;
1678 if (endp != NULL)
1679 *endp = sep;
1680
1681 /* see if we already know that this host is fried */
1682 CurHostName = hostbuf;
1683 mci = mci_get(hostbuf, m);
1684 if (mci->mci_state != MCIS_CLOSED)
1685 {
1686 if (tTd(11, 1))
1687 {
1688 dprintf("openmailer: ");
1689 mci_dump(mci, FALSE);
1690 }
1691 CurHostName = mci->mci_host;
1692 message("Using cached %sSMTP connection to %s via %s...",
1693 bitset(MCIF_ESMTP, mci->mci_flags) ? "E" : "",
1694 hostbuf, m->m_name);
1695 mci->mci_deliveries++;
1696 break;
1697 }
1698 mci->mci_mailer = m;
1699 if (mci->mci_exitstat != EX_OK)
1700 {
1701 if (mci->mci_exitstat == EX_TEMPFAIL)
1702 goodmxfound = TRUE;
1703 continue;
1704 }
1705
1706 if (mci_lock_host(mci) != EX_OK)
1707 {
1708 mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
1709 goodmxfound = TRUE;
1710 continue;
1711 }
1712
1713 /* try the connection */
1714 sm_setproctitle(TRUE, e, "%s %s: %s",
1715 qid_printname(e),
1716 hostbuf, "user open");
1717 # if NETUNIX
1718 if (mux_path != NULL)
1719 {
1720 message("Connecting to %s via %s...",
1721 mux_path, m->m_name);
1722 i = makeconnection_ds(mux_path, mci);
1723 }
1724 else
1725 # endif /* NETUNIX */
1726 {
1727 if (port == 0)
1728 message("Connecting to %s via %s...",
1729 hostbuf, m->m_name);
1730 else
1731 message("Connecting to %s port %d via %s...",
1732 hostbuf, ntohs(port),
1733 m->m_name);
1734 i = makeconnection(hostbuf, port, mci, e);
1735 }
1736 mci->mci_errno = errno;
1737 mci->mci_lastuse = curtime();
1738 mci->mci_deliveries = 0;
1739 mci->mci_exitstat = i;
1740 # if NAMED_BIND
1741 mci->mci_herrno = h_errno;
1742 # endif /* NAMED_BIND */
1743 if (i == EX_OK)
1744 {
1745 goodmxfound = TRUE;
1746 mci->mci_state = MCIS_OPENING;
1747 mci_cache(mci);
1748 if (TrafficLogFile != NULL)
1749 fprintf(TrafficLogFile, "%05d === CONNECT %s\n",
1750 (int) getpid(), hostbuf);
1751 break;
1752 }
1753 else
1754 {
1755 if (tTd(11, 1))
1756 dprintf("openmailer: makeconnection => stat=%d, errno=%d\n",
1757 i, errno);
1758 if (i == EX_TEMPFAIL)
1759 goodmxfound = TRUE;
1760 mci_unlock_host(mci);
1761 }
1762
1763 /* enter status of this host */
1764 setstat(i);
1765
1766 /* should print some message here for -v mode */
1767 }
1768 if (mci == NULL)
1769 {
1770 syserr("deliver: no host name");
1771 rcode = EX_SOFTWARE;
1772 goto give_up;
1773 }
1774 mci->mci_pid = 0;
1775 #else /* DAEMON */
1776 syserr("554 5.3.5 openmailer: no IPC");
1777 if (tTd(11, 1))
1778 dprintf("openmailer: NULL\n");
1779 rcode = EX_UNAVAILABLE;
1780 goto give_up;
1781 #endif /* DAEMON */
1782 }
1783 else
1784 {
1785 /* flush any expired connections */
1786 (void) mci_scan(NULL);
1787 mci = NULL;
1788
1789 #if SMTP
1790 if (bitnset(M_LMTP, m->m_flags))
1791 {
1792 /* try to get a cached connection */
1793 mci = mci_get(m->m_name, m);
1794 if (mci->mci_host == NULL)
1795 mci->mci_host = m->m_name;
1796 CurHostName = mci->mci_host;
1797 if (mci->mci_state != MCIS_CLOSED)
1798 {
1799 message("Using cached LMTP connection for %s...",
1800 m->m_name);
1801 mci->mci_deliveries++;
1802 goto do_transfer;
1803 }
1804 }
1805 #endif /* SMTP */
1806
1807 /* announce the connection to verbose listeners */
1808 if (host == NULL || host[0] == '\0')
1809 message("Connecting to %s...", m->m_name);
1810 else
1811 message("Connecting to %s via %s...", host, m->m_name);
1812 if (TrafficLogFile != NULL)
1813 {
1814 char **av;
1815
1816 fprintf(TrafficLogFile, "%05d === EXEC", (int) getpid());
1817 for (av = pv; *av != NULL; av++)
1818 fprintf(TrafficLogFile, " %s", *av);
1819 fprintf(TrafficLogFile, "\n");
1820 }
1821
1822 #if XDEBUG
1823 checkfd012("before creating mail pipe");
1824 #endif /* XDEBUG */
1825
1826 /* create a pipe to shove the mail through */
1827 if (pipe(mpvect) < 0)
1828 {
1829 syserr("%s... openmailer(%s): pipe (to mailer)",
1830 shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
1831 if (tTd(11, 1))
1832 dprintf("openmailer: NULL\n");
1833 rcode = EX_OSERR;
1834 goto give_up;
1835 }
1836
1837 #if XDEBUG
1838 /* make sure we didn't get one of the standard I/O files */
1839 if (mpvect[0] < 3 || mpvect[1] < 3)
1840 {
1841 syserr("%s... openmailer(%s): bogus mpvect %d %d",
1842 shortenstring(e->e_to, MAXSHORTSTR), m->m_name,
1843 mpvect[0], mpvect[1]);
1844 printopenfds(TRUE);
1845 if (tTd(11, 1))
1846 dprintf("openmailer: NULL\n");
1847 rcode = EX_OSERR;
1848 goto give_up;
1849 }
1850
1851 /* make sure system call isn't dead meat */
1852 checkfdopen(mpvect[0], "mpvect[0]");
1853 checkfdopen(mpvect[1], "mpvect[1]");
1854 if (mpvect[0] == mpvect[1] ||
1855 (e->e_lockfp != NULL &&
1856 (mpvect[0] == fileno(e->e_lockfp) ||
1857 mpvect[1] == fileno(e->e_lockfp))))
1858 {
1859 if (e->e_lockfp == NULL)
1860 syserr("%s... openmailer(%s): overlapping mpvect %d %d",
1861 shortenstring(e->e_to, MAXSHORTSTR),
1862 m->m_name, mpvect[0], mpvect[1]);
1863 else
1864 syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d",
1865 shortenstring(e->e_to, MAXSHORTSTR),
1866 m->m_name, mpvect[0], mpvect[1],
1867 fileno(e->e_lockfp));
1868 }
1869 #endif /* XDEBUG */
1870
1871 /* create a return pipe */
1872 if (pipe(rpvect) < 0)
1873 {
1874 syserr("%s... openmailer(%s): pipe (from mailer)",
1875 shortenstring(e->e_to, MAXSHORTSTR),
1876 m->m_name);
1877 (void) close(mpvect[0]);
1878 (void) close(mpvect[1]);
1879 if (tTd(11, 1))
1880 dprintf("openmailer: NULL\n");
1881 rcode = EX_OSERR;
1882 goto give_up;
1883 }
1884 #if XDEBUG
1885 checkfdopen(rpvect[0], "rpvect[0]");
1886 checkfdopen(rpvect[1], "rpvect[1]");
1887 #endif /* XDEBUG */
1888
1889 /*
1890 ** Actually fork the mailer process.
1891 ** DOFORK is clever about retrying.
1892 **
1893 ** Dispose of SIGCHLD signal catchers that may be laying
1894 ** around so that endmailer will get it.
1895 */
1896
1897 if (e->e_xfp != NULL)
1898 (void) fflush(e->e_xfp); /* for debugging */
1899 (void) fflush(stdout);
1900 (void) setsignal(SIGCHLD, SIG_DFL);
1901
1902
1903 DOFORK(FORK);
1904 /* pid is set by DOFORK */
1905
1906 if (pid < 0)
1907 {
1908 /* failure */
1909 syserr("%s... openmailer(%s): cannot fork",
1910 shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
1911 (void) close(mpvect[0]);
1912 (void) close(mpvect[1]);
1913 (void) close(rpvect[0]);
1914 (void) close(rpvect[1]);
1915 if (tTd(11, 1))
1916 dprintf("openmailer: NULL\n");
1917 rcode = EX_OSERR;
1918 goto give_up;
1919 }
1920 else if (pid == 0)
1921 {
1922 int i;
1923 int save_errno;
1924 int new_euid = NO_UID;
1925 int new_ruid = NO_UID;
1926 int new_gid = NO_GID;
1927 struct stat stb;
1928 extern int DtableSize;
1929
1930 /* clear the events to turn off SIGALRMs */
1931 clear_events();
1932
1933 /* Reset global flags */
1934 RestartRequest = NULL;
1935 ShutdownRequest = NULL;
1936 PendingSignal = 0;
1937
1938 if (e->e_lockfp != NULL)
1939 (void) close(fileno(e->e_lockfp));
1940
1941 /* child -- set up input & exec mailer */
1942 (void) setsignal(SIGALRM, sm_signal_noop);
1943 (void) setsignal(SIGCHLD, SIG_DFL);
1944 (void) setsignal(SIGHUP, SIG_IGN);
1945 (void) setsignal(SIGINT, SIG_IGN);
1946 (void) setsignal(SIGTERM, SIG_DFL);
1947 # ifdef SIGUSR1
1948 (void) setsignal(SIGUSR1, sm_signal_noop);
1949 # endif /* SIGUSR1 */
1950
1951 if (m != FileMailer || stat(tochain->q_user, &stb) < 0)
1952 stb.st_mode = 0;
1953
1954 # if HASSETUSERCONTEXT
1955 /*
1956 ** Set user resources.
1957 */
1958
1959 if (contextaddr != NULL)
1960 {
1961 struct passwd *pwd;
1962
1963 if (contextaddr->q_ruser != NULL)
1964 pwd = sm_getpwnam(contextaddr->q_ruser);
1965 else
1966 pwd = sm_getpwnam(contextaddr->q_user);
1967 if (pwd != NULL)
1968 (void) setusercontext(NULL,
1969 pwd, pwd->pw_uid,
1970 LOGIN_SETRESOURCES|LOGIN_SETPRIORITY);
1971 }
1972 # endif /* HASSETUSERCONTEXT */
1973
1974 /* tweak niceness */
1975 if (m->m_nice != 0)
1976 (void) nice(m->m_nice);
1977
1978 /* reset group id */
1979 if (bitnset(M_SPECIFIC_UID, m->m_flags))
1980 new_gid = m->m_gid;
1981 else if (bitset(S_ISGID, stb.st_mode))
1982 new_gid = stb.st_gid;
1983 else if (ctladdr != NULL && ctladdr->q_gid != 0)
1984 {
1985 if (!DontInitGroups)
1986 {
1987 char *u = ctladdr->q_ruser;
1988
1989 if (u == NULL)
1990 u = ctladdr->q_user;
1991
1992 if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn)
1993 {
1994 syserr("openmailer: initgroups(%s, %d) failed",
1995 u, ctladdr->q_gid);
1996 exit(EX_TEMPFAIL);
1997 }
1998 }
1999 else
2000 {
2001 GIDSET_T gidset[1];
2002
2003 gidset[0] = ctladdr->q_gid;
2004 if (setgroups(1, gidset) == -1 && suidwarn)
2005 {
2006 syserr("openmailer: setgroups() failed");
2007 exit(EX_TEMPFAIL);
2008 }
2009 }
2010 new_gid = ctladdr->q_gid;
2011 }
2012 else
2013 {
2014 if (!DontInitGroups)
2015 {
2016 if (initgroups(DefUser, DefGid) == -1 && suidwarn)
2017 {
2018 syserr("openmailer: initgroups(%s, %d) failed",
2019 DefUser, DefGid);
2020 exit(EX_TEMPFAIL);
2021 }
2022 }
2023 else
2024 {
2025 GIDSET_T gidset[1];
2026
2027 gidset[0] = DefGid;
2028 if (setgroups(1, gidset) == -1 && suidwarn)
2029 {
2030 syserr("openmailer: setgroups() failed");
2031 exit(EX_TEMPFAIL);
2032 }
2033 }
2034 if (m->m_gid == 0)
2035 new_gid = DefGid;
2036 else
2037 new_gid = m->m_gid;
2038 }
2039 if (new_gid != NO_GID)
2040 {
2041 if (RunAsUid != 0 &&
2042 bitnset(M_SPECIFIC_UID, m->m_flags) &&
2043 new_gid != getgid() &&
2044 new_gid != getegid())
2045 {
2046 /* Only root can change the gid */
2047 syserr("openmailer: insufficient privileges to change gid");
2048 exit(EX_TEMPFAIL);
2049 }
2050
2051 if (setgid(new_gid) < 0 && suidwarn)
2052 {
2053 syserr("openmailer: setgid(%ld) failed",
2054 (long) new_gid);
2055 exit(EX_TEMPFAIL);
2056 }
2057 }
2058
2059 /* change root to some "safe" directory */
2060 if (m->m_rootdir != NULL)
2061 {
2062 expand(m->m_rootdir, buf, sizeof buf, e);
2063 if (tTd(11, 20))
2064 dprintf("openmailer: chroot %s\n",
2065 buf);
2066 if (chroot(buf) < 0)
2067 {
2068 syserr("openmailer: Cannot chroot(%s)",
2069 buf);
2070 exit(EX_TEMPFAIL);
2071 }
2072 if (chdir("/") < 0)
2073 {
2074 syserr("openmailer: cannot chdir(/)");
2075 exit(EX_TEMPFAIL);
2076 }
2077 }
2078
2079 /* reset user id */
2080 endpwent();
2081 if (bitnset(M_SPECIFIC_UID, m->m_flags))
2082 {
2083 new_euid = m->m_uid;
2084
2085 /*
2086 ** Undo the effects of the uid change in main
2087 ** for signal handling. The real uid may
2088 ** be used by mailer in adding a "From "
2089 ** line.
2090 */
2091
2092 if (RealUid != 0 && RealUid != getuid())
2093 new_ruid = RealUid;
2094 }
2095 else if (bitset(S_ISUID, stb.st_mode))
2096 new_ruid = stb.st_uid;
2097 else if (ctladdr != NULL && ctladdr->q_uid != 0)
2098 new_ruid = ctladdr->q_uid;
2099 else if (m->m_uid != 0)
2100 new_ruid = m->m_uid;
2101 else
2102 new_ruid = DefUid;
2103 if (new_euid != NO_UID)
2104 {
2105 if (RunAsUid != 0 && new_euid != RunAsUid)
2106 {
2107 /* Only root can change the uid */
2108 syserr("openmailer: insufficient privileges to change uid");
2109 exit(EX_TEMPFAIL);
2110 }
2111
2112 vendor_set_uid(new_euid);
2113 # if MAILER_SETUID_METHOD == USE_SETEUID
2114 # if HASSETREUID
2115 /*
2116 ** Undo the effects of the uid change in main
2117 ** for signal handling. The real uid may
2118 ** be used by mailer in adding a "From "
2119 ** line.
2120 */
2121
2122 if (new_ruid != NO_UID &&
2123 setreuid(RealUid, geteuid()) < 0)
2124 {
2125 syserr("openmailer: setreuid(%d, %d) failed",
2126 (int) new_ruid, (int) geteuid());
2127 exit(EX_OSERR);
2128 }
2129 # endif /* HASSETREUID */
2130 if (seteuid(new_euid) < 0 && suidwarn)
2131 {
2132 syserr("openmailer: seteuid(%ld) failed",
2133 (long) new_euid);
2134 exit(EX_TEMPFAIL);
2135 }
2136 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
2137 # if MAILER_SETUID_METHOD == USE_SETREUID
2138 if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
2139 {
2140 syserr("openmailer: setreuid(%ld, %ld) failed",
2141 (long) new_ruid, (long) new_euid);
2142 exit(EX_TEMPFAIL);
2143 }
2144 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
2145 # if MAILER_SETUID_METHOD == USE_SETUID
2146 if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
2147 {
2148 syserr("openmailer: setuid(%ld) failed",
2149 (long) new_euid);
2150 exit(EX_TEMPFAIL);
2151 }
2152 # endif /* MAILER_SETUID_METHOD == USE_SETUID */
2153 }
2154 else if (new_ruid != NO_UID)
2155 {
2156 vendor_set_uid(new_ruid);
2157 if (setuid(new_ruid) < 0 && suidwarn)
2158 {
2159 syserr("openmailer: setuid(%ld) failed",
2160 (long) new_ruid);
2161 exit(EX_TEMPFAIL);
2162 }
2163 }
2164
2165 if (tTd(11, 2))
2166 dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n",
2167 (int) getuid(), (int) geteuid(),
2168 (int) getgid(), (int) getegid());
2169
2170 /* move into some "safe" directory */
2171 if (m->m_execdir != NULL)
2172 {
2173 char *q;
2174
2175 for (p = m->m_execdir; p != NULL; p = q)
2176 {
2177 q = strchr(p, ':');
2178 if (q != NULL)
2179 *q = '\0';
2180 expand(p, buf, sizeof buf, e);
2181 if (q != NULL)
2182 *q++ = ':';
2183 if (tTd(11, 20))
2184 dprintf("openmailer: trydir %s\n",
2185 buf);
2186 if (buf[0] != '\0' && chdir(buf) >= 0)
2187 break;
2188 }
2189 }
2190
2191 /* arrange to filter std & diag output of command */
2192 (void) close(rpvect[0]);
2193 if (dup2(rpvect[1], STDOUT_FILENO) < 0)
2194 {
2195 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
2196 shortenstring(e->e_to, MAXSHORTSTR),
2197 m->m_name, rpvect[1]);
2198 _exit(EX_OSERR);
2199 }
2200 (void) close(rpvect[1]);
2201
2202 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
2203 {
2204 syserr("%s... openmailer(%s): cannot dup stdout for stderr",
2205 shortenstring(e->e_to, MAXSHORTSTR),
2206 m->m_name);
2207 _exit(EX_OSERR);
2208 }
2209
2210 /* arrange to get standard input */
2211 (void) close(mpvect[1]);
2212 if (dup2(mpvect[0], STDIN_FILENO) < 0)
2213 {
2214 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
2215 shortenstring(e->e_to, MAXSHORTSTR),
2216 m->m_name, mpvect[0]);
2217 _exit(EX_OSERR);
2218 }
2219 (void) close(mpvect[0]);
2220
2221 /* arrange for all the files to be closed */
2222 for (i = 3; i < DtableSize; i++)
2223 {
2224 register int j;
2225
2226 if ((j = fcntl(i, F_GETFD, 0)) != -1)
2227 (void) fcntl(i, F_SETFD,
2228 j | FD_CLOEXEC);
2229 }
2230
2231 /* run disconnected from terminal */
2232 (void) setsid();
2233
2234 /* try to execute the mailer */
2235 (void) execve(m->m_mailer, (ARGV_T) pv,
2236 (ARGV_T) UserEnviron);
2237 save_errno = errno;
2238 syserr("Cannot exec %s", m->m_mailer);
2239 if (bitnset(M_LOCALMAILER, m->m_flags) ||
2240 transienterror(save_errno))
2241 _exit(EX_OSERR);
2242 _exit(EX_UNAVAILABLE);
2243 }
2244
2245 /*
2246 ** Set up return value.
2247 */
2248
2249 if (mci == NULL)
2250 {
2251 mci = (MCI *) xalloc(sizeof *mci);
2252 memset((char *) mci, '\0', sizeof *mci);
2253 }
2254 mci->mci_mailer = m;
2255 if (clever)
2256 {
2257 mci->mci_state = MCIS_OPENING;
2258 mci_cache(mci);
2259 }
2260 else
2261 {
2262 mci->mci_state = MCIS_OPEN;
2263 }
2264 mci->mci_pid = pid;
2265 (void) close(mpvect[0]);
2266 mci->mci_out = fdopen(mpvect[1], "w");
2267 if (mci->mci_out == NULL)
2268 {
2269 syserr("deliver: cannot create mailer output channel, fd=%d",
2270 mpvect[1]);
2271 (void) close(mpvect[1]);
2272 (void) close(rpvect[0]);
2273 (void) close(rpvect[1]);
2274 rcode = EX_OSERR;
2275 goto give_up;
2276 }
2277
2278 (void) close(rpvect[1]);
2279 mci->mci_in = fdopen(rpvect[0], "r");
2280 if (mci->mci_in == NULL)
2281 {
2282 syserr("deliver: cannot create mailer input channel, fd=%d",
2283 mpvect[1]);
2284 (void) close(rpvect[0]);
2285 (void) fclose(mci->mci_out);
2286 mci->mci_out = NULL;
2287 rcode = EX_OSERR;
2288 goto give_up;
2289 }
2290
2291 /* Don't cache non-clever connections */
2292 if (!clever)
2293 mci->mci_flags |= MCIF_TEMP;
2294 }
2295
2296 /*
2297 ** If we are in SMTP opening state, send initial protocol.
2298 */
2299
2300 if (bitnset(M_7BITS, m->m_flags) &&
2301 (!clever || mci->mci_state == MCIS_OPENING))
2302 mci->mci_flags |= MCIF_7BIT;
2303 #if SMTP
2304 if (clever && mci->mci_state != MCIS_CLOSED)
2305 {
2306 # if SASL && SFIO
2307 # define DONE_AUTH(f) bitset(MCIF_AUTHACT, f)
2308 # endif /* SASL && SFIO */
2309 # if STARTTLS
2310 # define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f)
2311 # endif /* STARTTLS */
2312 # define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f)
2313 # define SET_HELO(f) f |= MCIF_ONLY_EHLO
2314 # define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO
2315
2316
2317 # if STARTTLS || (SASL && SFIO)
2318 reconnect: /* after switching to an authenticated connection */
2319 # endif /* STARTTLS || (SASL && SFIO) */
2320
2321 # if SASL
2322 mci->mci_saslcap = NULL;
2323 # endif /* SASL */
2324 smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags));
2325 CLR_HELO(mci->mci_flags);
2326
2327 # if STARTTLS
2328 /* first TLS then AUTH to provide a security layer */
2329 if (mci->mci_state != MCIS_CLOSED &&
2330 !DONE_STARTTLS(mci->mci_flags))
2331 {
2332 int olderrors;
2333 int dotpos;
2334 bool usetls;
2335 bool saveQuickAbort = QuickAbort;
2336 bool saveSuprErrs = SuprErrs;
2337 char *host = NULL;
2338 # if _FFR_TLS_CLT1
2339 char *p;
2340 # endif /* _FFR_TLS_CLT1 */
2341 char *srvname;
2342 extern SOCKADDR CurHostAddr;
2343
2344 rcode = EX_OK;
2345 usetls = bitset(MCIF_TLS, mci->mci_flags);
2346 # if _FFR_TLS_CLT1
2347 if (usetls &&
2348 (p = macvalue(macid("{client_flags}", NULL), e))
2349 != NULL)
2350 {
2351 for (; *p != '\0'; p++)
2352 {
2353 /* look for just this one flag */
2354 if (*p == D_CLTNOTLS)
2355 {
2356 usetls = FALSE;
2357 break;
2358 }
2359 }
2360 }
2361 # endif /* _FFR_TLS_CLT1 */
2362
2363 if (mci->mci_host != NULL)
2364 {
2365 srvname = mci->mci_host;
2366 dotpos = strlen(srvname) - 1;
2367 if (dotpos >= 0)
2368 {
2369 if (srvname[dotpos] == '.')
2370 srvname[dotpos] = '\0';
2371 else
2372 dotpos = -1;
2373 }
2374 }
2375 else
2376 {
2377 srvname = "";
2378 dotpos = -1;
2379 }
2380 define(macid("{server_name}", NULL),
2381 newstr(srvname), e);
2382 if (CurHostAddr.sa.sa_family != 0)
2383 define(macid("{server_addr}", NULL),
2384 newstr(anynet_ntoa(&CurHostAddr)), e);
2385 else
2386 define(macid("{server_addr}", NULL), NULL, e);
2387 if (usetls)
2388 {
2389 host = macvalue(macid("{server_name}", NULL),
2390 e);
2391 # if _FFR_TLS_O_T
2392 olderrors = Errors;
2393 QuickAbort = FALSE;
2394 SuprErrs = TRUE;
2395 if (rscheck("try_tls", srvname, NULL,
2396 e, TRUE, FALSE, 8, host) != EX_OK
2397 || Errors > olderrors)
2398 usetls = FALSE;
2399 SuprErrs = saveSuprErrs;
2400 QuickAbort = saveQuickAbort;
2401 # endif /* _FFR_TLS_O_T */
2402 }
2403
2404 /* undo change of srvname */
2405 if (dotpos >= 0)
2406 srvname[dotpos] = '.';
2407 if (usetls)
2408 {
2409 if ((rcode = starttls(m, mci, e)) == EX_OK)
2410 {
2411 /* start again without STARTTLS */
2412 mci->mci_flags |= MCIF_TLSACT;
2413 }
2414 else
2415 {
2416 char *s;
2417
2418 /*
2419 ** TLS negotation failed, what to do?
2420 ** fall back to unencrypted connection
2421 ** or abort? How to decide?
2422 ** set a macro and call a ruleset.
2423 */
2424 mci->mci_flags &= ~MCIF_TLS;
2425 switch (rcode)
2426 {
2427 case EX_TEMPFAIL:
2428 s = "TEMP";
2429 break;
2430 case EX_USAGE:
2431 s = "USAGE";
2432 break;
2433 case EX_PROTOCOL:
2434 s = "PROTOCOL";
2435 break;
2436 case EX_SOFTWARE:
2437 s = "SOFTWARE";
2438 break;
2439
2440 /* everything else is a failure */
2441 default:
2442 s = "FAILURE";
2443 rcode = EX_TEMPFAIL;
2444 }
2445 define(macid("{verify}", NULL),
2446 newstr(s), e);
2447 }
2448 }
2449 else if (mci->mci_ssl != NULL)
2450 {
2451 /* active TLS connection, use that data */
2452 (void) tls_get_info(mci->mci_ssl, e, FALSE,
2453 mci->mci_host, FALSE);
2454 }
2455 else
2456 define(macid("{verify}", NULL), "NONE", e);
2457 olderrors = Errors;
2458 QuickAbort = FALSE;
2459 SuprErrs = TRUE;
2460
2461 /*
2462 ** rcode == EX_SOFTWARE is special:
2463 ** the TLS negotation failed
2464 ** we have to drop the connection no matter what
2465 ** However, we call tls_server to give it the chance
2466 ** to log the problem and return an appropriate
2467 ** error code.
2468 */
2469 if (rscheck("tls_server",
2470 macvalue(macid("{verify}", NULL), e),
2471 NULL, e, TRUE, TRUE, 6, host) != EX_OK ||
2472 Errors > olderrors ||
2473 rcode == EX_SOFTWARE)
2474 {
2475 char enhsc[ENHSCLEN];
2476 extern char MsgBuf[];
2477
2478 if (ISSMTPCODE(MsgBuf) &&
2479 extenhsc(MsgBuf + 4, ' ', enhsc) > 0)
2480 {
2481 p = newstr(MsgBuf);
2482 }
2483 else
2484 {
2485 p = "403 4.7.0 server not authenticated.";
2486 (void) strlcpy(enhsc, "4.7.0",
2487 sizeof enhsc);
2488 }
2489 SuprErrs = saveSuprErrs;
2490 QuickAbort = saveQuickAbort;
2491
2492 if (rcode == EX_SOFTWARE)
2493 {
2494 /* drop the connection */
2495 mci->mci_state = MCIS_QUITING;
2496 if (mci->mci_in != NULL)
2497 {
2498 (void) fclose(mci->mci_in);
2499 mci->mci_in = NULL;
2500 }
2501 mci->mci_flags &= ~MCIF_TLSACT;
2502 (void) endmailer(mci, e, pv);
2503 }
2504 else
2505 {
2506 /* abort transfer */
2507 smtpquit(m, mci, e);
2508 }
2509
2510 /* avoid bogus error msg */
2511 mci->mci_errno = 0;
2512
2513 /* temp or permanent failure? */
2514 rcode = (*p == '4') ? EX_TEMPFAIL
2515 : EX_UNAVAILABLE;
2516 mci_setstat(mci, rcode, newstr(enhsc), p);
2517
2518 /*
2519 ** hack to get the error message into
2520 ** the envelope (done in giveresponse())
2521 */
2522 (void) strlcpy(SmtpError, p, sizeof SmtpError);
2523 }
2524 QuickAbort = saveQuickAbort;
2525 SuprErrs = saveSuprErrs;
2526 if (DONE_STARTTLS(mci->mci_flags) &&
2527 mci->mci_state != MCIS_CLOSED)
2528 {
2529 SET_HELO(mci->mci_flags);
2530 mci->mci_flags &= ~MCIF_EXTENS;
2531 goto reconnect;
2532 }
2533 }
2534 else if (mci->mci_ssl != NULL)
2535 {
2536 /* active TLS connection, use that data */
2537 (void) tls_get_info(mci->mci_ssl, e, FALSE,
2538 mci->mci_host, FALSE);
2539 }
2540 # endif /* STARTTLS */
2541 # if SASL
2542 /* if other server supports authentication let's authenticate */
2543 if (mci->mci_state != MCIS_CLOSED &&
2544 mci->mci_saslcap != NULL &&
2545 # if SFIO
2546 !DONE_AUTH(mci->mci_flags) &&
2547 # endif /* SFIO */
2548 SASLInfo != NULL)
2549 {
2550 /*
2551 ** should we require some minimum authentication?
2552 ** XXX ignore result?
2553 */
2554 if (smtpauth(m, mci, e) == EX_OK)
2555 {
2556 # if SFIO
2557 int result;
2558 sasl_ssf_t *ssf;
2559
2560 /* get security strength (features) */
2561 result = sasl_getprop(mci->mci_conn, SASL_SSF,
2562 (void **) &ssf);
2563 if (LogLevel > 9)
2564 sm_syslog(LOG_INFO, NOQID,
2565 "SASL: outgoing connection to %.64s: mech=%.16s, bits=%d",
2566 mci->mci_host,
2567 macvalue(macid("{auth_type}",
2568 NULL), e),
2569 result == SASL_OK ? *ssf
2570 : 0);
2571
2572 /*
2573 ** only switch to encrypted connection
2574 ** if a security layer has been negotiated
2575 */
2576 if (result == SASL_OK && *ssf > 0)
2577 {
2578 /*
2579 ** convert sfio stuff to use SASL
2580 ** check return values
2581 ** if the call fails,
2582 ** fall back to unencrypted version
2583 ** unless some cf option requires
2584 ** encryption then the connection must
2585 ** be aborted
2586 */
2587 if (sfdcsasl(mci->mci_in, mci->mci_out,
2588 mci->mci_conn) == 0)
2589 {
2590 SET_HELO(mci->mci_flags);
2591 mci->mci_flags &= ~MCIF_EXTENS;
2592 mci->mci_flags |= MCIF_AUTHACT;
2593 goto reconnect;
2594 }
2595 syserr("SASL TLS switch failed in client");
2596 }
2597 /* else? XXX */
2598 # endif /* SFIO */
2599 mci->mci_flags |= MCIF_AUTHACT;
2600
2601 }
2602 }
2603 # endif /* SASL */
2604 }
2605
2606 #endif /* SMTP */
2607
2608 do_transfer:
2609 /* clear out per-message flags from connection structure */
2610 mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
2611
2612 if (bitset(EF_HAS8BIT, e->e_flags) &&
2613 !bitset(EF_DONT_MIME, e->e_flags) &&
2614 bitnset(M_7BITS, m->m_flags))
2615 mci->mci_flags |= MCIF_CVT8TO7;
2616
2617 #if MIME7TO8
2618 if (bitnset(M_MAKE8BIT, m->m_flags) &&
2619 !bitset(MCIF_7BIT, mci->mci_flags) &&
2620 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL &&
2621 (strcasecmp(p, "quoted-printable") == 0 ||
2622 strcasecmp(p, "base64") == 0) &&
2623 (p = hvalue("Content-Type", e->e_header)) != NULL)
2624 {
2625 /* may want to convert 7 -> 8 */
2626 /* XXX should really parse it here -- and use a class XXX */
2627 if (strncasecmp(p, "text/plain", 10) == 0 &&
2628 (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
2629 mci->mci_flags |= MCIF_CVT7TO8;
2630 }
2631 #endif /* MIME7TO8 */
2632
2633 if (tTd(11, 1))
2634 {
2635 dprintf("openmailer: ");
2636 mci_dump(mci, FALSE);
2637 }
2638
2639 if (mci->mci_state != MCIS_OPEN)
2640 {
2641 /* couldn't open the mailer */
2642 rcode = mci->mci_exitstat;
2643 errno = mci->mci_errno;
2644 #if NAMED_BIND
2645 SM_SET_H_ERRNO(mci->mci_herrno);
2646 #endif /* NAMED_BIND */
2647 if (rcode == EX_OK)
2648 {
2649 /* shouldn't happen */
2650 syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s",
2651 (u_long) mci, rcode, errno, mci->mci_state,
2652 firstsig);
2653 mci_dump_all(TRUE);
2654 rcode = EX_SOFTWARE;
2655 }
2656 #if DAEMON
2657 else if (nummxhosts > hostnum)
2658 {
2659 /* try next MX site */
2660 goto tryhost;
2661 }
2662 #endif /* DAEMON */
2663 }
2664 else if (!clever)
2665 {
2666 /*
2667 ** Format and send message.
2668 */
2669
2670 putfromline(mci, e);
2671 (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
2672 (*e->e_putbody)(mci, e, NULL);
2673
2674 /* get the exit status */
2675 rcode = endmailer(mci, e, pv);
2676 if (rcode == EX_TEMPFAIL &&
2677 SmtpError[0] == '\0')
2678 {
2679 /*
2680 ** Need an e_message for mailq display.
2681 ** We set SmtpError as
2682 */
2683
2684 snprintf(SmtpError, sizeof SmtpError,
2685 "%s mailer (%s) exited with EX_TEMPFAIL",
2686 m->m_name, m->m_mailer);
2687 }
2688 }
2689 else
2690 #if SMTP
2691 {
2692 /*
2693 ** Send the MAIL FROM: protocol
2694 */
2695
2696 rcode = smtpmailfrom(m, mci, e);
2697 if (rcode == EX_OK)
2698 {
2699 register char *t = tobuf;
2700 register int i;
2701
2702 /* send the recipient list */
2703 tobuf[0] = '\0';
2704
2705 for (to = tochain; to != NULL; to = to->q_tchain)
2706 {
2707 e->e_to = to->q_paddr;
2708 #if !_FFR_DYNAMIC_TOBUF
2709 if (strlen(to->q_paddr) +
2710 (t - tobuf) + 2 > sizeof tobuf)
2711 {
2712 /* not enough room */
2713 continue;
2714 }
2715 #endif /* !_FFR_DYNAMIC_TOBUF */
2716
2717 # if STARTTLS
2718 # if _FFR_TLS_RCPT
2719 i = rscheck("tls_rcpt", to->q_user, NULL, e,
2720 TRUE, TRUE, 4, mci->mci_host);
2721 if (i != EX_OK)
2722 {
2723 /* avoid bogus error msg */
2724 errno = 0;
2725 markfailure(e, to, mci, i, FALSE);
2726 giveresponse(i, to->q_status, m,
2727 mci, ctladdr, xstart, e);
2728 continue;
2729 }
2730 # endif /* _FFR_TLS_RCPT */
2731 # endif /* STARTTLS */
2732
2733 if ((i = smtprcpt(to, m, mci, e)) != EX_OK)
2734 {
2735 markfailure(e, to, mci, i, FALSE);
2736 giveresponse(i, to->q_status, m,
2737 mci, ctladdr, xstart, e);
2738 }
2739 else
2740 {
2741 *t++ = ',';
2742 for (p = to->q_paddr; *p; *t++ = *p++)
2743 continue;
2744 *t = '\0';
2745 }
2746 }
2747
2748 /* now send the data */
2749 if (tobuf[0] == '\0')
2750 {
2751 rcode = EX_OK;
2752 e->e_to = NULL;
2753 if (bitset(MCIF_CACHED, mci->mci_flags))
2754 smtprset(m, mci, e);
2755 }
2756 else
2757 {
2758 e->e_to = tobuf + 1;
2759 rcode = smtpdata(m, mci, e);
2760 }
2761 }
2762 # if DAEMON
2763 if (rcode == EX_TEMPFAIL && nummxhosts > hostnum)
2764 {
2765 /* try next MX site */
2766 goto tryhost;
2767 }
2768 # endif /* DAEMON */
2769 }
2770 #else /* SMTP */
2771 {
2772 syserr("554 5.3.5 deliver: need SMTP compiled to use clever mailer");
2773 rcode = EX_CONFIG;
2774 goto give_up;
2775 }
2776 #endif /* SMTP */
2777 #if NAMED_BIND
2778 if (ConfigLevel < 2)
2779 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
2780 #endif /* NAMED_BIND */
2781
2782 if (tTd(62, 1))
2783 checkfds("after delivery");
2784
2785 /*
2786 ** Do final status disposal.
2787 ** We check for something in tobuf for the SMTP case.
2788 ** If we got a temporary failure, arrange to queue the
2789 ** addressees.
2790 */
2791
2792 give_up:
2793 #if SMTP
2794 if (bitnset(M_LMTP, m->m_flags))
2795 {
2796 lmtp_rcode = rcode;
2797 tobuf[0] = '\0';
2798 anyok = FALSE;
2799 }
2800 else
2801 #endif /* SMTP */
2802 anyok = rcode == EX_OK;
2803
2804 for (to = tochain; to != NULL; to = to->q_tchain)
2805 {
2806 /* see if address already marked */
2807 if (!QS_IS_OK(to->q_state))
2808 continue;
2809
2810 #if SMTP
2811 /* if running LMTP, get the status for each address */
2812 if (bitnset(M_LMTP, m->m_flags))
2813 {
2814 if (lmtp_rcode == EX_OK)
2815 rcode = smtpgetstat(m, mci, e);
2816 if (rcode == EX_OK)
2817 {
2818 #if _FFR_DYNAMIC_TOBUF
2819 (void) strlcat(tobuf, ",", tobufsize);
2820 (void) strlcat(tobuf, to->q_paddr, tobufsize);
2821 #else /* _FFR_DYNAMIC_TOBUF */
2822 if (strlen(to->q_paddr) +
2823 strlen(tobuf) + 2 > sizeof tobuf)
2824 {
2825 syserr("LMTP tobuf overflow");
2826 }
2827 else
2828 {
2829 (void) strlcat(tobuf, ",",
2830 sizeof tobuf);
2831 (void) strlcat(tobuf, to->q_paddr,
2832 sizeof tobuf);
2833 }
2834 #endif /* _FFR_DYNAMIC_TOBUF */
2835 anyok = TRUE;
2836 }
2837 else
2838 {
2839 e->e_to = to->q_paddr;
2840 markfailure(e, to, mci, rcode, TRUE);
2841 giveresponse(rcode, to->q_status, m, mci,
2842 ctladdr, xstart, e);
2843 e->e_to = tobuf + 1;
2844 continue;
2845 }
2846 }
2847 else
2848 #endif /* SMTP */
2849 {
2850 /* mark bad addresses */
2851 if (rcode != EX_OK)
2852 {
2853 if (goodmxfound && rcode == EX_NOHOST)
2854 rcode = EX_TEMPFAIL;
2855 markfailure(e, to, mci, rcode, TRUE);
2856 continue;
2857 }
2858 }
2859
2860 /* successful delivery */
2861 to->q_state = QS_SENT;
2862 to->q_statdate = curtime();
2863 e->e_nsent++;
2864
2865 #if QUEUE
2866 /*
2867 ** Checkpoint the send list every few addresses
2868 */
2869
2870 if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval)
2871 {
2872 queueup(e, FALSE);
2873 e->e_nsent = 0;
2874 }
2875 #endif /* QUEUE */
2876
2877 if (bitnset(M_LOCALMAILER, m->m_flags) &&
2878 bitset(QPINGONSUCCESS, to->q_flags))
2879 {
2880 to->q_flags |= QDELIVERED;
2881 to->q_status = "2.1.5";
2882 fprintf(e->e_xfp, "%s... Successfully delivered\n",
2883 to->q_paddr);
2884 }
2885 else if (bitset(QPINGONSUCCESS, to->q_flags) &&
2886 bitset(QPRIMARY, to->q_flags) &&
2887 !bitset(MCIF_DSN, mci->mci_flags))
2888 {
2889 to->q_flags |= QRELAYED;
2890 fprintf(e->e_xfp, "%s... relayed; expect no further notifications\n",
2891 to->q_paddr);
2892 }
2893 }
2894
2895 #if SMTP
2896 if (bitnset(M_LMTP, m->m_flags))
2897 {
2898 /*
2899 ** Global information applies to the last recipient only;
2900 ** clear it out to avoid bogus errors.
2901 */
2902
2903 rcode = EX_OK;
2904 e->e_statmsg = NULL;
2905
2906 /* reset the mci state for the next transaction */
2907 if (mci != NULL && mci->mci_state == MCIS_ACTIVE)
2908 mci->mci_state = MCIS_OPEN;
2909 }
2910 #endif /* SMTP */
2911
2912 if (tobuf[0] != '\0')
2913 giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e);
2914 if (anyok)
2915 markstats(e, tochain, FALSE);
2916 mci_store_persistent(mci);
2917
2918 #if SMTP
2919 /* now close the connection */
2920 if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED &&
2921 !bitset(MCIF_CACHED, mci->mci_flags))
2922 smtpquit(m, mci, e);
2923 #endif /* SMTP */
2924
2925 /*
2926 ** Restore state and return.
2927 */
2928
2929 #if XDEBUG
2930 {
2931 char wbuf[MAXLINE];
2932
2933 /* make absolutely certain 0, 1, and 2 are in use */
2934 snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)",
2935 e->e_to == NULL ? "NO-TO-LIST"
2936 : shortenstring(e->e_to, MAXSHORTSTR),
2937 m->m_name);
2938 checkfd012(wbuf);
2939 }
2940 #endif /* XDEBUG */
2941
2942 errno = 0;
2943 define('g', (char *) NULL, e);
2944 e->e_to = NULL;
2945 return rcode;
2946 }
2947
2948 �/*
2949 ** MARKFAILURE -- mark a failure on a specific address.
2950 **
2951 ** Parameters:
2952 ** e -- the envelope we are sending.
2953 ** q -- the address to mark.
2954 ** mci -- mailer connection information.
2955 ** rcode -- the code signifying the particular failure.
2956 ** ovr -- override an existing code?
2957 **
2958 ** Returns:
2959 ** none.
2960 **
2961 ** Side Effects:
2962 ** marks the address (and possibly the envelope) with the
2963 ** failure so that an error will be returned or
2964 ** the message will be queued, as appropriate.
2965 */
2966
2967 static void
2968 markfailure(e, q, mci, rcode, ovr)
2969 register ENVELOPE *e;
2970 register ADDRESS *q;
2971 register MCI *mci;
2972 int rcode;
2973 bool ovr;
2974 {
2975 char *status = NULL;
2976 char *rstatus = NULL;
2977
2978 switch (rcode)
2979 {
2980 case EX_OK:
2981 break;
2982
2983 case EX_TEMPFAIL:
2984 case EX_IOERR:
2985 case EX_OSERR:
2986 q->q_state = QS_QUEUEUP;
2987 break;
2988
2989 default:
2990 q->q_state = QS_BADADDR;
2991 break;
2992 }
2993
2994 /* find most specific error code possible */
2995 if (mci != NULL && mci->mci_status != NULL)
2996 {
2997 status = mci->mci_status;
2998 if (mci->mci_rstatus != NULL)
2999 rstatus = newstr(mci->mci_rstatus);
3000 else
3001 rstatus = NULL;
3002 }
3003 else if (e->e_status != NULL)
3004 {
3005 status = e->e_status;
3006 rstatus = NULL;
3007 }
3008 else
3009 {
3010 switch (rcode)
3011 {
3012 case EX_USAGE:
3013 status = "5.5.4";
3014 break;
3015
3016 case EX_DATAERR:
3017 status = "5.5.2";
3018 break;
3019
3020 case EX_NOUSER:
3021 status = "5.1.1";
3022 break;
3023
3024 case EX_NOHOST:
3025 status = "5.1.2";
3026 break;
3027
3028 case EX_NOINPUT:
3029 case EX_CANTCREAT:
3030 case EX_NOPERM:
3031 status = "5.3.0";
3032 break;
3033
3034 case EX_UNAVAILABLE:
3035 case EX_SOFTWARE:
3036 case EX_OSFILE:
3037 case EX_PROTOCOL:
3038 case EX_CONFIG:
3039 status = "5.5.0";
3040 break;
3041
3042 case EX_OSERR:
3043 case EX_IOERR:
3044 status = "4.5.0";
3045 break;
3046
3047 case EX_TEMPFAIL:
3048 status = "4.2.0";
3049 break;
3050 }
3051 }
3052
3053 /* new status? */
3054 if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL ||
3055 *q->q_status == '\0' || *q->q_status < *status))
3056 {
3057 q->q_status = status;
3058 q->q_rstatus = rstatus;
3059 }
3060 if (rcode != EX_OK && q->q_rstatus == NULL &&
3061 q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL &&
3062 strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0)
3063 {
3064 char buf[16];
3065
3066 (void) snprintf(buf, sizeof buf, "%d", rcode);
3067 q->q_rstatus = newstr(buf);
3068 }
3069
3070 q->q_statdate = curtime();
3071 if (CurHostName != NULL && CurHostName[0] != '\0' &&
3072 mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags))
3073 q->q_statmta = newstr(CurHostName);
3074 }
3075 �/*
3076 ** ENDMAILER -- Wait for mailer to terminate.
3077 **
3078 ** We should never get fatal errors (e.g., segmentation
3079 ** violation), so we report those specially. For other
3080 ** errors, we choose a status message (into statmsg),
3081 ** and if it represents an error, we print it.
3082 **
3083 ** Parameters:
3084 ** mci -- the mailer connection info.
3085 ** e -- the current envelope.
3086 ** pv -- the parameter vector that invoked the mailer
3087 ** (for error messages).
3088 **
3089 ** Returns:
3090 ** exit code of mailer.
3091 **
3092 ** Side Effects:
3093 ** none.
3094 */
3095
3096 static jmp_buf EndWaitTimeout;
3097
3098 static void
3099 endwaittimeout()
3100 {
3101 /*
3102 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
3103 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
3104 ** DOING.
3105 */
3106
3107 errno = ETIMEDOUT;
3108 longjmp(EndWaitTimeout, 1);
3109 }
3110
3111 int
3112 endmailer(mci, e, pv)
3113 register MCI *mci;
3114 register ENVELOPE *e;
3115 char **pv;
3116 {
3117 int st;
3118 int save_errno = errno;
3119 char buf[MAXLINE];
3120 EVENT *ev = NULL;
3121
3122
3123 mci_unlock_host(mci);
3124
3125 /* close output to mailer */
3126 if (mci->mci_out != NULL)
3127 (void) fclose(mci->mci_out);
3128
3129 /* copy any remaining input to transcript */
3130 if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR &&
3131 e->e_xfp != NULL)
3132 {
3133 while (sfgets(buf, sizeof buf, mci->mci_in,
3134 TimeOuts.to_quit, "Draining Input") != NULL)
3135 (void) fputs(buf, e->e_xfp);
3136 }
3137
3138 #if SASL
3139 /* shutdown SASL */
3140 if (bitset(MCIF_AUTHACT, mci->mci_flags))
3141 {
3142 sasl_dispose(&mci->mci_conn);
3143 mci->mci_flags &= ~MCIF_AUTHACT;
3144 }
3145 #endif /* SASL */
3146
3147 #if STARTTLS
3148 /* shutdown TLS */
3149 (void) endtlsclt(mci);
3150 #endif /* STARTTLS */
3151
3152 /* now close the input */
3153 if (mci->mci_in != NULL)
3154 (void) fclose(mci->mci_in);
3155 mci->mci_in = mci->mci_out = NULL;
3156 mci->mci_state = MCIS_CLOSED;
3157
3158 errno = save_errno;
3159
3160 /* in the IPC case there is nothing to wait for */
3161 if (mci->mci_pid == 0)
3162 return EX_OK;
3163
3164 /* put a timeout around the wait */
3165 if (mci->mci_mailer->m_wait > 0)
3166 {
3167 if (setjmp(EndWaitTimeout) == 0)
3168 ev = setevent(mci->mci_mailer->m_wait,
3169 endwaittimeout, 0);
3170 else
3171 {
3172 syserr("endmailer %s: wait timeout (%ld)",
3173 mci->mci_mailer->m_name,
3174 (long) mci->mci_mailer->m_wait);
3175 return EX_TEMPFAIL;
3176 }
3177 }
3178
3179 /* wait for the mailer process, collect status */
3180 st = waitfor(mci->mci_pid);
3181 save_errno = errno;
3182 if (ev != NULL)
3183 clrevent(ev);
3184 errno = save_errno;
3185
3186 if (st == -1)
3187 {
3188 syserr("endmailer %s: wait", mci->mci_mailer->m_name);
3189 return EX_SOFTWARE;
3190 }
3191
3192 if (WIFEXITED(st))
3193 {
3194 /* normal death -- return status */
3195 return (WEXITSTATUS(st));
3196 }
3197
3198 /* it died a horrid death */
3199 syserr("451 4.3.0 mailer %s died with signal %d%s",
3200 mci->mci_mailer->m_name, WTERMSIG(st),
3201 WCOREDUMP(st) ? " (core dumped)" :
3202 (WIFSTOPPED(st) ? " (stopped)" : ""));
3203
3204 /* log the arguments */
3205 if (pv != NULL && e->e_xfp != NULL)
3206 {
3207 register char **av;
3208
3209 fprintf(e->e_xfp, "Arguments:");
3210 for (av = pv; *av != NULL; av++)
3211 fprintf(e->e_xfp, " %s", *av);
3212 fprintf(e->e_xfp, "\n");
3213 }
3214
3215 ExitStat = EX_TEMPFAIL;
3216 return EX_TEMPFAIL;
3217 }
3218 �/*
3219 ** GIVERESPONSE -- Interpret an error response from a mailer
3220 **
3221 ** Parameters:
3222 ** status -- the status code from the mailer (high byte
3223 ** only; core dumps must have been taken care of
3224 ** already).
3225 ** dsn -- the DSN associated with the address, if any.
3226 ** m -- the mailer info for this mailer.
3227 ** mci -- the mailer connection info -- can be NULL if the
3228 ** response is given before the connection is made.
3229 ** ctladdr -- the controlling address for the recipient
3230 ** address(es).
3231 ** xstart -- the transaction start time, for computing
3232 ** transaction delays.
3233 ** e -- the current envelope.
3234 **
3235 ** Returns:
3236 ** none.
3237 **
3238 ** Side Effects:
3239 ** Errors may be incremented.
3240 ** ExitStat may be set.
3241 */
3242
3243 void
3244 giveresponse(status, dsn, m, mci, ctladdr, xstart, e)
3245 int status;
3246 char *dsn;
3247 register MAILER *m;
3248 register MCI *mci;
3249 ADDRESS *ctladdr;
3250 time_t xstart;
3251 ENVELOPE *e;
3252 {
3253 register const char *statmsg;
3254 extern char *SysExMsg[];
3255 register int i;
3256 int errnum = errno;
3257 int off = 4;
3258 extern int N_SysEx;
3259 char dsnbuf[ENHSCLEN];
3260 char buf[MAXLINE];
3261
3262 if (e == NULL)
3263 syserr("giveresponse: null envelope");
3264
3265 /*
3266 ** Compute status message from code.
3267 */
3268
3269 i = status - EX__BASE;
3270 if (status == 0)
3271 {
3272 statmsg = "250 2.0.0 Sent";
3273 if (e->e_statmsg != NULL)
3274 {
3275 (void) snprintf(buf, sizeof buf, "%s (%s)",
3276 statmsg,
3277 shortenstring(e->e_statmsg, 403));
3278 statmsg = buf;
3279 }
3280 }
3281 else if (i < 0 || i >= N_SysEx)
3282 {
3283 (void) snprintf(buf, sizeof buf,
3284 "554 5.3.0 unknown mailer error %d",
3285 status);
3286 status = EX_UNAVAILABLE;
3287 statmsg = buf;
3288 }
3289 else if (status == EX_TEMPFAIL)
3290 {
3291 char *bp = buf;
3292
3293 snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1);
3294 bp += strlen(bp);
3295 #if NAMED_BIND
3296 if (h_errno == TRY_AGAIN)
3297 statmsg = errstring(h_errno+E_DNSBASE);
3298 else
3299 #endif /* NAMED_BIND */
3300 {
3301 if (errnum != 0)
3302 statmsg = errstring(errnum);
3303 else
3304 {
3305 #if SMTP
3306 statmsg = SmtpError;
3307 #else /* SMTP */
3308 statmsg = NULL;
3309 #endif /* SMTP */
3310 }
3311 }
3312 if (statmsg != NULL && statmsg[0] != '\0')
3313 {
3314 switch (errnum)
3315 {
3316 #ifdef ENETDOWN
3317 case ENETDOWN: /* Network is down */
3318 #endif /* ENETDOWN */
3319 #ifdef ENETUNREACH
3320 case ENETUNREACH: /* Network is unreachable */
3321 #endif /* ENETUNREACH */
3322 #ifdef ENETRESET
3323 case ENETRESET: /* Network dropped connection on reset */
3324 #endif /* ENETRESET */
3325 #ifdef ECONNABORTED
3326 case ECONNABORTED: /* Software caused connection abort */
3327 #endif /* ECONNABORTED */
3328 #ifdef EHOSTDOWN
3329 case EHOSTDOWN: /* Host is down */
3330 #endif /* EHOSTDOWN */
3331 #ifdef EHOSTUNREACH
3332 case EHOSTUNREACH: /* No route to host */
3333 #endif /* EHOSTUNREACH */
3334 if (mci->mci_host != NULL)
3335 {
3336 snprintf(bp, SPACELEFT(buf, bp),
3337 ": %s", mci->mci_host);
3338 bp += strlen(bp);
3339 }
3340 break;
3341 }
3342 snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg);
3343 }
3344 statmsg = buf;
3345 }
3346 #if NAMED_BIND
3347 else if (status == EX_NOHOST && h_errno != 0)
3348 {
3349 statmsg = errstring(h_errno + E_DNSBASE);
3350 (void) snprintf(buf, sizeof buf, "%s (%s)",
3351 SysExMsg[i] + 1, statmsg);
3352 statmsg = buf;
3353 }
3354 #endif /* NAMED_BIND */
3355 else
3356 {
3357 statmsg = SysExMsg[i];
3358 if (*statmsg++ == ':' && errnum != 0)
3359 {
3360 (void) snprintf(buf, sizeof buf, "%s: %s",
3361 statmsg, errstring(errnum));
3362 statmsg = buf;
3363 }
3364 }
3365
3366 /*
3367 ** Print the message as appropriate
3368 */
3369
3370 if (status == EX_OK || status == EX_TEMPFAIL)
3371 {
3372 extern char MsgBuf[];
3373
3374 if ((off = isenhsc(statmsg + 4, ' ')) > 0)
3375 {
3376 if (dsn == NULL)
3377 {
3378 snprintf(dsnbuf, sizeof dsnbuf,
3379 "%.*s", off, statmsg + 4);
3380 dsn = dsnbuf;
3381 }
3382 off += 5;
3383 }
3384 else
3385 {
3386 off = 4;
3387 }
3388 message("%s", statmsg + off);
3389 if (status == EX_TEMPFAIL && e->e_xfp != NULL)
3390 fprintf(e->e_xfp, "%s\n", &MsgBuf[4]);
3391 }
3392 else
3393 {
3394 char mbuf[ENHSCLEN + 4];
3395
3396 Errors++;
3397 if ((off = isenhsc(statmsg + 4, ' ')) > 0 &&
3398 off < sizeof mbuf - 4)
3399 {
3400 if (dsn == NULL)
3401 {
3402 snprintf(dsnbuf, sizeof dsnbuf,
3403 "%.*s", off, statmsg + 4);
3404 dsn = dsnbuf;
3405 }
3406 off += 5;
3407 (void) strlcpy(mbuf, statmsg, off);
3408 (void) strlcat(mbuf, " %s", sizeof mbuf);
3409 }
3410 else
3411 {
3412 dsnbuf[0] = '\0';
3413 (void) snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg);
3414 off = 4;
3415 }
3416 usrerr(mbuf, &statmsg[off]);
3417 }
3418
3419 /*
3420 ** Final cleanup.
3421 ** Log a record of the transaction. Compute the new
3422 ** ExitStat -- if we already had an error, stick with
3423 ** that.
3424 */
3425
3426 if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) &&
3427 LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6))
3428 logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e);
3429
3430 if (tTd(11, 2))
3431 dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s\n",
3432 status,
3433 dsn == NULL ? "<NULL>" : dsn,
3434 e->e_message == NULL ? "<NULL>" : e->e_message);
3435
3436 if (status != EX_TEMPFAIL)
3437 setstat(status);
3438 if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL))
3439 {
3440 if (e->e_message != NULL)
3441 sm_free(e->e_message);
3442 e->e_message = newstr(statmsg + off);
3443 }
3444 errno = 0;
3445 #if NAMED_BIND
3446 SM_SET_H_ERRNO(0);
3447 #endif /* NAMED_BIND */
3448 }
3449 �/*
3450 ** LOGDELIVERY -- log the delivery in the system log
3451 **
3452 ** Care is taken to avoid logging lines that are too long, because
3453 ** some versions of syslog have an unfortunate proclivity for core
3454 ** dumping. This is a hack, to be sure, that is at best empirical.
3455 **
3456 ** Parameters:
3457 ** m -- the mailer info. Can be NULL for initial queue.
3458 ** mci -- the mailer connection info -- can be NULL if the
3459 ** log is occurring when no connection is active.
3460 ** dsn -- the DSN attached to the status.
3461 ** status -- the message to print for the status.
3462 ** ctladdr -- the controlling address for the to list.
3463 ** xstart -- the transaction start time, used for
3464 ** computing transaction delay.
3465 ** e -- the current envelope.
3466 **
3467 ** Returns:
3468 ** none
3469 **
3470 ** Side Effects:
3471 ** none
3472 */
3473
3474 void
3475 logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
3476 MAILER *m;
3477 register MCI *mci;
3478 char *dsn;
3479 const char *status;
3480 ADDRESS *ctladdr;
3481 time_t xstart;
3482 register ENVELOPE *e;
3483 {
3484 register char *bp;
3485 register char *p;
3486 int l;
3487 time_t now;
3488 char buf[1024];
3489
3490 #if (SYSLOG_BUFSIZE) >= 256
3491 /* ctladdr: max 106 bytes */
3492 bp = buf;
3493 if (ctladdr != NULL)
3494 {
3495 snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s",
3496 shortenstring(ctladdr->q_paddr, 83));
3497 bp += strlen(bp);
3498 if (bitset(QGOODUID, ctladdr->q_flags))
3499 {
3500 (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
3501 (int) ctladdr->q_uid,
3502 (int) ctladdr->q_gid);
3503 bp += strlen(bp);
3504 }
3505 }
3506
3507 /* delay & xdelay: max 41 bytes */
3508 now = curtime();
3509 snprintf(bp, SPACELEFT(buf, bp), ", delay=%s",
3510 pintvl(now - e->e_ctime, TRUE));
3511 bp += strlen(bp);
3512
3513 if (xstart != (time_t) 0)
3514 {
3515 snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
3516 pintvl(now - xstart, TRUE));
3517 bp += strlen(bp);
3518 }
3519
3520 /* mailer: assume about 19 bytes (max 10 byte mailer name) */
3521 if (m != NULL)
3522 {
3523 snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name);
3524 bp += strlen(bp);
3525 }
3526
3527 /* pri: changes with each delivery attempt */
3528 snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", e->e_msgpriority);
3529 bp += strlen(bp);
3530
3531 /* relay: max 66 bytes for IPv4 addresses */
3532 if (mci != NULL && mci->mci_host != NULL)
3533 {
3534 # if DAEMON
3535 extern SOCKADDR CurHostAddr;
3536 # endif /* DAEMON */
3537
3538 snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
3539 shortenstring(mci->mci_host, 40));
3540 bp += strlen(bp);
3541
3542 # if DAEMON
3543 if (CurHostAddr.sa.sa_family != 0)
3544 {
3545 snprintf(bp, SPACELEFT(buf, bp), " [%s]",
3546 anynet_ntoa(&CurHostAddr));
3547 }
3548 # endif /* DAEMON */
3549 }
3550 else if (strcmp(status, "queued") != 0)
3551 {
3552 p = macvalue('h', e);
3553 if (p != NULL && p[0] != '\0')
3554 {
3555 snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
3556 shortenstring(p, 40));
3557 }
3558 }
3559 bp += strlen(bp);
3560
3561 /* dsn */
3562 if (dsn != NULL && *dsn != '\0')
3563 {
3564 snprintf(bp, SPACELEFT(buf, bp), ", dsn=%s",
3565 shortenstring(dsn, ENHSCLEN));
3566 bp += strlen(bp);
3567 }
3568
3569 # define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4)
3570 # if (STATLEN) < 63
3571 # undef STATLEN
3572 # define STATLEN 63
3573 # endif /* (STATLEN) < 63 */
3574 # if (STATLEN) > 203
3575 # undef STATLEN
3576 # define STATLEN 203
3577 # endif /* (STATLEN) > 203 */
3578
3579 /* stat: max 210 bytes */
3580 if ((bp - buf) > (sizeof buf - ((STATLEN) + 20)))
3581 {
3582 /* desperation move -- truncate data */
3583 bp = buf + sizeof buf - ((STATLEN) + 17);
3584 (void) strlcpy(bp, "...", SPACELEFT(buf, bp));
3585 bp += 3;
3586 }
3587
3588 (void) strlcpy(bp, ", stat=", SPACELEFT(buf, bp));
3589 bp += strlen(bp);
3590
3591 (void) strlcpy(bp, shortenstring(status, STATLEN), SPACELEFT(buf, bp));
3592
3593 /* id, to: max 13 + TOBUFSIZE bytes */
3594 l = SYSLOG_BUFSIZE - 100 - strlen(buf);
3595 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
3596 while (strlen(p) >= (SIZE_T) l)
3597 {
3598 register char *q;
3599
3600 #if _FFR_DYNAMIC_TOBUF
3601 for (q = p + l; q > p; q--)
3602 {
3603 if (*q == ',')
3604 break;
3605 }
3606 if (p == q)
3607 break;
3608 #else /* _FFR_DYNAMIC_TOBUF */
3609 q = strchr(p + l, ',');
3610 if (q == NULL)
3611 break;
3612 #endif /* _FFR_DYNAMIC_TOBUF */
3613
3614 sm_syslog(LOG_INFO, e->e_id,
3615 "to=%.*s [more]%s",
3616 (int) (++q - p), p, buf);
3617 p = q;
3618 }
3619 #if _FFR_DYNAMIC_TOBUF
3620 sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf);
3621 #else /* _FFR_DYNAMIC_TOBUF */
3622 sm_syslog(LOG_INFO, e->e_id, "to=%s%s", p, buf);
3623 #endif /* _FFR_DYNAMIC_TOBUF */
3624
3625 #else /* (SYSLOG_BUFSIZE) >= 256 */
3626
3627 l = SYSLOG_BUFSIZE - 85;
3628 p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
3629 while (strlen(p) >= (SIZE_T) l)
3630 {
3631 register char *q;
3632
3633 #if _FFR_DYNAMIC_TOBUF
3634 for (q = p + l; q > p; q--)
3635 {
3636 if (*q == ',')
3637 break;
3638 }
3639 if (p == q)
3640 break;
3641 #else /* _FFR_DYNAMIC_TOBUF */
3642 q = strchr(p + l, ',');
3643 if (q == NULL)
3644 break;
3645 #endif /* _FFR_DYNAMIC_TOBUF */
3646
3647 sm_syslog(LOG_INFO, e->e_id,
3648 "to=%.*s [more]",
3649 (int) (++q - p), p);
3650 p = q;
3651 }
3652 #if _FFR_DYNAMIC_TOBUF
3653 sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p);
3654 #else /* _FFR_DYNAMIC_TOBUF */
3655 sm_syslog(LOG_INFO, e->e_id, "to=%s", p);
3656 #endif /* _FFR_DYNAMIC_TOBUF */
3657
3658 if (ctladdr != NULL)
3659 {
3660 bp = buf;
3661 snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s",
3662 shortenstring(ctladdr->q_paddr, 83));
3663 bp += strlen(bp);
3664 if (bitset(QGOODUID, ctladdr->q_flags))
3665 {
3666 (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
3667 ctladdr->q_uid, ctladdr->q_gid);
3668 bp += strlen(bp);
3669 }
3670 sm_syslog(LOG_INFO, e->e_id, "%s", buf);
3671 }
3672 bp = buf;
3673 snprintf(bp, SPACELEFT(buf, bp), "delay=%s",
3674 pintvl(now - e->e_ctime, TRUE));
3675 bp += strlen(bp);
3676 if (xstart != (time_t) 0)
3677 {
3678 snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
3679 pintvl(now - xstart, TRUE));
3680 bp += strlen(bp);
3681 }
3682
3683 if (m != NULL)
3684 {
3685 snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name);
3686 bp += strlen(bp);
3687 }
3688 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf);
3689
3690 buf[0] = '\0';
3691 bp = buf;
3692 if (mci != NULL && mci->mci_host != NULL)
3693 {
3694 # if DAEMON
3695 extern SOCKADDR CurHostAddr;
3696 # endif /* DAEMON */
3697
3698 snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host);
3699 bp += strlen(bp);
3700
3701 # if DAEMON
3702 if (CurHostAddr.sa.sa_family != 0)
3703 snprintf(bp, SPACELEFT(buf, bp), " [%.100s]",
3704 anynet_ntoa(&CurHostAddr));
3705 # endif /* DAEMON */
3706 }
3707 else if (strcmp(status, "queued") != 0)
3708 {
3709 p = macvalue('h', e);
3710 if (p != NULL && p[0] != '\0')
3711 snprintf(buf, sizeof buf, "relay=%.100s", p);
3712 }
3713 if (buf[0] != '\0')
3714 sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf);
3715
3716 sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63));
3717 #endif /* (SYSLOG_BUFSIZE) >= 256 */
3718 }
3719 �/*
3720 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
3721 **
3722 ** This can be made an arbitrary message separator by changing $l
3723 **
3724 ** One of the ugliest hacks seen by human eyes is contained herein:
3725 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
3726 ** does a well-meaning programmer such as myself have to deal with
3727 ** this kind of antique garbage????
3728 **
3729 ** Parameters:
3730 ** mci -- the connection information.
3731 ** e -- the envelope.
3732 **
3733 ** Returns:
3734 ** none
3735 **
3736 ** Side Effects:
3737 ** outputs some text to fp.
3738 */
3739
3740 void
3741 putfromline(mci, e)
3742 register MCI *mci;
3743 ENVELOPE *e;
3744 {
3745 char *template = UnixFromLine;
3746 char buf[MAXLINE];
3747 char xbuf[MAXLINE];
3748
3749 if (bitnset(M_NHDR, mci->mci_mailer->m_flags))
3750 return;
3751
3752 mci->mci_flags |= MCIF_INHEADER;
3753
3754 if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags))
3755 {
3756 char *bang;
3757
3758 expand("\201g", buf, sizeof buf, e);
3759 bang = strchr(buf, '!');
3760 if (bang == NULL)
3761 {
3762 char *at;
3763 char hname[MAXNAME];
3764
3765 /*
3766 ** If we can construct a UUCP path, do so
3767 */
3768
3769 at = strrchr(buf, '@');
3770 if (at == NULL)
3771 {
3772 expand("\201k", hname, sizeof hname, e);
3773 at = hname;
3774 }
3775 else
3776 *at++ = '\0';
3777 (void) snprintf(xbuf, sizeof xbuf,
3778 "From %.800s \201d remote from %.100s\n",
3779 buf, at);
3780 }
3781 else
3782 {
3783 *bang++ = '\0';
3784 (void) snprintf(xbuf, sizeof xbuf,
3785 "From %.800s \201d remote from %.100s\n",
3786 bang, buf);
3787 template = xbuf;
3788 }
3789 }
3790 expand(template, buf, sizeof buf, e);
3791 putxline(buf, strlen(buf), mci, PXLF_HEADER);
3792 }
3793 �/*
3794 ** PUTBODY -- put the body of a message.
3795 **
3796 ** Parameters:
3797 ** mci -- the connection information.
3798 ** e -- the envelope to put out.
3799 ** separator -- if non-NULL, a message separator that must
3800 ** not be permitted in the resulting message.
3801 **
3802 ** Returns:
3803 ** none.
3804 **
3805 ** Side Effects:
3806 ** The message is written onto fp.
3807 */
3808
3809 /* values for output state variable */
3810 #define OS_HEAD 0 /* at beginning of line */
3811 #define OS_CR 1 /* read a carriage return */
3812 #define OS_INLINE 2 /* putting rest of line */
3813
3814 void
3815 putbody(mci, e, separator)
3816 register MCI *mci;
3817 register ENVELOPE *e;
3818 char *separator;
3819 {
3820 bool dead = FALSE;
3821 char buf[MAXLINE];
3822 char *boundaries[MAXMIMENESTING + 1];
3823
3824 /*
3825 ** Output the body of the message
3826 */
3827
3828 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags))
3829 {
3830 char *df = queuename(e, 'd');
3831
3832 e->e_dfp = fopen(df, "r");
3833 if (e->e_dfp == NULL)
3834 {
3835 char *msg = "!putbody: Cannot open %s for %s from %s";
3836
3837 if (errno == ENOENT)
3838 msg++;
3839 syserr(msg, df, e->e_to, e->e_from.q_paddr);
3840 }
3841 }
3842 if (e->e_dfp == NULL)
3843 {
3844 if (bitset(MCIF_INHEADER, mci->mci_flags))
3845 {
3846 putline("", mci);
3847 mci->mci_flags &= ~MCIF_INHEADER;
3848 }
3849 putline("<<< No Message Collected >>>", mci);
3850 goto endofmessage;
3851 }
3852
3853 if (e->e_dfino == (ino_t) 0)
3854 {
3855 struct stat stbuf;
3856
3857 if (fstat(fileno(e->e_dfp), &stbuf) < 0)
3858 e->e_dfino = -1;
3859 else
3860 {
3861 e->e_dfdev = stbuf.st_dev;
3862 e->e_dfino = stbuf.st_ino;
3863 }
3864 }
3865
3866 /* paranoia: the df file should always be in a rewound state */
3867 (void) bfrewind(e->e_dfp);
3868
3869 #if MIME8TO7
3870 if (bitset(MCIF_CVT8TO7, mci->mci_flags))
3871 {
3872 /*
3873 ** Do 8 to 7 bit MIME conversion.
3874 */
3875
3876 /* make sure it looks like a MIME message */
3877 if (hvalue("MIME-Version", e->e_header) == NULL)
3878 putline("MIME-Version: 1.0", mci);
3879
3880 if (hvalue("Content-Type", e->e_header) == NULL)
3881 {
3882 snprintf(buf, sizeof buf,
3883 "Content-Type: text/plain; charset=%s",
3884 defcharset(e));
3885 putline(buf, mci);
3886 }
3887
3888 /* now do the hard work */
3889 boundaries[0] = NULL;
3890 mci->mci_flags |= MCIF_INHEADER;
3891 (void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
3892 }
3893 # if MIME7TO8
3894 else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
3895 {
3896 (void) mime7to8(mci, e->e_header, e);
3897 }
3898 # endif /* MIME7TO8 */
3899 else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
3900 {
3901 bool oldsuprerrs = SuprErrs;
3902
3903 /* Use mime8to7 to check multipart for MIME header overflows */
3904 boundaries[0] = NULL;
3905 mci->mci_flags |= MCIF_INHEADER;
3906
3907 /*
3908 ** If EF_DONT_MIME is set, we have a broken MIME message
3909 ** and don't want to generate a new bounce message whose
3910 ** body propagates the broken MIME. We can't just not call
3911 ** mime8to7() as is done above since we need the security
3912 ** checks. The best we can do is suppress the errors.
3913 */
3914
3915 if (bitset(EF_DONT_MIME, e->e_flags))
3916 SuprErrs = TRUE;
3917
3918 (void) mime8to7(mci, e->e_header, e, boundaries,
3919 M87F_OUTER|M87F_NO8TO7);
3920
3921 /* restore SuprErrs */
3922 SuprErrs = oldsuprerrs;
3923 }
3924 else
3925 #endif /* MIME8TO7 */
3926 {
3927 int ostate;
3928 register char *bp;
3929 register char *pbp;
3930 register int c;
3931 register char *xp;
3932 int padc;
3933 char *buflim;
3934 int pos = 0;
3935 char peekbuf[12];
3936
3937 if (bitset(MCIF_INHEADER, mci->mci_flags))
3938 {
3939 putline("", mci);
3940 mci->mci_flags &= ~MCIF_INHEADER;
3941 }
3942
3943 /* determine end of buffer; allow for short mailer lines */
3944 buflim = &buf[sizeof buf - 1];
3945 if (mci->mci_mailer->m_linelimit > 0 &&
3946 mci->mci_mailer->m_linelimit < sizeof buf - 1)
3947 buflim = &buf[mci->mci_mailer->m_linelimit - 1];
3948
3949 /* copy temp file to output with mapping */
3950 ostate = OS_HEAD;
3951 bp = buf;
3952 pbp = peekbuf;
3953 while (!ferror(mci->mci_out) && !dead)
3954 {
3955 if (pbp > peekbuf)
3956 c = *--pbp;
3957 else if ((c = getc(e->e_dfp)) == EOF)
3958 break;
3959 if (bitset(MCIF_7BIT, mci->mci_flags))
3960 c &= 0x7f;
3961 switch (ostate)
3962 {
3963 case OS_HEAD:
3964 #if _FFR_NONULLS
3965 if (c == '\0' &&
3966 bitnset(M_NONULLS, mci->mci_mailer->m_flags))
3967 break;
3968 #endif /* _FFR_NONULLS */
3969 if (c != '\r' && c != '\n' && bp < buflim)
3970 {
3971 *bp++ = c;
3972 break;
3973 }
3974
3975 /* check beginning of line for special cases */
3976 *bp = '\0';
3977 pos = 0;
3978 padc = EOF;
3979 if (buf[0] == 'F' &&
3980 bitnset(M_ESCFROM, mci->mci_mailer->m_flags) &&
3981 strncmp(buf, "From ", 5) == 0)
3982 {
3983 padc = '>';
3984 }
3985 if (buf[0] == '-' && buf[1] == '-' &&
3986 separator != NULL)
3987 {
3988 /* possible separator */
3989 int sl = strlen(separator);
3990
3991 if (strncmp(&buf[2], separator, sl) == 0)
3992 padc = ' ';
3993 }
3994 if (buf[0] == '.' &&
3995 bitnset(M_XDOT, mci->mci_mailer->m_flags))
3996 {
3997 padc = '.';
3998 }
3999
4000 /* now copy out saved line */
4001 if (TrafficLogFile != NULL)
4002 {
4003 fprintf(TrafficLogFile, "%05d >>> ",
4004 (int) getpid());
4005 if (padc != EOF)
4006 (void) putc(padc,
4007 TrafficLogFile);
4008 for (xp = buf; xp < bp; xp++)
4009 (void) putc((unsigned char) *xp,
4010 TrafficLogFile);
4011 if (c == '\n')
4012 (void) fputs(mci->mci_mailer->m_eol,
4013 TrafficLogFile);
4014 }
4015 if (padc != EOF)
4016 {
4017 if (putc(padc, mci->mci_out) == EOF)
4018 {
4019 dead = TRUE;
4020 continue;
4021 }
4022 else
4023 {
4024 /* record progress for DATA timeout */
4025 DataProgress = TRUE;
4026 }
4027 pos++;
4028 }
4029 for (xp = buf; xp < bp; xp++)
4030 {
4031 if (putc((unsigned char) *xp,
4032 mci->mci_out) == EOF)
4033 {
4034 dead = TRUE;
4035 break;
4036 }
4037 else
4038 {
4039 /* record progress for DATA timeout */
4040 DataProgress = TRUE;
4041 }
4042 }
4043 if (dead)
4044 continue;
4045 if (c == '\n')
4046 {
4047 if (fputs(mci->mci_mailer->m_eol,
4048 mci->mci_out) == EOF)
4049 break;
4050 else
4051 {
4052 /* record progress for DATA timeout */
4053 DataProgress = TRUE;
4054 }
4055 pos = 0;
4056 }
4057 else
4058 {
4059 pos += bp - buf;
4060 if (c != '\r')
4061 *pbp++ = c;
4062 }
4063
4064 bp = buf;
4065
4066 /* determine next state */
4067 if (c == '\n')
4068 ostate = OS_HEAD;
4069 else if (c == '\r')
4070 ostate = OS_CR;
4071 else
4072 ostate = OS_INLINE;
4073 continue;
4074
4075 case OS_CR:
4076 if (c == '\n')
4077 {
4078 /* got CRLF */
4079 if (fputs(mci->mci_mailer->m_eol,
4080 mci->mci_out) == EOF)
4081 continue;
4082 else
4083 {
4084 /* record progress for DATA timeout */
4085 DataProgress = TRUE;
4086 }
4087
4088 if (TrafficLogFile != NULL)
4089 {
4090 (void) fputs(mci->mci_mailer->m_eol,
4091 TrafficLogFile);
4092 }
4093 ostate = OS_HEAD;
4094 continue;
4095 }
4096
4097 /* had a naked carriage return */
4098 *pbp++ = c;
4099 c = '\r';
4100 ostate = OS_INLINE;
4101 goto putch;
4102
4103 case OS_INLINE:
4104 if (c == '\r')
4105 {
4106 ostate = OS_CR;
4107 continue;
4108 }
4109 #if _FFR_NONULLS
4110 if (c == '\0' &&
4111 bitnset(M_NONULLS, mci->mci_mailer->m_flags))
4112 break;
4113 #endif /* _FFR_NONULLS */
4114 putch:
4115 if (mci->mci_mailer->m_linelimit > 0 &&
4116 pos >= mci->mci_mailer->m_linelimit - 1 &&
4117 c != '\n')
4118 {
4119 int d;
4120
4121 /* check next character for EOL */
4122 if (pbp > peekbuf)
4123 d = *(pbp - 1);
4124 else if ((d = getc(e->e_dfp)) != EOF)
4125 *pbp++ = d;
4126
4127 if (d == '\n' || d == EOF)
4128 {
4129 if (TrafficLogFile != NULL)
4130 (void) putc((unsigned char) c,
4131 TrafficLogFile);
4132 if (putc((unsigned char) c,
4133 mci->mci_out) == EOF)
4134 {
4135 dead = TRUE;
4136 continue;
4137 }
4138 else
4139 {
4140 /* record progress for DATA timeout */
4141 DataProgress = TRUE;
4142 }
4143 pos++;
4144 continue;
4145 }
4146
4147 if (putc('!', mci->mci_out) == EOF ||
4148 fputs(mci->mci_mailer->m_eol,
4149 mci->mci_out) == EOF)
4150 {
4151 dead = TRUE;
4152 continue;
4153 }
4154 else
4155 {
4156 /* record progress for DATA timeout */
4157 DataProgress = TRUE;
4158 }
4159
4160 if (TrafficLogFile != NULL)
4161 {
4162 fprintf(TrafficLogFile, "!%s",
4163 mci->mci_mailer->m_eol);
4164 }
4165 ostate = OS_HEAD;
4166 *pbp++ = c;
4167 continue;
4168 }
4169 if (c == '\n')
4170 {
4171 if (TrafficLogFile != NULL)
4172 (void) fputs(mci->mci_mailer->m_eol,
4173 TrafficLogFile);
4174 if (fputs(mci->mci_mailer->m_eol,
4175 mci->mci_out) == EOF)
4176 continue;
4177 else
4178 {
4179 /* record progress for DATA timeout */
4180 DataProgress = TRUE;
4181 }
4182 pos = 0;
4183 ostate = OS_HEAD;
4184 }
4185 else
4186 {
4187 if (TrafficLogFile != NULL)
4188 (void) putc((unsigned char) c,
4189 TrafficLogFile);
4190 if (putc((unsigned char) c,
4191 mci->mci_out) == EOF)
4192 {
4193 dead = TRUE;
4194 continue;
4195 }
4196 else
4197 {
4198 /* record progress for DATA timeout */
4199 DataProgress = TRUE;
4200 }
4201 pos++;
4202 ostate = OS_INLINE;
4203 }
4204 break;
4205 }
4206 }
4207
4208 /* make sure we are at the beginning of a line */
4209 if (bp > buf)
4210 {
4211 if (TrafficLogFile != NULL)
4212 {
4213 for (xp = buf; xp < bp; xp++)
4214 (void) putc((unsigned char) *xp,
4215 TrafficLogFile);
4216 }
4217 for (xp = buf; xp < bp; xp++)
4218 {
4219 if (putc((unsigned char) *xp, mci->mci_out) ==
4220 EOF)
4221 {
4222 dead = TRUE;
4223 break;
4224 }
4225 else
4226 {
4227 /* record progress for DATA timeout */
4228 DataProgress = TRUE;
4229 }
4230 }
4231 pos += bp - buf;
4232 }
4233 if (!dead && pos > 0)
4234 {
4235 if (TrafficLogFile != NULL)
4236 (void) fputs(mci->mci_mailer->m_eol,
4237 TrafficLogFile);
4238 (void) fputs(mci->mci_mailer->m_eol, mci->mci_out);
4239
4240 /* record progress for DATA timeout */
4241 DataProgress = TRUE;
4242 }
4243 }
4244
4245 if (ferror(e->e_dfp))
4246 {
4247 syserr("putbody: %s/df%s: read error",
4248 qid_printqueue(e->e_queuedir), e->e_id);
4249 ExitStat = EX_IOERR;
4250 }
4251
4252 endofmessage:
4253 /*
4254 ** Since mailfile() uses e_dfp in a child process,
4255 ** the file offset in the stdio library for the
4256 ** parent process will not agree with the in-kernel
4257 ** file offset since the file descriptor is shared
4258 ** between the processes. Therefore, it is vital
4259 ** that the file always be rewound. This forces the
4260 ** kernel offset (lseek) and stdio library (ftell)
4261 ** offset to match.
4262 */
4263
4264 if (e->e_dfp != NULL)
4265 (void) bfrewind(e->e_dfp);
4266
4267 /* some mailers want extra blank line at end of message */
4268 if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
4269 buf[0] != '\0' && buf[0] != '\n')
4270 putline("", mci);
4271
4272 (void) fflush(mci->mci_out);
4273 if (ferror(mci->mci_out) && errno != EPIPE)
4274 {
4275 syserr("putbody: write error");
4276 ExitStat = EX_IOERR;
4277 }
4278
4279 errno = 0;
4280 }
4281 �/*
4282 ** MAILFILE -- Send a message to a file.
4283 **
4284 ** If the file has the setuid/setgid bits set, but NO execute
4285 ** bits, sendmail will try to become the owner of that file
4286 ** rather than the real user. Obviously, this only works if
4287 ** sendmail runs as root.
4288 **
4289 ** This could be done as a subordinate mailer, except that it
4290 ** is used implicitly to save messages in ~/dead.letter. We
4291 ** view this as being sufficiently important as to include it
4292 ** here. For example, if the system is dying, we shouldn't have
4293 ** to create another process plus some pipes to save the message.
4294 **
4295 ** Parameters:
4296 ** filename -- the name of the file to send to.
4297 ** mailer -- mailer definition for recipient -- if NULL,
4298 ** use FileMailer.
4299 ** ctladdr -- the controlling address header -- includes
4300 ** the userid/groupid to be when sending.
4301 ** sfflags -- flags for opening.
4302 ** e -- the current envelope.
4303 **
4304 ** Returns:
4305 ** The exit code associated with the operation.
4306 **
4307 ** Side Effects:
4308 ** none.
4309 */
4310
4311 static jmp_buf CtxMailfileTimeout;
4312
4313 int
4314 mailfile(filename, mailer, ctladdr, sfflags, e)
4315 char *volatile filename;
4316 MAILER *volatile mailer;
4317 ADDRESS *ctladdr;
4318 volatile long sfflags;
4319 register ENVELOPE *e;
4320 {
4321 register FILE *f;
4322 register pid_t pid = -1;
4323 volatile int mode;
4324 int len;
4325 off_t curoff;
4326 bool suidwarn = geteuid() == 0;
4327 char *p;
4328 char *volatile realfile;
4329 EVENT *ev;
4330 char buf[MAXLINE + 1];
4331 char targetfile[MAXPATHLEN + 1];
4332
4333 if (tTd(11, 1))
4334 {
4335 dprintf("mailfile %s\n ctladdr=", filename);
4336 printaddr(ctladdr, FALSE);
4337 }
4338
4339 if (mailer == NULL)
4340 mailer = FileMailer;
4341
4342 if (e->e_xfp != NULL)
4343 (void) fflush(e->e_xfp);
4344
4345 /*
4346 ** Special case /dev/null. This allows us to restrict file
4347 ** delivery to regular files only.
4348 */
4349
4350 if (strcmp(filename, "/dev/null") == 0)
4351 return EX_OK;
4352
4353 /* check for 8-bit available */
4354 if (bitset(EF_HAS8BIT, e->e_flags) &&
4355 bitnset(M_7BITS, mailer->m_flags) &&
4356 (bitset(EF_DONT_MIME, e->e_flags) ||
4357 !(bitset(MM_MIME8BIT, MimeMode) ||
4358 (bitset(EF_IS_MIME, e->e_flags) &&
4359 bitset(MM_CVTMIME, MimeMode)))))
4360 {
4361 e->e_status = "5.6.3";
4362 usrerrenh(e->e_status,
4363 "554 Cannot send 8-bit data to 7-bit destination");
4364 return EX_DATAERR;
4365 }
4366
4367 /* Find the actual file */
4368 if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0')
4369 {
4370 len = strlen(SafeFileEnv);
4371
4372 if (strncmp(SafeFileEnv, filename, len) == 0)
4373 filename += len;
4374
4375 if (len + strlen(filename) + 1 > MAXPATHLEN)
4376 {
4377 syserr("mailfile: filename too long (%s/%s)",
4378 SafeFileEnv, filename);
4379 return EX_CANTCREAT;
4380 }
4381 (void) strlcpy(targetfile, SafeFileEnv, sizeof targetfile);
4382 realfile = targetfile + len;
4383 if (targetfile[len - 1] != '/')
4384 (void) strlcat(targetfile, "/", sizeof targetfile);
4385 if (*filename == '/')
4386 filename++;
4387 (void) strlcat(targetfile, filename, sizeof targetfile);
4388 }
4389 else if (mailer->m_rootdir != NULL)
4390 {
4391 expand(mailer->m_rootdir, targetfile, sizeof targetfile, e);
4392 len = strlen(targetfile);
4393
4394 if (strncmp(targetfile, filename, len) == 0)
4395 filename += len;
4396
4397 if (len + strlen(filename) + 1 > MAXPATHLEN)
4398 {
4399 syserr("mailfile: filename too long (%s/%s)",
4400 targetfile, filename);
4401 return EX_CANTCREAT;
4402 }
4403 realfile = targetfile + len;
4404 if (targetfile[len - 1] != '/')
4405 (void) strlcat(targetfile, "/", sizeof targetfile);
4406 if (*filename == '/')
4407 (void) strlcat(targetfile, filename + 1,
4408 sizeof targetfile);
4409 else
4410 (void) strlcat(targetfile, filename, sizeof targetfile);
4411 }
4412 else
4413 {
4414 if (strlen(filename) > MAXPATHLEN)
4415 {
4416 syserr("mailfile: filename too long (%s)", filename);
4417 return EX_CANTCREAT;
4418 }
4419 (void) strlcpy(targetfile, filename, sizeof targetfile);
4420 realfile = targetfile;
4421 }
4422
4423 /*
4424 ** Fork so we can change permissions here.
4425 ** Note that we MUST use fork, not vfork, because of
4426 ** the complications of calling subroutines, etc.
4427 */
4428
4429 DOFORK(fork);
4430
4431 if (pid < 0)
4432 return EX_OSERR;
4433 else if (pid == 0)
4434 {
4435 /* child -- actually write to file */
4436 struct stat stb;
4437 MCI mcibuf;
4438 int err;
4439 volatile int oflags = O_WRONLY|O_APPEND;
4440
4441 /* Reset global flags */
4442 RestartRequest = NULL;
4443 ShutdownRequest = NULL;
4444 PendingSignal = 0;
4445
4446 if (e->e_lockfp != NULL)
4447 (void) close(fileno(e->e_lockfp));
4448
4449 (void) setsignal(SIGINT, SIG_DFL);
4450 (void) setsignal(SIGHUP, SIG_DFL);
4451 (void) setsignal(SIGTERM, SIG_DFL);
4452 (void) umask(OldUmask);
4453 e->e_to = filename;
4454 ExitStat = EX_OK;
4455
4456 if (setjmp(CtxMailfileTimeout) != 0)
4457 {
4458 exit(EX_TEMPFAIL);
4459 }
4460
4461 if (TimeOuts.to_fileopen > 0)
4462 ev = setevent(TimeOuts.to_fileopen,
4463 mailfiletimeout, 0);
4464 else
4465 ev = NULL;
4466
4467 /* check file mode to see if setuid */
4468 if (stat(targetfile, &stb) < 0)
4469 mode = FileMode;
4470 else
4471 mode = stb.st_mode;
4472
4473 /* limit the errors to those actually caused in the child */
4474 errno = 0;
4475 ExitStat = EX_OK;
4476
4477 /* Allow alias expansions to use the S_IS{U,G}ID bits */
4478 if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) ||
4479 bitset(SFF_RUNASREALUID, sfflags))
4480 {
4481 /* ignore setuid and setgid bits */
4482 mode &= ~(S_ISGID|S_ISUID);
4483 if (tTd(11, 20))
4484 dprintf("mailfile: ignoring setuid/setgid bits\n");
4485 }
4486
4487 /* we have to open the dfile BEFORE setuid */
4488 if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags))
4489 {
4490 char *df = queuename(e, 'd');
4491
4492 e->e_dfp = fopen(df, "r");
4493 if (e->e_dfp == NULL)
4494 {
4495 syserr("mailfile: Cannot open %s for %s from %s",
4496 df, e->e_to, e->e_from.q_paddr);
4497 }
4498 }
4499
4500 /* select a new user to run as */
4501 if (!bitset(SFF_RUNASREALUID, sfflags))
4502 {
4503 if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
4504 {
4505 RealUserName = NULL;
4506 RealUid = mailer->m_uid;
4507 if (RunAsUid != 0 && RealUid != RunAsUid)
4508 {
4509 /* Only root can change the uid */
4510 syserr("mailfile: insufficient privileges to change uid");
4511 exit(EX_TEMPFAIL);
4512 }
4513 }
4514 else if (bitset(S_ISUID, mode))
4515 {
4516 RealUserName = NULL;
4517 RealUid = stb.st_uid;
4518 }
4519 else if (ctladdr != NULL && ctladdr->q_uid != 0)
4520 {
4521 if (ctladdr->q_ruser != NULL)
4522 RealUserName = ctladdr->q_ruser;
4523 else
4524 RealUserName = ctladdr->q_user;
4525 RealUid = ctladdr->q_uid;
4526 }
4527 else if (mailer != NULL && mailer->m_uid != 0)
4528 {
4529 RealUserName = DefUser;
4530 RealUid = mailer->m_uid;
4531 }
4532 else
4533 {
4534 RealUserName = DefUser;
4535 RealUid = DefUid;
4536 }
4537
4538 /* select a new group to run as */
4539 if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
4540 {
4541 RealGid = mailer->m_gid;
4542 if (RunAsUid != 0 &&
4543 (RealGid != getgid() ||
4544 RealGid != getegid()))
4545 {
4546 /* Only root can change the gid */
4547 syserr("mailfile: insufficient privileges to change gid");
4548 exit(EX_TEMPFAIL);
4549 }
4550 }
4551 else if (bitset(S_ISGID, mode))
4552 RealGid = stb.st_gid;
4553 else if (ctladdr != NULL &&
4554 ctladdr->q_uid == DefUid &&
4555 ctladdr->q_gid == 0)
4556 {
4557 /*
4558 ** Special case: This means it is an
4559 ** alias and we should act as DefaultUser.
4560 ** See alias()'s comments.
4561 */
4562
4563 RealGid = DefGid;
4564 RealUserName = DefUser;
4565 }
4566 else if (ctladdr != NULL && ctladdr->q_uid != 0)
4567 RealGid = ctladdr->q_gid;
4568 else if (mailer != NULL && mailer->m_gid != 0)
4569 RealGid = mailer->m_gid;
4570 else
4571 RealGid = DefGid;
4572 }
4573
4574 /* last ditch */
4575 if (!bitset(SFF_ROOTOK, sfflags))
4576 {
4577 if (RealUid == 0)
4578 RealUid = DefUid;
4579 if (RealGid == 0)
4580 RealGid = DefGid;
4581 }
4582
4583 /* set group id list (needs /etc/group access) */
4584 if (RealUserName != NULL && !DontInitGroups)
4585 {
4586 if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
4587 {
4588 syserr("mailfile: initgroups(%s, %d) failed",
4589 RealUserName, RealGid);
4590 exit(EX_TEMPFAIL);
4591 }
4592 }
4593 else
4594 {
4595 GIDSET_T gidset[1];
4596
4597 gidset[0] = RealGid;
4598 if (setgroups(1, gidset) == -1 && suidwarn)
4599 {
4600 syserr("mailfile: setgroups() failed");
4601 exit(EX_TEMPFAIL);
4602 }
4603 }
4604
4605 /*
4606 ** If you have a safe environment, go into it.
4607 */
4608
4609 if (realfile != targetfile)
4610 {
4611 *realfile = '\0';
4612 if (tTd(11, 20))
4613 dprintf("mailfile: chroot %s\n", targetfile);
4614 if (chroot(targetfile) < 0)
4615 {
4616 syserr("mailfile: Cannot chroot(%s)",
4617 targetfile);
4618 exit(EX_CANTCREAT);
4619 }
4620 *realfile = '/';
4621 }
4622
4623 if (tTd(11, 40))
4624 dprintf("mailfile: deliver to %s\n", realfile);
4625
4626 if (chdir("/") < 0)
4627 {
4628 syserr("mailfile: cannot chdir(/)");
4629 exit(EX_CANTCREAT);
4630 }
4631
4632 /* now reset the group and user ids */
4633 endpwent();
4634 if (setgid(RealGid) < 0 && suidwarn)
4635 {
4636 syserr("mailfile: setgid(%ld) failed", (long) RealGid);
4637 exit(EX_TEMPFAIL);
4638 }
4639 vendor_set_uid(RealUid);
4640 if (setuid(RealUid) < 0 && suidwarn)
4641 {
4642 syserr("mailfile: setuid(%ld) failed", (long) RealUid);
4643 exit(EX_TEMPFAIL);
4644 }
4645
4646 if (tTd(11, 2))
4647 dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n",
4648 (int) getuid(), (int) geteuid(),
4649 (int) getgid(), (int) getegid());
4650
4651
4652 /* move into some "safe" directory */
4653 if (mailer->m_execdir != NULL)
4654 {
4655 char *q;
4656
4657 for (p = mailer->m_execdir; p != NULL; p = q)
4658 {
4659 q = strchr(p, ':');
4660 if (q != NULL)
4661 *q = '\0';
4662 expand(p, buf, sizeof buf, e);
4663 if (q != NULL)
4664 *q++ = ':';
4665 if (tTd(11, 20))
4666 dprintf("mailfile: trydir %s\n", buf);
4667 if (buf[0] != '\0' && chdir(buf) >= 0)
4668 break;
4669 }
4670 }
4671
4672 /*
4673 ** Recheck the file after we have assumed the ID of the
4674 ** delivery user to make sure we can deliver to it as
4675 ** that user. This is necessary if sendmail is running
4676 ** as root and the file is on an NFS mount which treats
4677 ** root as nobody.
4678 */
4679
4680 #if HASLSTAT
4681 if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
4682 err = stat(realfile, &stb);
4683 else
4684 err = lstat(realfile, &stb);
4685 #else /* HASLSTAT */
4686 err = stat(realfile, &stb);
4687 #endif /* HASLSTAT */
4688
4689 if (err < 0)
4690 {
4691 stb.st_mode = ST_MODE_NOFILE;
4692 mode = FileMode;
4693 oflags |= O_CREAT|O_EXCL;
4694 }
4695 else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) ||
4696 (!bitnset(DBS_FILEDELIVERYTOHARDLINK,
4697 DontBlameSendmail) &&
4698 stb.st_nlink != 1) ||
4699 (realfile != targetfile && !S_ISREG(mode)))
4700 exit(EX_CANTCREAT);
4701 else
4702 mode = stb.st_mode;
4703
4704 if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
4705 sfflags |= SFF_NOSLINK;
4706 if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
4707 sfflags |= SFF_NOHLINK;
4708 sfflags &= ~SFF_OPENASROOT;
4709 f = safefopen(realfile, oflags, mode, sfflags);
4710 if (f == NULL)
4711 {
4712 if (transienterror(errno))
4713 {
4714 usrerr("454 4.3.0 cannot open %s: %s",
4715 shortenstring(realfile, MAXSHORTSTR),
4716 errstring(errno));
4717 exit(EX_TEMPFAIL);
4718 }
4719 else
4720 {
4721 usrerr("554 5.3.0 cannot open %s: %s",
4722 shortenstring(realfile, MAXSHORTSTR),
4723 errstring(errno));
4724 exit(EX_CANTCREAT);
4725 }
4726 }
4727 if (filechanged(realfile, fileno(f), &stb))
4728 {
4729 syserr("554 5.3.0 file changed after open");
4730 exit(EX_CANTCREAT);
4731 }
4732 if (fstat(fileno(f), &stb) < 0)
4733 {
4734 syserr("554 5.3.0 cannot fstat %s", errstring(errno));
4735 exit(EX_CANTCREAT);
4736 }
4737
4738 curoff = stb.st_size;
4739
4740 if (ev != NULL)
4741 clrevent(ev);
4742
4743 memset(&mcibuf, '\0', sizeof mcibuf);
4744 mcibuf.mci_mailer = mailer;
4745 mcibuf.mci_out = f;
4746 if (bitnset(M_7BITS, mailer->m_flags))
4747 mcibuf.mci_flags |= MCIF_7BIT;
4748
4749 /* clear out per-message flags from connection structure */
4750 mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
4751
4752 if (bitset(EF_HAS8BIT, e->e_flags) &&
4753 !bitset(EF_DONT_MIME, e->e_flags) &&
4754 bitnset(M_7BITS, mailer->m_flags))
4755 mcibuf.mci_flags |= MCIF_CVT8TO7;
4756
4757 #if MIME7TO8
4758 if (bitnset(M_MAKE8BIT, mailer->m_flags) &&
4759 !bitset(MCIF_7BIT, mcibuf.mci_flags) &&
4760 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL &&
4761 (strcasecmp(p, "quoted-printable") == 0 ||
4762 strcasecmp(p, "base64") == 0) &&
4763 (p = hvalue("Content-Type", e->e_header)) != NULL)
4764 {
4765 /* may want to convert 7 -> 8 */
4766 /* XXX should really parse it here -- and use a class XXX */
4767 if (strncasecmp(p, "text/plain", 10) == 0 &&
4768 (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
4769 mcibuf.mci_flags |= MCIF_CVT7TO8;
4770 }
4771 #endif /* MIME7TO8 */
4772
4773 putfromline(&mcibuf, e);
4774 (*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
4775 (*e->e_putbody)(&mcibuf, e, NULL);
4776 putline("\n", &mcibuf);
4777 if (fflush(f) != 0 ||
4778 (SuperSafe && fsync(fileno(f)) < 0) ||
4779 ferror(f))
4780 {
4781 setstat(EX_IOERR);
4782 #if !NOFTRUNCATE
4783 (void) ftruncate(fileno(f), curoff);
4784 #endif /* !NOFTRUNCATE */
4785 }
4786
4787 /* reset ISUID & ISGID bits for paranoid systems */
4788 #if HASFCHMOD
4789 (void) fchmod(fileno(f), (MODE_T) mode);
4790 #else /* HASFCHMOD */
4791 (void) chmod(filename, (MODE_T) mode);
4792 #endif /* HASFCHMOD */
4793 if (fclose(f) < 0)
4794 setstat(EX_IOERR);
4795 (void) fflush(stdout);
4796 (void) setuid(RealUid);
4797 exit(ExitStat);
4798 /* NOTREACHED */
4799 }
4800 else
4801 {
4802 /* parent -- wait for exit status */
4803 int st;
4804
4805 st = waitfor(pid);
4806 if (st == -1)
4807 {
4808 syserr("mailfile: %s: wait", mailer->m_name);
4809 return EX_SOFTWARE;
4810 }
4811 if (WIFEXITED(st))
4812 return (WEXITSTATUS(st));
4813 else
4814 {
4815 syserr("mailfile: %s: child died on signal %d",
4816 mailer->m_name, st);
4817 return EX_UNAVAILABLE;
4818 }
4819 /* NOTREACHED */
4820 }
4821 return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */
4822 }
4823
4824 static void
4825 mailfiletimeout()
4826 {
4827 /*
4828 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
4829 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
4830 ** DOING.
4831 */
4832
4833 errno = ETIMEDOUT;
4834 longjmp(CtxMailfileTimeout, 1);
4835 }
4836 �/*
4837 ** HOSTSIGNATURE -- return the "signature" for a host.
4838 **
4839 ** The signature describes how we are going to send this -- it
4840 ** can be just the hostname (for non-Internet hosts) or can be
4841 ** an ordered list of MX hosts.
4842 **
4843 ** Parameters:
4844 ** m -- the mailer describing this host.
4845 ** host -- the host name.
4846 **
4847 ** Returns:
4848 ** The signature for this host.
4849 **
4850 ** Side Effects:
4851 ** Can tweak the symbol table.
4852 */
4853 #define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */
4854
4855 static char *
4856 hostsignature(m, host)
4857 register MAILER *m;
4858 char *host;
4859 {
4860 register char *p;
4861 register STAB *s;
4862 #if NAMED_BIND
4863 char sep = ':';
4864 char prevsep = ':';
4865 int i;
4866 int len;
4867 int nmx;
4868 int hl;
4869 time_t now;
4870 char *hp;
4871 char *endp;
4872 int oldoptions = _res.options;
4873 char *mxhosts[MAXMXHOSTS + 1];
4874 u_short mxprefs[MAXMXHOSTS + 1];
4875 #endif /* NAMED_BIND */
4876
4877 if (tTd(17, 3))
4878 dprintf("hostsignature(%s)\n", host);
4879
4880 /*
4881 ** If local delivery (and not remote), just return a constant.
4882 */
4883
4884 p = m->m_mailer;
4885 if (bitnset(M_LOCALMAILER, m->m_flags) &&
4886 strcmp(p, "[IPC]") != 0 &&
4887 strcmp(p, "[TCP]") != 0)
4888 return "localhost";
4889
4890 /*
4891 ** Check to see if this uses IPC -- if not, it can't have MX records.
4892 */
4893
4894 if (strcmp(p, "[IPC]") != 0 &&
4895 strcmp(p, "[TCP]") != 0)
4896 {
4897 /* just an ordinary mailer */
4898 return host;
4899 }
4900 #if NETUNIX
4901 else if (m->m_argv[0] != NULL &&
4902 strcmp(m->m_argv[0], "FILE") == 0)
4903 {
4904 /* rendezvous in the file system, no MX records */
4905 return host;
4906 }
4907 #endif /* NETUNIX */
4908
4909 /*
4910 ** Look it up in the symbol table.
4911 */
4912
4913 s = stab(host, ST_HOSTSIG, ST_ENTER);
4914 if (s->s_hostsig != NULL)
4915 {
4916 if (tTd(17, 3))
4917 dprintf("hostsignature(): stab(%s) found %s\n", host,
4918 s->s_hostsig);
4919 return s->s_hostsig;
4920 }
4921
4922 /*
4923 ** Not already there -- create a signature.
4924 */
4925
4926 #if NAMED_BIND
4927 if (ConfigLevel < 2)
4928 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
4929
4930 now = curtime();
4931 for (hp = host; hp != NULL; hp = endp)
4932 {
4933 #if NETINET6
4934 if (*hp == '[')
4935 {
4936 endp = strchr(hp + 1, ']');
4937 if (endp != NULL)
4938 endp = strpbrk(endp + 1, ":,");
4939 }
4940 else
4941 endp = strpbrk(hp, ":,");
4942 #else /* NETINET6 */
4943 endp = strpbrk(hp, ":,");
4944 #endif /* NETINET6 */
4945 if (endp != NULL)
4946 {
4947 sep = *endp;
4948 *endp = '\0';
4949 }
4950
4951 if (bitnset(M_NOMX, m->m_flags))
4952 {
4953 /* skip MX lookups */
4954 nmx = 1;
4955 mxhosts[0] = hp;
4956 }
4957 else
4958 {
4959 auto int rcode;
4960
4961 nmx = getmxrr(hp, mxhosts, mxprefs, TRUE, &rcode);
4962 if (nmx <= 0)
4963 {
4964 int save_errno;
4965 register MCI *mci;
4966
4967 /* update the connection info for this host */
4968 save_errno = errno;
4969 mci = mci_get(hp, m);
4970 mci->mci_errno = save_errno;
4971 mci->mci_herrno = h_errno;
4972 mci->mci_lastuse = now;
4973 if (rcode == EX_NOHOST)
4974 mci_setstat(mci, rcode, "5.1.2",
4975 "550 Host unknown");
4976 else
4977 mci_setstat(mci, rcode, NULL, NULL);
4978
4979 /* use the original host name as signature */
4980 nmx = 1;
4981 mxhosts[0] = hp;
4982 }
4983 if (tTd(17, 3))
4984 dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n",
4985 nmx, mxhosts[0]);
4986 }
4987
4988 len = 0;
4989 for (i = 0; i < nmx; i++)
4990 len += strlen(mxhosts[i]) + 1;
4991 if (s->s_hostsig != NULL)
4992 len += strlen(s->s_hostsig) + 1;
4993 if (len >= MAXHOSTSIGNATURE)
4994 {
4995 sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d",
4996 host, MAXHOSTSIGNATURE, len);
4997 len = MAXHOSTSIGNATURE;
4998 }
4999 p = xalloc(len);
5000 if (s->s_hostsig != NULL)
5001 {
5002 (void) strlcpy(p, s->s_hostsig, len);
5003 sm_free(s->s_hostsig);
5004 s->s_hostsig = p;
5005 hl = strlen(p);
5006 p += hl;
5007 *p++ = prevsep;
5008 len -= hl + 1;
5009 }
5010 else
5011 s->s_hostsig = p;
5012 for (i = 0; i < nmx; i++)
5013 {
5014 hl = strlen(mxhosts[i]);
5015 if (len - 1 < hl || len <= 1)
5016 {
5017 /* force to drop out of outer loop */
5018 len = -1;
5019 break;
5020 }
5021 if (i != 0)
5022 {
5023 if (mxprefs[i] == mxprefs[i - 1])
5024 *p++ = ',';
5025 else
5026 *p++ = ':';
5027 len--;
5028 }
5029 (void) strlcpy(p, mxhosts[i], len);
5030 p += hl;
5031 len -= hl;
5032 }
5033
5034 /*
5035 ** break out of loop if len exceeded MAXHOSTSIGNATURE
5036 ** because we won't have more space for further hosts
5037 ** anyway (separated by : in the .cf file).
5038 */
5039
5040 if (len < 0)
5041 break;
5042 if (endp != NULL)
5043 *endp++ = sep;
5044 prevsep = sep;
5045 }
5046 makelower(s->s_hostsig);
5047 if (ConfigLevel < 2)
5048 _res.options = oldoptions;
5049 #else /* NAMED_BIND */
5050 /* not using BIND -- the signature is just the host name */
5051 s->s_hostsig = host;
5052 #endif /* NAMED_BIND */
5053 if (tTd(17, 1))
5054 dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig);
5055 return s->s_hostsig;
5056 }
5057 �/*
5058 ** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array.
5059 **
5060 ** The signature describes how we are going to send this -- it
5061 ** can be just the hostname (for non-Internet hosts) or can be
5062 ** an ordered list of MX hosts which must be randomized for equal
5063 ** MX preference values.
5064 **
5065 ** Parameters:
5066 ** sig -- the host signature.
5067 ** mxhosts -- array to populate.
5068 **
5069 ** Returns:
5070 ** The number of hosts inserted into mxhosts array.
5071 **
5072 ** Side Effects:
5073 ** Randomizes equal MX preference hosts in mxhosts.
5074 */
5075
5076 static int
5077 parse_hostsignature(sig, mxhosts, mailer)
5078 char *sig;
5079 char **mxhosts;
5080 MAILER *mailer;
5081 {
5082 int nmx = 0;
5083 int curpref = 0;
5084 int i, j;
5085 char *hp, *endp;
5086 u_short prefer[MAXMXHOSTS];
5087 long rndm[MAXMXHOSTS];
5088
5089 for (hp = sig; hp != NULL; hp = endp)
5090 {
5091 char sep = ':';
5092
5093 #if NETINET6
5094 if (*hp == '[')
5095 {
5096 endp = strchr(hp + 1, ']');
5097 if (endp != NULL)
5098 endp = strpbrk(endp + 1, ":,");
5099 }
5100 else
5101 endp = strpbrk(hp, ":,");
5102 #else /* NETINET6 */
5103 endp = strpbrk(hp, ":,");
5104 #endif /* NETINET6 */
5105 if (endp != NULL)
5106 {
5107 sep = *endp;
5108 *endp = '\0';
5109 }
5110
5111 mxhosts[nmx] = hp;
5112 prefer[nmx] = curpref;
5113 if (mci_match(hp, mailer))
5114 rndm[nmx] = 0;
5115 else
5116 rndm[nmx] = get_random();
5117
5118 if (endp != NULL)
5119 {
5120 /*
5121 ** Since we don't have the original MX prefs,
5122 ** make our own. If the separator is a ':', that
5123 ** means the preference for the next host will be
5124 ** higher than this one, so simply increment curpref.
5125 */
5126
5127 if (sep == ':')
5128 curpref++;
5129
5130 *endp++ = sep;
5131 }
5132 if (++nmx >= MAXMXHOSTS)
5133 break;
5134 }
5135
5136 /* sort the records using the random factor for equal preferences */
5137 for (i = 0; i < nmx; i++)
5138 {
5139 for (j = i + 1; j < nmx; j++)
5140 {
5141 /*
5142 ** List is already sorted by MX preference, only
5143 ** need to look for equal preference MX records
5144 */
5145
5146 if (prefer[i] < prefer[j])
5147 break;
5148
5149 if (prefer[i] > prefer[j] ||
5150 (prefer[i] == prefer[j] && rndm[i] > rndm[j]))
5151 {
5152 register u_short tempp;
5153 register long tempr;
5154 register char *temp1;
5155
5156 tempp = prefer[i];
5157 prefer[i] = prefer[j];
5158 prefer[j] = tempp;
5159 temp1 = mxhosts[i];
5160 mxhosts[i] = mxhosts[j];
5161 mxhosts[j] = temp1;
5162 tempr = rndm[i];
5163 rndm[i] = rndm[j];
5164 rndm[j] = tempr;
5165 }
5166 }
5167 }
5168 return nmx;
5169 }
5170
5171 #if SMTP
5172 # if STARTTLS
5173 static SSL_CTX *clt_ctx = NULL;
5174
5175 �/*
5176 ** INITCLTTLS -- initialize client side TLS
5177 **
5178 ** Parameters:
5179 ** none.
5180 **
5181 ** Returns:
5182 ** succeeded?
5183 */
5184
5185 bool
5186 initclttls()
5187 {
5188 if (clt_ctx != NULL)
5189 return TRUE; /* already done */
5190 return inittls(&clt_ctx, TLS_I_CLT, FALSE, CltCERTfile, Cltkeyfile,
5191 CACERTpath, CACERTfile, DHParams);
5192 }
5193
5194 �/*
5195 ** STARTTLS -- try to start secure connection (client side)
5196 **
5197 ** Parameters:
5198 ** m -- the mailer.
5199 ** mci -- the mailer connection info.
5200 ** e -- the envelope.
5201 **
5202 ** Returns:
5203 ** success?
5204 ** (maybe this should be some other code than EX_
5205 ** that denotes which stage failed.)
5206 */
5207
5208 static int
5209 starttls(m, mci, e)
5210 MAILER *m;
5211 MCI *mci;
5212 ENVELOPE *e;
5213 {
5214 int smtpresult;
5215 int result = 0;
5216 int rfd, wfd;
5217 SSL *clt_ssl = NULL;
5218
5219 if (clt_ctx == NULL && !initclttls())
5220 return EX_TEMPFAIL;
5221 smtpmessage("STARTTLS", m, mci);
5222
5223 /* get the reply */
5224 smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, NULL, NULL);
5225 /* which timeout? XXX */
5226
5227 /* check return code from server */
5228 if (smtpresult == 454)
5229 return EX_TEMPFAIL;
5230 if (smtpresult == 501)
5231 return EX_USAGE;
5232 if (smtpresult == -1)
5233 return smtpresult;
5234 if (smtpresult != 220)
5235 return EX_PROTOCOL;
5236
5237 if (LogLevel > 13)
5238 sm_syslog(LOG_INFO, e->e_id, "TLS: start client");
5239
5240 /* start connection */
5241 if ((clt_ssl = SSL_new(clt_ctx)) == NULL)
5242 {
5243 if (LogLevel > 5)
5244 {
5245 sm_syslog(LOG_ERR, e->e_id,
5246 "TLS: error: client: SSL_new failed");
5247 if (LogLevel > 9)
5248 tlslogerr();
5249 }
5250 return EX_SOFTWARE;
5251 }
5252
5253 rfd = fileno(mci->mci_in);
5254 wfd = fileno(mci->mci_out);
5255
5256 /* SSL_clear(clt_ssl); ? */
5257 if (rfd < 0 || wfd < 0 ||
5258 (result = SSL_set_rfd(clt_ssl, rfd)) <= 0 ||
5259 (result = SSL_set_wfd(clt_ssl, wfd)) <= 0)
5260 {
5261 if (LogLevel > 5)
5262 {
5263 sm_syslog(LOG_ERR, e->e_id,
5264 "TLS: error: SSL_set_xfd failed=%d", result);
5265 if (LogLevel > 9)
5266 tlslogerr();
5267 }
5268 return EX_SOFTWARE;
5269 }
5270 SSL_set_connect_state(clt_ssl);
5271 if ((result = SSL_connect(clt_ssl)) <= 0)
5272 {
5273 int i;
5274
5275 /* what to do in this case? */
5276 i = SSL_get_error(clt_ssl, result);
5277 if (LogLevel > 5)
5278 {
5279 sm_syslog(LOG_ERR, e->e_id,
5280 "TLS: error: SSL_connect failed=%d (%d)",
5281 result, i);
5282 if (LogLevel > 9)
5283 tlslogerr();
5284 }
5285 SSL_free(clt_ssl);
5286 clt_ssl = NULL;
5287 return EX_SOFTWARE;
5288 }
5289 mci->mci_ssl = clt_ssl;
5290 result = tls_get_info(clt_ssl, e, FALSE, mci->mci_host, TRUE);
5291
5292 /* switch to use SSL... */
5293 #if SFIO
5294 if (sfdctls(mci->mci_in, mci->mci_out, mci->mci_ssl) == 0)
5295 return EX_OK;
5296 #else /* SFIO */
5297 # if _FFR_TLS_TOREK
5298 if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0)
5299 return EX_OK;
5300 # endif /* _FFR_TLS_TOREK */
5301 #endif /* SFIO */
5302
5303 /* failure */
5304 SSL_free(clt_ssl);
5305 clt_ssl = NULL;
5306 return EX_SOFTWARE;
5307 }
5308
5309 �/*
5310 ** ENDTLSCLT -- shutdown secure connection (client side)
5311 **
5312 ** Parameters:
5313 ** mci -- the mailer connection info.
5314 **
5315 ** Returns:
5316 ** success?
5317 */
5318 int
5319 endtlsclt(mci)
5320 MCI *mci;
5321 {
5322 int r;
5323
5324 if (!bitset(MCIF_TLSACT, mci->mci_flags))
5325 return EX_OK;
5326 r = endtls(mci->mci_ssl, "client");
5327 mci->mci_flags &= ~MCIF_TLSACT;
5328 return r;
5329 }
5330 �/*
5331 ** ENDTLS -- shutdown secure connection
5332 **
5333 ** Parameters:
5334 ** ssl -- SSL connection information.
5335 ** side -- srv/clt (for logging).
5336 **
5337 ** Returns:
5338 ** success?
5339 */
5340
5341 int
5342 endtls(ssl, side)
5343 SSL *ssl;
5344 char *side;
5345 {
5346 int ret = EX_OK;
5347
5348 if (ssl != NULL)
5349 {
5350 int r;
5351
5352 if ((r = SSL_shutdown(ssl)) < 0)
5353 {
5354 if (LogLevel > 11)
5355 sm_syslog(LOG_WARNING, NOQID,
5356 "SSL_shutdown %s failed: %d",
5357 side, r);
5358 ret = EX_SOFTWARE;
5359 }
5360 else if (r == 0)
5361 {
5362 if (LogLevel > 13)
5363 sm_syslog(LOG_WARNING, NOQID,
5364 "SSL_shutdown %s not done",
5365 side);
5366 ret = EX_SOFTWARE;
5367 }
5368 SSL_free(ssl);
5369 ssl = NULL;
5370 }
5371 return ret;
5372 }
5373 # endif /* STARTTLS */
5374 #endif /* SMTP */
5375