1 /*
2 * Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #include <sendmail.h>
15 #include <sm/sendmail.h>
16
17 SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $")
18
19 /*
20 ** CLRSESSENVELOPE -- clear session oriented data in an envelope
21 **
22 ** Parameters:
23 ** e -- the envelope to clear.
24 **
25 ** Returns:
26 ** none.
27 */
28
29 void
30 clrsessenvelope(e)
31 ENVELOPE *e;
32 {
33 #if SASL
34 macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
35 macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
36 macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
37 macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
38 #endif /* SASL */
39 #if STARTTLS
40 macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
41 macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
42 macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
43 macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
44 macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
45 macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
46 macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
47 macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
48 macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
49 #endif /* STARTTLS */
50 }
51
52 /*
53 ** NEWENVELOPE -- fill in a new envelope
54 **
55 ** Supports inheritance.
56 **
57 ** Parameters:
58 ** e -- the new envelope to fill in.
59 ** parent -- the envelope to be the parent of e.
60 ** rpool -- either NULL, or a pointer to a resource pool
61 ** from which envelope memory is allocated, and
62 ** to which envelope resources are attached.
63 **
64 ** Returns:
65 ** e.
66 **
67 ** Side Effects:
68 ** none.
69 */
70
71 ENVELOPE *
newenvelope(e,parent,rpool)72 newenvelope(e, parent, rpool)
73 register ENVELOPE *e;
74 register ENVELOPE *parent;
75 SM_RPOOL_T *rpool;
76 {
77 int sendmode;
78
79 /*
80 ** This code used to read:
81 ** if (e == parent && e->e_parent != NULL)
82 ** parent = e->e_parent;
83 ** So if e == parent && e->e_parent == NULL then we would
84 ** set e->e_parent = e, which creates a loop in the e_parent chain.
85 ** This meant macvalue() could go into an infinite loop.
86 */
87
88 if (parent != NULL)
89 sendmode = parent->e_sendmode;
90 else
91 sendmode = DM_NOTSET;
92
93 if (e == parent)
94 parent = e->e_parent;
95 clearenvelope(e, true, rpool);
96 if (e == CurEnv)
97 memmove((char *) &e->e_from,
98 (char *) &NullAddress,
99 sizeof(e->e_from));
100 else
101 memmove((char *) &e->e_from,
102 (char *) &CurEnv->e_from,
103 sizeof(e->e_from));
104 e->e_parent = parent;
105 assign_queueid(e);
106 e->e_ctime = curtime();
107 #if _FFR_SESSID
108 e->e_sessid = e->e_id;
109 #endif
110 if (parent != NULL)
111 {
112 e->e_msgpriority = parent->e_msgsize;
113 #if _FFR_SESSID
114 if (parent->e_sessid != NULL)
115 e->e_sessid = sm_rpool_strdup_x(rpool,
116 parent->e_sessid);
117 #endif
118
119 if (parent->e_quarmsg == NULL)
120 {
121 e->e_quarmsg = NULL;
122 macdefine(&e->e_macro, A_PERM,
123 macid("{quarantine}"), "");
124 }
125 else
126 {
127 e->e_quarmsg = sm_rpool_strdup_x(rpool,
128 parent->e_quarmsg);
129 macdefine(&e->e_macro, A_PERM,
130 macid("{quarantine}"), e->e_quarmsg);
131 }
132 }
133 e->e_puthdr = putheader;
134 e->e_putbody = putbody;
135 if (CurEnv->e_xfp != NULL)
136 (void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
137 if (sendmode != DM_NOTSET)
138 set_delivery_mode(sendmode, e);
139
140 return e;
141 }
142
143 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
144 #define MSG_T_O 0x01 /* normal timeout */
145 #define MSG_T_O_NOW 0x02 /* NOW timeout */
146 #define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */
147 #define MSG_WARN 0x10 /* normal queue warning */
148 #define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */
149
150 #define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */
151
152 /* immediate return */
153 #define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
154 #define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */
155
156 /*
157 ** DROPENVELOPE -- deallocate an envelope.
158 **
159 ** Parameters:
160 ** e -- the envelope to deallocate.
161 ** fulldrop -- if set, do return receipts.
162 ** split -- if true, split by recipient if message is queued up
163 **
164 ** Returns:
165 ** EX_* status (currently: 0: success, EX_IOERR on panic)
166 **
167 ** Side Effects:
168 ** housekeeping necessary to dispose of an envelope.
169 ** Unlocks this queue file.
170 */
171
172 int
dropenvelope(e,fulldrop,split)173 dropenvelope(e, fulldrop, split)
174 register ENVELOPE *e;
175 bool fulldrop;
176 bool split;
177 {
178 bool panic = false;
179 bool queueit = false;
180 int msg_timeout = 0;
181 bool failure_return = false;
182 bool delay_return = false;
183 bool success_return = false;
184 bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
185 bool done = false;
186 register ADDRESS *q;
187 char *id = e->e_id;
188 time_t now;
189 char buf[MAXLINE];
190
191 if (tTd(50, 1))
192 {
193 sm_dprintf("dropenvelope %p: id=", (void *)e);
194 xputs(sm_debug_file(), e->e_id);
195 sm_dprintf(", flags=");
196 printenvflags(e);
197 if (tTd(50, 10))
198 {
199 sm_dprintf("sendq=");
200 printaddr(sm_debug_file(), e->e_sendqueue, true);
201 }
202 }
203
204 if (LogLevel > 84)
205 sm_syslog(LOG_DEBUG, id,
206 "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
207 e->e_flags, OpMode, (int) CurrentPid);
208
209 /* we must have an id to remove disk files */
210 if (id == NULL)
211 return EX_OK;
212
213 /* if verify-only mode, we can skip most of this */
214 if (OpMode == MD_VERIFY)
215 goto simpledrop;
216
217 if (tTd(92, 2))
218 sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
219 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
220 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
221 logsender(e, NULL);
222 e->e_flags &= ~EF_LOGSENDER;
223
224 /* post statistics */
225 poststats(StatFile);
226
227 /*
228 ** Extract state information from dregs of send list.
229 */
230
231 now = curtime();
232 if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
233 msg_timeout = MSG_T_O;
234 if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
235 now >= e->e_ctime + e->e_deliver_by &&
236 !bitset(EF_RESPONSE, e->e_flags))
237 {
238 msg_timeout = MSG_NOT_BY;
239 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
240 }
241 else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
242 !bitset(EF_RESPONSE, e->e_flags))
243 {
244 msg_timeout = MSG_T_O_NOW;
245 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
246 }
247
248 #if _FFR_PROXY
249 if (tTd(87, 2))
250 {
251 q = e->e_sendqueue;
252 sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n",
253 e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q,
254 (q == NULL) ? (void *)0 : q->q_next,
255 (q == NULL) ? -1 : q->q_state);
256 }
257 #endif /* _FFR_PROXY */
258
259 e->e_flags &= ~EF_QUEUERUN;
260 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
261 {
262 if (QS_IS_UNDELIVERED(q->q_state))
263 queueit = true;
264
265 #if _FFR_PROXY
266 if (queueit && e->e_sendmode == SM_PROXY)
267 queueit = false;
268 #endif
269
270 /* see if a notification is needed */
271 if (bitset(QPINGONFAILURE, q->q_flags) &&
272 ((IS_MSG_ERR(msg_timeout) &&
273 QS_IS_UNDELIVERED(q->q_state)) ||
274 QS_IS_BADADDR(q->q_state) ||
275 IS_IMM_RET(msg_timeout)))
276 {
277 failure_return = true;
278 if (!done && q->q_owner == NULL &&
279 !emptyaddr(&e->e_from))
280 {
281 (void) sendtolist(e->e_from.q_paddr, NULLADDR,
282 &e->e_errorqueue, 0, e);
283 done = true;
284 }
285 }
286 else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
287 ((QS_IS_SENT(q->q_state) &&
288 bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
289 bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
290 bitset(QBYTRACE, q->q_flags) ||
291 bitset(QBYNRELAY, q->q_flags))
292 {
293 success_return = true;
294 }
295 }
296
297 if (e->e_class < 0)
298 e->e_flags |= EF_NO_BODY_RETN;
299
300 /*
301 ** See if the message timed out.
302 */
303
304 if (!queueit)
305 /* EMPTY */
306 /* nothing to do */ ;
307 else if (IS_MSG_ERR(msg_timeout))
308 {
309 if (failure_return)
310 {
311 if (msg_timeout == MSG_NOT_BY)
312 {
313 (void) sm_snprintf(buf, sizeof(buf),
314 "delivery time expired %lds",
315 e->e_deliver_by);
316 }
317 else
318 {
319 (void) sm_snprintf(buf, sizeof(buf),
320 "Cannot send message for %s",
321 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
322 false));
323 }
324
325 /* don't free, allocated from e_rpool */
326 e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
327 message("%s", buf);
328 e->e_flags |= EF_CLRQUEUE;
329 }
330 if (msg_timeout == MSG_NOT_BY)
331 {
332 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
333 "Delivery time (%lds) expired\n",
334 e->e_deliver_by);
335 }
336 else
337 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
338 "Message could not be delivered for %s\n",
339 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
340 false));
341 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
342 "Message will be deleted from queue\n");
343 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
344 {
345 if (QS_IS_UNDELIVERED(q->q_state))
346 {
347 q->q_state = QS_BADADDR;
348 if (msg_timeout == MSG_NOT_BY)
349 q->q_status = "5.4.7";
350 else
351 q->q_status = "4.4.7";
352 }
353 }
354 }
355 else
356 {
357 if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
358 now >= e->e_ctime +
359 TimeOuts.to_q_warning[e->e_timeoutclass])
360 msg_timeout = MSG_WARN;
361 else if (IS_DLVR_NOTIFY(e) &&
362 e->e_deliver_by > 0 &&
363 now >= e->e_ctime + e->e_deliver_by)
364 msg_timeout = MSG_WARN_BY;
365
366 if (IS_MSG_WARN(msg_timeout))
367 {
368 if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
369 e->e_class >= 0 &&
370 e->e_from.q_paddr != NULL &&
371 strcmp(e->e_from.q_paddr, "<>") != 0 &&
372 sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
373 (strlen(e->e_from.q_paddr) <= 8 ||
374 !SM_STRCASEEQ(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
375 "-request")))
376 {
377 for (q = e->e_sendqueue; q != NULL;
378 q = q->q_next)
379 {
380 if (QS_IS_UNDELIVERED(q->q_state)
381 #if _FFR_NODELAYDSN_ON_HOLD
382 && !bitnset(M_HOLD,
383 q->q_mailer->m_flags)
384 #endif
385 )
386 {
387 if (msg_timeout ==
388 MSG_WARN_BY &&
389 (bitset(QPINGONDELAY,
390 q->q_flags) ||
391 !bitset(QHASNOTIFY,
392 q->q_flags))
393 )
394 {
395 q->q_flags |= QBYNDELAY;
396 delay_return = true;
397 }
398 if (bitset(QPINGONDELAY,
399 q->q_flags))
400 {
401 q->q_flags |= QDELAYED;
402 delay_return = true;
403 }
404 }
405 }
406 }
407 if (delay_return)
408 {
409 if (msg_timeout == MSG_WARN_BY)
410 {
411 (void) sm_snprintf(buf, sizeof(buf),
412 "Warning: Delivery time (%lds) exceeded",
413 e->e_deliver_by);
414 }
415 else
416 (void) sm_snprintf(buf, sizeof(buf),
417 "Warning: could not send message for past %s",
418 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
419 false));
420
421 /* don't free, allocated from e_rpool */
422 e->e_message = sm_rpool_strdup_x(e->e_rpool,
423 buf);
424 message("%s", buf);
425 e->e_flags |= EF_WARNING;
426 }
427 if (msg_timeout == MSG_WARN_BY)
428 {
429 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
430 "Warning: Delivery time (%lds) exceeded\n",
431 e->e_deliver_by);
432 }
433 else
434 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
435 "Warning: message still undelivered after %s\n",
436 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
437 false));
438 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
439 "Will keep trying until message is %s old\n",
440 pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
441 false));
442 }
443 }
444
445 if (tTd(50, 2))
446 sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
447 failure_return, delay_return, success_return, queueit);
448
449 /*
450 ** If we had some fatal error, but no addresses are marked as bad,
451 ** mark all OK/VERIFIED addresses as bad (if QPINGONFAILURE).
452 */
453
454 if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
455 {
456 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
457 {
458 if ((QS_IS_OK(q->q_state) ||
459 QS_IS_VERIFIED(q->q_state))
460 && bitset(QPINGONFAILURE, q->q_flags)
461
462 /*
463 ** do not mark an address as bad if
464 ** - the address itself is stored in the queue
465 ** - the DeliveryMode requires queueing
466 ** - the envelope is queued
467 */
468
469 && !(bitset(QQUEUED, q->q_flags)
470 && WILL_BE_QUEUED(e->e_sendmode)
471 && bitset(EF_INQUEUE, e->e_flags)
472 )
473 )
474 {
475 failure_return = true;
476 q->q_state = QS_BADADDR;
477 }
478 }
479 }
480
481 /*
482 ** Send back return receipts as requested.
483 */
484
485 if (success_return && !failure_return && !delay_return && fulldrop &&
486 !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
487 strcmp(e->e_from.q_paddr, "<>") != 0)
488 {
489 auto ADDRESS *rlist = NULL;
490
491 if (tTd(50, 8))
492 sm_dprintf("dropenvelope(%s): sending return receipt\n",
493 id);
494 e->e_flags |= EF_SENDRECEIPT;
495 (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
496 (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
497 }
498 e->e_flags &= ~EF_SENDRECEIPT;
499
500 /*
501 ** Arrange to send error messages if there are fatal errors.
502 */
503
504 if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
505 {
506 if (tTd(50, 8))
507 sm_dprintf("dropenvelope(%s): saving mail\n", id);
508 panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
509 }
510
511 /*
512 ** Arrange to send warning messages to postmaster as requested.
513 */
514
515 if ((failure_return || pmnotify) &&
516 PostMasterCopy != NULL &&
517 !bitset(EF_RESPONSE, e->e_flags) &&
518 e->e_class >= 0)
519 {
520 auto ADDRESS *rlist = NULL;
521 char pcopy[MAXNAME_I];
522
523 if (failure_return)
524 {
525 expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
526
527 if (tTd(50, 8))
528 sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
529 id, pcopy);
530 (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
531 }
532 if (pmnotify)
533 (void) sendtolist("postmaster", NULLADDR,
534 &rlist, 0, e);
535 (void) returntosender(e->e_message, rlist,
536 RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
537 }
538
539 /*
540 ** Instantiate or deinstantiate the queue.
541 */
542
543 simpledrop:
544 if (tTd(50, 8))
545 sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
546 id, queueit);
547 if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
548 {
549 if (tTd(50, 1))
550 {
551 sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
552 e->e_id, queueit);
553 printenvflags(e);
554 }
555 if (!panic)
556 {
557 SM_CLOSE_FP(e->e_dfp);
558 (void) xunlink(queuename(e, DATAFL_LETTER));
559 }
560 if (panic && QueueMode == QM_LOST)
561 {
562 /*
563 ** leave the Qf file behind as
564 ** the delivery attempt failed.
565 */
566
567 /* EMPTY */
568 }
569 else
570 if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
571 {
572 /* add to available space in filesystem */
573 updfs(e, -1, panic ? 0 : -1, "dropenvelope");
574 }
575
576 if (e->e_ntries > 0 && LogLevel > 9)
577 sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
578 pintvl(curtime() - e->e_ctime, true),
579 e->e_ntries);
580 }
581 else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
582 {
583 if (!split)
584 queueup(e, QUP_FL_MSYNC);
585 else
586 {
587 ENVELOPE *oldsib;
588 ENVELOPE *ee;
589
590 /*
591 ** Save old sibling and set it to NULL to avoid
592 ** queueing up the same envelopes again.
593 ** This requires that envelopes in that list have
594 ** been take care of before (or at some other place).
595 */
596
597 oldsib = e->e_sibling;
598 e->e_sibling = NULL;
599 if (!split_by_recipient(e) &&
600 bitset(EF_FATALERRS, e->e_flags))
601 {
602 syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld",
603 e->e_id, queuename(e, DATAFL_LETTER),
604 (long) geteuid());
605 }
606 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
607 queueup(ee, QUP_FL_MSYNC);
608 queueup(e, QUP_FL_MSYNC);
609
610 /* clean up */
611 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
612 {
613 /* now unlock the job */
614 if (tTd(50, 8))
615 sm_dprintf("dropenvelope(%s): unlocking job\n",
616 ee->e_id);
617 closexscript(ee);
618 unlockqueue(ee);
619
620 /* this envelope is marked unused */
621 SM_CLOSE_FP(ee->e_dfp);
622 ee->e_id = NULL;
623 ee->e_flags &= ~EF_HAS_DF;
624 }
625 e->e_sibling = oldsib;
626 }
627 }
628
629 /* now unlock the job */
630 if (tTd(50, 8))
631 sm_dprintf("dropenvelope(%s): unlocking job\n", id);
632 closexscript(e);
633 unlockqueue(e);
634
635 /* make sure that this envelope is marked unused */
636 SM_CLOSE_FP(e->e_dfp);
637 e->e_id = NULL;
638 e->e_flags &= ~EF_HAS_DF;
639 if (panic)
640 return EX_IOERR;
641 return EX_OK;
642 }
643
644 /*
645 ** CLEARENVELOPE -- clear an envelope without unlocking
646 **
647 ** This is normally used by a child process to get a clean
648 ** envelope without disturbing the parent.
649 **
650 ** Parameters:
651 ** e -- the envelope to clear.
652 ** fullclear - if set, the current envelope is total
653 ** garbage and should be ignored; otherwise,
654 ** release any resources it may indicate.
655 ** rpool -- either NULL, or a pointer to a resource pool
656 ** from which envelope memory is allocated, and
657 ** to which envelope resources are attached.
658 **
659 ** Returns:
660 ** none.
661 **
662 ** Side Effects:
663 ** Closes files associated with the envelope.
664 ** Marks the envelope as unallocated.
665 */
666
667 void
clearenvelope(e,fullclear,rpool)668 clearenvelope(e, fullclear, rpool)
669 register ENVELOPE *e;
670 bool fullclear;
671 SM_RPOOL_T *rpool;
672 {
673 register HDR *bh;
674 register HDR **nhp;
675 extern ENVELOPE BlankEnvelope;
676 char **p;
677
678 if (!fullclear)
679 {
680 /* clear out any file information */
681 SM_CLOSE_FP(e->e_xfp);
682 SM_CLOSE_FP(e->e_dfp);
683 }
684
685 /*
686 ** Copy BlankEnvelope into *e.
687 ** It is not safe to simply copy pointers to strings;
688 ** the strings themselves must be copied (or set to NULL).
689 ** The problem is that when we assign a new string value to
690 ** a member of BlankEnvelope, we free the old string.
691 ** We did not need to do this copying in sendmail 8.11 :-(
692 ** and it is a potential performance hit. Reference counted
693 ** strings are one way out.
694 */
695
696 *e = BlankEnvelope;
697 e->e_message = NULL;
698 e->e_qfletter = '\0';
699 e->e_quarmsg = NULL;
700 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
701
702 /*
703 ** Copy the macro table.
704 ** We might be able to avoid this by zeroing the macro table
705 ** and always searching BlankEnvelope.e_macro after e->e_macro
706 ** in macvalue().
707 */
708
709 for (p = &e->e_macro.mac_table[0];
710 p <= &e->e_macro.mac_table[MAXMACROID];
711 ++p)
712 {
713 if (*p != NULL)
714 *p = sm_rpool_strdup_x(rpool, *p);
715 }
716
717 /*
718 ** XXX There are many strings in the envelope structure
719 ** XXX that we are not attempting to copy here.
720 ** XXX Investigate this further.
721 */
722
723 e->e_rpool = rpool;
724 e->e_macro.mac_rpool = rpool;
725 if (Verbose)
726 set_delivery_mode(SM_DELIVER, e);
727 bh = BlankEnvelope.e_header;
728 nhp = &e->e_header;
729 while (bh != NULL)
730 {
731 *nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
732 memmove((char *) *nhp, (char *) bh, sizeof(*bh));
733 bh = bh->h_link;
734 nhp = &(*nhp)->h_link;
735 }
736 #if _FFR_MILTER_ENHSC
737 e->e_enhsc[0] = '\0';
738 #endif
739 }
740 /*
741 ** INITSYS -- initialize instantiation of system
742 **
743 ** In Daemon mode, this is done in the child.
744 **
745 ** Parameters:
746 ** e -- the envelope to use.
747 **
748 ** Returns:
749 ** none.
750 **
751 ** Side Effects:
752 ** Initializes the system macros, some global variables,
753 ** etc. In particular, the current time in various
754 ** forms is set.
755 */
756
757 void
initsys(e)758 initsys(e)
759 register ENVELOPE *e;
760 {
761 char buf[10];
762 #ifdef TTYNAME
763 static char ybuf[60]; /* holds tty id */
764 register char *p;
765 extern char *ttyname();
766 #endif /* TTYNAME */
767
768 /*
769 ** Give this envelope a reality.
770 ** I.e., an id, a transcript, and a creation time.
771 ** We don't select the queue until all of the recipients are known.
772 */
773
774 openxscript(e);
775 e->e_ctime = curtime();
776 e->e_qfletter = '\0';
777
778 /*
779 ** Set OutChannel to something useful if stdout isn't it.
780 ** This arranges that any extra stuff the mailer produces
781 ** gets sent back to the user on error (because it is
782 ** tucked away in the transcript).
783 */
784
785 if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
786 e->e_xfp != NULL)
787 OutChannel = e->e_xfp;
788
789 /*
790 ** Set up some basic system macros.
791 */
792
793 /* process id */
794 (void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
795 macdefine(&e->e_macro, A_TEMP, 'p', buf);
796
797 /* hop count */
798 (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
799 macdefine(&e->e_macro, A_TEMP, 'c', buf);
800
801 /* time as integer, unix time, arpa time */
802 settime(e);
803
804 /* Load average */
805 sm_getla();
806
807 #ifdef TTYNAME
808 /* tty name */
809 if (macvalue('y', e) == NULL)
810 {
811 p = ttyname(2);
812 if (p != NULL)
813 {
814 if (strrchr(p, '/') != NULL)
815 p = strrchr(p, '/') + 1;
816 (void) sm_strlcpy(ybuf, sizeof(ybuf), p);
817 macdefine(&e->e_macro, A_PERM, 'y', ybuf);
818 }
819 }
820 #endif /* TTYNAME */
821 }
822 /*
823 ** SETTIME -- set the current time.
824 **
825 ** Parameters:
826 ** e -- the envelope in which the macros should be set.
827 **
828 ** Returns:
829 ** none.
830 **
831 ** Side Effects:
832 ** Sets the various time macros -- $a, $b, $d, $t.
833 */
834
835 void
settime(e)836 settime(e)
837 register ENVELOPE *e;
838 {
839 register char *p;
840 auto time_t now;
841 char buf[30];
842 register struct tm *tm;
843
844 now = curtime();
845 (void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
846 macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
847 tm = gmtime(&now);
848 (void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
849 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
850 tm->tm_hour, tm->tm_min);
851 macdefine(&e->e_macro, A_TEMP, 't', buf);
852 (void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
853 p = strchr(buf, '\n');
854 if (p != NULL)
855 *p = '\0';
856 macdefine(&e->e_macro, A_TEMP, 'd', buf);
857 macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
858 if (macvalue('a', e) == NULL)
859 macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
860 }
861 /*
862 ** OPENXSCRIPT -- Open transcript file
863 **
864 ** Creates a transcript file for possible eventual mailing or
865 ** sending back.
866 **
867 ** Parameters:
868 ** e -- the envelope to create the transcript in/for.
869 **
870 ** Returns:
871 ** none
872 **
873 ** Side Effects:
874 ** Creates the transcript file.
875 */
876
877 #ifndef O_APPEND
878 # define O_APPEND 0
879 #endif
880
881 void
openxscript(e)882 openxscript(e)
883 register ENVELOPE *e;
884 {
885 register char *p;
886
887 if (e->e_xfp != NULL)
888 return;
889
890 #if 0
891 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
892 syserr("openxscript: job not locked");
893 #endif
894
895 p = queuename(e, XSCRPT_LETTER);
896 e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
897 SFF_NOTEXCL|SFF_OPENASROOT);
898
899 if (e->e_xfp == NULL)
900 {
901 syserr("Can't create transcript file %s", p);
902 e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
903 SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
904 if (e->e_xfp == NULL)
905 syserr("!Can't open %s", SM_PATH_DEVNULL);
906 }
907 (void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
908 if (tTd(46, 9))
909 {
910 sm_dprintf("openxscript(%s):\n ", p);
911 dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
912 false);
913 }
914 }
915 /*
916 ** CLOSEXSCRIPT -- close the transcript file.
917 **
918 ** Parameters:
919 ** e -- the envelope containing the transcript to close.
920 **
921 ** Returns:
922 ** none.
923 **
924 ** Side Effects:
925 ** none.
926 */
927
928 void
closexscript(e)929 closexscript(e)
930 register ENVELOPE *e;
931 {
932 if (e->e_xfp == NULL)
933 return;
934 #if 0
935 if (e->e_lockfp == NULL)
936 syserr("closexscript: job not locked");
937 #endif
938 SM_CLOSE_FP(e->e_xfp);
939 }
940 /*
941 ** SETSENDER -- set the person who this message is from
942 **
943 ** Under certain circumstances allow the user to say who
944 ** s/he is (using -f or -r). These are:
945 ** 1. The user's uid is zero (root).
946 ** 2. The user's login name is in an approved list (typically
947 ** from a network server).
948 ** 3. The address the user is trying to claim has a
949 ** "!" character in it (since #2 doesn't do it for
950 ** us if we are dialing out for UUCP).
951 ** A better check to replace #3 would be if the
952 ** effective uid is "UUCP" -- this would require me
953 ** to rewrite getpwent to "grab" uucp as it went by,
954 ** make getname more nasty, do another passwd file
955 ** scan, or compile the UID of "UUCP" into the code,
956 ** all of which are reprehensible.
957 **
958 ** Assuming all of these fail, we figure out something
959 ** ourselves.
960 **
961 ** Parameters:
962 ** from -- the person we would like to believe this message [i]
963 ** is from, as specified on the command line.
964 ** e -- the envelope in which we would like the sender set.
965 ** delimptr -- if non-NULL, set to the location of the
966 ** trailing delimiter.
967 ** delimchar -- the character that will delimit the sender
968 ** address.
969 ** internal -- set if this address is coming from an internal
970 ** source such as an owner alias.
971 **
972 ** Returns:
973 ** none.
974 **
975 ** Side Effects:
976 ** sets sendmail's notion of who the from person is.
977 */
978
979 void
setsender(from,e,delimptr,delimchar,internal)980 setsender(from, e, delimptr, delimchar, internal)
981 char *from;
982 register ENVELOPE *e;
983 char **delimptr;
984 int delimchar;
985 bool internal;
986 {
987 register char **pvp;
988 char *realname = NULL;
989 char *bp;
990 char buf[MAXNAME_I + 2];
991 char pvpbuf[PSBUFSIZE];
992 extern char *FullName;
993
994 if (tTd(45, 1))
995 sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
996
997 /* may be set from earlier calls */
998 macdefine(&e->e_macro, A_PERM, 'x', "");
999
1000 /*
1001 ** Figure out the real user executing us.
1002 ** Username can return errno != 0 on non-errors.
1003 */
1004
1005 if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
1006 OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
1007 realname = from;
1008 if (SM_IS_EMPTY(realname))
1009 realname = username();
1010
1011 if (ConfigLevel < 2)
1012 SuprErrs = true;
1013
1014 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1015
1016 /* preset state for then clause in case from == NULL */
1017 e->e_from.q_state = QS_BADADDR;
1018 e->e_from.q_flags = 0;
1019 if (from == NULL ||
1020 parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
1021 delimchar, delimptr, e, false) == NULL ||
1022 QS_IS_BADADDR(e->e_from.q_state) ||
1023 e->e_from.q_mailer == ProgMailer ||
1024 e->e_from.q_mailer == FileMailer ||
1025 e->e_from.q_mailer == InclMailer)
1026 {
1027 /* log garbage addresses for traceback */
1028 if (from != NULL && LogLevel > 2)
1029 {
1030 char *p;
1031 char ebuf[MAXNAME * 2 + 2]; /* EAI:ok? */
1032
1033 p = macvalue('_', e);
1034 if (p == NULL)
1035 {
1036 char *host = RealHostName;
1037
1038 if (host == NULL)
1039 host = MyHostName;
1040 (void) sm_snprintf(ebuf, sizeof(ebuf),
1041 "%.*s@%.*s",
1042 MAXNAME, realname, /* EAI: see above */
1043 MAXNAME, host); /* EAI: see above */
1044 p = ebuf;
1045 }
1046 sm_syslog(LOG_NOTICE, e->e_id,
1047 "setsender: %s: invalid or unparsable, received from %s",
1048 shortenstring(from, 83), p);
1049 }
1050 if (from != NULL)
1051 {
1052 if (!QS_IS_BADADDR(e->e_from.q_state))
1053 {
1054 /* it was a bogus mailer in the from addr */
1055 e->e_status = "5.1.7";
1056 usrerrenh(e->e_status,
1057 "553 Invalid sender address");
1058 }
1059 SuprErrs = true;
1060 }
1061 if (from == realname ||
1062 /* XXX realname must be [i] */
1063 parseaddr(from = realname,
1064 &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1065 NULL, e, false) == NULL)
1066 {
1067 char nbuf[100];
1068
1069 SuprErrs = true;
1070 expand("\201n", nbuf, sizeof(nbuf), e);
1071 from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1072 /* XXX from must be [i] */
1073 if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1074 NULL, e, false) == NULL &&
1075 parseaddr(from = "postmaster", &e->e_from,
1076 RF_COPYALL, ' ', NULL, e, false) == NULL)
1077 syserr("553 5.3.0 setsender: can't even parse postmaster!");
1078 }
1079 }
1080 else
1081 FromFlag = true;
1082 e->e_from.q_state = QS_SENDER;
1083 if (tTd(45, 5))
1084 {
1085 sm_dprintf("setsender: QS_SENDER ");
1086 printaddr(sm_debug_file(), &e->e_from, false);
1087 }
1088 SuprErrs = false;
1089
1090 #if USERDB
1091 if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1092 {
1093 register char *p;
1094
1095 p = udbsender(e->e_from.q_user, e->e_rpool);
1096 if (p != NULL)
1097 from = p;
1098 }
1099 #endif /* USERDB */
1100
1101 if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1102 {
1103 SM_MBDB_T user;
1104
1105 if (!internal)
1106 {
1107 /* if the user already given fullname don't redefine */
1108 if (FullName == NULL)
1109 FullName = macvalue('x', e);
1110 if (FullName != NULL)
1111 {
1112 if (FullName[0] == '\0')
1113 FullName = NULL;
1114 else
1115 FullName = newstr(FullName);
1116 }
1117 }
1118
1119 if (e->e_from.q_user[0] != '\0' &&
1120 sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1121 {
1122 /*
1123 ** Process passwd file entry.
1124 */
1125
1126 /* extract home directory */
1127 if (*user.mbdb_homedir == '\0')
1128 e->e_from.q_home = NULL;
1129 else if (strcmp(user.mbdb_homedir, "/") == 0)
1130 e->e_from.q_home = "";
1131 else
1132 e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1133 user.mbdb_homedir);
1134 macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1135
1136 /* extract user and group id */
1137 if (user.mbdb_uid != SM_NO_UID)
1138 {
1139 e->e_from.q_uid = user.mbdb_uid;
1140 e->e_from.q_gid = user.mbdb_gid;
1141 e->e_from.q_flags |= QGOODUID;
1142 }
1143
1144 /* extract full name from passwd file */
1145 if (FullName == NULL && !internal &&
1146 user.mbdb_fullname[0] != '\0' &&
1147 strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1148 {
1149 FullName = newstr(user.mbdb_fullname);
1150 }
1151 }
1152 else
1153 {
1154 e->e_from.q_home = NULL;
1155 }
1156 if (FullName != NULL && !internal)
1157 macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1158 }
1159 else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1160 {
1161 if (e->e_from.q_home == NULL)
1162 {
1163 e->e_from.q_home = getenv("HOME");
1164 if (e->e_from.q_home != NULL)
1165 {
1166 if (*e->e_from.q_home == '\0')
1167 e->e_from.q_home = NULL;
1168 else if (strcmp(e->e_from.q_home, "/") == 0)
1169 e->e_from.q_home++;
1170 }
1171 }
1172 e->e_from.q_uid = RealUid;
1173 e->e_from.q_gid = RealGid;
1174 e->e_from.q_flags |= QGOODUID;
1175 }
1176
1177 /*
1178 ** Rewrite the from person to dispose of possible implicit
1179 ** links in the net.
1180 */
1181
1182 pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
1183 IntTokenTab, false);
1184 if (pvp == NULL)
1185 {
1186 /* don't need to give error -- prescan did that already */
1187 if (LogLevel > 2)
1188 sm_syslog(LOG_NOTICE, e->e_id,
1189 "cannot prescan from (%s)",
1190 shortenstring(from, MAXSHORTSTR));
1191 finis(true, true, ExitStat);
1192 }
1193 (void) REWRITE(pvp, 3, e);
1194 (void) REWRITE(pvp, 1, e);
1195 (void) REWRITE(pvp, 4, e);
1196 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1197 bp = buf + 1;
1198 cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
1199 if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1200 {
1201 /* heuristic: route-addr: add angle brackets */
1202 (void) sm_strlcat(bp, ">", sizeof(buf) - 1);
1203 *--bp = '<';
1204 }
1205 e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1206 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1207
1208 /* save the domain spec if this mailer wants it */
1209 if (e->e_from.q_mailer != NULL &&
1210 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1211 {
1212 char **lastat;
1213
1214 /* get rid of any pesky angle brackets */
1215 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1216 (void) REWRITE(pvp, 3, e);
1217 (void) REWRITE(pvp, 1, e);
1218 (void) REWRITE(pvp, 4, e);
1219 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1220
1221 /* strip off to the last "@" sign */
1222 for (lastat = NULL; *pvp != NULL; pvp++)
1223 {
1224 if (strcmp(*pvp, "@") == 0)
1225 lastat = pvp;
1226 }
1227 if (lastat != NULL)
1228 {
1229 e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1230 if (tTd(45, 3))
1231 {
1232 sm_dprintf("Saving from domain: ");
1233 printav(sm_debug_file(), e->e_fromdomain);
1234 }
1235 }
1236 }
1237 }
1238 /*
1239 ** PRINTENVFLAGS -- print envelope flags for debugging
1240 **
1241 ** Parameters:
1242 ** e -- the envelope with the flags to be printed.
1243 **
1244 ** Returns:
1245 ** none.
1246 */
1247
1248 struct eflags
1249 {
1250 char *ef_name;
1251 unsigned long ef_bit;
1252 };
1253
1254 static struct eflags EnvelopeFlags[] =
1255 {
1256 { "OLDSTYLE", EF_OLDSTYLE },
1257 { "INQUEUE", EF_INQUEUE },
1258 { "NO_BODY_RETN", EF_NO_BODY_RETN },
1259 { "CLRQUEUE", EF_CLRQUEUE },
1260 { "SENDRECEIPT", EF_SENDRECEIPT },
1261 { "FATALERRS", EF_FATALERRS },
1262 { "DELETE_BCC", EF_DELETE_BCC },
1263 { "RESPONSE", EF_RESPONSE },
1264 { "RESENT", EF_RESENT },
1265 { "VRFYONLY", EF_VRFYONLY },
1266 { "WARNING", EF_WARNING },
1267 { "QUEUERUN", EF_QUEUERUN },
1268 { "GLOBALERRS", EF_GLOBALERRS },
1269 { "PM_NOTIFY", EF_PM_NOTIFY },
1270 { "METOO", EF_METOO },
1271 { "LOGSENDER", EF_LOGSENDER },
1272 { "NORECEIPT", EF_NORECEIPT },
1273 { "HAS8BIT", EF_HAS8BIT },
1274 { "RET_PARAM", EF_RET_PARAM },
1275 { "HAS_DF", EF_HAS_DF },
1276 { "IS_MIME", EF_IS_MIME },
1277 { "DONT_MIME", EF_DONT_MIME },
1278 { "DISCARD", EF_DISCARD },
1279 { "TOOBIG", EF_TOOBIG },
1280 { "SPLIT", EF_SPLIT },
1281 { "UNSAFE", EF_UNSAFE },
1282 { "TOODEEP", EF_TOODEEP },
1283 { "SECURE", EF_SECURE },
1284 { NULL, 0 }
1285 };
1286
1287 void
printenvflags(e)1288 printenvflags(e)
1289 register ENVELOPE *e;
1290 {
1291 register struct eflags *ef;
1292 bool first = true;
1293
1294 sm_dprintf("%lx", e->e_flags);
1295 for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1296 {
1297 if (!bitset(ef->ef_bit, e->e_flags))
1298 continue;
1299 if (first)
1300 sm_dprintf("<%s", ef->ef_name);
1301 else
1302 sm_dprintf(",%s", ef->ef_name);
1303 first = false;
1304 }
1305 if (!first)
1306 sm_dprintf(">\n");
1307 }
1308