xref: /freebsd/contrib/sendmail/src/envelope.c (revision 42c159fe388a3765f69860c84183700af37aca8a)
1 /*
2  * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("@(#)$Id: envelope.c,v 8.279 2001/12/10 19:56:04 ca Exp $")
17 
18 /*
19 **  NEWENVELOPE -- fill in a new envelope
20 **
21 **	Supports inheritance.
22 **
23 **	Parameters:
24 **		e -- the new envelope to fill in.
25 **		parent -- the envelope to be the parent of e.
26 **		rpool -- either NULL, or a pointer to a resource pool
27 **			from which envelope memory is allocated, and
28 **			to which envelope resources are attached.
29 **
30 **	Returns:
31 **		e.
32 **
33 **	Side Effects:
34 **		none.
35 */
36 
37 ENVELOPE *
38 newenvelope(e, parent, rpool)
39 	register ENVELOPE *e;
40 	register ENVELOPE *parent;
41 	SM_RPOOL_T *rpool;
42 {
43 	/*
44 	**  This code used to read:
45 	**	if (e == parent && e->e_parent != NULL)
46 	**		parent = e->e_parent;
47 	**  So if e == parent && e->e_parent == NULL then we would
48 	**  set e->e_parent = e, which creates a loop in the e_parent chain.
49 	**  This meant macvalue() could go into an infinite loop.
50 	*/
51 
52 	if (e == parent)
53 		parent = e->e_parent;
54 	clearenvelope(e, true, rpool);
55 	if (e == CurEnv)
56 		memmove((char *) &e->e_from,
57 			(char *) &NullAddress,
58 			sizeof e->e_from);
59 	else
60 		memmove((char *) &e->e_from,
61 			(char *) &CurEnv->e_from,
62 			sizeof e->e_from);
63 	e->e_parent = parent;
64 	assign_queueid(e);
65 	e->e_ctime = curtime();
66 	if (parent != NULL)
67 	{
68 		e->e_msgpriority = parent->e_msgsize;
69 #if _FFR_QUARANTINE
70 		if (parent->e_quarmsg == NULL)
71 		{
72 			e->e_quarmsg = NULL;
73 			macdefine(&e->e_macro, A_PERM,
74 				  macid("{quarantine}"), "");
75 		}
76 		else
77 		{
78 			e->e_quarmsg = sm_rpool_strdup_x(rpool,
79 							 parent->e_quarmsg);
80 			macdefine(&e->e_macro, A_PERM,
81 				  macid("{quarantine}"), e->e_quarmsg);
82 		}
83 #endif /* _FFR_QUARANTINE */
84 	}
85 	e->e_puthdr = putheader;
86 	e->e_putbody = putbody;
87 	if (CurEnv->e_xfp != NULL)
88 		(void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
89 
90 	return e;
91 }
92 
93 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
94 #define MSG_T_O		0x01	/* normal timeout */
95 #define MSG_T_O_NOW	0x02	/* NOW timeout */
96 #define MSG_NOT_BY	0x04	/* Deliver-By time exceeded, mode R */
97 #define MSG_WARN	0x10	/* normal queue warning */
98 #define MSG_WARN_BY	0x20	/* Deliver-By time exceeded, mode N */
99 
100 #define IS_MSG_ERR(x)	(((x) & 0x0f) != 0)	/* return an error */
101 
102 /* immediate return */
103 #define IS_IMM_RET(x)	(((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
104 #define IS_MSG_WARN(x)	(((x) & 0xf0) != 0)	/* return a warning */
105 
106 /*
107 **  DROPENVELOPE -- deallocate an envelope.
108 **
109 **	Parameters:
110 **		e -- the envelope to deallocate.
111 **		fulldrop -- if set, do return receipts.
112 **		split -- if true, split by recipient if message is queued up
113 **
114 **	Returns:
115 **		none.
116 **
117 **	Side Effects:
118 **		housekeeping necessary to dispose of an envelope.
119 **		Unlocks this queue file.
120 */
121 
122 void
123 dropenvelope(e, fulldrop, split)
124 	register ENVELOPE *e;
125 	bool fulldrop;
126 	bool split;
127 {
128 	bool panic = false;
129 	bool queueit = false;
130 	int msg_timeout = 0;
131 	bool failure_return = false;
132 	bool delay_return = false;
133 	bool success_return = false;
134 	bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
135 	bool done = false;
136 	register ADDRESS *q;
137 	char *id = e->e_id;
138 	time_t now;
139 	char buf[MAXLINE];
140 
141 	if (tTd(50, 1))
142 	{
143 		sm_dprintf("dropenvelope %p: id=", e);
144 		xputs(e->e_id);
145 		sm_dprintf(", flags=");
146 		printenvflags(e);
147 		if (tTd(50, 10))
148 		{
149 			sm_dprintf("sendq=");
150 			printaddr(e->e_sendqueue, true);
151 		}
152 	}
153 
154 	if (LogLevel > 84)
155 		sm_syslog(LOG_DEBUG, id,
156 			  "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
157 			  e->e_flags, OpMode, (int) CurrentPid);
158 
159 	/* we must have an id to remove disk files */
160 	if (id == NULL)
161 		return;
162 
163 	/* if verify-only mode, we can skip most of this */
164 	if (OpMode == MD_VERIFY)
165 		goto simpledrop;
166 
167 	if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
168 		logsender(e, NULL);
169 	e->e_flags &= ~EF_LOGSENDER;
170 
171 	/* post statistics */
172 	poststats(StatFile);
173 
174 	/*
175 	**  Extract state information from dregs of send list.
176 	*/
177 
178 	now = curtime();
179 	if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
180 		msg_timeout = MSG_T_O;
181 	if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
182 	    now >= e->e_ctime + e->e_deliver_by &&
183 	    !bitset(EF_RESPONSE, e->e_flags))
184 	{
185 		msg_timeout = MSG_NOT_BY;
186 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
187 	}
188 	else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
189 		 !bitset(EF_RESPONSE, e->e_flags))
190 	{
191 		msg_timeout = MSG_T_O_NOW;
192 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
193 	}
194 
195 	e->e_flags &= ~EF_QUEUERUN;
196 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
197 	{
198 		if (QS_IS_UNDELIVERED(q->q_state))
199 			queueit = true;
200 
201 		/* see if a notification is needed */
202 		if (bitset(QPINGONFAILURE, q->q_flags) &&
203 		    ((IS_MSG_ERR(msg_timeout) &&
204 		      QS_IS_UNDELIVERED(q->q_state)) ||
205 		     QS_IS_BADADDR(q->q_state) ||
206 		     IS_IMM_RET(msg_timeout)))
207 		{
208 			failure_return = true;
209 			if (!done && q->q_owner == NULL &&
210 			    !emptyaddr(&e->e_from))
211 			{
212 				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
213 						  &e->e_errorqueue, 0, e);
214 				done = true;
215 			}
216 		}
217 		else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
218 			  ((QS_IS_SENT(q->q_state) &&
219 			    bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
220 			   bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
221 			  bitset(QBYTRACE, q->q_flags) ||
222 			  bitset(QBYNRELAY, q->q_flags))
223 		{
224 			success_return = true;
225 		}
226 	}
227 
228 	if (e->e_class < 0)
229 		e->e_flags |= EF_NO_BODY_RETN;
230 
231 	/*
232 	**  See if the message timed out.
233 	*/
234 
235 	if (!queueit)
236 		/* EMPTY */
237 		/* nothing to do */ ;
238 	else if (IS_MSG_ERR(msg_timeout))
239 	{
240 		if (failure_return)
241 		{
242 			if (msg_timeout == MSG_NOT_BY)
243 			{
244 				(void) sm_snprintf(buf, sizeof buf,
245 					"delivery time expired %lds",
246 					e->e_deliver_by);
247 			}
248 			else
249 			{
250 				(void) sm_snprintf(buf, sizeof buf,
251 					"Cannot send message for %s",
252 					pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
253 						false));
254 			}
255 
256 			/* don't free, allocated from e_rpool */
257 			e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
258 			message(buf);
259 			e->e_flags |= EF_CLRQUEUE;
260 		}
261 		if (msg_timeout == MSG_NOT_BY)
262 		{
263 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
264 				"Delivery time (%lds) expired\n",
265 				e->e_deliver_by);
266 		}
267 		else
268 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
269 				"Message could not be delivered for %s\n",
270 				pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
271 					false));
272 		(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
273 			"Message will be deleted from queue\n");
274 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
275 		{
276 			if (QS_IS_UNDELIVERED(q->q_state))
277 			{
278 				q->q_state = QS_BADADDR;
279 				if (msg_timeout == MSG_NOT_BY)
280 					q->q_status = "5.4.7";
281 				else
282 					q->q_status = "4.4.7";
283 			}
284 		}
285 	}
286 	else
287 	{
288 		if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
289 		    now >= e->e_ctime +
290 				TimeOuts.to_q_warning[e->e_timeoutclass])
291 			msg_timeout = MSG_WARN;
292 		else if (IS_DLVR_NOTIFY(e) &&
293 			 e->e_deliver_by > 0 &&
294 			 now >= e->e_ctime + e->e_deliver_by)
295 			msg_timeout = MSG_WARN_BY;
296 
297 		if (IS_MSG_WARN(msg_timeout))
298 		{
299 			if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
300 			    e->e_class >= 0 &&
301 			    e->e_from.q_paddr != NULL &&
302 			    strcmp(e->e_from.q_paddr, "<>") != 0 &&
303 			    sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
304 			    (strlen(e->e_from.q_paddr) <= 8 ||
305 			     sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
306 					   "-request") != 0))
307 			{
308 				for (q = e->e_sendqueue; q != NULL;
309 				     q = q->q_next)
310 				{
311 					if (QS_IS_UNDELIVERED(q->q_state)
312 #if _FFR_NODELAYDSN_ON_HOLD
313 					    && !bitnset(M_HOLD,
314 							q->q_mailer->m_flags)
315 #endif /* _FFR_NODELAYDSN_ON_HOLD */
316 					   )
317 					{
318 						if (msg_timeout ==
319 						    MSG_WARN_BY &&
320 						    (bitset(QPINGONDELAY,
321 							    q->q_flags) ||
322 						    !bitset(QHASNOTIFY,
323 							    q->q_flags))
324 						   )
325 						{
326 							q->q_flags |= QBYNDELAY;
327 							delay_return = true;
328 						}
329 						if (bitset(QPINGONDELAY,
330 							   q->q_flags))
331 						{
332 							q->q_flags |= QDELAYED;
333 							delay_return = true;
334 						}
335 					}
336 				}
337 			}
338 			if (delay_return)
339 			{
340 				if (msg_timeout == MSG_WARN_BY)
341 				{
342 					(void) sm_snprintf(buf, sizeof buf,
343 						"Warning: Delivery time (%lds) exceeded",
344 						e->e_deliver_by);
345 				}
346 				else
347 					(void) sm_snprintf(buf, sizeof buf,
348 						"Warning: could not send message for past %s",
349 						pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
350 							false));
351 
352 				/* don't free, allocated from e_rpool */
353 				e->e_message = sm_rpool_strdup_x(e->e_rpool,
354 								 buf);
355 				message(buf);
356 				e->e_flags |= EF_WARNING;
357 			}
358 			if (msg_timeout == MSG_WARN_BY)
359 			{
360 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
361 					"Warning: Delivery time (%lds) exceeded\n",
362 					e->e_deliver_by);
363 			}
364 			else
365 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
366 					"Warning: message still undelivered after %s\n",
367 					pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
368 					     false));
369 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
370 				      "Will keep trying until message is %s old\n",
371 				      pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
372 					     false));
373 		}
374 	}
375 
376 	if (tTd(50, 2))
377 		sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
378 			failure_return, delay_return, success_return, queueit);
379 
380 	/*
381 	**  If we had some fatal error, but no addresses are marked as
382 	**  bad, mark them _all_ as bad.
383 	*/
384 
385 	if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
386 	{
387 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
388 		{
389 			if ((QS_IS_OK(q->q_state) ||
390 			     QS_IS_VERIFIED(q->q_state)) &&
391 			    bitset(QPINGONFAILURE, q->q_flags))
392 			{
393 				failure_return = true;
394 				q->q_state = QS_BADADDR;
395 			}
396 		}
397 	}
398 
399 	/*
400 	**  Send back return receipts as requested.
401 	*/
402 
403 	if (success_return && !failure_return && !delay_return && fulldrop &&
404 	    !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
405 	    strcmp(e->e_from.q_paddr, "<>") != 0)
406 	{
407 		auto ADDRESS *rlist = NULL;
408 
409 		if (tTd(50, 8))
410 			sm_dprintf("dropenvelope(%s): sending return receipt\n",
411 				id);
412 		e->e_flags |= EF_SENDRECEIPT;
413 		(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
414 		(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
415 	}
416 	e->e_flags &= ~EF_SENDRECEIPT;
417 
418 	/*
419 	**  Arrange to send error messages if there are fatal errors.
420 	*/
421 
422 	if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
423 	{
424 		if (tTd(50, 8))
425 			sm_dprintf("dropenvelope(%s): saving mail\n", id);
426 		panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
427 	}
428 
429 	/*
430 	**  Arrange to send warning messages to postmaster as requested.
431 	*/
432 
433 	if ((failure_return || pmnotify) &&
434 	    PostMasterCopy != NULL &&
435 	    !bitset(EF_RESPONSE, e->e_flags) &&
436 	    e->e_class >= 0)
437 	{
438 		auto ADDRESS *rlist = NULL;
439 		char pcopy[MAXNAME];
440 
441 		if (failure_return)
442 		{
443 			expand(PostMasterCopy, pcopy, sizeof pcopy, e);
444 
445 			if (tTd(50, 8))
446 				sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
447 					id, pcopy);
448 			(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
449 		}
450 		if (pmnotify)
451 			(void) sendtolist("postmaster", NULLADDR,
452 					  &rlist, 0, e);
453 		(void) returntosender(e->e_message, rlist,
454 				      RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
455 	}
456 
457 	/*
458 	**  Instantiate or deinstantiate the queue.
459 	*/
460 
461 simpledrop:
462 	if (tTd(50, 8))
463 		sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
464 			id, queueit);
465 	if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
466 	{
467 		if (tTd(50, 1))
468 		{
469 			sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
470 				e->e_id, queueit);
471 			printenvflags(e);
472 		}
473 		if (!panic)
474 			(void) xunlink(queuename(e, DATAFL_LETTER));
475 #if _FFR_QUARANTINE
476 		if (panic && QueueMode == QM_LOST)
477 		{
478 			/*
479 			**  leave the Qf file behind as
480 			**  the delivery attempt failed.
481 			*/
482 
483 			/* EMPTY */
484 		}
485 		else
486 #endif /* _FFR_QUARANTINE */
487 		if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
488 		{
489 			/* add to available space in filesystem */
490 			updfs(e, true, !panic);
491 		}
492 
493 		if (e->e_ntries > 0 && LogLevel > 9)
494 			sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
495 				  pintvl(curtime() - e->e_ctime, true),
496 				  e->e_ntries);
497 	}
498 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
499 	{
500 		if (!split)
501 			queueup(e, false, true);
502 		else
503 		{
504 			ENVELOPE *oldsib;
505 			ENVELOPE *ee;
506 
507 			/*
508 			**  Save old sibling and set it to NULL to avoid
509 			**  queueing up the same envelopes again.
510 			**  This requires that envelopes in that list have
511 			**  been take care of before (or at some other place).
512 			*/
513 
514 			oldsib = e->e_sibling;
515 			e->e_sibling = NULL;
516 			if (!split_by_recipient(e) &&
517 			    bitset(EF_FATALERRS, e->e_flags))
518 			{
519 				syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
520 					e->e_id, queuename(e, DATAFL_LETTER),
521 					geteuid());
522 			}
523 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
524 				queueup(ee, false, true);
525 			queueup(e, false, true);
526 
527 			/* clean up */
528 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
529 			{
530 				/* now unlock the job */
531 				if (tTd(50, 8))
532 					sm_dprintf("dropenvelope(%s): unlocking job\n",
533 						   ee->e_id);
534 				closexscript(ee);
535 				unlockqueue(ee);
536 
537 				/* this envelope is marked unused */
538 				if (ee->e_dfp != NULL)
539 				{
540 					(void) sm_io_close(ee->e_dfp,
541 							   SM_TIME_DEFAULT);
542 					ee->e_dfp = NULL;
543 				}
544 				ee->e_id = NULL;
545 				ee->e_flags &= ~EF_HAS_DF;
546 			}
547 			e->e_sibling = oldsib;
548 		}
549 	}
550 
551 	/* now unlock the job */
552 	if (tTd(50, 8))
553 		sm_dprintf("dropenvelope(%s): unlocking job\n", id);
554 	closexscript(e);
555 	unlockqueue(e);
556 
557 	/* make sure that this envelope is marked unused */
558 	if (e->e_dfp != NULL)
559 	{
560 		(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
561 		e->e_dfp = NULL;
562 	}
563 	e->e_id = NULL;
564 	e->e_flags &= ~EF_HAS_DF;
565 }
566 /*
567 **  CLEARENVELOPE -- clear an envelope without unlocking
568 **
569 **	This is normally used by a child process to get a clean
570 **	envelope without disturbing the parent.
571 **
572 **	Parameters:
573 **		e -- the envelope to clear.
574 **		fullclear - if set, the current envelope is total
575 **			garbage and should be ignored; otherwise,
576 **			release any resources it may indicate.
577 **		rpool -- either NULL, or a pointer to a resource pool
578 **			from which envelope memory is allocated, and
579 **			to which envelope resources are attached.
580 **
581 **	Returns:
582 **		none.
583 **
584 **	Side Effects:
585 **		Closes files associated with the envelope.
586 **		Marks the envelope as unallocated.
587 */
588 
589 void
590 clearenvelope(e, fullclear, rpool)
591 	register ENVELOPE *e;
592 	bool fullclear;
593 	SM_RPOOL_T *rpool;
594 {
595 	register HDR *bh;
596 	register HDR **nhp;
597 	extern ENVELOPE BlankEnvelope;
598 	char **p;
599 
600 	if (!fullclear)
601 	{
602 		/* clear out any file information */
603 		if (e->e_xfp != NULL)
604 			(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
605 		if (e->e_dfp != NULL)
606 			(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
607 		e->e_xfp = e->e_dfp = NULL;
608 	}
609 
610 	/*
611 	**  Copy BlankEnvelope into *e.
612 	**  It is not safe to simply copy pointers to strings;
613 	**  the strings themselves must be copied (or set to NULL).
614 	**  The problem is that when we assign a new string value to
615 	**  a member of BlankEnvelope, we free the old string.
616 	**  We did not need to do this copying in sendmail 8.11 :-(
617 	**  and it is a potential performance hit.  Reference counted
618 	**  strings are one way out.
619 	*/
620 
621 	*e = BlankEnvelope;
622 	e->e_message = NULL;
623 #if _FFR_QUARANTINE
624 	e->e_qfletter = '\0';
625 	e->e_quarmsg = NULL;
626 	macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
627 #endif /* _FFR_QUARANTINE */
628 
629 	/*
630 	**  Copy the macro table.
631 	**  We might be able to avoid this by zeroing the macro table
632 	**  and always searching BlankEnvelope.e_macro after e->e_macro
633 	**  in macvalue().
634 	*/
635 
636 	for (p = &e->e_macro.mac_table[0];
637 	     p <= &e->e_macro.mac_table[MAXMACROID];
638 	     ++p)
639 	{
640 		if (*p != NULL)
641 			*p = sm_rpool_strdup_x(rpool, *p);
642 	}
643 
644 	/*
645 	**  XXX There are many strings in the envelope structure
646 	**  XXX that we are not attempting to copy here.
647 	**  XXX Investigate this further.
648 	*/
649 
650 	e->e_rpool = rpool;
651 	e->e_macro.mac_rpool = rpool;
652 	if (Verbose)
653 		set_delivery_mode(SM_DELIVER, e);
654 	bh = BlankEnvelope.e_header;
655 	nhp = &e->e_header;
656 	while (bh != NULL)
657 	{
658 		*nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof *bh);
659 		memmove((char *) *nhp, (char *) bh, sizeof *bh);
660 		bh = bh->h_link;
661 		nhp = &(*nhp)->h_link;
662 	}
663 }
664 /*
665 **  INITSYS -- initialize instantiation of system
666 **
667 **	In Daemon mode, this is done in the child.
668 **
669 **	Parameters:
670 **		e -- the envelope to use.
671 **
672 **	Returns:
673 **		none.
674 **
675 **	Side Effects:
676 **		Initializes the system macros, some global variables,
677 **		etc.  In particular, the current time in various
678 **		forms is set.
679 */
680 
681 void
682 initsys(e)
683 	register ENVELOPE *e;
684 {
685 	char buf[10];
686 #ifdef TTYNAME
687 	static char ybuf[60];			/* holds tty id */
688 	register char *p;
689 	extern char *ttyname();
690 #endif /* TTYNAME */
691 
692 	/*
693 	**  Give this envelope a reality.
694 	**	I.e., an id, a transcript, and a creation time.
695 	**  We don't select the queue until all of the recipients are known.
696 	*/
697 
698 	openxscript(e);
699 	e->e_ctime = curtime();
700 #if _FFR_QUARANTINE
701 	e->e_qfletter = '\0';
702 #endif /* _FFR_QUARANTINE */
703 #if _FFR_QUEUEDELAY
704 	e->e_queuealg = QueueAlg;
705 	e->e_queuedelay = QueueInitDelay;
706 #endif /* _FFR_QUEUEDELAY */
707 
708 	/*
709 	**  Set OutChannel to something useful if stdout isn't it.
710 	**	This arranges that any extra stuff the mailer produces
711 	**	gets sent back to the user on error (because it is
712 	**	tucked away in the transcript).
713 	*/
714 
715 	if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
716 	    e->e_xfp != NULL)
717 		OutChannel = e->e_xfp;
718 
719 	/*
720 	**  Set up some basic system macros.
721 	*/
722 
723 	/* process id */
724 	(void) sm_snprintf(buf, sizeof buf, "%d", (int) CurrentPid);
725 	macdefine(&e->e_macro, A_TEMP, 'p', buf);
726 
727 	/* hop count */
728 	(void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
729 	macdefine(&e->e_macro, A_TEMP, 'c', buf);
730 
731 	/* time as integer, unix time, arpa time */
732 	settime(e);
733 
734 	/* Load average */
735 	sm_getla();
736 
737 #ifdef TTYNAME
738 	/* tty name */
739 	if (macvalue('y', e) == NULL)
740 	{
741 		p = ttyname(2);
742 		if (p != NULL)
743 		{
744 			if (strrchr(p, '/') != NULL)
745 				p = strrchr(p, '/') + 1;
746 			(void) sm_strlcpy(ybuf, sizeof ybuf, p);
747 			macdefine(&e->e_macro, A_PERM, 'y', ybuf);
748 		}
749 	}
750 #endif /* TTYNAME */
751 }
752 /*
753 **  SETTIME -- set the current time.
754 **
755 **	Parameters:
756 **		e -- the envelope in which the macros should be set.
757 **
758 **	Returns:
759 **		none.
760 **
761 **	Side Effects:
762 **		Sets the various time macros -- $a, $b, $d, $t.
763 */
764 
765 void
766 settime(e)
767 	register ENVELOPE *e;
768 {
769 	register char *p;
770 	auto time_t now;
771 	char buf[30];
772 	register struct tm *tm;
773 
774 	now = curtime();
775 	tm = gmtime(&now);
776 	(void) sm_snprintf(buf, sizeof buf, "%04d%02d%02d%02d%02d",
777 			   tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
778 			   tm->tm_hour, tm->tm_min);
779 	macdefine(&e->e_macro, A_TEMP, 't', buf);
780 	(void) sm_strlcpy(buf, ctime(&now), sizeof buf);
781 	p = strchr(buf, '\n');
782 	if (p != NULL)
783 		*p = '\0';
784 	macdefine(&e->e_macro, A_TEMP, 'd', buf);
785 	macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
786 	if (macvalue('a', e) == NULL)
787 		macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
788 }
789 /*
790 **  OPENXSCRIPT -- Open transcript file
791 **
792 **	Creates a transcript file for possible eventual mailing or
793 **	sending back.
794 **
795 **	Parameters:
796 **		e -- the envelope to create the transcript in/for.
797 **
798 **	Returns:
799 **		none
800 **
801 **	Side Effects:
802 **		Creates the transcript file.
803 */
804 
805 #ifndef O_APPEND
806 # define O_APPEND	0
807 #endif /* ! O_APPEND */
808 
809 void
810 openxscript(e)
811 	register ENVELOPE *e;
812 {
813 	register char *p;
814 
815 	if (e->e_xfp != NULL)
816 		return;
817 
818 #if 0
819 	if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
820 		syserr("openxscript: job not locked");
821 #endif /* 0 */
822 
823 	p = queuename(e, XSCRPT_LETTER);
824 	e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
825 			  SFF_NOTEXCL|SFF_OPENASROOT);
826 
827 	if (e->e_xfp == NULL)
828 	{
829 		syserr("Can't create transcript file %s", p);
830 		e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
831 				      SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
832 		if (e->e_xfp == NULL)
833 			syserr("!Can't open %s", SM_PATH_DEVNULL);
834 	}
835 	(void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
836 	if (tTd(46, 9))
837 	{
838 		sm_dprintf("openxscript(%s):\n  ", p);
839 		dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
840 		       false);
841 	}
842 }
843 /*
844 **  CLOSEXSCRIPT -- close the transcript file.
845 **
846 **	Parameters:
847 **		e -- the envelope containing the transcript to close.
848 **
849 **	Returns:
850 **		none.
851 **
852 **	Side Effects:
853 **		none.
854 */
855 
856 void
857 closexscript(e)
858 	register ENVELOPE *e;
859 {
860 	if (e->e_xfp == NULL)
861 		return;
862 #if 0
863 	if (e->e_lockfp == NULL)
864 		syserr("closexscript: job not locked");
865 #endif /* 0 */
866 	(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
867 	e->e_xfp = NULL;
868 }
869 /*
870 **  SETSENDER -- set the person who this message is from
871 **
872 **	Under certain circumstances allow the user to say who
873 **	s/he is (using -f or -r).  These are:
874 **	1.  The user's uid is zero (root).
875 **	2.  The user's login name is in an approved list (typically
876 **	    from a network server).
877 **	3.  The address the user is trying to claim has a
878 **	    "!" character in it (since #2 doesn't do it for
879 **	    us if we are dialing out for UUCP).
880 **	A better check to replace #3 would be if the
881 **	effective uid is "UUCP" -- this would require me
882 **	to rewrite getpwent to "grab" uucp as it went by,
883 **	make getname more nasty, do another passwd file
884 **	scan, or compile the UID of "UUCP" into the code,
885 **	all of which are reprehensible.
886 **
887 **	Assuming all of these fail, we figure out something
888 **	ourselves.
889 **
890 **	Parameters:
891 **		from -- the person we would like to believe this message
892 **			is from, as specified on the command line.
893 **		e -- the envelope in which we would like the sender set.
894 **		delimptr -- if non-NULL, set to the location of the
895 **			trailing delimiter.
896 **		delimchar -- the character that will delimit the sender
897 **			address.
898 **		internal -- set if this address is coming from an internal
899 **			source such as an owner alias.
900 **
901 **	Returns:
902 **		none.
903 **
904 **	Side Effects:
905 **		sets sendmail's notion of who the from person is.
906 */
907 
908 void
909 setsender(from, e, delimptr, delimchar, internal)
910 	char *from;
911 	register ENVELOPE *e;
912 	char **delimptr;
913 	int delimchar;
914 	bool internal;
915 {
916 	register char **pvp;
917 	char *realname = NULL;
918 	char *bp;
919 	char buf[MAXNAME + 2];
920 	char pvpbuf[PSBUFSIZE];
921 	extern char *FullName;
922 
923 	if (tTd(45, 1))
924 		sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
925 
926 	/*
927 	**  Figure out the real user executing us.
928 	**	Username can return errno != 0 on non-errors.
929 	*/
930 
931 	if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
932 	    OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
933 		realname = from;
934 	if (realname == NULL || realname[0] == '\0')
935 		realname = username();
936 
937 	if (ConfigLevel < 2)
938 		SuprErrs = true;
939 
940 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
941 
942 	/* preset state for then clause in case from == NULL */
943 	e->e_from.q_state = QS_BADADDR;
944 	e->e_from.q_flags = 0;
945 	if (from == NULL ||
946 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
947 		      delimchar, delimptr, e, false) == NULL ||
948 	    QS_IS_BADADDR(e->e_from.q_state) ||
949 	    e->e_from.q_mailer == ProgMailer ||
950 	    e->e_from.q_mailer == FileMailer ||
951 	    e->e_from.q_mailer == InclMailer)
952 	{
953 		/* log garbage addresses for traceback */
954 		if (from != NULL && LogLevel > 2)
955 		{
956 			char *p;
957 			char ebuf[MAXNAME * 2 + 2];
958 
959 			p = macvalue('_', e);
960 			if (p == NULL)
961 			{
962 				char *host = RealHostName;
963 
964 				if (host == NULL)
965 					host = MyHostName;
966 				(void) sm_snprintf(ebuf, sizeof ebuf,
967 						   "%.*s@%.*s", MAXNAME,
968 						   realname, MAXNAME, host);
969 				p = ebuf;
970 			}
971 			sm_syslog(LOG_NOTICE, e->e_id,
972 				  "setsender: %s: invalid or unparsable, received from %s",
973 				  shortenstring(from, 83), p);
974 		}
975 		if (from != NULL)
976 		{
977 			if (!QS_IS_BADADDR(e->e_from.q_state))
978 			{
979 				/* it was a bogus mailer in the from addr */
980 				e->e_status = "5.1.7";
981 				usrerrenh(e->e_status,
982 					  "553 Invalid sender address");
983 			}
984 			SuprErrs = true;
985 		}
986 		if (from == realname ||
987 		    parseaddr(from = realname,
988 			      &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
989 			      NULL, e, false) == NULL)
990 		{
991 			char nbuf[100];
992 
993 			SuprErrs = true;
994 			expand("\201n", nbuf, sizeof nbuf, e);
995 			from = sm_rpool_strdup_x(e->e_rpool, nbuf);
996 			if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
997 				      NULL, e, false) == NULL &&
998 			    parseaddr(from = "postmaster", &e->e_from,
999 				      RF_COPYALL, ' ', NULL, e, false) == NULL)
1000 				syserr("553 5.3.0 setsender: can't even parse postmaster!");
1001 		}
1002 	}
1003 	else
1004 		FromFlag = true;
1005 	e->e_from.q_state = QS_SENDER;
1006 	if (tTd(45, 5))
1007 	{
1008 		sm_dprintf("setsender: QS_SENDER ");
1009 		printaddr(&e->e_from, false);
1010 	}
1011 	SuprErrs = false;
1012 
1013 #if USERDB
1014 	if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1015 	{
1016 		register char *p;
1017 
1018 		p = udbsender(e->e_from.q_user, e->e_rpool);
1019 		if (p != NULL)
1020 			from = p;
1021 	}
1022 #endif /* USERDB */
1023 
1024 	if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1025 	{
1026 		SM_MBDB_T user;
1027 
1028 		if (!internal)
1029 		{
1030 			/* if the user already given fullname don't redefine */
1031 			if (FullName == NULL)
1032 				FullName = macvalue('x', e);
1033 			if (FullName != NULL && FullName[0] == '\0')
1034 				FullName = NULL;
1035 		}
1036 
1037 		if (e->e_from.q_user[0] != '\0' &&
1038 		    sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1039 		{
1040 			/*
1041 			**  Process passwd file entry.
1042 			*/
1043 
1044 			/* extract home directory */
1045 			if (*user.mbdb_homedir == '\0')
1046 				e->e_from.q_home = NULL;
1047 			else if (strcmp(user.mbdb_homedir, "/") == 0)
1048 				e->e_from.q_home = "";
1049 			else
1050 				e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1051 							user.mbdb_homedir);
1052 			macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1053 
1054 			/* extract user and group id */
1055 			if (user.mbdb_uid != SM_NO_UID)
1056 			{
1057 				e->e_from.q_uid = user.mbdb_uid;
1058 				e->e_from.q_gid = user.mbdb_gid;
1059 				e->e_from.q_flags |= QGOODUID;
1060 			}
1061 
1062 			/* extract full name from passwd file */
1063 			if (FullName == NULL && !internal &&
1064 			    user.mbdb_fullname[0] != '\0' &&
1065 			    strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1066 			{
1067 				FullName = newstr(user.mbdb_fullname);
1068 			}
1069 		}
1070 		else
1071 		{
1072 			e->e_from.q_home = NULL;
1073 		}
1074 		if (FullName != NULL && !internal)
1075 			macdefine(&e->e_macro, A_PERM, 'x', FullName);
1076 	}
1077 	else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1078 	{
1079 		if (e->e_from.q_home == NULL)
1080 		{
1081 			e->e_from.q_home = getenv("HOME");
1082 			if (e->e_from.q_home != NULL)
1083 			{
1084 				if (*e->e_from.q_home == '\0')
1085 					e->e_from.q_home = NULL;
1086 				else if (strcmp(e->e_from.q_home, "/") == 0)
1087 					e->e_from.q_home++;
1088 			}
1089 		}
1090 		e->e_from.q_uid = RealUid;
1091 		e->e_from.q_gid = RealGid;
1092 		e->e_from.q_flags |= QGOODUID;
1093 	}
1094 
1095 	/*
1096 	**  Rewrite the from person to dispose of possible implicit
1097 	**	links in the net.
1098 	*/
1099 
1100 	pvp = prescan(from, delimchar, pvpbuf, sizeof pvpbuf, NULL, NULL);
1101 	if (pvp == NULL)
1102 	{
1103 		/* don't need to give error -- prescan did that already */
1104 		if (LogLevel > 2)
1105 			sm_syslog(LOG_NOTICE, e->e_id,
1106 				  "cannot prescan from (%s)",
1107 				  shortenstring(from, MAXSHORTSTR));
1108 		finis(true, true, ExitStat);
1109 	}
1110 	(void) REWRITE(pvp, 3, e);
1111 	(void) REWRITE(pvp, 1, e);
1112 	(void) REWRITE(pvp, 4, e);
1113 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1114 	bp = buf + 1;
1115 	cataddr(pvp, NULL, bp, sizeof buf - 2, '\0');
1116 	if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1117 	{
1118 		/* heuristic: route-addr: add angle brackets */
1119 		(void) sm_strlcat(bp, ">", sizeof buf - 1);
1120 		*--bp = '<';
1121 	}
1122 	e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1123 	macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1124 
1125 	/* save the domain spec if this mailer wants it */
1126 	if (e->e_from.q_mailer != NULL &&
1127 	    bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1128 	{
1129 		char **lastat;
1130 
1131 		/* get rid of any pesky angle brackets */
1132 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1133 		(void) REWRITE(pvp, 3, e);
1134 		(void) REWRITE(pvp, 1, e);
1135 		(void) REWRITE(pvp, 4, e);
1136 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1137 
1138 		/* strip off to the last "@" sign */
1139 		for (lastat = NULL; *pvp != NULL; pvp++)
1140 			if (strcmp(*pvp, "@") == 0)
1141 				lastat = pvp;
1142 		if (lastat != NULL)
1143 		{
1144 			e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1145 			if (tTd(45, 3))
1146 			{
1147 				sm_dprintf("Saving from domain: ");
1148 				printav(e->e_fromdomain);
1149 			}
1150 		}
1151 	}
1152 }
1153 /*
1154 **  PRINTENVFLAGS -- print envelope flags for debugging
1155 **
1156 **	Parameters:
1157 **		e -- the envelope with the flags to be printed.
1158 **
1159 **	Returns:
1160 **		none.
1161 */
1162 
1163 struct eflags
1164 {
1165 	char		*ef_name;
1166 	unsigned long	ef_bit;
1167 };
1168 
1169 static struct eflags	EnvelopeFlags[] =
1170 {
1171 	{ "OLDSTYLE",		EF_OLDSTYLE	},
1172 	{ "INQUEUE",		EF_INQUEUE	},
1173 	{ "NO_BODY_RETN",	EF_NO_BODY_RETN	},
1174 	{ "CLRQUEUE",		EF_CLRQUEUE	},
1175 	{ "SENDRECEIPT",	EF_SENDRECEIPT	},
1176 	{ "FATALERRS",		EF_FATALERRS	},
1177 	{ "DELETE_BCC",		EF_DELETE_BCC	},
1178 	{ "RESPONSE",		EF_RESPONSE	},
1179 	{ "RESENT",		EF_RESENT	},
1180 	{ "VRFYONLY",		EF_VRFYONLY	},
1181 	{ "WARNING",		EF_WARNING	},
1182 	{ "QUEUERUN",		EF_QUEUERUN	},
1183 	{ "GLOBALERRS",		EF_GLOBALERRS	},
1184 	{ "PM_NOTIFY",		EF_PM_NOTIFY	},
1185 	{ "METOO",		EF_METOO	},
1186 	{ "LOGSENDER",		EF_LOGSENDER	},
1187 	{ "NORECEIPT",		EF_NORECEIPT	},
1188 	{ "HAS8BIT",		EF_HAS8BIT	},
1189 	{ "NL_NOT_EOL",		EF_NL_NOT_EOL	},
1190 	{ "CRLF_NOT_EOL",	EF_CRLF_NOT_EOL	},
1191 	{ "RET_PARAM",		EF_RET_PARAM	},
1192 	{ "HAS_DF",		EF_HAS_DF	},
1193 	{ "IS_MIME",		EF_IS_MIME	},
1194 	{ "DONT_MIME",		EF_DONT_MIME	},
1195 	{ "DISCARD",		EF_DISCARD	},
1196 	{ "TOOBIG",		EF_TOOBIG	},
1197 	{ "SPLIT",		EF_SPLIT	},
1198 	{ "UNSAFE",		EF_UNSAFE	},
1199 	{ NULL,			0		}
1200 };
1201 
1202 void
1203 printenvflags(e)
1204 	register ENVELOPE *e;
1205 {
1206 	register struct eflags *ef;
1207 	bool first = true;
1208 
1209 	(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%lx", e->e_flags);
1210 	for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1211 	{
1212 		if (!bitset(ef->ef_bit, e->e_flags))
1213 			continue;
1214 		if (first)
1215 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "<%s",
1216 					     ef->ef_name);
1217 		else
1218 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, ",%s",
1219 					     ef->ef_name);
1220 		first = false;
1221 	}
1222 	if (!first)
1223 		(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, ">\n");
1224 }
1225