1 /* 2 * Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 16 SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $") 17 18 /* 19 ** CLRSESSENVELOPE -- clear session oriented data in an envelope 20 ** 21 ** Parameters: 22 ** e -- the envelope to clear. 23 ** 24 ** Returns: 25 ** none. 26 */ 27 28 void 29 clrsessenvelope(e) 30 ENVELOPE *e; 31 { 32 #if SASL 33 macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), ""); 34 macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), ""); 35 macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), ""); 36 macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), ""); 37 #endif /* SASL */ 38 #if STARTTLS 39 macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), ""); 40 macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), ""); 41 macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), ""); 42 macdefine(&e->e_macro, A_PERM, macid("{cipher}"), ""); 43 macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), ""); 44 macdefine(&e->e_macro, A_PERM, macid("{verify}"), ""); 45 macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), ""); 46 macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), ""); 47 macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), ""); 48 #endif /* STARTTLS */ 49 } 50 51 /* 52 ** NEWENVELOPE -- fill in a new envelope 53 ** 54 ** Supports inheritance. 55 ** 56 ** Parameters: 57 ** e -- the new envelope to fill in. 58 ** parent -- the envelope to be the parent of e. 59 ** rpool -- either NULL, or a pointer to a resource pool 60 ** from which envelope memory is allocated, and 61 ** to which envelope resources are attached. 62 ** 63 ** Returns: 64 ** e. 65 ** 66 ** Side Effects: 67 ** none. 68 */ 69 70 ENVELOPE * 71 newenvelope(e, parent, rpool) 72 register ENVELOPE *e; 73 register ENVELOPE *parent; 74 SM_RPOOL_T *rpool; 75 { 76 int sendmode; 77 78 /* 79 ** This code used to read: 80 ** if (e == parent && e->e_parent != NULL) 81 ** parent = e->e_parent; 82 ** So if e == parent && e->e_parent == NULL then we would 83 ** set e->e_parent = e, which creates a loop in the e_parent chain. 84 ** This meant macvalue() could go into an infinite loop. 85 */ 86 87 if (parent != NULL) 88 sendmode = parent->e_sendmode; 89 else 90 sendmode = DM_NOTSET; 91 92 if (e == parent) 93 parent = e->e_parent; 94 clearenvelope(e, true, rpool); 95 if (e == CurEnv) 96 memmove((char *) &e->e_from, 97 (char *) &NullAddress, 98 sizeof(e->e_from)); 99 else 100 memmove((char *) &e->e_from, 101 (char *) &CurEnv->e_from, 102 sizeof(e->e_from)); 103 e->e_parent = parent; 104 assign_queueid(e); 105 e->e_ctime = curtime(); 106 #if _FFR_SESSID 107 e->e_sessid = e->e_id; 108 #endif 109 if (parent != NULL) 110 { 111 e->e_msgpriority = parent->e_msgsize; 112 #if _FFR_SESSID 113 if (parent->e_sessid != NULL) 114 e->e_sessid = sm_rpool_strdup_x(rpool, 115 parent->e_sessid); 116 #endif 117 118 if (parent->e_quarmsg == NULL) 119 { 120 e->e_quarmsg = NULL; 121 macdefine(&e->e_macro, A_PERM, 122 macid("{quarantine}"), ""); 123 } 124 else 125 { 126 e->e_quarmsg = sm_rpool_strdup_x(rpool, 127 parent->e_quarmsg); 128 macdefine(&e->e_macro, A_PERM, 129 macid("{quarantine}"), e->e_quarmsg); 130 } 131 } 132 e->e_puthdr = putheader; 133 e->e_putbody = putbody; 134 if (CurEnv->e_xfp != NULL) 135 (void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT); 136 if (sendmode != DM_NOTSET) 137 set_delivery_mode(sendmode, e); 138 139 return e; 140 } 141 142 /* values for msg_timeout, see also IS_* below for usage (bit layout) */ 143 #define MSG_T_O 0x01 /* normal timeout */ 144 #define MSG_T_O_NOW 0x02 /* NOW timeout */ 145 #define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */ 146 #define MSG_WARN 0x10 /* normal queue warning */ 147 #define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */ 148 149 #define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */ 150 151 /* immediate return */ 152 #define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0) 153 #define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */ 154 155 /* 156 ** DROPENVELOPE -- deallocate an envelope. 157 ** 158 ** Parameters: 159 ** e -- the envelope to deallocate. 160 ** fulldrop -- if set, do return receipts. 161 ** split -- if true, split by recipient if message is queued up 162 ** 163 ** Returns: 164 ** EX_* status (currently: 0: success, EX_IOERR on panic) 165 ** 166 ** Side Effects: 167 ** housekeeping necessary to dispose of an envelope. 168 ** Unlocks this queue file. 169 */ 170 171 int 172 dropenvelope(e, fulldrop, split) 173 register ENVELOPE *e; 174 bool fulldrop; 175 bool split; 176 { 177 bool panic = false; 178 bool queueit = false; 179 int msg_timeout = 0; 180 bool failure_return = false; 181 bool delay_return = false; 182 bool success_return = false; 183 bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags); 184 bool done = false; 185 register ADDRESS *q; 186 char *id = e->e_id; 187 time_t now; 188 char buf[MAXLINE]; 189 190 if (tTd(50, 1)) 191 { 192 sm_dprintf("dropenvelope %p: id=", (void *)e); 193 xputs(sm_debug_file(), e->e_id); 194 sm_dprintf(", flags="); 195 printenvflags(e); 196 if (tTd(50, 10)) 197 { 198 sm_dprintf("sendq="); 199 printaddr(sm_debug_file(), e->e_sendqueue, true); 200 } 201 } 202 203 if (LogLevel > 84) 204 sm_syslog(LOG_DEBUG, id, 205 "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d", 206 e->e_flags, OpMode, (int) CurrentPid); 207 208 /* we must have an id to remove disk files */ 209 if (id == NULL) 210 return EX_OK; 211 212 /* if verify-only mode, we can skip most of this */ 213 if (OpMode == MD_VERIFY) 214 goto simpledrop; 215 216 if (tTd(92, 2)) 217 sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", 218 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); 219 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) 220 logsender(e, NULL); 221 e->e_flags &= ~EF_LOGSENDER; 222 223 /* post statistics */ 224 poststats(StatFile); 225 226 /* 227 ** Extract state information from dregs of send list. 228 */ 229 230 now = curtime(); 231 if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass]) 232 msg_timeout = MSG_T_O; 233 if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 && 234 now >= e->e_ctime + e->e_deliver_by && 235 !bitset(EF_RESPONSE, e->e_flags)) 236 { 237 msg_timeout = MSG_NOT_BY; 238 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; 239 } 240 else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW && 241 !bitset(EF_RESPONSE, e->e_flags)) 242 { 243 msg_timeout = MSG_T_O_NOW; 244 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; 245 } 246 247 #if _FFR_PROXY 248 if (tTd(87, 2)) 249 { 250 q = e->e_sendqueue; 251 sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n", 252 e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q, 253 (q == NULL) ? (void *)0 : q->q_next, 254 (q == NULL) ? -1 : q->q_state); 255 } 256 #endif /* _FFR_PROXY */ 257 258 e->e_flags &= ~EF_QUEUERUN; 259 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 260 { 261 if (QS_IS_UNDELIVERED(q->q_state)) 262 queueit = true; 263 264 #if _FFR_PROXY 265 if (queueit && e->e_sendmode == SM_PROXY) 266 queueit = false; 267 #endif 268 269 /* see if a notification is needed */ 270 if (bitset(QPINGONFAILURE, q->q_flags) && 271 ((IS_MSG_ERR(msg_timeout) && 272 QS_IS_UNDELIVERED(q->q_state)) || 273 QS_IS_BADADDR(q->q_state) || 274 IS_IMM_RET(msg_timeout))) 275 { 276 failure_return = true; 277 if (!done && q->q_owner == NULL && 278 !emptyaddr(&e->e_from)) 279 { 280 (void) sendtolist(e->e_from.q_paddr, NULLADDR, 281 &e->e_errorqueue, 0, e); 282 done = true; 283 } 284 } 285 else if ((bitset(QPINGONSUCCESS, q->q_flags) && 286 ((QS_IS_SENT(q->q_state) && 287 bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) || 288 bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) || 289 bitset(QBYTRACE, q->q_flags) || 290 bitset(QBYNRELAY, q->q_flags)) 291 { 292 success_return = true; 293 } 294 } 295 296 if (e->e_class < 0) 297 e->e_flags |= EF_NO_BODY_RETN; 298 299 /* 300 ** See if the message timed out. 301 */ 302 303 if (!queueit) 304 /* EMPTY */ 305 /* nothing to do */ ; 306 else if (IS_MSG_ERR(msg_timeout)) 307 { 308 if (failure_return) 309 { 310 if (msg_timeout == MSG_NOT_BY) 311 { 312 (void) sm_snprintf(buf, sizeof(buf), 313 "delivery time expired %lds", 314 e->e_deliver_by); 315 } 316 else 317 { 318 (void) sm_snprintf(buf, sizeof(buf), 319 "Cannot send message for %s", 320 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 321 false)); 322 } 323 324 /* don't free, allocated from e_rpool */ 325 e->e_message = sm_rpool_strdup_x(e->e_rpool, buf); 326 message("%s", buf); 327 e->e_flags |= EF_CLRQUEUE; 328 } 329 if (msg_timeout == MSG_NOT_BY) 330 { 331 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 332 "Delivery time (%lds) expired\n", 333 e->e_deliver_by); 334 } 335 else 336 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 337 "Message could not be delivered for %s\n", 338 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 339 false)); 340 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 341 "Message will be deleted from queue\n"); 342 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 343 { 344 if (QS_IS_UNDELIVERED(q->q_state)) 345 { 346 q->q_state = QS_BADADDR; 347 if (msg_timeout == MSG_NOT_BY) 348 q->q_status = "5.4.7"; 349 else 350 q->q_status = "4.4.7"; 351 } 352 } 353 } 354 else 355 { 356 if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 && 357 now >= e->e_ctime + 358 TimeOuts.to_q_warning[e->e_timeoutclass]) 359 msg_timeout = MSG_WARN; 360 else if (IS_DLVR_NOTIFY(e) && 361 e->e_deliver_by > 0 && 362 now >= e->e_ctime + e->e_deliver_by) 363 msg_timeout = MSG_WARN_BY; 364 365 if (IS_MSG_WARN(msg_timeout)) 366 { 367 if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) && 368 e->e_class >= 0 && 369 e->e_from.q_paddr != NULL && 370 strcmp(e->e_from.q_paddr, "<>") != 0 && 371 sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 && 372 (strlen(e->e_from.q_paddr) <= 8 || 373 sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8], 374 "-request") != 0)) 375 { 376 for (q = e->e_sendqueue; q != NULL; 377 q = q->q_next) 378 { 379 if (QS_IS_UNDELIVERED(q->q_state) 380 #if _FFR_NODELAYDSN_ON_HOLD 381 && !bitnset(M_HOLD, 382 q->q_mailer->m_flags) 383 #endif 384 ) 385 { 386 if (msg_timeout == 387 MSG_WARN_BY && 388 (bitset(QPINGONDELAY, 389 q->q_flags) || 390 !bitset(QHASNOTIFY, 391 q->q_flags)) 392 ) 393 { 394 q->q_flags |= QBYNDELAY; 395 delay_return = true; 396 } 397 if (bitset(QPINGONDELAY, 398 q->q_flags)) 399 { 400 q->q_flags |= QDELAYED; 401 delay_return = true; 402 } 403 } 404 } 405 } 406 if (delay_return) 407 { 408 if (msg_timeout == MSG_WARN_BY) 409 { 410 (void) sm_snprintf(buf, sizeof(buf), 411 "Warning: Delivery time (%lds) exceeded", 412 e->e_deliver_by); 413 } 414 else 415 (void) sm_snprintf(buf, sizeof(buf), 416 "Warning: could not send message for past %s", 417 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], 418 false)); 419 420 /* don't free, allocated from e_rpool */ 421 e->e_message = sm_rpool_strdup_x(e->e_rpool, 422 buf); 423 message("%s", buf); 424 e->e_flags |= EF_WARNING; 425 } 426 if (msg_timeout == MSG_WARN_BY) 427 { 428 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 429 "Warning: Delivery time (%lds) exceeded\n", 430 e->e_deliver_by); 431 } 432 else 433 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 434 "Warning: message still undelivered after %s\n", 435 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], 436 false)); 437 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 438 "Will keep trying until message is %s old\n", 439 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 440 false)); 441 } 442 } 443 444 if (tTd(50, 2)) 445 sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n", 446 failure_return, delay_return, success_return, queueit); 447 448 /* 449 ** If we had some fatal error, but no addresses are marked as bad, 450 ** mark all OK/VERIFIED addresses as bad (if QPINGONFAILURE). 451 */ 452 453 if (bitset(EF_FATALERRS, e->e_flags) && !failure_return) 454 { 455 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 456 { 457 if ((QS_IS_OK(q->q_state) || 458 QS_IS_VERIFIED(q->q_state)) 459 && bitset(QPINGONFAILURE, q->q_flags) 460 461 /* 462 ** do not mark an address as bad if 463 ** - the address itself is stored in the queue 464 ** - the DeliveryMode requires queueing 465 ** - the envelope is queued 466 */ 467 468 && !(bitset(QQUEUED, q->q_flags) 469 && WILL_BE_QUEUED(e->e_sendmode) 470 && bitset(EF_INQUEUE, e->e_flags) 471 ) 472 ) 473 { 474 failure_return = true; 475 q->q_state = QS_BADADDR; 476 } 477 } 478 } 479 480 /* 481 ** Send back return receipts as requested. 482 */ 483 484 if (success_return && !failure_return && !delay_return && fulldrop && 485 !bitset(PRIV_NORECEIPTS, PrivacyFlags) && 486 strcmp(e->e_from.q_paddr, "<>") != 0) 487 { 488 auto ADDRESS *rlist = NULL; 489 490 if (tTd(50, 8)) 491 sm_dprintf("dropenvelope(%s): sending return receipt\n", 492 id); 493 e->e_flags |= EF_SENDRECEIPT; 494 (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e); 495 (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e); 496 } 497 e->e_flags &= ~EF_SENDRECEIPT; 498 499 /* 500 ** Arrange to send error messages if there are fatal errors. 501 */ 502 503 if ((failure_return || delay_return) && e->e_errormode != EM_QUIET) 504 { 505 if (tTd(50, 8)) 506 sm_dprintf("dropenvelope(%s): saving mail\n", id); 507 panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags)); 508 } 509 510 /* 511 ** Arrange to send warning messages to postmaster as requested. 512 */ 513 514 if ((failure_return || pmnotify) && 515 PostMasterCopy != NULL && 516 !bitset(EF_RESPONSE, e->e_flags) && 517 e->e_class >= 0) 518 { 519 auto ADDRESS *rlist = NULL; 520 char pcopy[MAXNAME]; 521 522 if (failure_return) 523 { 524 expand(PostMasterCopy, pcopy, sizeof(pcopy), e); 525 526 if (tTd(50, 8)) 527 sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n", 528 id, pcopy); 529 (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e); 530 } 531 if (pmnotify) 532 (void) sendtolist("postmaster", NULLADDR, 533 &rlist, 0, e); 534 (void) returntosender(e->e_message, rlist, 535 RTSF_PM_BOUNCE|RTSF_NO_BODY, e); 536 } 537 538 /* 539 ** Instantiate or deinstantiate the queue. 540 */ 541 542 simpledrop: 543 if (tTd(50, 8)) 544 sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n", 545 id, queueit); 546 if (!queueit || bitset(EF_CLRQUEUE, e->e_flags)) 547 { 548 if (tTd(50, 1)) 549 { 550 sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=", 551 e->e_id, queueit); 552 printenvflags(e); 553 } 554 if (!panic) 555 { 556 if (e->e_dfp != NULL) 557 { 558 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 559 e->e_dfp = NULL; 560 } 561 (void) xunlink(queuename(e, DATAFL_LETTER)); 562 } 563 if (panic && QueueMode == QM_LOST) 564 { 565 /* 566 ** leave the Qf file behind as 567 ** the delivery attempt failed. 568 */ 569 570 /* EMPTY */ 571 } 572 else 573 if (xunlink(queuename(e, ANYQFL_LETTER)) == 0) 574 { 575 /* add to available space in filesystem */ 576 updfs(e, -1, panic ? 0 : -1, "dropenvelope"); 577 } 578 579 if (e->e_ntries > 0 && LogLevel > 9) 580 sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d", 581 pintvl(curtime() - e->e_ctime, true), 582 e->e_ntries); 583 } 584 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 585 { 586 if (!split) 587 queueup(e, false, true); 588 else 589 { 590 ENVELOPE *oldsib; 591 ENVELOPE *ee; 592 593 /* 594 ** Save old sibling and set it to NULL to avoid 595 ** queueing up the same envelopes again. 596 ** This requires that envelopes in that list have 597 ** been take care of before (or at some other place). 598 */ 599 600 oldsib = e->e_sibling; 601 e->e_sibling = NULL; 602 if (!split_by_recipient(e) && 603 bitset(EF_FATALERRS, e->e_flags)) 604 { 605 syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld", 606 e->e_id, queuename(e, DATAFL_LETTER), 607 (long) geteuid()); 608 } 609 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 610 queueup(ee, false, true); 611 queueup(e, false, true); 612 613 /* clean up */ 614 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 615 { 616 /* now unlock the job */ 617 if (tTd(50, 8)) 618 sm_dprintf("dropenvelope(%s): unlocking job\n", 619 ee->e_id); 620 closexscript(ee); 621 unlockqueue(ee); 622 623 /* this envelope is marked unused */ 624 if (ee->e_dfp != NULL) 625 { 626 (void) sm_io_close(ee->e_dfp, 627 SM_TIME_DEFAULT); 628 ee->e_dfp = NULL; 629 } 630 ee->e_id = NULL; 631 ee->e_flags &= ~EF_HAS_DF; 632 } 633 e->e_sibling = oldsib; 634 } 635 } 636 637 /* now unlock the job */ 638 if (tTd(50, 8)) 639 sm_dprintf("dropenvelope(%s): unlocking job\n", id); 640 closexscript(e); 641 unlockqueue(e); 642 643 /* make sure that this envelope is marked unused */ 644 if (e->e_dfp != NULL) 645 { 646 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 647 e->e_dfp = NULL; 648 } 649 e->e_id = NULL; 650 e->e_flags &= ~EF_HAS_DF; 651 if (panic) 652 return EX_IOERR; 653 return EX_OK; 654 } 655 656 /* 657 ** CLEARENVELOPE -- clear an envelope without unlocking 658 ** 659 ** This is normally used by a child process to get a clean 660 ** envelope without disturbing the parent. 661 ** 662 ** Parameters: 663 ** e -- the envelope to clear. 664 ** fullclear - if set, the current envelope is total 665 ** garbage and should be ignored; otherwise, 666 ** release any resources it may indicate. 667 ** rpool -- either NULL, or a pointer to a resource pool 668 ** from which envelope memory is allocated, and 669 ** to which envelope resources are attached. 670 ** 671 ** Returns: 672 ** none. 673 ** 674 ** Side Effects: 675 ** Closes files associated with the envelope. 676 ** Marks the envelope as unallocated. 677 */ 678 679 void 680 clearenvelope(e, fullclear, rpool) 681 register ENVELOPE *e; 682 bool fullclear; 683 SM_RPOOL_T *rpool; 684 { 685 register HDR *bh; 686 register HDR **nhp; 687 extern ENVELOPE BlankEnvelope; 688 char **p; 689 690 if (!fullclear) 691 { 692 /* clear out any file information */ 693 if (e->e_xfp != NULL) 694 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT); 695 if (e->e_dfp != NULL) 696 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 697 e->e_xfp = e->e_dfp = NULL; 698 } 699 700 /* 701 ** Copy BlankEnvelope into *e. 702 ** It is not safe to simply copy pointers to strings; 703 ** the strings themselves must be copied (or set to NULL). 704 ** The problem is that when we assign a new string value to 705 ** a member of BlankEnvelope, we free the old string. 706 ** We did not need to do this copying in sendmail 8.11 :-( 707 ** and it is a potential performance hit. Reference counted 708 ** strings are one way out. 709 */ 710 711 *e = BlankEnvelope; 712 e->e_message = NULL; 713 e->e_qfletter = '\0'; 714 e->e_quarmsg = NULL; 715 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), ""); 716 717 /* 718 ** Copy the macro table. 719 ** We might be able to avoid this by zeroing the macro table 720 ** and always searching BlankEnvelope.e_macro after e->e_macro 721 ** in macvalue(). 722 */ 723 724 for (p = &e->e_macro.mac_table[0]; 725 p <= &e->e_macro.mac_table[MAXMACROID]; 726 ++p) 727 { 728 if (*p != NULL) 729 *p = sm_rpool_strdup_x(rpool, *p); 730 } 731 732 /* 733 ** XXX There are many strings in the envelope structure 734 ** XXX that we are not attempting to copy here. 735 ** XXX Investigate this further. 736 */ 737 738 e->e_rpool = rpool; 739 e->e_macro.mac_rpool = rpool; 740 if (Verbose) 741 set_delivery_mode(SM_DELIVER, e); 742 bh = BlankEnvelope.e_header; 743 nhp = &e->e_header; 744 while (bh != NULL) 745 { 746 *nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh)); 747 memmove((char *) *nhp, (char *) bh, sizeof(*bh)); 748 bh = bh->h_link; 749 nhp = &(*nhp)->h_link; 750 } 751 #if _FFR_MILTER_ENHSC 752 e->e_enhsc[0] = '\0'; 753 #endif 754 } 755 /* 756 ** INITSYS -- initialize instantiation of system 757 ** 758 ** In Daemon mode, this is done in the child. 759 ** 760 ** Parameters: 761 ** e -- the envelope to use. 762 ** 763 ** Returns: 764 ** none. 765 ** 766 ** Side Effects: 767 ** Initializes the system macros, some global variables, 768 ** etc. In particular, the current time in various 769 ** forms is set. 770 */ 771 772 void 773 initsys(e) 774 register ENVELOPE *e; 775 { 776 char buf[10]; 777 #ifdef TTYNAME 778 static char ybuf[60]; /* holds tty id */ 779 register char *p; 780 extern char *ttyname(); 781 #endif /* TTYNAME */ 782 783 /* 784 ** Give this envelope a reality. 785 ** I.e., an id, a transcript, and a creation time. 786 ** We don't select the queue until all of the recipients are known. 787 */ 788 789 openxscript(e); 790 e->e_ctime = curtime(); 791 e->e_qfletter = '\0'; 792 793 /* 794 ** Set OutChannel to something useful if stdout isn't it. 795 ** This arranges that any extra stuff the mailer produces 796 ** gets sent back to the user on error (because it is 797 ** tucked away in the transcript). 798 */ 799 800 if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) && 801 e->e_xfp != NULL) 802 OutChannel = e->e_xfp; 803 804 /* 805 ** Set up some basic system macros. 806 */ 807 808 /* process id */ 809 (void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid); 810 macdefine(&e->e_macro, A_TEMP, 'p', buf); 811 812 /* hop count */ 813 (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount); 814 macdefine(&e->e_macro, A_TEMP, 'c', buf); 815 816 /* time as integer, unix time, arpa time */ 817 settime(e); 818 819 /* Load average */ 820 sm_getla(); 821 822 #ifdef TTYNAME 823 /* tty name */ 824 if (macvalue('y', e) == NULL) 825 { 826 p = ttyname(2); 827 if (p != NULL) 828 { 829 if (strrchr(p, '/') != NULL) 830 p = strrchr(p, '/') + 1; 831 (void) sm_strlcpy(ybuf, sizeof(ybuf), p); 832 macdefine(&e->e_macro, A_PERM, 'y', ybuf); 833 } 834 } 835 #endif /* TTYNAME */ 836 } 837 /* 838 ** SETTIME -- set the current time. 839 ** 840 ** Parameters: 841 ** e -- the envelope in which the macros should be set. 842 ** 843 ** Returns: 844 ** none. 845 ** 846 ** Side Effects: 847 ** Sets the various time macros -- $a, $b, $d, $t. 848 */ 849 850 void 851 settime(e) 852 register ENVELOPE *e; 853 { 854 register char *p; 855 auto time_t now; 856 char buf[30]; 857 register struct tm *tm; 858 859 now = curtime(); 860 (void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now); 861 macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf); 862 tm = gmtime(&now); 863 (void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d", 864 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 865 tm->tm_hour, tm->tm_min); 866 macdefine(&e->e_macro, A_TEMP, 't', buf); 867 (void) sm_strlcpy(buf, ctime(&now), sizeof(buf)); 868 p = strchr(buf, '\n'); 869 if (p != NULL) 870 *p = '\0'; 871 macdefine(&e->e_macro, A_TEMP, 'd', buf); 872 macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf)); 873 if (macvalue('a', e) == NULL) 874 macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e)); 875 } 876 /* 877 ** OPENXSCRIPT -- Open transcript file 878 ** 879 ** Creates a transcript file for possible eventual mailing or 880 ** sending back. 881 ** 882 ** Parameters: 883 ** e -- the envelope to create the transcript in/for. 884 ** 885 ** Returns: 886 ** none 887 ** 888 ** Side Effects: 889 ** Creates the transcript file. 890 */ 891 892 #ifndef O_APPEND 893 # define O_APPEND 0 894 #endif 895 896 void 897 openxscript(e) 898 register ENVELOPE *e; 899 { 900 register char *p; 901 902 if (e->e_xfp != NULL) 903 return; 904 905 #if 0 906 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags)) 907 syserr("openxscript: job not locked"); 908 #endif 909 910 p = queuename(e, XSCRPT_LETTER); 911 e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize, 912 SFF_NOTEXCL|SFF_OPENASROOT); 913 914 if (e->e_xfp == NULL) 915 { 916 syserr("Can't create transcript file %s", p); 917 e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, 918 SM_PATH_DEVNULL, SM_IO_RDWR, NULL); 919 if (e->e_xfp == NULL) 920 syserr("!Can't open %s", SM_PATH_DEVNULL); 921 } 922 (void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0); 923 if (tTd(46, 9)) 924 { 925 sm_dprintf("openxscript(%s):\n ", p); 926 dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true, 927 false); 928 } 929 } 930 /* 931 ** CLOSEXSCRIPT -- close the transcript file. 932 ** 933 ** Parameters: 934 ** e -- the envelope containing the transcript to close. 935 ** 936 ** Returns: 937 ** none. 938 ** 939 ** Side Effects: 940 ** none. 941 */ 942 943 void 944 closexscript(e) 945 register ENVELOPE *e; 946 { 947 if (e->e_xfp == NULL) 948 return; 949 #if 0 950 if (e->e_lockfp == NULL) 951 syserr("closexscript: job not locked"); 952 #endif 953 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT); 954 e->e_xfp = NULL; 955 } 956 /* 957 ** SETSENDER -- set the person who this message is from 958 ** 959 ** Under certain circumstances allow the user to say who 960 ** s/he is (using -f or -r). These are: 961 ** 1. The user's uid is zero (root). 962 ** 2. The user's login name is in an approved list (typically 963 ** from a network server). 964 ** 3. The address the user is trying to claim has a 965 ** "!" character in it (since #2 doesn't do it for 966 ** us if we are dialing out for UUCP). 967 ** A better check to replace #3 would be if the 968 ** effective uid is "UUCP" -- this would require me 969 ** to rewrite getpwent to "grab" uucp as it went by, 970 ** make getname more nasty, do another passwd file 971 ** scan, or compile the UID of "UUCP" into the code, 972 ** all of which are reprehensible. 973 ** 974 ** Assuming all of these fail, we figure out something 975 ** ourselves. 976 ** 977 ** Parameters: 978 ** from -- the person we would like to believe this message 979 ** is from, as specified on the command line. 980 ** e -- the envelope in which we would like the sender set. 981 ** delimptr -- if non-NULL, set to the location of the 982 ** trailing delimiter. 983 ** delimchar -- the character that will delimit the sender 984 ** address. 985 ** internal -- set if this address is coming from an internal 986 ** source such as an owner alias. 987 ** 988 ** Returns: 989 ** none. 990 ** 991 ** Side Effects: 992 ** sets sendmail's notion of who the from person is. 993 */ 994 995 void 996 setsender(from, e, delimptr, delimchar, internal) 997 char *from; 998 register ENVELOPE *e; 999 char **delimptr; 1000 int delimchar; 1001 bool internal; 1002 { 1003 register char **pvp; 1004 char *realname = NULL; 1005 char *bp; 1006 char buf[MAXNAME + 2]; 1007 char pvpbuf[PSBUFSIZE]; 1008 extern char *FullName; 1009 1010 if (tTd(45, 1)) 1011 sm_dprintf("setsender(%s)\n", from == NULL ? "" : from); 1012 1013 /* may be set from earlier calls */ 1014 macdefine(&e->e_macro, A_PERM, 'x', ""); 1015 1016 /* 1017 ** Figure out the real user executing us. 1018 ** Username can return errno != 0 on non-errors. 1019 */ 1020 1021 if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP || 1022 OpMode == MD_ARPAFTP || OpMode == MD_DAEMON) 1023 realname = from; 1024 if (realname == NULL || realname[0] == '\0') 1025 realname = username(); 1026 1027 if (ConfigLevel < 2) 1028 SuprErrs = true; 1029 1030 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s"); 1031 1032 /* preset state for then clause in case from == NULL */ 1033 e->e_from.q_state = QS_BADADDR; 1034 e->e_from.q_flags = 0; 1035 if (from == NULL || 1036 parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR, 1037 delimchar, delimptr, e, false) == NULL || 1038 QS_IS_BADADDR(e->e_from.q_state) || 1039 e->e_from.q_mailer == ProgMailer || 1040 e->e_from.q_mailer == FileMailer || 1041 e->e_from.q_mailer == InclMailer) 1042 { 1043 /* log garbage addresses for traceback */ 1044 if (from != NULL && LogLevel > 2) 1045 { 1046 char *p; 1047 char ebuf[MAXNAME * 2 + 2]; 1048 1049 p = macvalue('_', e); 1050 if (p == NULL) 1051 { 1052 char *host = RealHostName; 1053 1054 if (host == NULL) 1055 host = MyHostName; 1056 (void) sm_snprintf(ebuf, sizeof(ebuf), 1057 "%.*s@%.*s", MAXNAME, 1058 realname, MAXNAME, host); 1059 p = ebuf; 1060 } 1061 sm_syslog(LOG_NOTICE, e->e_id, 1062 "setsender: %s: invalid or unparsable, received from %s", 1063 shortenstring(from, 83), p); 1064 } 1065 if (from != NULL) 1066 { 1067 if (!QS_IS_BADADDR(e->e_from.q_state)) 1068 { 1069 /* it was a bogus mailer in the from addr */ 1070 e->e_status = "5.1.7"; 1071 usrerrenh(e->e_status, 1072 "553 Invalid sender address"); 1073 } 1074 SuprErrs = true; 1075 } 1076 if (from == realname || 1077 parseaddr(from = realname, 1078 &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ', 1079 NULL, e, false) == NULL) 1080 { 1081 char nbuf[100]; 1082 1083 SuprErrs = true; 1084 expand("\201n", nbuf, sizeof(nbuf), e); 1085 from = sm_rpool_strdup_x(e->e_rpool, nbuf); 1086 if (parseaddr(from, &e->e_from, RF_COPYALL, ' ', 1087 NULL, e, false) == NULL && 1088 parseaddr(from = "postmaster", &e->e_from, 1089 RF_COPYALL, ' ', NULL, e, false) == NULL) 1090 syserr("553 5.3.0 setsender: can't even parse postmaster!"); 1091 } 1092 } 1093 else 1094 FromFlag = true; 1095 e->e_from.q_state = QS_SENDER; 1096 if (tTd(45, 5)) 1097 { 1098 sm_dprintf("setsender: QS_SENDER "); 1099 printaddr(sm_debug_file(), &e->e_from, false); 1100 } 1101 SuprErrs = false; 1102 1103 #if USERDB 1104 if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags)) 1105 { 1106 register char *p; 1107 1108 p = udbsender(e->e_from.q_user, e->e_rpool); 1109 if (p != NULL) 1110 from = p; 1111 } 1112 #endif /* USERDB */ 1113 1114 if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags)) 1115 { 1116 SM_MBDB_T user; 1117 1118 if (!internal) 1119 { 1120 /* if the user already given fullname don't redefine */ 1121 if (FullName == NULL) 1122 FullName = macvalue('x', e); 1123 if (FullName != NULL) 1124 { 1125 if (FullName[0] == '\0') 1126 FullName = NULL; 1127 else 1128 FullName = newstr(FullName); 1129 } 1130 } 1131 1132 if (e->e_from.q_user[0] != '\0' && 1133 sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK) 1134 { 1135 /* 1136 ** Process passwd file entry. 1137 */ 1138 1139 /* extract home directory */ 1140 if (*user.mbdb_homedir == '\0') 1141 e->e_from.q_home = NULL; 1142 else if (strcmp(user.mbdb_homedir, "/") == 0) 1143 e->e_from.q_home = ""; 1144 else 1145 e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool, 1146 user.mbdb_homedir); 1147 macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home); 1148 1149 /* extract user and group id */ 1150 if (user.mbdb_uid != SM_NO_UID) 1151 { 1152 e->e_from.q_uid = user.mbdb_uid; 1153 e->e_from.q_gid = user.mbdb_gid; 1154 e->e_from.q_flags |= QGOODUID; 1155 } 1156 1157 /* extract full name from passwd file */ 1158 if (FullName == NULL && !internal && 1159 user.mbdb_fullname[0] != '\0' && 1160 strcmp(user.mbdb_name, e->e_from.q_user) == 0) 1161 { 1162 FullName = newstr(user.mbdb_fullname); 1163 } 1164 } 1165 else 1166 { 1167 e->e_from.q_home = NULL; 1168 } 1169 if (FullName != NULL && !internal) 1170 macdefine(&e->e_macro, A_TEMP, 'x', FullName); 1171 } 1172 else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP) 1173 { 1174 if (e->e_from.q_home == NULL) 1175 { 1176 e->e_from.q_home = getenv("HOME"); 1177 if (e->e_from.q_home != NULL) 1178 { 1179 if (*e->e_from.q_home == '\0') 1180 e->e_from.q_home = NULL; 1181 else if (strcmp(e->e_from.q_home, "/") == 0) 1182 e->e_from.q_home++; 1183 } 1184 } 1185 e->e_from.q_uid = RealUid; 1186 e->e_from.q_gid = RealGid; 1187 e->e_from.q_flags |= QGOODUID; 1188 } 1189 1190 /* 1191 ** Rewrite the from person to dispose of possible implicit 1192 ** links in the net. 1193 */ 1194 1195 pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL, 1196 IntTokenTab, false); 1197 if (pvp == NULL) 1198 { 1199 /* don't need to give error -- prescan did that already */ 1200 if (LogLevel > 2) 1201 sm_syslog(LOG_NOTICE, e->e_id, 1202 "cannot prescan from (%s)", 1203 shortenstring(from, MAXSHORTSTR)); 1204 finis(true, true, ExitStat); 1205 } 1206 (void) REWRITE(pvp, 3, e); 1207 (void) REWRITE(pvp, 1, e); 1208 (void) REWRITE(pvp, 4, e); 1209 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL); 1210 bp = buf + 1; 1211 cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false); 1212 if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags)) 1213 { 1214 /* heuristic: route-addr: add angle brackets */ 1215 (void) sm_strlcat(bp, ">", sizeof(buf) - 1); 1216 *--bp = '<'; 1217 } 1218 e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp); 1219 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender); 1220 1221 /* save the domain spec if this mailer wants it */ 1222 if (e->e_from.q_mailer != NULL && 1223 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) 1224 { 1225 char **lastat; 1226 1227 /* get rid of any pesky angle brackets */ 1228 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s"); 1229 (void) REWRITE(pvp, 3, e); 1230 (void) REWRITE(pvp, 1, e); 1231 (void) REWRITE(pvp, 4, e); 1232 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL); 1233 1234 /* strip off to the last "@" sign */ 1235 for (lastat = NULL; *pvp != NULL; pvp++) 1236 { 1237 if (strcmp(*pvp, "@") == 0) 1238 lastat = pvp; 1239 } 1240 if (lastat != NULL) 1241 { 1242 e->e_fromdomain = copyplist(lastat, true, e->e_rpool); 1243 if (tTd(45, 3)) 1244 { 1245 sm_dprintf("Saving from domain: "); 1246 printav(sm_debug_file(), e->e_fromdomain); 1247 } 1248 } 1249 } 1250 } 1251 /* 1252 ** PRINTENVFLAGS -- print envelope flags for debugging 1253 ** 1254 ** Parameters: 1255 ** e -- the envelope with the flags to be printed. 1256 ** 1257 ** Returns: 1258 ** none. 1259 */ 1260 1261 struct eflags 1262 { 1263 char *ef_name; 1264 unsigned long ef_bit; 1265 }; 1266 1267 static struct eflags EnvelopeFlags[] = 1268 { 1269 { "OLDSTYLE", EF_OLDSTYLE }, 1270 { "INQUEUE", EF_INQUEUE }, 1271 { "NO_BODY_RETN", EF_NO_BODY_RETN }, 1272 { "CLRQUEUE", EF_CLRQUEUE }, 1273 { "SENDRECEIPT", EF_SENDRECEIPT }, 1274 { "FATALERRS", EF_FATALERRS }, 1275 { "DELETE_BCC", EF_DELETE_BCC }, 1276 { "RESPONSE", EF_RESPONSE }, 1277 { "RESENT", EF_RESENT }, 1278 { "VRFYONLY", EF_VRFYONLY }, 1279 { "WARNING", EF_WARNING }, 1280 { "QUEUERUN", EF_QUEUERUN }, 1281 { "GLOBALERRS", EF_GLOBALERRS }, 1282 { "PM_NOTIFY", EF_PM_NOTIFY }, 1283 { "METOO", EF_METOO }, 1284 { "LOGSENDER", EF_LOGSENDER }, 1285 { "NORECEIPT", EF_NORECEIPT }, 1286 { "HAS8BIT", EF_HAS8BIT }, 1287 { "RET_PARAM", EF_RET_PARAM }, 1288 { "HAS_DF", EF_HAS_DF }, 1289 { "IS_MIME", EF_IS_MIME }, 1290 { "DONT_MIME", EF_DONT_MIME }, 1291 { "DISCARD", EF_DISCARD }, 1292 { "TOOBIG", EF_TOOBIG }, 1293 { "SPLIT", EF_SPLIT }, 1294 { "UNSAFE", EF_UNSAFE }, 1295 { "TOODEEP", EF_TOODEEP }, 1296 { "SECURE", EF_SECURE }, 1297 { NULL, 0 } 1298 }; 1299 1300 void 1301 printenvflags(e) 1302 register ENVELOPE *e; 1303 { 1304 register struct eflags *ef; 1305 bool first = true; 1306 1307 sm_dprintf("%lx", e->e_flags); 1308 for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++) 1309 { 1310 if (!bitset(ef->ef_bit, e->e_flags)) 1311 continue; 1312 if (first) 1313 sm_dprintf("<%s", ef->ef_name); 1314 else 1315 sm_dprintf(",%s", ef->ef_name); 1316 first = false; 1317 } 1318 if (!first) 1319 sm_dprintf(">\n"); 1320 } 1321