1 /* 2 * Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 16 SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $") 17 18 /* 19 ** CLRSESSENVELOPE -- clear session oriented data in an envelope 20 ** 21 ** Parameters: 22 ** e -- the envelope to clear. 23 ** 24 ** Returns: 25 ** none. 26 */ 27 28 void 29 clrsessenvelope(e) 30 ENVELOPE *e; 31 { 32 #if SASL 33 macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), ""); 34 macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), ""); 35 macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), ""); 36 macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), ""); 37 #endif /* SASL */ 38 #if STARTTLS 39 macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), ""); 40 macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), ""); 41 macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), ""); 42 macdefine(&e->e_macro, A_PERM, macid("{cipher}"), ""); 43 macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), ""); 44 macdefine(&e->e_macro, A_PERM, macid("{verify}"), ""); 45 macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), ""); 46 macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), ""); 47 macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), ""); 48 #endif /* STARTTLS */ 49 } 50 51 /* 52 ** NEWENVELOPE -- fill in a new envelope 53 ** 54 ** Supports inheritance. 55 ** 56 ** Parameters: 57 ** e -- the new envelope to fill in. 58 ** parent -- the envelope to be the parent of e. 59 ** rpool -- either NULL, or a pointer to a resource pool 60 ** from which envelope memory is allocated, and 61 ** to which envelope resources are attached. 62 ** 63 ** Returns: 64 ** e. 65 ** 66 ** Side Effects: 67 ** none. 68 */ 69 70 ENVELOPE * 71 newenvelope(e, parent, rpool) 72 register ENVELOPE *e; 73 register ENVELOPE *parent; 74 SM_RPOOL_T *rpool; 75 { 76 int sendmode; 77 78 /* 79 ** This code used to read: 80 ** if (e == parent && e->e_parent != NULL) 81 ** parent = e->e_parent; 82 ** So if e == parent && e->e_parent == NULL then we would 83 ** set e->e_parent = e, which creates a loop in the e_parent chain. 84 ** This meant macvalue() could go into an infinite loop. 85 */ 86 87 if (parent != NULL) 88 sendmode = parent->e_sendmode; 89 else 90 sendmode = DM_NOTSET; 91 92 if (e == parent) 93 parent = e->e_parent; 94 clearenvelope(e, true, rpool); 95 if (e == CurEnv) 96 memmove((char *) &e->e_from, 97 (char *) &NullAddress, 98 sizeof(e->e_from)); 99 else 100 memmove((char *) &e->e_from, 101 (char *) &CurEnv->e_from, 102 sizeof(e->e_from)); 103 e->e_parent = parent; 104 assign_queueid(e); 105 e->e_ctime = curtime(); 106 #if _FFR_SESSID 107 e->e_sessid = e->e_id; 108 #endif /* _FFR_SESSID */ 109 if (parent != NULL) 110 { 111 e->e_msgpriority = parent->e_msgsize; 112 #if _FFR_SESSID 113 if (parent->e_sessid != NULL) 114 e->e_sessid = sm_rpool_strdup_x(rpool, 115 parent->e_sessid); 116 #endif /* _FFR_SESSID */ 117 118 if (parent->e_quarmsg == NULL) 119 { 120 e->e_quarmsg = NULL; 121 macdefine(&e->e_macro, A_PERM, 122 macid("{quarantine}"), ""); 123 } 124 else 125 { 126 e->e_quarmsg = sm_rpool_strdup_x(rpool, 127 parent->e_quarmsg); 128 macdefine(&e->e_macro, A_PERM, 129 macid("{quarantine}"), e->e_quarmsg); 130 } 131 } 132 e->e_puthdr = putheader; 133 e->e_putbody = putbody; 134 if (CurEnv->e_xfp != NULL) 135 (void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT); 136 if (sendmode != DM_NOTSET) 137 set_delivery_mode(sendmode, e); 138 139 return e; 140 } 141 142 /* values for msg_timeout, see also IS_* below for usage (bit layout) */ 143 #define MSG_T_O 0x01 /* normal timeout */ 144 #define MSG_T_O_NOW 0x02 /* NOW timeout */ 145 #define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */ 146 #define MSG_WARN 0x10 /* normal queue warning */ 147 #define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */ 148 149 #define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */ 150 151 /* immediate return */ 152 #define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0) 153 #define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */ 154 155 /* 156 ** DROPENVELOPE -- deallocate an envelope. 157 ** 158 ** Parameters: 159 ** e -- the envelope to deallocate. 160 ** fulldrop -- if set, do return receipts. 161 ** split -- if true, split by recipient if message is queued up 162 ** 163 ** Returns: 164 ** EX_* status (currently: 0: success, EX_IOERR on panic) 165 ** 166 ** Side Effects: 167 ** housekeeping necessary to dispose of an envelope. 168 ** Unlocks this queue file. 169 */ 170 171 int 172 dropenvelope(e, fulldrop, split) 173 register ENVELOPE *e; 174 bool fulldrop; 175 bool split; 176 { 177 bool panic = false; 178 bool queueit = false; 179 int msg_timeout = 0; 180 bool failure_return = false; 181 bool delay_return = false; 182 bool success_return = false; 183 bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags); 184 bool done = false; 185 register ADDRESS *q; 186 char *id = e->e_id; 187 time_t now; 188 char buf[MAXLINE]; 189 190 if (tTd(50, 1)) 191 { 192 sm_dprintf("dropenvelope %p: id=", e); 193 xputs(sm_debug_file(), e->e_id); 194 sm_dprintf(", flags="); 195 printenvflags(e); 196 if (tTd(50, 10)) 197 { 198 sm_dprintf("sendq="); 199 printaddr(sm_debug_file(), e->e_sendqueue, true); 200 } 201 } 202 203 if (LogLevel > 84) 204 sm_syslog(LOG_DEBUG, id, 205 "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d", 206 e->e_flags, OpMode, (int) CurrentPid); 207 208 /* we must have an id to remove disk files */ 209 if (id == NULL) 210 return EX_OK; 211 212 /* if verify-only mode, we can skip most of this */ 213 if (OpMode == MD_VERIFY) 214 goto simpledrop; 215 216 if (tTd(92, 2)) 217 sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", 218 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); 219 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) 220 logsender(e, NULL); 221 e->e_flags &= ~EF_LOGSENDER; 222 223 /* post statistics */ 224 poststats(StatFile); 225 226 /* 227 ** Extract state information from dregs of send list. 228 */ 229 230 now = curtime(); 231 if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass]) 232 msg_timeout = MSG_T_O; 233 if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 && 234 now >= e->e_ctime + e->e_deliver_by && 235 !bitset(EF_RESPONSE, e->e_flags)) 236 { 237 msg_timeout = MSG_NOT_BY; 238 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; 239 } 240 else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW && 241 !bitset(EF_RESPONSE, e->e_flags)) 242 { 243 msg_timeout = MSG_T_O_NOW; 244 e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; 245 } 246 247 #if _FFR_PROXY 248 if (tTd(87, 2)) 249 { 250 q = e->e_sendqueue; 251 sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n", 252 e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q, 253 (q == NULL) ? (void *)0 : q->q_next, 254 (q == NULL) ? -1 : q->q_state); 255 } 256 #endif /* _FFR_PROXY */ 257 258 e->e_flags &= ~EF_QUEUERUN; 259 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 260 { 261 if (QS_IS_UNDELIVERED(q->q_state)) 262 queueit = true; 263 264 #if _FFR_PROXY 265 if (queueit && e->e_sendmode == SM_PROXY) 266 queueit = false; 267 #endif /* _FFR_PROXY */ 268 269 /* see if a notification is needed */ 270 if (bitset(QPINGONFAILURE, q->q_flags) && 271 ((IS_MSG_ERR(msg_timeout) && 272 QS_IS_UNDELIVERED(q->q_state)) || 273 QS_IS_BADADDR(q->q_state) || 274 IS_IMM_RET(msg_timeout))) 275 { 276 failure_return = true; 277 if (!done && q->q_owner == NULL && 278 !emptyaddr(&e->e_from)) 279 { 280 (void) sendtolist(e->e_from.q_paddr, NULLADDR, 281 &e->e_errorqueue, 0, e); 282 done = true; 283 } 284 } 285 else if ((bitset(QPINGONSUCCESS, q->q_flags) && 286 ((QS_IS_SENT(q->q_state) && 287 bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) || 288 bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) || 289 bitset(QBYTRACE, q->q_flags) || 290 bitset(QBYNRELAY, q->q_flags)) 291 { 292 success_return = true; 293 } 294 } 295 296 if (e->e_class < 0) 297 e->e_flags |= EF_NO_BODY_RETN; 298 299 /* 300 ** See if the message timed out. 301 */ 302 303 if (!queueit) 304 /* EMPTY */ 305 /* nothing to do */ ; 306 else if (IS_MSG_ERR(msg_timeout)) 307 { 308 if (failure_return) 309 { 310 if (msg_timeout == MSG_NOT_BY) 311 { 312 (void) sm_snprintf(buf, sizeof(buf), 313 "delivery time expired %lds", 314 e->e_deliver_by); 315 } 316 else 317 { 318 (void) sm_snprintf(buf, sizeof(buf), 319 "Cannot send message for %s", 320 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 321 false)); 322 } 323 324 /* don't free, allocated from e_rpool */ 325 e->e_message = sm_rpool_strdup_x(e->e_rpool, buf); 326 message(buf); 327 e->e_flags |= EF_CLRQUEUE; 328 } 329 if (msg_timeout == MSG_NOT_BY) 330 { 331 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 332 "Delivery time (%lds) expired\n", 333 e->e_deliver_by); 334 } 335 else 336 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 337 "Message could not be delivered for %s\n", 338 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 339 false)); 340 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 341 "Message will be deleted from queue\n"); 342 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 343 { 344 if (QS_IS_UNDELIVERED(q->q_state)) 345 { 346 q->q_state = QS_BADADDR; 347 if (msg_timeout == MSG_NOT_BY) 348 q->q_status = "5.4.7"; 349 else 350 q->q_status = "4.4.7"; 351 } 352 } 353 } 354 else 355 { 356 if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 && 357 now >= e->e_ctime + 358 TimeOuts.to_q_warning[e->e_timeoutclass]) 359 msg_timeout = MSG_WARN; 360 else if (IS_DLVR_NOTIFY(e) && 361 e->e_deliver_by > 0 && 362 now >= e->e_ctime + e->e_deliver_by) 363 msg_timeout = MSG_WARN_BY; 364 365 if (IS_MSG_WARN(msg_timeout)) 366 { 367 if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) && 368 e->e_class >= 0 && 369 e->e_from.q_paddr != NULL && 370 strcmp(e->e_from.q_paddr, "<>") != 0 && 371 sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 && 372 (strlen(e->e_from.q_paddr) <= 8 || 373 sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8], 374 "-request") != 0)) 375 { 376 for (q = e->e_sendqueue; q != NULL; 377 q = q->q_next) 378 { 379 if (QS_IS_UNDELIVERED(q->q_state) 380 #if _FFR_NODELAYDSN_ON_HOLD 381 && !bitnset(M_HOLD, 382 q->q_mailer->m_flags) 383 #endif /* _FFR_NODELAYDSN_ON_HOLD */ 384 ) 385 { 386 if (msg_timeout == 387 MSG_WARN_BY && 388 (bitset(QPINGONDELAY, 389 q->q_flags) || 390 !bitset(QHASNOTIFY, 391 q->q_flags)) 392 ) 393 { 394 q->q_flags |= QBYNDELAY; 395 delay_return = true; 396 } 397 if (bitset(QPINGONDELAY, 398 q->q_flags)) 399 { 400 q->q_flags |= QDELAYED; 401 delay_return = true; 402 } 403 } 404 } 405 } 406 if (delay_return) 407 { 408 if (msg_timeout == MSG_WARN_BY) 409 { 410 (void) sm_snprintf(buf, sizeof(buf), 411 "Warning: Delivery time (%lds) exceeded", 412 e->e_deliver_by); 413 } 414 else 415 (void) sm_snprintf(buf, sizeof(buf), 416 "Warning: could not send message for past %s", 417 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], 418 false)); 419 420 /* don't free, allocated from e_rpool */ 421 e->e_message = sm_rpool_strdup_x(e->e_rpool, 422 buf); 423 message(buf); 424 e->e_flags |= EF_WARNING; 425 } 426 if (msg_timeout == MSG_WARN_BY) 427 { 428 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 429 "Warning: Delivery time (%lds) exceeded\n", 430 e->e_deliver_by); 431 } 432 else 433 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 434 "Warning: message still undelivered after %s\n", 435 pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], 436 false)); 437 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, 438 "Will keep trying until message is %s old\n", 439 pintvl(TimeOuts.to_q_return[e->e_timeoutclass], 440 false)); 441 } 442 } 443 444 if (tTd(50, 2)) 445 sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n", 446 failure_return, delay_return, success_return, queueit); 447 448 /* 449 ** If we had some fatal error, but no addresses are marked as 450 ** bad, mark them _all_ as bad. 451 */ 452 453 if (bitset(EF_FATALERRS, e->e_flags) && !failure_return) 454 { 455 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 456 { 457 if ((QS_IS_OK(q->q_state) || 458 QS_IS_VERIFIED(q->q_state)) && 459 bitset(QPINGONFAILURE, q->q_flags)) 460 { 461 failure_return = true; 462 q->q_state = QS_BADADDR; 463 } 464 } 465 } 466 467 /* 468 ** Send back return receipts as requested. 469 */ 470 471 if (success_return && !failure_return && !delay_return && fulldrop && 472 !bitset(PRIV_NORECEIPTS, PrivacyFlags) && 473 strcmp(e->e_from.q_paddr, "<>") != 0) 474 { 475 auto ADDRESS *rlist = NULL; 476 477 if (tTd(50, 8)) 478 sm_dprintf("dropenvelope(%s): sending return receipt\n", 479 id); 480 e->e_flags |= EF_SENDRECEIPT; 481 (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e); 482 (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e); 483 } 484 e->e_flags &= ~EF_SENDRECEIPT; 485 486 /* 487 ** Arrange to send error messages if there are fatal errors. 488 */ 489 490 if ((failure_return || delay_return) && e->e_errormode != EM_QUIET) 491 { 492 if (tTd(50, 8)) 493 sm_dprintf("dropenvelope(%s): saving mail\n", id); 494 panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags)); 495 } 496 497 /* 498 ** Arrange to send warning messages to postmaster as requested. 499 */ 500 501 if ((failure_return || pmnotify) && 502 PostMasterCopy != NULL && 503 !bitset(EF_RESPONSE, e->e_flags) && 504 e->e_class >= 0) 505 { 506 auto ADDRESS *rlist = NULL; 507 char pcopy[MAXNAME]; 508 509 if (failure_return) 510 { 511 expand(PostMasterCopy, pcopy, sizeof(pcopy), e); 512 513 if (tTd(50, 8)) 514 sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n", 515 id, pcopy); 516 (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e); 517 } 518 if (pmnotify) 519 (void) sendtolist("postmaster", NULLADDR, 520 &rlist, 0, e); 521 (void) returntosender(e->e_message, rlist, 522 RTSF_PM_BOUNCE|RTSF_NO_BODY, e); 523 } 524 525 /* 526 ** Instantiate or deinstantiate the queue. 527 */ 528 529 simpledrop: 530 if (tTd(50, 8)) 531 sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n", 532 id, queueit); 533 if (!queueit || bitset(EF_CLRQUEUE, e->e_flags)) 534 { 535 if (tTd(50, 1)) 536 { 537 sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=", 538 e->e_id, queueit); 539 printenvflags(e); 540 } 541 if (!panic) 542 { 543 if (e->e_dfp != NULL) 544 { 545 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 546 e->e_dfp = NULL; 547 } 548 (void) xunlink(queuename(e, DATAFL_LETTER)); 549 } 550 if (panic && QueueMode == QM_LOST) 551 { 552 /* 553 ** leave the Qf file behind as 554 ** the delivery attempt failed. 555 */ 556 557 /* EMPTY */ 558 } 559 else 560 if (xunlink(queuename(e, ANYQFL_LETTER)) == 0) 561 { 562 /* add to available space in filesystem */ 563 updfs(e, -1, panic ? 0 : -1, "dropenvelope"); 564 } 565 566 if (e->e_ntries > 0 && LogLevel > 9) 567 sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d", 568 pintvl(curtime() - e->e_ctime, true), 569 e->e_ntries); 570 } 571 else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) 572 { 573 if (!split) 574 queueup(e, false, true); 575 else 576 { 577 ENVELOPE *oldsib; 578 ENVELOPE *ee; 579 580 /* 581 ** Save old sibling and set it to NULL to avoid 582 ** queueing up the same envelopes again. 583 ** This requires that envelopes in that list have 584 ** been take care of before (or at some other place). 585 */ 586 587 oldsib = e->e_sibling; 588 e->e_sibling = NULL; 589 if (!split_by_recipient(e) && 590 bitset(EF_FATALERRS, e->e_flags)) 591 { 592 syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld", 593 e->e_id, queuename(e, DATAFL_LETTER), 594 (long) geteuid()); 595 } 596 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 597 queueup(ee, false, true); 598 queueup(e, false, true); 599 600 /* clean up */ 601 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) 602 { 603 /* now unlock the job */ 604 if (tTd(50, 8)) 605 sm_dprintf("dropenvelope(%s): unlocking job\n", 606 ee->e_id); 607 closexscript(ee); 608 unlockqueue(ee); 609 610 /* this envelope is marked unused */ 611 if (ee->e_dfp != NULL) 612 { 613 (void) sm_io_close(ee->e_dfp, 614 SM_TIME_DEFAULT); 615 ee->e_dfp = NULL; 616 } 617 ee->e_id = NULL; 618 ee->e_flags &= ~EF_HAS_DF; 619 } 620 e->e_sibling = oldsib; 621 } 622 } 623 624 /* now unlock the job */ 625 if (tTd(50, 8)) 626 sm_dprintf("dropenvelope(%s): unlocking job\n", id); 627 closexscript(e); 628 unlockqueue(e); 629 630 /* make sure that this envelope is marked unused */ 631 if (e->e_dfp != NULL) 632 { 633 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 634 e->e_dfp = NULL; 635 } 636 e->e_id = NULL; 637 e->e_flags &= ~EF_HAS_DF; 638 if (panic) 639 return EX_IOERR; 640 return EX_OK; 641 } 642 643 /* 644 ** CLEARENVELOPE -- clear an envelope without unlocking 645 ** 646 ** This is normally used by a child process to get a clean 647 ** envelope without disturbing the parent. 648 ** 649 ** Parameters: 650 ** e -- the envelope to clear. 651 ** fullclear - if set, the current envelope is total 652 ** garbage and should be ignored; otherwise, 653 ** release any resources it may indicate. 654 ** rpool -- either NULL, or a pointer to a resource pool 655 ** from which envelope memory is allocated, and 656 ** to which envelope resources are attached. 657 ** 658 ** Returns: 659 ** none. 660 ** 661 ** Side Effects: 662 ** Closes files associated with the envelope. 663 ** Marks the envelope as unallocated. 664 */ 665 666 void 667 clearenvelope(e, fullclear, rpool) 668 register ENVELOPE *e; 669 bool fullclear; 670 SM_RPOOL_T *rpool; 671 { 672 register HDR *bh; 673 register HDR **nhp; 674 extern ENVELOPE BlankEnvelope; 675 char **p; 676 677 if (!fullclear) 678 { 679 /* clear out any file information */ 680 if (e->e_xfp != NULL) 681 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT); 682 if (e->e_dfp != NULL) 683 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); 684 e->e_xfp = e->e_dfp = NULL; 685 } 686 687 /* 688 ** Copy BlankEnvelope into *e. 689 ** It is not safe to simply copy pointers to strings; 690 ** the strings themselves must be copied (or set to NULL). 691 ** The problem is that when we assign a new string value to 692 ** a member of BlankEnvelope, we free the old string. 693 ** We did not need to do this copying in sendmail 8.11 :-( 694 ** and it is a potential performance hit. Reference counted 695 ** strings are one way out. 696 */ 697 698 *e = BlankEnvelope; 699 e->e_message = NULL; 700 e->e_qfletter = '\0'; 701 e->e_quarmsg = NULL; 702 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), ""); 703 704 /* 705 ** Copy the macro table. 706 ** We might be able to avoid this by zeroing the macro table 707 ** and always searching BlankEnvelope.e_macro after e->e_macro 708 ** in macvalue(). 709 */ 710 711 for (p = &e->e_macro.mac_table[0]; 712 p <= &e->e_macro.mac_table[MAXMACROID]; 713 ++p) 714 { 715 if (*p != NULL) 716 *p = sm_rpool_strdup_x(rpool, *p); 717 } 718 719 /* 720 ** XXX There are many strings in the envelope structure 721 ** XXX that we are not attempting to copy here. 722 ** XXX Investigate this further. 723 */ 724 725 e->e_rpool = rpool; 726 e->e_macro.mac_rpool = rpool; 727 if (Verbose) 728 set_delivery_mode(SM_DELIVER, e); 729 bh = BlankEnvelope.e_header; 730 nhp = &e->e_header; 731 while (bh != NULL) 732 { 733 *nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh)); 734 memmove((char *) *nhp, (char *) bh, sizeof(*bh)); 735 bh = bh->h_link; 736 nhp = &(*nhp)->h_link; 737 } 738 #if _FFR_MILTER_ENHSC 739 e->e_enhsc[0] = '\0'; 740 #endif /* _FFR_MILTER_ENHSC */ 741 } 742 /* 743 ** INITSYS -- initialize instantiation of system 744 ** 745 ** In Daemon mode, this is done in the child. 746 ** 747 ** Parameters: 748 ** e -- the envelope to use. 749 ** 750 ** Returns: 751 ** none. 752 ** 753 ** Side Effects: 754 ** Initializes the system macros, some global variables, 755 ** etc. In particular, the current time in various 756 ** forms is set. 757 */ 758 759 void 760 initsys(e) 761 register ENVELOPE *e; 762 { 763 char buf[10]; 764 #ifdef TTYNAME 765 static char ybuf[60]; /* holds tty id */ 766 register char *p; 767 extern char *ttyname(); 768 #endif /* TTYNAME */ 769 770 /* 771 ** Give this envelope a reality. 772 ** I.e., an id, a transcript, and a creation time. 773 ** We don't select the queue until all of the recipients are known. 774 */ 775 776 openxscript(e); 777 e->e_ctime = curtime(); 778 e->e_qfletter = '\0'; 779 780 /* 781 ** Set OutChannel to something useful if stdout isn't it. 782 ** This arranges that any extra stuff the mailer produces 783 ** gets sent back to the user on error (because it is 784 ** tucked away in the transcript). 785 */ 786 787 if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) && 788 e->e_xfp != NULL) 789 OutChannel = e->e_xfp; 790 791 /* 792 ** Set up some basic system macros. 793 */ 794 795 /* process id */ 796 (void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid); 797 macdefine(&e->e_macro, A_TEMP, 'p', buf); 798 799 /* hop count */ 800 (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount); 801 macdefine(&e->e_macro, A_TEMP, 'c', buf); 802 803 /* time as integer, unix time, arpa time */ 804 settime(e); 805 806 /* Load average */ 807 sm_getla(); 808 809 #ifdef TTYNAME 810 /* tty name */ 811 if (macvalue('y', e) == NULL) 812 { 813 p = ttyname(2); 814 if (p != NULL) 815 { 816 if (strrchr(p, '/') != NULL) 817 p = strrchr(p, '/') + 1; 818 (void) sm_strlcpy(ybuf, sizeof(ybuf), p); 819 macdefine(&e->e_macro, A_PERM, 'y', ybuf); 820 } 821 } 822 #endif /* TTYNAME */ 823 } 824 /* 825 ** SETTIME -- set the current time. 826 ** 827 ** Parameters: 828 ** e -- the envelope in which the macros should be set. 829 ** 830 ** Returns: 831 ** none. 832 ** 833 ** Side Effects: 834 ** Sets the various time macros -- $a, $b, $d, $t. 835 */ 836 837 void 838 settime(e) 839 register ENVELOPE *e; 840 { 841 register char *p; 842 auto time_t now; 843 char buf[30]; 844 register struct tm *tm; 845 846 now = curtime(); 847 (void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now); 848 macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf); 849 tm = gmtime(&now); 850 (void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d", 851 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 852 tm->tm_hour, tm->tm_min); 853 macdefine(&e->e_macro, A_TEMP, 't', buf); 854 (void) sm_strlcpy(buf, ctime(&now), sizeof(buf)); 855 p = strchr(buf, '\n'); 856 if (p != NULL) 857 *p = '\0'; 858 macdefine(&e->e_macro, A_TEMP, 'd', buf); 859 macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf)); 860 if (macvalue('a', e) == NULL) 861 macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e)); 862 } 863 /* 864 ** OPENXSCRIPT -- Open transcript file 865 ** 866 ** Creates a transcript file for possible eventual mailing or 867 ** sending back. 868 ** 869 ** Parameters: 870 ** e -- the envelope to create the transcript in/for. 871 ** 872 ** Returns: 873 ** none 874 ** 875 ** Side Effects: 876 ** Creates the transcript file. 877 */ 878 879 #ifndef O_APPEND 880 # define O_APPEND 0 881 #endif /* ! O_APPEND */ 882 883 void 884 openxscript(e) 885 register ENVELOPE *e; 886 { 887 register char *p; 888 889 if (e->e_xfp != NULL) 890 return; 891 892 #if 0 893 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags)) 894 syserr("openxscript: job not locked"); 895 #endif /* 0 */ 896 897 p = queuename(e, XSCRPT_LETTER); 898 e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize, 899 SFF_NOTEXCL|SFF_OPENASROOT); 900 901 if (e->e_xfp == NULL) 902 { 903 syserr("Can't create transcript file %s", p); 904 e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, 905 SM_PATH_DEVNULL, SM_IO_RDWR, NULL); 906 if (e->e_xfp == NULL) 907 syserr("!Can't open %s", SM_PATH_DEVNULL); 908 } 909 (void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0); 910 if (tTd(46, 9)) 911 { 912 sm_dprintf("openxscript(%s):\n ", p); 913 dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true, 914 false); 915 } 916 } 917 /* 918 ** CLOSEXSCRIPT -- close the transcript file. 919 ** 920 ** Parameters: 921 ** e -- the envelope containing the transcript to close. 922 ** 923 ** Returns: 924 ** none. 925 ** 926 ** Side Effects: 927 ** none. 928 */ 929 930 void 931 closexscript(e) 932 register ENVELOPE *e; 933 { 934 if (e->e_xfp == NULL) 935 return; 936 #if 0 937 if (e->e_lockfp == NULL) 938 syserr("closexscript: job not locked"); 939 #endif /* 0 */ 940 (void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT); 941 e->e_xfp = NULL; 942 } 943 /* 944 ** SETSENDER -- set the person who this message is from 945 ** 946 ** Under certain circumstances allow the user to say who 947 ** s/he is (using -f or -r). These are: 948 ** 1. The user's uid is zero (root). 949 ** 2. The user's login name is in an approved list (typically 950 ** from a network server). 951 ** 3. The address the user is trying to claim has a 952 ** "!" character in it (since #2 doesn't do it for 953 ** us if we are dialing out for UUCP). 954 ** A better check to replace #3 would be if the 955 ** effective uid is "UUCP" -- this would require me 956 ** to rewrite getpwent to "grab" uucp as it went by, 957 ** make getname more nasty, do another passwd file 958 ** scan, or compile the UID of "UUCP" into the code, 959 ** all of which are reprehensible. 960 ** 961 ** Assuming all of these fail, we figure out something 962 ** ourselves. 963 ** 964 ** Parameters: 965 ** from -- the person we would like to believe this message 966 ** is from, as specified on the command line. 967 ** e -- the envelope in which we would like the sender set. 968 ** delimptr -- if non-NULL, set to the location of the 969 ** trailing delimiter. 970 ** delimchar -- the character that will delimit the sender 971 ** address. 972 ** internal -- set if this address is coming from an internal 973 ** source such as an owner alias. 974 ** 975 ** Returns: 976 ** none. 977 ** 978 ** Side Effects: 979 ** sets sendmail's notion of who the from person is. 980 */ 981 982 void 983 setsender(from, e, delimptr, delimchar, internal) 984 char *from; 985 register ENVELOPE *e; 986 char **delimptr; 987 int delimchar; 988 bool internal; 989 { 990 register char **pvp; 991 char *realname = NULL; 992 char *bp; 993 char buf[MAXNAME + 2]; 994 char pvpbuf[PSBUFSIZE]; 995 extern char *FullName; 996 997 if (tTd(45, 1)) 998 sm_dprintf("setsender(%s)\n", from == NULL ? "" : from); 999 1000 /* may be set from earlier calls */ 1001 macdefine(&e->e_macro, A_PERM, 'x', ""); 1002 1003 /* 1004 ** Figure out the real user executing us. 1005 ** Username can return errno != 0 on non-errors. 1006 */ 1007 1008 if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP || 1009 OpMode == MD_ARPAFTP || OpMode == MD_DAEMON) 1010 realname = from; 1011 if (realname == NULL || realname[0] == '\0') 1012 realname = username(); 1013 1014 if (ConfigLevel < 2) 1015 SuprErrs = true; 1016 1017 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s"); 1018 1019 /* preset state for then clause in case from == NULL */ 1020 e->e_from.q_state = QS_BADADDR; 1021 e->e_from.q_flags = 0; 1022 if (from == NULL || 1023 parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR, 1024 delimchar, delimptr, e, false) == NULL || 1025 QS_IS_BADADDR(e->e_from.q_state) || 1026 e->e_from.q_mailer == ProgMailer || 1027 e->e_from.q_mailer == FileMailer || 1028 e->e_from.q_mailer == InclMailer) 1029 { 1030 /* log garbage addresses for traceback */ 1031 if (from != NULL && LogLevel > 2) 1032 { 1033 char *p; 1034 char ebuf[MAXNAME * 2 + 2]; 1035 1036 p = macvalue('_', e); 1037 if (p == NULL) 1038 { 1039 char *host = RealHostName; 1040 1041 if (host == NULL) 1042 host = MyHostName; 1043 (void) sm_snprintf(ebuf, sizeof(ebuf), 1044 "%.*s@%.*s", MAXNAME, 1045 realname, MAXNAME, host); 1046 p = ebuf; 1047 } 1048 sm_syslog(LOG_NOTICE, e->e_id, 1049 "setsender: %s: invalid or unparsable, received from %s", 1050 shortenstring(from, 83), p); 1051 } 1052 if (from != NULL) 1053 { 1054 if (!QS_IS_BADADDR(e->e_from.q_state)) 1055 { 1056 /* it was a bogus mailer in the from addr */ 1057 e->e_status = "5.1.7"; 1058 usrerrenh(e->e_status, 1059 "553 Invalid sender address"); 1060 } 1061 SuprErrs = true; 1062 } 1063 if (from == realname || 1064 parseaddr(from = realname, 1065 &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ', 1066 NULL, e, false) == NULL) 1067 { 1068 char nbuf[100]; 1069 1070 SuprErrs = true; 1071 expand("\201n", nbuf, sizeof(nbuf), e); 1072 from = sm_rpool_strdup_x(e->e_rpool, nbuf); 1073 if (parseaddr(from, &e->e_from, RF_COPYALL, ' ', 1074 NULL, e, false) == NULL && 1075 parseaddr(from = "postmaster", &e->e_from, 1076 RF_COPYALL, ' ', NULL, e, false) == NULL) 1077 syserr("553 5.3.0 setsender: can't even parse postmaster!"); 1078 } 1079 } 1080 else 1081 FromFlag = true; 1082 e->e_from.q_state = QS_SENDER; 1083 if (tTd(45, 5)) 1084 { 1085 sm_dprintf("setsender: QS_SENDER "); 1086 printaddr(sm_debug_file(), &e->e_from, false); 1087 } 1088 SuprErrs = false; 1089 1090 #if USERDB 1091 if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags)) 1092 { 1093 register char *p; 1094 1095 p = udbsender(e->e_from.q_user, e->e_rpool); 1096 if (p != NULL) 1097 from = p; 1098 } 1099 #endif /* USERDB */ 1100 1101 if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags)) 1102 { 1103 SM_MBDB_T user; 1104 1105 if (!internal) 1106 { 1107 /* if the user already given fullname don't redefine */ 1108 if (FullName == NULL) 1109 FullName = macvalue('x', e); 1110 if (FullName != NULL) 1111 { 1112 if (FullName[0] == '\0') 1113 FullName = NULL; 1114 else 1115 FullName = newstr(FullName); 1116 } 1117 } 1118 1119 if (e->e_from.q_user[0] != '\0' && 1120 sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK) 1121 { 1122 /* 1123 ** Process passwd file entry. 1124 */ 1125 1126 /* extract home directory */ 1127 if (*user.mbdb_homedir == '\0') 1128 e->e_from.q_home = NULL; 1129 else if (strcmp(user.mbdb_homedir, "/") == 0) 1130 e->e_from.q_home = ""; 1131 else 1132 e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool, 1133 user.mbdb_homedir); 1134 macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home); 1135 1136 /* extract user and group id */ 1137 if (user.mbdb_uid != SM_NO_UID) 1138 { 1139 e->e_from.q_uid = user.mbdb_uid; 1140 e->e_from.q_gid = user.mbdb_gid; 1141 e->e_from.q_flags |= QGOODUID; 1142 } 1143 1144 /* extract full name from passwd file */ 1145 if (FullName == NULL && !internal && 1146 user.mbdb_fullname[0] != '\0' && 1147 strcmp(user.mbdb_name, e->e_from.q_user) == 0) 1148 { 1149 FullName = newstr(user.mbdb_fullname); 1150 } 1151 } 1152 else 1153 { 1154 e->e_from.q_home = NULL; 1155 } 1156 if (FullName != NULL && !internal) 1157 macdefine(&e->e_macro, A_TEMP, 'x', FullName); 1158 } 1159 else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP) 1160 { 1161 if (e->e_from.q_home == NULL) 1162 { 1163 e->e_from.q_home = getenv("HOME"); 1164 if (e->e_from.q_home != NULL) 1165 { 1166 if (*e->e_from.q_home == '\0') 1167 e->e_from.q_home = NULL; 1168 else if (strcmp(e->e_from.q_home, "/") == 0) 1169 e->e_from.q_home++; 1170 } 1171 } 1172 e->e_from.q_uid = RealUid; 1173 e->e_from.q_gid = RealGid; 1174 e->e_from.q_flags |= QGOODUID; 1175 } 1176 1177 /* 1178 ** Rewrite the from person to dispose of possible implicit 1179 ** links in the net. 1180 */ 1181 1182 pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL, 1183 IntTokenTab, false); 1184 if (pvp == NULL) 1185 { 1186 /* don't need to give error -- prescan did that already */ 1187 if (LogLevel > 2) 1188 sm_syslog(LOG_NOTICE, e->e_id, 1189 "cannot prescan from (%s)", 1190 shortenstring(from, MAXSHORTSTR)); 1191 finis(true, true, ExitStat); 1192 } 1193 (void) REWRITE(pvp, 3, e); 1194 (void) REWRITE(pvp, 1, e); 1195 (void) REWRITE(pvp, 4, e); 1196 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL); 1197 bp = buf + 1; 1198 cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false); 1199 if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags)) 1200 { 1201 /* heuristic: route-addr: add angle brackets */ 1202 (void) sm_strlcat(bp, ">", sizeof(buf) - 1); 1203 *--bp = '<'; 1204 } 1205 e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp); 1206 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender); 1207 1208 /* save the domain spec if this mailer wants it */ 1209 if (e->e_from.q_mailer != NULL && 1210 bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) 1211 { 1212 char **lastat; 1213 1214 /* get rid of any pesky angle brackets */ 1215 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s"); 1216 (void) REWRITE(pvp, 3, e); 1217 (void) REWRITE(pvp, 1, e); 1218 (void) REWRITE(pvp, 4, e); 1219 macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL); 1220 1221 /* strip off to the last "@" sign */ 1222 for (lastat = NULL; *pvp != NULL; pvp++) 1223 { 1224 if (strcmp(*pvp, "@") == 0) 1225 lastat = pvp; 1226 } 1227 if (lastat != NULL) 1228 { 1229 e->e_fromdomain = copyplist(lastat, true, e->e_rpool); 1230 if (tTd(45, 3)) 1231 { 1232 sm_dprintf("Saving from domain: "); 1233 printav(sm_debug_file(), e->e_fromdomain); 1234 } 1235 } 1236 } 1237 } 1238 /* 1239 ** PRINTENVFLAGS -- print envelope flags for debugging 1240 ** 1241 ** Parameters: 1242 ** e -- the envelope with the flags to be printed. 1243 ** 1244 ** Returns: 1245 ** none. 1246 */ 1247 1248 struct eflags 1249 { 1250 char *ef_name; 1251 unsigned long ef_bit; 1252 }; 1253 1254 static struct eflags EnvelopeFlags[] = 1255 { 1256 { "OLDSTYLE", EF_OLDSTYLE }, 1257 { "INQUEUE", EF_INQUEUE }, 1258 { "NO_BODY_RETN", EF_NO_BODY_RETN }, 1259 { "CLRQUEUE", EF_CLRQUEUE }, 1260 { "SENDRECEIPT", EF_SENDRECEIPT }, 1261 { "FATALERRS", EF_FATALERRS }, 1262 { "DELETE_BCC", EF_DELETE_BCC }, 1263 { "RESPONSE", EF_RESPONSE }, 1264 { "RESENT", EF_RESENT }, 1265 { "VRFYONLY", EF_VRFYONLY }, 1266 { "WARNING", EF_WARNING }, 1267 { "QUEUERUN", EF_QUEUERUN }, 1268 { "GLOBALERRS", EF_GLOBALERRS }, 1269 { "PM_NOTIFY", EF_PM_NOTIFY }, 1270 { "METOO", EF_METOO }, 1271 { "LOGSENDER", EF_LOGSENDER }, 1272 { "NORECEIPT", EF_NORECEIPT }, 1273 { "HAS8BIT", EF_HAS8BIT }, 1274 { "NL_NOT_EOL", EF_NL_NOT_EOL }, 1275 { "CRLF_NOT_EOL", EF_CRLF_NOT_EOL }, 1276 { "RET_PARAM", EF_RET_PARAM }, 1277 { "HAS_DF", EF_HAS_DF }, 1278 { "IS_MIME", EF_IS_MIME }, 1279 { "DONT_MIME", EF_DONT_MIME }, 1280 { "DISCARD", EF_DISCARD }, 1281 { "TOOBIG", EF_TOOBIG }, 1282 { "SPLIT", EF_SPLIT }, 1283 { "UNSAFE", EF_UNSAFE }, 1284 { NULL, 0 } 1285 }; 1286 1287 void 1288 printenvflags(e) 1289 register ENVELOPE *e; 1290 { 1291 register struct eflags *ef; 1292 bool first = true; 1293 1294 sm_dprintf("%lx", e->e_flags); 1295 for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++) 1296 { 1297 if (!bitset(ef->ef_bit, e->e_flags)) 1298 continue; 1299 if (first) 1300 sm_dprintf("<%s", ef->ef_name); 1301 else 1302 sm_dprintf(",%s", ef->ef_name); 1303 first = false; 1304 } 1305 if (!first) 1306 sm_dprintf(">\n"); 1307 } 1308