xref: /freebsd/contrib/sendmail/src/recipient.c (revision 74bf4e164ba5851606a27d4feff27717452583e5)
1 /*
2  * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("@(#)$Id: recipient.c,v 8.336 2004/07/23 20:45:02 gshapiro Exp $")
17 
18 static void	includetimeout __P((void));
19 static ADDRESS	*self_reference __P((ADDRESS *));
20 static int	sortexpensive __P((ADDRESS *, ADDRESS *));
21 static int	sortbysignature __P((ADDRESS *, ADDRESS *));
22 static int	sorthost __P((ADDRESS *, ADDRESS *));
23 
24 typedef int	sortfn_t __P((ADDRESS *, ADDRESS *));
25 
26 /*
27 **  SORTHOST -- strcmp()-like func for host portion of an ADDRESS
28 **
29 **	Parameters:
30 **		xx -- first ADDRESS
31 **		yy -- second ADDRESS
32 **
33 **	Returns:
34 **		<0 when xx->q_host is less than yy->q_host
35 **		>0 when xx->q_host is greater than yy->q_host
36 **		0 when equal
37 */
38 
39 static int
40 sorthost(xx, yy)
41 	register ADDRESS *xx;
42 	register ADDRESS *yy;
43 {
44 #if _FFR_HOST_SORT_REVERSE
45 	/* XXX maybe compare hostnames from the end? */
46 	return sm_strrevcasecmp(xx->q_host, yy->q_host);
47 #else /* _FFR_HOST_SORT_REVERSE */
48 	return sm_strcasecmp(xx->q_host, yy->q_host);
49 #endif /* _FFR_HOST_SORT_REVERSE */
50 }
51 
52 /*
53 **  SORTEXPENSIVE -- strcmp()-like func for expensive mailers
54 **
55 **  The mailer has been noted already as "expensive" for 'xx'. This
56 **  will give a result relative to 'yy'. Expensive mailers get rated
57 **  "greater than" non-expensive mailers because during the delivery phase
58 **  it will get queued -- no use it getting in the way of less expensive
59 **  recipients. We avoid an MX RR lookup when both 'xx' and 'yy' are
60 **  expensive since an MX RR lookup happens when extracted from the queue
61 **  later.
62 **
63 **	Parameters:
64 **		xx -- first ADDRESS
65 **		yy -- second ADDRESS
66 **
67 **	Returns:
68 **		<0 when xx->q_host is less than yy->q_host and both are
69 **			expensive
70 **		>0 when xx->q_host is greater than yy->q_host, or when
71 **			'yy' is non-expensive
72 **		0 when equal (by expense and q_host)
73 */
74 
75 static int
76 sortexpensive(xx, yy)
77 	ADDRESS *xx;
78 	ADDRESS *yy;
79 {
80 	if (!bitnset(M_EXPENSIVE, yy->q_mailer->m_flags))
81 		return 1; /* xx should go later */
82 #if _FFR_HOST_SORT_REVERSE
83 	/* XXX maybe compare hostnames from the end? */
84 	return sm_strrevcasecmp(xx->q_host, yy->q_host);
85 #else /* _FFR_HOST_SORT_REVERSE */
86 	return sm_strcasecmp(xx->q_host, yy->q_host);
87 #endif /* _FFR_HOST_SORT_REVERSE */
88 }
89 
90 /*
91 **  SORTBYSIGNATURE -- a strcmp()-like func for q_mailer and q_host in ADDRESS
92 **
93 **	Parameters:
94 **		xx -- first ADDRESS
95 **		yy -- second ADDRESS
96 **
97 **	Returns:
98 **		0 when the "signature"'s are same
99 **		<0 when xx->q_signature is less than yy->q_signature
100 **		>0 when xx->q_signature is greater than yy->q_signature
101 **
102 **	Side Effect:
103 **		May set ADDRESS pointer for q_signature if not already set.
104 */
105 
106 static int
107 sortbysignature(xx, yy)
108 	ADDRESS *xx;
109 	ADDRESS *yy;
110 {
111 	register int ret;
112 
113 	/* Let's avoid redoing the signature over and over again */
114 	if (xx->q_signature == NULL)
115 		xx->q_signature = hostsignature(xx->q_mailer, xx->q_host);
116 	if (yy->q_signature == NULL)
117 		yy->q_signature = hostsignature(yy->q_mailer, yy->q_host);
118 	ret = strcmp(xx->q_signature, yy->q_signature);
119 
120 	/*
121 	**  If the two signatures are the same then we will return a sort
122 	**  value based on 'q_user'. But note that we have reversed xx and yy
123 	**  on purpose. This additional compare helps reduce the number of
124 	**  sameaddr() calls and loops in recipient() for the case when
125 	**  the rcpt list has been provided already in-order.
126 	*/
127 
128 	if (ret == 0)
129 		return strcmp(yy->q_user, xx->q_user);
130 	else
131 		return ret;
132 }
133 
134 /*
135 **  SENDTOLIST -- Designate a send list.
136 **
137 **	The parameter is a comma-separated list of people to send to.
138 **	This routine arranges to send to all of them.
139 **
140 **	Parameters:
141 **		list -- the send list.
142 **		ctladdr -- the address template for the person to
143 **			send to -- effective uid/gid are important.
144 **			This is typically the alias that caused this
145 **			expansion.
146 **		sendq -- a pointer to the head of a queue to put
147 **			these people into.
148 **		aliaslevel -- the current alias nesting depth -- to
149 **			diagnose loops.
150 **		e -- the envelope in which to add these recipients.
151 **
152 **	Returns:
153 **		The number of addresses actually on the list.
154 */
155 
156 /* q_flags bits inherited from ctladdr */
157 #define QINHERITEDBITS	(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY)
158 
159 int
160 sendtolist(list, ctladdr, sendq, aliaslevel, e)
161 	char *list;
162 	ADDRESS *ctladdr;
163 	ADDRESS **sendq;
164 	int aliaslevel;
165 	register ENVELOPE *e;
166 {
167 	register char *p;
168 	register ADDRESS *SM_NONVOLATILE al; /* list of addresses to send to */
169 	SM_NONVOLATILE char delimiter;		/* the address delimiter */
170 	SM_NONVOLATILE int naddrs;
171 	SM_NONVOLATILE int i;
172 	char *endp;
173 	char *oldto = e->e_to;
174 	char *SM_NONVOLATILE bufp;
175 	char buf[MAXNAME + 1];
176 
177 	if (list == NULL)
178 	{
179 		syserr("sendtolist: null list");
180 		return 0;
181 	}
182 
183 	if (tTd(25, 1))
184 	{
185 		sm_dprintf("sendto: %s\n   ctladdr=", list);
186 		printaddr(sm_debug_file(), ctladdr, false);
187 	}
188 
189 	/* heuristic to determine old versus new style addresses */
190 	if (ctladdr == NULL &&
191 	    (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
192 	     strchr(list, '<') != NULL || strchr(list, '(') != NULL))
193 		e->e_flags &= ~EF_OLDSTYLE;
194 	delimiter = ' ';
195 	if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
196 		delimiter = ',';
197 
198 	al = NULL;
199 	naddrs = 0;
200 
201 	/* make sure we have enough space to copy the string */
202 	i = strlen(list) + 1;
203 	if (i <= sizeof buf)
204 	{
205 		bufp = buf;
206 		i = sizeof buf;
207 	}
208 	else
209 		bufp = sm_malloc_x(i);
210 	endp = bufp + i;
211 
212 	SM_TRY
213 	{
214 		(void) sm_strlcpy(bufp, denlstring(list, false, true), i);
215 
216 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e r");
217 		for (p = bufp; *p != '\0'; )
218 		{
219 			auto char *delimptr;
220 			register ADDRESS *a;
221 
222 			SM_ASSERT(p < endp);
223 
224 			/* parse the address */
225 			while ((isascii(*p) && isspace(*p)) || *p == ',')
226 				p++;
227 			SM_ASSERT(p < endp);
228 			a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter,
229 				      &delimptr, e, true);
230 			p = delimptr;
231 			SM_ASSERT(p < endp);
232 			if (a == NULL)
233 				continue;
234 			a->q_next = al;
235 			a->q_alias = ctladdr;
236 
237 			/* arrange to inherit attributes from parent */
238 			if (ctladdr != NULL)
239 			{
240 				ADDRESS *b;
241 
242 				/* self reference test */
243 				if (sameaddr(ctladdr, a))
244 				{
245 					if (tTd(27, 5))
246 					{
247 						sm_dprintf("sendtolist: QSELFREF ");
248 						printaddr(sm_debug_file(), ctladdr, false);
249 					}
250 					ctladdr->q_flags |= QSELFREF;
251 				}
252 
253 				/* check for address loops */
254 				b = self_reference(a);
255 				if (b != NULL)
256 				{
257 					b->q_flags |= QSELFREF;
258 					if (tTd(27, 5))
259 					{
260 						sm_dprintf("sendtolist: QSELFREF ");
261 						printaddr(sm_debug_file(), b, false);
262 					}
263 					if (a != b)
264 					{
265 						if (tTd(27, 5))
266 						{
267 							sm_dprintf("sendtolist: QS_DONTSEND ");
268 							printaddr(sm_debug_file(), a, false);
269 						}
270 						a->q_state = QS_DONTSEND;
271 						b->q_flags |= a->q_flags & QNOTREMOTE;
272 						continue;
273 					}
274 				}
275 
276 				/* full name */
277 				if (a->q_fullname == NULL)
278 					a->q_fullname = ctladdr->q_fullname;
279 
280 				/* various flag bits */
281 				a->q_flags &= ~QINHERITEDBITS;
282 				a->q_flags |= ctladdr->q_flags & QINHERITEDBITS;
283 
284 				/* DSN recipient information */
285 				a->q_finalrcpt = ctladdr->q_finalrcpt;
286 				a->q_orcpt = ctladdr->q_orcpt;
287 			}
288 
289 			al = a;
290 		}
291 
292 		/* arrange to send to everyone on the local send list */
293 		while (al != NULL)
294 		{
295 			register ADDRESS *a = al;
296 
297 			al = a->q_next;
298 			a = recipient(a, sendq, aliaslevel, e);
299 			naddrs++;
300 		}
301 	}
302 	SM_FINALLY
303 	{
304 		e->e_to = oldto;
305 		if (bufp != buf)
306 			sm_free(bufp);
307 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
308 	}
309 	SM_END_TRY
310 	return naddrs;
311 }
312 #if MILTER
313 /*
314 **  REMOVEFROMLIST -- Remove addresses from a send list.
315 **
316 **	The parameter is a comma-separated list of recipients to remove.
317 **	Note that it only deletes matching addresses.  If those addresses
318 **	have been expanded already in the sendq, it won't mark the
319 **	expanded recipients as QS_REMOVED.
320 **
321 **	Parameters:
322 **		list -- the list to remove.
323 **		sendq -- a pointer to the head of a queue to remove
324 **			these addresses from.
325 **		e -- the envelope in which to remove these recipients.
326 **
327 **	Returns:
328 **		The number of addresses removed from the list.
329 **
330 */
331 
332 int
333 removefromlist(list, sendq, e)
334 	char *list;
335 	ADDRESS **sendq;
336 	ENVELOPE *e;
337 {
338 	SM_NONVOLATILE char delimiter;		/* the address delimiter */
339 	SM_NONVOLATILE int naddrs;
340 	SM_NONVOLATILE int i;
341 	char *p;
342 	char *oldto = e->e_to;
343 	char *SM_NONVOLATILE bufp;
344 	char buf[MAXNAME + 1];
345 
346 	if (list == NULL)
347 	{
348 		syserr("removefromlist: null list");
349 		return 0;
350 	}
351 
352 	if (tTd(25, 1))
353 		sm_dprintf("removefromlist: %s\n", list);
354 
355 	/* heuristic to determine old versus new style addresses */
356 	if (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
357 	    strchr(list, '<') != NULL || strchr(list, '(') != NULL)
358 		e->e_flags &= ~EF_OLDSTYLE;
359 	delimiter = ' ';
360 	if (!bitset(EF_OLDSTYLE, e->e_flags))
361 		delimiter = ',';
362 
363 	naddrs = 0;
364 
365 	/* make sure we have enough space to copy the string */
366 	i = strlen(list) + 1;
367 	if (i <= sizeof buf)
368 	{
369 		bufp = buf;
370 		i = sizeof buf;
371 	}
372 	else
373 		bufp = sm_malloc_x(i);
374 
375 	SM_TRY
376 	{
377 		(void) sm_strlcpy(bufp, denlstring(list, false, true), i);
378 
379 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e r");
380 		for (p = bufp; *p != '\0'; )
381 		{
382 			ADDRESS a;	/* parsed address to be removed */
383 			ADDRESS *q;
384 			ADDRESS **pq;
385 			char *delimptr;
386 
387 			/* parse the address */
388 			while ((isascii(*p) && isspace(*p)) || *p == ',')
389 				p++;
390 			if (parseaddr(p, &a, RF_COPYALL,
391 				      delimiter, &delimptr, e, true) == NULL)
392 			{
393 				p = delimptr;
394 				continue;
395 			}
396 			p = delimptr;
397 			for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
398 			{
399 				if (!QS_IS_DEAD(q->q_state) &&
400 				    (sameaddr(q, &a) ||
401 				     strcmp(q->q_paddr, a.q_paddr) == 0))
402 				{
403 					if (tTd(25, 5))
404 					{
405 						sm_dprintf("removefromlist: QS_REMOVED ");
406 						printaddr(sm_debug_file(), &a, false);
407 					}
408 					q->q_state = QS_REMOVED;
409 					naddrs++;
410 					break;
411 				}
412 			}
413 		}
414 	}
415 	SM_FINALLY
416 	{
417 		e->e_to = oldto;
418 		if (bufp != buf)
419 			sm_free(bufp);
420 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
421 	}
422 	SM_END_TRY
423 	return naddrs;
424 }
425 #endif /* MILTER */
426 /*
427 **  RECIPIENT -- Designate a message recipient
428 **
429 **	Saves the named person for future mailing.
430 **
431 **	Parameters:
432 **		new -- the (preparsed) address header for the recipient.
433 **		sendq -- a pointer to the head of a queue to put the
434 **			recipient in.  Duplicate suppression is done
435 **			in this queue.
436 **		aliaslevel -- the current alias nesting depth.
437 **		e -- the current envelope.
438 **
439 **	Returns:
440 **		The actual address in the queue.  This will be "a" if
441 **		the address is not a duplicate, else the original address.
442 **
443 */
444 
445 ADDRESS *
446 recipient(new, sendq, aliaslevel, e)
447 	register ADDRESS *new;
448 	register ADDRESS **sendq;
449 	int aliaslevel;
450 	register ENVELOPE *e;
451 {
452 	register ADDRESS *q;
453 	ADDRESS **pq;
454 	ADDRESS **prev;
455 	register struct mailer *m;
456 	register char *p;
457 	int i, buflen;
458 	bool quoted;		/* set if the addr has a quote bit */
459 	bool insert;
460 	int findusercount;
461 	bool initialdontsend;
462 	char *buf;
463 	char buf0[MAXNAME + 1];		/* unquoted image of the user name */
464 	sortfn_t *sortfn;
465 
466 	p = NULL;
467 	quoted = false;
468 	insert = false;
469 	findusercount = 0;
470 	initialdontsend = QS_IS_DEAD(new->q_state);
471 	e->e_to = new->q_paddr;
472 	m = new->q_mailer;
473 	errno = 0;
474 	if (aliaslevel == 0)
475 		new->q_flags |= QPRIMARY;
476 	if (tTd(26, 1))
477 	{
478 		sm_dprintf("\nrecipient (%d): ", aliaslevel);
479 		printaddr(sm_debug_file(), new, false);
480 	}
481 
482 	/* if this is primary, use it as original recipient */
483 	if (new->q_alias == NULL)
484 	{
485 		if (e->e_origrcpt == NULL)
486 			e->e_origrcpt = new->q_paddr;
487 		else if (e->e_origrcpt != new->q_paddr)
488 			e->e_origrcpt = "";
489 	}
490 
491 	/* find parent recipient for finalrcpt and orcpt */
492 	for (q = new; q->q_alias != NULL; q = q->q_alias)
493 		continue;
494 
495 	/* find final recipient DSN address */
496 	if (new->q_finalrcpt == NULL &&
497 	    e->e_from.q_mailer != NULL)
498 	{
499 		char frbuf[MAXLINE];
500 
501 		p = e->e_from.q_mailer->m_addrtype;
502 		if (p == NULL)
503 			p = "rfc822";
504 		if (sm_strcasecmp(p, "rfc822") != 0)
505 		{
506 			(void) sm_snprintf(frbuf, sizeof frbuf, "%s; %.800s",
507 					   q->q_mailer->m_addrtype,
508 					   q->q_user);
509 		}
510 		else if (strchr(q->q_user, '@') != NULL)
511 		{
512 			(void) sm_snprintf(frbuf, sizeof frbuf, "%s; %.800s",
513 					   p, q->q_user);
514 		}
515 		else if (strchr(q->q_paddr, '@') != NULL)
516 		{
517 			char *qp;
518 			bool b;
519 
520 			qp = q->q_paddr;
521 
522 			/* strip brackets from address */
523 			b = false;
524 			if (*qp == '<')
525 			{
526 				b = qp[strlen(qp) - 1] == '>';
527 				if (b)
528 					qp[strlen(qp) - 1] = '\0';
529 				qp++;
530 			}
531 			(void) sm_snprintf(frbuf, sizeof frbuf, "%s; %.800s",
532 					   p, qp);
533 
534 			/* undo damage */
535 			if (b)
536 				qp[strlen(qp)] = '>';
537 		}
538 		else
539 		{
540 			(void) sm_snprintf(frbuf, sizeof frbuf,
541 					   "%s; %.700s@%.100s",
542 					   p, q->q_user, MyHostName);
543 		}
544 		new->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool, frbuf);
545 	}
546 
547 #if _FFR_GEN_ORCPT
548 	/* set ORCPT DSN arg if not already set */
549 	if (new->q_orcpt == NULL)
550 	{
551 		/* check for an existing ORCPT */
552 		if (q->q_orcpt != NULL)
553 			new->q_orcpt = q->q_orcpt;
554 		else
555 		{
556 			/* make our own */
557 			bool b = false;
558 			char *qp;
559 			char obuf[MAXLINE];
560 
561 			if (e->e_from.q_mailer != NULL)
562 				p = e->e_from.q_mailer->m_addrtype;
563 			if (p == NULL)
564 				p = "rfc822";
565 			(void) sm_strlcpyn(obuf, sizeof obuf, 2, p, ";");
566 
567 			qp = q->q_paddr;
568 
569 			/* FFR: Needs to strip comments from stdin addrs */
570 
571 			/* strip brackets from address */
572 			if (*qp == '<')
573 			{
574 				b = qp[strlen(qp) - 1] == '>';
575 				if (b)
576 					qp[strlen(qp) - 1] = '\0';
577 				qp++;
578 			}
579 
580 			p = xtextify(denlstring(qp, true, false), NULL);
581 
582 			if (sm_strlcat(obuf, p, sizeof obuf) >= sizeof obuf)
583 			{
584 				/* if too big, don't use it */
585 				obuf[0] = '\0';
586 			}
587 
588 			/* undo damage */
589 			if (b)
590 				qp[strlen(qp)] = '>';
591 
592 			if (obuf[0] != '\0')
593 				new->q_orcpt =
594 					sm_rpool_strdup_x(e->e_rpool, obuf);
595 		}
596 	}
597 #endif /* _FFR_GEN_ORCPT */
598 
599 	/* break aliasing loops */
600 	if (aliaslevel > MaxAliasRecursion)
601 	{
602 		new->q_state = QS_BADADDR;
603 		new->q_status = "5.4.6";
604 		usrerrenh(new->q_status,
605 			  "554 aliasing/forwarding loop broken (%d aliases deep; %d max)",
606 			  aliaslevel, MaxAliasRecursion);
607 		return new;
608 	}
609 
610 	/*
611 	**  Finish setting up address structure.
612 	*/
613 
614 	/* get unquoted user for file, program or user.name check */
615 	i = strlen(new->q_user);
616 	if (i >= sizeof buf0)
617 	{
618 		buflen = i + 1;
619 		buf = xalloc(buflen);
620 	}
621 	else
622 	{
623 		buf = buf0;
624 		buflen = sizeof buf0;
625 	}
626 	(void) sm_strlcpy(buf, new->q_user, buflen);
627 	for (p = buf; *p != '\0' && !quoted; p++)
628 	{
629 		if (*p == '\\')
630 			quoted = true;
631 	}
632 	stripquotes(buf);
633 
634 	/* check for direct mailing to restricted mailers */
635 	if (m == ProgMailer)
636 	{
637 		if (new->q_alias == NULL || UseMSP ||
638 		    bitset(EF_UNSAFE, e->e_flags))
639 		{
640 			new->q_state = QS_BADADDR;
641 			new->q_status = "5.7.1";
642 			usrerrenh(new->q_status,
643 				  "550 Cannot mail directly to programs");
644 		}
645 		else if (bitset(QBOGUSSHELL, new->q_alias->q_flags))
646 		{
647 			new->q_state = QS_BADADDR;
648 			new->q_status = "5.7.1";
649 			if (new->q_alias->q_ruser == NULL)
650 				usrerrenh(new->q_status,
651 					  "550 UID %d is an unknown user: cannot mail to programs",
652 					  new->q_alias->q_uid);
653 			else
654 				usrerrenh(new->q_status,
655 					  "550 User %s@%s doesn't have a valid shell for mailing to programs",
656 					  new->q_alias->q_ruser, MyHostName);
657 		}
658 		else if (bitset(QUNSAFEADDR, new->q_alias->q_flags))
659 		{
660 			new->q_state = QS_BADADDR;
661 			new->q_status = "5.7.1";
662 			new->q_rstatus = "550 Unsafe for mailing to programs";
663 			usrerrenh(new->q_status,
664 				  "550 Address %s is unsafe for mailing to programs",
665 				  new->q_alias->q_paddr);
666 		}
667 	}
668 
669 	/*
670 	**  Look up this person in the recipient list.
671 	**	If they are there already, return, otherwise continue.
672 	**	If the list is empty, just add it.  Notice the cute
673 	**	hack to make from addresses suppress things correctly:
674 	**	the QS_DUPLICATE state will be set in the send list.
675 	**	[Please note: the emphasis is on "hack."]
676 	*/
677 
678 	prev = NULL;
679 
680 	/*
681 	**  If this message is going to the queue or FastSplit is set
682 	**  and it is the first try and the envelope hasn't split, then we
683 	**  avoid doing an MX RR lookup now because one will be done when the
684 	**  message is extracted from the queue later. It can go to the queue
685 	**  because all messages are going to the queue or this mailer of
686 	**  the current recipient is marked expensive.
687 	*/
688 
689 	if (UseMSP || WILL_BE_QUEUED(e->e_sendmode) ||
690 	    (!bitset(EF_SPLIT, e->e_flags) && e->e_ntries == 0 &&
691 	     FastSplit > 0))
692 		sortfn = sorthost;
693 	else if (NoConnect && bitnset(M_EXPENSIVE, new->q_mailer->m_flags))
694 		sortfn = sortexpensive;
695 	else
696 		sortfn = sortbysignature;
697 
698 	for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
699 	{
700 		/*
701 		**  If address is "less than" it should be inserted now.
702 		**  If address is "greater than" current comparison it'll
703 		**  insert later in the list; so loop again (if possible).
704 		**  If address is "equal" (different equal than sameaddr()
705 		**  call) then check if sameaddr() will be true.
706 		**  Because this list is now sorted, it'll mean fewer
707 		**  comparisons and fewer loops which is important for more
708 		**  recipients.
709 		*/
710 
711 		i = (*sortfn)(new, q);
712 		if (i == 0) /* equal */
713 		{
714 			/*
715 			**  Sortbysignature() has said that the two have
716 			**  equal MX RR's and the same user. Calling sameaddr()
717 			**  now checks if the two hosts are as identical as the
718 			**  MX RR's are (which might not be the case)
719 			**  before saying these are the identical addresses.
720 			*/
721 
722 			if (sameaddr(q, new) &&
723 			    (bitset(QRCPTOK, q->q_flags) ||
724 			     !bitset(QPRIMARY, q->q_flags)))
725 			{
726 				if (tTd(26, 1))
727 				{
728 					sm_dprintf("%s in sendq: ",
729 						   new->q_paddr);
730 					printaddr(sm_debug_file(), q, false);
731 				}
732 				if (!bitset(QPRIMARY, q->q_flags))
733 				{
734 					if (!QS_IS_DEAD(new->q_state))
735 						message("duplicate suppressed");
736 					else
737 						q->q_state = QS_DUPLICATE;
738 					q->q_flags |= new->q_flags;
739 				}
740 				else if (bitset(QSELFREF, q->q_flags)
741 					 || q->q_state == QS_REMOVED)
742 				{
743 					/*
744 					**  If an earlier milter removed the
745 					**  address, a later one can still add
746 					**  it back.
747 					*/
748 
749 					q->q_state = new->q_state;
750 					q->q_flags |= new->q_flags;
751 				}
752 				new = q;
753 				goto done;
754 			}
755 		}
756 		else if (i < 0) /* less than */
757 		{
758 			insert = true;
759 			break;
760 		}
761 		prev = pq;
762 	}
763 
764 	/* pq should point to an address, never NULL */
765 	SM_ASSERT(pq != NULL);
766 
767 	/* add address on list */
768 	if (insert)
769 	{
770 		/*
771 		**  insert before 'pq'. Only possible when at least 1
772 		**  ADDRESS is in the list already.
773 		*/
774 
775 		new->q_next = *pq;
776 		if (prev == NULL)
777 			*sendq = new; /* To be the first ADDRESS */
778 		else
779 			(*prev)->q_next = new;
780 	}
781 	else
782 	{
783 		/*
784 		**  Place in list at current 'pq' position. Possible
785 		**  when there are 0 or more ADDRESS's in the list.
786 		*/
787 
788 		new->q_next = NULL;
789 		*pq = new;
790 	}
791 
792 	/* added a new address: clear split flag */
793 	e->e_flags &= ~EF_SPLIT;
794 
795 	/*
796 	**  Alias the name and handle special mailer types.
797 	*/
798 
799   trylocaluser:
800 	if (tTd(29, 7))
801 	{
802 		sm_dprintf("at trylocaluser: ");
803 		printaddr(sm_debug_file(), new, false);
804 	}
805 
806 	if (!QS_IS_OK(new->q_state))
807 	{
808 		if (QS_IS_UNDELIVERED(new->q_state))
809 			e->e_nrcpts++;
810 		goto testselfdestruct;
811 	}
812 
813 	if (m == InclMailer)
814 	{
815 		new->q_state = QS_INCLUDED;
816 		if (new->q_alias == NULL || UseMSP ||
817 		    bitset(EF_UNSAFE, e->e_flags))
818 		{
819 			new->q_state = QS_BADADDR;
820 			new->q_status = "5.7.1";
821 			usrerrenh(new->q_status,
822 				  "550 Cannot mail directly to :include:s");
823 		}
824 		else
825 		{
826 			int ret;
827 
828 			message("including file %s", new->q_user);
829 			ret = include(new->q_user, false, new,
830 				      sendq, aliaslevel, e);
831 			if (transienterror(ret))
832 			{
833 				if (LogLevel > 2)
834 					sm_syslog(LOG_ERR, e->e_id,
835 						  "include %s: transient error: %s",
836 						  shortenstring(new->q_user,
837 								MAXSHORTSTR),
838 								sm_errstring(ret));
839 				new->q_state = QS_QUEUEUP;
840 				usrerr("451 4.2.4 Cannot open %s: %s",
841 					shortenstring(new->q_user,
842 						      MAXSHORTSTR),
843 					sm_errstring(ret));
844 			}
845 			else if (ret != 0)
846 			{
847 				new->q_state = QS_BADADDR;
848 				new->q_status = "5.2.4";
849 				usrerrenh(new->q_status,
850 					  "550 Cannot open %s: %s",
851 					  shortenstring(new->q_user,
852 							MAXSHORTSTR),
853 					  sm_errstring(ret));
854 			}
855 		}
856 	}
857 	else if (m == FileMailer)
858 	{
859 		/* check if allowed */
860 		if (new->q_alias == NULL || UseMSP ||
861 		    bitset(EF_UNSAFE, e->e_flags))
862 		{
863 			new->q_state = QS_BADADDR;
864 			new->q_status = "5.7.1";
865 			usrerrenh(new->q_status,
866 				  "550 Cannot mail directly to files");
867 		}
868 		else if (bitset(QBOGUSSHELL, new->q_alias->q_flags))
869 		{
870 			new->q_state = QS_BADADDR;
871 			new->q_status = "5.7.1";
872 			if (new->q_alias->q_ruser == NULL)
873 				usrerrenh(new->q_status,
874 					  "550 UID %d is an unknown user: cannot mail to files",
875 					  new->q_alias->q_uid);
876 			else
877 				usrerrenh(new->q_status,
878 					  "550 User %s@%s doesn't have a valid shell for mailing to files",
879 					  new->q_alias->q_ruser, MyHostName);
880 		}
881 		else if (bitset(QUNSAFEADDR, new->q_alias->q_flags))
882 		{
883 			new->q_state = QS_BADADDR;
884 			new->q_status = "5.7.1";
885 			new->q_rstatus = "550 Unsafe for mailing to files";
886 			usrerrenh(new->q_status,
887 				  "550 Address %s is unsafe for mailing to files",
888 				  new->q_alias->q_paddr);
889 		}
890 	}
891 
892 	/* try aliasing */
893 	if (!quoted && QS_IS_OK(new->q_state) &&
894 	    bitnset(M_ALIASABLE, m->m_flags))
895 		alias(new, sendq, aliaslevel, e);
896 
897 #if USERDB
898 	/* if not aliased, look it up in the user database */
899 	if (!bitset(QNOTREMOTE, new->q_flags) &&
900 	    QS_IS_SENDABLE(new->q_state) &&
901 	    bitnset(M_CHECKUDB, m->m_flags))
902 	{
903 		if (udbexpand(new, sendq, aliaslevel, e) == EX_TEMPFAIL)
904 		{
905 			new->q_state = QS_QUEUEUP;
906 			if (e->e_message == NULL)
907 				e->e_message = "Deferred: user database error";
908 			if (new->q_message == NULL)
909 				new->q_message = "Deferred: user database error";
910 			if (LogLevel > 8)
911 				sm_syslog(LOG_INFO, e->e_id,
912 					  "deferred: udbexpand: %s",
913 					  sm_errstring(errno));
914 			message("queued (user database error): %s",
915 				sm_errstring(errno));
916 			e->e_nrcpts++;
917 			goto testselfdestruct;
918 		}
919 	}
920 #endif /* USERDB */
921 
922 	/*
923 	**  If we have a level two config file, then pass the name through
924 	**  Ruleset 5 before sending it off.  Ruleset 5 has the right
925 	**  to rewrite it to another mailer.  This gives us a hook
926 	**  after local aliasing has been done.
927 	*/
928 
929 	if (tTd(29, 5))
930 	{
931 		sm_dprintf("recipient: testing local?  cl=%d, rr5=%p\n\t",
932 			   ConfigLevel, RewriteRules[5]);
933 		printaddr(sm_debug_file(), new, false);
934 	}
935 	if (ConfigLevel >= 2 && RewriteRules[5] != NULL &&
936 	    bitnset(M_TRYRULESET5, m->m_flags) &&
937 	    !bitset(QNOTREMOTE, new->q_flags) &&
938 	    QS_IS_OK(new->q_state))
939 	{
940 		maplocaluser(new, sendq, aliaslevel + 1, e);
941 	}
942 
943 	/*
944 	**  If it didn't get rewritten to another mailer, go ahead
945 	**  and deliver it.
946 	*/
947 
948 	if (QS_IS_OK(new->q_state) &&
949 	    bitnset(M_HASPWENT, m->m_flags))
950 	{
951 		auto bool fuzzy;
952 		SM_MBDB_T user;
953 		int status;
954 
955 		/* warning -- finduser may trash buf */
956 		status = finduser(buf, &fuzzy, &user);
957 		switch (status)
958 		{
959 		  case EX_TEMPFAIL:
960 			new->q_state = QS_QUEUEUP;
961 			new->q_status = "4.5.2";
962 			giveresponse(EX_TEMPFAIL, new->q_status, m, NULL,
963 				     new->q_alias, (time_t) 0, e, new);
964 			break;
965 		  default:
966 			new->q_state = QS_BADADDR;
967 			new->q_status = "5.1.1";
968 			new->q_rstatus = "550 5.1.1 User unknown";
969 			giveresponse(EX_NOUSER, new->q_status, m, NULL,
970 				     new->q_alias, (time_t) 0, e, new);
971 			break;
972 		  case EX_OK:
973 			if (fuzzy)
974 			{
975 				/* name was a fuzzy match */
976 				new->q_user = sm_rpool_strdup_x(e->e_rpool,
977 								user.mbdb_name);
978 				if (findusercount++ > 3)
979 				{
980 					new->q_state = QS_BADADDR;
981 					new->q_status = "5.4.6";
982 					usrerrenh(new->q_status,
983 						  "554 aliasing/forwarding loop for %s broken",
984 						  user.mbdb_name);
985 					goto done;
986 				}
987 
988 				/* see if it aliases */
989 				(void) sm_strlcpy(buf, user.mbdb_name, buflen);
990 				goto trylocaluser;
991 			}
992 			if (*user.mbdb_homedir == '\0')
993 				new->q_home = NULL;
994 			else if (strcmp(user.mbdb_homedir, "/") == 0)
995 				new->q_home = "";
996 			else
997 				new->q_home = sm_rpool_strdup_x(e->e_rpool,
998 							user.mbdb_homedir);
999 			if (user.mbdb_uid != SM_NO_UID)
1000 			{
1001 				new->q_uid = user.mbdb_uid;
1002 				new->q_gid = user.mbdb_gid;
1003 				new->q_flags |= QGOODUID;
1004 			}
1005 			new->q_ruser = sm_rpool_strdup_x(e->e_rpool,
1006 							 user.mbdb_name);
1007 			if (user.mbdb_fullname[0] != '\0')
1008 				new->q_fullname = sm_rpool_strdup_x(e->e_rpool,
1009 							user.mbdb_fullname);
1010 			if (!usershellok(user.mbdb_name, user.mbdb_shell))
1011 			{
1012 				new->q_flags |= QBOGUSSHELL;
1013 			}
1014 			if (bitset(EF_VRFYONLY, e->e_flags))
1015 			{
1016 				/* don't do any more now */
1017 				new->q_state = QS_VERIFIED;
1018 			}
1019 			else if (!quoted)
1020 				forward(new, sendq, aliaslevel, e);
1021 		}
1022 	}
1023 	if (!QS_IS_DEAD(new->q_state))
1024 		e->e_nrcpts++;
1025 
1026   testselfdestruct:
1027 	new->q_flags |= QTHISPASS;
1028 	if (tTd(26, 8))
1029 	{
1030 		sm_dprintf("testselfdestruct: ");
1031 		printaddr(sm_debug_file(), new, false);
1032 		if (tTd(26, 10))
1033 		{
1034 			sm_dprintf("SENDQ:\n");
1035 			printaddr(sm_debug_file(), *sendq, true);
1036 			sm_dprintf("----\n");
1037 		}
1038 	}
1039 	if (new->q_alias == NULL && new != &e->e_from &&
1040 	    QS_IS_DEAD(new->q_state))
1041 	{
1042 		for (q = *sendq; q != NULL; q = q->q_next)
1043 		{
1044 			if (!QS_IS_DEAD(q->q_state))
1045 				break;
1046 		}
1047 		if (q == NULL)
1048 		{
1049 			new->q_state = QS_BADADDR;
1050 			new->q_status = "5.4.6";
1051 			usrerrenh(new->q_status,
1052 				  "554 aliasing/forwarding loop broken");
1053 		}
1054 	}
1055 
1056   done:
1057 	new->q_flags |= QTHISPASS;
1058 	if (buf != buf0)
1059 		sm_free(buf); /* XXX leak if above code raises exception */
1060 
1061 	/*
1062 	**  If we are at the top level, check to see if this has
1063 	**  expanded to exactly one address.  If so, it can inherit
1064 	**  the primaryness of the address.
1065 	**
1066 	**  While we're at it, clear the QTHISPASS bits.
1067 	*/
1068 
1069 	if (aliaslevel == 0)
1070 	{
1071 		int nrcpts = 0;
1072 		ADDRESS *only = NULL;
1073 
1074 		for (q = *sendq; q != NULL; q = q->q_next)
1075 		{
1076 			if (bitset(QTHISPASS, q->q_flags) &&
1077 			    QS_IS_SENDABLE(q->q_state))
1078 			{
1079 				nrcpts++;
1080 				only = q;
1081 			}
1082 			q->q_flags &= ~QTHISPASS;
1083 		}
1084 		if (nrcpts == 1)
1085 		{
1086 			/* check to see if this actually got a new owner */
1087 			q = only;
1088 			while ((q = q->q_alias) != NULL)
1089 			{
1090 				if (q->q_owner != NULL)
1091 					break;
1092 			}
1093 			if (q == NULL)
1094 				only->q_flags |= QPRIMARY;
1095 		}
1096 		else if (!initialdontsend && nrcpts > 0)
1097 		{
1098 			/* arrange for return receipt */
1099 			e->e_flags |= EF_SENDRECEIPT;
1100 			new->q_flags |= QEXPANDED;
1101 			if (e->e_xfp != NULL &&
1102 			    bitset(QPINGONSUCCESS, new->q_flags))
1103 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
1104 						     "%s... expanded to multiple addresses\n",
1105 						     new->q_paddr);
1106 		}
1107 	}
1108 	new->q_flags |= QRCPTOK;
1109 	(void) sm_snprintf(buf0, sizeof buf0, "%d", e->e_nrcpts);
1110 	macdefine(&e->e_macro, A_TEMP, macid("{nrcpts}"), buf0);
1111 	return new;
1112 }
1113 /*
1114 **  FINDUSER -- find the password entry for a user.
1115 **
1116 **	This looks a lot like getpwnam, except that it may want to
1117 **	do some fancier pattern matching in /etc/passwd.
1118 **
1119 **	This routine contains most of the time of many sendmail runs.
1120 **	It deserves to be optimized.
1121 **
1122 **	Parameters:
1123 **		name -- the name to match against.
1124 **		fuzzyp -- an outarg that is set to true if this entry
1125 **			was found using the fuzzy matching algorithm;
1126 **			set to false otherwise.
1127 **		user -- structure to fill in if user is found
1128 **
1129 **	Returns:
1130 **		On success, fill in *user, set *fuzzyp and return EX_OK.
1131 **		If the user was not found, return EX_NOUSER.
1132 **		On error, return EX_TEMPFAIL or EX_OSERR.
1133 **
1134 **	Side Effects:
1135 **		may modify name.
1136 */
1137 
1138 int
1139 finduser(name, fuzzyp, user)
1140 	char *name;
1141 	bool *fuzzyp;
1142 	SM_MBDB_T *user;
1143 {
1144 #if MATCHGECOS
1145 	register struct passwd *pw;
1146 #endif /* MATCHGECOS */
1147 	register char *p;
1148 	bool tryagain;
1149 	int status;
1150 
1151 	if (tTd(29, 4))
1152 		sm_dprintf("finduser(%s): ", name);
1153 
1154 	*fuzzyp = false;
1155 
1156 #if HESIOD
1157 	/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
1158 	for (p = name; *p != '\0'; p++)
1159 		if (!isascii(*p) || !isdigit(*p))
1160 			break;
1161 	if (*p == '\0')
1162 	{
1163 		if (tTd(29, 4))
1164 			sm_dprintf("failed (numeric input)\n");
1165 		return EX_NOUSER;
1166 	}
1167 #endif /* HESIOD */
1168 
1169 	/* look up this login name using fast path */
1170 	status = sm_mbdb_lookup(name, user);
1171 	if (status != EX_NOUSER)
1172 	{
1173 		if (tTd(29, 4))
1174 			sm_dprintf("%s (non-fuzzy)\n", sm_strexit(status));
1175 		return status;
1176 	}
1177 
1178 	/* try mapping it to lower case */
1179 	tryagain = false;
1180 	for (p = name; *p != '\0'; p++)
1181 	{
1182 		if (isascii(*p) && isupper(*p))
1183 		{
1184 			*p = tolower(*p);
1185 			tryagain = true;
1186 		}
1187 	}
1188 	if (tryagain && (status = sm_mbdb_lookup(name, user)) != EX_NOUSER)
1189 	{
1190 		if (tTd(29, 4))
1191 			sm_dprintf("%s (lower case)\n", sm_strexit(status));
1192 		*fuzzyp = true;
1193 		return status;
1194 	}
1195 
1196 #if MATCHGECOS
1197 	/* see if fuzzy matching allowed */
1198 	if (!MatchGecos)
1199 	{
1200 		if (tTd(29, 4))
1201 			sm_dprintf("not found (fuzzy disabled)\n");
1202 		return EX_NOUSER;
1203 	}
1204 
1205 	/* search for a matching full name instead */
1206 	for (p = name; *p != '\0'; p++)
1207 	{
1208 		if (*p == (SpaceSub & 0177) || *p == '_')
1209 			*p = ' ';
1210 	}
1211 	(void) setpwent();
1212 	while ((pw = getpwent()) != NULL)
1213 	{
1214 		char buf[MAXNAME + 1];
1215 
1216 # if 0
1217 		if (sm_strcasecmp(pw->pw_name, name) == 0)
1218 		{
1219 			if (tTd(29, 4))
1220 				sm_dprintf("found (case wrapped)\n");
1221 			break;
1222 		}
1223 # endif /* 0 */
1224 
1225 		sm_pwfullname(pw->pw_gecos, pw->pw_name, buf, sizeof buf);
1226 		if (strchr(buf, ' ') != NULL && sm_strcasecmp(buf, name) == 0)
1227 		{
1228 			if (tTd(29, 4))
1229 				sm_dprintf("fuzzy matches %s\n", pw->pw_name);
1230 			message("sending to login name %s", pw->pw_name);
1231 			break;
1232 		}
1233 	}
1234 	if (pw != NULL)
1235 		*fuzzyp = true;
1236 	else if (tTd(29, 4))
1237 		sm_dprintf("no fuzzy match found\n");
1238 # if DEC_OSF_BROKEN_GETPWENT	/* DEC OSF/1 3.2 or earlier */
1239 	endpwent();
1240 # endif /* DEC_OSF_BROKEN_GETPWENT */
1241 	if (pw == NULL)
1242 		return EX_NOUSER;
1243 	sm_mbdb_frompw(user, pw);
1244 	return EX_OK;
1245 #else /* MATCHGECOS */
1246 	if (tTd(29, 4))
1247 		sm_dprintf("not found (fuzzy disabled)\n");
1248 	return EX_NOUSER;
1249 #endif /* MATCHGECOS */
1250 }
1251 /*
1252 **  WRITABLE -- predicate returning if the file is writable.
1253 **
1254 **	This routine must duplicate the algorithm in sys/fio.c.
1255 **	Unfortunately, we cannot use the access call since we
1256 **	won't necessarily be the real uid when we try to
1257 **	actually open the file.
1258 **
1259 **	Notice that ANY file with ANY execute bit is automatically
1260 **	not writable.  This is also enforced by mailfile.
1261 **
1262 **	Parameters:
1263 **		filename -- the file name to check.
1264 **		ctladdr -- the controlling address for this file.
1265 **		flags -- SFF_* flags to control the function.
1266 **
1267 **	Returns:
1268 **		true -- if we will be able to write this file.
1269 **		false -- if we cannot write this file.
1270 **
1271 **	Side Effects:
1272 **		none.
1273 */
1274 
1275 bool
1276 writable(filename, ctladdr, flags)
1277 	char *filename;
1278 	ADDRESS *ctladdr;
1279 	long flags;
1280 {
1281 	uid_t euid = 0;
1282 	gid_t egid = 0;
1283 	char *user = NULL;
1284 
1285 	if (tTd(44, 5))
1286 		sm_dprintf("writable(%s, 0x%lx)\n", filename, flags);
1287 
1288 	/*
1289 	**  File does exist -- check that it is writable.
1290 	*/
1291 
1292 	if (geteuid() != 0)
1293 	{
1294 		euid = geteuid();
1295 		egid = getegid();
1296 		user = NULL;
1297 	}
1298 	else if (ctladdr != NULL)
1299 	{
1300 		euid = ctladdr->q_uid;
1301 		egid = ctladdr->q_gid;
1302 		user = ctladdr->q_user;
1303 	}
1304 	else if (bitset(SFF_RUNASREALUID, flags))
1305 	{
1306 		euid = RealUid;
1307 		egid = RealGid;
1308 		user = RealUserName;
1309 	}
1310 	else if (FileMailer != NULL && !bitset(SFF_ROOTOK, flags))
1311 	{
1312 		if (FileMailer->m_uid == NO_UID)
1313 		{
1314 			euid = DefUid;
1315 			user = DefUser;
1316 		}
1317 		else
1318 		{
1319 			euid = FileMailer->m_uid;
1320 			user = NULL;
1321 		}
1322 		if (FileMailer->m_gid == NO_GID)
1323 			egid = DefGid;
1324 		else
1325 			egid = FileMailer->m_gid;
1326 	}
1327 	else
1328 	{
1329 		euid = egid = 0;
1330 		user = NULL;
1331 	}
1332 	if (!bitset(SFF_ROOTOK, flags))
1333 	{
1334 		if (euid == 0)
1335 		{
1336 			euid = DefUid;
1337 			user = DefUser;
1338 		}
1339 		if (egid == 0)
1340 			egid = DefGid;
1341 	}
1342 	if (geteuid() == 0 &&
1343 	    (ctladdr == NULL || !bitset(QGOODUID, ctladdr->q_flags)))
1344 		flags |= SFF_SETUIDOK;
1345 
1346 	if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
1347 		flags |= SFF_NOSLINK;
1348 	if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
1349 		flags |= SFF_NOHLINK;
1350 
1351 	errno = safefile(filename, euid, egid, user, flags, S_IWRITE, NULL);
1352 	return errno == 0;
1353 }
1354 /*
1355 **  INCLUDE -- handle :include: specification.
1356 **
1357 **	Parameters:
1358 **		fname -- filename to include.
1359 **		forwarding -- if true, we are reading a .forward file.
1360 **			if false, it's a :include: file.
1361 **		ctladdr -- address template to use to fill in these
1362 **			addresses -- effective user/group id are
1363 **			the important things.
1364 **		sendq -- a pointer to the head of the send queue
1365 **			to put these addresses in.
1366 **		aliaslevel -- the alias nesting depth.
1367 **		e -- the current envelope.
1368 **
1369 **	Returns:
1370 **		open error status
1371 **
1372 **	Side Effects:
1373 **		reads the :include: file and sends to everyone
1374 **		listed in that file.
1375 **
1376 **	Security Note:
1377 **		If you have restricted chown (that is, you can't
1378 **		give a file away), it is reasonable to allow programs
1379 **		and files called from this :include: file to be to be
1380 **		run as the owner of the :include: file.  This is bogus
1381 **		if there is any chance of someone giving away a file.
1382 **		We assume that pre-POSIX systems can give away files.
1383 **
1384 **		There is an additional restriction that if you
1385 **		forward to a :include: file, it will not take on
1386 **		the ownership of the :include: file.  This may not
1387 **		be necessary, but shouldn't hurt.
1388 */
1389 
1390 static jmp_buf	CtxIncludeTimeout;
1391 
1392 int
1393 include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
1394 	char *fname;
1395 	bool forwarding;
1396 	ADDRESS *ctladdr;
1397 	ADDRESS **sendq;
1398 	int aliaslevel;
1399 	ENVELOPE *e;
1400 {
1401 	SM_FILE_T *volatile fp = NULL;
1402 	char *oldto = e->e_to;
1403 	char *oldfilename = FileName;
1404 	int oldlinenumber = LineNumber;
1405 	register SM_EVENT *ev = NULL;
1406 	int nincludes;
1407 	int mode;
1408 	volatile bool maxreached = false;
1409 	register ADDRESS *ca;
1410 	volatile uid_t saveduid;
1411 	volatile gid_t savedgid;
1412 	volatile uid_t uid;
1413 	volatile gid_t gid;
1414 	char *volatile user;
1415 	int rval = 0;
1416 	volatile long sfflags = SFF_REGONLY;
1417 	register char *p;
1418 	bool safechown = false;
1419 	volatile bool safedir = false;
1420 	struct stat st;
1421 	char buf[MAXLINE];
1422 
1423 	if (tTd(27, 2))
1424 		sm_dprintf("include(%s)\n", fname);
1425 	if (tTd(27, 4))
1426 		sm_dprintf("   ruid=%d euid=%d\n",
1427 			(int) getuid(), (int) geteuid());
1428 	if (tTd(27, 14))
1429 	{
1430 		sm_dprintf("ctladdr ");
1431 		printaddr(sm_debug_file(), ctladdr, false);
1432 	}
1433 
1434 	if (tTd(27, 9))
1435 		sm_dprintf("include: old uid = %d/%d\n",
1436 			   (int) getuid(), (int) geteuid());
1437 
1438 	if (forwarding)
1439 	{
1440 		sfflags |= SFF_MUSTOWN|SFF_ROOTOK;
1441 		if (!bitnset(DBS_GROUPWRITABLEFORWARDFILE, DontBlameSendmail))
1442 			sfflags |= SFF_NOGWFILES;
1443 		if (!bitnset(DBS_WORLDWRITABLEFORWARDFILE, DontBlameSendmail))
1444 			sfflags |= SFF_NOWWFILES;
1445 	}
1446 	else
1447 	{
1448 		if (!bitnset(DBS_GROUPWRITABLEINCLUDEFILE, DontBlameSendmail))
1449 			sfflags |= SFF_NOGWFILES;
1450 		if (!bitnset(DBS_WORLDWRITABLEINCLUDEFILE, DontBlameSendmail))
1451 			sfflags |= SFF_NOWWFILES;
1452 	}
1453 
1454 	/*
1455 	**  If RunAsUser set, won't be able to run programs as user
1456 	**  so mark them as unsafe unless the administrator knows better.
1457 	*/
1458 
1459 	if ((geteuid() != 0 || RunAsUid != 0) &&
1460 	    !bitnset(DBS_NONROOTSAFEADDR, DontBlameSendmail))
1461 	{
1462 		if (tTd(27, 4))
1463 			sm_dprintf("include: not safe (euid=%d, RunAsUid=%d)\n",
1464 				   (int) geteuid(), (int) RunAsUid);
1465 		ctladdr->q_flags |= QUNSAFEADDR;
1466 	}
1467 
1468 	ca = getctladdr(ctladdr);
1469 	if (ca == NULL ||
1470 	    (ca->q_uid == DefUid && ca->q_gid == 0))
1471 	{
1472 		uid = DefUid;
1473 		gid = DefGid;
1474 		user = DefUser;
1475 	}
1476 	else
1477 	{
1478 		uid = ca->q_uid;
1479 		gid = ca->q_gid;
1480 		user = ca->q_user;
1481 	}
1482 #if MAILER_SETUID_METHOD != USE_SETUID
1483 	saveduid = geteuid();
1484 	savedgid = getegid();
1485 	if (saveduid == 0)
1486 	{
1487 		if (!DontInitGroups)
1488 		{
1489 			if (initgroups(user, gid) == -1)
1490 			{
1491 				rval = EAGAIN;
1492 				syserr("include: initgroups(%s, %d) failed",
1493 					user, gid);
1494 				goto resetuid;
1495 			}
1496 		}
1497 		else
1498 		{
1499 			GIDSET_T gidset[1];
1500 
1501 			gidset[0] = gid;
1502 			if (setgroups(1, gidset) == -1)
1503 			{
1504 				rval = EAGAIN;
1505 				syserr("include: setgroups() failed");
1506 				goto resetuid;
1507 			}
1508 		}
1509 
1510 		if (gid != 0 && setgid(gid) < -1)
1511 		{
1512 			rval = EAGAIN;
1513 			syserr("setgid(%d) failure", gid);
1514 			goto resetuid;
1515 		}
1516 		if (uid != 0)
1517 		{
1518 # if MAILER_SETUID_METHOD == USE_SETEUID
1519 			if (seteuid(uid) < 0)
1520 			{
1521 				rval = EAGAIN;
1522 				syserr("seteuid(%d) failure (real=%d, eff=%d)",
1523 					uid, (int) getuid(), (int) geteuid());
1524 				goto resetuid;
1525 			}
1526 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
1527 # if MAILER_SETUID_METHOD == USE_SETREUID
1528 			if (setreuid(0, uid) < 0)
1529 			{
1530 				rval = EAGAIN;
1531 				syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
1532 					uid, (int) getuid(), (int) geteuid());
1533 				goto resetuid;
1534 			}
1535 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
1536 		}
1537 	}
1538 #endif /* MAILER_SETUID_METHOD != USE_SETUID */
1539 
1540 	if (tTd(27, 9))
1541 		sm_dprintf("include: new uid = %d/%d\n",
1542 			   (int) getuid(), (int) geteuid());
1543 
1544 	/*
1545 	**  If home directory is remote mounted but server is down,
1546 	**  this can hang or give errors; use a timeout to avoid this
1547 	*/
1548 
1549 	if (setjmp(CtxIncludeTimeout) != 0)
1550 	{
1551 		ctladdr->q_state = QS_QUEUEUP;
1552 		errno = 0;
1553 
1554 		/* return pseudo-error code */
1555 		rval = E_SM_OPENTIMEOUT;
1556 		goto resetuid;
1557 	}
1558 	if (TimeOuts.to_fileopen > 0)
1559 		ev = sm_setevent(TimeOuts.to_fileopen, includetimeout, 0);
1560 	else
1561 		ev = NULL;
1562 
1563 
1564 	/* check for writable parent directory */
1565 	p = strrchr(fname, '/');
1566 	if (p != NULL)
1567 	{
1568 		int ret;
1569 
1570 		*p = '\0';
1571 		ret = safedirpath(fname, uid, gid, user,
1572 				  sfflags|SFF_SAFEDIRPATH, 0, 0);
1573 		if (ret == 0)
1574 		{
1575 			/* in safe directory: relax chown & link rules */
1576 			safedir = true;
1577 			sfflags |= SFF_NOPATHCHECK;
1578 		}
1579 		else
1580 		{
1581 			if (bitnset((forwarding ?
1582 				     DBS_FORWARDFILEINUNSAFEDIRPATH :
1583 				     DBS_INCLUDEFILEINUNSAFEDIRPATH),
1584 				    DontBlameSendmail))
1585 				sfflags |= SFF_NOPATHCHECK;
1586 			else if (bitnset((forwarding ?
1587 					  DBS_FORWARDFILEINGROUPWRITABLEDIRPATH :
1588 					  DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH),
1589 					 DontBlameSendmail) &&
1590 				 ret == E_SM_GWDIR)
1591 			{
1592 				setbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
1593 					DontBlameSendmail);
1594 				ret = safedirpath(fname, uid, gid, user,
1595 						  sfflags|SFF_SAFEDIRPATH,
1596 						  0, 0);
1597 				clrbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
1598 					DontBlameSendmail);
1599 				if (ret == 0)
1600 					sfflags |= SFF_NOPATHCHECK;
1601 				else
1602 					sfflags |= SFF_SAFEDIRPATH;
1603 			}
1604 			else
1605 				sfflags |= SFF_SAFEDIRPATH;
1606 			if (ret > E_PSEUDOBASE &&
1607 			    !bitnset((forwarding ?
1608 				      DBS_FORWARDFILEINUNSAFEDIRPATHSAFE :
1609 				      DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE),
1610 				     DontBlameSendmail))
1611 			{
1612 				if (LogLevel > 11)
1613 					sm_syslog(LOG_INFO, e->e_id,
1614 						  "%s: unsafe directory path, marked unsafe",
1615 						  shortenstring(fname, MAXSHORTSTR));
1616 				ctladdr->q_flags |= QUNSAFEADDR;
1617 			}
1618 		}
1619 		*p = '/';
1620 	}
1621 
1622 	/* allow links only in unwritable directories */
1623 	if (!safedir &&
1624 	    !bitnset((forwarding ?
1625 		      DBS_LINKEDFORWARDFILEINWRITABLEDIR :
1626 		      DBS_LINKEDINCLUDEFILEINWRITABLEDIR),
1627 		     DontBlameSendmail))
1628 		sfflags |= SFF_NOLINK;
1629 
1630 	rval = safefile(fname, uid, gid, user, sfflags, S_IREAD, &st);
1631 	if (rval != 0)
1632 	{
1633 		/* don't use this :include: file */
1634 		if (tTd(27, 4))
1635 			sm_dprintf("include: not safe (uid=%d): %s\n",
1636 				   (int) uid, sm_errstring(rval));
1637 	}
1638 	else if ((fp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, fname,
1639 				  SM_IO_RDONLY, NULL)) == NULL)
1640 	{
1641 		rval = errno;
1642 		if (tTd(27, 4))
1643 			sm_dprintf("include: open: %s\n", sm_errstring(rval));
1644 	}
1645 	else if (filechanged(fname, sm_io_getinfo(fp,SM_IO_WHAT_FD, NULL), &st))
1646 	{
1647 		rval = E_SM_FILECHANGE;
1648 		if (tTd(27, 4))
1649 			sm_dprintf("include: file changed after open\n");
1650 	}
1651 	if (ev != NULL)
1652 		sm_clrevent(ev);
1653 
1654 resetuid:
1655 
1656 #if HASSETREUID || USESETEUID
1657 	if (saveduid == 0)
1658 	{
1659 		if (uid != 0)
1660 		{
1661 # if USESETEUID
1662 			if (seteuid(0) < 0)
1663 				syserr("!seteuid(0) failure (real=%d, eff=%d)",
1664 				       (int) getuid(), (int) geteuid());
1665 # else /* USESETEUID */
1666 			if (setreuid(-1, 0) < 0)
1667 				syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
1668 				       (int) getuid(), (int) geteuid());
1669 			if (setreuid(RealUid, 0) < 0)
1670 				syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
1671 				       (int) RealUid, (int) getuid(),
1672 				       (int) geteuid());
1673 # endif /* USESETEUID */
1674 		}
1675 		if (setgid(savedgid) < 0)
1676 			syserr("!setgid(%d) failure (real=%d eff=%d)",
1677 			       (int) savedgid, (int) getgid(),
1678 			       (int) getegid());
1679 	}
1680 #endif /* HASSETREUID || USESETEUID */
1681 
1682 	if (tTd(27, 9))
1683 		sm_dprintf("include: reset uid = %d/%d\n",
1684 			   (int) getuid(), (int) geteuid());
1685 
1686 	if (rval == E_SM_OPENTIMEOUT)
1687 		usrerr("451 4.4.1 open timeout on %s", fname);
1688 
1689 	if (fp == NULL)
1690 		return rval;
1691 
1692 	if (fstat(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), &st) < 0)
1693 	{
1694 		rval = errno;
1695 		syserr("Cannot fstat %s!", fname);
1696 		(void) sm_io_close(fp, SM_TIME_DEFAULT);
1697 		return rval;
1698 	}
1699 
1700 	/* if path was writable, check to avoid file giveaway tricks */
1701 	safechown = chownsafe(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), safedir);
1702 	if (tTd(27, 6))
1703 		sm_dprintf("include: parent of %s is %s, chown is %ssafe\n",
1704 			   fname, safedir ? "safe" : "dangerous",
1705 			   safechown ? "" : "un");
1706 
1707 	/* if no controlling user or coming from an alias delivery */
1708 	if (safechown &&
1709 	    (ca == NULL ||
1710 	     (ca->q_uid == DefUid && ca->q_gid == 0)))
1711 	{
1712 		ctladdr->q_uid = st.st_uid;
1713 		ctladdr->q_gid = st.st_gid;
1714 		ctladdr->q_flags |= QGOODUID;
1715 	}
1716 	if (ca != NULL && ca->q_uid == st.st_uid)
1717 	{
1718 		/* optimization -- avoid getpwuid if we already have info */
1719 		ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL;
1720 		ctladdr->q_ruser = ca->q_ruser;
1721 	}
1722 	else if (!forwarding)
1723 	{
1724 		register struct passwd *pw;
1725 
1726 		pw = sm_getpwuid(st.st_uid);
1727 		if (pw == NULL)
1728 		{
1729 			ctladdr->q_uid = st.st_uid;
1730 			ctladdr->q_flags |= QBOGUSSHELL;
1731 		}
1732 		else
1733 		{
1734 			char *sh;
1735 
1736 			ctladdr->q_ruser = sm_rpool_strdup_x(e->e_rpool,
1737 							     pw->pw_name);
1738 			if (safechown)
1739 				sh = pw->pw_shell;
1740 			else
1741 				sh = "/SENDMAIL/ANY/SHELL/";
1742 			if (!usershellok(pw->pw_name, sh))
1743 			{
1744 				if (LogLevel > 11)
1745 					sm_syslog(LOG_INFO, e->e_id,
1746 						  "%s: user %s has bad shell %s, marked %s",
1747 						  shortenstring(fname,
1748 								MAXSHORTSTR),
1749 						  pw->pw_name, sh,
1750 						  safechown ? "bogus" : "unsafe");
1751 				if (safechown)
1752 					ctladdr->q_flags |= QBOGUSSHELL;
1753 				else
1754 					ctladdr->q_flags |= QUNSAFEADDR;
1755 			}
1756 		}
1757 	}
1758 
1759 	if (bitset(EF_VRFYONLY, e->e_flags))
1760 	{
1761 		/* don't do any more now */
1762 		ctladdr->q_state = QS_VERIFIED;
1763 		e->e_nrcpts++;
1764 		(void) sm_io_close(fp, SM_TIME_DEFAULT);
1765 		return rval;
1766 	}
1767 
1768 	/*
1769 	**  Check to see if some bad guy can write this file
1770 	**
1771 	**	Group write checking could be more clever, e.g.,
1772 	**	guessing as to which groups are actually safe ("sys"
1773 	**	may be; "user" probably is not).
1774 	*/
1775 
1776 	mode = S_IWOTH;
1777 	if (!bitnset((forwarding ?
1778 		      DBS_GROUPWRITABLEFORWARDFILESAFE :
1779 		      DBS_GROUPWRITABLEINCLUDEFILESAFE),
1780 		     DontBlameSendmail))
1781 		mode |= S_IWGRP;
1782 
1783 	if (bitset(mode, st.st_mode))
1784 	{
1785 		if (tTd(27, 6))
1786 			sm_dprintf("include: %s is %s writable, marked unsafe\n",
1787 				   shortenstring(fname, MAXSHORTSTR),
1788 				   bitset(S_IWOTH, st.st_mode) ? "world"
1789 							       : "group");
1790 		if (LogLevel > 11)
1791 			sm_syslog(LOG_INFO, e->e_id,
1792 				  "%s: %s writable %s file, marked unsafe",
1793 				  shortenstring(fname, MAXSHORTSTR),
1794 				  bitset(S_IWOTH, st.st_mode) ? "world" : "group",
1795 				  forwarding ? "forward" : ":include:");
1796 		ctladdr->q_flags |= QUNSAFEADDR;
1797 	}
1798 
1799 	/* read the file -- each line is a comma-separated list. */
1800 	FileName = fname;
1801 	LineNumber = 0;
1802 	ctladdr->q_flags &= ~QSELFREF;
1803 	nincludes = 0;
1804 	while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof buf) != NULL &&
1805 	       !maxreached)
1806 	{
1807 		fixcrlf(buf, true);
1808 		LineNumber++;
1809 		if (buf[0] == '#' || buf[0] == '\0')
1810 			continue;
1811 
1812 		/* <sp>#@# introduces a comment anywhere */
1813 		/* for Japanese character sets */
1814 		for (p = buf; (p = strchr(++p, '#')) != NULL; )
1815 		{
1816 			if (p[1] == '@' && p[2] == '#' &&
1817 			    isascii(p[-1]) && isspace(p[-1]) &&
1818 			    (p[3] == '\0' || (isascii(p[3]) && isspace(p[3]))))
1819 			{
1820 				--p;
1821 				while (p > buf && isascii(p[-1]) &&
1822 				       isspace(p[-1]))
1823 					--p;
1824 				p[0] = '\0';
1825 				break;
1826 			}
1827 		}
1828 		if (buf[0] == '\0')
1829 			continue;
1830 
1831 		e->e_to = NULL;
1832 		message("%s to %s",
1833 			forwarding ? "forwarding" : "sending", buf);
1834 		if (forwarding && LogLevel > 10)
1835 			sm_syslog(LOG_INFO, e->e_id,
1836 				  "forward %.200s => %s",
1837 				  oldto, shortenstring(buf, MAXSHORTSTR));
1838 
1839 		nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e);
1840 
1841 		if (forwarding &&
1842 		    MaxForwardEntries > 0 &&
1843 		    nincludes >= MaxForwardEntries)
1844 		{
1845 			/* just stop reading and processing further entries */
1846 #if 0
1847 			/* additional: (?) */
1848 			ctladdr->q_state = QS_DONTSEND;
1849 #endif /* 0 */
1850 
1851 			syserr("Attempt to forward to more than %d addresses (in %s)!",
1852 				MaxForwardEntries, fname);
1853 			maxreached = true;
1854 		}
1855 	}
1856 
1857 	if (sm_io_error(fp) && tTd(27, 3))
1858 		sm_dprintf("include: read error: %s\n", sm_errstring(errno));
1859 	if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
1860 	{
1861 		if (tTd(27, 5))
1862 		{
1863 			sm_dprintf("include: QS_DONTSEND ");
1864 			printaddr(sm_debug_file(), ctladdr, false);
1865 		}
1866 		ctladdr->q_state = QS_DONTSEND;
1867 	}
1868 
1869 	(void) sm_io_close(fp, SM_TIME_DEFAULT);
1870 	FileName = oldfilename;
1871 	LineNumber = oldlinenumber;
1872 	e->e_to = oldto;
1873 	return rval;
1874 }
1875 
1876 static void
1877 includetimeout()
1878 {
1879 	/*
1880 	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
1881 	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1882 	**	DOING.
1883 	*/
1884 
1885 	errno = ETIMEDOUT;
1886 	longjmp(CtxIncludeTimeout, 1);
1887 }
1888 /*
1889 **  SENDTOARGV -- send to an argument vector.
1890 **
1891 **	Parameters:
1892 **		argv -- argument vector to send to.
1893 **		e -- the current envelope.
1894 **
1895 **	Returns:
1896 **		none.
1897 **
1898 **	Side Effects:
1899 **		puts all addresses on the argument vector onto the
1900 **			send queue.
1901 */
1902 
1903 void
1904 sendtoargv(argv, e)
1905 	register char **argv;
1906 	register ENVELOPE *e;
1907 {
1908 	register char *p;
1909 
1910 	while ((p = *argv++) != NULL)
1911 		(void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e);
1912 }
1913 /*
1914 **  GETCTLADDR -- get controlling address from an address header.
1915 **
1916 **	If none, get one corresponding to the effective userid.
1917 **
1918 **	Parameters:
1919 **		a -- the address to find the controller of.
1920 **
1921 **	Returns:
1922 **		the controlling address.
1923 */
1924 
1925 ADDRESS *
1926 getctladdr(a)
1927 	register ADDRESS *a;
1928 {
1929 	while (a != NULL && !bitset(QGOODUID, a->q_flags))
1930 		a = a->q_alias;
1931 	return a;
1932 }
1933 /*
1934 **  SELF_REFERENCE -- check to see if an address references itself
1935 **
1936 **	The check is done through a chain of aliases.  If it is part of
1937 **	a loop, break the loop at the "best" address, that is, the one
1938 **	that exists as a real user.
1939 **
1940 **	This is to handle the case of:
1941 **		awc:		Andrew.Chang
1942 **		Andrew.Chang:	awc@mail.server
1943 **	which is a problem only on mail.server.
1944 **
1945 **	Parameters:
1946 **		a -- the address to check.
1947 **
1948 **	Returns:
1949 **		The address that should be retained.
1950 */
1951 
1952 static ADDRESS *
1953 self_reference(a)
1954 	ADDRESS *a;
1955 {
1956 	ADDRESS *b;		/* top entry in self ref loop */
1957 	ADDRESS *c;		/* entry that point to a real mail box */
1958 
1959 	if (tTd(27, 1))
1960 		sm_dprintf("self_reference(%s)\n", a->q_paddr);
1961 
1962 	for (b = a->q_alias; b != NULL; b = b->q_alias)
1963 	{
1964 		if (sameaddr(a, b))
1965 			break;
1966 	}
1967 
1968 	if (b == NULL)
1969 	{
1970 		if (tTd(27, 1))
1971 			sm_dprintf("\t... no self ref\n");
1972 		return NULL;
1973 	}
1974 
1975 	/*
1976 	**  Pick the first address that resolved to a real mail box
1977 	**  i.e has a mbdb entry.  The returned value will be marked
1978 	**  QSELFREF in recipient(), which in turn will disable alias()
1979 	**  from marking it as QS_IS_DEAD(), which mean it will be used
1980 	**  as a deliverable address.
1981 	**
1982 	**  The 2 key thing to note here are:
1983 	**	1) we are in a recursive call sequence:
1984 	**		alias->sendtolist->recipient->alias
1985 	**	2) normally, when we return back to alias(), the address
1986 	**	   will be marked QS_EXPANDED, since alias() assumes the
1987 	**	   expanded form will be used instead of the current address.
1988 	**	   This behaviour is turned off if the address is marked
1989 	**	   QSELFREF.  We set QSELFREF when we return to recipient().
1990 	*/
1991 
1992 	c = a;
1993 	while (c != NULL)
1994 	{
1995 		if (tTd(27, 10))
1996 			sm_dprintf("  %s", c->q_user);
1997 		if (bitnset(M_HASPWENT, c->q_mailer->m_flags))
1998 		{
1999 			SM_MBDB_T user;
2000 
2001 			if (tTd(27, 2))
2002 				sm_dprintf("\t... getpwnam(%s)... ", c->q_user);
2003 			if (sm_mbdb_lookup(c->q_user, &user) == EX_OK)
2004 			{
2005 				if (tTd(27, 2))
2006 					sm_dprintf("found\n");
2007 
2008 				/* ought to cache results here */
2009 				if (sameaddr(b, c))
2010 					return b;
2011 				else
2012 					return c;
2013 			}
2014 			if (tTd(27, 2))
2015 				sm_dprintf("failed\n");
2016 		}
2017 		else
2018 		{
2019 			/* if local delivery, compare usernames */
2020 			if (bitnset(M_LOCALMAILER, c->q_mailer->m_flags) &&
2021 			    b->q_mailer == c->q_mailer)
2022 			{
2023 				if (tTd(27, 2))
2024 					sm_dprintf("\t... local match (%s)\n",
2025 						c->q_user);
2026 				if (sameaddr(b, c))
2027 					return b;
2028 				else
2029 					return c;
2030 			}
2031 		}
2032 		if (tTd(27, 10))
2033 			sm_dprintf("\n");
2034 		c = c->q_alias;
2035 	}
2036 
2037 	if (tTd(27, 1))
2038 		sm_dprintf("\t... cannot break loop for \"%s\"\n", a->q_paddr);
2039 
2040 	return NULL;
2041 }
2042