xref: /titanic_50/usr/src/cmd/sendmail/src/envelope.c (revision 69ed0c8ece2346b34605e2c9567c9f7b0dad5dc8)
1 /*
2  * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #pragma ident	"%Z%%M%	%I%	%E% SMI"
15 
16 #include <sendmail.h>
17 
18 SM_RCSID("@(#)$Id: envelope.c,v 8.305 2008/03/31 16:32:13 ca Exp $")
19 
20 /*
21 **  CLRSESSENVELOPE -- clear session oriented data in an envelope
22 **
23 **	Parameters:
24 **		e -- the envelope to clear.
25 **
26 **	Returns:
27 **		none.
28 */
29 
30 void
31 clrsessenvelope(e)
32 	ENVELOPE *e;
33 {
34 #if SASL
35 	macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
36 	macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
37 	macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
38 	macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
39 #endif /* SASL */
40 #if STARTTLS
41 	macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
42 	macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
43 	macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
44 	macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
45 	macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
46 	macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
47 # if _FFR_TLS_1
48 	macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
49 	macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
50 	macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
51 # endif /* _FFR_TLS_1 */
52 #endif /* STARTTLS */
53 }
54 
55 /*
56 **  NEWENVELOPE -- fill in a new envelope
57 **
58 **	Supports inheritance.
59 **
60 **	Parameters:
61 **		e -- the new envelope to fill in.
62 **		parent -- the envelope to be the parent of e.
63 **		rpool -- either NULL, or a pointer to a resource pool
64 **			from which envelope memory is allocated, and
65 **			to which envelope resources are attached.
66 **
67 **	Returns:
68 **		e.
69 **
70 **	Side Effects:
71 **		none.
72 */
73 
74 ENVELOPE *
75 newenvelope(e, parent, rpool)
76 	register ENVELOPE *e;
77 	register ENVELOPE *parent;
78 	SM_RPOOL_T *rpool;
79 {
80 	int sendmode;
81 
82 	/*
83 	**  This code used to read:
84 	**	if (e == parent && e->e_parent != NULL)
85 	**		parent = e->e_parent;
86 	**  So if e == parent && e->e_parent == NULL then we would
87 	**  set e->e_parent = e, which creates a loop in the e_parent chain.
88 	**  This meant macvalue() could go into an infinite loop.
89 	*/
90 
91 	if (parent != NULL)
92 		sendmode = parent->e_sendmode;
93 	else
94 		sendmode = DM_NOTSET;
95 
96 	if (e == parent)
97 		parent = e->e_parent;
98 	clearenvelope(e, true, rpool);
99 	if (e == CurEnv)
100 		memmove((char *) &e->e_from,
101 			(char *) &NullAddress,
102 			sizeof(e->e_from));
103 	else
104 		memmove((char *) &e->e_from,
105 			(char *) &CurEnv->e_from,
106 			sizeof(e->e_from));
107 	e->e_parent = parent;
108 	assign_queueid(e);
109 	e->e_ctime = curtime();
110 #if _FFR_SESSID
111 	e->e_sessid = e->e_id;
112 #endif /* _FFR_SESSID */
113 	if (parent != NULL)
114 	{
115 		e->e_msgpriority = parent->e_msgsize;
116 #if _FFR_SESSID
117 		if (parent->e_sessid != NULL)
118 			e->e_sessid = sm_rpool_strdup_x(rpool,
119 							parent->e_sessid);
120 #endif /* _FFR_SESSID */
121 
122 		if (parent->e_quarmsg == NULL)
123 		{
124 			e->e_quarmsg = NULL;
125 			macdefine(&e->e_macro, A_PERM,
126 				  macid("{quarantine}"), "");
127 		}
128 		else
129 		{
130 			e->e_quarmsg = sm_rpool_strdup_x(rpool,
131 							 parent->e_quarmsg);
132 			macdefine(&e->e_macro, A_PERM,
133 				  macid("{quarantine}"), e->e_quarmsg);
134 		}
135 	}
136 	e->e_puthdr = putheader;
137 	e->e_putbody = putbody;
138 	if (CurEnv->e_xfp != NULL)
139 		(void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
140 	if (sendmode != DM_NOTSET)
141 		set_delivery_mode(sendmode, e);
142 
143 	return e;
144 }
145 
146 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
147 #define MSG_T_O		0x01	/* normal timeout */
148 #define MSG_T_O_NOW	0x02	/* NOW timeout */
149 #define MSG_NOT_BY	0x04	/* Deliver-By time exceeded, mode R */
150 #define MSG_WARN	0x10	/* normal queue warning */
151 #define MSG_WARN_BY	0x20	/* Deliver-By time exceeded, mode N */
152 
153 #define IS_MSG_ERR(x)	(((x) & 0x0f) != 0)	/* return an error */
154 
155 /* immediate return */
156 #define IS_IMM_RET(x)	(((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
157 #define IS_MSG_WARN(x)	(((x) & 0xf0) != 0)	/* return a warning */
158 
159 /*
160 **  DROPENVELOPE -- deallocate an envelope.
161 **
162 **	Parameters:
163 **		e -- the envelope to deallocate.
164 **		fulldrop -- if set, do return receipts.
165 **		split -- if true, split by recipient if message is queued up
166 **
167 **	Returns:
168 **		none.
169 **
170 **	Side Effects:
171 **		housekeeping necessary to dispose of an envelope.
172 **		Unlocks this queue file.
173 */
174 
175 void
176 dropenvelope(e, fulldrop, split)
177 	register ENVELOPE *e;
178 	bool fulldrop;
179 	bool split;
180 {
181 	bool panic = false;
182 	bool queueit = false;
183 	int msg_timeout = 0;
184 	bool failure_return = false;
185 	bool delay_return = false;
186 	bool success_return = false;
187 	bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
188 	bool done = false;
189 	register ADDRESS *q;
190 	char *id = e->e_id;
191 	time_t now;
192 	char buf[MAXLINE];
193 
194 	if (tTd(50, 1))
195 	{
196 		sm_dprintf("dropenvelope %p: id=", e);
197 		xputs(sm_debug_file(), e->e_id);
198 		sm_dprintf(", flags=");
199 		printenvflags(e);
200 		if (tTd(50, 10))
201 		{
202 			sm_dprintf("sendq=");
203 			printaddr(sm_debug_file(), e->e_sendqueue, true);
204 		}
205 	}
206 
207 	if (LogLevel > 84)
208 		sm_syslog(LOG_DEBUG, id,
209 			  "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
210 			  e->e_flags, OpMode, (int) CurrentPid);
211 
212 	/* we must have an id to remove disk files */
213 	if (id == NULL)
214 		return;
215 
216 	/* if verify-only mode, we can skip most of this */
217 	if (OpMode == MD_VERIFY)
218 		goto simpledrop;
219 
220 	if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
221 		logsender(e, NULL);
222 	e->e_flags &= ~EF_LOGSENDER;
223 
224 	/* post statistics */
225 	poststats(StatFile);
226 
227 	/*
228 	**  Extract state information from dregs of send list.
229 	*/
230 
231 	now = curtime();
232 	if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
233 		msg_timeout = MSG_T_O;
234 	if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
235 	    now >= e->e_ctime + e->e_deliver_by &&
236 	    !bitset(EF_RESPONSE, e->e_flags))
237 	{
238 		msg_timeout = MSG_NOT_BY;
239 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
240 	}
241 	else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
242 		 !bitset(EF_RESPONSE, e->e_flags))
243 	{
244 		msg_timeout = MSG_T_O_NOW;
245 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
246 	}
247 
248 	e->e_flags &= ~EF_QUEUERUN;
249 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
250 	{
251 		if (QS_IS_UNDELIVERED(q->q_state))
252 			queueit = true;
253 
254 		/* see if a notification is needed */
255 		if (bitset(QPINGONFAILURE, q->q_flags) &&
256 		    ((IS_MSG_ERR(msg_timeout) &&
257 		      QS_IS_UNDELIVERED(q->q_state)) ||
258 		     QS_IS_BADADDR(q->q_state) ||
259 		     IS_IMM_RET(msg_timeout)))
260 		{
261 			failure_return = true;
262 			if (!done && q->q_owner == NULL &&
263 			    !emptyaddr(&e->e_from))
264 			{
265 				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
266 						  &e->e_errorqueue, 0, e);
267 				done = true;
268 			}
269 		}
270 		else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
271 			  ((QS_IS_SENT(q->q_state) &&
272 			    bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
273 			   bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
274 			  bitset(QBYTRACE, q->q_flags) ||
275 			  bitset(QBYNRELAY, q->q_flags))
276 		{
277 			success_return = true;
278 		}
279 	}
280 
281 	if (e->e_class < 0)
282 		e->e_flags |= EF_NO_BODY_RETN;
283 
284 	/*
285 	**  See if the message timed out.
286 	*/
287 
288 	if (!queueit)
289 		/* EMPTY */
290 		/* nothing to do */ ;
291 	else if (IS_MSG_ERR(msg_timeout))
292 	{
293 		if (failure_return)
294 		{
295 			if (msg_timeout == MSG_NOT_BY)
296 			{
297 				(void) sm_snprintf(buf, sizeof(buf),
298 					"delivery time expired %lds",
299 					e->e_deliver_by);
300 			}
301 			else
302 			{
303 				(void) sm_snprintf(buf, sizeof(buf),
304 					"Cannot send message for %s",
305 					pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
306 						false));
307 			}
308 
309 			/* don't free, allocated from e_rpool */
310 			e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
311 			message(buf);
312 			e->e_flags |= EF_CLRQUEUE;
313 		}
314 		if (msg_timeout == MSG_NOT_BY)
315 		{
316 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
317 				"Delivery time (%lds) expired\n",
318 				e->e_deliver_by);
319 		}
320 		else
321 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
322 				"Message could not be delivered for %s\n",
323 				pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
324 					false));
325 		(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
326 			"Message will be deleted from queue\n");
327 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
328 		{
329 			if (QS_IS_UNDELIVERED(q->q_state))
330 			{
331 				q->q_state = QS_BADADDR;
332 				if (msg_timeout == MSG_NOT_BY)
333 					q->q_status = "5.4.7";
334 				else
335 					q->q_status = "4.4.7";
336 			}
337 		}
338 	}
339 	else
340 	{
341 		if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
342 		    now >= e->e_ctime +
343 				TimeOuts.to_q_warning[e->e_timeoutclass])
344 			msg_timeout = MSG_WARN;
345 		else if (IS_DLVR_NOTIFY(e) &&
346 			 e->e_deliver_by > 0 &&
347 			 now >= e->e_ctime + e->e_deliver_by)
348 			msg_timeout = MSG_WARN_BY;
349 
350 		if (IS_MSG_WARN(msg_timeout))
351 		{
352 			if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
353 			    e->e_class >= 0 &&
354 			    e->e_from.q_paddr != NULL &&
355 			    strcmp(e->e_from.q_paddr, "<>") != 0 &&
356 			    sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
357 			    (strlen(e->e_from.q_paddr) <= 8 ||
358 			     sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
359 					   "-request") != 0))
360 			{
361 				for (q = e->e_sendqueue; q != NULL;
362 				     q = q->q_next)
363 				{
364 					if (QS_IS_UNDELIVERED(q->q_state)
365 #if _FFR_NODELAYDSN_ON_HOLD
366 					    && !bitnset(M_HOLD,
367 							q->q_mailer->m_flags)
368 #endif /* _FFR_NODELAYDSN_ON_HOLD */
369 					   )
370 					{
371 						if (msg_timeout ==
372 						    MSG_WARN_BY &&
373 						    (bitset(QPINGONDELAY,
374 							    q->q_flags) ||
375 						    !bitset(QHASNOTIFY,
376 							    q->q_flags))
377 						   )
378 						{
379 							q->q_flags |= QBYNDELAY;
380 							delay_return = true;
381 						}
382 						if (bitset(QPINGONDELAY,
383 							   q->q_flags))
384 						{
385 							q->q_flags |= QDELAYED;
386 							delay_return = true;
387 						}
388 					}
389 				}
390 			}
391 			if (delay_return)
392 			{
393 				if (msg_timeout == MSG_WARN_BY)
394 				{
395 					(void) sm_snprintf(buf, sizeof(buf),
396 						"Warning: Delivery time (%lds) exceeded",
397 						e->e_deliver_by);
398 				}
399 				else
400 					(void) sm_snprintf(buf, sizeof(buf),
401 						"Warning: could not send message for past %s",
402 						pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
403 							false));
404 
405 				/* don't free, allocated from e_rpool */
406 				e->e_message = sm_rpool_strdup_x(e->e_rpool,
407 								 buf);
408 				message(buf);
409 				e->e_flags |= EF_WARNING;
410 			}
411 			if (msg_timeout == MSG_WARN_BY)
412 			{
413 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
414 					"Warning: Delivery time (%lds) exceeded\n",
415 					e->e_deliver_by);
416 			}
417 			else
418 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
419 					"Warning: message still undelivered after %s\n",
420 					pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
421 					     false));
422 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
423 				      "Will keep trying until message is %s old\n",
424 				      pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
425 					     false));
426 		}
427 	}
428 
429 	if (tTd(50, 2))
430 		sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
431 			failure_return, delay_return, success_return, queueit);
432 
433 	/*
434 	**  If we had some fatal error, but no addresses are marked as
435 	**  bad, mark them _all_ as bad.
436 	*/
437 
438 	if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
439 	{
440 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
441 		{
442 			if ((QS_IS_OK(q->q_state) ||
443 			     QS_IS_VERIFIED(q->q_state)) &&
444 			    bitset(QPINGONFAILURE, q->q_flags))
445 			{
446 				failure_return = true;
447 				q->q_state = QS_BADADDR;
448 			}
449 		}
450 	}
451 
452 	/*
453 	**  Send back return receipts as requested.
454 	*/
455 
456 	if (success_return && !failure_return && !delay_return && fulldrop &&
457 	    !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
458 	    strcmp(e->e_from.q_paddr, "<>") != 0)
459 	{
460 		auto ADDRESS *rlist = NULL;
461 
462 		if (tTd(50, 8))
463 			sm_dprintf("dropenvelope(%s): sending return receipt\n",
464 				id);
465 		e->e_flags |= EF_SENDRECEIPT;
466 		(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
467 		(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
468 	}
469 	e->e_flags &= ~EF_SENDRECEIPT;
470 
471 	/*
472 	**  Arrange to send error messages if there are fatal errors.
473 	*/
474 
475 	if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
476 	{
477 		if (tTd(50, 8))
478 			sm_dprintf("dropenvelope(%s): saving mail\n", id);
479 		panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
480 	}
481 
482 	/*
483 	**  Arrange to send warning messages to postmaster as requested.
484 	*/
485 
486 	if ((failure_return || pmnotify) &&
487 	    PostMasterCopy != NULL &&
488 	    !bitset(EF_RESPONSE, e->e_flags) &&
489 	    e->e_class >= 0)
490 	{
491 		auto ADDRESS *rlist = NULL;
492 		char pcopy[MAXNAME];
493 
494 		if (failure_return)
495 		{
496 			expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
497 
498 			if (tTd(50, 8))
499 				sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
500 					id, pcopy);
501 			(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
502 		}
503 		if (pmnotify)
504 			(void) sendtolist("postmaster", NULLADDR,
505 					  &rlist, 0, e);
506 		(void) returntosender(e->e_message, rlist,
507 				      RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
508 	}
509 
510 	/*
511 	**  Instantiate or deinstantiate the queue.
512 	*/
513 
514 simpledrop:
515 	if (tTd(50, 8))
516 		sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
517 			id, queueit);
518 	if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
519 	{
520 		if (tTd(50, 1))
521 		{
522 			sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
523 				e->e_id, queueit);
524 			printenvflags(e);
525 		}
526 		if (!panic)
527 		{
528 			if (e->e_dfp != NULL)
529 			{
530 				(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
531 				e->e_dfp = NULL;
532 			}
533 			(void) xunlink(queuename(e, DATAFL_LETTER));
534 		}
535 		if (panic && QueueMode == QM_LOST)
536 		{
537 			/*
538 			**  leave the Qf file behind as
539 			**  the delivery attempt failed.
540 			*/
541 
542 			/* EMPTY */
543 		}
544 		else
545 		if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
546 		{
547 			/* add to available space in filesystem */
548 			updfs(e, -1, panic ? 0 : -1, "dropenvelope");
549 		}
550 
551 		if (e->e_ntries > 0 && LogLevel > 9)
552 			sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
553 				  pintvl(curtime() - e->e_ctime, true),
554 				  e->e_ntries);
555 	}
556 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
557 	{
558 		if (!split)
559 			queueup(e, false, true);
560 		else
561 		{
562 			ENVELOPE *oldsib;
563 			ENVELOPE *ee;
564 
565 			/*
566 			**  Save old sibling and set it to NULL to avoid
567 			**  queueing up the same envelopes again.
568 			**  This requires that envelopes in that list have
569 			**  been take care of before (or at some other place).
570 			*/
571 
572 			oldsib = e->e_sibling;
573 			e->e_sibling = NULL;
574 			if (!split_by_recipient(e) &&
575 			    bitset(EF_FATALERRS, e->e_flags))
576 			{
577 				syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
578 					e->e_id, queuename(e, DATAFL_LETTER),
579 					(int) geteuid());
580 			}
581 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
582 				queueup(ee, false, true);
583 			queueup(e, false, true);
584 
585 			/* clean up */
586 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
587 			{
588 				/* now unlock the job */
589 				if (tTd(50, 8))
590 					sm_dprintf("dropenvelope(%s): unlocking job\n",
591 						   ee->e_id);
592 				closexscript(ee);
593 				unlockqueue(ee);
594 
595 				/* this envelope is marked unused */
596 				if (ee->e_dfp != NULL)
597 				{
598 					(void) sm_io_close(ee->e_dfp,
599 							   SM_TIME_DEFAULT);
600 					ee->e_dfp = NULL;
601 				}
602 				ee->e_id = NULL;
603 				ee->e_flags &= ~EF_HAS_DF;
604 			}
605 			e->e_sibling = oldsib;
606 		}
607 	}
608 
609 	/* now unlock the job */
610 	if (tTd(50, 8))
611 		sm_dprintf("dropenvelope(%s): unlocking job\n", id);
612 	closexscript(e);
613 	unlockqueue(e);
614 
615 	/* make sure that this envelope is marked unused */
616 	if (e->e_dfp != NULL)
617 	{
618 		(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
619 		e->e_dfp = NULL;
620 	}
621 	e->e_id = NULL;
622 	e->e_flags &= ~EF_HAS_DF;
623 }
624 /*
625 **  CLEARENVELOPE -- clear an envelope without unlocking
626 **
627 **	This is normally used by a child process to get a clean
628 **	envelope without disturbing the parent.
629 **
630 **	Parameters:
631 **		e -- the envelope to clear.
632 **		fullclear - if set, the current envelope is total
633 **			garbage and should be ignored; otherwise,
634 **			release any resources it may indicate.
635 **		rpool -- either NULL, or a pointer to a resource pool
636 **			from which envelope memory is allocated, and
637 **			to which envelope resources are attached.
638 **
639 **	Returns:
640 **		none.
641 **
642 **	Side Effects:
643 **		Closes files associated with the envelope.
644 **		Marks the envelope as unallocated.
645 */
646 
647 void
648 clearenvelope(e, fullclear, rpool)
649 	register ENVELOPE *e;
650 	bool fullclear;
651 	SM_RPOOL_T *rpool;
652 {
653 	register HDR *bh;
654 	register HDR **nhp;
655 	extern ENVELOPE BlankEnvelope;
656 	char **p;
657 
658 	if (!fullclear)
659 	{
660 		/* clear out any file information */
661 		if (e->e_xfp != NULL)
662 			(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
663 		if (e->e_dfp != NULL)
664 			(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
665 		e->e_xfp = e->e_dfp = NULL;
666 	}
667 
668 	/*
669 	**  Copy BlankEnvelope into *e.
670 	**  It is not safe to simply copy pointers to strings;
671 	**  the strings themselves must be copied (or set to NULL).
672 	**  The problem is that when we assign a new string value to
673 	**  a member of BlankEnvelope, we free the old string.
674 	**  We did not need to do this copying in sendmail 8.11 :-(
675 	**  and it is a potential performance hit.  Reference counted
676 	**  strings are one way out.
677 	*/
678 
679 	*e = BlankEnvelope;
680 	e->e_message = NULL;
681 	e->e_qfletter = '\0';
682 	e->e_quarmsg = NULL;
683 	macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
684 
685 	/*
686 	**  Copy the macro table.
687 	**  We might be able to avoid this by zeroing the macro table
688 	**  and always searching BlankEnvelope.e_macro after e->e_macro
689 	**  in macvalue().
690 	*/
691 
692 	for (p = &e->e_macro.mac_table[0];
693 	     p <= &e->e_macro.mac_table[MAXMACROID];
694 	     ++p)
695 	{
696 		if (*p != NULL)
697 			*p = sm_rpool_strdup_x(rpool, *p);
698 	}
699 
700 	/*
701 	**  XXX There are many strings in the envelope structure
702 	**  XXX that we are not attempting to copy here.
703 	**  XXX Investigate this further.
704 	*/
705 
706 	e->e_rpool = rpool;
707 	e->e_macro.mac_rpool = rpool;
708 	if (Verbose)
709 		set_delivery_mode(SM_DELIVER, e);
710 	bh = BlankEnvelope.e_header;
711 	nhp = &e->e_header;
712 	while (bh != NULL)
713 	{
714 		*nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
715 		memmove((char *) *nhp, (char *) bh, sizeof(*bh));
716 		bh = bh->h_link;
717 		nhp = &(*nhp)->h_link;
718 	}
719 }
720 /*
721 **  INITSYS -- initialize instantiation of system
722 **
723 **	In Daemon mode, this is done in the child.
724 **
725 **	Parameters:
726 **		e -- the envelope to use.
727 **
728 **	Returns:
729 **		none.
730 **
731 **	Side Effects:
732 **		Initializes the system macros, some global variables,
733 **		etc.  In particular, the current time in various
734 **		forms is set.
735 */
736 
737 void
738 initsys(e)
739 	register ENVELOPE *e;
740 {
741 	char buf[10];
742 #ifdef TTYNAME
743 	static char ybuf[60];			/* holds tty id */
744 	register char *p;
745 	extern char *ttyname();
746 #endif /* TTYNAME */
747 
748 	/*
749 	**  Give this envelope a reality.
750 	**	I.e., an id, a transcript, and a creation time.
751 	**  We don't select the queue until all of the recipients are known.
752 	*/
753 
754 	openxscript(e);
755 	e->e_ctime = curtime();
756 	e->e_qfletter = '\0';
757 
758 	/*
759 	**  Set OutChannel to something useful if stdout isn't it.
760 	**	This arranges that any extra stuff the mailer produces
761 	**	gets sent back to the user on error (because it is
762 	**	tucked away in the transcript).
763 	*/
764 
765 	if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
766 	    e->e_xfp != NULL)
767 		OutChannel = e->e_xfp;
768 
769 	/*
770 	**  Set up some basic system macros.
771 	*/
772 
773 	/* process id */
774 	(void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
775 	macdefine(&e->e_macro, A_TEMP, 'p', buf);
776 
777 	/* hop count */
778 	(void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
779 	macdefine(&e->e_macro, A_TEMP, 'c', buf);
780 
781 	/* time as integer, unix time, arpa time */
782 	settime(e);
783 
784 	/* Load average */
785 	sm_getla();
786 
787 #ifdef TTYNAME
788 	/* tty name */
789 	if (macvalue('y', e) == NULL)
790 	{
791 		p = ttyname(2);
792 		if (p != NULL)
793 		{
794 			if (strrchr(p, '/') != NULL)
795 				p = strrchr(p, '/') + 1;
796 			(void) sm_strlcpy(ybuf, sizeof(ybuf), p);
797 			macdefine(&e->e_macro, A_PERM, 'y', ybuf);
798 		}
799 	}
800 #endif /* TTYNAME */
801 }
802 /*
803 **  SETTIME -- set the current time.
804 **
805 **	Parameters:
806 **		e -- the envelope in which the macros should be set.
807 **
808 **	Returns:
809 **		none.
810 **
811 **	Side Effects:
812 **		Sets the various time macros -- $a, $b, $d, $t.
813 */
814 
815 void
816 settime(e)
817 	register ENVELOPE *e;
818 {
819 	register char *p;
820 	auto time_t now;
821 	char buf[30];
822 	register struct tm *tm;
823 
824 	now = curtime();
825 	(void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
826 	macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
827 	tm = gmtime(&now);
828 	(void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
829 			   tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
830 			   tm->tm_hour, tm->tm_min);
831 	macdefine(&e->e_macro, A_TEMP, 't', buf);
832 	(void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
833 	p = strchr(buf, '\n');
834 	if (p != NULL)
835 		*p = '\0';
836 	macdefine(&e->e_macro, A_TEMP, 'd', buf);
837 	macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
838 	if (macvalue('a', e) == NULL)
839 		macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
840 }
841 /*
842 **  OPENXSCRIPT -- Open transcript file
843 **
844 **	Creates a transcript file for possible eventual mailing or
845 **	sending back.
846 **
847 **	Parameters:
848 **		e -- the envelope to create the transcript in/for.
849 **
850 **	Returns:
851 **		none
852 **
853 **	Side Effects:
854 **		Creates the transcript file.
855 */
856 
857 #ifndef O_APPEND
858 # define O_APPEND	0
859 #endif /* ! O_APPEND */
860 
861 void
862 openxscript(e)
863 	register ENVELOPE *e;
864 {
865 	register char *p;
866 
867 	if (e->e_xfp != NULL)
868 		return;
869 
870 #if 0
871 	if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
872 		syserr("openxscript: job not locked");
873 #endif /* 0 */
874 
875 	p = queuename(e, XSCRPT_LETTER);
876 	e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
877 			  SFF_NOTEXCL|SFF_OPENASROOT);
878 
879 	if (e->e_xfp == NULL)
880 	{
881 		syserr("Can't create transcript file %s", p);
882 		e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
883 				      SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
884 		if (e->e_xfp == NULL)
885 			syserr("!Can't open %s", SM_PATH_DEVNULL);
886 	}
887 	(void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
888 	if (tTd(46, 9))
889 	{
890 		sm_dprintf("openxscript(%s):\n  ", p);
891 		dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
892 		       false);
893 	}
894 }
895 /*
896 **  CLOSEXSCRIPT -- close the transcript file.
897 **
898 **	Parameters:
899 **		e -- the envelope containing the transcript to close.
900 **
901 **	Returns:
902 **		none.
903 **
904 **	Side Effects:
905 **		none.
906 */
907 
908 void
909 closexscript(e)
910 	register ENVELOPE *e;
911 {
912 	if (e->e_xfp == NULL)
913 		return;
914 #if 0
915 	if (e->e_lockfp == NULL)
916 		syserr("closexscript: job not locked");
917 #endif /* 0 */
918 	(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
919 	e->e_xfp = NULL;
920 }
921 /*
922 **  SETSENDER -- set the person who this message is from
923 **
924 **	Under certain circumstances allow the user to say who
925 **	s/he is (using -f or -r).  These are:
926 **	1.  The user's uid is zero (root).
927 **	2.  The user's login name is in an approved list (typically
928 **	    from a network server).
929 **	3.  The address the user is trying to claim has a
930 **	    "!" character in it (since #2 doesn't do it for
931 **	    us if we are dialing out for UUCP).
932 **	A better check to replace #3 would be if the
933 **	effective uid is "UUCP" -- this would require me
934 **	to rewrite getpwent to "grab" uucp as it went by,
935 **	make getname more nasty, do another passwd file
936 **	scan, or compile the UID of "UUCP" into the code,
937 **	all of which are reprehensible.
938 **
939 **	Assuming all of these fail, we figure out something
940 **	ourselves.
941 **
942 **	Parameters:
943 **		from -- the person we would like to believe this message
944 **			is from, as specified on the command line.
945 **		e -- the envelope in which we would like the sender set.
946 **		delimptr -- if non-NULL, set to the location of the
947 **			trailing delimiter.
948 **		delimchar -- the character that will delimit the sender
949 **			address.
950 **		internal -- set if this address is coming from an internal
951 **			source such as an owner alias.
952 **
953 **	Returns:
954 **		none.
955 **
956 **	Side Effects:
957 **		sets sendmail's notion of who the from person is.
958 */
959 
960 void
961 setsender(from, e, delimptr, delimchar, internal)
962 	char *from;
963 	register ENVELOPE *e;
964 	char **delimptr;
965 	int delimchar;
966 	bool internal;
967 {
968 	register char **pvp;
969 	char *realname = NULL;
970 	char *bp;
971 	char buf[MAXNAME + 2];
972 	char pvpbuf[PSBUFSIZE];
973 	extern char *FullName;
974 
975 	if (tTd(45, 1))
976 		sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
977 
978 	/* may be set from earlier calls */
979 	macdefine(&e->e_macro, A_PERM, 'x', "");
980 
981 	/*
982 	**  Figure out the real user executing us.
983 	**	Username can return errno != 0 on non-errors.
984 	*/
985 
986 	if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
987 	    OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
988 		realname = from;
989 	if (realname == NULL || realname[0] == '\0')
990 		realname = username();
991 
992 	if (ConfigLevel < 2)
993 		SuprErrs = true;
994 
995 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
996 
997 	/* preset state for then clause in case from == NULL */
998 	e->e_from.q_state = QS_BADADDR;
999 	e->e_from.q_flags = 0;
1000 	if (from == NULL ||
1001 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
1002 		      delimchar, delimptr, e, false) == NULL ||
1003 	    QS_IS_BADADDR(e->e_from.q_state) ||
1004 	    e->e_from.q_mailer == ProgMailer ||
1005 	    e->e_from.q_mailer == FileMailer ||
1006 	    e->e_from.q_mailer == InclMailer)
1007 	{
1008 		/* log garbage addresses for traceback */
1009 		if (from != NULL && LogLevel > 2)
1010 		{
1011 			char *p;
1012 			char ebuf[MAXNAME * 2 + 2];
1013 
1014 			p = macvalue('_', e);
1015 			if (p == NULL)
1016 			{
1017 				char *host = RealHostName;
1018 
1019 				if (host == NULL)
1020 					host = MyHostName;
1021 				(void) sm_snprintf(ebuf, sizeof(ebuf),
1022 						   "%.*s@%.*s", MAXNAME,
1023 						   realname, MAXNAME, host);
1024 				p = ebuf;
1025 			}
1026 			sm_syslog(LOG_NOTICE, e->e_id,
1027 				  "setsender: %s: invalid or unparsable, received from %s",
1028 				  shortenstring(from, 83), p);
1029 		}
1030 		if (from != NULL)
1031 		{
1032 			if (!QS_IS_BADADDR(e->e_from.q_state))
1033 			{
1034 				/* it was a bogus mailer in the from addr */
1035 				e->e_status = "5.1.7";
1036 				usrerrenh(e->e_status,
1037 					  "553 Invalid sender address");
1038 			}
1039 			SuprErrs = true;
1040 		}
1041 		if (from == realname ||
1042 		    parseaddr(from = realname,
1043 			      &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1044 			      NULL, e, false) == NULL)
1045 		{
1046 			char nbuf[100];
1047 
1048 			SuprErrs = true;
1049 			expand("\201n", nbuf, sizeof(nbuf), e);
1050 			from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1051 			if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1052 				      NULL, e, false) == NULL &&
1053 			    parseaddr(from = "postmaster", &e->e_from,
1054 				      RF_COPYALL, ' ', NULL, e, false) == NULL)
1055 				syserr("553 5.3.0 setsender: can't even parse postmaster!");
1056 		}
1057 	}
1058 	else
1059 		FromFlag = true;
1060 	e->e_from.q_state = QS_SENDER;
1061 	if (tTd(45, 5))
1062 	{
1063 		sm_dprintf("setsender: QS_SENDER ");
1064 		printaddr(sm_debug_file(), &e->e_from, false);
1065 	}
1066 	SuprErrs = false;
1067 
1068 #if USERDB
1069 	if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1070 	{
1071 		register char *p;
1072 
1073 		p = udbsender(e->e_from.q_user, e->e_rpool);
1074 		if (p != NULL)
1075 			from = p;
1076 	}
1077 #endif /* USERDB */
1078 
1079 	if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1080 	{
1081 		SM_MBDB_T user;
1082 
1083 		if (!internal)
1084 		{
1085 			/* if the user already given fullname don't redefine */
1086 			if (FullName == NULL)
1087 				FullName = macvalue('x', e);
1088 			if (FullName != NULL)
1089 			{
1090 				if (FullName[0] == '\0')
1091 					FullName = NULL;
1092 				else
1093 					FullName = newstr(FullName);
1094 			}
1095 		}
1096 
1097 		if (e->e_from.q_user[0] != '\0' &&
1098 		    sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1099 		{
1100 			/*
1101 			**  Process passwd file entry.
1102 			*/
1103 
1104 			/* extract home directory */
1105 			if (*user.mbdb_homedir == '\0')
1106 				e->e_from.q_home = NULL;
1107 			else if (strcmp(user.mbdb_homedir, "/") == 0)
1108 				e->e_from.q_home = "";
1109 			else
1110 				e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1111 							user.mbdb_homedir);
1112 			macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1113 
1114 			/* extract user and group id */
1115 			if (user.mbdb_uid != SM_NO_UID)
1116 			{
1117 				e->e_from.q_uid = user.mbdb_uid;
1118 				e->e_from.q_gid = user.mbdb_gid;
1119 				e->e_from.q_flags |= QGOODUID;
1120 			}
1121 
1122 			/* extract full name from passwd file */
1123 			if (FullName == NULL && !internal &&
1124 			    user.mbdb_fullname[0] != '\0' &&
1125 			    strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1126 			{
1127 				FullName = newstr(user.mbdb_fullname);
1128 			}
1129 		}
1130 		else
1131 		{
1132 			e->e_from.q_home = NULL;
1133 		}
1134 		if (FullName != NULL && !internal)
1135 			macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1136 	}
1137 	else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1138 	{
1139 		if (e->e_from.q_home == NULL)
1140 		{
1141 			e->e_from.q_home = getenv("HOME");
1142 			if (e->e_from.q_home != NULL)
1143 			{
1144 				if (*e->e_from.q_home == '\0')
1145 					e->e_from.q_home = NULL;
1146 				else if (strcmp(e->e_from.q_home, "/") == 0)
1147 					e->e_from.q_home++;
1148 			}
1149 		}
1150 		e->e_from.q_uid = RealUid;
1151 		e->e_from.q_gid = RealGid;
1152 		e->e_from.q_flags |= QGOODUID;
1153 	}
1154 
1155 	/*
1156 	**  Rewrite the from person to dispose of possible implicit
1157 	**	links in the net.
1158 	*/
1159 
1160 	pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
1161 			IntTokenTab, false);
1162 	if (pvp == NULL)
1163 	{
1164 		/* don't need to give error -- prescan did that already */
1165 		if (LogLevel > 2)
1166 			sm_syslog(LOG_NOTICE, e->e_id,
1167 				  "cannot prescan from (%s)",
1168 				  shortenstring(from, MAXSHORTSTR));
1169 		finis(true, true, ExitStat);
1170 	}
1171 	(void) REWRITE(pvp, 3, e);
1172 	(void) REWRITE(pvp, 1, e);
1173 	(void) REWRITE(pvp, 4, e);
1174 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1175 	bp = buf + 1;
1176 	cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
1177 	if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1178 	{
1179 		/* heuristic: route-addr: add angle brackets */
1180 		(void) sm_strlcat(bp, ">", sizeof(buf) - 1);
1181 		*--bp = '<';
1182 	}
1183 	e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1184 	macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1185 
1186 	/* save the domain spec if this mailer wants it */
1187 	if (e->e_from.q_mailer != NULL &&
1188 	    bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1189 	{
1190 		char **lastat;
1191 
1192 		/* get rid of any pesky angle brackets */
1193 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1194 		(void) REWRITE(pvp, 3, e);
1195 		(void) REWRITE(pvp, 1, e);
1196 		(void) REWRITE(pvp, 4, e);
1197 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1198 
1199 		/* strip off to the last "@" sign */
1200 		for (lastat = NULL; *pvp != NULL; pvp++)
1201 		{
1202 			if (strcmp(*pvp, "@") == 0)
1203 				lastat = pvp;
1204 		}
1205 		if (lastat != NULL)
1206 		{
1207 			e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1208 			if (tTd(45, 3))
1209 			{
1210 				sm_dprintf("Saving from domain: ");
1211 				printav(sm_debug_file(), e->e_fromdomain);
1212 			}
1213 		}
1214 	}
1215 }
1216 /*
1217 **  PRINTENVFLAGS -- print envelope flags for debugging
1218 **
1219 **	Parameters:
1220 **		e -- the envelope with the flags to be printed.
1221 **
1222 **	Returns:
1223 **		none.
1224 */
1225 
1226 struct eflags
1227 {
1228 	char		*ef_name;
1229 	unsigned long	ef_bit;
1230 };
1231 
1232 static struct eflags	EnvelopeFlags[] =
1233 {
1234 	{ "OLDSTYLE",		EF_OLDSTYLE	},
1235 	{ "INQUEUE",		EF_INQUEUE	},
1236 	{ "NO_BODY_RETN",	EF_NO_BODY_RETN	},
1237 	{ "CLRQUEUE",		EF_CLRQUEUE	},
1238 	{ "SENDRECEIPT",	EF_SENDRECEIPT	},
1239 	{ "FATALERRS",		EF_FATALERRS	},
1240 	{ "DELETE_BCC",		EF_DELETE_BCC	},
1241 	{ "RESPONSE",		EF_RESPONSE	},
1242 	{ "RESENT",		EF_RESENT	},
1243 	{ "VRFYONLY",		EF_VRFYONLY	},
1244 	{ "WARNING",		EF_WARNING	},
1245 	{ "QUEUERUN",		EF_QUEUERUN	},
1246 	{ "GLOBALERRS",		EF_GLOBALERRS	},
1247 	{ "PM_NOTIFY",		EF_PM_NOTIFY	},
1248 	{ "METOO",		EF_METOO	},
1249 	{ "LOGSENDER",		EF_LOGSENDER	},
1250 	{ "NORECEIPT",		EF_NORECEIPT	},
1251 	{ "HAS8BIT",		EF_HAS8BIT	},
1252 	{ "NL_NOT_EOL",		EF_NL_NOT_EOL	},
1253 	{ "CRLF_NOT_EOL",	EF_CRLF_NOT_EOL	},
1254 	{ "RET_PARAM",		EF_RET_PARAM	},
1255 	{ "HAS_DF",		EF_HAS_DF	},
1256 	{ "IS_MIME",		EF_IS_MIME	},
1257 	{ "DONT_MIME",		EF_DONT_MIME	},
1258 	{ "DISCARD",		EF_DISCARD	},
1259 	{ "TOOBIG",		EF_TOOBIG	},
1260 	{ "SPLIT",		EF_SPLIT	},
1261 	{ "UNSAFE",		EF_UNSAFE	},
1262 	{ NULL,			0		}
1263 };
1264 
1265 void
1266 printenvflags(e)
1267 	register ENVELOPE *e;
1268 {
1269 	register struct eflags *ef;
1270 	bool first = true;
1271 
1272 	sm_dprintf("%lx", e->e_flags);
1273 	for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1274 	{
1275 		if (!bitset(ef->ef_bit, e->e_flags))
1276 			continue;
1277 		if (first)
1278 			sm_dprintf("<%s", ef->ef_name);
1279 		else
1280 			sm_dprintf(",%s", ef->ef_name);
1281 		first = false;
1282 	}
1283 	if (!first)
1284 		sm_dprintf(">\n");
1285 }
1286