xref: /titanic_50/usr/src/cmd/sendmail/src/envelope.c (revision 9dd0f810214fdc8e1af881a9a5c4b6927629ff9e)
1 /*
2  * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #pragma ident	"%Z%%M%	%I%	%E% SMI"
15 
16 #include <sendmail.h>
17 
18 SM_RCSID("@(#)$Id: envelope.c,v 8.296 2006/03/31 18:53:50 ca Exp $")
19 
20 /*
21 **  CLRSESSENVELOPE -- clear session oriented data in an envelope
22 **
23 **	Parameters:
24 **		e -- the envelope to clear.
25 **
26 **	Returns:
27 **		none.
28 */
29 
30 void
31 clrsessenvelope(e)
32 	ENVELOPE *e;
33 {
34 #if SASL
35 	macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
36 	macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
37 	macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
38 	macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
39 #endif /* SASL */
40 #if STARTTLS
41 	macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
42 	macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
43 	macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
44 	macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
45 	macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
46 	macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
47 # if _FFR_TLS_1
48 	macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
49 	macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
50 	macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
51 # endif /* _FFR_TLS_1 */
52 #endif /* STARTTLS */
53 }
54 
55 /*
56 **  NEWENVELOPE -- fill in a new envelope
57 **
58 **	Supports inheritance.
59 **
60 **	Parameters:
61 **		e -- the new envelope to fill in.
62 **		parent -- the envelope to be the parent of e.
63 **		rpool -- either NULL, or a pointer to a resource pool
64 **			from which envelope memory is allocated, and
65 **			to which envelope resources are attached.
66 **
67 **	Returns:
68 **		e.
69 **
70 **	Side Effects:
71 **		none.
72 */
73 
74 ENVELOPE *
75 newenvelope(e, parent, rpool)
76 	register ENVELOPE *e;
77 	register ENVELOPE *parent;
78 	SM_RPOOL_T *rpool;
79 {
80 #if _FFR_DM_PER_DAEMON
81 	int		sendmode;
82 #endif /* _FFR_DM_PER_DAEMON */
83 
84 	/*
85 	**  This code used to read:
86 	**	if (e == parent && e->e_parent != NULL)
87 	**		parent = e->e_parent;
88 	**  So if e == parent && e->e_parent == NULL then we would
89 	**  set e->e_parent = e, which creates a loop in the e_parent chain.
90 	**  This meant macvalue() could go into an infinite loop.
91 	*/
92 
93 #if _FFR_DM_PER_DAEMON
94 	if (parent != NULL)
95 		sendmode = parent->e_sendmode;
96 	else
97 		sendmode = DM_NOTSET;
98 #endif /* _FFR_DM_PER_DAEMON */
99 
100 	if (e == parent)
101 		parent = e->e_parent;
102 	clearenvelope(e, true, rpool);
103 	if (e == CurEnv)
104 		memmove((char *) &e->e_from,
105 			(char *) &NullAddress,
106 			sizeof e->e_from);
107 	else
108 		memmove((char *) &e->e_from,
109 			(char *) &CurEnv->e_from,
110 			sizeof e->e_from);
111 	e->e_parent = parent;
112 	assign_queueid(e);
113 	e->e_ctime = curtime();
114 	if (parent != NULL)
115 	{
116 		e->e_msgpriority = parent->e_msgsize;
117 		if (parent->e_quarmsg == NULL)
118 		{
119 			e->e_quarmsg = NULL;
120 			macdefine(&e->e_macro, A_PERM,
121 				  macid("{quarantine}"), "");
122 		}
123 		else
124 		{
125 			e->e_quarmsg = sm_rpool_strdup_x(rpool,
126 							 parent->e_quarmsg);
127 			macdefine(&e->e_macro, A_PERM,
128 				  macid("{quarantine}"), e->e_quarmsg);
129 		}
130 	}
131 	e->e_puthdr = putheader;
132 	e->e_putbody = putbody;
133 	if (CurEnv->e_xfp != NULL)
134 		(void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
135 #if _FFR_DM_PER_DAEMON
136 	if (sendmode != DM_NOTSET)
137 		e->e_sendmode = sendmode;
138 #endif /* _FFR_DM_PER_DAEMON */
139 
140 	return e;
141 }
142 
143 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
144 #define MSG_T_O		0x01	/* normal timeout */
145 #define MSG_T_O_NOW	0x02	/* NOW timeout */
146 #define MSG_NOT_BY	0x04	/* Deliver-By time exceeded, mode R */
147 #define MSG_WARN	0x10	/* normal queue warning */
148 #define MSG_WARN_BY	0x20	/* Deliver-By time exceeded, mode N */
149 
150 #define IS_MSG_ERR(x)	(((x) & 0x0f) != 0)	/* return an error */
151 
152 /* immediate return */
153 #define IS_IMM_RET(x)	(((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
154 #define IS_MSG_WARN(x)	(((x) & 0xf0) != 0)	/* return a warning */
155 
156 /*
157 **  DROPENVELOPE -- deallocate an envelope.
158 **
159 **	Parameters:
160 **		e -- the envelope to deallocate.
161 **		fulldrop -- if set, do return receipts.
162 **		split -- if true, split by recipient if message is queued up
163 **
164 **	Returns:
165 **		none.
166 **
167 **	Side Effects:
168 **		housekeeping necessary to dispose of an envelope.
169 **		Unlocks this queue file.
170 */
171 
172 void
173 dropenvelope(e, fulldrop, split)
174 	register ENVELOPE *e;
175 	bool fulldrop;
176 	bool split;
177 {
178 	bool panic = false;
179 	bool queueit = false;
180 	int msg_timeout = 0;
181 	bool failure_return = false;
182 	bool delay_return = false;
183 	bool success_return = false;
184 	bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
185 	bool done = false;
186 	register ADDRESS *q;
187 	char *id = e->e_id;
188 	time_t now;
189 	char buf[MAXLINE];
190 
191 	if (tTd(50, 1))
192 	{
193 		sm_dprintf("dropenvelope %p: id=", e);
194 		xputs(sm_debug_file(), e->e_id);
195 		sm_dprintf(", flags=");
196 		printenvflags(e);
197 		if (tTd(50, 10))
198 		{
199 			sm_dprintf("sendq=");
200 			printaddr(sm_debug_file(), e->e_sendqueue, true);
201 		}
202 	}
203 
204 	if (LogLevel > 84)
205 		sm_syslog(LOG_DEBUG, id,
206 			  "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
207 			  e->e_flags, OpMode, (int) CurrentPid);
208 
209 	/* we must have an id to remove disk files */
210 	if (id == NULL)
211 		return;
212 
213 	/* if verify-only mode, we can skip most of this */
214 	if (OpMode == MD_VERIFY)
215 		goto simpledrop;
216 
217 	if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
218 		logsender(e, NULL);
219 	e->e_flags &= ~EF_LOGSENDER;
220 
221 	/* post statistics */
222 	poststats(StatFile);
223 
224 	/*
225 	**  Extract state information from dregs of send list.
226 	*/
227 
228 	now = curtime();
229 	if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
230 		msg_timeout = MSG_T_O;
231 	if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
232 	    now >= e->e_ctime + e->e_deliver_by &&
233 	    !bitset(EF_RESPONSE, e->e_flags))
234 	{
235 		msg_timeout = MSG_NOT_BY;
236 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
237 	}
238 	else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
239 		 !bitset(EF_RESPONSE, e->e_flags))
240 	{
241 		msg_timeout = MSG_T_O_NOW;
242 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
243 	}
244 
245 	e->e_flags &= ~EF_QUEUERUN;
246 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
247 	{
248 		if (QS_IS_UNDELIVERED(q->q_state))
249 			queueit = true;
250 
251 		/* see if a notification is needed */
252 		if (bitset(QPINGONFAILURE, q->q_flags) &&
253 		    ((IS_MSG_ERR(msg_timeout) &&
254 		      QS_IS_UNDELIVERED(q->q_state)) ||
255 		     QS_IS_BADADDR(q->q_state) ||
256 		     IS_IMM_RET(msg_timeout)))
257 		{
258 			failure_return = true;
259 			if (!done && q->q_owner == NULL &&
260 			    !emptyaddr(&e->e_from))
261 			{
262 				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
263 						  &e->e_errorqueue, 0, e);
264 				done = true;
265 			}
266 		}
267 		else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
268 			  ((QS_IS_SENT(q->q_state) &&
269 			    bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
270 			   bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
271 			  bitset(QBYTRACE, q->q_flags) ||
272 			  bitset(QBYNRELAY, q->q_flags))
273 		{
274 			success_return = true;
275 		}
276 	}
277 
278 	if (e->e_class < 0)
279 		e->e_flags |= EF_NO_BODY_RETN;
280 
281 	/*
282 	**  See if the message timed out.
283 	*/
284 
285 	if (!queueit)
286 		/* EMPTY */
287 		/* nothing to do */ ;
288 	else if (IS_MSG_ERR(msg_timeout))
289 	{
290 		if (failure_return)
291 		{
292 			if (msg_timeout == MSG_NOT_BY)
293 			{
294 				(void) sm_snprintf(buf, sizeof buf,
295 					"delivery time expired %lds",
296 					e->e_deliver_by);
297 			}
298 			else
299 			{
300 				(void) sm_snprintf(buf, sizeof buf,
301 					"Cannot send message for %s",
302 					pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
303 						false));
304 			}
305 
306 			/* don't free, allocated from e_rpool */
307 			e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
308 			message(buf);
309 			e->e_flags |= EF_CLRQUEUE;
310 		}
311 		if (msg_timeout == MSG_NOT_BY)
312 		{
313 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
314 				"Delivery time (%lds) expired\n",
315 				e->e_deliver_by);
316 		}
317 		else
318 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
319 				"Message could not be delivered for %s\n",
320 				pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
321 					false));
322 		(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
323 			"Message will be deleted from queue\n");
324 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
325 		{
326 			if (QS_IS_UNDELIVERED(q->q_state))
327 			{
328 				q->q_state = QS_BADADDR;
329 				if (msg_timeout == MSG_NOT_BY)
330 					q->q_status = "5.4.7";
331 				else
332 					q->q_status = "4.4.7";
333 			}
334 		}
335 	}
336 	else
337 	{
338 		if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
339 		    now >= e->e_ctime +
340 				TimeOuts.to_q_warning[e->e_timeoutclass])
341 			msg_timeout = MSG_WARN;
342 		else if (IS_DLVR_NOTIFY(e) &&
343 			 e->e_deliver_by > 0 &&
344 			 now >= e->e_ctime + e->e_deliver_by)
345 			msg_timeout = MSG_WARN_BY;
346 
347 		if (IS_MSG_WARN(msg_timeout))
348 		{
349 			if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
350 			    e->e_class >= 0 &&
351 			    e->e_from.q_paddr != NULL &&
352 			    strcmp(e->e_from.q_paddr, "<>") != 0 &&
353 			    sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
354 			    (strlen(e->e_from.q_paddr) <= 8 ||
355 			     sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
356 					   "-request") != 0))
357 			{
358 				for (q = e->e_sendqueue; q != NULL;
359 				     q = q->q_next)
360 				{
361 					if (QS_IS_UNDELIVERED(q->q_state)
362 #if _FFR_NODELAYDSN_ON_HOLD
363 					    && !bitnset(M_HOLD,
364 							q->q_mailer->m_flags)
365 #endif /* _FFR_NODELAYDSN_ON_HOLD */
366 					   )
367 					{
368 						if (msg_timeout ==
369 						    MSG_WARN_BY &&
370 						    (bitset(QPINGONDELAY,
371 							    q->q_flags) ||
372 						    !bitset(QHASNOTIFY,
373 							    q->q_flags))
374 						   )
375 						{
376 							q->q_flags |= QBYNDELAY;
377 							delay_return = true;
378 						}
379 						if (bitset(QPINGONDELAY,
380 							   q->q_flags))
381 						{
382 							q->q_flags |= QDELAYED;
383 							delay_return = true;
384 						}
385 					}
386 				}
387 			}
388 			if (delay_return)
389 			{
390 				if (msg_timeout == MSG_WARN_BY)
391 				{
392 					(void) sm_snprintf(buf, sizeof buf,
393 						"Warning: Delivery time (%lds) exceeded",
394 						e->e_deliver_by);
395 				}
396 				else
397 					(void) sm_snprintf(buf, sizeof buf,
398 						"Warning: could not send message for past %s",
399 						pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
400 							false));
401 
402 				/* don't free, allocated from e_rpool */
403 				e->e_message = sm_rpool_strdup_x(e->e_rpool,
404 								 buf);
405 				message(buf);
406 				e->e_flags |= EF_WARNING;
407 			}
408 			if (msg_timeout == MSG_WARN_BY)
409 			{
410 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
411 					"Warning: Delivery time (%lds) exceeded\n",
412 					e->e_deliver_by);
413 			}
414 			else
415 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
416 					"Warning: message still undelivered after %s\n",
417 					pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
418 					     false));
419 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
420 				      "Will keep trying until message is %s old\n",
421 				      pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
422 					     false));
423 		}
424 	}
425 
426 	if (tTd(50, 2))
427 		sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
428 			failure_return, delay_return, success_return, queueit);
429 
430 	/*
431 	**  If we had some fatal error, but no addresses are marked as
432 	**  bad, mark them _all_ as bad.
433 	*/
434 
435 	if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
436 	{
437 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
438 		{
439 			if ((QS_IS_OK(q->q_state) ||
440 			     QS_IS_VERIFIED(q->q_state)) &&
441 			    bitset(QPINGONFAILURE, q->q_flags))
442 			{
443 				failure_return = true;
444 				q->q_state = QS_BADADDR;
445 			}
446 		}
447 	}
448 
449 	/*
450 	**  Send back return receipts as requested.
451 	*/
452 
453 	if (success_return && !failure_return && !delay_return && fulldrop &&
454 	    !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
455 	    strcmp(e->e_from.q_paddr, "<>") != 0)
456 	{
457 		auto ADDRESS *rlist = NULL;
458 
459 		if (tTd(50, 8))
460 			sm_dprintf("dropenvelope(%s): sending return receipt\n",
461 				id);
462 		e->e_flags |= EF_SENDRECEIPT;
463 		(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
464 		(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
465 	}
466 	e->e_flags &= ~EF_SENDRECEIPT;
467 
468 	/*
469 	**  Arrange to send error messages if there are fatal errors.
470 	*/
471 
472 	if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
473 	{
474 		if (tTd(50, 8))
475 			sm_dprintf("dropenvelope(%s): saving mail\n", id);
476 		panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
477 	}
478 
479 	/*
480 	**  Arrange to send warning messages to postmaster as requested.
481 	*/
482 
483 	if ((failure_return || pmnotify) &&
484 	    PostMasterCopy != NULL &&
485 	    !bitset(EF_RESPONSE, e->e_flags) &&
486 	    e->e_class >= 0)
487 	{
488 		auto ADDRESS *rlist = NULL;
489 		char pcopy[MAXNAME];
490 
491 		if (failure_return)
492 		{
493 			expand(PostMasterCopy, pcopy, sizeof pcopy, e);
494 
495 			if (tTd(50, 8))
496 				sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
497 					id, pcopy);
498 			(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
499 		}
500 		if (pmnotify)
501 			(void) sendtolist("postmaster", NULLADDR,
502 					  &rlist, 0, e);
503 		(void) returntosender(e->e_message, rlist,
504 				      RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
505 	}
506 
507 	/*
508 	**  Instantiate or deinstantiate the queue.
509 	*/
510 
511 simpledrop:
512 	if (tTd(50, 8))
513 		sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
514 			id, queueit);
515 	if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
516 	{
517 		if (tTd(50, 1))
518 		{
519 			sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
520 				e->e_id, queueit);
521 			printenvflags(e);
522 		}
523 		if (!panic)
524 		{
525 			if (e->e_dfp != NULL)
526 			{
527 				(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
528 				e->e_dfp = NULL;
529 			}
530 			(void) xunlink(queuename(e, DATAFL_LETTER));
531 		}
532 		if (panic && QueueMode == QM_LOST)
533 		{
534 			/*
535 			**  leave the Qf file behind as
536 			**  the delivery attempt failed.
537 			*/
538 
539 			/* EMPTY */
540 		}
541 		else
542 		if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
543 		{
544 			/* add to available space in filesystem */
545 			updfs(e, -1, panic ? 0 : -1, "dropenvelope");
546 		}
547 
548 		if (e->e_ntries > 0 && LogLevel > 9)
549 			sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
550 				  pintvl(curtime() - e->e_ctime, true),
551 				  e->e_ntries);
552 	}
553 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
554 	{
555 		if (!split)
556 			queueup(e, false, true);
557 		else
558 		{
559 			ENVELOPE *oldsib;
560 			ENVELOPE *ee;
561 
562 			/*
563 			**  Save old sibling and set it to NULL to avoid
564 			**  queueing up the same envelopes again.
565 			**  This requires that envelopes in that list have
566 			**  been take care of before (or at some other place).
567 			*/
568 
569 			oldsib = e->e_sibling;
570 			e->e_sibling = NULL;
571 			if (!split_by_recipient(e) &&
572 			    bitset(EF_FATALERRS, e->e_flags))
573 			{
574 				syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
575 					e->e_id, queuename(e, DATAFL_LETTER),
576 					(int) geteuid());
577 			}
578 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
579 				queueup(ee, false, true);
580 			queueup(e, false, true);
581 
582 			/* clean up */
583 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
584 			{
585 				/* now unlock the job */
586 				if (tTd(50, 8))
587 					sm_dprintf("dropenvelope(%s): unlocking job\n",
588 						   ee->e_id);
589 				closexscript(ee);
590 				unlockqueue(ee);
591 
592 				/* this envelope is marked unused */
593 				if (ee->e_dfp != NULL)
594 				{
595 					(void) sm_io_close(ee->e_dfp,
596 							   SM_TIME_DEFAULT);
597 					ee->e_dfp = NULL;
598 				}
599 				ee->e_id = NULL;
600 				ee->e_flags &= ~EF_HAS_DF;
601 			}
602 			e->e_sibling = oldsib;
603 		}
604 	}
605 
606 	/* now unlock the job */
607 	if (tTd(50, 8))
608 		sm_dprintf("dropenvelope(%s): unlocking job\n", id);
609 	closexscript(e);
610 	unlockqueue(e);
611 
612 	/* make sure that this envelope is marked unused */
613 	if (e->e_dfp != NULL)
614 	{
615 		(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
616 		e->e_dfp = NULL;
617 	}
618 	e->e_id = NULL;
619 	e->e_flags &= ~EF_HAS_DF;
620 }
621 /*
622 **  CLEARENVELOPE -- clear an envelope without unlocking
623 **
624 **	This is normally used by a child process to get a clean
625 **	envelope without disturbing the parent.
626 **
627 **	Parameters:
628 **		e -- the envelope to clear.
629 **		fullclear - if set, the current envelope is total
630 **			garbage and should be ignored; otherwise,
631 **			release any resources it may indicate.
632 **		rpool -- either NULL, or a pointer to a resource pool
633 **			from which envelope memory is allocated, and
634 **			to which envelope resources are attached.
635 **
636 **	Returns:
637 **		none.
638 **
639 **	Side Effects:
640 **		Closes files associated with the envelope.
641 **		Marks the envelope as unallocated.
642 */
643 
644 void
645 clearenvelope(e, fullclear, rpool)
646 	register ENVELOPE *e;
647 	bool fullclear;
648 	SM_RPOOL_T *rpool;
649 {
650 	register HDR *bh;
651 	register HDR **nhp;
652 	extern ENVELOPE BlankEnvelope;
653 	char **p;
654 
655 	if (!fullclear)
656 	{
657 		/* clear out any file information */
658 		if (e->e_xfp != NULL)
659 			(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
660 		if (e->e_dfp != NULL)
661 			(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
662 		e->e_xfp = e->e_dfp = NULL;
663 	}
664 
665 	/*
666 	**  Copy BlankEnvelope into *e.
667 	**  It is not safe to simply copy pointers to strings;
668 	**  the strings themselves must be copied (or set to NULL).
669 	**  The problem is that when we assign a new string value to
670 	**  a member of BlankEnvelope, we free the old string.
671 	**  We did not need to do this copying in sendmail 8.11 :-(
672 	**  and it is a potential performance hit.  Reference counted
673 	**  strings are one way out.
674 	*/
675 
676 	*e = BlankEnvelope;
677 	e->e_message = NULL;
678 	e->e_qfletter = '\0';
679 	e->e_quarmsg = NULL;
680 	macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
681 
682 	/*
683 	**  Copy the macro table.
684 	**  We might be able to avoid this by zeroing the macro table
685 	**  and always searching BlankEnvelope.e_macro after e->e_macro
686 	**  in macvalue().
687 	*/
688 
689 	for (p = &e->e_macro.mac_table[0];
690 	     p <= &e->e_macro.mac_table[MAXMACROID];
691 	     ++p)
692 	{
693 		if (*p != NULL)
694 			*p = sm_rpool_strdup_x(rpool, *p);
695 	}
696 
697 	/*
698 	**  XXX There are many strings in the envelope structure
699 	**  XXX that we are not attempting to copy here.
700 	**  XXX Investigate this further.
701 	*/
702 
703 	e->e_rpool = rpool;
704 	e->e_macro.mac_rpool = rpool;
705 	if (Verbose)
706 		set_delivery_mode(SM_DELIVER, e);
707 	bh = BlankEnvelope.e_header;
708 	nhp = &e->e_header;
709 	while (bh != NULL)
710 	{
711 		*nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof *bh);
712 		memmove((char *) *nhp, (char *) bh, sizeof *bh);
713 		bh = bh->h_link;
714 		nhp = &(*nhp)->h_link;
715 	}
716 }
717 /*
718 **  INITSYS -- initialize instantiation of system
719 **
720 **	In Daemon mode, this is done in the child.
721 **
722 **	Parameters:
723 **		e -- the envelope to use.
724 **
725 **	Returns:
726 **		none.
727 **
728 **	Side Effects:
729 **		Initializes the system macros, some global variables,
730 **		etc.  In particular, the current time in various
731 **		forms is set.
732 */
733 
734 void
735 initsys(e)
736 	register ENVELOPE *e;
737 {
738 	char buf[10];
739 #ifdef TTYNAME
740 	static char ybuf[60];			/* holds tty id */
741 	register char *p;
742 	extern char *ttyname();
743 #endif /* TTYNAME */
744 
745 	/*
746 	**  Give this envelope a reality.
747 	**	I.e., an id, a transcript, and a creation time.
748 	**  We don't select the queue until all of the recipients are known.
749 	*/
750 
751 	openxscript(e);
752 	e->e_ctime = curtime();
753 	e->e_qfletter = '\0';
754 
755 	/*
756 	**  Set OutChannel to something useful if stdout isn't it.
757 	**	This arranges that any extra stuff the mailer produces
758 	**	gets sent back to the user on error (because it is
759 	**	tucked away in the transcript).
760 	*/
761 
762 	if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
763 	    e->e_xfp != NULL)
764 		OutChannel = e->e_xfp;
765 
766 	/*
767 	**  Set up some basic system macros.
768 	*/
769 
770 	/* process id */
771 	(void) sm_snprintf(buf, sizeof buf, "%d", (int) CurrentPid);
772 	macdefine(&e->e_macro, A_TEMP, 'p', buf);
773 
774 	/* hop count */
775 	(void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
776 	macdefine(&e->e_macro, A_TEMP, 'c', buf);
777 
778 	/* time as integer, unix time, arpa time */
779 	settime(e);
780 
781 	/* Load average */
782 	sm_getla();
783 
784 #ifdef TTYNAME
785 	/* tty name */
786 	if (macvalue('y', e) == NULL)
787 	{
788 		p = ttyname(2);
789 		if (p != NULL)
790 		{
791 			if (strrchr(p, '/') != NULL)
792 				p = strrchr(p, '/') + 1;
793 			(void) sm_strlcpy(ybuf, sizeof ybuf, p);
794 			macdefine(&e->e_macro, A_PERM, 'y', ybuf);
795 		}
796 	}
797 #endif /* TTYNAME */
798 }
799 /*
800 **  SETTIME -- set the current time.
801 **
802 **	Parameters:
803 **		e -- the envelope in which the macros should be set.
804 **
805 **	Returns:
806 **		none.
807 **
808 **	Side Effects:
809 **		Sets the various time macros -- $a, $b, $d, $t.
810 */
811 
812 void
813 settime(e)
814 	register ENVELOPE *e;
815 {
816 	register char *p;
817 	auto time_t now;
818 	char buf[30];
819 	register struct tm *tm;
820 
821 	now = curtime();
822 	(void) sm_snprintf(buf, sizeof buf, "%ld", (long) now);
823 	macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
824 	tm = gmtime(&now);
825 	(void) sm_snprintf(buf, sizeof buf, "%04d%02d%02d%02d%02d",
826 			   tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
827 			   tm->tm_hour, tm->tm_min);
828 	macdefine(&e->e_macro, A_TEMP, 't', buf);
829 	(void) sm_strlcpy(buf, ctime(&now), sizeof buf);
830 	p = strchr(buf, '\n');
831 	if (p != NULL)
832 		*p = '\0';
833 	macdefine(&e->e_macro, A_TEMP, 'd', buf);
834 	macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
835 	if (macvalue('a', e) == NULL)
836 		macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
837 }
838 /*
839 **  OPENXSCRIPT -- Open transcript file
840 **
841 **	Creates a transcript file for possible eventual mailing or
842 **	sending back.
843 **
844 **	Parameters:
845 **		e -- the envelope to create the transcript in/for.
846 **
847 **	Returns:
848 **		none
849 **
850 **	Side Effects:
851 **		Creates the transcript file.
852 */
853 
854 #ifndef O_APPEND
855 # define O_APPEND	0
856 #endif /* ! O_APPEND */
857 
858 void
859 openxscript(e)
860 	register ENVELOPE *e;
861 {
862 	register char *p;
863 
864 	if (e->e_xfp != NULL)
865 		return;
866 
867 #if 0
868 	if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
869 		syserr("openxscript: job not locked");
870 #endif /* 0 */
871 
872 	p = queuename(e, XSCRPT_LETTER);
873 	e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
874 			  SFF_NOTEXCL|SFF_OPENASROOT);
875 
876 	if (e->e_xfp == NULL)
877 	{
878 		syserr("Can't create transcript file %s", p);
879 		e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
880 				      SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
881 		if (e->e_xfp == NULL)
882 			syserr("!Can't open %s", SM_PATH_DEVNULL);
883 	}
884 	(void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
885 	if (tTd(46, 9))
886 	{
887 		sm_dprintf("openxscript(%s):\n  ", p);
888 		dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
889 		       false);
890 	}
891 }
892 /*
893 **  CLOSEXSCRIPT -- close the transcript file.
894 **
895 **	Parameters:
896 **		e -- the envelope containing the transcript to close.
897 **
898 **	Returns:
899 **		none.
900 **
901 **	Side Effects:
902 **		none.
903 */
904 
905 void
906 closexscript(e)
907 	register ENVELOPE *e;
908 {
909 	if (e->e_xfp == NULL)
910 		return;
911 #if 0
912 	if (e->e_lockfp == NULL)
913 		syserr("closexscript: job not locked");
914 #endif /* 0 */
915 	(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
916 	e->e_xfp = NULL;
917 }
918 /*
919 **  SETSENDER -- set the person who this message is from
920 **
921 **	Under certain circumstances allow the user to say who
922 **	s/he is (using -f or -r).  These are:
923 **	1.  The user's uid is zero (root).
924 **	2.  The user's login name is in an approved list (typically
925 **	    from a network server).
926 **	3.  The address the user is trying to claim has a
927 **	    "!" character in it (since #2 doesn't do it for
928 **	    us if we are dialing out for UUCP).
929 **	A better check to replace #3 would be if the
930 **	effective uid is "UUCP" -- this would require me
931 **	to rewrite getpwent to "grab" uucp as it went by,
932 **	make getname more nasty, do another passwd file
933 **	scan, or compile the UID of "UUCP" into the code,
934 **	all of which are reprehensible.
935 **
936 **	Assuming all of these fail, we figure out something
937 **	ourselves.
938 **
939 **	Parameters:
940 **		from -- the person we would like to believe this message
941 **			is from, as specified on the command line.
942 **		e -- the envelope in which we would like the sender set.
943 **		delimptr -- if non-NULL, set to the location of the
944 **			trailing delimiter.
945 **		delimchar -- the character that will delimit the sender
946 **			address.
947 **		internal -- set if this address is coming from an internal
948 **			source such as an owner alias.
949 **
950 **	Returns:
951 **		none.
952 **
953 **	Side Effects:
954 **		sets sendmail's notion of who the from person is.
955 */
956 
957 void
958 setsender(from, e, delimptr, delimchar, internal)
959 	char *from;
960 	register ENVELOPE *e;
961 	char **delimptr;
962 	int delimchar;
963 	bool internal;
964 {
965 	register char **pvp;
966 	char *realname = NULL;
967 	char *bp;
968 	char buf[MAXNAME + 2];
969 	char pvpbuf[PSBUFSIZE];
970 	extern char *FullName;
971 
972 	if (tTd(45, 1))
973 		sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
974 
975 	/* may be set from earlier calls */
976 	macdefine(&e->e_macro, A_PERM, 'x', "");
977 
978 	/*
979 	**  Figure out the real user executing us.
980 	**	Username can return errno != 0 on non-errors.
981 	*/
982 
983 	if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
984 	    OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
985 		realname = from;
986 	if (realname == NULL || realname[0] == '\0')
987 		realname = username();
988 
989 	if (ConfigLevel < 2)
990 		SuprErrs = true;
991 
992 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
993 
994 	/* preset state for then clause in case from == NULL */
995 	e->e_from.q_state = QS_BADADDR;
996 	e->e_from.q_flags = 0;
997 	if (from == NULL ||
998 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
999 		      delimchar, delimptr, e, false) == NULL ||
1000 	    QS_IS_BADADDR(e->e_from.q_state) ||
1001 	    e->e_from.q_mailer == ProgMailer ||
1002 	    e->e_from.q_mailer == FileMailer ||
1003 	    e->e_from.q_mailer == InclMailer)
1004 	{
1005 		/* log garbage addresses for traceback */
1006 		if (from != NULL && LogLevel > 2)
1007 		{
1008 			char *p;
1009 			char ebuf[MAXNAME * 2 + 2];
1010 
1011 			p = macvalue('_', e);
1012 			if (p == NULL)
1013 			{
1014 				char *host = RealHostName;
1015 
1016 				if (host == NULL)
1017 					host = MyHostName;
1018 				(void) sm_snprintf(ebuf, sizeof ebuf,
1019 						   "%.*s@%.*s", MAXNAME,
1020 						   realname, MAXNAME, host);
1021 				p = ebuf;
1022 			}
1023 			sm_syslog(LOG_NOTICE, e->e_id,
1024 				  "setsender: %s: invalid or unparsable, received from %s",
1025 				  shortenstring(from, 83), p);
1026 		}
1027 		if (from != NULL)
1028 		{
1029 			if (!QS_IS_BADADDR(e->e_from.q_state))
1030 			{
1031 				/* it was a bogus mailer in the from addr */
1032 				e->e_status = "5.1.7";
1033 				usrerrenh(e->e_status,
1034 					  "553 Invalid sender address");
1035 			}
1036 			SuprErrs = true;
1037 		}
1038 		if (from == realname ||
1039 		    parseaddr(from = realname,
1040 			      &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1041 			      NULL, e, false) == NULL)
1042 		{
1043 			char nbuf[100];
1044 
1045 			SuprErrs = true;
1046 			expand("\201n", nbuf, sizeof nbuf, e);
1047 			from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1048 			if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1049 				      NULL, e, false) == NULL &&
1050 			    parseaddr(from = "postmaster", &e->e_from,
1051 				      RF_COPYALL, ' ', NULL, e, false) == NULL)
1052 				syserr("553 5.3.0 setsender: can't even parse postmaster!");
1053 		}
1054 	}
1055 	else
1056 		FromFlag = true;
1057 	e->e_from.q_state = QS_SENDER;
1058 	if (tTd(45, 5))
1059 	{
1060 		sm_dprintf("setsender: QS_SENDER ");
1061 		printaddr(sm_debug_file(), &e->e_from, false);
1062 	}
1063 	SuprErrs = false;
1064 
1065 #if USERDB
1066 	if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1067 	{
1068 		register char *p;
1069 
1070 		p = udbsender(e->e_from.q_user, e->e_rpool);
1071 		if (p != NULL)
1072 			from = p;
1073 	}
1074 #endif /* USERDB */
1075 
1076 	if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1077 	{
1078 		SM_MBDB_T user;
1079 
1080 		if (!internal)
1081 		{
1082 			/* if the user already given fullname don't redefine */
1083 			if (FullName == NULL)
1084 				FullName = macvalue('x', e);
1085 			if (FullName != NULL)
1086 			{
1087 				if (FullName[0] == '\0')
1088 					FullName = NULL;
1089 				else
1090 					FullName = newstr(FullName);
1091 			}
1092 		}
1093 
1094 		if (e->e_from.q_user[0] != '\0' &&
1095 		    sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1096 		{
1097 			/*
1098 			**  Process passwd file entry.
1099 			*/
1100 
1101 			/* extract home directory */
1102 			if (*user.mbdb_homedir == '\0')
1103 				e->e_from.q_home = NULL;
1104 			else if (strcmp(user.mbdb_homedir, "/") == 0)
1105 				e->e_from.q_home = "";
1106 			else
1107 				e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1108 							user.mbdb_homedir);
1109 			macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1110 
1111 			/* extract user and group id */
1112 			if (user.mbdb_uid != SM_NO_UID)
1113 			{
1114 				e->e_from.q_uid = user.mbdb_uid;
1115 				e->e_from.q_gid = user.mbdb_gid;
1116 				e->e_from.q_flags |= QGOODUID;
1117 			}
1118 
1119 			/* extract full name from passwd file */
1120 			if (FullName == NULL && !internal &&
1121 			    user.mbdb_fullname[0] != '\0' &&
1122 			    strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1123 			{
1124 				FullName = newstr(user.mbdb_fullname);
1125 			}
1126 		}
1127 		else
1128 		{
1129 			e->e_from.q_home = NULL;
1130 		}
1131 		if (FullName != NULL && !internal)
1132 			macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1133 	}
1134 	else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1135 	{
1136 		if (e->e_from.q_home == NULL)
1137 		{
1138 			e->e_from.q_home = getenv("HOME");
1139 			if (e->e_from.q_home != NULL)
1140 			{
1141 				if (*e->e_from.q_home == '\0')
1142 					e->e_from.q_home = NULL;
1143 				else if (strcmp(e->e_from.q_home, "/") == 0)
1144 					e->e_from.q_home++;
1145 			}
1146 		}
1147 		e->e_from.q_uid = RealUid;
1148 		e->e_from.q_gid = RealGid;
1149 		e->e_from.q_flags |= QGOODUID;
1150 	}
1151 
1152 	/*
1153 	**  Rewrite the from person to dispose of possible implicit
1154 	**	links in the net.
1155 	*/
1156 
1157 	pvp = prescan(from, delimchar, pvpbuf, sizeof pvpbuf, NULL, NULL, false);
1158 	if (pvp == NULL)
1159 	{
1160 		/* don't need to give error -- prescan did that already */
1161 		if (LogLevel > 2)
1162 			sm_syslog(LOG_NOTICE, e->e_id,
1163 				  "cannot prescan from (%s)",
1164 				  shortenstring(from, MAXSHORTSTR));
1165 		finis(true, true, ExitStat);
1166 	}
1167 	(void) REWRITE(pvp, 3, e);
1168 	(void) REWRITE(pvp, 1, e);
1169 	(void) REWRITE(pvp, 4, e);
1170 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1171 	bp = buf + 1;
1172 	cataddr(pvp, NULL, bp, sizeof buf - 2, '\0');
1173 	if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1174 	{
1175 		/* heuristic: route-addr: add angle brackets */
1176 		(void) sm_strlcat(bp, ">", sizeof buf - 1);
1177 		*--bp = '<';
1178 	}
1179 	e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1180 	macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1181 
1182 	/* save the domain spec if this mailer wants it */
1183 	if (e->e_from.q_mailer != NULL &&
1184 	    bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1185 	{
1186 		char **lastat;
1187 
1188 		/* get rid of any pesky angle brackets */
1189 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1190 		(void) REWRITE(pvp, 3, e);
1191 		(void) REWRITE(pvp, 1, e);
1192 		(void) REWRITE(pvp, 4, e);
1193 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1194 
1195 		/* strip off to the last "@" sign */
1196 		for (lastat = NULL; *pvp != NULL; pvp++)
1197 		{
1198 			if (strcmp(*pvp, "@") == 0)
1199 				lastat = pvp;
1200 		}
1201 		if (lastat != NULL)
1202 		{
1203 			e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1204 			if (tTd(45, 3))
1205 			{
1206 				sm_dprintf("Saving from domain: ");
1207 				printav(sm_debug_file(), e->e_fromdomain);
1208 			}
1209 		}
1210 	}
1211 }
1212 /*
1213 **  PRINTENVFLAGS -- print envelope flags for debugging
1214 **
1215 **	Parameters:
1216 **		e -- the envelope with the flags to be printed.
1217 **
1218 **	Returns:
1219 **		none.
1220 */
1221 
1222 struct eflags
1223 {
1224 	char		*ef_name;
1225 	unsigned long	ef_bit;
1226 };
1227 
1228 static struct eflags	EnvelopeFlags[] =
1229 {
1230 	{ "OLDSTYLE",		EF_OLDSTYLE	},
1231 	{ "INQUEUE",		EF_INQUEUE	},
1232 	{ "NO_BODY_RETN",	EF_NO_BODY_RETN	},
1233 	{ "CLRQUEUE",		EF_CLRQUEUE	},
1234 	{ "SENDRECEIPT",	EF_SENDRECEIPT	},
1235 	{ "FATALERRS",		EF_FATALERRS	},
1236 	{ "DELETE_BCC",		EF_DELETE_BCC	},
1237 	{ "RESPONSE",		EF_RESPONSE	},
1238 	{ "RESENT",		EF_RESENT	},
1239 	{ "VRFYONLY",		EF_VRFYONLY	},
1240 	{ "WARNING",		EF_WARNING	},
1241 	{ "QUEUERUN",		EF_QUEUERUN	},
1242 	{ "GLOBALERRS",		EF_GLOBALERRS	},
1243 	{ "PM_NOTIFY",		EF_PM_NOTIFY	},
1244 	{ "METOO",		EF_METOO	},
1245 	{ "LOGSENDER",		EF_LOGSENDER	},
1246 	{ "NORECEIPT",		EF_NORECEIPT	},
1247 	{ "HAS8BIT",		EF_HAS8BIT	},
1248 	{ "NL_NOT_EOL",		EF_NL_NOT_EOL	},
1249 	{ "CRLF_NOT_EOL",	EF_CRLF_NOT_EOL	},
1250 	{ "RET_PARAM",		EF_RET_PARAM	},
1251 	{ "HAS_DF",		EF_HAS_DF	},
1252 	{ "IS_MIME",		EF_IS_MIME	},
1253 	{ "DONT_MIME",		EF_DONT_MIME	},
1254 	{ "DISCARD",		EF_DISCARD	},
1255 	{ "TOOBIG",		EF_TOOBIG	},
1256 	{ "SPLIT",		EF_SPLIT	},
1257 	{ "UNSAFE",		EF_UNSAFE	},
1258 	{ NULL,			0		}
1259 };
1260 
1261 void
1262 printenvflags(e)
1263 	register ENVELOPE *e;
1264 {
1265 	register struct eflags *ef;
1266 	bool first = true;
1267 
1268 	sm_dprintf("%lx", e->e_flags);
1269 	for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1270 	{
1271 		if (!bitset(ef->ef_bit, e->e_flags))
1272 			continue;
1273 		if (first)
1274 			sm_dprintf("<%s", ef->ef_name);
1275 		else
1276 			sm_dprintf(",%s", ef->ef_name);
1277 		first = false;
1278 	}
1279 	if (!first)
1280 		sm_dprintf(">\n");
1281 }
1282