1 /*
2  * Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("$MirOS: src/gnu/usr.sbin/sendmail/sendmail/envelope.c,v 1.7 2014/06/09 15:17:48 tg Exp $")
17 SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $")
18 
19 /*
20 **  CLRSESSENVELOPE -- clear session oriented data in an envelope
21 **
22 **	Parameters:
23 **		e -- the envelope to clear.
24 **
25 **	Returns:
26 **		none.
27 */
28 
29 void
30 clrsessenvelope(e)
31 	ENVELOPE *e;
32 {
33 #if SASL
34 	macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
35 	macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
36 	macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
37 	macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
38 #endif /* SASL */
39 #if STARTTLS
40 	macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
41 	macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
42 	macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
43 	macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
44 	macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
45 	macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
46 # if _FFR_TLS_1
47 	macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
48 	macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
49 	macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
50 # endif /* _FFR_TLS_1 */
51 #endif /* STARTTLS */
52 }
53 
54 /*
55 **  NEWENVELOPE -- fill in a new envelope
56 **
57 **	Supports inheritance.
58 **
59 **	Parameters:
60 **		e -- the new envelope to fill in.
61 **		parent -- the envelope to be the parent of e.
62 **		rpool -- either NULL, or a pointer to a resource pool
63 **			from which envelope memory is allocated, and
64 **			to which envelope resources are attached.
65 **
66 **	Returns:
67 **		e.
68 **
69 **	Side Effects:
70 **		none.
71 */
72 
73 ENVELOPE *
newenvelope(e,parent,rpool)74 newenvelope(e, parent, rpool)
75 	register ENVELOPE *e;
76 	register ENVELOPE *parent;
77 	SM_RPOOL_T *rpool;
78 {
79 	int sendmode;
80 
81 	/*
82 	**  This code used to read:
83 	**	if (e == parent && e->e_parent != NULL)
84 	**		parent = e->e_parent;
85 	**  So if e == parent && e->e_parent == NULL then we would
86 	**  set e->e_parent = e, which creates a loop in the e_parent chain.
87 	**  This meant macvalue() could go into an infinite loop.
88 	*/
89 
90 	if (parent != NULL)
91 		sendmode = parent->e_sendmode;
92 	else
93 		sendmode = DM_NOTSET;
94 
95 	if (e == parent)
96 		parent = e->e_parent;
97 	clearenvelope(e, true, rpool);
98 	if (e == CurEnv)
99 		memmove((char *) &e->e_from,
100 			(char *) &NullAddress,
101 			sizeof(e->e_from));
102 	else
103 		memmove((char *) &e->e_from,
104 			(char *) &CurEnv->e_from,
105 			sizeof(e->e_from));
106 	e->e_parent = parent;
107 	assign_queueid(e);
108 	e->e_ctime = curtime();
109 #if _FFR_SESSID
110 	e->e_sessid = e->e_id;
111 #endif /* _FFR_SESSID */
112 	if (parent != NULL)
113 	{
114 		e->e_msgpriority = parent->e_msgsize;
115 #if _FFR_SESSID
116 		if (parent->e_sessid != NULL)
117 			e->e_sessid = sm_rpool_strdup_x(rpool,
118 							parent->e_sessid);
119 #endif /* _FFR_SESSID */
120 
121 		if (parent->e_quarmsg == NULL)
122 		{
123 			e->e_quarmsg = NULL;
124 			macdefine(&e->e_macro, A_PERM,
125 				  macid("{quarantine}"), "");
126 		}
127 		else
128 		{
129 			e->e_quarmsg = sm_rpool_strdup_x(rpool,
130 							 parent->e_quarmsg);
131 			macdefine(&e->e_macro, A_PERM,
132 				  macid("{quarantine}"), e->e_quarmsg);
133 		}
134 	}
135 	e->e_puthdr = putheader;
136 	e->e_putbody = putbody;
137 	if (CurEnv->e_xfp != NULL)
138 		(void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
139 	if (sendmode != DM_NOTSET)
140 		set_delivery_mode(sendmode, e);
141 
142 	return e;
143 }
144 
145 /* values for msg_timeout, see also IS_* below for usage (bit layout) */
146 #define MSG_T_O		0x01	/* normal timeout */
147 #define MSG_T_O_NOW	0x02	/* NOW timeout */
148 #define MSG_NOT_BY	0x04	/* Deliver-By time exceeded, mode R */
149 #define MSG_WARN	0x10	/* normal queue warning */
150 #define MSG_WARN_BY	0x20	/* Deliver-By time exceeded, mode N */
151 
152 #define IS_MSG_ERR(x)	(((x) & 0x0f) != 0)	/* return an error */
153 
154 /* immediate return */
155 #define IS_IMM_RET(x)	(((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
156 #define IS_MSG_WARN(x)	(((x) & 0xf0) != 0)	/* return a warning */
157 
158 /*
159 **  DROPENVELOPE -- deallocate an envelope.
160 **
161 **	Parameters:
162 **		e -- the envelope to deallocate.
163 **		fulldrop -- if set, do return receipts.
164 **		split -- if true, split by recipient if message is queued up
165 **
166 **	Returns:
167 **		EX_* status (currently: 0: success, EX_IOERR on panic)
168 **
169 **	Side Effects:
170 **		housekeeping necessary to dispose of an envelope.
171 **		Unlocks this queue file.
172 */
173 
174 int
dropenvelope(e,fulldrop,split)175 dropenvelope(e, fulldrop, split)
176 	register ENVELOPE *e;
177 	bool fulldrop;
178 	bool split;
179 {
180 	bool panic = false;
181 	bool queueit = false;
182 	int msg_timeout = 0;
183 	bool failure_return = false;
184 	bool delay_return = false;
185 	bool success_return = false;
186 	bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
187 	bool done = false;
188 	register ADDRESS *q;
189 	char *id = e->e_id;
190 	time_t now;
191 	char buf[MAXLINE];
192 
193 	if (tTd(50, 1))
194 	{
195 		sm_dprintf("dropenvelope %p: id=", e);
196 		xputs(sm_debug_file(), e->e_id);
197 		sm_dprintf(", flags=");
198 		printenvflags(e);
199 		if (tTd(50, 10))
200 		{
201 			sm_dprintf("sendq=");
202 			printaddr(sm_debug_file(), e->e_sendqueue, true);
203 		}
204 	}
205 
206 	if (LogLevel > 84)
207 		sm_syslog(LOG_DEBUG, id,
208 			  "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
209 			  e->e_flags, OpMode, (int) CurrentPid);
210 
211 	/* we must have an id to remove disk files */
212 	if (id == NULL)
213 		return EX_OK;
214 
215 	/* if verify-only mode, we can skip most of this */
216 	if (OpMode == MD_VERIFY)
217 		goto simpledrop;
218 
219 	if (tTd(92, 2))
220 		sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
221 			e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
222 	if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
223 		logsender(e, NULL);
224 	e->e_flags &= ~EF_LOGSENDER;
225 
226 	/* post statistics */
227 	poststats(StatFile);
228 
229 	/*
230 	**  Extract state information from dregs of send list.
231 	*/
232 
233 	now = curtime();
234 	if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
235 		msg_timeout = MSG_T_O;
236 	if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
237 	    now >= e->e_ctime + e->e_deliver_by &&
238 	    !bitset(EF_RESPONSE, e->e_flags))
239 	{
240 		msg_timeout = MSG_NOT_BY;
241 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
242 	}
243 	else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
244 		 !bitset(EF_RESPONSE, e->e_flags))
245 	{
246 		msg_timeout = MSG_T_O_NOW;
247 		e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
248 	}
249 
250 
251 	e->e_flags &= ~EF_QUEUERUN;
252 	for (q = e->e_sendqueue; q != NULL; q = q->q_next)
253 	{
254 		if (QS_IS_UNDELIVERED(q->q_state))
255 			queueit = true;
256 
257 
258 		/* see if a notification is needed */
259 		if (bitset(QPINGONFAILURE, q->q_flags) &&
260 		    ((IS_MSG_ERR(msg_timeout) &&
261 		      QS_IS_UNDELIVERED(q->q_state)) ||
262 		     QS_IS_BADADDR(q->q_state) ||
263 		     IS_IMM_RET(msg_timeout)))
264 		{
265 			failure_return = true;
266 			if (!done && q->q_owner == NULL &&
267 			    !emptyaddr(&e->e_from))
268 			{
269 				(void) sendtolist(e->e_from.q_paddr, NULLADDR,
270 						  &e->e_errorqueue, 0, e);
271 				done = true;
272 			}
273 		}
274 		else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
275 			  ((QS_IS_SENT(q->q_state) &&
276 			    bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
277 			   bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
278 			  bitset(QBYTRACE, q->q_flags) ||
279 			  bitset(QBYNRELAY, q->q_flags))
280 		{
281 			success_return = true;
282 		}
283 	}
284 
285 	if (e->e_class < 0)
286 		e->e_flags |= EF_NO_BODY_RETN;
287 
288 	/*
289 	**  See if the message timed out.
290 	*/
291 
292 	if (!queueit)
293 		/* EMPTY */
294 		/* nothing to do */ ;
295 	else if (IS_MSG_ERR(msg_timeout))
296 	{
297 		if (failure_return)
298 		{
299 			if (msg_timeout == MSG_NOT_BY)
300 			{
301 				(void) sm_snprintf(buf, sizeof(buf),
302 					"delivery time expired %lds",
303 					e->e_deliver_by);
304 			}
305 			else
306 			{
307 				(void) sm_snprintf(buf, sizeof(buf),
308 					"Cannot send message for %s",
309 					pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
310 						false));
311 			}
312 
313 			/* don't free, allocated from e_rpool */
314 			e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
315 			message(buf);
316 			e->e_flags |= EF_CLRQUEUE;
317 		}
318 		if (msg_timeout == MSG_NOT_BY)
319 		{
320 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
321 				"Delivery time (%lds) expired\n",
322 				e->e_deliver_by);
323 		}
324 		else
325 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
326 				"Message could not be delivered for %s\n",
327 				pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
328 					false));
329 		(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
330 			"Message will be deleted from queue\n");
331 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
332 		{
333 			if (QS_IS_UNDELIVERED(q->q_state))
334 			{
335 				q->q_state = QS_BADADDR;
336 				if (msg_timeout == MSG_NOT_BY)
337 					q->q_status = "5.4.7";
338 				else
339 					q->q_status = "4.4.7";
340 			}
341 		}
342 	}
343 	else
344 	{
345 		if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
346 		    now >= e->e_ctime +
347 				TimeOuts.to_q_warning[e->e_timeoutclass])
348 			msg_timeout = MSG_WARN;
349 		else if (IS_DLVR_NOTIFY(e) &&
350 			 e->e_deliver_by > 0 &&
351 			 now >= e->e_ctime + e->e_deliver_by)
352 			msg_timeout = MSG_WARN_BY;
353 
354 		if (IS_MSG_WARN(msg_timeout))
355 		{
356 			if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
357 			    e->e_class >= 0 &&
358 			    e->e_from.q_paddr != NULL &&
359 			    strcmp(e->e_from.q_paddr, "<>") != 0 &&
360 			    sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
361 			    (strlen(e->e_from.q_paddr) <= 8 ||
362 			     sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
363 					   "-request") != 0))
364 			{
365 				for (q = e->e_sendqueue; q != NULL;
366 				     q = q->q_next)
367 				{
368 					if (QS_IS_UNDELIVERED(q->q_state)
369 #if _FFR_NODELAYDSN_ON_HOLD
370 					    && !bitnset(M_HOLD,
371 							q->q_mailer->m_flags)
372 #endif /* _FFR_NODELAYDSN_ON_HOLD */
373 					   )
374 					{
375 						if (msg_timeout ==
376 						    MSG_WARN_BY &&
377 						    (bitset(QPINGONDELAY,
378 							    q->q_flags) ||
379 						    !bitset(QHASNOTIFY,
380 							    q->q_flags))
381 						   )
382 						{
383 							q->q_flags |= QBYNDELAY;
384 							delay_return = true;
385 						}
386 						if (bitset(QPINGONDELAY,
387 							   q->q_flags))
388 						{
389 							q->q_flags |= QDELAYED;
390 							delay_return = true;
391 						}
392 					}
393 				}
394 			}
395 			if (delay_return)
396 			{
397 				if (msg_timeout == MSG_WARN_BY)
398 				{
399 					(void) sm_snprintf(buf, sizeof(buf),
400 						"Warning: Delivery time (%lds) exceeded",
401 						e->e_deliver_by);
402 				}
403 				else
404 					(void) sm_snprintf(buf, sizeof(buf),
405 						"Warning: could not send message for past %s",
406 						pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
407 							false));
408 
409 				/* don't free, allocated from e_rpool */
410 				e->e_message = sm_rpool_strdup_x(e->e_rpool,
411 								 buf);
412 				message(buf);
413 				e->e_flags |= EF_WARNING;
414 			}
415 			if (msg_timeout == MSG_WARN_BY)
416 			{
417 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
418 					"Warning: Delivery time (%lds) exceeded\n",
419 					e->e_deliver_by);
420 			}
421 			else
422 				(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
423 					"Warning: message still undelivered after %s\n",
424 					pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
425 					     false));
426 			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
427 				      "Will keep trying until message is %s old\n",
428 				      pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
429 					     false));
430 		}
431 	}
432 
433 	if (tTd(50, 2))
434 		sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
435 			failure_return, delay_return, success_return, queueit);
436 
437 	/*
438 	**  If we had some fatal error, but no addresses are marked as
439 	**  bad, mark them _all_ as bad.
440 	*/
441 
442 	if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
443 	{
444 		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
445 		{
446 			if ((QS_IS_OK(q->q_state) ||
447 			     QS_IS_VERIFIED(q->q_state)) &&
448 			    bitset(QPINGONFAILURE, q->q_flags))
449 			{
450 				failure_return = true;
451 				q->q_state = QS_BADADDR;
452 			}
453 		}
454 	}
455 
456 	/*
457 	**  Send back return receipts as requested.
458 	*/
459 
460 	if (success_return && !failure_return && !delay_return && fulldrop &&
461 	    !bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
462 	    strcmp(e->e_from.q_paddr, "<>") != 0)
463 	{
464 		auto ADDRESS *rlist = NULL;
465 
466 		if (tTd(50, 8))
467 			sm_dprintf("dropenvelope(%s): sending return receipt\n",
468 				id);
469 		e->e_flags |= EF_SENDRECEIPT;
470 		(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
471 		(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
472 	}
473 	e->e_flags &= ~EF_SENDRECEIPT;
474 
475 	/*
476 	**  Arrange to send error messages if there are fatal errors.
477 	*/
478 
479 	if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
480 	{
481 		if (tTd(50, 8))
482 			sm_dprintf("dropenvelope(%s): saving mail\n", id);
483 		panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
484 	}
485 
486 	/*
487 	**  Arrange to send warning messages to postmaster as requested.
488 	*/
489 
490 	if ((failure_return || pmnotify) &&
491 	    PostMasterCopy != NULL &&
492 	    !bitset(EF_RESPONSE, e->e_flags) &&
493 	    e->e_class >= 0)
494 	{
495 		auto ADDRESS *rlist = NULL;
496 		char pcopy[MAXNAME];
497 
498 		if (failure_return)
499 		{
500 			expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
501 
502 			if (tTd(50, 8))
503 				sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
504 					id, pcopy);
505 			(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
506 		}
507 		if (pmnotify)
508 			(void) sendtolist("postmaster", NULLADDR,
509 					  &rlist, 0, e);
510 		(void) returntosender(e->e_message, rlist,
511 				      RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
512 	}
513 
514 	/*
515 	**  Instantiate or deinstantiate the queue.
516 	*/
517 
518 simpledrop:
519 	if (tTd(50, 8))
520 		sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
521 			id, queueit);
522 	if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
523 	{
524 		if (tTd(50, 1))
525 		{
526 			sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
527 				e->e_id, queueit);
528 			printenvflags(e);
529 		}
530 		if (!panic)
531 		{
532 			if (e->e_dfp != NULL)
533 			{
534 				(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
535 				e->e_dfp = NULL;
536 			}
537 			(void) xunlink(queuename(e, DATAFL_LETTER));
538 		}
539 		if (panic && QueueMode == QM_LOST)
540 		{
541 			/*
542 			**  leave the Qf file behind as
543 			**  the delivery attempt failed.
544 			*/
545 
546 			/* EMPTY */
547 		}
548 		else
549 		if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
550 		{
551 			/* add to available space in filesystem */
552 			updfs(e, -1, panic ? 0 : -1, "dropenvelope");
553 		}
554 
555 		if (e->e_ntries > 0 && LogLevel > 9)
556 			sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
557 				  pintvl(curtime() - e->e_ctime, true),
558 				  e->e_ntries);
559 	}
560 	else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
561 	{
562 		if (!split)
563 			queueup(e, false, true);
564 		else
565 		{
566 			ENVELOPE *oldsib;
567 			ENVELOPE *ee;
568 
569 			/*
570 			**  Save old sibling and set it to NULL to avoid
571 			**  queueing up the same envelopes again.
572 			**  This requires that envelopes in that list have
573 			**  been take care of before (or at some other place).
574 			*/
575 
576 			oldsib = e->e_sibling;
577 			e->e_sibling = NULL;
578 			if (!split_by_recipient(e) &&
579 			    bitset(EF_FATALERRS, e->e_flags))
580 			{
581 				syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
582 					e->e_id, queuename(e, DATAFL_LETTER),
583 					(int) geteuid());
584 			}
585 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
586 				queueup(ee, false, true);
587 			queueup(e, false, true);
588 
589 			/* clean up */
590 			for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
591 			{
592 				/* now unlock the job */
593 				if (tTd(50, 8))
594 					sm_dprintf("dropenvelope(%s): unlocking job\n",
595 						   ee->e_id);
596 				closexscript(ee);
597 				unlockqueue(ee);
598 
599 				/* this envelope is marked unused */
600 				if (ee->e_dfp != NULL)
601 				{
602 					(void) sm_io_close(ee->e_dfp,
603 							   SM_TIME_DEFAULT);
604 					ee->e_dfp = NULL;
605 				}
606 				ee->e_id = NULL;
607 				ee->e_flags &= ~EF_HAS_DF;
608 			}
609 			e->e_sibling = oldsib;
610 		}
611 	}
612 
613 	/* now unlock the job */
614 	if (tTd(50, 8))
615 		sm_dprintf("dropenvelope(%s): unlocking job\n", id);
616 	closexscript(e);
617 	unlockqueue(e);
618 
619 	/* make sure that this envelope is marked unused */
620 	if (e->e_dfp != NULL)
621 	{
622 		(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
623 		e->e_dfp = NULL;
624 	}
625 	e->e_id = NULL;
626 	e->e_flags &= ~EF_HAS_DF;
627 	if (panic)
628 		return EX_IOERR;
629 	return EX_OK;
630 }
631 
632 /*
633 **  CLEARENVELOPE -- clear an envelope without unlocking
634 **
635 **	This is normally used by a child process to get a clean
636 **	envelope without disturbing the parent.
637 **
638 **	Parameters:
639 **		e -- the envelope to clear.
640 **		fullclear - if set, the current envelope is total
641 **			garbage and should be ignored; otherwise,
642 **			release any resources it may indicate.
643 **		rpool -- either NULL, or a pointer to a resource pool
644 **			from which envelope memory is allocated, and
645 **			to which envelope resources are attached.
646 **
647 **	Returns:
648 **		none.
649 **
650 **	Side Effects:
651 **		Closes files associated with the envelope.
652 **		Marks the envelope as unallocated.
653 */
654 
655 void
clearenvelope(e,fullclear,rpool)656 clearenvelope(e, fullclear, rpool)
657 	register ENVELOPE *e;
658 	bool fullclear;
659 	SM_RPOOL_T *rpool;
660 {
661 	register HDR *bh;
662 	register HDR **nhp;
663 	extern ENVELOPE BlankEnvelope;
664 	char **p;
665 
666 	if (!fullclear)
667 	{
668 		/* clear out any file information */
669 		if (e->e_xfp != NULL)
670 			(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
671 		if (e->e_dfp != NULL)
672 			(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
673 		e->e_xfp = e->e_dfp = NULL;
674 	}
675 
676 	/*
677 	**  Copy BlankEnvelope into *e.
678 	**  It is not safe to simply copy pointers to strings;
679 	**  the strings themselves must be copied (or set to NULL).
680 	**  The problem is that when we assign a new string value to
681 	**  a member of BlankEnvelope, we free the old string.
682 	**  We did not need to do this copying in sendmail 8.11 :-(
683 	**  and it is a potential performance hit.  Reference counted
684 	**  strings are one way out.
685 	*/
686 
687 	*e = BlankEnvelope;
688 	e->e_message = NULL;
689 	e->e_qfletter = '\0';
690 	e->e_quarmsg = NULL;
691 	macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
692 
693 	/*
694 	**  Copy the macro table.
695 	**  We might be able to avoid this by zeroing the macro table
696 	**  and always searching BlankEnvelope.e_macro after e->e_macro
697 	**  in macvalue().
698 	*/
699 
700 	for (p = &e->e_macro.mac_table[0];
701 	     p <= &e->e_macro.mac_table[MAXMACROID];
702 	     ++p)
703 	{
704 		if (*p != NULL)
705 			*p = sm_rpool_strdup_x(rpool, *p);
706 	}
707 
708 	/*
709 	**  XXX There are many strings in the envelope structure
710 	**  XXX that we are not attempting to copy here.
711 	**  XXX Investigate this further.
712 	*/
713 
714 	e->e_rpool = rpool;
715 	e->e_macro.mac_rpool = rpool;
716 	if (Verbose)
717 		set_delivery_mode(SM_DELIVER, e);
718 	bh = BlankEnvelope.e_header;
719 	nhp = &e->e_header;
720 	while (bh != NULL)
721 	{
722 		*nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
723 		memmove((char *) *nhp, (char *) bh, sizeof(*bh));
724 		bh = bh->h_link;
725 		nhp = &(*nhp)->h_link;
726 	}
727 #if _FFR_MILTER_ENHSC
728 	e->e_enhsc[0] = '\0';
729 #endif /* _FFR_MILTER_ENHSC */
730 }
731 /*
732 **  INITSYS -- initialize instantiation of system
733 **
734 **	In Daemon mode, this is done in the child.
735 **
736 **	Parameters:
737 **		e -- the envelope to use.
738 **
739 **	Returns:
740 **		none.
741 **
742 **	Side Effects:
743 **		Initializes the system macros, some global variables,
744 **		etc.  In particular, the current time in various
745 **		forms is set.
746 */
747 
748 void
initsys(e)749 initsys(e)
750 	register ENVELOPE *e;
751 {
752 	char buf[10];
753 #ifdef TTYNAME
754 	static char ybuf[60];			/* holds tty id */
755 	register char *p;
756 	extern char *ttyname();
757 #endif /* TTYNAME */
758 
759 	/*
760 	**  Give this envelope a reality.
761 	**	I.e., an id, a transcript, and a creation time.
762 	**  We don't select the queue until all of the recipients are known.
763 	*/
764 
765 	openxscript(e);
766 	e->e_ctime = curtime();
767 	e->e_qfletter = '\0';
768 
769 	/*
770 	**  Set OutChannel to something useful if stdout isn't it.
771 	**	This arranges that any extra stuff the mailer produces
772 	**	gets sent back to the user on error (because it is
773 	**	tucked away in the transcript).
774 	*/
775 
776 	if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
777 	    e->e_xfp != NULL)
778 		OutChannel = e->e_xfp;
779 
780 	/*
781 	**  Set up some basic system macros.
782 	*/
783 
784 	/* process id */
785 	(void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
786 	macdefine(&e->e_macro, A_TEMP, 'p', buf);
787 
788 	/* hop count */
789 	(void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
790 	macdefine(&e->e_macro, A_TEMP, 'c', buf);
791 
792 	/* time as integer, unix time, arpa time */
793 	settime(e);
794 
795 	/* Load average */
796 	sm_getla();
797 
798 #ifdef TTYNAME
799 	/* tty name */
800 	if (macvalue('y', e) == NULL)
801 	{
802 		p = ttyname(2);
803 		if (p != NULL)
804 		{
805 			if (strrchr(p, '/') != NULL)
806 				p = strrchr(p, '/') + 1;
807 			(void) sm_strlcpy(ybuf, sizeof(ybuf), p);
808 			macdefine(&e->e_macro, A_PERM, 'y', ybuf);
809 		}
810 	}
811 #endif /* TTYNAME */
812 }
813 /*
814 **  SETTIME -- set the current time.
815 **
816 **	Parameters:
817 **		e -- the envelope in which the macros should be set.
818 **
819 **	Returns:
820 **		none.
821 **
822 **	Side Effects:
823 **		Sets the various time macros -- $a, $b, $d, $t.
824 */
825 
826 void
settime(e)827 settime(e)
828 	register ENVELOPE *e;
829 {
830 	register char *p;
831 	auto time_t now;
832 	char buf[30];
833 	register struct tm *tm;
834 
835 	now = curtime();
836 	(void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
837 	macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
838 	tm = gmtime(&now);
839 	(void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
840 			   (int)(tm->tm_year + 1900), tm->tm_mon + 1, tm->tm_mday,
841 			   tm->tm_hour, tm->tm_min);
842 	macdefine(&e->e_macro, A_TEMP, 't', buf);
843 	(void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
844 	p = strchr(buf, '\n');
845 	if (p != NULL)
846 		*p = '\0';
847 	macdefine(&e->e_macro, A_TEMP, 'd', buf);
848 	macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
849 	if (macvalue('a', e) == NULL)
850 		macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
851 }
852 /*
853 **  OPENXSCRIPT -- Open transcript file
854 **
855 **	Creates a transcript file for possible eventual mailing or
856 **	sending back.
857 **
858 **	Parameters:
859 **		e -- the envelope to create the transcript in/for.
860 **
861 **	Returns:
862 **		none
863 **
864 **	Side Effects:
865 **		Creates the transcript file.
866 */
867 
868 #ifndef O_APPEND
869 # define O_APPEND	0
870 #endif /* ! O_APPEND */
871 
872 void
openxscript(e)873 openxscript(e)
874 	register ENVELOPE *e;
875 {
876 	register char *p;
877 
878 	if (e->e_xfp != NULL)
879 		return;
880 
881 #if 0
882 	if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
883 		syserr("openxscript: job not locked");
884 #endif /* 0 */
885 
886 	p = queuename(e, XSCRPT_LETTER);
887 	e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
888 			  SFF_NOTEXCL|SFF_OPENASROOT);
889 
890 	if (e->e_xfp == NULL)
891 	{
892 		syserr("Can't create transcript file %s", p);
893 		e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
894 				      SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
895 		if (e->e_xfp == NULL)
896 			syserr("!Can't open %s", SM_PATH_DEVNULL);
897 	}
898 	(void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
899 	if (tTd(46, 9))
900 	{
901 		sm_dprintf("openxscript(%s):\n  ", p);
902 		dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
903 		       false);
904 	}
905 }
906 /*
907 **  CLOSEXSCRIPT -- close the transcript file.
908 **
909 **	Parameters:
910 **		e -- the envelope containing the transcript to close.
911 **
912 **	Returns:
913 **		none.
914 **
915 **	Side Effects:
916 **		none.
917 */
918 
919 void
closexscript(e)920 closexscript(e)
921 	register ENVELOPE *e;
922 {
923 	if (e->e_xfp == NULL)
924 		return;
925 #if 0
926 	if (e->e_lockfp == NULL)
927 		syserr("closexscript: job not locked");
928 #endif /* 0 */
929 	(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
930 	e->e_xfp = NULL;
931 }
932 /*
933 **  SETSENDER -- set the person who this message is from
934 **
935 **	Under certain circumstances allow the user to say who
936 **	s/he is (using -f or -r).  These are:
937 **	1.  The user's uid is zero (root).
938 **	2.  The user's login name is in an approved list (typically
939 **	    from a network server).
940 **	3.  The address the user is trying to claim has a
941 **	    "!" character in it (since #2 doesn't do it for
942 **	    us if we are dialing out for UUCP).
943 **	A better check to replace #3 would be if the
944 **	effective uid is "UUCP" -- this would require me
945 **	to rewrite getpwent to "grab" uucp as it went by,
946 **	make getname more nasty, do another passwd file
947 **	scan, or compile the UID of "UUCP" into the code,
948 **	all of which are reprehensible.
949 **
950 **	Assuming all of these fail, we figure out something
951 **	ourselves.
952 **
953 **	Parameters:
954 **		from -- the person we would like to believe this message
955 **			is from, as specified on the command line.
956 **		e -- the envelope in which we would like the sender set.
957 **		delimptr -- if non-NULL, set to the location of the
958 **			trailing delimiter.
959 **		delimchar -- the character that will delimit the sender
960 **			address.
961 **		internal -- set if this address is coming from an internal
962 **			source such as an owner alias.
963 **
964 **	Returns:
965 **		none.
966 **
967 **	Side Effects:
968 **		sets sendmail's notion of who the from person is.
969 */
970 
971 void
setsender(from,e,delimptr,delimchar,internal)972 setsender(from, e, delimptr, delimchar, internal)
973 	char *from;
974 	register ENVELOPE *e;
975 	char **delimptr;
976 	int delimchar;
977 	bool internal;
978 {
979 	register char **pvp;
980 	char *realname = NULL;
981 	char *bp;
982 	char buf[MAXNAME + 2];
983 	char pvpbuf[PSBUFSIZE];
984 	extern char *FullName;
985 
986 	if (tTd(45, 1))
987 		sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
988 
989 	/* may be set from earlier calls */
990 	macdefine(&e->e_macro, A_PERM, 'x', "");
991 
992 	/*
993 	**  Figure out the real user executing us.
994 	**	Username can return errno != 0 on non-errors.
995 	*/
996 
997 	if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
998 	    OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
999 		realname = from;
1000 	if (realname == NULL || realname[0] == '\0')
1001 		realname = username();
1002 
1003 	if (ConfigLevel < 2)
1004 		SuprErrs = true;
1005 
1006 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1007 
1008 	/* preset state for then clause in case from == NULL */
1009 	e->e_from.q_state = QS_BADADDR;
1010 	e->e_from.q_flags = 0;
1011 	if (from == NULL ||
1012 	    parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
1013 		      delimchar, delimptr, e, false) == NULL ||
1014 	    QS_IS_BADADDR(e->e_from.q_state) ||
1015 	    e->e_from.q_mailer == ProgMailer ||
1016 	    e->e_from.q_mailer == FileMailer ||
1017 	    e->e_from.q_mailer == InclMailer)
1018 	{
1019 		/* log garbage addresses for traceback */
1020 		if (from != NULL && LogLevel > 2)
1021 		{
1022 			char *p;
1023 			char ebuf[MAXNAME * 2 + 2];
1024 
1025 			p = macvalue('_', e);
1026 			if (p == NULL)
1027 			{
1028 				char *host = RealHostName;
1029 
1030 				if (host == NULL)
1031 					host = MyHostName;
1032 				(void) sm_snprintf(ebuf, sizeof(ebuf),
1033 						   "%.*s@%.*s", MAXNAME,
1034 						   realname, MAXNAME, host);
1035 				p = ebuf;
1036 			}
1037 			sm_syslog(LOG_NOTICE, e->e_id,
1038 				  "setsender: %s: invalid or unparsable, received from %s",
1039 				  shortenstring(from, 83), p);
1040 		}
1041 		if (from != NULL)
1042 		{
1043 			if (!QS_IS_BADADDR(e->e_from.q_state))
1044 			{
1045 				/* it was a bogus mailer in the from addr */
1046 				e->e_status = "5.1.7";
1047 				usrerrenh(e->e_status,
1048 					  "553 Invalid sender address");
1049 			}
1050 			SuprErrs = true;
1051 		}
1052 		if (from == realname ||
1053 		    parseaddr(from = realname,
1054 			      &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
1055 			      NULL, e, false) == NULL)
1056 		{
1057 			char nbuf[100];
1058 
1059 			SuprErrs = true;
1060 			expand("\201n", nbuf, sizeof(nbuf), e);
1061 			from = sm_rpool_strdup_x(e->e_rpool, nbuf);
1062 			if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
1063 				      NULL, e, false) == NULL &&
1064 			    parseaddr(from = "postmaster", &e->e_from,
1065 				      RF_COPYALL, ' ', NULL, e, false) == NULL)
1066 				syserr("553 5.3.0 setsender: can't even parse postmaster!");
1067 		}
1068 	}
1069 	else
1070 		FromFlag = true;
1071 	e->e_from.q_state = QS_SENDER;
1072 	if (tTd(45, 5))
1073 	{
1074 		sm_dprintf("setsender: QS_SENDER ");
1075 		printaddr(sm_debug_file(), &e->e_from, false);
1076 	}
1077 	SuprErrs = false;
1078 
1079 #if USERDB
1080 	if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
1081 	{
1082 		register char *p;
1083 
1084 		p = udbsender(e->e_from.q_user, e->e_rpool);
1085 		if (p != NULL)
1086 			from = p;
1087 	}
1088 #endif /* USERDB */
1089 
1090 	if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
1091 	{
1092 		SM_MBDB_T user;
1093 
1094 		if (!internal)
1095 		{
1096 			/* if the user already given fullname don't redefine */
1097 			if (FullName == NULL)
1098 				FullName = macvalue('x', e);
1099 			if (FullName != NULL)
1100 			{
1101 				if (FullName[0] == '\0')
1102 					FullName = NULL;
1103 				else
1104 					FullName = newstr(FullName);
1105 			}
1106 		}
1107 
1108 		if (e->e_from.q_user[0] != '\0' &&
1109 		    sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
1110 		{
1111 			/*
1112 			**  Process passwd file entry.
1113 			*/
1114 
1115 			/* extract home directory */
1116 			if (*user.mbdb_homedir == '\0')
1117 				e->e_from.q_home = NULL;
1118 			else if (strcmp(user.mbdb_homedir, "/") == 0)
1119 				e->e_from.q_home = "";
1120 			else
1121 				e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
1122 							user.mbdb_homedir);
1123 			macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
1124 
1125 			/* extract user and group id */
1126 			if (user.mbdb_uid != SM_NO_UID)
1127 			{
1128 				e->e_from.q_uid = user.mbdb_uid;
1129 				e->e_from.q_gid = user.mbdb_gid;
1130 				e->e_from.q_flags |= QGOODUID;
1131 			}
1132 
1133 			/* extract full name from passwd file */
1134 			if (FullName == NULL && !internal &&
1135 			    user.mbdb_fullname[0] != '\0' &&
1136 			    strcmp(user.mbdb_name, e->e_from.q_user) == 0)
1137 			{
1138 				FullName = newstr(user.mbdb_fullname);
1139 			}
1140 		}
1141 		else
1142 		{
1143 			e->e_from.q_home = NULL;
1144 		}
1145 		if (FullName != NULL && !internal)
1146 			macdefine(&e->e_macro, A_TEMP, 'x', FullName);
1147 	}
1148 	else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
1149 	{
1150 		if (e->e_from.q_home == NULL)
1151 		{
1152 			e->e_from.q_home = getenv("HOME");
1153 			if (e->e_from.q_home != NULL)
1154 			{
1155 				if (*e->e_from.q_home == '\0')
1156 					e->e_from.q_home = NULL;
1157 				else if (strcmp(e->e_from.q_home, "/") == 0)
1158 					e->e_from.q_home++;
1159 			}
1160 		}
1161 		e->e_from.q_uid = RealUid;
1162 		e->e_from.q_gid = RealGid;
1163 		e->e_from.q_flags |= QGOODUID;
1164 	}
1165 
1166 	/*
1167 	**  Rewrite the from person to dispose of possible implicit
1168 	**	links in the net.
1169 	*/
1170 
1171 	pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
1172 			IntTokenTab, false);
1173 	if (pvp == NULL)
1174 	{
1175 		/* don't need to give error -- prescan did that already */
1176 		if (LogLevel > 2)
1177 			sm_syslog(LOG_NOTICE, e->e_id,
1178 				  "cannot prescan from (%s)",
1179 				  shortenstring(from, MAXSHORTSTR));
1180 		finis(true, true, ExitStat);
1181 	}
1182 	(void) REWRITE(pvp, 3, e);
1183 	(void) REWRITE(pvp, 1, e);
1184 	(void) REWRITE(pvp, 4, e);
1185 	macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1186 	bp = buf + 1;
1187 	cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
1188 	if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
1189 	{
1190 		/* heuristic: route-addr: add angle brackets */
1191 		(void) sm_strlcat(bp, ">", sizeof(buf) - 1);
1192 		*--bp = '<';
1193 	}
1194 	e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
1195 	macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
1196 
1197 	/* save the domain spec if this mailer wants it */
1198 	if (e->e_from.q_mailer != NULL &&
1199 	    bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
1200 	{
1201 		char **lastat;
1202 
1203 		/* get rid of any pesky angle brackets */
1204 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
1205 		(void) REWRITE(pvp, 3, e);
1206 		(void) REWRITE(pvp, 1, e);
1207 		(void) REWRITE(pvp, 4, e);
1208 		macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
1209 
1210 		/* strip off to the last "@" sign */
1211 		for (lastat = NULL; *pvp != NULL; pvp++)
1212 		{
1213 			if (strcmp(*pvp, "@") == 0)
1214 				lastat = pvp;
1215 		}
1216 		if (lastat != NULL)
1217 		{
1218 			e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
1219 			if (tTd(45, 3))
1220 			{
1221 				sm_dprintf("Saving from domain: ");
1222 				printav(sm_debug_file(), e->e_fromdomain);
1223 			}
1224 		}
1225 	}
1226 }
1227 /*
1228 **  PRINTENVFLAGS -- print envelope flags for debugging
1229 **
1230 **	Parameters:
1231 **		e -- the envelope with the flags to be printed.
1232 **
1233 **	Returns:
1234 **		none.
1235 */
1236 
1237 struct eflags
1238 {
1239 	char		*ef_name;
1240 	unsigned long	ef_bit;
1241 };
1242 
1243 static struct eflags	EnvelopeFlags[] =
1244 {
1245 	{ "OLDSTYLE",		EF_OLDSTYLE	},
1246 	{ "INQUEUE",		EF_INQUEUE	},
1247 	{ "NO_BODY_RETN",	EF_NO_BODY_RETN	},
1248 	{ "CLRQUEUE",		EF_CLRQUEUE	},
1249 	{ "SENDRECEIPT",	EF_SENDRECEIPT	},
1250 	{ "FATALERRS",		EF_FATALERRS	},
1251 	{ "DELETE_BCC",		EF_DELETE_BCC	},
1252 	{ "RESPONSE",		EF_RESPONSE	},
1253 	{ "RESENT",		EF_RESENT	},
1254 	{ "VRFYONLY",		EF_VRFYONLY	},
1255 	{ "WARNING",		EF_WARNING	},
1256 	{ "QUEUERUN",		EF_QUEUERUN	},
1257 	{ "GLOBALERRS",		EF_GLOBALERRS	},
1258 	{ "PM_NOTIFY",		EF_PM_NOTIFY	},
1259 	{ "METOO",		EF_METOO	},
1260 	{ "LOGSENDER",		EF_LOGSENDER	},
1261 	{ "NORECEIPT",		EF_NORECEIPT	},
1262 	{ "HAS8BIT",		EF_HAS8BIT	},
1263 	{ "NL_NOT_EOL",		EF_NL_NOT_EOL	},
1264 	{ "CRLF_NOT_EOL",	EF_CRLF_NOT_EOL	},
1265 	{ "RET_PARAM",		EF_RET_PARAM	},
1266 	{ "HAS_DF",		EF_HAS_DF	},
1267 	{ "IS_MIME",		EF_IS_MIME	},
1268 	{ "DONT_MIME",		EF_DONT_MIME	},
1269 	{ "DISCARD",		EF_DISCARD	},
1270 	{ "TOOBIG",		EF_TOOBIG	},
1271 	{ "SPLIT",		EF_SPLIT	},
1272 	{ "UNSAFE",		EF_UNSAFE	},
1273 	{ NULL,			0		}
1274 };
1275 
1276 void
printenvflags(e)1277 printenvflags(e)
1278 	register ENVELOPE *e;
1279 {
1280 	register struct eflags *ef;
1281 	bool first = true;
1282 
1283 	sm_dprintf("%lx", e->e_flags);
1284 	for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
1285 	{
1286 		if (!bitset(ef->ef_bit, e->e_flags))
1287 			continue;
1288 		if (first)
1289 			sm_dprintf("<%s", ef->ef_name);
1290 		else
1291 			sm_dprintf(",%s", ef->ef_name);
1292 		first = false;
1293 	}
1294 	if (!first)
1295 		sm_dprintf(">\n");
1296 }
1297