1 /*
2  * Copyright (c) 1998-2007, 2009 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #include <sendmail.h>
15 
16 SM_RCSID("$MirOS: src/gnu/usr.sbin/sendmail/sendmail/util.c,v 1.9 2014/06/09 15:18:01 tg Exp $")
17 SM_RCSID("@(#)$Id: util.c,v 8.427 2013-11-22 20:51:57 ca Exp $")
18 
19 #include <sm/sendmail.h>
20 #include <sysexits.h>
21 #include <sm/xtrap.h>
22 
23 /*
24 **  NEWSTR -- Create a copy of a C string
25 **
26 **	Parameters:
27 **		s -- the string to copy.
28 **
29 **	Returns:
30 **		pointer to newly allocated string.
31 */
32 
33 char *
34 newstr(s)
35 	const char *s;
36 {
37 	size_t l;
38 	char *n;
39 
40 	l = strlen(s);
41 	SM_ASSERT(l + 1 > l);
42 	n = xalloc(l + 1);
43 	sm_strlcpy(n, s, l + 1);
44 	return n;
45 }
46 
47 /*
48 **  ADDQUOTES -- Adds quotes & quote bits to a string.
49 **
50 **	Runs through a string and adds backslashes and quote bits.
51 **
52 **	Parameters:
53 **		s -- the string to modify.
54 **		rpool -- resource pool from which to allocate result
55 **
56 **	Returns:
57 **		pointer to quoted string.
58 */
59 
60 char *
addquotes(s,rpool)61 addquotes(s, rpool)
62 	char *s;
63 	SM_RPOOL_T *rpool;
64 {
65 	int len = 0;
66 	char c;
67 	char *p = s, *q, *r;
68 
69 	if (s == NULL)
70 		return NULL;
71 
72 	/* Find length of quoted string */
73 	while ((c = *p++) != '\0')
74 	{
75 		len++;
76 		if (c == '\\' || c == '"')
77 			len++;
78 	}
79 
80 	q = r = sm_rpool_malloc_x(rpool, len + 3);
81 	p = s;
82 
83 	/* add leading quote */
84 	*q++ = '"';
85 	while ((c = *p++) != '\0')
86 	{
87 		/* quote \ or " */
88 		if (c == '\\' || c == '"')
89 			*q++ = '\\';
90 		*q++ = c;
91 	}
92 	*q++ = '"';
93 	*q = '\0';
94 	return r;
95 }
96 
97 /*
98 **  STRIPBACKSLASH -- Strip all leading backslashes from a string, provided
99 **	the following character is alpha-numerical.
100 **
101 **	This is done in place.
102 **
103 **	Parameters:
104 **		s -- the string to strip.
105 **
106 **	Returns:
107 **		none.
108 */
109 
110 void
stripbackslash(s)111 stripbackslash(s)
112 	char *s;
113 {
114 	char *p, *q, c;
115 
116 	if (s == NULL || *s == '\0')
117 		return;
118 	p = q = s;
119 	while (*p == '\\' && (p[1] == '\\' || (isascii(p[1]) && isalnum(p[1]))))
120 		p++;
121 	do
122 	{
123 		c = *q++ = *p++;
124 	} while (c != '\0');
125 }
126 
127 /*
128 **  RFC822_STRING -- Checks string for proper RFC822 string quoting.
129 **
130 **	Runs through a string and verifies RFC822 special characters
131 **	are only found inside comments, quoted strings, or backslash
132 **	escaped.  Also verified balanced quotes and parenthesis.
133 **
134 **	Parameters:
135 **		s -- the string to modify.
136 **
137 **	Returns:
138 **		true iff the string is RFC822 compliant, false otherwise.
139 */
140 
141 bool
rfc822_string(s)142 rfc822_string(s)
143 	char *s;
144 {
145 	bool quoted = false;
146 	int commentlev = 0;
147 	char *c = s;
148 
149 	if (s == NULL)
150 		return false;
151 
152 	while (*c != '\0')
153 	{
154 		/* escaped character */
155 		if (*c == '\\')
156 		{
157 			c++;
158 			if (*c == '\0')
159 				return false;
160 		}
161 		else if (commentlev == 0 && *c == '"')
162 			quoted = !quoted;
163 		else if (!quoted)
164 		{
165 			if (*c == ')')
166 			{
167 				/* unbalanced ')' */
168 				if (commentlev == 0)
169 					return false;
170 				else
171 					commentlev--;
172 			}
173 			else if (*c == '(')
174 				commentlev++;
175 			else if (commentlev == 0 &&
176 				 strchr(MustQuoteChars, *c) != NULL)
177 				return false;
178 		}
179 		c++;
180 	}
181 
182 	/* unbalanced '"' or '(' */
183 	return !quoted && commentlev == 0;
184 }
185 
186 /*
187 **  SHORTEN_RFC822_STRING -- Truncate and rebalance an RFC822 string
188 **
189 **	Arbitrarily shorten (in place) an RFC822 string and rebalance
190 **	comments and quotes.
191 **
192 **	Parameters:
193 **		string -- the string to shorten
194 **		length -- the maximum size, 0 if no maximum
195 **
196 **	Returns:
197 **		true if string is changed, false otherwise
198 **
199 **	Side Effects:
200 **		Changes string in place, possibly resulting
201 **		in a shorter string.
202 */
203 
204 bool
shorten_rfc822_string(string,length)205 shorten_rfc822_string(string, length)
206 	char *string;
207 	size_t length;
208 {
209 	bool backslash = false;
210 	bool modified = false;
211 	bool quoted = false;
212 	size_t slen;
213 	int parencount = 0;
214 	char *ptr = string;
215 
216 	/*
217 	**  If have to rebalance an already short enough string,
218 	**  need to do it within allocated space.
219 	*/
220 
221 	slen = strlen(string);
222 	if (length == 0 || slen < length)
223 		length = slen;
224 
225 	while (*ptr != '\0')
226 	{
227 		if (backslash)
228 		{
229 			backslash = false;
230 			goto increment;
231 		}
232 
233 		if (*ptr == '\\')
234 			backslash = true;
235 		else if (*ptr == '(')
236 		{
237 			if (!quoted)
238 				parencount++;
239 		}
240 		else if (*ptr == ')')
241 		{
242 			if (--parencount < 0)
243 				parencount = 0;
244 		}
245 
246 		/* Inside a comment, quotes don't matter */
247 		if (parencount <= 0 && *ptr == '"')
248 			quoted = !quoted;
249 
250 increment:
251 		/* Check for sufficient space for next character */
252 		if (length - (ptr - string) <= (size_t) ((backslash ? 1 : 0) +
253 						parencount +
254 						(quoted ? 1 : 0)))
255 		{
256 			/* Not enough, backtrack */
257 			if (*ptr == '\\')
258 				backslash = false;
259 			else if (*ptr == '(' && !quoted)
260 				parencount--;
261 			else if (*ptr == '"' && parencount == 0)
262 				quoted = false;
263 			break;
264 		}
265 		ptr++;
266 	}
267 
268 	/* Rebalance */
269 	while (parencount-- > 0)
270 	{
271 		if (*ptr != ')')
272 		{
273 			modified = true;
274 			*ptr = ')';
275 		}
276 		ptr++;
277 	}
278 	if (quoted)
279 	{
280 		if (*ptr != '"')
281 		{
282 			modified = true;
283 			*ptr = '"';
284 		}
285 		ptr++;
286 	}
287 	if (*ptr != '\0')
288 	{
289 		modified = true;
290 		*ptr = '\0';
291 	}
292 	return modified;
293 }
294 
295 /*
296 **  FIND_CHARACTER -- find an unquoted character in an RFC822 string
297 **
298 **	Find an unquoted, non-commented character in an RFC822
299 **	string and return a pointer to its location in the
300 **	string.
301 **
302 **	Parameters:
303 **		string -- the string to search
304 **		character -- the character to find
305 **
306 **	Returns:
307 **		pointer to the character, or
308 **		a pointer to the end of the line if character is not found
309 */
310 
311 char *
find_character(string,character)312 find_character(string, character)
313 	char *string;
314 	int character;
315 {
316 	bool backslash = false;
317 	bool quoted = false;
318 	int parencount = 0;
319 
320 	while (string != NULL && *string != '\0')
321 	{
322 		if (backslash)
323 		{
324 			backslash = false;
325 			if (!quoted && character == '\\' && *string == '\\')
326 				break;
327 			string++;
328 			continue;
329 		}
330 		switch (*string)
331 		{
332 		  case '\\':
333 			backslash = true;
334 			break;
335 
336 		  case '(':
337 			if (!quoted)
338 				parencount++;
339 			break;
340 
341 		  case ')':
342 			if (--parencount < 0)
343 				parencount = 0;
344 			break;
345 		}
346 
347 		/* Inside a comment, nothing matters */
348 		if (parencount > 0)
349 		{
350 			string++;
351 			continue;
352 		}
353 
354 		if (*string == '"')
355 			quoted = !quoted;
356 		else if (*string == character && !quoted)
357 			break;
358 		string++;
359 	}
360 
361 	/* Return pointer to the character */
362 	return string;
363 }
364 
365 /*
366 **  CHECK_BODYTYPE -- check bodytype parameter
367 **
368 **	Parameters:
369 **		bodytype -- bodytype parameter
370 **
371 **	Returns:
372 **		BODYTYPE_* according to parameter
373 **
374 */
375 
376 int
check_bodytype(bodytype)377 check_bodytype(bodytype)
378 	char *bodytype;
379 {
380 	/* check body type for legality */
381 	if (bodytype == NULL)
382 		return BODYTYPE_NONE;
383 	if (sm_strcasecmp(bodytype, "7BIT") == 0)
384 		return BODYTYPE_7BIT;
385 	if (sm_strcasecmp(bodytype, "8BITMIME") == 0)
386 		return BODYTYPE_8BITMIME;
387 	return BODYTYPE_ILLEGAL;
388 }
389 
390 /*
391 **  TRUNCATE_AT_DELIM -- truncate string at a delimiter and append "..."
392 **
393 **	Parameters:
394 **		str -- string to truncate
395 **		len -- maximum length (including '\0') (0 for unlimited)
396 **		delim -- delimiter character
397 **
398 **	Returns:
399 **		None.
400 */
401 
402 void
truncate_at_delim(str,len,delim)403 truncate_at_delim(str, len, delim)
404 	char *str;
405 	size_t len;
406 	int delim;
407 {
408 	char *p;
409 
410 	if (str == NULL || len == 0 || strlen(str) < len)
411 		return;
412 
413 	*(str + len - 1) = '\0';
414 	while ((p = strrchr(str, delim)) != NULL)
415 	{
416 		*p = '\0';
417 		if (p - str + 4 < len)
418 		{
419 			*p++ = (char) delim;
420 			*p = '\0';
421 			(void) sm_strlcat(str, "...", len);
422 			return;
423 		}
424 	}
425 
426 	/* Couldn't find a place to append "..." */
427 	if (len > 3)
428 		(void) sm_strlcpy(str, "...", len);
429 	else
430 		str[0] = '\0';
431 }
432 
433 /*
434 **  XALLOC -- Allocate memory, raise an exception on error
435 **
436 **	Parameters:
437 **		sz -- size of area to allocate.
438 **
439 **	Returns:
440 **		pointer to data region.
441 **
442 **	Exceptions:
443 **		SmHeapOutOfMemory (F:sm.heap) -- cannot allocate memory
444 **
445 **	Side Effects:
446 **		Memory is allocated.
447 */
448 
449 char *
450 #if SM_HEAP_CHECK
xalloc_tagged(sz,file,line)451 xalloc_tagged(sz, file, line)
452 	register int sz;
453 	char *file;
454 	int line;
455 #else /* SM_HEAP_CHECK */
456 xalloc(sz)
457 	register int sz;
458 #endif /* SM_HEAP_CHECK */
459 {
460 	register char *p;
461 
462 	SM_REQUIRE(sz >= 0);
463 
464 	/* some systems can't handle size zero mallocs */
465 	if (sz <= 0)
466 		sz = 1;
467 
468 	/* scaffolding for testing error handling code */
469 	sm_xtrap_raise_x(&SmHeapOutOfMemory);
470 
471 	p = sm_malloc_tagged((unsigned) sz, file, line, sm_heap_group());
472 	if (p == NULL)
473 	{
474 		sm_exc_raise_x(&SmHeapOutOfMemory);
475 	}
476 	return p;
477 }
478 
479 /*
480 **  COPYPLIST -- copy list of pointers.
481 **
482 **	This routine is the equivalent of strdup for lists of
483 **	pointers.
484 **
485 **	Parameters:
486 **		list -- list of pointers to copy.
487 **			Must be NULL terminated.
488 **		copycont -- if true, copy the contents of the vector
489 **			(which must be a string) also.
490 **		rpool -- resource pool from which to allocate storage,
491 **			or NULL
492 **
493 **	Returns:
494 **		a copy of 'list'.
495 */
496 
497 char **
copyplist(list,copycont,rpool)498 copyplist(list, copycont, rpool)
499 	char **list;
500 	bool copycont;
501 	SM_RPOOL_T *rpool;
502 {
503 	register char **vp;
504 	register char **newvp;
505 
506 	for (vp = list; *vp != NULL; vp++)
507 		continue;
508 
509 	vp++;
510 
511 	newvp = (char **) sm_rpool_malloc_x(rpool, (vp - list) * sizeof(*vp));
512 	memmove((char *) newvp, (char *) list, (int) (vp - list) * sizeof(*vp));
513 
514 	if (copycont)
515 	{
516 		for (vp = newvp; *vp != NULL; vp++)
517 			*vp = sm_rpool_strdup_x(rpool, *vp);
518 	}
519 
520 	return newvp;
521 }
522 
523 /*
524 **  COPYQUEUE -- copy address queue.
525 **
526 **	This routine is the equivalent of strdup for address queues;
527 **	addresses marked as QS_IS_DEAD() aren't copied
528 **
529 **	Parameters:
530 **		addr -- list of address structures to copy.
531 **		rpool -- resource pool from which to allocate storage
532 **
533 **	Returns:
534 **		a copy of 'addr'.
535 */
536 
537 ADDRESS *
copyqueue(addr,rpool)538 copyqueue(addr, rpool)
539 	ADDRESS *addr;
540 	SM_RPOOL_T *rpool;
541 {
542 	register ADDRESS *newaddr;
543 	ADDRESS *ret;
544 	register ADDRESS **tail = &ret;
545 
546 	while (addr != NULL)
547 	{
548 		if (!QS_IS_DEAD(addr->q_state))
549 		{
550 			newaddr = (ADDRESS *) sm_rpool_malloc_x(rpool,
551 							sizeof(*newaddr));
552 			STRUCTCOPY(*addr, *newaddr);
553 			*tail = newaddr;
554 			tail = &newaddr->q_next;
555 		}
556 		addr = addr->q_next;
557 	}
558 	*tail = NULL;
559 
560 	return ret;
561 }
562 
563 /*
564 **  LOG_SENDMAIL_PID -- record sendmail pid and command line.
565 **
566 **	Parameters:
567 **		e -- the current envelope.
568 **
569 **	Returns:
570 **		none.
571 **
572 **	Side Effects:
573 **		writes pidfile, logs command line.
574 **		keeps file open and locked to prevent overwrite of active file
575 */
576 
577 static SM_FILE_T	*Pidf = NULL;
578 
579 void
log_sendmail_pid(e)580 log_sendmail_pid(e)
581 	ENVELOPE *e;
582 {
583 	long sff;
584 	char pidpath[MAXPATHLEN];
585 	extern char *CommandLineArgs;
586 
587 	/* write the pid to the log file for posterity */
588 	sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT|SFF_NBLOCK;
589 	if (TrustedUid != 0 && RealUid == TrustedUid)
590 		sff |= SFF_OPENASROOT;
591 	expand(PidFile, pidpath, sizeof(pidpath), e);
592 	Pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, FileMode, sff);
593 	if (Pidf == NULL)
594 	{
595 		if (errno == EWOULDBLOCK)
596 			sm_syslog(LOG_ERR, NOQID,
597 				  "unable to write pid to %s: file in use by another process",
598 				  pidpath);
599 		else
600 			sm_syslog(LOG_ERR, NOQID,
601 				  "unable to write pid to %s: %s",
602 				  pidpath, sm_errstring(errno));
603 	}
604 	else
605 	{
606 		PidFilePid = getpid();
607 
608 		/* write the process id on line 1 */
609 		(void) sm_io_fprintf(Pidf, SM_TIME_DEFAULT, "%ld\n",
610 				     (long) PidFilePid);
611 
612 		/* line 2 contains all command line flags */
613 		(void) sm_io_fprintf(Pidf, SM_TIME_DEFAULT, "%s\n",
614 				     CommandLineArgs);
615 
616 		/* flush */
617 		(void) sm_io_flush(Pidf, SM_TIME_DEFAULT);
618 
619 		/*
620 		**  Leave pid file open until process ends
621 		**  so it's not overwritten by another
622 		**  process.
623 		*/
624 	}
625 	if (LogLevel > 9)
626 		sm_syslog(LOG_INFO, NOQID, "started as: %s", CommandLineArgs);
627 }
628 
629 /*
630 **  CLOSE_SENDMAIL_PID -- close sendmail pid file
631 **
632 **	Parameters:
633 **		none.
634 **
635 **	Returns:
636 **		none.
637 */
638 
639 void
close_sendmail_pid()640 close_sendmail_pid()
641 {
642 	if (Pidf == NULL)
643 		return;
644 
645 	(void) sm_io_close(Pidf, SM_TIME_DEFAULT);
646 	Pidf = NULL;
647 }
648 
649 /*
650 **  SET_DELIVERY_MODE -- set and record the delivery mode
651 **
652 **	Parameters:
653 **		mode -- delivery mode
654 **		e -- the current envelope.
655 **
656 **	Returns:
657 **		none.
658 **
659 **	Side Effects:
660 **		sets {deliveryMode} macro
661 */
662 
663 void
set_delivery_mode(mode,e)664 set_delivery_mode(mode, e)
665 	int mode;
666 	ENVELOPE *e;
667 {
668 	char buf[2];
669 
670 	e->e_sendmode = (char) mode;
671 	buf[0] = (char) mode;
672 	buf[1] = '\0';
673 	macdefine(&e->e_macro, A_TEMP, macid("{deliveryMode}"), buf);
674 }
675 
676 /*
677 **  SET_OP_MODE -- set and record the op mode
678 **
679 **	Parameters:
680 **		mode -- op mode
681 **		e -- the current envelope.
682 **
683 **	Returns:
684 **		none.
685 **
686 **	Side Effects:
687 **		sets {opMode} macro
688 */
689 
690 void
set_op_mode(mode)691 set_op_mode(mode)
692 	int mode;
693 {
694 	char buf[2];
695 	extern ENVELOPE BlankEnvelope;
696 
697 	OpMode = (char) mode;
698 	buf[0] = (char) mode;
699 	buf[1] = '\0';
700 	macdefine(&BlankEnvelope.e_macro, A_TEMP, MID_OPMODE, buf);
701 }
702 
703 /*
704 **  PRINTAV -- print argument vector.
705 **
706 **	Parameters:
707 **		fp -- output file pointer.
708 **		av -- argument vector.
709 **
710 **	Returns:
711 **		none.
712 **
713 **	Side Effects:
714 **		prints av.
715 */
716 
717 void
printav(fp,av)718 printav(fp, av)
719 	SM_FILE_T *fp;
720 	char **av;
721 {
722 	while (*av != NULL)
723 	{
724 		if (tTd(0, 44))
725 			sm_dprintf("\n\t%08lx=", (unsigned long) *av);
726 		else
727 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, ' ');
728 		if (tTd(0, 99))
729 			sm_dprintf("%s", str2prt(*av++));
730 		else
731 			xputs(fp, *av++);
732 	}
733 	(void) sm_io_putc(fp, SM_TIME_DEFAULT, '\n');
734 }
735 
736 /*
737 **  XPUTS -- put string doing control escapes.
738 **
739 **	Parameters:
740 **		fp -- output file pointer.
741 **		s -- string to put.
742 **
743 **	Returns:
744 **		none.
745 **
746 **	Side Effects:
747 **		output to stdout
748 */
749 
750 void
xputs(fp,s)751 xputs(fp, s)
752 	SM_FILE_T *fp;
753 	const char *s;
754 {
755 	int c;
756 	struct metamac *mp;
757 	bool shiftout = false;
758 	extern struct metamac MetaMacros[];
759 	static SM_DEBUG_T DebugANSI = SM_DEBUG_INITIALIZER("ANSI",
760 		"@(#)$Debug: ANSI - enable reverse video in debug output $");
761 
762 	/*
763 	**  TermEscape is set here, rather than in main(),
764 	**  because ANSI mode can be turned on or off at any time
765 	**  if we are in -bt rule testing mode.
766 	*/
767 
768 	if (sm_debug_unknown(&DebugANSI))
769 	{
770 		if (sm_debug_active(&DebugANSI, 1))
771 		{
772 			TermEscape.te_rv_on = "\033[7m";
773 			TermEscape.te_normal = "\033[0m";
774 		}
775 		else
776 		{
777 			TermEscape.te_rv_on = "";
778 			TermEscape.te_normal = "";
779 		}
780 	}
781 
782 	if (s == NULL)
783 	{
784 		(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s<null>%s",
785 				     TermEscape.te_rv_on, TermEscape.te_normal);
786 		return;
787 	}
788 	while ((c = (*s++ & 0377)) != '\0')
789 	{
790 		if (shiftout)
791 		{
792 			(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
793 					     TermEscape.te_normal);
794 			shiftout = false;
795 		}
796 		if (!isascii(c) && !tTd(84, 1))
797 		{
798 			if (c == MATCHREPL)
799 			{
800 				(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
801 						     "%s$",
802 						     TermEscape.te_rv_on);
803 				shiftout = true;
804 				if (*s == '\0')
805 					continue;
806 				c = *s++ & 0377;
807 				goto printchar;
808 			}
809 			if (c == MACROEXPAND || c == MACRODEXPAND)
810 			{
811 				(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
812 						     "%s$",
813 						     TermEscape.te_rv_on);
814 				if (c == MACRODEXPAND)
815 					(void) sm_io_putc(fp,
816 							  SM_TIME_DEFAULT, '&');
817 				shiftout = true;
818 				if (*s == '\0')
819 					continue;
820 				if (strchr("=~&?", *s) != NULL)
821 					(void) sm_io_putc(fp,
822 							  SM_TIME_DEFAULT,
823 							  *s++);
824 				if (bitset(0200, *s))
825 					(void) sm_io_fprintf(fp,
826 							     SM_TIME_DEFAULT,
827 							     "{%s}",
828 							     macname(bitidx(*s++)));
829 				else
830 					(void) sm_io_fprintf(fp,
831 							     SM_TIME_DEFAULT,
832 							     "%c",
833 							     *s++);
834 				continue;
835 			}
836 			for (mp = MetaMacros; mp->metaname != '\0'; mp++)
837 			{
838 				if (bitidx(mp->metaval) == c)
839 				{
840 					(void) sm_io_fprintf(fp,
841 							     SM_TIME_DEFAULT,
842 							     "%s$%c",
843 							     TermEscape.te_rv_on,
844 							     mp->metaname);
845 					shiftout = true;
846 					break;
847 				}
848 			}
849 			if (c == MATCHCLASS || c == MATCHNCLASS)
850 			{
851 				if (bitset(0200, *s))
852 					(void) sm_io_fprintf(fp,
853 							     SM_TIME_DEFAULT,
854 							     "{%s}",
855 							     macname(bitidx(*s++)));
856 				else if (*s != '\0')
857 					(void) sm_io_fprintf(fp,
858 							     SM_TIME_DEFAULT,
859 							     "%c",
860 							     *s++);
861 			}
862 			if (mp->metaname != '\0')
863 				continue;
864 
865 			/* unrecognized meta character */
866 			(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%sM-",
867 					     TermEscape.te_rv_on);
868 			shiftout = true;
869 			c &= 0177;
870 		}
871   printchar:
872 		if (isascii(c) && isprint(c))
873 		{
874 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, c);
875 			continue;
876 		}
877 
878 		/* wasn't a meta-macro -- find another way to print it */
879 		switch (c)
880 		{
881 		  case '\n':
882 			c = 'n';
883 			break;
884 
885 		  case '\r':
886 			c = 'r';
887 			break;
888 
889 		  case '\t':
890 			c = 't';
891 			break;
892 		}
893 		if (!shiftout)
894 		{
895 			(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
896 					     TermEscape.te_rv_on);
897 			shiftout = true;
898 		}
899 		if (isascii(c) && isprint(c))
900 		{
901 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, '\\');
902 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, c);
903 		}
904 		else if (tTd(84, 2))
905 			(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " %o ", c);
906 		else if (tTd(84, 1))
907 			(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " %#x ", c);
908 		else if (!isascii(c) && !tTd(84, 1))
909 		{
910 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, '^');
911 			(void) sm_io_putc(fp, SM_TIME_DEFAULT, c ^ 0100);
912 		}
913 	}
914 	if (shiftout)
915 		(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
916 				     TermEscape.te_normal);
917 	(void) sm_io_flush(fp, SM_TIME_DEFAULT);
918 }
919 
920 /*
921 **  MAKELOWER -- Translate a line into lower case
922 **
923 **	Parameters:
924 **		p -- the string to translate.  If NULL, return is
925 **			immediate.
926 **
927 **	Returns:
928 **		none.
929 **
930 **	Side Effects:
931 **		String pointed to by p is translated to lower case.
932 */
933 
934 void
makelower(p)935 makelower(p)
936 	register char *p;
937 {
938 	register char c;
939 
940 	if (p == NULL)
941 		return;
942 	for (; (c = *p) != '\0'; p++)
943 		if (isascii(c) && isupper(c))
944 			*p = tolower(c);
945 }
946 
947 /*
948 **  FIXCRLF -- fix <CR><LF> in line.
949 **
950 **	Looks for the <CR><LF> combination and turns it into the
951 **	UNIX canonical <NL> character.  It only takes one line,
952 **	i.e., it is assumed that the first <NL> found is the end
953 **	of the line.
954 **
955 **	Parameters:
956 **		line -- the line to fix.
957 **		stripnl -- if true, strip the newline also.
958 **
959 **	Returns:
960 **		none.
961 **
962 **	Side Effects:
963 **		line is changed in place.
964 */
965 
966 void
fixcrlf(line,stripnl)967 fixcrlf(line, stripnl)
968 	char *line;
969 	bool stripnl;
970 {
971 	register char *p;
972 
973 	p = strchr(line, '\n');
974 	if (p == NULL)
975 		return;
976 	if (p > line && p[-1] == '\r')
977 		p--;
978 	if (!stripnl)
979 		*p++ = '\n';
980 	*p = '\0';
981 }
982 
983 /*
984 **  PUTLINE -- put a line like fputs obeying SMTP conventions
985 **
986 **	This routine always guarantees outputing a newline (or CRLF,
987 **	as appropriate) at the end of the string.
988 **
989 **	Parameters:
990 **		l -- line to put.
991 **		mci -- the mailer connection information.
992 **
993 **	Returns:
994 **		true iff line was written successfully
995 **
996 **	Side Effects:
997 **		output of l to mci->mci_out.
998 */
999 
1000 bool
putline(l,mci)1001 putline(l, mci)
1002 	register char *l;
1003 	register MCI *mci;
1004 {
1005 	return putxline(l, strlen(l), mci, PXLF_MAPFROM);
1006 }
1007 
1008 /*
1009 **  PUTXLINE -- putline with flags bits.
1010 **
1011 **	This routine always guarantees outputing a newline (or CRLF,
1012 **	as appropriate) at the end of the string.
1013 **
1014 **	Parameters:
1015 **		l -- line to put.
1016 **		len -- the length of the line.
1017 **		mci -- the mailer connection information.
1018 **		pxflags -- flag bits:
1019 **		    PXLF_MAPFROM -- map From_ to >From_.
1020 **		    PXLF_STRIP8BIT -- strip 8th bit.
1021 **		    PXLF_HEADER -- map bare newline in header to newline space.
1022 **		    PXLF_NOADDEOL -- don't add an EOL if one wasn't present.
1023 **		    PXLF_STRIPMQUOTE -- strip METAQUOTE bytes.
1024 **
1025 **	Returns:
1026 **		true iff line was written successfully
1027 **
1028 **	Side Effects:
1029 **		output of l to mci->mci_out.
1030 */
1031 
1032 
1033 #define PUTX(limit)							\
1034 	do								\
1035 	{								\
1036 		quotenext = false;					\
1037 		while (l < limit)					\
1038 		{							\
1039 			unsigned char c = (unsigned char) *l++;		\
1040 									\
1041 			if (bitset(PXLF_STRIPMQUOTE, pxflags) &&	\
1042 			    !quotenext && c == METAQUOTE)		\
1043 			{						\
1044 				quotenext = true;			\
1045 				continue;				\
1046 			}						\
1047 			quotenext = false;				\
1048 			if (strip8bit)					\
1049 				c &= 0177;				\
1050 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,	\
1051 				       c) == SM_IO_EOF)			\
1052 			{						\
1053 				dead = true;				\
1054 				break;					\
1055 			}						\
1056 			if (TrafficLogFile != NULL)			\
1057 				(void) sm_io_putc(TrafficLogFile,	\
1058 						  SM_TIME_DEFAULT,	\
1059 						  c);			\
1060 		}							\
1061 	} while (0)
1062 
1063 bool
putxline(l,len,mci,pxflags)1064 putxline(l, len, mci, pxflags)
1065 	register char *l;
1066 	size_t len;
1067 	register MCI *mci;
1068 	int pxflags;
1069 {
1070 	register char *p, *end;
1071 	int slop;
1072 	bool dead, quotenext, strip8bit;
1073 
1074 	/* strip out 0200 bits -- these can look like TELNET protocol */
1075 	strip8bit = bitset(MCIF_7BIT, mci->mci_flags) ||
1076 		    bitset(PXLF_STRIP8BIT, pxflags);
1077 	dead = false;
1078 	slop = 0;
1079 
1080 	end = l + len;
1081 	do
1082 	{
1083 		bool noeol = false;
1084 
1085 		/* find the end of the line */
1086 		p = memchr(l, '\n', end - l);
1087 		if (p == NULL)
1088 		{
1089 			p = end;
1090 			noeol = true;
1091 		}
1092 
1093 		if (TrafficLogFile != NULL)
1094 			(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
1095 					     "%05d >>> ", (int) CurrentPid);
1096 
1097 		/* check for line overflow */
1098 		while (mci->mci_mailer->m_linelimit > 0 &&
1099 		       (p - l + slop) > mci->mci_mailer->m_linelimit)
1100 		{
1101 			register char *q = &l[mci->mci_mailer->m_linelimit - slop - 1];
1102 
1103 			if (l[0] == '.' && slop == 0 &&
1104 			    bitnset(M_XDOT, mci->mci_mailer->m_flags))
1105 			{
1106 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
1107 					       '.') == SM_IO_EOF)
1108 					dead = true;
1109 				if (TrafficLogFile != NULL)
1110 					(void) sm_io_putc(TrafficLogFile,
1111 							  SM_TIME_DEFAULT, '.');
1112 			}
1113 			else if (l[0] == 'F' && slop == 0 &&
1114 				 bitset(PXLF_MAPFROM, pxflags) &&
1115 				 strncmp(l, "From ", 5) == 0 &&
1116 				 bitnset(M_ESCFROM, mci->mci_mailer->m_flags))
1117 			{
1118 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
1119 					       '>') == SM_IO_EOF)
1120 					dead = true;
1121 				if (TrafficLogFile != NULL)
1122 					(void) sm_io_putc(TrafficLogFile,
1123 							  SM_TIME_DEFAULT,
1124 							  '>');
1125 			}
1126 			if (dead)
1127 				break;
1128 
1129 			PUTX(q);
1130 			if (dead)
1131 				break;
1132 
1133 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
1134 					'!') == SM_IO_EOF ||
1135 			    sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
1136 					mci->mci_mailer->m_eol) == SM_IO_EOF ||
1137 			    sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
1138 					' ') == SM_IO_EOF)
1139 			{
1140 				dead = true;
1141 				break;
1142 			}
1143 			if (TrafficLogFile != NULL)
1144 			{
1145 				(void) sm_io_fprintf(TrafficLogFile,
1146 						     SM_TIME_DEFAULT,
1147 						     "!\n%05d >>>  ",
1148 						     (int) CurrentPid);
1149 			}
1150 			slop = 1;
1151 		}
1152 
1153 		if (dead)
1154 			break;
1155 
1156 		/* output last part */
1157 		if (l[0] == '.' && slop == 0 &&
1158 		    bitnset(M_XDOT, mci->mci_mailer->m_flags) &&
1159 		    !bitset(MCIF_INLONGLINE, mci->mci_flags))
1160 		{
1161 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '.') ==
1162 			    SM_IO_EOF)
1163 			{
1164 				dead = true;
1165 				break;
1166 			}
1167 			if (TrafficLogFile != NULL)
1168 				(void) sm_io_putc(TrafficLogFile,
1169 						  SM_TIME_DEFAULT, '.');
1170 		}
1171 		else if (l[0] == 'F' && slop == 0 &&
1172 			 bitset(PXLF_MAPFROM, pxflags) &&
1173 			 strncmp(l, "From ", 5) == 0 &&
1174 			 bitnset(M_ESCFROM, mci->mci_mailer->m_flags) &&
1175 			 !bitset(MCIF_INLONGLINE, mci->mci_flags))
1176 		{
1177 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '>') ==
1178 			    SM_IO_EOF)
1179 			{
1180 				dead = true;
1181 				break;
1182 			}
1183 			if (TrafficLogFile != NULL)
1184 				(void) sm_io_putc(TrafficLogFile,
1185 						  SM_TIME_DEFAULT, '>');
1186 		}
1187 		PUTX(p);
1188 		if (dead)
1189 			break;
1190 
1191 		if (TrafficLogFile != NULL)
1192 			(void) sm_io_putc(TrafficLogFile, SM_TIME_DEFAULT,
1193 					  '\n');
1194 		if ((!bitset(PXLF_NOADDEOL, pxflags) || !noeol))
1195 		{
1196 			mci->mci_flags &= ~MCIF_INLONGLINE;
1197 			if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
1198 					mci->mci_mailer->m_eol) == SM_IO_EOF)
1199 			{
1200 				dead = true;
1201 				break;
1202 			}
1203 		}
1204 		else
1205 			mci->mci_flags |= MCIF_INLONGLINE;
1206 
1207 		if (l < end && *l == '\n')
1208 		{
1209 			if (*++l != ' ' && *l != '\t' && *l != '\0' &&
1210 			    bitset(PXLF_HEADER, pxflags))
1211 			{
1212 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
1213 					       ' ') == SM_IO_EOF)
1214 				{
1215 					dead = true;
1216 					break;
1217 				}
1218 
1219 				if (TrafficLogFile != NULL)
1220 					(void) sm_io_putc(TrafficLogFile,
1221 							  SM_TIME_DEFAULT, ' ');
1222 			}
1223 		}
1224 
1225 	} while (l < end);
1226 	return !dead;
1227 }
1228 
1229 /*
1230 **  XUNLINK -- unlink a file, doing logging as appropriate.
1231 **
1232 **	Parameters:
1233 **		f -- name of file to unlink.
1234 **
1235 **	Returns:
1236 **		return value of unlink()
1237 **
1238 **	Side Effects:
1239 **		f is unlinked.
1240 */
1241 
1242 int
xunlink(f)1243 xunlink(f)
1244 	char *f;
1245 {
1246 	register int i;
1247 	int save_errno;
1248 
1249 	if (LogLevel > 98)
1250 		sm_syslog(LOG_DEBUG, CurEnv->e_id, "unlink %s", f);
1251 
1252 	i = unlink(f);
1253 	save_errno = errno;
1254 	if (i < 0 && LogLevel > 97)
1255 		sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s: unlink-fail %d",
1256 			  f, errno);
1257 	if (i >= 0)
1258 		SYNC_DIR(f, false);
1259 	errno = save_errno;
1260 	return i;
1261 }
1262 
1263 /*
1264 **  SFGETS -- "safe" fgets -- times out and ignores random interrupts.
1265 **
1266 **	Parameters:
1267 **		buf -- place to put the input line.
1268 **		siz -- size of buf.
1269 **		fp -- file to read from.
1270 **		timeout -- the timeout before error occurs.
1271 **		during -- what we are trying to read (for error messages).
1272 **
1273 **	Returns:
1274 **		NULL on error (including timeout).  This may also leave
1275 **			buf containing a null string.
1276 **		buf otherwise.
1277 */
1278 
1279 
1280 char *
sfgets(buf,siz,fp,timeout,during)1281 sfgets(buf, siz, fp, timeout, during)
1282 	char *buf;
1283 	int siz;
1284 	SM_FILE_T *fp;
1285 	time_t timeout;
1286 	char *during;
1287 {
1288 	register char *p;
1289 	int save_errno, io_timeout, l;
1290 
1291 	SM_REQUIRE(siz > 0);
1292 	SM_REQUIRE(buf != NULL);
1293 
1294 	if (fp == NULL)
1295 	{
1296 		buf[0] = '\0';
1297 		errno = EBADF;
1298 		return NULL;
1299 	}
1300 
1301 	/* try to read */
1302 	l = -1;
1303 	errno = 0;
1304 
1305 	/* convert the timeout to sm_io notation */
1306 	io_timeout = (timeout <= 0) ? SM_TIME_DEFAULT : timeout * 1000;
1307 	while (!sm_io_eof(fp) && !sm_io_error(fp))
1308 	{
1309 		errno = 0;
1310 		l = sm_io_fgets(fp, io_timeout, buf, siz);
1311 		if (l < 0 && errno == EAGAIN)
1312 		{
1313 			/* The sm_io_fgets() call timedout */
1314 			if (LogLevel > 1)
1315 				sm_syslog(LOG_NOTICE, CurEnv->e_id,
1316 					  "timeout waiting for input from %.100s during %s",
1317 					  CURHOSTNAME,
1318 					  during);
1319 			buf[0] = '\0';
1320 #if XDEBUG
1321 			checkfd012(during);
1322 #endif /* XDEBUG */
1323 			if (TrafficLogFile != NULL)
1324 				(void) sm_io_fprintf(TrafficLogFile,
1325 						     SM_TIME_DEFAULT,
1326 						     "%05d <<< [TIMEOUT]\n",
1327 						     (int) CurrentPid);
1328 			errno = ETIMEDOUT;
1329 			return NULL;
1330 		}
1331 		if (l >= 0 || errno != EINTR)
1332 			break;
1333 		(void) sm_io_clearerr(fp);
1334 	}
1335 	save_errno = errno;
1336 
1337 	/* clean up the books and exit */
1338 	LineNumber++;
1339 	if (l < 0)
1340 	{
1341 		buf[0] = '\0';
1342 		if (TrafficLogFile != NULL)
1343 			(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
1344 					     "%05d <<< [EOF]\n",
1345 					     (int) CurrentPid);
1346 		errno = save_errno;
1347 		return NULL;
1348 	}
1349 	if (TrafficLogFile != NULL)
1350 		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
1351 				     "%05d <<< %s", (int) CurrentPid, buf);
1352 	if (SevenBitInput)
1353 	{
1354 		for (p = buf; *p != '\0'; p++)
1355 			*p &= ~0200;
1356 	}
1357 	else if (!HasEightBits)
1358 	{
1359 		for (p = buf; *p != '\0'; p++)
1360 		{
1361 			if (bitset(0200, *p))
1362 			{
1363 				HasEightBits = true;
1364 				break;
1365 			}
1366 		}
1367 	}
1368 	return buf;
1369 }
1370 
1371 /*
1372 **  FGETFOLDED -- like fgets, but knows about folded lines.
1373 **
1374 **	Parameters:
1375 **		buf -- place to put result.
1376 **		np -- pointer to bytes available; will be updated with
1377 **			the actual buffer size (not number of bytes filled)
1378 **			on return.
1379 **		f -- file to read from.
1380 **
1381 **	Returns:
1382 **		input line(s) on success, NULL on error or SM_IO_EOF.
1383 **		This will normally be buf -- unless the line is too
1384 **			long, when it will be sm_malloc_x()ed.
1385 **
1386 **	Side Effects:
1387 **		buf gets lines from f, with continuation lines (lines
1388 **		with leading white space) appended.  CRLF's are mapped
1389 **		into single newlines.  Any trailing NL is stripped.
1390 */
1391 
1392 char *
fgetfolded(buf,np,f)1393 fgetfolded(buf, np, f)
1394 	char *buf;
1395 	int *np;
1396 	SM_FILE_T *f;
1397 {
1398 	register char *p = buf;
1399 	char *bp = buf;
1400 	register int i;
1401 	int n;
1402 
1403 	SM_REQUIRE(np != NULL);
1404 	n = *np;
1405 	SM_REQUIRE(n > 0);
1406 	SM_REQUIRE(buf != NULL);
1407 	if (f == NULL)
1408 	{
1409 		buf[0] = '\0';
1410 		errno = EBADF;
1411 		return NULL;
1412 	}
1413 
1414 	n--;
1415 	while ((i = sm_io_getc(f, SM_TIME_DEFAULT)) != SM_IO_EOF)
1416 	{
1417 		if (i == '\r')
1418 		{
1419 			i = sm_io_getc(f, SM_TIME_DEFAULT);
1420 			if (i != '\n')
1421 			{
1422 				if (i != SM_IO_EOF)
1423 					(void) sm_io_ungetc(f, SM_TIME_DEFAULT,
1424 							    i);
1425 				i = '\r';
1426 			}
1427 		}
1428 		if (--n <= 0)
1429 		{
1430 			/* allocate new space */
1431 			char *nbp;
1432 			int nn;
1433 
1434 			nn = (p - bp);
1435 			if (nn < MEMCHUNKSIZE)
1436 				nn *= 2;
1437 			else
1438 				nn += MEMCHUNKSIZE;
1439 			nbp = sm_malloc_x(nn);
1440 			memmove(nbp, bp, p - bp);
1441 			p = &nbp[p - bp];
1442 			if (bp != buf)
1443 				sm_free(bp);
1444 			bp = nbp;
1445 			n = nn - (p - bp);
1446 			*np = nn;
1447 		}
1448 		*p++ = i;
1449 		if (i == '\n')
1450 		{
1451 			LineNumber++;
1452 			i = sm_io_getc(f, SM_TIME_DEFAULT);
1453 			if (i != SM_IO_EOF)
1454 				(void) sm_io_ungetc(f, SM_TIME_DEFAULT, i);
1455 			if (i != ' ' && i != '\t')
1456 				break;
1457 		}
1458 	}
1459 	if (p == bp)
1460 		return NULL;
1461 	if (p[-1] == '\n')
1462 		p--;
1463 	*p = '\0';
1464 	return bp;
1465 }
1466 
1467 /*
1468 **  CURTIME -- return current time.
1469 **
1470 **	Parameters:
1471 **		none.
1472 **
1473 **	Returns:
1474 **		the current time.
1475 */
1476 
1477 time_t
curtime()1478 curtime()
1479 {
1480 	auto time_t t;
1481 
1482 	(void) time(&t);
1483 	return t;
1484 }
1485 
1486 /*
1487 **  ATOBOOL -- convert a string representation to boolean.
1488 **
1489 **	Defaults to false
1490 **
1491 **	Parameters:
1492 **		s -- string to convert.  Takes "tTyY", empty, and NULL as true,
1493 **			others as false.
1494 **
1495 **	Returns:
1496 **		A boolean representation of the string.
1497 */
1498 
1499 bool
atobool(s)1500 atobool(s)
1501 	register char *s;
1502 {
1503 	if (s == NULL || *s == '\0' || strchr("tTyY", *s) != NULL)
1504 		return true;
1505 	return false;
1506 }
1507 
1508 /*
1509 **  ATOOCT -- convert a string representation to octal.
1510 **
1511 **	Parameters:
1512 **		s -- string to convert.
1513 **
1514 **	Returns:
1515 **		An integer representing the string interpreted as an
1516 **		octal number.
1517 */
1518 
1519 int
atooct(s)1520 atooct(s)
1521 	register char *s;
1522 {
1523 	register int i = 0;
1524 
1525 	while (*s >= '0' && *s <= '7')
1526 		i = (i << 3) | (*s++ - '0');
1527 	return i;
1528 }
1529 
1530 /*
1531 **  BITINTERSECT -- tell if two bitmaps intersect
1532 **
1533 **	Parameters:
1534 **		a, b -- the bitmaps in question
1535 **
1536 **	Returns:
1537 **		true if they have a non-null intersection
1538 **		false otherwise
1539 */
1540 
1541 bool
bitintersect(a,b)1542 bitintersect(a, b)
1543 	BITMAP256 a;
1544 	BITMAP256 b;
1545 {
1546 	int i;
1547 
1548 	for (i = BITMAPBYTES / sizeof(int); --i >= 0; )
1549 	{
1550 		if ((a[i] & b[i]) != 0)
1551 			return true;
1552 	}
1553 	return false;
1554 }
1555 
1556 /*
1557 **  BITZEROP -- tell if a bitmap is all zero
1558 **
1559 **	Parameters:
1560 **		map -- the bit map to check
1561 **
1562 **	Returns:
1563 **		true if map is all zero.
1564 **		false if there are any bits set in map.
1565 */
1566 
1567 bool
bitzerop(map)1568 bitzerop(map)
1569 	BITMAP256 map;
1570 {
1571 	int i;
1572 
1573 	for (i = BITMAPBYTES / sizeof(int); --i >= 0; )
1574 	{
1575 		if (map[i] != 0)
1576 			return false;
1577 	}
1578 	return true;
1579 }
1580 
1581 /*
1582 **  STRCONTAINEDIN -- tell if one string is contained in another
1583 **
1584 **	Parameters:
1585 **		icase -- ignore case?
1586 **		a -- possible substring.
1587 **		b -- possible superstring.
1588 **
1589 **	Returns:
1590 **		true if a is contained in b (case insensitive).
1591 **		false otherwise.
1592 */
1593 
1594 bool
strcontainedin(icase,a,b)1595 strcontainedin(icase, a, b)
1596 	bool icase;
1597 	register char *a;
1598 	register char *b;
1599 {
1600 	int la;
1601 	int lb;
1602 	int c;
1603 
1604 	la = strlen(a);
1605 	lb = strlen(b);
1606 	c = *a;
1607 	if (icase && isascii(c) && isupper(c))
1608 		c = tolower(c);
1609 	for (; lb-- >= la; b++)
1610 	{
1611 		if (icase)
1612 		{
1613 			if (*b != c &&
1614 			    isascii(*b) && isupper(*b) && tolower(*b) != c)
1615 				continue;
1616 			if (sm_strncasecmp(a, b, la) == 0)
1617 				return true;
1618 		}
1619 		else
1620 		{
1621 			if (*b != c)
1622 				continue;
1623 			if (strncmp(a, b, la) == 0)
1624 				return true;
1625 		}
1626 	}
1627 	return false;
1628 }
1629 
1630 /*
1631 **  CHECKFD012 -- check low numbered file descriptors
1632 **
1633 **	File descriptors 0, 1, and 2 should be open at all times.
1634 **	This routine verifies that, and fixes it if not true.
1635 **
1636 **	Parameters:
1637 **		where -- a tag printed if the assertion failed
1638 **
1639 **	Returns:
1640 **		none
1641 */
1642 
1643 void
checkfd012(where)1644 checkfd012(where)
1645 	char *where;
1646 {
1647 #if XDEBUG
1648 	register int i;
1649 
1650 	for (i = 0; i < 3; i++)
1651 		fill_fd(i, where);
1652 #endif /* XDEBUG */
1653 }
1654 
1655 /*
1656 **  CHECKFDOPEN -- make sure file descriptor is open -- for extended debugging
1657 **
1658 **	Parameters:
1659 **		fd -- file descriptor to check.
1660 **		where -- tag to print on failure.
1661 **
1662 **	Returns:
1663 **		none.
1664 */
1665 
1666 void
checkfdopen(fd,where)1667 checkfdopen(fd, where)
1668 	int fd;
1669 	char *where;
1670 {
1671 #if XDEBUG
1672 	struct stat st;
1673 
1674 	if (fstat(fd, &st) < 0 && errno == EBADF)
1675 	{
1676 		syserr("checkfdopen(%d): %s not open as expected!", fd, where);
1677 		printopenfds(true);
1678 	}
1679 #endif /* XDEBUG */
1680 }
1681 
1682 /*
1683 **  CHECKFDS -- check for new or missing file descriptors
1684 **
1685 **	Parameters:
1686 **		where -- tag for printing.  If null, take a base line.
1687 **
1688 **	Returns:
1689 **		none
1690 **
1691 **	Side Effects:
1692 **		If where is set, shows changes since the last call.
1693 */
1694 
1695 void
checkfds(where)1696 checkfds(where)
1697 	char *where;
1698 {
1699 	int maxfd;
1700 	register int fd;
1701 	bool printhdr = true;
1702 	int save_errno = errno;
1703 	static BITMAP256 baseline;
1704 	extern int DtableSize;
1705 
1706 	if (DtableSize > BITMAPBITS)
1707 		maxfd = BITMAPBITS;
1708 	else
1709 		maxfd = DtableSize;
1710 	if (where == NULL)
1711 		clrbitmap(baseline);
1712 
1713 	for (fd = 0; fd < maxfd; fd++)
1714 	{
1715 		struct stat stbuf;
1716 
1717 		if (fstat(fd, &stbuf) < 0 && errno != EOPNOTSUPP)
1718 		{
1719 			if (!bitnset(fd, baseline))
1720 				continue;
1721 			clrbitn(fd, baseline);
1722 		}
1723 		else if (!bitnset(fd, baseline))
1724 			setbitn(fd, baseline);
1725 		else
1726 			continue;
1727 
1728 		/* file state has changed */
1729 		if (where == NULL)
1730 			continue;
1731 		if (printhdr)
1732 		{
1733 			sm_syslog(LOG_DEBUG, CurEnv->e_id,
1734 				  "%s: changed fds:",
1735 				  where);
1736 			printhdr = false;
1737 		}
1738 		dumpfd(fd, true, true);
1739 	}
1740 	errno = save_errno;
1741 }
1742 
1743 /*
1744 **  PRINTOPENFDS -- print the open file descriptors (for debugging)
1745 **
1746 **	Parameters:
1747 **		logit -- if set, send output to syslog; otherwise
1748 **			print for debugging.
1749 **
1750 **	Returns:
1751 **		none.
1752 */
1753 
1754 #if NETINET || NETINET6
1755 # include <arpa/inet.h>
1756 #endif /* NETINET || NETINET6 */
1757 
1758 void
printopenfds(logit)1759 printopenfds(logit)
1760 	bool logit;
1761 {
1762 	register int fd;
1763 	extern int DtableSize;
1764 
1765 	for (fd = 0; fd < DtableSize; fd++)
1766 		dumpfd(fd, false, logit);
1767 }
1768 
1769 /*
1770 **  DUMPFD -- dump a file descriptor
1771 **
1772 **	Parameters:
1773 **		fd -- the file descriptor to dump.
1774 **		printclosed -- if set, print a notification even if
1775 **			it is closed; otherwise print nothing.
1776 **		logit -- if set, use sm_syslog instead of sm_dprintf()
1777 **
1778 **	Returns:
1779 **		none.
1780 */
1781 
1782 void
dumpfd(fd,printclosed,logit)1783 dumpfd(fd, printclosed, logit)
1784 	int fd;
1785 	bool printclosed;
1786 	bool logit;
1787 {
1788 	register char *p;
1789 	char *hp;
1790 #ifdef S_IFSOCK
1791 	SOCKADDR sa;
1792 #endif /* S_IFSOCK */
1793 	auto SOCKADDR_LEN_T slen;
1794 	int i;
1795 #if STAT64 > 0
1796 	struct stat64 st;
1797 #else /* STAT64 > 0 */
1798 	struct stat st;
1799 #endif /* STAT64 > 0 */
1800 	char buf[200];
1801 
1802 	p = buf;
1803 	(void) sm_snprintf(p, SPACELEFT(buf, p), "%3d: ", fd);
1804 	p += strlen(p);
1805 
1806 	if (
1807 #if STAT64 > 0
1808 	    fstat64(fd, &st)
1809 #else /* STAT64 > 0 */
1810 	    fstat(fd, &st)
1811 #endif /* STAT64 > 0 */
1812 	    < 0)
1813 	{
1814 		if (errno != EBADF)
1815 		{
1816 			(void) sm_snprintf(p, SPACELEFT(buf, p),
1817 				"CANNOT STAT (%s)",
1818 				sm_errstring(errno));
1819 			goto printit;
1820 		}
1821 		else if (printclosed)
1822 		{
1823 			(void) sm_snprintf(p, SPACELEFT(buf, p), "CLOSED");
1824 			goto printit;
1825 		}
1826 		return;
1827 	}
1828 
1829 	i = fcntl(fd, F_GETFL, 0);
1830 	if (i != -1)
1831 	{
1832 		(void) sm_snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", i);
1833 		p += strlen(p);
1834 	}
1835 
1836 	(void) sm_snprintf(p, SPACELEFT(buf, p), "mode=%o: ",
1837 			(int) st.st_mode);
1838 	p += strlen(p);
1839 	switch (st.st_mode & S_IFMT)
1840 	{
1841 #ifdef S_IFSOCK
1842 	  case S_IFSOCK:
1843 		(void) sm_snprintf(p, SPACELEFT(buf, p), "SOCK ");
1844 		p += strlen(p);
1845 		memset(&sa, '\0', sizeof(sa));
1846 		slen = sizeof(sa);
1847 		if (getsockname(fd, &sa.sa, &slen) < 0)
1848 			(void) sm_snprintf(p, SPACELEFT(buf, p), "(%s)",
1849 				 sm_errstring(errno));
1850 		else
1851 		{
1852 			hp = hostnamebyanyaddr(&sa);
1853 			if (hp == NULL)
1854 			{
1855 				/* EMPTY */
1856 				/* do nothing */
1857 			}
1858 # if NETINET
1859 			else if (sa.sa.sa_family == AF_INET)
1860 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1861 					"%s/%d", hp, ntohs(sa.sin.sin_port));
1862 # endif /* NETINET */
1863 # if NETINET6
1864 			else if (sa.sa.sa_family == AF_INET6)
1865 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1866 					"%s/%d", hp, ntohs(sa.sin6.sin6_port));
1867 # endif /* NETINET6 */
1868 			else
1869 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1870 					"%s", hp);
1871 		}
1872 		p += strlen(p);
1873 		(void) sm_snprintf(p, SPACELEFT(buf, p), "->");
1874 		p += strlen(p);
1875 		slen = sizeof(sa);
1876 		if (getpeername(fd, &sa.sa, &slen) < 0)
1877 			(void) sm_snprintf(p, SPACELEFT(buf, p), "(%s)",
1878 					sm_errstring(errno));
1879 		else
1880 		{
1881 			hp = hostnamebyanyaddr(&sa);
1882 			if (hp == NULL)
1883 			{
1884 				/* EMPTY */
1885 				/* do nothing */
1886 			}
1887 # if NETINET
1888 			else if (sa.sa.sa_family == AF_INET)
1889 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1890 					"%s/%d", hp, ntohs(sa.sin.sin_port));
1891 # endif /* NETINET */
1892 # if NETINET6
1893 			else if (sa.sa.sa_family == AF_INET6)
1894 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1895 					"%s/%d", hp, ntohs(sa.sin6.sin6_port));
1896 # endif /* NETINET6 */
1897 			else
1898 				(void) sm_snprintf(p, SPACELEFT(buf, p),
1899 					"%s", hp);
1900 		}
1901 		break;
1902 #endif /* S_IFSOCK */
1903 
1904 	  case S_IFCHR:
1905 		(void) sm_snprintf(p, SPACELEFT(buf, p), "CHR: ");
1906 		p += strlen(p);
1907 		goto defprint;
1908 
1909 #ifdef S_IFBLK
1910 	  case S_IFBLK:
1911 		(void) sm_snprintf(p, SPACELEFT(buf, p), "BLK: ");
1912 		p += strlen(p);
1913 		goto defprint;
1914 #endif /* S_IFBLK */
1915 
1916 #if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK)
1917 	  case S_IFIFO:
1918 		(void) sm_snprintf(p, SPACELEFT(buf, p), "FIFO: ");
1919 		p += strlen(p);
1920 		goto defprint;
1921 #endif /* defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) */
1922 
1923 #ifdef S_IFDIR
1924 	  case S_IFDIR:
1925 		(void) sm_snprintf(p, SPACELEFT(buf, p), "DIR: ");
1926 		p += strlen(p);
1927 		goto defprint;
1928 #endif /* S_IFDIR */
1929 
1930 #ifdef S_IFLNK
1931 	  case S_IFLNK:
1932 		(void) sm_snprintf(p, SPACELEFT(buf, p), "LNK: ");
1933 		p += strlen(p);
1934 		goto defprint;
1935 #endif /* S_IFLNK */
1936 
1937 	  default:
1938 defprint:
1939 		(void) sm_snprintf(p, SPACELEFT(buf, p),
1940 			 "dev=%d/%d, ino=%llu, nlink=%d, u/gid=%d/%d, ",
1941 			 major(st.st_dev), minor(st.st_dev),
1942 			 (ULONGLONG_T) st.st_ino,
1943 			 (int) st.st_nlink, (int) st.st_uid,
1944 			 (int) st.st_gid);
1945 		p += strlen(p);
1946 		(void) sm_snprintf(p, SPACELEFT(buf, p), "size=%llu",
1947 			 (ULONGLONG_T) st.st_size);
1948 		break;
1949 	}
1950 
1951 printit:
1952 	if (logit)
1953 		sm_syslog(LOG_DEBUG, CurEnv ? CurEnv->e_id : NULL,
1954 			  "%.800s", buf);
1955 	else
1956 		sm_dprintf("%s\n", buf);
1957 }
1958 
1959 /*
1960 **  SHORTEN_HOSTNAME -- strip local domain information off of hostname.
1961 **
1962 **	Parameters:
1963 **		host -- the host to shorten (stripped in place).
1964 **
1965 **	Returns:
1966 **		place where string was truncated, NULL if not truncated.
1967 */
1968 
1969 char *
shorten_hostname(host)1970 shorten_hostname(host)
1971 	char host[];
1972 {
1973 	register char *p;
1974 	char *mydom;
1975 	int i;
1976 	bool canon = false;
1977 
1978 	/* strip off final dot */
1979 	i = strlen(host);
1980 	p = &host[(i == 0) ? 0 : i - 1];
1981 	if (*p == '.')
1982 	{
1983 		*p = '\0';
1984 		canon = true;
1985 	}
1986 
1987 	/* see if there is any domain at all -- if not, we are done */
1988 	p = strchr(host, '.');
1989 	if (p == NULL)
1990 		return NULL;
1991 
1992 	/* yes, we have a domain -- see if it looks like us */
1993 	mydom = macvalue('m', CurEnv);
1994 	if (mydom == NULL)
1995 		mydom = "";
1996 	i = strlen(++p);
1997 	if ((canon ? sm_strcasecmp(p, mydom)
1998 		   : sm_strncasecmp(p, mydom, i)) == 0 &&
1999 			(mydom[i] == '.' || mydom[i] == '\0'))
2000 	{
2001 		*--p = '\0';
2002 		return p;
2003 	}
2004 	return NULL;
2005 }
2006 
2007 /*
2008 **  PROG_OPEN -- open a program for reading
2009 **
2010 **	Parameters:
2011 **		argv -- the argument list.
2012 **		pfd -- pointer to a place to store the file descriptor.
2013 **		e -- the current envelope.
2014 **
2015 **	Returns:
2016 **		pid of the process -- -1 if it failed.
2017 */
2018 
2019 pid_t
prog_open(argv,pfd,e)2020 prog_open(argv, pfd, e)
2021 	char **argv;
2022 	int *pfd;
2023 	ENVELOPE *e;
2024 {
2025 	pid_t pid;
2026 	int save_errno;
2027 	int sff;
2028 	int ret;
2029 	int fdv[2];
2030 	char *p, *q;
2031 	char buf[MAXPATHLEN];
2032 	extern int DtableSize;
2033 
2034 	if (pipe(fdv) < 0)
2035 	{
2036 		syserr("%s: cannot create pipe for stdout", argv[0]);
2037 		return -1;
2038 	}
2039 	pid = fork();
2040 	if (pid < 0)
2041 	{
2042 		syserr("%s: cannot fork", argv[0]);
2043 		(void) close(fdv[0]);
2044 		(void) close(fdv[1]);
2045 		return -1;
2046 	}
2047 	if (pid > 0)
2048 	{
2049 		/* parent */
2050 		(void) close(fdv[1]);
2051 		*pfd = fdv[0];
2052 		return pid;
2053 	}
2054 
2055 	/* Reset global flags */
2056 	RestartRequest = NULL;
2057 	RestartWorkGroup = false;
2058 	ShutdownRequest = NULL;
2059 	PendingSignal = 0;
2060 	CurrentPid = getpid();
2061 
2062 	/*
2063 	**  Initialize exception stack and default exception
2064 	**  handler for child process.
2065 	*/
2066 
2067 	sm_exc_newthread(fatal_error);
2068 
2069 	/* child -- close stdin */
2070 	(void) close(0);
2071 
2072 	/* stdout goes back to parent */
2073 	(void) close(fdv[0]);
2074 	if (dup2(fdv[1], 1) < 0)
2075 	{
2076 		syserr("%s: cannot dup2 for stdout", argv[0]);
2077 		_exit(EX_OSERR);
2078 	}
2079 	(void) close(fdv[1]);
2080 
2081 	/* stderr goes to transcript if available */
2082 	if (e->e_xfp != NULL)
2083 	{
2084 		int xfd;
2085 
2086 		xfd = sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL);
2087 		if (xfd >= 0 && dup2(xfd, 2) < 0)
2088 		{
2089 			syserr("%s: cannot dup2 for stderr", argv[0]);
2090 			_exit(EX_OSERR);
2091 		}
2092 	}
2093 
2094 	/* this process has no right to the queue file */
2095 	if (e->e_lockfp != NULL)
2096 	{
2097 		int fd;
2098 
2099 		fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL);
2100 		if (fd >= 0)
2101 			(void) close(fd);
2102 		else
2103 			syserr("%s: lockfp does not have a fd", argv[0]);
2104 	}
2105 
2106 	/* chroot to the program mailer directory, if defined */
2107 	if (ProgMailer != NULL && ProgMailer->m_rootdir != NULL)
2108 	{
2109 		expand(ProgMailer->m_rootdir, buf, sizeof(buf), e);
2110 		get_random();
2111 		if (chroot(buf) < 0)
2112 		{
2113 			syserr("prog_open: cannot chroot(%s)", buf);
2114 			exit(EX_TEMPFAIL);
2115 		}
2116 		if (chdir("/") < 0)
2117 		{
2118 			syserr("prog_open: cannot chdir(/)");
2119 			exit(EX_TEMPFAIL);
2120 		}
2121 	}
2122 
2123 	/* run as default user */
2124 	endpwent();
2125 	sm_mbdb_terminate();
2126 #if _FFR_MEMSTAT
2127 	(void) sm_memstat_close();
2128 #endif /* _FFR_MEMSTAT */
2129 	if (setgid(DefGid) < 0 && geteuid() == 0)
2130 	{
2131 		syserr("prog_open: setgid(%ld) failed", (long) DefGid);
2132 		exit(EX_TEMPFAIL);
2133 	}
2134 	if (setuid(DefUid) < 0 && geteuid() == 0)
2135 	{
2136 		syserr("prog_open: setuid(%ld) failed", (long) DefUid);
2137 		exit(EX_TEMPFAIL);
2138 	}
2139 
2140 	/* run in some directory */
2141 	if (ProgMailer != NULL)
2142 		p = ProgMailer->m_execdir;
2143 	else
2144 		p = NULL;
2145 	for (; p != NULL; p = q)
2146 	{
2147 		q = strchr(p, ':');
2148 		if (q != NULL)
2149 			*q = '\0';
2150 		expand(p, buf, sizeof(buf), e);
2151 		if (q != NULL)
2152 			*q++ = ':';
2153 		if (buf[0] != '\0' && chdir(buf) >= 0)
2154 			break;
2155 	}
2156 	if (p == NULL)
2157 	{
2158 		/* backup directories */
2159 		if (chdir("/tmp") < 0)
2160 			(void) chdir("/");
2161 	}
2162 
2163 	/* Check safety of program to be run */
2164 	sff = SFF_ROOTOK|SFF_EXECOK;
2165 	if (!bitnset(DBS_RUNWRITABLEPROGRAM, DontBlameSendmail))
2166 		sff |= SFF_NOGWFILES|SFF_NOWWFILES;
2167 	if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH, DontBlameSendmail))
2168 		sff |= SFF_NOPATHCHECK;
2169 	else
2170 		sff |= SFF_SAFEDIRPATH;
2171 	ret = safefile(argv[0], DefUid, DefGid, DefUser, sff, 0, NULL);
2172 	if (ret != 0)
2173 		sm_syslog(LOG_INFO, e->e_id,
2174 			  "Warning: prog_open: program %s unsafe: %s",
2175 			  argv[0], sm_errstring(ret));
2176 
2177 	/* arrange for all the files to be closed */
2178 	sm_close_on_exec(STDERR_FILENO + 1, DtableSize);
2179 
2180 	/* now exec the process */
2181 	(void) execve(argv[0], (ARGV_T) argv, (ARGV_T) UserEnviron);
2182 
2183 	/* woops!  failed */
2184 	save_errno = errno;
2185 	syserr("%s: cannot exec", argv[0]);
2186 	if (transienterror(save_errno))
2187 		_exit(EX_OSERR);
2188 	_exit(EX_CONFIG);
2189 	return -1;	/* avoid compiler warning on IRIX */
2190 }
2191 
2192 /*
2193 **  GET_COLUMN -- look up a Column in a line buffer
2194 **
2195 **	Parameters:
2196 **		line -- the raw text line to search.
2197 **		col -- the column number to fetch.
2198 **		delim -- the delimiter between columns.  If null,
2199 **			use white space.
2200 **		buf -- the output buffer.
2201 **		buflen -- the length of buf.
2202 **
2203 **	Returns:
2204 **		buf if successful.
2205 **		NULL otherwise.
2206 */
2207 
2208 char *
get_column(line,col,delim,buf,buflen)2209 get_column(line, col, delim, buf, buflen)
2210 	char line[];
2211 	int col;
2212 	int delim;
2213 	char buf[];
2214 	int buflen;
2215 {
2216 	char *p;
2217 	char *begin, *end;
2218 	int i;
2219 	char delimbuf[4];
2220 
2221 	if ((char) delim == '\0')
2222 		(void) sm_strlcpy(delimbuf, "\n\t ", sizeof(delimbuf));
2223 	else
2224 	{
2225 		delimbuf[0] = (char) delim;
2226 		delimbuf[1] = '\0';
2227 	}
2228 
2229 	p = line;
2230 	if (*p == '\0')
2231 		return NULL;			/* line empty */
2232 	if (*p == (char) delim && col == 0)
2233 		return NULL;			/* first column empty */
2234 
2235 	begin = line;
2236 
2237 	if (col == 0 && (char) delim == '\0')
2238 	{
2239 		while (*begin != '\0' && isascii(*begin) && isspace(*begin))
2240 			begin++;
2241 	}
2242 
2243 	for (i = 0; i < col; i++)
2244 	{
2245 		if ((begin = strpbrk(begin, delimbuf)) == NULL)
2246 			return NULL;		/* no such column */
2247 		begin++;
2248 		if ((char) delim == '\0')
2249 		{
2250 			while (*begin != '\0' && isascii(*begin) && isspace(*begin))
2251 				begin++;
2252 		}
2253 	}
2254 
2255 	end = strpbrk(begin, delimbuf);
2256 	if (end == NULL)
2257 		i = strlen(begin);
2258 	else
2259 		i = end - begin;
2260 	if (i >= buflen)
2261 		i = buflen - 1;
2262 	(void) sm_strlcpy(buf, begin, i + 1);
2263 	return buf;
2264 }
2265 
2266 /*
2267 **  CLEANSTRCPY -- copy string keeping out bogus characters
2268 **
2269 **	Parameters:
2270 **		t -- "to" string.
2271 **		f -- "from" string.
2272 **		l -- length of space available in "to" string.
2273 **
2274 **	Returns:
2275 **		none.
2276 */
2277 
2278 void
cleanstrcpy(t,f,l)2279 cleanstrcpy(t, f, l)
2280 	register char *t;
2281 	register char *f;
2282 	int l;
2283 {
2284 	/* check for newlines and log if necessary */
2285 	(void) denlstring(f, true, true);
2286 
2287 	if (l <= 0)
2288 		syserr("!cleanstrcpy: length == 0");
2289 
2290 	l--;
2291 	while (l > 0 && *f != '\0')
2292 	{
2293 		if (isascii(*f) &&
2294 		    (isalnum(*f) || strchr("!#$%&'*+-./^_`{|}~", *f) != NULL))
2295 		{
2296 			l--;
2297 			*t++ = *f;
2298 		}
2299 		f++;
2300 	}
2301 	*t = '\0';
2302 }
2303 
2304 /*
2305 **  DENLSTRING -- convert newlines in a string to spaces
2306 **
2307 **	Parameters:
2308 **		s -- the input string
2309 **		strict -- if set, don't permit continuation lines.
2310 **		logattacks -- if set, log attempted attacks.
2311 **
2312 **	Returns:
2313 **		A pointer to a version of the string with newlines
2314 **		mapped to spaces.  This should be copied.
2315 */
2316 
2317 char *
denlstring(s,strict,logattacks)2318 denlstring(s, strict, logattacks)
2319 	char *s;
2320 	bool strict;
2321 	bool logattacks;
2322 {
2323 	register char *p;
2324 	int l;
2325 	static char *bp = NULL;
2326 	static int bl = 0;
2327 
2328 	p = s;
2329 	while ((p = strchr(p, '\n')) != NULL)
2330 		if (strict || (*++p != ' ' && *p != '\t'))
2331 			break;
2332 	if (p == NULL)
2333 		return s;
2334 
2335 	l = strlen(s) + 1;
2336 	if (bl < l)
2337 	{
2338 		/* allocate more space */
2339 		char *nbp = sm_pmalloc_x(l);
2340 
2341 		if (bp != NULL)
2342 			sm_free(bp);
2343 		bp = nbp;
2344 		bl = l;
2345 	}
2346 	(void) sm_strlcpy(bp, s, l);
2347 	for (p = bp; (p = strchr(p, '\n')) != NULL; )
2348 		*p++ = ' ';
2349 
2350 	if (logattacks)
2351 	{
2352 		sm_syslog(LOG_NOTICE, CurEnv ? CurEnv->e_id : NULL,
2353 			  "POSSIBLE ATTACK from %.100s: newline in string \"%s\"",
2354 			  RealHostName == NULL ? "[UNKNOWN]" : RealHostName,
2355 			  shortenstring(bp, MAXSHORTSTR));
2356 	}
2357 
2358 	return bp;
2359 }
2360 
2361 /*
2362 **  STRREPLNONPRT -- replace "unprintable" characters in a string with subst
2363 **
2364 **	Parameters:
2365 **		s -- string to manipulate (in place)
2366 **		subst -- character to use as replacement
2367 **
2368 **	Returns:
2369 **		true iff string did not contain "unprintable" characters
2370 */
2371 
2372 bool
strreplnonprt(s,c)2373 strreplnonprt(s, c)
2374 	char *s;
2375 	int c;
2376 {
2377 	bool ok;
2378 
2379 	ok = true;
2380 	if (s == NULL)
2381 		return ok;
2382 	while (*s != '\0')
2383 	{
2384 		if (!(isascii(*s) && isprint(*s)))
2385 		{
2386 			*s = c;
2387 			ok = false;
2388 		}
2389 		++s;
2390 	}
2391 	return ok;
2392 }
2393 
2394 /*
2395 **  PATH_IS_DIR -- check to see if file exists and is a directory.
2396 **
2397 **	There are some additional checks for security violations in
2398 **	here.  This routine is intended to be used for the host status
2399 **	support.
2400 **
2401 **	Parameters:
2402 **		pathname -- pathname to check for directory-ness.
2403 **		createflag -- if set, create directory if needed.
2404 **
2405 **	Returns:
2406 **		true -- if the indicated pathname is a directory
2407 **		false -- otherwise
2408 */
2409 
2410 bool
path_is_dir(pathname,createflag)2411 path_is_dir(pathname, createflag)
2412 	char *pathname;
2413 	bool createflag;
2414 {
2415 	struct stat statbuf;
2416 
2417 #if HASLSTAT
2418 	if (lstat(pathname, &statbuf) < 0)
2419 #else /* HASLSTAT */
2420 	if (stat(pathname, &statbuf) < 0)
2421 #endif /* HASLSTAT */
2422 	{
2423 		if (errno != ENOENT || !createflag)
2424 			return false;
2425 		if (mkdir(pathname, 0755) < 0)
2426 			return false;
2427 		return true;
2428 	}
2429 	if (!S_ISDIR(statbuf.st_mode))
2430 	{
2431 		errno = ENOTDIR;
2432 		return false;
2433 	}
2434 
2435 	/* security: don't allow writable directories */
2436 	if (bitset(S_IWGRP|S_IWOTH, statbuf.st_mode))
2437 	{
2438 		errno = EACCES;
2439 		return false;
2440 	}
2441 	return true;
2442 }
2443 
2444 /*
2445 **  PROC_LIST_ADD -- add process id to list of our children
2446 **
2447 **	Parameters:
2448 **		pid -- pid to add to list.
2449 **		task -- task of pid.
2450 **		type -- type of process.
2451 **		count -- number of processes.
2452 **		other -- other information for this type.
2453 **
2454 **	Returns:
2455 **		none
2456 **
2457 **	Side Effects:
2458 **		May increase CurChildren. May grow ProcList.
2459 */
2460 
2461 typedef struct procs	PROCS_T;
2462 
2463 struct procs
2464 {
2465 	pid_t		proc_pid;
2466 	char		*proc_task;
2467 	int		proc_type;
2468 	int		proc_count;
2469 	int		proc_other;
2470 	SOCKADDR	proc_hostaddr;
2471 };
2472 
2473 static PROCS_T	*volatile ProcListVec = NULL;
2474 static int	ProcListSize = 0;
2475 
2476 void
proc_list_add(pid,task,type,count,other,hostaddr)2477 proc_list_add(pid, task, type, count, other, hostaddr)
2478 	pid_t pid;
2479 	char *task;
2480 	int type;
2481 	int count;
2482 	int other;
2483 	SOCKADDR *hostaddr;
2484 {
2485 	int i;
2486 
2487 	for (i = 0; i < ProcListSize; i++)
2488 	{
2489 		if (ProcListVec[i].proc_pid == NO_PID)
2490 			break;
2491 	}
2492 	if (i >= ProcListSize)
2493 	{
2494 		/* probe the existing vector to avoid growing infinitely */
2495 		proc_list_probe();
2496 
2497 		/* now scan again */
2498 		for (i = 0; i < ProcListSize; i++)
2499 		{
2500 			if (ProcListVec[i].proc_pid == NO_PID)
2501 				break;
2502 		}
2503 	}
2504 	if (i >= ProcListSize)
2505 	{
2506 		/* grow process list */
2507 		int chldwasblocked;
2508 		PROCS_T *npv;
2509 
2510 		SM_ASSERT(ProcListSize < INT_MAX - PROC_LIST_SEG);
2511 		npv = (PROCS_T *) sm_pmalloc_x((sizeof(*npv)) *
2512 					       (ProcListSize + PROC_LIST_SEG));
2513 
2514 		/* Block SIGCHLD so reapchild() doesn't mess with us */
2515 		chldwasblocked = sm_blocksignal(SIGCHLD);
2516 		if (ProcListSize > 0)
2517 		{
2518 			memmove(npv, ProcListVec,
2519 				ProcListSize * sizeof(PROCS_T));
2520 			sm_free(ProcListVec);
2521 		}
2522 
2523 		/* XXX just use memset() to initialize this part? */
2524 		for (i = ProcListSize; i < ProcListSize + PROC_LIST_SEG; i++)
2525 		{
2526 			npv[i].proc_pid = NO_PID;
2527 			npv[i].proc_task = NULL;
2528 			npv[i].proc_type = PROC_NONE;
2529 		}
2530 		i = ProcListSize;
2531 		ProcListSize += PROC_LIST_SEG;
2532 		ProcListVec = npv;
2533 		if (chldwasblocked == 0)
2534 			(void) sm_releasesignal(SIGCHLD);
2535 	}
2536 	ProcListVec[i].proc_pid = pid;
2537 	PSTRSET(ProcListVec[i].proc_task, task);
2538 	ProcListVec[i].proc_type = type;
2539 	ProcListVec[i].proc_count = count;
2540 	ProcListVec[i].proc_other = other;
2541 	if (hostaddr != NULL)
2542 		ProcListVec[i].proc_hostaddr = *hostaddr;
2543 	else
2544 		memset(&ProcListVec[i].proc_hostaddr, 0,
2545 			sizeof(ProcListVec[i].proc_hostaddr));
2546 
2547 	/* if process adding itself, it's not a child */
2548 	if (pid != CurrentPid)
2549 	{
2550 		SM_ASSERT(CurChildren < INT_MAX);
2551 		CurChildren++;
2552 	}
2553 }
2554 
2555 /*
2556 **  PROC_LIST_SET -- set pid task in process list
2557 **
2558 **	Parameters:
2559 **		pid -- pid to set
2560 **		task -- task of pid
2561 **
2562 **	Returns:
2563 **		none.
2564 */
2565 
2566 void
proc_list_set(pid,task)2567 proc_list_set(pid, task)
2568 	pid_t pid;
2569 	char *task;
2570 {
2571 	int i;
2572 
2573 	for (i = 0; i < ProcListSize; i++)
2574 	{
2575 		if (ProcListVec[i].proc_pid == pid)
2576 		{
2577 			PSTRSET(ProcListVec[i].proc_task, task);
2578 			break;
2579 		}
2580 	}
2581 }
2582 
2583 /*
2584 **  PROC_LIST_DROP -- drop pid from process list
2585 **
2586 **	Parameters:
2587 **		pid -- pid to drop
2588 **		st -- process status
2589 **		other -- storage for proc_other (return).
2590 **
2591 **	Returns:
2592 **		none.
2593 **
2594 **	Side Effects:
2595 **		May decrease CurChildren, CurRunners, or
2596 **		set RestartRequest or ShutdownRequest.
2597 **
2598 **	NOTE:	THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
2599 **		ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
2600 **		DOING.
2601 */
2602 
2603 void
proc_list_drop(pid,st,other)2604 proc_list_drop(pid, st, other)
2605 	pid_t pid;
2606 	int st;
2607 	int *other;
2608 {
2609 	int i;
2610 	int type = PROC_NONE;
2611 
2612 	for (i = 0; i < ProcListSize; i++)
2613 	{
2614 		if (ProcListVec[i].proc_pid == pid)
2615 		{
2616 			ProcListVec[i].proc_pid = NO_PID;
2617 			type = ProcListVec[i].proc_type;
2618 			if (other != NULL)
2619 				*other = ProcListVec[i].proc_other;
2620 			if (CurChildren > 0)
2621 				CurChildren--;
2622 			break;
2623 		}
2624 	}
2625 
2626 
2627 	if (type == PROC_CONTROL && WIFEXITED(st))
2628 	{
2629 		/* if so, see if we need to restart or shutdown */
2630 		if (WEXITSTATUS(st) == EX_RESTART)
2631 			RestartRequest = "control socket";
2632 		else if (WEXITSTATUS(st) == EX_SHUTDOWN)
2633 			ShutdownRequest = "control socket";
2634 	}
2635 	else if (type == PROC_QUEUE_CHILD && !WIFSTOPPED(st) &&
2636 		 ProcListVec[i].proc_other > -1)
2637 	{
2638 		/* restart this persistent runner */
2639 		mark_work_group_restart(ProcListVec[i].proc_other, st);
2640 	}
2641 	else if (type == PROC_QUEUE)
2642 	{
2643 		CurRunners -= ProcListVec[i].proc_count;
2644 
2645 		/* CHK_CUR_RUNNERS() can't be used here: uses syslog() */
2646 		if (CurRunners < 0)
2647 			CurRunners = 0;
2648 	}
2649 }
2650 
2651 /*
2652 **  PROC_LIST_CLEAR -- clear the process list
2653 **
2654 **	Parameters:
2655 **		none.
2656 **
2657 **	Returns:
2658 **		none.
2659 **
2660 **	Side Effects:
2661 **		Sets CurChildren to zero.
2662 */
2663 
2664 void
proc_list_clear()2665 proc_list_clear()
2666 {
2667 	int i;
2668 
2669 	/* start from 1 since 0 is the daemon itself */
2670 	for (i = 1; i < ProcListSize; i++)
2671 		ProcListVec[i].proc_pid = NO_PID;
2672 	CurChildren = 0;
2673 }
2674 
2675 /*
2676 **  PROC_LIST_PROBE -- probe processes in the list to see if they still exist
2677 **
2678 **	Parameters:
2679 **		none
2680 **
2681 **	Returns:
2682 **		none
2683 **
2684 **	Side Effects:
2685 **		May decrease CurChildren.
2686 */
2687 
2688 void
proc_list_probe()2689 proc_list_probe()
2690 {
2691 	int i, children;
2692 	int chldwasblocked;
2693 	pid_t pid;
2694 
2695 	children = 0;
2696 	chldwasblocked = sm_blocksignal(SIGCHLD);
2697 
2698 	/* start from 1 since 0 is the daemon itself */
2699 	for (i = 1; i < ProcListSize; i++)
2700 	{
2701 		pid = ProcListVec[i].proc_pid;
2702 		if (pid == NO_PID || pid == CurrentPid)
2703 			continue;
2704 		if (kill(pid, 0) < 0)
2705 		{
2706 			if (LogLevel > 3)
2707 				sm_syslog(LOG_DEBUG, CurEnv->e_id,
2708 					  "proc_list_probe: lost pid %d",
2709 					  (int) ProcListVec[i].proc_pid);
2710 			ProcListVec[i].proc_pid = NO_PID;
2711 			SM_FREE_CLR(ProcListVec[i].proc_task);
2712 
2713 			if (ProcListVec[i].proc_type == PROC_QUEUE)
2714 			{
2715 				CurRunners -= ProcListVec[i].proc_count;
2716 				CHK_CUR_RUNNERS("proc_list_probe", i,
2717 						ProcListVec[i].proc_count);
2718 			}
2719 
2720 			CurChildren--;
2721 		}
2722 		else
2723 		{
2724 			++children;
2725 		}
2726 	}
2727 	if (CurChildren < 0)
2728 		CurChildren = 0;
2729 	if (chldwasblocked == 0)
2730 		(void) sm_releasesignal(SIGCHLD);
2731 	if (LogLevel > 10 && children != CurChildren && CurrentPid == DaemonPid)
2732 	{
2733 		sm_syslog(LOG_ERR, NOQID,
2734 			  "proc_list_probe: found %d children, expected %d",
2735 			  children, CurChildren);
2736 	}
2737 }
2738 
2739 /*
2740 **  PROC_LIST_DISPLAY -- display the process list
2741 **
2742 **	Parameters:
2743 **		out -- output file pointer
2744 **		prefix -- string to output in front of each line.
2745 **
2746 **	Returns:
2747 **		none.
2748 */
2749 
2750 void
proc_list_display(out,prefix)2751 proc_list_display(out, prefix)
2752 	SM_FILE_T *out;
2753 	char *prefix;
2754 {
2755 	int i;
2756 
2757 	for (i = 0; i < ProcListSize; i++)
2758 	{
2759 		if (ProcListVec[i].proc_pid == NO_PID)
2760 			continue;
2761 
2762 		(void) sm_io_fprintf(out, SM_TIME_DEFAULT, "%s%d %s%s\n",
2763 				     prefix,
2764 				     (int) ProcListVec[i].proc_pid,
2765 				     ProcListVec[i].proc_task != NULL ?
2766 				     ProcListVec[i].proc_task : "(unknown)",
2767 				     (OpMode == MD_SMTP ||
2768 				      OpMode == MD_DAEMON ||
2769 				      OpMode == MD_ARPAFTP) ? "\r" : "");
2770 	}
2771 }
2772 
2773 /*
2774 **  PROC_LIST_SIGNAL -- send a signal to a type of process in the list
2775 **
2776 **	Parameters:
2777 **		type -- type of process to signal
2778 **		signal -- the type of signal to send
2779 **
2780 **	Results:
2781 **		none.
2782 **
2783 **	NOTE:	THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
2784 **		ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
2785 **		DOING.
2786 */
2787 
2788 void
proc_list_signal(type,signal)2789 proc_list_signal(type, signal)
2790 	int type;
2791 	int signal;
2792 {
2793 	int chldwasblocked;
2794 	int alrmwasblocked;
2795 	int i;
2796 	pid_t mypid = getpid();
2797 
2798 	/* block these signals so that we may signal cleanly */
2799 	chldwasblocked = sm_blocksignal(SIGCHLD);
2800 	alrmwasblocked = sm_blocksignal(SIGALRM);
2801 
2802 	/* Find all processes of type and send signal */
2803 	for (i = 0; i < ProcListSize; i++)
2804 	{
2805 		if (ProcListVec[i].proc_pid == NO_PID ||
2806 		    ProcListVec[i].proc_pid == mypid)
2807 			continue;
2808 		if (ProcListVec[i].proc_type != type)
2809 			continue;
2810 		(void) kill(ProcListVec[i].proc_pid, signal);
2811 	}
2812 
2813 	/* restore the signals */
2814 	if (alrmwasblocked == 0)
2815 		(void) sm_releasesignal(SIGALRM);
2816 	if (chldwasblocked == 0)
2817 		(void) sm_releasesignal(SIGCHLD);
2818 }
2819 
2820 /*
2821 **  COUNT_OPEN_CONNECTIONS
2822 **
2823 **	Parameters:
2824 **		hostaddr - ClientAddress
2825 **
2826 **	Returns:
2827 **		the number of open connections for this client
2828 **
2829 */
2830 
2831 int
count_open_connections(hostaddr)2832 count_open_connections(hostaddr)
2833 	SOCKADDR *hostaddr;
2834 {
2835 	int i, n;
2836 
2837 	if (hostaddr == NULL)
2838 		return 0;
2839 
2840 	/*
2841 	**  This code gets called before proc_list_add() gets called,
2842 	**  so we (the daemon child for this connection) have not yet
2843 	**  counted ourselves.  Hence initialize the counter to 1
2844 	**  instead of 0 to compensate.
2845 	*/
2846 
2847 	n = 1;
2848 	for (i = 0; i < ProcListSize; i++)
2849 	{
2850 		if (ProcListVec[i].proc_pid == NO_PID)
2851 			continue;
2852 		if (hostaddr->sa.sa_family !=
2853 		    ProcListVec[i].proc_hostaddr.sa.sa_family)
2854 			continue;
2855 #if NETINET
2856 		if (hostaddr->sa.sa_family == AF_INET &&
2857 		    (hostaddr->sin.sin_addr.s_addr ==
2858 		     ProcListVec[i].proc_hostaddr.sin.sin_addr.s_addr))
2859 			n++;
2860 #endif /* NETINET */
2861 #if NETINET6
2862 		if (hostaddr->sa.sa_family == AF_INET6 &&
2863 		    IN6_ARE_ADDR_EQUAL(&(hostaddr->sin6.sin6_addr),
2864 				       &(ProcListVec[i].proc_hostaddr.sin6.sin6_addr)))
2865 			n++;
2866 #endif /* NETINET6 */
2867 	}
2868 	return n;
2869 }
2870 
2871