1 /*
2  * Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1990, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * By using this file, you agree to the terms and conditions set
8  * forth in the LICENSE file which can be found at the top level of
9  * the sendmail distribution.
10  *
11  */
12 
13 #include <sm/gen.h>
14 
15 SM_IDSTR(copyright,
16 "@(#) Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.\n\
17 	All rights reserved.\n\
18      Copyright (c) 1990, 1993, 1994\n\
19 	The Regents of the University of California.  All rights reserved.\n")
20 
21 SM_RCSID("$MirOS: src/gnu/usr.sbin/sendmail/mail.local/mail.local.c,v 1.7 2014/06/09 15:17:39 tg Exp $")
22 SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.257 2013-11-22 20:51:51 ca Exp $")
23 
24 #include <stdlib.h>
25 #include <sm/errstring.h>
26 #include <sm/io.h>
27 #include <sm/limits.h>
28 # include <unistd.h>
29 # ifdef EX_OK
30 #  undef EX_OK		/* unistd.h may have another use for this */
31 # endif /* EX_OK */
32 # define LOCKFILE_PMODE 0
33 #include <sm/mbdb.h>
34 #include <sm/sysexits.h>
35 
36 #ifndef HASHSPOOL
37 # define HASHSPOOL	0
38 #endif /* ! HASHSPOOL */
39 #ifndef HASHSPOOLMD5
40 # define HASHSPOOLMD5	0
41 #endif /* ! HASHSPOOLMD5 */
42 
43 /*
44 **  This is not intended to work on System V derived systems
45 **  such as Solaris or HP-UX, since they use a totally different
46 **  approach to mailboxes (essentially, they have a set-group-ID program
47 **  rather than set-user-ID, and they rely on the ability to "give away"
48 **  files to do their work).  IT IS NOT A BUG that this doesn't
49 **  work on such architectures.
50 */
51 
52 
53 #include <stdio.h>
54 #include <errno.h>
55 #include <fcntl.h>
56 #include <sys/types.h>
57 #include <sys/stat.h>
58 #include <time.h>
59 #include <stdlib.h>
60 # include <sys/socket.h>
61 # include <sys/file.h>
62 # include <netinet/in.h>
63 # include <arpa/nameser.h>
64 # include <netdb.h>
65 # include <pwd.h>
66 
67 #include <sm/string.h>
68 #include <syslog.h>
69 #include <ctype.h>
70 
71 #include <sm/conf.h>
72 #include <sendmail/pathnames.h>
73 
74 #if HASHSPOOL
75 # define HASH_NONE	0
76 # define HASH_USER	1
77 # if HASHSPOOLMD5
78 #  define HASH_MD5	2
79 #  include <openssl/md5.h>
80 # endif /* HASHSPOOLMD5 */
81 #endif /* HASHSPOOL */
82 
83 #if _FFR_SPOOL_PATH
84 	/*
85 	**  Override path to mail store at run time (using -p).
86 	**  From: Eugene Grosbein of Svyaz Service JSC
87 	**  See: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/114195
88 	**  NOTE: Update man page before adding this to a release.
89 	*/
90 #endif /* _FFR_SPOOL_PATH */
91 
92 
93 #ifndef LOCKTO_RM
94 # define LOCKTO_RM	300	/* timeout for stale lockfile removal */
95 #endif /* ! LOCKTO_RM */
96 #ifndef LOCKTO_GLOB
97 # define LOCKTO_GLOB	400	/* global timeout for lockfile creation */
98 #endif /* ! LOCKTO_GLOB */
99 
100 /* define a realloc() which works for NULL pointers */
101 #define REALLOC(ptr, size)	(((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
102 
103 /*
104 **  If you don't have flock, you could try using lockf instead.
105 */
106 
107 #ifdef LDA_USE_LOCKF
108 # define flock(a, b)	lockf(a, b, 0)
109 # ifdef LOCK_EX
110 #  undef LOCK_EX
111 # endif /* LOCK_EX */
112 # define LOCK_EX	F_LOCK
113 #endif /* LDA_USE_LOCKF */
114 
115 #ifndef LOCK_EX
116 # include <sys/file.h>
117 #endif /* ! LOCK_EX */
118 
119 /*
120 **  If you don't have setreuid, and you have saved uids, and you have
121 **  a seteuid() call that doesn't try to emulate using setuid(), then
122 **  you can try defining LDA_USE_SETEUID.
123 */
124 
125 #ifdef LDA_USE_SETEUID
126 # define setreuid(r, e)		seteuid(e)
127 #endif /* LDA_USE_SETEUID */
128 
129 #ifdef LDA_CONTENTLENGTH
130 # define CONTENTLENGTH	1
131 #endif /* LDA_CONTENTLENGTH */
132 
133 #ifndef INADDRSZ
134 # define INADDRSZ	4		/* size of an IPv4 address in bytes */
135 #endif /* ! INADDRSZ */
136 
137 #ifdef MAILLOCK
138 # include <maillock.h>
139 #endif /* MAILLOCK */
140 
141 #ifndef MAILER_DAEMON
142 # define MAILER_DAEMON	"MAILER-DAEMON"
143 #endif /* ! MAILER_DAEMON */
144 
145 #ifdef CONTENTLENGTH
146 char	ContentHdr[40] = "Content-Length: ";
147 off_t	HeaderLength;
148 off_t	BodyLength;
149 #endif /* CONTENTLENGTH */
150 
151 bool	EightBitMime = false;		/* advertise 8BITMIME in LMTP */
152 char	ErrBuf[10240];			/* error buffer */
153 int	ExitVal = EX_OK;		/* sysexits.h error value. */
154 bool	HoldErrs = false;		/* Hold errors in ErrBuf */
155 bool	LMTPMode = false;
156 bool	BounceQuota = false;		/* permanent error when over quota */
157 bool	CloseMBDB = false;
158 char	*HomeMailFile = NULL;		/* store mail in homedir */
159 
160 #if HASHSPOOL
161 int	HashType = HASH_NONE;
162 int	HashDepth = 0;
163 bool	StripRcptDomain = true;
164 #else /* HASHSPOOL */
165 # define StripRcptDomain true
166 #endif /* HASHSPOOL */
167 char	SpoolPath[MAXPATHLEN];
168 
169 char	*parseaddr __P((char *, bool));
170 char	*process_recipient __P((char *));
171 void	dolmtp __P((void));
172 void	deliver __P((int, char *));
173 int	e_to_sys __P((int));
174 void	notifybiff __P((char *));
175 int	store __P((char *, bool *));
176 void	usage __P((void));
177 int	lockmbox __P((char *));
178 void	unlockmbox __P((void));
179 void	mailerr __P((const char *, const char *, ...));
180 void	flush_error __P((void));
181 #if HASHSPOOL
182 const char	*hashname __P((char *));
183 #endif /* HASHSPOOL */
184 
185 
186 static void sm_exit __P((int));
187 
188 static void
sm_exit(status)189 sm_exit(status)
190 	int status;
191 {
192 	if (CloseMBDB)
193 	{
194 		sm_mbdb_terminate();
195 		CloseMBDB = false;	/* not really necessary, but ... */
196 	}
197 	exit(status);
198 }
199 
200 int
main(argc,argv)201 main(argc, argv)
202 	int argc;
203 	char *argv[];
204 {
205 	struct passwd *pw;
206 	int ch, fd;
207 	uid_t uid;
208 	char *from;
209 	char *mbdbname = "pw";
210 	int err;
211 	extern char *optarg;
212 	extern int optind;
213 
214 
215 	/* make sure we have some open file descriptors */
216 	for (fd = 10; fd < 30; fd++)
217 		(void) close(fd);
218 
219 	/* use a reasonable umask */
220 	(void) umask(0077);
221 
222 # ifdef LOG_MAIL
223 	openlog("mail.local", 0, LOG_MAIL);
224 # else /* LOG_MAIL */
225 	openlog("mail.local", 0);
226 # endif /* LOG_MAIL */
227 
228 	from = NULL;
229 
230 	/* XXX can this be converted to a compile time check? */
231 	if (sm_strlcpy(SpoolPath, _PATH_MAILDIR, sizeof(SpoolPath)) >=
232 	    sizeof(SpoolPath))
233 	{
234 		mailerr("421", "Configuration error: _PATH_MAILDIR too large");
235 		sm_exit(EX_CONFIG);
236 	}
237 #if HASHSPOOL
238 	while ((ch = getopt(argc, argv, "78bdD:f:h:r:lH:p:n")) != -1)
239 #else /* HASHSPOOL */
240 #  if _FFR_SPOOL_PATH
241 	while ((ch = getopt(argc, argv, "78bdD:f:h:r:lp:")) != -1)
242 #  else /* _FFR_SPOOL_PATH */
243 	while ((ch = getopt(argc, argv, "78bdD:f:h:r:l")) != -1)
244 #  endif /* _FFR_SPOOL_PATH */
245 #endif /* HASHSPOOL */
246 	{
247 		switch(ch)
248 		{
249 		  case '7':		/* Do not advertise 8BITMIME */
250 			EightBitMime = false;
251 			break;
252 
253 		  case '8':		/* Do advertise 8BITMIME */
254 			EightBitMime = true;
255 			break;
256 
257 		  case 'b':		/* bounce mail when over quota. */
258 			BounceQuota = true;
259 			break;
260 
261 		  case 'd':		/* Backward compatible. */
262 			break;
263 
264 		  case 'D':		/* mailbox database type */
265 			mbdbname = optarg;
266 			break;
267 
268 		  case 'f':
269 		  case 'r':		/* Backward compatible. */
270 			if (from != NULL)
271 			{
272 				mailerr(NULL, "Multiple -f options");
273 				usage();
274 			}
275 			from = optarg;
276 			break;
277 
278 		  case 'h':
279 			if (optarg != NULL || *optarg != '\0')
280 				HomeMailFile = optarg;
281 			else
282 			{
283 				mailerr(NULL, "-h: missing filename");
284 				usage();
285 			}
286 			break;
287 
288 		  case 'l':
289 			LMTPMode = true;
290 			break;
291 
292 
293 #if HASHSPOOL
294 		  case 'H':
295 			if (optarg == NULL || *optarg == '\0')
296 			{
297 				mailerr(NULL, "-H: missing hashinfo");
298 				usage();
299 			}
300 			switch(optarg[0])
301 			{
302 			  case 'u':
303 				HashType = HASH_USER;
304 				break;
305 
306 # if HASHSPOOLMD5
307 			  case 'm':
308 				HashType = HASH_MD5;
309 				break;
310 # endif /* HASHSPOOLMD5 */
311 
312 			  default:
313 				mailerr(NULL, "-H: unknown hash type");
314 				usage();
315 			}
316 			if (optarg[1] == '\0')
317 			{
318 				mailerr(NULL, "-H: invalid hash depth");
319 				usage();
320 			}
321 			HashDepth = atoi(&optarg[1]);
322 			if ((HashDepth <= 0) || ((HashDepth * 2) >= MAXPATHLEN))
323 			{
324 				mailerr(NULL, "-H: invalid hash depth");
325 				usage();
326 			}
327 			break;
328 
329 		  case 'n':
330 			StripRcptDomain = false;
331 			break;
332 #endif /* HASHSPOOL */
333 
334 #if HASHSPOOL || _FFR_SPOOL_PATH
335 		  case 'p':
336 			if (optarg == NULL || *optarg == '\0')
337 			{
338 				mailerr(NULL, "-p: missing spool path");
339 				usage();
340 			}
341 			if (sm_strlcpy(SpoolPath, optarg, sizeof(SpoolPath)) >=
342 			    sizeof(SpoolPath))
343 			{
344 				mailerr(NULL, "-p: invalid spool path");
345 				usage();
346 			}
347 			break;
348 #endif /* HASHSPOOL || _FFR_SPOOL_PATH */
349 
350 		  case '?':
351 		  default:
352 			usage();
353 		}
354 	}
355 	argc -= optind;
356 	argv += optind;
357 
358 	/* initialize biff structures */
359 	notifybiff(NULL);
360 
361 	err = sm_mbdb_initialize(mbdbname);
362 	if (err != EX_OK)
363 	{
364 		char *errcode = "521";
365 
366 		if (err == EX_TEMPFAIL)
367 			errcode = "421";
368 
369 		mailerr(errcode, "Can not open mailbox database %s: %s",
370 			mbdbname, sm_strexit(err));
371 		sm_exit(err);
372 	}
373 	CloseMBDB = true;
374 
375 	if (LMTPMode)
376 	{
377 		if (argc > 0)
378 		{
379 			mailerr("421", "Users should not be specified in command line if LMTP required");
380 			sm_exit(EX_TEMPFAIL);
381 		}
382 
383 		dolmtp();
384 		/* NOTREACHED */
385 		sm_exit(EX_OK);
386 	}
387 
388 	/* Non-LMTP from here on out */
389 	if (*argv == '\0')
390 		usage();
391 
392 	/*
393 	**  If from not specified, use the name from getlogin() if the
394 	**  uid matches, otherwise, use the name from the password file
395 	**  corresponding to the uid.
396 	*/
397 
398 	uid = getuid();
399 	if (from == NULL && ((from = getlogin()) == NULL ||
400 			     (pw = getpwnam(from)) == NULL ||
401 			     pw->pw_uid != uid))
402 		from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
403 
404 	/*
405 	**  There is no way to distinguish the error status of one delivery
406 	**  from the rest of the deliveries.  So, if we failed hard on one
407 	**  or more deliveries, but had no failures on any of the others, we
408 	**  return a hard failure.  If we failed temporarily on one or more
409 	**  deliveries, we return a temporary failure regardless of the other
410 	**  failures.  This results in the delivery being reattempted later
411 	**  at the expense of repeated failures and multiple deliveries.
412 	*/
413 
414 	HoldErrs = true;
415 	fd = store(from, NULL);
416 	HoldErrs = false;
417 	if (fd < 0)
418 	{
419 		flush_error();
420 		sm_exit(ExitVal);
421 	}
422 	for (; *argv != NULL; ++argv)
423 		deliver(fd, *argv);
424 	sm_exit(ExitVal);
425 	/* NOTREACHED */
426 	return ExitVal;
427 }
428 
429 char *
parseaddr(s,rcpt)430 parseaddr(s, rcpt)
431 	char *s;
432 	bool rcpt;
433 {
434 	char *p;
435 	int l;
436 
437 	if (*s++ != '<')
438 		return NULL;
439 
440 	p = s;
441 
442 	/* at-domain-list */
443 	while (*p == '@')
444 	{
445 		p++;
446 		while (*p != ',' && *p != ':' && *p != '\0')
447 			p++;
448 		if (*p == '\0')
449 			return NULL;
450 
451 		/* Skip over , or : */
452 		p++;
453 	}
454 
455 	s = p;
456 
457 	/* local-part */
458 	while (*p != '\0' && *p != '@' && *p != '>')
459 	{
460 		if (*p == '\\')
461 		{
462 			if (*++p == '\0')
463 				return NULL;
464 		}
465 		else if (*p == '\"')
466 		{
467 			p++;
468 			while (*p != '\0' && *p != '\"')
469 			{
470 				if (*p == '\\')
471 				{
472 					if (*++p == '\0')
473 						return NULL;
474 				}
475 				p++;
476 			}
477 			if (*p == '\0' || *(p + 1) == '\0')
478 				return NULL;
479 		}
480 		/* +detail ? */
481 		if (*p == '+' && rcpt)
482 			*p = '\0';
483 		p++;
484 	}
485 
486 	/* @domain */
487 	if (*p == '@')
488 	{
489 		if (rcpt)
490 			*p++ = '\0';
491 		while (*p != '\0' && *p != '>')
492 			p++;
493 	}
494 
495 	if (*p != '>')
496 		return NULL;
497 	else
498 		*p = '\0';
499 	p++;
500 
501 	if (*p != '\0' && *p != ' ')
502 		return NULL;
503 
504 	if (*s == '\0')
505 		s = MAILER_DAEMON;
506 
507 	l = strlen(s) + 1;
508 	if (l < 0)
509 		return NULL;
510 	p = malloc(l);
511 	if (p == NULL)
512 	{
513 		mailerr("421 4.3.0", "Memory exhausted");
514 		sm_exit(EX_TEMPFAIL);
515 	}
516 
517 	(void) sm_strlcpy(p, s, l);
518 	return p;
519 }
520 
521 char *
process_recipient(addr)522 process_recipient(addr)
523 	char *addr;
524 {
525 	SM_MBDB_T user;
526 
527 	switch (sm_mbdb_lookup(addr, &user))
528 	{
529 	  case EX_OK:
530 		return NULL;
531 
532 	  case EX_NOUSER:
533 		return "550 5.1.1 User unknown";
534 
535 	  case EX_TEMPFAIL:
536 		return "451 4.3.0 User database failure; retry later";
537 
538 	  default:
539 		return "550 5.3.0 User database failure";
540 	}
541 }
542 
543 #define RCPT_GROW	30
544 
545 void
dolmtp()546 dolmtp()
547 {
548 	char *return_path = NULL;
549 	char **rcpt_addr = NULL;
550 	int rcpt_num = 0;
551 	int rcpt_alloc = 0;
552 	bool gotlhlo = false;
553 	char *err;
554 	int msgfd;
555 	char *p;
556 	int i;
557 	char myhostname[1024];
558 	char buf[4096];
559 
560 	memset(myhostname, '\0', sizeof myhostname);
561 	(void) gethostname(myhostname, sizeof myhostname - 1);
562 	if (myhostname[0] == '\0')
563 		sm_strlcpy(myhostname, "localhost", sizeof myhostname);
564 
565 	printf("220 %s LMTP ready\r\n", myhostname);
566 	for (;;)
567 	{
568 		(void) fflush(stdout);
569 		if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
570 			sm_exit(EX_OK);
571 		p = buf + strlen(buf) - 1;
572 		if (p >= buf && *p == '\n')
573 			*p-- = '\0';
574 		if (p >= buf && *p == '\r')
575 			*p-- = '\0';
576 
577 		switch (buf[0])
578 		{
579 		  case 'd':
580 		  case 'D':
581 			if (sm_strcasecmp(buf, "data") == 0)
582 			{
583 				bool inbody = false;
584 
585 				if (rcpt_num == 0)
586 				{
587 					mailerr("503 5.5.1", "No recipients");
588 					continue;
589 				}
590 				HoldErrs = true;
591 				msgfd = store(return_path, &inbody);
592 				HoldErrs = false;
593 				if (msgfd < 0 && !inbody)
594 				{
595 					flush_error();
596 					continue;
597 				}
598 
599 				for (i = 0; i < rcpt_num; i++)
600 				{
601 					if (msgfd < 0)
602 					{
603 						/* print error for rcpt */
604 						flush_error();
605 						continue;
606 					}
607 					p = strchr(rcpt_addr[i], '+');
608 					if (p != NULL)
609 						*p = '\0';
610 					deliver(msgfd, rcpt_addr[i]);
611 				}
612 				if (msgfd >= 0)
613 					(void) close(msgfd);
614 				goto rset;
615 			}
616 			goto syntaxerr;
617 			/* NOTREACHED */
618 			break;
619 
620 		  case 'l':
621 		  case 'L':
622 			if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
623 			{
624 				/* check for duplicate per RFC 1651 4.2 */
625 				if (gotlhlo)
626 				{
627 					mailerr("503", "%s Duplicate LHLO",
628 					       myhostname);
629 					continue;
630 				}
631 				gotlhlo = true;
632 				printf("250-%s\r\n", myhostname);
633 				if (EightBitMime)
634 					printf("250-8BITMIME\r\n");
635 				printf("250-ENHANCEDSTATUSCODES\r\n");
636 				printf("250 PIPELINING\r\n");
637 				continue;
638 			}
639 			goto syntaxerr;
640 			/* NOTREACHED */
641 			break;
642 
643 		  case 'm':
644 		  case 'M':
645 			if (sm_strncasecmp(buf, "mail ", 5) == 0)
646 			{
647 				if (return_path != NULL)
648 				{
649 					mailerr("503 5.5.1",
650 						"Nested MAIL command");
651 					continue;
652 				}
653 				if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
654 				    ((return_path = parseaddr(buf + 10,
655 							      false)) == NULL))
656 				{
657 					mailerr("501 5.5.4",
658 						"Syntax error in parameters");
659 					continue;
660 				}
661 				printf("250 2.5.0 Ok\r\n");
662 				continue;
663 			}
664 			goto syntaxerr;
665 			/* NOTREACHED */
666 			break;
667 
668 		  case 'n':
669 		  case 'N':
670 			if (sm_strcasecmp(buf, "noop") == 0)
671 			{
672 				printf("250 2.0.0 Ok\r\n");
673 				continue;
674 			}
675 			goto syntaxerr;
676 			/* NOTREACHED */
677 			break;
678 
679 		  case 'q':
680 		  case 'Q':
681 			if (sm_strcasecmp(buf, "quit") == 0)
682 			{
683 				printf("221 2.0.0 Bye\r\n");
684 				sm_exit(EX_OK);
685 			}
686 			goto syntaxerr;
687 			/* NOTREACHED */
688 			break;
689 
690 		  case 'r':
691 		  case 'R':
692 			if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
693 			{
694 				if (return_path == NULL)
695 				{
696 					mailerr("503 5.5.1",
697 						"Need MAIL command");
698 					continue;
699 				}
700 				if (rcpt_num >= rcpt_alloc)
701 				{
702 					rcpt_alloc += RCPT_GROW;
703 					rcpt_addr = (char **)
704 						REALLOC((char *) rcpt_addr,
705 							rcpt_alloc *
706 							sizeof(char **));
707 					if (rcpt_addr == NULL)
708 					{
709 						mailerr("421 4.3.0",
710 							"Memory exhausted");
711 						sm_exit(EX_TEMPFAIL);
712 					}
713 				}
714 				if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
715 				    ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
716 								      StripRcptDomain)) == NULL))
717 				{
718 					mailerr("501 5.5.4",
719 						"Syntax error in parameters");
720 					continue;
721 				}
722 				err = process_recipient(rcpt_addr[rcpt_num]);
723 				if (err != NULL)
724 				{
725 					mailerr(NULL, "%s", err);
726 					continue;
727 				}
728 				rcpt_num++;
729 				printf("250 2.1.5 Ok\r\n");
730 				continue;
731 			}
732 			else if (sm_strcasecmp(buf, "rset") == 0)
733 			{
734 				printf("250 2.0.0 Ok\r\n");
735 
736 rset:
737 				while (rcpt_num > 0)
738 					free(rcpt_addr[--rcpt_num]);
739 				if (return_path != NULL)
740 					free(return_path);
741 				return_path = NULL;
742 				continue;
743 			}
744 			goto syntaxerr;
745 			/* NOTREACHED */
746 			break;
747 
748 		  case 'v':
749 		  case 'V':
750 			if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
751 			{
752 				printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
753 				continue;
754 			}
755 			goto syntaxerr;
756 			/* NOTREACHED */
757 			break;
758 
759 		  default:
760   syntaxerr:
761 			mailerr("500 5.5.2", "Syntax error");
762 			continue;
763 			/* NOTREACHED */
764 			break;
765 		}
766 	}
767 }
768 
769 int
store(from,inbody)770 store(from, inbody)
771 	char *from;
772 	bool *inbody;
773 {
774 	FILE *fp = NULL;
775 	time_t tval;
776 	bool eline;		/* previous line was empty */
777 	bool fullline = true;	/* current line is terminated */
778 	bool prevfl;		/* previous line was terminated */
779 	char line[2048];
780 	int fd;
781 	char tmpbuf[sizeof _PATH_LOCTMP + 1];
782 
783 	if (inbody != NULL)
784 		*inbody = false;
785 
786 	(void) umask(0077);
787 	(void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
788 	if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
789 	{
790 		if (fd >= 0)
791 			(void) close(fd);
792 		mailerr("451 4.3.0", "Unable to open temporary file");
793 		return -1;
794 	}
795 	(void) unlink(tmpbuf);
796 
797 	if (LMTPMode)
798 	{
799 		printf("354 Go ahead\r\n");
800 		(void) fflush(stdout);
801 	}
802 	if (inbody != NULL)
803 		*inbody = true;
804 
805 	(void) time(&tval);
806 	(void) fprintf(fp, "From %s %s", from, ctime(&tval));
807 
808 #ifdef CONTENTLENGTH
809 	HeaderLength = 0;
810 	BodyLength = -1;
811 #endif /* CONTENTLENGTH */
812 
813 	line[0] = '\0';
814 	eline = true;
815 	while (fgets(line, sizeof(line), stdin) != (char *) NULL)
816 	{
817 		size_t line_len = 0;
818 		int peek;
819 
820 		prevfl = fullline;	/* preserve state of previous line */
821 		while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
822 			line_len++;
823 		line_len++;
824 
825 		/* Check for dot-stuffing */
826 		if (prevfl && LMTPMode && line[0] == '.')
827 		{
828 			if (line[1] == '\n' ||
829 			    (line[1] == '\r' && line[2] == '\n'))
830 				goto lmtpdot;
831 			memcpy(line, line + 1, line_len);
832 			line_len--;
833 		}
834 
835 		/* Check to see if we have the full line from fgets() */
836 		fullline = false;
837 		if (line_len > 0)
838 		{
839 			if (line[line_len - 1] == '\n')
840 			{
841 				if (line_len >= 2 &&
842 				    line[line_len - 2] == '\r')
843 				{
844 					line[line_len - 2] = '\n';
845 					line[line_len - 1] = '\0';
846 					line_len--;
847 				}
848 				fullline = true;
849 			}
850 			else if (line[line_len - 1] == '\r')
851 			{
852 				/* Did we just miss the CRLF? */
853 				peek = fgetc(stdin);
854 				if (peek == '\n')
855 				{
856 					line[line_len - 1] = '\n';
857 					fullline = true;
858 				}
859 				else
860 					(void) ungetc(peek, stdin);
861 			}
862 		}
863 		else
864 			fullline = true;
865 
866 #ifdef CONTENTLENGTH
867 		if (prevfl && line[0] == '\n' && HeaderLength == 0)
868 		{
869 			eline = false;
870 			if (fp != NULL)
871 				HeaderLength = ftell(fp);
872 			if (HeaderLength <= 0)
873 			{
874 				/*
875 				**  shouldn't happen, unless ftell() is
876 				**  badly broken
877 				*/
878 
879 				HeaderLength = -1;
880 			}
881 		}
882 #else /* CONTENTLENGTH */
883 		if (prevfl && line[0] == '\n')
884 			eline = true;
885 #endif /* CONTENTLENGTH */
886 		else
887 		{
888 			if (eline && line[0] == 'F' &&
889 			    fp != NULL &&
890 			    !memcmp(line, "From ", 5))
891 				(void) putc('>', fp);
892 			eline = false;
893 #ifdef CONTENTLENGTH
894 			/* discard existing "Content-Length:" headers */
895 			if (prevfl && HeaderLength == 0 &&
896 			    (line[0] == 'C' || line[0] == 'c') &&
897 			    sm_strncasecmp(line, ContentHdr, 15) == 0)
898 			{
899 				/*
900 				**  be paranoid: clear the line
901 				**  so no "wrong matches" may occur later
902 				*/
903 				line[0] = '\0';
904 				continue;
905 			}
906 #endif /* CONTENTLENGTH */
907 
908 		}
909 		if (fp != NULL)
910 		{
911 			(void) fwrite(line, sizeof(char), line_len, fp);
912 			if (ferror(fp))
913 			{
914 				mailerr("451 4.3.0",
915 					"Temporary file write error");
916 				(void) fclose(fp);
917 				fp = NULL;
918 				continue;
919 			}
920 		}
921 	}
922 
923 	/* check if an error occurred */
924 	if (fp == NULL)
925 		return -1;
926 
927 	if (LMTPMode)
928 	{
929 		/* Got a premature EOF -- toss message and exit */
930 		sm_exit(EX_OK);
931 	}
932 
933 	/* If message not newline terminated, need an extra. */
934 	if (fp != NULL && strchr(line, '\n') == NULL)
935 		(void) putc('\n', fp);
936 
937   lmtpdot:
938 
939 #ifdef CONTENTLENGTH
940 	if (fp != NULL)
941 		BodyLength = ftell(fp);
942 	if (HeaderLength == 0 && BodyLength > 0)	/* empty body */
943 	{
944 		HeaderLength = BodyLength;
945 		BodyLength = 0;
946 	}
947 	else
948 		BodyLength = BodyLength - HeaderLength - 1 ;
949 
950 	if (HeaderLength > 0 && BodyLength >= 0)
951 	{
952 		(void) sm_snprintf(line, sizeof line, "%lld\n",
953 				   (LONGLONG_T) BodyLength);
954 		(void) sm_strlcpy(&ContentHdr[16], line,
955 				  sizeof(ContentHdr) - 16);
956 	}
957 	else
958 		BodyLength = -1;	/* Something is wrong here */
959 #endif /* CONTENTLENGTH */
960 
961 	/* Output a newline; note, empty messages are allowed. */
962 	if (fp != NULL)
963 		(void) putc('\n', fp);
964 
965 	if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
966 	{
967 		mailerr("451 4.3.0", "Temporary file write error");
968 		if (fp != NULL)
969 			(void) fclose(fp);
970 		return -1;
971 	}
972 	return fd;
973 }
974 
975 void
deliver(fd,name)976 deliver(fd, name)
977 	int fd;
978 	char *name;
979 {
980 	struct stat fsb;
981 	struct stat sb;
982 	char path[MAXPATHLEN];
983 	int mbfd = -1, nr = 0, nw, off;
984 	int exitval;
985 	char *p;
986 	char *errcode;
987 	off_t curoff, cursize;
988 #ifdef CONTENTLENGTH
989 	off_t headerbytes;
990 	int readamount;
991 #endif /* CONTENTLENGTH */
992 	char biffmsg[100], buf[8 * 1024];
993 	SM_MBDB_T user;
994 
995 	/*
996 	**  Disallow delivery to unknown names -- special mailboxes can be
997 	**  handled in the sendmail aliases file.
998 	*/
999 
1000 	exitval = sm_mbdb_lookup(name, &user);
1001 	switch (exitval)
1002 	{
1003 	  case EX_OK:
1004 		break;
1005 
1006 	  case EX_NOUSER:
1007 		exitval = EX_UNAVAILABLE;
1008 		mailerr("550 5.1.1", "%s: User unknown", name);
1009 		break;
1010 
1011 	  case EX_TEMPFAIL:
1012 		mailerr("451 4.3.0", "%s: User database failure; retry later",
1013 			name);
1014 		break;
1015 
1016 	  default:
1017 		exitval = EX_UNAVAILABLE;
1018 		mailerr("550 5.3.0", "%s: User database failure", name);
1019 		break;
1020 	}
1021 
1022 	if (exitval != EX_OK)
1023 	{
1024 		if (ExitVal != EX_TEMPFAIL)
1025 			ExitVal = exitval;
1026 		return;
1027 	}
1028 
1029 	endpwent();
1030 
1031 	/*
1032 	**  Keep name reasonably short to avoid buffer overruns.
1033 	**	This isn't necessary on BSD because of the proper
1034 	**	definition of snprintf(), but it can cause problems
1035 	**	on other systems.
1036 	**  Also, clear out any bogus characters.
1037 	*/
1038 
1039 #if !HASHSPOOL
1040 	if (strlen(name) > 40)
1041 		name[40] = '\0';
1042 	for (p = name; *p != '\0'; p++)
1043 	{
1044 		if (!isascii(*p))
1045 			*p &= 0x7f;
1046 		else if (!isprint(*p))
1047 			*p = '.';
1048 	}
1049 #endif /* !HASHSPOOL */
1050 
1051 
1052 	if (HomeMailFile == NULL)
1053 	{
1054 		if (sm_strlcpyn(path, sizeof(path),
1055 #if HASHSPOOL
1056 				4,
1057 #else /* HASHSPOOL */
1058 				3,
1059 #endif /* HASHSPOOL */
1060 				SpoolPath, "/",
1061 #if HASHSPOOL
1062 				hashname(name),
1063 #endif /* HASHSPOOL */
1064 				name) >= sizeof(path))
1065 		{
1066 			exitval = EX_UNAVAILABLE;
1067 			mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1068 			return;
1069 		}
1070 	}
1071 	else if (*user.mbdb_homedir == '\0')
1072 	{
1073 		exitval = EX_UNAVAILABLE;
1074 		mailerr("550 5.1.1", "%s: User missing home directory", name);
1075 		return;
1076 	}
1077 	else if (sm_snprintf(path, sizeof(path), "%s/%s",
1078 			     user.mbdb_homedir, HomeMailFile) >= sizeof(path))
1079 	{
1080 		exitval = EX_UNAVAILABLE;
1081 		mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1082 		return;
1083 	}
1084 
1085 
1086 	/*
1087 	**  If the mailbox is linked or a symlink, fail.  There's an obvious
1088 	**  race here, that the file was replaced with a symbolic link after
1089 	**  the lstat returned, but before the open.  We attempt to detect
1090 	**  this by comparing the original stat information and information
1091 	**  returned by an fstat of the file descriptor returned by the open.
1092 	**
1093 	**  NB: this is a symptom of a larger problem, that the mail spooling
1094 	**  directory is writeable by the wrong users.  If that directory is
1095 	**  writeable, system security is compromised for other reasons, and
1096 	**  it cannot be fixed here.
1097 	**
1098 	**  If we created the mailbox, set the owner/group.  If that fails,
1099 	**  just return.  Another process may have already opened it, so we
1100 	**  can't unlink it.  Historically, binmail set the owner/group at
1101 	**  each mail delivery.  We no longer do this, assuming that if the
1102 	**  ownership or permissions were changed there was a reason.
1103 	**
1104 	**  XXX
1105 	**  open(2) should support flock'ing the file.
1106 	*/
1107 
1108 tryagain:
1109 #ifdef MAILLOCK
1110 	p = name;
1111 #else /* MAILLOCK */
1112 	p = path;
1113 #endif /* MAILLOCK */
1114 	if ((off = lockmbox(p)) != 0)
1115 	{
1116 		if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
1117 		{
1118 			ExitVal = EX_TEMPFAIL;
1119 			errcode = "451 4.3.0";
1120 		}
1121 		else
1122 			errcode = "551 5.3.0";
1123 
1124 		mailerr(errcode, "lockmailbox %s failed; error code %d %s",
1125 			p, off, errno > 0 ? sm_errstring(errno) : "");
1126 		return;
1127 	}
1128 
1129 	if (lstat(path, &sb) < 0)
1130 	{
1131 		int save_errno;
1132 		int mode = S_IRUSR|S_IWUSR;
1133 		gid_t gid = user.mbdb_gid;
1134 
1135 #ifdef MAILGID
1136 		(void) umask(0007);
1137 		gid = MAILGID;
1138 		mode |= S_IRGRP|S_IWGRP;
1139 #endif /* MAILGID */
1140 
1141 		mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY,
1142 			    mode);
1143 		save_errno = errno;
1144 
1145 		if (lstat(path, &sb) < 0)
1146 		{
1147 			ExitVal = EX_CANTCREAT;
1148 			mailerr("550 5.2.0",
1149 				"%s: lstat: file changed after open", path);
1150 			goto err1;
1151 		}
1152 		if (mbfd < 0)
1153 		{
1154 			if (save_errno == EEXIST)
1155 				goto tryagain;
1156 
1157 			/* open failed, don't try again */
1158 			mailerr("450 4.2.0", "%s: %s", path,
1159 				sm_errstring(save_errno));
1160 			goto err0;
1161 		}
1162 		else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
1163 		{
1164 			mailerr("451 4.3.0", "chown %u.%u: %s",
1165 				user.mbdb_uid, gid, name);
1166 			goto err1;
1167 		}
1168 		else
1169 		{
1170 			/*
1171 			**  open() was successful, now close it so can
1172 			**  be opened as the right owner again.
1173 			**  Paranoia: reset mbdf since the file descriptor
1174 			**  is no longer valid; better safe than sorry.
1175 			*/
1176 
1177 			sb.st_uid = user.mbdb_uid;
1178 			(void) close(mbfd);
1179 			mbfd = -1;
1180 		}
1181 	}
1182 	else if (sb.st_nlink != 1)
1183 	{
1184 		mailerr("550 5.2.0", "%s: too many links", path);
1185 		goto err0;
1186 	}
1187 	else if (!S_ISREG(sb.st_mode))
1188 	{
1189 		mailerr("550 5.2.0", "%s: irregular file", path);
1190 		goto err0;
1191 	}
1192 	else if (sb.st_uid != user.mbdb_uid)
1193 	{
1194 		ExitVal = EX_CANTCREAT;
1195 		mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1196 			path, (int) sb.st_uid);
1197 		goto err0;
1198 	}
1199 
1200 	/* change UID for quota checks */
1201 	if (setreuid(0, user.mbdb_uid) < 0)
1202 	{
1203 		mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1204 			(int) user.mbdb_uid, sm_errstring(errno),
1205 			(int) getuid(), (int) geteuid());
1206 		goto err1;
1207 	}
1208 #ifdef DEBUG
1209 	fprintf(stderr, "new euid = %d\n", (int) geteuid());
1210 #endif /* DEBUG */
1211 	mbfd = open(path, O_APPEND|O_WRONLY, 0);
1212 	if (mbfd < 0)
1213 	{
1214 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1215 		goto err0;
1216 	}
1217 	else if (fstat(mbfd, &fsb) < 0 ||
1218 		 fsb.st_nlink != 1 ||
1219 		 sb.st_nlink != 1 ||
1220 		 !S_ISREG(fsb.st_mode) ||
1221 		 sb.st_dev != fsb.st_dev ||
1222 		 sb.st_ino != fsb.st_ino ||
1223 # if HAS_ST_GEN && 0		/* AFS returns random values for st_gen */
1224 		 sb.st_gen != fsb.st_gen ||
1225 # endif /* HAS_ST_GEN && 0 */
1226 		 sb.st_uid != fsb.st_uid)
1227 	{
1228 		ExitVal = EX_TEMPFAIL;
1229 		mailerr("550 5.2.0", "%s: fstat: file changed after open",
1230 			path);
1231 		goto err1;
1232 	}
1233 
1234 #if 0
1235 	/*
1236 	**  This code could be reused if we decide to add a
1237 	**  per-user quota field to the sm_mbdb interface.
1238 	*/
1239 
1240 	/*
1241 	**  Fail if the user has a quota specified, and delivery of this
1242 	**  message would exceed that quota.  We bounce such failures using
1243 	**  EX_UNAVAILABLE, unless there were internal problems, since
1244 	**  storing immense messages for later retries can cause queueing
1245 	**  issues.
1246 	*/
1247 
1248 	if (ui.quota > 0)
1249 	{
1250 		struct stat dsb;
1251 
1252 		if (fstat(fd, &dsb) < 0)
1253 		{
1254 			ExitVal = EX_TEMPFAIL;
1255 			mailerr("451 4.3.0",
1256 				"%s: fstat: can't stat temporary storage: %s",
1257 				ui.mailspool, sm_errstring(errno));
1258 			goto err1;
1259 		}
1260 
1261 		if (dsb.st_size + sb.st_size + 1 > ui.quota)
1262 		{
1263 			ExitVal = EX_UNAVAILABLE;
1264 			mailerr("551 5.2.2",
1265 				"%s: Mailbox full or quota exceeded",
1266 				ui.mailspool);
1267 			goto err1;
1268 		}
1269 	}
1270 #endif /* 0 */
1271 
1272 	/* Wait until we can get a lock on the file. */
1273 	if (flock(mbfd, LOCK_EX) < 0)
1274 	{
1275 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1276 		goto err1;
1277 	}
1278 
1279 	/* Get the starting offset of the new message */
1280 	curoff = lseek(mbfd, (off_t) 0, SEEK_END);
1281 	(void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
1282 			   name, (LONGLONG_T) curoff);
1283 
1284 	/* Copy the message into the file. */
1285 	if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
1286 	{
1287 		mailerr("450 4.2.0", "Temporary file: %s",
1288 			sm_errstring(errno));
1289 		goto err1;
1290 	}
1291 #ifdef DEBUG
1292 	fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
1293 #endif /* DEBUG */
1294 #ifdef CONTENTLENGTH
1295 	headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
1296 	for (;;)
1297 	{
1298 		if (headerbytes == 0)
1299 		{
1300 			(void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
1301 			nr = strlen(buf);
1302 			headerbytes = -1;
1303 			readamount = 0;
1304 		}
1305 		else if (headerbytes > sizeof(buf) || headerbytes < 0)
1306 			readamount = sizeof(buf);
1307 		else
1308 			readamount = headerbytes;
1309 		if (readamount != 0)
1310 			nr = read(fd, buf, readamount);
1311 		if (nr <= 0)
1312 			break;
1313 		if (headerbytes > 0)
1314 			headerbytes -= nr ;
1315 
1316 #else /* CONTENTLENGTH */
1317 	while ((nr = read(fd, buf, sizeof(buf))) > 0)
1318 	{
1319 #endif /* CONTENTLENGTH */
1320 		for (off = 0; off < nr; off += nw)
1321 		{
1322 			if ((nw = write(mbfd, buf + off, nr - off)) < 0)
1323 			{
1324 				errcode = "450 4.2.0";
1325 #ifdef EDQUOT
1326 				if (errno == EDQUOT && BounceQuota)
1327 					errcode = "552 5.2.2";
1328 #endif /* EDQUOT */
1329 				mailerr(errcode, "%s: %s",
1330 					path, sm_errstring(errno));
1331 				goto err3;
1332 			}
1333 		}
1334 	}
1335 	if (nr < 0)
1336 	{
1337 		mailerr("450 4.2.0", "Temporary file: %s",
1338 			sm_errstring(errno));
1339 		goto err3;
1340 	}
1341 
1342 	/* Flush to disk, don't wait for update. */
1343 	if (fsync(mbfd) < 0)
1344 	{
1345 		mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1346 err3:
1347 #ifdef DEBUG
1348 		fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1349 #endif /* DEBUG */
1350 		if (mbfd >= 0)
1351 			(void) ftruncate(mbfd, curoff);
1352 err1:		if (mbfd >= 0)
1353 			(void) close(mbfd);
1354 err0:		(void) setreuid(0, 0);
1355 		unlockmbox();
1356 		return;
1357 	}
1358 
1359 	/*
1360 	**  Save the current size so if the close() fails below
1361 	**  we can make sure no other process has changed the mailbox
1362 	**  between the failed close and the re-open()/re-lock().
1363 	**  If something else has changed the size, we shouldn't
1364 	**  try to truncate it as we may do more harm then good
1365 	**  (e.g., truncate a later message delivery).
1366 	*/
1367 
1368 	if (fstat(mbfd, &sb) < 0)
1369 		cursize = 0;
1370 	else
1371 		cursize = sb.st_size;
1372 
1373 
1374 	/* Close and check -- NFS doesn't write until the close. */
1375 	if (close(mbfd))
1376 	{
1377 		errcode = "450 4.2.0";
1378 #ifdef EDQUOT
1379 		if (errno == EDQUOT && BounceQuota)
1380 			errcode = "552 5.2.2";
1381 #endif /* EDQUOT */
1382 		mailerr(errcode, "%s: %s", path, sm_errstring(errno));
1383 		mbfd = open(path, O_WRONLY, 0);
1384 		if (mbfd < 0 ||
1385 		    cursize == 0
1386 		    || flock(mbfd, LOCK_EX) < 0 ||
1387 		    fstat(mbfd, &sb) < 0 ||
1388 		    sb.st_size != cursize ||
1389 		    sb.st_nlink != 1 ||
1390 		    !S_ISREG(sb.st_mode) ||
1391 		    sb.st_dev != fsb.st_dev ||
1392 		    sb.st_ino != fsb.st_ino ||
1393 # if HAS_ST_GEN && 0		/* AFS returns random values for st_gen */
1394 		    sb.st_gen != fsb.st_gen ||
1395 # endif /* HAS_ST_GEN && 0 */
1396 		    sb.st_uid != fsb.st_uid
1397 		   )
1398 		{
1399 			/* Don't use a bogus file */
1400 			if (mbfd >= 0)
1401 			{
1402 				(void) close(mbfd);
1403 				mbfd = -1;
1404 			}
1405 		}
1406 
1407 		/* Attempt to truncate back to pre-write size */
1408 		goto err3;
1409 	}
1410 	else
1411 		notifybiff(biffmsg);
1412 
1413 	if (setreuid(0, 0) < 0)
1414 	{
1415 		mailerr("450 4.2.0", "setreuid(0, 0): %s",
1416 			sm_errstring(errno));
1417 		goto err0;
1418 	}
1419 #ifdef DEBUG
1420 	fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1421 #endif /* DEBUG */
1422 	unlockmbox();
1423 	if (LMTPMode)
1424 		printf("250 2.1.5 %s Ok\r\n", name);
1425 }
1426 
1427 /*
1428 **  user.lock files are necessary for compatibility with other
1429 **  systems, e.g., when the mail spool file is NFS exported.
1430 **  Alas, mailbox locking is more than just a local matter.
1431 **  EPA 11/94.
1432 */
1433 
1434 bool	Locked = false;
1435 
1436 #ifdef MAILLOCK
1437 int
lockmbox(name)1438 lockmbox(name)
1439 	char *name;
1440 {
1441 	int r = 0;
1442 
1443 	if (Locked)
1444 		return 0;
1445 	if ((r = maillock(name, 15)) == L_SUCCESS)
1446 	{
1447 		Locked = true;
1448 		return 0;
1449 	}
1450 	switch (r)
1451 	{
1452 	  case L_TMPLOCK:	/* Can't create tmp file */
1453 	  case L_TMPWRITE:	/* Can't write pid into lockfile */
1454 	  case L_MAXTRYS:	/* Failed after retrycnt attempts */
1455 		errno = 0;
1456 		r = EX_TEMPFAIL;
1457 		break;
1458 	  case L_ERROR:		/* Check errno for reason */
1459 		r = errno;
1460 		break;
1461 	  default:		/* other permanent errors */
1462 		errno = 0;
1463 		r = EX_UNAVAILABLE;
1464 		break;
1465 	}
1466 	return r;
1467 }
1468 
1469 void
unlockmbox()1470 unlockmbox()
1471 {
1472 	if (Locked)
1473 		mailunlock();
1474 	Locked = false;
1475 }
1476 #else /* MAILLOCK */
1477 
1478 char	LockName[MAXPATHLEN];
1479 
1480 int
lockmbox(path)1481 lockmbox(path)
1482 	char *path;
1483 {
1484 	int statfailed = 0;
1485 	time_t start;
1486 
1487 	if (Locked)
1488 		return 0;
1489 	if (strlen(path) + 6 > sizeof LockName)
1490 		return EX_SOFTWARE;
1491 	(void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
1492 	(void) time(&start);
1493 	for (; ; sleep(5))
1494 	{
1495 		int fd;
1496 		struct stat st;
1497 		time_t now;
1498 
1499 		/* global timeout */
1500 		(void) time(&now);
1501 		if (now > start + LOCKTO_GLOB)
1502 		{
1503 			errno = 0;
1504 			return EX_TEMPFAIL;
1505 		}
1506 		fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, LOCKFILE_PMODE);
1507 		if (fd >= 0)
1508 		{
1509 			/* defeat lock checking programs which test pid */
1510 			(void) write(fd, "0", 2);
1511 			Locked = true;
1512 			(void) close(fd);
1513 			return 0;
1514 		}
1515 		if (stat(LockName, &st) < 0)
1516 		{
1517 			if (statfailed++ > 5)
1518 			{
1519 				errno = 0;
1520 				return EX_TEMPFAIL;
1521 			}
1522 			continue;
1523 		}
1524 		statfailed = 0;
1525 		(void) time(&now);
1526 		if (now < st.st_ctime + LOCKTO_RM)
1527 			continue;
1528 
1529 		/* try to remove stale lockfile */
1530 		if (unlink(LockName) < 0)
1531 			return errno;
1532 	}
1533 }
1534 
1535 void
unlockmbox()1536 unlockmbox()
1537 {
1538 	if (!Locked)
1539 		return;
1540 	(void) unlink(LockName);
1541 	Locked = false;
1542 }
1543 #endif /* MAILLOCK */
1544 
1545 void
notifybiff(msg)1546 notifybiff(msg)
1547 	char *msg;
1548 {
1549 	static bool initialized = false;
1550 	static int f = -1;
1551 	struct hostent *hp;
1552 	struct servent *sp;
1553 	int len;
1554 	static struct sockaddr_in addr;
1555 
1556 	if (!initialized)
1557 	{
1558 		initialized = true;
1559 
1560 		/* Be silent if biff service not available. */
1561 		if ((sp = getservbyname("biff", "udp")) == NULL ||
1562 		    (hp = gethostbyname("localhost")) == NULL ||
1563 		    hp->h_length != INADDRSZ)
1564 			return;
1565 
1566 		addr.sin_family = hp->h_addrtype;
1567 		memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
1568 		addr.sin_port = sp->s_port;
1569 	}
1570 
1571 	/* No message, just return */
1572 	if (msg == NULL)
1573 		return;
1574 
1575 	/* Couldn't initialize addr struct */
1576 	if (addr.sin_family == AF_UNSPEC)
1577 		return;
1578 
1579 	if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1580 		return;
1581 	len = strlen(msg) + 1;
1582 	(void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
1583 }
1584 
1585 void
usage()1586 usage()
1587 {
1588 	ExitVal = EX_USAGE;
1589 # if _FFR_SPOOL_PATH
1590 	mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] [-p path] user ...");
1591 # else /* _FFR_SPOOL_PATH */
1592 	mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] user ...");
1593 # endif /* _FFR_SPOOL_PATH */
1594 	sm_exit(ExitVal);
1595 }
1596 
1597 void
1598 /*VARARGS2*/
1599 #ifdef __STDC__
mailerr(const char * hdr,const char * fmt,...)1600 mailerr(const char *hdr, const char *fmt, ...)
1601 #else /* __STDC__ */
1602 mailerr(hdr, fmt, va_alist)
1603 	const char *hdr;
1604 	const char *fmt;
1605 	va_dcl
1606 #endif /* __STDC__ */
1607 {
1608 	size_t len = 0;
1609 	SM_VA_LOCAL_DECL
1610 
1611 	(void) e_to_sys(errno);
1612 
1613 	SM_VA_START(ap, fmt);
1614 
1615 	if (LMTPMode && hdr != NULL)
1616 	{
1617 		sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
1618 		len = strlen(ErrBuf);
1619 	}
1620 	(void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
1621 	SM_VA_END(ap);
1622 
1623 	if (!HoldErrs)
1624 		flush_error();
1625 
1626 	/* Log the message to syslog. */
1627 	if (!LMTPMode)
1628 		syslog(LOG_ERR, "%s", ErrBuf);
1629 }
1630 
1631 void
flush_error()1632 flush_error()
1633 {
1634 	if (LMTPMode)
1635 		printf("%s\r\n", ErrBuf);
1636 	else
1637 	{
1638 		if (ExitVal != EX_USAGE)
1639 			(void) fprintf(stderr, "mail.local: ");
1640 		fprintf(stderr, "%s\n", ErrBuf);
1641 	}
1642 }
1643 
1644 #if HASHSPOOL
1645 const char *
hashname(name)1646 hashname(name)
1647 	char *name;
1648 {
1649 	static char p[MAXPATHLEN];
1650 	int i;
1651 	int len;
1652 	char *str;
1653 # if HASHSPOOLMD5
1654 	char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_";
1655 	MD5_CTX ctx;
1656 	unsigned char md5[18];
1657 #  if MAXPATHLEN <= 24
1658     ERROR _MAXPATHLEN <= 24
1659 #  endif /* MAXPATHLEN <= 24 */
1660 	char b64[24];
1661 	MD5_LONG bits;
1662 	int j;
1663 # endif /* HASHSPOOLMD5 */
1664 
1665 	if (HashType == HASH_NONE || HashDepth * 2 >= MAXPATHLEN)
1666 	{
1667 		p[0] = '\0';
1668 		return p;
1669 	}
1670 
1671 	switch(HashType)
1672 	{
1673 	  case HASH_USER:
1674 		str = name;
1675 		break;
1676 
1677 # if HASHSPOOLMD5
1678 	  case HASH_MD5:
1679 		MD5_Init(&ctx);
1680 		MD5_Update(&ctx, name, strlen(name));
1681 		MD5_Final(md5, &ctx);
1682 		md5[16] = 0;
1683 		md5[17] = 0;
1684 
1685 		for (i = 0; i < 6; i++)
1686 		{
1687 			bits = (unsigned) md5[(3 * i)] << 16;
1688 			bits |= (unsigned) md5[(3 * i) + 1] << 8;
1689 			bits |= (unsigned) md5[(3 * i) + 2];
1690 
1691 			for (j = 3; j >= 0; j--)
1692 			{
1693 				b64[(4 * i) + j] = Base64[(bits & 0x3f)];
1694 				bits >>= 6;
1695 			}
1696 		}
1697 		b64[22] = '\0';
1698 		str = b64;
1699 		break;
1700 # endif /* HASHSPOOLMD5 */
1701 	}
1702 
1703 	len = strlen(str);
1704 	for (i = 0; i < HashDepth; i++)
1705 	{
1706 		if (i < len)
1707 			p[i * 2] = str[i];
1708 		else
1709 			p[i * 2] = '_';
1710 		p[(i * 2) + 1] = '/';
1711 	}
1712 	p[HashDepth * 2] = '\0';
1713 	return p;
1714 }
1715 #endif /* HASHSPOOL */
1716 
1717 /*
1718  * e_to_sys --
1719  *	Guess which errno's are temporary.  Gag me.
1720  */
1721 
1722 int
e_to_sys(num)1723 e_to_sys(num)
1724 	int num;
1725 {
1726 	/* Temporary failures override hard errors. */
1727 	if (ExitVal == EX_TEMPFAIL)
1728 		return ExitVal;
1729 
1730 	switch (num)		/* Hopefully temporary errors. */
1731 	{
1732 #ifdef EDQUOT
1733 	  case EDQUOT:		/* Disc quota exceeded */
1734 		if (BounceQuota)
1735 		{
1736 			ExitVal = EX_UNAVAILABLE;
1737 			break;
1738 		}
1739 		/* FALLTHROUGH */
1740 #endif /* EDQUOT */
1741 #ifdef EAGAIN
1742 	  case EAGAIN:		/* Resource temporarily unavailable */
1743 #endif /* EAGAIN */
1744 #ifdef EBUSY
1745 	  case EBUSY:		/* Device busy */
1746 #endif /* EBUSY */
1747 #ifdef EPROCLIM
1748 	  case EPROCLIM:	/* Too many processes */
1749 #endif /* EPROCLIM */
1750 #ifdef EUSERS
1751 	  case EUSERS:		/* Too many users */
1752 #endif /* EUSERS */
1753 #ifdef ECONNABORTED
1754 	  case ECONNABORTED:	/* Software caused connection abort */
1755 #endif /* ECONNABORTED */
1756 #ifdef ECONNREFUSED
1757 	  case ECONNREFUSED:	/* Connection refused */
1758 #endif /* ECONNREFUSED */
1759 #ifdef ECONNRESET
1760 	  case ECONNRESET:	/* Connection reset by peer */
1761 #endif /* ECONNRESET */
1762 #ifdef EDEADLK
1763 	  case EDEADLK:		/* Resource deadlock avoided */
1764 #endif /* EDEADLK */
1765 #ifdef EFBIG
1766 	  case EFBIG:		/* File too large */
1767 #endif /* EFBIG */
1768 #ifdef EHOSTDOWN
1769 	  case EHOSTDOWN:	/* Host is down */
1770 #endif /* EHOSTDOWN */
1771 #ifdef EHOSTUNREACH
1772 	  case EHOSTUNREACH:	/* No route to host */
1773 #endif /* EHOSTUNREACH */
1774 #ifdef EMFILE
1775 	  case EMFILE:		/* Too many open files */
1776 #endif /* EMFILE */
1777 #ifdef ENETDOWN
1778 	  case ENETDOWN:	/* Network is down */
1779 #endif /* ENETDOWN */
1780 #ifdef ENETRESET
1781 	  case ENETRESET:	/* Network dropped connection on reset */
1782 #endif /* ENETRESET */
1783 #ifdef ENETUNREACH
1784 	  case ENETUNREACH:	/* Network is unreachable */
1785 #endif /* ENETUNREACH */
1786 #ifdef ENFILE
1787 	  case ENFILE:		/* Too many open files in system */
1788 #endif /* ENFILE */
1789 #ifdef ENOBUFS
1790 	  case ENOBUFS:		/* No buffer space available */
1791 #endif /* ENOBUFS */
1792 #ifdef ENOMEM
1793 	  case ENOMEM:		/* Cannot allocate memory */
1794 #endif /* ENOMEM */
1795 #ifdef ENOSPC
1796 	  case ENOSPC:		/* No space left on device */
1797 #endif /* ENOSPC */
1798 #ifdef EROFS
1799 	  case EROFS:		/* Read-only file system */
1800 #endif /* EROFS */
1801 #ifdef ESTALE
1802 	  case ESTALE:		/* Stale NFS file handle */
1803 #endif /* ESTALE */
1804 #ifdef ETIMEDOUT
1805 	  case ETIMEDOUT:	/* Connection timed out */
1806 #endif /* ETIMEDOUT */
1807 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1808 	  case EWOULDBLOCK:	/* Operation would block. */
1809 #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
1810 		ExitVal = EX_TEMPFAIL;
1811 		break;
1812 
1813 	  default:
1814 		ExitVal = EX_UNAVAILABLE;
1815 		break;
1816 	}
1817 	return ExitVal;
1818 }
1819 
1820 #if defined(ultrix) || defined(_CRAY)
1821 /*
1822  * Copyright (c) 1987, 1993
1823  *	The Regents of the University of California.  All rights reserved.
1824  *
1825  * Redistribution and use in source and binary forms, with or without
1826  * modification, are permitted provided that the following conditions
1827  * are met:
1828  * 1. Redistributions of source code must retain the above copyright
1829  *    notice, this list of conditions and the following disclaimer.
1830  * 2. Redistributions in binary form must reproduce the above copyright
1831  *    notice, this list of conditions and the following disclaimer in the
1832  *    documentation and/or other materials provided with the distribution.
1833  * 3. Neither the name of the University nor the names of its contributors
1834  *    may be used to endorse or promote products derived from this software
1835  *    without specific prior written permission.
1836  *
1837  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1838  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1839  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1840  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1841  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1842  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1843  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1844  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1845  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1846  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1847  * SUCH DAMAGE.
1848  */
1849 
1850 # if defined(LIBC_SCCS) && !defined(lint)
1851 static char sccsid[] = "@(#)mktemp.c	8.1 (Berkeley) 6/4/93";
1852 # endif /* defined(LIBC_SCCS) && !defined(lint) */
1853 
1854 # include <sys/types.h>
1855 # include <sys/stat.h>
1856 # include <fcntl.h>
1857 # include <errno.h>
1858 # include <stdio.h>
1859 # include <ctype.h>
1860 
1861 static int _gettemp();
1862 
mkstemp(path)1863 mkstemp(path)
1864 	char *path;
1865 {
1866 	int fd;
1867 
1868 	return (_gettemp(path, &fd) ? fd : -1);
1869 }
1870 
1871 static
_gettemp(path,doopen)1872 _gettemp(path, doopen)
1873 	char *path;
1874 	register int *doopen;
1875 {
1876 	extern int errno;
1877 	register char *start, *trv;
1878 	struct stat sbuf;
1879 	unsigned int pid;
1880 
1881 	pid = getpid();
1882 	for (trv = path; *trv; ++trv);		/* extra X's get set to 0's */
1883 	while (*--trv == 'X')
1884 	{
1885 		*trv = (pid % 10) + '0';
1886 		pid /= 10;
1887 	}
1888 
1889 	/*
1890 	 * check the target directory; if you have six X's and it
1891 	 * doesn't exist this runs for a *very* long time.
1892 	 */
1893 	for (start = trv + 1;; --trv)
1894 	{
1895 		if (trv <= path)
1896 			break;
1897 		if (*trv == '/')
1898 		{
1899 			*trv = '\0';
1900 			if (stat(path, &sbuf) < 0)
1901 				return(0);
1902 			if (!S_ISDIR(sbuf.st_mode))
1903 			{
1904 				errno = ENOTDIR;
1905 				return(0);
1906 			}
1907 			*trv = '/';
1908 			break;
1909 		}
1910 	}
1911 
1912 	for (;;)
1913 	{
1914 		if (doopen)
1915 		{
1916 			if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
1917 					    0600)) >= 0)
1918 				return(1);
1919 			if (errno != EEXIST)
1920 				return(0);
1921 		}
1922 		else if (stat(path, &sbuf) < 0)
1923 			return(errno == ENOENT ? 1 : 0);
1924 
1925 		/* tricky little algorithm for backward compatibility */
1926 		for (trv = start;;)
1927 		{
1928 			if (!*trv)
1929 				return(0);
1930 			if (*trv == 'z')
1931 				*trv++ = 'a';
1932 			else
1933 			{
1934 				if (isascii(*trv) && isdigit(*trv))
1935 					*trv = 'a';
1936 				else
1937 					++*trv;
1938 				break;
1939 			}
1940 		}
1941 	}
1942 	/* NOTREACHED */
1943 }
1944 #endif /* defined(ultrix) || defined(_CRAY) */
1945