1 /*
2 * Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1990, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * By using this file, you agree to the terms and conditions set
8 * forth in the LICENSE file which can be found at the top level of
9 * the sendmail distribution.
10 *
11 */
12
13 #include <sm/gen.h>
14
15 SM_IDSTR(copyright,
16 "@(#) Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.\n\
17 All rights reserved.\n\
18 Copyright (c) 1990, 1993, 1994\n\
19 The Regents of the University of California. All rights reserved.\n")
20
21 SM_RCSID("$MirOS: src/gnu/usr.sbin/sendmail/mail.local/mail.local.c,v 1.7 2014/06/09 15:17:39 tg Exp $")
22 SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.257 2013-11-22 20:51:51 ca Exp $")
23
24 #include <stdlib.h>
25 #include <sm/errstring.h>
26 #include <sm/io.h>
27 #include <sm/limits.h>
28 # include <unistd.h>
29 # ifdef EX_OK
30 # undef EX_OK /* unistd.h may have another use for this */
31 # endif /* EX_OK */
32 # define LOCKFILE_PMODE 0
33 #include <sm/mbdb.h>
34 #include <sm/sysexits.h>
35
36 #ifndef HASHSPOOL
37 # define HASHSPOOL 0
38 #endif /* ! HASHSPOOL */
39 #ifndef HASHSPOOLMD5
40 # define HASHSPOOLMD5 0
41 #endif /* ! HASHSPOOLMD5 */
42
43 /*
44 ** This is not intended to work on System V derived systems
45 ** such as Solaris or HP-UX, since they use a totally different
46 ** approach to mailboxes (essentially, they have a set-group-ID program
47 ** rather than set-user-ID, and they rely on the ability to "give away"
48 ** files to do their work). IT IS NOT A BUG that this doesn't
49 ** work on such architectures.
50 */
51
52
53 #include <stdio.h>
54 #include <errno.h>
55 #include <fcntl.h>
56 #include <sys/types.h>
57 #include <sys/stat.h>
58 #include <time.h>
59 #include <stdlib.h>
60 # include <sys/socket.h>
61 # include <sys/file.h>
62 # include <netinet/in.h>
63 # include <arpa/nameser.h>
64 # include <netdb.h>
65 # include <pwd.h>
66
67 #include <sm/string.h>
68 #include <syslog.h>
69 #include <ctype.h>
70
71 #include <sm/conf.h>
72 #include <sendmail/pathnames.h>
73
74 #if HASHSPOOL
75 # define HASH_NONE 0
76 # define HASH_USER 1
77 # if HASHSPOOLMD5
78 # define HASH_MD5 2
79 # include <openssl/md5.h>
80 # endif /* HASHSPOOLMD5 */
81 #endif /* HASHSPOOL */
82
83 #if _FFR_SPOOL_PATH
84 /*
85 ** Override path to mail store at run time (using -p).
86 ** From: Eugene Grosbein of Svyaz Service JSC
87 ** See: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/114195
88 ** NOTE: Update man page before adding this to a release.
89 */
90 #endif /* _FFR_SPOOL_PATH */
91
92
93 #ifndef LOCKTO_RM
94 # define LOCKTO_RM 300 /* timeout for stale lockfile removal */
95 #endif /* ! LOCKTO_RM */
96 #ifndef LOCKTO_GLOB
97 # define LOCKTO_GLOB 400 /* global timeout for lockfile creation */
98 #endif /* ! LOCKTO_GLOB */
99
100 /* define a realloc() which works for NULL pointers */
101 #define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
102
103 /*
104 ** If you don't have flock, you could try using lockf instead.
105 */
106
107 #ifdef LDA_USE_LOCKF
108 # define flock(a, b) lockf(a, b, 0)
109 # ifdef LOCK_EX
110 # undef LOCK_EX
111 # endif /* LOCK_EX */
112 # define LOCK_EX F_LOCK
113 #endif /* LDA_USE_LOCKF */
114
115 #ifndef LOCK_EX
116 # include <sys/file.h>
117 #endif /* ! LOCK_EX */
118
119 /*
120 ** If you don't have setreuid, and you have saved uids, and you have
121 ** a seteuid() call that doesn't try to emulate using setuid(), then
122 ** you can try defining LDA_USE_SETEUID.
123 */
124
125 #ifdef LDA_USE_SETEUID
126 # define setreuid(r, e) seteuid(e)
127 #endif /* LDA_USE_SETEUID */
128
129 #ifdef LDA_CONTENTLENGTH
130 # define CONTENTLENGTH 1
131 #endif /* LDA_CONTENTLENGTH */
132
133 #ifndef INADDRSZ
134 # define INADDRSZ 4 /* size of an IPv4 address in bytes */
135 #endif /* ! INADDRSZ */
136
137 #ifdef MAILLOCK
138 # include <maillock.h>
139 #endif /* MAILLOCK */
140
141 #ifndef MAILER_DAEMON
142 # define MAILER_DAEMON "MAILER-DAEMON"
143 #endif /* ! MAILER_DAEMON */
144
145 #ifdef CONTENTLENGTH
146 char ContentHdr[40] = "Content-Length: ";
147 off_t HeaderLength;
148 off_t BodyLength;
149 #endif /* CONTENTLENGTH */
150
151 bool EightBitMime = false; /* advertise 8BITMIME in LMTP */
152 char ErrBuf[10240]; /* error buffer */
153 int ExitVal = EX_OK; /* sysexits.h error value. */
154 bool HoldErrs = false; /* Hold errors in ErrBuf */
155 bool LMTPMode = false;
156 bool BounceQuota = false; /* permanent error when over quota */
157 bool CloseMBDB = false;
158 char *HomeMailFile = NULL; /* store mail in homedir */
159
160 #if HASHSPOOL
161 int HashType = HASH_NONE;
162 int HashDepth = 0;
163 bool StripRcptDomain = true;
164 #else /* HASHSPOOL */
165 # define StripRcptDomain true
166 #endif /* HASHSPOOL */
167 char SpoolPath[MAXPATHLEN];
168
169 char *parseaddr __P((char *, bool));
170 char *process_recipient __P((char *));
171 void dolmtp __P((void));
172 void deliver __P((int, char *));
173 int e_to_sys __P((int));
174 void notifybiff __P((char *));
175 int store __P((char *, bool *));
176 void usage __P((void));
177 int lockmbox __P((char *));
178 void unlockmbox __P((void));
179 void mailerr __P((const char *, const char *, ...));
180 void flush_error __P((void));
181 #if HASHSPOOL
182 const char *hashname __P((char *));
183 #endif /* HASHSPOOL */
184
185
186 static void sm_exit __P((int));
187
188 static void
sm_exit(status)189 sm_exit(status)
190 int status;
191 {
192 if (CloseMBDB)
193 {
194 sm_mbdb_terminate();
195 CloseMBDB = false; /* not really necessary, but ... */
196 }
197 exit(status);
198 }
199
200 int
main(argc,argv)201 main(argc, argv)
202 int argc;
203 char *argv[];
204 {
205 struct passwd *pw;
206 int ch, fd;
207 uid_t uid;
208 char *from;
209 char *mbdbname = "pw";
210 int err;
211 extern char *optarg;
212 extern int optind;
213
214
215 /* make sure we have some open file descriptors */
216 for (fd = 10; fd < 30; fd++)
217 (void) close(fd);
218
219 /* use a reasonable umask */
220 (void) umask(0077);
221
222 # ifdef LOG_MAIL
223 openlog("mail.local", 0, LOG_MAIL);
224 # else /* LOG_MAIL */
225 openlog("mail.local", 0);
226 # endif /* LOG_MAIL */
227
228 from = NULL;
229
230 /* XXX can this be converted to a compile time check? */
231 if (sm_strlcpy(SpoolPath, _PATH_MAILDIR, sizeof(SpoolPath)) >=
232 sizeof(SpoolPath))
233 {
234 mailerr("421", "Configuration error: _PATH_MAILDIR too large");
235 sm_exit(EX_CONFIG);
236 }
237 #if HASHSPOOL
238 while ((ch = getopt(argc, argv, "78bdD:f:h:r:lH:p:n")) != -1)
239 #else /* HASHSPOOL */
240 # if _FFR_SPOOL_PATH
241 while ((ch = getopt(argc, argv, "78bdD:f:h:r:lp:")) != -1)
242 # else /* _FFR_SPOOL_PATH */
243 while ((ch = getopt(argc, argv, "78bdD:f:h:r:l")) != -1)
244 # endif /* _FFR_SPOOL_PATH */
245 #endif /* HASHSPOOL */
246 {
247 switch(ch)
248 {
249 case '7': /* Do not advertise 8BITMIME */
250 EightBitMime = false;
251 break;
252
253 case '8': /* Do advertise 8BITMIME */
254 EightBitMime = true;
255 break;
256
257 case 'b': /* bounce mail when over quota. */
258 BounceQuota = true;
259 break;
260
261 case 'd': /* Backward compatible. */
262 break;
263
264 case 'D': /* mailbox database type */
265 mbdbname = optarg;
266 break;
267
268 case 'f':
269 case 'r': /* Backward compatible. */
270 if (from != NULL)
271 {
272 mailerr(NULL, "Multiple -f options");
273 usage();
274 }
275 from = optarg;
276 break;
277
278 case 'h':
279 if (optarg != NULL || *optarg != '\0')
280 HomeMailFile = optarg;
281 else
282 {
283 mailerr(NULL, "-h: missing filename");
284 usage();
285 }
286 break;
287
288 case 'l':
289 LMTPMode = true;
290 break;
291
292
293 #if HASHSPOOL
294 case 'H':
295 if (optarg == NULL || *optarg == '\0')
296 {
297 mailerr(NULL, "-H: missing hashinfo");
298 usage();
299 }
300 switch(optarg[0])
301 {
302 case 'u':
303 HashType = HASH_USER;
304 break;
305
306 # if HASHSPOOLMD5
307 case 'm':
308 HashType = HASH_MD5;
309 break;
310 # endif /* HASHSPOOLMD5 */
311
312 default:
313 mailerr(NULL, "-H: unknown hash type");
314 usage();
315 }
316 if (optarg[1] == '\0')
317 {
318 mailerr(NULL, "-H: invalid hash depth");
319 usage();
320 }
321 HashDepth = atoi(&optarg[1]);
322 if ((HashDepth <= 0) || ((HashDepth * 2) >= MAXPATHLEN))
323 {
324 mailerr(NULL, "-H: invalid hash depth");
325 usage();
326 }
327 break;
328
329 case 'n':
330 StripRcptDomain = false;
331 break;
332 #endif /* HASHSPOOL */
333
334 #if HASHSPOOL || _FFR_SPOOL_PATH
335 case 'p':
336 if (optarg == NULL || *optarg == '\0')
337 {
338 mailerr(NULL, "-p: missing spool path");
339 usage();
340 }
341 if (sm_strlcpy(SpoolPath, optarg, sizeof(SpoolPath)) >=
342 sizeof(SpoolPath))
343 {
344 mailerr(NULL, "-p: invalid spool path");
345 usage();
346 }
347 break;
348 #endif /* HASHSPOOL || _FFR_SPOOL_PATH */
349
350 case '?':
351 default:
352 usage();
353 }
354 }
355 argc -= optind;
356 argv += optind;
357
358 /* initialize biff structures */
359 notifybiff(NULL);
360
361 err = sm_mbdb_initialize(mbdbname);
362 if (err != EX_OK)
363 {
364 char *errcode = "521";
365
366 if (err == EX_TEMPFAIL)
367 errcode = "421";
368
369 mailerr(errcode, "Can not open mailbox database %s: %s",
370 mbdbname, sm_strexit(err));
371 sm_exit(err);
372 }
373 CloseMBDB = true;
374
375 if (LMTPMode)
376 {
377 if (argc > 0)
378 {
379 mailerr("421", "Users should not be specified in command line if LMTP required");
380 sm_exit(EX_TEMPFAIL);
381 }
382
383 dolmtp();
384 /* NOTREACHED */
385 sm_exit(EX_OK);
386 }
387
388 /* Non-LMTP from here on out */
389 if (*argv == '\0')
390 usage();
391
392 /*
393 ** If from not specified, use the name from getlogin() if the
394 ** uid matches, otherwise, use the name from the password file
395 ** corresponding to the uid.
396 */
397
398 uid = getuid();
399 if (from == NULL && ((from = getlogin()) == NULL ||
400 (pw = getpwnam(from)) == NULL ||
401 pw->pw_uid != uid))
402 from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
403
404 /*
405 ** There is no way to distinguish the error status of one delivery
406 ** from the rest of the deliveries. So, if we failed hard on one
407 ** or more deliveries, but had no failures on any of the others, we
408 ** return a hard failure. If we failed temporarily on one or more
409 ** deliveries, we return a temporary failure regardless of the other
410 ** failures. This results in the delivery being reattempted later
411 ** at the expense of repeated failures and multiple deliveries.
412 */
413
414 HoldErrs = true;
415 fd = store(from, NULL);
416 HoldErrs = false;
417 if (fd < 0)
418 {
419 flush_error();
420 sm_exit(ExitVal);
421 }
422 for (; *argv != NULL; ++argv)
423 deliver(fd, *argv);
424 sm_exit(ExitVal);
425 /* NOTREACHED */
426 return ExitVal;
427 }
428
429 char *
parseaddr(s,rcpt)430 parseaddr(s, rcpt)
431 char *s;
432 bool rcpt;
433 {
434 char *p;
435 int l;
436
437 if (*s++ != '<')
438 return NULL;
439
440 p = s;
441
442 /* at-domain-list */
443 while (*p == '@')
444 {
445 p++;
446 while (*p != ',' && *p != ':' && *p != '\0')
447 p++;
448 if (*p == '\0')
449 return NULL;
450
451 /* Skip over , or : */
452 p++;
453 }
454
455 s = p;
456
457 /* local-part */
458 while (*p != '\0' && *p != '@' && *p != '>')
459 {
460 if (*p == '\\')
461 {
462 if (*++p == '\0')
463 return NULL;
464 }
465 else if (*p == '\"')
466 {
467 p++;
468 while (*p != '\0' && *p != '\"')
469 {
470 if (*p == '\\')
471 {
472 if (*++p == '\0')
473 return NULL;
474 }
475 p++;
476 }
477 if (*p == '\0' || *(p + 1) == '\0')
478 return NULL;
479 }
480 /* +detail ? */
481 if (*p == '+' && rcpt)
482 *p = '\0';
483 p++;
484 }
485
486 /* @domain */
487 if (*p == '@')
488 {
489 if (rcpt)
490 *p++ = '\0';
491 while (*p != '\0' && *p != '>')
492 p++;
493 }
494
495 if (*p != '>')
496 return NULL;
497 else
498 *p = '\0';
499 p++;
500
501 if (*p != '\0' && *p != ' ')
502 return NULL;
503
504 if (*s == '\0')
505 s = MAILER_DAEMON;
506
507 l = strlen(s) + 1;
508 if (l < 0)
509 return NULL;
510 p = malloc(l);
511 if (p == NULL)
512 {
513 mailerr("421 4.3.0", "Memory exhausted");
514 sm_exit(EX_TEMPFAIL);
515 }
516
517 (void) sm_strlcpy(p, s, l);
518 return p;
519 }
520
521 char *
process_recipient(addr)522 process_recipient(addr)
523 char *addr;
524 {
525 SM_MBDB_T user;
526
527 switch (sm_mbdb_lookup(addr, &user))
528 {
529 case EX_OK:
530 return NULL;
531
532 case EX_NOUSER:
533 return "550 5.1.1 User unknown";
534
535 case EX_TEMPFAIL:
536 return "451 4.3.0 User database failure; retry later";
537
538 default:
539 return "550 5.3.0 User database failure";
540 }
541 }
542
543 #define RCPT_GROW 30
544
545 void
dolmtp()546 dolmtp()
547 {
548 char *return_path = NULL;
549 char **rcpt_addr = NULL;
550 int rcpt_num = 0;
551 int rcpt_alloc = 0;
552 bool gotlhlo = false;
553 char *err;
554 int msgfd;
555 char *p;
556 int i;
557 char myhostname[1024];
558 char buf[4096];
559
560 memset(myhostname, '\0', sizeof myhostname);
561 (void) gethostname(myhostname, sizeof myhostname - 1);
562 if (myhostname[0] == '\0')
563 sm_strlcpy(myhostname, "localhost", sizeof myhostname);
564
565 printf("220 %s LMTP ready\r\n", myhostname);
566 for (;;)
567 {
568 (void) fflush(stdout);
569 if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
570 sm_exit(EX_OK);
571 p = buf + strlen(buf) - 1;
572 if (p >= buf && *p == '\n')
573 *p-- = '\0';
574 if (p >= buf && *p == '\r')
575 *p-- = '\0';
576
577 switch (buf[0])
578 {
579 case 'd':
580 case 'D':
581 if (sm_strcasecmp(buf, "data") == 0)
582 {
583 bool inbody = false;
584
585 if (rcpt_num == 0)
586 {
587 mailerr("503 5.5.1", "No recipients");
588 continue;
589 }
590 HoldErrs = true;
591 msgfd = store(return_path, &inbody);
592 HoldErrs = false;
593 if (msgfd < 0 && !inbody)
594 {
595 flush_error();
596 continue;
597 }
598
599 for (i = 0; i < rcpt_num; i++)
600 {
601 if (msgfd < 0)
602 {
603 /* print error for rcpt */
604 flush_error();
605 continue;
606 }
607 p = strchr(rcpt_addr[i], '+');
608 if (p != NULL)
609 *p = '\0';
610 deliver(msgfd, rcpt_addr[i]);
611 }
612 if (msgfd >= 0)
613 (void) close(msgfd);
614 goto rset;
615 }
616 goto syntaxerr;
617 /* NOTREACHED */
618 break;
619
620 case 'l':
621 case 'L':
622 if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
623 {
624 /* check for duplicate per RFC 1651 4.2 */
625 if (gotlhlo)
626 {
627 mailerr("503", "%s Duplicate LHLO",
628 myhostname);
629 continue;
630 }
631 gotlhlo = true;
632 printf("250-%s\r\n", myhostname);
633 if (EightBitMime)
634 printf("250-8BITMIME\r\n");
635 printf("250-ENHANCEDSTATUSCODES\r\n");
636 printf("250 PIPELINING\r\n");
637 continue;
638 }
639 goto syntaxerr;
640 /* NOTREACHED */
641 break;
642
643 case 'm':
644 case 'M':
645 if (sm_strncasecmp(buf, "mail ", 5) == 0)
646 {
647 if (return_path != NULL)
648 {
649 mailerr("503 5.5.1",
650 "Nested MAIL command");
651 continue;
652 }
653 if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
654 ((return_path = parseaddr(buf + 10,
655 false)) == NULL))
656 {
657 mailerr("501 5.5.4",
658 "Syntax error in parameters");
659 continue;
660 }
661 printf("250 2.5.0 Ok\r\n");
662 continue;
663 }
664 goto syntaxerr;
665 /* NOTREACHED */
666 break;
667
668 case 'n':
669 case 'N':
670 if (sm_strcasecmp(buf, "noop") == 0)
671 {
672 printf("250 2.0.0 Ok\r\n");
673 continue;
674 }
675 goto syntaxerr;
676 /* NOTREACHED */
677 break;
678
679 case 'q':
680 case 'Q':
681 if (sm_strcasecmp(buf, "quit") == 0)
682 {
683 printf("221 2.0.0 Bye\r\n");
684 sm_exit(EX_OK);
685 }
686 goto syntaxerr;
687 /* NOTREACHED */
688 break;
689
690 case 'r':
691 case 'R':
692 if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
693 {
694 if (return_path == NULL)
695 {
696 mailerr("503 5.5.1",
697 "Need MAIL command");
698 continue;
699 }
700 if (rcpt_num >= rcpt_alloc)
701 {
702 rcpt_alloc += RCPT_GROW;
703 rcpt_addr = (char **)
704 REALLOC((char *) rcpt_addr,
705 rcpt_alloc *
706 sizeof(char **));
707 if (rcpt_addr == NULL)
708 {
709 mailerr("421 4.3.0",
710 "Memory exhausted");
711 sm_exit(EX_TEMPFAIL);
712 }
713 }
714 if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
715 ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
716 StripRcptDomain)) == NULL))
717 {
718 mailerr("501 5.5.4",
719 "Syntax error in parameters");
720 continue;
721 }
722 err = process_recipient(rcpt_addr[rcpt_num]);
723 if (err != NULL)
724 {
725 mailerr(NULL, "%s", err);
726 continue;
727 }
728 rcpt_num++;
729 printf("250 2.1.5 Ok\r\n");
730 continue;
731 }
732 else if (sm_strcasecmp(buf, "rset") == 0)
733 {
734 printf("250 2.0.0 Ok\r\n");
735
736 rset:
737 while (rcpt_num > 0)
738 free(rcpt_addr[--rcpt_num]);
739 if (return_path != NULL)
740 free(return_path);
741 return_path = NULL;
742 continue;
743 }
744 goto syntaxerr;
745 /* NOTREACHED */
746 break;
747
748 case 'v':
749 case 'V':
750 if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
751 {
752 printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
753 continue;
754 }
755 goto syntaxerr;
756 /* NOTREACHED */
757 break;
758
759 default:
760 syntaxerr:
761 mailerr("500 5.5.2", "Syntax error");
762 continue;
763 /* NOTREACHED */
764 break;
765 }
766 }
767 }
768
769 int
store(from,inbody)770 store(from, inbody)
771 char *from;
772 bool *inbody;
773 {
774 FILE *fp = NULL;
775 time_t tval;
776 bool eline; /* previous line was empty */
777 bool fullline = true; /* current line is terminated */
778 bool prevfl; /* previous line was terminated */
779 char line[2048];
780 int fd;
781 char tmpbuf[sizeof _PATH_LOCTMP + 1];
782
783 if (inbody != NULL)
784 *inbody = false;
785
786 (void) umask(0077);
787 (void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
788 if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
789 {
790 if (fd >= 0)
791 (void) close(fd);
792 mailerr("451 4.3.0", "Unable to open temporary file");
793 return -1;
794 }
795 (void) unlink(tmpbuf);
796
797 if (LMTPMode)
798 {
799 printf("354 Go ahead\r\n");
800 (void) fflush(stdout);
801 }
802 if (inbody != NULL)
803 *inbody = true;
804
805 (void) time(&tval);
806 (void) fprintf(fp, "From %s %s", from, ctime(&tval));
807
808 #ifdef CONTENTLENGTH
809 HeaderLength = 0;
810 BodyLength = -1;
811 #endif /* CONTENTLENGTH */
812
813 line[0] = '\0';
814 eline = true;
815 while (fgets(line, sizeof(line), stdin) != (char *) NULL)
816 {
817 size_t line_len = 0;
818 int peek;
819
820 prevfl = fullline; /* preserve state of previous line */
821 while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
822 line_len++;
823 line_len++;
824
825 /* Check for dot-stuffing */
826 if (prevfl && LMTPMode && line[0] == '.')
827 {
828 if (line[1] == '\n' ||
829 (line[1] == '\r' && line[2] == '\n'))
830 goto lmtpdot;
831 memcpy(line, line + 1, line_len);
832 line_len--;
833 }
834
835 /* Check to see if we have the full line from fgets() */
836 fullline = false;
837 if (line_len > 0)
838 {
839 if (line[line_len - 1] == '\n')
840 {
841 if (line_len >= 2 &&
842 line[line_len - 2] == '\r')
843 {
844 line[line_len - 2] = '\n';
845 line[line_len - 1] = '\0';
846 line_len--;
847 }
848 fullline = true;
849 }
850 else if (line[line_len - 1] == '\r')
851 {
852 /* Did we just miss the CRLF? */
853 peek = fgetc(stdin);
854 if (peek == '\n')
855 {
856 line[line_len - 1] = '\n';
857 fullline = true;
858 }
859 else
860 (void) ungetc(peek, stdin);
861 }
862 }
863 else
864 fullline = true;
865
866 #ifdef CONTENTLENGTH
867 if (prevfl && line[0] == '\n' && HeaderLength == 0)
868 {
869 eline = false;
870 if (fp != NULL)
871 HeaderLength = ftell(fp);
872 if (HeaderLength <= 0)
873 {
874 /*
875 ** shouldn't happen, unless ftell() is
876 ** badly broken
877 */
878
879 HeaderLength = -1;
880 }
881 }
882 #else /* CONTENTLENGTH */
883 if (prevfl && line[0] == '\n')
884 eline = true;
885 #endif /* CONTENTLENGTH */
886 else
887 {
888 if (eline && line[0] == 'F' &&
889 fp != NULL &&
890 !memcmp(line, "From ", 5))
891 (void) putc('>', fp);
892 eline = false;
893 #ifdef CONTENTLENGTH
894 /* discard existing "Content-Length:" headers */
895 if (prevfl && HeaderLength == 0 &&
896 (line[0] == 'C' || line[0] == 'c') &&
897 sm_strncasecmp(line, ContentHdr, 15) == 0)
898 {
899 /*
900 ** be paranoid: clear the line
901 ** so no "wrong matches" may occur later
902 */
903 line[0] = '\0';
904 continue;
905 }
906 #endif /* CONTENTLENGTH */
907
908 }
909 if (fp != NULL)
910 {
911 (void) fwrite(line, sizeof(char), line_len, fp);
912 if (ferror(fp))
913 {
914 mailerr("451 4.3.0",
915 "Temporary file write error");
916 (void) fclose(fp);
917 fp = NULL;
918 continue;
919 }
920 }
921 }
922
923 /* check if an error occurred */
924 if (fp == NULL)
925 return -1;
926
927 if (LMTPMode)
928 {
929 /* Got a premature EOF -- toss message and exit */
930 sm_exit(EX_OK);
931 }
932
933 /* If message not newline terminated, need an extra. */
934 if (fp != NULL && strchr(line, '\n') == NULL)
935 (void) putc('\n', fp);
936
937 lmtpdot:
938
939 #ifdef CONTENTLENGTH
940 if (fp != NULL)
941 BodyLength = ftell(fp);
942 if (HeaderLength == 0 && BodyLength > 0) /* empty body */
943 {
944 HeaderLength = BodyLength;
945 BodyLength = 0;
946 }
947 else
948 BodyLength = BodyLength - HeaderLength - 1 ;
949
950 if (HeaderLength > 0 && BodyLength >= 0)
951 {
952 (void) sm_snprintf(line, sizeof line, "%lld\n",
953 (LONGLONG_T) BodyLength);
954 (void) sm_strlcpy(&ContentHdr[16], line,
955 sizeof(ContentHdr) - 16);
956 }
957 else
958 BodyLength = -1; /* Something is wrong here */
959 #endif /* CONTENTLENGTH */
960
961 /* Output a newline; note, empty messages are allowed. */
962 if (fp != NULL)
963 (void) putc('\n', fp);
964
965 if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
966 {
967 mailerr("451 4.3.0", "Temporary file write error");
968 if (fp != NULL)
969 (void) fclose(fp);
970 return -1;
971 }
972 return fd;
973 }
974
975 void
deliver(fd,name)976 deliver(fd, name)
977 int fd;
978 char *name;
979 {
980 struct stat fsb;
981 struct stat sb;
982 char path[MAXPATHLEN];
983 int mbfd = -1, nr = 0, nw, off;
984 int exitval;
985 char *p;
986 char *errcode;
987 off_t curoff, cursize;
988 #ifdef CONTENTLENGTH
989 off_t headerbytes;
990 int readamount;
991 #endif /* CONTENTLENGTH */
992 char biffmsg[100], buf[8 * 1024];
993 SM_MBDB_T user;
994
995 /*
996 ** Disallow delivery to unknown names -- special mailboxes can be
997 ** handled in the sendmail aliases file.
998 */
999
1000 exitval = sm_mbdb_lookup(name, &user);
1001 switch (exitval)
1002 {
1003 case EX_OK:
1004 break;
1005
1006 case EX_NOUSER:
1007 exitval = EX_UNAVAILABLE;
1008 mailerr("550 5.1.1", "%s: User unknown", name);
1009 break;
1010
1011 case EX_TEMPFAIL:
1012 mailerr("451 4.3.0", "%s: User database failure; retry later",
1013 name);
1014 break;
1015
1016 default:
1017 exitval = EX_UNAVAILABLE;
1018 mailerr("550 5.3.0", "%s: User database failure", name);
1019 break;
1020 }
1021
1022 if (exitval != EX_OK)
1023 {
1024 if (ExitVal != EX_TEMPFAIL)
1025 ExitVal = exitval;
1026 return;
1027 }
1028
1029 endpwent();
1030
1031 /*
1032 ** Keep name reasonably short to avoid buffer overruns.
1033 ** This isn't necessary on BSD because of the proper
1034 ** definition of snprintf(), but it can cause problems
1035 ** on other systems.
1036 ** Also, clear out any bogus characters.
1037 */
1038
1039 #if !HASHSPOOL
1040 if (strlen(name) > 40)
1041 name[40] = '\0';
1042 for (p = name; *p != '\0'; p++)
1043 {
1044 if (!isascii(*p))
1045 *p &= 0x7f;
1046 else if (!isprint(*p))
1047 *p = '.';
1048 }
1049 #endif /* !HASHSPOOL */
1050
1051
1052 if (HomeMailFile == NULL)
1053 {
1054 if (sm_strlcpyn(path, sizeof(path),
1055 #if HASHSPOOL
1056 4,
1057 #else /* HASHSPOOL */
1058 3,
1059 #endif /* HASHSPOOL */
1060 SpoolPath, "/",
1061 #if HASHSPOOL
1062 hashname(name),
1063 #endif /* HASHSPOOL */
1064 name) >= sizeof(path))
1065 {
1066 exitval = EX_UNAVAILABLE;
1067 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1068 return;
1069 }
1070 }
1071 else if (*user.mbdb_homedir == '\0')
1072 {
1073 exitval = EX_UNAVAILABLE;
1074 mailerr("550 5.1.1", "%s: User missing home directory", name);
1075 return;
1076 }
1077 else if (sm_snprintf(path, sizeof(path), "%s/%s",
1078 user.mbdb_homedir, HomeMailFile) >= sizeof(path))
1079 {
1080 exitval = EX_UNAVAILABLE;
1081 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1082 return;
1083 }
1084
1085
1086 /*
1087 ** If the mailbox is linked or a symlink, fail. There's an obvious
1088 ** race here, that the file was replaced with a symbolic link after
1089 ** the lstat returned, but before the open. We attempt to detect
1090 ** this by comparing the original stat information and information
1091 ** returned by an fstat of the file descriptor returned by the open.
1092 **
1093 ** NB: this is a symptom of a larger problem, that the mail spooling
1094 ** directory is writeable by the wrong users. If that directory is
1095 ** writeable, system security is compromised for other reasons, and
1096 ** it cannot be fixed here.
1097 **
1098 ** If we created the mailbox, set the owner/group. If that fails,
1099 ** just return. Another process may have already opened it, so we
1100 ** can't unlink it. Historically, binmail set the owner/group at
1101 ** each mail delivery. We no longer do this, assuming that if the
1102 ** ownership or permissions were changed there was a reason.
1103 **
1104 ** XXX
1105 ** open(2) should support flock'ing the file.
1106 */
1107
1108 tryagain:
1109 #ifdef MAILLOCK
1110 p = name;
1111 #else /* MAILLOCK */
1112 p = path;
1113 #endif /* MAILLOCK */
1114 if ((off = lockmbox(p)) != 0)
1115 {
1116 if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
1117 {
1118 ExitVal = EX_TEMPFAIL;
1119 errcode = "451 4.3.0";
1120 }
1121 else
1122 errcode = "551 5.3.0";
1123
1124 mailerr(errcode, "lockmailbox %s failed; error code %d %s",
1125 p, off, errno > 0 ? sm_errstring(errno) : "");
1126 return;
1127 }
1128
1129 if (lstat(path, &sb) < 0)
1130 {
1131 int save_errno;
1132 int mode = S_IRUSR|S_IWUSR;
1133 gid_t gid = user.mbdb_gid;
1134
1135 #ifdef MAILGID
1136 (void) umask(0007);
1137 gid = MAILGID;
1138 mode |= S_IRGRP|S_IWGRP;
1139 #endif /* MAILGID */
1140
1141 mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY,
1142 mode);
1143 save_errno = errno;
1144
1145 if (lstat(path, &sb) < 0)
1146 {
1147 ExitVal = EX_CANTCREAT;
1148 mailerr("550 5.2.0",
1149 "%s: lstat: file changed after open", path);
1150 goto err1;
1151 }
1152 if (mbfd < 0)
1153 {
1154 if (save_errno == EEXIST)
1155 goto tryagain;
1156
1157 /* open failed, don't try again */
1158 mailerr("450 4.2.0", "%s: %s", path,
1159 sm_errstring(save_errno));
1160 goto err0;
1161 }
1162 else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
1163 {
1164 mailerr("451 4.3.0", "chown %u.%u: %s",
1165 user.mbdb_uid, gid, name);
1166 goto err1;
1167 }
1168 else
1169 {
1170 /*
1171 ** open() was successful, now close it so can
1172 ** be opened as the right owner again.
1173 ** Paranoia: reset mbdf since the file descriptor
1174 ** is no longer valid; better safe than sorry.
1175 */
1176
1177 sb.st_uid = user.mbdb_uid;
1178 (void) close(mbfd);
1179 mbfd = -1;
1180 }
1181 }
1182 else if (sb.st_nlink != 1)
1183 {
1184 mailerr("550 5.2.0", "%s: too many links", path);
1185 goto err0;
1186 }
1187 else if (!S_ISREG(sb.st_mode))
1188 {
1189 mailerr("550 5.2.0", "%s: irregular file", path);
1190 goto err0;
1191 }
1192 else if (sb.st_uid != user.mbdb_uid)
1193 {
1194 ExitVal = EX_CANTCREAT;
1195 mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1196 path, (int) sb.st_uid);
1197 goto err0;
1198 }
1199
1200 /* change UID for quota checks */
1201 if (setreuid(0, user.mbdb_uid) < 0)
1202 {
1203 mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1204 (int) user.mbdb_uid, sm_errstring(errno),
1205 (int) getuid(), (int) geteuid());
1206 goto err1;
1207 }
1208 #ifdef DEBUG
1209 fprintf(stderr, "new euid = %d\n", (int) geteuid());
1210 #endif /* DEBUG */
1211 mbfd = open(path, O_APPEND|O_WRONLY, 0);
1212 if (mbfd < 0)
1213 {
1214 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1215 goto err0;
1216 }
1217 else if (fstat(mbfd, &fsb) < 0 ||
1218 fsb.st_nlink != 1 ||
1219 sb.st_nlink != 1 ||
1220 !S_ISREG(fsb.st_mode) ||
1221 sb.st_dev != fsb.st_dev ||
1222 sb.st_ino != fsb.st_ino ||
1223 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1224 sb.st_gen != fsb.st_gen ||
1225 # endif /* HAS_ST_GEN && 0 */
1226 sb.st_uid != fsb.st_uid)
1227 {
1228 ExitVal = EX_TEMPFAIL;
1229 mailerr("550 5.2.0", "%s: fstat: file changed after open",
1230 path);
1231 goto err1;
1232 }
1233
1234 #if 0
1235 /*
1236 ** This code could be reused if we decide to add a
1237 ** per-user quota field to the sm_mbdb interface.
1238 */
1239
1240 /*
1241 ** Fail if the user has a quota specified, and delivery of this
1242 ** message would exceed that quota. We bounce such failures using
1243 ** EX_UNAVAILABLE, unless there were internal problems, since
1244 ** storing immense messages for later retries can cause queueing
1245 ** issues.
1246 */
1247
1248 if (ui.quota > 0)
1249 {
1250 struct stat dsb;
1251
1252 if (fstat(fd, &dsb) < 0)
1253 {
1254 ExitVal = EX_TEMPFAIL;
1255 mailerr("451 4.3.0",
1256 "%s: fstat: can't stat temporary storage: %s",
1257 ui.mailspool, sm_errstring(errno));
1258 goto err1;
1259 }
1260
1261 if (dsb.st_size + sb.st_size + 1 > ui.quota)
1262 {
1263 ExitVal = EX_UNAVAILABLE;
1264 mailerr("551 5.2.2",
1265 "%s: Mailbox full or quota exceeded",
1266 ui.mailspool);
1267 goto err1;
1268 }
1269 }
1270 #endif /* 0 */
1271
1272 /* Wait until we can get a lock on the file. */
1273 if (flock(mbfd, LOCK_EX) < 0)
1274 {
1275 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1276 goto err1;
1277 }
1278
1279 /* Get the starting offset of the new message */
1280 curoff = lseek(mbfd, (off_t) 0, SEEK_END);
1281 (void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
1282 name, (LONGLONG_T) curoff);
1283
1284 /* Copy the message into the file. */
1285 if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
1286 {
1287 mailerr("450 4.2.0", "Temporary file: %s",
1288 sm_errstring(errno));
1289 goto err1;
1290 }
1291 #ifdef DEBUG
1292 fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
1293 #endif /* DEBUG */
1294 #ifdef CONTENTLENGTH
1295 headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
1296 for (;;)
1297 {
1298 if (headerbytes == 0)
1299 {
1300 (void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
1301 nr = strlen(buf);
1302 headerbytes = -1;
1303 readamount = 0;
1304 }
1305 else if (headerbytes > sizeof(buf) || headerbytes < 0)
1306 readamount = sizeof(buf);
1307 else
1308 readamount = headerbytes;
1309 if (readamount != 0)
1310 nr = read(fd, buf, readamount);
1311 if (nr <= 0)
1312 break;
1313 if (headerbytes > 0)
1314 headerbytes -= nr ;
1315
1316 #else /* CONTENTLENGTH */
1317 while ((nr = read(fd, buf, sizeof(buf))) > 0)
1318 {
1319 #endif /* CONTENTLENGTH */
1320 for (off = 0; off < nr; off += nw)
1321 {
1322 if ((nw = write(mbfd, buf + off, nr - off)) < 0)
1323 {
1324 errcode = "450 4.2.0";
1325 #ifdef EDQUOT
1326 if (errno == EDQUOT && BounceQuota)
1327 errcode = "552 5.2.2";
1328 #endif /* EDQUOT */
1329 mailerr(errcode, "%s: %s",
1330 path, sm_errstring(errno));
1331 goto err3;
1332 }
1333 }
1334 }
1335 if (nr < 0)
1336 {
1337 mailerr("450 4.2.0", "Temporary file: %s",
1338 sm_errstring(errno));
1339 goto err3;
1340 }
1341
1342 /* Flush to disk, don't wait for update. */
1343 if (fsync(mbfd) < 0)
1344 {
1345 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1346 err3:
1347 #ifdef DEBUG
1348 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1349 #endif /* DEBUG */
1350 if (mbfd >= 0)
1351 (void) ftruncate(mbfd, curoff);
1352 err1: if (mbfd >= 0)
1353 (void) close(mbfd);
1354 err0: (void) setreuid(0, 0);
1355 unlockmbox();
1356 return;
1357 }
1358
1359 /*
1360 ** Save the current size so if the close() fails below
1361 ** we can make sure no other process has changed the mailbox
1362 ** between the failed close and the re-open()/re-lock().
1363 ** If something else has changed the size, we shouldn't
1364 ** try to truncate it as we may do more harm then good
1365 ** (e.g., truncate a later message delivery).
1366 */
1367
1368 if (fstat(mbfd, &sb) < 0)
1369 cursize = 0;
1370 else
1371 cursize = sb.st_size;
1372
1373
1374 /* Close and check -- NFS doesn't write until the close. */
1375 if (close(mbfd))
1376 {
1377 errcode = "450 4.2.0";
1378 #ifdef EDQUOT
1379 if (errno == EDQUOT && BounceQuota)
1380 errcode = "552 5.2.2";
1381 #endif /* EDQUOT */
1382 mailerr(errcode, "%s: %s", path, sm_errstring(errno));
1383 mbfd = open(path, O_WRONLY, 0);
1384 if (mbfd < 0 ||
1385 cursize == 0
1386 || flock(mbfd, LOCK_EX) < 0 ||
1387 fstat(mbfd, &sb) < 0 ||
1388 sb.st_size != cursize ||
1389 sb.st_nlink != 1 ||
1390 !S_ISREG(sb.st_mode) ||
1391 sb.st_dev != fsb.st_dev ||
1392 sb.st_ino != fsb.st_ino ||
1393 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1394 sb.st_gen != fsb.st_gen ||
1395 # endif /* HAS_ST_GEN && 0 */
1396 sb.st_uid != fsb.st_uid
1397 )
1398 {
1399 /* Don't use a bogus file */
1400 if (mbfd >= 0)
1401 {
1402 (void) close(mbfd);
1403 mbfd = -1;
1404 }
1405 }
1406
1407 /* Attempt to truncate back to pre-write size */
1408 goto err3;
1409 }
1410 else
1411 notifybiff(biffmsg);
1412
1413 if (setreuid(0, 0) < 0)
1414 {
1415 mailerr("450 4.2.0", "setreuid(0, 0): %s",
1416 sm_errstring(errno));
1417 goto err0;
1418 }
1419 #ifdef DEBUG
1420 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1421 #endif /* DEBUG */
1422 unlockmbox();
1423 if (LMTPMode)
1424 printf("250 2.1.5 %s Ok\r\n", name);
1425 }
1426
1427 /*
1428 ** user.lock files are necessary for compatibility with other
1429 ** systems, e.g., when the mail spool file is NFS exported.
1430 ** Alas, mailbox locking is more than just a local matter.
1431 ** EPA 11/94.
1432 */
1433
1434 bool Locked = false;
1435
1436 #ifdef MAILLOCK
1437 int
lockmbox(name)1438 lockmbox(name)
1439 char *name;
1440 {
1441 int r = 0;
1442
1443 if (Locked)
1444 return 0;
1445 if ((r = maillock(name, 15)) == L_SUCCESS)
1446 {
1447 Locked = true;
1448 return 0;
1449 }
1450 switch (r)
1451 {
1452 case L_TMPLOCK: /* Can't create tmp file */
1453 case L_TMPWRITE: /* Can't write pid into lockfile */
1454 case L_MAXTRYS: /* Failed after retrycnt attempts */
1455 errno = 0;
1456 r = EX_TEMPFAIL;
1457 break;
1458 case L_ERROR: /* Check errno for reason */
1459 r = errno;
1460 break;
1461 default: /* other permanent errors */
1462 errno = 0;
1463 r = EX_UNAVAILABLE;
1464 break;
1465 }
1466 return r;
1467 }
1468
1469 void
unlockmbox()1470 unlockmbox()
1471 {
1472 if (Locked)
1473 mailunlock();
1474 Locked = false;
1475 }
1476 #else /* MAILLOCK */
1477
1478 char LockName[MAXPATHLEN];
1479
1480 int
lockmbox(path)1481 lockmbox(path)
1482 char *path;
1483 {
1484 int statfailed = 0;
1485 time_t start;
1486
1487 if (Locked)
1488 return 0;
1489 if (strlen(path) + 6 > sizeof LockName)
1490 return EX_SOFTWARE;
1491 (void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
1492 (void) time(&start);
1493 for (; ; sleep(5))
1494 {
1495 int fd;
1496 struct stat st;
1497 time_t now;
1498
1499 /* global timeout */
1500 (void) time(&now);
1501 if (now > start + LOCKTO_GLOB)
1502 {
1503 errno = 0;
1504 return EX_TEMPFAIL;
1505 }
1506 fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, LOCKFILE_PMODE);
1507 if (fd >= 0)
1508 {
1509 /* defeat lock checking programs which test pid */
1510 (void) write(fd, "0", 2);
1511 Locked = true;
1512 (void) close(fd);
1513 return 0;
1514 }
1515 if (stat(LockName, &st) < 0)
1516 {
1517 if (statfailed++ > 5)
1518 {
1519 errno = 0;
1520 return EX_TEMPFAIL;
1521 }
1522 continue;
1523 }
1524 statfailed = 0;
1525 (void) time(&now);
1526 if (now < st.st_ctime + LOCKTO_RM)
1527 continue;
1528
1529 /* try to remove stale lockfile */
1530 if (unlink(LockName) < 0)
1531 return errno;
1532 }
1533 }
1534
1535 void
unlockmbox()1536 unlockmbox()
1537 {
1538 if (!Locked)
1539 return;
1540 (void) unlink(LockName);
1541 Locked = false;
1542 }
1543 #endif /* MAILLOCK */
1544
1545 void
notifybiff(msg)1546 notifybiff(msg)
1547 char *msg;
1548 {
1549 static bool initialized = false;
1550 static int f = -1;
1551 struct hostent *hp;
1552 struct servent *sp;
1553 int len;
1554 static struct sockaddr_in addr;
1555
1556 if (!initialized)
1557 {
1558 initialized = true;
1559
1560 /* Be silent if biff service not available. */
1561 if ((sp = getservbyname("biff", "udp")) == NULL ||
1562 (hp = gethostbyname("localhost")) == NULL ||
1563 hp->h_length != INADDRSZ)
1564 return;
1565
1566 addr.sin_family = hp->h_addrtype;
1567 memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
1568 addr.sin_port = sp->s_port;
1569 }
1570
1571 /* No message, just return */
1572 if (msg == NULL)
1573 return;
1574
1575 /* Couldn't initialize addr struct */
1576 if (addr.sin_family == AF_UNSPEC)
1577 return;
1578
1579 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1580 return;
1581 len = strlen(msg) + 1;
1582 (void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
1583 }
1584
1585 void
usage()1586 usage()
1587 {
1588 ExitVal = EX_USAGE;
1589 # if _FFR_SPOOL_PATH
1590 mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] [-p path] user ...");
1591 # else /* _FFR_SPOOL_PATH */
1592 mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] user ...");
1593 # endif /* _FFR_SPOOL_PATH */
1594 sm_exit(ExitVal);
1595 }
1596
1597 void
1598 /*VARARGS2*/
1599 #ifdef __STDC__
mailerr(const char * hdr,const char * fmt,...)1600 mailerr(const char *hdr, const char *fmt, ...)
1601 #else /* __STDC__ */
1602 mailerr(hdr, fmt, va_alist)
1603 const char *hdr;
1604 const char *fmt;
1605 va_dcl
1606 #endif /* __STDC__ */
1607 {
1608 size_t len = 0;
1609 SM_VA_LOCAL_DECL
1610
1611 (void) e_to_sys(errno);
1612
1613 SM_VA_START(ap, fmt);
1614
1615 if (LMTPMode && hdr != NULL)
1616 {
1617 sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
1618 len = strlen(ErrBuf);
1619 }
1620 (void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
1621 SM_VA_END(ap);
1622
1623 if (!HoldErrs)
1624 flush_error();
1625
1626 /* Log the message to syslog. */
1627 if (!LMTPMode)
1628 syslog(LOG_ERR, "%s", ErrBuf);
1629 }
1630
1631 void
flush_error()1632 flush_error()
1633 {
1634 if (LMTPMode)
1635 printf("%s\r\n", ErrBuf);
1636 else
1637 {
1638 if (ExitVal != EX_USAGE)
1639 (void) fprintf(stderr, "mail.local: ");
1640 fprintf(stderr, "%s\n", ErrBuf);
1641 }
1642 }
1643
1644 #if HASHSPOOL
1645 const char *
hashname(name)1646 hashname(name)
1647 char *name;
1648 {
1649 static char p[MAXPATHLEN];
1650 int i;
1651 int len;
1652 char *str;
1653 # if HASHSPOOLMD5
1654 char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_";
1655 MD5_CTX ctx;
1656 unsigned char md5[18];
1657 # if MAXPATHLEN <= 24
1658 ERROR _MAXPATHLEN <= 24
1659 # endif /* MAXPATHLEN <= 24 */
1660 char b64[24];
1661 MD5_LONG bits;
1662 int j;
1663 # endif /* HASHSPOOLMD5 */
1664
1665 if (HashType == HASH_NONE || HashDepth * 2 >= MAXPATHLEN)
1666 {
1667 p[0] = '\0';
1668 return p;
1669 }
1670
1671 switch(HashType)
1672 {
1673 case HASH_USER:
1674 str = name;
1675 break;
1676
1677 # if HASHSPOOLMD5
1678 case HASH_MD5:
1679 MD5_Init(&ctx);
1680 MD5_Update(&ctx, name, strlen(name));
1681 MD5_Final(md5, &ctx);
1682 md5[16] = 0;
1683 md5[17] = 0;
1684
1685 for (i = 0; i < 6; i++)
1686 {
1687 bits = (unsigned) md5[(3 * i)] << 16;
1688 bits |= (unsigned) md5[(3 * i) + 1] << 8;
1689 bits |= (unsigned) md5[(3 * i) + 2];
1690
1691 for (j = 3; j >= 0; j--)
1692 {
1693 b64[(4 * i) + j] = Base64[(bits & 0x3f)];
1694 bits >>= 6;
1695 }
1696 }
1697 b64[22] = '\0';
1698 str = b64;
1699 break;
1700 # endif /* HASHSPOOLMD5 */
1701 }
1702
1703 len = strlen(str);
1704 for (i = 0; i < HashDepth; i++)
1705 {
1706 if (i < len)
1707 p[i * 2] = str[i];
1708 else
1709 p[i * 2] = '_';
1710 p[(i * 2) + 1] = '/';
1711 }
1712 p[HashDepth * 2] = '\0';
1713 return p;
1714 }
1715 #endif /* HASHSPOOL */
1716
1717 /*
1718 * e_to_sys --
1719 * Guess which errno's are temporary. Gag me.
1720 */
1721
1722 int
e_to_sys(num)1723 e_to_sys(num)
1724 int num;
1725 {
1726 /* Temporary failures override hard errors. */
1727 if (ExitVal == EX_TEMPFAIL)
1728 return ExitVal;
1729
1730 switch (num) /* Hopefully temporary errors. */
1731 {
1732 #ifdef EDQUOT
1733 case EDQUOT: /* Disc quota exceeded */
1734 if (BounceQuota)
1735 {
1736 ExitVal = EX_UNAVAILABLE;
1737 break;
1738 }
1739 /* FALLTHROUGH */
1740 #endif /* EDQUOT */
1741 #ifdef EAGAIN
1742 case EAGAIN: /* Resource temporarily unavailable */
1743 #endif /* EAGAIN */
1744 #ifdef EBUSY
1745 case EBUSY: /* Device busy */
1746 #endif /* EBUSY */
1747 #ifdef EPROCLIM
1748 case EPROCLIM: /* Too many processes */
1749 #endif /* EPROCLIM */
1750 #ifdef EUSERS
1751 case EUSERS: /* Too many users */
1752 #endif /* EUSERS */
1753 #ifdef ECONNABORTED
1754 case ECONNABORTED: /* Software caused connection abort */
1755 #endif /* ECONNABORTED */
1756 #ifdef ECONNREFUSED
1757 case ECONNREFUSED: /* Connection refused */
1758 #endif /* ECONNREFUSED */
1759 #ifdef ECONNRESET
1760 case ECONNRESET: /* Connection reset by peer */
1761 #endif /* ECONNRESET */
1762 #ifdef EDEADLK
1763 case EDEADLK: /* Resource deadlock avoided */
1764 #endif /* EDEADLK */
1765 #ifdef EFBIG
1766 case EFBIG: /* File too large */
1767 #endif /* EFBIG */
1768 #ifdef EHOSTDOWN
1769 case EHOSTDOWN: /* Host is down */
1770 #endif /* EHOSTDOWN */
1771 #ifdef EHOSTUNREACH
1772 case EHOSTUNREACH: /* No route to host */
1773 #endif /* EHOSTUNREACH */
1774 #ifdef EMFILE
1775 case EMFILE: /* Too many open files */
1776 #endif /* EMFILE */
1777 #ifdef ENETDOWN
1778 case ENETDOWN: /* Network is down */
1779 #endif /* ENETDOWN */
1780 #ifdef ENETRESET
1781 case ENETRESET: /* Network dropped connection on reset */
1782 #endif /* ENETRESET */
1783 #ifdef ENETUNREACH
1784 case ENETUNREACH: /* Network is unreachable */
1785 #endif /* ENETUNREACH */
1786 #ifdef ENFILE
1787 case ENFILE: /* Too many open files in system */
1788 #endif /* ENFILE */
1789 #ifdef ENOBUFS
1790 case ENOBUFS: /* No buffer space available */
1791 #endif /* ENOBUFS */
1792 #ifdef ENOMEM
1793 case ENOMEM: /* Cannot allocate memory */
1794 #endif /* ENOMEM */
1795 #ifdef ENOSPC
1796 case ENOSPC: /* No space left on device */
1797 #endif /* ENOSPC */
1798 #ifdef EROFS
1799 case EROFS: /* Read-only file system */
1800 #endif /* EROFS */
1801 #ifdef ESTALE
1802 case ESTALE: /* Stale NFS file handle */
1803 #endif /* ESTALE */
1804 #ifdef ETIMEDOUT
1805 case ETIMEDOUT: /* Connection timed out */
1806 #endif /* ETIMEDOUT */
1807 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1808 case EWOULDBLOCK: /* Operation would block. */
1809 #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
1810 ExitVal = EX_TEMPFAIL;
1811 break;
1812
1813 default:
1814 ExitVal = EX_UNAVAILABLE;
1815 break;
1816 }
1817 return ExitVal;
1818 }
1819
1820 #if defined(ultrix) || defined(_CRAY)
1821 /*
1822 * Copyright (c) 1987, 1993
1823 * The Regents of the University of California. All rights reserved.
1824 *
1825 * Redistribution and use in source and binary forms, with or without
1826 * modification, are permitted provided that the following conditions
1827 * are met:
1828 * 1. Redistributions of source code must retain the above copyright
1829 * notice, this list of conditions and the following disclaimer.
1830 * 2. Redistributions in binary form must reproduce the above copyright
1831 * notice, this list of conditions and the following disclaimer in the
1832 * documentation and/or other materials provided with the distribution.
1833 * 3. Neither the name of the University nor the names of its contributors
1834 * may be used to endorse or promote products derived from this software
1835 * without specific prior written permission.
1836 *
1837 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1838 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1839 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1840 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1841 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1842 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1843 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1844 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1845 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1846 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1847 * SUCH DAMAGE.
1848 */
1849
1850 # if defined(LIBC_SCCS) && !defined(lint)
1851 static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
1852 # endif /* defined(LIBC_SCCS) && !defined(lint) */
1853
1854 # include <sys/types.h>
1855 # include <sys/stat.h>
1856 # include <fcntl.h>
1857 # include <errno.h>
1858 # include <stdio.h>
1859 # include <ctype.h>
1860
1861 static int _gettemp();
1862
mkstemp(path)1863 mkstemp(path)
1864 char *path;
1865 {
1866 int fd;
1867
1868 return (_gettemp(path, &fd) ? fd : -1);
1869 }
1870
1871 static
_gettemp(path,doopen)1872 _gettemp(path, doopen)
1873 char *path;
1874 register int *doopen;
1875 {
1876 extern int errno;
1877 register char *start, *trv;
1878 struct stat sbuf;
1879 unsigned int pid;
1880
1881 pid = getpid();
1882 for (trv = path; *trv; ++trv); /* extra X's get set to 0's */
1883 while (*--trv == 'X')
1884 {
1885 *trv = (pid % 10) + '0';
1886 pid /= 10;
1887 }
1888
1889 /*
1890 * check the target directory; if you have six X's and it
1891 * doesn't exist this runs for a *very* long time.
1892 */
1893 for (start = trv + 1;; --trv)
1894 {
1895 if (trv <= path)
1896 break;
1897 if (*trv == '/')
1898 {
1899 *trv = '\0';
1900 if (stat(path, &sbuf) < 0)
1901 return(0);
1902 if (!S_ISDIR(sbuf.st_mode))
1903 {
1904 errno = ENOTDIR;
1905 return(0);
1906 }
1907 *trv = '/';
1908 break;
1909 }
1910 }
1911
1912 for (;;)
1913 {
1914 if (doopen)
1915 {
1916 if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
1917 0600)) >= 0)
1918 return(1);
1919 if (errno != EEXIST)
1920 return(0);
1921 }
1922 else if (stat(path, &sbuf) < 0)
1923 return(errno == ENOENT ? 1 : 0);
1924
1925 /* tricky little algorithm for backward compatibility */
1926 for (trv = start;;)
1927 {
1928 if (!*trv)
1929 return(0);
1930 if (*trv == 'z')
1931 *trv++ = 'a';
1932 else
1933 {
1934 if (isascii(*trv) && isdigit(*trv))
1935 *trv = 'a';
1936 else
1937 ++*trv;
1938 break;
1939 }
1940 }
1941 }
1942 /* NOTREACHED */
1943 }
1944 #endif /* defined(ultrix) || defined(_CRAY) */
1945