2 * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1990, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
7 * By using this file, you agree to the terms and conditions set
8 * forth in the LICENSE file which can be found at the top level of
9 * the sendmail distribution.
16 "@(#) Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.\n\
17 All rights reserved.\n\
18 Copyright (c) 1990, 1993, 1994\n\
19 The Regents of the University of California. All rights reserved.\n")
21 SM_IDSTR(id
, "@(#)$Id: mail.local.c,v 8.254 2006/10/12 22:23:45 ca Exp $")
24 #include <sm/errstring.h>
26 #include <sm/limits.h>
29 # undef EX_OK /* unistd.h may have another use for this */
31 # define LOCKFILE_PMODE 0
33 #include <sm/sysexits.h>
37 #endif /* ! HASHSPOOL */
39 # define HASHSPOOLMD5 0
40 #endif /* ! HASHSPOOLMD5 */
43 ** This is not intended to work on System V derived systems
44 ** such as Solaris or HP-UX, since they use a totally different
45 ** approach to mailboxes (essentially, they have a set-group-ID program
46 ** rather than set-user-ID, and they rely on the ability to "give away"
47 ** files to do their work). IT IS NOT A BUG that this doesn't
48 ** work on such architectures.
55 #include <sys/types.h>
59 # include <sys/socket.h>
60 # include <sys/file.h>
61 # include <netinet/in.h>
62 # include <arpa/nameser.h>
66 #include <sm/string.h>
71 #include <sendmail/pathnames.h>
78 # include <openssl/md5.h>
79 # endif /* HASHSPOOLMD5 */
80 #endif /* HASHSPOOL */
84 # define LOCKTO_RM 300 /* timeout for stale lockfile removal */
85 #endif /* ! LOCKTO_RM */
87 # define LOCKTO_GLOB 400 /* global timeout for lockfile creation */
88 #endif /* ! LOCKTO_GLOB */
90 /* define a realloc() which works for NULL pointers */
91 #define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
94 ** If you don't have flock, you could try using lockf instead.
98 # define flock(a, b) lockf(a, b, 0)
101 # endif /* LOCK_EX */
102 # define LOCK_EX F_LOCK
103 #endif /* LDA_USE_LOCKF */
106 # include <sys/file.h>
107 #endif /* ! LOCK_EX */
110 ** If you don't have setreuid, and you have saved uids, and you have
111 ** a seteuid() call that doesn't try to emulate using setuid(), then
112 ** you can try defining LDA_USE_SETEUID.
115 #ifdef LDA_USE_SETEUID
116 # define setreuid(r, e) seteuid(e)
117 #endif /* LDA_USE_SETEUID */
119 #ifdef LDA_CONTENTLENGTH
120 # define CONTENTLENGTH 1
121 #endif /* LDA_CONTENTLENGTH */
124 # define INADDRSZ 4 /* size of an IPv4 address in bytes */
125 #endif /* ! INADDRSZ */
128 # include <maillock.h>
129 #endif /* MAILLOCK */
131 #ifndef MAILER_DAEMON
132 # define MAILER_DAEMON "MAILER-DAEMON"
133 #endif /* ! MAILER_DAEMON */
136 char ContentHdr
[40] = "Content-Length: ";
139 #endif /* CONTENTLENGTH */
141 bool EightBitMime
= true; /* advertise 8BITMIME in LMTP */
142 char ErrBuf
[10240]; /* error buffer */
143 int ExitVal
= EX_OK
; /* sysexits.h error value. */
144 bool HoldErrs
= false; /* Hold errors in ErrBuf */
145 bool LMTPMode
= false;
146 bool BounceQuota
= false; /* permanent error when over quota */
147 bool CloseMBDB
= false;
148 char *HomeMailFile
= NULL
; /* store mail in homedir */
151 int HashType
= HASH_NONE
;
153 bool StripRcptDomain
= true;
154 #else /* HASHSPOOL */
155 # define StripRcptDomain true
156 #endif /* HASHSPOOL */
157 char SpoolPath
[MAXPATHLEN
];
159 char *parseaddr
__P((char *, bool));
160 char *process_recipient
__P((char *));
161 void dolmtp
__P((void));
162 void deliver
__P((int, char *));
163 int e_to_sys
__P((int));
164 void notifybiff
__P((char *));
165 int store
__P((char *, bool *));
166 void usage
__P((void));
167 int lockmbox
__P((char *));
168 void unlockmbox
__P((void));
169 void mailerr
__P((const char *, const char *, ...));
170 void flush_error
__P((void));
172 const char *hashname
__P((char *));
173 #endif /* HASHSPOOL */
176 static void sm_exit
__P((int));
185 CloseMBDB
= false; /* not really necessary, but ... */
199 char *mbdbname
= "pw";
205 /* make sure we have some open file descriptors */
206 for (fd
= 10; fd
< 30; fd
++)
209 /* use a reasonable umask */
213 openlog("mail.local", 0, LOG_MAIL
);
214 # else /* LOG_MAIL */
215 openlog("mail.local", 0);
216 # endif /* LOG_MAIL */
220 /* XXX can this be converted to a compile time check? */
221 if (sm_strlcpy(SpoolPath
, _PATH_MAILDIR
, sizeof(SpoolPath
)) >=
224 mailerr("421", "Configuration error: _PATH_MAILDIR too large");
228 while ((ch
= getopt(argc
, argv
, "7bdD:f:h:r:lH:p:n")) != -1)
229 #else /* HASHSPOOL */
230 while ((ch
= getopt(argc
, argv
, "7bdD:f:h:r:l")) != -1)
231 #endif /* HASHSPOOL */
235 case '7': /* Do not advertise 8BITMIME */
236 EightBitMime
= false;
239 case 'b': /* bounce mail when over quota. */
243 case 'd': /* Backward compatible. */
246 case 'D': /* mailbox database type */
251 case 'r': /* Backward compatible. */
254 mailerr(NULL
, "Multiple -f options");
261 if (optarg
!= NULL
|| *optarg
!= '\0')
262 HomeMailFile
= optarg
;
265 mailerr(NULL
, "-h: missing filename");
277 if (optarg
== NULL
|| *optarg
== '\0')
279 mailerr(NULL
, "-H: missing hashinfo");
285 HashType
= HASH_USER
;
292 # endif /* HASHSPOOLMD5 */
295 mailerr(NULL
, "-H: unknown hash type");
298 if (optarg
[1] == '\0')
300 mailerr(NULL
, "-H: invalid hash depth");
303 HashDepth
= atoi(&optarg
[1]);
304 if ((HashDepth
<= 0) || ((HashDepth
* 2) >= MAXPATHLEN
))
306 mailerr(NULL
, "-H: invalid hash depth");
312 if (optarg
== NULL
|| *optarg
== '\0')
314 mailerr(NULL
, "-p: missing spool path");
317 if (sm_strlcpy(SpoolPath
, optarg
, sizeof(SpoolPath
)) >=
320 mailerr(NULL
, "-p: invalid spool path");
326 StripRcptDomain
= false;
328 #endif /* HASHSPOOL */
338 /* initialize biff structures */
341 err
= sm_mbdb_initialize(mbdbname
);
344 char *errcode
= "521";
346 if (err
== EX_TEMPFAIL
)
349 mailerr(errcode
, "Can not open mailbox database %s: %s",
350 mbdbname
, sm_strexit(err
));
359 mailerr("421", "Users should not be specified in command line if LMTP required");
360 sm_exit(EX_TEMPFAIL
);
368 /* Non-LMTP from here on out */
373 ** If from not specified, use the name from getlogin() if the
374 ** uid matches, otherwise, use the name from the password file
375 ** corresponding to the uid.
379 if (from
== NULL
&& ((from
= getlogin()) == NULL
||
380 (pw
= getpwnam(from
)) == NULL
||
382 from
= (pw
= getpwuid(uid
)) != NULL
? pw
->pw_name
: "???";
385 ** There is no way to distinguish the error status of one delivery
386 ** from the rest of the deliveries. So, if we failed hard on one
387 ** or more deliveries, but had no failures on any of the others, we
388 ** return a hard failure. If we failed temporarily on one or more
389 ** deliveries, we return a temporary failure regardless of the other
390 ** failures. This results in the delivery being reattempted later
391 ** at the expense of repeated failures and multiple deliveries.
395 fd
= store(from
, NULL
);
402 for (; *argv
!= NULL
; ++argv
)
426 while (*p
!= ',' && *p
!= ':' && *p
!= '\0')
431 /* Skip over , or : */
438 while (*p
!= '\0' && *p
!= '@' && *p
!= '>')
448 while (*p
!= '\0' && *p
!= '\"')
457 if (*p
== '\0' || *(p
+ 1) == '\0')
461 if (*p
== '+' && rcpt
)
471 while (*p
!= '\0' && *p
!= '>')
481 if (*p
!= '\0' && *p
!= ' ')
493 mailerr("421 4.3.0", "Memory exhausted");
494 sm_exit(EX_TEMPFAIL
);
497 (void) sm_strlcpy(p
, s
, l
);
502 process_recipient(addr
)
507 switch (sm_mbdb_lookup(addr
, &user
))
513 return "550 5.1.1 User unknown";
516 return "451 4.3.0 User database failure; retry later";
519 return "550 5.3.0 User database failure";
528 char *return_path
= NULL
;
529 char **rcpt_addr
= NULL
;
532 bool gotlhlo
= false;
537 char myhostname
[1024];
540 memset(myhostname
, '\0', sizeof myhostname
);
541 (void) gethostname(myhostname
, sizeof myhostname
- 1);
542 if (myhostname
[0] == '\0')
543 sm_strlcpy(myhostname
, "localhost", sizeof myhostname
);
545 printf("220 %s LMTP ready\r\n", myhostname
);
548 (void) fflush(stdout
);
549 if (fgets(buf
, sizeof(buf
) - 1, stdin
) == NULL
)
551 p
= buf
+ strlen(buf
) - 1;
552 if (p
>= buf
&& *p
== '\n')
554 if (p
>= buf
&& *p
== '\r')
561 if (sm_strcasecmp(buf
, "data") == 0)
567 mailerr("503 5.5.1", "No recipients");
571 msgfd
= store(return_path
, &inbody
);
573 if (msgfd
< 0 && !inbody
)
579 for (i
= 0; i
< rcpt_num
; i
++)
583 /* print error for rcpt */
587 p
= strchr(rcpt_addr
[i
], '+');
590 deliver(msgfd
, rcpt_addr
[i
]);
602 if (sm_strncasecmp(buf
, "lhlo ", 5) == 0)
604 /* check for duplicate per RFC 1651 4.2 */
607 mailerr("503", "%s Duplicate LHLO",
612 printf("250-%s\r\n", myhostname
);
614 printf("250-8BITMIME\r\n");
615 printf("250-ENHANCEDSTATUSCODES\r\n");
616 printf("250 PIPELINING\r\n");
625 if (sm_strncasecmp(buf
, "mail ", 5) == 0)
627 if (return_path
!= NULL
)
630 "Nested MAIL command");
633 if (sm_strncasecmp(buf
+ 5, "from:", 5) != 0 ||
634 ((return_path
= parseaddr(buf
+ 10,
638 "Syntax error in parameters");
641 printf("250 2.5.0 Ok\r\n");
650 if (sm_strcasecmp(buf
, "noop") == 0)
652 printf("250 2.0.0 Ok\r\n");
661 if (sm_strcasecmp(buf
, "quit") == 0)
663 printf("221 2.0.0 Bye\r\n");
672 if (sm_strncasecmp(buf
, "rcpt ", 5) == 0)
674 if (return_path
== NULL
)
677 "Need MAIL command");
680 if (rcpt_num
>= rcpt_alloc
)
682 rcpt_alloc
+= RCPT_GROW
;
683 rcpt_addr
= (char **)
684 REALLOC((char *) rcpt_addr
,
687 if (rcpt_addr
== NULL
)
691 sm_exit(EX_TEMPFAIL
);
694 if (sm_strncasecmp(buf
+ 5, "to:", 3) != 0 ||
695 ((rcpt_addr
[rcpt_num
] = parseaddr(buf
+ 8,
696 StripRcptDomain
)) == NULL
))
699 "Syntax error in parameters");
702 err
= process_recipient(rcpt_addr
[rcpt_num
]);
705 mailerr(NULL
, "%s", err
);
709 printf("250 2.1.5 Ok\r\n");
712 else if (sm_strcasecmp(buf
, "rset") == 0)
714 printf("250 2.0.0 Ok\r\n");
718 free(rcpt_addr
[--rcpt_num
]);
719 if (return_path
!= NULL
)
730 if (sm_strncasecmp(buf
, "vrfy ", 5) == 0)
732 printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
741 mailerr("500 5.5.2", "Syntax error");
756 bool eline
; /* previous line was empty */
757 bool fullline
= true; /* current line is terminated */
758 bool prevfl
; /* previous line was terminated */
761 char tmpbuf
[sizeof _PATH_LOCTMP
+ 1];
767 (void) sm_strlcpy(tmpbuf
, _PATH_LOCTMP
, sizeof tmpbuf
);
768 if ((fd
= mkstemp(tmpbuf
)) < 0 || (fp
= fdopen(fd
, "w+")) == NULL
)
772 mailerr("451 4.3.0", "Unable to open temporary file");
775 (void) unlink(tmpbuf
);
779 printf("354 Go ahead\r\n");
780 (void) fflush(stdout
);
786 (void) fprintf(fp
, "From %s %s", from
, ctime(&tval
));
791 #endif /* CONTENTLENGTH */
795 while (fgets(line
, sizeof(line
), stdin
) != (char *) NULL
)
800 prevfl
= fullline
; /* preserve state of previous line */
801 while (line
[line_len
] != '\n' && line_len
< sizeof(line
) - 2)
805 /* Check for dot-stuffing */
806 if (prevfl
&& LMTPMode
&& line
[0] == '.')
808 if (line
[1] == '\n' ||
809 (line
[1] == '\r' && line
[2] == '\n'))
811 memcpy(line
, line
+ 1, line_len
);
815 /* Check to see if we have the full line from fgets() */
819 if (line
[line_len
- 1] == '\n')
822 line
[line_len
- 2] == '\r')
824 line
[line_len
- 2] = '\n';
825 line
[line_len
- 1] = '\0';
830 else if (line
[line_len
- 1] == '\r')
832 /* Did we just miss the CRLF? */
836 line
[line_len
- 1] = '\n';
840 (void) ungetc(peek
, stdin
);
847 if (prevfl
&& line
[0] == '\n' && HeaderLength
== 0)
851 HeaderLength
= ftell(fp
);
852 if (HeaderLength
<= 0)
855 ** shouldn't happen, unless ftell() is
862 #else /* CONTENTLENGTH */
863 if (prevfl
&& line
[0] == '\n')
865 #endif /* CONTENTLENGTH */
868 if (eline
&& line
[0] == 'F' &&
870 !memcmp(line
, "From ", 5))
871 (void) putc('>', fp
);
874 /* discard existing "Content-Length:" headers */
875 if (prevfl
&& HeaderLength
== 0 &&
876 (line
[0] == 'C' || line
[0] == 'c') &&
877 sm_strncasecmp(line
, ContentHdr
, 15) == 0)
880 ** be paranoid: clear the line
881 ** so no "wrong matches" may occur later
886 #endif /* CONTENTLENGTH */
891 (void) fwrite(line
, sizeof(char), line_len
, fp
);
895 "Temporary file write error");
903 /* check if an error occurred */
909 /* Got a premature EOF -- toss message and exit */
913 /* If message not newline terminated, need an extra. */
914 if (fp
!= NULL
&& strchr(line
, '\n') == NULL
)
915 (void) putc('\n', fp
);
921 BodyLength
= ftell(fp
);
922 if (HeaderLength
== 0 && BodyLength
> 0) /* empty body */
924 HeaderLength
= BodyLength
;
928 BodyLength
= BodyLength
- HeaderLength
- 1 ;
930 if (HeaderLength
> 0 && BodyLength
>= 0)
932 (void) sm_snprintf(line
, sizeof line
, "%lld\n",
933 (LONGLONG_T
) BodyLength
);
934 (void) sm_strlcpy(&ContentHdr
[16], line
,
935 sizeof(ContentHdr
) - 16);
938 BodyLength
= -1; /* Something is wrong here */
939 #endif /* CONTENTLENGTH */
941 /* Output a newline; note, empty messages are allowed. */
943 (void) putc('\n', fp
);
945 if (fp
== NULL
|| fflush(fp
) == EOF
|| ferror(fp
) != 0)
947 mailerr("451 4.3.0", "Temporary file write error");
962 char path
[MAXPATHLEN
];
963 int mbfd
= -1, nr
= 0, nw
, off
;
967 off_t curoff
, cursize
;
971 #endif /* CONTENTLENGTH */
972 char biffmsg
[100], buf
[8 * 1024];
976 ** Disallow delivery to unknown names -- special mailboxes can be
977 ** handled in the sendmail aliases file.
980 exitval
= sm_mbdb_lookup(name
, &user
);
987 exitval
= EX_UNAVAILABLE
;
988 mailerr("550 5.1.1", "%s: User unknown", name
);
992 mailerr("451 4.3.0", "%s: User database failure; retry later",
997 exitval
= EX_UNAVAILABLE
;
998 mailerr("550 5.3.0", "%s: User database failure", name
);
1002 if (exitval
!= EX_OK
)
1004 if (ExitVal
!= EX_TEMPFAIL
)
1012 ** Keep name reasonably short to avoid buffer overruns.
1013 ** This isn't necessary on BSD because of the proper
1014 ** definition of snprintf(), but it can cause problems
1015 ** on other systems.
1016 ** Also, clear out any bogus characters.
1020 if (strlen(name
) > 40)
1022 for (p
= name
; *p
!= '\0'; p
++)
1026 else if (!isprint(*p
))
1029 #endif /* !HASHSPOOL */
1032 if (HomeMailFile
== NULL
)
1034 if (sm_strlcpyn(path
, sizeof(path
),
1037 #else /* HASHSPOOL */
1039 #endif /* HASHSPOOL */
1043 #endif /* HASHSPOOL */
1044 name
) >= sizeof(path
))
1046 exitval
= EX_UNAVAILABLE
;
1047 mailerr("550 5.1.1", "%s: Invalid mailbox path", name
);
1051 else if (*user
.mbdb_homedir
== '\0')
1053 exitval
= EX_UNAVAILABLE
;
1054 mailerr("550 5.1.1", "%s: User missing home directory", name
);
1057 else if (sm_snprintf(path
, sizeof(path
), "%s/%s",
1058 user
.mbdb_homedir
, HomeMailFile
) >= sizeof(path
))
1060 exitval
= EX_UNAVAILABLE
;
1061 mailerr("550 5.1.1", "%s: Invalid mailbox path", name
);
1067 ** If the mailbox is linked or a symlink, fail. There's an obvious
1068 ** race here, that the file was replaced with a symbolic link after
1069 ** the lstat returned, but before the open. We attempt to detect
1070 ** this by comparing the original stat information and information
1071 ** returned by an fstat of the file descriptor returned by the open.
1073 ** NB: this is a symptom of a larger problem, that the mail spooling
1074 ** directory is writeable by the wrong users. If that directory is
1075 ** writeable, system security is compromised for other reasons, and
1076 ** it cannot be fixed here.
1078 ** If we created the mailbox, set the owner/group. If that fails,
1079 ** just return. Another process may have already opened it, so we
1080 ** can't unlink it. Historically, binmail set the owner/group at
1081 ** each mail delivery. We no longer do this, assuming that if the
1082 ** ownership or permissions were changed there was a reason.
1085 ** open(2) should support flock'ing the file.
1091 #else /* MAILLOCK */
1093 #endif /* MAILLOCK */
1094 if ((off
= lockmbox(p
)) != 0)
1096 if (off
== EX_TEMPFAIL
|| e_to_sys(off
) == EX_TEMPFAIL
)
1098 ExitVal
= EX_TEMPFAIL
;
1099 errcode
= "451 4.3.0";
1102 errcode
= "551 5.3.0";
1104 mailerr(errcode
, "lockmailbox %s failed; error code %d %s",
1105 p
, off
, errno
> 0 ? sm_errstring(errno
) : "");
1109 if (lstat(path
, &sb
) < 0)
1112 int mode
= S_IRUSR
|S_IWUSR
;
1113 gid_t gid
= user
.mbdb_gid
;
1118 mode
|= S_IRGRP
|S_IWGRP
;
1119 #endif /* MAILGID */
1121 mbfd
= open(path
, O_APPEND
|O_CREAT
|O_EXCL
|O_WRONLY
,
1125 if (lstat(path
, &sb
) < 0)
1127 ExitVal
= EX_CANTCREAT
;
1128 mailerr("550 5.2.0",
1129 "%s: lstat: file changed after open", path
);
1134 if (save_errno
== EEXIST
)
1137 /* open failed, don't try again */
1138 mailerr("450 4.2.0", "%s: %s", path
,
1139 sm_errstring(save_errno
));
1142 else if (fchown(mbfd
, user
.mbdb_uid
, gid
) < 0)
1144 mailerr("451 4.3.0", "chown %u.%u: %s",
1145 user
.mbdb_uid
, gid
, name
);
1151 ** open() was successful, now close it so can
1152 ** be opened as the right owner again.
1153 ** Paranoia: reset mbdf since the file descriptor
1154 ** is no longer valid; better safe than sorry.
1157 sb
.st_uid
= user
.mbdb_uid
;
1162 else if (sb
.st_nlink
!= 1)
1164 mailerr("550 5.2.0", "%s: too many links", path
);
1167 else if (!S_ISREG(sb
.st_mode
))
1169 mailerr("550 5.2.0", "%s: irregular file", path
);
1172 else if (sb
.st_uid
!= user
.mbdb_uid
)
1174 ExitVal
= EX_CANTCREAT
;
1175 mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1176 path
, (int) sb
.st_uid
);
1180 /* change UID for quota checks */
1181 if (setreuid(0, user
.mbdb_uid
) < 0)
1183 mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1184 (int) user
.mbdb_uid
, sm_errstring(errno
),
1185 (int) getuid(), (int) geteuid());
1189 fprintf(stderr
, "new euid = %d\n", (int) geteuid());
1191 mbfd
= open(path
, O_APPEND
|O_WRONLY
, 0);
1194 mailerr("450 4.2.0", "%s: %s", path
, sm_errstring(errno
));
1197 else if (fstat(mbfd
, &fsb
) < 0 ||
1198 fsb
.st_nlink
!= 1 ||
1200 !S_ISREG(fsb
.st_mode
) ||
1201 sb
.st_dev
!= fsb
.st_dev
||
1202 sb
.st_ino
!= fsb
.st_ino
||
1203 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1204 sb
.st_gen
!= fsb
.st_gen
||
1205 # endif /* HAS_ST_GEN && 0 */
1206 sb
.st_uid
!= fsb
.st_uid
)
1208 ExitVal
= EX_TEMPFAIL
;
1209 mailerr("550 5.2.0", "%s: fstat: file changed after open",
1216 ** This code could be reused if we decide to add a
1217 ** per-user quota field to the sm_mbdb interface.
1221 ** Fail if the user has a quota specified, and delivery of this
1222 ** message would exceed that quota. We bounce such failures using
1223 ** EX_UNAVAILABLE, unless there were internal problems, since
1224 ** storing immense messages for later retries can cause queueing
1232 if (fstat(fd
, &dsb
) < 0)
1234 ExitVal
= EX_TEMPFAIL
;
1235 mailerr("451 4.3.0",
1236 "%s: fstat: can't stat temporary storage: %s",
1237 ui
.mailspool
, sm_errstring(errno
));
1241 if (dsb
.st_size
+ sb
.st_size
+ 1 > ui
.quota
)
1243 ExitVal
= EX_UNAVAILABLE
;
1244 mailerr("551 5.2.2",
1245 "%s: Mailbox full or quota exceeded",
1252 /* Wait until we can get a lock on the file. */
1253 if (flock(mbfd
, LOCK_EX
) < 0)
1255 mailerr("450 4.2.0", "%s: %s", path
, sm_errstring(errno
));
1259 /* Get the starting offset of the new message */
1260 curoff
= lseek(mbfd
, (off_t
) 0, SEEK_END
);
1261 (void) sm_snprintf(biffmsg
, sizeof(biffmsg
), "%s@%lld\n",
1262 name
, (LONGLONG_T
) curoff
);
1264 /* Copy the message into the file. */
1265 if (lseek(fd
, (off_t
) 0, SEEK_SET
) == (off_t
) -1)
1267 mailerr("450 4.2.0", "Temporary file: %s",
1268 sm_errstring(errno
));
1272 fprintf(stderr
, "before writing: euid = %d\n", (int) geteuid());
1274 #ifdef CONTENTLENGTH
1275 headerbytes
= (BodyLength
>= 0) ? HeaderLength
: -1 ;
1278 if (headerbytes
== 0)
1280 (void) sm_snprintf(buf
, sizeof buf
, "%s", ContentHdr
);
1285 else if (headerbytes
> sizeof(buf
) || headerbytes
< 0)
1286 readamount
= sizeof(buf
);
1288 readamount
= headerbytes
;
1289 if (readamount
!= 0)
1290 nr
= read(fd
, buf
, readamount
);
1293 if (headerbytes
> 0)
1296 #else /* CONTENTLENGTH */
1297 while ((nr
= read(fd
, buf
, sizeof(buf
))) > 0)
1299 #endif /* CONTENTLENGTH */
1300 for (off
= 0; off
< nr
; off
+= nw
)
1302 if ((nw
= write(mbfd
, buf
+ off
, nr
- off
)) < 0)
1304 errcode
= "450 4.2.0";
1306 if (errno
== EDQUOT
&& BounceQuota
)
1307 errcode
= "552 5.2.2";
1309 mailerr(errcode
, "%s: %s",
1310 path
, sm_errstring(errno
));
1317 mailerr("450 4.2.0", "Temporary file: %s",
1318 sm_errstring(errno
));
1322 /* Flush to disk, don't wait for update. */
1323 if (fsync(mbfd
) < 0)
1325 mailerr("450 4.2.0", "%s: %s", path
, sm_errstring(errno
));
1328 fprintf(stderr
, "reset euid = %d\n", (int) geteuid());
1331 (void) ftruncate(mbfd
, curoff
);
1332 err1
: if (mbfd
>= 0)
1334 err0
: (void) setreuid(0, 0);
1340 ** Save the current size so if the close() fails below
1341 ** we can make sure no other process has changed the mailbox
1342 ** between the failed close and the re-open()/re-lock().
1343 ** If something else has changed the size, we shouldn't
1344 ** try to truncate it as we may do more harm then good
1345 ** (e.g., truncate a later message delivery).
1348 if (fstat(mbfd
, &sb
) < 0)
1351 cursize
= sb
.st_size
;
1354 /* Close and check -- NFS doesn't write until the close. */
1357 errcode
= "450 4.2.0";
1359 if (errno
== EDQUOT
&& BounceQuota
)
1360 errcode
= "552 5.2.2";
1362 mailerr(errcode
, "%s: %s", path
, sm_errstring(errno
));
1363 mbfd
= open(path
, O_WRONLY
, 0);
1366 || flock(mbfd
, LOCK_EX
) < 0 ||
1367 fstat(mbfd
, &sb
) < 0 ||
1368 sb
.st_size
!= cursize
||
1370 !S_ISREG(sb
.st_mode
) ||
1371 sb
.st_dev
!= fsb
.st_dev
||
1372 sb
.st_ino
!= fsb
.st_ino
||
1373 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1374 sb
.st_gen
!= fsb
.st_gen
||
1375 # endif /* HAS_ST_GEN && 0 */
1376 sb
.st_uid
!= fsb
.st_uid
1379 /* Don't use a bogus file */
1387 /* Attempt to truncate back to pre-write size */
1391 notifybiff(biffmsg
);
1393 if (setreuid(0, 0) < 0)
1395 mailerr("450 4.2.0", "setreuid(0, 0): %s",
1396 sm_errstring(errno
));
1400 fprintf(stderr
, "reset euid = %d\n", (int) geteuid());
1404 printf("250 2.1.5 %s Ok\r\n", name
);
1408 ** user.lock files are necessary for compatibility with other
1409 ** systems, e.g., when the mail spool file is NFS exported.
1410 ** Alas, mailbox locking is more than just a local matter.
1414 bool Locked
= false;
1425 if ((r
= maillock(name
, 15)) == L_SUCCESS
)
1432 case L_TMPLOCK
: /* Can't create tmp file */
1433 case L_TMPWRITE
: /* Can't write pid into lockfile */
1434 case L_MAXTRYS
: /* Failed after retrycnt attempts */
1438 case L_ERROR
: /* Check errno for reason */
1441 default: /* other permanent errors */
1456 #else /* MAILLOCK */
1458 char LockName
[MAXPATHLEN
];
1469 if (strlen(path
) + 6 > sizeof LockName
)
1471 (void) sm_snprintf(LockName
, sizeof LockName
, "%s.lock", path
);
1472 (void) time(&start
);
1479 /* global timeout */
1481 if (now
> start
+ LOCKTO_GLOB
)
1486 fd
= open(LockName
, O_WRONLY
|O_EXCL
|O_CREAT
, LOCKFILE_PMODE
);
1489 /* defeat lock checking programs which test pid */
1490 (void) write(fd
, "0", 2);
1495 if (stat(LockName
, &st
) < 0)
1497 if (statfailed
++ > 5)
1506 if (now
< st
.st_ctime
+ LOCKTO_RM
)
1509 /* try to remove stale lockfile */
1510 if (unlink(LockName
) < 0)
1520 (void) unlink(LockName
);
1523 #endif /* MAILLOCK */
1529 static bool initialized
= false;
1534 static struct sockaddr_in addr
;
1540 /* Be silent if biff service not available. */
1541 if ((sp
= getservbyname("biff", "udp")) == NULL
||
1542 (hp
= gethostbyname("localhost")) == NULL
||
1543 hp
->h_length
!= INADDRSZ
)
1546 addr
.sin_family
= hp
->h_addrtype
;
1547 memcpy(&addr
.sin_addr
, hp
->h_addr
, INADDRSZ
);
1548 addr
.sin_port
= sp
->s_port
;
1551 /* No message, just return */
1555 /* Couldn't initialize addr struct */
1556 if (addr
.sin_family
== AF_UNSPEC
)
1559 if (f
< 0 && (f
= socket(AF_INET
, SOCK_DGRAM
, 0)) < 0)
1561 len
= strlen(msg
) + 1;
1562 (void) sendto(f
, msg
, len
, 0, (struct sockaddr
*) &addr
, sizeof(addr
));
1569 mailerr(NULL
, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] user ...");
1576 mailerr(const char *hdr
, const char *fmt
, ...)
1577 #else /* __STDC__ */
1578 mailerr(hdr
, fmt
, va_alist
)
1582 #endif /* __STDC__ */
1587 (void) e_to_sys(errno
);
1589 SM_VA_START(ap
, fmt
);
1591 if (LMTPMode
&& hdr
!= NULL
)
1593 sm_snprintf(ErrBuf
, sizeof ErrBuf
, "%s ", hdr
);
1594 len
= strlen(ErrBuf
);
1596 (void) sm_vsnprintf(&ErrBuf
[len
], sizeof ErrBuf
- len
, fmt
, ap
);
1602 /* Log the message to syslog. */
1604 syslog(LOG_ERR
, "%s", ErrBuf
);
1611 printf("%s\r\n", ErrBuf
);
1614 if (ExitVal
!= EX_USAGE
)
1615 (void) fprintf(stderr
, "mail.local: ");
1616 fprintf(stderr
, "%s\n", ErrBuf
);
1625 static char p
[MAXPATHLEN
];
1630 char Base64
[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_";
1632 unsigned char md5
[18];
1633 # if MAXPATHLEN <= 24
1634 ERROR _MAXPATHLEN
<= 24
1635 # endif /* MAXPATHLEN <= 24 */
1639 # endif /* HASHSPOOLMD5 */
1641 if (HashType
== HASH_NONE
|| HashDepth
* 2 >= MAXPATHLEN
)
1656 MD5_Update(&ctx
, name
, strlen(name
));
1657 MD5_Final(md5
, &ctx
);
1661 for (i
= 0; i
< 6; i
++)
1663 bits
= (unsigned) md5
[(3 * i
)] << 16;
1664 bits
|= (unsigned) md5
[(3 * i
) + 1] << 8;
1665 bits
|= (unsigned) md5
[(3 * i
) + 2];
1667 for (j
= 3; j
>= 0; j
--)
1669 b64
[(4 * i
) + j
] = Base64
[(bits
& 0x3f)];
1676 # endif /* HASHSPOOLMD5 */
1680 for (i
= 0; i
< HashDepth
; i
++)
1686 p
[(i
* 2) + 1] = '/';
1688 p
[HashDepth
* 2] = '\0';
1691 #endif /* HASHSPOOL */
1695 * Guess which errno's are temporary. Gag me.
1702 /* Temporary failures override hard errors. */
1703 if (ExitVal
== EX_TEMPFAIL
)
1706 switch (num
) /* Hopefully temporary errors. */
1709 case EDQUOT
: /* Disc quota exceeded */
1712 ExitVal
= EX_UNAVAILABLE
;
1718 case EAGAIN
: /* Resource temporarily unavailable */
1721 case EBUSY
: /* Device busy */
1724 case EPROCLIM
: /* Too many processes */
1725 #endif /* EPROCLIM */
1727 case EUSERS
: /* Too many users */
1730 case ECONNABORTED
: /* Software caused connection abort */
1731 #endif /* ECONNABORTED */
1733 case ECONNREFUSED
: /* Connection refused */
1734 #endif /* ECONNREFUSED */
1736 case ECONNRESET
: /* Connection reset by peer */
1737 #endif /* ECONNRESET */
1739 case EDEADLK
: /* Resource deadlock avoided */
1740 #endif /* EDEADLK */
1742 case EFBIG
: /* File too large */
1745 case EHOSTDOWN
: /* Host is down */
1746 #endif /* EHOSTDOWN */
1748 case EHOSTUNREACH
: /* No route to host */
1749 #endif /* EHOSTUNREACH */
1751 case EMFILE
: /* Too many open files */
1754 case ENETDOWN
: /* Network is down */
1755 #endif /* ENETDOWN */
1757 case ENETRESET
: /* Network dropped connection on reset */
1758 #endif /* ENETRESET */
1760 case ENETUNREACH
: /* Network is unreachable */
1761 #endif /* ENETUNREACH */
1763 case ENFILE
: /* Too many open files in system */
1766 case ENOBUFS
: /* No buffer space available */
1767 #endif /* ENOBUFS */
1769 case ENOMEM
: /* Cannot allocate memory */
1772 case ENOSPC
: /* No space left on device */
1775 case EROFS
: /* Read-only file system */
1778 case ESTALE
: /* Stale NFS file handle */
1781 case ETIMEDOUT
: /* Connection timed out */
1782 #endif /* ETIMEDOUT */
1783 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1784 case EWOULDBLOCK
: /* Operation would block. */
1785 #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
1786 ExitVal
= EX_TEMPFAIL
;
1790 ExitVal
= EX_UNAVAILABLE
;
1796 #if defined(ultrix) || defined(_CRAY)
1798 * Copyright (c) 1987, 1993
1799 * The Regents of the University of California. All rights reserved.
1801 * Redistribution and use in source and binary forms, with or without
1802 * modification, are permitted provided that the following conditions
1804 * 1. Redistributions of source code must retain the above copyright
1805 * notice, this list of conditions and the following disclaimer.
1806 * 2. Redistributions in binary form must reproduce the above copyright
1807 * notice, this list of conditions and the following disclaimer in the
1808 * documentation and/or other materials provided with the distribution.
1809 * 3. All advertising materials mentioning features or use of this software
1810 * must display the following acknowledgement:
1811 * This product includes software developed by the University of
1812 * California, Berkeley and its contributors.
1813 * 4. Neither the name of the University nor the names of its contributors
1814 * may be used to endorse or promote products derived from this software
1815 * without specific prior written permission.
1817 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1818 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1819 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1820 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1821 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1822 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1823 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1824 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1825 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1826 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1830 # if defined(LIBC_SCCS) && !defined(lint)
1831 static char sccsid
[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
1832 # endif /* defined(LIBC_SCCS) && !defined(lint) */
1834 # include <sys/types.h>
1835 # include <sys/stat.h>
1841 static int _gettemp();
1848 return (_gettemp(path
, &fd
) ? fd
: -1);
1852 _gettemp(path
, doopen
)
1854 register int *doopen
;
1857 register char *start
, *trv
;
1862 for (trv
= path
; *trv
; ++trv
); /* extra X's get set to 0's */
1863 while (*--trv
== 'X')
1865 *trv
= (pid
% 10) + '0';
1870 * check the target directory; if you have six X's and it
1871 * doesn't exist this runs for a *very* long time.
1873 for (start
= trv
+ 1;; --trv
)
1880 if (stat(path
, &sbuf
) < 0)
1882 if (!S_ISDIR(sbuf
.st_mode
))
1896 if ((*doopen
= open(path
, O_CREAT
|O_EXCL
|O_RDWR
,
1899 if (errno
!= EEXIST
)
1902 else if (stat(path
, &sbuf
) < 0)
1903 return(errno
== ENOENT
? 1 : 0);
1905 /* tricky little algorithm for backward compatibility */
1914 if (isascii(*trv
) && isdigit(*trv
))
1924 #endif /* defined(ultrix) || defined(_CRAY) */