2 * Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
4 * Copyright (c) 1990, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
7 * By using this file, you agree to the terms and conditions set
8 * forth in the LICENSE file which can be found at the top level of
9 * the sendmail distribution.
18 "@(#) Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.\n\
19 All rights reserved.\n\
20 Copyright (c) 1990, 1993, 1994\n\
21 The Regents of the University of California. All rights reserved.\n")
23 SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.257 2013-11-22 20:51:51 ca Exp $")
26 #include <sm/sendmail.h>
27 #include <sm/errstring.h>
29 #include <sm/limits.h>
31 #define LOCKFILE_PMODE 0
33 #include <sm/sysexits.h>
39 # define HASHSPOOLMD5 0
43 ** This is not intended to work on System V derived systems
44 ** such as Solaris or HP-UX, since they use a totally different
45 ** approach to mailboxes (essentially, they have a set-group-ID program
46 ** rather than set-user-ID, and they rely on the ability to "give away"
47 ** files to do their work). IT IS NOT A BUG that this doesn't
48 ** work on such architectures.
55 #include <sys/types.h>
59 # include <sys/socket.h>
60 # include <sys/file.h>
61 # include <netinet/in.h>
62 # include <arpa/nameser.h>
66 #include <sm/string.h>
71 #include <sendmail/pathnames.h>
78 # include <openssl/md5.h>
80 #endif /* HASHSPOOL */
84 ** Override path to mail store at run time (using -p).
85 ** From: Eugene Grosbein of Svyaz Service JSC
86 ** See: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/114195
87 ** NOTE: Update man page before adding this to a release.
89 #endif /* _FFR_SPOOL_PATH */
93 # define LOCKTO_RM 300 /* timeout for stale lockfile removal */
96 # define LOCKTO_GLOB 400 /* global timeout for lockfile creation */
99 /* define a realloc() which works for NULL pointers */
100 #define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
103 ** If you don't have flock, you could try using lockf instead.
107 # define flock(a, b) lockf(a, b, 0)
111 # define LOCK_EX F_LOCK
112 #endif /* LDA_USE_LOCKF */
115 # include <sys/file.h>
119 ** If you don't have setreuid, and you have saved uids, and you have
120 ** a seteuid() call that doesn't try to emulate using setuid(), then
121 ** you can try defining LDA_USE_SETEUID.
124 #ifdef LDA_USE_SETEUID
125 # define setreuid(r, e) seteuid(e)
128 #ifdef LDA_CONTENTLENGTH
129 # define CONTENTLENGTH 1
133 # define INADDRSZ 4 /* size of an IPv4 address in bytes */
137 # include <maillock.h>
140 #ifndef MAILER_DAEMON
141 # define MAILER_DAEMON "MAILER-DAEMON"
145 char ContentHdr[40] = "Content-Length: ";
150 bool EightBitMime = true; /* advertise 8BITMIME in LMTP */
152 bool EAI = true; /* advertise SMTPUTF8 in LMTP */
154 char ErrBuf[10240]; /* error buffer */
155 int ExitVal = EX_OK; /* sysexits.h error value. */
157 bool nofsync = false;
158 bool HoldErrs = false; /* Hold errors in ErrBuf */
159 bool LMTPMode = false;
160 bool BounceQuota = false; /* permanent error when over quota */
161 bool CloseMBDB = false;
162 char *HomeMailFile = NULL; /* store mail in homedir */
165 int HashType = HASH_NONE;
167 bool StripRcptDomain = true;
169 # define StripRcptDomain true
171 char SpoolPath[MAXPATHLEN];
173 char *parseaddr __P((char *, bool));
174 char *process_recipient __P((char *));
175 void dolmtp __P((void));
176 void deliver __P((int, char *));
177 int e_to_sys __P((int));
178 void notifybiff __P((char *));
179 int store __P((char *, bool *));
180 void usage __P((void));
181 int lockmbox __P((char *));
182 void unlockmbox __P((void));
183 void mailerr __P((const char *, const char *, ...));
184 void flush_error __P((void));
186 const char *hashname __P((char *));
190 static void sm_exit __P((int));
199 CloseMBDB = false; /* not really necessary, but ... */
213 char *mbdbname = "pw";
219 /* make sure we have some open file descriptors */
220 for (fd = 10; fd < 30; fd++)
223 /* use a reasonable umask */
227 openlog("mail.local", 0, LOG_MAIL);
229 openlog("mail.local", 0);
234 /* XXX can this be converted to a compile time check? */
235 if (sm_strlcpy(SpoolPath, _PATH_MAILDIR, sizeof(SpoolPath)) >=
238 mailerr("421", "Configuration error: _PATH_MAILDIR too large");
242 /* HACK: add U to all options - this should be only for USE_EAI */
244 while ((ch = getopt(argc, argv, "7BbdD:f:h:r:lH:p:nsUV")) != -1)
245 #else /* HASHSPOOL */
247 while ((ch = getopt(argc, argv, "7BbdD:f:h:r:lp:sUV")) != -1)
249 while ((ch = getopt(argc, argv, "7BbdD:f:h:r:lsUV")) != -1)
251 #endif /* HASHSPOOL */
255 case '7': /* Do not advertise 8BITMIME */
256 EightBitMime = false;
263 case 'b': /* bounce mail when over quota. */
267 case 'd': /* Backward compatible. */
270 case 'D': /* mailbox database type */
275 case 'r': /* Backward compatible. */
278 mailerr(NULL, "Multiple -f options");
285 if (optarg != NULL || *optarg != '\0')
286 HomeMailFile = optarg;
289 mailerr(NULL, "-h: missing filename");
304 if (optarg == NULL || *optarg == '\0')
306 mailerr(NULL, "-H: missing hashinfo");
312 HashType = HASH_USER;
322 mailerr(NULL, "-H: unknown hash type");
325 if (optarg[1] == '\0')
327 mailerr(NULL, "-H: invalid hash depth");
330 HashDepth = atoi(&optarg[1]);
331 if ((HashDepth <= 0) || ((HashDepth * 2) >= MAXPATHLEN))
333 mailerr(NULL, "-H: invalid hash depth");
339 StripRcptDomain = false;
341 #endif /* HASHSPOOL */
343 #if HASHSPOOL || _FFR_SPOOL_PATH
345 if (optarg == NULL || *optarg == '\0')
347 mailerr(NULL, "-p: missing spool path");
350 if (sm_strlcpy(SpoolPath, optarg, sizeof(SpoolPath)) >=
353 mailerr(NULL, "-p: invalid spool path");
357 #endif /* HASHSPOOL || _FFR_SPOOL_PATH */
365 fprintf(stderr, "compiled with\n");
367 fprintf(stderr, "MAIL_LOCAL_TEST\n");
370 /* test scripts should look for SMTPUTF8 */
371 fprintf(stderr, "USE_EAI\n");
383 /* initialize biff structures */
387 err = sm_mbdb_initialize(mbdbname);
390 char *errcode = "521";
392 if (err == EX_TEMPFAIL)
395 mailerr(errcode, "Can not open mailbox database %s: %s",
396 mbdbname, sm_strexit(err));
405 mailerr("421", "Users should not be specified in command line if LMTP required");
406 sm_exit(EX_TEMPFAIL);
414 /* Non-LMTP from here on out */
419 ** If from not specified, use the name from getlogin() if the
420 ** uid matches, otherwise, use the name from the password file
421 ** corresponding to the uid.
425 if (from == NULL && ((from = getlogin()) == NULL ||
426 (pw = getpwnam(from)) == NULL ||
428 from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
431 ** There is no way to distinguish the error status of one delivery
432 ** from the rest of the deliveries. So, if we failed hard on one
433 ** or more deliveries, but had no failures on any of the others, we
434 ** return a hard failure. If we failed temporarily on one or more
435 ** deliveries, we return a temporary failure regardless of the other
436 ** failures. This results in the delivery being reattempted later
437 ** at the expense of repeated failures and multiple deliveries.
441 fd = store(from, NULL);
448 for (; *argv != NULL; ++argv)
472 while (*p != ',' && *p != ':' && *p != '\0')
477 /* Skip over , or : */
484 while (*p != '\0' && *p != '@' && *p != '>')
494 while (*p != '\0' && *p != '\"')
503 if (*p == '\0' || *(p + 1) == '\0')
507 if (*p == '+' && rcpt)
517 while (*p != '\0' && *p != '>')
527 if (*p != '\0' && *p != ' ')
539 mailerr("421 4.3.0", "Memory exhausted");
540 sm_exit(EX_TEMPFAIL);
543 (void) sm_strlcpy(p, s, l);
548 process_recipient(addr)
553 switch (sm_mbdb_lookup(addr, &user))
559 return "550 5.1.1 User unknown";
562 return "451 4.3.0 User database failure; retry later";
565 return "550 5.3.0 User database failure";
574 char *return_path = NULL;
575 char **rcpt_addr = NULL;
578 bool gotlhlo = false;
583 char myhostname[1024];
586 memset(myhostname, '\0', sizeof myhostname);
587 (void) gethostname(myhostname, sizeof myhostname - 1);
588 if (myhostname[0] == '\0')
589 sm_strlcpy(myhostname, "localhost", sizeof myhostname);
591 printf("220 %s LMTP ready\r\n", myhostname);
594 (void) fflush(stdout);
595 if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
597 p = buf + strlen(buf) - 1;
598 if (p >= buf && *p == '\n')
600 if (p >= buf && *p == '\r')
607 if (SM_STRCASEEQ(buf, "data"))
613 mailerr("503 5.5.1", "No recipients");
617 msgfd = store(return_path, &inbody);
619 if (msgfd < 0 && !inbody)
625 for (i = 0; i < rcpt_num; i++)
629 /* print error for rcpt */
633 p = strchr(rcpt_addr[i], '+');
636 deliver(msgfd, rcpt_addr[i]);
648 if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
650 /* check for duplicate per RFC 1651 4.2 */
653 mailerr("503", "%s Duplicate LHLO",
658 printf("250-%s\r\n", myhostname);
660 printf("250-8BITMIME\r\n");
663 printf("250-SMTPUTF8\r\n");
665 printf("250-ENHANCEDSTATUSCODES\r\n");
666 printf("250 PIPELINING\r\n");
675 if (sm_strncasecmp(buf, "mail ", 5) == 0)
677 if (return_path != NULL)
680 "Nested MAIL command");
683 if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
684 ((return_path = parseaddr(buf + 10,
688 "Syntax error in parameters");
691 printf("250 2.5.0 Ok\r\n");
700 if (SM_STRCASEEQ(buf, "noop"))
702 printf("250 2.0.0 Ok\r\n");
711 if (SM_STRCASEEQ(buf, "quit"))
713 printf("221 2.0.0 Bye\r\n");
722 if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
724 if (return_path == NULL)
727 "Need MAIL command");
730 if (rcpt_num >= rcpt_alloc)
732 rcpt_alloc += RCPT_GROW;
733 rcpt_addr = (char **)
734 REALLOC((char *) rcpt_addr,
737 if (rcpt_addr == NULL)
741 sm_exit(EX_TEMPFAIL);
744 if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
745 ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
746 StripRcptDomain)) == NULL))
749 "Syntax error in parameters");
752 err = process_recipient(rcpt_addr[rcpt_num]);
755 mailerr(NULL, "%s", err);
759 printf("250 2.1.5 Ok\r\n");
762 else if (SM_STRCASEEQ(buf, "rset"))
764 printf("250 2.0.0 Ok\r\n");
768 free(rcpt_addr[--rcpt_num]);
769 if (return_path != NULL)
780 if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
782 printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
791 mailerr("500 5.5.2", "Syntax error");
806 bool eline; /* previous line was empty */
807 bool fullline = true; /* current line is terminated */
808 bool prevfl; /* previous line was terminated */
811 char tmpbuf[sizeof _PATH_LOCTMP + 1];
817 (void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
818 if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
822 mailerr("451 4.3.0", "Unable to open temporary file");
825 (void) unlink(tmpbuf);
829 printf("354 Go ahead\r\n");
830 (void) fflush(stdout);
836 (void) fprintf(fp, "From %s %s", from, ctime(&tval));
845 while (fgets(line, sizeof(line), stdin) != (char *) NULL)
850 prevfl = fullline; /* preserve state of previous line */
851 while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
855 /* Check for dot-stuffing */
856 if (prevfl && LMTPMode && line[0] == '.')
858 if (line[1] == '\n' ||
859 (line[1] == '\r' && line[2] == '\n'))
861 memcpy(line, line + 1, line_len);
865 /* Check to see if we have the full line from fgets() */
869 if (line[line_len - 1] == '\n')
872 line[line_len - 2] == '\r')
874 line[line_len - 2] = '\n';
875 line[line_len - 1] = '\0';
880 else if (line[line_len - 1] == '\r')
882 /* Did we just miss the CRLF? */
886 line[line_len - 1] = '\n';
890 (void) ungetc(peek, stdin);
897 if (prevfl && line[0] == '\n' && HeaderLength == 0)
901 HeaderLength = ftell(fp);
902 if (HeaderLength <= 0)
905 ** shouldn't happen, unless ftell() is
912 #else /* CONTENTLENGTH */
913 if (prevfl && line[0] == '\n')
915 #endif /* CONTENTLENGTH */
918 if (eline && line[0] == 'F' &&
920 !memcmp(line, "From ", 5))
921 (void) putc('>', fp);
924 /* discard existing "Content-Length:" headers */
925 if (prevfl && HeaderLength == 0 &&
926 (line[0] == 'C' || line[0] == 'c') &&
927 sm_strncasecmp(line, ContentHdr, 15) == 0)
930 ** be paranoid: clear the line
931 ** so no "wrong matches" may occur later
936 #endif /* CONTENTLENGTH */
941 (void) fwrite(line, sizeof(char), line_len, fp);
945 "Temporary file write error");
953 /* check if an error occurred */
959 /* Got a premature EOF -- toss message and exit */
963 /* If message not newline terminated, need an extra. */
964 if (fp != NULL && strchr(line, '\n') == NULL)
965 (void) putc('\n', fp);
971 BodyLength = ftell(fp);
972 if (HeaderLength == 0 && BodyLength > 0) /* empty body */
974 HeaderLength = BodyLength;
978 BodyLength = BodyLength - HeaderLength - 1 ;
980 if (HeaderLength > 0 && BodyLength >= 0)
982 (void) sm_snprintf(line, sizeof line, "%lld\n",
983 (LONGLONG_T) BodyLength);
984 (void) sm_strlcpy(&ContentHdr[16], line,
985 sizeof(ContentHdr) - 16);
988 BodyLength = -1; /* Something is wrong here */
989 #endif /* CONTENTLENGTH */
991 /* Output a newline; note, empty messages are allowed. */
993 (void) putc('\n', fp);
995 if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
997 mailerr("451 4.3.0", "Temporary file flush error");
1012 char path[MAXPATHLEN];
1013 int mbfd = -1, nr = 0, nw, off;
1017 off_t curoff, cursize;
1018 #ifdef CONTENTLENGTH
1022 char biffmsg[100], buf[8 * 1024];
1026 ** Disallow delivery to unknown names -- special mailboxes can be
1027 ** handled in the sendmail aliases file.
1030 exitval = sm_mbdb_lookup(name, &user);
1037 exitval = EX_UNAVAILABLE;
1038 mailerr("550 5.1.1", "%s: User unknown", name);
1042 mailerr("451 4.3.0", "%s: User database failure; retry later",
1047 exitval = EX_UNAVAILABLE;
1048 mailerr("550 5.3.0", "%s: User database failure", name);
1052 if (exitval != EX_OK)
1054 if (ExitVal != EX_TEMPFAIL)
1062 ** Keep name reasonably short to avoid buffer overruns.
1063 ** This isn't necessary on BSD because of the proper
1064 ** definition of snprintf(), but it can cause problems
1065 ** on other systems.
1066 ** Also, clear out any bogus characters.
1070 if (strlen(name) > 40)
1072 for (p = name; *p != '\0'; p++)
1076 else if (!isprint(*p))
1079 #endif /* !HASHSPOOL */
1082 if (HomeMailFile == NULL)
1084 if (sm_strlcpyn(path, sizeof(path),
1094 name) >= sizeof(path))
1096 exitval = EX_UNAVAILABLE;
1097 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1101 else if (*user.mbdb_homedir == '\0')
1103 exitval = EX_UNAVAILABLE;
1104 mailerr("550 5.1.1", "%s: User missing home directory", name);
1107 else if (sm_snprintf(path, sizeof(path), "%s/%s",
1108 user.mbdb_homedir, HomeMailFile) >= sizeof(path))
1110 exitval = EX_UNAVAILABLE;
1111 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
1117 ** If the mailbox is linked or a symlink, fail. There's an obvious
1118 ** race here, that the file was replaced with a symbolic link after
1119 ** the lstat returned, but before the open. We attempt to detect
1120 ** this by comparing the original stat information and information
1121 ** returned by an fstat of the file descriptor returned by the open.
1123 ** NB: this is a symptom of a larger problem, that the mail spooling
1124 ** directory is writeable by the wrong users. If that directory is
1125 ** writeable, system security is compromised for other reasons, and
1126 ** it cannot be fixed here.
1128 ** If we created the mailbox, set the owner/group. If that fails,
1129 ** just return. Another process may have already opened it, so we
1130 ** can't unlink it. Historically, binmail set the owner/group at
1131 ** each mail delivery. We no longer do this, assuming that if the
1132 ** ownership or permissions were changed there was a reason.
1135 ** open(2) should support flock'ing the file.
1144 if ((off = lockmbox(p)) != 0)
1146 if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
1148 ExitVal = EX_TEMPFAIL;
1149 errcode = "451 4.3.0";
1152 errcode = "551 5.3.0";
1154 mailerr(errcode, "lockmailbox %s failed; error code %d %s",
1155 p, off, errno > 0 ? sm_errstring(errno) : "");
1159 if (lstat(path, &sb) < 0)
1162 int mode = S_IRUSR|S_IWUSR;
1163 gid_t gid = user.mbdb_gid;
1168 mode |= S_IRGRP|S_IWGRP;
1171 mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY,
1175 if (lstat(path, &sb) < 0)
1177 ExitVal = EX_CANTCREAT;
1178 mailerr("550 5.2.0",
1179 "%s: lstat: file changed after open", path);
1184 if (save_errno == EEXIST)
1187 /* open failed, don't try again */
1188 mailerr("450 4.2.0", "Create %s: %s", path,
1189 sm_errstring(save_errno));
1192 else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
1194 mailerr("451 4.3.0", "chown %u.%u: %s",
1195 user.mbdb_uid, gid, name);
1201 ** open() was successful, now close it so can
1202 ** be opened as the right owner again.
1203 ** Paranoia: reset mbdf since the file descriptor
1204 ** is no longer valid; better safe than sorry.
1207 sb.st_uid = user.mbdb_uid;
1212 else if (sb.st_nlink != 1)
1214 mailerr("550 5.2.0", "%s: too many links", path);
1217 else if (!S_ISREG(sb.st_mode))
1219 mailerr("550 5.2.0", "%s: irregular file", path);
1222 else if (sb.st_uid != user.mbdb_uid)
1224 ExitVal = EX_CANTCREAT;
1225 mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1226 path, (int) sb.st_uid);
1230 /* change UID for quota checks */
1233 (HomeMailFile == NULL || user.mbdb_uid != getuid()) &&
1235 setreuid(0, user.mbdb_uid) < 0)
1237 mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1238 (int) user.mbdb_uid, sm_errstring(errno),
1239 (int) getuid(), (int) geteuid());
1243 fprintf(stderr, "new euid = %d\n", (int) geteuid());
1245 mbfd = open(path, O_APPEND|O_WRONLY, 0);
1248 mailerr("450 4.2.0", "Append %s: %s", path, sm_errstring(errno));
1251 else if (fstat(mbfd, &fsb) < 0 ||
1252 fsb.st_nlink != 1 ||
1254 !S_ISREG(fsb.st_mode) ||
1255 sb.st_dev != fsb.st_dev ||
1256 sb.st_ino != fsb.st_ino ||
1257 #if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1258 sb.st_gen != fsb.st_gen ||
1260 sb.st_uid != fsb.st_uid)
1262 ExitVal = EX_TEMPFAIL;
1263 mailerr("550 5.2.0", "%s: fstat: file changed after open",
1270 ** This code could be reused if we decide to add a
1271 ** per-user quota field to the sm_mbdb interface.
1275 ** Fail if the user has a quota specified, and delivery of this
1276 ** message would exceed that quota. We bounce such failures using
1277 ** EX_UNAVAILABLE, unless there were internal problems, since
1278 ** storing immense messages for later retries can cause queueing
1286 if (fstat(fd, &dsb) < 0)
1288 ExitVal = EX_TEMPFAIL;
1289 mailerr("451 4.3.0",
1290 "%s: fstat: can't stat temporary storage: %s",
1291 ui.mailspool, sm_errstring(errno));
1295 if (dsb.st_size + sb.st_size + 1 > ui.quota)
1297 ExitVal = EX_UNAVAILABLE;
1298 mailerr("551 5.2.2",
1299 "%s: Mailbox full or quota exceeded",
1306 /* Wait until we can get a lock on the file. */
1307 if (flock(mbfd, LOCK_EX) < 0)
1309 mailerr("450 4.2.0", "Lock %s: %s", path, sm_errstring(errno));
1313 /* Get the starting offset of the new message */
1314 curoff = lseek(mbfd, (off_t) 0, SEEK_END);
1318 (void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
1319 name, (LONGLONG_T) curoff);
1322 /* Copy the message into the file. */
1323 if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
1325 mailerr("450 4.2.0", "Temporary file seek error: %s",
1326 sm_errstring(errno));
1330 fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
1332 #ifdef CONTENTLENGTH
1333 headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
1336 if (headerbytes == 0)
1338 (void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
1343 else if (headerbytes > sizeof(buf) || headerbytes < 0)
1344 readamount = sizeof(buf);
1346 readamount = headerbytes;
1347 if (readamount != 0)
1348 nr = read(fd, buf, readamount);
1351 if (headerbytes > 0)
1354 #else /* CONTENTLENGTH */
1355 while ((nr = read(fd, buf, sizeof(buf))) > 0)
1357 #endif /* CONTENTLENGTH */
1358 for (off = 0; off < nr; off += nw)
1360 if ((nw = write(mbfd, buf + off, nr - off)) < 0)
1362 errcode = "450 4.2.0";
1364 if (errno == EDQUOT && BounceQuota)
1365 errcode = "552 5.2.2";
1367 mailerr(errcode, "Write %s: %s",
1368 path, sm_errstring(errno));
1375 mailerr("450 4.2.0", "Temporary file read error: %s",
1376 sm_errstring(errno));
1380 /* Flush to disk, don't wait for update. */
1381 if (!nofsync && fsync(mbfd) < 0)
1383 mailerr("450 4.2.0", "Sync %s: %s", path, sm_errstring(errno));
1386 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1389 (void) ftruncate(mbfd, curoff);
1390 err1: if (mbfd >= 0)
1394 if (HomeMailFile == NULL || user.mbdb_uid != getuid())
1396 (void) setreuid(0, 0);
1402 ** Save the current size so if the close() fails below
1403 ** we can make sure no other process has changed the mailbox
1404 ** between the failed close and the re-open()/re-lock().
1405 ** If something else has changed the size, we shouldn't
1406 ** try to truncate it as we may do more harm then good
1407 ** (e.g., truncate a later message delivery).
1410 if (fstat(mbfd, &sb) < 0)
1413 cursize = sb.st_size;
1416 /* Close and check -- NFS doesn't write until the close. */
1419 errcode = "450 4.2.0";
1421 if (errno == EDQUOT && BounceQuota)
1422 errcode = "552 5.2.2";
1424 mailerr(errcode, "Close %s: %s", path, sm_errstring(errno));
1425 mbfd = open(path, O_WRONLY, 0);
1428 || flock(mbfd, LOCK_EX) < 0 ||
1429 fstat(mbfd, &sb) < 0 ||
1430 sb.st_size != cursize ||
1432 !S_ISREG(sb.st_mode) ||
1433 sb.st_dev != fsb.st_dev ||
1434 sb.st_ino != fsb.st_ino ||
1435 #if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1436 sb.st_gen != fsb.st_gen ||
1438 sb.st_uid != fsb.st_uid
1441 /* Don't use a bogus file */
1449 /* Attempt to truncate back to pre-write size */
1453 notifybiff(biffmsg);
1457 (HomeMailFile == NULL || user.mbdb_uid != getuid()) &&
1461 mailerr("450 4.2.0", "setreuid(0, 0): %s",
1462 sm_errstring(errno));
1466 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1470 printf("250 2.1.5 %s Ok\r\n", name);
1474 ** user.lock files are necessary for compatibility with other
1475 ** systems, e.g., when the mail spool file is NFS exported.
1476 ** Alas, mailbox locking is more than just a local matter.
1480 bool Locked = false;
1491 if ((r = maillock(name, 15)) == L_SUCCESS)
1498 case L_TMPLOCK: /* Can't create tmp file */
1499 case L_TMPWRITE: /* Can't write pid into lockfile */
1500 case L_MAXTRYS: /* Failed after retrycnt attempts */
1504 case L_ERROR: /* Check errno for reason */
1507 default: /* other permanent errors */
1522 #else /* MAILLOCK */
1524 char LockName[MAXPATHLEN];
1535 if (strlen(path) + 6 > sizeof LockName)
1537 (void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
1538 (void) time(&start);
1545 /* global timeout */
1547 if (now > start + LOCKTO_GLOB)
1552 fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, LOCKFILE_PMODE);
1555 /* defeat lock checking programs which test pid */
1556 (void) write(fd, "0", 2);
1561 if (stat(LockName, &st) < 0)
1563 if (statfailed++ > 5)
1572 if (now < st.st_ctime + LOCKTO_RM)
1575 /* try to remove stale lockfile */
1576 if (unlink(LockName) < 0)
1586 (void) unlink(LockName);
1589 #endif /* MAILLOCK */
1595 static bool initialized = false;
1600 static struct sockaddr_in addr;
1606 /* Be silent if biff service not available. */
1607 if ((sp = getservbyname("biff", "udp")) == NULL ||
1608 (hp = gethostbyname("localhost")) == NULL ||
1609 hp->h_length != INADDRSZ)
1612 addr.sin_family = hp->h_addrtype;
1613 memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
1614 addr.sin_port = sp->s_port;
1617 /* No message, just return */
1621 /* Couldn't initialize addr struct */
1622 if (addr.sin_family == AF_UNSPEC)
1625 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1627 len = strlen(msg) + 1;
1628 (void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
1635 /* XXX add U to options for USE_EAI */
1637 mailerr(NULL, "usage: mail.local [-7] [-B] [-b] [-d] [-l] [-s] [-f from|-r from] [-h filename] [-p path] user ...");
1639 mailerr(NULL, "usage: mail.local [-7] [-B] [-b] [-d] [-l] [-s] [-f from|-r from] [-h filename] user ...");
1647 mailerr(const char *hdr, const char *fmt, ...)
1648 #else /* __STDC__ */
1649 mailerr(hdr, fmt, va_alist)
1653 #endif /* __STDC__ */
1658 (void) e_to_sys(errno);
1660 SM_VA_START(ap, fmt);
1662 if (LMTPMode && hdr != NULL)
1664 sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
1665 len = strlen(ErrBuf);
1667 (void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
1673 /* Log the message to syslog. */
1675 syslog(LOG_ERR, "%s", ErrBuf);
1682 printf("%s\r\n", ErrBuf);
1685 if (ExitVal != EX_USAGE)
1686 (void) fprintf(stderr, "mail.local: ");
1687 fprintf(stderr, "%s\n", ErrBuf);
1696 static char p[MAXPATHLEN];
1701 char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_";
1703 unsigned char md5[18];
1704 # if MAXPATHLEN <= 24
1705 # error "MAXPATHLEN <= 24"
1710 # endif /* HASHSPOOLMD5 */
1712 if (HashType == HASH_NONE || HashDepth * 2 >= MAXPATHLEN)
1727 MD5_Update(&ctx, name, strlen(name));
1728 MD5_Final(md5, &ctx);
1732 for (i = 0; i < 6; i++)
1734 bits = (unsigned) md5[(3 * i)] << 16;
1735 bits |= (unsigned) md5[(3 * i) + 1] << 8;
1736 bits |= (unsigned) md5[(3 * i) + 2];
1738 for (j = 3; j >= 0; j--)
1740 b64[(4 * i) + j] = Base64[(bits & 0x3f)];
1747 # endif /* HASHSPOOLMD5 */
1751 for (i = 0; i < HashDepth; i++)
1757 p[(i * 2) + 1] = '/';
1759 p[HashDepth * 2] = '\0';
1762 #endif /* HASHSPOOL */
1766 * Guess which errno's are temporary. Gag me.
1773 /* Temporary failures override hard errors. */
1774 if (ExitVal == EX_TEMPFAIL)
1777 switch (num) /* Hopefully temporary errors. */
1780 case EDQUOT: /* Disc quota exceeded */
1783 ExitVal = EX_UNAVAILABLE;
1789 case EAGAIN: /* Resource temporarily unavailable */
1792 case EBUSY: /* Device busy */
1795 case EPROCLIM: /* Too many processes */
1798 case EUSERS: /* Too many users */
1801 case ECONNABORTED: /* Software caused connection abort */
1804 case ECONNREFUSED: /* Connection refused */
1807 case ECONNRESET: /* Connection reset by peer */
1810 case EDEADLK: /* Resource deadlock avoided */
1813 case EFBIG: /* File too large */
1816 case EHOSTDOWN: /* Host is down */
1819 case EHOSTUNREACH: /* No route to host */
1822 case EMFILE: /* Too many open files */
1825 case ENETDOWN: /* Network is down */
1828 case ENETRESET: /* Network dropped connection on reset */
1831 case ENETUNREACH: /* Network is unreachable */
1834 case ENFILE: /* Too many open files in system */
1837 case ENOBUFS: /* No buffer space available */
1840 case ENOMEM: /* Cannot allocate memory */
1843 case ENOSPC: /* No space left on device */
1846 case EROFS: /* Read-only file system */
1849 case ESTALE: /* Stale NFS file handle */
1852 case ETIMEDOUT: /* Connection timed out */
1854 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1855 case EWOULDBLOCK: /* Operation would block. */
1857 ExitVal = EX_TEMPFAIL;
1861 ExitVal = EX_UNAVAILABLE;
1867 #if defined(ultrix) || defined(_CRAY)
1869 * Copyright (c) 1987, 1993
1870 * The Regents of the University of California. All rights reserved.
1872 * Redistribution and use in source and binary forms, with or without
1873 * modification, are permitted provided that the following conditions
1875 * 1. Redistributions of source code must retain the above copyright
1876 * notice, this list of conditions and the following disclaimer.
1877 * 2. Redistributions in binary form must reproduce the above copyright
1878 * notice, this list of conditions and the following disclaimer in the
1879 * documentation and/or other materials provided with the distribution.
1880 * 3. All advertising materials mentioning features or use of this software
1881 * must display the following acknowledgement:
1882 * This product includes software developed by the University of
1883 * California, Berkeley and its contributors.
1884 * 4. Neither the name of the University nor the names of its contributors
1885 * may be used to endorse or promote products derived from this software
1886 * without specific prior written permission.
1888 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1889 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1890 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1891 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1892 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1893 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1894 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1895 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1896 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1897 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1901 # if defined(LIBC_SCCS) && !defined(lint)
1902 static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
1905 # include <sys/types.h>
1906 # include <sys/stat.h>
1912 static int _gettemp();
1919 return (_gettemp(path, &fd) ? fd : -1);
1923 _gettemp(path, doopen)
1925 register int *doopen;
1928 register char *start, *trv;
1933 for (trv = path; *trv; ++trv); /* extra X's get set to 0's */
1934 while (*--trv == 'X')
1936 *trv = (pid % 10) + '0';
1941 * check the target directory; if you have six X's and it
1942 * doesn't exist this runs for a *very* long time.
1944 for (start = trv + 1;; --trv)
1951 if (stat(path, &sbuf) < 0)
1953 if (!S_ISDIR(sbuf.st_mode))
1967 if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
1970 if (errno != EEXIST)
1973 else if (stat(path, &sbuf) < 0)
1974 return(errno == ENOENT ? 1 : 0);
1976 /* tricky little algorithm for backward compatibility */
1985 if (isascii(*trv) && isdigit(*trv))
1995 #endif /* defined(ultrix) || defined(_CRAY) */