2 * Copyright (c) 1990, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * $Id: mail.local.c,v 1.15 1997/12/24 19:38:18 imp Exp $
37 static char copyright[] =
38 "@(#) Copyright (c) 1990, 1993, 1994\n\
39 The Regents of the University of California. All rights reserved.\n";
43 static char sccsid[] = "@(#)mail.local.c 8.6 (Berkeley) 4/8/94";
46 #include <sys/param.h>
48 #include <sys/socket.h>
50 #include <netinet/in.h>
70 #include "pathnames.h"
72 int eval = EX_OK; /* sysexits.h error value. */
74 void deliver __P((int, char *, int));
75 void e_to_sys __P((int));
76 void err __P((const char *, ...)) __dead2;
77 void notifybiff __P((char *));
78 int store __P((char *));
79 void usage __P((void));
80 void vwarn __P((const char *, _BSD_VA_LIST_));
81 void warn __P((const char *, ...));
93 openlog("mail.local", 0, LOG_MAIL);
97 while ((ch = getopt(argc, argv, "bdf:r:")) != -1)
102 case 'd': /* Backward compatible. */
105 case 'r': /* Backward compatible. */
107 warn("multiple -f options");
123 * If from not specified, use the name from getlogin() if the
124 * uid matches, otherwise, use the name from the password file
125 * corresponding to the uid.
128 if (!from && (!(from = getlogin()) ||
129 !(pw = getpwnam(from)) || pw->pw_uid != uid))
130 from = (pw = getpwuid(uid)) ? pw->pw_name : "???";
133 * There is no way to distinguish the error status of one delivery
134 * from the rest of the deliveries. So, if we failed hard on one
135 * or more deliveries, but had no failures on any of the others, we
136 * return a hard failure. If we failed temporarily on one or more
137 * deliveries, we return a temporary failure regardless of the other
138 * failures. This results in the delivery being reattempted later
139 * at the expense of repeated failures and multiple deliveries.
141 for (fd = store(from); *argv; ++argv)
142 deliver(fd, *argv, nobiff);
153 char *tn, line[2048];
155 tn = strdup(_PATH_LOCTMP);
156 if ((fd = mkstemp(tn)) == -1 || (fp = fdopen(fd, "w+")) == NULL) {
158 err("unable to open temporary file");
164 (void)fprintf(fp, "From %s %s", from, ctime(&tval));
167 for (eline = 1; fgets(line, sizeof(line), stdin);) {
171 if (eline && line[0] == 'F' &&
172 !memcmp(line, "From ", 5))
176 (void)fprintf(fp, "%s", line);
179 err("temporary file write error");
183 /* If message not newline terminated, need an extra. */
184 if (!strchr(line, '\n'))
185 (void)putc('\n', fp);
186 /* Output a newline; note, empty messages are allowed. */
187 (void)putc('\n', fp);
189 if (fflush(fp) == EOF || ferror(fp)) {
191 err("temporary file write error");
197 deliver(fd, name, nobiff)
203 int mbfd, nr, nw, off;
204 char biffmsg[100], buf[8*1024], path[MAXPATHLEN];
209 * Disallow delivery to unknown names -- special mailboxes can be
210 * handled in the sendmail aliases file.
212 if (!(pw = getpwnam(name))) {
213 if (eval != EX_TEMPFAIL)
214 eval = EX_UNAVAILABLE;
215 warn("unknown name: %s", name);
219 (void)snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name);
222 * If the mailbox is linked or a symlink, fail. There's an obvious
223 * race here, that the file was replaced with a symbolic link after
224 * the lstat returned, but before the open. We attempt to detect
225 * this by comparing the original stat information and information
226 * returned by an fstat of the file descriptor returned by the open.
228 * NB: this is a symptom of a larger problem, that the mail spooling
229 * directory is writeable by the wrong users. If that directory is
230 * writeable, system security is compromised for other reasons, and
231 * it cannot be fixed here.
233 * If we created the mailbox, set the owner/group. If that fails,
234 * just return. Another process may have already opened it, so we
235 * can't unlink it. Historically, binmail set the owner/group at
236 * each mail delivery. We no longer do this, assuming that if the
237 * ownership or permissions were changed there was a reason.
240 * open(2) should support flock'ing the file.
245 if (lstat(path, &sb)) {
247 O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
251 } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) {
253 warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name);
258 * Now that the box is created and permissions are correct, we
259 * close it and go back to the top so that we will come in
260 * and write as the user. We dont seteuid() before the above
261 * open, because we have to be root/bin to write in var/mail
262 * -Crh (henrich@msu.edu)
266 } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) {
268 warn("%s: linked file", path);
271 /* Become the user, so quota enforcement will occur */
272 if(seteuid(pw->pw_uid) != 0) {
273 warn("Unable to seteuid()");
277 mbfd = open(path, O_APPEND|O_WRONLY, 0);
279 (fstat(mbfd, &fsb) || fsb.st_nlink != 1 ||
280 S_ISLNK(fsb.st_mode) || sb.st_dev != fsb.st_dev ||
281 sb.st_ino != fsb.st_ino)) {
282 warn("%s: file changed after open", path);
291 warn("%s: %s", path, strerror(errno));
296 /* Wait until we can get a lock on the file. */
297 if (flock(mbfd, LOCK_EX)) {
299 warn("%s: %s", path, strerror(errno));
303 curoff = lseek(mbfd, (off_t)0, SEEK_END);
305 (void)snprintf(biffmsg, sizeof(biffmsg), "%s@%qd\n",
309 /* Copy the message into the file. */
310 if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) {
312 warn("temporary file: %s", strerror(errno));
315 while ((nr = read(fd, buf, sizeof(buf))) > 0)
316 for (off = 0; off < nr; nr -= nw, off += nw)
317 if ((nw = write(mbfd, buf + off, nr)) < 0) {
319 warn("%s: %s", path, strerror(errno));
324 warn("temporary file: %s", strerror(errno));
325 err2: (void)ftruncate(mbfd, curoff);
326 err1: (void)close(mbfd);
332 /* Flush to disk, don't wait for update. */
335 warn("%s: %s", path, strerror(errno));
340 /* Close and check -- NFS doesn't write until the close. */
343 warn("%s: %s", path, strerror(errno));
358 static struct sockaddr_in addr;
364 if (!addr.sin_family) {
365 /* Be silent if biff service not available. */
366 if (!(sp = getservbyname("biff", "udp")))
368 if (!(hp = gethostbyname("localhost"))) {
369 warn("localhost: %s", strerror(errno));
372 addr.sin_family = hp->h_addrtype;
373 memmove(&addr.sin_addr, hp->h_addr,
374 MIN(hp->h_length,sizeof(addr.sin_addr)));
375 addr.sin_port = sp->s_port;
377 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
378 warn("socket: %s", strerror(errno));
381 len = strlen(msg) + 1;
382 if (sendto(f, msg, len, 0, (struct sockaddr *)&addr, sizeof(addr))
384 warn("sendto biff: %s", strerror(errno));
391 err("usage: mail.local [-b] [-f from] user ...");
396 err(const char *fmt, ...)
419 warn(const char *fmt, ...)
443 * Log the message to stderr.
445 * Don't use LOG_PERROR as an openlog() flag to do this,
446 * it's not portable enough.
448 if (eval != EX_USAGE)
449 (void)fprintf(stderr, "mail.local: ");
450 (void)vfprintf(stderr, fmt, ap);
451 (void)fprintf(stderr, "\n");
453 /* Log the message to syslog. */
454 vsyslog(LOG_ERR, fmt, ap);
459 * Guess which errno's are temporary. Gag me.
465 /* Temporary failures override hard errors. */
466 if (eval == EX_TEMPFAIL)
469 switch(num) { /* Hopefully temporary errors. */
471 case EAGAIN: /* Resource temporarily unavailable */
474 case EDQUOT: /* Disc quota exceeded */
477 case EBUSY: /* Device busy */
480 case EPROCLIM: /* Too many processes */
483 case EUSERS: /* Too many users */
486 case ECONNABORTED: /* Software caused connection abort */
489 case ECONNREFUSED: /* Connection refused */
492 case ECONNRESET: /* Connection reset by peer */
495 case EDEADLK: /* Resource deadlock avoided */
498 case EFBIG: /* File too large */
501 case EHOSTDOWN: /* Host is down */
504 case EHOSTUNREACH: /* No route to host */
507 case EMFILE: /* Too many open files */
510 case ENETDOWN: /* Network is down */
513 case ENETRESET: /* Network dropped connection on reset */
516 case ENETUNREACH: /* Network is unreachable */
519 case ENFILE: /* Too many open files in system */
522 case ENOBUFS: /* No buffer space available */
525 case ENOMEM: /* Cannot allocate memory */
528 case ENOSPC: /* No space left on device */
531 case EROFS: /* Read-only file system */
534 case ESTALE: /* Stale NFS file handle */
537 case ETIMEDOUT: /* Connection timed out */
539 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
540 case EWOULDBLOCK: /* Operation would block. */
545 eval = EX_UNAVAILABLE;