/* parse program arguments (builtins are also parsed this way first) */
static void parse_prog(cmds* cmd, prog_args* prog)
{
switch(lookahead.kind)
{
/* end of program arguments? */
case AMP:
prog->background=true;
case SEP:
case END:
case STROKE:
return;
/* redirections? */
case IN:
case OUT:
parse_redirection(prog);
break;
/* argument? */
case IDE:
argv_add(prog,get_ide());
break;
default:
raise_error(PARSER_INVALID_STATE);
}
/* parse next program argument */
scan();
parse_prog(cmd,prog);
}
ARGV *xsasl_client_types(void)
{
const XSASL_CLIENT_IMPL_INFO *xp;
ARGV *argv = argv_alloc(1);
for (xp = client_impl_info; xp->client_type; xp++)
argv_add(argv, xp->client_type, ARGV_END);
return (argv);
}
ARGV *argv_split_count(const char *string, const char *delim, ssize_t count)
{
ARGV *argvp = argv_alloc(1);
char *saved_string = mystrdup(string);
char *bp = saved_string;
char *arg;
if (count < 1)
msg_panic("argv_split_count: bad count: %ld", (long) count);
while (count-- > 1 && (arg = mystrtok(&bp, delim)) != 0)
argv_add(argvp, arg, (char *) 0);
if (*bp)
bp += strspn(bp, delim);
if (*bp)
argv_add(argvp, bp, (char *) 0);
argv_terminate(argvp);
myfree(saved_string);
return (argvp);
}
ARGV *match_service_init_argv(char **patterns)
{
ARGV *list = argv_alloc(1);
char **cpp;
for (cpp = patterns; *cpp; cpp++)
argv_add(list, *cpp, (char *) 0);
argv_terminate(list);
match_service_compat(list);
return (list);
}
ARGV *mbox_lock_names(void)
{
const NAME_MASK *np;
ARGV *argv;
argv = argv_alloc(2);
for (np = mbox_mask; np->name != 0; np++)
argv_add(argv, np->name, ARGV_END);
argv_terminate(argv);
return (argv);
}
static void smtp_chat_append(SMTP_SESSION *session, const char *direction,
const char *data)
{
char *line;
if (session->history == 0)
session->history = argv_alloc(10);
line = concatenate(direction, data, (char *) 0);
argv_add(session->history, line, (char *) 0);
myfree(line);
}
ARGV *argv_split_append(ARGV *argvp, const char *string, const char *delim)
{
char *saved_string = mystrdup(string);
char *bp = saved_string;
char *arg;
while ((arg = mystrtok(&bp, delim)) != 0)
argv_add(argvp, arg, (char *) 0);
argv_terminate(argvp);
myfree(saved_string);
return (argvp);
}
SERVER_ACL *server_acl_parse(const char *extern_acl, const char *origin)
{
char *saved_acl = mystrdup(extern_acl);
SERVER_ACL *intern_acl = argv_alloc(1);
char *bp = saved_acl;
char *acl;
#define STREQ(x,y) ((*x) == (*y) && strcasecmp((x), (y)) == 0)
#define STRNE(x,y) ((*x) != (*y) || strcasecmp((x), (y)) != 0)
/*
* Nested tables are not allowed. Tables are opened before entering the
* chroot jail, while access lists are evaluated after entering the
* chroot jail.
*/
while ((acl = mystrtok(&bp, SERVER_ACL_SEPARATORS)) != 0) {
if (strchr(acl, ':') != 0) {
if (strchr(origin, ':') != 0) {
msg_warn("table %s: lookup result \"%s\" is not allowed"
" -- ignoring remainder of access list",
origin, acl);
argv_add(intern_acl, SERVER_ACL_NAME_DUNNO, (char *) 0);
break;
} else {
if (dict_handle(acl) == 0)
dict_register(acl, dict_open(acl, O_RDONLY, DICT_FLAG_LOCK
| DICT_FLAG_FOLD_FIX));
}
}
argv_add(intern_acl, acl, (char *) 0);
}
argv_terminate(intern_acl);
/*
* Cleanup.
*/
myfree(saved_acl);
return (intern_acl);
}
static void smtp_chat_append(SMTPD_STATE *state, char *direction)
{
char *line;
if (state->notify_mask == 0)
return;
if (state->history == 0)
state->history = argv_alloc(10);
line = concatenate(direction, STR(state->buffer), (char *) 0);
argv_add(state->history, line, (char *) 0);
myfree(line);
}
ARGV *mail_addr_crunch(const char *string, const char *extension)
{
VSTRING *extern_addr = vstring_alloc(100);
VSTRING *canon_addr = vstring_alloc(100);
ARGV *argv = argv_alloc(1);
TOK822 *tree;
TOK822 **addr_list;
TOK822 **tpp;
char *ratsign;
ssize_t extlen;
if (extension)
extlen = strlen(extension);
#define STR(x) vstring_str(x)
/*
* Parse the string, rewrite each address to canonical form, and convert
* the result to external (quoted) form. Optionally apply the extension
* to each address found.
*
* XXX Workaround for the null address. This works for envelopes but
* produces ugly results for message headers.
*/
if (*string == 0 || strcmp(string, "<>") == 0)
string = "\"\"";
tree = tok822_parse(string);
addr_list = tok822_grep(tree, TOK822_ADDR);
for (tpp = addr_list; *tpp; tpp++) {
tok822_externalize(extern_addr, tpp[0]->head, TOK822_STR_DEFL);
canon_addr_external(canon_addr, STR(extern_addr));
if (extension) {
VSTRING_SPACE(canon_addr, extlen + 1);
if ((ratsign = strrchr(STR(canon_addr), '@')) == 0) {
vstring_strcat(canon_addr, extension);
} else {
memmove(ratsign + extlen, ratsign, strlen(ratsign) + 1);
memcpy(ratsign, extension, extlen);
VSTRING_SKIP(canon_addr);
}
}
argv_add(argv, STR(canon_addr), ARGV_END);
}
argv_terminate(argv);
myfree((char *) addr_list);
tok822_free_tree(tree);
vstring_free(canon_addr);
vstring_free(extern_addr);
return (argv);
}
ARGV *match_service_init(const char *patterns)
{
const char *delim = " ,\t\r\n";
ARGV *list = argv_alloc(1);
char *saved_patterns = mystrdup(patterns);
char *bp = saved_patterns;
const char *item;
while ((item = mystrtok(&bp, delim)) != 0)
argv_add(list, item, (char *) 0);
argv_terminate(list);
myfree(saved_patterns);
return (list);
}
MAPS *maps_create(const char *title, const char *map_names, int dict_flags)
{
const char *myname = "maps_create";
char *temp;
char *bufp;
static char sep[] = CHARS_COMMA_SP;
static char parens[] = CHARS_BRACE;
MAPS *maps;
char *map_type_name;
VSTRING *map_type_name_flags;
DICT *dict;
/*
* Initialize.
*/
maps = (MAPS *) mymalloc(sizeof(*maps));
maps->title = mystrdup(title);
maps->argv = argv_alloc(2);
maps->error = 0;
/*
* For each specified type:name pair, either register a new dictionary,
* or increment the reference count of an existing one.
*/
if (*map_names) {
bufp = temp = mystrdup(map_names);
map_type_name_flags = vstring_alloc(10);
#define OPEN_FLAGS O_RDONLY
while ((map_type_name = mystrtokq(&bufp, sep, parens)) != 0) {
vstring_sprintf(map_type_name_flags, "%s(%o,%s)",
map_type_name, OPEN_FLAGS,
dict_flags_str(dict_flags));
if ((dict = dict_handle(vstring_str(map_type_name_flags))) == 0)
dict = dict_open(map_type_name, OPEN_FLAGS, dict_flags);
if ((dict->flags & dict_flags) != dict_flags)
msg_panic("%s: map %s has flags 0%o, want flags 0%o",
myname, map_type_name, dict->flags, dict_flags);
dict_register(vstring_str(map_type_name_flags), dict);
argv_add(maps->argv, vstring_str(map_type_name_flags), ARGV_END);
}
myfree(temp);
vstring_free(map_type_name_flags);
}
return (maps);
}
ARGV *dict_mapnames()
{
HTABLE_INFO **ht_info;
HTABLE_INFO **ht;
DICT_OPEN_INFO *dp;
ARGV *mapnames;
if (dict_open_hash == 0)
dict_open_init();
mapnames = argv_alloc(dict_open_hash->used + 1);
for (ht_info = ht = htable_list(dict_open_hash); *ht; ht++) {
dp = (DICT_OPEN_INFO *) ht[0]->value;
argv_add(mapnames, dp->type, ARGV_END);
}
qsort((void *) mapnames->argv, mapnames->argc, sizeof(mapnames->argv[0]),
dict_sort_alpha_cpp);
myfree((char *) ht_info);
argv_terminate(mapnames);
return mapnames;
}
static void pcf_show_master_any_param(VSTREAM *fp, int mode,
PCF_MASTER_ENT *masterp)
{
const char *myname = "pcf_show_master_any_param";
ARGV *argv = argv_alloc(10);
DICT *dict = masterp->all_params;
const char *param_name;
const char *param_value;
int param_count = 0;
int how;
char **cpp;
/*
* Print parameters in sorted order. The number of parameters per
* master.cf entry is small, so we optmiize for code simplicity and don't
* worry about the cost of double lookup.
*/
/* Look up the parameter names and ignore the values. */
for (how = DICT_SEQ_FUN_FIRST;
dict->sequence(dict, how, ¶m_name, ¶m_value) == 0;
how = DICT_SEQ_FUN_NEXT) {
argv_add(argv, param_name, ARGV_END);
param_count++;
}
/* Print the parameters in sorted order. */
qsort(argv->argv, param_count, sizeof(argv->argv[0]), pcf_sort_argv_cb);
for (cpp = argv->argv; (param_name = *cpp) != 0; cpp++) {
if ((param_value = dict_get(dict, param_name)) == 0)
msg_panic("%s: parameter name not found: %s", myname, param_name);
pcf_print_master_param(fp, mode, masterp, param_name, param_value);
}
/*
* Clean up.
*/
argv_free(argv);
}
static ARGV *milter_macro_lookup(MILTERS *milters, const char *macro_names)
{
const char *myname = "milter_macro_lookup";
char *saved_names = mystrdup(macro_names);
char *cp = saved_names;
ARGV *argv = argv_alloc(10);
const char *value;
const char *name;
while ((name = mystrtok(&cp, ", \t\r\n")) != 0) {
if (msg_verbose)
msg_info("%s: \"%s\"", myname, name);
if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
if (msg_verbose)
msg_info("%s: result \"%s\"", myname, value);
argv_add(argv, name, value, (char *) 0);
}
}
myfree(saved_names);
return (argv);
}
static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
char *def_service)
{
DELIVER_REQUEST *request = state->request;
SMTP_ITERATOR *iter = state->iterator;
ARGV *sites;
char *dest;
char **cpp;
int non_fallback_sites;
int retry_plain = 0;
DSN_BUF *why = state->why;
/*
* For sanity, require that at least one of INET or INET6 is enabled.
* Otherwise, we can't look up interface information, and we can't
* convert names or addresses.
*/
if (inet_proto_info()->ai_family_list[0] == 0) {
dsb_simple(why, "4.4.4", "all network protocols are disabled");
return;
}
/*
* Future proofing: do a null destination sanity check in case we allow
* the primary destination to be a list (it could be just separators).
*/
sites = argv_alloc(1);
argv_add(sites, nexthop, (char *) 0);
if (sites->argc == 0)
msg_panic("null destination: \"%s\"", nexthop);
non_fallback_sites = sites->argc;
argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
/*
* Don't give up after a hard host lookup error until we have tried the
* fallback relay servers.
*
* Don't bounce mail after a host lookup problem with a relayhost or with a
* fallback relay.
*
* Don't give up after a qualifying soft error until we have tried all
* qualifying backup mail servers.
*
* All this means that error handling and error reporting depends on whether
* the error qualifies for trying to deliver to a backup mail server, or
* whether we're looking up a relayhost or fallback relay. The challenge
* then is to build this into the pre-existing SMTP client without
* getting lost in the complexity.
*/
#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
(*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
for (cpp = sites->argv, (state->misc_flags |= SMTP_MISC_FLAG_FIRST_NEXTHOP);
SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0;
cpp++, (state->misc_flags &= ~SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
char *dest_buf;
char *domain;
unsigned port;
DNS_RR *addr_list;
DNS_RR *addr;
DNS_RR *next;
int addr_count;
int sess_count;
SMTP_SESSION *session;
int lookup_mx;
unsigned domain_best_pref;
MAI_HOSTADDR_STR hostaddr;
if (cpp[1] == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
/*
* Parse the destination. If no TCP port is specified, use the port
* that is reserved for the protocol (SMTP or LMTP).
*/
dest_buf = smtp_parse_destination(dest, def_service, &domain, &port);
if (var_helpful_warnings && var_smtp_tls_wrappermode == 0
&& ntohs(port) == 465) {
msg_info("SMTPS wrappermode (TCP port 465) requires setting "
"\"%s = yes\", and \"%s = encrypt\" (or stronger)",
VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL));
}
#define NO_HOST "" /* safety */
#define NO_ADDR "" /* safety */
SMTP_ITER_INIT(iter, dest, NO_HOST, NO_ADDR, port, state);
/*
* Resolve an SMTP or LMTP server. In the case of SMTP, skip mail
* exchanger lookups when a quoted host is specified or when DNS
* lookups are disabled.
*/
if (msg_verbose)
msg_info("connecting to %s port %d", domain, ntohs(port));
if (smtp_mode) {
if (ntohs(port) == IPPORT_SMTP)
state->misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
else
state->misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
lookup_mx = (smtp_dns_support != SMTP_DNS_DISABLED && *dest != '[');
} else
lookup_mx = 0;
if (!lookup_mx) {
addr_list = smtp_host_addr(domain, state->misc_flags, why);
/* XXX We could be an MX host for this destination... */
} else {
int i_am_mx = 0;
addr_list = smtp_domain_addr(domain, &iter->mx, state->misc_flags,
why, &i_am_mx);
/* If we're MX host, don't connect to non-MX backups. */
if (i_am_mx)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
}
/*
* Don't try fall-back hosts if mail loops to myself. That would just
* make the problem worse.
*/
if (addr_list == 0 && SMTP_HAS_LOOP_DSN(why))
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
/*
* No early loop exit or we have a memory leak with dest_buf.
*/
if (addr_list)
domain_best_pref = addr_list->pref;
/*
* When session caching is enabled, store the first good session for
* this delivery request under the next-hop destination name. All
* good sessions will be stored under their specific server IP
* address.
*
* XXX smtp_session_cache_destinations specifies domain names without
* :port, because : is already used for maptype:mapname. Because of
* this limitation we use the bare domain without the optional [] or
* non-default TCP port.
*
* Opportunistic (a.k.a. on-demand) session caching on request by the
* queue manager. This is turned temporarily when a destination has a
* high volume of mail in the active queue. When the surge reaches
* its end, the queue manager requests that connections be retrieved
* but not stored.
*/
if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
smtp_cache_policy(state, domain);
if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK)
SET_NEXTHOP_STATE(state, dest);
}
/*
* Delete visited cached hosts from the address list.
*
* Optionally search the connection cache by domain name or by primary
* MX address before we try to create new connections.
*
* Enforce the MX session and MX address counts per next-hop or
* fall-back destination. smtp_reuse_session() will truncate the
* address list when either limit is reached.
*/
if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD)) {
if (state->cache_used->used > 0)
smtp_scrub_addr_list(state->cache_used, &addr_list);
sess_count = addr_count =
smtp_reuse_session(state, &addr_list, domain_best_pref);
} else
sess_count = addr_count = 0;
/*
* Connect to an SMTP server: create primary MX connections, and
* reuse or create backup MX connections.
*
* At the start of an SMTP session, all recipients are unmarked. In the
* course of an SMTP session, recipients are marked as KEEP (deliver
* to alternate mail server) or DROP (remove from recipient list). At
* the end of an SMTP session, weed out the recipient list. Unmark
* any left-over recipients and try to deliver them to a backup mail
* server.
*
* Cache the first good session under the next-hop destination name.
* Cache all good sessions under their physical endpoint.
*
* Don't query the session cache for primary MX hosts. We already did
* that in smtp_reuse_session(), and if any were found in the cache,
* they were already deleted from the address list.
*
* Currently, we use smtp_reuse_addr() only for SASL-unauthenticated
* connections. Furthermore, we rely on smtp_reuse_addr() to look up
* an existing SASL-unauthenticated connection only when a new
* connection would be guaranteed not to require SASL authentication.
*
* In addition, we rely on smtp_reuse_addr() to look up an existing
* plaintext connection only when a new connection would be
* guaranteed not to use TLS.
*/
for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
next = addr->next;
if (++addr_count == var_smtp_mxaddr_limit)
next = 0;
if (dns_rr_to_pa(addr, &hostaddr) == 0) {
msg_warn("cannot convert type %s record to printable address",
dns_strtype(addr->type));
/* XXX Assume there is no code at the end of this loop. */
continue;
}
vstring_strcpy(iter->addr, hostaddr.buf);
vstring_strcpy(iter->host, SMTP_HNAME(addr));
iter->rr = addr;
#ifdef USE_TLS
if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
msg_warn("TLS policy lookup for %s/%s: %s",
STR(iter->dest), STR(iter->host), STR(why->reason));
continue;
/* XXX Assume there is no code at the end of this loop. */
}
if (var_smtp_tls_wrappermode
&& state->tls->level < TLS_LEV_ENCRYPT) {
msg_warn("%s requires \"%s = encrypt\" (or stronger)",
VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL));
continue;
/* XXX Assume there is no code at the end of this loop. */
}
/* Disable TLS when retrying after a handshake failure */
if (retry_plain) {
state->tls->level = TLS_LEV_NONE;
retry_plain = 0;
}
#endif
if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0
|| addr->pref == domain_best_pref
|| !(session = smtp_reuse_addr(state,
SMTP_KEY_MASK_SCACHE_ENDP_LABEL)))
session = smtp_connect_addr(iter, why, state->misc_flags);
if ((state->session = session) != 0) {
session->state = state;
#ifdef USE_TLS
session->tls_nexthop = domain;
#endif
if (addr->pref == domain_best_pref)
session->features |= SMTP_FEATURE_BEST_MX;
/* Don't count handshake errors towards the session limit. */
if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
&& next == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0
&& smtp_helo(state) != 0) {
#ifdef USE_TLS
/*
* When an opportunistic TLS handshake fails, try the
* same address again, with TLS disabled. See also the
* RETRY_AS_PLAINTEXT macro.
*/
if ((retry_plain = session->tls_retry_plain) != 0) {
--addr_count;
next = addr;
}
#endif
/*
* When a TLS handshake fails, the stream is marked
* "dead" to avoid further I/O over a broken channel.
*/
if (!THIS_SESSION_IS_FORBIDDEN
&& vstream_ferror(session->stream) == 0
&& vstream_feof(session->stream) == 0)
smtp_quit(state);
} else {
/* Do count delivery errors towards the session limit. */
if (++sess_count == var_smtp_mxsess_limit)
next = 0;
if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
&& next == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
smtp_xfer(state);
#ifdef USE_TLS
/*
* When opportunistic TLS fails after the STARTTLS
* handshake, try the same address again, with TLS
* disabled. See also the RETRY_AS_PLAINTEXT macro.
*/
if ((retry_plain = session->tls_retry_plain) != 0) {
--sess_count;
--addr_count;
next = addr;
}
#endif
}
smtp_cleanup_session(state);
} else {
/* The reason already includes the IP address and TCP port. */
msg_info("%s", STR(why->reason));
}
/* XXX Code above assumes there is no code at this loop ending. */
}
dns_rr_free(addr_list);
if (iter->mx) {
dns_rr_free(iter->mx);
iter->mx = 0; /* Just in case */
}
myfree(dest_buf);
if (state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
break;
}
/*
* We still need to deliver, bounce or defer some left-over recipients:
* either mail loops or some backup mail server was unavailable.
*/
if (SMTP_RCPT_LEFT(state) > 0) {
/*
* In case of a "no error" indication we make up an excuse: we did
* find the host address, but we did not attempt to connect to it.
* This can happen when the fall-back relay was already tried via a
* cached connection, so that the address list scrubber left behind
* an empty list.
*/
if (!SMTP_HAS_DSN(why)) {
dsb_simple(why, "4.3.0",
"server unavailable or unable to receive mail");
}
/*
* Pay attention to what could be configuration problems, and pretend
* that these are recoverable rather than bouncing the mail.
*/
else if (!SMTP_HAS_SOFT_DSN(why)) {
/*
* The fall-back destination did not resolve as expected, or it
* is refusing to talk to us, or mail for it loops back to us.
*/
if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
msg_warn("%s configuration problem", VAR_SMTP_FALLBACK);
vstring_strcpy(why->status, "4.3.5");
/* XXX Keep the diagnostic code and MTA. */
}
/*
* The next-hop relayhost did not resolve as expected, or it is
* refusing to talk to us, or mail for it loops back to us.
*
* XXX There is no equivalent safety net for mis-configured
* sender-dependent relay hosts. The trivial-rewrite resolver
* would have to flag the result, and the queue manager would
* have to provide that information to delivery agents.
*/
else if (smtp_mode && strcmp(sites->argv[0], var_relayhost) == 0) {
msg_warn("%s configuration problem", VAR_RELAYHOST);
vstring_strcpy(why->status, "4.3.5");
/* XXX Keep the diagnostic code and MTA. */
}
/*
* Mail for the next-hop destination loops back to myself. Pass
* the mail to the best_mx_transport or bounce it.
*/
else if (smtp_mode && SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
dsb_reset(why); /* XXX */
state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
var_bestmx_transp,
request);
SMTP_RCPT_LEFT(state) = 0; /* XXX */
}
}
}
/*
* Cleanup.
*/
if (HAVE_NEXTHOP_STATE(state))
FREE_NEXTHOP_STATE(state);
argv_free(sites);
}
static void show_queue(void)
{
const char *errstr;
char buf[VSTREAM_BUFSIZE];
VSTREAM *showq;
int n;
uid_t uid = getuid();
if (uid != 0 && uid != var_owner_uid
&& (errstr = check_user_acl_byuid(VAR_SHOWQ_ACL, var_showq_acl,
uid)) != 0)
msg_fatal_status(EX_NOPERM,
"User %s(%ld) is not allowed to view the mail queue",
errstr, (long) uid);
/*
* Connect to the show queue service. Terminate silently when piping into
* a program that terminates early.
*/
if ((showq = mail_connect(MAIL_CLASS_PUBLIC, var_showq_service, BLOCKING)) != 0) {
while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0) {
if (vstream_fwrite(VSTREAM_OUT, buf, n) != n
|| vstream_fflush(VSTREAM_OUT) != 0) {
if (errno == EPIPE)
break;
msg_fatal("write error: %m");
}
}
if (vstream_fclose(showq) && errno != EPIPE)
msg_warn("close: %m");
}
/*
* Don't assume that the mail system is down when the user has
* insufficient permission to access the showq socket.
*/
else if (errno == EACCES) {
msg_fatal_status(EX_SOFTWARE,
"Connect to the %s %s service: %m",
var_mail_name, var_showq_service);
}
/*
* When the mail system is down, the superuser can still access the queue
* directly. Just run the showq program in stand-alone mode.
*/
else if (geteuid() == 0) {
ARGV *argv;
int stat;
msg_warn("Mail system is down -- accessing queue directly");
argv = argv_alloc(6);
argv_add(argv, var_showq_service, "-u", "-S", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(argv, "-v", (char *) 0);
argv_terminate(argv);
stat = mail_run_foreground(var_daemon_dir, argv->argv);
argv_free(argv);
if (stat != 0)
msg_fatal_status(stat < 0 ? EX_OSERR : EX_SOFTWARE,
"Error running %s/%s",
var_daemon_dir, argv->argv[0]);
}
/*
* When the mail system is down, unprivileged users are stuck, because by
* design the mail system contains no set_uid programs. The only way for
* an unprivileged user to cross protection boundaries is to talk to the
* showq daemon.
*/
else {
msg_fatal_status(EX_UNAVAILABLE,
"Queue report unavailable - mail system is down");
}
}
int deliver_command(LOCAL_STATE state, USER_ATTR usr_attr, const char *command)
{
const char *myname = "deliver_command";
DSN_BUF *why = state.msg_attr.why;
int cmd_status;
int deliver_status;
ARGV *env;
int copy_flags;
char **cpp;
char *cp;
ARGV *export_env;
VSTRING *exec_dir;
int expand_status;
/*
* Make verbose logging easier to understand.
*/
state.level++;
if (msg_verbose)
MSG_LOG_STATE(myname, state);
/*
* DUPLICATE ELIMINATION
*
* Skip this command if it was already delivered to as this user.
*/
if (been_here(state.dup_filter, "command %s:%ld %s",
state.msg_attr.user, (long) usr_attr.uid, command))
return (0);
/*
* Don't deliver a trace-only request.
*/
if (DEL_REQ_TRACE_ONLY(state.request->flags)) {
dsb_simple(why, "2.0.0", "delivers to command: %s", command);
return (sent(BOUNCE_FLAGS(state.request),
SENT_ATTR(state.msg_attr)));
}
/*
* DELIVERY RIGHTS
*
* Choose a default uid and gid when none have been selected (i.e. values
* are still zero).
*/
if (usr_attr.uid == 0 && (usr_attr.uid = var_default_uid) == 0)
msg_panic("privileged default user id");
if (usr_attr.gid == 0 && (usr_attr.gid = var_default_gid) == 0)
msg_panic("privileged default group id");
/*
* Deliver.
*/
copy_flags = MAIL_COPY_FROM | MAIL_COPY_RETURN_PATH
| MAIL_COPY_ORIG_RCPT;
if (local_deliver_hdr_mask & DELIVER_HDR_CMD)
copy_flags |= MAIL_COPY_DELIVERED;
if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0)
msg_fatal("%s: seek queue file %s: %m",
myname, VSTREAM_PATH(state.msg_attr.fp));
/*
* Pass additional environment information. XXX This should be
* configurable. However, passing untrusted information via environment
* parameters opens up a whole can of worms. Lesson from web servers:
* don't let any network data even near a shell. It causes trouble.
*/
env = argv_alloc(1);
if (usr_attr.home)
argv_add(env, "HOME", usr_attr.home, ARGV_END);
argv_add(env,
"LOGNAME", state.msg_attr.user,
"USER", state.msg_attr.user,
"SENDER", state.msg_attr.sender,
"RECIPIENT", state.msg_attr.rcpt.address,
"LOCAL", state.msg_attr.local,
ARGV_END);
if (usr_attr.shell)
argv_add(env, "SHELL", usr_attr.shell, ARGV_END);
if (state.msg_attr.domain)
argv_add(env, "DOMAIN", state.msg_attr.domain, ARGV_END);
if (state.msg_attr.extension)
argv_add(env, "EXTENSION", state.msg_attr.extension, ARGV_END);
if (state.msg_attr.rcpt.orig_addr && state.msg_attr.rcpt.orig_addr[0])
argv_add(env, "ORIGINAL_RECIPIENT", state.msg_attr.rcpt.orig_addr,
ARGV_END);
#define EXPORT_REQUEST(name, value) \
if ((value)[0]) argv_add(env, (name), (value), ARGV_END);
EXPORT_REQUEST("CLIENT_HOSTNAME", state.msg_attr.request->client_name);
EXPORT_REQUEST("CLIENT_ADDRESS", state.msg_attr.request->client_addr);
EXPORT_REQUEST("CLIENT_HELO", state.msg_attr.request->client_helo);
EXPORT_REQUEST("CLIENT_PROTOCOL", state.msg_attr.request->client_proto);
EXPORT_REQUEST("SASL_METHOD", state.msg_attr.request->sasl_method);
EXPORT_REQUEST("SASL_SENDER", state.msg_attr.request->sasl_sender);
EXPORT_REQUEST("SASL_USERNAME", state.msg_attr.request->sasl_username);
argv_terminate(env);
/*
* Censor out undesirable characters from exported data.
*/
for (cpp = env->argv; *cpp; cpp += 2)
for (cp = cpp[1]; *(cp += strspn(cp, var_cmd_exp_filter)) != 0;)
*cp++ = '_';
/*
* Evaluate the command execution directory. Defer delivery if expansion
* fails.
*/
export_env = mail_parm_split(VAR_EXPORT_ENVIRON, var_export_environ);
exec_dir = vstring_alloc(10);
expand_status = local_expand(exec_dir, var_exec_directory,
&state, &usr_attr, var_exec_exp_filter);
if (expand_status & MAC_PARSE_ERROR) {
cmd_status = PIPE_STAT_DEFER;
dsb_simple(why, "4.3.5", "mail system configuration error");
msg_warn("bad parameter value syntax for %s: %s",
VAR_EXEC_DIRECTORY, var_exec_directory);
} else {
cmd_status = pipe_command(state.msg_attr.fp, why,
PIPE_CMD_UID, usr_attr.uid,
PIPE_CMD_GID, usr_attr.gid,
PIPE_CMD_COMMAND, command,
PIPE_CMD_COPY_FLAGS, copy_flags,
PIPE_CMD_SENDER, state.msg_attr.sender,
PIPE_CMD_ORIG_RCPT, state.msg_attr.rcpt.orig_addr,
PIPE_CMD_DELIVERED, state.msg_attr.delivered,
PIPE_CMD_TIME_LIMIT, var_command_maxtime,
PIPE_CMD_ENV, env->argv,
PIPE_CMD_EXPORT, export_env->argv,
PIPE_CMD_SHELL, var_local_cmd_shell,
PIPE_CMD_CWD, *STR(exec_dir) ?
STR(exec_dir) : (char *) 0,
PIPE_CMD_END);
}
vstring_free(exec_dir);
argv_free(export_env);
argv_free(env);
/*
* Depending on the result, bounce or defer the message.
*/
switch (cmd_status) {
case PIPE_STAT_OK:
dsb_simple(why, "2.0.0", "delivered to command: %s", command);
deliver_status = sent(BOUNCE_FLAGS(state.request),
SENT_ATTR(state.msg_attr));
break;
case PIPE_STAT_BOUNCE:
case PIPE_STAT_DEFER:
/* Account for possible owner- sender address override. */
deliver_status = bounce_workaround(state);
break;
case PIPE_STAT_CORRUPT:
deliver_status = DEL_STAT_DEFER;
break;
default:
msg_panic("%s: bad status %d", myname, cmd_status);
/* NOTREACHED */
}
return (deliver_status);
}
static void pgsql_parse_config(DICT_PGSQL *dict_pgsql, const char *pgsqlcf)
{
const char *myname = "pgsql_parse_config";
CFG_PARSER *p = dict_pgsql->parser;
char *hosts;
VSTRING *query;
char *select_function;
dict_pgsql->username = cfg_get_str(p, "user", "", 0, 0);
dict_pgsql->password = cfg_get_str(p, "password", "", 0, 0);
dict_pgsql->dbname = cfg_get_str(p, "dbname", "", 1, 0);
dict_pgsql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
/*
* XXX: The default should be non-zero for safety, but that is not
* backwards compatible.
*/
dict_pgsql->expansion_limit = cfg_get_int(dict_pgsql->parser,
"expansion_limit", 0, 0, 0);
if ((dict_pgsql->query = cfg_get_str(p, "query", 0, 0, 0)) == 0) {
/*
* No query specified -- fallback to building it from components (
* old style "select %s from %s where %s" )
*/
query = vstring_alloc(64);
select_function = cfg_get_str(p, "select_function", 0, 0, 0);
if (select_function != 0) {
vstring_sprintf(query, "SELECT %s('%%s')", select_function);
myfree(select_function);
} else
db_common_sql_build_query(query, p);
dict_pgsql->query = vstring_export(query);
}
/*
* Must parse all templates before we can use db_common_expand()
*/
dict_pgsql->ctx = 0;
(void) db_common_parse(&dict_pgsql->dict, &dict_pgsql->ctx,
dict_pgsql->query, 1);
(void) db_common_parse(0, &dict_pgsql->ctx, dict_pgsql->result_format, 0);
db_common_parse_domain(p, dict_pgsql->ctx);
/*
* Maps that use substring keys should only be used with the full input
* key.
*/
if (db_common_dict_partial(dict_pgsql->ctx))
dict_pgsql->dict.flags |= DICT_FLAG_PATTERN;
else
dict_pgsql->dict.flags |= DICT_FLAG_FIXED;
if (dict_pgsql->dict.flags & DICT_FLAG_FOLD_FIX)
dict_pgsql->dict.fold_buf = vstring_alloc(10);
hosts = cfg_get_str(p, "hosts", "", 0, 0);
dict_pgsql->hosts = argv_split(hosts, " ,\t\r\n");
if (dict_pgsql->hosts->argc == 0) {
argv_add(dict_pgsql->hosts, "localhost", ARGV_END);
argv_terminate(dict_pgsql->hosts);
if (msg_verbose)
msg_info("%s: %s: no hostnames specified, defaulting to '%s'",
myname, pgsqlcf, dict_pgsql->hosts->argv[0]);
}
myfree(hosts);
}
ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr,
MAPS *maps, int propagate)
{
ARGV *argv;
ARGV *lookup;
int count;
int i;
int arg;
BH_TABLE *been_here;
char *saved_lhs;
/*
* Initialize.
*/
argv = argv_alloc(1);
argv_add(argv, addr, ARGV_END);
argv_terminate(argv);
been_here = been_here_init(0, BH_FLAG_FOLD);
/*
* Rewrite the address vector in place. With each map lookup result,
* split it into separate addresses, then rewrite and flatten each
* address, and repeat the process. Beware: argv is being changed, so we
* must index the array explicitly, instead of running along it with a
* pointer.
*/
#define UPDATE(ptr,new) do { \
if (ptr) myfree(ptr); ptr = mystrdup(new); \
} while (0)
#define STR vstring_str
#define RETURN(x) do { \
been_here_free(been_here); return (x); \
} while (0)
#define UNEXPAND(argv, addr) do { \
argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \
} while (0)
for (arg = 0; arg < argv->argc; arg++) {
if (argv->argc > var_virt_expan_limit) {
msg_warn("%s: unreasonable %s map expansion size for %s -- "
"message not accepted, try again later",
state->queue_id, maps->title, addr);
state->errs |= CLEANUP_STAT_DEFER;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
}
for (count = 0; /* void */ ; count++) {
/*
* Don't expand an address that already expanded into itself.
*/
if (been_here_check_fixed(been_here, argv->argv[arg]) != 0)
break;
if (count >= var_virt_recur_limit) {
msg_warn("%s: unreasonable %s map nesting for %s -- "
"message not accepted, try again later",
state->queue_id, maps->title, addr);
state->errs |= CLEANUP_STAT_DEFER;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
}
quote_822_local(state->temp1, argv->argv[arg]);
if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
saved_lhs = mystrdup(argv->argv[arg]);
for (i = 0; i < lookup->argc; i++) {
unquote_822_local(state->temp1, lookup->argv[i]);
if (i == 0) {
UPDATE(argv->argv[arg], STR(state->temp1));
} else {
argv_add(argv, STR(state->temp1), ARGV_END);
argv_terminate(argv);
}
/*
* Allow an address to expand into itself once.
*/
if (strcasecmp(saved_lhs, STR(state->temp1)) == 0)
been_here_fixed(been_here, saved_lhs);
}
myfree(saved_lhs);
argv_free(lookup);
} else if (maps->error != 0) {
msg_warn("%s: %s map lookup problem for %s -- "
"message not accepted, try again later",
state->queue_id, maps->title, addr);
state->errs |= CLEANUP_STAT_WRITE;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
} else {
break;
}
}
}
RETURN(argv);
}
/* mysqlname_parse - parse mysql configuration file */
static MYSQL_NAME *mysqlname_parse(const char *mysqlcf)
{
const char *myname = "mysqlname_parse";
int i;
char *hosts;
MYSQL_NAME *name = (MYSQL_NAME *) mymalloc(sizeof(MYSQL_NAME));
ARGV *hosts_argv;
/* parser */
name->parser = cfg_parser_alloc(mysqlcf);
/* username */
name->username = cfg_get_str(name->parser, "user", "", 0, 0);
/* password */
name->password = cfg_get_str(name->parser, "password", "", 0, 0);
/* database name */
name->dbname = cfg_get_str(name->parser, "dbname", "", 1, 0);
/* table name */
name->table = cfg_get_str(name->parser, "table", "", 1, 0);
/* select field */
name->select_field = cfg_get_str(name->parser, "select_field", "", 1, 0);
/* where field */
name->where_field = cfg_get_str(name->parser, "where_field", "", 1, 0);
/* additional conditions */
name->additional_conditions = cfg_get_str(name->parser,
"additional_conditions",
"", 0, 0);
/* mysql server hosts */
hosts = cfg_get_str(name->parser, "hosts", "", 0, 0);
/* coo argv interface */
hosts_argv = argv_split(hosts, " ,\t\r\n");
if (hosts_argv->argc == 0) {
/* no hosts specified,
* default to 'localhost' */
if (msg_verbose)
msg_info("%s: %s: no hostnames specified, defaulting to 'localhost'",
myname, mysqlcf);
argv_add(hosts_argv, "localhost", ARGV_END);
argv_terminate(hosts_argv);
}
name->len_hosts = hosts_argv->argc;
name->hostnames = (char **) mymalloc((sizeof(char *)) * name->len_hosts);
i = 0;
for (i = 0; hosts_argv->argv[i] != NULL; i++) {
name->hostnames[i] = mystrdup(hosts_argv->argv[i]);
if (msg_verbose)
msg_info("%s: %s: adding host '%s' to list of mysql server hosts",
myname, mysqlcf, name->hostnames[i]);
}
myfree(hosts);
argv_free(hosts_argv);
return name;
}
static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop,
char *def_service)
{
DELIVER_REQUEST *request = state->request;
ARGV *sites;
char *dest;
char **cpp;
int non_fallback_sites;
int retry_plain = 0;
DSN_BUF *why = state->why;
/*
* First try to deliver to the indicated destination, then try to deliver
* to the optional fall-back relays.
*
* Future proofing: do a null destination sanity check in case we allow the
* primary destination to be a list (it could be just separators).
*/
sites = argv_alloc(1);
argv_add(sites, nexthop, (char *) 0);
if (sites->argc == 0)
msg_panic("null destination: \"%s\"", nexthop);
non_fallback_sites = sites->argc;
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0)
argv_split_append(sites, var_fallback_relay, ", \t\r\n");
/*
* Don't give up after a hard host lookup error until we have tried the
* fallback relay servers.
*
* Don't bounce mail after a host lookup problem with a relayhost or with a
* fallback relay.
*
* Don't give up after a qualifying soft error until we have tried all
* qualifying backup mail servers.
*
* All this means that error handling and error reporting depends on whether
* the error qualifies for trying to deliver to a backup mail server, or
* whether we're looking up a relayhost or fallback relay. The challenge
* then is to build this into the pre-existing SMTP client without
* getting lost in the complexity.
*/
#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
(*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
for (cpp = sites->argv, (state->misc_flags |= SMTP_MISC_FLAG_FIRST_NEXTHOP);
SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0;
cpp++, (state->misc_flags &= ~SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
char *dest_buf;
char *domain;
unsigned port;
DNS_RR *addr_list;
DNS_RR *addr;
DNS_RR *next;
int addr_count;
int sess_count;
SMTP_SESSION *session;
int lookup_mx;
unsigned domain_best_pref;
MAI_HOSTADDR_STR hostaddr;
if (cpp[1] == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
/*
* Parse the destination. Default is to use the SMTP port. Look up
* the address instead of the mail exchanger when a quoted host is
* specified, or when DNS lookups are disabled.
*/
dest_buf = smtp_parse_destination(dest, def_service, &domain, &port);
if (var_helpful_warnings && ntohs(port) == 465) {
msg_info("CLIENT wrappermode (port smtps/465) is unimplemented");
msg_info("instead, send to (port submission/587) with STARTTLS");
}
/*
* Resolve an SMTP server. Skip mail exchanger lookups when a quoted
* host is specified, or when DNS lookups are disabled.
*/
if (msg_verbose)
msg_info("connecting to %s port %d", domain, ntohs(port));
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
if (ntohs(port) == IPPORT_SMTP)
state->misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
else
state->misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
lookup_mx = (var_disable_dns == 0 && *dest != '[');
} else
lookup_mx = 0;
if (!lookup_mx) {
addr_list = smtp_host_addr(domain, state->misc_flags, why);
/* XXX We could be an MX host for this destination... */
} else {
int i_am_mx = 0;
addr_list = smtp_domain_addr(domain, state->misc_flags,
why, &i_am_mx);
/* If we're MX host, don't connect to non-MX backups. */
if (i_am_mx)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
}
/*
* Don't try fall-back hosts if mail loops to myself. That would just
* make the problem worse.
*/
if (addr_list == 0 && SMTP_HAS_LOOP_DSN(why))
state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
/*
* No early loop exit or we have a memory leak with dest_buf.
*/
if (addr_list)
domain_best_pref = addr_list->pref;
/*
* When session caching is enabled, store the first good session for
* this delivery request under the next-hop destination name. All
* good sessions will be stored under their specific server IP
* address.
*
* XXX Replace sites->argv by (lookup_mx, domain, port) triples so we
* don't have to make clumsy ad-hoc copies and keep track of who
* free()s the memory.
*
* XXX smtp_session_cache_destinations specifies domain names without
* :port, because : is already used for maptype:mapname. Because of
* this limitation we use the bare domain without the optional [] or
* non-default TCP port.
*
* Opportunistic (a.k.a. on-demand) session caching on request by the
* queue manager. This is turned temporarily when a destination has a
* high volume of mail in the active queue.
*
* XXX Disable connection caching when sender-dependent authentication
* is enabled. We must not send someone elses mail over an
* authenticated connection, and we must not send mail that requires
* authentication over a connection that wasn't authenticated.
*/
if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
smtp_cache_policy(state, domain);
if (state->misc_flags & SMTP_MISC_FLAG_CONN_STORE)
SET_NEXTHOP_STATE(state, lookup_mx, domain, port);
}
/*
* Delete visited cached hosts from the address list.
*
* Optionally search the connection cache by domain name or by primary
* MX address before we try to create new connections.
*
* Enforce the MX session and MX address counts per next-hop or
* fall-back destination. smtp_reuse_session() will truncate the
* address list when either limit is reached.
*/
if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD)) {
if (state->cache_used->used > 0)
smtp_scrub_addr_list(state->cache_used, &addr_list);
sess_count = addr_count =
smtp_reuse_session(state, lookup_mx, domain, port,
&addr_list, domain_best_pref);
} else
sess_count = addr_count = 0;
/*
* Connect to an SMTP server: create primary MX connections, and
* reuse or create backup MX connections.
*
* At the start of an SMTP session, all recipients are unmarked. In the
* course of an SMTP session, recipients are marked as KEEP (deliver
* to alternate mail server) or DROP (remove from recipient list). At
* the end of an SMTP session, weed out the recipient list. Unmark
* any left-over recipients and try to deliver them to a backup mail
* server.
*
* Cache the first good session under the next-hop destination name.
* Cache all good sessions under their physical endpoint.
*
* Don't query the session cache for primary MX hosts. We already did
* that in smtp_reuse_session(), and if any were found in the cache,
* they were already deleted from the address list.
*/
for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
next = addr->next;
if (++addr_count == var_smtp_mxaddr_limit)
next = 0;
if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0
|| addr->pref == domain_best_pref
|| dns_rr_to_pa(addr, &hostaddr) == 0
|| !(session = smtp_reuse_addr(state, hostaddr.buf, port)))
session = smtp_connect_addr(dest, addr, port, why,
state->misc_flags);
if ((state->session = session) != 0) {
session->state = state;
if (addr->pref == domain_best_pref)
session->features |= SMTP_FEATURE_BEST_MX;
/* Don't count handshake errors towards the session limit. */
if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
&& next == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
#ifdef USE_TLS
/* Disable TLS when retrying after a handshake failure */
if (retry_plain) {
if (session->tls_level >= TLS_LEV_ENCRYPT)
msg_panic("Plain-text retry wrong for mandatory TLS");
session->tls_level = TLS_LEV_NONE;
retry_plain = 0;
}
session->tls_nexthop = domain; /* for TLS_LEV_SECURE */
#endif
if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0
&& smtp_helo(state) != 0) {
#ifdef USE_TLS
/*
* When an opportunistic TLS handshake fails, try the
* same address again, with TLS disabled. See also the
* RETRY_AS_PLAINTEXT macro.
*/
if ((retry_plain = session->tls_retry_plain) != 0) {
--addr_count;
next = addr;
}
#endif
/*
* When a TLS handshake fails, the stream is marked
* "dead" to avoid further I/O over a broken channel.
*/
if (!THIS_SESSION_IS_DEAD
&& vstream_ferror(session->stream) == 0
&& vstream_feof(session->stream) == 0)
smtp_quit(state);
} else {
/* Do count delivery errors towards the session limit. */
if (++sess_count == var_smtp_mxsess_limit)
next = 0;
if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
&& next == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
smtp_xfer(state);
}
smtp_cleanup_session(state);
} else {
/* The reason already includes the IP address and TCP port. */
msg_info("%s", STR(why->reason));
}
/* Insert: test if we must skip the remaining MX hosts. */
}
dns_rr_free(addr_list);
myfree(dest_buf);
if (state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
break;
}
/*
* We still need to deliver, bounce or defer some left-over recipients:
* either mail loops or some backup mail server was unavailable.
*/
if (SMTP_RCPT_LEFT(state) > 0) {
/*
* In case of a "no error" indication we make up an excuse: we did
* find the host address, but we did not attempt to connect to it.
* This can happen when the fall-back relay was already tried via a
* cached connection, so that the address list scrubber left behind
* an empty list.
*/
if (!SMTP_HAS_DSN(why)) {
dsb_simple(why, "4.3.0",
"server unavailable or unable to receive mail");
}
/*
* Pay attention to what could be configuration problems, and pretend
* that these are recoverable rather than bouncing the mail.
*/
else if (!SMTP_HAS_SOFT_DSN(why)
&& (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
/*
* The fall-back destination did not resolve as expected, or it
* is refusing to talk to us, or mail for it loops back to us.
*/
if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
msg_warn("%s configuration problem", VAR_SMTP_FALLBACK);
vstring_strcpy(why->status, "4.3.5");
/* XXX Keep the diagnostic code and MTA. */
}
/*
* The next-hop relayhost did not resolve as expected, or it is
* refusing to talk to us, or mail for it loops back to us.
*/
else if (strcmp(sites->argv[0], var_relayhost) == 0) {
msg_warn("%s configuration problem", VAR_RELAYHOST);
vstring_strcpy(why->status, "4.3.5");
/* XXX Keep the diagnostic code and MTA. */
}
/*
* Mail for the next-hop destination loops back to myself. Pass
* the mail to the best_mx_transport or bounce it.
*/
else if (SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
dsb_reset(why); /* XXX */
state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
var_bestmx_transp,
request);
SMTP_RCPT_LEFT(state) = 0; /* XXX */
}
}
}
/*
* Cleanup.
*/
if (HAVE_NEXTHOP_STATE(state))
FREE_NEXTHOP_STATE(state);
argv_free(sites);
}
static void mysql_parse_config(DICT_MYSQL *dict_mysql, const char *mysqlcf)
{
const char *myname = "mysql_parse_config";
CFG_PARSER *p = dict_mysql->parser;
VSTRING *buf;
char *hosts;
dict_mysql->username = cfg_get_str(p, "user", "", 0, 0);
dict_mysql->password = cfg_get_str(p, "password", "", 0, 0);
dict_mysql->dbname = cfg_get_str(p, "dbname", "", 1, 0);
dict_mysql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
dict_mysql->option_file = cfg_get_str(p, "option_file", NULL, 0, 0);
dict_mysql->option_group = cfg_get_str(p, "option_group", NULL, 0, 0);
#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 40000
dict_mysql->tls_key_file = cfg_get_str(p, "tls_key_file", NULL, 0, 0);
dict_mysql->tls_cert_file = cfg_get_str(p, "tls_cert_file", NULL, 0, 0);
dict_mysql->tls_CAfile = cfg_get_str(p, "tls_CAfile", NULL, 0, 0);
dict_mysql->tls_CApath = cfg_get_str(p, "tls_CApath", NULL, 0, 0);
dict_mysql->tls_ciphers = cfg_get_str(p, "tls_ciphers", NULL, 0, 0);
#if MYSQL_VERSION_ID >= 50023
dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1);
#endif
#endif
/*
* XXX: The default should be non-zero for safety, but that is not
* backwards compatible.
*/
dict_mysql->expansion_limit = cfg_get_int(dict_mysql->parser,
"expansion_limit", 0, 0, 0);
if ((dict_mysql->query = cfg_get_str(p, "query", NULL, 0, 0)) == 0) {
/*
* No query specified -- fallback to building it from components (old
* style "select %s from %s where %s")
*/
buf = vstring_alloc(64);
db_common_sql_build_query(buf, p);
dict_mysql->query = vstring_export(buf);
}
/*
* Must parse all templates before we can use db_common_expand()
*/
dict_mysql->ctx = 0;
(void) db_common_parse(&dict_mysql->dict, &dict_mysql->ctx,
dict_mysql->query, 1);
(void) db_common_parse(0, &dict_mysql->ctx, dict_mysql->result_format, 0);
db_common_parse_domain(p, dict_mysql->ctx);
/*
* Maps that use substring keys should only be used with the full input
* key.
*/
if (db_common_dict_partial(dict_mysql->ctx))
dict_mysql->dict.flags |= DICT_FLAG_PATTERN;
else
dict_mysql->dict.flags |= DICT_FLAG_FIXED;
if (dict_mysql->dict.flags & DICT_FLAG_FOLD_FIX)
dict_mysql->dict.fold_buf = vstring_alloc(10);
hosts = cfg_get_str(p, "hosts", "", 0, 0);
dict_mysql->hosts = argv_split(hosts, " ,\t\r\n");
if (dict_mysql->hosts->argc == 0) {
argv_add(dict_mysql->hosts, "localhost", ARGV_END);
argv_terminate(dict_mysql->hosts);
if (msg_verbose)
msg_info("%s: %s: no hostnames specified, defaulting to '%s'",
myname, mysqlcf, dict_mysql->hosts->argv[0]);
}
myfree(hosts);
}
int main(int argc, char **argv)
{
int ch;
int fd;
struct stat st;
int junk;
ARGV *ext_argv = 0;
int param_class = PC_PARAM_MASK_CLASS;
static const NAME_MASK param_class_table[] = {
"builtin", PC_PARAM_FLAG_BUILTIN,
"service", PC_PARAM_FLAG_SERVICE,
"user", PC_PARAM_FLAG_USER,
"all", PC_PARAM_MASK_CLASS,
0,
};
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
* Be consistent with file permissions.
*/
umask(022);
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
* fstat can return EBADF on an open file descriptor.
*/
for (fd = 0; fd < 3; fd++)
if (fstat(fd, &st) == -1
&& (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
msg_fatal("open /dev/null: %m");
/*
* Set up logging.
*/
msg_vstream_init(argv[0], VSTREAM_ERR);
/*
* Parse JCL.
*/
while ((ch = GETOPT(argc, argv, "aAbc:C:deEf#hlmMntv")) > 0) {
switch (ch) {
case 'a':
cmd_mode |= SHOW_SASL_SERV;
break;
case 'A':
cmd_mode |= SHOW_SASL_CLNT;
break;
case 'b':
if (ext_argv)
msg_fatal("specify one of -b and -t");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "bounce", "-SVnexpand_templates", (char *) 0);
break;
case 'c':
if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
msg_fatal("out of memory");
break;
case 'C':
param_class = name_mask_opt("-C option", param_class_table,
optarg, NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
break;
case 'd':
cmd_mode |= SHOW_DEFS;
break;
case 'e':
cmd_mode |= EDIT_MAIN;
break;
case 'f':
cmd_mode |= FOLD_LINE;
break;
/*
* People, this does not work unless you properly handle default
* settings. For example, fast_flush_domains = $relay_domains
* must not evaluate to the empty string when relay_domains is
* left at its default setting of $mydestination.
*/
#if 0
case 'E':
cmd_mode |= SHOW_EVAL;
break;
#endif
case '#':
cmd_mode = COMMENT_OUT;
break;
case 'h':
cmd_mode &= ~SHOW_NAME;
break;
case 'l':
cmd_mode |= SHOW_LOCKS;
break;
case 'm':
cmd_mode |= SHOW_MAPS;
break;
case 'M':
cmd_mode |= SHOW_MASTER;
break;
case 'n':
cmd_mode |= SHOW_NONDEF;
break;
case 't':
if (ext_argv)
msg_fatal("specify one of -b and -t");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "bounce", "-SVndump_templates", (char *) 0);
break;
case 'v':
msg_verbose++;
break;
default:
msg_fatal("usage: %s [-a (server SASL types)] [-A (client SASL types)] [-b (bounce templates)] [-c config_dir] [-C param_class] [-d (defaults)] [-e (edit)] [-f (fold lines)] [-# (comment-out)] [-h (no names)] [-l (lock types)] [-m (map types)] [-M (master.cf)] [-n (non-defaults)] [-v] [name...]", argv[0]);
}
}
/*
* Sanity check.
*/
junk = (cmd_mode & (SHOW_DEFS | SHOW_NONDEF | SHOW_MAPS | SHOW_LOCKS | EDIT_MAIN | SHOW_SASL_SERV | SHOW_SASL_CLNT | COMMENT_OUT | SHOW_MASTER));
if (junk != 0 && ((junk != SHOW_DEFS && junk != SHOW_NONDEF
&& junk != SHOW_MAPS && junk != SHOW_LOCKS && junk != EDIT_MAIN
&& junk != SHOW_SASL_SERV && junk != SHOW_SASL_CLNT
&& junk != COMMENT_OUT && junk != SHOW_MASTER)
|| ext_argv != 0))
msg_fatal("specify one of -a, -A, -b, -d, -e, -#, -l, -m, -M and -n");
/*
* Display bounce template information and exit.
*/
if (ext_argv) {
if (argv[optind]) {
if (argv[optind + 1])
msg_fatal("options -b and -t require at most one template file");
argv_add(ext_argv, "-o",
concatenate(VAR_BOUNCE_TMPL, "=",
argv[optind], (char *) 0),
(char *) 0);
}
/* Grr... */
argv_add(ext_argv, "-o",
concatenate(VAR_QUEUE_DIR, "=", ".", (char *) 0),
(char *) 0);
mail_conf_read();
mail_run_replace(var_daemon_dir, ext_argv->argv);
/* NOTREACHED */
}
/*
* If showing map types, show them and exit
*/
if (cmd_mode & SHOW_MAPS) {
mail_dict_init();
show_maps();
}
/*
* If showing locking methods, show them and exit
*/
else if (cmd_mode & SHOW_LOCKS) {
show_locks();
}
/*
* If showing master.cf entries, show them and exit
*/
else if (cmd_mode & SHOW_MASTER) {
read_master(FAIL_ON_OPEN_ERROR);
show_master(cmd_mode, argv + optind);
}
/*
* If showing SASL plug-in types, show them and exit
*/
else if (cmd_mode & SHOW_SASL_SERV) {
show_sasl(SHOW_SASL_SERV);
} else if (cmd_mode & SHOW_SASL_CLNT) {
show_sasl(SHOW_SASL_CLNT);
}
/*
* Edit main.cf.
*/
else if (cmd_mode & (EDIT_MAIN | COMMENT_OUT)) {
edit_parameters(cmd_mode, argc - optind, argv + optind);
} else if (cmd_mode == DEF_MODE
&& argv[optind] && strchr(argv[optind], '=')) {
edit_parameters(cmd_mode | EDIT_MAIN, argc - optind, argv + optind);
}
/*
* If showing non-default values, read main.cf.
*/
else {
if ((cmd_mode & SHOW_DEFS) == 0) {
read_parameters();
set_parameters();
}
register_builtin_parameters();
/*
* Add service-dependent parameters (service names from master.cf)
* and user-defined parameters ($name macros in parameter values in
* main.cf and master.cf, but only if those names have a name=value
* in main.cf or master.cf).
*/
read_master(WARN_ON_OPEN_ERROR);
register_service_parameters();
if ((cmd_mode & SHOW_DEFS) == 0)
register_user_parameters();
/*
* Show the requested values.
*/
show_parameters(cmd_mode, param_class, argv + optind);
/*
* Flag unused parameters. This makes no sense with "postconf -d",
* because that ignores all the user-specified parameters and
* user-specified macro expansions in main.cf.
*/
if ((cmd_mode & SHOW_DEFS) == 0) {
flag_unused_main_parameters();
flag_unused_master_parameters();
}
}
vstream_fflush(VSTREAM_OUT);
exit(0);
}
int main(int argc, char **argv)
{
static char *full_name = 0; /* sendmail -F */
struct stat st;
char *slash;
char *sender = 0; /* sendmail -f */
int c;
int fd;
int mode;
ARGV *ext_argv;
int debug_me = 0;
int err;
int n;
int flags = SM_FLAG_DEFAULT;
char *site_to_flush = 0;
char *id_to_flush = 0;
char *encoding = 0;
char *qtime = 0;
const char *errstr;
uid_t uid;
const char *rewrite_context = MAIL_ATTR_RWR_LOCAL;
int dsn_notify = 0;
int dsn_ret = 0;
const char *dsn_envid = 0;
int saved_optind;
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
* Be consistent with file permissions.
*/
umask(022);
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
* fstat can return EBADF on an open file descriptor.
*/
for (fd = 0; fd < 3; fd++)
if (fstat(fd, &st) == -1
&& (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
msg_fatal_status(EX_OSERR, "open /dev/null: %m");
/*
* The CDE desktop calendar manager leaks a parent file descriptor into
* the child process. For the sake of sendmail compatibility we have to
* close the file descriptor otherwise mail notification will hang.
*/
for ( /* void */ ; fd < 100; fd++)
(void) close(fd);
/*
* Process environment options as early as we can. We might be called
* from a set-uid (set-gid) program, so be careful with importing
* environment variables.
*/
if (safe_getenv(CONF_ENV_VERB))
msg_verbose = 1;
if (safe_getenv(CONF_ENV_DEBUG))
debug_me = 1;
/*
* Initialize. Set up logging, read the global configuration file and
* extract configuration information. Set up signal handlers so that we
* can clean up incomplete output.
*/
if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
argv[0] = slash + 1;
msg_vstream_init(argv[0], VSTREAM_ERR);
msg_cleanup(tempfail);
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0]));
/*
* Check the Postfix library version as soon as we enable logging.
*/
MAIL_VERSION_CHECK;
/*
* Some sites mistakenly install Postfix sendmail as set-uid root. Drop
* set-uid privileges only when root, otherwise some systems will not
* reset the saved set-userid, which would be a security vulnerability.
*/
if (geteuid() == 0 && getuid() != 0) {
msg_warn("the Postfix sendmail command has set-uid root file permissions");
msg_warn("or the command is run from a set-uid root process");
msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions");
set_ugid(getuid(), getgid());
}
/*
* Further initialization. Load main.cf first, so that command-line
* options can override main.cf settings. Pre-scan the argument list so
* that we load the right main.cf file.
*/
#define GETOPT_LIST "A:B:C:F:GIL:N:O:R:UV:X:b:ce:f:h:imno:p:r:q:tvx"
saved_optind = optind;
while (argv[OPTIND] != 0) {
if (strcmp(argv[OPTIND], "-q") == 0) { /* not getopt compatible */
optind++;
continue;
}
if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
break;
if (c == 'C') {
VSTRING *buf = vstring_alloc(1);
if (setenv(CONF_ENV_PATH,
strcmp(sane_basename(buf, optarg), MAIN_CONF_FILE) == 0 ?
sane_dirname(buf, optarg) : optarg, 1) < 0)
msg_fatal_status(EX_UNAVAILABLE, "out of memory");
vstring_free(buf);
}
}
optind = saved_optind;
mail_conf_read();
/* Re-evaluate mail_task() after reading main.cf. */
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
get_mail_conf_str_table(str_table);
if (chdir(var_queue_dir))
msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
signal(SIGPIPE, SIG_IGN);
/*
* Optionally start the debugger on ourself. This must be done after
* reading the global configuration file, because that file specifies
* what debugger command to execute.
*/
if (debug_me)
debug_process();
/*
* The default mode of operation is determined by the process name. It
* can, however, be changed via command-line options (for example,
* "newaliases -bp" will show the mail queue).
*/
if (strcmp(argv[0], "mailq") == 0) {
mode = SM_MODE_MAILQ;
} else if (strcmp(argv[0], "newaliases") == 0) {
mode = SM_MODE_NEWALIAS;
} else if (strcmp(argv[0], "smtpd") == 0) {
mode = SM_MODE_DAEMON;
} else {
mode = SM_MODE_ENQUEUE;
}
/*
* Parse JCL. Sendmail has been around for a long time, and has acquired
* a large number of options in the course of time. Some options such as
* -q are not parsable with GETOPT() and get special treatment.
*/
#define OPTIND (optind > 0 ? optind : 1)
while (argv[OPTIND] != 0) {
if (strcmp(argv[OPTIND], "-q") == 0) {
if (mode == SM_MODE_DAEMON)
msg_warn("ignoring -q option in daemon mode");
else
mode = SM_MODE_FLUSHQ;
optind++;
continue;
}
if (strcmp(argv[OPTIND], "-V") == 0
&& argv[OPTIND + 1] != 0 && strlen(argv[OPTIND + 1]) == 2) {
msg_warn("option -V is deprecated with Postfix 2.3; "
"specify -XV instead");
argv[OPTIND] = "-XV";
}
if (strncmp(argv[OPTIND], "-V", 2) == 0 && strlen(argv[OPTIND]) == 4) {
msg_warn("option %s is deprecated with Postfix 2.3; "
"specify -X%s instead",
argv[OPTIND], argv[OPTIND] + 1);
argv[OPTIND] = concatenate("-X", argv[OPTIND] + 1, (char *) 0);
}
if (strcmp(argv[OPTIND], "-XV") == 0) {
verp_delims = var_verp_delims;
optind++;
continue;
}
if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
break;
switch (c) {
default:
if (msg_verbose)
msg_info("-%c option ignored", c);
break;
case 'n':
msg_fatal_status(EX_USAGE, "-%c option not supported", c);
case 'B':
if (strcmp(optarg, "8BITMIME") == 0)/* RFC 1652 */
encoding = MAIL_ATTR_ENC_8BIT;
else if (strcmp(optarg, "7BIT") == 0) /* RFC 1652 */
encoding = MAIL_ATTR_ENC_7BIT;
else
msg_fatal_status(EX_USAGE, "-B option needs 8BITMIME or 7BIT");
break;
case 'F': /* full name */
full_name = optarg;
break;
case 'G': /* gateway submission */
rewrite_context = MAIL_ATTR_RWR_REMOTE;
break;
case 'I': /* newaliases */
mode = SM_MODE_NEWALIAS;
break;
case 'N':
if ((dsn_notify = dsn_notify_mask(optarg)) == 0)
msg_warn("bad -N option value -- ignored");
break;
case 'R':
if ((dsn_ret = dsn_ret_code(optarg)) == 0)
msg_warn("bad -R option value -- ignored");
break;
case 'V': /* DSN, was: VERP */
if (strlen(optarg) > 100)
msg_warn("too long -V option value -- ignored");
else if (!allprint(optarg))
msg_warn("bad syntax in -V option value -- ignored");
else
dsn_envid = optarg;
break;
case 'X':
switch (*optarg) {
default:
msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
case 'V': /* VERP */
if (verp_delims_verify(optarg + 1) != 0)
msg_fatal_status(EX_USAGE, "-V requires two characters from %s",
var_verp_filter);
verp_delims = optarg + 1;
break;
}
break;
case 'b':
switch (*optarg) {
default:
msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
case 'd': /* daemon mode */
case 'l': /* daemon mode */
if (mode == SM_MODE_FLUSHQ)
msg_warn("ignoring -q option in daemon mode");
mode = SM_MODE_DAEMON;
break;
case 'h': /* print host status */
case 'H': /* flush host status */
mode = SM_MODE_IGNORE;
break;
case 'i': /* newaliases */
mode = SM_MODE_NEWALIAS;
break;
case 'm': /* deliver mail */
mode = SM_MODE_ENQUEUE;
break;
case 'p': /* mailq */
mode = SM_MODE_MAILQ;
break;
case 's': /* stand-alone mode */
mode = SM_MODE_USER;
break;
case 'v': /* expand recipients */
flags |= DEL_REQ_FLAG_USR_VRFY;
break;
}
break;
case 'f':
sender = optarg;
break;
case 'i':
flags &= ~SM_FLAG_AEOF;
break;
case 'o':
switch (*optarg) {
default:
if (msg_verbose)
msg_info("-%c%c option ignored", c, *optarg);
break;
case 'A':
if (optarg[1] == 0)
msg_fatal_status(EX_USAGE, "-oA requires pathname");
myfree(var_alias_db_map);
var_alias_db_map = mystrdup(optarg + 1);
set_mail_conf_str(VAR_ALIAS_DB_MAP, var_alias_db_map);
break;
case '7':
case '8':
break;
case 'i':
flags &= ~SM_FLAG_AEOF;
break;
case 'm':
break;
}
break;
case 'r': /* obsoleted by -f */
sender = optarg;
break;
case 'q':
if (ISDIGIT(optarg[0])) {
qtime = optarg;
} else if (optarg[0] == 'R') {
site_to_flush = optarg + 1;
if (*site_to_flush == 0)
msg_fatal_status(EX_USAGE, "specify: -qRsitename");
} else if (optarg[0] == 'I') {
id_to_flush = optarg + 1;
if (*id_to_flush == 0)
msg_fatal_status(EX_USAGE, "specify: -qIqueueid");
} else {
msg_fatal_status(EX_USAGE, "-q%c is not implemented",
optarg[0]);
}
break;
case 't':
flags |= SM_FLAG_XRCPT;
break;
case 'v':
msg_verbose++;
break;
case '?':
msg_fatal_status(EX_USAGE, "usage: %s [options]", argv[0]);
}
}
/*
* Look for conflicting options and arguments.
*/
if ((flags & SM_FLAG_XRCPT) && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-t can be used only in delivery mode");
if (site_to_flush && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-qR can be used only in delivery mode");
if (id_to_flush && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-qI can be used only in delivery mode");
if (flags & DEL_REQ_FLAG_USR_VRFY) {
if (flags & SM_FLAG_XRCPT)
msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv");
if (dsn_notify)
msg_fatal_status(EX_USAGE, "-N option cannot be used with -bv");
if (dsn_ret)
msg_fatal_status(EX_USAGE, "-R option cannot be used with -bv");
if (msg_verbose == 1)
msg_fatal_status(EX_USAGE, "-v option cannot be used with -bv");
}
/*
* The -v option plays double duty. One requests verbose delivery, more
* than one requests verbose logging.
*/
if (msg_verbose == 1 && mode == SM_MODE_ENQUEUE) {
msg_verbose = 0;
flags |= DEL_REQ_FLAG_RECORD;
}
/*
* Start processing. Everything is delegated to external commands.
*/
if (qtime && mode != SM_MODE_DAEMON)
exit(0);
switch (mode) {
default:
msg_panic("unknown operation mode: %d", mode);
/* NOTREACHED */
case SM_MODE_ENQUEUE:
if (site_to_flush) {
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "flush site requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-s", site_to_flush, (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
} else if (id_to_flush) {
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "flush queue_id requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-i", id_to_flush, (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
} else {
enqueue(flags, encoding, dsn_envid, dsn_ret, dsn_notify,
rewrite_context, sender, full_name, argv + OPTIND);
exit(0);
/* NOTREACHED */
}
break;
case SM_MODE_MAILQ:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"display queue mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-p", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_FLUSHQ:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"flush queue mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-f", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_DAEMON:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "daemon mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postfix", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_add(ext_argv, "start", (char *) 0);
argv_terminate(ext_argv);
err = (mail_run_background(var_command_dir, ext_argv->argv) < 0);
argv_free(ext_argv);
exit(err);
break;
case SM_MODE_NEWALIAS:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"alias initialization mode requires no recipient");
if (*var_alias_db_map == 0)
return (0);
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postalias", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_split_append(ext_argv, var_alias_db_map, CHARS_COMMA_SP);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_USER:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"stand-alone mode requires no recipient");
/* The actual enforcement happens in the postdrop command. */
if ((errstr = check_user_acl_byuid(VAR_SUBMIT_ACL, var_submit_acl,
uid = getuid())) != 0)
msg_fatal_status(EX_NOPERM,
"User %s(%ld) is not allowed to submit mail",
errstr, (long) uid);
ext_argv = argv_alloc(2);
argv_add(ext_argv, "smtpd", "-S", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_daemon_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_IGNORE:
exit(0);
/* NOTREACHED */
}
}
static void output_header(void *context, int header_class,
const HEADER_OPTS *header_info,
VSTRING *buf, off_t offset)
{
SM_STATE *state = (SM_STATE *) context;
TOK822 *tree;
TOK822 **addr_list;
TOK822 **tpp;
ARGV *rcpt;
char *start;
char *line;
char *next_line;
ssize_t len;
/*
* Parse the header line, and save copies of recipient addresses in the
* appropriate place.
*/
if (header_class == MIME_HDR_PRIMARY
&& header_info
&& (header_info->flags & HDR_OPT_RECIP)
&& (header_info->flags & HDR_OPT_EXTRACT)
&& (state->resent == 0 || (header_info->flags & HDR_OPT_RR))) {
if (header_info->flags & HDR_OPT_RR) {
rcpt = state->resent_recip;
if (state->resent == 0)
state->resent = 1;
} else
rcpt = state->recipients;
tree = tok822_parse(STR(buf) + strlen(header_info->name) + 1);
addr_list = tok822_grep(tree, TOK822_ADDR);
for (tpp = addr_list; *tpp; tpp++) {
tok822_internalize(state->temp, tpp[0]->head, TOK822_STR_DEFL);
argv_add(rcpt, STR(state->temp), (char *) 0);
}
myfree((void *) addr_list);
tok822_free_tree(tree);
}
/*
* Pipe the unmodified message header through the header line folding
* routine, and ensure that long lines are chopped appropriately.
*/
for (line = start = STR(buf); line; line = next_line) {
next_line = split_at(line, '\n');
len = next_line ? next_line - line - 1 : strlen(line);
do {
if (len > var_line_limit) {
output_text(context, REC_TYPE_CONT, line, var_line_limit, offset);
line += var_line_limit;
len -= var_line_limit;
offset += var_line_limit;
} else {
output_text(context, REC_TYPE_NORM, line, len, offset);
offset += len;
break;
}
} while (len > 0);
offset += 1;
}
}
int main(int argc, char **argv)
{
int ch;
int fd;
struct stat st;
ARGV *ext_argv = 0;
int param_class = PCF_PARAM_MASK_CLASS;
static const NAME_MASK param_class_table[] = {
"builtin", PCF_PARAM_FLAG_BUILTIN,
"service", PCF_PARAM_FLAG_SERVICE,
"user", PCF_PARAM_FLAG_USER,
"all", PCF_PARAM_MASK_CLASS,
0,
};
ARGV *override_params = 0;
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
* Be consistent with file permissions.
*/
umask(022);
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
* fstat can return EBADF on an open file descriptor.
*/
for (fd = 0; fd < 3; fd++)
if (fstat(fd, &st) == -1
&& (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
msg_fatal("open /dev/null: %m");
/*
* Set up logging.
*/
msg_vstream_init(argv[0], VSTREAM_ERR);
/*
* Parse JCL.
*/
while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhlmMno:pPtvxX#")) > 0) {
switch (ch) {
case 'a':
pcf_cmd_mode |= PCF_SHOW_SASL_SERV;
break;
case 'A':
pcf_cmd_mode |= PCF_SHOW_SASL_CLNT;
break;
case 'b':
pcf_cmd_mode |= PCF_EXP_DSN_TEMPL;
if (ext_argv)
msg_fatal("specify one of -b and -t");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "bounce", "-SVnexpand_templates", (char *) 0);
break;
case 'c':
if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
msg_fatal("out of memory");
break;
case 'C':
param_class = name_mask_opt("-C option", param_class_table,
optarg, NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
break;
case 'd':
pcf_cmd_mode |= PCF_SHOW_DEFS;
break;
case 'e':
pcf_cmd_mode |= PCF_EDIT_CONF;
break;
case 'f':
pcf_cmd_mode |= PCF_FOLD_LINE;
break;
case 'F':
pcf_cmd_mode |= PCF_MASTER_FLD;
break;
case '#':
pcf_cmd_mode |= PCF_COMMENT_OUT;
break;
case 'h':
pcf_cmd_mode |= PCF_HIDE_NAME;
break;
case 'l':
pcf_cmd_mode |= PCF_SHOW_LOCKS;
break;
case 'm':
pcf_cmd_mode |= PCF_SHOW_MAPS;
break;
case 'M':
pcf_cmd_mode |= PCF_MASTER_ENTRY;
break;
case 'n':
pcf_cmd_mode |= PCF_SHOW_NONDEF;
break;
case 'o':
pcf_cmd_mode |= PCF_MAIN_OVER;
if (override_params == 0)
override_params = argv_alloc(2);
argv_add(override_params, optarg, (char *) 0);
break;
case 'p':
pcf_cmd_mode |= PCF_MAIN_PARAM;
break;
case 'P':
pcf_cmd_mode |= PCF_MASTER_PARAM;
break;
case 't':
pcf_cmd_mode |= PCF_DUMP_DSN_TEMPL;
if (ext_argv)
msg_fatal("specify one of -b and -t");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "bounce", "-SVndump_templates", (char *) 0);
break;
case 'x':
pcf_cmd_mode |= PCF_SHOW_EVAL;
break;
case 'X':
/* This is irreversible, therefore require two-finger action. */
pcf_cmd_mode |= PCF_EDIT_EXCL;
break;
case 'v':
msg_verbose++;
break;
default:
usage(argv[0]);
}
}
/*
* Make all options explicit, before checking their compatibility.
*/
#define PCF_MAIN_OR_MASTER \
(PCF_MAIN_PARAM | PCF_MASTER_ENTRY | PCF_MASTER_FLD | PCF_MASTER_PARAM)
if ((pcf_cmd_mode & pcf_incompat_options[0]) == 0)
pcf_cmd_mode |= PCF_MAIN_PARAM;
if ((pcf_cmd_mode & PCF_MAIN_OR_MASTER)
&& argv[optind] && strchr(argv[optind], '='))
pcf_cmd_mode |= PCF_EDIT_CONF;
/*
* Sanity check.
*/
pcf_check_exclusive_options(pcf_cmd_mode);
pcf_check_compat_options(pcf_cmd_mode);
if ((pcf_cmd_mode & PCF_EDIT_CONF) && argc == optind)
msg_fatal("-e requires name=value argument");
/*
* Display bounce template information and exit.
*/
if (ext_argv) {
if (argv[optind]) {
if (argv[optind + 1])
msg_fatal("options -b and -t require at most one template file");
argv_add(ext_argv, "-o",
concatenate(VAR_BOUNCE_TMPL, "=",
argv[optind], (char *) 0),
(char *) 0);
}
/* Grr... */
argv_add(ext_argv, "-o",
concatenate(VAR_QUEUE_DIR, "=", ".", (char *) 0),
(char *) 0);
mail_conf_read();
mail_run_replace(var_daemon_dir, ext_argv->argv);
/* NOTREACHED */
}
/*
* If showing map types, show them and exit
*/
if (pcf_cmd_mode & PCF_SHOW_MAPS) {
mail_dict_init();
pcf_show_maps();
}
/*
* If showing locking methods, show them and exit
*/
else if (pcf_cmd_mode & PCF_SHOW_LOCKS) {
pcf_show_locks();
}
/*
* If showing master.cf entries, show them and exit
*/
else if ((pcf_cmd_mode & (PCF_MASTER_ENTRY | PCF_MASTER_FLD | PCF_MASTER_PARAM))
&& !(pcf_cmd_mode & (PCF_EDIT_CONF | PCF_EDIT_EXCL | PCF_COMMENT_OUT))) {
pcf_read_master(PCF_FAIL_ON_OPEN_ERROR);
pcf_read_parameters();
if (override_params)
pcf_set_parameters(override_params->argv);
pcf_register_builtin_parameters(basename(argv[0]), getpid());
pcf_register_service_parameters();
pcf_register_user_parameters();
if (pcf_cmd_mode & PCF_MASTER_FLD)
pcf_show_master_fields(VSTREAM_OUT, pcf_cmd_mode, argc - optind,
argv + optind);
else if (pcf_cmd_mode & PCF_MASTER_PARAM)
pcf_show_master_params(VSTREAM_OUT, pcf_cmd_mode, argc - optind,
argv + optind);
else
pcf_show_master_entries(VSTREAM_OUT, pcf_cmd_mode, argc - optind,
argv + optind);
}
/*
* If showing SASL plug-in types, show them and exit
*/
else if (pcf_cmd_mode & PCF_SHOW_SASL_SERV) {
pcf_show_sasl(PCF_SHOW_SASL_SERV);
} else if (pcf_cmd_mode & PCF_SHOW_SASL_CLNT) {
pcf_show_sasl(PCF_SHOW_SASL_CLNT);
}
/*
* Edit main.cf or master.cf.
*/
else if (pcf_cmd_mode & (PCF_EDIT_CONF | PCF_COMMENT_OUT | PCF_EDIT_EXCL)) {
if (optind == argc)
msg_fatal("missing service argument");
if (pcf_cmd_mode & (PCF_MASTER_ENTRY | PCF_MASTER_FLD | PCF_MASTER_PARAM)) {
pcf_edit_master(pcf_cmd_mode, argc - optind, argv + optind);
} else {
pcf_edit_main(pcf_cmd_mode, argc - optind, argv + optind);
}
}
/*
* If showing non-default values, read main.cf.
*/
else {
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0) {
pcf_read_parameters();
if (override_params)
pcf_set_parameters(override_params->argv);
}
pcf_register_builtin_parameters(basename(argv[0]), getpid());
/*
* Add service-dependent parameters (service names from master.cf)
* and user-defined parameters ($name macros in parameter values in
* main.cf and master.cf, but only if those names have a name=value
* in main.cf or master.cf).
*/
pcf_read_master(PCF_WARN_ON_OPEN_ERROR);
pcf_register_service_parameters();
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0)
pcf_register_user_parameters();
/*
* Show the requested values.
*/
pcf_show_parameters(VSTREAM_OUT, pcf_cmd_mode, param_class,
argv + optind);
/*
* Flag unused parameters. This makes no sense with "postconf -d",
* because that ignores all the user-specified parameters and
* user-specified macro expansions in main.cf.
*/
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0) {
pcf_flag_unused_main_parameters();
pcf_flag_unused_master_parameters();
}
}
vstream_fflush(VSTREAM_OUT);
exit(0);
}
static ARGV *match_list_parse(ARGV *list, char *string, int init_match)
{
const char *myname = "match_list_parse";
VSTRING *buf = vstring_alloc(10);
VSTREAM *fp;
const char *delim = " ,\t\r\n";
char *bp = string;
char *start;
char *item;
char *map_type_name_flags;
int match;
#define OPEN_FLAGS O_RDONLY
#define DICT_FLAGS (DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX)
#define STR(x) vstring_str(x)
/*
* /filename contents are expanded in-line. To support !/filename we
* prepend the negation operator to each item from the file.
*/
while ((start = mystrtokq(&bp, delim, "{}")) != 0) {
if (*start == '#') {
msg_warn("%s: comment at end of line is not supported: %s %s",
myname, start, bp);
break;
}
for (match = init_match, item = start; *item == '!'; item++)
match = !match;
if (*item == 0)
msg_fatal("%s: no pattern after '!'", myname);
if (*item == '/') { /* /file/name */
if ((fp = vstream_fopen(item, O_RDONLY, 0)) == 0) {
vstring_sprintf(buf, "%s:%s", DICT_TYPE_NOFILE, item);
/* XXX Should increment existing map refcount. */
if (dict_handle(STR(buf)) == 0)
dict_register(STR(buf),
dict_surrogate(DICT_TYPE_NOFILE, item,
OPEN_FLAGS, DICT_FLAGS,
"open file %s: %m", item));
argv_add(list, STR(buf), (char *) 0);
} else {
while (vstring_fgets(buf, fp))
if (vstring_str(buf)[0] != '#')
list = match_list_parse(list, vstring_str(buf), match);
if (vstream_fclose(fp))
msg_fatal("%s: read file %s: %m", myname, item);
}
} else if (MATCH_DICTIONARY(item)) { /* type:table */
vstring_sprintf(buf, "%s%s(%o,%s)", match ? "" : "!",
item, OPEN_FLAGS, dict_flags_str(DICT_FLAGS));
map_type_name_flags = STR(buf) + (match == 0);
/* XXX Should increment existing map refcount. */
if (dict_handle(map_type_name_flags) == 0)
dict_register(map_type_name_flags,
dict_open(item, OPEN_FLAGS, DICT_FLAGS));
argv_add(list, STR(buf), (char *) 0);
} else { /* other pattern */
argv_add(list, match ? item :
STR(vstring_sprintf(buf, "!%s", item)), (char *) 0);
}
}
vstring_free(buf);
return (list);
}
static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
{
TLS_DANE *dane;
if (!iter->port) {
msg_warn("%s: the \"dane\" security level is invalid for delivery via"
" unix-domain sockets", STR(iter->dest));
MARK_INVALID(tls->why, &tls->level);
return;
}
if (!tls_dane_avail()) {
dane_incompat(tls, iter, NONDANE_CONFIG,
"%s: %s configured, but no requisite library support",
STR(iter->dest), policy_name(tls->level));
return;
}
if (!(smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS)
|| smtp_dns_support != SMTP_DNS_DNSSEC) {
dane_incompat(tls, iter, NONDANE_CONFIG,
"%s: %s configured with dnssec lookups disabled",
STR(iter->dest), policy_name(tls->level));
return;
}
/*
* If we ignore MX lookup errors, we also ignore DNSSEC security problems
* and thus avoid any reasonable expectation that we get the right DANE
* key material.
*/
if (smtp_mode && var_ign_mx_lookup_err) {
dane_incompat(tls, iter, NONDANE_CONFIG,
"%s: %s configured with MX lookup errors ignored",
STR(iter->dest), policy_name(tls->level));
return;
}
/*
* This is not optional, code in tls_dane.c assumes that the nexthop
* qname is already an fqdn. If we're using these flags to go from qname
* to rname, the assumption is invalid. Likewise we cannot add the qname
* to certificate name checks, ...
*/
if (smtp_dns_res_opt & (RES_DEFNAMES | RES_DNSRCH)) {
dane_incompat(tls, iter, NONDANE_CONFIG,
"%s: dns resolver options incompatible with %s TLS",
STR(iter->dest), policy_name(tls->level));
return;
}
/* When the MX name is present and insecure, DANE does not apply. */
if (iter->mx && !iter->mx->dnssec_valid) {
dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination");
return;
}
/* When TLSA lookups fail, we defer the message */
if ((dane = tls_dane_resolve(iter->port, "tcp", iter->rr,
var_smtp_tls_force_tlsa)) == 0) {
tls->level = TLS_LEV_INVALID;
dsb_simple(tls->why, "4.7.5", "TLSA lookup error for %s:%u",
STR(iter->host), ntohs(iter->port));
return;
}
if (tls_dane_notfound(dane)) {
dane_incompat(tls, iter, NONDANE_DEST, "no TLSA records found");
tls_dane_free(dane);
return;
}
/*
* Some TLSA records found, but none usable, per
*
* https://tools.ietf.org/html/draft-ietf-dane-srv-02#section-4
*
* we MUST use TLS, and SHALL use full PKIX certificate checks. The latter
* would be unwise for SMTP: no human present to "click ok" and risk of
* non-delivery in most cases exceeds risk of interception.
*
* We also have a form of Goedel's incompleteness theorem in play: any list
* of public root CA certs is either incomplete or inconsistent (for any
* given verifier some of the CAs are surely not trustworthy).
*/
if (tls_dane_unusable(dane)) {
dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable");
tls_dane_free(dane);
return;
}
/*
* With DANE trust anchors, peername matching is not configurable.
*/
if (TLS_DANE_HASTA(dane)) {
tls->matchargv = argv_alloc(2);
argv_add(tls->matchargv, dane->base_domain, ARGV_END);
if (iter->mx) {
if (strcmp(iter->mx->qname, iter->mx->rname) == 0)
argv_add(tls->matchargv, iter->mx->qname, ARGV_END);
else
argv_add(tls->matchargv, iter->mx->rname,
iter->mx->qname, ARGV_END);
}
} else if (!TLS_DANE_HASEE(dane))
msg_panic("empty DANE match list");
tls->dane = dane;
tls->level = TLS_LEV_DANE;
return;
}
static ARGV *expand_argv(const char *service, char **argv,
RECIPIENT_LIST *rcpt_list, int flags)
{
VSTRING *buf = vstring_alloc(100);
ARGV *result;
char **cpp;
PIPE_STATE state;
int i;
char *ext;
char *dom;
/*
* This appears to be simple operation (replace $name by its expansion).
* However, it becomes complex because a command-line argument that
* references $recipient must expand to as many command-line arguments as
* there are recipients (that's wat programs called by sendmail expect).
* So we parse each command-line argument, and depending on what we find,
* we either expand the argument just once, or we expand it once for each
* recipient. In either case we end up parsing the command-line argument
* twice. The amount of CPU time wasted will be negligible.
*
* Note: we can't use recursive macro expansion here, because recursion
* would screw up mail addresses that contain $ characters.
*/
#define NO 0
#define EARLY_RETURN(x) { argv_free(result); vstring_free(buf); return (x); }
result = argv_alloc(1);
for (cpp = argv; *cpp; cpp++) {
state.service = service;
state.expand_flag = 0;
if (mac_parse(*cpp, parse_callback, (char *) &state) & MAC_PARSE_ERROR)
EARLY_RETURN(0);
if (state.expand_flag == 0) { /* no $recipient etc. */
argv_add(result, dict_eval(PIPE_DICT_TABLE, *cpp, NO), ARGV_END);
} else { /* contains $recipient etc. */
for (i = 0; i < rcpt_list->len; i++) {
/*
* This argument contains $recipient.
*/
if (state.expand_flag & PIPE_FLAG_RCPT) {
morph_recipient(buf, rcpt_list->info[i].address, flags);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_RCPT, STR(buf));
}
/*
* This argument contains $original_recipient.
*/
if (state.expand_flag & PIPE_FLAG_ORIG_RCPT) {
morph_recipient(buf, rcpt_list->info[i].orig_addr, flags);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_ORIG_RCPT, STR(buf));
}
/*
* This argument contains $user. Extract the plain user name.
* Either anything to the left of the extension delimiter or,
* in absence of the latter, anything to the left of the
* rightmost @.
*
* Beware: if the user name is blank (e.g. +user@host), the
* argument is suppressed. This is necessary to allow for
* cyrus bulletin-board (global mailbox) delivery. XXX But,
* skipping empty user parts will also prevent other
* expansions of this specific command-line argument.
*/
if (state.expand_flag & PIPE_FLAG_USER) {
morph_recipient(buf, rcpt_list->info[i].address,
flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
if (*var_rcpt_delim)
split_addr(STR(buf), var_rcpt_delim);
if (*STR(buf) == 0)
continue;
dict_update(PIPE_DICT_TABLE, PIPE_DICT_USER, STR(buf));
}
/*
* This argument contains $extension. Extract the recipient
* extension: anything between the leftmost extension
* delimiter and the rightmost @. The extension may be blank.
*/
if (state.expand_flag & PIPE_FLAG_EXTENSION) {
morph_recipient(buf, rcpt_list->info[i].address,
flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
if (*var_rcpt_delim == 0
|| (ext = split_addr(STR(buf), var_rcpt_delim)) == 0)
ext = ""; /* insert null arg */
dict_update(PIPE_DICT_TABLE, PIPE_DICT_EXTENSION, ext);
}
/*
* This argument contains $mailbox. Extract the mailbox name:
* anything to the left of the rightmost @.
*/
if (state.expand_flag & PIPE_FLAG_MAILBOX) {
morph_recipient(buf, rcpt_list->info[i].address,
flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_MAILBOX, STR(buf));
}
/*
* This argument contains $domain. Extract the domain name:
* anything to the right of the rightmost @.
*/
if (state.expand_flag & PIPE_FLAG_DOMAIN) {
morph_recipient(buf, rcpt_list->info[i].address,
flags & PIPE_OPT_FOLD_ALL);
dom = split_at_right(STR(buf), '@');
if (dom == 0) {
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
dom = ""; /* insert null arg */
}
dict_update(PIPE_DICT_TABLE, PIPE_DICT_DOMAIN, dom);
}
/*
* Done.
*/
argv_add(result, dict_eval(PIPE_DICT_TABLE, *cpp, NO), ARGV_END);
}
}
}
argv_terminate(result);
vstring_free(buf);
return (result);
}
