int delivery_unsafe (char *path,struct stat *sbuf,char *tmp) { u_short type; sprintf (tmp,"Verifying safe delivery to %.80s",path); mm_dlog (tmp); /* prepare message just in case */ sprintf (tmp,"delivery to %.80s unsafe: ",path); /* unsafe if can't get its status */ if (lstat (path,sbuf)) strcat (tmp,strerror (errno)); /* check file type */ else switch (sbuf->st_mode & S_IFMT) { case S_IFDIR: /* directory is always OK */ return NIL; case S_IFREG: /* file is unsafe if setuid */ if (sbuf->st_mode & S_ISUID) strcat (tmp,"setuid file"); /* or setgid */ else if (sbuf->st_mode & S_ISGID) strcat (tmp,"setgid file"); else return NIL; /* otherwise safe */ break; case S_IFCHR: strcat (tmp,"character special"); break; case S_IFBLK: strcat (tmp,"block special"); break; case S_IFLNK: strcat (tmp,"symbolic link"); break; case S_IFSOCK: strcat (tmp,"socket"); break; default: sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type); } return fail (tmp,EX_CANTCREAT); }
int deliver_safely (MAILSTREAM *prt,STRING *st,char *mailbox,char *path, char *tmp) { struct stat sbuf; char *flags = NIL; int i = delivery_unsafe (path,&sbuf,tmp); if (i) return i; /* give up now if delivery unsafe */ /* directory, not file */ if ((sbuf.st_mode & S_IFMT) == S_IFDIR) { if (sbuf.st_mode & 0001) { /* listable directories may be worrisome */ sprintf (tmp,"WARNING: directory %.80s is listable",path); mm_log (tmp,WARN); } } else { /* file, not directory */ if (sbuf.st_nlink != 1) { /* multiple links may be worrisome */ sprintf (tmp,"WARNING: multiple links to file %.80s",path); mm_log (tmp,WARN); } if (sbuf.st_mode & 0111) { /* executable files may be worrisome */ sprintf (tmp,"WARNING: file %.80s is executable",path); mm_log (tmp,WARN); } } if (sbuf.st_mode & 0002) { /* public-write files may be worrisome */ sprintf (tmp,"WARNING: file %.80s is publicly-writable",path); mm_log (tmp,WARN); } if (sbuf.st_mode & 0004) { /* public-write files may be worrisome */ sprintf (tmp,"WARNING: file %.80s is publicly-readable",path); mm_log (tmp,WARN); } /* check site-written quota procedure */ if (!dmail_quota (st,path,tmp,sender,precedence)) return fail (tmp,EX_CANTCREAT); /* so far, so good */ sprintf (tmp,"%s appending to %.80s (%s %.80s)", prt ? prt->dtb->name : "default",mailbox, ((sbuf.st_mode & S_IFMT) == S_IFDIR) ? "directory" : "file",path); mm_dlog (tmp); if (keywords) { /* any keywords requested? */ if (flagseen) sprintf (flags = tmp,"\\Seen %.1000s",keywords); else flags = keywords; } else if (flagseen) flags = "\\Seen"; /* do the append now! */ if (!mail_append_full (prt,mailbox,flags,NIL,st)) { sprintf (tmp,"message delivery failed to %.80s",path); return fail (tmp,EX_CANTCREAT); } /* note success */ sprintf (tmp,"delivered to %.80s",path); mm_log (tmp,NIL); /* make sure nothing evil this way comes */ return delivery_unsafe (path,&sbuf,tmp); }
long smtp_reply (SENDSTREAM *stream) { smtpverbose_t pv = (smtpverbose_t) mail_parameters (NIL,GET_SMTPVERBOSE,NIL); long reply; /* flush old reply */ if (stream->reply) fs_give ((void **) &stream->reply); /* get reply */ if (stream->netstream && (stream->reply = net_getline (stream->netstream))) { if (stream->debug) mm_dlog (stream->reply); /* return response code */ reply = atol (stream->reply); if (pv && (reply < 100)) (*pv) (stream->reply); } else reply = smtp_fake (stream,"SMTP connection broken (reply)"); return reply; }
void mm_log (char *string,long errflg) { if (trycreate)mm_dlog(string);/* debug logging only if trycreate in effect */ else { /* ordinary logging */ fprintf (stderr,"%s\n",string); switch (errflg) { case NIL: /* no error */ syslog (LOG_INFO,"%s",string); break; case PARSE: /* parsing problem */ case WARN: /* warning */ syslog (LOG_WARNING,"%s",string); break; case ERROR: /* error */ default: syslog (LOG_ERR,"%s",string); break; } } }
long smtp_ehlo (SENDSTREAM *stream,char *host,NETMBX *mb) { unsigned long i,j; long flags = (mb->secflag ? AU_SECURE : NIL) | (mb->authuser[0] ? AU_AUTHUSER : NIL); char *s,*t,*r,tmp[MAILTMPLEN]; /* clear ESMTP data */ memset (&ESMTP,0,sizeof (ESMTP)); if (mb->loser) return 500; /* never do EHLO if a loser */ sprintf (tmp,"EHLO %s",host); /* build the complete command */ if (stream->debug) mm_dlog (tmp); strcat (tmp,"\015\012"); /* send the command */ if (!net_soutr (stream->netstream,tmp)) return smtp_fake (stream,"SMTP connection broken (EHLO)"); /* got an OK reply? */ do if ((i = smtp_reply (stream)) == SMTPOK) { /* hack for AUTH= */ if (stream->reply[4] && stream->reply[5] && stream->reply[6] && stream->reply[7] && (stream->reply[8] == '=')) stream->reply[8] = ' '; /* get option code */ if (!(s = strtok_r (stream->reply+4," ",&r))); /* have option, does it have a value */ else if ((t = strtok_r (NIL," ",&r)) && *t) { /* EHLO options which take arguments */ if (!compare_cstring (s,"SIZE")) { if (isdigit (*t)) ESMTP.size.limit = strtoul (t,&t,10); ESMTP.size.ok = T; } else if (!compare_cstring (s,"DELIVERBY")) { if (isdigit (*t)) ESMTP.deliverby.minby = strtoul (t,&t,10); ESMTP.deliverby.ok = T; } else if (!compare_cstring (s,"ATRN")) { ESMTP.atrn.domains = cpystr (t); ESMTP.atrn.ok = T; } else if (!compare_cstring (s,"AUTH")) do if ((j = mail_lookup_auth_name (t,flags)) && (--j < MAXAUTHENTICATORS)) ESMTP.auth |= (1 << j); while ((t = strtok_r (NIL," ",&r)) && *t); } /* EHLO options which do not take arguments */ else if (!compare_cstring (s,"SIZE")) ESMTP.size.ok = T; else if (!compare_cstring (s,"8BITMIME")) ESMTP.eightbit.ok = T; else if (!compare_cstring (s,"DSN")) ESMTP.dsn.ok = T; else if (!compare_cstring (s,"ATRN")) ESMTP.atrn.ok = T; else if (!compare_cstring (s,"SEND")) ESMTP.service.send = T; else if (!compare_cstring (s,"SOML")) ESMTP.service.soml = T; else if (!compare_cstring (s,"SAML")) ESMTP.service.saml = T; else if (!compare_cstring (s,"EXPN")) ESMTP.service.expn = T; else if (!compare_cstring (s,"HELP")) ESMTP.service.help = T; else if (!compare_cstring (s,"TURN")) ESMTP.service.turn = T; else if (!compare_cstring (s,"ETRN")) ESMTP.service.etrn = T; else if (!compare_cstring (s,"STARTTLS")) ESMTP.service.starttls = T; else if (!compare_cstring (s,"RELAY")) ESMTP.service.relay = T; else if (!compare_cstring (s,"PIPELINING")) ESMTP.service.pipe = T; else if (!compare_cstring (s,"ENHANCEDSTATUSCODES")) ESMTP.service.ensc = T; else if (!compare_cstring (s,"BINARYMIME")) ESMTP.service.bmime = T; else if (!compare_cstring (s,"CHUNKING")) ESMTP.service.chunk = T; } while ((i < 100) || (stream->reply[3] == '-')); /* disable LOGIN if PLAIN also advertised */ if ((j = mail_lookup_auth_name ("PLAIN",NIL)) && (--j < MAXAUTHENTICATORS) && (ESMTP.auth & (1 << j)) && (j = mail_lookup_auth_name ("LOGIN",NIL)) && (--j < MAXAUTHENTICATORS)) ESMTP.auth &= ~(1 << j); return i; /* return the response code */ }
int deliver (FILE *f,unsigned long msglen,char *user) { MAILSTREAM *ds = NIL; char *s,*mailbox,tmp[MAILTMPLEN],path[MAILTMPLEN]; STRING st; struct stat sbuf; /* have a mailbox specifier? */ if ((mailbox = strchr (user,'+')) != NULL) { *mailbox++ = '\0'; /* yes, tie off user name */ if (!*mailbox || !compare_cstring ((unsigned char *) mailbox,"INBOX")) mailbox = NIL; /* user+ and user+INBOX same as user */ } if (!*user) user = myusername (); else if (strcmp (user,myusername ())) return fail ("can't deliver to other user",EX_CANTCREAT); sprintf (tmp,"delivering to %.80s+%.80s",user,mailbox ? mailbox : "INBOX"); mm_dlog (tmp); /* prepare stringstruct */ INIT (&st,file_string,(void *) f,msglen); if (mailbox) { /* non-INBOX name */ switch (mailbox[0]) { /* make sure a valid name */ default: /* other names, try to deliver if not INBOX */ if ((strlen (mailbox) <= NETMAXMBX) && !strstr (mailbox,"..") && !strstr (mailbox,"//") && !strstr (mailbox,"/~") && mailboxfile (path,mailbox) && path[0] && !deliver_safely (NIL,&st,mailbox,path,tmp)) return NIL; case '%': case '*': /* wildcards not valid */ case '/': /* absolute path names not valid */ case '~': /* user names not valid */ sprintf (tmp,"invalid mailbox name %.80s+%.80s",user,mailbox); mm_log (tmp,WARN); break; } mm_dlog ("retrying delivery to INBOX"); SETPOS (&st,0); /* rewind stringstruct just in case */ } /* no -I, resolve "INBOX" into path */ if (mailboxfile (path,mailbox = "INBOX") && !path[0]) { /* clear box, get generic INBOX prototype */ if (!(ds = mail_open (NIL,"INBOX",OP_PROTOTYPE))) fatal ("no INBOX prototype"); /* standard system driver? */ if (!strcmp (ds->dtb->name,"unix") || !strcmp (ds->dtb->name,"mmdf")) { strcpy (path,sysinbox ());/* use system INBOX */ if (!lstat (path,&sbuf)) /* deliver to existing system INBOX */ return deliver_safely (ds,&st,mailbox,path,tmp); } else { /* other driver, try ~/INBOX */ if ((mailboxfile (path,"&&&&&") == path) && (s = strstr (path,"&&&&&")) && strcpy (s,"INBOX") && !lstat (path,&sbuf)){ /* deliver to existing ~/INBOX */ sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name); return deliver_safely (ds,&st,cpystr (tmp),path,tmp); } } /* not dummy, deliver to driver imputed path */ if (strcmp (ds->dtb->name,"dummy")) return (ibxpath (ds,&mailbox,path) && !lstat (path,&sbuf)) ? deliver_safely (ds,&st,mailbox,path,tmp) : fail ("unable to resolve INBOX path",EX_CANTCREAT); /* dummy, empty imputed append path exist? */ if (ibxpath (ds = default_proto (T),&mailbox,path) && !lstat (path,&sbuf) && !sbuf.st_size) return deliver_safely (ds,&st,mailbox,path,tmp); /* impute path that we will create */ if (!ibxpath (ds = default_proto (NIL),&mailbox,path)) return fail ("unable to resolve INBOX",EX_CANTCREAT); } /* black box, must create, get create proto */ else if (lstat (path,&sbuf)) ds = default_proto (NIL); else { /* black box, existing file */ /* empty file, get append prototype */ if (!sbuf.st_size) ds = default_proto (T); /* non-empty, get prototype from its data */ else if (!(ds = mail_open (NIL,"INBOX",OP_PROTOTYPE))) fatal ("no INBOX prototype"); /* error if unknown format */ if (!strcmp (ds->dtb->name,"phile")) return fail ("unknown format INBOX",EX_UNAVAILABLE); /* otherwise can deliver to it */ return deliver_safely (ds,&st,mailbox,path,tmp); } sprintf (tmp,"attempting to create mailbox %.80s path %.80s",mailbox,path); mm_dlog (tmp); /* supplicate to the Evil One */ if (!path_create (ds,path)) return fail ("can't create INBOX",EX_CANTCREAT); sprintf (tmp,"created %.80s",path); mm_dlog (tmp); /* deliver the message */ return deliver_safely (ds,&st,mailbox,path,tmp); }
int main (int argc,char *argv[]) { FILE *f = NIL; int pid,c,ret = 0; unsigned long msglen,status = 0; char *s,tmp[MAILTMPLEN]; uid_t ruid = getuid (); struct passwd *pwd; openlog ("tmail",LOG_PID,LOG_MAIL); #include "linkage.c" /* make sure have some arguments */ if (--argc < 1) _exit (fail ("usage: tmail [-D] user[+folder]",EX_USAGE)); /* process all flags */ while (argc && (*(s = *++argv)) == '-') { argc--; /* gobble this argument */ switch (s[1]) { /* what is this flag? */ case 'D': /* debug */ debug = T; /* don't fork */ break; case 'I': /* inbox specifier */ if (inbox || format) _exit (fail ("duplicate -b or -I",EX_USAGE)); if (argc--) inbox = cpystr (*++argv); else _exit (fail ("missing argument to -I",EX_USAGE)); break; case 'f': /* new name for this flag */ case 'r': /* flag giving return path */ if (sender) _exit (fail ("duplicate -f or -r",EX_USAGE)); if (argc--) sender = cpystr (*++argv); else _exit (fail ("missing argument to -f or -r",EX_USAGE)); break; case 'b': /* create INBOX in this format */ if (inbox || format) _exit (fail ("duplicate -b or -I",EX_USAGE)); if (!argc--) _exit (fail ("missing argument to -b",EX_USAGE)); if (!(format = mail_parameters (NIL,GET_DRIVER,*++argv))) _exit (fail ("unknown format to -b",EX_USAGE)); else if (!(format->flags & DR_LOCAL) || !compare_cstring (format->name,"dummy")) _exit (fail ("invalid format to -b",EX_USAGE)); break; /* following flags are undocumented */ case 'p': /* precedence for quota */ if (s[2] && ((s[2] == '-') || isdigit (s[2]))) precedence = atol (s + 2); else if (argc-- && ((*(s = *++argv) == '-') || isdigit (*s))) precedence = atol (s); else _exit (fail ("missing argument to -p",EX_USAGE)); break; case 'd': /* obsolete flag meaning multiple users */ break; /* ignore silently */ /* -s has been deprecated and replaced by the -s and -k flags in dmail. * dmail's -k flag does what -s once did in tmail; dmail's -s flag * takes no argument and just sets \Seen. Flag setting is more properly * done in dmail which runs as the user and is clearly at the user's * behest. Since tmail runs privileged, -s would have to be disabled * unless the caller is also privileged. */ case 's': /* obsolete flag meaning delivery flags */ if (!argc--) /* takes an argument */ _exit (fail ("missing argument to deprecated flag",EX_USAGE)); syslog (LOG_INFO,"tmail called with deprecated flag: -s %.200s",*++argv); break; default: /* anything else */ _exit (fail ("unknown switch",EX_USAGE)); } } if (!argc) ret = fail ("no recipients",EX_USAGE); else if (!(f = tmpfile ())) ret = fail ("can't make temp file",EX_TEMPFAIL); else { /* build delivery headers */ if (sender) fprintf (f,"Return-Path: <%s>\015\012",sender); /* start Received line: */ fprintf (f,"Received: via tmail-%s.%s",CCLIENTVERSION,version); /* not root or daemon? */ if (ruid && !((pwd = getpwnam ("daemon")) && (ruid == pwd->pw_uid))) { pwd = getpwuid (ruid); /* get unprivileged user's information */ if (inbox || format) { if (pwd) sprintf (tmp,"user %.80s",pwd->pw_name); else sprintf (tmp,"UID %ld",(long) ruid); strcat (tmp," is not privileged to use -b or -I"); _exit (fail (tmp,EX_USAGE)); } fputs (" (invoked by ",f); if (pwd) fprintf (f,"user %s",pwd->pw_name); else fprintf (f,"UID %ld",(long) ruid); fputs (")",f); } /* write "for" if single recipient */ if (argc == 1) fprintf (f," for %s",*argv); fputs ("; ",f); rfc822_date (tmp); fputs (tmp,f); fputs ("\015\012",f); /* copy text from standard input */ if (!fgets (tmp,MAILTMPLEN-1,stdin) || !(s = strchr (tmp,'\n')) || (s == tmp) || s[1]) _exit (fail ("bad first message line",EX_USAGE)); if (s[-1] == '\015') { /* nuke leading "From " line */ if ((tmp[0] != 'F') || (tmp[1] != 'r') || (tmp[2] != 'o') || (tmp[3] != 'm') || (tmp[4] != ' ')) fputs (tmp,f); while ((c = getchar ()) != EOF) putc (c,f); } else { mm_log ("tmail called with LF-only newlines",WARN); if ((tmp[0] != 'F') || (tmp[1] != 'r') || (tmp[2] != 'o') || (tmp[3] != 'm') || (tmp[4] != ' ')) { *s++ = '\015'; /* overwrite NL with CRLF */ *s++ = '\012'; *s = '\0'; /* tie off string */ fputs (tmp,f); /* write line */ } /* copy text from standard input */ while ((c = getchar ()) != EOF) { /* add CR if needed */ if (c == '\012') putc ('\015',f); putc (c,f); } } msglen = ftell (f); /* size of message */ fflush (f); /* make sure all changes written out */ if (ferror (f)) ret = fail ("error writing temp file",EX_TEMPFAIL); else if (!msglen) ret = fail ("empty message",EX_TEMPFAIL); /* single delivery */ else if (argc == 1) ret = deliver (f,msglen,*argv); else do { /* multiple delivery uses daughter forks */ if ((pid = fork ()) < 0) ret = fail (strerror (errno),EX_OSERR); else if (pid) { /* mother process */ grim_pid_reap_status (pid,NIL,(void *) status); /* normal termination? */ if (!ret) ret = (status & 0xff) ? EX_SOFTWARE : (status & 0xff00) >> 8; } /* daughter process */ else _exit (deliver (f,msglen,*argv)); } while (--argc && *argv++); mm_dlog (ret ? "error in delivery" : "all recipients delivered"); }
int main (int argc,char *argv[]) { FILE *f = NIL; int pid,c,ret = 0; unsigned long msglen,status = 0; char *s,tmp[MAILTMPLEN]; uid_t ruid = getuid (); struct passwd *pwd; openlog ("tmail",LOG_PID,LOG_MAIL); #include "linkage.c" /* make sure have some arguments */ if (--argc < 1) _exit (fail ("usage: tmail [-D] user[+folder]",EX_USAGE)); /* process all flags */ while (argc && (*(s = *++argv)) == '-') { argc--; /* gobble this argument */ switch (s[1]) { /* what is this flag? */ case 'D': /* debug */ debug = T; /* don't fork */ break; case 'd': /* obsolete flag meaning multiple users */ break; case 'I': /* inbox specifier */ if (argc--) inbox = cpystr (*++argv); else _exit (fail ("missing argument to -I",EX_USAGE)); break; case 'f': /* new name for this flag */ case 'r': /* flag giving return path */ if (argc--) sender = cpystr (*++argv); else _exit (fail ("missing argument to -r",EX_USAGE)); break; default: /* anything else */ _exit (fail ("unknown switch",EX_USAGE)); } } if (!argc) ret = fail ("no recipients",EX_USAGE); else if (!(f = tmpfile ())) ret = fail ("can't make temp file",EX_TEMPFAIL); else { /* build delivery headers */ if (sender) fprintf (f,"Return-Path: <%s>\015\012",sender); /* start Received line: */ fprintf (f,"Received: via tmail-%s",version); /* not root or daemon? */ if (ruid && !((pwd = getpwnam ("daemon")) && (ruid == pwd->pw_uid))) { pwd = getpwuid (ruid); /* get unprivileged user's information */ if (inbox) { if (pwd) sprintf (tmp,"user %.80s",pwd->pw_name); else sprintf (tmp,"UID %ld",(long) ruid); strcat (tmp," is not privileged to use -I"); _exit (fail (tmp,EX_USAGE)); } fputs (" (invoked by ",f); if (pwd) fprintf (f,"user %s",pwd->pw_name); else fprintf (f,"UID %ld",(long) ruid); fputs (")",f); } /* write "for" if single recipient */ if (argc == 1) fprintf (f," for %s",*argv); fputs ("; ",f); rfc822_date (tmp); fputs (tmp,f); fputs ("\015\012",f); /* copy text from standard input */ if (!fgets (tmp,MAILTMPLEN-1,stdin) || !(s = strchr (tmp,'\n')) || (s == tmp) || s[1]) _exit (fail ("bad first message line",EX_USAGE)); if (s[-1] == '\015') { /* nuke leading "From " line */ if ((tmp[0] != 'F') || (tmp[1] != 'r') || (tmp[2] != 'o') || (tmp[3] != 'm') || (tmp[4] != ' ')) fputs (tmp,f); while ((c = getchar ()) != EOF) putc (c,f); } else { mm_log ("tmail called with LF-only newlines",WARN); if ((tmp[0] != 'F') || (tmp[1] != 'r') || (tmp[2] != 'o') || (tmp[3] != 'm') || (tmp[4] != ' ')) { *s++ = '\015'; /* overwrite NL with CRLF */ *s++ = '\012'; *s = '\0'; /* tie off string */ fputs (tmp,f); /* write line */ } /* copy text from standard input */ while ((c = getchar ()) != EOF) { /* add CR if needed */ if (c == '\012') putc ('\015',f); putc (c,f); } } msglen = ftell (f); /* size of message */ fflush (f); /* make sure all changes written out */ if (ferror (f)) ret = fail ("error writing temp file",EX_TEMPFAIL); else if (!msglen) ret = fail ("empty message",EX_TEMPFAIL); /* single delivery */ else if (argc == 1) ret = deliver (f,msglen,*argv); else do { /* multiple delivery uses daughter forks */ if ((pid = fork ()) < 0) ret = fail (strerror (errno),EX_OSERR); else if (pid) { /* mother process */ grim_pid_reap_status (pid,NIL,(void *) status); /* normal termination? */ if (!ret) ret = (status & 0xff) ? EX_SOFTWARE : (status & 0xff00) >> 8; } /* daughter process */ else _exit (deliver (f,msglen,*argv)); } while (--argc && *argv++); mm_dlog (ret ? "error in delivery" : "all recipients delivered"); }