only catch filenames if the "/" is leading

[unix-history] / usr / src / usr.sbin / sendmail / src / recipient.c
diff --git a/usr/src/usr.sbin/sendmail/src/recipient.c b/usr/src/usr.sbin/sendmail/src/recipient.c

index acece92..737c875 100644 (file)
--- a/usr/src/usr.sbin/sendmail/src/recipient.c
+++ b/usr/src/usr.sbin/sendmail/src/recipient.c
@@ -1,9 +1,8 @@
  # include <pwd.h>
  # include <pwd.h>
-# include <sys/types.h>
-# include <sys/stat.h>
  # include "sendmail.h"
  # include "sendmail.h"
+# include <sys/stat.h>
  
  
-static char SccsId[] = "@(#)recipient.c        3.16    %G%";
+SCCSID(@(#)recipient.c 3.33            %G%);
  
  /*
  **  SENDTO -- Designate a send list.
  
  /*
  **  SENDTO -- Designate a send list.
@@ -11,12 +10,25 @@ static char SccsId[] = "@(#)recipient.c     3.16    %G%";
  **     The parameter is a comma-separated list of people to send to.
  **     This routine arranges to send to all of them.
  **
  **     The parameter is a comma-separated list of people to send to.
  **     This routine arranges to send to all of them.
  **
+**     The `ctladdr' is the address that expanded to be this one,
+**     e.g., in an alias expansion.  This is used for a number of
+**     purposed, most notably inheritance of uid/gid for protection
+**     purposes.  It is also used to detect self-reference in group
+**     expansions and the like.
+**
  **     Parameters:
  **             list -- the send list.
  **             copyf -- the copy flag; passed to parse.
  **     Parameters:
  **             list -- the send list.
  **             copyf -- the copy flag; passed to parse.
+**             ctladdr -- the address template for the person to
+**                     send to -- effective uid/gid are important.
+**                     This is typically the alias that caused this
+**                     expansion.
+**             sendq -- a pointer to the head of a queue to put
+**                     these people into.
+**             qflags -- special flags to set in the q_flags field.
  **
  **     Returns:
  **
  **     Returns:
-**             none
+**             pointer to chain of addresses.
  **
  **     Side Effects:
  **             none.
  **
  **     Side Effects:
  **             none.
@@ -24,20 +36,33 @@ static char SccsId[] = "@(#)recipient.c     3.16    %G%";
  
  # define MAXRCRSN      10
  
  
  # define MAXRCRSN      10
  
-sendto(list, copyf)
+ADDRESS *
+sendto(list, copyf, ctladdr, qflags)
         char *list;
         int copyf;
         char *list;
         int copyf;
+       ADDRESS *ctladdr;
+       ADDRESS **sendq;
+       u_short qflags;
  {
         register char *p;
         bool more;              /* set if more addresses to send to */
         ADDRESS *al;            /* list of addresses to send to */
  {
         register char *p;
         bool more;              /* set if more addresses to send to */
         ADDRESS *al;            /* list of addresses to send to */
+       bool firstone;          /* set on first address sent */
+       bool selfref;           /* set if this list includes ctladdr */
+       ADDRESS *sibl;          /* sibling pointer in tree */
+       ADDRESS *prev;          /* previous sibling */
  
  # ifdef DEBUG
         if (Debug > 1)
  
  # ifdef DEBUG
         if (Debug > 1)
-               printf("sendto: %s\n", list);
+       {
+               printf("sendto: %s\n   ctladdr=", list);
+               printaddr(ctladdr, FALSE);
+       }
  # endif DEBUG
  
         more = TRUE;
  # endif DEBUG
  
         more = TRUE;
+       firstone = TRUE;
+       selfref = FALSE;
         al = NULL;
         for (p = list; more; )
         {
         al = NULL;
         for (p = list; more; )
         {
@@ -61,22 +86,95 @@ sendto(list, copyf)
                 /* parse the address */
                 if ((a = parse(q, (ADDRESS *) NULL, copyf)) == NULL)
                         continue;
                 /* parse the address */
                 if ((a = parse(q, (ADDRESS *) NULL, copyf)) == NULL)
                         continue;
-
-               /* put it on the local send list */
                 a->q_next = al;
                 a->q_next = al;
-               al = a;
+               a->q_alias = ctladdr;
+               if (ctladdr != NULL)
+                       a->q_flags |= ctladdr->q_flags & ~QPRIMARY;
+               a->q_flags |= qflags;
+
+               /* see if this should be marked as a primary address */
+               if (ctladdr == NULL ||
+                   (firstone && !more && bitset(QPRIMARY, ctladdr->q_flags)))
+                       a->q_flags |= QPRIMARY;
+
+               /* put on send queue or suppress self-reference */
+               if (ctladdr != NULL && sameaddr(ctladdr, a, FALSE))
+                       selfref = TRUE;
+               else
+                       al = a;
+               firstone = FALSE;
         }
  
         }
  
+       /* if this alias doesn't include itself, delete ctladdr */
+       if (!selfref && ctladdr != NULL)
+               ctladdr->q_flags |= QDONTSEND;
+
         /* arrange to send to everyone on the local send list */
         /* arrange to send to everyone on the local send list */
+       prev = sibl = NULL;
+       if (ctladdr != NULL)
+               prev = ctladdr->q_child;
         while (al != NULL)
         {
                 register ADDRESS *a = al;
         while (al != NULL)
         {
                 register ADDRESS *a = al;
+               extern ADDRESS *recipient();
  
                 al = a->q_next;
  
                 al = a->q_next;
-               recipient(a);
+               sibl = recipient(a);
+               if (sibl != NULL)
+               {
+                       extern ADDRESS *addrref();
+
+                       /* inherit full name */
+                       if (sibl->q_fullname == NULL && ctladdr != NULL)
+                               sibl->q_fullname = ctladdr->q_fullname;
+
+                       /* link tree together (but only if the node is new) */
+                       if (sibl == a)
+                       {
+                               sibl->q_sibling = prev;
+                               prev = sibl;
+                       }
+               }
         }
  
         To = NULL;
         }
  
         To = NULL;
+       if (ctladdr != NULL)
+               ctladdr->q_child = prev;
+       return (prev);
+}
+\f/*
+**  ADDRREF -- return pointer to address that references another address.
+**
+**     Parameters:
+**             a -- address to check.
+**             r -- reference to find.
+**
+**     Returns:
+**             address of node in tree rooted at 'a' that references
+**                     'r'.
+**             NULL if no such node exists.
+**
+**     Side Effects:
+**             none.
+*/
+
+ADDRESS *
+addrref(a, r)
+       register ADDRESS *a;
+       register ADDRESS *r;
+{
+       register ADDRESS *q;
+
+       while (a != NULL)
+       {
+               if (a->q_child == r || a->q_sibling == r)
+                       return (a);
+               q = addrref(a->q_child, r);
+               if (q != NULL)
+                       return (q);
+               a = a->q_sibling;
+       }
+       return (NULL);
  }
  \f/*
  **  RECIPIENT -- Designate a message recipient
  }
  \f/*
  **  RECIPIENT -- Designate a message recipient
@@ -85,74 +183,94 @@ sendto(list, copyf)
  **
  **     Parameters:
  **             a -- the (preparsed) address header for the recipient.
  **
  **     Parameters:
  **             a -- the (preparsed) address header for the recipient.
+**             sendq -- a pointer to the head of a queue to put the
+**                     recipient in.  Duplicate supression is done
+**                     in this queue.
  **
  **     Returns:
  **
  **     Returns:
-**             none.
+**             pointer to address actually inserted in send list.
  **
  **     Side Effects:
  **             none.
  */
  
  **
  **     Side Effects:
  **             none.
  */
  
-recipient(a)
+ADDRESS *
+recipient(a, sendq)
         register ADDRESS *a;
         register ADDRESS *a;
+       register ADDRESS **sendq;
  {
         register ADDRESS *q;
         ADDRESS **pq;
         register struct mailer *m;
  {
         register ADDRESS *q;
         ADDRESS **pq;
         register struct mailer *m;
+       extern ADDRESS *getctladdr();
+       extern bool safefile();
  
         To = a->q_paddr;
  
         To = a->q_paddr;
-       m = Mailer[a->q_mailer];
+       m = a->q_mailer;
         errno = 0;
  # ifdef DEBUG
         if (Debug)
         errno = 0;
  # ifdef DEBUG
         if (Debug)
-               printf("recipient(%s)\n", To);
+       {
+               printf("\nrecipient: ");
+               printaddr(a, FALSE);
+       }
  # endif DEBUG
  
         /* break aliasing loops */
         if (AliasLevel > MAXRCRSN)
         {
                 usrerr("aliasing/forwarding loop broken");
  # endif DEBUG
  
         /* break aliasing loops */
         if (AliasLevel > MAXRCRSN)
         {
                 usrerr("aliasing/forwarding loop broken");
-               return;
+               return (NULL);
         }
  
         /*
         }
  
         /*
-       **  Do sickly crude mapping for program mailing, etc.
+       **  Finish setting up address structure.
         */
  
         */
  
-       if (a->q_mailer == MN_LOCAL)
+       a->q_timeout = TimeOut;
+
+       /* do sickly crude mapping for program mailing, etc. */
+       if (a->q_mailer == LocalMailer)
         {
                 if (a->q_user[0] == '|')
                 {
         {
                 if (a->q_user[0] == '|')
                 {
-                       a->q_mailer = MN_PROG;
-                       m = Mailer[MN_PROG];
+                       a->q_mailer = m = ProgMailer;
                         a->q_user++;
                         a->q_user++;
-# ifdef PARANOID
-                       if (AliasLevel <= 0)
+                       if (a->q_alias == NULL && Debug == 0 && !QueueRun && !ForceMail)
                         {
                                 usrerr("Cannot mail directly to programs");
                                 a->q_flags |= QDONTSEND;
                         }
                         {
                                 usrerr("Cannot mail directly to programs");
                                 a->q_flags |= QDONTSEND;
                         }
-# endif PARANOID
                 }
         }
  
         /*
                 }
         }
  
         /*
-       **  Look up this person in the recipient list.  If they
-       **  are there already, return, otherwise continue.
-       **  If the list is empty, just add it.
+       **  Look up this person in the recipient list.
+       **      If they are there already, return, otherwise continue.
+       **      If the list is empty, just add it.  Notice the cute
+       **      hack to make from addresses suppress things correctly:
+       **      the QDONTSEND bit will be set in the send list.
+       **      [Please note: the emphasis is on "hack."]
         */
  
         */
  
-       for (pq = &m->m_sendq; (q = *pq) != NULL; pq = &q->q_next)
+       for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
         {
                 if (!ForceMail && sameaddr(q, a, FALSE))
                 {
  # ifdef DEBUG
                         if (Debug)
         {
                 if (!ForceMail && sameaddr(q, a, FALSE))
                 {
  # ifdef DEBUG
                         if (Debug)
-                               printf("(%s in sendq)\n", a->q_paddr);
+                       {
+                               printf("%s in sendq: ", a->q_paddr);
+                               printaddr(q, FALSE);
+                       }
  # endif DEBUG
  # endif DEBUG
-                       if (Verbose && !bitset(QDONTSEND, a->q_flags))
+                       if (Verbose && !bitset(QDONTSEND|QPSEUDO, a->q_flags))
                                 message(Arpa_Info, "duplicate suppressed");
                                 message(Arpa_Info, "duplicate suppressed");
-                       return;
+                       if (!bitset(QPRIMARY, q->q_flags))
+                               q->q_flags |= a->q_flags;
+                       if (!bitset(QPSEUDO, a->q_flags))
+                               q->q_flags &= ~QPSEUDO;
+                       return (q);
                 }
         }
  
                 }
         }
  
@@ -166,17 +284,22 @@ recipient(a)
         **  Alias the name and handle :include: specs.
         */
  
         **  Alias the name and handle :include: specs.
         */
  
-       if (a->q_mailer == MN_LOCAL)
+       if (a->q_mailer == LocalMailer)
         {
                 if (strncmp(a->q_user, ":include:", 9) == 0)
                 {
                         a->q_flags |= QDONTSEND;
         {
                 if (strncmp(a->q_user, ":include:", 9) == 0)
                 {
                         a->q_flags |= QDONTSEND;
-                       if (Verbose)
-                               message(Arpa_Info, "including file %s", &a->q_user[9]);
-                       include(&a->q_user[9], " sending");
+                       if (a->q_alias == NULL && Debug == 0 && !QueueRun && !ForceMail)
+                               usrerr("Cannot mail directly to :include:s");
+                       else
+                       {
+                               if (Verbose)
+                                       message(Arpa_Info, "including file %s", &a->q_user[9]);
+                               include(&a->q_user[9], " sending", a, sendq);
+                       }
                 }
                 else
                 }
                 else
-                       alias(a);
+                       alias(a, sendq);
         }
  
         /*
         }
  
         /*
@@ -187,22 +310,34 @@ recipient(a)
         **  the user (which is probably correct anyway).
         */
  
         **  the user (which is probably correct anyway).
         */
  
-       if (!bitset(QDONTSEND, a->q_flags) && a->q_mailer == MN_LOCAL)
+       if (!bitset(QDONTSEND, a->q_flags) && a->q_mailer == LocalMailer)
         {
                 char buf[MAXNAME];
                 register char *p;
                 struct stat stb;
                 extern bool writable();
         {
                 char buf[MAXNAME];
                 register char *p;
                 struct stat stb;
                 extern bool writable();
+               bool quoted = FALSE;
  
                 strcpy(buf, a->q_user);
  
                 strcpy(buf, a->q_user);
+               for (p = buf; *p != '\0' && !quoted; p++)
+               {
+                       if (!isascii(*p) && (*p & 0377) != (SPACESUB) & 0377)
+                               quoted = TRUE;
+               }
                 stripquotes(buf, TRUE);
  
                 /* see if this is to a file */
                 stripquotes(buf, TRUE);
  
                 /* see if this is to a file */
-               if ((p = rindex(buf, '/')) != NULL)
+               if (buf[0] == '/')
                 {
                 {
+                       p = rindex(buf, '/');
                         /* check if writable or creatable */
                         /* check if writable or creatable */
-                       if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
-                           (*p = '\0', access(buf, 3) < 0))
+                       if (a->q_alias == NULL && Debug == 0 && !QueueRun && !ForceMail)
+                       {
+                               usrerr("Cannot mail directly to files");
+                               a->q_flags |= QDONTSEND;
+                       }
+                       else if ((stat(buf, &stb) >= 0) ? (!writable(&stb)) :
+                           (*p = '\0', !safefile(buf, getruid(), S_IWRITE|S_IEXEC)))
                         {
                                 a->q_flags |= QBADADDR;
                                 giveresponse(EX_CANTCREAT, TRUE, m);
                         {
                                 a->q_flags |= QBADADDR;
                                 giveresponse(EX_CANTCREAT, TRUE, m);
@@ -213,6 +348,7 @@ recipient(a)
                         register struct passwd *pw;
                         extern struct passwd *finduser();
  
                         register struct passwd *pw;
                         extern struct passwd *finduser();
  
+                       /* warning -- finduser may trash buf */
                         pw = finduser(buf);
                         if (pw == NULL)
                         {
                         pw = finduser(buf);
                         if (pw == NULL)
                         {
@@ -221,6 +357,10 @@ recipient(a)
                         }
                         else
                         {
                         }
                         else
                         {
+                               char nbuf[MAXNAME];
+
+                               char nbuf[MAXNAME];
+
                                 if (strcmp(a->q_user, pw->pw_name) != 0)
                                 {
                                         a->q_user = newstr(pw->pw_name);
                                 if (strcmp(a->q_user, pw->pw_name) != 0)
                                 {
                                         a->q_user = newstr(pw->pw_name);
@@ -228,11 +368,21 @@ recipient(a)
                                 }
                                 a->q_home = newstr(pw->pw_dir);
                                 a->q_uid = pw->pw_uid;
                                 }
                                 a->q_home = newstr(pw->pw_dir);
                                 a->q_uid = pw->pw_uid;
-                               if (strcmp(buf, a->q_user) == 0)
-                                       forward(a);
+                               a->q_gid = pw->pw_gid;
+                               a->q_flags |= QGOODUID;
+                               buildfname(pw->pw_gecos, pw->pw_name, nbuf);
+                               if (nbuf[0] != '\0')
+                                       a->q_fullname = newstr(nbuf);
+                               fullname(pw, nbuf);
+                               if (nbuf[0] != '\0')
+                                       a->q_fullname = newstr(nbuf);
+                               if (!quoted)
+                                       forward(a, sendq);
                         }
                 }
         }
                         }
                 }
         }
+
+       return (a);
  }
  \f/*
  **  FINDUSER -- find the password entry for a user.
  }
  \f/*
  **  FINDUSER -- find the password entry for a user.
@@ -248,7 +398,7 @@ recipient(a)
  **             NULL if name is unknown or ambiguous.
  **
  **     Side Effects:
  **             NULL if name is unknown or ambiguous.
  **
  **     Side Effects:
-**             none.
+**             may modify name.
  */
  
  struct passwd *
  */
  
  struct passwd *
@@ -257,29 +407,32 @@ finduser(name)
  {
         extern struct passwd *getpwent();
         register struct passwd *pw;
  {
         extern struct passwd *getpwent();
         register struct passwd *pw;
+       register char *p;
+
+       /*
+       **  Make name canonical.
+       */
+
+       for (p = name; *p != '\0'; p++)
+       {
+               if (*p == (SPACESUB & 0177) || *p == '_')
+                       *p = ' ';
+       }
  
         setpwent();
         while ((pw = getpwent()) != NULL)
         {
  
         setpwent();
         while ((pw = getpwent()) != NULL)
         {
-               char buf[MAXNAME];
-               register char *p;
                 extern bool sameword();
                 extern bool sameword();
-               bool gotaspace;
+               char buf[MAXNAME];
  
                 if (strcmp(pw->pw_name, name) == 0)
                         return (pw);
  
                 if (strcmp(pw->pw_name, name) == 0)
                         return (pw);
-               buildfname(pw->pw_gecos, pw->pw_name, buf);
-               gotaspace = FALSE;
-               for (p = buf; (p = index(p, ' ')) != NULL; )
-               {
-                       *p++ = SPACESUB & 0177;
-                       gotaspace = TRUE;
-               }
-               if (gotaspace && sameword(buf, name))
+               fullname(pw, buf);
+               if (index(buf, ' ') != NULL && sameword(buf, name))
                 {
                         if (Verbose)
                 {
                         if (Verbose)
-                               message(Arpa_Info, "sending to login name %s",
-                                   pw->pw_name);
+                               message(Arpa_Info, "sending to %s <%s>",
+                                   buf, pw->pw_name);
                         return (pw);
                 }
         }
                         return (pw);
                 }
         }
@@ -343,6 +496,11 @@ writable(s)
  **     Parameters:
  **             fname -- filename to include.
  **             msg -- message to print in verbose mode.
  **     Parameters:
  **             fname -- filename to include.
  **             msg -- message to print in verbose mode.
+**             ctladdr -- address template to use to fill in these
+**                     addresses -- effective user/group id are
+**                     the important things.
+**             sendq -- a pointer to the head of the send queue
+**                     to put these addresses in.
  **
  **     Returns:
  **             none.
  **
  **     Returns:
  **             none.
@@ -352,9 +510,11 @@ writable(s)
  **             listed in that file.
  */
  
  **             listed in that file.
  */
  
-include(fname, msg)
+include(fname, msg, ctladdr, sendq)
         char *fname;
         char *msg;
         char *fname;
         char *msg;
+       ADDRESS *ctladdr;
+       ADDRESS **sendq;
  {
         char buf[MAXLINE];
         register FILE *fp;
  {
         char buf[MAXLINE];
         register FILE *fp;
@@ -366,6 +526,16 @@ include(fname, msg)
                 usrerr("Cannot open %s", fname);
                 return;
         }
                 usrerr("Cannot open %s", fname);
                 return;
         }
+       if (getctladdr(ctladdr) == NULL)
+       {
+               struct stat st;
+
+               if (fstat(fileno(fp), &st) < 0)
+                       syserr("Cannot fstat %s!", fname);
+               ctladdr->q_uid = st.st_uid;
+               ctladdr->q_gid = st.st_gid;
+               ctladdr->q_flags |= QGOODUID;
+       }
  
         /* read the file -- each line is a comma-separated list. */
         while (fgets(buf, sizeof buf, fp) != NULL)
  
         /* read the file -- each line is a comma-separated list. */
         while (fgets(buf, sizeof buf, fp) != NULL)
@@ -380,7 +550,7 @@ include(fname, msg)
                 if (Verbose)
                         message(Arpa_Info, "%s to %s", msg, buf);
                 AliasLevel++;
                 if (Verbose)
                         message(Arpa_Info, "%s to %s", msg, buf);
                 AliasLevel++;
-               sendto(buf, 1);
+               sendto(buf, 1, ctladdr, 0);
                 AliasLevel--;
         }
  
                 AliasLevel--;
         }
  
@@ -423,6 +593,29 @@ sendtoargv(argv)
                                 argv += 2;
                         }
                 }
                                 argv += 2;
                         }
                 }
-               sendto(p, 0);
+               sendto(p, 0, (ADDRESS *) NULL, 0);
         }
  }
         }
  }
+\f/*
+**  GETCTLADDR -- get controlling address from an address header.
+**
+**     If none, get one corresponding to the effective userid.
+**
+**     Parameters:
+**             a -- the address to find the controller of.
+**
+**     Returns:
+**             the controlling address.
+**
+**     Side Effects:
+**             none.
+*/
+
+ADDRESS *
+getctladdr(a)
+       register ADDRESS *a;
+{
+       while (a != NULL && !bitset(QGOODUID, a->q_flags))
+               a = a->q_alias;
+       return (a);
+}