2 * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1990, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
7 * By using this file, you agree to the terms and conditions set
8 * forth in the LICENSE file which can be found at the top level of
9 * the sendmail distribution.
11 * $FreeBSD: src/contrib/sendmail/mail.local/mail.local.c,v 1.6.6.14 2003/03/29 19:33:16 gshapiro Exp $
12 * $DragonFly: src/contrib/sendmail/mail.local/Attic/mail.local.c,v 1.4 2005/04/29 10:04:45 joerg Exp $
19 "@(#) Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.\n\
20 All rights reserved.\n\
21 Copyright (c) 1990, 1993, 1994\n\
22 The Regents of the University of California. All rights reserved.\n")
24 SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239.2.11 2003/09/01 01:49:46 gshapiro Exp $")
27 #include <sm/errstring.h>
29 #include <sm/limits.h>
32 # undef EX_OK /* unistd.h may have another use for this */
34 # define LOCKFILE_PMODE 0
36 #include <sm/sysexits.h>
39 ** This is not intended to work on System V derived systems
40 ** such as Solaris or HP-UX, since they use a totally different
41 ** approach to mailboxes (essentially, they have a set-group-ID program
42 ** rather than set-user-ID, and they rely on the ability to "give away"
43 ** files to do their work). IT IS NOT A BUG that this doesn't
44 ** work on such architectures.
51 #include <sys/types.h>
55 # include <sys/socket.h>
56 # include <sys/file.h>
57 # include <netinet/in.h>
58 # include <arpa/nameser.h>
62 #include <sm/string.h>
67 #include <sendmail/pathnames.h>
71 # define LOCKTO_RM 300 /* timeout for stale lockfile removal */
72 #endif /* ! LOCKTO_RM */
74 # define LOCKTO_GLOB 400 /* global timeout for lockfile creation */
75 #endif /* ! LOCKTO_GLOB */
77 /* define a realloc() which works for NULL pointers */
78 #define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
81 ** If you don't have flock, you could try using lockf instead.
85 # define flock(a, b) lockf(a, b, 0)
89 # define LOCK_EX F_LOCK
90 #endif /* LDA_USE_LOCKF */
93 # include <sys/file.h>
94 #endif /* ! LOCK_EX */
97 ** If you don't have setreuid, and you have saved uids, and you have
98 ** a seteuid() call that doesn't try to emulate using setuid(), then
99 ** you can try defining LDA_USE_SETEUID.
102 #ifdef LDA_USE_SETEUID
103 # define setreuid(r, e) seteuid(e)
104 #endif /* LDA_USE_SETEUID */
106 #ifdef LDA_CONTENTLENGTH
107 # define CONTENTLENGTH 1
108 #endif /* LDA_CONTENTLENGTH */
111 # define INADDRSZ 4 /* size of an IPv4 address in bytes */
112 #endif /* ! INADDRSZ */
115 # include <maillock.h>
116 #endif /* MAILLOCK */
118 #ifndef MAILER_DAEMON
119 # define MAILER_DAEMON "MAILER-DAEMON"
120 #endif /* ! MAILER_DAEMON */
123 char ContentHdr[40] = "Content-Length: ";
126 #endif /* CONTENTLENGTH */
128 bool EightBitMime = true; /* advertise 8BITMIME in LMTP */
129 char ErrBuf[10240]; /* error buffer */
130 int ExitVal = EX_OK; /* sysexits.h error value. */
132 bool nofsync = false;
133 bool HoldErrs = false; /* Hold errors in ErrBuf */
134 bool LMTPMode = false;
135 bool BounceQuota = false; /* permanent error when over quota */
136 char *HomeMailFile = NULL; /* store mail in homedir */
138 void deliver __P((int, char *));
139 int e_to_sys __P((int));
140 void notifybiff __P((char *));
141 int store __P((char *, bool *));
142 void usage __P((void));
143 int lockmbox __P((char *));
144 void unlockmbox __P((void));
145 void mailerr __P((const char *, const char *, ...));
146 void flush_error __P((void));
158 char *mbdbname = "pw";
164 /* make sure we have some open file descriptors */
165 for (fd = 10; fd < 30; fd++)
168 /* use a reasonable umask */
172 openlog("mail.local", 0, LOG_MAIL);
173 # else /* LOG_MAIL */
174 openlog("mail.local", 0);
175 # endif /* LOG_MAIL */
178 while ((ch = getopt(argc, argv, "7BbdD:f:h:r:ls")) != -1)
182 case '7': /* Do not advertise 8BITMIME */
183 EightBitMime = false;
190 case 'b': /* bounce mail when over quota. */
194 case 'd': /* Backward compatible. */
197 case 'D': /* mailbox database type */
202 case 'r': /* Backward compatible. */
205 mailerr(NULL, "Multiple -f options");
212 if (optarg != NULL || *optarg != '\0')
213 HomeMailFile = optarg;
216 mailerr(NULL, "-h: missing filename");
237 /* initialize biff structures */
241 err = sm_mbdb_initialize(mbdbname);
244 char *errcode = "521";
246 if (err == EX_TEMPFAIL)
249 mailerr(errcode, "Can not open mailbox database %s: %s",
250 mbdbname, sm_strexit(err));
256 extern void dolmtp __P((void));
260 mailerr("421", "Users should not be specified in command line if LMTP required");
269 /* Non-LMTP from here on out */
274 ** If from not specified, use the name from getlogin() if the
275 ** uid matches, otherwise, use the name from the password file
276 ** corresponding to the uid.
280 if (from == NULL && ((from = getlogin()) == NULL ||
281 (pw = getpwnam(from)) == NULL ||
283 from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
286 ** There is no way to distinguish the error status of one delivery
287 ** from the rest of the deliveries. So, if we failed hard on one
288 ** or more deliveries, but had no failures on any of the others, we
289 ** return a hard failure. If we failed temporarily on one or more
290 ** deliveries, we return a temporary failure regardless of the other
291 ** failures. This results in the delivery being reattempted later
292 ** at the expense of repeated failures and multiple deliveries.
296 fd = store(from, NULL);
303 for (; *argv != NULL; ++argv)
327 while (*p != ',' && *p != ':' && *p != '\0')
332 /* Skip over , or : */
339 while (*p != '\0' && *p != '@' && *p != '>')
349 while (*p != '\0' && *p != '\"')
358 if (*p == '\0' || *(p + 1) == '\0')
362 if (*p == '+' && rcpt)
372 while (*p != '\0' && *p != '>')
382 if (*p != '\0' && *p != ' ')
394 mailerr("421 4.3.0", "Memory exhausted");
398 (void) sm_strlcpy(p, s, l);
403 process_recipient(addr)
408 switch (sm_mbdb_lookup(addr, &user))
414 return "550 5.1.1 User unknown";
417 return "451 4.3.0 User database failure; retry later";
420 return "550 5.3.0 User database failure";
429 char *return_path = NULL;
430 char **rcpt_addr = NULL;
433 bool gotlhlo = false;
438 char myhostname[1024];
441 memset(myhostname, '\0', sizeof myhostname);
442 (void) gethostname(myhostname, sizeof myhostname - 1);
443 if (myhostname[0] == '\0')
444 sm_strlcpy(myhostname, "localhost", sizeof myhostname);
446 printf("220 %s LMTP ready\r\n", myhostname);
449 (void) fflush(stdout);
450 if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
452 p = buf + strlen(buf) - 1;
453 if (p >= buf && *p == '\n')
455 if (p >= buf && *p == '\r')
462 if (sm_strcasecmp(buf, "data") == 0)
468 mailerr("503 5.5.1", "No recipients");
472 msgfd = store(return_path, &inbody);
474 if (msgfd < 0 && !inbody)
480 for (i = 0; i < rcpt_num; i++)
484 /* print error for rcpt */
488 p = strchr(rcpt_addr[i], '+');
491 deliver(msgfd, rcpt_addr[i]);
503 if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
505 /* check for duplicate per RFC 1651 4.2 */
508 mailerr("503", "%s Duplicate LHLO",
513 printf("250-%s\r\n", myhostname);
515 printf("250-8BITMIME\r\n");
516 printf("250-ENHANCEDSTATUSCODES\r\n");
517 printf("250 PIPELINING\r\n");
526 if (sm_strncasecmp(buf, "mail ", 5) == 0)
528 if (return_path != NULL)
531 "Nested MAIL command");
534 if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
535 ((return_path = parseaddr(buf + 10,
539 "Syntax error in parameters");
542 printf("250 2.5.0 Ok\r\n");
551 if (sm_strcasecmp(buf, "noop") == 0)
553 printf("250 2.0.0 Ok\r\n");
562 if (sm_strcasecmp(buf, "quit") == 0)
564 printf("221 2.0.0 Bye\r\n");
573 if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
575 if (return_path == NULL)
578 "Need MAIL command");
581 if (rcpt_num >= rcpt_alloc)
583 rcpt_alloc += RCPT_GROW;
584 rcpt_addr = (char **)
585 REALLOC((char *) rcpt_addr,
588 if (rcpt_addr == NULL)
595 if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
596 ((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
600 "Syntax error in parameters");
603 err = process_recipient(rcpt_addr[rcpt_num]);
606 mailerr(NULL, "%s", err);
610 printf("250 2.1.5 Ok\r\n");
613 else if (sm_strcasecmp(buf, "rset") == 0)
615 printf("250 2.0.0 Ok\r\n");
619 free(rcpt_addr[--rcpt_num]);
620 if (return_path != NULL)
631 if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
633 printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
642 mailerr("500 5.5.2", "Syntax error");
657 bool eline; /* previous line was empty */
658 bool fullline = true; /* current line is terminated */
659 bool prevfl; /* previous line was terminated */
662 char tmpbuf[sizeof _PATH_LOCTMP + 1];
668 (void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
669 if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
673 mailerr("451 4.3.0", "Unable to open temporary file");
676 (void) unlink(tmpbuf);
680 printf("354 Go ahead\r\n");
681 (void) fflush(stdout);
687 (void) fprintf(fp, "From %s %s", from, ctime(&tval));
692 #endif /* CONTENTLENGTH */
696 while (fgets(line, sizeof(line), stdin) != (char *) NULL)
701 prevfl = fullline; /* preserve state of previous line */
702 while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
706 /* Check for dot-stuffing */
707 if (prevfl && LMTPMode && line[0] == '.')
709 if (line[1] == '\n' ||
710 (line[1] == '\r' && line[2] == '\n'))
712 memcpy(line, line + 1, line_len);
716 /* Check to see if we have the full line from fgets() */
720 if (line[line_len - 1] == '\n')
723 line[line_len - 2] == '\r')
725 line[line_len - 2] = '\n';
726 line[line_len - 1] = '\0';
731 else if (line[line_len - 1] == '\r')
733 /* Did we just miss the CRLF? */
737 line[line_len - 1] = '\n';
741 (void) ungetc(peek, stdin);
748 if (prevfl && line[0] == '\n' && HeaderLength == 0)
752 HeaderLength = ftell(fp);
753 if (HeaderLength <= 0)
756 ** shouldn't happen, unless ftell() is
763 #else /* CONTENTLENGTH */
764 if (prevfl && line[0] == '\n')
766 #endif /* CONTENTLENGTH */
769 if (eline && line[0] == 'F' &&
771 !memcmp(line, "From ", 5))
772 (void) putc('>', fp);
775 /* discard existing "Content-Length:" headers */
776 if (prevfl && HeaderLength == 0 &&
777 (line[0] == 'C' || line[0] == 'c') &&
778 sm_strncasecmp(line, ContentHdr, 15) == 0)
781 ** be paranoid: clear the line
782 ** so no "wrong matches" may occur later
787 #endif /* CONTENTLENGTH */
792 (void) fwrite(line, sizeof(char), line_len, fp);
796 "Temporary file write error");
804 /* check if an error occurred */
810 /* Got a premature EOF -- toss message and exit */
814 /* If message not newline terminated, need an extra. */
815 if (fp != NULL && strchr(line, '\n') == NULL)
816 (void) putc('\n', fp);
822 BodyLength = ftell(fp);
823 if (HeaderLength == 0 && BodyLength > 0) /* empty body */
825 HeaderLength = BodyLength;
829 BodyLength = BodyLength - HeaderLength - 1 ;
831 if (HeaderLength > 0 && BodyLength >= 0)
833 (void) sm_snprintf(line, sizeof line, "%lld\n",
834 (LONGLONG_T) BodyLength);
835 (void) sm_strlcpy(&ContentHdr[16], line,
836 sizeof(ContentHdr) - 16);
839 BodyLength = -1; /* Something is wrong here */
840 #endif /* CONTENTLENGTH */
842 /* Output a newline; note, empty messages are allowed. */
844 (void) putc('\n', fp);
846 if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
848 mailerr("451 4.3.0", "Temporary file write error");
863 char path[MAXPATHLEN];
864 int mbfd = -1, nr = 0, nw, off;
868 off_t curoff, cursize;
872 #endif /* CONTENTLENGTH */
873 char biffmsg[100], buf[8 * 1024];
877 ** Disallow delivery to unknown names -- special mailboxes can be
878 ** handled in the sendmail aliases file.
881 exitval = sm_mbdb_lookup(name, &user);
888 exitval = EX_UNAVAILABLE;
889 mailerr("550 5.1.1", "%s: User unknown", name);
893 mailerr("451 4.3.0", "%s: User database failure; retry later",
898 exitval = EX_UNAVAILABLE;
899 mailerr("550 5.3.0", "%s: User database failure", name);
903 if (exitval != EX_OK)
905 if (ExitVal != EX_TEMPFAIL)
913 ** Keep name reasonably short to avoid buffer overruns.
914 ** This isn't necessary on BSD because of the proper
915 ** definition of snprintf(), but it can cause problems
917 ** Also, clear out any bogus characters.
920 if (strlen(name) > 40)
922 for (p = name; *p != '\0'; p++)
926 else if (!isprint(*p))
931 if (HomeMailFile == NULL)
933 if (sm_snprintf(path, sizeof(path), "%s/%s",
934 _PATH_MAILDIR, name) >= sizeof(path))
936 exitval = EX_UNAVAILABLE;
937 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
941 else if (*user.mbdb_homedir == '\0')
943 exitval = EX_UNAVAILABLE;
944 mailerr("550 5.1.1", "%s: User missing home directory", name);
947 else if (sm_snprintf(path, sizeof(path), "%s/%s",
948 user.mbdb_homedir, HomeMailFile) >= sizeof(path))
950 exitval = EX_UNAVAILABLE;
951 mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
957 ** If the mailbox is linked or a symlink, fail. There's an obvious
958 ** race here, that the file was replaced with a symbolic link after
959 ** the lstat returned, but before the open. We attempt to detect
960 ** this by comparing the original stat information and information
961 ** returned by an fstat of the file descriptor returned by the open.
963 ** NB: this is a symptom of a larger problem, that the mail spooling
964 ** directory is writeable by the wrong users. If that directory is
965 ** writeable, system security is compromised for other reasons, and
966 ** it cannot be fixed here.
968 ** If we created the mailbox, set the owner/group. If that fails,
969 ** just return. Another process may have already opened it, so we
970 ** can't unlink it. Historically, binmail set the owner/group at
971 ** each mail delivery. We no longer do this, assuming that if the
972 ** ownership or permissions were changed there was a reason.
975 ** open(2) should support flock'ing the file.
983 #endif /* MAILLOCK */
984 if ((off = lockmbox(p)) != 0)
986 if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
988 ExitVal = EX_TEMPFAIL;
989 errcode = "451 4.3.0";
992 errcode = "551 5.3.0";
994 mailerr(errcode, "lockmailbox %s failed; error code %d %s",
995 p, off, errno > 0 ? sm_errstring(errno) : "");
999 if (lstat(path, &sb) < 0)
1002 int mode = S_IRUSR|S_IWUSR;
1003 gid_t gid = user.mbdb_gid;
1008 mode |= S_IRGRP|S_IWGRP;
1009 #endif /* MAILGID */
1011 mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY,
1015 if (lstat(path, &sb) < 0)
1017 ExitVal = EX_CANTCREAT;
1018 mailerr("550 5.2.0",
1019 "%s: lstat: file changed after open", path);
1024 if (save_errno == EEXIST)
1027 /* open failed, don't try again */
1028 mailerr("450 4.2.0", "%s: %s", path,
1029 sm_errstring(save_errno));
1032 else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
1034 mailerr("451 4.3.0", "chown %u.%u: %s",
1035 user.mbdb_uid, gid, name);
1041 ** open() was successful, now close it so can
1042 ** be opened as the right owner again.
1043 ** Paranoia: reset mbdf since the file descriptor
1044 ** is no longer valid; better safe than sorry.
1047 sb.st_uid = user.mbdb_uid;
1052 else if (sb.st_nlink != 1)
1054 mailerr("550 5.2.0", "%s: too many links", path);
1057 else if (!S_ISREG(sb.st_mode))
1059 mailerr("550 5.2.0", "%s: irregular file", path);
1062 else if (sb.st_uid != user.mbdb_uid)
1064 ExitVal = EX_CANTCREAT;
1065 mailerr("550 5.2.0", "%s: wrong ownership (%d)",
1066 path, (int) sb.st_uid);
1070 /* change UID for quota checks */
1071 if (setreuid(0, user.mbdb_uid) < 0)
1073 mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
1074 (int) user.mbdb_uid, sm_errstring(errno),
1075 (int) getuid(), (int) geteuid());
1079 fprintf(stderr, "new euid = %d\n", (int) geteuid());
1081 mbfd = open(path, O_APPEND|O_WRONLY, 0);
1084 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1087 else if (fstat(mbfd, &fsb) < 0 ||
1088 fsb.st_nlink != 1 ||
1090 !S_ISREG(fsb.st_mode) ||
1091 sb.st_dev != fsb.st_dev ||
1092 sb.st_ino != fsb.st_ino ||
1093 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1094 sb.st_gen != fsb.st_gen ||
1095 # endif /* HAS_ST_GEN && 0 */
1096 sb.st_uid != fsb.st_uid)
1098 ExitVal = EX_TEMPFAIL;
1099 mailerr("550 5.2.0", "%s: fstat: file changed after open",
1106 ** This code could be reused if we decide to add a
1107 ** per-user quota field to the sm_mbdb interface.
1111 ** Fail if the user has a quota specified, and delivery of this
1112 ** message would exceed that quota. We bounce such failures using
1113 ** EX_UNAVAILABLE, unless there were internal problems, since
1114 ** storing immense messages for later retries can cause queueing
1122 if (fstat(fd, &dsb) < 0)
1124 ExitVal = EX_TEMPFAIL;
1125 mailerr("451 4.3.0",
1126 "%s: fstat: can't stat temporary storage: %s",
1127 ui.mailspool, sm_errstring(errno));
1131 if (dsb.st_size + sb.st_size + 1 > ui.quota)
1133 ExitVal = EX_UNAVAILABLE;
1134 mailerr("551 5.2.2",
1135 "%s: Mailbox full or quota exceeded",
1142 /* Wait until we can get a lock on the file. */
1143 if (flock(mbfd, LOCK_EX) < 0)
1145 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1149 /* Get the starting offset of the new message */
1150 curoff = lseek(mbfd, (off_t) 0, SEEK_END);
1154 (void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
1155 name, (LONGLONG_T) curoff);
1158 /* Copy the message into the file. */
1159 if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
1161 mailerr("450 4.2.0", "Temporary file: %s",
1162 sm_errstring(errno));
1166 fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
1168 #ifdef CONTENTLENGTH
1169 headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
1172 if (headerbytes == 0)
1174 (void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
1179 else if (headerbytes > sizeof(buf) || headerbytes < 0)
1180 readamount = sizeof(buf);
1182 readamount = headerbytes;
1183 if (readamount != 0)
1184 nr = read(fd, buf, readamount);
1187 if (headerbytes > 0)
1190 #else /* CONTENTLENGTH */
1191 while ((nr = read(fd, buf, sizeof(buf))) > 0)
1193 #endif /* CONTENTLENGTH */
1194 for (off = 0; off < nr; off += nw)
1196 if ((nw = write(mbfd, buf + off, nr - off)) < 0)
1198 errcode = "450 4.2.0";
1200 if (errno == EDQUOT && BounceQuota)
1201 errcode = "552 5.2.2";
1203 mailerr(errcode, "%s: %s",
1204 path, sm_errstring(errno));
1211 mailerr("450 4.2.0", "Temporary file: %s",
1212 sm_errstring(errno));
1216 /* Flush to disk, don't wait for update. */
1217 if (!nofsync && fsync(mbfd) < 0)
1219 mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
1222 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1225 (void) ftruncate(mbfd, curoff);
1226 err1: if (mbfd >= 0)
1228 err0: (void) setreuid(0, 0);
1234 ** Save the current size so if the close() fails below
1235 ** we can make sure no other process has changed the mailbox
1236 ** between the failed close and the re-open()/re-lock().
1237 ** If something else has changed the size, we shouldn't
1238 ** try to truncate it as we may do more harm then good
1239 ** (e.g., truncate a later message delivery).
1242 if (fstat(mbfd, &sb) < 0)
1245 cursize = sb.st_size;
1248 /* Close and check -- NFS doesn't write until the close. */
1251 errcode = "450 4.2.0";
1253 if (errno == EDQUOT && BounceQuota)
1254 errcode = "552 5.2.2";
1256 mailerr(errcode, "%s: %s", path, sm_errstring(errno));
1257 mbfd = open(path, O_WRONLY, 0);
1260 || flock(mbfd, LOCK_EX) < 0 ||
1261 fstat(mbfd, &sb) < 0 ||
1262 sb.st_size != cursize ||
1264 !S_ISREG(sb.st_mode) ||
1265 sb.st_dev != fsb.st_dev ||
1266 sb.st_ino != fsb.st_ino ||
1267 # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
1268 sb.st_gen != fsb.st_gen ||
1269 # endif /* HAS_ST_GEN && 0 */
1270 sb.st_uid != fsb.st_uid
1273 /* Don't use a bogus file */
1281 /* Attempt to truncate back to pre-write size */
1285 notifybiff(biffmsg);
1287 if (setreuid(0, 0) < 0)
1289 mailerr("450 4.2.0", "setreuid(0, 0): %s",
1290 sm_errstring(errno));
1294 fprintf(stderr, "reset euid = %d\n", (int) geteuid());
1298 printf("250 2.1.5 %s Ok\r\n", name);
1302 ** user.lock files are necessary for compatibility with other
1303 ** systems, e.g., when the mail spool file is NFS exported.
1304 ** Alas, mailbox locking is more than just a local matter.
1308 bool Locked = false;
1319 if ((r = maillock(name, 15)) == L_SUCCESS)
1326 case L_TMPLOCK: /* Can't create tmp file */
1327 case L_TMPWRITE: /* Can't write pid into lockfile */
1328 case L_MAXTRYS: /* Failed after retrycnt attempts */
1332 case L_ERROR: /* Check errno for reason */
1335 default: /* other permanent errors */
1350 #else /* MAILLOCK */
1352 char LockName[MAXPATHLEN];
1363 if (strlen(path) + 6 > sizeof LockName)
1365 (void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
1366 (void) time(&start);
1373 /* global timeout */
1375 if (now > start + LOCKTO_GLOB)
1380 fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, LOCKFILE_PMODE);
1383 /* defeat lock checking programs which test pid */
1384 (void) write(fd, "0", 2);
1389 if (stat(LockName, &st) < 0)
1391 if (statfailed++ > 5)
1400 if (now < st.st_ctime + LOCKTO_RM)
1403 /* try to remove stale lockfile */
1404 if (unlink(LockName) < 0)
1414 (void) unlink(LockName);
1417 #endif /* MAILLOCK */
1423 static bool initialized = false;
1428 static struct sockaddr_in addr;
1434 /* Be silent if biff service not available. */
1435 if ((sp = getservbyname("biff", "udp")) == NULL ||
1436 (hp = gethostbyname("localhost")) == NULL ||
1437 hp->h_length != INADDRSZ)
1440 addr.sin_family = hp->h_addrtype;
1441 memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
1442 addr.sin_port = sp->s_port;
1445 /* No message, just return */
1449 /* Couldn't initialize addr struct */
1450 if (addr.sin_family == AF_UNSPEC)
1453 if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1455 len = strlen(msg) + 1;
1456 (void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
1463 mailerr(NULL, "usage: mail.local [-7] [-B] [-b] [-d] [-l] [-s] [-f from|-r from] [-h filename] user ...");
1470 mailerr(const char *hdr, const char *fmt, ...)
1471 #else /* __STDC__ */
1472 mailerr(hdr, fmt, va_alist)
1476 #endif /* __STDC__ */
1481 (void) e_to_sys(errno);
1483 SM_VA_START(ap, fmt);
1485 if (LMTPMode && hdr != NULL)
1487 sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
1488 len = strlen(ErrBuf);
1490 (void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
1496 /* Log the message to syslog. */
1498 syslog(LOG_ERR, "%s", ErrBuf);
1505 printf("%s\r\n", ErrBuf);
1508 if (ExitVal != EX_USAGE)
1509 (void) fprintf(stderr, "mail.local: ");
1510 fprintf(stderr, "%s\n", ErrBuf);
1516 * Guess which errno's are temporary. Gag me.
1523 /* Temporary failures override hard errors. */
1524 if (ExitVal == EX_TEMPFAIL)
1527 switch (num) /* Hopefully temporary errors. */
1530 case EDQUOT: /* Disc quota exceeded */
1533 ExitVal = EX_UNAVAILABLE;
1539 case EAGAIN: /* Resource temporarily unavailable */
1542 case EBUSY: /* Device busy */
1545 case EPROCLIM: /* Too many processes */
1546 #endif /* EPROCLIM */
1548 case EUSERS: /* Too many users */
1551 case ECONNABORTED: /* Software caused connection abort */
1552 #endif /* ECONNABORTED */
1554 case ECONNREFUSED: /* Connection refused */
1555 #endif /* ECONNREFUSED */
1557 case ECONNRESET: /* Connection reset by peer */
1558 #endif /* ECONNRESET */
1560 case EDEADLK: /* Resource deadlock avoided */
1561 #endif /* EDEADLK */
1563 case EFBIG: /* File too large */
1566 case EHOSTDOWN: /* Host is down */
1567 #endif /* EHOSTDOWN */
1569 case EHOSTUNREACH: /* No route to host */
1570 #endif /* EHOSTUNREACH */
1572 case EMFILE: /* Too many open files */
1575 case ENETDOWN: /* Network is down */
1576 #endif /* ENETDOWN */
1578 case ENETRESET: /* Network dropped connection on reset */
1579 #endif /* ENETRESET */
1581 case ENETUNREACH: /* Network is unreachable */
1582 #endif /* ENETUNREACH */
1584 case ENFILE: /* Too many open files in system */
1587 case ENOBUFS: /* No buffer space available */
1588 #endif /* ENOBUFS */
1590 case ENOMEM: /* Cannot allocate memory */
1593 case ENOSPC: /* No space left on device */
1596 case EROFS: /* Read-only file system */
1599 case ESTALE: /* Stale NFS file handle */
1602 case ETIMEDOUT: /* Connection timed out */
1603 #endif /* ETIMEDOUT */
1604 #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
1605 case EWOULDBLOCK: /* Operation would block. */
1606 #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
1607 ExitVal = EX_TEMPFAIL;
1611 ExitVal = EX_UNAVAILABLE;
1617 #if defined(ultrix) || defined(_CRAY)
1619 * Copyright (c) 1987, 1993
1620 * The Regents of the University of California. All rights reserved.
1622 * Redistribution and use in source and binary forms, with or without
1623 * modification, are permitted provided that the following conditions
1625 * 1. Redistributions of source code must retain the above copyright
1626 * notice, this list of conditions and the following disclaimer.
1627 * 2. Redistributions in binary form must reproduce the above copyright
1628 * notice, this list of conditions and the following disclaimer in the
1629 * documentation and/or other materials provided with the distribution.
1630 * 3. All advertising materials mentioning features or use of this software
1631 * must display the following acknowledgement:
1632 * This product includes software developed by the University of
1633 * California, Berkeley and its contributors.
1634 * 4. Neither the name of the University nor the names of its contributors
1635 * may be used to endorse or promote products derived from this software
1636 * without specific prior written permission.
1638 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1639 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1640 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1641 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1642 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1643 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1644 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1645 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1646 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1647 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1651 # if defined(LIBC_SCCS) && !defined(lint)
1652 static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
1653 # endif /* defined(LIBC_SCCS) && !defined(lint) */
1655 # include <sys/types.h>
1656 # include <sys/stat.h>
1662 static int _gettemp();
1669 return (_gettemp(path, &fd) ? fd : -1);
1673 _gettemp(path, doopen)
1675 register int *doopen;
1677 register char *start, *trv;
1682 for (trv = path; *trv; ++trv); /* extra X's get set to 0's */
1683 while (*--trv == 'X')
1685 *trv = (pid % 10) + '0';
1690 * check the target directory; if you have six X's and it
1691 * doesn't exist this runs for a *very* long time.
1693 for (start = trv + 1;; --trv)
1700 if (stat(path, &sbuf) < 0)
1702 if (!S_ISDIR(sbuf.st_mode))
1716 if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
1719 if (errno != EEXIST)
1722 else if (stat(path, &sbuf) < 0)
1723 return(errno == ENOENT ? 1 : 0);
1725 /* tricky little algorithm for backward compatibility */
1734 if (isascii(*trv) && isdigit(*trv))
1744 #endif /* defined(ultrix) || defined(_CRAY) */