| blob | 0bfca00129623d50fa400df0ce4cd618db72152b |
1 /* $NetBSD$ */
3 /*++
4 /* NAME
5 /* alias 3
6 /* SUMMARY
7 /* alias data base lookups
8 /* SYNOPSIS
9 /* #include "local.h"
10 /*
11 /* int deliver_alias(state, usr_attr, name, statusp)
12 /* LOCAL_STATE state;
13 /* USER_ATTR usr_attr;
14 /* char *name;
15 /* int *statusp;
16 /* DESCRIPTION
17 /* deliver_alias() looks up the expansion of the recipient in
18 /* the global alias database and delivers the message to the
19 /* listed destinations. The result is zero when no alias was found
20 /* or when the message should be delivered to the user instead.
21 /*
22 /* deliver_alias() has wired-in knowledge about a few reserved
23 /* recipient names.
24 /* .IP \(bu
25 /* When no alias is found for the local \fIpostmaster\fR or
26 /* \fImailer-daemon\fR a warning is issued and the message
27 /* is discarded.
28 /* .IP \(bu
29 /* When an alias exists for recipient \fIname\fR, and an alias
30 /* exists for \fIowner-name\fR, the sender address is changed
31 /* to \fIowner-name\fR, and the owner delivery attribute is
32 /* set accordingly. This feature is disabled with
33 /* "owner_request_special = no".
34 /* .PP
35 /* Arguments:
36 /* .IP state
37 /* Attributes that specify the message, recipient and more.
38 /* Expansion type (alias, include, .forward).
39 /* A table with the results from expanding aliases or lists.
40 /* A table with delivered-to: addresses taken from the message.
41 /* .IP usr_attr
42 /* User attributes (rights, environment).
43 /* .IP name
44 /* The alias to be looked up.
45 /* .IP statusp
46 /* Delivery status. See below.
47 /* DIAGNOSTICS
48 /* Fatal errors: out of memory. The delivery status is non-zero
49 /* when delivery should be tried again.
50 /* LICENSE
51 /* .ad
52 /* .fi
53 /* The Secure Mailer license must be distributed with this software.
54 /* AUTHOR(S)
55 /* Wietse Venema
56 /* IBM T.J. Watson Research
57 /* P.O. Box 704
58 /* Yorktown Heights, NY 10598, USA
59 /*--*/
61 /* System library. */
63 #include <sys_defs.h>
64 #include <sys/stat.h>
65 #include <unistd.h>
66 #include <string.h>
67 #include <fcntl.h>
69 #ifdef STRCASECMP_IN_STRINGS_H
70 #include <strings.h>
71 #endif
73 /* Utility library. */
75 #include <msg.h>
76 #include <htable.h>
77 #include <dict.h>
78 #include <argv.h>
79 #include <stringops.h>
80 #include <mymalloc.h>
81 #include <vstring.h>
82 #include <vstream.h>
84 /* Global library. */
86 #include <mail_params.h>
87 #include <defer.h>
88 #include <maps.h>
89 #include <bounce.h>
90 #include <mypwd.h>
91 #include <canon_addr.h>
92 #include <sent.h>
93 #include <trace.h>
94 #include <dsn_mask.h>
96 /* Application-specific. */
100 /* Application-specific. */
102 #define NO 0
103 #define YES 1
105 /* dict_owner - find out alias database owner */
108 {
113 /*
114 * This code sits here for now, but we may want to move it to the library
115 * some time.
116 */
124 }
126 /* deliver_alias - expand alias file entry */
130 {
136 uid_t alias_uid;
147 /*
148 * Make verbose logging easier to understand.
149 */
154 /*
155 * DUPLICATE/LOOP ELIMINATION
156 *
157 * We cannot do duplicate elimination here. Sendmail compatibility requires
158 * that we allow multiple deliveries to the same alias, even recursively!
159 * For example, we must deliver to mailbox any messags that are addressed
160 * to the alias of a user that lists that same alias in her own .forward
161 * file. Yuck! This is just an example of some really perverse semantics
162 * that people will expect Postfix to implement just like sendmail.
163 *
164 * We can recognize one special case: when an alias includes its own name,
165 * deliver to the user instead, just like sendmail. Otherwise, we just
166 * bail out when nesting reaches some unreasonable depth, and blame it on
167 * a possible alias loop.
168 */
179 }
182 /*
183 * There are a bunch of roles that we're trying to keep track of.
184 *
185 * First, there's the issue of whose rights should be used when delivering
186 * to "|command" or to /file/name. With alias databases, the rights are
187 * those of who owns the alias, i.e. the database owner. With aliases
188 * owned by root, a default user is used instead. When an alias with
189 * default rights references an include file owned by an ordinary user,
190 * we must use the rights of the include file owner, otherwise the
191 * include file owner could take control of the default account.
192 *
193 * Secondly, there's the question of who to notify of delivery problems.
194 * With aliases that have an owner- alias, the latter is used to set the
195 * sender and owner attributes. Otherwise, the owner attribute is reset
196 * (the alias is globally visible and could be sent to by anyone).
197 */
205 /*
206 * Don't expand a verify-only request.
207 */
214 }
216 /*
217 * DELIVERY POLICY
218 *
219 * Update the expansion type attribute, so we can decide if
220 * deliveries to |command and /file/name are allowed at all.
221 */
224 /*
225 * DELIVERY RIGHTS
226 *
227 * What rights to use for |command and /file/name deliveries? The
228 * command and file code will use default rights when the alias
229 * database is owned by root, otherwise it will use the rights of
230 * the alias database owner.
231 */
243 }
245 }
247 /*
248 * WHERE TO REPORT DELIVERY PROBLEMS.
249 *
250 * Use the owner- alias if one is specified, otherwise reset the
251 * owner attribute and use the include file ownership if we can.
252 * Save the dict_lookup() result before something clobbers it.
253 *
254 * Don't match aliases that are based on regexps.
255 */
256 #define OWNER_ASSIGN(own) \
257 (own = (var_ownreq_special == 0 ? 0 : \
265 /* Set envelope sender and owner attribute. */
269 /* Note: this does not reset the envelope sender. */
271 }
273 /*
274 * EXTERNAL LOOP CONTROL
275 *
276 * Set the delivered message attribute to the recipient, so that
277 * this message will list the correct forwarding address.
278 */
282 /*
283 * Deliver.
284 */
293 /*
294 * XXX DSN
295 *
296 * When delivering to a mailing list (i.e. the envelope sender
297 * is replaced) the ENVID, NOTIFY, RET, and ORCPT parameters
298 * which accompany the redistributed message MUST NOT be
299 * derived from those of the original message.
300 *
301 * When delivering to an alias (i.e. the envelope sender is not
302 * replaced) any ENVID, RET, or ORCPT parameters are
303 * propagated to all forwarding addresses associated with
304 * that alias. The NOTIFY parameter is propagated to the
305 * forwarding addresses, except that any SUCCESS keyword is
306 * removed.
307 */
308 #define DSN_SAVE_UPDATE(saved, old, new) do { \
309 saved = old; \
310 old = new; \
311 } while (0)
315 DSN_NOTIFY_NEVER :
322 }
326 #if 0
332 #endif
341 /*
342 * XXX DSN
343 *
344 * When delivering to a mailing list (i.e. the envelope
345 * sender address is replaced) and NOTIFY=SUCCESS was
346 * specified, report a DSN of "delivered".
347 *
348 * When delivering to an alias (i.e. the envelope sender
349 * address is not replaced) and NOTIFY=SUCCESS was
350 * specified, report a DSN of "expanded".
351 */
358 }
365 }
366 }
367 }
376 }
378 /*
379 * If the alias database was inaccessible for some reason, defer
380 * further delivery for the current top-level recipient.
381 */
391 }
392 }
394 /*
395 * Try delivery to a local user instead.
396 */
398 }