source: branches/3.2/mindi-busybox/mailutils/sendmail.c @ 3232

Last change on this file since 3232 was 3232, checked in by Bruno Cornec, 7 years ago
  • Update mindi-busybox to 1.21.1
  • Property svn:eol-style set to native
File size: 11.2 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * bare bones sendmail
4 *
5 * Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
6 *
7 * Licensed under GPLv2, see file LICENSE in this source tree.
8 */
9
10//kbuild:lib-$(CONFIG_SENDMAIL) += sendmail.o mail.o
11
12//usage:#define sendmail_trivial_usage
13//usage:       "[OPTIONS] [RECIPIENT_EMAIL]..."
14//usage:#define sendmail_full_usage "\n\n"
15//usage:       "Read email from stdin and send it\n"
16//usage:     "\nStandard options:"
17//usage:     "\n    -t      Read additional recipients from message body"
18//usage:     "\n    -f SENDER   Sender (required)"
19//usage:     "\n    -o OPTIONS  Various options. -oi implied, others are ignored"
20//usage:     "\n    -i      -oi synonym. implied and ignored"
21//usage:     "\n"
22//usage:     "\nBusybox specific options:"
23//usage:     "\n    -v      Verbose"
24//usage:     "\n    -w SECS     Network timeout"
25//usage:     "\n    -H 'PROG ARGS'  Run connection helper"
26//usage:     "\n            Examples:"
27//usage:     "\n            -H 'exec openssl s_client -quiet -tls1 -starttls smtp"
28//usage:     "\n                -connect smtp.gmail.com:25' <email.txt"
29//usage:     "\n                [4<username_and_passwd.txt | -auUSER -apPASS]"
30//usage:     "\n            -H 'exec openssl s_client -quiet -tls1"
31//usage:     "\n                -connect smtp.gmail.com:465' <email.txt"
32//usage:     "\n                [4<username_and_passwd.txt | -auUSER -apPASS]"
33//usage:     "\n    -S HOST[:PORT]  Server"
34//usage:     "\n    -auUSER     Username for AUTH LOGIN"
35//usage:     "\n    -apPASS     Password for AUTH LOGIN"
36////usage:     "\n  -amMETHOD   Authentication method. Ignored. LOGIN is implied"
37//usage:     "\n"
38//usage:     "\nOther options are silently ignored; -oi -t is implied"
39//usage:    IF_MAKEMIME(
40//usage:     "\nUse makemime to create emails with attachments"
41//usage:    )
42
43#include "libbb.h"
44#include "mail.h"
45
46// limit maximum allowed number of headers to prevent overflows.
47// set to 0 to not limit
48#define MAX_HEADERS 256
49
50static void send_r_n(const char *s)
51{
52    if (verbose)
53        bb_error_msg("send:'%s'", s);
54    printf("%s\r\n", s);
55}
56
57static int smtp_checkp(const char *fmt, const char *param, int code)
58{
59    char *answer;
60    char *msg = send_mail_command(fmt, param);
61    // read stdin
62    // if the string has a form NNN- -- read next string. E.g. EHLO response
63    // parse first bytes to a number
64    // if code = -1 then just return this number
65    // if code != -1 then checks whether the number equals the code
66    // if not equal -> die saying msg
67    while ((answer = xmalloc_fgetline(stdin)) != NULL) {
68        if (verbose)
69            bb_error_msg("recv:'%.*s'", (int)(strchrnul(answer, '\r') - answer), answer);
70        if (strlen(answer) <= 3 || '-' != answer[3])
71            break;
72        free(answer);
73    }
74    if (answer) {
75        int n = atoi(answer);
76        if (timeout)
77            alarm(0);
78        free(answer);
79        if (-1 == code || n == code) {
80            free(msg);
81            return n;
82        }
83    }
84    bb_error_msg_and_die("%s failed", msg);
85}
86
87static int smtp_check(const char *fmt, int code)
88{
89    return smtp_checkp(fmt, NULL, code);
90}
91
92// strip argument of bad chars
93static char *sane_address(char *str)
94{
95    char *s = str;
96    char *p = s;
97    while (*s) {
98        if (isalnum(*s) || '_' == *s || '-' == *s || '.' == *s || '@' == *s) {
99            *p++ = *s;
100        }
101        s++;
102    }
103    *p = '\0';
104    return str;
105}
106
107static void rcptto(const char *s)
108{
109    // N.B. we don't die if recipient is rejected, for the other recipients may be accepted
110    if (250 != smtp_checkp("RCPT TO:<%s>", s, -1))
111        bb_error_msg("Bad recipient: <%s>", s);
112}
113
114int sendmail_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
115int sendmail_main(int argc UNUSED_PARAM, char **argv)
116{
117    char *opt_connect = opt_connect;
118    char *opt_from;
119    char *s;
120    llist_t *list = NULL;
121    char *host = sane_address(safe_gethostname());
122    unsigned nheaders = 0;
123    int code;
124
125    enum {
126    //--- standard options
127        OPT_t = 1 << 0,         // read message for recipients, append them to those on cmdline
128        OPT_f = 1 << 1,         // sender address
129        OPT_o = 1 << 2,         // various options. -oi IMPLIED! others are IGNORED!
130        OPT_i = 1 << 3,         // IMPLIED!
131    //--- BB specific options
132        OPT_w = 1 << 4,         // network timeout
133        OPT_H = 1 << 5,         // use external connection helper
134        OPT_S = 1 << 6,         // specify connection string
135        OPT_a = 1 << 7,         // authentication tokens
136        OPT_v = 1 << 8,         // verbosity
137    };
138
139    // init global variables
140    INIT_G();
141
142    // save initial stdin since body is piped!
143    xdup2(STDIN_FILENO, 3);
144    G.fp0 = xfdopen_for_read(3);
145
146    // parse options
147    // -v is a counter, -f is required. -H and -S are mutually exclusive, -a is a list
148    opt_complementary = "vv:f:w+:H--S:S--H:a::";
149    // N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
150    // -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
151    // it is still under development.
152    opts = getopt32(argv, "tf:o:iw:H:S:a::v", &opt_from, NULL,
153            &timeout, &opt_connect, &opt_connect, &list, &verbose);
154    //argc -= optind;
155    argv += optind;
156
157    // process -a[upm]<token> options
158    if ((opts & OPT_a) && !list)
159        bb_show_usage();
160    while (list) {
161        char *a = (char *) llist_pop(&list);
162        if ('u' == a[0])
163            G.user = xstrdup(a+1);
164        if ('p' == a[0])
165            G.pass = xstrdup(a+1);
166        // N.B. we support only AUTH LOGIN so far
167        //if ('m' == a[0])
168        //  G.method = xstrdup(a+1);
169    }
170    // N.B. list == NULL here
171    //bb_info_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
172
173    // connect to server
174
175    // connection helper ordered? ->
176    if (opts & OPT_H) {
177        const char *args[] = { "sh", "-c", opt_connect, NULL };
178        // plug it in
179        launch_helper(args);
180        // Now:
181        // our stdout will go to helper's stdin,
182        // helper's stdout will be available on our stdin.
183
184        // Wait for initial server message.
185        // If helper (such as openssl) invokes STARTTLS, the initial 220
186        // is swallowed by helper (and not repeated after TLS is initiated).
187        // We will send NOOP cmd to server and check the response.
188        // We should get 220+250 on plain connection, 250 on STARTTLSed session.
189        //
190        // The problem here is some servers delay initial 220 message,
191        // and consider client to be a spammer if it starts sending cmds
192        // before 220 reached it. The code below is unsafe in this regard:
193        // in non-STARTTLSed case, we potentially send NOOP before 220
194        // is sent by server.
195        // Ideas? (--delay SECS opt? --assume-starttls-helper opt?)
196        code = smtp_check("NOOP", -1);
197        if (code == 220)
198            // we got 220 - this is not STARTTLSed connection,
199            // eat 250 response to our NOOP
200            smtp_check(NULL, 250);
201        else
202        if (code != 250)
203            bb_error_msg_and_die("SMTP init failed");
204    } else {
205        // vanilla connection
206        int fd;
207        // host[:port] not explicitly specified? -> use $SMTPHOST
208        // no $SMTPHOST? -> use localhost
209        if (!(opts & OPT_S)) {
210            opt_connect = getenv("SMTPHOST");
211            if (!opt_connect)
212                opt_connect = (char *)"127.0.0.1";
213        }
214        // do connect
215        fd = create_and_connect_stream_or_die(opt_connect, 25);
216        // and make ourselves a simple IO filter
217        xmove_fd(fd, STDIN_FILENO);
218        xdup2(STDIN_FILENO, STDOUT_FILENO);
219
220        // Wait for initial server 220 message
221        smtp_check(NULL, 220);
222    }
223
224    // we should start with modern EHLO
225    if (250 != smtp_checkp("EHLO %s", host, -1))
226        smtp_checkp("HELO %s", host, 250);
227    free(host);
228
229    // perform authentication
230    if (opts & OPT_a) {
231        smtp_check("AUTH LOGIN", 334);
232        // we must read credentials unless they are given via -a[up] options
233        if (!G.user || !G.pass)
234            get_cred_or_die(4);
235        encode_base64(NULL, G.user, NULL);
236        smtp_check("", 334);
237        encode_base64(NULL, G.pass, NULL);
238        smtp_check("", 235);
239    }
240
241    // set sender
242    // N.B. we have here a very loosely defined algorythm
243    // since sendmail historically offers no means to specify secrets on cmdline.
244    // 1) server can require no authentication ->
245    //  we must just provide a (possibly fake) reply address.
246    // 2) server can require AUTH ->
247    //  we must provide valid username and password along with a (possibly fake) reply address.
248    //  For the sake of security username and password are to be read either from console or from a secured file.
249    //  Since reading from console may defeat usability, the solution is either to read from a predefined
250    //  file descriptor (e.g. 4), or again from a secured file.
251
252    // got no sender address? -> use system username as a resort
253    // N.B. we marked -f as required option!
254    //if (!G.user) {
255    //  // N.B. IMHO getenv("USER") can be way easily spoofed!
256    //  G.user = xuid2uname(getuid());
257    //  opt_from = xasprintf("%s@%s", G.user, domain);
258    //}
259    smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
260
261    // process message
262
263    // read recipients from message and add them to those given on cmdline.
264    // this means we scan stdin for To:, Cc:, Bcc: lines until an empty line
265    // and then use the rest of stdin as message body
266    code = 0; // set "analyze headers" mode
267    while ((s = xmalloc_fgetline(G.fp0)) != NULL) {
268 dump:
269        // put message lines doubling leading dots
270        if (code) {
271            // escape leading dots
272            // N.B. this feature is implied even if no -i (-oi) switch given
273            // N.B. we need to escape the leading dot regardless of
274            // whether it is single or not character on the line
275            if ('.' == s[0] /*&& '\0' == s[1] */)
276                printf(".");
277            // dump read line
278            send_r_n(s);
279            free(s);
280            continue;
281        }
282
283        // analyze headers
284        // To: or Cc: headers add recipients
285        if (opts & OPT_t) {
286            if (0 == strncasecmp("To:", s, 3) || 0 == strncasecmp("Bcc:" + 1, s, 3)) {
287                rcptto(sane_address(s+3));
288                goto addheader;
289            }
290            // Bcc: header adds blind copy (hidden) recipient
291            if (0 == strncasecmp("Bcc:", s, 4)) {
292                rcptto(sane_address(s+4));
293                free(s);
294                continue; // N.B. Bcc: vanishes from headers!
295            }
296        }
297        if (strchr(s, ':') || (list && isspace(s[0]))) {
298            // other headers go verbatim
299            // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
300            // Continuation is denoted by prefixing additional lines with whitespace(s).
301            // Thanks (stefan.seyfried at googlemail.com) for pointing this out.
302 addheader:
303            // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
304            if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
305                goto bail;
306            llist_add_to_end(&list, s);
307        } else {
308            // a line without ":" (an empty line too, by definition) doesn't look like a valid header
309            // so stop "analyze headers" mode
310 reenter:
311            // put recipients specified on cmdline
312            while (*argv) {
313                char *t = sane_address(*argv);
314                rcptto(t);
315                //if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
316                //  goto bail;
317                llist_add_to_end(&list, xasprintf("To: %s", t));
318                argv++;
319            }
320            // enter "put message" mode
321            // N.B. DATA fails iff no recipients were accepted (or even provided)
322            // in this case just bail out gracefully
323            if (354 != smtp_check("DATA", -1))
324                goto bail;
325            // dump the headers
326            while (list) {
327                send_r_n((char *) llist_pop(&list));
328            }
329            // stop analyzing headers
330            code++;
331            // N.B. !s means: we read nothing, and nothing to be read in the future.
332            // just dump empty line and break the loop
333            if (!s) {
334                send_r_n("");
335                break;
336            }
337            // go dump message body
338            // N.B. "s" already contains the first non-header line, so pretend we read it from input
339            goto dump;
340        }
341    }
342    // odd case: we didn't stop "analyze headers" mode -> message body is empty. Reenter the loop
343    // N.B. after reenter code will be > 0
344    if (!code)
345        goto reenter;
346
347    // finalize the message
348    smtp_check(".", 250);
349 bail:
350    // ... and say goodbye
351    smtp_check("QUIT", 221);
352    // cleanup
353    if (ENABLE_FEATURE_CLEAN_UP)
354        fclose(G.fp0);
355
356    return EXIT_SUCCESS;
357}
Note: See TracBrowser for help on using the repository browser.