/*
 * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
 *      All rights reserved.
 * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 * Copyright (c) 1988, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * By using this file, you agree to the terms and conditions set
 * forth in the LICENSE file which can be found at the top level of
 * the sendmail distribution.
 *
 */

#include <sendmail.h>

SM_RCSID("@(#)$Id: usersmtp.c,v 8.473 2009/06/17 17:26:51 ca Exp $")

#include <sysexits.h>


static void     esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static void     helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static int      smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));

#if SASL
extern void     *sm_sasl_malloc __P((unsigned long));
extern void     sm_sasl_free __P((void *));
#endif /* SASL */

/*
**  USERSMTP -- run SMTP protocol from the user end.
**
**      This protocol is described in RFC821.
*/

#define REPLYCLASS(r)   (((r) / 10) % 10)       /* second digit of reply code */
#define SMTPCLOSING     421                     /* "Service Shutting Down" */

#define ENHSCN(e, d)    ((e) == NULL ? (d) : (e))

#define ENHSCN_RPOOL(e, d, rpool) \
        ((e) == NULL ? (d) : sm_rpool_strdup_x(rpool, e))

static char     SmtpMsgBuffer[MAXLINE];         /* buffer for commands */
static char     SmtpReplyBuffer[MAXLINE];       /* buffer for replies */
static bool     SmtpNeedIntro;          /* need "while talking" in transcript */
/*
**  SMTPINIT -- initialize SMTP.
**
**      Opens the connection and sends the initial protocol.
**
**      Parameters:
**              m -- mailer to create connection to.
**              mci -- the mailer connection info.
**              e -- the envelope.
**              onlyhelo -- send only helo command?
**
**      Returns:
**              none.
**
**      Side Effects:
**              creates connection and sends initial protocol.
*/

void
smtpinit(m, mci, e, onlyhelo)
        MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
        bool onlyhelo;
{
        register int r;
        int state;
        register char *p;
        register char *hn;
        char *enhsc;

        enhsc = NULL;
        if (tTd(18, 1))
        {
                sm_dprintf("smtpinit ");
                mci_dump(sm_debug_file(), mci, false);
        }

        /*
        **  Open the connection to the mailer.
        */

        SmtpError[0] = '\0';
        SmtpMsgBuffer[0] = '\0';
        CurHostName = mci->mci_host;            /* XXX UGLY XXX */
        if (CurHostName == NULL)
                CurHostName = MyHostName;
        SmtpNeedIntro = true;
        state = mci->mci_state;
        switch (state)
        {
          case MCIS_MAIL:
          case MCIS_RCPT:
          case MCIS_DATA:
                /* need to clear old information */
                smtprset(m, mci, e);
                /* FALLTHROUGH */

          case MCIS_OPEN:
                if (!onlyhelo)
                        return;
                break;

          case MCIS_ERROR:
          case MCIS_QUITING:
          case MCIS_SSD:
                /* shouldn't happen */
                smtpquit(m, mci, e);
                /* FALLTHROUGH */

          case MCIS_CLOSED:
                syserr("451 4.4.0 smtpinit: state CLOSED (was %d)", state);
                return;

          case MCIS_OPENING:
                break;
        }
        if (onlyhelo)
                goto helo;

        mci->mci_state = MCIS_OPENING;
        clrsessenvelope(e);

        /*
        **  Get the greeting message.
        **      This should appear spontaneously.  Give it five minutes to
        **      happen.
        */

        SmtpPhase = mci->mci_phase = "client greeting";
        sm_setproctitle(true, e, "%s %s: %s",
                        qid_printname(e), CurHostName, mci->mci_phase);
        r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL,
                XS_DEFAULT);
        if (r < 0)
                goto tempfail1;
        if (REPLYTYPE(r) == 4)
                goto tempfail2;
        if (REPLYTYPE(r) != 2)
                goto unavailable;

        /*
        **  Send the HELO command.
        **      My mother taught me to always introduce myself.
        */

helo:
        if (bitnset(M_ESMTP, m->m_flags) || bitnset(M_LMTP, m->m_flags))
                mci->mci_flags |= MCIF_ESMTP;
        hn = mci->mci_heloname ? mci->mci_heloname : MyHostName;

tryhelo:
#if _FFR_IGNORE_EXT_ON_HELO
        mci->mci_flags &= ~MCIF_HELO;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
        if (bitnset(M_LMTP, m->m_flags))
        {
                smtpmessage("LHLO %s", m, mci, hn);
                SmtpPhase = mci->mci_phase = "client LHLO";
        }
        else if (bitset(MCIF_ESMTP, mci->mci_flags) &&
                 !bitnset(M_FSMTP, m->m_flags))
        {
                smtpmessage("EHLO %s", m, mci, hn);
                SmtpPhase = mci->mci_phase = "client EHLO";
        }
        else
        {
                smtpmessage("HELO %s", m, mci, hn);
                SmtpPhase = mci->mci_phase = "client HELO";
#if _FFR_IGNORE_EXT_ON_HELO
                mci->mci_flags |= MCIF_HELO;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
        }
        sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
                        CurHostName, mci->mci_phase);
        r = reply(m, mci, e,
                  bitnset(M_LMTP, m->m_flags) ? TimeOuts.to_lhlo
                                              : TimeOuts.to_helo,
                  helo_options, NULL, XS_DEFAULT);
        if (r < 0)
                goto tempfail1;
        else if (REPLYTYPE(r) == 5)
        {
                if (bitset(MCIF_ESMTP, mci->mci_flags) &&
                    !bitnset(M_LMTP, m->m_flags))
                {
                        /* try old SMTP instead */
                        mci->mci_flags &= ~MCIF_ESMTP;
                        goto tryhelo;
                }
                goto unavailable;
        }
        else if (REPLYTYPE(r) != 2)
                goto tempfail2;

        /*
        **  Check to see if we actually ended up talking to ourself.
        **  This means we didn't know about an alias or MX, or we managed
        **  to connect to an echo server.
        */

        p = strchr(&SmtpReplyBuffer[4], ' ');
        if (p != NULL)
                *p = '\0';
        if (!bitnset(M_NOLOOPCHECK, m->m_flags) &&
            !bitnset(M_LMTP, m->m_flags) &&
            sm_strcasecmp(&SmtpReplyBuffer[4], MyHostName) == 0)
        {
                syserr("553 5.3.5 %s config error: mail loops back to me (MX problem?)",
                        CurHostName);
                mci_setstat(mci, EX_CONFIG, "5.3.5",
                            "553 5.3.5 system config error");
                mci->mci_errno = 0;
                smtpquit(m, mci, e);
                return;
        }

        /*
        **  If this is expected to be another sendmail, send some internal
        **  commands.
        **  If we're running as MSP, "propagate" -v flag if possible.
        */

        if ((UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags))
# if !_FFR_DEPRECATE_MAILER_FLAG_I
            || bitnset(M_INTERNAL, m->m_flags)
# endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */
           )
        {
                /* tell it to be verbose */
                smtpmessage("VERB", m, mci);
                r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, &enhsc,
                        XS_DEFAULT);
                if (r < 0)
                        goto tempfail1;
        }

        if (mci->mci_state != MCIS_CLOSED)
        {
                mci->mci_state = MCIS_OPEN;
                return;
        }

        /* got a 421 error code during startup */

  tempfail1:
        mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.4.2"), NULL);
        if (mci->mci_state != MCIS_CLOSED)
                smtpquit(m, mci, e);
        return;

  tempfail2:
        /* XXX should use code from other end iff ENHANCEDSTATUSCODES */
        mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"),
                    SmtpReplyBuffer);
        if (mci->mci_state != MCIS_CLOSED)
                smtpquit(m, mci, e);
        return;

  unavailable:
        mci_setstat(mci, EX_UNAVAILABLE, "5.5.0", SmtpReplyBuffer);
        smtpquit(m, mci, e);
        return;
}
/*
**  ESMTP_CHECK -- check to see if this implementation likes ESMTP protocol
**
**      Parameters:
**              line -- the response line.
**              firstline -- set if this is the first line of the reply.
**              m -- the mailer.
**              mci -- the mailer connection info.
**              e -- the envelope.
**
**      Returns:
**              none.
*/

static void
esmtp_check(line, firstline, m, mci, e)
        char *line;
        bool firstline;
        MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
{
        if (strstr(line, "ESMTP") != NULL)
                mci->mci_flags |= MCIF_ESMTP;

        /*
        **  Dirty hack below. Quoting the author:
        **  This was a response to people who wanted SMTP transmission to be
        **  just-send-8 by default.  Essentially, you could put this tag into
        **  your greeting message to behave as though the F=8 flag was set on
        **  the mailer.
        */

        if (strstr(line, "8BIT-OK") != NULL)
                mci->mci_flags |= MCIF_8BITOK;
}

#if SASL
/* specify prototype so compiler can check calls */
static char *str_union __P((char *, char *, SM_RPOOL_T *));

/*
**  STR_UNION -- create the union of two lists
**
**      Parameters:
**              s1, s2 -- lists of items (separated by single blanks).
**              rpool -- resource pool from which result is allocated.
**
**      Returns:
**              the union of both lists.
*/

static char *
str_union(s1, s2, rpool)
        char *s1, *s2;
        SM_RPOOL_T *rpool;
{
        char *hr, *h1, *h, *res;
        int l1, l2, rl;

        if (s1 == NULL || *s1 == '\0')
                return s2;
        if (s2 == NULL || *s2 == '\0')
                return s1;
        l1 = strlen(s1);
        l2 = strlen(s2);
        rl = l1 + l2;
        res = (char *) sm_rpool_malloc(rpool, rl + 2);
        if (res == NULL)
        {
                if (l1 > l2)
                        return s1;
                return s2;
        }
        (void) sm_strlcpy(res, s1, rl);
        hr = res + l1;
        h1 = s2;
        h = s2;

        /* walk through s2 */
        while (h != NULL && *h1 != '\0')
        {
                /* is there something after the current word? */
                if ((h = strchr(h1, ' ')) != NULL)
                        *h = '\0';
                l1 = strlen(h1);

                /* does the current word appear in s1 ? */
                if (iteminlist(h1, s1, " ") == NULL)
                {
                        /* add space as delimiter */
                        *hr++ = ' ';

                        /* copy the item */
                        memcpy(hr, h1, l1);

                        /* advance pointer in result list */
                        hr += l1;
                        *hr = '\0';
                }
                if (h != NULL)
                {
                        /* there are more items */
                        *h = ' ';
                        h1 = h + 1;
                }
        }
        return res;
}
#endif /* SASL */

/*
**  HELO_OPTIONS -- process the options on a HELO line.
**
**      Parameters:
**              line -- the response line.
**              firstline -- set if this is the first line of the reply.
**              m -- the mailer.
**              mci -- the mailer connection info.
**              e -- the envelope (unused).
**
**      Returns:
**              none.
*/

static void
helo_options(line, firstline, m, mci, e)
        char *line;
        bool firstline;
        MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
{
        register char *p;
#if _FFR_IGNORE_EXT_ON_HELO
        static bool logged = false;
#endif /* _FFR_IGNORE_EXT_ON_HELO */

        if (firstline)
        {
#if SASL
                mci->mci_saslcap = NULL;
#endif /* SASL */
#if _FFR_IGNORE_EXT_ON_HELO
                logged = false;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
                return;
        }
#if _FFR_IGNORE_EXT_ON_HELO
        else if (bitset(MCIF_HELO, mci->mci_flags))
        {
                if (LogLevel > 8 && !logged)
                {
                        sm_syslog(LOG_WARNING, NOQID,
                                  "server=%s [%s] returned extensions despite HELO command",
                                  macvalue(macid("{server_name}"), e),
                                  macvalue(macid("{server_addr}"), e));
                        logged = true;
                }
                return;
        }
#endif /* _FFR_IGNORE_EXT_ON_HELO */

        if (strlen(line) < 5)
                return;
        line += 4;
        p = strpbrk(line, " =");
        if (p != NULL)
                *p++ = '\0';
        if (sm_strcasecmp(line, "size") == 0)
        {
                mci->mci_flags |= MCIF_SIZE;
                if (p != NULL)
                        mci->mci_maxsize = atol(p);
        }
        else if (sm_strcasecmp(line, "8bitmime") == 0)
        {
                mci->mci_flags |= MCIF_8BITMIME;
                mci->mci_flags &= ~MCIF_7BIT;
        }
        else if (sm_strcasecmp(line, "expn") == 0)
                mci->mci_flags |= MCIF_EXPN;
        else if (sm_strcasecmp(line, "dsn") == 0)
                mci->mci_flags |= MCIF_DSN;
        else if (sm_strcasecmp(line, "enhancedstatuscodes") == 0)
                mci->mci_flags |= MCIF_ENHSTAT;
        else if (sm_strcasecmp(line, "pipelining") == 0)
                mci->mci_flags |= MCIF_PIPELINED;
        else if (sm_strcasecmp(line, "verb") == 0)
                mci->mci_flags |= MCIF_VERB;
#if STARTTLS
        else if (sm_strcasecmp(line, "starttls") == 0)
                mci->mci_flags |= MCIF_TLS;
#endif /* STARTTLS */
        else if (sm_strcasecmp(line, "deliverby") == 0)
        {
                mci->mci_flags |= MCIF_DLVR_BY;
                if (p != NULL)
                        mci->mci_min_by = atol(p);
        }
#if SASL
        else if (sm_strcasecmp(line, "auth") == 0)
        {
                if (p != NULL && *p != '\0')
                {
                        if (mci->mci_saslcap != NULL)
                        {
                                /*
                                **  Create the union with previous auth
                                **  offerings because we recognize "auth "
                                **  and "auth=" (old format).
                                */

                                mci->mci_saslcap = str_union(mci->mci_saslcap,
                                                             p, mci->mci_rpool);
                                mci->mci_flags |= MCIF_AUTH;
                        }
                        else
                        {
                                int l;

                                l = strlen(p) + 1;
                                mci->mci_saslcap = (char *)
                                        sm_rpool_malloc(mci->mci_rpool, l);
                                if (mci->mci_saslcap != NULL)
                                {
                                        (void) sm_strlcpy(mci->mci_saslcap, p,
                                                          l);
                                        mci->mci_flags |= MCIF_AUTH;
                                }
                        }
                }
        }
#endif /* SASL */
}
#if SASL

static int getsimple    __P((void *, int, const char **, unsigned *));
static int getsecret    __P((sasl_conn_t *, void *, int, sasl_secret_t **));
static int saslgetrealm __P((void *, int, const char **, const char **));
static int readauth     __P((char *, bool, SASL_AI_T *m, SM_RPOOL_T *));
static int getauth      __P((MCI *, ENVELOPE *, SASL_AI_T *));
static char *removemech __P((char *, char *, SM_RPOOL_T *));
static int attemptauth  __P((MAILER *, MCI *, ENVELOPE *, SASL_AI_T *));

static sasl_callback_t callbacks[] =
{
        {       SASL_CB_GETREALM,       &saslgetrealm,  NULL    },
#define CB_GETREALM_IDX 0
        {       SASL_CB_PASS,           &getsecret,     NULL    },
#define CB_PASS_IDX     1
        {       SASL_CB_USER,           &getsimple,     NULL    },
#define CB_USER_IDX     2
        {       SASL_CB_AUTHNAME,       &getsimple,     NULL    },
#define CB_AUTHNAME_IDX 3
        {       SASL_CB_VERIFYFILE,     &safesaslfile,  NULL    },
#define CB_SAFESASL_IDX 4
        {       SASL_CB_LIST_END,       NULL,           NULL    }
};

/*
**  INIT_SASL_CLIENT -- initialize client side of Cyrus-SASL
**
**      Parameters:
**              none.
**
**      Returns:
**              SASL_OK -- if successful.
**              SASL error code -- otherwise.
**
**      Side Effects:
**              checks/sets sasl_clt_init.
**
**      Note:
**      Callbacks are ignored if sasl_client_init() has
**      been called before (by a library such as libnss_ldap)
*/

static bool sasl_clt_init = false;

static int
init_sasl_client()
{
        int result;

        if (sasl_clt_init)
                return SASL_OK;
        result = sasl_client_init(callbacks);

        /* should we retry later again or just remember that it failed? */
        if (result == SASL_OK)
                sasl_clt_init = true;
        return result;
}
/*
**  STOP_SASL_CLIENT -- shutdown client side of Cyrus-SASL
**
**      Parameters:
**              none.
**
**      Returns:
**              none.
**
**      Side Effects:
**              checks/sets sasl_clt_init.
*/

void
stop_sasl_client()
{
        if (!sasl_clt_init)
                return;
        sasl_clt_init = false;
        sasl_done();
}
/*
**  GETSASLDATA -- process the challenges from the SASL protocol
**
**      This gets the relevant sasl response data out of the reply
**      from the server.
**
**      Parameters:
**              line -- the response line.
**              firstline -- set if this is the first line of the reply.
**              m -- the mailer.
**              mci -- the mailer connection info.
**              e -- the envelope (unused).
**
**      Returns:
**              none.
*/

static void getsasldata __P((char *, bool, MAILER *, MCI *, ENVELOPE *));

static void
getsasldata(line, firstline, m, mci, e)
        char *line;
        bool firstline;
        MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
{
        int len;
        int result;
# if SASL < 20000
        char *out;
# endif /* SASL < 20000 */

        /* if not a continue we don't care about it */
        len = strlen(line);
        if ((len <= 4) ||
            (line[0] != '3') ||
             !isascii(line[1]) || !isdigit(line[1]) ||
             !isascii(line[2]) || !isdigit(line[2]))
        {
                SM_FREE_CLR(mci->mci_sasl_string);
                return;
        }

        /* forget about "334 " */
        line += 4;
        len -= 4;
# if SASL >= 20000
        /* XXX put this into a macro/function? It's duplicated below */
        if (mci->mci_sasl_string != NULL)
        {
                if (mci->mci_sasl_string_len <= len)
                {
                        sm_free(mci->mci_sasl_string); /* XXX */
                        mci->mci_sasl_string = xalloc(len + 1);
                }
        }
        else
                mci->mci_sasl_string = xalloc(len + 1);

        result = sasl_decode64(line, len, mci->mci_sasl_string, len + 1,
                               (unsigned int *) &mci->mci_sasl_string_len);
        if (result != SASL_OK)
        {
                mci->mci_sasl_string_len = 0;
                *mci->mci_sasl_string = '\0';
        }
# else /* SASL >= 20000 */
        out = (char *) sm_rpool_malloc_x(mci->mci_rpool, len + 1);
        result = sasl_decode64(line, len, out, (unsigned int *) &len);
        if (result != SASL_OK)
        {
                len = 0;
                *out = '\0';
        }

        /*
        **  mci_sasl_string is "shared" with Cyrus-SASL library; hence
        **      it can't be in an rpool unless we use the same memory
        **      management mechanism (with same rpool!) for Cyrus SASL.
        */

        if (mci->mci_sasl_string != NULL)
        {
                if (mci->mci_sasl_string_len <= len)
                {
                        sm_free(mci->mci_sasl_string); /* XXX */
                        mci->mci_sasl_string = xalloc(len + 1);
                }
        }
        else
                mci->mci_sasl_string = xalloc(len + 1);

        memcpy(mci->mci_sasl_string, out, len);
        mci->mci_sasl_string[len] = '\0';
        mci->mci_sasl_string_len = len;
# endif /* SASL >= 20000 */
        return;
}
/*
**  READAUTH -- read auth values from a file
**
**      Parameters:
**              filename -- name of file to read.
**              safe -- if set, this is a safe read.
**              sai -- where to store auth_info.
**              rpool -- resource pool for sai.
**
**      Returns:
**              EX_OK -- data succesfully read.
**              EX_UNAVAILABLE -- no valid filename.
**              EX_TEMPFAIL -- temporary failure.
*/

static char *sasl_info_name[] =
{
        "user id",
        "authentication id",
        "password",
        "realm",
        "mechlist"
};
static int
readauth(filename, safe, sai, rpool)
        char *filename;
        bool safe;
        SASL_AI_T *sai;
        SM_RPOOL_T *rpool;
{
        SM_FILE_T *f;
        long sff;
        pid_t pid;
        int lc;
        char *s;
        char buf[MAXLINE];

        if (filename == NULL || filename[0] == '\0')
                return EX_UNAVAILABLE;

#if !_FFR_ALLOW_SASLINFO
        /*
        **  make sure we don't use a program that is not
        **  accesible to the user who specified a different authinfo file.
        **  However, currently we don't pass this info (authinfo file
        **  specified by user) around, so we just turn off program access.
        */

        if (filename[0] == '|')
        {
                auto int fd;
                int i;
                char *p;
                char *argv[MAXPV + 1];

                i = 0;
                for (p = strtok(&filename[1], " \t"); p != NULL;
                     p = strtok(NULL, " \t"))
                {
                        if (i >= MAXPV)
                                break;
                        argv[i++] = p;
                }
                argv[i] = NULL;
                pid = prog_open(argv, &fd, CurEnv);
                if (pid < 0)
                        f = NULL;
                else
                        f = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
                                       (void *) &fd, SM_IO_RDONLY, NULL);
        }
        else
#endif /* !_FFR_ALLOW_SASLINFO */
        {
                pid = -1;
                sff = SFF_REGONLY|SFF_SAFEDIRPATH|SFF_NOWLINK
                      |SFF_NOGWFILES|SFF_NOWWFILES|SFF_NOWRFILES;
# if _FFR_GROUPREADABLEAUTHINFOFILE
                if (!bitnset(DBS_GROUPREADABLEAUTHINFOFILE, DontBlameSendmail))
# endif /* _FFR_GROUPREADABLEAUTHINFOFILE */
                        sff |= SFF_NOGRFILES;
                if (DontLockReadFiles)
                        sff |= SFF_NOLOCK;

#if _FFR_ALLOW_SASLINFO
                /*
                **  XXX: make sure we don't read or open files that are not
                **  accesible to the user who specified a different authinfo
                **  file.
                */

                sff |= SFF_MUSTOWN;
#else /* _FFR_ALLOW_SASLINFO */
                if (safe)
                        sff |= SFF_OPENASROOT;
#endif /* _FFR_ALLOW_SASLINFO */

                f = safefopen(filename, O_RDONLY, 0, sff);
        }
        if (f == NULL)
        {
                if (LogLevel > 5)
                        sm_syslog(LOG_ERR, NOQID,
                                  "AUTH=client, error: can't open %s: %s",
                                  filename, sm_errstring(errno));
                return EX_TEMPFAIL;
        }

        lc = 0;
        while (lc <= SASL_MECHLIST &&
                sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL)
        {
                if (buf[0] != '#')
                {
                        (*sai)[lc] = sm_rpool_strdup_x(rpool, buf);
                        if ((s = strchr((*sai)[lc], '\n')) != NULL)
                                *s = '\0';
                        lc++;
                }
        }

        (void) sm_io_close(f, SM_TIME_DEFAULT);
        if (pid > 0)
                (void) waitfor(pid);
        if (lc < SASL_PASSWORD)
        {
                if (LogLevel > 8)
                        sm_syslog(LOG_ERR, NOQID,
                                  "AUTH=client, error: can't read %s from %s",
                                  sasl_info_name[lc + 1], filename);
                return EX_TEMPFAIL;
        }
        return EX_OK;
}

/*
**  GETAUTH -- get authinfo from ruleset call
**
**      {server_name}, {server_addr} must be set
**
**      Parameters:
**              mci -- the mailer connection structure.
**              e -- the envelope (including the sender to specify).
**              sai -- pointer to authinfo (result).
**
**      Returns:
**              EX_OK -- ruleset was succesfully called, data may not
**                      be available, sai must be checked.
**              EX_UNAVAILABLE -- ruleset unavailable (or failed).
**              EX_TEMPFAIL -- temporary failure (from ruleset).
**
**      Side Effects:
**              Fills in sai if successful.
*/

static int
getauth(mci, e, sai)
        MCI *mci;
        ENVELOPE *e;
        SASL_AI_T *sai;
{
        int i, r, l, got, ret;
        char **pvp;
        char pvpbuf[PSBUFSIZE];

        r = rscap("authinfo", macvalue(macid("{server_name}"), e),
                   macvalue(macid("{server_addr}"), e), e,
                   &pvp, pvpbuf, sizeof(pvpbuf));

        if (r != EX_OK)
                return EX_UNAVAILABLE;

        /* other than expected return value: ok (i.e., no auth) */
        if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
                return EX_OK;
        if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
                return EX_TEMPFAIL;

        /*
        **  parse the data, put it into sai
        **  format: "TDstring" (including the '"' !)
        **  where T is a tag: 'U', ...
        **  D is a delimiter: ':' or '='
        */

        ret = EX_OK;    /* default return value */
        i = 0;
        got = 0;
        while (i < SASL_ENTRIES)
        {
                if (pvp[i + 1] == NULL)
                        break;
                if (pvp[i + 1][0] != '"')
                        break;
                switch (pvp[i + 1][1])
                {
                  case 'U':
                  case 'u':
                        r = SASL_USER;
                        break;
                  case 'I':
                  case 'i':
                        r = SASL_AUTHID;
                        break;
                  case 'P':
                  case 'p':
                        r = SASL_PASSWORD;
                        break;
                  case 'R':
                  case 'r':
                        r = SASL_DEFREALM;
                        break;
                  case 'M':
                  case 'm':
                        r = SASL_MECHLIST;
                        break;
                  default:
                        goto fail;
                }
                l = strlen(pvp[i + 1]);

                /* check syntax */
                if (l <= 3 || pvp[i + 1][l - 1] != '"')
                        goto fail;

                /* remove closing quote */
                pvp[i + 1][l - 1] = '\0';

                /* remove "TD and " */
                l -= 4;
                (*sai)[r] = (char *) sm_rpool_malloc(mci->mci_rpool, l + 1);
                if ((*sai)[r] == NULL)
                        goto tempfail;
                if (pvp[i + 1][2] == ':')
                {
                        /* ':text' (just copy) */
                        (void) sm_strlcpy((*sai)[r], pvp[i + 1] + 3, l + 1);
                        got |= 1 << r;
                }
                else if (pvp[i + 1][2] == '=')
                {
                        unsigned int len;

                        /* '=base64' (decode) */
# if SASL >= 20000
                        ret = sasl_decode64(pvp[i + 1] + 3,
                                          (unsigned int) l, (*sai)[r],
                                          (unsigned int) l + 1, &len);
# else /* SASL >= 20000 */
                        ret = sasl_decode64(pvp[i + 1] + 3,
                                          (unsigned int) l, (*sai)[r], &len);
# endif /* SASL >= 20000 */
                        if (ret != SASL_OK)
                                goto fail;
                        got |= 1 << r;
                }
                else
                        goto fail;
                if (tTd(95, 5))
                        sm_syslog(LOG_DEBUG, NOQID, "getauth %s=%s",
                                  sasl_info_name[r], (*sai)[r]);
                ++i;
        }

        /* did we get the expected data? */
        /* XXX: EXTERNAL mechanism only requires (and only uses) SASL_USER */
        if (!(bitset(SASL_USER_BIT|SASL_AUTHID_BIT, got) &&
              bitset(SASL_PASSWORD_BIT, got)))
                goto fail;

        /* no authid? copy uid */
        if (!bitset(SASL_AUTHID_BIT, got))
        {
                l = strlen((*sai)[SASL_USER]) + 1;
                (*sai)[SASL_AUTHID] = (char *) sm_rpool_malloc(mci->mci_rpool,
                                                               l + 1);
                if ((*sai)[SASL_AUTHID] == NULL)
                        goto tempfail;
                (void) sm_strlcpy((*sai)[SASL_AUTHID], (*sai)[SASL_USER], l);
        }

        /* no uid? copy authid */
        if (!bitset(SASL_USER_BIT, got))
        {
                l = strlen((*sai)[SASL_AUTHID]) + 1;
                (*sai)[SASL_USER] = (char *) sm_rpool_malloc(mci->mci_rpool,
                                                             l + 1);
                if ((*sai)[SASL_USER] == NULL)
                        goto tempfail;
                (void) sm_strlcpy((*sai)[SASL_USER], (*sai)[SASL_AUTHID], l);
        }
        return EX_OK;

  tempfail:
        ret = EX_TEMPFAIL;
  fail:
        if (LogLevel > 8)
                sm_syslog(LOG_WARNING, NOQID,
                          "AUTH=client, relay=%.64s [%.16s], authinfo %sfailed",
                          macvalue(macid("{server_name}"), e),
                          macvalue(macid("{server_addr}"), e),
                          ret == EX_TEMPFAIL ? "temp" : "");
        for (i = 0; i <= SASL_MECHLIST; i++)
                (*sai)[i] = NULL;       /* just clear; rpool */
        return ret;
}

# if SASL >= 20000
/*
**  GETSIMPLE -- callback to get userid or authid
**
**      Parameters:
**              context -- sai
**              id -- what to do
**              result -- (pointer to) result
**              len -- (pointer to) length of result
**
**      Returns:
**              OK/failure values
*/

static int
getsimple(context, id, result, len)
        void *context;
        int id;
        const char **result;
        unsigned *len;
{
        SASL_AI_T *sai;

        if (result == NULL || context == NULL)
                return SASL_BADPARAM;
        sai = (SASL_AI_T *) context;

        switch (id)
        {
          case SASL_CB_USER:
                *result = (*sai)[SASL_USER];
                if (tTd(95, 5))
                        sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
                                  *result);
                if (len != NULL)
                        *len = *result != NULL ? strlen(*result) : 0;
                break;

          case SASL_CB_AUTHNAME:
                *result = (*sai)[SASL_AUTHID];
                if (tTd(95, 5))
                        sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
                                  *result);
                if (len != NULL)
                        *len = *result != NULL ? strlen(*result) : 0;
                break;

          case SASL_CB_LANGUAGE:
                *result = NULL;
                if (len != NULL)
                        *len = 0;
                break;

          default:
                return SASL_BADPARAM;
        }
        return SASL_OK;
}
/*
**  GETSECRET -- callback to get password
**
**      Parameters:
**              conn -- connection information
**              context -- sai
**              id -- what to do
**              psecret -- (pointer to) result
**
**      Returns:
**              OK/failure values
*/

static int
getsecret(conn, context, id, psecret)
        sasl_conn_t *conn;
        SM_UNUSED(void *context);
        int id;
        sasl_secret_t **psecret;
{
        int len;
        char *authpass;
        MCI *mci;

        if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
                return SASL_BADPARAM;

        mci = (MCI *) context;
        authpass = mci->mci_sai[SASL_PASSWORD];
        len = strlen(authpass);

        /*
        **  use an rpool because we are responsible for free()ing the secret,
        **  but we can't free() it until after the auth completes
        */

        *psecret = (sasl_secret_t *) sm_rpool_malloc(mci->mci_rpool,
                                                     sizeof(sasl_secret_t) +
                                                     len + 1);
        if (*psecret == NULL)
                return SASL_FAIL;
        (void) sm_strlcpy((char *) (*psecret)->data, authpass, len + 1);
        (*psecret)->len = (unsigned long) len;
        return SASL_OK;
}
# else /* SASL >= 20000 */
/*
**  GETSIMPLE -- callback to get userid or authid
**
**      Parameters:
**              context -- sai
**              id -- what to do
**              result -- (pointer to) result
**              len -- (pointer to) length of result
**
**      Returns:
**              OK/failure values
*/

static int
getsimple(context, id, result, len)
        void *context;
        int id;
        const char **result;
        unsigned *len;
{
        char *h, *s;
# if SASL > 10509
        bool addrealm;
# endif /* SASL > 10509 */
        size_t l;
        SASL_AI_T *sai;
        char *authid = NULL;

        if (result == NULL || context == NULL)
                return SASL_BADPARAM;
        sai = (SASL_AI_T *) context;

        /*
        **  Unfortunately it is not clear whether this routine should
        **  return a copy of a string or just a pointer to a string.
        **  The Cyrus-SASL plugins treat these return values differently, e.g.,
        **  plugins/cram.c free()s authid, plugings/digestmd5.c does not.
        **  The best solution to this problem is to fix Cyrus-SASL, but it
        **  seems there is nobody who creates patches... Hello CMU!?
        **  The second best solution is to have flags that tell this routine
        **  whether to return an malloc()ed copy.
        **  The next best solution is to always return an malloc()ed copy,
        **  and suffer from some memory leak, which is ugly for persistent
        **  queue runners.
        **  For now we go with the last solution...
        **  We can't use rpools (which would avoid this particular problem)
        **  as explained in sasl.c.
        */

        switch (id)
        {
          case SASL_CB_USER:
                l = strlen((*sai)[SASL_USER]) + 1;
                s = sm_sasl_malloc(l);
                if (s == NULL)
                {
                        if (len != NULL)
                                *len = 0;
                        *result = NULL;
                        return SASL_NOMEM;
                }
                (void) sm_strlcpy(s, (*sai)[SASL_USER], l);
                *result = s;
                if (tTd(95, 5))
                        sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
                                  *result);
                if (len != NULL)
                        *len = *result != NULL ? strlen(*result) : 0;
                break;

          case SASL_CB_AUTHNAME:
                h = (*sai)[SASL_AUTHID];
# if SASL > 10509
                /* XXX maybe other mechanisms too?! */
                addrealm = (*sai)[SASL_MECH] != NULL &&
                           sm_strcasecmp((*sai)[SASL_MECH], "CRAM-MD5") == 0;

                /*
                **  Add realm to authentication id unless authid contains
                **  '@' (i.e., a realm) or the default realm is empty.
                */

                if (addrealm && h != NULL && strchr(h, '@') == NULL)
                {
                        /* has this been done before? */
                        if ((*sai)[SASL_ID_REALM] == NULL)
                        {
                                char *realm;

                                realm = (*sai)[SASL_DEFREALM];

                                /* do not add an empty realm */
                                if (*realm == '\0')
                                {
                                        authid = h;
                                        (*sai)[SASL_ID_REALM] = NULL;
                                }
                                else
                                {
                                        l = strlen(h) + strlen(realm) + 2;

                                        /* should use rpool, but from where? */
                                        authid = sm_sasl_malloc(l);
                                        if (authid != NULL)
                                        {
                                                (void) sm_snprintf(authid, l,
                                                                  "%s@%s",
                                                                   h, realm);
                                                (*sai)[SASL_ID_REALM] = authid;
                                        }
                                        else
                                        {
                                                authid = h;
                                                (*sai)[SASL_ID_REALM] = NULL;
                                        }
                                }
                        }
                        else
                                authid = (*sai)[SASL_ID_REALM];
                }
                else
# endif /* SASL > 10509 */
                        authid = h;
                l = strlen(authid) + 1;
                s = sm_sasl_malloc(l);
                if (s == NULL)
                {
                        if (len != NULL)
                                *len = 0;
                        *result = NULL;
                        return SASL_NOMEM;
                }
                (void) sm_strlcpy(s, authid, l);
                *result = s;
                if (tTd(95, 5))
                        sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
                                  *result);
                if (len != NULL)
                        *len = authid ? strlen(authid) : 0;
                break;

          case SASL_CB_LANGUAGE:
                *result = NULL;
                if (len != NULL)
                        *len = 0;
                break;

          default:
                return SASL_BADPARAM;
        }
        return SASL_OK;
}
/*
**  GETSECRET -- callback to get password
**
**      Parameters:
**              conn -- connection information
**              context -- sai
**              id -- what to do
**              psecret -- (pointer to) result
**
**      Returns:
**              OK/failure values
*/

static int
getsecret(conn, context, id, psecret)
        sasl_conn_t *conn;
        SM_UNUSED(void *context);
        int id;
        sasl_secret_t **psecret;
{
        int len;
        char *authpass;
        SASL_AI_T *sai;

        if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
                return SASL_BADPARAM;

        sai = (SASL_AI_T *) context;
        authpass = (*sai)[SASL_PASSWORD];
        len = strlen(authpass);
        *psecret = (sasl_secret_t *) sm_sasl_malloc(sizeof(sasl_secret_t) +
                                                    len + 1);
        if (*psecret == NULL)
                return SASL_FAIL;
        (void) sm_strlcpy((*psecret)->data, authpass, len + 1);
        (*psecret)->len = (unsigned long) len;
        return SASL_OK;
}
# endif /* SASL >= 20000 */

/*
**  SAFESASLFILE -- callback for sasl: is file safe?
**
**      Parameters:
**              context -- pointer to context between invocations (unused)
**              file -- name of file to check
**              type -- type of file to check
**
**      Returns:
**              SASL_OK -- file can be used
**              SASL_CONTINUE -- don't use file
**              SASL_FAIL -- failure (not used here)
**
*/

int
#if SASL > 10515
safesaslfile(context, file, type)
#else /* SASL > 10515 */
safesaslfile(context, file)
#endif /* SASL > 10515 */
        void *context;
# if SASL >= 20000
        const char *file;
# else /* SASL >= 20000 */
        char *file;
# endif /* SASL >= 20000 */
#if SASL > 10515
# if SASL >= 20000
        sasl_verify_type_t type;
# else /* SASL >= 20000 */
        int type;
# endif /* SASL >= 20000 */
#endif /* SASL > 10515 */
{
        long sff;
        int r;
#if SASL <= 10515
        size_t len;
#endif /* SASL <= 10515 */
        char *p;

        if (file == NULL || *file == '\0')
                return SASL_OK;
        sff = SFF_SAFEDIRPATH|SFF_NOWLINK|SFF_NOWWFILES|SFF_ROOTOK;
#if SASL <= 10515
        if ((p = strrchr(file, '/')) == NULL)
                p = file;
        else
                ++p;

        /* everything beside libs and .conf files must not be readable */
        len = strlen(p);
        if ((len <= 3 || strncmp(p, "lib", 3) != 0) &&
            (len <= 5 || strncmp(p + len - 5, ".conf", 5) != 0))
        {
                if (!bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
                        sff |= SFF_NORFILES;
                if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
                        sff |= SFF_NOGWFILES;
        }
#else /* SASL <= 10515 */
        /* files containing passwords should be not readable */
        if (type == SASL_VRFY_PASSWD)
        {
                if (bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
                        sff |= SFF_NOWRFILES;
                else
                        sff |= SFF_NORFILES;
                if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
                        sff |= SFF_NOGWFILES;
        }
#endif /* SASL <= 10515 */

        p = (char *) file;
        if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
                          S_IRUSR, NULL)) == 0)
                return SASL_OK;
        if (LogLevel > (r != ENOENT ? 8 : 10))
                sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
                          p, sm_errstring(r));
        return SASL_CONTINUE;
}

/*
**  SASLGETREALM -- return the realm for SASL
**
**      return the realm for the client
**
**      Parameters:
**              context -- context shared between invocations
**              availrealms -- list of available realms
**                      {realm, realm, ...}
**              result -- pointer to result
**
**      Returns:
**              failure/success
*/

static int
saslgetrealm(context, id, availrealms, result)
        void *context;
        int id;
        const char **availrealms;
        const char **result;
{
        char *r;
        SASL_AI_T *sai;

        sai = (SASL_AI_T *) context;
        if (sai == NULL)
                return SASL_FAIL;
        r = (*sai)[SASL_DEFREALM];

        if (LogLevel > 12)
                sm_syslog(LOG_INFO, NOQID,
                          "AUTH=client, realm=%s, available realms=%s",
                          r == NULL ? "<No Realm>" : r,
                          (availrealms == NULL || *availrealms == NULL)
                                ? "<No Realms>" : *availrealms);

        /* check whether context is in list */
        if (availrealms != NULL && *availrealms != NULL)
        {
                if (iteminlist(context, (char *)(*availrealms + 1), " ,}") ==
                    NULL)
                {
                        if (LogLevel > 8)
                                sm_syslog(LOG_ERR, NOQID,
                                          "AUTH=client, realm=%s not in list=%s",
                                          r, *availrealms);
                        return SASL_FAIL;
                }
        }
        *result = r;
        return SASL_OK;
}
/*
**  ITEMINLIST -- does item appear in list?
**
**      Check whether item appears in list (which must be separated by a
**      character in delim) as a "word", i.e. it must appear at the begin
**      of the list or after a space, and it must end with a space or the
**      end of the list.
**
**      Parameters:
**              item -- item to search.
**              list -- list of items.
**              delim -- list of delimiters.
**
**      Returns:
**              pointer to occurrence (NULL if not found).
*/

char *
iteminlist(item, list, delim)
        char *item;
        char *list;
        char *delim;
{
        char *s;
        int len;

        if (list == NULL || *list == '\0')
                return NULL;
        if (item == NULL || *item == '\0')
                return NULL;
        s = list;
        len = strlen(item);
        while (s != NULL && *s != '\0')
        {
                if (sm_strncasecmp(s, item, len) == 0 &&
                    (s[len] == '\0' || strchr(delim, s[len]) != NULL))
                        return s;
                s = strpbrk(s, delim);
                if (s != NULL)
                        while (*++s == ' ')
                                continue;
        }
        return NULL;
}
/*
**  REMOVEMECH -- remove item [rem] from list [list]
**
**      Parameters:
**              rem -- item to remove
**              list -- list of items
**              rpool -- resource pool from which result is allocated.
**
**      Returns:
**              pointer to new list (NULL in case of error).
*/

static char *
removemech(rem, list, rpool)
        char *rem;
        char *list;
        SM_RPOOL_T *rpool;
{
        char *ret;
        char *needle;
        int len;

        if (list == NULL)
                return NULL;
        if (rem == NULL || *rem == '\0')
        {
                /* take out what? */
                return NULL;
        }

        /* find the item in the list */
        if ((needle = iteminlist(rem, list, " ")) == NULL)
        {
                /* not in there: return original */
                return list;
        }

        /* length of string without rem */
        len = strlen(list) - strlen(rem);
        if (len <= 0)
        {
                ret = (char *) sm_rpool_malloc_x(rpool, 1);
                *ret = '\0';
                return ret;
        }
        ret = (char *) sm_rpool_malloc_x(rpool, len);
        memset(ret, '\0', len);

        /* copy from start to removed item */
        memcpy(ret, list, needle - list);

        /* length of rest of string past removed item */
        len = strlen(needle) - strlen(rem) - 1;
        if (len > 0)
        {
                /* not last item -- copy into string */
                memcpy(ret + (needle - list),
                       list + (needle - list) + strlen(rem) + 1,
                       len);
        }
        else
                ret[(needle - list) - 1] = '\0';
        return ret;
}
/*
**  ATTEMPTAUTH -- try to AUTHenticate using one mechanism
**
**      Parameters:
**              m -- the mailer.
**              mci -- the mailer connection structure.
**              e -- the envelope (including the sender to specify).
**              sai - sasl authinfo
**
**      Returns:
**              EX_OK -- authentication was successful.
**              EX_NOPERM -- authentication failed.
**              EX_IOERR -- authentication dialogue failed (I/O problem?).
**              EX_TEMPFAIL -- temporary failure.
**
*/

static int
attemptauth(m, mci, e, sai)
        MAILER *m;
        MCI *mci;
        ENVELOPE *e;
        SASL_AI_T *sai;
{
        int saslresult, smtpresult;
# if SASL >= 20000
        sasl_ssf_t ssf;
        const char *auth_id;
        const char *out;
# else /* SASL >= 20000 */
        sasl_external_properties_t ssf;
        char *out;
# endif /* SASL >= 20000 */
        unsigned int outlen;
        sasl_interact_t *client_interact = NULL;
        char *mechusing;
        sasl_security_properties_t ssp;

        /* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */
        char in64[MAXOUTLEN + 1];
#if NETINET || (NETINET6 && SASL >= 20000)
        extern SOCKADDR CurHostAddr;
#endif /* NETINET || (NETINET6 && SASL >= 20000) */

        /* no mechanism selected (yet) */
        (*sai)[SASL_MECH] = NULL;

        /* dispose old connection */
        if (mci->mci_conn != NULL)
                sasl_dispose(&(mci->mci_conn));

        /* make a new client sasl connection */
# if SASL >= 20000
        /*
        **  We provide the callbacks again because global callbacks in
        **  sasl_client_init() are ignored if SASL has been initialized
        **  before, for example, by a library such as libnss-ldap.
        */

        saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
                                                                 : "smtp",
                                     CurHostName, NULL, NULL, callbacks, 0,
                                     &mci->mci_conn);
# else /* SASL >= 20000 */
        saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
                                                                 : "smtp",
                                     CurHostName, NULL, 0, &mci->mci_conn);
# endif /* SASL >= 20000 */
        if (saslresult != SASL_OK)
                return EX_TEMPFAIL;

        /* set properties */
        (void) memset(&ssp, '\0', sizeof(ssp));

        /* XXX should these be options settable via .cf ? */
        {
                ssp.max_ssf = MaxSLBits;
                ssp.maxbufsize = MAXOUTLEN;
#  if 0
                ssp.security_flags = SASL_SEC_NOPLAINTEXT;
#  endif /* 0 */
        }
        saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp);
        if (saslresult != SASL_OK)
                return EX_TEMPFAIL;

# if SASL >= 20000
        /* external security strength factor, authentication id */
        ssf = 0;
        auth_id = NULL;
#  if STARTTLS
        out = macvalue(macid("{cert_subject}"), e);
        if (out != NULL && *out != '\0')
                auth_id = out;
        out = macvalue(macid("{cipher_bits}"), e);
        if (out != NULL && *out != '\0')
                ssf = atoi(out);
#  endif /* STARTTLS */
        saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
        if (saslresult != SASL_OK)
                return EX_TEMPFAIL;
        saslresult = sasl_setprop(mci->mci_conn, SASL_AUTH_EXTERNAL, auth_id);
        if (saslresult != SASL_OK)
                return EX_TEMPFAIL;

#  if NETINET || NETINET6
        /* set local/remote ipv4 addresses */
        if (mci->mci_out != NULL && (
#   if NETINET6
                CurHostAddr.sa.sa_family == AF_INET6 ||
#   endif /* NETINET6 */
                CurHostAddr.sa.sa_family == AF_INET))
        {
                SOCKADDR_LEN_T addrsize;
                SOCKADDR saddr_l;
                char localip[60], remoteip[60];

                switch (CurHostAddr.sa.sa_family)
                {
                  case AF_INET:
                        addrsize = sizeof(struct sockaddr_in);
                        break;
#   if NETINET6
                  case AF_INET6:
                        addrsize = sizeof(struct sockaddr_in6);
                        break;
#   endif /* NETINET6 */
                  default:
                        break;
                }
                if (iptostring(&CurHostAddr, addrsize,
                               remoteip, sizeof(remoteip)))
                {
                        if (sasl_setprop(mci->mci_conn, SASL_IPREMOTEPORT,
                                         remoteip) != SASL_OK)
                                return EX_TEMPFAIL;
                }
                addrsize = sizeof(saddr_l);
                if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
                                              NULL),
                                (struct sockaddr *) &saddr_l, &addrsize) == 0)
                {
                        if (iptostring(&saddr_l, addrsize,
                                       localip, sizeof(localip)))
                        {
                                if (sasl_setprop(mci->mci_conn,
                                                 SASL_IPLOCALPORT,
                                                 localip) != SASL_OK)
                                        return EX_TEMPFAIL;
                        }
                }
        }
#  endif /* NETINET || NETINET6 */

        /* start client side of sasl */
        saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
                                       &client_interact,
                                       &out, &outlen,
                                       (const char **) &mechusing);
# else /* SASL >= 20000 */
        /* external security strength factor, authentication id */
        ssf.ssf = 0;
        ssf.auth_id = NULL;
#  if STARTTLS
        out = macvalue(macid("{cert_subject}"), e);
        if (out != NULL && *out != '\0')
                ssf.auth_id = out;
        out = macvalue(macid("{cipher_bits}"), e);
        if (out != NULL && *out != '\0')
                ssf.ssf = atoi(out);
#  endif /* STARTTLS */
        saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
        if (saslresult != SASL_OK)
                return EX_TEMPFAIL;

#  if NETINET
        /* set local/remote ipv4 addresses */
        if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET)
        {
                SOCKADDR_LEN_T addrsize;
                struct sockaddr_in saddr_l;

                if (sasl_setprop(mci->mci_conn, SASL_IP_REMOTE,
                                 (struct sockaddr_in *) &CurHostAddr)
                    != SASL_OK)
                        return EX_TEMPFAIL;
                addrsize = sizeof(struct sockaddr_in);
                if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
                                              NULL),
                                (struct sockaddr *) &saddr_l, &addrsize) == 0)
                {
                        if (sasl_setprop(mci->mci_conn, SASL_IP_LOCAL,
                                         &saddr_l) != SASL_OK)
                                return EX_TEMPFAIL;
                }
        }
#  endif /* NETINET */

        /* start client side of sasl */
        saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
                                       NULL, &client_interact,
                                       &out, &outlen,
                                       (const char **) &mechusing);
# endif /* SASL >= 20000 */

        if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
        {
                if (saslresult == SASL_NOMECH && LogLevel > 8)
                {
                        sm_syslog(LOG_NOTICE, e->e_id,
                                  "AUTH=client, available mechanisms do not fulfill requirements");
                }
                return EX_TEMPFAIL;
        }

        /* just point current mechanism to the data in the sasl library */
        (*sai)[SASL_MECH] = mechusing;

        /* send the info across the wire */
        if (out == NULL
                /* login and digest-md5 up to 1.5.28 set out="" */
            || (outlen == 0 &&
                (sm_strcasecmp(mechusing, "LOGIN") == 0 ||
                 sm_strcasecmp(mechusing, "DIGEST-MD5") == 0))
           )
        {
                /* no initial response */
                smtpmessage("AUTH %s", m, mci, mechusing);
        }
        else if (outlen == 0)
        {
                /*
                **  zero-length initial response, per RFC 2554 4.:
                **  "Unlike a zero-length client answer to a 334 reply, a zero-
                **  length initial response is sent as a single equals sign"
                */

                smtpmessage("AUTH %s =", m, mci, mechusing);
        }
        else
        {
                saslresult = sasl_encode64(out, outlen, in64, sizeof(in64),
                                           NULL);
                if (saslresult != SASL_OK) /* internal error */
                {
                        if (LogLevel > 8)
                                sm_syslog(LOG_ERR, e->e_id,
                                        "encode64 for AUTH failed");
                        return EX_TEMPFAIL;
                }
                smtpmessage("AUTH %s %s", m, mci, mechusing, in64);
        }
# if SASL < 20000
        sm_sasl_free(out); /* XXX only if no rpool is used */
# endif /* SASL < 20000 */

        /* get the reply */
        smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL,
                        XS_AUTH);

        for (;;)
        {
                /* check return code from server */
                if (smtpresult == 235)
                {
                        macdefine(&mci->mci_macro, A_TEMP, macid("{auth_type}"),
                                  mechusing);
                        return EX_OK;
                }
                if (smtpresult == -1)
                        return EX_IOERR;
                if (REPLYTYPE(smtpresult) == 5)
                        return EX_NOPERM;       /* ugly, but ... */
                if (REPLYTYPE(smtpresult) != 3)
                {
                        /* should we fail deliberately, see RFC 2554 4. ? */
                        /* smtpmessage("*", m, mci); */
                        return EX_TEMPFAIL;
                }

                saslresult = sasl_client_step(mci->mci_conn,
                                              mci->mci_sasl_string,
                                              mci->mci_sasl_string_len,
                                              &client_interact,
                                              &out, &outlen);

                if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
                {
                        if (tTd(95, 5))
                                sm_dprintf("AUTH FAIL=%s (%d)\n",
                                        sasl_errstring(saslresult, NULL, NULL),
                                        saslresult);

                        /* fail deliberately, see RFC 2554 4. */
                        smtpmessage("*", m, mci);

                        /*
                        **  but we should only fail for this authentication
                        **  mechanism; how to do that?
                        */

                        smtpresult = reply(m, mci, e, TimeOuts.to_auth,
                                           getsasldata, NULL, XS_AUTH);
                        return EX_NOPERM;
                }

                if (outlen > 0)
                {
                        saslresult = sasl_encode64(out, outlen, in64,
                                                   sizeof(in64), NULL);
                        if (saslresult != SASL_OK)
                        {
                                /* give an error reply to the other side! */
                                smtpmessage("*", m, mci);
                                return EX_TEMPFAIL;
                        }
                }
                else
                        in64[0] = '\0';
# if SASL < 20000
                sm_sasl_free(out); /* XXX only if no rpool is used */
# endif /* SASL < 20000 */
                smtpmessage("%s", m, mci, in64);
                smtpresult = reply(m, mci, e, TimeOuts.to_auth,
                                   getsasldata, NULL, XS_AUTH);
        }
        /* NOTREACHED */
}
/*
**  SMTPAUTH -- try to AUTHenticate
**
**      This will try mechanisms in the order the sasl library decided until:
**      - there are no more mechanisms
**      - a mechanism succeeds
**      - the sasl library fails initializing
**
**      Parameters:
**              m -- the mailer.
**              mci -- the mailer connection info.
**              e -- the envelope.
**
**      Returns:
**              EX_OK -- authentication was successful
**              EX_UNAVAILABLE -- authentication not possible, e.g.,
**                      no data available.
**              EX_NOPERM -- authentication failed.
**              EX_TEMPFAIL -- temporary failure.
**
**      Notice: AuthInfo is used for all connections, hence we must
**              return EX_TEMPFAIL only if we really want to retry, i.e.,
**              iff getauth() tempfailed or getauth() was used and
**              authentication tempfailed.
*/

int
smtpauth(m, mci, e)
        MAILER *m;
        MCI *mci;
        ENVELOPE *e;
{
        int result;
        int i;
        bool usedgetauth;

        mci->mci_sasl_auth = false;
        for (i = 0; i < SASL_MECH ; i++)
                mci->mci_sai[i] = NULL;

        result = getauth(mci, e, &(mci->mci_sai));
        if (result == EX_TEMPFAIL)
                return result;
        usedgetauth = true;

        /* no data available: don't try to authenticate */
        if (result == EX_OK && mci->mci_sai[SASL_AUTHID] == NULL)
                return result;
        if (result != EX_OK)
        {
                if (SASLInfo == NULL)
                        return EX_UNAVAILABLE;

                /* read authinfo from file */
                result = readauth(SASLInfo, true, &(mci->mci_sai),
                                  mci->mci_rpool);
                if (result != EX_OK)
                        return result;
                usedgetauth = false;
        }

        /* check whether sufficient data is available */
        if (mci->mci_sai[SASL_PASSWORD] == NULL ||
            *(mci->mci_sai)[SASL_PASSWORD] == '\0')
                return EX_UNAVAILABLE;
        if ((mci->mci_sai[SASL_AUTHID] == NULL ||
             *(mci->mci_sai)[SASL_AUTHID] == '\0') &&
            (mci->mci_sai[SASL_USER] == NULL ||
             *(mci->mci_sai)[SASL_USER] == '\0'))
                return EX_UNAVAILABLE;

        /* set the context for the callback function to sai */
# if SASL >= 20000
        callbacks[CB_PASS_IDX].context = (void *) mci;
# else /* SASL >= 20000 */
        callbacks[CB_PASS_IDX].context = (void *) &mci->mci_sai;
# endif /* SASL >= 20000 */
        callbacks[CB_USER_IDX].context = (void *) &mci->mci_sai;
        callbacks[CB_AUTHNAME_IDX].context = (void *) &mci->mci_sai;
        callbacks[CB_GETREALM_IDX].context = (void *) &mci->mci_sai;
#if 0
        callbacks[CB_SAFESASL_IDX].context = (void *) &mci->mci_sai;
#endif /* 0 */

        /* set default value for realm */
        if ((mci->mci_sai)[SASL_DEFREALM] == NULL)
                (mci->mci_sai)[SASL_DEFREALM] = sm_rpool_strdup_x(e->e_rpool,
                                                        macvalue('j', CurEnv));

        /* set default value for list of mechanism to use */
        if ((mci->mci_sai)[SASL_MECHLIST] == NULL ||
            *(mci->mci_sai)[SASL_MECHLIST] == '\0')
                (mci->mci_sai)[SASL_MECHLIST] = AuthMechanisms;

        /* create list of mechanisms to try */
        mci->mci_saslcap = intersect((mci->mci_sai)[SASL_MECHLIST],
                                     mci->mci_saslcap, mci->mci_rpool);

        /* initialize sasl client library */
        result = init_sasl_client();
        if (result != SASL_OK)
                return usedgetauth ? EX_TEMPFAIL : EX_UNAVAILABLE;
        do
        {
                result = attemptauth(m, mci, e, &(mci->mci_sai));
                if (result == EX_OK)
                        mci->mci_sasl_auth = true;
                else if (result == EX_TEMPFAIL || result == EX_NOPERM)
                {
                        mci->mci_saslcap = removemech((mci->mci_sai)[SASL_MECH],
                                                      mci->mci_saslcap,
                                                      mci->mci_rpool);
                        if (mci->mci_saslcap == NULL ||
                            *(mci->mci_saslcap) == '\0')
                                return usedgetauth ? result
                                                   : EX_UNAVAILABLE;
                }
                else
                        return result;
        } while (result != EX_OK);
        return result;
}
#endif /* SASL */

/*
**  SMTPMAILFROM -- send MAIL command
**
**      Parameters:
**              m -- the mailer.
**              mci -- the mailer connection structure.
**              e -- the envelope (including the sender to specify).
*/

int
smtpmailfrom(m, mci, e)
        MAILER *m;
        MCI *mci;
        ENVELOPE *e;
{
        int r;
        char *bufp;
        char *bodytype;
        char *enhsc;
        char buf[MAXNAME + 1];
        char optbuf[MAXLINE];

        if (tTd(18, 2))
                sm_dprintf("smtpmailfrom: CurHost=%s\n", CurHostName);
        enhsc = NULL;

        /*
        **  Check if connection is gone, if so
        **  it's a tempfail and we use mci_errno
        **  for the reason.
        */

        if (mci->mci_state == MCIS_CLOSED)
        {
                errno = mci->mci_errno;
                return EX_TEMPFAIL;
        }

        /* set up appropriate options to include */
        if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
        {
                (void) sm_snprintf(optbuf, sizeof(optbuf), " SIZE=%ld",
                        e->e_msgsize);
                bufp = &optbuf[strlen(optbuf)];
        }
        else
        {
                optbuf[0] = '\0';
                bufp = optbuf;
        }

        bodytype = e->e_bodytype;
        if (bitset(MCIF_8BITMIME, mci->mci_flags))
        {
                if (bodytype == NULL &&
                    bitset(MM_MIME8BIT, MimeMode) &&
                    bitset(EF_HAS8BIT, e->e_flags) &&
                    !bitset(EF_DONT_MIME, e->e_flags) &&
                    !bitnset(M_8BITS, m->m_flags))
                        bodytype = "8BITMIME";
                if (bodytype != NULL &&
                    SPACELEFT(optbuf, bufp) > strlen(bodytype) + 7)
                {
                        (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                                 " BODY=%s", bodytype);
                        bufp += strlen(bufp);
                }
        }
        else if (bitnset(M_8BITS, m->m_flags) ||
                 !bitset(EF_HAS8BIT, e->e_flags) ||
                 bitset(MCIF_8BITOK, mci->mci_flags))
        {
                /* EMPTY */
                /* just pass it through */
        }
#if MIME8TO7
        else if (bitset(MM_CVTMIME, MimeMode) &&
                 !bitset(EF_DONT_MIME, e->e_flags) &&
                 (!bitset(MM_PASS8BIT, MimeMode) ||
                  bitset(EF_IS_MIME, e->e_flags)))
        {
                /* must convert from 8bit MIME format to 7bit encoded */
                mci->mci_flags |= MCIF_CVT8TO7;
        }
#endif /* MIME8TO7 */
        else if (!bitset(MM_PASS8BIT, MimeMode))
        {
                /* cannot just send a 8-bit version */
                extern char MsgBuf[];

                usrerrenh("5.6.3", "%s does not support 8BITMIME", CurHostName);
                mci_setstat(mci, EX_NOTSTICKY, "5.6.3", MsgBuf);
                return EX_DATAERR;
        }

        if (bitset(MCIF_DSN, mci->mci_flags))
        {
                if (e->e_envid != NULL &&
                    SPACELEFT(optbuf, bufp) > strlen(e->e_envid) + 7)
                {
                        (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                                 " ENVID=%s", e->e_envid);
                        bufp += strlen(bufp);
                }

                /* RET= parameter */
                if (bitset(EF_RET_PARAM, e->e_flags) &&
                    SPACELEFT(optbuf, bufp) > 9)
                {
                        (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                                 " RET=%s",
                                 bitset(EF_NO_BODY_RETN, e->e_flags) ?
                                        "HDRS" : "FULL");
                        bufp += strlen(bufp);
                }
        }

        if (bitset(MCIF_AUTH, mci->mci_flags) && e->e_auth_param != NULL &&
            SPACELEFT(optbuf, bufp) > strlen(e->e_auth_param) + 7
#if SASL
             && (!bitset(SASL_AUTH_AUTH, SASLOpts) || mci->mci_sasl_auth)
#endif /* SASL */
            )
        {
                (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                         " AUTH=%s", e->e_auth_param);
                bufp += strlen(bufp);
        }

        /*
        **  17 is the max length required, we could use log() to compute
        **  the exact length (and check IS_DLVR_TRACE())
        */

        if (bitset(MCIF_DLVR_BY, mci->mci_flags) &&
            IS_DLVR_BY(e) && SPACELEFT(optbuf, bufp) > 17)
        {
                long dby;

                /*
                **  Avoid problems with delays (for R) since the check
                **  in deliver() whether min-deliver-time is sufficient.
                **  Alternatively we could pass the computed time to this
                **  function.
                */

                dby = e->e_deliver_by - (curtime() - e->e_ctime);
                if (dby <= 0 && IS_DLVR_RETURN(e))
                        dby = mci->mci_min_by <= 0 ? 1 : mci->mci_min_by;
                (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                        " BY=%ld;%c%s",
                        dby,
                        IS_DLVR_RETURN(e) ? 'R' : 'N',
                        IS_DLVR_TRACE(e) ? "T" : "");
                bufp += strlen(bufp);
        }

        /*
        **  Send the MAIL command.
        **      Designates the sender.
        */

        mci->mci_state = MCIS_MAIL;

        if (bitset(EF_RESPONSE, e->e_flags) &&
            !bitnset(M_NO_NULL_FROM, m->m_flags))
                buf[0] = '\0';
        else
                expand("\201g", buf, sizeof(buf), e);
        if (buf[0] == '<')
        {
                /* strip off <angle brackets> (put back on below) */
                bufp = &buf[strlen(buf) - 1];
                if (*bufp == '>')
                        *bufp = '\0';
                bufp = &buf[1];
        }
        else
                bufp = buf;
        if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) ||
            !bitnset(M_FROMPATH, m->m_flags))
        {
                smtpmessage("MAIL From:<%s>%s", m, mci, bufp, optbuf);
        }
        else
        {
                smtpmessage("MAIL From:<@%s%c%s>%s", m, mci, MyHostName,
                            *bufp == '@' ? ',' : ':', bufp, optbuf);
        }
        SmtpPhase = mci->mci_phase = "client MAIL";
        sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
                        CurHostName, mci->mci_phase);
        r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_DEFAULT);
        if (r < 0)
        {
                /* communications failure */
                mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
                return EX_TEMPFAIL;
        }
        else if (r == SMTPCLOSING)
        {
                /* service shutting down: handled by reply() */
                return EX_TEMPFAIL;
        }
        else if (REPLYTYPE(r) == 4)
        {
                mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, smtptodsn(r)),
                            SmtpReplyBuffer);
                return EX_TEMPFAIL;
        }
        else if (REPLYTYPE(r) == 2)
        {
                return EX_OK;
        }
        else if (r == 501)
        {
                /* syntax error in arguments */
                mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.5.2"),
                            SmtpReplyBuffer);
                return EX_DATAERR;
        }
        else if (r == 553)
        {
                /* mailbox name not allowed */
                mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.1.3"),
                            SmtpReplyBuffer);
                return EX_DATAERR;
        }
        else if (r == 552)
        {
                /* exceeded storage allocation */
                mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.3.4"),
                            SmtpReplyBuffer);
                if (bitset(MCIF_SIZE, mci->mci_flags))
                        e->e_flags |= EF_NO_BODY_RETN;
                return EX_UNAVAILABLE;
        }
        else if (REPLYTYPE(r) == 5)
        {
                /* unknown error */
                mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.0.0"),
                            SmtpReplyBuffer);
                return EX_UNAVAILABLE;
        }

        if (LogLevel > 1)
        {
                sm_syslog(LOG_CRIT, e->e_id,
                          "%.100s: SMTP MAIL protocol error: %s",
                          CurHostName,
                          shortenstring(SmtpReplyBuffer, 403));
        }

        /* protocol error -- close up */
        mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
                    SmtpReplyBuffer);
        smtpquit(m, mci, e);
        return EX_PROTOCOL;
}
/*
**  SMTPRCPT -- designate recipient.
**
**      Parameters:
**              to -- address of recipient.
**              m -- the mailer we are sending to.
**              mci -- the connection info for this transaction.
**              e -- the envelope for this transaction.
**
**      Returns:
**              exit status corresponding to recipient status.
**
**      Side Effects:
**              Sends the mail via SMTP.
*/

int
smtprcpt(to, m, mci, e, ctladdr, xstart)
        ADDRESS *to;
        register MAILER *m;
        MCI *mci;
        ENVELOPE *e;
        ADDRESS *ctladdr;
        time_t xstart;
{
        char *bufp;
        char optbuf[MAXLINE];

#if PIPELINING
        /*
        **  If there is status waiting from the other end, read it.
        **  This should normally happen because of SMTP pipelining.
        */

        while (mci->mci_nextaddr != NULL &&
               sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
        {
                int r;

                r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
                if (r != EX_OK)
                {
                        markfailure(e, mci->mci_nextaddr, mci, r, false);
                        giveresponse(r, mci->mci_nextaddr->q_status,  m, mci,
                                     ctladdr, xstart, e, to);
                }
                mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
        }
#endif /* PIPELINING */

        /*
        **  Check if connection is gone, if so
        **  it's a tempfail and we use mci_errno
        **  for the reason.
        */

        if (mci->mci_state == MCIS_CLOSED)
        {
                errno = mci->mci_errno;
                return EX_TEMPFAIL;
        }

        optbuf[0] = '\0';
        bufp = optbuf;

        /*
        **  Warning: in the following it is assumed that the free space
        **  in bufp is sizeof(optbuf)
        */

        if (bitset(MCIF_DSN, mci->mci_flags))
        {
                if (IS_DLVR_NOTIFY(e) &&
                    !bitset(MCIF_DLVR_BY, mci->mci_flags))
                {
                        /* RFC 2852: 4.1.4.2 */
                        if (!bitset(QHASNOTIFY, to->q_flags))
                                to->q_flags |= QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY;
                        else if (bitset(QPINGONSUCCESS, to->q_flags) ||
                                 bitset(QPINGONFAILURE, to->q_flags) ||
                                 bitset(QPINGONDELAY, to->q_flags))
                                to->q_flags |= QPINGONDELAY;
                }

                /* NOTIFY= parameter */
                if (bitset(QHASNOTIFY, to->q_flags) &&
                    bitset(QPRIMARY, to->q_flags) &&
                    !bitnset(M_LOCALMAILER, m->m_flags))
                {
                        bool firstone = true;

                        (void) sm_strlcat(bufp, " NOTIFY=", sizeof(optbuf));
                        if (bitset(QPINGONSUCCESS, to->q_flags))
                        {
                                (void) sm_strlcat(bufp, "SUCCESS", sizeof(optbuf));
                                firstone = false;
                        }
                        if (bitset(QPINGONFAILURE, to->q_flags))
                        {
                                if (!firstone)
                                        (void) sm_strlcat(bufp, ",",
                                                       sizeof(optbuf));
                                (void) sm_strlcat(bufp, "FAILURE", sizeof(optbuf));
                                firstone = false;
                        }
                        if (bitset(QPINGONDELAY, to->q_flags))
                        {
                                if (!firstone)
                                        (void) sm_strlcat(bufp, ",",
                                                       sizeof(optbuf));
                                (void) sm_strlcat(bufp, "DELAY", sizeof(optbuf));
                                firstone = false;
                        }
                        if (firstone)
                                (void) sm_strlcat(bufp, "NEVER", sizeof(optbuf));
                        bufp += strlen(bufp);
                }

                /* ORCPT= parameter */
                if (to->q_orcpt != NULL &&
                    SPACELEFT(optbuf, bufp) > strlen(to->q_orcpt) + 7)
                {
                        (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
                                 " ORCPT=%s", to->q_orcpt);
                        bufp += strlen(bufp);
                }
        }

        smtpmessage("RCPT To:<%s>%s", m, mci, to->q_user, optbuf);
        mci->mci_state = MCIS_RCPT;

        SmtpPhase = mci->mci_phase = "client RCPT";
        sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
                        CurHostName, mci->mci_phase);

#if PIPELINING
        /*
        **  If running SMTP pipelining, we will pick up status later
        */

        if (bitset(MCIF_PIPELINED, mci->mci_flags))
                return EX_OK;
#endif /* PIPELINING */

        return smtprcptstat(to, m, mci, e);
}
/*
**  SMTPRCPTSTAT -- get recipient status
**
**      This is only called during SMTP pipelining
**
**      Parameters:
**              to -- address of recipient.
**              m -- mailer being sent to.
**              mci -- the mailer connection information.
**              e -- the envelope for this message.
**
**      Returns:
**              EX_* -- protocol status
*/

static int
smtprcptstat(to, m, mci, e)
        ADDRESS *to;
        MAILER *m;
        register MCI *mci;
        register ENVELOPE *e;
{
        int r;
        int save_errno;
        char *enhsc;

        /*
        **  Check if connection is gone, if so
        **  it's a tempfail and we use mci_errno
        **  for the reason.
        */

        if (mci->mci_state == MCIS_CLOSED)
        {
                errno = mci->mci_errno;
                return EX_TEMPFAIL;
        }

        enhsc = NULL;
        r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_DEFAULT);
        save_errno = errno;
        to->q_rstatus = sm_rpool_strdup_x(e->e_rpool, SmtpReplyBuffer);
        to->q_status = ENHSCN_RPOOL(enhsc, smtptodsn(r), e->e_rpool);
        if (!bitnset(M_LMTP, m->m_flags))
                to->q_statmta = mci->mci_host;
        if (r < 0 || REPLYTYPE(r) == 4)
        {
                mci->mci_retryrcpt = true;
                errno = save_errno;
                return EX_TEMPFAIL;
        }
        else if (REPLYTYPE(r) == 2)
        {
                char *t;

                if ((t = mci->mci_tolist) != NULL)
                {
                        char *p;

                        *t++ = ',';
                        for (p = to->q_paddr; *p != '\0'; *t++ = *p++)
                                continue;
                        *t = '\0';
                        mci->mci_tolist = t;
                }
#if PIPELINING
                mci->mci_okrcpts++;
#endif /* PIPELINING */
                return EX_OK;
        }
        else if (r == 550)
        {
                to->q_status = ENHSCN_RPOOL(enhsc, "5.1.1", e->e_rpool);
                return EX_NOUSER;
        }
        else if (r == 551)
        {
                to->q_status = ENHSCN_RPOOL(enhsc, "5.1.6", e->e_rpool);
                return EX_NOUSER;
        }
        else if (r == 553)
        {
                to->q_status = ENHSCN_RPOOL(enhsc, "5.1.3", e->e_rpool);
                return EX_NOUSER;
        }
        else if (REPLYTYPE(r) == 5)
        {
                return EX_UNAVAILABLE;
        }

        if (LogLevel > 1)
        {
                sm_syslog(LOG_CRIT, e->e_id,
                          "%.100s: SMTP RCPT protocol error: %s",
                          CurHostName,
                          shortenstring(SmtpReplyBuffer, 403));
        }

        mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
                    SmtpReplyBuffer);
        return EX_PROTOCOL;
}
/*
**  SMTPDATA -- send the data and clean up the transaction.
**
**      Parameters:
**              m -- mailer being sent to.
**              mci -- the mailer connection information.
**              e -- the envelope for this message.
**
**      Returns:
**              exit status corresponding to DATA command.
*/

int
smtpdata(m, mci, e, ctladdr, xstart)
        MAILER *m;
        register MCI *mci;
        register ENVELOPE *e;
        ADDRESS *ctladdr;
        time_t xstart;
{
        register int r;
        int rstat;
        int xstat;
        int timeout;
        char *enhsc;

        /*
        **  Check if connection is gone, if so
        **  it's a tempfail and we use mci_errno
        **  for the reason.
        */

        if (mci->mci_state == MCIS_CLOSED)
        {
                errno = mci->mci_errno;
                return EX_TEMPFAIL;
        }

        enhsc = NULL;

        /*
        **  Send the data.
        **      First send the command and check that it is ok.
        **      Then send the data (if there are valid recipients).
        **      Follow it up with a dot to terminate.
        **      Finally get the results of the transaction.
        */

        /* send the command and check ok to proceed */
        smtpmessage("DATA", m, mci);

#if PIPELINING
        if (mci->mci_nextaddr != NULL)
        {
                char *oldto = e->e_to;

                /* pick up any pending RCPT responses for SMTP pipelining */
                while (mci->mci_nextaddr != NULL)
                {
                        int r;

                        e->e_to = mci->mci_nextaddr->q_paddr;
                        r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
                        if (r != EX_OK)
                        {
                                markfailure(e, mci->mci_nextaddr, mci, r,
                                            false);
                                giveresponse(r, mci->mci_nextaddr->q_status, m,
                                             mci, ctladdr, xstart, e,
                                             mci->mci_nextaddr);
                                if (r == EX_TEMPFAIL)
                                        mci->mci_nextaddr->q_state = QS_RETRY;
                        }
                        mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
                }
                e->e_to = oldto;

                /*
                **  Connection might be closed in response to a RCPT command,
                **  i.e., the server responded with 421. In that case (at
                **  least) one RCPT has a temporary failure, hence we don't
                **  need to check mci_okrcpts (as it is done below) to figure
                **  out which error to return.
                */

                if (mci->mci_state == MCIS_CLOSED)
                {
                        errno = mci->mci_errno;
                        return EX_TEMPFAIL;
                }
        }
#endif /* PIPELINING */

        /* now proceed with DATA phase */
        SmtpPhase = mci->mci_phase = "client DATA 354";
        mci->mci_state = MCIS_DATA;
        sm_setproctitle(true, e, "%s %s: %s",
                        qid_printname(e), CurHostName, mci->mci_phase);
        r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DEFAULT);
        if (r < 0 || REPLYTYPE(r) == 4)
        {
                if (r >= 0)
                        smtpquit(m, mci, e);
                errno = mci->mci_errno;
                return EX_TEMPFAIL;
        }
        else if (REPLYTYPE(r) == 5)
        {
                smtprset(m, mci, e);
#if PIPELINING
                if (mci->mci_okrcpts <= 0)
                        return mci->mci_retryrcpt ? EX_TEMPFAIL
                                                  : EX_UNAVAILABLE;
#endif /* PIPELINING */
                return EX_UNAVAILABLE;
        }
        else if (REPLYTYPE(r) != 3)
        {
                if (LogLevel > 1)
                {
                        sm_syslog(LOG_CRIT, e->e_id,
                                  "%.100s: SMTP DATA-1 protocol error: %s",
                                  CurHostName,
                                  shortenstring(SmtpReplyBuffer, 403));
                }
                smtprset(m, mci, e);
                mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
                            SmtpReplyBuffer);
#if PIPELINING
                if (mci->mci_okrcpts <= 0)
                        return mci->mci_retryrcpt ? EX_TEMPFAIL
                                                  : EX_PROTOCOL;
#endif /* PIPELINING */
                return EX_PROTOCOL;
        }

#if PIPELINING
        if (mci->mci_okrcpts > 0)
        {
#endif /* PIPELINING */

        /*
        **  Set timeout around data writes.  Make it at least large
        **  enough for DNS timeouts on all recipients plus some fudge
        **  factor.  The main thing is that it should not be infinite.
        */

        if (tTd(18, 101))
        {
                /* simulate a DATA timeout */
                timeout = 10;
        }
        else
                timeout = DATA_PROGRESS_TIMEOUT * 1000;
        sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);


        /*
        **  Output the actual message.
        */

        if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
                goto writeerr;

        if (tTd(18, 101))
        {
                /* simulate a DATA timeout */
                (void) sleep(2);
        }

        if (!(*e->e_putbody)(mci, e, NULL))
                goto writeerr;

        /*
        **  Cleanup after sending message.
        */


#if PIPELINING
        }
#endif /* PIPELINING */

#if _FFR_CATCH_BROKEN_MTAS
        if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
        {
                /* terminate the message */
                (void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s",
                                     m->m_eol);
                if (TrafficLogFile != NULL)
                        (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
                                             "%05d >>> .\n", (int) CurrentPid);
                if (Verbose)
                        nmessage(">>> .");

                sm_syslog(LOG_CRIT, e->e_id,
                          "%.100s: SMTP DATA-1 protocol error: remote server returned response before final dot",
                          CurHostName);
                mci->mci_errno = EIO;
                mci->mci_state = MCIS_ERROR;
                mci_setstat(mci, EX_PROTOCOL, "5.5.0", NULL);
                smtpquit(m, mci, e);
                return EX_PROTOCOL;
        }
#endif /* _FFR_CATCH_BROKEN_MTAS */

        if (sm_io_error(mci->mci_out))
        {
                /* error during processing -- don't send the dot */
                mci->mci_errno = EIO;
                mci->mci_state = MCIS_ERROR;
                mci_setstat(mci, EX_IOERR, "4.4.2", NULL);
                smtpquit(m, mci, e);
                return EX_IOERR;
        }

        /* terminate the message */
        if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s.%s",
                        bitset(MCIF_INLONGLINE, mci->mci_flags) ? m->m_eol : "",
                        m->m_eol) == SM_IO_EOF)
                goto writeerr;
        if (TrafficLogFile != NULL)
                (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
                                     "%05d >>> .\n", (int) CurrentPid);
        if (Verbose)
                nmessage(">>> .");

        /* check for the results of the transaction */
        SmtpPhase = mci->mci_phase = "client DATA status";
        sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
                        CurHostName, mci->mci_phase);
        if (bitnset(M_LMTP, m->m_flags))
                return EX_OK;
        r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
        if (r < 0)
                return EX_TEMPFAIL;
        if (mci->mci_state == MCIS_DATA)
                mci->mci_state = MCIS_OPEN;
        xstat = EX_NOTSTICKY;
        if (r == 452)
                rstat = EX_TEMPFAIL;
        else if (REPLYTYPE(r) == 4)
                rstat = xstat = EX_TEMPFAIL;
        else if (REPLYTYPE(r) == 2)
                rstat = xstat = EX_OK;
        else if (REPLYCLASS(r) != 5)
                rstat = xstat = EX_PROTOCOL;
        else if (REPLYTYPE(r) == 5)
                rstat = EX_UNAVAILABLE;
        else
                rstat = EX_PROTOCOL;
        mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)),
                    SmtpReplyBuffer);
        if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
            (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
                r += 5;
        else
                r = 4;
        e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[r]);
        SmtpPhase = mci->mci_phase = "idle";
        sm_setproctitle(true, e, "%s: %s", CurHostName, mci->mci_phase);
        if (rstat != EX_PROTOCOL)
                return rstat;
        if (LogLevel > 1)
        {
                sm_syslog(LOG_CRIT, e->e_id,
                          "%.100s: SMTP DATA-2 protocol error: %s",
                          CurHostName,
                          shortenstring(SmtpReplyBuffer, 403));
        }
        return rstat;

  writeerr:
        mci->mci_errno = errno;
        mci->mci_state = MCIS_ERROR;
        mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);

        /*
        **  If putbody() couldn't finish due to a timeout,
        **  rewind it here in the timeout handler.  See
        **  comments at the end of putbody() for reasoning.
        */

        if (e->e_dfp != NULL)
                (void) bfrewind(e->e_dfp);

        errno = mci->mci_errno;
        syserr("451 4.4.1 timeout writing message to %s", CurHostName);
        smtpquit(m, mci, e);
        return EX_TEMPFAIL;
}

/*
**  SMTPGETSTAT -- get status code from DATA in LMTP
**
**      Parameters:
**              m -- the mailer to which we are sending the message.
**              mci -- the mailer connection structure.
**              e -- the current envelope.
**
**      Returns:
**              The exit status corresponding to the reply code.
*/

int
smtpgetstat(m, mci, e)
        MAILER *m;
        MCI *mci;
        ENVELOPE *e;
{
        int r;
        int off;
        int status, xstat;
        char *enhsc;

        enhsc = NULL;

        /* check for the results of the transaction */
        r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
        if (r < 0)
                return EX_TEMPFAIL;
        xstat = EX_NOTSTICKY;
        if (REPLYTYPE(r) == 4)
                status = EX_TEMPFAIL;
        else if (REPLYTYPE(r) == 2)
                status = xstat = EX_OK;
        else if (REPLYCLASS(r) != 5)
                status = xstat = EX_PROTOCOL;
        else if (REPLYTYPE(r) == 5)
                status = EX_UNAVAILABLE;
        else
                status = EX_PROTOCOL;
        if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
            (off = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
                off += 5;
        else
                off = 4;
        e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[off]);
        mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer);
        if (LogLevel > 1 && status == EX_PROTOCOL)
        {
                sm_syslog(LOG_CRIT, e->e_id,
                          "%.100s: SMTP DATA-3 protocol error: %s",
                          CurHostName,
                          shortenstring(SmtpReplyBuffer, 403));
        }
        return status;
}
/*
**  SMTPQUIT -- close the SMTP connection.
**
**      Parameters:
**              m -- a pointer to the mailer.
**              mci -- the mailer connection information.
**              e -- the current envelope.
**
**      Returns:
**              none.
**
**      Side Effects:
**              sends the final protocol and closes the connection.
*/

void
smtpquit(m, mci, e)
        register MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
{
        bool oldSuprErrs = SuprErrs;
        int rcode;
        char *oldcurhost;

        if (mci->mci_state == MCIS_CLOSED)
        {
                mci_close(mci, "smtpquit:1");
                return;
        }

        oldcurhost = CurHostName;
        CurHostName = mci->mci_host;            /* XXX UGLY XXX */
        if (CurHostName == NULL)
                CurHostName = MyHostName;

#if PIPELINING
        mci->mci_okrcpts = 0;
#endif /* PIPELINING */

        /*
        **      Suppress errors here -- we may be processing a different
        **      job when we do the quit connection, and we don't want the
        **      new job to be penalized for something that isn't it's
        **      problem.
        */

        SuprErrs = true;

        /* send the quit message if we haven't gotten I/O error */
        if (mci->mci_state != MCIS_ERROR &&
            mci->mci_state != MCIS_QUITING)
        {
                SmtpPhase = "client QUIT";
                mci->mci_state = MCIS_QUITING;
                smtpmessage("QUIT", m, mci);
                (void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL,
                                XS_DEFAULT);
                SuprErrs = oldSuprErrs;
                if (mci->mci_state == MCIS_CLOSED)
                        goto end;
        }

        /* now actually close the connection and pick up the zombie */
        rcode = endmailer(mci, e, NULL);
        if (rcode != EX_OK)
        {
                char *mailer = NULL;

                if (mci->mci_mailer != NULL &&
                    mci->mci_mailer->m_name != NULL)
                        mailer = mci->mci_mailer->m_name;

                /* look for naughty mailers */
                sm_syslog(LOG_ERR, e->e_id,
                          "smtpquit: mailer%s%s exited with exit value %d",
                          mailer == NULL ? "" : " ",
                          mailer == NULL ? "" : mailer,
                          rcode);
        }

        SuprErrs = oldSuprErrs;

  end:
        CurHostName = oldcurhost;
        return;
}
/*
**  SMTPRSET -- send a RSET (reset) command
**
**      Parameters:
**              m -- a pointer to the mailer.
**              mci -- the mailer connection information.
**              e -- the current envelope.
**
**      Returns:
**              none.
**
**      Side Effects:
**              closes the connection if there is no reply to RSET.
*/

void
smtprset(m, mci, e)
        register MAILER *m;
        register MCI *mci;
        ENVELOPE *e;
{
        int r;

        CurHostName = mci->mci_host;            /* XXX UGLY XXX */
        if (CurHostName == NULL)
                CurHostName = MyHostName;

#if PIPELINING
        mci->mci_okrcpts = 0;
#endif /* PIPELINING */

        /*
        **  Check if connection is gone, if so
        **  it's a tempfail and we use mci_errno
        **  for the reason.
        */

        if (mci->mci_state == MCIS_CLOSED)
        {
                errno = mci->mci_errno;
                return;
        }

        SmtpPhase = "client RSET";
        smtpmessage("RSET", m, mci);
        r = reply(m, mci, e, TimeOuts.to_rset, NULL, NULL, XS_DEFAULT);
        if (r < 0)
                return;

        /*
        **  Any response is deemed to be acceptable.
        **  The standard does not state the proper action
        **  to take when a value other than 250 is received.
        **
        **  However, if 421 is returned for the RSET, leave
        **  mci_state alone (MCIS_SSD can be set in reply()
        **  and MCIS_CLOSED can be set in smtpquit() if
        **  reply() gets a 421 and calls smtpquit()).
        */

        if (mci->mci_state != MCIS_SSD && mci->mci_state != MCIS_CLOSED)
                mci->mci_state = MCIS_OPEN;
        else if (mci->mci_exitstat == EX_OK)
                mci_setstat(mci, EX_TEMPFAIL, "4.5.0", NULL);
}
/*
**  SMTPPROBE -- check the connection state
**
**      Parameters:
**              mci -- the mailer connection information.
**
**      Returns:
**              none.
**
**      Side Effects:
**              closes the connection if there is no reply to RSET.
*/

int
smtpprobe(mci)
        register MCI *mci;
{
        int r;
        MAILER *m = mci->mci_mailer;
        ENVELOPE *e;
        extern ENVELOPE BlankEnvelope;

        CurHostName = mci->mci_host;            /* XXX UGLY XXX */
        if (CurHostName == NULL)
                CurHostName = MyHostName;

        e = &BlankEnvelope;
        SmtpPhase = "client probe";
        smtpmessage("RSET", m, mci);
        r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, NULL, XS_DEFAULT);
        if (REPLYTYPE(r) != 2)
                smtpquit(m, mci, e);
        return r;
}
/*
**  REPLY -- read arpanet reply
**
**      Parameters:
**              m -- the mailer we are reading the reply from.
**              mci -- the mailer connection info structure.
**              e -- the current envelope.
**              timeout -- the timeout for reads.
**              pfunc -- processing function called on each line of response.
**                      If null, no special processing is done.
**              enhstat -- optional, returns enhanced error code string (if set)
**              rtype -- type of SmtpMsgBuffer: does it contains secret data?
**
**      Returns:
**              reply code it reads.
**
**      Side Effects:
**              flushes the mail file.
*/

int
reply(m, mci, e, timeout, pfunc, enhstat, rtype)
        MAILER *m;
        MCI *mci;
        ENVELOPE *e;
        time_t timeout;
        void (*pfunc) __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
        char **enhstat;
        int rtype;
{
        register char *bufp;
        register int r;
        bool firstline = true;
        char junkbuf[MAXLINE];
        static char enhstatcode[ENHSCLEN];
        int save_errno;

        /*
        **  Flush the output before reading response.
        **
        **      For SMTP pipelining, it would be better if we didn't do
        **      this if there was already data waiting to be read.  But
        **      to do it properly means pushing it to the I/O library,
        **      since it really needs to be done below the buffer layer.
        */

        if (mci->mci_out != NULL)
                (void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);

        if (tTd(18, 1))
                sm_dprintf("reply\n");

        /*
        **  Read the input line, being careful not to hang.
        */

        bufp = SmtpReplyBuffer;
        set_tls_rd_tmo(timeout);
        for (;;)
        {
                register char *p;

                /* actually do the read */
                if (e->e_xfp != NULL)   /* for debugging */
                        (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);

                /* if we are in the process of closing just give the code */
                if (mci->mci_state == MCIS_CLOSED)
                        return SMTPCLOSING;

                /* don't try to read from a non-existent fd */
                if (mci->mci_in == NULL)
                {
                        if (mci->mci_errno == 0)
                                mci->mci_errno = EBADF;

                        /* errors on QUIT should be ignored */
                        if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
                        {
                                errno = mci->mci_errno;
                                mci_close(mci, "reply:1");
                                return -1;
                        }
                        mci->mci_state = MCIS_ERROR;
                        smtpquit(m, mci, e);
                        errno = mci->mci_errno;
                        return -1;
                }

                if (mci->mci_out != NULL)
                        (void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);

                /* get the line from the other side */
                p = sfgets(bufp, MAXLINE, mci->mci_in, timeout, SmtpPhase);
                save_errno = errno;
                mci->mci_lastuse = curtime();

                if (p == NULL)
                {
                        bool oldholderrs;
                        extern char MsgBuf[];

                        /* errors on QUIT should be ignored */
                        if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
                        {
                                mci_close(mci, "reply:2");
                                return -1;
                        }

                        /* if the remote end closed early, fake an error */
                        errno = save_errno;
                        if (errno == 0)
                        {
                                (void) sm_snprintf(SmtpReplyBuffer,
                                                   sizeof(SmtpReplyBuffer),
                                                   "421 4.4.1 Connection reset by %s",
                                                   CURHOSTNAME);
#ifdef ECONNRESET
                                errno = ECONNRESET;
#else /* ECONNRESET */
                                errno = EPIPE;
#endif /* ECONNRESET */
                        }

                        mci->mci_errno = errno;
                        oldholderrs = HoldErrs;
                        HoldErrs = true;
                        usrerr("451 4.4.1 reply: read error from %s",
                               CURHOSTNAME);
                        mci_setstat(mci, EX_TEMPFAIL, "4.4.2", MsgBuf);

                        /* if debugging, pause so we can see state */
                        if (tTd(18, 100))
                                (void) pause();
                        mci->mci_state = MCIS_ERROR;
                        smtpquit(m, mci, e);
#if XDEBUG
                        {
                                char wbuf[MAXLINE];

                                p = wbuf;
                                if (e->e_to != NULL)
                                {
                                        (void) sm_snprintf(p,
                                                           SPACELEFT(wbuf, p),
                                                           "%s... ",
                                                           shortenstring(e->e_to, MAXSHORTSTR));
                                        p += strlen(p);
                                }
                                (void) sm_snprintf(p, SPACELEFT(wbuf, p),
                                                   "reply(%.100s) during %s",
                                                   CURHOSTNAME, SmtpPhase);
                                checkfd012(wbuf);
                        }
#endif /* XDEBUG */
                        HoldErrs = oldholderrs;
                        errno = save_errno;
                        return -1;
                }
                fixcrlf(bufp, true);

                /* EHLO failure is not a real error */
                if (e->e_xfp != NULL && (bufp[0] == '4' ||
                    (bufp[0] == '5' && strncmp(SmtpMsgBuffer, "EHLO", 4) != 0)))
                {
                        /* serious error -- log the previous command */
                        if (SmtpNeedIntro)
                        {
                                /* inform user who we are chatting with */
                                (void) sm_io_fprintf(CurEnv->e_xfp,
                                                     SM_TIME_DEFAULT,
                                                     "... while talking to %s:\n",
                                                     CURHOSTNAME);
                                SmtpNeedIntro = false;
                        }
                        if (SmtpMsgBuffer[0] != '\0')
                        {
                                (void) sm_io_fprintf(e->e_xfp,
                                        SM_TIME_DEFAULT,
                                        ">>> %s\n",
                                        (rtype == XS_STARTTLS)
                                        ? "STARTTLS dialogue"
                                        : ((rtype == XS_AUTH)
                                           ? "AUTH dialogue"
                                           : SmtpMsgBuffer));
                                SmtpMsgBuffer[0] = '\0';
                        }

                        /* now log the message as from the other side */
                        (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
                                             "<<< %s\n", bufp);
                }

                /* display the input for verbose mode */
                if (Verbose)
                        nmessage("050 %s", bufp);

                /* ignore improperly formatted input */
                if (!ISSMTPREPLY(bufp))
                        continue;

                if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
                    enhstat != NULL &&
                    extenhsc(bufp + 4, ' ', enhstatcode) > 0)
                        *enhstat = enhstatcode;

                /* process the line */
                if (pfunc != NULL)
                        (*pfunc)(bufp, firstline, m, mci, e);

                firstline = false;

                /* decode the reply code */
                r = atoi(bufp);

                /* extra semantics: 0xx codes are "informational" */
                if (r < 100)
                        continue;

                /* if no continuation lines, return this line */
                if (bufp[3] != '-')
                        break;

                /* first line of real reply -- ignore rest */
                bufp = junkbuf;
        }

        /*
        **  Now look at SmtpReplyBuffer -- only care about the first
        **  line of the response from here on out.
        */

        /* save temporary failure messages for posterity */
        if (SmtpReplyBuffer[0] == '4')
                (void) sm_strlcpy(SmtpError, SmtpReplyBuffer, sizeof(SmtpError));

        /* reply code 421 is "Service Shutting Down" */
        if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD &&
            mci->mci_state != MCIS_QUITING)
        {
                /* send the quit protocol */
                mci->mci_state = MCIS_SSD;
                smtpquit(m, mci, e);
        }

        return r;
}
/*
**  SMTPMESSAGE -- send message to server
**
**      Parameters:
**              f -- format
**              m -- the mailer to control formatting.
**              a, b, c -- parameters
**
**      Returns:
**              none.
**
**      Side Effects:
**              writes message to mci->mci_out.
*/

/*VARARGS1*/
void
#ifdef __STDC__
smtpmessage(char *f, MAILER *m, MCI *mci, ...)
#else /* __STDC__ */
smtpmessage(f, m, mci, va_alist)
        char *f;
        MAILER *m;
        MCI *mci;
        va_dcl
#endif /* __STDC__ */
{
        SM_VA_LOCAL_DECL

        SM_VA_START(ap, mci);
        (void) sm_vsnprintf(SmtpMsgBuffer, sizeof(SmtpMsgBuffer), f, ap);
        SM_VA_END(ap);

        if (tTd(18, 1) || Verbose)
                nmessage(">>> %s", SmtpMsgBuffer);
        if (TrafficLogFile != NULL)
                (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
                                     "%05d >>> %s\n", (int) CurrentPid,
                                     SmtpMsgBuffer);
        if (mci->mci_out != NULL)
        {
                (void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s%s",
                                     SmtpMsgBuffer, m == NULL ? "\r\n"
                                                              : m->m_eol);
        }
        else if (tTd(18, 1))
        {
                sm_dprintf("smtpmessage: NULL mci_out\n");
        }
}