[PATCH] realrcptto

author: manuel <manuel@mausz.at> 2013-02-05 23:48:16 +0100
committer: manuel <manuel@mausz.at> 2013-02-05 23:48:16 +0100
commit: b0c5a1bf27516611d34b6b7d56a0376e3c64171b (patch)
tree: 775492f51e62ed7b0dfe1eba75bfd189950c470f /realrcptto.c
parent: e52f8862b7bd6519055296a9b757259c0fd358d7 (diff)
download: qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.tar.gz
qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.tar.bz2
qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.zip
1 files changed, 421 insertions, 0 deletions
diff --git a/realrcptto.c b/realrcptto.c
new file mode 100644
index 0000000..7ec331a
--- /dev/null
+++ b/realrcptto.c
@@ -0,0 +1,421 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <pwd.h>
+#include "auto_break.h"
+#include "auto_usera.h"
+#include "byte.h"
+#include "case.h"
+#include "cdb.h"
+#include "constmap.h"
+#include "error.h"
+#include "fmt.h"
+#include "open.h"
+#include "str.h"
+#include "stralloc.h"
+#include "uint32.h"
+#include "substdio.h"
+#include "env.h"
+#include "slurpclose.h"
+extern void die_nomem();
+extern void die_control();
+extern void die_cdb();
+extern void die_sys();
+static stralloc envnoathost = {0};
+static stralloc percenthack = {0};
+static stralloc locals = {0};
+static stralloc vdoms = {0};
+static struct constmap mappercenthack;
+static struct constmap maplocals;
+static struct constmap mapvdoms;
+static char *dash;
+static char *extension;
+static char *local;
+static struct passwd *pw;
+static char errbuf[128];
+static struct substdio sserr = SUBSTDIO_FDBUF(write,2,errbuf,sizeof errbuf);
+static char pidbuf[64];
+static char remoteipbuf[64]=" ";
+static int flagdenyall;
+static int flagdenyany;
+void realrcptto_init()
+{
+  char *x;
+  if (control_rldef(&envnoathost,"control/envnoathost",1,"envnoathost") != 1)
+    die_control();
+  if (control_readfile(&locals,"control/locals",1) != 1) die_control();
+  if (!constmap_init(&maplocals,locals.s,locals.len,0)) die_nomem();
+  switch(control_readfile(&percenthack,"control/percenthack",0)) {
+    case -1: die_control();
+    case 0: if (!constmap_init(&mappercenthack,"",0,0)) die_nomem();
+    case 1:
+      if (!constmap_init(&mappercenthack,percenthack.s,percenthack.len,0))
+        die_nomem();
+  }
+  switch(control_readfile(&vdoms,"control/virtualdomains",0)) {
+    case -1: die_control();
+    case 0: if (!constmap_init(&mapvdoms,"",0,1)) die_nomem();
+    case 1: if (!constmap_init(&mapvdoms,vdoms.s,vdoms.len,1)) die_nomem();
+  }
+  str_copy(pidbuf + fmt_ulong(pidbuf,getpid())," ");
+  x=env_get("PROTO");
+  if (x) {
+    static char const remoteip[]="REMOTEIP";
+    unsigned int len = str_len(x);
+    if (len <= sizeof remoteipbuf - sizeof remoteip) {
+      byte_copy(remoteipbuf,len,x);
+      byte_copy(remoteipbuf + len,sizeof remoteip,remoteip);
+      x = env_get(remoteipbuf);
+      len = str_len(x);
+      if (len + 1 < sizeof remoteipbuf) {
+        byte_copy(remoteipbuf,len,x);
+        remoteipbuf[len]=' ';
+        remoteipbuf[len + 1]='\0';
+      }
+    }
+  }
+  x = env_get("QMAILRRTDENYALL");
+  flagdenyall = (x && x[0]=='1' && x[1]=='\0');
+}
+void realrcptto_start()
+{
+  flagdenyany = 0;
+}
+static int denyaddr(addr, depth)
+char *addr;
+int depth;
+{
+  if (depth == 1)
+  {
+    substdio_puts(&sserr,"realrcptto ");
+    substdio_puts(&sserr,pidbuf);
+    substdio_puts(&sserr,remoteipbuf);
+    substdio_puts(&sserr,addr);
+    substdio_puts(&sserr,"\n");
+    substdio_flush(&sserr);
+    flagdenyany = 1;
+  }
+  return flagdenyall;
+}
+static void stat_error(path,error)
+char* path;
+int error;
+{
+  substdio_puts(&sserr,"unable to stat ");
+  substdio_puts(&sserr,path);
+  substdio_puts(&sserr,": ");
+  substdio_puts(&sserr,error_str(error));
+  substdio_puts(&sserr,"\n");
+  substdio_flush(&sserr);
+}
+#define GETPW_USERLEN 32
+static int userext()
+{
+  char username[GETPW_USERLEN];
+  struct stat st;
+  extension = local + str_len(local);
+  for (;;) {
+    if (extension - local < sizeof(username))
+      if (!*extension || (*extension == *auto_break)) {
+        byte_copy(username,extension - local,local);
+        username[extension - local] = 0;
+        case_lowers(username);
+        errno = 0;
+        pw = getpwnam(username);
+        if (errno == error_txtbsy) die_sys();
+        if (pw)
+          if (pw->pw_uid)
+            if (stat(pw->pw_dir,&st) == 0) {
+              if (st.st_uid == pw->pw_uid) {
+                dash = "";
+                if (*extension) { ++extension; dash = "-"; }
+                return 1;
+              }
+            }
+            else
+              if (error_temp(errno)) die_sys();
+      }
+    if (extension == local) return 0;
+    --extension;
+  }
+}
+// max lookups
+#define MAXRECURSION 5
+static int handleqme(qme, depth)
+stralloc *qme;
+int depth;
+{
+  stralloc cmds = {0};
+  char *username = NULL;
+  int fd, i, j, k, count;
+  if (depth >= MAXRECURSION) return 0;
+  if (!stralloc_ready(&cmds,0)) die_nomem();
+  cmds.len = 0;
+  fd = open_read(qme->s);
+  if (fd == -1) return 0;
+  if (slurpclose(fd,&cmds,256) == -1) die_nomem();
+  if (!cmds.len || (cmds.s[cmds.len - 1] != '\n'))
+    if (!stralloc_cats(&cmds,"\n")) die_nomem();
+  i = count = 0;
+  for (j = 0;j < cmds.len;++j)
+  {
+    if (cmds.s[j] == '\n')
+    {
+      cmds.s[j] = 0;
+      k = j;
+      while ((k > i) && ((cmds.s[k - 1] == ' ') || (cmds.s[k - 1] == '\t')))
+        cmds.s[--k] = 0;
+      switch(cmds.s[i])
+      {
+        case 0:
+        case '#':
+        case '.':
+        case '/':
+        case '|':
+        case '+':
+          break;
+        case '&':
+          ++i;
+        default:
+          count++;
+          username = cmds.s + i;
+          break;
+      }
+      i = j + 1;
+    }
+  }
+  if (count == 1 && username)
+    realrcptto(username, ++depth);
+  return 1;
+}
+int realrcptto(addr, depth)
+char *addr;
+int depth;
+{
+  env_unset("DTUSER");
+  return realrcptto_ex(addr, depth);
+}
+int realrcptto_ex(addr, depth)
+char *addr;
+int depth;
+{
+  char *homedir, *username;
+  static stralloc localpart = {0};
+  static stralloc lower = {0};
+  static stralloc nughde = {0};
+  static stralloc wildchars = {0};
+  static stralloc safeext = {0};
+  static stralloc qme = {0};
+  unsigned int i,at;
+  /* Short circuit, or full logging?  Short circuit. */
+  if (flagdenyall && flagdenyany) return 1;
+  /* qmail-send:rewrite */
+  if (!stralloc_copys(&localpart,addr)) die_nomem();
+  i = byte_rchr(localpart.s,localpart.len,'@');
+  if (i == localpart.len) {
+    if (!stralloc_cats(&localpart,"@")) die_nomem();
+    if (!stralloc_cat(&localpart,&envnoathost)) die_nomem();
+  }
+  while (constmap(&mappercenthack,localpart.s + i + 1,localpart.len - i - 1)) {
+    unsigned int j = byte_rchr(localpart.s,i,'%');
+    if (j == i) break;
+    localpart.len = i;
+    i = j;
+    localpart.s[i] = '@';
+  }
+  at = byte_rchr(localpart.s,localpart.len,'@');
+  if (constmap(&maplocals,localpart.s + at + 1,localpart.len - at - 1)) {
+    localpart.len = at;
+    localpart.s[at] = '\0';
+  } else {
+    unsigned int xlen,newlen;
+    char *x;
+    for (i = 0;;++i) {
+      if (i > localpart.len) return denyaddr(addr, depth);
+      if (!i || (i == at + 1) || (i == localpart.len) ||
+          ((i > at) && (localpart.s[i] == '.'))) {
+        x = constmap(&mapvdoms,localpart.s + i,localpart.len - i);
+        if (x && i == at + 1) {
+          // set QMAILQUEUE if catch-all
+          char *qmailqueue;
+          qmailqueue = env_get("QMAILQUEUE");
+          if (qmailqueue) {
+            if (!env_put("QMAILQUEUE=bin/qmail-queue")) die_nomem();
+          }
+        }
+        if (x) break;
+      }
+    }
+    if (!*x) return 1;
+    xlen = str_len(x) + 1;  /* +1 for '-' */
+    newlen = xlen + at + 1; /* +1 for \0 */
+    if (xlen < 1 || newlen - 1 < xlen || newlen < 1 ||
+        !stralloc_ready(&localpart,newlen))
+      die_nomem();
+    localpart.s[newlen - 1] = '\0';
+    byte_copyr(localpart.s + xlen,at,localpart.s);
+    localpart.s[xlen - 1] = '-';
+    byte_copy(localpart.s,xlen - 1,x);
+    localpart.len = newlen;
+  }
+  /* qmail-lspawn:nughde_get */
+  {
+    int r,fd,flagwild;
+    if (!stralloc_copys(&lower,"!")) die_nomem();
+    if (!stralloc_cats(&lower,localpart.s)) die_nomem();
+    if (!stralloc_0(&lower)) die_nomem();
+    case_lowerb(lower.s,lower.len);
+    if (!stralloc_copys(&nughde,"")) die_nomem();
+    fd = open_read("users/cdb");
+    if (fd == -1) {
+      if (errno != error_noent) die_cdb();
+    } else {
+      uint32 dlen;
+      r = cdb_seek(fd,"",0,&dlen);
+      if (r != 1) die_cdb();
+      if (!stralloc_ready(&wildchars,(unsigned int) dlen)) die_nomem();
+      wildchars.len = dlen;
+      if (cdb_bread(fd,wildchars.s,wildchars.len) == -1) die_cdb();
+      i = lower.len;
+      flagwild = 0;
+      do { /* i > 0 */
+        if (!flagwild || (i == 1) ||
+            (byte_chr(wildchars.s,wildchars.len,lower.s[i - 1])
+             < wildchars.len)) {
+          r = cdb_seek(fd,lower.s,i,&dlen);
+          if (r == -1) die_cdb();
+          if (r == 1) {
+            char *x;
+            if (!stralloc_ready(&nughde,(unsigned int) dlen)) die_nomem();
+            nughde.len = dlen;
+            if (cdb_bread(fd,nughde.s,nughde.len) == -1) die_cdb();
+            if (flagwild)
+              if (!stralloc_cats(&nughde,localpart.s + i - 1)) die_nomem();
+            if (!stralloc_0(&nughde)) die_nomem();
+            close(fd);
+            x=nughde.s;
+            /* skip username */
+            username=x;
+            x += byte_chr(x,nughde.s + nughde.len - x,'\0');
+            if (x == nughde.s + nughde.len) return 1;
+            ++x;
+            /* skip uid */
+            x += byte_chr(x,nughde.s + nughde.len - x,'\0');
+            if (x == nughde.s + nughde.len) return 1;
+            ++x;
+            /* skip gid */
+            x += byte_chr(x,nughde.s + nughde.len - x,'\0');
+            if (x == nughde.s + nughde.len) return 1;
+            ++x;
+            /* skip homedir */
+            homedir=x;
+            x += byte_chr(x,nughde.s + nughde.len - x,'\0');
+            if (x == nughde.s + nughde.len) return 1;
+            ++x;
+            /* skip dash */
+            dash=x;
+            x += byte_chr(x,nughde.s + nughde.len - x,'\0');
+            if (x == nughde.s + nughde.len) return 1;
+            ++x;
+            extension=x;
+            goto got_nughde;
+          }
+        }
+        --i;
+        flagwild = 1;
+      } while (i);
+      close(fd);
+    }
+  }
+  /* qmail-getpw */
+  local = localpart.s;
+  if (!userext()) {
+    extension = local;
+    dash = "-";
+    pw = getpwnam(auto_usera);
+  }
+  if (!pw) return denyaddr(addr, depth);
+  if (!stralloc_copys(&nughde,pw->pw_dir)) die_nomem();
+  if (!stralloc_0(&nughde)) die_nomem();
+  homedir=nughde.s;
+  username=pw->pw_name;
+  got_nughde:
+  /* qmail-local:qmesearch */
+  //if (!*dash) return 1;
+  if (!*dash) { env_put2("DTUSER", username); return 1; }
+  if (!stralloc_copys(&safeext,extension)) die_nomem();
+  case_lowerb(safeext.s,safeext.len);
+  for (i = 0;i < safeext.len;++i)
+  {
+    if (safeext.s[i] == '.')
+      safeext.s[i] = ':';
+  }
+  {
+    struct stat st;
+    int i;
+    if (!stralloc_copys(&qme,homedir)) die_nomem();
+    if (!stralloc_cats(&qme,"/.qmail")) die_nomem();
+    if (!stralloc_cats(&qme,dash)) die_nomem();
+    if (!stralloc_cat(&qme,&safeext)) die_nomem();
+    if (!stralloc_0(&qme)) die_nomem();
+    //if (stat(qme.s,&st) == 0) return 1;
+    if (stat(qme.s,&st) == 0) { handleqme(&qme, depth); return 1; }
+    if (errno != error_noent) {
+      stat_error(qme.s,errno);
+      return 1;
+    }
+    for (i = safeext.len;i >= 0;--i)
+      if (!i || (safeext.s[i - 1] == '-')) {
+        if (!stralloc_copys(&qme,homedir)) die_nomem();
+        if (!stralloc_cats(&qme,"/.qmail")) die_nomem();
+        if (!stralloc_cats(&qme,dash)) die_nomem();
+        if (!stralloc_catb(&qme,safeext.s,i)) die_nomem();
+        if (!stralloc_cats(&qme,"default")) die_nomem();
+        if (!stralloc_0(&qme)) die_nomem();
+        //if (stat(qme.s,&st) == 0) return 1;
+        if (stat(qme.s,&st) == 0) { handleqme(&qme, depth); return 1; }
+        if (errno != error_noent) {
+          stat_error(qme.s,errno);
+          return 1;
+        }
+      }
+    return denyaddr(addr, depth);
+  }
+}
+int realrcptto_deny()
+{
+  return flagdenyall && flagdenyany;
+}
author	manuel <manuel@mausz.at>	2013-02-05 23:48:16 +0100
committer	manuel <manuel@mausz.at>	2013-02-05 23:48:16 +0100
commit	b0c5a1bf27516611d34b6b7d56a0376e3c64171b (patch)
tree	775492f51e62ed7b0dfe1eba75bfd189950c470f /realrcptto.c
parent	e52f8862b7bd6519055296a9b757259c0fd358d7 (diff)
download	qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.tar.gz qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.tar.bz2 qmail-b0c5a1bf27516611d34b6b7d56a0376e3c64171b.zip

diff --git a/realrcptto.c b/realrcptto.c new file mode 100644 index 0000000..7ec331a --- /dev/null +++ b/realrcptto.c
@@ -0,0 +1,421 @@
	1	#include <sys/types.h>
	2	#include <sys/stat.h>
	3	#include <unistd.h>
	4	#include <pwd.h>
	5	#include "auto_break.h"
	6	#include "auto_usera.h"
	7	#include "byte.h"
	8	#include "case.h"
	9	#include "cdb.h"
	10	#include "constmap.h"
	11	#include "error.h"
	12	#include "fmt.h"
	13	#include "open.h"
	14	#include "str.h"
	15	#include "stralloc.h"
	16	#include "uint32.h"
	17	#include "substdio.h"
	18	#include "env.h"
	19	#include "slurpclose.h"
	20
	21	extern void die_nomem();
	22	extern void die_control();
	23	extern void die_cdb();
	24	extern void die_sys();
	25
	26	static stralloc envnoathost = {0};
	27	static stralloc percenthack = {0};
	28	static stralloc locals = {0};
	29	static stralloc vdoms = {0};
	30	static struct constmap mappercenthack;
	31	static struct constmap maplocals;
	32	static struct constmap mapvdoms;
	33
	34	static char *dash;
	35	static char *extension;
	36	static char *local;
	37	static struct passwd *pw;
	38
	39	static char errbuf[128];
	40	static struct substdio sserr = SUBSTDIO_FDBUF(write,2,errbuf,sizeof errbuf);
	41
	42	static char pidbuf[64];
	43	static char remoteipbuf[64]=" ";
	44
	45	static int flagdenyall;
	46	static int flagdenyany;
	47
	48	void realrcptto_init()
	49	{
	50	char *x;
	51
	52	if (control_rldef(&envnoathost,"control/envnoathost",1,"envnoathost") != 1)
	53	die_control();
	54
	55	if (control_readfile(&locals,"control/locals",1) != 1) die_control();
	56	if (!constmap_init(&maplocals,locals.s,locals.len,0)) die_nomem();
	57	switch(control_readfile(&percenthack,"control/percenthack",0)) {
	58	case -1: die_control();
	59	case 0: if (!constmap_init(&mappercenthack,"",0,0)) die_nomem();
	60	case 1:
	61	if (!constmap_init(&mappercenthack,percenthack.s,percenthack.len,0))
	62	die_nomem();
	63	}
	64	switch(control_readfile(&vdoms,"control/virtualdomains",0)) {
	65	case -1: die_control();
	66	case 0: if (!constmap_init(&mapvdoms,"",0,1)) die_nomem();
	67	case 1: if (!constmap_init(&mapvdoms,vdoms.s,vdoms.len,1)) die_nomem();
	68	}
	69
	70	str_copy(pidbuf + fmt_ulong(pidbuf,getpid())," ");
	71	x=env_get("PROTO");
	72	if (x) {
	73	static char const remoteip[]="REMOTEIP";
	74	unsigned int len = str_len(x);
	75	if (len <= sizeof remoteipbuf - sizeof remoteip) {
	76	byte_copy(remoteipbuf,len,x);
	77	byte_copy(remoteipbuf + len,sizeof remoteip,remoteip);
	78	x = env_get(remoteipbuf);
	79	len = str_len(x);
	80	if (len + 1 < sizeof remoteipbuf) {
	81	byte_copy(remoteipbuf,len,x);
	82	remoteipbuf[len]=' ';
	83	remoteipbuf[len + 1]='\0';
	84	}
	85	}
	86	}
	87
	88	x = env_get("QMAILRRTDENYALL");
	89	flagdenyall = (x && x[0]=='1' && x[1]=='\0');
	90	}
	91
	92	void realrcptto_start()
	93	{
	94	flagdenyany = 0;
	95	}
	96
	97	static int denyaddr(addr, depth)
	98	char *addr;
	99	int depth;
	100	{
	101	if (depth == 1)
	102	{
	103	substdio_puts(&sserr,"realrcptto ");
	104	substdio_puts(&sserr,pidbuf);
	105	substdio_puts(&sserr,remoteipbuf);
	106	substdio_puts(&sserr,addr);
	107	substdio_puts(&sserr,"\n");
	108	substdio_flush(&sserr);
	109	flagdenyany = 1;
	110	}
	111	return flagdenyall;
	112	}
	113
	114	static void stat_error(path,error)
	115	char* path;
	116	int error;
	117	{
	118	substdio_puts(&sserr,"unable to stat ");
	119	substdio_puts(&sserr,path);
	120	substdio_puts(&sserr,": ");
	121	substdio_puts(&sserr,error_str(error));
	122	substdio_puts(&sserr,"\n");
	123	substdio_flush(&sserr);
	124	}
	125
	126	#define GETPW_USERLEN 32
	127
	128	static int userext()
	129	{
	130	char username[GETPW_USERLEN];
	131	struct stat st;
	132
	133	extension = local + str_len(local);
	134	for (;;) {
	135	if (extension - local < sizeof(username))
	136	if (!extension \|\| (extension == *auto_break)) {
	137	byte_copy(username,extension - local,local);
	138	username[extension - local] = 0;
	139	case_lowers(username);
	140	errno = 0;
	141	pw = getpwnam(username);
	142	if (errno == error_txtbsy) die_sys();
	143	if (pw)
	144	if (pw->pw_uid)
	145	if (stat(pw->pw_dir,&st) == 0) {
	146	if (st.st_uid == pw->pw_uid) {
	147	dash = "";
	148	if (*extension) { ++extension; dash = "-"; }
	149	return 1;
	150	}
	151	}
	152	else
	153	if (error_temp(errno)) die_sys();
	154	}
	155	if (extension == local) return 0;
	156	--extension;
	157	}
	158	}
	159
	160	// max lookups
	161	#define MAXRECURSION 5
	162
	163	static int handleqme(qme, depth)
	164	stralloc *qme;
	165	int depth;
	166	{
	167	stralloc cmds = {0};
	168	char *username = NULL;
	169	int fd, i, j, k, count;
	170
	171	if (depth >= MAXRECURSION) return 0;
	172	if (!stralloc_ready(&cmds,0)) die_nomem();
	173	cmds.len = 0;
	174
	175	fd = open_read(qme->s);
	176	if (fd == -1) return 0;
	177	if (slurpclose(fd,&cmds,256) == -1) die_nomem();
	178	if (!cmds.len \|\| (cmds.s[cmds.len - 1] != '\n'))
	179	if (!stralloc_cats(&cmds,"\n")) die_nomem();
	180
	181	i = count = 0;
	182	for (j = 0;j < cmds.len;++j)
	183	{
	184	if (cmds.s[j] == '\n')
	185	{
	186	cmds.s[j] = 0;
	187	k = j;
	188	while ((k > i) && ((cmds.s[k - 1] == ' ') \|\| (cmds.s[k - 1] == '\t')))
	189	cmds.s[--k] = 0;
	190	switch(cmds.s[i])
	191	{
	192	case 0:
	193	case '#':
	194	case '.':
	195	case '/':
	196	case '\|':
	197	case '+':
	198	break;
	199	case '&':
	200	++i;
	201	default:
	202	count++;
	203	username = cmds.s + i;
	204	break;
	205	}
	206	i = j + 1;
	207	}
	208	}
	209
	210	if (count == 1 && username)
	211	realrcptto(username, ++depth);
	212
	213	return 1;
	214	}
	215
	216	int realrcptto(addr, depth)
	217	char *addr;
	218	int depth;
	219	{
	220	env_unset("DTUSER");
	221	return realrcptto_ex(addr, depth);
	222	}
	223
	224	int realrcptto_ex(addr, depth)
	225	char *addr;
	226	int depth;
	227	{
	228	char homedir, username;
	229	static stralloc localpart = {0};
	230	static stralloc lower = {0};
	231	static stralloc nughde = {0};
	232	static stralloc wildchars = {0};
	233	static stralloc safeext = {0};
	234	static stralloc qme = {0};
	235	unsigned int i,at;
	236
	237	/* Short circuit, or full logging? Short circuit. */
	238	if (flagdenyall && flagdenyany) return 1;
	239
	240	/* qmail-send:rewrite */
	241	if (!stralloc_copys(&localpart,addr)) die_nomem();
	242	i = byte_rchr(localpart.s,localpart.len,'@');
	243	if (i == localpart.len) {
	244	if (!stralloc_cats(&localpart,"@")) die_nomem();
	245	if (!stralloc_cat(&localpart,&envnoathost)) die_nomem();
	246	}
	247	while (constmap(&mappercenthack,localpart.s + i + 1,localpart.len - i - 1)) {
	248	unsigned int j = byte_rchr(localpart.s,i,'%');
	249	if (j == i) break;
	250	localpart.len = i;
	251	i = j;
	252	localpart.s[i] = '@';
	253	}
	254	at = byte_rchr(localpart.s,localpart.len,'@');
	255	if (constmap(&maplocals,localpart.s + at + 1,localpart.len - at - 1)) {
	256	localpart.len = at;
	257	localpart.s[at] = '\0';
	258	} else {
	259	unsigned int xlen,newlen;
	260	char *x;
	261	for (i = 0;;++i) {
	262	if (i > localpart.len) return denyaddr(addr, depth);
	263	if (!i \|\| (i == at + 1) \|\| (i == localpart.len) \|\|
	264	((i > at) && (localpart.s[i] == '.'))) {
	265	x = constmap(&mapvdoms,localpart.s + i,localpart.len - i);
	266	if (x && i == at + 1) {
	267	// set QMAILQUEUE if catch-all
	268	char *qmailqueue;
	269	qmailqueue = env_get("QMAILQUEUE");
	270	if (qmailqueue) {
	271	if (!env_put("QMAILQUEUE=bin/qmail-queue")) die_nomem();
	272	}
	273	}
	274	if (x) break;
	275	}
	276	}
	277	if (!*x) return 1;
	278	xlen = str_len(x) + 1; /* +1 for '-' */
	279	newlen = xlen + at + 1; /* +1 for \0 */
	280	if (xlen < 1 \|\| newlen - 1 < xlen \|\| newlen < 1 \|\|
	281	!stralloc_ready(&localpart,newlen))
	282	die_nomem();
	283	localpart.s[newlen - 1] = '\0';
	284	byte_copyr(localpart.s + xlen,at,localpart.s);
	285	localpart.s[xlen - 1] = '-';
	286	byte_copy(localpart.s,xlen - 1,x);
	287	localpart.len = newlen;
	288	}
	289
	290	/* qmail-lspawn:nughde_get */
	291	{
	292	int r,fd,flagwild;
	293	if (!stralloc_copys(&lower,"!")) die_nomem();
	294	if (!stralloc_cats(&lower,localpart.s)) die_nomem();
	295	if (!stralloc_0(&lower)) die_nomem();
	296	case_lowerb(lower.s,lower.len);
	297	if (!stralloc_copys(&nughde,"")) die_nomem();
	298	fd = open_read("users/cdb");
	299	if (fd == -1) {
	300	if (errno != error_noent) die_cdb();
	301	} else {
	302	uint32 dlen;
	303	r = cdb_seek(fd,"",0,&dlen);
	304	if (r != 1) die_cdb();
	305	if (!stralloc_ready(&wildchars,(unsigned int) dlen)) die_nomem();
	306	wildchars.len = dlen;
	307	if (cdb_bread(fd,wildchars.s,wildchars.len) == -1) die_cdb();
	308	i = lower.len;
	309	flagwild = 0;
	310	do { /* i > 0 */
	311	if (!flagwild \|\| (i == 1) \|\|
	312	(byte_chr(wildchars.s,wildchars.len,lower.s[i - 1])
	313	< wildchars.len)) {
	314	r = cdb_seek(fd,lower.s,i,&dlen);
	315	if (r == -1) die_cdb();
	316	if (r == 1) {
	317	char *x;
	318	if (!stralloc_ready(&nughde,(unsigned int) dlen)) die_nomem();
	319	nughde.len = dlen;
	320	if (cdb_bread(fd,nughde.s,nughde.len) == -1) die_cdb();
	321	if (flagwild)
	322	if (!stralloc_cats(&nughde,localpart.s + i - 1)) die_nomem();
	323	if (!stralloc_0(&nughde)) die_nomem();
	324	close(fd);
	325	x=nughde.s;
	326	/* skip username */
	327	username=x;
	328	x += byte_chr(x,nughde.s + nughde.len - x,'\0');
	329	if (x == nughde.s + nughde.len) return 1;
	330	++x;
	331	/* skip uid */
	332	x += byte_chr(x,nughde.s + nughde.len - x,'\0');
	333	if (x == nughde.s + nughde.len) return 1;
	334	++x;
	335	/* skip gid */
	336	x += byte_chr(x,nughde.s + nughde.len - x,'\0');
	337	if (x == nughde.s + nughde.len) return 1;
	338	++x;
	339	/* skip homedir */
	340	homedir=x;
	341	x += byte_chr(x,nughde.s + nughde.len - x,'\0');
	342	if (x == nughde.s + nughde.len) return 1;
	343	++x;
	344	/* skip dash */
	345	dash=x;
	346	x += byte_chr(x,nughde.s + nughde.len - x,'\0');
	347	if (x == nughde.s + nughde.len) return 1;
	348	++x;
	349	extension=x;
	350	goto got_nughde;
	351	}
	352	}
	353	--i;
	354	flagwild = 1;
	355	} while (i);
	356	close(fd);
	357	}
	358	}
	359
	360	/* qmail-getpw */
	361	local = localpart.s;
	362	if (!userext()) {
	363	extension = local;
	364	dash = "-";
	365	pw = getpwnam(auto_usera);
	366	}
	367	if (!pw) return denyaddr(addr, depth);
	368	if (!stralloc_copys(&nughde,pw->pw_dir)) die_nomem();
	369	if (!stralloc_0(&nughde)) die_nomem();
	370	homedir=nughde.s;
	371	username=pw->pw_name;
	372
	373	got_nughde:
	374
	375	/* qmail-local:qmesearch */
	376	//if (!*dash) return 1;
	377	if (!*dash) { env_put2("DTUSER", username); return 1; }
	378	if (!stralloc_copys(&safeext,extension)) die_nomem();
	379	case_lowerb(safeext.s,safeext.len);
	380	for (i = 0;i < safeext.len;++i)
	381	{
	382	if (safeext.s[i] == '.')
	383	safeext.s[i] = ':';
	384	}
	385	{
	386	struct stat st;
	387	int i;
	388	if (!stralloc_copys(&qme,homedir)) die_nomem();
	389	if (!stralloc_cats(&qme,"/.qmail")) die_nomem();
	390	if (!stralloc_cats(&qme,dash)) die_nomem();
	391	if (!stralloc_cat(&qme,&safeext)) die_nomem();
	392	if (!stralloc_0(&qme)) die_nomem();
	393	//if (stat(qme.s,&st) == 0) return 1;
	394	if (stat(qme.s,&st) == 0) { handleqme(&qme, depth); return 1; }
	395	if (errno != error_noent) {
	396	stat_error(qme.s,errno);
	397	return 1;
	398	}
	399	for (i = safeext.len;i >= 0;--i)
	400	if (!i \|\| (safeext.s[i - 1] == '-')) {
	401	if (!stralloc_copys(&qme,homedir)) die_nomem();
	402	if (!stralloc_cats(&qme,"/.qmail")) die_nomem();
	403	if (!stralloc_cats(&qme,dash)) die_nomem();
	404	if (!stralloc_catb(&qme,safeext.s,i)) die_nomem();
	405	if (!stralloc_cats(&qme,"default")) die_nomem();
	406	if (!stralloc_0(&qme)) die_nomem();
	407	//if (stat(qme.s,&st) == 0) return 1;
	408	if (stat(qme.s,&st) == 0) { handleqme(&qme, depth); return 1; }
	409	if (errno != error_noent) {
	410	stat_error(qme.s,errno);
	411	return 1;
	412	}
	413	}
	414	return denyaddr(addr, depth);
	415	}
	416	}
	417
	418	int realrcptto_deny()
	419	{
	420	return flagdenyall && flagdenyany;
	421	}