Commit | Line | Data |
---|---|---|
0a49a7a4 | 1 | /* $Cambridge: exim/src/src/rewrite.c,v 1.5 2009/11/16 19:50:37 nm4 Exp $ */ |
059ec3d9 PH |
2 | |
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
0a49a7a4 | 7 | /* Copyright (c) University of Cambridge 1995 - 2009 */ |
059ec3d9 PH |
8 | /* See the file NOTICE for conditions of use and distribution. */ |
9 | ||
10 | /* Functions concerned with rewriting headers */ | |
11 | ||
12 | ||
13 | #include "exim.h" | |
14 | ||
15 | /* Names for testing rewriting */ | |
16 | ||
17 | static char *rrname[] = { | |
18 | " sender", | |
19 | " from", | |
20 | " to", | |
21 | " cc", | |
22 | " bcc", | |
23 | "reply-to", | |
24 | "env-from", | |
25 | " env-to" | |
26 | }; | |
27 | ||
28 | /* Structure and table for finding source of address for debug printing */ | |
29 | ||
30 | typedef struct where_list_block { | |
31 | int bit; | |
32 | uschar *string; | |
33 | } where_list_block; | |
34 | ||
35 | static where_list_block where_list[] = { | |
36 | { rewrite_sender, US"sender:" }, | |
37 | { rewrite_from, US"from:" }, | |
38 | { rewrite_to, US"to:" }, | |
39 | { rewrite_cc, US"cc:" }, | |
40 | { rewrite_bcc, US"bcc:" }, | |
41 | { rewrite_replyto, US"reply-to:" }, | |
42 | { rewrite_envfrom, US"env-from" }, | |
43 | { rewrite_envto, US"env-to" }, | |
44 | { rewrite_smtp, US"smtp recipient" }, | |
45 | { rewrite_smtp|rewrite_smtp_sender, US"smtp sender" } | |
46 | }; | |
47 | ||
48 | static int where_list_size = sizeof(where_list)/sizeof(where_list_block); | |
49 | ||
50 | ||
51 | ||
52 | /************************************************* | |
53 | * Ensure an address is qualified * | |
54 | *************************************************/ | |
55 | ||
56 | /* | |
57 | Arguments: | |
58 | s address to check | |
59 | is_recipient TRUE if a recipient address; FALSE if a sender address | |
60 | ||
61 | Returns: fully-qualified address | |
62 | */ | |
63 | ||
64 | uschar * | |
65 | rewrite_address_qualify(uschar *s, BOOL is_recipient) | |
66 | { | |
67 | return (parse_find_at(s) != NULL)? s : | |
68 | string_sprintf("%s@%s", s, | |
69 | is_recipient? qualify_domain_recipient : qualify_domain_sender); | |
70 | } | |
71 | ||
72 | ||
73 | ||
74 | /************************************************* | |
75 | * Rewrite a single address * | |
76 | *************************************************/ | |
77 | ||
78 | /* The yield is the input address if there is no rewriting to be done. Assume | |
79 | the input is a valid address, except in the case of SMTP-time rewriting, which | |
80 | is handled specially. When this function is called while processing filter and | |
81 | forward files, the uid may be that of the user. Ensure it is reset while | |
82 | expanding a replacement, in case that involves file lookups. | |
83 | ||
84 | Arguments: | |
85 | s address to rewrite | |
86 | flag indicates where this address comes from; it must match the | |
87 | flags in the rewriting rule | |
88 | whole if not NULL, set TRUE if any rewriting rule contained the | |
89 | "whole" bit and it is a header that is being rewritten | |
90 | add_header if TRUE and rewriting occurs, add an "X-rewrote-xxx" header | |
91 | if headers are in existence; this should be TRUE only when | |
92 | a message is being received, not during delivery | |
93 | name name of header, for use when adding X-rewrote-xxxx | |
94 | rewrite_rules chain of rewriting rules | |
95 | ||
96 | Returns: new address if rewritten; the input address if no change; | |
97 | for a header rewrite, if the "whole" bit is set, the entire | |
98 | rewritten address is returned, not just the active bit. | |
99 | */ | |
100 | ||
101 | uschar * | |
102 | rewrite_one(uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *name, | |
103 | rewrite_rule *rewrite_rules) | |
104 | { | |
105 | rewrite_rule *rule; | |
106 | uschar *yield = s; | |
107 | uschar *subject = s; | |
108 | uschar *domain = NULL; | |
109 | BOOL done = FALSE; | |
110 | int rule_number = 1; | |
111 | int yield_start = 0, yield_end = 0; | |
112 | ||
113 | if (whole != NULL) *whole = FALSE; | |
114 | ||
115 | /* Scan the rewriting rules */ | |
116 | ||
117 | for (rule = rewrite_rules; | |
118 | rule != NULL && !done; | |
119 | rule_number++, rule = rule->next) | |
120 | { | |
121 | int start, end, pdomain; | |
122 | int count = 0; | |
123 | uschar *save_localpart, *save_domain; | |
124 | uschar *error, *new, *newparsed; | |
125 | ||
126 | /* Ensure that the flag matches the flags in the rule. */ | |
127 | ||
128 | if ((rule->flags & flag) == 0) continue; | |
129 | ||
130 | /* Come back here for a repeat after a successful rewrite. We do this | |
131 | only so many times. */ | |
132 | ||
133 | REPEAT_RULE: | |
134 | ||
135 | /* If this is an SMTP-time rewrite, the pattern must be a regex and | |
136 | the subject may have any structure. No local part or domain variables | |
137 | can be set for the expansion. We expand the pattern in order to be consistent | |
138 | with the other kinds of rewrite, where expansion happens inside | |
139 | match_address_list(). */ | |
140 | ||
141 | if ((flag & rewrite_smtp) != 0) | |
142 | { | |
143 | uschar *key = expand_string(rule->key); | |
144 | if (key == NULL) | |
145 | { | |
146 | if (!expand_string_forcedfail) | |
147 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" while " | |
148 | "checking for SMTP rewriting: %s", rule->key, expand_string_message); | |
149 | continue; | |
150 | } | |
151 | if (match_check_string(subject, key, 0, TRUE, FALSE, FALSE, NULL) != OK) | |
152 | continue; | |
153 | new = expand_string(rule->replacement); | |
154 | } | |
155 | ||
156 | /* All other rewrites expect the input to be a valid address, so local part | |
157 | and domain variables can be set for expansion. For the first rule, to be | |
158 | applied to this address, domain will be NULL and needs to be set. */ | |
159 | ||
160 | else | |
161 | { | |
162 | if (domain == NULL) domain = Ustrrchr(subject, '@') + 1; | |
163 | ||
164 | /* Use the general function for matching an address against a list (here | |
165 | just one item, so use the "impossible value" separator UCHAR_MAX+1). */ | |
166 | ||
167 | if (match_address_list(subject, FALSE, TRUE, &(rule->key), NULL, 0, | |
168 | UCHAR_MAX + 1, NULL) != OK) | |
169 | continue; | |
170 | ||
171 | /* The source address matches, and numerical variables have been | |
172 | set up. If the replacement string consists of precisely "*" then no | |
173 | rewriting is required for this address - the behaviour is as for "fail" | |
174 | in the replacement expansion, but assuming the quit flag. */ | |
175 | ||
176 | if (Ustrcmp(rule->replacement, "*") == 0) break; | |
177 | ||
178 | /* Otherwise, expand the replacement string. Set $local_part and $domain to | |
179 | the appropriate values, restoring whatever value they previously had | |
180 | afterwards. */ | |
181 | ||
182 | save_localpart = deliver_localpart; | |
183 | save_domain = deliver_domain; | |
184 | ||
185 | /* We have subject pointing to "localpart@domain" and domain pointing to | |
186 | the domain. Temporarily terminate the local part so that it can be | |
187 | set up as an expansion variable */ | |
188 | ||
189 | domain[-1] = 0; | |
190 | deliver_localpart = subject; | |
191 | deliver_domain = domain; | |
192 | ||
193 | new = expand_string(rule->replacement); | |
194 | ||
195 | domain[-1] = '@'; | |
196 | deliver_localpart = save_localpart; | |
197 | deliver_domain = save_domain; | |
198 | } | |
199 | ||
200 | /* If the expansion failed with the "forcedfail" flag, don't generate | |
201 | an error - just give up on this rewriting rule. If the "q" flag is set, | |
202 | give up altogether. For other expansion failures we have a configuration | |
203 | error. */ | |
204 | ||
205 | if (new == NULL) | |
206 | { | |
207 | if (expand_string_forcedfail) | |
208 | { if ((rule->flags & rewrite_quit) != 0) break; else continue; } | |
209 | log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: " | |
210 | "%s", rule->replacement, expand_string_message); | |
211 | break; | |
212 | } | |
213 | ||
214 | /* Check the what has been generated is a valid RFC 2822 address. Only | |
215 | envelope from or SMTP sender is permitted to be rewritten as <>.*/ | |
216 | ||
217 | newparsed = parse_extract_address(new, &error, &start, &end, &pdomain, | |
218 | flag == rewrite_envfrom || flag == (rewrite_smtp|rewrite_smtp_sender)); | |
219 | ||
220 | if (newparsed == NULL) | |
221 | { | |
222 | log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unparseable " | |
223 | "address: %s in address %s", subject, error, new); | |
224 | break; /* Give up on this address */ | |
225 | } | |
226 | ||
227 | /* A non-null unqualified address can be qualified if requested. Otherwise, | |
228 | this is an error unless it's the empty address in circumstances where that is | |
229 | permitted. */ | |
230 | ||
231 | if (pdomain == 0 && (*newparsed != 0 || | |
232 | (flag != rewrite_envfrom && flag != (rewrite_smtp|rewrite_smtp_sender)))) | |
233 | { | |
234 | if ((rule->flags & rewrite_qualify) != 0) | |
235 | { | |
236 | newparsed = rewrite_address_qualify(newparsed, TRUE); | |
237 | new = string_sprintf("%.*s%s%.*s", start, new, newparsed, | |
238 | Ustrlen(new) - end, new + end); | |
239 | end = start + Ustrlen(newparsed); | |
240 | } | |
241 | else | |
242 | { | |
243 | log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unqualified " | |
244 | "address \"%s\"", subject, new); | |
245 | break; /* Give up on this address */ | |
246 | } | |
247 | } | |
248 | ||
249 | /* We have a validly rewritten address */ | |
250 | ||
251 | if ((log_write_selector & L_address_rewrite) != 0 || | |
252 | (debug_selector & D_rewrite) != 0) | |
253 | { | |
254 | int i; | |
255 | uschar *where = US"?"; | |
256 | ||
257 | for (i = 0; i < where_list_size; i++) | |
258 | { | |
259 | if (flag == where_list[i].bit) | |
260 | { | |
261 | where = where_list[i].string; | |
262 | break; | |
263 | } | |
264 | } | |
265 | log_write(L_address_rewrite, | |
266 | LOG_MAIN, "\"%s\" from %s rewritten as \"%s\" by rule %d", | |
267 | yield, where, new, rule_number); | |
268 | } | |
269 | ||
270 | /* A header will only actually be added if header_last is non-NULL, | |
271 | i.e. during message reception or delivery, but add_header should not | |
272 | be set TRUE during delivery, as otherwise multiple instances of the header | |
273 | can fill up the -H file and make it embarrassingly large. We don't need | |
274 | to set header_rewritten because the -H file always gets written at the end | |
275 | of message reception. */ | |
276 | ||
277 | if (add_header) | |
278 | header_add(htype_old, "X-rewrote-%s: %s\n", name, subject); | |
279 | ||
280 | /* Handle the case when replacement of the whole address is possible. | |
281 | This happens only when whole is not NULL and we are rewriting a header. | |
282 | If *whole is already TRUE it means that a previous rule had the w | |
283 | flag set and so we must preserve the non-active portion of the current | |
284 | subject unless the current rule also has the w flag set. */ | |
285 | ||
286 | if (whole != NULL && (flag & rewrite_all_headers) != 0) | |
287 | { | |
288 | /* Current rule has the w flag set. We must ensure the phrase parts | |
289 | are syntactically valid if they are present. */ | |
290 | ||
291 | if ((rule->flags & rewrite_whole) != 0) | |
292 | { | |
293 | if (start > 0 && new[start-1] == '<') | |
294 | { | |
295 | uschar *p1 = new + start - 1; | |
296 | uschar *p2 = new + end + 1; | |
297 | uschar *pf1, *pf2; | |
298 | uschar buff1[256], buff2[256]; | |
299 | ||
300 | while (p1 > new && p1[-1] == ' ') p1--; | |
301 | pf1 = parse_fix_phrase(new, p1 - new, buff1, sizeof(buff1)); | |
302 | while (*p2 == ' ') p2++; | |
303 | pf2 = parse_fix_phrase(p2, Ustrlen(p2), buff2, sizeof(buff2)); | |
304 | ||
305 | /* Note that pf1 and pf2 are NOT necessarily buff1 and buff2. For | |
306 | a non-RFC 2047 phrase that does not need to be RFC 2822 quoted, they | |
307 | will be buff1+1 and buff2+1. */ | |
308 | ||
309 | start = Ustrlen(pf1) + start + new - p1; | |
310 | end = start + Ustrlen(newparsed); | |
311 | new = string_sprintf("%s%.*s%s", pf1, p2 - p1, p1, pf2); | |
312 | } | |
313 | ||
314 | /* Now accept the whole thing */ | |
315 | ||
316 | yield = new; | |
317 | yield_start = start; | |
318 | yield_end = end; | |
319 | subject = newparsed; | |
320 | *whole = TRUE; | |
321 | } | |
322 | ||
323 | /* Current rule does not have the w flag set; if not previously | |
324 | done any whole rewriting, behave in non-whole manner. */ | |
325 | ||
326 | else if (!*whole) goto NEVER_WHOLE; | |
327 | ||
328 | /* Current rule does not have the w flag set, but a previous | |
329 | rule did rewrite the whole address. Thus yield and subject will be | |
330 | different. Preserve the previous non-active part of the address. */ | |
331 | ||
332 | else | |
333 | { | |
334 | subject = newparsed; | |
335 | new = string_sprintf("%.*s%s%n%s", | |
336 | yield_start, yield, subject, &end, yield + yield_end); | |
337 | yield_end = end; | |
338 | yield = new; | |
339 | } | |
340 | } | |
341 | ||
342 | /* Rule just rewrites active part, or handling an envelope. This | |
343 | code is obeyed only when all rules so far have not done "whole" | |
344 | replacement. */ | |
345 | ||
346 | else | |
347 | { | |
348 | NEVER_WHOLE: | |
349 | subject = yield = newparsed; | |
350 | } | |
351 | ||
352 | domain = NULL; /* Reset for next rule */ | |
353 | ||
354 | /* If no further rewrites are to be done, set the done flag. This allows | |
355 | repeats of the current rule if configured before breaking the loop. */ | |
356 | ||
357 | if ((rule->flags & rewrite_quit) != 0) done = TRUE; | |
358 | ||
359 | /* Allow the current rule to be applied up to 10 times if | |
360 | requested. */ | |
361 | ||
362 | if ((rule->flags & rewrite_repeat) != 0) | |
363 | { | |
364 | if (count++ < 10) goto REPEAT_RULE; | |
365 | log_write(0, LOG_MAIN|LOG_PANIC, "rewrite rule repeat ignored after 10 " | |
366 | "times"); | |
367 | } | |
368 | } | |
369 | ||
370 | /* Unset expansion numeric variables, and that's it. */ | |
371 | ||
372 | expand_nmax = -1; | |
373 | return yield; | |
374 | } | |
375 | ||
376 | ||
377 | ||
378 | /************************************************* | |
379 | * Ensure qualification and rewrite * | |
380 | *************************************************/ | |
381 | ||
382 | /* This function is called for envelope addresses, the boolean specifying | |
383 | whether a recipient or a sender. It must first of all ensure the address is | |
384 | fully qualified, and then apply any relevant re-writing rules. The add-header | |
385 | flag causes a header to be added, recording the old address. This is marked | |
386 | "old", so that it is never transported anywhere; it exists for local checking | |
387 | and debugging purposes. | |
388 | ||
389 | Arguments: | |
390 | s the address to be considered | |
391 | is_recipient TRUE for recipient addresses; FALSE otherwise | |
392 | add_header add "X-rewrote-xxx" header when rewriting; this is | |
393 | set TRUE only for calls from the reception functions | |
394 | rewrite_rules points to chain of rewrite rules | |
395 | existflags bits indicating which headers there are rewrites for | |
396 | (just an optimisation) | |
397 | ||
398 | Returns: possibly rewritten address | |
399 | */ | |
400 | ||
401 | uschar * | |
402 | rewrite_address(uschar *s, BOOL is_recipient, BOOL add_header, | |
403 | rewrite_rule *rewrite_rules, int existflags) | |
404 | { | |
405 | int flag = is_recipient? rewrite_envto : rewrite_envfrom; | |
406 | s = rewrite_address_qualify(s, is_recipient); | |
407 | if ((existflags & flag) != 0) | |
408 | { | |
409 | uschar *new = rewrite_one(s, flag, NULL, add_header, is_recipient? | |
410 | US"original-recipient" : US"sender", rewrite_rules); | |
411 | if (new != s) s = new; | |
412 | } | |
413 | return s; | |
414 | } | |
415 | ||
416 | ||
417 | ||
418 | /************************************************* | |
419 | * Qualify and possibly rewrite one header * | |
420 | *************************************************/ | |
421 | ||
422 | /* This is called only from rewrite_header() below, either when reading a | |
423 | message. or when routing, in order to rewrite addresses that get changed by a | |
424 | router. This is normally the addition of full qualification to a partial | |
425 | domain. The first rewriting rule in this case is "change routed_old into | |
426 | routed_new", and it applies to all header lines that contain addresses. Then | |
427 | header-specific rewriting rules are applied. | |
428 | ||
429 | Before rewriting can be done, addresses without domains have to be qualified. | |
430 | This should only be done for messages from "local" senders. This is a difficult | |
431 | concept to pin down, what with the use of SMTP both as a submission and as a | |
432 | transmission protocol. Exim normally requires incoming SMTP to contain fully- | |
433 | qualified addresses, but there are options to permit unqualified ones from | |
434 | certain hosts. For those hosts only, addresses in headers can also be | |
435 | qualified. For other hosts, unqualified addresses in headers do not get touched | |
436 | in any way. For locally sourced messages, unqualified addresses always get | |
437 | qualified, except when -bnq is used to explicitly suppress this. | |
438 | ||
439 | Arguments: | |
440 | h pointer to header line block | |
441 | flag indicates which header this is | |
442 | routed_old if not NULL, this is a rewrite caused by a router, changing | |
443 | this domain into routed_new | |
444 | routed_new new routed domain if routed_old is not NULL | |
445 | rewrite_rules points to chain of rewriting rules | |
446 | existflags bits indicating which rewrites exist | |
447 | replace if TRUE, insert the new header in the chain after the old | |
448 | one, and mark the old one "replaced" | |
449 | ||
450 | Returns: NULL if header unchanged; otherwise the rewritten header | |
451 | */ | |
452 | ||
453 | static header_line * | |
454 | rewrite_one_header(header_line *h, int flag, uschar *routed_old, | |
455 | uschar *routed_new, rewrite_rule *rewrite_rules, int existflags, BOOL replace) | |
456 | { | |
457 | int lastnewline = 0; | |
458 | header_line *newh = NULL; | |
459 | void *function_reset_point = store_get(0); | |
460 | uschar *s = Ustrchr(h->text, ':') + 1; | |
461 | while (isspace(*s)) s++; | |
462 | ||
463 | DEBUG(D_rewrite) | |
464 | debug_printf("rewrite_one_header: type=%c:\n %s", h->type, h->text); | |
465 | ||
466 | parse_allow_group = TRUE; /* Allow group syntax */ | |
467 | ||
468 | /* Loop for multiple addresses in the header. We have to go through them all | |
469 | in case any need qualifying, even if there's no rewriting. Pathological headers | |
470 | may have thousands of addresses in them, so cause the store to be reset for | |
471 | any that don't actually get rewritten. We also play silly games for those that | |
472 | _are_ rewritten so as to avoid runaway store usage for these kinds of header. | |
473 | We want to avoid keeping store for any intermediate versions. */ | |
474 | ||
475 | while (*s != 0) | |
476 | { | |
477 | uschar *sprev; | |
478 | uschar *ss = parse_find_address_end(s, FALSE); | |
479 | uschar *recipient, *new, *errmess; | |
480 | void *loop_reset_point = store_get(0); | |
481 | BOOL changed = FALSE; | |
482 | int terminator = *ss; | |
483 | int start, end, domain; | |
484 | ||
485 | /* Temporarily terminate the string at this point, and extract the | |
486 | operative address within. Then put back the terminator and prepare for | |
487 | the next address, saving the start of the old one. */ | |
488 | ||
489 | *ss = 0; | |
490 | recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE); | |
491 | *ss = terminator; | |
492 | sprev = s; | |
493 | s = ss + (terminator? 1:0); | |
494 | while (isspace(*s)) s++; | |
495 | ||
496 | /* There isn't much we can do for syntactic disasters at this stage. | |
497 | Pro tem (possibly for ever) ignore them. */ | |
498 | ||
499 | if (recipient == NULL) | |
500 | { | |
501 | store_reset(loop_reset_point); | |
502 | continue; | |
503 | } | |
504 | ||
505 | /* If routed_old is not NULL, this is a rewrite caused by a router, | |
506 | consisting of changing routed_old into routed_new, and applying to all | |
507 | headers. If the header address has no domain, it is excluded, since a router | |
508 | rewrite affects domains only. The new value should always be fully qualified, | |
509 | but it may be something that has an explicit re-write rule set, so we need to | |
510 | check the configured rules subsequently as well. (Example: there's an | |
511 | explicit rewrite turning *.foo.com into foo.com, and an address is supplied | |
512 | as abc@xyz, which the DNS lookup turns into abc@xyz.foo.com). However, if no | |
513 | change is made here, don't bother carrying on. */ | |
514 | ||
515 | if (routed_old != NULL) | |
516 | { | |
517 | if (domain <= 0 || strcmpic(recipient+domain, routed_old) != 0) continue; | |
518 | recipient[domain-1] = 0; | |
519 | new = string_sprintf("%s@%s", recipient, routed_new); | |
520 | DEBUG(D_rewrite) | |
521 | { | |
522 | recipient[domain-1] = '@'; | |
523 | debug_printf("%s rewritten by router as %s\n", recipient, new); | |
524 | } | |
525 | recipient = new; | |
526 | changed = TRUE; | |
527 | } | |
528 | ||
529 | /* This is not a router-inspired rewrite. Ensure the address is fully | |
530 | qualified if that is permitted. If an unqualified address was received | |
531 | from a host that isn't listed, do not continue rewriting this address. | |
532 | Sender, From or Reply-To headers are treated as senders, the rest as | |
533 | recipients. This matters only when there are different qualify strings. */ | |
534 | ||
535 | else | |
536 | { | |
537 | BOOL is_recipient = | |
538 | (flag & (rewrite_sender | rewrite_from | rewrite_replyto)) == 0; | |
539 | new = rewrite_address_qualify(recipient, is_recipient); | |
540 | changed = (new != recipient); | |
541 | recipient = new; | |
542 | ||
543 | /* Can only qualify if permitted; if not, no rewrite. */ | |
544 | ||
545 | if (changed && ((is_recipient && !allow_unqualified_recipient) || | |
546 | (!is_recipient && !allow_unqualified_sender))) | |
547 | { | |
548 | store_reset(loop_reset_point); | |
549 | continue; | |
550 | } | |
551 | } | |
552 | ||
553 | /* If there are rewrite rules for this type of header, apply | |
554 | them. This test is just for efficiency, to save scanning the rules | |
555 | in cases when nothing is going to change. If any rewrite rule had the | |
556 | "whole" flag set, adjust the pointers so that the whole address gets | |
557 | replaced, except possibly a final \n. */ | |
558 | ||
559 | if ((existflags & flag) != 0) | |
560 | { | |
561 | BOOL whole; | |
562 | new = rewrite_one(recipient, flag, &whole, FALSE, NULL, rewrite_rules); | |
563 | if (new != recipient) | |
564 | { | |
565 | changed = TRUE; | |
566 | if (whole) | |
567 | { | |
568 | start = 0; | |
569 | end = ss - sprev; | |
570 | if (sprev[end-1] == '\n') end--; | |
571 | } | |
572 | } | |
573 | } | |
574 | ||
575 | /* If nothing has changed, lose all dynamic store obtained in this loop, and | |
576 | move on to the next address. We can't reset to the function start store | |
577 | point, because we may have a rewritten line from a previous time round the | |
578 | loop. */ | |
579 | ||
580 | if (!changed) store_reset(loop_reset_point); | |
581 | ||
582 | /* If the address has changed, create a new header containing the | |
583 | rewritten address. We do not need to set the chain pointers at this | |
584 | stage. We want to avoid using more and more memory if the header is very long | |
585 | and contains lots and lots of rewritten addresses. Therefore, we build the | |
586 | new text string in malloc store, then at the end we reset dynamic store | |
587 | before copying the new header to a new block (and then freeing the malloc | |
588 | block). The header must end up in dynamic store so that it's freed at the end | |
589 | of receiving a message. */ | |
590 | ||
591 | else | |
592 | { | |
593 | int remlen; | |
594 | int newlen = Ustrlen(new); | |
595 | int oldlen = end - start; | |
596 | ||
597 | header_line *prev = (newh == NULL)? h : newh; | |
598 | uschar *newt = store_malloc(prev->slen - oldlen + newlen + 4); | |
599 | uschar *newtstart = newt; | |
600 | ||
601 | int type = prev->type; | |
602 | int slen = prev->slen - oldlen + newlen; | |
603 | ||
604 | /* Build the new header text by copying the old and putting in the | |
605 | replacement. This process may make the header substantially longer | |
606 | than it was before - qualification of a list of bare addresses can | |
607 | often do this - so we stick in a newline after the re-written address | |
608 | if it has increased in length and ends more than 40 characters in. In | |
609 | fact, the code is not perfect, since it does not scan for existing | |
610 | newlines in the header, but it doesn't seem worth going to that | |
611 | amount of trouble. */ | |
612 | ||
613 | Ustrncpy(newt, prev->text, sprev - prev->text + start); | |
614 | newt += sprev - prev->text + start; | |
615 | *newt = 0; | |
616 | Ustrcat(newt, new); | |
617 | newt += newlen; | |
618 | remlen = s - (sprev + end); | |
619 | if (remlen > 0) | |
620 | { | |
621 | Ustrncpy(newt, sprev + end, remlen); | |
622 | newt += remlen; | |
623 | *newt = 0; | |
624 | } | |
625 | ||
626 | /* Must check that there isn't a newline here anyway; in particular, there | |
627 | will be one at the very end of the header, where we DON'T want to insert | |
628 | another one! The pointer s has been skipped over white space, so just | |
629 | look back to see if the last non-space-or-tab was a newline. */ | |
630 | ||
631 | if (newlen > oldlen && newt - newtstart - lastnewline > 40) | |
632 | { | |
633 | uschar *p = s - 1; | |
634 | while (p >= prev->text && (*p == ' ' || *p == '\t')) p--; | |
635 | if (*p != '\n') | |
636 | { | |
637 | lastnewline = newt - newtstart; | |
638 | Ustrcat(newt, "\n\t"); | |
639 | slen += 2; | |
640 | } | |
641 | } | |
642 | ||
643 | /* Finally, the remaining unprocessed addresses, if any. */ | |
644 | ||
645 | Ustrcat(newt, s); | |
646 | ||
647 | DEBUG(D_rewrite) debug_printf("newlen=%d newtype=%c newtext:\n%s", | |
648 | slen, type, newtstart); | |
649 | ||
650 | /* Compute the length of the rest of the header line before we possibly | |
651 | flatten a previously rewritten copy. */ | |
652 | ||
653 | remlen = (s - prev->text) - oldlen + newlen; | |
654 | ||
655 | /* We have the new text in a malloc block. That enables us to release all | |
656 | the memory that has been used, back to the point at which the function was | |
657 | entered. Then set up a new header in dynamic store. This will override a | |
658 | rewritten copy from a previous time round this loop. */ | |
659 | ||
660 | store_reset(function_reset_point); | |
661 | newh = store_get(sizeof(header_line)); | |
662 | newh->type = type; | |
663 | newh->slen = slen; | |
664 | newh->text = string_copyn(newtstart, slen); | |
665 | store_free(newtstart); | |
666 | ||
667 | /* Set up for scanning the rest of the header */ | |
668 | ||
669 | s = newh->text + remlen; | |
670 | DEBUG(D_rewrite) debug_printf("remainder: %s", (*s == 0)? US"\n" : s); | |
671 | } | |
672 | } | |
673 | ||
674 | parse_allow_group = FALSE; /* Reset group flags */ | |
675 | parse_found_group = FALSE; | |
676 | ||
677 | /* If a rewrite happened and "replace" is true, put the new header into the | |
678 | chain following the old one, and mark the old one as replaced. */ | |
679 | ||
680 | if (newh != NULL && replace) | |
681 | { | |
682 | newh->next = h->next; | |
683 | if (newh->next == NULL) header_last = newh; | |
684 | h->type = htype_old; | |
685 | h->next = newh; | |
686 | } | |
687 | ||
688 | return newh; | |
689 | } | |
690 | ||
691 | ||
692 | ||
693 | ||
694 | /************************************************* | |
695 | * Rewrite a header line * | |
696 | *************************************************/ | |
697 | ||
698 | /* This function may be passed any old header line. It must detect those which | |
699 | contain addresses, then then apply any rewriting rules that apply. If | |
700 | routed_old is NULL, only the configured rewriting rules are consulted. | |
701 | Otherwise, the rewriting rule is "change routed_old into routed_new", and it | |
702 | applies to all header lines that contain addresses. Then header-specific | |
703 | rewriting rules are applied. | |
704 | ||
705 | The old header line is flagged as "old". Old headers are saved on the spool for | |
706 | debugging but are never sent to any recipients. | |
707 | ||
708 | Arguments: | |
709 | h header line to rewrite | |
710 | routed_old if not NULL, this is a rewrite caused by a router, changing | |
711 | this domain into routed_new | |
712 | routed_new new routed domain if routed_old is not NULL | |
713 | rewrite_rules points to chain of rewrite rules | |
714 | existflags bits indicating which rewrites exist | |
715 | replace if TRUE, the new header is inserted into the header chain | |
716 | after the old one, and the old one is marked replaced | |
717 | ||
718 | Returns: NULL if header unchanged; otherwise the rewritten header | |
719 | */ | |
720 | ||
721 | header_line * | |
722 | rewrite_header(header_line *h, uschar *routed_old, uschar *routed_new, | |
723 | rewrite_rule *rewrite_rules, int existflags, BOOL replace) | |
724 | { | |
725 | switch (h->type) | |
726 | { | |
727 | case htype_sender: | |
728 | return rewrite_one_header(h, rewrite_sender, routed_old, routed_new, | |
729 | rewrite_rules, existflags, replace); | |
730 | ||
731 | case htype_from: | |
732 | return rewrite_one_header(h, rewrite_from, routed_old, routed_new, | |
733 | rewrite_rules, existflags, replace); | |
734 | ||
735 | case htype_to: | |
736 | return rewrite_one_header(h, rewrite_to, routed_old, routed_new, | |
737 | rewrite_rules, existflags, replace); | |
738 | ||
739 | case htype_cc: | |
740 | return rewrite_one_header(h, rewrite_cc, routed_old, routed_new, | |
741 | rewrite_rules, existflags, replace); | |
742 | ||
743 | case htype_bcc: | |
744 | return rewrite_one_header(h, rewrite_bcc, routed_old, routed_new, | |
745 | rewrite_rules, existflags, replace); | |
746 | ||
747 | case htype_reply_to: | |
748 | return rewrite_one_header(h, rewrite_replyto, routed_old, routed_new, | |
749 | rewrite_rules, existflags, replace); | |
750 | } | |
751 | ||
752 | return NULL; | |
753 | } | |
754 | ||
755 | ||
756 | ||
757 | /************************************************ | |
758 | * Test rewriting rules * | |
759 | ************************************************/ | |
760 | ||
761 | /* Called from the mainline as a result of the -brw option. Test the | |
762 | address for all possible cases. | |
763 | ||
764 | Argument: the address to test | |
765 | Returns: nothing | |
766 | */ | |
767 | ||
768 | void rewrite_test(uschar *s) | |
769 | { | |
770 | uschar *recipient, *error; | |
771 | int i, start, end, domain; | |
772 | BOOL done_smtp = FALSE; | |
773 | ||
774 | if (rewrite_existflags == 0) | |
775 | { | |
776 | printf("No rewrite rules are defined\n"); | |
777 | return; | |
778 | } | |
779 | ||
780 | /* Do SMTP rewrite only if a rule with the S flag exists. Allow <> by | |
781 | pretending it is a sender. */ | |
782 | ||
783 | if ((rewrite_existflags & rewrite_smtp) != 0) | |
784 | { | |
785 | uschar *new = rewrite_one(s, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE, | |
786 | US"", global_rewrite_rules); | |
787 | if (new != s) | |
788 | { | |
789 | if (*new == 0) | |
790 | printf(" SMTP: <>\n"); | |
791 | else | |
792 | printf(" SMTP: %s\n", new); | |
793 | done_smtp = TRUE; | |
794 | } | |
795 | } | |
796 | ||
797 | /* Do the other rewrites only if a rule without the S flag exists */ | |
798 | ||
799 | if ((rewrite_existflags & ~rewrite_smtp) == 0) return; | |
800 | ||
801 | /* Qualify if necessary before extracting the address */ | |
802 | ||
803 | if (parse_find_at(s) == NULL) | |
804 | s = string_sprintf("%s@%s", s, qualify_domain_recipient); | |
805 | ||
806 | recipient = parse_extract_address(s, &error, &start, &end, &domain, FALSE); | |
807 | ||
808 | if (recipient == NULL) | |
809 | { | |
810 | if (!done_smtp) | |
811 | printf("Syntax error in %s\n%c%s\n", s, toupper(error[0]), error+1); | |
812 | return; | |
813 | } | |
814 | ||
815 | for (i = 0; i < 8; i++) | |
816 | { | |
817 | BOOL whole = FALSE; | |
818 | int flag = 1 << i; | |
819 | uschar *new = rewrite_one(recipient, flag, &whole, FALSE, US"", | |
820 | global_rewrite_rules); | |
821 | printf("%s: ", rrname[i]); | |
822 | if (*new == 0) | |
823 | printf("<>\n"); | |
824 | else if (whole || (flag & rewrite_all_headers) == 0) | |
825 | printf("%s\n", CS new); | |
826 | else printf("%.*s%s%s\n", start, s, new, s+end); | |
827 | } | |
828 | } | |
829 | ||
830 | /* End of rewrite.c */ |