Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions concerned with routing, and the list of generic router options. */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
12 | ||
13 | ||
14 | ||
15 | /* Generic options for routers, all of which live inside router_instance | |
16 | data blocks and which therefore have the opt_public flag set. */ | |
13a4b4c1 | 17 | #define LOFF(field) OPT_OFF(router_instance, field) |
059ec3d9 PH |
18 | |
19 | optionlist optionlist_routers[] = { | |
20 | { "*expand_group", opt_stringptr | opt_hidden | opt_public, | |
13a4b4c1 | 21 | LOFF(expand_gid) }, |
059ec3d9 | 22 | { "*expand_more", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 23 | LOFF(expand_more) }, |
059ec3d9 | 24 | { "*expand_unseen", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 25 | LOFF(expand_unseen) }, |
059ec3d9 | 26 | { "*expand_user", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 27 | LOFF(expand_uid) }, |
059ec3d9 | 28 | { "*set_group", opt_bool | opt_hidden | opt_public, |
13a4b4c1 | 29 | LOFF(gid_set) }, |
059ec3d9 | 30 | { "*set_user", opt_bool | opt_hidden | opt_public, |
13a4b4c1 | 31 | LOFF(uid_set) }, |
059ec3d9 | 32 | { "address_data", opt_stringptr|opt_public, |
13a4b4c1 | 33 | LOFF(address_data) }, |
059ec3d9 | 34 | { "address_test", opt_bool|opt_public, |
13a4b4c1 | 35 | LOFF(address_test) }, |
8523533c TK |
36 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
37 | { "bmi_deliver_alternate", opt_bool | opt_public, | |
13a4b4c1 | 38 | LOFF(bmi_deliver_alternate) }, |
8523533c | 39 | { "bmi_deliver_default", opt_bool | opt_public, |
13a4b4c1 | 40 | LOFF(bmi_deliver_default) }, |
8523533c | 41 | { "bmi_dont_deliver", opt_bool | opt_public, |
13a4b4c1 | 42 | LOFF(bmi_dont_deliver) }, |
8523533c | 43 | { "bmi_rule", opt_stringptr|opt_public, |
13a4b4c1 | 44 | LOFF(bmi_rule) }, |
8523533c | 45 | #endif |
059ec3d9 | 46 | { "cannot_route_message", opt_stringptr | opt_public, |
13a4b4c1 | 47 | LOFF(cannot_route_message) }, |
059ec3d9 | 48 | { "caseful_local_part", opt_bool | opt_public, |
13a4b4c1 | 49 | LOFF(caseful_local_part) }, |
059ec3d9 | 50 | { "check_local_user", opt_bool | opt_public, |
13a4b4c1 | 51 | LOFF(check_local_user) }, |
846726c5 | 52 | { "condition", opt_stringptr|opt_public|opt_rep_con, |
13a4b4c1 | 53 | LOFF(condition) }, |
059ec3d9 | 54 | { "debug_print", opt_stringptr | opt_public, |
13a4b4c1 | 55 | LOFF(debug_string) }, |
059ec3d9 | 56 | { "disable_logging", opt_bool | opt_public, |
13a4b4c1 | 57 | LOFF(disable_logging) }, |
99c1bb4e | 58 | { "dnssec_request_domains", opt_stringptr|opt_public, |
13a4b4c1 | 59 | LOFF(dnssec.request) }, |
99c1bb4e | 60 | { "dnssec_require_domains", opt_stringptr|opt_public, |
13a4b4c1 | 61 | LOFF(dnssec.require) }, |
059ec3d9 | 62 | { "domains", opt_stringptr|opt_public, |
13a4b4c1 | 63 | LOFF(domains) }, |
059ec3d9 | 64 | { "driver", opt_stringptr|opt_public, |
13a4b4c1 | 65 | LOFF(driver_name) }, |
6c1c3d1d | 66 | { "dsn_lasthop", opt_bool|opt_public, |
13a4b4c1 | 67 | LOFF(dsn_lasthop) }, |
059ec3d9 | 68 | { "errors_to", opt_stringptr|opt_public, |
13a4b4c1 | 69 | LOFF(errors_to) }, |
059ec3d9 | 70 | { "expn", opt_bool|opt_public, |
13a4b4c1 | 71 | LOFF(expn) }, |
059ec3d9 | 72 | { "fail_verify", opt_bool_verify|opt_hidden|opt_public, |
13a4b4c1 | 73 | LOFF(fail_verify_sender) }, |
059ec3d9 | 74 | { "fail_verify_recipient", opt_bool|opt_public, |
13a4b4c1 | 75 | LOFF(fail_verify_recipient) }, |
059ec3d9 | 76 | { "fail_verify_sender", opt_bool|opt_public, |
13a4b4c1 | 77 | LOFF(fail_verify_sender) }, |
059ec3d9 | 78 | { "fallback_hosts", opt_stringptr|opt_public, |
13a4b4c1 | 79 | LOFF(fallback_hosts) }, |
059ec3d9 | 80 | { "group", opt_expand_gid | opt_public, |
13a4b4c1 | 81 | LOFF(gid) }, |
846726c5 | 82 | { "headers_add", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 83 | LOFF(extra_headers) }, |
846726c5 | 84 | { "headers_remove", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 85 | LOFF(remove_headers) }, |
059ec3d9 | 86 | { "ignore_target_hosts",opt_stringptr|opt_public, |
13a4b4c1 | 87 | LOFF(ignore_target_hosts) }, |
059ec3d9 | 88 | { "initgroups", opt_bool | opt_public, |
13a4b4c1 | 89 | LOFF(initgroups) }, |
059ec3d9 | 90 | { "local_part_prefix", opt_stringptr|opt_public, |
13a4b4c1 | 91 | LOFF(prefix) }, |
059ec3d9 | 92 | { "local_part_prefix_optional",opt_bool|opt_public, |
13a4b4c1 | 93 | LOFF(prefix_optional) }, |
059ec3d9 | 94 | { "local_part_suffix", opt_stringptr|opt_public, |
13a4b4c1 | 95 | LOFF(suffix) }, |
059ec3d9 | 96 | { "local_part_suffix_optional",opt_bool|opt_public, |
13a4b4c1 | 97 | LOFF(suffix_optional) }, |
059ec3d9 | 98 | { "local_parts", opt_stringptr|opt_public, |
13a4b4c1 | 99 | LOFF(local_parts) }, |
059ec3d9 | 100 | { "log_as_local", opt_bool|opt_public, |
13a4b4c1 | 101 | LOFF(log_as_local) }, |
059ec3d9 | 102 | { "more", opt_expand_bool|opt_public, |
13a4b4c1 | 103 | LOFF(more) }, |
059ec3d9 | 104 | { "pass_on_timeout", opt_bool|opt_public, |
13a4b4c1 | 105 | LOFF(pass_on_timeout) }, |
059ec3d9 | 106 | { "pass_router", opt_stringptr|opt_public, |
13a4b4c1 | 107 | LOFF(pass_router_name) }, |
059ec3d9 | 108 | { "redirect_router", opt_stringptr|opt_public, |
13a4b4c1 | 109 | LOFF(redirect_router_name) }, |
059ec3d9 | 110 | { "require_files", opt_stringptr|opt_public, |
13a4b4c1 | 111 | LOFF(require_files) }, |
059ec3d9 | 112 | { "retry_use_local_part", opt_bool|opt_public, |
13a4b4c1 | 113 | LOFF(retry_use_local_part) }, |
059ec3d9 | 114 | { "router_home_directory", opt_stringptr|opt_public, |
13a4b4c1 | 115 | LOFF(router_home_directory) }, |
059ec3d9 | 116 | { "self", opt_stringptr|opt_public, |
13a4b4c1 | 117 | LOFF(self) }, |
059ec3d9 | 118 | { "senders", opt_stringptr|opt_public, |
13a4b4c1 | 119 | LOFF(senders) }, |
fa7b17bd | 120 | { "set", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 121 | LOFF(set) }, |
059ec3d9 PH |
122 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS |
123 | { "translate_ip_address", opt_stringptr|opt_public, | |
13a4b4c1 | 124 | LOFF(translate_ip_address) }, |
059ec3d9 PH |
125 | #endif |
126 | { "transport", opt_stringptr|opt_public, | |
13a4b4c1 | 127 | LOFF(transport_name) }, |
059ec3d9 | 128 | { "transport_current_directory", opt_stringptr|opt_public, |
13a4b4c1 | 129 | LOFF(current_directory) }, |
059ec3d9 | 130 | { "transport_home_directory", opt_stringptr|opt_public, |
13a4b4c1 | 131 | LOFF(home_directory) }, |
059ec3d9 | 132 | { "unseen", opt_expand_bool|opt_public, |
13a4b4c1 | 133 | LOFF(unseen) }, |
059ec3d9 | 134 | { "user", opt_expand_uid | opt_public, |
13a4b4c1 | 135 | LOFF(uid) }, |
059ec3d9 | 136 | { "verify", opt_bool_verify|opt_hidden|opt_public, |
13a4b4c1 | 137 | LOFF(verify_sender) }, |
059ec3d9 | 138 | { "verify_only", opt_bool|opt_public, |
13a4b4c1 | 139 | LOFF(verify_only) }, |
059ec3d9 | 140 | { "verify_recipient", opt_bool|opt_public, |
13a4b4c1 | 141 | LOFF(verify_recipient) }, |
059ec3d9 | 142 | { "verify_sender", opt_bool|opt_public, |
13a4b4c1 | 143 | LOFF(verify_sender) } |
059ec3d9 PH |
144 | }; |
145 | ||
acec9514 | 146 | int optionlist_routers_size = nelem(optionlist_routers); |
059ec3d9 PH |
147 | |
148 | ||
d185889f JH |
149 | #ifdef MACRO_PREDEF |
150 | ||
5f69a529 | 151 | # include "macro_predef.h" |
d185889f | 152 | |
c0b9d3e8 | 153 | void |
d185889f | 154 | options_routers(void) |
c0b9d3e8 | 155 | { |
d185889f | 156 | uschar buf[64]; |
c0b9d3e8 | 157 | |
d185889f | 158 | options_from_list(optionlist_routers, nelem(optionlist_routers), US"ROUTERS", NULL); |
c0b9d3e8 | 159 | |
d7978c0f | 160 | for (router_info * ri = routers_available; ri->driver_name[0]; ri++) |
4945f557 | 161 | { |
cab0c277 | 162 | spf(buf, sizeof(buf), US"_DRIVER_ROUTER_%T", ri->driver_name); |
d185889f JH |
163 | builtin_macro_create(buf); |
164 | options_from_list(ri->options, (unsigned)*ri->options_count, US"ROUTER", ri->driver_name); | |
4945f557 | 165 | } |
c0b9d3e8 | 166 | } |
059ec3d9 | 167 | |
d185889f JH |
168 | #else /*!MACRO_PREDEF*/ |
169 | ||
059ec3d9 PH |
170 | /************************************************* |
171 | * Set router pointer from name * | |
172 | *************************************************/ | |
173 | ||
174 | /* This function is used for the redirect_router and pass_router options and | |
175 | called from route_init() below. | |
176 | ||
177 | Arguments: | |
178 | r the current router | |
179 | name new router name | |
180 | ptr where to put the pointer | |
181 | after TRUE if router must follow this one | |
182 | ||
183 | Returns: nothing. | |
184 | */ | |
185 | ||
186 | static void | |
187 | set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after) | |
188 | { | |
189 | BOOL afterthis = FALSE; | |
190 | router_instance *rr; | |
191 | ||
9cd12950 | 192 | for (rr = routers; rr; rr = rr->next) |
059ec3d9 PH |
193 | { |
194 | if (Ustrcmp(name, rr->name) == 0) | |
195 | { | |
196 | *ptr = rr; | |
197 | break; | |
198 | } | |
199 | if (rr == r) afterthis = TRUE; | |
200 | } | |
201 | ||
9cd12950 | 202 | if (!rr) |
059ec3d9 PH |
203 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, |
204 | "new_router \"%s\" not found for \"%s\" router", name, r->name); | |
205 | ||
206 | if (after && !afterthis) | |
207 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, | |
208 | "new_router \"%s\" does not follow \"%s\" router", name, r->name); | |
209 | } | |
210 | ||
211 | ||
212 | ||
213 | /************************************************* | |
214 | * Initialize router list * | |
215 | *************************************************/ | |
216 | ||
217 | /* Read the routers section of the configuration file, and set up a chain of | |
218 | router instances according to its contents. Each router has generic options and | |
219 | may also have its own private options. This function is only ever called when | |
220 | routers == NULL. We use generic code in readconf to do the work. It will set | |
221 | values from the configuration file, and then call the driver's initialization | |
222 | function. */ | |
223 | ||
224 | void | |
225 | route_init(void) | |
226 | { | |
059ec3d9 PH |
227 | readconf_driver_init(US"router", |
228 | (driver_instance **)(&routers), /* chain anchor */ | |
229 | (driver_info *)routers_available, /* available drivers */ | |
230 | sizeof(router_info), /* size of info blocks */ | |
231 | &router_defaults, /* default values for generic options */ | |
232 | sizeof(router_instance), /* size of instance block */ | |
233 | optionlist_routers, /* generic options */ | |
234 | optionlist_routers_size); | |
235 | ||
d7978c0f | 236 | for (router_instance * r = routers; r; r = r->next) |
059ec3d9 PH |
237 | { |
238 | uschar *s = r->self; | |
239 | ||
240 | /* If log_as_local is unset, its overall default is FALSE. (The accept | |
241 | router defaults it to TRUE.) */ | |
242 | ||
243 | if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE; | |
244 | ||
245 | /* Check for transport or no transport on certain routers */ | |
246 | ||
0fe373c1 JH |
247 | if ( (r->info->ri_flags & ri_yestransport) |
248 | && !r->transport_name && !r->verify_only) | |
059ec3d9 PH |
249 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " |
250 | "a transport is required for this router", r->name); | |
251 | ||
0fe373c1 | 252 | if ((r->info->ri_flags & ri_notransport) && r->transport_name) |
059ec3d9 PH |
253 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " |
254 | "a transport must not be defined for this router", r->name); | |
255 | ||
256 | /* The "self" option needs to be decoded into a code value and possibly a | |
257 | new domain string and a rewrite boolean. */ | |
258 | ||
259 | if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze; | |
260 | else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer; | |
261 | else if (Ustrcmp(s, "send") == 0) r->self_code = self_send; | |
262 | else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass; | |
263 | else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail; | |
264 | else if (Ustrncmp(s, "reroute:", 8) == 0) | |
265 | { | |
266 | s += 8; | |
267 | while (isspace(*s)) s++; | |
268 | if (Ustrncmp(s, "rewrite:", 8) == 0) | |
269 | { | |
270 | r->self_rewrite = TRUE; | |
271 | s += 8; | |
272 | while (isspace(*s)) s++; | |
273 | } | |
274 | r->self = s; | |
275 | r->self_code = self_reroute; | |
276 | } | |
277 | ||
278 | else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
279 | "%s is not valid for the self option", r->name, s); | |
280 | ||
281 | /* If any router has check_local_user set, default retry_use_local_part | |
282 | TRUE; otherwise its default is FALSE. */ | |
283 | ||
284 | if (r->retry_use_local_part == TRUE_UNSET) | |
dbbf21a7 JH |
285 | r->retry_use_local_part = |
286 | r->check_local_user || r->local_parts || r->condition || r->prefix || r->suffix || r->senders || r->require_files; | |
059ec3d9 PH |
287 | |
288 | /* Build a host list if fallback hosts is set. */ | |
289 | ||
290 | host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE); | |
291 | ||
292 | /* Check redirect_router and pass_router are valid */ | |
293 | ||
0fe373c1 | 294 | if (r->redirect_router_name) |
059ec3d9 PH |
295 | set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE); |
296 | ||
0fe373c1 | 297 | if (r->pass_router_name) |
059ec3d9 | 298 | set_router(r, r->pass_router_name, &(r->pass_router), TRUE); |
6c1c3d1d | 299 | |
0fe373c1 | 300 | #ifdef notdef |
9cd12950 JH |
301 | DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name, |
302 | r->dsn_lasthop ? "lasthop set" : "propagating DSN"); | |
0fe373c1 | 303 | #endif |
059ec3d9 PH |
304 | } |
305 | } | |
306 | ||
307 | ||
308 | ||
309 | /************************************************* | |
310 | * Tidy up after routing * | |
311 | *************************************************/ | |
312 | ||
313 | /* Routers are entitled to keep hold of certain resources in their instance | |
314 | blocks so as to save setting them up each time. An example is an open file. | |
315 | Such routers must provide a tidyup entry point which is called when all routing | |
316 | is finished, via this function. */ | |
317 | ||
318 | void | |
319 | route_tidyup(void) | |
320 | { | |
d7978c0f | 321 | for (router_instance * r = routers; r; r = r->next) |
9cd12950 | 322 | if (r->info->tidyup) (r->info->tidyup)(r); |
059ec3d9 PH |
323 | } |
324 | ||
325 | ||
326 | ||
327 | /************************************************* | |
328 | * Check local part for prefix * | |
329 | *************************************************/ | |
330 | ||
331 | /* This function is handed a local part and a list of possible prefixes; if any | |
332 | one matches, return the prefix length. A prefix beginning with '*' is a | |
333 | wildcard. | |
334 | ||
335 | Arguments: | |
336 | local_part the local part to check | |
337 | prefixes the list of prefixes | |
338 | ||
339 | Returns: length of matching prefix or zero | |
340 | */ | |
341 | ||
342 | int | |
55414b25 | 343 | route_check_prefix(const uschar *local_part, const uschar *prefixes) |
059ec3d9 PH |
344 | { |
345 | int sep = 0; | |
346 | uschar *prefix; | |
55414b25 | 347 | const uschar *listptr = prefixes; |
059ec3d9 PH |
348 | uschar prebuf[64]; |
349 | ||
9cd12950 | 350 | while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf)))) |
059ec3d9 PH |
351 | { |
352 | int plen = Ustrlen(prefix); | |
353 | if (prefix[0] == '*') | |
354 | { | |
059ec3d9 | 355 | prefix++; |
d7978c0f | 356 | for (const uschar * p = local_part + Ustrlen(local_part) - (--plen); |
059ec3d9 PH |
357 | p >= local_part; p--) |
358 | if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part; | |
359 | } | |
360 | else | |
361 | if (strncmpic(prefix, local_part, plen) == 0) return plen; | |
362 | } | |
363 | ||
364 | return 0; | |
365 | } | |
366 | ||
367 | ||
368 | ||
369 | /************************************************* | |
370 | * Check local part for suffix * | |
371 | *************************************************/ | |
372 | ||
373 | /* This function is handed a local part and a list of possible suffixes; | |
374 | if any one matches, return the suffix length. A suffix ending with '*' | |
375 | is a wildcard. | |
376 | ||
377 | Arguments: | |
378 | local_part the local part to check | |
379 | suffixes the list of suffixes | |
380 | ||
381 | Returns: length of matching suffix or zero | |
382 | */ | |
383 | ||
384 | int | |
55414b25 | 385 | route_check_suffix(const uschar *local_part, const uschar *suffixes) |
059ec3d9 PH |
386 | { |
387 | int sep = 0; | |
388 | int alen = Ustrlen(local_part); | |
389 | uschar *suffix; | |
55414b25 | 390 | const uschar *listptr = suffixes; |
059ec3d9 PH |
391 | uschar sufbuf[64]; |
392 | ||
9cd12950 | 393 | while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf)))) |
059ec3d9 PH |
394 | { |
395 | int slen = Ustrlen(suffix); | |
396 | if (suffix[slen-1] == '*') | |
397 | { | |
d7978c0f JH |
398 | const uschar *pend = local_part + alen - (--slen) + 1; |
399 | for (const uschar * p = local_part; p < pend; p++) | |
059ec3d9 PH |
400 | if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part); |
401 | } | |
402 | else | |
403 | if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0) | |
404 | return slen; | |
405 | } | |
406 | ||
407 | return 0; | |
408 | } | |
409 | ||
410 | ||
411 | ||
412 | ||
413 | /************************************************* | |
414 | * Check local part, domain, or sender * | |
415 | *************************************************/ | |
416 | ||
417 | /* The checks in check_router_conditions() require similar code, so we use | |
418 | this function to save repetition. | |
419 | ||
420 | Arguments: | |
421 | rname router name for error messages | |
422 | type type of check, for error message | |
423 | list domains, local_parts, or senders list | |
424 | anchorptr -> tree for possibly cached items (domains) | |
425 | cache_bits cached bits pointer | |
426 | listtype MCL_DOMAIN for domain check | |
427 | MCL_LOCALPART for local part check | |
428 | MCL_ADDRESS for sender check | |
429 | domloc current domain, current local part, or NULL for sender check | |
430 | ldata where to put lookup data | |
431 | caseless passed on to match_isinlist() | |
432 | perror where to put an error message | |
433 | ||
434 | Returns: OK item is in list | |
435 | SKIP item is not in list, router is to be skipped | |
436 | DEFER lookup or other defer | |
437 | */ | |
438 | ||
439 | static int | |
55414b25 JH |
440 | route_check_dls(uschar *rname, uschar *type, const uschar *list, |
441 | tree_node **anchorptr, unsigned int *cache_bits, int listtype, | |
442 | const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror) | |
059ec3d9 | 443 | { |
9cd12950 | 444 | if (!list) return OK; /* Empty list always succeeds */ |
059ec3d9 PH |
445 | |
446 | DEBUG(D_route) debug_printf("checking %s\n", type); | |
447 | ||
448 | /* The domain and local part use the same matching function, whereas sender | |
449 | has its own code. */ | |
450 | ||
9cd12950 JH |
451 | switch(domloc |
452 | ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype, | |
453 | caseless, ldata) | |
454 | : match_address_list(sender_address ? sender_address : US"", | |
455 | TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data) | |
456 | ) | |
059ec3d9 PH |
457 | { |
458 | case OK: | |
9cd12950 | 459 | return OK; |
059ec3d9 PH |
460 | |
461 | case FAIL: | |
9cd12950 JH |
462 | *perror = string_sprintf("%s router skipped: %s mismatch", rname, type); |
463 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
464 | return SKIP; | |
059ec3d9 PH |
465 | |
466 | default: /* Paranoia, and keeps compilers happy */ | |
467 | case DEFER: | |
9cd12950 JH |
468 | *perror = string_sprintf("%s check lookup or other defer", type); |
469 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
470 | return DEFER; | |
059ec3d9 PH |
471 | } |
472 | } | |
473 | ||
474 | ||
475 | ||
476 | /************************************************* | |
477 | * Check access by a given uid/gid * | |
478 | *************************************************/ | |
479 | ||
480 | /* This function checks whether a given uid/gid has access to a given file or | |
481 | directory. It is called only from check_files() below. This is hopefully a | |
482 | cheapish check that does the job most of the time. Exim does *not* rely on this | |
483 | test when actually accessing any file. The test is used when routing to make it | |
484 | possible to take actions such as "if user x can access file y then run this | |
485 | router". | |
486 | ||
487 | During routing, Exim is normally running as root, and so the test will work | |
488 | except for NFS non-root mounts. When verifying during message reception, Exim | |
489 | is running as "exim", so the test may not work. This is a limitation of the | |
490 | Exim design. | |
491 | ||
492 | Code in check_files() below detects the case when it cannot stat() the file (as | |
493 | root), and in that situation it uses a setuid subprocess in which to run this | |
494 | test. | |
495 | ||
496 | Arguments: | |
497 | path the path to check | |
498 | uid the user | |
499 | gid the group | |
500 | bits the bits required in the final component | |
501 | ||
502 | Returns: TRUE | |
503 | FALSE errno=EACCES or ENOENT (or others from realpath or stat) | |
504 | */ | |
505 | ||
506 | static BOOL | |
507 | route_check_access(uschar *path, uid_t uid, gid_t gid, int bits) | |
508 | { | |
509 | struct stat statbuf; | |
510 | uschar *slash; | |
511 | uschar *rp = US realpath(CS path, CS big_buffer); | |
512 | uschar *sp = rp + 1; | |
513 | ||
514 | DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path, | |
515 | (int)uid, (int)gid, bits); | |
516 | ||
9cd12950 | 517 | if (!rp) return FALSE; |
059ec3d9 | 518 | |
9cd12950 | 519 | while ((slash = Ustrchr(sp, '/'))) |
059ec3d9 PH |
520 | { |
521 | *slash = 0; | |
522 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
523 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
524 | if ((statbuf.st_mode & | |
525 | ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001) | |
526 | ) == 0) | |
527 | { | |
528 | errno = EACCES; | |
529 | return FALSE; | |
530 | } | |
531 | *slash = '/'; | |
532 | sp = slash + 1; | |
533 | } | |
534 | ||
535 | /* Down to the final component */ | |
536 | ||
537 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
538 | ||
539 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
540 | ||
541 | if (statbuf.st_uid == uid) bits = bits << 6; | |
542 | else if (statbuf.st_gid == gid) bits = bits << 3; | |
543 | if ((statbuf.st_mode & bits) != bits) | |
544 | { | |
545 | errno = EACCES; | |
546 | return FALSE; | |
547 | } | |
548 | ||
549 | DEBUG(D_route) debug_printf("route_check_access() succeeded\n"); | |
550 | return TRUE; | |
551 | } | |
552 | ||
553 | ||
554 | ||
555 | /************************************************* | |
556 | * Do file existence tests * | |
557 | *************************************************/ | |
558 | ||
559 | /* This function is given a colon-separated list of file tests, each of which | |
560 | is expanded before use. A test consists of a file name, optionally preceded by | |
561 | ! (require non-existence) and/or + for handling permission denied (+ means | |
562 | treat as non-existing). | |
563 | ||
564 | An item that contains no slashes is interpreted as a username or id, with an | |
565 | optional group id, for checking access to the file. This cannot be done | |
566 | "perfectly", but it is good enough for a number of applications. | |
567 | ||
568 | Arguments: | |
569 | s a colon-separated list of file tests or NULL | |
570 | perror a pointer to an anchor for an error text in the case of a DEFER | |
571 | ||
572 | Returns: OK if s == NULL or all tests are as required | |
573 | DEFER if the existence of at least one of the files is | |
574 | unclear (an error other than non-existence occurred); | |
575 | DEFER if an expansion failed | |
576 | DEFER if a name is not absolute | |
577 | DEFER if problems with user/group | |
578 | SKIP otherwise | |
579 | */ | |
580 | ||
55414b25 JH |
581 | static int |
582 | check_files(const uschar *s, uschar **perror) | |
059ec3d9 PH |
583 | { |
584 | int sep = 0; /* List has default separators */ | |
585 | uid_t uid = 0; /* For picky compilers */ | |
586 | gid_t gid = 0; /* For picky compilers */ | |
587 | BOOL ugid_set = FALSE; | |
55414b25 JH |
588 | const uschar *listptr; |
589 | uschar *check; | |
059ec3d9 PH |
590 | uschar buffer[1024]; |
591 | ||
9cd12950 | 592 | if (!s) return OK; |
059ec3d9 PH |
593 | |
594 | DEBUG(D_route) debug_printf("checking require_files\n"); | |
595 | ||
596 | listptr = s; | |
55414b25 | 597 | while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))) |
059ec3d9 PH |
598 | { |
599 | int rc; | |
600 | int eacces_code = 0; | |
601 | BOOL invert = FALSE; | |
602 | struct stat statbuf; | |
603 | uschar *ss = expand_string(check); | |
604 | ||
9cd12950 | 605 | if (!ss) |
059ec3d9 | 606 | { |
8768d548 | 607 | if (f.expand_string_forcedfail) continue; |
059ec3d9 PH |
608 | *perror = string_sprintf("failed to expand \"%s\" for require_files: %s", |
609 | check, expand_string_message); | |
610 | goto RETURN_DEFER; | |
611 | } | |
612 | ||
613 | /* Empty items are just skipped */ | |
614 | ||
615 | if (*ss == 0) continue; | |
616 | ||
617 | /* If there are no slashes in the string, we have a user name or uid, with | |
618 | optional group/gid. */ | |
619 | ||
620 | if (Ustrchr(ss, '/') == NULL) | |
621 | { | |
622 | BOOL ok; | |
623 | struct passwd *pw; | |
624 | uschar *comma = Ustrchr(ss, ','); | |
625 | ||
626 | /* If there's a comma, temporarily terminate the user name/number | |
627 | at that point. Then set the uid. */ | |
628 | ||
629 | if (comma != NULL) *comma = 0; | |
630 | ok = route_finduser(ss, &pw, &uid); | |
631 | if (comma != NULL) *comma = ','; | |
632 | ||
633 | if (!ok) | |
634 | { | |
635 | *perror = string_sprintf("user \"%s\" for require_files not found", ss); | |
636 | goto RETURN_DEFER; | |
637 | } | |
638 | ||
639 | /* If there was no comma, the gid is that associated with the user. */ | |
640 | ||
641 | if (comma == NULL) | |
642 | { | |
643 | if (pw != NULL) gid = pw->pw_gid; else | |
644 | { | |
645 | *perror = string_sprintf("group missing after numerical uid %d for " | |
646 | "require_files", (int)uid); | |
647 | goto RETURN_DEFER; | |
648 | } | |
649 | } | |
650 | else | |
651 | { | |
652 | if (!route_findgroup(comma + 1, &gid)) | |
653 | { | |
654 | *perror = string_sprintf("group \"%s\" for require_files not found\n", | |
655 | comma + 1); | |
656 | goto RETURN_DEFER; | |
657 | } | |
658 | } | |
659 | ||
660 | /* Note that we have values set, and proceed to next item */ | |
661 | ||
662 | DEBUG(D_route) | |
663 | debug_printf("check subsequent files for access by %s\n", ss); | |
664 | ugid_set = TRUE; | |
665 | continue; | |
666 | } | |
667 | ||
668 | /* Path, possibly preceded by + and ! */ | |
669 | ||
670 | if (*ss == '+') | |
671 | { | |
672 | eacces_code = 1; | |
673 | while (isspace((*(++ss)))); | |
674 | } | |
675 | ||
676 | if (*ss == '!') | |
677 | { | |
678 | invert = TRUE; | |
679 | while (isspace((*(++ss)))); | |
680 | } | |
681 | ||
682 | if (*ss != '/') | |
683 | { | |
684 | *perror = string_sprintf("require_files: \"%s\" is not absolute", ss); | |
685 | goto RETURN_DEFER; | |
686 | } | |
687 | ||
688 | /* Stat the file, either as root (while routing) or as exim (while verifying | |
689 | during message reception). */ | |
690 | ||
691 | rc = Ustat(ss, &statbuf); | |
692 | ||
693 | DEBUG(D_route) | |
694 | { | |
695 | debug_printf("file check: %s\n", check); | |
696 | if (ss != check) debug_printf("expanded file: %s\n", ss); | |
697 | debug_printf("stat() yielded %d\n", rc); | |
698 | } | |
699 | ||
700 | /* If permission is denied, and we are running as root (i.e. routing for | |
701 | delivery rather than verifying), and the requirement is to test for access by | |
702 | a particular uid/gid, it must mean that the file is on a non-root-mounted NFS | |
703 | system. In this case, we have to use a subprocess that runs as the relevant | |
704 | uid in order to do the test. */ | |
705 | ||
706 | if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid) | |
707 | { | |
708 | int status; | |
709 | pid_t pid; | |
710 | void (*oldsignal)(int); | |
711 | ||
712 | DEBUG(D_route) debug_printf("root is denied access: forking to check " | |
713 | "in subprocess\n"); | |
714 | ||
715 | /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so | |
716 | that the child process can be waited for, just in case get here with it set | |
717 | otherwise. Save the old state for resetting on the wait. */ | |
718 | ||
719 | oldsignal = signal(SIGCHLD, SIG_DFL); | |
720 | pid = fork(); | |
721 | ||
722 | /* If fork() fails, reinstate the original error and behave as if | |
4c04137d | 723 | this block of code were not present. This is the same behaviour as happens |
059ec3d9 PH |
724 | when Exim is not running as root at this point. */ |
725 | ||
726 | if (pid < 0) | |
727 | { | |
728 | DEBUG(D_route) | |
729 | debug_printf("require_files: fork failed: %s\n", strerror(errno)); | |
730 | errno = EACCES; | |
731 | goto HANDLE_ERROR; | |
732 | } | |
733 | ||
734 | /* In the child process, change uid and gid, and then do the check using | |
735 | the route_check_access() function. This does more than just stat the file; | |
736 | it tests permissions as well. Return 0 for OK and 1 for failure. */ | |
737 | ||
738 | if (pid == 0) | |
739 | { | |
740 | exim_setugid(uid, gid, TRUE, | |
741 | string_sprintf("require_files check, file=%s", ss)); | |
f3ebb786 JH |
742 | if (route_check_access(ss, uid, gid, 4)) |
743 | exim_underbar_exit(0); | |
059ec3d9 | 744 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); |
f3ebb786 | 745 | exim_underbar_exit(1); |
059ec3d9 PH |
746 | } |
747 | ||
748 | /* In the parent, wait for the child to finish */ | |
749 | ||
750 | while (waitpid(pid, &status, 0) < 0) | |
059ec3d9 PH |
751 | if (errno != EINTR) /* unexpected error, interpret as failure */ |
752 | { | |
753 | status = 1; | |
754 | break; | |
755 | } | |
059ec3d9 PH |
756 | |
757 | signal(SIGCHLD, oldsignal); /* restore */ | |
758 | if ((status == 0) == invert) return SKIP; | |
759 | continue; /* to test the next file */ | |
760 | } | |
761 | ||
762 | /* Control reaches here if the initial stat() succeeds, or fails with an | |
763 | error other than EACCES, or no uid/gid is set, or we are not running as root. | |
764 | If we know the file exists and uid/gid are set, try to check read access for | |
765 | that uid/gid as best we can. */ | |
766 | ||
767 | if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4)) | |
768 | { | |
769 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); | |
770 | rc = -1; | |
771 | } | |
772 | ||
4c04137d | 773 | /* Handle error returns from stat() or route_check_access(). The EACCES error |
059ec3d9 PH |
774 | is handled specially. At present, we can force it to be treated as |
775 | non-existence. Write the code so that it will be easy to add forcing for | |
776 | existence if required later. */ | |
777 | ||
778 | HANDLE_ERROR: | |
779 | if (rc < 0) | |
780 | { | |
781 | DEBUG(D_route) debug_printf("errno = %d\n", errno); | |
782 | if (errno == EACCES) | |
783 | { | |
784 | if (eacces_code == 1) | |
785 | { | |
786 | DEBUG(D_route) debug_printf("EACCES => ENOENT\n"); | |
787 | errno = ENOENT; /* Treat as non-existent */ | |
788 | } | |
789 | } | |
790 | if (errno != ENOENT) | |
791 | { | |
792 | *perror = string_sprintf("require_files: error for %s: %s", ss, | |
793 | strerror(errno)); | |
794 | goto RETURN_DEFER; | |
795 | } | |
796 | } | |
797 | ||
798 | /* At this point, rc < 0 => non-existence; rc >= 0 => existence */ | |
799 | ||
800 | if ((rc >= 0) == invert) return SKIP; | |
801 | } | |
802 | ||
803 | return OK; | |
804 | ||
805 | /* Come here on any of the errors that return DEFER. */ | |
806 | ||
807 | RETURN_DEFER: | |
808 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
809 | return DEFER; | |
810 | } | |
811 | ||
812 | ||
813 | ||
814 | ||
815 | ||
816 | /************************************************* | |
817 | * Check for router skipping * | |
818 | *************************************************/ | |
819 | ||
820 | /* This function performs various checks to see whether a router should be | |
821 | skipped. The order in which they are performed is important. | |
822 | ||
823 | Arguments: | |
824 | r pointer to router instance block | |
825 | addr address that is being handled | |
826 | verify the verification type | |
827 | pw ptr to ptr to passwd structure for local user | |
828 | perror for lookup errors | |
829 | ||
830 | Returns: OK if all the tests succeed | |
831 | SKIP if router is to be skipped | |
832 | DEFER for a lookup defer | |
833 | FAIL for address to be failed | |
834 | */ | |
835 | ||
836 | static BOOL | |
837 | check_router_conditions(router_instance *r, address_item *addr, int verify, | |
838 | struct passwd **pw, uschar **perror) | |
839 | { | |
840 | int rc; | |
841 | uschar *check_local_part; | |
06864c44 | 842 | unsigned int *localpart_cache; |
059ec3d9 PH |
843 | |
844 | /* Reset variables to hold a home directory and data from lookup of a domain or | |
845 | local part, and ensure search_find_defer is unset, in case there aren't any | |
846 | actual lookups. */ | |
847 | ||
848 | deliver_home = NULL; | |
849 | deliver_domain_data = NULL; | |
850 | deliver_localpart_data = NULL; | |
851 | sender_data = NULL; | |
852 | local_user_gid = (gid_t)(-1); | |
853 | local_user_uid = (uid_t)(-1); | |
8768d548 | 854 | f.search_find_defer = FALSE; |
059ec3d9 PH |
855 | |
856 | /* Skip this router if not verifying and it has verify_only set */ | |
857 | ||
858 | if ((verify == v_none || verify == v_expn) && r->verify_only) | |
859 | { | |
860 | DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name); | |
861 | return SKIP; | |
862 | } | |
863 | ||
864 | /* Skip this router if testing an address (-bt) and address_test is not set */ | |
865 | ||
8768d548 | 866 | if (f.address_test_mode && !r->address_test) |
059ec3d9 PH |
867 | { |
868 | DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n", | |
869 | r->name); | |
870 | return SKIP; | |
871 | } | |
872 | ||
873 | /* Skip this router if verifying and it hasn't got the appropriate verify flag | |
874 | set. */ | |
875 | ||
876 | if ((verify == v_sender && !r->verify_sender) || | |
877 | (verify == v_recipient && !r->verify_recipient)) | |
878 | { | |
879 | DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n", | |
880 | r->name, verify, r->verify_sender, r->verify_recipient); | |
881 | return SKIP; | |
882 | } | |
883 | ||
884 | /* Skip this router if processing EXPN and it doesn't have expn set */ | |
885 | ||
886 | if (verify == v_expn && !r->expn) | |
887 | { | |
888 | DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name); | |
889 | return SKIP; | |
890 | } | |
891 | ||
892 | /* Skip this router if there's a domain mismatch. */ | |
893 | ||
894 | if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor, | |
55414b25 JH |
895 | addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data, |
896 | MCL_DOMAIN, perror)) != OK) | |
059ec3d9 PH |
897 | return rc; |
898 | ||
899 | /* Skip this router if there's a local part mismatch. We want to pass over the | |
900 | caseful local part, so that +caseful can restore it, even if this router is | |
901 | handling local parts caselessly. However, we can't just pass cc_local_part, | |
902 | because that doesn't have the prefix or suffix stripped. A bit of massaging is | |
06864c44 TF |
903 | required. Also, we only use the match cache for local parts that have not had |
904 | a prefix or suffix stripped. */ | |
059ec3d9 | 905 | |
9cd12950 | 906 | if (!addr->prefix && !addr->suffix) |
06864c44 TF |
907 | { |
908 | localpart_cache = addr->localpart_cache; | |
059ec3d9 | 909 | check_local_part = addr->cc_local_part; |
06864c44 | 910 | } |
059ec3d9 PH |
911 | else |
912 | { | |
06864c44 | 913 | localpart_cache = NULL; |
059ec3d9 | 914 | check_local_part = string_copy(addr->cc_local_part); |
9cd12950 | 915 | if (addr->prefix) |
059ec3d9 | 916 | check_local_part += Ustrlen(addr->prefix); |
9cd12950 | 917 | if (addr->suffix) |
059ec3d9 PH |
918 | check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0; |
919 | } | |
920 | ||
921 | if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts, | |
06864c44 | 922 | &localpartlist_anchor, localpart_cache, MCL_LOCALPART, |
55414b25 JH |
923 | check_local_part, CUSS &deliver_localpart_data, |
924 | !r->caseful_local_part, perror)) != OK) | |
059ec3d9 PH |
925 | return rc; |
926 | ||
927 | /* If the check_local_user option is set, check that the local_part is the | |
928 | login of a local user. Note: the third argument to route_finduser() must be | |
929 | NULL here, to prevent a numeric string being taken as a numeric uid. If the | |
930 | user is found, set deliver_home to the home directory, and also set | |
163144aa | 931 | local_user_{uid,gid} and local_part_verified. */ |
059ec3d9 PH |
932 | |
933 | if (r->check_local_user) | |
934 | { | |
935 | DEBUG(D_route) debug_printf("checking for local user\n"); | |
936 | if (!route_finduser(addr->local_part, pw, NULL)) | |
937 | { | |
938 | DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n", | |
939 | r->name, addr->local_part); | |
940 | return SKIP; | |
941 | } | |
163144aa | 942 | deliver_localpart_verified = string_copy(US (*pw)->pw_name); |
059ec3d9 PH |
943 | deliver_home = string_copy(US (*pw)->pw_dir); |
944 | local_user_gid = (*pw)->pw_gid; | |
945 | local_user_uid = (*pw)->pw_uid; | |
946 | } | |
947 | ||
948 | /* Set (or override in the case of check_local_user) the home directory if | |
949 | router_home_directory is set. This is done here so that it overrides $home from | |
950 | check_local_user before any subsequent expansions are done. Otherwise, $home | |
951 | could mean different things for different options, which would be extremely | |
952 | confusing. */ | |
953 | ||
9cd12950 | 954 | if (r->router_home_directory) |
059ec3d9 PH |
955 | { |
956 | uschar *router_home = expand_string(r->router_home_directory); | |
9cd12950 | 957 | if (!router_home) |
059ec3d9 | 958 | { |
8768d548 | 959 | if (!f.expand_string_forcedfail) |
059ec3d9 PH |
960 | { |
961 | *perror = string_sprintf("failed to expand \"%s\" for " | |
962 | "router_home_directory: %s", r->router_home_directory, | |
963 | expand_string_message); | |
964 | return DEFER; | |
965 | } | |
966 | } | |
967 | else | |
968 | { | |
969 | setflag(addr, af_home_expanded); /* Note set from router_home_directory */ | |
970 | deliver_home = router_home; | |
971 | } | |
972 | } | |
973 | ||
974 | /* Skip if the sender condition is not met. We leave this one till after the | |
4c04137d | 975 | local user check so that $home is set - enabling the possibility of letting |
059ec3d9 PH |
976 | individual recipients specify lists of acceptable/unacceptable senders. */ |
977 | ||
978 | if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL, | |
979 | sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK) | |
980 | return rc; | |
981 | ||
982 | /* This is the point at which we print out the router's debugging string if it | |
983 | is set. We wait till here so as to have $home available for local users (and | |
984 | anyway, we don't want too much stuff for skipped routers). */ | |
985 | ||
986 | debug_print_string(r->debug_string); | |
987 | ||
988 | /* Perform file existence tests. */ | |
989 | ||
990 | if ((rc = check_files(r->require_files, perror)) != OK) | |
991 | { | |
992 | DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name, | |
993 | (rc == SKIP)? "skipped" : "deferred"); | |
994 | return rc; | |
995 | } | |
996 | ||
997 | /* Now the general condition test. */ | |
998 | ||
9cd12950 | 999 | if (r->condition) |
059ec3d9 | 1000 | { |
adaa0e2c | 1001 | DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition); |
059ec3d9 PH |
1002 | if (!expand_check_condition(r->condition, r->name, US"router")) |
1003 | { | |
8768d548 | 1004 | if (f.search_find_defer) |
059ec3d9 PH |
1005 | { |
1006 | *perror = US"condition check lookup defer"; | |
1007 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
1008 | return DEFER; | |
1009 | } | |
1010 | DEBUG(D_route) | |
1011 | debug_printf("%s router skipped: condition failure\n", r->name); | |
1012 | return SKIP; | |
1013 | } | |
1014 | } | |
1015 | ||
8523533c TK |
1016 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
1017 | /* check if a specific Brightmail AntiSpam rule fired on the message */ | |
9cd12950 JH |
1018 | if (r->bmi_rule) |
1019 | { | |
8523533c | 1020 | DEBUG(D_route) debug_printf("checking bmi_rule\n"); |
9cd12950 JH |
1021 | if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0) |
1022 | { /* none of the rules fired */ | |
8523533c TK |
1023 | DEBUG(D_route) |
1024 | debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name); | |
1025 | return SKIP; | |
9cd12950 JH |
1026 | } |
1027 | } | |
8523533c TK |
1028 | |
1029 | /* check if message should not be delivered */ | |
9cd12950 JH |
1030 | if (r->bmi_dont_deliver && bmi_deliver == 1) |
1031 | { | |
1032 | DEBUG(D_route) | |
1033 | debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name); | |
1034 | return SKIP; | |
1035 | } | |
8523533c TK |
1036 | |
1037 | /* check if message should go to an alternate location */ | |
9cd12950 JH |
1038 | if ( r->bmi_deliver_alternate |
1039 | && (bmi_deliver == 0 || !bmi_alt_location) | |
1040 | ) | |
1041 | { | |
1042 | DEBUG(D_route) | |
1043 | debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name); | |
1044 | return SKIP; | |
1045 | } | |
8523533c TK |
1046 | |
1047 | /* check if message should go to default location */ | |
9cd12950 JH |
1048 | if ( r->bmi_deliver_default |
1049 | && (bmi_deliver == 0 || bmi_alt_location) | |
1050 | ) | |
1051 | { | |
1052 | DEBUG(D_route) | |
1053 | debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name); | |
1054 | return SKIP; | |
1055 | } | |
8523533c TK |
1056 | #endif |
1057 | ||
059ec3d9 PH |
1058 | /* All the checks passed. */ |
1059 | ||
1060 | return OK; | |
1061 | } | |
1062 | ||
1063 | ||
1064 | ||
1065 | ||
1066 | /************************************************* | |
1067 | * Find a local user * | |
1068 | *************************************************/ | |
1069 | ||
1070 | /* Try several times (if configured) to find a local user, in case delays in | |
1071 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam() | |
1072 | doesn't have some kind of indication as to why it has failed. If the string | |
1073 | given consists entirely of digits, and the third argument is not NULL, assume | |
1074 | the string is the numerical value of the uid. Otherwise it is looked up using | |
1075 | getpwnam(). The uid is passed back via return_uid, if not NULL, and the | |
1076 | pointer to a passwd structure, if found, is passed back via pw, if not NULL. | |
1077 | ||
1078 | Because this may be called several times in succession for the same user for | |
1079 | different routers, cache the result of the previous getpwnam call so that it | |
1080 | can be re-used. Note that we can't just copy the structure, as the store it | |
1081 | points to can get trashed. | |
1082 | ||
1083 | Arguments: | |
1084 | s the login name or textual form of the numerical uid of the user | |
1085 | pw if not NULL, return the result of getpwnam here, or set NULL | |
1086 | if no call to getpwnam is made (s numeric, return_uid != NULL) | |
1087 | return_uid if not NULL, return the uid via this address | |
1088 | ||
1089 | Returns: TRUE if s is numerical or was looked up successfully | |
1090 | ||
1091 | */ | |
1092 | ||
1093 | static struct passwd pwcopy; | |
1094 | static struct passwd *lastpw = NULL; | |
1095 | static uschar lastname[48] = { 0 }; | |
1096 | static uschar lastdir[128]; | |
1097 | static uschar lastgecos[128]; | |
1098 | static uschar lastshell[128]; | |
1099 | ||
1100 | BOOL | |
55414b25 | 1101 | route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid) |
059ec3d9 | 1102 | { |
d8fe1c03 PH |
1103 | BOOL cache_set = (Ustrcmp(lastname, s) == 0); |
1104 | ||
1105 | DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s, | |
f3ebb786 | 1106 | cache_set ? "using cached result" : "cache not available"); |
d8fe1c03 PH |
1107 | |
1108 | if (!cache_set) | |
059ec3d9 PH |
1109 | { |
1110 | int i = 0; | |
1111 | ||
9cd12950 | 1112 | if (return_uid && (isdigit(*s) || *s == '-') && |
059ec3d9 PH |
1113 | s[Ustrspn(s+1, "0123456789")+1] == 0) |
1114 | { | |
1115 | *return_uid = (uid_t)Uatoi(s); | |
9cd12950 | 1116 | if (pw) *pw = NULL; |
059ec3d9 PH |
1117 | return TRUE; |
1118 | } | |
1119 | ||
f3ebb786 | 1120 | string_format_nt(lastname, sizeof(lastname), "%s", s); |
059ec3d9 PH |
1121 | |
1122 | /* Force failure if string length is greater than given maximum */ | |
1123 | ||
1124 | if (max_username_length > 0 && Ustrlen(lastname) > max_username_length) | |
1125 | { | |
1126 | DEBUG(D_uid) debug_printf("forced failure of finduser(): string " | |
1127 | "length of %s is greater than %d\n", lastname, max_username_length); | |
1128 | lastpw = NULL; | |
1129 | } | |
1130 | ||
1131 | /* Try a few times if so configured; this handles delays in NIS etc. */ | |
1132 | ||
1133 | else for (;;) | |
1134 | { | |
73a6bc4b | 1135 | errno = 0; |
9cd12950 | 1136 | if ((lastpw = getpwnam(CS s))) break; |
059ec3d9 PH |
1137 | if (++i > finduser_retries) break; |
1138 | sleep(1); | |
1139 | } | |
1140 | ||
9cd12950 | 1141 | if (lastpw) |
059ec3d9 PH |
1142 | { |
1143 | pwcopy.pw_uid = lastpw->pw_uid; | |
1144 | pwcopy.pw_gid = lastpw->pw_gid; | |
1145 | (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir); | |
1146 | (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos); | |
1147 | (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell); | |
1148 | pwcopy.pw_name = CS lastname; | |
1149 | pwcopy.pw_dir = CS lastdir; | |
1150 | pwcopy.pw_gecos = CS lastgecos; | |
1151 | pwcopy.pw_shell = CS lastshell; | |
1152 | lastpw = &pwcopy; | |
1153 | } | |
d8fe1c03 | 1154 | |
9cd12950 JH |
1155 | else DEBUG(D_uid) if (errno != 0) |
1156 | debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno)); | |
d8fe1c03 PH |
1157 | } |
1158 | ||
9cd12950 | 1159 | if (!lastpw) |
d8fe1c03 PH |
1160 | { |
1161 | DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n"); | |
1162 | return FALSE; | |
059ec3d9 | 1163 | } |
9cd12950 JH |
1164 | |
1165 | DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n", | |
d8fe1c03 | 1166 | lastpw->pw_uid, lastpw->pw_gid); |
059ec3d9 | 1167 | |
9cd12950 JH |
1168 | if (return_uid) *return_uid = lastpw->pw_uid; |
1169 | if (pw) *pw = lastpw; | |
059ec3d9 PH |
1170 | |
1171 | return TRUE; | |
1172 | } | |
1173 | ||
1174 | ||
1175 | ||
1176 | ||
1177 | /************************************************* | |
1178 | * Find a local group * | |
1179 | *************************************************/ | |
1180 | ||
1181 | /* Try several times (if configured) to find a local group, in case delays in | |
1182 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam() | |
1183 | doesn't have some kind of indication as to why it has failed. | |
1184 | ||
1185 | Arguments: | |
4c04137d | 1186 | s the group name or textual form of the numerical gid |
059ec3d9 PH |
1187 | return_gid return the gid via this address |
1188 | ||
1189 | Returns: TRUE if the group was found; FALSE otherwise | |
1190 | ||
1191 | */ | |
1192 | ||
1193 | BOOL | |
1194 | route_findgroup(uschar *s, gid_t *return_gid) | |
1195 | { | |
1196 | int i = 0; | |
1197 | struct group *gr; | |
1198 | ||
1199 | if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0) | |
1200 | { | |
1201 | *return_gid = (gid_t)Uatoi(s); | |
1202 | return TRUE; | |
1203 | } | |
1204 | ||
1205 | for (;;) | |
1206 | { | |
9cd12950 | 1207 | if ((gr = getgrnam(CS s))) |
059ec3d9 PH |
1208 | { |
1209 | *return_gid = gr->gr_gid; | |
1210 | return TRUE; | |
1211 | } | |
1212 | if (++i > finduser_retries) break; | |
1213 | sleep(1); | |
1214 | } | |
1215 | ||
1216 | return FALSE; | |
1217 | } | |
1218 | ||
1219 | ||
1220 | ||
1221 | ||
1222 | /************************************************* | |
1223 | * Find user by expanding string * | |
1224 | *************************************************/ | |
1225 | ||
1226 | /* Expands a string, and then looks up the result in the passwd file. | |
1227 | ||
1228 | Arguments: | |
1229 | string the string to be expanded, yielding a login name or a numerical | |
1230 | uid value (to be passed to route_finduser()) | |
1231 | driver_name caller name for panic error message (only) | |
1232 | driver_type caller type for panic error message (only) | |
1233 | pw return passwd entry via this pointer | |
1234 | uid return uid via this pointer | |
1235 | errmsg where to point a message on failure | |
1236 | ||
1237 | Returns: TRUE if user found, FALSE otherwise | |
1238 | */ | |
1239 | ||
1240 | BOOL | |
1241 | route_find_expanded_user(uschar *string, uschar *driver_name, | |
1242 | uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg) | |
1243 | { | |
1244 | uschar *user = expand_string(string); | |
1245 | ||
9cd12950 | 1246 | if (!user) |
059ec3d9 PH |
1247 | { |
1248 | *errmsg = string_sprintf("Failed to expand user string \"%s\" for the " | |
1249 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1250 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1251 | return FALSE; | |
1252 | } | |
1253 | ||
1254 | if (route_finduser(user, pw, uid)) return TRUE; | |
1255 | ||
1256 | *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string " | |
1257 | "\"%s\" for the %s %s", user, string, driver_name, driver_type); | |
1258 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1259 | return FALSE; | |
1260 | } | |
1261 | ||
1262 | ||
1263 | ||
1264 | /************************************************* | |
1265 | * Find group by expanding string * | |
1266 | *************************************************/ | |
1267 | ||
1268 | /* Expands a string and then looks up the result in the group file. | |
1269 | ||
1270 | Arguments: | |
1271 | string the string to be expanded, yielding a group name or a numerical | |
1272 | gid value (to be passed to route_findgroup()) | |
1273 | driver_name caller name for panic error message (only) | |
1274 | driver_type caller type for panic error message (only) | |
1275 | gid return gid via this pointer | |
1276 | errmsg return error message via this pointer | |
1277 | ||
1278 | Returns: TRUE if found group, FALSE otherwise | |
1279 | */ | |
1280 | ||
1281 | BOOL | |
1282 | route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type, | |
1283 | gid_t *gid, uschar **errmsg) | |
1284 | { | |
1285 | BOOL yield = TRUE; | |
1286 | uschar *group = expand_string(string); | |
1287 | ||
9cd12950 | 1288 | if (!group) |
059ec3d9 PH |
1289 | { |
1290 | *errmsg = string_sprintf("Failed to expand group string \"%s\" for the " | |
1291 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1292 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1293 | return FALSE; | |
1294 | } | |
1295 | ||
1296 | if (!route_findgroup(group, gid)) | |
1297 | { | |
1298 | *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string " | |
1299 | "\"%s\" for the %s %s", group, string, driver_name, driver_type); | |
1300 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1301 | yield = FALSE; | |
1302 | } | |
1303 | ||
1304 | return yield; | |
1305 | } | |
1306 | ||
1307 | ||
1308 | ||
059ec3d9 PH |
1309 | /************************************************* |
1310 | * Handle an unseen routing * | |
1311 | *************************************************/ | |
1312 | ||
1313 | /* This function is called when an address is routed by a router with "unseen" | |
1314 | set. It must make a clone of the address, for handling by subsequent drivers. | |
1315 | The clone is set to start routing at the next router. | |
1316 | ||
1317 | The original address must be replaced by an invented "parent" which has the | |
1318 | routed address plus the clone as its children. This is necessary in case the | |
1319 | address is at the top level - we don't want to mark it complete until both | |
1320 | deliveries have been done. | |
1321 | ||
1322 | A new unique field must be made, so that the record of the delivery isn't a | |
1323 | record of the original address, and checking for already delivered has | |
1324 | therefore to be done here. If the delivery has happened, then take the base | |
1325 | address off whichever delivery queue it is on - it will always be the top item. | |
1326 | ||
1327 | Arguments: | |
1328 | name router name | |
1329 | addr address that was routed | |
1330 | paddr_local chain of local-delivery addresses | |
1331 | paddr_remote chain of remote-delivery addresses | |
1332 | addr_new chain for newly created addresses | |
1333 | ||
1334 | Returns: nothing | |
1335 | */ | |
1336 | ||
1337 | static void | |
1338 | route_unseen(uschar *name, address_item *addr, address_item **paddr_local, | |
1339 | address_item **paddr_remote, address_item **addr_new) | |
1340 | { | |
1341 | address_item *parent = deliver_make_addr(addr->address, TRUE); | |
1342 | address_item *new = deliver_make_addr(addr->address, TRUE); | |
1343 | ||
1344 | /* The invented parent is a copy that replaces the original; note that | |
1345 | this copies its parent pointer. It has two children, and its errors_address is | |
1346 | from the original address' parent, if present, otherwise unset. */ | |
1347 | ||
1348 | *parent = *addr; | |
1349 | parent->child_count = 2; | |
d43cbe25 | 1350 | parent->prop.errors_address = |
9cd12950 | 1351 | addr->parent ? addr->parent->prop.errors_address : NULL; |
059ec3d9 PH |
1352 | |
1353 | /* The routed address gets a new parent. */ | |
1354 | ||
1355 | addr->parent = parent; | |
1356 | ||
1357 | /* The clone has this parent too. Set its errors address from the parent. This | |
1358 | was set from the original parent (or to NULL) - see above. We do NOT want to | |
1359 | take the errors address from the unseen router. */ | |
1360 | ||
1361 | new->parent = parent; | |
d43cbe25 | 1362 | new->prop.errors_address = parent->prop.errors_address; |
059ec3d9 PH |
1363 | |
1364 | /* Copy the propagated flags and address_data from the original. */ | |
1365 | ||
7eb0e5d2 | 1366 | new->prop.ignore_error = addr->prop.ignore_error; |
d43cbe25 | 1367 | new->prop.address_data = addr->prop.address_data; |
b4f579d1 JH |
1368 | new->prop.variables = NULL; |
1369 | tree_dup((tree_node **)&new->prop.variables, addr->prop.variables); | |
6c1c3d1d WB |
1370 | new->dsn_flags = addr->dsn_flags; |
1371 | new->dsn_orcpt = addr->dsn_orcpt; | |
059ec3d9 PH |
1372 | |
1373 | ||
1374 | /* As it has turned out, we haven't set headers_add or headers_remove for the | |
1375 | * clone. Thinking about it, it isn't entirely clear whether they should be | |
1376 | * copied from the original parent, like errors_address, or taken from the | |
1377 | * unseen router, like address_data and the flags. Until somebody brings this | |
1378 | * up, I propose to leave the code as it is. | |
1379 | */ | |
1380 | ||
1381 | ||
1382 | /* Set the cloned address to start at the next router, and put it onto the | |
1383 | chain of new addresses. */ | |
1384 | ||
1385 | new->start_router = addr->router->next; | |
1386 | new->next = *addr_new; | |
1387 | *addr_new = new; | |
1388 | ||
1389 | DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address); | |
1390 | ||
1391 | /* Make a new unique field, to distinguish from the normal one. */ | |
1392 | ||
1393 | addr->unique = string_sprintf("%s/%s", addr->unique, name); | |
1394 | ||
1395 | /* If the address has been routed to a transport, see if it was previously | |
1396 | delivered. If so, we take it off the relevant queue so that it isn't delivered | |
1397 | again. Otherwise, it was an alias or something, and the addresses it generated | |
1398 | are handled in the normal way. */ | |
1399 | ||
9cd12950 | 1400 | if (addr->transport && tree_search(tree_nonrecipients, addr->unique)) |
059ec3d9 PH |
1401 | { |
1402 | DEBUG(D_route) | |
1403 | debug_printf("\"unseen\" delivery previously done - discarded\n"); | |
1404 | parent->child_count--; | |
1405 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1406 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1407 | } | |
1408 | } | |
1409 | ||
1410 | ||
1411 | ||
b4f579d1 JH |
1412 | /************************************************/ |
1413 | /* Add router-assigned variables | |
1414 | Return OK/DEFER/FAIL/PASS */ | |
1415 | ||
1416 | static int | |
1417 | set_router_vars(address_item * addr, const router_instance * r) | |
1418 | { | |
1419 | const uschar * varlist = r->set; | |
1420 | tree_node ** root = (tree_node **) &addr->prop.variables; | |
b436dd41 | 1421 | int sep = ';'; |
b4f579d1 JH |
1422 | |
1423 | if (!varlist) return OK; | |
1424 | ||
1425 | /* Walk the varlist, creating variables */ | |
1426 | ||
1427 | for (uschar * ele; (ele = string_nextinlist(&varlist, &sep, NULL, 0)); ) | |
1428 | { | |
1429 | const uschar * assignment = ele; | |
1430 | int esep = '='; | |
1431 | uschar * name = string_nextinlist(&assignment, &esep, NULL, 0); | |
1432 | uschar * val; | |
1433 | tree_node * node; | |
1434 | ||
1435 | /* Variable name must exist and start "r_". */ | |
1436 | ||
1437 | if (!name || name[0] != 'r' || name[1] != '_' || !name[2]) | |
b436dd41 JH |
1438 | { |
1439 | log_write(0, LOG_MAIN|LOG_PANIC, | |
1440 | "bad router variable name '%s' in router '%s'\n", name, r->name); | |
b4f579d1 | 1441 | return FAIL; |
b436dd41 | 1442 | } |
b4f579d1 JH |
1443 | name += 2; |
1444 | ||
467c84b2 JH |
1445 | while (isspace(*assignment)) assignment++; |
1446 | ||
b4f579d1 JH |
1447 | if (!(val = expand_string(US assignment))) |
1448 | if (f.expand_string_forcedfail) | |
1449 | { | |
1450 | int yield; | |
1451 | BOOL more; | |
1452 | DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" " | |
1453 | "(router variable): decline action taken\n", ele); | |
1454 | ||
1455 | /* Expand "more" if necessary; DEFER => an expansion failed */ | |
1456 | ||
1457 | yield = exp_bool(addr, US"router", r->name, D_route, | |
1458 | US"more", r->more, r->expand_more, &more); | |
1459 | if (yield != OK) return yield; | |
1460 | ||
1461 | if (!more) | |
1462 | { | |
1463 | DEBUG(D_route) | |
1464 | debug_printf("\"more\"=false: skipping remaining routers\n"); | |
1465 | router_name = NULL; | |
1466 | r = NULL; | |
1467 | return FAIL; | |
1468 | } | |
1469 | return PASS; | |
1470 | } | |
1471 | else | |
1472 | { | |
1473 | addr->message = string_sprintf("expansion of \"%s\" failed " | |
1474 | "in %s router: %s", ele, r->name, expand_string_message); | |
1475 | return DEFER; | |
1476 | } | |
1477 | ||
1478 | if (!(node = tree_search(*root, name))) | |
f3ebb786 JH |
1479 | { /* name should never be tainted */ |
1480 | node = store_get(sizeof(tree_node) + Ustrlen(name), FALSE); | |
b4f579d1 JH |
1481 | Ustrcpy(node->name, name); |
1482 | (void)tree_insertnode(root, node); | |
1483 | } | |
1484 | node->data.ptr = US val; | |
f3ebb786 JH |
1485 | DEBUG(D_route) debug_printf("set r_%s%s = '%s'%s\n", |
1486 | name, is_tainted(name)?" (tainted)":"", | |
1487 | val, is_tainted(val)?" (tainted)":""); | |
467c84b2 JH |
1488 | |
1489 | /* All expansions after this point need visibility of that variable */ | |
1490 | router_var = *root; | |
b4f579d1 JH |
1491 | } |
1492 | return OK; | |
1493 | } | |
1494 | ||
1495 | ||
059ec3d9 PH |
1496 | /************************************************* |
1497 | * Route one address * | |
1498 | *************************************************/ | |
1499 | ||
1500 | /* This function is passed in one address item, for processing by the routers. | |
1501 | The verify flag is set if this is being called for verification rather than | |
1502 | delivery. If the router doesn't have its "verify" flag set, it is skipped. | |
1503 | ||
1504 | Arguments: | |
1505 | addr address to route | |
1506 | paddr_local chain of local-delivery addresses | |
1507 | paddr_remote chain of remote-delivery addresses | |
1508 | addr_new chain for newly created addresses | |
1509 | addr_succeed chain for completed addresses | |
1510 | verify v_none if not verifying | |
1511 | v_sender if verifying a sender address | |
1512 | v_recipient if verifying a recipient address | |
1513 | v_expn if processing an EXPN address | |
1514 | ||
1515 | Returns: OK => address successfully routed | |
1516 | DISCARD => address was discarded | |
1517 | FAIL => address could not be routed | |
1518 | DEFER => some temporary problem | |
1519 | ERROR => some major internal or configuration failure | |
1520 | */ | |
1521 | ||
1522 | int | |
1523 | route_address(address_item *addr, address_item **paddr_local, | |
1524 | address_item **paddr_remote, address_item **addr_new, | |
1525 | address_item **addr_succeed, int verify) | |
1526 | { | |
1527 | int yield = OK; | |
1528 | BOOL unseen; | |
1529 | router_instance *r, *nextr; | |
55414b25 | 1530 | const uschar *old_domain = addr->domain; |
059ec3d9 PH |
1531 | |
1532 | HDEBUG(D_route) | |
1533 | { | |
1534 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
1535 | debug_printf("routing %s\n", addr->address); | |
1536 | } | |
1537 | ||
1538 | /* Loop through all router instances until a router succeeds, fails, defers, or | |
1539 | encounters an error. If the address has start_router set, we begin from there | |
1540 | instead of at the first router. */ | |
1541 | ||
9cd12950 | 1542 | for (r = addr->start_router ? addr->start_router : routers; r; r = nextr) |
059ec3d9 PH |
1543 | { |
1544 | uschar *error; | |
1545 | struct passwd *pw = NULL; | |
1546 | struct passwd pwcopy; | |
059ec3d9 PH |
1547 | BOOL loop_detected = FALSE; |
1548 | BOOL more; | |
1549 | int loopcount = 0; | |
1550 | int rc; | |
1551 | ||
1552 | DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name); | |
1553 | ||
1554 | /* Reset any search error message from the previous router. */ | |
1555 | ||
1556 | search_error_message = NULL; | |
1557 | ||
1558 | /* There are some weird cases where logging is disabled */ | |
1559 | ||
8768d548 | 1560 | f.disable_logging = r->disable_logging; |
059ec3d9 PH |
1561 | |
1562 | /* Record the last router to handle the address, and set the default | |
1563 | next router. */ | |
1564 | ||
1565 | addr->router = r; | |
1566 | nextr = r->next; | |
1567 | ||
1568 | /* Loop protection: If this address has an ancestor with the same address, | |
1569 | and that ancestor was routed by this router, we skip this router. This | |
1570 | prevents a variety of looping states when a new address is created by | |
1571 | redirection or by the use of "unseen" on a router. | |
1572 | ||
1573 | If no_repeat_use is set on the router, we skip if _any_ ancestor was routed | |
1574 | by this router, even if it was different to the current address. | |
1575 | ||
1576 | Just in case someone does put it into a loop (possible with redirection | |
4c04137d | 1577 | continually adding to an address, for example), put a long stop counter on |
059ec3d9 PH |
1578 | the number of parents. */ |
1579 | ||
d7978c0f | 1580 | for (address_item * parent = addr->parent; parent; parent = parent->parent) |
059ec3d9 PH |
1581 | { |
1582 | if (parent->router == r) | |
1583 | { | |
1584 | BOOL break_loop = !r->repeat_use; | |
1585 | ||
1586 | /* When repeat_use is set, first check the active addresses caselessly. | |
1587 | If they match, we have to do a further caseful check of the local parts | |
1588 | when caseful_local_part is set. This is assumed to be rare, which is why | |
1589 | the code is written this way. */ | |
1590 | ||
1591 | if (!break_loop) | |
1592 | { | |
1593 | break_loop = strcmpic(parent->address, addr->address) == 0; | |
1594 | if (break_loop && r->caseful_local_part) | |
1595 | break_loop = Ustrncmp(parent->address, addr->address, | |
1596 | Ustrrchr(addr->address, '@') - addr->address) == 0; | |
1597 | } | |
1598 | ||
1599 | if (break_loop) | |
1600 | { | |
1601 | DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n", | |
1602 | r->name, parent->address); | |
1603 | loop_detected = TRUE; | |
1604 | break; | |
1605 | } | |
1606 | } | |
1607 | ||
1608 | /* Continue with parents, limiting the size of the dynasty. */ | |
1609 | ||
1610 | if (loopcount++ > 100) | |
1611 | { | |
1612 | log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address); | |
1613 | yield = DEFER; | |
1614 | goto ROUTE_EXIT; | |
1615 | } | |
1616 | } | |
1617 | ||
1618 | if (loop_detected) continue; | |
1619 | ||
1620 | /* Default no affixes and select whether to use a caseful or caseless local | |
1621 | part in this router. */ | |
1622 | ||
1623 | addr->prefix = addr->suffix = NULL; | |
1624 | addr->local_part = r->caseful_local_part? | |
1625 | addr->cc_local_part : addr->lc_local_part; | |
1626 | ||
1627 | DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part, | |
1628 | addr->domain); | |
1629 | ||
1630 | /* Handle any configured prefix by replacing the local_part address, | |
1631 | and setting the prefix. Skip the router if the prefix doesn't match, | |
1632 | unless the prefix is optional. */ | |
1633 | ||
9cd12950 | 1634 | if (r->prefix) |
059ec3d9 PH |
1635 | { |
1636 | int plen = route_check_prefix(addr->local_part, r->prefix); | |
1637 | if (plen > 0) | |
1638 | { | |
1639 | addr->prefix = string_copyn(addr->local_part, plen); | |
1640 | addr->local_part += plen; | |
1641 | DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix); | |
1642 | } | |
1643 | else if (!r->prefix_optional) | |
1644 | { | |
1645 | DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n", | |
1646 | r->name); | |
1647 | continue; | |
1648 | } | |
1649 | } | |
1650 | ||
1651 | /* Handle any configured suffix likewise. */ | |
1652 | ||
9cd12950 | 1653 | if (r->suffix) |
059ec3d9 PH |
1654 | { |
1655 | int slen = route_check_suffix(addr->local_part, r->suffix); | |
1656 | if (slen > 0) | |
1657 | { | |
1658 | int lplen = Ustrlen(addr->local_part) - slen; | |
1659 | addr->suffix = addr->local_part + lplen; | |
1660 | addr->local_part = string_copyn(addr->local_part, lplen); | |
1661 | DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix); | |
1662 | } | |
1663 | else if (!r->suffix_optional) | |
1664 | { | |
1665 | DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n", | |
1666 | r->name); | |
1667 | continue; | |
1668 | } | |
1669 | } | |
1670 | ||
1671 | /* Set the expansion variables now that we have the affixes and the case of | |
1672 | the local part sorted. */ | |
1673 | ||
2a47f028 | 1674 | router_name = r->name; |
163144aa | 1675 | deliver_localpart_verified = NULL; |
059ec3d9 PH |
1676 | deliver_set_expansions(addr); |
1677 | ||
1678 | /* For convenience, the pre-router checks are in a separate function, which | |
1679 | returns OK, SKIP, FAIL, or DEFER. */ | |
1680 | ||
1681 | if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK) | |
1682 | { | |
2a47f028 | 1683 | router_name = NULL; |
059ec3d9 PH |
1684 | if (rc == SKIP) continue; |
1685 | addr->message = error; | |
1686 | yield = rc; | |
1687 | goto ROUTE_EXIT; | |
1688 | } | |
1689 | ||
1690 | /* All pre-conditions have been met. Reset any search error message from | |
1691 | pre-condition tests. These can arise in negated tests where the failure of | |
1692 | the lookup leads to a TRUE pre-condition. */ | |
1693 | ||
1694 | search_error_message = NULL; | |
1695 | ||
b4f579d1 | 1696 | /* Add any variable-settings that are on the router, to the set on the |
fa7b17bd JH |
1697 | addr. Expansion is done here and not later when the addr is used. There may |
1698 | be multiple settings, gathered during readconf; this code gathers them during | |
b4f579d1 JH |
1699 | router traversal. On the addr string they are held as a variable tree, so |
1700 | as to maintain the post-expansion taints separate. */ | |
fa7b17bd | 1701 | |
b436dd41 | 1702 | switch (set_router_vars(addr, r)) |
fa7b17bd | 1703 | { |
b436dd41 JH |
1704 | case OK: break; |
1705 | case PASS: continue; /* with next router */ | |
1706 | default: goto ROUTE_EXIT; | |
fa7b17bd JH |
1707 | } |
1708 | ||
059ec3d9 PH |
1709 | /* Finally, expand the address_data field in the router. Forced failure |
1710 | behaves as if the router declined. Any other failure is more serious. On | |
1711 | success, the string is attached to the address for all subsequent processing. | |
1712 | */ | |
1713 | ||
9cd12950 | 1714 | if (r->address_data) |
059ec3d9 PH |
1715 | { |
1716 | DEBUG(D_route) debug_printf("processing address_data\n"); | |
fa7b17bd | 1717 | if (!(deliver_address_data = expand_string(r->address_data))) |
059ec3d9 | 1718 | { |
8768d548 | 1719 | if (f.expand_string_forcedfail) |
059ec3d9 PH |
1720 | { |
1721 | DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" " | |
1722 | "(address_data): decline action taken\n", r->address_data); | |
1723 | ||
1724 | /* Expand "more" if necessary; DEFER => an expansion failed */ | |
1725 | ||
9c695f6d JH |
1726 | yield = exp_bool(addr, US"router", r->name, D_route, |
1727 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1728 | if (yield != OK) goto ROUTE_EXIT; |
1729 | ||
1730 | if (!more) | |
1731 | { | |
1732 | DEBUG(D_route) | |
1733 | debug_printf("\"more\"=false: skipping remaining routers\n"); | |
2a47f028 | 1734 | router_name = NULL; |
059ec3d9 PH |
1735 | r = NULL; |
1736 | break; | |
1737 | } | |
1738 | else continue; /* With next router */ | |
1739 | } | |
1740 | ||
1741 | else | |
1742 | { | |
1743 | addr->message = string_sprintf("expansion of \"%s\" failed " | |
1744 | "in %s router: %s", r->address_data, r->name, expand_string_message); | |
1745 | yield = DEFER; | |
1746 | goto ROUTE_EXIT; | |
1747 | } | |
1748 | } | |
d43cbe25 | 1749 | addr->prop.address_data = deliver_address_data; |
059ec3d9 PH |
1750 | } |
1751 | ||
1752 | /* We are finally cleared for take-off with this router. Clear the the flag | |
1753 | that records that a local host was removed from a routed host list. Make a | |
1754 | copy of relevant fields in the password information from check_local_user, | |
1755 | because it will be overwritten if check_local_user is invoked again while | |
1756 | verifying an errors_address setting. */ | |
1757 | ||
1758 | clearflag(addr, af_local_host_removed); | |
1759 | ||
9cd12950 | 1760 | if (pw) |
059ec3d9 PH |
1761 | { |
1762 | pwcopy.pw_name = CS string_copy(US pw->pw_name); | |
1763 | pwcopy.pw_uid = pw->pw_uid; | |
1764 | pwcopy.pw_gid = pw->pw_gid; | |
1765 | pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos); | |
1766 | pwcopy.pw_dir = CS string_copy(US pw->pw_dir); | |
1767 | pwcopy.pw_shell = CS string_copy(US pw->pw_shell); | |
1768 | pw = &pwcopy; | |
1769 | } | |
1770 | ||
ea97267c | 1771 | /* If this should be the last hop for DSN flag the addr. */ |
9cd12950 JH |
1772 | |
1773 | if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop)) | |
98c82a3d | 1774 | { |
6c1c3d1d WB |
1775 | addr->dsn_flags |= rf_dsnlasthop; |
1776 | HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address); | |
98c82a3d | 1777 | } |
6c1c3d1d | 1778 | |
ea97267c JH |
1779 | /* Run the router, and handle the consequences. */ |
1780 | ||
059ec3d9 PH |
1781 | HDEBUG(D_route) debug_printf("calling %s router\n", r->name); |
1782 | ||
fd6de02e PH |
1783 | yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote, |
1784 | addr_new, addr_succeed); | |
059ec3d9 | 1785 | |
2a47f028 JH |
1786 | router_name = NULL; |
1787 | ||
059ec3d9 PH |
1788 | if (yield == FAIL) |
1789 | { | |
1790 | HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name); | |
1791 | goto ROUTE_EXIT; | |
1792 | } | |
1793 | ||
1794 | /* If succeeded while verifying but fail_verify is set, convert into | |
1795 | a failure, and take it off the local or remote delivery list. */ | |
1796 | ||
f3ebb786 JH |
1797 | if ( ( verify == v_sender && r->fail_verify_sender |
1798 | || verify == v_recipient && r->fail_verify_recipient | |
1799 | ) | |
1800 | && (yield == OK || yield == PASS)) | |
059ec3d9 PH |
1801 | { |
1802 | addr->message = string_sprintf("%s router forced verify failure", r->name); | |
1803 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1804 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1805 | yield = FAIL; | |
1806 | goto ROUTE_EXIT; | |
1807 | } | |
1808 | ||
1809 | /* PASS and DECLINE are the only two cases where the loop continues. For all | |
1810 | other returns, we break the loop and handle the result below. */ | |
1811 | ||
1812 | if (yield != PASS && yield != DECLINE) break; | |
1813 | ||
1814 | HDEBUG(D_route) | |
1815 | { | |
1816 | debug_printf("%s router %s for %s\n", r->name, | |
f3ebb786 | 1817 | yield == PASS ? "passed" : "declined", addr->address); |
059ec3d9 PH |
1818 | if (Ustrcmp(old_domain, addr->domain) != 0) |
1819 | debug_printf("domain %s rewritten\n", old_domain); | |
1820 | } | |
1821 | ||
1822 | /* PASS always continues to another router; DECLINE does so if "more" | |
1823 | is true. Initialization insists that pass_router is always a following | |
1824 | router. Otherwise, break the loop as if at the end of the routers. */ | |
1825 | ||
1826 | if (yield == PASS) | |
1827 | { | |
1828 | if (r->pass_router != NULL) nextr = r->pass_router; | |
1829 | } | |
1830 | else | |
1831 | { | |
1832 | /* Expand "more" if necessary */ | |
1833 | ||
9c695f6d JH |
1834 | yield = exp_bool(addr, US"router", r->name, D_route, |
1835 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1836 | if (yield != OK) goto ROUTE_EXIT; |
1837 | ||
1838 | if (!more) | |
1839 | { | |
1840 | HDEBUG(D_route) | |
1841 | debug_printf("\"more\" is false: skipping remaining routers\n"); | |
1842 | r = NULL; | |
1843 | break; | |
1844 | } | |
1845 | } | |
1846 | } /* Loop for all routers */ | |
1847 | ||
1848 | /* On exit from the routers loop, if r == NULL we have run out of routers, | |
1849 | either genuinely, or as a result of no_more. Otherwise, the loop ended | |
1850 | prematurely, either because a router succeeded, or because of some special | |
1851 | router response. Note that FAIL errors and errors detected before actually | |
1852 | running a router go direct to ROUTE_EXIT from code above. */ | |
1853 | ||
9cd12950 | 1854 | if (!r) |
059ec3d9 PH |
1855 | { |
1856 | HDEBUG(D_route) debug_printf("no more routers\n"); | |
9cd12950 | 1857 | if (!addr->message) |
059ec3d9 PH |
1858 | { |
1859 | uschar *message = US"Unrouteable address"; | |
9cd12950 | 1860 | if (addr->router && addr->router->cannot_route_message) |
059ec3d9 PH |
1861 | { |
1862 | uschar *expmessage = expand_string(addr->router->cannot_route_message); | |
9cd12950 | 1863 | if (!expmessage) |
059ec3d9 | 1864 | { |
8768d548 | 1865 | if (!f.expand_string_forcedfail) |
059ec3d9 PH |
1866 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " |
1867 | "cannot_route_message in %s router: %s", addr->router->name, | |
1868 | expand_string_message); | |
1869 | } | |
1870 | else message = expmessage; | |
1871 | } | |
1872 | addr->user_message = addr->message = message; | |
1873 | } | |
1874 | addr->router = NULL; /* For logging */ | |
1875 | yield = FAIL; | |
1876 | goto ROUTE_EXIT; | |
1877 | } | |
1878 | ||
1879 | if (yield == DEFER) | |
1880 | { | |
f3ebb786 JH |
1881 | HDEBUG(D_route) debug_printf("%s router: defer for %s\n message: %s\n", |
1882 | r->name, addr->address, addr->message ? addr->message : US"<none>"); | |
059ec3d9 PH |
1883 | goto ROUTE_EXIT; |
1884 | } | |
1885 | ||
1886 | if (yield == DISCARD) goto ROUTE_EXIT; | |
1887 | ||
1888 | /* The yield must be either OK or REROUTED. */ | |
1889 | ||
1890 | if (yield != OK && yield != REROUTED) | |
1891 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d", | |
1892 | r->name, yield); | |
1893 | ||
1894 | /* If the yield was REROUTED, the router put a child address on the new chain | |
1895 | as a result of a domain change of some sort (widening, typically). */ | |
1896 | ||
1897 | if (yield == REROUTED) | |
1898 | { | |
1899 | HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address); | |
1900 | yield = OK; | |
1901 | goto ROUTE_EXIT; | |
1902 | } | |
1903 | ||
1904 | /* The only remaining possibility is that the router succeeded. If the | |
1905 | translate_ip_address options is set and host addresses were associated with the | |
1906 | address, run them through the translation. This feature is for weird and | |
1907 | wonderful situations (the amateur packet radio people need it) or very broken | |
1908 | networking, so it is included in the binary only if requested. */ | |
1909 | ||
1910 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS | |
1911 | ||
9cd12950 | 1912 | if (r->translate_ip_address) |
059ec3d9 PH |
1913 | { |
1914 | int rc; | |
1915 | int old_pool = store_pool; | |
d7978c0f | 1916 | for (host_item * h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
1917 | { |
1918 | uschar *newaddress; | |
1919 | uschar *oldaddress, *oldname; | |
1920 | ||
9cd12950 | 1921 | if (!h->address) continue; |
059ec3d9 PH |
1922 | |
1923 | deliver_host_address = h->address; | |
1924 | newaddress = expand_string(r->translate_ip_address); | |
1925 | deliver_host_address = NULL; | |
1926 | ||
9cd12950 | 1927 | if (!newaddress) |
059ec3d9 | 1928 | { |
8768d548 | 1929 | if (f.expand_string_forcedfail) continue; |
059ec3d9 PH |
1930 | addr->basic_errno = ERRNO_EXPANDFAIL; |
1931 | addr->message = string_sprintf("translate_ip_address expansion " | |
1932 | "failed: %s", expand_string_message); | |
1933 | yield = DEFER; | |
1934 | goto ROUTE_EXIT; | |
1935 | } | |
1936 | ||
1937 | DEBUG(D_route) debug_printf("%s [%s] translated to %s\n", | |
1938 | h->name, h->address, newaddress); | |
7e66e54d | 1939 | if (string_is_ip_address(newaddress, NULL) != 0) |
059ec3d9 PH |
1940 | { |
1941 | h->address = newaddress; | |
1942 | continue; | |
1943 | } | |
1944 | ||
1945 | oldname = h->name; | |
1946 | oldaddress = h->address; | |
1947 | h->name = newaddress; | |
1948 | h->address = NULL; | |
1949 | h->mx = MX_NONE; | |
1950 | ||
1951 | store_pool = POOL_PERM; | |
322050c2 | 1952 | rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE); |
059ec3d9 PH |
1953 | store_pool = old_pool; |
1954 | ||
1955 | if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) | |
1956 | { | |
1957 | addr->basic_errno = ERRNO_UNKNOWNHOST; | |
1958 | addr->message = string_sprintf("host %s not found when " | |
1959 | "translating %s [%s]", h->name, oldname, oldaddress); | |
1960 | yield = DEFER; | |
1961 | goto ROUTE_EXIT; | |
1962 | } | |
1963 | } | |
1964 | } | |
1965 | #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */ | |
1966 | ||
1967 | /* See if this is an unseen routing; first expand the option if necessary. | |
1968 | DEFER can be given if the expansion fails */ | |
1969 | ||
9c695f6d JH |
1970 | yield = exp_bool(addr, US"router", r->name, D_route, |
1971 | US"unseen", r->unseen, r->expand_unseen, &unseen); | |
059ec3d9 PH |
1972 | if (yield != OK) goto ROUTE_EXIT; |
1973 | ||
059ec3d9 PH |
1974 | /* Debugging output recording a successful routing */ |
1975 | ||
9cd12950 | 1976 | HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name, |
059ec3d9 | 1977 | unseen? " (unseen)" : ""); |
059ec3d9 PH |
1978 | |
1979 | DEBUG(D_route) | |
1980 | { | |
059ec3d9 | 1981 | debug_printf(" envelope to: %s\n", addr->address); |
d7978c0f JH |
1982 | debug_printf(" transport: %s\n", addr->transport |
1983 | ? addr->transport->name : US"<none>"); | |
059ec3d9 | 1984 | |
9cd12950 | 1985 | if (addr->prop.errors_address) |
d43cbe25 | 1986 | debug_printf(" errors to %s\n", addr->prop.errors_address); |
059ec3d9 | 1987 | |
d7978c0f | 1988 | for (host_item * h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
1989 | { |
1990 | debug_printf(" host %s", h->name); | |
9cd12950 | 1991 | if (h->address) debug_printf(" [%s]", h->address); |
059ec3d9 PH |
1992 | if (h->mx >= 0) debug_printf(" MX=%d", h->mx); |
1993 | else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx); | |
1994 | if (h->port != PORT_NONE) debug_printf(" port=%d", h->port); | |
805c9d53 | 1995 | if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no"); |
059ec3d9 PH |
1996 | debug_printf("\n"); |
1997 | } | |
1998 | } | |
1999 | ||
2000 | /* Clear any temporary error message set by a router that declined, and handle | |
2001 | the "unseen" option (ignore if there are no further routers). */ | |
2002 | ||
2003 | addr->message = NULL; | |
9cd12950 | 2004 | if (unseen && r->next) |
059ec3d9 PH |
2005 | route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new); |
2006 | ||
2007 | /* Unset the address expansions, and return the final result. */ | |
2008 | ||
2009 | ROUTE_EXIT: | |
f42deca9 JH |
2010 | if (yield == DEFER && addr->message) |
2011 | addr->message = expand_hide_passwords(addr->message); | |
76aa570c | 2012 | |
059ec3d9 | 2013 | deliver_set_expansions(NULL); |
2a47f028 | 2014 | router_name = NULL; |
8768d548 | 2015 | f.disable_logging = FALSE; |
059ec3d9 PH |
2016 | return yield; |
2017 | } | |
2018 | ||
d185889f | 2019 | #endif /*!MACRO_PREDEF*/ |
059ec3d9 | 2020 | /* End of route.c */ |