Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
059ec3d9 PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | /* Functions concerned with routing, and the list of generic router options. */ | |
10 | ||
11 | ||
12 | #include "exim.h" | |
13 | ||
14 | ||
15 | ||
16 | /* Generic options for routers, all of which live inside router_instance | |
17 | data blocks and which therefore have the opt_public flag set. */ | |
13a4b4c1 | 18 | #define LOFF(field) OPT_OFF(router_instance, field) |
059ec3d9 PH |
19 | |
20 | optionlist optionlist_routers[] = { | |
21 | { "*expand_group", opt_stringptr | opt_hidden | opt_public, | |
13a4b4c1 | 22 | LOFF(expand_gid) }, |
059ec3d9 | 23 | { "*expand_more", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 24 | LOFF(expand_more) }, |
059ec3d9 | 25 | { "*expand_unseen", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 26 | LOFF(expand_unseen) }, |
059ec3d9 | 27 | { "*expand_user", opt_stringptr | opt_hidden | opt_public, |
13a4b4c1 | 28 | LOFF(expand_uid) }, |
059ec3d9 | 29 | { "*set_group", opt_bool | opt_hidden | opt_public, |
13a4b4c1 | 30 | LOFF(gid_set) }, |
059ec3d9 | 31 | { "*set_user", opt_bool | opt_hidden | opt_public, |
13a4b4c1 | 32 | LOFF(uid_set) }, |
059ec3d9 | 33 | { "address_data", opt_stringptr|opt_public, |
13a4b4c1 | 34 | LOFF(address_data) }, |
059ec3d9 | 35 | { "address_test", opt_bool|opt_public, |
13a4b4c1 | 36 | LOFF(address_test) }, |
8523533c TK |
37 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
38 | { "bmi_deliver_alternate", opt_bool | opt_public, | |
13a4b4c1 | 39 | LOFF(bmi_deliver_alternate) }, |
8523533c | 40 | { "bmi_deliver_default", opt_bool | opt_public, |
13a4b4c1 | 41 | LOFF(bmi_deliver_default) }, |
8523533c | 42 | { "bmi_dont_deliver", opt_bool | opt_public, |
13a4b4c1 | 43 | LOFF(bmi_dont_deliver) }, |
8523533c | 44 | { "bmi_rule", opt_stringptr|opt_public, |
13a4b4c1 | 45 | LOFF(bmi_rule) }, |
8523533c | 46 | #endif |
059ec3d9 | 47 | { "cannot_route_message", opt_stringptr | opt_public, |
13a4b4c1 | 48 | LOFF(cannot_route_message) }, |
059ec3d9 | 49 | { "caseful_local_part", opt_bool | opt_public, |
13a4b4c1 | 50 | LOFF(caseful_local_part) }, |
059ec3d9 | 51 | { "check_local_user", opt_bool | opt_public, |
13a4b4c1 | 52 | LOFF(check_local_user) }, |
846726c5 | 53 | { "condition", opt_stringptr|opt_public|opt_rep_con, |
13a4b4c1 | 54 | LOFF(condition) }, |
059ec3d9 | 55 | { "debug_print", opt_stringptr | opt_public, |
13a4b4c1 | 56 | LOFF(debug_string) }, |
059ec3d9 | 57 | { "disable_logging", opt_bool | opt_public, |
13a4b4c1 | 58 | LOFF(disable_logging) }, |
99c1bb4e | 59 | { "dnssec_request_domains", opt_stringptr|opt_public, |
13a4b4c1 | 60 | LOFF(dnssec.request) }, |
99c1bb4e | 61 | { "dnssec_require_domains", opt_stringptr|opt_public, |
13a4b4c1 | 62 | LOFF(dnssec.require) }, |
059ec3d9 | 63 | { "domains", opt_stringptr|opt_public, |
13a4b4c1 | 64 | LOFF(domains) }, |
059ec3d9 | 65 | { "driver", opt_stringptr|opt_public, |
13a4b4c1 | 66 | LOFF(driver_name) }, |
6c1c3d1d | 67 | { "dsn_lasthop", opt_bool|opt_public, |
13a4b4c1 | 68 | LOFF(dsn_lasthop) }, |
059ec3d9 | 69 | { "errors_to", opt_stringptr|opt_public, |
13a4b4c1 | 70 | LOFF(errors_to) }, |
059ec3d9 | 71 | { "expn", opt_bool|opt_public, |
13a4b4c1 | 72 | LOFF(expn) }, |
059ec3d9 | 73 | { "fail_verify", opt_bool_verify|opt_hidden|opt_public, |
13a4b4c1 | 74 | LOFF(fail_verify_sender) }, |
059ec3d9 | 75 | { "fail_verify_recipient", opt_bool|opt_public, |
13a4b4c1 | 76 | LOFF(fail_verify_recipient) }, |
059ec3d9 | 77 | { "fail_verify_sender", opt_bool|opt_public, |
13a4b4c1 | 78 | LOFF(fail_verify_sender) }, |
059ec3d9 | 79 | { "fallback_hosts", opt_stringptr|opt_public, |
13a4b4c1 | 80 | LOFF(fallback_hosts) }, |
059ec3d9 | 81 | { "group", opt_expand_gid | opt_public, |
13a4b4c1 | 82 | LOFF(gid) }, |
846726c5 | 83 | { "headers_add", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 84 | LOFF(extra_headers) }, |
846726c5 | 85 | { "headers_remove", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 86 | LOFF(remove_headers) }, |
059ec3d9 | 87 | { "ignore_target_hosts",opt_stringptr|opt_public, |
13a4b4c1 | 88 | LOFF(ignore_target_hosts) }, |
059ec3d9 | 89 | { "initgroups", opt_bool | opt_public, |
13a4b4c1 | 90 | LOFF(initgroups) }, |
059ec3d9 | 91 | { "local_part_prefix", opt_stringptr|opt_public, |
13a4b4c1 | 92 | LOFF(prefix) }, |
059ec3d9 | 93 | { "local_part_prefix_optional",opt_bool|opt_public, |
13a4b4c1 | 94 | LOFF(prefix_optional) }, |
059ec3d9 | 95 | { "local_part_suffix", opt_stringptr|opt_public, |
13a4b4c1 | 96 | LOFF(suffix) }, |
059ec3d9 | 97 | { "local_part_suffix_optional",opt_bool|opt_public, |
13a4b4c1 | 98 | LOFF(suffix_optional) }, |
059ec3d9 | 99 | { "local_parts", opt_stringptr|opt_public, |
13a4b4c1 | 100 | LOFF(local_parts) }, |
059ec3d9 | 101 | { "log_as_local", opt_bool|opt_public, |
13a4b4c1 | 102 | LOFF(log_as_local) }, |
059ec3d9 | 103 | { "more", opt_expand_bool|opt_public, |
13a4b4c1 | 104 | LOFF(more) }, |
059ec3d9 | 105 | { "pass_on_timeout", opt_bool|opt_public, |
13a4b4c1 | 106 | LOFF(pass_on_timeout) }, |
059ec3d9 | 107 | { "pass_router", opt_stringptr|opt_public, |
13a4b4c1 | 108 | LOFF(pass_router_name) }, |
059ec3d9 | 109 | { "redirect_router", opt_stringptr|opt_public, |
13a4b4c1 | 110 | LOFF(redirect_router_name) }, |
059ec3d9 | 111 | { "require_files", opt_stringptr|opt_public, |
13a4b4c1 | 112 | LOFF(require_files) }, |
059ec3d9 | 113 | { "retry_use_local_part", opt_bool|opt_public, |
13a4b4c1 | 114 | LOFF(retry_use_local_part) }, |
059ec3d9 | 115 | { "router_home_directory", opt_stringptr|opt_public, |
13a4b4c1 | 116 | LOFF(router_home_directory) }, |
059ec3d9 | 117 | { "self", opt_stringptr|opt_public, |
13a4b4c1 | 118 | LOFF(self) }, |
059ec3d9 | 119 | { "senders", opt_stringptr|opt_public, |
13a4b4c1 | 120 | LOFF(senders) }, |
fa7b17bd | 121 | { "set", opt_stringptr|opt_public|opt_rep_str, |
13a4b4c1 | 122 | LOFF(set) }, |
059ec3d9 PH |
123 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS |
124 | { "translate_ip_address", opt_stringptr|opt_public, | |
13a4b4c1 | 125 | LOFF(translate_ip_address) }, |
059ec3d9 PH |
126 | #endif |
127 | { "transport", opt_stringptr|opt_public, | |
13a4b4c1 | 128 | LOFF(transport_name) }, |
059ec3d9 | 129 | { "transport_current_directory", opt_stringptr|opt_public, |
13a4b4c1 | 130 | LOFF(current_directory) }, |
059ec3d9 | 131 | { "transport_home_directory", opt_stringptr|opt_public, |
13a4b4c1 | 132 | LOFF(home_directory) }, |
059ec3d9 | 133 | { "unseen", opt_expand_bool|opt_public, |
13a4b4c1 | 134 | LOFF(unseen) }, |
059ec3d9 | 135 | { "user", opt_expand_uid | opt_public, |
13a4b4c1 | 136 | LOFF(uid) }, |
059ec3d9 | 137 | { "verify", opt_bool_verify|opt_hidden|opt_public, |
13a4b4c1 | 138 | LOFF(verify_sender) }, |
059ec3d9 | 139 | { "verify_only", opt_bool|opt_public, |
13a4b4c1 | 140 | LOFF(verify_only) }, |
059ec3d9 | 141 | { "verify_recipient", opt_bool|opt_public, |
13a4b4c1 | 142 | LOFF(verify_recipient) }, |
059ec3d9 | 143 | { "verify_sender", opt_bool|opt_public, |
13a4b4c1 | 144 | LOFF(verify_sender) } |
059ec3d9 PH |
145 | }; |
146 | ||
acec9514 | 147 | int optionlist_routers_size = nelem(optionlist_routers); |
059ec3d9 PH |
148 | |
149 | ||
d185889f JH |
150 | #ifdef MACRO_PREDEF |
151 | ||
5f69a529 | 152 | # include "macro_predef.h" |
d185889f | 153 | |
c0b9d3e8 | 154 | void |
d185889f | 155 | options_routers(void) |
c0b9d3e8 | 156 | { |
d185889f | 157 | uschar buf[64]; |
c0b9d3e8 | 158 | |
d185889f | 159 | options_from_list(optionlist_routers, nelem(optionlist_routers), US"ROUTERS", NULL); |
c0b9d3e8 | 160 | |
d7978c0f | 161 | for (router_info * ri = routers_available; ri->driver_name[0]; ri++) |
4945f557 | 162 | { |
cab0c277 | 163 | spf(buf, sizeof(buf), US"_DRIVER_ROUTER_%T", ri->driver_name); |
d185889f JH |
164 | builtin_macro_create(buf); |
165 | options_from_list(ri->options, (unsigned)*ri->options_count, US"ROUTER", ri->driver_name); | |
4945f557 | 166 | } |
c0b9d3e8 | 167 | } |
059ec3d9 | 168 | |
d185889f JH |
169 | #else /*!MACRO_PREDEF*/ |
170 | ||
059ec3d9 PH |
171 | /************************************************* |
172 | * Set router pointer from name * | |
173 | *************************************************/ | |
174 | ||
175 | /* This function is used for the redirect_router and pass_router options and | |
176 | called from route_init() below. | |
177 | ||
178 | Arguments: | |
179 | r the current router | |
180 | name new router name | |
181 | ptr where to put the pointer | |
182 | after TRUE if router must follow this one | |
183 | ||
184 | Returns: nothing. | |
185 | */ | |
186 | ||
187 | static void | |
188 | set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after) | |
189 | { | |
190 | BOOL afterthis = FALSE; | |
191 | router_instance *rr; | |
192 | ||
9cd12950 | 193 | for (rr = routers; rr; rr = rr->next) |
059ec3d9 PH |
194 | { |
195 | if (Ustrcmp(name, rr->name) == 0) | |
196 | { | |
197 | *ptr = rr; | |
198 | break; | |
199 | } | |
200 | if (rr == r) afterthis = TRUE; | |
201 | } | |
202 | ||
9cd12950 | 203 | if (!rr) |
059ec3d9 PH |
204 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, |
205 | "new_router \"%s\" not found for \"%s\" router", name, r->name); | |
206 | ||
207 | if (after && !afterthis) | |
208 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, | |
209 | "new_router \"%s\" does not follow \"%s\" router", name, r->name); | |
210 | } | |
211 | ||
212 | ||
213 | ||
214 | /************************************************* | |
215 | * Initialize router list * | |
216 | *************************************************/ | |
217 | ||
218 | /* Read the routers section of the configuration file, and set up a chain of | |
219 | router instances according to its contents. Each router has generic options and | |
220 | may also have its own private options. This function is only ever called when | |
221 | routers == NULL. We use generic code in readconf to do the work. It will set | |
222 | values from the configuration file, and then call the driver's initialization | |
223 | function. */ | |
224 | ||
225 | void | |
226 | route_init(void) | |
227 | { | |
059ec3d9 PH |
228 | readconf_driver_init(US"router", |
229 | (driver_instance **)(&routers), /* chain anchor */ | |
230 | (driver_info *)routers_available, /* available drivers */ | |
231 | sizeof(router_info), /* size of info blocks */ | |
232 | &router_defaults, /* default values for generic options */ | |
233 | sizeof(router_instance), /* size of instance block */ | |
234 | optionlist_routers, /* generic options */ | |
235 | optionlist_routers_size); | |
236 | ||
d7978c0f | 237 | for (router_instance * r = routers; r; r = r->next) |
059ec3d9 PH |
238 | { |
239 | uschar *s = r->self; | |
240 | ||
241 | /* If log_as_local is unset, its overall default is FALSE. (The accept | |
242 | router defaults it to TRUE.) */ | |
243 | ||
244 | if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE; | |
245 | ||
246 | /* Check for transport or no transport on certain routers */ | |
247 | ||
0fe373c1 JH |
248 | if ( (r->info->ri_flags & ri_yestransport) |
249 | && !r->transport_name && !r->verify_only) | |
059ec3d9 PH |
250 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " |
251 | "a transport is required for this router", r->name); | |
252 | ||
0fe373c1 | 253 | if ((r->info->ri_flags & ri_notransport) && r->transport_name) |
059ec3d9 PH |
254 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " |
255 | "a transport must not be defined for this router", r->name); | |
256 | ||
257 | /* The "self" option needs to be decoded into a code value and possibly a | |
258 | new domain string and a rewrite boolean. */ | |
259 | ||
260 | if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze; | |
261 | else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer; | |
262 | else if (Ustrcmp(s, "send") == 0) r->self_code = self_send; | |
263 | else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass; | |
264 | else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail; | |
265 | else if (Ustrncmp(s, "reroute:", 8) == 0) | |
266 | { | |
267 | s += 8; | |
268 | while (isspace(*s)) s++; | |
269 | if (Ustrncmp(s, "rewrite:", 8) == 0) | |
270 | { | |
271 | r->self_rewrite = TRUE; | |
272 | s += 8; | |
273 | while (isspace(*s)) s++; | |
274 | } | |
275 | r->self = s; | |
276 | r->self_code = self_reroute; | |
277 | } | |
278 | ||
279 | else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
280 | "%s is not valid for the self option", r->name, s); | |
281 | ||
282 | /* If any router has check_local_user set, default retry_use_local_part | |
283 | TRUE; otherwise its default is FALSE. */ | |
284 | ||
285 | if (r->retry_use_local_part == TRUE_UNSET) | |
dbbf21a7 JH |
286 | r->retry_use_local_part = |
287 | r->check_local_user || r->local_parts || r->condition || r->prefix || r->suffix || r->senders || r->require_files; | |
059ec3d9 PH |
288 | |
289 | /* Build a host list if fallback hosts is set. */ | |
290 | ||
291 | host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE); | |
292 | ||
293 | /* Check redirect_router and pass_router are valid */ | |
294 | ||
0fe373c1 | 295 | if (r->redirect_router_name) |
059ec3d9 PH |
296 | set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE); |
297 | ||
0fe373c1 | 298 | if (r->pass_router_name) |
059ec3d9 | 299 | set_router(r, r->pass_router_name, &(r->pass_router), TRUE); |
6c1c3d1d | 300 | |
0fe373c1 | 301 | #ifdef notdef |
9cd12950 JH |
302 | DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name, |
303 | r->dsn_lasthop ? "lasthop set" : "propagating DSN"); | |
0fe373c1 | 304 | #endif |
059ec3d9 PH |
305 | } |
306 | } | |
307 | ||
308 | ||
309 | ||
310 | /************************************************* | |
311 | * Tidy up after routing * | |
312 | *************************************************/ | |
313 | ||
314 | /* Routers are entitled to keep hold of certain resources in their instance | |
315 | blocks so as to save setting them up each time. An example is an open file. | |
316 | Such routers must provide a tidyup entry point which is called when all routing | |
317 | is finished, via this function. */ | |
318 | ||
319 | void | |
320 | route_tidyup(void) | |
321 | { | |
d7978c0f | 322 | for (router_instance * r = routers; r; r = r->next) |
9cd12950 | 323 | if (r->info->tidyup) (r->info->tidyup)(r); |
059ec3d9 PH |
324 | } |
325 | ||
326 | ||
327 | ||
328 | /************************************************* | |
329 | * Check local part for prefix * | |
330 | *************************************************/ | |
331 | ||
332 | /* This function is handed a local part and a list of possible prefixes; if any | |
333 | one matches, return the prefix length. A prefix beginning with '*' is a | |
334 | wildcard. | |
335 | ||
336 | Arguments: | |
337 | local_part the local part to check | |
338 | prefixes the list of prefixes | |
759502e5 | 339 | vp if set, pointer to place for size of wildcard portion |
059ec3d9 PH |
340 | |
341 | Returns: length of matching prefix or zero | |
342 | */ | |
343 | ||
344 | int | |
759502e5 JH |
345 | route_check_prefix(const uschar * local_part, const uschar * prefixes, |
346 | unsigned * vp) | |
059ec3d9 PH |
347 | { |
348 | int sep = 0; | |
349 | uschar *prefix; | |
55414b25 | 350 | const uschar *listptr = prefixes; |
059ec3d9 | 351 | |
759502e5 | 352 | while ((prefix = string_nextinlist(&listptr, &sep, NULL, 0))) |
059ec3d9 PH |
353 | { |
354 | int plen = Ustrlen(prefix); | |
355 | if (prefix[0] == '*') | |
356 | { | |
059ec3d9 | 357 | prefix++; |
d7978c0f | 358 | for (const uschar * p = local_part + Ustrlen(local_part) - (--plen); |
059ec3d9 | 359 | p >= local_part; p--) |
759502e5 JH |
360 | if (strncmpic(prefix, p, plen) == 0) |
361 | { | |
362 | unsigned vlen = p - local_part; | |
363 | if (vp) *vp = vlen; | |
364 | return plen + vlen; | |
365 | } | |
059ec3d9 PH |
366 | } |
367 | else | |
759502e5 JH |
368 | if (strncmpic(prefix, local_part, plen) == 0) |
369 | { | |
370 | if (vp) *vp = 0; | |
371 | return plen; | |
372 | } | |
059ec3d9 PH |
373 | } |
374 | ||
375 | return 0; | |
376 | } | |
377 | ||
378 | ||
379 | ||
380 | /************************************************* | |
381 | * Check local part for suffix * | |
382 | *************************************************/ | |
383 | ||
384 | /* This function is handed a local part and a list of possible suffixes; | |
385 | if any one matches, return the suffix length. A suffix ending with '*' | |
386 | is a wildcard. | |
387 | ||
388 | Arguments: | |
389 | local_part the local part to check | |
390 | suffixes the list of suffixes | |
759502e5 | 391 | vp if set, pointer to place for size of wildcard portion |
059ec3d9 PH |
392 | |
393 | Returns: length of matching suffix or zero | |
394 | */ | |
395 | ||
396 | int | |
759502e5 JH |
397 | route_check_suffix(const uschar * local_part, const uschar * suffixes, |
398 | unsigned * vp) | |
059ec3d9 PH |
399 | { |
400 | int sep = 0; | |
401 | int alen = Ustrlen(local_part); | |
402 | uschar *suffix; | |
55414b25 | 403 | const uschar *listptr = suffixes; |
059ec3d9 | 404 | |
759502e5 | 405 | while ((suffix = string_nextinlist(&listptr, &sep, NULL, 0))) |
059ec3d9 PH |
406 | { |
407 | int slen = Ustrlen(suffix); | |
408 | if (suffix[slen-1] == '*') | |
409 | { | |
759502e5 | 410 | const uschar * pend = local_part + alen - (--slen) + 1; |
d7978c0f | 411 | for (const uschar * p = local_part; p < pend; p++) |
759502e5 JH |
412 | if (strncmpic(suffix, p, slen) == 0) |
413 | { | |
414 | int tlen = alen - (p - local_part); | |
415 | if (vp) *vp = tlen - slen; | |
416 | return tlen; | |
417 | } | |
059ec3d9 PH |
418 | } |
419 | else | |
420 | if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0) | |
759502e5 JH |
421 | { |
422 | if (vp) *vp = 0; | |
059ec3d9 | 423 | return slen; |
759502e5 | 424 | } |
059ec3d9 PH |
425 | } |
426 | ||
427 | return 0; | |
428 | } | |
429 | ||
430 | ||
431 | ||
432 | ||
433 | /************************************************* | |
434 | * Check local part, domain, or sender * | |
435 | *************************************************/ | |
436 | ||
437 | /* The checks in check_router_conditions() require similar code, so we use | |
438 | this function to save repetition. | |
439 | ||
440 | Arguments: | |
441 | rname router name for error messages | |
442 | type type of check, for error message | |
443 | list domains, local_parts, or senders list | |
444 | anchorptr -> tree for possibly cached items (domains) | |
445 | cache_bits cached bits pointer | |
446 | listtype MCL_DOMAIN for domain check | |
447 | MCL_LOCALPART for local part check | |
448 | MCL_ADDRESS for sender check | |
449 | domloc current domain, current local part, or NULL for sender check | |
450 | ldata where to put lookup data | |
451 | caseless passed on to match_isinlist() | |
452 | perror where to put an error message | |
453 | ||
454 | Returns: OK item is in list | |
455 | SKIP item is not in list, router is to be skipped | |
456 | DEFER lookup or other defer | |
457 | */ | |
458 | ||
459 | static int | |
55414b25 JH |
460 | route_check_dls(uschar *rname, uschar *type, const uschar *list, |
461 | tree_node **anchorptr, unsigned int *cache_bits, int listtype, | |
462 | const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror) | |
059ec3d9 | 463 | { |
9cd12950 | 464 | if (!list) return OK; /* Empty list always succeeds */ |
059ec3d9 PH |
465 | |
466 | DEBUG(D_route) debug_printf("checking %s\n", type); | |
467 | ||
468 | /* The domain and local part use the same matching function, whereas sender | |
469 | has its own code. */ | |
470 | ||
9cd12950 JH |
471 | switch(domloc |
472 | ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype, | |
473 | caseless, ldata) | |
474 | : match_address_list(sender_address ? sender_address : US"", | |
475 | TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data) | |
476 | ) | |
059ec3d9 PH |
477 | { |
478 | case OK: | |
9cd12950 | 479 | return OK; |
059ec3d9 PH |
480 | |
481 | case FAIL: | |
9cd12950 JH |
482 | *perror = string_sprintf("%s router skipped: %s mismatch", rname, type); |
483 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
484 | return SKIP; | |
059ec3d9 PH |
485 | |
486 | default: /* Paranoia, and keeps compilers happy */ | |
487 | case DEFER: | |
9cd12950 JH |
488 | *perror = string_sprintf("%s check lookup or other defer", type); |
489 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
490 | return DEFER; | |
059ec3d9 PH |
491 | } |
492 | } | |
493 | ||
494 | ||
495 | ||
496 | /************************************************* | |
497 | * Check access by a given uid/gid * | |
498 | *************************************************/ | |
499 | ||
500 | /* This function checks whether a given uid/gid has access to a given file or | |
501 | directory. It is called only from check_files() below. This is hopefully a | |
502 | cheapish check that does the job most of the time. Exim does *not* rely on this | |
503 | test when actually accessing any file. The test is used when routing to make it | |
504 | possible to take actions such as "if user x can access file y then run this | |
505 | router". | |
506 | ||
507 | During routing, Exim is normally running as root, and so the test will work | |
508 | except for NFS non-root mounts. When verifying during message reception, Exim | |
509 | is running as "exim", so the test may not work. This is a limitation of the | |
510 | Exim design. | |
511 | ||
512 | Code in check_files() below detects the case when it cannot stat() the file (as | |
513 | root), and in that situation it uses a setuid subprocess in which to run this | |
514 | test. | |
515 | ||
516 | Arguments: | |
517 | path the path to check | |
518 | uid the user | |
519 | gid the group | |
520 | bits the bits required in the final component | |
521 | ||
522 | Returns: TRUE | |
523 | FALSE errno=EACCES or ENOENT (or others from realpath or stat) | |
524 | */ | |
525 | ||
526 | static BOOL | |
527 | route_check_access(uschar *path, uid_t uid, gid_t gid, int bits) | |
528 | { | |
529 | struct stat statbuf; | |
530 | uschar *slash; | |
531 | uschar *rp = US realpath(CS path, CS big_buffer); | |
532 | uschar *sp = rp + 1; | |
533 | ||
534 | DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path, | |
535 | (int)uid, (int)gid, bits); | |
536 | ||
9cd12950 | 537 | if (!rp) return FALSE; |
059ec3d9 | 538 | |
9cd12950 | 539 | while ((slash = Ustrchr(sp, '/'))) |
059ec3d9 PH |
540 | { |
541 | *slash = 0; | |
542 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
543 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
544 | if ((statbuf.st_mode & | |
545 | ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001) | |
546 | ) == 0) | |
547 | { | |
548 | errno = EACCES; | |
549 | return FALSE; | |
550 | } | |
551 | *slash = '/'; | |
552 | sp = slash + 1; | |
553 | } | |
554 | ||
555 | /* Down to the final component */ | |
556 | ||
557 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
558 | ||
559 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
560 | ||
561 | if (statbuf.st_uid == uid) bits = bits << 6; | |
562 | else if (statbuf.st_gid == gid) bits = bits << 3; | |
563 | if ((statbuf.st_mode & bits) != bits) | |
564 | { | |
565 | errno = EACCES; | |
566 | return FALSE; | |
567 | } | |
568 | ||
569 | DEBUG(D_route) debug_printf("route_check_access() succeeded\n"); | |
570 | return TRUE; | |
571 | } | |
572 | ||
573 | ||
574 | ||
575 | /************************************************* | |
576 | * Do file existence tests * | |
577 | *************************************************/ | |
578 | ||
579 | /* This function is given a colon-separated list of file tests, each of which | |
580 | is expanded before use. A test consists of a file name, optionally preceded by | |
581 | ! (require non-existence) and/or + for handling permission denied (+ means | |
582 | treat as non-existing). | |
583 | ||
584 | An item that contains no slashes is interpreted as a username or id, with an | |
585 | optional group id, for checking access to the file. This cannot be done | |
586 | "perfectly", but it is good enough for a number of applications. | |
587 | ||
588 | Arguments: | |
589 | s a colon-separated list of file tests or NULL | |
590 | perror a pointer to an anchor for an error text in the case of a DEFER | |
591 | ||
592 | Returns: OK if s == NULL or all tests are as required | |
593 | DEFER if the existence of at least one of the files is | |
594 | unclear (an error other than non-existence occurred); | |
595 | DEFER if an expansion failed | |
596 | DEFER if a name is not absolute | |
597 | DEFER if problems with user/group | |
598 | SKIP otherwise | |
599 | */ | |
600 | ||
55414b25 JH |
601 | static int |
602 | check_files(const uschar *s, uschar **perror) | |
059ec3d9 PH |
603 | { |
604 | int sep = 0; /* List has default separators */ | |
605 | uid_t uid = 0; /* For picky compilers */ | |
606 | gid_t gid = 0; /* For picky compilers */ | |
607 | BOOL ugid_set = FALSE; | |
55414b25 JH |
608 | const uschar *listptr; |
609 | uschar *check; | |
059ec3d9 PH |
610 | uschar buffer[1024]; |
611 | ||
9cd12950 | 612 | if (!s) return OK; |
059ec3d9 PH |
613 | |
614 | DEBUG(D_route) debug_printf("checking require_files\n"); | |
615 | ||
616 | listptr = s; | |
55414b25 | 617 | while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))) |
059ec3d9 PH |
618 | { |
619 | int rc; | |
620 | int eacces_code = 0; | |
621 | BOOL invert = FALSE; | |
622 | struct stat statbuf; | |
623 | uschar *ss = expand_string(check); | |
624 | ||
9cd12950 | 625 | if (!ss) |
059ec3d9 | 626 | { |
8768d548 | 627 | if (f.expand_string_forcedfail) continue; |
059ec3d9 PH |
628 | *perror = string_sprintf("failed to expand \"%s\" for require_files: %s", |
629 | check, expand_string_message); | |
630 | goto RETURN_DEFER; | |
631 | } | |
632 | ||
633 | /* Empty items are just skipped */ | |
634 | ||
635 | if (*ss == 0) continue; | |
636 | ||
637 | /* If there are no slashes in the string, we have a user name or uid, with | |
638 | optional group/gid. */ | |
639 | ||
640 | if (Ustrchr(ss, '/') == NULL) | |
641 | { | |
642 | BOOL ok; | |
643 | struct passwd *pw; | |
644 | uschar *comma = Ustrchr(ss, ','); | |
645 | ||
646 | /* If there's a comma, temporarily terminate the user name/number | |
647 | at that point. Then set the uid. */ | |
648 | ||
649 | if (comma != NULL) *comma = 0; | |
650 | ok = route_finduser(ss, &pw, &uid); | |
651 | if (comma != NULL) *comma = ','; | |
652 | ||
653 | if (!ok) | |
654 | { | |
655 | *perror = string_sprintf("user \"%s\" for require_files not found", ss); | |
656 | goto RETURN_DEFER; | |
657 | } | |
658 | ||
659 | /* If there was no comma, the gid is that associated with the user. */ | |
660 | ||
661 | if (comma == NULL) | |
662 | { | |
663 | if (pw != NULL) gid = pw->pw_gid; else | |
664 | { | |
665 | *perror = string_sprintf("group missing after numerical uid %d for " | |
666 | "require_files", (int)uid); | |
667 | goto RETURN_DEFER; | |
668 | } | |
669 | } | |
670 | else | |
671 | { | |
672 | if (!route_findgroup(comma + 1, &gid)) | |
673 | { | |
674 | *perror = string_sprintf("group \"%s\" for require_files not found\n", | |
675 | comma + 1); | |
676 | goto RETURN_DEFER; | |
677 | } | |
678 | } | |
679 | ||
680 | /* Note that we have values set, and proceed to next item */ | |
681 | ||
682 | DEBUG(D_route) | |
683 | debug_printf("check subsequent files for access by %s\n", ss); | |
684 | ugid_set = TRUE; | |
685 | continue; | |
686 | } | |
687 | ||
688 | /* Path, possibly preceded by + and ! */ | |
689 | ||
690 | if (*ss == '+') | |
691 | { | |
692 | eacces_code = 1; | |
693 | while (isspace((*(++ss)))); | |
694 | } | |
695 | ||
696 | if (*ss == '!') | |
697 | { | |
698 | invert = TRUE; | |
699 | while (isspace((*(++ss)))); | |
700 | } | |
701 | ||
702 | if (*ss != '/') | |
703 | { | |
704 | *perror = string_sprintf("require_files: \"%s\" is not absolute", ss); | |
705 | goto RETURN_DEFER; | |
706 | } | |
707 | ||
708 | /* Stat the file, either as root (while routing) or as exim (while verifying | |
709 | during message reception). */ | |
710 | ||
711 | rc = Ustat(ss, &statbuf); | |
712 | ||
713 | DEBUG(D_route) | |
714 | { | |
715 | debug_printf("file check: %s\n", check); | |
716 | if (ss != check) debug_printf("expanded file: %s\n", ss); | |
717 | debug_printf("stat() yielded %d\n", rc); | |
718 | } | |
719 | ||
720 | /* If permission is denied, and we are running as root (i.e. routing for | |
721 | delivery rather than verifying), and the requirement is to test for access by | |
722 | a particular uid/gid, it must mean that the file is on a non-root-mounted NFS | |
723 | system. In this case, we have to use a subprocess that runs as the relevant | |
724 | uid in order to do the test. */ | |
725 | ||
726 | if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid) | |
727 | { | |
728 | int status; | |
729 | pid_t pid; | |
730 | void (*oldsignal)(int); | |
731 | ||
732 | DEBUG(D_route) debug_printf("root is denied access: forking to check " | |
733 | "in subprocess\n"); | |
734 | ||
735 | /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so | |
736 | that the child process can be waited for, just in case get here with it set | |
737 | otherwise. Save the old state for resetting on the wait. */ | |
738 | ||
739 | oldsignal = signal(SIGCHLD, SIG_DFL); | |
8e9fdd63 | 740 | pid = exim_fork(US"require-files"); |
059ec3d9 PH |
741 | |
742 | /* If fork() fails, reinstate the original error and behave as if | |
4c04137d | 743 | this block of code were not present. This is the same behaviour as happens |
059ec3d9 PH |
744 | when Exim is not running as root at this point. */ |
745 | ||
746 | if (pid < 0) | |
747 | { | |
748 | DEBUG(D_route) | |
749 | debug_printf("require_files: fork failed: %s\n", strerror(errno)); | |
750 | errno = EACCES; | |
751 | goto HANDLE_ERROR; | |
752 | } | |
753 | ||
754 | /* In the child process, change uid and gid, and then do the check using | |
755 | the route_check_access() function. This does more than just stat the file; | |
756 | it tests permissions as well. Return 0 for OK and 1 for failure. */ | |
757 | ||
758 | if (pid == 0) | |
759 | { | |
760 | exim_setugid(uid, gid, TRUE, | |
761 | string_sprintf("require_files check, file=%s", ss)); | |
f3ebb786 | 762 | if (route_check_access(ss, uid, gid, 4)) |
81022793 | 763 | exim_underbar_exit(EXIT_SUCCESS); |
059ec3d9 | 764 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); |
81022793 | 765 | exim_underbar_exit(EXIT_FAILURE); |
059ec3d9 PH |
766 | } |
767 | ||
768 | /* In the parent, wait for the child to finish */ | |
769 | ||
770 | while (waitpid(pid, &status, 0) < 0) | |
059ec3d9 PH |
771 | if (errno != EINTR) /* unexpected error, interpret as failure */ |
772 | { | |
773 | status = 1; | |
774 | break; | |
775 | } | |
059ec3d9 PH |
776 | |
777 | signal(SIGCHLD, oldsignal); /* restore */ | |
778 | if ((status == 0) == invert) return SKIP; | |
779 | continue; /* to test the next file */ | |
780 | } | |
781 | ||
782 | /* Control reaches here if the initial stat() succeeds, or fails with an | |
783 | error other than EACCES, or no uid/gid is set, or we are not running as root. | |
784 | If we know the file exists and uid/gid are set, try to check read access for | |
785 | that uid/gid as best we can. */ | |
786 | ||
787 | if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4)) | |
788 | { | |
789 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); | |
790 | rc = -1; | |
791 | } | |
792 | ||
4c04137d | 793 | /* Handle error returns from stat() or route_check_access(). The EACCES error |
059ec3d9 PH |
794 | is handled specially. At present, we can force it to be treated as |
795 | non-existence. Write the code so that it will be easy to add forcing for | |
796 | existence if required later. */ | |
797 | ||
798 | HANDLE_ERROR: | |
799 | if (rc < 0) | |
800 | { | |
801 | DEBUG(D_route) debug_printf("errno = %d\n", errno); | |
802 | if (errno == EACCES) | |
803 | { | |
804 | if (eacces_code == 1) | |
805 | { | |
806 | DEBUG(D_route) debug_printf("EACCES => ENOENT\n"); | |
807 | errno = ENOENT; /* Treat as non-existent */ | |
808 | } | |
809 | } | |
810 | if (errno != ENOENT) | |
811 | { | |
812 | *perror = string_sprintf("require_files: error for %s: %s", ss, | |
813 | strerror(errno)); | |
814 | goto RETURN_DEFER; | |
815 | } | |
816 | } | |
817 | ||
818 | /* At this point, rc < 0 => non-existence; rc >= 0 => existence */ | |
819 | ||
820 | if ((rc >= 0) == invert) return SKIP; | |
821 | } | |
822 | ||
823 | return OK; | |
824 | ||
825 | /* Come here on any of the errors that return DEFER. */ | |
826 | ||
827 | RETURN_DEFER: | |
828 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
829 | return DEFER; | |
830 | } | |
831 | ||
832 | ||
833 | ||
834 | ||
835 | ||
836 | /************************************************* | |
837 | * Check for router skipping * | |
838 | *************************************************/ | |
839 | ||
840 | /* This function performs various checks to see whether a router should be | |
841 | skipped. The order in which they are performed is important. | |
842 | ||
843 | Arguments: | |
844 | r pointer to router instance block | |
845 | addr address that is being handled | |
846 | verify the verification type | |
847 | pw ptr to ptr to passwd structure for local user | |
848 | perror for lookup errors | |
849 | ||
850 | Returns: OK if all the tests succeed | |
851 | SKIP if router is to be skipped | |
852 | DEFER for a lookup defer | |
853 | FAIL for address to be failed | |
854 | */ | |
855 | ||
856 | static BOOL | |
857 | check_router_conditions(router_instance *r, address_item *addr, int verify, | |
858 | struct passwd **pw, uschar **perror) | |
859 | { | |
860 | int rc; | |
861 | uschar *check_local_part; | |
06864c44 | 862 | unsigned int *localpart_cache; |
059ec3d9 PH |
863 | |
864 | /* Reset variables to hold a home directory and data from lookup of a domain or | |
865 | local part, and ensure search_find_defer is unset, in case there aren't any | |
866 | actual lookups. */ | |
867 | ||
868 | deliver_home = NULL; | |
869 | deliver_domain_data = NULL; | |
870 | deliver_localpart_data = NULL; | |
871 | sender_data = NULL; | |
872 | local_user_gid = (gid_t)(-1); | |
873 | local_user_uid = (uid_t)(-1); | |
8768d548 | 874 | f.search_find_defer = FALSE; |
059ec3d9 PH |
875 | |
876 | /* Skip this router if not verifying and it has verify_only set */ | |
877 | ||
878 | if ((verify == v_none || verify == v_expn) && r->verify_only) | |
879 | { | |
880 | DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name); | |
881 | return SKIP; | |
882 | } | |
883 | ||
884 | /* Skip this router if testing an address (-bt) and address_test is not set */ | |
885 | ||
8768d548 | 886 | if (f.address_test_mode && !r->address_test) |
059ec3d9 PH |
887 | { |
888 | DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n", | |
889 | r->name); | |
890 | return SKIP; | |
891 | } | |
892 | ||
893 | /* Skip this router if verifying and it hasn't got the appropriate verify flag | |
894 | set. */ | |
895 | ||
896 | if ((verify == v_sender && !r->verify_sender) || | |
897 | (verify == v_recipient && !r->verify_recipient)) | |
898 | { | |
899 | DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n", | |
900 | r->name, verify, r->verify_sender, r->verify_recipient); | |
901 | return SKIP; | |
902 | } | |
903 | ||
904 | /* Skip this router if processing EXPN and it doesn't have expn set */ | |
905 | ||
906 | if (verify == v_expn && !r->expn) | |
907 | { | |
908 | DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name); | |
909 | return SKIP; | |
910 | } | |
911 | ||
912 | /* Skip this router if there's a domain mismatch. */ | |
913 | ||
914 | if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor, | |
55414b25 JH |
915 | addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data, |
916 | MCL_DOMAIN, perror)) != OK) | |
059ec3d9 PH |
917 | return rc; |
918 | ||
919 | /* Skip this router if there's a local part mismatch. We want to pass over the | |
920 | caseful local part, so that +caseful can restore it, even if this router is | |
921 | handling local parts caselessly. However, we can't just pass cc_local_part, | |
922 | because that doesn't have the prefix or suffix stripped. A bit of massaging is | |
06864c44 TF |
923 | required. Also, we only use the match cache for local parts that have not had |
924 | a prefix or suffix stripped. */ | |
059ec3d9 | 925 | |
9cd12950 | 926 | if (!addr->prefix && !addr->suffix) |
06864c44 TF |
927 | { |
928 | localpart_cache = addr->localpart_cache; | |
059ec3d9 | 929 | check_local_part = addr->cc_local_part; |
06864c44 | 930 | } |
059ec3d9 PH |
931 | else |
932 | { | |
06864c44 | 933 | localpart_cache = NULL; |
059ec3d9 | 934 | check_local_part = string_copy(addr->cc_local_part); |
9cd12950 | 935 | if (addr->prefix) |
059ec3d9 | 936 | check_local_part += Ustrlen(addr->prefix); |
9cd12950 | 937 | if (addr->suffix) |
059ec3d9 PH |
938 | check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0; |
939 | } | |
940 | ||
941 | if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts, | |
06864c44 | 942 | &localpartlist_anchor, localpart_cache, MCL_LOCALPART, |
55414b25 JH |
943 | check_local_part, CUSS &deliver_localpart_data, |
944 | !r->caseful_local_part, perror)) != OK) | |
059ec3d9 PH |
945 | return rc; |
946 | ||
947 | /* If the check_local_user option is set, check that the local_part is the | |
948 | login of a local user. Note: the third argument to route_finduser() must be | |
949 | NULL here, to prevent a numeric string being taken as a numeric uid. If the | |
950 | user is found, set deliver_home to the home directory, and also set | |
d8024efa | 951 | local_user_{uid,gid} and local_part_data. */ |
059ec3d9 PH |
952 | |
953 | if (r->check_local_user) | |
954 | { | |
955 | DEBUG(D_route) debug_printf("checking for local user\n"); | |
956 | if (!route_finduser(addr->local_part, pw, NULL)) | |
957 | { | |
958 | DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n", | |
959 | r->name, addr->local_part); | |
960 | return SKIP; | |
961 | } | |
d8024efa JH |
962 | addr->prop.localpart_data = |
963 | deliver_localpart_data = string_copy(US (*pw)->pw_name); | |
059ec3d9 PH |
964 | deliver_home = string_copy(US (*pw)->pw_dir); |
965 | local_user_gid = (*pw)->pw_gid; | |
966 | local_user_uid = (*pw)->pw_uid; | |
967 | } | |
968 | ||
969 | /* Set (or override in the case of check_local_user) the home directory if | |
970 | router_home_directory is set. This is done here so that it overrides $home from | |
971 | check_local_user before any subsequent expansions are done. Otherwise, $home | |
972 | could mean different things for different options, which would be extremely | |
973 | confusing. */ | |
974 | ||
9cd12950 | 975 | if (r->router_home_directory) |
059ec3d9 | 976 | { |
37c0e209 JH |
977 | uschar * router_home = expand_string(r->router_home_directory); |
978 | if (router_home) | |
059ec3d9 PH |
979 | { |
980 | setflag(addr, af_home_expanded); /* Note set from router_home_directory */ | |
981 | deliver_home = router_home; | |
982 | } | |
37c0e209 JH |
983 | else if (!f.expand_string_forcedfail) |
984 | { | |
985 | *perror = string_sprintf("failed to expand \"%s\" for " | |
986 | "router_home_directory: %s", r->router_home_directory, | |
987 | expand_string_message); | |
988 | return DEFER; | |
989 | } | |
059ec3d9 PH |
990 | } |
991 | ||
992 | /* Skip if the sender condition is not met. We leave this one till after the | |
4c04137d | 993 | local user check so that $home is set - enabling the possibility of letting |
059ec3d9 PH |
994 | individual recipients specify lists of acceptable/unacceptable senders. */ |
995 | ||
996 | if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL, | |
997 | sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK) | |
998 | return rc; | |
999 | ||
1000 | /* This is the point at which we print out the router's debugging string if it | |
1001 | is set. We wait till here so as to have $home available for local users (and | |
1002 | anyway, we don't want too much stuff for skipped routers). */ | |
1003 | ||
1004 | debug_print_string(r->debug_string); | |
1005 | ||
1006 | /* Perform file existence tests. */ | |
1007 | ||
1008 | if ((rc = check_files(r->require_files, perror)) != OK) | |
1009 | { | |
1010 | DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name, | |
1011 | (rc == SKIP)? "skipped" : "deferred"); | |
1012 | return rc; | |
1013 | } | |
1014 | ||
1015 | /* Now the general condition test. */ | |
1016 | ||
9cd12950 | 1017 | if (r->condition) |
059ec3d9 | 1018 | { |
adaa0e2c | 1019 | DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition); |
059ec3d9 PH |
1020 | if (!expand_check_condition(r->condition, r->name, US"router")) |
1021 | { | |
8768d548 | 1022 | if (f.search_find_defer) |
059ec3d9 PH |
1023 | { |
1024 | *perror = US"condition check lookup defer"; | |
1025 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
1026 | return DEFER; | |
1027 | } | |
1028 | DEBUG(D_route) | |
1029 | debug_printf("%s router skipped: condition failure\n", r->name); | |
1030 | return SKIP; | |
1031 | } | |
1032 | } | |
1033 | ||
8523533c TK |
1034 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
1035 | /* check if a specific Brightmail AntiSpam rule fired on the message */ | |
9cd12950 JH |
1036 | if (r->bmi_rule) |
1037 | { | |
8523533c | 1038 | DEBUG(D_route) debug_printf("checking bmi_rule\n"); |
9cd12950 JH |
1039 | if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0) |
1040 | { /* none of the rules fired */ | |
8523533c TK |
1041 | DEBUG(D_route) |
1042 | debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name); | |
1043 | return SKIP; | |
9cd12950 JH |
1044 | } |
1045 | } | |
8523533c TK |
1046 | |
1047 | /* check if message should not be delivered */ | |
9cd12950 JH |
1048 | if (r->bmi_dont_deliver && bmi_deliver == 1) |
1049 | { | |
1050 | DEBUG(D_route) | |
1051 | debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name); | |
1052 | return SKIP; | |
1053 | } | |
8523533c TK |
1054 | |
1055 | /* check if message should go to an alternate location */ | |
9cd12950 JH |
1056 | if ( r->bmi_deliver_alternate |
1057 | && (bmi_deliver == 0 || !bmi_alt_location) | |
1058 | ) | |
1059 | { | |
1060 | DEBUG(D_route) | |
1061 | debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name); | |
1062 | return SKIP; | |
1063 | } | |
8523533c TK |
1064 | |
1065 | /* check if message should go to default location */ | |
9cd12950 JH |
1066 | if ( r->bmi_deliver_default |
1067 | && (bmi_deliver == 0 || bmi_alt_location) | |
1068 | ) | |
1069 | { | |
1070 | DEBUG(D_route) | |
1071 | debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name); | |
1072 | return SKIP; | |
1073 | } | |
8523533c TK |
1074 | #endif |
1075 | ||
059ec3d9 PH |
1076 | /* All the checks passed. */ |
1077 | ||
1078 | return OK; | |
1079 | } | |
1080 | ||
1081 | ||
1082 | ||
1083 | ||
1084 | /************************************************* | |
1085 | * Find a local user * | |
1086 | *************************************************/ | |
1087 | ||
1088 | /* Try several times (if configured) to find a local user, in case delays in | |
1089 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam() | |
1090 | doesn't have some kind of indication as to why it has failed. If the string | |
1091 | given consists entirely of digits, and the third argument is not NULL, assume | |
1092 | the string is the numerical value of the uid. Otherwise it is looked up using | |
1093 | getpwnam(). The uid is passed back via return_uid, if not NULL, and the | |
1094 | pointer to a passwd structure, if found, is passed back via pw, if not NULL. | |
1095 | ||
1096 | Because this may be called several times in succession for the same user for | |
1097 | different routers, cache the result of the previous getpwnam call so that it | |
1098 | can be re-used. Note that we can't just copy the structure, as the store it | |
1099 | points to can get trashed. | |
1100 | ||
1101 | Arguments: | |
1102 | s the login name or textual form of the numerical uid of the user | |
1103 | pw if not NULL, return the result of getpwnam here, or set NULL | |
1104 | if no call to getpwnam is made (s numeric, return_uid != NULL) | |
1105 | return_uid if not NULL, return the uid via this address | |
1106 | ||
1107 | Returns: TRUE if s is numerical or was looked up successfully | |
1108 | ||
1109 | */ | |
1110 | ||
1111 | static struct passwd pwcopy; | |
1112 | static struct passwd *lastpw = NULL; | |
1113 | static uschar lastname[48] = { 0 }; | |
1114 | static uschar lastdir[128]; | |
1115 | static uschar lastgecos[128]; | |
1116 | static uschar lastshell[128]; | |
1117 | ||
1118 | BOOL | |
55414b25 | 1119 | route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid) |
059ec3d9 | 1120 | { |
d8fe1c03 PH |
1121 | BOOL cache_set = (Ustrcmp(lastname, s) == 0); |
1122 | ||
1123 | DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s, | |
f3ebb786 | 1124 | cache_set ? "using cached result" : "cache not available"); |
d8fe1c03 PH |
1125 | |
1126 | if (!cache_set) | |
059ec3d9 PH |
1127 | { |
1128 | int i = 0; | |
1129 | ||
9cd12950 | 1130 | if (return_uid && (isdigit(*s) || *s == '-') && |
059ec3d9 PH |
1131 | s[Ustrspn(s+1, "0123456789")+1] == 0) |
1132 | { | |
1133 | *return_uid = (uid_t)Uatoi(s); | |
9cd12950 | 1134 | if (pw) *pw = NULL; |
059ec3d9 PH |
1135 | return TRUE; |
1136 | } | |
1137 | ||
f3ebb786 | 1138 | string_format_nt(lastname, sizeof(lastname), "%s", s); |
059ec3d9 PH |
1139 | |
1140 | /* Force failure if string length is greater than given maximum */ | |
1141 | ||
1142 | if (max_username_length > 0 && Ustrlen(lastname) > max_username_length) | |
1143 | { | |
1144 | DEBUG(D_uid) debug_printf("forced failure of finduser(): string " | |
1145 | "length of %s is greater than %d\n", lastname, max_username_length); | |
1146 | lastpw = NULL; | |
1147 | } | |
1148 | ||
1149 | /* Try a few times if so configured; this handles delays in NIS etc. */ | |
1150 | ||
1151 | else for (;;) | |
1152 | { | |
73a6bc4b | 1153 | errno = 0; |
9cd12950 | 1154 | if ((lastpw = getpwnam(CS s))) break; |
059ec3d9 PH |
1155 | if (++i > finduser_retries) break; |
1156 | sleep(1); | |
1157 | } | |
1158 | ||
9cd12950 | 1159 | if (lastpw) |
059ec3d9 PH |
1160 | { |
1161 | pwcopy.pw_uid = lastpw->pw_uid; | |
1162 | pwcopy.pw_gid = lastpw->pw_gid; | |
1163 | (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir); | |
1164 | (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos); | |
1165 | (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell); | |
1166 | pwcopy.pw_name = CS lastname; | |
1167 | pwcopy.pw_dir = CS lastdir; | |
1168 | pwcopy.pw_gecos = CS lastgecos; | |
1169 | pwcopy.pw_shell = CS lastshell; | |
1170 | lastpw = &pwcopy; | |
1171 | } | |
d8fe1c03 | 1172 | |
9cd12950 JH |
1173 | else DEBUG(D_uid) if (errno != 0) |
1174 | debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno)); | |
d8fe1c03 PH |
1175 | } |
1176 | ||
9cd12950 | 1177 | if (!lastpw) |
d8fe1c03 PH |
1178 | { |
1179 | DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n"); | |
1180 | return FALSE; | |
059ec3d9 | 1181 | } |
9cd12950 JH |
1182 | |
1183 | DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n", | |
d8fe1c03 | 1184 | lastpw->pw_uid, lastpw->pw_gid); |
059ec3d9 | 1185 | |
9cd12950 JH |
1186 | if (return_uid) *return_uid = lastpw->pw_uid; |
1187 | if (pw) *pw = lastpw; | |
059ec3d9 PH |
1188 | |
1189 | return TRUE; | |
1190 | } | |
1191 | ||
1192 | ||
1193 | ||
1194 | ||
1195 | /************************************************* | |
1196 | * Find a local group * | |
1197 | *************************************************/ | |
1198 | ||
1199 | /* Try several times (if configured) to find a local group, in case delays in | |
1200 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam() | |
1201 | doesn't have some kind of indication as to why it has failed. | |
1202 | ||
1203 | Arguments: | |
4c04137d | 1204 | s the group name or textual form of the numerical gid |
059ec3d9 PH |
1205 | return_gid return the gid via this address |
1206 | ||
1207 | Returns: TRUE if the group was found; FALSE otherwise | |
1208 | ||
1209 | */ | |
1210 | ||
1211 | BOOL | |
1212 | route_findgroup(uschar *s, gid_t *return_gid) | |
1213 | { | |
1214 | int i = 0; | |
1215 | struct group *gr; | |
1216 | ||
1217 | if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0) | |
1218 | { | |
1219 | *return_gid = (gid_t)Uatoi(s); | |
1220 | return TRUE; | |
1221 | } | |
1222 | ||
1223 | for (;;) | |
1224 | { | |
9cd12950 | 1225 | if ((gr = getgrnam(CS s))) |
059ec3d9 PH |
1226 | { |
1227 | *return_gid = gr->gr_gid; | |
1228 | return TRUE; | |
1229 | } | |
1230 | if (++i > finduser_retries) break; | |
1231 | sleep(1); | |
1232 | } | |
1233 | ||
1234 | return FALSE; | |
1235 | } | |
1236 | ||
1237 | ||
1238 | ||
1239 | ||
1240 | /************************************************* | |
1241 | * Find user by expanding string * | |
1242 | *************************************************/ | |
1243 | ||
1244 | /* Expands a string, and then looks up the result in the passwd file. | |
1245 | ||
1246 | Arguments: | |
1247 | string the string to be expanded, yielding a login name or a numerical | |
1248 | uid value (to be passed to route_finduser()) | |
1249 | driver_name caller name for panic error message (only) | |
1250 | driver_type caller type for panic error message (only) | |
1251 | pw return passwd entry via this pointer | |
1252 | uid return uid via this pointer | |
1253 | errmsg where to point a message on failure | |
1254 | ||
1255 | Returns: TRUE if user found, FALSE otherwise | |
1256 | */ | |
1257 | ||
1258 | BOOL | |
1259 | route_find_expanded_user(uschar *string, uschar *driver_name, | |
1260 | uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg) | |
1261 | { | |
1262 | uschar *user = expand_string(string); | |
1263 | ||
9cd12950 | 1264 | if (!user) |
059ec3d9 PH |
1265 | { |
1266 | *errmsg = string_sprintf("Failed to expand user string \"%s\" for the " | |
1267 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1268 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1269 | return FALSE; | |
1270 | } | |
1271 | ||
1272 | if (route_finduser(user, pw, uid)) return TRUE; | |
1273 | ||
1274 | *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string " | |
1275 | "\"%s\" for the %s %s", user, string, driver_name, driver_type); | |
1276 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1277 | return FALSE; | |
1278 | } | |
1279 | ||
1280 | ||
1281 | ||
1282 | /************************************************* | |
1283 | * Find group by expanding string * | |
1284 | *************************************************/ | |
1285 | ||
1286 | /* Expands a string and then looks up the result in the group file. | |
1287 | ||
1288 | Arguments: | |
1289 | string the string to be expanded, yielding a group name or a numerical | |
1290 | gid value (to be passed to route_findgroup()) | |
1291 | driver_name caller name for panic error message (only) | |
1292 | driver_type caller type for panic error message (only) | |
1293 | gid return gid via this pointer | |
1294 | errmsg return error message via this pointer | |
1295 | ||
1296 | Returns: TRUE if found group, FALSE otherwise | |
1297 | */ | |
1298 | ||
1299 | BOOL | |
1300 | route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type, | |
1301 | gid_t *gid, uschar **errmsg) | |
1302 | { | |
1303 | BOOL yield = TRUE; | |
1304 | uschar *group = expand_string(string); | |
1305 | ||
9cd12950 | 1306 | if (!group) |
059ec3d9 PH |
1307 | { |
1308 | *errmsg = string_sprintf("Failed to expand group string \"%s\" for the " | |
1309 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1310 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1311 | return FALSE; | |
1312 | } | |
1313 | ||
1314 | if (!route_findgroup(group, gid)) | |
1315 | { | |
1316 | *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string " | |
1317 | "\"%s\" for the %s %s", group, string, driver_name, driver_type); | |
1318 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1319 | yield = FALSE; | |
1320 | } | |
1321 | ||
1322 | return yield; | |
1323 | } | |
1324 | ||
1325 | ||
1326 | ||
059ec3d9 PH |
1327 | /************************************************* |
1328 | * Handle an unseen routing * | |
1329 | *************************************************/ | |
1330 | ||
1331 | /* This function is called when an address is routed by a router with "unseen" | |
1332 | set. It must make a clone of the address, for handling by subsequent drivers. | |
1333 | The clone is set to start routing at the next router. | |
1334 | ||
1335 | The original address must be replaced by an invented "parent" which has the | |
1336 | routed address plus the clone as its children. This is necessary in case the | |
1337 | address is at the top level - we don't want to mark it complete until both | |
1338 | deliveries have been done. | |
1339 | ||
1340 | A new unique field must be made, so that the record of the delivery isn't a | |
1341 | record of the original address, and checking for already delivered has | |
1342 | therefore to be done here. If the delivery has happened, then take the base | |
1343 | address off whichever delivery queue it is on - it will always be the top item. | |
1344 | ||
1345 | Arguments: | |
1346 | name router name | |
1347 | addr address that was routed | |
1348 | paddr_local chain of local-delivery addresses | |
1349 | paddr_remote chain of remote-delivery addresses | |
1350 | addr_new chain for newly created addresses | |
1351 | ||
1352 | Returns: nothing | |
1353 | */ | |
1354 | ||
1355 | static void | |
1356 | route_unseen(uschar *name, address_item *addr, address_item **paddr_local, | |
1357 | address_item **paddr_remote, address_item **addr_new) | |
1358 | { | |
1359 | address_item *parent = deliver_make_addr(addr->address, TRUE); | |
1360 | address_item *new = deliver_make_addr(addr->address, TRUE); | |
1361 | ||
1362 | /* The invented parent is a copy that replaces the original; note that | |
1363 | this copies its parent pointer. It has two children, and its errors_address is | |
1364 | from the original address' parent, if present, otherwise unset. */ | |
1365 | ||
1366 | *parent = *addr; | |
1367 | parent->child_count = 2; | |
d43cbe25 | 1368 | parent->prop.errors_address = |
9cd12950 | 1369 | addr->parent ? addr->parent->prop.errors_address : NULL; |
059ec3d9 PH |
1370 | |
1371 | /* The routed address gets a new parent. */ | |
1372 | ||
1373 | addr->parent = parent; | |
1374 | ||
1375 | /* The clone has this parent too. Set its errors address from the parent. This | |
1376 | was set from the original parent (or to NULL) - see above. We do NOT want to | |
1377 | take the errors address from the unseen router. */ | |
1378 | ||
1379 | new->parent = parent; | |
d43cbe25 | 1380 | new->prop.errors_address = parent->prop.errors_address; |
059ec3d9 PH |
1381 | |
1382 | /* Copy the propagated flags and address_data from the original. */ | |
1383 | ||
7eb0e5d2 | 1384 | new->prop.ignore_error = addr->prop.ignore_error; |
d43cbe25 | 1385 | new->prop.address_data = addr->prop.address_data; |
b4f579d1 JH |
1386 | new->prop.variables = NULL; |
1387 | tree_dup((tree_node **)&new->prop.variables, addr->prop.variables); | |
6c1c3d1d WB |
1388 | new->dsn_flags = addr->dsn_flags; |
1389 | new->dsn_orcpt = addr->dsn_orcpt; | |
059ec3d9 PH |
1390 | |
1391 | ||
1392 | /* As it has turned out, we haven't set headers_add or headers_remove for the | |
1393 | * clone. Thinking about it, it isn't entirely clear whether they should be | |
1394 | * copied from the original parent, like errors_address, or taken from the | |
1395 | * unseen router, like address_data and the flags. Until somebody brings this | |
1396 | * up, I propose to leave the code as it is. | |
1397 | */ | |
1398 | ||
1399 | ||
1400 | /* Set the cloned address to start at the next router, and put it onto the | |
1401 | chain of new addresses. */ | |
1402 | ||
1403 | new->start_router = addr->router->next; | |
1404 | new->next = *addr_new; | |
1405 | *addr_new = new; | |
1406 | ||
1407 | DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address); | |
1408 | ||
1409 | /* Make a new unique field, to distinguish from the normal one. */ | |
1410 | ||
1411 | addr->unique = string_sprintf("%s/%s", addr->unique, name); | |
1412 | ||
1413 | /* If the address has been routed to a transport, see if it was previously | |
1414 | delivered. If so, we take it off the relevant queue so that it isn't delivered | |
1415 | again. Otherwise, it was an alias or something, and the addresses it generated | |
1416 | are handled in the normal way. */ | |
1417 | ||
9cd12950 | 1418 | if (addr->transport && tree_search(tree_nonrecipients, addr->unique)) |
059ec3d9 PH |
1419 | { |
1420 | DEBUG(D_route) | |
1421 | debug_printf("\"unseen\" delivery previously done - discarded\n"); | |
1422 | parent->child_count--; | |
1423 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1424 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1425 | } | |
1426 | } | |
1427 | ||
1428 | ||
1429 | ||
b4f579d1 JH |
1430 | /************************************************/ |
1431 | /* Add router-assigned variables | |
1432 | Return OK/DEFER/FAIL/PASS */ | |
1433 | ||
1434 | static int | |
1435 | set_router_vars(address_item * addr, const router_instance * r) | |
1436 | { | |
1437 | const uschar * varlist = r->set; | |
1438 | tree_node ** root = (tree_node **) &addr->prop.variables; | |
b436dd41 | 1439 | int sep = ';'; |
b4f579d1 JH |
1440 | |
1441 | if (!varlist) return OK; | |
1442 | ||
1443 | /* Walk the varlist, creating variables */ | |
1444 | ||
1445 | for (uschar * ele; (ele = string_nextinlist(&varlist, &sep, NULL, 0)); ) | |
1446 | { | |
1447 | const uschar * assignment = ele; | |
1448 | int esep = '='; | |
1449 | uschar * name = string_nextinlist(&assignment, &esep, NULL, 0); | |
1450 | uschar * val; | |
1451 | tree_node * node; | |
1452 | ||
1453 | /* Variable name must exist and start "r_". */ | |
1454 | ||
1455 | if (!name || name[0] != 'r' || name[1] != '_' || !name[2]) | |
b436dd41 JH |
1456 | { |
1457 | log_write(0, LOG_MAIN|LOG_PANIC, | |
1458 | "bad router variable name '%s' in router '%s'\n", name, r->name); | |
b4f579d1 | 1459 | return FAIL; |
b436dd41 | 1460 | } |
b4f579d1 JH |
1461 | name += 2; |
1462 | ||
467c84b2 JH |
1463 | while (isspace(*assignment)) assignment++; |
1464 | ||
b4f579d1 JH |
1465 | if (!(val = expand_string(US assignment))) |
1466 | if (f.expand_string_forcedfail) | |
1467 | { | |
1468 | int yield; | |
1469 | BOOL more; | |
1470 | DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" " | |
1471 | "(router variable): decline action taken\n", ele); | |
1472 | ||
1473 | /* Expand "more" if necessary; DEFER => an expansion failed */ | |
1474 | ||
1475 | yield = exp_bool(addr, US"router", r->name, D_route, | |
1476 | US"more", r->more, r->expand_more, &more); | |
1477 | if (yield != OK) return yield; | |
1478 | ||
1479 | if (!more) | |
1480 | { | |
1481 | DEBUG(D_route) | |
1482 | debug_printf("\"more\"=false: skipping remaining routers\n"); | |
1483 | router_name = NULL; | |
1484 | r = NULL; | |
1485 | return FAIL; | |
1486 | } | |
1487 | return PASS; | |
1488 | } | |
1489 | else | |
1490 | { | |
1491 | addr->message = string_sprintf("expansion of \"%s\" failed " | |
1492 | "in %s router: %s", ele, r->name, expand_string_message); | |
1493 | return DEFER; | |
1494 | } | |
1495 | ||
1496 | if (!(node = tree_search(*root, name))) | |
f3ebb786 JH |
1497 | { /* name should never be tainted */ |
1498 | node = store_get(sizeof(tree_node) + Ustrlen(name), FALSE); | |
b4f579d1 JH |
1499 | Ustrcpy(node->name, name); |
1500 | (void)tree_insertnode(root, node); | |
1501 | } | |
1502 | node->data.ptr = US val; | |
f3ebb786 JH |
1503 | DEBUG(D_route) debug_printf("set r_%s%s = '%s'%s\n", |
1504 | name, is_tainted(name)?" (tainted)":"", | |
1505 | val, is_tainted(val)?" (tainted)":""); | |
467c84b2 JH |
1506 | |
1507 | /* All expansions after this point need visibility of that variable */ | |
1508 | router_var = *root; | |
b4f579d1 JH |
1509 | } |
1510 | return OK; | |
1511 | } | |
1512 | ||
1513 | ||
059ec3d9 PH |
1514 | /************************************************* |
1515 | * Route one address * | |
1516 | *************************************************/ | |
1517 | ||
1518 | /* This function is passed in one address item, for processing by the routers. | |
1519 | The verify flag is set if this is being called for verification rather than | |
1520 | delivery. If the router doesn't have its "verify" flag set, it is skipped. | |
1521 | ||
1522 | Arguments: | |
1523 | addr address to route | |
1524 | paddr_local chain of local-delivery addresses | |
1525 | paddr_remote chain of remote-delivery addresses | |
1526 | addr_new chain for newly created addresses | |
1527 | addr_succeed chain for completed addresses | |
1528 | verify v_none if not verifying | |
1529 | v_sender if verifying a sender address | |
1530 | v_recipient if verifying a recipient address | |
1531 | v_expn if processing an EXPN address | |
1532 | ||
1533 | Returns: OK => address successfully routed | |
1534 | DISCARD => address was discarded | |
1535 | FAIL => address could not be routed | |
1536 | DEFER => some temporary problem | |
1537 | ERROR => some major internal or configuration failure | |
1538 | */ | |
1539 | ||
1540 | int | |
1541 | route_address(address_item *addr, address_item **paddr_local, | |
1542 | address_item **paddr_remote, address_item **addr_new, | |
1543 | address_item **addr_succeed, int verify) | |
1544 | { | |
1545 | int yield = OK; | |
1546 | BOOL unseen; | |
1547 | router_instance *r, *nextr; | |
55414b25 | 1548 | const uschar *old_domain = addr->domain; |
059ec3d9 PH |
1549 | |
1550 | HDEBUG(D_route) | |
1551 | { | |
1552 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
1553 | debug_printf("routing %s\n", addr->address); | |
1554 | } | |
1555 | ||
1556 | /* Loop through all router instances until a router succeeds, fails, defers, or | |
1557 | encounters an error. If the address has start_router set, we begin from there | |
1558 | instead of at the first router. */ | |
1559 | ||
9cd12950 | 1560 | for (r = addr->start_router ? addr->start_router : routers; r; r = nextr) |
059ec3d9 PH |
1561 | { |
1562 | uschar *error; | |
1563 | struct passwd *pw = NULL; | |
1564 | struct passwd pwcopy; | |
059ec3d9 PH |
1565 | BOOL loop_detected = FALSE; |
1566 | BOOL more; | |
1567 | int loopcount = 0; | |
1568 | int rc; | |
1569 | ||
1570 | DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name); | |
1571 | ||
1572 | /* Reset any search error message from the previous router. */ | |
1573 | ||
1574 | search_error_message = NULL; | |
1575 | ||
1576 | /* There are some weird cases where logging is disabled */ | |
1577 | ||
8768d548 | 1578 | f.disable_logging = r->disable_logging; |
059ec3d9 PH |
1579 | |
1580 | /* Record the last router to handle the address, and set the default | |
1581 | next router. */ | |
1582 | ||
1583 | addr->router = r; | |
1584 | nextr = r->next; | |
1585 | ||
1586 | /* Loop protection: If this address has an ancestor with the same address, | |
1587 | and that ancestor was routed by this router, we skip this router. This | |
1588 | prevents a variety of looping states when a new address is created by | |
1589 | redirection or by the use of "unseen" on a router. | |
1590 | ||
1591 | If no_repeat_use is set on the router, we skip if _any_ ancestor was routed | |
1592 | by this router, even if it was different to the current address. | |
1593 | ||
1594 | Just in case someone does put it into a loop (possible with redirection | |
4c04137d | 1595 | continually adding to an address, for example), put a long stop counter on |
059ec3d9 PH |
1596 | the number of parents. */ |
1597 | ||
d7978c0f | 1598 | for (address_item * parent = addr->parent; parent; parent = parent->parent) |
059ec3d9 PH |
1599 | { |
1600 | if (parent->router == r) | |
1601 | { | |
1602 | BOOL break_loop = !r->repeat_use; | |
1603 | ||
1604 | /* When repeat_use is set, first check the active addresses caselessly. | |
1605 | If they match, we have to do a further caseful check of the local parts | |
1606 | when caseful_local_part is set. This is assumed to be rare, which is why | |
1607 | the code is written this way. */ | |
1608 | ||
1609 | if (!break_loop) | |
1610 | { | |
1611 | break_loop = strcmpic(parent->address, addr->address) == 0; | |
1612 | if (break_loop && r->caseful_local_part) | |
1613 | break_loop = Ustrncmp(parent->address, addr->address, | |
1614 | Ustrrchr(addr->address, '@') - addr->address) == 0; | |
1615 | } | |
1616 | ||
1617 | if (break_loop) | |
1618 | { | |
1619 | DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n", | |
1620 | r->name, parent->address); | |
1621 | loop_detected = TRUE; | |
1622 | break; | |
1623 | } | |
1624 | } | |
1625 | ||
1626 | /* Continue with parents, limiting the size of the dynasty. */ | |
1627 | ||
1628 | if (loopcount++ > 100) | |
1629 | { | |
1630 | log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address); | |
1631 | yield = DEFER; | |
1632 | goto ROUTE_EXIT; | |
1633 | } | |
1634 | } | |
1635 | ||
1636 | if (loop_detected) continue; | |
1637 | ||
1638 | /* Default no affixes and select whether to use a caseful or caseless local | |
1639 | part in this router. */ | |
1640 | ||
759502e5 JH |
1641 | addr->prefix = addr->prefix_v = addr->suffix = addr->suffix_v = NULL; |
1642 | addr->local_part = r->caseful_local_part | |
1643 | ? addr->cc_local_part : addr->lc_local_part; | |
059ec3d9 PH |
1644 | |
1645 | DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part, | |
1646 | addr->domain); | |
1647 | ||
1648 | /* Handle any configured prefix by replacing the local_part address, | |
1649 | and setting the prefix. Skip the router if the prefix doesn't match, | |
1650 | unless the prefix is optional. */ | |
1651 | ||
9cd12950 | 1652 | if (r->prefix) |
059ec3d9 | 1653 | { |
759502e5 JH |
1654 | unsigned vlen; |
1655 | int plen = route_check_prefix(addr->local_part, r->prefix, &vlen); | |
059ec3d9 PH |
1656 | if (plen > 0) |
1657 | { | |
19849de0 JH |
1658 | /* If the variable-part is zero-length then the prefix was not |
1659 | wildcarded and we can detaint-copy it since it matches the | |
1660 | (non-expandable) router option. Otherwise copy the (likely) tainted match | |
1661 | and the variable-part of the match from the local_part. */ | |
1662 | ||
1663 | if (vlen) | |
1664 | { | |
1665 | addr->prefix = string_copyn(addr->local_part, plen); | |
1666 | addr->prefix_v = string_copyn(addr->local_part, vlen); | |
1667 | } | |
1668 | else | |
1669 | addr->prefix = string_copyn_taint(addr->local_part, plen, FALSE); | |
059ec3d9 PH |
1670 | addr->local_part += plen; |
1671 | DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix); | |
1672 | } | |
1673 | else if (!r->prefix_optional) | |
1674 | { | |
1675 | DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n", | |
1676 | r->name); | |
1677 | continue; | |
1678 | } | |
1679 | } | |
1680 | ||
1681 | /* Handle any configured suffix likewise. */ | |
1682 | ||
9cd12950 | 1683 | if (r->suffix) |
059ec3d9 | 1684 | { |
759502e5 JH |
1685 | unsigned vlen; |
1686 | int slen = route_check_suffix(addr->local_part, r->suffix, &vlen); | |
059ec3d9 PH |
1687 | if (slen > 0) |
1688 | { | |
1689 | int lplen = Ustrlen(addr->local_part) - slen; | |
19849de0 JH |
1690 | addr->suffix = vlen |
1691 | ? addr->local_part + lplen | |
1692 | : string_copy_taint(addr->local_part + lplen, slen); | |
759502e5 | 1693 | addr->suffix_v = addr->suffix + Ustrlen(addr->suffix) - vlen; |
059ec3d9 PH |
1694 | addr->local_part = string_copyn(addr->local_part, lplen); |
1695 | DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix); | |
1696 | } | |
1697 | else if (!r->suffix_optional) | |
1698 | { | |
1699 | DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n", | |
1700 | r->name); | |
1701 | continue; | |
1702 | } | |
1703 | } | |
1704 | ||
1705 | /* Set the expansion variables now that we have the affixes and the case of | |
1706 | the local part sorted. */ | |
1707 | ||
2a47f028 | 1708 | router_name = r->name; |
059ec3d9 PH |
1709 | deliver_set_expansions(addr); |
1710 | ||
1711 | /* For convenience, the pre-router checks are in a separate function, which | |
1712 | returns OK, SKIP, FAIL, or DEFER. */ | |
1713 | ||
1714 | if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK) | |
1715 | { | |
2a47f028 | 1716 | router_name = NULL; |
059ec3d9 PH |
1717 | if (rc == SKIP) continue; |
1718 | addr->message = error; | |
1719 | yield = rc; | |
1720 | goto ROUTE_EXIT; | |
1721 | } | |
1722 | ||
1723 | /* All pre-conditions have been met. Reset any search error message from | |
1724 | pre-condition tests. These can arise in negated tests where the failure of | |
1725 | the lookup leads to a TRUE pre-condition. */ | |
1726 | ||
1727 | search_error_message = NULL; | |
1728 | ||
b4f579d1 | 1729 | /* Add any variable-settings that are on the router, to the set on the |
fa7b17bd JH |
1730 | addr. Expansion is done here and not later when the addr is used. There may |
1731 | be multiple settings, gathered during readconf; this code gathers them during | |
b4f579d1 JH |
1732 | router traversal. On the addr string they are held as a variable tree, so |
1733 | as to maintain the post-expansion taints separate. */ | |
fa7b17bd | 1734 | |
b436dd41 | 1735 | switch (set_router_vars(addr, r)) |
fa7b17bd | 1736 | { |
b436dd41 JH |
1737 | case OK: break; |
1738 | case PASS: continue; /* with next router */ | |
1739 | default: goto ROUTE_EXIT; | |
fa7b17bd JH |
1740 | } |
1741 | ||
059ec3d9 PH |
1742 | /* Finally, expand the address_data field in the router. Forced failure |
1743 | behaves as if the router declined. Any other failure is more serious. On | |
1744 | success, the string is attached to the address for all subsequent processing. | |
1745 | */ | |
1746 | ||
9cd12950 | 1747 | if (r->address_data) |
059ec3d9 PH |
1748 | { |
1749 | DEBUG(D_route) debug_printf("processing address_data\n"); | |
fa7b17bd | 1750 | if (!(deliver_address_data = expand_string(r->address_data))) |
059ec3d9 | 1751 | { |
8768d548 | 1752 | if (f.expand_string_forcedfail) |
059ec3d9 PH |
1753 | { |
1754 | DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" " | |
1755 | "(address_data): decline action taken\n", r->address_data); | |
1756 | ||
1757 | /* Expand "more" if necessary; DEFER => an expansion failed */ | |
1758 | ||
9c695f6d JH |
1759 | yield = exp_bool(addr, US"router", r->name, D_route, |
1760 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1761 | if (yield != OK) goto ROUTE_EXIT; |
1762 | ||
1763 | if (!more) | |
1764 | { | |
1765 | DEBUG(D_route) | |
1766 | debug_printf("\"more\"=false: skipping remaining routers\n"); | |
2a47f028 | 1767 | router_name = NULL; |
059ec3d9 PH |
1768 | r = NULL; |
1769 | break; | |
1770 | } | |
1771 | else continue; /* With next router */ | |
1772 | } | |
1773 | ||
1774 | else | |
1775 | { | |
1776 | addr->message = string_sprintf("expansion of \"%s\" failed " | |
1777 | "in %s router: %s", r->address_data, r->name, expand_string_message); | |
1778 | yield = DEFER; | |
1779 | goto ROUTE_EXIT; | |
1780 | } | |
1781 | } | |
d43cbe25 | 1782 | addr->prop.address_data = deliver_address_data; |
059ec3d9 PH |
1783 | } |
1784 | ||
1785 | /* We are finally cleared for take-off with this router. Clear the the flag | |
1786 | that records that a local host was removed from a routed host list. Make a | |
1787 | copy of relevant fields in the password information from check_local_user, | |
1788 | because it will be overwritten if check_local_user is invoked again while | |
1789 | verifying an errors_address setting. */ | |
1790 | ||
1791 | clearflag(addr, af_local_host_removed); | |
1792 | ||
9cd12950 | 1793 | if (pw) |
059ec3d9 PH |
1794 | { |
1795 | pwcopy.pw_name = CS string_copy(US pw->pw_name); | |
1796 | pwcopy.pw_uid = pw->pw_uid; | |
1797 | pwcopy.pw_gid = pw->pw_gid; | |
1798 | pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos); | |
1799 | pwcopy.pw_dir = CS string_copy(US pw->pw_dir); | |
1800 | pwcopy.pw_shell = CS string_copy(US pw->pw_shell); | |
1801 | pw = &pwcopy; | |
1802 | } | |
1803 | ||
ea97267c | 1804 | /* If this should be the last hop for DSN flag the addr. */ |
9cd12950 JH |
1805 | |
1806 | if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop)) | |
98c82a3d | 1807 | { |
6c1c3d1d WB |
1808 | addr->dsn_flags |= rf_dsnlasthop; |
1809 | HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address); | |
98c82a3d | 1810 | } |
6c1c3d1d | 1811 | |
ea97267c JH |
1812 | /* Run the router, and handle the consequences. */ |
1813 | ||
059ec3d9 PH |
1814 | HDEBUG(D_route) debug_printf("calling %s router\n", r->name); |
1815 | ||
fd6de02e PH |
1816 | yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote, |
1817 | addr_new, addr_succeed); | |
059ec3d9 | 1818 | |
2a47f028 JH |
1819 | router_name = NULL; |
1820 | ||
059ec3d9 PH |
1821 | if (yield == FAIL) |
1822 | { | |
1823 | HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name); | |
1824 | goto ROUTE_EXIT; | |
1825 | } | |
1826 | ||
1827 | /* If succeeded while verifying but fail_verify is set, convert into | |
1828 | a failure, and take it off the local or remote delivery list. */ | |
1829 | ||
f3ebb786 JH |
1830 | if ( ( verify == v_sender && r->fail_verify_sender |
1831 | || verify == v_recipient && r->fail_verify_recipient | |
1832 | ) | |
1833 | && (yield == OK || yield == PASS)) | |
059ec3d9 PH |
1834 | { |
1835 | addr->message = string_sprintf("%s router forced verify failure", r->name); | |
1836 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1837 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1838 | yield = FAIL; | |
1839 | goto ROUTE_EXIT; | |
1840 | } | |
1841 | ||
1842 | /* PASS and DECLINE are the only two cases where the loop continues. For all | |
1843 | other returns, we break the loop and handle the result below. */ | |
1844 | ||
1845 | if (yield != PASS && yield != DECLINE) break; | |
1846 | ||
1847 | HDEBUG(D_route) | |
1848 | { | |
1849 | debug_printf("%s router %s for %s\n", r->name, | |
f3ebb786 | 1850 | yield == PASS ? "passed" : "declined", addr->address); |
059ec3d9 PH |
1851 | if (Ustrcmp(old_domain, addr->domain) != 0) |
1852 | debug_printf("domain %s rewritten\n", old_domain); | |
1853 | } | |
1854 | ||
1855 | /* PASS always continues to another router; DECLINE does so if "more" | |
1856 | is true. Initialization insists that pass_router is always a following | |
1857 | router. Otherwise, break the loop as if at the end of the routers. */ | |
1858 | ||
1859 | if (yield == PASS) | |
1860 | { | |
1861 | if (r->pass_router != NULL) nextr = r->pass_router; | |
1862 | } | |
1863 | else | |
1864 | { | |
1865 | /* Expand "more" if necessary */ | |
1866 | ||
9c695f6d JH |
1867 | yield = exp_bool(addr, US"router", r->name, D_route, |
1868 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1869 | if (yield != OK) goto ROUTE_EXIT; |
1870 | ||
1871 | if (!more) | |
1872 | { | |
1873 | HDEBUG(D_route) | |
1874 | debug_printf("\"more\" is false: skipping remaining routers\n"); | |
1875 | r = NULL; | |
1876 | break; | |
1877 | } | |
1878 | } | |
1879 | } /* Loop for all routers */ | |
1880 | ||
1881 | /* On exit from the routers loop, if r == NULL we have run out of routers, | |
1882 | either genuinely, or as a result of no_more. Otherwise, the loop ended | |
1883 | prematurely, either because a router succeeded, or because of some special | |
1884 | router response. Note that FAIL errors and errors detected before actually | |
1885 | running a router go direct to ROUTE_EXIT from code above. */ | |
1886 | ||
9cd12950 | 1887 | if (!r) |
059ec3d9 PH |
1888 | { |
1889 | HDEBUG(D_route) debug_printf("no more routers\n"); | |
9cd12950 | 1890 | if (!addr->message) |
059ec3d9 PH |
1891 | { |
1892 | uschar *message = US"Unrouteable address"; | |
9cd12950 | 1893 | if (addr->router && addr->router->cannot_route_message) |
059ec3d9 PH |
1894 | { |
1895 | uschar *expmessage = expand_string(addr->router->cannot_route_message); | |
9cd12950 | 1896 | if (!expmessage) |
059ec3d9 | 1897 | { |
8768d548 | 1898 | if (!f.expand_string_forcedfail) |
059ec3d9 PH |
1899 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " |
1900 | "cannot_route_message in %s router: %s", addr->router->name, | |
1901 | expand_string_message); | |
1902 | } | |
1903 | else message = expmessage; | |
1904 | } | |
1905 | addr->user_message = addr->message = message; | |
1906 | } | |
1907 | addr->router = NULL; /* For logging */ | |
1908 | yield = FAIL; | |
1909 | goto ROUTE_EXIT; | |
1910 | } | |
1911 | ||
1912 | if (yield == DEFER) | |
1913 | { | |
f3ebb786 JH |
1914 | HDEBUG(D_route) debug_printf("%s router: defer for %s\n message: %s\n", |
1915 | r->name, addr->address, addr->message ? addr->message : US"<none>"); | |
059ec3d9 PH |
1916 | goto ROUTE_EXIT; |
1917 | } | |
1918 | ||
1919 | if (yield == DISCARD) goto ROUTE_EXIT; | |
1920 | ||
1921 | /* The yield must be either OK or REROUTED. */ | |
1922 | ||
1923 | if (yield != OK && yield != REROUTED) | |
1924 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d", | |
1925 | r->name, yield); | |
1926 | ||
1927 | /* If the yield was REROUTED, the router put a child address on the new chain | |
1928 | as a result of a domain change of some sort (widening, typically). */ | |
1929 | ||
1930 | if (yield == REROUTED) | |
1931 | { | |
1932 | HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address); | |
1933 | yield = OK; | |
1934 | goto ROUTE_EXIT; | |
1935 | } | |
1936 | ||
1937 | /* The only remaining possibility is that the router succeeded. If the | |
1938 | translate_ip_address options is set and host addresses were associated with the | |
1939 | address, run them through the translation. This feature is for weird and | |
1940 | wonderful situations (the amateur packet radio people need it) or very broken | |
1941 | networking, so it is included in the binary only if requested. */ | |
1942 | ||
1943 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS | |
1944 | ||
9cd12950 | 1945 | if (r->translate_ip_address) |
059ec3d9 PH |
1946 | { |
1947 | int rc; | |
1948 | int old_pool = store_pool; | |
d7978c0f | 1949 | for (host_item * h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
1950 | { |
1951 | uschar *newaddress; | |
1952 | uschar *oldaddress, *oldname; | |
1953 | ||
9cd12950 | 1954 | if (!h->address) continue; |
059ec3d9 PH |
1955 | |
1956 | deliver_host_address = h->address; | |
1957 | newaddress = expand_string(r->translate_ip_address); | |
1958 | deliver_host_address = NULL; | |
1959 | ||
9cd12950 | 1960 | if (!newaddress) |
059ec3d9 | 1961 | { |
8768d548 | 1962 | if (f.expand_string_forcedfail) continue; |
059ec3d9 PH |
1963 | addr->basic_errno = ERRNO_EXPANDFAIL; |
1964 | addr->message = string_sprintf("translate_ip_address expansion " | |
1965 | "failed: %s", expand_string_message); | |
1966 | yield = DEFER; | |
1967 | goto ROUTE_EXIT; | |
1968 | } | |
1969 | ||
1970 | DEBUG(D_route) debug_printf("%s [%s] translated to %s\n", | |
1971 | h->name, h->address, newaddress); | |
7e66e54d | 1972 | if (string_is_ip_address(newaddress, NULL) != 0) |
059ec3d9 PH |
1973 | { |
1974 | h->address = newaddress; | |
1975 | continue; | |
1976 | } | |
1977 | ||
1978 | oldname = h->name; | |
1979 | oldaddress = h->address; | |
1980 | h->name = newaddress; | |
1981 | h->address = NULL; | |
1982 | h->mx = MX_NONE; | |
1983 | ||
1984 | store_pool = POOL_PERM; | |
322050c2 | 1985 | rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE); |
059ec3d9 PH |
1986 | store_pool = old_pool; |
1987 | ||
1988 | if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) | |
1989 | { | |
1990 | addr->basic_errno = ERRNO_UNKNOWNHOST; | |
1991 | addr->message = string_sprintf("host %s not found when " | |
1992 | "translating %s [%s]", h->name, oldname, oldaddress); | |
1993 | yield = DEFER; | |
1994 | goto ROUTE_EXIT; | |
1995 | } | |
1996 | } | |
1997 | } | |
1998 | #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */ | |
1999 | ||
2000 | /* See if this is an unseen routing; first expand the option if necessary. | |
2001 | DEFER can be given if the expansion fails */ | |
2002 | ||
9c695f6d JH |
2003 | yield = exp_bool(addr, US"router", r->name, D_route, |
2004 | US"unseen", r->unseen, r->expand_unseen, &unseen); | |
059ec3d9 PH |
2005 | if (yield != OK) goto ROUTE_EXIT; |
2006 | ||
059ec3d9 PH |
2007 | /* Debugging output recording a successful routing */ |
2008 | ||
9cd12950 | 2009 | HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name, |
059ec3d9 | 2010 | unseen? " (unseen)" : ""); |
059ec3d9 PH |
2011 | |
2012 | DEBUG(D_route) | |
2013 | { | |
059ec3d9 | 2014 | debug_printf(" envelope to: %s\n", addr->address); |
d7978c0f JH |
2015 | debug_printf(" transport: %s\n", addr->transport |
2016 | ? addr->transport->name : US"<none>"); | |
059ec3d9 | 2017 | |
9cd12950 | 2018 | if (addr->prop.errors_address) |
d43cbe25 | 2019 | debug_printf(" errors to %s\n", addr->prop.errors_address); |
059ec3d9 | 2020 | |
d7978c0f | 2021 | for (host_item * h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
2022 | { |
2023 | debug_printf(" host %s", h->name); | |
9cd12950 | 2024 | if (h->address) debug_printf(" [%s]", h->address); |
059ec3d9 PH |
2025 | if (h->mx >= 0) debug_printf(" MX=%d", h->mx); |
2026 | else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx); | |
2027 | if (h->port != PORT_NONE) debug_printf(" port=%d", h->port); | |
805c9d53 | 2028 | if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no"); |
059ec3d9 PH |
2029 | debug_printf("\n"); |
2030 | } | |
2031 | } | |
2032 | ||
2033 | /* Clear any temporary error message set by a router that declined, and handle | |
2034 | the "unseen" option (ignore if there are no further routers). */ | |
2035 | ||
2036 | addr->message = NULL; | |
9cd12950 | 2037 | if (unseen && r->next) |
059ec3d9 PH |
2038 | route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new); |
2039 | ||
2040 | /* Unset the address expansions, and return the final result. */ | |
2041 | ||
2042 | ROUTE_EXIT: | |
f42deca9 JH |
2043 | if (yield == DEFER && addr->message) |
2044 | addr->message = expand_hide_passwords(addr->message); | |
76aa570c | 2045 | |
059ec3d9 | 2046 | deliver_set_expansions(NULL); |
2a47f028 | 2047 | router_name = NULL; |
8768d548 | 2048 | f.disable_logging = FALSE; |
059ec3d9 PH |
2049 | return yield; |
2050 | } | |
2051 | ||
d185889f | 2052 | #endif /*!MACRO_PREDEF*/ |
059ec3d9 | 2053 | /* End of route.c */ |