Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
3386088d | 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
0756eb3c PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | #include "../exim.h" | |
9 | #include "rf_functions.h" | |
10 | #include "queryprogram.h" | |
11 | ||
12 | ||
13 | ||
14 | /* Options specific to the queryprogram router. */ | |
15 | ||
16 | optionlist queryprogram_router_options[] = { | |
17 | { "*expand_command_group", opt_bool | opt_hidden, | |
18 | (void *)(offsetof(queryprogram_router_options_block, expand_cmd_gid)) }, | |
19 | { "*expand_command_user", opt_bool | opt_hidden, | |
20 | (void *)(offsetof(queryprogram_router_options_block, expand_cmd_uid)) }, | |
21 | { "*set_command_group", opt_bool | opt_hidden, | |
22 | (void *)(offsetof(queryprogram_router_options_block, cmd_gid_set)) }, | |
23 | { "*set_command_user", opt_bool | opt_hidden, | |
24 | (void *)(offsetof(queryprogram_router_options_block, cmd_uid_set)) }, | |
25 | { "command", opt_stringptr, | |
26 | (void *)(offsetof(queryprogram_router_options_block, command)) }, | |
27 | { "command_group",opt_expand_gid, | |
28 | (void *)(offsetof(queryprogram_router_options_block, cmd_gid)) }, | |
29 | { "command_user", opt_expand_uid, | |
30 | (void *)(offsetof(queryprogram_router_options_block, cmd_uid)) }, | |
31 | { "current_directory", opt_stringptr, | |
32 | (void *)(offsetof(queryprogram_router_options_block, current_directory)) }, | |
33 | { "timeout", opt_time, | |
34 | (void *)(offsetof(queryprogram_router_options_block, timeout)) } | |
35 | }; | |
36 | ||
37 | /* Size of the options list. An extern variable has to be used so that its | |
38 | address can appear in the tables drtables.c. */ | |
39 | ||
40 | int queryprogram_router_options_count = | |
41 | sizeof(queryprogram_router_options)/sizeof(optionlist); | |
42 | ||
43 | /* Default private options block for the queryprogram router. */ | |
44 | ||
45 | queryprogram_router_options_block queryprogram_router_option_defaults = { | |
46 | NULL, /* command */ | |
47 | 60*60, /* timeout */ | |
48 | (uid_t)(-1), /* cmd_uid */ | |
49 | (gid_t)(-1), /* cmd_gid */ | |
50 | FALSE, /* cmd_uid_set */ | |
51 | FALSE, /* cmd_gid_set */ | |
52 | US"/", /* current_directory */ | |
53 | NULL, /* expand_cmd_gid */ | |
54 | NULL /* expand_cmd_uid */ | |
55 | }; | |
56 | ||
57 | ||
58 | ||
59 | /************************************************* | |
60 | * Initialization entry point * | |
61 | *************************************************/ | |
62 | ||
63 | /* Called for each instance, after its options have been read, to enable | |
64 | consistency checks to be done, or anything else that needs to be set up. */ | |
65 | ||
66 | void | |
67 | queryprogram_router_init(router_instance *rblock) | |
68 | { | |
69 | queryprogram_router_options_block *ob = | |
70 | (queryprogram_router_options_block *)(rblock->options_block); | |
71 | ||
72 | /* A command must be given */ | |
73 | ||
74 | if (ob->command == NULL) | |
75 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
76 | "a command specification is required", rblock->name); | |
77 | ||
78 | /* A uid/gid must be supplied */ | |
79 | ||
80 | if (!ob->cmd_uid_set && ob->expand_cmd_uid == NULL) | |
81 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
82 | "command_user must be specified", rblock->name); | |
83 | } | |
84 | ||
85 | ||
86 | ||
87 | /************************************************* | |
88 | * Process a set of generated new addresses * | |
89 | *************************************************/ | |
90 | ||
91 | /* This function sets up a set of newly generated child addresses and puts them | |
92 | on the new address chain. | |
93 | ||
94 | Arguments: | |
95 | rblock router block | |
96 | addr_new new address chain | |
97 | addr original address | |
98 | generated list of generated addresses | |
99 | addr_prop the propagated data block, containing errors_to, | |
100 | header change stuff, and address_data | |
101 | ||
102 | Returns: nothing | |
103 | */ | |
104 | ||
105 | static void | |
106 | add_generated(router_instance *rblock, address_item **addr_new, | |
107 | address_item *addr, address_item *generated, | |
108 | address_item_propagated *addr_prop) | |
109 | { | |
110 | while (generated != NULL) | |
111 | { | |
112 | address_item *next = generated; | |
113 | generated = next->next; | |
114 | ||
115 | next->parent = addr; | |
116 | orflag(next, addr, af_propagate); | |
d43cbe25 | 117 | next->prop = *addr_prop; |
0756eb3c PH |
118 | next->start_router = rblock->redirect_router; |
119 | ||
120 | next->next = *addr_new; | |
121 | *addr_new = next; | |
122 | ||
4362ff0d PH |
123 | if (addr->child_count == SHRT_MAX) |
124 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " | |
125 | "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address); | |
0756eb3c PH |
126 | addr->child_count++; |
127 | ||
128 | DEBUG(D_route) | |
129 | debug_printf("%s router generated %s\n", rblock->name, next->address); | |
130 | } | |
131 | } | |
132 | ||
133 | ||
134 | ||
135 | ||
136 | /************************************************* | |
137 | * Main entry point * | |
138 | *************************************************/ | |
139 | ||
140 | /* See local README for interface details. This router returns: | |
141 | ||
142 | DECLINE | |
143 | . DECLINE returned | |
144 | . self = DECLINE | |
145 | ||
146 | PASS | |
147 | . PASS returned | |
148 | . timeout of host lookup and pass_on_timeout set | |
149 | . self = PASS | |
150 | ||
151 | DEFER | |
152 | . verifying the errors address caused a deferment or a big disaster such | |
153 | as an expansion failure (rf_get_errors_address) | |
154 | . expanding a headers_{add,remove} string caused a deferment or another | |
155 | expansion error (rf_get_munge_headers) | |
156 | . a problem in rf_get_transport: no transport when one is needed; | |
157 | failed to expand dynamic transport; failed to find dynamic transport | |
158 | . bad lookup type | |
159 | . problem looking up host (rf_lookup_hostlist) | |
160 | . self = DEFER or FREEZE | |
161 | . failure to set up uid/gid for running the command | |
162 | . failure of transport_set_up_command: too many arguments, expansion fail | |
163 | . failure to create child process | |
164 | . child process crashed or timed out or didn't return data | |
165 | . :defer: in data | |
166 | . DEFER or FREEZE returned | |
167 | . problem in redirection data | |
168 | . unknown transport name or trouble expanding router transport | |
169 | ||
170 | FAIL | |
171 | . :fail: in data | |
172 | . FAIL returned | |
173 | . self = FAIL | |
174 | ||
175 | OK | |
176 | . address added to addr_local or addr_remote for delivery | |
177 | . new addresses added to addr_new | |
178 | */ | |
179 | ||
180 | int | |
181 | queryprogram_router_entry( | |
182 | router_instance *rblock, /* data for this instantiation */ | |
183 | address_item *addr, /* address we are working on */ | |
184 | struct passwd *pw, /* passwd entry after check_local_user */ | |
fd6de02e | 185 | int verify, /* v_none/v_recipient/v_sender/v_expn */ |
0756eb3c PH |
186 | address_item **addr_local, /* add it to this if it's local */ |
187 | address_item **addr_remote, /* add it to this if it's remote */ | |
188 | address_item **addr_new, /* put new addresses on here */ | |
189 | address_item **addr_succeed) /* put old address here on success */ | |
190 | { | |
191 | int fd_in, fd_out, len, rc; | |
192 | pid_t pid; | |
193 | struct passwd *upw = NULL; | |
194 | uschar buffer[1024]; | |
55414b25 | 195 | const uschar **argvptr; |
0756eb3c PH |
196 | uschar *rword, *rdata, *s; |
197 | address_item_propagated addr_prop; | |
198 | queryprogram_router_options_block *ob = | |
199 | (queryprogram_router_options_block *)(rblock->options_block); | |
200 | uschar *current_directory = ob->current_directory; | |
201 | ugid_block ugid; | |
59e82a2a PH |
202 | uid_t curr_uid = getuid(); |
203 | gid_t curr_gid = getgid(); | |
0756eb3c PH |
204 | uid_t uid = ob->cmd_uid; |
205 | gid_t gid = ob->cmd_gid; | |
59e82a2a PH |
206 | uid_t *puid = &uid; |
207 | gid_t *pgid = &gid; | |
0756eb3c PH |
208 | |
209 | DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n", | |
210 | rblock->name, addr->address, addr->domain); | |
211 | ||
212 | ugid.uid_set = ugid.gid_set = FALSE; | |
213 | ||
214 | /* Set up the propagated data block with the current address_data and the | |
215 | errors address and extra header stuff. */ | |
216 | ||
217 | addr_prop.address_data = deliver_address_data; | |
218 | ||
d43cbe25 | 219 | rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address); |
0756eb3c PH |
220 | if (rc != OK) return rc; |
221 | ||
d43cbe25 JH |
222 | rc = rf_get_munge_headers(addr, rblock, &addr_prop.extra_headers, |
223 | &addr_prop.remove_headers); | |
0756eb3c PH |
224 | if (rc != OK) return rc; |
225 | ||
226 | /* Get the fixed or expanded uid under which the command is to run | |
227 | (initialization ensures that one or the other is set). */ | |
228 | ||
229 | if (!ob->cmd_uid_set) | |
230 | { | |
231 | if (!route_find_expanded_user(ob->expand_cmd_uid, rblock->name, US"router", | |
232 | &upw, &uid, &(addr->message))) | |
233 | return DEFER; | |
234 | } | |
235 | ||
236 | /* Get the fixed or expanded gid, or take the gid from the passwd entry. */ | |
237 | ||
238 | if (!ob->cmd_gid_set) | |
239 | { | |
240 | if (ob->expand_cmd_gid != NULL) | |
241 | { | |
242 | if (route_find_expanded_group(ob->expand_cmd_gid, rblock->name, | |
243 | US"router", &gid, &(addr->message))) | |
244 | return DEFER; | |
245 | } | |
246 | else if (upw != NULL) | |
247 | { | |
248 | gid = upw->pw_gid; | |
249 | } | |
250 | else | |
251 | { | |
252 | addr->message = string_sprintf("command_user set without command_group " | |
253 | "for %s router", rblock->name); | |
254 | return DEFER; | |
255 | } | |
256 | } | |
257 | ||
59e82a2a | 258 | DEBUG(D_route) debug_printf("requires uid=%ld gid=%ld current_directory=%s\n", |
0756eb3c PH |
259 | (long int)uid, (long int)gid, current_directory); |
260 | ||
59e82a2a PH |
261 | /* If we are not running as root, we will not be able to change uid/gid. */ |
262 | ||
263 | if (curr_uid != root_uid && (uid != curr_uid || gid != curr_gid)) | |
264 | { | |
265 | DEBUG(D_route) | |
266 | { | |
267 | debug_printf("not running as root: cannot change uid/gid\n"); | |
268 | debug_printf("subprocess will run with uid=%ld gid=%ld\n", | |
269 | (long int)curr_uid, (long int)curr_gid); | |
270 | } | |
271 | puid = pgid = NULL; | |
272 | } | |
273 | ||
274 | /* Set up the command to run */ | |
275 | ||
0756eb3c PH |
276 | if (!transport_set_up_command(&argvptr, /* anchor for arg list */ |
277 | ob->command, /* raw command */ | |
278 | TRUE, /* expand the arguments */ | |
279 | 0, /* not relevant when... */ | |
280 | NULL, /* no transporting address */ | |
281 | US"queryprogram router", /* for error messages */ | |
282 | &(addr->message))) /* where to put error message */ | |
283 | { | |
284 | return DEFER; | |
285 | } | |
286 | ||
287 | /* Create the child process, making it a group leader. */ | |
288 | ||
59e82a2a | 289 | pid = child_open_uid(argvptr, NULL, 0077, puid, pgid, &fd_in, &fd_out, |
0756eb3c PH |
290 | current_directory, TRUE); |
291 | ||
292 | if (pid < 0) | |
293 | { | |
294 | addr->message = string_sprintf("%s router couldn't create child process: %s", | |
295 | rblock->name, strerror(errno)); | |
296 | return DEFER; | |
297 | } | |
298 | ||
299 | /* Nothing is written to the standard input. */ | |
300 | ||
f1e894f3 | 301 | (void)close(fd_in); |
0756eb3c PH |
302 | |
303 | /* Wait for the process to finish, applying the timeout, and inspect its return | |
304 | code. */ | |
305 | ||
306 | if ((rc = child_close(pid, ob->timeout)) != 0) | |
307 | { | |
308 | if (rc > 0) | |
309 | addr->message = string_sprintf("%s router: command returned non-zero " | |
310 | "code %d", rblock->name, rc); | |
311 | ||
312 | else if (rc == -256) | |
313 | { | |
314 | addr->message = string_sprintf("%s router: command timed out", | |
315 | rblock->name); | |
316 | killpg(pid, SIGKILL); /* Kill the whole process group */ | |
317 | } | |
318 | ||
319 | else if (rc == -257) | |
320 | addr->message = string_sprintf("%s router: wait() failed: %s", | |
321 | rblock->name, strerror(errno)); | |
322 | ||
323 | else | |
324 | addr->message = string_sprintf("%s router: command killed by signal %d", | |
325 | rblock->name, -rc); | |
326 | ||
327 | return DEFER; | |
328 | } | |
329 | ||
330 | /* Read the pipe to get the command's output, and then close it. */ | |
331 | ||
332 | len = read(fd_out, buffer, sizeof(buffer) - 1); | |
f1e894f3 | 333 | (void)close(fd_out); |
0756eb3c PH |
334 | |
335 | /* Failure to return any data is an error. */ | |
336 | ||
337 | if (len <= 0) | |
338 | { | |
339 | addr->message = string_sprintf("%s router: command failed to return data", | |
340 | rblock->name); | |
341 | return DEFER; | |
342 | } | |
343 | ||
344 | /* Get rid of leading and trailing white space, and pick off the first word of | |
345 | the result. */ | |
346 | ||
347 | while (len > 0 && isspace(buffer[len-1])) len--; | |
348 | buffer[len] = 0; | |
349 | ||
350 | DEBUG(D_route) debug_printf("command wrote: %s\n", buffer); | |
351 | ||
352 | rword = buffer; | |
353 | while (isspace(*rword)) rword++; | |
354 | rdata = rword; | |
355 | while (*rdata != 0 && !isspace(*rdata)) rdata++; | |
356 | if (*rdata != 0) *rdata++ = 0; | |
357 | ||
358 | /* The word must be a known yield name. If it is "REDIRECT", the rest of the | |
359 | line is redirection data, as for a .forward file. It may not contain filter | |
360 | data, and it may not contain anything other than addresses (no files, no pipes, | |
361 | no specials). */ | |
362 | ||
363 | if (strcmpic(rword, US"REDIRECT") == 0) | |
364 | { | |
365 | int filtertype; | |
366 | redirect_block redirect; | |
367 | address_item *generated = NULL; | |
368 | ||
369 | redirect.string = rdata; | |
370 | redirect.isfile = FALSE; | |
371 | ||
372 | rc = rda_interpret(&redirect, /* redirection data */ | |
373 | RDO_BLACKHOLE | /* forbid :blackhole: */ | |
374 | RDO_FAIL | /* forbid :fail: */ | |
375 | RDO_INCLUDE | /* forbid :include: */ | |
376 | RDO_REWRITE, /* rewrite generated addresses */ | |
377 | NULL, /* :include: directory not relevant */ | |
378 | NULL, /* sieve vacation directory not relevant */ | |
efd9a422 | 379 | NULL, /* sieve enotify mailto owner not relevant */ |
e4a89c47 PH |
380 | NULL, /* sieve useraddress not relevant */ |
381 | NULL, /* sieve subaddress not relevant */ | |
0756eb3c PH |
382 | &ugid, /* uid/gid (but not set) */ |
383 | &generated, /* where to hang the results */ | |
384 | &(addr->message), /* where to put messages */ | |
385 | NULL, /* don't skip syntax errors */ | |
386 | &filtertype, /* not used; will always be FILTER_FORWARD */ | |
387 | string_sprintf("%s router", rblock->name)); | |
388 | ||
389 | switch (rc) | |
390 | { | |
391 | /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands. | |
392 | If a configured message was supplied, allow it to be included in an SMTP | |
393 | response after verifying. */ | |
394 | ||
395 | case FF_DEFER: | |
396 | if (addr->message == NULL) addr->message = US"forced defer"; | |
397 | else addr->user_message = addr->message; | |
398 | return DEFER; | |
399 | ||
400 | case FF_FAIL: | |
401 | add_generated(rblock, addr_new, addr, generated, &addr_prop); | |
402 | if (addr->message == NULL) addr->message = US"forced rejection"; | |
403 | else addr->user_message = addr->message; | |
404 | return FAIL; | |
405 | ||
406 | case FF_DELIVERED: | |
407 | break; | |
408 | ||
409 | case FF_NOTDELIVERED: /* an empty redirection list is bad */ | |
410 | addr->message = US"no addresses supplied"; | |
411 | /* Fall through */ | |
412 | ||
413 | case FF_ERROR: | |
414 | default: | |
415 | addr->basic_errno = ERRNO_BADREDIRECT; | |
416 | addr->message = string_sprintf("error in redirect data: %s", addr->message); | |
417 | return DEFER; | |
418 | } | |
419 | ||
420 | /* Handle the generated addresses, if any. */ | |
421 | ||
422 | add_generated(rblock, addr_new, addr, generated, &addr_prop); | |
423 | ||
424 | /* Put the original address onto the succeed queue so that any retry items | |
425 | that get attached to it get processed. */ | |
426 | ||
427 | addr->next = *addr_succeed; | |
428 | *addr_succeed = addr; | |
429 | ||
430 | return OK; | |
431 | } | |
432 | ||
433 | /* Handle other returns that are not ACCEPT */ | |
434 | ||
435 | if (strcmpic(rword, US"accept") != 0) | |
436 | { | |
437 | if (strcmpic(rword, US"decline") == 0) return DECLINE; | |
438 | if (strcmpic(rword, US"pass") == 0) return PASS; | |
439 | addr->message = string_copy(rdata); /* data is a message */ | |
447d236c PH |
440 | if (strcmpic(rword, US"fail") == 0) |
441 | { | |
442 | setflag(addr, af_pass_message); | |
443 | return FAIL; | |
444 | } | |
0756eb3c PH |
445 | if (strcmpic(rword, US"freeze") == 0) addr->special_action = SPECIAL_FREEZE; |
446 | else if (strcmpic(rword, US"defer") != 0) | |
447 | { | |
448 | addr->message = string_sprintf("bad command yield: %s %s", rword, rdata); | |
449 | log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message); | |
450 | } | |
451 | return DEFER; | |
452 | } | |
453 | ||
454 | /* The command yielded "ACCEPT". The rest of the string is a number of keyed | |
455 | fields from which we can fish out values using the "extract" expansion | |
456 | function. To use this feature, we must put the string into the $value variable, | |
457 | i.e. set lookup_value. */ | |
458 | ||
459 | lookup_value = rdata; | |
460 | s = expand_string(US"${extract{data}{$value}}"); | |
461 | if (*s != 0) addr_prop.address_data = string_copy(s); | |
462 | ||
463 | s = expand_string(US"${extract{transport}{$value}}"); | |
464 | lookup_value = NULL; | |
465 | ||
466 | /* If we found a transport name, find the actual transport */ | |
467 | ||
468 | if (*s != 0) | |
469 | { | |
470 | transport_instance *transport; | |
471 | for (transport = transports; transport != NULL; transport = transport->next) | |
472 | if (Ustrcmp(transport->name, s) == 0) break; | |
473 | if (transport == NULL) | |
474 | { | |
475 | addr->message = string_sprintf("unknown transport name %s yielded by " | |
476 | "command", s); | |
477 | log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message); | |
478 | return DEFER; | |
479 | } | |
480 | addr->transport = transport; | |
481 | } | |
482 | ||
483 | /* No transport given; get the transport from the router configuration. It may | |
484 | be fixed or expanded, but there will be an error if it is unset, requested by | |
485 | the last argument not being NULL. */ | |
486 | ||
487 | else | |
488 | { | |
489 | if (!rf_get_transport(rblock->transport_name, &(rblock->transport), addr, | |
490 | rblock->name, US"transport")) | |
491 | return DEFER; | |
492 | addr->transport = rblock->transport; | |
493 | } | |
494 | ||
495 | /* See if a host list is given, and if so, look up the addresses. */ | |
496 | ||
497 | lookup_value = rdata; | |
498 | s = expand_string(US"${extract{hosts}{$value}}"); | |
499 | ||
500 | if (*s != 0) | |
501 | { | |
502 | int lookup_type = lk_default; | |
503 | uschar *ss = expand_string(US"${extract{lookup}{$value}}"); | |
504 | lookup_value = NULL; | |
505 | ||
506 | if (*ss != 0) | |
507 | { | |
508 | if (Ustrcmp(ss, "byname") == 0) lookup_type = lk_byname; | |
509 | else if (Ustrcmp(ss, "bydns") == 0) lookup_type = lk_bydns; | |
510 | else | |
511 | { | |
512 | addr->message = string_sprintf("bad lookup type \"%s\" yielded by " | |
513 | "command", ss); | |
514 | log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message); | |
515 | return DEFER; | |
516 | } | |
517 | } | |
518 | ||
519 | host_build_hostlist(&(addr->host_list), s, FALSE); /* pro tem no randomize */ | |
520 | ||
521 | rc = rf_lookup_hostlist(rblock, addr, rblock->ignore_target_hosts, | |
522 | lookup_type, hff_defer, addr_new); | |
523 | if (rc != OK) return rc; | |
524 | } | |
525 | lookup_value = NULL; | |
526 | ||
527 | /* Put the errors address, extra headers, and address_data into this address */ | |
528 | ||
d43cbe25 | 529 | addr->prop = addr_prop; |
0756eb3c PH |
530 | |
531 | /* Queue the address for local or remote delivery. */ | |
532 | ||
533 | return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)? | |
534 | OK : DEFER; | |
535 | } | |
536 | ||
537 | /* End of routers/queryprogram.c */ |