[exim.git] / src / src / routers / queryprogram.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2016 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "rf_functions.h"
#include "queryprogram.h"


/* Options specific to the queryprogram router. */

optionlist queryprogram_router_options[] = {
  { "*expand_command_group", opt_bool | opt_hidden,
      (void *)(offsetof(queryprogram_router_options_block, expand_cmd_gid)) },
  { "*expand_command_user", opt_bool | opt_hidden,
      (void *)(offsetof(queryprogram_router_options_block, expand_cmd_uid)) },
  { "*set_command_group",   opt_bool | opt_hidden,
      (void *)(offsetof(queryprogram_router_options_block, cmd_gid_set)) },
  { "*set_command_user",    opt_bool | opt_hidden,
      (void *)(offsetof(queryprogram_router_options_block, cmd_uid_set)) },
  { "command",      opt_stringptr,
      (void *)(offsetof(queryprogram_router_options_block, command)) },
  { "command_group",opt_expand_gid,
      (void *)(offsetof(queryprogram_router_options_block, cmd_gid)) },
  { "command_user", opt_expand_uid,
      (void *)(offsetof(queryprogram_router_options_block, cmd_uid)) },
  { "current_directory", opt_stringptr,
      (void *)(offsetof(queryprogram_router_options_block, current_directory)) },
  { "timeout",      opt_time,
      (void *)(offsetof(queryprogram_router_options_block, timeout)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int queryprogram_router_options_count =
  sizeof(queryprogram_router_options)/sizeof(optionlist);


#ifdef MACRO_PREDEF

/* Dummy entries */
queryprogram_router_options_block queryprogram_router_option_defaults = {0};
void queryprogram_router_init(router_instance *rblock) {}
int queryprogram_router_entry(router_instance *rblock, address_item *addr,
  struct passwd *pw, int verify, address_item **addr_local,
  address_item **addr_remote, address_item **addr_new,
  address_item **addr_succeed) {}

#else   /*!MACRO_PREDEF*/


/* Default private options block for the queryprogram router. */

queryprogram_router_options_block queryprogram_router_option_defaults = {
  NULL,         /* command */
  60*60,        /* timeout */
  (uid_t)(-1),  /* cmd_uid */
  (gid_t)(-1),  /* cmd_gid */
  FALSE,        /* cmd_uid_set */
  FALSE,        /* cmd_gid_set */
  US"/",        /* current_directory */
  NULL,         /* expand_cmd_gid */
  NULL          /* expand_cmd_uid */
};


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to enable
consistency checks to be done, or anything else that needs to be set up. */

void
queryprogram_router_init(router_instance *rblock)
{
queryprogram_router_options_block *ob =
  (queryprogram_router_options_block *)(rblock->options_block);

/* A command must be given */

if (ob->command == NULL)
  log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n  "
    "a command specification is required", rblock->name);

/* A uid/gid must be supplied */

if (!ob->cmd_uid_set && ob->expand_cmd_uid == NULL)
  log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n  "
    "command_user must be specified", rblock->name);
}


/*************************************************
*    Process a set of generated new addresses    *
*************************************************/

/* This function sets up a set of newly generated child addresses and puts them
on the new address chain.

Arguments:
  rblock                  router block
  addr_new                new address chain
  addr                    original address
  generated               list of generated addresses
  addr_prop               the propagated data block, containing errors_to,
                            header change stuff, and address_data

Returns:         nothing
*/

static void
add_generated(router_instance *rblock, address_item **addr_new,
  address_item *addr, address_item *generated,
  address_item_propagated *addr_prop)
{
while (generated != NULL)
  {
  address_item *next = generated;
  generated = next->next;

  next->parent = addr;
  orflag(next, addr, af_propagate);
  next->prop = *addr_prop;
  next->start_router = rblock->redirect_router;

  next->next = *addr_new;
  *addr_new = next;

  if (addr->child_count == USHRT_MAX)
    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
      "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
  addr->child_count++;

  DEBUG(D_route)
    debug_printf("%s router generated %s\n", rblock->name, next->address);
  }
}


/*************************************************
*              Main entry point                  *
*************************************************/

/* See local README for interface details. This router returns:

DECLINE
  . DECLINE returned
  . self = DECLINE

PASS
  . PASS returned
  . timeout of host lookup and pass_on_timeout set
  . self = PASS

DEFER
  . verifying the errors address caused a deferment or a big disaster such
      as an expansion failure (rf_get_errors_address)
  . expanding a headers_{add,remove} string caused a deferment or another
      expansion error (rf_get_munge_headers)
  . a problem in rf_get_transport: no transport when one is needed;
      failed to expand dynamic transport; failed to find dynamic transport
  . bad lookup type
  . problem looking up host (rf_lookup_hostlist)
  . self = DEFER or FREEZE
  . failure to set up uid/gid for running the command
  . failure of transport_set_up_command: too many arguments, expansion fail
  . failure to create child process
  . child process crashed or timed out or didn't return data
  . :defer: in data
  . DEFER or FREEZE returned
  . problem in redirection data
  . unknown transport name or trouble expanding router transport

FAIL
  . :fail: in data
  . FAIL returned
  . self = FAIL

OK
  . address added to addr_local or addr_remote for delivery
  . new addresses added to addr_new
*/

int
queryprogram_router_entry(
  router_instance *rblock,        /* data for this instantiation */
  address_item *addr,             /* address we are working on */
  struct passwd *pw,              /* passwd entry after check_local_user */
  int verify,                     /* v_none/v_recipient/v_sender/v_expn */
  address_item **addr_local,      /* add it to this if it's local */
  address_item **addr_remote,     /* add it to this if it's remote */
  address_item **addr_new,        /* put new addresses on here */
  address_item **addr_succeed)    /* put old address here on success */
{
int fd_in, fd_out, len, rc;
pid_t pid;
struct passwd *upw = NULL;
uschar buffer[1024];
const uschar **argvptr;
uschar *rword, *rdata, *s;
address_item_propagated addr_prop;
queryprogram_router_options_block *ob =
  (queryprogram_router_options_block *)(rblock->options_block);
uschar *current_directory = ob->current_directory;
ugid_block ugid;
uid_t curr_uid = getuid();
gid_t curr_gid = getgid();
uid_t uid = ob->cmd_uid;
gid_t gid = ob->cmd_gid;
uid_t *puid = &uid;
gid_t *pgid = &gid;

DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n",
  rblock->name, addr->address, addr->domain);

ugid.uid_set = ugid.gid_set = FALSE;

/* Set up the propagated data block with the current address_data and the
errors address and extra header stuff. */

bzero(&addr_prop, sizeof(addr_prop));
addr_prop.address_data = deliver_address_data;

rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address);
if (rc != OK) return rc;

rc = rf_get_munge_headers(addr, rblock, &addr_prop.extra_headers,
  &addr_prop.remove_headers);
if (rc != OK) return rc;

#ifdef EXPERIMENTAL_SRS
addr_prop.srs_sender = NULL;
#endif

/* Get the fixed or expanded uid under which the command is to run
(initialization ensures that one or the other is set). */

if (!ob->cmd_uid_set)
  {
  if (!route_find_expanded_user(ob->expand_cmd_uid, rblock->name, US"router",
      &upw, &uid, &(addr->message)))
    return DEFER;
  }

/* Get the fixed or expanded gid, or take the gid from the passwd entry. */

if (!ob->cmd_gid_set)
  {
  if (ob->expand_cmd_gid != NULL)
    {
    if (route_find_expanded_group(ob->expand_cmd_gid, rblock->name,
        US"router", &gid, &(addr->message)))
      return DEFER;
    }
  else if (upw != NULL)
    {
    gid = upw->pw_gid;
    }
  else
    {
    addr->message = string_sprintf("command_user set without command_group "
      "for %s router", rblock->name);
    return DEFER;
    }
  }

DEBUG(D_route) debug_printf("requires uid=%ld gid=%ld current_directory=%s\n",
  (long int)uid, (long int)gid, current_directory);

/* If we are not running as root, we will not be able to change uid/gid. */

if (curr_uid != root_uid && (uid != curr_uid || gid != curr_gid))
  {
  DEBUG(D_route)
    {
    debug_printf("not running as root: cannot change uid/gid\n");
    debug_printf("subprocess will run with uid=%ld gid=%ld\n",
      (long int)curr_uid, (long int)curr_gid);
    }
  puid = pgid = NULL;
  }

/* Set up the command to run */

if (!transport_set_up_command(&argvptr, /* anchor for arg list */
    ob->command,                        /* raw command */
    TRUE,                               /* expand the arguments */
    0,                                  /* not relevant when... */
    NULL,                               /* no transporting address */
    US"queryprogram router",            /* for error messages */
    &(addr->message)))                  /* where to put error message */
  {
  return DEFER;
  }

/* Create the child process, making it a group leader. */

pid = child_open_uid(argvptr, NULL, 0077, puid, pgid, &fd_in, &fd_out,
  current_directory, TRUE);

if (pid < 0)
  {
  addr->message = string_sprintf("%s router couldn't create child process: %s",
    rblock->name, strerror(errno));
  return DEFER;
  }

/* Nothing is written to the standard input. */

(void)close(fd_in);

/* Wait for the process to finish, applying the timeout, and inspect its return
code. */

if ((rc = child_close(pid, ob->timeout)) != 0)
  {
  if (rc > 0)
    addr->message = string_sprintf("%s router: command returned non-zero "
      "code %d", rblock->name, rc);

  else if (rc == -256)
    {
    addr->message = string_sprintf("%s router: command timed out",
      rblock->name);
    killpg(pid, SIGKILL);       /* Kill the whole process group */
    }

  else if (rc == -257)
    addr->message = string_sprintf("%s router: wait() failed: %s",
      rblock->name, strerror(errno));

  else
    addr->message = string_sprintf("%s router: command killed by signal %d",
      rblock->name, -rc);

  return DEFER;
  }

/* Read the pipe to get the command's output, and then close it. */

len = read(fd_out, buffer, sizeof(buffer) - 1);
(void)close(fd_out);

/* Failure to return any data is an error. */

if (len <= 0)
  {
  addr->message = string_sprintf("%s router: command failed to return data",
    rblock->name);
  return DEFER;
  }

/* Get rid of leading and trailing white space, and pick off the first word of
the result. */

while (len > 0 && isspace(buffer[len-1])) len--;
buffer[len] = 0;

DEBUG(D_route) debug_printf("command wrote: %s\n", buffer);

rword = buffer;
while (isspace(*rword)) rword++;
rdata = rword;
while (*rdata != 0 && !isspace(*rdata)) rdata++;
if (*rdata != 0) *rdata++ = 0;

/* The word must be a known yield name. If it is "REDIRECT", the rest of the
line is redirection data, as for a .forward file. It may not contain filter
data, and it may not contain anything other than addresses (no files, no pipes,
no specials). */

if (strcmpic(rword, US"REDIRECT") == 0)
  {
  int filtertype;
  redirect_block redirect;
  address_item *generated = NULL;

  redirect.string = rdata;
  redirect.isfile = FALSE;

  rc = rda_interpret(&redirect,  /* redirection data */
    RDO_BLACKHOLE |              /* forbid :blackhole: */
      RDO_FAIL    |              /* forbid :fail: */
      RDO_INCLUDE |              /* forbid :include: */
      RDO_REWRITE,               /* rewrite generated addresses */
    NULL,                        /* :include: directory not relevant */
    NULL,                        /* sieve vacation directory not relevant */
    NULL,                        /* sieve enotify mailto owner not relevant */
    NULL,                        /* sieve useraddress not relevant */
    NULL,                        /* sieve subaddress not relevant */
    &ugid,                       /* uid/gid (but not set) */
    &generated,                  /* where to hang the results */
    &(addr->message),            /* where to put messages */
    NULL,                        /* don't skip syntax errors */
    &filtertype,                 /* not used; will always be FILTER_FORWARD */
    string_sprintf("%s router", rblock->name));

  switch (rc)
    {
    /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands.
    If a configured message was supplied, allow it to be  included in an SMTP
    response after verifying. */

    case FF_DEFER:
    if (addr->message == NULL) addr->message = US"forced defer";
      else addr->user_message = addr->message;
    return DEFER;

    case FF_FAIL:
    add_generated(rblock, addr_new, addr, generated, &addr_prop);
    if (addr->message == NULL) addr->message = US"forced rejection";
      else addr->user_message = addr->message;
    return FAIL;

    case FF_DELIVERED:
    break;

    case FF_NOTDELIVERED:    /* an empty redirection list is bad */
    addr->message = US"no addresses supplied";
    /* Fall through */

    case FF_ERROR:
    default:
    addr->basic_errno = ERRNO_BADREDIRECT;
    addr->message = string_sprintf("error in redirect data: %s", addr->message);
    return DEFER;
    }

  /* Handle the generated addresses, if any. */

  add_generated(rblock, addr_new, addr, generated, &addr_prop);

  /* Put the original address onto the succeed queue so that any retry items
  that get attached to it get processed. */

  addr->next = *addr_succeed;
  *addr_succeed = addr;

  return OK;
  }

/* Handle other returns that are not ACCEPT */

if (strcmpic(rword, US"accept") != 0)
  {
  if (strcmpic(rword, US"decline") == 0) return DECLINE;
  if (strcmpic(rword, US"pass") == 0) return PASS;
  addr->message = string_copy(rdata);                /* data is a message */
  if (strcmpic(rword, US"fail") == 0)
    {
    setflag(addr, af_pass_message);
    return FAIL;
    }
  if (strcmpic(rword, US"freeze") == 0) addr->special_action = SPECIAL_FREEZE;
  else if (strcmpic(rword, US"defer") != 0)
    {
    addr->message = string_sprintf("bad command yield: %s %s", rword, rdata);
    log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
    }
  return DEFER;
  }

/* The command yielded "ACCEPT". The rest of the string is a number of keyed
fields from which we can fish out values using the "extract" expansion
function. To use this feature, we must put the string into the $value variable,
i.e. set lookup_value. */

lookup_value = rdata;
s = expand_string(US"${extract{data}{$value}}");
if (*s != 0) addr_prop.address_data = string_copy(s);

s = expand_string(US"${extract{transport}{$value}}");
lookup_value = NULL;

/* If we found a transport name, find the actual transport */

if (*s != 0)
  {
  transport_instance *transport;
  for (transport = transports; transport != NULL; transport = transport->next)
    if (Ustrcmp(transport->name, s) == 0) break;
  if (transport == NULL)
    {
    addr->message = string_sprintf("unknown transport name %s yielded by "
      "command", s);
    log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
    return DEFER;
    }
  addr->transport = transport;
  }

/* No transport given; get the transport from the router configuration. It may
be fixed or expanded, but there will be an error if it is unset, requested by
the last argument not being NULL. */

else
  {
  if (!rf_get_transport(rblock->transport_name, &(rblock->transport), addr,
       rblock->name, US"transport"))
    return DEFER;
  addr->transport = rblock->transport;
  }

/* See if a host list is given, and if so, look up the addresses. */

lookup_value = rdata;
s = expand_string(US"${extract{hosts}{$value}}");

if (*s != 0)
  {
  int lookup_type = lk_default;
  uschar *ss = expand_string(US"${extract{lookup}{$value}}");
  lookup_value = NULL;

  if (*ss != 0)
    {
    if (Ustrcmp(ss, "byname") == 0) lookup_type = lk_byname;
    else if (Ustrcmp(ss, "bydns") == 0) lookup_type = lk_bydns;
    else
      {
      addr->message = string_sprintf("bad lookup type \"%s\" yielded by "
        "command", ss);
      log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
      return DEFER;
      }
    }

  host_build_hostlist(&(addr->host_list), s, FALSE);  /* pro tem no randomize */

  rc = rf_lookup_hostlist(rblock, addr, rblock->ignore_target_hosts,
    lookup_type, hff_defer, addr_new);
  if (rc != OK) return rc;
  }
lookup_value = NULL;

/* Put the errors address, extra headers, and address_data into this address */

addr->prop = addr_prop;

/* Queue the address for local or remote delivery. */

return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)?
  OK : DEFER;
}

#endif   /*!MACRO_PREDEF*/
/* End of routers/queryprogram.c */
Commit	Line	Data
0756eb3c PH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
80fea873	5	/* Copyright (c) University of Cambridge 1995 - 2016 */
0756eb3c PH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9	#include "rf_functions.h"
	10	#include "queryprogram.h"
	11
	12
	13
	14	/* Options specific to the queryprogram router. */
	15
	16	optionlist queryprogram_router_options[] = {
	17	{ "*expand_command_group", opt_bool \| opt_hidden,
	18	(void *)(offsetof(queryprogram_router_options_block, expand_cmd_gid)) },
	19	{ "*expand_command_user", opt_bool \| opt_hidden,
	20	(void *)(offsetof(queryprogram_router_options_block, expand_cmd_uid)) },
	21	{ "*set_command_group", opt_bool \| opt_hidden,
	22	(void *)(offsetof(queryprogram_router_options_block, cmd_gid_set)) },
	23	{ "*set_command_user", opt_bool \| opt_hidden,
	24	(void *)(offsetof(queryprogram_router_options_block, cmd_uid_set)) },
	25	{ "command", opt_stringptr,
	26	(void *)(offsetof(queryprogram_router_options_block, command)) },
	27	{ "command_group",opt_expand_gid,
	28	(void *)(offsetof(queryprogram_router_options_block, cmd_gid)) },
	29	{ "command_user", opt_expand_uid,
	30	(void *)(offsetof(queryprogram_router_options_block, cmd_uid)) },
	31	{ "current_directory", opt_stringptr,
	32	(void *)(offsetof(queryprogram_router_options_block, current_directory)) },
	33	{ "timeout", opt_time,
	34	(void *)(offsetof(queryprogram_router_options_block, timeout)) }
	35	};
	36
	37	/* Size of the options list. An extern variable has to be used so that its
	38	address can appear in the tables drtables.c. */
	39
	40	int queryprogram_router_options_count =
	41	sizeof(queryprogram_router_options)/sizeof(optionlist);
	42
d185889f JH	43
	44	#ifdef MACRO_PREDEF
	45
	46	/* Dummy entries */
	47	queryprogram_router_options_block queryprogram_router_option_defaults = {0};
	48	void queryprogram_router_init(router_instance *rblock) {}
	49	int queryprogram_router_entry(router_instance rblock, address_item addr,
	50	struct passwd pw, int verify, address_item *addr_local,
	51	address_item addr_remote, address_item addr_new,
	52	address_item **addr_succeed) {}
	53
	54	#else /!MACRO_PREDEF/
	55
	56
0756eb3c PH	57	/* Default private options block for the queryprogram router. */
	58
	59	queryprogram_router_options_block queryprogram_router_option_defaults = {
	60	NULL, /* command */
	61	6060, / timeout */
	62	(uid_t)(-1), /* cmd_uid */
	63	(gid_t)(-1), /* cmd_gid */
	64	FALSE, /* cmd_uid_set */
	65	FALSE, /* cmd_gid_set */
	66	US"/", /* current_directory */
	67	NULL, /* expand_cmd_gid */
	68	NULL /* expand_cmd_uid */
	69	};
	70
	71
	72
	73	/*************************************************
	74	* Initialization entry point *
	75	*************************************************/
	76
	77	/* Called for each instance, after its options have been read, to enable
	78	consistency checks to be done, or anything else that needs to be set up. */
	79
	80	void
	81	queryprogram_router_init(router_instance *rblock)
	82	{
	83	queryprogram_router_options_block *ob =
	84	(queryprogram_router_options_block *)(rblock->options_block);
	85
	86	/* A command must be given */
	87
	88	if (ob->command == NULL)
	89	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_FOR, "%s router:\n "
	90	"a command specification is required", rblock->name);
	91
	92	/* A uid/gid must be supplied */
	93
	94	if (!ob->cmd_uid_set && ob->expand_cmd_uid == NULL)
	95	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_FOR, "%s router:\n "
	96	"command_user must be specified", rblock->name);
	97	}
	98
	99
	100
	101	/*************************************************
	102	* Process a set of generated new addresses *
	103	*************************************************/
	104
	105	/* This function sets up a set of newly generated child addresses and puts them
	106	on the new address chain.
	107
	108	Arguments:
	109	rblock router block
	110	addr_new new address chain
	111	addr original address
	112	generated list of generated addresses
	113	addr_prop the propagated data block, containing errors_to,
	114	header change stuff, and address_data
	115
	116	Returns: nothing
	117	*/
	118
	119	static void
	120	add_generated(router_instance rblock, address_item *addr_new,
121	address_item addr, address_item generated,
122	address_item_propagated *addr_prop)
123	{
124	while (generated != NULL)
125	{
126	address_item *next = generated;
127	generated = next->next;
128
129	next->parent = addr;
130	orflag(next, addr, af_propagate);
d43cbe25	131	next->prop = *addr_prop;
0756eb3c PH	132	next->start_router = rblock->redirect_router;
	133
	134	next->next = *addr_new;
	135	*addr_new = next;
	136
82f90600	137	if (addr->child_count == USHRT_MAX)
4362ff0d	138	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "%s router generated more than %d "
82f90600	139	"child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
0756eb3c PH	140	addr->child_count++;
	141
	142	DEBUG(D_route)
	143	debug_printf("%s router generated %s\n", rblock->name, next->address);
	144	}
	145	}
	146
	147
	148
	149
	150	/*************************************************
	151	* Main entry point *
	152	*************************************************/
	153
	154	/* See local README for interface details. This router returns:
	155
	156	DECLINE
	157	. DECLINE returned
	158	. self = DECLINE
	159
	160	PASS
	161	. PASS returned
	162	. timeout of host lookup and pass_on_timeout set
	163	. self = PASS
	164
	165	DEFER
	166	. verifying the errors address caused a deferment or a big disaster such
	167	as an expansion failure (rf_get_errors_address)
	168	. expanding a headers_{add,remove} string caused a deferment or another
	169	expansion error (rf_get_munge_headers)
	170	. a problem in rf_get_transport: no transport when one is needed;
	171	failed to expand dynamic transport; failed to find dynamic transport
	172	. bad lookup type
	173	. problem looking up host (rf_lookup_hostlist)
	174	. self = DEFER or FREEZE
	175	. failure to set up uid/gid for running the command
	176	. failure of transport_set_up_command: too many arguments, expansion fail
	177	. failure to create child process
	178	. child process crashed or timed out or didn't return data
	179	. :defer: in data
	180	. DEFER or FREEZE returned
	181	. problem in redirection data
	182	. unknown transport name or trouble expanding router transport
	183
	184	FAIL
	185	. :fail: in data
	186	. FAIL returned
	187	. self = FAIL
	188
	189	OK
	190	. address added to addr_local or addr_remote for delivery
	191	. new addresses added to addr_new
	192	*/
	193
	194	int
	195	queryprogram_router_entry(
	196	router_instance rblock, / data for this instantiation */
	197	address_item addr, / address we are working on */
	198	struct passwd pw, / passwd entry after check_local_user */
fd6de02e	199	int verify, /* v_none/v_recipient/v_sender/v_expn */
0756eb3c PH	200	address_item *addr_local, / add it to this if it's local */
	201	address_item *addr_remote, / add it to this if it's remote */
	202	address_item *addr_new, / put new addresses on here */
	203	address_item *addr_succeed) / put old address here on success */
	204	{
	205	int fd_in, fd_out, len, rc;
	206	pid_t pid;
	207	struct passwd *upw = NULL;
	208	uschar buffer[1024];
55414b25	209	const uschar **argvptr;
0756eb3c PH	210	uschar rword, rdata, *s;
	211	address_item_propagated addr_prop;
	212	queryprogram_router_options_block *ob =
	213	(queryprogram_router_options_block *)(rblock->options_block);
	214	uschar *current_directory = ob->current_directory;
	215	ugid_block ugid;
59e82a2a PH	216	uid_t curr_uid = getuid();
59e82a2a PH	217	gid_t curr_gid = getgid();
0756eb3c PH	218	uid_t uid = ob->cmd_uid;
0756eb3c PH	219	gid_t gid = ob->cmd_gid;
59e82a2a PH	220	uid_t *puid = &uid;
59e82a2a PH	221	gid_t *pgid = &gid;
0756eb3c PH	222
	223	DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n",
	224	rblock->name, addr->address, addr->domain);
	225
	226	ugid.uid_set = ugid.gid_set = FALSE;
	227
	228	/* Set up the propagated data block with the current address_data and the
	229	errors address and extra header stuff. */
	230
806c3df9	231	bzero(&addr_prop, sizeof(addr_prop));
0756eb3c PH	232	addr_prop.address_data = deliver_address_data;
0756eb3c PH	233
d43cbe25	234	rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address);
0756eb3c PH	235	if (rc != OK) return rc;
0756eb3c PH	236
d43cbe25 JH	237	rc = rf_get_munge_headers(addr, rblock, &addr_prop.extra_headers,
d43cbe25 JH	238	&addr_prop.remove_headers);
0756eb3c PH	239	if (rc != OK) return rc;
0756eb3c PH	240
67e87fcf JH	241	#ifdef EXPERIMENTAL_SRS
	242	addr_prop.srs_sender = NULL;
	243	#endif
	244
0756eb3c PH	245	/* Get the fixed or expanded uid under which the command is to run
	246	(initialization ensures that one or the other is set). */
	247
	248	if (!ob->cmd_uid_set)
	249	{
	250	if (!route_find_expanded_user(ob->expand_cmd_uid, rblock->name, US"router",
	251	&upw, &uid, &(addr->message)))
	252	return DEFER;
	253	}
	254
	255	/* Get the fixed or expanded gid, or take the gid from the passwd entry. */
	256
	257	if (!ob->cmd_gid_set)
	258	{
	259	if (ob->expand_cmd_gid != NULL)
	260	{
	261	if (route_find_expanded_group(ob->expand_cmd_gid, rblock->name,
	262	US"router", &gid, &(addr->message)))
	263	return DEFER;
	264	}
	265	else if (upw != NULL)
	266	{
	267	gid = upw->pw_gid;
	268	}
	269	else
	270	{
	271	addr->message = string_sprintf("command_user set without command_group "
	272	"for %s router", rblock->name);
	273	return DEFER;
	274	}
	275	}
	276
59e82a2a	277	DEBUG(D_route) debug_printf("requires uid=%ld gid=%ld current_directory=%s\n",
0756eb3c PH	278	(long int)uid, (long int)gid, current_directory);
0756eb3c PH	279
59e82a2a PH	280	/* If we are not running as root, we will not be able to change uid/gid. */
	281
	282	if (curr_uid != root_uid && (uid != curr_uid \|\| gid != curr_gid))
	283	{
	284	DEBUG(D_route)
	285	{
	286	debug_printf("not running as root: cannot change uid/gid\n");
	287	debug_printf("subprocess will run with uid=%ld gid=%ld\n",
	288	(long int)curr_uid, (long int)curr_gid);
	289	}
	290	puid = pgid = NULL;
	291	}
	292
	293	/* Set up the command to run */
	294
0756eb3c PH	295	if (!transport_set_up_command(&argvptr, /* anchor for arg list */
	296	ob->command, /* raw command */
	297	TRUE, /* expand the arguments */
	298	0, /* not relevant when... */
	299	NULL, /* no transporting address */
	300	US"queryprogram router", /* for error messages */
	301	&(addr->message))) /* where to put error message */
	302	{
	303	return DEFER;
	304	}
	305
	306	/* Create the child process, making it a group leader. */
	307
59e82a2a	308	pid = child_open_uid(argvptr, NULL, 0077, puid, pgid, &fd_in, &fd_out,
0756eb3c PH	309	current_directory, TRUE);
	310
	311	if (pid < 0)
	312	{
	313	addr->message = string_sprintf("%s router couldn't create child process: %s",
	314	rblock->name, strerror(errno));
	315	return DEFER;
	316	}
	317
	318	/* Nothing is written to the standard input. */
	319
f1e894f3	320	(void)close(fd_in);
0756eb3c PH	321
	322	/* Wait for the process to finish, applying the timeout, and inspect its return
	323	code. */
	324
	325	if ((rc = child_close(pid, ob->timeout)) != 0)
	326	{
	327	if (rc > 0)
	328	addr->message = string_sprintf("%s router: command returned non-zero "
	329	"code %d", rblock->name, rc);
	330
	331	else if (rc == -256)
	332	{
	333	addr->message = string_sprintf("%s router: command timed out",
	334	rblock->name);
	335	killpg(pid, SIGKILL); /* Kill the whole process group */
	336	}
	337
	338	else if (rc == -257)
	339	addr->message = string_sprintf("%s router: wait() failed: %s",
	340	rblock->name, strerror(errno));
	341
	342	else
	343	addr->message = string_sprintf("%s router: command killed by signal %d",
	344	rblock->name, -rc);
	345
	346	return DEFER;
	347	}
	348
	349	/* Read the pipe to get the command's output, and then close it. */
	350
	351	len = read(fd_out, buffer, sizeof(buffer) - 1);
f1e894f3	352	(void)close(fd_out);
0756eb3c PH	353
	354	/* Failure to return any data is an error. */
	355
	356	if (len <= 0)
	357	{
	358	addr->message = string_sprintf("%s router: command failed to return data",
	359	rblock->name);
	360	return DEFER;
	361	}
	362
	363	/* Get rid of leading and trailing white space, and pick off the first word of
	364	the result. */
	365
	366	while (len > 0 && isspace(buffer[len-1])) len--;
	367	buffer[len] = 0;
	368
	369	DEBUG(D_route) debug_printf("command wrote: %s\n", buffer);
	370
	371	rword = buffer;
	372	while (isspace(*rword)) rword++;
	373	rdata = rword;
	374	while (rdata != 0 && !isspace(rdata)) rdata++;
	375	if (rdata != 0) rdata++ = 0;
	376
	377	/* The word must be a known yield name. If it is "REDIRECT", the rest of the
	378	line is redirection data, as for a .forward file. It may not contain filter
	379	data, and it may not contain anything other than addresses (no files, no pipes,
	380	no specials). */
	381
	382	if (strcmpic(rword, US"REDIRECT") == 0)
	383	{
	384	int filtertype;
	385	redirect_block redirect;
	386	address_item *generated = NULL;
	387
	388	redirect.string = rdata;
	389	redirect.isfile = FALSE;
	390
	391	rc = rda_interpret(&redirect, /* redirection data */
	392	RDO_BLACKHOLE \| /* forbid :blackhole: */
	393	RDO_FAIL \| /* forbid :fail: */
	394	RDO_INCLUDE \| /* forbid :include: */
	395	RDO_REWRITE, /* rewrite generated addresses */
	396	NULL, /* :include: directory not relevant */
	397	NULL, /* sieve vacation directory not relevant */
efd9a422	398	NULL, /* sieve enotify mailto owner not relevant */
e4a89c47 PH	399	NULL, /* sieve useraddress not relevant */
e4a89c47 PH	400	NULL, /* sieve subaddress not relevant */
0756eb3c PH	401	&ugid, /* uid/gid (but not set) */
	402	&generated, /* where to hang the results */
	403	&(addr->message), /* where to put messages */
	404	NULL, /* don't skip syntax errors */
	405	&filtertype, /* not used; will always be FILTER_FORWARD */
	406	string_sprintf("%s router", rblock->name));
	407
	408	switch (rc)
	409	{
	410	/* FF_DEFER and FF_FAIL can arise only as a result of explicit commands.
	411	If a configured message was supplied, allow it to be included in an SMTP
	412	response after verifying. */
	413
	414	case FF_DEFER:
	415	if (addr->message == NULL) addr->message = US"forced defer";
	416	else addr->user_message = addr->message;
	417	return DEFER;
	418
	419	case FF_FAIL:
	420	add_generated(rblock, addr_new, addr, generated, &addr_prop);
	421	if (addr->message == NULL) addr->message = US"forced rejection";
	422	else addr->user_message = addr->message;
	423	return FAIL;
	424
	425	case FF_DELIVERED:
	426	break;
	427
	428	case FF_NOTDELIVERED: /* an empty redirection list is bad */
	429	addr->message = US"no addresses supplied";
	430	/* Fall through */
	431
	432	case FF_ERROR:
	433	default:
	434	addr->basic_errno = ERRNO_BADREDIRECT;
	435	addr->message = string_sprintf("error in redirect data: %s", addr->message);
	436	return DEFER;
	437	}
	438
	439	/* Handle the generated addresses, if any. */
	440
	441	add_generated(rblock, addr_new, addr, generated, &addr_prop);
	442
	443	/* Put the original address onto the succeed queue so that any retry items
	444	that get attached to it get processed. */
	445
	446	addr->next = *addr_succeed;
	447	*addr_succeed = addr;
	448
	449	return OK;
	450	}
	451
	452	/* Handle other returns that are not ACCEPT */
	453
	454	if (strcmpic(rword, US"accept") != 0)
	455	{
	456	if (strcmpic(rword, US"decline") == 0) return DECLINE;
	457	if (strcmpic(rword, US"pass") == 0) return PASS;
	458	addr->message = string_copy(rdata); /* data is a message */
447d236c PH	459	if (strcmpic(rword, US"fail") == 0)
	460	{
	461	setflag(addr, af_pass_message);
	462	return FAIL;
	463	}
0756eb3c PH	464	if (strcmpic(rword, US"freeze") == 0) addr->special_action = SPECIAL_FREEZE;
	465	else if (strcmpic(rword, US"defer") != 0)
	466	{
	467	addr->message = string_sprintf("bad command yield: %s %s", rword, rdata);
	468	log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
	469	}
	470	return DEFER;
	471	}
	472
	473	/* The command yielded "ACCEPT". The rest of the string is a number of keyed
	474	fields from which we can fish out values using the "extract" expansion
	475	function. To use this feature, we must put the string into the $value variable,
	476	i.e. set lookup_value. */
	477
	478	lookup_value = rdata;
	479	s = expand_string(US"${extract{data}{$value}}");
	480	if (*s != 0) addr_prop.address_data = string_copy(s);
	481
	482	s = expand_string(US"${extract{transport}{$value}}");
	483	lookup_value = NULL;
	484
	485	/* If we found a transport name, find the actual transport */
	486
	487	if (*s != 0)
	488	{
	489	transport_instance *transport;
	490	for (transport = transports; transport != NULL; transport = transport->next)
	491	if (Ustrcmp(transport->name, s) == 0) break;
	492	if (transport == NULL)
	493	{
	494	addr->message = string_sprintf("unknown transport name %s yielded by "
	495	"command", s);
	496	log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
	497	return DEFER;
	498	}
	499	addr->transport = transport;
	500	}
	501
	502	/* No transport given; get the transport from the router configuration. It may
	503	be fixed or expanded, but there will be an error if it is unset, requested by
	504	the last argument not being NULL. */
	505
	506	else
	507	{
	508	if (!rf_get_transport(rblock->transport_name, &(rblock->transport), addr,
	509	rblock->name, US"transport"))
	510	return DEFER;
	511	addr->transport = rblock->transport;
	512	}
	513
	514	/* See if a host list is given, and if so, look up the addresses. */
	515
	516	lookup_value = rdata;
	517	s = expand_string(US"${extract{hosts}{$value}}");
	518
	519	if (*s != 0)
	520	{
	521	int lookup_type = lk_default;
	522	uschar *ss = expand_string(US"${extract{lookup}{$value}}");
	523	lookup_value = NULL;
	524
	525	if (*ss != 0)
	526	{
	527	if (Ustrcmp(ss, "byname") == 0) lookup_type = lk_byname;
528	else if (Ustrcmp(ss, "bydns") == 0) lookup_type = lk_bydns;
529	else
530	{
531	addr->message = string_sprintf("bad lookup type \"%s\" yielded by "
532	"command", ss);
533	log_write(0, LOG_PANIC, "%s router: %s", rblock->name, addr->message);
534	return DEFER;
535	}
536	}
537
538	host_build_hostlist(&(addr->host_list), s, FALSE); /* pro tem no randomize */
539
540	rc = rf_lookup_hostlist(rblock, addr, rblock->ignore_target_hosts,
541	lookup_type, hff_defer, addr_new);
542	if (rc != OK) return rc;
543	}
544	lookup_value = NULL;
545
546	/* Put the errors address, extra headers, and address_data into this address */
547
d43cbe25	548	addr->prop = addr_prop;
0756eb3c PH	549
	550	/* Queue the address for local or remote delivery. */
	551
	552	return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)?
	553	OK : DEFER;
	554	}
	555
d185889f	556	#endif /!MACRO_PREDEF/
0756eb3c	557	/* End of routers/queryprogram.c */