Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
80fea873 | 5 | /* Copyright (c) University of Cambridge 1995 - 2016 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions for reading spool files. When compiling for a utility (eximon), | |
9 | not all are needed, and some functionality can be cut out. */ | |
10 | ||
11 | ||
12 | #include "exim.h" | |
13 | ||
14 | ||
15 | ||
16 | #ifndef COMPILE_UTILITY | |
17 | /************************************************* | |
18 | * Open and lock data file * | |
19 | *************************************************/ | |
20 | ||
21 | /* The data file is the one that is used for locking, because the header file | |
22 | can get replaced during delivery because of header rewriting. The file has | |
23 | to opened with write access so that we can get an exclusive lock, but in | |
24 | fact it won't be written to. Just in case there's a major disaster (e.g. | |
25 | overwriting some other file descriptor with the value of this one), open it | |
26 | with append. | |
27 | ||
28 | Argument: the id of the message | |
789f8a4f | 29 | Returns: fd if file successfully opened and locked, else -1 |
059ec3d9 | 30 | |
789f8a4f | 31 | Side effect: message_subdir is set for the (possibly split) spool directory |
059ec3d9 PH |
32 | */ |
33 | ||
789f8a4f | 34 | int |
059ec3d9 PH |
35 | spool_open_datafile(uschar *id) |
36 | { | |
37 | int i; | |
38 | struct stat statbuf; | |
39 | flock_t lock_data; | |
40 | uschar spoolname[256]; | |
789f8a4f | 41 | int fd; |
059ec3d9 PH |
42 | |
43 | /* If split_spool_directory is set, first look for the file in the appropriate | |
44 | sub-directory of the input directory. If it is not found there, try the input | |
45 | directory itself, to pick up leftovers from before the splitting. If split_ | |
46 | spool_directory is not set, first look in the main input directory. If it is | |
47 | not found there, try the split sub-directory, in case it is left over from a | |
48 | splitting state. */ | |
49 | ||
50 | for (i = 0; i < 2; i++) | |
51 | { | |
52 | int save_errno; | |
a2da3176 JH |
53 | message_subdir[0] = split_spool_directory == (i == 0) ? id[5] : 0; |
54 | snprintf(CS spoolname, sizeof(spoolname), "%s/input/%s/%s/%s-D", | |
55 | spool_directory, queue_name, message_subdir, id); | |
56 | DEBUG(D_deliver) debug_printf("Trying spool file %s\n", spoolname); | |
57 | ||
789f8a4f JH |
58 | if ((fd = Uopen(spoolname, O_RDWR | O_APPEND, 0)) >= 0) |
59 | break; | |
059ec3d9 PH |
60 | save_errno = errno; |
61 | if (errno == ENOENT) | |
62 | { | |
63 | if (i == 0) continue; | |
64 | if (!queue_running) | |
65 | log_write(0, LOG_MAIN, "Spool file %s-D not found", id); | |
66 | } | |
67 | else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname, | |
68 | strerror(errno)); | |
69 | errno = save_errno; | |
789f8a4f | 70 | return -1; |
059ec3d9 PH |
71 | } |
72 | ||
73 | /* File is open and message_subdir is set. Set the close-on-exec flag, and lock | |
74 | the file. We lock only the first line of the file (containing the message ID) | |
75 | because this apparently is needed for running Exim under Cygwin. If the entire | |
76 | file is locked in one process, a sub-process cannot access it, even when passed | |
77 | an open file descriptor (at least, I think that's the Cygwin story). On real | |
78 | Unix systems it doesn't make any difference as long as Exim is consistent in | |
79 | what it locks. */ | |
80 | ||
789f8a4f | 81 | (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | |
059ec3d9 PH |
82 | FD_CLOEXEC); |
83 | ||
84 | lock_data.l_type = F_WRLCK; | |
85 | lock_data.l_whence = SEEK_SET; | |
86 | lock_data.l_start = 0; | |
87 | lock_data.l_len = SPOOL_DATA_START_OFFSET; | |
88 | ||
789f8a4f | 89 | if (fcntl(fd, F_SETLK, &lock_data) < 0) |
059ec3d9 PH |
90 | { |
91 | log_write(L_skip_delivery, | |
92 | LOG_MAIN, | |
93 | "Spool file is locked (another process is handling this message)"); | |
789f8a4f | 94 | (void)close(fd); |
059ec3d9 | 95 | errno = 0; |
789f8a4f | 96 | return -1; |
059ec3d9 PH |
97 | } |
98 | ||
99 | /* Get the size of the data; don't include the leading filename line | |
100 | in the count, but add one for the newline before the data. */ | |
101 | ||
789f8a4f | 102 | if (fstat(fd, &statbuf) == 0) |
059ec3d9 PH |
103 | { |
104 | message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET; | |
105 | message_size = message_body_size + 1; | |
106 | } | |
107 | ||
789f8a4f | 108 | return fd; |
059ec3d9 PH |
109 | } |
110 | #endif /* COMPILE_UTILITY */ | |
111 | ||
112 | ||
113 | ||
114 | /************************************************* | |
115 | * Read non-recipients tree from spool file * | |
116 | *************************************************/ | |
117 | ||
118 | /* The tree of non-recipients is written to the spool file in a form that | |
119 | makes it easy to read back into a tree. The format is as follows: | |
120 | ||
121 | . Each node is preceded by two letter(Y/N) indicating whether it has left | |
122 | or right children. There's one space after the two flags, before the name. | |
123 | ||
124 | . The left subtree (if any) then follows, then the right subtree (if any). | |
125 | ||
126 | This function is entered with the next input line in the buffer. Note we must | |
127 | save the right flag before recursing with the same buffer. | |
128 | ||
129 | Once the tree is read, we re-construct the balance fields by scanning the tree. | |
130 | I forgot to write them out originally, and the compatible fix is to do it this | |
131 | way. This initial local recursing function does the necessary. | |
132 | ||
133 | Arguments: | |
134 | node tree node | |
135 | ||
136 | Returns: maximum depth below the node, including the node itself | |
137 | */ | |
138 | ||
139 | static int | |
140 | count_below(tree_node *node) | |
141 | { | |
142 | int nleft, nright; | |
143 | if (node == NULL) return 0; | |
144 | nleft = count_below(node->left); | |
145 | nright = count_below(node->right); | |
146 | node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0); | |
147 | return 1 + ((nleft > nright)? nleft : nright); | |
148 | } | |
149 | ||
150 | /* This is the real function... | |
151 | ||
152 | Arguments: | |
153 | connect pointer to the root of the tree | |
154 | f FILE to read data from | |
155 | buffer contains next input line; further lines read into it | |
156 | buffer_size size of the buffer | |
157 | ||
158 | Returns: FALSE on format error | |
159 | */ | |
160 | ||
161 | static BOOL | |
162 | read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer, | |
163 | int buffer_size) | |
164 | { | |
165 | tree_node *node; | |
166 | int n = Ustrlen(buffer); | |
167 | BOOL right = buffer[1] == 'Y'; | |
168 | ||
169 | if (n < 5) return FALSE; /* malformed line */ | |
170 | buffer[n-1] = 0; /* Remove \n */ | |
171 | node = store_get(sizeof(tree_node) + n - 3); | |
172 | *connect = node; | |
173 | Ustrcpy(node->name, buffer + 3); | |
174 | node->data.ptr = NULL; | |
175 | ||
176 | if (buffer[0] == 'Y') | |
177 | { | |
178 | if (Ufgets(buffer, buffer_size, f) == NULL || | |
179 | !read_nonrecipients_tree(&node->left, f, buffer, buffer_size)) | |
180 | return FALSE; | |
181 | } | |
182 | else node->left = NULL; | |
183 | ||
184 | if (right) | |
185 | { | |
186 | if (Ufgets(buffer, buffer_size, f) == NULL || | |
187 | !read_nonrecipients_tree(&node->right, f, buffer, buffer_size)) | |
188 | return FALSE; | |
189 | } | |
190 | else node->right = NULL; | |
191 | ||
192 | (void) count_below(*connect); | |
193 | return TRUE; | |
194 | } | |
195 | ||
196 | ||
197 | ||
198 | ||
199 | /************************************************* | |
200 | * Read spool header file * | |
201 | *************************************************/ | |
202 | ||
203 | /* This function reads a spool header file and places the data into the | |
204 | appropriate global variables. The header portion is always read, but header | |
205 | structures are built only if read_headers is set true. It isn't, for example, | |
206 | while generating -bp output. | |
207 | ||
208 | It may be possible for blocks of nulls (binary zeroes) to get written on the | |
209 | end of a file if there is a system crash during writing. It was observed on an | |
210 | earlier version of Exim that omitted to fsync() the files - this is thought to | |
211 | have been the cause of that incident, but in any case, this code must be robust | |
212 | against such an event, and if such a file is encountered, it must be treated as | |
213 | malformed. | |
214 | ||
215 | Arguments: | |
216 | name name of the header file, including the -H | |
217 | read_headers TRUE if in-store header structures are to be built | |
218 | subdir_set TRUE is message_subdir is already set | |
219 | ||
220 | Returns: spool_read_OK success | |
221 | spool_read_notopen open failed | |
222 | spool_read_enverror error in the envelope portion | |
223 | spool_read_hdrdrror error in the header portion | |
224 | */ | |
225 | ||
226 | int | |
227 | spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set) | |
228 | { | |
229 | FILE *f = NULL; | |
230 | int n; | |
231 | int rcount = 0; | |
232 | long int uid, gid; | |
233 | BOOL inheader = FALSE; | |
1e70f85b | 234 | uschar *p; |
059ec3d9 PH |
235 | |
236 | /* Reset all the global variables to their default values. However, there is | |
237 | one exception. DO NOT change the default value of dont_deliver, because it may | |
238 | be forced by an external setting. */ | |
239 | ||
38a0a95f | 240 | acl_var_c = acl_var_m = NULL; |
059ec3d9 PH |
241 | authenticated_id = NULL; |
242 | authenticated_sender = NULL; | |
243 | allow_unqualified_recipient = FALSE; | |
244 | allow_unqualified_sender = FALSE; | |
245 | body_linecount = 0; | |
246 | body_zerocount = 0; | |
247 | deliver_firsttime = FALSE; | |
248 | deliver_freeze = FALSE; | |
249 | deliver_frozen_at = 0; | |
250 | deliver_manual_thaw = FALSE; | |
251 | /* dont_deliver must NOT be reset */ | |
252 | header_list = header_last = NULL; | |
b08b24c8 | 253 | host_lookup_deferred = FALSE; |
059ec3d9 PH |
254 | host_lookup_failed = FALSE; |
255 | interface_address = NULL; | |
256 | interface_port = 0; | |
257 | local_error_message = FALSE; | |
258 | local_scan_data = NULL; | |
d677b2f2 | 259 | max_received_linelength = 0; |
059ec3d9 PH |
260 | message_linecount = 0; |
261 | received_protocol = NULL; | |
262 | received_count = 0; | |
263 | recipients_list = NULL; | |
264 | sender_address = NULL; | |
265 | sender_fullhost = NULL; | |
266 | sender_helo_name = NULL; | |
267 | sender_host_address = NULL; | |
268 | sender_host_name = NULL; | |
269 | sender_host_port = 0; | |
270 | sender_host_authenticated = NULL; | |
271 | sender_ident = NULL; | |
272 | sender_local = FALSE; | |
273 | sender_set_untrusted = FALSE; | |
1f5b4c3d | 274 | smtp_active_hostname = primary_hostname; |
059ec3d9 PH |
275 | tree_nonrecipients = NULL; |
276 | ||
8523533c TK |
277 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
278 | bmi_run = 0; | |
279 | bmi_verdicts = NULL; | |
280 | #endif | |
281 | ||
80a47a2c | 282 | #ifndef DISABLE_DKIM |
9e5d6b55 | 283 | dkim_signers = NULL; |
80a47a2c TK |
284 | dkim_disable_verify = FALSE; |
285 | dkim_collect_input = FALSE; | |
f7572e5a TK |
286 | #endif |
287 | ||
059ec3d9 | 288 | #ifdef SUPPORT_TLS |
817d9f57 | 289 | tls_in.certificate_verified = FALSE; |
53a7196b JH |
290 | # ifdef EXPERIMENTAL_DANE |
291 | tls_in.dane_verified = FALSE; | |
292 | # endif | |
817d9f57 | 293 | tls_in.cipher = NULL; |
790fbb71 JH |
294 | # ifndef COMPILE_UTILITY /* tls support fns not built in */ |
295 | tls_free_cert(&tls_in.ourcert); | |
296 | tls_free_cert(&tls_in.peercert); | |
297 | # endif | |
817d9f57 JH |
298 | tls_in.peerdn = NULL; |
299 | tls_in.sni = NULL; | |
44662487 | 300 | tls_in.ocsp = OCSP_NOT_REQ; |
7be682ca | 301 | #endif |
059ec3d9 | 302 | |
8523533c | 303 | #ifdef WITH_CONTENT_SCAN |
3481c572 JH |
304 | spam_bar = NULL; |
305 | spam_score = NULL; | |
8523533c TK |
306 | spam_score_int = NULL; |
307 | #endif | |
308 | ||
8c5d388a | 309 | #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY) |
7ade712c | 310 | message_smtputf8 = FALSE; |
3c8b3577 | 311 | message_utf8_downconvert = 0; |
7ade712c JH |
312 | #endif |
313 | ||
6c1c3d1d WB |
314 | dsn_ret = 0; |
315 | dsn_envid = NULL; | |
6c1c3d1d | 316 | |
059ec3d9 PH |
317 | /* Generate the full name and open the file. If message_subdir is already |
318 | set, just look in the given directory. Otherwise, look in both the split | |
319 | and unsplit directories, as for the data file above. */ | |
320 | ||
321 | for (n = 0; n < 2; n++) | |
322 | { | |
323 | if (!subdir_set) | |
a2da3176 JH |
324 | message_subdir[0] = split_spool_directory == (n == 0) ? name[5] : 0; |
325 | sprintf(CS big_buffer, "%s/input/%s/%s/%s", | |
326 | spool_directory, queue_name, message_subdir, name); | |
327 | if ((f = Ufopen(big_buffer, "rb"))) break; | |
059ec3d9 PH |
328 | if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen; |
329 | } | |
330 | ||
331 | errno = 0; | |
332 | ||
333 | #ifndef COMPILE_UTILITY | |
334 | DEBUG(D_deliver) debug_printf("reading spool file %s\n", name); | |
335 | #endif /* COMPILE_UTILITY */ | |
336 | ||
337 | /* The first line of a spool file contains the message id followed by -H (i.e. | |
338 | the file name), in order to make the file self-identifying. */ | |
339 | ||
340 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
341 | if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 || | |
342 | Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0) | |
343 | goto SPOOL_FORMAT_ERROR; | |
344 | ||
345 | /* The next three lines in the header file are in a fixed format. The first | |
346 | contains the login, uid, and gid of the user who caused the file to be written. | |
ebb6e6d5 PH |
347 | There are known cases where a negative gid is used, so we allow for both |
348 | negative uids and gids. The second contains the mail address of the message's | |
349 | sender, enclosed in <>. The third contains the time the message was received, | |
350 | and the number of warning messages for delivery delays that have been sent. */ | |
059ec3d9 PH |
351 | |
352 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
353 | ||
1e70f85b PH |
354 | p = big_buffer + Ustrlen(big_buffer); |
355 | while (p > big_buffer && isspace(p[-1])) p--; | |
356 | *p = 0; | |
357 | if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; | |
ebb6e6d5 | 358 | while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; |
1e70f85b PH |
359 | gid = Uatoi(p); |
360 | if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; | |
361 | *p = 0; | |
362 | if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; | |
ebb6e6d5 | 363 | while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; |
1e70f85b PH |
364 | uid = Uatoi(p); |
365 | if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; | |
366 | *p = 0; | |
8e669ac1 | 367 | |
1e70f85b | 368 | originator_login = string_copy(big_buffer); |
059ec3d9 PH |
369 | originator_uid = (uid_t)uid; |
370 | originator_gid = (gid_t)gid; | |
371 | ||
e91ad4a7 | 372 | /* envelope from */ |
059ec3d9 PH |
373 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; |
374 | n = Ustrlen(big_buffer); | |
375 | if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>') | |
376 | goto SPOOL_FORMAT_ERROR; | |
377 | ||
378 | sender_address = store_get(n-2); | |
379 | Ustrncpy(sender_address, big_buffer+1, n-3); | |
380 | sender_address[n-3] = 0; | |
381 | ||
e91ad4a7 | 382 | /* time */ |
059ec3d9 PH |
383 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; |
384 | if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2) | |
385 | goto SPOOL_FORMAT_ERROR; | |
386 | ||
387 | message_age = time(NULL) - received_time; | |
388 | ||
389 | #ifndef COMPILE_UTILITY | |
390 | DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n", | |
391 | originator_login, (long int)originator_uid, (long int)originator_gid, | |
392 | sender_address); | |
393 | #endif /* COMPILE_UTILITY */ | |
394 | ||
08955dd3 PH |
395 | /* Now there may be a number of optional lines, each starting with "-". If you |
396 | add a new setting here, make sure you set the default above. | |
059ec3d9 | 397 | |
08955dd3 PH |
398 | Because there are now quite a number of different possibilities, we use a |
399 | switch on the first character to avoid too many failing tests. Thanks to Nico | |
400 | Erfurth for the patch that implemented this. I have made it even more efficient | |
401 | by not re-scanning the first two characters. | |
402 | ||
403 | To allow new versions of Exim that add additional flags to interwork with older | |
404 | versions that do not understand them, just ignore any lines starting with "-" | |
405 | that we don't recognize. Otherwise it wouldn't be possible to back off a new | |
406 | version that left new-style flags written on the spool. */ | |
407 | ||
408 | p = big_buffer + 2; | |
059ec3d9 PH |
409 | for (;;) |
410 | { | |
e91ad4a7 | 411 | int len; |
059ec3d9 PH |
412 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; |
413 | if (big_buffer[0] != '-') break; | |
e91ad4a7 JH |
414 | while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1 |
415 | && big_buffer[len-1] != '\n' | |
416 | ) | |
417 | { /* buffer not big enough for line; certs make this possible */ | |
418 | uschar * buf; | |
419 | if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR; | |
420 | buf = store_get_perm(big_buffer_size *= 2); | |
421 | memcpy(buf, big_buffer, --len); | |
422 | big_buffer = buf; | |
423 | if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL) | |
424 | goto SPOOL_READ_ERROR; | |
425 | } | |
426 | big_buffer[len-1] = 0; | |
47ca6d6c | 427 | |
08955dd3 | 428 | switch(big_buffer[1]) |
059ec3d9 | 429 | { |
08955dd3 PH |
430 | case 'a': |
431 | ||
432 | /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL | |
433 | variable, because Exim allows any number of them, with arbitrary names. | |
434 | The line in the spool file is "-acl[cm] <name> <length>". The name excludes | |
435 | the c or m. */ | |
436 | ||
437 | if (Ustrncmp(p, "clc ", 4) == 0 || | |
438 | Ustrncmp(p, "clm ", 4) == 0) | |
439 | { | |
440 | uschar *name, *endptr; | |
441 | int count; | |
442 | tree_node *node; | |
443 | endptr = Ustrchr(big_buffer + 6, ' '); | |
444 | if (endptr == NULL) goto SPOOL_FORMAT_ERROR; | |
445 | name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6, | |
446 | big_buffer + 6); | |
447 | if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR; | |
448 | node = acl_var_create(name); | |
449 | node->data.ptr = store_get(count + 1); | |
450 | if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR; | |
451 | ((uschar*)node->data.ptr)[count] = 0; | |
452 | } | |
453 | ||
454 | else if (Ustrcmp(p, "llow_unqualified_recipient") == 0) | |
455 | allow_unqualified_recipient = TRUE; | |
456 | else if (Ustrcmp(p, "llow_unqualified_sender") == 0) | |
457 | allow_unqualified_sender = TRUE; | |
458 | ||
459 | else if (Ustrncmp(p, "uth_id", 6) == 0) | |
460 | authenticated_id = string_copy(big_buffer + 9); | |
461 | else if (Ustrncmp(p, "uth_sender", 10) == 0) | |
462 | authenticated_sender = string_copy(big_buffer + 13); | |
463 | else if (Ustrncmp(p, "ctive_hostname", 14) == 0) | |
464 | smtp_active_hostname = string_copy(big_buffer + 17); | |
465 | ||
466 | /* For long-term backward compatibility, we recognize "-acl", which was | |
467 | used before the number of ACL variables changed from 10 to 20. This was | |
468 | before the subsequent change to an arbitrary number of named variables. | |
469 | This code is retained so that upgrades from very old versions can still | |
470 | handle old-format spool files. The value given after "-acl" is a number | |
471 | that is 0-9 for connection variables, and 10-19 for message variables. */ | |
472 | ||
473 | else if (Ustrncmp(p, "cl ", 3) == 0) | |
474 | { | |
475 | int index, count; | |
8dce1a6f | 476 | uschar name[20]; /* Need plenty of space for %d format */ |
08955dd3 | 477 | tree_node *node; |
806c3df9 JH |
478 | if ( sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2 |
479 | || index >= 20 | |
480 | ) | |
08955dd3 | 481 | goto SPOOL_FORMAT_ERROR; |
8dce1a6f PH |
482 | if (index < 10) |
483 | (void) string_format(name, sizeof(name), "%c%d", 'c', index); | |
806c3df9 | 484 | else |
8dce1a6f | 485 | (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10); |
08955dd3 PH |
486 | node = acl_var_create(name); |
487 | node->data.ptr = store_get(count + 1); | |
488 | if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR; | |
489 | ((uschar*)node->data.ptr)[count] = 0; | |
490 | } | |
491 | break; | |
492 | ||
493 | case 'b': | |
494 | if (Ustrncmp(p, "ody_linecount", 13) == 0) | |
495 | body_linecount = Uatoi(big_buffer + 15); | |
496 | else if (Ustrncmp(p, "ody_zerocount", 13) == 0) | |
497 | body_zerocount = Uatoi(big_buffer + 15); | |
e91ad4a7 | 498 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
08955dd3 PH |
499 | else if (Ustrncmp(p, "mi_verdicts ", 12) == 0) |
500 | bmi_verdicts = string_copy(big_buffer + 14); | |
e91ad4a7 | 501 | #endif |
08955dd3 PH |
502 | break; |
503 | ||
504 | case 'd': | |
505 | if (Ustrcmp(p, "eliver_firsttime") == 0) | |
506 | deliver_firsttime = TRUE; | |
6c1c3d1d WB |
507 | /* Check if the dsn flags have been set in the header file */ |
508 | else if (Ustrncmp(p, "sn_ret", 6) == 0) | |
45500060 | 509 | dsn_ret= atoi(CS big_buffer + 8); |
6c1c3d1d | 510 | else if (Ustrncmp(p, "sn_envid", 8) == 0) |
6c1c3d1d | 511 | dsn_envid = string_copy(big_buffer + 11); |
08955dd3 PH |
512 | break; |
513 | ||
514 | case 'f': | |
515 | if (Ustrncmp(p, "rozen", 5) == 0) | |
516 | { | |
517 | deliver_freeze = TRUE; | |
dc8091e7 JH |
518 | if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1) |
519 | goto SPOOL_READ_ERROR; | |
08955dd3 PH |
520 | } |
521 | break; | |
522 | ||
523 | case 'h': | |
524 | if (Ustrcmp(p, "ost_lookup_deferred") == 0) | |
525 | host_lookup_deferred = TRUE; | |
526 | else if (Ustrcmp(p, "ost_lookup_failed") == 0) | |
527 | host_lookup_failed = TRUE; | |
528 | else if (Ustrncmp(p, "ost_auth", 8) == 0) | |
529 | sender_host_authenticated = string_copy(big_buffer + 11); | |
530 | else if (Ustrncmp(p, "ost_name", 8) == 0) | |
531 | sender_host_name = string_copy(big_buffer + 11); | |
532 | else if (Ustrncmp(p, "elo_name", 8) == 0) | |
533 | sender_helo_name = string_copy(big_buffer + 11); | |
534 | ||
535 | /* We now record the port number after the address, separated by a | |
536 | dot. For compatibility during upgrading, do nothing if there | |
537 | isn't a value (it gets left at zero). */ | |
538 | ||
539 | else if (Ustrncmp(p, "ost_address", 11) == 0) | |
540 | { | |
541 | sender_host_port = host_address_extract_port(big_buffer + 14); | |
542 | sender_host_address = string_copy(big_buffer + 14); | |
543 | } | |
544 | break; | |
545 | ||
546 | case 'i': | |
547 | if (Ustrncmp(p, "nterface_address", 16) == 0) | |
548 | { | |
549 | interface_port = host_address_extract_port(big_buffer + 19); | |
550 | interface_address = string_copy(big_buffer + 19); | |
551 | } | |
552 | else if (Ustrncmp(p, "dent", 4) == 0) | |
553 | sender_ident = string_copy(big_buffer + 7); | |
554 | break; | |
555 | ||
556 | case 'l': | |
557 | if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE; | |
558 | else if (Ustrcmp(big_buffer, "-localerror") == 0) | |
559 | local_error_message = TRUE; | |
560 | else if (Ustrncmp(p, "ocal_scan ", 10) == 0) | |
561 | local_scan_data = string_copy(big_buffer + 12); | |
562 | break; | |
563 | ||
564 | case 'm': | |
565 | if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE; | |
d677b2f2 PH |
566 | else if (Ustrncmp(p, "ax_received_linelength", 22) == 0) |
567 | max_received_linelength = Uatoi(big_buffer + 24); | |
08955dd3 PH |
568 | break; |
569 | ||
570 | case 'N': | |
571 | if (*p == 0) dont_deliver = TRUE; /* -N */ | |
572 | break; | |
573 | ||
574 | case 'r': | |
575 | if (Ustrncmp(p, "eceived_protocol", 16) == 0) | |
576 | received_protocol = string_copy(big_buffer + 19); | |
577 | break; | |
578 | ||
579 | case 's': | |
580 | if (Ustrncmp(p, "ender_set_untrusted", 19) == 0) | |
581 | sender_set_untrusted = TRUE; | |
e91ad4a7 | 582 | #ifdef WITH_CONTENT_SCAN |
3481c572 JH |
583 | else if (Ustrncmp(p, "pam_bar ", 8) == 0) |
584 | spam_bar = string_copy(big_buffer + 10); | |
585 | else if (Ustrncmp(p, "pam_score ", 10) == 0) | |
586 | spam_score = string_copy(big_buffer + 12); | |
08955dd3 PH |
587 | else if (Ustrncmp(p, "pam_score_int ", 14) == 0) |
588 | spam_score_int = string_copy(big_buffer + 16); | |
e91ad4a7 | 589 | #endif |
8c5d388a | 590 | #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY) |
7ade712c JH |
591 | else if (Ustrncmp(p, "mtputf8", 7) == 0) |
592 | message_smtputf8 = TRUE; | |
593 | #endif | |
08955dd3 PH |
594 | break; |
595 | ||
e91ad4a7 | 596 | #ifdef SUPPORT_TLS |
08955dd3 PH |
597 | case 't': |
598 | if (Ustrncmp(p, "ls_certificate_verified", 23) == 0) | |
817d9f57 | 599 | tls_in.certificate_verified = TRUE; |
08955dd3 | 600 | else if (Ustrncmp(p, "ls_cipher", 9) == 0) |
817d9f57 | 601 | tls_in.cipher = string_copy(big_buffer + 12); |
e91ad4a7 | 602 | # ifndef COMPILE_UTILITY /* tls support fns not built in */ |
9d1c15ef JH |
603 | else if (Ustrncmp(p, "ls_ourcert", 10) == 0) |
604 | (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert); | |
605 | else if (Ustrncmp(p, "ls_peercert", 11) == 0) | |
606 | (void) tls_import_cert(big_buffer + 14, &tls_in.peercert); | |
e91ad4a7 | 607 | # endif |
08955dd3 | 608 | else if (Ustrncmp(p, "ls_peerdn", 9) == 0) |
817d9f57 | 609 | tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12)); |
7be682ca | 610 | else if (Ustrncmp(p, "ls_sni", 6) == 0) |
817d9f57 | 611 | tls_in.sni = string_unprinting(string_copy(big_buffer + 9)); |
44662487 JH |
612 | else if (Ustrncmp(p, "ls_ocsp", 7) == 0) |
613 | tls_in.ocsp = big_buffer[10] - '0'; | |
08955dd3 | 614 | break; |
e91ad4a7 | 615 | #endif |
08955dd3 | 616 | |
8c5d388a | 617 | #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY) |
3c8b3577 JH |
618 | case 'u': |
619 | if (Ustrncmp(p, "tf8_downcvt", 11) == 0) | |
620 | message_utf8_downconvert = 1; | |
0ec7e948 | 621 | else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0) |
3c8b3577 JH |
622 | message_utf8_downconvert = -1; |
623 | break; | |
624 | #endif | |
625 | ||
08955dd3 PH |
626 | default: /* Present because some compilers complain if all */ |
627 | break; /* possibilities are not covered. */ | |
059ec3d9 | 628 | } |
059ec3d9 PH |
629 | } |
630 | ||
631 | /* Build sender_fullhost if required */ | |
632 | ||
633 | #ifndef COMPILE_UTILITY | |
634 | host_build_sender_fullhost(); | |
635 | #endif /* COMPILE_UTILITY */ | |
636 | ||
637 | #ifndef COMPILE_UTILITY | |
638 | DEBUG(D_deliver) | |
639 | debug_printf("sender_local=%d ident=%s\n", sender_local, | |
640 | (sender_ident == NULL)? US"unset" : sender_ident); | |
641 | #endif /* COMPILE_UTILITY */ | |
642 | ||
643 | /* We now have the tree of addresses NOT to deliver to, or a line | |
644 | containing "XX", indicating no tree. */ | |
645 | ||
646 | if (Ustrncmp(big_buffer, "XX\n", 3) != 0 && | |
647 | !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size)) | |
648 | goto SPOOL_FORMAT_ERROR; | |
649 | ||
650 | #ifndef COMPILE_UTILITY | |
651 | DEBUG(D_deliver) | |
652 | { | |
653 | debug_printf("Non-recipients:\n"); | |
654 | debug_print_tree(tree_nonrecipients); | |
655 | } | |
656 | #endif /* COMPILE_UTILITY */ | |
657 | ||
658 | /* After reading the tree, the next line has not yet been read into the | |
659 | buffer. It contains the count of recipients which follow on separate lines. */ | |
660 | ||
661 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
662 | if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR; | |
663 | ||
664 | #ifndef COMPILE_UTILITY | |
665 | DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount); | |
666 | #endif /* COMPILE_UTILITY */ | |
667 | ||
668 | recipients_list_max = rcount; | |
669 | recipients_list = store_get(rcount * sizeof(recipient_item)); | |
670 | ||
671 | for (recipients_count = 0; recipients_count < rcount; recipients_count++) | |
672 | { | |
673 | int nn; | |
674 | int pno = -1; | |
6c1c3d1d WB |
675 | int dsn_flags = 0; |
676 | uschar *orcpt = NULL; | |
059ec3d9 PH |
677 | uschar *errors_to = NULL; |
678 | uschar *p; | |
679 | ||
680 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
681 | nn = Ustrlen(big_buffer); | |
682 | if (nn < 2) goto SPOOL_FORMAT_ERROR; | |
683 | ||
684 | /* Remove the newline; this terminates the address if there is no additional | |
685 | data on the line. */ | |
686 | ||
687 | p = big_buffer + nn - 1; | |
688 | *p-- = 0; | |
689 | ||
690 | /* Look back from the end of the line for digits and special terminators. | |
691 | Since an address must end with a domain, we can tell that extra data is | |
692 | present by the presence of the terminator, which is always some character | |
693 | that cannot exist in a domain. (If I'd thought of the need for additional | |
694 | data early on, I'd have put it at the start, with the address at the end. As | |
695 | it is, we have to operate backwards. Addresses are permitted to contain | |
696 | spaces, you see.) | |
697 | ||
698 | This code has to cope with various versions of this data that have evolved | |
699 | over time. In all cases, the line might just contain an address, with no | |
700 | additional data. Otherwise, the possibilities are as follows: | |
701 | ||
702 | Exim 3 type: <address><space><digits>,<digits>,<digits> | |
703 | ||
704 | The second set of digits is the parent number for one_time addresses. The | |
705 | other values were remnants of earlier experiments that were abandoned. | |
706 | ||
707 | Exim 4 first type: <address><space><digits> | |
708 | ||
709 | The digits are the parent number for one_time addresses. | |
710 | ||
711 | Exim 4 new type: <address><space><data>#<type bits> | |
712 | ||
713 | The type bits indicate what the contents of the data are. | |
714 | ||
715 | Bit 01 indicates that, reading from right to left, the data | |
716 | ends with <errors_to address><space><len>,<pno> where pno is | |
717 | the parent number for one_time addresses, and len is the length | |
718 | of the errors_to address (zero meaning none). | |
6c1c3d1d WB |
719 | |
720 | Bit 02 indicates that, again reading from right to left, the data continues | |
721 | with orcpt len(orcpt),dsn_flags | |
059ec3d9 PH |
722 | */ |
723 | ||
724 | while (isdigit(*p)) p--; | |
725 | ||
726 | /* Handle Exim 3 spool files */ | |
727 | ||
728 | if (*p == ',') | |
729 | { | |
730 | int dummy; | |
731 | while (isdigit(*(--p)) || *p == ','); | |
732 | if (*p == ' ') | |
733 | { | |
734 | *p++ = 0; | |
ff790e47 | 735 | (void)sscanf(CS p, "%d,%d", &dummy, &pno); |
059ec3d9 PH |
736 | } |
737 | } | |
738 | ||
739 | /* Handle early Exim 4 spool files */ | |
740 | ||
741 | else if (*p == ' ') | |
742 | { | |
743 | *p++ = 0; | |
ff790e47 | 744 | (void)sscanf(CS p, "%d", &pno); |
059ec3d9 PH |
745 | } |
746 | ||
747 | /* Handle current format Exim 4 spool files */ | |
748 | ||
749 | else if (*p == '#') | |
750 | { | |
751 | int flags; | |
6c1c3d1d | 752 | |
50dc7409 | 753 | #if !defined (COMPILE_UTILITY) |
e91ad4a7 JH |
754 | DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n"); |
755 | #endif | |
6c1c3d1d | 756 | |
ff790e47 | 757 | (void)sscanf(CS p+1, "%d", &flags); |
059ec3d9 PH |
758 | |
759 | if ((flags & 0x01) != 0) /* one_time data exists */ | |
760 | { | |
761 | int len; | |
762 | while (isdigit(*(--p)) || *p == ',' || *p == '-'); | |
ff790e47 | 763 | (void)sscanf(CS p+1, "%d,%d", &len, &pno); |
059ec3d9 PH |
764 | *p = 0; |
765 | if (len > 0) | |
766 | { | |
767 | p -= len; | |
768 | errors_to = string_copy(p); | |
94431adb | 769 | } |
6c1c3d1d WB |
770 | } |
771 | ||
772 | *(--p) = 0; /* Terminate address */ | |
6c1c3d1d WB |
773 | if ((flags & 0x02) != 0) /* one_time data exists */ |
774 | { | |
775 | int len; | |
776 | while (isdigit(*(--p)) || *p == ',' || *p == '-'); | |
777 | (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags); | |
778 | *p = 0; | |
779 | if (len > 0) | |
780 | { | |
781 | p -= len; | |
782 | orcpt = string_copy(p); | |
94431adb | 783 | } |
059ec3d9 PH |
784 | } |
785 | ||
786 | *(--p) = 0; /* Terminate address */ | |
6c1c3d1d | 787 | } |
50dc7409 | 788 | #if !defined(COMPILE_UTILITY) |
6c1c3d1d | 789 | else |
e91ad4a7 | 790 | { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); } |
6c1c3d1d WB |
791 | |
792 | if ((orcpt != NULL) || (dsn_flags != 0)) | |
793 | { | |
794 | DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n", | |
795 | big_buffer, orcpt, dsn_flags); | |
796 | } | |
797 | if (errors_to != NULL) | |
798 | { | |
799 | DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n", | |
800 | big_buffer, errors_to); | |
059ec3d9 | 801 | } |
50dc7409 | 802 | #endif |
059ec3d9 PH |
803 | |
804 | recipients_list[recipients_count].address = string_copy(big_buffer); | |
805 | recipients_list[recipients_count].pno = pno; | |
806 | recipients_list[recipients_count].errors_to = errors_to; | |
6c1c3d1d WB |
807 | recipients_list[recipients_count].orcpt = orcpt; |
808 | recipients_list[recipients_count].dsn_flags = dsn_flags; | |
059ec3d9 PH |
809 | } |
810 | ||
811 | /* The remainder of the spool header file contains the headers for the message, | |
812 | separated off from the previous data by a blank line. Each header is preceded | |
813 | by a count of its length and either a certain letter (for various identified | |
814 | headers), space (for a miscellaneous live header) or an asterisk (for a header | |
815 | that has been rewritten). Count the Received: headers. We read the headers | |
816 | always, in order to check on the format of the file, but only create a header | |
817 | list if requested to do so. */ | |
818 | ||
819 | inheader = TRUE; | |
820 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
821 | if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR; | |
822 | ||
823 | while ((n = fgetc(f)) != EOF) | |
824 | { | |
825 | header_line *h; | |
826 | uschar flag[4]; | |
827 | int i; | |
828 | ||
829 | if (!isdigit(n)) goto SPOOL_FORMAT_ERROR; | |
1ac6b2e7 JH |
830 | if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF) |
831 | goto SPOOL_READ_ERROR; | |
059ec3d9 PH |
832 | if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */ |
833 | ||
834 | if (read_headers) | |
835 | { | |
836 | h = store_get(sizeof(header_line)); | |
837 | h->next = NULL; | |
838 | h->type = flag[0]; | |
839 | h->slen = n; | |
840 | h->text = store_get(n+1); | |
841 | ||
842 | if (h->type == htype_received) received_count++; | |
843 | ||
844 | if (header_list == NULL) header_list = h; | |
845 | else header_last->next = h; | |
846 | header_last = h; | |
847 | ||
848 | for (i = 0; i < n; i++) | |
849 | { | |
850 | int c = fgetc(f); | |
851 | if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR; | |
852 | if (c == '\n' && h->type != htype_old) message_linecount++; | |
853 | h->text[i] = c; | |
854 | } | |
855 | h->text[i] = 0; | |
856 | } | |
857 | ||
858 | /* Not requiring header data, just skip through the bytes */ | |
859 | ||
860 | else for (i = 0; i < n; i++) | |
861 | { | |
862 | int c = fgetc(f); | |
863 | if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR; | |
864 | } | |
865 | } | |
866 | ||
867 | /* We have successfully read the data in the header file. Update the message | |
868 | line count by adding the body linecount to the header linecount. Close the file | |
869 | and give a positive response. */ | |
870 | ||
871 | #ifndef COMPILE_UTILITY | |
872 | DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n", | |
873 | body_linecount, message_linecount); | |
874 | #endif /* COMPILE_UTILITY */ | |
875 | ||
876 | message_linecount += body_linecount; | |
877 | ||
878 | fclose(f); | |
879 | return spool_read_OK; | |
880 | ||
881 | ||
882 | /* There was an error reading the spool or there was missing data, | |
883 | or there was a format error. A "read error" with no errno means an | |
884 | unexpected EOF, which we treat as a format error. */ | |
885 | ||
886 | SPOOL_READ_ERROR: | |
887 | if (errno != 0) | |
888 | { | |
889 | n = errno; | |
890 | ||
e91ad4a7 | 891 | #ifndef COMPILE_UTILITY |
059ec3d9 | 892 | DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name); |
e91ad4a7 | 893 | #endif /* COMPILE_UTILITY */ |
059ec3d9 PH |
894 | |
895 | fclose(f); | |
896 | errno = n; | |
897 | return inheader? spool_read_hdrerror : spool_read_enverror; | |
898 | } | |
899 | ||
900 | SPOOL_FORMAT_ERROR: | |
901 | ||
902 | #ifndef COMPILE_UTILITY | |
903 | DEBUG(D_any) debug_printf("Format error in spool file %s\n", name); | |
904 | #endif /* COMPILE_UTILITY */ | |
905 | ||
906 | fclose(f); | |
907 | errno = ERRNO_SPOOLFORMAT; | |
908 | return inheader? spool_read_hdrerror : spool_read_enverror; | |
909 | } | |
910 | ||
9d1c15ef JH |
911 | /* vi: aw ai sw=2 |
912 | */ | |
059ec3d9 | 913 | /* End of spool_in.c */ |