Commit | Line | Data |
---|---|---|
ebb6e6d5 | 1 | /* $Cambridge: exim/src/src/spool_in.c,v 1.10 2005/04/07 10:10:01 ph10 Exp $ */ |
059ec3d9 PH |
2 | |
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
c988f1f4 | 7 | /* Copyright (c) University of Cambridge 1995 - 2005 */ |
059ec3d9 PH |
8 | /* See the file NOTICE for conditions of use and distribution. */ |
9 | ||
10 | /* Functions for reading spool files. When compiling for a utility (eximon), | |
11 | not all are needed, and some functionality can be cut out. */ | |
12 | ||
13 | ||
14 | #include "exim.h" | |
15 | ||
16 | ||
17 | ||
18 | #ifndef COMPILE_UTILITY | |
19 | /************************************************* | |
20 | * Open and lock data file * | |
21 | *************************************************/ | |
22 | ||
23 | /* The data file is the one that is used for locking, because the header file | |
24 | can get replaced during delivery because of header rewriting. The file has | |
25 | to opened with write access so that we can get an exclusive lock, but in | |
26 | fact it won't be written to. Just in case there's a major disaster (e.g. | |
27 | overwriting some other file descriptor with the value of this one), open it | |
28 | with append. | |
29 | ||
30 | Argument: the id of the message | |
31 | Returns: TRUE if file successfully opened and locked | |
32 | ||
33 | Side effect: deliver_datafile is set to the fd of the open file. | |
34 | */ | |
35 | ||
36 | BOOL | |
37 | spool_open_datafile(uschar *id) | |
38 | { | |
39 | int i; | |
40 | struct stat statbuf; | |
41 | flock_t lock_data; | |
42 | uschar spoolname[256]; | |
43 | ||
44 | /* If split_spool_directory is set, first look for the file in the appropriate | |
45 | sub-directory of the input directory. If it is not found there, try the input | |
46 | directory itself, to pick up leftovers from before the splitting. If split_ | |
47 | spool_directory is not set, first look in the main input directory. If it is | |
48 | not found there, try the split sub-directory, in case it is left over from a | |
49 | splitting state. */ | |
50 | ||
51 | for (i = 0; i < 2; i++) | |
52 | { | |
53 | int save_errno; | |
54 | message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0; | |
55 | sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); | |
56 | deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0); | |
57 | if (deliver_datafile >= 0) break; | |
58 | save_errno = errno; | |
59 | if (errno == ENOENT) | |
60 | { | |
61 | if (i == 0) continue; | |
62 | if (!queue_running) | |
63 | log_write(0, LOG_MAIN, "Spool file %s-D not found", id); | |
64 | } | |
65 | else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname, | |
66 | strerror(errno)); | |
67 | errno = save_errno; | |
68 | return FALSE; | |
69 | } | |
70 | ||
71 | /* File is open and message_subdir is set. Set the close-on-exec flag, and lock | |
72 | the file. We lock only the first line of the file (containing the message ID) | |
73 | because this apparently is needed for running Exim under Cygwin. If the entire | |
74 | file is locked in one process, a sub-process cannot access it, even when passed | |
75 | an open file descriptor (at least, I think that's the Cygwin story). On real | |
76 | Unix systems it doesn't make any difference as long as Exim is consistent in | |
77 | what it locks. */ | |
78 | ||
79 | fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) | | |
80 | FD_CLOEXEC); | |
81 | ||
82 | lock_data.l_type = F_WRLCK; | |
83 | lock_data.l_whence = SEEK_SET; | |
84 | lock_data.l_start = 0; | |
85 | lock_data.l_len = SPOOL_DATA_START_OFFSET; | |
86 | ||
87 | if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0) | |
88 | { | |
89 | log_write(L_skip_delivery, | |
90 | LOG_MAIN, | |
91 | "Spool file is locked (another process is handling this message)"); | |
92 | close(deliver_datafile); | |
93 | deliver_datafile = -1; | |
94 | errno = 0; | |
95 | return FALSE; | |
96 | } | |
97 | ||
98 | /* Get the size of the data; don't include the leading filename line | |
99 | in the count, but add one for the newline before the data. */ | |
100 | ||
101 | if (fstat(deliver_datafile, &statbuf) == 0) | |
102 | { | |
103 | message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET; | |
104 | message_size = message_body_size + 1; | |
105 | } | |
106 | ||
107 | return TRUE; | |
108 | } | |
109 | #endif /* COMPILE_UTILITY */ | |
110 | ||
111 | ||
112 | ||
113 | /************************************************* | |
114 | * Read non-recipients tree from spool file * | |
115 | *************************************************/ | |
116 | ||
117 | /* The tree of non-recipients is written to the spool file in a form that | |
118 | makes it easy to read back into a tree. The format is as follows: | |
119 | ||
120 | . Each node is preceded by two letter(Y/N) indicating whether it has left | |
121 | or right children. There's one space after the two flags, before the name. | |
122 | ||
123 | . The left subtree (if any) then follows, then the right subtree (if any). | |
124 | ||
125 | This function is entered with the next input line in the buffer. Note we must | |
126 | save the right flag before recursing with the same buffer. | |
127 | ||
128 | Once the tree is read, we re-construct the balance fields by scanning the tree. | |
129 | I forgot to write them out originally, and the compatible fix is to do it this | |
130 | way. This initial local recursing function does the necessary. | |
131 | ||
132 | Arguments: | |
133 | node tree node | |
134 | ||
135 | Returns: maximum depth below the node, including the node itself | |
136 | */ | |
137 | ||
138 | static int | |
139 | count_below(tree_node *node) | |
140 | { | |
141 | int nleft, nright; | |
142 | if (node == NULL) return 0; | |
143 | nleft = count_below(node->left); | |
144 | nright = count_below(node->right); | |
145 | node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0); | |
146 | return 1 + ((nleft > nright)? nleft : nright); | |
147 | } | |
148 | ||
149 | /* This is the real function... | |
150 | ||
151 | Arguments: | |
152 | connect pointer to the root of the tree | |
153 | f FILE to read data from | |
154 | buffer contains next input line; further lines read into it | |
155 | buffer_size size of the buffer | |
156 | ||
157 | Returns: FALSE on format error | |
158 | */ | |
159 | ||
160 | static BOOL | |
161 | read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer, | |
162 | int buffer_size) | |
163 | { | |
164 | tree_node *node; | |
165 | int n = Ustrlen(buffer); | |
166 | BOOL right = buffer[1] == 'Y'; | |
167 | ||
168 | if (n < 5) return FALSE; /* malformed line */ | |
169 | buffer[n-1] = 0; /* Remove \n */ | |
170 | node = store_get(sizeof(tree_node) + n - 3); | |
171 | *connect = node; | |
172 | Ustrcpy(node->name, buffer + 3); | |
173 | node->data.ptr = NULL; | |
174 | ||
175 | if (buffer[0] == 'Y') | |
176 | { | |
177 | if (Ufgets(buffer, buffer_size, f) == NULL || | |
178 | !read_nonrecipients_tree(&node->left, f, buffer, buffer_size)) | |
179 | return FALSE; | |
180 | } | |
181 | else node->left = NULL; | |
182 | ||
183 | if (right) | |
184 | { | |
185 | if (Ufgets(buffer, buffer_size, f) == NULL || | |
186 | !read_nonrecipients_tree(&node->right, f, buffer, buffer_size)) | |
187 | return FALSE; | |
188 | } | |
189 | else node->right = NULL; | |
190 | ||
191 | (void) count_below(*connect); | |
192 | return TRUE; | |
193 | } | |
194 | ||
195 | ||
196 | ||
197 | ||
198 | /************************************************* | |
199 | * Read spool header file * | |
200 | *************************************************/ | |
201 | ||
202 | /* This function reads a spool header file and places the data into the | |
203 | appropriate global variables. The header portion is always read, but header | |
204 | structures are built only if read_headers is set true. It isn't, for example, | |
205 | while generating -bp output. | |
206 | ||
207 | It may be possible for blocks of nulls (binary zeroes) to get written on the | |
208 | end of a file if there is a system crash during writing. It was observed on an | |
209 | earlier version of Exim that omitted to fsync() the files - this is thought to | |
210 | have been the cause of that incident, but in any case, this code must be robust | |
211 | against such an event, and if such a file is encountered, it must be treated as | |
212 | malformed. | |
213 | ||
214 | Arguments: | |
215 | name name of the header file, including the -H | |
216 | read_headers TRUE if in-store header structures are to be built | |
217 | subdir_set TRUE is message_subdir is already set | |
218 | ||
219 | Returns: spool_read_OK success | |
220 | spool_read_notopen open failed | |
221 | spool_read_enverror error in the envelope portion | |
222 | spool_read_hdrdrror error in the header portion | |
223 | */ | |
224 | ||
225 | int | |
226 | spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set) | |
227 | { | |
228 | FILE *f = NULL; | |
229 | int n; | |
230 | int rcount = 0; | |
231 | long int uid, gid; | |
232 | BOOL inheader = FALSE; | |
1e70f85b | 233 | uschar *p; |
059ec3d9 PH |
234 | |
235 | /* Reset all the global variables to their default values. However, there is | |
236 | one exception. DO NOT change the default value of dont_deliver, because it may | |
237 | be forced by an external setting. */ | |
238 | ||
239 | for (n = 0; n < ACL_C_MAX + ACL_M_MAX; n++) acl_var[n] = NULL; | |
240 | ||
241 | authenticated_id = NULL; | |
242 | authenticated_sender = NULL; | |
243 | allow_unqualified_recipient = FALSE; | |
244 | allow_unqualified_sender = FALSE; | |
245 | body_linecount = 0; | |
246 | body_zerocount = 0; | |
247 | deliver_firsttime = FALSE; | |
248 | deliver_freeze = FALSE; | |
249 | deliver_frozen_at = 0; | |
250 | deliver_manual_thaw = FALSE; | |
251 | /* dont_deliver must NOT be reset */ | |
252 | header_list = header_last = NULL; | |
b08b24c8 | 253 | host_lookup_deferred = FALSE; |
059ec3d9 PH |
254 | host_lookup_failed = FALSE; |
255 | interface_address = NULL; | |
256 | interface_port = 0; | |
257 | local_error_message = FALSE; | |
258 | local_scan_data = NULL; | |
259 | message_linecount = 0; | |
260 | received_protocol = NULL; | |
261 | received_count = 0; | |
262 | recipients_list = NULL; | |
263 | sender_address = NULL; | |
264 | sender_fullhost = NULL; | |
265 | sender_helo_name = NULL; | |
266 | sender_host_address = NULL; | |
267 | sender_host_name = NULL; | |
268 | sender_host_port = 0; | |
269 | sender_host_authenticated = NULL; | |
270 | sender_ident = NULL; | |
271 | sender_local = FALSE; | |
272 | sender_set_untrusted = FALSE; | |
1f5b4c3d | 273 | smtp_active_hostname = primary_hostname; |
059ec3d9 PH |
274 | tree_nonrecipients = NULL; |
275 | ||
8523533c TK |
276 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
277 | bmi_run = 0; | |
278 | bmi_verdicts = NULL; | |
279 | #endif | |
280 | ||
fb2274d4 TK |
281 | #ifdef EXPERIMENTAL_DOMAINKEYS |
282 | dk_do_verify = 0; | |
283 | #endif | |
284 | ||
059ec3d9 PH |
285 | #ifdef SUPPORT_TLS |
286 | tls_certificate_verified = FALSE; | |
287 | tls_cipher = NULL; | |
288 | tls_peerdn = NULL; | |
289 | #endif | |
290 | ||
8523533c | 291 | #ifdef WITH_CONTENT_SCAN |
8523533c TK |
292 | spam_score_int = NULL; |
293 | #endif | |
294 | ||
059ec3d9 PH |
295 | /* Generate the full name and open the file. If message_subdir is already |
296 | set, just look in the given directory. Otherwise, look in both the split | |
297 | and unsplit directories, as for the data file above. */ | |
298 | ||
299 | for (n = 0; n < 2; n++) | |
300 | { | |
301 | if (!subdir_set) | |
302 | message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0; | |
303 | sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, | |
304 | name); | |
305 | f = Ufopen(big_buffer, "rb"); | |
306 | if (f != NULL) break; | |
307 | if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen; | |
308 | } | |
309 | ||
310 | errno = 0; | |
311 | ||
312 | #ifndef COMPILE_UTILITY | |
313 | DEBUG(D_deliver) debug_printf("reading spool file %s\n", name); | |
314 | #endif /* COMPILE_UTILITY */ | |
315 | ||
316 | /* The first line of a spool file contains the message id followed by -H (i.e. | |
317 | the file name), in order to make the file self-identifying. */ | |
318 | ||
319 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
320 | if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 || | |
321 | Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0) | |
322 | goto SPOOL_FORMAT_ERROR; | |
323 | ||
324 | /* The next three lines in the header file are in a fixed format. The first | |
325 | contains the login, uid, and gid of the user who caused the file to be written. | |
ebb6e6d5 PH |
326 | There are known cases where a negative gid is used, so we allow for both |
327 | negative uids and gids. The second contains the mail address of the message's | |
328 | sender, enclosed in <>. The third contains the time the message was received, | |
329 | and the number of warning messages for delivery delays that have been sent. */ | |
059ec3d9 PH |
330 | |
331 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
332 | ||
1e70f85b PH |
333 | p = big_buffer + Ustrlen(big_buffer); |
334 | while (p > big_buffer && isspace(p[-1])) p--; | |
335 | *p = 0; | |
336 | if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; | |
ebb6e6d5 | 337 | while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; |
1e70f85b PH |
338 | gid = Uatoi(p); |
339 | if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; | |
340 | *p = 0; | |
341 | if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; | |
ebb6e6d5 | 342 | while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; |
1e70f85b PH |
343 | uid = Uatoi(p); |
344 | if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; | |
345 | *p = 0; | |
8e669ac1 | 346 | |
1e70f85b | 347 | originator_login = string_copy(big_buffer); |
059ec3d9 PH |
348 | originator_uid = (uid_t)uid; |
349 | originator_gid = (gid_t)gid; | |
350 | ||
351 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
352 | n = Ustrlen(big_buffer); | |
353 | if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>') | |
354 | goto SPOOL_FORMAT_ERROR; | |
355 | ||
356 | sender_address = store_get(n-2); | |
357 | Ustrncpy(sender_address, big_buffer+1, n-3); | |
358 | sender_address[n-3] = 0; | |
359 | ||
360 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
361 | if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2) | |
362 | goto SPOOL_FORMAT_ERROR; | |
363 | ||
364 | message_age = time(NULL) - received_time; | |
365 | ||
366 | #ifndef COMPILE_UTILITY | |
367 | DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n", | |
368 | originator_login, (long int)originator_uid, (long int)originator_gid, | |
369 | sender_address); | |
370 | #endif /* COMPILE_UTILITY */ | |
371 | ||
372 | /* Now there may be a number of optional lines, each starting with "-". | |
373 | If you add a new setting here, make sure you set the default above. */ | |
374 | ||
375 | for (;;) | |
376 | { | |
377 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
378 | if (big_buffer[0] != '-') break; | |
379 | ||
380 | big_buffer[Ustrlen(big_buffer) - 1] = 0; | |
381 | if (Ustrncmp(big_buffer, "-acl ", 5) == 0) | |
382 | { | |
383 | int index, count; | |
384 | if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2) | |
385 | goto SPOOL_FORMAT_ERROR; | |
386 | /* Ignore if index too big - might be if a later release with more | |
387 | variables built this spool file. */ | |
388 | if (index < ACL_C_MAX + ACL_M_MAX) | |
389 | { | |
390 | acl_var[index] = store_get(count + 1); | |
391 | if (fread(acl_var[index], 1, count+1, f) < count) goto SPOOL_READ_ERROR; | |
392 | acl_var[index][count] = 0; | |
393 | } | |
394 | } | |
395 | else if (Ustrcmp(big_buffer, "-local") == 0) sender_local = TRUE; | |
396 | else if (Ustrcmp(big_buffer, "-localerror") == 0) | |
397 | local_error_message = TRUE; | |
398 | else if (Ustrncmp(big_buffer, "-local_scan ", 12) == 0) | |
399 | local_scan_data = string_copy(big_buffer + 12); | |
8e669ac1 | 400 | #ifdef WITH_CONTENT_SCAN |
8523533c | 401 | else if (Ustrncmp(big_buffer, "-spam_score_int ", 16) == 0) |
8e669ac1 | 402 | spam_score_int = string_copy(big_buffer + 16); |
8523533c TK |
403 | #endif |
404 | #ifdef EXPERIMENTAL_BRIGHTMAIL | |
405 | else if (Ustrncmp(big_buffer, "-bmi_verdicts ", 14) == 0) | |
406 | bmi_verdicts = string_copy(big_buffer + 14); | |
407 | #endif | |
b08b24c8 PH |
408 | else if (Ustrcmp(big_buffer, "-host_lookup_deferred") == 0) |
409 | host_lookup_deferred = TRUE; | |
059ec3d9 PH |
410 | else if (Ustrcmp(big_buffer, "-host_lookup_failed") == 0) |
411 | host_lookup_failed = TRUE; | |
412 | else if (Ustrncmp(big_buffer, "-body_linecount", 15) == 0) | |
413 | body_linecount = Uatoi(big_buffer + 15); | |
414 | else if (Ustrncmp(big_buffer, "-body_zerocount", 15) == 0) | |
415 | body_zerocount = Uatoi(big_buffer + 15); | |
416 | else if (Ustrncmp(big_buffer, "-frozen", 7) == 0) | |
417 | { | |
418 | deliver_freeze = TRUE; | |
419 | deliver_frozen_at = Uatoi(big_buffer + 7); | |
420 | } | |
421 | else if (Ustrcmp(big_buffer, "-allow_unqualified_recipient") == 0) | |
422 | allow_unqualified_recipient = TRUE; | |
423 | else if (Ustrcmp(big_buffer, "-allow_unqualified_sender") == 0) | |
424 | allow_unqualified_sender = TRUE; | |
425 | else if (Ustrcmp(big_buffer, "-deliver_firsttime") == 0) | |
426 | deliver_firsttime = TRUE; | |
427 | else if (Ustrcmp(big_buffer, "-manual_thaw") == 0) | |
428 | deliver_manual_thaw = TRUE; | |
429 | else if (Ustrncmp(big_buffer, "-auth_id", 8) == 0) | |
430 | authenticated_id = string_copy(big_buffer + 9); | |
431 | else if (Ustrncmp(big_buffer, "-auth_sender", 12) == 0) | |
432 | authenticated_sender = string_copy(big_buffer + 13); | |
433 | else if (Ustrncmp(big_buffer, "-sender_set_untrusted", 21) == 0) | |
434 | sender_set_untrusted = TRUE; | |
435 | ||
436 | #ifdef SUPPORT_TLS | |
437 | else if (Ustrncmp(big_buffer, "-tls_certificate_verified", 25) == 0) | |
438 | tls_certificate_verified = TRUE; | |
439 | else if (Ustrncmp(big_buffer, "-tls_cipher", 11) == 0) | |
440 | tls_cipher = string_copy(big_buffer + 12); | |
441 | else if (Ustrncmp(big_buffer, "-tls_peerdn", 11) == 0) | |
442 | tls_peerdn = string_copy(big_buffer + 12); | |
443 | #endif | |
444 | ||
445 | /* We now record the port number after the address, separated by a | |
446 | dot. For compatibility during upgrading, do nothing if there | |
447 | isn't a value (it gets left at zero). */ | |
448 | ||
449 | else if (Ustrncmp(big_buffer, "-host_address", 13) == 0) | |
450 | { | |
451 | sender_host_port = host_extract_port(big_buffer + 14); | |
452 | sender_host_address = string_copy(big_buffer + 14); | |
453 | } | |
454 | ||
455 | else if (Ustrncmp(big_buffer, "-interface_address", 18) == 0) | |
456 | { | |
457 | interface_port = host_extract_port(big_buffer + 19); | |
458 | interface_address = string_copy(big_buffer + 19); | |
459 | } | |
460 | ||
1f5b4c3d | 461 | else if (Ustrncmp(big_buffer, "-active_hostname", 16) == 0) |
8e669ac1 | 462 | smtp_active_hostname = string_copy(big_buffer + 17); |
059ec3d9 PH |
463 | else if (Ustrncmp(big_buffer, "-host_auth", 10) == 0) |
464 | sender_host_authenticated = string_copy(big_buffer + 11); | |
465 | else if (Ustrncmp(big_buffer, "-host_name", 10) == 0) | |
466 | sender_host_name = string_copy(big_buffer + 11); | |
467 | else if (Ustrncmp(big_buffer, "-helo_name", 10) == 0) | |
468 | sender_helo_name = string_copy(big_buffer + 11); | |
469 | else if (Ustrncmp(big_buffer, "-ident", 6) == 0) | |
470 | sender_ident = string_copy(big_buffer + 7); | |
471 | else if (Ustrncmp(big_buffer, "-received_protocol", 18) == 0) | |
472 | received_protocol = string_copy(big_buffer + 19); | |
473 | else if (Ustrncmp(big_buffer, "-N", 2) == 0) | |
474 | dont_deliver = TRUE; | |
475 | ||
476 | /* To allow new versions of Exim that add additional flags to interwork | |
477 | with older versions that do not understand them, just ignore any flagged | |
478 | lines that we don't recognize. Otherwise it wouldn't be possible to back | |
479 | off a new version that left new-style flags written on the spool. That's | |
480 | why the following line is commented out. */ | |
481 | ||
482 | /* else goto SPOOL_FORMAT_ERROR; */ | |
483 | } | |
484 | ||
485 | /* Build sender_fullhost if required */ | |
486 | ||
487 | #ifndef COMPILE_UTILITY | |
488 | host_build_sender_fullhost(); | |
489 | #endif /* COMPILE_UTILITY */ | |
490 | ||
491 | #ifndef COMPILE_UTILITY | |
492 | DEBUG(D_deliver) | |
493 | debug_printf("sender_local=%d ident=%s\n", sender_local, | |
494 | (sender_ident == NULL)? US"unset" : sender_ident); | |
495 | #endif /* COMPILE_UTILITY */ | |
496 | ||
497 | /* We now have the tree of addresses NOT to deliver to, or a line | |
498 | containing "XX", indicating no tree. */ | |
499 | ||
500 | if (Ustrncmp(big_buffer, "XX\n", 3) != 0 && | |
501 | !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size)) | |
502 | goto SPOOL_FORMAT_ERROR; | |
503 | ||
504 | #ifndef COMPILE_UTILITY | |
505 | DEBUG(D_deliver) | |
506 | { | |
507 | debug_printf("Non-recipients:\n"); | |
508 | debug_print_tree(tree_nonrecipients); | |
509 | } | |
510 | #endif /* COMPILE_UTILITY */ | |
511 | ||
512 | /* After reading the tree, the next line has not yet been read into the | |
513 | buffer. It contains the count of recipients which follow on separate lines. */ | |
514 | ||
515 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
516 | if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR; | |
517 | ||
518 | #ifndef COMPILE_UTILITY | |
519 | DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount); | |
520 | #endif /* COMPILE_UTILITY */ | |
521 | ||
522 | recipients_list_max = rcount; | |
523 | recipients_list = store_get(rcount * sizeof(recipient_item)); | |
524 | ||
525 | for (recipients_count = 0; recipients_count < rcount; recipients_count++) | |
526 | { | |
527 | int nn; | |
528 | int pno = -1; | |
529 | uschar *errors_to = NULL; | |
530 | uschar *p; | |
531 | ||
532 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
533 | nn = Ustrlen(big_buffer); | |
534 | if (nn < 2) goto SPOOL_FORMAT_ERROR; | |
535 | ||
536 | /* Remove the newline; this terminates the address if there is no additional | |
537 | data on the line. */ | |
538 | ||
539 | p = big_buffer + nn - 1; | |
540 | *p-- = 0; | |
541 | ||
542 | /* Look back from the end of the line for digits and special terminators. | |
543 | Since an address must end with a domain, we can tell that extra data is | |
544 | present by the presence of the terminator, which is always some character | |
545 | that cannot exist in a domain. (If I'd thought of the need for additional | |
546 | data early on, I'd have put it at the start, with the address at the end. As | |
547 | it is, we have to operate backwards. Addresses are permitted to contain | |
548 | spaces, you see.) | |
549 | ||
550 | This code has to cope with various versions of this data that have evolved | |
551 | over time. In all cases, the line might just contain an address, with no | |
552 | additional data. Otherwise, the possibilities are as follows: | |
553 | ||
554 | Exim 3 type: <address><space><digits>,<digits>,<digits> | |
555 | ||
556 | The second set of digits is the parent number for one_time addresses. The | |
557 | other values were remnants of earlier experiments that were abandoned. | |
558 | ||
559 | Exim 4 first type: <address><space><digits> | |
560 | ||
561 | The digits are the parent number for one_time addresses. | |
562 | ||
563 | Exim 4 new type: <address><space><data>#<type bits> | |
564 | ||
565 | The type bits indicate what the contents of the data are. | |
566 | ||
567 | Bit 01 indicates that, reading from right to left, the data | |
568 | ends with <errors_to address><space><len>,<pno> where pno is | |
569 | the parent number for one_time addresses, and len is the length | |
570 | of the errors_to address (zero meaning none). | |
571 | */ | |
572 | ||
573 | while (isdigit(*p)) p--; | |
574 | ||
575 | /* Handle Exim 3 spool files */ | |
576 | ||
577 | if (*p == ',') | |
578 | { | |
579 | int dummy; | |
580 | while (isdigit(*(--p)) || *p == ','); | |
581 | if (*p == ' ') | |
582 | { | |
583 | *p++ = 0; | |
584 | sscanf(CS p, "%d,%d", &dummy, &pno); | |
585 | } | |
586 | } | |
587 | ||
588 | /* Handle early Exim 4 spool files */ | |
589 | ||
590 | else if (*p == ' ') | |
591 | { | |
592 | *p++ = 0; | |
593 | sscanf(CS p, "%d", &pno); | |
594 | } | |
595 | ||
596 | /* Handle current format Exim 4 spool files */ | |
597 | ||
598 | else if (*p == '#') | |
599 | { | |
600 | int flags; | |
601 | sscanf(CS p+1, "%d", &flags); | |
602 | ||
603 | if ((flags & 0x01) != 0) /* one_time data exists */ | |
604 | { | |
605 | int len; | |
606 | while (isdigit(*(--p)) || *p == ',' || *p == '-'); | |
607 | sscanf(CS p+1, "%d,%d", &len, &pno); | |
608 | *p = 0; | |
609 | if (len > 0) | |
610 | { | |
611 | p -= len; | |
612 | errors_to = string_copy(p); | |
613 | } | |
614 | } | |
615 | ||
616 | *(--p) = 0; /* Terminate address */ | |
617 | } | |
618 | ||
619 | recipients_list[recipients_count].address = string_copy(big_buffer); | |
620 | recipients_list[recipients_count].pno = pno; | |
621 | recipients_list[recipients_count].errors_to = errors_to; | |
622 | } | |
623 | ||
624 | /* The remainder of the spool header file contains the headers for the message, | |
625 | separated off from the previous data by a blank line. Each header is preceded | |
626 | by a count of its length and either a certain letter (for various identified | |
627 | headers), space (for a miscellaneous live header) or an asterisk (for a header | |
628 | that has been rewritten). Count the Received: headers. We read the headers | |
629 | always, in order to check on the format of the file, but only create a header | |
630 | list if requested to do so. */ | |
631 | ||
632 | inheader = TRUE; | |
633 | if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; | |
634 | if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR; | |
635 | ||
636 | while ((n = fgetc(f)) != EOF) | |
637 | { | |
638 | header_line *h; | |
639 | uschar flag[4]; | |
640 | int i; | |
641 | ||
642 | if (!isdigit(n)) goto SPOOL_FORMAT_ERROR; | |
643 | ungetc(n, f); | |
644 | fscanf(f, "%d%c ", &n, flag); | |
645 | if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */ | |
646 | ||
647 | if (read_headers) | |
648 | { | |
649 | h = store_get(sizeof(header_line)); | |
650 | h->next = NULL; | |
651 | h->type = flag[0]; | |
652 | h->slen = n; | |
653 | h->text = store_get(n+1); | |
654 | ||
655 | if (h->type == htype_received) received_count++; | |
656 | ||
657 | if (header_list == NULL) header_list = h; | |
658 | else header_last->next = h; | |
659 | header_last = h; | |
660 | ||
661 | for (i = 0; i < n; i++) | |
662 | { | |
663 | int c = fgetc(f); | |
664 | if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR; | |
665 | if (c == '\n' && h->type != htype_old) message_linecount++; | |
666 | h->text[i] = c; | |
667 | } | |
668 | h->text[i] = 0; | |
669 | } | |
670 | ||
671 | /* Not requiring header data, just skip through the bytes */ | |
672 | ||
673 | else for (i = 0; i < n; i++) | |
674 | { | |
675 | int c = fgetc(f); | |
676 | if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR; | |
677 | } | |
678 | } | |
679 | ||
680 | /* We have successfully read the data in the header file. Update the message | |
681 | line count by adding the body linecount to the header linecount. Close the file | |
682 | and give a positive response. */ | |
683 | ||
684 | #ifndef COMPILE_UTILITY | |
685 | DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n", | |
686 | body_linecount, message_linecount); | |
687 | #endif /* COMPILE_UTILITY */ | |
688 | ||
689 | message_linecount += body_linecount; | |
690 | ||
691 | fclose(f); | |
692 | return spool_read_OK; | |
693 | ||
694 | ||
695 | /* There was an error reading the spool or there was missing data, | |
696 | or there was a format error. A "read error" with no errno means an | |
697 | unexpected EOF, which we treat as a format error. */ | |
698 | ||
699 | SPOOL_READ_ERROR: | |
700 | if (errno != 0) | |
701 | { | |
702 | n = errno; | |
703 | ||
704 | #ifndef COMPILE_UTILITY | |
705 | DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name); | |
706 | #endif /* COMPILE_UTILITY */ | |
707 | ||
708 | fclose(f); | |
709 | errno = n; | |
710 | return inheader? spool_read_hdrerror : spool_read_enverror; | |
711 | } | |
712 | ||
713 | SPOOL_FORMAT_ERROR: | |
714 | ||
715 | #ifndef COMPILE_UTILITY | |
716 | DEBUG(D_any) debug_printf("Format error in spool file %s\n", name); | |
717 | #endif /* COMPILE_UTILITY */ | |
718 | ||
719 | fclose(f); | |
720 | errno = ERRNO_SPOOLFORMAT; | |
721 | return inheader? spool_read_hdrerror : spool_read_enverror; | |
722 | } | |
723 | ||
724 | /* End of spool_in.c */ |