projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Enable operator md5 and sha1 use on certificate variables. Bug 1170
[exim.git] / src / src / spool_in.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
c4ceed07 5/* Copyright (c) University of Cambridge 1995 - 2012 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Functions for reading spool files. When compiling for a utility (eximon),
9not all are needed, and some functionality can be cut out. */
10
11
12#include "exim.h"
13
14
15
16#ifndef COMPILE_UTILITY
17/*************************************************
18* Open and lock data file *
19*************************************************/
20
21/* The data file is the one that is used for locking, because the header file
22can get replaced during delivery because of header rewriting. The file has
23to opened with write access so that we can get an exclusive lock, but in
24fact it won't be written to. Just in case there's a major disaster (e.g.
25overwriting some other file descriptor with the value of this one), open it
26with append.
27
28Argument: the id of the message
29Returns: TRUE if file successfully opened and locked
30
31Side effect: deliver_datafile is set to the fd of the open file.
32*/
33
34BOOL
35spool_open_datafile(uschar *id)
36{
37int i;
38struct stat statbuf;
39flock_t lock_data;
40uschar spoolname[256];
41
42/* If split_spool_directory is set, first look for the file in the appropriate
43sub-directory of the input directory. If it is not found there, try the input
44directory itself, to pick up leftovers from before the splitting. If split_
45spool_directory is not set, first look in the main input directory. If it is
46not found there, try the split sub-directory, in case it is left over from a
47splitting state. */
48
49for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69/* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70the file. We lock only the first line of the file (containing the message ID)
71because this apparently is needed for running Exim under Cygwin. If the entire
72file is locked in one process, a sub-process cannot access it, even when passed
73an open file descriptor (at least, I think that's the Cygwin story). On real
74Unix systems it doesn't make any difference as long as Exim is consistent in
75what it locks. */
76
ff790e47 77(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
059ec3d9
PH		 78 FD_CLOEXEC);
79
80lock_data.l_type = F_WRLCK;
81lock_data.l_whence = SEEK_SET;
82lock_data.l_start = 0;
83lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
f1e894f3 90 (void)close(deliver_datafile);
059ec3d9
PH		 91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96/* Get the size of the data; don't include the leading filename line
97in the count, but add one for the newline before the data. */
98
99if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105return TRUE;
106}
107#endif /* COMPILE_UTILITY */
108
109
110
111/*************************************************
112* Read non-recipients tree from spool file *
113*************************************************/
114
115/* The tree of non-recipients is written to the spool file in a form that
116makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123This function is entered with the next input line in the buffer. Note we must
124save the right flag before recursing with the same buffer.
125
126Once the tree is read, we re-construct the balance fields by scanning the tree.
127I forgot to write them out originally, and the compatible fix is to do it this
128way. This initial local recursing function does the necessary.
129
130Arguments:
131 node tree node
132
133Returns: maximum depth below the node, including the node itself
134*/
135
136static int
137count_below(tree_node *node)
138{
139int nleft, nright;
140if (node == NULL) return 0;
141nleft = count_below(node->left);
142nright = count_below(node->right);
143node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144return 1 + ((nleft > nright)? nleft : nright);
145}
146
147/* This is the real function...
148
149Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155Returns: FALSE on format error
156*/
157
158static BOOL
159read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161{
162tree_node *node;
163int n = Ustrlen(buffer);
164BOOL right = buffer[1] == 'Y';
165
166if (n < 5) return FALSE; /* malformed line */
167buffer[n-1] = 0; /* Remove \n */
168node = store_get(sizeof(tree_node) + n - 3);
169*connect = node;
170Ustrcpy(node->name, buffer + 3);
171node->data.ptr = NULL;
172
173if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179else node->left = NULL;
180
181if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187else node->right = NULL;
188
189(void) count_below(*connect);
190return TRUE;
191}
192
193
194
195
196/*************************************************
197* Read spool header file *
198*************************************************/
199
200/* This function reads a spool header file and places the data into the
201appropriate global variables. The header portion is always read, but header
202structures are built only if read_headers is set true. It isn't, for example,
203while generating -bp output.
204
205It may be possible for blocks of nulls (binary zeroes) to get written on the
206end of a file if there is a system crash during writing. It was observed on an
207earlier version of Exim that omitted to fsync() the files - this is thought to
208have been the cause of that incident, but in any case, this code must be robust
209against such an event, and if such a file is encountered, it must be treated as
210malformed.
211
212Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221*/
222
223int
224spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225{
226FILE *f = NULL;
227int n;
228int rcount = 0;
229long int uid, gid;
230BOOL inheader = FALSE;
1e70f85b 231uschar *p;
059ec3d9
PH		 232
233/* Reset all the global variables to their default values. However, there is
234one exception. DO NOT change the default value of dont_deliver, because it may
235be forced by an external setting. */
236
38a0a95f 237acl_var_c = acl_var_m = NULL;
059ec3d9
PH		 238authenticated_id = NULL;
239authenticated_sender = NULL;
240allow_unqualified_recipient = FALSE;
241allow_unqualified_sender = FALSE;
242body_linecount = 0;
243body_zerocount = 0;
244deliver_firsttime = FALSE;
245deliver_freeze = FALSE;
246deliver_frozen_at = 0;
247deliver_manual_thaw = FALSE;
248/* dont_deliver must NOT be reset */
249header_list = header_last = NULL;
b08b24c8 250host_lookup_deferred = FALSE;
059ec3d9
PH		 251host_lookup_failed = FALSE;
252interface_address = NULL;
253interface_port = 0;
254local_error_message = FALSE;
255local_scan_data = NULL;
d677b2f2 256max_received_linelength = 0;
059ec3d9
PH		 257message_linecount = 0;
258received_protocol = NULL;
259received_count = 0;
260recipients_list = NULL;
261sender_address = NULL;
262sender_fullhost = NULL;
263sender_helo_name = NULL;
264sender_host_address = NULL;
265sender_host_name = NULL;
266sender_host_port = 0;
267sender_host_authenticated = NULL;
268sender_ident = NULL;
269sender_local = FALSE;
270sender_set_untrusted = FALSE;
1f5b4c3d 271smtp_active_hostname = primary_hostname;
059ec3d9
PH		 272tree_nonrecipients = NULL;
273
8523533c
TK		 274#ifdef EXPERIMENTAL_BRIGHTMAIL
275bmi_run = 0;
276bmi_verdicts = NULL;
277#endif
278
80a47a2c 279#ifndef DISABLE_DKIM
9e5d6b55 280dkim_signers = NULL;
80a47a2c
TK		 281dkim_disable_verify = FALSE;
282dkim_collect_input = FALSE;
f7572e5a
TK		 283#endif
284
059ec3d9 285#ifdef SUPPORT_TLS
817d9f57
JH		 286tls_in.certificate_verified = FALSE;
287tls_in.cipher = NULL;
9d1c15ef
JH		 288tls_in.ourcert = NULL;
289tls_in.peercert = NULL;
817d9f57
JH		 290tls_in.peerdn = NULL;
291tls_in.sni = NULL;
44662487 292tls_in.ocsp = OCSP_NOT_REQ;
7be682ca 293#endif
059ec3d9 294
8523533c 295#ifdef WITH_CONTENT_SCAN
8523533c
TK		 296spam_score_int = NULL;
297#endif
298
059ec3d9
PH		 299/* Generate the full name and open the file. If message_subdir is already
300set, just look in the given directory. Otherwise, look in both the split
301and unsplit directories, as for the data file above. */
302
303for (n = 0; n < 2; n++)
304 {
305 if (!subdir_set)
306 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
307 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
308 name);
309 f = Ufopen(big_buffer, "rb");
310 if (f != NULL) break;
311 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
312 }
313
314errno = 0;
315
316#ifndef COMPILE_UTILITY
317DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
318#endif /* COMPILE_UTILITY */
319
320/* The first line of a spool file contains the message id followed by -H (i.e.
321the file name), in order to make the file self-identifying. */
322
323if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
324if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
325 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
326 goto SPOOL_FORMAT_ERROR;
327
328/* The next three lines in the header file are in a fixed format. The first
329contains the login, uid, and gid of the user who caused the file to be written.
ebb6e6d5
PH		 330There are known cases where a negative gid is used, so we allow for both
331negative uids and gids. The second contains the mail address of the message's
332sender, enclosed in <>. The third contains the time the message was received,
333and the number of warning messages for delivery delays that have been sent. */
059ec3d9
PH		 334
335if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
336
1e70f85b
PH		 337p = big_buffer + Ustrlen(big_buffer);
338while (p > big_buffer && isspace(p[-1])) p--;
339*p = 0;
340if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
ebb6e6d5 341while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
1e70f85b
PH		 342gid = Uatoi(p);
343if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
344*p = 0;
345if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
ebb6e6d5 346while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
1e70f85b
PH		 347uid = Uatoi(p);
348if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
349*p = 0;
8e669ac1 350
1e70f85b 351originator_login = string_copy(big_buffer);
059ec3d9
PH		 352originator_uid = (uid_t)uid;
353originator_gid = (gid_t)gid;
354
355if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
356n = Ustrlen(big_buffer);
357if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
358 goto SPOOL_FORMAT_ERROR;
359
360sender_address = store_get(n-2);
361Ustrncpy(sender_address, big_buffer+1, n-3);
362sender_address[n-3] = 0;
363
364if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
365if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
366 goto SPOOL_FORMAT_ERROR;
367
368message_age = time(NULL) - received_time;
369
370#ifndef COMPILE_UTILITY
371DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
372 originator_login, (long int)originator_uid, (long int)originator_gid,
373 sender_address);
374#endif /* COMPILE_UTILITY */
375
08955dd3
PH		 376/* Now there may be a number of optional lines, each starting with "-". If you
377add a new setting here, make sure you set the default above.
059ec3d9 378
08955dd3
PH		 379Because there are now quite a number of different possibilities, we use a
380switch on the first character to avoid too many failing tests. Thanks to Nico
381Erfurth for the patch that implemented this. I have made it even more efficient
382by not re-scanning the first two characters.
383
384To allow new versions of Exim that add additional flags to interwork with older
385versions that do not understand them, just ignore any lines starting with "-"
386that we don't recognize. Otherwise it wouldn't be possible to back off a new
387version that left new-style flags written on the spool. */
388
389p = big_buffer + 2;
059ec3d9
PH		 390for (;;)
391 {
392 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
393 if (big_buffer[0] != '-') break;
059ec3d9 394 big_buffer[Ustrlen(big_buffer) - 1] = 0;
47ca6d6c 395
08955dd3 396 switch(big_buffer[1])
059ec3d9 397 {
08955dd3
PH		 398 case 'a':
399
400 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
401 variable, because Exim allows any number of them, with arbitrary names.
402 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
403 the c or m. */
404
405 if (Ustrncmp(p, "clc ", 4) == 0 ||
406 Ustrncmp(p, "clm ", 4) == 0)
407 {
408 uschar *name, *endptr;
409 int count;
410 tree_node *node;
411 endptr = Ustrchr(big_buffer + 6, ' ');
412 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
413 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
414 big_buffer + 6);
415 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
416 node = acl_var_create(name);
417 node->data.ptr = store_get(count + 1);
418 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
419 ((uschar*)node->data.ptr)[count] = 0;
420 }
421
422 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
423 allow_unqualified_recipient = TRUE;
424 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
425 allow_unqualified_sender = TRUE;
426
427 else if (Ustrncmp(p, "uth_id", 6) == 0)
428 authenticated_id = string_copy(big_buffer + 9);
429 else if (Ustrncmp(p, "uth_sender", 10) == 0)
430 authenticated_sender = string_copy(big_buffer + 13);
431 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
432 smtp_active_hostname = string_copy(big_buffer + 17);
433
434 /* For long-term backward compatibility, we recognize "-acl", which was
435 used before the number of ACL variables changed from 10 to 20. This was
436 before the subsequent change to an arbitrary number of named variables.
437 This code is retained so that upgrades from very old versions can still
438 handle old-format spool files. The value given after "-acl" is a number
439 that is 0-9 for connection variables, and 10-19 for message variables. */
440
441 else if (Ustrncmp(p, "cl ", 3) == 0)
442 {
443 int index, count;
8dce1a6f 444 uschar name[20]; /* Need plenty of space for %d format */
08955dd3
PH		 445 tree_node *node;
446 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
447 goto SPOOL_FORMAT_ERROR;
8dce1a6f
PH		 448 if (index < 10)
449 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
450 else if (index < 20) /* ignore out-of-range index */
451 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
08955dd3
PH		 452 node = acl_var_create(name);
453 node->data.ptr = store_get(count + 1);
454 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
455 ((uschar*)node->data.ptr)[count] = 0;
456 }
457 break;
458
459 case 'b':
460 if (Ustrncmp(p, "ody_linecount", 13) == 0)
461 body_linecount = Uatoi(big_buffer + 15);
462 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
463 body_zerocount = Uatoi(big_buffer + 15);
464 #ifdef EXPERIMENTAL_BRIGHTMAIL
465 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
466 bmi_verdicts = string_copy(big_buffer + 14);
467 #endif
468 break;
469
470 case 'd':
471 if (Ustrcmp(p, "eliver_firsttime") == 0)
472 deliver_firsttime = TRUE;
473 break;
474
475 case 'f':
476 if (Ustrncmp(p, "rozen", 5) == 0)
477 {
478 deliver_freeze = TRUE;
479 deliver_frozen_at = Uatoi(big_buffer + 7);
480 }
481 break;
482
483 case 'h':
484 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
485 host_lookup_deferred = TRUE;
486 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
487 host_lookup_failed = TRUE;
488 else if (Ustrncmp(p, "ost_auth", 8) == 0)
489 sender_host_authenticated = string_copy(big_buffer + 11);
490 else if (Ustrncmp(p, "ost_name", 8) == 0)
491 sender_host_name = string_copy(big_buffer + 11);
492 else if (Ustrncmp(p, "elo_name", 8) == 0)
493 sender_helo_name = string_copy(big_buffer + 11);
494
495 /* We now record the port number after the address, separated by a
496 dot. For compatibility during upgrading, do nothing if there
497 isn't a value (it gets left at zero). */
498
499 else if (Ustrncmp(p, "ost_address", 11) == 0)
500 {
501 sender_host_port = host_address_extract_port(big_buffer + 14);
502 sender_host_address = string_copy(big_buffer + 14);
503 }
504 break;
505
506 case 'i':
507 if (Ustrncmp(p, "nterface_address", 16) == 0)
508 {
509 interface_port = host_address_extract_port(big_buffer + 19);
510 interface_address = string_copy(big_buffer + 19);
511 }
512 else if (Ustrncmp(p, "dent", 4) == 0)
513 sender_ident = string_copy(big_buffer + 7);
514 break;
515
516 case 'l':
517 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
518 else if (Ustrcmp(big_buffer, "-localerror") == 0)
519 local_error_message = TRUE;
520 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
521 local_scan_data = string_copy(big_buffer + 12);
522 break;
523
524 case 'm':
525 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
d677b2f2
PH		 526 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
527 max_received_linelength = Uatoi(big_buffer + 24);
08955dd3
PH		 528 break;
529
530 case 'N':
531 if (*p == 0) dont_deliver = TRUE; /* -N */
532 break;
533
534 case 'r':
535 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
536 received_protocol = string_copy(big_buffer + 19);
537 break;
538
539 case 's':
540 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
541 sender_set_untrusted = TRUE;
542 #ifdef WITH_CONTENT_SCAN
543 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
544 spam_score_int = string_copy(big_buffer + 16);
545 #endif
546 break;
547
548 #ifdef SUPPORT_TLS
549 case 't':
550 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
817d9f57 551 tls_in.certificate_verified = TRUE;
08955dd3 552 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
817d9f57 553 tls_in.cipher = string_copy(big_buffer + 12);
9d1c15ef
JH		 554#ifndef COMPILE_UTILITY
555 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
556 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
557 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
558 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
559#endif
08955dd3 560 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
817d9f57 561 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
7be682ca 562 else if (Ustrncmp(p, "ls_sni", 6) == 0)
817d9f57 563 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
44662487
JH		 564 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
565 tls_in.ocsp = big_buffer[10] - '0';
08955dd3
PH		 566 break;
567 #endif
568
569 default: /* Present because some compilers complain if all */
570 break; /* possibilities are not covered. */
059ec3d9 571 }
059ec3d9
PH		 572 }
573
574/* Build sender_fullhost if required */
575
576#ifndef COMPILE_UTILITY
577host_build_sender_fullhost();
578#endif /* COMPILE_UTILITY */
579
580#ifndef COMPILE_UTILITY
581DEBUG(D_deliver)
582 debug_printf("sender_local=%d ident=%s\n", sender_local,
583 (sender_ident == NULL)? US"unset" : sender_ident);
584#endif /* COMPILE_UTILITY */
585
586/* We now have the tree of addresses NOT to deliver to, or a line
587containing "XX", indicating no tree. */
588
589if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
590 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
591 goto SPOOL_FORMAT_ERROR;
592
593#ifndef COMPILE_UTILITY
594DEBUG(D_deliver)
595 {
596 debug_printf("Non-recipients:\n");
597 debug_print_tree(tree_nonrecipients);
598 }
599#endif /* COMPILE_UTILITY */
600
601/* After reading the tree, the next line has not yet been read into the
602buffer. It contains the count of recipients which follow on separate lines. */
603
604if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
605if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
606
607#ifndef COMPILE_UTILITY
608DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
609#endif /* COMPILE_UTILITY */
610
611recipients_list_max = rcount;
612recipients_list = store_get(rcount * sizeof(recipient_item));
613
614for (recipients_count = 0; recipients_count < rcount; recipients_count++)
615 {
616 int nn;
617 int pno = -1;
618 uschar *errors_to = NULL;
619 uschar *p;
620
621 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
622 nn = Ustrlen(big_buffer);
623 if (nn < 2) goto SPOOL_FORMAT_ERROR;
624
625 /* Remove the newline; this terminates the address if there is no additional
626 data on the line. */
627
628 p = big_buffer + nn - 1;
629 *p-- = 0;
630
631 /* Look back from the end of the line for digits and special terminators.
632 Since an address must end with a domain, we can tell that extra data is
633 present by the presence of the terminator, which is always some character
634 that cannot exist in a domain. (If I'd thought of the need for additional
635 data early on, I'd have put it at the start, with the address at the end. As
636 it is, we have to operate backwards. Addresses are permitted to contain
637 spaces, you see.)
638
639 This code has to cope with various versions of this data that have evolved
640 over time. In all cases, the line might just contain an address, with no
641 additional data. Otherwise, the possibilities are as follows:
642
643 Exim 3 type: <address><space><digits>,<digits>,<digits>
644
645 The second set of digits is the parent number for one_time addresses. The
646 other values were remnants of earlier experiments that were abandoned.
647
648 Exim 4 first type: <address><space><digits>
649
650 The digits are the parent number for one_time addresses.
651
652 Exim 4 new type: <address><space><data>#<type bits>
653
654 The type bits indicate what the contents of the data are.
655
656 Bit 01 indicates that, reading from right to left, the data
657 ends with <errors_to address><space><len>,<pno> where pno is
658 the parent number for one_time addresses, and len is the length
659 of the errors_to address (zero meaning none).
660 */
661
662 while (isdigit(*p)) p--;
663
664 /* Handle Exim 3 spool files */
665
666 if (*p == ',')
667 {
668 int dummy;
669 while (isdigit(*(--p)) || *p == ',');
670 if (*p == ' ')
671 {
672 *p++ = 0;
ff790e47 673 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
059ec3d9
PH		 674 }
675 }
676
677 /* Handle early Exim 4 spool files */
678
679 else if (*p == ' ')
680 {
681 *p++ = 0;
ff790e47 682 (void)sscanf(CS p, "%d", &pno);
059ec3d9
PH		 683 }
684
685 /* Handle current format Exim 4 spool files */
686
687 else if (*p == '#')
688 {
689 int flags;
ff790e47 690 (void)sscanf(CS p+1, "%d", &flags);
059ec3d9
PH		 691
692 if ((flags & 0x01) != 0) /* one_time data exists */
693 {
694 int len;
695 while (isdigit(*(--p)) || *p == ',' || *p == '-');
ff790e47 696 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
059ec3d9
PH		 697 *p = 0;
698 if (len > 0)
699 {
700 p -= len;
701 errors_to = string_copy(p);
702 }
703 }
704
705 *(--p) = 0; /* Terminate address */
706 }
707
708 recipients_list[recipients_count].address = string_copy(big_buffer);
709 recipients_list[recipients_count].pno = pno;
710 recipients_list[recipients_count].errors_to = errors_to;
711 }
712
713/* The remainder of the spool header file contains the headers for the message,
714separated off from the previous data by a blank line. Each header is preceded
715by a count of its length and either a certain letter (for various identified
716headers), space (for a miscellaneous live header) or an asterisk (for a header
717that has been rewritten). Count the Received: headers. We read the headers
718always, in order to check on the format of the file, but only create a header
719list if requested to do so. */
720
721inheader = TRUE;
722if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
723if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
724
725while ((n = fgetc(f)) != EOF)
726 {
727 header_line *h;
728 uschar flag[4];
729 int i;
730
731 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
1ac6b2e7
JH		 732 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
733 goto SPOOL_READ_ERROR;
059ec3d9
PH		 734 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
735
736 if (read_headers)
737 {
738 h = store_get(sizeof(header_line));
739 h->next = NULL;
740 h->type = flag[0];
741 h->slen = n;
742 h->text = store_get(n+1);
743
744 if (h->type == htype_received) received_count++;
745
746 if (header_list == NULL) header_list = h;
747 else header_last->next = h;
748 header_last = h;
749
750 for (i = 0; i < n; i++)
751 {
752 int c = fgetc(f);
753 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
754 if (c == '\n' && h->type != htype_old) message_linecount++;
755 h->text[i] = c;
756 }
757 h->text[i] = 0;
758 }
759
760 /* Not requiring header data, just skip through the bytes */
761
762 else for (i = 0; i < n; i++)
763 {
764 int c = fgetc(f);
765 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
766 }
767 }
768
769/* We have successfully read the data in the header file. Update the message
770line count by adding the body linecount to the header linecount. Close the file
771and give a positive response. */
772
773#ifndef COMPILE_UTILITY
774DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
775 body_linecount, message_linecount);
776#endif /* COMPILE_UTILITY */
777
778message_linecount += body_linecount;
779
780fclose(f);
781return spool_read_OK;
782
783
784/* There was an error reading the spool or there was missing data,
785or there was a format error. A "read error" with no errno means an
786unexpected EOF, which we treat as a format error. */
787
788SPOOL_READ_ERROR:
789if (errno != 0)
790 {
791 n = errno;
792
793 #ifndef COMPILE_UTILITY
794 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
795 #endif /* COMPILE_UTILITY */
796
797 fclose(f);
798 errno = n;
799 return inheader? spool_read_hdrerror : spool_read_enverror;
800 }
801
802SPOOL_FORMAT_ERROR:
803
804#ifndef COMPILE_UTILITY
805DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
806#endif /* COMPILE_UTILITY */
807
808fclose(f);
809errno = ERRNO_SPOOLFORMAT;
810return inheader? spool_read_hdrerror : spool_read_enverror;
811}
812
9d1c15ef
JH		 813/* vi: aw ai sw=2
814*/
059ec3d9 815/* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.