| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2017 */ |
| 6 | /* See the file NOTICE for conditions of use and distribution. */ |
| 7 | |
| 8 | |
| 9 | #include "../exim.h" |
| 10 | #include "rf_functions.h" |
| 11 | #include "redirect.h" |
| 12 | |
| 13 | |
| 14 | |
| 15 | /* Options specific to the redirect router. */ |
| 16 | |
| 17 | optionlist redirect_router_options[] = { |
| 18 | { "allow_defer", opt_bit | (RDON_DEFER << 16), |
| 19 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 20 | { "allow_fail", opt_bit | (RDON_FAIL << 16), |
| 21 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 22 | { "allow_filter", opt_bit | (RDON_FILTER << 16), |
| 23 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 24 | { "allow_freeze", opt_bit | (RDON_FREEZE << 16), |
| 25 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 26 | { "check_ancestor", opt_bool, |
| 27 | (void *)offsetof(redirect_router_options_block, check_ancestor) }, |
| 28 | { "check_group", opt_bool, |
| 29 | (void *)offsetof(redirect_router_options_block, check_group) }, |
| 30 | { "check_owner", opt_bool, |
| 31 | (void *)offsetof(redirect_router_options_block, check_owner) }, |
| 32 | { "data", opt_stringptr, |
| 33 | (void *)offsetof(redirect_router_options_block, data) }, |
| 34 | { "directory_transport",opt_stringptr, |
| 35 | (void *)offsetof(redirect_router_options_block, directory_transport_name) }, |
| 36 | { "file", opt_stringptr, |
| 37 | (void *)offsetof(redirect_router_options_block, file) }, |
| 38 | { "file_transport", opt_stringptr, |
| 39 | (void *)offsetof(redirect_router_options_block, file_transport_name) }, |
| 40 | { "filter_prepend_home",opt_bit | (RDON_PREPEND_HOME << 16), |
| 41 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 42 | { "forbid_blackhole", opt_bit | (RDON_BLACKHOLE << 16), |
| 43 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 44 | { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16), |
| 45 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 46 | { "forbid_file", opt_bool, |
| 47 | (void *)offsetof(redirect_router_options_block, forbid_file) }, |
| 48 | { "forbid_filter_dlfunc", opt_bit | (RDON_DLFUNC << 16), |
| 49 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 50 | { "forbid_filter_existstest", opt_bit | (RDON_EXISTS << 16), |
| 51 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 52 | { "forbid_filter_logwrite",opt_bit | (RDON_LOG << 16), |
| 53 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 54 | { "forbid_filter_lookup", opt_bit | (RDON_LOOKUP << 16), |
| 55 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 56 | { "forbid_filter_perl", opt_bit | (RDON_PERL << 16), |
| 57 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 58 | { "forbid_filter_readfile", opt_bit | (RDON_READFILE << 16), |
| 59 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 60 | { "forbid_filter_readsocket", opt_bit | (RDON_READSOCK << 16), |
| 61 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 62 | { "forbid_filter_reply",opt_bool, |
| 63 | (void *)offsetof(redirect_router_options_block, forbid_filter_reply) }, |
| 64 | { "forbid_filter_run", opt_bit | (RDON_RUN << 16), |
| 65 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 66 | { "forbid_include", opt_bit | (RDON_INCLUDE << 16), |
| 67 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 68 | { "forbid_pipe", opt_bool, |
| 69 | (void *)offsetof(redirect_router_options_block, forbid_pipe) }, |
| 70 | { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16), |
| 71 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 72 | { "forbid_smtp_code", opt_bool, |
| 73 | (void *)offsetof(redirect_router_options_block, forbid_smtp_code) }, |
| 74 | { "hide_child_in_errmsg", opt_bool, |
| 75 | (void *)offsetof(redirect_router_options_block, hide_child_in_errmsg) }, |
| 76 | { "ignore_eacces", opt_bit | (RDON_EACCES << 16), |
| 77 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 78 | { "ignore_enotdir", opt_bit | (RDON_ENOTDIR << 16), |
| 79 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 80 | { "include_directory", opt_stringptr, |
| 81 | (void *)offsetof(redirect_router_options_block, include_directory) }, |
| 82 | { "modemask", opt_octint, |
| 83 | (void *)offsetof(redirect_router_options_block, modemask) }, |
| 84 | { "one_time", opt_bool, |
| 85 | (void *)offsetof(redirect_router_options_block, one_time) }, |
| 86 | { "owners", opt_uidlist, |
| 87 | (void *)offsetof(redirect_router_options_block, owners) }, |
| 88 | { "owngroups", opt_gidlist, |
| 89 | (void *)offsetof(redirect_router_options_block, owngroups) }, |
| 90 | { "pipe_transport", opt_stringptr, |
| 91 | (void *)offsetof(redirect_router_options_block, pipe_transport_name) }, |
| 92 | { "qualify_domain", opt_stringptr, |
| 93 | (void *)offsetof(redirect_router_options_block, qualify_domain) }, |
| 94 | { "qualify_preserve_domain", opt_bool, |
| 95 | (void *)offsetof(redirect_router_options_block, qualify_preserve_domain) }, |
| 96 | { "repeat_use", opt_bool | opt_public, |
| 97 | (void *)offsetof(router_instance, repeat_use) }, |
| 98 | { "reply_transport", opt_stringptr, |
| 99 | (void *)offsetof(redirect_router_options_block, reply_transport_name) }, |
| 100 | { "rewrite", opt_bit | (RDON_REWRITE << 16), |
| 101 | (void *)offsetof(redirect_router_options_block, bit_options) }, |
| 102 | { "sieve_enotify_mailto_owner", opt_stringptr, |
| 103 | (void *)offsetof(redirect_router_options_block, sieve_enotify_mailto_owner) }, |
| 104 | { "sieve_subaddress", opt_stringptr, |
| 105 | (void *)offsetof(redirect_router_options_block, sieve_subaddress) }, |
| 106 | { "sieve_useraddress", opt_stringptr, |
| 107 | (void *)offsetof(redirect_router_options_block, sieve_useraddress) }, |
| 108 | { "sieve_vacation_directory", opt_stringptr, |
| 109 | (void *)offsetof(redirect_router_options_block, sieve_vacation_directory) }, |
| 110 | { "skip_syntax_errors", opt_bool, |
| 111 | (void *)offsetof(redirect_router_options_block, skip_syntax_errors) }, |
| 112 | #ifdef EXPERIMENTAL_SRS |
| 113 | { "srs", opt_stringptr, |
| 114 | (void *)offsetof(redirect_router_options_block, srs) }, |
| 115 | { "srs_alias", opt_stringptr, |
| 116 | (void *)offsetof(redirect_router_options_block, srs_alias) }, |
| 117 | { "srs_condition", opt_stringptr, |
| 118 | (void *)offsetof(redirect_router_options_block, srs_condition) }, |
| 119 | { "srs_dbinsert", opt_stringptr, |
| 120 | (void *)offsetof(redirect_router_options_block, srs_dbinsert) }, |
| 121 | { "srs_dbselect", opt_stringptr, |
| 122 | (void *)offsetof(redirect_router_options_block, srs_dbselect) }, |
| 123 | #endif |
| 124 | { "syntax_errors_text", opt_stringptr, |
| 125 | (void *)offsetof(redirect_router_options_block, syntax_errors_text) }, |
| 126 | { "syntax_errors_to", opt_stringptr, |
| 127 | (void *)offsetof(redirect_router_options_block, syntax_errors_to) } |
| 128 | }; |
| 129 | |
| 130 | /* Size of the options list. An extern variable has to be used so that its |
| 131 | address can appear in the tables drtables.c. */ |
| 132 | |
| 133 | int redirect_router_options_count = |
| 134 | sizeof(redirect_router_options)/sizeof(optionlist); |
| 135 | |
| 136 | |
| 137 | #ifdef MACRO_PREDEF |
| 138 | |
| 139 | /* Dummy entries */ |
| 140 | redirect_router_options_block redirect_router_option_defaults = {0}; |
| 141 | void redirect_router_init(router_instance *rblock) {} |
| 142 | int redirect_router_entry(router_instance *rblock, address_item *addr, |
| 143 | struct passwd *pw, int verify, address_item **addr_local, |
| 144 | address_item **addr_remote, address_item **addr_new, |
| 145 | address_item **addr_succeed) {return 0;} |
| 146 | |
| 147 | #else /*!MACRO_PREDEF*/ |
| 148 | |
| 149 | |
| 150 | |
| 151 | /* Default private options block for the redirect router. */ |
| 152 | |
| 153 | redirect_router_options_block redirect_router_option_defaults = { |
| 154 | NULL, /* directory_transport */ |
| 155 | NULL, /* file_transport */ |
| 156 | NULL, /* pipe_transport */ |
| 157 | NULL, /* reply_transport */ |
| 158 | NULL, /* data */ |
| 159 | NULL, /* directory_transport_name */ |
| 160 | NULL, /* file */ |
| 161 | NULL, /* file_dir */ |
| 162 | NULL, /* file_transport_name */ |
| 163 | NULL, /* include_directory */ |
| 164 | NULL, /* pipe_transport_name */ |
| 165 | NULL, /* reply_transport_name */ |
| 166 | NULL, /* sieve_subaddress */ |
| 167 | NULL, /* sieve_useraddress */ |
| 168 | NULL, /* sieve_vacation_directory */ |
| 169 | NULL, /* sieve_enotify_mailto_owner */ |
| 170 | NULL, /* syntax_errors_text */ |
| 171 | NULL, /* syntax_errors_to */ |
| 172 | NULL, /* qualify_domain */ |
| 173 | NULL, /* owners */ |
| 174 | NULL, /* owngroups */ |
| 175 | #ifdef EXPERIMENTAL_SRS |
| 176 | NULL, /* srs */ |
| 177 | NULL, /* srs_alias */ |
| 178 | NULL, /* srs_condition */ |
| 179 | NULL, /* srs_dbinsert */ |
| 180 | NULL, /* srs_dbselect */ |
| 181 | #endif |
| 182 | 022, /* modemask */ |
| 183 | RDO_REWRITE | RDO_PREPEND_HOME, /* bit_options */ |
| 184 | FALSE, /* check_ancestor */ |
| 185 | TRUE_UNSET, /* check_owner */ |
| 186 | TRUE_UNSET, /* check_group */ |
| 187 | FALSE, /* forbid_file */ |
| 188 | FALSE, /* forbid_filter_reply */ |
| 189 | FALSE, /* forbid_pipe */ |
| 190 | FALSE, /* forbid_smtp_code */ |
| 191 | FALSE, /* hide_child_in_errmsg */ |
| 192 | FALSE, /* one_time */ |
| 193 | FALSE, /* qualify_preserve_domain */ |
| 194 | FALSE /* skip_syntax_errors */ |
| 195 | }; |
| 196 | |
| 197 | |
| 198 | |
| 199 | /************************************************* |
| 200 | * Initialization entry point * |
| 201 | *************************************************/ |
| 202 | |
| 203 | /* Called for each instance, after its options have been read, to enable |
| 204 | consistency checks to be done, or anything else that needs to be set up. */ |
| 205 | |
| 206 | void redirect_router_init(router_instance *rblock) |
| 207 | { |
| 208 | redirect_router_options_block *ob = |
| 209 | (redirect_router_options_block *)(rblock->options_block); |
| 210 | |
| 211 | /* Either file or data must be set, but not both */ |
| 212 | |
| 213 | if ((ob->file == NULL) == (ob->data == NULL)) |
| 214 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
| 215 | "%sone of \"file\" or \"data\" must be specified", |
| 216 | rblock->name, (ob->file == NULL)? "" : "only "); |
| 217 | |
| 218 | /* Onetime aliases can only be real addresses. Headers can't be manipulated. |
| 219 | The combination of one_time and unseen is not allowed. We can't check the |
| 220 | expansion of "unseen" here, but we assume that if it is set to anything other |
| 221 | than false, there is likely to be a problem. */ |
| 222 | |
| 223 | if (ob->one_time) |
| 224 | { |
| 225 | ob->forbid_pipe = ob->forbid_file = ob->forbid_filter_reply = TRUE; |
| 226 | if (rblock->extra_headers || rblock->remove_headers) |
| 227 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
| 228 | "\"headers_add\" and \"headers_remove\" are not permitted with " |
| 229 | "\"one_time\"", rblock->name); |
| 230 | if (rblock->unseen || rblock->expand_unseen) |
| 231 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
| 232 | "\"unseen\" may not be used with \"one_time\"", rblock->name); |
| 233 | } |
| 234 | |
| 235 | /* The defaults for check_owner and check_group depend on other settings. The |
| 236 | defaults are: Check the owner if check_local_user or owners is set; check the |
| 237 | group if check_local_user is set without a restriction on the group write bit, |
| 238 | or if owngroups is set. */ |
| 239 | |
| 240 | if (ob->check_owner == TRUE_UNSET) |
| 241 | ob->check_owner = rblock->check_local_user || |
| 242 | (ob->owners && ob->owners[0] != 0); |
| 243 | |
| 244 | if (ob->check_group == TRUE_UNSET) |
| 245 | ob->check_group = (rblock->check_local_user && (ob->modemask & 020) == 0) || |
| 246 | (ob->owngroups != NULL && ob->owngroups[0] != 0); |
| 247 | |
| 248 | /* If explicit qualify domain set, the preserve option is locked out */ |
| 249 | |
| 250 | if (ob->qualify_domain && ob->qualify_preserve_domain) |
| 251 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
| 252 | "only one of \"qualify_domain\" or \"qualify_preserve_domain\" must be set", |
| 253 | rblock->name); |
| 254 | |
| 255 | /* If allow_filter is set, either user or check_local_user must be set. */ |
| 256 | |
| 257 | if (!rblock->check_local_user && |
| 258 | !rblock->uid_set && |
| 259 | rblock->expand_uid == NULL && |
| 260 | (ob->bit_options & RDO_FILTER) != 0) |
| 261 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
| 262 | "\"user\" or \"check_local_user\" must be set with \"allow_filter\"", |
| 263 | rblock->name); |
| 264 | } |
| 265 | |
| 266 | |
| 267 | |
| 268 | /************************************************* |
| 269 | * Get errors address and header mods * |
| 270 | *************************************************/ |
| 271 | |
| 272 | /* This function is called when new addresses are generated, in order to |
| 273 | sort out errors address and header modifications. We put the errors address |
| 274 | into the parent address (even though it is never used from there because that |
| 275 | address is never transported) so that it can be retrieved if any of the |
| 276 | children gets routed by an "unseen" router. The clone of the child that is |
| 277 | passed on must have the original errors_address value. |
| 278 | |
| 279 | Arguments: |
| 280 | rblock the router control block |
| 281 | addr the address being routed |
| 282 | verify v_none/v_recipient/v_sender/v_expn |
| 283 | addr_prop point to the propagated block, which is where the |
| 284 | new values are to be placed |
| 285 | |
| 286 | Returns: the result of rf_get_errors_address() or rf_get_munge_headers(), |
| 287 | which is either OK or DEFER |
| 288 | */ |
| 289 | |
| 290 | static int |
| 291 | sort_errors_and_headers(router_instance *rblock, address_item *addr, |
| 292 | int verify, address_item_propagated *addr_prop) |
| 293 | { |
| 294 | int frc = rf_get_errors_address(addr, rblock, verify, |
| 295 | &addr_prop->errors_address); |
| 296 | if (frc != OK) return frc; |
| 297 | addr->prop.errors_address = addr_prop->errors_address; |
| 298 | return rf_get_munge_headers(addr, rblock, &addr_prop->extra_headers, |
| 299 | &addr_prop->remove_headers); |
| 300 | } |
| 301 | |
| 302 | |
| 303 | |
| 304 | /************************************************* |
| 305 | * Process a set of generated new addresses * |
| 306 | *************************************************/ |
| 307 | |
| 308 | /* This function sets up a set of newly generated child addresses and puts them |
| 309 | on the new address chain. Copy in the uid, gid and permission flags for use by |
| 310 | pipes and files, set the parent, and "or" its af_ignore_error flag. Also record |
| 311 | the setting for any starting router. |
| 312 | |
| 313 | If the generated address is the same as one of its ancestors, and the |
| 314 | check_ancestor flag is set, do not use this generated address, but replace it |
| 315 | with a copy of the input address. This is to cope with cases where A is aliased |
| 316 | to B and B has a .forward file pointing to A, though it is usually set on the |
| 317 | forwardfile rather than the aliasfile. We can't just pass on the old |
| 318 | address by returning FAIL, because it must act as a general parent for |
| 319 | generated addresses, and only get marked "done" when all its children are |
| 320 | delivered. |
| 321 | |
| 322 | Arguments: |
| 323 | rblock router block |
| 324 | addr_new new address chain |
| 325 | addr original address |
| 326 | generated list of generated addresses |
| 327 | addr_prop the propagated block, containing the errors_address, |
| 328 | header modification stuff, and address_data |
| 329 | ugidptr points to uid/gid data for files, pipes, autoreplies |
| 330 | pw password entry, set if ob->check_local_user is TRUE |
| 331 | |
| 332 | Returns: nothing |
| 333 | */ |
| 334 | |
| 335 | static void |
| 336 | add_generated(router_instance *rblock, address_item **addr_new, |
| 337 | address_item *addr, address_item *generated, |
| 338 | address_item_propagated *addr_prop, ugid_block *ugidptr, struct passwd *pw) |
| 339 | { |
| 340 | redirect_router_options_block *ob = |
| 341 | (redirect_router_options_block *)(rblock->options_block); |
| 342 | |
| 343 | while (generated) |
| 344 | { |
| 345 | address_item *parent; |
| 346 | address_item *next = generated; |
| 347 | uschar *errors_address = next->prop.errors_address; |
| 348 | |
| 349 | generated = next->next; |
| 350 | next->parent = addr; |
| 351 | next->start_router = rblock->redirect_router; |
| 352 | if (addr->child_count == USHRT_MAX) |
| 353 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " |
| 354 | "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address); |
| 355 | addr->child_count++; |
| 356 | |
| 357 | next->next = *addr_new; |
| 358 | *addr_new = next; |
| 359 | |
| 360 | /* Don't do the "one_time" thing for the first pass of a 2-stage queue run. */ |
| 361 | |
| 362 | if (ob->one_time && !queue_2stage) |
| 363 | { |
| 364 | for (parent = addr; parent->parent; parent = parent->parent) ; |
| 365 | next->onetime_parent = parent->address; |
| 366 | } |
| 367 | |
| 368 | if (ob->hide_child_in_errmsg) setflag(next, af_hide_child); |
| 369 | |
| 370 | /* If check_ancestor is set, we want to know if any ancestor of this address |
| 371 | is the address we are about to generate. The check must be done caselessly |
| 372 | unless the ancestor was routed by a case-sensitive router. */ |
| 373 | |
| 374 | if (ob->check_ancestor) |
| 375 | for (parent = addr; parent; parent = parent->parent) |
| 376 | if ((parent->router && parent->router->caseful_local_part |
| 377 | ? Ustrcmp(next->address, parent->address) |
| 378 | : strcmpic(next->address, parent->address) |
| 379 | ) == 0) |
| 380 | { |
| 381 | DEBUG(D_route) debug_printf("generated parent replaced by child\n"); |
| 382 | next->address = string_copy(addr->address); |
| 383 | break; |
| 384 | } |
| 385 | |
| 386 | /* A user filter may, under some circumstances, set up an errors address. |
| 387 | If so, we must take care to re-instate it when we copy in the propagated |
| 388 | data so that it overrides any errors_to setting on the router. */ |
| 389 | |
| 390 | { |
| 391 | BOOL ignore_error = next->prop.ignore_error; |
| 392 | next->prop = *addr_prop; |
| 393 | next->prop.ignore_error = ignore_error || addr->prop.ignore_error; |
| 394 | } |
| 395 | if (errors_address) next->prop.errors_address = errors_address; |
| 396 | |
| 397 | /* For pipes, files, and autoreplies, record this router as handling them, |
| 398 | because they don't go through the routing process again. Then set up uid, |
| 399 | gid, home and current directories for transporting. */ |
| 400 | |
| 401 | if (testflag(next, af_pfr)) |
| 402 | { |
| 403 | next->router = rblock; |
| 404 | rf_set_ugid(next, ugidptr); /* Will contain pw values if not overridden */ |
| 405 | |
| 406 | /* When getting the home directory out of the password information, wrap it |
| 407 | in \N...\N to avoid expansion later. In Cygwin, home directories can |
| 408 | contain $ characters. */ |
| 409 | |
| 410 | if (rblock->home_directory != NULL) |
| 411 | next->home_dir = rblock->home_directory; |
| 412 | else if (rblock->check_local_user) |
| 413 | next->home_dir = string_sprintf("\\N%s\\N", pw->pw_dir); |
| 414 | else if (rblock->router_home_directory != NULL && |
| 415 | testflag(addr, af_home_expanded)) |
| 416 | { |
| 417 | next->home_dir = deliver_home; |
| 418 | setflag(next, af_home_expanded); |
| 419 | } |
| 420 | |
| 421 | next->current_dir = rblock->current_directory; |
| 422 | |
| 423 | /* Permission options */ |
| 424 | |
| 425 | if (!ob->forbid_pipe) setflag(next, af_allow_pipe); |
| 426 | if (!ob->forbid_file) setflag(next, af_allow_file); |
| 427 | if (!ob->forbid_filter_reply) setflag(next, af_allow_reply); |
| 428 | |
| 429 | /* If the transport setting fails, the error gets picked up at the outer |
| 430 | level from the setting of basic_errno in the address. */ |
| 431 | |
| 432 | if (next->address[0] == '|') |
| 433 | { |
| 434 | address_pipe = next->address; |
| 435 | if (rf_get_transport(ob->pipe_transport_name, &(ob->pipe_transport), |
| 436 | next, rblock->name, US"pipe_transport")) |
| 437 | next->transport = ob->pipe_transport; |
| 438 | address_pipe = NULL; |
| 439 | } |
| 440 | else if (next->address[0] == '>') |
| 441 | { |
| 442 | if (rf_get_transport(ob->reply_transport_name, &(ob->reply_transport), |
| 443 | next, rblock->name, US"reply_transport")) |
| 444 | next->transport = ob->reply_transport; |
| 445 | } |
| 446 | else /* must be file or directory */ |
| 447 | { |
| 448 | int len = Ustrlen(next->address); |
| 449 | address_file = next->address; |
| 450 | if (next->address[len-1] == '/') |
| 451 | { |
| 452 | if (rf_get_transport(ob->directory_transport_name, |
| 453 | &(ob->directory_transport), next, rblock->name, |
| 454 | US"directory_transport")) |
| 455 | next->transport = ob->directory_transport; |
| 456 | } |
| 457 | else |
| 458 | { |
| 459 | if (rf_get_transport(ob->file_transport_name, &(ob->file_transport), |
| 460 | next, rblock->name, US"file_transport")) |
| 461 | next->transport = ob->file_transport; |
| 462 | } |
| 463 | address_file = NULL; |
| 464 | } |
| 465 | } |
| 466 | |
| 467 | #ifdef SUPPORT_I18N |
| 468 | next->prop.utf8_msg = string_is_utf8(next->address) |
| 469 | || (sender_address && string_is_utf8(sender_address)); |
| 470 | #endif |
| 471 | |
| 472 | DEBUG(D_route) |
| 473 | { |
| 474 | debug_printf("%s router generated %s\n %serrors_to=%s transport=%s\n", |
| 475 | rblock->name, |
| 476 | next->address, |
| 477 | testflag(next, af_pfr)? "pipe, file, or autoreply\n " : "", |
| 478 | next->prop.errors_address, |
| 479 | (next->transport == NULL)? US"NULL" : next->transport->name); |
| 480 | |
| 481 | if (testflag(next, af_uid_set)) |
| 482 | debug_printf(" uid=%ld ", (long int)(next->uid)); |
| 483 | else |
| 484 | debug_printf(" uid=unset "); |
| 485 | |
| 486 | if (testflag(next, af_gid_set)) |
| 487 | debug_printf("gid=%ld ", (long int)(next->gid)); |
| 488 | else |
| 489 | debug_printf("gid=unset "); |
| 490 | |
| 491 | #ifdef SUPPORT_I18N |
| 492 | if (next->prop.utf8_msg) debug_printf("utf8 "); |
| 493 | #endif |
| 494 | |
| 495 | debug_printf("home=%s\n", next->home_dir); |
| 496 | } |
| 497 | } |
| 498 | } |
| 499 | |
| 500 | |
| 501 | /************************************************* |
| 502 | * Main entry point * |
| 503 | *************************************************/ |
| 504 | |
| 505 | /* See local README for interface description. This router returns: |
| 506 | |
| 507 | DECLINE |
| 508 | . empty address list, or filter did nothing significant |
| 509 | |
| 510 | DEFER |
| 511 | . verifying the errors address caused a deferment or a big disaster such |
| 512 | as an expansion failure (rf_get_errors_address) |
| 513 | . expanding a headers_{add,remove} string caused a deferment or another |
| 514 | expansion error (rf_get_munge_headers) |
| 515 | . :defer: or "freeze" in a filter |
| 516 | . error in address list or filter |
| 517 | . skipped syntax errors, but failed to send the message |
| 518 | |
| 519 | DISCARD |
| 520 | . address was :blackhole:d or "seen finish"ed |
| 521 | |
| 522 | FAIL |
| 523 | . :fail: |
| 524 | |
| 525 | OK |
| 526 | . new addresses added to addr_new |
| 527 | */ |
| 528 | |
| 529 | int redirect_router_entry( |
| 530 | router_instance *rblock, /* data for this instantiation */ |
| 531 | address_item *addr, /* address we are working on */ |
| 532 | struct passwd *pw, /* passwd entry after check_local_user */ |
| 533 | int verify, /* v_none/v_recipient/v_sender/v_expn */ |
| 534 | address_item **addr_local, /* add it to this if it's local */ |
| 535 | address_item **addr_remote, /* add it to this if it's remote */ |
| 536 | address_item **addr_new, /* put new addresses on here */ |
| 537 | address_item **addr_succeed) /* put old address here on success */ |
| 538 | { |
| 539 | redirect_router_options_block *ob = |
| 540 | (redirect_router_options_block *)(rblock->options_block); |
| 541 | address_item *generated = NULL; |
| 542 | const uschar *save_qualify_domain_recipient = qualify_domain_recipient; |
| 543 | uschar *discarded = US"discarded"; |
| 544 | address_item_propagated addr_prop; |
| 545 | error_block *eblock = NULL; |
| 546 | ugid_block ugid; |
| 547 | redirect_block redirect; |
| 548 | int filtertype = FILTER_UNSET; |
| 549 | int yield = OK; |
| 550 | int options = ob->bit_options; |
| 551 | int frc = 0; |
| 552 | int xrc = 0; |
| 553 | |
| 554 | addr_local = addr_local; /* Keep picky compilers happy */ |
| 555 | addr_remote = addr_remote; |
| 556 | |
| 557 | /* Initialize the data to be propagated to the children */ |
| 558 | |
| 559 | addr_prop.address_data = deliver_address_data; |
| 560 | addr_prop.domain_data = deliver_domain_data; |
| 561 | addr_prop.localpart_data = deliver_localpart_data; |
| 562 | addr_prop.errors_address = NULL; |
| 563 | addr_prop.extra_headers = NULL; |
| 564 | addr_prop.remove_headers = NULL; |
| 565 | |
| 566 | #ifdef EXPERIMENTAL_SRS |
| 567 | addr_prop.srs_sender = NULL; |
| 568 | #endif |
| 569 | #ifdef SUPPORT_I18N |
| 570 | addr_prop.utf8_msg = FALSE; /*XXX should we not copy this from the parent? */ |
| 571 | addr_prop.utf8_downcvt = FALSE; |
| 572 | addr_prop.utf8_downcvt_maybe = FALSE; |
| 573 | #endif |
| 574 | |
| 575 | |
| 576 | /* When verifying and testing addresses, the "logwrite" command in filters |
| 577 | must be bypassed. */ |
| 578 | |
| 579 | if (verify == v_none && !address_test_mode) options |= RDO_REALLOG; |
| 580 | |
| 581 | /* Sort out the fixed or dynamic uid/gid. This uid is used (a) for reading the |
| 582 | file (and interpreting a filter) and (b) for running the transports for |
| 583 | generated file and pipe addresses. It is not (necessarily) the same as the uids |
| 584 | that may own the file. Exim panics if an expanded string is not a number and |
| 585 | can't be found in the password file. Other errors set the freezing bit. */ |
| 586 | |
| 587 | if (!rf_get_ugid(rblock, addr, &ugid)) return DEFER; |
| 588 | |
| 589 | if (!ugid.uid_set && pw != NULL) |
| 590 | { |
| 591 | ugid.uid = pw->pw_uid; |
| 592 | ugid.uid_set = TRUE; |
| 593 | } |
| 594 | |
| 595 | if (!ugid.gid_set && pw != NULL) |
| 596 | { |
| 597 | ugid.gid = pw->pw_gid; |
| 598 | ugid.gid_set = TRUE; |
| 599 | } |
| 600 | |
| 601 | #ifdef EXPERIMENTAL_SRS |
| 602 | /* Perform SRS on recipient/return-path as required */ |
| 603 | |
| 604 | if(ob->srs != NULL) |
| 605 | { |
| 606 | BOOL usesrs = TRUE; |
| 607 | |
| 608 | if(ob->srs_condition != NULL) |
| 609 | usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL); |
| 610 | |
| 611 | if(usesrs) |
| 612 | { |
| 613 | int srs_action = 0, n_srs; |
| 614 | uschar *res; |
| 615 | uschar *usedomain; |
| 616 | |
| 617 | /* What are we doing? */ |
| 618 | if(Ustrcmp(ob->srs, "forward") == 0) |
| 619 | srs_action = 1; |
| 620 | else if(Ustrcmp(ob->srs, "reverseandforward") == 0) |
| 621 | { |
| 622 | srs_action = 3; |
| 623 | |
| 624 | if((ob->srs_dbinsert == NULL) ^ (ob->srs_dbselect == NULL)) |
| 625 | return DEFER; |
| 626 | } |
| 627 | else if(Ustrcmp(ob->srs, "reverse") == 0) |
| 628 | srs_action = 2; |
| 629 | |
| 630 | /* Reverse SRS */ |
| 631 | if(srs_action & 2) |
| 632 | { |
| 633 | srs_orig_recipient = addr->address; |
| 634 | |
| 635 | eximsrs_init(); |
| 636 | if(ob->srs_dbselect) |
| 637 | eximsrs_db_set(TRUE, ob->srs_dbselect); |
| 638 | /* Comment this out for now... |
| 639 | // else |
| 640 | // eximsrs_db_set(TRUE, NULL); |
| 641 | */ |
| 642 | |
| 643 | if((n_srs = eximsrs_reverse(&res, addr->address)) == OK) |
| 644 | { |
| 645 | srs_recipient = res; |
| 646 | DEBUG(D_any) |
| 647 | debug_printf("SRS (reverse): Recipient '%s' rewritten to '%s'\n", srs_orig_recipient, srs_recipient); |
| 648 | } |
| 649 | |
| 650 | eximsrs_done(); |
| 651 | |
| 652 | if(n_srs != OK) |
| 653 | return n_srs; |
| 654 | } |
| 655 | |
| 656 | /* Forward SRS */ |
| 657 | /* No point in actually performing SRS if we are just verifying a recipient */ |
| 658 | if((srs_action & 1) && verify == v_none && |
| 659 | (sender_address ? sender_address[0] != 0 : FALSE)) |
| 660 | { |
| 661 | |
| 662 | srs_orig_sender = sender_address; |
| 663 | eximsrs_init(); |
| 664 | if(ob->srs_dbinsert) |
| 665 | eximsrs_db_set(FALSE, ob->srs_dbinsert); |
| 666 | /* Comment this out for now... |
| 667 | // else |
| 668 | // eximsrs_db_set(FALSE, NULL); |
| 669 | */ |
| 670 | |
| 671 | if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL)) |
| 672 | usedomain = string_copy(deliver_domain); |
| 673 | |
| 674 | if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK) |
| 675 | { |
| 676 | addr_prop.srs_sender = res; |
| 677 | DEBUG(D_any) |
| 678 | debug_printf("SRS (forward): Sender '%s' rewritten to '%s'\n", srs_orig_sender, res); |
| 679 | } |
| 680 | |
| 681 | eximsrs_done(); |
| 682 | |
| 683 | if(n_srs != OK) |
| 684 | return n_srs; |
| 685 | } |
| 686 | } |
| 687 | } |
| 688 | #endif |
| 689 | |
| 690 | /* Call the function that interprets redirection data, either inline or from a |
| 691 | file. This is a separate function so that the system filter can use it. It will |
| 692 | run the function in a subprocess if necessary. If qualify_preserve_domain is |
| 693 | set, temporarily reset qualify_domain_recipient to the current domain so that |
| 694 | any unqualified addresses get qualified with the same domain as the incoming |
| 695 | address. Otherwise, if a local qualify_domain is provided, set that up. */ |
| 696 | |
| 697 | if (ob->qualify_preserve_domain) |
| 698 | qualify_domain_recipient = addr->domain; |
| 699 | else if (ob->qualify_domain != NULL) |
| 700 | { |
| 701 | uschar *new_qdr = rf_expand_data(addr, ob->qualify_domain, &xrc); |
| 702 | if (new_qdr == NULL) return xrc; |
| 703 | qualify_domain_recipient = new_qdr; |
| 704 | } |
| 705 | |
| 706 | redirect.owners = ob->owners; |
| 707 | redirect.owngroups = ob->owngroups; |
| 708 | redirect.modemask = ob->modemask; |
| 709 | redirect.check_owner = ob->check_owner; |
| 710 | redirect.check_group = ob->check_group; |
| 711 | redirect.pw = pw; |
| 712 | |
| 713 | if (ob->file != NULL) |
| 714 | { |
| 715 | redirect.string = ob->file; |
| 716 | redirect.isfile = TRUE; |
| 717 | } |
| 718 | else |
| 719 | { |
| 720 | redirect.string = ob->data; |
| 721 | redirect.isfile = FALSE; |
| 722 | } |
| 723 | |
| 724 | frc = rda_interpret(&redirect, options, ob->include_directory, |
| 725 | ob->sieve_vacation_directory, ob->sieve_enotify_mailto_owner, |
| 726 | ob->sieve_useraddress, ob->sieve_subaddress, &ugid, &generated, |
| 727 | &(addr->message), ob->skip_syntax_errors? &eblock : NULL, &filtertype, |
| 728 | string_sprintf("%s router (recipient is %s)", rblock->name, addr->address)); |
| 729 | |
| 730 | qualify_domain_recipient = save_qualify_domain_recipient; |
| 731 | |
| 732 | /* Handle exceptional returns from filtering or processing an address list. |
| 733 | For FAIL and FREEZE we honour any previously set up deliveries by a filter. */ |
| 734 | |
| 735 | switch (frc) |
| 736 | { |
| 737 | case FF_NONEXIST: |
| 738 | addr->message = addr->user_message = NULL; |
| 739 | return DECLINE; |
| 740 | |
| 741 | case FF_BLACKHOLE: |
| 742 | DEBUG(D_route) debug_printf("address :blackhole:d\n"); |
| 743 | generated = NULL; |
| 744 | discarded = US":blackhole:"; |
| 745 | frc = FF_DELIVERED; |
| 746 | break; |
| 747 | |
| 748 | /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands |
| 749 | (:defer: or :fail: in an alias file or "fail" in a filter). If a configured |
| 750 | message was supplied, allow it to be included in an SMTP response after |
| 751 | verifying. Remove any SMTP code if it is not allowed. */ |
| 752 | |
| 753 | case FF_DEFER: |
| 754 | yield = DEFER; |
| 755 | goto SORT_MESSAGE; |
| 756 | |
| 757 | case FF_FAIL: |
| 758 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) |
| 759 | return xrc; |
| 760 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); |
| 761 | yield = FAIL; |
| 762 | |
| 763 | SORT_MESSAGE: |
| 764 | if (addr->message == NULL) |
| 765 | addr->message = (yield == FAIL)? US"forced rejection" : US"forced defer"; |
| 766 | else |
| 767 | { |
| 768 | int ovector[3]; |
| 769 | if (ob->forbid_smtp_code && |
| 770 | pcre_exec(regex_smtp_code, NULL, CS addr->message, |
| 771 | Ustrlen(addr->message), 0, PCRE_EOPT, |
| 772 | ovector, sizeof(ovector)/sizeof(int)) >= 0) |
| 773 | { |
| 774 | DEBUG(D_route) debug_printf("SMTP code at start of error message " |
| 775 | "is ignored because forbid_smtp_code is set\n"); |
| 776 | addr->message += ovector[1]; |
| 777 | } |
| 778 | addr->user_message = addr->message; |
| 779 | setflag(addr, af_pass_message); |
| 780 | } |
| 781 | return yield; |
| 782 | |
| 783 | /* As in the case of a system filter, a freeze does not happen after a manual |
| 784 | thaw. In case deliveries were set up by the filter, we set the child count |
| 785 | high so that their completion does not mark the original address done. */ |
| 786 | |
| 787 | case FF_FREEZE: |
| 788 | if (!deliver_manual_thaw) |
| 789 | { |
| 790 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) |
| 791 | != OK) return xrc; |
| 792 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); |
| 793 | if (addr->message == NULL) addr->message = US"frozen by filter"; |
| 794 | addr->special_action = SPECIAL_FREEZE; |
| 795 | addr->child_count = 9999; |
| 796 | return DEFER; |
| 797 | } |
| 798 | frc = FF_NOTDELIVERED; |
| 799 | break; |
| 800 | |
| 801 | /* Handle syntax errors and :include: failures and lookup defers */ |
| 802 | |
| 803 | case FF_ERROR: |
| 804 | case FF_INCLUDEFAIL: |
| 805 | |
| 806 | /* If filtertype is still FILTER_UNSET, it means that the redirection data |
| 807 | was never inspected, so the error was an expansion failure or failure to open |
| 808 | the file, or whatever. In these cases, the existing error message is probably |
| 809 | sufficient. */ |
| 810 | |
| 811 | if (filtertype == FILTER_UNSET) return DEFER; |
| 812 | |
| 813 | /* If it was a filter and skip_syntax_errors is set, we want to set up |
| 814 | the error message so that it can be logged and mailed to somebody. */ |
| 815 | |
| 816 | if (filtertype != FILTER_FORWARD && ob->skip_syntax_errors) |
| 817 | { |
| 818 | eblock = store_get(sizeof(error_block)); |
| 819 | eblock->next = NULL; |
| 820 | eblock->text1 = addr->message; |
| 821 | eblock->text2 = NULL; |
| 822 | addr->message = addr->user_message = NULL; |
| 823 | } |
| 824 | |
| 825 | /* Otherwise set up the error for the address and defer. */ |
| 826 | |
| 827 | else |
| 828 | { |
| 829 | addr->basic_errno = ERRNO_BADREDIRECT; |
| 830 | addr->message = string_sprintf("error in %s %s: %s", |
| 831 | (filtertype != FILTER_FORWARD)? "filter" : "redirect", |
| 832 | (ob->data == NULL)? "file" : "data", |
| 833 | addr->message); |
| 834 | return DEFER; |
| 835 | } |
| 836 | } |
| 837 | |
| 838 | |
| 839 | /* Yield is either FF_DELIVERED (significant action) or FF_NOTDELIVERED (no |
| 840 | significant action). Before dealing with these, however, we must handle the |
| 841 | effect of skip_syntax_errors. |
| 842 | |
| 843 | If skip_syntax_errors was set and there were syntax errors in an address list, |
| 844 | error messages will be present in eblock. Log them and send a message if so |
| 845 | configured. We cannot do this earlier, because the error message must not be |
| 846 | sent as the local user. If there were no valid addresses, generated will be |
| 847 | NULL. In this case, the router declines. |
| 848 | |
| 849 | For a filter file, the error message has been fudged into an eblock. After |
| 850 | dealing with it, the router declines. */ |
| 851 | |
| 852 | if (eblock != NULL) |
| 853 | { |
| 854 | if (!moan_skipped_syntax_errors( |
| 855 | rblock->name, /* For message content */ |
| 856 | eblock, /* Ditto */ |
| 857 | (verify != v_none || address_test_mode)? |
| 858 | NULL : ob->syntax_errors_to, /* Who to mail */ |
| 859 | generated != NULL, /* True if not all failed */ |
| 860 | ob->syntax_errors_text)) /* Custom message */ |
| 861 | return DEFER; |
| 862 | |
| 863 | if (filtertype != FILTER_FORWARD || generated == NULL) |
| 864 | { |
| 865 | addr->message = US"syntax error in redirection data"; |
| 866 | return DECLINE; |
| 867 | } |
| 868 | } |
| 869 | |
| 870 | /* Sort out the errors address and any header modifications, and handle the |
| 871 | generated addresses, if any. If there are no generated addresses, we must avoid |
| 872 | calling sort_errors_and_headers() in case this router declines - that function |
| 873 | may modify the errors_address field in the current address, and we don't want |
| 874 | to do that for a decline. */ |
| 875 | |
| 876 | if (generated != NULL) |
| 877 | { |
| 878 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) |
| 879 | return xrc; |
| 880 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); |
| 881 | } |
| 882 | |
| 883 | /* FF_DELIVERED with no generated addresses is what we get when an address list |
| 884 | contains :blackhole: or a filter contains "seen finish" without having |
| 885 | generated anything. Log what happened to this address, and return DISCARD. */ |
| 886 | |
| 887 | if (frc == FF_DELIVERED) |
| 888 | { |
| 889 | if (generated == NULL && verify == v_none && !address_test_mode) |
| 890 | { |
| 891 | log_write(0, LOG_MAIN, "=> %s <%s> R=%s", discarded, addr->address, |
| 892 | rblock->name); |
| 893 | yield = DISCARD; |
| 894 | } |
| 895 | } |
| 896 | |
| 897 | /* For an address list, FF_NOTDELIVERED always means that no addresses were |
| 898 | generated. For a filter, addresses may or may not have been generated. If none |
| 899 | were, it's the same as an empty address list, and the router declines. However, |
| 900 | if addresses were generated, we can't just decline because successful delivery |
| 901 | of the base address gets it marked "done", so deferred generated addresses |
| 902 | never get tried again. We have to generate a new version of the base address, |
| 903 | as if there were a "deliver" command in the filter file, with the original |
| 904 | address as parent. */ |
| 905 | |
| 906 | else |
| 907 | { |
| 908 | address_item *next; |
| 909 | |
| 910 | if (generated == NULL) return DECLINE; |
| 911 | |
| 912 | next = deliver_make_addr(addr->address, FALSE); |
| 913 | next->parent = addr; |
| 914 | addr->child_count++; |
| 915 | next->next = *addr_new; |
| 916 | *addr_new = next; |
| 917 | |
| 918 | /* Set the data that propagates. */ |
| 919 | |
| 920 | next->prop = addr_prop; |
| 921 | |
| 922 | DEBUG(D_route) debug_printf("%s router autogenerated %s\n%s%s%s", |
| 923 | rblock->name, |
| 924 | next->address, |
| 925 | (addr_prop.errors_address != NULL)? " errors to " : "", |
| 926 | (addr_prop.errors_address != NULL)? addr_prop.errors_address : US"", |
| 927 | (addr_prop.errors_address != NULL)? "\n" : ""); |
| 928 | } |
| 929 | |
| 930 | /* Control gets here only when the address has been completely handled. Put the |
| 931 | original address onto the succeed queue so that any retry items that get |
| 932 | attached to it get processed. */ |
| 933 | |
| 934 | addr->next = *addr_succeed; |
| 935 | *addr_succeed = addr; |
| 936 | |
| 937 | return yield; |
| 938 | } |
| 939 | |
| 940 | #endif /*!MACRO_PREDEF*/ |
| 941 | /* End of routers/redirect.c */ |