projects / exim.git / blob
? search:


be91949b8bbeea405c01782e065b640bf77bce3c
[exim.git] / src / src / route.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2015 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions concerned with routing, and the list of generic router options. */
9
10
11 #include "exim.h"
12
13
14
15 /* Generic options for routers, all of which live inside router_instance
16 data blocks and which therefore have the opt_public flag set. */
17
18 optionlist optionlist_routers[] = {
19 { "*expand_group", opt_stringptr | opt_hidden | opt_public,
20 (void *)(offsetof(router_instance, expand_gid)) },
21 { "*expand_more", opt_stringptr | opt_hidden | opt_public,
22 (void *)(offsetof(router_instance, expand_more)) },
23 { "*expand_unseen", opt_stringptr | opt_hidden | opt_public,
24 (void *)(offsetof(router_instance, expand_unseen)) },
25 { "*expand_user", opt_stringptr | opt_hidden | opt_public,
26 (void *)(offsetof(router_instance, expand_uid)) },
27 { "*set_group", opt_bool | opt_hidden | opt_public,
28 (void *)(offsetof(router_instance, gid_set)) },
29 { "*set_user", opt_bool | opt_hidden | opt_public,
30 (void *)(offsetof(router_instance, uid_set)) },
31 { "address_data", opt_stringptr|opt_public,
32 (void *)(offsetof(router_instance, address_data)) },
33 { "address_test", opt_bool|opt_public,
34 (void *)(offsetof(router_instance, address_test)) },
35 #ifdef EXPERIMENTAL_BRIGHTMAIL
36 { "bmi_deliver_alternate", opt_bool | opt_public,
37 (void *)(offsetof(router_instance, bmi_deliver_alternate)) },
38 { "bmi_deliver_default", opt_bool | opt_public,
39 (void *)(offsetof(router_instance, bmi_deliver_default)) },
40 { "bmi_dont_deliver", opt_bool | opt_public,
41 (void *)(offsetof(router_instance, bmi_dont_deliver)) },
42 { "bmi_rule", opt_stringptr|opt_public,
43 (void *)(offsetof(router_instance, bmi_rule)) },
44 #endif
45 { "cannot_route_message", opt_stringptr | opt_public,
46 (void *)(offsetof(router_instance, cannot_route_message)) },
47 { "caseful_local_part", opt_bool | opt_public,
48 (void *)(offsetof(router_instance, caseful_local_part)) },
49 { "check_local_user", opt_bool | opt_public,
50 (void *)(offsetof(router_instance, check_local_user)) },
51 { "condition", opt_stringptr|opt_public|opt_rep_con,
52 (void *)offsetof(router_instance, condition) },
53 { "debug_print", opt_stringptr | opt_public,
54 (void *)offsetof(router_instance, debug_string) },
55 { "disable_logging", opt_bool | opt_public,
56 (void *)offsetof(router_instance, disable_logging) },
57 { "dnssec_request_domains", opt_stringptr|opt_public,
58 (void *)offsetof(router_instance, dnssec.request) },
59 { "dnssec_require_domains", opt_stringptr|opt_public,
60 (void *)offsetof(router_instance, dnssec.require) },
61 { "domains", opt_stringptr|opt_public,
62 (void *)offsetof(router_instance, domains) },
63 { "driver", opt_stringptr|opt_public,
64 (void *)offsetof(router_instance, driver_name) },
65 { "dsn_lasthop", opt_bool|opt_public,
66 (void *)offsetof(router_instance, dsn_lasthop) },
67 { "errors_to", opt_stringptr|opt_public,
68 (void *)(offsetof(router_instance, errors_to)) },
69 { "expn", opt_bool|opt_public,
70 (void *)offsetof(router_instance, expn) },
71 { "fail_verify", opt_bool_verify|opt_hidden|opt_public,
72 (void *)offsetof(router_instance, fail_verify_sender) },
73 { "fail_verify_recipient", opt_bool|opt_public,
74 (void *)offsetof(router_instance, fail_verify_recipient) },
75 { "fail_verify_sender", opt_bool|opt_public,
76 (void *)offsetof(router_instance, fail_verify_sender) },
77 { "fallback_hosts", opt_stringptr|opt_public,
78 (void *)offsetof(router_instance, fallback_hosts) },
79 { "group", opt_expand_gid | opt_public,
80 (void *)(offsetof(router_instance, gid)) },
81 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
82 (void *)offsetof(router_instance, extra_headers) },
83 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
84 (void *)offsetof(router_instance, remove_headers) },
85 { "ignore_target_hosts",opt_stringptr|opt_public,
86 (void *)offsetof(router_instance, ignore_target_hosts) },
87 { "initgroups", opt_bool | opt_public,
88 (void *)(offsetof(router_instance, initgroups)) },
89 { "local_part_prefix", opt_stringptr|opt_public,
90 (void *)offsetof(router_instance, prefix) },
91 { "local_part_prefix_optional",opt_bool|opt_public,
92 (void *)offsetof(router_instance, prefix_optional) },
93 { "local_part_suffix", opt_stringptr|opt_public,
94 (void *)offsetof(router_instance, suffix) },
95 { "local_part_suffix_optional",opt_bool|opt_public,
96 (void *)offsetof(router_instance, suffix_optional) },
97 { "local_parts", opt_stringptr|opt_public,
98 (void *)offsetof(router_instance, local_parts) },
99 { "log_as_local", opt_bool|opt_public,
100 (void *)offsetof(router_instance, log_as_local) },
101 { "more", opt_expand_bool|opt_public,
102 (void *)offsetof(router_instance, more) },
103 { "pass_on_timeout", opt_bool|opt_public,
104 (void *)offsetof(router_instance, pass_on_timeout) },
105 { "pass_router", opt_stringptr|opt_public,
106 (void *)offsetof(router_instance, pass_router_name) },
107 { "redirect_router", opt_stringptr|opt_public,
108 (void *)offsetof(router_instance, redirect_router_name) },
109 { "require_files", opt_stringptr|opt_public,
110 (void *)offsetof(router_instance, require_files) },
111 { "retry_use_local_part", opt_bool|opt_public,
112 (void *)offsetof(router_instance, retry_use_local_part) },
113 { "router_home_directory", opt_stringptr|opt_public,
114 (void *)offsetof(router_instance, router_home_directory) },
115 { "self", opt_stringptr|opt_public,
116 (void *)(offsetof(router_instance, self)) },
117 { "senders", opt_stringptr|opt_public,
118 (void *)offsetof(router_instance, senders) },
119 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
120 { "translate_ip_address", opt_stringptr|opt_public,
121 (void *)offsetof(router_instance, translate_ip_address) },
122 #endif
123 { "transport", opt_stringptr|opt_public,
124 (void *)offsetof(router_instance, transport_name) },
125 { "transport_current_directory", opt_stringptr|opt_public,
126 (void *)offsetof(router_instance, current_directory) },
127 { "transport_home_directory", opt_stringptr|opt_public,
128 (void *)offsetof(router_instance, home_directory) },
129 { "unseen", opt_expand_bool|opt_public,
130 (void *)offsetof(router_instance, unseen) },
131 { "user", opt_expand_uid | opt_public,
132 (void *)(offsetof(router_instance, uid)) },
133 { "verify", opt_bool_verify|opt_hidden|opt_public,
134 (void *)offsetof(router_instance, verify_sender) },
135 { "verify_only", opt_bool|opt_public,
136 (void *)offsetof(router_instance, verify_only) },
137 { "verify_recipient", opt_bool|opt_public,
138 (void *)offsetof(router_instance, verify_recipient) },
139 { "verify_sender", opt_bool|opt_public,
140 (void *)offsetof(router_instance, verify_sender) }
141 };
142
143 int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist);
144
145
146 void
147 readconf_options_routers(void)
148 {
149 struct router_info * ri;
150
151 readconf_options_from_list(optionlist_routers, nelem(optionlist_routers), US"RT");
152
153 for (ri = routers_available; ri->driver_name[0]; ri++)
154 {
155 macro_create(string_sprintf("_DRVR_RTR_%T", ri->driver_name), US"y", FALSE);
156 readconf_options_from_list(ri->options, (unsigned)*ri->options_count, ri->driver_name);
157 }
158 }
159
160 /*************************************************
161 * Set router pointer from name *
162 *************************************************/
163
164 /* This function is used for the redirect_router and pass_router options and
165 called from route_init() below.
166
167 Arguments:
168 r the current router
169 name new router name
170 ptr where to put the pointer
171 after TRUE if router must follow this one
172
173 Returns: nothing.
174 */
175
176 static void
177 set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after)
178 {
179 BOOL afterthis = FALSE;
180 router_instance *rr;
181
182 for (rr = routers; rr; rr = rr->next)
183 {
184 if (Ustrcmp(name, rr->name) == 0)
185 {
186 *ptr = rr;
187 break;
188 }
189 if (rr == r) afterthis = TRUE;
190 }
191
192 if (!rr)
193 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
194 "new_router \"%s\" not found for \"%s\" router", name, r->name);
195
196 if (after && !afterthis)
197 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
198 "new_router \"%s\" does not follow \"%s\" router", name, r->name);
199 }
200
201
202
203 /*************************************************
204 * Initialize router list *
205 *************************************************/
206
207 /* Read the routers section of the configuration file, and set up a chain of
208 router instances according to its contents. Each router has generic options and
209 may also have its own private options. This function is only ever called when
210 routers == NULL. We use generic code in readconf to do the work. It will set
211 values from the configuration file, and then call the driver's initialization
212 function. */
213
214 void
215 route_init(void)
216 {
217 router_instance *r;
218
219 readconf_driver_init(US"router",
220 (driver_instance **)(&routers), /* chain anchor */
221 (driver_info *)routers_available, /* available drivers */
222 sizeof(router_info), /* size of info blocks */
223 &router_defaults, /* default values for generic options */
224 sizeof(router_instance), /* size of instance block */
225 optionlist_routers, /* generic options */
226 optionlist_routers_size);
227
228 for (r = routers; r; r = r->next)
229 {
230 uschar *s = r->self;
231
232 /* If log_as_local is unset, its overall default is FALSE. (The accept
233 router defaults it to TRUE.) */
234
235 if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE;
236
237 /* Check for transport or no transport on certain routers */
238
239 if ((r->info->ri_flags & ri_yestransport) != 0 &&
240 r->transport_name == NULL &&
241 !r->verify_only)
242 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
243 "a transport is required for this router", r->name);
244
245 if ((r->info->ri_flags & ri_notransport) != 0 &&
246 r->transport_name != NULL)
247 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
248 "a transport must not be defined for this router", r->name);
249
250 /* The "self" option needs to be decoded into a code value and possibly a
251 new domain string and a rewrite boolean. */
252
253 if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze;
254 else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer;
255 else if (Ustrcmp(s, "send") == 0) r->self_code = self_send;
256 else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass;
257 else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail;
258 else if (Ustrncmp(s, "reroute:", 8) == 0)
259 {
260 s += 8;
261 while (isspace(*s)) s++;
262 if (Ustrncmp(s, "rewrite:", 8) == 0)
263 {
264 r->self_rewrite = TRUE;
265 s += 8;
266 while (isspace(*s)) s++;
267 }
268 r->self = s;
269 r->self_code = self_reroute;
270 }
271
272 else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
273 "%s is not valid for the self option", r->name, s);
274
275 /* If any router has check_local_user set, default retry_use_local_part
276 TRUE; otherwise its default is FALSE. */
277
278 if (r->retry_use_local_part == TRUE_UNSET)
279 r->retry_use_local_part = r->check_local_user;
280
281 /* Build a host list if fallback hosts is set. */
282
283 host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
284
285 /* Check redirect_router and pass_router are valid */
286
287 if (r->redirect_router_name != NULL)
288 set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
289
290 if (r->pass_router_name != NULL)
291 set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
292
293 DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name,
294 r->dsn_lasthop ? "lasthop set" : "propagating DSN");
295 }
296 }
297
298
299
300 /*************************************************
301 * Tidy up after routing *
302 *************************************************/
303
304 /* Routers are entitled to keep hold of certain resources in their instance
305 blocks so as to save setting them up each time. An example is an open file.
306 Such routers must provide a tidyup entry point which is called when all routing
307 is finished, via this function. */
308
309 void
310 route_tidyup(void)
311 {
312 router_instance *r;
313 for (r = routers; r; r = r->next)
314 if (r->info->tidyup) (r->info->tidyup)(r);
315 }
316
317
318
319 /*************************************************
320 * Check local part for prefix *
321 *************************************************/
322
323 /* This function is handed a local part and a list of possible prefixes; if any
324 one matches, return the prefix length. A prefix beginning with '*' is a
325 wildcard.
326
327 Arguments:
328 local_part the local part to check
329 prefixes the list of prefixes
330
331 Returns: length of matching prefix or zero
332 */
333
334 int
335 route_check_prefix(const uschar *local_part, const uschar *prefixes)
336 {
337 int sep = 0;
338 uschar *prefix;
339 const uschar *listptr = prefixes;
340 uschar prebuf[64];
341
342 while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf))))
343 {
344 int plen = Ustrlen(prefix);
345 if (prefix[0] == '*')
346 {
347 const uschar *p;
348 prefix++;
349 for (p = local_part + Ustrlen(local_part) - (--plen);
350 p >= local_part; p--)
351 if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part;
352 }
353 else
354 if (strncmpic(prefix, local_part, plen) == 0) return plen;
355 }
356
357 return 0;
358 }
359
360
361
362 /*************************************************
363 * Check local part for suffix *
364 *************************************************/
365
366 /* This function is handed a local part and a list of possible suffixes;
367 if any one matches, return the suffix length. A suffix ending with '*'
368 is a wildcard.
369
370 Arguments:
371 local_part the local part to check
372 suffixes the list of suffixes
373
374 Returns: length of matching suffix or zero
375 */
376
377 int
378 route_check_suffix(const uschar *local_part, const uschar *suffixes)
379 {
380 int sep = 0;
381 int alen = Ustrlen(local_part);
382 uschar *suffix;
383 const uschar *listptr = suffixes;
384 uschar sufbuf[64];
385
386 while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf))))
387 {
388 int slen = Ustrlen(suffix);
389 if (suffix[slen-1] == '*')
390 {
391 const uschar *p, *pend;
392 pend = local_part + alen - (--slen) + 1;
393 for (p = local_part; p < pend; p++)
394 if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part);
395 }
396 else
397 if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0)
398 return slen;
399 }
400
401 return 0;
402 }
403
404
405
406
407 /*************************************************
408 * Check local part, domain, or sender *
409 *************************************************/
410
411 /* The checks in check_router_conditions() require similar code, so we use
412 this function to save repetition.
413
414 Arguments:
415 rname router name for error messages
416 type type of check, for error message
417 list domains, local_parts, or senders list
418 anchorptr -> tree for possibly cached items (domains)
419 cache_bits cached bits pointer
420 listtype MCL_DOMAIN for domain check
421 MCL_LOCALPART for local part check
422 MCL_ADDRESS for sender check
423 domloc current domain, current local part, or NULL for sender check
424 ldata where to put lookup data
425 caseless passed on to match_isinlist()
426 perror where to put an error message
427
428 Returns: OK item is in list
429 SKIP item is not in list, router is to be skipped
430 DEFER lookup or other defer
431 */
432
433 static int
434 route_check_dls(uschar *rname, uschar *type, const uschar *list,
435 tree_node **anchorptr, unsigned int *cache_bits, int listtype,
436 const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror)
437 {
438 if (!list) return OK; /* Empty list always succeeds */
439
440 DEBUG(D_route) debug_printf("checking %s\n", type);
441
442 /* The domain and local part use the same matching function, whereas sender
443 has its own code. */
444
445 switch(domloc
446 ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype,
447 caseless, ldata)
448 : match_address_list(sender_address ? sender_address : US"",
449 TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data)
450 )
451 {
452 case OK:
453 return OK;
454
455 case FAIL:
456 *perror = string_sprintf("%s router skipped: %s mismatch", rname, type);
457 DEBUG(D_route) debug_printf("%s\n", *perror);
458 return SKIP;
459
460 default: /* Paranoia, and keeps compilers happy */
461 case DEFER:
462 *perror = string_sprintf("%s check lookup or other defer", type);
463 DEBUG(D_route) debug_printf("%s\n", *perror);
464 return DEFER;
465 }
466 }
467
468
469
470 /*************************************************
471 * Check access by a given uid/gid *
472 *************************************************/
473
474 /* This function checks whether a given uid/gid has access to a given file or
475 directory. It is called only from check_files() below. This is hopefully a
476 cheapish check that does the job most of the time. Exim does *not* rely on this
477 test when actually accessing any file. The test is used when routing to make it
478 possible to take actions such as "if user x can access file y then run this
479 router".
480
481 During routing, Exim is normally running as root, and so the test will work
482 except for NFS non-root mounts. When verifying during message reception, Exim
483 is running as "exim", so the test may not work. This is a limitation of the
484 Exim design.
485
486 Code in check_files() below detects the case when it cannot stat() the file (as
487 root), and in that situation it uses a setuid subprocess in which to run this
488 test.
489
490 Arguments:
491 path the path to check
492 uid the user
493 gid the group
494 bits the bits required in the final component
495
496 Returns: TRUE
497 FALSE errno=EACCES or ENOENT (or others from realpath or stat)
498 */
499
500 static BOOL
501 route_check_access(uschar *path, uid_t uid, gid_t gid, int bits)
502 {
503 struct stat statbuf;
504 uschar *slash;
505 uschar *rp = US realpath(CS path, CS big_buffer);
506 uschar *sp = rp + 1;
507
508 DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path,
509 (int)uid, (int)gid, bits);
510
511 if (!rp) return FALSE;
512
513 while ((slash = Ustrchr(sp, '/')))
514 {
515 *slash = 0;
516 DEBUG(D_route) debug_printf("stat %s\n", rp);
517 if (Ustat(rp, &statbuf) < 0) return FALSE;
518 if ((statbuf.st_mode &
519 ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001)
520 ) == 0)
521 {
522 errno = EACCES;
523 return FALSE;
524 }
525 *slash = '/';
526 sp = slash + 1;
527 }
528
529 /* Down to the final component */
530
531 DEBUG(D_route) debug_printf("stat %s\n", rp);
532
533 if (Ustat(rp, &statbuf) < 0) return FALSE;
534
535 if (statbuf.st_uid == uid) bits = bits << 6;
536 else if (statbuf.st_gid == gid) bits = bits << 3;
537 if ((statbuf.st_mode & bits) != bits)
538 {
539 errno = EACCES;
540 return FALSE;
541 }
542
543 DEBUG(D_route) debug_printf("route_check_access() succeeded\n");
544 return TRUE;
545 }
546
547
548
549 /*************************************************
550 * Do file existence tests *
551 *************************************************/
552
553 /* This function is given a colon-separated list of file tests, each of which
554 is expanded before use. A test consists of a file name, optionally preceded by
555 ! (require non-existence) and/or + for handling permission denied (+ means
556 treat as non-existing).
557
558 An item that contains no slashes is interpreted as a username or id, with an
559 optional group id, for checking access to the file. This cannot be done
560 "perfectly", but it is good enough for a number of applications.
561
562 Arguments:
563 s a colon-separated list of file tests or NULL
564 perror a pointer to an anchor for an error text in the case of a DEFER
565
566 Returns: OK if s == NULL or all tests are as required
567 DEFER if the existence of at least one of the files is
568 unclear (an error other than non-existence occurred);
569 DEFER if an expansion failed
570 DEFER if a name is not absolute
571 DEFER if problems with user/group
572 SKIP otherwise
573 */
574
575 static int
576 check_files(const uschar *s, uschar **perror)
577 {
578 int sep = 0; /* List has default separators */
579 uid_t uid = 0; /* For picky compilers */
580 gid_t gid = 0; /* For picky compilers */
581 BOOL ugid_set = FALSE;
582 const uschar *listptr;
583 uschar *check;
584 uschar buffer[1024];
585
586 if (!s) return OK;
587
588 DEBUG(D_route) debug_printf("checking require_files\n");
589
590 listptr = s;
591 while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))))
592 {
593 int rc;
594 int eacces_code = 0;
595 BOOL invert = FALSE;
596 struct stat statbuf;
597 uschar *ss = expand_string(check);
598
599 if (!ss)
600 {
601 if (expand_string_forcedfail) continue;
602 *perror = string_sprintf("failed to expand \"%s\" for require_files: %s",
603 check, expand_string_message);
604 goto RETURN_DEFER;
605 }
606
607 /* Empty items are just skipped */
608
609 if (*ss == 0) continue;
610
611 /* If there are no slashes in the string, we have a user name or uid, with
612 optional group/gid. */
613
614 if (Ustrchr(ss, '/') == NULL)
615 {
616 BOOL ok;
617 struct passwd *pw;
618 uschar *comma = Ustrchr(ss, ',');
619
620 /* If there's a comma, temporarily terminate the user name/number
621 at that point. Then set the uid. */
622
623 if (comma != NULL) *comma = 0;
624 ok = route_finduser(ss, &pw, &uid);
625 if (comma != NULL) *comma = ',';
626
627 if (!ok)
628 {
629 *perror = string_sprintf("user \"%s\" for require_files not found", ss);
630 goto RETURN_DEFER;
631 }
632
633 /* If there was no comma, the gid is that associated with the user. */
634
635 if (comma == NULL)
636 {
637 if (pw != NULL) gid = pw->pw_gid; else
638 {
639 *perror = string_sprintf("group missing after numerical uid %d for "
640 "require_files", (int)uid);
641 goto RETURN_DEFER;
642 }
643 }
644 else
645 {
646 if (!route_findgroup(comma + 1, &gid))
647 {
648 *perror = string_sprintf("group \"%s\" for require_files not found\n",
649 comma + 1);
650 goto RETURN_DEFER;
651 }
652 }
653
654 /* Note that we have values set, and proceed to next item */
655
656 DEBUG(D_route)
657 debug_printf("check subsequent files for access by %s\n", ss);
658 ugid_set = TRUE;
659 continue;
660 }
661
662 /* Path, possibly preceded by + and ! */
663
664 if (*ss == '+')
665 {
666 eacces_code = 1;
667 while (isspace((*(++ss))));
668 }
669
670 if (*ss == '!')
671 {
672 invert = TRUE;
673 while (isspace((*(++ss))));
674 }
675
676 if (*ss != '/')
677 {
678 *perror = string_sprintf("require_files: \"%s\" is not absolute", ss);
679 goto RETURN_DEFER;
680 }
681
682 /* Stat the file, either as root (while routing) or as exim (while verifying
683 during message reception). */
684
685 rc = Ustat(ss, &statbuf);
686
687 DEBUG(D_route)
688 {
689 debug_printf("file check: %s\n", check);
690 if (ss != check) debug_printf("expanded file: %s\n", ss);
691 debug_printf("stat() yielded %d\n", rc);
692 }
693
694 /* If permission is denied, and we are running as root (i.e. routing for
695 delivery rather than verifying), and the requirement is to test for access by
696 a particular uid/gid, it must mean that the file is on a non-root-mounted NFS
697 system. In this case, we have to use a subprocess that runs as the relevant
698 uid in order to do the test. */
699
700 if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid)
701 {
702 int status;
703 pid_t pid;
704 void (*oldsignal)(int);
705
706 DEBUG(D_route) debug_printf("root is denied access: forking to check "
707 "in subprocess\n");
708
709 /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so
710 that the child process can be waited for, just in case get here with it set
711 otherwise. Save the old state for resetting on the wait. */
712
713 oldsignal = signal(SIGCHLD, SIG_DFL);
714 pid = fork();
715
716 /* If fork() fails, reinstate the original error and behave as if
717 this block of code were not present. This is the same behavious as happens
718 when Exim is not running as root at this point. */
719
720 if (pid < 0)
721 {
722 DEBUG(D_route)
723 debug_printf("require_files: fork failed: %s\n", strerror(errno));
724 errno = EACCES;
725 goto HANDLE_ERROR;
726 }
727
728 /* In the child process, change uid and gid, and then do the check using
729 the route_check_access() function. This does more than just stat the file;
730 it tests permissions as well. Return 0 for OK and 1 for failure. */
731
732 if (pid == 0)
733 {
734 exim_setugid(uid, gid, TRUE,
735 string_sprintf("require_files check, file=%s", ss));
736 if (route_check_access(ss, uid, gid, 4)) _exit(0);
737 DEBUG(D_route) debug_printf("route_check_access() failed\n");
738 _exit(1);
739 }
740
741 /* In the parent, wait for the child to finish */
742
743 while (waitpid(pid, &status, 0) < 0)
744 {
745 if (errno != EINTR) /* unexpected error, interpret as failure */
746 {
747 status = 1;
748 break;
749 }
750 }
751
752 signal(SIGCHLD, oldsignal); /* restore */
753 if ((status == 0) == invert) return SKIP;
754 continue; /* to test the next file */
755 }
756
757 /* Control reaches here if the initial stat() succeeds, or fails with an
758 error other than EACCES, or no uid/gid is set, or we are not running as root.
759 If we know the file exists and uid/gid are set, try to check read access for
760 that uid/gid as best we can. */
761
762 if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4))
763 {
764 DEBUG(D_route) debug_printf("route_check_access() failed\n");
765 rc = -1;
766 }
767
768 /* Handle error returns from stat() or route_check_access(). The EACESS error
769 is handled specially. At present, we can force it to be treated as
770 non-existence. Write the code so that it will be easy to add forcing for
771 existence if required later. */
772
773 HANDLE_ERROR:
774 if (rc < 0)
775 {
776 DEBUG(D_route) debug_printf("errno = %d\n", errno);
777 if (errno == EACCES)
778 {
779 if (eacces_code == 1)
780 {
781 DEBUG(D_route) debug_printf("EACCES => ENOENT\n");
782 errno = ENOENT; /* Treat as non-existent */
783 }
784 }
785 if (errno != ENOENT)
786 {
787 *perror = string_sprintf("require_files: error for %s: %s", ss,
788 strerror(errno));
789 goto RETURN_DEFER;
790 }
791 }
792
793 /* At this point, rc < 0 => non-existence; rc >= 0 => existence */
794
795 if ((rc >= 0) == invert) return SKIP;
796 }
797
798 return OK;
799
800 /* Come here on any of the errors that return DEFER. */
801
802 RETURN_DEFER:
803 DEBUG(D_route) debug_printf("%s\n", *perror);
804 return DEFER;
805 }
806
807
808
809
810
811 /*************************************************
812 * Check for router skipping *
813 *************************************************/
814
815 /* This function performs various checks to see whether a router should be
816 skipped. The order in which they are performed is important.
817
818 Arguments:
819 r pointer to router instance block
820 addr address that is being handled
821 verify the verification type
822 pw ptr to ptr to passwd structure for local user
823 perror for lookup errors
824
825 Returns: OK if all the tests succeed
826 SKIP if router is to be skipped
827 DEFER for a lookup defer
828 FAIL for address to be failed
829 */
830
831 static BOOL
832 check_router_conditions(router_instance *r, address_item *addr, int verify,
833 struct passwd **pw, uschar **perror)
834 {
835 int rc;
836 uschar *check_local_part;
837 unsigned int *localpart_cache;
838
839 /* Reset variables to hold a home directory and data from lookup of a domain or
840 local part, and ensure search_find_defer is unset, in case there aren't any
841 actual lookups. */
842
843 deliver_home = NULL;
844 deliver_domain_data = NULL;
845 deliver_localpart_data = NULL;
846 sender_data = NULL;
847 local_user_gid = (gid_t)(-1);
848 local_user_uid = (uid_t)(-1);
849 search_find_defer = FALSE;
850
851 /* Skip this router if not verifying and it has verify_only set */
852
853 if ((verify == v_none || verify == v_expn) && r->verify_only)
854 {
855 DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name);
856 return SKIP;
857 }
858
859 /* Skip this router if testing an address (-bt) and address_test is not set */
860
861 if (address_test_mode && !r->address_test)
862 {
863 DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n",
864 r->name);
865 return SKIP;
866 }
867
868 /* Skip this router if verifying and it hasn't got the appropriate verify flag
869 set. */
870
871 if ((verify == v_sender && !r->verify_sender) ||
872 (verify == v_recipient && !r->verify_recipient))
873 {
874 DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n",
875 r->name, verify, r->verify_sender, r->verify_recipient);
876 return SKIP;
877 }
878
879 /* Skip this router if processing EXPN and it doesn't have expn set */
880
881 if (verify == v_expn && !r->expn)
882 {
883 DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name);
884 return SKIP;
885 }
886
887 /* Skip this router if there's a domain mismatch. */
888
889 if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor,
890 addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data,
891 MCL_DOMAIN, perror)) != OK)
892 return rc;
893
894 /* Skip this router if there's a local part mismatch. We want to pass over the
895 caseful local part, so that +caseful can restore it, even if this router is
896 handling local parts caselessly. However, we can't just pass cc_local_part,
897 because that doesn't have the prefix or suffix stripped. A bit of massaging is
898 required. Also, we only use the match cache for local parts that have not had
899 a prefix or suffix stripped. */
900
901 if (!addr->prefix && !addr->suffix)
902 {
903 localpart_cache = addr->localpart_cache;
904 check_local_part = addr->cc_local_part;
905 }
906 else
907 {
908 localpart_cache = NULL;
909 check_local_part = string_copy(addr->cc_local_part);
910 if (addr->prefix)
911 check_local_part += Ustrlen(addr->prefix);
912 if (addr->suffix)
913 check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0;
914 }
915
916 if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
917 &localpartlist_anchor, localpart_cache, MCL_LOCALPART,
918 check_local_part, CUSS &deliver_localpart_data,
919 !r->caseful_local_part, perror)) != OK)
920 return rc;
921
922 /* If the check_local_user option is set, check that the local_part is the
923 login of a local user. Note: the third argument to route_finduser() must be
924 NULL here, to prevent a numeric string being taken as a numeric uid. If the
925 user is found, set deliver_home to the home directory, and also set
926 local_user_{uid,gid}. */
927
928 if (r->check_local_user)
929 {
930 DEBUG(D_route) debug_printf("checking for local user\n");
931 if (!route_finduser(addr->local_part, pw, NULL))
932 {
933 DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n",
934 r->name, addr->local_part);
935 return SKIP;
936 }
937 deliver_home = string_copy(US (*pw)->pw_dir);
938 local_user_gid = (*pw)->pw_gid;
939 local_user_uid = (*pw)->pw_uid;
940 }
941
942 /* Set (or override in the case of check_local_user) the home directory if
943 router_home_directory is set. This is done here so that it overrides $home from
944 check_local_user before any subsequent expansions are done. Otherwise, $home
945 could mean different things for different options, which would be extremely
946 confusing. */
947
948 if (r->router_home_directory)
949 {
950 uschar *router_home = expand_string(r->router_home_directory);
951 if (!router_home)
952 {
953 if (!expand_string_forcedfail)
954 {
955 *perror = string_sprintf("failed to expand \"%s\" for "
956 "router_home_directory: %s", r->router_home_directory,
957 expand_string_message);
958 return DEFER;
959 }
960 }
961 else
962 {
963 setflag(addr, af_home_expanded); /* Note set from router_home_directory */
964 deliver_home = router_home;
965 }
966 }
967
968 /* Skip if the sender condition is not met. We leave this one till after the
969 local user check so that $home is set - enabling the possiblity of letting
970 individual recipients specify lists of acceptable/unacceptable senders. */
971
972 if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
973 sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK)
974 return rc;
975
976 /* This is the point at which we print out the router's debugging string if it
977 is set. We wait till here so as to have $home available for local users (and
978 anyway, we don't want too much stuff for skipped routers). */
979
980 debug_print_string(r->debug_string);
981
982 /* Perform file existence tests. */
983
984 if ((rc = check_files(r->require_files, perror)) != OK)
985 {
986 DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name,
987 (rc == SKIP)? "skipped" : "deferred");
988 return rc;
989 }
990
991 /* Now the general condition test. */
992
993 if (r->condition)
994 {
995 DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition);
996 if (!expand_check_condition(r->condition, r->name, US"router"))
997 {
998 if (search_find_defer)
999 {
1000 *perror = US"condition check lookup defer";
1001 DEBUG(D_route) debug_printf("%s\n", *perror);
1002 return DEFER;
1003 }
1004 DEBUG(D_route)
1005 debug_printf("%s router skipped: condition failure\n", r->name);
1006 return SKIP;
1007 }
1008 }
1009
1010 #ifdef EXPERIMENTAL_BRIGHTMAIL
1011 /* check if a specific Brightmail AntiSpam rule fired on the message */
1012 if (r->bmi_rule)
1013 {
1014 DEBUG(D_route) debug_printf("checking bmi_rule\n");
1015 if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0)
1016 { /* none of the rules fired */
1017 DEBUG(D_route)
1018 debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name);
1019 return SKIP;
1020 }
1021 }
1022
1023 /* check if message should not be delivered */
1024 if (r->bmi_dont_deliver && bmi_deliver == 1)
1025 {
1026 DEBUG(D_route)
1027 debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name);
1028 return SKIP;
1029 }
1030
1031 /* check if message should go to an alternate location */
1032 if ( r->bmi_deliver_alternate
1033 && (bmi_deliver == 0 || !bmi_alt_location)
1034 )
1035 {
1036 DEBUG(D_route)
1037 debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name);
1038 return SKIP;
1039 }
1040
1041 /* check if message should go to default location */
1042 if ( r->bmi_deliver_default
1043 && (bmi_deliver == 0 || bmi_alt_location)
1044 )
1045 {
1046 DEBUG(D_route)
1047 debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name);
1048 return SKIP;
1049 }
1050 #endif
1051
1052 /* All the checks passed. */
1053
1054 return OK;
1055 }
1056
1057
1058
1059
1060 /*************************************************
1061 * Find a local user *
1062 *************************************************/
1063
1064 /* Try several times (if configured) to find a local user, in case delays in
1065 NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam()
1066 doesn't have some kind of indication as to why it has failed. If the string
1067 given consists entirely of digits, and the third argument is not NULL, assume
1068 the string is the numerical value of the uid. Otherwise it is looked up using
1069 getpwnam(). The uid is passed back via return_uid, if not NULL, and the
1070 pointer to a passwd structure, if found, is passed back via pw, if not NULL.
1071
1072 Because this may be called several times in succession for the same user for
1073 different routers, cache the result of the previous getpwnam call so that it
1074 can be re-used. Note that we can't just copy the structure, as the store it
1075 points to can get trashed.
1076
1077 Arguments:
1078 s the login name or textual form of the numerical uid of the user
1079 pw if not NULL, return the result of getpwnam here, or set NULL
1080 if no call to getpwnam is made (s numeric, return_uid != NULL)
1081 return_uid if not NULL, return the uid via this address
1082
1083 Returns: TRUE if s is numerical or was looked up successfully
1084
1085 */
1086
1087 static struct passwd pwcopy;
1088 static struct passwd *lastpw = NULL;
1089 static uschar lastname[48] = { 0 };
1090 static uschar lastdir[128];
1091 static uschar lastgecos[128];
1092 static uschar lastshell[128];
1093
1094 BOOL
1095 route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid)
1096 {
1097 BOOL cache_set = (Ustrcmp(lastname, s) == 0);
1098
1099 DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s,
1100 cache_set? "using cached result" : "cache not available");
1101
1102 if (!cache_set)
1103 {
1104 int i = 0;
1105
1106 if (return_uid && (isdigit(*s) || *s == '-') &&
1107 s[Ustrspn(s+1, "0123456789")+1] == 0)
1108 {
1109 *return_uid = (uid_t)Uatoi(s);
1110 if (pw) *pw = NULL;
1111 return TRUE;
1112 }
1113
1114 (void)string_format(lastname, sizeof(lastname), "%s", s);
1115
1116 /* Force failure if string length is greater than given maximum */
1117
1118 if (max_username_length > 0 && Ustrlen(lastname) > max_username_length)
1119 {
1120 DEBUG(D_uid) debug_printf("forced failure of finduser(): string "
1121 "length of %s is greater than %d\n", lastname, max_username_length);
1122 lastpw = NULL;
1123 }
1124
1125 /* Try a few times if so configured; this handles delays in NIS etc. */
1126
1127 else for (;;)
1128 {
1129 errno = 0;
1130 if ((lastpw = getpwnam(CS s))) break;
1131 if (++i > finduser_retries) break;
1132 sleep(1);
1133 }
1134
1135 if (lastpw)
1136 {
1137 pwcopy.pw_uid = lastpw->pw_uid;
1138 pwcopy.pw_gid = lastpw->pw_gid;
1139 (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir);
1140 (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos);
1141 (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell);
1142 pwcopy.pw_name = CS lastname;
1143 pwcopy.pw_dir = CS lastdir;
1144 pwcopy.pw_gecos = CS lastgecos;
1145 pwcopy.pw_shell = CS lastshell;
1146 lastpw = &pwcopy;
1147 }
1148
1149 else DEBUG(D_uid) if (errno != 0)
1150 debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno));
1151 }
1152
1153 if (!lastpw)
1154 {
1155 DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n");
1156 return FALSE;
1157 }
1158
1159 DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n",
1160 lastpw->pw_uid, lastpw->pw_gid);
1161
1162 if (return_uid) *return_uid = lastpw->pw_uid;
1163 if (pw) *pw = lastpw;
1164
1165 return TRUE;
1166 }
1167
1168
1169
1170
1171 /*************************************************
1172 * Find a local group *
1173 *************************************************/
1174
1175 /* Try several times (if configured) to find a local group, in case delays in
1176 NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam()
1177 doesn't have some kind of indication as to why it has failed.
1178
1179 Arguments:
1180 s the group namd or textual form of the numerical gid
1181 return_gid return the gid via this address
1182
1183 Returns: TRUE if the group was found; FALSE otherwise
1184
1185 */
1186
1187 BOOL
1188 route_findgroup(uschar *s, gid_t *return_gid)
1189 {
1190 int i = 0;
1191 struct group *gr;
1192
1193 if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0)
1194 {
1195 *return_gid = (gid_t)Uatoi(s);
1196 return TRUE;
1197 }
1198
1199 for (;;)
1200 {
1201 if ((gr = getgrnam(CS s)))
1202 {
1203 *return_gid = gr->gr_gid;
1204 return TRUE;
1205 }
1206 if (++i > finduser_retries) break;
1207 sleep(1);
1208 }
1209
1210 return FALSE;
1211 }
1212
1213
1214
1215
1216 /*************************************************
1217 * Find user by expanding string *
1218 *************************************************/
1219
1220 /* Expands a string, and then looks up the result in the passwd file.
1221
1222 Arguments:
1223 string the string to be expanded, yielding a login name or a numerical
1224 uid value (to be passed to route_finduser())
1225 driver_name caller name for panic error message (only)
1226 driver_type caller type for panic error message (only)
1227 pw return passwd entry via this pointer
1228 uid return uid via this pointer
1229 errmsg where to point a message on failure
1230
1231 Returns: TRUE if user found, FALSE otherwise
1232 */
1233
1234 BOOL
1235 route_find_expanded_user(uschar *string, uschar *driver_name,
1236 uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg)
1237 {
1238 uschar *user = expand_string(string);
1239
1240 if (!user)
1241 {
1242 *errmsg = string_sprintf("Failed to expand user string \"%s\" for the "
1243 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1244 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1245 return FALSE;
1246 }
1247
1248 if (route_finduser(user, pw, uid)) return TRUE;
1249
1250 *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string "
1251 "\"%s\" for the %s %s", user, string, driver_name, driver_type);
1252 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1253 return FALSE;
1254 }
1255
1256
1257
1258 /*************************************************
1259 * Find group by expanding string *
1260 *************************************************/
1261
1262 /* Expands a string and then looks up the result in the group file.
1263
1264 Arguments:
1265 string the string to be expanded, yielding a group name or a numerical
1266 gid value (to be passed to route_findgroup())
1267 driver_name caller name for panic error message (only)
1268 driver_type caller type for panic error message (only)
1269 gid return gid via this pointer
1270 errmsg return error message via this pointer
1271
1272 Returns: TRUE if found group, FALSE otherwise
1273 */
1274
1275 BOOL
1276 route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type,
1277 gid_t *gid, uschar **errmsg)
1278 {
1279 BOOL yield = TRUE;
1280 uschar *group = expand_string(string);
1281
1282 if (!group)
1283 {
1284 *errmsg = string_sprintf("Failed to expand group string \"%s\" for the "
1285 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1286 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1287 return FALSE;
1288 }
1289
1290 if (!route_findgroup(group, gid))
1291 {
1292 *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string "
1293 "\"%s\" for the %s %s", group, string, driver_name, driver_type);
1294 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1295 yield = FALSE;
1296 }
1297
1298 return yield;
1299 }
1300
1301
1302
1303 /*************************************************
1304 * Handle an unseen routing *
1305 *************************************************/
1306
1307 /* This function is called when an address is routed by a router with "unseen"
1308 set. It must make a clone of the address, for handling by subsequent drivers.
1309 The clone is set to start routing at the next router.
1310
1311 The original address must be replaced by an invented "parent" which has the
1312 routed address plus the clone as its children. This is necessary in case the
1313 address is at the top level - we don't want to mark it complete until both
1314 deliveries have been done.
1315
1316 A new unique field must be made, so that the record of the delivery isn't a
1317 record of the original address, and checking for already delivered has
1318 therefore to be done here. If the delivery has happened, then take the base
1319 address off whichever delivery queue it is on - it will always be the top item.
1320
1321 Arguments:
1322 name router name
1323 addr address that was routed
1324 paddr_local chain of local-delivery addresses
1325 paddr_remote chain of remote-delivery addresses
1326 addr_new chain for newly created addresses
1327
1328 Returns: nothing
1329 */
1330
1331 static void
1332 route_unseen(uschar *name, address_item *addr, address_item **paddr_local,
1333 address_item **paddr_remote, address_item **addr_new)
1334 {
1335 address_item *parent = deliver_make_addr(addr->address, TRUE);
1336 address_item *new = deliver_make_addr(addr->address, TRUE);
1337
1338 /* The invented parent is a copy that replaces the original; note that
1339 this copies its parent pointer. It has two children, and its errors_address is
1340 from the original address' parent, if present, otherwise unset. */
1341
1342 *parent = *addr;
1343 parent->child_count = 2;
1344 parent->prop.errors_address =
1345 addr->parent ? addr->parent->prop.errors_address : NULL;
1346
1347 /* The routed address gets a new parent. */
1348
1349 addr->parent = parent;
1350
1351 /* The clone has this parent too. Set its errors address from the parent. This
1352 was set from the original parent (or to NULL) - see above. We do NOT want to
1353 take the errors address from the unseen router. */
1354
1355 new->parent = parent;
1356 new->prop.errors_address = parent->prop.errors_address;
1357
1358 /* Copy the propagated flags and address_data from the original. */
1359
1360 copyflag(new, addr, af_propagate);
1361 new->prop.address_data = addr->prop.address_data;
1362 new->dsn_flags = addr->dsn_flags;
1363 new->dsn_orcpt = addr->dsn_orcpt;
1364
1365
1366 /* As it has turned out, we haven't set headers_add or headers_remove for the
1367 * clone. Thinking about it, it isn't entirely clear whether they should be
1368 * copied from the original parent, like errors_address, or taken from the
1369 * unseen router, like address_data and the flags. Until somebody brings this
1370 * up, I propose to leave the code as it is.
1371 */
1372
1373
1374 /* Set the cloned address to start at the next router, and put it onto the
1375 chain of new addresses. */
1376
1377 new->start_router = addr->router->next;
1378 new->next = *addr_new;
1379 *addr_new = new;
1380
1381 DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address);
1382
1383 /* Make a new unique field, to distinguish from the normal one. */
1384
1385 addr->unique = string_sprintf("%s/%s", addr->unique, name);
1386
1387 /* If the address has been routed to a transport, see if it was previously
1388 delivered. If so, we take it off the relevant queue so that it isn't delivered
1389 again. Otherwise, it was an alias or something, and the addresses it generated
1390 are handled in the normal way. */
1391
1392 if (addr->transport && tree_search(tree_nonrecipients, addr->unique))
1393 {
1394 DEBUG(D_route)
1395 debug_printf("\"unseen\" delivery previously done - discarded\n");
1396 parent->child_count--;
1397 if (*paddr_remote == addr) *paddr_remote = addr->next;
1398 if (*paddr_local == addr) *paddr_local = addr->next;
1399 }
1400 }
1401
1402
1403
1404 /*************************************************
1405 * Route one address *
1406 *************************************************/
1407
1408 /* This function is passed in one address item, for processing by the routers.
1409 The verify flag is set if this is being called for verification rather than
1410 delivery. If the router doesn't have its "verify" flag set, it is skipped.
1411
1412 Arguments:
1413 addr address to route
1414 paddr_local chain of local-delivery addresses
1415 paddr_remote chain of remote-delivery addresses
1416 addr_new chain for newly created addresses
1417 addr_succeed chain for completed addresses
1418 verify v_none if not verifying
1419 v_sender if verifying a sender address
1420 v_recipient if verifying a recipient address
1421 v_expn if processing an EXPN address
1422
1423 Returns: OK => address successfully routed
1424 DISCARD => address was discarded
1425 FAIL => address could not be routed
1426 DEFER => some temporary problem
1427 ERROR => some major internal or configuration failure
1428 */
1429
1430 int
1431 route_address(address_item *addr, address_item **paddr_local,
1432 address_item **paddr_remote, address_item **addr_new,
1433 address_item **addr_succeed, int verify)
1434 {
1435 int yield = OK;
1436 BOOL unseen;
1437 router_instance *r, *nextr;
1438 const uschar *old_domain = addr->domain;
1439
1440 HDEBUG(D_route)
1441 {
1442 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1443 debug_printf("routing %s\n", addr->address);
1444 }
1445
1446 /* Loop through all router instances until a router succeeds, fails, defers, or
1447 encounters an error. If the address has start_router set, we begin from there
1448 instead of at the first router. */
1449
1450 for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
1451 {
1452 uschar *error;
1453 struct passwd *pw = NULL;
1454 struct passwd pwcopy;
1455 address_item *parent;
1456 BOOL loop_detected = FALSE;
1457 BOOL more;
1458 int loopcount = 0;
1459 int rc;
1460
1461 DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name);
1462
1463 /* Reset any search error message from the previous router. */
1464
1465 search_error_message = NULL;
1466
1467 /* There are some weird cases where logging is disabled */
1468
1469 disable_logging = r->disable_logging;
1470
1471 /* Record the last router to handle the address, and set the default
1472 next router. */
1473
1474 addr->router = r;
1475 nextr = r->next;
1476
1477 /* Loop protection: If this address has an ancestor with the same address,
1478 and that ancestor was routed by this router, we skip this router. This
1479 prevents a variety of looping states when a new address is created by
1480 redirection or by the use of "unseen" on a router.
1481
1482 If no_repeat_use is set on the router, we skip if _any_ ancestor was routed
1483 by this router, even if it was different to the current address.
1484
1485 Just in case someone does put it into a loop (possible with redirection
1486 continally adding to an address, for example), put a long stop counter on
1487 the number of parents. */
1488
1489 for (parent = addr->parent; parent; parent = parent->parent)
1490 {
1491 if (parent->router == r)
1492 {
1493 BOOL break_loop = !r->repeat_use;
1494
1495 /* When repeat_use is set, first check the active addresses caselessly.
1496 If they match, we have to do a further caseful check of the local parts
1497 when caseful_local_part is set. This is assumed to be rare, which is why
1498 the code is written this way. */
1499
1500 if (!break_loop)
1501 {
1502 break_loop = strcmpic(parent->address, addr->address) == 0;
1503 if (break_loop && r->caseful_local_part)
1504 break_loop = Ustrncmp(parent->address, addr->address,
1505 Ustrrchr(addr->address, '@') - addr->address) == 0;
1506 }
1507
1508 if (break_loop)
1509 {
1510 DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n",
1511 r->name, parent->address);
1512 loop_detected = TRUE;
1513 break;
1514 }
1515 }
1516
1517 /* Continue with parents, limiting the size of the dynasty. */
1518
1519 if (loopcount++ > 100)
1520 {
1521 log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address);
1522 yield = DEFER;
1523 goto ROUTE_EXIT;
1524 }
1525 }
1526
1527 if (loop_detected) continue;
1528
1529 /* Default no affixes and select whether to use a caseful or caseless local
1530 part in this router. */
1531
1532 addr->prefix = addr->suffix = NULL;
1533 addr->local_part = r->caseful_local_part?
1534 addr->cc_local_part : addr->lc_local_part;
1535
1536 DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part,
1537 addr->domain);
1538
1539 /* Handle any configured prefix by replacing the local_part address,
1540 and setting the prefix. Skip the router if the prefix doesn't match,
1541 unless the prefix is optional. */
1542
1543 if (r->prefix)
1544 {
1545 int plen = route_check_prefix(addr->local_part, r->prefix);
1546 if (plen > 0)
1547 {
1548 addr->prefix = string_copyn(addr->local_part, plen);
1549 addr->local_part += plen;
1550 DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1551 }
1552 else if (!r->prefix_optional)
1553 {
1554 DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n",
1555 r->name);
1556 continue;
1557 }
1558 }
1559
1560 /* Handle any configured suffix likewise. */
1561
1562 if (r->suffix)
1563 {
1564 int slen = route_check_suffix(addr->local_part, r->suffix);
1565 if (slen > 0)
1566 {
1567 int lplen = Ustrlen(addr->local_part) - slen;
1568 addr->suffix = addr->local_part + lplen;
1569 addr->local_part = string_copyn(addr->local_part, lplen);
1570 DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
1571 }
1572 else if (!r->suffix_optional)
1573 {
1574 DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n",
1575 r->name);
1576 continue;
1577 }
1578 }
1579
1580 /* Set the expansion variables now that we have the affixes and the case of
1581 the local part sorted. */
1582
1583 router_name = r->name;
1584 deliver_set_expansions(addr);
1585
1586 /* For convenience, the pre-router checks are in a separate function, which
1587 returns OK, SKIP, FAIL, or DEFER. */
1588
1589 if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1590 {
1591 router_name = NULL;
1592 if (rc == SKIP) continue;
1593 addr->message = error;
1594 yield = rc;
1595 goto ROUTE_EXIT;
1596 }
1597
1598 /* All pre-conditions have been met. Reset any search error message from
1599 pre-condition tests. These can arise in negated tests where the failure of
1600 the lookup leads to a TRUE pre-condition. */
1601
1602 search_error_message = NULL;
1603
1604 /* Finally, expand the address_data field in the router. Forced failure
1605 behaves as if the router declined. Any other failure is more serious. On
1606 success, the string is attached to the address for all subsequent processing.
1607 */
1608
1609 if (r->address_data)
1610 {
1611 DEBUG(D_route) debug_printf("processing address_data\n");
1612 deliver_address_data = expand_string(r->address_data);
1613 if (!deliver_address_data)
1614 {
1615 if (expand_string_forcedfail)
1616 {
1617 DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" "
1618 "(address_data): decline action taken\n", r->address_data);
1619
1620 /* Expand "more" if necessary; DEFER => an expansion failed */
1621
1622 yield = exp_bool(addr, US"router", r->name, D_route,
1623 US"more", r->more, r->expand_more, &more);
1624 if (yield != OK) goto ROUTE_EXIT;
1625
1626 if (!more)
1627 {
1628 DEBUG(D_route)
1629 debug_printf("\"more\"=false: skipping remaining routers\n");
1630 router_name = NULL;
1631 r = NULL;
1632 break;
1633 }
1634 else continue; /* With next router */
1635 }
1636
1637 else
1638 {
1639 addr->message = string_sprintf("expansion of \"%s\" failed "
1640 "in %s router: %s", r->address_data, r->name, expand_string_message);
1641 yield = DEFER;
1642 goto ROUTE_EXIT;
1643 }
1644 }
1645 addr->prop.address_data = deliver_address_data;
1646 }
1647
1648 /* We are finally cleared for take-off with this router. Clear the the flag
1649 that records that a local host was removed from a routed host list. Make a
1650 copy of relevant fields in the password information from check_local_user,
1651 because it will be overwritten if check_local_user is invoked again while
1652 verifying an errors_address setting. */
1653
1654 clearflag(addr, af_local_host_removed);
1655
1656 if (pw)
1657 {
1658 pwcopy.pw_name = CS string_copy(US pw->pw_name);
1659 pwcopy.pw_uid = pw->pw_uid;
1660 pwcopy.pw_gid = pw->pw_gid;
1661 pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos);
1662 pwcopy.pw_dir = CS string_copy(US pw->pw_dir);
1663 pwcopy.pw_shell = CS string_copy(US pw->pw_shell);
1664 pw = &pwcopy;
1665 }
1666
1667 /* Run the router, and handle the consequences. */
1668
1669 /* ... but let us check on DSN before. If this should be the last hop for DSN
1670 set flag. */
1671
1672 if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop))
1673 {
1674 addr->dsn_flags |= rf_dsnlasthop;
1675 HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address);
1676 }
1677
1678 HDEBUG(D_route) debug_printf("calling %s router\n", r->name);
1679
1680 yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
1681 addr_new, addr_succeed);
1682
1683 router_name = NULL;
1684
1685 if (yield == FAIL)
1686 {
1687 HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
1688 goto ROUTE_EXIT;
1689 }
1690
1691 /* If succeeded while verifying but fail_verify is set, convert into
1692 a failure, and take it off the local or remote delivery list. */
1693
1694 if (((verify == v_sender && r->fail_verify_sender) ||
1695 (verify == v_recipient && r->fail_verify_recipient)) &&
1696 (yield == OK || yield == PASS))
1697 {
1698 addr->message = string_sprintf("%s router forced verify failure", r->name);
1699 if (*paddr_remote == addr) *paddr_remote = addr->next;
1700 if (*paddr_local == addr) *paddr_local = addr->next;
1701 yield = FAIL;
1702 goto ROUTE_EXIT;
1703 }
1704
1705 /* PASS and DECLINE are the only two cases where the loop continues. For all
1706 other returns, we break the loop and handle the result below. */
1707
1708 if (yield != PASS && yield != DECLINE) break;
1709
1710 HDEBUG(D_route)
1711 {
1712 debug_printf("%s router %s for %s\n", r->name,
1713 (yield == PASS)? "passed" : "declined", addr->address);
1714 if (Ustrcmp(old_domain, addr->domain) != 0)
1715 debug_printf("domain %s rewritten\n", old_domain);
1716 }
1717
1718 /* PASS always continues to another router; DECLINE does so if "more"
1719 is true. Initialization insists that pass_router is always a following
1720 router. Otherwise, break the loop as if at the end of the routers. */
1721
1722 if (yield == PASS)
1723 {
1724 if (r->pass_router != NULL) nextr = r->pass_router;
1725 }
1726 else
1727 {
1728 /* Expand "more" if necessary */
1729
1730 yield = exp_bool(addr, US"router", r->name, D_route,
1731 US"more", r->more, r->expand_more, &more);
1732 if (yield != OK) goto ROUTE_EXIT;
1733
1734 if (!more)
1735 {
1736 HDEBUG(D_route)
1737 debug_printf("\"more\" is false: skipping remaining routers\n");
1738 r = NULL;
1739 break;
1740 }
1741 }
1742 } /* Loop for all routers */
1743
1744 /* On exit from the routers loop, if r == NULL we have run out of routers,
1745 either genuinely, or as a result of no_more. Otherwise, the loop ended
1746 prematurely, either because a router succeeded, or because of some special
1747 router response. Note that FAIL errors and errors detected before actually
1748 running a router go direct to ROUTE_EXIT from code above. */
1749
1750 if (!r)
1751 {
1752 HDEBUG(D_route) debug_printf("no more routers\n");
1753 if (!addr->message)
1754 {
1755 uschar *message = US"Unrouteable address";
1756 if (addr->router && addr->router->cannot_route_message)
1757 {
1758 uschar *expmessage = expand_string(addr->router->cannot_route_message);
1759 if (!expmessage)
1760 {
1761 if (!expand_string_forcedfail)
1762 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
1763 "cannot_route_message in %s router: %s", addr->router->name,
1764 expand_string_message);
1765 }
1766 else message = expmessage;
1767 }
1768 addr->user_message = addr->message = message;
1769 }
1770 addr->router = NULL; /* For logging */
1771 yield = FAIL;
1772 goto ROUTE_EXIT;
1773 }
1774
1775 if (yield == DEFER)
1776 {
1777 HDEBUG(D_route)
1778 {
1779 debug_printf("%s router: defer for %s\n", r->name, addr->address);
1780 debug_printf(" message: %s\n", (addr->message == NULL)?
1781 US"<none>" : addr->message);
1782 }
1783 goto ROUTE_EXIT;
1784 }
1785
1786 if (yield == DISCARD) goto ROUTE_EXIT;
1787
1788 /* The yield must be either OK or REROUTED. */
1789
1790 if (yield != OK && yield != REROUTED)
1791 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d",
1792 r->name, yield);
1793
1794 /* If the yield was REROUTED, the router put a child address on the new chain
1795 as a result of a domain change of some sort (widening, typically). */
1796
1797 if (yield == REROUTED)
1798 {
1799 HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address);
1800 yield = OK;
1801 goto ROUTE_EXIT;
1802 }
1803
1804 /* The only remaining possibility is that the router succeeded. If the
1805 translate_ip_address options is set and host addresses were associated with the
1806 address, run them through the translation. This feature is for weird and
1807 wonderful situations (the amateur packet radio people need it) or very broken
1808 networking, so it is included in the binary only if requested. */
1809
1810 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
1811
1812 if (r->translate_ip_address)
1813 {
1814 int rc;
1815 int old_pool = store_pool;
1816 host_item *h;
1817 for (h = addr->host_list; h; h = h->next)
1818 {
1819 uschar *newaddress;
1820 uschar *oldaddress, *oldname;
1821
1822 if (!h->address) continue;
1823
1824 deliver_host_address = h->address;
1825 newaddress = expand_string(r->translate_ip_address);
1826 deliver_host_address = NULL;
1827
1828 if (!newaddress)
1829 {
1830 if (expand_string_forcedfail) continue;
1831 addr->basic_errno = ERRNO_EXPANDFAIL;
1832 addr->message = string_sprintf("translate_ip_address expansion "
1833 "failed: %s", expand_string_message);
1834 yield = DEFER;
1835 goto ROUTE_EXIT;
1836 }
1837
1838 DEBUG(D_route) debug_printf("%s [%s] translated to %s\n",
1839 h->name, h->address, newaddress);
1840 if (string_is_ip_address(newaddress, NULL) != 0)
1841 {
1842 h->address = newaddress;
1843 continue;
1844 }
1845
1846 oldname = h->name;
1847 oldaddress = h->address;
1848 h->name = newaddress;
1849 h->address = NULL;
1850 h->mx = MX_NONE;
1851
1852 store_pool = POOL_PERM;
1853 rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
1854 store_pool = old_pool;
1855
1856 if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN)
1857 {
1858 addr->basic_errno = ERRNO_UNKNOWNHOST;
1859 addr->message = string_sprintf("host %s not found when "
1860 "translating %s [%s]", h->name, oldname, oldaddress);
1861 yield = DEFER;
1862 goto ROUTE_EXIT;
1863 }
1864 }
1865 }
1866 #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */
1867
1868 /* See if this is an unseen routing; first expand the option if necessary.
1869 DEFER can be given if the expansion fails */
1870
1871 yield = exp_bool(addr, US"router", r->name, D_route,
1872 US"unseen", r->unseen, r->expand_unseen, &unseen);
1873 if (yield != OK) goto ROUTE_EXIT;
1874
1875 /* Debugging output recording a successful routing */
1876
1877 HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name,
1878 unseen? " (unseen)" : "");
1879
1880 DEBUG(D_route)
1881 {
1882 host_item *h;
1883
1884 debug_printf(" envelope to: %s\n", addr->address);
1885 debug_printf(" transport: %s\n", (addr->transport == NULL)?
1886 US"<none>" : addr->transport->name);
1887
1888 if (addr->prop.errors_address)
1889 debug_printf(" errors to %s\n", addr->prop.errors_address);
1890
1891 for (h = addr->host_list; h; h = h->next)
1892 {
1893 debug_printf(" host %s", h->name);
1894 if (h->address) debug_printf(" [%s]", h->address);
1895 if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
1896 else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
1897 if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
1898 if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no");
1899 debug_printf("\n");
1900 }
1901 }
1902
1903 /* Clear any temporary error message set by a router that declined, and handle
1904 the "unseen" option (ignore if there are no further routers). */
1905
1906 addr->message = NULL;
1907 if (unseen && r->next)
1908 route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new);
1909
1910 /* Unset the address expansions, and return the final result. */
1911
1912 ROUTE_EXIT:
1913 if (yield == DEFER && addr->message)
1914 addr->message = expand_hide_passwords(addr->message);
1915
1916 deliver_set_expansions(NULL);
1917 router_name = NULL;
1918 disable_logging = FALSE;
1919 return yield;
1920 }
1921
1922 /* End of route.c */
Unnamed repository; edit this file 'description' to name the repository.