projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Refactor tls_client_init interface
[exim.git] / src / src / spool_in.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
10
11
12 #include "exim.h"
13
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
20
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
26 with append.
27
28 Argument: the id of the message
29 Returns: TRUE if file successfully opened and locked
30
31 Side effect: deliver_datafile is set to the fd of the open file.
32 */
33
34 BOOL
35 spool_open_datafile(uschar *id)
36 {
37 int i;
38 struct stat statbuf;
39 flock_t lock_data;
40 uschar spoolname[256];
41
42 /* If split_spool_directory is set, first look for the file in the appropriate
43 sub-directory of the input directory. If it is not found there, try the input
44 directory itself, to pick up leftovers from before the splitting. If split_
45 spool_directory is not set, first look in the main input directory. If it is
46 not found there, try the split sub-directory, in case it is left over from a
47 splitting state. */
48
49 for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70 the file. We lock only the first line of the file (containing the message ID)
71 because this apparently is needed for running Exim under Cygwin. If the entire
72 file is locked in one process, a sub-process cannot access it, even when passed
73 an open file descriptor (at least, I think that's the Cygwin story). On real
74 Unix systems it doesn't make any difference as long as Exim is consistent in
75 what it locks. */
76
77 (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
78 FD_CLOEXEC);
79
80 lock_data.l_type = F_WRLCK;
81 lock_data.l_whence = SEEK_SET;
82 lock_data.l_start = 0;
83 lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85 if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
90 (void)close(deliver_datafile);
91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96 /* Get the size of the data; don't include the leading filename line
97 in the count, but add one for the newline before the data. */
98
99 if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105 return TRUE;
106 }
107 #endif /* COMPILE_UTILITY */
108
109
110
111 /*************************************************
112 * Read non-recipients tree from spool file *
113 *************************************************/
114
115 /* The tree of non-recipients is written to the spool file in a form that
116 makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123 This function is entered with the next input line in the buffer. Note we must
124 save the right flag before recursing with the same buffer.
125
126 Once the tree is read, we re-construct the balance fields by scanning the tree.
127 I forgot to write them out originally, and the compatible fix is to do it this
128 way. This initial local recursing function does the necessary.
129
130 Arguments:
131 node tree node
132
133 Returns: maximum depth below the node, including the node itself
134 */
135
136 static int
137 count_below(tree_node *node)
138 {
139 int nleft, nright;
140 if (node == NULL) return 0;
141 nleft = count_below(node->left);
142 nright = count_below(node->right);
143 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144 return 1 + ((nleft > nright)? nleft : nright);
145 }
146
147 /* This is the real function...
148
149 Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155 Returns: FALSE on format error
156 */
157
158 static BOOL
159 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161 {
162 tree_node *node;
163 int n = Ustrlen(buffer);
164 BOOL right = buffer[1] == 'Y';
165
166 if (n < 5) return FALSE; /* malformed line */
167 buffer[n-1] = 0; /* Remove \n */
168 node = store_get(sizeof(tree_node) + n - 3);
169 *connect = node;
170 Ustrcpy(node->name, buffer + 3);
171 node->data.ptr = NULL;
172
173 if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179 else node->left = NULL;
180
181 if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187 else node->right = NULL;
188
189 (void) count_below(*connect);
190 return TRUE;
191 }
192
193
194
195
196 /*************************************************
197 * Read spool header file *
198 *************************************************/
199
200 /* This function reads a spool header file and places the data into the
201 appropriate global variables. The header portion is always read, but header
202 structures are built only if read_headers is set true. It isn't, for example,
203 while generating -bp output.
204
205 It may be possible for blocks of nulls (binary zeroes) to get written on the
206 end of a file if there is a system crash during writing. It was observed on an
207 earlier version of Exim that omitted to fsync() the files - this is thought to
208 have been the cause of that incident, but in any case, this code must be robust
209 against such an event, and if such a file is encountered, it must be treated as
210 malformed.
211
212 Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217 Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221 */
222
223 int
224 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225 {
226 FILE *f = NULL;
227 int n;
228 int rcount = 0;
229 long int uid, gid;
230 BOOL inheader = FALSE;
231 uschar *p;
232
233 /* Reset all the global variables to their default values. However, there is
234 one exception. DO NOT change the default value of dont_deliver, because it may
235 be forced by an external setting. */
236
237 acl_var_c = acl_var_m = NULL;
238 authenticated_id = NULL;
239 authenticated_sender = NULL;
240 allow_unqualified_recipient = FALSE;
241 allow_unqualified_sender = FALSE;
242 body_linecount = 0;
243 body_zerocount = 0;
244 deliver_firsttime = FALSE;
245 deliver_freeze = FALSE;
246 deliver_frozen_at = 0;
247 deliver_manual_thaw = FALSE;
248 /* dont_deliver must NOT be reset */
249 header_list = header_last = NULL;
250 host_lookup_deferred = FALSE;
251 host_lookup_failed = FALSE;
252 interface_address = NULL;
253 interface_port = 0;
254 local_error_message = FALSE;
255 local_scan_data = NULL;
256 max_received_linelength = 0;
257 message_linecount = 0;
258 received_protocol = NULL;
259 received_count = 0;
260 recipients_list = NULL;
261 sender_address = NULL;
262 sender_fullhost = NULL;
263 sender_helo_name = NULL;
264 sender_host_address = NULL;
265 sender_host_name = NULL;
266 sender_host_port = 0;
267 sender_host_authenticated = NULL;
268 sender_ident = NULL;
269 sender_local = FALSE;
270 sender_set_untrusted = FALSE;
271 smtp_active_hostname = primary_hostname;
272 tree_nonrecipients = NULL;
273
274 #ifdef EXPERIMENTAL_BRIGHTMAIL
275 bmi_run = 0;
276 bmi_verdicts = NULL;
277 #endif
278
279 #ifndef DISABLE_DKIM
280 dkim_signers = NULL;
281 dkim_disable_verify = FALSE;
282 dkim_collect_input = FALSE;
283 #endif
284
285 #ifdef SUPPORT_TLS
286 tls_in.certificate_verified = FALSE;
287 tls_in.cipher = NULL;
288 tls_in.ourcert = NULL;
289 tls_in.peercert = NULL;
290 tls_in.peerdn = NULL;
291 tls_in.sni = NULL;
292 #endif
293
294 #ifdef WITH_CONTENT_SCAN
295 spam_score_int = NULL;
296 #endif
297
298 /* Generate the full name and open the file. If message_subdir is already
299 set, just look in the given directory. Otherwise, look in both the split
300 and unsplit directories, as for the data file above. */
301
302 for (n = 0; n < 2; n++)
303 {
304 if (!subdir_set)
305 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
306 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
307 name);
308 f = Ufopen(big_buffer, "rb");
309 if (f != NULL) break;
310 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
311 }
312
313 errno = 0;
314
315 #ifndef COMPILE_UTILITY
316 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
317 #endif /* COMPILE_UTILITY */
318
319 /* The first line of a spool file contains the message id followed by -H (i.e.
320 the file name), in order to make the file self-identifying. */
321
322 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
323 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
324 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
325 goto SPOOL_FORMAT_ERROR;
326
327 /* The next three lines in the header file are in a fixed format. The first
328 contains the login, uid, and gid of the user who caused the file to be written.
329 There are known cases where a negative gid is used, so we allow for both
330 negative uids and gids. The second contains the mail address of the message's
331 sender, enclosed in <>. The third contains the time the message was received,
332 and the number of warning messages for delivery delays that have been sent. */
333
334 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
335
336 p = big_buffer + Ustrlen(big_buffer);
337 while (p > big_buffer && isspace(p[-1])) p--;
338 *p = 0;
339 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
340 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
341 gid = Uatoi(p);
342 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
343 *p = 0;
344 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
345 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
346 uid = Uatoi(p);
347 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
348 *p = 0;
349
350 originator_login = string_copy(big_buffer);
351 originator_uid = (uid_t)uid;
352 originator_gid = (gid_t)gid;
353
354 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
355 n = Ustrlen(big_buffer);
356 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
357 goto SPOOL_FORMAT_ERROR;
358
359 sender_address = store_get(n-2);
360 Ustrncpy(sender_address, big_buffer+1, n-3);
361 sender_address[n-3] = 0;
362
363 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
364 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
365 goto SPOOL_FORMAT_ERROR;
366
367 message_age = time(NULL) - received_time;
368
369 #ifndef COMPILE_UTILITY
370 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
371 originator_login, (long int)originator_uid, (long int)originator_gid,
372 sender_address);
373 #endif /* COMPILE_UTILITY */
374
375 /* Now there may be a number of optional lines, each starting with "-". If you
376 add a new setting here, make sure you set the default above.
377
378 Because there are now quite a number of different possibilities, we use a
379 switch on the first character to avoid too many failing tests. Thanks to Nico
380 Erfurth for the patch that implemented this. I have made it even more efficient
381 by not re-scanning the first two characters.
382
383 To allow new versions of Exim that add additional flags to interwork with older
384 versions that do not understand them, just ignore any lines starting with "-"
385 that we don't recognize. Otherwise it wouldn't be possible to back off a new
386 version that left new-style flags written on the spool. */
387
388 p = big_buffer + 2;
389 for (;;)
390 {
391 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
392 if (big_buffer[0] != '-') break;
393 big_buffer[Ustrlen(big_buffer) - 1] = 0;
394
395 switch(big_buffer[1])
396 {
397 case 'a':
398
399 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
400 variable, because Exim allows any number of them, with arbitrary names.
401 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
402 the c or m. */
403
404 if (Ustrncmp(p, "clc ", 4) == 0 ||
405 Ustrncmp(p, "clm ", 4) == 0)
406 {
407 uschar *name, *endptr;
408 int count;
409 tree_node *node;
410 endptr = Ustrchr(big_buffer + 6, ' ');
411 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
412 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
413 big_buffer + 6);
414 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
415 node = acl_var_create(name);
416 node->data.ptr = store_get(count + 1);
417 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
418 ((uschar*)node->data.ptr)[count] = 0;
419 }
420
421 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
422 allow_unqualified_recipient = TRUE;
423 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
424 allow_unqualified_sender = TRUE;
425
426 else if (Ustrncmp(p, "uth_id", 6) == 0)
427 authenticated_id = string_copy(big_buffer + 9);
428 else if (Ustrncmp(p, "uth_sender", 10) == 0)
429 authenticated_sender = string_copy(big_buffer + 13);
430 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
431 smtp_active_hostname = string_copy(big_buffer + 17);
432
433 /* For long-term backward compatibility, we recognize "-acl", which was
434 used before the number of ACL variables changed from 10 to 20. This was
435 before the subsequent change to an arbitrary number of named variables.
436 This code is retained so that upgrades from very old versions can still
437 handle old-format spool files. The value given after "-acl" is a number
438 that is 0-9 for connection variables, and 10-19 for message variables. */
439
440 else if (Ustrncmp(p, "cl ", 3) == 0)
441 {
442 int index, count;
443 uschar name[20]; /* Need plenty of space for %d format */
444 tree_node *node;
445 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
446 goto SPOOL_FORMAT_ERROR;
447 if (index < 10)
448 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
449 else if (index < 20) /* ignore out-of-range index */
450 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
451 node = acl_var_create(name);
452 node->data.ptr = store_get(count + 1);
453 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
454 ((uschar*)node->data.ptr)[count] = 0;
455 }
456 break;
457
458 case 'b':
459 if (Ustrncmp(p, "ody_linecount", 13) == 0)
460 body_linecount = Uatoi(big_buffer + 15);
461 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
462 body_zerocount = Uatoi(big_buffer + 15);
463 #ifdef EXPERIMENTAL_BRIGHTMAIL
464 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
465 bmi_verdicts = string_copy(big_buffer + 14);
466 #endif
467 break;
468
469 case 'd':
470 if (Ustrcmp(p, "eliver_firsttime") == 0)
471 deliver_firsttime = TRUE;
472 break;
473
474 case 'f':
475 if (Ustrncmp(p, "rozen", 5) == 0)
476 {
477 deliver_freeze = TRUE;
478 deliver_frozen_at = Uatoi(big_buffer + 7);
479 }
480 break;
481
482 case 'h':
483 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
484 host_lookup_deferred = TRUE;
485 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
486 host_lookup_failed = TRUE;
487 else if (Ustrncmp(p, "ost_auth", 8) == 0)
488 sender_host_authenticated = string_copy(big_buffer + 11);
489 else if (Ustrncmp(p, "ost_name", 8) == 0)
490 sender_host_name = string_copy(big_buffer + 11);
491 else if (Ustrncmp(p, "elo_name", 8) == 0)
492 sender_helo_name = string_copy(big_buffer + 11);
493
494 /* We now record the port number after the address, separated by a
495 dot. For compatibility during upgrading, do nothing if there
496 isn't a value (it gets left at zero). */
497
498 else if (Ustrncmp(p, "ost_address", 11) == 0)
499 {
500 sender_host_port = host_address_extract_port(big_buffer + 14);
501 sender_host_address = string_copy(big_buffer + 14);
502 }
503 break;
504
505 case 'i':
506 if (Ustrncmp(p, "nterface_address", 16) == 0)
507 {
508 interface_port = host_address_extract_port(big_buffer + 19);
509 interface_address = string_copy(big_buffer + 19);
510 }
511 else if (Ustrncmp(p, "dent", 4) == 0)
512 sender_ident = string_copy(big_buffer + 7);
513 break;
514
515 case 'l':
516 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
517 else if (Ustrcmp(big_buffer, "-localerror") == 0)
518 local_error_message = TRUE;
519 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
520 local_scan_data = string_copy(big_buffer + 12);
521 break;
522
523 case 'm':
524 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
525 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
526 max_received_linelength = Uatoi(big_buffer + 24);
527 break;
528
529 case 'N':
530 if (*p == 0) dont_deliver = TRUE; /* -N */
531 break;
532
533 case 'r':
534 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
535 received_protocol = string_copy(big_buffer + 19);
536 break;
537
538 case 's':
539 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
540 sender_set_untrusted = TRUE;
541 #ifdef WITH_CONTENT_SCAN
542 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
543 spam_score_int = string_copy(big_buffer + 16);
544 #endif
545 break;
546
547 #ifdef SUPPORT_TLS
548 case 't':
549 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
550 tls_in.certificate_verified = TRUE;
551 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
552 tls_in.cipher = string_copy(big_buffer + 12);
553 #ifndef COMPILE_UTILITY
554 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
555 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
556 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
557 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
558 #endif
559 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
560 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
561 else if (Ustrncmp(p, "ls_sni", 6) == 0)
562 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
563 break;
564 #endif
565
566 default: /* Present because some compilers complain if all */
567 break; /* possibilities are not covered. */
568 }
569 }
570
571 /* Build sender_fullhost if required */
572
573 #ifndef COMPILE_UTILITY
574 host_build_sender_fullhost();
575 #endif /* COMPILE_UTILITY */
576
577 #ifndef COMPILE_UTILITY
578 DEBUG(D_deliver)
579 debug_printf("sender_local=%d ident=%s\n", sender_local,
580 (sender_ident == NULL)? US"unset" : sender_ident);
581 #endif /* COMPILE_UTILITY */
582
583 /* We now have the tree of addresses NOT to deliver to, or a line
584 containing "XX", indicating no tree. */
585
586 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
587 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
588 goto SPOOL_FORMAT_ERROR;
589
590 #ifndef COMPILE_UTILITY
591 DEBUG(D_deliver)
592 {
593 debug_printf("Non-recipients:\n");
594 debug_print_tree(tree_nonrecipients);
595 }
596 #endif /* COMPILE_UTILITY */
597
598 /* After reading the tree, the next line has not yet been read into the
599 buffer. It contains the count of recipients which follow on separate lines. */
600
601 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
602 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
603
604 #ifndef COMPILE_UTILITY
605 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
606 #endif /* COMPILE_UTILITY */
607
608 recipients_list_max = rcount;
609 recipients_list = store_get(rcount * sizeof(recipient_item));
610
611 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
612 {
613 int nn;
614 int pno = -1;
615 uschar *errors_to = NULL;
616 uschar *p;
617
618 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
619 nn = Ustrlen(big_buffer);
620 if (nn < 2) goto SPOOL_FORMAT_ERROR;
621
622 /* Remove the newline; this terminates the address if there is no additional
623 data on the line. */
624
625 p = big_buffer + nn - 1;
626 *p-- = 0;
627
628 /* Look back from the end of the line for digits and special terminators.
629 Since an address must end with a domain, we can tell that extra data is
630 present by the presence of the terminator, which is always some character
631 that cannot exist in a domain. (If I'd thought of the need for additional
632 data early on, I'd have put it at the start, with the address at the end. As
633 it is, we have to operate backwards. Addresses are permitted to contain
634 spaces, you see.)
635
636 This code has to cope with various versions of this data that have evolved
637 over time. In all cases, the line might just contain an address, with no
638 additional data. Otherwise, the possibilities are as follows:
639
640 Exim 3 type: <address><space><digits>,<digits>,<digits>
641
642 The second set of digits is the parent number for one_time addresses. The
643 other values were remnants of earlier experiments that were abandoned.
644
645 Exim 4 first type: <address><space><digits>
646
647 The digits are the parent number for one_time addresses.
648
649 Exim 4 new type: <address><space><data>#<type bits>
650
651 The type bits indicate what the contents of the data are.
652
653 Bit 01 indicates that, reading from right to left, the data
654 ends with <errors_to address><space><len>,<pno> where pno is
655 the parent number for one_time addresses, and len is the length
656 of the errors_to address (zero meaning none).
657 */
658
659 while (isdigit(*p)) p--;
660
661 /* Handle Exim 3 spool files */
662
663 if (*p == ',')
664 {
665 int dummy;
666 while (isdigit(*(--p)) || *p == ',');
667 if (*p == ' ')
668 {
669 *p++ = 0;
670 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
671 }
672 }
673
674 /* Handle early Exim 4 spool files */
675
676 else if (*p == ' ')
677 {
678 *p++ = 0;
679 (void)sscanf(CS p, "%d", &pno);
680 }
681
682 /* Handle current format Exim 4 spool files */
683
684 else if (*p == '#')
685 {
686 int flags;
687 (void)sscanf(CS p+1, "%d", &flags);
688
689 if ((flags & 0x01) != 0) /* one_time data exists */
690 {
691 int len;
692 while (isdigit(*(--p)) || *p == ',' || *p == '-');
693 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
694 *p = 0;
695 if (len > 0)
696 {
697 p -= len;
698 errors_to = string_copy(p);
699 }
700 }
701
702 *(--p) = 0; /* Terminate address */
703 }
704
705 recipients_list[recipients_count].address = string_copy(big_buffer);
706 recipients_list[recipients_count].pno = pno;
707 recipients_list[recipients_count].errors_to = errors_to;
708 }
709
710 /* The remainder of the spool header file contains the headers for the message,
711 separated off from the previous data by a blank line. Each header is preceded
712 by a count of its length and either a certain letter (for various identified
713 headers), space (for a miscellaneous live header) or an asterisk (for a header
714 that has been rewritten). Count the Received: headers. We read the headers
715 always, in order to check on the format of the file, but only create a header
716 list if requested to do so. */
717
718 inheader = TRUE;
719 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
720 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
721
722 while ((n = fgetc(f)) != EOF)
723 {
724 header_line *h;
725 uschar flag[4];
726 int i;
727
728 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
729 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
730 goto SPOOL_READ_ERROR;
731 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
732
733 if (read_headers)
734 {
735 h = store_get(sizeof(header_line));
736 h->next = NULL;
737 h->type = flag[0];
738 h->slen = n;
739 h->text = store_get(n+1);
740
741 if (h->type == htype_received) received_count++;
742
743 if (header_list == NULL) header_list = h;
744 else header_last->next = h;
745 header_last = h;
746
747 for (i = 0; i < n; i++)
748 {
749 int c = fgetc(f);
750 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
751 if (c == '\n' && h->type != htype_old) message_linecount++;
752 h->text[i] = c;
753 }
754 h->text[i] = 0;
755 }
756
757 /* Not requiring header data, just skip through the bytes */
758
759 else for (i = 0; i < n; i++)
760 {
761 int c = fgetc(f);
762 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
763 }
764 }
765
766 /* We have successfully read the data in the header file. Update the message
767 line count by adding the body linecount to the header linecount. Close the file
768 and give a positive response. */
769
770 #ifndef COMPILE_UTILITY
771 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
772 body_linecount, message_linecount);
773 #endif /* COMPILE_UTILITY */
774
775 message_linecount += body_linecount;
776
777 fclose(f);
778 return spool_read_OK;
779
780
781 /* There was an error reading the spool or there was missing data,
782 or there was a format error. A "read error" with no errno means an
783 unexpected EOF, which we treat as a format error. */
784
785 SPOOL_READ_ERROR:
786 if (errno != 0)
787 {
788 n = errno;
789
790 #ifndef COMPILE_UTILITY
791 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
792 #endif /* COMPILE_UTILITY */
793
794 fclose(f);
795 errno = n;
796 return inheader? spool_read_hdrerror : spool_read_enverror;
797 }
798
799 SPOOL_FORMAT_ERROR:
800
801 #ifndef COMPILE_UTILITY
802 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
803 #endif /* COMPILE_UTILITY */
804
805 fclose(f);
806 errno = ERRNO_SPOOLFORMAT;
807 return inheader? spool_read_hdrerror : spool_read_enverror;
808 }
809
810 /* vi: aw ai sw=2
811 */
812 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.