Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | ||
9 | /* The main function: entry point, initialization, and high-level control. | |
10 | Also a few functions that don't naturally fit elsewhere. */ | |
11 | ||
12 | ||
13 | #include "exim.h" | |
14 | ||
98913c8e | 15 | #if defined(__GLIBC__) && !defined(__UCLIBC__) |
01f3091a JH |
16 | # include <gnu/libc-version.h> |
17 | #endif | |
18 | ||
f797c123 JH |
19 | #ifdef USE_GNUTLS |
20 | # include <gnutls/gnutls.h> | |
21 | # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP) | |
22 | # define DISABLE_OCSP | |
23 | # endif | |
24 | #endif | |
25 | ||
6545de78 PP |
26 | extern void init_lookup_list(void); |
27 | ||
059ec3d9 PH |
28 | |
29 | ||
30 | /************************************************* | |
31 | * Function interface to store functions * | |
32 | *************************************************/ | |
33 | ||
34 | /* We need some real functions to pass to the PCRE regular expression library | |
35 | for store allocation via Exim's store manager. The normal calls are actually | |
36 | macros that pass over location information to make tracing easier. These | |
37 | functions just interface to the standard macro calls. A good compiler will | |
38 | optimize out the tail recursion and so not make them too expensive. There | |
39 | are two sets of functions; one for use when we want to retain the compiled | |
40 | regular expression for a long time; the other for short-term use. */ | |
41 | ||
42 | static void * | |
43 | function_store_get(size_t size) | |
44 | { | |
45 | return store_get((int)size); | |
46 | } | |
47 | ||
48 | static void | |
49 | function_dummy_free(void *block) { block = block; } | |
50 | ||
51 | static void * | |
52 | function_store_malloc(size_t size) | |
53 | { | |
54 | return store_malloc((int)size); | |
55 | } | |
56 | ||
57 | static void | |
58 | function_store_free(void *block) | |
59 | { | |
60 | store_free(block); | |
61 | } | |
62 | ||
63 | ||
64 | ||
65 | ||
66 | /************************************************* | |
98a90c36 PP |
67 | * Enums for cmdline interface * |
68 | *************************************************/ | |
69 | ||
70 | enum commandline_info { CMDINFO_NONE=0, | |
36a3ae5f | 71 | CMDINFO_HELP, CMDINFO_SIEVE, CMDINFO_DSCP }; |
98a90c36 PP |
72 | |
73 | ||
74 | ||
75 | ||
76 | /************************************************* | |
059ec3d9 PH |
77 | * Compile regular expression and panic on fail * |
78 | *************************************************/ | |
79 | ||
80 | /* This function is called when failure to compile a regular expression leads | |
81 | to a panic exit. In other cases, pcre_compile() is called directly. In many | |
82 | cases where this function is used, the results of the compilation are to be | |
83 | placed in long-lived store, so we temporarily reset the store management | |
84 | functions that PCRE uses if the use_malloc flag is set. | |
85 | ||
86 | Argument: | |
87 | pattern the pattern to compile | |
88 | caseless TRUE if caseless matching is required | |
89 | use_malloc TRUE if compile into malloc store | |
90 | ||
91 | Returns: pointer to the compiled pattern | |
92 | */ | |
93 | ||
94 | const pcre * | |
476be7e2 | 95 | regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc) |
059ec3d9 PH |
96 | { |
97 | int offset; | |
98 | int options = PCRE_COPT; | |
99 | const pcre *yield; | |
100 | const uschar *error; | |
101 | if (use_malloc) | |
102 | { | |
103 | pcre_malloc = function_store_malloc; | |
104 | pcre_free = function_store_free; | |
105 | } | |
106 | if (caseless) options |= PCRE_CASELESS; | |
476be7e2 | 107 | yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL); |
059ec3d9 PH |
108 | pcre_malloc = function_store_get; |
109 | pcre_free = function_dummy_free; | |
110 | if (yield == NULL) | |
111 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: " | |
112 | "%s at offset %d while compiling %s", error, offset, pattern); | |
113 | return yield; | |
114 | } | |
115 | ||
116 | ||
117 | ||
118 | ||
119 | /************************************************* | |
120 | * Execute regular expression and set strings * | |
121 | *************************************************/ | |
122 | ||
123 | /* This function runs a regular expression match, and sets up the pointers to | |
124 | the matched substrings. | |
125 | ||
126 | Arguments: | |
127 | re the compiled expression | |
128 | subject the subject string | |
129 | options additional PCRE options | |
130 | setup if < 0 do full setup | |
131 | if >= 0 setup from setup+1 onwards, | |
132 | excluding the full matched string | |
133 | ||
134 | Returns: TRUE or FALSE | |
135 | */ | |
136 | ||
137 | BOOL | |
1dc92d5a | 138 | regex_match_and_setup(const pcre *re, const uschar *subject, int options, int setup) |
059ec3d9 PH |
139 | { |
140 | int ovector[3*(EXPAND_MAXN+1)]; | |
1dc92d5a JH |
141 | uschar * s = string_copy(subject); /* de-constifying */ |
142 | int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0, | |
059ec3d9 PH |
143 | PCRE_EOPT | options, ovector, sizeof(ovector)/sizeof(int)); |
144 | BOOL yield = n >= 0; | |
145 | if (n == 0) n = EXPAND_MAXN + 1; | |
146 | if (yield) | |
147 | { | |
148 | int nn; | |
149 | expand_nmax = (setup < 0)? 0 : setup + 1; | |
150 | for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2) | |
151 | { | |
1dc92d5a | 152 | expand_nstring[expand_nmax] = s + ovector[nn]; |
059ec3d9 PH |
153 | expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; |
154 | } | |
155 | expand_nmax--; | |
156 | } | |
157 | return yield; | |
158 | } | |
159 | ||
160 | ||
161 | ||
162 | ||
163 | /************************************************* | |
921b12ca TF |
164 | * Set up processing details * |
165 | *************************************************/ | |
166 | ||
167 | /* Save a text string for dumping when SIGUSR1 is received. | |
168 | Do checks for overruns. | |
169 | ||
170 | Arguments: format and arguments, as for printf() | |
171 | Returns: nothing | |
172 | */ | |
173 | ||
174 | void | |
175 | set_process_info(const char *format, ...) | |
176 | { | |
92b0827a | 177 | int len = sprintf(CS process_info, "%5d ", (int)getpid()); |
921b12ca | 178 | va_list ap; |
921b12ca TF |
179 | va_start(ap, format); |
180 | if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap)) | |
181 | Ustrcpy(process_info + len, "**** string overflowed buffer ****"); | |
182 | len = Ustrlen(process_info); | |
183 | process_info[len+0] = '\n'; | |
184 | process_info[len+1] = '\0'; | |
185 | process_info_len = len + 1; | |
186 | DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info); | |
187 | va_end(ap); | |
188 | } | |
189 | ||
190 | ||
191 | ||
192 | ||
193 | /************************************************* | |
059ec3d9 PH |
194 | * Handler for SIGUSR1 * |
195 | *************************************************/ | |
196 | ||
197 | /* SIGUSR1 causes any exim process to write to the process log details of | |
198 | what it is currently doing. It will only be used if the OS is capable of | |
199 | setting up a handler that causes automatic restarting of any system call | |
200 | that is in progress at the time. | |
201 | ||
921b12ca TF |
202 | This function takes care to be signal-safe. |
203 | ||
059ec3d9 PH |
204 | Argument: the signal number (SIGUSR1) |
205 | Returns: nothing | |
206 | */ | |
207 | ||
208 | static void | |
209 | usr1_handler(int sig) | |
210 | { | |
921b12ca TF |
211 | int fd; |
212 | ||
213 | os_restarting_signal(sig, usr1_handler); | |
214 | ||
cab0c277 | 215 | if ((fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE)) < 0) |
921b12ca TF |
216 | { |
217 | /* If we are already running as the Exim user, try to create it in the | |
218 | current process (assuming spool_directory exists). Otherwise, if we are | |
219 | root, do the creation in an exim:exim subprocess. */ | |
220 | ||
221 | int euid = geteuid(); | |
222 | if (euid == exim_uid) | |
223 | fd = Uopen(process_log_path, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); | |
224 | else if (euid == root_uid) | |
225 | fd = log_create_as_exim(process_log_path); | |
226 | } | |
227 | ||
228 | /* If we are neither exim nor root, or if we failed to create the log file, | |
229 | give up. There is not much useful we can do with errors, since we don't want | |
230 | to disrupt whatever is going on outside the signal handler. */ | |
231 | ||
232 | if (fd < 0) return; | |
233 | ||
2f21487f | 234 | (void)write(fd, process_info, process_info_len); |
921b12ca | 235 | (void)close(fd); |
059ec3d9 PH |
236 | } |
237 | ||
238 | ||
239 | ||
240 | /************************************************* | |
241 | * Timeout handler * | |
242 | *************************************************/ | |
243 | ||
244 | /* This handler is enabled most of the time that Exim is running. The handler | |
245 | doesn't actually get used unless alarm() has been called to set a timer, to | |
246 | place a time limit on a system call of some kind. When the handler is run, it | |
247 | re-enables itself. | |
248 | ||
249 | There are some other SIGALRM handlers that are used in special cases when more | |
250 | than just a flag setting is required; for example, when reading a message's | |
251 | input. These are normally set up in the code module that uses them, and the | |
252 | SIGALRM handler is reset to this one afterwards. | |
253 | ||
254 | Argument: the signal value (SIGALRM) | |
255 | Returns: nothing | |
256 | */ | |
257 | ||
258 | void | |
259 | sigalrm_handler(int sig) | |
260 | { | |
261 | sig = sig; /* Keep picky compilers happy */ | |
262 | sigalrm_seen = TRUE; | |
263 | os_non_restarting_signal(SIGALRM, sigalrm_handler); | |
264 | } | |
265 | ||
266 | ||
267 | ||
268 | /************************************************* | |
269 | * Sleep for a fractional time interval * | |
270 | *************************************************/ | |
271 | ||
272 | /* This function is called by millisleep() and exim_wait_tick() to wait for a | |
273 | period of time that may include a fraction of a second. The coding is somewhat | |
eb2c0248 PH |
274 | tedious. We do not expect setitimer() ever to fail, but if it does, the process |
275 | will wait for ever, so we panic in this instance. (There was a case of this | |
276 | when a bug in a function that calls milliwait() caused it to pass invalid data. | |
7086e875 | 277 | That's when I added the check. :-) |
059ec3d9 | 278 | |
0f8ba377 JH |
279 | We assume it to be not worth sleeping for under 100us; this value will |
280 | require revisiting as hardware advances. This avoids the issue of | |
281 | a zero-valued timer setting meaning "never fire". | |
282 | ||
059ec3d9 PH |
283 | Argument: an itimerval structure containing the interval |
284 | Returns: nothing | |
285 | */ | |
286 | ||
287 | static void | |
288 | milliwait(struct itimerval *itval) | |
289 | { | |
290 | sigset_t sigmask; | |
291 | sigset_t old_sigmask; | |
0f8ba377 JH |
292 | |
293 | if (itval->it_value.tv_usec < 100 && itval->it_value.tv_sec == 0) | |
294 | return; | |
059ec3d9 PH |
295 | (void)sigemptyset(&sigmask); /* Empty mask */ |
296 | (void)sigaddset(&sigmask, SIGALRM); /* Add SIGALRM */ | |
297 | (void)sigprocmask(SIG_BLOCK, &sigmask, &old_sigmask); /* Block SIGALRM */ | |
7086e875 | 298 | if (setitimer(ITIMER_REAL, itval, NULL) < 0) /* Start timer */ |
eb2c0248 PH |
299 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
300 | "setitimer() failed: %s", strerror(errno)); | |
059ec3d9 PH |
301 | (void)sigfillset(&sigmask); /* All signals */ |
302 | (void)sigdelset(&sigmask, SIGALRM); /* Remove SIGALRM */ | |
303 | (void)sigsuspend(&sigmask); /* Until SIGALRM */ | |
304 | (void)sigprocmask(SIG_SETMASK, &old_sigmask, NULL); /* Restore mask */ | |
305 | } | |
306 | ||
307 | ||
308 | ||
309 | ||
310 | /************************************************* | |
311 | * Millisecond sleep function * | |
312 | *************************************************/ | |
313 | ||
314 | /* The basic sleep() function has a granularity of 1 second, which is too rough | |
315 | in some cases - for example, when using an increasing delay to slow down | |
316 | spammers. | |
317 | ||
318 | Argument: number of millseconds | |
319 | Returns: nothing | |
320 | */ | |
321 | ||
322 | void | |
323 | millisleep(int msec) | |
324 | { | |
325 | struct itimerval itval; | |
326 | itval.it_interval.tv_sec = 0; | |
327 | itval.it_interval.tv_usec = 0; | |
328 | itval.it_value.tv_sec = msec/1000; | |
329 | itval.it_value.tv_usec = (msec % 1000) * 1000; | |
330 | milliwait(&itval); | |
331 | } | |
332 | ||
333 | ||
334 | ||
335 | /************************************************* | |
336 | * Compare microsecond times * | |
337 | *************************************************/ | |
338 | ||
339 | /* | |
340 | Arguments: | |
341 | tv1 the first time | |
342 | tv2 the second time | |
343 | ||
344 | Returns: -1, 0, or +1 | |
345 | */ | |
346 | ||
32dfdf8b | 347 | static int |
059ec3d9 PH |
348 | exim_tvcmp(struct timeval *t1, struct timeval *t2) |
349 | { | |
350 | if (t1->tv_sec > t2->tv_sec) return +1; | |
351 | if (t1->tv_sec < t2->tv_sec) return -1; | |
352 | if (t1->tv_usec > t2->tv_usec) return +1; | |
353 | if (t1->tv_usec < t2->tv_usec) return -1; | |
354 | return 0; | |
355 | } | |
356 | ||
357 | ||
358 | ||
359 | ||
360 | /************************************************* | |
361 | * Clock tick wait function * | |
362 | *************************************************/ | |
363 | ||
364 | /* Exim uses a time + a pid to generate a unique identifier in two places: its | |
365 | message IDs, and in file names for maildir deliveries. Because some OS now | |
366 | re-use pids within the same second, sub-second times are now being used. | |
4c04137d | 367 | However, for absolute certainty, we must ensure the clock has ticked before |
059ec3d9 PH |
368 | allowing the relevant process to complete. At the time of implementation of |
369 | this code (February 2003), the speed of processors is such that the clock will | |
370 | invariably have ticked already by the time a process has done its job. This | |
371 | function prepares for the time when things are faster - and it also copes with | |
372 | clocks that go backwards. | |
373 | ||
374 | Arguments: | |
375 | then_tv A timeval which was used to create uniqueness; its usec field | |
376 | has been rounded down to the value of the resolution. | |
377 | We want to be sure the current time is greater than this. | |
378 | resolution The resolution that was used to divide the microseconds | |
379 | (1 for maildir, larger for message ids) | |
380 | ||
381 | Returns: nothing | |
382 | */ | |
383 | ||
384 | void | |
385 | exim_wait_tick(struct timeval *then_tv, int resolution) | |
386 | { | |
387 | struct timeval now_tv; | |
388 | long int now_true_usec; | |
389 | ||
390 | (void)gettimeofday(&now_tv, NULL); | |
391 | now_true_usec = now_tv.tv_usec; | |
392 | now_tv.tv_usec = (now_true_usec/resolution) * resolution; | |
393 | ||
394 | if (exim_tvcmp(&now_tv, then_tv) <= 0) | |
395 | { | |
396 | struct itimerval itval; | |
397 | itval.it_interval.tv_sec = 0; | |
398 | itval.it_interval.tv_usec = 0; | |
399 | itval.it_value.tv_sec = then_tv->tv_sec - now_tv.tv_sec; | |
400 | itval.it_value.tv_usec = then_tv->tv_usec + resolution - now_true_usec; | |
401 | ||
402 | /* We know that, overall, "now" is less than or equal to "then". Therefore, a | |
403 | negative value for the microseconds is possible only in the case when "now" | |
404 | is more than a second less than "then". That means that itval.it_value.tv_sec | |
405 | is greater than zero. The following correction is therefore safe. */ | |
406 | ||
407 | if (itval.it_value.tv_usec < 0) | |
408 | { | |
409 | itval.it_value.tv_usec += 1000000; | |
410 | itval.it_value.tv_sec -= 1; | |
411 | } | |
412 | ||
413 | DEBUG(D_transport|D_receive) | |
414 | { | |
415 | if (!running_in_test_harness) | |
416 | { | |
d0291a0a | 417 | debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n", |
7437665e JH |
418 | then_tv->tv_sec, (long) then_tv->tv_usec, |
419 | now_tv.tv_sec, (long) now_tv.tv_usec); | |
d0291a0a JH |
420 | debug_printf("waiting " TIME_T_FMT ".%06lu\n", |
421 | itval.it_value.tv_sec, (long) itval.it_value.tv_usec); | |
059ec3d9 PH |
422 | } |
423 | } | |
424 | ||
425 | milliwait(&itval); | |
426 | } | |
427 | } | |
428 | ||
429 | ||
430 | ||
431 | ||
432 | /************************************************* | |
2632889e PH |
433 | * Call fopen() with umask 777 and adjust mode * |
434 | *************************************************/ | |
435 | ||
436 | /* Exim runs with umask(0) so that files created with open() have the mode that | |
437 | is specified in the open() call. However, there are some files, typically in | |
438 | the spool directory, that are created with fopen(). They end up world-writeable | |
439 | if no precautions are taken. Although the spool directory is not accessible to | |
440 | the world, this is an untidiness. So this is a wrapper function for fopen() | |
441 | that sorts out the mode of the created file. | |
442 | ||
443 | Arguments: | |
444 | filename the file name | |
445 | options the fopen() options | |
446 | mode the required mode | |
447 | ||
448 | Returns: the fopened FILE or NULL | |
449 | */ | |
450 | ||
451 | FILE * | |
1ba28e2b | 452 | modefopen(const uschar *filename, const char *options, mode_t mode) |
2632889e | 453 | { |
67d175de PH |
454 | mode_t saved_umask = umask(0777); |
455 | FILE *f = Ufopen(filename, options); | |
456 | (void)umask(saved_umask); | |
2632889e PH |
457 | if (f != NULL) (void)fchmod(fileno(f), mode); |
458 | return f; | |
459 | } | |
460 | ||
461 | ||
462 | ||
463 | ||
464 | /************************************************* | |
059ec3d9 PH |
465 | * Ensure stdin, stdout, and stderr exist * |
466 | *************************************************/ | |
467 | ||
468 | /* Some operating systems grumble if an exec() happens without a standard | |
469 | input, output, and error (fds 0, 1, 2) being defined. The worry is that some | |
470 | file will be opened and will use these fd values, and then some other bit of | |
471 | code will assume, for example, that it can write error messages to stderr. | |
472 | This function ensures that fds 0, 1, and 2 are open if they do not already | |
473 | exist, by connecting them to /dev/null. | |
474 | ||
475 | This function is also used to ensure that std{in,out,err} exist at all times, | |
476 | so that if any library that Exim calls tries to use them, it doesn't crash. | |
477 | ||
478 | Arguments: None | |
479 | Returns: Nothing | |
480 | */ | |
481 | ||
482 | void | |
483 | exim_nullstd(void) | |
484 | { | |
485 | int i; | |
486 | int devnull = -1; | |
487 | struct stat statbuf; | |
488 | for (i = 0; i <= 2; i++) | |
489 | { | |
490 | if (fstat(i, &statbuf) < 0 && errno == EBADF) | |
491 | { | |
492 | if (devnull < 0) devnull = open("/dev/null", O_RDWR); | |
493 | if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", | |
494 | string_open_failed(errno, "/dev/null")); | |
1fe64dcc | 495 | if (devnull != i) (void)dup2(devnull, i); |
059ec3d9 PH |
496 | } |
497 | } | |
1fe64dcc | 498 | if (devnull > 2) (void)close(devnull); |
059ec3d9 PH |
499 | } |
500 | ||
501 | ||
502 | ||
503 | ||
504 | /************************************************* | |
505 | * Close unwanted file descriptors for delivery * | |
506 | *************************************************/ | |
507 | ||
508 | /* This function is called from a new process that has been forked to deliver | |
509 | an incoming message, either directly, or using exec. | |
510 | ||
511 | We want any smtp input streams to be closed in this new process. However, it | |
512 | has been observed that using fclose() here causes trouble. When reading in -bS | |
513 | input, duplicate copies of messages have been seen. The files will be sharing a | |
514 | file pointer with the parent process, and it seems that fclose() (at least on | |
515 | some systems - I saw this on Solaris 2.5.1) messes with that file pointer, at | |
516 | least sometimes. Hence we go for closing the underlying file descriptors. | |
517 | ||
518 | If TLS is active, we want to shut down the TLS library, but without molesting | |
519 | the parent's SSL connection. | |
520 | ||
521 | For delivery of a non-SMTP message, we want to close stdin and stdout (and | |
522 | stderr unless debugging) because the calling process might have set them up as | |
523 | pipes and be waiting for them to close before it waits for the submission | |
524 | process to terminate. If they aren't closed, they hold up the calling process | |
525 | until the initial delivery process finishes, which is not what we want. | |
526 | ||
527 | Exception: We do want it for synchronous delivery! | |
528 | ||
529 | And notwithstanding all the above, if D_resolver is set, implying resolver | |
530 | debugging, leave stdout open, because that's where the resolver writes its | |
531 | debugging output. | |
532 | ||
533 | When we close stderr (which implies we've also closed stdout), we also get rid | |
534 | of any controlling terminal. | |
535 | ||
536 | Arguments: None | |
537 | Returns: Nothing | |
538 | */ | |
539 | ||
540 | static void | |
541 | close_unwanted(void) | |
542 | { | |
543 | if (smtp_input) | |
544 | { | |
545 | #ifdef SUPPORT_TLS | |
a400eccf | 546 | tls_close(TRUE, FALSE); /* Shut down the TLS library */ |
059ec3d9 | 547 | #endif |
1fe64dcc PH |
548 | (void)close(fileno(smtp_in)); |
549 | (void)close(fileno(smtp_out)); | |
059ec3d9 PH |
550 | smtp_in = NULL; |
551 | } | |
552 | else | |
553 | { | |
1fe64dcc PH |
554 | (void)close(0); /* stdin */ |
555 | if ((debug_selector & D_resolver) == 0) (void)close(1); /* stdout */ | |
556 | if (debug_selector == 0) /* stderr */ | |
059ec3d9 PH |
557 | { |
558 | if (!synchronous_delivery) | |
559 | { | |
1fe64dcc | 560 | (void)close(2); |
059ec3d9 PH |
561 | log_stderr = NULL; |
562 | } | |
563 | (void)setsid(); | |
564 | } | |
565 | } | |
566 | } | |
567 | ||
568 | ||
569 | ||
570 | ||
571 | /************************************************* | |
572 | * Set uid and gid * | |
573 | *************************************************/ | |
574 | ||
575 | /* This function sets a new uid and gid permanently, optionally calling | |
576 | initgroups() to set auxiliary groups. There are some special cases when running | |
577 | Exim in unprivileged modes. In these situations the effective uid will not be | |
578 | root; if we already have the right effective uid/gid, and don't need to | |
579 | initialize any groups, leave things as they are. | |
580 | ||
581 | Arguments: | |
582 | uid the uid | |
583 | gid the gid | |
584 | igflag TRUE if initgroups() wanted | |
585 | msg text to use in debugging output and failure log | |
586 | ||
587 | Returns: nothing; bombs out on failure | |
588 | */ | |
589 | ||
590 | void | |
591 | exim_setugid(uid_t uid, gid_t gid, BOOL igflag, uschar *msg) | |
592 | { | |
593 | uid_t euid = geteuid(); | |
594 | gid_t egid = getegid(); | |
595 | ||
596 | if (euid == root_uid || euid != uid || egid != gid || igflag) | |
597 | { | |
598 | /* At least one OS returns +1 for initgroups failure, so just check for | |
599 | non-zero. */ | |
600 | ||
601 | if (igflag) | |
602 | { | |
603 | struct passwd *pw = getpwuid(uid); | |
604 | if (pw != NULL) | |
605 | { | |
606 | if (initgroups(pw->pw_name, gid) != 0) | |
607 | log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s", | |
608 | (long int)uid, strerror(errno)); | |
609 | } | |
610 | else log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): " | |
611 | "no passwd entry for uid=%ld", (long int)uid); | |
612 | } | |
613 | ||
614 | if (setgid(gid) < 0 || setuid(uid) < 0) | |
615 | { | |
616 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to set gid=%ld or uid=%ld " | |
617 | "(euid=%ld): %s", (long int)gid, (long int)uid, (long int)euid, msg); | |
618 | } | |
619 | } | |
620 | ||
621 | /* Debugging output included uid/gid and all groups */ | |
622 | ||
623 | DEBUG(D_uid) | |
624 | { | |
cd59ab18 | 625 | int group_count, save_errno; |
059ec3d9 PH |
626 | gid_t group_list[NGROUPS_MAX]; |
627 | debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg, | |
628 | (long int)geteuid(), (long int)getegid(), (long int)getpid()); | |
629 | group_count = getgroups(NGROUPS_MAX, group_list); | |
cd59ab18 | 630 | save_errno = errno; |
059ec3d9 PH |
631 | debug_printf(" auxiliary group list:"); |
632 | if (group_count > 0) | |
633 | { | |
634 | int i; | |
635 | for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]); | |
636 | } | |
cd59ab18 PP |
637 | else if (group_count < 0) |
638 | debug_printf(" <error: %s>", strerror(save_errno)); | |
059ec3d9 PH |
639 | else debug_printf(" <none>"); |
640 | debug_printf("\n"); | |
641 | } | |
642 | } | |
643 | ||
644 | ||
645 | ||
646 | ||
647 | /************************************************* | |
648 | * Exit point * | |
649 | *************************************************/ | |
650 | ||
651 | /* Exim exits via this function so that it always clears up any open | |
652 | databases. | |
653 | ||
654 | Arguments: | |
655 | rc return code | |
656 | ||
657 | Returns: does not return | |
658 | */ | |
659 | ||
660 | void | |
9bfb7e1b | 661 | exim_exit(int rc, const uschar * process) |
059ec3d9 PH |
662 | { |
663 | search_tidyup(); | |
664 | DEBUG(D_any) | |
9bfb7e1b JH |
665 | debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d %s%s%sterminating with rc=%d " |
666 | ">>>>>>>>>>>>>>>>\n", (int)getpid(), | |
667 | process ? "(" : "", process, process ? ") " : "", rc); | |
059ec3d9 PH |
668 | exit(rc); |
669 | } | |
670 | ||
671 | ||
672 | ||
673 | ||
674 | /************************************************* | |
675 | * Extract port from host address * | |
676 | *************************************************/ | |
677 | ||
678 | /* Called to extract the port from the values given to -oMa and -oMi. | |
b90c388a PH |
679 | It also checks the syntax of the address, and terminates it before the |
680 | port data when a port is extracted. | |
059ec3d9 PH |
681 | |
682 | Argument: | |
683 | address the address, with possible port on the end | |
684 | ||
685 | Returns: the port, or zero if there isn't one | |
686 | bombs out on a syntax error | |
687 | */ | |
688 | ||
689 | static int | |
690 | check_port(uschar *address) | |
691 | { | |
7cd1141b | 692 | int port = host_address_extract_port(address); |
8e669ac1 | 693 | if (string_is_ip_address(address, NULL) == 0) |
059ec3d9 PH |
694 | { |
695 | fprintf(stderr, "exim abandoned: \"%s\" is not an IP address\n", address); | |
696 | exit(EXIT_FAILURE); | |
697 | } | |
698 | return port; | |
699 | } | |
700 | ||
701 | ||
702 | ||
703 | /************************************************* | |
704 | * Test/verify an address * | |
705 | *************************************************/ | |
706 | ||
707 | /* This function is called by the -bv and -bt code. It extracts a working | |
708 | address from a full RFC 822 address. This isn't really necessary per se, but it | |
709 | has the effect of collapsing source routes. | |
710 | ||
711 | Arguments: | |
712 | s the address string | |
713 | flags flag bits for verify_address() | |
714 | exit_value to be set for failures | |
715 | ||
a5a28604 | 716 | Returns: nothing |
059ec3d9 PH |
717 | */ |
718 | ||
719 | static void | |
720 | test_address(uschar *s, int flags, int *exit_value) | |
721 | { | |
722 | int start, end, domain; | |
723 | uschar *parse_error = NULL; | |
724 | uschar *address = parse_extract_address(s, &parse_error, &start, &end, &domain, | |
725 | FALSE); | |
726 | if (address == NULL) | |
727 | { | |
728 | fprintf(stdout, "syntax error: %s\n", parse_error); | |
729 | *exit_value = 2; | |
730 | } | |
731 | else | |
732 | { | |
733 | int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1, | |
4deaf07d | 734 | -1, -1, NULL, NULL, NULL); |
059ec3d9 PH |
735 | if (rc == FAIL) *exit_value = 2; |
736 | else if (rc == DEFER && *exit_value == 0) *exit_value = 1; | |
737 | } | |
738 | } | |
739 | ||
740 | ||
741 | ||
742 | /************************************************* | |
059ec3d9 PH |
743 | * Show supported features * |
744 | *************************************************/ | |
745 | ||
059ec3d9 | 746 | static void |
96508de1 | 747 | show_db_version(FILE * f) |
059ec3d9 PH |
748 | { |
749 | #ifdef DB_VERSION_STRING | |
96508de1 JH |
750 | DEBUG(D_any) |
751 | { | |
752 | fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING); | |
753 | fprintf(f, " Runtime: %s\n", | |
754 | db_version(NULL, NULL, NULL)); | |
755 | } | |
756 | else | |
757 | fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING); | |
758 | ||
059ec3d9 PH |
759 | #elif defined(BTREEVERSION) && defined(HASHVERSION) |
760 | #ifdef USE_DB | |
761 | fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n"); | |
762 | #else | |
763 | fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n"); | |
764 | #endif | |
96508de1 | 765 | |
059ec3d9 PH |
766 | #elif defined(_DBM_RDONLY) || defined(dbm_dirfno) |
767 | fprintf(f, "Probably ndbm\n"); | |
768 | #elif defined(USE_TDB) | |
769 | fprintf(f, "Using tdb\n"); | |
770 | #else | |
771 | #ifdef USE_GDBM | |
772 | fprintf(f, "Probably GDBM (native mode)\n"); | |
773 | #else | |
774 | fprintf(f, "Probably GDBM (compatibility mode)\n"); | |
775 | #endif | |
776 | #endif | |
96508de1 JH |
777 | } |
778 | ||
779 | ||
780 | /* This function is called for -bV/--version and for -d to output the optional | |
781 | features of the current Exim binary. | |
782 | ||
783 | Arguments: a FILE for printing | |
784 | Returns: nothing | |
785 | */ | |
786 | ||
787 | static void | |
788 | show_whats_supported(FILE * f) | |
789 | { | |
790 | auth_info * authi; | |
791 | ||
792 | DEBUG(D_any) {} else show_db_version(f); | |
059ec3d9 PH |
793 | |
794 | fprintf(f, "Support for:"); | |
9cec981f PH |
795 | #ifdef SUPPORT_CRYPTEQ |
796 | fprintf(f, " crypteq"); | |
797 | #endif | |
059ec3d9 PH |
798 | #if HAVE_ICONV |
799 | fprintf(f, " iconv()"); | |
800 | #endif | |
801 | #if HAVE_IPV6 | |
802 | fprintf(f, " IPv6"); | |
803 | #endif | |
79378e0f PH |
804 | #ifdef HAVE_SETCLASSRESOURCES |
805 | fprintf(f, " use_setclassresources"); | |
929ba01c | 806 | #endif |
059ec3d9 PH |
807 | #ifdef SUPPORT_PAM |
808 | fprintf(f, " PAM"); | |
809 | #endif | |
810 | #ifdef EXIM_PERL | |
811 | fprintf(f, " Perl"); | |
812 | #endif | |
1a46a8c5 PH |
813 | #ifdef EXPAND_DLFUNC |
814 | fprintf(f, " Expand_dlfunc"); | |
815 | #endif | |
059ec3d9 PH |
816 | #ifdef USE_TCP_WRAPPERS |
817 | fprintf(f, " TCPwrappers"); | |
818 | #endif | |
819 | #ifdef SUPPORT_TLS | |
c11d665d | 820 | # ifdef USE_GNUTLS |
059ec3d9 | 821 | fprintf(f, " GnuTLS"); |
c11d665d | 822 | # else |
059ec3d9 | 823 | fprintf(f, " OpenSSL"); |
c11d665d | 824 | # endif |
059ec3d9 | 825 | #endif |
b2f5a032 PH |
826 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS |
827 | fprintf(f, " translate_ip_address"); | |
828 | #endif | |
f174f16e PH |
829 | #ifdef SUPPORT_MOVE_FROZEN_MESSAGES |
830 | fprintf(f, " move_frozen_messages"); | |
831 | #endif | |
8523533c TK |
832 | #ifdef WITH_CONTENT_SCAN |
833 | fprintf(f, " Content_Scanning"); | |
834 | #endif | |
c0635b6d JH |
835 | #ifdef SUPPORT_DANE |
836 | fprintf(f, " DANE"); | |
837 | #endif | |
74f150bf JH |
838 | #ifndef DISABLE_DKIM |
839 | fprintf(f, " DKIM"); | |
840 | #endif | |
ef1bbb27 HSHR |
841 | #ifndef DISABLE_DNSSEC |
842 | fprintf(f, " DNSSEC"); | |
843 | #endif | |
0cbf2b82 JH |
844 | #ifndef DISABLE_EVENT |
845 | fprintf(f, " Event"); | |
846 | #endif | |
8c5d388a JH |
847 | #ifdef SUPPORT_I18N |
848 | fprintf(f, " I18N"); | |
849 | #endif | |
74f150bf JH |
850 | #ifndef DISABLE_OCSP |
851 | fprintf(f, " OCSP"); | |
852 | #endif | |
4d832da1 TL |
853 | #ifndef DISABLE_PRDR |
854 | fprintf(f, " PRDR"); | |
855 | #endif | |
cee5f132 JH |
856 | #ifdef SUPPORT_PROXY |
857 | fprintf(f, " PROXY"); | |
858 | #endif | |
f0989ec0 | 859 | #ifdef SUPPORT_SOCKS |
74f150bf | 860 | fprintf(f, " SOCKS"); |
f2de3a33 | 861 | #endif |
7952eef9 JH |
862 | #ifdef SUPPORT_SPF |
863 | fprintf(f, " SPF"); | |
864 | #endif | |
1a2dfad5 | 865 | #ifdef TCP_FASTOPEN |
10ac8d7f JH |
866 | deliver_init(); |
867 | if (tcp_fastopen_ok) fprintf(f, " TCP_Fast_Open"); | |
1a2dfad5 | 868 | #endif |
5bde3efa ACK |
869 | #ifdef EXPERIMENTAL_LMDB |
870 | fprintf(f, " Experimental_LMDB"); | |
871 | #endif | |
3369a853 ACK |
872 | #ifdef EXPERIMENTAL_QUEUEFILE |
873 | fprintf(f, " Experimental_QUEUEFILE"); | |
874 | #endif | |
8523533c TK |
875 | #ifdef EXPERIMENTAL_SRS |
876 | fprintf(f, " Experimental_SRS"); | |
877 | #endif | |
878 | #ifdef EXPERIMENTAL_BRIGHTMAIL | |
879 | fprintf(f, " Experimental_Brightmail"); | |
880 | #endif | |
6a8f9482 TK |
881 | #ifdef EXPERIMENTAL_DCC |
882 | fprintf(f, " Experimental_DCC"); | |
883 | #endif | |
4840604e TL |
884 | #ifdef EXPERIMENTAL_DMARC |
885 | fprintf(f, " Experimental_DMARC"); | |
886 | #endif | |
895fbaf2 JH |
887 | #ifdef EXPERIMENTAL_DSN_INFO |
888 | fprintf(f, " Experimental_DSN_info"); | |
889 | #endif | |
059ec3d9 PH |
890 | fprintf(f, "\n"); |
891 | ||
e6d225ae DW |
892 | fprintf(f, "Lookups (built-in):"); |
893 | #if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2 | |
059ec3d9 PH |
894 | fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch"); |
895 | #endif | |
e6d225ae | 896 | #if defined(LOOKUP_CDB) && LOOKUP_CDB!=2 |
059ec3d9 PH |
897 | fprintf(f, " cdb"); |
898 | #endif | |
e6d225ae | 899 | #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 |
4a6a987a | 900 | fprintf(f, " dbm dbmjz dbmnz"); |
059ec3d9 | 901 | #endif |
e6d225ae | 902 | #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 |
059ec3d9 PH |
903 | fprintf(f, " dnsdb"); |
904 | #endif | |
e6d225ae | 905 | #if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2 |
059ec3d9 PH |
906 | fprintf(f, " dsearch"); |
907 | #endif | |
e6d225ae | 908 | #if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2 |
059ec3d9 PH |
909 | fprintf(f, " ibase"); |
910 | #endif | |
e6d225ae | 911 | #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2 |
059ec3d9 PH |
912 | fprintf(f, " ldap ldapdn ldapm"); |
913 | #endif | |
5bde3efa ACK |
914 | #ifdef EXPERIMENTAL_LMDB |
915 | fprintf(f, " lmdb"); | |
916 | #endif | |
e6d225ae | 917 | #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 |
059ec3d9 PH |
918 | fprintf(f, " mysql"); |
919 | #endif | |
e6d225ae | 920 | #if defined(LOOKUP_NIS) && LOOKUP_NIS!=2 |
059ec3d9 PH |
921 | fprintf(f, " nis nis0"); |
922 | #endif | |
e6d225ae | 923 | #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2 |
059ec3d9 PH |
924 | fprintf(f, " nisplus"); |
925 | #endif | |
e6d225ae | 926 | #if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2 |
059ec3d9 PH |
927 | fprintf(f, " oracle"); |
928 | #endif | |
e6d225ae | 929 | #if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2 |
059ec3d9 PH |
930 | fprintf(f, " passwd"); |
931 | #endif | |
e6d225ae | 932 | #if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2 |
059ec3d9 PH |
933 | fprintf(f, " pgsql"); |
934 | #endif | |
de78e2d5 JH |
935 | #if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2 |
936 | fprintf(f, " redis"); | |
937 | #endif | |
e6d225ae | 938 | #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 |
13b685f9 PH |
939 | fprintf(f, " sqlite"); |
940 | #endif | |
e6d225ae | 941 | #if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2 |
059ec3d9 PH |
942 | fprintf(f, " testdb"); |
943 | #endif | |
e6d225ae | 944 | #if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2 |
059ec3d9 PH |
945 | fprintf(f, " whoson"); |
946 | #endif | |
947 | fprintf(f, "\n"); | |
948 | ||
adf73d37 JH |
949 | auth_show_supported(f); |
950 | route_show_supported(f); | |
951 | transport_show_supported(f); | |
059ec3d9 | 952 | |
c11d665d JH |
953 | #ifdef WITH_CONTENT_SCAN |
954 | malware_show_supported(f); | |
955 | #endif | |
956 | ||
059ec3d9 PH |
957 | if (fixed_never_users[0] > 0) |
958 | { | |
959 | int i; | |
960 | fprintf(f, "Fixed never_users: "); | |
961 | for (i = 1; i <= (int)fixed_never_users[0] - 1; i++) | |
962 | fprintf(f, "%d:", (unsigned int)fixed_never_users[i]); | |
963 | fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); | |
964 | } | |
21c28500 | 965 | |
19bfe9e7 HSHR |
966 | fprintf(f, "Configure owner: %d:%d\n", config_uid, config_gid); |
967 | ||
73a46702 | 968 | fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); |
36f12725 | 969 | |
6545de78 PP |
970 | /* Everything else is details which are only worth reporting when debugging. |
971 | Perhaps the tls_version_report should move into this too. */ | |
972 | DEBUG(D_any) do { | |
973 | ||
974 | int i; | |
975 | ||
b3c261f7 PP |
976 | /* clang defines __GNUC__ (at least, for me) so test for it first */ |
977 | #if defined(__clang__) | |
978 | fprintf(f, "Compiler: CLang [%s]\n", __clang_version__); | |
979 | #elif defined(__GNUC__) | |
980 | fprintf(f, "Compiler: GCC [%s]\n", | |
981 | # ifdef __VERSION__ | |
982 | __VERSION__ | |
983 | # else | |
984 | "? unknown version ?" | |
985 | # endif | |
986 | ); | |
987 | #else | |
988 | fprintf(f, "Compiler: <unknown>\n"); | |
989 | #endif | |
990 | ||
98913c8e | 991 | #if defined(__GLIBC__) && !defined(__UCLIBC__) |
01f3091a JH |
992 | fprintf(f, "Library version: Glibc: Compile: %d.%d\n", |
993 | __GLIBC__, __GLIBC_MINOR__); | |
994 | if (__GLIBC_PREREQ(2, 1)) | |
995 | fprintf(f, " Runtime: %s\n", | |
996 | gnu_get_libc_version()); | |
997 | #endif | |
998 | ||
96508de1 JH |
999 | show_db_version(f); |
1000 | ||
754a0503 PP |
1001 | #ifdef SUPPORT_TLS |
1002 | tls_version_report(f); | |
1003 | #endif | |
8c5d388a | 1004 | #ifdef SUPPORT_I18N |
b04be5e7 JH |
1005 | utf8_version_report(f); |
1006 | #endif | |
754a0503 | 1007 | |
fc362fc5 JH |
1008 | for (authi = auths_available; *authi->driver_name != '\0'; ++authi) |
1009 | if (authi->version_report) | |
44bbabb5 | 1010 | (*authi->version_report)(f); |
6545de78 | 1011 | |
decd95cb | 1012 | /* PCRE_PRERELEASE is either defined and empty or a bare sequence of |
6475bd82 PP |
1013 | characters; unless it's an ancient version of PCRE in which case it |
1014 | is not defined. */ | |
1015 | #ifndef PCRE_PRERELEASE | |
01f3091a | 1016 | # define PCRE_PRERELEASE |
6475bd82 PP |
1017 | #endif |
1018 | #define QUOTE(X) #X | |
1019 | #define EXPAND_AND_QUOTE(X) QUOTE(X) | |
6545de78 PP |
1020 | fprintf(f, "Library version: PCRE: Compile: %d.%d%s\n" |
1021 | " Runtime: %s\n", | |
1022 | PCRE_MAJOR, PCRE_MINOR, | |
6475bd82 | 1023 | EXPAND_AND_QUOTE(PCRE_PRERELEASE) "", |
6545de78 | 1024 | pcre_version()); |
6475bd82 PP |
1025 | #undef QUOTE |
1026 | #undef EXPAND_AND_QUOTE | |
6545de78 PP |
1027 | |
1028 | init_lookup_list(); | |
1029 | for (i = 0; i < lookup_list_count; i++) | |
6545de78 PP |
1030 | if (lookup_list[i]->version_report) |
1031 | lookup_list[i]->version_report(f); | |
6545de78 | 1032 | |
b70d2586 PP |
1033 | #ifdef WHITELIST_D_MACROS |
1034 | fprintf(f, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS); | |
1035 | #else | |
1036 | fprintf(f, "WHITELIST_D_MACROS unset\n"); | |
1037 | #endif | |
1038 | #ifdef TRUSTED_CONFIG_LIST | |
1039 | fprintf(f, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST); | |
1040 | #else | |
1041 | fprintf(f, "TRUSTED_CONFIG_LIST unset\n"); | |
1042 | #endif | |
1043 | ||
6545de78 | 1044 | } while (0); |
059ec3d9 PH |
1045 | } |
1046 | ||
1047 | ||
98a90c36 PP |
1048 | /************************************************* |
1049 | * Show auxiliary information about Exim * | |
1050 | *************************************************/ | |
1051 | ||
1052 | static void | |
1053 | show_exim_information(enum commandline_info request, FILE *stream) | |
1054 | { | |
1055 | const uschar **pp; | |
1056 | ||
1057 | switch(request) | |
1058 | { | |
1059 | case CMDINFO_NONE: | |
1060 | fprintf(stream, "Oops, something went wrong.\n"); | |
1061 | return; | |
1062 | case CMDINFO_HELP: | |
1063 | fprintf(stream, | |
1064 | "The -bI: flag takes a string indicating which information to provide.\n" | |
1065 | "If the string is not recognised, you'll get this help (on stderr).\n" | |
1066 | "\n" | |
1067 | " exim -bI:help this information\n" | |
030caf2a JS |
1068 | " exim -bI:dscp list of known dscp value keywords\n" |
1069 | " exim -bI:sieve list of supported sieve extensions\n" | |
98a90c36 PP |
1070 | ); |
1071 | return; | |
1072 | case CMDINFO_SIEVE: | |
1073 | for (pp = exim_sieve_extension_list; *pp; ++pp) | |
1074 | fprintf(stream, "%s\n", *pp); | |
1075 | return; | |
36a3ae5f PP |
1076 | case CMDINFO_DSCP: |
1077 | dscp_list_to_stream(stream); | |
1078 | return; | |
98a90c36 PP |
1079 | } |
1080 | } | |
059ec3d9 PH |
1081 | |
1082 | ||
1083 | /************************************************* | |
1084 | * Quote a local part * | |
1085 | *************************************************/ | |
1086 | ||
1087 | /* This function is used when a sender address or a From: or Sender: header | |
1088 | line is being created from the caller's login, or from an authenticated_id. It | |
1089 | applies appropriate quoting rules for a local part. | |
1090 | ||
1091 | Argument: the local part | |
1092 | Returns: the local part, quoted if necessary | |
1093 | */ | |
1094 | ||
1095 | uschar * | |
1096 | local_part_quote(uschar *lpart) | |
1097 | { | |
1098 | BOOL needs_quote = FALSE; | |
acec9514 | 1099 | gstring * g; |
059ec3d9 PH |
1100 | uschar *t; |
1101 | ||
1102 | for (t = lpart; !needs_quote && *t != 0; t++) | |
1103 | { | |
1104 | needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL && | |
1105 | (*t != '.' || t == lpart || t[1] == 0); | |
1106 | } | |
1107 | ||
1108 | if (!needs_quote) return lpart; | |
1109 | ||
acec9514 | 1110 | g = string_catn(NULL, US"\"", 1); |
059ec3d9 PH |
1111 | |
1112 | for (;;) | |
1113 | { | |
1114 | uschar *nq = US Ustrpbrk(lpart, "\\\""); | |
1115 | if (nq == NULL) | |
1116 | { | |
acec9514 | 1117 | g = string_cat(g, lpart); |
059ec3d9 PH |
1118 | break; |
1119 | } | |
acec9514 JH |
1120 | g = string_catn(g, lpart, nq - lpart); |
1121 | g = string_catn(g, US"\\", 1); | |
1122 | g = string_catn(g, nq, 1); | |
059ec3d9 PH |
1123 | lpart = nq + 1; |
1124 | } | |
1125 | ||
acec9514 JH |
1126 | g = string_catn(g, US"\"", 1); |
1127 | return string_from_gstring(g); | |
059ec3d9 PH |
1128 | } |
1129 | ||
1130 | ||
1131 | ||
1132 | #ifdef USE_READLINE | |
1133 | /************************************************* | |
1134 | * Load readline() functions * | |
1135 | *************************************************/ | |
1136 | ||
1137 | /* This function is called from testing executions that read data from stdin, | |
1138 | but only when running as the calling user. Currently, only -be does this. The | |
1139 | function loads the readline() function library and passes back the functions. | |
1140 | On some systems, it needs the curses library, so load that too, but try without | |
1141 | it if loading fails. All this functionality has to be requested at build time. | |
1142 | ||
1143 | Arguments: | |
1144 | fn_readline_ptr pointer to where to put the readline pointer | |
1145 | fn_addhist_ptr pointer to where to put the addhistory function | |
1146 | ||
1147 | Returns: the dlopen handle or NULL on failure | |
1148 | */ | |
1149 | ||
1150 | static void * | |
1ba28e2b PP |
1151 | set_readline(char * (**fn_readline_ptr)(const char *), |
1152 | void (**fn_addhist_ptr)(const char *)) | |
059ec3d9 PH |
1153 | { |
1154 | void *dlhandle; | |
e12f8c32 | 1155 | void *dlhandle_curses = dlopen("libcurses." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_LAZY); |
059ec3d9 | 1156 | |
e12f8c32 | 1157 | dlhandle = dlopen("libreadline." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_NOW); |
059ec3d9 PH |
1158 | if (dlhandle_curses != NULL) dlclose(dlhandle_curses); |
1159 | ||
1160 | if (dlhandle != NULL) | |
1161 | { | |
1ba28e2b PP |
1162 | /* Checked manual pages; at least in GNU Readline 6.1, the prototypes are: |
1163 | * char * readline (const char *prompt); | |
1164 | * void add_history (const char *string); | |
1165 | */ | |
1166 | *fn_readline_ptr = (char *(*)(const char*))dlsym(dlhandle, "readline"); | |
1167 | *fn_addhist_ptr = (void(*)(const char*))dlsym(dlhandle, "add_history"); | |
059ec3d9 PH |
1168 | } |
1169 | else | |
1170 | { | |
1171 | DEBUG(D_any) debug_printf("failed to load readline: %s\n", dlerror()); | |
1172 | } | |
1173 | ||
1174 | return dlhandle; | |
1175 | } | |
1176 | #endif | |
1177 | ||
1178 | ||
1179 | ||
1180 | /************************************************* | |
1181 | * Get a line from stdin for testing things * | |
1182 | *************************************************/ | |
1183 | ||
1184 | /* This function is called when running tests that can take a number of lines | |
1185 | of input (for example, -be and -bt). It handles continuations and trailing | |
1186 | spaces. And prompting and a blank line output on eof. If readline() is in use, | |
1187 | the arguments are non-NULL and provide the relevant functions. | |
1188 | ||
1189 | Arguments: | |
1190 | fn_readline readline function or NULL | |
1191 | fn_addhist addhist function or NULL | |
1192 | ||
1193 | Returns: pointer to dynamic memory, or NULL at end of file | |
1194 | */ | |
1195 | ||
1196 | static uschar * | |
1ba28e2b | 1197 | get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *)) |
059ec3d9 PH |
1198 | { |
1199 | int i; | |
acec9514 | 1200 | gstring * g = NULL; |
059ec3d9 | 1201 | |
acec9514 | 1202 | if (!fn_readline) { printf("> "); fflush(stdout); } |
059ec3d9 PH |
1203 | |
1204 | for (i = 0;; i++) | |
1205 | { | |
1206 | uschar buffer[1024]; | |
1207 | uschar *p, *ss; | |
1208 | ||
1209 | #ifdef USE_READLINE | |
1210 | char *readline_line = NULL; | |
1211 | if (fn_readline != NULL) | |
1212 | { | |
1213 | if ((readline_line = fn_readline((i > 0)? "":"> ")) == NULL) break; | |
1214 | if (*readline_line != 0 && fn_addhist != NULL) fn_addhist(readline_line); | |
1215 | p = US readline_line; | |
1216 | } | |
1217 | else | |
1218 | #endif | |
1219 | ||
1220 | /* readline() not in use */ | |
1221 | ||
1222 | { | |
1223 | if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break; | |
1224 | p = buffer; | |
1225 | } | |
1226 | ||
1227 | /* Handle the line */ | |
1228 | ||
1229 | ss = p + (int)Ustrlen(p); | |
1230 | while (ss > p && isspace(ss[-1])) ss--; | |
1231 | ||
1232 | if (i > 0) | |
1233 | { | |
1234 | while (p < ss && isspace(*p)) p++; /* leading space after cont */ | |
1235 | } | |
1236 | ||
acec9514 | 1237 | g = string_catn(g, p, ss - p); |
059ec3d9 PH |
1238 | |
1239 | #ifdef USE_READLINE | |
acec9514 | 1240 | if (fn_readline) free(readline_line); |
059ec3d9 PH |
1241 | #endif |
1242 | ||
acec9514 JH |
1243 | /* g can only be NULL if ss==p */ |
1244 | if (ss == p || g->s[g->ptr-1] != '\\') | |
059ec3d9 | 1245 | break; |
acec9514 JH |
1246 | |
1247 | --g->ptr; | |
1248 | (void) string_from_gstring(g); | |
059ec3d9 PH |
1249 | } |
1250 | ||
acec9514 JH |
1251 | if (!g) printf("\n"); |
1252 | return string_from_gstring(g); | |
059ec3d9 PH |
1253 | } |
1254 | ||
1255 | ||
1256 | ||
1257 | /************************************************* | |
81ea09ca NM |
1258 | * Output usage information for the program * |
1259 | *************************************************/ | |
1260 | ||
1261 | /* This function is called when there are no recipients | |
1262 | or a specific --help argument was added. | |
1263 | ||
1264 | Arguments: | |
1265 | progname information on what name we were called by | |
1266 | ||
1267 | Returns: DOES NOT RETURN | |
1268 | */ | |
1269 | ||
1270 | static void | |
1271 | exim_usage(uschar *progname) | |
1272 | { | |
1273 | ||
4c04137d | 1274 | /* Handle specific program invocation variants */ |
81ea09ca NM |
1275 | if (Ustrcmp(progname, US"-mailq") == 0) |
1276 | { | |
1277 | fprintf(stderr, | |
e765a0f1 | 1278 | "mailq - list the contents of the mail queue\n\n" |
81ea09ca NM |
1279 | "For a list of options, see the Exim documentation.\n"); |
1280 | exit(EXIT_FAILURE); | |
1281 | } | |
1282 | ||
1283 | /* Generic usage - we output this whatever happens */ | |
1284 | fprintf(stderr, | |
1285 | "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n" | |
1286 | "not directly from a shell command line. Options and/or arguments control\n" | |
1287 | "what it does when called. For a list of options, see the Exim documentation.\n"); | |
1288 | ||
1289 | exit(EXIT_FAILURE); | |
1290 | } | |
1291 | ||
1292 | ||
1293 | ||
1294 | /************************************************* | |
a7cbbf50 PP |
1295 | * Validate that the macros given are okay * |
1296 | *************************************************/ | |
1297 | ||
1298 | /* Typically, Exim will drop privileges if macros are supplied. In some | |
1299 | cases, we want to not do so. | |
1300 | ||
a4034eb8 | 1301 | Arguments: opt_D_used - true if the commandline had a "-D" option |
a7cbbf50 PP |
1302 | Returns: true if trusted, false otherwise |
1303 | */ | |
1304 | ||
1305 | static BOOL | |
a4034eb8 | 1306 | macros_trusted(BOOL opt_D_used) |
a7cbbf50 PP |
1307 | { |
1308 | #ifdef WHITELIST_D_MACROS | |
1309 | macro_item *m; | |
1a7c9a48 | 1310 | uschar *whitelisted, *end, *p, **whites, **w; |
a7cbbf50 PP |
1311 | int white_count, i, n; |
1312 | size_t len; | |
1313 | BOOL prev_char_item, found; | |
1314 | #endif | |
1315 | ||
a4034eb8 | 1316 | if (!opt_D_used) |
a7cbbf50 PP |
1317 | return TRUE; |
1318 | #ifndef WHITELIST_D_MACROS | |
1319 | return FALSE; | |
1320 | #else | |
1321 | ||
66581d1e PP |
1322 | /* We only trust -D overrides for some invoking users: |
1323 | root, the exim run-time user, the optional config owner user. | |
1324 | I don't know why config-owner would be needed, but since they can own the | |
1325 | config files anyway, there's no security risk to letting them override -D. */ | |
1326 | if ( ! ((real_uid == root_uid) | |
1327 | || (real_uid == exim_uid) | |
1328 | #ifdef CONFIGURE_OWNER | |
1329 | || (real_uid == config_uid) | |
1330 | #endif | |
1331 | )) | |
1332 | { | |
1333 | debug_printf("macros_trusted rejecting macros for uid %d\n", (int) real_uid); | |
1334 | return FALSE; | |
1335 | } | |
1336 | ||
a7cbbf50 PP |
1337 | /* Get a list of macros which are whitelisted */ |
1338 | whitelisted = string_copy_malloc(US WHITELIST_D_MACROS); | |
1339 | prev_char_item = FALSE; | |
1340 | white_count = 0; | |
1341 | for (p = whitelisted; *p != '\0'; ++p) | |
1342 | { | |
1343 | if (*p == ':' || isspace(*p)) | |
1344 | { | |
1345 | *p = '\0'; | |
1346 | if (prev_char_item) | |
1347 | ++white_count; | |
1348 | prev_char_item = FALSE; | |
1349 | continue; | |
1350 | } | |
1351 | if (!prev_char_item) | |
1352 | prev_char_item = TRUE; | |
1353 | } | |
1354 | end = p; | |
1355 | if (prev_char_item) | |
1356 | ++white_count; | |
1357 | if (!white_count) | |
1358 | return FALSE; | |
1359 | whites = store_malloc(sizeof(uschar *) * (white_count+1)); | |
1360 | for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p) | |
1361 | { | |
1362 | if (*p != '\0') | |
1363 | { | |
1364 | whites[i++] = p; | |
1365 | if (i == white_count) | |
1366 | break; | |
1367 | while (*p != '\0' && p < end) | |
1368 | ++p; | |
1369 | } | |
1370 | } | |
1371 | whites[i] = NULL; | |
1372 | ||
1a7c9a48 JH |
1373 | /* The list of commandline macros should be very short. |
1374 | Accept the N*M complexity. */ | |
85e03244 | 1375 | for (m = macros_user; m; m = m->next) if (m->command_line) |
1a7c9a48 JH |
1376 | { |
1377 | found = FALSE; | |
1378 | for (w = whites; *w; ++w) | |
1379 | if (Ustrcmp(*w, m->name) == 0) | |
1380 | { | |
1381 | found = TRUE; | |
1382 | break; | |
1383 | } | |
1384 | if (!found) | |
1385 | return FALSE; | |
1386 | if (!m->replacement) | |
1387 | continue; | |
1388 | if ((len = m->replen) == 0) | |
1389 | continue; | |
1390 | n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len, | |
1391 | 0, PCRE_EOPT, NULL, 0); | |
1392 | if (n < 0) | |
1393 | { | |
1394 | if (n != PCRE_ERROR_NOMATCH) | |
1395 | debug_printf("macros_trusted checking %s returned %d\n", m->name, n); | |
1396 | return FALSE; | |
1397 | } | |
1398 | } | |
43236f35 | 1399 | DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n"); |
a7cbbf50 PP |
1400 | return TRUE; |
1401 | #endif | |
1402 | } | |
1403 | ||
1404 | ||
1405 | /************************************************* | |
9650d98a JH |
1406 | * Expansion testing * |
1407 | *************************************************/ | |
1408 | ||
1409 | /* Expand and print one item, doing macro-processing. | |
1410 | ||
1411 | Arguments: | |
1412 | item line for expansion | |
1413 | */ | |
1414 | ||
1415 | static void | |
1416 | expansion_test_line(uschar * line) | |
1417 | { | |
1418 | int len; | |
1419 | BOOL dummy_macexp; | |
1420 | ||
1421 | Ustrncpy(big_buffer, line, big_buffer_size); | |
1422 | big_buffer[big_buffer_size-1] = '\0'; | |
1423 | len = Ustrlen(big_buffer); | |
1424 | ||
1425 | (void) macros_expand(0, &len, &dummy_macexp); | |
1426 | ||
1427 | if (isupper(big_buffer[0])) | |
1428 | { | |
1429 | if (macro_read_assignment(big_buffer)) | |
1a7c9a48 | 1430 | printf("Defined macro '%s'\n", mlast->name); |
9650d98a JH |
1431 | } |
1432 | else | |
1433 | if ((line = expand_string(big_buffer))) printf("%s\n", CS line); | |
1434 | else printf("Failed: %s\n", expand_string_message); | |
1435 | } | |
1436 | ||
1437 | ||
1438 | /************************************************* | |
059ec3d9 PH |
1439 | * Entry point and high-level code * |
1440 | *************************************************/ | |
1441 | ||
1442 | /* Entry point for the Exim mailer. Analyse the arguments and arrange to take | |
1443 | the appropriate action. All the necessary functions are present in the one | |
1444 | binary. I originally thought one should split it up, but it turns out that so | |
1445 | much of the apparatus is needed in each chunk that one might as well just have | |
1446 | it all available all the time, which then makes the coding easier as well. | |
1447 | ||
1448 | Arguments: | |
1449 | argc count of entries in argv | |
1450 | argv argument strings, with argv[0] being the program name | |
1451 | ||
1452 | Returns: EXIT_SUCCESS if terminated successfully | |
1453 | EXIT_FAILURE otherwise, except when a message has been sent | |
1454 | to the sender, and -oee was given | |
1455 | */ | |
1456 | ||
1457 | int | |
1458 | main(int argc, char **cargv) | |
1459 | { | |
1460 | uschar **argv = USS cargv; | |
1461 | int arg_receive_timeout = -1; | |
1462 | int arg_smtp_receive_timeout = -1; | |
1463 | int arg_error_handling = error_handling; | |
f05da2e8 PH |
1464 | int filter_sfd = -1; |
1465 | int filter_ufd = -1; | |
059ec3d9 | 1466 | int group_count; |
1670ef10 | 1467 | int i, rv; |
059ec3d9 PH |
1468 | int list_queue_option = 0; |
1469 | int msg_action = 0; | |
1470 | int msg_action_arg = -1; | |
1471 | int namelen = (argv[0] == NULL)? 0 : Ustrlen(argv[0]); | |
1472 | int queue_only_reason = 0; | |
1473 | #ifdef EXIM_PERL | |
1474 | int perl_start_option = 0; | |
1475 | #endif | |
1476 | int recipients_arg = argc; | |
1477 | int sender_address_domain = 0; | |
1478 | int test_retry_arg = -1; | |
1479 | int test_rewrite_arg = -1; | |
1480 | BOOL arg_queue_only = FALSE; | |
1481 | BOOL bi_option = FALSE; | |
1482 | BOOL checking = FALSE; | |
1483 | BOOL count_queue = FALSE; | |
1484 | BOOL expansion_test = FALSE; | |
1485 | BOOL extract_recipients = FALSE; | |
f4ee74ac | 1486 | BOOL flag_G = FALSE; |
12f69989 | 1487 | BOOL flag_n = FALSE; |
059ec3d9 PH |
1488 | BOOL forced_delivery = FALSE; |
1489 | BOOL f_end_dot = FALSE; | |
1490 | BOOL deliver_give_up = FALSE; | |
1491 | BOOL list_queue = FALSE; | |
1492 | BOOL list_options = FALSE; | |
bf3c2c6b | 1493 | BOOL list_config = FALSE; |
059ec3d9 PH |
1494 | BOOL local_queue_only; |
1495 | BOOL more = TRUE; | |
1496 | BOOL one_msg_action = FALSE; | |
4ab69ec7 | 1497 | BOOL opt_D_used = FALSE; |
059ec3d9 PH |
1498 | BOOL queue_only_set = FALSE; |
1499 | BOOL receiving_message = TRUE; | |
33d73e3b | 1500 | BOOL sender_ident_set = FALSE; |
8669f003 | 1501 | BOOL session_local_queue_only; |
059ec3d9 PH |
1502 | BOOL unprivileged; |
1503 | BOOL removed_privilege = FALSE; | |
81ea09ca | 1504 | BOOL usage_wanted = FALSE; |
059ec3d9 PH |
1505 | BOOL verify_address_mode = FALSE; |
1506 | BOOL verify_as_sender = FALSE; | |
1507 | BOOL version_printed = FALSE; | |
1508 | uschar *alias_arg = NULL; | |
1509 | uschar *called_as = US""; | |
a3fb9793 | 1510 | uschar *cmdline_syslog_name = NULL; |
059ec3d9 PH |
1511 | uschar *start_queue_run_id = NULL; |
1512 | uschar *stop_queue_run_id = NULL; | |
328895cc | 1513 | uschar *expansion_test_message = NULL; |
059ec3d9 PH |
1514 | uschar *ftest_domain = NULL; |
1515 | uschar *ftest_localpart = NULL; | |
1516 | uschar *ftest_prefix = NULL; | |
1517 | uschar *ftest_suffix = NULL; | |
0ad2e0fc | 1518 | uschar *log_oneline = NULL; |
8544e77a | 1519 | uschar *malware_test_file = NULL; |
059ec3d9 PH |
1520 | uschar *real_sender_address; |
1521 | uschar *originator_home = US"/"; | |
a3fb9793 | 1522 | size_t sz; |
059ec3d9 PH |
1523 | void *reset_point; |
1524 | ||
1525 | struct passwd *pw; | |
1526 | struct stat statbuf; | |
1527 | pid_t passed_qr_pid = (pid_t)0; | |
1528 | int passed_qr_pipe = -1; | |
1529 | gid_t group_list[NGROUPS_MAX]; | |
1530 | ||
98a90c36 PP |
1531 | /* For the -bI: flag */ |
1532 | enum commandline_info info_flag = CMDINFO_NONE; | |
1533 | BOOL info_stdout = FALSE; | |
1534 | ||
059ec3d9 PH |
1535 | /* Possible options for -R and -S */ |
1536 | ||
1537 | static uschar *rsopts[] = { US"f", US"ff", US"r", US"rf", US"rff" }; | |
1538 | ||
1539 | /* Need to define this in case we need to change the environment in order | |
1540 | to get rid of a bogus time zone. We have to make it char rather than uschar | |
1541 | because some OS define it in /usr/include/unistd.h. */ | |
1542 | ||
1543 | extern char **environ; | |
1544 | ||
35edf2ff | 1545 | /* If the Exim user and/or group and/or the configuration file owner/group were |
059ec3d9 PH |
1546 | defined by ref:name at build time, we must now find the actual uid/gid values. |
1547 | This is a feature to make the lives of binary distributors easier. */ | |
1548 | ||
1549 | #ifdef EXIM_USERNAME | |
1550 | if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid)) | |
1551 | { | |
10385c15 PP |
1552 | if (exim_uid == 0) |
1553 | { | |
1554 | fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n", | |
1555 | EXIM_USERNAME); | |
1556 | exit(EXIT_FAILURE); | |
1557 | } | |
084c1d8c PP |
1558 | /* If ref:name uses a number as the name, route_finduser() returns |
1559 | TRUE with exim_uid set and pw coerced to NULL. */ | |
1560 | if (pw) | |
1561 | exim_gid = pw->pw_gid; | |
1562 | #ifndef EXIM_GROUPNAME | |
1563 | else | |
1564 | { | |
1565 | fprintf(stderr, | |
1566 | "exim: ref:name should specify a usercode, not a group.\n" | |
1567 | "exim: can't let you get away with it unless you also specify a group.\n"); | |
1568 | exit(EXIT_FAILURE); | |
1569 | } | |
1570 | #endif | |
059ec3d9 PH |
1571 | } |
1572 | else | |
1573 | { | |
1574 | fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", | |
1575 | EXIM_USERNAME); | |
1576 | exit(EXIT_FAILURE); | |
1577 | } | |
1578 | #endif | |
1579 | ||
1580 | #ifdef EXIM_GROUPNAME | |
1581 | if (!route_findgroup(US EXIM_GROUPNAME, &exim_gid)) | |
1582 | { | |
1583 | fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", | |
1584 | EXIM_GROUPNAME); | |
1585 | exit(EXIT_FAILURE); | |
1586 | } | |
1587 | #endif | |
1588 | ||
1589 | #ifdef CONFIGURE_OWNERNAME | |
1590 | if (!route_finduser(US CONFIGURE_OWNERNAME, NULL, &config_uid)) | |
1591 | { | |
1592 | fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", | |
1593 | CONFIGURE_OWNERNAME); | |
1594 | exit(EXIT_FAILURE); | |
1595 | } | |
1596 | #endif | |
1597 | ||
79d4bc3d PP |
1598 | /* We default the system_filter_user to be the Exim run-time user, as a |
1599 | sane non-root value. */ | |
1600 | system_filter_uid = exim_uid; | |
1601 | ||
35edf2ff PH |
1602 | #ifdef CONFIGURE_GROUPNAME |
1603 | if (!route_findgroup(US CONFIGURE_GROUPNAME, &config_gid)) | |
1604 | { | |
1605 | fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", | |
1606 | CONFIGURE_GROUPNAME); | |
1607 | exit(EXIT_FAILURE); | |
1608 | } | |
1609 | #endif | |
1610 | ||
92e6a3d9 JH |
1611 | /* In the Cygwin environment, some initialization used to need doing. |
1612 | It was fudged in by means of this macro; now no longer but we'll leave | |
1613 | it in case of others. */ | |
059ec3d9 PH |
1614 | |
1615 | #ifdef OS_INIT | |
1616 | OS_INIT | |
1617 | #endif | |
1618 | ||
1619 | /* Check a field which is patched when we are running Exim within its | |
1620 | testing harness; do a fast initial check, and then the whole thing. */ | |
1621 | ||
1622 | running_in_test_harness = | |
1623 | *running_status == '<' && Ustrcmp(running_status, "<<<testing>>>") == 0; | |
1624 | ||
1625 | /* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed | |
1626 | at the start of a program; however, it seems that some environments do not | |
1627 | follow this. A "strange" locale can affect the formatting of timestamps, so we | |
1628 | make quite sure. */ | |
1629 | ||
1630 | setlocale(LC_ALL, "C"); | |
1631 | ||
1632 | /* Set up the default handler for timing using alarm(). */ | |
1633 | ||
1634 | os_non_restarting_signal(SIGALRM, sigalrm_handler); | |
1635 | ||
1636 | /* Ensure we have a buffer for constructing log entries. Use malloc directly, | |
1637 | because store_malloc writes a log entry on failure. */ | |
1638 | ||
40c90bca | 1639 | if (!(log_buffer = US malloc(LOG_BUFFER_SIZE))) |
059ec3d9 PH |
1640 | { |
1641 | fprintf(stderr, "exim: failed to get store for log buffer\n"); | |
1642 | exit(EXIT_FAILURE); | |
1643 | } | |
1644 | ||
6c6d6e48 TF |
1645 | /* Initialize the default log options. */ |
1646 | ||
1647 | bits_set(log_selector, log_selector_size, log_default); | |
1648 | ||
059ec3d9 PH |
1649 | /* Set log_stderr to stderr, provided that stderr exists. This gets reset to |
1650 | NULL when the daemon is run and the file is closed. We have to use this | |
1651 | indirection, because some systems don't allow writing to the variable "stderr". | |
1652 | */ | |
1653 | ||
1654 | if (fstat(fileno(stderr), &statbuf) >= 0) log_stderr = stderr; | |
1655 | ||
1656 | /* Arrange for the PCRE regex library to use our store functions. Note that | |
1657 | the normal calls are actually macros that add additional arguments for | |
1658 | debugging purposes so we have to assign specially constructed functions here. | |
1659 | The default is to use store in the stacking pool, but this is overridden in the | |
1660 | regex_must_compile() function. */ | |
1661 | ||
1662 | pcre_malloc = function_store_get; | |
1663 | pcre_free = function_dummy_free; | |
1664 | ||
1665 | /* Ensure there is a big buffer for temporary use in several places. It is put | |
1666 | in malloc store so that it can be freed for enlargement if necessary. */ | |
1667 | ||
1668 | big_buffer = store_malloc(big_buffer_size); | |
1669 | ||
1670 | /* Set up the handler for the data request signal, and set the initial | |
1671 | descriptive text. */ | |
1672 | ||
1673 | set_process_info("initializing"); | |
1674 | os_restarting_signal(SIGUSR1, usr1_handler); | |
1675 | ||
1676 | /* SIGHUP is used to get the daemon to reconfigure. It gets set as appropriate | |
1677 | in the daemon code. For the rest of Exim's uses, we ignore it. */ | |
1678 | ||
1679 | signal(SIGHUP, SIG_IGN); | |
1680 | ||
1681 | /* We don't want to die on pipe errors as the code is written to handle | |
1682 | the write error instead. */ | |
1683 | ||
1684 | signal(SIGPIPE, SIG_IGN); | |
1685 | ||
1686 | /* Under some circumstance on some OS, Exim can get called with SIGCHLD | |
1687 | set to SIG_IGN. This causes subprocesses that complete before the parent | |
1688 | process waits for them not to hang around, so when Exim calls wait(), nothing | |
1689 | is there. The wait() code has been made robust against this, but let's ensure | |
1690 | that SIGCHLD is set to SIG_DFL, because it's tidier to wait and get a process | |
1691 | ending status. We use sigaction rather than plain signal() on those OS where | |
1692 | SA_NOCLDWAIT exists, because we want to be sure it is turned off. (There was a | |
1693 | problem on AIX with this.) */ | |
1694 | ||
1695 | #ifdef SA_NOCLDWAIT | |
1696 | { | |
1697 | struct sigaction act; | |
1698 | act.sa_handler = SIG_DFL; | |
1699 | sigemptyset(&(act.sa_mask)); | |
1700 | act.sa_flags = 0; | |
1701 | sigaction(SIGCHLD, &act, NULL); | |
1702 | } | |
1703 | #else | |
1704 | signal(SIGCHLD, SIG_DFL); | |
1705 | #endif | |
1706 | ||
1707 | /* Save the arguments for use if we re-exec exim as a daemon after receiving | |
1708 | SIGHUP. */ | |
1709 | ||
1710 | sighup_argv = argv; | |
1711 | ||
1712 | /* Set up the version number. Set up the leading 'E' for the external form of | |
1713 | message ids, set the pointer to the internal form, and initialize it to | |
1714 | indicate no message being processed. */ | |
1715 | ||
1716 | version_init(); | |
1717 | message_id_option[0] = '-'; | |
1718 | message_id_external = message_id_option + 1; | |
1719 | message_id_external[0] = 'E'; | |
1720 | message_id = message_id_external + 1; | |
1721 | message_id[0] = 0; | |
1722 | ||
67d175de | 1723 | /* Set the umask to zero so that any files Exim creates using open() are |
2632889e PH |
1724 | created with the modes that it specifies. NOTE: Files created with fopen() have |
1725 | a problem, which was not recognized till rather late (February 2006). With this | |
1726 | umask, such files will be world writeable. (They are all content scanning files | |
1727 | in the spool directory, which isn't world-accessible, so this is not a | |
1728 | disaster, but it's untidy.) I don't want to change this overall setting, | |
1729 | however, because it will interact badly with the open() calls. Instead, there's | |
1730 | now a function called modefopen() that fiddles with the umask while calling | |
1731 | fopen(). */ | |
059ec3d9 | 1732 | |
67d175de | 1733 | (void)umask(0); |
059ec3d9 PH |
1734 | |
1735 | /* Precompile the regular expression for matching a message id. Keep this in | |
1736 | step with the code that generates ids in the accept.c module. We need to do | |
1737 | this here, because the -M options check their arguments for syntactic validity | |
1738 | using mac_ismsgid, which uses this. */ | |
1739 | ||
1740 | regex_ismsgid = | |
1741 | regex_must_compile(US"^(?:[^\\W_]{6}-){2}[^\\W_]{2}$", FALSE, TRUE); | |
1742 | ||
a5bd321b | 1743 | /* Precompile the regular expression that is used for matching an SMTP error |
d6a96edc PH |
1744 | code, possibly extended, at the start of an error message. Note that the |
1745 | terminating whitespace character is included. */ | |
a5bd321b PH |
1746 | |
1747 | regex_smtp_code = | |
1748 | regex_must_compile(US"^\\d\\d\\d\\s(?:\\d\\.\\d\\d?\\d?\\.\\d\\d?\\d?\\s)?", | |
1749 | FALSE, TRUE); | |
1750 | ||
a7cbbf50 PP |
1751 | #ifdef WHITELIST_D_MACROS |
1752 | /* Precompile the regular expression used to filter the content of macros | |
1753 | given to -D for permissibility. */ | |
1754 | ||
1755 | regex_whitelisted_macro = | |
1756 | regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); | |
1757 | #endif | |
1758 | ||
f38917cc JH |
1759 | for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; |
1760 | ||
059ec3d9 PH |
1761 | /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; |
1762 | this seems to be a generally accepted convention, since one finds symbolic | |
1763 | links called "mailq" in standard OS configurations. */ | |
1764 | ||
1765 | if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) || | |
1766 | (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/mailq", 6) == 0)) | |
1767 | { | |
1768 | list_queue = TRUE; | |
1769 | receiving_message = FALSE; | |
1770 | called_as = US"-mailq"; | |
1771 | } | |
1772 | ||
1773 | /* If the program is called as "rmail" treat it as equivalent to | |
1774 | "exim -i -oee", thus allowing UUCP messages to be input using non-SMTP mode, | |
1775 | i.e. preventing a single dot on a line from terminating the message, and | |
1776 | returning with zero return code, even in cases of error (provided an error | |
1777 | message has been sent). */ | |
1778 | ||
1779 | if ((namelen == 5 && Ustrcmp(argv[0], "rmail") == 0) || | |
1780 | (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rmail", 6) == 0)) | |
1781 | { | |
1782 | dot_ends = FALSE; | |
1783 | called_as = US"-rmail"; | |
1784 | errors_sender_rc = EXIT_SUCCESS; | |
1785 | } | |
1786 | ||
1787 | /* If the program is called as "rsmtp" treat it as equivalent to "exim -bS"; | |
1788 | this is a smail convention. */ | |
1789 | ||
1790 | if ((namelen == 5 && Ustrcmp(argv[0], "rsmtp") == 0) || | |
1791 | (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rsmtp", 6) == 0)) | |
1792 | { | |
1793 | smtp_input = smtp_batched_input = TRUE; | |
1794 | called_as = US"-rsmtp"; | |
1795 | } | |
1796 | ||
1797 | /* If the program is called as "runq" treat it as equivalent to "exim -q"; | |
1798 | this is a smail convention. */ | |
1799 | ||
1800 | if ((namelen == 4 && Ustrcmp(argv[0], "runq") == 0) || | |
1801 | (namelen > 4 && Ustrncmp(argv[0] + namelen - 5, "/runq", 5) == 0)) | |
1802 | { | |
1803 | queue_interval = 0; | |
1804 | receiving_message = FALSE; | |
1805 | called_as = US"-runq"; | |
1806 | } | |
1807 | ||
1808 | /* If the program is called as "newaliases" treat it as equivalent to | |
1809 | "exim -bi"; this is a sendmail convention. */ | |
1810 | ||
1811 | if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) || | |
1812 | (namelen > 10 && Ustrncmp(argv[0] + namelen - 11, "/newaliases", 11) == 0)) | |
1813 | { | |
1814 | bi_option = TRUE; | |
1815 | receiving_message = FALSE; | |
1816 | called_as = US"-newaliases"; | |
1817 | } | |
1818 | ||
1819 | /* Save the original effective uid for a couple of uses later. It should | |
1820 | normally be root, but in some esoteric environments it may not be. */ | |
1821 | ||
1822 | original_euid = geteuid(); | |
1823 | ||
1824 | /* Get the real uid and gid. If the caller is root, force the effective uid/gid | |
1825 | to be the same as the real ones. This makes a difference only if Exim is setuid | |
1826 | (or setgid) to something other than root, which could be the case in some | |
1827 | special configurations. */ | |
1828 | ||
1829 | real_uid = getuid(); | |
1830 | real_gid = getgid(); | |
1831 | ||
1832 | if (real_uid == root_uid) | |
1833 | { | |
1670ef10 PP |
1834 | rv = setgid(real_gid); |
1835 | if (rv) | |
1836 | { | |
1837 | fprintf(stderr, "exim: setgid(%ld) failed: %s\n", | |
1838 | (long int)real_gid, strerror(errno)); | |
1839 | exit(EXIT_FAILURE); | |
1840 | } | |
1841 | rv = setuid(real_uid); | |
1842 | if (rv) | |
1843 | { | |
1844 | fprintf(stderr, "exim: setuid(%ld) failed: %s\n", | |
1845 | (long int)real_uid, strerror(errno)); | |
1846 | exit(EXIT_FAILURE); | |
1847 | } | |
059ec3d9 PH |
1848 | } |
1849 | ||
1850 | /* If neither the original real uid nor the original euid was root, Exim is | |
1851 | running in an unprivileged state. */ | |
1852 | ||
1853 | unprivileged = (real_uid != root_uid && original_euid != root_uid); | |
1854 | ||
059ec3d9 PH |
1855 | /* Scan the program's arguments. Some can be dealt with right away; others are |
1856 | simply recorded for checking and handling afterwards. Do a high-level switch | |
1857 | on the second character (the one after '-'), to save some effort. */ | |
1858 | ||
1859 | for (i = 1; i < argc; i++) | |
1860 | { | |
1861 | BOOL badarg = FALSE; | |
1862 | uschar *arg = argv[i]; | |
1863 | uschar *argrest; | |
1864 | int switchchar; | |
1865 | ||
1866 | /* An argument not starting with '-' is the start of a recipients list; | |
1867 | break out of the options-scanning loop. */ | |
1868 | ||
1869 | if (arg[0] != '-') | |
1870 | { | |
1871 | recipients_arg = i; | |
1872 | break; | |
1873 | } | |
1874 | ||
4c04137d | 1875 | /* An option consisting of -- terminates the options */ |
059ec3d9 PH |
1876 | |
1877 | if (Ustrcmp(arg, "--") == 0) | |
1878 | { | |
1879 | recipients_arg = i + 1; | |
1880 | break; | |
1881 | } | |
1882 | ||
1883 | /* Handle flagged options */ | |
1884 | ||
1885 | switchchar = arg[1]; | |
1886 | argrest = arg+2; | |
1887 | ||
1888 | /* Make all -ex options synonymous with -oex arguments, since that | |
1889 | is assumed by various callers. Also make -qR options synonymous with -R | |
1890 | options, as that seems to be required as well. Allow for -qqR too, and | |
1891 | the same for -S options. */ | |
1892 | ||
1893 | if (Ustrncmp(arg+1, "oe", 2) == 0 || | |
1894 | Ustrncmp(arg+1, "qR", 2) == 0 || | |
1895 | Ustrncmp(arg+1, "qS", 2) == 0) | |
1896 | { | |
1897 | switchchar = arg[2]; | |
1898 | argrest++; | |
1899 | } | |
1900 | else if (Ustrncmp(arg+1, "qqR", 3) == 0 || Ustrncmp(arg+1, "qqS", 3) == 0) | |
1901 | { | |
1902 | switchchar = arg[3]; | |
1903 | argrest += 2; | |
1904 | queue_2stage = TRUE; | |
1905 | } | |
1906 | ||
1907 | /* Make -r synonymous with -f, since it is a documented alias */ | |
1908 | ||
1909 | else if (arg[1] == 'r') switchchar = 'f'; | |
1910 | ||
1911 | /* Make -ov synonymous with -v */ | |
1912 | ||
1913 | else if (Ustrcmp(arg, "-ov") == 0) | |
1914 | { | |
1915 | switchchar = 'v'; | |
1916 | argrest++; | |
1917 | } | |
1918 | ||
4b2241d2 PP |
1919 | /* deal with --option_aliases */ |
1920 | else if (switchchar == '-') | |
1921 | { | |
1922 | if (Ustrcmp(argrest, "help") == 0) | |
1923 | { | |
1924 | usage_wanted = TRUE; | |
1925 | break; | |
1926 | } | |
1927 | else if (Ustrcmp(argrest, "version") == 0) | |
1928 | { | |
1929 | switchchar = 'b'; | |
73a46702 | 1930 | argrest = US"V"; |
4b2241d2 PP |
1931 | } |
1932 | } | |
1933 | ||
059ec3d9 PH |
1934 | /* High-level switch on active initial letter */ |
1935 | ||
1936 | switch(switchchar) | |
1937 | { | |
a3fb9793 PP |
1938 | |
1939 | /* sendmail uses -Ac and -Am to control which .cf file is used; | |
1940 | we ignore them. */ | |
1941 | case 'A': | |
1942 | if (*argrest == '\0') { badarg = TRUE; break; } | |
1943 | else | |
1944 | { | |
1945 | BOOL ignore = FALSE; | |
1946 | switch (*argrest) | |
1947 | { | |
1948 | case 'c': | |
1949 | case 'm': | |
1950 | if (*(argrest + 1) == '\0') | |
1951 | ignore = TRUE; | |
1952 | break; | |
1953 | } | |
1954 | if (!ignore) { badarg = TRUE; break; } | |
1955 | } | |
1956 | break; | |
1957 | ||
059ec3d9 PH |
1958 | /* -Btype is a sendmail option for 7bit/8bit setting. Exim is 8-bit clean |
1959 | so has no need of it. */ | |
1960 | ||
1961 | case 'B': | |
1962 | if (*argrest == 0) i++; /* Skip over the type */ | |
1963 | break; | |
1964 | ||
1965 | ||
1966 | case 'b': | |
1967 | receiving_message = FALSE; /* Reset TRUE for -bm, -bS, -bs below */ | |
1968 | ||
1969 | /* -bd: Run in daemon mode, awaiting SMTP connections. | |
1970 | -bdf: Ditto, but in the foreground. | |
1971 | */ | |
1972 | ||
1973 | if (*argrest == 'd') | |
1974 | { | |
1975 | daemon_listen = TRUE; | |
1976 | if (*(++argrest) == 'f') background_daemon = FALSE; | |
1977 | else if (*argrest != 0) { badarg = TRUE; break; } | |
1978 | } | |
1979 | ||
328895cc PH |
1980 | /* -be: Run in expansion test mode |
1981 | -bem: Ditto, but read a message from a file first | |
1982 | */ | |
059ec3d9 PH |
1983 | |
1984 | else if (*argrest == 'e') | |
328895cc | 1985 | { |
059ec3d9 | 1986 | expansion_test = checking = TRUE; |
328895cc PH |
1987 | if (argrest[1] == 'm') |
1988 | { | |
1989 | if (++i >= argc) { badarg = TRUE; break; } | |
1990 | expansion_test_message = argv[i]; | |
1991 | argrest++; | |
1992 | } | |
1993 | if (argrest[1] != 0) { badarg = TRUE; break; } | |
1994 | } | |
059ec3d9 | 1995 | |
f05da2e8 PH |
1996 | /* -bF: Run system filter test */ |
1997 | ||
1998 | else if (*argrest == 'F') | |
1999 | { | |
34e86e20 | 2000 | filter_test |= checking = FTEST_SYSTEM; |
f05da2e8 PH |
2001 | if (*(++argrest) != 0) { badarg = TRUE; break; } |
2002 | if (++i < argc) filter_test_sfile = argv[i]; else | |
2003 | { | |
2004 | fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); | |
2005 | exit(EXIT_FAILURE); | |
2006 | } | |
2007 | } | |
2008 | ||
2009 | /* -bf: Run user filter test | |
059ec3d9 PH |
2010 | -bfd: Set domain for filter testing |
2011 | -bfl: Set local part for filter testing | |
2012 | -bfp: Set prefix for filter testing | |
2013 | -bfs: Set suffix for filter testing | |
2014 | */ | |
2015 | ||
f05da2e8 | 2016 | else if (*argrest == 'f') |
059ec3d9 | 2017 | { |
f05da2e8 | 2018 | if (*(++argrest) == 0) |
059ec3d9 | 2019 | { |
34e86e20 | 2020 | filter_test |= checking = FTEST_USER; |
f05da2e8 | 2021 | if (++i < argc) filter_test_ufile = argv[i]; else |
059ec3d9 PH |
2022 | { |
2023 | fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); | |
2024 | exit(EXIT_FAILURE); | |
2025 | } | |
2026 | } | |
2027 | else | |
2028 | { | |
2029 | if (++i >= argc) | |
2030 | { | |
2031 | fprintf(stderr, "exim: string expected after %s\n", arg); | |
2032 | exit(EXIT_FAILURE); | |
2033 | } | |
2034 | if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i]; | |
2035 | else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i]; | |
2036 | else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i]; | |
2037 | else if (Ustrcmp(argrest, "s") == 0) ftest_suffix = argv[i]; | |
2038 | else { badarg = TRUE; break; } | |
2039 | } | |
2040 | } | |
2041 | ||
2042 | /* -bh: Host checking - an IP address must follow. */ | |
2043 | ||
2044 | else if (Ustrcmp(argrest, "h") == 0 || Ustrcmp(argrest, "hc") == 0) | |
2045 | { | |
2046 | if (++i >= argc) { badarg = TRUE; break; } | |
2047 | sender_host_address = argv[i]; | |
2048 | host_checking = checking = log_testing_mode = TRUE; | |
2049 | host_checking_callout = argrest[1] == 'c'; | |
1a6230a3 | 2050 | message_logs = FALSE; |
059ec3d9 PH |
2051 | } |
2052 | ||
2053 | /* -bi: This option is used by sendmail to initialize *the* alias file, | |
2054 | though it has the -oA option to specify a different file. Exim has no | |
2055 | concept of *the* alias file, but since Sun's YP make script calls | |
2056 | sendmail this way, some support must be provided. */ | |
2057 | ||
2058 | else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE; | |
2059 | ||
98a90c36 PP |
2060 | /* -bI: provide information, of the type to follow after a colon. |
2061 | This is an Exim flag. */ | |
2062 | ||
2063 | else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':') | |
2064 | { | |
2065 | uschar *p = &argrest[2]; | |
2066 | info_flag = CMDINFO_HELP; | |
2067 | if (Ustrlen(p)) | |
2068 | { | |
2069 | if (strcmpic(p, CUS"sieve") == 0) | |
2070 | { | |
2071 | info_flag = CMDINFO_SIEVE; | |
2072 | info_stdout = TRUE; | |
2073 | } | |
36a3ae5f PP |
2074 | else if (strcmpic(p, CUS"dscp") == 0) |
2075 | { | |
2076 | info_flag = CMDINFO_DSCP; | |
2077 | info_stdout = TRUE; | |
2078 | } | |
98a90c36 PP |
2079 | else if (strcmpic(p, CUS"help") == 0) |
2080 | { | |
2081 | info_stdout = TRUE; | |
2082 | } | |
2083 | } | |
2084 | } | |
2085 | ||
059ec3d9 PH |
2086 | /* -bm: Accept and deliver message - the default option. Reinstate |
2087 | receiving_message, which got turned off for all -b options. */ | |
2088 | ||
2089 | else if (Ustrcmp(argrest, "m") == 0) receiving_message = TRUE; | |
2090 | ||
8544e77a PP |
2091 | /* -bmalware: test the filename given for malware */ |
2092 | ||
2093 | else if (Ustrcmp(argrest, "malware") == 0) | |
2094 | { | |
2095 | if (++i >= argc) { badarg = TRUE; break; } | |
34e86e20 | 2096 | checking = TRUE; |
8544e77a PP |
2097 | malware_test_file = argv[i]; |
2098 | } | |
2099 | ||
059ec3d9 PH |
2100 | /* -bnq: For locally originating messages, do not qualify unqualified |
2101 | addresses. In the envelope, this causes errors; in header lines they | |
2102 | just get left. */ | |
2103 | ||
2104 | else if (Ustrcmp(argrest, "nq") == 0) | |
2105 | { | |
2106 | allow_unqualified_sender = FALSE; | |
2107 | allow_unqualified_recipient = FALSE; | |
2108 | } | |
2109 | ||
2110 | /* -bpxx: List the contents of the mail queue, in various forms. If | |
2111 | the option is -bpc, just a queue count is needed. Otherwise, if the | |
2112 | first letter after p is r, then order is random. */ | |
2113 | ||
2114 | else if (*argrest == 'p') | |
2115 | { | |
2116 | if (*(++argrest) == 'c') | |
2117 | { | |
2118 | count_queue = TRUE; | |
2119 | if (*(++argrest) != 0) badarg = TRUE; | |
2120 | break; | |
2121 | } | |
2122 | ||
2123 | if (*argrest == 'r') | |
2124 | { | |
2125 | list_queue_option = 8; | |
2126 | argrest++; | |
2127 | } | |
2128 | else list_queue_option = 0; | |
2129 | ||
2130 | list_queue = TRUE; | |
2131 | ||
2132 | /* -bp: List the contents of the mail queue, top-level only */ | |
2133 | ||
2134 | if (*argrest == 0) {} | |
2135 | ||
2136 | /* -bpu: List the contents of the mail queue, top-level undelivered */ | |
2137 | ||
2138 | else if (Ustrcmp(argrest, "u") == 0) list_queue_option += 1; | |
2139 | ||
2140 | /* -bpa: List the contents of the mail queue, including all delivered */ | |
2141 | ||
2142 | else if (Ustrcmp(argrest, "a") == 0) list_queue_option += 2; | |
2143 | ||
2144 | /* Unknown after -bp[r] */ | |
2145 | ||
2146 | else | |
2147 | { | |
2148 | badarg = TRUE; | |
2149 | break; | |
2150 | } | |
2151 | } | |
2152 | ||
2153 | ||
2154 | /* -bP: List the configuration variables given as the address list. | |
2155 | Force -v, so configuration errors get displayed. */ | |
2156 | ||
2157 | else if (Ustrcmp(argrest, "P") == 0) | |
2158 | { | |
bf3c2c6b HSHR |
2159 | /* -bP config: we need to setup here, because later, |
2160 | * when list_options is checked, the config is read already */ | |
2161 | if (argv[i+1] && Ustrcmp(argv[i+1], "config") == 0) | |
2162 | { | |
2163 | list_config = TRUE; | |
2164 | readconf_save_config(version_string); | |
2165 | } | |
2166 | else | |
2167 | { | |
2168 | list_options = TRUE; | |
2169 | debug_selector |= D_v; | |
2170 | debug_file = stderr; | |
2171 | } | |
059ec3d9 PH |
2172 | } |
2173 | ||
2174 | /* -brt: Test retry configuration lookup */ | |
2175 | ||
2176 | else if (Ustrcmp(argrest, "rt") == 0) | |
2177 | { | |
34e86e20 | 2178 | checking = TRUE; |
059ec3d9 PH |
2179 | test_retry_arg = i + 1; |
2180 | goto END_ARG; | |
2181 | } | |
2182 | ||
2183 | /* -brw: Test rewrite configuration */ | |
2184 | ||
2185 | else if (Ustrcmp(argrest, "rw") == 0) | |
2186 | { | |
34e86e20 | 2187 | checking = TRUE; |
059ec3d9 PH |
2188 | test_rewrite_arg = i + 1; |
2189 | goto END_ARG; | |
2190 | } | |
2191 | ||
2192 | /* -bS: Read SMTP commands on standard input, but produce no replies - | |
2193 | all errors are reported by sending messages. */ | |
2194 | ||
2195 | else if (Ustrcmp(argrest, "S") == 0) | |
2196 | smtp_input = smtp_batched_input = receiving_message = TRUE; | |
2197 | ||
2198 | /* -bs: Read SMTP commands on standard input and produce SMTP replies | |
2199 | on standard output. */ | |
2200 | ||
2201 | else if (Ustrcmp(argrest, "s") == 0) smtp_input = receiving_message = TRUE; | |
2202 | ||
2203 | /* -bt: address testing mode */ | |
2204 | ||
2205 | else if (Ustrcmp(argrest, "t") == 0) | |
2206 | address_test_mode = checking = log_testing_mode = TRUE; | |
2207 | ||
2208 | /* -bv: verify addresses */ | |
2209 | ||
2210 | else if (Ustrcmp(argrest, "v") == 0) | |
2211 | verify_address_mode = checking = log_testing_mode = TRUE; | |
2212 | ||
2213 | /* -bvs: verify sender addresses */ | |
2214 | ||
2215 | else if (Ustrcmp(argrest, "vs") == 0) | |
2216 | { | |
2217 | verify_address_mode = checking = log_testing_mode = TRUE; | |
2218 | verify_as_sender = TRUE; | |
2219 | } | |
2220 | ||
2221 | /* -bV: Print version string and support details */ | |
2222 | ||
2223 | else if (Ustrcmp(argrest, "V") == 0) | |
2224 | { | |
2225 | printf("Exim version %s #%s built %s\n", version_string, | |
2226 | version_cnumber, version_date); | |
2227 | printf("%s\n", CS version_copyright); | |
2228 | version_printed = TRUE; | |
2229 | show_whats_supported(stdout); | |
b25c9675 | 2230 | log_testing_mode = TRUE; |
059ec3d9 PH |
2231 | } |
2232 | ||
9ee44efb PP |
2233 | /* -bw: inetd wait mode, accept a listening socket as stdin */ |
2234 | ||
2235 | else if (*argrest == 'w') | |
2236 | { | |
2237 | inetd_wait_mode = TRUE; | |
2238 | background_daemon = FALSE; | |
2239 | daemon_listen = TRUE; | |
2240 | if (*(++argrest) != '\0') | |
2241 | { | |
2242 | inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE); | |
2243 | if (inetd_wait_timeout <= 0) | |
2244 | { | |
2245 | fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); | |
2246 | exit(EXIT_FAILURE); | |
2247 | } | |
2248 | } | |
2249 | } | |
2250 | ||
059ec3d9 PH |
2251 | else badarg = TRUE; |
2252 | break; | |
2253 | ||
2254 | ||
2255 | /* -C: change configuration file list; ignore if it isn't really | |
2256 | a change! Enforce a prefix check if required. */ | |
2257 | ||
2258 | case 'C': | |
2259 | if (*argrest == 0) | |
2260 | { | |
2261 | if(++i < argc) argrest = argv[i]; else | |
2262 | { badarg = TRUE; break; } | |
2263 | } | |
2264 | if (Ustrcmp(config_main_filelist, argrest) != 0) | |
2265 | { | |
2266 | #ifdef ALT_CONFIG_PREFIX | |
2267 | int sep = 0; | |
2268 | int len = Ustrlen(ALT_CONFIG_PREFIX); | |
863bd541 | 2269 | const uschar *list = argrest; |
059ec3d9 PH |
2270 | uschar *filename; |
2271 | while((filename = string_nextinlist(&list, &sep, big_buffer, | |
2272 | big_buffer_size)) != NULL) | |
2273 | { | |
2274 | if ((Ustrlen(filename) < len || | |
2275 | Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 || | |
2276 | Ustrstr(filename, "/../") != NULL) && | |
2277 | (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid)) | |
2278 | { | |
2279 | fprintf(stderr, "-C Permission denied\n"); | |
2280 | exit(EXIT_FAILURE); | |
2281 | } | |
2282 | } | |
2283 | #endif | |
261dc43e DW |
2284 | if (real_uid != root_uid) |
2285 | { | |
90b6341f | 2286 | #ifdef TRUSTED_CONFIG_LIST |
261dc43e | 2287 | |
90b6341f DW |
2288 | if (real_uid != exim_uid |
2289 | #ifdef CONFIGURE_OWNER | |
2290 | && real_uid != config_uid | |
2291 | #endif | |
2292 | ) | |
261dc43e DW |
2293 | trusted_config = FALSE; |
2294 | else | |
2295 | { | |
90b6341f | 2296 | FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb"); |
261dc43e DW |
2297 | if (trust_list) |
2298 | { | |
2299 | struct stat statbuf; | |
2300 | ||
2301 | if (fstat(fileno(trust_list), &statbuf) != 0 || | |
2302 | (statbuf.st_uid != root_uid /* owner not root */ | |
2303 | #ifdef CONFIGURE_OWNER | |
2304 | && statbuf.st_uid != config_uid /* owner not the special one */ | |
2305 | #endif | |
2306 | ) || /* or */ | |
2307 | (statbuf.st_gid != root_gid /* group not root */ | |
2308 | #ifdef CONFIGURE_GROUP | |
2309 | && statbuf.st_gid != config_gid /* group not the special one */ | |
2310 | #endif | |
2311 | && (statbuf.st_mode & 020) != 0 /* group writeable */ | |
2312 | ) || /* or */ | |
2313 | (statbuf.st_mode & 2) != 0) /* world writeable */ | |
2314 | { | |
2315 | trusted_config = FALSE; | |
2316 | fclose(trust_list); | |
2317 | } | |
2318 | else | |
2319 | { | |
2320 | /* Well, the trust list at least is up to scratch... */ | |
2321 | void *reset_point = store_get(0); | |
90b6341f DW |
2322 | uschar *trusted_configs[32]; |
2323 | int nr_configs = 0; | |
261dc43e DW |
2324 | int i = 0; |
2325 | ||
2326 | while (Ufgets(big_buffer, big_buffer_size, trust_list)) | |
2327 | { | |
2328 | uschar *start = big_buffer, *nl; | |
2329 | while (*start && isspace(*start)) | |
2330 | start++; | |
1e83d68b | 2331 | if (*start != '/') |
261dc43e DW |
2332 | continue; |
2333 | nl = Ustrchr(start, '\n'); | |
2334 | if (nl) | |
2335 | *nl = 0; | |
90b6341f DW |
2336 | trusted_configs[nr_configs++] = string_copy(start); |
2337 | if (nr_configs == 32) | |
261dc43e DW |
2338 | break; |
2339 | } | |
2340 | fclose(trust_list); | |
2341 | ||
90b6341f | 2342 | if (nr_configs) |
261dc43e DW |
2343 | { |
2344 | int sep = 0; | |
55414b25 | 2345 | const uschar *list = argrest; |
261dc43e DW |
2346 | uschar *filename; |
2347 | while (trusted_config && (filename = string_nextinlist(&list, | |
2348 | &sep, big_buffer, big_buffer_size)) != NULL) | |
2349 | { | |
90b6341f | 2350 | for (i=0; i < nr_configs; i++) |
261dc43e | 2351 | { |
90b6341f | 2352 | if (Ustrcmp(filename, trusted_configs[i]) == 0) |
261dc43e DW |
2353 | break; |
2354 | } | |
90b6341f | 2355 | if (i == nr_configs) |
261dc43e DW |
2356 | { |
2357 | trusted_config = FALSE; | |
2358 | break; | |
2359 | } | |
2360 | } | |
1e83d68b | 2361 | store_reset(reset_point); |
261dc43e DW |
2362 | } |
2363 | else | |
2364 | { | |
2365 | /* No valid prefixes found in trust_list file. */ | |
2366 | trusted_config = FALSE; | |
2367 | } | |
2368 | } | |
2369 | } | |
2370 | else | |
2371 | { | |
2372 | /* Could not open trust_list file. */ | |
2373 | trusted_config = FALSE; | |
2374 | } | |
2375 | } | |
2376 | #else | |
2377 | /* Not root; don't trust config */ | |
2378 | trusted_config = FALSE; | |
2379 | #endif | |
2380 | } | |
059ec3d9 PH |
2381 | |
2382 | config_main_filelist = argrest; | |
2383 | config_changed = TRUE; | |
2384 | } | |
2385 | break; | |
2386 | ||
2387 | ||
2388 | /* -D: set up a macro definition */ | |
2389 | ||
2390 | case 'D': | |
2391 | #ifdef DISABLE_D_OPTION | |
2392 | fprintf(stderr, "exim: -D is not available in this Exim binary\n"); | |
2393 | exit(EXIT_FAILURE); | |
2394 | #else | |
2395 | { | |
2396 | int ptr = 0; | |
059ec3d9 PH |
2397 | macro_item *m; |
2398 | uschar name[24]; | |
2399 | uschar *s = argrest; | |
2400 | ||
4ab69ec7 | 2401 | opt_D_used = TRUE; |
059ec3d9 PH |
2402 | while (isspace(*s)) s++; |
2403 | ||
2404 | if (*s < 'A' || *s > 'Z') | |
2405 | { | |
2406 | fprintf(stderr, "exim: macro name set by -D must start with " | |
2407 | "an upper case letter\n"); | |
2408 | exit(EXIT_FAILURE); | |
2409 | } | |
2410 | ||
2411 | while (isalnum(*s) || *s == '_') | |
2412 | { | |
2413 | if (ptr < sizeof(name)-1) name[ptr++] = *s; | |
2414 | s++; | |
2415 | } | |
2416 | name[ptr] = 0; | |
2417 | if (ptr == 0) { badarg = TRUE; break; } | |
2418 | while (isspace(*s)) s++; | |
2419 | if (*s != 0) | |
2420 | { | |
2421 | if (*s++ != '=') { badarg = TRUE; break; } | |
2422 | while (isspace(*s)) s++; | |
2423 | } | |
2424 | ||
85e03244 | 2425 | for (m = macros_user; m; m = m->next) |
1a7c9a48 JH |
2426 | if (Ustrcmp(m->name, name) == 0) |
2427 | { | |
2428 | fprintf(stderr, "exim: duplicated -D in command line\n"); | |
2429 | exit(EXIT_FAILURE); | |
2430 | } | |
059ec3d9 | 2431 | |
85e03244 | 2432 | m = macro_create(name, s, TRUE); |
059ec3d9 PH |
2433 | |
2434 | if (clmacro_count >= MAX_CLMACROS) | |
2435 | { | |
2436 | fprintf(stderr, "exim: too many -D options on command line\n"); | |
2437 | exit(EXIT_FAILURE); | |
2438 | } | |
1a7c9a48 JH |
2439 | clmacros[clmacro_count++] = string_sprintf("-D%s=%s", m->name, |
2440 | m->replacement); | |
059ec3d9 PH |
2441 | } |
2442 | #endif | |
2443 | break; | |
2444 | ||
2445 | /* -d: Set debug level (see also -v below) or set the drop_cr option. | |
8e669ac1 | 2446 | The latter is now a no-op, retained for compatibility only. If -dd is used, |
3d235903 | 2447 | debugging subprocesses of the daemon is disabled. */ |
059ec3d9 PH |
2448 | |
2449 | case 'd': | |
2450 | if (Ustrcmp(argrest, "ropcr") == 0) | |
2451 | { | |
2452 | /* drop_cr = TRUE; */ | |
2453 | } | |
2454 | ||
2455 | /* Use an intermediate variable so that we don't set debugging while | |
2456 | decoding the debugging bits. */ | |
2457 | ||
2458 | else | |
2459 | { | |
2460 | unsigned int selector = D_default; | |
2461 | debug_selector = 0; | |
2462 | debug_file = NULL; | |
3d235903 PH |
2463 | if (*argrest == 'd') |
2464 | { | |
2465 | debug_daemon = TRUE; | |
2466 | argrest++; | |
2467 | } | |
059ec3d9 | 2468 | if (*argrest != 0) |
6c6d6e48 TF |
2469 | decode_bits(&selector, 1, debug_notall, argrest, |
2470 | debug_options, debug_options_count, US"debug", 0); | |
059ec3d9 PH |
2471 | debug_selector = selector; |
2472 | } | |
2473 | break; | |
2474 | ||
2475 | ||
2476 | /* -E: This is a local error message. This option is not intended for | |
2477 | external use at all, but is not restricted to trusted callers because it | |
2478 | does no harm (just suppresses certain error messages) and if Exim is run | |
2479 | not setuid root it won't always be trusted when it generates error | |
2480 | messages using this option. If there is a message id following -E, point | |
2481 | message_reference at it, for logging. */ | |
2482 | ||
2483 | case 'E': | |
2484 | local_error_message = TRUE; | |
2485 | if (mac_ismsgid(argrest)) message_reference = argrest; | |
2486 | break; | |
2487 | ||
2488 | ||
2489 | /* -ex: The vacation program calls sendmail with the undocumented "-eq" | |
2490 | option, so it looks as if historically the -oex options are also callable | |
2491 | without the leading -o. So we have to accept them. Before the switch, | |
2492 | anything starting -oe has been converted to -e. Exim does not support all | |
2493 | of the sendmail error options. */ | |
2494 | ||
2495 | case 'e': | |
2496 | if (Ustrcmp(argrest, "e") == 0) | |
2497 | { | |
2498 | arg_error_handling = ERRORS_SENDER; | |
2499 | errors_sender_rc = EXIT_SUCCESS; | |
2500 | } | |
2501 | else if (Ustrcmp(argrest, "m") == 0) arg_error_handling = ERRORS_SENDER; | |
2502 | else if (Ustrcmp(argrest, "p") == 0) arg_error_handling = ERRORS_STDERR; | |
2503 | else if (Ustrcmp(argrest, "q") == 0) arg_error_handling = ERRORS_STDERR; | |
2504 | else if (Ustrcmp(argrest, "w") == 0) arg_error_handling = ERRORS_SENDER; | |
2505 | else badarg = TRUE; | |
2506 | break; | |
2507 | ||
2508 | ||
2509 | /* -F: Set sender's full name, used instead of the gecos entry from | |
2510 | the password file. Since users can usually alter their gecos entries, | |
2511 | there's no security involved in using this instead. The data can follow | |
2512 | the -F or be in the next argument. */ | |
2513 | ||
2514 | case 'F': | |
2515 | if (*argrest == 0) | |
2516 | { | |
2517 | if(++i < argc) argrest = argv[i]; else | |
2518 | { badarg = TRUE; break; } | |
2519 | } | |
2520 | originator_name = argrest; | |
2fe1a124 | 2521 | sender_name_forced = TRUE; |
059ec3d9 PH |
2522 | break; |
2523 | ||
2524 | ||
2525 | /* -f: Set sender's address - this value is only actually used if Exim is | |
2526 | run by a trusted user, or if untrusted_set_sender is set and matches the | |
2527 | address, except that the null address can always be set by any user. The | |
2528 | test for this happens later, when the value given here is ignored when not | |
2529 | permitted. For an untrusted user, the actual sender is still put in Sender: | |
2530 | if it doesn't match the From: header (unless no_local_from_check is set). | |
2531 | The data can follow the -f or be in the next argument. The -r switch is an | |
2532 | obsolete form of -f but since there appear to be programs out there that | |
2533 | use anything that sendmail has ever supported, better accept it - the | |
2534 | synonymizing is done before the switch above. | |
2535 | ||
2536 | At this stage, we must allow domain literal addresses, because we don't | |
2537 | know what the setting of allow_domain_literals is yet. Ditto for trailing | |
2538 | dots and strip_trailing_dot. */ | |
2539 | ||
2540 | case 'f': | |
2541 | { | |
250b6871 | 2542 | int dummy_start, dummy_end; |
059ec3d9 PH |
2543 | uschar *errmess; |
2544 | if (*argrest == 0) | |
2545 | { | |
2546 | if (i+1 < argc) argrest = argv[++i]; else | |
2547 | { badarg = TRUE; break; } | |
2548 | } | |
2549 | if (*argrest == 0) | |
059ec3d9 | 2550 | sender_address = string_sprintf(""); /* Ensure writeable memory */ |
059ec3d9 PH |
2551 | else |
2552 | { | |
2553 | uschar *temp = argrest + Ustrlen(argrest) - 1; | |
2554 | while (temp >= argrest && isspace(*temp)) temp--; | |
2555 | if (temp >= argrest && *temp == '.') f_end_dot = TRUE; | |
2556 | allow_domain_literals = TRUE; | |
2557 | strip_trailing_dot = TRUE; | |
8c5d388a | 2558 | #ifdef SUPPORT_I18N |
250b6871 JH |
2559 | allow_utf8_domains = TRUE; |
2560 | #endif | |
2561 | sender_address = parse_extract_address(argrest, &errmess, | |
2562 | &dummy_start, &dummy_end, &sender_address_domain, TRUE); | |
8c5d388a | 2563 | #ifdef SUPPORT_I18N |
250b6871 JH |
2564 | message_smtputf8 = string_is_utf8(sender_address); |
2565 | allow_utf8_domains = FALSE; | |
2566 | #endif | |
059ec3d9 PH |
2567 | allow_domain_literals = FALSE; |
2568 | strip_trailing_dot = FALSE; | |
2569 | if (sender_address == NULL) | |
2570 | { | |
2571 | fprintf(stderr, "exim: bad -f address \"%s\": %s\n", argrest, errmess); | |
2572 | return EXIT_FAILURE; | |
2573 | } | |
2574 | } | |
2575 | sender_address_forced = TRUE; | |
2576 | } | |
2577 | break; | |
2578 | ||
a3fb9793 | 2579 | /* -G: sendmail invocation to specify that it's a gateway submission and |
f4ee74ac PP |
2580 | sendmail may complain about problems instead of fixing them. |
2581 | We make it equivalent to an ACL "control = suppress_local_fixups" and do | |
2582 | not at this time complain about problems. */ | |
059ec3d9 PH |
2583 | |
2584 | case 'G': | |
f4ee74ac | 2585 | flag_G = TRUE; |
059ec3d9 PH |
2586 | break; |
2587 | ||
2588 | /* -h: Set the hop count for an incoming message. Exim does not currently | |
2589 | support this; it always computes it by counting the Received: headers. | |
2590 | To put it in will require a change to the spool header file format. */ | |
2591 | ||
2592 | case 'h': | |
2593 | if (*argrest == 0) | |
2594 | { | |
2595 | if(++i < argc) argrest = argv[i]; else | |
2596 | { badarg = TRUE; break; } | |
2597 | } | |
2598 | if (!isdigit(*argrest)) badarg = TRUE; | |
2599 | break; | |
2600 | ||
2601 | ||
2602 | /* -i: Set flag so dot doesn't end non-SMTP input (same as -oi, seems | |
2603 | not to be documented for sendmail but mailx (at least) uses it) */ | |
2604 | ||
2605 | case 'i': | |
2606 | if (*argrest == 0) dot_ends = FALSE; else badarg = TRUE; | |
2607 | break; | |
2608 | ||
2609 | ||
a3fb9793 PP |
2610 | /* -L: set the identifier used for syslog; equivalent to setting |
2611 | syslog_processname in the config file, but needs to be an admin option. */ | |
2612 | ||
2613 | case 'L': | |
2614 | if (*argrest == '\0') | |
2615 | { | |
2616 | if(++i < argc) argrest = argv[i]; else | |
2617 | { badarg = TRUE; break; } | |
2618 | } | |
2619 | sz = Ustrlen(argrest); | |
2620 | if (sz > 32) | |
2621 | { | |
2622 | fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest); | |
2623 | return EXIT_FAILURE; | |
2624 | } | |
2625 | if (sz < 1) | |
2626 | { | |
2627 | fprintf(stderr, "exim: the -L syslog name is too short\n"); | |
2628 | return EXIT_FAILURE; | |
2629 | } | |
2630 | cmdline_syslog_name = argrest; | |
2631 | break; | |
2632 | ||
059ec3d9 PH |
2633 | case 'M': |
2634 | receiving_message = FALSE; | |
2635 | ||
2636 | /* -MC: continue delivery of another message via an existing open | |
2637 | file descriptor. This option is used for an internal call by the | |
2638 | smtp transport when there is a pending message waiting to go to an | |
2639 | address to which it has got a connection. Five subsequent arguments are | |
2640 | required: transport name, host name, IP address, sequence number, and | |
2641 | message_id. Transports may decline to create new processes if the sequence | |
2642 | number gets too big. The channel is stdin. This (-MC) must be the last | |
2643 | argument. There's a subsequent check that the real-uid is privileged. | |
2644 | ||
2645 | If we are running in the test harness. delay for a bit, to let the process | |
2646 | that set this one up complete. This makes for repeatability of the logging, | |
2647 | etc. output. */ | |
2648 | ||
2649 | if (Ustrcmp(argrest, "C") == 0) | |
2650 | { | |
41c7c167 PH |
2651 | union sockaddr_46 interface_sock; |
2652 | EXIM_SOCKLEN_T size = sizeof(interface_sock); | |
2653 | ||
059ec3d9 PH |
2654 | if (argc != i + 6) |
2655 | { | |
2656 | fprintf(stderr, "exim: too many or too few arguments after -MC\n"); | |
2657 | return EXIT_FAILURE; | |
2658 | } | |
2659 | ||
2660 | if (msg_action_arg >= 0) | |
2661 | { | |
2662 | fprintf(stderr, "exim: incompatible arguments\n"); | |
2663 | return EXIT_FAILURE; | |
2664 | } | |
2665 | ||
2666 | continue_transport = argv[++i]; | |
2667 | continue_hostname = argv[++i]; | |
2668 | continue_host_address = argv[++i]; | |
2669 | continue_sequence = Uatoi(argv[++i]); | |
2670 | msg_action = MSG_DELIVER; | |
2671 | msg_action_arg = ++i; | |
2672 | forced_delivery = TRUE; | |
2673 | queue_run_pid = passed_qr_pid; | |
2674 | queue_run_pipe = passed_qr_pipe; | |
2675 | ||
2676 | if (!mac_ismsgid(argv[i])) | |
2677 | { | |
2678 | fprintf(stderr, "exim: malformed message id %s after -MC option\n", | |
2679 | argv[i]); | |
2680 | return EXIT_FAILURE; | |
2681 | } | |
2682 | ||
875512a3 JH |
2683 | /* Set up $sending_ip_address and $sending_port, unless proxied */ |
2684 | ||
5013d912 | 2685 | if (!continue_proxy_cipher) |
875512a3 JH |
2686 | if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), |
2687 | &size) == 0) | |
2688 | sending_ip_address = host_ntoa(-1, &interface_sock, NULL, | |
2689 | &sending_port); | |
2690 | else | |
2691 | { | |
2692 | fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", | |
2693 | strerror(errno)); | |
2694 | return EXIT_FAILURE; | |
2695 | } | |
41c7c167 | 2696 | |
059ec3d9 PH |
2697 | if (running_in_test_harness) millisleep(500); |
2698 | break; | |
2699 | } | |
2700 | ||
2d14f397 JH |
2701 | else if (*argrest == 'C' && argrest[1] && !argrest[2]) |
2702 | { | |
875512a3 | 2703 | switch(argrest[1]) |
2d14f397 | 2704 | { |
059ec3d9 PH |
2705 | /* -MCA: set the smtp_authenticated flag; this is useful only when it |
2706 | precedes -MC (see above). The flag indicates that the host to which | |
2707 | Exim is connected has accepted an AUTH sequence. */ | |
2708 | ||
2d14f397 | 2709 | case 'A': smtp_authenticated = TRUE; break; |
059ec3d9 | 2710 | |
6c1c3d1d WB |
2711 | /* -MCD: set the smtp_use_dsn flag; this indicates that the host |
2712 | that exim is connected to supports the esmtp extension DSN */ | |
28b3821f | 2713 | |
14de8063 | 2714 | case 'D': smtp_peer_options |= OPTION_DSN; break; |
6c1c3d1d | 2715 | |
e37f8a84 | 2716 | /* -MCG: set the queue name, to a non-default value */ |
28b3821f | 2717 | |
2d14f397 JH |
2718 | case 'G': if (++i < argc) queue_name = string_copy(argv[i]); |
2719 | else badarg = TRUE; | |
2720 | break; | |
2721 | ||
2722 | /* -MCK: the peer offered CHUNKING. Must precede -MC */ | |
2723 | ||
14de8063 | 2724 | case 'K': smtp_peer_options |= OPTION_CHUNKING; break; |
28b3821f | 2725 | |
059ec3d9 PH |
2726 | /* -MCP: set the smtp_use_pipelining flag; this is useful only when |
2727 | it preceded -MC (see above) */ | |
2728 | ||
14de8063 | 2729 | case 'P': smtp_peer_options |= OPTION_PIPE; break; |
059ec3d9 PH |
2730 | |
2731 | /* -MCQ: pass on the pid of the queue-running process that started | |
2732 | this chain of deliveries and the fd of its synchronizing pipe; this | |
2733 | is useful only when it precedes -MC (see above) */ | |
2734 | ||
2d14f397 JH |
2735 | case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); |
2736 | else badarg = TRUE; | |
2737 | if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); | |
2738 | else badarg = TRUE; | |
2739 | break; | |
059ec3d9 PH |
2740 | |
2741 | /* -MCS: set the smtp_use_size flag; this is useful only when it | |
2742 | precedes -MC (see above) */ | |
2743 | ||
14de8063 | 2744 | case 'S': smtp_peer_options |= OPTION_SIZE; break; |
059ec3d9 | 2745 | |
2d14f397 | 2746 | #ifdef SUPPORT_TLS |
875512a3 JH |
2747 | /* -MCt: similar to -MCT below but the connection is still open |
2748 | via a proxy proces which handles the TLS context and coding. | |
5013d912 JH |
2749 | Require three arguments for the proxied local address and port, |
2750 | and the TLS cipher. */ | |
875512a3 | 2751 | |
5013d912 | 2752 | case 't': if (++i < argc) sending_ip_address = argv[i]; |
875512a3 JH |
2753 | else badarg = TRUE; |
2754 | if (++i < argc) sending_port = (int)(Uatol(argv[i])); | |
2755 | else badarg = TRUE; | |
5013d912 JH |
2756 | if (++i < argc) continue_proxy_cipher = argv[i]; |
2757 | else badarg = TRUE; | |
875512a3 JH |
2758 | /*FALLTHROUGH*/ |
2759 | ||
059ec3d9 PH |
2760 | /* -MCT: set the tls_offered flag; this is useful only when it |
2761 | precedes -MC (see above). The flag indicates that the host to which | |
2762 | Exim is connected has offered TLS support. */ | |
2763 | ||
14de8063 | 2764 | case 'T': smtp_peer_options |= OPTION_TLS; break; |
2d14f397 JH |
2765 | #endif |
2766 | ||
2767 | default: badarg = TRUE; break; | |
2768 | } | |
2769 | break; | |
059ec3d9 | 2770 | } |
059ec3d9 PH |
2771 | |
2772 | /* -M[x]: various operations on the following list of message ids: | |
2773 | -M deliver the messages, ignoring next retry times and thawing | |
2774 | -Mc deliver the messages, checking next retry times, no thawing | |
2775 | -Mf freeze the messages | |
2776 | -Mg give up on the messages | |
2777 | -Mt thaw the messages | |
2778 | -Mrm remove the messages | |
2779 | In the above cases, this must be the last option. There are also the | |
2780 | following options which are followed by a single message id, and which | |
2781 | act on that message. Some of them use the "recipient" addresses as well. | |
2782 | -Mar add recipient(s) | |
2783 | -Mmad mark all recipients delivered | |
2784 | -Mmd mark recipients(s) delivered | |
2785 | -Mes edit sender | |
0ef732d9 | 2786 | -Mset load a message for use with -be |
059ec3d9 | 2787 | -Mvb show body |
a96603a0 | 2788 | -Mvc show copy (of whole message, in RFC 2822 format) |
059ec3d9 PH |
2789 | -Mvh show header |
2790 | -Mvl show log | |
2791 | */ | |
2792 | ||
2793 | else if (*argrest == 0) | |
2794 | { | |
2795 | msg_action = MSG_DELIVER; | |
2796 | forced_delivery = deliver_force_thaw = TRUE; | |
2797 | } | |
2798 | else if (Ustrcmp(argrest, "ar") == 0) | |
2799 | { | |
2800 | msg_action = MSG_ADD_RECIPIENT; | |
2801 | one_msg_action = TRUE; | |
2802 | } | |
2803 | else if (Ustrcmp(argrest, "c") == 0) msg_action = MSG_DELIVER; | |
2804 | else if (Ustrcmp(argrest, "es") == 0) | |
2805 | { | |
2806 | msg_action = MSG_EDIT_SENDER; | |
2807 | one_msg_action = TRUE; | |
2808 | } | |
2809 | else if (Ustrcmp(argrest, "f") == 0) msg_action = MSG_FREEZE; | |
2810 | else if (Ustrcmp(argrest, "g") == 0) | |
2811 | { | |
2812 | msg_action = MSG_DELIVER; | |
2813 | deliver_give_up = TRUE; | |
2814 | } | |
2815 | else if (Ustrcmp(argrest, "mad") == 0) | |
2816 | { | |
2817 | msg_action = MSG_MARK_ALL_DELIVERED; | |
2818 | } | |
2819 | else if (Ustrcmp(argrest, "md") == 0) | |
2820 | { | |
2821 | msg_action = MSG_MARK_DELIVERED; | |
2822 | one_msg_action = TRUE; | |
2823 | } | |
2824 | else if (Ustrcmp(argrest, "rm") == 0) msg_action = MSG_REMOVE; | |
0ef732d9 PH |
2825 | else if (Ustrcmp(argrest, "set") == 0) |
2826 | { | |
2827 | msg_action = MSG_LOAD; | |
2828 | one_msg_action = TRUE; | |
2829 | } | |
059ec3d9 PH |
2830 | else if (Ustrcmp(argrest, "t") == 0) msg_action = MSG_THAW; |
2831 | else if (Ustrcmp(argrest, "vb") == 0) | |
2832 | { | |
2833 | msg_action = MSG_SHOW_BODY; | |
2834 | one_msg_action = TRUE; | |
2835 | } | |
a96603a0 PH |
2836 | else if (Ustrcmp(argrest, "vc") == 0) |
2837 | { | |
2838 | msg_action = MSG_SHOW_COPY; | |
2839 | one_msg_action = TRUE; | |
2840 | } | |
059ec3d9 PH |
2841 | else if (Ustrcmp(argrest, "vh") == 0) |
2842 | { | |
2843 | msg_action = MSG_SHOW_HEADER; | |
2844 | one_msg_action = TRUE; | |
2845 | } | |
2846 | else if (Ustrcmp(argrest, "vl") == 0) | |
2847 | { | |
2848 | msg_action = MSG_SHOW_LOG; | |
2849 | one_msg_action = TRUE; | |
2850 | } | |
2851 | else { badarg = TRUE; break; } | |
2852 | ||
2853 | /* All the -Mxx options require at least one message id. */ | |
2854 | ||
2855 | msg_action_arg = i + 1; | |
2856 | if (msg_action_arg >= argc) | |
2857 | { | |
2858 | fprintf(stderr, "exim: no message ids given after %s option\n", arg); | |
2859 | return EXIT_FAILURE; | |
2860 | } | |
2861 | ||
2862 | /* Some require only message ids to follow */ | |
2863 | ||
2864 | if (!one_msg_action) | |
2865 | { | |
2866 | int j; | |
2867 | for (j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j])) | |
2868 | { | |
2869 | fprintf(stderr, "exim: malformed message id %s after %s option\n", | |
2870 | argv[j], arg); | |
2871 | return EXIT_FAILURE; | |
2872 | } | |
2873 | goto END_ARG; /* Remaining args are ids */ | |
2874 | } | |
2875 | ||
2876 | /* Others require only one message id, possibly followed by addresses, | |
2877 | which will be handled as normal arguments. */ | |
2878 | ||
2879 | else | |
2880 | { | |
2881 | if (!mac_ismsgid(argv[msg_action_arg])) | |
2882 | { | |
2883 | fprintf(stderr, "exim: malformed message id %s after %s option\n", | |
2884 | argv[msg_action_arg], arg); | |
2885 | return EXIT_FAILURE; | |
2886 | } | |
2887 | i++; | |
2888 | } | |
2889 | break; | |
2890 | ||
2891 | ||
2892 | /* Some programs seem to call the -om option without the leading o; | |
2893 | for sendmail it askes for "me too". Exim always does this. */ | |
2894 | ||
2895 | case 'm': | |
2896 | if (*argrest != 0) badarg = TRUE; | |
2897 | break; | |
2898 | ||
2899 | ||
2900 | /* -N: don't do delivery - a debugging option that stops transports doing | |
2901 | their thing. It implies debugging at the D_v level. */ | |
2902 | ||
2903 | case 'N': | |
2904 | if (*argrest == 0) | |
2905 | { | |
2906 | dont_deliver = TRUE; | |
2907 | debug_selector |= D_v; | |
2908 | debug_file = stderr; | |
2909 | } | |
2910 | else badarg = TRUE; | |
2911 | break; | |
2912 | ||
2913 | ||
12f69989 PP |
2914 | /* -n: This means "don't alias" in sendmail, apparently. |
2915 | For normal invocations, it has no effect. | |
2916 | It may affect some other options. */ | |
059ec3d9 PH |
2917 | |
2918 | case 'n': | |
12f69989 | 2919 | flag_n = TRUE; |
059ec3d9 PH |
2920 | break; |
2921 | ||
2922 | /* -O: Just ignore it. In sendmail, apparently -O option=value means set | |
2923 | option to the specified value. This form uses long names. We need to handle | |
2924 | -O option=value and -Ooption=value. */ | |
2925 | ||
2926 | case 'O': | |
2927 | if (*argrest == 0) | |
2928 | { | |
2929 | if (++i >= argc) | |
2930 | { | |
2931 | fprintf(stderr, "exim: string expected after -O\n"); | |
2932 | exit(EXIT_FAILURE); | |
2933 | } | |
2934 | } | |
2935 | break; | |
2936 | ||
2937 | case 'o': | |
2938 | ||
2939 | /* -oA: Set an argument for the bi command (sendmail's "alternate alias | |
2940 | file" option). */ | |
2941 | ||
2942 | if (*argrest == 'A') | |
2943 | { | |
2944 | alias_arg = argrest + 1; | |
2945 | if (alias_arg[0] == 0) | |
2946 | { | |
2947 | if (i+1 < argc) alias_arg = argv[++i]; else | |
2948 | { | |
2949 | fprintf(stderr, "exim: string expected after -oA\n"); | |
2950 | exit(EXIT_FAILURE); | |
2951 | } | |
2952 | } | |
2953 | } | |
2954 | ||
2955 | /* -oB: Set a connection message max value for remote deliveries */ | |
2956 | ||
2957 | else if (*argrest == 'B') | |
2958 | { | |
2959 | uschar *p = argrest + 1; | |
2960 | if (p[0] == 0) | |
2961 | { | |
2962 | if (i+1 < argc && isdigit((argv[i+1][0]))) p = argv[++i]; else | |
2963 | { | |
2964 | connection_max_messages = 1; | |
2965 | p = NULL; | |
2966 | } | |
2967 | } | |
2968 | ||
2969 | if (p != NULL) | |
2970 | { | |
2971 | if (!isdigit(*p)) | |
2972 | { | |
2973 | fprintf(stderr, "exim: number expected after -oB\n"); | |
2974 | exit(EXIT_FAILURE); | |
2975 | } | |
2976 | connection_max_messages = Uatoi(p); | |
2977 | } | |
2978 | } | |
2979 | ||
2980 | /* -odb: background delivery */ | |
2981 | ||
2982 | else if (Ustrcmp(argrest, "db") == 0) | |
2983 | { | |
2984 | synchronous_delivery = FALSE; | |
2985 | arg_queue_only = FALSE; | |
2986 | queue_only_set = TRUE; | |
2987 | } | |
2988 | ||
2989 | /* -odf: foreground delivery (smail-compatible option); same effect as | |
2990 | -odi: interactive (synchronous) delivery (sendmail-compatible option) | |
2991 | */ | |
2992 | ||
2993 | else if (Ustrcmp(argrest, "df") == 0 || Ustrcmp(argrest, "di") == 0) | |
2994 | { | |
2995 | synchronous_delivery = TRUE; | |
2996 | arg_queue_only = FALSE; | |
2997 | queue_only_set = TRUE; | |
2998 | } | |
2999 | ||
3000 | /* -odq: queue only */ | |
3001 | ||
3002 | else if (Ustrcmp(argrest, "dq") == 0) | |
3003 | { | |
3004 | synchronous_delivery = FALSE; | |
3005 | arg_queue_only = TRUE; | |
3006 | queue_only_set = TRUE; | |
3007 | } | |
3008 | ||
3009 | /* -odqs: queue SMTP only - do local deliveries and remote routing, | |
3010 | but no remote delivery */ | |
3011 | ||
3012 | else if (Ustrcmp(argrest, "dqs") == 0) | |
3013 | { | |
3014 | queue_smtp = TRUE; | |
3015 | arg_queue_only = FALSE; | |
3016 | queue_only_set = TRUE; | |
3017 | } | |
3018 | ||
3019 | /* -oex: Sendmail error flags. As these are also accepted without the | |
3020 | leading -o prefix, for compatibility with vacation and other callers, | |
3021 | they are handled with -e above. */ | |
3022 | ||
3023 | /* -oi: Set flag so dot doesn't end non-SMTP input (same as -i) | |
3024 | -oitrue: Another sendmail syntax for the same */ | |
3025 | ||
3026 | else if (Ustrcmp(argrest, "i") == 0 || | |
3027 | Ustrcmp(argrest, "itrue") == 0) | |
3028 | dot_ends = FALSE; | |
3029 | ||
3030 | /* -oM*: Set various characteristics for an incoming message; actually | |
3031 | acted on for trusted callers only. */ | |
3032 | ||
3033 | else if (*argrest == 'M') | |
3034 | { | |
3035 | if (i+1 >= argc) | |
3036 | { | |
3037 | fprintf(stderr, "exim: data expected after -o%s\n", argrest); | |
3038 | exit(EXIT_FAILURE); | |
3039 | } | |
3040 | ||
3041 | /* -oMa: Set sender host address */ | |
3042 | ||
3043 | if (Ustrcmp(argrest, "Ma") == 0) sender_host_address = argv[++i]; | |
3044 | ||
3045 | /* -oMaa: Set authenticator name */ | |
3046 | ||
3047 | else if (Ustrcmp(argrest, "Maa") == 0) | |
3048 | sender_host_authenticated = argv[++i]; | |
3049 | ||
3050 | /* -oMas: setting authenticated sender */ | |
3051 | ||
3052 | else if (Ustrcmp(argrest, "Mas") == 0) authenticated_sender = argv[++i]; | |
3053 | ||
3054 | /* -oMai: setting authenticated id */ | |
3055 | ||
3056 | else if (Ustrcmp(argrest, "Mai") == 0) authenticated_id = argv[++i]; | |
3057 | ||
3058 | /* -oMi: Set incoming interface address */ | |
3059 | ||
3060 | else if (Ustrcmp(argrest, "Mi") == 0) interface_address = argv[++i]; | |
3061 | ||
d2af03f4 HS |
3062 | /* -oMm: Message reference */ |
3063 | ||
3064 | else if (Ustrcmp(argrest, "Mm") == 0) | |
3065 | { | |
3066 | if (!mac_ismsgid(argv[i+1])) | |
3067 | { | |
3068 | fprintf(stderr,"-oMm must be a valid message ID\n"); | |
3069 | exit(EXIT_FAILURE); | |
3070 | } | |
3071 | if (!trusted_config) | |
3072 | { | |
3073 | fprintf(stderr,"-oMm must be called by a trusted user/config\n"); | |
3074 | exit(EXIT_FAILURE); | |
3075 | } | |
3076 | message_reference = argv[++i]; | |
3077 | } | |
3078 | ||
059ec3d9 PH |
3079 | /* -oMr: Received protocol */ |
3080 | ||
65e061b7 HSHR |
3081 | else if (Ustrcmp(argrest, "Mr") == 0) |
3082 | ||
3083 | if (received_protocol) | |
3084 | { | |
3085 | fprintf(stderr, "received_protocol is set already\n"); | |
3086 | exit(EXIT_FAILURE); | |
3087 | } | |
3088 | else received_protocol = argv[++i]; | |
059ec3d9 PH |
3089 | |
3090 | /* -oMs: Set sender host name */ | |
3091 | ||
3092 | else if (Ustrcmp(argrest, "Ms") == 0) sender_host_name = argv[++i]; | |
3093 | ||
3094 | /* -oMt: Set sender ident */ | |
3095 | ||
33d73e3b PH |
3096 | else if (Ustrcmp(argrest, "Mt") == 0) |
3097 | { | |
3098 | sender_ident_set = TRUE; | |
3099 | sender_ident = argv[++i]; | |
3100 | } | |
059ec3d9 PH |
3101 | |
3102 | /* Else a bad argument */ | |
3103 | ||
3104 | else | |
3105 | { | |
3106 | badarg = TRUE; | |
3107 | break; | |
3108 | } | |
3109 | } | |
3110 | ||
3111 | /* -om: Me-too flag for aliases. Exim always does this. Some programs | |
3112 | seem to call this as -m (undocumented), so that is also accepted (see | |
3113 | above). */ | |
3114 | ||
3115 | else if (Ustrcmp(argrest, "m") == 0) {} | |
3116 | ||
3117 | /* -oo: An ancient flag for old-style addresses which still seems to | |
3118 | crop up in some calls (see in SCO). */ | |
3119 | ||
3120 | else if (Ustrcmp(argrest, "o") == 0) {} | |
3121 | ||
3122 | /* -oP <name>: set pid file path for daemon */ | |
3123 | ||
3124 | else if (Ustrcmp(argrest, "P") == 0) | |
3125 | override_pid_file_path = argv[++i]; | |
3126 | ||
3127 | /* -or <n>: set timeout for non-SMTP acceptance | |
3128 | -os <n>: set timeout for SMTP acceptance */ | |
3129 | ||
3130 | else if (*argrest == 'r' || *argrest == 's') | |
3131 | { | |
3132 | int *tp = (*argrest == 'r')? | |
3133 | &arg_receive_timeout : &arg_smtp_receive_timeout; | |
3134 | if (argrest[1] == 0) | |
3135 | { | |
3136 | if (i+1 < argc) *tp= readconf_readtime(argv[++i], 0, FALSE); | |
3137 | } | |
3138 | else *tp = readconf_readtime(argrest + 1, 0, FALSE); | |
3139 | if (*tp < 0) | |
3140 | { | |
3141 | fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); | |
3142 | exit(EXIT_FAILURE); | |
3143 | } | |
3144 | } | |
3145 | ||
3146 | /* -oX <list>: Override local_interfaces and/or default daemon ports */ | |
3147 | ||
3148 | else if (Ustrcmp(argrest, "X") == 0) | |
3149 | override_local_interfaces = argv[++i]; | |
3150 | ||
3151 | /* Unknown -o argument */ | |
3152 | ||
3153 | else badarg = TRUE; | |
3154 | break; | |
3155 | ||
3156 | ||
3157 | /* -ps: force Perl startup; -pd force delayed Perl startup */ | |
3158 | ||
3159 | case 'p': | |
3160 | #ifdef EXIM_PERL | |
3161 | if (*argrest == 's' && argrest[1] == 0) | |
3162 | { | |
3163 | perl_start_option = 1; | |
3164 | break; | |
3165 | } | |
3166 | if (*argrest == 'd' && argrest[1] == 0) | |
3167 | { | |
3168 | perl_start_option = -1; | |
3169 | break; | |
3170 | } | |
3171 | #endif | |
3172 | ||
3173 | /* -panythingelse is taken as the Sendmail-compatible argument -prval:sval, | |
3174 | which sets the host protocol and host name */ | |
3175 | ||
3176 | if (*argrest == 0) | |
5bfe3b35 JH |
3177 | if (i+1 < argc) |
3178 | argrest = argv[++i]; | |
3179 | else | |
059ec3d9 | 3180 | { badarg = TRUE; break; } |
059ec3d9 PH |
3181 | |
3182 | if (*argrest != 0) | |
3183 | { | |
65e061b7 HSHR |
3184 | uschar *hn; |
3185 | ||
3186 | if (received_protocol) | |
3187 | { | |
3188 | fprintf(stderr, "received_protocol is set already\n"); | |
3189 | exit(EXIT_FAILURE); | |
3190 | } | |
3191 | ||
3192 | hn = Ustrchr(argrest, ':'); | |
059ec3d9 | 3193 | if (hn == NULL) |
059ec3d9 | 3194 | received_protocol = argrest; |
059ec3d9 PH |
3195 | else |
3196 | { | |
90341c71 JH |
3197 | int old_pool = store_pool; |
3198 | store_pool = POOL_PERM; | |
059ec3d9 | 3199 | received_protocol = string_copyn(argrest, hn - argrest); |
90341c71 | 3200 | store_pool = old_pool; |
059ec3d9 PH |
3201 | sender_host_name = hn + 1; |
3202 | } | |
3203 | } | |
3204 | break; | |
3205 | ||
3206 | ||
3207 | case 'q': | |
3208 | receiving_message = FALSE; | |
3cc66b45 PH |
3209 | if (queue_interval >= 0) |
3210 | { | |
3211 | fprintf(stderr, "exim: -q specified more than once\n"); | |
3212 | exit(EXIT_FAILURE); | |
3213 | } | |
059ec3d9 PH |
3214 | |
3215 | /* -qq...: Do queue runs in a 2-stage manner */ | |
3216 | ||
3217 | if (*argrest == 'q') | |
3218 | { | |
3219 | queue_2stage = TRUE; | |
3220 | argrest++; | |
3221 | } | |
3222 | ||
3223 | /* -qi...: Do only first (initial) deliveries */ | |
3224 | ||
3225 | if (*argrest == 'i') | |
3226 | { | |
3227 | queue_run_first_delivery = TRUE; | |
3228 | argrest++; | |
3229 | } | |
3230 | ||
3231 | /* -qf...: Run the queue, forcing deliveries | |
3232 | -qff..: Ditto, forcing thawing as well */ | |
3233 | ||
3234 | if (*argrest == 'f') | |
3235 | { | |
3236 | queue_run_force = TRUE; | |
55e70e76 | 3237 | if (*++argrest == 'f') |
059ec3d9 PH |
3238 | { |
3239 | deliver_force_thaw = TRUE; | |
3240 | argrest++; | |
3241 | } | |
3242 | } | |
3243 | ||
3244 | /* -q[f][f]l...: Run the queue only on local deliveries */ | |
3245 | ||
3246 | if (*argrest == 'l') | |
3247 | { | |
3248 | queue_run_local = TRUE; | |
3249 | argrest++; | |
3250 | } | |
3251 | ||
55e70e76 | 3252 | /* -q[f][f][l][G<name>]... Work on the named queue */ |
28b3821f JH |
3253 | |
3254 | if (*argrest == 'G') | |
3255 | { | |
fa665e0b JH |
3256 | int i; |
3257 | for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++; | |
3258 | queue_name = string_copyn(argrest, i); | |
3259 | argrest += i; | |
3260 | if (*argrest == '/') argrest++; | |
28b3821f JH |
3261 | } |
3262 | ||
3263 | /* -q[f][f][l][G<name>]: Run the queue, optionally forced, optionally local | |
3264 | only, optionally named, optionally starting from a given message id. */ | |
059ec3d9 PH |
3265 | |
3266 | if (*argrest == 0 && | |
3267 | (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) | |
3268 | { | |
3269 | queue_interval = 0; | |
3270 | if (i+1 < argc && mac_ismsgid(argv[i+1])) | |
3271 | start_queue_run_id = argv[++i]; | |
3272 | if (i+1 < argc && mac_ismsgid(argv[i+1])) | |
3273 | stop_queue_run_id = argv[++i]; | |
3274 | } | |
3275 | ||
fa665e0b JH |
3276 | /* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally |
3277 | forced, optionally local only, optionally named. */ | |
059ec3d9 | 3278 | |
55e70e76 JH |
3279 | else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], |
3280 | 0, FALSE)) <= 0) | |
059ec3d9 | 3281 | { |
55e70e76 JH |
3282 | fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); |
3283 | exit(EXIT_FAILURE); | |
059ec3d9 PH |
3284 | } |
3285 | break; | |
3286 | ||
3287 | ||
3288 | case 'R': /* Synonymous with -qR... */ | |
3289 | receiving_message = FALSE; | |
3290 | ||
3291 | /* -Rf: As -R (below) but force all deliveries, | |
3292 | -Rff: Ditto, but also thaw all frozen messages, | |
3293 | -Rr: String is regex | |
3294 | -Rrf: Regex and force | |
3295 | -Rrff: Regex and force and thaw | |
3296 | ||
3297 | in all cases provided there are no further characters in this | |
3298 | argument. */ | |
3299 | ||
3300 | if (*argrest != 0) | |
3301 | { | |
3302 | int i; | |
55e70e76 | 3303 | for (i = 0; i < nelem(rsopts); i++) |
059ec3d9 PH |
3304 | if (Ustrcmp(argrest, rsopts[i]) == 0) |
3305 | { | |
3306 | if (i != 2) queue_run_force = TRUE; | |
3307 | if (i >= 2) deliver_selectstring_regex = TRUE; | |
3308 | if (i == 1 || i == 4) deliver_force_thaw = TRUE; | |
3309 | argrest += Ustrlen(rsopts[i]); | |
3310 | } | |
059ec3d9 PH |
3311 | } |
3312 | ||
3313 | /* -R: Set string to match in addresses for forced queue run to | |
3314 | pick out particular messages. */ | |
3315 | ||
55e70e76 JH |
3316 | if (*argrest) |
3317 | deliver_selectstring = argrest; | |
3318 | else if (i+1 < argc) | |
3319 | deliver_selectstring = argv[++i]; | |
3320 | else | |
059ec3d9 | 3321 | { |
55e70e76 JH |
3322 | fprintf(stderr, "exim: string expected after -R\n"); |
3323 | exit(EXIT_FAILURE); | |
059ec3d9 | 3324 | } |
059ec3d9 PH |
3325 | break; |
3326 | ||
3327 | ||
3328 | /* -r: an obsolete synonym for -f (see above) */ | |
3329 | ||
3330 | ||
3331 | /* -S: Like -R but works on sender. */ | |
3332 | ||
3333 | case 'S': /* Synonymous with -qS... */ | |
3334 | receiving_message = FALSE; | |
3335 | ||
3336 | /* -Sf: As -S (below) but force all deliveries, | |
3337 | -Sff: Ditto, but also thaw all frozen messages, | |
3338 | -Sr: String is regex | |
3339 | -Srf: Regex and force | |
3340 | -Srff: Regex and force and thaw | |
3341 | ||
3342 | in all cases provided there are no further characters in this | |
3343 | argument. */ | |
3344 | ||
55e70e76 | 3345 | if (*argrest) |
059ec3d9 PH |
3346 | { |
3347 | int i; | |
55e70e76 | 3348 | for (i = 0; i < nelem(rsopts); i++) |
059ec3d9 PH |
3349 | if (Ustrcmp(argrest, rsopts[i]) == 0) |
3350 | { | |
3351 | if (i != 2) queue_run_force = TRUE; | |
3352 | if (i >= 2) deliver_selectstring_sender_regex = TRUE; | |
3353 | if (i == 1 || i == 4) deliver_force_thaw = TRUE; | |
3354 | argrest += Ustrlen(rsopts[i]); | |
3355 | } | |
059ec3d9 PH |
3356 | } |
3357 | ||
3358 | /* -S: Set string to match in addresses for forced queue run to | |
3359 | pick out particular messages. */ | |
3360 | ||
55e70e76 JH |
3361 | if (*argrest) |
3362 | deliver_selectstring_sender = argrest; | |
3363 | else if (i+1 < argc) | |
3364 | deliver_selectstring_sender = argv[++i]; | |
3365 | else | |
059ec3d9 | 3366 | { |
55e70e76 JH |
3367 | fprintf(stderr, "exim: string expected after -S\n"); |
3368 | exit(EXIT_FAILURE); | |
059ec3d9 | 3369 | } |
059ec3d9 PH |
3370 | break; |
3371 | ||
3372 | /* -Tqt is an option that is exclusively for use by the testing suite. | |
3373 | It is not recognized in other circumstances. It allows for the setting up | |
3374 | of explicit "queue times" so that various warning/retry things can be | |
3375 | tested. Otherwise variability of clock ticks etc. cause problems. */ | |
3376 | ||
3377 | case 'T': | |
3378 | if (running_in_test_harness && Ustrcmp(argrest, "qt") == 0) | |
3379 | fudged_queue_times = argv[++i]; | |
3380 | else badarg = TRUE; | |
3381 | break; | |
3382 | ||
3383 | ||
3384 | /* -t: Set flag to extract recipients from body of message. */ | |
3385 | ||
3386 | case 't': | |
3387 | if (*argrest == 0) extract_recipients = TRUE; | |
3388 | ||
3389 | /* -ti: Set flag to extract recipients from body of message, and also | |
3390 | specify that dot does not end the message. */ | |
3391 | ||
3392 | else if (Ustrcmp(argrest, "i") == 0) | |
3393 | { | |
3394 | extract_recipients = TRUE; | |
3395 | dot_ends = FALSE; | |
3396 | } | |
3397 | ||
3398 | /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ | |
3399 | ||
3400 | #ifdef SUPPORT_TLS | |
817d9f57 | 3401 | else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; |
059ec3d9 PH |
3402 | #endif |
3403 | ||
3404 | else badarg = TRUE; | |
3405 | break; | |
3406 | ||
3407 | ||
3408 | /* -U: This means "initial user submission" in sendmail, apparently. The | |
3409 | doc claims that in future sendmail may refuse syntactically invalid | |
3410 | messages instead of fixing them. For the moment, we just ignore it. */ | |
3411 | ||
3412 | case 'U': | |
3413 | break; | |
3414 | ||
3415 | ||
3416 | /* -v: verify things - this is a very low-level debugging */ | |
3417 | ||
3418 | case 'v': | |
3419 | if (*argrest == 0) | |
3420 | { | |
3421 | debug_selector |= D_v; | |
3422 | debug_file = stderr; | |
3423 | } | |
3424 | else badarg = TRUE; | |
3425 | break; | |
3426 | ||
3427 | ||
3428 | /* -x: AIX uses this to indicate some fancy 8-bit character stuff: | |
3429 | ||
3430 | The -x flag tells the sendmail command that mail from a local | |
3431 | mail program has National Language Support (NLS) extended characters | |
3432 | in the body of the mail item. The sendmail command can send mail with | |
3433 | extended NLS characters across networks that normally corrupts these | |
3434 | 8-bit characters. | |
3435 | ||
3436 | As Exim is 8-bit clean, it just ignores this flag. */ | |
3437 | ||
3438 | case 'x': | |
3439 | if (*argrest != 0) badarg = TRUE; | |
3440 | break; | |
3441 | ||
a3fb9793 PP |
3442 | /* -X: in sendmail: takes one parameter, logfile, and sends debugging |
3443 | logs to that file. We swallow the parameter and otherwise ignore it. */ | |
3444 | ||
3445 | case 'X': | |
3446 | if (*argrest == '\0') | |
a3fb9793 PP |
3447 | if (++i >= argc) |
3448 | { | |
3449 | fprintf(stderr, "exim: string expected after -X\n"); | |
3450 | exit(EXIT_FAILURE); | |
3451 | } | |
0ad2e0fc JH |
3452 | break; |
3453 | ||
3454 | case 'z': | |
3455 | if (*argrest == '\0') | |
3456 | if (++i < argc) log_oneline = argv[i]; else | |
3457 | { | |
3458 | fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); | |
3459 | exit(EXIT_FAILURE); | |
3460 | } | |
a3fb9793 PP |
3461 | break; |
3462 | ||
059ec3d9 PH |
3463 | /* All other initial characters are errors */ |
3464 | ||
3465 | default: | |
3466 | badarg = TRUE; | |
3467 | break; | |
3468 | } /* End of high-level switch statement */ | |
3469 | ||
3470 | /* Failed to recognize the option, or syntax error */ | |
3471 | ||
3472 | if (badarg) | |
3473 | { | |
3474 | fprintf(stderr, "exim abandoned: unknown, malformed, or incomplete " | |
3475 | "option %s\n", arg); | |
3476 | exit(EXIT_FAILURE); | |
3477 | } | |
3478 | } | |
3479 | ||
3480 | ||
3cc66b45 PH |
3481 | /* If -R or -S have been specified without -q, assume a single queue run. */ |
3482 | ||
55e70e76 JH |
3483 | if ( (deliver_selectstring || deliver_selectstring_sender) |
3484 | && queue_interval < 0) | |
3485 | queue_interval = 0; | |
3cc66b45 PH |
3486 | |
3487 | ||
059ec3d9 | 3488 | END_ARG: |
81ea09ca NM |
3489 | /* If usage_wanted is set we call the usage function - which never returns */ |
3490 | if (usage_wanted) exim_usage(called_as); | |
3491 | ||
3492 | /* Arguments have been processed. Check for incompatibilities. */ | |
059ec3d9 PH |
3493 | if (( |
3494 | (smtp_input || extract_recipients || recipients_arg < argc) && | |
3495 | (daemon_listen || queue_interval >= 0 || bi_option || | |
3496 | test_retry_arg >= 0 || test_rewrite_arg >= 0 || | |
f05da2e8 | 3497 | filter_test != FTEST_NONE || (msg_action_arg > 0 && !one_msg_action)) |
059ec3d9 PH |
3498 | ) || |
3499 | ( | |
3500 | msg_action_arg > 0 && | |
44915474 | 3501 | (daemon_listen || queue_interval > 0 || list_options || |
0ef732d9 PH |
3502 | (checking && msg_action != MSG_LOAD) || |
3503 | bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0) | |
059ec3d9 PH |
3504 | ) || |
3505 | ( | |
55e70e76 | 3506 | (daemon_listen || queue_interval > 0) && |
059ec3d9 | 3507 | (sender_address != NULL || list_options || list_queue || checking || |
0ef732d9 | 3508 | bi_option) |
059ec3d9 PH |
3509 | ) || |
3510 | ( | |
3511 | daemon_listen && queue_interval == 0 | |
3512 | ) || | |
3513 | ( | |
9ee44efb PP |
3514 | inetd_wait_mode && queue_interval >= 0 |
3515 | ) || | |
3516 | ( | |
059ec3d9 PH |
3517 | list_options && |
3518 | (checking || smtp_input || extract_recipients || | |
f05da2e8 | 3519 | filter_test != FTEST_NONE || bi_option) |
059ec3d9 PH |
3520 | ) || |
3521 | ( | |
3522 | verify_address_mode && | |
3523 | (address_test_mode || smtp_input || extract_recipients || | |
f05da2e8 | 3524 | filter_test != FTEST_NONE || bi_option) |
059ec3d9 PH |
3525 | ) || |
3526 | ( | |
3527 | address_test_mode && (smtp_input || extract_recipients || | |
f05da2e8 | 3528 | filter_test != FTEST_NONE || bi_option) |
059ec3d9 PH |
3529 | ) || |
3530 | ( | |
f05da2e8 | 3531 | smtp_input && (sender_address != NULL || filter_test != FTEST_NONE || |
059ec3d9 PH |
3532 | extract_recipients) |
3533 | ) || | |
3534 | ( | |
3535 | deliver_selectstring != NULL && queue_interval < 0 | |
328895cc PH |
3536 | ) || |
3537 | ( | |
3538 | msg_action == MSG_LOAD && | |
3539 | (!expansion_test || expansion_test_message != NULL) | |
059ec3d9 PH |
3540 | ) |
3541 | ) | |
3542 | { | |
3543 | fprintf(stderr, "exim: incompatible command-line options or arguments\n"); | |
3544 | exit(EXIT_FAILURE); | |
3545 | } | |
3546 | ||
3547 | /* If debugging is set up, set the file and the file descriptor to pass on to | |
3548 | child processes. It should, of course, be 2 for stderr. Also, force the daemon | |
3549 | to run in the foreground. */ | |
3550 | ||
3551 | if (debug_selector != 0) | |
3552 | { | |
3553 | debug_file = stderr; | |
3554 | debug_fd = fileno(debug_file); | |
3555 | background_daemon = FALSE; | |
3556 | if (running_in_test_harness) millisleep(100); /* lets caller finish */ | |
3557 | if (debug_selector != D_v) /* -v only doesn't show this */ | |
3558 | { | |
3559 | debug_printf("Exim version %s uid=%ld gid=%ld pid=%d D=%x\n", | |
3560 | version_string, (long int)real_uid, (long int)real_gid, (int)getpid(), | |
3561 | debug_selector); | |
6545de78 PP |
3562 | if (!version_printed) |
3563 | show_whats_supported(stderr); | |
059ec3d9 PH |
3564 | } |
3565 | } | |
3566 | ||
3567 | /* When started with root privilege, ensure that the limits on the number of | |
3568 | open files and the number of processes (where that is accessible) are | |
3569 | sufficiently large, or are unset, in case Exim has been called from an | |
3570 | environment where the limits are screwed down. Not all OS have the ability to | |
3571 | change some of these limits. */ | |
3572 | ||
3573 | if (unprivileged) | |
3574 | { | |
3575 | DEBUG(D_any) debug_print_ids(US"Exim has no root privilege:"); | |
3576 | } | |
3577 | else | |
3578 | { | |
3579 | struct rlimit rlp; | |
3580 | ||
3581 | #ifdef RLIMIT_NOFILE | |
3582 | if (getrlimit(RLIMIT_NOFILE, &rlp) < 0) | |
3583 | { | |
3584 | log_write(0, LOG_MAIN|LOG_PANIC, "getrlimit(RLIMIT_NOFILE) failed: %s", | |
3585 | strerror(errno)); | |
3586 | rlp.rlim_cur = rlp.rlim_max = 0; | |
3587 | } | |
eb2c0248 PH |
3588 | |
3589 | /* I originally chose 1000 as a nice big number that was unlikely to | |
a494b1e1 PH |
3590 | be exceeded. It turns out that some older OS have a fixed upper limit of |
3591 | 256. */ | |
eb2c0248 | 3592 | |
059ec3d9 PH |
3593 | if (rlp.rlim_cur < 1000) |
3594 | { | |
3595 | rlp.rlim_cur = rlp.rlim_max = 1000; | |
3596 | if (setrlimit(RLIMIT_NOFILE, &rlp) < 0) | |
eb2c0248 | 3597 | { |
a494b1e1 PH |
3598 | rlp.rlim_cur = rlp.rlim_max = 256; |
3599 | if (setrlimit(RLIMIT_NOFILE, &rlp) < 0) | |
3600 | log_write(0, LOG_MAIN|LOG_PANIC, "setrlimit(RLIMIT_NOFILE) failed: %s", | |
3601 | strerror(errno)); | |
eb2c0248 | 3602 | } |
059ec3d9 PH |
3603 | } |
3604 | #endif | |
3605 | ||
3606 | #ifdef RLIMIT_NPROC | |
3607 | if (getrlimit(RLIMIT_NPROC, &rlp) < 0) | |
3608 | { | |
3609 | log_write(0, LOG_MAIN|LOG_PANIC, "getrlimit(RLIMIT_NPROC) failed: %s", | |
3610 | strerror(errno)); | |
3611 | rlp.rlim_cur = rlp.rlim_max = 0; | |
3612 | } | |
3613 | ||
3614 | #ifdef RLIM_INFINITY | |
3615 | if (rlp.rlim_cur != RLIM_INFINITY && rlp.rlim_cur < 1000) | |
3616 | { | |
3617 | rlp.rlim_cur = rlp.rlim_max = RLIM_INFINITY; | |
3618 | #else | |
3619 | if (rlp.rlim_cur < 1000) | |
3620 | { | |
3621 | rlp.rlim_cur = rlp.rlim_max = 1000; | |
3622 | #endif | |
3623 | if (setrlimit(RLIMIT_NPROC, &rlp) < 0) | |
3624 | log_write(0, LOG_MAIN|LOG_PANIC, "setrlimit(RLIMIT_NPROC) failed: %s", | |
3625 | strerror(errno)); | |
3626 | } | |
3627 | #endif | |
3628 | } | |
3629 | ||
3630 | /* Exim is normally entered as root (but some special configurations are | |
3631 | possible that don't do this). However, it always spins off sub-processes that | |
3632 | set their uid and gid as required for local delivery. We don't want to pass on | |
3633 | any extra groups that root may belong to, so we want to get rid of them all at | |
3634 | this point. | |
3635 | ||
3636 | We need to obey setgroups() at this stage, before possibly giving up root | |
3637 | privilege for a changed configuration file, but later on we might need to | |
3638 | check on the additional groups for the admin user privilege - can't do that | |
3639 | till after reading the config, which might specify the exim gid. Therefore, | |
3640 | save the group list here first. */ | |
3641 | ||
3642 | group_count = getgroups(NGROUPS_MAX, group_list); | |
cd59ab18 PP |
3643 | if (group_count < 0) |
3644 | { | |
3645 | fprintf(stderr, "exim: getgroups() failed: %s\n", strerror(errno)); | |
3646 | exit(EXIT_FAILURE); | |
3647 | } | |
059ec3d9 PH |
3648 | |
3649 | /* There is a fundamental difference in some BSD systems in the matter of | |
3650 | groups. FreeBSD and BSDI are known to be different; NetBSD and OpenBSD are | |
3651 | known not to be different. On the "different" systems there is a single group | |
3652 | list, and the first entry in it is the current group. On all other versions of | |
3653 | Unix there is a supplementary group list, which is in *addition* to the current | |
3654 | group. Consequently, to get rid of all extraneous groups on a "standard" system | |
3655 | you pass over 0 groups to setgroups(), while on a "different" system you pass | |
3656 | over a single group - the current group, which is always the first group in the | |
3657 | list. Calling setgroups() with zero groups on a "different" system results in | |
3658 | an error return. The following code should cope with both types of system. | |
3659 | ||
3660 | However, if this process isn't running as root, setgroups() can't be used | |
3661 | since you have to be root to run it, even if throwing away groups. Not being | |
3662 | root here happens only in some unusual configurations. We just ignore the | |
3663 | error. */ | |
3664 | ||
3665 | if (setgroups(0, NULL) != 0) | |
3666 | { | |
3667 | if (setgroups(1, group_list) != 0 && !unprivileged) | |
3668 | { | |
3669 | fprintf(stderr, "exim: setgroups() failed: %s\n", strerror(errno)); | |
3670 | exit(EXIT_FAILURE); | |
3671 | } | |
3672 | } | |
3673 | ||
3674 | /* If the configuration file name has been altered by an argument on the | |
3675 | command line (either a new file name or a macro definition) and the caller is | |
cd25e41d DW |
3676 | not root, or if this is a filter testing run, remove any setuid privilege the |
3677 | program has and run as the underlying user. | |
059ec3d9 | 3678 | |
cd25e41d DW |
3679 | The exim user is locked out of this, which severely restricts the use of -C |
3680 | for some purposes. | |
059ec3d9 PH |
3681 | |
3682 | Otherwise, set the real ids to the effective values (should be root unless run | |
3683 | from inetd, which it can either be root or the exim uid, if one is configured). | |
3684 | ||
3685 | There is a private mechanism for bypassing some of this, in order to make it | |
3686 | possible to test lots of configurations automatically, without having either to | |
3687 | recompile each time, or to patch in an actual configuration file name and other | |
3688 | values (such as the path name). If running in the test harness, pretend that | |
3689 | configuration file changes and macro definitions haven't happened. */ | |
3690 | ||
3691 | if (( /* EITHER */ | |
a7cbbf50 | 3692 | (!trusted_config || /* Config changed, or */ |
a4034eb8 | 3693 | !macros_trusted(opt_D_used)) && /* impermissible macros and */ |
059ec3d9 | 3694 | real_uid != root_uid && /* Not root, and */ |
059ec3d9 PH |
3695 | !running_in_test_harness /* Not fudged */ |
3696 | ) || /* OR */ | |
3697 | expansion_test /* expansion testing */ | |
3698 | || /* OR */ | |
f05da2e8 | 3699 | filter_test != FTEST_NONE) /* Filter testing */ |
059ec3d9 PH |
3700 | { |
3701 | setgroups(group_count, group_list); | |
3702 | exim_setugid(real_uid, real_gid, FALSE, | |
3703 | US"-C, -D, -be or -bf forces real uid"); | |
3704 | removed_privilege = TRUE; | |
3705 | ||
3706 | /* In the normal case when Exim is called like this, stderr is available | |
3707 | and should be used for any logging information because attempts to write | |
3708 | to the log will usually fail. To arrange this, we unset really_exim. However, | |
3709 | if no stderr is available there is no point - we might as well have a go | |
b7487bce | 3710 | at the log (if it fails, syslog will be written). |
059ec3d9 | 3711 | |
b7487bce PP |
3712 | Note that if the invoker is Exim, the logs remain available. Messing with |
3713 | this causes unlogged successful deliveries. */ | |
3714 | ||
3715 | if ((log_stderr != NULL) && (real_uid != exim_uid)) | |
3716 | really_exim = FALSE; | |
059ec3d9 PH |
3717 | } |
3718 | ||
3719 | /* Privilege is to be retained for the moment. It may be dropped later, | |
3720 | depending on the job that this Exim process has been asked to do. For now, set | |
3721 | the real uid to the effective so that subsequent re-execs of Exim are done by a | |
3722 | privileged user. */ | |
3723 | ||
3724 | else exim_setugid(geteuid(), getegid(), FALSE, US"forcing real = effective"); | |
3725 | ||
f05da2e8 | 3726 | /* If testing a filter, open the file(s) now, before wasting time doing other |
059ec3d9 PH |
3727 | setups and reading the message. */ |
3728 | ||
f05da2e8 PH |
3729 | if ((filter_test & FTEST_SYSTEM) != 0) |
3730 | { | |
3731 | filter_sfd = Uopen(filter_test_sfile, O_RDONLY, 0); | |
3732 | if (filter_sfd < 0) | |
3733 | { | |
3734 | fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_sfile, | |
3735 | strerror(errno)); | |
3736 | return EXIT_FAILURE; | |
3737 | } | |
3738 | } | |
3739 | ||
3740 | if ((filter_test & FTEST_USER) != 0) | |
059ec3d9 | 3741 | { |
f05da2e8 PH |
3742 | filter_ufd = Uopen(filter_test_ufile, O_RDONLY, 0); |
3743 | if (filter_ufd < 0) | |
059ec3d9 | 3744 | { |
f05da2e8 | 3745 | fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_ufile, |
059ec3d9 PH |
3746 | strerror(errno)); |
3747 | return EXIT_FAILURE; | |
3748 | } | |
3749 | } | |
3750 | ||
8829633f PP |
3751 | /* Initialise lookup_list |
3752 | If debugging, already called above via version reporting. | |
3753 | In either case, we initialise the list of available lookups while running | |
3754 | as root. All dynamically modules are loaded from a directory which is | |
3755 | hard-coded into the binary and is code which, if not a module, would be | |
3756 | part of Exim already. Ability to modify the content of the directory | |
3757 | is equivalent to the ability to modify a setuid binary! | |
3758 | ||
3759 | This needs to happen before we read the main configuration. */ | |
3760 | init_lookup_list(); | |
3761 | ||
8c5d388a | 3762 | #ifdef SUPPORT_I18N |
9d4319df JH |
3763 | if (running_in_test_harness) smtputf8_advertise_hosts = NULL; |
3764 | #endif | |
3765 | ||
059ec3d9 PH |
3766 | /* Read the main runtime configuration data; this gives up if there |
3767 | is a failure. It leaves the configuration file open so that the subsequent | |
3de973a2 | 3768 | configuration data for delivery can be read if needed. |
059ec3d9 | 3769 | |
3de973a2 HSHR |
3770 | NOTE: immediatly after opening the configuration file we change the working |
3771 | directory to "/"! Later we change to $spool_directory. We do it there, because | |
3772 | during readconf_main() some expansion takes place already. */ | |
bc3c7bb7 | 3773 | |
cd328be9 JH |
3774 | /* Store the initial cwd before we change directories. Can be NULL if the |
3775 | dir has already been unlinked. */ | |
3776 | initial_cwd = os_getcwd(NULL, 0); | |
3615fa9a | 3777 | |
34e86e20 HSHR |
3778 | /* checking: |
3779 | -be[m] expansion test - | |
3780 | -b[fF] filter test new | |
3781 | -bh[c] host test - | |
3782 | -bmalware malware_test_file new | |
3783 | -brt retry test new | |
3784 | -brw rewrite test new | |
3785 | -bt address test - | |
3786 | -bv[s] address verify - | |
3787 | list_options: | |
3788 | -bP <option> (except -bP config, which sets list_config) | |
3789 | ||
3790 | If any of these options is set, we suppress warnings about configuration | |
3791 | issues (currently about tls_advertise_hosts and keep_environment not being | |
3792 | defined) */ | |
3793 | ||
3794 | readconf_main(checking || list_options); | |
059ec3d9 | 3795 | |
32b8ce41 | 3796 | |
3de973a2 HSHR |
3797 | /* Now in directory "/" */ |
3798 | ||
bc3c7bb7 HSHR |
3799 | if (cleanup_environment() == FALSE) |
3800 | log_write(0, LOG_PANIC_DIE, "Can't cleanup environment"); | |
3801 | ||
3802 | ||
a3fb9793 PP |
3803 | /* If an action on specific messages is requested, or if a daemon or queue |
3804 | runner is being started, we need to know if Exim was called by an admin user. | |
3805 | This is the case if the real user is root or exim, or if the real group is | |
3806 | exim, or if one of the supplementary groups is exim or a group listed in | |
3807 | admin_groups. We don't fail all message actions immediately if not admin_user, | |
3808 | since some actions can be performed by non-admin users. Instead, set admin_user | |
3809 | for later interrogation. */ | |
3810 | ||
3811 | if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid) | |
3812 | admin_user = TRUE; | |
3813 | else | |
3814 | { | |
3815 | int i, j; | |
32b8ce41 JH |
3816 | for (i = 0; i < group_count && !admin_user; i++) |
3817 | if (group_list[i] == exim_gid) | |
3818 | admin_user = TRUE; | |
3819 | else if (admin_groups) | |
3820 | for (j = 1; j <= (int)admin_groups[0] && !admin_user; j++) | |
a3fb9793 | 3821 | if (admin_groups[j] == group_list[i]) |
32b8ce41 | 3822 | admin_user = TRUE; |
a3fb9793 PP |
3823 | } |
3824 | ||
3825 | /* Another group of privileged users are the trusted users. These are root, | |
3826 | exim, and any caller matching trusted_users or trusted_groups. Trusted callers | |
3827 | are permitted to specify sender_addresses with -f on the command line, and | |
3828 | other message parameters as well. */ | |
3829 | ||
3830 | if (real_uid == root_uid || real_uid == exim_uid) | |
3831 | trusted_caller = TRUE; | |
3832 | else | |
3833 | { | |
3834 | int i, j; | |
3835 | ||
32b8ce41 JH |
3836 | if (trusted_users) |
3837 | for (i = 1; i <= (int)trusted_users[0] && !trusted_caller; i++) | |
a3fb9793 | 3838 | if (trusted_users[i] == real_uid) |
32b8ce41 | 3839 | trusted_caller = TRUE; |
a3fb9793 | 3840 | |
32b8ce41 JH |
3841 | if (trusted_groups) |
3842 | for (i = 1; i <= (int)trusted_groups[0] && !trusted_caller; i++) | |
a3fb9793 PP |
3843 | if (trusted_groups[i] == real_gid) |
3844 | trusted_caller = TRUE; | |
32b8ce41 | 3845 | else for (j = 0; j < group_count && !trusted_caller; j++) |
a3fb9793 | 3846 | if (trusted_groups[i] == group_list[j]) |
32b8ce41 | 3847 | trusted_caller = TRUE; |
a3fb9793 PP |
3848 | } |
3849 | ||
f33875c3 | 3850 | /* At this point, we know if the user is privileged and some command-line |
b4a1e238 | 3851 | options become possibly impermissible, depending upon the configuration file. */ |
f33875c3 PP |
3852 | |
3853 | if (checking && commandline_checks_require_admin && !admin_user) { | |
3854 | fprintf(stderr, "exim: those command-line flags are set to require admin\n"); | |
3855 | exit(EXIT_FAILURE); | |
3856 | } | |
3857 | ||
059ec3d9 PH |
3858 | /* Handle the decoding of logging options. */ |
3859 | ||
6c6d6e48 | 3860 | decode_bits(log_selector, log_selector_size, log_notall, |
ed7f7860 | 3861 | log_selector_string, log_options, log_options_count, US"log", 0); |
059ec3d9 PH |
3862 | |
3863 | DEBUG(D_any) | |
3864 | { | |
6c6d6e48 | 3865 | int i; |