projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
When checking for a message's continued existence, exim_tidydb was not
[exim.git] / src / src / rda.c
CommitLineData
23c7ff99 1/* $Cambridge: exim/src/src/rda.c,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
7/* Copyright (c) University of Cambridge 1995 - 2004 */
8/* See the file NOTICE for conditions of use and distribution. */
9
10/* This module contains code for extracting addresses from a forwarding list
11(from an alias or forward file) or by running the filter interpreter. It may do
12this in a sub-process if a uid/gid are supplied. */
13
14
15#include "exim.h"
16
17enum { FILE_EXIST, FILE_NOT_EXIST, FILE_EXIST_UNCLEAR };
18
19#define REPLY_EXISTS 0x01
20#define REPLY_EXPAND 0x02
21#define REPLY_RETURN 0x04
22
23
24/*************************************************
25* Check string for filter program *
26*************************************************/
27
28/* This function checks whether a string is actually a filter program. The rule
29is that it must start with "# Exim filter ..." (any capitalization, spaces
30optional). It is envisaged that in future, other kinds of filter may be
31implemented. That's why it is implemented the way it is. The function is global
32because it is also called from filter.c when checking filters.
33
34Argument: the string
35
36Returns: FILTER_EXIM if it starts with "# Exim filter"
37 FILTER_SIEVE if it starts with "# Sieve filter"
38 FILTER_FORWARD otherwise
39*/
40
41/* This is an auxiliary function for matching a tag. */
42
43static BOOL
44match_tag(const uschar *s, const uschar *tag)
45{
46for (; *tag != 0; s++, tag++)
47 {
48 if (*tag == ' ')
49 {
50 while (*s == ' ' || *s == '\t') s++;
51 s--;
52 }
53 else if (tolower(*s) != tolower(*tag)) break;
54 }
55return (*tag == 0);
56}
57
58/* This is the real function. It should be easy to add checking different
59tags for other types of filter. */
60
61int
62rda_is_filter(const uschar *s)
63{
64while (isspace(*s)) s++; /* Skips initial blank lines */
65if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
66 else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
67 else return FILTER_FORWARD;
68}
69
70
71
72
73/*************************************************
74* Check for existence of file *
75*************************************************/
76
77/* First of all, we stat the file. If this fails, we try to stat the enclosing
78directory, because a file in an unmounted NFS directory will look the same as a
79non-existent file. It seems that in Solaris 2.6, statting an entry in an
80indirect map that is currently unmounted does not cause the mount to happen.
81Instead, dummy data is returned, which defeats the whole point of this test.
82However, if a stat() is done on some object inside the directory, such as the
83"." back reference to itself, then the mount does occur. If an NFS host is
84taken offline, it is possible for the stat() to get stuck until it comes back.
85To guard against this, stick a timer round it. If we can't access the "."
86inside the directory, try the plain directory, just in case that helps.
87
88Argument:
89 filename the file name
90 error for message on error
91
92Returns: FILE_EXIST the file exists
93 FILE_NOT_EXIST the file does not exist
94 FILE_EXIST_UNCLEAR cannot determine existence
95*/
96
97static int
98rda_exists(uschar *filename, uschar **error)
99{
100int rc, saved_errno;
101uschar *slash;
102struct stat statbuf;
103
104if ((rc = Ustat(filename, &statbuf)) >= 0) return FILE_EXIST;
105saved_errno = errno;
106
107Ustrncpy(big_buffer, filename, big_buffer_size - 3);
108sigalrm_seen = FALSE;
109
110if (saved_errno == ENOENT)
111 {
112 slash = Ustrrchr(big_buffer, '/');
113 Ustrcpy(slash+1, ".");
114
115 alarm(30);
116 rc = Ustat(big_buffer, &statbuf);
117 if (rc != 0 && errno == EACCES && !sigalrm_seen)
118 {
119 *slash = 0;
120 rc = Ustat(big_buffer, &statbuf);
121 }
122 saved_errno = errno;
123 alarm(0);
124
125 DEBUG(D_route) debug_printf("stat(%s)=%d\n", big_buffer, rc);
126 }
127
128if (sigalrm_seen || rc != 0)
129 {
130 *error = string_sprintf("failed to stat %s (%s)", big_buffer,
131 sigalrm_seen? "timeout" : strerror(saved_errno));
132 return FILE_EXIST_UNCLEAR;
133 }
134
135*error = string_sprintf("%s does not exist", filename);
136DEBUG(D_route) debug_printf("%s\n", *error);
137return FILE_NOT_EXIST;
138}
139
140
141
142/*************************************************
143* Get forwarding list from a file *
144*************************************************/
145
146/* Open a file and read its entire contents into a block of memory. Certain
147opening errors are optionally treated the same as "file does not exist".
148
149ENOTDIR means that something along the line is not a directory: there are
150installations that set home directories to be /dev/null for non-login accounts
151but in normal circumstances this indicates some kind of configuration error.
152
153EACCES means there's a permissions failure. Some users turn off read permission
154on a .forward file to suspend forwarding, but this is probably an error in any
155kind of mailing list processing.
156
157The redirect block that contains the file name also contains constraints such
158as who may own the file, and mode bits that must not be set. This function is
159
160Arguments:
161 rdata rdirect block, containing file name and constraints
162 options for the RDO_ENOTDIR and RDO_EACCES options
163 error where to put an error message
164 yield what to return from rda_interpret on error
165
166Returns: pointer to string in store; NULL on error
167*/
168
169static uschar *
170rda_get_file_contents(redirect_block *rdata, int options, uschar **error,
171 int *yield)
172{
173FILE *fwd;
174uschar *filebuf;
175uschar *filename = rdata->string;
176BOOL uid_ok = !rdata->check_owner;
177BOOL gid_ok = !rdata->check_group;
178struct stat statbuf;
179
180/* Attempt to open the file. If it appears not to exist, check up on the
181containing directory by statting it. If the directory does not exist, we treat
182this situation as an error (which will cause delivery to defer); otherwise we
183pass back FF_NONEXIST, which causes the redirect router to decline.
184
185However, if the ignore_enotdir option is set (to ignore "something on the
186path is not a directory" errors), the right behaviour seems to be not to do the
187directory test. */
188
189fwd = Ufopen(filename, "rb");
190if (fwd == NULL)
191 {
192 switch(errno)
193 {
194 case ENOENT: /* File does not exist */
195 DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
196 filename,
197 ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
198 *yield = (((options & RDO_ENOTDIR) != 0) ||
199 rda_exists(filename, error) == FILE_NOT_EXIST)?
200 FF_NONEXIST : FF_ERROR;
201 return NULL;
202
203 case ENOTDIR: /* Something on the path isn't a directory */
204 if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
205 DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
206 "exist\n", filename);
207 *yield = FF_NONEXIST;
208 return NULL;
209
210 case EACCES: /* Permission denied */
211 if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
212 DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
213 "exist\n", filename);
214 *yield = FF_NONEXIST;
215 return NULL;
216
217 DEFAULT_ERROR:
218 default:
219 *error = string_open_failed(errno, "%s", filename);
220 *yield = FF_ERROR;
221 return NULL;
222 }
223 }
224
225/* Check that we have a regular file. */
226
227if (fstat(fileno(fwd), &statbuf) != 0)
228 {
229 *error = string_sprintf("failed to stat %s: %s", filename, strerror(errno));
230 goto ERROR_RETURN;
231 }
232
233if ((statbuf.st_mode & S_IFMT) != S_IFREG)
234 {
235 *error = string_sprintf("%s is not a regular file", filename);
236 goto ERROR_RETURN;
237 }
238
239/* Check for unwanted mode bits */
240
241if ((statbuf.st_mode & rdata->modemask) != 0)
242 {
243 *error = string_sprintf("bad mode (0%o) for %s: 0%o bit(s) unexpected",
244 statbuf.st_mode, filename, statbuf.st_mode & rdata->modemask);
245 goto ERROR_RETURN;
246 }
247
248/* Check the file owner and file group if required to do so. */
249
250if (!uid_ok)
251 {
252 if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
253 uid_ok = TRUE;
254 else if (rdata->owners != NULL)
255 {
256 int i;
257 for (i = 1; i <= (int)(rdata->owners[0]); i++)
258 if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
259 }
260 }
261
262if (!gid_ok)
263 {
264 if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
265 gid_ok = TRUE;
266 else if (rdata->owngroups != NULL)
267 {
268 int i;
269 for (i = 1; i <= (int)(rdata->owngroups[0]); i++)
270 if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
271 }
272 }
273
274if (!uid_ok || !gid_ok)
275 {
276 *error = string_sprintf("bad %s for %s", uid_ok? "group" : "owner", filename);
277 goto ERROR_RETURN;
278 }
279
280/* Put an upper limit on the size of the file, just to stop silly people
281feeding in ridiculously large files, which can easily be created by making
282files that have holes in them. */
283
284if (statbuf.st_size > MAX_FILTER_SIZE)
285 {
286 *error = string_sprintf("%s is too big (max %d)", filename, MAX_FILTER_SIZE);
287 goto ERROR_RETURN;
288 }
289
290/* Read the file in one go in order to minimize the time we have it open. */
291
292filebuf = store_get(statbuf.st_size + 1);
293
294if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
295 {
296 *error = string_sprintf("error while reading %s: %s",
297 filename, strerror(errno));
298 goto ERROR_RETURN;
299 }
300filebuf[statbuf.st_size] = 0;
301
302/* Don't pass statbuf.st_size directly to debug_printf. On some systems it
303is a long, which may not be the same as an int. */
304
305DEBUG(D_route)
306 {
307 int size = (int)statbuf.st_size;
308 debug_printf("%d bytes read from %s\n", size, filename);
309 }
310
311fclose(fwd);
312return filebuf;
313
314/* Return an error: the string is already set up. */
315
316ERROR_RETURN:
317*yield = FF_ERROR;
318fclose(fwd);
319return NULL;
320}
321
322
323
324/*************************************************
325* Extract info from list or filter *
326*************************************************/
327
328/* This function calls the appropriate function to extract addresses from a
329forwarding list, or to run a filter file and get addresses from there.
330
331Arguments:
332 rdata the redirection block
333 options the options bits
334 include_directory restrain to this directory
335 sieve_vacation_directory passed to sieve_interpret
336 generated where to hang generated addresses
337 error for error messages
338 eblockp for details of skipped syntax errors
339 (NULL => no skip)
340 filtertype set to the filter type:
341 FILTER_FORWARD => a traditional .forward file
342 FILTER_EXIM => an Exim filter file
343 FILTER_SIEVE => a Sieve filter file
344 a system filter is always forced to be FILTER_EXIM
345
346Returns: a suitable return for rda_interpret()
347*/
348
349static int
350rda_extract(redirect_block *rdata, int options, uschar *include_directory,
351 uschar *sieve_vacation_directory, address_item **generated, uschar **error,
352 error_block **eblockp, int *filtertype)
353{
354uschar *data;
355
356if (rdata->isfile)
357 {
358 int yield;
359 data = rda_get_file_contents(rdata, options, error, &yield);
360 if (data == NULL) return yield;
361 }
362else data = rdata->string;
363
364*filtertype = system_filtering? FILTER_EXIM : rda_is_filter(data);
365
366/* Filter interpretation is done by a general function that is also called from
367the filter testing option (-bf). There are two versions: one for Exim filtering
368and one for Sieve filtering. Several features of string expansion may be locked
369out at sites that don't trust users. This is done by setting flags in
370expand_forbid that the expander inspects. */
371
372if (*filtertype != FILTER_FORWARD)
373 {
374 int frc;
375 int old_expand_forbid = expand_forbid;
376
23c7ff99
PH		 377 DEBUG(D_route) debug_printf("data is %s filter program\n",
378 (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve");
379
380 /* RDO_FILTER is an "allow" bit */
381
059ec3d9
PH		 382 if ((options & RDO_FILTER) == 0)
383 {
384 *error = US"filtering not enabled";
385 return FF_ERROR;
386 }
387
059ec3d9
PH		 388 expand_forbid =
389 (expand_forbid & ~RDO_FILTER_EXPANSIONS) |
390 (options & RDO_FILTER_EXPANSIONS);
23c7ff99
PH		 391
392 /* RDO_{EXIM,SIEVE}_FILTER are forbid bits */
393
394 if (*filtertype == FILTER_EXIM)
395 {
396 if ((options & RDO_EXIM_FILTER) != 0)
397 {
398 *error = US"Exim filtering not enabled";
399 return FF_ERROR;
400 }
401 frc = filter_interpret(data, options, generated, error);
402 }
403 else
404 {
405 if ((options & RDO_SIEVE_FILTER) != 0)
406 {
407 *error = US"Sieve filtering not enabled";
408 return FF_ERROR;
409 }
410 frc = sieve_interpret(data, options, sieve_vacation_directory, generated,
411 error);
412 }
059ec3d9
PH		 413
414 expand_forbid = old_expand_forbid;
415 return frc;
416 }
417
418/* Not a filter script */
419
420DEBUG(D_route) debug_printf("file is not a filter file\n");
421
422return parse_forward_list(data,
423 options, /* specials that are allowed */
424 generated, /* where to hang them */
425 error, /* for errors */
426 deliver_domain, /* to qualify \name */
427 include_directory, /* restrain to directory */
428 eblockp); /* for skipped syntax errors */
429}
430
431
432
433
434/*************************************************
435* Write string down pipe *
436*************************************************/
437
438/* This function is used for tranferring a string down a pipe between
439processes. If the pointer is NULL, a length of zero is written.
440
441Arguments:
442 fd the pipe
443 s the string
444
445Returns: nothing
446*/
447
448static void
449rda_write_string(int fd, uschar *s)
450{
451int len = (s == NULL)? 0 : Ustrlen(s) + 1;
452write(fd, &len, sizeof(int));
453if (s != NULL) write(fd, s, len);
454}
455
456
457
458/*************************************************
459* Read string from pipe *
460*************************************************/
461
462/* This function is used for receiving a string from a pipe.
463
464Arguments:
465 fd the pipe
466 sp where to put the string
467
468Returns: FALSE if data missing
469*/
470
471static BOOL
472rda_read_string(int fd, uschar **sp)
473{
474int len;
475
476if (read(fd, &len, sizeof(int)) != sizeof(int)) return FALSE;
477if (len == 0) *sp = NULL; else
478 {
479 *sp = store_get(len);
480 if (read(fd, *sp, len) != len) return FALSE;
481 }
482return TRUE;
483}
484
485
486
487/*************************************************
488* Interpret forward list or filter *
489*************************************************/
490
491/* This function is passed a forward list string (unexpanded) or the name of a
492file (unexpanded) whose contents are the forwarding list. The list may in fact
493be a filter program if it starts with "#Exim filter" or "#Sieve filter". Other
494types of filter, with different inital tag strings, may be introduced in due
495course.
496
497The job of the function is to process the forwarding list or filter. It is
498pulled out into this separate function, because it is used for system filter
499files as well as from the redirect router.
500
501If the function is given a uid/gid, it runs a subprocess that passes the
502results back via a pipe. This provides security for things like :include:s in
503users' .forward files, and "logwrite" calls in users' filter files. A
504sub-process is NOT used when:
505
506 . No uid/gid is provided
507 . The input is a string which is not a filter string, and does not contain
508 :include:
509 . The input is a file whose non-existence can be detected in the main
510 process (which is usually running as root).
511
512Arguments:
513 rdata redirect data (file + constraints, or data string)
514 options options to pass to the extraction functions,
515 plus ENOTDIR and EACCES handling bits
516 include_directory restrain :include: to this directory
517 sieve_vacation_directory directory passed to sieve_interpret()
518 ugid uid/gid to run under - if NULL, no change
519 generated where to hang generated addresses, initially NULL
520 error pointer for error message
521 eblockp for skipped syntax errors; NULL if no skipping
522 filtertype set to the type of file:
523 FILTER_FORWARD => traditional .forward file
524 FILTER_EXIM => an Exim filter file
525 FILTER_SIEVE => a Sieve filter file
526 a system filter is always forced to be FILTER_EXIM
527 rname router name for error messages in the format
528 "xxx router" or "system filter"
529
530Returns: values from extraction function, or FF_NONEXIST:
531 FF_DELIVERED success, a significant action was taken
532 FF_NOTDELIVERED success, no significant action
533 FF_BLACKHOLE :blackhole:
534 FF_DEFER defer requested
535 FF_FAIL fail requested
536 FF_INCLUDEFAIL some problem with :include:
537 FF_FREEZE freeze requested
538 FF_ERROR there was a problem
539 FF_NONEXIST the file does not exist
540*/
541
542int
543rda_interpret(redirect_block *rdata, int options, uschar *include_directory,
544 uschar *sieve_vacation_directory, ugid_block *ugid, address_item **generated,
545 uschar **error, error_block **eblockp, int *filtertype, uschar *rname)
546{
547int fd, rc, pfd[2];
548int yield, status;
549BOOL had_disaster = FALSE;
550pid_t pid;
551uschar *data;
552uschar *readerror = US"";
553void (*oldsignal)(int);
554
555DEBUG(D_route) debug_printf("rda_interpret (%s): %s\n",
556 (rdata->isfile)? "file" : "string", rdata->string);
557
558/* Do the expansions of the file name or data first, while still privileged. */
559
560data = expand_string(rdata->string);
561if (data == NULL)
562 {
563 if (expand_string_forcedfail) return FF_NOTDELIVERED;
564 *error = string_sprintf("failed to expand \"%s\": %s", rdata->string,
565 expand_string_message);
566 return FF_ERROR;
567 }
568rdata->string = data;
569
570DEBUG(D_route) debug_printf("expanded: %s\n", data);
571
572if (rdata->isfile && data[0] != '/')
573 {
574 *error = string_sprintf("\"%s\" is not an absolute path", data);
575 return FF_ERROR;
576 }
577
578/* If no uid/gid are supplied, or if we have a data string which does not start
579with #Exim filter or #Sieve filter, and does not contain :include:, do all the
580work in this process. Note that for a system filter, we always have a file, so
581the work is done in this process only if no user is supplied. */
582
583if (!ugid->uid_set || /* Either there's no uid, or */
584 (!rdata->isfile && /* We've got the data, and */
585 rda_is_filter(data) == FILTER_FORWARD && /* It's not a filter script, */
586 Ustrstr(data, ":include:") == NULL)) /* and there's no :include: */
587 {
588 return rda_extract(rdata, options, include_directory,
589 sieve_vacation_directory, generated, error, eblockp, filtertype);
590 }
591
592/* We need to run the processing code in a sub-process. However, if we can
593determine the non-existence of a file first, we can decline without having to
594create the sub-process. */
595
596if (rdata->isfile && rda_exists(data, error) == FILE_NOT_EXIST)
597 return FF_NONEXIST;
598
599/* If the file does exist, or we can't tell (non-root mounted NFS directory)
600we have to create the subprocess to do everything as the given user. The
601results of processing are passed back via a pipe. */
602
603if (pipe(pfd) != 0)
604 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "creation of pipe for filter or "
605 ":include: failed for %s: %s", rname, strerror(errno));
606
607/* Ensure that SIGCHLD is set to SIG_DFL before forking, so that the child
608process can be waited for. We sometimes get here with it set otherwise. Save
609the old state for resetting on the wait. */
610
611oldsignal = signal(SIGCHLD, SIG_DFL);
612if ((pid = fork()) == 0)
613 {
614 header_line *waslast = header_last; /* Save last header */
615
616 fd = pfd[pipe_write];
617 close(pfd[pipe_read]);
618 exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
619
620 /* Addresses can get rewritten in filters; if we are not root or the exim
621 user (and we probably are not), turn off rewrite logging, because we cannot
622 write to the log now. */
623
624 if (ugid->uid != root_uid && ugid->uid != exim_uid)
625 {
626 DEBUG(D_rewrite) debug_printf("turned off address rewrite logging (not "
627 "root or exim in this process)\n");
628 log_write_selector &= ~L_address_rewrite;
629 }
630
631 /* Now do the business */
632
633 yield = rda_extract(rdata, options, include_directory,
634 sieve_vacation_directory, generated, error, eblockp, filtertype);
635
636 /* Pass back whether it was a filter, and the return code and any overall
637 error text via the pipe. */
638
639 write(fd, filtertype, sizeof(int));
640 write(fd, &yield, sizeof(int));
641 rda_write_string(fd, *error);
642
643 /* Pass back the contents of any syntax error blocks if we have a pointer */
644
645 if (eblockp != NULL)
646 {
647 error_block *ep;
648 for (ep = *eblockp; ep != NULL; ep = ep->next)
649 {
650 rda_write_string(fd, ep->text1);
651 rda_write_string(fd, ep->text2);
652 }
653 rda_write_string(fd, NULL); /* Indicates end of eblocks */
654 }
655
656 /* If this is a system filter, we have to pass back the numbers of any
657 original header lines that were removed, and then any header lines that were
658 added but not subsequently removed. */
659
660 if (system_filtering)
661 {
662 int i = 0;
663 header_line *h;
664 for (h = header_list; h != waslast->next; i++, h = h->next)
665 {
666 if (h->type == htype_old) write(fd, &i, sizeof(i));
667 }
668 i = -1;
669 write(fd, &i, sizeof(i));
670
671 while (waslast != header_last)
672 {
673 waslast = waslast->next;
674 if (waslast->type != htype_old)
675 {
676 rda_write_string(fd, waslast->text);
677 write(fd, &(waslast->type), sizeof(waslast->type));
678 }
679 }
680 rda_write_string(fd, NULL); /* Indicates end of added headers */
681 }
682
683 /* Write the contents of the $n variables */
684
685 write(fd, filter_n, sizeof(filter_n));
686
687 /* If the result was DELIVERED or NOTDELIVERED, we pass back the generated
688 addresses, and their associated information, through the pipe. This is
689 just tedious, but it seems to be the only safe way. We do this also for
690 FAIL and FREEZE, because a filter is allowed to set up deliveries that
691 are honoured before freezing or failing. */
692
693 if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
694 yield == FF_FAIL || yield == FF_FREEZE)
695 {
696 address_item *addr;
697 for (addr = *generated; addr != NULL; addr = addr->next)
698 {
699 int reply_options = 0;
700
701 rda_write_string(fd, addr->address);
702 write(fd, &(addr->mode), sizeof(addr->mode));
703 write(fd, &(addr->flags), sizeof(addr->flags));
704 rda_write_string(fd, addr->p.errors_address);
705
706 if (addr->pipe_expandn != NULL)
707 {
708 uschar **pp;
709 for (pp = addr->pipe_expandn; *pp != NULL; pp++)
710 rda_write_string(fd, *pp);
711 }
712 rda_write_string(fd, NULL);
713
714 if (addr->reply == NULL)
715 write(fd, &reply_options, sizeof(int)); /* 0 means no reply */
716 else
717 {
718 reply_options |= REPLY_EXISTS;
719 if (addr->reply->file_expand) reply_options |= REPLY_EXPAND;
720 if (addr->reply->return_message) reply_options |= REPLY_RETURN;
721 write(fd, &reply_options, sizeof(int));
722 write(fd, &(addr->reply->expand_forbid), sizeof(int));
723 write(fd, &(addr->reply->once_repeat), sizeof(time_t));
724 rda_write_string(fd, addr->reply->to);
725 rda_write_string(fd, addr->reply->cc);
726 rda_write_string(fd, addr->reply->bcc);
727 rda_write_string(fd, addr->reply->from);
728 rda_write_string(fd, addr->reply->reply_to);
729 rda_write_string(fd, addr->reply->subject);
730 rda_write_string(fd, addr->reply->headers);
731 rda_write_string(fd, addr->reply->text);
732 rda_write_string(fd, addr->reply->file);
733 rda_write_string(fd, addr->reply->logfile);
734 rda_write_string(fd, addr->reply->oncelog);
735 }
736 }
737
738 rda_write_string(fd, NULL); /* Marks end of addresses */
739 }
740
741 /* OK, this process is now done. Must use _exit() and not exit() !! */
742
743 close(fd);
744 _exit(0);
745 }
746
747/* Back in the main process: panic if the fork did not succeed. */
748
749if (pid < 0)
750 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for %s", rname);
751
752/* Read the pipe to get the data from the filter/forward. Our copy of the
753writing end must be closed first, as otherwise read() won't return zero on an
754empty pipe. Afterwards, close the reading end. */
755
756close(pfd[pipe_write]);
757
758/* Read initial data, including yield and contents of *error */
759
760fd = pfd[pipe_read];
761if (read(fd, filtertype, sizeof(int)) != sizeof(int) ||
762 read(fd, &yield, sizeof(int)) != sizeof(int) ||
763 !rda_read_string(fd, error)) goto DISASTER;
764
765DEBUG(D_route)
766 debug_printf("rda_interpret: subprocess yield=%d error=%s\n", yield, *error);
767
768/* Read the contents of any syntax error blocks if we have a pointer */
769
770if (eblockp != NULL)
771 {
772 uschar *s;
773 error_block *e;
774 error_block **p = eblockp;
775 for (;;)
776 {
777 if (!rda_read_string(fd, &s)) goto DISASTER;
778 if (s == NULL) break;
779 e = store_get(sizeof(error_block));
780 e->next = NULL;
781 e->text1 = s;
782 if (!rda_read_string(fd, &s)) goto DISASTER;
783 e->text2 = s;
784 *p = e;
785 p = &(e->next);
786 }
787 }
788
789/* If this is a system filter, read the identify of any original header lines
790that were removed, and then read data for any new ones that were added. */
791
792if (system_filtering)
793 {
794 int hn = 0;
795 header_line *h = header_list;
796
797 for (;;)
798 {
799 int n;
800 if (read(fd, &n, sizeof(int)) != sizeof(int)) goto DISASTER;
801 if (n < 0) break;
802 while (hn < n)
803 {
804 hn++;
805 h = h->next;
806 if (h == NULL) goto DISASTER_NO_HEADER;
807 }
808 h->type = htype_old;
809 }
810
811 for (;;)
812 {
813 uschar *s;
814 int type;
815 if (!rda_read_string(fd, &s)) goto DISASTER;
816 if (s == NULL) break;
817 if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER;
818 header_add(type, "%s", s);
819 }
820 }
821
822/* Read the values of the $n variables */
823
824if (read(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n)) goto DISASTER;
825
826/* If the yield is DELIVERED, NOTDELIVERED, FAIL, or FREEZE there may follow
827addresses and data to go with them. Keep them in the same order in the
828generated chain. */
829
830if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
831 yield == FF_FAIL || yield == FF_FREEZE)
832 {
833 address_item **nextp = generated;
834
835 for (;;)
836 {
837 int i, reply_options;
838 address_item *addr;
839 uschar *recipient;
840 uschar *expandn[EXPAND_MAXN + 2];
841
842 /* First string is the address; NULL => end of addresses */
843
844 if (!rda_read_string(fd, &recipient)) goto DISASTER;
845 if (recipient == NULL) break;
846
847 /* Hang on the end of the chain */
848
849 addr = deliver_make_addr(recipient, FALSE);
850 *nextp = addr;
851 nextp = &(addr->next);
852
853 /* Next comes the mode and the flags fields */
854
855 if (read(fd, &(addr->mode), sizeof(addr->mode)) != sizeof(addr->mode) ||
856 read(fd, &(addr->flags), sizeof(addr->flags)) != sizeof(addr->flags) ||
857 !rda_read_string(fd, &(addr->p.errors_address))) goto DISASTER;
858
859 /* Next comes a possible setting for $thisaddress and any numerical
860 variables for pipe expansion, terminated by a NULL string. The maximum
861 number of numericals is EXPAND_MAXN. Note that we put filter_thisaddress
862 into the zeroth item in the vector - this is sorted out inside the pipe
863 transport. */
864
865 for (i = 0; i < EXPAND_MAXN + 1; i++)
866 {
867 uschar *temp;
868 if (!rda_read_string(fd, &temp)) goto DISASTER;
869 if (i == 0) filter_thisaddress = temp; /* Just in case */
870 expandn[i] = temp;
871 if (temp == NULL) break;
872 }
873
874 if (i > 0)
875 {
876 addr->pipe_expandn = store_get((i+1) * sizeof(uschar **));
877 addr->pipe_expandn[i] = NULL;
878 while (--i >= 0) addr->pipe_expandn[i] = expandn[i];
879 }
880
881 /* Then an int containing reply options; zero => no reply data. */
882
883 if (read(fd, &reply_options, sizeof(int)) != sizeof(int)) goto DISASTER;
884 if ((reply_options & REPLY_EXISTS) != 0)
885 {
886 addr->reply = store_get(sizeof(reply_item));
887
888 addr->reply->file_expand = (reply_options & REPLY_EXPAND) != 0;
889 addr->reply->return_message = (reply_options & REPLY_RETURN) != 0;
890
891 if (read(fd,&(addr->reply->expand_forbid),sizeof(int)) !=
892 sizeof(int) ||
893 read(fd,&(addr->reply->once_repeat),sizeof(time_t)) !=
894 sizeof(time_t) ||
895 !rda_read_string(fd, &(addr->reply->to)) ||
896 !rda_read_string(fd, &(addr->reply->cc)) ||
897 !rda_read_string(fd, &(addr->reply->bcc)) ||
898 !rda_read_string(fd, &(addr->reply->from)) ||
899 !rda_read_string(fd, &(addr->reply->reply_to)) ||
900 !rda_read_string(fd, &(addr->reply->subject)) ||
901 !rda_read_string(fd, &(addr->reply->headers)) ||
902 !rda_read_string(fd, &(addr->reply->text)) ||
903 !rda_read_string(fd, &(addr->reply->file)) ||
904 !rda_read_string(fd, &(addr->reply->logfile)) ||
905 !rda_read_string(fd, &(addr->reply->oncelog)))
906 goto DISASTER;
907 }
908 }
909 }
910
911/* All data has been transferred from the sub-process. Reap it, close the
912reading end of the pipe, and we are done. */
913
914WAIT_EXIT:
915while ((rc = wait(&status)) != pid)
916 {
917 if (rc < 0 && errno == ECHILD) /* Process has vanished */
918 {
919 log_write(0, LOG_MAIN, "redirection process %d vanished unexpectedly", pid);
920 goto FINAL_EXIT;
921 }
922 }
923
924if (had_disaster)
925 {
926 *error = string_sprintf("internal problem in %s: failure to transfer "
927 "data from subprocess: status=%04x%s%s%s", rname,
928 status, readerror,
929 (*error == NULL)? US"" : US": error=",
930 (*error == NULL)? US"" : *error);
931 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error);
932 }
933else if (status != 0)
934 {
935 log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status "
936 "%04x from redirect subprocess (but data correctly received)", rname,
937 status);
938 }
939
940FINAL_EXIT:
941close(fd);
942signal(SIGCHLD, oldsignal); /* restore */
943return yield;
944
945
946/* Come here if the data indicates removal of a header that we can't find */
947
948DISASTER_NO_HEADER:
949readerror = US" readerror=bad header identifier";
950had_disaster = TRUE;
951yield = FF_ERROR;
952goto WAIT_EXIT;
953
954/* Come here is there's a shambles in transferring the data over the pipe. The
955value of errno should still be set. */
956
957DISASTER:
958readerror = string_sprintf(" readerror='%s'", strerror(errno));
959had_disaster = TRUE;
960yield = FF_ERROR;
961goto WAIT_EXIT;
962}
963
964/* End of rda.c */
Unnamed repository; edit this file 'description' to name the repository.