projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Various SASL fixes.
[exim.git] / src / src / rda.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
0a49a7a4 5/* Copyright (c) University of Cambridge 1995 - 2009 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* This module contains code for extracting addresses from a forwarding list
9(from an alias or forward file) or by running the filter interpreter. It may do
10this in a sub-process if a uid/gid are supplied. */
11
12
13#include "exim.h"
14
15enum { FILE_EXIST, FILE_NOT_EXIST, FILE_EXIST_UNCLEAR };
16
17#define REPLY_EXISTS 0x01
18#define REPLY_EXPAND 0x02
19#define REPLY_RETURN 0x04
20
21
22/*************************************************
23* Check string for filter program *
24*************************************************/
25
26/* This function checks whether a string is actually a filter program. The rule
27is that it must start with "# Exim filter ..." (any capitalization, spaces
28optional). It is envisaged that in future, other kinds of filter may be
29implemented. That's why it is implemented the way it is. The function is global
30because it is also called from filter.c when checking filters.
31
32Argument: the string
33
34Returns: FILTER_EXIM if it starts with "# Exim filter"
35 FILTER_SIEVE if it starts with "# Sieve filter"
36 FILTER_FORWARD otherwise
37*/
38
39/* This is an auxiliary function for matching a tag. */
40
41static BOOL
42match_tag(const uschar *s, const uschar *tag)
43{
44for (; *tag != 0; s++, tag++)
45 {
46 if (*tag == ' ')
47 {
48 while (*s == ' ' || *s == '\t') s++;
49 s--;
50 }
51 else if (tolower(*s) != tolower(*tag)) break;
52 }
53return (*tag == 0);
54}
55
56/* This is the real function. It should be easy to add checking different
57tags for other types of filter. */
58
59int
60rda_is_filter(const uschar *s)
61{
62while (isspace(*s)) s++; /* Skips initial blank lines */
63if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
64 else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
65 else return FILTER_FORWARD;
66}
67
68
69
70
71/*************************************************
72* Check for existence of file *
73*************************************************/
74
75/* First of all, we stat the file. If this fails, we try to stat the enclosing
76directory, because a file in an unmounted NFS directory will look the same as a
77non-existent file. It seems that in Solaris 2.6, statting an entry in an
78indirect map that is currently unmounted does not cause the mount to happen.
79Instead, dummy data is returned, which defeats the whole point of this test.
80However, if a stat() is done on some object inside the directory, such as the
81"." back reference to itself, then the mount does occur. If an NFS host is
82taken offline, it is possible for the stat() to get stuck until it comes back.
83To guard against this, stick a timer round it. If we can't access the "."
84inside the directory, try the plain directory, just in case that helps.
85
86Argument:
87 filename the file name
88 error for message on error
89
90Returns: FILE_EXIST the file exists
91 FILE_NOT_EXIST the file does not exist
92 FILE_EXIST_UNCLEAR cannot determine existence
93*/
94
95static int
96rda_exists(uschar *filename, uschar **error)
97{
98int rc, saved_errno;
99uschar *slash;
100struct stat statbuf;
101
102if ((rc = Ustat(filename, &statbuf)) >= 0) return FILE_EXIST;
103saved_errno = errno;
104
105Ustrncpy(big_buffer, filename, big_buffer_size - 3);
106sigalrm_seen = FALSE;
107
108if (saved_errno == ENOENT)
109 {
110 slash = Ustrrchr(big_buffer, '/');
111 Ustrcpy(slash+1, ".");
112
113 alarm(30);
114 rc = Ustat(big_buffer, &statbuf);
115 if (rc != 0 && errno == EACCES && !sigalrm_seen)
116 {
117 *slash = 0;
118 rc = Ustat(big_buffer, &statbuf);
119 }
120 saved_errno = errno;
121 alarm(0);
122
123 DEBUG(D_route) debug_printf("stat(%s)=%d\n", big_buffer, rc);
124 }
125
126if (sigalrm_seen || rc != 0)
127 {
128 *error = string_sprintf("failed to stat %s (%s)", big_buffer,
129 sigalrm_seen? "timeout" : strerror(saved_errno));
130 return FILE_EXIST_UNCLEAR;
131 }
132
133*error = string_sprintf("%s does not exist", filename);
134DEBUG(D_route) debug_printf("%s\n", *error);
135return FILE_NOT_EXIST;
136}
137
138
139
140/*************************************************
141* Get forwarding list from a file *
142*************************************************/
143
144/* Open a file and read its entire contents into a block of memory. Certain
145opening errors are optionally treated the same as "file does not exist".
146
147ENOTDIR means that something along the line is not a directory: there are
148installations that set home directories to be /dev/null for non-login accounts
149but in normal circumstances this indicates some kind of configuration error.
150
151EACCES means there's a permissions failure. Some users turn off read permission
152on a .forward file to suspend forwarding, but this is probably an error in any
153kind of mailing list processing.
154
155The redirect block that contains the file name also contains constraints such
156as who may own the file, and mode bits that must not be set. This function is
157
158Arguments:
159 rdata rdirect block, containing file name and constraints
160 options for the RDO_ENOTDIR and RDO_EACCES options
161 error where to put an error message
162 yield what to return from rda_interpret on error
163
164Returns: pointer to string in store; NULL on error
165*/
166
167static uschar *
168rda_get_file_contents(redirect_block *rdata, int options, uschar **error,
169 int *yield)
170{
171FILE *fwd;
172uschar *filebuf;
173uschar *filename = rdata->string;
174BOOL uid_ok = !rdata->check_owner;
175BOOL gid_ok = !rdata->check_group;
176struct stat statbuf;
177
178/* Attempt to open the file. If it appears not to exist, check up on the
179containing directory by statting it. If the directory does not exist, we treat
180this situation as an error (which will cause delivery to defer); otherwise we
181pass back FF_NONEXIST, which causes the redirect router to decline.
182
183However, if the ignore_enotdir option is set (to ignore "something on the
184path is not a directory" errors), the right behaviour seems to be not to do the
185directory test. */
186
187fwd = Ufopen(filename, "rb");
188if (fwd == NULL)
189 {
190 switch(errno)
191 {
192 case ENOENT: /* File does not exist */
193 DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
194 filename,
195 ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
196 *yield = (((options & RDO_ENOTDIR) != 0) ||
197 rda_exists(filename, error) == FILE_NOT_EXIST)?
198 FF_NONEXIST : FF_ERROR;
199 return NULL;
200
201 case ENOTDIR: /* Something on the path isn't a directory */
202 if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
203 DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
204 "exist\n", filename);
205 *yield = FF_NONEXIST;
206 return NULL;
207
208 case EACCES: /* Permission denied */
209 if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
210 DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
211 "exist\n", filename);
212 *yield = FF_NONEXIST;
213 return NULL;
214
215 DEFAULT_ERROR:
216 default:
217 *error = string_open_failed(errno, "%s", filename);
218 *yield = FF_ERROR;
219 return NULL;
220 }
221 }
222
223/* Check that we have a regular file. */
224
225if (fstat(fileno(fwd), &statbuf) != 0)
226 {
227 *error = string_sprintf("failed to stat %s: %s", filename, strerror(errno));
228 goto ERROR_RETURN;
229 }
230
231if ((statbuf.st_mode & S_IFMT) != S_IFREG)
232 {
233 *error = string_sprintf("%s is not a regular file", filename);
234 goto ERROR_RETURN;
235 }
236
237/* Check for unwanted mode bits */
238
239if ((statbuf.st_mode & rdata->modemask) != 0)
240 {
241 *error = string_sprintf("bad mode (0%o) for %s: 0%o bit(s) unexpected",
242 statbuf.st_mode, filename, statbuf.st_mode & rdata->modemask);
243 goto ERROR_RETURN;
244 }
245
246/* Check the file owner and file group if required to do so. */
247
248if (!uid_ok)
249 {
250 if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
251 uid_ok = TRUE;
252 else if (rdata->owners != NULL)
253 {
254 int i;
255 for (i = 1; i <= (int)(rdata->owners[0]); i++)
256 if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
257 }
258 }
259
260if (!gid_ok)
261 {
262 if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
263 gid_ok = TRUE;
264 else if (rdata->owngroups != NULL)
265 {
266 int i;
267 for (i = 1; i <= (int)(rdata->owngroups[0]); i++)
268 if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
269 }
270 }
271
272if (!uid_ok || !gid_ok)
273 {
274 *error = string_sprintf("bad %s for %s", uid_ok? "group" : "owner", filename);
275 goto ERROR_RETURN;
276 }
277
278/* Put an upper limit on the size of the file, just to stop silly people
279feeding in ridiculously large files, which can easily be created by making
280files that have holes in them. */
281
282if (statbuf.st_size > MAX_FILTER_SIZE)
283 {
284 *error = string_sprintf("%s is too big (max %d)", filename, MAX_FILTER_SIZE);
285 goto ERROR_RETURN;
286 }
287
288/* Read the file in one go in order to minimize the time we have it open. */
289
290filebuf = store_get(statbuf.st_size + 1);
291
292if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
293 {
294 *error = string_sprintf("error while reading %s: %s",
295 filename, strerror(errno));
296 goto ERROR_RETURN;
297 }
298filebuf[statbuf.st_size] = 0;
299
059ec3d9 300DEBUG(D_route)
b1c749bb 301 debug_printf(OFF_T_FMT " bytes read from %s\n", statbuf.st_size, filename);
059ec3d9 302
f1e894f3 303(void)fclose(fwd);
059ec3d9
PH		 304return filebuf;
305
306/* Return an error: the string is already set up. */
307
308ERROR_RETURN:
309*yield = FF_ERROR;
f1e894f3 310(void)fclose(fwd);
059ec3d9
PH		 311return NULL;
312}
313
314
315
316/*************************************************
317* Extract info from list or filter *
318*************************************************/
319
320/* This function calls the appropriate function to extract addresses from a
321forwarding list, or to run a filter file and get addresses from there.
322
323Arguments:
324 rdata the redirection block
325 options the options bits
326 include_directory restrain to this directory
327 sieve_vacation_directory passed to sieve_interpret
efd9a422 328 sieve_enotify_mailto_owner passed to sieve_interpret
e4a89c47
PH		 329 sieve_useraddress passed to sieve_interpret
330 sieve_subaddress passed to sieve_interpret
059ec3d9
PH		 331 generated where to hang generated addresses
332 error for error messages
333 eblockp for details of skipped syntax errors
334 (NULL => no skip)
335 filtertype set to the filter type:
336 FILTER_FORWARD => a traditional .forward file
337 FILTER_EXIM => an Exim filter file
338 FILTER_SIEVE => a Sieve filter file
339 a system filter is always forced to be FILTER_EXIM
340
341Returns: a suitable return for rda_interpret()
342*/
343
344static int
345rda_extract(redirect_block *rdata, int options, uschar *include_directory,
efd9a422
MH		 346 uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner,
347 uschar *sieve_useraddress, uschar *sieve_subaddress,
348 address_item **generated, uschar **error, error_block **eblockp,
349 int *filtertype)
059ec3d9
PH		 350{
351uschar *data;
352
353if (rdata->isfile)
354 {
91ecef39 355 int yield = 0;
059ec3d9
PH		 356 data = rda_get_file_contents(rdata, options, error, &yield);
357 if (data == NULL) return yield;
358 }
359else data = rdata->string;
360
361*filtertype = system_filtering? FILTER_EXIM : rda_is_filter(data);
362
363/* Filter interpretation is done by a general function that is also called from
364the filter testing option (-bf). There are two versions: one for Exim filtering
365and one for Sieve filtering. Several features of string expansion may be locked
366out at sites that don't trust users. This is done by setting flags in
367expand_forbid that the expander inspects. */
368
369if (*filtertype != FILTER_FORWARD)
370 {
371 int frc;
372 int old_expand_forbid = expand_forbid;
373
23c7ff99
PH		 374 DEBUG(D_route) debug_printf("data is %s filter program\n",
375 (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve");
376
377 /* RDO_FILTER is an "allow" bit */
8e669ac1 378
059ec3d9
PH		 379 if ((options & RDO_FILTER) == 0)
380 {
381 *error = US"filtering not enabled";
382 return FF_ERROR;
383 }
384
059ec3d9
PH		 385 expand_forbid =
386 (expand_forbid & ~RDO_FILTER_EXPANSIONS) |
387 (options & RDO_FILTER_EXPANSIONS);
8e669ac1 388
23c7ff99 389 /* RDO_{EXIM,SIEVE}_FILTER are forbid bits */
8e669ac1 390
23c7ff99
PH		 391 if (*filtertype == FILTER_EXIM)
392 {
393 if ((options & RDO_EXIM_FILTER) != 0)
394 {
395 *error = US"Exim filtering not enabled";
396 return FF_ERROR;
8e669ac1 397 }
23c7ff99 398 frc = filter_interpret(data, options, generated, error);
8e669ac1 399 }
23c7ff99
PH		 400 else
401 {
402 if ((options & RDO_SIEVE_FILTER) != 0)
403 {
404 *error = US"Sieve filtering not enabled";
405 return FF_ERROR;
406 }
e4a89c47 407 frc = sieve_interpret(data, options, sieve_vacation_directory,
efd9a422
MH		 408 sieve_enotify_mailto_owner, sieve_useraddress, sieve_subaddress,
409 generated, error);
8e669ac1 410 }
059ec3d9
PH		 411
412 expand_forbid = old_expand_forbid;
413 return frc;
414 }
415
416/* Not a filter script */
417
418DEBUG(D_route) debug_printf("file is not a filter file\n");
419
420return parse_forward_list(data,
421 options, /* specials that are allowed */
422 generated, /* where to hang them */
423 error, /* for errors */
424 deliver_domain, /* to qualify \name */
425 include_directory, /* restrain to directory */
426 eblockp); /* for skipped syntax errors */
427}
428
429
430
431
432/*************************************************
433* Write string down pipe *
434*************************************************/
435
436/* This function is used for tranferring a string down a pipe between
437processes. If the pointer is NULL, a length of zero is written.
438
439Arguments:
440 fd the pipe
441 s the string
442
443Returns: nothing
444*/
445
446static void
447rda_write_string(int fd, uschar *s)
448{
449int len = (s == NULL)? 0 : Ustrlen(s) + 1;
f1e894f3
PH		 450(void)write(fd, &len, sizeof(int));
451if (s != NULL) (void)write(fd, s, len);
059ec3d9
PH		 452}
453
454
455
456/*************************************************
457* Read string from pipe *
458*************************************************/
459
460/* This function is used for receiving a string from a pipe.
461
462Arguments:
463 fd the pipe
464 sp where to put the string
465
466Returns: FALSE if data missing
467*/
468
469static BOOL
470rda_read_string(int fd, uschar **sp)
471{
472int len;
473
474if (read(fd, &len, sizeof(int)) != sizeof(int)) return FALSE;
475if (len == 0) *sp = NULL; else
476 {
477 *sp = store_get(len);
478 if (read(fd, *sp, len) != len) return FALSE;
479 }
480return TRUE;
481}
482
483
484
485/*************************************************
486* Interpret forward list or filter *
487*************************************************/
488
489/* This function is passed a forward list string (unexpanded) or the name of a
490file (unexpanded) whose contents are the forwarding list. The list may in fact
491be a filter program if it starts with "#Exim filter" or "#Sieve filter". Other
492types of filter, with different inital tag strings, may be introduced in due
493course.
494
495The job of the function is to process the forwarding list or filter. It is
496pulled out into this separate function, because it is used for system filter
497files as well as from the redirect router.
498
499If the function is given a uid/gid, it runs a subprocess that passes the
500results back via a pipe. This provides security for things like :include:s in
501users' .forward files, and "logwrite" calls in users' filter files. A
502sub-process is NOT used when:
503
504 . No uid/gid is provided
505 . The input is a string which is not a filter string, and does not contain
506 :include:
507 . The input is a file whose non-existence can be detected in the main
508 process (which is usually running as root).
509
510Arguments:
511 rdata redirect data (file + constraints, or data string)
512 options options to pass to the extraction functions,
513 plus ENOTDIR and EACCES handling bits
514 include_directory restrain :include: to this directory
efd9a422
MH		 515 sieve_vacation_directory directory passed to sieve_interpret
516 sieve_enotify_mailto_owner passed to sieve_interpret
e4a89c47
PH		 517 sieve_useraddress passed to sieve_interpret
518 sieve_subaddress passed to sieve_interpret
059ec3d9
PH		 519 ugid uid/gid to run under - if NULL, no change
520 generated where to hang generated addresses, initially NULL
521 error pointer for error message
522 eblockp for skipped syntax errors; NULL if no skipping
523 filtertype set to the type of file:
524 FILTER_FORWARD => traditional .forward file
525 FILTER_EXIM => an Exim filter file
526 FILTER_SIEVE => a Sieve filter file
527 a system filter is always forced to be FILTER_EXIM
528 rname router name for error messages in the format
529 "xxx router" or "system filter"
530
531Returns: values from extraction function, or FF_NONEXIST:
532 FF_DELIVERED success, a significant action was taken
533 FF_NOTDELIVERED success, no significant action
534 FF_BLACKHOLE :blackhole:
535 FF_DEFER defer requested
536 FF_FAIL fail requested
537 FF_INCLUDEFAIL some problem with :include:
538 FF_FREEZE freeze requested
539 FF_ERROR there was a problem
540 FF_NONEXIST the file does not exist
541*/
542
543int
544rda_interpret(redirect_block *rdata, int options, uschar *include_directory,
efd9a422
MH		 545 uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner,
546 uschar *sieve_useraddress, uschar *sieve_subaddress, ugid_block *ugid,
547 address_item **generated, uschar **error, error_block **eblockp,
548 int *filtertype, uschar *rname)
059ec3d9
PH		 549{
550int fd, rc, pfd[2];
551int yield, status;
552BOOL had_disaster = FALSE;
553pid_t pid;
554uschar *data;
555uschar *readerror = US"";
556void (*oldsignal)(int);
557
558DEBUG(D_route) debug_printf("rda_interpret (%s): %s\n",
559 (rdata->isfile)? "file" : "string", rdata->string);
560
561/* Do the expansions of the file name or data first, while still privileged. */
562
563data = expand_string(rdata->string);
564if (data == NULL)
565 {
566 if (expand_string_forcedfail) return FF_NOTDELIVERED;
567 *error = string_sprintf("failed to expand \"%s\": %s", rdata->string,
568 expand_string_message);
569 return FF_ERROR;
570 }
571rdata->string = data;
572
573DEBUG(D_route) debug_printf("expanded: %s\n", data);
574
575if (rdata->isfile && data[0] != '/')
576 {
577 *error = string_sprintf("\"%s\" is not an absolute path", data);
578 return FF_ERROR;
579 }
580
581/* If no uid/gid are supplied, or if we have a data string which does not start
582with #Exim filter or #Sieve filter, and does not contain :include:, do all the
583work in this process. Note that for a system filter, we always have a file, so
584the work is done in this process only if no user is supplied. */
585
586if (!ugid->uid_set || /* Either there's no uid, or */
587 (!rdata->isfile && /* We've got the data, and */
588 rda_is_filter(data) == FILTER_FORWARD && /* It's not a filter script, */
589 Ustrstr(data, ":include:") == NULL)) /* and there's no :include: */
590 {
591 return rda_extract(rdata, options, include_directory,
efd9a422
MH		 592 sieve_vacation_directory, sieve_enotify_mailto_owner, sieve_useraddress,
593 sieve_subaddress, generated, error, eblockp, filtertype);
059ec3d9
PH		 594 }
595
596/* We need to run the processing code in a sub-process. However, if we can
597determine the non-existence of a file first, we can decline without having to
598create the sub-process. */
599
600if (rdata->isfile && rda_exists(data, error) == FILE_NOT_EXIST)
601 return FF_NONEXIST;
602
603/* If the file does exist, or we can't tell (non-root mounted NFS directory)
604we have to create the subprocess to do everything as the given user. The
605results of processing are passed back via a pipe. */
606
607if (pipe(pfd) != 0)
608 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "creation of pipe for filter or "
609 ":include: failed for %s: %s", rname, strerror(errno));
610
611/* Ensure that SIGCHLD is set to SIG_DFL before forking, so that the child
612process can be waited for. We sometimes get here with it set otherwise. Save
af46795e
PH		 613the old state for resetting on the wait. Ensure that all cached resources are
614freed so that the subprocess starts with a clean slate and doesn't interfere
615with the parent process. */
059ec3d9
PH		 616
617oldsignal = signal(SIGCHLD, SIG_DFL);
af46795e
PH		 618search_tidyup();
619
059ec3d9
PH		 620if ((pid = fork()) == 0)
621 {
622 header_line *waslast = header_last; /* Save last header */
623
624 fd = pfd[pipe_write];
f1e894f3 625 (void)close(pfd[pipe_read]);
059ec3d9
PH		 626 exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
627
628 /* Addresses can get rewritten in filters; if we are not root or the exim
629 user (and we probably are not), turn off rewrite logging, because we cannot
630 write to the log now. */
631
632 if (ugid->uid != root_uid && ugid->uid != exim_uid)
633 {
634 DEBUG(D_rewrite) debug_printf("turned off address rewrite logging (not "
635 "root or exim in this process)\n");
636 log_write_selector &= ~L_address_rewrite;
637 }
638
639 /* Now do the business */
640
641 yield = rda_extract(rdata, options, include_directory,
efd9a422
MH		 642 sieve_vacation_directory, sieve_enotify_mailto_owner, sieve_useraddress,
643 sieve_subaddress, generated, error, eblockp, filtertype);
059ec3d9
PH		 644
645 /* Pass back whether it was a filter, and the return code and any overall
646 error text via the pipe. */
647
f1e894f3
PH		 648 (void)write(fd, filtertype, sizeof(int));
649 (void)write(fd, &yield, sizeof(int));
059ec3d9
PH		 650 rda_write_string(fd, *error);
651
652 /* Pass back the contents of any syntax error blocks if we have a pointer */
653
654 if (eblockp != NULL)
655 {
656 error_block *ep;
657 for (ep = *eblockp; ep != NULL; ep = ep->next)
658 {
659 rda_write_string(fd, ep->text1);
660 rda_write_string(fd, ep->text2);
661 }
662 rda_write_string(fd, NULL); /* Indicates end of eblocks */
663 }
664
665 /* If this is a system filter, we have to pass back the numbers of any
666 original header lines that were removed, and then any header lines that were
667 added but not subsequently removed. */
668
669 if (system_filtering)
670 {
671 int i = 0;
672 header_line *h;
673 for (h = header_list; h != waslast->next; i++, h = h->next)
674 {
f1e894f3 675 if (h->type == htype_old) (void)write(fd, &i, sizeof(i));
059ec3d9
PH		 676 }
677 i = -1;
f1e894f3 678 (void)write(fd, &i, sizeof(i));
059ec3d9
PH		 679
680 while (waslast != header_last)
681 {
682 waslast = waslast->next;
683 if (waslast->type != htype_old)
684 {
685 rda_write_string(fd, waslast->text);
f1e894f3 686 (void)write(fd, &(waslast->type), sizeof(waslast->type));
059ec3d9
PH		 687 }
688 }
689 rda_write_string(fd, NULL); /* Indicates end of added headers */
690 }
691
692 /* Write the contents of the $n variables */
693
f1e894f3 694 (void)write(fd, filter_n, sizeof(filter_n));
059ec3d9
PH		 695
696 /* If the result was DELIVERED or NOTDELIVERED, we pass back the generated
697 addresses, and their associated information, through the pipe. This is
698 just tedious, but it seems to be the only safe way. We do this also for
699 FAIL and FREEZE, because a filter is allowed to set up deliveries that
700 are honoured before freezing or failing. */
701
702 if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
703 yield == FF_FAIL || yield == FF_FREEZE)
704 {
705 address_item *addr;
706 for (addr = *generated; addr != NULL; addr = addr->next)
707 {
708 int reply_options = 0;
709
710 rda_write_string(fd, addr->address);
f1e894f3
PH		 711 (void)write(fd, &(addr->mode), sizeof(addr->mode));
712 (void)write(fd, &(addr->flags), sizeof(addr->flags));
059ec3d9
PH		 713 rda_write_string(fd, addr->p.errors_address);
714
715 if (addr->pipe_expandn != NULL)
716 {
717 uschar **pp;
718 for (pp = addr->pipe_expandn; *pp != NULL; pp++)
719 rda_write_string(fd, *pp);
720 }
721 rda_write_string(fd, NULL);
722
723 if (addr->reply == NULL)
f1e894f3 724 (void)write(fd, &reply_options, sizeof(int)); /* 0 means no reply */
059ec3d9
PH		 725 else
726 {
727 reply_options |= REPLY_EXISTS;
728 if (addr->reply->file_expand) reply_options |= REPLY_EXPAND;
729 if (addr->reply->return_message) reply_options |= REPLY_RETURN;
f1e894f3
PH		 730 (void)write(fd, &reply_options, sizeof(int));
731 (void)write(fd, &(addr->reply->expand_forbid), sizeof(int));
732 (void)write(fd, &(addr->reply->once_repeat), sizeof(time_t));
059ec3d9
PH		 733 rda_write_string(fd, addr->reply->to);
734 rda_write_string(fd, addr->reply->cc);
735 rda_write_string(fd, addr->reply->bcc);
736 rda_write_string(fd, addr->reply->from);
737 rda_write_string(fd, addr->reply->reply_to);
738 rda_write_string(fd, addr->reply->subject);
739 rda_write_string(fd, addr->reply->headers);
740 rda_write_string(fd, addr->reply->text);
741 rda_write_string(fd, addr->reply->file);
742 rda_write_string(fd, addr->reply->logfile);
743 rda_write_string(fd, addr->reply->oncelog);
744 }
745 }
746
747 rda_write_string(fd, NULL); /* Marks end of addresses */
748 }
749
af46795e
PH		 750 /* OK, this process is now done. Free any cached resources. Must use _exit()
751 and not exit() !! */
059ec3d9 752
f1e894f3 753 (void)close(fd);
af46795e 754 search_tidyup();
059ec3d9
PH		 755 _exit(0);
756 }
757
758/* Back in the main process: panic if the fork did not succeed. */
759
760if (pid < 0)
761 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for %s", rname);
762
763/* Read the pipe to get the data from the filter/forward. Our copy of the
764writing end must be closed first, as otherwise read() won't return zero on an
765empty pipe. Afterwards, close the reading end. */
766
f1e894f3 767(void)close(pfd[pipe_write]);
059ec3d9
PH		 768
769/* Read initial data, including yield and contents of *error */
770
771fd = pfd[pipe_read];
772if (read(fd, filtertype, sizeof(int)) != sizeof(int) ||
773 read(fd, &yield, sizeof(int)) != sizeof(int) ||
774 !rda_read_string(fd, error)) goto DISASTER;
775
059ec3d9
PH		 776/* Read the contents of any syntax error blocks if we have a pointer */
777
778if (eblockp != NULL)
779 {
780 uschar *s;
781 error_block *e;
782 error_block **p = eblockp;
783 for (;;)
784 {
785 if (!rda_read_string(fd, &s)) goto DISASTER;
786 if (s == NULL) break;
787 e = store_get(sizeof(error_block));
788 e->next = NULL;
789 e->text1 = s;
790 if (!rda_read_string(fd, &s)) goto DISASTER;
791 e->text2 = s;
792 *p = e;
793 p = &(e->next);
794 }
795 }
796
797/* If this is a system filter, read the identify of any original header lines
798that were removed, and then read data for any new ones that were added. */
799
800if (system_filtering)
801 {
802 int hn = 0;
803 header_line *h = header_list;
804
805 for (;;)
806 {
807 int n;
808 if (read(fd, &n, sizeof(int)) != sizeof(int)) goto DISASTER;
809 if (n < 0) break;
810 while (hn < n)
811 {
812 hn++;
813 h = h->next;
814 if (h == NULL) goto DISASTER_NO_HEADER;
815 }
816 h->type = htype_old;
817 }
818
819 for (;;)
820 {
821 uschar *s;
822 int type;
823 if (!rda_read_string(fd, &s)) goto DISASTER;
824 if (s == NULL) break;
825 if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER;
826 header_add(type, "%s", s);
827 }
828 }
829
830/* Read the values of the $n variables */
831
832if (read(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n)) goto DISASTER;
833
834/* If the yield is DELIVERED, NOTDELIVERED, FAIL, or FREEZE there may follow
835addresses and data to go with them. Keep them in the same order in the
836generated chain. */
837
838if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
839 yield == FF_FAIL || yield == FF_FREEZE)
840 {
841 address_item **nextp = generated;
842
843 for (;;)
844 {
845 int i, reply_options;
846 address_item *addr;
847 uschar *recipient;
848 uschar *expandn[EXPAND_MAXN + 2];
849
850 /* First string is the address; NULL => end of addresses */
851
852 if (!rda_read_string(fd, &recipient)) goto DISASTER;
853 if (recipient == NULL) break;
854
855 /* Hang on the end of the chain */
856
857 addr = deliver_make_addr(recipient, FALSE);
858 *nextp = addr;
859 nextp = &(addr->next);
860
861 /* Next comes the mode and the flags fields */
862
863 if (read(fd, &(addr->mode), sizeof(addr->mode)) != sizeof(addr->mode) ||
864 read(fd, &(addr->flags), sizeof(addr->flags)) != sizeof(addr->flags) ||
865 !rda_read_string(fd, &(addr->p.errors_address))) goto DISASTER;
866
867 /* Next comes a possible setting for $thisaddress and any numerical
868 variables for pipe expansion, terminated by a NULL string. The maximum
869 number of numericals is EXPAND_MAXN. Note that we put filter_thisaddress
870 into the zeroth item in the vector - this is sorted out inside the pipe
871 transport. */
872
873 for (i = 0; i < EXPAND_MAXN + 1; i++)
874 {
875 uschar *temp;
876 if (!rda_read_string(fd, &temp)) goto DISASTER;
877 if (i == 0) filter_thisaddress = temp; /* Just in case */
878 expandn[i] = temp;
879 if (temp == NULL) break;
880 }
881
882 if (i > 0)
883 {
884 addr->pipe_expandn = store_get((i+1) * sizeof(uschar **));
885 addr->pipe_expandn[i] = NULL;
886 while (--i >= 0) addr->pipe_expandn[i] = expandn[i];
887 }
888
889 /* Then an int containing reply options; zero => no reply data. */
890
891 if (read(fd, &reply_options, sizeof(int)) != sizeof(int)) goto DISASTER;
892 if ((reply_options & REPLY_EXISTS) != 0)
893 {
894 addr->reply = store_get(sizeof(reply_item));
895
896 addr->reply->file_expand = (reply_options & REPLY_EXPAND) != 0;
897 addr->reply->return_message = (reply_options & REPLY_RETURN) != 0;
898
899 if (read(fd,&(addr->reply->expand_forbid),sizeof(int)) !=
900 sizeof(int) ||
901 read(fd,&(addr->reply->once_repeat),sizeof(time_t)) !=
902 sizeof(time_t) ||
903 !rda_read_string(fd, &(addr->reply->to)) ||
904 !rda_read_string(fd, &(addr->reply->cc)) ||
905 !rda_read_string(fd, &(addr->reply->bcc)) ||
906 !rda_read_string(fd, &(addr->reply->from)) ||
907 !rda_read_string(fd, &(addr->reply->reply_to)) ||
908 !rda_read_string(fd, &(addr->reply->subject)) ||
909 !rda_read_string(fd, &(addr->reply->headers)) ||
910 !rda_read_string(fd, &(addr->reply->text)) ||
911 !rda_read_string(fd, &(addr->reply->file)) ||
912 !rda_read_string(fd, &(addr->reply->logfile)) ||
913 !rda_read_string(fd, &(addr->reply->oncelog)))
914 goto DISASTER;
915 }
916 }
917 }
918
919/* All data has been transferred from the sub-process. Reap it, close the
920reading end of the pipe, and we are done. */
921
922WAIT_EXIT:
923while ((rc = wait(&status)) != pid)
924 {
925 if (rc < 0 && errno == ECHILD) /* Process has vanished */
926 {
927 log_write(0, LOG_MAIN, "redirection process %d vanished unexpectedly", pid);
928 goto FINAL_EXIT;
929 }
930 }
931
1921d2ea
PH		 932DEBUG(D_route)
933 debug_printf("rda_interpret: subprocess yield=%d error=%s\n", yield, *error);
934
059ec3d9
PH		 935if (had_disaster)
936 {
937 *error = string_sprintf("internal problem in %s: failure to transfer "
938 "data from subprocess: status=%04x%s%s%s", rname,
939 status, readerror,
940 (*error == NULL)? US"" : US": error=",
941 (*error == NULL)? US"" : *error);
942 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error);
943 }
944else if (status != 0)
945 {
946 log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status "
947 "%04x from redirect subprocess (but data correctly received)", rname,
948 status);
949 }
950
951FINAL_EXIT:
f1e894f3 952(void)close(fd);
059ec3d9
PH		 953signal(SIGCHLD, oldsignal); /* restore */
954return yield;
955
956
957/* Come here if the data indicates removal of a header that we can't find */
958
959DISASTER_NO_HEADER:
960readerror = US" readerror=bad header identifier";
961had_disaster = TRUE;
962yield = FF_ERROR;
963goto WAIT_EXIT;
964
965/* Come here is there's a shambles in transferring the data over the pipe. The
966value of errno should still be set. */
967
968DISASTER:
969readerror = string_sprintf(" readerror='%s'", strerror(errno));
970had_disaster = TRUE;
971yield = FF_ERROR;
972goto WAIT_EXIT;
973}
974
975/* End of rda.c */
Unnamed repository; edit this file 'description' to name the repository.