projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Gnu/Hurd: revert pipe-i/o EINTR handling changes
[exim.git] / src / src / rda.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* This module contains code for extracting addresses from a forwarding list
9(from an alias or forward file) or by running the filter interpreter. It may do
10this in a sub-process if a uid/gid are supplied. */
11
12
13#include "exim.h"
14
15enum { FILE_EXIST, FILE_NOT_EXIST, FILE_EXIST_UNCLEAR };
16
17#define REPLY_EXISTS 0x01
18#define REPLY_EXPAND 0x02
19#define REPLY_RETURN 0x04
20
21
22/*************************************************
23* Check string for filter program *
24*************************************************/
25
26/* This function checks whether a string is actually a filter program. The rule
27is that it must start with "# Exim filter ..." (any capitalization, spaces
28optional). It is envisaged that in future, other kinds of filter may be
29implemented. That's why it is implemented the way it is. The function is global
30because it is also called from filter.c when checking filters.
31
32Argument: the string
33
34Returns: FILTER_EXIM if it starts with "# Exim filter"
35 FILTER_SIEVE if it starts with "# Sieve filter"
36 FILTER_FORWARD otherwise
37*/
38
39/* This is an auxiliary function for matching a tag. */
40
41static BOOL
42match_tag(const uschar *s, const uschar *tag)
43{
44for (; *tag != 0; s++, tag++)
059ec3d9
PH		 45 if (*tag == ' ')
46 {
47 while (*s == ' ' || *s == '\t') s++;
48 s--;
49 }
d7978c0f
JH		 50 else
51 if (tolower(*s) != tolower(*tag)) break;
52
059ec3d9
PH		 53return (*tag == 0);
54}
55
56/* This is the real function. It should be easy to add checking different
57tags for other types of filter. */
58
59int
60rda_is_filter(const uschar *s)
61{
62while (isspace(*s)) s++; /* Skips initial blank lines */
63if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
64 else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
65 else return FILTER_FORWARD;
66}
67
68
69
70
71/*************************************************
72* Check for existence of file *
73*************************************************/
74
75/* First of all, we stat the file. If this fails, we try to stat the enclosing
76directory, because a file in an unmounted NFS directory will look the same as a
77non-existent file. It seems that in Solaris 2.6, statting an entry in an
78indirect map that is currently unmounted does not cause the mount to happen.
79Instead, dummy data is returned, which defeats the whole point of this test.
80However, if a stat() is done on some object inside the directory, such as the
81"." back reference to itself, then the mount does occur. If an NFS host is
82taken offline, it is possible for the stat() to get stuck until it comes back.
83To guard against this, stick a timer round it. If we can't access the "."
84inside the directory, try the plain directory, just in case that helps.
85
86Argument:
87 filename the file name
88 error for message on error
89
90Returns: FILE_EXIST the file exists
91 FILE_NOT_EXIST the file does not exist
92 FILE_EXIST_UNCLEAR cannot determine existence
93*/
94
95static int
96rda_exists(uschar *filename, uschar **error)
97{
98int rc, saved_errno;
059ec3d9 99struct stat statbuf;
f3ebb786 100uschar * s;
059ec3d9
PH		 101
102if ((rc = Ustat(filename, &statbuf)) >= 0) return FILE_EXIST;
103saved_errno = errno;
104
f3ebb786 105s = string_copy(filename);
059ec3d9
PH		 106sigalrm_seen = FALSE;
107
108if (saved_errno == ENOENT)
109 {
f3ebb786
JH		 110 uschar * slash = Ustrrchr(s, '/');
111 Ustrcpy(slash+1, US".");
059ec3d9 112
c2a1bba0 113 ALARM(30);
f3ebb786 114 rc = Ustat(s, &statbuf);
059ec3d9
PH		 115 if (rc != 0 && errno == EACCES && !sigalrm_seen)
116 {
117 *slash = 0;
f3ebb786 118 rc = Ustat(s, &statbuf);
059ec3d9
PH		 119 }
120 saved_errno = errno;
c2a1bba0 121 ALARM_CLR(0);
059ec3d9 122
f3ebb786 123 DEBUG(D_route) debug_printf("stat(%s)=%d\n", s, rc);
059ec3d9
PH		 124 }
125
126if (sigalrm_seen || rc != 0)
127 {
f3ebb786
JH		 128 *error = string_sprintf("failed to stat %s (%s)", s,
129 sigalrm_seen? "timeout" : strerror(saved_errno));
059ec3d9
PH		 130 return FILE_EXIST_UNCLEAR;
131 }
132
133*error = string_sprintf("%s does not exist", filename);
134DEBUG(D_route) debug_printf("%s\n", *error);
135return FILE_NOT_EXIST;
136}
137
138
139
140/*************************************************
141* Get forwarding list from a file *
142*************************************************/
143
144/* Open a file and read its entire contents into a block of memory. Certain
145opening errors are optionally treated the same as "file does not exist".
146
147ENOTDIR means that something along the line is not a directory: there are
148installations that set home directories to be /dev/null for non-login accounts
149but in normal circumstances this indicates some kind of configuration error.
150
151EACCES means there's a permissions failure. Some users turn off read permission
152on a .forward file to suspend forwarding, but this is probably an error in any
153kind of mailing list processing.
154
155The redirect block that contains the file name also contains constraints such
156as who may own the file, and mode bits that must not be set. This function is
157
158Arguments:
159 rdata rdirect block, containing file name and constraints
160 options for the RDO_ENOTDIR and RDO_EACCES options
161 error where to put an error message
162 yield what to return from rda_interpret on error
163
164Returns: pointer to string in store; NULL on error
165*/
166
167static uschar *
168rda_get_file_contents(redirect_block *rdata, int options, uschar **error,
169 int *yield)
170{
171FILE *fwd;
172uschar *filebuf;
173uschar *filename = rdata->string;
174BOOL uid_ok = !rdata->check_owner;
175BOOL gid_ok = !rdata->check_group;
176struct stat statbuf;
177
178/* Attempt to open the file. If it appears not to exist, check up on the
179containing directory by statting it. If the directory does not exist, we treat
180this situation as an error (which will cause delivery to defer); otherwise we
181pass back FF_NONEXIST, which causes the redirect router to decline.
182
183However, if the ignore_enotdir option is set (to ignore "something on the
184path is not a directory" errors), the right behaviour seems to be not to do the
185directory test. */
186
187fwd = Ufopen(filename, "rb");
188if (fwd == NULL)
189 {
190 switch(errno)
191 {
192 case ENOENT: /* File does not exist */
193 DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
194 filename,
195 ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
196 *yield = (((options & RDO_ENOTDIR) != 0) ||
197 rda_exists(filename, error) == FILE_NOT_EXIST)?
198 FF_NONEXIST : FF_ERROR;
199 return NULL;
200
201 case ENOTDIR: /* Something on the path isn't a directory */
202 if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
203 DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
204 "exist\n", filename);
205 *yield = FF_NONEXIST;
206 return NULL;
207
208 case EACCES: /* Permission denied */
209 if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
210 DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
211 "exist\n", filename);
212 *yield = FF_NONEXIST;
213 return NULL;
214
215 DEFAULT_ERROR:
216 default:
217 *error = string_open_failed(errno, "%s", filename);
218 *yield = FF_ERROR;
219 return NULL;
220 }
221 }
222
223/* Check that we have a regular file. */
224
225if (fstat(fileno(fwd), &statbuf) != 0)
226 {
227 *error = string_sprintf("failed to stat %s: %s", filename, strerror(errno));
228 goto ERROR_RETURN;
229 }
230
231if ((statbuf.st_mode & S_IFMT) != S_IFREG)
232 {
233 *error = string_sprintf("%s is not a regular file", filename);
234 goto ERROR_RETURN;
235 }
236
237/* Check for unwanted mode bits */
238
239if ((statbuf.st_mode & rdata->modemask) != 0)
240 {
241 *error = string_sprintf("bad mode (0%o) for %s: 0%o bit(s) unexpected",
242 statbuf.st_mode, filename, statbuf.st_mode & rdata->modemask);
243 goto ERROR_RETURN;
244 }
245
246/* Check the file owner and file group if required to do so. */
247
248if (!uid_ok)
249 {
250 if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
251 uid_ok = TRUE;
252 else if (rdata->owners != NULL)
d7978c0f 253 for (int i = 1; i <= (int)(rdata->owners[0]); i++)
059ec3d9 254 if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
059ec3d9
PH		 255 }
256
257if (!gid_ok)
258 {
259 if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
260 gid_ok = TRUE;
261 else if (rdata->owngroups != NULL)
d7978c0f 262 for (int i = 1; i <= (int)(rdata->owngroups[0]); i++)
059ec3d9 263 if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
059ec3d9
PH		 264 }
265
266if (!uid_ok || !gid_ok)
267 {
268 *error = string_sprintf("bad %s for %s", uid_ok? "group" : "owner", filename);
269 goto ERROR_RETURN;
270 }
271
272/* Put an upper limit on the size of the file, just to stop silly people
273feeding in ridiculously large files, which can easily be created by making
274files that have holes in them. */
275
276if (statbuf.st_size > MAX_FILTER_SIZE)
277 {
278 *error = string_sprintf("%s is too big (max %d)", filename, MAX_FILTER_SIZE);
279 goto ERROR_RETURN;
280 }
281
282/* Read the file in one go in order to minimize the time we have it open. */
283
f3ebb786 284filebuf = store_get(statbuf.st_size + 1, is_tainted(filename));
059ec3d9
PH		 285
286if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
287 {
288 *error = string_sprintf("error while reading %s: %s",
289 filename, strerror(errno));
290 goto ERROR_RETURN;
291 }
292filebuf[statbuf.st_size] = 0;
293
059ec3d9 294DEBUG(D_route)
b1c749bb 295 debug_printf(OFF_T_FMT " bytes read from %s\n", statbuf.st_size, filename);
059ec3d9 296
f1e894f3 297(void)fclose(fwd);
059ec3d9
PH		 298return filebuf;
299
300/* Return an error: the string is already set up. */
301
302ERROR_RETURN:
303*yield = FF_ERROR;
f1e894f3 304(void)fclose(fwd);
059ec3d9
PH		 305return NULL;
306}
307
308
309
310/*************************************************
311* Extract info from list or filter *
312*************************************************/
313
314/* This function calls the appropriate function to extract addresses from a
315forwarding list, or to run a filter file and get addresses from there.
316
317Arguments:
318 rdata the redirection block
319 options the options bits
320 include_directory restrain to this directory
321 sieve_vacation_directory passed to sieve_interpret
efd9a422 322 sieve_enotify_mailto_owner passed to sieve_interpret
e4a89c47
PH		 323 sieve_useraddress passed to sieve_interpret
324 sieve_subaddress passed to sieve_interpret
059ec3d9
PH		 325 generated where to hang generated addresses
326 error for error messages
327 eblockp for details of skipped syntax errors
328 (NULL => no skip)
329 filtertype set to the filter type:
330 FILTER_FORWARD => a traditional .forward file
331 FILTER_EXIM => an Exim filter file
332 FILTER_SIEVE => a Sieve filter file
333 a system filter is always forced to be FILTER_EXIM
334
335Returns: a suitable return for rda_interpret()
336*/
337
338static int
339rda_extract(redirect_block *rdata, int options, uschar *include_directory,
efd9a422
MH		 340 uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner,
341 uschar *sieve_useraddress, uschar *sieve_subaddress,
342 address_item **generated, uschar **error, error_block **eblockp,
343 int *filtertype)
059ec3d9
PH		 344{
345uschar *data;
346
347if (rdata->isfile)
348 {
91ecef39 349 int yield = 0;
059ec3d9
PH		 350 data = rda_get_file_contents(rdata, options, error, &yield);
351 if (data == NULL) return yield;
352 }
353else data = rdata->string;
354
8768d548 355*filtertype = f.system_filtering ? FILTER_EXIM : rda_is_filter(data);
059ec3d9
PH		 356
357/* Filter interpretation is done by a general function that is also called from
358the filter testing option (-bf). There are two versions: one for Exim filtering
359and one for Sieve filtering. Several features of string expansion may be locked
360out at sites that don't trust users. This is done by setting flags in
361expand_forbid that the expander inspects. */
362
363if (*filtertype != FILTER_FORWARD)
364 {
365 int frc;
366 int old_expand_forbid = expand_forbid;
367
23c7ff99 368 DEBUG(D_route) debug_printf("data is %s filter program\n",
f3ebb786 369 *filtertype == FILTER_EXIM ? "an Exim" : "a Sieve");
23c7ff99
PH		 370
371 /* RDO_FILTER is an "allow" bit */
8e669ac1 372
059ec3d9
PH		 373 if ((options & RDO_FILTER) == 0)
374 {
375 *error = US"filtering not enabled";
376 return FF_ERROR;
377 }
378
059ec3d9 379 expand_forbid =
f3ebb786 380 expand_forbid & ~RDO_FILTER_EXPANSIONS | options & RDO_FILTER_EXPANSIONS;
8e669ac1 381
23c7ff99 382 /* RDO_{EXIM,SIEVE}_FILTER are forbid bits */
8e669ac1 383
23c7ff99
PH		 384 if (*filtertype == FILTER_EXIM)
385 {
386 if ((options & RDO_EXIM_FILTER) != 0)
387 {
388 *error = US"Exim filtering not enabled";
389 return FF_ERROR;
8e669ac1 390 }
23c7ff99 391 frc = filter_interpret(data, options, generated, error);
8e669ac1 392 }
23c7ff99
PH		 393 else
394 {
395 if ((options & RDO_SIEVE_FILTER) != 0)
396 {
397 *error = US"Sieve filtering not enabled";
398 return FF_ERROR;
399 }
e4a89c47 400 frc = sieve_interpret(data, options, sieve_vacation_directory,
efd9a422
MH		 401 sieve_enotify_mailto_owner, sieve_useraddress, sieve_subaddress,
402 generated, error);
8e669ac1 403 }
059ec3d9
PH		 404
405 expand_forbid = old_expand_forbid;
406 return frc;
407 }
408
409/* Not a filter script */
410
411DEBUG(D_route) debug_printf("file is not a filter file\n");
412
413return parse_forward_list(data,
414 options, /* specials that are allowed */
415 generated, /* where to hang them */
416 error, /* for errors */
417 deliver_domain, /* to qualify \name */
418 include_directory, /* restrain to directory */
419 eblockp); /* for skipped syntax errors */
420}
421
422
423
424
425/*************************************************
426* Write string down pipe *
427*************************************************/
428
1ac6b2e7 429/* This function is used for transferring a string down a pipe between
059ec3d9
PH		 430processes. If the pointer is NULL, a length of zero is written.
431
432Arguments:
433 fd the pipe
434 s the string
435
1ac6b2e7 436Returns: -1 on error, else 0
059ec3d9
PH		 437*/
438
1ac6b2e7 439static int
55414b25 440rda_write_string(int fd, const uschar *s)
059ec3d9 441{
847a015a
JH		 442int len = (s == NULL)? 0 : Ustrlen(s) + 1;
443return ( write(fd, &len, sizeof(int)) != sizeof(int)
444 || (s != NULL && write(fd, s, len) != len)
1ac6b2e7
JH		 445 )
446 ? -1 : 0;
059ec3d9
PH		 447}
448
449
450
451/*************************************************
452* Read string from pipe *
453*************************************************/
454
455/* This function is used for receiving a string from a pipe.
456
457Arguments:
458 fd the pipe
459 sp where to put the string
460
461Returns: FALSE if data missing
462*/
463
464static BOOL
465rda_read_string(int fd, uschar **sp)
466{
467int len;
468
847a015a 469if (read(fd, &len, sizeof(int)) != sizeof(int)) return FALSE;
d88f0784
JH		 470if (len == 0)
471 *sp = NULL;
472else
473 /* We know we have enough memory so disable the error on "len" */
474 /* coverity[tainted_data] */
f3ebb786 475 /* We trust the data source, so untainted */
847a015a 476 if (read(fd, *sp = store_get(len, FALSE), len) != len) return FALSE;
059ec3d9
PH		 477return TRUE;
478}
479
480
481
482/*************************************************
483* Interpret forward list or filter *
484*************************************************/
485
486/* This function is passed a forward list string (unexpanded) or the name of a
487file (unexpanded) whose contents are the forwarding list. The list may in fact
488be a filter program if it starts with "#Exim filter" or "#Sieve filter". Other
aded2255 489types of filter, with different initial tag strings, may be introduced in due
059ec3d9
PH		 490course.
491
492The job of the function is to process the forwarding list or filter. It is
493pulled out into this separate function, because it is used for system filter
494files as well as from the redirect router.
495
496If the function is given a uid/gid, it runs a subprocess that passes the
497results back via a pipe. This provides security for things like :include:s in
498users' .forward files, and "logwrite" calls in users' filter files. A
499sub-process is NOT used when:
500
501 . No uid/gid is provided
502 . The input is a string which is not a filter string, and does not contain
503 :include:
504 . The input is a file whose non-existence can be detected in the main
505 process (which is usually running as root).
506
507Arguments:
508 rdata redirect data (file + constraints, or data string)
509 options options to pass to the extraction functions,
510 plus ENOTDIR and EACCES handling bits
511 include_directory restrain :include: to this directory
efd9a422
MH		 512 sieve_vacation_directory directory passed to sieve_interpret
513 sieve_enotify_mailto_owner passed to sieve_interpret
e4a89c47
PH		 514 sieve_useraddress passed to sieve_interpret
515 sieve_subaddress passed to sieve_interpret
059ec3d9
PH		 516 ugid uid/gid to run under - if NULL, no change
517 generated where to hang generated addresses, initially NULL
518 error pointer for error message
519 eblockp for skipped syntax errors; NULL if no skipping
520 filtertype set to the type of file:
521 FILTER_FORWARD => traditional .forward file
522 FILTER_EXIM => an Exim filter file
523 FILTER_SIEVE => a Sieve filter file
524 a system filter is always forced to be FILTER_EXIM
525 rname router name for error messages in the format
526 "xxx router" or "system filter"
527
528Returns: values from extraction function, or FF_NONEXIST:
529 FF_DELIVERED success, a significant action was taken
530 FF_NOTDELIVERED success, no significant action
531 FF_BLACKHOLE :blackhole:
532 FF_DEFER defer requested
533 FF_FAIL fail requested
534 FF_INCLUDEFAIL some problem with :include:
535 FF_FREEZE freeze requested
536 FF_ERROR there was a problem
537 FF_NONEXIST the file does not exist
538*/
539
540int
541rda_interpret(redirect_block *rdata, int options, uschar *include_directory,
efd9a422
MH		 542 uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner,
543 uschar *sieve_useraddress, uschar *sieve_subaddress, ugid_block *ugid,
544 address_item **generated, uschar **error, error_block **eblockp,
545 int *filtertype, uschar *rname)
059ec3d9
PH		 546{
547int fd, rc, pfd[2];
548int yield, status;
549BOOL had_disaster = FALSE;
550pid_t pid;
551uschar *data;
552uschar *readerror = US"";
553void (*oldsignal)(int);
554
f3ebb786
JH		 555DEBUG(D_route) debug_printf("rda_interpret (%s): '%s'\n",
556 rdata->isfile ? "file" : "string", string_printing(rdata->string));
059ec3d9
PH		 557
558/* Do the expansions of the file name or data first, while still privileged. */
559
f3ebb786 560if (!(data = expand_string(rdata->string)))
059ec3d9 561 {
8768d548 562 if (f.expand_string_forcedfail) return FF_NOTDELIVERED;
059ec3d9
PH		 563 *error = string_sprintf("failed to expand \"%s\": %s", rdata->string,
564 expand_string_message);
565 return FF_ERROR;
566 }
567rdata->string = data;
568
f3ebb786 569DEBUG(D_route) debug_printf("expanded: '%s'\n", data);
059ec3d9
PH		 570
571if (rdata->isfile && data[0] != '/')
572 {
573 *error = string_sprintf("\"%s\" is not an absolute path", data);
574 return FF_ERROR;
575 }
576
577/* If no uid/gid are supplied, or if we have a data string which does not start
578with #Exim filter or #Sieve filter, and does not contain :include:, do all the
579work in this process. Note that for a system filter, we always have a file, so
580the work is done in this process only if no user is supplied. */
581
582if (!ugid->uid_set || /* Either there's no uid, or */
583 (!rdata->isfile && /* We've got the data, and */
584 rda_is_filter(data) == FILTER_FORWARD && /* It's not a filter script, */
585 Ustrstr(data, ":include:") == NULL)) /* and there's no :include: */
586 {
587 return rda_extract(rdata, options, include_directory,
efd9a422
MH		 588 sieve_vacation_directory, sieve_enotify_mailto_owner, sieve_useraddress,
589 sieve_subaddress, generated, error, eblockp, filtertype);
059ec3d9
PH		 590 }
591
592/* We need to run the processing code in a sub-process. However, if we can
593determine the non-existence of a file first, we can decline without having to
594create the sub-process. */
595
596if (rdata->isfile && rda_exists(data, error) == FILE_NOT_EXIST)
597 return FF_NONEXIST;
598
599/* If the file does exist, or we can't tell (non-root mounted NFS directory)
600we have to create the subprocess to do everything as the given user. The
601results of processing are passed back via a pipe. */
602
603if (pipe(pfd) != 0)
604 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "creation of pipe for filter or "
605 ":include: failed for %s: %s", rname, strerror(errno));
606
607/* Ensure that SIGCHLD is set to SIG_DFL before forking, so that the child
608process can be waited for. We sometimes get here with it set otherwise. Save
af46795e
PH		 609the old state for resetting on the wait. Ensure that all cached resources are
610freed so that the subprocess starts with a clean slate and doesn't interfere
611with the parent process. */
059ec3d9
PH		 612
613oldsignal = signal(SIGCHLD, SIG_DFL);
af46795e
PH		 614search_tidyup();
615
059ec3d9
PH		 616if ((pid = fork()) == 0)
617 {
618 header_line *waslast = header_last; /* Save last header */
619
620 fd = pfd[pipe_write];
f1e894f3 621 (void)close(pfd[pipe_read]);
059ec3d9
PH		 622 exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
623
624 /* Addresses can get rewritten in filters; if we are not root or the exim
625 user (and we probably are not), turn off rewrite logging, because we cannot
626 write to the log now. */
627
628 if (ugid->uid != root_uid && ugid->uid != exim_uid)
629 {
630 DEBUG(D_rewrite) debug_printf("turned off address rewrite logging (not "
631 "root or exim in this process)\n");
6c6d6e48 632 BIT_CLEAR(log_selector, log_selector_size, Li_address_rewrite);
059ec3d9
PH		 633 }
634
635 /* Now do the business */
636
637 yield = rda_extract(rdata, options, include_directory,
efd9a422
MH		 638 sieve_vacation_directory, sieve_enotify_mailto_owner, sieve_useraddress,
639 sieve_subaddress, generated, error, eblockp, filtertype);
059ec3d9
PH		 640
641 /* Pass back whether it was a filter, and the return code and any overall
642 error text via the pipe. */
643
847a015a
JH		 644 if ( write(fd, filtertype, sizeof(int)) != sizeof(int)
645 || write(fd, &yield, sizeof(int)) != sizeof(int)
1ac6b2e7
JH		 646 || rda_write_string(fd, *error) != 0
647 )
648 goto bad;
059ec3d9
PH		 649
650 /* Pass back the contents of any syntax error blocks if we have a pointer */
651
d7978c0f 652 if (eblockp)
059ec3d9 653 {
d7978c0f 654 for (error_block * ep = *eblockp; ep; ep = ep->next)
1ac6b2e7
JH		 655 if ( rda_write_string(fd, ep->text1) != 0
656 || rda_write_string(fd, ep->text2) != 0
657 )
658 goto bad;
659 if (rda_write_string(fd, NULL) != 0) /* Indicates end of eblocks */
660 goto bad;
059ec3d9
PH		 661 }
662
663 /* If this is a system filter, we have to pass back the numbers of any
664 original header lines that were removed, and then any header lines that were
665 added but not subsequently removed. */
666
8768d548 667 if (f.system_filtering)
059ec3d9
PH		 668 {
669 int i = 0;
d7978c0f 670 for (header_line * h = header_list; h != waslast->next; i++, h = h->next)
1ac6b2e7 671 if ( h->type == htype_old
847a015a 672 && write(fd, &i, sizeof(i)) != sizeof(i)
1ac6b2e7
JH		 673 )
674 goto bad;
675
059ec3d9 676 i = -1;
847a015a 677 if (write(fd, &i, sizeof(i)) != sizeof(i))
1ac6b2e7 678 goto bad;
059ec3d9
PH		 679
680 while (waslast != header_last)
681 {
682 waslast = waslast->next;
683 if (waslast->type != htype_old)
1ac6b2e7 684 if ( rda_write_string(fd, waslast->text) != 0
847a015a 685 || write(fd, &(waslast->type), sizeof(waslast->type))
1ac6b2e7
JH		 686 != sizeof(waslast->type)
687 )
688 goto bad;
059ec3d9 689 }
1ac6b2e7
JH		 690 if (rda_write_string(fd, NULL) != 0) /* Indicates end of added headers */
691 goto bad;
059ec3d9
PH		 692 }
693
694 /* Write the contents of the $n variables */
695
847a015a 696 if (write(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n))
1ac6b2e7 697 goto bad;
059ec3d9
PH		 698
699 /* If the result was DELIVERED or NOTDELIVERED, we pass back the generated
700 addresses, and their associated information, through the pipe. This is
701 just tedious, but it seems to be the only safe way. We do this also for
702 FAIL and FREEZE, because a filter is allowed to set up deliveries that
703 are honoured before freezing or failing. */
704
705 if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
706 yield == FF_FAIL || yield == FF_FREEZE)
707 {
d7978c0f 708 for (address_item * addr = *generated; addr; addr = addr->next)
059ec3d9
PH		 709 {
710 int reply_options = 0;
25beaee4 711 int ig_err = addr->prop.ignore_error ? 1 : 0;
059ec3d9 712
1ac6b2e7 713 if ( rda_write_string(fd, addr->address) != 0
847a015a
JH		 714 || write(fd, &addr->mode, sizeof(addr->mode)) != sizeof(addr->mode)
715 || write(fd, &addr->flags, sizeof(addr->flags)) != sizeof(addr->flags)
d43cbe25 716 || rda_write_string(fd, addr->prop.errors_address) != 0
847a015a 717 || write(fd, &ig_err, sizeof(ig_err)) != sizeof(ig_err)
1ac6b2e7
JH		 718 )
719 goto bad;
059ec3d9 720
7eb0e5d2 721 if (addr->pipe_expandn)
d7978c0f 722 for (uschar ** pp = addr->pipe_expandn; *pp; pp++)
1ac6b2e7
JH		 723 if (rda_write_string(fd, *pp) != 0)
724 goto bad;
1ac6b2e7
JH		 725 if (rda_write_string(fd, NULL) != 0)
726 goto bad;
059ec3d9 727
7eb0e5d2 728 if (!addr->reply)
1ac6b2e7 729 {
847a015a 730 if (write(fd, &reply_options, sizeof(int)) != sizeof(int)) /* 0 means no reply */
1ac6b2e7
JH		 731 goto bad;
732 }
059ec3d9
PH		 733 else
734 {
735 reply_options |= REPLY_EXISTS;
736 if (addr->reply->file_expand) reply_options |= REPLY_EXPAND;
737 if (addr->reply->return_message) reply_options |= REPLY_RETURN;
847a015a
JH		 738 if ( write(fd, &reply_options, sizeof(int)) != sizeof(int)
739 || write(fd, &(addr->reply->expand_forbid), sizeof(int))
1ac6b2e7 740 != sizeof(int)
847a015a 741 || write(fd, &(addr->reply->once_repeat), sizeof(time_t))
1ac6b2e7
JH		 742 != sizeof(time_t)
743 || rda_write_string(fd, addr->reply->to) != 0
744 || rda_write_string(fd, addr->reply->cc) != 0
745 || rda_write_string(fd, addr->reply->bcc) != 0
746 || rda_write_string(fd, addr->reply->from) != 0
747 || rda_write_string(fd, addr->reply->reply_to) != 0
748 || rda_write_string(fd, addr->reply->subject) != 0
749 || rda_write_string(fd, addr->reply->headers) != 0
750 || rda_write_string(fd, addr->reply->text) != 0
751 || rda_write_string(fd, addr->reply->file) != 0
752 || rda_write_string(fd, addr->reply->logfile) != 0
753 || rda_write_string(fd, addr->reply->oncelog) != 0
754 )
755 goto bad;
059ec3d9
PH		 756 }
757 }
758
1ac6b2e7
JH		 759 if (rda_write_string(fd, NULL) != 0) /* Marks end of addresses */
760 goto bad;
059ec3d9
PH		 761 }
762
af46795e
PH		 763 /* OK, this process is now done. Free any cached resources. Must use _exit()
764 and not exit() !! */
059ec3d9 765
1ac6b2e7 766out:
f1e894f3 767 (void)close(fd);
af46795e 768 search_tidyup();
f3ebb786 769 exim_underbar_exit(0);
1ac6b2e7
JH		 770
771bad:
772 DEBUG(D_rewrite) debug_printf("rda_interpret: failed write to pipe\n");
773 goto out;
059ec3d9
PH		 774 }
775
776/* Back in the main process: panic if the fork did not succeed. */
777
778if (pid < 0)
779 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for %s", rname);
780
781/* Read the pipe to get the data from the filter/forward. Our copy of the
782writing end must be closed first, as otherwise read() won't return zero on an
783empty pipe. Afterwards, close the reading end. */
784
f1e894f3 785(void)close(pfd[pipe_write]);
059ec3d9
PH		 786
787/* Read initial data, including yield and contents of *error */
788
789fd = pfd[pipe_read];
847a015a
JH		 790if (read(fd, filtertype, sizeof(int)) != sizeof(int) ||
791 read(fd, &yield, sizeof(int)) != sizeof(int) ||
059ec3d9
PH		 792 !rda_read_string(fd, error)) goto DISASTER;
793
059ec3d9
PH		 794/* Read the contents of any syntax error blocks if we have a pointer */
795
8cfd0f7b 796if (eblockp)
059ec3d9 797 {
059ec3d9 798 error_block *e;
d7978c0f 799 for (error_block ** p = eblockp; ; p = &e->next)
059ec3d9 800 {
8cfd0f7b 801 uschar *s;
059ec3d9 802 if (!rda_read_string(fd, &s)) goto DISASTER;
8cfd0f7b 803 if (!s) break;
f3ebb786 804 e = store_get(sizeof(error_block), FALSE);
059ec3d9
PH		 805 e->next = NULL;
806 e->text1 = s;
807 if (!rda_read_string(fd, &s)) goto DISASTER;
808 e->text2 = s;
809 *p = e;
059ec3d9
PH		 810 }
811 }
812
813/* If this is a system filter, read the identify of any original header lines
814that were removed, and then read data for any new ones that were added. */
815
8768d548 816if (f.system_filtering)
059ec3d9
PH		 817 {
818 int hn = 0;
819 header_line *h = header_list;
820
821 for (;;)
822 {
823 int n;
847a015a 824 if (read(fd, &n, sizeof(int)) != sizeof(int)) goto DISASTER;
059ec3d9
PH		 825 if (n < 0) break;
826 while (hn < n)
827 {
828 hn++;
8cfd0f7b 829 if (!(h = h->next)) goto DISASTER_NO_HEADER;
059ec3d9
PH		 830 }
831 h->type = htype_old;
832 }
833
834 for (;;)
835 {
836 uschar *s;
837 int type;
838 if (!rda_read_string(fd, &s)) goto DISASTER;
8cfd0f7b 839 if (!s) break;
847a015a 840 if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER;
059ec3d9
PH		 841 header_add(type, "%s", s);
842 }
843 }
844
845/* Read the values of the $n variables */
846
847a015a 847if (read(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n)) goto DISASTER;
059ec3d9
PH		 848
849/* If the yield is DELIVERED, NOTDELIVERED, FAIL, or FREEZE there may follow
850addresses and data to go with them. Keep them in the same order in the
851generated chain. */
852
853if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
854 yield == FF_FAIL || yield == FF_FREEZE)
855 {
856 address_item **nextp = generated;
857
858 for (;;)
859 {
860 int i, reply_options;
861 address_item *addr;
862 uschar *recipient;
863 uschar *expandn[EXPAND_MAXN + 2];
864
865 /* First string is the address; NULL => end of addresses */
866
867 if (!rda_read_string(fd, &recipient)) goto DISASTER;
f3ebb786 868 if (!recipient) break;
059ec3d9
PH		 869
870 /* Hang on the end of the chain */
871
872 addr = deliver_make_addr(recipient, FALSE);
873 *nextp = addr;
874 nextp = &(addr->next);
875
876 /* Next comes the mode and the flags fields */
877
847a015a
JH		 878 if ( read(fd, &addr->mode, sizeof(addr->mode)) != sizeof(addr->mode)
879 || read(fd, &addr->flags, sizeof(addr->flags)) != sizeof(addr->flags)
25beaee4 880 || !rda_read_string(fd, &addr->prop.errors_address)
847a015a 881 || read(fd, &i, sizeof(i)) != sizeof(i)
25beaee4
MK		 882 )
883 goto DISASTER;
884 addr->prop.ignore_error = (i != 0);
059ec3d9
PH		 885
886 /* Next comes a possible setting for $thisaddress and any numerical
887 variables for pipe expansion, terminated by a NULL string. The maximum
888 number of numericals is EXPAND_MAXN. Note that we put filter_thisaddress
889 into the zeroth item in the vector - this is sorted out inside the pipe
890 transport. */
891
892 for (i = 0; i < EXPAND_MAXN + 1; i++)
893 {
894 uschar *temp;
895 if (!rda_read_string(fd, &temp)) goto DISASTER;
896 if (i == 0) filter_thisaddress = temp; /* Just in case */
897 expandn[i] = temp;
898 if (temp == NULL) break;
899 }
900
901 if (i > 0)
902 {
f3ebb786 903 addr->pipe_expandn = store_get((i+1) * sizeof(uschar *), FALSE);
059ec3d9
PH		 904 addr->pipe_expandn[i] = NULL;
905 while (--i >= 0) addr->pipe_expandn[i] = expandn[i];
906 }
907
908 /* Then an int containing reply options; zero => no reply data. */
909
847a015a 910 if (read(fd, &reply_options, sizeof(int)) != sizeof(int)) goto DISASTER;
059ec3d9
PH		 911 if ((reply_options & REPLY_EXISTS) != 0)
912 {
f3ebb786 913 addr->reply = store_get(sizeof(reply_item), FALSE);
059ec3d9
PH		 914
915 addr->reply->file_expand = (reply_options & REPLY_EXPAND) != 0;
916 addr->reply->return_message = (reply_options & REPLY_RETURN) != 0;
917
847a015a 918 if (read(fd,&(addr->reply->expand_forbid),sizeof(int)) !=
059ec3d9 919 sizeof(int) ||
847a015a 920 read(fd,&(addr->reply->once_repeat),sizeof(time_t)) !=
059ec3d9
PH		 921 sizeof(time_t) ||
922 !rda_read_string(fd, &(addr->reply->to)) ||
923 !rda_read_string(fd, &(addr->reply->cc)) ||
924 !rda_read_string(fd, &(addr->reply->bcc)) ||
925 !rda_read_string(fd, &(addr->reply->from)) ||
926 !rda_read_string(fd, &(addr->reply->reply_to)) ||
927 !rda_read_string(fd, &(addr->reply->subject)) ||
928 !rda_read_string(fd, &(addr->reply->headers)) ||
929 !rda_read_string(fd, &(addr->reply->text)) ||
930 !rda_read_string(fd, &(addr->reply->file)) ||
931 !rda_read_string(fd, &(addr->reply->logfile)) ||
932 !rda_read_string(fd, &(addr->reply->oncelog)))
933 goto DISASTER;
934 }
935 }
936 }
937
938/* All data has been transferred from the sub-process. Reap it, close the
939reading end of the pipe, and we are done. */
940
941WAIT_EXIT:
942while ((rc = wait(&status)) != pid)
943 {
944 if (rc < 0 && errno == ECHILD) /* Process has vanished */
945 {
946 log_write(0, LOG_MAIN, "redirection process %d vanished unexpectedly", pid);
947 goto FINAL_EXIT;
948 }
949 }
950
1921d2ea
PH		 951DEBUG(D_route)
952 debug_printf("rda_interpret: subprocess yield=%d error=%s\n", yield, *error);
953
059ec3d9
PH		 954if (had_disaster)
955 {
956 *error = string_sprintf("internal problem in %s: failure to transfer "
957 "data from subprocess: status=%04x%s%s%s", rname,
958 status, readerror,
959 (*error == NULL)? US"" : US": error=",
960 (*error == NULL)? US"" : *error);
961 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error);
962 }
963else if (status != 0)
964 {
965 log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status "
966 "%04x from redirect subprocess (but data correctly received)", rname,
967 status);
968 }
969
970FINAL_EXIT:
f1e894f3 971(void)close(fd);
059ec3d9
PH		 972signal(SIGCHLD, oldsignal); /* restore */
973return yield;
974
975
976/* Come here if the data indicates removal of a header that we can't find */
977
978DISASTER_NO_HEADER:
979readerror = US" readerror=bad header identifier";
980had_disaster = TRUE;
981yield = FF_ERROR;
982goto WAIT_EXIT;
983
984/* Come here is there's a shambles in transferring the data over the pipe. The
985value of errno should still be set. */
986
987DISASTER:
988readerror = string_sprintf(" readerror='%s'", strerror(errno));
989had_disaster = TRUE;
990yield = FF_ERROR;
991goto WAIT_EXIT;
992}
993
994/* End of rda.c */
Unnamed repository; edit this file 'description' to name the repository.