projects / exim.git / blame
| Commit | Line | Data |
|---|---|---|
| 059ec3d9 PH |
1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * | |
| 3 | *************************************************/ | |
| 4 | ||
| 3386088d | 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
| 059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
| 7 | ||
| 8 | /* Functions concerned with rewriting headers */ | |
| 9 | ||
| 10 | ||
| 11 | #include "exim.h" | |
| 12 | ||
| 13 | /* Names for testing rewriting */ | |
| 14 | ||
| 1ba28e2b | 15 | static const char *rrname[] = { |
| 059ec3d9 PH |
16 | " sender", |
| 17 | " from", | |
| 18 | " to", | |
| 19 | " cc", | |
| 20 | " bcc", | |
| 21 | "reply-to", | |
| 22 | "env-from", | |
| 23 | " env-to" | |
| 24 | }; | |
| 25 | ||
| 26 | /* Structure and table for finding source of address for debug printing */ | |
| 27 | ||
| 28 | typedef struct where_list_block { | |
| 29 | int bit; | |
| 1ba28e2b | 30 | const uschar *string; |
| 059ec3d9 PH |
31 | } where_list_block; |
| 32 | ||
| 33 | static where_list_block where_list[] = { | |
| 1ba28e2b PP |
34 | { rewrite_sender, CUS"sender:" }, |
| 35 | { rewrite_from, CUS"from:" }, | |
| 36 | { rewrite_to, CUS"to:" }, | |
| 37 | { rewrite_cc, CUS"cc:" }, | |
| 38 | { rewrite_bcc, CUS"bcc:" }, | |
| 39 | { rewrite_replyto, CUS"reply-to:" }, | |
| 40 | { rewrite_envfrom, CUS"env-from" }, | |
| 41 | { rewrite_envto, CUS"env-to" }, | |
| 42 | { rewrite_smtp, CUS"smtp recipient" }, | |
| 43 | { rewrite_smtp|rewrite_smtp_sender, CUS"smtp sender" } | |
| 059ec3d9 PH |
44 | }; |
| 45 | ||
| 46 | static int where_list_size = sizeof(where_list)/sizeof(where_list_block); | |
| 47 | ||
| 48 | ||
| 49 | ||
| 50 | /************************************************* | |
| 51 | * Ensure an address is qualified * | |
| 52 | *************************************************/ | |
| 53 | ||
| 54 | /* | |
| 55 | Arguments: | |
| 56 | s address to check | |
| 57 | is_recipient TRUE if a recipient address; FALSE if a sender address | |
| 58 | ||
| 59 | Returns: fully-qualified address | |
| 60 | */ | |
| 61 | ||
| 62 | uschar * | |
| 63 | rewrite_address_qualify(uschar *s, BOOL is_recipient) | |
| 64 | { | |
| 65 | return (parse_find_at(s) != NULL)? s : | |
| 66 | string_sprintf("%s@%s", s, | |
| 67 | is_recipient? qualify_domain_recipient : qualify_domain_sender); | |
| 68 | } | |
| 69 | ||
| 70 | ||
| 71 | ||
| 72 | /************************************************* | |
| 73 | * Rewrite a single address * | |
| 74 | *************************************************/ | |
| 75 | ||
| 76 | /* The yield is the input address if there is no rewriting to be done. Assume | |
| 77 | the input is a valid address, except in the case of SMTP-time rewriting, which | |
| 78 | is handled specially. When this function is called while processing filter and | |
| 79 | forward files, the uid may be that of the user. Ensure it is reset while | |
| 80 | expanding a replacement, in case that involves file lookups. | |
| 81 | ||
| 82 | Arguments: | |
| 83 | s address to rewrite | |
| 84 | flag indicates where this address comes from; it must match the | |
| 85 | flags in the rewriting rule | |
| 86 | whole if not NULL, set TRUE if any rewriting rule contained the | |
| 87 | "whole" bit and it is a header that is being rewritten | |
| 88 | add_header if TRUE and rewriting occurs, add an "X-rewrote-xxx" header | |
| 89 | if headers are in existence; this should be TRUE only when | |
| 90 | a message is being received, not during delivery | |
| 91 | name name of header, for use when adding X-rewrote-xxxx | |
| 92 | rewrite_rules chain of rewriting rules | |
| 93 | ||
| 94 | Returns: new address if rewritten; the input address if no change; | |
| 95 | for a header rewrite, if the "whole" bit is set, the entire | |
| 96 | rewritten address is returned, not just the active bit. | |
| 97 | */ | |
| 98 | ||
| 99 | uschar * | |
| 100 | rewrite_one(uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *name, | |
| 101 | rewrite_rule *rewrite_rules) | |
| 102 | { | |
| 103 | rewrite_rule *rule; | |
| 104 | uschar *yield = s; | |
| 105 | uschar *subject = s; | |
| 106 | uschar *domain = NULL; | |
| 107 | BOOL done = FALSE; | |
| 108 | int rule_number = 1; | |
| 109 | int yield_start = 0, yield_end = 0; | |
| 110 | ||
| 111 | if (whole != NULL) *whole = FALSE; | |
| 112 | ||
| 113 | /* Scan the rewriting rules */ | |
| 114 | ||
| 115 | for (rule = rewrite_rules; | |
| 116 | rule != NULL && !done; | |
| 117 | rule_number++, rule = rule->next) | |
| 118 | { | |
| 119 | int start, end, pdomain; | |
| 120 | int count = 0; | |
| 55414b25 JH |
121 | uschar *save_localpart; |
| 122 | const uschar *save_domain; | |
| 059ec3d9 PH |
123 | uschar *error, *new, *newparsed; |
| 124 | ||
| 125 | /* Ensure that the flag matches the flags in the rule. */ | |
| 126 | ||
| 127 | if ((rule->flags & flag) == 0) continue; | |
| 128 | ||
| 129 | /* Come back here for a repeat after a successful rewrite. We do this | |
| 130 | only so many times. */ | |
| 131 | ||
| 132 | REPEAT_RULE: | |
| 133 | ||
| 134 | /* If this is an SMTP-time rewrite, the pattern must be a regex and | |
| 135 | the subject may have any structure. No local part or domain variables | |
| 136 | can be set for the expansion. We expand the pattern in order to be consistent | |
| 137 | with the other kinds of rewrite, where expansion happens inside | |
| 138 | match_address_list(). */ | |
| 139 | ||
| 140 | if ((flag & rewrite_smtp) != 0) | |
| 141 | { | |
| 142 | uschar *key = expand_string(rule->key); | |
| 143 | if (key == NULL) | |
| 144 | { | |
| 145 | if (!expand_string_forcedfail) | |
| 146 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" while " | |
| 147 | "checking for SMTP rewriting: %s", rule->key, expand_string_message); | |
| 148 | continue; | |
| 149 | } | |
| 150 | if (match_check_string(subject, key, 0, TRUE, FALSE, FALSE, NULL) != OK) | |
| 151 | continue; | |
| 152 | new = expand_string(rule->replacement); | |
| 153 | } | |
| 154 | ||
| 155 | /* All other rewrites expect the input to be a valid address, so local part | |
| 156 | and domain variables can be set for expansion. For the first rule, to be | |
| 157 | applied to this address, domain will be NULL and needs to be set. */ | |
| 158 | ||
| 159 | else | |
| 160 | { | |
| 161 | if (domain == NULL) domain = Ustrrchr(subject, '@') + 1; | |
| 162 | ||
| 163 | /* Use the general function for matching an address against a list (here | |
| 164 | just one item, so use the "impossible value" separator UCHAR_MAX+1). */ | |
| 165 | ||
| 55414b25 | 166 | if (match_address_list(subject, FALSE, TRUE, CUSS &(rule->key), NULL, 0, |
| 059ec3d9 PH |
167 | UCHAR_MAX + 1, NULL) != OK) |
| 168 | continue; | |
| 169 | ||
| 170 | /* The source address matches, and numerical variables have been | |
| 171 | set up. If the replacement string consists of precisely "*" then no | |
| 172 | rewriting is required for this address - the behaviour is as for "fail" | |
| 173 | in the replacement expansion, but assuming the quit flag. */ | |
| 174 | ||
| 175 | if (Ustrcmp(rule->replacement, "*") == 0) break; | |
| 176 | ||
| 177 | /* Otherwise, expand the replacement string. Set $local_part and $domain to | |
| 178 | the appropriate values, restoring whatever value they previously had | |
| 179 | afterwards. */ | |
| 180 | ||
| 181 | save_localpart = deliver_localpart; | |
| 182 | save_domain = deliver_domain; | |
| 183 | ||
| 184 | /* We have subject pointing to "localpart@domain" and domain pointing to | |
| 185 | the domain. Temporarily terminate the local part so that it can be | |
| 186 | set up as an expansion variable */ | |
| 187 | ||
| 188 | domain[-1] = 0; | |
| 189 | deliver_localpart = subject; | |
| 190 | deliver_domain = domain; | |
| 191 | ||
| 192 | new = expand_string(rule->replacement); | |
| 193 | ||
| 194 | domain[-1] = '@'; | |
| 195 | deliver_localpart = save_localpart; | |
| 196 | deliver_domain = save_domain; | |
| 197 | } | |
| 198 | ||
| 199 | /* If the expansion failed with the "forcedfail" flag, don't generate | |
| 200 | an error - just give up on this rewriting rule. If the "q" flag is set, | |
| 201 | give up altogether. For other expansion failures we have a configuration | |
| 202 | error. */ | |
| 203 | ||
| 204 | if (new == NULL) | |
| 205 | { | |
| 206 | if (expand_string_forcedfail) | |
| 207 | { if ((rule->flags & rewrite_quit) != 0) break; else continue; } | |
| 0bd1b1ed JH |
208 | |
| 209 | /* Avoid potentially exposing a password */ | |
| 210 | ||
| 211 | if ( ( Ustrstr(expand_string_message, "failed to expand") != NULL | |
| 212 | || Ustrstr(expand_string_message, "expansion of ") != NULL | |
| 213 | ) | |
| 214 | && ( Ustrstr(expand_string_message, "mysql") != NULL | |
| 215 | || Ustrstr(expand_string_message, "pgsql") != NULL | |
| 216 | || Ustrstr(expand_string_message, "redis") != NULL | |
| 217 | || Ustrstr(expand_string_message, "sqlite") != NULL | |
| 218 | || Ustrstr(expand_string_message, "ldap:") != NULL | |
| 219 | || Ustrstr(expand_string_message, "ldaps:") != NULL | |
| 220 | || Ustrstr(expand_string_message, "ldapi:") != NULL | |
| 221 | || Ustrstr(expand_string_message, "ldapdn:") != NULL | |
| 222 | || Ustrstr(expand_string_message, "ldapm:") != NULL | |
| 223 | ) ) | |
| 224 | expand_string_message = US"Temporary internal error"; | |
| 225 | ||
| 059ec3d9 PH |
226 | log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: " |
| 227 | "%s", rule->replacement, expand_string_message); | |
| 228 | break; | |
| 229 | } | |
| 230 | ||
| 231 | /* Check the what has been generated is a valid RFC 2822 address. Only | |
| 232 | envelope from or SMTP sender is permitted to be rewritten as <>.*/ | |
| 233 | ||
| 234 | newparsed = parse_extract_address(new, &error, &start, &end, &pdomain, | |
| 235 | flag == rewrite_envfrom || flag == (rewrite_smtp|rewrite_smtp_sender)); | |
| 236 | ||
| 237 | if (newparsed == NULL) | |
| 238 | { | |
| 239 | log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unparseable " | |
| 240 | "address: %s in address %s", subject, error, new); | |
| 241 | break; /* Give up on this address */ | |
| 242 | } | |
| 243 | ||
| 244 | /* A non-null unqualified address can be qualified if requested. Otherwise, | |
| 245 | this is an error unless it's the empty address in circumstances where that is | |
| 246 | permitted. */ | |
| 247 | ||
| 248 | if (pdomain == 0 && (*newparsed != 0 || | |
| 249 | (flag != rewrite_envfrom && flag != (rewrite_smtp|rewrite_smtp_sender)))) | |
| 250 | { | |
| 251 | if ((rule->flags & rewrite_qualify) != 0) | |
| 252 | { | |
| 253 | newparsed = rewrite_address_qualify(newparsed, TRUE); | |
| 254 | new = string_sprintf("%.*s%s%.*s", start, new, newparsed, | |
| 255 | Ustrlen(new) - end, new + end); | |
| 256 | end = start + Ustrlen(newparsed); | |
| 257 | } | |
| 258 | else | |
| 259 | { | |
| 260 | log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unqualified " | |
| 261 | "address \"%s\"", subject, new); | |
| 262 | break; /* Give up on this address */ | |
| 263 | } | |
| 264 | } | |
| 265 | ||
| 266 | /* We have a validly rewritten address */ | |
| 267 | ||
| 6c6d6e48 | 268 | if (LOGGING(address_rewrite) || (debug_selector & D_rewrite) != 0) |
| 059ec3d9 PH |
269 | { |
| 270 | int i; | |
| 1ba28e2b | 271 | const uschar *where = CUS"?"; |
| 059ec3d9 PH |
272 | |
| 273 | for (i = 0; i < where_list_size; i++) | |
| 274 | { | |
| 275 | if (flag == where_list[i].bit) | |
| 276 | { | |
| 277 | where = where_list[i].string; | |
| 278 | break; | |
| 279 | } | |
| 280 | } | |
| 281 | log_write(L_address_rewrite, | |
| 282 | LOG_MAIN, "\"%s\" from %s rewritten as \"%s\" by rule %d", | |
| 283 | yield, where, new, rule_number); | |
| 284 | } | |
| 285 | ||
| 286 | /* A header will only actually be added if header_last is non-NULL, | |
| 287 | i.e. during message reception or delivery, but add_header should not | |
| 288 | be set TRUE during delivery, as otherwise multiple instances of the header | |
| 289 | can fill up the -H file and make it embarrassingly large. We don't need | |
| 290 | to set header_rewritten because the -H file always gets written at the end | |
| 291 | of message reception. */ | |
| 292 | ||
| 293 | if (add_header) | |
| 294 | header_add(htype_old, "X-rewrote-%s: %s\n", name, subject); | |
| 295 | ||
| 296 | /* Handle the case when replacement of the whole address is possible. | |
| 297 | This happens only when whole is not NULL and we are rewriting a header. | |
| 298 | If *whole is already TRUE it means that a previous rule had the w | |
| 299 | flag set and so we must preserve the non-active portion of the current | |
| 300 | subject unless the current rule also has the w flag set. */ | |
| 301 | ||
| 302 | if (whole != NULL && (flag & rewrite_all_headers) != 0) | |
| 303 | { | |
| 304 | /* Current rule has the w flag set. We must ensure the phrase parts | |
| 305 | are syntactically valid if they are present. */ | |
| 306 | ||
| 307 | if ((rule->flags & rewrite_whole) != 0) | |
| 308 | { | |
| 309 | if (start > 0 && new[start-1] == '<') | |
| 310 | { | |
| 311 | uschar *p1 = new + start - 1; | |
| 312 | uschar *p2 = new + end + 1; | |
| 55414b25 | 313 | const uschar *pf1, *pf2; |
| 059ec3d9 PH |
314 | uschar buff1[256], buff2[256]; |
| 315 | ||
| 316 | while (p1 > new && p1[-1] == ' ') p1--; | |
| 317 | pf1 = parse_fix_phrase(new, p1 - new, buff1, sizeof(buff1)); | |
| 318 | while (*p2 == ' ') p2++; | |
| 319 | pf2 = parse_fix_phrase(p2, Ustrlen(p2), buff2, sizeof(buff2)); | |
| 320 | ||
| 321 | /* Note that pf1 and pf2 are NOT necessarily buff1 and buff2. For | |
| 322 | a non-RFC 2047 phrase that does not need to be RFC 2822 quoted, they | |
| 323 | will be buff1+1 and buff2+1. */ | |
| 324 | ||
| 325 | start = Ustrlen(pf1) + start + new - p1; | |
| 326 | end = start + Ustrlen(newparsed); | |
| 327 | new = string_sprintf("%s%.*s%s", pf1, p2 - p1, p1, pf2); | |
| 328 | } | |
| 329 | ||
| 330 | /* Now accept the whole thing */ | |
| 331 | ||
| 332 | yield = new; | |
| 333 | yield_start = start; | |
| 334 | yield_end = end; | |
| 335 | subject = newparsed; | |
| 336 | *whole = TRUE; | |
| 337 | } | |
| 338 | ||
| 339 | /* Current rule does not have the w flag set; if not previously | |
| 340 | done any whole rewriting, behave in non-whole manner. */ | |
| 341 | ||
| 342 | else if (!*whole) goto NEVER_WHOLE; | |
| 343 | ||
| 344 | /* Current rule does not have the w flag set, but a previous | |
| 345 | rule did rewrite the whole address. Thus yield and subject will be | |
| 346 | different. Preserve the previous non-active part of the address. */ | |
| 347 | ||
| 348 | else | |
| 349 | { | |
| 350 | subject = newparsed; | |
| 351 | new = string_sprintf("%.*s%s%n%s", | |
| 352 | yield_start, yield, subject, &end, yield + yield_end); | |
| 353 | yield_end = end; | |
| 354 | yield = new; | |
| 355 | } | |
| 356 | } | |
| 357 | ||
| 358 | /* Rule just rewrites active part, or handling an envelope. This | |
| 359 | code is obeyed only when all rules so far have not done "whole" | |
| 360 | replacement. */ | |
| 361 | ||
| 362 | else | |
| 363 | { | |
| 364 | NEVER_WHOLE: | |
| 365 | subject = yield = newparsed; | |
| 366 | } | |
| 367 | ||
| 368 | domain = NULL; /* Reset for next rule */ | |
| 369 | ||
| 370 | /* If no further rewrites are to be done, set the done flag. This allows | |
| 371 | repeats of the current rule if configured before breaking the loop. */ | |
| 372 | ||
| 373 | if ((rule->flags & rewrite_quit) != 0) done = TRUE; | |
| 374 | ||
| 375 | /* Allow the current rule to be applied up to 10 times if | |
| 376 | requested. */ | |
| 377 | ||
| 378 | if ((rule->flags & rewrite_repeat) != 0) | |
| 379 | { | |
| 380 | if (count++ < 10) goto REPEAT_RULE; | |
| 381 | log_write(0, LOG_MAIN|LOG_PANIC, "rewrite rule repeat ignored after 10 " | |
| 382 | "times"); | |
| 383 | } | |
| 384 | } | |
| 385 | ||
| 386 | /* Unset expansion numeric variables, and that's it. */ | |
| 387 | ||
| 388 | expand_nmax = -1; | |
| 389 | return yield; | |
| 390 | } | |
| 391 | ||
| 392 | ||
| 393 | ||
| 394 | /************************************************* | |
| 395 | * Ensure qualification and rewrite * | |
| 396 | *************************************************/ | |
| 397 | ||
| 398 | /* This function is called for envelope addresses, the boolean specifying | |
| 399 | whether a recipient or a sender. It must first of all ensure the address is | |
| 400 | fully qualified, and then apply any relevant re-writing rules. The add-header | |
| 401 | flag causes a header to be added, recording the old address. This is marked | |
| 402 | "old", so that it is never transported anywhere; it exists for local checking | |
| 403 | and debugging purposes. | |
| 404 | ||
| 405 | Arguments: | |
| 406 | s the address to be considered | |
| 407 | is_recipient TRUE for recipient addresses; FALSE otherwise | |
| 408 | add_header add "X-rewrote-xxx" header when rewriting; this is | |
| 409 | set TRUE only for calls from the reception functions | |
| 410 | rewrite_rules points to chain of rewrite rules | |
| 411 | existflags bits indicating which headers there are rewrites for | |
| 412 | (just an optimisation) | |
| 413 | ||
| 414 | Returns: possibly rewritten address | |
| 415 | */ | |
| 416 | ||
| 417 | uschar * | |
| 418 | rewrite_address(uschar *s, BOOL is_recipient, BOOL add_header, | |
| 419 | rewrite_rule *rewrite_rules, int existflags) | |
| 420 | { | |
| 421 | int flag = is_recipient? rewrite_envto : rewrite_envfrom; | |
| 422 | s = rewrite_address_qualify(s, is_recipient); | |
| 423 | if ((existflags & flag) != 0) | |
| 424 | { | |
| 425 | uschar *new = rewrite_one(s, flag, NULL, add_header, is_recipient? | |
| 426 | US"original-recipient" : US"sender", rewrite_rules); | |
| 427 | if (new != s) s = new; | |
| 428 | } | |
| 429 | return s; | |
| 430 | } | |
| 431 | ||
| 432 | ||
| 433 | ||
| 434 | /************************************************* | |
| 435 | * Qualify and possibly rewrite one header * | |
| 436 | *************************************************/ | |
| 437 | ||
| 438 | /* This is called only from rewrite_header() below, either when reading a | |
| 439 | message. or when routing, in order to rewrite addresses that get changed by a | |
| 440 | router. This is normally the addition of full qualification to a partial | |
| 441 | domain. The first rewriting rule in this case is "change routed_old into | |
| 442 | routed_new", and it applies to all header lines that contain addresses. Then | |
| 443 | header-specific rewriting rules are applied. | |
| 444 | ||
| 445 | Before rewriting can be done, addresses without domains have to be qualified. | |
| 446 | This should only be done for messages from "local" senders. This is a difficult | |
| 447 | concept to pin down, what with the use of SMTP both as a submission and as a | |
| 448 | transmission protocol. Exim normally requires incoming SMTP to contain fully- | |
| 449 | qualified addresses, but there are options to permit unqualified ones from | |
| 450 | certain hosts. For those hosts only, addresses in headers can also be | |
| 451 | qualified. For other hosts, unqualified addresses in headers do not get touched | |
| 452 | in any way. For locally sourced messages, unqualified addresses always get | |
| 453 | qualified, except when -bnq is used to explicitly suppress this. | |
| 454 | ||
| 455 | Arguments: | |
| 456 | h pointer to header line block | |
| 457 | flag indicates which header this is | |
| 458 | routed_old if not NULL, this is a rewrite caused by a router, changing | |
| 459 | this domain into routed_new | |
| 460 | routed_new new routed domain if routed_old is not NULL | |
| 461 | rewrite_rules points to chain of rewriting rules | |
| 462 | existflags bits indicating which rewrites exist | |
| 463 | replace if TRUE, insert the new header in the chain after the old | |
| 464 | one, and mark the old one "replaced" | |
| 465 | ||
| 466 | Returns: NULL if header unchanged; otherwise the rewritten header | |
| 467 | */ | |
| 468 | ||
| 469 | static header_line * | |
| 55414b25 JH |
470 | rewrite_one_header(header_line *h, int flag, |
| 471 | const uschar *routed_old, const uschar *routed_new, | |
| 472 | rewrite_rule *rewrite_rules, int existflags, BOOL replace) | |
| 059ec3d9 PH |
473 | { |
| 474 | int lastnewline = 0; | |
| 475 | header_line *newh = NULL; | |
| 476 | void *function_reset_point = store_get(0); | |
| 477 | uschar *s = Ustrchr(h->text, ':') + 1; | |
| 478 | while (isspace(*s)) s++; | |
| 479 | ||
| 480 | DEBUG(D_rewrite) | |
| 481 | debug_printf("rewrite_one_header: type=%c:\n %s", h->type, h->text); | |
| 482 | ||
| 483 | parse_allow_group = TRUE; /* Allow group syntax */ | |
| 484 | ||
| 485 | /* Loop for multiple addresses in the header. We have to go through them all | |
| 486 | in case any need qualifying, even if there's no rewriting. Pathological headers | |
| 487 | may have thousands of addresses in them, so cause the store to be reset for | |
| 488 | any that don't actually get rewritten. We also play silly games for those that | |
| 489 | _are_ rewritten so as to avoid runaway store usage for these kinds of header. | |
| 490 | We want to avoid keeping store for any intermediate versions. */ | |
| 491 | ||
| 492 | while (*s != 0) | |
| 493 | { | |
| 494 | uschar *sprev; | |
| 495 | uschar *ss = parse_find_address_end(s, FALSE); | |
| 496 | uschar *recipient, *new, *errmess; | |
| 497 | void *loop_reset_point = store_get(0); | |
| 498 | BOOL changed = FALSE; | |
| 499 | int terminator = *ss; | |
| 500 | int start, end, domain; | |
| 501 | ||
| 502 | /* Temporarily terminate the string at this point, and extract the | |
| 503 | operative address within. Then put back the terminator and prepare for | |
| 504 | the next address, saving the start of the old one. */ | |
| 505 | ||
| 506 | *ss = 0; | |
| 507 | recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE); | |
| 508 | *ss = terminator; | |
| 509 | sprev = s; | |
| 510 | s = ss + (terminator? 1:0); | |
| 511 | while (isspace(*s)) s++; | |
| 512 | ||
| 513 | /* There isn't much we can do for syntactic disasters at this stage. | |
| 514 | Pro tem (possibly for ever) ignore them. */ | |
| 515 | ||
| 516 | if (recipient == NULL) | |
| 517 | { | |
| 518 | store_reset(loop_reset_point); | |
| 519 | continue; | |
| 520 | } | |
| 521 | ||
| 522 | /* If routed_old is not NULL, this is a rewrite caused by a router, | |
| 523 | consisting of changing routed_old into routed_new, and applying to all | |
| 524 | headers. If the header address has no domain, it is excluded, since a router | |
| 525 | rewrite affects domains only. The new value should always be fully qualified, | |
| 526 | but it may be something that has an explicit re-write rule set, so we need to | |
| 527 | check the configured rules subsequently as well. (Example: there's an | |
| 528 | explicit rewrite turning *.foo.com into foo.com, and an address is supplied | |
| 529 | as abc@xyz, which the DNS lookup turns into abc@xyz.foo.com). However, if no | |
| 530 | change is made here, don't bother carrying on. */ | |
| 531 | ||
| 532 | if (routed_old != NULL) | |
| 533 | { | |
| 534 | if (domain <= 0 || strcmpic(recipient+domain, routed_old) != 0) continue; | |
| 535 | recipient[domain-1] = 0; | |
| 536 | new = string_sprintf("%s@%s", recipient, routed_new); | |
| 537 | DEBUG(D_rewrite) | |
| 538 | { | |
| 539 | recipient[domain-1] = '@'; | |
| 540 | debug_printf("%s rewritten by router as %s\n", recipient, new); | |
| 541 | } | |
| 542 | recipient = new; | |
| 543 | changed = TRUE; | |
| 544 | } | |
| 545 | ||
| 546 | /* This is not a router-inspired rewrite. Ensure the address is fully | |
| 547 | qualified if that is permitted. If an unqualified address was received | |
| 548 | from a host that isn't listed, do not continue rewriting this address. | |
| 549 | Sender, From or Reply-To headers are treated as senders, the rest as | |
| 550 | recipients. This matters only when there are different qualify strings. */ | |
| 551 | ||
| 552 | else | |
| 553 | { | |
| 554 | BOOL is_recipient = | |
| 555 | (flag & (rewrite_sender | rewrite_from | rewrite_replyto)) == 0; | |
| 556 | new = rewrite_address_qualify(recipient, is_recipient); | |
| 557 | changed = (new != recipient); | |
| 558 | recipient = new; | |
| 559 | ||
| 560 | /* Can only qualify if permitted; if not, no rewrite. */ | |
| 561 | ||
| 562 | if (changed && ((is_recipient && !allow_unqualified_recipient) || | |
| 563 | (!is_recipient && !allow_unqualified_sender))) | |
| 564 | { | |
| 565 | store_reset(loop_reset_point); | |
| 566 | continue; | |
| 567 | } | |
| 568 | } | |
| 569 | ||
| 570 | /* If there are rewrite rules for this type of header, apply | |
| 571 | them. This test is just for efficiency, to save scanning the rules | |
| 572 | in cases when nothing is going to change. If any rewrite rule had the | |
| 573 | "whole" flag set, adjust the pointers so that the whole address gets | |
| 574 | replaced, except possibly a final \n. */ | |
| 575 | ||
| 576 | if ((existflags & flag) != 0) | |
| 577 | { | |
| 578 | BOOL whole; | |
| 579 | new = rewrite_one(recipient, flag, &whole, FALSE, NULL, rewrite_rules); | |
| 580 | if (new != recipient) | |
| 581 | { | |
| 582 | changed = TRUE; | |
| 583 | if (whole) | |
| 584 | { | |
| 585 | start = 0; | |
| 586 | end = ss - sprev; | |
| 587 | if (sprev[end-1] == '\n') end--; | |
| 588 | } | |
| 589 | } | |
| 590 | } | |
| 591 | ||
| 592 | /* If nothing has changed, lose all dynamic store obtained in this loop, and | |
| 593 | move on to the next address. We can't reset to the function start store | |
| 594 | point, because we may have a rewritten line from a previous time round the | |
| 595 | loop. */ | |
| 596 | ||
| 597 | if (!changed) store_reset(loop_reset_point); | |
| 598 | ||
| 599 | /* If the address has changed, create a new header containing the | |
| 600 | rewritten address. We do not need to set the chain pointers at this | |
| 601 | stage. We want to avoid using more and more memory if the header is very long | |
| 602 | and contains lots and lots of rewritten addresses. Therefore, we build the | |
| 603 | new text string in malloc store, then at the end we reset dynamic store | |
| 604 | before copying the new header to a new block (and then freeing the malloc | |
| 605 | block). The header must end up in dynamic store so that it's freed at the end | |
| 606 | of receiving a message. */ | |
| 607 | ||
| 608 | else | |
| 609 | { | |
| 610 | int remlen; | |
| 611 | int newlen = Ustrlen(new); | |
| 612 | int oldlen = end - start; | |
| 613 | ||
| 614 | header_line *prev = (newh == NULL)? h : newh; | |
| 615 | uschar *newt = store_malloc(prev->slen - oldlen + newlen + 4); | |
| 616 | uschar *newtstart = newt; | |
| 617 | ||
| 618 | int type = prev->type; | |
| 619 | int slen = prev->slen - oldlen + newlen; | |
| 620 | ||
| 621 | /* Build the new header text by copying the old and putting in the | |
| 622 | replacement. This process may make the header substantially longer | |
| 623 | than it was before - qualification of a list of bare addresses can | |
| 624 | often do this - so we stick in a newline after the re-written address | |
| 625 | if it has increased in length and ends more than 40 characters in. In | |
| 626 | fact, the code is not perfect, since it does not scan for existing | |
| 627 | newlines in the header, but it doesn't seem worth going to that | |
| 628 | amount of trouble. */ | |
| 629 | ||
| 630 | Ustrncpy(newt, prev->text, sprev - prev->text + start); | |
| 631 | newt += sprev - prev->text + start; | |
| 632 | *newt = 0; | |
| 633 | Ustrcat(newt, new); | |
| 634 | newt += newlen; | |
| 635 | remlen = s - (sprev + end); | |
| 636 | if (remlen > 0) | |
| 637 | { | |
| 638 | Ustrncpy(newt, sprev + end, remlen); | |
| 639 | newt += remlen; | |
| 640 | *newt = 0; | |
| 641 | } | |
| 642 | ||
| 643 | /* Must check that there isn't a newline here anyway; in particular, there | |
| 644 | will be one at the very end of the header, where we DON'T want to insert | |
| 645 | another one! The pointer s has been skipped over white space, so just | |
| 646 | look back to see if the last non-space-or-tab was a newline. */ | |
| 647 | ||
| 648 | if (newlen > oldlen && newt - newtstart - lastnewline > 40) | |
| 649 | { | |
| 650 | uschar *p = s - 1; | |
| 651 | while (p >= prev->text && (*p == ' ' || *p == '\t')) p--; | |
| 652 | if (*p != '\n') | |
| 653 | { | |
| 654 | lastnewline = newt - newtstart; | |
| 655 | Ustrcat(newt, "\n\t"); | |
| 656 | slen += 2; | |
| 657 | } | |
| 658 | } | |
| 659 | ||
| 660 | /* Finally, the remaining unprocessed addresses, if any. */ | |
| 661 | ||
| 662 | Ustrcat(newt, s); | |
| 663 | ||
| 664 | DEBUG(D_rewrite) debug_printf("newlen=%d newtype=%c newtext:\n%s", | |
| 665 | slen, type, newtstart); | |
| 666 | ||
| 667 | /* Compute the length of the rest of the header line before we possibly | |
| 668 | flatten a previously rewritten copy. */ | |
| 669 | ||
| 670 | remlen = (s - prev->text) - oldlen + newlen; | |
| 671 | ||
| 672 | /* We have the new text in a malloc block. That enables us to release all | |
| 673 | the memory that has been used, back to the point at which the function was | |
| 674 | entered. Then set up a new header in dynamic store. This will override a | |
| 675 | rewritten copy from a previous time round this loop. */ | |
| 676 | ||
| 677 | store_reset(function_reset_point); | |
| 678 | newh = store_get(sizeof(header_line)); | |
| 679 | newh->type = type; | |
| 680 | newh->slen = slen; | |
| 681 | newh->text = string_copyn(newtstart, slen); | |
| 682 | store_free(newtstart); | |
| 683 | ||
| 684 | /* Set up for scanning the rest of the header */ | |
| 685 | ||
| 686 | s = newh->text + remlen; | |
| 687 | DEBUG(D_rewrite) debug_printf("remainder: %s", (*s == 0)? US"\n" : s); | |
| 688 | } | |
| 689 | } | |
| 690 | ||
| 691 | parse_allow_group = FALSE; /* Reset group flags */ | |
| 692 | parse_found_group = FALSE; | |
| 693 | ||
| 694 | /* If a rewrite happened and "replace" is true, put the new header into the | |
| 695 | chain following the old one, and mark the old one as replaced. */ | |
| 696 | ||
| 697 | if (newh != NULL && replace) | |
| 698 | { | |
| 699 | newh->next = h->next; | |
| 700 | if (newh->next == NULL) header_last = newh; | |
| 701 | h->type = htype_old; | |
| 702 | h->next = newh; | |
| 703 | } | |
| 704 | ||
| 705 | return newh; | |
| 706 | } | |
| 707 | ||
| 708 | ||
| 709 | ||
| 710 | ||
| 711 | /************************************************* | |
| 712 | * Rewrite a header line * | |
| 713 | *************************************************/ | |
| 714 | ||
| 715 | /* This function may be passed any old header line. It must detect those which | |
| 716 | contain addresses, then then apply any rewriting rules that apply. If | |
| 717 | routed_old is NULL, only the configured rewriting rules are consulted. | |
| 718 | Otherwise, the rewriting rule is "change routed_old into routed_new", and it | |
| 719 | applies to all header lines that contain addresses. Then header-specific | |
| 720 | rewriting rules are applied. | |
| 721 | ||
| 722 | The old header line is flagged as "old". Old headers are saved on the spool for | |
| 723 | debugging but are never sent to any recipients. | |
| 724 | ||
| 725 | Arguments: | |
| 726 | h header line to rewrite | |
| 727 | routed_old if not NULL, this is a rewrite caused by a router, changing | |
| 728 | this domain into routed_new | |
| 729 | routed_new new routed domain if routed_old is not NULL | |
| 730 | rewrite_rules points to chain of rewrite rules | |
| 731 | existflags bits indicating which rewrites exist | |
| 732 | replace if TRUE, the new header is inserted into the header chain | |
| 733 | after the old one, and the old one is marked replaced | |
| 734 | ||
| 735 | Returns: NULL if header unchanged; otherwise the rewritten header | |
| 736 | */ | |
| 737 | ||
| 738 | header_line * | |
| 55414b25 JH |
739 | rewrite_header(header_line *h, |
| 740 | const uschar *routed_old, const uschar *routed_new, | |
| 059ec3d9 PH |
741 | rewrite_rule *rewrite_rules, int existflags, BOOL replace) |
| 742 | { | |
| 743 | switch (h->type) | |
| 744 | { | |
| 745 | case htype_sender: | |
| 746 | return rewrite_one_header(h, rewrite_sender, routed_old, routed_new, | |
| 747 | rewrite_rules, existflags, replace); | |
| 748 | ||
| 749 | case htype_from: | |
| 750 | return rewrite_one_header(h, rewrite_from, routed_old, routed_new, | |
| 751 | rewrite_rules, existflags, replace); | |
| 752 | ||
| 753 | case htype_to: | |
| 754 | return rewrite_one_header(h, rewrite_to, routed_old, routed_new, | |
| 755 | rewrite_rules, existflags, replace); | |
| 756 | ||
| 757 | case htype_cc: | |
| 758 | return rewrite_one_header(h, rewrite_cc, routed_old, routed_new, | |
| 759 | rewrite_rules, existflags, replace); | |
| 760 | ||
| 761 | case htype_bcc: | |
| 762 | return rewrite_one_header(h, rewrite_bcc, routed_old, routed_new, | |
| 763 | rewrite_rules, existflags, replace); | |
| 764 | ||
| 765 | case htype_reply_to: | |
| 766 | return rewrite_one_header(h, rewrite_replyto, routed_old, routed_new, | |
| 767 | rewrite_rules, existflags, replace); | |
| 768 | } | |
| 769 | ||
| 770 | return NULL; | |
| 771 | } | |
| 772 | ||
| 773 | ||
| 774 | ||
| 775 | /************************************************ | |
| 776 | * Test rewriting rules * | |
| 777 | ************************************************/ | |
| 778 | ||
| 779 | /* Called from the mainline as a result of the -brw option. Test the | |
| 780 | address for all possible cases. | |
| 781 | ||
| 782 | Argument: the address to test | |
| 783 | Returns: nothing | |
| 784 | */ | |
| 785 | ||
| 786 | void rewrite_test(uschar *s) | |
| 787 | { | |
| 788 | uschar *recipient, *error; | |
| 789 | int i, start, end, domain; | |
| 790 | BOOL done_smtp = FALSE; | |
| 791 | ||
| 792 | if (rewrite_existflags == 0) | |
| 793 | { | |
| 794 | printf("No rewrite rules are defined\n"); | |
| 795 | return; | |
| 796 | } | |
| 797 | ||
| 798 | /* Do SMTP rewrite only if a rule with the S flag exists. Allow <> by | |
| 799 | pretending it is a sender. */ | |
| 800 | ||
| 801 | if ((rewrite_existflags & rewrite_smtp) != 0) | |
| 802 | { | |
| 803 | uschar *new = rewrite_one(s, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE, | |
| 804 | US"", global_rewrite_rules); | |
| 805 | if (new != s) | |
| 806 | { | |
| 807 | if (*new == 0) | |
| 808 | printf(" SMTP: <>\n"); | |
| 809 | else | |
| 810 | printf(" SMTP: %s\n", new); | |
| 811 | done_smtp = TRUE; | |
| 812 | } | |
| 813 | } | |
| 814 | ||
| 815 | /* Do the other rewrites only if a rule without the S flag exists */ | |
| 816 | ||
| 817 | if ((rewrite_existflags & ~rewrite_smtp) == 0) return; | |
| 818 | ||
| 819 | /* Qualify if necessary before extracting the address */ | |
| 820 | ||
| 821 | if (parse_find_at(s) == NULL) | |
| 822 | s = string_sprintf("%s@%s", s, qualify_domain_recipient); | |
| 823 | ||
| 824 | recipient = parse_extract_address(s, &error, &start, &end, &domain, FALSE); | |
| 825 | ||
| 826 | if (recipient == NULL) | |
| 827 | { | |
| 828 | if (!done_smtp) | |
| 829 | printf("Syntax error in %s\n%c%s\n", s, toupper(error[0]), error+1); | |
| 830 | return; | |
| 831 | } | |
| 832 | ||
| 833 | for (i = 0; i < 8; i++) | |
| 834 | { | |
| 835 | BOOL whole = FALSE; | |
| 836 | int flag = 1 << i; | |
| 837 | uschar *new = rewrite_one(recipient, flag, &whole, FALSE, US"", | |
| 838 | global_rewrite_rules); | |
| 839 | printf("%s: ", rrname[i]); | |
| 840 | if (*new == 0) | |
| 841 | printf("<>\n"); | |
| 842 | else if (whole || (flag & rewrite_all_headers) == 0) | |
| 843 | printf("%s\n", CS new); | |
| 844 | else printf("%.*s%s%s\n", start, s, new, s+end); | |
| 845 | } | |
| 846 | } | |
| 847 | ||
| 848 | /* End of rewrite.c */ |