Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
3386088d | 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions concerned with routing, and the list of generic router options. */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
12 | ||
13 | ||
14 | ||
15 | /* Generic options for routers, all of which live inside router_instance | |
16 | data blocks and which therefore have the opt_public flag set. */ | |
17 | ||
18 | optionlist optionlist_routers[] = { | |
19 | { "*expand_group", opt_stringptr | opt_hidden | opt_public, | |
20 | (void *)(offsetof(router_instance, expand_gid)) }, | |
21 | { "*expand_more", opt_stringptr | opt_hidden | opt_public, | |
22 | (void *)(offsetof(router_instance, expand_more)) }, | |
23 | { "*expand_unseen", opt_stringptr | opt_hidden | opt_public, | |
24 | (void *)(offsetof(router_instance, expand_unseen)) }, | |
25 | { "*expand_user", opt_stringptr | opt_hidden | opt_public, | |
26 | (void *)(offsetof(router_instance, expand_uid)) }, | |
27 | { "*set_group", opt_bool | opt_hidden | opt_public, | |
28 | (void *)(offsetof(router_instance, gid_set)) }, | |
29 | { "*set_user", opt_bool | opt_hidden | opt_public, | |
30 | (void *)(offsetof(router_instance, uid_set)) }, | |
31 | { "address_data", opt_stringptr|opt_public, | |
32 | (void *)(offsetof(router_instance, address_data)) }, | |
33 | { "address_test", opt_bool|opt_public, | |
34 | (void *)(offsetof(router_instance, address_test)) }, | |
8523533c TK |
35 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
36 | { "bmi_deliver_alternate", opt_bool | opt_public, | |
37 | (void *)(offsetof(router_instance, bmi_deliver_alternate)) }, | |
38 | { "bmi_deliver_default", opt_bool | opt_public, | |
39 | (void *)(offsetof(router_instance, bmi_deliver_default)) }, | |
40 | { "bmi_dont_deliver", opt_bool | opt_public, | |
41 | (void *)(offsetof(router_instance, bmi_dont_deliver)) }, | |
42 | { "bmi_rule", opt_stringptr|opt_public, | |
43 | (void *)(offsetof(router_instance, bmi_rule)) }, | |
44 | #endif | |
059ec3d9 PH |
45 | { "cannot_route_message", opt_stringptr | opt_public, |
46 | (void *)(offsetof(router_instance, cannot_route_message)) }, | |
47 | { "caseful_local_part", opt_bool | opt_public, | |
48 | (void *)(offsetof(router_instance, caseful_local_part)) }, | |
49 | { "check_local_user", opt_bool | opt_public, | |
50 | (void *)(offsetof(router_instance, check_local_user)) }, | |
846726c5 | 51 | { "condition", opt_stringptr|opt_public|opt_rep_con, |
059ec3d9 PH |
52 | (void *)offsetof(router_instance, condition) }, |
53 | { "debug_print", opt_stringptr | opt_public, | |
54 | (void *)offsetof(router_instance, debug_string) }, | |
55 | { "disable_logging", opt_bool | opt_public, | |
56 | (void *)offsetof(router_instance, disable_logging) }, | |
99c1bb4e | 57 | { "dnssec_request_domains", opt_stringptr|opt_public, |
7cd171b7 | 58 | (void *)offsetof(router_instance, dnssec.request) }, |
99c1bb4e | 59 | { "dnssec_require_domains", opt_stringptr|opt_public, |
7cd171b7 | 60 | (void *)offsetof(router_instance, dnssec.require) }, |
059ec3d9 PH |
61 | { "domains", opt_stringptr|opt_public, |
62 | (void *)offsetof(router_instance, domains) }, | |
63 | { "driver", opt_stringptr|opt_public, | |
64 | (void *)offsetof(router_instance, driver_name) }, | |
6c1c3d1d WB |
65 | { "dsn_lasthop", opt_bool|opt_public, |
66 | (void *)offsetof(router_instance, dsn_lasthop) }, | |
059ec3d9 PH |
67 | { "errors_to", opt_stringptr|opt_public, |
68 | (void *)(offsetof(router_instance, errors_to)) }, | |
69 | { "expn", opt_bool|opt_public, | |
70 | (void *)offsetof(router_instance, expn) }, | |
71 | { "fail_verify", opt_bool_verify|opt_hidden|opt_public, | |
72 | (void *)offsetof(router_instance, fail_verify_sender) }, | |
73 | { "fail_verify_recipient", opt_bool|opt_public, | |
74 | (void *)offsetof(router_instance, fail_verify_recipient) }, | |
75 | { "fail_verify_sender", opt_bool|opt_public, | |
76 | (void *)offsetof(router_instance, fail_verify_sender) }, | |
77 | { "fallback_hosts", opt_stringptr|opt_public, | |
78 | (void *)offsetof(router_instance, fallback_hosts) }, | |
79 | { "group", opt_expand_gid | opt_public, | |
80 | (void *)(offsetof(router_instance, gid)) }, | |
846726c5 | 81 | { "headers_add", opt_stringptr|opt_public|opt_rep_str, |
059ec3d9 | 82 | (void *)offsetof(router_instance, extra_headers) }, |
846726c5 | 83 | { "headers_remove", opt_stringptr|opt_public|opt_rep_str, |
059ec3d9 PH |
84 | (void *)offsetof(router_instance, remove_headers) }, |
85 | { "ignore_target_hosts",opt_stringptr|opt_public, | |
86 | (void *)offsetof(router_instance, ignore_target_hosts) }, | |
87 | { "initgroups", opt_bool | opt_public, | |
88 | (void *)(offsetof(router_instance, initgroups)) }, | |
89 | { "local_part_prefix", opt_stringptr|opt_public, | |
90 | (void *)offsetof(router_instance, prefix) }, | |
91 | { "local_part_prefix_optional",opt_bool|opt_public, | |
92 | (void *)offsetof(router_instance, prefix_optional) }, | |
93 | { "local_part_suffix", opt_stringptr|opt_public, | |
94 | (void *)offsetof(router_instance, suffix) }, | |
95 | { "local_part_suffix_optional",opt_bool|opt_public, | |
96 | (void *)offsetof(router_instance, suffix_optional) }, | |
97 | { "local_parts", opt_stringptr|opt_public, | |
98 | (void *)offsetof(router_instance, local_parts) }, | |
99 | { "log_as_local", opt_bool|opt_public, | |
100 | (void *)offsetof(router_instance, log_as_local) }, | |
101 | { "more", opt_expand_bool|opt_public, | |
102 | (void *)offsetof(router_instance, more) }, | |
103 | { "pass_on_timeout", opt_bool|opt_public, | |
104 | (void *)offsetof(router_instance, pass_on_timeout) }, | |
105 | { "pass_router", opt_stringptr|opt_public, | |
106 | (void *)offsetof(router_instance, pass_router_name) }, | |
107 | { "redirect_router", opt_stringptr|opt_public, | |
108 | (void *)offsetof(router_instance, redirect_router_name) }, | |
109 | { "require_files", opt_stringptr|opt_public, | |
110 | (void *)offsetof(router_instance, require_files) }, | |
111 | { "retry_use_local_part", opt_bool|opt_public, | |
112 | (void *)offsetof(router_instance, retry_use_local_part) }, | |
113 | { "router_home_directory", opt_stringptr|opt_public, | |
114 | (void *)offsetof(router_instance, router_home_directory) }, | |
115 | { "self", opt_stringptr|opt_public, | |
116 | (void *)(offsetof(router_instance, self)) }, | |
117 | { "senders", opt_stringptr|opt_public, | |
118 | (void *)offsetof(router_instance, senders) }, | |
119 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS | |
120 | { "translate_ip_address", opt_stringptr|opt_public, | |
121 | (void *)offsetof(router_instance, translate_ip_address) }, | |
122 | #endif | |
123 | { "transport", opt_stringptr|opt_public, | |
124 | (void *)offsetof(router_instance, transport_name) }, | |
125 | { "transport_current_directory", opt_stringptr|opt_public, | |
126 | (void *)offsetof(router_instance, current_directory) }, | |
127 | { "transport_home_directory", opt_stringptr|opt_public, | |
128 | (void *)offsetof(router_instance, home_directory) }, | |
129 | { "unseen", opt_expand_bool|opt_public, | |
130 | (void *)offsetof(router_instance, unseen) }, | |
131 | { "user", opt_expand_uid | opt_public, | |
132 | (void *)(offsetof(router_instance, uid)) }, | |
133 | { "verify", opt_bool_verify|opt_hidden|opt_public, | |
134 | (void *)offsetof(router_instance, verify_sender) }, | |
135 | { "verify_only", opt_bool|opt_public, | |
136 | (void *)offsetof(router_instance, verify_only) }, | |
137 | { "verify_recipient", opt_bool|opt_public, | |
138 | (void *)offsetof(router_instance, verify_recipient) }, | |
139 | { "verify_sender", opt_bool|opt_public, | |
140 | (void *)offsetof(router_instance, verify_sender) } | |
141 | }; | |
142 | ||
143 | int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist); | |
144 | ||
145 | ||
c0b9d3e8 JH |
146 | void |
147 | readconf_options_routers(void) | |
148 | { | |
149 | struct router_info * ri; | |
150 | ||
151 | readconf_options_from_list(optionlist_routers, nelem(optionlist_routers), US"RT"); | |
152 | ||
153 | for (ri = routers_available; ri->driver_name[0]; ri++) | |
154 | readconf_options_from_list(ri->options, (unsigned)*ri->options_count, ri->driver_name); | |
155 | } | |
059ec3d9 PH |
156 | |
157 | /************************************************* | |
158 | * Set router pointer from name * | |
159 | *************************************************/ | |
160 | ||
161 | /* This function is used for the redirect_router and pass_router options and | |
162 | called from route_init() below. | |
163 | ||
164 | Arguments: | |
165 | r the current router | |
166 | name new router name | |
167 | ptr where to put the pointer | |
168 | after TRUE if router must follow this one | |
169 | ||
170 | Returns: nothing. | |
171 | */ | |
172 | ||
173 | static void | |
174 | set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after) | |
175 | { | |
176 | BOOL afterthis = FALSE; | |
177 | router_instance *rr; | |
178 | ||
9cd12950 | 179 | for (rr = routers; rr; rr = rr->next) |
059ec3d9 PH |
180 | { |
181 | if (Ustrcmp(name, rr->name) == 0) | |
182 | { | |
183 | *ptr = rr; | |
184 | break; | |
185 | } | |
186 | if (rr == r) afterthis = TRUE; | |
187 | } | |
188 | ||
9cd12950 | 189 | if (!rr) |
059ec3d9 PH |
190 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, |
191 | "new_router \"%s\" not found for \"%s\" router", name, r->name); | |
192 | ||
193 | if (after && !afterthis) | |
194 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, | |
195 | "new_router \"%s\" does not follow \"%s\" router", name, r->name); | |
196 | } | |
197 | ||
198 | ||
199 | ||
200 | /************************************************* | |
201 | * Initialize router list * | |
202 | *************************************************/ | |
203 | ||
204 | /* Read the routers section of the configuration file, and set up a chain of | |
205 | router instances according to its contents. Each router has generic options and | |
206 | may also have its own private options. This function is only ever called when | |
207 | routers == NULL. We use generic code in readconf to do the work. It will set | |
208 | values from the configuration file, and then call the driver's initialization | |
209 | function. */ | |
210 | ||
211 | void | |
212 | route_init(void) | |
213 | { | |
214 | router_instance *r; | |
215 | ||
216 | readconf_driver_init(US"router", | |
217 | (driver_instance **)(&routers), /* chain anchor */ | |
218 | (driver_info *)routers_available, /* available drivers */ | |
219 | sizeof(router_info), /* size of info blocks */ | |
220 | &router_defaults, /* default values for generic options */ | |
221 | sizeof(router_instance), /* size of instance block */ | |
222 | optionlist_routers, /* generic options */ | |
223 | optionlist_routers_size); | |
224 | ||
9cd12950 | 225 | for (r = routers; r; r = r->next) |
059ec3d9 PH |
226 | { |
227 | uschar *s = r->self; | |
228 | ||
229 | /* If log_as_local is unset, its overall default is FALSE. (The accept | |
230 | router defaults it to TRUE.) */ | |
231 | ||
232 | if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE; | |
233 | ||
234 | /* Check for transport or no transport on certain routers */ | |
235 | ||
236 | if ((r->info->ri_flags & ri_yestransport) != 0 && | |
237 | r->transport_name == NULL && | |
238 | !r->verify_only) | |
239 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " | |
240 | "a transport is required for this router", r->name); | |
241 | ||
242 | if ((r->info->ri_flags & ri_notransport) != 0 && | |
243 | r->transport_name != NULL) | |
244 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " | |
245 | "a transport must not be defined for this router", r->name); | |
246 | ||
247 | /* The "self" option needs to be decoded into a code value and possibly a | |
248 | new domain string and a rewrite boolean. */ | |
249 | ||
250 | if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze; | |
251 | else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer; | |
252 | else if (Ustrcmp(s, "send") == 0) r->self_code = self_send; | |
253 | else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass; | |
254 | else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail; | |
255 | else if (Ustrncmp(s, "reroute:", 8) == 0) | |
256 | { | |
257 | s += 8; | |
258 | while (isspace(*s)) s++; | |
259 | if (Ustrncmp(s, "rewrite:", 8) == 0) | |
260 | { | |
261 | r->self_rewrite = TRUE; | |
262 | s += 8; | |
263 | while (isspace(*s)) s++; | |
264 | } | |
265 | r->self = s; | |
266 | r->self_code = self_reroute; | |
267 | } | |
268 | ||
269 | else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
270 | "%s is not valid for the self option", r->name, s); | |
271 | ||
272 | /* If any router has check_local_user set, default retry_use_local_part | |
273 | TRUE; otherwise its default is FALSE. */ | |
274 | ||
275 | if (r->retry_use_local_part == TRUE_UNSET) | |
276 | r->retry_use_local_part = r->check_local_user; | |
277 | ||
278 | /* Build a host list if fallback hosts is set. */ | |
279 | ||
280 | host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE); | |
281 | ||
282 | /* Check redirect_router and pass_router are valid */ | |
283 | ||
284 | if (r->redirect_router_name != NULL) | |
285 | set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE); | |
286 | ||
287 | if (r->pass_router_name != NULL) | |
288 | set_router(r, r->pass_router_name, &(r->pass_router), TRUE); | |
6c1c3d1d | 289 | |
9cd12950 JH |
290 | DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name, |
291 | r->dsn_lasthop ? "lasthop set" : "propagating DSN"); | |
059ec3d9 PH |
292 | } |
293 | } | |
294 | ||
295 | ||
296 | ||
297 | /************************************************* | |
298 | * Tidy up after routing * | |
299 | *************************************************/ | |
300 | ||
301 | /* Routers are entitled to keep hold of certain resources in their instance | |
302 | blocks so as to save setting them up each time. An example is an open file. | |
303 | Such routers must provide a tidyup entry point which is called when all routing | |
304 | is finished, via this function. */ | |
305 | ||
306 | void | |
307 | route_tidyup(void) | |
308 | { | |
309 | router_instance *r; | |
9cd12950 JH |
310 | for (r = routers; r; r = r->next) |
311 | if (r->info->tidyup) (r->info->tidyup)(r); | |
059ec3d9 PH |
312 | } |
313 | ||
314 | ||
315 | ||
316 | /************************************************* | |
317 | * Check local part for prefix * | |
318 | *************************************************/ | |
319 | ||
320 | /* This function is handed a local part and a list of possible prefixes; if any | |
321 | one matches, return the prefix length. A prefix beginning with '*' is a | |
322 | wildcard. | |
323 | ||
324 | Arguments: | |
325 | local_part the local part to check | |
326 | prefixes the list of prefixes | |
327 | ||
328 | Returns: length of matching prefix or zero | |
329 | */ | |
330 | ||
331 | int | |
55414b25 | 332 | route_check_prefix(const uschar *local_part, const uschar *prefixes) |
059ec3d9 PH |
333 | { |
334 | int sep = 0; | |
335 | uschar *prefix; | |
55414b25 | 336 | const uschar *listptr = prefixes; |
059ec3d9 PH |
337 | uschar prebuf[64]; |
338 | ||
9cd12950 | 339 | while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf)))) |
059ec3d9 PH |
340 | { |
341 | int plen = Ustrlen(prefix); | |
342 | if (prefix[0] == '*') | |
343 | { | |
55414b25 | 344 | const uschar *p; |
059ec3d9 PH |
345 | prefix++; |
346 | for (p = local_part + Ustrlen(local_part) - (--plen); | |
347 | p >= local_part; p--) | |
348 | if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part; | |
349 | } | |
350 | else | |
351 | if (strncmpic(prefix, local_part, plen) == 0) return plen; | |
352 | } | |
353 | ||
354 | return 0; | |
355 | } | |
356 | ||
357 | ||
358 | ||
359 | /************************************************* | |
360 | * Check local part for suffix * | |
361 | *************************************************/ | |
362 | ||
363 | /* This function is handed a local part and a list of possible suffixes; | |
364 | if any one matches, return the suffix length. A suffix ending with '*' | |
365 | is a wildcard. | |
366 | ||
367 | Arguments: | |
368 | local_part the local part to check | |
369 | suffixes the list of suffixes | |
370 | ||
371 | Returns: length of matching suffix or zero | |
372 | */ | |
373 | ||
374 | int | |
55414b25 | 375 | route_check_suffix(const uschar *local_part, const uschar *suffixes) |
059ec3d9 PH |
376 | { |
377 | int sep = 0; | |
378 | int alen = Ustrlen(local_part); | |
379 | uschar *suffix; | |
55414b25 | 380 | const uschar *listptr = suffixes; |
059ec3d9 PH |
381 | uschar sufbuf[64]; |
382 | ||
9cd12950 | 383 | while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf)))) |
059ec3d9 PH |
384 | { |
385 | int slen = Ustrlen(suffix); | |
386 | if (suffix[slen-1] == '*') | |
387 | { | |
55414b25 | 388 | const uschar *p, *pend; |
059ec3d9 PH |
389 | pend = local_part + alen - (--slen) + 1; |
390 | for (p = local_part; p < pend; p++) | |
391 | if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part); | |
392 | } | |
393 | else | |
394 | if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0) | |
395 | return slen; | |
396 | } | |
397 | ||
398 | return 0; | |
399 | } | |
400 | ||
401 | ||
402 | ||
403 | ||
404 | /************************************************* | |
405 | * Check local part, domain, or sender * | |
406 | *************************************************/ | |
407 | ||
408 | /* The checks in check_router_conditions() require similar code, so we use | |
409 | this function to save repetition. | |
410 | ||
411 | Arguments: | |
412 | rname router name for error messages | |
413 | type type of check, for error message | |
414 | list domains, local_parts, or senders list | |
415 | anchorptr -> tree for possibly cached items (domains) | |
416 | cache_bits cached bits pointer | |
417 | listtype MCL_DOMAIN for domain check | |
418 | MCL_LOCALPART for local part check | |
419 | MCL_ADDRESS for sender check | |
420 | domloc current domain, current local part, or NULL for sender check | |
421 | ldata where to put lookup data | |
422 | caseless passed on to match_isinlist() | |
423 | perror where to put an error message | |
424 | ||
425 | Returns: OK item is in list | |
426 | SKIP item is not in list, router is to be skipped | |
427 | DEFER lookup or other defer | |
428 | */ | |
429 | ||
430 | static int | |
55414b25 JH |
431 | route_check_dls(uschar *rname, uschar *type, const uschar *list, |
432 | tree_node **anchorptr, unsigned int *cache_bits, int listtype, | |
433 | const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror) | |
059ec3d9 | 434 | { |
9cd12950 | 435 | if (!list) return OK; /* Empty list always succeeds */ |
059ec3d9 PH |
436 | |
437 | DEBUG(D_route) debug_printf("checking %s\n", type); | |
438 | ||
439 | /* The domain and local part use the same matching function, whereas sender | |
440 | has its own code. */ | |
441 | ||
9cd12950 JH |
442 | switch(domloc |
443 | ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype, | |
444 | caseless, ldata) | |
445 | : match_address_list(sender_address ? sender_address : US"", | |
446 | TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data) | |
447 | ) | |
059ec3d9 PH |
448 | { |
449 | case OK: | |
9cd12950 | 450 | return OK; |
059ec3d9 PH |
451 | |
452 | case FAIL: | |
9cd12950 JH |
453 | *perror = string_sprintf("%s router skipped: %s mismatch", rname, type); |
454 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
455 | return SKIP; | |
059ec3d9 PH |
456 | |
457 | default: /* Paranoia, and keeps compilers happy */ | |
458 | case DEFER: | |
9cd12950 JH |
459 | *perror = string_sprintf("%s check lookup or other defer", type); |
460 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
461 | return DEFER; | |
059ec3d9 PH |
462 | } |
463 | } | |
464 | ||
465 | ||
466 | ||
467 | /************************************************* | |
468 | * Check access by a given uid/gid * | |
469 | *************************************************/ | |
470 | ||
471 | /* This function checks whether a given uid/gid has access to a given file or | |
472 | directory. It is called only from check_files() below. This is hopefully a | |
473 | cheapish check that does the job most of the time. Exim does *not* rely on this | |
474 | test when actually accessing any file. The test is used when routing to make it | |
475 | possible to take actions such as "if user x can access file y then run this | |
476 | router". | |
477 | ||
478 | During routing, Exim is normally running as root, and so the test will work | |
479 | except for NFS non-root mounts. When verifying during message reception, Exim | |
480 | is running as "exim", so the test may not work. This is a limitation of the | |
481 | Exim design. | |
482 | ||
483 | Code in check_files() below detects the case when it cannot stat() the file (as | |
484 | root), and in that situation it uses a setuid subprocess in which to run this | |
485 | test. | |
486 | ||
487 | Arguments: | |
488 | path the path to check | |
489 | uid the user | |
490 | gid the group | |
491 | bits the bits required in the final component | |
492 | ||
493 | Returns: TRUE | |
494 | FALSE errno=EACCES or ENOENT (or others from realpath or stat) | |
495 | */ | |
496 | ||
497 | static BOOL | |
498 | route_check_access(uschar *path, uid_t uid, gid_t gid, int bits) | |
499 | { | |
500 | struct stat statbuf; | |
501 | uschar *slash; | |
502 | uschar *rp = US realpath(CS path, CS big_buffer); | |
503 | uschar *sp = rp + 1; | |
504 | ||
505 | DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path, | |
506 | (int)uid, (int)gid, bits); | |
507 | ||
9cd12950 | 508 | if (!rp) return FALSE; |
059ec3d9 | 509 | |
9cd12950 | 510 | while ((slash = Ustrchr(sp, '/'))) |
059ec3d9 PH |
511 | { |
512 | *slash = 0; | |
513 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
514 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
515 | if ((statbuf.st_mode & | |
516 | ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001) | |
517 | ) == 0) | |
518 | { | |
519 | errno = EACCES; | |
520 | return FALSE; | |
521 | } | |
522 | *slash = '/'; | |
523 | sp = slash + 1; | |
524 | } | |
525 | ||
526 | /* Down to the final component */ | |
527 | ||
528 | DEBUG(D_route) debug_printf("stat %s\n", rp); | |
529 | ||
530 | if (Ustat(rp, &statbuf) < 0) return FALSE; | |
531 | ||
532 | if (statbuf.st_uid == uid) bits = bits << 6; | |
533 | else if (statbuf.st_gid == gid) bits = bits << 3; | |
534 | if ((statbuf.st_mode & bits) != bits) | |
535 | { | |
536 | errno = EACCES; | |
537 | return FALSE; | |
538 | } | |
539 | ||
540 | DEBUG(D_route) debug_printf("route_check_access() succeeded\n"); | |
541 | return TRUE; | |
542 | } | |
543 | ||
544 | ||
545 | ||
546 | /************************************************* | |
547 | * Do file existence tests * | |
548 | *************************************************/ | |
549 | ||
550 | /* This function is given a colon-separated list of file tests, each of which | |
551 | is expanded before use. A test consists of a file name, optionally preceded by | |
552 | ! (require non-existence) and/or + for handling permission denied (+ means | |
553 | treat as non-existing). | |
554 | ||
555 | An item that contains no slashes is interpreted as a username or id, with an | |
556 | optional group id, for checking access to the file. This cannot be done | |
557 | "perfectly", but it is good enough for a number of applications. | |
558 | ||
559 | Arguments: | |
560 | s a colon-separated list of file tests or NULL | |
561 | perror a pointer to an anchor for an error text in the case of a DEFER | |
562 | ||
563 | Returns: OK if s == NULL or all tests are as required | |
564 | DEFER if the existence of at least one of the files is | |
565 | unclear (an error other than non-existence occurred); | |
566 | DEFER if an expansion failed | |
567 | DEFER if a name is not absolute | |
568 | DEFER if problems with user/group | |
569 | SKIP otherwise | |
570 | */ | |
571 | ||
55414b25 JH |
572 | static int |
573 | check_files(const uschar *s, uschar **perror) | |
059ec3d9 PH |
574 | { |
575 | int sep = 0; /* List has default separators */ | |
576 | uid_t uid = 0; /* For picky compilers */ | |
577 | gid_t gid = 0; /* For picky compilers */ | |
578 | BOOL ugid_set = FALSE; | |
55414b25 JH |
579 | const uschar *listptr; |
580 | uschar *check; | |
059ec3d9 PH |
581 | uschar buffer[1024]; |
582 | ||
9cd12950 | 583 | if (!s) return OK; |
059ec3d9 PH |
584 | |
585 | DEBUG(D_route) debug_printf("checking require_files\n"); | |
586 | ||
587 | listptr = s; | |
55414b25 | 588 | while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))) |
059ec3d9 PH |
589 | { |
590 | int rc; | |
591 | int eacces_code = 0; | |
592 | BOOL invert = FALSE; | |
593 | struct stat statbuf; | |
594 | uschar *ss = expand_string(check); | |
595 | ||
9cd12950 | 596 | if (!ss) |
059ec3d9 PH |
597 | { |
598 | if (expand_string_forcedfail) continue; | |
599 | *perror = string_sprintf("failed to expand \"%s\" for require_files: %s", | |
600 | check, expand_string_message); | |
601 | goto RETURN_DEFER; | |
602 | } | |
603 | ||
604 | /* Empty items are just skipped */ | |
605 | ||
606 | if (*ss == 0) continue; | |
607 | ||
608 | /* If there are no slashes in the string, we have a user name or uid, with | |
609 | optional group/gid. */ | |
610 | ||
611 | if (Ustrchr(ss, '/') == NULL) | |
612 | { | |
613 | BOOL ok; | |
614 | struct passwd *pw; | |
615 | uschar *comma = Ustrchr(ss, ','); | |
616 | ||
617 | /* If there's a comma, temporarily terminate the user name/number | |
618 | at that point. Then set the uid. */ | |
619 | ||
620 | if (comma != NULL) *comma = 0; | |
621 | ok = route_finduser(ss, &pw, &uid); | |
622 | if (comma != NULL) *comma = ','; | |
623 | ||
624 | if (!ok) | |
625 | { | |
626 | *perror = string_sprintf("user \"%s\" for require_files not found", ss); | |
627 | goto RETURN_DEFER; | |
628 | } | |
629 | ||
630 | /* If there was no comma, the gid is that associated with the user. */ | |
631 | ||
632 | if (comma == NULL) | |
633 | { | |
634 | if (pw != NULL) gid = pw->pw_gid; else | |
635 | { | |
636 | *perror = string_sprintf("group missing after numerical uid %d for " | |
637 | "require_files", (int)uid); | |
638 | goto RETURN_DEFER; | |
639 | } | |
640 | } | |
641 | else | |
642 | { | |
643 | if (!route_findgroup(comma + 1, &gid)) | |
644 | { | |
645 | *perror = string_sprintf("group \"%s\" for require_files not found\n", | |
646 | comma + 1); | |
647 | goto RETURN_DEFER; | |
648 | } | |
649 | } | |
650 | ||
651 | /* Note that we have values set, and proceed to next item */ | |
652 | ||
653 | DEBUG(D_route) | |
654 | debug_printf("check subsequent files for access by %s\n", ss); | |
655 | ugid_set = TRUE; | |
656 | continue; | |
657 | } | |
658 | ||
659 | /* Path, possibly preceded by + and ! */ | |
660 | ||
661 | if (*ss == '+') | |
662 | { | |
663 | eacces_code = 1; | |
664 | while (isspace((*(++ss)))); | |
665 | } | |
666 | ||
667 | if (*ss == '!') | |
668 | { | |
669 | invert = TRUE; | |
670 | while (isspace((*(++ss)))); | |
671 | } | |
672 | ||
673 | if (*ss != '/') | |
674 | { | |
675 | *perror = string_sprintf("require_files: \"%s\" is not absolute", ss); | |
676 | goto RETURN_DEFER; | |
677 | } | |
678 | ||
679 | /* Stat the file, either as root (while routing) or as exim (while verifying | |
680 | during message reception). */ | |
681 | ||
682 | rc = Ustat(ss, &statbuf); | |
683 | ||
684 | DEBUG(D_route) | |
685 | { | |
686 | debug_printf("file check: %s\n", check); | |
687 | if (ss != check) debug_printf("expanded file: %s\n", ss); | |
688 | debug_printf("stat() yielded %d\n", rc); | |
689 | } | |
690 | ||
691 | /* If permission is denied, and we are running as root (i.e. routing for | |
692 | delivery rather than verifying), and the requirement is to test for access by | |
693 | a particular uid/gid, it must mean that the file is on a non-root-mounted NFS | |
694 | system. In this case, we have to use a subprocess that runs as the relevant | |
695 | uid in order to do the test. */ | |
696 | ||
697 | if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid) | |
698 | { | |
699 | int status; | |
700 | pid_t pid; | |
701 | void (*oldsignal)(int); | |
702 | ||
703 | DEBUG(D_route) debug_printf("root is denied access: forking to check " | |
704 | "in subprocess\n"); | |
705 | ||
706 | /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so | |
707 | that the child process can be waited for, just in case get here with it set | |
708 | otherwise. Save the old state for resetting on the wait. */ | |
709 | ||
710 | oldsignal = signal(SIGCHLD, SIG_DFL); | |
711 | pid = fork(); | |
712 | ||
713 | /* If fork() fails, reinstate the original error and behave as if | |
714 | this block of code were not present. This is the same behavious as happens | |
715 | when Exim is not running as root at this point. */ | |
716 | ||
717 | if (pid < 0) | |
718 | { | |
719 | DEBUG(D_route) | |
720 | debug_printf("require_files: fork failed: %s\n", strerror(errno)); | |
721 | errno = EACCES; | |
722 | goto HANDLE_ERROR; | |
723 | } | |
724 | ||
725 | /* In the child process, change uid and gid, and then do the check using | |
726 | the route_check_access() function. This does more than just stat the file; | |
727 | it tests permissions as well. Return 0 for OK and 1 for failure. */ | |
728 | ||
729 | if (pid == 0) | |
730 | { | |
731 | exim_setugid(uid, gid, TRUE, | |
732 | string_sprintf("require_files check, file=%s", ss)); | |
733 | if (route_check_access(ss, uid, gid, 4)) _exit(0); | |
734 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); | |
735 | _exit(1); | |
736 | } | |
737 | ||
738 | /* In the parent, wait for the child to finish */ | |
739 | ||
740 | while (waitpid(pid, &status, 0) < 0) | |
741 | { | |
742 | if (errno != EINTR) /* unexpected error, interpret as failure */ | |
743 | { | |
744 | status = 1; | |
745 | break; | |
746 | } | |
747 | } | |
748 | ||
749 | signal(SIGCHLD, oldsignal); /* restore */ | |
750 | if ((status == 0) == invert) return SKIP; | |
751 | continue; /* to test the next file */ | |
752 | } | |
753 | ||
754 | /* Control reaches here if the initial stat() succeeds, or fails with an | |
755 | error other than EACCES, or no uid/gid is set, or we are not running as root. | |
756 | If we know the file exists and uid/gid are set, try to check read access for | |
757 | that uid/gid as best we can. */ | |
758 | ||
759 | if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4)) | |
760 | { | |
761 | DEBUG(D_route) debug_printf("route_check_access() failed\n"); | |
762 | rc = -1; | |
763 | } | |
764 | ||
765 | /* Handle error returns from stat() or route_check_access(). The EACESS error | |
766 | is handled specially. At present, we can force it to be treated as | |
767 | non-existence. Write the code so that it will be easy to add forcing for | |
768 | existence if required later. */ | |
769 | ||
770 | HANDLE_ERROR: | |
771 | if (rc < 0) | |
772 | { | |
773 | DEBUG(D_route) debug_printf("errno = %d\n", errno); | |
774 | if (errno == EACCES) | |
775 | { | |
776 | if (eacces_code == 1) | |
777 | { | |
778 | DEBUG(D_route) debug_printf("EACCES => ENOENT\n"); | |
779 | errno = ENOENT; /* Treat as non-existent */ | |
780 | } | |
781 | } | |
782 | if (errno != ENOENT) | |
783 | { | |
784 | *perror = string_sprintf("require_files: error for %s: %s", ss, | |
785 | strerror(errno)); | |
786 | goto RETURN_DEFER; | |
787 | } | |
788 | } | |
789 | ||
790 | /* At this point, rc < 0 => non-existence; rc >= 0 => existence */ | |
791 | ||
792 | if ((rc >= 0) == invert) return SKIP; | |
793 | } | |
794 | ||
795 | return OK; | |
796 | ||
797 | /* Come here on any of the errors that return DEFER. */ | |
798 | ||
799 | RETURN_DEFER: | |
800 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
801 | return DEFER; | |
802 | } | |
803 | ||
804 | ||
805 | ||
806 | ||
807 | ||
808 | /************************************************* | |
809 | * Check for router skipping * | |
810 | *************************************************/ | |
811 | ||
812 | /* This function performs various checks to see whether a router should be | |
813 | skipped. The order in which they are performed is important. | |
814 | ||
815 | Arguments: | |
816 | r pointer to router instance block | |
817 | addr address that is being handled | |
818 | verify the verification type | |
819 | pw ptr to ptr to passwd structure for local user | |
820 | perror for lookup errors | |
821 | ||
822 | Returns: OK if all the tests succeed | |
823 | SKIP if router is to be skipped | |
824 | DEFER for a lookup defer | |
825 | FAIL for address to be failed | |
826 | */ | |
827 | ||
828 | static BOOL | |
829 | check_router_conditions(router_instance *r, address_item *addr, int verify, | |
830 | struct passwd **pw, uschar **perror) | |
831 | { | |
832 | int rc; | |
833 | uschar *check_local_part; | |
06864c44 | 834 | unsigned int *localpart_cache; |
059ec3d9 PH |
835 | |
836 | /* Reset variables to hold a home directory and data from lookup of a domain or | |
837 | local part, and ensure search_find_defer is unset, in case there aren't any | |
838 | actual lookups. */ | |
839 | ||
840 | deliver_home = NULL; | |
841 | deliver_domain_data = NULL; | |
842 | deliver_localpart_data = NULL; | |
843 | sender_data = NULL; | |
844 | local_user_gid = (gid_t)(-1); | |
845 | local_user_uid = (uid_t)(-1); | |
846 | search_find_defer = FALSE; | |
847 | ||
848 | /* Skip this router if not verifying and it has verify_only set */ | |
849 | ||
850 | if ((verify == v_none || verify == v_expn) && r->verify_only) | |
851 | { | |
852 | DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name); | |
853 | return SKIP; | |
854 | } | |
855 | ||
856 | /* Skip this router if testing an address (-bt) and address_test is not set */ | |
857 | ||
858 | if (address_test_mode && !r->address_test) | |
859 | { | |
860 | DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n", | |
861 | r->name); | |
862 | return SKIP; | |
863 | } | |
864 | ||
865 | /* Skip this router if verifying and it hasn't got the appropriate verify flag | |
866 | set. */ | |
867 | ||
868 | if ((verify == v_sender && !r->verify_sender) || | |
869 | (verify == v_recipient && !r->verify_recipient)) | |
870 | { | |
871 | DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n", | |
872 | r->name, verify, r->verify_sender, r->verify_recipient); | |
873 | return SKIP; | |
874 | } | |
875 | ||
876 | /* Skip this router if processing EXPN and it doesn't have expn set */ | |
877 | ||
878 | if (verify == v_expn && !r->expn) | |
879 | { | |
880 | DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name); | |
881 | return SKIP; | |
882 | } | |
883 | ||
884 | /* Skip this router if there's a domain mismatch. */ | |
885 | ||
886 | if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor, | |
55414b25 JH |
887 | addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data, |
888 | MCL_DOMAIN, perror)) != OK) | |
059ec3d9 PH |
889 | return rc; |
890 | ||
891 | /* Skip this router if there's a local part mismatch. We want to pass over the | |
892 | caseful local part, so that +caseful can restore it, even if this router is | |
893 | handling local parts caselessly. However, we can't just pass cc_local_part, | |
894 | because that doesn't have the prefix or suffix stripped. A bit of massaging is | |
06864c44 TF |
895 | required. Also, we only use the match cache for local parts that have not had |
896 | a prefix or suffix stripped. */ | |
059ec3d9 | 897 | |
9cd12950 | 898 | if (!addr->prefix && !addr->suffix) |
06864c44 TF |
899 | { |
900 | localpart_cache = addr->localpart_cache; | |
059ec3d9 | 901 | check_local_part = addr->cc_local_part; |
06864c44 | 902 | } |
059ec3d9 PH |
903 | else |
904 | { | |
06864c44 | 905 | localpart_cache = NULL; |
059ec3d9 | 906 | check_local_part = string_copy(addr->cc_local_part); |
9cd12950 | 907 | if (addr->prefix) |
059ec3d9 | 908 | check_local_part += Ustrlen(addr->prefix); |
9cd12950 | 909 | if (addr->suffix) |
059ec3d9 PH |
910 | check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0; |
911 | } | |
912 | ||
913 | if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts, | |
06864c44 | 914 | &localpartlist_anchor, localpart_cache, MCL_LOCALPART, |
55414b25 JH |
915 | check_local_part, CUSS &deliver_localpart_data, |
916 | !r->caseful_local_part, perror)) != OK) | |
059ec3d9 PH |
917 | return rc; |
918 | ||
919 | /* If the check_local_user option is set, check that the local_part is the | |
920 | login of a local user. Note: the third argument to route_finduser() must be | |
921 | NULL here, to prevent a numeric string being taken as a numeric uid. If the | |
922 | user is found, set deliver_home to the home directory, and also set | |
923 | local_user_{uid,gid}. */ | |
924 | ||
925 | if (r->check_local_user) | |
926 | { | |
927 | DEBUG(D_route) debug_printf("checking for local user\n"); | |
928 | if (!route_finduser(addr->local_part, pw, NULL)) | |
929 | { | |
930 | DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n", | |
931 | r->name, addr->local_part); | |
932 | return SKIP; | |
933 | } | |
934 | deliver_home = string_copy(US (*pw)->pw_dir); | |
935 | local_user_gid = (*pw)->pw_gid; | |
936 | local_user_uid = (*pw)->pw_uid; | |
937 | } | |
938 | ||
939 | /* Set (or override in the case of check_local_user) the home directory if | |
940 | router_home_directory is set. This is done here so that it overrides $home from | |
941 | check_local_user before any subsequent expansions are done. Otherwise, $home | |
942 | could mean different things for different options, which would be extremely | |
943 | confusing. */ | |
944 | ||
9cd12950 | 945 | if (r->router_home_directory) |
059ec3d9 PH |
946 | { |
947 | uschar *router_home = expand_string(r->router_home_directory); | |
9cd12950 | 948 | if (!router_home) |
059ec3d9 PH |
949 | { |
950 | if (!expand_string_forcedfail) | |
951 | { | |
952 | *perror = string_sprintf("failed to expand \"%s\" for " | |
953 | "router_home_directory: %s", r->router_home_directory, | |
954 | expand_string_message); | |
955 | return DEFER; | |
956 | } | |
957 | } | |
958 | else | |
959 | { | |
960 | setflag(addr, af_home_expanded); /* Note set from router_home_directory */ | |
961 | deliver_home = router_home; | |
962 | } | |
963 | } | |
964 | ||
965 | /* Skip if the sender condition is not met. We leave this one till after the | |
966 | local user check so that $home is set - enabling the possiblity of letting | |
967 | individual recipients specify lists of acceptable/unacceptable senders. */ | |
968 | ||
969 | if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL, | |
970 | sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK) | |
971 | return rc; | |
972 | ||
973 | /* This is the point at which we print out the router's debugging string if it | |
974 | is set. We wait till here so as to have $home available for local users (and | |
975 | anyway, we don't want too much stuff for skipped routers). */ | |
976 | ||
977 | debug_print_string(r->debug_string); | |
978 | ||
979 | /* Perform file existence tests. */ | |
980 | ||
981 | if ((rc = check_files(r->require_files, perror)) != OK) | |
982 | { | |
983 | DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name, | |
984 | (rc == SKIP)? "skipped" : "deferred"); | |
985 | return rc; | |
986 | } | |
987 | ||
988 | /* Now the general condition test. */ | |
989 | ||
9cd12950 | 990 | if (r->condition) |
059ec3d9 | 991 | { |
adaa0e2c | 992 | DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition); |
059ec3d9 PH |
993 | if (!expand_check_condition(r->condition, r->name, US"router")) |
994 | { | |
995 | if (search_find_defer) | |
996 | { | |
997 | *perror = US"condition check lookup defer"; | |
998 | DEBUG(D_route) debug_printf("%s\n", *perror); | |
999 | return DEFER; | |
1000 | } | |
1001 | DEBUG(D_route) | |
1002 | debug_printf("%s router skipped: condition failure\n", r->name); | |
1003 | return SKIP; | |
1004 | } | |
1005 | } | |
1006 | ||
8523533c TK |
1007 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
1008 | /* check if a specific Brightmail AntiSpam rule fired on the message */ | |
9cd12950 JH |
1009 | if (r->bmi_rule) |
1010 | { | |
8523533c | 1011 | DEBUG(D_route) debug_printf("checking bmi_rule\n"); |
9cd12950 JH |
1012 | if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0) |
1013 | { /* none of the rules fired */ | |
8523533c TK |
1014 | DEBUG(D_route) |
1015 | debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name); | |
1016 | return SKIP; | |
9cd12950 JH |
1017 | } |
1018 | } | |
8523533c TK |
1019 | |
1020 | /* check if message should not be delivered */ | |
9cd12950 JH |
1021 | if (r->bmi_dont_deliver && bmi_deliver == 1) |
1022 | { | |
1023 | DEBUG(D_route) | |
1024 | debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name); | |
1025 | return SKIP; | |
1026 | } | |
8523533c TK |
1027 | |
1028 | /* check if message should go to an alternate location */ | |
9cd12950 JH |
1029 | if ( r->bmi_deliver_alternate |
1030 | && (bmi_deliver == 0 || !bmi_alt_location) | |
1031 | ) | |
1032 | { | |
1033 | DEBUG(D_route) | |
1034 | debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name); | |
1035 | return SKIP; | |
1036 | } | |
8523533c TK |
1037 | |
1038 | /* check if message should go to default location */ | |
9cd12950 JH |
1039 | if ( r->bmi_deliver_default |
1040 | && (bmi_deliver == 0 || bmi_alt_location) | |
1041 | ) | |
1042 | { | |
1043 | DEBUG(D_route) | |
1044 | debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name); | |
1045 | return SKIP; | |
1046 | } | |
8523533c TK |
1047 | #endif |
1048 | ||
059ec3d9 PH |
1049 | /* All the checks passed. */ |
1050 | ||
1051 | return OK; | |
1052 | } | |
1053 | ||
1054 | ||
1055 | ||
1056 | ||
1057 | /************************************************* | |
1058 | * Find a local user * | |
1059 | *************************************************/ | |
1060 | ||
1061 | /* Try several times (if configured) to find a local user, in case delays in | |
1062 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam() | |
1063 | doesn't have some kind of indication as to why it has failed. If the string | |
1064 | given consists entirely of digits, and the third argument is not NULL, assume | |
1065 | the string is the numerical value of the uid. Otherwise it is looked up using | |
1066 | getpwnam(). The uid is passed back via return_uid, if not NULL, and the | |
1067 | pointer to a passwd structure, if found, is passed back via pw, if not NULL. | |
1068 | ||
1069 | Because this may be called several times in succession for the same user for | |
1070 | different routers, cache the result of the previous getpwnam call so that it | |
1071 | can be re-used. Note that we can't just copy the structure, as the store it | |
1072 | points to can get trashed. | |
1073 | ||
1074 | Arguments: | |
1075 | s the login name or textual form of the numerical uid of the user | |
1076 | pw if not NULL, return the result of getpwnam here, or set NULL | |
1077 | if no call to getpwnam is made (s numeric, return_uid != NULL) | |
1078 | return_uid if not NULL, return the uid via this address | |
1079 | ||
1080 | Returns: TRUE if s is numerical or was looked up successfully | |
1081 | ||
1082 | */ | |
1083 | ||
1084 | static struct passwd pwcopy; | |
1085 | static struct passwd *lastpw = NULL; | |
1086 | static uschar lastname[48] = { 0 }; | |
1087 | static uschar lastdir[128]; | |
1088 | static uschar lastgecos[128]; | |
1089 | static uschar lastshell[128]; | |
1090 | ||
1091 | BOOL | |
55414b25 | 1092 | route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid) |
059ec3d9 | 1093 | { |
d8fe1c03 PH |
1094 | BOOL cache_set = (Ustrcmp(lastname, s) == 0); |
1095 | ||
1096 | DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s, | |
1097 | cache_set? "using cached result" : "cache not available"); | |
1098 | ||
1099 | if (!cache_set) | |
059ec3d9 PH |
1100 | { |
1101 | int i = 0; | |
1102 | ||
9cd12950 | 1103 | if (return_uid && (isdigit(*s) || *s == '-') && |
059ec3d9 PH |
1104 | s[Ustrspn(s+1, "0123456789")+1] == 0) |
1105 | { | |
1106 | *return_uid = (uid_t)Uatoi(s); | |
9cd12950 | 1107 | if (pw) *pw = NULL; |
059ec3d9 PH |
1108 | return TRUE; |
1109 | } | |
1110 | ||
1111 | (void)string_format(lastname, sizeof(lastname), "%s", s); | |
1112 | ||
1113 | /* Force failure if string length is greater than given maximum */ | |
1114 | ||
1115 | if (max_username_length > 0 && Ustrlen(lastname) > max_username_length) | |
1116 | { | |
1117 | DEBUG(D_uid) debug_printf("forced failure of finduser(): string " | |
1118 | "length of %s is greater than %d\n", lastname, max_username_length); | |
1119 | lastpw = NULL; | |
1120 | } | |
1121 | ||
1122 | /* Try a few times if so configured; this handles delays in NIS etc. */ | |
1123 | ||
1124 | else for (;;) | |
1125 | { | |
73a6bc4b | 1126 | errno = 0; |
9cd12950 | 1127 | if ((lastpw = getpwnam(CS s))) break; |
059ec3d9 PH |
1128 | if (++i > finduser_retries) break; |
1129 | sleep(1); | |
1130 | } | |
1131 | ||
9cd12950 | 1132 | if (lastpw) |
059ec3d9 PH |
1133 | { |
1134 | pwcopy.pw_uid = lastpw->pw_uid; | |
1135 | pwcopy.pw_gid = lastpw->pw_gid; | |
1136 | (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir); | |
1137 | (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos); | |
1138 | (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell); | |
1139 | pwcopy.pw_name = CS lastname; | |
1140 | pwcopy.pw_dir = CS lastdir; | |
1141 | pwcopy.pw_gecos = CS lastgecos; | |
1142 | pwcopy.pw_shell = CS lastshell; | |
1143 | lastpw = &pwcopy; | |
1144 | } | |
d8fe1c03 | 1145 | |
9cd12950 JH |
1146 | else DEBUG(D_uid) if (errno != 0) |
1147 | debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno)); | |
d8fe1c03 PH |
1148 | } |
1149 | ||
9cd12950 | 1150 | if (!lastpw) |
d8fe1c03 PH |
1151 | { |
1152 | DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n"); | |
1153 | return FALSE; | |
059ec3d9 | 1154 | } |
9cd12950 JH |
1155 | |
1156 | DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n", | |
d8fe1c03 | 1157 | lastpw->pw_uid, lastpw->pw_gid); |
059ec3d9 | 1158 | |
9cd12950 JH |
1159 | if (return_uid) *return_uid = lastpw->pw_uid; |
1160 | if (pw) *pw = lastpw; | |
059ec3d9 PH |
1161 | |
1162 | return TRUE; | |
1163 | } | |
1164 | ||
1165 | ||
1166 | ||
1167 | ||
1168 | /************************************************* | |
1169 | * Find a local group * | |
1170 | *************************************************/ | |
1171 | ||
1172 | /* Try several times (if configured) to find a local group, in case delays in | |
1173 | NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam() | |
1174 | doesn't have some kind of indication as to why it has failed. | |
1175 | ||
1176 | Arguments: | |
1177 | s the group namd or textual form of the numerical gid | |
1178 | return_gid return the gid via this address | |
1179 | ||
1180 | Returns: TRUE if the group was found; FALSE otherwise | |
1181 | ||
1182 | */ | |
1183 | ||
1184 | BOOL | |
1185 | route_findgroup(uschar *s, gid_t *return_gid) | |
1186 | { | |
1187 | int i = 0; | |
1188 | struct group *gr; | |
1189 | ||
1190 | if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0) | |
1191 | { | |
1192 | *return_gid = (gid_t)Uatoi(s); | |
1193 | return TRUE; | |
1194 | } | |
1195 | ||
1196 | for (;;) | |
1197 | { | |
9cd12950 | 1198 | if ((gr = getgrnam(CS s))) |
059ec3d9 PH |
1199 | { |
1200 | *return_gid = gr->gr_gid; | |
1201 | return TRUE; | |
1202 | } | |
1203 | if (++i > finduser_retries) break; | |
1204 | sleep(1); | |
1205 | } | |
1206 | ||
1207 | return FALSE; | |
1208 | } | |
1209 | ||
1210 | ||
1211 | ||
1212 | ||
1213 | /************************************************* | |
1214 | * Find user by expanding string * | |
1215 | *************************************************/ | |
1216 | ||
1217 | /* Expands a string, and then looks up the result in the passwd file. | |
1218 | ||
1219 | Arguments: | |
1220 | string the string to be expanded, yielding a login name or a numerical | |
1221 | uid value (to be passed to route_finduser()) | |
1222 | driver_name caller name for panic error message (only) | |
1223 | driver_type caller type for panic error message (only) | |
1224 | pw return passwd entry via this pointer | |
1225 | uid return uid via this pointer | |
1226 | errmsg where to point a message on failure | |
1227 | ||
1228 | Returns: TRUE if user found, FALSE otherwise | |
1229 | */ | |
1230 | ||
1231 | BOOL | |
1232 | route_find_expanded_user(uschar *string, uschar *driver_name, | |
1233 | uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg) | |
1234 | { | |
1235 | uschar *user = expand_string(string); | |
1236 | ||
9cd12950 | 1237 | if (!user) |
059ec3d9 PH |
1238 | { |
1239 | *errmsg = string_sprintf("Failed to expand user string \"%s\" for the " | |
1240 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1241 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1242 | return FALSE; | |
1243 | } | |
1244 | ||
1245 | if (route_finduser(user, pw, uid)) return TRUE; | |
1246 | ||
1247 | *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string " | |
1248 | "\"%s\" for the %s %s", user, string, driver_name, driver_type); | |
1249 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1250 | return FALSE; | |
1251 | } | |
1252 | ||
1253 | ||
1254 | ||
1255 | /************************************************* | |
1256 | * Find group by expanding string * | |
1257 | *************************************************/ | |
1258 | ||
1259 | /* Expands a string and then looks up the result in the group file. | |
1260 | ||
1261 | Arguments: | |
1262 | string the string to be expanded, yielding a group name or a numerical | |
1263 | gid value (to be passed to route_findgroup()) | |
1264 | driver_name caller name for panic error message (only) | |
1265 | driver_type caller type for panic error message (only) | |
1266 | gid return gid via this pointer | |
1267 | errmsg return error message via this pointer | |
1268 | ||
1269 | Returns: TRUE if found group, FALSE otherwise | |
1270 | */ | |
1271 | ||
1272 | BOOL | |
1273 | route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type, | |
1274 | gid_t *gid, uschar **errmsg) | |
1275 | { | |
1276 | BOOL yield = TRUE; | |
1277 | uschar *group = expand_string(string); | |
1278 | ||
9cd12950 | 1279 | if (!group) |
059ec3d9 PH |
1280 | { |
1281 | *errmsg = string_sprintf("Failed to expand group string \"%s\" for the " | |
1282 | "%s %s: %s", string, driver_name, driver_type, expand_string_message); | |
1283 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1284 | return FALSE; | |
1285 | } | |
1286 | ||
1287 | if (!route_findgroup(group, gid)) | |
1288 | { | |
1289 | *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string " | |
1290 | "\"%s\" for the %s %s", group, string, driver_name, driver_type); | |
1291 | log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg); | |
1292 | yield = FALSE; | |
1293 | } | |
1294 | ||
1295 | return yield; | |
1296 | } | |
1297 | ||
1298 | ||
1299 | ||
059ec3d9 PH |
1300 | /************************************************* |
1301 | * Handle an unseen routing * | |
1302 | *************************************************/ | |
1303 | ||
1304 | /* This function is called when an address is routed by a router with "unseen" | |
1305 | set. It must make a clone of the address, for handling by subsequent drivers. | |
1306 | The clone is set to start routing at the next router. | |
1307 | ||
1308 | The original address must be replaced by an invented "parent" which has the | |
1309 | routed address plus the clone as its children. This is necessary in case the | |
1310 | address is at the top level - we don't want to mark it complete until both | |
1311 | deliveries have been done. | |
1312 | ||
1313 | A new unique field must be made, so that the record of the delivery isn't a | |
1314 | record of the original address, and checking for already delivered has | |
1315 | therefore to be done here. If the delivery has happened, then take the base | |
1316 | address off whichever delivery queue it is on - it will always be the top item. | |
1317 | ||
1318 | Arguments: | |
1319 | name router name | |
1320 | addr address that was routed | |
1321 | paddr_local chain of local-delivery addresses | |
1322 | paddr_remote chain of remote-delivery addresses | |
1323 | addr_new chain for newly created addresses | |
1324 | ||
1325 | Returns: nothing | |
1326 | */ | |
1327 | ||
1328 | static void | |
1329 | route_unseen(uschar *name, address_item *addr, address_item **paddr_local, | |
1330 | address_item **paddr_remote, address_item **addr_new) | |
1331 | { | |
1332 | address_item *parent = deliver_make_addr(addr->address, TRUE); | |
1333 | address_item *new = deliver_make_addr(addr->address, TRUE); | |
1334 | ||
1335 | /* The invented parent is a copy that replaces the original; note that | |
1336 | this copies its parent pointer. It has two children, and its errors_address is | |
1337 | from the original address' parent, if present, otherwise unset. */ | |
1338 | ||
1339 | *parent = *addr; | |
1340 | parent->child_count = 2; | |
d43cbe25 | 1341 | parent->prop.errors_address = |
9cd12950 | 1342 | addr->parent ? addr->parent->prop.errors_address : NULL; |
059ec3d9 PH |
1343 | |
1344 | /* The routed address gets a new parent. */ | |
1345 | ||
1346 | addr->parent = parent; | |
1347 | ||
1348 | /* The clone has this parent too. Set its errors address from the parent. This | |
1349 | was set from the original parent (or to NULL) - see above. We do NOT want to | |
1350 | take the errors address from the unseen router. */ | |
1351 | ||
1352 | new->parent = parent; | |
d43cbe25 | 1353 | new->prop.errors_address = parent->prop.errors_address; |
059ec3d9 PH |
1354 | |
1355 | /* Copy the propagated flags and address_data from the original. */ | |
1356 | ||
1357 | copyflag(new, addr, af_propagate); | |
d43cbe25 | 1358 | new->prop.address_data = addr->prop.address_data; |
6c1c3d1d WB |
1359 | new->dsn_flags = addr->dsn_flags; |
1360 | new->dsn_orcpt = addr->dsn_orcpt; | |
059ec3d9 PH |
1361 | |
1362 | ||
1363 | /* As it has turned out, we haven't set headers_add or headers_remove for the | |
1364 | * clone. Thinking about it, it isn't entirely clear whether they should be | |
1365 | * copied from the original parent, like errors_address, or taken from the | |
1366 | * unseen router, like address_data and the flags. Until somebody brings this | |
1367 | * up, I propose to leave the code as it is. | |
1368 | */ | |
1369 | ||
1370 | ||
1371 | /* Set the cloned address to start at the next router, and put it onto the | |
1372 | chain of new addresses. */ | |
1373 | ||
1374 | new->start_router = addr->router->next; | |
1375 | new->next = *addr_new; | |
1376 | *addr_new = new; | |
1377 | ||
1378 | DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address); | |
1379 | ||
1380 | /* Make a new unique field, to distinguish from the normal one. */ | |
1381 | ||
1382 | addr->unique = string_sprintf("%s/%s", addr->unique, name); | |
1383 | ||
1384 | /* If the address has been routed to a transport, see if it was previously | |
1385 | delivered. If so, we take it off the relevant queue so that it isn't delivered | |
1386 | again. Otherwise, it was an alias or something, and the addresses it generated | |
1387 | are handled in the normal way. */ | |
1388 | ||
9cd12950 | 1389 | if (addr->transport && tree_search(tree_nonrecipients, addr->unique)) |
059ec3d9 PH |
1390 | { |
1391 | DEBUG(D_route) | |
1392 | debug_printf("\"unseen\" delivery previously done - discarded\n"); | |
1393 | parent->child_count--; | |
1394 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1395 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1396 | } | |
1397 | } | |
1398 | ||
1399 | ||
1400 | ||
1401 | /************************************************* | |
1402 | * Route one address * | |
1403 | *************************************************/ | |
1404 | ||
1405 | /* This function is passed in one address item, for processing by the routers. | |
1406 | The verify flag is set if this is being called for verification rather than | |
1407 | delivery. If the router doesn't have its "verify" flag set, it is skipped. | |
1408 | ||
1409 | Arguments: | |
1410 | addr address to route | |
1411 | paddr_local chain of local-delivery addresses | |
1412 | paddr_remote chain of remote-delivery addresses | |
1413 | addr_new chain for newly created addresses | |
1414 | addr_succeed chain for completed addresses | |
1415 | verify v_none if not verifying | |
1416 | v_sender if verifying a sender address | |
1417 | v_recipient if verifying a recipient address | |
1418 | v_expn if processing an EXPN address | |
1419 | ||
1420 | Returns: OK => address successfully routed | |
1421 | DISCARD => address was discarded | |
1422 | FAIL => address could not be routed | |
1423 | DEFER => some temporary problem | |
1424 | ERROR => some major internal or configuration failure | |
1425 | */ | |
1426 | ||
1427 | int | |
1428 | route_address(address_item *addr, address_item **paddr_local, | |
1429 | address_item **paddr_remote, address_item **addr_new, | |
1430 | address_item **addr_succeed, int verify) | |
1431 | { | |
1432 | int yield = OK; | |
1433 | BOOL unseen; | |
1434 | router_instance *r, *nextr; | |
55414b25 | 1435 | const uschar *old_domain = addr->domain; |
059ec3d9 PH |
1436 | |
1437 | HDEBUG(D_route) | |
1438 | { | |
1439 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
1440 | debug_printf("routing %s\n", addr->address); | |
1441 | } | |
1442 | ||
1443 | /* Loop through all router instances until a router succeeds, fails, defers, or | |
1444 | encounters an error. If the address has start_router set, we begin from there | |
1445 | instead of at the first router. */ | |
1446 | ||
9cd12950 | 1447 | for (r = addr->start_router ? addr->start_router : routers; r; r = nextr) |
059ec3d9 PH |
1448 | { |
1449 | uschar *error; | |
1450 | struct passwd *pw = NULL; | |
1451 | struct passwd pwcopy; | |
1452 | address_item *parent; | |
1453 | BOOL loop_detected = FALSE; | |
1454 | BOOL more; | |
1455 | int loopcount = 0; | |
1456 | int rc; | |
1457 | ||
1458 | DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name); | |
1459 | ||
1460 | /* Reset any search error message from the previous router. */ | |
1461 | ||
1462 | search_error_message = NULL; | |
1463 | ||
1464 | /* There are some weird cases where logging is disabled */ | |
1465 | ||
1466 | disable_logging = r->disable_logging; | |
1467 | ||
1468 | /* Record the last router to handle the address, and set the default | |
1469 | next router. */ | |
1470 | ||
1471 | addr->router = r; | |
1472 | nextr = r->next; | |
1473 | ||
1474 | /* Loop protection: If this address has an ancestor with the same address, | |
1475 | and that ancestor was routed by this router, we skip this router. This | |
1476 | prevents a variety of looping states when a new address is created by | |
1477 | redirection or by the use of "unseen" on a router. | |
1478 | ||
1479 | If no_repeat_use is set on the router, we skip if _any_ ancestor was routed | |
1480 | by this router, even if it was different to the current address. | |
1481 | ||
1482 | Just in case someone does put it into a loop (possible with redirection | |
1483 | continally adding to an address, for example), put a long stop counter on | |
1484 | the number of parents. */ | |
1485 | ||
9cd12950 | 1486 | for (parent = addr->parent; parent; parent = parent->parent) |
059ec3d9 PH |
1487 | { |
1488 | if (parent->router == r) | |
1489 | { | |
1490 | BOOL break_loop = !r->repeat_use; | |
1491 | ||
1492 | /* When repeat_use is set, first check the active addresses caselessly. | |
1493 | If they match, we have to do a further caseful check of the local parts | |
1494 | when caseful_local_part is set. This is assumed to be rare, which is why | |
1495 | the code is written this way. */ | |
1496 | ||
1497 | if (!break_loop) | |
1498 | { | |
1499 | break_loop = strcmpic(parent->address, addr->address) == 0; | |
1500 | if (break_loop && r->caseful_local_part) | |
1501 | break_loop = Ustrncmp(parent->address, addr->address, | |
1502 | Ustrrchr(addr->address, '@') - addr->address) == 0; | |
1503 | } | |
1504 | ||
1505 | if (break_loop) | |
1506 | { | |
1507 | DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n", | |
1508 | r->name, parent->address); | |
1509 | loop_detected = TRUE; | |
1510 | break; | |
1511 | } | |
1512 | } | |
1513 | ||
1514 | /* Continue with parents, limiting the size of the dynasty. */ | |
1515 | ||
1516 | if (loopcount++ > 100) | |
1517 | { | |
1518 | log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address); | |
1519 | yield = DEFER; | |
1520 | goto ROUTE_EXIT; | |
1521 | } | |
1522 | } | |
1523 | ||
1524 | if (loop_detected) continue; | |
1525 | ||
1526 | /* Default no affixes and select whether to use a caseful or caseless local | |
1527 | part in this router. */ | |
1528 | ||
1529 | addr->prefix = addr->suffix = NULL; | |
1530 | addr->local_part = r->caseful_local_part? | |
1531 | addr->cc_local_part : addr->lc_local_part; | |
1532 | ||
1533 | DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part, | |
1534 | addr->domain); | |
1535 | ||
1536 | /* Handle any configured prefix by replacing the local_part address, | |
1537 | and setting the prefix. Skip the router if the prefix doesn't match, | |
1538 | unless the prefix is optional. */ | |
1539 | ||
9cd12950 | 1540 | if (r->prefix) |
059ec3d9 PH |
1541 | { |
1542 | int plen = route_check_prefix(addr->local_part, r->prefix); | |
1543 | if (plen > 0) | |
1544 | { | |
1545 | addr->prefix = string_copyn(addr->local_part, plen); | |
1546 | addr->local_part += plen; | |
1547 | DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix); | |
1548 | } | |
1549 | else if (!r->prefix_optional) | |
1550 | { | |
1551 | DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n", | |
1552 | r->name); | |
1553 | continue; | |
1554 | } | |
1555 | } | |
1556 | ||
1557 | /* Handle any configured suffix likewise. */ | |
1558 | ||
9cd12950 | 1559 | if (r->suffix) |
059ec3d9 PH |
1560 | { |
1561 | int slen = route_check_suffix(addr->local_part, r->suffix); | |
1562 | if (slen > 0) | |
1563 | { | |
1564 | int lplen = Ustrlen(addr->local_part) - slen; | |
1565 | addr->suffix = addr->local_part + lplen; | |
1566 | addr->local_part = string_copyn(addr->local_part, lplen); | |
1567 | DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix); | |
1568 | } | |
1569 | else if (!r->suffix_optional) | |
1570 | { | |
1571 | DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n", | |
1572 | r->name); | |
1573 | continue; | |
1574 | } | |
1575 | } | |
1576 | ||
1577 | /* Set the expansion variables now that we have the affixes and the case of | |
1578 | the local part sorted. */ | |
1579 | ||
2a47f028 | 1580 | router_name = r->name; |
059ec3d9 PH |
1581 | deliver_set_expansions(addr); |
1582 | ||
1583 | /* For convenience, the pre-router checks are in a separate function, which | |
1584 | returns OK, SKIP, FAIL, or DEFER. */ | |
1585 | ||
1586 | if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK) | |
1587 | { | |
2a47f028 | 1588 | router_name = NULL; |
059ec3d9 PH |
1589 | if (rc == SKIP) continue; |
1590 | addr->message = error; | |
1591 | yield = rc; | |
1592 | goto ROUTE_EXIT; | |
1593 | } | |
1594 | ||
1595 | /* All pre-conditions have been met. Reset any search error message from | |
1596 | pre-condition tests. These can arise in negated tests where the failure of | |
1597 | the lookup leads to a TRUE pre-condition. */ | |
1598 | ||
1599 | search_error_message = NULL; | |
1600 | ||
1601 | /* Finally, expand the address_data field in the router. Forced failure | |
1602 | behaves as if the router declined. Any other failure is more serious. On | |
1603 | success, the string is attached to the address for all subsequent processing. | |
1604 | */ | |
1605 | ||
9cd12950 | 1606 | if (r->address_data) |
059ec3d9 PH |
1607 | { |
1608 | DEBUG(D_route) debug_printf("processing address_data\n"); | |
1609 | deliver_address_data = expand_string(r->address_data); | |
9cd12950 | 1610 | if (!deliver_address_data) |
059ec3d9 PH |
1611 | { |
1612 | if (expand_string_forcedfail) | |
1613 | { | |
1614 | DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" " | |
1615 | "(address_data): decline action taken\n", r->address_data); | |
1616 | ||
1617 | /* Expand "more" if necessary; DEFER => an expansion failed */ | |
1618 | ||
9c695f6d JH |
1619 | yield = exp_bool(addr, US"router", r->name, D_route, |
1620 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1621 | if (yield != OK) goto ROUTE_EXIT; |
1622 | ||
1623 | if (!more) | |
1624 | { | |
1625 | DEBUG(D_route) | |
1626 | debug_printf("\"more\"=false: skipping remaining routers\n"); | |
2a47f028 | 1627 | router_name = NULL; |
059ec3d9 PH |
1628 | r = NULL; |
1629 | break; | |
1630 | } | |
1631 | else continue; /* With next router */ | |
1632 | } | |
1633 | ||
1634 | else | |
1635 | { | |
1636 | addr->message = string_sprintf("expansion of \"%s\" failed " | |
1637 | "in %s router: %s", r->address_data, r->name, expand_string_message); | |
1638 | yield = DEFER; | |
1639 | goto ROUTE_EXIT; | |
1640 | } | |
1641 | } | |
d43cbe25 | 1642 | addr->prop.address_data = deliver_address_data; |
059ec3d9 PH |
1643 | } |
1644 | ||
1645 | /* We are finally cleared for take-off with this router. Clear the the flag | |
1646 | that records that a local host was removed from a routed host list. Make a | |
1647 | copy of relevant fields in the password information from check_local_user, | |
1648 | because it will be overwritten if check_local_user is invoked again while | |
1649 | verifying an errors_address setting. */ | |
1650 | ||
1651 | clearflag(addr, af_local_host_removed); | |
1652 | ||
9cd12950 | 1653 | if (pw) |
059ec3d9 PH |
1654 | { |
1655 | pwcopy.pw_name = CS string_copy(US pw->pw_name); | |
1656 | pwcopy.pw_uid = pw->pw_uid; | |
1657 | pwcopy.pw_gid = pw->pw_gid; | |
1658 | pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos); | |
1659 | pwcopy.pw_dir = CS string_copy(US pw->pw_dir); | |
1660 | pwcopy.pw_shell = CS string_copy(US pw->pw_shell); | |
1661 | pw = &pwcopy; | |
1662 | } | |
1663 | ||
1664 | /* Run the router, and handle the consequences. */ | |
1665 | ||
9cd12950 JH |
1666 | /* ... but let us check on DSN before. If this should be the last hop for DSN |
1667 | set flag. */ | |
1668 | ||
1669 | if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop)) | |
98c82a3d | 1670 | { |
6c1c3d1d WB |
1671 | addr->dsn_flags |= rf_dsnlasthop; |
1672 | HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address); | |
98c82a3d | 1673 | } |
6c1c3d1d | 1674 | |
059ec3d9 PH |
1675 | HDEBUG(D_route) debug_printf("calling %s router\n", r->name); |
1676 | ||
fd6de02e PH |
1677 | yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote, |
1678 | addr_new, addr_succeed); | |
059ec3d9 | 1679 | |
2a47f028 JH |
1680 | router_name = NULL; |
1681 | ||
059ec3d9 PH |
1682 | if (yield == FAIL) |
1683 | { | |
1684 | HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name); | |
1685 | goto ROUTE_EXIT; | |
1686 | } | |
1687 | ||
1688 | /* If succeeded while verifying but fail_verify is set, convert into | |
1689 | a failure, and take it off the local or remote delivery list. */ | |
1690 | ||
1691 | if (((verify == v_sender && r->fail_verify_sender) || | |
1692 | (verify == v_recipient && r->fail_verify_recipient)) && | |
1693 | (yield == OK || yield == PASS)) | |
1694 | { | |
1695 | addr->message = string_sprintf("%s router forced verify failure", r->name); | |
1696 | if (*paddr_remote == addr) *paddr_remote = addr->next; | |
1697 | if (*paddr_local == addr) *paddr_local = addr->next; | |
1698 | yield = FAIL; | |
1699 | goto ROUTE_EXIT; | |
1700 | } | |
1701 | ||
1702 | /* PASS and DECLINE are the only two cases where the loop continues. For all | |
1703 | other returns, we break the loop and handle the result below. */ | |
1704 | ||
1705 | if (yield != PASS && yield != DECLINE) break; | |
1706 | ||
1707 | HDEBUG(D_route) | |
1708 | { | |
1709 | debug_printf("%s router %s for %s\n", r->name, | |
1710 | (yield == PASS)? "passed" : "declined", addr->address); | |
1711 | if (Ustrcmp(old_domain, addr->domain) != 0) | |
1712 | debug_printf("domain %s rewritten\n", old_domain); | |
1713 | } | |
1714 | ||
1715 | /* PASS always continues to another router; DECLINE does so if "more" | |
1716 | is true. Initialization insists that pass_router is always a following | |
1717 | router. Otherwise, break the loop as if at the end of the routers. */ | |
1718 | ||
1719 | if (yield == PASS) | |
1720 | { | |
1721 | if (r->pass_router != NULL) nextr = r->pass_router; | |
1722 | } | |
1723 | else | |
1724 | { | |
1725 | /* Expand "more" if necessary */ | |
1726 | ||
9c695f6d JH |
1727 | yield = exp_bool(addr, US"router", r->name, D_route, |
1728 | US"more", r->more, r->expand_more, &more); | |
059ec3d9 PH |
1729 | if (yield != OK) goto ROUTE_EXIT; |
1730 | ||
1731 | if (!more) | |
1732 | { | |
1733 | HDEBUG(D_route) | |
1734 | debug_printf("\"more\" is false: skipping remaining routers\n"); | |
1735 | r = NULL; | |
1736 | break; | |
1737 | } | |
1738 | } | |
1739 | } /* Loop for all routers */ | |
1740 | ||
1741 | /* On exit from the routers loop, if r == NULL we have run out of routers, | |
1742 | either genuinely, or as a result of no_more. Otherwise, the loop ended | |
1743 | prematurely, either because a router succeeded, or because of some special | |
1744 | router response. Note that FAIL errors and errors detected before actually | |
1745 | running a router go direct to ROUTE_EXIT from code above. */ | |
1746 | ||
9cd12950 | 1747 | if (!r) |
059ec3d9 PH |
1748 | { |
1749 | HDEBUG(D_route) debug_printf("no more routers\n"); | |
9cd12950 | 1750 | if (!addr->message) |
059ec3d9 PH |
1751 | { |
1752 | uschar *message = US"Unrouteable address"; | |
9cd12950 | 1753 | if (addr->router && addr->router->cannot_route_message) |
059ec3d9 PH |
1754 | { |
1755 | uschar *expmessage = expand_string(addr->router->cannot_route_message); | |
9cd12950 | 1756 | if (!expmessage) |
059ec3d9 PH |
1757 | { |
1758 | if (!expand_string_forcedfail) | |
1759 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " | |
1760 | "cannot_route_message in %s router: %s", addr->router->name, | |
1761 | expand_string_message); | |
1762 | } | |
1763 | else message = expmessage; | |
1764 | } | |
1765 | addr->user_message = addr->message = message; | |
1766 | } | |
1767 | addr->router = NULL; /* For logging */ | |
1768 | yield = FAIL; | |
1769 | goto ROUTE_EXIT; | |
1770 | } | |
1771 | ||
1772 | if (yield == DEFER) | |
1773 | { | |
1774 | HDEBUG(D_route) | |
1775 | { | |
1776 | debug_printf("%s router: defer for %s\n", r->name, addr->address); | |
1777 | debug_printf(" message: %s\n", (addr->message == NULL)? | |
1778 | US"<none>" : addr->message); | |
1779 | } | |
1780 | goto ROUTE_EXIT; | |
1781 | } | |
1782 | ||
1783 | if (yield == DISCARD) goto ROUTE_EXIT; | |
1784 | ||
1785 | /* The yield must be either OK or REROUTED. */ | |
1786 | ||
1787 | if (yield != OK && yield != REROUTED) | |
1788 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d", | |
1789 | r->name, yield); | |
1790 | ||
1791 | /* If the yield was REROUTED, the router put a child address on the new chain | |
1792 | as a result of a domain change of some sort (widening, typically). */ | |
1793 | ||
1794 | if (yield == REROUTED) | |
1795 | { | |
1796 | HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address); | |
1797 | yield = OK; | |
1798 | goto ROUTE_EXIT; | |
1799 | } | |
1800 | ||
1801 | /* The only remaining possibility is that the router succeeded. If the | |
1802 | translate_ip_address options is set and host addresses were associated with the | |
1803 | address, run them through the translation. This feature is for weird and | |
1804 | wonderful situations (the amateur packet radio people need it) or very broken | |
1805 | networking, so it is included in the binary only if requested. */ | |
1806 | ||
1807 | #ifdef SUPPORT_TRANSLATE_IP_ADDRESS | |
1808 | ||
9cd12950 | 1809 | if (r->translate_ip_address) |
059ec3d9 PH |
1810 | { |
1811 | int rc; | |
1812 | int old_pool = store_pool; | |
1813 | host_item *h; | |
9cd12950 | 1814 | for (h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
1815 | { |
1816 | uschar *newaddress; | |
1817 | uschar *oldaddress, *oldname; | |
1818 | ||
9cd12950 | 1819 | if (!h->address) continue; |
059ec3d9 PH |
1820 | |
1821 | deliver_host_address = h->address; | |
1822 | newaddress = expand_string(r->translate_ip_address); | |
1823 | deliver_host_address = NULL; | |
1824 | ||
9cd12950 | 1825 | if (!newaddress) |
059ec3d9 PH |
1826 | { |
1827 | if (expand_string_forcedfail) continue; | |
1828 | addr->basic_errno = ERRNO_EXPANDFAIL; | |
1829 | addr->message = string_sprintf("translate_ip_address expansion " | |
1830 | "failed: %s", expand_string_message); | |
1831 | yield = DEFER; | |
1832 | goto ROUTE_EXIT; | |
1833 | } | |
1834 | ||
1835 | DEBUG(D_route) debug_printf("%s [%s] translated to %s\n", | |
1836 | h->name, h->address, newaddress); | |
7e66e54d | 1837 | if (string_is_ip_address(newaddress, NULL) != 0) |
059ec3d9 PH |
1838 | { |
1839 | h->address = newaddress; | |
1840 | continue; | |
1841 | } | |
1842 | ||
1843 | oldname = h->name; | |
1844 | oldaddress = h->address; | |
1845 | h->name = newaddress; | |
1846 | h->address = NULL; | |
1847 | h->mx = MX_NONE; | |
1848 | ||
1849 | store_pool = POOL_PERM; | |
322050c2 | 1850 | rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE); |
059ec3d9 PH |
1851 | store_pool = old_pool; |
1852 | ||
1853 | if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) | |
1854 | { | |
1855 | addr->basic_errno = ERRNO_UNKNOWNHOST; | |
1856 | addr->message = string_sprintf("host %s not found when " | |
1857 | "translating %s [%s]", h->name, oldname, oldaddress); | |
1858 | yield = DEFER; | |
1859 | goto ROUTE_EXIT; | |
1860 | } | |
1861 | } | |
1862 | } | |
1863 | #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */ | |
1864 | ||
1865 | /* See if this is an unseen routing; first expand the option if necessary. | |
1866 | DEFER can be given if the expansion fails */ | |
1867 | ||
9c695f6d JH |
1868 | yield = exp_bool(addr, US"router", r->name, D_route, |
1869 | US"unseen", r->unseen, r->expand_unseen, &unseen); | |
059ec3d9 PH |
1870 | if (yield != OK) goto ROUTE_EXIT; |
1871 | ||
059ec3d9 PH |
1872 | /* Debugging output recording a successful routing */ |
1873 | ||
9cd12950 | 1874 | HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name, |
059ec3d9 | 1875 | unseen? " (unseen)" : ""); |
059ec3d9 PH |
1876 | |
1877 | DEBUG(D_route) | |
1878 | { | |
1879 | host_item *h; | |
1880 | ||
1881 | debug_printf(" envelope to: %s\n", addr->address); | |
1882 | debug_printf(" transport: %s\n", (addr->transport == NULL)? | |
1883 | US"<none>" : addr->transport->name); | |
1884 | ||
9cd12950 | 1885 | if (addr->prop.errors_address) |
d43cbe25 | 1886 | debug_printf(" errors to %s\n", addr->prop.errors_address); |
059ec3d9 | 1887 | |
9cd12950 | 1888 | for (h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
1889 | { |
1890 | debug_printf(" host %s", h->name); | |
9cd12950 | 1891 | if (h->address) debug_printf(" [%s]", h->address); |
059ec3d9 PH |
1892 | if (h->mx >= 0) debug_printf(" MX=%d", h->mx); |
1893 | else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx); | |
1894 | if (h->port != PORT_NONE) debug_printf(" port=%d", h->port); | |
805c9d53 | 1895 | if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no"); |
059ec3d9 PH |
1896 | debug_printf("\n"); |
1897 | } | |
1898 | } | |
1899 | ||
1900 | /* Clear any temporary error message set by a router that declined, and handle | |
1901 | the "unseen" option (ignore if there are no further routers). */ | |
1902 | ||
1903 | addr->message = NULL; | |
9cd12950 | 1904 | if (unseen && r->next) |
059ec3d9 PH |
1905 | route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new); |
1906 | ||
1907 | /* Unset the address expansions, and return the final result. */ | |
1908 | ||
1909 | ROUTE_EXIT: | |
f42deca9 JH |
1910 | if (yield == DEFER && addr->message) |
1911 | addr->message = expand_hide_passwords(addr->message); | |
76aa570c | 1912 | |
059ec3d9 | 1913 | deliver_set_expansions(NULL); |
2a47f028 | 1914 | router_name = NULL; |
059ec3d9 PH |
1915 | disable_logging = FALSE; |
1916 | return yield; | |
1917 | } | |
1918 | ||
1919 | /* End of route.c */ |