projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Default to filesystem space/inode checking enabled
[exim.git] / src / src / route.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
3386088d 5/* Copyright (c) University of Cambridge 1995 - 2015 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Functions concerned with routing, and the list of generic router options. */
9
10
11#include "exim.h"
12
13
14
15/* Generic options for routers, all of which live inside router_instance
16data blocks and which therefore have the opt_public flag set. */
17
18optionlist optionlist_routers[] = {
19 { "*expand_group", opt_stringptr | opt_hidden | opt_public,
20 (void *)(offsetof(router_instance, expand_gid)) },
21 { "*expand_more", opt_stringptr | opt_hidden | opt_public,
22 (void *)(offsetof(router_instance, expand_more)) },
23 { "*expand_unseen", opt_stringptr | opt_hidden | opt_public,
24 (void *)(offsetof(router_instance, expand_unseen)) },
25 { "*expand_user", opt_stringptr | opt_hidden | opt_public,
26 (void *)(offsetof(router_instance, expand_uid)) },
27 { "*set_group", opt_bool | opt_hidden | opt_public,
28 (void *)(offsetof(router_instance, gid_set)) },
29 { "*set_user", opt_bool | opt_hidden | opt_public,
30 (void *)(offsetof(router_instance, uid_set)) },
31 { "address_data", opt_stringptr|opt_public,
32 (void *)(offsetof(router_instance, address_data)) },
33 { "address_test", opt_bool|opt_public,
34 (void *)(offsetof(router_instance, address_test)) },
8523533c
TK		 35#ifdef EXPERIMENTAL_BRIGHTMAIL
36 { "bmi_deliver_alternate", opt_bool | opt_public,
37 (void *)(offsetof(router_instance, bmi_deliver_alternate)) },
38 { "bmi_deliver_default", opt_bool | opt_public,
39 (void *)(offsetof(router_instance, bmi_deliver_default)) },
40 { "bmi_dont_deliver", opt_bool | opt_public,
41 (void *)(offsetof(router_instance, bmi_dont_deliver)) },
42 { "bmi_rule", opt_stringptr|opt_public,
43 (void *)(offsetof(router_instance, bmi_rule)) },
44#endif
059ec3d9
PH		 45 { "cannot_route_message", opt_stringptr | opt_public,
46 (void *)(offsetof(router_instance, cannot_route_message)) },
47 { "caseful_local_part", opt_bool | opt_public,
48 (void *)(offsetof(router_instance, caseful_local_part)) },
49 { "check_local_user", opt_bool | opt_public,
50 (void *)(offsetof(router_instance, check_local_user)) },
846726c5 51 { "condition", opt_stringptr|opt_public|opt_rep_con,
059ec3d9
PH		 52 (void *)offsetof(router_instance, condition) },
53 { "debug_print", opt_stringptr | opt_public,
54 (void *)offsetof(router_instance, debug_string) },
55 { "disable_logging", opt_bool | opt_public,
56 (void *)offsetof(router_instance, disable_logging) },
99c1bb4e 57 { "dnssec_request_domains", opt_stringptr|opt_public,
7cd171b7 58 (void *)offsetof(router_instance, dnssec.request) },
99c1bb4e 59 { "dnssec_require_domains", opt_stringptr|opt_public,
7cd171b7 60 (void *)offsetof(router_instance, dnssec.require) },
059ec3d9
PH		 61 { "domains", opt_stringptr|opt_public,
62 (void *)offsetof(router_instance, domains) },
63 { "driver", opt_stringptr|opt_public,
64 (void *)offsetof(router_instance, driver_name) },
6c1c3d1d
WB		 65 { "dsn_lasthop", opt_bool|opt_public,
66 (void *)offsetof(router_instance, dsn_lasthop) },
059ec3d9
PH		 67 { "errors_to", opt_stringptr|opt_public,
68 (void *)(offsetof(router_instance, errors_to)) },
69 { "expn", opt_bool|opt_public,
70 (void *)offsetof(router_instance, expn) },
71 { "fail_verify", opt_bool_verify|opt_hidden|opt_public,
72 (void *)offsetof(router_instance, fail_verify_sender) },
73 { "fail_verify_recipient", opt_bool|opt_public,
74 (void *)offsetof(router_instance, fail_verify_recipient) },
75 { "fail_verify_sender", opt_bool|opt_public,
76 (void *)offsetof(router_instance, fail_verify_sender) },
77 { "fallback_hosts", opt_stringptr|opt_public,
78 (void *)offsetof(router_instance, fallback_hosts) },
79 { "group", opt_expand_gid | opt_public,
80 (void *)(offsetof(router_instance, gid)) },
846726c5 81 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
059ec3d9 82 (void *)offsetof(router_instance, extra_headers) },
846726c5 83 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
059ec3d9
PH		 84 (void *)offsetof(router_instance, remove_headers) },
85 { "ignore_target_hosts",opt_stringptr|opt_public,
86 (void *)offsetof(router_instance, ignore_target_hosts) },
87 { "initgroups", opt_bool | opt_public,
88 (void *)(offsetof(router_instance, initgroups)) },
89 { "local_part_prefix", opt_stringptr|opt_public,
90 (void *)offsetof(router_instance, prefix) },
91 { "local_part_prefix_optional",opt_bool|opt_public,
92 (void *)offsetof(router_instance, prefix_optional) },
93 { "local_part_suffix", opt_stringptr|opt_public,
94 (void *)offsetof(router_instance, suffix) },
95 { "local_part_suffix_optional",opt_bool|opt_public,
96 (void *)offsetof(router_instance, suffix_optional) },
97 { "local_parts", opt_stringptr|opt_public,
98 (void *)offsetof(router_instance, local_parts) },
99 { "log_as_local", opt_bool|opt_public,
100 (void *)offsetof(router_instance, log_as_local) },
101 { "more", opt_expand_bool|opt_public,
102 (void *)offsetof(router_instance, more) },
103 { "pass_on_timeout", opt_bool|opt_public,
104 (void *)offsetof(router_instance, pass_on_timeout) },
105 { "pass_router", opt_stringptr|opt_public,
106 (void *)offsetof(router_instance, pass_router_name) },
107 { "redirect_router", opt_stringptr|opt_public,
108 (void *)offsetof(router_instance, redirect_router_name) },
109 { "require_files", opt_stringptr|opt_public,
110 (void *)offsetof(router_instance, require_files) },
111 { "retry_use_local_part", opt_bool|opt_public,
112 (void *)offsetof(router_instance, retry_use_local_part) },
113 { "router_home_directory", opt_stringptr|opt_public,
114 (void *)offsetof(router_instance, router_home_directory) },
115 { "self", opt_stringptr|opt_public,
116 (void *)(offsetof(router_instance, self)) },
117 { "senders", opt_stringptr|opt_public,
118 (void *)offsetof(router_instance, senders) },
119 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
120 { "translate_ip_address", opt_stringptr|opt_public,
121 (void *)offsetof(router_instance, translate_ip_address) },
122 #endif
123 { "transport", opt_stringptr|opt_public,
124 (void *)offsetof(router_instance, transport_name) },
125 { "transport_current_directory", opt_stringptr|opt_public,
126 (void *)offsetof(router_instance, current_directory) },
127 { "transport_home_directory", opt_stringptr|opt_public,
128 (void *)offsetof(router_instance, home_directory) },
129 { "unseen", opt_expand_bool|opt_public,
130 (void *)offsetof(router_instance, unseen) },
131 { "user", opt_expand_uid | opt_public,
132 (void *)(offsetof(router_instance, uid)) },
133 { "verify", opt_bool_verify|opt_hidden|opt_public,
134 (void *)offsetof(router_instance, verify_sender) },
135 { "verify_only", opt_bool|opt_public,
136 (void *)offsetof(router_instance, verify_only) },
137 { "verify_recipient", opt_bool|opt_public,
138 (void *)offsetof(router_instance, verify_recipient) },
139 { "verify_sender", opt_bool|opt_public,
140 (void *)offsetof(router_instance, verify_sender) }
141};
142
143int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist);
144
145
c0b9d3e8
JH		 146void
147readconf_options_routers(void)
148{
149struct router_info * ri;
150
151readconf_options_from_list(optionlist_routers, nelem(optionlist_routers), US"RT");
152
153for (ri = routers_available; ri->driver_name[0]; ri++)
154 readconf_options_from_list(ri->options, (unsigned)*ri->options_count, ri->driver_name);
155}
059ec3d9
PH		 156
157/*************************************************
158* Set router pointer from name *
159*************************************************/
160
161/* This function is used for the redirect_router and pass_router options and
162called from route_init() below.
163
164Arguments:
165 r the current router
166 name new router name
167 ptr where to put the pointer
168 after TRUE if router must follow this one
169
170Returns: nothing.
171*/
172
173static void
174set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after)
175{
176BOOL afterthis = FALSE;
177router_instance *rr;
178
9cd12950 179for (rr = routers; rr; rr = rr->next)
059ec3d9
PH		 180 {
181 if (Ustrcmp(name, rr->name) == 0)
182 {
183 *ptr = rr;
184 break;
185 }
186 if (rr == r) afterthis = TRUE;
187 }
188
9cd12950 189if (!rr)
059ec3d9
PH		 190 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
191 "new_router \"%s\" not found for \"%s\" router", name, r->name);
192
193if (after && !afterthis)
194 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
195 "new_router \"%s\" does not follow \"%s\" router", name, r->name);
196}
197
198
199
200/*************************************************
201* Initialize router list *
202*************************************************/
203
204/* Read the routers section of the configuration file, and set up a chain of
205router instances according to its contents. Each router has generic options and
206may also have its own private options. This function is only ever called when
207routers == NULL. We use generic code in readconf to do the work. It will set
208values from the configuration file, and then call the driver's initialization
209function. */
210
211void
212route_init(void)
213{
214router_instance *r;
215
216readconf_driver_init(US"router",
217 (driver_instance **)(&routers), /* chain anchor */
218 (driver_info *)routers_available, /* available drivers */
219 sizeof(router_info), /* size of info blocks */
220 &router_defaults, /* default values for generic options */
221 sizeof(router_instance), /* size of instance block */
222 optionlist_routers, /* generic options */
223 optionlist_routers_size);
224
9cd12950 225for (r = routers; r; r = r->next)
059ec3d9
PH		 226 {
227 uschar *s = r->self;
228
229 /* If log_as_local is unset, its overall default is FALSE. (The accept
230 router defaults it to TRUE.) */
231
232 if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE;
233
234 /* Check for transport or no transport on certain routers */
235
236 if ((r->info->ri_flags & ri_yestransport) != 0 &&
237 r->transport_name == NULL &&
238 !r->verify_only)
239 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
240 "a transport is required for this router", r->name);
241
242 if ((r->info->ri_flags & ri_notransport) != 0 &&
243 r->transport_name != NULL)
244 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
245 "a transport must not be defined for this router", r->name);
246
247 /* The "self" option needs to be decoded into a code value and possibly a
248 new domain string and a rewrite boolean. */
249
250 if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze;
251 else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer;
252 else if (Ustrcmp(s, "send") == 0) r->self_code = self_send;
253 else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass;
254 else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail;
255 else if (Ustrncmp(s, "reroute:", 8) == 0)
256 {
257 s += 8;
258 while (isspace(*s)) s++;
259 if (Ustrncmp(s, "rewrite:", 8) == 0)
260 {
261 r->self_rewrite = TRUE;
262 s += 8;
263 while (isspace(*s)) s++;
264 }
265 r->self = s;
266 r->self_code = self_reroute;
267 }
268
269 else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
270 "%s is not valid for the self option", r->name, s);
271
272 /* If any router has check_local_user set, default retry_use_local_part
273 TRUE; otherwise its default is FALSE. */
274
275 if (r->retry_use_local_part == TRUE_UNSET)
276 r->retry_use_local_part = r->check_local_user;
277
278 /* Build a host list if fallback hosts is set. */
279
280 host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
281
282 /* Check redirect_router and pass_router are valid */
283
284 if (r->redirect_router_name != NULL)
285 set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
286
287 if (r->pass_router_name != NULL)
288 set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
6c1c3d1d 289
9cd12950
JH		 290 DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name,
291 r->dsn_lasthop ? "lasthop set" : "propagating DSN");
059ec3d9
PH		 292 }
293}
294
295
296
297/*************************************************
298* Tidy up after routing *
299*************************************************/
300
301/* Routers are entitled to keep hold of certain resources in their instance
302blocks so as to save setting them up each time. An example is an open file.
303Such routers must provide a tidyup entry point which is called when all routing
304is finished, via this function. */
305
306void
307route_tidyup(void)
308{
309router_instance *r;
9cd12950
JH		 310for (r = routers; r; r = r->next)
311 if (r->info->tidyup) (r->info->tidyup)(r);
059ec3d9
PH		 312}
313
314
315
316/*************************************************
317* Check local part for prefix *
318*************************************************/
319
320/* This function is handed a local part and a list of possible prefixes; if any
321one matches, return the prefix length. A prefix beginning with '*' is a
322wildcard.
323
324Arguments:
325 local_part the local part to check
326 prefixes the list of prefixes
327
328Returns: length of matching prefix or zero
329*/
330
331int
55414b25 332route_check_prefix(const uschar *local_part, const uschar *prefixes)
059ec3d9
PH		 333{
334int sep = 0;
335uschar *prefix;
55414b25 336const uschar *listptr = prefixes;
059ec3d9
PH		 337uschar prebuf[64];
338
9cd12950 339while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf))))
059ec3d9
PH		 340 {
341 int plen = Ustrlen(prefix);
342 if (prefix[0] == '*')
343 {
55414b25 344 const uschar *p;
059ec3d9
PH		 345 prefix++;
346 for (p = local_part + Ustrlen(local_part) - (--plen);
347 p >= local_part; p--)
348 if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part;
349 }
350 else
351 if (strncmpic(prefix, local_part, plen) == 0) return plen;
352 }
353
354return 0;
355}
356
357
358
359/*************************************************
360* Check local part for suffix *
361*************************************************/
362
363/* This function is handed a local part and a list of possible suffixes;
364if any one matches, return the suffix length. A suffix ending with '*'
365is a wildcard.
366
367Arguments:
368 local_part the local part to check
369 suffixes the list of suffixes
370
371Returns: length of matching suffix or zero
372*/
373
374int
55414b25 375route_check_suffix(const uschar *local_part, const uschar *suffixes)
059ec3d9
PH		 376{
377int sep = 0;
378int alen = Ustrlen(local_part);
379uschar *suffix;
55414b25 380const uschar *listptr = suffixes;
059ec3d9
PH		 381uschar sufbuf[64];
382
9cd12950 383while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf))))
059ec3d9
PH		 384 {
385 int slen = Ustrlen(suffix);
386 if (suffix[slen-1] == '*')
387 {
55414b25 388 const uschar *p, *pend;
059ec3d9
PH		 389 pend = local_part + alen - (--slen) + 1;
390 for (p = local_part; p < pend; p++)
391 if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part);
392 }
393 else
394 if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0)
395 return slen;
396 }
397
398return 0;
399}
400
401
402
403
404/*************************************************
405* Check local part, domain, or sender *
406*************************************************/
407
408/* The checks in check_router_conditions() require similar code, so we use
409this function to save repetition.
410
411Arguments:
412 rname router name for error messages
413 type type of check, for error message
414 list domains, local_parts, or senders list
415 anchorptr -> tree for possibly cached items (domains)
416 cache_bits cached bits pointer
417 listtype MCL_DOMAIN for domain check
418 MCL_LOCALPART for local part check
419 MCL_ADDRESS for sender check
420 domloc current domain, current local part, or NULL for sender check
421 ldata where to put lookup data
422 caseless passed on to match_isinlist()
423 perror where to put an error message
424
425Returns: OK item is in list
426 SKIP item is not in list, router is to be skipped
427 DEFER lookup or other defer
428*/
429
430static int
55414b25
JH		 431route_check_dls(uschar *rname, uschar *type, const uschar *list,
432 tree_node **anchorptr, unsigned int *cache_bits, int listtype,
433 const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror)
059ec3d9 434{
9cd12950 435if (!list) return OK; /* Empty list always succeeds */
059ec3d9
PH		 436
437DEBUG(D_route) debug_printf("checking %s\n", type);
438
439/* The domain and local part use the same matching function, whereas sender
440has its own code. */
441
9cd12950
JH		 442switch(domloc
443 ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype,
444 caseless, ldata)
445 : match_address_list(sender_address ? sender_address : US"",
446 TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data)
447 )
059ec3d9
PH		 448 {
449 case OK:
9cd12950 450 return OK;
059ec3d9
PH		 451
452 case FAIL:
9cd12950
JH		 453 *perror = string_sprintf("%s router skipped: %s mismatch", rname, type);
454 DEBUG(D_route) debug_printf("%s\n", *perror);
455 return SKIP;
059ec3d9
PH		 456
457 default: /* Paranoia, and keeps compilers happy */
458 case DEFER:
9cd12950
JH		 459 *perror = string_sprintf("%s check lookup or other defer", type);
460 DEBUG(D_route) debug_printf("%s\n", *perror);
461 return DEFER;
059ec3d9
PH		 462 }
463}
464
465
466
467/*************************************************
468* Check access by a given uid/gid *
469*************************************************/
470
471/* This function checks whether a given uid/gid has access to a given file or
472directory. It is called only from check_files() below. This is hopefully a
473cheapish check that does the job most of the time. Exim does *not* rely on this
474test when actually accessing any file. The test is used when routing to make it
475possible to take actions such as "if user x can access file y then run this
476router".
477
478During routing, Exim is normally running as root, and so the test will work
479except for NFS non-root mounts. When verifying during message reception, Exim
480is running as "exim", so the test may not work. This is a limitation of the
481Exim design.
482
483Code in check_files() below detects the case when it cannot stat() the file (as
484root), and in that situation it uses a setuid subprocess in which to run this
485test.
486
487Arguments:
488 path the path to check
489 uid the user
490 gid the group
491 bits the bits required in the final component
492
493Returns: TRUE
494 FALSE errno=EACCES or ENOENT (or others from realpath or stat)
495*/
496
497static BOOL
498route_check_access(uschar *path, uid_t uid, gid_t gid, int bits)
499{
500struct stat statbuf;
501uschar *slash;
502uschar *rp = US realpath(CS path, CS big_buffer);
503uschar *sp = rp + 1;
504
505DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path,
506 (int)uid, (int)gid, bits);
507
9cd12950 508if (!rp) return FALSE;
059ec3d9 509
9cd12950 510while ((slash = Ustrchr(sp, '/')))
059ec3d9
PH		 511 {
512 *slash = 0;
513 DEBUG(D_route) debug_printf("stat %s\n", rp);
514 if (Ustat(rp, &statbuf) < 0) return FALSE;
515 if ((statbuf.st_mode &
516 ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001)
517 ) == 0)
518 {
519 errno = EACCES;
520 return FALSE;
521 }
522 *slash = '/';
523 sp = slash + 1;
524 }
525
526/* Down to the final component */
527
528DEBUG(D_route) debug_printf("stat %s\n", rp);
529
530if (Ustat(rp, &statbuf) < 0) return FALSE;
531
532if (statbuf.st_uid == uid) bits = bits << 6;
533 else if (statbuf.st_gid == gid) bits = bits << 3;
534if ((statbuf.st_mode & bits) != bits)
535 {
536 errno = EACCES;
537 return FALSE;
538 }
539
540DEBUG(D_route) debug_printf("route_check_access() succeeded\n");
541return TRUE;
542}
543
544
545
546/*************************************************
547* Do file existence tests *
548*************************************************/
549
550/* This function is given a colon-separated list of file tests, each of which
551is expanded before use. A test consists of a file name, optionally preceded by
552! (require non-existence) and/or + for handling permission denied (+ means
553treat as non-existing).
554
555An item that contains no slashes is interpreted as a username or id, with an
556optional group id, for checking access to the file. This cannot be done
557"perfectly", but it is good enough for a number of applications.
558
559Arguments:
560 s a colon-separated list of file tests or NULL
561 perror a pointer to an anchor for an error text in the case of a DEFER
562
563Returns: OK if s == NULL or all tests are as required
564 DEFER if the existence of at least one of the files is
565 unclear (an error other than non-existence occurred);
566 DEFER if an expansion failed
567 DEFER if a name is not absolute
568 DEFER if problems with user/group
569 SKIP otherwise
570*/
571
55414b25
JH		 572static int
573check_files(const uschar *s, uschar **perror)
059ec3d9
PH		 574{
575int sep = 0; /* List has default separators */
576uid_t uid = 0; /* For picky compilers */
577gid_t gid = 0; /* For picky compilers */
578BOOL ugid_set = FALSE;
55414b25
JH		 579const uschar *listptr;
580uschar *check;
059ec3d9
PH		 581uschar buffer[1024];
582
9cd12950 583if (!s) return OK;
059ec3d9
PH		 584
585DEBUG(D_route) debug_printf("checking require_files\n");
586
587listptr = s;
55414b25 588while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))))
059ec3d9
PH		 589 {
590 int rc;
591 int eacces_code = 0;
592 BOOL invert = FALSE;
593 struct stat statbuf;
594 uschar *ss = expand_string(check);
595
9cd12950 596 if (!ss)
059ec3d9
PH		 597 {
598 if (expand_string_forcedfail) continue;
599 *perror = string_sprintf("failed to expand \"%s\" for require_files: %s",
600 check, expand_string_message);
601 goto RETURN_DEFER;
602 }
603
604 /* Empty items are just skipped */
605
606 if (*ss == 0) continue;
607
608 /* If there are no slashes in the string, we have a user name or uid, with
609 optional group/gid. */
610
611 if (Ustrchr(ss, '/') == NULL)
612 {
613 BOOL ok;
614 struct passwd *pw;
615 uschar *comma = Ustrchr(ss, ',');
616
617 /* If there's a comma, temporarily terminate the user name/number
618 at that point. Then set the uid. */
619
620 if (comma != NULL) *comma = 0;
621 ok = route_finduser(ss, &pw, &uid);
622 if (comma != NULL) *comma = ',';
623
624 if (!ok)
625 {
626 *perror = string_sprintf("user \"%s\" for require_files not found", ss);
627 goto RETURN_DEFER;
628 }
629
630 /* If there was no comma, the gid is that associated with the user. */
631
632 if (comma == NULL)
633 {
634 if (pw != NULL) gid = pw->pw_gid; else
635 {
636 *perror = string_sprintf("group missing after numerical uid %d for "
637 "require_files", (int)uid);
638 goto RETURN_DEFER;
639 }
640 }
641 else
642 {
643 if (!route_findgroup(comma + 1, &gid))
644 {
645 *perror = string_sprintf("group \"%s\" for require_files not found\n",
646 comma + 1);
647 goto RETURN_DEFER;
648 }
649 }
650
651 /* Note that we have values set, and proceed to next item */
652
653 DEBUG(D_route)
654 debug_printf("check subsequent files for access by %s\n", ss);
655 ugid_set = TRUE;
656 continue;
657 }
658
659 /* Path, possibly preceded by + and ! */
660
661 if (*ss == '+')
662 {
663 eacces_code = 1;
664 while (isspace((*(++ss))));
665 }
666
667 if (*ss == '!')
668 {
669 invert = TRUE;
670 while (isspace((*(++ss))));
671 }
672
673 if (*ss != '/')
674 {
675 *perror = string_sprintf("require_files: \"%s\" is not absolute", ss);
676 goto RETURN_DEFER;
677 }
678
679 /* Stat the file, either as root (while routing) or as exim (while verifying
680 during message reception). */
681
682 rc = Ustat(ss, &statbuf);
683
684 DEBUG(D_route)
685 {
686 debug_printf("file check: %s\n", check);
687 if (ss != check) debug_printf("expanded file: %s\n", ss);
688 debug_printf("stat() yielded %d\n", rc);
689 }
690
691 /* If permission is denied, and we are running as root (i.e. routing for
692 delivery rather than verifying), and the requirement is to test for access by
693 a particular uid/gid, it must mean that the file is on a non-root-mounted NFS
694 system. In this case, we have to use a subprocess that runs as the relevant
695 uid in order to do the test. */
696
697 if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid)
698 {
699 int status;
700 pid_t pid;
701 void (*oldsignal)(int);
702
703 DEBUG(D_route) debug_printf("root is denied access: forking to check "
704 "in subprocess\n");
705
706 /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so
707 that the child process can be waited for, just in case get here with it set
708 otherwise. Save the old state for resetting on the wait. */
709
710 oldsignal = signal(SIGCHLD, SIG_DFL);
711 pid = fork();
712
713 /* If fork() fails, reinstate the original error and behave as if
714 this block of code were not present. This is the same behavious as happens
715 when Exim is not running as root at this point. */
716
717 if (pid < 0)
718 {
719 DEBUG(D_route)
720 debug_printf("require_files: fork failed: %s\n", strerror(errno));
721 errno = EACCES;
722 goto HANDLE_ERROR;
723 }
724
725 /* In the child process, change uid and gid, and then do the check using
726 the route_check_access() function. This does more than just stat the file;
727 it tests permissions as well. Return 0 for OK and 1 for failure. */
728
729 if (pid == 0)
730 {
731 exim_setugid(uid, gid, TRUE,
732 string_sprintf("require_files check, file=%s", ss));
733 if (route_check_access(ss, uid, gid, 4)) _exit(0);
734 DEBUG(D_route) debug_printf("route_check_access() failed\n");
735 _exit(1);
736 }
737
738 /* In the parent, wait for the child to finish */
739
740 while (waitpid(pid, &status, 0) < 0)
741 {
742 if (errno != EINTR) /* unexpected error, interpret as failure */
743 {
744 status = 1;
745 break;
746 }
747 }
748
749 signal(SIGCHLD, oldsignal); /* restore */
750 if ((status == 0) == invert) return SKIP;
751 continue; /* to test the next file */
752 }
753
754 /* Control reaches here if the initial stat() succeeds, or fails with an
755 error other than EACCES, or no uid/gid is set, or we are not running as root.
756 If we know the file exists and uid/gid are set, try to check read access for
757 that uid/gid as best we can. */
758
759 if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4))
760 {
761 DEBUG(D_route) debug_printf("route_check_access() failed\n");
762 rc = -1;
763 }
764
765 /* Handle error returns from stat() or route_check_access(). The EACESS error
766 is handled specially. At present, we can force it to be treated as
767 non-existence. Write the code so that it will be easy to add forcing for
768 existence if required later. */
769
770 HANDLE_ERROR:
771 if (rc < 0)
772 {
773 DEBUG(D_route) debug_printf("errno = %d\n", errno);
774 if (errno == EACCES)
775 {
776 if (eacces_code == 1)
777 {
778 DEBUG(D_route) debug_printf("EACCES => ENOENT\n");
779 errno = ENOENT; /* Treat as non-existent */
780 }
781 }
782 if (errno != ENOENT)
783 {
784 *perror = string_sprintf("require_files: error for %s: %s", ss,
785 strerror(errno));
786 goto RETURN_DEFER;
787 }
788 }
789
790 /* At this point, rc < 0 => non-existence; rc >= 0 => existence */
791
792 if ((rc >= 0) == invert) return SKIP;
793 }
794
795return OK;
796
797/* Come here on any of the errors that return DEFER. */
798
799RETURN_DEFER:
800DEBUG(D_route) debug_printf("%s\n", *perror);
801return DEFER;
802}
803
804
805
806
807
808/*************************************************
809* Check for router skipping *
810*************************************************/
811
812/* This function performs various checks to see whether a router should be
813skipped. The order in which they are performed is important.
814
815Arguments:
816 r pointer to router instance block
817 addr address that is being handled
818 verify the verification type
819 pw ptr to ptr to passwd structure for local user
820 perror for lookup errors
821
822Returns: OK if all the tests succeed
823 SKIP if router is to be skipped
824 DEFER for a lookup defer
825 FAIL for address to be failed
826*/
827
828static BOOL
829check_router_conditions(router_instance *r, address_item *addr, int verify,
830 struct passwd **pw, uschar **perror)
831{
832int rc;
833uschar *check_local_part;
06864c44 834unsigned int *localpart_cache;
059ec3d9
PH		 835
836/* Reset variables to hold a home directory and data from lookup of a domain or
837local part, and ensure search_find_defer is unset, in case there aren't any
838actual lookups. */
839
840deliver_home = NULL;
841deliver_domain_data = NULL;
842deliver_localpart_data = NULL;
843sender_data = NULL;
844local_user_gid = (gid_t)(-1);
845local_user_uid = (uid_t)(-1);
846search_find_defer = FALSE;
847
848/* Skip this router if not verifying and it has verify_only set */
849
850if ((verify == v_none || verify == v_expn) && r->verify_only)
851 {
852 DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name);
853 return SKIP;
854 }
855
856/* Skip this router if testing an address (-bt) and address_test is not set */
857
858if (address_test_mode && !r->address_test)
859 {
860 DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n",
861 r->name);
862 return SKIP;
863 }
864
865/* Skip this router if verifying and it hasn't got the appropriate verify flag
866set. */
867
868if ((verify == v_sender && !r->verify_sender) ||
869 (verify == v_recipient && !r->verify_recipient))
870 {
871 DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n",
872 r->name, verify, r->verify_sender, r->verify_recipient);
873 return SKIP;
874 }
875
876/* Skip this router if processing EXPN and it doesn't have expn set */
877
878if (verify == v_expn && !r->expn)
879 {
880 DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name);
881 return SKIP;
882 }
883
884/* Skip this router if there's a domain mismatch. */
885
886if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor,
55414b25
JH		 887 addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data,
888 MCL_DOMAIN, perror)) != OK)
059ec3d9
PH		 889 return rc;
890
891/* Skip this router if there's a local part mismatch. We want to pass over the
892caseful local part, so that +caseful can restore it, even if this router is
893handling local parts caselessly. However, we can't just pass cc_local_part,
894because that doesn't have the prefix or suffix stripped. A bit of massaging is
06864c44
TF		 895required. Also, we only use the match cache for local parts that have not had
896a prefix or suffix stripped. */
059ec3d9 897
9cd12950 898if (!addr->prefix && !addr->suffix)
06864c44
TF		 899 {
900 localpart_cache = addr->localpart_cache;
059ec3d9 901 check_local_part = addr->cc_local_part;
06864c44 902 }
059ec3d9
PH		 903else
904 {
06864c44 905 localpart_cache = NULL;
059ec3d9 906 check_local_part = string_copy(addr->cc_local_part);
9cd12950 907 if (addr->prefix)
059ec3d9 908 check_local_part += Ustrlen(addr->prefix);
9cd12950 909 if (addr->suffix)
059ec3d9
PH		 910 check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0;
911 }
912
913if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
06864c44 914 &localpartlist_anchor, localpart_cache, MCL_LOCALPART,
55414b25
JH		 915 check_local_part, CUSS &deliver_localpart_data,
916 !r->caseful_local_part, perror)) != OK)
059ec3d9
PH		 917 return rc;
918
919/* If the check_local_user option is set, check that the local_part is the
920login of a local user. Note: the third argument to route_finduser() must be
921NULL here, to prevent a numeric string being taken as a numeric uid. If the
922user is found, set deliver_home to the home directory, and also set
923local_user_{uid,gid}. */
924
925if (r->check_local_user)
926 {
927 DEBUG(D_route) debug_printf("checking for local user\n");
928 if (!route_finduser(addr->local_part, pw, NULL))
929 {
930 DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n",
931 r->name, addr->local_part);
932 return SKIP;
933 }
934 deliver_home = string_copy(US (*pw)->pw_dir);
935 local_user_gid = (*pw)->pw_gid;
936 local_user_uid = (*pw)->pw_uid;
937 }
938
939/* Set (or override in the case of check_local_user) the home directory if
940router_home_directory is set. This is done here so that it overrides $home from
941check_local_user before any subsequent expansions are done. Otherwise, $home
942could mean different things for different options, which would be extremely
943confusing. */
944
9cd12950 945if (r->router_home_directory)
059ec3d9
PH		 946 {
947 uschar *router_home = expand_string(r->router_home_directory);
9cd12950 948 if (!router_home)
059ec3d9
PH		 949 {
950 if (!expand_string_forcedfail)
951 {
952 *perror = string_sprintf("failed to expand \"%s\" for "
953 "router_home_directory: %s", r->router_home_directory,
954 expand_string_message);
955 return DEFER;
956 }
957 }
958 else
959 {
960 setflag(addr, af_home_expanded); /* Note set from router_home_directory */
961 deliver_home = router_home;
962 }
963 }
964
965/* Skip if the sender condition is not met. We leave this one till after the
966local user check so that $home is set - enabling the possiblity of letting
967individual recipients specify lists of acceptable/unacceptable senders. */
968
969if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
970 sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK)
971 return rc;
972
973/* This is the point at which we print out the router's debugging string if it
974is set. We wait till here so as to have $home available for local users (and
975anyway, we don't want too much stuff for skipped routers). */
976
977debug_print_string(r->debug_string);
978
979/* Perform file existence tests. */
980
981if ((rc = check_files(r->require_files, perror)) != OK)
982 {
983 DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name,
984 (rc == SKIP)? "skipped" : "deferred");
985 return rc;
986 }
987
988/* Now the general condition test. */
989
9cd12950 990if (r->condition)
059ec3d9 991 {
adaa0e2c 992 DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition);
059ec3d9
PH		 993 if (!expand_check_condition(r->condition, r->name, US"router"))
994 {
995 if (search_find_defer)
996 {
997 *perror = US"condition check lookup defer";
998 DEBUG(D_route) debug_printf("%s\n", *perror);
999 return DEFER;
1000 }
1001 DEBUG(D_route)
1002 debug_printf("%s router skipped: condition failure\n", r->name);
1003 return SKIP;
1004 }
1005 }
1006
8523533c
TK		 1007#ifdef EXPERIMENTAL_BRIGHTMAIL
1008/* check if a specific Brightmail AntiSpam rule fired on the message */
9cd12950
JH		 1009if (r->bmi_rule)
1010 {
8523533c 1011 DEBUG(D_route) debug_printf("checking bmi_rule\n");
9cd12950
JH		 1012 if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0)
1013 { /* none of the rules fired */
8523533c
TK		 1014 DEBUG(D_route)
1015 debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name);
1016 return SKIP;
9cd12950
JH		 1017 }
1018 }
8523533c
TK		 1019
1020/* check if message should not be delivered */
9cd12950
JH		 1021if (r->bmi_dont_deliver && bmi_deliver == 1)
1022 {
1023 DEBUG(D_route)
1024 debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name);
1025 return SKIP;
1026 }
8523533c
TK		 1027
1028/* check if message should go to an alternate location */
9cd12950
JH		 1029if ( r->bmi_deliver_alternate
1030 && (bmi_deliver == 0 || !bmi_alt_location)
1031 )
1032 {
1033 DEBUG(D_route)
1034 debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name);
1035 return SKIP;
1036 }
8523533c
TK		 1037
1038/* check if message should go to default location */
9cd12950
JH		 1039if ( r->bmi_deliver_default
1040 && (bmi_deliver == 0 || bmi_alt_location)
1041 )
1042 {
1043 DEBUG(D_route)
1044 debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name);
1045 return SKIP;
1046 }
8523533c
TK		 1047#endif
1048
059ec3d9
PH		 1049/* All the checks passed. */
1050
1051return OK;
1052}
1053
1054
1055
1056
1057/*************************************************
1058* Find a local user *
1059*************************************************/
1060
1061/* Try several times (if configured) to find a local user, in case delays in
1062NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam()
1063doesn't have some kind of indication as to why it has failed. If the string
1064given consists entirely of digits, and the third argument is not NULL, assume
1065the string is the numerical value of the uid. Otherwise it is looked up using
1066getpwnam(). The uid is passed back via return_uid, if not NULL, and the
1067pointer to a passwd structure, if found, is passed back via pw, if not NULL.
1068
1069Because this may be called several times in succession for the same user for
1070different routers, cache the result of the previous getpwnam call so that it
1071can be re-used. Note that we can't just copy the structure, as the store it
1072points to can get trashed.
1073
1074Arguments:
1075 s the login name or textual form of the numerical uid of the user
1076 pw if not NULL, return the result of getpwnam here, or set NULL
1077 if no call to getpwnam is made (s numeric, return_uid != NULL)
1078 return_uid if not NULL, return the uid via this address
1079
1080Returns: TRUE if s is numerical or was looked up successfully
1081
1082*/
1083
1084static struct passwd pwcopy;
1085static struct passwd *lastpw = NULL;
1086static uschar lastname[48] = { 0 };
1087static uschar lastdir[128];
1088static uschar lastgecos[128];
1089static uschar lastshell[128];
1090
1091BOOL
55414b25 1092route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid)
059ec3d9 1093{
d8fe1c03
PH		 1094BOOL cache_set = (Ustrcmp(lastname, s) == 0);
1095
1096DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s,
1097 cache_set? "using cached result" : "cache not available");
1098
1099if (!cache_set)
059ec3d9
PH		 1100 {
1101 int i = 0;
1102
9cd12950 1103 if (return_uid && (isdigit(*s) || *s == '-') &&
059ec3d9
PH		 1104 s[Ustrspn(s+1, "0123456789")+1] == 0)
1105 {
1106 *return_uid = (uid_t)Uatoi(s);
9cd12950 1107 if (pw) *pw = NULL;
059ec3d9
PH		 1108 return TRUE;
1109 }
1110
1111 (void)string_format(lastname, sizeof(lastname), "%s", s);
1112
1113 /* Force failure if string length is greater than given maximum */
1114
1115 if (max_username_length > 0 && Ustrlen(lastname) > max_username_length)
1116 {
1117 DEBUG(D_uid) debug_printf("forced failure of finduser(): string "
1118 "length of %s is greater than %d\n", lastname, max_username_length);
1119 lastpw = NULL;
1120 }
1121
1122 /* Try a few times if so configured; this handles delays in NIS etc. */
1123
1124 else for (;;)
1125 {
73a6bc4b 1126 errno = 0;
9cd12950 1127 if ((lastpw = getpwnam(CS s))) break;
059ec3d9
PH		 1128 if (++i > finduser_retries) break;
1129 sleep(1);
1130 }
1131
9cd12950 1132 if (lastpw)
059ec3d9
PH		 1133 {
1134 pwcopy.pw_uid = lastpw->pw_uid;
1135 pwcopy.pw_gid = lastpw->pw_gid;
1136 (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir);
1137 (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos);
1138 (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell);
1139 pwcopy.pw_name = CS lastname;
1140 pwcopy.pw_dir = CS lastdir;
1141 pwcopy.pw_gecos = CS lastgecos;
1142 pwcopy.pw_shell = CS lastshell;
1143 lastpw = &pwcopy;
1144 }
d8fe1c03 1145
9cd12950
JH		 1146 else DEBUG(D_uid) if (errno != 0)
1147 debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno));
d8fe1c03
PH		 1148 }
1149
9cd12950 1150if (!lastpw)
d8fe1c03
PH		 1151 {
1152 DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n");
1153 return FALSE;
059ec3d9 1154 }
9cd12950
JH		 1155
1156DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n",
d8fe1c03 1157 lastpw->pw_uid, lastpw->pw_gid);
059ec3d9 1158
9cd12950
JH		 1159if (return_uid) *return_uid = lastpw->pw_uid;
1160if (pw) *pw = lastpw;
059ec3d9
PH		 1161
1162return TRUE;
1163}
1164
1165
1166
1167
1168/*************************************************
1169* Find a local group *
1170*************************************************/
1171
1172/* Try several times (if configured) to find a local group, in case delays in
1173NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam()
1174doesn't have some kind of indication as to why it has failed.
1175
1176Arguments:
1177 s the group namd or textual form of the numerical gid
1178 return_gid return the gid via this address
1179
1180Returns: TRUE if the group was found; FALSE otherwise
1181
1182*/
1183
1184BOOL
1185route_findgroup(uschar *s, gid_t *return_gid)
1186{
1187int i = 0;
1188struct group *gr;
1189
1190if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0)
1191 {
1192 *return_gid = (gid_t)Uatoi(s);
1193 return TRUE;
1194 }
1195
1196for (;;)
1197 {
9cd12950 1198 if ((gr = getgrnam(CS s)))
059ec3d9
PH		 1199 {
1200 *return_gid = gr->gr_gid;
1201 return TRUE;
1202 }
1203 if (++i > finduser_retries) break;
1204 sleep(1);
1205 }
1206
1207return FALSE;
1208}
1209
1210
1211
1212
1213/*************************************************
1214* Find user by expanding string *
1215*************************************************/
1216
1217/* Expands a string, and then looks up the result in the passwd file.
1218
1219Arguments:
1220 string the string to be expanded, yielding a login name or a numerical
1221 uid value (to be passed to route_finduser())
1222 driver_name caller name for panic error message (only)
1223 driver_type caller type for panic error message (only)
1224 pw return passwd entry via this pointer
1225 uid return uid via this pointer
1226 errmsg where to point a message on failure
1227
1228Returns: TRUE if user found, FALSE otherwise
1229*/
1230
1231BOOL
1232route_find_expanded_user(uschar *string, uschar *driver_name,
1233 uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg)
1234{
1235uschar *user = expand_string(string);
1236
9cd12950 1237if (!user)
059ec3d9
PH		 1238 {
1239 *errmsg = string_sprintf("Failed to expand user string \"%s\" for the "
1240 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1241 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1242 return FALSE;
1243 }
1244
1245if (route_finduser(user, pw, uid)) return TRUE;
1246
1247*errmsg = string_sprintf("Failed to find user \"%s\" from expanded string "
1248 "\"%s\" for the %s %s", user, string, driver_name, driver_type);
1249log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1250return FALSE;
1251}
1252
1253
1254
1255/*************************************************
1256* Find group by expanding string *
1257*************************************************/
1258
1259/* Expands a string and then looks up the result in the group file.
1260
1261Arguments:
1262 string the string to be expanded, yielding a group name or a numerical
1263 gid value (to be passed to route_findgroup())
1264 driver_name caller name for panic error message (only)
1265 driver_type caller type for panic error message (only)
1266 gid return gid via this pointer
1267 errmsg return error message via this pointer
1268
1269Returns: TRUE if found group, FALSE otherwise
1270*/
1271
1272BOOL
1273route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type,
1274 gid_t *gid, uschar **errmsg)
1275{
1276BOOL yield = TRUE;
1277uschar *group = expand_string(string);
1278
9cd12950 1279if (!group)
059ec3d9
PH		 1280 {
1281 *errmsg = string_sprintf("Failed to expand group string \"%s\" for the "
1282 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1283 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1284 return FALSE;
1285 }
1286
1287if (!route_findgroup(group, gid))
1288 {
1289 *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string "
1290 "\"%s\" for the %s %s", group, string, driver_name, driver_type);
1291 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1292 yield = FALSE;
1293 }
1294
1295return yield;
1296}
1297
1298
1299
059ec3d9
PH		 1300/*************************************************
1301* Handle an unseen routing *
1302*************************************************/
1303
1304/* This function is called when an address is routed by a router with "unseen"
1305set. It must make a clone of the address, for handling by subsequent drivers.
1306The clone is set to start routing at the next router.
1307
1308The original address must be replaced by an invented "parent" which has the
1309routed address plus the clone as its children. This is necessary in case the
1310address is at the top level - we don't want to mark it complete until both
1311deliveries have been done.
1312
1313A new unique field must be made, so that the record of the delivery isn't a
1314record of the original address, and checking for already delivered has
1315therefore to be done here. If the delivery has happened, then take the base
1316address off whichever delivery queue it is on - it will always be the top item.
1317
1318Arguments:
1319 name router name
1320 addr address that was routed
1321 paddr_local chain of local-delivery addresses
1322 paddr_remote chain of remote-delivery addresses
1323 addr_new chain for newly created addresses
1324
1325Returns: nothing
1326*/
1327
1328static void
1329route_unseen(uschar *name, address_item *addr, address_item **paddr_local,
1330 address_item **paddr_remote, address_item **addr_new)
1331{
1332address_item *parent = deliver_make_addr(addr->address, TRUE);
1333address_item *new = deliver_make_addr(addr->address, TRUE);
1334
1335/* The invented parent is a copy that replaces the original; note that
1336this copies its parent pointer. It has two children, and its errors_address is
1337from the original address' parent, if present, otherwise unset. */
1338
1339*parent = *addr;
1340parent->child_count = 2;
d43cbe25 1341parent->prop.errors_address =
9cd12950 1342 addr->parent ? addr->parent->prop.errors_address : NULL;
059ec3d9
PH		 1343
1344/* The routed address gets a new parent. */
1345
1346addr->parent = parent;
1347
1348/* The clone has this parent too. Set its errors address from the parent. This
1349was set from the original parent (or to NULL) - see above. We do NOT want to
1350take the errors address from the unseen router. */
1351
1352new->parent = parent;
d43cbe25 1353new->prop.errors_address = parent->prop.errors_address;
059ec3d9
PH		 1354
1355/* Copy the propagated flags and address_data from the original. */
1356
1357copyflag(new, addr, af_propagate);
d43cbe25 1358new->prop.address_data = addr->prop.address_data;
6c1c3d1d
WB		 1359new->dsn_flags = addr->dsn_flags;
1360new->dsn_orcpt = addr->dsn_orcpt;
059ec3d9
PH		 1361
1362
1363/* As it has turned out, we haven't set headers_add or headers_remove for the
1364 * clone. Thinking about it, it isn't entirely clear whether they should be
1365 * copied from the original parent, like errors_address, or taken from the
1366 * unseen router, like address_data and the flags. Until somebody brings this
1367 * up, I propose to leave the code as it is.
1368 */
1369
1370
1371/* Set the cloned address to start at the next router, and put it onto the
1372chain of new addresses. */
1373
1374new->start_router = addr->router->next;
1375new->next = *addr_new;
1376*addr_new = new;
1377
1378DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address);
1379
1380/* Make a new unique field, to distinguish from the normal one. */
1381
1382addr->unique = string_sprintf("%s/%s", addr->unique, name);
1383
1384/* If the address has been routed to a transport, see if it was previously
1385delivered. If so, we take it off the relevant queue so that it isn't delivered
1386again. Otherwise, it was an alias or something, and the addresses it generated
1387are handled in the normal way. */
1388
9cd12950 1389if (addr->transport && tree_search(tree_nonrecipients, addr->unique))
059ec3d9
PH		 1390 {
1391 DEBUG(D_route)
1392 debug_printf("\"unseen\" delivery previously done - discarded\n");
1393 parent->child_count--;
1394 if (*paddr_remote == addr) *paddr_remote = addr->next;
1395 if (*paddr_local == addr) *paddr_local = addr->next;
1396 }
1397}
1398
1399
1400
1401/*************************************************
1402* Route one address *
1403*************************************************/
1404
1405/* This function is passed in one address item, for processing by the routers.
1406The verify flag is set if this is being called for verification rather than
1407delivery. If the router doesn't have its "verify" flag set, it is skipped.
1408
1409Arguments:
1410 addr address to route
1411 paddr_local chain of local-delivery addresses
1412 paddr_remote chain of remote-delivery addresses
1413 addr_new chain for newly created addresses
1414 addr_succeed chain for completed addresses
1415 verify v_none if not verifying
1416 v_sender if verifying a sender address
1417 v_recipient if verifying a recipient address
1418 v_expn if processing an EXPN address
1419
1420Returns: OK => address successfully routed
1421 DISCARD => address was discarded
1422 FAIL => address could not be routed
1423 DEFER => some temporary problem
1424 ERROR => some major internal or configuration failure
1425*/
1426
1427int
1428route_address(address_item *addr, address_item **paddr_local,
1429 address_item **paddr_remote, address_item **addr_new,
1430 address_item **addr_succeed, int verify)
1431{
1432int yield = OK;
1433BOOL unseen;
1434router_instance *r, *nextr;
55414b25 1435const uschar *old_domain = addr->domain;
059ec3d9
PH		 1436
1437HDEBUG(D_route)
1438 {
1439 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1440 debug_printf("routing %s\n", addr->address);
1441 }
1442
1443/* Loop through all router instances until a router succeeds, fails, defers, or
1444encounters an error. If the address has start_router set, we begin from there
1445instead of at the first router. */
1446
9cd12950 1447for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
059ec3d9
PH		 1448 {
1449 uschar *error;
1450 struct passwd *pw = NULL;
1451 struct passwd pwcopy;
1452 address_item *parent;
1453 BOOL loop_detected = FALSE;
1454 BOOL more;
1455 int loopcount = 0;
1456 int rc;
1457
1458 DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name);
1459
1460 /* Reset any search error message from the previous router. */
1461
1462 search_error_message = NULL;
1463
1464 /* There are some weird cases where logging is disabled */
1465
1466 disable_logging = r->disable_logging;
1467
1468 /* Record the last router to handle the address, and set the default
1469 next router. */
1470
1471 addr->router = r;
1472 nextr = r->next;
1473
1474 /* Loop protection: If this address has an ancestor with the same address,
1475 and that ancestor was routed by this router, we skip this router. This
1476 prevents a variety of looping states when a new address is created by
1477 redirection or by the use of "unseen" on a router.
1478
1479 If no_repeat_use is set on the router, we skip if _any_ ancestor was routed
1480 by this router, even if it was different to the current address.
1481
1482 Just in case someone does put it into a loop (possible with redirection
1483 continally adding to an address, for example), put a long stop counter on
1484 the number of parents. */
1485
9cd12950 1486 for (parent = addr->parent; parent; parent = parent->parent)
059ec3d9
PH		 1487 {
1488 if (parent->router == r)
1489 {
1490 BOOL break_loop = !r->repeat_use;
1491
1492 /* When repeat_use is set, first check the active addresses caselessly.
1493 If they match, we have to do a further caseful check of the local parts
1494 when caseful_local_part is set. This is assumed to be rare, which is why
1495 the code is written this way. */
1496
1497 if (!break_loop)
1498 {
1499 break_loop = strcmpic(parent->address, addr->address) == 0;
1500 if (break_loop && r->caseful_local_part)
1501 break_loop = Ustrncmp(parent->address, addr->address,
1502 Ustrrchr(addr->address, '@') - addr->address) == 0;
1503 }
1504
1505 if (break_loop)
1506 {
1507 DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n",
1508 r->name, parent->address);
1509 loop_detected = TRUE;
1510 break;
1511 }
1512 }
1513
1514 /* Continue with parents, limiting the size of the dynasty. */
1515
1516 if (loopcount++ > 100)
1517 {
1518 log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address);
1519 yield = DEFER;
1520 goto ROUTE_EXIT;
1521 }
1522 }
1523
1524 if (loop_detected) continue;
1525
1526 /* Default no affixes and select whether to use a caseful or caseless local
1527 part in this router. */
1528
1529 addr->prefix = addr->suffix = NULL;
1530 addr->local_part = r->caseful_local_part?
1531 addr->cc_local_part : addr->lc_local_part;
1532
1533 DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part,
1534 addr->domain);
1535
1536 /* Handle any configured prefix by replacing the local_part address,
1537 and setting the prefix. Skip the router if the prefix doesn't match,
1538 unless the prefix is optional. */
1539
9cd12950 1540 if (r->prefix)
059ec3d9
PH		 1541 {
1542 int plen = route_check_prefix(addr->local_part, r->prefix);
1543 if (plen > 0)
1544 {
1545 addr->prefix = string_copyn(addr->local_part, plen);
1546 addr->local_part += plen;
1547 DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1548 }
1549 else if (!r->prefix_optional)
1550 {
1551 DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n",
1552 r->name);
1553 continue;
1554 }
1555 }
1556
1557 /* Handle any configured suffix likewise. */
1558
9cd12950 1559 if (r->suffix)
059ec3d9
PH		 1560 {
1561 int slen = route_check_suffix(addr->local_part, r->suffix);
1562 if (slen > 0)
1563 {
1564 int lplen = Ustrlen(addr->local_part) - slen;
1565 addr->suffix = addr->local_part + lplen;
1566 addr->local_part = string_copyn(addr->local_part, lplen);
1567 DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
1568 }
1569 else if (!r->suffix_optional)
1570 {
1571 DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n",
1572 r->name);
1573 continue;
1574 }
1575 }
1576
1577 /* Set the expansion variables now that we have the affixes and the case of
1578 the local part sorted. */
1579
2a47f028 1580 router_name = r->name;
059ec3d9
PH		 1581 deliver_set_expansions(addr);
1582
1583 /* For convenience, the pre-router checks are in a separate function, which
1584 returns OK, SKIP, FAIL, or DEFER. */
1585
1586 if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1587 {
2a47f028 1588 router_name = NULL;
059ec3d9
PH		 1589 if (rc == SKIP) continue;
1590 addr->message = error;
1591 yield = rc;
1592 goto ROUTE_EXIT;
1593 }
1594
1595 /* All pre-conditions have been met. Reset any search error message from
1596 pre-condition tests. These can arise in negated tests where the failure of
1597 the lookup leads to a TRUE pre-condition. */
1598
1599 search_error_message = NULL;
1600
1601 /* Finally, expand the address_data field in the router. Forced failure
1602 behaves as if the router declined. Any other failure is more serious. On
1603 success, the string is attached to the address for all subsequent processing.
1604 */
1605
9cd12950 1606 if (r->address_data)
059ec3d9
PH		 1607 {
1608 DEBUG(D_route) debug_printf("processing address_data\n");
1609 deliver_address_data = expand_string(r->address_data);
9cd12950 1610 if (!deliver_address_data)
059ec3d9
PH		 1611 {
1612 if (expand_string_forcedfail)
1613 {
1614 DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" "
1615 "(address_data): decline action taken\n", r->address_data);
1616
1617 /* Expand "more" if necessary; DEFER => an expansion failed */
1618
9c695f6d
JH		 1619 yield = exp_bool(addr, US"router", r->name, D_route,
1620 US"more", r->more, r->expand_more, &more);
059ec3d9
PH		 1621 if (yield != OK) goto ROUTE_EXIT;
1622
1623 if (!more)
1624 {
1625 DEBUG(D_route)
1626 debug_printf("\"more\"=false: skipping remaining routers\n");
2a47f028 1627 router_name = NULL;
059ec3d9
PH		 1628 r = NULL;
1629 break;
1630 }
1631 else continue; /* With next router */
1632 }
1633
1634 else
1635 {
1636 addr->message = string_sprintf("expansion of \"%s\" failed "
1637 "in %s router: %s", r->address_data, r->name, expand_string_message);
1638 yield = DEFER;
1639 goto ROUTE_EXIT;
1640 }
1641 }
d43cbe25 1642 addr->prop.address_data = deliver_address_data;
059ec3d9
PH		 1643 }
1644
1645 /* We are finally cleared for take-off with this router. Clear the the flag
1646 that records that a local host was removed from a routed host list. Make a
1647 copy of relevant fields in the password information from check_local_user,
1648 because it will be overwritten if check_local_user is invoked again while
1649 verifying an errors_address setting. */
1650
1651 clearflag(addr, af_local_host_removed);
1652
9cd12950 1653 if (pw)
059ec3d9
PH		 1654 {
1655 pwcopy.pw_name = CS string_copy(US pw->pw_name);
1656 pwcopy.pw_uid = pw->pw_uid;
1657 pwcopy.pw_gid = pw->pw_gid;
1658 pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos);
1659 pwcopy.pw_dir = CS string_copy(US pw->pw_dir);
1660 pwcopy.pw_shell = CS string_copy(US pw->pw_shell);
1661 pw = &pwcopy;
1662 }
1663
1664 /* Run the router, and handle the consequences. */
1665
9cd12950
JH		 1666 /* ... but let us check on DSN before. If this should be the last hop for DSN
1667 set flag. */
1668
1669 if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop))
98c82a3d 1670 {
6c1c3d1d
WB		 1671 addr->dsn_flags |= rf_dsnlasthop;
1672 HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address);
98c82a3d 1673 }
6c1c3d1d 1674
059ec3d9
PH		 1675 HDEBUG(D_route) debug_printf("calling %s router\n", r->name);
1676
fd6de02e
PH		 1677 yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
1678 addr_new, addr_succeed);
059ec3d9 1679
2a47f028
JH		 1680 router_name = NULL;
1681
059ec3d9
PH		 1682 if (yield == FAIL)
1683 {
1684 HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
1685 goto ROUTE_EXIT;
1686 }
1687
1688 /* If succeeded while verifying but fail_verify is set, convert into
1689 a failure, and take it off the local or remote delivery list. */
1690
1691 if (((verify == v_sender && r->fail_verify_sender) ||
1692 (verify == v_recipient && r->fail_verify_recipient)) &&
1693 (yield == OK || yield == PASS))
1694 {
1695 addr->message = string_sprintf("%s router forced verify failure", r->name);
1696 if (*paddr_remote == addr) *paddr_remote = addr->next;
1697 if (*paddr_local == addr) *paddr_local = addr->next;
1698 yield = FAIL;
1699 goto ROUTE_EXIT;
1700 }
1701
1702 /* PASS and DECLINE are the only two cases where the loop continues. For all
1703 other returns, we break the loop and handle the result below. */
1704
1705 if (yield != PASS && yield != DECLINE) break;
1706
1707 HDEBUG(D_route)
1708 {
1709 debug_printf("%s router %s for %s\n", r->name,
1710 (yield == PASS)? "passed" : "declined", addr->address);
1711 if (Ustrcmp(old_domain, addr->domain) != 0)
1712 debug_printf("domain %s rewritten\n", old_domain);
1713 }
1714
1715 /* PASS always continues to another router; DECLINE does so if "more"
1716 is true. Initialization insists that pass_router is always a following
1717 router. Otherwise, break the loop as if at the end of the routers. */
1718
1719 if (yield == PASS)
1720 {
1721 if (r->pass_router != NULL) nextr = r->pass_router;
1722 }
1723 else
1724 {
1725 /* Expand "more" if necessary */
1726
9c695f6d
JH		 1727 yield = exp_bool(addr, US"router", r->name, D_route,
1728 US"more", r->more, r->expand_more, &more);
059ec3d9
PH		 1729 if (yield != OK) goto ROUTE_EXIT;
1730
1731 if (!more)
1732 {
1733 HDEBUG(D_route)
1734 debug_printf("\"more\" is false: skipping remaining routers\n");
1735 r = NULL;
1736 break;
1737 }
1738 }
1739 } /* Loop for all routers */
1740
1741/* On exit from the routers loop, if r == NULL we have run out of routers,
1742either genuinely, or as a result of no_more. Otherwise, the loop ended
1743prematurely, either because a router succeeded, or because of some special
1744router response. Note that FAIL errors and errors detected before actually
1745running a router go direct to ROUTE_EXIT from code above. */
1746
9cd12950 1747if (!r)
059ec3d9
PH		 1748 {
1749 HDEBUG(D_route) debug_printf("no more routers\n");
9cd12950 1750 if (!addr->message)
059ec3d9
PH		 1751 {
1752 uschar *message = US"Unrouteable address";
9cd12950 1753 if (addr->router && addr->router->cannot_route_message)
059ec3d9
PH		 1754 {
1755 uschar *expmessage = expand_string(addr->router->cannot_route_message);
9cd12950 1756 if (!expmessage)
059ec3d9
PH		 1757 {
1758 if (!expand_string_forcedfail)
1759 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
1760 "cannot_route_message in %s router: %s", addr->router->name,
1761 expand_string_message);
1762 }
1763 else message = expmessage;
1764 }
1765 addr->user_message = addr->message = message;
1766 }
1767 addr->router = NULL; /* For logging */
1768 yield = FAIL;
1769 goto ROUTE_EXIT;
1770 }
1771
1772if (yield == DEFER)
1773 {
1774 HDEBUG(D_route)
1775 {
1776 debug_printf("%s router: defer for %s\n", r->name, addr->address);
1777 debug_printf(" message: %s\n", (addr->message == NULL)?
1778 US"<none>" : addr->message);
1779 }
1780 goto ROUTE_EXIT;
1781 }
1782
1783if (yield == DISCARD) goto ROUTE_EXIT;
1784
1785/* The yield must be either OK or REROUTED. */
1786
1787if (yield != OK && yield != REROUTED)
1788 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d",
1789 r->name, yield);
1790
1791/* If the yield was REROUTED, the router put a child address on the new chain
1792as a result of a domain change of some sort (widening, typically). */
1793
1794if (yield == REROUTED)
1795 {
1796 HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address);
1797 yield = OK;
1798 goto ROUTE_EXIT;
1799 }
1800
1801/* The only remaining possibility is that the router succeeded. If the
1802translate_ip_address options is set and host addresses were associated with the
1803address, run them through the translation. This feature is for weird and
1804wonderful situations (the amateur packet radio people need it) or very broken
1805networking, so it is included in the binary only if requested. */
1806
1807#ifdef SUPPORT_TRANSLATE_IP_ADDRESS
1808
9cd12950 1809if (r->translate_ip_address)
059ec3d9
PH		 1810 {
1811 int rc;
1812 int old_pool = store_pool;
1813 host_item *h;
9cd12950 1814 for (h = addr->host_list; h; h = h->next)
059ec3d9
PH		 1815 {
1816 uschar *newaddress;
1817 uschar *oldaddress, *oldname;
1818
9cd12950 1819 if (!h->address) continue;
059ec3d9
PH		 1820
1821 deliver_host_address = h->address;
1822 newaddress = expand_string(r->translate_ip_address);
1823 deliver_host_address = NULL;
1824
9cd12950 1825 if (!newaddress)
059ec3d9
PH		 1826 {
1827 if (expand_string_forcedfail) continue;
1828 addr->basic_errno = ERRNO_EXPANDFAIL;
1829 addr->message = string_sprintf("translate_ip_address expansion "
1830 "failed: %s", expand_string_message);
1831 yield = DEFER;
1832 goto ROUTE_EXIT;
1833 }
1834
1835 DEBUG(D_route) debug_printf("%s [%s] translated to %s\n",
1836 h->name, h->address, newaddress);
7e66e54d 1837 if (string_is_ip_address(newaddress, NULL) != 0)
059ec3d9
PH		 1838 {
1839 h->address = newaddress;
1840 continue;
1841 }
1842
1843 oldname = h->name;
1844 oldaddress = h->address;
1845 h->name = newaddress;
1846 h->address = NULL;
1847 h->mx = MX_NONE;
1848
1849 store_pool = POOL_PERM;
322050c2 1850 rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
059ec3d9
PH		 1851 store_pool = old_pool;
1852
1853 if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN)
1854 {
1855 addr->basic_errno = ERRNO_UNKNOWNHOST;
1856 addr->message = string_sprintf("host %s not found when "
1857 "translating %s [%s]", h->name, oldname, oldaddress);
1858 yield = DEFER;
1859 goto ROUTE_EXIT;
1860 }
1861 }
1862 }
1863#endif /* SUPPORT_TRANSLATE_IP_ADDRESS */
1864
1865/* See if this is an unseen routing; first expand the option if necessary.
1866DEFER can be given if the expansion fails */
1867
9c695f6d
JH		 1868yield = exp_bool(addr, US"router", r->name, D_route,
1869 US"unseen", r->unseen, r->expand_unseen, &unseen);
059ec3d9
PH		 1870if (yield != OK) goto ROUTE_EXIT;
1871
059ec3d9
PH		 1872/* Debugging output recording a successful routing */
1873
9cd12950 1874HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name,
059ec3d9 1875 unseen? " (unseen)" : "");
059ec3d9
PH		 1876
1877DEBUG(D_route)
1878 {
1879 host_item *h;
1880
1881 debug_printf(" envelope to: %s\n", addr->address);
1882 debug_printf(" transport: %s\n", (addr->transport == NULL)?
1883 US"<none>" : addr->transport->name);
1884
9cd12950 1885 if (addr->prop.errors_address)
d43cbe25 1886 debug_printf(" errors to %s\n", addr->prop.errors_address);
059ec3d9 1887
9cd12950 1888 for (h = addr->host_list; h; h = h->next)
059ec3d9
PH		 1889 {
1890 debug_printf(" host %s", h->name);
9cd12950 1891 if (h->address) debug_printf(" [%s]", h->address);
059ec3d9
PH		 1892 if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
1893 else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
1894 if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
805c9d53 1895 if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no");
059ec3d9
PH		 1896 debug_printf("\n");
1897 }
1898 }
1899
1900/* Clear any temporary error message set by a router that declined, and handle
1901the "unseen" option (ignore if there are no further routers). */
1902
1903addr->message = NULL;
9cd12950 1904if (unseen && r->next)
059ec3d9
PH		 1905 route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new);
1906
1907/* Unset the address expansions, and return the final result. */
1908
1909ROUTE_EXIT:
f42deca9
JH		 1910if (yield == DEFER && addr->message)
1911 addr->message = expand_hide_passwords(addr->message);
76aa570c 1912
059ec3d9 1913deliver_set_expansions(NULL);
2a47f028 1914router_name = NULL;
059ec3d9
PH		 1915disable_logging = FALSE;
1916return yield;
1917}
1918
1919/* End of route.c */
Unnamed repository; edit this file 'description' to name the repository.