projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Copyright updates:
[exim.git] / src / src / routers / redirect.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
1e1ddfac 6/* Copyright (c) The Exim Maintainers 2020 */
0756eb3c
PH		 7/* See the file NOTICE for conditions of use and distribution. */
8
9
10#include "../exim.h"
11#include "rf_functions.h"
12#include "redirect.h"
13
14
15
16/* Options specific to the redirect router. */
13a4b4c1 17#define LOFF(field) OPT_OFF(redirect_router_options_block, field)
0756eb3c
PH		 18
19optionlist redirect_router_options[] = {
20 { "allow_defer", opt_bit | (RDON_DEFER << 16),
13a4b4c1 21 LOFF(bit_options) },
0756eb3c 22 { "allow_fail", opt_bit | (RDON_FAIL << 16),
13a4b4c1 23 LOFF(bit_options) },
0756eb3c 24 { "allow_filter", opt_bit | (RDON_FILTER << 16),
13a4b4c1 25 LOFF(bit_options) },
0756eb3c 26 { "allow_freeze", opt_bit | (RDON_FREEZE << 16),
13a4b4c1
JH		 27 LOFF(bit_options) },
28 { "check_ancestor", opt_bool, LOFF(check_ancestor) },
29 { "check_group", opt_bool, LOFF(check_group) },
30 { "check_owner", opt_bool, LOFF(check_owner) },
31 { "data", opt_stringptr, LOFF(data) },
32 { "directory_transport",opt_stringptr, LOFF(directory_transport_name) },
33 { "file", opt_stringptr, LOFF(file) },
34 { "file_transport", opt_stringptr, LOFF(file_transport_name) },
35
4608d683 36 { "filter_prepend_home",opt_bit | (RDON_PREPEND_HOME << 16),
13a4b4c1 37 LOFF(bit_options) },
0756eb3c 38 { "forbid_blackhole", opt_bit | (RDON_BLACKHOLE << 16),
13a4b4c1 39 LOFF(bit_options) },
23c7ff99 40 { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16),
13a4b4c1 41 LOFF(bit_options) },
0756eb3c 42 { "forbid_file", opt_bool,
13a4b4c1 43 LOFF(forbid_file) },
1a46a8c5 44 { "forbid_filter_dlfunc", opt_bit | (RDON_DLFUNC << 16),
13a4b4c1 45 LOFF(bit_options) },
0756eb3c 46 { "forbid_filter_existstest", opt_bit | (RDON_EXISTS << 16),
13a4b4c1 47 LOFF(bit_options) },
0756eb3c 48 { "forbid_filter_logwrite",opt_bit | (RDON_LOG << 16),
13a4b4c1 49 LOFF(bit_options) },
0756eb3c 50 { "forbid_filter_lookup", opt_bit | (RDON_LOOKUP << 16),
13a4b4c1 51 LOFF(bit_options) },
0756eb3c 52 { "forbid_filter_perl", opt_bit | (RDON_PERL << 16),
13a4b4c1 53 LOFF(bit_options) },
0756eb3c 54 { "forbid_filter_readfile", opt_bit | (RDON_READFILE << 16),
13a4b4c1 55 LOFF(bit_options) },
0756eb3c 56 { "forbid_filter_readsocket", opt_bit | (RDON_READSOCK << 16),
13a4b4c1 57 LOFF(bit_options) },
0756eb3c 58 { "forbid_filter_reply",opt_bool,
13a4b4c1 59 LOFF(forbid_filter_reply) },
0756eb3c 60 { "forbid_filter_run", opt_bit | (RDON_RUN << 16),
13a4b4c1 61 LOFF(bit_options) },
0756eb3c 62 { "forbid_include", opt_bit | (RDON_INCLUDE << 16),
13a4b4c1 63 LOFF(bit_options) },
0756eb3c 64 { "forbid_pipe", opt_bool,
13a4b4c1 65 LOFF(forbid_pipe) },
23c7ff99 66 { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16),
13a4b4c1 67 LOFF(bit_options) },
a5bd321b 68 { "forbid_smtp_code", opt_bool,
13a4b4c1 69 LOFF(forbid_smtp_code) },
0756eb3c 70 { "hide_child_in_errmsg", opt_bool,
13a4b4c1 71 LOFF( hide_child_in_errmsg) },
0756eb3c 72 { "ignore_eacces", opt_bit | (RDON_EACCES << 16),
13a4b4c1 73 LOFF(bit_options) },
0756eb3c 74 { "ignore_enotdir", opt_bit | (RDON_ENOTDIR << 16),
13a4b4c1
JH		 75 LOFF(bit_options) },
76
77 { "include_directory", opt_stringptr, LOFF( include_directory) },
78 { "modemask", opt_octint, LOFF(modemask) },
79 { "one_time", opt_bool, LOFF(one_time) },
80 { "owners", opt_uidlist, LOFF(owners) },
81 { "owngroups", opt_gidlist, LOFF(owngroups) },
82 { "pipe_transport", opt_stringptr, LOFF(pipe_transport_name) },
83 { "qualify_domain", opt_stringptr, LOFF(qualify_domain) },
84 { "qualify_preserve_domain", opt_bool, LOFF(qualify_preserve_domain) },
85 { "repeat_use", opt_bool | opt_public, OPT_OFF(router_instance, repeat_use) },
86 { "reply_transport", opt_stringptr, LOFF(reply_transport_name) },
87
0756eb3c 88 { "rewrite", opt_bit | (RDON_REWRITE << 16),
13a4b4c1
JH		 89 LOFF(bit_options) },
90
91 { "sieve_enotify_mailto_owner", opt_stringptr, LOFF(sieve_enotify_mailto_owner) },
92 { "sieve_subaddress", opt_stringptr, LOFF(sieve_subaddress) },
93 { "sieve_useraddress", opt_stringptr, LOFF(sieve_useraddress) },
94 { "sieve_vacation_directory", opt_stringptr, LOFF(sieve_vacation_directory) },
95 { "skip_syntax_errors", opt_bool, LOFF(skip_syntax_errors) },
8523533c 96#ifdef EXPERIMENTAL_SRS
13a4b4c1
JH		 97 { "srs", opt_stringptr, LOFF(srs) },
98 { "srs_alias", opt_stringptr, LOFF(srs_alias) },
99 { "srs_condition", opt_stringptr, LOFF(srs_condition) },
100 { "srs_dbinsert", opt_stringptr, LOFF(srs_dbinsert) },
101 { "srs_dbselect", opt_stringptr, LOFF(srs_dbselect) },
8523533c 102#endif
13a4b4c1
JH		 103 { "syntax_errors_text", opt_stringptr, LOFF(syntax_errors_text) },
104 { "syntax_errors_to", opt_stringptr, LOFF(syntax_errors_to) }
0756eb3c
PH		 105};
106
107/* Size of the options list. An extern variable has to be used so that its
108address can appear in the tables drtables.c. */
109
110int redirect_router_options_count =
111 sizeof(redirect_router_options)/sizeof(optionlist);
112
d185889f
JH		 113
114#ifdef MACRO_PREDEF
115
116/* Dummy entries */
117redirect_router_options_block redirect_router_option_defaults = {0};
118void redirect_router_init(router_instance *rblock) {}
119int redirect_router_entry(router_instance *rblock, address_item *addr,
120 struct passwd *pw, int verify, address_item **addr_local,
121 address_item **addr_remote, address_item **addr_new,
cab0c277 122 address_item **addr_succeed) {return 0;}
d185889f
JH		 123
124#else /*!MACRO_PREDEF*/
125
126
127
0756eb3c
PH		 128/* Default private options block for the redirect router. */
129
130redirect_router_options_block redirect_router_option_defaults = {
131 NULL, /* directory_transport */
132 NULL, /* file_transport */
133 NULL, /* pipe_transport */
134 NULL, /* reply_transport */
135 NULL, /* data */
136 NULL, /* directory_transport_name */
137 NULL, /* file */
138 NULL, /* file_dir */
139 NULL, /* file_transport_name */
140 NULL, /* include_directory */
141 NULL, /* pipe_transport_name */
142 NULL, /* reply_transport_name */
e4a89c47
PH		 143 NULL, /* sieve_subaddress */
144 NULL, /* sieve_useraddress */
0756eb3c 145 NULL, /* sieve_vacation_directory */
efd9a422 146 NULL, /* sieve_enotify_mailto_owner */
0756eb3c
PH		 147 NULL, /* syntax_errors_text */
148 NULL, /* syntax_errors_to */
149 NULL, /* qualify_domain */
150 NULL, /* owners */
151 NULL, /* owngroups */
8523533c
TK		 152#ifdef EXPERIMENTAL_SRS
153 NULL, /* srs */
8523533c 154 NULL, /* srs_alias */
384152a6
TK		 155 NULL, /* srs_condition */
156 NULL, /* srs_dbinsert */
157 NULL, /* srs_dbselect */
8523533c 158#endif
0756eb3c 159 022, /* modemask */
4608d683 160 RDO_REWRITE | RDO_PREPEND_HOME, /* bit_options */
0756eb3c
PH		 161 FALSE, /* check_ancestor */
162 TRUE_UNSET, /* check_owner */
163 TRUE_UNSET, /* check_group */
164 FALSE, /* forbid_file */
165 FALSE, /* forbid_filter_reply */
166 FALSE, /* forbid_pipe */
a5bd321b 167 FALSE, /* forbid_smtp_code */
0756eb3c
PH		 168 FALSE, /* hide_child_in_errmsg */
169 FALSE, /* one_time */
170 FALSE, /* qualify_preserve_domain */
171 FALSE /* skip_syntax_errors */
172};
173
174
175
176/*************************************************
177* Initialization entry point *
178*************************************************/
179
180/* Called for each instance, after its options have been read, to enable
181consistency checks to be done, or anything else that needs to be set up. */
182
183void redirect_router_init(router_instance *rblock)
184{
185redirect_router_options_block *ob =
186 (redirect_router_options_block *)(rblock->options_block);
187
188/* Either file or data must be set, but not both */
189
190if ((ob->file == NULL) == (ob->data == NULL))
191 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
192 "%sone of \"file\" or \"data\" must be specified",
193 rblock->name, (ob->file == NULL)? "" : "only ");
194
7f45268c
PH		 195/* Onetime aliases can only be real addresses. Headers can't be manipulated.
196The combination of one_time and unseen is not allowed. We can't check the
197expansion of "unseen" here, but we assume that if it is set to anything other
198than false, there is likely to be a problem. */
0756eb3c
PH		 199
200if (ob->one_time)
201 {
202 ob->forbid_pipe = ob->forbid_file = ob->forbid_filter_reply = TRUE;
acec9514 203 if (rblock->extra_headers || rblock->remove_headers)
0756eb3c
PH		 204 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
205 "\"headers_add\" and \"headers_remove\" are not permitted with "
206 "\"one_time\"", rblock->name);
acec9514 207 if (rblock->unseen || rblock->expand_unseen)
7f45268c
PH		 208 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
209 "\"unseen\" may not be used with \"one_time\"", rblock->name);
0756eb3c
PH		 210 }
211
212/* The defaults for check_owner and check_group depend on other settings. The
213defaults are: Check the owner if check_local_user or owners is set; check the
214group if check_local_user is set without a restriction on the group write bit,
215or if owngroups is set. */
216
217if (ob->check_owner == TRUE_UNSET)
218 ob->check_owner = rblock->check_local_user ||
acec9514 219 (ob->owners && ob->owners[0] != 0);
0756eb3c
PH		 220
221if (ob->check_group == TRUE_UNSET)
222 ob->check_group = (rblock->check_local_user && (ob->modemask & 020) == 0) ||
223 (ob->owngroups != NULL && ob->owngroups[0] != 0);
224
225/* If explicit qualify domain set, the preserve option is locked out */
226
acec9514 227if (ob->qualify_domain && ob->qualify_preserve_domain)
0756eb3c
PH		 228 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
229 "only one of \"qualify_domain\" or \"qualify_preserve_domain\" must be set",
230 rblock->name);
231
232/* If allow_filter is set, either user or check_local_user must be set. */
233
234if (!rblock->check_local_user &&
235 !rblock->uid_set &&
236 rblock->expand_uid == NULL &&
237 (ob->bit_options & RDO_FILTER) != 0)
238 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
239 "\"user\" or \"check_local_user\" must be set with \"allow_filter\"",
240 rblock->name);
241}
242
243
244
245/*************************************************
246* Get errors address and header mods *
247*************************************************/
248
249/* This function is called when new addresses are generated, in order to
250sort out errors address and header modifications. We put the errors address
251into the parent address (even though it is never used from there because that
252address is never transported) so that it can be retrieved if any of the
253children gets routed by an "unseen" router. The clone of the child that is
254passed on must have the original errors_address value.
255
256Arguments:
257 rblock the router control block
258 addr the address being routed
fd6de02e 259 verify v_none/v_recipient/v_sender/v_expn
0756eb3c
PH		 260 addr_prop point to the propagated block, which is where the
261 new values are to be placed
262
263Returns: the result of rf_get_errors_address() or rf_get_munge_headers(),
264 which is either OK or DEFER
265*/
266
267static int
268sort_errors_and_headers(router_instance *rblock, address_item *addr,
fd6de02e 269 int verify, address_item_propagated *addr_prop)
0756eb3c
PH		 270{
271int frc = rf_get_errors_address(addr, rblock, verify,
d43cbe25 272 &addr_prop->errors_address);
0756eb3c 273if (frc != OK) return frc;
d43cbe25
JH		 274addr->prop.errors_address = addr_prop->errors_address;
275return rf_get_munge_headers(addr, rblock, &addr_prop->extra_headers,
276 &addr_prop->remove_headers);
0756eb3c
PH		 277}
278
279
280
281/*************************************************
282* Process a set of generated new addresses *
283*************************************************/
284
285/* This function sets up a set of newly generated child addresses and puts them
286on the new address chain. Copy in the uid, gid and permission flags for use by
287pipes and files, set the parent, and "or" its af_ignore_error flag. Also record
288the setting for any starting router.
289
290If the generated address is the same as one of its ancestors, and the
291check_ancestor flag is set, do not use this generated address, but replace it
292with a copy of the input address. This is to cope with cases where A is aliased
293to B and B has a .forward file pointing to A, though it is usually set on the
294forwardfile rather than the aliasfile. We can't just pass on the old
295address by returning FAIL, because it must act as a general parent for
296generated addresses, and only get marked "done" when all its children are
297delivered.
298
299Arguments:
300 rblock router block
301 addr_new new address chain
302 addr original address
303 generated list of generated addresses
304 addr_prop the propagated block, containing the errors_address,
305 header modification stuff, and address_data
306 ugidptr points to uid/gid data for files, pipes, autoreplies
307 pw password entry, set if ob->check_local_user is TRUE
308
309Returns: nothing
310*/
311
312static void
313add_generated(router_instance *rblock, address_item **addr_new,
314 address_item *addr, address_item *generated,
315 address_item_propagated *addr_prop, ugid_block *ugidptr, struct passwd *pw)
316{
317redirect_router_options_block *ob =
318 (redirect_router_options_block *)(rblock->options_block);
319
d1f9fb42 320while (generated)
0756eb3c
PH		 321 {
322 address_item *parent;
323 address_item *next = generated;
d43cbe25 324 uschar *errors_address = next->prop.errors_address;
0756eb3c
PH		 325
326 generated = next->next;
327 next->parent = addr;
0756eb3c 328 next->start_router = rblock->redirect_router;
82f90600 329 if (addr->child_count == USHRT_MAX)
4362ff0d 330 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
82f90600 331 "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
0756eb3c
PH		 332 addr->child_count++;
333
334 next->next = *addr_new;
335 *addr_new = next;
336
337 /* Don't do the "one_time" thing for the first pass of a 2-stage queue run. */
338
8768d548 339 if (ob->one_time && !f.queue_2stage)
0756eb3c 340 {
d1f9fb42 341 for (parent = addr; parent->parent; parent = parent->parent) ;
0756eb3c
PH		 342 next->onetime_parent = parent->address;
343 }
344
345 if (ob->hide_child_in_errmsg) setflag(next, af_hide_child);
346
347 /* If check_ancestor is set, we want to know if any ancestor of this address
348 is the address we are about to generate. The check must be done caselessly
349 unless the ancestor was routed by a case-sensitive router. */
350
351 if (ob->check_ancestor)
d1f9fb42
JH		 352 for (parent = addr; parent; parent = parent->parent)
353 if ((parent->router && parent->router->caseful_local_part
354 ? Ustrcmp(next->address, parent->address)
355 : strcmpic(next->address, parent->address)
0756eb3c
PH		 356 ) == 0)
357 {
358 DEBUG(D_route) debug_printf("generated parent replaced by child\n");
359 next->address = string_copy(addr->address);
360 break;
361 }
0756eb3c
PH		 362
363 /* A user filter may, under some circumstances, set up an errors address.
364 If so, we must take care to re-instate it when we copy in the propagated
365 data so that it overrides any errors_to setting on the router. */
366
7eb0e5d2
JH		 367 {
368 BOOL ignore_error = next->prop.ignore_error;
369 next->prop = *addr_prop;
a5853d7c 370 next->prop.ignore_error = ignore_error || addr->prop.ignore_error;
7eb0e5d2
JH		 371 }
372 if (errors_address) next->prop.errors_address = errors_address;
0756eb3c
PH		 373
374 /* For pipes, files, and autoreplies, record this router as handling them,
375 because they don't go through the routing process again. Then set up uid,
376 gid, home and current directories for transporting. */
377
378 if (testflag(next, af_pfr))
379 {
380 next->router = rblock;
381 rf_set_ugid(next, ugidptr); /* Will contain pw values if not overridden */
382
383 /* When getting the home directory out of the password information, wrap it
384 in \N...\N to avoid expansion later. In Cygwin, home directories can
385 contain $ characters. */
386
387 if (rblock->home_directory != NULL)
388 next->home_dir = rblock->home_directory;
389 else if (rblock->check_local_user)
390 next->home_dir = string_sprintf("\\N%s\\N", pw->pw_dir);
391 else if (rblock->router_home_directory != NULL &&
392 testflag(addr, af_home_expanded))
393 {
394 next->home_dir = deliver_home;
395 setflag(next, af_home_expanded);
396 }
397
398 next->current_dir = rblock->current_directory;
399
400 /* Permission options */
401
402 if (!ob->forbid_pipe) setflag(next, af_allow_pipe);
403 if (!ob->forbid_file) setflag(next, af_allow_file);
404 if (!ob->forbid_filter_reply) setflag(next, af_allow_reply);
405
406 /* If the transport setting fails, the error gets picked up at the outer
407 level from the setting of basic_errno in the address. */
408
409 if (next->address[0] == '|')
410 {
411 address_pipe = next->address;
412 if (rf_get_transport(ob->pipe_transport_name, &(ob->pipe_transport),
413 next, rblock->name, US"pipe_transport"))
414 next->transport = ob->pipe_transport;
415 address_pipe = NULL;
416 }
417 else if (next->address[0] == '>')
418 {
419 if (rf_get_transport(ob->reply_transport_name, &(ob->reply_transport),
420 next, rblock->name, US"reply_transport"))
421 next->transport = ob->reply_transport;
422 }
423 else /* must be file or directory */
424 {
425 int len = Ustrlen(next->address);
426 address_file = next->address;
427 if (next->address[len-1] == '/')
428 {
429 if (rf_get_transport(ob->directory_transport_name,
430 &(ob->directory_transport), next, rblock->name,
431 US"directory_transport"))
432 next->transport = ob->directory_transport;
433 }
434 else
435 {
436 if (rf_get_transport(ob->file_transport_name, &(ob->file_transport),
437 next, rblock->name, US"file_transport"))
438 next->transport = ob->file_transport;
439 }
440 address_file = NULL;
441 }
442 }
443
8c5d388a 444#ifdef SUPPORT_I18N
e6532c4a
JH		 445 if (!next->prop.utf8_msg)
446 next->prop.utf8_msg = string_is_utf8(next->address)
447 || (sender_address && string_is_utf8(sender_address));
f923454a
JH		 448#endif
449
0756eb3c
PH		 450 DEBUG(D_route)
451 {
452 debug_printf("%s router generated %s\n %serrors_to=%s transport=%s\n",
453 rblock->name,
454 next->address,
455 testflag(next, af_pfr)? "pipe, file, or autoreply\n " : "",
d43cbe25 456 next->prop.errors_address,
0756eb3c
PH		 457 (next->transport == NULL)? US"NULL" : next->transport->name);
458
459 if (testflag(next, af_uid_set))
460 debug_printf(" uid=%ld ", (long int)(next->uid));
461 else
462 debug_printf(" uid=unset ");
463
464 if (testflag(next, af_gid_set))
465 debug_printf("gid=%ld ", (long int)(next->gid));
466 else
467 debug_printf("gid=unset ");
468
8c5d388a 469#ifdef SUPPORT_I18N
3c8b3577 470 if (next->prop.utf8_msg) debug_printf("utf8 ");
f923454a
JH		 471#endif
472
0756eb3c
PH		 473 debug_printf("home=%s\n", next->home_dir);
474 }
475 }
476}
477
478
479/*************************************************
480* Main entry point *
481*************************************************/
482
483/* See local README for interface description. This router returns:
484
485DECLINE
486 . empty address list, or filter did nothing significant
487
488DEFER
489 . verifying the errors address caused a deferment or a big disaster such
490 as an expansion failure (rf_get_errors_address)
491 . expanding a headers_{add,remove} string caused a deferment or another
492 expansion error (rf_get_munge_headers)
493 . :defer: or "freeze" in a filter
494 . error in address list or filter
495 . skipped syntax errors, but failed to send the message
496
497DISCARD
498 . address was :blackhole:d or "seen finish"ed
499
500FAIL
501 . :fail:
502
503OK
504 . new addresses added to addr_new
505*/
506
507int redirect_router_entry(
508 router_instance *rblock, /* data for this instantiation */
509 address_item *addr, /* address we are working on */
510 struct passwd *pw, /* passwd entry after check_local_user */
fd6de02e 511 int verify, /* v_none/v_recipient/v_sender/v_expn */
0756eb3c
PH		 512 address_item **addr_local, /* add it to this if it's local */
513 address_item **addr_remote, /* add it to this if it's remote */
514 address_item **addr_new, /* put new addresses on here */
515 address_item **addr_succeed) /* put old address here on success */
516{
517redirect_router_options_block *ob =
518 (redirect_router_options_block *)(rblock->options_block);
519address_item *generated = NULL;
55414b25 520const uschar *save_qualify_domain_recipient = qualify_domain_recipient;
0756eb3c
PH		 521uschar *discarded = US"discarded";
522address_item_propagated addr_prop;
523error_block *eblock = NULL;
524ugid_block ugid;
525redirect_block redirect;
526int filtertype = FILTER_UNSET;
527int yield = OK;
528int options = ob->bit_options;
529int frc = 0;
530int xrc = 0;
531
532addr_local = addr_local; /* Keep picky compilers happy */
533addr_remote = addr_remote;
534
535/* Initialize the data to be propagated to the children */
536
537addr_prop.address_data = deliver_address_data;
538addr_prop.domain_data = deliver_domain_data;
539addr_prop.localpart_data = deliver_localpart_data;
540addr_prop.errors_address = NULL;
541addr_prop.extra_headers = NULL;
542addr_prop.remove_headers = NULL;
b4f579d1
JH		 543addr_prop.variables = NULL;
544tree_dup((tree_node **)&addr_prop.variables, addr->prop.variables);
0756eb3c 545
384152a6
TK		 546#ifdef EXPERIMENTAL_SRS
547addr_prop.srs_sender = NULL;
548#endif
cb570b5e 549#ifdef SUPPORT_I18N
e6532c4a
JH		 550addr_prop.utf8_msg = addr->prop.utf8_msg;
551addr_prop.utf8_downcvt = addr->prop.utf8_downcvt;
552addr_prop.utf8_downcvt_maybe = addr->prop.utf8_downcvt_maybe;
cb570b5e
JH		 553#endif
554
384152a6 555
0756eb3c
PH		 556/* When verifying and testing addresses, the "logwrite" command in filters
557must be bypassed. */
558
8768d548 559if (verify == v_none && !f.address_test_mode) options |= RDO_REALLOG;
0756eb3c
PH		 560
561/* Sort out the fixed or dynamic uid/gid. This uid is used (a) for reading the
562file (and interpreting a filter) and (b) for running the transports for
563generated file and pipe addresses. It is not (necessarily) the same as the uids
564that may own the file. Exim panics if an expanded string is not a number and
565can't be found in the password file. Other errors set the freezing bit. */
566
567if (!rf_get_ugid(rblock, addr, &ugid)) return DEFER;
568
569if (!ugid.uid_set && pw != NULL)
570 {
571 ugid.uid = pw->pw_uid;
572 ugid.uid_set = TRUE;
573 }
574
575if (!ugid.gid_set && pw != NULL)
576 {
577 ugid.gid = pw->pw_gid;
578 ugid.gid_set = TRUE;
579 }
580
8523533c 581#ifdef EXPERIMENTAL_SRS
384152a6
TK		 582 /* Perform SRS on recipient/return-path as required */
583
8523533c
TK		 584 if(ob->srs != NULL)
585 {
586 BOOL usesrs = TRUE;
8e669ac1 587
8523533c
TK		 588 if(ob->srs_condition != NULL)
589 usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL);
8e669ac1 590
8523533c 591 if(usesrs)
384152a6 592 {
5614ee86 593 int srs_action = 0, n_srs;
384152a6
TK		 594 uschar *res;
595 uschar *usedomain;
596
597 /* What are we doing? */
598 if(Ustrcmp(ob->srs, "forward") == 0)
599 srs_action = 1;
600 else if(Ustrcmp(ob->srs, "reverseandforward") == 0)
8523533c 601 {
384152a6 602 srs_action = 3;
8e669ac1 603
384152a6
TK		 604 if((ob->srs_dbinsert == NULL) ^ (ob->srs_dbselect == NULL))
605 return DEFER;
606 }
607 else if(Ustrcmp(ob->srs, "reverse") == 0)
608 srs_action = 2;
609
610 /* Reverse SRS */
611 if(srs_action & 2)
612 {
8523533c 613 srs_orig_recipient = addr->address;
384152a6 614
8523533c 615 eximsrs_init();
384152a6
TK		 616 if(ob->srs_dbselect)
617 eximsrs_db_set(TRUE, ob->srs_dbselect);
130e9641 618/* Comment this out for now...
384152a6
TK		 619// else
620// eximsrs_db_set(TRUE, NULL);
130e9641 621*/
384152a6
TK		 622
623 if((n_srs = eximsrs_reverse(&res, addr->address)) == OK)
624 {
625 srs_recipient = res;
626 DEBUG(D_any)
627 debug_printf("SRS (reverse): Recipient '%s' rewritten to '%s'\n", srs_orig_recipient, srs_recipient);
628 }
629
630 eximsrs_done();
631
632 if(n_srs != OK)
8523533c 633 return n_srs;
384152a6
TK		 634 }
635
636 /* Forward SRS */
637 /* No point in actually performing SRS if we are just verifying a recipient */
fd6de02e
PH		 638 if((srs_action & 1) && verify == v_none &&
639 (sender_address ? sender_address[0] != 0 : FALSE))
384152a6
TK		 640 {
641
642 srs_orig_sender = sender_address;
643 eximsrs_init();
644 if(ob->srs_dbinsert)
645 eximsrs_db_set(FALSE, ob->srs_dbinsert);
130e9641 646/* Comment this out for now...
384152a6
TK		 647// else
648// eximsrs_db_set(FALSE, NULL);
130e9641 649*/
384152a6 650
dc8091e7
JH		 651 if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL))
652 usedomain = string_copy(deliver_domain);
384152a6
TK		 653
654 if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK)
655 {
656 addr_prop.srs_sender = res;
657 DEBUG(D_any)
658 debug_printf("SRS (forward): Sender '%s' rewritten to '%s'\n", srs_orig_sender, res);
659 }
660
8523533c 661 eximsrs_done();
384152a6
TK		 662
663 if(n_srs != OK)
664 return n_srs;
8523533c 665 }
384152a6 666 }
8523533c
TK		 667 }
668#endif
669
0756eb3c
PH		 670/* Call the function that interprets redirection data, either inline or from a
671file. This is a separate function so that the system filter can use it. It will
672run the function in a subprocess if necessary. If qualify_preserve_domain is
673set, temporarily reset qualify_domain_recipient to the current domain so that
674any unqualified addresses get qualified with the same domain as the incoming
675address. Otherwise, if a local qualify_domain is provided, set that up. */
676
677if (ob->qualify_preserve_domain)
678 qualify_domain_recipient = addr->domain;
f3ebb786 679else if (ob->qualify_domain)
0756eb3c
PH		 680 {
681 uschar *new_qdr = rf_expand_data(addr, ob->qualify_domain, &xrc);
f3ebb786 682 if (!new_qdr) return xrc;
0756eb3c
PH		 683 qualify_domain_recipient = new_qdr;
684 }
685
686redirect.owners = ob->owners;
687redirect.owngroups = ob->owngroups;
688redirect.modemask = ob->modemask;
689redirect.check_owner = ob->check_owner;
690redirect.check_group = ob->check_group;
691redirect.pw = pw;
692
f3ebb786
JH		 693redirect.string = (redirect.isfile = (ob->file != NULL))
694 ? ob->file : ob->data;
0756eb3c
PH		 695
696frc = rda_interpret(&redirect, options, ob->include_directory,
efd9a422
MH		 697 ob->sieve_vacation_directory, ob->sieve_enotify_mailto_owner,
698 ob->sieve_useraddress, ob->sieve_subaddress, &ugid, &generated,
699 &(addr->message), ob->skip_syntax_errors? &eblock : NULL, &filtertype,
700 string_sprintf("%s router (recipient is %s)", rblock->name, addr->address));
0756eb3c
PH		 701
702qualify_domain_recipient = save_qualify_domain_recipient;
703
704/* Handle exceptional returns from filtering or processing an address list.
705For FAIL and FREEZE we honour any previously set up deliveries by a filter. */
706
707switch (frc)
708 {
709 case FF_NONEXIST:
f3ebb786
JH		 710 addr->message = addr->user_message = NULL;
711 return DECLINE;
0756eb3c
PH		 712
713 case FF_BLACKHOLE:
f3ebb786
JH		 714 DEBUG(D_route) debug_printf("address :blackhole:d\n");
715 generated = NULL;
716 discarded = US":blackhole:";
717 frc = FF_DELIVERED;
718 break;
0756eb3c 719
f3ebb786
JH		 720 /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands
721 (:defer: or :fail: in an alias file or "fail" in a filter). If a configured
722 message was supplied, allow it to be included in an SMTP response after
723 verifying. Remove any SMTP code if it is not allowed. */
0756eb3c
PH		 724
725 case FF_DEFER:
f3ebb786
JH		 726 yield = DEFER;
727 goto SORT_MESSAGE;
0756eb3c
PH		 728
729 case FF_FAIL:
f3ebb786
JH		 730 if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK)
731 return xrc;
732 add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw);
733 yield = FAIL;
734
735 SORT_MESSAGE:
736 if (!addr->message)
737 addr->message = yield == FAIL ? US"forced rejection" : US"forced defer";
738 else
a5bd321b 739 {
f3ebb786
JH		 740 int ovector[3];
741 if (ob->forbid_smtp_code &&
742 pcre_exec(regex_smtp_code, NULL, CS addr->message,
743 Ustrlen(addr->message), 0, PCRE_EOPT,
744 ovector, sizeof(ovector)/sizeof(int)) >= 0)
745 {
746 DEBUG(D_route) debug_printf("SMTP code at start of error message "
747 "is ignored because forbid_smtp_code is set\n");
748 addr->message += ovector[1];
749 }
750 addr->user_message = addr->message;
751 setflag(addr, af_pass_message);
a5bd321b 752 }
f3ebb786 753 return yield;
0756eb3c 754
f3ebb786
JH		 755 /* As in the case of a system filter, a freeze does not happen after a manual
756 thaw. In case deliveries were set up by the filter, we set the child count
757 high so that their completion does not mark the original address done. */
0756eb3c
PH		 758
759 case FF_FREEZE:
f3ebb786
JH		 760 if (!f.deliver_manual_thaw)
761 {
762 if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop))
763 != OK) return xrc;
764 add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw);
765 if (addr->message == NULL) addr->message = US"frozen by filter";
766 addr->special_action = SPECIAL_FREEZE;
767 addr->child_count = 9999;
768 return DEFER;
769 }
770 frc = FF_NOTDELIVERED;
771 break;
0756eb3c 772
f3ebb786 773 /* Handle syntax errors and :include: failures and lookup defers */
0756eb3c
PH		 774
775 case FF_ERROR:
776 case FF_INCLUDEFAIL:
777
f3ebb786
JH		 778 /* If filtertype is still FILTER_UNSET, it means that the redirection data
779 was never inspected, so the error was an expansion failure or failure to open
780 the file, or whatever. In these cases, the existing error message is probably
781 sufficient. */
0756eb3c 782
f3ebb786 783 if (filtertype == FILTER_UNSET) return DEFER;
0756eb3c 784
f3ebb786
JH		 785 /* If it was a filter and skip_syntax_errors is set, we want to set up
786 the error message so that it can be logged and mailed to somebody. */
0756eb3c 787
f3ebb786
JH		 788 if (filtertype != FILTER_FORWARD && ob->skip_syntax_errors)
789 {
790 eblock = store_get(sizeof(error_block), FALSE);
791 eblock->next = NULL;
792 eblock->text1 = addr->message;
793 eblock->text2 = NULL;
794 addr->message = addr->user_message = NULL;
795 }
0756eb3c 796
f3ebb786 797 /* Otherwise set up the error for the address and defer. */
0756eb3c 798
f3ebb786
JH		 799 else
800 {
801 addr->basic_errno = ERRNO_BADREDIRECT;
802 addr->message = string_sprintf("error in %s %s: %s",
803 filtertype == FILTER_FORWARD ? "redirect" : "filter",
804 ob->data ? "data" : "file",
805 addr->message);
806 return DEFER;
807 }
0756eb3c
PH		 808 }
809
810
811/* Yield is either FF_DELIVERED (significant action) or FF_NOTDELIVERED (no
812significant action). Before dealing with these, however, we must handle the
813effect of skip_syntax_errors.
814
815If skip_syntax_errors was set and there were syntax errors in an address list,
816error messages will be present in eblock. Log them and send a message if so
817configured. We cannot do this earlier, because the error message must not be
818sent as the local user. If there were no valid addresses, generated will be
819NULL. In this case, the router declines.
820
821For a filter file, the error message has been fudged into an eblock. After
822dealing with it, the router declines. */
823
824if (eblock != NULL)
825 {
826 if (!moan_skipped_syntax_errors(
fd6de02e
PH		 827 rblock->name, /* For message content */
828 eblock, /* Ditto */
8768d548 829 (verify != v_none || f.address_test_mode)?
fd6de02e
PH		 830 NULL : ob->syntax_errors_to, /* Who to mail */
831 generated != NULL, /* True if not all failed */
832 ob->syntax_errors_text)) /* Custom message */
0756eb3c
PH		 833 return DEFER;
834
835 if (filtertype != FILTER_FORWARD || generated == NULL)
836 {
837 addr->message = US"syntax error in redirection data";
838 return DECLINE;
839 }
840 }
841
842/* Sort out the errors address and any header modifications, and handle the
843generated addresses, if any. If there are no generated addresses, we must avoid
844calling sort_errors_and_headers() in case this router declines - that function
845may modify the errors_address field in the current address, and we don't want
846to do that for a decline. */
847
848if (generated != NULL)
849 {
850 if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK)
851 return xrc;
852 add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw);
853 }
854
855/* FF_DELIVERED with no generated addresses is what we get when an address list
856contains :blackhole: or a filter contains "seen finish" without having
857generated anything. Log what happened to this address, and return DISCARD. */
858
859if (frc == FF_DELIVERED)
860 {
8768d548 861 if (generated == NULL && verify == v_none && !f.address_test_mode)
0756eb3c
PH		 862 {
863 log_write(0, LOG_MAIN, "=> %s <%s> R=%s", discarded, addr->address,
864 rblock->name);
865 yield = DISCARD;
866 }
867 }
868
869/* For an address list, FF_NOTDELIVERED always means that no addresses were
870generated. For a filter, addresses may or may not have been generated. If none
871were, it's the same as an empty address list, and the router declines. However,
872if addresses were generated, we can't just decline because successful delivery
873of the base address gets it marked "done", so deferred generated addresses
874never get tried again. We have to generate a new version of the base address,
875as if there were a "deliver" command in the filter file, with the original
876address as parent. */
877
878else
879 {
880 address_item *next;
881
882 if (generated == NULL) return DECLINE;
883
884 next = deliver_make_addr(addr->address, FALSE);
885 next->parent = addr;
886 addr->child_count++;
887 next->next = *addr_new;
888 *addr_new = next;
889
7eb0e5d2 890 /* Set the data that propagates. */
0756eb3c 891
d43cbe25 892 next->prop = addr_prop;
0756eb3c
PH		 893
894 DEBUG(D_route) debug_printf("%s router autogenerated %s\n%s%s%s",
895 rblock->name,
896 next->address,
897 (addr_prop.errors_address != NULL)? " errors to " : "",
898 (addr_prop.errors_address != NULL)? addr_prop.errors_address : US"",
899 (addr_prop.errors_address != NULL)? "\n" : "");
900 }
901
902/* Control gets here only when the address has been completely handled. Put the
903original address onto the succeed queue so that any retry items that get
904attached to it get processed. */
905
906addr->next = *addr_succeed;
907*addr_succeed = addr;
908
909return yield;
910}
911
d185889f 912#endif /*!MACRO_PREDEF*/
0756eb3c 913/* End of routers/redirect.c */
Unnamed repository; edit this file 'description' to name the repository.