Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
0756eb3c PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | ||
10 | #include "../exim.h" | |
11 | #include "rf_functions.h" | |
12 | #include "redirect.h" | |
13 | ||
14 | ||
15 | ||
16 | /* Options specific to the redirect router. */ | |
13a4b4c1 | 17 | #define LOFF(field) OPT_OFF(redirect_router_options_block, field) |
0756eb3c PH |
18 | |
19 | optionlist redirect_router_options[] = { | |
20 | { "allow_defer", opt_bit | (RDON_DEFER << 16), | |
13a4b4c1 | 21 | LOFF(bit_options) }, |
0756eb3c | 22 | { "allow_fail", opt_bit | (RDON_FAIL << 16), |
13a4b4c1 | 23 | LOFF(bit_options) }, |
0756eb3c | 24 | { "allow_filter", opt_bit | (RDON_FILTER << 16), |
13a4b4c1 | 25 | LOFF(bit_options) }, |
0756eb3c | 26 | { "allow_freeze", opt_bit | (RDON_FREEZE << 16), |
13a4b4c1 JH |
27 | LOFF(bit_options) }, |
28 | { "check_ancestor", opt_bool, LOFF(check_ancestor) }, | |
29 | { "check_group", opt_bool, LOFF(check_group) }, | |
30 | { "check_owner", opt_bool, LOFF(check_owner) }, | |
31 | { "data", opt_stringptr, LOFF(data) }, | |
32 | { "directory_transport",opt_stringptr, LOFF(directory_transport_name) }, | |
33 | { "file", opt_stringptr, LOFF(file) }, | |
34 | { "file_transport", opt_stringptr, LOFF(file_transport_name) }, | |
35 | ||
4608d683 | 36 | { "filter_prepend_home",opt_bit | (RDON_PREPEND_HOME << 16), |
13a4b4c1 | 37 | LOFF(bit_options) }, |
0756eb3c | 38 | { "forbid_blackhole", opt_bit | (RDON_BLACKHOLE << 16), |
13a4b4c1 | 39 | LOFF(bit_options) }, |
23c7ff99 | 40 | { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16), |
13a4b4c1 | 41 | LOFF(bit_options) }, |
0756eb3c | 42 | { "forbid_file", opt_bool, |
13a4b4c1 | 43 | LOFF(forbid_file) }, |
1a46a8c5 | 44 | { "forbid_filter_dlfunc", opt_bit | (RDON_DLFUNC << 16), |
13a4b4c1 | 45 | LOFF(bit_options) }, |
0756eb3c | 46 | { "forbid_filter_existstest", opt_bit | (RDON_EXISTS << 16), |
13a4b4c1 | 47 | LOFF(bit_options) }, |
0756eb3c | 48 | { "forbid_filter_logwrite",opt_bit | (RDON_LOG << 16), |
13a4b4c1 | 49 | LOFF(bit_options) }, |
0756eb3c | 50 | { "forbid_filter_lookup", opt_bit | (RDON_LOOKUP << 16), |
13a4b4c1 | 51 | LOFF(bit_options) }, |
0756eb3c | 52 | { "forbid_filter_perl", opt_bit | (RDON_PERL << 16), |
13a4b4c1 | 53 | LOFF(bit_options) }, |
0756eb3c | 54 | { "forbid_filter_readfile", opt_bit | (RDON_READFILE << 16), |
13a4b4c1 | 55 | LOFF(bit_options) }, |
0756eb3c | 56 | { "forbid_filter_readsocket", opt_bit | (RDON_READSOCK << 16), |
13a4b4c1 | 57 | LOFF(bit_options) }, |
0756eb3c | 58 | { "forbid_filter_reply",opt_bool, |
13a4b4c1 | 59 | LOFF(forbid_filter_reply) }, |
0756eb3c | 60 | { "forbid_filter_run", opt_bit | (RDON_RUN << 16), |
13a4b4c1 | 61 | LOFF(bit_options) }, |
0756eb3c | 62 | { "forbid_include", opt_bit | (RDON_INCLUDE << 16), |
13a4b4c1 | 63 | LOFF(bit_options) }, |
0756eb3c | 64 | { "forbid_pipe", opt_bool, |
13a4b4c1 | 65 | LOFF(forbid_pipe) }, |
23c7ff99 | 66 | { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16), |
13a4b4c1 | 67 | LOFF(bit_options) }, |
a5bd321b | 68 | { "forbid_smtp_code", opt_bool, |
13a4b4c1 | 69 | LOFF(forbid_smtp_code) }, |
0756eb3c | 70 | { "hide_child_in_errmsg", opt_bool, |
13a4b4c1 | 71 | LOFF( hide_child_in_errmsg) }, |
0756eb3c | 72 | { "ignore_eacces", opt_bit | (RDON_EACCES << 16), |
13a4b4c1 | 73 | LOFF(bit_options) }, |
0756eb3c | 74 | { "ignore_enotdir", opt_bit | (RDON_ENOTDIR << 16), |
13a4b4c1 JH |
75 | LOFF(bit_options) }, |
76 | ||
77 | { "include_directory", opt_stringptr, LOFF( include_directory) }, | |
78 | { "modemask", opt_octint, LOFF(modemask) }, | |
79 | { "one_time", opt_bool, LOFF(one_time) }, | |
80 | { "owners", opt_uidlist, LOFF(owners) }, | |
81 | { "owngroups", opt_gidlist, LOFF(owngroups) }, | |
82 | { "pipe_transport", opt_stringptr, LOFF(pipe_transport_name) }, | |
83 | { "qualify_domain", opt_stringptr, LOFF(qualify_domain) }, | |
84 | { "qualify_preserve_domain", opt_bool, LOFF(qualify_preserve_domain) }, | |
85 | { "repeat_use", opt_bool | opt_public, OPT_OFF(router_instance, repeat_use) }, | |
86 | { "reply_transport", opt_stringptr, LOFF(reply_transport_name) }, | |
87 | ||
0756eb3c | 88 | { "rewrite", opt_bit | (RDON_REWRITE << 16), |
13a4b4c1 JH |
89 | LOFF(bit_options) }, |
90 | ||
91 | { "sieve_enotify_mailto_owner", opt_stringptr, LOFF(sieve_enotify_mailto_owner) }, | |
92 | { "sieve_subaddress", opt_stringptr, LOFF(sieve_subaddress) }, | |
93 | { "sieve_useraddress", opt_stringptr, LOFF(sieve_useraddress) }, | |
94 | { "sieve_vacation_directory", opt_stringptr, LOFF(sieve_vacation_directory) }, | |
95 | { "skip_syntax_errors", opt_bool, LOFF(skip_syntax_errors) }, | |
8523533c | 96 | #ifdef EXPERIMENTAL_SRS |
13a4b4c1 JH |
97 | { "srs", opt_stringptr, LOFF(srs) }, |
98 | { "srs_alias", opt_stringptr, LOFF(srs_alias) }, | |
99 | { "srs_condition", opt_stringptr, LOFF(srs_condition) }, | |
100 | { "srs_dbinsert", opt_stringptr, LOFF(srs_dbinsert) }, | |
101 | { "srs_dbselect", opt_stringptr, LOFF(srs_dbselect) }, | |
8523533c | 102 | #endif |
13a4b4c1 JH |
103 | { "syntax_errors_text", opt_stringptr, LOFF(syntax_errors_text) }, |
104 | { "syntax_errors_to", opt_stringptr, LOFF(syntax_errors_to) } | |
0756eb3c PH |
105 | }; |
106 | ||
107 | /* Size of the options list. An extern variable has to be used so that its | |
108 | address can appear in the tables drtables.c. */ | |
109 | ||
110 | int redirect_router_options_count = | |
111 | sizeof(redirect_router_options)/sizeof(optionlist); | |
112 | ||
d185889f JH |
113 | |
114 | #ifdef MACRO_PREDEF | |
115 | ||
116 | /* Dummy entries */ | |
117 | redirect_router_options_block redirect_router_option_defaults = {0}; | |
118 | void redirect_router_init(router_instance *rblock) {} | |
119 | int redirect_router_entry(router_instance *rblock, address_item *addr, | |
120 | struct passwd *pw, int verify, address_item **addr_local, | |
121 | address_item **addr_remote, address_item **addr_new, | |
cab0c277 | 122 | address_item **addr_succeed) {return 0;} |
d185889f JH |
123 | |
124 | #else /*!MACRO_PREDEF*/ | |
125 | ||
126 | ||
127 | ||
0756eb3c PH |
128 | /* Default private options block for the redirect router. */ |
129 | ||
130 | redirect_router_options_block redirect_router_option_defaults = { | |
131 | NULL, /* directory_transport */ | |
132 | NULL, /* file_transport */ | |
133 | NULL, /* pipe_transport */ | |
134 | NULL, /* reply_transport */ | |
135 | NULL, /* data */ | |
136 | NULL, /* directory_transport_name */ | |
137 | NULL, /* file */ | |
138 | NULL, /* file_dir */ | |
139 | NULL, /* file_transport_name */ | |
140 | NULL, /* include_directory */ | |
141 | NULL, /* pipe_transport_name */ | |
142 | NULL, /* reply_transport_name */ | |
e4a89c47 PH |
143 | NULL, /* sieve_subaddress */ |
144 | NULL, /* sieve_useraddress */ | |
0756eb3c | 145 | NULL, /* sieve_vacation_directory */ |
efd9a422 | 146 | NULL, /* sieve_enotify_mailto_owner */ |
0756eb3c PH |
147 | NULL, /* syntax_errors_text */ |
148 | NULL, /* syntax_errors_to */ | |
149 | NULL, /* qualify_domain */ | |
150 | NULL, /* owners */ | |
151 | NULL, /* owngroups */ | |
8523533c TK |
152 | #ifdef EXPERIMENTAL_SRS |
153 | NULL, /* srs */ | |
8523533c | 154 | NULL, /* srs_alias */ |
384152a6 TK |
155 | NULL, /* srs_condition */ |
156 | NULL, /* srs_dbinsert */ | |
157 | NULL, /* srs_dbselect */ | |
8523533c | 158 | #endif |
0756eb3c | 159 | 022, /* modemask */ |
4608d683 | 160 | RDO_REWRITE | RDO_PREPEND_HOME, /* bit_options */ |
0756eb3c PH |
161 | FALSE, /* check_ancestor */ |
162 | TRUE_UNSET, /* check_owner */ | |
163 | TRUE_UNSET, /* check_group */ | |
164 | FALSE, /* forbid_file */ | |
165 | FALSE, /* forbid_filter_reply */ | |
166 | FALSE, /* forbid_pipe */ | |
a5bd321b | 167 | FALSE, /* forbid_smtp_code */ |
0756eb3c PH |
168 | FALSE, /* hide_child_in_errmsg */ |
169 | FALSE, /* one_time */ | |
170 | FALSE, /* qualify_preserve_domain */ | |
171 | FALSE /* skip_syntax_errors */ | |
172 | }; | |
173 | ||
174 | ||
175 | ||
176 | /************************************************* | |
177 | * Initialization entry point * | |
178 | *************************************************/ | |
179 | ||
180 | /* Called for each instance, after its options have been read, to enable | |
181 | consistency checks to be done, or anything else that needs to be set up. */ | |
182 | ||
183 | void redirect_router_init(router_instance *rblock) | |
184 | { | |
185 | redirect_router_options_block *ob = | |
186 | (redirect_router_options_block *)(rblock->options_block); | |
187 | ||
188 | /* Either file or data must be set, but not both */ | |
189 | ||
190 | if ((ob->file == NULL) == (ob->data == NULL)) | |
191 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
192 | "%sone of \"file\" or \"data\" must be specified", | |
193 | rblock->name, (ob->file == NULL)? "" : "only "); | |
194 | ||
7f45268c PH |
195 | /* Onetime aliases can only be real addresses. Headers can't be manipulated. |
196 | The combination of one_time and unseen is not allowed. We can't check the | |
197 | expansion of "unseen" here, but we assume that if it is set to anything other | |
198 | than false, there is likely to be a problem. */ | |
0756eb3c PH |
199 | |
200 | if (ob->one_time) | |
201 | { | |
202 | ob->forbid_pipe = ob->forbid_file = ob->forbid_filter_reply = TRUE; | |
acec9514 | 203 | if (rblock->extra_headers || rblock->remove_headers) |
0756eb3c PH |
204 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
205 | "\"headers_add\" and \"headers_remove\" are not permitted with " | |
206 | "\"one_time\"", rblock->name); | |
acec9514 | 207 | if (rblock->unseen || rblock->expand_unseen) |
7f45268c PH |
208 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
209 | "\"unseen\" may not be used with \"one_time\"", rblock->name); | |
0756eb3c PH |
210 | } |
211 | ||
212 | /* The defaults for check_owner and check_group depend on other settings. The | |
213 | defaults are: Check the owner if check_local_user or owners is set; check the | |
214 | group if check_local_user is set without a restriction on the group write bit, | |
215 | or if owngroups is set. */ | |
216 | ||
217 | if (ob->check_owner == TRUE_UNSET) | |
218 | ob->check_owner = rblock->check_local_user || | |
acec9514 | 219 | (ob->owners && ob->owners[0] != 0); |
0756eb3c PH |
220 | |
221 | if (ob->check_group == TRUE_UNSET) | |
222 | ob->check_group = (rblock->check_local_user && (ob->modemask & 020) == 0) || | |
223 | (ob->owngroups != NULL && ob->owngroups[0] != 0); | |
224 | ||
225 | /* If explicit qualify domain set, the preserve option is locked out */ | |
226 | ||
acec9514 | 227 | if (ob->qualify_domain && ob->qualify_preserve_domain) |
0756eb3c PH |
228 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " |
229 | "only one of \"qualify_domain\" or \"qualify_preserve_domain\" must be set", | |
230 | rblock->name); | |
231 | ||
232 | /* If allow_filter is set, either user or check_local_user must be set. */ | |
233 | ||
234 | if (!rblock->check_local_user && | |
235 | !rblock->uid_set && | |
236 | rblock->expand_uid == NULL && | |
237 | (ob->bit_options & RDO_FILTER) != 0) | |
238 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
239 | "\"user\" or \"check_local_user\" must be set with \"allow_filter\"", | |
240 | rblock->name); | |
241 | } | |
242 | ||
243 | ||
244 | ||
245 | /************************************************* | |
246 | * Get errors address and header mods * | |
247 | *************************************************/ | |
248 | ||
249 | /* This function is called when new addresses are generated, in order to | |
250 | sort out errors address and header modifications. We put the errors address | |
251 | into the parent address (even though it is never used from there because that | |
252 | address is never transported) so that it can be retrieved if any of the | |
253 | children gets routed by an "unseen" router. The clone of the child that is | |
254 | passed on must have the original errors_address value. | |
255 | ||
256 | Arguments: | |
257 | rblock the router control block | |
258 | addr the address being routed | |
fd6de02e | 259 | verify v_none/v_recipient/v_sender/v_expn |
0756eb3c PH |
260 | addr_prop point to the propagated block, which is where the |
261 | new values are to be placed | |
262 | ||
263 | Returns: the result of rf_get_errors_address() or rf_get_munge_headers(), | |
264 | which is either OK or DEFER | |
265 | */ | |
266 | ||
267 | static int | |
268 | sort_errors_and_headers(router_instance *rblock, address_item *addr, | |
fd6de02e | 269 | int verify, address_item_propagated *addr_prop) |
0756eb3c PH |
270 | { |
271 | int frc = rf_get_errors_address(addr, rblock, verify, | |
d43cbe25 | 272 | &addr_prop->errors_address); |
0756eb3c | 273 | if (frc != OK) return frc; |
d43cbe25 JH |
274 | addr->prop.errors_address = addr_prop->errors_address; |
275 | return rf_get_munge_headers(addr, rblock, &addr_prop->extra_headers, | |
276 | &addr_prop->remove_headers); | |
0756eb3c PH |
277 | } |
278 | ||
279 | ||
280 | ||
281 | /************************************************* | |
282 | * Process a set of generated new addresses * | |
283 | *************************************************/ | |
284 | ||
285 | /* This function sets up a set of newly generated child addresses and puts them | |
286 | on the new address chain. Copy in the uid, gid and permission flags for use by | |
287 | pipes and files, set the parent, and "or" its af_ignore_error flag. Also record | |
288 | the setting for any starting router. | |
289 | ||
290 | If the generated address is the same as one of its ancestors, and the | |
291 | check_ancestor flag is set, do not use this generated address, but replace it | |
292 | with a copy of the input address. This is to cope with cases where A is aliased | |
293 | to B and B has a .forward file pointing to A, though it is usually set on the | |
294 | forwardfile rather than the aliasfile. We can't just pass on the old | |
295 | address by returning FAIL, because it must act as a general parent for | |
296 | generated addresses, and only get marked "done" when all its children are | |
297 | delivered. | |
298 | ||
299 | Arguments: | |
300 | rblock router block | |
301 | addr_new new address chain | |
302 | addr original address | |
303 | generated list of generated addresses | |
304 | addr_prop the propagated block, containing the errors_address, | |
305 | header modification stuff, and address_data | |
306 | ugidptr points to uid/gid data for files, pipes, autoreplies | |
307 | pw password entry, set if ob->check_local_user is TRUE | |
308 | ||
309 | Returns: nothing | |
310 | */ | |
311 | ||
312 | static void | |
313 | add_generated(router_instance *rblock, address_item **addr_new, | |
314 | address_item *addr, address_item *generated, | |
315 | address_item_propagated *addr_prop, ugid_block *ugidptr, struct passwd *pw) | |
316 | { | |
317 | redirect_router_options_block *ob = | |
318 | (redirect_router_options_block *)(rblock->options_block); | |
319 | ||
d1f9fb42 | 320 | while (generated) |
0756eb3c PH |
321 | { |
322 | address_item *parent; | |
323 | address_item *next = generated; | |
d43cbe25 | 324 | uschar *errors_address = next->prop.errors_address; |
0756eb3c PH |
325 | |
326 | generated = next->next; | |
327 | next->parent = addr; | |
0756eb3c | 328 | next->start_router = rblock->redirect_router; |
82f90600 | 329 | if (addr->child_count == USHRT_MAX) |
4362ff0d | 330 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " |
82f90600 | 331 | "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address); |
0756eb3c PH |
332 | addr->child_count++; |
333 | ||
334 | next->next = *addr_new; | |
335 | *addr_new = next; | |
336 | ||
337 | /* Don't do the "one_time" thing for the first pass of a 2-stage queue run. */ | |
338 | ||
8768d548 | 339 | if (ob->one_time && !f.queue_2stage) |
0756eb3c | 340 | { |
d1f9fb42 | 341 | for (parent = addr; parent->parent; parent = parent->parent) ; |
0756eb3c PH |
342 | next->onetime_parent = parent->address; |
343 | } | |
344 | ||
345 | if (ob->hide_child_in_errmsg) setflag(next, af_hide_child); | |
346 | ||
347 | /* If check_ancestor is set, we want to know if any ancestor of this address | |
348 | is the address we are about to generate. The check must be done caselessly | |
349 | unless the ancestor was routed by a case-sensitive router. */ | |
350 | ||
351 | if (ob->check_ancestor) | |
d1f9fb42 JH |
352 | for (parent = addr; parent; parent = parent->parent) |
353 | if ((parent->router && parent->router->caseful_local_part | |
354 | ? Ustrcmp(next->address, parent->address) | |
355 | : strcmpic(next->address, parent->address) | |
0756eb3c PH |
356 | ) == 0) |
357 | { | |
358 | DEBUG(D_route) debug_printf("generated parent replaced by child\n"); | |
359 | next->address = string_copy(addr->address); | |
360 | break; | |
361 | } | |
0756eb3c PH |
362 | |
363 | /* A user filter may, under some circumstances, set up an errors address. | |
364 | If so, we must take care to re-instate it when we copy in the propagated | |
365 | data so that it overrides any errors_to setting on the router. */ | |
366 | ||
7eb0e5d2 JH |
367 | { |
368 | BOOL ignore_error = next->prop.ignore_error; | |
369 | next->prop = *addr_prop; | |
a5853d7c | 370 | next->prop.ignore_error = ignore_error || addr->prop.ignore_error; |
7eb0e5d2 JH |
371 | } |
372 | if (errors_address) next->prop.errors_address = errors_address; | |
0756eb3c PH |
373 | |
374 | /* For pipes, files, and autoreplies, record this router as handling them, | |
375 | because they don't go through the routing process again. Then set up uid, | |
376 | gid, home and current directories for transporting. */ | |
377 | ||
378 | if (testflag(next, af_pfr)) | |
379 | { | |
380 | next->router = rblock; | |
381 | rf_set_ugid(next, ugidptr); /* Will contain pw values if not overridden */ | |
382 | ||
383 | /* When getting the home directory out of the password information, wrap it | |
384 | in \N...\N to avoid expansion later. In Cygwin, home directories can | |
385 | contain $ characters. */ | |
386 | ||
387 | if (rblock->home_directory != NULL) | |
388 | next->home_dir = rblock->home_directory; | |
389 | else if (rblock->check_local_user) | |
390 | next->home_dir = string_sprintf("\\N%s\\N", pw->pw_dir); | |
391 | else if (rblock->router_home_directory != NULL && | |
392 | testflag(addr, af_home_expanded)) | |
393 | { | |
394 | next->home_dir = deliver_home; | |
395 | setflag(next, af_home_expanded); | |
396 | } | |
397 | ||
398 | next->current_dir = rblock->current_directory; | |
399 | ||
400 | /* Permission options */ | |
401 | ||
402 | if (!ob->forbid_pipe) setflag(next, af_allow_pipe); | |
403 | if (!ob->forbid_file) setflag(next, af_allow_file); | |
404 | if (!ob->forbid_filter_reply) setflag(next, af_allow_reply); | |
405 | ||
406 | /* If the transport setting fails, the error gets picked up at the outer | |
407 | level from the setting of basic_errno in the address. */ | |
408 | ||
409 | if (next->address[0] == '|') | |
410 | { | |
411 | address_pipe = next->address; | |
412 | if (rf_get_transport(ob->pipe_transport_name, &(ob->pipe_transport), | |
413 | next, rblock->name, US"pipe_transport")) | |
414 | next->transport = ob->pipe_transport; | |
415 | address_pipe = NULL; | |
416 | } | |
417 | else if (next->address[0] == '>') | |
418 | { | |
419 | if (rf_get_transport(ob->reply_transport_name, &(ob->reply_transport), | |
420 | next, rblock->name, US"reply_transport")) | |
421 | next->transport = ob->reply_transport; | |
422 | } | |
423 | else /* must be file or directory */ | |
424 | { | |
425 | int len = Ustrlen(next->address); | |
426 | address_file = next->address; | |
427 | if (next->address[len-1] == '/') | |
428 | { | |
429 | if (rf_get_transport(ob->directory_transport_name, | |
430 | &(ob->directory_transport), next, rblock->name, | |
431 | US"directory_transport")) | |
432 | next->transport = ob->directory_transport; | |
433 | } | |
434 | else | |
435 | { | |
436 | if (rf_get_transport(ob->file_transport_name, &(ob->file_transport), | |
437 | next, rblock->name, US"file_transport")) | |
438 | next->transport = ob->file_transport; | |
439 | } | |
440 | address_file = NULL; | |
441 | } | |
442 | } | |
443 | ||
8c5d388a | 444 | #ifdef SUPPORT_I18N |
e6532c4a JH |
445 | if (!next->prop.utf8_msg) |
446 | next->prop.utf8_msg = string_is_utf8(next->address) | |
447 | || (sender_address && string_is_utf8(sender_address)); | |
f923454a JH |
448 | #endif |
449 | ||
0756eb3c PH |
450 | DEBUG(D_route) |
451 | { | |
452 | debug_printf("%s router generated %s\n %serrors_to=%s transport=%s\n", | |
453 | rblock->name, | |
454 | next->address, | |
455 | testflag(next, af_pfr)? "pipe, file, or autoreply\n " : "", | |
d43cbe25 | 456 | next->prop.errors_address, |
0756eb3c PH |
457 | (next->transport == NULL)? US"NULL" : next->transport->name); |
458 | ||
459 | if (testflag(next, af_uid_set)) | |
460 | debug_printf(" uid=%ld ", (long int)(next->uid)); | |
461 | else | |
462 | debug_printf(" uid=unset "); | |
463 | ||
464 | if (testflag(next, af_gid_set)) | |
465 | debug_printf("gid=%ld ", (long int)(next->gid)); | |
466 | else | |
467 | debug_printf("gid=unset "); | |
468 | ||
8c5d388a | 469 | #ifdef SUPPORT_I18N |
3c8b3577 | 470 | if (next->prop.utf8_msg) debug_printf("utf8 "); |
f923454a JH |
471 | #endif |
472 | ||
0756eb3c PH |
473 | debug_printf("home=%s\n", next->home_dir); |
474 | } | |
475 | } | |
476 | } | |
477 | ||
478 | ||
479 | /************************************************* | |
480 | * Main entry point * | |
481 | *************************************************/ | |
482 | ||
483 | /* See local README for interface description. This router returns: | |
484 | ||
485 | DECLINE | |
486 | . empty address list, or filter did nothing significant | |
487 | ||
488 | DEFER | |
489 | . verifying the errors address caused a deferment or a big disaster such | |
490 | as an expansion failure (rf_get_errors_address) | |
491 | . expanding a headers_{add,remove} string caused a deferment or another | |
492 | expansion error (rf_get_munge_headers) | |
493 | . :defer: or "freeze" in a filter | |
494 | . error in address list or filter | |
495 | . skipped syntax errors, but failed to send the message | |
496 | ||
497 | DISCARD | |
498 | . address was :blackhole:d or "seen finish"ed | |
499 | ||
500 | FAIL | |
501 | . :fail: | |
502 | ||
503 | OK | |
504 | . new addresses added to addr_new | |
505 | */ | |
506 | ||
507 | int redirect_router_entry( | |
508 | router_instance *rblock, /* data for this instantiation */ | |
509 | address_item *addr, /* address we are working on */ | |
510 | struct passwd *pw, /* passwd entry after check_local_user */ | |
fd6de02e | 511 | int verify, /* v_none/v_recipient/v_sender/v_expn */ |
0756eb3c PH |
512 | address_item **addr_local, /* add it to this if it's local */ |
513 | address_item **addr_remote, /* add it to this if it's remote */ | |
514 | address_item **addr_new, /* put new addresses on here */ | |
515 | address_item **addr_succeed) /* put old address here on success */ | |
516 | { | |
517 | redirect_router_options_block *ob = | |
518 | (redirect_router_options_block *)(rblock->options_block); | |
519 | address_item *generated = NULL; | |
55414b25 | 520 | const uschar *save_qualify_domain_recipient = qualify_domain_recipient; |
0756eb3c PH |
521 | uschar *discarded = US"discarded"; |
522 | address_item_propagated addr_prop; | |
523 | error_block *eblock = NULL; | |
524 | ugid_block ugid; | |
525 | redirect_block redirect; | |
526 | int filtertype = FILTER_UNSET; | |
527 | int yield = OK; | |
528 | int options = ob->bit_options; | |
529 | int frc = 0; | |
530 | int xrc = 0; | |
531 | ||
532 | addr_local = addr_local; /* Keep picky compilers happy */ | |
533 | addr_remote = addr_remote; | |
534 | ||
535 | /* Initialize the data to be propagated to the children */ | |
536 | ||
537 | addr_prop.address_data = deliver_address_data; | |
538 | addr_prop.domain_data = deliver_domain_data; | |
539 | addr_prop.localpart_data = deliver_localpart_data; | |
540 | addr_prop.errors_address = NULL; | |
541 | addr_prop.extra_headers = NULL; | |
542 | addr_prop.remove_headers = NULL; | |
b4f579d1 JH |
543 | addr_prop.variables = NULL; |
544 | tree_dup((tree_node **)&addr_prop.variables, addr->prop.variables); | |
0756eb3c | 545 | |
384152a6 TK |
546 | #ifdef EXPERIMENTAL_SRS |
547 | addr_prop.srs_sender = NULL; | |
548 | #endif | |
cb570b5e | 549 | #ifdef SUPPORT_I18N |
e6532c4a JH |
550 | addr_prop.utf8_msg = addr->prop.utf8_msg; |
551 | addr_prop.utf8_downcvt = addr->prop.utf8_downcvt; | |
552 | addr_prop.utf8_downcvt_maybe = addr->prop.utf8_downcvt_maybe; | |
cb570b5e JH |
553 | #endif |
554 | ||
384152a6 | 555 | |
0756eb3c PH |
556 | /* When verifying and testing addresses, the "logwrite" command in filters |
557 | must be bypassed. */ | |
558 | ||
8768d548 | 559 | if (verify == v_none && !f.address_test_mode) options |= RDO_REALLOG; |
0756eb3c PH |
560 | |
561 | /* Sort out the fixed or dynamic uid/gid. This uid is used (a) for reading the | |
562 | file (and interpreting a filter) and (b) for running the transports for | |
563 | generated file and pipe addresses. It is not (necessarily) the same as the uids | |
564 | that may own the file. Exim panics if an expanded string is not a number and | |
565 | can't be found in the password file. Other errors set the freezing bit. */ | |
566 | ||
567 | if (!rf_get_ugid(rblock, addr, &ugid)) return DEFER; | |
568 | ||
569 | if (!ugid.uid_set && pw != NULL) | |
570 | { | |
571 | ugid.uid = pw->pw_uid; | |
572 | ugid.uid_set = TRUE; | |
573 | } | |
574 | ||
575 | if (!ugid.gid_set && pw != NULL) | |
576 | { | |
577 | ugid.gid = pw->pw_gid; | |
578 | ugid.gid_set = TRUE; | |
579 | } | |
580 | ||
8523533c | 581 | #ifdef EXPERIMENTAL_SRS |
384152a6 TK |
582 | /* Perform SRS on recipient/return-path as required */ |
583 | ||
8523533c TK |
584 | if(ob->srs != NULL) |
585 | { | |
586 | BOOL usesrs = TRUE; | |
8e669ac1 | 587 | |
8523533c TK |
588 | if(ob->srs_condition != NULL) |
589 | usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL); | |
8e669ac1 | 590 | |
8523533c | 591 | if(usesrs) |
384152a6 | 592 | { |
5614ee86 | 593 | int srs_action = 0, n_srs; |
384152a6 TK |
594 | uschar *res; |
595 | uschar *usedomain; | |
596 | ||
597 | /* What are we doing? */ | |
598 | if(Ustrcmp(ob->srs, "forward") == 0) | |
599 | srs_action = 1; | |
600 | else if(Ustrcmp(ob->srs, "reverseandforward") == 0) | |
8523533c | 601 | { |
384152a6 | 602 | srs_action = 3; |
8e669ac1 | 603 | |
384152a6 TK |
604 | if((ob->srs_dbinsert == NULL) ^ (ob->srs_dbselect == NULL)) |
605 | return DEFER; | |
606 | } | |
607 | else if(Ustrcmp(ob->srs, "reverse") == 0) | |
608 | srs_action = 2; | |
609 | ||
610 | /* Reverse SRS */ | |
611 | if(srs_action & 2) | |
612 | { | |
8523533c | 613 | srs_orig_recipient = addr->address; |
384152a6 | 614 | |
8523533c | 615 | eximsrs_init(); |
384152a6 TK |
616 | if(ob->srs_dbselect) |
617 | eximsrs_db_set(TRUE, ob->srs_dbselect); | |
130e9641 | 618 | /* Comment this out for now... |
384152a6 TK |
619 | // else |
620 | // eximsrs_db_set(TRUE, NULL); | |
130e9641 | 621 | */ |
384152a6 TK |
622 | |
623 | if((n_srs = eximsrs_reverse(&res, addr->address)) == OK) | |
624 | { | |
625 | srs_recipient = res; | |
626 | DEBUG(D_any) | |
627 | debug_printf("SRS (reverse): Recipient '%s' rewritten to '%s'\n", srs_orig_recipient, srs_recipient); | |
628 | } | |
629 | ||
630 | eximsrs_done(); | |
631 | ||
632 | if(n_srs != OK) | |
8523533c | 633 | return n_srs; |
384152a6 TK |
634 | } |
635 | ||
636 | /* Forward SRS */ | |
637 | /* No point in actually performing SRS if we are just verifying a recipient */ | |
fd6de02e PH |
638 | if((srs_action & 1) && verify == v_none && |
639 | (sender_address ? sender_address[0] != 0 : FALSE)) | |
384152a6 TK |
640 | { |
641 | ||
642 | srs_orig_sender = sender_address; | |
643 | eximsrs_init(); | |
644 | if(ob->srs_dbinsert) | |
645 | eximsrs_db_set(FALSE, ob->srs_dbinsert); | |
130e9641 | 646 | /* Comment this out for now... |
384152a6 TK |
647 | // else |
648 | // eximsrs_db_set(FALSE, NULL); | |
130e9641 | 649 | */ |
384152a6 | 650 | |
dc8091e7 JH |
651 | if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL)) |
652 | usedomain = string_copy(deliver_domain); | |
384152a6 TK |
653 | |
654 | if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK) | |
655 | { | |
656 | addr_prop.srs_sender = res; | |
657 | DEBUG(D_any) | |
658 | debug_printf("SRS (forward): Sender '%s' rewritten to '%s'\n", srs_orig_sender, res); | |
659 | } | |
660 | ||
8523533c | 661 | eximsrs_done(); |
384152a6 TK |
662 | |
663 | if(n_srs != OK) | |
664 | return n_srs; | |
8523533c | 665 | } |
384152a6 | 666 | } |
8523533c TK |
667 | } |
668 | #endif | |
669 | ||
0756eb3c PH |
670 | /* Call the function that interprets redirection data, either inline or from a |
671 | file. This is a separate function so that the system filter can use it. It will | |
672 | run the function in a subprocess if necessary. If qualify_preserve_domain is | |
673 | set, temporarily reset qualify_domain_recipient to the current domain so that | |
674 | any unqualified addresses get qualified with the same domain as the incoming | |
675 | address. Otherwise, if a local qualify_domain is provided, set that up. */ | |
676 | ||
677 | if (ob->qualify_preserve_domain) | |
678 | qualify_domain_recipient = addr->domain; | |
f3ebb786 | 679 | else if (ob->qualify_domain) |
0756eb3c PH |
680 | { |
681 | uschar *new_qdr = rf_expand_data(addr, ob->qualify_domain, &xrc); | |
f3ebb786 | 682 | if (!new_qdr) return xrc; |
0756eb3c PH |
683 | qualify_domain_recipient = new_qdr; |
684 | } | |
685 | ||
686 | redirect.owners = ob->owners; | |
687 | redirect.owngroups = ob->owngroups; | |
688 | redirect.modemask = ob->modemask; | |
689 | redirect.check_owner = ob->check_owner; | |
690 | redirect.check_group = ob->check_group; | |
691 | redirect.pw = pw; | |
692 | ||
f3ebb786 JH |
693 | redirect.string = (redirect.isfile = (ob->file != NULL)) |
694 | ? ob->file : ob->data; | |
0756eb3c PH |
695 | |
696 | frc = rda_interpret(&redirect, options, ob->include_directory, | |
efd9a422 MH |
697 | ob->sieve_vacation_directory, ob->sieve_enotify_mailto_owner, |
698 | ob->sieve_useraddress, ob->sieve_subaddress, &ugid, &generated, | |
699 | &(addr->message), ob->skip_syntax_errors? &eblock : NULL, &filtertype, | |
700 | string_sprintf("%s router (recipient is %s)", rblock->name, addr->address)); | |
0756eb3c PH |
701 | |
702 | qualify_domain_recipient = save_qualify_domain_recipient; | |
703 | ||
704 | /* Handle exceptional returns from filtering or processing an address list. | |
705 | For FAIL and FREEZE we honour any previously set up deliveries by a filter. */ | |
706 | ||
707 | switch (frc) | |
708 | { | |
709 | case FF_NONEXIST: | |
f3ebb786 JH |
710 | addr->message = addr->user_message = NULL; |
711 | return DECLINE; | |
0756eb3c PH |
712 | |
713 | case FF_BLACKHOLE: | |
f3ebb786 JH |
714 | DEBUG(D_route) debug_printf("address :blackhole:d\n"); |
715 | generated = NULL; | |
716 | discarded = US":blackhole:"; | |
717 | frc = FF_DELIVERED; | |
718 | break; | |
0756eb3c | 719 | |
f3ebb786 JH |
720 | /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands |
721 | (:defer: or :fail: in an alias file or "fail" in a filter). If a configured | |
722 | message was supplied, allow it to be included in an SMTP response after | |
723 | verifying. Remove any SMTP code if it is not allowed. */ | |
0756eb3c PH |
724 | |
725 | case FF_DEFER: | |
f3ebb786 JH |
726 | yield = DEFER; |
727 | goto SORT_MESSAGE; | |
0756eb3c PH |
728 | |
729 | case FF_FAIL: | |
f3ebb786 JH |
730 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) |
731 | return xrc; | |
732 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
733 | yield = FAIL; | |
734 | ||
735 | SORT_MESSAGE: | |
736 | if (!addr->message) | |
737 | addr->message = yield == FAIL ? US"forced rejection" : US"forced defer"; | |
738 | else | |
a5bd321b | 739 | { |
f3ebb786 JH |
740 | int ovector[3]; |
741 | if (ob->forbid_smtp_code && | |
742 | pcre_exec(regex_smtp_code, NULL, CS addr->message, | |
743 | Ustrlen(addr->message), 0, PCRE_EOPT, | |
744 | ovector, sizeof(ovector)/sizeof(int)) >= 0) | |
745 | { | |
746 | DEBUG(D_route) debug_printf("SMTP code at start of error message " | |
747 | "is ignored because forbid_smtp_code is set\n"); | |
748 | addr->message += ovector[1]; | |
749 | } | |
750 | addr->user_message = addr->message; | |
751 | setflag(addr, af_pass_message); | |
a5bd321b | 752 | } |
f3ebb786 | 753 | return yield; |
0756eb3c | 754 | |
f3ebb786 JH |
755 | /* As in the case of a system filter, a freeze does not happen after a manual |
756 | thaw. In case deliveries were set up by the filter, we set the child count | |
757 | high so that their completion does not mark the original address done. */ | |
0756eb3c PH |
758 | |
759 | case FF_FREEZE: | |
f3ebb786 JH |
760 | if (!f.deliver_manual_thaw) |
761 | { | |
762 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) | |
763 | != OK) return xrc; | |
764 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
765 | if (addr->message == NULL) addr->message = US"frozen by filter"; | |
766 | addr->special_action = SPECIAL_FREEZE; | |
767 | addr->child_count = 9999; | |
768 | return DEFER; | |
769 | } | |
770 | frc = FF_NOTDELIVERED; | |
771 | break; | |
0756eb3c | 772 | |
f3ebb786 | 773 | /* Handle syntax errors and :include: failures and lookup defers */ |
0756eb3c PH |
774 | |
775 | case FF_ERROR: | |
776 | case FF_INCLUDEFAIL: | |
777 | ||
f3ebb786 JH |
778 | /* If filtertype is still FILTER_UNSET, it means that the redirection data |
779 | was never inspected, so the error was an expansion failure or failure to open | |
780 | the file, or whatever. In these cases, the existing error message is probably | |
781 | sufficient. */ | |
0756eb3c | 782 | |
f3ebb786 | 783 | if (filtertype == FILTER_UNSET) return DEFER; |
0756eb3c | 784 | |
f3ebb786 JH |
785 | /* If it was a filter and skip_syntax_errors is set, we want to set up |
786 | the error message so that it can be logged and mailed to somebody. */ | |
0756eb3c | 787 | |
f3ebb786 JH |
788 | if (filtertype != FILTER_FORWARD && ob->skip_syntax_errors) |
789 | { | |
790 | eblock = store_get(sizeof(error_block), FALSE); | |
791 | eblock->next = NULL; | |
792 | eblock->text1 = addr->message; | |
793 | eblock->text2 = NULL; | |
794 | addr->message = addr->user_message = NULL; | |
795 | } | |
0756eb3c | 796 | |
f3ebb786 | 797 | /* Otherwise set up the error for the address and defer. */ |
0756eb3c | 798 | |
f3ebb786 JH |
799 | else |
800 | { | |
801 | addr->basic_errno = ERRNO_BADREDIRECT; | |
802 | addr->message = string_sprintf("error in %s %s: %s", | |
803 | filtertype == FILTER_FORWARD ? "redirect" : "filter", | |
804 | ob->data ? "data" : "file", | |
805 | addr->message); | |
806 | return DEFER; | |
807 | } | |
0756eb3c PH |
808 | } |
809 | ||
810 | ||
811 | /* Yield is either FF_DELIVERED (significant action) or FF_NOTDELIVERED (no | |
812 | significant action). Before dealing with these, however, we must handle the | |
813 | effect of skip_syntax_errors. | |
814 | ||
815 | If skip_syntax_errors was set and there were syntax errors in an address list, | |
816 | error messages will be present in eblock. Log them and send a message if so | |
817 | configured. We cannot do this earlier, because the error message must not be | |
818 | sent as the local user. If there were no valid addresses, generated will be | |
819 | NULL. In this case, the router declines. | |
820 | ||
821 | For a filter file, the error message has been fudged into an eblock. After | |
822 | dealing with it, the router declines. */ | |
823 | ||
824 | if (eblock != NULL) | |
825 | { | |
826 | if (!moan_skipped_syntax_errors( | |
fd6de02e PH |
827 | rblock->name, /* For message content */ |
828 | eblock, /* Ditto */ | |
8768d548 | 829 | (verify != v_none || f.address_test_mode)? |
fd6de02e PH |
830 | NULL : ob->syntax_errors_to, /* Who to mail */ |
831 | generated != NULL, /* True if not all failed */ | |
832 | ob->syntax_errors_text)) /* Custom message */ | |
0756eb3c PH |
833 | return DEFER; |
834 | ||
835 | if (filtertype != FILTER_FORWARD || generated == NULL) | |
836 | { | |
837 | addr->message = US"syntax error in redirection data"; | |
838 | return DECLINE; | |
839 | } | |
840 | } | |
841 | ||
842 | /* Sort out the errors address and any header modifications, and handle the | |
843 | generated addresses, if any. If there are no generated addresses, we must avoid | |
844 | calling sort_errors_and_headers() in case this router declines - that function | |
845 | may modify the errors_address field in the current address, and we don't want | |
846 | to do that for a decline. */ | |
847 | ||
848 | if (generated != NULL) | |
849 | { | |
850 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) | |
851 | return xrc; | |
852 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
853 | } | |
854 | ||
855 | /* FF_DELIVERED with no generated addresses is what we get when an address list | |
856 | contains :blackhole: or a filter contains "seen finish" without having | |
857 | generated anything. Log what happened to this address, and return DISCARD. */ | |
858 | ||
859 | if (frc == FF_DELIVERED) | |
860 | { | |
8768d548 | 861 | if (generated == NULL && verify == v_none && !f.address_test_mode) |
0756eb3c PH |
862 | { |
863 | log_write(0, LOG_MAIN, "=> %s <%s> R=%s", discarded, addr->address, | |
864 | rblock->name); | |
865 | yield = DISCARD; | |
866 | } | |
867 | } | |
868 | ||
869 | /* For an address list, FF_NOTDELIVERED always means that no addresses were | |
870 | generated. For a filter, addresses may or may not have been generated. If none | |
871 | were, it's the same as an empty address list, and the router declines. However, | |
872 | if addresses were generated, we can't just decline because successful delivery | |
873 | of the base address gets it marked "done", so deferred generated addresses | |
874 | never get tried again. We have to generate a new version of the base address, | |
875 | as if there were a "deliver" command in the filter file, with the original | |
876 | address as parent. */ | |
877 | ||
878 | else | |
879 | { | |
880 | address_item *next; | |
881 | ||
882 | if (generated == NULL) return DECLINE; | |
883 | ||
884 | next = deliver_make_addr(addr->address, FALSE); | |
885 | next->parent = addr; | |
886 | addr->child_count++; | |
887 | next->next = *addr_new; | |
888 | *addr_new = next; | |
889 | ||
7eb0e5d2 | 890 | /* Set the data that propagates. */ |
0756eb3c | 891 | |
d43cbe25 | 892 | next->prop = addr_prop; |
0756eb3c PH |
893 | |
894 | DEBUG(D_route) debug_printf("%s router autogenerated %s\n%s%s%s", | |
895 | rblock->name, | |
896 | next->address, | |
897 | (addr_prop.errors_address != NULL)? " errors to " : "", | |
898 | (addr_prop.errors_address != NULL)? addr_prop.errors_address : US"", | |
899 | (addr_prop.errors_address != NULL)? "\n" : ""); | |
900 | } | |
901 | ||
902 | /* Control gets here only when the address has been completely handled. Put the | |
903 | original address onto the succeed queue so that any retry items that get | |
904 | attached to it get processed. */ | |
905 | ||
906 | addr->next = *addr_succeed; | |
907 | *addr_succeed = addr; | |
908 | ||
909 | return yield; | |
910 | } | |
911 | ||
d185889f | 912 | #endif /*!MACRO_PREDEF*/ |
0756eb3c | 913 | /* End of routers/redirect.c */ |