Commit | Line | Data |
---|---|---|
e4a89c47 | 1 | /* $Cambridge: exim/src/src/routers/redirect.c,v 1.9 2005/04/06 14:40:24 ph10 Exp $ */ |
0756eb3c PH |
2 | |
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
c988f1f4 | 7 | /* Copyright (c) University of Cambridge 1995 - 2005 */ |
0756eb3c PH |
8 | /* See the file NOTICE for conditions of use and distribution. */ |
9 | ||
10 | ||
11 | #include "../exim.h" | |
12 | #include "rf_functions.h" | |
13 | #include "redirect.h" | |
14 | ||
15 | ||
16 | ||
17 | /* Options specific to the redirect router. */ | |
18 | ||
19 | optionlist redirect_router_options[] = { | |
20 | { "allow_defer", opt_bit | (RDON_DEFER << 16), | |
21 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
22 | { "allow_fail", opt_bit | (RDON_FAIL << 16), | |
23 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
24 | { "allow_filter", opt_bit | (RDON_FILTER << 16), | |
25 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
26 | { "allow_freeze", opt_bit | (RDON_FREEZE << 16), | |
27 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
28 | { "check_ancestor", opt_bool, | |
29 | (void *)offsetof(redirect_router_options_block, check_ancestor) }, | |
30 | { "check_group", opt_bool, | |
31 | (void *)offsetof(redirect_router_options_block, check_group) }, | |
32 | { "check_owner", opt_bool, | |
33 | (void *)offsetof(redirect_router_options_block, check_owner) }, | |
34 | { "data", opt_stringptr, | |
35 | (void *)offsetof(redirect_router_options_block, data) }, | |
36 | { "directory_transport",opt_stringptr, | |
37 | (void *)offsetof(redirect_router_options_block, directory_transport_name) }, | |
38 | { "file", opt_stringptr, | |
39 | (void *)offsetof(redirect_router_options_block, file) }, | |
40 | { "file_transport", opt_stringptr, | |
41 | (void *)offsetof(redirect_router_options_block, file_transport_name) }, | |
42 | { "forbid_blackhole", opt_bit | (RDON_BLACKHOLE << 16), | |
43 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
23c7ff99 PH |
44 | { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16), |
45 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
0756eb3c PH |
46 | { "forbid_file", opt_bool, |
47 | (void *)offsetof(redirect_router_options_block, forbid_file) }, | |
1a46a8c5 PH |
48 | { "forbid_filter_dlfunc", opt_bit | (RDON_DLFUNC << 16), |
49 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
0756eb3c PH |
50 | { "forbid_filter_existstest", opt_bit | (RDON_EXISTS << 16), |
51 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
52 | { "forbid_filter_logwrite",opt_bit | (RDON_LOG << 16), | |
53 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
54 | { "forbid_filter_lookup", opt_bit | (RDON_LOOKUP << 16), | |
55 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
0756eb3c PH |
56 | { "forbid_filter_perl", opt_bit | (RDON_PERL << 16), |
57 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
0756eb3c PH |
58 | { "forbid_filter_readfile", opt_bit | (RDON_READFILE << 16), |
59 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
60 | { "forbid_filter_readsocket", opt_bit | (RDON_READSOCK << 16), | |
61 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
62 | { "forbid_filter_reply",opt_bool, | |
63 | (void *)offsetof(redirect_router_options_block, forbid_filter_reply) }, | |
64 | { "forbid_filter_run", opt_bit | (RDON_RUN << 16), | |
65 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
66 | { "forbid_include", opt_bit | (RDON_INCLUDE << 16), | |
67 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
68 | { "forbid_pipe", opt_bool, | |
69 | (void *)offsetof(redirect_router_options_block, forbid_pipe) }, | |
23c7ff99 PH |
70 | { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16), |
71 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
0756eb3c PH |
72 | { "hide_child_in_errmsg", opt_bool, |
73 | (void *)offsetof(redirect_router_options_block, hide_child_in_errmsg) }, | |
74 | { "ignore_eacces", opt_bit | (RDON_EACCES << 16), | |
75 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
76 | { "ignore_enotdir", opt_bit | (RDON_ENOTDIR << 16), | |
77 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
78 | { "include_directory", opt_stringptr, | |
79 | (void *)offsetof(redirect_router_options_block, include_directory) }, | |
80 | { "modemask", opt_octint, | |
81 | (void *)offsetof(redirect_router_options_block, modemask) }, | |
82 | { "one_time", opt_bool, | |
83 | (void *)offsetof(redirect_router_options_block, one_time) }, | |
84 | { "owners", opt_uidlist, | |
85 | (void *)offsetof(redirect_router_options_block, owners) }, | |
86 | { "owngroups", opt_gidlist, | |
87 | (void *)offsetof(redirect_router_options_block, owngroups) }, | |
88 | { "pipe_transport", opt_stringptr, | |
89 | (void *)offsetof(redirect_router_options_block, pipe_transport_name) }, | |
90 | { "qualify_domain", opt_stringptr, | |
91 | (void *)offsetof(redirect_router_options_block, qualify_domain) }, | |
92 | { "qualify_preserve_domain", opt_bool, | |
93 | (void *)offsetof(redirect_router_options_block, qualify_preserve_domain) }, | |
94 | { "repeat_use", opt_bool | opt_public, | |
95 | (void *)offsetof(router_instance, repeat_use) }, | |
96 | { "reply_transport", opt_stringptr, | |
97 | (void *)offsetof(redirect_router_options_block, reply_transport_name) }, | |
98 | { "rewrite", opt_bit | (RDON_REWRITE << 16), | |
99 | (void *)offsetof(redirect_router_options_block, bit_options) }, | |
e4a89c47 PH |
100 | { "sieve_subaddress", opt_stringptr, |
101 | (void *)offsetof(redirect_router_options_block, sieve_subaddress) }, | |
102 | { "sieve_useraddress", opt_stringptr, | |
103 | (void *)offsetof(redirect_router_options_block, sieve_useraddress) }, | |
0756eb3c PH |
104 | { "sieve_vacation_directory", opt_stringptr, |
105 | (void *)offsetof(redirect_router_options_block, sieve_vacation_directory) }, | |
106 | { "skip_syntax_errors", opt_bool, | |
107 | (void *)offsetof(redirect_router_options_block, skip_syntax_errors) }, | |
8523533c TK |
108 | #ifdef EXPERIMENTAL_SRS |
109 | { "srs", opt_stringptr, | |
110 | (void *)offsetof(redirect_router_options_block, srs) }, | |
111 | { "srs_alias", opt_stringptr, | |
112 | (void *)offsetof(redirect_router_options_block, srs_alias) }, | |
113 | { "srs_condition", opt_stringptr, | |
114 | (void *)offsetof(redirect_router_options_block, srs_condition) }, | |
115 | { "srs_db", opt_stringptr, | |
116 | (void *)offsetof(redirect_router_options_block, srs_db) }, | |
117 | #endif | |
0756eb3c PH |
118 | { "syntax_errors_text", opt_stringptr, |
119 | (void *)offsetof(redirect_router_options_block, syntax_errors_text) }, | |
120 | { "syntax_errors_to", opt_stringptr, | |
121 | (void *)offsetof(redirect_router_options_block, syntax_errors_to) } | |
122 | }; | |
123 | ||
124 | /* Size of the options list. An extern variable has to be used so that its | |
125 | address can appear in the tables drtables.c. */ | |
126 | ||
127 | int redirect_router_options_count = | |
128 | sizeof(redirect_router_options)/sizeof(optionlist); | |
129 | ||
130 | /* Default private options block for the redirect router. */ | |
131 | ||
132 | redirect_router_options_block redirect_router_option_defaults = { | |
133 | NULL, /* directory_transport */ | |
134 | NULL, /* file_transport */ | |
135 | NULL, /* pipe_transport */ | |
136 | NULL, /* reply_transport */ | |
137 | NULL, /* data */ | |
138 | NULL, /* directory_transport_name */ | |
139 | NULL, /* file */ | |
140 | NULL, /* file_dir */ | |
141 | NULL, /* file_transport_name */ | |
142 | NULL, /* include_directory */ | |
143 | NULL, /* pipe_transport_name */ | |
144 | NULL, /* reply_transport_name */ | |
e4a89c47 PH |
145 | NULL, /* sieve_subaddress */ |
146 | NULL, /* sieve_useraddress */ | |
0756eb3c PH |
147 | NULL, /* sieve_vacation_directory */ |
148 | NULL, /* syntax_errors_text */ | |
149 | NULL, /* syntax_errors_to */ | |
150 | NULL, /* qualify_domain */ | |
151 | NULL, /* owners */ | |
152 | NULL, /* owngroups */ | |
8523533c TK |
153 | #ifdef EXPERIMENTAL_SRS |
154 | NULL, /* srs */ | |
155 | NULL, /* srs_condition */ | |
156 | NULL, /* srs_db */ | |
157 | NULL, /* srs_alias */ | |
158 | #endif | |
0756eb3c PH |
159 | 022, /* modemask */ |
160 | RDO_REWRITE, /* bit_options */ | |
161 | FALSE, /* check_ancestor */ | |
162 | TRUE_UNSET, /* check_owner */ | |
163 | TRUE_UNSET, /* check_group */ | |
164 | FALSE, /* forbid_file */ | |
165 | FALSE, /* forbid_filter_reply */ | |
166 | FALSE, /* forbid_pipe */ | |
167 | FALSE, /* hide_child_in_errmsg */ | |
168 | FALSE, /* one_time */ | |
169 | FALSE, /* qualify_preserve_domain */ | |
170 | FALSE /* skip_syntax_errors */ | |
171 | }; | |
172 | ||
173 | ||
174 | ||
175 | /************************************************* | |
176 | * Initialization entry point * | |
177 | *************************************************/ | |
178 | ||
179 | /* Called for each instance, after its options have been read, to enable | |
180 | consistency checks to be done, or anything else that needs to be set up. */ | |
181 | ||
182 | void redirect_router_init(router_instance *rblock) | |
183 | { | |
184 | redirect_router_options_block *ob = | |
185 | (redirect_router_options_block *)(rblock->options_block); | |
186 | ||
187 | /* Either file or data must be set, but not both */ | |
188 | ||
189 | if ((ob->file == NULL) == (ob->data == NULL)) | |
190 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
191 | "%sone of \"file\" or \"data\" must be specified", | |
192 | rblock->name, (ob->file == NULL)? "" : "only "); | |
193 | ||
7f45268c PH |
194 | /* Onetime aliases can only be real addresses. Headers can't be manipulated. |
195 | The combination of one_time and unseen is not allowed. We can't check the | |
196 | expansion of "unseen" here, but we assume that if it is set to anything other | |
197 | than false, there is likely to be a problem. */ | |
0756eb3c PH |
198 | |
199 | if (ob->one_time) | |
200 | { | |
201 | ob->forbid_pipe = ob->forbid_file = ob->forbid_filter_reply = TRUE; | |
202 | if (rblock->extra_headers != NULL || rblock->remove_headers != NULL) | |
203 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
204 | "\"headers_add\" and \"headers_remove\" are not permitted with " | |
205 | "\"one_time\"", rblock->name); | |
7f45268c PH |
206 | if (rblock->unseen || rblock->expand_unseen != NULL) |
207 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
208 | "\"unseen\" may not be used with \"one_time\"", rblock->name); | |
0756eb3c PH |
209 | } |
210 | ||
211 | /* The defaults for check_owner and check_group depend on other settings. The | |
212 | defaults are: Check the owner if check_local_user or owners is set; check the | |
213 | group if check_local_user is set without a restriction on the group write bit, | |
214 | or if owngroups is set. */ | |
215 | ||
216 | if (ob->check_owner == TRUE_UNSET) | |
217 | ob->check_owner = rblock->check_local_user || | |
218 | (ob->owners != NULL && ob->owners[0] != 0); | |
219 | ||
220 | if (ob->check_group == TRUE_UNSET) | |
221 | ob->check_group = (rblock->check_local_user && (ob->modemask & 020) == 0) || | |
222 | (ob->owngroups != NULL && ob->owngroups[0] != 0); | |
223 | ||
224 | /* If explicit qualify domain set, the preserve option is locked out */ | |
225 | ||
226 | if (ob->qualify_domain != NULL && ob->qualify_preserve_domain) | |
227 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
228 | "only one of \"qualify_domain\" or \"qualify_preserve_domain\" must be set", | |
229 | rblock->name); | |
230 | ||
231 | /* If allow_filter is set, either user or check_local_user must be set. */ | |
232 | ||
233 | if (!rblock->check_local_user && | |
234 | !rblock->uid_set && | |
235 | rblock->expand_uid == NULL && | |
236 | (ob->bit_options & RDO_FILTER) != 0) | |
237 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n " | |
238 | "\"user\" or \"check_local_user\" must be set with \"allow_filter\"", | |
239 | rblock->name); | |
240 | } | |
241 | ||
242 | ||
243 | ||
244 | /************************************************* | |
245 | * Get errors address and header mods * | |
246 | *************************************************/ | |
247 | ||
248 | /* This function is called when new addresses are generated, in order to | |
249 | sort out errors address and header modifications. We put the errors address | |
250 | into the parent address (even though it is never used from there because that | |
251 | address is never transported) so that it can be retrieved if any of the | |
252 | children gets routed by an "unseen" router. The clone of the child that is | |
253 | passed on must have the original errors_address value. | |
254 | ||
255 | Arguments: | |
256 | rblock the router control block | |
257 | addr the address being routed | |
258 | verify true if verifying | |
259 | addr_prop point to the propagated block, which is where the | |
260 | new values are to be placed | |
261 | ||
262 | Returns: the result of rf_get_errors_address() or rf_get_munge_headers(), | |
263 | which is either OK or DEFER | |
264 | */ | |
265 | ||
266 | static int | |
267 | sort_errors_and_headers(router_instance *rblock, address_item *addr, | |
268 | BOOL verify, address_item_propagated *addr_prop) | |
269 | { | |
270 | int frc = rf_get_errors_address(addr, rblock, verify, | |
271 | &(addr_prop->errors_address)); | |
272 | if (frc != OK) return frc; | |
273 | addr->p.errors_address = addr_prop->errors_address; | |
274 | return rf_get_munge_headers(addr, rblock, &(addr_prop->extra_headers), | |
275 | &(addr_prop->remove_headers)); | |
276 | } | |
277 | ||
278 | ||
279 | ||
280 | /************************************************* | |
281 | * Process a set of generated new addresses * | |
282 | *************************************************/ | |
283 | ||
284 | /* This function sets up a set of newly generated child addresses and puts them | |
285 | on the new address chain. Copy in the uid, gid and permission flags for use by | |
286 | pipes and files, set the parent, and "or" its af_ignore_error flag. Also record | |
287 | the setting for any starting router. | |
288 | ||
289 | If the generated address is the same as one of its ancestors, and the | |
290 | check_ancestor flag is set, do not use this generated address, but replace it | |
291 | with a copy of the input address. This is to cope with cases where A is aliased | |
292 | to B and B has a .forward file pointing to A, though it is usually set on the | |
293 | forwardfile rather than the aliasfile. We can't just pass on the old | |
294 | address by returning FAIL, because it must act as a general parent for | |
295 | generated addresses, and only get marked "done" when all its children are | |
296 | delivered. | |
297 | ||
298 | Arguments: | |
299 | rblock router block | |
300 | addr_new new address chain | |
301 | addr original address | |
302 | generated list of generated addresses | |
303 | addr_prop the propagated block, containing the errors_address, | |
304 | header modification stuff, and address_data | |
305 | ugidptr points to uid/gid data for files, pipes, autoreplies | |
306 | pw password entry, set if ob->check_local_user is TRUE | |
307 | ||
308 | Returns: nothing | |
309 | */ | |
310 | ||
311 | static void | |
312 | add_generated(router_instance *rblock, address_item **addr_new, | |
313 | address_item *addr, address_item *generated, | |
314 | address_item_propagated *addr_prop, ugid_block *ugidptr, struct passwd *pw) | |
315 | { | |
316 | redirect_router_options_block *ob = | |
317 | (redirect_router_options_block *)(rblock->options_block); | |
318 | ||
319 | while (generated != NULL) | |
320 | { | |
321 | address_item *parent; | |
322 | address_item *next = generated; | |
323 | uschar *errors_address = next->p.errors_address; | |
324 | ||
325 | generated = next->next; | |
326 | next->parent = addr; | |
327 | orflag(next, addr, af_ignore_error); | |
328 | next->start_router = rblock->redirect_router; | |
329 | addr->child_count++; | |
330 | ||
331 | next->next = *addr_new; | |
332 | *addr_new = next; | |
333 | ||
334 | /* Don't do the "one_time" thing for the first pass of a 2-stage queue run. */ | |
335 | ||
336 | if (ob->one_time && !queue_2stage) | |
337 | { | |
338 | for (parent = addr; parent->parent != NULL; parent = parent->parent); | |
339 | next->onetime_parent = parent->address; | |
340 | } | |
341 | ||
342 | if (ob->hide_child_in_errmsg) setflag(next, af_hide_child); | |
343 | ||
344 | /* If check_ancestor is set, we want to know if any ancestor of this address | |
345 | is the address we are about to generate. The check must be done caselessly | |
346 | unless the ancestor was routed by a case-sensitive router. */ | |
347 | ||
348 | if (ob->check_ancestor) | |
349 | { | |
350 | for (parent = addr; parent != NULL; parent = parent->parent) | |
351 | { | |
352 | if (((parent->router != NULL && parent->router->caseful_local_part)? | |
353 | Ustrcmp(next->address, parent->address) | |
354 | : | |
355 | strcmpic(next->address, parent->address) | |
356 | ) == 0) | |
357 | { | |
358 | DEBUG(D_route) debug_printf("generated parent replaced by child\n"); | |
359 | next->address = string_copy(addr->address); | |
360 | break; | |
361 | } | |
362 | } | |
363 | } | |
364 | ||
365 | /* A user filter may, under some circumstances, set up an errors address. | |
366 | If so, we must take care to re-instate it when we copy in the propagated | |
367 | data so that it overrides any errors_to setting on the router. */ | |
368 | ||
369 | next->p = *addr_prop; | |
370 | if (errors_address != NULL) next->p.errors_address = errors_address; | |
371 | ||
372 | /* For pipes, files, and autoreplies, record this router as handling them, | |
373 | because they don't go through the routing process again. Then set up uid, | |
374 | gid, home and current directories for transporting. */ | |
375 | ||
376 | if (testflag(next, af_pfr)) | |
377 | { | |
378 | next->router = rblock; | |
379 | rf_set_ugid(next, ugidptr); /* Will contain pw values if not overridden */ | |
380 | ||
381 | /* When getting the home directory out of the password information, wrap it | |
382 | in \N...\N to avoid expansion later. In Cygwin, home directories can | |
383 | contain $ characters. */ | |
384 | ||
385 | if (rblock->home_directory != NULL) | |
386 | next->home_dir = rblock->home_directory; | |
387 | else if (rblock->check_local_user) | |
388 | next->home_dir = string_sprintf("\\N%s\\N", pw->pw_dir); | |
389 | else if (rblock->router_home_directory != NULL && | |
390 | testflag(addr, af_home_expanded)) | |
391 | { | |
392 | next->home_dir = deliver_home; | |
393 | setflag(next, af_home_expanded); | |
394 | } | |
395 | ||
396 | next->current_dir = rblock->current_directory; | |
397 | ||
398 | /* Permission options */ | |
399 | ||
400 | if (!ob->forbid_pipe) setflag(next, af_allow_pipe); | |
401 | if (!ob->forbid_file) setflag(next, af_allow_file); | |
402 | if (!ob->forbid_filter_reply) setflag(next, af_allow_reply); | |
403 | ||
404 | /* If the transport setting fails, the error gets picked up at the outer | |
405 | level from the setting of basic_errno in the address. */ | |
406 | ||
407 | if (next->address[0] == '|') | |
408 | { | |
409 | address_pipe = next->address; | |
410 | if (rf_get_transport(ob->pipe_transport_name, &(ob->pipe_transport), | |
411 | next, rblock->name, US"pipe_transport")) | |
412 | next->transport = ob->pipe_transport; | |
413 | address_pipe = NULL; | |
414 | } | |
415 | else if (next->address[0] == '>') | |
416 | { | |
417 | if (rf_get_transport(ob->reply_transport_name, &(ob->reply_transport), | |
418 | next, rblock->name, US"reply_transport")) | |
419 | next->transport = ob->reply_transport; | |
420 | } | |
421 | else /* must be file or directory */ | |
422 | { | |
423 | int len = Ustrlen(next->address); | |
424 | address_file = next->address; | |
425 | if (next->address[len-1] == '/') | |
426 | { | |
427 | if (rf_get_transport(ob->directory_transport_name, | |
428 | &(ob->directory_transport), next, rblock->name, | |
429 | US"directory_transport")) | |
430 | next->transport = ob->directory_transport; | |
431 | } | |
432 | else | |
433 | { | |
434 | if (rf_get_transport(ob->file_transport_name, &(ob->file_transport), | |
435 | next, rblock->name, US"file_transport")) | |
436 | next->transport = ob->file_transport; | |
437 | } | |
438 | address_file = NULL; | |
439 | } | |
440 | } | |
441 | ||
442 | DEBUG(D_route) | |
443 | { | |
444 | debug_printf("%s router generated %s\n %serrors_to=%s transport=%s\n", | |
445 | rblock->name, | |
446 | next->address, | |
447 | testflag(next, af_pfr)? "pipe, file, or autoreply\n " : "", | |
448 | next->p.errors_address, | |
449 | (next->transport == NULL)? US"NULL" : next->transport->name); | |
450 | ||
451 | if (testflag(next, af_uid_set)) | |
452 | debug_printf(" uid=%ld ", (long int)(next->uid)); | |
453 | else | |
454 | debug_printf(" uid=unset "); | |
455 | ||
456 | if (testflag(next, af_gid_set)) | |
457 | debug_printf("gid=%ld ", (long int)(next->gid)); | |
458 | else | |
459 | debug_printf("gid=unset "); | |
460 | ||
461 | debug_printf("home=%s\n", next->home_dir); | |
462 | } | |
463 | } | |
464 | } | |
465 | ||
466 | ||
467 | /************************************************* | |
468 | * Main entry point * | |
469 | *************************************************/ | |
470 | ||
471 | /* See local README for interface description. This router returns: | |
472 | ||
473 | DECLINE | |
474 | . empty address list, or filter did nothing significant | |
475 | ||
476 | DEFER | |
477 | . verifying the errors address caused a deferment or a big disaster such | |
478 | as an expansion failure (rf_get_errors_address) | |
479 | . expanding a headers_{add,remove} string caused a deferment or another | |
480 | expansion error (rf_get_munge_headers) | |
481 | . :defer: or "freeze" in a filter | |
482 | . error in address list or filter | |
483 | . skipped syntax errors, but failed to send the message | |
484 | ||
485 | DISCARD | |
486 | . address was :blackhole:d or "seen finish"ed | |
487 | ||
488 | FAIL | |
489 | . :fail: | |
490 | ||
491 | OK | |
492 | . new addresses added to addr_new | |
493 | */ | |
494 | ||
495 | int redirect_router_entry( | |
496 | router_instance *rblock, /* data for this instantiation */ | |
497 | address_item *addr, /* address we are working on */ | |
498 | struct passwd *pw, /* passwd entry after check_local_user */ | |
499 | BOOL verify, /* TRUE when verifying */ | |
500 | address_item **addr_local, /* add it to this if it's local */ | |
501 | address_item **addr_remote, /* add it to this if it's remote */ | |
502 | address_item **addr_new, /* put new addresses on here */ | |
503 | address_item **addr_succeed) /* put old address here on success */ | |
504 | { | |
505 | redirect_router_options_block *ob = | |
506 | (redirect_router_options_block *)(rblock->options_block); | |
507 | address_item *generated = NULL; | |
508 | uschar *save_qualify_domain_recipient = qualify_domain_recipient; | |
509 | uschar *discarded = US"discarded"; | |
510 | address_item_propagated addr_prop; | |
511 | error_block *eblock = NULL; | |
512 | ugid_block ugid; | |
513 | redirect_block redirect; | |
514 | int filtertype = FILTER_UNSET; | |
515 | int yield = OK; | |
516 | int options = ob->bit_options; | |
517 | int frc = 0; | |
518 | int xrc = 0; | |
519 | ||
520 | addr_local = addr_local; /* Keep picky compilers happy */ | |
521 | addr_remote = addr_remote; | |
522 | ||
523 | /* Initialize the data to be propagated to the children */ | |
524 | ||
525 | addr_prop.address_data = deliver_address_data; | |
526 | addr_prop.domain_data = deliver_domain_data; | |
527 | addr_prop.localpart_data = deliver_localpart_data; | |
528 | addr_prop.errors_address = NULL; | |
529 | addr_prop.extra_headers = NULL; | |
530 | addr_prop.remove_headers = NULL; | |
531 | ||
532 | /* When verifying and testing addresses, the "logwrite" command in filters | |
533 | must be bypassed. */ | |
534 | ||
535 | if (!verify && !address_test_mode) options |= RDO_REALLOG; | |
536 | ||
537 | /* Sort out the fixed or dynamic uid/gid. This uid is used (a) for reading the | |
538 | file (and interpreting a filter) and (b) for running the transports for | |
539 | generated file and pipe addresses. It is not (necessarily) the same as the uids | |
540 | that may own the file. Exim panics if an expanded string is not a number and | |
541 | can't be found in the password file. Other errors set the freezing bit. */ | |
542 | ||
543 | if (!rf_get_ugid(rblock, addr, &ugid)) return DEFER; | |
544 | ||
545 | if (!ugid.uid_set && pw != NULL) | |
546 | { | |
547 | ugid.uid = pw->pw_uid; | |
548 | ugid.uid_set = TRUE; | |
549 | } | |
550 | ||
551 | if (!ugid.gid_set && pw != NULL) | |
552 | { | |
553 | ugid.gid = pw->pw_gid; | |
554 | ugid.gid_set = TRUE; | |
555 | } | |
556 | ||
8523533c TK |
557 | #ifdef EXPERIMENTAL_SRS |
558 | /* For reverse SRS, fill the srs_recipient expandsion variable, | |
559 | on failure, return decline/fail as relevant */ | |
560 | if(ob->srs != NULL) | |
561 | { | |
562 | BOOL usesrs = TRUE; | |
8e669ac1 | 563 | |
8523533c TK |
564 | if(ob->srs_condition != NULL) |
565 | usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL); | |
8e669ac1 | 566 | |
8523533c TK |
567 | if(usesrs) |
568 | if(Ustrcmp(ob->srs, "reverse") == 0 || Ustrcmp(ob->srs, "reverseandforward") == 0) | |
569 | { | |
570 | uschar *res; | |
571 | int n_srs; | |
8e669ac1 | 572 | |
8523533c TK |
573 | srs_orig_recipient = addr->address; |
574 | eximsrs_init(); | |
575 | if(ob->srs_db) | |
576 | eximsrs_db_set(TRUE, ob->srs_db); | |
577 | if((n_srs = eximsrs_reverse(&res, addr->address)) != OK) | |
578 | return n_srs; | |
579 | srs_recipient = res; | |
580 | eximsrs_done(); | |
581 | DEBUG(D_any) | |
c988f1f4 | 582 | debug_printf("SRS: Recipient '%s' rewritten to '%s'\n", srs_orig_recipient, srs_recipient); |
8523533c TK |
583 | } |
584 | } | |
585 | #endif | |
586 | ||
0756eb3c PH |
587 | /* Call the function that interprets redirection data, either inline or from a |
588 | file. This is a separate function so that the system filter can use it. It will | |
589 | run the function in a subprocess if necessary. If qualify_preserve_domain is | |
590 | set, temporarily reset qualify_domain_recipient to the current domain so that | |
591 | any unqualified addresses get qualified with the same domain as the incoming | |
592 | address. Otherwise, if a local qualify_domain is provided, set that up. */ | |
593 | ||
594 | if (ob->qualify_preserve_domain) | |
595 | qualify_domain_recipient = addr->domain; | |
596 | else if (ob->qualify_domain != NULL) | |
597 | { | |
598 | uschar *new_qdr = rf_expand_data(addr, ob->qualify_domain, &xrc); | |
599 | if (new_qdr == NULL) return xrc; | |
600 | qualify_domain_recipient = new_qdr; | |
601 | } | |
602 | ||
603 | redirect.owners = ob->owners; | |
604 | redirect.owngroups = ob->owngroups; | |
605 | redirect.modemask = ob->modemask; | |
606 | redirect.check_owner = ob->check_owner; | |
607 | redirect.check_group = ob->check_group; | |
608 | redirect.pw = pw; | |
609 | ||
610 | if (ob->file != NULL) | |
611 | { | |
612 | redirect.string = ob->file; | |
613 | redirect.isfile = TRUE; | |
614 | } | |
615 | else | |
616 | { | |
617 | redirect.string = ob->data; | |
618 | redirect.isfile = FALSE; | |
619 | } | |
620 | ||
621 | frc = rda_interpret(&redirect, options, ob->include_directory, | |
e4a89c47 PH |
622 | ob->sieve_vacation_directory, ob->sieve_useraddress, ob->sieve_subaddress, |
623 | &ugid, &generated, &(addr->message), ob->skip_syntax_errors? &eblock : NULL, | |
624 | &filtertype, string_sprintf("%s router (recipient is %s)", rblock->name, | |
625 | addr->address)); | |
0756eb3c PH |
626 | |
627 | qualify_domain_recipient = save_qualify_domain_recipient; | |
628 | ||
629 | /* Handle exceptional returns from filtering or processing an address list. | |
630 | For FAIL and FREEZE we honour any previously set up deliveries by a filter. */ | |
631 | ||
632 | switch (frc) | |
633 | { | |
634 | case FF_NONEXIST: | |
635 | addr->message = addr->user_message = NULL; | |
636 | return DECLINE; | |
637 | ||
638 | case FF_BLACKHOLE: | |
639 | DEBUG(D_route) debug_printf("address :blackhole:d\n"); | |
640 | generated = NULL; | |
641 | discarded = US":blackhole:"; | |
642 | frc = FF_DELIVERED; | |
643 | break; | |
644 | ||
645 | /* FF_DEFER and FF_FAIL can arise only as a result of explicit commands | |
646 | (:fail: in an alias file or "fail" in a filter). If a configured message was | |
647 | supplied, allow it to be included in an SMTP response after verifying. */ | |
648 | ||
649 | case FF_DEFER: | |
650 | if (addr->message == NULL) addr->message = US"forced defer"; | |
651 | else addr->user_message = addr->message; | |
652 | return DEFER; | |
653 | ||
654 | case FF_FAIL: | |
655 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) | |
656 | return xrc; | |
657 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
658 | if (addr->message == NULL) addr->message = US"forced rejection"; | |
659 | else addr->user_message = addr->message; | |
660 | return FAIL; | |
661 | ||
662 | /* As in the case of a system filter, a freeze does not happen after a manual | |
663 | thaw. In case deliveries were set up by the filter, we set the child count | |
664 | high so that their completion does not mark the original address done. */ | |
665 | ||
666 | case FF_FREEZE: | |
667 | if (!deliver_manual_thaw) | |
668 | { | |
669 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) | |
670 | != OK) return xrc; | |
671 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
672 | if (addr->message == NULL) addr->message = US"frozen by filter"; | |
673 | addr->special_action = SPECIAL_FREEZE; | |
674 | addr->child_count = 9999; | |
675 | return DEFER; | |
676 | } | |
677 | frc = FF_NOTDELIVERED; | |
678 | break; | |
679 | ||
680 | /* Handle syntax errors and :include: failures and lookup defers */ | |
681 | ||
682 | case FF_ERROR: | |
683 | case FF_INCLUDEFAIL: | |
684 | ||
685 | /* If filtertype is still FILTER_UNSET, it means that the redirection data | |
686 | was never inspected, so the error was an expansion failure or failure to open | |
687 | the file, or whatever. In these cases, the existing error message is probably | |
688 | sufficient. */ | |
689 | ||
690 | if (filtertype == FILTER_UNSET) return DEFER; | |
691 | ||
692 | /* If it was a filter and skip_syntax_errors is set, we want to set up | |
693 | the error message so that it can be logged and mailed to somebody. */ | |
694 | ||
695 | if (filtertype != FILTER_FORWARD && ob->skip_syntax_errors) | |
696 | { | |
697 | eblock = store_get(sizeof(error_block)); | |
698 | eblock->next = NULL; | |
699 | eblock->text1 = addr->message; | |
700 | eblock->text2 = NULL; | |
701 | addr->message = addr->user_message = NULL; | |
702 | } | |
703 | ||
704 | /* Otherwise set up the error for the address and defer. */ | |
705 | ||
706 | else | |
707 | { | |
708 | addr->basic_errno = ERRNO_BADREDIRECT; | |
709 | addr->message = string_sprintf("error in %s %s: %s", | |
710 | (filtertype != FILTER_FORWARD)? "filter" : "redirect", | |
711 | (ob->data == NULL)? "file" : "data", | |
712 | addr->message); | |
713 | return DEFER; | |
714 | } | |
715 | } | |
716 | ||
717 | ||
718 | /* Yield is either FF_DELIVERED (significant action) or FF_NOTDELIVERED (no | |
719 | significant action). Before dealing with these, however, we must handle the | |
720 | effect of skip_syntax_errors. | |
721 | ||
722 | If skip_syntax_errors was set and there were syntax errors in an address list, | |
723 | error messages will be present in eblock. Log them and send a message if so | |
724 | configured. We cannot do this earlier, because the error message must not be | |
725 | sent as the local user. If there were no valid addresses, generated will be | |
726 | NULL. In this case, the router declines. | |
727 | ||
728 | For a filter file, the error message has been fudged into an eblock. After | |
729 | dealing with it, the router declines. */ | |
730 | ||
731 | if (eblock != NULL) | |
732 | { | |
733 | if (!moan_skipped_syntax_errors( | |
734 | rblock->name, /* For message content */ | |
735 | eblock, /* Ditto */ | |
736 | (verify || address_test_mode)? | |
737 | NULL : ob->syntax_errors_to, /* Who to mail */ | |
738 | generated != NULL, /* True if not all failed */ | |
739 | ob->syntax_errors_text)) /* Custom message */ | |
740 | return DEFER; | |
741 | ||
742 | if (filtertype != FILTER_FORWARD || generated == NULL) | |
743 | { | |
744 | addr->message = US"syntax error in redirection data"; | |
745 | return DECLINE; | |
746 | } | |
747 | } | |
748 | ||
749 | /* Sort out the errors address and any header modifications, and handle the | |
750 | generated addresses, if any. If there are no generated addresses, we must avoid | |
751 | calling sort_errors_and_headers() in case this router declines - that function | |
752 | may modify the errors_address field in the current address, and we don't want | |
753 | to do that for a decline. */ | |
754 | ||
755 | if (generated != NULL) | |
756 | { | |
757 | if ((xrc = sort_errors_and_headers(rblock, addr, verify, &addr_prop)) != OK) | |
758 | return xrc; | |
759 | add_generated(rblock, addr_new, addr, generated, &addr_prop, &ugid, pw); | |
760 | } | |
761 | ||
762 | /* FF_DELIVERED with no generated addresses is what we get when an address list | |
763 | contains :blackhole: or a filter contains "seen finish" without having | |
764 | generated anything. Log what happened to this address, and return DISCARD. */ | |
765 | ||
766 | if (frc == FF_DELIVERED) | |
767 | { | |
768 | if (generated == NULL && !verify && !address_test_mode) | |
769 | { | |
770 | log_write(0, LOG_MAIN, "=> %s <%s> R=%s", discarded, addr->address, | |
771 | rblock->name); | |
772 | yield = DISCARD; | |
773 | } | |
774 | } | |
775 | ||
776 | /* For an address list, FF_NOTDELIVERED always means that no addresses were | |
777 | generated. For a filter, addresses may or may not have been generated. If none | |
778 | were, it's the same as an empty address list, and the router declines. However, | |
779 | if addresses were generated, we can't just decline because successful delivery | |
780 | of the base address gets it marked "done", so deferred generated addresses | |
781 | never get tried again. We have to generate a new version of the base address, | |
782 | as if there were a "deliver" command in the filter file, with the original | |
783 | address as parent. */ | |
784 | ||
785 | else | |
786 | { | |
787 | address_item *next; | |
788 | ||
789 | if (generated == NULL) return DECLINE; | |
790 | ||
791 | next = deliver_make_addr(addr->address, FALSE); | |
792 | next->parent = addr; | |
793 | addr->child_count++; | |
794 | next->next = *addr_new; | |
795 | *addr_new = next; | |
796 | ||
797 | /* Copy relevant flags (af_propagate is a name for the set), and set the | |
798 | data that propagates. */ | |
799 | ||
800 | copyflag(next, addr, af_propagate); | |
801 | next->p = addr_prop; | |
802 | ||
803 | DEBUG(D_route) debug_printf("%s router autogenerated %s\n%s%s%s", | |
804 | rblock->name, | |
805 | next->address, | |
806 | (addr_prop.errors_address != NULL)? " errors to " : "", | |
807 | (addr_prop.errors_address != NULL)? addr_prop.errors_address : US"", | |
808 | (addr_prop.errors_address != NULL)? "\n" : ""); | |
809 | } | |
810 | ||
8523533c TK |
811 | #ifdef EXPERIMENTAL_SRS |
812 | /* On successful redirection, check for SRS forwarding and adjust sender */ | |
813 | if(ob->srs != NULL) | |
814 | { | |
815 | BOOL usesrs = TRUE; | |
8e669ac1 | 816 | |
8523533c TK |
817 | if(ob->srs_condition != NULL) |
818 | usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL); | |
8e669ac1 | 819 | |
8523533c TK |
820 | if(usesrs) |
821 | if((Ustrcmp(ob->srs, "forward") == 0 || Ustrcmp(ob->srs, "reverseandforward") == 0) && !verify) | |
822 | { | |
823 | uschar *res; | |
824 | uschar *usedomain; | |
825 | int n_srs; | |
8e669ac1 | 826 | |
8523533c TK |
827 | srs_orig_sender = sender_address; |
828 | eximsrs_init(); | |
829 | if(ob->srs_db) | |
830 | eximsrs_db_set(FALSE, ob->srs_db); | |
831 | ||
832 | if(ob->srs_alias != NULL ? (usedomain = expand_string(ob->srs_alias)) == NULL : 1) | |
833 | usedomain = deliver_domain; | |
8e669ac1 | 834 | |
8523533c TK |
835 | if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) != OK) |
836 | return n_srs; | |
837 | sender_address = res; | |
838 | DEBUG(D_any) | |
839 | debug_printf("SRS: Sender '%s' rewritten to '%s'\n", srs_orig_sender, sender_address); | |
840 | } | |
841 | } | |
842 | #endif | |
843 | ||
0756eb3c PH |
844 | /* Control gets here only when the address has been completely handled. Put the |
845 | original address onto the succeed queue so that any retry items that get | |
846 | attached to it get processed. */ | |
847 | ||
848 | addr->next = *addr_succeed; | |
849 | *addr_succeed = addr; | |
850 | ||
851 | return yield; | |
852 | } | |
853 | ||
854 | /* End of routers/redirect.c */ |