projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update to pre-4.87 master
[exim.git] / src / src / spool_in.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
bfe645c1 5/* Copyright (c) University of Cambridge 1995 - 2015 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Functions for reading spool files. When compiling for a utility (eximon),
9not all are needed, and some functionality can be cut out. */
10
11
12#include "exim.h"
13
14
15
16#ifndef COMPILE_UTILITY
17/*************************************************
18* Open and lock data file *
19*************************************************/
20
21/* The data file is the one that is used for locking, because the header file
22can get replaced during delivery because of header rewriting. The file has
23to opened with write access so that we can get an exclusive lock, but in
24fact it won't be written to. Just in case there's a major disaster (e.g.
25overwriting some other file descriptor with the value of this one), open it
26with append.
27
28Argument: the id of the message
29Returns: TRUE if file successfully opened and locked
30
31Side effect: deliver_datafile is set to the fd of the open file.
32*/
33
34BOOL
35spool_open_datafile(uschar *id)
36{
37int i;
38struct stat statbuf;
39flock_t lock_data;
40uschar spoolname[256];
41
42/* If split_spool_directory is set, first look for the file in the appropriate
43sub-directory of the input directory. If it is not found there, try the input
44directory itself, to pick up leftovers from before the splitting. If split_
45spool_directory is not set, first look in the main input directory. If it is
46not found there, try the split sub-directory, in case it is left over from a
47splitting state. */
48
49for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69/* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70the file. We lock only the first line of the file (containing the message ID)
71because this apparently is needed for running Exim under Cygwin. If the entire
72file is locked in one process, a sub-process cannot access it, even when passed
73an open file descriptor (at least, I think that's the Cygwin story). On real
74Unix systems it doesn't make any difference as long as Exim is consistent in
75what it locks. */
76
ff790e47 77(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
059ec3d9
PH		 78 FD_CLOEXEC);
79
80lock_data.l_type = F_WRLCK;
81lock_data.l_whence = SEEK_SET;
82lock_data.l_start = 0;
83lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
f1e894f3 90 (void)close(deliver_datafile);
059ec3d9
PH		 91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96/* Get the size of the data; don't include the leading filename line
97in the count, but add one for the newline before the data. */
98
99if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105return TRUE;
106}
107#endif /* COMPILE_UTILITY */
108
109
110
111/*************************************************
112* Read non-recipients tree from spool file *
113*************************************************/
114
115/* The tree of non-recipients is written to the spool file in a form that
116makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123This function is entered with the next input line in the buffer. Note we must
124save the right flag before recursing with the same buffer.
125
126Once the tree is read, we re-construct the balance fields by scanning the tree.
127I forgot to write them out originally, and the compatible fix is to do it this
128way. This initial local recursing function does the necessary.
129
130Arguments:
131 node tree node
132
133Returns: maximum depth below the node, including the node itself
134*/
135
136static int
137count_below(tree_node *node)
138{
139int nleft, nright;
140if (node == NULL) return 0;
141nleft = count_below(node->left);
142nright = count_below(node->right);
143node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144return 1 + ((nleft > nright)? nleft : nright);
145}
146
147/* This is the real function...
148
149Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155Returns: FALSE on format error
156*/
157
158static BOOL
159read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161{
162tree_node *node;
163int n = Ustrlen(buffer);
164BOOL right = buffer[1] == 'Y';
165
166if (n < 5) return FALSE; /* malformed line */
167buffer[n-1] = 0; /* Remove \n */
168node = store_get(sizeof(tree_node) + n - 3);
169*connect = node;
170Ustrcpy(node->name, buffer + 3);
171node->data.ptr = NULL;
172
173if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179else node->left = NULL;
180
181if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187else node->right = NULL;
188
189(void) count_below(*connect);
190return TRUE;
191}
192
193
194
195
196/*************************************************
197* Read spool header file *
198*************************************************/
199
200/* This function reads a spool header file and places the data into the
201appropriate global variables. The header portion is always read, but header
202structures are built only if read_headers is set true. It isn't, for example,
203while generating -bp output.
204
205It may be possible for blocks of nulls (binary zeroes) to get written on the
206end of a file if there is a system crash during writing. It was observed on an
207earlier version of Exim that omitted to fsync() the files - this is thought to
208have been the cause of that incident, but in any case, this code must be robust
209against such an event, and if such a file is encountered, it must be treated as
210malformed.
211
212Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221*/
222
223int
224spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225{
226FILE *f = NULL;
227int n;
228int rcount = 0;
229long int uid, gid;
230BOOL inheader = FALSE;
1e70f85b 231uschar *p;
059ec3d9
PH		 232
233/* Reset all the global variables to their default values. However, there is
234one exception. DO NOT change the default value of dont_deliver, because it may
235be forced by an external setting. */
236
38a0a95f 237acl_var_c = acl_var_m = NULL;
059ec3d9
PH		 238authenticated_id = NULL;
239authenticated_sender = NULL;
240allow_unqualified_recipient = FALSE;
241allow_unqualified_sender = FALSE;
242body_linecount = 0;
243body_zerocount = 0;
244deliver_firsttime = FALSE;
245deliver_freeze = FALSE;
246deliver_frozen_at = 0;
247deliver_manual_thaw = FALSE;
248/* dont_deliver must NOT be reset */
249header_list = header_last = NULL;
b08b24c8 250host_lookup_deferred = FALSE;
059ec3d9
PH		 251host_lookup_failed = FALSE;
252interface_address = NULL;
253interface_port = 0;
254local_error_message = FALSE;
255local_scan_data = NULL;
d677b2f2 256max_received_linelength = 0;
059ec3d9
PH		 257message_linecount = 0;
258received_protocol = NULL;
259received_count = 0;
260recipients_list = NULL;
261sender_address = NULL;
262sender_fullhost = NULL;
263sender_helo_name = NULL;
264sender_host_address = NULL;
265sender_host_name = NULL;
266sender_host_port = 0;
267sender_host_authenticated = NULL;
268sender_ident = NULL;
269sender_local = FALSE;
270sender_set_untrusted = FALSE;
1f5b4c3d 271smtp_active_hostname = primary_hostname;
059ec3d9
PH		 272tree_nonrecipients = NULL;
273
8523533c
TK		 274#ifdef EXPERIMENTAL_BRIGHTMAIL
275bmi_run = 0;
276bmi_verdicts = NULL;
277#endif
278
80a47a2c 279#ifndef DISABLE_DKIM
9e5d6b55 280dkim_signers = NULL;
80a47a2c
TK		 281dkim_disable_verify = FALSE;
282dkim_collect_input = FALSE;
f7572e5a
TK		 283#endif
284
059ec3d9 285#ifdef SUPPORT_TLS
817d9f57 286tls_in.certificate_verified = FALSE;
53a7196b
JH		 287# ifdef EXPERIMENTAL_DANE
288tls_in.dane_verified = FALSE;
289# endif
817d9f57 290tls_in.cipher = NULL;
bfe645c1
JH		 291# ifndef COMPILE_UTILITY /* tls support fns not built in */
292tls_free_cert(&tls_in.ourcert);
293tls_free_cert(&tls_in.peercert);
294# endif
817d9f57
JH		 295tls_in.peerdn = NULL;
296tls_in.sni = NULL;
44662487 297tls_in.ocsp = OCSP_NOT_REQ;
7be682ca 298#endif
059ec3d9 299
8523533c 300#ifdef WITH_CONTENT_SCAN
bfe645c1
JH		 301spam_bar = NULL;
302spam_score = NULL;
8523533c
TK		 303spam_score_int = NULL;
304#endif
305
bfe645c1
JH		 306#if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
307message_smtputf8 = FALSE;
308message_utf8_downconvert = 0;
309#endif
310
6c1c3d1d
WB		 311dsn_ret = 0;
312dsn_envid = NULL;
6c1c3d1d 313
059ec3d9
PH		 314/* Generate the full name and open the file. If message_subdir is already
315set, just look in the given directory. Otherwise, look in both the split
316and unsplit directories, as for the data file above. */
317
318for (n = 0; n < 2; n++)
319 {
320 if (!subdir_set)
321 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
322 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
323 name);
324 f = Ufopen(big_buffer, "rb");
325 if (f != NULL) break;
326 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
327 }
328
329errno = 0;
330
331#ifndef COMPILE_UTILITY
332DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
333#endif /* COMPILE_UTILITY */
334
335/* The first line of a spool file contains the message id followed by -H (i.e.
336the file name), in order to make the file self-identifying. */
337
338if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
339if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
340 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
341 goto SPOOL_FORMAT_ERROR;
342
343/* The next three lines in the header file are in a fixed format. The first
344contains the login, uid, and gid of the user who caused the file to be written.
ebb6e6d5
PH		 345There are known cases where a negative gid is used, so we allow for both
346negative uids and gids. The second contains the mail address of the message's
347sender, enclosed in <>. The third contains the time the message was received,
348and the number of warning messages for delivery delays that have been sent. */
059ec3d9
PH		 349
350if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
351
1e70f85b
PH		 352p = big_buffer + Ustrlen(big_buffer);
353while (p > big_buffer && isspace(p[-1])) p--;
354*p = 0;
355if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
ebb6e6d5 356while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
1e70f85b
PH		 357gid = Uatoi(p);
358if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
359*p = 0;
360if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
ebb6e6d5 361while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
1e70f85b
PH		 362uid = Uatoi(p);
363if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
364*p = 0;
8e669ac1 365
1e70f85b 366originator_login = string_copy(big_buffer);
059ec3d9
PH		 367originator_uid = (uid_t)uid;
368originator_gid = (gid_t)gid;
369
e91ad4a7 370/* envelope from */
059ec3d9
PH		 371if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
372n = Ustrlen(big_buffer);
373if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
374 goto SPOOL_FORMAT_ERROR;
375
376sender_address = store_get(n-2);
377Ustrncpy(sender_address, big_buffer+1, n-3);
378sender_address[n-3] = 0;
379
e91ad4a7 380/* time */
059ec3d9
PH		 381if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
382if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
383 goto SPOOL_FORMAT_ERROR;
384
385message_age = time(NULL) - received_time;
386
387#ifndef COMPILE_UTILITY
388DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
389 originator_login, (long int)originator_uid, (long int)originator_gid,
390 sender_address);
391#endif /* COMPILE_UTILITY */
392
08955dd3
PH		 393/* Now there may be a number of optional lines, each starting with "-". If you
394add a new setting here, make sure you set the default above.
059ec3d9 395
08955dd3
PH		 396Because there are now quite a number of different possibilities, we use a
397switch on the first character to avoid too many failing tests. Thanks to Nico
398Erfurth for the patch that implemented this. I have made it even more efficient
399by not re-scanning the first two characters.
400
401To allow new versions of Exim that add additional flags to interwork with older
402versions that do not understand them, just ignore any lines starting with "-"
403that we don't recognize. Otherwise it wouldn't be possible to back off a new
404version that left new-style flags written on the spool. */
405
406p = big_buffer + 2;
059ec3d9
PH		 407for (;;)
408 {
e91ad4a7 409 int len;
059ec3d9
PH		 410 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
411 if (big_buffer[0] != '-') break;
e91ad4a7
JH		 412 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
413 && big_buffer[len-1] != '\n'
414 )
415 { /* buffer not big enough for line; certs make this possible */
416 uschar * buf;
417 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
418 buf = store_get_perm(big_buffer_size *= 2);
419 memcpy(buf, big_buffer, --len);
420 big_buffer = buf;
421 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
422 goto SPOOL_READ_ERROR;
423 }
424 big_buffer[len-1] = 0;
47ca6d6c 425
08955dd3 426 switch(big_buffer[1])
059ec3d9 427 {
08955dd3
PH		 428 case 'a':
429
430 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
431 variable, because Exim allows any number of them, with arbitrary names.
432 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
433 the c or m. */
434
435 if (Ustrncmp(p, "clc ", 4) == 0 ||
436 Ustrncmp(p, "clm ", 4) == 0)
437 {
438 uschar *name, *endptr;
439 int count;
440 tree_node *node;
441 endptr = Ustrchr(big_buffer + 6, ' ');
442 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
443 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
444 big_buffer + 6);
445 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
446 node = acl_var_create(name);
447 node->data.ptr = store_get(count + 1);
448 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
449 ((uschar*)node->data.ptr)[count] = 0;
450 }
451
452 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
453 allow_unqualified_recipient = TRUE;
454 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
455 allow_unqualified_sender = TRUE;
456
457 else if (Ustrncmp(p, "uth_id", 6) == 0)
458 authenticated_id = string_copy(big_buffer + 9);
459 else if (Ustrncmp(p, "uth_sender", 10) == 0)
460 authenticated_sender = string_copy(big_buffer + 13);
461 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
462 smtp_active_hostname = string_copy(big_buffer + 17);
463
464 /* For long-term backward compatibility, we recognize "-acl", which was
465 used before the number of ACL variables changed from 10 to 20. This was
466 before the subsequent change to an arbitrary number of named variables.
467 This code is retained so that upgrades from very old versions can still
468 handle old-format spool files. The value given after "-acl" is a number
469 that is 0-9 for connection variables, and 10-19 for message variables. */
470
471 else if (Ustrncmp(p, "cl ", 3) == 0)
472 {
473 int index, count;
8dce1a6f 474 uschar name[20]; /* Need plenty of space for %d format */
08955dd3
PH		 475 tree_node *node;
476 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
477 goto SPOOL_FORMAT_ERROR;
8dce1a6f
PH		 478 if (index < 10)
479 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
480 else if (index < 20) /* ignore out-of-range index */
481 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
08955dd3
PH		 482 node = acl_var_create(name);
483 node->data.ptr = store_get(count + 1);
484 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
485 ((uschar*)node->data.ptr)[count] = 0;
486 }
487 break;
488
489 case 'b':
490 if (Ustrncmp(p, "ody_linecount", 13) == 0)
491 body_linecount = Uatoi(big_buffer + 15);
492 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
493 body_zerocount = Uatoi(big_buffer + 15);
e91ad4a7 494#ifdef EXPERIMENTAL_BRIGHTMAIL
08955dd3
PH		 495 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
496 bmi_verdicts = string_copy(big_buffer + 14);
e91ad4a7 497#endif
08955dd3
PH		 498 break;
499
500 case 'd':
501 if (Ustrcmp(p, "eliver_firsttime") == 0)
502 deliver_firsttime = TRUE;
6c1c3d1d
WB		 503 /* Check if the dsn flags have been set in the header file */
504 else if (Ustrncmp(p, "sn_ret", 6) == 0)
45500060 505 dsn_ret= atoi(CS big_buffer + 8);
6c1c3d1d 506 else if (Ustrncmp(p, "sn_envid", 8) == 0)
6c1c3d1d 507 dsn_envid = string_copy(big_buffer + 11);
08955dd3
PH		 508 break;
509
510 case 'f':
511 if (Ustrncmp(p, "rozen", 5) == 0)
512 {
513 deliver_freeze = TRUE;
85098ee7 514 sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
08955dd3
PH		 515 }
516 break;
517
518 case 'h':
519 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
520 host_lookup_deferred = TRUE;
521 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
522 host_lookup_failed = TRUE;
523 else if (Ustrncmp(p, "ost_auth", 8) == 0)
524 sender_host_authenticated = string_copy(big_buffer + 11);
525 else if (Ustrncmp(p, "ost_name", 8) == 0)
526 sender_host_name = string_copy(big_buffer + 11);
527 else if (Ustrncmp(p, "elo_name", 8) == 0)
528 sender_helo_name = string_copy(big_buffer + 11);
529
530 /* We now record the port number after the address, separated by a
531 dot. For compatibility during upgrading, do nothing if there
532 isn't a value (it gets left at zero). */
533
534 else if (Ustrncmp(p, "ost_address", 11) == 0)
535 {
536 sender_host_port = host_address_extract_port(big_buffer + 14);
537 sender_host_address = string_copy(big_buffer + 14);
538 }
539 break;
540
541 case 'i':
542 if (Ustrncmp(p, "nterface_address", 16) == 0)
543 {
544 interface_port = host_address_extract_port(big_buffer + 19);
545 interface_address = string_copy(big_buffer + 19);
546 }
547 else if (Ustrncmp(p, "dent", 4) == 0)
548 sender_ident = string_copy(big_buffer + 7);
549 break;
550
551 case 'l':
552 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
553 else if (Ustrcmp(big_buffer, "-localerror") == 0)
554 local_error_message = TRUE;
555 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
556 local_scan_data = string_copy(big_buffer + 12);
557 break;
558
559 case 'm':
560 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
d677b2f2
PH		 561 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
562 max_received_linelength = Uatoi(big_buffer + 24);
08955dd3
PH		 563 break;
564
565 case 'N':
566 if (*p == 0) dont_deliver = TRUE; /* -N */
567 break;
568
569 case 'r':
570 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
571 received_protocol = string_copy(big_buffer + 19);
572 break;
573
574 case 's':
575 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
576 sender_set_untrusted = TRUE;
e91ad4a7 577#ifdef WITH_CONTENT_SCAN
bfe645c1
JH		 578 else if (Ustrncmp(p, "pam_bar ", 8) == 0)
579 spam_bar = string_copy(big_buffer + 10);
580 else if (Ustrncmp(p, "pam_score ", 10) == 0)
581 spam_score = string_copy(big_buffer + 12);
08955dd3
PH		 582 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
583 spam_score_int = string_copy(big_buffer + 16);
bfe645c1
JH		 584#endif
585#if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
586 else if (Ustrncmp(p, "mtputf8", 7) == 0)
587 message_smtputf8 = TRUE;
e91ad4a7 588#endif
08955dd3
PH		 589 break;
590
e91ad4a7 591#ifdef SUPPORT_TLS
08955dd3
PH		 592 case 't':
593 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
817d9f57 594 tls_in.certificate_verified = TRUE;
08955dd3 595 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
817d9f57 596 tls_in.cipher = string_copy(big_buffer + 12);
e91ad4a7 597# ifndef COMPILE_UTILITY /* tls support fns not built in */
9d1c15ef
JH		 598 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
599 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
600 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
601 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
e91ad4a7 602# endif
08955dd3 603 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
817d9f57 604 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
7be682ca 605 else if (Ustrncmp(p, "ls_sni", 6) == 0)
817d9f57 606 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
44662487
JH		 607 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
608 tls_in.ocsp = big_buffer[10] - '0';
08955dd3 609 break;
e91ad4a7 610#endif
08955dd3 611
bfe645c1
JH		 612#if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
613 case 'u':
614 if (Ustrncmp(p, "tf8_downcvt", 11) == 0)
615 message_utf8_downconvert = 1;
616 else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0)
617 message_utf8_downconvert = -1;
618 break;
619#endif
620
08955dd3
PH		 621 default: /* Present because some compilers complain if all */
622 break; /* possibilities are not covered. */
059ec3d9 623 }
059ec3d9
PH		 624 }
625
626/* Build sender_fullhost if required */
627
628#ifndef COMPILE_UTILITY
629host_build_sender_fullhost();
630#endif /* COMPILE_UTILITY */
631
632#ifndef COMPILE_UTILITY
633DEBUG(D_deliver)
634 debug_printf("sender_local=%d ident=%s\n", sender_local,
635 (sender_ident == NULL)? US"unset" : sender_ident);
636#endif /* COMPILE_UTILITY */
637
638/* We now have the tree of addresses NOT to deliver to, or a line
639containing "XX", indicating no tree. */
640
641if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
642 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
643 goto SPOOL_FORMAT_ERROR;
644
645#ifndef COMPILE_UTILITY
646DEBUG(D_deliver)
647 {
648 debug_printf("Non-recipients:\n");
649 debug_print_tree(tree_nonrecipients);
650 }
651#endif /* COMPILE_UTILITY */
652
653/* After reading the tree, the next line has not yet been read into the
654buffer. It contains the count of recipients which follow on separate lines. */
655
656if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
657if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
658
659#ifndef COMPILE_UTILITY
660DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
661#endif /* COMPILE_UTILITY */
662
663recipients_list_max = rcount;
664recipients_list = store_get(rcount * sizeof(recipient_item));
665
666for (recipients_count = 0; recipients_count < rcount; recipients_count++)
667 {
668 int nn;
669 int pno = -1;
6c1c3d1d
WB		 670 int dsn_flags = 0;
671 uschar *orcpt = NULL;
059ec3d9
PH		 672 uschar *errors_to = NULL;
673 uschar *p;
674
675 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
676 nn = Ustrlen(big_buffer);
677 if (nn < 2) goto SPOOL_FORMAT_ERROR;
678
679 /* Remove the newline; this terminates the address if there is no additional
680 data on the line. */
681
682 p = big_buffer + nn - 1;
683 *p-- = 0;
684
685 /* Look back from the end of the line for digits and special terminators.
686 Since an address must end with a domain, we can tell that extra data is
687 present by the presence of the terminator, which is always some character
688 that cannot exist in a domain. (If I'd thought of the need for additional
689 data early on, I'd have put it at the start, with the address at the end. As
690 it is, we have to operate backwards. Addresses are permitted to contain
691 spaces, you see.)
692
693 This code has to cope with various versions of this data that have evolved
694 over time. In all cases, the line might just contain an address, with no
695 additional data. Otherwise, the possibilities are as follows:
696
697 Exim 3 type: <address><space><digits>,<digits>,<digits>
698
699 The second set of digits is the parent number for one_time addresses. The
700 other values were remnants of earlier experiments that were abandoned.
701
702 Exim 4 first type: <address><space><digits>
703
704 The digits are the parent number for one_time addresses.
705
706 Exim 4 new type: <address><space><data>#<type bits>
707
708 The type bits indicate what the contents of the data are.
709
710 Bit 01 indicates that, reading from right to left, the data
711 ends with <errors_to address><space><len>,<pno> where pno is
712 the parent number for one_time addresses, and len is the length
713 of the errors_to address (zero meaning none).
6c1c3d1d
WB		 714
715 Bit 02 indicates that, again reading from right to left, the data continues
716 with orcpt len(orcpt),dsn_flags
059ec3d9
PH		 717 */
718
719 while (isdigit(*p)) p--;
720
721 /* Handle Exim 3 spool files */
722
723 if (*p == ',')
724 {
725 int dummy;
726 while (isdigit(*(--p)) || *p == ',');
727 if (*p == ' ')
728 {
729 *p++ = 0;
ff790e47 730 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
059ec3d9
PH		 731 }
732 }
733
734 /* Handle early Exim 4 spool files */
735
736 else if (*p == ' ')
737 {
738 *p++ = 0;
ff790e47 739 (void)sscanf(CS p, "%d", &pno);
059ec3d9
PH		 740 }
741
742 /* Handle current format Exim 4 spool files */
743
744 else if (*p == '#')
745 {
746 int flags;
6c1c3d1d 747
cc5a3f43 748#if !defined (COMPILE_UTILITY)
e91ad4a7
JH		 749 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
750#endif
6c1c3d1d 751
ff790e47 752 (void)sscanf(CS p+1, "%d", &flags);
059ec3d9
PH		 753
754 if ((flags & 0x01) != 0) /* one_time data exists */
755 {
756 int len;
757 while (isdigit(*(--p)) || *p == ',' || *p == '-');
ff790e47 758 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
059ec3d9
PH		 759 *p = 0;
760 if (len > 0)
761 {
762 p -= len;
763 errors_to = string_copy(p);
bfe645c1 764 }
6c1c3d1d
WB		 765 }
766
767 *(--p) = 0; /* Terminate address */
6c1c3d1d
WB		 768 if ((flags & 0x02) != 0) /* one_time data exists */
769 {
770 int len;
771 while (isdigit(*(--p)) || *p == ',' || *p == '-');
772 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
773 *p = 0;
774 if (len > 0)
775 {
776 p -= len;
777 orcpt = string_copy(p);
bfe645c1 778 }
059ec3d9
PH		 779 }
780
781 *(--p) = 0; /* Terminate address */
6c1c3d1d 782 }
cc5a3f43 783#if !defined(COMPILE_UTILITY)
6c1c3d1d 784 else
e91ad4a7 785 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
6c1c3d1d
WB		 786
787 if ((orcpt != NULL) || (dsn_flags != 0))
788 {
789 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
790 big_buffer, orcpt, dsn_flags);
791 }
792 if (errors_to != NULL)
793 {
794 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
795 big_buffer, errors_to);
059ec3d9 796 }
cc5a3f43 797#endif
059ec3d9
PH		 798
799 recipients_list[recipients_count].address = string_copy(big_buffer);
800 recipients_list[recipients_count].pno = pno;
801 recipients_list[recipients_count].errors_to = errors_to;
6c1c3d1d
WB		 802 recipients_list[recipients_count].orcpt = orcpt;
803 recipients_list[recipients_count].dsn_flags = dsn_flags;
059ec3d9
PH		 804 }
805
806/* The remainder of the spool header file contains the headers for the message,
807separated off from the previous data by a blank line. Each header is preceded
808by a count of its length and either a certain letter (for various identified
809headers), space (for a miscellaneous live header) or an asterisk (for a header
810that has been rewritten). Count the Received: headers. We read the headers
811always, in order to check on the format of the file, but only create a header
812list if requested to do so. */
813
814inheader = TRUE;
815if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
816if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
817
818while ((n = fgetc(f)) != EOF)
819 {
820 header_line *h;
821 uschar flag[4];
822 int i;
823
824 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
1ac6b2e7
JH		 825 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
826 goto SPOOL_READ_ERROR;
059ec3d9
PH		 827 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
828
829 if (read_headers)
830 {
831 h = store_get(sizeof(header_line));
832 h->next = NULL;
833 h->type = flag[0];
834 h->slen = n;
835 h->text = store_get(n+1);
836
837 if (h->type == htype_received) received_count++;
838
839 if (header_list == NULL) header_list = h;
840 else header_last->next = h;
841 header_last = h;
842
843 for (i = 0; i < n; i++)
844 {
845 int c = fgetc(f);
846 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
847 if (c == '\n' && h->type != htype_old) message_linecount++;
848 h->text[i] = c;
849 }
850 h->text[i] = 0;
851 }
852
853 /* Not requiring header data, just skip through the bytes */
854
855 else for (i = 0; i < n; i++)
856 {
857 int c = fgetc(f);
858 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
859 }
860 }
861
862/* We have successfully read the data in the header file. Update the message
863line count by adding the body linecount to the header linecount. Close the file
864and give a positive response. */
865
866#ifndef COMPILE_UTILITY
867DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
868 body_linecount, message_linecount);
869#endif /* COMPILE_UTILITY */
870
871message_linecount += body_linecount;
872
873fclose(f);
874return spool_read_OK;
875
876
877/* There was an error reading the spool or there was missing data,
878or there was a format error. A "read error" with no errno means an
879unexpected EOF, which we treat as a format error. */
880
881SPOOL_READ_ERROR:
882if (errno != 0)
883 {
884 n = errno;
885
e91ad4a7 886#ifndef COMPILE_UTILITY
059ec3d9 887 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
e91ad4a7 888#endif /* COMPILE_UTILITY */
059ec3d9
PH		 889
890 fclose(f);
891 errno = n;
892 return inheader? spool_read_hdrerror : spool_read_enverror;
893 }
894
895SPOOL_FORMAT_ERROR:
896
897#ifndef COMPILE_UTILITY
898DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
899#endif /* COMPILE_UTILITY */
900
901fclose(f);
902errno = ERRNO_SPOOLFORMAT;
903return inheader? spool_read_hdrerror : spool_read_enverror;
904}
905
9d1c15ef
JH		 906/* vi: aw ai sw=2
907*/
059ec3d9 908/* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.