Callback into smtp transport for BDAT commands
[exim.git] / src / src / transport.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
80fea873 5/* Copyright (c) University of Cambridge 1995 - 2016 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* General functions concerned with transportation, and generic options for all
9transports. */
10
11
12#include "exim.h"
13
a8530a10
TK
14#ifdef HAVE_LINUX_SENDFILE
15#include <sys/sendfile.h>
16#endif
059ec3d9
PH
17
18/* Structure for keeping list of addresses that have been added to
19Envelope-To:, in order to avoid duplication. */
20
21struct aci {
22 struct aci *next;
23 address_item *ptr;
24 };
25
26
27/* Static data for write_chunk() */
28
29static uschar *chunk_ptr; /* chunk pointer */
30static uschar *nl_check; /* string to look for at line start */
31static int nl_check_length; /* length of same */
32static uschar *nl_escape; /* string to insert */
33static int nl_escape_length; /* length of same */
34static int nl_partial_match; /* length matched at chunk end */
35
36
37/* Generic options for transports, all of which live inside transport_instance
38data blocks and which therefore have the opt_public flag set. Note that there
39are other options living inside this structure which can be set only from
40certain transports. */
41
42optionlist optionlist_transports[] = {
43 { "*expand_group", opt_stringptr|opt_hidden|opt_public,
44 (void *)offsetof(transport_instance, expand_gid) },
45 { "*expand_user", opt_stringptr|opt_hidden|opt_public,
46 (void *)offsetof(transport_instance, expand_uid) },
47 { "*headers_rewrite_flags", opt_int|opt_public|opt_hidden,
48 (void *)offsetof(transport_instance, rewrite_existflags) },
49 { "*headers_rewrite_rules", opt_void|opt_public|opt_hidden,
50 (void *)offsetof(transport_instance, rewrite_rules) },
51 { "*set_group", opt_bool|opt_hidden|opt_public,
52 (void *)offsetof(transport_instance, gid_set) },
53 { "*set_user", opt_bool|opt_hidden|opt_public,
54 (void *)offsetof(transport_instance, uid_set) },
55 { "body_only", opt_bool|opt_public,
56 (void *)offsetof(transport_instance, body_only) },
57 { "current_directory", opt_stringptr|opt_public,
58 (void *)offsetof(transport_instance, current_dir) },
59 { "debug_print", opt_stringptr | opt_public,
60 (void *)offsetof(transport_instance, debug_string) },
61 { "delivery_date_add", opt_bool|opt_public,
62 (void *)(offsetof(transport_instance, delivery_date_add)) },
63 { "disable_logging", opt_bool|opt_public,
64 (void *)(offsetof(transport_instance, disable_logging)) },
65 { "driver", opt_stringptr|opt_public,
66 (void *)offsetof(transport_instance, driver_name) },
67 { "envelope_to_add", opt_bool|opt_public,
68 (void *)(offsetof(transport_instance, envelope_to_add)) },
0cbf2b82 69#ifndef DISABLE_EVENT
774ef2d7
JH
70 { "event_action", opt_stringptr | opt_public,
71 (void *)offsetof(transport_instance, event_action) },
72#endif
059ec3d9
PH
73 { "group", opt_expand_gid|opt_public,
74 (void *)offsetof(transport_instance, gid) },
846726c5 75 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
059ec3d9
PH
76 (void *)offsetof(transport_instance, add_headers) },
77 { "headers_only", opt_bool|opt_public,
78 (void *)offsetof(transport_instance, headers_only) },
846726c5 79 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
059ec3d9
PH
80 (void *)offsetof(transport_instance, remove_headers) },
81 { "headers_rewrite", opt_rewrite|opt_public,
82 (void *)offsetof(transport_instance, headers_rewrite) },
83 { "home_directory", opt_stringptr|opt_public,
84 (void *)offsetof(transport_instance, home_dir) },
85 { "initgroups", opt_bool|opt_public,
86 (void *)offsetof(transport_instance, initgroups) },
fa41615d
JH
87 { "max_parallel", opt_stringptr|opt_public,
88 (void *)offsetof(transport_instance, max_parallel) },
059ec3d9
PH
89 { "message_size_limit", opt_stringptr|opt_public,
90 (void *)offsetof(transport_instance, message_size_limit) },
91 { "rcpt_include_affixes", opt_bool|opt_public,
92 (void *)offsetof(transport_instance, rcpt_include_affixes) },
93 { "retry_use_local_part", opt_bool|opt_public,
94 (void *)offsetof(transport_instance, retry_use_local_part) },
95 { "return_path", opt_stringptr|opt_public,
96 (void *)(offsetof(transport_instance, return_path)) },
97 { "return_path_add", opt_bool|opt_public,
98 (void *)(offsetof(transport_instance, return_path_add)) },
99 { "shadow_condition", opt_stringptr|opt_public,
100 (void *)offsetof(transport_instance, shadow_condition) },
101 { "shadow_transport", opt_stringptr|opt_public,
102 (void *)offsetof(transport_instance, shadow) },
103 { "transport_filter", opt_stringptr|opt_public,
104 (void *)offsetof(transport_instance, filter_command) },
105 { "transport_filter_timeout", opt_time|opt_public,
106 (void *)offsetof(transport_instance, filter_timeout) },
107 { "user", opt_expand_uid|opt_public,
108 (void *)offsetof(transport_instance, uid) }
109};
110
111int optionlist_transports_size =
112 sizeof(optionlist_transports)/sizeof(optionlist);
113
114
115/*************************************************
116* Initialize transport list *
117*************************************************/
118
119/* Read the transports section of the configuration file, and set up a chain of
120transport instances according to its contents. Each transport has generic
121options and may also have its own private options. This function is only ever
122called when transports == NULL. We use generic code in readconf to do most of
123the work. */
124
125void
126transport_init(void)
127{
128transport_instance *t;
129
130readconf_driver_init(US"transport",
131 (driver_instance **)(&transports), /* chain anchor */
132 (driver_info *)transports_available, /* available drivers */
133 sizeof(transport_info), /* size of info block */
134 &transport_defaults, /* default values for generic options */
135 sizeof(transport_instance), /* size of instance block */
136 optionlist_transports, /* generic options */
137 optionlist_transports_size);
138
139/* Now scan the configured transports and check inconsistencies. A shadow
140transport is permitted only for local transports. */
141
142for (t = transports; t != NULL; t = t->next)
143 {
144 if (!t->info->local)
145 {
146 if (t->shadow != NULL)
147 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
148 "shadow transport not allowed on non-local transport %s", t->name);
149 }
150
151 if (t->body_only && t->headers_only)
152 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
153 "%s transport: body_only and headers_only are mutually exclusive",
154 t->name);
155 }
156}
157
158
159
160/*************************************************
161* Write block of data *
162*************************************************/
163
164/* Subroutine called by write_chunk() and at the end of the message actually
165to write a data block. Also called directly by some transports to write
166additional data to the file descriptor (e.g. prefix, suffix).
167
168If a transport wants data transfers to be timed, it sets a non-zero value in
169transport_write_timeout. A non-zero transport_write_timeout causes a timer to
170be set for each block of data written from here. If time runs out, then write()
171fails and provokes an error return. The caller can then inspect sigalrm_seen to
172check for a timeout.
173
174On some systems, if a quota is exceeded during the write, the yield is the
175number of bytes written rather than an immediate error code. This also happens
176on some systems in other cases, for example a pipe that goes away because the
177other end's process terminates (Linux). On other systems, (e.g. Solaris 2) you
178get the error codes the first time.
179
180The write() function is also interruptible; the Solaris 2.6 man page says:
181
182 If write() is interrupted by a signal before it writes any
183 data, it will return -1 with errno set to EINTR.
184
185 If write() is interrupted by a signal after it successfully
186 writes some data, it will return the number of bytes written.
187
188To handle these cases, we want to restart the write() to output the remainder
189of the data after a non-negative return from write(), except after a timeout.
190In the error cases (EDQUOT, EPIPE) no bytes get written the second time, and a
191proper error then occurs. In principle, after an interruption, the second
192write() could suffer the same fate, but we do not want to continue for
193evermore, so stick a maximum repetition count on the loop to act as a
194longstop.
195
196Arguments:
197 fd file descriptor to write to
198 block block of bytes to write
199 len number of bytes to write
200
201Returns: TRUE on success, FALSE on failure (with errno preserved);
202 transport_count is incremented by the number of bytes written
203*/
204
205BOOL
206transport_write_block(int fd, uschar *block, int len)
207{
208int i, rc, save_errno;
958541e9
PH
209int local_timeout = transport_write_timeout;
210
211/* This loop is for handling incomplete writes and other retries. In most
212normal cases, it is only ever executed once. */
059ec3d9
PH
213
214for (i = 0; i < 100; i++)
215 {
216 DEBUG(D_transport)
217 debug_printf("writing data block fd=%d size=%d timeout=%d\n",
958541e9 218 fd, len, local_timeout);
059ec3d9 219
958541e9
PH
220 /* This code makes use of alarm() in order to implement the timeout. This
221 isn't a very tidy way of doing things. Using non-blocking I/O with select()
222 provides a neater approach. However, I don't know how to do this when TLS is
223 in use. */
059ec3d9 224
958541e9
PH
225 if (transport_write_timeout <= 0) /* No timeout wanted */
226 {
227 #ifdef SUPPORT_TLS
817d9f57 228 if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else
958541e9
PH
229 #endif
230 rc = write(fd, block, len);
231 save_errno = errno;
232 }
059ec3d9 233
958541e9 234 /* Timeout wanted. */
059ec3d9 235
958541e9 236 else
059ec3d9 237 {
958541e9 238 alarm(local_timeout);
59932f7d
JH
239#ifdef SUPPORT_TLS
240 if (tls_out.active == fd)
241 rc = tls_write(FALSE, block, len);
242 else
243#endif
244 rc = write(fd, block, len);
958541e9
PH
245 save_errno = errno;
246 local_timeout = alarm(0);
059ec3d9
PH
247 if (sigalrm_seen)
248 {
249 errno = ETIMEDOUT;
250 return FALSE;
251 }
252 }
253
254 /* Hopefully, the most common case is success, so test that first. */
255
256 if (rc == len) { transport_count += len; return TRUE; }
257
958541e9
PH
258 /* A non-negative return code is an incomplete write. Try again for the rest
259 of the block. If we have exactly hit the timeout, give up. */
059ec3d9
PH
260
261 if (rc >= 0)
262 {
263 len -= rc;
264 block += rc;
265 transport_count += rc;
266 DEBUG(D_transport) debug_printf("write incomplete (%d)\n", rc);
958541e9 267 goto CHECK_TIMEOUT; /* A few lines below */
059ec3d9
PH
268 }
269
270 /* A negative return code with an EINTR error is another form of
271 incomplete write, zero bytes having been written */
272
273 if (save_errno == EINTR)
274 {
275 DEBUG(D_transport)
276 debug_printf("write interrupted before anything written\n");
958541e9 277 goto CHECK_TIMEOUT; /* A few lines below */
059ec3d9
PH
278 }
279
280 /* A response of EAGAIN from write() is likely only in the case of writing
281 to a FIFO that is not swallowing the data as fast as Exim is writing it. */
282
283 if (save_errno == EAGAIN)
284 {
285 DEBUG(D_transport)
286 debug_printf("write temporarily locked out, waiting 1 sec\n");
287 sleep(1);
958541e9
PH
288
289 /* Before continuing to try another write, check that we haven't run out of
290 time. */
291
292 CHECK_TIMEOUT:
293 if (transport_write_timeout > 0 && local_timeout <= 0)
294 {
295 errno = ETIMEDOUT;
296 return FALSE;
297 }
059ec3d9
PH
298 continue;
299 }
300
301 /* Otherwise there's been an error */
302
303 DEBUG(D_transport) debug_printf("writing error %d: %s\n", save_errno,
304 strerror(save_errno));
305 errno = save_errno;
306 return FALSE;
307 }
308
309/* We've tried and tried and tried but still failed */
310
311errno = ERRNO_WRITEINCOMPLETE;
312return FALSE;
313}
314
315
316
317
318/*************************************************
319* Write formatted string *
320*************************************************/
321
322/* This is called by various transports. It is a convenience function.
323
324Arguments:
325 fd file descriptor
326 format string format
327 ... arguments for format
328
329Returns: the yield of transport_write_block()
330*/
331
332BOOL
1ba28e2b 333transport_write_string(int fd, const char *format, ...)
059ec3d9
PH
334{
335va_list ap;
336va_start(ap, format);
337if (!string_vformat(big_buffer, big_buffer_size, format, ap))
338 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong formatted string in transport");
339va_end(ap);
340return transport_write_block(fd, big_buffer, Ustrlen(big_buffer));
341}
342
343
344
345
346/*************************************************
347* Write character chunk *
348*************************************************/
349
350/* Subroutine used by transport_write_message() to scan character chunks for
351newlines and act appropriately. The object is to minimise the number of writes.
352The output byte stream is buffered up in deliver_out_buffer, which is written
353only when it gets full, thus minimizing write operations and TCP packets.
354
355Static data is used to handle the case when the last character of the previous
356chunk was NL, or matched part of the data that has to be escaped.
357
358Arguments:
359 fd file descript to write to
360 chunk pointer to data to write
361 len length of data to write
6d5c916c 362 tctx transport context - processing to be done during output
059ec3d9
PH
363
364In addition, the static nl_xxx variables must be set as required.
365
366Returns: TRUE on success, FALSE on failure (with errno preserved)
367*/
368
369static BOOL
6d5c916c 370write_chunk(int fd, transport_ctx * tctx, uschar *chunk, int len)
059ec3d9
PH
371{
372uschar *start = chunk;
373uschar *end = chunk + len;
ff5aac2b 374uschar *ptr;
059ec3d9
PH
375int mlen = DELIVER_OUT_BUFFER_SIZE - nl_escape_length - 2;
376
377/* The assumption is made that the check string will never stretch over move
378than one chunk since the only time there are partial matches is when copying
379the body in large buffers. There is always enough room in the buffer for an
380escape string, since the loop below ensures this for each character it
381processes, and it won't have stuck in the escape string if it left a partial
382match. */
383
384if (nl_partial_match >= 0)
385 {
386 if (nl_check_length > 0 && len >= nl_check_length &&
387 Ustrncmp(start, nl_check + nl_partial_match,
388 nl_check_length - nl_partial_match) == 0)
389 {
390 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
391 chunk_ptr += nl_escape_length;
392 start += nl_check_length - nl_partial_match;
393 }
394
395 /* The partial match was a false one. Insert the characters carried over
396 from the previous chunk. */
397
398 else if (nl_partial_match > 0)
399 {
400 Ustrncpy(chunk_ptr, nl_check, nl_partial_match);
401 chunk_ptr += nl_partial_match;
402 }
403
404 nl_partial_match = -1;
405 }
406
407/* Now process the characters in the chunk. Whenever we hit a newline we check
408for possible escaping. The code for the non-NL route should be as fast as
409possible. */
410
411for (ptr = start; ptr < end; ptr++)
412 {
6d5c916c 413 int ch, len;
059ec3d9
PH
414
415 /* Flush the buffer if it has reached the threshold - we want to leave enough
416 room for the next uschar, plus a possible extra CR for an LF, plus the escape
417 string. */
418
6d5c916c
JH
419 /*XXX CHUNKING: probably want to increase DELIVER_OUT_BUFFER_SIZE */
420 if ((len = chunk_ptr - deliver_out_buffer) > mlen)
059ec3d9 421 {
6d5c916c
JH
422 /* If CHUNKING, prefix with BDAT (size) NON-LAST. Also, reap responses
423 from previous SMTP commands. */
424
425 if (tctx && tctx->options & topt_use_bdat && tctx->chunk_cb)
426 if (tctx->chunk_cb(fd, tctx, (unsigned)len, FALSE) != OK)
427 return FALSE;
428
429 if (!transport_write_block(fd, deliver_out_buffer, len))
059ec3d9
PH
430 return FALSE;
431 chunk_ptr = deliver_out_buffer;
432 }
433
434 if ((ch = *ptr) == '\n')
435 {
436 int left = end - ptr - 1; /* count of chars left after NL */
437
438 /* Insert CR before NL if required */
439
6d5c916c 440 if (tctx && tctx->options & topt_use_crlf) *chunk_ptr++ = '\r';
059ec3d9 441 *chunk_ptr++ = '\n';
332f5cf3 442 transport_newlines++;
059ec3d9
PH
443
444 /* The check_string test (formerly "from hack") replaces the specific
445 string at the start of a line with an escape string (e.g. "From " becomes
446 ">From " or "." becomes "..". It is a case-sensitive test. The length
447 check above ensures there is always enough room to insert this string. */
448
449 if (nl_check_length > 0)
450 {
451 if (left >= nl_check_length &&
452 Ustrncmp(ptr+1, nl_check, nl_check_length) == 0)
453 {
454 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
455 chunk_ptr += nl_escape_length;
456 ptr += nl_check_length;
457 }
458
459 /* Handle the case when there isn't enough left to match the whole
460 check string, but there may be a partial match. We remember how many
461 characters matched, and finish processing this chunk. */
462
463 else if (left <= 0) nl_partial_match = 0;
464
465 else if (Ustrncmp(ptr+1, nl_check, left) == 0)
466 {
467 nl_partial_match = left;
468 ptr = end;
469 }
470 }
471 }
472
473 /* Not a NL character */
474
475 else *chunk_ptr++ = ch;
476 }
477
478return TRUE;
479}
480
481
482
483
484/*************************************************
485* Generate address for RCPT TO *
486*************************************************/
487
488/* This function puts together an address for RCPT to, using the caseful
489version of the local part and the caseful version of the domain. If there is no
490prefix or suffix, or if affixes are to be retained, we can just use the
491original address. Otherwise, if there is a prefix but no suffix we can use a
492pointer into the original address. If there is a suffix, however, we have to
493build a new string.
494
495Arguments:
496 addr the address item
497 include_affixes TRUE if affixes are to be included
498
499Returns: a string
500*/
501
502uschar *
503transport_rcpt_address(address_item *addr, BOOL include_affixes)
504{
505uschar *at;
506int plen, slen;
507
508if (include_affixes)
509 {
510 setflag(addr, af_include_affixes); /* Affects logged => line */
511 return addr->address;
512 }
513
514if (addr->suffix == NULL)
515 {
516 if (addr->prefix == NULL) return addr->address;
517 return addr->address + Ustrlen(addr->prefix);
518 }
519
520at = Ustrrchr(addr->address, '@');
521plen = (addr->prefix == NULL)? 0 : Ustrlen(addr->prefix);
522slen = Ustrlen(addr->suffix);
523
524return string_sprintf("%.*s@%s", (at - addr->address - plen - slen),
525 addr->address + plen, at + 1);
526}
527
528
529/*************************************************
530* Output Envelope-To: address & scan duplicates *
531*************************************************/
532
533/* This function is called from internal_transport_write_message() below, when
534generating an Envelope-To: header line. It checks for duplicates of the given
535address and its ancestors. When one is found, this function calls itself
536recursively, to output the envelope address of the duplicate.
537
538We want to avoid duplication in the list, which can arise for example when
539A->B,C and then both B and C alias to D. This can also happen when there are
540unseen drivers in use. So a list of addresses that have been output is kept in
541the plist variable.
542
543It is also possible to have loops in the address ancestry/duplication graph,
544for example if there are two top level addresses A and B and we have A->B,C and
545B->A. To break the loop, we use a list of processed addresses in the dlist
546variable.
547
548After handling duplication, this function outputs the progenitor of the given
549address.
550
551Arguments:
552 p the address we are interested in
553 pplist address of anchor of the list of addresses not to output
554 pdlist address of anchor of the list of processed addresses
555 first TRUE if this is the first address; set it FALSE afterwards
556 fd the file descriptor to write to
6d5c916c 557 tctx transport context - processing to be done during output
059ec3d9
PH
558
559Returns: FALSE if writing failed
560*/
561
562static BOOL
563write_env_to(address_item *p, struct aci **pplist, struct aci **pdlist,
6d5c916c 564 BOOL *first, int fd, transport_ctx * tctx)
059ec3d9
PH
565{
566address_item *pp;
567struct aci *ppp;
568
569/* Do nothing if we have already handled this address. If not, remember it
570so that we don't handle it again. */
571
ff5aac2b 572for (ppp = *pdlist; ppp; ppp = ppp->next) if (p == ppp->ptr) return TRUE;
059ec3d9
PH
573
574ppp = store_get(sizeof(struct aci));
575ppp->next = *pdlist;
576*pdlist = ppp;
577ppp->ptr = p;
578
579/* Now scan up the ancestry, checking for duplicates at each generation. */
580
581for (pp = p;; pp = pp->parent)
582 {
583 address_item *dup;
ff5aac2b
JH
584 for (dup = addr_duplicate; dup; dup = dup->next)
585 if (dup->dupof == pp) /* a dup of our address */
6d5c916c 586 if (!write_env_to(dup, pplist, pdlist, first, fd, tctx))
ff5aac2b
JH
587 return FALSE;
588 if (!pp->parent) break;
059ec3d9
PH
589 }
590
591/* Check to see if we have already output the progenitor. */
592
ff5aac2b
JH
593for (ppp = *pplist; ppp; ppp = ppp->next) if (pp == ppp->ptr) break;
594if (ppp) return TRUE;
059ec3d9
PH
595
596/* Remember what we have output, and output it. */
597
598ppp = store_get(sizeof(struct aci));
599ppp->next = *pplist;
600*pplist = ppp;
601ppp->ptr = pp;
602
6d5c916c 603if (!*first && !write_chunk(fd, tctx, US",\n ", 3)) return FALSE;
059ec3d9 604*first = FALSE;
6d5c916c 605return write_chunk(fd, tctx, pp->address, Ustrlen(pp->address));
059ec3d9
PH
606}
607
608
609
610
511a6c14
JH
611/* Add/remove/rewwrite headers, and send them plus the empty-line sparator.
612
613Globals:
614 header_list
615
616Arguments:
617 addr (chain of) addresses (for extra headers), or NULL;
618 only the first address is used
619 fd file descriptor to write the message to
59932f7d 620 sendfn function for output (transport or verify)
6d5c916c
JH
621 wck_flags
622 use_crlf turn NL into CR LF
623 use_bdat callback before chunk flush
511a6c14
JH
624 rewrite_rules chain of header rewriting rules
625 rewrite_existflags flags for the rewriting rules
6d5c916c 626 chunk_cb transport callback function for data-chunk commands
511a6c14
JH
627
628Returns: TRUE on success; FALSE on failure.
629*/
630BOOL
6d5c916c
JH
631transport_headers_send(int fd, transport_ctx * tctx,
632 BOOL (*sendfn)(int fd, transport_ctx * tctx, uschar * s, int len))
511a6c14
JH
633{
634header_line *h;
65de12cc 635const uschar *list;
6d5c916c
JH
636transport_instance * tblock = tctx ? tctx->tblock : NULL;
637address_item * addr = tctx ? tctx->addr : NULL;
511a6c14
JH
638
639/* Then the message's headers. Don't write any that are flagged as "old";
640that means they were rewritten, or are a record of envelope rewriting, or
641were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
76146973
JH
642match any entries therein. It is a colon-sep list; expand the items
643separately and squash any empty ones.
d43cbe25 644Then check addr->prop.remove_headers too, provided that addr is not NULL. */
511a6c14 645
ff5aac2b 646for (h = header_list; h; h = h->next) if (h->type != htype_old)
511a6c14
JH
647 {
648 int i;
511a6c14
JH
649 BOOL include_header = TRUE;
650
65de12cc 651 list = tblock ? tblock->remove_headers : NULL;
d43cbe25 652 for (i = 0; i < 2; i++) /* For remove_headers && addr->prop.remove_headers */
511a6c14
JH
653 {
654 if (list)
655 {
656 int sep = ':'; /* This is specified as a colon-separated list */
657 uschar *s, *ss;
8bc732e8 658 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
511a6c14 659 {
76146973
JH
660 int len;
661
662 if (i == 0)
663 if (!(s = expand_string(s)) && !expand_string_forcedfail)
664 {
665 errno = ERRNO_CHHEADER_FAIL;
666 return FALSE;
667 }
d4ff61d1 668 len = s ? Ustrlen(s) : 0;
511a6c14
JH
669 if (strncmpic(h->text, s, len) != 0) continue;
670 ss = h->text + len;
671 while (*ss == ' ' || *ss == '\t') ss++;
672 if (*ss == ':') break;
673 }
65de12cc 674 if (s) { include_header = FALSE; break; }
511a6c14 675 }
65de12cc 676 if (addr) list = addr->prop.remove_headers;
511a6c14
JH
677 }
678
679 /* If this header is to be output, try to rewrite it if there are rewriting
680 rules. */
681
682 if (include_header)
683 {
65de12cc 684 if (tblock && tblock->rewrite_rules)
511a6c14
JH
685 {
686 void *reset_point = store_get(0);
687 header_line *hh;
688
65de12cc
JH
689 if ((hh = rewrite_header(h, NULL, NULL, tblock->rewrite_rules,
690 tblock->rewrite_existflags, FALSE)))
511a6c14 691 {
6d5c916c 692 if (!sendfn(fd, tctx, hh->text, hh->slen)) return FALSE;
511a6c14
JH
693 store_reset(reset_point);
694 continue; /* With the next header line */
695 }
696 }
697
698 /* Either no rewriting rules, or it didn't get rewritten */
699
6d5c916c 700 if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE;
511a6c14
JH
701 }
702
703 /* Header removed */
704
705 else
706 {
707 DEBUG(D_transport) debug_printf("removed header line:\n%s---\n", h->text);
708 }
709 }
710
711/* Add on any address-specific headers. If there are multiple addresses,
712they will all have the same headers in order to be batched. The headers
713are chained in reverse order of adding (so several addresses from the
714same alias might share some of them) but we want to output them in the
715opposite order. This is a bit tedious, but there shouldn't be very many
716of them. We just walk the list twice, reversing the pointers each time,
717but on the second time, write out the items.
718
719Headers added to an address by a router are guaranteed to end with a newline.
720*/
721
722if (addr)
723 {
724 int i;
d43cbe25 725 header_line *hprev = addr->prop.extra_headers;
511a6c14
JH
726 header_line *hnext;
727 for (i = 0; i < 2; i++)
ff5aac2b 728 for (h = hprev, hprev = NULL; h; h = hnext)
511a6c14
JH
729 {
730 hnext = h->next;
731 h->next = hprev;
732 hprev = h;
733 if (i == 1)
734 {
6d5c916c 735 if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE;
511a6c14
JH
736 DEBUG(D_transport)
737 debug_printf("added header line(s):\n%s---\n", h->text);
738 }
739 }
511a6c14
JH
740 }
741
76146973
JH
742/* If a string containing additional headers exists it is a newline-sep
743list. Expand each item and write out the result. This is done last so that
744if it (deliberately or accidentally) isn't in header format, it won't mess
745up any other headers. An empty string or a forced expansion failure are
746noops. An added header string from a transport may not end with a newline;
747add one if it does not. */
511a6c14 748
65de12cc 749if (tblock && (list = CUS tblock->add_headers))
511a6c14 750 {
76146973
JH
751 int sep = '\n';
752 uschar * s;
753
65de12cc 754 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
ff5aac2b 755 if ((s = expand_string(s)))
76146973
JH
756 {
757 int len = Ustrlen(s);
758 if (len > 0)
511a6c14 759 {
6d5c916c
JH
760 if (!sendfn(fd, tctx, s, len)) return FALSE;
761 if (s[len-1] != '\n' && !sendfn(fd, tctx, US"\n", 1))
76146973
JH
762 return FALSE;
763 DEBUG(D_transport)
764 {
765 debug_printf("added header line:\n%s", s);
766 if (s[len-1] != '\n') debug_printf("\n");
767 debug_printf("---\n");
768 }
511a6c14
JH
769 }
770 }
ff5aac2b
JH
771 else if (!expand_string_forcedfail)
772 { errno = ERRNO_CHHEADER_FAIL; return FALSE; }
511a6c14
JH
773 }
774
775/* Separate headers from body with a blank line */
776
6d5c916c 777return sendfn(fd, tctx, US"\n", 1);
511a6c14
JH
778}
779
780
059ec3d9
PH
781/*************************************************
782* Write the message *
783*************************************************/
784
785/* This function writes the message to the given file descriptor. The headers
786are in the in-store data structure, and the rest of the message is in the open
787file descriptor deliver_datafile. Make sure we start it at the beginning.
788
789. If add_return_path is TRUE, a "return-path:" header is added to the message,
790 containing the envelope sender's address.
791
792. If add_envelope_to is TRUE, a "envelope-to:" header is added to the message,
793 giving the top-level envelope address that caused this delivery to happen.
794
795. If add_delivery_date is TRUE, a "delivery-date:" header is added to the
796 message. It gives the time and date that delivery took place.
797
798. If check_string is not null, the start of each line is checked for that
799 string. If it is found, it is replaced by escape_string. This used to be
800 the "from hack" for files, and "smtp_dots" for escaping SMTP dots.
801
802. If use_crlf is true, newlines are turned into CRLF (SMTP output).
803
804The yield is TRUE if all went well, and FALSE if not. Exit *immediately* after
805any writing or reading error, leaving the code in errno intact. Error exits
806can include timeouts for certain transports, which are requested by setting
807transport_write_timeout non-zero.
808
809Arguments:
059ec3d9 810 fd file descriptor to write the message to
65de12cc
JH
811 tctx
812 addr (chain of) addresses (for extra headers), or NULL;
813 only the first address is used
814 tblock optional transport instance block (NULL signifies NULL/0):
815 add_headers a string containing one or more headers to add; it is
816 expanded, and must be in correct RFC 822 format as
817 it is transmitted verbatim; NULL => no additions,
818 and so does empty string or forced expansion fail
819 remove_headers a colon-separated list of headers to remove, or NULL
820 rewrite_rules chain of header rewriting rules
821 rewrite_existflags flags for the rewriting rules
822 options bit-wise options:
823 add_return_path if TRUE, add a "return-path" header
824 add_envelope_to if TRUE, add a "envelope-to" header
825 add_delivery_date if TRUE, add a "delivery-date" header
826 use_crlf if TRUE, turn NL into CR LF
827 end_dot if TRUE, send a terminating "." line at the end
828 no_headers if TRUE, omit the headers
829 no_body if TRUE, omit the body
830 size_limit if > 0, this is a limit to the size of message written;
831 it is used when returning messages to their senders,
832 and is approximate rather than exact, owing to chunk
833 buffering
834 check_string a string to check for at the start of lines, or NULL
835 escape_string a string to insert in front of any check string
059ec3d9
PH
836
837Returns: TRUE on success; FALSE (with errno) on failure.
838 In addition, the global variable transport_count
839 is incremented by the number of bytes written.
840*/
841
842static BOOL
65de12cc 843internal_transport_write_message(int fd, transport_ctx * tctx, int size_limit)
059ec3d9 844{
059ec3d9 845int len;
59932f7d
JH
846off_t fsize;
847int size;
059ec3d9
PH
848
849/* Initialize pointer in output buffer. */
850
851chunk_ptr = deliver_out_buffer;
852
853/* Set up the data for start-of-line data checking and escaping */
854
855nl_partial_match = -1;
65de12cc 856if (tctx->check_string && tctx->escape_string)
059ec3d9 857 {
65de12cc 858 nl_check = tctx->check_string;
059ec3d9 859 nl_check_length = Ustrlen(nl_check);
65de12cc 860 nl_escape = tctx->escape_string;
059ec3d9
PH
861 nl_escape_length = Ustrlen(nl_escape);
862 }
ff5aac2b
JH
863else
864 nl_check_length = nl_escape_length = 0;
059ec3d9
PH
865
866/* Whether the escaping mechanism is applied to headers or not is controlled by
867an option (set for SMTP, not otherwise). Negate the length if not wanted till
868after the headers. */
869
65de12cc 870if (!(tctx->options & topt_escape_headers))
ff5aac2b 871 nl_check_length = -nl_check_length;
059ec3d9
PH
872
873/* Write the headers if required, including any that have to be added. If there
874are header rewriting rules, apply them. */
875
65de12cc 876if (!(tctx->options & topt_no_headers))
059ec3d9
PH
877 {
878 /* Add return-path: if requested. */
879
65de12cc 880 if (tctx->options & topt_add_return_path)
059ec3d9
PH
881 {
882 uschar buffer[ADDRESS_MAXLENGTH + 20];
ff5aac2b 883 int n = sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH,
059ec3d9 884 return_path);
6d5c916c 885 if (!write_chunk(fd, tctx, buffer, n)) return FALSE;
059ec3d9
PH
886 }
887
888 /* Add envelope-to: if requested */
889
65de12cc 890 if (tctx->options & topt_add_envelope_to)
059ec3d9
PH
891 {
892 BOOL first = TRUE;
893 address_item *p;
894 struct aci *plist = NULL;
895 struct aci *dlist = NULL;
896 void *reset_point = store_get(0);
897
6d5c916c 898 if (!write_chunk(fd, tctx, US"Envelope-to: ", 13)) return FALSE;
059ec3d9
PH
899
900 /* Pick up from all the addresses. The plist and dlist variables are
901 anchors for lists of addresses already handled; they have to be defined at
902 this level becuase write_env_to() calls itself recursively. */
903
65de12cc 904 for (p = tctx->addr; p; p = p->next)
6d5c916c 905 if (!write_env_to(p, &plist, &dlist, &first, fd, tctx))
ff5aac2b 906 return FALSE;
059ec3d9
PH
907
908 /* Add a final newline and reset the store used for tracking duplicates */
909
6d5c916c 910 if (!write_chunk(fd, tctx, US"\n", 1)) return FALSE;
059ec3d9
PH
911 store_reset(reset_point);
912 }
913
914 /* Add delivery-date: if requested. */
915
65de12cc 916 if (tctx->options & topt_add_delivery_date)
059ec3d9
PH
917 {
918 uschar buffer[100];
ff5aac2b 919 int n = sprintf(CS buffer, "Delivery-date: %s\n", tod_stamp(tod_full));
6d5c916c 920 if (!write_chunk(fd, tctx, buffer, n)) return FALSE;
059ec3d9
PH
921 }
922
923 /* Then the message's headers. Don't write any that are flagged as "old";
924 that means they were rewritten, or are a record of envelope rewriting, or
925 were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
d43cbe25 926 match any entries therein. Then check addr->prop.remove_headers too, provided that
059ec3d9 927 addr is not NULL. */
65de12cc 928
6d5c916c 929 if (!transport_headers_send(fd, tctx, &write_chunk))
511a6c14 930 return FALSE;
059ec3d9
PH
931 }
932
59932f7d
JH
933/* When doing RFC3030 CHUNKING output, work out how much data will be in the
934last BDAT, consisting of the current write_chunk() output buffer fill
935(optimally, all of the headers - but it does not matter if we already had to
936flush that buffer with non-last BDAT prependix) plus the amount of body data
937(as expanded for CRLF lines). Then create and write the BDAT, and ensure
938that further use of write_chunk() will not prepend BDATs. */
939
65de12cc 940if (tctx->options & topt_use_bdat)
59932f7d
JH
941 {
942 if ((size = chunk_ptr - deliver_out_buffer) < 0)
943 size = 0;
65de12cc 944 if (!(tctx->options & topt_no_body))
59932f7d
JH
945 {
946 if ((fsize = lseek(deliver_datafile, 0, SEEK_END)) < 0) return FALSE;
947 fsize -= SPOOL_DATA_START_OFFSET;
948 if (size_limit > 0 && fsize > size_limit)
949 fsize = size_limit;
950 size += fsize;
65de12cc 951 if (tctx->options & topt_use_crlf)
59932f7d
JH
952 size += body_linecount; /* account for CRLF-expansion */
953 }
954
6d5c916c
JH
955 /*XXX CHUNKING:
956 Emit a LAST datachunk command. */
59932f7d 957
6d5c916c
JH
958 if (tctx->chunk_cb(fd, tctx, size, TRUE) != OK)
959 return FALSE;
59932f7d 960
6d5c916c 961 tctx->options &= ~topt_use_bdat;
59932f7d
JH
962 }
963
059ec3d9
PH
964/* If the body is required, ensure that the data for check strings (formerly
965the "from hack") is enabled by negating the length if necessary. (It will be
966negative in cases where it isn't to apply to the headers). Then ensure the body
967is positioned at the start of its file (following the message id), then write
968it, applying the size limit if required. */
969
65de12cc 970if (!(tctx->options & topt_no_body))
059ec3d9
PH
971 {
972 nl_check_length = abs(nl_check_length);
973 nl_partial_match = 0;
d4ff61d1
JH
974 if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
975 return FALSE;
59932f7d
JH
976 while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0
977 && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
6d5c916c 978 if (!write_chunk(fd, tctx, deliver_in_buffer, len))
59932f7d 979 return FALSE;
059ec3d9 980
059ec3d9
PH
981 /* A read error on the body will have left len == -1 and errno set. */
982
983 if (len != 0) return FALSE;
c0940526 984 }
059ec3d9 985
c0940526 986/* Finished with the check string */
059ec3d9 987
c0940526
PP
988nl_check_length = nl_escape_length = 0;
989
990/* If requested, add a terminating "." line (SMTP output). */
991
6d5c916c 992if (tctx->options & topt_end_dot && !write_chunk(fd, tctx, US".\n", 2))
c0940526 993 return FALSE;
059ec3d9
PH
994
995/* Write out any remaining data in the buffer before returning. */
996
997return (len = chunk_ptr - deliver_out_buffer) <= 0 ||
998 transport_write_block(fd, deliver_out_buffer, len);
999}
1000
1001
80a47a2c 1002#ifndef DISABLE_DKIM
fb2274d4 1003
4cd12fe9
TK
1004/***************************************************************************************************
1005* External interface to write the message, while signing it with DKIM and/or Domainkeys *
1006***************************************************************************************************/
fb2274d4 1007
077ba943
JH
1008/* This function is a wrapper around transport_write_message().
1009 It is only called from the smtp transport if DKIM or Domainkeys support
1010 is compiled in. The function sets up a replacement fd into a -K file,
1011 then calls the normal function. This way, the exact bits that exim would
1012 have put "on the wire" will end up in the file (except for TLS
1013 encapsulation, which is the very very last thing). When we are done
1014 signing the file, send the signed message down the original fd (or TLS fd).
1015
1016Arguments:
ff5aac2b
JH
1017 as for internal_transport_write_message() above, with additional arguments
1018 for DKIM.
f7572e5a
TK
1019
1020Returns: TRUE on success; FALSE (with errno) for any failure
1021*/
1022
1023BOOL
65de12cc
JH
1024dkim_transport_write_message(int out_fd, transport_ctx * tctx,
1025 struct ob_dkim * dkim)
f7572e5a 1026{
077ba943
JH
1027int dkim_fd;
1028int save_errno = 0;
1029BOOL rc;
41313d92 1030uschar * dkim_spool_name;
077ba943
JH
1031int sread = 0;
1032int wwritten = 0;
1033uschar *dkim_signature = NULL;
e520153e 1034int siglen;
ff5aac2b 1035off_t k_file_size;
077ba943
JH
1036
1037/* If we can't sign, just call the original function. */
1038
ff5aac2b 1039if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
65de12cc 1040 return transport_write_message(out_fd, tctx, 0);
077ba943 1041
41313d92
JH
1042dkim_spool_name = spool_fname(US"input", message_subdir, message_id,
1043 string_sprintf("-%d-K", (int)getpid()));
077ba943
JH
1044
1045if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0)
1046 {
1047 /* Can't create spool file. Ugh. */
1048 rc = FALSE;
1049 save_errno = errno;
1050 goto CLEANUP;
4cd12fe9
TK
1051 }
1052
ff5aac2b 1053/* Call original function to write the -K file; does the CRLF expansion */
f7572e5a 1054
65de12cc
JH
1055tctx->options &= ~topt_use_bdat;
1056rc = transport_write_message(dkim_fd, tctx, 0);
f7572e5a 1057
077ba943
JH
1058/* Save error state. We must clean up before returning. */
1059if (!rc)
1060 {
1061 save_errno = errno;
1062 goto CLEANUP;
1063 }
f7572e5a 1064
ff5aac2b 1065if (dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
077ba943
JH
1066 {
1067 /* Rewind file and feed it to the goats^W DKIM lib */
1068 lseek(dkim_fd, 0, SEEK_SET);
1069 dkim_signature = dkim_exim_sign(dkim_fd,
ff5aac2b
JH
1070 dkim->dkim_private_key,
1071 dkim->dkim_domain,
1072 dkim->dkim_selector,
1073 dkim->dkim_canon,
1074 dkim->dkim_sign_headers);
077ba943
JH
1075 if (!dkim_signature)
1076 {
ff5aac2b 1077 if (dkim->dkim_strict)
077ba943 1078 {
ff5aac2b 1079 uschar *dkim_strict_result = expand_string(dkim->dkim_strict);
077ba943 1080 if (dkim_strict_result)
ff5aac2b
JH
1081 if ( (strcmpic(dkim->dkim_strict,US"1") == 0) ||
1082 (strcmpic(dkim->dkim_strict,US"true") == 0) )
077ba943
JH
1083 {
1084 /* Set errno to something halfway meaningful */
1085 save_errno = EACCES;
1086 log_write(0, LOG_MAIN, "DKIM: message could not be signed,"
1087 " and dkim_strict is set. Deferring message delivery.");
1088 rc = FALSE;
1089 goto CLEANUP;
1090 }
f7572e5a
TK
1091 }
1092 }
ff5aac2b 1093
e520153e
JH
1094 siglen = 0;
1095 }
1096
1097if (dkim_signature)
1098 {
1099 siglen = Ustrlen(dkim_signature);
1100 while(siglen > 0)
077ba943 1101 {
3d50ca30 1102#ifdef SUPPORT_TLS
e520153e
JH
1103 wwritten = tls_out.active == out_fd
1104 ? tls_write(FALSE, dkim_signature, siglen)
1105 : write(out_fd, dkim_signature, siglen);
3d50ca30 1106#else
e520153e 1107 wwritten = write(out_fd, dkim_signature, siglen);
3d50ca30 1108#endif
e520153e
JH
1109 if (wwritten == -1)
1110 {
1111 /* error, bail out */
1112 save_errno = errno;
1113 rc = FALSE;
1114 goto CLEANUP;
f7572e5a 1115 }
e520153e
JH
1116 siglen -= wwritten;
1117 dkim_signature += wwritten;
f7572e5a 1118 }
4cd12fe9 1119 }
f7572e5a 1120
f7572e5a 1121#ifdef HAVE_LINUX_SENDFILE
077ba943
JH
1122/* We can use sendfile() to shove the file contents
1123 to the socket. However only if we don't use TLS,
1124 as then there's another layer of indirection
1125 before the data finally hits the socket. */
ff5aac2b 1126if (tls_out.active != out_fd)
077ba943
JH
1127 {
1128 ssize_t copied = 0;
1129 off_t offset = 0;
e8bc7fca 1130
ff5aac2b
JH
1131 k_file_size = lseek(dkim_fd, 0, SEEK_END); /* Fetch file size */
1132
e8bc7fca
JH
1133 /* Rewind file */
1134 lseek(dkim_fd, 0, SEEK_SET);
1135
ff5aac2b
JH
1136 while(copied >= 0 && offset < k_file_size)
1137 copied = sendfile(out_fd, dkim_fd, &offset, k_file_size - offset);
077ba943 1138 if (copied < 0)
f7572e5a 1139 {
077ba943
JH
1140 save_errno = errno;
1141 rc = FALSE;
f7572e5a 1142 }
077ba943 1143 }
e8bc7fca
JH
1144else
1145
f7572e5a
TK
1146#endif
1147
077ba943 1148 {
e8bc7fca
JH
1149 /* Rewind file */
1150 lseek(dkim_fd, 0, SEEK_SET);
077ba943 1151
e8bc7fca 1152 /* Send file down the original fd */
ff5aac2b 1153 while((sread = read(dkim_fd, deliver_out_buffer, DELIVER_OUT_BUFFER_SIZE)) >0)
f7572e5a 1154 {
ff5aac2b 1155 char *p = deliver_out_buffer;
e8bc7fca
JH
1156 /* write the chunk */
1157
1158 while (sread)
1159 {
077ba943 1160#ifdef SUPPORT_TLS
ff5aac2b 1161 wwritten = tls_out.active == out_fd
e8bc7fca 1162 ? tls_write(FALSE, US p, sread)
ff5aac2b 1163 : write(out_fd, p, sread);
077ba943 1164#else
ff5aac2b 1165 wwritten = write(out_fd, p, sread);
077ba943 1166#endif
e8bc7fca
JH
1167 if (wwritten == -1)
1168 {
1169 /* error, bail out */
1170 save_errno = errno;
1171 rc = FALSE;
1172 goto CLEANUP;
1173 }
1174 p += wwritten;
1175 sread -= wwritten;
f7572e5a 1176 }
f7572e5a
TK
1177 }
1178
e8bc7fca
JH
1179 if (sread == -1)
1180 {
1181 save_errno = errno;
1182 rc = FALSE;
1183 }
077ba943 1184 }
f7572e5a 1185
077ba943
JH
1186CLEANUP:
1187/* unlink -K file */
1188(void)close(dkim_fd);
1189Uunlink(dkim_spool_name);
1190errno = save_errno;
1191return rc;
f7572e5a 1192}
80a47a2c 1193
f7572e5a
TK
1194#endif
1195
1196
1197
059ec3d9
PH
1198/*************************************************
1199* External interface to write the message *
1200*************************************************/
1201
1202/* If there is no filtering required, call the internal function above to do
1203the real work, passing over all the arguments from this function. Otherwise,
1204set up a filtering process, fork another process to call the internal function
1205to write to the filter, and in this process just suck from the filter and write
1206down the given fd. At the end, tidy up the pipes and the processes.
1207
65de12cc 1208XXX
059ec3d9
PH
1209Arguments: as for internal_transport_write_message() above
1210
1211Returns: TRUE on success; FALSE (with errno) for any failure
1212 transport_count is incremented by the number of bytes written
1213*/
1214
1215BOOL
65de12cc 1216transport_write_message(int fd, transport_ctx * tctx, int size_limit)
059ec3d9 1217{
59932f7d 1218unsigned wck_flags;
059ec3d9
PH
1219BOOL last_filter_was_NL = TRUE;
1220int rc, len, yield, fd_read, fd_write, save_errno;
806c3df9 1221int pfd[2] = {-1, -1};
059ec3d9 1222pid_t filter_pid, write_pid;
6d5c916c 1223static transport_ctx dummy_tctx = {0};
65de12cc
JH
1224
1225if (!tctx) tctx = &dummy_tctx;
059ec3d9 1226
2e2a30b4
PH
1227transport_filter_timed_out = FALSE;
1228
059ec3d9
PH
1229/* If there is no filter command set up, call the internal function that does
1230the actual work, passing it the incoming fd, and return its result. */
1231
6ff55e50
JH
1232if ( !transport_filter_argv
1233 || !*transport_filter_argv
1234 || !**transport_filter_argv
1235 )
65de12cc 1236 return internal_transport_write_message(fd, tctx, size_limit);
059ec3d9
PH
1237
1238/* Otherwise the message must be written to a filter process and read back
1239before being written to the incoming fd. First set up the special processing to
1240be done during the copying. */
1241
65de12cc 1242wck_flags = tctx->options & topt_use_crlf;
059ec3d9
PH
1243nl_partial_match = -1;
1244
65de12cc 1245if (tctx->check_string && tctx->escape_string)
059ec3d9 1246 {
65de12cc 1247 nl_check = tctx->check_string;
059ec3d9 1248 nl_check_length = Ustrlen(nl_check);
65de12cc 1249 nl_escape = tctx->escape_string;
059ec3d9
PH
1250 nl_escape_length = Ustrlen(nl_escape);
1251 }
1252else nl_check_length = nl_escape_length = 0;
1253
1254/* Start up a subprocess to run the command. Ensure that our main fd will
1255be closed when the subprocess execs, but remove the flag afterwards.
1256(Otherwise, if this is a TCP/IP socket, it can't get passed on to another
1257process to deliver another message.) We get back stdin/stdout file descriptors.
1258If the process creation failed, give an error return. */
1259
1260fd_read = -1;
1261fd_write = -1;
1262save_errno = 0;
1263yield = FALSE;
1264write_pid = (pid_t)(-1);
1265
ff790e47 1266(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
55414b25
JH
1267filter_pid = child_open(USS transport_filter_argv, NULL, 077,
1268 &fd_write, &fd_read, FALSE);
ff790e47 1269(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) & ~FD_CLOEXEC);
059ec3d9
PH
1270if (filter_pid < 0) goto TIDY_UP; /* errno set */
1271
1272DEBUG(D_transport)
65de12cc 1273 debug_printf("process %d running as transport filter: fd_write=%d fd_read=%d\n",
059ec3d9
PH
1274 (int)filter_pid, fd_write, fd_read);
1275
1276/* Fork subprocess to write the message to the filter, and return the result
1277via a(nother) pipe. While writing to the filter, we do not do the CRLF,
1278smtp dots, or check string processing. */
1279
1280if (pipe(pfd) != 0) goto TIDY_UP; /* errno set */
1281if ((write_pid = fork()) == 0)
1282 {
1283 BOOL rc;
f1e894f3
PH
1284 (void)close(fd_read);
1285 (void)close(pfd[pipe_read]);
059ec3d9 1286 nl_check_length = nl_escape_length = 0;
65de12cc
JH
1287
1288 tctx->check_string = tctx->escape_string = NULL;
1289 tctx->options &= ~(topt_use_crlf | topt_end_dot | topt_use_bdat);
1290
1291 rc = internal_transport_write_message(fd_write, tctx, size_limit);
1292
059ec3d9 1293 save_errno = errno;
1ac6b2e7
JH
1294 if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL))
1295 != sizeof(BOOL)
1296 || write(pfd[pipe_write], (void *)&save_errno, sizeof(int))
1297 != sizeof(int)
65de12cc 1298 || write(pfd[pipe_write], (void *)&tctx->addr->more_errno, sizeof(int))
1ac6b2e7
JH
1299 != sizeof(int)
1300 )
1301 rc = FALSE; /* compiler quietening */
059ec3d9
PH
1302 _exit(0);
1303 }
1304save_errno = errno;
1305
1306/* Parent process: close our copy of the writing subprocess' pipes. */
1307
f1e894f3
PH
1308(void)close(pfd[pipe_write]);
1309(void)close(fd_write);
059ec3d9
PH
1310fd_write = -1;
1311
1312/* Writing process creation failed */
1313
1314if (write_pid < 0)
1315 {
1316 errno = save_errno; /* restore */
1317 goto TIDY_UP;
1318 }
1319
1320/* When testing, let the subprocess get going */
1321
1322if (running_in_test_harness) millisleep(250);
1323
1324DEBUG(D_transport)
1325 debug_printf("process %d writing to transport filter\n", (int)write_pid);
1326
1327/* Copy the message from the filter to the output fd. A read error leaves len
1328== -1 and errno set. We need to apply a timeout to the read, to cope with
1329the case when the filter gets stuck, but it can be quite a long one. The
1330default is 5m, but this is now configurable. */
1331
1332DEBUG(D_transport) debug_printf("copying from the filter\n");
1333
1334/* Copy the output of the filter, remembering if the last character was NL. If
1335no data is returned, that counts as "ended with NL" (default setting of the
1336variable is TRUE). */
1337
1338chunk_ptr = deliver_out_buffer;
1339
1340for (;;)
1341 {
1342 sigalrm_seen = FALSE;
1343 alarm(transport_filter_timeout);
1344 len = read(fd_read, deliver_in_buffer, DELIVER_IN_BUFFER_SIZE);
1345 alarm(0);
1346 if (sigalrm_seen)
1347 {
1348 errno = ETIMEDOUT;
2e2a30b4 1349 transport_filter_timed_out = TRUE;
059ec3d9
PH
1350 goto TIDY_UP;
1351 }
1352
1353 /* If the read was successful, write the block down the original fd,
1354 remembering whether it ends in \n or not. */
1355
1356 if (len > 0)
1357 {
6d5c916c 1358 if (!write_chunk(fd, tctx, deliver_in_buffer, len)) goto TIDY_UP;
059ec3d9
PH
1359 last_filter_was_NL = (deliver_in_buffer[len-1] == '\n');
1360 }
1361
1362 /* Otherwise, break the loop. If we have hit EOF, set yield = TRUE. */
1363
1364 else
1365 {
1366 if (len == 0) yield = TRUE;
1367 break;
1368 }
1369 }
1370
1371/* Tidying up code. If yield = FALSE there has been an error and errno is set
1372to something. Ensure the pipes are all closed and the processes are removed. If
1373there has been an error, kill the processes before waiting for them, just to be
1374sure. Also apply a paranoia timeout. */
1375
1376TIDY_UP:
1377save_errno = errno;
1378
f1e894f3
PH
1379(void)close(fd_read);
1380if (fd_write > 0) (void)close(fd_write);
059ec3d9
PH
1381
1382if (!yield)
1383 {
1384 if (filter_pid > 0) kill(filter_pid, SIGKILL);
1385 if (write_pid > 0) kill(write_pid, SIGKILL);
1386 }
1387
1388/* Wait for the filter process to complete. */
1389
1390DEBUG(D_transport) debug_printf("waiting for filter process\n");
1391if (filter_pid > 0 && (rc = child_close(filter_pid, 30)) != 0 && yield)
1392 {
1393 yield = FALSE;
1394 save_errno = ERRNO_FILTER_FAIL;
65de12cc 1395 tctx->addr->more_errno = rc;
059ec3d9
PH
1396 DEBUG(D_transport) debug_printf("filter process returned %d\n", rc);
1397 }
1398
1399/* Wait for the writing process to complete. If it ends successfully,
8e669ac1 1400read the results from its pipe, provided we haven't already had a filter
35af9f61 1401process failure. */
059ec3d9
PH
1402
1403DEBUG(D_transport) debug_printf("waiting for writing process\n");
1404if (write_pid > 0)
1405 {
35af9f61
PH
1406 rc = child_close(write_pid, 30);
1407 if (yield)
059ec3d9 1408 {
8e669ac1 1409 if (rc == 0)
35af9f61
PH
1410 {
1411 BOOL ok;
1ac6b2e7 1412 int dummy = read(pfd[pipe_read], (void *)&ok, sizeof(BOOL));
35af9f61
PH
1413 if (!ok)
1414 {
1ac6b2e7 1415 dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
65de12cc 1416 dummy = read(pfd[pipe_read], (void *)&(tctx->addr->more_errno), sizeof(int));
35af9f61
PH
1417 yield = FALSE;
1418 }
1419 }
1420 else
059ec3d9 1421 {
059ec3d9 1422 yield = FALSE;
35af9f61 1423 save_errno = ERRNO_FILTER_FAIL;
65de12cc 1424 tctx->addr->more_errno = rc;
35af9f61 1425 DEBUG(D_transport) debug_printf("writing process returned %d\n", rc);
059ec3d9 1426 }
8e669ac1 1427 }
059ec3d9 1428 }
f1e894f3 1429(void)close(pfd[pipe_read]);
059ec3d9
PH
1430
1431/* If there have been no problems we can now add the terminating "." if this is
1432SMTP output, turning off escaping beforehand. If the last character from the
1433filter was not NL, insert a NL to make the SMTP protocol work. */
1434
1435if (yield)
1436 {
1437 nl_check_length = nl_escape_length = 0;
65de12cc 1438 if ( tctx->options & topt_end_dot
ff5aac2b 1439 && ( last_filter_was_NL
6d5c916c
JH
1440 ? !write_chunk(fd, tctx, US".\n", 2)
1441 : !write_chunk(fd, tctx, US"\n.\n", 3)
ff5aac2b 1442 ) )
059ec3d9 1443 yield = FALSE;
059ec3d9
PH
1444
1445 /* Write out any remaining data in the buffer. */
1446
1447 else
ff5aac2b
JH
1448 yield = (len = chunk_ptr - deliver_out_buffer) <= 0
1449 || transport_write_block(fd, deliver_out_buffer, len);
059ec3d9 1450 }
ff5aac2b
JH
1451else
1452 errno = save_errno; /* From some earlier error */
059ec3d9
PH
1453
1454DEBUG(D_transport)
1455 {
1456 debug_printf("end of filtering transport writing: yield=%d\n", yield);
1457 if (!yield)
65de12cc 1458 debug_printf("errno=%d more_errno=%d\n", errno, tctx->addr->more_errno);
059ec3d9
PH
1459 }
1460
1461return yield;
1462}
1463
1464
1465
1466
1467
1468/*************************************************
1469* Update waiting database *
1470*************************************************/
1471
1472/* This is called when an address is deferred by remote transports that are
1473capable of sending more than one message over one connection. A database is
1474maintained for each transport, keeping track of which messages are waiting for
1475which hosts. The transport can then consult this when eventually a successful
1476delivery happens, and if it finds that another message is waiting for the same
1477host, it can fire up a new process to deal with it using the same connection.
1478
1479The database records are keyed by host name. They can get full if there are
1480lots of messages waiting, and so there is a continuation mechanism for them.
1481
1482Each record contains a list of message ids, packed end to end without any
1483zeros. Each one is MESSAGE_ID_LENGTH bytes long. The count field says how many
1484in this record, and the sequence field says if there are any other records for
1485this host. If the sequence field is 0, there are none. If it is 1, then another
1486record with the name <hostname>:0 exists; if it is 2, then two other records
1487with sequence numbers 0 and 1 exist, and so on.
1488
1489Currently, an exhaustive search of all continuation records has to be done to
1490determine whether to add a message id to a given record. This shouldn't be
1491too bad except in extreme cases. I can't figure out a *simple* way of doing
1492better.
1493
1494Old records should eventually get swept up by the exim_tidydb utility.
1495
1496Arguments:
f6c332bd 1497 hostlist list of hosts that this message could be sent to
059ec3d9
PH
1498 tpname name of the transport
1499
1500Returns: nothing
1501*/
1502
1503void
1504transport_update_waiting(host_item *hostlist, uschar *tpname)
1505{
1506uschar buffer[256];
55414b25 1507const uschar *prevname = US"";
059ec3d9
PH
1508host_item *host;
1509open_db dbblock;
1510open_db *dbm_file;
1511
7a0743eb
PH
1512DEBUG(D_transport) debug_printf("updating wait-%s database\n", tpname);
1513
059ec3d9
PH
1514/* Open the database for this transport */
1515
1516sprintf(CS buffer, "wait-%.200s", tpname);
1517dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1518if (dbm_file == NULL) return;
1519
1520/* Scan the list of hosts for which this message is waiting, and ensure
f6c332bd 1521that the message id is in each host record. */
059ec3d9
PH
1522
1523for (host = hostlist; host!= NULL; host = host->next)
1524 {
1525 BOOL already = FALSE;
1526 dbdata_wait *host_record;
1527 uschar *s;
1528 int i, host_length;
1529
059ec3d9
PH
1530 /* Skip if this is the same host as we just processed; otherwise remember
1531 the name for next time. */
1532
1533 if (Ustrcmp(prevname, host->name) == 0) continue;
1534 prevname = host->name;
1535
1536 /* Look up the host record; if there isn't one, make an empty one. */
1537
1538 host_record = dbfn_read(dbm_file, host->name);
1539 if (host_record == NULL)
1540 {
1541 host_record = store_get(sizeof(dbdata_wait) + MESSAGE_ID_LENGTH);
1542 host_record->count = host_record->sequence = 0;
1543 }
1544
1545 /* Compute the current length */
1546
1547 host_length = host_record->count * MESSAGE_ID_LENGTH;
1548
1549 /* Search the record to see if the current message is already in it. */
1550
1551 for (s = host_record->text; s < host_record->text + host_length;
1552 s += MESSAGE_ID_LENGTH)
1553 {
1554 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1555 { already = TRUE; break; }
1556 }
1557
1558 /* If we haven't found this message in the main record, search any
1559 continuation records that exist. */
1560
1561 for (i = host_record->sequence - 1; i >= 0 && !already; i--)
1562 {
1563 dbdata_wait *cont;
1564 sprintf(CS buffer, "%.200s:%d", host->name, i);
1565 cont = dbfn_read(dbm_file, buffer);
1566 if (cont != NULL)
1567 {
1568 int clen = cont->count * MESSAGE_ID_LENGTH;
1569 for (s = cont->text; s < cont->text + clen; s += MESSAGE_ID_LENGTH)
1570 {
1571 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1572 { already = TRUE; break; }
1573 }
1574 }
1575 }
1576
1577 /* If this message is already in a record, no need to update. */
1578
7a0743eb
PH
1579 if (already)
1580 {
1581 DEBUG(D_transport) debug_printf("already listed for %s\n", host->name);
1582 continue;
1583 }
059ec3d9
PH
1584
1585
1586 /* If this record is full, write it out with a new name constructed
1587 from the sequence number, increase the sequence number, and empty
1588 the record. */
1589
1590 if (host_record->count >= WAIT_NAME_MAX)
1591 {
1592 sprintf(CS buffer, "%.200s:%d", host->name, host_record->sequence);
1593 dbfn_write(dbm_file, buffer, host_record, sizeof(dbdata_wait) + host_length);
1594 host_record->sequence++;
1595 host_record->count = 0;
1596 host_length = 0;
1597 }
1598
1599 /* If this record is not full, increase the size of the record to
1600 allow for one new message id. */
1601
1602 else
1603 {
1604 dbdata_wait *newr =
1605 store_get(sizeof(dbdata_wait) + host_length + MESSAGE_ID_LENGTH);
1606 memcpy(newr, host_record, sizeof(dbdata_wait) + host_length);
1607 host_record = newr;
1608 }
1609
1610 /* Now add the new name on the end */
1611
1612 memcpy(host_record->text + host_length, message_id, MESSAGE_ID_LENGTH);
1613 host_record->count++;
1614 host_length += MESSAGE_ID_LENGTH;
1615
1616 /* Update the database */
1617
1618 dbfn_write(dbm_file, host->name, host_record, sizeof(dbdata_wait) + host_length);
7a0743eb 1619 DEBUG(D_transport) debug_printf("added to list for %s\n", host->name);
059ec3d9
PH
1620 }
1621
1622/* All now done */
1623
1624dbfn_close(dbm_file);
1625}
1626
1627
1628
1629
1630/*************************************************
1631* Test for waiting messages *
1632*************************************************/
1633
1634/* This function is called by a remote transport which uses the previous
1635function to remember which messages are waiting for which remote hosts. It's
1636called after a successful delivery and its job is to check whether there is
1637another message waiting for the same host. However, it doesn't do this if the
1638current continue sequence is greater than the maximum supplied as an argument,
1639or greater than the global connection_max_messages, which, if set, overrides.
1640
1641Arguments:
1642 transport_name name of the transport
1643 hostname name of the host
1644 local_message_max maximum number of messages down one connection
1645 as set by the caller transport
1646 new_message_id set to the message id of a waiting message
1647 more set TRUE if there are yet more messages waiting
a39bd74d
JB
1648 oicf_func function to call to validate if it is ok to send
1649 to this message_id from the current instance.
1650 oicf_data opaque data for oicf_func
059ec3d9
PH
1651
1652Returns: TRUE if new_message_id set; FALSE otherwise
1653*/
1654
a39bd74d
JB
1655typedef struct msgq_s
1656{
1657 uschar message_id [MESSAGE_ID_LENGTH + 1];
1658 BOOL bKeep;
1659} msgq_t;
1660
059ec3d9 1661BOOL
55414b25 1662transport_check_waiting(const uschar *transport_name, const uschar *hostname,
a39bd74d 1663 int local_message_max, uschar *new_message_id, BOOL *more, oicf oicf_func, void *oicf_data)
059ec3d9
PH
1664{
1665dbdata_wait *host_record;
0539a19d 1666int host_length;
059ec3d9
PH
1667open_db dbblock;
1668open_db *dbm_file;
1669uschar buffer[256];
1670
a39bd74d 1671int i;
a39bd74d 1672struct stat statbuf;
a39bd74d 1673
059ec3d9
PH
1674*more = FALSE;
1675
1676DEBUG(D_transport)
1677 {
1678 debug_printf("transport_check_waiting entered\n");
1679 debug_printf(" sequence=%d local_max=%d global_max=%d\n",
1680 continue_sequence, local_message_max, connection_max_messages);
1681 }
1682
1683/* Do nothing if we have hit the maximum number that can be send down one
1684connection. */
1685
1686if (connection_max_messages >= 0) local_message_max = connection_max_messages;
1687if (local_message_max > 0 && continue_sequence >= local_message_max)
1688 {
1689 DEBUG(D_transport)
1690 debug_printf("max messages for one connection reached: returning\n");
1691 return FALSE;
1692 }
1693
1694/* Open the waiting information database. */
1695
1696sprintf(CS buffer, "wait-%.200s", transport_name);
1697dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1698if (dbm_file == NULL) return FALSE;
1699
1700/* See if there is a record for this host; if not, there's nothing to do. */
1701
789f8a4f 1702if (!(host_record = dbfn_read(dbm_file, hostname)))
059ec3d9
PH
1703 {
1704 dbfn_close(dbm_file);
1705 DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname);
1706 return FALSE;
1707 }
1708
1709/* If the data in the record looks corrupt, just log something and
1710don't try to use it. */
1711
1712if (host_record->count > WAIT_NAME_MAX)
1713 {
1714 dbfn_close(dbm_file);
1715 log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad "
1716 "count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX);
1717 return FALSE;
1718 }
1719
1720/* Scan the message ids in the record from the end towards the beginning,
1721until one is found for which a spool file actually exists. If the record gets
1722emptied, delete it and continue with any continuation records that may exist.
1723*/
1724
a39bd74d
JB
1725/* For Bug 1141, I refactored this major portion of the routine, it is risky
1726but the 1 off will remain without it. This code now allows me to SKIP over
1727a message I do not want to send out on this run. */
059ec3d9 1728
a39bd74d
JB
1729host_length = host_record->count * MESSAGE_ID_LENGTH;
1730
1731while (1)
059ec3d9 1732 {
789f8a4f
JH
1733 msgq_t *msgq;
1734 int msgq_count = 0;
1735 int msgq_actual = 0;
1736 BOOL bFound = FALSE;
1737 BOOL bContinuation = FALSE;
1738
a39bd74d 1739 /* create an array to read entire message queue into memory for processing */
059ec3d9 1740
a39bd74d
JB
1741 msgq = (msgq_t*) malloc(sizeof(msgq_t) * host_record->count);
1742 msgq_count = host_record->count;
1743 msgq_actual = msgq_count;
059ec3d9 1744
a39bd74d 1745 for (i = 0; i < host_record->count; ++i)
059ec3d9 1746 {
a39bd74d
JB
1747 msgq[i].bKeep = TRUE;
1748
1749 Ustrncpy(msgq[i].message_id, host_record->text + (i * MESSAGE_ID_LENGTH),
059ec3d9 1750 MESSAGE_ID_LENGTH);
a39bd74d
JB
1751 msgq[i].message_id[MESSAGE_ID_LENGTH] = 0;
1752 }
1753
1754 /* first thing remove current message id if it exists */
059ec3d9 1755
a39bd74d
JB
1756 for (i = 0; i < msgq_count; ++i)
1757 if (Ustrcmp(msgq[i].message_id, message_id) == 0)
1758 {
1759 msgq[i].bKeep = FALSE;
1760 break;
1761 }
1762
1763 /* now find the next acceptable message_id */
1764
a39bd74d
JB
1765 for (i = msgq_count - 1; i >= 0; --i) if (msgq[i].bKeep)
1766 {
41313d92
JH
1767 uschar subdir[2];
1768
1769 subdir[0] = split_spool_directory ? msgq[i].message_id[5] : 0;
1770 subdir[1] = 0;
059ec3d9 1771
41313d92
JH
1772 if (Ustat(spool_fname(US"input", subdir, msgq[i].message_id, US"-D"),
1773 &statbuf) != 0)
a39bd74d
JB
1774 msgq[i].bKeep = FALSE;
1775 else if (!oicf_func || oicf_func(msgq[i].message_id, oicf_data))
059ec3d9 1776 {
a39bd74d
JB
1777 Ustrcpy(new_message_id, msgq[i].message_id);
1778 msgq[i].bKeep = FALSE;
1779 bFound = TRUE;
059ec3d9
PH
1780 break;
1781 }
1782 }
1783
a39bd74d
JB
1784 /* re-count */
1785 for (msgq_actual = 0, i = 0; i < msgq_count; ++i)
1786 if (msgq[i].bKeep)
1787 msgq_actual++;
1788
1789 /* reassemble the host record, based on removed message ids, from in
789f8a4f 1790 memory queue */
a39bd74d
JB
1791
1792 if (msgq_actual <= 0)
1793 {
1794 host_length = 0;
1795 host_record->count = 0;
1796 }
1797 else
1798 {
1799 host_length = msgq_actual * MESSAGE_ID_LENGTH;
1800 host_record->count = msgq_actual;
1801
1802 if (msgq_actual < msgq_count)
1803 {
1804 int new_count;
1805 for (new_count = 0, i = 0; i < msgq_count; ++i)
1806 if (msgq[i].bKeep)
1807 Ustrncpy(&host_record->text[new_count++ * MESSAGE_ID_LENGTH],
1808 msgq[i].message_id, MESSAGE_ID_LENGTH);
1809
1810 host_record->text[new_count * MESSAGE_ID_LENGTH] = 0;
1811 }
1812 }
1813
1814/* Jeremy: check for a continuation record, this code I do not know how to
1815test but the code should work */
1816
059ec3d9
PH
1817 while (host_length <= 0)
1818 {
1819 int i;
a39bd74d 1820 dbdata_wait * newr = NULL;
059ec3d9
PH
1821
1822 /* Search for a continuation */
1823
a39bd74d 1824 for (i = host_record->sequence - 1; i >= 0 && !newr; i--)
059ec3d9
PH
1825 {
1826 sprintf(CS buffer, "%.200s:%d", hostname, i);
1827 newr = dbfn_read(dbm_file, buffer);
1828 }
1829
1830 /* If no continuation, delete the current and break the loop */
1831
a39bd74d 1832 if (!newr)
059ec3d9
PH
1833 {
1834 dbfn_delete(dbm_file, hostname);
1835 break;
1836 }
1837
1838 /* Else replace the current with the continuation */
1839
1840 dbfn_delete(dbm_file, buffer);
1841 host_record = newr;
1842 host_length = host_record->count * MESSAGE_ID_LENGTH;
059ec3d9 1843
a39bd74d
JB
1844 bContinuation = TRUE;
1845 }
059ec3d9 1846
789f8a4f
JH
1847 if (bFound) /* Usual exit from main loop */
1848 {
1849 free (msgq);
a39bd74d 1850 break;
789f8a4f 1851 }
059ec3d9
PH
1852
1853 /* If host_length <= 0 we have emptied a record and not found a good message,
1854 and there are no continuation records. Otherwise there is a continuation
1855 record to process. */
1856
1857 if (host_length <= 0)
1858 {
1859 dbfn_close(dbm_file);
1860 DEBUG(D_transport) debug_printf("waiting messages already delivered\n");
1861 return FALSE;
1862 }
a39bd74d
JB
1863
1864 /* we were not able to find an acceptable message, nor was there a
1865 * continuation record. So bug out, outer logic will clean this up.
1866 */
1867
1868 if (!bContinuation)
1869 {
789f8a4f 1870 Ustrcpy(new_message_id, message_id);
a39bd74d
JB
1871 dbfn_close(dbm_file);
1872 return FALSE;
1873 }
a39bd74d 1874
789f8a4f
JH
1875 free(msgq);
1876 } /* we need to process a continuation record */
059ec3d9
PH
1877
1878/* Control gets here when an existing message has been encountered; its
1879id is in new_message_id, and host_length is the revised length of the
1880host record. If it is zero, the record has been removed. Update the
1881record if required, close the database, and return TRUE. */
1882
1883if (host_length > 0)
1884 {
1885 host_record->count = host_length/MESSAGE_ID_LENGTH;
a39bd74d 1886
059ec3d9
PH
1887 dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length);
1888 *more = TRUE;
1889 }
1890
1891dbfn_close(dbm_file);
1892return TRUE;
1893}
1894
059ec3d9
PH
1895/*************************************************
1896* Deliver waiting message down same socket *
1897*************************************************/
1898
1899/* Fork a new exim process to deliver the message, and do a re-exec, both to
1900get a clean delivery process, and to regain root privilege in cases where it
1901has been given away.
1902
1903Arguments:
1904 transport_name to pass to the new process
1905 hostname ditto
1906 hostaddress ditto
1907 id the new message to process
1908 socket_fd the connected socket
1909
1910Returns: FALSE if fork fails; TRUE otherwise
1911*/
1912
1913BOOL
55414b25
JH
1914transport_pass_socket(const uschar *transport_name, const uschar *hostname,
1915 const uschar *hostaddress, uschar *id, int socket_fd)
059ec3d9
PH
1916{
1917pid_t pid;
1918int status;
1919
1920DEBUG(D_transport) debug_printf("transport_pass_socket entered\n");
1921
1922if ((pid = fork()) == 0)
1923 {
1924 int i = 16;
55414b25 1925 const uschar **argv;
059ec3d9
PH
1926
1927 /* Disconnect entirely from the parent process. If we are running in the
1928 test harness, wait for a bit to allow the previous process time to finish,
1929 write the log, etc., so that the output is always in the same order for
1930 automatic comparison. */
1931
1932 if ((pid = fork()) != 0) _exit(EXIT_SUCCESS);
ed0e9820 1933 if (running_in_test_harness) sleep(1);
059ec3d9
PH
1934
1935 /* Set up the calling arguments; use the standard function for the basics,
1936 but we have a number of extras that may be added. */
1937
55414b25 1938 argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0);
059ec3d9 1939
6c1c3d1d 1940 if (smtp_use_dsn) argv[i++] = US"-MCD";
6c1c3d1d 1941
059ec3d9
PH
1942 if (smtp_authenticated) argv[i++] = US"-MCA";
1943
1944 #ifdef SUPPORT_TLS
1945 if (tls_offered) argv[i++] = US"-MCT";
1946 #endif
1947
1948 if (smtp_use_size) argv[i++] = US"-MCS";
1949 if (smtp_use_pipelining) argv[i++] = US"-MCP";
1950
1951 if (queue_run_pid != (pid_t)0)
1952 {
1953 argv[i++] = US"-MCQ";
1954 argv[i++] = string_sprintf("%d", queue_run_pid);
1955 argv[i++] = string_sprintf("%d", queue_run_pipe);
1956 }
1957
1958 argv[i++] = US"-MC";
55414b25
JH
1959 argv[i++] = US transport_name;
1960 argv[i++] = US hostname;
1961 argv[i++] = US hostaddress;
059ec3d9
PH
1962 argv[i++] = string_sprintf("%d", continue_sequence + 1);
1963 argv[i++] = id;
1964 argv[i++] = NULL;
1965
1966 /* Arrange for the channel to be on stdin. */
1967
1968 if (socket_fd != 0)
1969 {
f1e894f3
PH
1970 (void)dup2(socket_fd, 0);
1971 (void)close(socket_fd);
059ec3d9
PH
1972 }
1973
1974 DEBUG(D_exec) debug_print_argv(argv);
1975 exim_nullstd(); /* Ensure std{out,err} exist */
1976 execv(CS argv[0], (char *const *)argv);
1977
1978 DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));
1979 _exit(errno); /* Note: must be _exit(), NOT exit() */
1980 }
1981
1982/* If the process creation succeeded, wait for the first-level child, which
1983immediately exits, leaving the second level process entirely disconnected from
1984this one. */
1985
1986if (pid > 0)
1987 {
1988 int rc;
1989 while ((rc = wait(&status)) != pid && (rc >= 0 || errno != ECHILD));
1990 DEBUG(D_transport) debug_printf("transport_pass_socket succeeded\n");
1991 return TRUE;
1992 }
1993else
1994 {
1995 DEBUG(D_transport) debug_printf("transport_pass_socket failed to fork: %s\n",
1996 strerror(errno));
1997 return FALSE;
1998 }
1999}
2000
2001
2002
2003/*************************************************
2004* Set up direct (non-shell) command *
2005*************************************************/
2006
2007/* This function is called when a command line is to be parsed and executed
2008directly, without the use of /bin/sh. It is called by the pipe transport,
2009the queryprogram router, and also from the main delivery code when setting up a
2010transport filter process. The code for ETRN also makes use of this; in that
2011case, no addresses are passed.
2012
2013Arguments:
2014 argvptr pointer to anchor for argv vector
55414b25 2015 cmd points to the command string (modified IN PLACE)
059ec3d9
PH
2016 expand_arguments true if expansion is to occur
2017 expand_failed error value to set if expansion fails; not relevant if
2018 addr == NULL
2019 addr chain of addresses, or NULL
2020 etext text for use in error messages
2021 errptr where to put error message if addr is NULL;
2022 otherwise it is put in the first address
2023
2024Returns: TRUE if all went well; otherwise an error will be
2025 set in the first address and FALSE returned
2026*/
2027
2028BOOL
55414b25
JH
2029transport_set_up_command(const uschar ***argvptr, uschar *cmd,
2030 BOOL expand_arguments, int expand_failed, address_item *addr,
2031 uschar *etext, uschar **errptr)
059ec3d9
PH
2032{
2033address_item *ad;
55414b25 2034const uschar **argv;
059ec3d9
PH
2035uschar *s, *ss;
2036int address_count = 0;
2037int argcount = 0;
2038int i, max_args;
2039
2040/* Get store in which to build an argument list. Count the number of addresses
2041supplied, and allow for that many arguments, plus an additional 60, which
2042should be enough for anybody. Multiple addresses happen only when the local
2043delivery batch option is set. */
2044
2045for (ad = addr; ad != NULL; ad = ad->next) address_count++;
2046max_args = address_count + 60;
2047*argvptr = argv = store_get((max_args+1)*sizeof(uschar *));
2048
2049/* Split the command up into arguments terminated by white space. Lose
2050trailing space at the start and end. Double-quoted arguments can contain \\ and
2051\" escapes and so can be handled by the standard function; single-quoted
2052arguments are verbatim. Copy each argument into a new string. */
2053
2054s = cmd;
2055while (isspace(*s)) s++;
2056
2057while (*s != 0 && argcount < max_args)
2058 {
2059 if (*s == '\'')
2060 {
2061 ss = s + 1;
2062 while (*ss != 0 && *ss != '\'') ss++;
2063 argv[argcount++] = ss = store_get(ss - s++);
2064 while (*s != 0 && *s != '\'') *ss++ = *s++;
2065 if (*s != 0) s++;
2066 *ss++ = 0;
2067 }
55414b25 2068 else argv[argcount++] = string_copy(string_dequote(CUSS &s));
059ec3d9
PH
2069 while (isspace(*s)) s++;
2070 }
2071
2072argv[argcount] = (uschar *)0;
2073
2074/* If *s != 0 we have run out of argument slots. */
2075
2076if (*s != 0)
2077 {
2078 uschar *msg = string_sprintf("Too many arguments in command \"%s\" in "
2079 "%s", cmd, etext);
2080 if (addr != NULL)
2081 {
2082 addr->transport_return = FAIL;
2083 addr->message = msg;
2084 }
2085 else *errptr = msg;
2086 return FALSE;
2087 }
2088
2089/* Expand each individual argument if required. Expansion happens for pipes set
2090up in filter files and with directly-supplied commands. It does not happen if
2091the pipe comes from a traditional .forward file. A failing expansion is a big
2092disaster if the command came from Exim's configuration; if it came from a user
2093it is just a normal failure. The expand_failed value is used as the error value
2094to cater for these two cases.
2095
2096An argument consisting just of the text "$pipe_addresses" is treated specially.
2097It is not passed to the general expansion function. Instead, it is replaced by
2098a number of arguments, one for each address. This avoids problems with shell
2099metacharacters and spaces in addresses.
2100
2101If the parent of the top address has an original part of "system-filter", this
2102pipe was set up by the system filter, and we can permit the expansion of
2103$recipients. */
2104
2105DEBUG(D_transport)
2106 {
2107 debug_printf("direct command:\n");
2108 for (i = 0; argv[i] != (uschar *)0; i++)
2109 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
2110 }
2111
2112if (expand_arguments)
2113 {
2114 BOOL allow_dollar_recipients = addr != NULL &&
2115 addr->parent != NULL &&
2116 Ustrcmp(addr->parent->address, "system-filter") == 0;
2117
2118 for (i = 0; argv[i] != (uschar *)0; i++)
2119 {
2120
2121 /* Handle special fudge for passing an address list */
2122
2123 if (addr != NULL &&
2124 (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
2125 Ustrcmp(argv[i], "${pipe_addresses}") == 0))
2126 {
2127 int additional;
2128
2129 if (argcount + address_count - 1 > max_args)
2130 {
2131 addr->transport_return = FAIL;
2132 addr->message = string_sprintf("Too many arguments to command \"%s\" "
2133 "in %s", cmd, etext);
2134 return FALSE;
2135 }
2136
2137 additional = address_count - 1;
2138 if (additional > 0)
2139 memmove(argv + i + 1 + additional, argv + i + 1,
2140 (argcount - i)*sizeof(uschar *));
2141
09792322
NK
2142 for (ad = addr; ad != NULL; ad = ad->next) {
2143 argv[i++] = ad->address;
2144 argcount++;
2145 }
2146
700d22f3
PP
2147 /* Subtract one since we replace $pipe_addresses */
2148 argcount--;
2149 i--;
09792322
NK
2150 }
2151
2152 /* Handle special case of $address_pipe when af_force_command is set */
2153
2154 else if (addr != NULL && testflag(addr,af_force_command) &&
2155 (Ustrcmp(argv[i], "$address_pipe") == 0 ||
2156 Ustrcmp(argv[i], "${address_pipe}") == 0))
2157 {
2158 int address_pipe_i;
2159 int address_pipe_argcount = 0;
2160 int address_pipe_max_args;
2161 uschar **address_pipe_argv;
2162
2163 /* We can never have more then the argv we will be loading into */
2164 address_pipe_max_args = max_args - argcount + 1;
2165
2166 DEBUG(D_transport)
700d22f3 2167 debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args);
09792322
NK
2168
2169 /* We allocate an additional for (uschar *)0 */
2170 address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *));
2171
2172 /* +1 because addr->local_part[0] == '|' since af_force_command is set */
2173 s = expand_string(addr->local_part + 1);
2174
700d22f3
PP
2175 if (s == NULL || *s == '\0')
2176 {
2177 addr->transport_return = FAIL;
2178 addr->message = string_sprintf("Expansion of \"%s\" "
2179 "from command \"%s\" in %s failed: %s",
2180 (addr->local_part + 1), cmd, etext, expand_string_message);
09792322 2181 return FALSE;
700d22f3 2182 }
09792322
NK
2183
2184 while (isspace(*s)) s++; /* strip leading space */
2185
2186 while (*s != 0 && address_pipe_argcount < address_pipe_max_args)
2187 {
2188 if (*s == '\'')
2189 {
2190 ss = s + 1;
2191 while (*ss != 0 && *ss != '\'') ss++;
2192 address_pipe_argv[address_pipe_argcount++] = ss = store_get(ss - s++);
2193 while (*s != 0 && *s != '\'') *ss++ = *s++;
2194 if (*s != 0) s++;
2195 *ss++ = 0;
2196 }
55414b25
JH
2197 else address_pipe_argv[address_pipe_argcount++] =
2198 string_copy(string_dequote(CUSS &s));
09792322
NK
2199 while (isspace(*s)) s++; /* strip space after arg */
2200 }
2201
2202 address_pipe_argv[address_pipe_argcount] = (uschar *)0;
2203
2204 /* If *s != 0 we have run out of argument slots. */
2205 if (*s != 0)
2206 {
2207 uschar *msg = string_sprintf("Too many arguments in $address_pipe "
2208 "\"%s\" in %s", addr->local_part + 1, etext);
2209 if (addr != NULL)
2210 {
2211 addr->transport_return = FAIL;
2212 addr->message = msg;
2213 }
2214 else *errptr = msg;
2215 return FALSE;
2216 }
2217
700d22f3
PP
2218 /* address_pipe_argcount - 1
2219 * because we are replacing $address_pipe in the argument list
2220 * with the first thing it expands to */
09792322
NK
2221 if (argcount + address_pipe_argcount - 1 > max_args)
2222 {
2223 addr->transport_return = FAIL;
2224 addr->message = string_sprintf("Too many arguments to command "
2225 "\"%s\" after expanding $address_pipe in %s", cmd, etext);
2226 return FALSE;
2227 }
2228
2229 /* If we are not just able to replace the slot that contained
2230 * $address_pipe (address_pipe_argcount == 1)
700d22f3 2231 * We have to move the existing argv by address_pipe_argcount - 1
09792322
NK
2232 * Visually if address_pipe_argcount == 2:
2233 * [argv 0][argv 1][argv 2($address_pipe)][argv 3][0]
700d22f3 2234 * [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0]
09792322
NK
2235 */
2236 if (address_pipe_argcount > 1)
2237 memmove(
2238 /* current position + additonal args */
2239 argv + i + address_pipe_argcount,
2240 /* current position + 1 (for the (uschar *)0 at the end) */
2241 argv + i + 1,
2242 /* -1 for the (uschar *)0 at the end)*/
2243 (argcount - i)*sizeof(uschar *)
2244 );
2245
2246 /* Now we fill in the slots we just moved argv out of
2247 * [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0]
2248 */
700d22f3
PP
2249 for (address_pipe_i = 0;
2250 address_pipe_argv[address_pipe_i] != (uschar *)0;
2251 address_pipe_i++)
2252 {
2253 argv[i++] = address_pipe_argv[address_pipe_i];
2254 argcount++;
09792322
NK
2255 }
2256
700d22f3
PP
2257 /* Subtract one since we replace $address_pipe */
2258 argcount--;
2259 i--;
059ec3d9
PH
2260 }
2261
2262 /* Handle normal expansion string */
2263
2264 else
2265 {
55414b25 2266 const uschar *expanded_arg;
059ec3d9 2267 enable_dollar_recipients = allow_dollar_recipients;
55414b25 2268 expanded_arg = expand_cstring(argv[i]);
059ec3d9
PH
2269 enable_dollar_recipients = FALSE;
2270
2271 if (expanded_arg == NULL)
2272 {
2273 uschar *msg = string_sprintf("Expansion of \"%s\" "
2274 "from command \"%s\" in %s failed: %s",
2275 argv[i], cmd, etext, expand_string_message);
2276 if (addr != NULL)
2277 {
2278 addr->transport_return = expand_failed;
2279 addr->message = msg;
2280 }
2281 else *errptr = msg;
2282 return FALSE;
2283 }
2284 argv[i] = expanded_arg;
2285 }
2286 }
2287
2288 DEBUG(D_transport)
2289 {
2290 debug_printf("direct command after expansion:\n");
2291 for (i = 0; argv[i] != (uschar *)0; i++)
2292 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
2293 }
2294 }
2295
2296return TRUE;
2297}
2298
511a6c14
JH
2299/* vi: aw ai sw=2
2300*/
059ec3d9 2301/* End of transport.c */