projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
autoreply transport: taint-enfoce options
[exim.git] / src / src / transports / autoreply.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
0756eb3c
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8
9#include "../exim.h"
10#include "autoreply.h"
11
12
13
14/* Options specific to the autoreply transport. They must be in alphabetic
15order (note that "_" comes before the lower case letters). Those starting
16with "*" are not settable by the user but are used by the option-reading
17software for alternative value types. Some options are publicly visible and so
18are stored in the driver instance block. These are flagged with opt_public. */
19
20optionlist autoreply_transport_options[] = {
21 { "bcc", opt_stringptr,
22 (void *)offsetof(autoreply_transport_options_block, bcc) },
23 { "cc", opt_stringptr,
24 (void *)offsetof(autoreply_transport_options_block, cc) },
25 { "file", opt_stringptr,
26 (void *)offsetof(autoreply_transport_options_block, file) },
27 { "file_expand", opt_bool,
28 (void *)offsetof(autoreply_transport_options_block, file_expand) },
29 { "file_optional", opt_bool,
30 (void *)offsetof(autoreply_transport_options_block, file_optional) },
31 { "from", opt_stringptr,
32 (void *)offsetof(autoreply_transport_options_block, from) },
33 { "headers", opt_stringptr,
34 (void *)offsetof(autoreply_transport_options_block, headers) },
35 { "log", opt_stringptr,
36 (void *)offsetof(autoreply_transport_options_block, logfile) },
37 { "mode", opt_octint,
38 (void *)offsetof(autoreply_transport_options_block, mode) },
39 { "never_mail", opt_stringptr,
40 (void *)offsetof(autoreply_transport_options_block, never_mail) },
41 { "once", opt_stringptr,
42 (void *)offsetof(autoreply_transport_options_block, oncelog) },
43 { "once_file_size", opt_int,
44 (void *)offsetof(autoreply_transport_options_block, once_file_size) },
45 { "once_repeat", opt_stringptr,
46 (void *)offsetof(autoreply_transport_options_block, once_repeat) },
47 { "reply_to", opt_stringptr,
48 (void *)offsetof(autoreply_transport_options_block, reply_to) },
49 { "return_message", opt_bool,
50 (void *)offsetof(autoreply_transport_options_block, return_message) },
51 { "subject", opt_stringptr,
52 (void *)offsetof(autoreply_transport_options_block, subject) },
53 { "text", opt_stringptr,
54 (void *)offsetof(autoreply_transport_options_block, text) },
55 { "to", opt_stringptr,
56 (void *)offsetof(autoreply_transport_options_block, to) },
57};
58
59/* Size of the options list. An extern variable has to be used so that its
60address can appear in the tables drtables.c. */
61
62int autoreply_transport_options_count =
63 sizeof(autoreply_transport_options)/sizeof(optionlist);
64
d185889f
JH		 65
66#ifdef MACRO_PREDEF
67
68/* Dummy values */
69autoreply_transport_options_block autoreply_transport_option_defaults = {0};
70void autoreply_transport_init(transport_instance *tblock) {}
71BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
72
73#else /*!MACRO_PREDEF*/
74
75
0756eb3c
PH		 76/* Default private options block for the autoreply transport. */
77
78autoreply_transport_options_block autoreply_transport_option_defaults = {
79 NULL, /* from */
80 NULL, /* reply_to */
81 NULL, /* to */
82 NULL, /* cc */
83 NULL, /* bcc */
84 NULL, /* subject */
85 NULL, /* headers */
86 NULL, /* text */
87 NULL, /* file */
88 NULL, /* logfile */
89 NULL, /* oncelog */
90 NULL, /* once_repeat */
91 NULL, /* never_mail */
92 0600, /* mode */
93 0, /* once_file_size */
94 FALSE, /* file_expand */
95 FALSE, /* file_optional */
96 FALSE /* return message */
97};
98
99
100
101/* Type of text for the checkexpand() function */
102
103enum { cke_text, cke_hdr, cke_file };
104
105
106
107/*************************************************
108* Initialization entry point *
109*************************************************/
110
111/* Called for each instance, after its options have been read, to
112enable consistency checks to be done, or anything else that needs
113to be set up. */
114
115void
116autoreply_transport_init(transport_instance *tblock)
117{
118/*
119autoreply_transport_options_block *ob =
120 (autoreply_transport_options_block *)(tblock->options_block);
121*/
122
123/* If a fixed uid field is set, then a gid field must also be set. */
124
125if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
126 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
127 "user set without group for the %s transport", tblock->name);
128}
129
130
131
132
133/*************************************************
134* Expand string and check *
135*************************************************/
136
137/* If the expansion fails, the error is set up in the address. Expanded
138strings must be checked to ensure they contain only printing characters
139and white space. If not, the function fails.
140
141Arguments:
142 s string to expand
143 addr address that is being worked on
144 name transport name, for error text
145 type type, for checking content:
146 cke_text => no check
147 cke_hdr => header, allow \n + whitespace
148 cke_file => file name, no non-printers allowed
149
150Returns: expanded string if expansion succeeds;
151 NULL otherwise
152*/
153
154static uschar *
155checkexpand(uschar *s, address_item *addr, uschar *name, int type)
156{
0756eb3c
PH		 157uschar *ss = expand_string(s);
158
481e63ca 159if (!ss)
0756eb3c
PH		 160 {
161 addr->transport_return = FAIL;
162 addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
163 "%s", s, name, expand_string_message);
164 return NULL;
165 }
166
d7978c0f 167if (type != cke_text) for (uschar * t = ss; *t != 0; t++)
0756eb3c
PH		 168 {
169 int c = *t;
55414b25 170 const uschar * sp;
0756eb3c
PH		 171 if (mac_isprint(c)) continue;
172 if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue;
55414b25 173 sp = string_printing(s);
0756eb3c
PH		 174 addr->transport_return = FAIL;
175 addr->message = string_sprintf("Expansion of \"%s\" in %s transport "
55414b25 176 "contains non-printing character %d", sp, name, c);
0756eb3c
PH		 177 return NULL;
178 }
179
180return ss;
181}
182
183
184
185
186/*************************************************
187* Check a header line for never_mail *
188*************************************************/
189
190/* This is called to check to, cc, and bcc for addresses in the never_mail
191list. Any that are found are removed.
192
193Arguments:
194 listptr points to the list of addresses
195 never_mail an address list, already expanded
196
197Returns: nothing
198*/
199
200static void
55414b25 201check_never_mail(uschar **listptr, const uschar *never_mail)
0756eb3c
PH		 202{
203uschar *s = *listptr;
204
205while (*s != 0)
206 {
207 uschar *error, *next;
208 uschar *e = parse_find_address_end(s, FALSE);
209 int terminator = *e;
210 int start, end, domain, rc;
211
212 /* Temporarily terminate the string at the address end while extracting
213 the operative address within. */
214
215 *e = 0;
216 next = parse_extract_address(s, &error, &start, &end, &domain, FALSE);
217 *e = terminator;
218
219 /* If there is some kind of syntax error, just give up on this header
220 line. */
221
222 if (next == NULL) break;
223
224 /* See if the address is on the never_mail list */
225
226 rc = match_address_list(next, /* address to check */
227 TRUE, /* start caseless */
228 FALSE, /* don't expand the list */
229 &never_mail, /* the list */
230 NULL, /* no caching */
231 -1, /* no expand setup */
232 0, /* separator from list */
233 NULL); /* no lookup value return */
234
235 if (rc == OK) /* Remove this address */
236 {
237 DEBUG(D_transport)
238 debug_printf("discarding recipient %s (matched never_mail)\n", next);
239 if (terminator == ',') e++;
240 memmove(s, e, Ustrlen(e) + 1);
241 }
242 else /* Skip over this address */
243 {
244 s = e;
245 if (terminator == ',') s++;
246 }
247 }
248
249/* Check to see if we removed the last address, leaving a terminating comma
250that needs to be removed */
251
252s = *listptr + Ustrlen(*listptr);
253while (s > *listptr && (isspace(s[-1]) || s[-1] == ',')) s--;
254*s = 0;
255
256/* Check to see if there any addresses left; if not, set NULL */
257
258s = *listptr;
259while (s != 0 && isspace(*s)) s++;
260if (*s == 0) *listptr = NULL;
261}
262
263
264
265/*************************************************
266* Main entry point *
267*************************************************/
268
269/* See local README for interface details. This transport always returns
270FALSE, indicating that the top address has the status for all - though in fact
271this transport can handle only one address at at time anyway. */
272
273BOOL
274autoreply_transport_entry(
275 transport_instance *tblock, /* data for this instantiation */
276 address_item *addr) /* address we are working on */
277{
278int fd, pid, rc;
279int cache_fd = -1;
0756eb3c
PH		 280int cache_size = 0;
281int add_size = 0;
282EXIM_DB *dbm_file = NULL;
283BOOL file_expand, return_message;
284uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file;
285uschar *logfile, *oncelog;
286uschar *cache_buff = NULL;
287uschar *cache_time = NULL;
30dba1e6 288uschar *message_id = NULL;
0756eb3c
PH		 289header_line *h;
290time_t now = time(NULL);
291time_t once_repeat_sec = 0;
8768d548 292FILE *fp;
0756eb3c
PH		 293FILE *ff = NULL;
294
295autoreply_transport_options_block *ob =
296 (autoreply_transport_options_block *)(tblock->options_block);
297
298DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
299
300/* Set up for the good case */
301
302addr->transport_return = OK;
303addr->basic_errno = 0;
304
305/* If the address is pointing to a reply block, then take all the data
306from that block. It has typically been set up by a mail filter processing
307router. Otherwise, the data must be supplied by this transport, and
308it has to be expanded here. */
309
481e63ca 310if (addr->reply)
0756eb3c
PH		 311 {
312 DEBUG(D_transport) debug_printf("taking data from address\n");
313 from = addr->reply->from;
314 reply_to = addr->reply->reply_to;
315 to = addr->reply->to;
316 cc = addr->reply->cc;
317 bcc = addr->reply->bcc;
318 subject = addr->reply->subject;
319 headers = addr->reply->headers;
320 text = addr->reply->text;
321 file = addr->reply->file;
322 logfile = addr->reply->logfile;
323 oncelog = addr->reply->oncelog;
324 once_repeat_sec = addr->reply->once_repeat;
325 file_expand = addr->reply->file_expand;
326 expand_forbid = addr->reply->expand_forbid;
327 return_message = addr->reply->return_message;
328 }
329else
330 {
331 uschar *oncerepeat = ob->once_repeat;
332
333 DEBUG(D_transport) debug_printf("taking data from transport\n");
334 from = ob->from;
335 reply_to = ob->reply_to;
336 to = ob->to;
337 cc = ob->cc;
338 bcc = ob->bcc;
339 subject = ob->subject;
340 headers = ob->headers;
341 text = ob->text;
342 file = ob->file;
343 logfile = ob->logfile;
344 oncelog = ob->oncelog;
345 file_expand = ob->file_expand;
346 return_message = ob->return_message;
347
0a6c178c
JH		 348 if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr))
349 || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr))
350 || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr))
351 || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr))
352 || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr))
353 || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr))
354 || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text))
355 || text && !(text = checkexpand(text, addr, tblock->name, cke_text))
356 || file && !(file = checkexpand(file, addr, tblock->name, cke_file))
357 || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file))
358 || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file))
359 || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file))
360 )
0756eb3c
PH		 361 return FALSE;
362
0a6c178c 363 if (oncerepeat)
0756eb3c
PH		 364 {
365 once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE);
366 if (once_repeat_sec < 0)
367 {
368 addr->transport_return = FAIL;
369 addr->message = string_sprintf("Invalid time value \"%s\" for "
370 "\"once_repeat\" in %s transport", oncerepeat, tblock->name);
371 return FALSE;
372 }
373 }
374 }
375
376/* If the never_mail option is set, we have to scan all the recipients and
377remove those that match. */
378
0a6c178c 379if (ob->never_mail)
0756eb3c 380 {
55414b25 381 const uschar *never_mail = expand_string(ob->never_mail);
0756eb3c 382
0a6c178c 383 if (!never_mail)
0756eb3c
PH		 384 {
385 addr->transport_return = FAIL;
386 addr->message = string_sprintf("Failed to expand \"%s\" for "
387 "\"never_mail\" in %s transport", ob->never_mail, tblock->name);
388 return FALSE;
389 }
390
0a6c178c
JH		 391 if (to) check_never_mail(&to, never_mail);
392 if (cc) check_never_mail(&cc, never_mail);
393 if (bcc) check_never_mail(&bcc, never_mail);
0756eb3c 394
0a6c178c 395 if (!to && !cc && !bcc)
0756eb3c
PH		 396 {
397 DEBUG(D_transport)
398 debug_printf("*** all recipients removed by never_mail\n");
399 return OK;
400 }
401 }
402
403/* If the -N option is set, can't do any more. */
404
8768d548 405if (f.dont_deliver)
0756eb3c
PH		 406 {
407 DEBUG(D_transport)
408 debug_printf("*** delivery by %s transport bypassed by -N option\n",
409 tblock->name);
410 return FALSE;
411 }
412
413
414/* If the oncelog field is set, we send want to send only one message to the
415given recipient(s). This works only on the "To" field. If there is no "To"
416field, the message is always sent. If the To: field contains more than one
417recipient, the effect might not be quite as envisaged. If once_file_size is
418set, instead of a dbm file, we use a regular file containing a circular buffer
419recipient cache. */
420
481e63ca 421if (oncelog && *oncelog && to)
0756eb3c
PH		 422 {
423 time_t then = 0;
424
481e63ca
JH		 425 if (is_tainted(oncelog))
426 {
427 addr->transport_return = DEFER;
428 addr->basic_errno = EACCES;
429 addr->message = string_sprintf("Tainted '%s' (once file for %s transport)"
430 " not permitted", oncelog, tblock->name);
431 goto END_OFF;
432 }
433
0756eb3c
PH		 434 /* Handle fixed-size cache file. */
435
436 if (ob->once_file_size > 0)
437 {
d7978c0f 438 uschar * nextp;
0756eb3c 439 struct stat statbuf;
0756eb3c 440
481e63ca 441 cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
0756eb3c
PH		 442 if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
443 {
444 addr->transport_return = DEFER;
6e0fddef 445 addr->basic_errno = errno;
0756eb3c
PH		 446 addr->message = string_sprintf("Failed to %s \"once\" file %s when "
447 "sending message from %s transport: %s",
6e0fddef 448 cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno));
0756eb3c
PH		 449 goto END_OFF;
450 }
451
452 /* Get store in the temporary pool and read the entire file into it. We get
453 an amount of store that is big enough to add the new entry on the end if we
454 need to do that. */
455
456 cache_size = statbuf.st_size;
457 add_size = sizeof(time_t) + Ustrlen(to) + 1;
f3ebb786 458 cache_buff = store_get(cache_size + add_size, is_tainted(oncelog));
0756eb3c
PH		 459
460 if (read(cache_fd, cache_buff, cache_size) != cache_size)
461 {
462 addr->transport_return = DEFER;
463 addr->basic_errno = errno;
464 addr->message = US"error while reading \"once\" file";
465 goto END_OFF;
466 }
467
468 DEBUG(D_transport) debug_printf("%d bytes read from %s\n", cache_size, oncelog);
469
470 /* Scan the data for this recipient. Each entry in the file starts with
471 a time_t sized time value, followed by the address, followed by a binary
472 zero. If we find a match, put the time into "then", and the place where it
473 was found into "cache_time". Otherwise, "then" is left at zero. */
474
d7978c0f 475 for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp)
0756eb3c
PH		 476 {
477 uschar *s = p + sizeof(time_t);
0a6c178c 478 nextp = s + Ustrlen(s) + 1;
0756eb3c
PH		 479 if (Ustrcmp(to, s) == 0)
480 {
481 memcpy(&then, p, sizeof(time_t));
482 cache_time = p;
483 break;
484 }
0756eb3c
PH		 485 }
486 }
487
488 /* Use a DBM file for the list of previous recipients. */
489
490 else
491 {
492 EXIM_DATUM key_datum, result_datum;
cfb9cf20
JH		 493 uschar * dirname = string_copy(oncelog);
494 uschar * s;
495
496 if ((s = Ustrrchr(dirname, '/'))) *s = '\0';
497 EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file);
d315eda1 498 if (!dbm_file)
0756eb3c
PH		 499 {
500 addr->transport_return = DEFER;
6e0fddef 501 addr->basic_errno = errno;
0756eb3c
PH		 502 addr->message = string_sprintf("Failed to open %s file %s when sending "
503 "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
504 strerror(errno));
505 goto END_OFF;
506 }
507
508 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need datums */
509 EXIM_DATUM_INIT(result_datum); /* to be cleared */
510 EXIM_DATUM_DATA(key_datum) = CS to;
511 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
512
513 if (EXIM_DBGET(dbm_file, key_datum, result_datum))
514 {
515 /* If the datum size is that of a binary time, we are in the new world
516 where messages are sent periodically. Otherwise the file is an old one,
517 where the datum was filled with a tod_log time, which is assumed to be
518 different in size. For that, only one message is ever sent. This change
519 introduced at Exim 3.00. In a couple of years' time the test on the size
520 can be abolished. */
521
522 if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t))
0756eb3c 523 memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t));
0a6c178c
JH		 524 else
525 then = now;
0756eb3c
PH		 526 }
527 }
528
529 /* Either "then" is set zero, if no message has yet been sent, or it
530 is set to the time of the last sending. */
531
532 if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
533 {
13559da6 534 int log_fd;
481e63ca
JH		 535 if (is_tainted(logfile))
536 {
537 addr->transport_return = DEFER;
538 addr->basic_errno = EACCES;
539 addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)"
540 " not permitted", logfile, tblock->name);
541 goto END_OFF;
542 }
543
0756eb3c
PH		 544 DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
545 (once_repeat_sec > 0)? " and repeat time not reached" : "");
13559da6 546 log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
0756eb3c
PH		 547 if (log_fd >= 0)
548 {
549 uschar *ptr = log_buffer;
550 sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to);
551 while(*ptr) ptr++;
1ac6b2e7
JH		 552 if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
553 || close(log_fd))
554 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
555 "transport\n", logfile, tblock->name);
0756eb3c
PH		 556 }
557 goto END_OFF;
558 }
559
560 DEBUG(D_transport) debug_printf("%s %s\n", (then <= 0)?
561 "no previous message sent to" : "repeat time reached for", to);
562 }
563
564/* We are going to send a message. Ensure any requested file is available. */
481e63ca 565if (file)
0756eb3c 566 {
481e63ca
JH		 567 if (is_tainted(file))
568 {
569 addr->transport_return = DEFER;
570 addr->basic_errno = EACCES;
571 addr->message = string_sprintf("Tainted '%s' (file for %s transport)"
572 " not permitted", file, tblock->name);
573 return FALSE;
574 }
575 if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
576 {
577 addr->transport_return = DEFER;
578 addr->basic_errno = errno;
579 addr->message = string_sprintf("Failed to open file %s when sending "
580 "message from %s transport: %s", file, tblock->name, strerror(errno));
581 return FALSE;
582 }
0756eb3c
PH		 583 }
584
585/* Make a subprocess to send the message */
586
587pid = child_open_exim(&fd);
588
589/* Creation of child failed; defer this delivery. */
590
591if (pid < 0)
592 {
593 addr->transport_return = DEFER;
6e0fddef 594 addr->basic_errno = errno;
0756eb3c
PH		 595 addr->message = string_sprintf("Failed to create child process to send "
596 "message from %s transport: %s", tblock->name, strerror(errno));
597 DEBUG(D_transport) debug_printf("%s\n", addr->message);
0a6c178c 598 if (dbm_file) EXIM_DBCLOSE(dbm_file);
0756eb3c
PH		 599 return FALSE;
600 }
601
602/* Create the message to be sent - recipients are taken from the headers,
603as the -t option is used. The "headers" stuff *must* be last in case there
604are newlines in it which might, if placed earlier, screw up other headers. */
605
8768d548 606fp = fdopen(fd, "wb");
0756eb3c 607
8768d548
JH		 608if (from) fprintf(fp, "From: %s\n", from);
609if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to);
610if (to) fprintf(fp, "To: %s\n", to);
611if (cc) fprintf(fp, "Cc: %s\n", cc);
612if (bcc) fprintf(fp, "Bcc: %s\n", bcc);
613if (subject) fprintf(fp, "Subject: %s\n", subject);
0756eb3c
PH		 614
615/* Generate In-Reply-To from the message_id header; there should
616always be one, but code defensively. */
617
0a6c178c 618for (h = header_list; h; h = h->next)
0756eb3c
PH		 619 if (h->type == htype_id) break;
620
0a6c178c 621if (h)
0756eb3c 622 {
30dba1e6
PH		 623 message_id = Ustrchr(h->text, ':') + 1;
624 while (isspace(*message_id)) message_id++;
8768d548 625 fprintf(fp, "In-Reply-To: %s", message_id);
30dba1e6
PH		 626 }
627
d6c829b9 628moan_write_references(fp, message_id);
0756eb3c
PH		 629
630/* Add an Auto-Submitted: header */
631
8768d548 632fprintf(fp, "Auto-Submitted: auto-replied\n");
0756eb3c
PH		 633
634/* Add any specially requested headers */
635
8768d548
JH		 636if (headers) fprintf(fp, "%s\n", headers);
637fprintf(fp, "\n");
0756eb3c 638
0a6c178c 639if (text)
0756eb3c 640 {
8768d548
JH		 641 fprintf(fp, "%s", CS text);
642 if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n");
0756eb3c
PH		 643 }
644
0a6c178c 645if (ff)
0756eb3c
PH		 646 {
647 while (Ufgets(big_buffer, big_buffer_size, ff) != NULL)
648 {
649 if (file_expand)
650 {
651 uschar *s = expand_string(big_buffer);
652 DEBUG(D_transport)
653 {
0a6c178c 654 if (!s)
0756eb3c
PH		 655 debug_printf("error while expanding line from file:\n %s\n %s\n",
656 big_buffer, expand_string_message);
657 }
8768d548 658 fprintf(fp, "%s", s ? CS s : CS big_buffer);
0756eb3c 659 }
8768d548 660 else fprintf(fp, "%s", CS big_buffer);
0756eb3c 661 }
e0eb00cd 662 (void) fclose(ff);
0756eb3c
PH		 663 }
664
665/* Copy the original message if required, observing the return size
9f526266 666limit if we are returning the body. */
0756eb3c
PH		 667
668if (return_message)
669 {
9f526266
PH		 670 uschar *rubric = (tblock->headers_only)?
671 US"------ This is a copy of the message's header lines.\n"
672 : (tblock->body_only)?
673 US"------ This is a copy of the body of the message, without the headers.\n"
674 :
675 US"------ This is a copy of the message, including all the headers.\n";
65de12cc 676 transport_ctx tctx = {
8768d548 677 .u = {.fd = fileno(fp)},
b3b37076
JH		 678 .tblock = tblock,
679 .addr = addr,
680 .check_string = NULL,
681 .escape_string = NULL,
682 .options = (tblock->body_only ? topt_no_headers : 0)
683 | (tblock->headers_only ? topt_no_body : 0)
684 | (tblock->return_path_add ? topt_add_return_path : 0)
685 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
686 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
687 | topt_not_socket
65de12cc 688 };
9f526266
PH		 689
690 if (bounce_return_size_limit > 0 && !tblock->headers_only)
0756eb3c
PH		 691 {
692 struct stat statbuf;
693 int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) *
694 DELIVER_IN_BUFFER_SIZE;
695 if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max)
696 {
8768d548 697 fprintf(fp, "\n%s"
b1c749bb 698"------ The body of the message is " OFF_T_FMT " characters long; only the first\n"
9f526266 699"------ %d or so are included here.\n\n", rubric, statbuf.st_size,
0d7eb84a 700 (max/1000)*1000);
0756eb3c 701 }
8768d548 702 else fprintf(fp, "\n%s\n", rubric);
0756eb3c 703 }
8768d548 704 else fprintf(fp, "\n%s\n", rubric);
0756eb3c 705
8768d548 706 fflush(fp);
0756eb3c 707 transport_count = 0;
42055a33 708 transport_write_message(&tctx, bounce_return_size_limit);
0756eb3c
PH		 709 }
710
711/* End the message and wait for the child process to end; no timeout. */
712
8768d548 713(void)fclose(fp);
0756eb3c
PH		 714rc = child_close(pid, 0);
715
716/* Update the "sent to" log whatever the yield. This errs on the side of
717missing out a message rather than risking sending more than one. We either have
718cache_fd set to a fixed size, circular buffer file, or dbm_file set to an open
719DBM file (or neither, if "once" is not set). */
720
721/* Update fixed-size cache file. If cache_time is set, we found a previous
722entry; that is the spot into which to put the current time. Otherwise we have
723to add a new record; remove the first one in the file if the file is too big.
724We always rewrite the entire file in a single write operation. This is
725(hopefully) going to be the safest thing because there is no interlocking
726between multiple simultaneous deliveries. */
727
728if (cache_fd >= 0)
729 {
730 uschar *from = cache_buff;
731 int size = cache_size;
0756eb3c 732
d315eda1 733 if (lseek(cache_fd, 0, SEEK_SET) == 0)
0756eb3c 734 {
d315eda1 735 if (!cache_time)
0756eb3c 736 {
d315eda1
JH		 737 cache_time = from + size;
738 memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t));
739 size += add_size;
740
741 if (cache_size > 0 && size > ob->once_file_size)
742 {
743 from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1;
744 size -= (from - cache_buff);
745 }
0756eb3c 746 }
0756eb3c 747
d315eda1
JH		 748 memcpy(cache_time, &now, sizeof(time_t));
749 if(write(cache_fd, from, size) != size)
750 DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s "
751 "transport\n", oncelog, tblock->name);
752 }
0756eb3c
PH		 753 }
754
755/* Update DBM file */
756
d315eda1 757else if (dbm_file)
0756eb3c
PH		 758 {
759 EXIM_DATUM key_datum, value_datum;
760 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */
761 EXIM_DATUM_INIT(value_datum); /* cleared datums. */
762 EXIM_DATUM_DATA(key_datum) = CS to;
763 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
764
765 /* Many OS define the datum value, sensibly, as a void *. However, there
766 are some which still have char *. By casting this address to a char * we
767 can avoid warning messages from the char * systems. */
768
769 EXIM_DATUM_DATA(value_datum) = CS (&now);
770 EXIM_DATUM_SIZE(value_datum) = (int)sizeof(time_t);
771 EXIM_DBPUT(dbm_file, key_datum, value_datum);
772 }
773
774/* If sending failed, defer to try again - but if once is set the next
775try will skip, of course. However, if there were no recipients in the
776message, we do not fail. */
777
778if (rc != 0)
0756eb3c
PH		 779 if (rc == EXIT_NORECIPIENTS)
780 {
781 DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n",
782 tblock->name);
783 }
784 else
785 {
786 addr->transport_return = DEFER;
787 addr->message = string_sprintf("Failed to send message from %s "
788 "transport (%d)", tblock->name, rc);
789 goto END_OFF;
790 }
0756eb3c
PH		 791
792/* Log the sending of the message if successful and required. If the file
793fails to open, it's hard to know what to do. We cannot write to the Exim
794log from here, since we may be running under an unprivileged uid. We don't
795want to fail the delivery, since the message has been successfully sent. For
796the moment, ignore open failures. Write the log entry as a single write() to a
797file opened for appending, in order to avoid interleaving of output from
798different processes. The log_buffer can be used exactly as for main log
799writing. */
800
0a6c178c 801if (logfile)
0756eb3c
PH		 802 {
803 int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode);
804 if (log_fd >= 0)
805 {
f3ebb786
JH		 806 gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs;
807
808 /* Use taint-unchecked routines for writing into log_buffer, trusting
809 that we'll never expand it. */
810
0756eb3c 811 DEBUG(D_transport) debug_printf("logging message details\n");
f3ebb786 812 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log));
0a6c178c 813 if (from)
f3ebb786 814 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from);
0a6c178c 815 if (to)
f3ebb786 816 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to);
0a6c178c 817 if (cc)
f3ebb786 818 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc);
0a6c178c 819 if (bcc)
f3ebb786 820 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc);
0a6c178c 821 if (subject)
f3ebb786 822 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject);
0a6c178c 823 if (headers)
f3ebb786
JH		 824 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers);
825 if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd))
1ac6b2e7
JH		 826 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
827 "transport\n", logfile, tblock->name);
0756eb3c
PH		 828 }
829 else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s "
830 "transport: %s\n", logfile, tblock->name, strerror(errno));
831 }
832
833END_OFF:
d315eda1 834if (dbm_file) EXIM_DBCLOSE(dbm_file);
f1e894f3 835if (cache_fd > 0) (void)close(cache_fd);
0756eb3c
PH		 836
837DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name);
838
839return FALSE;
840}
841
d185889f 842#endif /*!MACRO_PREDEF*/
0756eb3c 843/* End of transport/autoreply.c */
Unnamed repository; edit this file 'description' to name the repository.