projects / exim.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Add variables for wildcard portion of local-part affix. Bug 281
[exim.git] / src / src / transport.c
... / ...
CommitLineData
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5/* Copyright (c) University of Cambridge 1995 - 2018 */
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* General functions concerned with transportation, and generic options for all
9transports. */
10
11
12#include "exim.h"
13
14/* Generic options for transports, all of which live inside transport_instance
15data blocks and which therefore have the opt_public flag set. Note that there
16are other options living inside this structure which can be set only from
17certain transports. */
18#define LOFF(field) OPT_OFF(transport_instance, field)
19
20optionlist optionlist_transports[] = {
21 /* name type value */
22 { "*expand_group", opt_stringptr|opt_hidden|opt_public,
23 LOFF(expand_gid) },
24 { "*expand_user", opt_stringptr|opt_hidden|opt_public,
25 LOFF(expand_uid) },
26 { "*headers_rewrite_flags", opt_int|opt_public|opt_hidden,
27 LOFF(rewrite_existflags) },
28 { "*headers_rewrite_rules", opt_void|opt_public|opt_hidden,
29 LOFF(rewrite_rules) },
30 { "*set_group", opt_bool|opt_hidden|opt_public,
31 LOFF(gid_set) },
32 { "*set_user", opt_bool|opt_hidden|opt_public,
33 LOFF(uid_set) },
34 { "body_only", opt_bool|opt_public,
35 LOFF(body_only) },
36 { "current_directory", opt_stringptr|opt_public,
37 LOFF(current_dir) },
38 { "debug_print", opt_stringptr | opt_public,
39 LOFF(debug_string) },
40 { "delivery_date_add", opt_bool|opt_public,
41 LOFF(delivery_date_add) },
42 { "disable_logging", opt_bool|opt_public,
43 LOFF(disable_logging) },
44 { "driver", opt_stringptr|opt_public,
45 LOFF(driver_name) },
46 { "envelope_to_add", opt_bool|opt_public,
47 LOFF(envelope_to_add) },
48#ifndef DISABLE_EVENT
49 { "event_action", opt_stringptr | opt_public,
50 LOFF(event_action) },
51#endif
52 { "group", opt_expand_gid|opt_public,
53 LOFF(gid) },
54 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
55 LOFF(add_headers) },
56 { "headers_only", opt_bool|opt_public,
57 LOFF(headers_only) },
58 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
59 LOFF(remove_headers) },
60 { "headers_rewrite", opt_rewrite|opt_public,
61 LOFF(headers_rewrite) },
62 { "home_directory", opt_stringptr|opt_public,
63 LOFF(home_dir) },
64 { "initgroups", opt_bool|opt_public,
65 LOFF(initgroups) },
66 { "max_parallel", opt_stringptr|opt_public,
67 LOFF(max_parallel) },
68 { "message_size_limit", opt_stringptr|opt_public,
69 LOFF(message_size_limit) },
70 { "rcpt_include_affixes", opt_bool|opt_public,
71 LOFF(rcpt_include_affixes) },
72 { "retry_use_local_part", opt_bool|opt_public,
73 LOFF(retry_use_local_part) },
74 { "return_path", opt_stringptr|opt_public,
75 LOFF(return_path) },
76 { "return_path_add", opt_bool|opt_public,
77 LOFF(return_path_add) },
78 { "shadow_condition", opt_stringptr|opt_public,
79 LOFF(shadow_condition) },
80 { "shadow_transport", opt_stringptr|opt_public,
81 LOFF(shadow) },
82 { "transport_filter", opt_stringptr|opt_public,
83 LOFF(filter_command) },
84 { "transport_filter_timeout", opt_time|opt_public,
85 LOFF(filter_timeout) },
86 { "user", opt_expand_uid|opt_public,
87 LOFF(uid) }
88};
89
90int optionlist_transports_size = nelem(optionlist_transports);
91
92#ifdef MACRO_PREDEF
93
94# include "macro_predef.h"
95
96void
97options_transports(void)
98{
99uschar buf[64];
100
101options_from_list(optionlist_transports, nelem(optionlist_transports), US"TRANSPORTS", NULL);
102
103for (transport_info * ti = transports_available; ti->driver_name[0]; ti++)
104 {
105 spf(buf, sizeof(buf), US"_DRIVER_TRANSPORT_%T", ti->driver_name);
106 builtin_macro_create(buf);
107 options_from_list(ti->options, (unsigned)*ti->options_count, US"TRANSPORT", ti->driver_name);
108 }
109}
110
111#else /*!MACRO_PREDEF*/
112
113/* Structure for keeping list of addresses that have been added to
114Envelope-To:, in order to avoid duplication. */
115
116struct aci {
117 struct aci *next;
118 address_item *ptr;
119 };
120
121
122/* Static data for write_chunk() */
123
124static uschar *chunk_ptr; /* chunk pointer */
125static uschar *nl_check; /* string to look for at line start */
126static int nl_check_length; /* length of same */
127static uschar *nl_escape; /* string to insert */
128static int nl_escape_length; /* length of same */
129static int nl_partial_match; /* length matched at chunk end */
130
131
132/*************************************************
133* Initialize transport list *
134*************************************************/
135
136/* Read the transports section of the configuration file, and set up a chain of
137transport instances according to its contents. Each transport has generic
138options and may also have its own private options. This function is only ever
139called when transports == NULL. We use generic code in readconf to do most of
140the work. */
141
142void
143transport_init(void)
144{
145readconf_driver_init(US"transport",
146 (driver_instance **)(&transports), /* chain anchor */
147 (driver_info *)transports_available, /* available drivers */
148 sizeof(transport_info), /* size of info block */
149 &transport_defaults, /* default values for generic options */
150 sizeof(transport_instance), /* size of instance block */
151 optionlist_transports, /* generic options */
152 optionlist_transports_size);
153
154/* Now scan the configured transports and check inconsistencies. A shadow
155transport is permitted only for local transports. */
156
157for (transport_instance * t = transports; t; t = t->next)
158 {
159 if (!t->info->local && t->shadow)
160 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
161 "shadow transport not allowed on non-local transport %s", t->name);
162
163 if (t->body_only && t->headers_only)
164 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
165 "%s transport: body_only and headers_only are mutually exclusive",
166 t->name);
167 }
168}
169
170
171
172/*************************************************
173* Write block of data *
174*************************************************/
175
176static int
177tpt_write(int fd, uschar * block, int len, BOOL more, int options)
178{
179return
180#ifndef DISABLE_TLS
181 tls_out.active.sock == fd
182 ? tls_write(tls_out.active.tls_ctx, block, len, more) :
183#endif
184#ifdef MSG_MORE
185 more && !(options & topt_not_socket) ? send(fd, block, len, MSG_MORE) :
186#endif
187 write(fd, block, len);
188}
189
190/* Subroutine called by write_chunk() and at the end of the message actually
191to write a data block. Also called directly by some transports to write
192additional data to the file descriptor (e.g. prefix, suffix).
193
194If a transport wants data transfers to be timed, it sets a non-zero value in
195transport_write_timeout. A non-zero transport_write_timeout causes a timer to
196be set for each block of data written from here. If time runs out, then write()
197fails and provokes an error return. The caller can then inspect sigalrm_seen to
198check for a timeout.
199
200On some systems, if a quota is exceeded during the write, the yield is the
201number of bytes written rather than an immediate error code. This also happens
202on some systems in other cases, for example a pipe that goes away because the
203other end's process terminates (Linux). On other systems, (e.g. Solaris 2) you
204get the error codes the first time.
205
206The write() function is also interruptible; the Solaris 2.6 man page says:
207
208 If write() is interrupted by a signal before it writes any
209 data, it will return -1 with errno set to EINTR.
210
211 If write() is interrupted by a signal after it successfully
212 writes some data, it will return the number of bytes written.
213
214To handle these cases, we want to restart the write() to output the remainder
215of the data after a non-negative return from write(), except after a timeout.
216In the error cases (EDQUOT, EPIPE) no bytes get written the second time, and a
217proper error then occurs. In principle, after an interruption, the second
218write() could suffer the same fate, but we do not want to continue for
219evermore, so stick a maximum repetition count on the loop to act as a
220longstop.
221
222Arguments:
223 tctx transport context: file descriptor or string to write to
224 block block of bytes to write
225 len number of bytes to write
226 more further data expected soon
227
228Returns: TRUE on success, FALSE on failure (with errno preserved);
229 transport_count is incremented by the number of bytes written
230*/
231
232static BOOL
233transport_write_block_fd(transport_ctx * tctx, uschar * block, int len, BOOL more)
234{
235int rc, save_errno;
236int local_timeout = transport_write_timeout;
237int connretry = 1;
238int fd = tctx->u.fd;
239
240/* This loop is for handling incomplete writes and other retries. In most
241normal cases, it is only ever executed once. */
242
243for (int i = 0; i < 100; i++)
244 {
245 DEBUG(D_transport)
246 debug_printf("writing data block fd=%d size=%d timeout=%d%s\n",
247 fd, len, local_timeout, more ? " (more expected)" : "");
248
249 /* When doing TCP Fast Open we may get this far before the 3-way handshake
250 is complete, and write returns ENOTCONN. Detect that, wait for the socket
251 to become writable, and retry once only. */
252
253 for(;;)
254 {
255 fd_set fds;
256 /* This code makes use of alarm() in order to implement the timeout. This
257 isn't a very tidy way of doing things. Using non-blocking I/O with select()
258 provides a neater approach. However, I don't know how to do this when TLS is
259 in use. */
260
261 if (transport_write_timeout <= 0) /* No timeout wanted */
262 {
263 rc = tpt_write(fd, block, len, more, tctx->options);
264 save_errno = errno;
265 }
266 else /* Timeout wanted. */
267 {
268 ALARM(local_timeout);
269 rc = tpt_write(fd, block, len, more, tctx->options);
270 save_errno = errno;
271 local_timeout = ALARM_CLR(0);
272 if (sigalrm_seen)
273 {
274 errno = ETIMEDOUT;
275 return FALSE;
276 }
277 }
278
279 if (rc >= 0 || errno != ENOTCONN || connretry <= 0)
280 break;
281
282 FD_ZERO(&fds); FD_SET(fd, &fds);
283 select(fd+1, NULL, &fds, NULL, NULL); /* could set timout? */
284 connretry--;
285 }
286
287 /* Hopefully, the most common case is success, so test that first. */
288
289 if (rc == len) { transport_count += len; return TRUE; }
290
291 /* A non-negative return code is an incomplete write. Try again for the rest
292 of the block. If we have exactly hit the timeout, give up. */
293
294 if (rc >= 0)
295 {
296 len -= rc;
297 block += rc;
298 transport_count += rc;
299 DEBUG(D_transport) debug_printf("write incomplete (%d)\n", rc);
300 goto CHECK_TIMEOUT; /* A few lines below */
301 }
302
303 /* A negative return code with an EINTR error is another form of
304 incomplete write, zero bytes having been written */
305
306 if (save_errno == EINTR)
307 {
308 DEBUG(D_transport)
309 debug_printf("write interrupted before anything written\n");
310 goto CHECK_TIMEOUT; /* A few lines below */
311 }
312
313 /* A response of EAGAIN from write() is likely only in the case of writing
314 to a FIFO that is not swallowing the data as fast as Exim is writing it. */
315
316 if (save_errno == EAGAIN)
317 {
318 DEBUG(D_transport)
319 debug_printf("write temporarily locked out, waiting 1 sec\n");
320 sleep(1);
321
322 /* Before continuing to try another write, check that we haven't run out of
323 time. */
324
325 CHECK_TIMEOUT:
326 if (transport_write_timeout > 0 && local_timeout <= 0)
327 {
328 errno = ETIMEDOUT;
329 return FALSE;
330 }
331 continue;
332 }
333
334 /* Otherwise there's been an error */
335
336 DEBUG(D_transport) debug_printf("writing error %d: %s\n", save_errno,
337 strerror(save_errno));
338 errno = save_errno;
339 return FALSE;
340 }
341
342/* We've tried and tried and tried but still failed */
343
344errno = ERRNO_WRITEINCOMPLETE;
345return FALSE;
346}
347
348
349BOOL
350transport_write_block(transport_ctx * tctx, uschar *block, int len, BOOL more)
351{
352if (!(tctx->options & topt_output_string))
353 return transport_write_block_fd(tctx, block, len, more);
354
355/* Write to expanding-string. NOTE: not NUL-terminated */
356
357if (!tctx->u.msg)
358 tctx->u.msg = string_get(1024);
359
360tctx->u.msg = string_catn(tctx->u.msg, block, len);
361return TRUE;
362}
363
364
365
366
367/*************************************************
368* Write formatted string *
369*************************************************/
370
371/* This is called by various transports. It is a convenience function.
372
373Arguments:
374 fd file descriptor
375 format string format
376 ... arguments for format
377
378Returns: the yield of transport_write_block()
379*/
380
381BOOL
382transport_write_string(int fd, const char *format, ...)
383{
384transport_ctx tctx = {{0}};
385gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
386va_list ap;
387
388/* Use taint-unchecked routines for writing into big_buffer, trusting
389that the result will never be expanded. */
390
391va_start(ap, format);
392if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, format, ap))
393 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong formatted string in transport");
394va_end(ap);
395tctx.u.fd = fd;
396return transport_write_block(&tctx, gs.s, gs.ptr, FALSE);
397}
398
399
400
401
402void
403transport_write_reset(int options)
404{
405if (!(options & topt_continuation)) chunk_ptr = deliver_out_buffer;
406nl_partial_match = -1;
407nl_check_length = nl_escape_length = 0;
408}
409
410
411
412/*************************************************
413* Write character chunk *
414*************************************************/
415
416/* Subroutine used by transport_write_message() to scan character chunks for
417newlines and act appropriately. The object is to minimise the number of writes.
418The output byte stream is buffered up in deliver_out_buffer, which is written
419only when it gets full, thus minimizing write operations and TCP packets.
420
421Static data is used to handle the case when the last character of the previous
422chunk was NL, or matched part of the data that has to be escaped.
423
424Arguments:
425 tctx transport context - processing to be done during output,
426 and file descriptor to write to
427 chunk pointer to data to write
428 len length of data to write
429
430In addition, the static nl_xxx variables must be set as required.
431
432Returns: TRUE on success, FALSE on failure (with errno preserved)
433*/
434
435BOOL
436write_chunk(transport_ctx * tctx, uschar *chunk, int len)
437{
438uschar *start = chunk;
439uschar *end = chunk + len;
440int mlen = DELIVER_OUT_BUFFER_SIZE - nl_escape_length - 2;
441
442/* The assumption is made that the check string will never stretch over move
443than one chunk since the only time there are partial matches is when copying
444the body in large buffers. There is always enough room in the buffer for an
445escape string, since the loop below ensures this for each character it
446processes, and it won't have stuck in the escape string if it left a partial
447match. */
448
449if (nl_partial_match >= 0)
450 {
451 if (nl_check_length > 0 && len >= nl_check_length &&
452 Ustrncmp(start, nl_check + nl_partial_match,
453 nl_check_length - nl_partial_match) == 0)
454 {
455 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
456 chunk_ptr += nl_escape_length;
457 start += nl_check_length - nl_partial_match;
458 }
459
460 /* The partial match was a false one. Insert the characters carried over
461 from the previous chunk. */
462
463 else if (nl_partial_match > 0)
464 {
465 Ustrncpy(chunk_ptr, nl_check, nl_partial_match);
466 chunk_ptr += nl_partial_match;
467 }
468
469 nl_partial_match = -1;
470 }
471
472/* Now process the characters in the chunk. Whenever we hit a newline we check
473for possible escaping. The code for the non-NL route should be as fast as
474possible. */
475
476for (uschar * ptr = start; ptr < end; ptr++)
477 {
478 int ch, len;
479
480 /* Flush the buffer if it has reached the threshold - we want to leave enough
481 room for the next uschar, plus a possible extra CR for an LF, plus the escape
482 string. */
483
484 if ((len = chunk_ptr - deliver_out_buffer) > mlen)
485 {
486 DEBUG(D_transport) debug_printf("flushing headers buffer\n");
487
488 /* If CHUNKING, prefix with BDAT (size) NON-LAST. Also, reap responses
489 from previous SMTP commands. */
490
491 if (tctx->options & topt_use_bdat && tctx->chunk_cb)
492 {
493 if ( tctx->chunk_cb(tctx, (unsigned)len, 0) != OK
494 || !transport_write_block(tctx, deliver_out_buffer, len, FALSE)
495 || tctx->chunk_cb(tctx, 0, tc_reap_prev) != OK
496 )
497 return FALSE;
498 }
499 else
500 if (!transport_write_block(tctx, deliver_out_buffer, len, FALSE))
501 return FALSE;
502 chunk_ptr = deliver_out_buffer;
503 }
504
505 /* Remove CR before NL if required */
506
507 if ( *ptr == '\r' && ptr[1] == '\n'
508 && !(tctx->options & topt_use_crlf)
509 && f.spool_file_wireformat
510 )
511 ptr++;
512
513 if ((ch = *ptr) == '\n')
514 {
515 int left = end - ptr - 1; /* count of chars left after NL */
516
517 /* Insert CR before NL if required */
518
519 if (tctx->options & topt_use_crlf && !f.spool_file_wireformat)
520 *chunk_ptr++ = '\r';
521 *chunk_ptr++ = '\n';
522 transport_newlines++;
523
524 /* The check_string test (formerly "from hack") replaces the specific
525 string at the start of a line with an escape string (e.g. "From " becomes
526 ">From " or "." becomes "..". It is a case-sensitive test. The length
527 check above ensures there is always enough room to insert this string. */
528
529 if (nl_check_length > 0)
530 {
531 if (left >= nl_check_length &&
532 Ustrncmp(ptr+1, nl_check, nl_check_length) == 0)
533 {
534 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
535 chunk_ptr += nl_escape_length;
536 ptr += nl_check_length;
537 }
538
539 /* Handle the case when there isn't enough left to match the whole
540 check string, but there may be a partial match. We remember how many
541 characters matched, and finish processing this chunk. */
542
543 else if (left <= 0) nl_partial_match = 0;
544
545 else if (Ustrncmp(ptr+1, nl_check, left) == 0)
546 {
547 nl_partial_match = left;
548 ptr = end;
549 }
550 }
551 }
552
553 /* Not a NL character */
554
555 else *chunk_ptr++ = ch;
556 }
557
558return TRUE;
559}
560
561
562
563
564/*************************************************
565* Generate address for RCPT TO *
566*************************************************/
567
568/* This function puts together an address for RCPT to, using the caseful
569version of the local part and the caseful version of the domain. If there is no
570prefix or suffix, or if affixes are to be retained, we can just use the
571original address. Otherwise, if there is a prefix but no suffix we can use a
572pointer into the original address. If there is a suffix, however, we have to
573build a new string.
574
575Arguments:
576 addr the address item
577 include_affixes TRUE if affixes are to be included
578
579Returns: a string
580*/
581
582uschar *
583transport_rcpt_address(address_item *addr, BOOL include_affixes)
584{
585uschar *at;
586int plen, slen;
587
588if (include_affixes)
589 {
590 setflag(addr, af_include_affixes); /* Affects logged => line */
591 return addr->address;
592 }
593
594if (!addr->suffix)
595 {
596 if (!addr->prefix) return addr->address;
597 return addr->address + Ustrlen(addr->prefix);
598 }
599
600at = Ustrrchr(addr->address, '@');
601plen = addr->prefix ? Ustrlen(addr->prefix) : 0;
602slen = Ustrlen(addr->suffix);
603
604return string_sprintf("%.*s@%s", (int)(at - addr->address - plen - slen),
605 addr->address + plen, at + 1);
606}
607
608
609/*************************************************
610* Output Envelope-To: address & scan duplicates *
611*************************************************/
612
613/* This function is called from internal_transport_write_message() below, when
614generating an Envelope-To: header line. It checks for duplicates of the given
615address and its ancestors. When one is found, this function calls itself
616recursively, to output the envelope address of the duplicate.
617
618We want to avoid duplication in the list, which can arise for example when
619A->B,C and then both B and C alias to D. This can also happen when there are
620unseen drivers in use. So a list of addresses that have been output is kept in
621the plist variable.
622
623It is also possible to have loops in the address ancestry/duplication graph,
624for example if there are two top level addresses A and B and we have A->B,C and
625B->A. To break the loop, we use a list of processed addresses in the dlist
626variable.
627
628After handling duplication, this function outputs the progenitor of the given
629address.
630
631Arguments:
632 p the address we are interested in
633 pplist address of anchor of the list of addresses not to output
634 pdlist address of anchor of the list of processed addresses
635 first TRUE if this is the first address; set it FALSE afterwards
636 tctx transport context - processing to be done during output
637 and the file descriptor to write to
638
639Returns: FALSE if writing failed
640*/
641
642static BOOL
643write_env_to(address_item *p, struct aci **pplist, struct aci **pdlist,
644 BOOL *first, transport_ctx * tctx)
645{
646address_item *pp;
647struct aci *ppp;
648
649/* Do nothing if we have already handled this address. If not, remember it
650so that we don't handle it again. */
651
652for (ppp = *pdlist; ppp; ppp = ppp->next) if (p == ppp->ptr) return TRUE;
653
654ppp = store_get(sizeof(struct aci), FALSE);
655ppp->next = *pdlist;
656*pdlist = ppp;
657ppp->ptr = p;
658
659/* Now scan up the ancestry, checking for duplicates at each generation. */
660
661for (pp = p;; pp = pp->parent)
662 {
663 address_item *dup;
664 for (dup = addr_duplicate; dup; dup = dup->next)
665 if (dup->dupof == pp) /* a dup of our address */
666 if (!write_env_to(dup, pplist, pdlist, first, tctx))
667 return FALSE;
668 if (!pp->parent) break;
669 }
670
671/* Check to see if we have already output the progenitor. */
672
673for (ppp = *pplist; ppp; ppp = ppp->next) if (pp == ppp->ptr) break;
674if (ppp) return TRUE;
675
676/* Remember what we have output, and output it. */
677
678ppp = store_get(sizeof(struct aci), FALSE);
679ppp->next = *pplist;
680*pplist = ppp;
681ppp->ptr = pp;
682
683if (!*first && !write_chunk(tctx, US",\n ", 3)) return FALSE;
684*first = FALSE;
685return write_chunk(tctx, pp->address, Ustrlen(pp->address));
686}
687
688
689
690
691/* Add/remove/rewrite headers, and send them plus the empty-line separator.
692
693Globals:
694 header_list
695
696Arguments:
697 addr (chain of) addresses (for extra headers), or NULL;
698 only the first address is used
699 tctx transport context
700 sendfn function for output (transport or verify)
701
702Returns: TRUE on success; FALSE on failure.
703*/
704BOOL
705transport_headers_send(transport_ctx * tctx,
706 BOOL (*sendfn)(transport_ctx * tctx, uschar * s, int len))
707{
708const uschar *list;
709transport_instance * tblock = tctx ? tctx->tblock : NULL;
710address_item * addr = tctx ? tctx->addr : NULL;
711
712/* Then the message's headers. Don't write any that are flagged as "old";
713that means they were rewritten, or are a record of envelope rewriting, or
714were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
715match any entries therein. It is a colon-sep list; expand the items
716separately and squash any empty ones.
717Then check addr->prop.remove_headers too, provided that addr is not NULL. */
718
719for (header_line * h = header_list; h; h = h->next) if (h->type != htype_old)
720 {
721 BOOL include_header = TRUE;
722
723 list = tblock ? tblock->remove_headers : NULL;
724 for (int i = 0; i < 2; i++) /* For remove_headers && addr->prop.remove_headers */
725 {
726 if (list)
727 {
728 int sep = ':'; /* This is specified as a colon-separated list */
729 uschar *s, *ss;
730 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
731 {
732 int len;
733
734 if (i == 0)
735 if (!(s = expand_string(s)) && !f.expand_string_forcedfail)
736 {
737 errno = ERRNO_CHHEADER_FAIL;
738 return FALSE;
739 }
740 len = s ? Ustrlen(s) : 0;
741 if (len && s[len-1] == '*') /* trailing glob */
742 {
743 if (strncmpic(h->text, s, len-1) == 0) break;
744 }
745 else
746 {
747 if (strncmpic(h->text, s, len) != 0) continue;
748 ss = h->text + len;
749 while (*ss == ' ' || *ss == '\t') ss++;
750 if (*ss == ':') break;
751 }
752 }
753 if (s) { include_header = FALSE; break; }
754 }
755 if (addr) list = addr->prop.remove_headers;
756 }
757
758 /* If this header is to be output, try to rewrite it if there are rewriting
759 rules. */
760
761 if (include_header)
762 {
763 if (tblock && tblock->rewrite_rules)
764 {
765 rmark reset_point = store_mark();
766 header_line *hh;
767
768 if ((hh = rewrite_header(h, NULL, NULL, tblock->rewrite_rules,
769 tblock->rewrite_existflags, FALSE)))
770 {
771 if (!sendfn(tctx, hh->text, hh->slen)) return FALSE;
772 store_reset(reset_point);
773 continue; /* With the next header line */
774 }
775 }
776
777 /* Either no rewriting rules, or it didn't get rewritten */
778
779 if (!sendfn(tctx, h->text, h->slen)) return FALSE;
780 }
781
782 /* Header removed */
783
784 else
785 DEBUG(D_transport) debug_printf("removed header line:\n%s---\n", h->text);
786 }
787
788/* Add on any address-specific headers. If there are multiple addresses,
789they will all have the same headers in order to be batched. The headers
790are chained in reverse order of adding (so several addresses from the
791same alias might share some of them) but we want to output them in the
792opposite order. This is a bit tedious, but there shouldn't be very many
793of them. We just walk the list twice, reversing the pointers each time,
794but on the second time, write out the items.
795
796Headers added to an address by a router are guaranteed to end with a newline.
797*/
798
799if (addr)
800 {
801 header_line *hprev = addr->prop.extra_headers;
802 header_line *hnext, * h;
803 for (int i = 0; i < 2; i++)
804 for (h = hprev, hprev = NULL; h; h = hnext)
805 {
806 hnext = h->next;
807 h->next = hprev;
808 hprev = h;
809 if (i == 1)
810 {
811 if (!sendfn(tctx, h->text, h->slen)) return FALSE;
812 DEBUG(D_transport)
813 debug_printf("added header line(s):\n%s---\n", h->text);
814 }
815 }
816 }
817
818/* If a string containing additional headers exists it is a newline-sep
819list. Expand each item and write out the result. This is done last so that
820if it (deliberately or accidentally) isn't in header format, it won't mess
821up any other headers. An empty string or a forced expansion failure are
822noops. An added header string from a transport may not end with a newline;
823add one if it does not. */
824
825if (tblock && (list = CUS tblock->add_headers))
826 {
827 int sep = '\n';
828 uschar * s;
829
830 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
831 if ((s = expand_string(s)))
832 {
833 int len = Ustrlen(s);
834 if (len > 0)
835 {
836 if (!sendfn(tctx, s, len)) return FALSE;
837 if (s[len-1] != '\n' && !sendfn(tctx, US"\n", 1))
838 return FALSE;
839 DEBUG(D_transport)
840 {
841 debug_printf("added header line:\n%s", s);
842 if (s[len-1] != '\n') debug_printf("\n");
843 debug_printf("---\n");
844 }
845 }
846 }
847 else if (!f.expand_string_forcedfail)
848 { errno = ERRNO_CHHEADER_FAIL; return FALSE; }
849 }
850
851/* Separate headers from body with a blank line */
852
853return sendfn(tctx, US"\n", 1);
854}
855
856
857/*************************************************
858* Write the message *
859*************************************************/
860
861/* This function writes the message to the given file descriptor. The headers
862are in the in-store data structure, and the rest of the message is in the open
863file descriptor deliver_datafile. Make sure we start it at the beginning.
864
865. If add_return_path is TRUE, a "return-path:" header is added to the message,
866 containing the envelope sender's address.
867
868. If add_envelope_to is TRUE, a "envelope-to:" header is added to the message,
869 giving the top-level envelope address that caused this delivery to happen.
870
871. If add_delivery_date is TRUE, a "delivery-date:" header is added to the
872 message. It gives the time and date that delivery took place.
873
874. If check_string is not null, the start of each line is checked for that
875 string. If it is found, it is replaced by escape_string. This used to be
876 the "from hack" for files, and "smtp_dots" for escaping SMTP dots.
877
878. If use_crlf is true, newlines are turned into CRLF (SMTP output).
879
880The yield is TRUE if all went well, and FALSE if not. Exit *immediately* after
881any writing or reading error, leaving the code in errno intact. Error exits
882can include timeouts for certain transports, which are requested by setting
883transport_write_timeout non-zero.
884
885Arguments:
886 tctx
887 (fd, msg) Either and fd, to write the message to,
888 or a string: if null write message to allocated space
889 otherwire take content as headers.
890 addr (chain of) addresses (for extra headers), or NULL;
891 only the first address is used
892 tblock optional transport instance block (NULL signifies NULL/0):
893 add_headers a string containing one or more headers to add; it is
894 expanded, and must be in correct RFC 822 format as
895 it is transmitted verbatim; NULL => no additions,
896 and so does empty string or forced expansion fail
897 remove_headers a colon-separated list of headers to remove, or NULL
898 rewrite_rules chain of header rewriting rules
899 rewrite_existflags flags for the rewriting rules
900 options bit-wise options:
901 add_return_path if TRUE, add a "return-path" header
902 add_envelope_to if TRUE, add a "envelope-to" header
903 add_delivery_date if TRUE, add a "delivery-date" header
904 use_crlf if TRUE, turn NL into CR LF
905 end_dot if TRUE, send a terminating "." line at the end
906 no_headers if TRUE, omit the headers
907 no_body if TRUE, omit the body
908 check_string a string to check for at the start of lines, or NULL
909 escape_string a string to insert in front of any check string
910 size_limit if > 0, this is a limit to the size of message written;
911 it is used when returning messages to their senders,
912 and is approximate rather than exact, owing to chunk
913 buffering
914
915Returns: TRUE on success; FALSE (with errno) on failure.
916 In addition, the global variable transport_count
917 is incremented by the number of bytes written.
918*/
919
920static BOOL
921internal_transport_write_message(transport_ctx * tctx, int size_limit)
922{
923int len, size = 0;
924
925/* Initialize pointer in output buffer. */
926
927transport_write_reset(tctx->options);
928
929/* Set up the data for start-of-line data checking and escaping */
930
931if (tctx->check_string && tctx->escape_string)
932 {
933 nl_check = tctx->check_string;
934 nl_check_length = Ustrlen(nl_check);
935 nl_escape = tctx->escape_string;
936 nl_escape_length = Ustrlen(nl_escape);
937 }
938
939/* Whether the escaping mechanism is applied to headers or not is controlled by
940an option (set for SMTP, not otherwise). Negate the length if not wanted till
941after the headers. */
942
943if (!(tctx->options & topt_escape_headers))
944 nl_check_length = -nl_check_length;
945
946/* Write the headers if required, including any that have to be added. If there
947are header rewriting rules, apply them. The datasource is not the -D spoolfile
948so temporarily hide the global that adjusts for its format. */
949
950if (!(tctx->options & topt_no_headers))
951 {
952 BOOL save_wireformat = f.spool_file_wireformat;
953 f.spool_file_wireformat = FALSE;
954
955 /* Add return-path: if requested. */
956
957 if (tctx->options & topt_add_return_path)
958 {
959 uschar buffer[ADDRESS_MAXLENGTH + 20];
960 int n = sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH,
961 return_path);
962 if (!write_chunk(tctx, buffer, n)) goto bad;
963 }
964
965 /* Add envelope-to: if requested */
966
967 if (tctx->options & topt_add_envelope_to)
968 {
969 BOOL first = TRUE;
970 struct aci *plist = NULL;
971 struct aci *dlist = NULL;
972 rmark reset_point = store_mark();
973
974 if (!write_chunk(tctx, US"Envelope-to: ", 13)) goto bad;
975
976 /* Pick up from all the addresses. The plist and dlist variables are
977 anchors for lists of addresses already handled; they have to be defined at
978 this level because write_env_to() calls itself recursively. */
979
980 for (address_item * p = tctx->addr; p; p = p->next)
981 if (!write_env_to(p, &plist, &dlist, &first, tctx))
982 goto bad;
983
984 /* Add a final newline and reset the store used for tracking duplicates */
985
986 if (!write_chunk(tctx, US"\n", 1)) goto bad;
987 store_reset(reset_point);
988 }
989
990 /* Add delivery-date: if requested. */
991
992 if (tctx->options & topt_add_delivery_date)
993 {
994 uschar * s = tod_stamp(tod_full);
995
996 if ( !write_chunk(tctx, US"Delivery-date: ", 15)
997 || !write_chunk(tctx, s, Ustrlen(s))
998 || !write_chunk(tctx, US"\n", 1)) goto bad;
999 }
1000
1001 /* Then the message's headers. Don't write any that are flagged as "old";
1002 that means they were rewritten, or are a record of envelope rewriting, or
1003 were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
1004 match any entries therein. Then check addr->prop.remove_headers too, provided that
1005 addr is not NULL. */
1006
1007 if (!transport_headers_send(tctx, &write_chunk))
1008 {
1009bad:
1010 f.spool_file_wireformat = save_wireformat;
1011 return FALSE;
1012 }
1013
1014 f.spool_file_wireformat = save_wireformat;
1015 }
1016
1017/* When doing RFC3030 CHUNKING output, work out how much data would be in a
1018last-BDAT, consisting of the current write_chunk() output buffer fill
1019(optimally, all of the headers - but it does not matter if we already had to
1020flush that buffer with non-last BDAT prependix) plus the amount of body data
1021(as expanded for CRLF lines). Then create and write BDAT(s), and ensure
1022that further use of write_chunk() will not prepend BDATs.
1023The first BDAT written will also first flush any outstanding MAIL and RCPT
1024commands which were buffered thans to PIPELINING.
1025Commands go out (using a send()) from a different buffer to data (using a
1026write()). They might not end up in the same TCP segment, which is
1027suboptimal. */
1028
1029if (tctx->options & topt_use_bdat)
1030 {
1031 off_t fsize;
1032 int hsize;
1033
1034 if ((hsize = chunk_ptr - deliver_out_buffer) < 0)
1035 hsize = 0;
1036 if (!(tctx->options & topt_no_body))
1037 {
1038 if ((fsize = lseek(deliver_datafile, 0, SEEK_END)) < 0) return FALSE;
1039 fsize -= SPOOL_DATA_START_OFFSET;
1040 if (size_limit > 0 && fsize > size_limit)
1041 fsize = size_limit;
1042 size = hsize + fsize;
1043 if (tctx->options & topt_use_crlf && !f.spool_file_wireformat)
1044 size += body_linecount; /* account for CRLF-expansion */
1045
1046 /* With topt_use_bdat we never do dot-stuffing; no need to
1047 account for any expansion due to that. */
1048 }
1049
1050 /* If the message is large, emit first a non-LAST chunk with just the
1051 headers, and reap the command responses. This lets us error out early
1052 on RCPT rejects rather than sending megabytes of data. Include headers
1053 on the assumption they are cheap enough and some clever implementations
1054 might errorcheck them too, on-the-fly, and reject that chunk. */
1055
1056 if (size > DELIVER_OUT_BUFFER_SIZE && hsize > 0)
1057 {
1058 DEBUG(D_transport)
1059 debug_printf("sending small initial BDAT; hsize=%d\n", hsize);
1060 if ( tctx->chunk_cb(tctx, hsize, 0) != OK
1061 || !transport_write_block(tctx, deliver_out_buffer, hsize, FALSE)
1062 || tctx->chunk_cb(tctx, 0, tc_reap_prev) != OK
1063 )
1064 return FALSE;
1065 chunk_ptr = deliver_out_buffer;
1066 size -= hsize;
1067 }
1068
1069 /* Emit a LAST datachunk command, and unmark the context for further
1070 BDAT commands. */
1071
1072 if (tctx->chunk_cb(tctx, size, tc_chunk_last) != OK)
1073 return FALSE;
1074 tctx->options &= ~topt_use_bdat;
1075 }
1076
1077/* If the body is required, ensure that the data for check strings (formerly
1078the "from hack") is enabled by negating the length if necessary. (It will be
1079negative in cases where it isn't to apply to the headers). Then ensure the body
1080is positioned at the start of its file (following the message id), then write
1081it, applying the size limit if required. */
1082
1083/* If we have a wireformat -D file (CRNL lines, non-dotstuffed, no ending dot)
1084and we want to send a body without dotstuffing or ending-dot, in-clear,
1085then we can just dump it using sendfile.
1086This should get used for CHUNKING output and also for writing the -K file for
1087dkim signing, when we had CHUNKING input. */
1088
1089#ifdef OS_SENDFILE
1090if ( f.spool_file_wireformat
1091 && !(tctx->options & (topt_no_body | topt_end_dot))
1092 && !nl_check_length
1093 && tls_out.active.sock != tctx->u.fd
1094 )
1095 {
1096 ssize_t copied = 0;
1097 off_t offset = SPOOL_DATA_START_OFFSET;
1098
1099 /* Write out any header data in the buffer */
1100
1101 if ((len = chunk_ptr - deliver_out_buffer) > 0)
1102 {
1103 if (!transport_write_block(tctx, deliver_out_buffer, len, TRUE))
1104 return FALSE;
1105 size -= len;
1106 }
1107
1108 DEBUG(D_transport) debug_printf("using sendfile for body\n");
1109
1110 while(size > 0)
1111 {
1112 if ((copied = os_sendfile(tctx->u.fd, deliver_datafile, &offset, size)) <= 0) break;
1113 size -= copied;
1114 }
1115 return copied >= 0;
1116 }
1117#else
1118DEBUG(D_transport) debug_printf("cannot use sendfile for body: no support\n");
1119#endif
1120
1121DEBUG(D_transport)
1122 if (!(tctx->options & topt_no_body))
1123 debug_printf("cannot use sendfile for body: %s\n",
1124 !f.spool_file_wireformat ? "spoolfile not wireformat"
1125 : tctx->options & topt_end_dot ? "terminating dot wanted"
1126 : nl_check_length ? "dot- or From-stuffing wanted"
1127 : "TLS output wanted");
1128
1129if (!(tctx->options & topt_no_body))
1130 {
1131 unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX;
1132
1133 nl_check_length = abs(nl_check_length);
1134 nl_partial_match = 0;
1135 if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
1136 return FALSE;
1137 while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0
1138 && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
1139 {
1140 if (!write_chunk(tctx, deliver_in_buffer, len))
1141 return FALSE;
1142 size -= len;
1143 }
1144
1145 /* A read error on the body will have left len == -1 and errno set. */
1146
1147 if (len != 0) return FALSE;
1148 }
1149
1150/* Finished with the check string, and spool-format consideration */
1151
1152nl_check_length = nl_escape_length = 0;
1153f.spool_file_wireformat = FALSE;
1154
1155/* If requested, add a terminating "." line (SMTP output). */
1156
1157if (tctx->options & topt_end_dot && !write_chunk(tctx, US".\n", 2))
1158 return FALSE;
1159
1160/* Write out any remaining data in the buffer before returning. */
1161
1162return (len = chunk_ptr - deliver_out_buffer) <= 0 ||
1163 transport_write_block(tctx, deliver_out_buffer, len, FALSE);
1164}
1165
1166
1167
1168
1169/*************************************************
1170* External interface to write the message *
1171*************************************************/
1172
1173/* If there is no filtering required, call the internal function above to do
1174the real work, passing over all the arguments from this function. Otherwise,
1175set up a filtering process, fork another process to call the internal function
1176to write to the filter, and in this process just suck from the filter and write
1177down the fd in the transport context. At the end, tidy up the pipes and the
1178processes.
1179
1180Arguments: as for internal_transport_write_message() above
1181
1182Returns: TRUE on success; FALSE (with errno) for any failure
1183 transport_count is incremented by the number of bytes written
1184*/
1185
1186BOOL
1187transport_write_message(transport_ctx * tctx, int size_limit)
1188{
1189BOOL last_filter_was_NL = TRUE;
1190BOOL save_spool_file_wireformat = f.spool_file_wireformat;
1191int rc, len, yield, fd_read, fd_write, save_errno;
1192int pfd[2] = {-1, -1};
1193pid_t filter_pid, write_pid;
1194
1195f.transport_filter_timed_out = FALSE;
1196
1197/* If there is no filter command set up, call the internal function that does
1198the actual work, passing it the incoming fd, and return its result. */
1199
1200if ( !transport_filter_argv
1201 || !*transport_filter_argv
1202 || !**transport_filter_argv
1203 )
1204 return internal_transport_write_message(tctx, size_limit);
1205
1206/* Otherwise the message must be written to a filter process and read back
1207before being written to the incoming fd. First set up the special processing to
1208be done during the copying. */
1209
1210nl_partial_match = -1;
1211
1212if (tctx->check_string && tctx->escape_string)
1213 {
1214 nl_check = tctx->check_string;
1215 nl_check_length = Ustrlen(nl_check);
1216 nl_escape = tctx->escape_string;
1217 nl_escape_length = Ustrlen(nl_escape);
1218 }
1219else nl_check_length = nl_escape_length = 0;
1220
1221/* Start up a subprocess to run the command. Ensure that our main fd will
1222be closed when the subprocess execs, but remove the flag afterwards.
1223(Otherwise, if this is a TCP/IP socket, it can't get passed on to another
1224process to deliver another message.) We get back stdin/stdout file descriptors.
1225If the process creation failed, give an error return. */
1226
1227fd_read = -1;
1228fd_write = -1;
1229save_errno = 0;
1230yield = FALSE;
1231write_pid = (pid_t)(-1);
1232
1233 {
1234 int bits = fcntl(tctx->u.fd, F_GETFD);
1235 (void)fcntl(tctx->u.fd, F_SETFD, bits | FD_CLOEXEC);
1236 filter_pid = child_open(USS transport_filter_argv, NULL, 077,
1237 &fd_write, &fd_read, FALSE);
1238 (void)fcntl(tctx->u.fd, F_SETFD, bits & ~FD_CLOEXEC);
1239 }
1240if (filter_pid < 0) goto TIDY_UP; /* errno set */
1241
1242DEBUG(D_transport)
1243 debug_printf("process %d running as transport filter: fd_write=%d fd_read=%d\n",
1244 (int)filter_pid, fd_write, fd_read);
1245
1246/* Fork subprocess to write the message to the filter, and return the result
1247via a(nother) pipe. While writing to the filter, we do not do the CRLF,
1248smtp dots, or check string processing. */
1249
1250if (pipe(pfd) != 0) goto TIDY_UP; /* errno set */
1251if ((write_pid = fork()) == 0)
1252 {
1253 BOOL rc;
1254 (void)close(fd_read);
1255 (void)close(pfd[pipe_read]);
1256 nl_check_length = nl_escape_length = 0;
1257
1258 tctx->u.fd = fd_write;
1259 tctx->check_string = tctx->escape_string = NULL;
1260 tctx->options &= ~(topt_use_crlf | topt_end_dot | topt_use_bdat);
1261
1262 rc = internal_transport_write_message(tctx, size_limit);
1263
1264 save_errno = errno;
1265 if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL))
1266 != sizeof(BOOL)
1267 || write(pfd[pipe_write], (void *)&save_errno, sizeof(int))
1268 != sizeof(int)
1269 || write(pfd[pipe_write], (void *)&tctx->addr->more_errno, sizeof(int))
1270 != sizeof(int)
1271 || write(pfd[pipe_write], (void *)&tctx->addr->delivery_time, sizeof(struct timeval))
1272 != sizeof(struct timeval)
1273 )
1274 rc = FALSE; /* compiler quietening */
1275 exim_underbar_exit(0);
1276 }
1277save_errno = errno;
1278
1279/* Parent process: close our copy of the writing subprocess' pipes. */
1280
1281(void)close(pfd[pipe_write]);
1282(void)close(fd_write);
1283fd_write = -1;
1284
1285/* Writing process creation failed */
1286
1287if (write_pid < 0)
1288 {
1289 errno = save_errno; /* restore */
1290 goto TIDY_UP;
1291 }
1292
1293/* When testing, let the subprocess get going */
1294
1295testharness_pause_ms(250);
1296
1297DEBUG(D_transport)
1298 debug_printf("process %d writing to transport filter\n", (int)write_pid);
1299
1300/* Copy the message from the filter to the output fd. A read error leaves len
1301== -1 and errno set. We need to apply a timeout to the read, to cope with
1302the case when the filter gets stuck, but it can be quite a long one. The
1303default is 5m, but this is now configurable. */
1304
1305DEBUG(D_transport) debug_printf("copying from the filter\n");
1306
1307/* Copy the output of the filter, remembering if the last character was NL. If
1308no data is returned, that counts as "ended with NL" (default setting of the
1309variable is TRUE). The output should always be unix-format as we converted
1310any wireformat source on writing input to the filter. */
1311
1312f.spool_file_wireformat = FALSE;
1313chunk_ptr = deliver_out_buffer;
1314
1315for (;;)
1316 {
1317 sigalrm_seen = FALSE;
1318 ALARM(transport_filter_timeout);
1319 len = read(fd_read, deliver_in_buffer, DELIVER_IN_BUFFER_SIZE);
1320 ALARM_CLR(0);
1321 if (sigalrm_seen)
1322 {
1323 errno = ETIMEDOUT;
1324 f.transport_filter_timed_out = TRUE;
1325 goto TIDY_UP;
1326 }
1327
1328 /* If the read was successful, write the block down the original fd,
1329 remembering whether it ends in \n or not. */
1330
1331 if (len > 0)
1332 {
1333 if (!write_chunk(tctx, deliver_in_buffer, len)) goto TIDY_UP;
1334 last_filter_was_NL = (deliver_in_buffer[len-1] == '\n');
1335 }
1336
1337 /* Otherwise, break the loop. If we have hit EOF, set yield = TRUE. */
1338
1339 else
1340 {
1341 if (len == 0) yield = TRUE;
1342 break;
1343 }
1344 }
1345
1346/* Tidying up code. If yield = FALSE there has been an error and errno is set
1347to something. Ensure the pipes are all closed and the processes are removed. If
1348there has been an error, kill the processes before waiting for them, just to be
1349sure. Also apply a paranoia timeout. */
1350
1351TIDY_UP:
1352f.spool_file_wireformat = save_spool_file_wireformat;
1353save_errno = errno;
1354
1355(void)close(fd_read);
1356if (fd_write > 0) (void)close(fd_write);
1357
1358if (!yield)
1359 {
1360 if (filter_pid > 0) kill(filter_pid, SIGKILL);
1361 if (write_pid > 0) kill(write_pid, SIGKILL);
1362 }
1363
1364/* Wait for the filter process to complete. */
1365
1366DEBUG(D_transport) debug_printf("waiting for filter process\n");
1367if (filter_pid > 0 && (rc = child_close(filter_pid, 30)) != 0 && yield)
1368 {
1369 yield = FALSE;
1370 save_errno = ERRNO_FILTER_FAIL;
1371 tctx->addr->more_errno = rc;
1372 DEBUG(D_transport) debug_printf("filter process returned %d\n", rc);
1373 }
1374
1375/* Wait for the writing process to complete. If it ends successfully,
1376read the results from its pipe, provided we haven't already had a filter
1377process failure. */
1378
1379DEBUG(D_transport) debug_printf("waiting for writing process\n");
1380if (write_pid > 0)
1381 {
1382 rc = child_close(write_pid, 30);
1383 if (yield)
1384 if (rc == 0)
1385 {
1386 BOOL ok;
1387 if (read(pfd[pipe_read], (void *)&ok, sizeof(BOOL)) != sizeof(BOOL))
1388 {
1389 DEBUG(D_transport)
1390 debug_printf("pipe read from writing process: %s\n", strerror(errno));
1391 save_errno = ERRNO_FILTER_FAIL;
1392 yield = FALSE;
1393 }
1394 else if (!ok)
1395 {
1396 int dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
1397 dummy = read(pfd[pipe_read], (void *)&tctx->addr->more_errno, sizeof(int));
1398 dummy = read(pfd[pipe_read], (void *)&tctx->addr->delivery_time, sizeof(struct timeval));
1399 dummy = dummy; /* compiler quietening */
1400 yield = FALSE;
1401 }
1402 }
1403 else
1404 {
1405 yield = FALSE;
1406 save_errno = ERRNO_FILTER_FAIL;
1407 tctx->addr->more_errno = rc;
1408 DEBUG(D_transport) debug_printf("writing process returned %d\n", rc);
1409 }
1410 }
1411(void)close(pfd[pipe_read]);
1412
1413/* If there have been no problems we can now add the terminating "." if this is
1414SMTP output, turning off escaping beforehand. If the last character from the
1415filter was not NL, insert a NL to make the SMTP protocol work. */
1416
1417if (yield)
1418 {
1419 nl_check_length = nl_escape_length = 0;
1420 f.spool_file_wireformat = FALSE;
1421 if ( tctx->options & topt_end_dot
1422 && ( last_filter_was_NL
1423 ? !write_chunk(tctx, US".\n", 2)
1424 : !write_chunk(tctx, US"\n.\n", 3)
1425 ) )
1426 yield = FALSE;
1427
1428 /* Write out any remaining data in the buffer. */
1429
1430 else
1431 yield = (len = chunk_ptr - deliver_out_buffer) <= 0
1432 || transport_write_block(tctx, deliver_out_buffer, len, FALSE);
1433 }
1434else
1435 errno = save_errno; /* From some earlier error */
1436
1437DEBUG(D_transport)
1438 {
1439 debug_printf("end of filtering transport writing: yield=%d\n", yield);
1440 if (!yield)
1441 debug_printf("errno=%d more_errno=%d\n", errno, tctx->addr->more_errno);
1442 }
1443
1444return yield;
1445}
1446
1447
1448
1449
1450
1451/*************************************************
1452* Update waiting database *
1453*************************************************/
1454
1455/* This is called when an address is deferred by remote transports that are
1456capable of sending more than one message over one connection. A database is
1457maintained for each transport, keeping track of which messages are waiting for
1458which hosts. The transport can then consult this when eventually a successful
1459delivery happens, and if it finds that another message is waiting for the same
1460host, it can fire up a new process to deal with it using the same connection.
1461
1462The database records are keyed by host name. They can get full if there are
1463lots of messages waiting, and so there is a continuation mechanism for them.
1464
1465Each record contains a list of message ids, packed end to end without any
1466zeros. Each one is MESSAGE_ID_LENGTH bytes long. The count field says how many
1467in this record, and the sequence field says if there are any other records for
1468this host. If the sequence field is 0, there are none. If it is 1, then another
1469record with the name <hostname>:0 exists; if it is 2, then two other records
1470with sequence numbers 0 and 1 exist, and so on.
1471
1472Currently, an exhaustive search of all continuation records has to be done to
1473determine whether to add a message id to a given record. This shouldn't be
1474too bad except in extreme cases. I can't figure out a *simple* way of doing
1475better.
1476
1477Old records should eventually get swept up by the exim_tidydb utility.
1478
1479Arguments:
1480 hostlist list of hosts that this message could be sent to
1481 tpname name of the transport
1482
1483Returns: nothing
1484*/
1485
1486void
1487transport_update_waiting(host_item *hostlist, uschar *tpname)
1488{
1489const uschar *prevname = US"";
1490open_db dbblock;
1491open_db *dbm_file;
1492
1493DEBUG(D_transport) debug_printf("updating wait-%s database\n", tpname);
1494
1495/* Open the database for this transport */
1496
1497if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", tpname),
1498 O_RDWR, &dbblock, TRUE, TRUE)))
1499 return;
1500
1501/* Scan the list of hosts for which this message is waiting, and ensure
1502that the message id is in each host record. */
1503
1504for (host_item * host = hostlist; host; host = host->next)
1505 {
1506 BOOL already = FALSE;
1507 dbdata_wait *host_record;
1508 int host_length;
1509 uschar buffer[256];
1510
1511 /* Skip if this is the same host as we just processed; otherwise remember
1512 the name for next time. */
1513
1514 if (Ustrcmp(prevname, host->name) == 0) continue;
1515 prevname = host->name;
1516
1517 /* Look up the host record; if there isn't one, make an empty one. */
1518
1519 if (!(host_record = dbfn_read(dbm_file, host->name)))
1520 {
1521 host_record = store_get(sizeof(dbdata_wait) + MESSAGE_ID_LENGTH, FALSE);
1522 host_record->count = host_record->sequence = 0;
1523 }
1524
1525 /* Compute the current length */
1526
1527 host_length = host_record->count * MESSAGE_ID_LENGTH;
1528
1529 /* Search the record to see if the current message is already in it. */
1530
1531 for (uschar * s = host_record->text; s < host_record->text + host_length;
1532 s += MESSAGE_ID_LENGTH)
1533 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1534 { already = TRUE; break; }
1535
1536 /* If we haven't found this message in the main record, search any
1537 continuation records that exist. */
1538
1539 for (int i = host_record->sequence - 1; i >= 0 && !already; i--)
1540 {
1541 dbdata_wait *cont;
1542 sprintf(CS buffer, "%.200s:%d", host->name, i);
1543 if ((cont = dbfn_read(dbm_file, buffer)))
1544 {
1545 int clen = cont->count * MESSAGE_ID_LENGTH;
1546 for (uschar * s = cont->text; s < cont->text + clen; s += MESSAGE_ID_LENGTH)
1547 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1548 { already = TRUE; break; }
1549 }
1550 }
1551
1552 /* If this message is already in a record, no need to update. */
1553
1554 if (already)
1555 {
1556 DEBUG(D_transport) debug_printf("already listed for %s\n", host->name);
1557 continue;
1558 }
1559
1560
1561 /* If this record is full, write it out with a new name constructed
1562 from the sequence number, increase the sequence number, and empty
1563 the record. If we're doing a two-phase queue run initial phase, ping the
1564 daemon to consider running a delivery on this host. */
1565
1566 if (host_record->count >= WAIT_NAME_MAX)
1567 {
1568 sprintf(CS buffer, "%.200s:%d", host->name, host_record->sequence);
1569 dbfn_write(dbm_file, buffer, host_record, sizeof(dbdata_wait) + host_length);
1570#ifdef EXPERIMENTAL_QUEUE_RAMP
1571 if (f.queue_2stage && queue_fast_ramp && !queue_run_in_order)
1572 queue_notify_daemon(message_id);
1573#endif
1574 host_record->sequence++;
1575 host_record->count = 0;
1576 host_length = 0;
1577 }
1578
1579 /* If this record is not full, increase the size of the record to
1580 allow for one new message id. */
1581
1582 else
1583 {
1584 dbdata_wait *newr =
1585 store_get(sizeof(dbdata_wait) + host_length + MESSAGE_ID_LENGTH, FALSE);
1586 memcpy(newr, host_record, sizeof(dbdata_wait) + host_length);
1587 host_record = newr;
1588 }
1589
1590 /* Now add the new name on the end */
1591
1592 memcpy(host_record->text + host_length, message_id, MESSAGE_ID_LENGTH);
1593 host_record->count++;
1594 host_length += MESSAGE_ID_LENGTH;
1595
1596 /* Update the database */
1597
1598 dbfn_write(dbm_file, host->name, host_record, sizeof(dbdata_wait) + host_length);
1599 DEBUG(D_transport) debug_printf("added to list for %s\n", host->name);
1600 }
1601
1602/* All now done */
1603
1604dbfn_close(dbm_file);
1605}
1606
1607
1608
1609
1610/*************************************************
1611* Test for waiting messages *
1612*************************************************/
1613
1614/* This function is called by a remote transport which uses the previous
1615function to remember which messages are waiting for which remote hosts. It's
1616called after a successful delivery and its job is to check whether there is
1617another message waiting for the same host. However, it doesn't do this if the
1618current continue sequence is greater than the maximum supplied as an argument,
1619or greater than the global connection_max_messages, which, if set, overrides.
1620
1621Arguments:
1622 transport_name name of the transport
1623 hostname name of the host
1624 local_message_max maximum number of messages down one connection
1625 as set by the caller transport
1626 new_message_id set to the message id of a waiting message
1627 more set TRUE if there are yet more messages waiting
1628 oicf_func function to call to validate if it is ok to send
1629 to this message_id from the current instance.
1630 oicf_data opaque data for oicf_func
1631
1632Returns: TRUE if new_message_id set; FALSE otherwise
1633*/
1634
1635typedef struct msgq_s
1636{
1637 uschar message_id [MESSAGE_ID_LENGTH + 1];
1638 BOOL bKeep;
1639} msgq_t;
1640
1641BOOL
1642transport_check_waiting(const uschar *transport_name, const uschar *hostname,
1643 int local_message_max, uschar *new_message_id, BOOL *more, oicf oicf_func, void *oicf_data)
1644{
1645dbdata_wait *host_record;
1646int host_length;
1647open_db dbblock;
1648open_db *dbm_file;
1649
1650int i;
1651struct stat statbuf;
1652
1653*more = FALSE;
1654
1655DEBUG(D_transport)
1656 {
1657 debug_printf("transport_check_waiting entered\n");
1658 debug_printf(" sequence=%d local_max=%d global_max=%d\n",
1659 continue_sequence, local_message_max, connection_max_messages);
1660 }
1661
1662/* Do nothing if we have hit the maximum number that can be send down one
1663connection. */
1664
1665if (connection_max_messages >= 0) local_message_max = connection_max_messages;
1666if (local_message_max > 0 && continue_sequence >= local_message_max)
1667 {
1668 DEBUG(D_transport)
1669 debug_printf("max messages for one connection reached: returning\n");
1670 return FALSE;
1671 }
1672
1673/* Open the waiting information database. */
1674
1675if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", transport_name),
1676 O_RDWR, &dbblock, TRUE, TRUE)))
1677 return FALSE;
1678
1679/* See if there is a record for this host; if not, there's nothing to do. */
1680
1681if (!(host_record = dbfn_read(dbm_file, hostname)))
1682 {
1683 dbfn_close(dbm_file);
1684 DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname);
1685 return FALSE;
1686 }
1687
1688/* If the data in the record looks corrupt, just log something and
1689don't try to use it. */
1690
1691if (host_record->count > WAIT_NAME_MAX)
1692 {
1693 dbfn_close(dbm_file);
1694 log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad "
1695 "count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX);
1696 return FALSE;
1697 }
1698
1699/* Scan the message ids in the record from the end towards the beginning,
1700until one is found for which a spool file actually exists. If the record gets
1701emptied, delete it and continue with any continuation records that may exist.
1702*/
1703
1704/* For Bug 1141, I refactored this major portion of the routine, it is risky
1705but the 1 off will remain without it. This code now allows me to SKIP over
1706a message I do not want to send out on this run. */
1707
1708host_length = host_record->count * MESSAGE_ID_LENGTH;
1709
1710while (1)
1711 {
1712 msgq_t *msgq;
1713 int msgq_count = 0;
1714 int msgq_actual = 0;
1715 BOOL bFound = FALSE;
1716 BOOL bContinuation = FALSE;
1717
1718 /* create an array to read entire message queue into memory for processing */
1719
1720 msgq = store_get(sizeof(msgq_t) * host_record->count, FALSE);
1721 msgq_count = host_record->count;
1722 msgq_actual = msgq_count;
1723
1724 for (i = 0; i < host_record->count; ++i)
1725 {
1726 msgq[i].bKeep = TRUE;
1727
1728 Ustrncpy_nt(msgq[i].message_id, host_record->text + (i * MESSAGE_ID_LENGTH),
1729 MESSAGE_ID_LENGTH);
1730 msgq[i].message_id[MESSAGE_ID_LENGTH] = 0;
1731 }
1732
1733 /* first thing remove current message id if it exists */
1734
1735 for (i = 0; i < msgq_count; ++i)
1736 if (Ustrcmp(msgq[i].message_id, message_id) == 0)
1737 {
1738 msgq[i].bKeep = FALSE;
1739 break;
1740 }
1741
1742 /* now find the next acceptable message_id */
1743
1744 for (i = msgq_count - 1; i >= 0; --i) if (msgq[i].bKeep)
1745 {
1746 uschar subdir[2];
1747 uschar * mid = msgq[i].message_id;
1748
1749 set_subdir_str(subdir, mid, 0);
1750 if (Ustat(spool_fname(US"input", subdir, mid, US"-D"), &statbuf) != 0)
1751 msgq[i].bKeep = FALSE;
1752 else if (!oicf_func || oicf_func(mid, oicf_data))
1753 {
1754 Ustrcpy_nt(new_message_id, mid);
1755 msgq[i].bKeep = FALSE;
1756 bFound = TRUE;
1757 break;
1758 }
1759 }
1760
1761 /* re-count */
1762 for (msgq_actual = 0, i = 0; i < msgq_count; ++i)
1763 if (msgq[i].bKeep)
1764 msgq_actual++;
1765
1766 /* reassemble the host record, based on removed message ids, from in
1767 memory queue */
1768
1769 if (msgq_actual <= 0)
1770 {
1771 host_length = 0;
1772 host_record->count = 0;
1773 }
1774 else
1775 {
1776 host_length = msgq_actual * MESSAGE_ID_LENGTH;
1777 host_record->count = msgq_actual;
1778
1779 if (msgq_actual < msgq_count)
1780 {
1781 int new_count;
1782 for (new_count = 0, i = 0; i < msgq_count; ++i)
1783 if (msgq[i].bKeep)
1784 Ustrncpy(&host_record->text[new_count++ * MESSAGE_ID_LENGTH],
1785 msgq[i].message_id, MESSAGE_ID_LENGTH);
1786
1787 host_record->text[new_count * MESSAGE_ID_LENGTH] = 0;
1788 }
1789 }
1790
1791 /* Check for a continuation record. */
1792
1793 while (host_length <= 0)
1794 {
1795 dbdata_wait * newr = NULL;
1796 uschar buffer[256];
1797
1798 /* Search for a continuation */
1799
1800 for (int i = host_record->sequence - 1; i >= 0 && !newr; i--)
1801 {
1802 sprintf(CS buffer, "%.200s:%d", hostname, i);
1803 newr = dbfn_read(dbm_file, buffer);
1804 }
1805
1806 /* If no continuation, delete the current and break the loop */
1807
1808 if (!newr)
1809 {
1810 dbfn_delete(dbm_file, hostname);
1811 break;
1812 }
1813
1814 /* Else replace the current with the continuation */
1815
1816 dbfn_delete(dbm_file, buffer);
1817 host_record = newr;
1818 host_length = host_record->count * MESSAGE_ID_LENGTH;
1819
1820 bContinuation = TRUE;
1821 }
1822
1823 if (bFound) /* Usual exit from main loop */
1824 break;
1825
1826 /* If host_length <= 0 we have emptied a record and not found a good message,
1827 and there are no continuation records. Otherwise there is a continuation
1828 record to process. */
1829
1830 if (host_length <= 0)
1831 {
1832 dbfn_close(dbm_file);
1833 DEBUG(D_transport) debug_printf("waiting messages already delivered\n");
1834 return FALSE;
1835 }
1836
1837 /* we were not able to find an acceptable message, nor was there a
1838 * continuation record. So bug out, outer logic will clean this up.
1839 */
1840
1841 if (!bContinuation)
1842 {
1843 Ustrcpy(new_message_id, message_id);
1844 dbfn_close(dbm_file);
1845 return FALSE;
1846 }
1847 } /* we need to process a continuation record */
1848
1849/* Control gets here when an existing message has been encountered; its
1850id is in new_message_id, and host_length is the revised length of the
1851host record. If it is zero, the record has been removed. Update the
1852record if required, close the database, and return TRUE. */
1853
1854if (host_length > 0)
1855 {
1856 host_record->count = host_length/MESSAGE_ID_LENGTH;
1857
1858 dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length);
1859 *more = TRUE;
1860 }
1861
1862dbfn_close(dbm_file);
1863return TRUE;
1864}
1865
1866/*************************************************
1867* Deliver waiting message down same socket *
1868*************************************************/
1869
1870/* Just the regain-root-privilege exec portion */
1871void
1872transport_do_pass_socket(const uschar *transport_name, const uschar *hostname,
1873 const uschar *hostaddress, uschar *id, int socket_fd)
1874{
1875int i = 20;
1876const uschar **argv;
1877
1878/* Set up the calling arguments; use the standard function for the basics,
1879but we have a number of extras that may be added. */
1880
1881argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0);
1882
1883if (f.smtp_authenticated) argv[i++] = US"-MCA";
1884if (smtp_peer_options & OPTION_CHUNKING) argv[i++] = US"-MCK";
1885if (smtp_peer_options & OPTION_DSN) argv[i++] = US"-MCD";
1886if (smtp_peer_options & OPTION_PIPE) argv[i++] = US"-MCP";
1887if (smtp_peer_options & OPTION_SIZE) argv[i++] = US"-MCS";
1888#ifndef DISABLE_TLS
1889if (smtp_peer_options & OPTION_TLS)
1890 if (tls_out.active.sock >= 0 || continue_proxy_cipher)
1891 {
1892 argv[i++] = US"-MCt";
1893 argv[i++] = sending_ip_address;
1894 argv[i++] = string_sprintf("%d", sending_port);
1895 argv[i++] = tls_out.active.sock >= 0 ? tls_out.cipher : continue_proxy_cipher;
1896 }
1897 else
1898 argv[i++] = US"-MCT";
1899#endif
1900
1901if (queue_run_pid != (pid_t)0)
1902 {
1903 argv[i++] = US"-MCQ";
1904 argv[i++] = string_sprintf("%d", queue_run_pid);
1905 argv[i++] = string_sprintf("%d", queue_run_pipe);
1906 }
1907
1908argv[i++] = US"-MC";
1909argv[i++] = US transport_name;
1910argv[i++] = US hostname;
1911argv[i++] = US hostaddress;
1912argv[i++] = string_sprintf("%d", continue_sequence + 1);
1913argv[i++] = id;
1914argv[i++] = NULL;
1915
1916/* Arrange for the channel to be on stdin. */
1917
1918if (socket_fd != 0)
1919 {
1920 (void)dup2(socket_fd, 0);
1921 (void)close(socket_fd);
1922 }
1923
1924DEBUG(D_exec) debug_print_argv(argv);
1925exim_nullstd(); /* Ensure std{out,err} exist */
1926execv(CS argv[0], (char *const *)argv);
1927
1928DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));
1929_exit(errno); /* Note: must be _exit(), NOT exit() */
1930}
1931
1932
1933
1934/* Fork a new exim process to deliver the message, and do a re-exec, both to
1935get a clean delivery process, and to regain root privilege in cases where it
1936has been given away.
1937
1938Arguments:
1939 transport_name to pass to the new process
1940 hostname ditto
1941 hostaddress ditto
1942 id the new message to process
1943 socket_fd the connected socket
1944
1945Returns: FALSE if fork fails; TRUE otherwise
1946*/
1947
1948BOOL
1949transport_pass_socket(const uschar *transport_name, const uschar *hostname,
1950 const uschar *hostaddress, uschar *id, int socket_fd)
1951{
1952pid_t pid;
1953int status;
1954
1955DEBUG(D_transport) debug_printf("transport_pass_socket entered\n");
1956
1957if ((pid = fork()) == 0)
1958 {
1959 /* Disconnect entirely from the parent process. If we are running in the
1960 test harness, wait for a bit to allow the previous process time to finish,
1961 write the log, etc., so that the output is always in the same order for
1962 automatic comparison. */
1963
1964 if ((pid = fork()) != 0)
1965 {
1966 DEBUG(D_transport) debug_printf("transport_pass_socket succeeded (final-pid %d)\n", pid);
1967 _exit(EXIT_SUCCESS);
1968 }
1969 testharness_pause_ms(1000);
1970
1971 transport_do_pass_socket(transport_name, hostname, hostaddress,
1972 id, socket_fd);
1973 }
1974
1975/* If the process creation succeeded, wait for the first-level child, which
1976immediately exits, leaving the second level process entirely disconnected from
1977this one. */
1978
1979if (pid > 0)
1980 {
1981 int rc;
1982 while ((rc = wait(&status)) != pid && (rc >= 0 || errno != ECHILD));
1983 DEBUG(D_transport) debug_printf("transport_pass_socket succeeded (inter-pid %d)\n", pid);
1984 return TRUE;
1985 }
1986else
1987 {
1988 DEBUG(D_transport) debug_printf("transport_pass_socket failed to fork: %s\n",
1989 strerror(errno));
1990 return FALSE;
1991 }
1992}
1993
1994
1995
1996/*************************************************
1997* Set up direct (non-shell) command *
1998*************************************************/
1999
2000/* This function is called when a command line is to be parsed and executed
2001directly, without the use of /bin/sh. It is called by the pipe transport,
2002the queryprogram router, and also from the main delivery code when setting up a
2003transport filter process. The code for ETRN also makes use of this; in that
2004case, no addresses are passed.
2005
2006Arguments:
2007 argvptr pointer to anchor for argv vector
2008 cmd points to the command string (modified IN PLACE)
2009 expand_arguments true if expansion is to occur
2010 expand_failed error value to set if expansion fails; not relevant if
2011 addr == NULL
2012 addr chain of addresses, or NULL
2013 etext text for use in error messages
2014 errptr where to put error message if addr is NULL;
2015 otherwise it is put in the first address
2016
2017Returns: TRUE if all went well; otherwise an error will be
2018 set in the first address and FALSE returned
2019*/
2020
2021BOOL
2022transport_set_up_command(const uschar ***argvptr, uschar *cmd,
2023 BOOL expand_arguments, int expand_failed, address_item *addr,
2024 uschar *etext, uschar **errptr)
2025{
2026const uschar **argv;
2027uschar *s, *ss;
2028int address_count = 0;
2029int argcount = 0;
2030int max_args;
2031
2032/* Get store in which to build an argument list. Count the number of addresses
2033supplied, and allow for that many arguments, plus an additional 60, which
2034should be enough for anybody. Multiple addresses happen only when the local
2035delivery batch option is set. */
2036
2037for (address_item * ad = addr; ad; ad = ad->next) address_count++;
2038max_args = address_count + 60;
2039*argvptr = argv = store_get((max_args+1)*sizeof(uschar *), FALSE);
2040
2041/* Split the command up into arguments terminated by white space. Lose
2042trailing space at the start and end. Double-quoted arguments can contain \\ and
2043\" escapes and so can be handled by the standard function; single-quoted
2044arguments are verbatim. Copy each argument into a new string. */
2045
2046s = cmd;
2047while (isspace(*s)) s++;
2048
2049for (; *s != 0 && argcount < max_args; argcount++)
2050 {
2051 if (*s == '\'')
2052 {
2053 ss = s + 1;
2054 while (*ss != 0 && *ss != '\'') ss++;
2055 argv[argcount] = ss = store_get(ss - s++, is_tainted(cmd));
2056 while (*s != 0 && *s != '\'') *ss++ = *s++;
2057 if (*s != 0) s++;
2058 *ss++ = 0;
2059 }
2060 else
2061 argv[argcount] = string_dequote(CUSS &s);
2062 while (isspace(*s)) s++;
2063 }
2064
2065argv[argcount] = US 0;
2066
2067/* If *s != 0 we have run out of argument slots. */
2068
2069if (*s != 0)
2070 {
2071 uschar *msg = string_sprintf("Too many arguments in command \"%s\" in "
2072 "%s", cmd, etext);
2073 if (addr != NULL)
2074 {
2075 addr->transport_return = FAIL;
2076 addr->message = msg;
2077 }
2078 else *errptr = msg;
2079 return FALSE;
2080 }
2081
2082/* Expand each individual argument if required. Expansion happens for pipes set
2083up in filter files and with directly-supplied commands. It does not happen if
2084the pipe comes from a traditional .forward file. A failing expansion is a big
2085disaster if the command came from Exim's configuration; if it came from a user
2086it is just a normal failure. The expand_failed value is used as the error value
2087to cater for these two cases.
2088
2089An argument consisting just of the text "$pipe_addresses" is treated specially.
2090It is not passed to the general expansion function. Instead, it is replaced by
2091a number of arguments, one for each address. This avoids problems with shell
2092metacharacters and spaces in addresses.
2093
2094If the parent of the top address has an original part of "system-filter", this
2095pipe was set up by the system filter, and we can permit the expansion of
2096$recipients. */
2097
2098DEBUG(D_transport)
2099 {
2100 debug_printf("direct command:\n");
2101 for (int i = 0; argv[i]; i++)
2102 debug_printf(" argv[%d] = '%s'\n", i, string_printing(argv[i]));
2103 }
2104
2105if (expand_arguments)
2106 {
2107 BOOL allow_dollar_recipients = addr != NULL &&
2108 addr->parent != NULL &&
2109 Ustrcmp(addr->parent->address, "system-filter") == 0;
2110
2111 for (int i = 0; argv[i] != US 0; i++)
2112 {
2113
2114 /* Handle special fudge for passing an address list */
2115
2116 if (addr != NULL &&
2117 (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
2118 Ustrcmp(argv[i], "${pipe_addresses}") == 0))
2119 {
2120 int additional;
2121
2122 if (argcount + address_count - 1 > max_args)
2123 {
2124 addr->transport_return = FAIL;
2125 addr->message = string_sprintf("Too many arguments to command \"%s\" "
2126 "in %s", cmd, etext);
2127 return FALSE;
2128 }
2129
2130 additional = address_count - 1;
2131 if (additional > 0)
2132 memmove(argv + i + 1 + additional, argv + i + 1,
2133 (argcount - i)*sizeof(uschar *));
2134
2135 for (address_item * ad = addr; ad; ad = ad->next)
2136 {
2137 argv[i++] = ad->address;
2138 argcount++;
2139 }
2140
2141 /* Subtract one since we replace $pipe_addresses */
2142 argcount--;
2143 i--;
2144 }
2145
2146 /* Handle special case of $address_pipe when af_force_command is set */
2147
2148 else if (addr != NULL && testflag(addr,af_force_command) &&
2149 (Ustrcmp(argv[i], "$address_pipe") == 0 ||
2150 Ustrcmp(argv[i], "${address_pipe}") == 0))
2151 {
2152 int address_pipe_argcount = 0;
2153 int address_pipe_max_args;
2154 uschar **address_pipe_argv;
2155 BOOL tainted;
2156
2157 /* We can never have more then the argv we will be loading into */
2158 address_pipe_max_args = max_args - argcount + 1;
2159
2160 DEBUG(D_transport)
2161 debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args);
2162
2163 /* We allocate an additional for (uschar *)0 */
2164 address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *), FALSE);
2165
2166 /* +1 because addr->local_part[0] == '|' since af_force_command is set */
2167 s = expand_string(addr->local_part + 1);
2168 tainted = is_tainted(s);
2169
2170 if (s == NULL || *s == '\0')
2171 {
2172 addr->transport_return = FAIL;
2173 addr->message = string_sprintf("Expansion of \"%s\" "
2174 "from command \"%s\" in %s failed: %s",
2175 (addr->local_part + 1), cmd, etext, expand_string_message);
2176 return FALSE;
2177 }
2178
2179 while (isspace(*s)) s++; /* strip leading space */
2180
2181 while (*s != 0 && address_pipe_argcount < address_pipe_max_args)
2182 {
2183 if (*s == '\'')
2184 {
2185 ss = s + 1;
2186 while (*ss != 0 && *ss != '\'') ss++;
2187 address_pipe_argv[address_pipe_argcount++] = ss = store_get(ss - s++, tainted);
2188 while (*s != 0 && *s != '\'') *ss++ = *s++;
2189 if (*s != 0) s++;
2190 *ss++ = 0;
2191 }
2192 else address_pipe_argv[address_pipe_argcount++] =
2193 string_copy(string_dequote(CUSS &s));
2194 while (isspace(*s)) s++; /* strip space after arg */
2195 }
2196
2197 address_pipe_argv[address_pipe_argcount] = US 0;
2198
2199 /* If *s != 0 we have run out of argument slots. */
2200 if (*s != 0)
2201 {
2202 uschar *msg = string_sprintf("Too many arguments in $address_pipe "
2203 "\"%s\" in %s", addr->local_part + 1, etext);
2204 if (addr != NULL)
2205 {
2206 addr->transport_return = FAIL;
2207 addr->message = msg;
2208 }
2209 else *errptr = msg;
2210 return FALSE;
2211 }
2212
2213 /* address_pipe_argcount - 1
2214 * because we are replacing $address_pipe in the argument list
2215 * with the first thing it expands to */
2216 if (argcount + address_pipe_argcount - 1 > max_args)
2217 {
2218 addr->transport_return = FAIL;
2219 addr->message = string_sprintf("Too many arguments to command "
2220 "\"%s\" after expanding $address_pipe in %s", cmd, etext);
2221 return FALSE;
2222 }
2223
2224 /* If we are not just able to replace the slot that contained
2225 * $address_pipe (address_pipe_argcount == 1)
2226 * We have to move the existing argv by address_pipe_argcount - 1
2227 * Visually if address_pipe_argcount == 2:
2228 * [argv 0][argv 1][argv 2($address_pipe)][argv 3][0]
2229 * [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0]
2230 */
2231 if (address_pipe_argcount > 1)
2232 memmove(
2233 /* current position + additional args */
2234 argv + i + address_pipe_argcount,
2235 /* current position + 1 (for the (uschar *)0 at the end) */
2236 argv + i + 1,
2237 /* -1 for the (uschar *)0 at the end)*/
2238 (argcount - i)*sizeof(uschar *)
2239 );
2240
2241 /* Now we fill in the slots we just moved argv out of
2242 * [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0]
2243 */
2244 for (int address_pipe_i = 0;
2245 address_pipe_argv[address_pipe_i] != US 0;
2246 address_pipe_i++)
2247 {
2248 argv[i++] = address_pipe_argv[address_pipe_i];
2249 argcount++;
2250 }
2251
2252 /* Subtract one since we replace $address_pipe */
2253 argcount--;
2254 i--;
2255 }
2256
2257 /* Handle normal expansion string */
2258
2259 else
2260 {
2261 const uschar *expanded_arg;
2262 f.enable_dollar_recipients = allow_dollar_recipients;
2263 expanded_arg = expand_cstring(argv[i]);
2264 f.enable_dollar_recipients = FALSE;
2265
2266 if (!expanded_arg)
2267 {
2268 uschar *msg = string_sprintf("Expansion of \"%s\" "
2269 "from command \"%s\" in %s failed: %s",
2270 argv[i], cmd, etext, expand_string_message);
2271 if (addr)
2272 {
2273 addr->transport_return = expand_failed;
2274 addr->message = msg;
2275 }
2276 else *errptr = msg;
2277 return FALSE;
2278 }
2279 argv[i] = expanded_arg;
2280 }
2281 }
2282
2283 DEBUG(D_transport)
2284 {
2285 debug_printf("direct command after expansion:\n");
2286 for (int i = 0; argv[i] != US 0; i++)
2287 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
2288 }
2289 }
2290
2291return TRUE;
2292}
2293
2294#endif /*!MACRO_PREDEF*/
2295/* vi: aw ai sw=2
2296*/
2297/* End of transport.c */
Unnamed repository; edit this file 'description' to name the repository.