projects / exim.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
basic & pipelined transmit testcases
[exim.git] / src / src / transport.c
... / ...
CommitLineData
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5/* Copyright (c) University of Cambridge 1995 - 2016 */
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* General functions concerned with transportation, and generic options for all
9transports. */
10
11
12#include "exim.h"
13
14#ifdef HAVE_LINUX_SENDFILE
15#include <sys/sendfile.h>
16#endif
17
18/* Structure for keeping list of addresses that have been added to
19Envelope-To:, in order to avoid duplication. */
20
21struct aci {
22 struct aci *next;
23 address_item *ptr;
24 };
25
26
27/* Static data for write_chunk() */
28
29static uschar *chunk_ptr; /* chunk pointer */
30static uschar *nl_check; /* string to look for at line start */
31static int nl_check_length; /* length of same */
32static uschar *nl_escape; /* string to insert */
33static int nl_escape_length; /* length of same */
34static int nl_partial_match; /* length matched at chunk end */
35
36
37/* Generic options for transports, all of which live inside transport_instance
38data blocks and which therefore have the opt_public flag set. Note that there
39are other options living inside this structure which can be set only from
40certain transports. */
41
42optionlist optionlist_transports[] = {
43 { "*expand_group", opt_stringptr|opt_hidden|opt_public,
44 (void *)offsetof(transport_instance, expand_gid) },
45 { "*expand_user", opt_stringptr|opt_hidden|opt_public,
46 (void *)offsetof(transport_instance, expand_uid) },
47 { "*headers_rewrite_flags", opt_int|opt_public|opt_hidden,
48 (void *)offsetof(transport_instance, rewrite_existflags) },
49 { "*headers_rewrite_rules", opt_void|opt_public|opt_hidden,
50 (void *)offsetof(transport_instance, rewrite_rules) },
51 { "*set_group", opt_bool|opt_hidden|opt_public,
52 (void *)offsetof(transport_instance, gid_set) },
53 { "*set_user", opt_bool|opt_hidden|opt_public,
54 (void *)offsetof(transport_instance, uid_set) },
55 { "body_only", opt_bool|opt_public,
56 (void *)offsetof(transport_instance, body_only) },
57 { "current_directory", opt_stringptr|opt_public,
58 (void *)offsetof(transport_instance, current_dir) },
59 { "debug_print", opt_stringptr | opt_public,
60 (void *)offsetof(transport_instance, debug_string) },
61 { "delivery_date_add", opt_bool|opt_public,
62 (void *)(offsetof(transport_instance, delivery_date_add)) },
63 { "disable_logging", opt_bool|opt_public,
64 (void *)(offsetof(transport_instance, disable_logging)) },
65 { "driver", opt_stringptr|opt_public,
66 (void *)offsetof(transport_instance, driver_name) },
67 { "envelope_to_add", opt_bool|opt_public,
68 (void *)(offsetof(transport_instance, envelope_to_add)) },
69#ifndef DISABLE_EVENT
70 { "event_action", opt_stringptr | opt_public,
71 (void *)offsetof(transport_instance, event_action) },
72#endif
73 { "group", opt_expand_gid|opt_public,
74 (void *)offsetof(transport_instance, gid) },
75 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
76 (void *)offsetof(transport_instance, add_headers) },
77 { "headers_only", opt_bool|opt_public,
78 (void *)offsetof(transport_instance, headers_only) },
79 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
80 (void *)offsetof(transport_instance, remove_headers) },
81 { "headers_rewrite", opt_rewrite|opt_public,
82 (void *)offsetof(transport_instance, headers_rewrite) },
83 { "home_directory", opt_stringptr|opt_public,
84 (void *)offsetof(transport_instance, home_dir) },
85 { "initgroups", opt_bool|opt_public,
86 (void *)offsetof(transport_instance, initgroups) },
87 { "max_parallel", opt_stringptr|opt_public,
88 (void *)offsetof(transport_instance, max_parallel) },
89 { "message_size_limit", opt_stringptr|opt_public,
90 (void *)offsetof(transport_instance, message_size_limit) },
91 { "rcpt_include_affixes", opt_bool|opt_public,
92 (void *)offsetof(transport_instance, rcpt_include_affixes) },
93 { "retry_use_local_part", opt_bool|opt_public,
94 (void *)offsetof(transport_instance, retry_use_local_part) },
95 { "return_path", opt_stringptr|opt_public,
96 (void *)(offsetof(transport_instance, return_path)) },
97 { "return_path_add", opt_bool|opt_public,
98 (void *)(offsetof(transport_instance, return_path_add)) },
99 { "shadow_condition", opt_stringptr|opt_public,
100 (void *)offsetof(transport_instance, shadow_condition) },
101 { "shadow_transport", opt_stringptr|opt_public,
102 (void *)offsetof(transport_instance, shadow) },
103 { "transport_filter", opt_stringptr|opt_public,
104 (void *)offsetof(transport_instance, filter_command) },
105 { "transport_filter_timeout", opt_time|opt_public,
106 (void *)offsetof(transport_instance, filter_timeout) },
107 { "user", opt_expand_uid|opt_public,
108 (void *)offsetof(transport_instance, uid) }
109};
110
111int optionlist_transports_size =
112 sizeof(optionlist_transports)/sizeof(optionlist);
113
114
115/*************************************************
116* Initialize transport list *
117*************************************************/
118
119/* Read the transports section of the configuration file, and set up a chain of
120transport instances according to its contents. Each transport has generic
121options and may also have its own private options. This function is only ever
122called when transports == NULL. We use generic code in readconf to do most of
123the work. */
124
125void
126transport_init(void)
127{
128transport_instance *t;
129
130readconf_driver_init(US"transport",
131 (driver_instance **)(&transports), /* chain anchor */
132 (driver_info *)transports_available, /* available drivers */
133 sizeof(transport_info), /* size of info block */
134 &transport_defaults, /* default values for generic options */
135 sizeof(transport_instance), /* size of instance block */
136 optionlist_transports, /* generic options */
137 optionlist_transports_size);
138
139/* Now scan the configured transports and check inconsistencies. A shadow
140transport is permitted only for local transports. */
141
142for (t = transports; t != NULL; t = t->next)
143 {
144 if (!t->info->local)
145 {
146 if (t->shadow != NULL)
147 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
148 "shadow transport not allowed on non-local transport %s", t->name);
149 }
150
151 if (t->body_only && t->headers_only)
152 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
153 "%s transport: body_only and headers_only are mutually exclusive",
154 t->name);
155 }
156}
157
158
159
160/*************************************************
161* Write block of data *
162*************************************************/
163
164/* Subroutine called by write_chunk() and at the end of the message actually
165to write a data block. Also called directly by some transports to write
166additional data to the file descriptor (e.g. prefix, suffix).
167
168If a transport wants data transfers to be timed, it sets a non-zero value in
169transport_write_timeout. A non-zero transport_write_timeout causes a timer to
170be set for each block of data written from here. If time runs out, then write()
171fails and provokes an error return. The caller can then inspect sigalrm_seen to
172check for a timeout.
173
174On some systems, if a quota is exceeded during the write, the yield is the
175number of bytes written rather than an immediate error code. This also happens
176on some systems in other cases, for example a pipe that goes away because the
177other end's process terminates (Linux). On other systems, (e.g. Solaris 2) you
178get the error codes the first time.
179
180The write() function is also interruptible; the Solaris 2.6 man page says:
181
182 If write() is interrupted by a signal before it writes any
183 data, it will return -1 with errno set to EINTR.
184
185 If write() is interrupted by a signal after it successfully
186 writes some data, it will return the number of bytes written.
187
188To handle these cases, we want to restart the write() to output the remainder
189of the data after a non-negative return from write(), except after a timeout.
190In the error cases (EDQUOT, EPIPE) no bytes get written the second time, and a
191proper error then occurs. In principle, after an interruption, the second
192write() could suffer the same fate, but we do not want to continue for
193evermore, so stick a maximum repetition count on the loop to act as a
194longstop.
195
196Arguments:
197 fd file descriptor to write to
198 block block of bytes to write
199 len number of bytes to write
200
201Returns: TRUE on success, FALSE on failure (with errno preserved);
202 transport_count is incremented by the number of bytes written
203*/
204
205BOOL
206transport_write_block(int fd, uschar *block, int len)
207{
208int i, rc, save_errno;
209int local_timeout = transport_write_timeout;
210
211/* This loop is for handling incomplete writes and other retries. In most
212normal cases, it is only ever executed once. */
213
214for (i = 0; i < 100; i++)
215 {
216 DEBUG(D_transport)
217 debug_printf("writing data block fd=%d size=%d timeout=%d\n",
218 fd, len, local_timeout);
219
220 /* This code makes use of alarm() in order to implement the timeout. This
221 isn't a very tidy way of doing things. Using non-blocking I/O with select()
222 provides a neater approach. However, I don't know how to do this when TLS is
223 in use. */
224
225 if (transport_write_timeout <= 0) /* No timeout wanted */
226 {
227 #ifdef SUPPORT_TLS
228 if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else
229 #endif
230 rc = write(fd, block, len);
231 save_errno = errno;
232 }
233
234 /* Timeout wanted. */
235
236 else
237 {
238 alarm(local_timeout);
239#ifdef SUPPORT_TLS
240 if (tls_out.active == fd)
241 rc = tls_write(FALSE, block, len);
242 else
243#endif
244 rc = write(fd, block, len);
245 save_errno = errno;
246 local_timeout = alarm(0);
247 if (sigalrm_seen)
248 {
249 errno = ETIMEDOUT;
250 return FALSE;
251 }
252 }
253
254 /* Hopefully, the most common case is success, so test that first. */
255
256 if (rc == len) { transport_count += len; return TRUE; }
257
258 /* A non-negative return code is an incomplete write. Try again for the rest
259 of the block. If we have exactly hit the timeout, give up. */
260
261 if (rc >= 0)
262 {
263 len -= rc;
264 block += rc;
265 transport_count += rc;
266 DEBUG(D_transport) debug_printf("write incomplete (%d)\n", rc);
267 goto CHECK_TIMEOUT; /* A few lines below */
268 }
269
270 /* A negative return code with an EINTR error is another form of
271 incomplete write, zero bytes having been written */
272
273 if (save_errno == EINTR)
274 {
275 DEBUG(D_transport)
276 debug_printf("write interrupted before anything written\n");
277 goto CHECK_TIMEOUT; /* A few lines below */
278 }
279
280 /* A response of EAGAIN from write() is likely only in the case of writing
281 to a FIFO that is not swallowing the data as fast as Exim is writing it. */
282
283 if (save_errno == EAGAIN)
284 {
285 DEBUG(D_transport)
286 debug_printf("write temporarily locked out, waiting 1 sec\n");
287 sleep(1);
288
289 /* Before continuing to try another write, check that we haven't run out of
290 time. */
291
292 CHECK_TIMEOUT:
293 if (transport_write_timeout > 0 && local_timeout <= 0)
294 {
295 errno = ETIMEDOUT;
296 return FALSE;
297 }
298 continue;
299 }
300
301 /* Otherwise there's been an error */
302
303 DEBUG(D_transport) debug_printf("writing error %d: %s\n", save_errno,
304 strerror(save_errno));
305 errno = save_errno;
306 return FALSE;
307 }
308
309/* We've tried and tried and tried but still failed */
310
311errno = ERRNO_WRITEINCOMPLETE;
312return FALSE;
313}
314
315
316
317
318/*************************************************
319* Write formatted string *
320*************************************************/
321
322/* This is called by various transports. It is a convenience function.
323
324Arguments:
325 fd file descriptor
326 format string format
327 ... arguments for format
328
329Returns: the yield of transport_write_block()
330*/
331
332BOOL
333transport_write_string(int fd, const char *format, ...)
334{
335va_list ap;
336va_start(ap, format);
337if (!string_vformat(big_buffer, big_buffer_size, format, ap))
338 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong formatted string in transport");
339va_end(ap);
340return transport_write_block(fd, big_buffer, Ustrlen(big_buffer));
341}
342
343
344
345
346/*************************************************
347* Write character chunk *
348*************************************************/
349
350/* Subroutine used by transport_write_message() to scan character chunks for
351newlines and act appropriately. The object is to minimise the number of writes.
352The output byte stream is buffered up in deliver_out_buffer, which is written
353only when it gets full, thus minimizing write operations and TCP packets.
354
355Static data is used to handle the case when the last character of the previous
356chunk was NL, or matched part of the data that has to be escaped.
357
358Arguments:
359 fd file descript to write to
360 chunk pointer to data to write
361 len length of data to write
362 tctx transport context - processing to be done during output
363
364In addition, the static nl_xxx variables must be set as required.
365
366Returns: TRUE on success, FALSE on failure (with errno preserved)
367*/
368
369static BOOL
370write_chunk(int fd, transport_ctx * tctx, uschar *chunk, int len)
371{
372uschar *start = chunk;
373uschar *end = chunk + len;
374uschar *ptr;
375int mlen = DELIVER_OUT_BUFFER_SIZE - nl_escape_length - 2;
376
377/* The assumption is made that the check string will never stretch over move
378than one chunk since the only time there are partial matches is when copying
379the body in large buffers. There is always enough room in the buffer for an
380escape string, since the loop below ensures this for each character it
381processes, and it won't have stuck in the escape string if it left a partial
382match. */
383
384if (nl_partial_match >= 0)
385 {
386 if (nl_check_length > 0 && len >= nl_check_length &&
387 Ustrncmp(start, nl_check + nl_partial_match,
388 nl_check_length - nl_partial_match) == 0)
389 {
390 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
391 chunk_ptr += nl_escape_length;
392 start += nl_check_length - nl_partial_match;
393 }
394
395 /* The partial match was a false one. Insert the characters carried over
396 from the previous chunk. */
397
398 else if (nl_partial_match > 0)
399 {
400 Ustrncpy(chunk_ptr, nl_check, nl_partial_match);
401 chunk_ptr += nl_partial_match;
402 }
403
404 nl_partial_match = -1;
405 }
406
407/* Now process the characters in the chunk. Whenever we hit a newline we check
408for possible escaping. The code for the non-NL route should be as fast as
409possible. */
410
411for (ptr = start; ptr < end; ptr++)
412 {
413 int ch, len;
414
415 /* Flush the buffer if it has reached the threshold - we want to leave enough
416 room for the next uschar, plus a possible extra CR for an LF, plus the escape
417 string. */
418
419 /*XXX CHUNKING: probably want to increase DELIVER_OUT_BUFFER_SIZE */
420 if ((len = chunk_ptr - deliver_out_buffer) > mlen)
421 {
422 /* If CHUNKING, prefix with BDAT (size) NON-LAST. Also, reap responses
423 from previous SMTP commands. */
424
425 if (tctx && tctx->options & topt_use_bdat && tctx->chunk_cb)
426 if (tctx->chunk_cb(fd, tctx, (unsigned)len, tc_reap_prev|tc_reap_one) != OK)
427 return FALSE;
428
429 if (!transport_write_block(fd, deliver_out_buffer, len))
430 return FALSE;
431 chunk_ptr = deliver_out_buffer;
432 }
433
434 if ((ch = *ptr) == '\n')
435 {
436 int left = end - ptr - 1; /* count of chars left after NL */
437
438 /* Insert CR before NL if required */
439
440 if (tctx && tctx->options & topt_use_crlf) *chunk_ptr++ = '\r';
441 *chunk_ptr++ = '\n';
442 transport_newlines++;
443
444 /* The check_string test (formerly "from hack") replaces the specific
445 string at the start of a line with an escape string (e.g. "From " becomes
446 ">From " or "." becomes "..". It is a case-sensitive test. The length
447 check above ensures there is always enough room to insert this string. */
448
449 if (nl_check_length > 0)
450 {
451 if (left >= nl_check_length &&
452 Ustrncmp(ptr+1, nl_check, nl_check_length) == 0)
453 {
454 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
455 chunk_ptr += nl_escape_length;
456 ptr += nl_check_length;
457 }
458
459 /* Handle the case when there isn't enough left to match the whole
460 check string, but there may be a partial match. We remember how many
461 characters matched, and finish processing this chunk. */
462
463 else if (left <= 0) nl_partial_match = 0;
464
465 else if (Ustrncmp(ptr+1, nl_check, left) == 0)
466 {
467 nl_partial_match = left;
468 ptr = end;
469 }
470 }
471 }
472
473 /* Not a NL character */
474
475 else *chunk_ptr++ = ch;
476 }
477
478return TRUE;
479}
480
481
482
483
484/*************************************************
485* Generate address for RCPT TO *
486*************************************************/
487
488/* This function puts together an address for RCPT to, using the caseful
489version of the local part and the caseful version of the domain. If there is no
490prefix or suffix, or if affixes are to be retained, we can just use the
491original address. Otherwise, if there is a prefix but no suffix we can use a
492pointer into the original address. If there is a suffix, however, we have to
493build a new string.
494
495Arguments:
496 addr the address item
497 include_affixes TRUE if affixes are to be included
498
499Returns: a string
500*/
501
502uschar *
503transport_rcpt_address(address_item *addr, BOOL include_affixes)
504{
505uschar *at;
506int plen, slen;
507
508if (include_affixes)
509 {
510 setflag(addr, af_include_affixes); /* Affects logged => line */
511 return addr->address;
512 }
513
514if (addr->suffix == NULL)
515 {
516 if (addr->prefix == NULL) return addr->address;
517 return addr->address + Ustrlen(addr->prefix);
518 }
519
520at = Ustrrchr(addr->address, '@');
521plen = (addr->prefix == NULL)? 0 : Ustrlen(addr->prefix);
522slen = Ustrlen(addr->suffix);
523
524return string_sprintf("%.*s@%s", (at - addr->address - plen - slen),
525 addr->address + plen, at + 1);
526}
527
528
529/*************************************************
530* Output Envelope-To: address & scan duplicates *
531*************************************************/
532
533/* This function is called from internal_transport_write_message() below, when
534generating an Envelope-To: header line. It checks for duplicates of the given
535address and its ancestors. When one is found, this function calls itself
536recursively, to output the envelope address of the duplicate.
537
538We want to avoid duplication in the list, which can arise for example when
539A->B,C and then both B and C alias to D. This can also happen when there are
540unseen drivers in use. So a list of addresses that have been output is kept in
541the plist variable.
542
543It is also possible to have loops in the address ancestry/duplication graph,
544for example if there are two top level addresses A and B and we have A->B,C and
545B->A. To break the loop, we use a list of processed addresses in the dlist
546variable.
547
548After handling duplication, this function outputs the progenitor of the given
549address.
550
551Arguments:
552 p the address we are interested in
553 pplist address of anchor of the list of addresses not to output
554 pdlist address of anchor of the list of processed addresses
555 first TRUE if this is the first address; set it FALSE afterwards
556 fd the file descriptor to write to
557 tctx transport context - processing to be done during output
558
559Returns: FALSE if writing failed
560*/
561
562static BOOL
563write_env_to(address_item *p, struct aci **pplist, struct aci **pdlist,
564 BOOL *first, int fd, transport_ctx * tctx)
565{
566address_item *pp;
567struct aci *ppp;
568
569/* Do nothing if we have already handled this address. If not, remember it
570so that we don't handle it again. */
571
572for (ppp = *pdlist; ppp; ppp = ppp->next) if (p == ppp->ptr) return TRUE;
573
574ppp = store_get(sizeof(struct aci));
575ppp->next = *pdlist;
576*pdlist = ppp;
577ppp->ptr = p;
578
579/* Now scan up the ancestry, checking for duplicates at each generation. */
580
581for (pp = p;; pp = pp->parent)
582 {
583 address_item *dup;
584 for (dup = addr_duplicate; dup; dup = dup->next)
585 if (dup->dupof == pp) /* a dup of our address */
586 if (!write_env_to(dup, pplist, pdlist, first, fd, tctx))
587 return FALSE;
588 if (!pp->parent) break;
589 }
590
591/* Check to see if we have already output the progenitor. */
592
593for (ppp = *pplist; ppp; ppp = ppp->next) if (pp == ppp->ptr) break;
594if (ppp) return TRUE;
595
596/* Remember what we have output, and output it. */
597
598ppp = store_get(sizeof(struct aci));
599ppp->next = *pplist;
600*pplist = ppp;
601ppp->ptr = pp;
602
603if (!*first && !write_chunk(fd, tctx, US",\n ", 3)) return FALSE;
604*first = FALSE;
605return write_chunk(fd, tctx, pp->address, Ustrlen(pp->address));
606}
607
608
609
610
611/* Add/remove/rewwrite headers, and send them plus the empty-line sparator.
612
613Globals:
614 header_list
615
616Arguments:
617 addr (chain of) addresses (for extra headers), or NULL;
618 only the first address is used
619 fd file descriptor to write the message to
620 sendfn function for output (transport or verify)
621 wck_flags
622 use_crlf turn NL into CR LF
623 use_bdat callback before chunk flush
624 rewrite_rules chain of header rewriting rules
625 rewrite_existflags flags for the rewriting rules
626 chunk_cb transport callback function for data-chunk commands
627
628Returns: TRUE on success; FALSE on failure.
629*/
630BOOL
631transport_headers_send(int fd, transport_ctx * tctx,
632 BOOL (*sendfn)(int fd, transport_ctx * tctx, uschar * s, int len))
633{
634header_line *h;
635const uschar *list;
636transport_instance * tblock = tctx ? tctx->tblock : NULL;
637address_item * addr = tctx ? tctx->addr : NULL;
638
639/* Then the message's headers. Don't write any that are flagged as "old";
640that means they were rewritten, or are a record of envelope rewriting, or
641were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
642match any entries therein. It is a colon-sep list; expand the items
643separately and squash any empty ones.
644Then check addr->prop.remove_headers too, provided that addr is not NULL. */
645
646for (h = header_list; h; h = h->next) if (h->type != htype_old)
647 {
648 int i;
649 BOOL include_header = TRUE;
650
651 list = tblock ? tblock->remove_headers : NULL;
652 for (i = 0; i < 2; i++) /* For remove_headers && addr->prop.remove_headers */
653 {
654 if (list)
655 {
656 int sep = ':'; /* This is specified as a colon-separated list */
657 uschar *s, *ss;
658 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
659 {
660 int len;
661
662 if (i == 0)
663 if (!(s = expand_string(s)) && !expand_string_forcedfail)
664 {
665 errno = ERRNO_CHHEADER_FAIL;
666 return FALSE;
667 }
668 len = s ? Ustrlen(s) : 0;
669 if (strncmpic(h->text, s, len) != 0) continue;
670 ss = h->text + len;
671 while (*ss == ' ' || *ss == '\t') ss++;
672 if (*ss == ':') break;
673 }
674 if (s) { include_header = FALSE; break; }
675 }
676 if (addr) list = addr->prop.remove_headers;
677 }
678
679 /* If this header is to be output, try to rewrite it if there are rewriting
680 rules. */
681
682 if (include_header)
683 {
684 if (tblock && tblock->rewrite_rules)
685 {
686 void *reset_point = store_get(0);
687 header_line *hh;
688
689 if ((hh = rewrite_header(h, NULL, NULL, tblock->rewrite_rules,
690 tblock->rewrite_existflags, FALSE)))
691 {
692 if (!sendfn(fd, tctx, hh->text, hh->slen)) return FALSE;
693 store_reset(reset_point);
694 continue; /* With the next header line */
695 }
696 }
697
698 /* Either no rewriting rules, or it didn't get rewritten */
699
700 if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE;
701 }
702
703 /* Header removed */
704
705 else
706 {
707 DEBUG(D_transport) debug_printf("removed header line:\n%s---\n", h->text);
708 }
709 }
710
711/* Add on any address-specific headers. If there are multiple addresses,
712they will all have the same headers in order to be batched. The headers
713are chained in reverse order of adding (so several addresses from the
714same alias might share some of them) but we want to output them in the
715opposite order. This is a bit tedious, but there shouldn't be very many
716of them. We just walk the list twice, reversing the pointers each time,
717but on the second time, write out the items.
718
719Headers added to an address by a router are guaranteed to end with a newline.
720*/
721
722if (addr)
723 {
724 int i;
725 header_line *hprev = addr->prop.extra_headers;
726 header_line *hnext;
727 for (i = 0; i < 2; i++)
728 for (h = hprev, hprev = NULL; h; h = hnext)
729 {
730 hnext = h->next;
731 h->next = hprev;
732 hprev = h;
733 if (i == 1)
734 {
735 if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE;
736 DEBUG(D_transport)
737 debug_printf("added header line(s):\n%s---\n", h->text);
738 }
739 }
740 }
741
742/* If a string containing additional headers exists it is a newline-sep
743list. Expand each item and write out the result. This is done last so that
744if it (deliberately or accidentally) isn't in header format, it won't mess
745up any other headers. An empty string or a forced expansion failure are
746noops. An added header string from a transport may not end with a newline;
747add one if it does not. */
748
749if (tblock && (list = CUS tblock->add_headers))
750 {
751 int sep = '\n';
752 uschar * s;
753
754 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
755 if ((s = expand_string(s)))
756 {
757 int len = Ustrlen(s);
758 if (len > 0)
759 {
760 if (!sendfn(fd, tctx, s, len)) return FALSE;
761 if (s[len-1] != '\n' && !sendfn(fd, tctx, US"\n", 1))
762 return FALSE;
763 DEBUG(D_transport)
764 {
765 debug_printf("added header line:\n%s", s);
766 if (s[len-1] != '\n') debug_printf("\n");
767 debug_printf("---\n");
768 }
769 }
770 }
771 else if (!expand_string_forcedfail)
772 { errno = ERRNO_CHHEADER_FAIL; return FALSE; }
773 }
774
775/* Separate headers from body with a blank line */
776
777return sendfn(fd, tctx, US"\n", 1);
778}
779
780
781/*************************************************
782* Write the message *
783*************************************************/
784
785/* This function writes the message to the given file descriptor. The headers
786are in the in-store data structure, and the rest of the message is in the open
787file descriptor deliver_datafile. Make sure we start it at the beginning.
788
789. If add_return_path is TRUE, a "return-path:" header is added to the message,
790 containing the envelope sender's address.
791
792. If add_envelope_to is TRUE, a "envelope-to:" header is added to the message,
793 giving the top-level envelope address that caused this delivery to happen.
794
795. If add_delivery_date is TRUE, a "delivery-date:" header is added to the
796 message. It gives the time and date that delivery took place.
797
798. If check_string is not null, the start of each line is checked for that
799 string. If it is found, it is replaced by escape_string. This used to be
800 the "from hack" for files, and "smtp_dots" for escaping SMTP dots.
801
802. If use_crlf is true, newlines are turned into CRLF (SMTP output).
803
804The yield is TRUE if all went well, and FALSE if not. Exit *immediately* after
805any writing or reading error, leaving the code in errno intact. Error exits
806can include timeouts for certain transports, which are requested by setting
807transport_write_timeout non-zero.
808
809Arguments:
810 fd file descriptor to write the message to
811 tctx
812 addr (chain of) addresses (for extra headers), or NULL;
813 only the first address is used
814 tblock optional transport instance block (NULL signifies NULL/0):
815 add_headers a string containing one or more headers to add; it is
816 expanded, and must be in correct RFC 822 format as
817 it is transmitted verbatim; NULL => no additions,
818 and so does empty string or forced expansion fail
819 remove_headers a colon-separated list of headers to remove, or NULL
820 rewrite_rules chain of header rewriting rules
821 rewrite_existflags flags for the rewriting rules
822 options bit-wise options:
823 add_return_path if TRUE, add a "return-path" header
824 add_envelope_to if TRUE, add a "envelope-to" header
825 add_delivery_date if TRUE, add a "delivery-date" header
826 use_crlf if TRUE, turn NL into CR LF
827 end_dot if TRUE, send a terminating "." line at the end
828 no_headers if TRUE, omit the headers
829 no_body if TRUE, omit the body
830 size_limit if > 0, this is a limit to the size of message written;
831 it is used when returning messages to their senders,
832 and is approximate rather than exact, owing to chunk
833 buffering
834 check_string a string to check for at the start of lines, or NULL
835 escape_string a string to insert in front of any check string
836
837Returns: TRUE on success; FALSE (with errno) on failure.
838 In addition, the global variable transport_count
839 is incremented by the number of bytes written.
840*/
841
842static BOOL
843internal_transport_write_message(int fd, transport_ctx * tctx, int size_limit)
844{
845int len;
846
847/* Initialize pointer in output buffer. */
848
849chunk_ptr = deliver_out_buffer;
850
851/* Set up the data for start-of-line data checking and escaping */
852
853nl_partial_match = -1;
854if (tctx->check_string && tctx->escape_string)
855 {
856 nl_check = tctx->check_string;
857 nl_check_length = Ustrlen(nl_check);
858 nl_escape = tctx->escape_string;
859 nl_escape_length = Ustrlen(nl_escape);
860 }
861else
862 nl_check_length = nl_escape_length = 0;
863
864/* Whether the escaping mechanism is applied to headers or not is controlled by
865an option (set for SMTP, not otherwise). Negate the length if not wanted till
866after the headers. */
867
868if (!(tctx->options & topt_escape_headers))
869 nl_check_length = -nl_check_length;
870
871/* Write the headers if required, including any that have to be added. If there
872are header rewriting rules, apply them. */
873
874if (!(tctx->options & topt_no_headers))
875 {
876 /* Add return-path: if requested. */
877
878 if (tctx->options & topt_add_return_path)
879 {
880 uschar buffer[ADDRESS_MAXLENGTH + 20];
881 int n = sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH,
882 return_path);
883 if (!write_chunk(fd, tctx, buffer, n)) return FALSE;
884 }
885
886 /* Add envelope-to: if requested */
887
888 if (tctx->options & topt_add_envelope_to)
889 {
890 BOOL first = TRUE;
891 address_item *p;
892 struct aci *plist = NULL;
893 struct aci *dlist = NULL;
894 void *reset_point = store_get(0);
895
896 if (!write_chunk(fd, tctx, US"Envelope-to: ", 13)) return FALSE;
897
898 /* Pick up from all the addresses. The plist and dlist variables are
899 anchors for lists of addresses already handled; they have to be defined at
900 this level becuase write_env_to() calls itself recursively. */
901
902 for (p = tctx->addr; p; p = p->next)
903 if (!write_env_to(p, &plist, &dlist, &first, fd, tctx))
904 return FALSE;
905
906 /* Add a final newline and reset the store used for tracking duplicates */
907
908 if (!write_chunk(fd, tctx, US"\n", 1)) return FALSE;
909 store_reset(reset_point);
910 }
911
912 /* Add delivery-date: if requested. */
913
914 if (tctx->options & topt_add_delivery_date)
915 {
916 uschar buffer[100];
917 int n = sprintf(CS buffer, "Delivery-date: %s\n", tod_stamp(tod_full));
918 if (!write_chunk(fd, tctx, buffer, n)) return FALSE;
919 }
920
921 /* Then the message's headers. Don't write any that are flagged as "old";
922 that means they were rewritten, or are a record of envelope rewriting, or
923 were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
924 match any entries therein. Then check addr->prop.remove_headers too, provided that
925 addr is not NULL. */
926
927 if (!transport_headers_send(fd, tctx, &write_chunk))
928 return FALSE;
929 }
930
931/* When doing RFC3030 CHUNKING output, work out how much data will be in the
932last BDAT, consisting of the current write_chunk() output buffer fill
933(optimally, all of the headers - but it does not matter if we already had to
934flush that buffer with non-last BDAT prependix) plus the amount of body data
935(as expanded for CRLF lines). Then create and write the BDAT, and ensure
936that further use of write_chunk() will not prepend BDATs.
937The first BDAT written will also first flush any outstanding MAIL and RCPT
938commands which were buffered thans to PIPELINING.
939Commands go out (using a send()) from a different buffer to data (using a
940write()). They might not end up in the same TCP segment, which is
941suboptimal. */
942
943if (tctx->options & topt_use_bdat)
944 {
945 off_t fsize;
946 int hsize, size;
947
948 if ((hsize = chunk_ptr - deliver_out_buffer) < 0)
949 hsize = 0;
950 if (!(tctx->options & topt_no_body))
951 {
952 if ((fsize = lseek(deliver_datafile, 0, SEEK_END)) < 0) return FALSE;
953 fsize -= SPOOL_DATA_START_OFFSET;
954 if (size_limit > 0 && fsize > size_limit)
955 fsize = size_limit;
956 size = hsize + fsize;
957 if (tctx->options & topt_use_crlf)
958 size += body_linecount; /* account for CRLF-expansion */
959 }
960
961 /* If the message is large, emit first a non-LAST chunk with just the
962 headers, and reap the command responses. This lets us error out early
963 on RCPT rejects rather than sending megabytes of data. Include headers
964 on the assumption they are cheap enough and some clever implementations
965 might errorcheck them too, on-the-fly, and reject that chunk. */
966
967 if (size > DELIVER_OUT_BUFFER_SIZE && hsize > 0)
968 {
969 if ( tctx->chunk_cb(fd, tctx, hsize, 0) != OK
970 || !transport_write_block(fd, deliver_out_buffer, hsize)
971 || tctx->chunk_cb(fd, tctx, 0, tc_reap_prev) != OK
972 )
973 return FALSE;
974 chunk_ptr = deliver_out_buffer;
975 size -= hsize;
976 }
977
978 /* Emit a LAST datachunk command. */
979
980 if (tctx->chunk_cb(fd, tctx, size, tc_chunk_last) != OK)
981 return FALSE;
982
983 tctx->options &= ~topt_use_bdat;
984 }
985
986/* If the body is required, ensure that the data for check strings (formerly
987the "from hack") is enabled by negating the length if necessary. (It will be
988negative in cases where it isn't to apply to the headers). Then ensure the body
989is positioned at the start of its file (following the message id), then write
990it, applying the size limit if required. */
991
992if (!(tctx->options & topt_no_body))
993 {
994 int size = size_limit;
995
996 nl_check_length = abs(nl_check_length);
997 nl_partial_match = 0;
998 if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
999 return FALSE;
1000 while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0
1001 && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
1002 {
1003 if (!write_chunk(fd, tctx, deliver_in_buffer, len))
1004 return FALSE;
1005 size -= len;
1006 }
1007
1008 /* A read error on the body will have left len == -1 and errno set. */
1009
1010 if (len != 0) return FALSE;
1011 }
1012
1013/* Finished with the check string */
1014
1015nl_check_length = nl_escape_length = 0;
1016
1017/* If requested, add a terminating "." line (SMTP output). */
1018
1019if (tctx->options & topt_end_dot && !write_chunk(fd, tctx, US".\n", 2))
1020 return FALSE;
1021
1022/* Write out any remaining data in the buffer before returning. */
1023
1024return (len = chunk_ptr - deliver_out_buffer) <= 0 ||
1025 transport_write_block(fd, deliver_out_buffer, len);
1026}
1027
1028
1029#ifndef DISABLE_DKIM
1030
1031/***************************************************************************************************
1032* External interface to write the message, while signing it with DKIM and/or Domainkeys *
1033***************************************************************************************************/
1034
1035/* This function is a wrapper around transport_write_message().
1036 It is only called from the smtp transport if DKIM or Domainkeys support
1037 is compiled in. The function sets up a replacement fd into a -K file,
1038 then calls the normal function. This way, the exact bits that exim would
1039 have put "on the wire" will end up in the file (except for TLS
1040 encapsulation, which is the very very last thing). When we are done
1041 signing the file, send the signed message down the original fd (or TLS fd).
1042
1043Arguments:
1044 as for internal_transport_write_message() above, with additional arguments
1045 for DKIM.
1046
1047Returns: TRUE on success; FALSE (with errno) for any failure
1048*/
1049
1050BOOL
1051dkim_transport_write_message(int out_fd, transport_ctx * tctx,
1052 struct ob_dkim * dkim)
1053{
1054int dkim_fd;
1055int save_errno = 0;
1056BOOL rc;
1057uschar * dkim_spool_name;
1058int sread = 0;
1059int wwritten = 0;
1060uschar *dkim_signature = NULL;
1061int siglen;
1062off_t k_file_size;
1063
1064/* If we can't sign, just call the original function. */
1065
1066if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
1067 return transport_write_message(out_fd, tctx, 0);
1068
1069dkim_spool_name = spool_fname(US"input", message_subdir, message_id,
1070 string_sprintf("-%d-K", (int)getpid()));
1071
1072if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0)
1073 {
1074 /* Can't create spool file. Ugh. */
1075 rc = FALSE;
1076 save_errno = errno;
1077 goto CLEANUP;
1078 }
1079
1080/* Call original function to write the -K file; does the CRLF expansion */
1081
1082tctx->options &= ~topt_use_bdat;
1083rc = transport_write_message(dkim_fd, tctx, 0);
1084
1085/* Save error state. We must clean up before returning. */
1086if (!rc)
1087 {
1088 save_errno = errno;
1089 goto CLEANUP;
1090 }
1091
1092if (dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
1093 {
1094 /* Rewind file and feed it to the goats^W DKIM lib */
1095 lseek(dkim_fd, 0, SEEK_SET);
1096 dkim_signature = dkim_exim_sign(dkim_fd,
1097 dkim->dkim_private_key,
1098 dkim->dkim_domain,
1099 dkim->dkim_selector,
1100 dkim->dkim_canon,
1101 dkim->dkim_sign_headers);
1102 if (!dkim_signature)
1103 {
1104 if (dkim->dkim_strict)
1105 {
1106 uschar *dkim_strict_result = expand_string(dkim->dkim_strict);
1107 if (dkim_strict_result)
1108 if ( (strcmpic(dkim->dkim_strict,US"1") == 0) ||
1109 (strcmpic(dkim->dkim_strict,US"true") == 0) )
1110 {
1111 /* Set errno to something halfway meaningful */
1112 save_errno = EACCES;
1113 log_write(0, LOG_MAIN, "DKIM: message could not be signed,"
1114 " and dkim_strict is set. Deferring message delivery.");
1115 rc = FALSE;
1116 goto CLEANUP;
1117 }
1118 }
1119 }
1120
1121 siglen = 0;
1122 }
1123
1124if (dkim_signature)
1125 {
1126 siglen = Ustrlen(dkim_signature);
1127 while(siglen > 0)
1128 {
1129#ifdef SUPPORT_TLS
1130 wwritten = tls_out.active == out_fd
1131 ? tls_write(FALSE, dkim_signature, siglen)
1132 : write(out_fd, dkim_signature, siglen);
1133#else
1134 wwritten = write(out_fd, dkim_signature, siglen);
1135#endif
1136 if (wwritten == -1)
1137 {
1138 /* error, bail out */
1139 save_errno = errno;
1140 rc = FALSE;
1141 goto CLEANUP;
1142 }
1143 siglen -= wwritten;
1144 dkim_signature += wwritten;
1145 }
1146 }
1147
1148#ifdef HAVE_LINUX_SENDFILE
1149/* We can use sendfile() to shove the file contents
1150 to the socket. However only if we don't use TLS,
1151 as then there's another layer of indirection
1152 before the data finally hits the socket. */
1153if (tls_out.active != out_fd)
1154 {
1155 ssize_t copied = 0;
1156 off_t offset = 0;
1157
1158 k_file_size = lseek(dkim_fd, 0, SEEK_END); /* Fetch file size */
1159
1160 /* Rewind file */
1161 lseek(dkim_fd, 0, SEEK_SET);
1162
1163 while(copied >= 0 && offset < k_file_size)
1164 copied = sendfile(out_fd, dkim_fd, &offset, k_file_size - offset);
1165 if (copied < 0)
1166 {
1167 save_errno = errno;
1168 rc = FALSE;
1169 }
1170 }
1171else
1172
1173#endif
1174
1175 {
1176 /* Rewind file */
1177 lseek(dkim_fd, 0, SEEK_SET);
1178
1179 /* Send file down the original fd */
1180 while((sread = read(dkim_fd, deliver_out_buffer, DELIVER_OUT_BUFFER_SIZE)) >0)
1181 {
1182 char *p = deliver_out_buffer;
1183 /* write the chunk */
1184
1185 while (sread)
1186 {
1187#ifdef SUPPORT_TLS
1188 wwritten = tls_out.active == out_fd
1189 ? tls_write(FALSE, US p, sread)
1190 : write(out_fd, p, sread);
1191#else
1192 wwritten = write(out_fd, p, sread);
1193#endif
1194 if (wwritten == -1)
1195 {
1196 /* error, bail out */
1197 save_errno = errno;
1198 rc = FALSE;
1199 goto CLEANUP;
1200 }
1201 p += wwritten;
1202 sread -= wwritten;
1203 }
1204 }
1205
1206 if (sread == -1)
1207 {
1208 save_errno = errno;
1209 rc = FALSE;
1210 }
1211 }
1212
1213CLEANUP:
1214/* unlink -K file */
1215(void)close(dkim_fd);
1216Uunlink(dkim_spool_name);
1217errno = save_errno;
1218return rc;
1219}
1220
1221#endif
1222
1223
1224
1225/*************************************************
1226* External interface to write the message *
1227*************************************************/
1228
1229/* If there is no filtering required, call the internal function above to do
1230the real work, passing over all the arguments from this function. Otherwise,
1231set up a filtering process, fork another process to call the internal function
1232to write to the filter, and in this process just suck from the filter and write
1233down the given fd. At the end, tidy up the pipes and the processes.
1234
1235XXX
1236Arguments: as for internal_transport_write_message() above
1237
1238Returns: TRUE on success; FALSE (with errno) for any failure
1239 transport_count is incremented by the number of bytes written
1240*/
1241
1242BOOL
1243transport_write_message(int fd, transport_ctx * tctx, int size_limit)
1244{
1245unsigned wck_flags;
1246BOOL last_filter_was_NL = TRUE;
1247int rc, len, yield, fd_read, fd_write, save_errno;
1248int pfd[2] = {-1, -1};
1249pid_t filter_pid, write_pid;
1250static transport_ctx dummy_tctx = {0};
1251
1252if (!tctx) tctx = &dummy_tctx;
1253
1254transport_filter_timed_out = FALSE;
1255
1256/* If there is no filter command set up, call the internal function that does
1257the actual work, passing it the incoming fd, and return its result. */
1258
1259if ( !transport_filter_argv
1260 || !*transport_filter_argv
1261 || !**transport_filter_argv
1262 )
1263 return internal_transport_write_message(fd, tctx, size_limit);
1264
1265/* Otherwise the message must be written to a filter process and read back
1266before being written to the incoming fd. First set up the special processing to
1267be done during the copying. */
1268
1269wck_flags = tctx->options & topt_use_crlf;
1270nl_partial_match = -1;
1271
1272if (tctx->check_string && tctx->escape_string)
1273 {
1274 nl_check = tctx->check_string;
1275 nl_check_length = Ustrlen(nl_check);
1276 nl_escape = tctx->escape_string;
1277 nl_escape_length = Ustrlen(nl_escape);
1278 }
1279else nl_check_length = nl_escape_length = 0;
1280
1281/* Start up a subprocess to run the command. Ensure that our main fd will
1282be closed when the subprocess execs, but remove the flag afterwards.
1283(Otherwise, if this is a TCP/IP socket, it can't get passed on to another
1284process to deliver another message.) We get back stdin/stdout file descriptors.
1285If the process creation failed, give an error return. */
1286
1287fd_read = -1;
1288fd_write = -1;
1289save_errno = 0;
1290yield = FALSE;
1291write_pid = (pid_t)(-1);
1292
1293(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
1294filter_pid = child_open(USS transport_filter_argv, NULL, 077,
1295 &fd_write, &fd_read, FALSE);
1296(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) & ~FD_CLOEXEC);
1297if (filter_pid < 0) goto TIDY_UP; /* errno set */
1298
1299DEBUG(D_transport)
1300 debug_printf("process %d running as transport filter: fd_write=%d fd_read=%d\n",
1301 (int)filter_pid, fd_write, fd_read);
1302
1303/* Fork subprocess to write the message to the filter, and return the result
1304via a(nother) pipe. While writing to the filter, we do not do the CRLF,
1305smtp dots, or check string processing. */
1306
1307if (pipe(pfd) != 0) goto TIDY_UP; /* errno set */
1308if ((write_pid = fork()) == 0)
1309 {
1310 BOOL rc;
1311 (void)close(fd_read);
1312 (void)close(pfd[pipe_read]);
1313 nl_check_length = nl_escape_length = 0;
1314
1315 tctx->check_string = tctx->escape_string = NULL;
1316 tctx->options &= ~(topt_use_crlf | topt_end_dot | topt_use_bdat);
1317
1318 rc = internal_transport_write_message(fd_write, tctx, size_limit);
1319
1320 save_errno = errno;
1321 if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL))
1322 != sizeof(BOOL)
1323 || write(pfd[pipe_write], (void *)&save_errno, sizeof(int))
1324 != sizeof(int)
1325 || write(pfd[pipe_write], (void *)&tctx->addr->more_errno, sizeof(int))
1326 != sizeof(int)
1327 )
1328 rc = FALSE; /* compiler quietening */
1329 _exit(0);
1330 }
1331save_errno = errno;
1332
1333/* Parent process: close our copy of the writing subprocess' pipes. */
1334
1335(void)close(pfd[pipe_write]);
1336(void)close(fd_write);
1337fd_write = -1;
1338
1339/* Writing process creation failed */
1340
1341if (write_pid < 0)
1342 {
1343 errno = save_errno; /* restore */
1344 goto TIDY_UP;
1345 }
1346
1347/* When testing, let the subprocess get going */
1348
1349if (running_in_test_harness) millisleep(250);
1350
1351DEBUG(D_transport)
1352 debug_printf("process %d writing to transport filter\n", (int)write_pid);
1353
1354/* Copy the message from the filter to the output fd. A read error leaves len
1355== -1 and errno set. We need to apply a timeout to the read, to cope with
1356the case when the filter gets stuck, but it can be quite a long one. The
1357default is 5m, but this is now configurable. */
1358
1359DEBUG(D_transport) debug_printf("copying from the filter\n");
1360
1361/* Copy the output of the filter, remembering if the last character was NL. If
1362no data is returned, that counts as "ended with NL" (default setting of the
1363variable is TRUE). */
1364
1365chunk_ptr = deliver_out_buffer;
1366
1367for (;;)
1368 {
1369 sigalrm_seen = FALSE;
1370 alarm(transport_filter_timeout);
1371 len = read(fd_read, deliver_in_buffer, DELIVER_IN_BUFFER_SIZE);
1372 alarm(0);
1373 if (sigalrm_seen)
1374 {
1375 errno = ETIMEDOUT;
1376 transport_filter_timed_out = TRUE;
1377 goto TIDY_UP;
1378 }
1379
1380 /* If the read was successful, write the block down the original fd,
1381 remembering whether it ends in \n or not. */
1382
1383 if (len > 0)
1384 {
1385 if (!write_chunk(fd, tctx, deliver_in_buffer, len)) goto TIDY_UP;
1386 last_filter_was_NL = (deliver_in_buffer[len-1] == '\n');
1387 }
1388
1389 /* Otherwise, break the loop. If we have hit EOF, set yield = TRUE. */
1390
1391 else
1392 {
1393 if (len == 0) yield = TRUE;
1394 break;
1395 }
1396 }
1397
1398/* Tidying up code. If yield = FALSE there has been an error and errno is set
1399to something. Ensure the pipes are all closed and the processes are removed. If
1400there has been an error, kill the processes before waiting for them, just to be
1401sure. Also apply a paranoia timeout. */
1402
1403TIDY_UP:
1404save_errno = errno;
1405
1406(void)close(fd_read);
1407if (fd_write > 0) (void)close(fd_write);
1408
1409if (!yield)
1410 {
1411 if (filter_pid > 0) kill(filter_pid, SIGKILL);
1412 if (write_pid > 0) kill(write_pid, SIGKILL);
1413 }
1414
1415/* Wait for the filter process to complete. */
1416
1417DEBUG(D_transport) debug_printf("waiting for filter process\n");
1418if (filter_pid > 0 && (rc = child_close(filter_pid, 30)) != 0 && yield)
1419 {
1420 yield = FALSE;
1421 save_errno = ERRNO_FILTER_FAIL;
1422 tctx->addr->more_errno = rc;
1423 DEBUG(D_transport) debug_printf("filter process returned %d\n", rc);
1424 }
1425
1426/* Wait for the writing process to complete. If it ends successfully,
1427read the results from its pipe, provided we haven't already had a filter
1428process failure. */
1429
1430DEBUG(D_transport) debug_printf("waiting for writing process\n");
1431if (write_pid > 0)
1432 {
1433 rc = child_close(write_pid, 30);
1434 if (yield)
1435 {
1436 if (rc == 0)
1437 {
1438 BOOL ok;
1439 int dummy = read(pfd[pipe_read], (void *)&ok, sizeof(BOOL));
1440 if (!ok)
1441 {
1442 dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
1443 dummy = read(pfd[pipe_read], (void *)&(tctx->addr->more_errno), sizeof(int));
1444 yield = FALSE;
1445 }
1446 }
1447 else
1448 {
1449 yield = FALSE;
1450 save_errno = ERRNO_FILTER_FAIL;
1451 tctx->addr->more_errno = rc;
1452 DEBUG(D_transport) debug_printf("writing process returned %d\n", rc);
1453 }
1454 }
1455 }
1456(void)close(pfd[pipe_read]);
1457
1458/* If there have been no problems we can now add the terminating "." if this is
1459SMTP output, turning off escaping beforehand. If the last character from the
1460filter was not NL, insert a NL to make the SMTP protocol work. */
1461
1462if (yield)
1463 {
1464 nl_check_length = nl_escape_length = 0;
1465 if ( tctx->options & topt_end_dot
1466 && ( last_filter_was_NL
1467 ? !write_chunk(fd, tctx, US".\n", 2)
1468 : !write_chunk(fd, tctx, US"\n.\n", 3)
1469 ) )
1470 yield = FALSE;
1471
1472 /* Write out any remaining data in the buffer. */
1473
1474 else
1475 yield = (len = chunk_ptr - deliver_out_buffer) <= 0
1476 || transport_write_block(fd, deliver_out_buffer, len);
1477 }
1478else
1479 errno = save_errno; /* From some earlier error */
1480
1481DEBUG(D_transport)
1482 {
1483 debug_printf("end of filtering transport writing: yield=%d\n", yield);
1484 if (!yield)
1485 debug_printf("errno=%d more_errno=%d\n", errno, tctx->addr->more_errno);
1486 }
1487
1488return yield;
1489}
1490
1491
1492
1493
1494
1495/*************************************************
1496* Update waiting database *
1497*************************************************/
1498
1499/* This is called when an address is deferred by remote transports that are
1500capable of sending more than one message over one connection. A database is
1501maintained for each transport, keeping track of which messages are waiting for
1502which hosts. The transport can then consult this when eventually a successful
1503delivery happens, and if it finds that another message is waiting for the same
1504host, it can fire up a new process to deal with it using the same connection.
1505
1506The database records are keyed by host name. They can get full if there are
1507lots of messages waiting, and so there is a continuation mechanism for them.
1508
1509Each record contains a list of message ids, packed end to end without any
1510zeros. Each one is MESSAGE_ID_LENGTH bytes long. The count field says how many
1511in this record, and the sequence field says if there are any other records for
1512this host. If the sequence field is 0, there are none. If it is 1, then another
1513record with the name <hostname>:0 exists; if it is 2, then two other records
1514with sequence numbers 0 and 1 exist, and so on.
1515
1516Currently, an exhaustive search of all continuation records has to be done to
1517determine whether to add a message id to a given record. This shouldn't be
1518too bad except in extreme cases. I can't figure out a *simple* way of doing
1519better.
1520
1521Old records should eventually get swept up by the exim_tidydb utility.
1522
1523Arguments:
1524 hostlist list of hosts that this message could be sent to
1525 tpname name of the transport
1526
1527Returns: nothing
1528*/
1529
1530void
1531transport_update_waiting(host_item *hostlist, uschar *tpname)
1532{
1533uschar buffer[256];
1534const uschar *prevname = US"";
1535host_item *host;
1536open_db dbblock;
1537open_db *dbm_file;
1538
1539DEBUG(D_transport) debug_printf("updating wait-%s database\n", tpname);
1540
1541/* Open the database for this transport */
1542
1543sprintf(CS buffer, "wait-%.200s", tpname);
1544dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1545if (dbm_file == NULL) return;
1546
1547/* Scan the list of hosts for which this message is waiting, and ensure
1548that the message id is in each host record. */
1549
1550for (host = hostlist; host!= NULL; host = host->next)
1551 {
1552 BOOL already = FALSE;
1553 dbdata_wait *host_record;
1554 uschar *s;
1555 int i, host_length;
1556
1557 /* Skip if this is the same host as we just processed; otherwise remember
1558 the name for next time. */
1559
1560 if (Ustrcmp(prevname, host->name) == 0) continue;
1561 prevname = host->name;
1562
1563 /* Look up the host record; if there isn't one, make an empty one. */
1564
1565 host_record = dbfn_read(dbm_file, host->name);
1566 if (host_record == NULL)
1567 {
1568 host_record = store_get(sizeof(dbdata_wait) + MESSAGE_ID_LENGTH);
1569 host_record->count = host_record->sequence = 0;
1570 }
1571
1572 /* Compute the current length */
1573
1574 host_length = host_record->count * MESSAGE_ID_LENGTH;
1575
1576 /* Search the record to see if the current message is already in it. */
1577
1578 for (s = host_record->text; s < host_record->text + host_length;
1579 s += MESSAGE_ID_LENGTH)
1580 {
1581 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1582 { already = TRUE; break; }
1583 }
1584
1585 /* If we haven't found this message in the main record, search any
1586 continuation records that exist. */
1587
1588 for (i = host_record->sequence - 1; i >= 0 && !already; i--)
1589 {
1590 dbdata_wait *cont;
1591 sprintf(CS buffer, "%.200s:%d", host->name, i);
1592 cont = dbfn_read(dbm_file, buffer);
1593 if (cont != NULL)
1594 {
1595 int clen = cont->count * MESSAGE_ID_LENGTH;
1596 for (s = cont->text; s < cont->text + clen; s += MESSAGE_ID_LENGTH)
1597 {
1598 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1599 { already = TRUE; break; }
1600 }
1601 }
1602 }
1603
1604 /* If this message is already in a record, no need to update. */
1605
1606 if (already)
1607 {
1608 DEBUG(D_transport) debug_printf("already listed for %s\n", host->name);
1609 continue;
1610 }
1611
1612
1613 /* If this record is full, write it out with a new name constructed
1614 from the sequence number, increase the sequence number, and empty
1615 the record. */
1616
1617 if (host_record->count >= WAIT_NAME_MAX)
1618 {
1619 sprintf(CS buffer, "%.200s:%d", host->name, host_record->sequence);
1620 dbfn_write(dbm_file, buffer, host_record, sizeof(dbdata_wait) + host_length);
1621 host_record->sequence++;
1622 host_record->count = 0;
1623 host_length = 0;
1624 }
1625
1626 /* If this record is not full, increase the size of the record to
1627 allow for one new message id. */
1628
1629 else
1630 {
1631 dbdata_wait *newr =
1632 store_get(sizeof(dbdata_wait) + host_length + MESSAGE_ID_LENGTH);
1633 memcpy(newr, host_record, sizeof(dbdata_wait) + host_length);
1634 host_record = newr;
1635 }
1636
1637 /* Now add the new name on the end */
1638
1639 memcpy(host_record->text + host_length, message_id, MESSAGE_ID_LENGTH);
1640 host_record->count++;
1641 host_length += MESSAGE_ID_LENGTH;
1642
1643 /* Update the database */
1644
1645 dbfn_write(dbm_file, host->name, host_record, sizeof(dbdata_wait) + host_length);
1646 DEBUG(D_transport) debug_printf("added to list for %s\n", host->name);
1647 }
1648
1649/* All now done */
1650
1651dbfn_close(dbm_file);
1652}
1653
1654
1655
1656
1657/*************************************************
1658* Test for waiting messages *
1659*************************************************/
1660
1661/* This function is called by a remote transport which uses the previous
1662function to remember which messages are waiting for which remote hosts. It's
1663called after a successful delivery and its job is to check whether there is
1664another message waiting for the same host. However, it doesn't do this if the
1665current continue sequence is greater than the maximum supplied as an argument,
1666or greater than the global connection_max_messages, which, if set, overrides.
1667
1668Arguments:
1669 transport_name name of the transport
1670 hostname name of the host
1671 local_message_max maximum number of messages down one connection
1672 as set by the caller transport
1673 new_message_id set to the message id of a waiting message
1674 more set TRUE if there are yet more messages waiting
1675 oicf_func function to call to validate if it is ok to send
1676 to this message_id from the current instance.
1677 oicf_data opaque data for oicf_func
1678
1679Returns: TRUE if new_message_id set; FALSE otherwise
1680*/
1681
1682typedef struct msgq_s
1683{
1684 uschar message_id [MESSAGE_ID_LENGTH + 1];
1685 BOOL bKeep;
1686} msgq_t;
1687
1688BOOL
1689transport_check_waiting(const uschar *transport_name, const uschar *hostname,
1690 int local_message_max, uschar *new_message_id, BOOL *more, oicf oicf_func, void *oicf_data)
1691{
1692dbdata_wait *host_record;
1693int host_length;
1694open_db dbblock;
1695open_db *dbm_file;
1696uschar buffer[256];
1697
1698int i;
1699struct stat statbuf;
1700
1701*more = FALSE;
1702
1703DEBUG(D_transport)
1704 {
1705 debug_printf("transport_check_waiting entered\n");
1706 debug_printf(" sequence=%d local_max=%d global_max=%d\n",
1707 continue_sequence, local_message_max, connection_max_messages);
1708 }
1709
1710/* Do nothing if we have hit the maximum number that can be send down one
1711connection. */
1712
1713if (connection_max_messages >= 0) local_message_max = connection_max_messages;
1714if (local_message_max > 0 && continue_sequence >= local_message_max)
1715 {
1716 DEBUG(D_transport)
1717 debug_printf("max messages for one connection reached: returning\n");
1718 return FALSE;
1719 }
1720
1721/* Open the waiting information database. */
1722
1723sprintf(CS buffer, "wait-%.200s", transport_name);
1724dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1725if (dbm_file == NULL) return FALSE;
1726
1727/* See if there is a record for this host; if not, there's nothing to do. */
1728
1729if (!(host_record = dbfn_read(dbm_file, hostname)))
1730 {
1731 dbfn_close(dbm_file);
1732 DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname);
1733 return FALSE;
1734 }
1735
1736/* If the data in the record looks corrupt, just log something and
1737don't try to use it. */
1738
1739if (host_record->count > WAIT_NAME_MAX)
1740 {
1741 dbfn_close(dbm_file);
1742 log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad "
1743 "count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX);
1744 return FALSE;
1745 }
1746
1747/* Scan the message ids in the record from the end towards the beginning,
1748until one is found for which a spool file actually exists. If the record gets
1749emptied, delete it and continue with any continuation records that may exist.
1750*/
1751
1752/* For Bug 1141, I refactored this major portion of the routine, it is risky
1753but the 1 off will remain without it. This code now allows me to SKIP over
1754a message I do not want to send out on this run. */
1755
1756host_length = host_record->count * MESSAGE_ID_LENGTH;
1757
1758while (1)
1759 {
1760 msgq_t *msgq;
1761 int msgq_count = 0;
1762 int msgq_actual = 0;
1763 BOOL bFound = FALSE;
1764 BOOL bContinuation = FALSE;
1765
1766 /* create an array to read entire message queue into memory for processing */
1767
1768 msgq = (msgq_t*) malloc(sizeof(msgq_t) * host_record->count);
1769 msgq_count = host_record->count;
1770 msgq_actual = msgq_count;
1771
1772 for (i = 0; i < host_record->count; ++i)
1773 {
1774 msgq[i].bKeep = TRUE;
1775
1776 Ustrncpy(msgq[i].message_id, host_record->text + (i * MESSAGE_ID_LENGTH),
1777 MESSAGE_ID_LENGTH);
1778 msgq[i].message_id[MESSAGE_ID_LENGTH] = 0;
1779 }
1780
1781 /* first thing remove current message id if it exists */
1782
1783 for (i = 0; i < msgq_count; ++i)
1784 if (Ustrcmp(msgq[i].message_id, message_id) == 0)
1785 {
1786 msgq[i].bKeep = FALSE;
1787 break;
1788 }
1789
1790 /* now find the next acceptable message_id */
1791
1792 for (i = msgq_count - 1; i >= 0; --i) if (msgq[i].bKeep)
1793 {
1794 uschar subdir[2];
1795
1796 subdir[0] = split_spool_directory ? msgq[i].message_id[5] : 0;
1797 subdir[1] = 0;
1798
1799 if (Ustat(spool_fname(US"input", subdir, msgq[i].message_id, US"-D"),
1800 &statbuf) != 0)
1801 msgq[i].bKeep = FALSE;
1802 else if (!oicf_func || oicf_func(msgq[i].message_id, oicf_data))
1803 {
1804 Ustrcpy(new_message_id, msgq[i].message_id);
1805 msgq[i].bKeep = FALSE;
1806 bFound = TRUE;
1807 break;
1808 }
1809 }
1810
1811 /* re-count */
1812 for (msgq_actual = 0, i = 0; i < msgq_count; ++i)
1813 if (msgq[i].bKeep)
1814 msgq_actual++;
1815
1816 /* reassemble the host record, based on removed message ids, from in
1817 memory queue */
1818
1819 if (msgq_actual <= 0)
1820 {
1821 host_length = 0;
1822 host_record->count = 0;
1823 }
1824 else
1825 {
1826 host_length = msgq_actual * MESSAGE_ID_LENGTH;
1827 host_record->count = msgq_actual;
1828
1829 if (msgq_actual < msgq_count)
1830 {
1831 int new_count;
1832 for (new_count = 0, i = 0; i < msgq_count; ++i)
1833 if (msgq[i].bKeep)
1834 Ustrncpy(&host_record->text[new_count++ * MESSAGE_ID_LENGTH],
1835 msgq[i].message_id, MESSAGE_ID_LENGTH);
1836
1837 host_record->text[new_count * MESSAGE_ID_LENGTH] = 0;
1838 }
1839 }
1840
1841/* Jeremy: check for a continuation record, this code I do not know how to
1842test but the code should work */
1843
1844 while (host_length <= 0)
1845 {
1846 int i;
1847 dbdata_wait * newr = NULL;
1848
1849 /* Search for a continuation */
1850
1851 for (i = host_record->sequence - 1; i >= 0 && !newr; i--)
1852 {
1853 sprintf(CS buffer, "%.200s:%d", hostname, i);
1854 newr = dbfn_read(dbm_file, buffer);
1855 }
1856
1857 /* If no continuation, delete the current and break the loop */
1858
1859 if (!newr)
1860 {
1861 dbfn_delete(dbm_file, hostname);
1862 break;
1863 }
1864
1865 /* Else replace the current with the continuation */
1866
1867 dbfn_delete(dbm_file, buffer);
1868 host_record = newr;
1869 host_length = host_record->count * MESSAGE_ID_LENGTH;
1870
1871 bContinuation = TRUE;
1872 }
1873
1874 if (bFound) /* Usual exit from main loop */
1875 {
1876 free (msgq);
1877 break;
1878 }
1879
1880 /* If host_length <= 0 we have emptied a record and not found a good message,
1881 and there are no continuation records. Otherwise there is a continuation
1882 record to process. */
1883
1884 if (host_length <= 0)
1885 {
1886 dbfn_close(dbm_file);
1887 DEBUG(D_transport) debug_printf("waiting messages already delivered\n");
1888 return FALSE;
1889 }
1890
1891 /* we were not able to find an acceptable message, nor was there a
1892 * continuation record. So bug out, outer logic will clean this up.
1893 */
1894
1895 if (!bContinuation)
1896 {
1897 Ustrcpy(new_message_id, message_id);
1898 dbfn_close(dbm_file);
1899 return FALSE;
1900 }
1901
1902 free(msgq);
1903 } /* we need to process a continuation record */
1904
1905/* Control gets here when an existing message has been encountered; its
1906id is in new_message_id, and host_length is the revised length of the
1907host record. If it is zero, the record has been removed. Update the
1908record if required, close the database, and return TRUE. */
1909
1910if (host_length > 0)
1911 {
1912 host_record->count = host_length/MESSAGE_ID_LENGTH;
1913
1914 dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length);
1915 *more = TRUE;
1916 }
1917
1918dbfn_close(dbm_file);
1919return TRUE;
1920}
1921
1922/*************************************************
1923* Deliver waiting message down same socket *
1924*************************************************/
1925
1926/* Fork a new exim process to deliver the message, and do a re-exec, both to
1927get a clean delivery process, and to regain root privilege in cases where it
1928has been given away.
1929
1930Arguments:
1931 transport_name to pass to the new process
1932 hostname ditto
1933 hostaddress ditto
1934 id the new message to process
1935 socket_fd the connected socket
1936
1937Returns: FALSE if fork fails; TRUE otherwise
1938*/
1939
1940BOOL
1941transport_pass_socket(const uschar *transport_name, const uschar *hostname,
1942 const uschar *hostaddress, uschar *id, int socket_fd)
1943{
1944pid_t pid;
1945int status;
1946
1947DEBUG(D_transport) debug_printf("transport_pass_socket entered\n");
1948
1949if ((pid = fork()) == 0)
1950 {
1951 int i = 16;
1952 const uschar **argv;
1953
1954 /* Disconnect entirely from the parent process. If we are running in the
1955 test harness, wait for a bit to allow the previous process time to finish,
1956 write the log, etc., so that the output is always in the same order for
1957 automatic comparison. */
1958
1959 if ((pid = fork()) != 0) _exit(EXIT_SUCCESS);
1960 if (running_in_test_harness) sleep(1);
1961
1962 /* Set up the calling arguments; use the standard function for the basics,
1963 but we have a number of extras that may be added. */
1964
1965 argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0);
1966
1967 if (smtp_use_dsn) argv[i++] = US"-MCD";
1968
1969 if (smtp_authenticated) argv[i++] = US"-MCA";
1970
1971 #ifdef SUPPORT_TLS
1972 if (tls_offered) argv[i++] = US"-MCT";
1973 #endif
1974
1975 if (smtp_use_size) argv[i++] = US"-MCS";
1976 if (smtp_use_pipelining) argv[i++] = US"-MCP";
1977
1978 if (queue_run_pid != (pid_t)0)
1979 {
1980 argv[i++] = US"-MCQ";
1981 argv[i++] = string_sprintf("%d", queue_run_pid);
1982 argv[i++] = string_sprintf("%d", queue_run_pipe);
1983 }
1984
1985 argv[i++] = US"-MC";
1986 argv[i++] = US transport_name;
1987 argv[i++] = US hostname;
1988 argv[i++] = US hostaddress;
1989 argv[i++] = string_sprintf("%d", continue_sequence + 1);
1990 argv[i++] = id;
1991 argv[i++] = NULL;
1992
1993 /* Arrange for the channel to be on stdin. */
1994
1995 if (socket_fd != 0)
1996 {
1997 (void)dup2(socket_fd, 0);
1998 (void)close(socket_fd);
1999 }
2000
2001 DEBUG(D_exec) debug_print_argv(argv);
2002 exim_nullstd(); /* Ensure std{out,err} exist */
2003 execv(CS argv[0], (char *const *)argv);
2004
2005 DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));
2006 _exit(errno); /* Note: must be _exit(), NOT exit() */
2007 }
2008
2009/* If the process creation succeeded, wait for the first-level child, which
2010immediately exits, leaving the second level process entirely disconnected from
2011this one. */
2012
2013if (pid > 0)
2014 {
2015 int rc;
2016 while ((rc = wait(&status)) != pid && (rc >= 0 || errno != ECHILD));
2017 DEBUG(D_transport) debug_printf("transport_pass_socket succeeded\n");
2018 return TRUE;
2019 }
2020else
2021 {
2022 DEBUG(D_transport) debug_printf("transport_pass_socket failed to fork: %s\n",
2023 strerror(errno));
2024 return FALSE;
2025 }
2026}
2027
2028
2029
2030/*************************************************
2031* Set up direct (non-shell) command *
2032*************************************************/
2033
2034/* This function is called when a command line is to be parsed and executed
2035directly, without the use of /bin/sh. It is called by the pipe transport,
2036the queryprogram router, and also from the main delivery code when setting up a
2037transport filter process. The code for ETRN also makes use of this; in that
2038case, no addresses are passed.
2039
2040Arguments:
2041 argvptr pointer to anchor for argv vector
2042 cmd points to the command string (modified IN PLACE)
2043 expand_arguments true if expansion is to occur
2044 expand_failed error value to set if expansion fails; not relevant if
2045 addr == NULL
2046 addr chain of addresses, or NULL
2047 etext text for use in error messages
2048 errptr where to put error message if addr is NULL;
2049 otherwise it is put in the first address
2050
2051Returns: TRUE if all went well; otherwise an error will be
2052 set in the first address and FALSE returned
2053*/
2054
2055BOOL
2056transport_set_up_command(const uschar ***argvptr, uschar *cmd,
2057 BOOL expand_arguments, int expand_failed, address_item *addr,
2058 uschar *etext, uschar **errptr)
2059{
2060address_item *ad;
2061const uschar **argv;
2062uschar *s, *ss;
2063int address_count = 0;
2064int argcount = 0;
2065int i, max_args;
2066
2067/* Get store in which to build an argument list. Count the number of addresses
2068supplied, and allow for that many arguments, plus an additional 60, which
2069should be enough for anybody. Multiple addresses happen only when the local
2070delivery batch option is set. */
2071
2072for (ad = addr; ad != NULL; ad = ad->next) address_count++;
2073max_args = address_count + 60;
2074*argvptr = argv = store_get((max_args+1)*sizeof(uschar *));
2075
2076/* Split the command up into arguments terminated by white space. Lose
2077trailing space at the start and end. Double-quoted arguments can contain \\ and
2078\" escapes and so can be handled by the standard function; single-quoted
2079arguments are verbatim. Copy each argument into a new string. */
2080
2081s = cmd;
2082while (isspace(*s)) s++;
2083
2084while (*s != 0 && argcount < max_args)
2085 {
2086 if (*s == '\'')
2087 {
2088 ss = s + 1;
2089 while (*ss != 0 && *ss != '\'') ss++;
2090 argv[argcount++] = ss = store_get(ss - s++);
2091 while (*s != 0 && *s != '\'') *ss++ = *s++;
2092 if (*s != 0) s++;
2093 *ss++ = 0;
2094 }
2095 else argv[argcount++] = string_copy(string_dequote(CUSS &s));
2096 while (isspace(*s)) s++;
2097 }
2098
2099argv[argcount] = (uschar *)0;
2100
2101/* If *s != 0 we have run out of argument slots. */
2102
2103if (*s != 0)
2104 {
2105 uschar *msg = string_sprintf("Too many arguments in command \"%s\" in "
2106 "%s", cmd, etext);
2107 if (addr != NULL)
2108 {
2109 addr->transport_return = FAIL;
2110 addr->message = msg;
2111 }
2112 else *errptr = msg;
2113 return FALSE;
2114 }
2115
2116/* Expand each individual argument if required. Expansion happens for pipes set
2117up in filter files and with directly-supplied commands. It does not happen if
2118the pipe comes from a traditional .forward file. A failing expansion is a big
2119disaster if the command came from Exim's configuration; if it came from a user
2120it is just a normal failure. The expand_failed value is used as the error value
2121to cater for these two cases.
2122
2123An argument consisting just of the text "$pipe_addresses" is treated specially.
2124It is not passed to the general expansion function. Instead, it is replaced by
2125a number of arguments, one for each address. This avoids problems with shell
2126metacharacters and spaces in addresses.
2127
2128If the parent of the top address has an original part of "system-filter", this
2129pipe was set up by the system filter, and we can permit the expansion of
2130$recipients. */
2131
2132DEBUG(D_transport)
2133 {
2134 debug_printf("direct command:\n");
2135 for (i = 0; argv[i] != (uschar *)0; i++)
2136 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
2137 }
2138
2139if (expand_arguments)
2140 {
2141 BOOL allow_dollar_recipients = addr != NULL &&
2142 addr->parent != NULL &&
2143 Ustrcmp(addr->parent->address, "system-filter") == 0;
2144
2145 for (i = 0; argv[i] != (uschar *)0; i++)
2146 {
2147
2148 /* Handle special fudge for passing an address list */
2149
2150 if (addr != NULL &&
2151 (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
2152 Ustrcmp(argv[i], "${pipe_addresses}") == 0))
2153 {
2154 int additional;
2155
2156 if (argcount + address_count - 1 > max_args)
2157 {
2158 addr->transport_return = FAIL;
2159 addr->message = string_sprintf("Too many arguments to command \"%s\" "
2160 "in %s", cmd, etext);
2161 return FALSE;
2162 }
2163
2164 additional = address_count - 1;
2165 if (additional > 0)
2166 memmove(argv + i + 1 + additional, argv + i + 1,
2167 (argcount - i)*sizeof(uschar *));
2168
2169 for (ad = addr; ad != NULL; ad = ad->next) {
2170 argv[i++] = ad->address;
2171 argcount++;
2172 }
2173
2174 /* Subtract one since we replace $pipe_addresses */
2175 argcount--;
2176 i--;
2177 }
2178
2179 /* Handle special case of $address_pipe when af_force_command is set */
2180
2181 else if (addr != NULL && testflag(addr,af_force_command) &&
2182 (Ustrcmp(argv[i], "$address_pipe") == 0 ||
2183 Ustrcmp(argv[i], "${address_pipe}") == 0))
2184 {
2185 int address_pipe_i;
2186 int address_pipe_argcount = 0;
2187 int address_pipe_max_args;
2188 uschar **address_pipe_argv;
2189
2190 /* We can never have more then the argv we will be loading into */
2191 address_pipe_max_args = max_args - argcount + 1;
2192
2193 DEBUG(D_transport)
2194 debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args);
2195
2196 /* We allocate an additional for (uschar *)0 */
2197 address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *));
2198
2199 /* +1 because addr->local_part[0] == '|' since af_force_command is set */
2200 s = expand_string(addr->local_part + 1);
2201
2202 if (s == NULL || *s == '\0')
2203 {
2204 addr->transport_return = FAIL;
2205 addr->message = string_sprintf("Expansion of \"%s\" "
2206 "from command \"%s\" in %s failed: %s",
2207 (addr->local_part + 1), cmd, etext, expand_string_message);
2208 return FALSE;
2209 }
2210
2211 while (isspace(*s)) s++; /* strip leading space */
2212
2213 while (*s != 0 && address_pipe_argcount < address_pipe_max_args)
2214 {
2215 if (*s == '\'')
2216 {
2217 ss = s + 1;
2218 while (*ss != 0 && *ss != '\'') ss++;
2219 address_pipe_argv[address_pipe_argcount++] = ss = store_get(ss - s++);
2220 while (*s != 0 && *s != '\'') *ss++ = *s++;
2221 if (*s != 0) s++;
2222 *ss++ = 0;
2223 }
2224 else address_pipe_argv[address_pipe_argcount++] =
2225 string_copy(string_dequote(CUSS &s));
2226 while (isspace(*s)) s++; /* strip space after arg */
2227 }
2228
2229 address_pipe_argv[address_pipe_argcount] = (uschar *)0;
2230
2231 /* If *s != 0 we have run out of argument slots. */
2232 if (*s != 0)
2233 {
2234 uschar *msg = string_sprintf("Too many arguments in $address_pipe "
2235 "\"%s\" in %s", addr->local_part + 1, etext);
2236 if (addr != NULL)
2237 {
2238 addr->transport_return = FAIL;
2239 addr->message = msg;
2240 }
2241 else *errptr = msg;
2242 return FALSE;
2243 }
2244
2245 /* address_pipe_argcount - 1
2246 * because we are replacing $address_pipe in the argument list
2247 * with the first thing it expands to */
2248 if (argcount + address_pipe_argcount - 1 > max_args)
2249 {
2250 addr->transport_return = FAIL;
2251 addr->message = string_sprintf("Too many arguments to command "
2252 "\"%s\" after expanding $address_pipe in %s", cmd, etext);
2253 return FALSE;
2254 }
2255
2256 /* If we are not just able to replace the slot that contained
2257 * $address_pipe (address_pipe_argcount == 1)
2258 * We have to move the existing argv by address_pipe_argcount - 1
2259 * Visually if address_pipe_argcount == 2:
2260 * [argv 0][argv 1][argv 2($address_pipe)][argv 3][0]
2261 * [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0]
2262 */
2263 if (address_pipe_argcount > 1)
2264 memmove(
2265 /* current position + additonal args */
2266 argv + i + address_pipe_argcount,
2267 /* current position + 1 (for the (uschar *)0 at the end) */
2268 argv + i + 1,
2269 /* -1 for the (uschar *)0 at the end)*/
2270 (argcount - i)*sizeof(uschar *)
2271 );
2272
2273 /* Now we fill in the slots we just moved argv out of
2274 * [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0]
2275 */
2276 for (address_pipe_i = 0;
2277 address_pipe_argv[address_pipe_i] != (uschar *)0;
2278 address_pipe_i++)
2279 {
2280 argv[i++] = address_pipe_argv[address_pipe_i];
2281 argcount++;
2282 }
2283
2284 /* Subtract one since we replace $address_pipe */
2285 argcount--;
2286 i--;
2287 }
2288
2289 /* Handle normal expansion string */
2290
2291 else
2292 {
2293 const uschar *expanded_arg;
2294 enable_dollar_recipients = allow_dollar_recipients;
2295 expanded_arg = expand_cstring(argv[i]);
2296 enable_dollar_recipients = FALSE;
2297
2298 if (expanded_arg == NULL)
2299 {
2300 uschar *msg = string_sprintf("Expansion of \"%s\" "
2301 "from command \"%s\" in %s failed: %s",
2302 argv[i], cmd, etext, expand_string_message);
2303 if (addr != NULL)
2304 {
2305 addr->transport_return = expand_failed;
2306 addr->message = msg;
2307 }
2308 else *errptr = msg;
2309 return FALSE;
2310 }
2311 argv[i] = expanded_arg;
2312 }
2313 }
2314
2315 DEBUG(D_transport)
2316 {
2317 debug_printf("direct command after expansion:\n");
2318 for (i = 0; argv[i] != (uschar *)0; i++)
2319 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
2320 }
2321 }
2322
2323return TRUE;
2324}
2325
2326/* vi: aw ai sw=2
2327*/
2328/* End of transport.c */
Unnamed repository; edit this file 'description' to name the repository.