Performance timing measurements
[exim.git] / src / src / exim.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* The main function: entry point, initialization, and high-level control.
10 Also a few functions that don't naturally fit elsewhere. */
11
12
13 #include "exim.h"
14
15 #if defined(__GLIBC__) && !defined(__UCLIBC__)
16 # include <gnu/libc-version.h>
17 #endif
18
19 #ifdef USE_GNUTLS
20 # include <gnutls/gnutls.h>
21 # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP)
22 # define DISABLE_OCSP
23 # endif
24 #endif
25
26 extern void init_lookup_list(void);
27
28
29
30 /*************************************************
31 * Function interface to store functions *
32 *************************************************/
33
34 /* We need some real functions to pass to the PCRE regular expression library
35 for store allocation via Exim's store manager. The normal calls are actually
36 macros that pass over location information to make tracing easier. These
37 functions just interface to the standard macro calls. A good compiler will
38 optimize out the tail recursion and so not make them too expensive. There
39 are two sets of functions; one for use when we want to retain the compiled
40 regular expression for a long time; the other for short-term use. */
41
42 static void *
43 function_store_get(size_t size)
44 {
45 /* For now, regard all RE results as potentially tainted. We might need
46 more intelligence on this point. */
47 return store_get((int)size, TRUE);
48 }
49
50 static void
51 function_dummy_free(void *block) { block = block; }
52
53 static void *
54 function_store_malloc(size_t size)
55 {
56 return store_malloc((int)size);
57 }
58
59 static void
60 function_store_free(void *block)
61 {
62 store_free(block);
63 }
64
65
66
67
68 /*************************************************
69 * Enums for cmdline interface *
70 *************************************************/
71
72 enum commandline_info { CMDINFO_NONE=0,
73 CMDINFO_HELP, CMDINFO_SIEVE, CMDINFO_DSCP };
74
75
76
77
78 /*************************************************
79 * Compile regular expression and panic on fail *
80 *************************************************/
81
82 /* This function is called when failure to compile a regular expression leads
83 to a panic exit. In other cases, pcre_compile() is called directly. In many
84 cases where this function is used, the results of the compilation are to be
85 placed in long-lived store, so we temporarily reset the store management
86 functions that PCRE uses if the use_malloc flag is set.
87
88 Argument:
89 pattern the pattern to compile
90 caseless TRUE if caseless matching is required
91 use_malloc TRUE if compile into malloc store
92
93 Returns: pointer to the compiled pattern
94 */
95
96 const pcre *
97 regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc)
98 {
99 int offset;
100 int options = PCRE_COPT;
101 const pcre *yield;
102 const uschar *error;
103 if (use_malloc)
104 {
105 pcre_malloc = function_store_malloc;
106 pcre_free = function_store_free;
107 }
108 if (caseless) options |= PCRE_CASELESS;
109 yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL);
110 pcre_malloc = function_store_get;
111 pcre_free = function_dummy_free;
112 if (yield == NULL)
113 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: "
114 "%s at offset %d while compiling %s", error, offset, pattern);
115 return yield;
116 }
117
118
119
120
121 /*************************************************
122 * Execute regular expression and set strings *
123 *************************************************/
124
125 /* This function runs a regular expression match, and sets up the pointers to
126 the matched substrings.
127
128 Arguments:
129 re the compiled expression
130 subject the subject string
131 options additional PCRE options
132 setup if < 0 do full setup
133 if >= 0 setup from setup+1 onwards,
134 excluding the full matched string
135
136 Returns: TRUE or FALSE
137 */
138
139 BOOL
140 regex_match_and_setup(const pcre *re, const uschar *subject, int options, int setup)
141 {
142 int ovector[3*(EXPAND_MAXN+1)];
143 uschar * s = string_copy(subject); /* de-constifying */
144 int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0,
145 PCRE_EOPT | options, ovector, nelem(ovector));
146 BOOL yield = n >= 0;
147 if (n == 0) n = EXPAND_MAXN + 1;
148 if (yield)
149 {
150 expand_nmax = setup < 0 ? 0 : setup + 1;
151 for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2)
152 {
153 expand_nstring[expand_nmax] = s + ovector[nn];
154 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
155 }
156 expand_nmax--;
157 }
158 return yield;
159 }
160
161
162
163
164 /*************************************************
165 * Set up processing details *
166 *************************************************/
167
168 /* Save a text string for dumping when SIGUSR1 is received.
169 Do checks for overruns.
170
171 Arguments: format and arguments, as for printf()
172 Returns: nothing
173 */
174
175 void
176 set_process_info(const char *format, ...)
177 {
178 gstring gs = { .size = PROCESS_INFO_SIZE - 2, .ptr = 0, .s = process_info };
179 gstring * g;
180 int len;
181 va_list ap;
182
183 g = string_fmt_append(&gs, "%5d ", (int)getpid());
184 len = g->ptr;
185 va_start(ap, format);
186 if (!string_vformat(g, 0, format, ap))
187 {
188 gs.ptr = len;
189 g = string_cat(&gs, US"**** string overflowed buffer ****");
190 }
191 g = string_catn(g, US"\n", 1);
192 string_from_gstring(g);
193 process_info_len = g->ptr;
194 DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info);
195 va_end(ap);
196 }
197
198 /***********************************************
199 * Handler for SIGTERM *
200 ***********************************************/
201
202 static void
203 term_handler(int sig)
204 {
205 exit(1);
206 }
207
208
209 /*************************************************
210 * Handler for SIGUSR1 *
211 *************************************************/
212
213 /* SIGUSR1 causes any exim process to write to the process log details of
214 what it is currently doing. It will only be used if the OS is capable of
215 setting up a handler that causes automatic restarting of any system call
216 that is in progress at the time.
217
218 This function takes care to be signal-safe.
219
220 Argument: the signal number (SIGUSR1)
221 Returns: nothing
222 */
223
224 static void
225 usr1_handler(int sig)
226 {
227 int fd;
228
229 os_restarting_signal(sig, usr1_handler);
230
231 if ((fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE)) < 0)
232 {
233 /* If we are already running as the Exim user, try to create it in the
234 current process (assuming spool_directory exists). Otherwise, if we are
235 root, do the creation in an exim:exim subprocess. */
236
237 int euid = geteuid();
238 if (euid == exim_uid)
239 fd = Uopen(process_log_path, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
240 else if (euid == root_uid)
241 fd = log_create_as_exim(process_log_path);
242 }
243
244 /* If we are neither exim nor root, or if we failed to create the log file,
245 give up. There is not much useful we can do with errors, since we don't want
246 to disrupt whatever is going on outside the signal handler. */
247
248 if (fd < 0) return;
249
250 (void)write(fd, process_info, process_info_len);
251 (void)close(fd);
252 }
253
254
255
256 /*************************************************
257 * Timeout handler *
258 *************************************************/
259
260 /* This handler is enabled most of the time that Exim is running. The handler
261 doesn't actually get used unless alarm() has been called to set a timer, to
262 place a time limit on a system call of some kind. When the handler is run, it
263 re-enables itself.
264
265 There are some other SIGALRM handlers that are used in special cases when more
266 than just a flag setting is required; for example, when reading a message's
267 input. These are normally set up in the code module that uses them, and the
268 SIGALRM handler is reset to this one afterwards.
269
270 Argument: the signal value (SIGALRM)
271 Returns: nothing
272 */
273
274 void
275 sigalrm_handler(int sig)
276 {
277 sig = sig; /* Keep picky compilers happy */
278 sigalrm_seen = TRUE;
279 os_non_restarting_signal(SIGALRM, sigalrm_handler);
280 }
281
282
283
284 /*************************************************
285 * Sleep for a fractional time interval *
286 *************************************************/
287
288 /* This function is called by millisleep() and exim_wait_tick() to wait for a
289 period of time that may include a fraction of a second. The coding is somewhat
290 tedious. We do not expect setitimer() ever to fail, but if it does, the process
291 will wait for ever, so we panic in this instance. (There was a case of this
292 when a bug in a function that calls milliwait() caused it to pass invalid data.
293 That's when I added the check. :-)
294
295 We assume it to be not worth sleeping for under 100us; this value will
296 require revisiting as hardware advances. This avoids the issue of
297 a zero-valued timer setting meaning "never fire".
298
299 Argument: an itimerval structure containing the interval
300 Returns: nothing
301 */
302
303 static void
304 milliwait(struct itimerval *itval)
305 {
306 sigset_t sigmask;
307 sigset_t old_sigmask;
308
309 if (itval->it_value.tv_usec < 100 && itval->it_value.tv_sec == 0)
310 return;
311 (void)sigemptyset(&sigmask); /* Empty mask */
312 (void)sigaddset(&sigmask, SIGALRM); /* Add SIGALRM */
313 (void)sigprocmask(SIG_BLOCK, &sigmask, &old_sigmask); /* Block SIGALRM */
314 if (setitimer(ITIMER_REAL, itval, NULL) < 0) /* Start timer */
315 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
316 "setitimer() failed: %s", strerror(errno));
317 (void)sigfillset(&sigmask); /* All signals */
318 (void)sigdelset(&sigmask, SIGALRM); /* Remove SIGALRM */
319 (void)sigsuspend(&sigmask); /* Until SIGALRM */
320 (void)sigprocmask(SIG_SETMASK, &old_sigmask, NULL); /* Restore mask */
321 }
322
323
324
325
326 /*************************************************
327 * Millisecond sleep function *
328 *************************************************/
329
330 /* The basic sleep() function has a granularity of 1 second, which is too rough
331 in some cases - for example, when using an increasing delay to slow down
332 spammers.
333
334 Argument: number of millseconds
335 Returns: nothing
336 */
337
338 void
339 millisleep(int msec)
340 {
341 struct itimerval itval;
342 itval.it_interval.tv_sec = 0;
343 itval.it_interval.tv_usec = 0;
344 itval.it_value.tv_sec = msec/1000;
345 itval.it_value.tv_usec = (msec % 1000) * 1000;
346 milliwait(&itval);
347 }
348
349
350
351 /*************************************************
352 * Compare microsecond times *
353 *************************************************/
354
355 /*
356 Arguments:
357 tv1 the first time
358 tv2 the second time
359
360 Returns: -1, 0, or +1
361 */
362
363 static int
364 exim_tvcmp(struct timeval *t1, struct timeval *t2)
365 {
366 if (t1->tv_sec > t2->tv_sec) return +1;
367 if (t1->tv_sec < t2->tv_sec) return -1;
368 if (t1->tv_usec > t2->tv_usec) return +1;
369 if (t1->tv_usec < t2->tv_usec) return -1;
370 return 0;
371 }
372
373
374
375
376 /*************************************************
377 * Clock tick wait function *
378 *************************************************/
379
380 /* Exim uses a time + a pid to generate a unique identifier in two places: its
381 message IDs, and in file names for maildir deliveries. Because some OS now
382 re-use pids within the same second, sub-second times are now being used.
383 However, for absolute certainty, we must ensure the clock has ticked before
384 allowing the relevant process to complete. At the time of implementation of
385 this code (February 2003), the speed of processors is such that the clock will
386 invariably have ticked already by the time a process has done its job. This
387 function prepares for the time when things are faster - and it also copes with
388 clocks that go backwards.
389
390 Arguments:
391 then_tv A timeval which was used to create uniqueness; its usec field
392 has been rounded down to the value of the resolution.
393 We want to be sure the current time is greater than this.
394 resolution The resolution that was used to divide the microseconds
395 (1 for maildir, larger for message ids)
396
397 Returns: nothing
398 */
399
400 void
401 exim_wait_tick(struct timeval *then_tv, int resolution)
402 {
403 struct timeval now_tv;
404 long int now_true_usec;
405
406 (void)gettimeofday(&now_tv, NULL);
407 now_true_usec = now_tv.tv_usec;
408 now_tv.tv_usec = (now_true_usec/resolution) * resolution;
409
410 if (exim_tvcmp(&now_tv, then_tv) <= 0)
411 {
412 struct itimerval itval;
413 itval.it_interval.tv_sec = 0;
414 itval.it_interval.tv_usec = 0;
415 itval.it_value.tv_sec = then_tv->tv_sec - now_tv.tv_sec;
416 itval.it_value.tv_usec = then_tv->tv_usec + resolution - now_true_usec;
417
418 /* We know that, overall, "now" is less than or equal to "then". Therefore, a
419 negative value for the microseconds is possible only in the case when "now"
420 is more than a second less than "then". That means that itval.it_value.tv_sec
421 is greater than zero. The following correction is therefore safe. */
422
423 if (itval.it_value.tv_usec < 0)
424 {
425 itval.it_value.tv_usec += 1000000;
426 itval.it_value.tv_sec -= 1;
427 }
428
429 DEBUG(D_transport|D_receive)
430 {
431 if (!f.running_in_test_harness)
432 {
433 debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n",
434 then_tv->tv_sec, (long) then_tv->tv_usec,
435 now_tv.tv_sec, (long) now_tv.tv_usec);
436 debug_printf("waiting " TIME_T_FMT ".%06lu\n",
437 itval.it_value.tv_sec, (long) itval.it_value.tv_usec);
438 }
439 }
440
441 milliwait(&itval);
442 }
443 }
444
445
446
447
448 /*************************************************
449 * Call fopen() with umask 777 and adjust mode *
450 *************************************************/
451
452 /* Exim runs with umask(0) so that files created with open() have the mode that
453 is specified in the open() call. However, there are some files, typically in
454 the spool directory, that are created with fopen(). They end up world-writeable
455 if no precautions are taken. Although the spool directory is not accessible to
456 the world, this is an untidiness. So this is a wrapper function for fopen()
457 that sorts out the mode of the created file.
458
459 Arguments:
460 filename the file name
461 options the fopen() options
462 mode the required mode
463
464 Returns: the fopened FILE or NULL
465 */
466
467 FILE *
468 modefopen(const uschar *filename, const char *options, mode_t mode)
469 {
470 mode_t saved_umask = umask(0777);
471 FILE *f = Ufopen(filename, options);
472 (void)umask(saved_umask);
473 if (f != NULL) (void)fchmod(fileno(f), mode);
474 return f;
475 }
476
477
478 /*************************************************
479 * Ensure stdin, stdout, and stderr exist *
480 *************************************************/
481
482 /* Some operating systems grumble if an exec() happens without a standard
483 input, output, and error (fds 0, 1, 2) being defined. The worry is that some
484 file will be opened and will use these fd values, and then some other bit of
485 code will assume, for example, that it can write error messages to stderr.
486 This function ensures that fds 0, 1, and 2 are open if they do not already
487 exist, by connecting them to /dev/null.
488
489 This function is also used to ensure that std{in,out,err} exist at all times,
490 so that if any library that Exim calls tries to use them, it doesn't crash.
491
492 Arguments: None
493 Returns: Nothing
494 */
495
496 void
497 exim_nullstd(void)
498 {
499 int devnull = -1;
500 struct stat statbuf;
501 for (int i = 0; i <= 2; i++)
502 {
503 if (fstat(i, &statbuf) < 0 && errno == EBADF)
504 {
505 if (devnull < 0) devnull = open("/dev/null", O_RDWR);
506 if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
507 string_open_failed(errno, "/dev/null", NULL));
508 if (devnull != i) (void)dup2(devnull, i);
509 }
510 }
511 if (devnull > 2) (void)close(devnull);
512 }
513
514
515
516
517 /*************************************************
518 * Close unwanted file descriptors for delivery *
519 *************************************************/
520
521 /* This function is called from a new process that has been forked to deliver
522 an incoming message, either directly, or using exec.
523
524 We want any smtp input streams to be closed in this new process. However, it
525 has been observed that using fclose() here causes trouble. When reading in -bS
526 input, duplicate copies of messages have been seen. The files will be sharing a
527 file pointer with the parent process, and it seems that fclose() (at least on
528 some systems - I saw this on Solaris 2.5.1) messes with that file pointer, at
529 least sometimes. Hence we go for closing the underlying file descriptors.
530
531 If TLS is active, we want to shut down the TLS library, but without molesting
532 the parent's SSL connection.
533
534 For delivery of a non-SMTP message, we want to close stdin and stdout (and
535 stderr unless debugging) because the calling process might have set them up as
536 pipes and be waiting for them to close before it waits for the submission
537 process to terminate. If they aren't closed, they hold up the calling process
538 until the initial delivery process finishes, which is not what we want.
539
540 Exception: We do want it for synchronous delivery!
541
542 And notwithstanding all the above, if D_resolver is set, implying resolver
543 debugging, leave stdout open, because that's where the resolver writes its
544 debugging output.
545
546 When we close stderr (which implies we've also closed stdout), we also get rid
547 of any controlling terminal.
548
549 Arguments: None
550 Returns: Nothing
551 */
552
553 static void
554 close_unwanted(void)
555 {
556 if (smtp_input)
557 {
558 #ifndef DISABLE_TLS
559 tls_close(NULL, TLS_NO_SHUTDOWN); /* Shut down the TLS library */
560 #endif
561 (void)close(fileno(smtp_in));
562 (void)close(fileno(smtp_out));
563 smtp_in = NULL;
564 }
565 else
566 {
567 (void)close(0); /* stdin */
568 if ((debug_selector & D_resolver) == 0) (void)close(1); /* stdout */
569 if (debug_selector == 0) /* stderr */
570 {
571 if (!f.synchronous_delivery)
572 {
573 (void)close(2);
574 log_stderr = NULL;
575 }
576 (void)setsid();
577 }
578 }
579 }
580
581
582
583
584 /*************************************************
585 * Set uid and gid *
586 *************************************************/
587
588 /* This function sets a new uid and gid permanently, optionally calling
589 initgroups() to set auxiliary groups. There are some special cases when running
590 Exim in unprivileged modes. In these situations the effective uid will not be
591 root; if we already have the right effective uid/gid, and don't need to
592 initialize any groups, leave things as they are.
593
594 Arguments:
595 uid the uid
596 gid the gid
597 igflag TRUE if initgroups() wanted
598 msg text to use in debugging output and failure log
599
600 Returns: nothing; bombs out on failure
601 */
602
603 void
604 exim_setugid(uid_t uid, gid_t gid, BOOL igflag, uschar *msg)
605 {
606 uid_t euid = geteuid();
607 gid_t egid = getegid();
608
609 if (euid == root_uid || euid != uid || egid != gid || igflag)
610 {
611 /* At least one OS returns +1 for initgroups failure, so just check for
612 non-zero. */
613
614 if (igflag)
615 {
616 struct passwd *pw = getpwuid(uid);
617 if (!pw)
618 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): "
619 "no passwd entry for uid=%ld", (long int)uid);
620
621 if (initgroups(pw->pw_name, gid) != 0)
622 log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s",
623 (long int)uid, strerror(errno));
624 }
625
626 if (setgid(gid) < 0 || setuid(uid) < 0)
627 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to set gid=%ld or uid=%ld "
628 "(euid=%ld): %s", (long int)gid, (long int)uid, (long int)euid, msg);
629 }
630
631 /* Debugging output included uid/gid and all groups */
632
633 DEBUG(D_uid)
634 {
635 int group_count, save_errno;
636 gid_t group_list[EXIM_GROUPLIST_SIZE];
637 debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg,
638 (long int)geteuid(), (long int)getegid(), (long int)getpid());
639 group_count = getgroups(nelem(group_list), group_list);
640 save_errno = errno;
641 debug_printf(" auxiliary group list:");
642 if (group_count > 0)
643 for (int i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]);
644 else if (group_count < 0)
645 debug_printf(" <error: %s>", strerror(save_errno));
646 else debug_printf(" <none>");
647 debug_printf("\n");
648 }
649 }
650
651
652
653
654 /*************************************************
655 * Exit point *
656 *************************************************/
657
658 /* Exim exits via this function so that it always clears up any open
659 databases.
660
661 Arguments:
662 rc return code
663
664 Returns: does not return
665 */
666
667 void
668 exim_exit(int rc, const uschar * process)
669 {
670 search_tidyup();
671 store_exit();
672 DEBUG(D_any)
673 debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d %s%s%sterminating with rc=%d "
674 ">>>>>>>>>>>>>>>>\n", (int)getpid(),
675 process ? "(" : "", process, process ? ") " : "", rc);
676 exit(rc);
677 }
678
679
680 void
681 exim_underbar_exit(int rc)
682 {
683 store_exit();
684 _exit(rc);
685 }
686
687
688
689 /* Print error string, then die */
690 static void
691 exim_fail(const char * fmt, ...)
692 {
693 va_list ap;
694 va_start(ap, fmt);
695 vfprintf(stderr, fmt, ap);
696 exit(EXIT_FAILURE);
697 }
698
699 /* exim_chown_failure() called from exim_chown()/exim_fchown() on failure
700 of chown()/fchown(). See src/functions.h for more explanation */
701 int
702 exim_chown_failure(int fd, const uschar *name, uid_t owner, gid_t group)
703 {
704 int saved_errno = errno; /* from the preceeding chown call */
705 #if 1
706 log_write(0, LOG_MAIN|LOG_PANIC,
707 __FILE__ ":%d: chown(%s, %d:%d) failed (%s)."
708 " Please contact the authors and refer to https://bugs.exim.org/show_bug.cgi?id=2391",
709 __LINE__, name?name:US"<unknown>", owner, group, strerror(errno));
710 #else
711 /* I leave this here, commented, in case the "bug"(?) comes up again.
712 It is not an Exim bug, but we can provide a workaround.
713 See Bug 2391
714 HS 2019-04-18 */
715
716 struct stat buf;
717
718 if (0 == (fd < 0 ? stat(name, &buf) : fstat(fd, &buf)))
719 {
720 if (buf.st_uid == owner && buf.st_gid == group) return 0;
721 log_write(0, LOG_MAIN|LOG_PANIC, "Wrong ownership on %s", name);
722 }
723 else log_write(0, LOG_MAIN|LOG_PANIC, "Stat failed on %s: %s", name, strerror(errno));
724
725 #endif
726 errno = saved_errno;
727 return -1;
728 }
729
730
731 /*************************************************
732 * Extract port from host address *
733 *************************************************/
734
735 /* Called to extract the port from the values given to -oMa and -oMi.
736 It also checks the syntax of the address, and terminates it before the
737 port data when a port is extracted.
738
739 Argument:
740 address the address, with possible port on the end
741
742 Returns: the port, or zero if there isn't one
743 bombs out on a syntax error
744 */
745
746 static int
747 check_port(uschar *address)
748 {
749 int port = host_address_extract_port(address);
750 if (string_is_ip_address(address, NULL) == 0)
751 exim_fail("exim abandoned: \"%s\" is not an IP address\n", address);
752 return port;
753 }
754
755
756
757 /*************************************************
758 * Test/verify an address *
759 *************************************************/
760
761 /* This function is called by the -bv and -bt code. It extracts a working
762 address from a full RFC 822 address. This isn't really necessary per se, but it
763 has the effect of collapsing source routes.
764
765 Arguments:
766 s the address string
767 flags flag bits for verify_address()
768 exit_value to be set for failures
769
770 Returns: nothing
771 */
772
773 static void
774 test_address(uschar *s, int flags, int *exit_value)
775 {
776 int start, end, domain;
777 uschar *parse_error = NULL;
778 uschar *address = parse_extract_address(s, &parse_error, &start, &end, &domain,
779 FALSE);
780 if (address == NULL)
781 {
782 fprintf(stdout, "syntax error: %s\n", parse_error);
783 *exit_value = 2;
784 }
785 else
786 {
787 int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1,
788 -1, -1, NULL, NULL, NULL);
789 if (rc == FAIL) *exit_value = 2;
790 else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
791 }
792 }
793
794
795
796 /*************************************************
797 * Show supported features *
798 *************************************************/
799
800 static void
801 show_db_version(FILE * f)
802 {
803 #ifdef DB_VERSION_STRING
804 DEBUG(D_any)
805 {
806 fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
807 fprintf(f, " Runtime: %s\n",
808 db_version(NULL, NULL, NULL));
809 }
810 else
811 fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING);
812
813 #elif defined(BTREEVERSION) && defined(HASHVERSION)
814 #ifdef USE_DB
815 fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n");
816 #else
817 fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n");
818 #endif
819
820 #elif defined(_DBM_RDONLY) || defined(dbm_dirfno)
821 fprintf(f, "Probably ndbm\n");
822 #elif defined(USE_TDB)
823 fprintf(f, "Using tdb\n");
824 #else
825 #ifdef USE_GDBM
826 fprintf(f, "Probably GDBM (native mode)\n");
827 #else
828 fprintf(f, "Probably GDBM (compatibility mode)\n");
829 #endif
830 #endif
831 }
832
833
834 /* This function is called for -bV/--version and for -d to output the optional
835 features of the current Exim binary.
836
837 Arguments: a FILE for printing
838 Returns: nothing
839 */
840
841 static void
842 show_whats_supported(FILE * fp)
843 {
844 DEBUG(D_any) {} else show_db_version(fp);
845
846 fprintf(fp, "Support for:");
847 #ifdef SUPPORT_CRYPTEQ
848 fprintf(fp, " crypteq");
849 #endif
850 #if HAVE_ICONV
851 fprintf(fp, " iconv()");
852 #endif
853 #if HAVE_IPV6
854 fprintf(fp, " IPv6");
855 #endif
856 #ifdef HAVE_SETCLASSRESOURCES
857 fprintf(fp, " use_setclassresources");
858 #endif
859 #ifdef SUPPORT_PAM
860 fprintf(fp, " PAM");
861 #endif
862 #ifdef EXIM_PERL
863 fprintf(fp, " Perl");
864 #endif
865 #ifdef EXPAND_DLFUNC
866 fprintf(fp, " Expand_dlfunc");
867 #endif
868 #ifdef USE_TCP_WRAPPERS
869 fprintf(fp, " TCPwrappers");
870 #endif
871 #ifdef USE_GNUTLS
872 fprintf(fp, " GnuTLS");
873 #endif
874 #ifdef USE_OPENSSL
875 fprintf(fp, " OpenSSL");
876 #endif
877 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
878 fprintf(fp, " translate_ip_address");
879 #endif
880 #ifdef SUPPORT_MOVE_FROZEN_MESSAGES
881 fprintf(fp, " move_frozen_messages");
882 #endif
883 #ifdef WITH_CONTENT_SCAN
884 fprintf(fp, " Content_Scanning");
885 #endif
886 #ifdef SUPPORT_DANE
887 fprintf(fp, " DANE");
888 #endif
889 #ifndef DISABLE_DKIM
890 fprintf(fp, " DKIM");
891 #endif
892 #ifndef DISABLE_DNSSEC
893 fprintf(fp, " DNSSEC");
894 #endif
895 #ifndef DISABLE_EVENT
896 fprintf(fp, " Event");
897 #endif
898 #ifdef SUPPORT_I18N
899 fprintf(fp, " I18N");
900 #endif
901 #ifndef DISABLE_OCSP
902 fprintf(fp, " OCSP");
903 #endif
904 #ifdef SUPPORT_PIPE_CONNECT
905 fprintf(fp, " PIPE_CONNECT");
906 #endif
907 #ifndef DISABLE_PRDR
908 fprintf(fp, " PRDR");
909 #endif
910 #ifdef SUPPORT_PROXY
911 fprintf(fp, " PROXY");
912 #endif
913 #ifdef SUPPORT_SOCKS
914 fprintf(fp, " SOCKS");
915 #endif
916 #ifdef SUPPORT_SPF
917 fprintf(fp, " SPF");
918 #endif
919 #ifdef SUPPORT_DMARC
920 fprintf(fp, " DMARC");
921 #endif
922 #ifdef TCP_FASTOPEN
923 deliver_init();
924 if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open");
925 #endif
926 #ifdef EXPERIMENTAL_LMDB
927 fprintf(fp, " Experimental_LMDB");
928 #endif
929 #ifdef EXPERIMENTAL_QUEUEFILE
930 fprintf(fp, " Experimental_QUEUEFILE");
931 #endif
932 #ifdef EXPERIMENTAL_SRS
933 fprintf(fp, " Experimental_SRS");
934 #endif
935 #ifdef EXPERIMENTAL_ARC
936 fprintf(fp, " Experimental_ARC");
937 #endif
938 #ifdef EXPERIMENTAL_BRIGHTMAIL
939 fprintf(fp, " Experimental_Brightmail");
940 #endif
941 #ifdef EXPERIMENTAL_DCC
942 fprintf(fp, " Experimental_DCC");
943 #endif
944 #ifdef EXPERIMENTAL_DSN_INFO
945 fprintf(fp, " Experimental_DSN_info");
946 #endif
947 #ifdef EXPERIMENTAL_TLS_RESUME
948 fprintf(fp, " Experimental_TLS_resume");
949 #endif
950 fprintf(fp, "\n");
951
952 fprintf(fp, "Lookups (built-in):");
953 #if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2
954 fprintf(fp, " lsearch wildlsearch nwildlsearch iplsearch");
955 #endif
956 #if defined(LOOKUP_CDB) && LOOKUP_CDB!=2
957 fprintf(fp, " cdb");
958 #endif
959 #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2
960 fprintf(fp, " dbm dbmjz dbmnz");
961 #endif
962 #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2
963 fprintf(fp, " dnsdb");
964 #endif
965 #if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2
966 fprintf(fp, " dsearch");
967 #endif
968 #if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2
969 fprintf(fp, " ibase");
970 #endif
971 #if defined(LOOKUP_JSON) && LOOKUP_JSON!=2
972 fprintf(fp, " json");
973 #endif
974 #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2
975 fprintf(fp, " ldap ldapdn ldapm");
976 #endif
977 #ifdef EXPERIMENTAL_LMDB
978 fprintf(fp, " lmdb");
979 #endif
980 #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2
981 fprintf(fp, " mysql");
982 #endif
983 #if defined(LOOKUP_NIS) && LOOKUP_NIS!=2
984 fprintf(fp, " nis nis0");
985 #endif
986 #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2
987 fprintf(fp, " nisplus");
988 #endif
989 #if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2
990 fprintf(fp, " oracle");
991 #endif
992 #if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2
993 fprintf(fp, " passwd");
994 #endif
995 #if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2
996 fprintf(fp, " pgsql");
997 #endif
998 #if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2
999 fprintf(fp, " redis");
1000 #endif
1001 #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2
1002 fprintf(fp, " sqlite");
1003 #endif
1004 #if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2
1005 fprintf(fp, " testdb");
1006 #endif
1007 #if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2
1008 fprintf(fp, " whoson");
1009 #endif
1010 fprintf(fp, "\n");
1011
1012 auth_show_supported(fp);
1013 route_show_supported(fp);
1014 transport_show_supported(fp);
1015
1016 #ifdef WITH_CONTENT_SCAN
1017 malware_show_supported(fp);
1018 #endif
1019
1020 if (fixed_never_users[0] > 0)
1021 {
1022 int i;
1023 fprintf(fp, "Fixed never_users: ");
1024 for (i = 1; i <= (int)fixed_never_users[0] - 1; i++)
1025 fprintf(fp, "%d:", (unsigned int)fixed_never_users[i]);
1026 fprintf(fp, "%d\n", (unsigned int)fixed_never_users[i]);
1027 }
1028
1029 fprintf(fp, "Configure owner: %d:%d\n", config_uid, config_gid);
1030
1031 fprintf(fp, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
1032
1033 /* Everything else is details which are only worth reporting when debugging.
1034 Perhaps the tls_version_report should move into this too. */
1035 DEBUG(D_any) do {
1036
1037 /* clang defines __GNUC__ (at least, for me) so test for it first */
1038 #if defined(__clang__)
1039 fprintf(fp, "Compiler: CLang [%s]\n", __clang_version__);
1040 #elif defined(__GNUC__)
1041 fprintf(fp, "Compiler: GCC [%s]\n",
1042 # ifdef __VERSION__
1043 __VERSION__
1044 # else
1045 "? unknown version ?"
1046 # endif
1047 );
1048 #else
1049 fprintf(fp, "Compiler: <unknown>\n");
1050 #endif
1051
1052 #if defined(__GLIBC__) && !defined(__UCLIBC__)
1053 fprintf(fp, "Library version: Glibc: Compile: %d.%d\n",
1054 __GLIBC__, __GLIBC_MINOR__);
1055 if (__GLIBC_PREREQ(2, 1))
1056 fprintf(fp, " Runtime: %s\n",
1057 gnu_get_libc_version());
1058 #endif
1059
1060 show_db_version(fp);
1061
1062 #ifndef DISABLE_TLS
1063 tls_version_report(fp);
1064 #endif
1065 #ifdef SUPPORT_I18N
1066 utf8_version_report(fp);
1067 #endif
1068
1069 for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
1070 if (authi->version_report)
1071 (*authi->version_report)(fp);
1072
1073 /* PCRE_PRERELEASE is either defined and empty or a bare sequence of
1074 characters; unless it's an ancient version of PCRE in which case it
1075 is not defined. */
1076 #ifndef PCRE_PRERELEASE
1077 # define PCRE_PRERELEASE
1078 #endif
1079 #define QUOTE(X) #X
1080 #define EXPAND_AND_QUOTE(X) QUOTE(X)
1081 fprintf(fp, "Library version: PCRE: Compile: %d.%d%s\n"
1082 " Runtime: %s\n",
1083 PCRE_MAJOR, PCRE_MINOR,
1084 EXPAND_AND_QUOTE(PCRE_PRERELEASE) "",
1085 pcre_version());
1086 #undef QUOTE
1087 #undef EXPAND_AND_QUOTE
1088
1089 init_lookup_list();
1090 for (int i = 0; i < lookup_list_count; i++)
1091 if (lookup_list[i]->version_report)
1092 lookup_list[i]->version_report(fp);
1093
1094 #ifdef WHITELIST_D_MACROS
1095 fprintf(fp, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
1096 #else
1097 fprintf(fp, "WHITELIST_D_MACROS unset\n");
1098 #endif
1099 #ifdef TRUSTED_CONFIG_LIST
1100 fprintf(fp, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
1101 #else
1102 fprintf(fp, "TRUSTED_CONFIG_LIST unset\n");
1103 #endif
1104
1105 } while (0);
1106 }
1107
1108
1109 /*************************************************
1110 * Show auxiliary information about Exim *
1111 *************************************************/
1112
1113 static void
1114 show_exim_information(enum commandline_info request, FILE *stream)
1115 {
1116 switch(request)
1117 {
1118 case CMDINFO_NONE:
1119 fprintf(stream, "Oops, something went wrong.\n");
1120 return;
1121 case CMDINFO_HELP:
1122 fprintf(stream,
1123 "The -bI: flag takes a string indicating which information to provide.\n"
1124 "If the string is not recognised, you'll get this help (on stderr).\n"
1125 "\n"
1126 " exim -bI:help this information\n"
1127 " exim -bI:dscp list of known dscp value keywords\n"
1128 " exim -bI:sieve list of supported sieve extensions\n"
1129 );
1130 return;
1131 case CMDINFO_SIEVE:
1132 for (const uschar ** pp = exim_sieve_extension_list; *pp; ++pp)
1133 fprintf(stream, "%s\n", *pp);
1134 return;
1135 case CMDINFO_DSCP:
1136 dscp_list_to_stream(stream);
1137 return;
1138 }
1139 }
1140
1141
1142 /*************************************************
1143 * Quote a local part *
1144 *************************************************/
1145
1146 /* This function is used when a sender address or a From: or Sender: header
1147 line is being created from the caller's login, or from an authenticated_id. It
1148 applies appropriate quoting rules for a local part.
1149
1150 Argument: the local part
1151 Returns: the local part, quoted if necessary
1152 */
1153
1154 uschar *
1155 local_part_quote(uschar *lpart)
1156 {
1157 BOOL needs_quote = FALSE;
1158 gstring * g;
1159
1160 for (uschar * t = lpart; !needs_quote && *t != 0; t++)
1161 {
1162 needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
1163 (*t != '.' || t == lpart || t[1] == 0);
1164 }
1165
1166 if (!needs_quote) return lpart;
1167
1168 g = string_catn(NULL, US"\"", 1);
1169
1170 for (;;)
1171 {
1172 uschar *nq = US Ustrpbrk(lpart, "\\\"");
1173 if (nq == NULL)
1174 {
1175 g = string_cat(g, lpart);
1176 break;
1177 }
1178 g = string_catn(g, lpart, nq - lpart);
1179 g = string_catn(g, US"\\", 1);
1180 g = string_catn(g, nq, 1);
1181 lpart = nq + 1;
1182 }
1183
1184 g = string_catn(g, US"\"", 1);
1185 return string_from_gstring(g);
1186 }
1187
1188
1189
1190 #ifdef USE_READLINE
1191 /*************************************************
1192 * Load readline() functions *
1193 *************************************************/
1194
1195 /* This function is called from testing executions that read data from stdin,
1196 but only when running as the calling user. Currently, only -be does this. The
1197 function loads the readline() function library and passes back the functions.
1198 On some systems, it needs the curses library, so load that too, but try without
1199 it if loading fails. All this functionality has to be requested at build time.
1200
1201 Arguments:
1202 fn_readline_ptr pointer to where to put the readline pointer
1203 fn_addhist_ptr pointer to where to put the addhistory function
1204
1205 Returns: the dlopen handle or NULL on failure
1206 */
1207
1208 static void *
1209 set_readline(char * (**fn_readline_ptr)(const char *),
1210 void (**fn_addhist_ptr)(const char *))
1211 {
1212 void *dlhandle;
1213 void *dlhandle_curses = dlopen("libcurses." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_LAZY);
1214
1215 dlhandle = dlopen("libreadline." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_NOW);
1216 if (dlhandle_curses != NULL) dlclose(dlhandle_curses);
1217
1218 if (dlhandle != NULL)
1219 {
1220 /* Checked manual pages; at least in GNU Readline 6.1, the prototypes are:
1221 * char * readline (const char *prompt);
1222 * void add_history (const char *string);
1223 */
1224 *fn_readline_ptr = (char *(*)(const char*))dlsym(dlhandle, "readline");
1225 *fn_addhist_ptr = (void(*)(const char*))dlsym(dlhandle, "add_history");
1226 }
1227 else
1228 {
1229 DEBUG(D_any) debug_printf("failed to load readline: %s\n", dlerror());
1230 }
1231
1232 return dlhandle;
1233 }
1234 #endif
1235
1236
1237
1238 /*************************************************
1239 * Get a line from stdin for testing things *
1240 *************************************************/
1241
1242 /* This function is called when running tests that can take a number of lines
1243 of input (for example, -be and -bt). It handles continuations and trailing
1244 spaces. And prompting and a blank line output on eof. If readline() is in use,
1245 the arguments are non-NULL and provide the relevant functions.
1246
1247 Arguments:
1248 fn_readline readline function or NULL
1249 fn_addhist addhist function or NULL
1250
1251 Returns: pointer to dynamic memory, or NULL at end of file
1252 */
1253
1254 static uschar *
1255 get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *))
1256 {
1257 gstring * g = NULL;
1258
1259 if (!fn_readline) { printf("> "); fflush(stdout); }
1260
1261 for (int i = 0;; i++)
1262 {
1263 uschar buffer[1024];
1264 uschar *p, *ss;
1265
1266 #ifdef USE_READLINE
1267 char *readline_line = NULL;
1268 if (fn_readline)
1269 {
1270 if (!(readline_line = fn_readline((i > 0)? "":"> "))) break;
1271 if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line);
1272 p = US readline_line;
1273 }
1274 else
1275 #endif
1276
1277 /* readline() not in use */
1278
1279 {
1280 if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break;
1281 p = buffer;
1282 }
1283
1284 /* Handle the line */
1285
1286 ss = p + (int)Ustrlen(p);
1287 while (ss > p && isspace(ss[-1])) ss--;
1288
1289 if (i > 0)
1290 while (p < ss && isspace(*p)) p++; /* leading space after cont */
1291
1292 g = string_catn(g, p, ss - p);
1293
1294 #ifdef USE_READLINE
1295 if (fn_readline) free(readline_line);
1296 #endif
1297
1298 /* g can only be NULL if ss==p */
1299 if (ss == p || g->s[g->ptr-1] != '\\')
1300 break;
1301
1302 --g->ptr;
1303 (void) string_from_gstring(g);
1304 }
1305
1306 if (!g) printf("\n");
1307 return string_from_gstring(g);
1308 }
1309
1310
1311
1312 /*************************************************
1313 * Output usage information for the program *
1314 *************************************************/
1315
1316 /* This function is called when there are no recipients
1317 or a specific --help argument was added.
1318
1319 Arguments:
1320 progname information on what name we were called by
1321
1322 Returns: DOES NOT RETURN
1323 */
1324
1325 static void
1326 exim_usage(uschar *progname)
1327 {
1328
1329 /* Handle specific program invocation variants */
1330 if (Ustrcmp(progname, US"-mailq") == 0)
1331 exim_fail(
1332 "mailq - list the contents of the mail queue\n\n"
1333 "For a list of options, see the Exim documentation.\n");
1334
1335 /* Generic usage - we output this whatever happens */
1336 exim_fail(
1337 "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n"
1338 "not directly from a shell command line. Options and/or arguments control\n"
1339 "what it does when called. For a list of options, see the Exim documentation.\n");
1340 }
1341
1342
1343
1344 /*************************************************
1345 * Validate that the macros given are okay *
1346 *************************************************/
1347
1348 /* Typically, Exim will drop privileges if macros are supplied. In some
1349 cases, we want to not do so.
1350
1351 Arguments: opt_D_used - true if the commandline had a "-D" option
1352 Returns: true if trusted, false otherwise
1353 */
1354
1355 static BOOL
1356 macros_trusted(BOOL opt_D_used)
1357 {
1358 #ifdef WHITELIST_D_MACROS
1359 uschar *whitelisted, *end, *p, **whites;
1360 int white_count, i, n;
1361 size_t len;
1362 BOOL prev_char_item, found;
1363 #endif
1364
1365 if (!opt_D_used)
1366 return TRUE;
1367 #ifndef WHITELIST_D_MACROS
1368 return FALSE;
1369 #else
1370
1371 /* We only trust -D overrides for some invoking users:
1372 root, the exim run-time user, the optional config owner user.
1373 I don't know why config-owner would be needed, but since they can own the
1374 config files anyway, there's no security risk to letting them override -D. */
1375 if ( ! ((real_uid == root_uid)
1376 || (real_uid == exim_uid)
1377 #ifdef CONFIGURE_OWNER
1378 || (real_uid == config_uid)
1379 #endif
1380 ))
1381 {
1382 debug_printf("macros_trusted rejecting macros for uid %d\n", (int) real_uid);
1383 return FALSE;
1384 }
1385
1386 /* Get a list of macros which are whitelisted */
1387 whitelisted = string_copy_perm(US WHITELIST_D_MACROS, FALSE);
1388 prev_char_item = FALSE;
1389 white_count = 0;
1390 for (p = whitelisted; *p != '\0'; ++p)
1391 {
1392 if (*p == ':' || isspace(*p))
1393 {
1394 *p = '\0';
1395 if (prev_char_item)
1396 ++white_count;
1397 prev_char_item = FALSE;
1398 continue;
1399 }
1400 if (!prev_char_item)
1401 prev_char_item = TRUE;
1402 }
1403 end = p;
1404 if (prev_char_item)
1405 ++white_count;
1406 if (!white_count)
1407 return FALSE;
1408 whites = store_malloc(sizeof(uschar *) * (white_count+1));
1409 for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p)
1410 {
1411 if (*p != '\0')
1412 {
1413 whites[i++] = p;
1414 if (i == white_count)
1415 break;
1416 while (*p != '\0' && p < end)
1417 ++p;
1418 }
1419 }
1420 whites[i] = NULL;
1421
1422 /* The list of commandline macros should be very short.
1423 Accept the N*M complexity. */
1424 for (macro_item * m = macros_user; m; m = m->next) if (m->command_line)
1425 {
1426 found = FALSE;
1427 for (uschar ** w = whites; *w; ++w)
1428 if (Ustrcmp(*w, m->name) == 0)
1429 {
1430 found = TRUE;
1431 break;
1432 }
1433 if (!found)
1434 return FALSE;
1435 if (!m->replacement)
1436 continue;
1437 if ((len = m->replen) == 0)
1438 continue;
1439 n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len,
1440 0, PCRE_EOPT, NULL, 0);
1441 if (n < 0)
1442 {
1443 if (n != PCRE_ERROR_NOMATCH)
1444 debug_printf("macros_trusted checking %s returned %d\n", m->name, n);
1445 return FALSE;
1446 }
1447 }
1448 DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n");
1449 return TRUE;
1450 #endif
1451 }
1452
1453
1454 /*************************************************
1455 * Expansion testing *
1456 *************************************************/
1457
1458 /* Expand and print one item, doing macro-processing.
1459
1460 Arguments:
1461 item line for expansion
1462 */
1463
1464 static void
1465 expansion_test_line(uschar * line)
1466 {
1467 int len;
1468 BOOL dummy_macexp;
1469
1470 Ustrncpy(big_buffer, line, big_buffer_size);
1471 big_buffer[big_buffer_size-1] = '\0';
1472 len = Ustrlen(big_buffer);
1473
1474 (void) macros_expand(0, &len, &dummy_macexp);
1475
1476 if (isupper(big_buffer[0]))
1477 {
1478 if (macro_read_assignment(big_buffer))
1479 printf("Defined macro '%s'\n", mlast->name);
1480 }
1481 else
1482 if ((line = expand_string(big_buffer))) printf("%s\n", CS line);
1483 else printf("Failed: %s\n", expand_string_message);
1484 }
1485
1486
1487
1488 /*************************************************
1489 * Entry point and high-level code *
1490 *************************************************/
1491
1492 /* Entry point for the Exim mailer. Analyse the arguments and arrange to take
1493 the appropriate action. All the necessary functions are present in the one
1494 binary. I originally thought one should split it up, but it turns out that so
1495 much of the apparatus is needed in each chunk that one might as well just have
1496 it all available all the time, which then makes the coding easier as well.
1497
1498 Arguments:
1499 argc count of entries in argv
1500 argv argument strings, with argv[0] being the program name
1501
1502 Returns: EXIT_SUCCESS if terminated successfully
1503 EXIT_FAILURE otherwise, except when a message has been sent
1504 to the sender, and -oee was given
1505 */
1506
1507 int
1508 main(int argc, char **cargv)
1509 {
1510 uschar **argv = USS cargv;
1511 int arg_receive_timeout = -1;
1512 int arg_smtp_receive_timeout = -1;
1513 int arg_error_handling = error_handling;
1514 int filter_sfd = -1;
1515 int filter_ufd = -1;
1516 int group_count;
1517 int i, rv;
1518 int list_queue_option = 0;
1519 int msg_action = 0;
1520 int msg_action_arg = -1;
1521 int namelen = (argv[0] == NULL)? 0 : Ustrlen(argv[0]);
1522 int queue_only_reason = 0;
1523 #ifdef EXIM_PERL
1524 int perl_start_option = 0;
1525 #endif
1526 int recipients_arg = argc;
1527 int sender_address_domain = 0;
1528 int test_retry_arg = -1;
1529 int test_rewrite_arg = -1;
1530 gid_t original_egid;
1531 BOOL arg_queue_only = FALSE;
1532 BOOL bi_option = FALSE;
1533 BOOL checking = FALSE;
1534 BOOL count_queue = FALSE;
1535 BOOL expansion_test = FALSE;
1536 BOOL extract_recipients = FALSE;
1537 BOOL flag_G = FALSE;
1538 BOOL flag_n = FALSE;
1539 BOOL forced_delivery = FALSE;
1540 BOOL f_end_dot = FALSE;
1541 BOOL deliver_give_up = FALSE;
1542 BOOL list_queue = FALSE;
1543 BOOL list_options = FALSE;
1544 BOOL list_config = FALSE;
1545 BOOL local_queue_only;
1546 BOOL more = TRUE;
1547 BOOL one_msg_action = FALSE;
1548 BOOL opt_D_used = FALSE;
1549 BOOL queue_only_set = FALSE;
1550 BOOL receiving_message = TRUE;
1551 BOOL sender_ident_set = FALSE;
1552 BOOL session_local_queue_only;
1553 BOOL unprivileged;
1554 BOOL removed_privilege = FALSE;
1555 BOOL usage_wanted = FALSE;
1556 BOOL verify_address_mode = FALSE;
1557 BOOL verify_as_sender = FALSE;
1558 BOOL version_printed = FALSE;
1559 uschar *alias_arg = NULL;
1560 uschar *called_as = US"";
1561 uschar *cmdline_syslog_name = NULL;
1562 uschar *start_queue_run_id = NULL;
1563 uschar *stop_queue_run_id = NULL;
1564 uschar *expansion_test_message = NULL;
1565 uschar *ftest_domain = NULL;
1566 uschar *ftest_localpart = NULL;
1567 uschar *ftest_prefix = NULL;
1568 uschar *ftest_suffix = NULL;
1569 uschar *log_oneline = NULL;
1570 uschar *malware_test_file = NULL;
1571 uschar *real_sender_address;
1572 uschar *originator_home = US"/";
1573 size_t sz;
1574 rmark reset_point;
1575
1576 struct passwd *pw;
1577 struct stat statbuf;
1578 pid_t passed_qr_pid = (pid_t)0;
1579 int passed_qr_pipe = -1;
1580 gid_t group_list[EXIM_GROUPLIST_SIZE];
1581
1582 /* For the -bI: flag */
1583 enum commandline_info info_flag = CMDINFO_NONE;
1584 BOOL info_stdout = FALSE;
1585
1586 /* Possible options for -R and -S */
1587
1588 static uschar *rsopts[] = { US"f", US"ff", US"r", US"rf", US"rff" };
1589
1590 /* Need to define this in case we need to change the environment in order
1591 to get rid of a bogus time zone. We have to make it char rather than uschar
1592 because some OS define it in /usr/include/unistd.h. */
1593
1594 extern char **environ;
1595
1596 #ifdef MEASURE_TIMING
1597 (void)gettimeofday(&timestamp_startup, NULL);
1598 #endif
1599
1600 /* If the Exim user and/or group and/or the configuration file owner/group were
1601 defined by ref:name at build time, we must now find the actual uid/gid values.
1602 This is a feature to make the lives of binary distributors easier. */
1603
1604 #ifdef EXIM_USERNAME
1605 if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid))
1606 {
1607 if (exim_uid == 0)
1608 exim_fail("exim: refusing to run with uid 0 for \"%s\"\n", EXIM_USERNAME);
1609
1610 /* If ref:name uses a number as the name, route_finduser() returns
1611 TRUE with exim_uid set and pw coerced to NULL. */
1612 if (pw)
1613 exim_gid = pw->pw_gid;
1614 #ifndef EXIM_GROUPNAME
1615 else
1616 exim_fail(
1617 "exim: ref:name should specify a usercode, not a group.\n"
1618 "exim: can't let you get away with it unless you also specify a group.\n");
1619 #endif
1620 }
1621 else
1622 exim_fail("exim: failed to find uid for user name \"%s\"\n", EXIM_USERNAME);
1623 #endif
1624
1625 #ifdef EXIM_GROUPNAME
1626 if (!route_findgroup(US EXIM_GROUPNAME, &exim_gid))
1627 exim_fail("exim: failed to find gid for group name \"%s\"\n", EXIM_GROUPNAME);
1628 #endif
1629
1630 #ifdef CONFIGURE_OWNERNAME
1631 if (!route_finduser(US CONFIGURE_OWNERNAME, NULL, &config_uid))
1632 exim_fail("exim: failed to find uid for user name \"%s\"\n",
1633 CONFIGURE_OWNERNAME);
1634 #endif
1635
1636 /* We default the system_filter_user to be the Exim run-time user, as a
1637 sane non-root value. */
1638 system_filter_uid = exim_uid;
1639
1640 #ifdef CONFIGURE_GROUPNAME
1641 if (!route_findgroup(US CONFIGURE_GROUPNAME, &config_gid))
1642 exim_fail("exim: failed to find gid for group name \"%s\"\n",
1643 CONFIGURE_GROUPNAME);
1644 #endif
1645
1646 /* In the Cygwin environment, some initialization used to need doing.
1647 It was fudged in by means of this macro; now no longer but we'll leave
1648 it in case of others. */
1649
1650 #ifdef OS_INIT
1651 OS_INIT
1652 #endif
1653
1654 /* Check a field which is patched when we are running Exim within its
1655 testing harness; do a fast initial check, and then the whole thing. */
1656
1657 f.running_in_test_harness =
1658 *running_status == '<' && Ustrcmp(running_status, "<<<testing>>>") == 0;
1659 if (f.running_in_test_harness)
1660 debug_store = TRUE;
1661
1662 /* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed
1663 at the start of a program; however, it seems that some environments do not
1664 follow this. A "strange" locale can affect the formatting of timestamps, so we
1665 make quite sure. */
1666
1667 setlocale(LC_ALL, "C");
1668
1669 /* Set up the default handler for timing using alarm(). */
1670
1671 os_non_restarting_signal(SIGALRM, sigalrm_handler);
1672
1673 /* Ensure we have a buffer for constructing log entries. Use malloc directly,
1674 because store_malloc writes a log entry on failure. */
1675
1676 if (!(log_buffer = US malloc(LOG_BUFFER_SIZE)))
1677 exim_fail("exim: failed to get store for log buffer\n");
1678
1679 /* Initialize the default log options. */
1680
1681 bits_set(log_selector, log_selector_size, log_default);
1682
1683 /* Set log_stderr to stderr, provided that stderr exists. This gets reset to
1684 NULL when the daemon is run and the file is closed. We have to use this
1685 indirection, because some systems don't allow writing to the variable "stderr".
1686 */
1687
1688 if (fstat(fileno(stderr), &statbuf) >= 0) log_stderr = stderr;
1689
1690 /* Arrange for the PCRE regex library to use our store functions. Note that
1691 the normal calls are actually macros that add additional arguments for
1692 debugging purposes so we have to assign specially constructed functions here.
1693 The default is to use store in the stacking pool, but this is overridden in the
1694 regex_must_compile() function. */
1695
1696 pcre_malloc = function_store_get;
1697 pcre_free = function_dummy_free;
1698
1699 /* Ensure there is a big buffer for temporary use in several places. It is put
1700 in malloc store so that it can be freed for enlargement if necessary. */
1701
1702 big_buffer = store_malloc(big_buffer_size);
1703
1704 /* Set up the handler for the data request signal, and set the initial
1705 descriptive text. */
1706
1707 process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */
1708 set_process_info("initializing");
1709 os_restarting_signal(SIGUSR1, usr1_handler);
1710
1711 /* If running in a dockerized environment, the TERM signal is only
1712 delegated to the PID 1 if we request it by setting an signal handler */
1713 if (getpid() == 1) signal(SIGTERM, term_handler);
1714
1715 /* SIGHUP is used to get the daemon to reconfigure. It gets set as appropriate
1716 in the daemon code. For the rest of Exim's uses, we ignore it. */
1717
1718 signal(SIGHUP, SIG_IGN);
1719
1720 /* We don't want to die on pipe errors as the code is written to handle
1721 the write error instead. */
1722
1723 signal(SIGPIPE, SIG_IGN);
1724
1725 /* Under some circumstance on some OS, Exim can get called with SIGCHLD
1726 set to SIG_IGN. This causes subprocesses that complete before the parent
1727 process waits for them not to hang around, so when Exim calls wait(), nothing
1728 is there. The wait() code has been made robust against this, but let's ensure
1729 that SIGCHLD is set to SIG_DFL, because it's tidier to wait and get a process
1730 ending status. We use sigaction rather than plain signal() on those OS where
1731 SA_NOCLDWAIT exists, because we want to be sure it is turned off. (There was a
1732 problem on AIX with this.) */
1733
1734 #ifdef SA_NOCLDWAIT
1735 {
1736 struct sigaction act;
1737 act.sa_handler = SIG_DFL;
1738 sigemptyset(&(act.sa_mask));
1739 act.sa_flags = 0;
1740 sigaction(SIGCHLD, &act, NULL);
1741 }
1742 #else
1743 signal(SIGCHLD, SIG_DFL);
1744 #endif
1745
1746 /* Save the arguments for use if we re-exec exim as a daemon after receiving
1747 SIGHUP. */
1748
1749 sighup_argv = argv;
1750
1751 /* Set up the version number. Set up the leading 'E' for the external form of
1752 message ids, set the pointer to the internal form, and initialize it to
1753 indicate no message being processed. */
1754
1755 version_init();
1756 message_id_option[0] = '-';
1757 message_id_external = message_id_option + 1;
1758 message_id_external[0] = 'E';
1759 message_id = message_id_external + 1;
1760 message_id[0] = 0;
1761
1762 /* Set the umask to zero so that any files Exim creates using open() are
1763 created with the modes that it specifies. NOTE: Files created with fopen() have
1764 a problem, which was not recognized till rather late (February 2006). With this
1765 umask, such files will be world writeable. (They are all content scanning files
1766 in the spool directory, which isn't world-accessible, so this is not a
1767 disaster, but it's untidy.) I don't want to change this overall setting,
1768 however, because it will interact badly with the open() calls. Instead, there's
1769 now a function called modefopen() that fiddles with the umask while calling
1770 fopen(). */
1771
1772 (void)umask(0);
1773
1774 /* Precompile the regular expression for matching a message id. Keep this in
1775 step with the code that generates ids in the accept.c module. We need to do
1776 this here, because the -M options check their arguments for syntactic validity
1777 using mac_ismsgid, which uses this. */
1778
1779 regex_ismsgid =
1780 regex_must_compile(US"^(?:[^\\W_]{6}-){2}[^\\W_]{2}$", FALSE, TRUE);
1781
1782 /* Precompile the regular expression that is used for matching an SMTP error
1783 code, possibly extended, at the start of an error message. Note that the
1784 terminating whitespace character is included. */
1785
1786 regex_smtp_code =
1787 regex_must_compile(US"^\\d\\d\\d\\s(?:\\d\\.\\d\\d?\\d?\\.\\d\\d?\\d?\\s)?",
1788 FALSE, TRUE);
1789
1790 #ifdef WHITELIST_D_MACROS
1791 /* Precompile the regular expression used to filter the content of macros
1792 given to -D for permissibility. */
1793
1794 regex_whitelisted_macro =
1795 regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
1796 #endif
1797
1798 for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
1799
1800 /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
1801 this seems to be a generally accepted convention, since one finds symbolic
1802 links called "mailq" in standard OS configurations. */
1803
1804 if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
1805 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/mailq", 6) == 0))
1806 {
1807 list_queue = TRUE;
1808 receiving_message = FALSE;
1809 called_as = US"-mailq";
1810 }
1811
1812 /* If the program is called as "rmail" treat it as equivalent to
1813 "exim -i -oee", thus allowing UUCP messages to be input using non-SMTP mode,
1814 i.e. preventing a single dot on a line from terminating the message, and
1815 returning with zero return code, even in cases of error (provided an error
1816 message has been sent). */
1817
1818 if ((namelen == 5 && Ustrcmp(argv[0], "rmail") == 0) ||
1819 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rmail", 6) == 0))
1820 {
1821 f.dot_ends = FALSE;
1822 called_as = US"-rmail";
1823 errors_sender_rc = EXIT_SUCCESS;
1824 }
1825
1826 /* If the program is called as "rsmtp" treat it as equivalent to "exim -bS";
1827 this is a smail convention. */
1828
1829 if ((namelen == 5 && Ustrcmp(argv[0], "rsmtp") == 0) ||
1830 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rsmtp", 6) == 0))
1831 {
1832 smtp_input = smtp_batched_input = TRUE;
1833 called_as = US"-rsmtp";
1834 }
1835
1836 /* If the program is called as "runq" treat it as equivalent to "exim -q";
1837 this is a smail convention. */
1838
1839 if ((namelen == 4 && Ustrcmp(argv[0], "runq") == 0) ||
1840 (namelen > 4 && Ustrncmp(argv[0] + namelen - 5, "/runq", 5) == 0))
1841 {
1842 queue_interval = 0;
1843 receiving_message = FALSE;
1844 called_as = US"-runq";
1845 }
1846
1847 /* If the program is called as "newaliases" treat it as equivalent to
1848 "exim -bi"; this is a sendmail convention. */
1849
1850 if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) ||
1851 (namelen > 10 && Ustrncmp(argv[0] + namelen - 11, "/newaliases", 11) == 0))
1852 {
1853 bi_option = TRUE;
1854 receiving_message = FALSE;
1855 called_as = US"-newaliases";
1856 }
1857
1858 /* Save the original effective uid for a couple of uses later. It should
1859 normally be root, but in some esoteric environments it may not be. */
1860
1861 original_euid = geteuid();
1862 original_egid = getegid();
1863
1864 /* Get the real uid and gid. If the caller is root, force the effective uid/gid
1865 to be the same as the real ones. This makes a difference only if Exim is setuid
1866 (or setgid) to something other than root, which could be the case in some
1867 special configurations. */
1868
1869 real_uid = getuid();
1870 real_gid = getgid();
1871
1872 if (real_uid == root_uid)
1873 {
1874 if ((rv = setgid(real_gid)))
1875 exim_fail("exim: setgid(%ld) failed: %s\n",
1876 (long int)real_gid, strerror(errno));
1877 if ((rv = setuid(real_uid)))
1878 exim_fail("exim: setuid(%ld) failed: %s\n",
1879 (long int)real_uid, strerror(errno));
1880 }
1881
1882 /* If neither the original real uid nor the original euid was root, Exim is
1883 running in an unprivileged state. */
1884
1885 unprivileged = (real_uid != root_uid && original_euid != root_uid);
1886
1887 /* Scan the program's arguments. Some can be dealt with right away; others are
1888 simply recorded for checking and handling afterwards. Do a high-level switch
1889 on the second character (the one after '-'), to save some effort. */
1890
1891 for (i = 1; i < argc; i++)
1892 {
1893 BOOL badarg = FALSE;
1894 uschar *arg = argv[i];
1895 uschar *argrest;
1896 int switchchar;
1897
1898 /* An argument not starting with '-' is the start of a recipients list;
1899 break out of the options-scanning loop. */
1900
1901 if (arg[0] != '-')
1902 {
1903 recipients_arg = i;
1904 break;
1905 }
1906
1907 /* An option consisting of -- terminates the options */
1908
1909 if (Ustrcmp(arg, "--") == 0)
1910 {
1911 recipients_arg = i + 1;
1912 break;
1913 }
1914
1915 /* Handle flagged options */
1916
1917 switchchar = arg[1];
1918 argrest = arg+2;
1919
1920 /* Make all -ex options synonymous with -oex arguments, since that
1921 is assumed by various callers. Also make -qR options synonymous with -R
1922 options, as that seems to be required as well. Allow for -qqR too, and
1923 the same for -S options. */
1924
1925 if (Ustrncmp(arg+1, "oe", 2) == 0 ||
1926 Ustrncmp(arg+1, "qR", 2) == 0 ||
1927 Ustrncmp(arg+1, "qS", 2) == 0)
1928 {
1929 switchchar = arg[2];
1930 argrest++;
1931 }
1932 else if (Ustrncmp(arg+1, "qqR", 3) == 0 || Ustrncmp(arg+1, "qqS", 3) == 0)
1933 {
1934 switchchar = arg[3];
1935 argrest += 2;
1936 f.queue_2stage = TRUE;
1937 }
1938
1939 /* Make -r synonymous with -f, since it is a documented alias */
1940
1941 else if (arg[1] == 'r') switchchar = 'f';
1942
1943 /* Make -ov synonymous with -v */
1944
1945 else if (Ustrcmp(arg, "-ov") == 0)
1946 {
1947 switchchar = 'v';
1948 argrest++;
1949 }
1950
1951 /* deal with --option_aliases */
1952 else if (switchchar == '-')
1953 {
1954 if (Ustrcmp(argrest, "help") == 0)
1955 {
1956 usage_wanted = TRUE;
1957 break;
1958 }
1959 else if (Ustrcmp(argrest, "version") == 0)
1960 {
1961 switchchar = 'b';
1962 argrest = US"V";
1963 }
1964 }
1965
1966 /* High-level switch on active initial letter */
1967
1968 switch(switchchar)
1969 {
1970
1971 /* sendmail uses -Ac and -Am to control which .cf file is used;
1972 we ignore them. */
1973 case 'A':
1974 if (*argrest == '\0') { badarg = TRUE; break; }
1975 else
1976 {
1977 BOOL ignore = FALSE;
1978 switch (*argrest)
1979 {
1980 case 'c':
1981 case 'm':
1982 if (*(argrest + 1) == '\0')
1983 ignore = TRUE;
1984 break;
1985 }
1986 if (!ignore) { badarg = TRUE; break; }
1987 }
1988 break;
1989
1990 /* -Btype is a sendmail option for 7bit/8bit setting. Exim is 8-bit clean
1991 so has no need of it. */
1992
1993 case 'B':
1994 if (*argrest == 0) i++; /* Skip over the type */
1995 break;
1996
1997
1998 case 'b':
1999 receiving_message = FALSE; /* Reset TRUE for -bm, -bS, -bs below */
2000
2001 /* -bd: Run in daemon mode, awaiting SMTP connections.
2002 -bdf: Ditto, but in the foreground.
2003 */
2004
2005 if (*argrest == 'd')
2006 {
2007 f.daemon_listen = TRUE;
2008 if (*(++argrest) == 'f') f.background_daemon = FALSE;
2009 else if (*argrest != 0) { badarg = TRUE; break; }
2010 }
2011
2012 /* -be: Run in expansion test mode
2013 -bem: Ditto, but read a message from a file first
2014 */
2015
2016 else if (*argrest == 'e')
2017 {
2018 expansion_test = checking = TRUE;
2019 if (argrest[1] == 'm')
2020 {
2021 if (++i >= argc) { badarg = TRUE; break; }
2022 expansion_test_message = argv[i];
2023 argrest++;
2024 }
2025 if (argrest[1] != 0) { badarg = TRUE; break; }
2026 }
2027
2028 /* -bF: Run system filter test */
2029
2030 else if (*argrest == 'F')
2031 {
2032 filter_test |= checking = FTEST_SYSTEM;
2033 if (*(++argrest) != 0) { badarg = TRUE; break; }
2034 if (++i < argc) filter_test_sfile = argv[i]; else
2035 exim_fail("exim: file name expected after %s\n", argv[i-1]);
2036 }
2037
2038 /* -bf: Run user filter test
2039 -bfd: Set domain for filter testing
2040 -bfl: Set local part for filter testing
2041 -bfp: Set prefix for filter testing
2042 -bfs: Set suffix for filter testing
2043 */
2044
2045 else if (*argrest == 'f')
2046 {
2047 if (*(++argrest) == 0)
2048 {
2049 filter_test |= checking = FTEST_USER;
2050 if (++i < argc) filter_test_ufile = argv[i]; else
2051 exim_fail("exim: file name expected after %s\n", argv[i-1]);
2052 }
2053 else
2054 {
2055 if (++i >= argc)
2056 exim_fail("exim: string expected after %s\n", arg);
2057 if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i];
2058 else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i];
2059 else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i];
2060 else if (Ustrcmp(argrest, "s") == 0) ftest_suffix = argv[i];
2061 else { badarg = TRUE; break; }
2062 }
2063 }
2064
2065 /* -bh: Host checking - an IP address must follow. */
2066
2067 else if (Ustrcmp(argrest, "h") == 0 || Ustrcmp(argrest, "hc") == 0)
2068 {
2069 if (++i >= argc) { badarg = TRUE; break; }
2070 sender_host_address = argv[i];
2071 host_checking = checking = f.log_testing_mode = TRUE;
2072 f.host_checking_callout = argrest[1] == 'c';
2073 message_logs = FALSE;
2074 }
2075
2076 /* -bi: This option is used by sendmail to initialize *the* alias file,
2077 though it has the -oA option to specify a different file. Exim has no
2078 concept of *the* alias file, but since Sun's YP make script calls
2079 sendmail this way, some support must be provided. */
2080
2081 else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE;
2082
2083 /* -bI: provide information, of the type to follow after a colon.
2084 This is an Exim flag. */
2085
2086 else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':')
2087 {
2088 uschar *p = &argrest[2];
2089 info_flag = CMDINFO_HELP;
2090 if (Ustrlen(p))
2091 {
2092 if (strcmpic(p, CUS"sieve") == 0)
2093 {
2094 info_flag = CMDINFO_SIEVE;
2095 info_stdout = TRUE;
2096 }
2097 else if (strcmpic(p, CUS"dscp") == 0)
2098 {
2099 info_flag = CMDINFO_DSCP;
2100 info_stdout = TRUE;
2101 }
2102 else if (strcmpic(p, CUS"help") == 0)
2103 {
2104 info_stdout = TRUE;
2105 }
2106 }
2107 }
2108
2109 /* -bm: Accept and deliver message - the default option. Reinstate
2110 receiving_message, which got turned off for all -b options. */
2111
2112 else if (Ustrcmp(argrest, "m") == 0) receiving_message = TRUE;
2113
2114 /* -bmalware: test the filename given for malware */
2115
2116 else if (Ustrcmp(argrest, "malware") == 0)
2117 {
2118 if (++i >= argc) { badarg = TRUE; break; }
2119 checking = TRUE;
2120 malware_test_file = argv[i];
2121 }
2122
2123 /* -bnq: For locally originating messages, do not qualify unqualified
2124 addresses. In the envelope, this causes errors; in header lines they
2125 just get left. */
2126
2127 else if (Ustrcmp(argrest, "nq") == 0)
2128 {
2129 f.allow_unqualified_sender = FALSE;
2130 f.allow_unqualified_recipient = FALSE;
2131 }
2132
2133 /* -bpxx: List the contents of the mail queue, in various forms. If
2134 the option is -bpc, just a queue count is needed. Otherwise, if the
2135 first letter after p is r, then order is random. */
2136
2137 else if (*argrest == 'p')
2138 {
2139 if (*(++argrest) == 'c')
2140 {
2141 count_queue = TRUE;
2142 if (*(++argrest) != 0) badarg = TRUE;
2143 break;
2144 }
2145
2146 if (*argrest == 'r')
2147 {
2148 list_queue_option = 8;
2149 argrest++;
2150 }
2151 else list_queue_option = 0;
2152
2153 list_queue = TRUE;
2154
2155 /* -bp: List the contents of the mail queue, top-level only */
2156
2157 if (*argrest == 0) {}
2158
2159 /* -bpu: List the contents of the mail queue, top-level undelivered */
2160
2161 else if (Ustrcmp(argrest, "u") == 0) list_queue_option += 1;
2162
2163 /* -bpa: List the contents of the mail queue, including all delivered */
2164
2165 else if (Ustrcmp(argrest, "a") == 0) list_queue_option += 2;
2166
2167 /* Unknown after -bp[r] */
2168
2169 else
2170 {
2171 badarg = TRUE;
2172 break;
2173 }
2174 }
2175
2176
2177 /* -bP: List the configuration variables given as the address list.
2178 Force -v, so configuration errors get displayed. */
2179
2180 else if (Ustrcmp(argrest, "P") == 0)
2181 {
2182 /* -bP config: we need to setup here, because later,
2183 * when list_options is checked, the config is read already */
2184 if (argv[i+1] && Ustrcmp(argv[i+1], "config") == 0)
2185 {
2186 list_config = TRUE;
2187 readconf_save_config(version_string);
2188 }
2189 else
2190 {
2191 list_options = TRUE;
2192 debug_selector |= D_v;
2193 debug_file = stderr;
2194 }
2195 }
2196
2197 /* -brt: Test retry configuration lookup */
2198
2199 else if (Ustrcmp(argrest, "rt") == 0)
2200 {
2201 checking = TRUE;
2202 test_retry_arg = i + 1;
2203 goto END_ARG;
2204 }
2205
2206 /* -brw: Test rewrite configuration */
2207
2208 else if (Ustrcmp(argrest, "rw") == 0)
2209 {
2210 checking = TRUE;
2211 test_rewrite_arg = i + 1;
2212 goto END_ARG;
2213 }
2214
2215 /* -bS: Read SMTP commands on standard input, but produce no replies -
2216 all errors are reported by sending messages. */
2217
2218 else if (Ustrcmp(argrest, "S") == 0)
2219 smtp_input = smtp_batched_input = receiving_message = TRUE;
2220
2221 /* -bs: Read SMTP commands on standard input and produce SMTP replies
2222 on standard output. */
2223
2224 else if (Ustrcmp(argrest, "s") == 0) smtp_input = receiving_message = TRUE;
2225
2226 /* -bt: address testing mode */
2227
2228 else if (Ustrcmp(argrest, "t") == 0)
2229 f.address_test_mode = checking = f.log_testing_mode = TRUE;
2230
2231 /* -bv: verify addresses */
2232
2233 else if (Ustrcmp(argrest, "v") == 0)
2234 verify_address_mode = checking = f.log_testing_mode = TRUE;
2235
2236 /* -bvs: verify sender addresses */
2237
2238 else if (Ustrcmp(argrest, "vs") == 0)
2239 {
2240 verify_address_mode = checking = f.log_testing_mode = TRUE;
2241 verify_as_sender = TRUE;
2242 }
2243
2244 /* -bV: Print version string and support details */
2245
2246 else if (Ustrcmp(argrest, "V") == 0)
2247 {
2248 printf("Exim version %s #%s built %s\n", version_string,
2249 version_cnumber, version_date);
2250 printf("%s\n", CS version_copyright);
2251 version_printed = TRUE;
2252 show_whats_supported(stdout);
2253 f.log_testing_mode = TRUE;
2254 }
2255
2256 /* -bw: inetd wait mode, accept a listening socket as stdin */
2257
2258 else if (*argrest == 'w')
2259 {
2260 f.inetd_wait_mode = TRUE;
2261 f.background_daemon = FALSE;
2262 f.daemon_listen = TRUE;
2263 if (*(++argrest) != '\0')
2264 if ((inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE)) <= 0)
2265 exim_fail("exim: bad time value %s: abandoned\n", argv[i]);
2266 }
2267
2268 else badarg = TRUE;
2269 break;
2270
2271
2272 /* -C: change configuration file list; ignore if it isn't really
2273 a change! Enforce a prefix check if required. */
2274
2275 case 'C':
2276 if (*argrest == 0)
2277 {
2278 if(++i < argc) argrest = argv[i]; else
2279 { badarg = TRUE; break; }
2280 }
2281 if (Ustrcmp(config_main_filelist, argrest) != 0)
2282 {
2283 #ifdef ALT_CONFIG_PREFIX
2284 int sep = 0;
2285 int len = Ustrlen(ALT_CONFIG_PREFIX);
2286 const uschar *list = argrest;
2287 uschar *filename;
2288 while((filename = string_nextinlist(&list, &sep, big_buffer,
2289 big_buffer_size)) != NULL)
2290 {
2291 if ((Ustrlen(filename) < len ||
2292 Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 ||
2293 Ustrstr(filename, "/../") != NULL) &&
2294 (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid))
2295 exim_fail("-C Permission denied\n");
2296 }
2297 #endif
2298 if (real_uid != root_uid)
2299 {
2300 #ifdef TRUSTED_CONFIG_LIST
2301
2302 if (real_uid != exim_uid
2303 #ifdef CONFIGURE_OWNER
2304 && real_uid != config_uid
2305 #endif
2306 )
2307 f.trusted_config = FALSE;
2308 else
2309 {
2310 FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb");
2311 if (trust_list)
2312 {
2313 struct stat statbuf;
2314
2315 if (fstat(fileno(trust_list), &statbuf) != 0 ||
2316 (statbuf.st_uid != root_uid /* owner not root */
2317 #ifdef CONFIGURE_OWNER
2318 && statbuf.st_uid != config_uid /* owner not the special one */
2319 #endif
2320 ) || /* or */
2321 (statbuf.st_gid != root_gid /* group not root */
2322 #ifdef CONFIGURE_GROUP
2323 && statbuf.st_gid != config_gid /* group not the special one */
2324 #endif
2325 && (statbuf.st_mode & 020) != 0 /* group writeable */
2326 ) || /* or */
2327 (statbuf.st_mode & 2) != 0) /* world writeable */
2328 {
2329 f.trusted_config = FALSE;
2330 fclose(trust_list);
2331 }
2332 else
2333 {
2334 /* Well, the trust list at least is up to scratch... */
2335 rmark reset_point = store_mark();
2336 uschar *trusted_configs[32];
2337 int nr_configs = 0;
2338 int i = 0;
2339
2340 while (Ufgets(big_buffer, big_buffer_size, trust_list))
2341 {
2342 uschar *start = big_buffer, *nl;
2343 while (*start && isspace(*start))
2344 start++;
2345 if (*start != '/')
2346 continue;
2347 nl = Ustrchr(start, '\n');
2348 if (nl)
2349 *nl = 0;
2350 trusted_configs[nr_configs++] = string_copy(start);
2351 if (nr_configs == 32)
2352 break;
2353 }
2354 fclose(trust_list);
2355
2356 if (nr_configs)
2357 {
2358 int sep = 0;
2359 const uschar *list = argrest;
2360 uschar *filename;
2361 while (f.trusted_config && (filename = string_nextinlist(&list,
2362 &sep, big_buffer, big_buffer_size)) != NULL)
2363 {
2364 for (i=0; i < nr_configs; i++)
2365 if (Ustrcmp(filename, trusted_configs[i]) == 0)
2366 break;
2367 if (i == nr_configs)
2368 {
2369 f.trusted_config = FALSE;
2370 break;
2371 }
2372 }
2373 }
2374 else /* No valid prefixes found in trust_list file. */
2375 f.trusted_config = FALSE;
2376 store_reset(reset_point);
2377 }
2378 }
2379 else /* Could not open trust_list file. */
2380 f.trusted_config = FALSE;
2381 }
2382 #else
2383 /* Not root; don't trust config */
2384 f.trusted_config = FALSE;
2385 #endif
2386 }
2387
2388 config_main_filelist = argrest;
2389 f.config_changed = TRUE;
2390 }
2391 break;
2392
2393
2394 /* -D: set up a macro definition */
2395
2396 case 'D':
2397 #ifdef DISABLE_D_OPTION
2398 exim_fail("exim: -D is not available in this Exim binary\n");
2399 #else
2400 {
2401 int ptr = 0;
2402 macro_item *m;
2403 uschar name[24];
2404 uschar *s = argrest;
2405
2406 opt_D_used = TRUE;
2407 while (isspace(*s)) s++;
2408
2409 if (*s < 'A' || *s > 'Z')
2410 exim_fail("exim: macro name set by -D must start with "
2411 "an upper case letter\n");
2412
2413 while (isalnum(*s) || *s == '_')
2414 {
2415 if (ptr < sizeof(name)-1) name[ptr++] = *s;
2416 s++;
2417 }
2418 name[ptr] = 0;
2419 if (ptr == 0) { badarg = TRUE; break; }
2420 while (isspace(*s)) s++;
2421 if (*s != 0)
2422 {
2423 if (*s++ != '=') { badarg = TRUE; break; }
2424 while (isspace(*s)) s++;
2425 }
2426
2427 for (m = macros_user; m; m = m->next)
2428 if (Ustrcmp(m->name, name) == 0)
2429 exim_fail("exim: duplicated -D in command line\n");
2430
2431 m = macro_create(name, s, TRUE);
2432
2433 if (clmacro_count >= MAX_CLMACROS)
2434 exim_fail("exim: too many -D options on command line\n");
2435 clmacros[clmacro_count++] =
2436 string_sprintf("-D%s=%s", m->name, m->replacement);
2437 }
2438 #endif
2439 break;
2440
2441 /* -d: Set debug level (see also -v below) or set the drop_cr option.
2442 The latter is now a no-op, retained for compatibility only. If -dd is used,
2443 debugging subprocesses of the daemon is disabled. */
2444
2445 case 'd':
2446 if (Ustrcmp(argrest, "ropcr") == 0)
2447 {
2448 /* drop_cr = TRUE; */
2449 }
2450
2451 /* Use an intermediate variable so that we don't set debugging while
2452 decoding the debugging bits. */
2453
2454 else
2455 {
2456 unsigned int selector = D_default;
2457 debug_selector = 0;
2458 debug_file = NULL;
2459 if (*argrest == 'd')
2460 {
2461 f.debug_daemon = TRUE;
2462 argrest++;
2463 }
2464 if (*argrest != 0)
2465 decode_bits(&selector, 1, debug_notall, argrest,
2466 debug_options, debug_options_count, US"debug", 0);
2467 debug_selector = selector;
2468 }
2469 break;
2470
2471
2472 /* -E: This is a local error message. This option is not intended for
2473 external use at all, but is not restricted to trusted callers because it
2474 does no harm (just suppresses certain error messages) and if Exim is run
2475 not setuid root it won't always be trusted when it generates error
2476 messages using this option. If there is a message id following -E, point
2477 message_reference at it, for logging. */
2478
2479 case 'E':
2480 f.local_error_message = TRUE;
2481 if (mac_ismsgid(argrest)) message_reference = argrest;
2482 break;
2483
2484
2485 /* -ex: The vacation program calls sendmail with the undocumented "-eq"
2486 option, so it looks as if historically the -oex options are also callable
2487 without the leading -o. So we have to accept them. Before the switch,
2488 anything starting -oe has been converted to -e. Exim does not support all
2489 of the sendmail error options. */
2490
2491 case 'e':
2492 if (Ustrcmp(argrest, "e") == 0)
2493 {
2494 arg_error_handling = ERRORS_SENDER;
2495 errors_sender_rc = EXIT_SUCCESS;
2496 }
2497 else if (Ustrcmp(argrest, "m") == 0) arg_error_handling = ERRORS_SENDER;
2498 else if (Ustrcmp(argrest, "p") == 0) arg_error_handling = ERRORS_STDERR;
2499 else if (Ustrcmp(argrest, "q") == 0) arg_error_handling = ERRORS_STDERR;
2500 else if (Ustrcmp(argrest, "w") == 0) arg_error_handling = ERRORS_SENDER;
2501 else badarg = TRUE;
2502 break;
2503
2504
2505 /* -F: Set sender's full name, used instead of the gecos entry from
2506 the password file. Since users can usually alter their gecos entries,
2507 there's no security involved in using this instead. The data can follow
2508 the -F or be in the next argument. */
2509
2510 case 'F':
2511 if (*argrest == 0)
2512 {
2513 if(++i < argc) argrest = argv[i]; else
2514 { badarg = TRUE; break; }
2515 }
2516 originator_name = argrest;
2517 f.sender_name_forced = TRUE;
2518 break;
2519
2520
2521 /* -f: Set sender's address - this value is only actually used if Exim is
2522 run by a trusted user, or if untrusted_set_sender is set and matches the
2523 address, except that the null address can always be set by any user. The
2524 test for this happens later, when the value given here is ignored when not
2525 permitted. For an untrusted user, the actual sender is still put in Sender:
2526 if it doesn't match the From: header (unless no_local_from_check is set).
2527 The data can follow the -f or be in the next argument. The -r switch is an
2528 obsolete form of -f but since there appear to be programs out there that
2529 use anything that sendmail has ever supported, better accept it - the
2530 synonymizing is done before the switch above.
2531
2532 At this stage, we must allow domain literal addresses, because we don't
2533 know what the setting of allow_domain_literals is yet. Ditto for trailing
2534 dots and strip_trailing_dot. */
2535
2536 case 'f':
2537 {
2538 int dummy_start, dummy_end;
2539 uschar *errmess;
2540 if (*argrest == 0)
2541 {
2542 if (i+1 < argc) argrest = argv[++i]; else
2543 { badarg = TRUE; break; }
2544 }
2545 if (*argrest == 0)
2546 *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */
2547 else
2548 {
2549 uschar *temp = argrest + Ustrlen(argrest) - 1;
2550 while (temp >= argrest && isspace(*temp)) temp--;
2551 if (temp >= argrest && *temp == '.') f_end_dot = TRUE;
2552 allow_domain_literals = TRUE;
2553 strip_trailing_dot = TRUE;
2554 #ifdef SUPPORT_I18N
2555 allow_utf8_domains = TRUE;
2556 #endif
2557 sender_address = parse_extract_address(argrest, &errmess,
2558 &dummy_start, &dummy_end, &sender_address_domain, TRUE);
2559 sender_address = string_copy_taint(sender_address, TRUE);
2560 #ifdef SUPPORT_I18N
2561 message_smtputf8 = string_is_utf8(sender_address);
2562 allow_utf8_domains = FALSE;
2563 #endif
2564 allow_domain_literals = FALSE;
2565 strip_trailing_dot = FALSE;
2566 if (!sender_address)
2567 exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess);
2568 }
2569 f.sender_address_forced = TRUE;
2570 }
2571 break;
2572
2573 /* -G: sendmail invocation to specify that it's a gateway submission and
2574 sendmail may complain about problems instead of fixing them.
2575 We make it equivalent to an ACL "control = suppress_local_fixups" and do
2576 not at this time complain about problems. */
2577
2578 case 'G':
2579 flag_G = TRUE;
2580 break;
2581
2582 /* -h: Set the hop count for an incoming message. Exim does not currently
2583 support this; it always computes it by counting the Received: headers.
2584 To put it in will require a change to the spool header file format. */
2585
2586 case 'h':
2587 if (*argrest == 0)
2588 {
2589 if(++i < argc) argrest = argv[i]; else
2590 { badarg = TRUE; break; }
2591 }
2592 if (!isdigit(*argrest)) badarg = TRUE;
2593 break;
2594
2595
2596 /* -i: Set flag so dot doesn't end non-SMTP input (same as -oi, seems
2597 not to be documented for sendmail but mailx (at least) uses it) */
2598
2599 case 'i':
2600 if (*argrest == 0) f.dot_ends = FALSE; else badarg = TRUE;
2601 break;
2602
2603
2604 /* -L: set the identifier used for syslog; equivalent to setting
2605 syslog_processname in the config file, but needs to be an admin option. */
2606
2607 case 'L':
2608 if (*argrest == '\0')
2609 {
2610 if(++i < argc) argrest = argv[i]; else
2611 { badarg = TRUE; break; }
2612 }
2613 if ((sz = Ustrlen(argrest)) > 32)
2614 exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest);
2615 if (sz < 1)
2616 exim_fail("exim: the -L syslog name is too short\n");
2617 cmdline_syslog_name = argrest;
2618 break;
2619
2620 case 'M':
2621 receiving_message = FALSE;
2622
2623 /* -MC: continue delivery of another message via an existing open
2624 file descriptor. This option is used for an internal call by the
2625 smtp transport when there is a pending message waiting to go to an
2626 address to which it has got a connection. Five subsequent arguments are
2627 required: transport name, host name, IP address, sequence number, and
2628 message_id. Transports may decline to create new processes if the sequence
2629 number gets too big. The channel is stdin. This (-MC) must be the last
2630 argument. There's a subsequent check that the real-uid is privileged.
2631
2632 If we are running in the test harness. delay for a bit, to let the process
2633 that set this one up complete. This makes for repeatability of the logging,
2634 etc. output. */
2635
2636 if (Ustrcmp(argrest, "C") == 0)
2637 {
2638 union sockaddr_46 interface_sock;
2639 EXIM_SOCKLEN_T size = sizeof(interface_sock);
2640
2641 if (argc != i + 6)
2642 exim_fail("exim: too many or too few arguments after -MC\n");
2643
2644 if (msg_action_arg >= 0)
2645 exim_fail("exim: incompatible arguments\n");
2646
2647 continue_transport = argv[++i];
2648 continue_hostname = argv[++i];
2649 continue_host_address = argv[++i];
2650 continue_sequence = Uatoi(argv[++i]);
2651 msg_action = MSG_DELIVER;
2652 msg_action_arg = ++i;
2653 forced_delivery = TRUE;
2654 queue_run_pid = passed_qr_pid;
2655 queue_run_pipe = passed_qr_pipe;
2656
2657 if (!mac_ismsgid(argv[i]))
2658 exim_fail("exim: malformed message id %s after -MC option\n",
2659 argv[i]);
2660
2661 /* Set up $sending_ip_address and $sending_port, unless proxied */
2662
2663 if (!continue_proxy_cipher)
2664 if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock),
2665 &size) == 0)
2666 sending_ip_address = host_ntoa(-1, &interface_sock, NULL,
2667 &sending_port);
2668 else
2669 exim_fail("exim: getsockname() failed after -MC option: %s\n",
2670 strerror(errno));
2671
2672 testharness_pause_ms(500);
2673 break;
2674 }
2675
2676 else if (*argrest == 'C' && argrest[1] && !argrest[2])
2677 {
2678 switch(argrest[1])
2679 {
2680 /* -MCA: set the smtp_authenticated flag; this is useful only when it
2681 precedes -MC (see above). The flag indicates that the host to which
2682 Exim is connected has accepted an AUTH sequence. */
2683
2684 case 'A': f.smtp_authenticated = TRUE; break;
2685
2686 /* -MCD: set the smtp_use_dsn flag; this indicates that the host
2687 that exim is connected to supports the esmtp extension DSN */
2688
2689 case 'D': smtp_peer_options |= OPTION_DSN; break;
2690
2691 /* -MCG: set the queue name, to a non-default value */
2692
2693 case 'G': if (++i < argc) queue_name = string_copy(argv[i]);
2694 else badarg = TRUE;
2695 break;
2696
2697 /* -MCK: the peer offered CHUNKING. Must precede -MC */
2698
2699 case 'K': smtp_peer_options |= OPTION_CHUNKING; break;
2700
2701 /* -MCP: set the smtp_use_pipelining flag; this is useful only when
2702 it preceded -MC (see above) */
2703
2704 case 'P': smtp_peer_options |= OPTION_PIPE; break;
2705
2706 /* -MCQ: pass on the pid of the queue-running process that started
2707 this chain of deliveries and the fd of its synchronizing pipe; this
2708 is useful only when it precedes -MC (see above) */
2709
2710 case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i]));
2711 else badarg = TRUE;
2712 if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i]));
2713 else badarg = TRUE;
2714 break;
2715
2716 /* -MCS: set the smtp_use_size flag; this is useful only when it
2717 precedes -MC (see above) */
2718
2719 case 'S': smtp_peer_options |= OPTION_SIZE; break;
2720
2721 #ifndef DISABLE_TLS
2722 /* -MCt: similar to -MCT below but the connection is still open
2723 via a proxy process which handles the TLS context and coding.
2724 Require three arguments for the proxied local address and port,
2725 and the TLS cipher. */
2726
2727 case 't': if (++i < argc) sending_ip_address = argv[i];
2728 else badarg = TRUE;
2729 if (++i < argc) sending_port = (int)(Uatol(argv[i]));
2730 else badarg = TRUE;
2731 if (++i < argc) continue_proxy_cipher = argv[i];
2732 else badarg = TRUE;
2733 /*FALLTHROUGH*/
2734
2735 /* -MCT: set the tls_offered flag; this is useful only when it
2736 precedes -MC (see above). The flag indicates that the host to which
2737 Exim is connected has offered TLS support. */
2738
2739 case 'T': smtp_peer_options |= OPTION_TLS; break;
2740 #endif
2741
2742 default: badarg = TRUE; break;
2743 }
2744 break;
2745 }
2746
2747 /* -M[x]: various operations on the following list of message ids:
2748 -M deliver the messages, ignoring next retry times and thawing
2749 -Mc deliver the messages, checking next retry times, no thawing
2750 -Mf freeze the messages
2751 -Mg give up on the messages
2752 -Mt thaw the messages
2753 -Mrm remove the messages
2754 In the above cases, this must be the last option. There are also the
2755 following options which are followed by a single message id, and which
2756 act on that message. Some of them use the "recipient" addresses as well.
2757 -Mar add recipient(s)
2758 -Mmad mark all recipients delivered
2759 -Mmd mark recipients(s) delivered
2760 -Mes edit sender
2761 -Mset load a message for use with -be
2762 -Mvb show body
2763 -Mvc show copy (of whole message, in RFC 2822 format)
2764 -Mvh show header
2765 -Mvl show log
2766 */
2767
2768 else if (*argrest == 0)
2769 {
2770 msg_action = MSG_DELIVER;
2771 forced_delivery = f.deliver_force_thaw = TRUE;
2772 }
2773 else if (Ustrcmp(argrest, "ar") == 0)
2774 {
2775 msg_action = MSG_ADD_RECIPIENT;
2776 one_msg_action = TRUE;
2777 }
2778 else if (Ustrcmp(argrest, "c") == 0) msg_action = MSG_DELIVER;
2779 else if (Ustrcmp(argrest, "es") == 0)
2780 {
2781 msg_action = MSG_EDIT_SENDER;
2782 one_msg_action = TRUE;
2783 }
2784 else if (Ustrcmp(argrest, "f") == 0) msg_action = MSG_FREEZE;
2785 else if (Ustrcmp(argrest, "g") == 0)
2786 {
2787 msg_action = MSG_DELIVER;
2788 deliver_give_up = TRUE;
2789 }
2790 else if (Ustrcmp(argrest, "mad") == 0)
2791 {
2792 msg_action = MSG_MARK_ALL_DELIVERED;
2793 }
2794 else if (Ustrcmp(argrest, "md") == 0)
2795 {
2796 msg_action = MSG_MARK_DELIVERED;
2797 one_msg_action = TRUE;
2798 }
2799 else if (Ustrcmp(argrest, "rm") == 0) msg_action = MSG_REMOVE;
2800 else if (Ustrcmp(argrest, "set") == 0)
2801 {
2802 msg_action = MSG_LOAD;
2803 one_msg_action = TRUE;
2804 }
2805 else if (Ustrcmp(argrest, "t") == 0) msg_action = MSG_THAW;
2806 else if (Ustrcmp(argrest, "vb") == 0)
2807 {
2808 msg_action = MSG_SHOW_BODY;
2809 one_msg_action = TRUE;
2810 }
2811 else if (Ustrcmp(argrest, "vc") == 0)
2812 {
2813 msg_action = MSG_SHOW_COPY;
2814 one_msg_action = TRUE;
2815 }
2816 else if (Ustrcmp(argrest, "vh") == 0)
2817 {
2818 msg_action = MSG_SHOW_HEADER;
2819 one_msg_action = TRUE;
2820 }
2821 else if (Ustrcmp(argrest, "vl") == 0)
2822 {
2823 msg_action = MSG_SHOW_LOG;
2824 one_msg_action = TRUE;
2825 }
2826 else { badarg = TRUE; break; }
2827
2828 /* All the -Mxx options require at least one message id. */
2829
2830 msg_action_arg = i + 1;
2831 if (msg_action_arg >= argc)
2832 exim_fail("exim: no message ids given after %s option\n", arg);
2833
2834 /* Some require only message ids to follow */
2835
2836 if (!one_msg_action)
2837 {
2838 for (int j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j]))
2839 exim_fail("exim: malformed message id %s after %s option\n",
2840 argv[j], arg);
2841 goto END_ARG; /* Remaining args are ids */
2842 }
2843
2844 /* Others require only one message id, possibly followed by addresses,
2845 which will be handled as normal arguments. */
2846
2847 else
2848 {
2849 if (!mac_ismsgid(argv[msg_action_arg]))
2850 exim_fail("exim: malformed message id %s after %s option\n",
2851 argv[msg_action_arg], arg);
2852 i++;
2853 }
2854 break;
2855
2856
2857 /* Some programs seem to call the -om option without the leading o;
2858 for sendmail it askes for "me too". Exim always does this. */
2859
2860 case 'm':
2861 if (*argrest != 0) badarg = TRUE;
2862 break;
2863
2864
2865 /* -N: don't do delivery - a debugging option that stops transports doing
2866 their thing. It implies debugging at the D_v level. */
2867
2868 case 'N':
2869 if (*argrest == 0)
2870 {
2871 f.dont_deliver = TRUE;
2872 debug_selector |= D_v;
2873 debug_file = stderr;
2874 }
2875 else badarg = TRUE;
2876 break;
2877
2878
2879 /* -n: This means "don't alias" in sendmail, apparently.
2880 For normal invocations, it has no effect.
2881 It may affect some other options. */
2882
2883 case 'n':
2884 flag_n = TRUE;
2885 break;
2886
2887 /* -O: Just ignore it. In sendmail, apparently -O option=value means set
2888 option to the specified value. This form uses long names. We need to handle
2889 -O option=value and -Ooption=value. */
2890
2891 case 'O':
2892 if (*argrest == 0)
2893 {
2894 if (++i >= argc)
2895 exim_fail("exim: string expected after -O\n");
2896 }
2897 break;
2898
2899 case 'o':
2900
2901 /* -oA: Set an argument for the bi command (sendmail's "alternate alias
2902 file" option). */
2903
2904 if (*argrest == 'A')
2905 {
2906 alias_arg = argrest + 1;
2907 if (alias_arg[0] == 0)
2908 {
2909 if (i+1 < argc) alias_arg = argv[++i]; else
2910 exim_fail("exim: string expected after -oA\n");
2911 }
2912 }
2913
2914 /* -oB: Set a connection message max value for remote deliveries */
2915
2916 else if (*argrest == 'B')
2917 {
2918 uschar *p = argrest + 1;
2919 if (p[0] == 0)
2920 {
2921 if (i+1 < argc && isdigit((argv[i+1][0]))) p = argv[++i]; else
2922 {
2923 connection_max_messages = 1;
2924 p = NULL;
2925 }
2926 }
2927
2928 if (p != NULL)
2929 {
2930 if (!isdigit(*p))
2931 exim_fail("exim: number expected after -oB\n");
2932 connection_max_messages = Uatoi(p);
2933 }
2934 }
2935
2936 /* -odb: background delivery */
2937
2938 else if (Ustrcmp(argrest, "db") == 0)
2939 {
2940 f.synchronous_delivery = FALSE;
2941 arg_queue_only = FALSE;
2942 queue_only_set = TRUE;
2943 }
2944
2945 /* -odf: foreground delivery (smail-compatible option); same effect as
2946 -odi: interactive (synchronous) delivery (sendmail-compatible option)
2947 */
2948
2949 else if (Ustrcmp(argrest, "df") == 0 || Ustrcmp(argrest, "di") == 0)
2950 {
2951 f.synchronous_delivery = TRUE;
2952 arg_queue_only = FALSE;
2953 queue_only_set = TRUE;
2954 }
2955
2956 /* -odq: queue only */
2957
2958 else if (Ustrcmp(argrest, "dq") == 0)
2959 {
2960 f.synchronous_delivery = FALSE;
2961 arg_queue_only = TRUE;
2962 queue_only_set = TRUE;
2963 }
2964
2965 /* -odqs: queue SMTP only - do local deliveries and remote routing,
2966 but no remote delivery */
2967
2968 else if (Ustrcmp(argrest, "dqs") == 0)
2969 {
2970 f.queue_smtp = TRUE;
2971 arg_queue_only = FALSE;
2972 queue_only_set = TRUE;
2973 }
2974
2975 /* -oex: Sendmail error flags. As these are also accepted without the
2976 leading -o prefix, for compatibility with vacation and other callers,
2977 they are handled with -e above. */
2978
2979 /* -oi: Set flag so dot doesn't end non-SMTP input (same as -i)
2980 -oitrue: Another sendmail syntax for the same */
2981
2982 else if (Ustrcmp(argrest, "i") == 0 ||
2983 Ustrcmp(argrest, "itrue") == 0)
2984 f.dot_ends = FALSE;
2985
2986 /* -oM*: Set various characteristics for an incoming message; actually
2987 acted on for trusted callers only. */
2988
2989 else if (*argrest == 'M')
2990 {
2991 if (i+1 >= argc)
2992 exim_fail("exim: data expected after -o%s\n", argrest);
2993
2994 /* -oMa: Set sender host address */
2995
2996 if (Ustrcmp(argrest, "Ma") == 0) sender_host_address = argv[++i];
2997
2998 /* -oMaa: Set authenticator name */
2999
3000 else if (Ustrcmp(argrest, "Maa") == 0)
3001 sender_host_authenticated = argv[++i];
3002
3003 /* -oMas: setting authenticated sender */
3004
3005 else if (Ustrcmp(argrest, "Mas") == 0)
3006 authenticated_sender = string_copy_taint(argv[++i], TRUE);
3007
3008 /* -oMai: setting authenticated id */
3009
3010 else if (Ustrcmp(argrest, "Mai") == 0)
3011 authenticated_id = string_copy_taint(argv[++i], TRUE);
3012
3013 /* -oMi: Set incoming interface address */
3014
3015 else if (Ustrcmp(argrest, "Mi") == 0) interface_address = argv[++i];
3016
3017 /* -oMm: Message reference */
3018
3019 else if (Ustrcmp(argrest, "Mm") == 0)
3020 {
3021 if (!mac_ismsgid(argv[i+1]))
3022 exim_fail("-oMm must be a valid message ID\n");
3023 if (!f.trusted_config)
3024 exim_fail("-oMm must be called by a trusted user/config\n");
3025 message_reference = argv[++i];
3026 }
3027
3028 /* -oMr: Received protocol */
3029
3030 else if (Ustrcmp(argrest, "Mr") == 0)
3031
3032 if (received_protocol)
3033 exim_fail("received_protocol is set already\n");
3034 else
3035 received_protocol = argv[++i];
3036
3037 /* -oMs: Set sender host name */
3038
3039 else if (Ustrcmp(argrest, "Ms") == 0)
3040 sender_host_name = string_copy_taint(argv[++i], TRUE);
3041
3042 /* -oMt: Set sender ident */
3043
3044 else if (Ustrcmp(argrest, "Mt") == 0)
3045 {
3046 sender_ident_set = TRUE;
3047 sender_ident = argv[++i];
3048 }
3049
3050 /* Else a bad argument */
3051
3052 else
3053 {
3054 badarg = TRUE;
3055 break;
3056 }
3057 }
3058
3059 /* -om: Me-too flag for aliases. Exim always does this. Some programs
3060 seem to call this as -m (undocumented), so that is also accepted (see
3061 above). */
3062
3063 else if (Ustrcmp(argrest, "m") == 0) {}
3064
3065 /* -oo: An ancient flag for old-style addresses which still seems to
3066 crop up in some calls (see in SCO). */
3067
3068 else if (Ustrcmp(argrest, "o") == 0) {}
3069
3070 /* -oP <name>: set pid file path for daemon */
3071
3072 else if (Ustrcmp(argrest, "P") == 0)
3073 override_pid_file_path = argv[++i];
3074
3075 /* -or <n>: set timeout for non-SMTP acceptance
3076 -os <n>: set timeout for SMTP acceptance */
3077
3078 else if (*argrest == 'r' || *argrest == 's')
3079 {
3080 int *tp = (*argrest == 'r')?
3081 &arg_receive_timeout : &arg_smtp_receive_timeout;
3082 if (argrest[1] == 0)
3083 {
3084 if (i+1 < argc) *tp= readconf_readtime(argv[++i], 0, FALSE);
3085 }
3086 else *tp = readconf_readtime(argrest + 1, 0, FALSE);
3087 if (*tp < 0)
3088 exim_fail("exim: bad time value %s: abandoned\n", argv[i]);
3089 }
3090
3091 /* -oX <list>: Override local_interfaces and/or default daemon ports */
3092
3093 else if (Ustrcmp(argrest, "X") == 0)
3094 override_local_interfaces = argv[++i];
3095
3096 /* Unknown -o argument */
3097
3098 else badarg = TRUE;
3099 break;
3100
3101
3102 /* -ps: force Perl startup; -pd force delayed Perl startup */
3103
3104 case 'p':
3105 #ifdef EXIM_PERL
3106 if (*argrest == 's' && argrest[1] == 0)
3107 {
3108 perl_start_option = 1;
3109 break;
3110 }
3111 if (*argrest == 'd' && argrest[1] == 0)
3112 {
3113 perl_start_option = -1;
3114 break;
3115 }
3116 #endif
3117
3118 /* -panythingelse is taken as the Sendmail-compatible argument -prval:sval,
3119 which sets the host protocol and host name */
3120
3121 if (*argrest == 0)
3122 if (i+1 < argc)
3123 argrest = argv[++i];
3124 else
3125 { badarg = TRUE; break; }
3126
3127 if (*argrest != 0)
3128 {
3129 uschar *hn;
3130
3131 if (received_protocol)
3132 exim_fail("received_protocol is set already\n");
3133
3134 hn = Ustrchr(argrest, ':');
3135 if (hn == NULL)
3136 received_protocol = argrest;
3137 else
3138 {
3139 int old_pool = store_pool;
3140 store_pool = POOL_PERM;
3141 received_protocol = string_copyn(argrest, hn - argrest);
3142 store_pool = old_pool;
3143 sender_host_name = hn + 1;
3144 }
3145 }
3146 break;
3147
3148
3149 case 'q':
3150 receiving_message = FALSE;
3151 if (queue_interval >= 0)
3152 exim_fail("exim: -q specified more than once\n");
3153
3154 /* -qq...: Do queue runs in a 2-stage manner */
3155
3156 if (*argrest == 'q')
3157 {
3158 f.queue_2stage = TRUE;
3159 argrest++;
3160 }
3161
3162 /* -qi...: Do only first (initial) deliveries */
3163
3164 if (*argrest == 'i')
3165 {
3166 f.queue_run_first_delivery = TRUE;
3167 argrest++;
3168 }
3169
3170 /* -qf...: Run the queue, forcing deliveries
3171 -qff..: Ditto, forcing thawing as well */
3172
3173 if (*argrest == 'f')
3174 {
3175 f.queue_run_force = TRUE;
3176 if (*++argrest == 'f')
3177 {
3178 f.deliver_force_thaw = TRUE;
3179 argrest++;
3180 }
3181 }
3182
3183 /* -q[f][f]l...: Run the queue only on local deliveries */
3184
3185 if (*argrest == 'l')
3186 {
3187 f.queue_run_local = TRUE;
3188 argrest++;
3189 }
3190
3191 /* -q[f][f][l][G<name>]... Work on the named queue */
3192
3193 if (*argrest == 'G')
3194 {
3195 int i;
3196 for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++;
3197 queue_name = string_copyn(argrest, i);
3198 argrest += i;
3199 if (*argrest == '/') argrest++;
3200 }
3201
3202 /* -q[f][f][l][G<name>]: Run the queue, optionally forced, optionally local
3203 only, optionally named, optionally starting from a given message id. */
3204
3205 if (!(list_queue || count_queue))
3206 if (*argrest == 0
3207 && (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1])))
3208 {
3209 queue_interval = 0;
3210 if (i+1 < argc && mac_ismsgid(argv[i+1]))
3211 start_queue_run_id = argv[++i];
3212 if (i+1 < argc && mac_ismsgid(argv[i+1]))
3213 stop_queue_run_id = argv[++i];
3214 }
3215
3216 /* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally
3217 forced, optionally local only, optionally named. */
3218
3219 else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i],
3220 0, FALSE)) <= 0)
3221 exim_fail("exim: bad time value %s: abandoned\n", argv[i]);
3222 break;
3223
3224
3225 case 'R': /* Synonymous with -qR... */
3226 receiving_message = FALSE;
3227
3228 /* -Rf: As -R (below) but force all deliveries,
3229 -Rff: Ditto, but also thaw all frozen messages,
3230 -Rr: String is regex
3231 -Rrf: Regex and force
3232 -Rrff: Regex and force and thaw
3233
3234 in all cases provided there are no further characters in this
3235 argument. */
3236
3237 if (*argrest != 0)
3238 for (int i = 0; i < nelem(rsopts); i++)
3239 if (Ustrcmp(argrest, rsopts[i]) == 0)
3240 {
3241 if (i != 2) f.queue_run_force = TRUE;
3242 if (i >= 2) f.deliver_selectstring_regex = TRUE;
3243 if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
3244 argrest += Ustrlen(rsopts[i]);
3245 }
3246
3247 /* -R: Set string to match in addresses for forced queue run to
3248 pick out particular messages. */
3249
3250 if (*argrest)
3251 deliver_selectstring = argrest;
3252 else if (i+1 < argc)
3253 deliver_selectstring = argv[++i];
3254 else
3255 exim_fail("exim: string expected after -R\n");
3256 break;
3257
3258
3259 /* -r: an obsolete synonym for -f (see above) */
3260
3261
3262 /* -S: Like -R but works on sender. */
3263
3264 case 'S': /* Synonymous with -qS... */
3265 receiving_message = FALSE;
3266
3267 /* -Sf: As -S (below) but force all deliveries,
3268 -Sff: Ditto, but also thaw all frozen messages,
3269 -Sr: String is regex
3270 -Srf: Regex and force
3271 -Srff: Regex and force and thaw
3272
3273 in all cases provided there are no further characters in this
3274 argument. */
3275
3276 if (*argrest)
3277 for (int i = 0; i < nelem(rsopts); i++)
3278 if (Ustrcmp(argrest, rsopts[i]) == 0)
3279 {
3280 if (i != 2) f.queue_run_force = TRUE;
3281 if (i >= 2) f.deliver_selectstring_sender_regex = TRUE;
3282 if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
3283 argrest += Ustrlen(rsopts[i]);
3284 }
3285
3286 /* -S: Set string to match in addresses for forced queue run to
3287 pick out particular messages. */
3288
3289 if (*argrest)
3290 deliver_selectstring_sender = argrest;
3291 else if (i+1 < argc)
3292 deliver_selectstring_sender = argv[++i];
3293 else
3294 exim_fail("exim: string expected after -S\n");
3295 break;
3296
3297 /* -Tqt is an option that is exclusively for use by the testing suite.
3298 It is not recognized in other circumstances. It allows for the setting up
3299 of explicit "queue times" so that various warning/retry things can be
3300 tested. Otherwise variability of clock ticks etc. cause problems. */
3301
3302 case 'T':
3303 if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
3304 fudged_queue_times = argv[++i];
3305 else badarg = TRUE;
3306 break;
3307
3308
3309 /* -t: Set flag to extract recipients from body of message. */
3310
3311 case 't':
3312 if (*argrest == 0) extract_recipients = TRUE;
3313
3314 /* -ti: Set flag to extract recipients from body of message, and also
3315 specify that dot does not end the message. */
3316
3317 else if (Ustrcmp(argrest, "i") == 0)
3318 {
3319 extract_recipients = TRUE;
3320 f.dot_ends = FALSE;
3321 }
3322
3323 /* -tls-on-connect: don't wait for STARTTLS (for old clients) */
3324
3325 #ifndef DISABLE_TLS
3326 else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE;
3327 #endif
3328
3329 else badarg = TRUE;
3330 break;
3331
3332
3333 /* -U: This means "initial user submission" in sendmail, apparently. The
3334 doc claims that in future sendmail may refuse syntactically invalid
3335 messages instead of fixing them. For the moment, we just ignore it. */
3336
3337 case 'U':
3338 break;
3339
3340
3341 /* -v: verify things - this is a very low-level debugging */
3342
3343 case 'v':
3344 if (*argrest == 0)
3345 {
3346 debug_selector |= D_v;
3347 debug_file = stderr;
3348 }
3349 else badarg = TRUE;
3350 break;
3351
3352
3353 /* -x: AIX uses this to indicate some fancy 8-bit character stuff:
3354
3355 The -x flag tells the sendmail command that mail from a local
3356 mail program has National Language Support (NLS) extended characters
3357 in the body of the mail item. The sendmail command can send mail with
3358 extended NLS characters across networks that normally corrupts these
3359 8-bit characters.
3360
3361 As Exim is 8-bit clean, it just ignores this flag. */
3362
3363 case 'x':
3364 if (*argrest != 0) badarg = TRUE;
3365 break;
3366
3367 /* -X: in sendmail: takes one parameter, logfile, and sends debugging
3368 logs to that file. We swallow the parameter and otherwise ignore it. */
3369
3370 case 'X':
3371 if (*argrest == '\0')
3372 if (++i >= argc)
3373 exim_fail("exim: string expected after -X\n");
3374 break;
3375
3376 case 'z':
3377 if (*argrest == '\0')
3378 if (++i < argc)
3379 log_oneline = argv[i];
3380 else
3381 exim_fail("exim: file name expected after %s\n", argv[i-1]);
3382 break;
3383
3384 /* All other initial characters are errors */
3385
3386 default:
3387 badarg = TRUE;
3388 break;
3389 } /* End of high-level switch statement */
3390
3391 /* Failed to recognize the option, or syntax error */
3392
3393 if (badarg)
3394 exim_fail("exim abandoned: unknown, malformed, or incomplete "
3395 "option %s\n", arg);
3396 }
3397
3398
3399 /* If -R or -S have been specified without -q, assume a single queue run. */
3400
3401 if ( (deliver_selectstring || deliver_selectstring_sender)
3402 && queue_interval < 0)
3403 queue_interval = 0;
3404
3405
3406 END_ARG:
3407 /* If usage_wanted is set we call the usage function - which never returns */
3408 if (usage_wanted) exim_usage(called_as);
3409
3410 /* Arguments have been processed. Check for incompatibilities. */
3411 if ((
3412 (smtp_input || extract_recipients || recipients_arg < argc) &&
3413 (f.daemon_listen || queue_interval >= 0 || bi_option ||
3414 test_retry_arg >= 0 || test_rewrite_arg >= 0 ||
3415 filter_test != FTEST_NONE || (msg_action_arg > 0 && !one_msg_action))
3416 ) ||
3417 (
3418 msg_action_arg > 0 &&
3419 (f.daemon_listen || queue_interval > 0 || list_options ||
3420 (checking && msg_action != MSG_LOAD) ||
3421 bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0)
3422 ) ||
3423 (
3424 (f.daemon_listen || queue_interval > 0) &&
3425 (sender_address != NULL || list_options || list_queue || checking ||
3426 bi_option)
3427 ) ||
3428 (
3429 f.daemon_listen && queue_interval == 0
3430 ) ||
3431 (
3432 f.inetd_wait_mode && queue_interval >= 0
3433 ) ||
3434 (
3435 list_options &&
3436 (checking || smtp_input || extract_recipients ||
3437 filter_test != FTEST_NONE || bi_option)
3438 ) ||
3439 (
3440 verify_address_mode &&
3441 (f.address_test_mode || smtp_input || extract_recipients ||
3442 filter_test != FTEST_NONE || bi_option)
3443 ) ||
3444 (
3445 f.address_test_mode && (smtp_input || extract_recipients ||
3446 filter_test != FTEST_NONE || bi_option)
3447 ) ||
3448 (
3449 smtp_input && (sender_address != NULL || filter_test != FTEST_NONE ||
3450 extract_recipients)
3451 ) ||
3452 (
3453 deliver_selectstring != NULL && queue_interval < 0
3454 ) ||
3455 (
3456 msg_action == MSG_LOAD &&
3457 (!expansion_test || expansion_test_message != NULL)
3458 )
3459 )
3460 exim_fail("exim: incompatible command-line options or arguments\n");
3461
3462 /* If debugging is set up, set the file and the file descriptor to pass on to
3463 child processes. It should, of course, be 2 for stderr. Also, force the daemon
3464 to run in the foreground. */
3465
3466 if (debug_selector != 0)
3467 {
3468 debug_file = stderr;
3469 debug_fd = fileno(debug_file);
3470 f.background_daemon = FALSE;
3471 testharness_pause_ms(100); /* lets caller finish */
3472 if (debug_selector != D_v) /* -v only doesn't show this */
3473 {
3474 debug_printf("Exim version %s uid=%ld gid=%ld pid=%d D=%x\n",
3475 version_string, (long int)real_uid, (long int)real_gid, (int)getpid(),
3476 debug_selector);
3477 if (!version_printed)
3478 show_whats_supported(stderr);
3479 }
3480 }
3481
3482 /* When started with root privilege, ensure that the limits on the number of
3483 open files and the number of processes (where that is accessible) are
3484 sufficiently large, or are unset, in case Exim has been called from an
3485 environment where the limits are screwed down. Not all OS have the ability to
3486 change some of these limits. */
3487
3488 if (unprivileged)
3489 {
3490 DEBUG(D_any) debug_print_ids(US"Exim has no root privilege:");
3491 }
3492 else
3493 {
3494 struct rlimit rlp;
3495
3496 #ifdef RLIMIT_NOFILE
3497 if (getrlimit(RLIMIT_NOFILE, &rlp) < 0)
3498 {
3499 log_write(0, LOG_MAIN|LOG_PANIC, "getrlimit(RLIMIT_NOFILE) failed: %s",
3500 strerror(errno));
3501 rlp.rlim_cur = rlp.rlim_max = 0;
3502 }
3503
3504 /* I originally chose 1000 as a nice big number that was unlikely to
3505 be exceeded. It turns out that some older OS have a fixed upper limit of
3506 256. */
3507
3508 if (rlp.rlim_cur < 1000)
3509 {
3510 rlp.rlim_cur = rlp.rlim_max = 1000;
3511 if (setrlimit(RLIMIT_NOFILE, &rlp) < 0)
3512 {
3513 rlp.rlim_cur = rlp