Provide readn() as a wrapper around read()
[exim.git] / src / src / exim.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2016 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* The main function: entry point, initialization, and high-level control.
10 Also a few functions that don't naturally fit elsewhere. */
11
12
13 #include "exim.h"
14
15 #if defined(__GLIBC__) && !defined(__UCLIBC__)
16 # include <gnu/libc-version.h>
17 #endif
18
19 #ifdef USE_GNUTLS
20 # include <gnutls/gnutls.h>
21 # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP)
22 # define DISABLE_OCSP
23 # endif
24 #endif
25
26 extern void init_lookup_list(void);
27
28
29
30 /*************************************************
31 * Function interface to store functions *
32 *************************************************/
33
34 /* We need some real functions to pass to the PCRE regular expression library
35 for store allocation via Exim's store manager. The normal calls are actually
36 macros that pass over location information to make tracing easier. These
37 functions just interface to the standard macro calls. A good compiler will
38 optimize out the tail recursion and so not make them too expensive. There
39 are two sets of functions; one for use when we want to retain the compiled
40 regular expression for a long time; the other for short-term use. */
41
42 static void *
43 function_store_get(size_t size)
44 {
45 return store_get((int)size);
46 }
47
48 static void
49 function_dummy_free(void *block) { block = block; }
50
51 static void *
52 function_store_malloc(size_t size)
53 {
54 return store_malloc((int)size);
55 }
56
57 static void
58 function_store_free(void *block)
59 {
60 store_free(block);
61 }
62
63
64
65
66 /*************************************************
67 * Enums for cmdline interface *
68 *************************************************/
69
70 enum commandline_info { CMDINFO_NONE=0,
71 CMDINFO_HELP, CMDINFO_SIEVE, CMDINFO_DSCP };
72
73
74
75
76 /*************************************************
77 * Compile regular expression and panic on fail *
78 *************************************************/
79
80 /* This function is called when failure to compile a regular expression leads
81 to a panic exit. In other cases, pcre_compile() is called directly. In many
82 cases where this function is used, the results of the compilation are to be
83 placed in long-lived store, so we temporarily reset the store management
84 functions that PCRE uses if the use_malloc flag is set.
85
86 Argument:
87 pattern the pattern to compile
88 caseless TRUE if caseless matching is required
89 use_malloc TRUE if compile into malloc store
90
91 Returns: pointer to the compiled pattern
92 */
93
94 const pcre *
95 regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc)
96 {
97 int offset;
98 int options = PCRE_COPT;
99 const pcre *yield;
100 const uschar *error;
101 if (use_malloc)
102 {
103 pcre_malloc = function_store_malloc;
104 pcre_free = function_store_free;
105 }
106 if (caseless) options |= PCRE_CASELESS;
107 yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL);
108 pcre_malloc = function_store_get;
109 pcre_free = function_dummy_free;
110 if (yield == NULL)
111 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: "
112 "%s at offset %d while compiling %s", error, offset, pattern);
113 return yield;
114 }
115
116
117
118
119 /*************************************************
120 * Execute regular expression and set strings *
121 *************************************************/
122
123 /* This function runs a regular expression match, and sets up the pointers to
124 the matched substrings.
125
126 Arguments:
127 re the compiled expression
128 subject the subject string
129 options additional PCRE options
130 setup if < 0 do full setup
131 if >= 0 setup from setup+1 onwards,
132 excluding the full matched string
133
134 Returns: TRUE or FALSE
135 */
136
137 BOOL
138 regex_match_and_setup(const pcre *re, const uschar *subject, int options, int setup)
139 {
140 int ovector[3*(EXPAND_MAXN+1)];
141 uschar * s = string_copy(subject); /* de-constifying */
142 int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0,
143 PCRE_EOPT | options, ovector, sizeof(ovector)/sizeof(int));
144 BOOL yield = n >= 0;
145 if (n == 0) n = EXPAND_MAXN + 1;
146 if (yield)
147 {
148 int nn;
149 expand_nmax = (setup < 0)? 0 : setup + 1;
150 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
151 {
152 expand_nstring[expand_nmax] = s + ovector[nn];
153 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
154 }
155 expand_nmax--;
156 }
157 return yield;
158 }
159
160
161
162
163 /*************************************************
164 * Set up processing details *
165 *************************************************/
166
167 /* Save a text string for dumping when SIGUSR1 is received.
168 Do checks for overruns.
169
170 Arguments: format and arguments, as for printf()
171 Returns: nothing
172 */
173
174 void
175 set_process_info(const char *format, ...)
176 {
177 int len = sprintf(CS process_info, "%5d ", (int)getpid());
178 va_list ap;
179 va_start(ap, format);
180 if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap))
181 Ustrcpy(process_info + len, "**** string overflowed buffer ****");
182 len = Ustrlen(process_info);
183 process_info[len+0] = '\n';
184 process_info[len+1] = '\0';
185 process_info_len = len + 1;
186 DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info);
187 va_end(ap);
188 }
189
190
191
192
193 /*************************************************
194 * Handler for SIGUSR1 *
195 *************************************************/
196
197 /* SIGUSR1 causes any exim process to write to the process log details of
198 what it is currently doing. It will only be used if the OS is capable of
199 setting up a handler that causes automatic restarting of any system call
200 that is in progress at the time.
201
202 This function takes care to be signal-safe.
203
204 Argument: the signal number (SIGUSR1)
205 Returns: nothing
206 */
207
208 static void
209 usr1_handler(int sig)
210 {
211 int fd;
212
213 os_restarting_signal(sig, usr1_handler);
214
215 if ((fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE)) < 0)
216 {
217 /* If we are already running as the Exim user, try to create it in the
218 current process (assuming spool_directory exists). Otherwise, if we are
219 root, do the creation in an exim:exim subprocess. */
220
221 int euid = geteuid();
222 if (euid == exim_uid)
223 fd = Uopen(process_log_path, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
224 else if (euid == root_uid)
225 fd = log_create_as_exim(process_log_path);
226 }
227
228 /* If we are neither exim nor root, or if we failed to create the log file,
229 give up. There is not much useful we can do with errors, since we don't want
230 to disrupt whatever is going on outside the signal handler. */
231
232 if (fd < 0) return;
233
234 (void)write(fd, process_info, process_info_len);
235 (void)close(fd);
236 }
237
238
239
240 /*************************************************
241 * Timeout handler *
242 *************************************************/
243
244 /* This handler is enabled most of the time that Exim is running. The handler
245 doesn't actually get used unless alarm() has been called to set a timer, to
246 place a time limit on a system call of some kind. When the handler is run, it
247 re-enables itself.
248
249 There are some other SIGALRM handlers that are used in special cases when more
250 than just a flag setting is required; for example, when reading a message's
251 input. These are normally set up in the code module that uses them, and the
252 SIGALRM handler is reset to this one afterwards.
253
254 Argument: the signal value (SIGALRM)
255 Returns: nothing
256 */
257
258 void
259 sigalrm_handler(int sig)
260 {
261 sig = sig; /* Keep picky compilers happy */
262 sigalrm_seen = TRUE;
263 os_non_restarting_signal(SIGALRM, sigalrm_handler);
264 }
265
266
267
268 /*************************************************
269 * Sleep for a fractional time interval *
270 *************************************************/
271
272 /* This function is called by millisleep() and exim_wait_tick() to wait for a
273 period of time that may include a fraction of a second. The coding is somewhat
274 tedious. We do not expect setitimer() ever to fail, but if it does, the process
275 will wait for ever, so we panic in this instance. (There was a case of this
276 when a bug in a function that calls milliwait() caused it to pass invalid data.
277 That's when I added the check. :-)
278
279 We assume it to be not worth sleeping for under 100us; this value will
280 require revisiting as hardware advances. This avoids the issue of
281 a zero-valued timer setting meaning "never fire".
282
283 Argument: an itimerval structure containing the interval
284 Returns: nothing
285 */
286
287 static void
288 milliwait(struct itimerval *itval)
289 {
290 sigset_t sigmask;
291 sigset_t old_sigmask;
292
293 if (itval->it_value.tv_usec < 100 && itval->it_value.tv_sec == 0)
294 return;
295 (void)sigemptyset(&sigmask); /* Empty mask */
296 (void)sigaddset(&sigmask, SIGALRM); /* Add SIGALRM */
297 (void)sigprocmask(SIG_BLOCK, &sigmask, &old_sigmask); /* Block SIGALRM */
298 if (setitimer(ITIMER_REAL, itval, NULL) < 0) /* Start timer */
299 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
300 "setitimer() failed: %s", strerror(errno));
301 (void)sigfillset(&sigmask); /* All signals */
302 (void)sigdelset(&sigmask, SIGALRM); /* Remove SIGALRM */
303 (void)sigsuspend(&sigmask); /* Until SIGALRM */
304 (void)sigprocmask(SIG_SETMASK, &old_sigmask, NULL); /* Restore mask */
305 }
306
307
308
309
310 /*************************************************
311 * Millisecond sleep function *
312 *************************************************/
313
314 /* The basic sleep() function has a granularity of 1 second, which is too rough
315 in some cases - for example, when using an increasing delay to slow down
316 spammers.
317
318 Argument: number of millseconds
319 Returns: nothing
320 */
321
322 void
323 millisleep(int msec)
324 {
325 struct itimerval itval;
326 itval.it_interval.tv_sec = 0;
327 itval.it_interval.tv_usec = 0;
328 itval.it_value.tv_sec = msec/1000;
329 itval.it_value.tv_usec = (msec % 1000) * 1000;
330 milliwait(&itval);
331 }
332
333
334
335 /*************************************************
336 * Compare microsecond times *
337 *************************************************/
338
339 /*
340 Arguments:
341 tv1 the first time
342 tv2 the second time
343
344 Returns: -1, 0, or +1
345 */
346
347 static int
348 exim_tvcmp(struct timeval *t1, struct timeval *t2)
349 {
350 if (t1->tv_sec > t2->tv_sec) return +1;
351 if (t1->tv_sec < t2->tv_sec) return -1;
352 if (t1->tv_usec > t2->tv_usec) return +1;
353 if (t1->tv_usec < t2->tv_usec) return -1;
354 return 0;
355 }
356
357
358
359
360 /*************************************************
361 * Clock tick wait function *
362 *************************************************/
363
364 /* Exim uses a time + a pid to generate a unique identifier in two places: its
365 message IDs, and in file names for maildir deliveries. Because some OS now
366 re-use pids within the same second, sub-second times are now being used.
367 However, for absolute certainty, we must ensure the clock has ticked before
368 allowing the relevant process to complete. At the time of implementation of
369 this code (February 2003), the speed of processors is such that the clock will
370 invariably have ticked already by the time a process has done its job. This
371 function prepares for the time when things are faster - and it also copes with
372 clocks that go backwards.
373
374 Arguments:
375 then_tv A timeval which was used to create uniqueness; its usec field
376 has been rounded down to the value of the resolution.
377 We want to be sure the current time is greater than this.
378 resolution The resolution that was used to divide the microseconds
379 (1 for maildir, larger for message ids)
380
381 Returns: nothing
382 */
383
384 void
385 exim_wait_tick(struct timeval *then_tv, int resolution)
386 {
387 struct timeval now_tv;
388 long int now_true_usec;
389
390 (void)gettimeofday(&now_tv, NULL);
391 now_true_usec = now_tv.tv_usec;
392 now_tv.tv_usec = (now_true_usec/resolution) * resolution;
393
394 if (exim_tvcmp(&now_tv, then_tv) <= 0)
395 {
396 struct itimerval itval;
397 itval.it_interval.tv_sec = 0;
398 itval.it_interval.tv_usec = 0;
399 itval.it_value.tv_sec = then_tv->tv_sec - now_tv.tv_sec;
400 itval.it_value.tv_usec = then_tv->tv_usec + resolution - now_true_usec;
401
402 /* We know that, overall, "now" is less than or equal to "then". Therefore, a
403 negative value for the microseconds is possible only in the case when "now"
404 is more than a second less than "then". That means that itval.it_value.tv_sec
405 is greater than zero. The following correction is therefore safe. */
406
407 if (itval.it_value.tv_usec < 0)
408 {
409 itval.it_value.tv_usec += 1000000;
410 itval.it_value.tv_sec -= 1;
411 }
412
413 DEBUG(D_transport|D_receive)
414 {
415 if (!running_in_test_harness)
416 {
417 debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n",
418 then_tv->tv_sec, (long) then_tv->tv_usec,
419 now_tv.tv_sec, (long) now_tv.tv_usec);
420 debug_printf("waiting " TIME_T_FMT ".%06lu\n",
421 itval.it_value.tv_sec, (long) itval.it_value.tv_usec);
422 }
423 }
424
425 milliwait(&itval);
426 }
427 }
428
429
430
431
432 /*************************************************
433 * Call fopen() with umask 777 and adjust mode *
434 *************************************************/
435
436 /* Exim runs with umask(0) so that files created with open() have the mode that
437 is specified in the open() call. However, there are some files, typically in
438 the spool directory, that are created with fopen(). They end up world-writeable
439 if no precautions are taken. Although the spool directory is not accessible to
440 the world, this is an untidiness. So this is a wrapper function for fopen()
441 that sorts out the mode of the created file.
442
443 Arguments:
444 filename the file name
445 options the fopen() options
446 mode the required mode
447
448 Returns: the fopened FILE or NULL
449 */
450
451 FILE *
452 modefopen(const uschar *filename, const char *options, mode_t mode)
453 {
454 mode_t saved_umask = umask(0777);
455 FILE *f = Ufopen(filename, options);
456 (void)umask(saved_umask);
457 if (f != NULL) (void)fchmod(fileno(f), mode);
458 return f;
459 }
460
461
462
463
464 /*************************************************
465 * Ensure stdin, stdout, and stderr exist *
466 *************************************************/
467
468 /* Some operating systems grumble if an exec() happens without a standard
469 input, output, and error (fds 0, 1, 2) being defined. The worry is that some
470 file will be opened and will use these fd values, and then some other bit of
471 code will assume, for example, that it can write error messages to stderr.
472 This function ensures that fds 0, 1, and 2 are open if they do not already
473 exist, by connecting them to /dev/null.
474
475 This function is also used to ensure that std{in,out,err} exist at all times,
476 so that if any library that Exim calls tries to use them, it doesn't crash.
477
478 Arguments: None
479 Returns: Nothing
480 */
481
482 void
483 exim_nullstd(void)
484 {
485 int i;
486 int devnull = -1;
487 struct stat statbuf;
488 for (i = 0; i <= 2; i++)
489 {
490 if (fstat(i, &statbuf) < 0 && errno == EBADF)
491 {
492 if (devnull < 0) devnull = open("/dev/null", O_RDWR);
493 if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
494 string_open_failed(errno, "/dev/null"));
495 if (devnull != i) (void)dup2(devnull, i);
496 }
497 }
498 if (devnull > 2) (void)close(devnull);
499 }
500
501
502
503
504 /*************************************************
505 * Close unwanted file descriptors for delivery *
506 *************************************************/
507
508 /* This function is called from a new process that has been forked to deliver
509 an incoming message, either directly, or using exec.
510
511 We want any smtp input streams to be closed in this new process. However, it
512 has been observed that using fclose() here causes trouble. When reading in -bS
513 input, duplicate copies of messages have been seen. The files will be sharing a
514 file pointer with the parent process, and it seems that fclose() (at least on
515 some systems - I saw this on Solaris 2.5.1) messes with that file pointer, at
516 least sometimes. Hence we go for closing the underlying file descriptors.
517
518 If TLS is active, we want to shut down the TLS library, but without molesting
519 the parent's SSL connection.
520
521 For delivery of a non-SMTP message, we want to close stdin and stdout (and
522 stderr unless debugging) because the calling process might have set them up as
523 pipes and be waiting for them to close before it waits for the submission
524 process to terminate. If they aren't closed, they hold up the calling process
525 until the initial delivery process finishes, which is not what we want.
526
527 Exception: We do want it for synchronous delivery!
528
529 And notwithstanding all the above, if D_resolver is set, implying resolver
530 debugging, leave stdout open, because that's where the resolver writes its
531 debugging output.
532
533 When we close stderr (which implies we've also closed stdout), we also get rid
534 of any controlling terminal.
535
536 Arguments: None
537 Returns: Nothing
538 */
539
540 static void
541 close_unwanted(void)
542 {
543 if (smtp_input)
544 {
545 #ifdef SUPPORT_TLS
546 tls_close(TRUE, FALSE); /* Shut down the TLS library */
547 #endif
548 (void)close(fileno(smtp_in));
549 (void)close(fileno(smtp_out));
550 smtp_in = NULL;
551 }
552 else
553 {
554 (void)close(0); /* stdin */
555 if ((debug_selector & D_resolver) == 0) (void)close(1); /* stdout */
556 if (debug_selector == 0) /* stderr */
557 {
558 if (!synchronous_delivery)
559 {
560 (void)close(2);
561 log_stderr = NULL;
562 }
563 (void)setsid();
564 }
565 }
566 }
567
568
569
570
571 /*************************************************
572 * Set uid and gid *
573 *************************************************/
574
575 /* This function sets a new uid and gid permanently, optionally calling
576 initgroups() to set auxiliary groups. There are some special cases when running
577 Exim in unprivileged modes. In these situations the effective uid will not be
578 root; if we already have the right effective uid/gid, and don't need to
579 initialize any groups, leave things as they are.
580
581 Arguments:
582 uid the uid
583 gid the gid
584 igflag TRUE if initgroups() wanted
585 msg text to use in debugging output and failure log
586
587 Returns: nothing; bombs out on failure
588 */
589
590 void
591 exim_setugid(uid_t uid, gid_t gid, BOOL igflag, uschar *msg)
592 {
593 uid_t euid = geteuid();
594 gid_t egid = getegid();
595
596 if (euid == root_uid || euid != uid || egid != gid || igflag)
597 {
598 /* At least one OS returns +1 for initgroups failure, so just check for
599 non-zero. */
600
601 if (igflag)
602 {
603 struct passwd *pw = getpwuid(uid);
604 if (pw != NULL)
605 {
606 if (initgroups(pw->pw_name, gid) != 0)
607 log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s",
608 (long int)uid, strerror(errno));
609 }
610 else log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): "
611 "no passwd entry for uid=%ld", (long int)uid);
612 }
613
614 if (setgid(gid) < 0 || setuid(uid) < 0)
615 {
616 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to set gid=%ld or uid=%ld "
617 "(euid=%ld): %s", (long int)gid, (long int)uid, (long int)euid, msg);
618 }
619 }
620
621 /* Debugging output included uid/gid and all groups */
622
623 DEBUG(D_uid)
624 {
625 int group_count, save_errno;
626 gid_t group_list[NGROUPS_MAX];
627 debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg,
628 (long int)geteuid(), (long int)getegid(), (long int)getpid());
629 group_count = getgroups(NGROUPS_MAX, group_list);
630 save_errno = errno;
631 debug_printf(" auxiliary group list:");
632 if (group_count > 0)
633 {
634 int i;
635 for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]);
636 }
637 else if (group_count < 0)
638 debug_printf(" <error: %s>", strerror(save_errno));
639 else debug_printf(" <none>");
640 debug_printf("\n");
641 }
642 }
643
644
645
646
647 /*************************************************
648 * Exit point *
649 *************************************************/
650
651 /* Exim exits via this function so that it always clears up any open
652 databases.
653
654 Arguments:
655 rc return code
656
657 Returns: does not return
658 */
659
660 void
661 exim_exit(int rc)
662 {
663 search_tidyup();
664 DEBUG(D_any)
665 debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d terminating with rc=%d "
666 ">>>>>>>>>>>>>>>>\n", (int)getpid(), rc);
667 exit(rc);
668 }
669
670
671
672
673 /*************************************************
674 * Extract port from host address *
675 *************************************************/
676
677 /* Called to extract the port from the values given to -oMa and -oMi.
678 It also checks the syntax of the address, and terminates it before the
679 port data when a port is extracted.
680
681 Argument:
682 address the address, with possible port on the end
683
684 Returns: the port, or zero if there isn't one
685 bombs out on a syntax error
686 */
687
688 static int
689 check_port(uschar *address)
690 {
691 int port = host_address_extract_port(address);
692 if (string_is_ip_address(address, NULL) == 0)
693 {
694 fprintf(stderr, "exim abandoned: \"%s\" is not an IP address\n", address);
695 exit(EXIT_FAILURE);
696 }
697 return port;
698 }
699
700
701
702 /*************************************************
703 * Test/verify an address *
704 *************************************************/
705
706 /* This function is called by the -bv and -bt code. It extracts a working
707 address from a full RFC 822 address. This isn't really necessary per se, but it
708 has the effect of collapsing source routes.
709
710 Arguments:
711 s the address string
712 flags flag bits for verify_address()
713 exit_value to be set for failures
714
715 Returns: nothing
716 */
717
718 static void
719 test_address(uschar *s, int flags, int *exit_value)
720 {
721 int start, end, domain;
722 uschar *parse_error = NULL;
723 uschar *address = parse_extract_address(s, &parse_error, &start, &end, &domain,
724 FALSE);
725 if (address == NULL)
726 {
727 fprintf(stdout, "syntax error: %s\n", parse_error);
728 *exit_value = 2;
729 }
730 else
731 {
732 int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1,
733 -1, -1, NULL, NULL, NULL);
734 if (rc == FAIL) *exit_value = 2;
735 else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
736 }
737 }
738
739
740
741 /*************************************************
742 * Show supported features *
743 *************************************************/
744
745 /* This function is called for -bV/--version and for -d to output the optional
746 features of the current Exim binary.
747
748 Arguments: a FILE for printing
749 Returns: nothing
750 */
751
752 static void
753 show_whats_supported(FILE *f)
754 {
755 auth_info *authi;
756
757 #ifdef DB_VERSION_STRING
758 fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING);
759 #elif defined(BTREEVERSION) && defined(HASHVERSION)
760 #ifdef USE_DB
761 fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n");
762 #else
763 fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n");
764 #endif
765 #elif defined(_DBM_RDONLY) || defined(dbm_dirfno)
766 fprintf(f, "Probably ndbm\n");
767 #elif defined(USE_TDB)
768 fprintf(f, "Using tdb\n");
769 #else
770 #ifdef USE_GDBM
771 fprintf(f, "Probably GDBM (native mode)\n");
772 #else
773 fprintf(f, "Probably GDBM (compatibility mode)\n");
774 #endif
775 #endif
776
777 fprintf(f, "Support for:");
778 #ifdef SUPPORT_CRYPTEQ
779 fprintf(f, " crypteq");
780 #endif
781 #if HAVE_ICONV
782 fprintf(f, " iconv()");
783 #endif
784 #if HAVE_IPV6
785 fprintf(f, " IPv6");
786 #endif
787 #ifdef HAVE_SETCLASSRESOURCES
788 fprintf(f, " use_setclassresources");
789 #endif
790 #ifdef SUPPORT_PAM
791 fprintf(f, " PAM");
792 #endif
793 #ifdef EXIM_PERL
794 fprintf(f, " Perl");
795 #endif
796 #ifdef EXPAND_DLFUNC
797 fprintf(f, " Expand_dlfunc");
798 #endif
799 #ifdef USE_TCP_WRAPPERS
800 fprintf(f, " TCPwrappers");
801 #endif
802 #ifdef SUPPORT_TLS
803 #ifdef USE_GNUTLS
804 fprintf(f, " GnuTLS");
805 #else
806 fprintf(f, " OpenSSL");
807 #endif
808 #endif
809 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
810 fprintf(f, " translate_ip_address");
811 #endif
812 #ifdef SUPPORT_MOVE_FROZEN_MESSAGES
813 fprintf(f, " move_frozen_messages");
814 #endif
815 #ifdef WITH_CONTENT_SCAN
816 fprintf(f, " Content_Scanning");
817 #endif
818 #ifndef DISABLE_DKIM
819 fprintf(f, " DKIM");
820 #endif
821 #ifndef DISABLE_DNSSEC
822 fprintf(f, " DNSSEC");
823 #endif
824 #ifndef DISABLE_EVENT
825 fprintf(f, " Event");
826 #endif
827 #ifdef SUPPORT_I18N
828 fprintf(f, " I18N");
829 #endif
830 #ifndef DISABLE_OCSP
831 fprintf(f, " OCSP");
832 #endif
833 #ifndef DISABLE_PRDR
834 fprintf(f, " PRDR");
835 #endif
836 #ifdef SUPPORT_PROXY
837 fprintf(f, " PROXY");
838 #endif
839 #ifdef SUPPORT_SOCKS
840 fprintf(f, " SOCKS");
841 #endif
842 #ifdef TCP_FASTOPEN
843 fprintf(f, " TCP_Fast_Open");
844 #endif
845 #ifdef EXPERIMENTAL_LMDB
846 fprintf(f, " Experimental_LMDB");
847 #endif
848 #ifdef EXPERIMENTAL_QUEUEFILE
849 fprintf(f, " Experimental_QUEUEFILE");
850 #endif
851 #ifdef EXPERIMENTAL_SPF
852 fprintf(f, " Experimental_SPF");
853 #endif
854 #ifdef EXPERIMENTAL_SRS
855 fprintf(f, " Experimental_SRS");
856 #endif
857 #ifdef EXPERIMENTAL_BRIGHTMAIL
858 fprintf(f, " Experimental_Brightmail");
859 #endif
860 #ifdef EXPERIMENTAL_DANE
861 fprintf(f, " Experimental_DANE");
862 #endif
863 #ifdef EXPERIMENTAL_DCC
864 fprintf(f, " Experimental_DCC");
865 #endif
866 #ifdef EXPERIMENTAL_DMARC
867 fprintf(f, " Experimental_DMARC");
868 #endif
869 #ifdef EXPERIMENTAL_DSN_INFO
870 fprintf(f, " Experimental_DSN_info");
871 #endif
872 fprintf(f, "\n");
873
874 fprintf(f, "Lookups (built-in):");
875 #if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2
876 fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch");
877 #endif
878 #if defined(LOOKUP_CDB) && LOOKUP_CDB!=2
879 fprintf(f, " cdb");
880 #endif
881 #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2
882 fprintf(f, " dbm dbmjz dbmnz");
883 #endif
884 #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2
885 fprintf(f, " dnsdb");
886 #endif
887 #if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2
888 fprintf(f, " dsearch");
889 #endif
890 #if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2
891 fprintf(f, " ibase");
892 #endif
893 #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2
894 fprintf(f, " ldap ldapdn ldapm");
895 #endif
896 #ifdef EXPERIMENTAL_LMDB
897 fprintf(f, " lmdb");
898 #endif
899 #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2
900 fprintf(f, " mysql");
901 #endif
902 #if defined(LOOKUP_NIS) && LOOKUP_NIS!=2
903 fprintf(f, " nis nis0");
904 #endif
905 #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2
906 fprintf(f, " nisplus");
907 #endif
908 #if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2
909 fprintf(f, " oracle");
910 #endif
911 #if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2
912 fprintf(f, " passwd");
913 #endif
914 #if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2
915 fprintf(f, " pgsql");
916 #endif
917 #if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2
918 fprintf(f, " redis");
919 #endif
920 #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2
921 fprintf(f, " sqlite");
922 #endif
923 #if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2
924 fprintf(f, " testdb");
925 #endif
926 #if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2
927 fprintf(f, " whoson");
928 #endif
929 fprintf(f, "\n");
930
931 fprintf(f, "Authenticators:");
932 #ifdef AUTH_CRAM_MD5
933 fprintf(f, " cram_md5");
934 #endif
935 #ifdef AUTH_CYRUS_SASL
936 fprintf(f, " cyrus_sasl");
937 #endif
938 #ifdef AUTH_DOVECOT
939 fprintf(f, " dovecot");
940 #endif
941 #ifdef AUTH_GSASL
942 fprintf(f, " gsasl");
943 #endif
944 #ifdef AUTH_HEIMDAL_GSSAPI
945 fprintf(f, " heimdal_gssapi");
946 #endif
947 #ifdef AUTH_PLAINTEXT
948 fprintf(f, " plaintext");
949 #endif
950 #ifdef AUTH_SPA
951 fprintf(f, " spa");
952 #endif
953 #ifdef AUTH_TLS
954 fprintf(f, " tls");
955 #endif
956 fprintf(f, "\n");
957
958 fprintf(f, "Routers:");
959 #ifdef ROUTER_ACCEPT
960 fprintf(f, " accept");
961 #endif
962 #ifdef ROUTER_DNSLOOKUP
963 fprintf(f, " dnslookup");
964 #endif
965 #ifdef ROUTER_IPLITERAL
966 fprintf(f, " ipliteral");
967 #endif
968 #ifdef ROUTER_IPLOOKUP
969 fprintf(f, " iplookup");
970 #endif
971 #ifdef ROUTER_MANUALROUTE
972 fprintf(f, " manualroute");
973 #endif
974 #ifdef ROUTER_QUERYPROGRAM
975 fprintf(f, " queryprogram");
976 #endif
977 #ifdef ROUTER_REDIRECT
978 fprintf(f, " redirect");
979 #endif
980 fprintf(f, "\n");
981
982 fprintf(f, "Transports:");
983 #ifdef TRANSPORT_APPENDFILE
984 fprintf(f, " appendfile");
985 #ifdef SUPPORT_MAILDIR
986 fprintf(f, "/maildir");
987 #endif
988 #ifdef SUPPORT_MAILSTORE
989 fprintf(f, "/mailstore");
990 #endif
991 #ifdef SUPPORT_MBX
992 fprintf(f, "/mbx");
993 #endif
994 #endif
995 #ifdef TRANSPORT_AUTOREPLY
996 fprintf(f, " autoreply");
997 #endif
998 #ifdef TRANSPORT_LMTP
999 fprintf(f, " lmtp");
1000 #endif
1001 #ifdef TRANSPORT_PIPE
1002 fprintf(f, " pipe");
1003 #endif
1004 #ifdef EXPERIMENTAL_QUEUEFILE
1005 fprintf(f, " queuefile");
1006 #endif
1007 #ifdef TRANSPORT_SMTP
1008 fprintf(f, " smtp");
1009 #endif
1010 fprintf(f, "\n");
1011
1012 if (fixed_never_users[0] > 0)
1013 {
1014 int i;
1015 fprintf(f, "Fixed never_users: ");
1016 for (i = 1; i <= (int)fixed_never_users[0] - 1; i++)
1017 fprintf(f, "%d:", (unsigned int)fixed_never_users[i]);
1018 fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]);
1019 }
1020
1021 fprintf(f, "Configure owner: %d:%d\n", config_uid, config_gid);
1022
1023 fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
1024
1025 /* Everything else is details which are only worth reporting when debugging.
1026 Perhaps the tls_version_report should move into this too. */
1027 DEBUG(D_any) do {
1028
1029 int i;
1030
1031 /* clang defines __GNUC__ (at least, for me) so test for it first */
1032 #if defined(__clang__)
1033 fprintf(f, "Compiler: CLang [%s]\n", __clang_version__);
1034 #elif defined(__GNUC__)
1035 fprintf(f, "Compiler: GCC [%s]\n",
1036 # ifdef __VERSION__
1037 __VERSION__
1038 # else
1039 "? unknown version ?"
1040 # endif
1041 );
1042 #else
1043 fprintf(f, "Compiler: <unknown>\n");
1044 #endif
1045
1046 #if defined(__GLIBC__) && !defined(__UCLIBC__)
1047 fprintf(f, "Library version: Glibc: Compile: %d.%d\n",
1048 __GLIBC__, __GLIBC_MINOR__);
1049 if (__GLIBC_PREREQ(2, 1))
1050 fprintf(f, " Runtime: %s\n",
1051 gnu_get_libc_version());
1052 #endif
1053
1054 #ifdef SUPPORT_TLS
1055 tls_version_report(f);
1056 #endif
1057 #ifdef SUPPORT_I18N
1058 utf8_version_report(f);
1059 #endif
1060
1061 for (authi = auths_available; *authi->driver_name != '\0'; ++authi)
1062 if (authi->version_report)
1063 (*authi->version_report)(f);
1064
1065 /* PCRE_PRERELEASE is either defined and empty or a bare sequence of
1066 characters; unless it's an ancient version of PCRE in which case it
1067 is not defined. */
1068 #ifndef PCRE_PRERELEASE
1069 # define PCRE_PRERELEASE
1070 #endif
1071 #define QUOTE(X) #X
1072 #define EXPAND_AND_QUOTE(X) QUOTE(X)
1073 fprintf(f, "Library version: PCRE: Compile: %d.%d%s\n"
1074 " Runtime: %s\n",
1075 PCRE_MAJOR, PCRE_MINOR,
1076 EXPAND_AND_QUOTE(PCRE_PRERELEASE) "",
1077 pcre_version());
1078 #undef QUOTE
1079 #undef EXPAND_AND_QUOTE
1080
1081 init_lookup_list();
1082 for (i = 0; i < lookup_list_count; i++)
1083 if (lookup_list[i]->version_report)
1084 lookup_list[i]->version_report(f);
1085
1086 #ifdef WHITELIST_D_MACROS
1087 fprintf(f, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
1088 #else
1089 fprintf(f, "WHITELIST_D_MACROS unset\n");
1090 #endif
1091 #ifdef TRUSTED_CONFIG_LIST
1092 fprintf(f, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
1093 #else
1094 fprintf(f, "TRUSTED_CONFIG_LIST unset\n");
1095 #endif
1096
1097 } while (0);
1098 }
1099
1100
1101 /*************************************************
1102 * Show auxiliary information about Exim *
1103 *************************************************/
1104
1105 static void
1106 show_exim_information(enum commandline_info request, FILE *stream)
1107 {
1108 const uschar **pp;
1109
1110 switch(request)
1111 {
1112 case CMDINFO_NONE:
1113 fprintf(stream, "Oops, something went wrong.\n");
1114 return;
1115 case CMDINFO_HELP:
1116 fprintf(stream,
1117 "The -bI: flag takes a string indicating which information to provide.\n"
1118 "If the string is not recognised, you'll get this help (on stderr).\n"
1119 "\n"
1120 " exim -bI:help this information\n"
1121 " exim -bI:dscp dscp value keywords known\n"
1122 " exim -bI:sieve list of supported sieve extensions, one per line.\n"
1123 );
1124 return;
1125 case CMDINFO_SIEVE:
1126 for (pp = exim_sieve_extension_list; *pp; ++pp)
1127 fprintf(stream, "%s\n", *pp);
1128 return;
1129 case CMDINFO_DSCP:
1130 dscp_list_to_stream(stream);
1131 return;
1132 }
1133 }
1134
1135
1136 /*************************************************
1137 * Quote a local part *
1138 *************************************************/
1139
1140 /* This function is used when a sender address or a From: or Sender: header
1141 line is being created from the caller's login, or from an authenticated_id. It
1142 applies appropriate quoting rules for a local part.
1143
1144 Argument: the local part
1145 Returns: the local part, quoted if necessary
1146 */
1147
1148 uschar *
1149 local_part_quote(uschar *lpart)
1150 {
1151 BOOL needs_quote = FALSE;
1152 int size, ptr;
1153 uschar *yield;
1154 uschar *t;
1155
1156 for (t = lpart; !needs_quote && *t != 0; t++)
1157 {
1158 needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
1159 (*t != '.' || t == lpart || t[1] == 0);
1160 }
1161
1162 if (!needs_quote) return lpart;
1163
1164 size = ptr = 0;
1165 yield = string_catn(NULL, &size, &ptr, US"\"", 1);
1166
1167 for (;;)
1168 {
1169 uschar *nq = US Ustrpbrk(lpart, "\\\"");
1170 if (nq == NULL)
1171 {
1172 yield = string_cat(yield, &size, &ptr, lpart);
1173 break;
1174 }
1175 yield = string_catn(yield, &size, &ptr, lpart, nq - lpart);
1176 yield = string_catn(yield, &size, &ptr, US"\\", 1);
1177 yield = string_catn(yield, &size, &ptr, nq, 1);
1178 lpart = nq + 1;
1179 }
1180
1181 yield = string_catn(yield, &size, &ptr, US"\"", 1);
1182 yield[ptr] = 0;
1183 return yield;
1184 }
1185
1186
1187
1188 #ifdef USE_READLINE
1189 /*************************************************
1190 * Load readline() functions *
1191 *************************************************/
1192
1193 /* This function is called from testing executions that read data from stdin,
1194 but only when running as the calling user. Currently, only -be does this. The
1195 function loads the readline() function library and passes back the functions.
1196 On some systems, it needs the curses library, so load that too, but try without
1197 it if loading fails. All this functionality has to be requested at build time.
1198
1199 Arguments:
1200 fn_readline_ptr pointer to where to put the readline pointer
1201 fn_addhist_ptr pointer to where to put the addhistory function
1202
1203 Returns: the dlopen handle or NULL on failure
1204 */
1205
1206 static void *
1207 set_readline(char * (**fn_readline_ptr)(const char *),
1208 void (**fn_addhist_ptr)(const char *))
1209 {
1210 void *dlhandle;
1211 void *dlhandle_curses = dlopen("libcurses." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_LAZY);
1212
1213 dlhandle = dlopen("libreadline." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_NOW);
1214 if (dlhandle_curses != NULL) dlclose(dlhandle_curses);
1215
1216 if (dlhandle != NULL)
1217 {
1218 /* Checked manual pages; at least in GNU Readline 6.1, the prototypes are:
1219 * char * readline (const char *prompt);
1220 * void add_history (const char *string);
1221 */
1222 *fn_readline_ptr = (char *(*)(const char*))dlsym(dlhandle, "readline");
1223 *fn_addhist_ptr = (void(*)(const char*))dlsym(dlhandle, "add_history");
1224 }
1225 else
1226 {
1227 DEBUG(D_any) debug_printf("failed to load readline: %s\n", dlerror());
1228 }
1229
1230 return dlhandle;
1231 }
1232 #endif
1233
1234
1235
1236 /*************************************************
1237 * Get a line from stdin for testing things *
1238 *************************************************/
1239
1240 /* This function is called when running tests that can take a number of lines
1241 of input (for example, -be and -bt). It handles continuations and trailing
1242 spaces. And prompting and a blank line output on eof. If readline() is in use,
1243 the arguments are non-NULL and provide the relevant functions.
1244
1245 Arguments:
1246 fn_readline readline function or NULL
1247 fn_addhist addhist function or NULL
1248
1249 Returns: pointer to dynamic memory, or NULL at end of file
1250 */
1251
1252 static uschar *
1253 get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *))
1254 {
1255 int i;
1256 int size = 0;
1257 int ptr = 0;
1258 uschar *yield = NULL;
1259
1260 if (fn_readline == NULL) { printf("> "); fflush(stdout); }
1261
1262 for (i = 0;; i++)
1263 {
1264 uschar buffer[1024];
1265 uschar *p, *ss;
1266
1267 #ifdef USE_READLINE
1268 char *readline_line = NULL;
1269 if (fn_readline != NULL)
1270 {
1271 if ((readline_line = fn_readline((i > 0)? "":"> ")) == NULL) break;
1272 if (*readline_line != 0 && fn_addhist != NULL) fn_addhist(readline_line);
1273 p = US readline_line;
1274 }
1275 else
1276 #endif
1277
1278 /* readline() not in use */
1279
1280 {
1281 if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break;
1282 p = buffer;
1283 }
1284
1285 /* Handle the line */
1286
1287 ss = p + (int)Ustrlen(p);
1288 while (ss > p && isspace(ss[-1])) ss--;
1289
1290 if (i > 0)
1291 {
1292 while (p < ss && isspace(*p)) p++; /* leading space after cont */
1293 }
1294
1295 yield = string_catn(yield, &size, &ptr, p, ss - p);
1296
1297 #ifdef USE_READLINE
1298 if (fn_readline != NULL) free(readline_line);
1299 #endif
1300
1301 /* yield can only be NULL if ss==p */
1302 if (ss == p || yield[ptr-1] != '\\')
1303 {
1304 if (yield) yield[ptr] = 0;
1305 break;
1306 }
1307 yield[--ptr] = 0;
1308 }
1309
1310 if (yield == NULL) printf("\n");
1311 return yield;
1312 }
1313
1314
1315
1316 /*************************************************
1317 * Output usage information for the program *
1318 *************************************************/
1319
1320 /* This function is called when there are no recipients
1321 or a specific --help argument was added.
1322
1323 Arguments:
1324 progname information on what name we were called by
1325
1326 Returns: DOES NOT RETURN
1327 */
1328
1329 static void
1330 exim_usage(uschar *progname)
1331 {
1332
1333 /* Handle specific program invocation variants */
1334 if (Ustrcmp(progname, US"-mailq") == 0)
1335 {
1336 fprintf(stderr,
1337 "mailq - list the contents of the mail queue\n\n"
1338 "For a list of options, see the Exim documentation.\n");
1339 exit(EXIT_FAILURE);
1340 }
1341
1342 /* Generic usage - we output this whatever happens */
1343 fprintf(stderr,
1344 "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n"
1345 "not directly from a shell command line. Options and/or arguments control\n"
1346 "what it does when called. For a list of options, see the Exim documentation.\n");
1347
1348 exit(EXIT_FAILURE);
1349 }
1350
1351
1352
1353 /*************************************************
1354 * Validate that the macros given are okay *
1355 *************************************************/
1356
1357 /* Typically, Exim will drop privileges if macros are supplied. In some
1358 cases, we want to not do so.
1359
1360 Arguments: opt_D_used - true if the commandline had a "-D" option
1361 Returns: true if trusted, false otherwise
1362 */
1363
1364 static BOOL
1365 macros_trusted(BOOL opt_D_used)
1366 {
1367 #ifdef WHITELIST_D_MACROS
1368 macro_item *m;
1369 uschar *whitelisted, *end, *p, **whites, **w;
1370 int white_count, i, n;
1371 size_t len;
1372 BOOL prev_char_item, found;
1373 #endif
1374
1375 if (!opt_D_used)
1376 return TRUE;
1377 #ifndef WHITELIST_D_MACROS
1378 return FALSE;
1379 #else
1380
1381 /* We only trust -D overrides for some invoking users:
1382 root, the exim run-time user, the optional config owner user.
1383 I don't know why config-owner would be needed, but since they can own the
1384 config files anyway, there's no security risk to letting them override -D. */
1385 if ( ! ((real_uid == root_uid)
1386 || (real_uid == exim_uid)
1387 #ifdef CONFIGURE_OWNER
1388 || (real_uid == config_uid)
1389 #endif
1390 ))
1391 {
1392 debug_printf("macros_trusted rejecting macros for uid %d\n", (int) real_uid);
1393 return FALSE;
1394 }
1395
1396 /* Get a list of macros which are whitelisted */
1397 whitelisted = string_copy_malloc(US WHITELIST_D_MACROS);
1398 prev_char_item = FALSE;
1399 white_count = 0;
1400 for (p = whitelisted; *p != '\0'; ++p)
1401 {
1402 if (*p == ':' || isspace(*p))
1403 {
1404 *p = '\0';
1405 if (prev_char_item)
1406 ++white_count;
1407 prev_char_item = FALSE;
1408 continue;
1409 }
1410 if (!prev_char_item)
1411 prev_char_item = TRUE;
1412 }
1413 end = p;
1414 if (prev_char_item)
1415 ++white_count;
1416 if (!white_count)
1417 return FALSE;
1418 whites = store_malloc(sizeof(uschar *) * (white_count+1));
1419 for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p)
1420 {
1421 if (*p != '\0')
1422 {
1423 whites[i++] = p;
1424 if (i == white_count)
1425 break;
1426 while (*p != '\0' && p < end)
1427 ++p;
1428 }
1429 }
1430 whites[i] = NULL;
1431
1432 /* The list of commandline macros should be very short.
1433 Accept the N*M complexity. */
1434 for (m = macros; m; m = m->next) if (m->command_line)
1435 {
1436 found = FALSE;
1437 for (w = whites; *w; ++w)
1438 if (Ustrcmp(*w, m->name) == 0)
1439 {
1440 found = TRUE;
1441 break;
1442 }
1443 if (!found)
1444 return FALSE;
1445 if (!m->replacement)
1446 continue;
1447 if ((len = m->replen) == 0)
1448 continue;
1449 n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len,
1450 0, PCRE_EOPT, NULL, 0);
1451 if (n < 0)
1452 {
1453 if (n != PCRE_ERROR_NOMATCH)
1454 debug_printf("macros_trusted checking %s returned %d\n", m->name, n);
1455 return FALSE;
1456 }
1457 }
1458 DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n");
1459 return TRUE;
1460 #endif
1461 }
1462
1463
1464 /*************************************************
1465 * Entry point and high-level code *
1466 *************************************************/
1467
1468 /* Entry point for the Exim mailer. Analyse the arguments and arrange to take
1469 the appropriate action. All the necessary functions are present in the one
1470 binary. I originally thought one should split it up, but it turns out that so
1471 much of the apparatus is needed in each chunk that one might as well just have
1472 it all available all the time, which then makes the coding easier as well.
1473
1474 Arguments:
1475 argc count of entries in argv
1476 argv argument strings, with argv[0] being the program name
1477
1478 Returns: EXIT_SUCCESS if terminated successfully
1479 EXIT_FAILURE otherwise, except when a message has been sent
1480 to the sender, and -oee was given
1481 */
1482
1483 int
1484 main(int argc, char **cargv)
1485 {
1486 uschar **argv = USS cargv;
1487 int arg_receive_timeout = -1;
1488 int arg_smtp_receive_timeout = -1;
1489 int arg_error_handling = error_handling;
1490 int filter_sfd = -1;
1491 int filter_ufd = -1;
1492 int group_count;
1493 int i, rv;
1494 int list_queue_option = 0;
1495 int msg_action = 0;
1496 int msg_action_arg = -1;
1497 int namelen = (argv[0] == NULL)? 0 : Ustrlen(argv[0]);
1498 int queue_only_reason = 0;
1499 #ifdef EXIM_PERL
1500 int perl_start_option = 0;
1501 #endif
1502 int recipients_arg = argc;
1503 int sender_address_domain = 0;
1504 int test_retry_arg = -1;
1505 int test_rewrite_arg = -1;
1506 BOOL arg_queue_only = FALSE;
1507 BOOL bi_option = FALSE;
1508 BOOL checking = FALSE;
1509 BOOL count_queue = FALSE;
1510 BOOL expansion_test = FALSE;
1511 BOOL extract_recipients = FALSE;
1512 BOOL flag_G = FALSE;
1513 BOOL flag_n = FALSE;
1514 BOOL forced_delivery = FALSE;
1515 BOOL f_end_dot = FALSE;
1516 BOOL deliver_give_up = FALSE;
1517 BOOL list_queue = FALSE;
1518 BOOL list_options = FALSE;
1519 BOOL list_config = FALSE;
1520 BOOL local_queue_only;
1521 BOOL more = TRUE;
1522 BOOL one_msg_action = FALSE;
1523 BOOL opt_D_used = FALSE;
1524 BOOL queue_only_set = FALSE;
1525 BOOL receiving_message = TRUE;
1526 BOOL sender_ident_set = FALSE;
1527 BOOL session_local_queue_only;
1528 BOOL unprivileged;
1529 BOOL removed_privilege = FALSE;
1530 BOOL usage_wanted = FALSE;
1531 BOOL verify_address_mode = FALSE;
1532 BOOL verify_as_sender = FALSE;
1533 BOOL version_printed = FALSE;
1534 uschar *alias_arg = NULL;
1535 uschar *called_as = US"";
1536 uschar *cmdline_syslog_name = NULL;
1537 uschar *start_queue_run_id = NULL;
1538 uschar *stop_queue_run_id = NULL;
1539 uschar *expansion_test_message = NULL;
1540 uschar *ftest_domain = NULL;
1541 uschar *ftest_localpart = NULL;
1542 uschar *ftest_prefix = NULL;
1543 uschar *ftest_suffix = NULL;
1544 uschar *log_oneline = NULL;
1545 uschar *malware_test_file = NULL;
1546 uschar *real_sender_address;
1547 uschar *originator_home = US"/";
1548 size_t sz;
1549 void *reset_point;
1550
1551 struct passwd *pw;
1552 struct stat statbuf;
1553 pid_t passed_qr_pid = (pid_t)0;
1554 int passed_qr_pipe = -1;
1555 gid_t group_list[NGROUPS_MAX];
1556
1557 /* For the -bI: flag */
1558 enum commandline_info info_flag = CMDINFO_NONE;
1559 BOOL info_stdout = FALSE;
1560
1561 /* Possible options for -R and -S */
1562
1563 static uschar *rsopts[] = { US"f", US"ff", US"r", US"rf", US"rff" };
1564
1565 /* Need to define this in case we need to change the environment in order
1566 to get rid of a bogus time zone. We have to make it char rather than uschar
1567 because some OS define it in /usr/include/unistd.h. */
1568
1569 extern char **environ;
1570
1571 /* If the Exim user and/or group and/or the configuration file owner/group were
1572 defined by ref:name at build time, we must now find the actual uid/gid values.
1573 This is a feature to make the lives of binary distributors easier. */
1574
1575 #ifdef EXIM_USERNAME
1576 if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid))
1577 {
1578 if (exim_uid == 0)
1579 {
1580 fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n",
1581 EXIM_USERNAME);
1582 exit(EXIT_FAILURE);
1583 }
1584 /* If ref:name uses a number as the name, route_finduser() returns
1585 TRUE with exim_uid set and pw coerced to NULL. */
1586 if (pw)
1587 exim_gid = pw->pw_gid;
1588 #ifndef EXIM_GROUPNAME
1589 else
1590 {
1591 fprintf(stderr,
1592 "exim: ref:name should specify a usercode, not a group.\n"
1593 "exim: can't let you get away with it unless you also specify a group.\n");
1594 exit(EXIT_FAILURE);
1595 }
1596 #endif
1597 }
1598 else
1599 {
1600 fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n",
1601 EXIM_USERNAME);
1602 exit(EXIT_FAILURE);
1603 }
1604 #endif
1605
1606 #ifdef EXIM_GROUPNAME
1607 if (!route_findgroup(US EXIM_GROUPNAME, &exim_gid))
1608 {
1609 fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n",
1610 EXIM_GROUPNAME);
1611 exit(EXIT_FAILURE);
1612 }
1613 #endif
1614
1615 #ifdef CONFIGURE_OWNERNAME
1616 if (!route_finduser(US CONFIGURE_OWNERNAME, NULL, &config_uid))
1617 {
1618 fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n",
1619 CONFIGURE_OWNERNAME);
1620 exit(EXIT_FAILURE);
1621 }
1622 #endif
1623
1624 /* We default the system_filter_user to be the Exim run-time user, as a
1625 sane non-root value. */
1626 system_filter_uid = exim_uid;
1627
1628 #ifdef CONFIGURE_GROUPNAME
1629 if (!route_findgroup(US CONFIGURE_GROUPNAME, &config_gid))
1630 {
1631 fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n",
1632 CONFIGURE_GROUPNAME);
1633 exit(EXIT_FAILURE);
1634 }
1635 #endif
1636
1637 /* In the Cygwin environment, some initialization used to need doing.
1638 It was fudged in by means of this macro; now no longer but we'll leave
1639 it in case of others. */
1640
1641 #ifdef OS_INIT
1642 OS_INIT
1643 #endif
1644
1645 /* Check a field which is patched when we are running Exim within its
1646 testing harness; do a fast initial check, and then the whole thing. */
1647
1648 running_in_test_harness =
1649 *running_status == '<' && Ustrcmp(running_status, "<<<testing>>>") == 0;
1650
1651 /* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed
1652 at the start of a program; however, it seems that some environments do not
1653 follow this. A "strange" locale can affect the formatting of timestamps, so we
1654 make quite sure. */
1655
1656 setlocale(LC_ALL, "C");
1657
1658 /* Set up the default handler for timing using alarm(). */
1659
1660 os_non_restarting_signal(SIGALRM, sigalrm_handler);
1661
1662 /* Ensure we have a buffer for constructing log entries. Use malloc directly,
1663 because store_malloc writes a log entry on failure. */
1664
1665 if (!(log_buffer = US malloc(LOG_BUFFER_SIZE)))
1666 {
1667 fprintf(stderr, "exim: failed to get store for log buffer\n");
1668 exit(EXIT_FAILURE);
1669 }
1670
1671 /* Initialize the default log options. */
1672
1673 bits_set(log_selector, log_selector_size, log_default);
1674
1675 /* Set log_stderr to stderr, provided that stderr exists. This gets reset to
1676 NULL when the daemon is run and the file is closed. We have to use this
1677 indirection, because some systems don't allow writing to the variable "stderr".
1678 */
1679
1680 if (fstat(fileno(stderr), &statbuf) >= 0) log_stderr = stderr;
1681
1682 /* Arrange for the PCRE regex library to use our store functions. Note that
1683 the normal calls are actually macros that add additional arguments for
1684 debugging purposes so we have to assign specially constructed functions here.
1685 The default is to use store in the stacking pool, but this is overridden in the
1686 regex_must_compile() function. */
1687
1688 pcre_malloc = function_store_get;
1689 pcre_free = function_dummy_free;
1690
1691 /* Ensure there is a big buffer for temporary use in several places. It is put
1692 in malloc store so that it can be freed for enlargement if necessary. */
1693
1694 big_buffer = store_malloc(big_buffer_size);
1695
1696 /* Set up the handler for the data request signal, and set the initial
1697 descriptive text. */
1698
1699 set_process_info("initializing");
1700 os_restarting_signal(SIGUSR1, usr1_handler);
1701
1702 /* SIGHUP is used to get the daemon to reconfigure. It gets set as appropriate
1703 in the daemon code. For the rest of Exim's uses, we ignore it. */
1704
1705 signal(SIGHUP, SIG_IGN);
1706
1707 /* We don't want to die on pipe errors as the code is written to handle
1708 the write error instead. */
1709
1710 signal(SIGPIPE, SIG_IGN);
1711
1712 /* Under some circumstance on some OS, Exim can get called with SIGCHLD
1713 set to SIG_IGN. This causes subprocesses that complete before the parent
1714 process waits for them not to hang around, so when Exim calls wait(), nothing
1715 is there. The wait() code has been made robust against this, but let's ensure
1716 that SIGCHLD is set to SIG_DFL, because it's tidier to wait and get a process
1717 ending status. We use sigaction rather than plain signal() on those OS where
1718 SA_NOCLDWAIT exists, because we want to be sure it is turned off. (There was a
1719 problem on AIX with this.) */
1720
1721 #ifdef SA_NOCLDWAIT
1722 {
1723 struct sigaction act;
1724 act.sa_handler = SIG_DFL;
1725 sigemptyset(&(act.sa_mask));
1726 act.sa_flags = 0;
1727 sigaction(SIGCHLD, &act, NULL);
1728 }
1729 #else
1730 signal(SIGCHLD, SIG_DFL);
1731 #endif
1732
1733 /* Save the arguments for use if we re-exec exim as a daemon after receiving
1734 SIGHUP. */
1735
1736 sighup_argv = argv;
1737
1738 /* Set up the version number. Set up the leading 'E' for the external form of
1739 message ids, set the pointer to the internal form, and initialize it to
1740 indicate no message being processed. */
1741
1742 version_init();
1743 message_id_option[0] = '-';
1744 message_id_external = message_id_option + 1;
1745 message_id_external[0] = 'E';
1746 message_id = message_id_external + 1;
1747 message_id[0] = 0;
1748
1749 /* Set the umask to zero so that any files Exim creates using open() are
1750 created with the modes that it specifies. NOTE: Files created with fopen() have
1751 a problem, which was not recognized till rather late (February 2006). With this
1752 umask, such files will be world writeable. (They are all content scanning files
1753 in the spool directory, which isn't world-accessible, so this is not a
1754 disaster, but it's untidy.) I don't want to change this overall setting,
1755 however, because it will interact badly with the open() calls. Instead, there's
1756 now a function called modefopen() that fiddles with the umask while calling
1757 fopen(). */
1758
1759 (void)umask(0);
1760
1761 /* Precompile the regular expression for matching a message id. Keep this in
1762 step with the code that generates ids in the accept.c module. We need to do
1763 this here, because the -M options check their arguments for syntactic validity
1764 using mac_ismsgid, which uses this. */
1765
1766 regex_ismsgid =
1767 regex_must_compile(US"^(?:[^\\W_]{6}-){2}[^\\W_]{2}$", FALSE, TRUE);
1768
1769 /* Precompile the regular expression that is used for matching an SMTP error
1770 code, possibly extended, at the start of an error message. Note that the
1771 terminating whitespace character is included. */
1772
1773 regex_smtp_code =
1774 regex_must_compile(US"^\\d\\d\\d\\s(?:\\d\\.\\d\\d?\\d?\\.\\d\\d?\\d?\\s)?",
1775 FALSE, TRUE);
1776
1777 #ifdef WHITELIST_D_MACROS
1778 /* Precompile the regular expression used to filter the content of macros
1779 given to -D for permissibility. */
1780
1781 regex_whitelisted_macro =
1782 regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
1783 #endif
1784
1785 for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
1786
1787 /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
1788 this seems to be a generally accepted convention, since one finds symbolic
1789 links called "mailq" in standard OS configurations. */
1790
1791 if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
1792 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/mailq", 6) == 0))
1793 {
1794 list_queue = TRUE;
1795 receiving_message = FALSE;
1796 called_as = US"-mailq";
1797 }
1798
1799 /* If the program is called as "rmail" treat it as equivalent to
1800 "exim -i -oee", thus allowing UUCP messages to be input using non-SMTP mode,
1801 i.e. preventing a single dot on a line from terminating the message, and
1802 returning with zero return code, even in cases of error (provided an error
1803 message has been sent). */
1804
1805 if ((namelen == 5 && Ustrcmp(argv[0], "rmail") == 0) ||
1806 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rmail", 6) == 0))
1807 {
1808 dot_ends = FALSE;
1809 called_as = US"-rmail";
1810 errors_sender_rc = EXIT_SUCCESS;
1811 }
1812
1813 /* If the program is called as "rsmtp" treat it as equivalent to "exim -bS";
1814 this is a smail convention. */
1815
1816 if ((namelen == 5 && Ustrcmp(argv[0], "rsmtp") == 0) ||
1817 (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rsmtp", 6) == 0))
1818 {
1819 smtp_input = smtp_batched_input = TRUE;
1820 called_as = US"-rsmtp";
1821 }
1822
1823 /* If the program is called as "runq" treat it as equivalent to "exim -q";
1824 this is a smail convention. */
1825
1826 if ((namelen == 4 && Ustrcmp(argv[0], "runq") == 0) ||
1827 (namelen > 4 && Ustrncmp(argv[0] + namelen - 5, "/runq", 5) == 0))
1828 {
1829 queue_interval = 0;
1830 receiving_message = FALSE;
1831 called_as = US"-runq";
1832 }
1833
1834 /* If the program is called as "newaliases" treat it as equivalent to
1835 "exim -bi"; this is a sendmail convention. */
1836
1837 if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) ||
1838 (namelen > 10 && Ustrncmp(argv[0] + namelen - 11, "/newaliases", 11) == 0))
1839 {
1840 bi_option = TRUE;
1841 receiving_message = FALSE;
1842 called_as = US"-newaliases";
1843 }
1844
1845 /* Save the original effective uid for a couple of uses later. It should
1846 normally be root, but in some esoteric environments it may not be. */
1847
1848 original_euid = geteuid();
1849
1850 /* Get the real uid and gid. If the caller is root, force the effective uid/gid
1851 to be the same as the real ones. This makes a difference only if Exim is setuid
1852 (or setgid) to something other than root, which could be the case in some
1853 special configurations. */
1854
1855 real_uid = getuid();
1856 real_gid = getgid();
1857
1858 if (real_uid == root_uid)
1859 {
1860 rv = setgid(real_gid);
1861 if (rv)
1862 {
1863 fprintf(stderr, "exim: setgid(%ld) failed: %s\n",
1864 (long int)real_gid, strerror(errno));
1865 exit(EXIT_FAILURE);
1866 }
1867 rv = setuid(real_uid);
1868 if (rv)
1869 {
1870 fprintf(stderr, "exim: setuid(%ld) failed: %s\n",
1871 (long int)real_uid, strerror(errno));
1872 exit(EXIT_FAILURE);
1873 }
1874 }
1875
1876 /* If neither the original real uid nor the original euid was root, Exim is
1877 running in an unprivileged state. */
1878
1879 unprivileged = (real_uid != root_uid && original_euid != root_uid);
1880
1881 /* Scan the program's arguments. Some can be dealt with right away; others are
1882 simply recorded for checking and handling afterwards. Do a high-level switch
1883 on the second character (the one after '-'), to save some effort. */
1884
1885 for (i = 1; i < argc; i++)
1886 {
1887 BOOL badarg = FALSE;
1888 uschar *arg = argv[i];
1889 uschar *argrest;
1890 int switchchar;
1891
1892 /* An argument not starting with '-' is the start of a recipients list;
1893 break out of the options-scanning loop. */
1894
1895 if (arg[0] != '-')
1896 {
1897 recipients_arg = i;
1898 break;
1899 }
1900
1901 /* An option consisting of -- terminates the options */
1902
1903 if (Ustrcmp(arg, "--") == 0)
1904 {
1905 recipients_arg = i + 1;
1906 break;
1907 }
1908
1909 /* Handle flagged options */
1910
1911 switchchar = arg[1];
1912 argrest = arg+2;
1913
1914 /* Make all -ex options synonymous with -oex arguments, since that
1915 is assumed by various callers. Also make -qR options synonymous with -R
1916 options, as that seems to be required as well. Allow for -qqR too, and
1917 the same for -S options. */
1918
1919 if (Ustrncmp(arg+1, "oe", 2) == 0 ||
1920 Ustrncmp(arg+1, "qR", 2) == 0 ||
1921 Ustrncmp(arg+1, "qS", 2) == 0)
1922 {
1923 switchchar = arg[2];
1924 argrest++;
1925 }
1926 else if (Ustrncmp(arg+1, "qqR", 3) == 0 || Ustrncmp(arg+1, "qqS", 3) == 0)
1927 {
1928 switchchar = arg[3];
1929 argrest += 2;
1930 queue_2stage = TRUE;
1931 }
1932
1933 /* Make -r synonymous with -f, since it is a documented alias */
1934
1935 else if (arg[1] == 'r') switchchar = 'f';
1936
1937 /* Make -ov synonymous with -v */
1938
1939 else if (Ustrcmp(arg, "-ov") == 0)
1940 {
1941 switchchar = 'v';
1942 argrest++;
1943 }
1944
1945 /* deal with --option_aliases */
1946 else if (switchchar == '-')
1947 {
1948 if (Ustrcmp(argrest, "help") == 0)
1949 {
1950 usage_wanted = TRUE;
1951 break;
1952 }
1953 else if (Ustrcmp(argrest, "version") == 0)
1954 {
1955 switchchar = 'b';
1956 argrest = US"V";
1957 }
1958 }
1959
1960 /* High-level switch on active initial letter */
1961
1962 switch(switchchar)
1963 {
1964
1965 /* sendmail uses -Ac and -Am to control which .cf file is used;
1966 we ignore them. */
1967 case 'A':
1968 if (*argrest == '\0') { badarg = TRUE; break; }
1969 else
1970 {
1971 BOOL ignore = FALSE;
1972 switch (*argrest)
1973 {
1974 case 'c':
1975 case 'm':
1976 if (*(argrest + 1) == '\0')
1977 ignore = TRUE;
1978 break;
1979 }
1980 if (!ignore) { badarg = TRUE; break; }
1981 }
1982 break;
1983
1984 /* -Btype is a sendmail option for 7bit/8bit setting. Exim is 8-bit clean
1985 so has no need of it. */
1986
1987 case 'B':
1988 if (*argrest == 0) i++; /* Skip over the type */
1989 break;
1990
1991
1992 case 'b':
1993 receiving_message = FALSE; /* Reset TRUE for -bm, -bS, -bs below */
1994
1995 /* -bd: Run in daemon mode, awaiting SMTP connections.
1996 -bdf: Ditto, but in the foreground.
1997 */
1998
1999 if (*argrest == 'd')
2000 {
2001 daemon_listen = TRUE;
2002 if (*(++argrest) == 'f') background_daemon = FALSE;
2003 else if (*argrest != 0) { badarg = TRUE; break; }
2004 }
2005
2006 /* -be: Run in expansion test mode
2007 -bem: Ditto, but read a message from a file first
2008 */
2009
2010 else if (*argrest == 'e')
2011 {
2012 expansion_test = checking = TRUE;
2013 if (argrest[1] == 'm')
2014 {
2015 if (++i >= argc) { badarg = TRUE; break; }
2016 expansion_test_message = argv[i];
2017 argrest++;
2018 }
2019 if (argrest[1] != 0) { badarg = TRUE; break; }
2020 }
2021
2022 /* -bF: Run system filter test */
2023
2024 else if (*argrest == 'F')
2025 {
2026 filter_test |= checking = FTEST_SYSTEM;
2027 if (*(++argrest) != 0) { badarg = TRUE; break; }
2028 if (++i < argc) filter_test_sfile = argv[i]; else
2029 {
2030 fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]);
2031 exit(EXIT_FAILURE);
2032 }
2033 }
2034
2035 /* -bf: Run user filter test
2036 -bfd: Set domain for filter testing
2037 -bfl: Set local part for filter testing
2038 -bfp: Set prefix for filter testing
2039 -bfs: Set suffix for filter testing
2040 */
2041
2042 else if (*argrest == 'f')
2043 {
2044 if (*(++argrest) == 0)
2045 {
2046 filter_test |= checking = FTEST_USER;
2047 if (++i < argc) filter_test_ufile = argv[i]; else
2048 {
2049 fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]);
2050 exit(EXIT_FAILURE);
2051 }
2052 }
2053 else
2054 {
2055 if (++i >= argc)
2056 {
2057 fprintf(stderr, "exim: string expected after %s\n", arg);
2058 exit(EXIT_FAILURE);
2059 }
2060 if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i];
2061 else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i];
2062 else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i];
2063 else if (Ustrcmp(argrest, "s") == 0) ftest_suffix = argv[i];
2064 else { badarg = TRUE; break; }
2065 }
2066 }
2067
2068 /* -bh: Host checking - an IP address must follow. */
2069
2070 else if (Ustrcmp(argrest, "h") == 0 || Ustrcmp(argrest, "hc") == 0)
2071 {
2072 if (++i >= argc) { badarg = TRUE; break; }
2073 sender_host_address = argv[i];
2074 host_checking = checking = log_testing_mode = TRUE;
2075 host_checking_callout = argrest[1] == 'c';
2076 message_logs = FALSE;
2077 }
2078
2079 /* -bi: This option is used by sendmail to initialize *the* alias file,
2080 though it has the -oA option to specify a different file. Exim has no
2081 concept of *the* alias file, but since Sun's YP make script calls
2082 sendmail this way, some support must be provided. */
2083
2084 else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE;
2085
2086 /* -bI: provide information, of the type to follow after a colon.
2087 This is an Exim flag. */
2088
2089 else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':')
2090 {
2091 uschar *p = &argrest[2];
2092 info_flag = CMDINFO_HELP;
2093 if (Ustrlen(p))
2094 {
2095 if (strcmpic(p, CUS"sieve") == 0)
2096 {
2097 info_flag = CMDINFO_SIEVE;
2098 info_stdout = TRUE;
2099 }
2100 else if (strcmpic(p, CUS"dscp") == 0)
2101 {
2102 info_flag = CMDINFO_DSCP;
2103 info_stdout = TRUE;
2104 }
2105 else if (strcmpic(p, CUS"help") == 0)
2106 {
2107 info_stdout = TRUE;
2108 }
2109 }
2110 }
2111
2112 /* -bm: Accept and deliver message - the default option. Reinstate
2113 receiving_message, which got turned off for all -b options. */
2114
2115 else if (Ustrcmp(argrest, "m") == 0) receiving_message = TRUE;
2116
2117 /* -bmalware: test the filename given for malware */
2118
2119 else if (Ustrcmp(argrest, "malware") == 0)
2120 {
2121 if (++i >= argc) { badarg = TRUE; break; }
2122 checking = TRUE;
2123 malware_test_file = argv[i];
2124 }
2125
2126 /* -bnq: For locally originating messages, do not qualify unqualified
2127 addresses. In the envelope, this causes errors; in header lines they
2128 just get left. */
2129
2130 else if (Ustrcmp(argrest, "nq") == 0)
2131 {
2132 allow_unqualified_sender = FALSE;
2133 allow_unqualified_recipient = FALSE;
2134 }
2135
2136 /* -bpxx: List the contents of the mail queue, in various forms. If
2137 the option is -bpc, just a queue count is needed. Otherwise, if the
2138 first letter after p is r, then order is random. */
2139
2140 else if (*argrest == 'p')
2141 {
2142 if (*(++argrest) == 'c')
2143 {
2144 count_queue = TRUE;
2145 if (*(++argrest) != 0) badarg = TRUE;
2146 break;
2147 }
2148
2149 if (*argrest == 'r')
2150 {
2151 list_queue_option = 8;
2152 argrest++;
2153 }
2154 else list_queue_option = 0;
2155
2156 list_queue = TRUE;
2157
2158 /* -bp: List the contents of the mail queue, top-level only */
2159
2160 if (*argrest == 0) {}
2161
2162 /* -bpu: List the contents of the mail queue, top-level undelivered */
2163
2164 else if (Ustrcmp(argrest, "u") == 0) list_queue_option += 1;
2165
2166 /* -bpa: List the contents of the mail queue, including all delivered */
2167
2168 else if (Ustrcmp(argrest, "a") == 0) list_queue_option += 2;
2169
2170 /* Unknown after -bp[r] */
2171
2172 else
2173 {
2174 badarg = TRUE;
2175 break;
2176 }
2177 }
2178
2179
2180 /* -bP: List the configuration variables given as the address list.
2181 Force -v, so configuration errors get displayed. */
2182
2183 else if (Ustrcmp(argrest, "P") == 0)
2184 {
2185 /* -bP config: we need to setup here, because later,
2186 * when list_options is checked, the config is read already */
2187 if (argv[i+1] && Ustrcmp(argv[i+1], "config") == 0)
2188 {
2189 list_config = TRUE;
2190 readconf_save_config(version_string);
2191 }
2192 else
2193 {
2194 list_options = TRUE;
2195 debug_selector |= D_v;
2196 debug_file = stderr;
2197 }
2198 }
2199
2200 /* -brt: Test retry configuration lookup */
2201
2202 else if (Ustrcmp(argrest, "rt") == 0)
2203 {
2204 checking = TRUE;
2205 test_retry_arg = i + 1;
2206 goto END_ARG;
2207 }
2208
2209 /* -brw: Test rewrite configuration */
2210
2211 else if (Ustrcmp(argrest, "rw") == 0)
2212 {
2213 checking = TRUE;
2214 test_rewrite_arg = i + 1;
2215 goto END_ARG;
2216 }
2217
2218 /* -bS: Read SMTP commands on standard input, but produce no replies -
2219 all errors are reported by sending messages. */
2220
2221 else if (Ustrcmp(argrest, "S") == 0)
2222 smtp_input = smtp_batched_input = receiving_message = TRUE;
2223
2224 /* -bs: Read SMTP commands on standard input and produce SMTP replies
2225 on standard output. */
2226
2227 else if (Ustrcmp(argrest, "s") == 0) smtp_input = receiving_message = TRUE;
2228
2229 /* -bt: address testing mode */
2230
2231 else if (Ustrcmp(argrest, "t") == 0)
2232 address_test_mode = checking = log_testing_mode = TRUE;
2233
2234 /* -bv: verify addresses */
2235
2236 else if (Ustrcmp(argrest, "v") == 0)
2237 verify_address_mode = checking = log_testing_mode = TRUE;
2238
2239 /* -bvs: verify sender addresses */
2240
2241 else if (Ustrcmp(argrest, "vs") == 0)
2242 {
2243 verify_address_mode = checking = log_testing_mode = TRUE;
2244 verify_as_sender = TRUE;
2245 }
2246
2247 /* -bV: Print version string and support details */
2248
2249 else if (Ustrcmp(argrest, "V") == 0)
2250 {
2251 printf("Exim version %s #%s built %s\n", version_string,
2252 version_cnumber, version_date);
2253 printf("%s\n", CS version_copyright);
2254 version_printed = TRUE;
2255 show_whats_supported(stdout);
2256 log_testing_mode = TRUE;
2257 }
2258
2259 /* -bw: inetd wait mode, accept a listening socket as stdin */
2260
2261 else if (*argrest == 'w')
2262 {
2263 inetd_wait_mode = TRUE;
2264 background_daemon = FALSE;
2265 daemon_listen = TRUE;
2266 if (*(++argrest) != '\0')
2267 {
2268 inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE);
2269 if (inetd_wait_timeout <= 0)
2270 {
2271 fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]);
2272 exit(EXIT_FAILURE);
2273 }
2274 }
2275 }
2276
2277 else badarg = TRUE;
2278 break;
2279
2280
2281 /* -C: change configuration file list; ignore if it isn't really
2282 a change! Enforce a prefix check if required. */
2283
2284 case 'C':
2285 if (*argrest == 0)
2286 {
2287 if(++i < argc) argrest = argv[i]; else
2288 { badarg = TRUE; break; }
2289 }
2290 if (Ustrcmp(config_main_filelist, argrest) != 0)
2291 {
2292 #ifdef ALT_CONFIG_PREFIX
2293 int sep = 0;
2294 int len = Ustrlen(ALT_CONFIG_PREFIX);
2295 const uschar *list = argrest;
2296 uschar *filename;
2297 while((filename = string_nextinlist(&list, &sep, big_buffer,
2298 big_buffer_size)) != NULL)
2299 {
2300 if ((Ustrlen(filename) < len ||
2301 Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 ||
2302 Ustrstr(filename, "/../") != NULL) &&
2303 (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid))
2304 {
2305 fprintf(stderr, "-C Permission denied\n");
2306 exit(EXIT_FAILURE);
2307 }
2308 }
2309 #endif
2310 if (real_uid != root_uid)
2311 {
2312 #ifdef TRUSTED_CONFIG_LIST
2313
2314 if (real_uid != exim_uid
2315 #ifdef CONFIGURE_OWNER
2316 && real_uid != config_uid
2317 #endif
2318 )
2319 trusted_config = FALSE;
2320 else
2321 {
2322 FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb");
2323 if (trust_list)
2324 {
2325 struct stat statbuf;
2326
2327 if (fstat(fileno(trust_list), &statbuf) != 0 ||
2328 (statbuf.st_uid != root_uid /* owner not root */
2329 #ifdef CONFIGURE_OWNER
2330 && statbuf.st_uid != config_uid /* owner not the special one */
2331 #endif
2332 ) || /* or */
2333 (statbuf.st_gid != root_gid /* group not root */
2334 #ifdef CONFIGURE_GROUP
2335 && statbuf.st_gid != config_gid /* group not the special one */
2336 #endif
2337 && (statbuf.st_mode & 020) != 0 /* group writeable */
2338 ) || /* or */
2339 (statbuf.st_mode & 2) != 0) /* world writeable */
2340 {
2341 trusted_config = FALSE;
2342 fclose(trust_list);
2343 }
2344 else
2345 {
2346 /* Well, the trust list at least is up to scratch... */
2347 void *reset_point = store_get(0);
2348 uschar *trusted_configs[32];
2349 int nr_configs = 0;
2350 int i = 0;
2351
2352 while (Ufgets(big_buffer, big_buffer_size, trust_list))
2353 {
2354 uschar *start = big_buffer, *nl;
2355 while (*start && isspace(*start))
2356 start++;
2357 if (*start != '/')
2358 continue;
2359 nl = Ustrchr(start, '\n');
2360 if (nl)
2361 *nl = 0;
2362 trusted_configs[nr_configs++] = string_copy(start);
2363 if (nr_configs == 32)
2364 break;
2365 }
2366 fclose(trust_list);
2367
2368 if (nr_configs)
2369 {
2370 int sep = 0;
2371 const uschar *list = argrest;
2372 uschar *filename;
2373 while (trusted_config && (filename = string_nextinlist(&list,
2374 &sep, big_buffer, big_buffer_size)) != NULL)
2375 {
2376 for (i=0; i < nr_configs; i++)
2377 {
2378 if (Ustrcmp(filename, trusted_configs[i]) == 0)
2379 break;
2380 }
2381 if (i == nr_configs)
2382 {
2383 trusted_config = FALSE;
2384 break;
2385 }
2386 }
2387 store_reset(reset_point);
2388 }
2389 else
2390 {
2391 /* No valid prefixes found in trust_list file. */
2392 trusted_config = FALSE;
2393 }
2394 }
2395 }
2396 else
2397 {
2398 /* Could not open trust_list file. */
2399 trusted_config = FALSE;
2400 }
2401 }
2402 #else
2403 /* Not root; don't trust config */
2404 trusted_config = FALSE;
2405 #endif
2406 }
2407
2408 config_main_filelist = argrest;
2409 config_changed = TRUE;
2410 }
2411 break;
2412
2413
2414 /* -D: set up a macro definition */
2415
2416 case 'D':
2417 #ifdef DISABLE_D_OPTION
2418 fprintf(stderr, "exim: -D is not available in this Exim binary\n");
2419 exit(EXIT_FAILURE);
2420 #else
2421 {
2422 int ptr = 0;
2423 macro_item *m;
2424 uschar name[24];
2425 uschar *s = argrest;
2426
2427 opt_D_used = TRUE;
2428 while (isspace(*s)) s++;
2429
2430 if (*s < 'A' || *s > 'Z')
2431 {
2432 fprintf(stderr, "exim: macro name set by -D must start with "
2433 "an upper case letter\n");
2434 exit(EXIT_FAILURE);
2435 }
2436
2437 while (isalnum(*s) || *s == '_')
2438 {
2439 if (ptr < sizeof(name)-1) name[ptr++] = *s;
2440 s++;
2441 }
2442 name[ptr] = 0;
2443 if (ptr == 0) { badarg = TRUE; break; }
2444 while (isspace(*s)) s++;
2445 if (*s != 0)
2446 {
2447 if (*s++ != '=') { badarg = TRUE; break; }
2448 while (isspace(*s)) s++;
2449 }
2450
2451 for (m = macros; m; m = m->next)
2452 if (Ustrcmp(m->name, name) == 0)
2453 {
2454 fprintf(stderr, "exim: duplicated -D in command line\n");
2455 exit(EXIT_FAILURE);
2456 }
2457
2458 m = macro_create(string_copy(name), string_copy(s), TRUE);
2459
2460 if (clmacro_count >= MAX_CLMACROS)
2461 {
2462 fprintf(stderr, "exim: too many -D options on command line\n");
2463 exit(EXIT_FAILURE);
2464 }
2465 clmacros[clmacro_count++] = string_sprintf("-D%s=%s", m->name,
2466 m->replacement);
2467 }
2468 #endif
2469 break;
2470
2471 /* -d: Set debug level (see also -v below) or set the drop_cr option.
2472 The latter is now a no-op, retained for compatibility only. If -dd is used,
2473 debugging subprocesses of the daemon is disabled. */
2474
2475 case 'd':
2476 if (Ustrcmp(argrest, "ropcr") == 0)
2477 {
2478 /* drop_cr = TRUE; */
2479 }
2480
2481 /* Use an intermediate variable so that we don't set debugging while
2482 decoding the debugging bits. */
2483
2484 else
2485 {
2486 unsigned int selector = D_default;
2487 debug_selector = 0;
2488 debug_file = NULL;
2489 if (*argrest == 'd')
2490 {
2491 debug_daemon = TRUE;
2492 argrest++;
2493 }
2494 if (*argrest != 0)
2495 decode_bits(&selector, 1, debug_notall, argrest,
2496 debug_options, debug_options_count, US"debug", 0);
2497 debug_selector = selector;
2498 }
2499 break;
2500
2501
2502 /* -E: This is a local error message. This option is not intended for
2503 external use at all, but is not restricted to trusted callers because it
2504 does no harm (just suppresses certain error messages) and if Exim is run
2505 not setuid root it won't always be trusted when it generates error
2506 messages using this option. If there is a message id following -E, point
2507 message_reference at it, for logging. */
2508
2509 case 'E':
2510 local_error_message = TRUE;
2511 if (mac_ismsgid(argrest)) message_reference = argrest;
2512 break;
2513
2514
2515 /* -ex: The vacation program calls sendmail with the undocumented "-eq"
2516 option, so it looks as if historically the -oex options are also callable
2517 without the leading -o. So we have to accept them. Before the switch,
2518 anything starting -oe has been converted to -e. Exim does not support all
2519 of the sendmail error options. */
2520
2521 case 'e':
2522 if (Ustrcmp(argrest, "e") == 0)
2523 {
2524 arg_error_handling = ERRORS_SENDER;
2525 errors_sender_rc = EXIT_SUCCESS;
2526 }
2527 else if (Ustrcmp(argrest, "m") == 0) arg_error_handling = ERRORS_SENDER;
2528 else if (Ustrcmp(argrest, "p") == 0) arg_error_handling = ERRORS_STDERR;
2529 else if (Ustrcmp(argrest, "q") == 0) arg_error_handling = ERRORS_STDERR;
2530 else if (Ustrcmp(argrest, "w") == 0) arg_error_handling = ERRORS_SENDER;
2531 else badarg = TRUE;
2532 break;
2533
2534
2535 /* -F: Set sender's full name, used instead of the gecos entry from
2536 the password file. Since users can usually alter their gecos entries,
2537 there's no security involved in using this instead. The data can follow
2538 the -F or be in the next argument. */
2539
2540 case 'F':
2541 if (*argrest == 0)
2542 {
2543 if(++i < argc) argrest = argv[i]; else
2544 { badarg = TRUE; break; }
2545 }
2546 originator_name = argrest;
2547 sender_name_forced = TRUE;
2548 break;
2549
2550
2551 /* -f: Set sender's address - this value is only actually used if Exim is
2552 run by a trusted user, or if untrusted_set_sender is set and matches the
2553 address, except that the null address can always be set by any user. The
2554 test for this happens later, when the value given here is ignored when not
2555 permitted. For an untrusted user, the actual sender is still put in Sender:
2556 if it doesn't match the From: header (unless no_local_from_check is set).
2557 The data can follow the -f or be in the next argument. The -r switch is an
2558 obsolete form of -f but since there appear to be programs out there that
2559 use anything that sendmail has ever supported, better accept it - the
2560 synonymizing is done before the switch above.
2561
2562 At this stage, we must allow domain literal addresses, because we don't
2563 know what the setting of allow_domain_literals is yet. Ditto for trailing
2564 dots and strip_trailing_dot. */
2565
2566 case 'f':
2567 {
2568 int dummy_start, dummy_end;
2569 uschar *errmess;
2570 if (*argrest == 0)
2571 {
2572 if (i+1 < argc) argrest = argv[++i]; else
2573 { badarg = TRUE; break; }
2574 }
2575 if (*argrest == 0)
2576 sender_address = string_sprintf(""); /* Ensure writeable memory */
2577 else
2578 {
2579 uschar *temp = argrest + Ustrlen(argrest) - 1;
2580 while (temp >= argrest && isspace(*temp)) temp--;
2581 if (temp >= argrest && *temp == '.') f_end_dot = TRUE;
2582 allow_domain_literals = TRUE;
2583 strip_trailing_dot = TRUE;
2584 #ifdef SUPPORT_I18N
2585 allow_utf8_domains = TRUE;
2586 #endif
2587 sender_address = parse_extract_address(argrest, &errmess,
2588 &dummy_start, &dummy_end, &sender_address_domain, TRUE);
2589 #ifdef SUPPORT_I18N
2590 message_smtputf8 = string_is_utf8(sender_address);
2591 allow_utf8_domains = FALSE;
2592 #endif
2593 allow_domain_literals = FALSE;
2594 strip_trailing_dot = FALSE;
2595 if (sender_address == NULL)
2596 {
2597 fprintf(stderr, "exim: bad -f address \"%s\": %s\n", argrest, errmess);
2598 return EXIT_FAILURE;
2599 }
2600 }
2601 sender_address_forced = TRUE;
2602 }
2603 break;
2604
2605 /* -G: sendmail invocation to specify that it's a gateway submission and
2606 sendmail may complain about problems instead of fixing them.
2607 We make it equivalent to an ACL "control = suppress_local_fixups" and do
2608 not at this time complain about problems. */
2609
2610 case 'G':
2611 flag_G = TRUE;
2612 break;
2613
2614 /* -h: Set the hop count for an incoming message. Exim does not currently
2615 support this; it always computes it by counting the Received: headers.
2616 To put it in will require a change to the spool header file format. */
2617
2618 case 'h':
2619 if (*argrest == 0)
2620 {
2621 if(++i < argc) argrest = argv[i]; else
2622 { badarg = TRUE; break; }
2623 }
2624 if (!isdigit(*argrest)) badarg = TRUE;
2625 break;
2626
2627
2628 /* -i: Set flag so dot doesn't end non-SMTP input (same as -oi, seems
2629 not to be documented for sendmail but mailx (at least) uses it) */
2630
2631 case 'i':
2632 if (*argrest == 0) dot_ends = FALSE; else badarg = TRUE;
2633 break;
2634
2635
2636 /* -L: set the identifier used for syslog; equivalent to setting
2637 syslog_processname in the config file, but needs to be an admin option. */
2638
2639 case 'L':
2640 if (*argrest == '\0')
2641 {
2642 if(++i < argc) argrest = argv[i]; else
2643 { badarg = TRUE; break; }
2644 }
2645 sz = Ustrlen(argrest);
2646 if (sz > 32)
2647 {
2648 fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest);
2649 return EXIT_FAILURE;
2650 }
2651 if (sz < 1)
2652 {
2653 fprintf(stderr, "exim: the -L syslog name is too short\n");
2654 return EXIT_FAILURE;
2655 }
2656 cmdline_syslog_name = argrest;
2657 break;
2658
2659 case 'M':
2660 receiving_message = FALSE;
2661
2662 /* -MC: continue delivery of another message via an existing open
2663 file descriptor. This option is used for an internal call by the
2664 smtp transport when there is a pending message waiting to go to an
2665 address to which it has got a connection. Five subsequent arguments are
2666 required: transport name, host name, IP address, sequence number, and
2667 message_id. Transports may decline to create new processes if the sequence
2668 number gets too big. The channel is stdin. This (-MC) must be the last
2669 argument. There's a subsequent check that the real-uid is privileged.
2670
2671 If we are running in the test harness. delay for a bit, to let the process
2672 that set this one up complete. This makes for repeatability of the logging,
2673 etc. output. */
2674
2675 if (Ustrcmp(argrest, "C") == 0)
2676 {
2677 union sockaddr_46 interface_sock;
2678 EXIM_SOCKLEN_T size = sizeof(interface_sock);
2679
2680 if (argc != i + 6)
2681 {
2682 fprintf(stderr, "exim: too many or too few arguments after -MC\n");
2683 return EXIT_FAILURE;
2684 }
2685
2686 if (msg_action_arg >= 0)
2687 {
2688 fprintf(stderr, "exim: incompatible arguments\n");
2689 return EXIT_FAILURE;
2690 }
2691
2692 continue_transport = argv[++i];
2693 continue_hostname = argv[++i];
2694 continue_host_address = argv[++i];
2695 continue_sequence = Uatoi(argv[++i]);
2696 msg_action = MSG_DELIVER;
2697 msg_action_arg = ++i;
2698 forced_delivery = TRUE;
2699 queue_run_pid = passed_qr_pid;
2700 queue_run_pipe = passed_qr_pipe;
2701
2702 if (!mac_ismsgid(argv[i]))
2703 {
2704 fprintf(stderr, "exim: malformed message id %s after -MC option\n",
2705 argv[i]);
2706 return EXIT_FAILURE;
2707 }
2708
2709 /* Set up $sending_ip_address and $sending_port, unless proxied */
2710
2711 if (!continue_proxy_cipher)
2712 if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock),
2713 &size) == 0)
2714 sending_ip_address = host_ntoa(-1, &interface_sock, NULL,
2715 &sending_port);
2716 else
2717 {
2718 fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n",
2719 strerror(errno));
2720 return EXIT_FAILURE;
2721 }
2722
2723 if (running_in_test_harness) millisleep(500);
2724 break;
2725 }
2726
2727 else if (*argrest == 'C' && argrest[1] && !argrest[2])
2728 {
2729 switch(argrest[1])
2730 {
2731 /* -MCA: set the smtp_authenticated flag; this is useful only when it
2732 precedes -MC (see above). The flag indicates that the host to which
2733 Exim is connected has accepted an AUTH sequence. */
2734
2735 case 'A': smtp_authenticated = TRUE; break;
2736
2737 /* -MCD: set the smtp_use_dsn flag; this indicates that the host
2738 that exim is connected to supports the esmtp extension DSN */
2739
2740 case 'D': smtp_peer_options |= OPTION_DSN; break;
2741
2742 /* -MCG: set the queue name, to a non-default value */
2743
2744 case 'G': if (++i < argc) queue_name = string_copy(argv[i]);
2745 else badarg = TRUE;
2746 break;
2747
2748 /* -MCK: the peer offered CHUNKING. Must precede -MC */
2749
2750 case 'K': smtp_peer_options |= OPTION_CHUNKING; break;
2751
2752 /* -MCP: set the smtp_use_pipelining flag; this is useful only when
2753 it preceded -MC (see above) */
2754
2755 case 'P': smtp_peer_options |= OPTION_PIPE; break;
2756
2757 /* -MCQ: pass on the pid of the queue-running process that started
2758 this chain of deliveries and the fd of its synchronizing pipe; this
2759 is useful only when it precedes -MC (see above) */
2760
2761 case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i]));
2762 else badarg = TRUE;
2763 if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i]));
2764 else badarg = TRUE;
2765 break;
2766
2767 /* -MCS: set the smtp_use_size flag; this is useful only when it
2768 precedes -MC (see above) */
2769
2770 case 'S': smtp_peer_options |= OPTION_SIZE; break;
2771
2772 #ifdef SUPPORT_TLS
2773 /* -MCt: similar to -MCT below but the connection is still open
2774 via a proxy proces which handles the TLS context and coding.
2775 Require three arguments for the proxied local address and port,
2776 and the TLS cipher. */
2777
2778 case 't': if (++i < argc) sending_ip_address = argv[i];
2779 else badarg = TRUE;
2780 if (++i < argc) sending_port = (int)(Uatol(argv[i]));
2781 else badarg = TRUE;
2782 if (++i < argc) continue_proxy_cipher = argv[i];
2783 else badarg = TRUE;
2784 /*FALLTHROUGH*/
2785
2786 /* -MCT: set the tls_offered flag; this is useful only when it
2787 precedes -MC (see above). The flag indicates that the host to which
2788 Exim is connected has offered TLS support. */
2789
2790 case 'T': smtp_peer_options |= OPTION_TLS; break;
2791 #endif
2792
2793 default: badarg = TRUE; break;
2794 }
2795 break;
2796 }
2797
2798 /* -M[x]: various operations on the following list of message ids:
2799 -M deliver the messages, ignoring next retry times and thawing
2800 -Mc deliver the messages, checking next retry times, no thawing
2801 -Mf freeze the messages
2802 -Mg give up on the messages
2803 -Mt thaw the messages
2804 -Mrm remove the messages
2805 In the above cases, this must be the last option. There are also the
2806 following options which are followed by a single message id, and which
2807 act on that message. Some of them use the "recipient" addresses as well.
2808 -Mar add recipient(s)
2809 -Mmad mark all recipients delivered
2810 -Mmd mark recipients(s) delivered
2811 -Mes edit sender
2812 -Mset load a message for use with -be
2813 -Mvb show body
2814 -Mvc show copy (of whole message, in RFC 2822 format)
2815 -Mvh show header
2816 -Mvl show log
2817 */
2818
2819 else if (*argrest == 0)
2820 {
2821 msg_action = MSG_DELIVER;
2822 forced_delivery = deliver_force_thaw = TRUE;
2823 }
2824 else if (Ustrcmp(argrest, "ar") == 0)
2825 {
2826 msg_action = MSG_ADD_RECIPIENT;
2827 one_msg_action = TRUE;
2828 }
2829 else if (Ustrcmp(argrest, "c") == 0) msg_action = MSG_DELIVER;
2830 else if (Ustrcmp(argrest, "es") == 0)
2831 {
2832 msg_action = MSG_EDIT_SENDER;
2833 one_msg_action = TRUE;
2834 }
2835 else if (Ustrcmp(argrest, "f") == 0) msg_action = MSG_FREEZE;
2836 else if (Ustrcmp(argrest, "g") == 0)
2837 {
2838 msg_action = MSG_DELIVER;
2839 deliver_give_up = TRUE;
2840 }
2841 else if (Ustrcmp(argrest, "mad") == 0)
2842 {
2843 msg_action = MSG_MARK_ALL_DELIVERED;
2844 }
2845 else if (Ustrcmp(argrest, "md") == 0)
2846 {
2847 msg_action = MSG_MARK_DELIVERED;
2848 one_msg_action = TRUE;
2849 }
2850 else if (Ustrcmp(argrest, "rm") == 0) msg_action = MSG_REMOVE;
2851 else if (Ustrcmp(argrest, "set") == 0)
2852 {
2853 msg_action = MSG_LOAD;
2854 one_msg_action = TRUE;
2855 }
2856 else if (Ustrcmp(argrest, "t") == 0) msg_action = MSG_THAW;
2857 else if (Ustrcmp(argrest, "vb") == 0)
2858 {
2859 msg_action = MSG_SHOW_BODY;
2860 one_msg_action = TRUE;
2861 }
2862 else if (Ustrcmp(argrest, "vc") == 0)
2863 {
2864 msg_action = MSG_SHOW_COPY;
2865 one_msg_action = TRUE;
2866 }
2867 else if (Ustrcmp(argrest, "vh") == 0)
2868 {
2869 msg_action = MSG_SHOW_HEADER;
2870 one_msg_action = TRUE;
2871 }
2872 else if (Ustrcmp(argrest, "vl") == 0)
2873 {
2874 msg_action = MSG_SHOW_LOG;
2875 one_msg_action = TRUE;
2876 }
2877 else { badarg = TRUE; break; }
2878
2879 /* All the -Mxx options require at least one message id. */
2880
2881 msg_action_arg = i + 1;
2882 if (msg_action_arg >= argc)
2883 {
2884 fprintf(stderr, "exim: no message ids given after %s option\n", arg);
2885 return EXIT_FAILURE;
2886 }
2887
2888 /* Some require only message ids to follow */
2889
2890 if (!one_msg_action)
2891 {
2892 int j;
2893 for (j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j]))
2894 {
2895 fprintf(stderr, "exim: malformed message id %s after %s option\n",
2896 argv[j], arg);
2897 return EXIT_FAILURE;
2898 }
2899 goto END_ARG; /* Remaining args are ids */
2900 }
2901
2902 /* Others require only one message id, possibly followed by addresses,
2903 which will be handled as normal arguments. */
2904
2905 else
2906 {
2907 if (!mac_ismsgid(argv[msg_action_arg]))
2908 {
2909 fprintf(stderr, "exim: malformed message id %s after %s option\n",
2910 argv[msg_action_arg], arg);
2911 return EXIT_FAILURE;
2912 }
2913 i++;
2914 }
2915 break;
2916
2917
2918 /* Some programs seem to call the -om option without the leading o;
2919 for sendmail it askes for "me too". Exim always does this. */
2920
2921 case 'm':
2922 if (*argrest != 0) badarg = TRUE;
2923 break;
2924
2925
2926 /* -N: don't do delivery - a debugging option that stops transports doing
2927 their thing. It implies debugging at the D_v level. */
2928
2929 case 'N':
2930 if (*argrest == 0)
2931 {
2932 dont_deliver = TRUE;
2933 debug_selector |= D_v;
2934 debug_file = stderr;
2935 }
2936 else badarg = TRUE;
2937 break;
2938
2939
2940 /* -n: This means "don't alias" in sendmail, apparently.
2941 For normal invocations, it has no effect.
2942 It may affect some other options. */
2943
2944 case 'n':
2945 flag_n = TRUE;
2946 break;
2947
2948 /* -O: Just ignore it. In sendmail, apparently -O option=value means set
2949 option to the specified value. This form uses long names. We need to handle
2950 -O option=value and -Ooption=value. */
2951
2952 case 'O':
2953 if (*argrest == 0)
2954 {
2955 if (++i >= argc)
2956 {
2957 fprintf(stderr, "exim: string expected after -O\n");
2958 exit(EXIT_FAILURE);
2959 }
2960 }
2961 break;
2962
2963 case 'o':
2964
2965 /* -oA: Set an argument for the bi command (sendmail's "alternate alias
2966 file" option). */
2967
2968 if (*argrest == 'A')
2969 {
2970 alias_arg = argrest + 1;
2971 if (alias_arg[0] == 0)
2972 {
2973 if (i+1 < argc) alias_arg = argv[++i]; else
2974 {
2975 fprintf(stderr, "exim: string expected after -oA\n");
2976 exit(EXIT_FAILURE);
2977 }
2978 }
2979 }
2980
2981 /* -oB: Set a connection message max value for remote deliveries */
2982
2983 else if (*argrest == 'B')
2984 {
2985 uschar *p = argrest + 1;
2986 if (p[0] == 0)
2987 {
2988 if (i+1 < argc && isdigit((argv[i+1][0]))) p = argv[++i]; else
2989 {
2990 connection_max_messages = 1;
2991 p = NULL;
2992 }
2993 }
2994
2995 if (p != NULL)
2996 {
2997 if (!isdigit(*p))
2998 {
2999 fprintf(stderr, "exim: number expected after -oB\n");
3000 exit(EXIT_FAILURE);
3001 }
3002 connection_max_messages = Uatoi(p);
3003 }
3004 }
3005
3006 /* -odb: background delivery */
3007
3008 else if (Ustrcmp(argrest, "db") == 0)
3009 {
3010 synchronous_delivery = FALSE;
3011 arg_queue_only = FALSE;
3012 queue_only_set = TRUE;
3013 }
3014
3015 /* -odf: foreground delivery (smail-compatible option); same effect as
3016 -odi: interactive (synchronous) delivery (sendmail-compatible option)
3017 */
3018
3019 else if (Ustrcmp(argrest, "df") == 0 || Ustrcmp(argrest, "di") == 0)
3020 {
3021 synchronous_delivery = TRUE;
3022 arg_queue_only = FALSE;
3023 queue_only_set = TRUE;
3024 }
3025
3026 /* -odq: queue only */
3027
3028 else if (Ustrcmp(argrest, "dq") == 0)
3029 {
3030 synchronous_delivery = FALSE;
3031 arg_queue_only = TRUE;
3032 queue_only_set = TRUE;
3033 }
3034
3035 /* -odqs: queue SMTP only - do local deliveries and remote routing,
3036 but no remote delivery */
3037
3038 else if (Ustrcmp(argrest, "dqs") == 0)
3039 {
3040 queue_smtp = TRUE;
3041 arg_queue_only = FALSE;
3042 queue_only_set = TRUE;
3043 }
3044
3045 /* -oex: Sendmail error flags. As these are also accepted without the
3046 leading -o prefix, for compatibility with vacation and other callers,
3047 they are handled with -e above. */
3048
3049 /* -oi: Set flag so dot doesn't end non-SMTP input (same as -i)
3050 -oitrue: Another sendmail syntax for the same */
3051
3052 else if (Ustrcmp(argrest, "i") == 0 ||
3053 Ustrcmp(argrest, "itrue") == 0)
3054 dot_ends = FALSE;
3055
3056 /* -oM*: Set various characteristics for an incoming message; actually
3057 acted on for trusted callers only. */
3058
3059 else if (*argrest == 'M')
3060 {
3061 if (i+1 >= argc)
3062 {
3063 fprintf(stderr, "exim: data expected after -o%s\n", argrest);
3064 exit(EXIT_FAILURE);
3065 }
3066
3067 /* -oMa: Set sender host address */
3068
3069 if (Ustrcmp(argrest, "Ma") == 0) sender_host_address = argv[++i];
3070
3071 /* -oMaa: Set authenticator name */
3072
3073 else if (Ustrcmp(argrest, "Maa") == 0)
3074 sender_host_authenticated = argv[++i];
3075
3076 /* -oMas: setting authenticated sender */
3077
3078 else if (Ustrcmp(argrest, "Mas") == 0) authenticated_sender = argv[++i];
3079
3080 /* -oMai: setting authenticated id */
3081
3082 else if (Ustrcmp(argrest, "Mai") == 0) authenticated_id = argv[++i];
3083
3084 /* -oMi: Set incoming interface address */
3085
3086 else if (Ustrcmp(argrest, "Mi") == 0) interface_address = argv[++i];
3087
3088 /* -oMm: Message reference */
3089
3090 else if (Ustrcmp(argrest, "Mm") == 0)
3091 {
3092 if (!mac_ismsgid(argv[i+1]))
3093 {
3094 fprintf(stderr,"-oMm must be a valid message ID\n");
3095 exit(EXIT_FAILURE);
3096 }
3097 if (!trusted_config)
3098 {
3099 fprintf(stderr,"-oMm must be called by a trusted user/config\n");
3100 exit(EXIT_FAILURE);
3101 }
3102 message_reference = argv[++i];
3103 }
3104
3105 /* -oMr: Received protocol */
3106
3107 else if (Ustrcmp(argrest, "Mr") == 0)
3108
3109 if (received_protocol)
3110 {
3111 fprintf(stderr, "received_protocol is set already\n");
3112 exit(EXIT_FAILURE);
3113 }
3114 else received_protocol = argv[++i];
3115
3116 /* -oMs: Set sender host name */
3117
3118 else if (Ustrcmp(argrest, "Ms") == 0) sender_host_name = argv[++i];
3119
3120 /* -oMt: Set sender ident */
3121
3122 else if (Ustrcmp(argrest, "Mt") == 0)
3123 {
3124 sender_ident_set = TRUE;
3125 sender_ident = argv[++i];
3126 }
3127
3128 /* Else a bad argument */
3129
3130 else
3131 {
3132 badarg = TRUE;
3133 break;
3134 }
3135 }
3136
3137 /* -om: Me-too flag for aliases. Exim always does this. Some programs
3138 seem to call this as -m (undocumented), so that is also accepted (see
3139 above). */
3140
3141 else if (Ustrcmp(argrest, "m") == 0) {}
3142
3143 /* -oo: An ancient flag for old-style addresses which still seems to
3144 crop up in some calls (see in SCO). */
3145
3146 else if (Ustrcmp(argrest, "o") == 0) {}
3147
3148 /* -oP <name>: set pid file path for daemon */
3149
3150 else if (Ustrcmp(argrest, "P") == 0)
3151 override_pid_file_path = argv[++i];
3152
3153 /* -or <n>: set timeout for non-SMTP acceptance
3154 -os <n>: set timeout for SMTP acceptance */
3155
3156 else if (*argrest == 'r' || *argrest == 's')
3157 {
3158 int *tp = (*argrest == 'r')?
3159 &arg_receive_timeout : &arg_smtp_receive_timeout;
3160 if (argrest[1] == 0)
3161 {
3162 if (i+1 < argc) *tp= readconf_readtime(argv[++i], 0, FALSE);
3163 }
3164 else *tp = readconf_readtime(argrest + 1, 0, FALSE);
3165 if (*tp < 0)
3166 {
3167 fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]);
3168 exit(EXIT_FAILURE);
3169 }
3170 }
3171
3172 /* -oX <list>: Override local_interfaces and/or default daemon ports */
3173
3174 else if (Ustrcmp(argrest, "X") == 0)
3175 override_local_interfaces = argv[++i];
3176
3177 /* Unknown -o argument */
3178
3179 else badarg = TRUE;
3180 break;
3181
3182
3183 /* -ps: force Perl startup; -pd force delayed Perl startup */
3184
3185 case 'p':
3186 #ifdef EXIM_PERL
3187 if (*argrest == 's' && argrest[1] == 0)
3188 {
3189 perl_start_option = 1;
3190 break;
3191 }
3192 if (*argrest == 'd' && argrest[1] == 0)
3193 {
3194 perl_start_option = -1;
3195 break;
3196 }
3197 #endif
3198
3199 /* -panythingelse is taken as the Sendmail-compatible argument -prval:sval,
3200 which sets the host protocol and host name */
3201
3202 if (*argrest == 0)
3203 {
3204 if (i+1 < argc) argrest = argv[++i]; else
3205 { badarg = TRUE; break; }
3206 }
3207
3208 if (*argrest != 0)
3209 {
3210 uschar *hn;
3211
3212 if (received_protocol)
3213 {
3214 fprintf(stderr, "received_protocol is set already\n");
3215 exit(EXIT_FAILURE);
3216 }
3217
3218 hn = Ustrchr(argrest, ':');
3219 if (hn == NULL)
3220 {
3221 received_protocol = argrest;
3222 }
3223 else
3224 {
3225 int old_pool = store_pool;
3226 store_pool = POOL_PERM;
3227 received_protocol = string_copyn(argrest, hn - argrest);
3228 store_pool = old_pool;
3229 sender_host_name = hn + 1;
3230 }
3231 }
3232 break;
3233
3234
3235 case 'q':
3236 receiving_message = FALSE;
3237 if (queue_interval >= 0)
3238 {
3239 fprintf(stderr, "exim: -q specified more than once\n");
3240 exit(EXIT_FAILURE);
3241 }
3242
3243 /* -qq...: Do queue runs in a 2-stage manner */
3244
3245 if (*argrest == 'q')
3246 {
3247 queue_2stage = TRUE;
3248 argrest++;
3249 }
3250
3251 /* -qi...: Do only first (initial) deliveries */
3252
3253 if (*argrest == 'i')
3254 {
3255 queue_run_first_delivery = TRUE;
3256 argrest++;
3257 }
3258
3259 /* -qf...: Run the queue, forcing deliveries
3260 -qff..: Ditto, forcing thawing as well */
3261
3262 if (*argrest == 'f')
3263 {
3264 queue_run_force = TRUE;
3265 if (*++argrest == 'f')
3266 {
3267 deliver_force_thaw = TRUE;
3268 argrest++;
3269 }
3270 }
3271
3272 /* -q[f][f]l...: Run the queue only on local deliveries */
3273
3274 if (*argrest == 'l')
3275 {
3276 queue_run_local = TRUE;
3277 argrest++;
3278 }
3279
3280 /* -q[f][f][l][G<name>]... Work on the named queue */
3281
3282 if (*argrest == 'G')
3283 {
3284 int i;
3285 for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++;
3286 queue_name = string_copyn(argrest, i);
3287 argrest += i;
3288 if (*argrest == '/') argrest++;
3289 }
3290
3291 /* -q[f][f][l][G<name>]: Run the queue, optionally forced, optionally local
3292 only, optionally named, optionally starting from a given message id. */
3293
3294 if (*argrest == 0 &&
3295 (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1])))
3296 {
3297 queue_interval = 0;
3298 if (i+1 < argc && mac_ismsgid(argv[i+1]))
3299 start_queue_run_id = argv[++i];
3300 if (i+1 < argc && mac_ismsgid(argv[i+1]))
3301 stop_queue_run_id = argv[++i];
3302 }
3303
3304 /* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally
3305 forced, optionally local only, optionally named. */
3306
3307 else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i],
3308 0, FALSE)) <= 0)
3309 {
3310 fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]);
3311 exit(EXIT_FAILURE);
3312 }
3313 break;
3314
3315
3316 case 'R': /* Synonymous with -qR... */
3317 receiving_message = FALSE;
3318
3319 /* -Rf: As -R (below) but force all deliveries,
3320 -Rff: Ditto, but also thaw all frozen messages,
3321 -Rr: String is regex
3322 -Rrf: Regex and force
3323 -Rrff: Regex and force and thaw
3324
3325 in all cases provided there are no further characters in this
3326 argument. */
3327
3328 if (*argrest != 0)
3329 {
3330 int i;
3331 for (i = 0; i < nelem(rsopts); i++)
3332 if (Ustrcmp(argrest, rsopts[i]) == 0)
3333 {
3334 if (i != 2) queue_run_force = TRUE;
3335 if (i >= 2) deliver_selectstring_regex = TRUE;
3336 if (i == 1 || i == 4) deliver_force_thaw = TRUE;
3337 argrest += Ustrlen(rsopts[i]);
3338 }
3339 }
3340
3341 /* -R: Set string to match in addresses for forced queue run to
3342 pick out particular messages. */
3343
3344 if (*argrest)
3345 deliver_selectstring = argrest;
3346 else if (i+1 < argc)
3347 deliver_selectstring = argv[++i];
3348 else
3349 {
3350 fprintf(stderr, "exim: string expected after -R\n");
3351 exit(EXIT_FAILURE);
3352 }
3353 break;
3354
3355
3356 /* -r: an obsolete synonym for -f (see above) */
3357
3358
3359 /* -S: Like -R but works on sender. */
3360
3361 case 'S': /* Synonymous with -qS... */
3362 receiving_message = FALSE;
3363
3364 /* -Sf: As -S (below) but force all deliveries,
3365 -Sff: Ditto, but also thaw all frozen messages,
3366 -Sr: String is regex
3367 -Srf: Regex and force
3368 -Srff: Regex and force and thaw
3369
3370 in all cases provided there are no further characters in this
3371 argument. */
3372
3373 if (*argrest)
3374 {
3375 int i;
3376 for (i = 0; i < nelem(rsopts); i++)
3377 if (Ustrcmp(argrest, rsopts[i]) == 0)
3378 {
3379 if (i != 2) queue_run_force = TRUE;
3380 if (i >= 2) deliver_selectstring_sender_regex = TRUE;
3381 if (i == 1 || i == 4) deliver_force_thaw = TRUE;
3382 argrest += Ustrlen(rsopts[i]);
3383 }
3384 }
3385
3386 /* -S: Set string to match in addresses for forced queue run to
3387 pick out particular messages. */
3388
3389 if (*argrest)
3390 deliver_selectstring_sender = argrest;
3391 else if (i+1 < argc)
3392 deliver_selectstring_sender = argv[++i];
3393 else
3394 {
3395 fprintf(stderr, "exim: string expected after -S\n");
3396 exit(EXIT_FAILURE);
3397 }
3398 break;
3399
3400 /* -Tqt is an option that is exclusively for use by the testing suite.
3401 It is not recognized in other circumstances. It allows for the setting up
3402 of explicit "queue times" so that various warning/retry things can be
3403 tested. Otherwise variability of clock ticks etc. cause problems. */
3404
3405 case 'T':
3406 if (running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
3407 fudged_queue_times = argv[++i];
3408 else badarg = TRUE;
3409 break;
3410
3411
3412 /* -t: Set flag to extract recipients from body of message. */
3413
3414 case 't':
3415 if (*argrest == 0) extract_recipients = TRUE;
3416
3417 /* -ti: Set flag to extract recipients from body of message, and also
3418 specify that dot does not end the message. */
3419
3420 else if (Ustrcmp(argrest, "i") == 0)
3421 {
3422 extract_recipients = TRUE;
3423 dot_ends = FALSE;
3424 }
3425
3426 /* -tls-on-connect: don't wait for STARTTLS (for old clients) */
3427
3428 #ifdef SUPPORT_TLS
3429 else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE;
3430 #endif
3431
3432 else badarg = TRUE;
3433 break;
3434
3435
3436 /* -U: This means "initial user submission" in sendmail, apparently. The
3437 doc claims that in future sendmail may refuse syntactically invalid
3438 messages instead of fixing them. For the moment, we just ignore it. */
3439
3440 case 'U':
3441 break;
3442
3443
3444 /* -v: verify things - this is a very low-level debugging */
3445
3446 case 'v':
3447 if (*argrest == 0)
3448 {
3449 debug_selector |= D_v;
3450 debug_file = stderr;
3451 }
3452 else badarg = TRUE;
3453 break;
3454
3455
3456 /* -x: AIX uses this to indicate some fancy 8-bit character stuff:
3457
3458 The -x flag tells the sendmail command that mail from a local
3459 mail program has National Language Support (NLS) extended characters
3460 in the body of the mail item. The sendmail command can send mail with
3461 extended NLS characters across networks that normally corrupts these
3462 8-bit characters.
3463
3464 As Exim is 8-bit clean, it just ignores this flag. */
3465
3466 case 'x':
3467 if (*argrest != 0) badarg = TRUE;
3468 break;
3469
3470 /* -X: in sendmail: takes one parameter, logfile, and sends debugging
3471 logs to that file. We swallow the parameter and otherwise ignore it. */
3472
3473 case 'X':
3474 if (*argrest == '\0')
3475 if (++i >= argc)
3476 {
3477 fprintf(stderr, "exim: string expected after -X\n");
3478 exit(EXIT_FAILURE);
3479 }
3480 break;
3481
3482 case 'z':
3483 if (*argrest == '\0')
3484 if (++i < argc) log_oneline = argv[i]; else
3485 {
3486 fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]);
3487 exit(EXIT_FAILURE);
3488 }
3489 break;
3490
3491 /* All other initial characters are errors */
3492
3493 default:
3494 badarg = TRUE;
3495 break;
3496 } /* End of high-level switch statement */
3497
3498 /* Failed to recognize the option, or syntax error */
3499
3500 if (badarg)
3501 {
3502 fprintf(stderr, "exim abandoned: unknown, malformed, or incomplete "
3503 "option %s\n", arg);
3504 exit(EXIT_FAILURE);
3505 }
3506 }
3507
3508
3509 /* If -R or -S have been specified without -q, assume a single queue run. */
3510
3511 if ( (deliver_selectstring || deliver_selectstring_sender)
3512 && queue_interval < 0)
3513 queue_interval = 0;
3514
3515
3516 END_ARG:
3517 /* If usage_wanted is set we call the usage function - which never returns */
3518 if (usage_wanted) exim_usage(called_as);
3519
3520 /* Arguments have been processed. Check for incompatibilities. */
3521 if ((
3522 (smtp_input || extract_recipients || recipients_arg < argc) &&
3523 (daemon_listen || queue_interval >= 0 || bi_option ||
3524 test_retry_arg >= 0 || test_rewrite_arg >= 0 ||
3525 filter_test != FTEST_NONE || (msg_action_arg > 0 && !one_msg_action))
3526 ) ||
3527 (
3528 msg_action_arg > 0 &&
3529 (daemon_listen || queue_interval > 0 || list_options ||
3530 (checking && msg_action != MSG_LOAD) ||
3531 bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0)
3532 ) ||
3533 (
3534 (daemon_listen || queue_interval > 0) &&
3535 (sender_address != NULL || list_options || list_queue || checking ||
3536 bi_option)
3537 ) ||
3538 (