projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add missing search cache tidyup before delivering message received via
[exim.git] / src / src / parse.c
1 /* $Cambridge: exim/src/src/parse.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10 /* Functions for parsing addresses */
11
12
13 #include "exim.h"
14
15
16 static uschar *last_comment_position;
17
18
19
20 /* In stand-alone mode, provide a replacement for deliver_make_addr()
21 and rewrite_address[_qualify]() so as to avoid having to drag in too much
22 redundant apparatus. */
23
24 #ifdef STAND_ALONE
25
26 address_item *deliver_make_addr(uschar *address, BOOL copy)
27 {
28 address_item *addr = store_get(sizeof(address_item));
29 addr->next = NULL;
30 addr->parent = NULL;
31 addr->address = address;
32 return addr;
33 }
34
35 uschar *rewrite_address(uschar *recipient, BOOL dummy1, BOOL dummy2, rewrite_rule
36 *dummy3, int dummy4)
37 {
38 return recipient;
39 }
40
41 uschar *rewrite_address_qualify(uschar *recipient, BOOL dummy1)
42 {
43 return recipient;
44 }
45
46 #endif
47
48
49
50
51 /*************************************************
52 * Find the end of an address *
53 *************************************************/
54
55 /* Scan over a string looking for the termination of an address at a comma,
56 or end of the string. It's the source-routed addresses which cause much pain
57 here. Although Exim ignores source routes, it must recognize such addresses, so
58 we cannot get rid of this logic.
59
60 Argument:
61 s pointer to the start of an address
62 nl_ends if TRUE, '\n' terminates an address
63
64 Returns: pointer past the end of the address
65 (i.e. points to null or comma)
66 */
67
68 uschar *
69 parse_find_address_end(uschar *s, BOOL nl_ends)
70 {
71 BOOL source_routing = *s == '@';
72 int no_term = source_routing? 1 : 0;
73
74 while (*s != 0 && (*s != ',' || no_term > 0) && (*s != '\n' || !nl_ends))
75 {
76 /* Skip single quoted characters. Strictly these should not occur outside
77 quoted strings in RFC 822 addresses, but they can in RFC 821 addresses. Pity
78 about the lack of consistency, isn't it? */
79
80 if (*s == '\\' && s[1] != 0) s += 2;
81
82 /* Skip quoted items that are not inside brackets. Note that
83 quoted pairs are allowed inside quoted strings. */
84
85 else if (*s == '\"')
86 {
87 while (*(++s) != 0 && (*s != '\n' || !nl_ends))
88 {
89 if (*s == '\\' && s[1] != 0) s++;
90 else if (*s == '\"') { s++; break; }
91 }
92 }
93
94 /* Skip comments, which may include nested brackets, but quotes
95 are not recognized inside comments, though quoted pairs are. */
96
97 else if (*s == '(')
98 {
99 int level = 1;
100 while (*(++s) != 0 && (*s != '\n' || !nl_ends))
101 {
102 if (*s == '\\' && s[1] != 0) s++;
103 else if (*s == '(') level++;
104 else if (*s == ')' && --level <= 0) { s++; break; }
105 }
106 }
107
108 /* Non-special character; just advance. Passing the colon in a source
109 routed address means that any subsequent comma or colon may terminate unless
110 inside angle brackets. */
111
112 else
113 {
114 if (*s == '<')
115 {
116 source_routing = s[1] == '@';
117 no_term = source_routing? 2 : 1;
118 }
119 else if (*s == '>') no_term--;
120 else if (source_routing && *s == ':') no_term--;
121 s++;
122 }
123 }
124
125 return s;
126 }
127
128
129
130 /*************************************************
131 * Find last @ in an address *
132 *************************************************/
133
134 /* This function is used when we have something that may not qualified. If we
135 know it's qualified, searching for the rightmost '@' is sufficient. Here we
136 have to be a bit more clever than just a plain search, in order to handle
137 unqualified local parts like "thing@thong" correctly. Since quotes may not
138 legally be part of a domain name, we can give up on hitting the first quote
139 when searching from the right. Now that the parsing also permits the RFC 821
140 form of address, where quoted-pairs are allowed in unquoted local parts, we
141 must take care to handle that too.
142
143 Argument: pointer to an address, possibly unqualified
144 Returns: pointer to the last @ in an address, or NULL if none
145 */
146
147 uschar *
148 parse_find_at(uschar *s)
149 {
150 uschar *t = s + Ustrlen(s);
151 while (--t >= s)
152 {
153 if (*t == '@')
154 {
155 int backslash_count = 0;
156 uschar *tt = t - 1;
157 while (tt > s && *tt-- == '\\') backslash_count++;
158 if ((backslash_count & 1) == 0) return t;
159 }
160 else if (*t == '\"') return NULL;
161 }
162 return NULL;
163 }
164
165
166
167
168 /***************************************************************************
169 * In all the functions below that read a particular object type from *
170 * the input, return the new value of the pointer s (the first argument), *
171 * and put the object into the store pointed to by t (the second argument), *
172 * adding a terminating zero. If no object is found, t will point to zero *
173 * on return. *
174 ***************************************************************************/
175
176
177 /*************************************************
178 * Skip white space and comment *
179 *************************************************/
180
181 /* Algorithm:
182 (1) Skip spaces.
183 (2) If uschar not '(', return.
184 (3) Skip till matching ')', not counting any characters
185 escaped with '\'.
186 (4) Move past ')' and goto (1).
187
188 The start of the last potential comment position is remembered to
189 make it possible to ignore comments at the end of compound items.
190
191 Argument: current character pointer
192 Regurns: new character pointer
193 */
194
195 static uschar *
196 skip_comment(uschar *s)
197 {
198 last_comment_position = s;
199 while (*s)
200 {
201 int c, level;
202 while (isspace(*s)) s++;
203 if (*s != '(') break;
204 level = 1;
205 while((c = *(++s)) != 0)
206 {
207 if (c == '(') level++;
208 else if (c == ')') { if (--level <= 0) { s++; break; } }
209 else if (c == '\\' && s[1] != 0) s++;
210 }
211 }
212 return s;
213 }
214
215
216
217 /*************************************************
218 * Read a domain *
219 *************************************************/
220
221 /* A domain is a sequence of subdomains, separated by dots. See comments below
222 for detailed syntax of the subdomains.
223
224 If allow_domain_literals is TRUE, a "domain" may also be an IP address enclosed
225 in []. Make sure the output is set to the null string if there is a syntax
226 error as well as if there is no domain at all.
227
228 Arguments:
229 s current character pointer
230 t where to put the domain
231 errorptr put error message here on failure (*t will be 0 on exit)
232
233 Returns: new character pointer
234 */
235
236 static uschar *
237 read_domain(uschar *s, uschar *t, uschar **errorptr)
238 {
239 uschar *tt = t;
240 s = skip_comment(s);
241
242 /* Handle domain literals if permitted. An RFC 822 domain literal may contain
243 any character except [ ] \, including linear white space, and may contain
244 quoted characters. However, RFC 821 restricts literals to being dot-separated
245 3-digit numbers, and we make the obvious extension for IPv6. Go for a sequence
246 of digits and dots (hex digits and colons for IPv6) here; later this will be
247 checked for being a syntactically valid IP address if it ever gets to a router.
248
249 If IPv6 is supported, allow both the formal form, with IPV6: at the start, and
250 the informal form without it, and accept IPV4: as well, 'cause someone will use
251 it sooner or later. */
252
253 if (*s == '[')
254 {
255 *t++ = *s++;
256
257 #if HAVE_IPV6
258 if (strncmpic(s, US"IPv6:", 5) == 0 || strncmpic(s, US"IPv4:", 5) == 0)
259 {
260 memcpy(t, s, 5);
261 t += 5;
262 s += 5;
263 }
264 while (*s == '.' || *s == ':' || isxdigit(*s)) *t++ = *s++;
265
266 #else
267 while (*s == '.' || isdigit(*s)) *t++ = *s++;
268 #endif
269
270 if (*s == ']') *t++ = *s++; else
271 {
272 *errorptr = US"malformed domain literal";
273 *tt = 0;
274 }
275
276 if (!allow_domain_literals)
277 {
278 *errorptr = US"domain literals not allowed";
279 *tt = 0;
280 }
281 *t = 0;
282 return skip_comment(s);
283 }
284
285 /* Handle a proper domain, which is a sequence of dot-separated atoms. Remove
286 trailing dots if strip_trailing_dot is set. A subdomain is an atom.
287
288 An atom is a sequence of any characters except specials, space, and controls.
289 The specials are ( ) < > @ , ; : \ " . [ and ]. This is the rule for RFC 822
290 and its successor (RFC 2822). However, RFC 821 and its successor (RFC 2821) is
291 tighter, allowing only letters, digits, and hyphens, not starting with a
292 hyphen.
293
294 There used to be a global flag that got set when checking addresses that came
295 in over SMTP and which should therefore should be checked according to the
296 stricter rule. However, it seems silly to make the distinction, because I don't
297 suppose anybody ever uses local domains that are 822-compliant and not
298 821-compliant. Furthermore, Exim now has additional data on the spool file line
299 after an address (after "one_time" processing), and it makes use of a #
300 character to delimit it. When I wrote that code, I forgot about this 822-domain
301 stuff, and assumed # could never appear in a domain.
302
303 So the old code is now cut out for Release 4.11 onwards, on 09-Aug-02. In a few
304 years, when we are sure this isn't actually causing trouble, throw it away.
305
306 March 2003: the story continues: There is a camp that is arguing for the use of
307 UTF-8 in domain names as the way to internationalization, and other MTAs
308 support this. Therefore, we now have a flag that permits the use of characters
309 with values greater than 127, encoded in UTF-8, in subdomains, so that Exim can
310 be used experimentally in this way. */
311
312 for (;;)
313 {
314 uschar *tsave = t;
315
316 /*********************
317 if (rfc821_domains)
318 {
319 if (*s != '-') while (isalnum(*s) || *s == '-') *t++ = *s++;
320 }
321 else
322 while (!mac_iscntrl_or_special(*s)) *t++ = *s++;
323 *********************/
324
325 if (*s != '-')
326 {
327 /* Only letters, digits, and hyphens */
328
329 if (!allow_utf8_domains)
330 {
331 while (isalnum(*s) || *s == '-') *t++ = *s++;
332 }
333
334 /* Permit legal UTF-8 characters to be included */
335
336 else for(;;)
337 {
338 int i, d;
339 if (isalnum(*s) || *s == '-') /* legal ascii characters */
340 {
341 *t++ = *s++;
342 continue;
343 }
344 if ((*s & 0xc0) != 0xc0) break; /* not start of UTF-8 character */
345 d = *s << 2;
346 for (i = 1; i < 6; i++) /* i is the number of additional bytes */
347 {
348 if ((d & 0x80) == 0) break;
349 d <<= 1;
350 }
351 if (i == 6) goto BAD_UTF8; /* invalid UTF-8 */
352 *t++ = *s++; /* leading UTF-8 byte */
353 while (i-- > 0) /* copy and check remainder */
354 {
355 if ((*s & 0xc0) != 0x80)
356 {
357 BAD_UTF8:
358 *errorptr = US"invalid UTF-8 byte sequence";
359 *tt = 0;
360 return s;
361 }
362 *t++ = *s++;
363 }
364 } /* End of loop for UTF-8 character */
365 } /* End of subdomain */
366
367 s = skip_comment(s);
368 *t = 0;
369
370 if (t == tsave) /* empty component */
371 {
372 if (strip_trailing_dot && t > tt && *s != '.') t[-1] = 0; else
373 {
374 *errorptr = US"domain missing or malformed";
375 *tt = 0;
376 }
377 return s;
378 }
379
380 if (*s != '.') break;
381 *t++ = *s++;
382 s = skip_comment(s);
383 }
384
385 return s;
386 }
387
388
389
390 /*************************************************
391 * Read a local-part *
392 *************************************************/
393
394 /* A local-part is a sequence of words, separated by periods. A null word
395 between dots is not strictly allowed but apparently many mailers permit it,
396 so, sigh, better be compatible. Even accept a trailing dot...
397
398 A <word> is either a quoted string, or an <atom>, which is a sequence
399 of any characters except specials, space, and controls. The specials are
400 ( ) < > @ , ; : \ " . [ and ]. In RFC 822, a single quoted character, (a
401 quoted-pair) is not allowed in a word. However, in RFC 821, it is permitted in
402 the local part of an address. Rather than have separate parsing functions for
403 the different cases, take the liberal attitude always. At least one MUA is
404 happy to recognize this case; I don't know how many other programs do.
405
406 Arguments:
407 s current character pointer
408 t where to put the local part
409 error where to point error text
410 allow_null TRUE if an empty local part is not an error
411
412 Returns: new character pointer
413 */
414
415 static uschar *
416 read_local_part(uschar *s, uschar *t, uschar **error, BOOL allow_null)
417 {
418 uschar *tt = t;
419 *error = NULL;
420 for (;;)
421 {
422 int c;
423 uschar *tsave = t;
424 s = skip_comment(s);
425
426 /* Handle a quoted string */
427
428 if (*s == '\"')
429 {
430 *t++ = '\"';
431 while ((c = *(++s)) != 0 && c != '\"')
432 {
433 *t++ = c;
434 if (c == '\\' && s[1] != 0) *t++ = *(++s);
435 }
436 if (c == '\"')
437 {
438 s++;
439 *t++ = '\"';
440 }
441 else
442 {
443 *error = US"unmatched doublequote in local part";
444 return s;
445 }
446 }
447
448 /* Handle an atom, but allow quoted pairs within it. */
449
450 else while (!mac_iscntrl_or_special(*s) || *s == '\\')
451 {
452 c = *t++ = *s++;
453 if (c == '\\' && *s != 0) *t++ = *s++;
454 }
455
456 /* Terminate the word and skip subsequent comment */
457
458 *t = 0;
459 s = skip_comment(s);
460
461 /* If we have read a null component at this point, give an error unless it is
462 terminated by a dot - an extension to RFC 822 - or if it is the first
463 component of the local part and an empty local part is permitted, in which
464 case just return normally. */
465
466 if (t == tsave && *s != '.')
467 {
468 if (t == tt && !allow_null)
469 *error = US"missing or malformed local part";
470 return s;
471 }
472
473 /* Anything other than a dot terminates the local part. Treat multiple dots
474 as a single dot, as this seems to be a common extension. */
475
476 if (*s != '.') break;
477 do { *t++ = *s++; } while (*s == '.');
478 }
479
480 return s;
481 }
482
483
484 /*************************************************
485 * Read route part of route-addr *
486 *************************************************/
487
488 /* The pointer is at the initial "@" on entry. Return it following the
489 terminating colon. Exim no longer supports the use of source routes, but it is
490 required to accept the syntax.
491
492 Arguments:
493 s current character pointer
494 t where to put the route
495 errorptr where to put an error message
496
497 Returns: new character pointer
498 */
499
500 static uschar *
501 read_route(uschar *s, uschar *t, uschar **errorptr)
502 {
503 BOOL commas = FALSE;
504 *errorptr = NULL;
505
506 while (*s == '@')
507 {
508 *t++ = '@';
509 s = read_domain(s+1, t, errorptr);
510 if (*t == 0) return s;
511 t += Ustrlen((const uschar *)t);
512 if (*s != ',') break;
513 *t++ = *s++;
514 commas = TRUE;
515 s = skip_comment(s);
516 }
517
518 if (*s == ':') *t++ = *s++;
519
520 /* If there is no colon, and there were no commas, the most likely error
521 is in fact a missing local part in the address rather than a missing colon
522 after the route. */
523
524 else *errorptr = commas?
525 US"colon expected after route list" :
526 US"no local part";
527
528 /* Terminate the route and return */
529
530 *t = 0;
531 return skip_comment(s);
532 }
533
534
535
536 /*************************************************
537 * Read addr-spec *
538 *************************************************/
539
540 /* Addr-spec is local-part@domain. We make the domain optional -
541 the expected terminator for the whole thing is passed to check this.
542 This function is called only when we know we have a route-addr.
543
544 Arguments:
545 s current character pointer
546 t where to put the addr-spec
547 term expected terminator (0 or >)
548 errorptr where to put an error message
549 domainptr set to point to the start of the domain
550
551 Returns: new character pointer
552 */
553
554 static uschar *
555 read_addr_spec(uschar *s, uschar *t, int term, uschar **errorptr,
556 uschar **domainptr)
557 {
558 s = read_local_part(s, t, errorptr, FALSE);
559 if (*errorptr == NULL)
560 {
561 if (*s != term)
562 {
563 if (*s != '@')
564 *errorptr = string_sprintf("\"@\" or \".\" expected after \"%s\"", t);
565 else
566 {
567 t += Ustrlen((const uschar *)t);
568 *t++ = *s++;
569 *domainptr = t;
570 s = read_domain(s, t, errorptr);
571 }
572 }
573 }
574 return s;
575 }
576
577
578
579 /*************************************************
580 * Extract operative address *
581 *************************************************/
582
583 /* This function extracts an operative address from a full RFC822 mailbox and
584 returns it in a piece of dynamic store. We take the easy way and get a piece
585 of store the same size as the input, and then copy into it whatever is
586 necessary. If we cannot find a valid address (syntax error), return NULL, and
587 point the error pointer to the reason. The arguments "start" and "end" are used
588 to return the offsets of the first and one past the last characters in the
589 original mailbox of the address that has been extracted, to aid in re-writing.
590 The argument "domain" is set to point to the first character after "@" in the
591 final part of the returned address, or zero if there is no @.
592
593 Exim no longer supports the use of source routed addresses (those of the form
594 @domain,...:route_addr). It recognizes the syntax, but collapses such addresses
595 down to their final components. Formerly, collapse_source_routes had to be set
596 to achieve this effect. RFC 1123 allows collapsing with MAY, while the revision
597 of RFC 821 had increased this to SHOULD, so I've gone for it, because it makes
598 a lot of code elsewhere in Exim much simpler.
599
600 There are some special fudges here for handling RFC 822 group address notation
601 which may appear in certain headers. If the flag parse_allow_group is set
602 TRUE and parse_found_group is FALSE when this function is called, an address
603 which is the start of a group (i.e. preceded by a phrase and a colon) is
604 recognized; the phrase is ignored and the flag parse_found_group is set. If
605 this flag is TRUE at the end of an address, then if an extraneous semicolon is
606 found, it is ignored and the flag is cleared. This logic is used only when
607 scanning through addresses in headers, either to fulfil the -t option or for
608 rewriting or checking header syntax.
609
610 Arguments:
611 mailbox points to the RFC822 mailbox
612 errorptr where to point an error message
613 start set to start offset in mailbox
614 end set to end offset in mailbox
615 domain set to domain offset in result, or 0 if no domain present
616 allow_null allow <> if TRUE
617
618 Returns: points to the extracted address, or NULL on error
619 */
620
621 #define FAILED(s) { *errorptr = s; goto PARSE_FAILED; }
622
623 uschar *
624 parse_extract_address(uschar *mailbox, uschar **errorptr, int *start, int *end,
625 int *domain, BOOL allow_null)
626 {
627 uschar *yield = store_get(Ustrlen(mailbox) + 1);
628 uschar *startptr, *endptr;
629 uschar *s = (uschar *)mailbox;
630 uschar *t = (uschar *)yield;
631
632 *domain = 0;
633
634 /* At the start of the string we expect either an addr-spec or a phrase
635 preceding a <route-addr>. If groups are allowed, we might also find a phrase
636 preceding a colon and an address. If we find an initial word followed by
637 a dot, strict interpretation of the RFC would cause it to be taken
638 as the start of an addr-spec. However, many mailers break the rules
639 and use addresses of the form "a.n.other <ano@somewhere>" and so we
640 allow this case. */
641
642 RESTART: /* Come back here after passing a group name */
643
644 s = skip_comment(s);
645 startptr = s; /* In case addr-spec */
646 s = read_local_part(s, t, errorptr, TRUE); /* Dot separated words */
647 if (*errorptr != NULL) goto PARSE_FAILED;
648
649 /* If the terminator is neither < nor @ then the format of the address
650 must either be a bare local-part (we are now at the end), or a phrase
651 followed by a route-addr (more words must follow). */
652
653 if (*s != '@' && *s != '<')
654 {
655 if (*s == 0 || *s == ';')
656 {
657 if (*t == 0) FAILED(US"empty address");
658 endptr = last_comment_position;
659 goto PARSE_SUCCEEDED; /* Bare local part */
660 }
661
662 /* Expect phrase route-addr, or phrase : if groups permitted, but allow
663 dots in the phrase; complete the loop only when '<' or ':' is encountered -
664 end of string will produce a null local_part and therefore fail. We don't
665 need to keep updating t, as the phrase isn't to be kept. */
666
667 while (*s != '<' && (!parse_allow_group || *s != ':'))
668 {
669 s = read_local_part(s, t, errorptr, FALSE);
670 if (*errorptr != NULL)
671 {
672 *errorptr = string_sprintf("%s (expected word or \"<\")", *errorptr);
673 goto PARSE_FAILED;
674 }
675 }
676
677 if (*s == ':')
678 {
679 parse_found_group = TRUE;
680 parse_allow_group = FALSE;
681 s++;
682 goto RESTART;
683 }
684
685 /* Assert *s == '<' */
686 }
687
688 /* At this point the next character is either '@' or '<'. If it is '@', only a
689 single local-part has previously been read. An angle bracket signifies the
690 start of an <addr-spec>. Throw away anything we have saved so far before
691 processing it. Note that this is "if" rather than "else if" because it's also
692 used after reading a preceding phrase.
693
694 There are a lot of broken sendmails out there that put additional pairs of <>
695 round <route-addr>s. If strip_excess_angle_brackets is set, allow any number of
696 them, as long as they match. */
697
698 if (*s == '<')
699 {
700 uschar *domainptr = yield;
701 BOOL source_routed = FALSE;
702 int bracket_count = 1;
703
704 s++;
705 if (strip_excess_angle_brackets)
706 while (*s == '<') { bracket_count++; s++; }
707
708 t = yield;
709 startptr = s;
710 s = skip_comment(s);
711
712 /* Read an optional series of routes, each of which is a domain. They
713 are separated by commas and terminated by a colon. However, we totally ignore
714 such routes (RFC 1123 says we MAY, and the revision of RFC 821 says we
715 SHOULD). */
716
717 if (*s == '@')
718 {
719 s = read_route(s, t, errorptr);
720 if (*errorptr != NULL) goto PARSE_FAILED;
721 *t = 0; /* Ensure route is ignored - probably overkill */
722 source_routed = TRUE;
723 }
724
725 /* Now an addr-spec, terminated by '>'. If there is no preceding route,
726 we must allow an empty addr-spec if allow_null is TRUE, to permit the
727 address "<>" in some circumstances. A source-routed address MUST have
728 a domain in the final part. */
729
730 if (allow_null && !source_routed && *s == '>')
731 {
732 *t = 0;
733 *errorptr = NULL;
734 }
735 else
736 {
737 s = read_addr_spec(s, t, '>', errorptr, &domainptr);
738 if (*errorptr != NULL) goto PARSE_FAILED;
739 *domain = domainptr - yield;
740 if (source_routed && *domain == 0)
741 FAILED(US"domain missing in source-routed address");
742 }
743
744 endptr = s;
745 if (*errorptr != NULL) goto PARSE_FAILED;
746 while (bracket_count-- > 0) if (*s++ != '>')
747 {
748 *errorptr = (s[-1] == 0)? US"'>' missing at end of address" :
749 string_sprintf("malformed address: %.32s may not follow %.*s",
750 s-1, s - (uschar *)mailbox - 1, mailbox);
751 goto PARSE_FAILED;
752 }
753
754 s = skip_comment(s);
755 }
756
757 /* Hitting '@' after the first local-part means we have definitely got an
758 addr-spec, on a strict reading of the RFC, and the rest of the string
759 should be the domain. However, for flexibility we allow for a route-address
760 not enclosed in <> as well, which is indicated by an empty first local
761 part preceding '@'. The source routing is, however, ignored. */
762
763 else if (*t == 0)
764 {
765 uschar *domainptr = yield;
766 s = read_route(s, t, errorptr);
767 if (*errorptr != NULL) goto PARSE_FAILED;
768 *t = 0; /* Ensure route is ignored - probably overkill */
769 s = read_addr_spec(s, t, 0, errorptr, &domainptr);
770 if (*errorptr != NULL) goto PARSE_FAILED;
771 *domain = domainptr - yield;
772 endptr = last_comment_position;
773 if (*domain == 0) FAILED(US"domain missing in source-routed address");
774 }
775
776 /* This is the strict case of local-part@domain. */
777
778 else
779 {
780 t += Ustrlen((const uschar *)t);
781 *t++ = *s++;
782 *domain = t - yield;
783 s = read_domain(s, t, errorptr);
784 if (*t == 0) goto PARSE_FAILED;
785 endptr = last_comment_position;
786 }
787
788 /* Use goto to get here from the bare local part case. Arrive by falling
789 through for other cases. Endptr may have been moved over whitespace, so
790 move it back past white space if necessary. */
791
792 PARSE_SUCCEEDED:
793 if (*s != 0)
794 {
795 if (parse_found_group && *s == ';')
796 {
797 parse_found_group = FALSE;
798 parse_allow_group = TRUE;
799 }
800 else
801 {
802 *errorptr = string_sprintf("malformed address: %.32s may not follow %.*s",
803 s, s - (uschar *)mailbox, mailbox);
804 goto PARSE_FAILED;
805 }
806 }
807 *start = startptr - (uschar *)mailbox; /* Return offsets */
808 while (isspace(endptr[-1])) endptr--;
809 *end = endptr - (uschar *)mailbox;
810
811 /* Although this code has no limitation on the length of address extracted,
812 other parts of Exim may have limits, and in any case, RFC 2821 limits local
813 parts to 64 and domains to 255, so we do a check here, giving an error if the
814 address is ridiculously long. */
815
816 if (*end - *start > ADDRESS_MAXLENGTH)
817 {
818 *errorptr = string_sprintf("address is ridiculously long: %.64s...", yield);
819 return NULL;
820 }
821
822 return (uschar *)yield;
823
824 /* Use goto (via the macro FAILED) to get to here from a variety of places.
825 We might have an empty address in a group - the caller can choose to ignore
826 this. We must, however, keep the flags correct. */
827
828 PARSE_FAILED:
829 if (parse_found_group && *s == ';')
830 {
831 parse_found_group = FALSE;
832 parse_allow_group = TRUE;
833 }
834 return NULL;
835 }
836
837 #undef FAILED
838
839
840
841 /*************************************************
842 * Quote according to RFC 2047 *
843 *************************************************/
844
845 /* This function is used for quoting text in headers according to RFC 2047.
846 If the only characters that strictly need quoting are spaces, we return the
847 original string, unmodified. If a quoted string is too long for the buffer, it
848 is truncated. (This shouldn't happen: this is normally handling short strings.)
849
850 Arguments:
851 string the string to quote - already checked to contain non-printing
852 chars
853 len the length of the string
854 charset the name of the character set; NULL => iso-8859-1
855 buffer the buffer to put the answer in
856 buffer_size the size of the buffer
857
858 Returns: pointer to the original string, if no quoting needed, or
859 pointer to buffer containing the quoted string, or
860 a pointer to "String too long" if the buffer can't even hold
861 the introduction
862 */
863
864 uschar *
865 parse_quote_2047(uschar *string, int len, uschar *charset, uschar *buffer,
866 int buffer_size)
867 {
868 uschar *s = string;
869 uschar *t;
870 BOOL coded = FALSE;
871
872 if (charset == NULL) charset = US"iso-8859-1";
873
874 /* We don't expect this to fail! */
875
876 if (!string_format(buffer, buffer_size, "=?%s?Q?", charset))
877 return US"String too long";
878
879 t = buffer + Ustrlen(buffer);
880 for (; len > 0; len--)
881 {
882 int ch = *s++;
883 if (t > buffer + buffer_size - 8) break;
884 if (ch < 33 || ch > 126 ||
885 Ustrchr("?=()<>@,;:\\\".[]_", ch) != NULL)
886 {
887 if (ch == ' ') *t++ = '_'; else
888 {
889 sprintf(CS t, "=%02X", ch);
890 while (*t != 0) t++;
891 coded = TRUE;
892 }
893 }
894 else *t++ = ch;
895 }
896 sprintf(CS t, "?=");
897 return coded? buffer : string;
898 }
899
900
901
902
903 /*************************************************
904 * Fix up an RFC 822 "phrase" *
905 *************************************************/
906
907 /* This function is called to repair any syntactic defects in the "phrase" part
908 of an RFC822 address. In particular, it is applied to the user's name as read
909 from the passwd file when accepting a local message, and to the data from the
910 -F option.
911
912 If the string contains existing quoted strings or comments containing
913 freestanding quotes, then we just quote those bits that need quoting -
914 otherwise it would get awfully messy and probably not look good. If not, we
915 quote the whole thing if necessary. Thus
916
917 John Q. Smith => "John Q. Smith"
918 John "Jack" Smith => John "Jack" Smith
919 John "Jack" Q. Smith => John "Jack" "Q." Smith
920 John (Jack) Q. Smith => "John (Jack) Q. Smith"
921 John ("Jack") Q. Smith => John ("Jack") "Q." Smith
922 but
923 John (\"Jack\") Q. Smith => "John (\"Jack\") Q. Smith"
924
925 Sheesh! This is tedious code. It is a great pity that the syntax of RFC822 is
926 the way it is...
927
928 August 2000: Additional code added:
929
930 Previously, non-printing characters were turned into question marks, which do
931 not need to be quoted.
932
933 Now, a different tactic is used if there are any non-printing ASCII
934 characters. The encoding method from RFC 2047 is used, assuming iso-8859-1 as
935 the character set.
936
937 We *could* use this for all cases, getting rid of the messy original code,
938 but leave it for now. It would complicate simple cases like "John Q. Smith".
939
940 The result is passed back in the buffer; it is usually going to be added to
941 some other string. In order to be sure there is going to be no overflow,
942 restrict the length of the input to 1/4 of the buffer size - this allows for
943 every single character to be quoted or encoded without overflowing, and that
944 wouldn't happen because of amalgamation. If the phrase is too long, return a
945 fixed string.
946
947 Arguments:
948 phrase an RFC822 phrase
949 len the length of the phrase
950 buffer a buffer to put the result in
951 buffer_size the size of the buffer
952
953 Returns: the fixed RFC822 phrase
954 */
955
956 uschar *
957 parse_fix_phrase(uschar *phrase, int len, uschar *buffer, int buffer_size)
958 {
959 int ch, i;
960 BOOL quoted = FALSE;
961 uschar *s, *t, *end, *yield;
962
963 while (len > 0 && isspace(*phrase)) { phrase++; len--; }
964 if (len > buffer_size/4) return US"Name too long";
965
966 /* See if there are any non-printing characters, and if so, use the RFC 2047
967 encoding for the whole thing. */
968
969 for (i = 0, s = phrase; i < len; i++, s++)
970 if ((*s < 32 && *s != '\t') || *s > 126) break;
971
972 if (i < len) return parse_quote_2047(phrase, len, headers_charset, buffer,
973 buffer_size);
974
975 /* No non-printers; use the RFC 822 quoting rules */
976
977 s = phrase;
978 end = s + len;
979 yield = t = buffer + 1;
980
981 while (s < end)
982 {
983 ch = *s++;
984
985 /* Copy over quoted strings, remembering we encountered one */
986
987 if (ch == '\"')
988 {
989 *t++ = '\"';
990 while (s < end && (ch = *s++) != '\"')
991 {
992 *t++ = ch;
993 if (ch == '\\' && s < end) *t++ = *s++;
994 }
995 *t++ = '\"';
996 if (s >= end) break;
997 quoted = TRUE;
998 }
999
1000 /* Copy over comments, noting if they contain freestanding quote
1001 characters */
1002
1003 else if (ch == '(')
1004 {
1005 int level = 1;
1006 *t++ = '(';
1007 while (s < end)
1008 {
1009 ch = *s++;
1010 *t++ = ch;
1011 if (ch == '(') level++;
1012 else if (ch == ')') { if (--level <= 0) break; }
1013 else if (ch == '\\' && s < end) *t++ = *s++ & 127;
1014 else if (ch == '\"') quoted = TRUE;
1015 }
1016 if (ch == 0)
1017 {
1018 while (level--) *t++ = ')';
1019 break;
1020 }
1021 }
1022
1023 /* Handle special characters that need to be quoted */
1024
1025 else if (Ustrchr(")<>@,;:\\.[]", ch) != NULL)
1026 {
1027 /* If hit previous quotes just make one quoted "word" */
1028
1029 if (quoted)
1030 {
1031 uschar *tt = t++;
1032 while (*(--tt) != ' ' && *tt != '\"' && *tt != ')') tt[1] = *tt;
1033 tt[1] = '\"';
1034 *t++ = ch;
1035 while (s < end)
1036 {
1037 ch = *s++;
1038 if (ch == ' ' || ch == '\"') { s--; break; } else *t++ = ch;
1039 }
1040 *t++ = '\"';
1041 }
1042
1043 /* Else quote the whole string so far, and the rest up to any following
1044 quotes. We must treat anything following a backslash as a literal. */
1045
1046 else
1047 {
1048 BOOL escaped = (ch == '\\');
1049 *(--yield) = '\"';
1050 *t++ = ch;
1051
1052 /* Now look for the end or a quote */
1053
1054 while (s < end)
1055 {
1056 ch = *s++;
1057
1058 /* Handle escaped pairs */
1059
1060 if (escaped)
1061 {
1062 *t++ = ch;
1063 escaped = FALSE;
1064 }
1065
1066 else if (ch == '\\')
1067 {
1068 *t++ = ch;
1069 escaped = TRUE;
1070 }
1071
1072 /* If hit subsequent quotes, insert our quote before any trailing
1073 spaces and back up to re-handle the quote in the outer loop. */
1074
1075 else if (ch == '\"')
1076 {
1077 int count = 0;
1078 while (t[-1] == ' ') { t--; count++; }
1079 *t++ = '\"';
1080 while (count-- > 0) *t++ = ' ';
1081 s--;
1082 break;
1083 }
1084
1085 /* If hit a subsequent comment, check it for unescaped quotes,
1086 and if so, end our quote before it. */
1087
1088 else if (ch == '(')
1089 {
1090 uschar *ss = s; /* uschar after '(' */
1091 int level = 1;
1092 while(ss < end)
1093 {
1094 ch = *ss++;
1095 if (ch == '(') level++;
1096 else if (ch == ')') { if (--level <= 0) break; }
1097 else if (ch == '\\' && ss+1 < end) ss++;
1098 else if (ch == '\"') { quoted = TRUE; break; }
1099 }
1100
1101 /* Comment contains unescaped quotes; end our quote before
1102 the start of the comment. */
1103
1104 if (quoted)
1105 {
1106 int count = 0;
1107 while (t[-1] == ' ') { t--; count++; }
1108 *t++ = '\"';
1109 while (count-- > 0) *t++ = ' ';
1110 break;
1111 }
1112
1113 /* Comment does not contain unescaped quotes; include it in
1114 our quote. */
1115
1116 else
1117 {
1118 if (ss >= end) ss--;
1119 *t++ = '(';
1120 Ustrncpy(t, s, ss-s);
1121 t += ss-s;
1122 s = ss;
1123 }
1124 }
1125
1126 /* Not a comment or quote; include this character in our quotes. */
1127
1128 else *t++ = ch;
1129 }
1130 }
1131
1132 /* Add a final quote if we hit the end of the string. */
1133
1134 if (s >= end) *t++ = '\"';
1135 }
1136
1137 /* Non-special character; just copy it over */
1138
1139 else *t++ = ch;
1140 }
1141
1142 *t = 0;
1143 return yield;
1144 }
1145
1146
1147 /*************************************************
1148 * Extract addresses from a list *
1149 *************************************************/
1150
1151 /* This function is called by the redirect router to scan a string containing a
1152 list of addresses separated by commas (with optional white space) or by
1153 newlines, and to generate a chain of address items from them. In other words,
1154 to unpick data from an alias or .forward file.
1155
1156 The SunOS5 documentation for alias files is not very clear on the syntax; it
1157 does not say that either a comma or a newline can be used for separation.
1158 However, that is the way Smail does it, so we follow suit.
1159
1160 If a # character is encountered in a white space position, then characters from
1161 there to the next newline are skipped.
1162
1163 If an unqualified address begins with '\', just skip that character. This gives
1164 compatibility with Sendmail's use of \ to prevent looping. Exim has its own
1165 loop prevention scheme which handles other cases too - see the code in
1166 route_address().
1167
1168 An "address" can be a specification of a file or a pipe; the latter may often
1169 need to be quoted because it may contain spaces, but we don't want to retain
1170 the quotes. Quotes may appear in normal addresses too, and should be retained.
1171 We can distinguish between these cases, because in addresses, quotes are used
1172 only for parts of the address, not the whole thing. Therefore, we remove quotes
1173 from items when they entirely enclose them, but not otherwise.
1174
1175 An "address" can also be of the form :include:pathname to include a list of
1176 addresses contained in the specified file.
1177
1178 Any unqualified addresses are qualified with and rewritten if necessary, via
1179 the rewrite_address() function.
1180
1181 Arguments:
1182 s the list of addresses (typically a complete
1183 .forward file or a list of entries in an alias file)
1184 options option bits for permitting or denying various special cases;
1185 not all bits are relevant here - some are for filter
1186 files; those we use here are:
1187 RDO_DEFER
1188 RDO_FREEZE
1189 RDO_FAIL
1190 RDO_BLACKHOLE
1191 RDO_REWRITE
1192 RDO_INCLUDE
1193 anchor where to hang the chain of newly-created addresses. This
1194 should be initialized to NULL.
1195 error where to return an error text
1196 incoming domain domain of the incoming address; used to qualify unqualified
1197 local parts preceded by \
1198 directory if NULL, no checks are done on :include: files
1199 otherwise, included file names must start with the given
1200 directory
1201 syntax_errors if not NULL, it carries on after syntax errors in addresses,
1202 building up a list of errors as error blocks chained on
1203 here.
1204
1205 Returns: FF_DELIVERED addresses extracted
1206 FF_NOTDELIVERED no addresses extracted, but no errors
1207 FF_BLACKHOLE :blackhole:
1208 FF_DEFER :defer:
1209 FF_FAIL :fail:
1210 FF_INCLUDEFAIL some problem with :include:; *error set
1211 FF_ERROR other problems; *error is set
1212 */
1213
1214 int
1215 parse_forward_list(uschar *s, int options, address_item **anchor,
1216 uschar **error, uschar *incoming_domain, uschar *directory,
1217 error_block **syntax_errors)
1218 {
1219 int count = 0;
1220
1221 DEBUG(D_route) debug_printf("parse_forward_list: %s\n", s);
1222
1223 for (;;)
1224 {
1225 int len;
1226 int special = 0;
1227 int specopt = 0;
1228 int specbit = 0;
1229 uschar *ss, *nexts;
1230 address_item *addr;
1231 BOOL inquote = FALSE;
1232
1233 for (;;)
1234 {
1235 while (isspace(*s) || *s == ',') s++;
1236 if (*s == '#') { while (*s != 0 && *s != '\n') s++; } else break;
1237 }
1238
1239 /* When we reach the end of the list, we return FF_DELIVERED if any child
1240 addresses have been generated. If nothing has been generated, there are two
1241 possibilities: either the list is really empty, or there were syntax errors
1242 that are being skipped. (If syntax errors are not being skipped, an FF_ERROR
1243 return is generated on hitting a syntax error and we don't get here.) For a
1244 truly empty list we return FF_NOTDELIVERED so that the router can decline.
1245 However, if the list is empty only because syntax errors were skipped, we
1246 return FF_DELIVERED. */
1247
1248 if (*s == 0)
1249 {
1250 return (count > 0 || (syntax_errors != NULL && *syntax_errors != NULL))?
1251 FF_DELIVERED : FF_NOTDELIVERED;
1252
1253 /* This previous code returns FF_ERROR if nothing is generated but a
1254 syntax error has been skipped. I now think it is the wrong approach, but
1255 have left this here just in case, and for the record. */
1256
1257 #ifdef NEVER
1258 if (count > 0) return FF_DELIVERED; /* Something was generated */
1259
1260 if (syntax_errors == NULL || /* Not skipping syntax errors, or */
1261 *syntax_errors == NULL) /* we didn't actually skip any */
1262 return FF_NOTDELIVERED;
1263
1264 *error = string_sprintf("no addresses generated: syntax error in %s: %s",
1265 (*syntax_errors)->text2, (*syntax_errors)->text1);
1266 return FF_ERROR;
1267 #endif
1268
1269 }
1270
1271 /* Find the end of the next address. Quoted strings in addresses may contain
1272 escaped characters; I haven't found a proper specification of .forward or
1273 alias files that mentions the quoting properties, but it seems right to do
1274 the escaping thing in all cases, so use the function that finds the end of an
1275 address. However, don't let a quoted string extend over the end of a line. */
1276
1277 ss = parse_find_address_end(s, TRUE);
1278
1279 /* Remember where we finished, for starting the next one. */
1280
1281 nexts = ss;
1282
1283 /* Remove any trailing spaces; we know there's at least one non-space. */
1284
1285 while (isspace((ss[-1]))) ss--;
1286
1287 /* We now have s->start and ss->end of the next address. Remove quotes
1288 if they completely enclose, remembering the address started with a quote
1289 for handling pipes and files. Another round of removal of leading and
1290 trailing spaces is then required. */
1291
1292 if (*s == '\"' && ss[-1] == '\"')
1293 {
1294 s++;
1295 ss--;
1296 inquote = TRUE;
1297 while (s < ss && isspace(*s)) s++;
1298 while (ss > s && isspace((ss[-1]))) ss--;
1299 }
1300
1301 /* Set up the length of the address. */
1302
1303 len = ss - s;
1304
1305 DEBUG(D_route)
1306 {
1307 int save = s[len];
1308 s[len] = 0;
1309 debug_printf("extract item: %s\n", s);
1310 s[len] = save;
1311 }
1312
1313 /* Handle special addresses if permitted. If the address is :unknown:
1314 ignore it - this is for backward compatibility with old alias files. You
1315 don't need to use it nowadays - just generate an empty string. For :defer:,
1316 :blackhole:, or :fail: we have to set up the error message and give up right
1317 away. */
1318
1319 if (Ustrncmp(s, ":unknown:", len) == 0)
1320 {
1321 s = nexts;
1322 continue;
1323 }
1324
1325 if (Ustrncmp(s, ":defer:", 7) == 0)
1326 { special = FF_DEFER; specopt = RDO_DEFER; } /* specbit is 0 */
1327 else if (Ustrncmp(s, ":blackhole:", 11) == 0)
1328 { special = FF_BLACKHOLE; specopt = specbit = RDO_BLACKHOLE; }
1329 else if (Ustrncmp(s, ":fail:", 6) == 0)
1330 { special = FF_FAIL; specopt = RDO_FAIL; } /* specbit is 0 */
1331
1332 if (special != 0)
1333 {
1334 uschar *ss = Ustrchr(s+1, ':') + 1;
1335 if ((options & specopt) == specbit)
1336 {
1337 *error = string_sprintf("\"%.*s\" is not permitted", len, s);
1338 return FF_ERROR;
1339 }
1340 while (*ss != 0 && isspace(*ss)) ss++;
1341 while (s[len] != 0 && s[len] != '\n') len++;
1342 s[len] = 0;
1343 *error = string_copy(ss);
1344 return special;
1345 }
1346
1347 /* If the address is of the form :include:pathname, read the file, and call
1348 this function recursively to extract the addresses from it. If directory is
1349 NULL, do no checks. Otherwise, insist that the file name starts with the
1350 given directory and is a regular file. */
1351
1352 if (Ustrncmp(s, ":include:", 9) == 0)
1353 {
1354 uschar *filebuf;
1355 uschar filename[256];
1356 uschar *t = s+9;
1357 int flen = len - 9;
1358 int frc;
1359 struct stat statbuf;
1360 address_item *last;
1361 FILE *f;
1362
1363 while (flen > 0 && isspace(*t)) { t++; flen--; }
1364
1365 if (flen <= 0)
1366 {
1367 *error = string_sprintf("file name missing after :include:");
1368 return FF_ERROR;
1369 }
1370
1371 if (flen > 255)
1372 {
1373 *error = string_sprintf("included file name \"%s\" is too long", t);
1374 return FF_ERROR;
1375 }
1376
1377 Ustrncpy(filename, t, flen);
1378 filename[flen] = 0;
1379
1380 /* Insist on absolute path */
1381
1382 if (filename[0]!= '/')
1383 {
1384 *error = string_sprintf("included file \"%s\" is not an absolute path",
1385 filename);
1386 return FF_ERROR;
1387 }
1388
1389 /* Check if include is permitted */
1390
1391 if ((options & RDO_INCLUDE) != 0)
1392 {
1393 *error = US"included files not permitted";
1394 return FF_ERROR;
1395 }
1396
1397 /* Check file name if required */
1398
1399 if (directory != NULL)
1400 {
1401 int len = Ustrlen(directory);
1402 uschar *p = filename + len;
1403
1404 if (Ustrncmp(filename, directory, len) != 0 || *p != '/')
1405 {
1406 *error = string_sprintf("included file %s is not in directory %s",
1407 filename, directory);
1408 return FF_ERROR;
1409 }
1410
1411 /* It is necessary to check that every component inside the directory
1412 is NOT a symbolic link, in order to keep the file inside the directory.
1413 This is mighty tedious. It is also not totally foolproof in that it
1414 leaves the possibility of a race attack, but I don't know how to do
1415 any better. */
1416
1417 while (*p != 0)
1418 {
1419 int temp;
1420 while (*(++p) != 0 && *p != '/');
1421 temp = *p;
1422 *p = 0;
1423 if (Ulstat(filename, &statbuf) != 0)
1424 {
1425 *error = string_sprintf("failed to stat %s (component of included "
1426 "file)", filename);
1427 *p = temp;
1428 return FF_ERROR;
1429 }
1430
1431 *p = temp;
1432
1433 if ((statbuf.st_mode & S_IFMT) == S_IFLNK)
1434 {
1435 *error = string_sprintf("included file %s in the %s directory "
1436 "involves a symbolic link", filename, directory);
1437 return FF_ERROR;
1438 }
1439 }
1440 }
1441
1442 /* Open and stat the file */
1443
1444 if ((f = Ufopen(filename, "rb")) == NULL)
1445 {
1446 *error = string_open_failed(errno, "included file %s", filename);
1447 return FF_INCLUDEFAIL;
1448 }
1449
1450 if (fstat(fileno(f), &statbuf) != 0)
1451 {
1452 *error = string_sprintf("failed to stat included file %s: %s",
1453 filename, strerror(errno));
1454 fclose(f);
1455 return FF_INCLUDEFAIL;
1456 }
1457
1458 /* If directory was checked, double check that we opened a regular file */
1459
1460 if (directory != NULL && (statbuf.st_mode & S_IFMT) != S_IFREG)
1461 {
1462 *error = string_sprintf("included file %s is not a regular file in "
1463 "the %s directory", filename, directory);
1464 return FF_ERROR;
1465 }
1466
1467 /* Get a buffer and read the contents */
1468
1469 if (statbuf.st_size > MAX_INCLUDE_SIZE)
1470 {
1471 *error = string_sprintf("included file %s is too big (max %d)",
1472 filename, MAX_INCLUDE_SIZE);
1473 return FF_ERROR;
1474 }
1475
1476 filebuf = store_get(statbuf.st_size + 1);
1477 if (fread(filebuf, 1, statbuf.st_size, f) != statbuf.st_size)
1478 {
1479 *error = string_sprintf("error while reading included file %s: %s",
1480 filename, strerror(errno));
1481 fclose(f);
1482 return FF_ERROR;
1483 }
1484 filebuf[statbuf.st_size] = 0;
1485 fclose(f);
1486
1487 addr = NULL;
1488 frc = parse_forward_list(filebuf, options, &addr,
1489 error, incoming_domain, directory, syntax_errors);
1490 if (frc != FF_DELIVERED && frc != FF_NOTDELIVERED) return frc;
1491
1492 if (addr != NULL)
1493 {
1494 last = addr;
1495 while (last->next != NULL) { count++; last = last->next; }
1496 last->next = *anchor;
1497 *anchor = addr;
1498 count++;
1499 }
1500 }
1501
1502 /* Else (not :include:) ensure address is syntactically correct and fully
1503 qualified if not a pipe or a file, removing a leading \ if present on an
1504 unqualified address. For pipes and files we must handle quoting. It's
1505 not quite clear exactly what to do for partially quoted things, but the
1506 common case of having the whole thing in quotes is straightforward. If this
1507 was the case, inquote will have been set TRUE above and the quotes removed.
1508
1509 There is a possible ambiguity over addresses whose local parts start with
1510 a vertical bar or a slash, and the latter do in fact occur, thanks to X.400.
1511 Consider a .forward file that contains the line
1512
1513 /X=xxx/Y=xxx/OU=xxx/@some.gate.way
1514
1515 Is this a file or an X.400 address? Does it make any difference if it is in
1516 quotes? On the grounds that file names of this type are rare, Exim treats
1517 something that parses as an RFC 822 address and has a domain as an address
1518 rather than a file or a pipe. This is also how an address such as the above
1519 would be treated if it came in from outside. */
1520
1521 else
1522 {
1523 int start, end, domain;
1524 uschar *recipient = NULL;
1525 int save = s[len];
1526 s[len] = 0;
1527
1528 /* If it starts with \ and the rest of it parses as a valid mail address
1529 without a domain, carry on with that address, but qualify it with the
1530 incoming domain. Otherwise arrange for the address to fall through,
1531 causing an error message on the re-parse. */
1532
1533 if (*s == '\\')
1534 {
1535 recipient =
1536 parse_extract_address(s+1, error, &start, &end, &domain, FALSE);
1537 if (recipient != NULL)
1538 recipient = (domain != 0)? NULL :
1539 string_sprintf("%s@%s", recipient, incoming_domain);
1540 }
1541
1542 /* Try parsing the item as an address. */
1543
1544 if (recipient == NULL) recipient =
1545 parse_extract_address(s, error, &start, &end, &domain, FALSE);
1546
1547 /* If item starts with / or | and is not a valid address, or there
1548 is no domain, treat it as a file or pipe. If it was a quoted item,
1549 remove the quoting occurrences of \ within it. */
1550
1551 if ((*s == '|' || *s == '/') && (recipient == NULL || domain == 0))
1552 {
1553 uschar *t = store_get(Ustrlen(s) + 1);
1554 uschar *p = t;
1555 uschar *q = s;
1556 while (*q != 0)
1557 {
1558 if (inquote)
1559 {
1560 *p++ = (*q == '\\')? *(++q) : *q;
1561 q++;
1562 }
1563 else *p++ = *q++;
1564 }
1565 *p = 0;
1566 addr = deliver_make_addr(t, TRUE);
1567 setflag(addr, af_pfr); /* indicates pipe/file/reply */
1568 if (*s != '|') setflag(addr, af_file); /* indicates file */
1569 }
1570
1571 /* Item must be an address. Complain if not, else qualify, rewrite and set
1572 up the control block. It appears that people are in the habit of using
1573 empty addresses but with comments as a way of putting comments into
1574 alias and forward files. Therefore, ignore the error "empty address".
1575 Mailing lists might want to tolerate syntax errors; there is therefore
1576 an option to do so. */
1577
1578 else
1579 {
1580 if (recipient == NULL)
1581 {
1582 if (Ustrcmp(*error, "empty address") == 0)
1583 {
1584 *error = NULL;
1585 s[len] = save;
1586 s = nexts;
1587 continue;
1588 }
1589
1590 if (syntax_errors != NULL)
1591 {
1592 error_block *e = store_get(sizeof(error_block));
1593 error_block *last = *syntax_errors;
1594 if (last == NULL) *syntax_errors = e; else
1595 {
1596 while (last->next != NULL) last = last->next;
1597 last->next = e;
1598 }
1599 e->next = NULL;
1600 e->text1 = *error;
1601 e->text2 = string_copy(s);
1602 s[len] = save;
1603 s = nexts;
1604 continue;
1605 }
1606 else
1607 {
1608 *error = string_sprintf("%s in \"%s\"", *error, s);
1609 s[len] = save; /* _after_ using it for *error */
1610 return FF_ERROR;
1611 }
1612 }
1613
1614 /* Address was successfully parsed. Rewrite, and then make an address
1615 block. */
1616
1617 recipient = ((options & RDO_REWRITE) != 0)?
1618 rewrite_address(recipient, TRUE, FALSE, global_rewrite_rules,
1619 rewrite_existflags) :
1620 rewrite_address_qualify(recipient, TRUE);
1621 addr = deliver_make_addr(recipient, TRUE); /* TRUE => copy recipient */
1622 }
1623
1624 /* Restore the final character in the original data, and add to the
1625 output chain. */
1626
1627 s[len] = save;
1628 addr->next = *anchor;
1629 *anchor = addr;
1630 count++;
1631 }
1632
1633 /* Advance pointer for the next address */
1634
1635 s = nexts;
1636 }
1637 }
1638
1639
1640 /*************************************************
1641 **************************************************
1642 * Stand-alone test program *
1643 **************************************************
1644 *************************************************/
1645
1646 #if defined STAND_ALONE
1647 int main(void)
1648 {
1649 int start, end, domain;
1650 uschar buffer[1024];
1651 uschar outbuff[1024];
1652
1653 big_buffer = store_malloc(big_buffer_size);
1654
1655 /* strip_trailing_dot = TRUE; */
1656 allow_domain_literals = TRUE;
1657
1658 printf("Testing parse_fix_phrase\n");
1659
1660 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1661 {
1662 buffer[Ustrlen(buffer)-1] = 0;
1663 if (buffer[0] == 0) break;
1664 printf("%s\n", CS parse_fix_phrase(buffer, Ustrlen(buffer), outbuff,
1665 sizeof(outbuff)));
1666 }
1667
1668 printf("Testing parse_extract_address without group syntax and without UTF-8\n");
1669
1670 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1671 {
1672 uschar *out;
1673 uschar *errmess;
1674 buffer[Ustrlen(buffer) - 1] = 0;
1675 if (buffer[0] == 0) break;
1676 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
1677 if (out == NULL) printf("*** bad address: %s\n", errmess); else
1678 {
1679 uschar extract[1024];
1680 Ustrncpy(extract, buffer+start, end-start);
1681 extract[end-start] = 0;
1682 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
1683 }
1684 }
1685
1686 printf("Testing parse_extract_address without group syntax but with UTF-8\n");
1687
1688 allow_utf8_domains = TRUE;
1689 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1690 {
1691 uschar *out;
1692 uschar *errmess;
1693 buffer[Ustrlen(buffer) - 1] = 0;
1694 if (buffer[0] == 0) break;
1695 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
1696 if (out == NULL) printf("*** bad address: %s\n", errmess); else
1697 {
1698 uschar extract[1024];
1699 Ustrncpy(extract, buffer+start, end-start);
1700 extract[end-start] = 0;
1701 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
1702 }
1703 }
1704 allow_utf8_domains = FALSE;
1705
1706 printf("Testing parse_extract_address with group syntax\n");
1707
1708 parse_allow_group = TRUE;
1709 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1710 {
1711 uschar *out;
1712 uschar *errmess;
1713 uschar *s;
1714 buffer[Ustrlen(buffer) - 1] = 0;
1715 if (buffer[0] == 0) break;
1716 s = buffer;
1717 while (*s != 0)
1718 {
1719 uschar *ss = parse_find_address_end(s, FALSE);
1720 int terminator = *ss;
1721 *ss = 0;
1722 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
1723 *ss = terminator;
1724
1725 if (out == NULL) printf("*** bad address: %s\n", errmess); else
1726 {
1727 uschar extract[1024];
1728 Ustrncpy(extract, buffer+start, end-start);
1729 extract[end-start] = 0;
1730 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
1731 }
1732
1733 s = ss + (terminator? 1:0);
1734 while (isspace(*s)) s++;
1735 }
1736 }
1737
1738 printf("Testing parse_find_at\n");
1739
1740 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1741 {
1742 uschar *s;
1743 buffer[Ustrlen(buffer)-1] = 0;
1744 if (buffer[0] == 0) break;
1745 s = parse_find_at(buffer);
1746 if (s == NULL) printf("no @ found\n");
1747 else printf("offset = %d\n", s - buffer);
1748 }
1749
1750 printf("Testing parse_extract_addresses\n");
1751
1752 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
1753 {
1754 uschar *errmess;
1755 int extracted;
1756 address_item *anchor = NULL;
1757 buffer[Ustrlen(buffer) - 1] = 0;
1758 if (buffer[0] == 0) break;
1759 if ((extracted = parse_forward_list(buffer, -1, &anchor,
1760 &errmess, US"incoming.domain", NULL, NULL)) == FF_DELIVERED)
1761 {
1762 while (anchor != NULL)
1763 {
1764 address_item *addr = anchor;
1765 anchor = anchor->next;
1766 printf("%d %s\n", testflag(addr, af_pfr), addr->address);
1767 }
1768 }
1769 else printf("Failed: %d %s\n", extracted, errmess);
1770 }
1771
1772 return 0;
1773 }
1774
1775 #endif
1776
1777 /* End of parse.c */
Unnamed repository; edit this file 'description' to name the repository.