projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Start
[exim.git] / src / src / route.c
1 /* $Cambridge: exim/src/src/route.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10 /* Functions concerned with routing, and the list of generic router options. */
11
12
13 #include "exim.h"
14
15
16
17 /* Generic options for routers, all of which live inside router_instance
18 data blocks and which therefore have the opt_public flag set. */
19
20 optionlist optionlist_routers[] = {
21 { "*expand_group", opt_stringptr | opt_hidden | opt_public,
22 (void *)(offsetof(router_instance, expand_gid)) },
23 { "*expand_more", opt_stringptr | opt_hidden | opt_public,
24 (void *)(offsetof(router_instance, expand_more)) },
25 { "*expand_unseen", opt_stringptr | opt_hidden | opt_public,
26 (void *)(offsetof(router_instance, expand_unseen)) },
27 { "*expand_user", opt_stringptr | opt_hidden | opt_public,
28 (void *)(offsetof(router_instance, expand_uid)) },
29 { "*set_group", opt_bool | opt_hidden | opt_public,
30 (void *)(offsetof(router_instance, gid_set)) },
31 { "*set_user", opt_bool | opt_hidden | opt_public,
32 (void *)(offsetof(router_instance, uid_set)) },
33 { "address_data", opt_stringptr|opt_public,
34 (void *)(offsetof(router_instance, address_data)) },
35 { "address_test", opt_bool|opt_public,
36 (void *)(offsetof(router_instance, address_test)) },
37 { "cannot_route_message", opt_stringptr | opt_public,
38 (void *)(offsetof(router_instance, cannot_route_message)) },
39 { "caseful_local_part", opt_bool | opt_public,
40 (void *)(offsetof(router_instance, caseful_local_part)) },
41 { "check_local_user", opt_bool | opt_public,
42 (void *)(offsetof(router_instance, check_local_user)) },
43 { "condition", opt_stringptr|opt_public,
44 (void *)offsetof(router_instance, condition) },
45 { "debug_print", opt_stringptr | opt_public,
46 (void *)offsetof(router_instance, debug_string) },
47 { "disable_logging", opt_bool | opt_public,
48 (void *)offsetof(router_instance, disable_logging) },
49 { "domains", opt_stringptr|opt_public,
50 (void *)offsetof(router_instance, domains) },
51 { "driver", opt_stringptr|opt_public,
52 (void *)offsetof(router_instance, driver_name) },
53 { "errors_to", opt_stringptr|opt_public,
54 (void *)(offsetof(router_instance, errors_to)) },
55 { "expn", opt_bool|opt_public,
56 (void *)offsetof(router_instance, expn) },
57 { "fail_verify", opt_bool_verify|opt_hidden|opt_public,
58 (void *)offsetof(router_instance, fail_verify_sender) },
59 { "fail_verify_recipient", opt_bool|opt_public,
60 (void *)offsetof(router_instance, fail_verify_recipient) },
61 { "fail_verify_sender", opt_bool|opt_public,
62 (void *)offsetof(router_instance, fail_verify_sender) },
63 { "fallback_hosts", opt_stringptr|opt_public,
64 (void *)offsetof(router_instance, fallback_hosts) },
65 { "group", opt_expand_gid | opt_public,
66 (void *)(offsetof(router_instance, gid)) },
67 { "headers_add", opt_stringptr|opt_public,
68 (void *)offsetof(router_instance, extra_headers) },
69 { "headers_remove", opt_stringptr|opt_public,
70 (void *)offsetof(router_instance, remove_headers) },
71 { "ignore_target_hosts",opt_stringptr|opt_public,
72 (void *)offsetof(router_instance, ignore_target_hosts) },
73 { "initgroups", opt_bool | opt_public,
74 (void *)(offsetof(router_instance, initgroups)) },
75 { "local_part_prefix", opt_stringptr|opt_public,
76 (void *)offsetof(router_instance, prefix) },
77 { "local_part_prefix_optional",opt_bool|opt_public,
78 (void *)offsetof(router_instance, prefix_optional) },
79 { "local_part_suffix", opt_stringptr|opt_public,
80 (void *)offsetof(router_instance, suffix) },
81 { "local_part_suffix_optional",opt_bool|opt_public,
82 (void *)offsetof(router_instance, suffix_optional) },
83 { "local_parts", opt_stringptr|opt_public,
84 (void *)offsetof(router_instance, local_parts) },
85 { "log_as_local", opt_bool|opt_public,
86 (void *)offsetof(router_instance, log_as_local) },
87 { "more", opt_expand_bool|opt_public,
88 (void *)offsetof(router_instance, more) },
89 { "pass_on_timeout", opt_bool|opt_public,
90 (void *)offsetof(router_instance, pass_on_timeout) },
91 { "pass_router", opt_stringptr|opt_public,
92 (void *)offsetof(router_instance, pass_router_name) },
93 { "redirect_router", opt_stringptr|opt_public,
94 (void *)offsetof(router_instance, redirect_router_name) },
95 { "require_files", opt_stringptr|opt_public,
96 (void *)offsetof(router_instance, require_files) },
97 { "retry_use_local_part", opt_bool|opt_public,
98 (void *)offsetof(router_instance, retry_use_local_part) },
99 { "router_home_directory", opt_stringptr|opt_public,
100 (void *)offsetof(router_instance, router_home_directory) },
101 { "self", opt_stringptr|opt_public,
102 (void *)(offsetof(router_instance, self)) },
103 { "senders", opt_stringptr|opt_public,
104 (void *)offsetof(router_instance, senders) },
105 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
106 { "translate_ip_address", opt_stringptr|opt_public,
107 (void *)offsetof(router_instance, translate_ip_address) },
108 #endif
109 { "transport", opt_stringptr|opt_public,
110 (void *)offsetof(router_instance, transport_name) },
111 { "transport_current_directory", opt_stringptr|opt_public,
112 (void *)offsetof(router_instance, current_directory) },
113 { "transport_home_directory", opt_stringptr|opt_public,
114 (void *)offsetof(router_instance, home_directory) },
115 { "unseen", opt_expand_bool|opt_public,
116 (void *)offsetof(router_instance, unseen) },
117 { "user", opt_expand_uid | opt_public,
118 (void *)(offsetof(router_instance, uid)) },
119 { "verify", opt_bool_verify|opt_hidden|opt_public,
120 (void *)offsetof(router_instance, verify_sender) },
121 { "verify_only", opt_bool|opt_public,
122 (void *)offsetof(router_instance, verify_only) },
123 { "verify_recipient", opt_bool|opt_public,
124 (void *)offsetof(router_instance, verify_recipient) },
125 { "verify_sender", opt_bool|opt_public,
126 (void *)offsetof(router_instance, verify_sender) }
127 };
128
129 int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist);
130
131
132
133 /*************************************************
134 * Set router pointer from name *
135 *************************************************/
136
137 /* This function is used for the redirect_router and pass_router options and
138 called from route_init() below.
139
140 Arguments:
141 r the current router
142 name new router name
143 ptr where to put the pointer
144 after TRUE if router must follow this one
145
146 Returns: nothing.
147 */
148
149 static void
150 set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after)
151 {
152 BOOL afterthis = FALSE;
153 router_instance *rr;
154
155 for (rr = routers; rr != NULL; rr = rr->next)
156 {
157 if (Ustrcmp(name, rr->name) == 0)
158 {
159 *ptr = rr;
160 break;
161 }
162 if (rr == r) afterthis = TRUE;
163 }
164
165 if (rr == NULL)
166 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
167 "new_router \"%s\" not found for \"%s\" router", name, r->name);
168
169 if (after && !afterthis)
170 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
171 "new_router \"%s\" does not follow \"%s\" router", name, r->name);
172 }
173
174
175
176 /*************************************************
177 * Initialize router list *
178 *************************************************/
179
180 /* Read the routers section of the configuration file, and set up a chain of
181 router instances according to its contents. Each router has generic options and
182 may also have its own private options. This function is only ever called when
183 routers == NULL. We use generic code in readconf to do the work. It will set
184 values from the configuration file, and then call the driver's initialization
185 function. */
186
187 void
188 route_init(void)
189 {
190 router_instance *r;
191
192 readconf_driver_init(US"router",
193 (driver_instance **)(&routers), /* chain anchor */
194 (driver_info *)routers_available, /* available drivers */
195 sizeof(router_info), /* size of info blocks */
196 &router_defaults, /* default values for generic options */
197 sizeof(router_instance), /* size of instance block */
198 optionlist_routers, /* generic options */
199 optionlist_routers_size);
200
201 for (r = routers; r != NULL; r = r->next)
202 {
203 uschar *s = r->self;
204
205 /* If log_as_local is unset, its overall default is FALSE. (The accept
206 router defaults it to TRUE.) */
207
208 if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE;
209
210 /* Check for transport or no transport on certain routers */
211
212 if ((r->info->ri_flags & ri_yestransport) != 0 &&
213 r->transport_name == NULL &&
214 !r->verify_only)
215 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
216 "a transport is required for this router", r->name);
217
218 if ((r->info->ri_flags & ri_notransport) != 0 &&
219 r->transport_name != NULL)
220 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
221 "a transport must not be defined for this router", r->name);
222
223 /* The "self" option needs to be decoded into a code value and possibly a
224 new domain string and a rewrite boolean. */
225
226 if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze;
227 else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer;
228 else if (Ustrcmp(s, "send") == 0) r->self_code = self_send;
229 else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass;
230 else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail;
231 else if (Ustrncmp(s, "reroute:", 8) == 0)
232 {
233 s += 8;
234 while (isspace(*s)) s++;
235 if (Ustrncmp(s, "rewrite:", 8) == 0)
236 {
237 r->self_rewrite = TRUE;
238 s += 8;
239 while (isspace(*s)) s++;
240 }
241 r->self = s;
242 r->self_code = self_reroute;
243 }
244
245 else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
246 "%s is not valid for the self option", r->name, s);
247
248 /* If any router has check_local_user set, default retry_use_local_part
249 TRUE; otherwise its default is FALSE. */
250
251 if (r->retry_use_local_part == TRUE_UNSET)
252 r->retry_use_local_part = r->check_local_user;
253
254 /* Build a host list if fallback hosts is set. */
255
256 host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
257
258 /* Check redirect_router and pass_router are valid */
259
260 if (r->redirect_router_name != NULL)
261 set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
262
263 if (r->pass_router_name != NULL)
264 set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
265 }
266 }
267
268
269
270 /*************************************************
271 * Tidy up after routing *
272 *************************************************/
273
274 /* Routers are entitled to keep hold of certain resources in their instance
275 blocks so as to save setting them up each time. An example is an open file.
276 Such routers must provide a tidyup entry point which is called when all routing
277 is finished, via this function. */
278
279 void
280 route_tidyup(void)
281 {
282 router_instance *r;
283 for (r = routers; r != NULL; r = r->next)
284 if (r->info->tidyup != NULL) (r->info->tidyup)(r);
285 }
286
287
288
289 /*************************************************
290 * Check local part for prefix *
291 *************************************************/
292
293 /* This function is handed a local part and a list of possible prefixes; if any
294 one matches, return the prefix length. A prefix beginning with '*' is a
295 wildcard.
296
297 Arguments:
298 local_part the local part to check
299 prefixes the list of prefixes
300
301 Returns: length of matching prefix or zero
302 */
303
304 int
305 route_check_prefix(uschar *local_part, uschar *prefixes)
306 {
307 int sep = 0;
308 uschar *prefix;
309 uschar *listptr = prefixes;
310 uschar prebuf[64];
311
312 while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf)))
313 != NULL)
314 {
315 int plen = Ustrlen(prefix);
316 if (prefix[0] == '*')
317 {
318 uschar *p;
319 prefix++;
320 for (p = local_part + Ustrlen(local_part) - (--plen);
321 p >= local_part; p--)
322 if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part;
323 }
324 else
325 if (strncmpic(prefix, local_part, plen) == 0) return plen;
326 }
327
328 return 0;
329 }
330
331
332
333 /*************************************************
334 * Check local part for suffix *
335 *************************************************/
336
337 /* This function is handed a local part and a list of possible suffixes;
338 if any one matches, return the suffix length. A suffix ending with '*'
339 is a wildcard.
340
341 Arguments:
342 local_part the local part to check
343 suffixes the list of suffixes
344
345 Returns: length of matching suffix or zero
346 */
347
348 int
349 route_check_suffix(uschar *local_part, uschar *suffixes)
350 {
351 int sep = 0;
352 int alen = Ustrlen(local_part);
353 uschar *suffix;
354 uschar *listptr = suffixes;
355 uschar sufbuf[64];
356
357 while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf)))
358 != NULL)
359 {
360 int slen = Ustrlen(suffix);
361 if (suffix[slen-1] == '*')
362 {
363 uschar *p, *pend;
364 pend = local_part + alen - (--slen) + 1;
365 for (p = local_part; p < pend; p++)
366 if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part);
367 }
368 else
369 if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0)
370 return slen;
371 }
372
373 return 0;
374 }
375
376
377
378
379 /*************************************************
380 * Check local part, domain, or sender *
381 *************************************************/
382
383 /* The checks in check_router_conditions() require similar code, so we use
384 this function to save repetition.
385
386 Arguments:
387 rname router name for error messages
388 type type of check, for error message
389 list domains, local_parts, or senders list
390 anchorptr -> tree for possibly cached items (domains)
391 cache_bits cached bits pointer
392 listtype MCL_DOMAIN for domain check
393 MCL_LOCALPART for local part check
394 MCL_ADDRESS for sender check
395 domloc current domain, current local part, or NULL for sender check
396 ldata where to put lookup data
397 caseless passed on to match_isinlist()
398 perror where to put an error message
399
400 Returns: OK item is in list
401 SKIP item is not in list, router is to be skipped
402 DEFER lookup or other defer
403 */
404
405 static int
406 route_check_dls(uschar *rname, uschar *type, uschar *list, tree_node
407 **anchorptr, unsigned int *cache_bits, int listtype, uschar *domloc,
408 uschar **ldata, BOOL caseless, uschar **perror)
409 {
410 int rc;
411
412 if (list == NULL) return OK; /* Empty list always succeeds */
413
414 DEBUG(D_route) debug_printf("checking %s\n", type);
415
416 /* The domain and local part use the same matching function, whereas sender
417 has its own code. */
418
419 if (domloc != NULL)
420 {
421 rc = match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype,
422 caseless, ldata);
423 }
424 else
425 {
426 uschar *address = (sender_address == NULL)? US"" : sender_address;
427 rc = match_address_list(address, TRUE, TRUE, &list, cache_bits, -1, 0,
428 &sender_data);
429 }
430
431 switch(rc)
432 {
433 case OK:
434 return OK;
435
436 case FAIL:
437 *perror = string_sprintf("%s router skipped: %s mismatch", rname, type);
438 DEBUG(D_route) debug_printf("%s\n", *perror);
439 return SKIP;
440
441 default: /* Paranoia, and keeps compilers happy */
442 case DEFER:
443 *perror = string_sprintf("%s check lookup or other defer", type);
444 DEBUG(D_route) debug_printf("%s\n", *perror);
445 return DEFER;
446 }
447 }
448
449
450
451 /*************************************************
452 * Check access by a given uid/gid *
453 *************************************************/
454
455 /* This function checks whether a given uid/gid has access to a given file or
456 directory. It is called only from check_files() below. This is hopefully a
457 cheapish check that does the job most of the time. Exim does *not* rely on this
458 test when actually accessing any file. The test is used when routing to make it
459 possible to take actions such as "if user x can access file y then run this
460 router".
461
462 During routing, Exim is normally running as root, and so the test will work
463 except for NFS non-root mounts. When verifying during message reception, Exim
464 is running as "exim", so the test may not work. This is a limitation of the
465 Exim design.
466
467 Code in check_files() below detects the case when it cannot stat() the file (as
468 root), and in that situation it uses a setuid subprocess in which to run this
469 test.
470
471 Arguments:
472 path the path to check
473 uid the user
474 gid the group
475 bits the bits required in the final component
476
477 Returns: TRUE
478 FALSE errno=EACCES or ENOENT (or others from realpath or stat)
479 */
480
481 static BOOL
482 route_check_access(uschar *path, uid_t uid, gid_t gid, int bits)
483 {
484 struct stat statbuf;
485 uschar *slash;
486 uschar *rp = US realpath(CS path, CS big_buffer);
487 uschar *sp = rp + 1;
488
489 DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path,
490 (int)uid, (int)gid, bits);
491
492 if (rp == NULL) return FALSE;
493
494 while ((slash = Ustrchr(sp, '/')) != NULL)
495 {
496 *slash = 0;
497 DEBUG(D_route) debug_printf("stat %s\n", rp);
498 if (Ustat(rp, &statbuf) < 0) return FALSE;
499 if ((statbuf.st_mode &
500 ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001)
501 ) == 0)
502 {
503 errno = EACCES;
504 return FALSE;
505 }
506 *slash = '/';
507 sp = slash + 1;
508 }
509
510 /* Down to the final component */
511
512 DEBUG(D_route) debug_printf("stat %s\n", rp);
513
514 if (Ustat(rp, &statbuf) < 0) return FALSE;
515
516 if (statbuf.st_uid == uid) bits = bits << 6;
517 else if (statbuf.st_gid == gid) bits = bits << 3;
518 if ((statbuf.st_mode & bits) != bits)
519 {
520 errno = EACCES;
521 return FALSE;
522 }
523
524 DEBUG(D_route) debug_printf("route_check_access() succeeded\n");
525 return TRUE;
526 }
527
528
529
530 /*************************************************
531 * Do file existence tests *
532 *************************************************/
533
534 /* This function is given a colon-separated list of file tests, each of which
535 is expanded before use. A test consists of a file name, optionally preceded by
536 ! (require non-existence) and/or + for handling permission denied (+ means
537 treat as non-existing).
538
539 An item that contains no slashes is interpreted as a username or id, with an
540 optional group id, for checking access to the file. This cannot be done
541 "perfectly", but it is good enough for a number of applications.
542
543 Arguments:
544 s a colon-separated list of file tests or NULL
545 perror a pointer to an anchor for an error text in the case of a DEFER
546
547 Returns: OK if s == NULL or all tests are as required
548 DEFER if the existence of at least one of the files is
549 unclear (an error other than non-existence occurred);
550 DEFER if an expansion failed
551 DEFER if a name is not absolute
552 DEFER if problems with user/group
553 SKIP otherwise
554 */
555
556 int
557 check_files(uschar *s, uschar **perror)
558 {
559 int sep = 0; /* List has default separators */
560 uid_t uid = 0; /* For picky compilers */
561 gid_t gid = 0; /* For picky compilers */
562 BOOL ugid_set = FALSE;
563 uschar *check, *listptr;
564 uschar buffer[1024];
565
566 if (s == NULL) return OK;
567
568 DEBUG(D_route) debug_printf("checking require_files\n");
569
570 listptr = s;
571 while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))
572 != NULL)
573 {
574 int rc;
575 int eacces_code = 0;
576 BOOL invert = FALSE;
577 struct stat statbuf;
578 uschar *ss = expand_string(check);
579
580 if (ss == NULL)
581 {
582 if (expand_string_forcedfail) continue;
583 *perror = string_sprintf("failed to expand \"%s\" for require_files: %s",
584 check, expand_string_message);
585 goto RETURN_DEFER;
586 }
587
588 /* Empty items are just skipped */
589
590 if (*ss == 0) continue;
591
592 /* If there are no slashes in the string, we have a user name or uid, with
593 optional group/gid. */
594
595 if (Ustrchr(ss, '/') == NULL)
596 {
597 BOOL ok;
598 struct passwd *pw;
599 uschar *comma = Ustrchr(ss, ',');
600
601 /* If there's a comma, temporarily terminate the user name/number
602 at that point. Then set the uid. */
603
604 if (comma != NULL) *comma = 0;
605 ok = route_finduser(ss, &pw, &uid);
606 if (comma != NULL) *comma = ',';
607
608 if (!ok)
609 {
610 *perror = string_sprintf("user \"%s\" for require_files not found", ss);
611 goto RETURN_DEFER;
612 }
613
614 /* If there was no comma, the gid is that associated with the user. */
615
616 if (comma == NULL)
617 {
618 if (pw != NULL) gid = pw->pw_gid; else
619 {
620 *perror = string_sprintf("group missing after numerical uid %d for "
621 "require_files", (int)uid);
622 goto RETURN_DEFER;
623 }
624 }
625 else
626 {
627 if (!route_findgroup(comma + 1, &gid))
628 {
629 *perror = string_sprintf("group \"%s\" for require_files not found\n",
630 comma + 1);
631 goto RETURN_DEFER;
632 }
633 }
634
635 /* Note that we have values set, and proceed to next item */
636
637 DEBUG(D_route)
638 debug_printf("check subsequent files for access by %s\n", ss);
639 ugid_set = TRUE;
640 continue;
641 }
642
643 /* Path, possibly preceded by + and ! */
644
645 if (*ss == '+')
646 {
647 eacces_code = 1;
648 while (isspace((*(++ss))));
649 }
650
651 if (*ss == '!')
652 {
653 invert = TRUE;
654 while (isspace((*(++ss))));
655 }
656
657 if (*ss != '/')
658 {
659 *perror = string_sprintf("require_files: \"%s\" is not absolute", ss);
660 goto RETURN_DEFER;
661 }
662
663 /* Stat the file, either as root (while routing) or as exim (while verifying
664 during message reception). */
665
666 rc = Ustat(ss, &statbuf);
667
668 DEBUG(D_route)
669 {
670 debug_printf("file check: %s\n", check);
671 if (ss != check) debug_printf("expanded file: %s\n", ss);
672 debug_printf("stat() yielded %d\n", rc);
673 }
674
675 /* If permission is denied, and we are running as root (i.e. routing for
676 delivery rather than verifying), and the requirement is to test for access by
677 a particular uid/gid, it must mean that the file is on a non-root-mounted NFS
678 system. In this case, we have to use a subprocess that runs as the relevant
679 uid in order to do the test. */
680
681 if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid)
682 {
683 int status;
684 pid_t pid;
685 void (*oldsignal)(int);
686
687 DEBUG(D_route) debug_printf("root is denied access: forking to check "
688 "in subprocess\n");
689
690 /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so
691 that the child process can be waited for, just in case get here with it set
692 otherwise. Save the old state for resetting on the wait. */
693
694 oldsignal = signal(SIGCHLD, SIG_DFL);
695 pid = fork();
696
697 /* If fork() fails, reinstate the original error and behave as if
698 this block of code were not present. This is the same behavious as happens
699 when Exim is not running as root at this point. */
700
701 if (pid < 0)
702 {
703 DEBUG(D_route)
704 debug_printf("require_files: fork failed: %s\n", strerror(errno));
705 errno = EACCES;
706 goto HANDLE_ERROR;
707 }
708
709 /* In the child process, change uid and gid, and then do the check using
710 the route_check_access() function. This does more than just stat the file;
711 it tests permissions as well. Return 0 for OK and 1 for failure. */
712
713 if (pid == 0)
714 {
715 exim_setugid(uid, gid, TRUE,
716 string_sprintf("require_files check, file=%s", ss));
717 if (route_check_access(ss, uid, gid, 4)) _exit(0);
718 DEBUG(D_route) debug_printf("route_check_access() failed\n");
719 _exit(1);
720 }
721
722 /* In the parent, wait for the child to finish */
723
724 while (waitpid(pid, &status, 0) < 0)
725 {
726 if (errno != EINTR) /* unexpected error, interpret as failure */
727 {
728 status = 1;
729 break;
730 }
731 }
732
733 signal(SIGCHLD, oldsignal); /* restore */
734 if ((status == 0) == invert) return SKIP;
735 continue; /* to test the next file */
736 }
737
738 /* Control reaches here if the initial stat() succeeds, or fails with an
739 error other than EACCES, or no uid/gid is set, or we are not running as root.
740 If we know the file exists and uid/gid are set, try to check read access for
741 that uid/gid as best we can. */
742
743 if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4))
744 {
745 DEBUG(D_route) debug_printf("route_check_access() failed\n");
746 rc = -1;
747 }
748
749 /* Handle error returns from stat() or route_check_access(). The EACESS error
750 is handled specially. At present, we can force it to be treated as
751 non-existence. Write the code so that it will be easy to add forcing for
752 existence if required later. */
753
754 HANDLE_ERROR:
755 if (rc < 0)
756 {
757 DEBUG(D_route) debug_printf("errno = %d\n", errno);
758 if (errno == EACCES)
759 {
760 if (eacces_code == 1)
761 {
762 DEBUG(D_route) debug_printf("EACCES => ENOENT\n");
763 errno = ENOENT; /* Treat as non-existent */
764 }
765 }
766 if (errno != ENOENT)
767 {
768 *perror = string_sprintf("require_files: error for %s: %s", ss,
769 strerror(errno));
770 goto RETURN_DEFER;
771 }
772 }
773
774 /* At this point, rc < 0 => non-existence; rc >= 0 => existence */
775
776 if ((rc >= 0) == invert) return SKIP;
777 }
778
779 return OK;
780
781 /* Come here on any of the errors that return DEFER. */
782
783 RETURN_DEFER:
784 DEBUG(D_route) debug_printf("%s\n", *perror);
785 return DEFER;
786 }
787
788
789
790
791
792 /*************************************************
793 * Check for router skipping *
794 *************************************************/
795
796 /* This function performs various checks to see whether a router should be
797 skipped. The order in which they are performed is important.
798
799 Arguments:
800 r pointer to router instance block
801 addr address that is being handled
802 verify the verification type
803 pw ptr to ptr to passwd structure for local user
804 perror for lookup errors
805
806 Returns: OK if all the tests succeed
807 SKIP if router is to be skipped
808 DEFER for a lookup defer
809 FAIL for address to be failed
810 */
811
812 static BOOL
813 check_router_conditions(router_instance *r, address_item *addr, int verify,
814 struct passwd **pw, uschar **perror)
815 {
816 int rc;
817 uschar *check_local_part;
818
819 /* Reset variables to hold a home directory and data from lookup of a domain or
820 local part, and ensure search_find_defer is unset, in case there aren't any
821 actual lookups. */
822
823 deliver_home = NULL;
824 deliver_domain_data = NULL;
825 deliver_localpart_data = NULL;
826 sender_data = NULL;
827 local_user_gid = (gid_t)(-1);
828 local_user_uid = (uid_t)(-1);
829 search_find_defer = FALSE;
830
831 /* Skip this router if not verifying and it has verify_only set */
832
833 if ((verify == v_none || verify == v_expn) && r->verify_only)
834 {
835 DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name);
836 return SKIP;
837 }
838
839 /* Skip this router if testing an address (-bt) and address_test is not set */
840
841 if (address_test_mode && !r->address_test)
842 {
843 DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n",
844 r->name);
845 return SKIP;
846 }
847
848 /* Skip this router if verifying and it hasn't got the appropriate verify flag
849 set. */
850
851 if ((verify == v_sender && !r->verify_sender) ||
852 (verify == v_recipient && !r->verify_recipient))
853 {
854 DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n",
855 r->name, verify, r->verify_sender, r->verify_recipient);
856 return SKIP;
857 }
858
859 /* Skip this router if processing EXPN and it doesn't have expn set */
860
861 if (verify == v_expn && !r->expn)
862 {
863 DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name);
864 return SKIP;
865 }
866
867 /* Skip this router if there's a domain mismatch. */
868
869 if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor,
870 addr->domain_cache, TRUE, addr->domain, &deliver_domain_data, MCL_DOMAIN,
871 perror)) != OK)
872 return rc;
873
874 /* Skip this router if there's a local part mismatch. We want to pass over the
875 caseful local part, so that +caseful can restore it, even if this router is
876 handling local parts caselessly. However, we can't just pass cc_local_part,
877 because that doesn't have the prefix or suffix stripped. A bit of massaging is
878 required. */
879
880 if (addr->prefix == NULL && addr->suffix == NULL)
881 check_local_part = addr->cc_local_part;
882 else
883 {
884 check_local_part = string_copy(addr->cc_local_part);
885 if (addr->prefix != NULL)
886 check_local_part += Ustrlen(addr->prefix);
887 if (addr->suffix != NULL)
888 check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0;
889 }
890
891 if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
892 &localpartlist_anchor, addr->localpart_cache, MCL_LOCALPART,
893 check_local_part, &deliver_localpart_data, !r->caseful_local_part,
894 perror)) != OK)
895 return rc;
896
897 /* If the check_local_user option is set, check that the local_part is the
898 login of a local user. Note: the third argument to route_finduser() must be
899 NULL here, to prevent a numeric string being taken as a numeric uid. If the
900 user is found, set deliver_home to the home directory, and also set
901 local_user_{uid,gid}. */
902
903 if (r->check_local_user)
904 {
905 DEBUG(D_route) debug_printf("checking for local user\n");
906 if (!route_finduser(addr->local_part, pw, NULL))
907 {
908 DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n",
909 r->name, addr->local_part);
910 return SKIP;
911 }
912 deliver_home = string_copy(US (*pw)->pw_dir);
913 local_user_gid = (*pw)->pw_gid;
914 local_user_uid = (*pw)->pw_uid;
915 }
916
917 /* Set (or override in the case of check_local_user) the home directory if
918 router_home_directory is set. This is done here so that it overrides $home from
919 check_local_user before any subsequent expansions are done. Otherwise, $home
920 could mean different things for different options, which would be extremely
921 confusing. */
922
923 if (r->router_home_directory != NULL)
924 {
925 uschar *router_home = expand_string(r->router_home_directory);
926 if (router_home == NULL)
927 {
928 if (!expand_string_forcedfail)
929 {
930 *perror = string_sprintf("failed to expand \"%s\" for "
931 "router_home_directory: %s", r->router_home_directory,
932 expand_string_message);
933 return DEFER;
934 }
935 }
936 else
937 {
938 setflag(addr, af_home_expanded); /* Note set from router_home_directory */
939 deliver_home = router_home;
940 }
941 }
942
943 /* Skip if the sender condition is not met. We leave this one till after the
944 local user check so that $home is set - enabling the possiblity of letting
945 individual recipients specify lists of acceptable/unacceptable senders. */
946
947 if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
948 sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK)
949 return rc;
950
951 /* This is the point at which we print out the router's debugging string if it
952 is set. We wait till here so as to have $home available for local users (and
953 anyway, we don't want too much stuff for skipped routers). */
954
955 debug_print_string(r->debug_string);
956
957 /* Perform file existence tests. */
958
959 if ((rc = check_files(r->require_files, perror)) != OK)
960 {
961 DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name,
962 (rc == SKIP)? "skipped" : "deferred");
963 return rc;
964 }
965
966 /* Now the general condition test. */
967
968 if (r->condition != NULL)
969 {
970 DEBUG(D_route) debug_printf("checking \"condition\"\n");
971 if (!expand_check_condition(r->condition, r->name, US"router"))
972 {
973 if (search_find_defer)
974 {
975 *perror = US"condition check lookup defer";
976 DEBUG(D_route) debug_printf("%s\n", *perror);
977 return DEFER;
978 }
979 DEBUG(D_route)
980 debug_printf("%s router skipped: condition failure\n", r->name);
981 return SKIP;
982 }
983 }
984
985 /* All the checks passed. */
986
987 return OK;
988 }
989
990
991
992
993 /*************************************************
994 * Find a local user *
995 *************************************************/
996
997 /* Try several times (if configured) to find a local user, in case delays in
998 NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam()
999 doesn't have some kind of indication as to why it has failed. If the string
1000 given consists entirely of digits, and the third argument is not NULL, assume
1001 the string is the numerical value of the uid. Otherwise it is looked up using
1002 getpwnam(). The uid is passed back via return_uid, if not NULL, and the
1003 pointer to a passwd structure, if found, is passed back via pw, if not NULL.
1004
1005 Because this may be called several times in succession for the same user for
1006 different routers, cache the result of the previous getpwnam call so that it
1007 can be re-used. Note that we can't just copy the structure, as the store it
1008 points to can get trashed.
1009
1010 Arguments:
1011 s the login name or textual form of the numerical uid of the user
1012 pw if not NULL, return the result of getpwnam here, or set NULL
1013 if no call to getpwnam is made (s numeric, return_uid != NULL)
1014 return_uid if not NULL, return the uid via this address
1015
1016 Returns: TRUE if s is numerical or was looked up successfully
1017
1018 */
1019
1020 static struct passwd pwcopy;
1021 static struct passwd *lastpw = NULL;
1022 static uschar lastname[48] = { 0 };
1023 static uschar lastdir[128];
1024 static uschar lastgecos[128];
1025 static uschar lastshell[128];
1026
1027 BOOL
1028 route_finduser(uschar *s, struct passwd **pw, uid_t *return_uid)
1029 {
1030 if (Ustrcmp(lastname, s) != 0)
1031 {
1032 int i = 0;
1033
1034 if (return_uid != NULL && (isdigit(*s) || *s == '-') &&
1035 s[Ustrspn(s+1, "0123456789")+1] == 0)
1036 {
1037 *return_uid = (uid_t)Uatoi(s);
1038 if (pw != NULL) *pw = NULL;
1039 return TRUE;
1040 }
1041
1042 (void)string_format(lastname, sizeof(lastname), "%s", s);
1043
1044 /* Force failure if string length is greater than given maximum */
1045
1046 if (max_username_length > 0 && Ustrlen(lastname) > max_username_length)
1047 {
1048 DEBUG(D_uid) debug_printf("forced failure of finduser(): string "
1049 "length of %s is greater than %d\n", lastname, max_username_length);
1050 lastpw = NULL;
1051 }
1052
1053 /* Try a few times if so configured; this handles delays in NIS etc. */
1054
1055 else for (;;)
1056 {
1057 if ((lastpw = getpwnam(CS s)) != NULL) break;
1058 if (++i > finduser_retries) break;
1059 sleep(1);
1060 }
1061
1062 if (lastpw != NULL)
1063 {
1064 pwcopy.pw_uid = lastpw->pw_uid;
1065 pwcopy.pw_gid = lastpw->pw_gid;
1066 (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir);
1067 (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos);
1068 (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell);
1069 pwcopy.pw_name = CS lastname;
1070 pwcopy.pw_dir = CS lastdir;
1071 pwcopy.pw_gecos = CS lastgecos;
1072 pwcopy.pw_shell = CS lastshell;
1073 lastpw = &pwcopy;
1074 }
1075 }
1076 else
1077 {
1078 DEBUG(D_uid) debug_printf("finduser used cached passwd data for %s\n", s);
1079 }
1080
1081 if (lastpw == NULL) return FALSE;
1082
1083 if (return_uid != NULL) *return_uid = lastpw->pw_uid;
1084 if (pw != NULL) *pw = lastpw;
1085
1086 return TRUE;
1087 }
1088
1089
1090
1091
1092 /*************************************************
1093 * Find a local group *
1094 *************************************************/
1095
1096 /* Try several times (if configured) to find a local group, in case delays in
1097 NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam()
1098 doesn't have some kind of indication as to why it has failed.
1099
1100 Arguments:
1101 s the group namd or textual form of the numerical gid
1102 return_gid return the gid via this address
1103
1104 Returns: TRUE if the group was found; FALSE otherwise
1105
1106 */
1107
1108 BOOL
1109 route_findgroup(uschar *s, gid_t *return_gid)
1110 {
1111 int i = 0;
1112 struct group *gr;
1113
1114 if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0)
1115 {
1116 *return_gid = (gid_t)Uatoi(s);
1117 return TRUE;
1118 }
1119
1120 for (;;)
1121 {
1122 if ((gr = getgrnam(CS s)) != NULL)
1123 {
1124 *return_gid = gr->gr_gid;
1125 return TRUE;
1126 }
1127 if (++i > finduser_retries) break;
1128 sleep(1);
1129 }
1130
1131 return FALSE;
1132 }
1133
1134
1135
1136
1137 /*************************************************
1138 * Find user by expanding string *
1139 *************************************************/
1140
1141 /* Expands a string, and then looks up the result in the passwd file.
1142
1143 Arguments:
1144 string the string to be expanded, yielding a login name or a numerical
1145 uid value (to be passed to route_finduser())
1146 driver_name caller name for panic error message (only)
1147 driver_type caller type for panic error message (only)
1148 pw return passwd entry via this pointer
1149 uid return uid via this pointer
1150 errmsg where to point a message on failure
1151
1152 Returns: TRUE if user found, FALSE otherwise
1153 */
1154
1155 BOOL
1156 route_find_expanded_user(uschar *string, uschar *driver_name,
1157 uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg)
1158 {
1159 uschar *user = expand_string(string);
1160
1161 if (user == NULL)
1162 {
1163 *errmsg = string_sprintf("Failed to expand user string \"%s\" for the "
1164 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1165 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1166 return FALSE;
1167 }
1168
1169 if (route_finduser(user, pw, uid)) return TRUE;
1170
1171 *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string "
1172 "\"%s\" for the %s %s", user, string, driver_name, driver_type);
1173 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1174 return FALSE;
1175 }
1176
1177
1178
1179 /*************************************************
1180 * Find group by expanding string *
1181 *************************************************/
1182
1183 /* Expands a string and then looks up the result in the group file.
1184
1185 Arguments:
1186 string the string to be expanded, yielding a group name or a numerical
1187 gid value (to be passed to route_findgroup())
1188 driver_name caller name for panic error message (only)
1189 driver_type caller type for panic error message (only)
1190 gid return gid via this pointer
1191 errmsg return error message via this pointer
1192
1193 Returns: TRUE if found group, FALSE otherwise
1194 */
1195
1196 BOOL
1197 route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type,
1198 gid_t *gid, uschar **errmsg)
1199 {
1200 BOOL yield = TRUE;
1201 uschar *group = expand_string(string);
1202
1203 if (group == NULL)
1204 {
1205 *errmsg = string_sprintf("Failed to expand group string \"%s\" for the "
1206 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1207 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1208 return FALSE;
1209 }
1210
1211 if (!route_findgroup(group, gid))
1212 {
1213 *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string "
1214 "\"%s\" for the %s %s", group, string, driver_name, driver_type);
1215 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1216 yield = FALSE;
1217 }
1218
1219 return yield;
1220 }
1221
1222
1223
1224 /*************************************************
1225 * Sort out "more" or "unseen" *
1226 *************************************************/
1227
1228 /* These values are usually fixed boolean values, but they are permitted to be
1229 expanded strings.
1230
1231 Arguments:
1232 addr address being routed
1233 rname the router name
1234 oname the option name
1235 bvalue the router's boolean value
1236 svalue the router's string value
1237 rvalue where to put the returned value
1238
1239 Returns: OK value placed in rvalue
1240 DEFER expansion failed
1241 */
1242
1243 static int
1244 exp_bool(address_item *addr, uschar *rname, uschar *oname, BOOL bvalue,
1245 uschar *svalue, BOOL *rvalue)
1246 {
1247 uschar *expanded;
1248 if (svalue == NULL) { *rvalue = bvalue; return OK; }
1249
1250 expanded = expand_string(svalue);
1251 if (expanded == NULL)
1252 {
1253 if (expand_string_forcedfail)
1254 {
1255 DEBUG(D_route) debug_printf("expansion of \"%s\" forced failure\n", oname);
1256 *rvalue = bvalue;
1257 return OK;
1258 }
1259 addr->message = string_sprintf("failed to expand \"%s\" in %s router: %s",
1260 oname, rname, expand_string_message);
1261 DEBUG(D_route) debug_printf("%s\n", addr->message);
1262 return DEFER;
1263 }
1264
1265 DEBUG(D_route) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
1266 expanded);
1267
1268 if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
1269 *rvalue = TRUE;
1270 else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
1271 *rvalue = FALSE;
1272 else
1273 {
1274 addr->message = string_sprintf("\"%s\" is not a valid value for the "
1275 "\"%s\" option in the %s router", expanded, oname, rname);
1276 return DEFER;
1277 }
1278
1279 return OK;
1280 }
1281
1282
1283
1284
1285 /*************************************************
1286 * Handle an unseen routing *
1287 *************************************************/
1288
1289 /* This function is called when an address is routed by a router with "unseen"
1290 set. It must make a clone of the address, for handling by subsequent drivers.
1291 The clone is set to start routing at the next router.
1292
1293 The original address must be replaced by an invented "parent" which has the
1294 routed address plus the clone as its children. This is necessary in case the
1295 address is at the top level - we don't want to mark it complete until both
1296 deliveries have been done.
1297
1298 A new unique field must be made, so that the record of the delivery isn't a
1299 record of the original address, and checking for already delivered has
1300 therefore to be done here. If the delivery has happened, then take the base
1301 address off whichever delivery queue it is on - it will always be the top item.
1302
1303 Arguments:
1304 name router name
1305 addr address that was routed
1306 paddr_local chain of local-delivery addresses
1307 paddr_remote chain of remote-delivery addresses
1308 addr_new chain for newly created addresses
1309
1310 Returns: nothing
1311 */
1312
1313 static void
1314 route_unseen(uschar *name, address_item *addr, address_item **paddr_local,
1315 address_item **paddr_remote, address_item **addr_new)
1316 {
1317 address_item *parent = deliver_make_addr(addr->address, TRUE);
1318 address_item *new = deliver_make_addr(addr->address, TRUE);
1319
1320 /* The invented parent is a copy that replaces the original; note that
1321 this copies its parent pointer. It has two children, and its errors_address is
1322 from the original address' parent, if present, otherwise unset. */
1323
1324 *parent = *addr;
1325 parent->child_count = 2;
1326 parent->p.errors_address =
1327 (addr->parent == NULL)? NULL : addr->parent->p.errors_address;
1328
1329 /* The routed address gets a new parent. */
1330
1331 addr->parent = parent;
1332
1333 /* The clone has this parent too. Set its errors address from the parent. This
1334 was set from the original parent (or to NULL) - see above. We do NOT want to
1335 take the errors address from the unseen router. */
1336
1337 new->parent = parent;
1338 new->p.errors_address = parent->p.errors_address;
1339
1340 /* Copy the propagated flags and address_data from the original. */
1341
1342 copyflag(new, addr, af_propagate);
1343 new->p.address_data = addr->p.address_data;
1344
1345
1346 /* As it has turned out, we haven't set headers_add or headers_remove for the
1347 * clone. Thinking about it, it isn't entirely clear whether they should be
1348 * copied from the original parent, like errors_address, or taken from the
1349 * unseen router, like address_data and the flags. Until somebody brings this
1350 * up, I propose to leave the code as it is.
1351 */
1352
1353
1354 /* Set the cloned address to start at the next router, and put it onto the
1355 chain of new addresses. */
1356
1357 new->start_router = addr->router->next;
1358 new->next = *addr_new;
1359 *addr_new = new;
1360
1361 DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address);
1362
1363 /* Make a new unique field, to distinguish from the normal one. */
1364
1365 addr->unique = string_sprintf("%s/%s", addr->unique, name);
1366
1367 /* If the address has been routed to a transport, see if it was previously
1368 delivered. If so, we take it off the relevant queue so that it isn't delivered
1369 again. Otherwise, it was an alias or something, and the addresses it generated
1370 are handled in the normal way. */
1371
1372 if (addr->transport != NULL &&
1373 tree_search(tree_nonrecipients, addr->unique) != NULL)
1374 {
1375 DEBUG(D_route)
1376 debug_printf("\"unseen\" delivery previously done - discarded\n");
1377 parent->child_count--;
1378 if (*paddr_remote == addr) *paddr_remote = addr->next;
1379 if (*paddr_local == addr) *paddr_local = addr->next;
1380 }
1381 }
1382
1383
1384
1385 /*************************************************
1386 * Route one address *
1387 *************************************************/
1388
1389 /* This function is passed in one address item, for processing by the routers.
1390 The verify flag is set if this is being called for verification rather than
1391 delivery. If the router doesn't have its "verify" flag set, it is skipped.
1392
1393 Arguments:
1394 addr address to route
1395 paddr_local chain of local-delivery addresses
1396 paddr_remote chain of remote-delivery addresses
1397 addr_new chain for newly created addresses
1398 addr_succeed chain for completed addresses
1399 verify v_none if not verifying
1400 v_sender if verifying a sender address
1401 v_recipient if verifying a recipient address
1402 v_expn if processing an EXPN address
1403
1404 Returns: OK => address successfully routed
1405 DISCARD => address was discarded
1406 FAIL => address could not be routed
1407 DEFER => some temporary problem
1408 ERROR => some major internal or configuration failure
1409 */
1410
1411 int
1412 route_address(address_item *addr, address_item **paddr_local,
1413 address_item **paddr_remote, address_item **addr_new,
1414 address_item **addr_succeed, int verify)
1415 {
1416 int yield = OK;
1417 BOOL unseen;
1418 router_instance *r, *nextr;
1419 uschar *old_domain = addr->domain;
1420
1421 HDEBUG(D_route)
1422 {
1423 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1424 debug_printf("routing %s\n", addr->address);
1425 }
1426
1427 /* Loop through all router instances until a router succeeds, fails, defers, or
1428 encounters an error. If the address has start_router set, we begin from there
1429 instead of at the first router. */
1430
1431 for (r = (addr->start_router == NULL)? routers : addr->start_router;
1432 r != NULL; r = nextr)
1433 {
1434 uschar *error;
1435 struct passwd *pw = NULL;
1436 struct passwd pwcopy;
1437 address_item *parent;
1438 BOOL loop_detected = FALSE;
1439 BOOL more;
1440 int loopcount = 0;
1441 int rc;
1442
1443 DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name);
1444
1445 /* Reset any search error message from the previous router. */
1446
1447 search_error_message = NULL;
1448
1449 /* There are some weird cases where logging is disabled */
1450
1451 disable_logging = r->disable_logging;
1452
1453 /* Record the last router to handle the address, and set the default
1454 next router. */
1455
1456 addr->router = r;
1457 nextr = r->next;
1458
1459 /* Loop protection: If this address has an ancestor with the same address,
1460 and that ancestor was routed by this router, we skip this router. This
1461 prevents a variety of looping states when a new address is created by
1462 redirection or by the use of "unseen" on a router.
1463
1464 If no_repeat_use is set on the router, we skip if _any_ ancestor was routed
1465 by this router, even if it was different to the current address.
1466
1467 Just in case someone does put it into a loop (possible with redirection
1468 continally adding to an address, for example), put a long stop counter on
1469 the number of parents. */
1470
1471 for (parent = addr->parent; parent != NULL; parent = parent->parent)
1472 {
1473 if (parent->router == r)
1474 {
1475 BOOL break_loop = !r->repeat_use;
1476
1477 /* When repeat_use is set, first check the active addresses caselessly.
1478 If they match, we have to do a further caseful check of the local parts
1479 when caseful_local_part is set. This is assumed to be rare, which is why
1480 the code is written this way. */
1481
1482 if (!break_loop)
1483 {
1484 break_loop = strcmpic(parent->address, addr->address) == 0;
1485 if (break_loop && r->caseful_local_part)
1486 break_loop = Ustrncmp(parent->address, addr->address,
1487 Ustrrchr(addr->address, '@') - addr->address) == 0;
1488 }
1489
1490 if (break_loop)
1491 {
1492 DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n",
1493 r->name, parent->address);
1494 loop_detected = TRUE;
1495 break;
1496 }
1497 }
1498
1499 /* Continue with parents, limiting the size of the dynasty. */
1500
1501 if (loopcount++ > 100)
1502 {
1503 log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address);
1504 yield = DEFER;
1505 goto ROUTE_EXIT;
1506 }
1507 }
1508
1509 if (loop_detected) continue;
1510
1511 /* Default no affixes and select whether to use a caseful or caseless local
1512 part in this router. */
1513
1514 addr->prefix = addr->suffix = NULL;
1515 addr->local_part = r->caseful_local_part?
1516 addr->cc_local_part : addr->lc_local_part;
1517
1518 DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part,
1519 addr->domain);
1520
1521 /* Handle any configured prefix by replacing the local_part address,
1522 and setting the prefix. Skip the router if the prefix doesn't match,
1523 unless the prefix is optional. */
1524
1525 if (r->prefix != NULL)
1526 {
1527 int plen = route_check_prefix(addr->local_part, r->prefix);
1528 if (plen > 0)
1529 {
1530 addr->prefix = string_copyn(addr->local_part, plen);
1531 addr->local_part += plen;
1532 DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1533 }
1534 else if (!r->prefix_optional)
1535 {
1536 DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n",
1537 r->name);
1538 continue;
1539 }
1540 }
1541
1542 /* Handle any configured suffix likewise. */
1543
1544 if (r->suffix != NULL)
1545 {
1546 int slen = route_check_suffix(addr->local_part, r->suffix);
1547 if (slen > 0)
1548 {
1549 int lplen = Ustrlen(addr->local_part) - slen;
1550 addr->suffix = addr->local_part + lplen;
1551 addr->local_part = string_copyn(addr->local_part, lplen);
1552 DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
1553 }
1554 else if (!r->suffix_optional)
1555 {
1556 DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n",
1557 r->name);
1558 continue;
1559 }
1560 }
1561
1562 /* Set the expansion variables now that we have the affixes and the case of
1563 the local part sorted. */
1564
1565 deliver_set_expansions(addr);
1566
1567 /* For convenience, the pre-router checks are in a separate function, which
1568 returns OK, SKIP, FAIL, or DEFER. */
1569
1570 if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1571 {
1572 if (rc == SKIP) continue;
1573 addr->message = error;
1574 yield = rc;
1575 goto ROUTE_EXIT;
1576 }
1577
1578 /* All pre-conditions have been met. Reset any search error message from
1579 pre-condition tests. These can arise in negated tests where the failure of
1580 the lookup leads to a TRUE pre-condition. */
1581
1582 search_error_message = NULL;
1583
1584 /* Finally, expand the address_data field in the router. Forced failure
1585 behaves as if the router declined. Any other failure is more serious. On
1586 success, the string is attached to the address for all subsequent processing.
1587 */
1588
1589 if (r->address_data != NULL)
1590 {
1591 DEBUG(D_route) debug_printf("processing address_data\n");
1592 deliver_address_data = expand_string(r->address_data);
1593 if (deliver_address_data == NULL)
1594 {
1595 if (expand_string_forcedfail)
1596 {
1597 DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" "
1598 "(address_data): decline action taken\n", r->address_data);
1599
1600 /* Expand "more" if necessary; DEFER => an expansion failed */
1601
1602 yield = exp_bool(addr, r->name, US"more", r->more, r->expand_more,
1603 &more);
1604 if (yield != OK) goto ROUTE_EXIT;
1605
1606 if (!more)
1607 {
1608 DEBUG(D_route)
1609 debug_printf("\"more\"=false: skipping remaining routers\n");
1610 r = NULL;
1611 break;
1612 }
1613 else continue; /* With next router */
1614 }
1615
1616 else
1617 {
1618 addr->message = string_sprintf("expansion of \"%s\" failed "
1619 "in %s router: %s", r->address_data, r->name, expand_string_message);
1620 yield = DEFER;
1621 goto ROUTE_EXIT;
1622 }
1623 }
1624 addr->p.address_data = deliver_address_data;
1625 }
1626
1627 /* We are finally cleared for take-off with this router. Clear the the flag
1628 that records that a local host was removed from a routed host list. Make a
1629 copy of relevant fields in the password information from check_local_user,
1630 because it will be overwritten if check_local_user is invoked again while
1631 verifying an errors_address setting. */
1632
1633 clearflag(addr, af_local_host_removed);
1634
1635 if (pw != NULL)
1636 {
1637 pwcopy.pw_name = CS string_copy(US pw->pw_name);
1638 pwcopy.pw_uid = pw->pw_uid;
1639 pwcopy.pw_gid = pw->pw_gid;
1640 pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos);
1641 pwcopy.pw_dir = CS string_copy(US pw->pw_dir);
1642 pwcopy.pw_shell = CS string_copy(US pw->pw_shell);
1643 pw = &pwcopy;
1644 }
1645
1646 /* Run the router, and handle the consequences. */
1647
1648 HDEBUG(D_route) debug_printf("calling %s router\n", r->name);
1649
1650 yield = (r->info->code)(r, addr, pw, verify != v_none, paddr_local,
1651 paddr_remote, addr_new, addr_succeed);
1652
1653 if (yield == FAIL)
1654 {
1655 HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
1656 goto ROUTE_EXIT;
1657 }
1658
1659 /* If succeeded while verifying but fail_verify is set, convert into
1660 a failure, and take it off the local or remote delivery list. */
1661
1662 if (((verify == v_sender && r->fail_verify_sender) ||
1663 (verify == v_recipient && r->fail_verify_recipient)) &&
1664 (yield == OK || yield == PASS))
1665 {
1666 addr->message = string_sprintf("%s router forced verify failure", r->name);
1667 if (*paddr_remote == addr) *paddr_remote = addr->next;
1668 if (*paddr_local == addr) *paddr_local = addr->next;
1669 yield = FAIL;
1670 goto ROUTE_EXIT;
1671 }
1672
1673 /* PASS and DECLINE are the only two cases where the loop continues. For all
1674 other returns, we break the loop and handle the result below. */
1675
1676 if (yield != PASS && yield != DECLINE) break;
1677
1678 HDEBUG(D_route)
1679 {
1680 debug_printf("%s router %s for %s\n", r->name,
1681 (yield == PASS)? "passed" : "declined", addr->address);
1682 if (Ustrcmp(old_domain, addr->domain) != 0)
1683 debug_printf("domain %s rewritten\n", old_domain);
1684 }
1685
1686 /* PASS always continues to another router; DECLINE does so if "more"
1687 is true. Initialization insists that pass_router is always a following
1688 router. Otherwise, break the loop as if at the end of the routers. */
1689
1690 if (yield == PASS)
1691 {
1692 if (r->pass_router != NULL) nextr = r->pass_router;
1693 }
1694 else
1695 {
1696 /* Expand "more" if necessary */
1697
1698 yield = exp_bool(addr, r->name, US"more", r->more, r->expand_more, &more);
1699 if (yield != OK) goto ROUTE_EXIT;
1700
1701 if (!more)
1702 {
1703 HDEBUG(D_route)
1704 debug_printf("\"more\" is false: skipping remaining routers\n");
1705 r = NULL;
1706 break;
1707 }
1708 }
1709 } /* Loop for all routers */
1710
1711 /* On exit from the routers loop, if r == NULL we have run out of routers,
1712 either genuinely, or as a result of no_more. Otherwise, the loop ended
1713 prematurely, either because a router succeeded, or because of some special
1714 router response. Note that FAIL errors and errors detected before actually
1715 running a router go direct to ROUTE_EXIT from code above. */
1716
1717 if (r == NULL)
1718 {
1719 HDEBUG(D_route) debug_printf("no more routers\n");
1720 if (addr->message == NULL)
1721 {
1722 uschar *message = US"Unrouteable address";
1723 if (addr->router != NULL && addr->router->cannot_route_message != NULL)
1724 {
1725 uschar *expmessage = expand_string(addr->router->cannot_route_message);
1726 if (expmessage == NULL)
1727 {
1728 if (!expand_string_forcedfail)
1729 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
1730 "cannot_route_message in %s router: %s", addr->router->name,
1731 expand_string_message);
1732 }
1733 else message = expmessage;
1734 }
1735 addr->user_message = addr->message = message;
1736 }
1737 addr->router = NULL; /* For logging */
1738 yield = FAIL;
1739 goto ROUTE_EXIT;
1740 }
1741
1742 if (yield == DEFER)
1743 {
1744 HDEBUG(D_route)
1745 {
1746 debug_printf("%s router: defer for %s\n", r->name, addr->address);
1747 debug_printf(" message: %s\n", (addr->message == NULL)?
1748 US"<none>" : addr->message);
1749 }
1750 goto ROUTE_EXIT;
1751 }
1752
1753 if (yield == DISCARD) goto ROUTE_EXIT;
1754
1755 /* The yield must be either OK or REROUTED. */
1756
1757 if (yield != OK && yield != REROUTED)
1758 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d",
1759 r->name, yield);
1760
1761 /* If the yield was REROUTED, the router put a child address on the new chain
1762 as a result of a domain change of some sort (widening, typically). */
1763
1764 if (yield == REROUTED)
1765 {
1766 HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address);
1767 yield = OK;
1768 goto ROUTE_EXIT;
1769 }
1770
1771 /* The only remaining possibility is that the router succeeded. If the
1772 translate_ip_address options is set and host addresses were associated with the
1773 address, run them through the translation. This feature is for weird and
1774 wonderful situations (the amateur packet radio people need it) or very broken
1775 networking, so it is included in the binary only if requested. */
1776
1777 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
1778
1779 if (r->translate_ip_address != NULL)
1780 {
1781 int rc;
1782 int old_pool = store_pool;
1783 host_item *h;
1784 for (h = addr->host_list; h != NULL; h = h->next)
1785 {
1786 uschar *newaddress;
1787 uschar *oldaddress, *oldname;
1788
1789 if (h->address == NULL) continue;
1790
1791 deliver_host_address = h->address;
1792 newaddress = expand_string(r->translate_ip_address);
1793 deliver_host_address = NULL;
1794
1795 if (newaddress == NULL)
1796 {
1797 if (expand_string_forcedfail) continue;
1798 addr->basic_errno = ERRNO_EXPANDFAIL;
1799 addr->message = string_sprintf("translate_ip_address expansion "
1800 "failed: %s", expand_string_message);
1801 yield = DEFER;
1802 goto ROUTE_EXIT;
1803 }
1804
1805 DEBUG(D_route) debug_printf("%s [%s] translated to %s\n",
1806 h->name, h->address, newaddress);
1807 if (string_is_ip_address(newaddress, NULL))
1808 {
1809 h->address = newaddress;
1810 continue;
1811 }
1812
1813 oldname = h->name;
1814 oldaddress = h->address;
1815 h->name = newaddress;
1816 h->address = NULL;
1817 h->mx = MX_NONE;
1818
1819 store_pool = POOL_PERM;
1820 rc = host_find_byname(h, NULL, NULL, TRUE);
1821 store_pool = old_pool;
1822
1823 if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN)
1824 {
1825 addr->basic_errno = ERRNO_UNKNOWNHOST;
1826 addr->message = string_sprintf("host %s not found when "
1827 "translating %s [%s]", h->name, oldname, oldaddress);
1828 yield = DEFER;
1829 goto ROUTE_EXIT;
1830 }
1831 }
1832 }
1833 #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */
1834
1835 /* See if this is an unseen routing; first expand the option if necessary.
1836 DEFER can be given if the expansion fails */
1837
1838 yield = exp_bool(addr, r->name, US"unseen", r->unseen, r->expand_unseen,
1839 &unseen);
1840 if (yield != OK) goto ROUTE_EXIT;
1841
1842
1843
1844 /* Debugging output recording a successful routing */
1845
1846 HDEBUG(D_route)
1847 {
1848 debug_printf("routed by %s router%s\n", r->name,
1849 unseen? " (unseen)" : "");
1850 }
1851
1852 DEBUG(D_route)
1853 {
1854 host_item *h;
1855
1856 debug_printf(" envelope to: %s\n", addr->address);
1857 debug_printf(" transport: %s\n", (addr->transport == NULL)?
1858 US"<none>" : addr->transport->name);
1859
1860 if (addr->p.errors_address != NULL)
1861 debug_printf(" errors to %s\n", addr->p.errors_address);
1862
1863 for (h = addr->host_list; h != NULL; h = h->next)
1864 {
1865 debug_printf(" host %s", h->name);
1866 if (h->address != NULL) debug_printf(" [%s]", h->address);
1867 if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
1868 else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
1869 if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
1870 debug_printf("\n");
1871 }
1872 }
1873
1874 /* Clear any temporary error message set by a router that declined, and handle
1875 the "unseen" option (ignore if there are no further routers). */
1876
1877 addr->message = NULL;
1878 if (unseen && r->next != NULL)
1879 route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new);
1880
1881 /* Unset the address expansions, and return the final result. */
1882
1883 ROUTE_EXIT:
1884 deliver_set_expansions(NULL);
1885 disable_logging = FALSE;
1886 return yield;
1887 }
1888
1889 /* End of route.c */
Unnamed repository; edit this file 'description' to name the repository.