projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make it easier to get SMTP authentication and TLS/SSL support working
[exim.git] / src / src / spool_in.c
1 /* $Cambridge: exim/src/src/spool_in.c,v 1.15 2006/02/07 11:19:00 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2006 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10 /* Functions for reading spool files. When compiling for a utility (eximon),
11 not all are needed, and some functionality can be cut out. */
12
13
14 #include "exim.h"
15
16
17
18 #ifndef COMPILE_UTILITY
19 /*************************************************
20 * Open and lock data file *
21 *************************************************/
22
23 /* The data file is the one that is used for locking, because the header file
24 can get replaced during delivery because of header rewriting. The file has
25 to opened with write access so that we can get an exclusive lock, but in
26 fact it won't be written to. Just in case there's a major disaster (e.g.
27 overwriting some other file descriptor with the value of this one), open it
28 with append.
29
30 Argument: the id of the message
31 Returns: TRUE if file successfully opened and locked
32
33 Side effect: deliver_datafile is set to the fd of the open file.
34 */
35
36 BOOL
37 spool_open_datafile(uschar *id)
38 {
39 int i;
40 struct stat statbuf;
41 flock_t lock_data;
42 uschar spoolname[256];
43
44 /* If split_spool_directory is set, first look for the file in the appropriate
45 sub-directory of the input directory. If it is not found there, try the input
46 directory itself, to pick up leftovers from before the splitting. If split_
47 spool_directory is not set, first look in the main input directory. If it is
48 not found there, try the split sub-directory, in case it is left over from a
49 splitting state. */
50
51 for (i = 0; i < 2; i++)
52 {
53 int save_errno;
54 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
55 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
56 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
57 if (deliver_datafile >= 0) break;
58 save_errno = errno;
59 if (errno == ENOENT)
60 {
61 if (i == 0) continue;
62 if (!queue_running)
63 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
64 }
65 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
66 strerror(errno));
67 errno = save_errno;
68 return FALSE;
69 }
70
71 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
72 the file. We lock only the first line of the file (containing the message ID)
73 because this apparently is needed for running Exim under Cygwin. If the entire
74 file is locked in one process, a sub-process cannot access it, even when passed
75 an open file descriptor (at least, I think that's the Cygwin story). On real
76 Unix systems it doesn't make any difference as long as Exim is consistent in
77 what it locks. */
78
79 (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
80 FD_CLOEXEC);
81
82 lock_data.l_type = F_WRLCK;
83 lock_data.l_whence = SEEK_SET;
84 lock_data.l_start = 0;
85 lock_data.l_len = SPOOL_DATA_START_OFFSET;
86
87 if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
88 {
89 log_write(L_skip_delivery,
90 LOG_MAIN,
91 "Spool file is locked (another process is handling this message)");
92 (void)close(deliver_datafile);
93 deliver_datafile = -1;
94 errno = 0;
95 return FALSE;
96 }
97
98 /* Get the size of the data; don't include the leading filename line
99 in the count, but add one for the newline before the data. */
100
101 if (fstat(deliver_datafile, &statbuf) == 0)
102 {
103 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
104 message_size = message_body_size + 1;
105 }
106
107 return TRUE;
108 }
109 #endif /* COMPILE_UTILITY */
110
111
112
113 /*************************************************
114 * Read non-recipients tree from spool file *
115 *************************************************/
116
117 /* The tree of non-recipients is written to the spool file in a form that
118 makes it easy to read back into a tree. The format is as follows:
119
120 . Each node is preceded by two letter(Y/N) indicating whether it has left
121 or right children. There's one space after the two flags, before the name.
122
123 . The left subtree (if any) then follows, then the right subtree (if any).
124
125 This function is entered with the next input line in the buffer. Note we must
126 save the right flag before recursing with the same buffer.
127
128 Once the tree is read, we re-construct the balance fields by scanning the tree.
129 I forgot to write them out originally, and the compatible fix is to do it this
130 way. This initial local recursing function does the necessary.
131
132 Arguments:
133 node tree node
134
135 Returns: maximum depth below the node, including the node itself
136 */
137
138 static int
139 count_below(tree_node *node)
140 {
141 int nleft, nright;
142 if (node == NULL) return 0;
143 nleft = count_below(node->left);
144 nright = count_below(node->right);
145 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
146 return 1 + ((nleft > nright)? nleft : nright);
147 }
148
149 /* This is the real function...
150
151 Arguments:
152 connect pointer to the root of the tree
153 f FILE to read data from
154 buffer contains next input line; further lines read into it
155 buffer_size size of the buffer
156
157 Returns: FALSE on format error
158 */
159
160 static BOOL
161 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
162 int buffer_size)
163 {
164 tree_node *node;
165 int n = Ustrlen(buffer);
166 BOOL right = buffer[1] == 'Y';
167
168 if (n < 5) return FALSE; /* malformed line */
169 buffer[n-1] = 0; /* Remove \n */
170 node = store_get(sizeof(tree_node) + n - 3);
171 *connect = node;
172 Ustrcpy(node->name, buffer + 3);
173 node->data.ptr = NULL;
174
175 if (buffer[0] == 'Y')
176 {
177 if (Ufgets(buffer, buffer_size, f) == NULL ||
178 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
179 return FALSE;
180 }
181 else node->left = NULL;
182
183 if (right)
184 {
185 if (Ufgets(buffer, buffer_size, f) == NULL ||
186 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
187 return FALSE;
188 }
189 else node->right = NULL;
190
191 (void) count_below(*connect);
192 return TRUE;
193 }
194
195
196
197
198 /*************************************************
199 * Read spool header file *
200 *************************************************/
201
202 /* This function reads a spool header file and places the data into the
203 appropriate global variables. The header portion is always read, but header
204 structures are built only if read_headers is set true. It isn't, for example,
205 while generating -bp output.
206
207 It may be possible for blocks of nulls (binary zeroes) to get written on the
208 end of a file if there is a system crash during writing. It was observed on an
209 earlier version of Exim that omitted to fsync() the files - this is thought to
210 have been the cause of that incident, but in any case, this code must be robust
211 against such an event, and if such a file is encountered, it must be treated as
212 malformed.
213
214 Arguments:
215 name name of the header file, including the -H
216 read_headers TRUE if in-store header structures are to be built
217 subdir_set TRUE is message_subdir is already set
218
219 Returns: spool_read_OK success
220 spool_read_notopen open failed
221 spool_read_enverror error in the envelope portion
222 spool_read_hdrdrror error in the header portion
223 */
224
225 int
226 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
227 {
228 FILE *f = NULL;
229 int n;
230 int rcount = 0;
231 long int uid, gid;
232 BOOL inheader = FALSE;
233 uschar *p;
234
235 /* Reset all the global variables to their default values. However, there is
236 one exception. DO NOT change the default value of dont_deliver, because it may
237 be forced by an external setting. */
238
239 for (n = 0; n < ACL_CVARS + ACL_MVARS; n++) acl_var[n] = NULL;
240
241 authenticated_id = NULL;
242 authenticated_sender = NULL;
243 allow_unqualified_recipient = FALSE;
244 allow_unqualified_sender = FALSE;
245 body_linecount = 0;
246 body_zerocount = 0;
247 deliver_firsttime = FALSE;
248 deliver_freeze = FALSE;
249 deliver_frozen_at = 0;
250 deliver_manual_thaw = FALSE;
251 /* dont_deliver must NOT be reset */
252 header_list = header_last = NULL;
253 host_lookup_deferred = FALSE;
254 host_lookup_failed = FALSE;
255 interface_address = NULL;
256 interface_port = 0;
257 local_error_message = FALSE;
258 local_scan_data = NULL;
259 message_linecount = 0;
260 received_protocol = NULL;
261 received_count = 0;
262 recipients_list = NULL;
263 sender_address = NULL;
264 sender_fullhost = NULL;
265 sender_helo_name = NULL;
266 sender_host_address = NULL;
267 sender_host_name = NULL;
268 sender_host_port = 0;
269 sender_host_authenticated = NULL;
270 sender_ident = NULL;
271 sender_local = FALSE;
272 sender_set_untrusted = FALSE;
273 smtp_active_hostname = primary_hostname;
274 tree_nonrecipients = NULL;
275
276 #ifdef EXPERIMENTAL_BRIGHTMAIL
277 bmi_run = 0;
278 bmi_verdicts = NULL;
279 #endif
280
281 #ifdef EXPERIMENTAL_DOMAINKEYS
282 dk_do_verify = 0;
283 #endif
284
285 #ifdef SUPPORT_TLS
286 tls_certificate_verified = FALSE;
287 tls_cipher = NULL;
288 tls_peerdn = NULL;
289 #endif
290
291 #ifdef WITH_CONTENT_SCAN
292 spam_score_int = NULL;
293 #endif
294
295 /* Generate the full name and open the file. If message_subdir is already
296 set, just look in the given directory. Otherwise, look in both the split
297 and unsplit directories, as for the data file above. */
298
299 for (n = 0; n < 2; n++)
300 {
301 if (!subdir_set)
302 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
303 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
304 name);
305 f = Ufopen(big_buffer, "rb");
306 if (f != NULL) break;
307 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
308 }
309
310 errno = 0;
311
312 #ifndef COMPILE_UTILITY
313 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
314 #endif /* COMPILE_UTILITY */
315
316 /* The first line of a spool file contains the message id followed by -H (i.e.
317 the file name), in order to make the file self-identifying. */
318
319 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
320 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
321 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
322 goto SPOOL_FORMAT_ERROR;
323
324 /* The next three lines in the header file are in a fixed format. The first
325 contains the login, uid, and gid of the user who caused the file to be written.
326 There are known cases where a negative gid is used, so we allow for both
327 negative uids and gids. The second contains the mail address of the message's
328 sender, enclosed in <>. The third contains the time the message was received,
329 and the number of warning messages for delivery delays that have been sent. */
330
331 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
332
333 p = big_buffer + Ustrlen(big_buffer);
334 while (p > big_buffer && isspace(p[-1])) p--;
335 *p = 0;
336 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
337 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
338 gid = Uatoi(p);
339 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
340 *p = 0;
341 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
342 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
343 uid = Uatoi(p);
344 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
345 *p = 0;
346
347 originator_login = string_copy(big_buffer);
348 originator_uid = (uid_t)uid;
349 originator_gid = (gid_t)gid;
350
351 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
352 n = Ustrlen(big_buffer);
353 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
354 goto SPOOL_FORMAT_ERROR;
355
356 sender_address = store_get(n-2);
357 Ustrncpy(sender_address, big_buffer+1, n-3);
358 sender_address[n-3] = 0;
359
360 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
361 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
362 goto SPOOL_FORMAT_ERROR;
363
364 message_age = time(NULL) - received_time;
365
366 #ifndef COMPILE_UTILITY
367 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
368 originator_login, (long int)originator_uid, (long int)originator_gid,
369 sender_address);
370 #endif /* COMPILE_UTILITY */
371
372 /* Now there may be a number of optional lines, each starting with "-".
373 If you add a new setting here, make sure you set the default above. */
374
375 for (;;)
376 {
377 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
378 if (big_buffer[0] != '-') break;
379 big_buffer[Ustrlen(big_buffer) - 1] = 0;
380
381 /* For backward compatibility, we recognize "-acl", which was used before the
382 number of ACL variables changed. Its variable number is 0-9 for connection
383 variables, and 10-19 for message variables. */
384
385 if (Ustrncmp(big_buffer, "-acl ", 5) == 0)
386 {
387 int index, count;
388 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
389 goto SPOOL_FORMAT_ERROR;
390 acl_var[index] = store_get(count + 1);
391 if (fread(acl_var[index], 1, count+1, f) < count) goto SPOOL_READ_ERROR;
392 acl_var[index][count] = 0;
393 }
394
395 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
396 variable, because Exim may be built with different numbers of them. */
397
398 else if (Ustrncmp(big_buffer, "-aclc ", 6) == 0)
399 {
400 int index, count;
401 if (sscanf(CS big_buffer + 6, "%d %d", &index, &count) != 2)
402 goto SPOOL_FORMAT_ERROR;
403 if (index < ACL_CVARS)
404 {
405 acl_var[index] = store_get(count + 1);
406 if (fread(acl_var[index], 1, count+1, f) < count) goto SPOOL_READ_ERROR;
407 acl_var[index][count] = 0;
408 }
409 }
410
411 else if (Ustrncmp(big_buffer, "-aclm ", 6) == 0)
412 {
413 int index, count;
414 if (sscanf(CS big_buffer + 6, "%d %d", &index, &count) != 2)
415 goto SPOOL_FORMAT_ERROR;
416 if (index < ACL_MVARS)
417 {
418 index += ACL_CVARS;
419 acl_var[index] = store_get(count + 1);
420 if (fread(acl_var[index], 1, count+1, f) < count) goto SPOOL_READ_ERROR;
421 acl_var[index][count] = 0;
422 }
423 }
424
425 /* Other values */
426
427 else if (Ustrcmp(big_buffer, "-local") == 0) sender_local = TRUE;
428 else if (Ustrcmp(big_buffer, "-localerror") == 0)
429 local_error_message = TRUE;
430 else if (Ustrncmp(big_buffer, "-local_scan ", 12) == 0)
431 local_scan_data = string_copy(big_buffer + 12);
432 #ifdef WITH_CONTENT_SCAN
433 else if (Ustrncmp(big_buffer, "-spam_score_int ", 16) == 0)
434 spam_score_int = string_copy(big_buffer + 16);
435 #endif
436 #ifdef EXPERIMENTAL_BRIGHTMAIL
437 else if (Ustrncmp(big_buffer, "-bmi_verdicts ", 14) == 0)
438 bmi_verdicts = string_copy(big_buffer + 14);
439 #endif
440 else if (Ustrcmp(big_buffer, "-host_lookup_deferred") == 0)
441 host_lookup_deferred = TRUE;
442 else if (Ustrcmp(big_buffer, "-host_lookup_failed") == 0)
443 host_lookup_failed = TRUE;
444 else if (Ustrncmp(big_buffer, "-body_linecount", 15) == 0)
445 body_linecount = Uatoi(big_buffer + 15);
446 else if (Ustrncmp(big_buffer, "-body_zerocount", 15) == 0)
447 body_zerocount = Uatoi(big_buffer + 15);
448 else if (Ustrncmp(big_buffer, "-frozen", 7) == 0)
449 {
450 deliver_freeze = TRUE;
451 deliver_frozen_at = Uatoi(big_buffer + 7);
452 }
453 else if (Ustrcmp(big_buffer, "-allow_unqualified_recipient") == 0)
454 allow_unqualified_recipient = TRUE;
455 else if (Ustrcmp(big_buffer, "-allow_unqualified_sender") == 0)
456 allow_unqualified_sender = TRUE;
457 else if (Ustrcmp(big_buffer, "-deliver_firsttime") == 0)
458 deliver_firsttime = TRUE;
459 else if (Ustrcmp(big_buffer, "-manual_thaw") == 0)
460 deliver_manual_thaw = TRUE;
461 else if (Ustrncmp(big_buffer, "-auth_id", 8) == 0)
462 authenticated_id = string_copy(big_buffer + 9);
463 else if (Ustrncmp(big_buffer, "-auth_sender", 12) == 0)
464 authenticated_sender = string_copy(big_buffer + 13);
465 else if (Ustrncmp(big_buffer, "-sender_set_untrusted", 21) == 0)
466 sender_set_untrusted = TRUE;
467
468 #ifdef SUPPORT_TLS
469 else if (Ustrncmp(big_buffer, "-tls_certificate_verified", 25) == 0)
470 tls_certificate_verified = TRUE;
471 else if (Ustrncmp(big_buffer, "-tls_cipher", 11) == 0)
472 tls_cipher = string_copy(big_buffer + 12);
473 else if (Ustrncmp(big_buffer, "-tls_peerdn", 11) == 0)
474 tls_peerdn = string_copy(big_buffer + 12);
475 #endif
476
477 /* We now record the port number after the address, separated by a
478 dot. For compatibility during upgrading, do nothing if there
479 isn't a value (it gets left at zero). */
480
481 else if (Ustrncmp(big_buffer, "-host_address", 13) == 0)
482 {
483 sender_host_port = host_address_extract_port(big_buffer + 14);
484 sender_host_address = string_copy(big_buffer + 14);
485 }
486
487 else if (Ustrncmp(big_buffer, "-interface_address", 18) == 0)
488 {
489 interface_port = host_address_extract_port(big_buffer + 19);
490 interface_address = string_copy(big_buffer + 19);
491 }
492
493 else if (Ustrncmp(big_buffer, "-active_hostname", 16) == 0)
494 smtp_active_hostname = string_copy(big_buffer + 17);
495 else if (Ustrncmp(big_buffer, "-host_auth", 10) == 0)
496 sender_host_authenticated = string_copy(big_buffer + 11);
497 else if (Ustrncmp(big_buffer, "-host_name", 10) == 0)
498 sender_host_name = string_copy(big_buffer + 11);
499 else if (Ustrncmp(big_buffer, "-helo_name", 10) == 0)
500 sender_helo_name = string_copy(big_buffer + 11);
501 else if (Ustrncmp(big_buffer, "-ident", 6) == 0)
502 sender_ident = string_copy(big_buffer + 7);
503 else if (Ustrncmp(big_buffer, "-received_protocol", 18) == 0)
504 received_protocol = string_copy(big_buffer + 19);
505 else if (Ustrncmp(big_buffer, "-N", 2) == 0)
506 dont_deliver = TRUE;
507
508 /* To allow new versions of Exim that add additional flags to interwork
509 with older versions that do not understand them, just ignore any flagged
510 lines that we don't recognize. Otherwise it wouldn't be possible to back
511 off a new version that left new-style flags written on the spool. That's
512 why the following line is commented out. */
513
514 /* else goto SPOOL_FORMAT_ERROR; */
515 }
516
517 /* Build sender_fullhost if required */
518
519 #ifndef COMPILE_UTILITY
520 host_build_sender_fullhost();
521 #endif /* COMPILE_UTILITY */
522
523 #ifndef COMPILE_UTILITY
524 DEBUG(D_deliver)
525 debug_printf("sender_local=%d ident=%s\n", sender_local,
526 (sender_ident == NULL)? US"unset" : sender_ident);
527 #endif /* COMPILE_UTILITY */
528
529 /* We now have the tree of addresses NOT to deliver to, or a line
530 containing "XX", indicating no tree. */
531
532 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
533 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
534 goto SPOOL_FORMAT_ERROR;
535
536 #ifndef COMPILE_UTILITY
537 DEBUG(D_deliver)
538 {
539 debug_printf("Non-recipients:\n");
540 debug_print_tree(tree_nonrecipients);
541 }
542 #endif /* COMPILE_UTILITY */
543
544 /* After reading the tree, the next line has not yet been read into the
545 buffer. It contains the count of recipients which follow on separate lines. */
546
547 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
548 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
549
550 #ifndef COMPILE_UTILITY
551 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
552 #endif /* COMPILE_UTILITY */
553
554 recipients_list_max = rcount;
555 recipients_list = store_get(rcount * sizeof(recipient_item));
556
557 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
558 {
559 int nn;
560 int pno = -1;
561 uschar *errors_to = NULL;
562 uschar *p;
563
564 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
565 nn = Ustrlen(big_buffer);
566 if (nn < 2) goto SPOOL_FORMAT_ERROR;
567
568 /* Remove the newline; this terminates the address if there is no additional
569 data on the line. */
570
571 p = big_buffer + nn - 1;
572 *p-- = 0;
573
574 /* Look back from the end of the line for digits and special terminators.
575 Since an address must end with a domain, we can tell that extra data is
576 present by the presence of the terminator, which is always some character
577 that cannot exist in a domain. (If I'd thought of the need for additional
578 data early on, I'd have put it at the start, with the address at the end. As
579 it is, we have to operate backwards. Addresses are permitted to contain
580 spaces, you see.)
581
582 This code has to cope with various versions of this data that have evolved
583 over time. In all cases, the line might just contain an address, with no
584 additional data. Otherwise, the possibilities are as follows:
585
586 Exim 3 type: <address><space><digits>,<digits>,<digits>
587
588 The second set of digits is the parent number for one_time addresses. The
589 other values were remnants of earlier experiments that were abandoned.
590
591 Exim 4 first type: <address><space><digits>
592
593 The digits are the parent number for one_time addresses.
594
595 Exim 4 new type: <address><space><data>#<type bits>
596
597 The type bits indicate what the contents of the data are.
598
599 Bit 01 indicates that, reading from right to left, the data
600 ends with <errors_to address><space><len>,<pno> where pno is
601 the parent number for one_time addresses, and len is the length
602 of the errors_to address (zero meaning none).
603 */
604
605 while (isdigit(*p)) p--;
606
607 /* Handle Exim 3 spool files */
608
609 if (*p == ',')
610 {
611 int dummy;
612 while (isdigit(*(--p)) || *p == ',');
613 if (*p == ' ')
614 {
615 *p++ = 0;
616 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
617 }
618 }
619
620 /* Handle early Exim 4 spool files */
621
622 else if (*p == ' ')
623 {
624 *p++ = 0;
625 (void)sscanf(CS p, "%d", &pno);
626 }
627
628 /* Handle current format Exim 4 spool files */
629
630 else if (*p == '#')
631 {
632 int flags;
633 (void)sscanf(CS p+1, "%d", &flags);
634
635 if ((flags & 0x01) != 0) /* one_time data exists */
636 {
637 int len;
638 while (isdigit(*(--p)) || *p == ',' || *p == '-');
639 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
640 *p = 0;
641 if (len > 0)
642 {
643 p -= len;
644 errors_to = string_copy(p);
645 }
646 }
647
648 *(--p) = 0; /* Terminate address */
649 }
650
651 recipients_list[recipients_count].address = string_copy(big_buffer);
652 recipients_list[recipients_count].pno = pno;
653 recipients_list[recipients_count].errors_to = errors_to;
654 }
655
656 /* The remainder of the spool header file contains the headers for the message,
657 separated off from the previous data by a blank line. Each header is preceded
658 by a count of its length and either a certain letter (for various identified
659 headers), space (for a miscellaneous live header) or an asterisk (for a header
660 that has been rewritten). Count the Received: headers. We read the headers
661 always, in order to check on the format of the file, but only create a header
662 list if requested to do so. */
663
664 inheader = TRUE;
665 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
666 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
667
668 while ((n = fgetc(f)) != EOF)
669 {
670 header_line *h;
671 uschar flag[4];
672 int i;
673
674 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
675 (void)ungetc(n, f);
676 (void)fscanf(f, "%d%c ", &n, flag);
677 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
678
679 if (read_headers)
680 {
681 h = store_get(sizeof(header_line));
682 h->next = NULL;
683 h->type = flag[0];
684 h->slen = n;
685 h->text = store_get(n+1);
686
687 if (h->type == htype_received) received_count++;
688
689 if (header_list == NULL) header_list = h;
690 else header_last->next = h;
691 header_last = h;
692
693 for (i = 0; i < n; i++)
694 {
695 int c = fgetc(f);
696 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
697 if (c == '\n' && h->type != htype_old) message_linecount++;
698 h->text[i] = c;
699 }
700 h->text[i] = 0;
701 }
702
703 /* Not requiring header data, just skip through the bytes */
704
705 else for (i = 0; i < n; i++)
706 {
707 int c = fgetc(f);
708 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
709 }
710 }
711
712 /* We have successfully read the data in the header file. Update the message
713 line count by adding the body linecount to the header linecount. Close the file
714 and give a positive response. */
715
716 #ifndef COMPILE_UTILITY
717 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
718 body_linecount, message_linecount);
719 #endif /* COMPILE_UTILITY */
720
721 message_linecount += body_linecount;
722
723 fclose(f);
724 return spool_read_OK;
725
726
727 /* There was an error reading the spool or there was missing data,
728 or there was a format error. A "read error" with no errno means an
729 unexpected EOF, which we treat as a format error. */
730
731 SPOOL_READ_ERROR:
732 if (errno != 0)
733 {
734 n = errno;
735
736 #ifndef COMPILE_UTILITY
737 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
738 #endif /* COMPILE_UTILITY */
739
740 fclose(f);
741 errno = n;
742 return inheader? spool_read_hdrerror : spool_read_enverror;
743 }
744
745 SPOOL_FORMAT_ERROR:
746
747 #ifndef COMPILE_UTILITY
748 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
749 #endif /* COMPILE_UTILITY */
750
751 fclose(f);
752 errno = ERRNO_SPOOLFORMAT;
753 return inheader? spool_read_hdrerror : spool_read_enverror;
754 }
755
756 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.