projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UTF8: mua_wrapper
[exim.git] / src / src / spool_in.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
10
11
12 #include "exim.h"
13
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
20
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
26 with append.
27
28 Argument: the id of the message
29 Returns: TRUE if file successfully opened and locked
30
31 Side effect: deliver_datafile is set to the fd of the open file.
32 */
33
34 BOOL
35 spool_open_datafile(uschar *id)
36 {
37 int i;
38 struct stat statbuf;
39 flock_t lock_data;
40 uschar spoolname[256];
41
42 /* If split_spool_directory is set, first look for the file in the appropriate
43 sub-directory of the input directory. If it is not found there, try the input
44 directory itself, to pick up leftovers from before the splitting. If split_
45 spool_directory is not set, first look in the main input directory. If it is
46 not found there, try the split sub-directory, in case it is left over from a
47 splitting state. */
48
49 for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70 the file. We lock only the first line of the file (containing the message ID)
71 because this apparently is needed for running Exim under Cygwin. If the entire
72 file is locked in one process, a sub-process cannot access it, even when passed
73 an open file descriptor (at least, I think that's the Cygwin story). On real
74 Unix systems it doesn't make any difference as long as Exim is consistent in
75 what it locks. */
76
77 (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
78 FD_CLOEXEC);
79
80 lock_data.l_type = F_WRLCK;
81 lock_data.l_whence = SEEK_SET;
82 lock_data.l_start = 0;
83 lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85 if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
90 (void)close(deliver_datafile);
91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96 /* Get the size of the data; don't include the leading filename line
97 in the count, but add one for the newline before the data. */
98
99 if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105 return TRUE;
106 }
107 #endif /* COMPILE_UTILITY */
108
109
110
111 /*************************************************
112 * Read non-recipients tree from spool file *
113 *************************************************/
114
115 /* The tree of non-recipients is written to the spool file in a form that
116 makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123 This function is entered with the next input line in the buffer. Note we must
124 save the right flag before recursing with the same buffer.
125
126 Once the tree is read, we re-construct the balance fields by scanning the tree.
127 I forgot to write them out originally, and the compatible fix is to do it this
128 way. This initial local recursing function does the necessary.
129
130 Arguments:
131 node tree node
132
133 Returns: maximum depth below the node, including the node itself
134 */
135
136 static int
137 count_below(tree_node *node)
138 {
139 int nleft, nright;
140 if (node == NULL) return 0;
141 nleft = count_below(node->left);
142 nright = count_below(node->right);
143 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144 return 1 + ((nleft > nright)? nleft : nright);
145 }
146
147 /* This is the real function...
148
149 Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155 Returns: FALSE on format error
156 */
157
158 static BOOL
159 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161 {
162 tree_node *node;
163 int n = Ustrlen(buffer);
164 BOOL right = buffer[1] == 'Y';
165
166 if (n < 5) return FALSE; /* malformed line */
167 buffer[n-1] = 0; /* Remove \n */
168 node = store_get(sizeof(tree_node) + n - 3);
169 *connect = node;
170 Ustrcpy(node->name, buffer + 3);
171 node->data.ptr = NULL;
172
173 if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179 else node->left = NULL;
180
181 if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187 else node->right = NULL;
188
189 (void) count_below(*connect);
190 return TRUE;
191 }
192
193
194
195
196 /*************************************************
197 * Read spool header file *
198 *************************************************/
199
200 /* This function reads a spool header file and places the data into the
201 appropriate global variables. The header portion is always read, but header
202 structures are built only if read_headers is set true. It isn't, for example,
203 while generating -bp output.
204
205 It may be possible for blocks of nulls (binary zeroes) to get written on the
206 end of a file if there is a system crash during writing. It was observed on an
207 earlier version of Exim that omitted to fsync() the files - this is thought to
208 have been the cause of that incident, but in any case, this code must be robust
209 against such an event, and if such a file is encountered, it must be treated as
210 malformed.
211
212 Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217 Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221 */
222
223 int
224 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225 {
226 FILE *f = NULL;
227 int n;
228 int rcount = 0;
229 long int uid, gid;
230 BOOL inheader = FALSE;
231 uschar *p;
232
233 /* Reset all the global variables to their default values. However, there is
234 one exception. DO NOT change the default value of dont_deliver, because it may
235 be forced by an external setting. */
236
237 acl_var_c = acl_var_m = NULL;
238 authenticated_id = NULL;
239 authenticated_sender = NULL;
240 allow_unqualified_recipient = FALSE;
241 allow_unqualified_sender = FALSE;
242 body_linecount = 0;
243 body_zerocount = 0;
244 deliver_firsttime = FALSE;
245 deliver_freeze = FALSE;
246 deliver_frozen_at = 0;
247 deliver_manual_thaw = FALSE;
248 /* dont_deliver must NOT be reset */
249 header_list = header_last = NULL;
250 host_lookup_deferred = FALSE;
251 host_lookup_failed = FALSE;
252 interface_address = NULL;
253 interface_port = 0;
254 local_error_message = FALSE;
255 local_scan_data = NULL;
256 max_received_linelength = 0;
257 message_linecount = 0;
258 received_protocol = NULL;
259 received_count = 0;
260 recipients_list = NULL;
261 sender_address = NULL;
262 sender_fullhost = NULL;
263 sender_helo_name = NULL;
264 sender_host_address = NULL;
265 sender_host_name = NULL;
266 sender_host_port = 0;
267 sender_host_authenticated = NULL;
268 sender_ident = NULL;
269 sender_local = FALSE;
270 sender_set_untrusted = FALSE;
271 smtp_active_hostname = primary_hostname;
272 tree_nonrecipients = NULL;
273
274 #ifdef EXPERIMENTAL_BRIGHTMAIL
275 bmi_run = 0;
276 bmi_verdicts = NULL;
277 #endif
278
279 #ifndef DISABLE_DKIM
280 dkim_signers = NULL;
281 dkim_disable_verify = FALSE;
282 dkim_collect_input = FALSE;
283 #endif
284
285 #ifdef SUPPORT_TLS
286 tls_in.certificate_verified = FALSE;
287 # ifdef EXPERIMENTAL_DANE
288 tls_in.dane_verified = FALSE;
289 # endif
290 tls_in.cipher = NULL;
291 tls_in.ourcert = NULL;
292 tls_in.peercert = NULL;
293 tls_in.peerdn = NULL;
294 tls_in.sni = NULL;
295 tls_in.ocsp = OCSP_NOT_REQ;
296 #endif
297
298 #ifdef WITH_CONTENT_SCAN
299 spam_score_int = NULL;
300 #endif
301
302 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
303 message_smtputf8 = FALSE;
304 message_utf8_downconvert = 0;
305 #endif
306
307 dsn_ret = 0;
308 dsn_envid = NULL;
309
310 /* Generate the full name and open the file. If message_subdir is already
311 set, just look in the given directory. Otherwise, look in both the split
312 and unsplit directories, as for the data file above. */
313
314 for (n = 0; n < 2; n++)
315 {
316 if (!subdir_set)
317 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
318 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
319 name);
320 f = Ufopen(big_buffer, "rb");
321 if (f != NULL) break;
322 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
323 }
324
325 errno = 0;
326
327 #ifndef COMPILE_UTILITY
328 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
329 #endif /* COMPILE_UTILITY */
330
331 /* The first line of a spool file contains the message id followed by -H (i.e.
332 the file name), in order to make the file self-identifying. */
333
334 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
335 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
336 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
337 goto SPOOL_FORMAT_ERROR;
338
339 /* The next three lines in the header file are in a fixed format. The first
340 contains the login, uid, and gid of the user who caused the file to be written.
341 There are known cases where a negative gid is used, so we allow for both
342 negative uids and gids. The second contains the mail address of the message's
343 sender, enclosed in <>. The third contains the time the message was received,
344 and the number of warning messages for delivery delays that have been sent. */
345
346 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
347
348 p = big_buffer + Ustrlen(big_buffer);
349 while (p > big_buffer && isspace(p[-1])) p--;
350 *p = 0;
351 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
352 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
353 gid = Uatoi(p);
354 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
355 *p = 0;
356 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
357 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
358 uid = Uatoi(p);
359 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
360 *p = 0;
361
362 originator_login = string_copy(big_buffer);
363 originator_uid = (uid_t)uid;
364 originator_gid = (gid_t)gid;
365
366 /* envelope from */
367 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
368 n = Ustrlen(big_buffer);
369 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
370 goto SPOOL_FORMAT_ERROR;
371
372 sender_address = store_get(n-2);
373 Ustrncpy(sender_address, big_buffer+1, n-3);
374 sender_address[n-3] = 0;
375
376 /* time */
377 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
378 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
379 goto SPOOL_FORMAT_ERROR;
380
381 message_age = time(NULL) - received_time;
382
383 #ifndef COMPILE_UTILITY
384 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
385 originator_login, (long int)originator_uid, (long int)originator_gid,
386 sender_address);
387 #endif /* COMPILE_UTILITY */
388
389 /* Now there may be a number of optional lines, each starting with "-". If you
390 add a new setting here, make sure you set the default above.
391
392 Because there are now quite a number of different possibilities, we use a
393 switch on the first character to avoid too many failing tests. Thanks to Nico
394 Erfurth for the patch that implemented this. I have made it even more efficient
395 by not re-scanning the first two characters.
396
397 To allow new versions of Exim that add additional flags to interwork with older
398 versions that do not understand them, just ignore any lines starting with "-"
399 that we don't recognize. Otherwise it wouldn't be possible to back off a new
400 version that left new-style flags written on the spool. */
401
402 p = big_buffer + 2;
403 for (;;)
404 {
405 int len;
406 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
407 if (big_buffer[0] != '-') break;
408 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
409 && big_buffer[len-1] != '\n'
410 )
411 { /* buffer not big enough for line; certs make this possible */
412 uschar * buf;
413 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
414 buf = store_get_perm(big_buffer_size *= 2);
415 memcpy(buf, big_buffer, --len);
416 big_buffer = buf;
417 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
418 goto SPOOL_READ_ERROR;
419 }
420 big_buffer[len-1] = 0;
421
422 switch(big_buffer[1])
423 {
424 case 'a':
425
426 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
427 variable, because Exim allows any number of them, with arbitrary names.
428 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
429 the c or m. */
430
431 if (Ustrncmp(p, "clc ", 4) == 0 ||
432 Ustrncmp(p, "clm ", 4) == 0)
433 {
434 uschar *name, *endptr;
435 int count;
436 tree_node *node;
437 endptr = Ustrchr(big_buffer + 6, ' ');
438 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
439 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
440 big_buffer + 6);
441 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
442 node = acl_var_create(name);
443 node->data.ptr = store_get(count + 1);
444 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
445 ((uschar*)node->data.ptr)[count] = 0;
446 }
447
448 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
449 allow_unqualified_recipient = TRUE;
450 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
451 allow_unqualified_sender = TRUE;
452
453 else if (Ustrncmp(p, "uth_id", 6) == 0)
454 authenticated_id = string_copy(big_buffer + 9);
455 else if (Ustrncmp(p, "uth_sender", 10) == 0)
456 authenticated_sender = string_copy(big_buffer + 13);
457 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
458 smtp_active_hostname = string_copy(big_buffer + 17);
459
460 /* For long-term backward compatibility, we recognize "-acl", which was
461 used before the number of ACL variables changed from 10 to 20. This was
462 before the subsequent change to an arbitrary number of named variables.
463 This code is retained so that upgrades from very old versions can still
464 handle old-format spool files. The value given after "-acl" is a number
465 that is 0-9 for connection variables, and 10-19 for message variables. */
466
467 else if (Ustrncmp(p, "cl ", 3) == 0)
468 {
469 int index, count;
470 uschar name[20]; /* Need plenty of space for %d format */
471 tree_node *node;
472 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
473 goto SPOOL_FORMAT_ERROR;
474 if (index < 10)
475 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
476 else if (index < 20) /* ignore out-of-range index */
477 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
478 node = acl_var_create(name);
479 node->data.ptr = store_get(count + 1);
480 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
481 ((uschar*)node->data.ptr)[count] = 0;
482 }
483 break;
484
485 case 'b':
486 if (Ustrncmp(p, "ody_linecount", 13) == 0)
487 body_linecount = Uatoi(big_buffer + 15);
488 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
489 body_zerocount = Uatoi(big_buffer + 15);
490 #ifdef EXPERIMENTAL_BRIGHTMAIL
491 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
492 bmi_verdicts = string_copy(big_buffer + 14);
493 #endif
494 break;
495
496 case 'd':
497 if (Ustrcmp(p, "eliver_firsttime") == 0)
498 deliver_firsttime = TRUE;
499 /* Check if the dsn flags have been set in the header file */
500 else if (Ustrncmp(p, "sn_ret", 6) == 0)
501 dsn_ret= atoi(CS big_buffer + 8);
502 else if (Ustrncmp(p, "sn_envid", 8) == 0)
503 dsn_envid = string_copy(big_buffer + 11);
504 break;
505
506 case 'f':
507 if (Ustrncmp(p, "rozen", 5) == 0)
508 {
509 deliver_freeze = TRUE;
510 sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
511 }
512 break;
513
514 case 'h':
515 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
516 host_lookup_deferred = TRUE;
517 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
518 host_lookup_failed = TRUE;
519 else if (Ustrncmp(p, "ost_auth", 8) == 0)
520 sender_host_authenticated = string_copy(big_buffer + 11);
521 else if (Ustrncmp(p, "ost_name", 8) == 0)
522 sender_host_name = string_copy(big_buffer + 11);
523 else if (Ustrncmp(p, "elo_name", 8) == 0)
524 sender_helo_name = string_copy(big_buffer + 11);
525
526 /* We now record the port number after the address, separated by a
527 dot. For compatibility during upgrading, do nothing if there
528 isn't a value (it gets left at zero). */
529
530 else if (Ustrncmp(p, "ost_address", 11) == 0)
531 {
532 sender_host_port = host_address_extract_port(big_buffer + 14);
533 sender_host_address = string_copy(big_buffer + 14);
534 }
535 break;
536
537 case 'i':
538 if (Ustrncmp(p, "nterface_address", 16) == 0)
539 {
540 interface_port = host_address_extract_port(big_buffer + 19);
541 interface_address = string_copy(big_buffer + 19);
542 }
543 else if (Ustrncmp(p, "dent", 4) == 0)
544 sender_ident = string_copy(big_buffer + 7);
545 break;
546
547 case 'l':
548 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
549 else if (Ustrcmp(big_buffer, "-localerror") == 0)
550 local_error_message = TRUE;
551 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
552 local_scan_data = string_copy(big_buffer + 12);
553 break;
554
555 case 'm':
556 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
557 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
558 max_received_linelength = Uatoi(big_buffer + 24);
559 break;
560
561 case 'N':
562 if (*p == 0) dont_deliver = TRUE; /* -N */
563 break;
564
565 case 'r':
566 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
567 received_protocol = string_copy(big_buffer + 19);
568 break;
569
570 case 's':
571 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
572 sender_set_untrusted = TRUE;
573 #ifdef WITH_CONTENT_SCAN
574 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
575 spam_score_int = string_copy(big_buffer + 16);
576 #endif
577 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
578 else if (Ustrncmp(p, "mtputf8", 7) == 0)
579 message_smtputf8 = TRUE;
580 #endif
581 break;
582
583 #ifdef SUPPORT_TLS
584 case 't':
585 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
586 tls_in.certificate_verified = TRUE;
587 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
588 tls_in.cipher = string_copy(big_buffer + 12);
589 # ifndef COMPILE_UTILITY /* tls support fns not built in */
590 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
591 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
592 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
593 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
594 # endif
595 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
596 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
597 else if (Ustrncmp(p, "ls_sni", 6) == 0)
598 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
599 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
600 tls_in.ocsp = big_buffer[10] - '0';
601 break;
602 #endif
603
604 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
605 case 'u':
606 if (Ustrncmp(p, "tf8_downcvt", 11) == 0)
607 message_utf8_downconvert = 1;
608 else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0)
609 message_utf8_downconvert = -1;
610 break;
611 #endif
612
613 default: /* Present because some compilers complain if all */
614 break; /* possibilities are not covered. */
615 }
616 }
617
618 /* Build sender_fullhost if required */
619
620 #ifndef COMPILE_UTILITY
621 host_build_sender_fullhost();
622 #endif /* COMPILE_UTILITY */
623
624 #ifndef COMPILE_UTILITY
625 DEBUG(D_deliver)
626 debug_printf("sender_local=%d ident=%s\n", sender_local,
627 (sender_ident == NULL)? US"unset" : sender_ident);
628 #endif /* COMPILE_UTILITY */
629
630 /* We now have the tree of addresses NOT to deliver to, or a line
631 containing "XX", indicating no tree. */
632
633 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
634 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
635 goto SPOOL_FORMAT_ERROR;
636
637 #ifndef COMPILE_UTILITY
638 DEBUG(D_deliver)
639 {
640 debug_printf("Non-recipients:\n");
641 debug_print_tree(tree_nonrecipients);
642 }
643 #endif /* COMPILE_UTILITY */
644
645 /* After reading the tree, the next line has not yet been read into the
646 buffer. It contains the count of recipients which follow on separate lines. */
647
648 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
649 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
650
651 #ifndef COMPILE_UTILITY
652 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
653 #endif /* COMPILE_UTILITY */
654
655 recipients_list_max = rcount;
656 recipients_list = store_get(rcount * sizeof(recipient_item));
657
658 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
659 {
660 int nn;
661 int pno = -1;
662 int dsn_flags = 0;
663 uschar *orcpt = NULL;
664 uschar *errors_to = NULL;
665 uschar *p;
666
667 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
668 nn = Ustrlen(big_buffer);
669 if (nn < 2) goto SPOOL_FORMAT_ERROR;
670
671 /* Remove the newline; this terminates the address if there is no additional
672 data on the line. */
673
674 p = big_buffer + nn - 1;
675 *p-- = 0;
676
677 /* Look back from the end of the line for digits and special terminators.
678 Since an address must end with a domain, we can tell that extra data is
679 present by the presence of the terminator, which is always some character
680 that cannot exist in a domain. (If I'd thought of the need for additional
681 data early on, I'd have put it at the start, with the address at the end. As
682 it is, we have to operate backwards. Addresses are permitted to contain
683 spaces, you see.)
684
685 This code has to cope with various versions of this data that have evolved
686 over time. In all cases, the line might just contain an address, with no
687 additional data. Otherwise, the possibilities are as follows:
688
689 Exim 3 type: <address><space><digits>,<digits>,<digits>
690
691 The second set of digits is the parent number for one_time addresses. The
692 other values were remnants of earlier experiments that were abandoned.
693
694 Exim 4 first type: <address><space><digits>
695
696 The digits are the parent number for one_time addresses.
697
698 Exim 4 new type: <address><space><data>#<type bits>
699
700 The type bits indicate what the contents of the data are.
701
702 Bit 01 indicates that, reading from right to left, the data
703 ends with <errors_to address><space><len>,<pno> where pno is
704 the parent number for one_time addresses, and len is the length
705 of the errors_to address (zero meaning none).
706
707 Bit 02 indicates that, again reading from right to left, the data continues
708 with orcpt len(orcpt),dsn_flags
709 */
710
711 while (isdigit(*p)) p--;
712
713 /* Handle Exim 3 spool files */
714
715 if (*p == ',')
716 {
717 int dummy;
718 while (isdigit(*(--p)) || *p == ',');
719 if (*p == ' ')
720 {
721 *p++ = 0;
722 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
723 }
724 }
725
726 /* Handle early Exim 4 spool files */
727
728 else if (*p == ' ')
729 {
730 *p++ = 0;
731 (void)sscanf(CS p, "%d", &pno);
732 }
733
734 /* Handle current format Exim 4 spool files */
735
736 else if (*p == '#')
737 {
738 int flags;
739
740 #if !defined (COMPILE_UTILITY)
741 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
742 #endif
743
744 (void)sscanf(CS p+1, "%d", &flags);
745
746 if ((flags & 0x01) != 0) /* one_time data exists */
747 {
748 int len;
749 while (isdigit(*(--p)) || *p == ',' || *p == '-');
750 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
751 *p = 0;
752 if (len > 0)
753 {
754 p -= len;
755 errors_to = string_copy(p);
756 }
757 }
758
759 *(--p) = 0; /* Terminate address */
760 if ((flags & 0x02) != 0) /* one_time data exists */
761 {
762 int len;
763 while (isdigit(*(--p)) || *p == ',' || *p == '-');
764 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
765 *p = 0;
766 if (len > 0)
767 {
768 p -= len;
769 orcpt = string_copy(p);
770 }
771 }
772
773 *(--p) = 0; /* Terminate address */
774 }
775 #if !defined(COMPILE_UTILITY)
776 else
777 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
778
779 if ((orcpt != NULL) || (dsn_flags != 0))
780 {
781 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
782 big_buffer, orcpt, dsn_flags);
783 }
784 if (errors_to != NULL)
785 {
786 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
787 big_buffer, errors_to);
788 }
789 #endif
790
791 recipients_list[recipients_count].address = string_copy(big_buffer);
792 recipients_list[recipients_count].pno = pno;
793 recipients_list[recipients_count].errors_to = errors_to;
794 recipients_list[recipients_count].orcpt = orcpt;
795 recipients_list[recipients_count].dsn_flags = dsn_flags;
796 }
797
798 /* The remainder of the spool header file contains the headers for the message,
799 separated off from the previous data by a blank line. Each header is preceded
800 by a count of its length and either a certain letter (for various identified
801 headers), space (for a miscellaneous live header) or an asterisk (for a header
802 that has been rewritten). Count the Received: headers. We read the headers
803 always, in order to check on the format of the file, but only create a header
804 list if requested to do so. */
805
806 inheader = TRUE;
807 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
808 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
809
810 while ((n = fgetc(f)) != EOF)
811 {
812 header_line *h;
813 uschar flag[4];
814 int i;
815
816 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
817 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
818 goto SPOOL_READ_ERROR;
819 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
820
821 if (read_headers)
822 {
823 h = store_get(sizeof(header_line));
824 h->next = NULL;
825 h->type = flag[0];
826 h->slen = n;
827 h->text = store_get(n+1);
828
829 if (h->type == htype_received) received_count++;
830
831 if (header_list == NULL) header_list = h;
832 else header_last->next = h;
833 header_last = h;
834
835 for (i = 0; i < n; i++)
836 {
837 int c = fgetc(f);
838 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
839 if (c == '\n' && h->type != htype_old) message_linecount++;
840 h->text[i] = c;
841 }
842 h->text[i] = 0;
843 }
844
845 /* Not requiring header data, just skip through the bytes */
846
847 else for (i = 0; i < n; i++)
848 {
849 int c = fgetc(f);
850 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
851 }
852 }
853
854 /* We have successfully read the data in the header file. Update the message
855 line count by adding the body linecount to the header linecount. Close the file
856 and give a positive response. */
857
858 #ifndef COMPILE_UTILITY
859 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
860 body_linecount, message_linecount);
861 #endif /* COMPILE_UTILITY */
862
863 message_linecount += body_linecount;
864
865 fclose(f);
866 return spool_read_OK;
867
868
869 /* There was an error reading the spool or there was missing data,
870 or there was a format error. A "read error" with no errno means an
871 unexpected EOF, which we treat as a format error. */
872
873 SPOOL_READ_ERROR:
874 if (errno != 0)
875 {
876 n = errno;
877
878 #ifndef COMPILE_UTILITY
879 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
880 #endif /* COMPILE_UTILITY */
881
882 fclose(f);
883 errno = n;
884 return inheader? spool_read_hdrerror : spool_read_enverror;
885 }
886
887 SPOOL_FORMAT_ERROR:
888
889 #ifndef COMPILE_UTILITY
890 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
891 #endif /* COMPILE_UTILITY */
892
893 fclose(f);
894 errno = ERRNO_SPOOLFORMAT;
895 return inheader? spool_read_hdrerror : spool_read_enverror;
896 }
897
898 /* vi: aw ai sw=2
899 */
900 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.