projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Before importing a certificate, free any previous one. Bug 1648
[exim.git] / src / src / spool_in.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2015 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
10
11
12 #include "exim.h"
13
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
20
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
26 with append.
27
28 Argument: the id of the message
29 Returns: TRUE if file successfully opened and locked
30
31 Side effect: deliver_datafile is set to the fd of the open file.
32 */
33
34 BOOL
35 spool_open_datafile(uschar *id)
36 {
37 int i;
38 struct stat statbuf;
39 flock_t lock_data;
40 uschar spoolname[256];
41
42 /* If split_spool_directory is set, first look for the file in the appropriate
43 sub-directory of the input directory. If it is not found there, try the input
44 directory itself, to pick up leftovers from before the splitting. If split_
45 spool_directory is not set, first look in the main input directory. If it is
46 not found there, try the split sub-directory, in case it is left over from a
47 splitting state. */
48
49 for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70 the file. We lock only the first line of the file (containing the message ID)
71 because this apparently is needed for running Exim under Cygwin. If the entire
72 file is locked in one process, a sub-process cannot access it, even when passed
73 an open file descriptor (at least, I think that's the Cygwin story). On real
74 Unix systems it doesn't make any difference as long as Exim is consistent in
75 what it locks. */
76
77 (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
78 FD_CLOEXEC);
79
80 lock_data.l_type = F_WRLCK;
81 lock_data.l_whence = SEEK_SET;
82 lock_data.l_start = 0;
83 lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85 if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
90 (void)close(deliver_datafile);
91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96 /* Get the size of the data; don't include the leading filename line
97 in the count, but add one for the newline before the data. */
98
99 if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105 return TRUE;
106 }
107 #endif /* COMPILE_UTILITY */
108
109
110
111 /*************************************************
112 * Read non-recipients tree from spool file *
113 *************************************************/
114
115 /* The tree of non-recipients is written to the spool file in a form that
116 makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123 This function is entered with the next input line in the buffer. Note we must
124 save the right flag before recursing with the same buffer.
125
126 Once the tree is read, we re-construct the balance fields by scanning the tree.
127 I forgot to write them out originally, and the compatible fix is to do it this
128 way. This initial local recursing function does the necessary.
129
130 Arguments:
131 node tree node
132
133 Returns: maximum depth below the node, including the node itself
134 */
135
136 static int
137 count_below(tree_node *node)
138 {
139 int nleft, nright;
140 if (node == NULL) return 0;
141 nleft = count_below(node->left);
142 nright = count_below(node->right);
143 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144 return 1 + ((nleft > nright)? nleft : nright);
145 }
146
147 /* This is the real function...
148
149 Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155 Returns: FALSE on format error
156 */
157
158 static BOOL
159 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161 {
162 tree_node *node;
163 int n = Ustrlen(buffer);
164 BOOL right = buffer[1] == 'Y';
165
166 if (n < 5) return FALSE; /* malformed line */
167 buffer[n-1] = 0; /* Remove \n */
168 node = store_get(sizeof(tree_node) + n - 3);
169 *connect = node;
170 Ustrcpy(node->name, buffer + 3);
171 node->data.ptr = NULL;
172
173 if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179 else node->left = NULL;
180
181 if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187 else node->right = NULL;
188
189 (void) count_below(*connect);
190 return TRUE;
191 }
192
193
194
195
196 /*************************************************
197 * Read spool header file *
198 *************************************************/
199
200 /* This function reads a spool header file and places the data into the
201 appropriate global variables. The header portion is always read, but header
202 structures are built only if read_headers is set true. It isn't, for example,
203 while generating -bp output.
204
205 It may be possible for blocks of nulls (binary zeroes) to get written on the
206 end of a file if there is a system crash during writing. It was observed on an
207 earlier version of Exim that omitted to fsync() the files - this is thought to
208 have been the cause of that incident, but in any case, this code must be robust
209 against such an event, and if such a file is encountered, it must be treated as
210 malformed.
211
212 Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217 Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221 */
222
223 int
224 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225 {
226 FILE *f = NULL;
227 int n;
228 int rcount = 0;
229 long int uid, gid;
230 BOOL inheader = FALSE;
231 uschar *p;
232
233 /* Reset all the global variables to their default values. However, there is
234 one exception. DO NOT change the default value of dont_deliver, because it may
235 be forced by an external setting. */
236
237 acl_var_c = acl_var_m = NULL;
238 authenticated_id = NULL;
239 authenticated_sender = NULL;
240 allow_unqualified_recipient = FALSE;
241 allow_unqualified_sender = FALSE;
242 body_linecount = 0;
243 body_zerocount = 0;
244 deliver_firsttime = FALSE;
245 deliver_freeze = FALSE;
246 deliver_frozen_at = 0;
247 deliver_manual_thaw = FALSE;
248 /* dont_deliver must NOT be reset */
249 header_list = header_last = NULL;
250 host_lookup_deferred = FALSE;
251 host_lookup_failed = FALSE;
252 interface_address = NULL;
253 interface_port = 0;
254 local_error_message = FALSE;
255 local_scan_data = NULL;
256 max_received_linelength = 0;
257 message_linecount = 0;
258 received_protocol = NULL;
259 received_count = 0;
260 recipients_list = NULL;
261 sender_address = NULL;
262 sender_fullhost = NULL;
263 sender_helo_name = NULL;
264 sender_host_address = NULL;
265 sender_host_name = NULL;
266 sender_host_port = 0;
267 sender_host_authenticated = NULL;
268 sender_ident = NULL;
269 sender_local = FALSE;
270 sender_set_untrusted = FALSE;
271 smtp_active_hostname = primary_hostname;
272 tree_nonrecipients = NULL;
273
274 #ifdef EXPERIMENTAL_BRIGHTMAIL
275 bmi_run = 0;
276 bmi_verdicts = NULL;
277 #endif
278
279 #ifndef DISABLE_DKIM
280 dkim_signers = NULL;
281 dkim_disable_verify = FALSE;
282 dkim_collect_input = FALSE;
283 #endif
284
285 #ifdef SUPPORT_TLS
286 tls_in.certificate_verified = FALSE;
287 # ifdef EXPERIMENTAL_DANE
288 tls_in.dane_verified = FALSE;
289 # endif
290 tls_in.cipher = NULL;
291 # ifndef COMPILE_UTILITY /* tls support fns not built in */
292 tls_free_cert(&tls_in.ourcert);
293 tls_free_cert(&tls_in.peercert);
294 # endif
295 tls_in.peerdn = NULL;
296 tls_in.sni = NULL;
297 tls_in.ocsp = OCSP_NOT_REQ;
298 #endif
299
300 #ifdef WITH_CONTENT_SCAN
301 spam_score_int = NULL;
302 #endif
303
304 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
305 message_smtputf8 = FALSE;
306 message_utf8_downconvert = 0;
307 #endif
308
309 dsn_ret = 0;
310 dsn_envid = NULL;
311
312 /* Generate the full name and open the file. If message_subdir is already
313 set, just look in the given directory. Otherwise, look in both the split
314 and unsplit directories, as for the data file above. */
315
316 for (n = 0; n < 2; n++)
317 {
318 if (!subdir_set)
319 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
320 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
321 name);
322 f = Ufopen(big_buffer, "rb");
323 if (f != NULL) break;
324 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
325 }
326
327 errno = 0;
328
329 #ifndef COMPILE_UTILITY
330 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
331 #endif /* COMPILE_UTILITY */
332
333 /* The first line of a spool file contains the message id followed by -H (i.e.
334 the file name), in order to make the file self-identifying. */
335
336 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
337 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
338 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
339 goto SPOOL_FORMAT_ERROR;
340
341 /* The next three lines in the header file are in a fixed format. The first
342 contains the login, uid, and gid of the user who caused the file to be written.
343 There are known cases where a negative gid is used, so we allow for both
344 negative uids and gids. The second contains the mail address of the message's
345 sender, enclosed in <>. The third contains the time the message was received,
346 and the number of warning messages for delivery delays that have been sent. */
347
348 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
349
350 p = big_buffer + Ustrlen(big_buffer);
351 while (p > big_buffer && isspace(p[-1])) p--;
352 *p = 0;
353 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
354 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
355 gid = Uatoi(p);
356 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
357 *p = 0;
358 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
359 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
360 uid = Uatoi(p);
361 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
362 *p = 0;
363
364 originator_login = string_copy(big_buffer);
365 originator_uid = (uid_t)uid;
366 originator_gid = (gid_t)gid;
367
368 /* envelope from */
369 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
370 n = Ustrlen(big_buffer);
371 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
372 goto SPOOL_FORMAT_ERROR;
373
374 sender_address = store_get(n-2);
375 Ustrncpy(sender_address, big_buffer+1, n-3);
376 sender_address[n-3] = 0;
377
378 /* time */
379 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
380 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
381 goto SPOOL_FORMAT_ERROR;
382
383 message_age = time(NULL) - received_time;
384
385 #ifndef COMPILE_UTILITY
386 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
387 originator_login, (long int)originator_uid, (long int)originator_gid,
388 sender_address);
389 #endif /* COMPILE_UTILITY */
390
391 /* Now there may be a number of optional lines, each starting with "-". If you
392 add a new setting here, make sure you set the default above.
393
394 Because there are now quite a number of different possibilities, we use a
395 switch on the first character to avoid too many failing tests. Thanks to Nico
396 Erfurth for the patch that implemented this. I have made it even more efficient
397 by not re-scanning the first two characters.
398
399 To allow new versions of Exim that add additional flags to interwork with older
400 versions that do not understand them, just ignore any lines starting with "-"
401 that we don't recognize. Otherwise it wouldn't be possible to back off a new
402 version that left new-style flags written on the spool. */
403
404 p = big_buffer + 2;
405 for (;;)
406 {
407 int len;
408 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
409 if (big_buffer[0] != '-') break;
410 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
411 && big_buffer[len-1] != '\n'
412 )
413 { /* buffer not big enough for line; certs make this possible */
414 uschar * buf;
415 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
416 buf = store_get_perm(big_buffer_size *= 2);
417 memcpy(buf, big_buffer, --len);
418 big_buffer = buf;
419 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
420 goto SPOOL_READ_ERROR;
421 }
422 big_buffer[len-1] = 0;
423
424 switch(big_buffer[1])
425 {
426 case 'a':
427
428 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
429 variable, because Exim allows any number of them, with arbitrary names.
430 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
431 the c or m. */
432
433 if (Ustrncmp(p, "clc ", 4) == 0 ||
434 Ustrncmp(p, "clm ", 4) == 0)
435 {
436 uschar *name, *endptr;
437 int count;
438 tree_node *node;
439 endptr = Ustrchr(big_buffer + 6, ' ');
440 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
441 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
442 big_buffer + 6);
443 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
444 node = acl_var_create(name);
445 node->data.ptr = store_get(count + 1);
446 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
447 ((uschar*)node->data.ptr)[count] = 0;
448 }
449
450 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
451 allow_unqualified_recipient = TRUE;
452 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
453 allow_unqualified_sender = TRUE;
454
455 else if (Ustrncmp(p, "uth_id", 6) == 0)
456 authenticated_id = string_copy(big_buffer + 9);
457 else if (Ustrncmp(p, "uth_sender", 10) == 0)
458 authenticated_sender = string_copy(big_buffer + 13);
459 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
460 smtp_active_hostname = string_copy(big_buffer + 17);
461
462 /* For long-term backward compatibility, we recognize "-acl", which was
463 used before the number of ACL variables changed from 10 to 20. This was
464 before the subsequent change to an arbitrary number of named variables.
465 This code is retained so that upgrades from very old versions can still
466 handle old-format spool files. The value given after "-acl" is a number
467 that is 0-9 for connection variables, and 10-19 for message variables. */
468
469 else if (Ustrncmp(p, "cl ", 3) == 0)
470 {
471 int index, count;
472 uschar name[20]; /* Need plenty of space for %d format */
473 tree_node *node;
474 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
475 goto SPOOL_FORMAT_ERROR;
476 if (index < 10)
477 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
478 else if (index < 20) /* ignore out-of-range index */
479 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
480 node = acl_var_create(name);
481 node->data.ptr = store_get(count + 1);
482 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
483 ((uschar*)node->data.ptr)[count] = 0;
484 }
485 break;
486
487 case 'b':
488 if (Ustrncmp(p, "ody_linecount", 13) == 0)
489 body_linecount = Uatoi(big_buffer + 15);
490 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
491 body_zerocount = Uatoi(big_buffer + 15);
492 #ifdef EXPERIMENTAL_BRIGHTMAIL
493 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
494 bmi_verdicts = string_copy(big_buffer + 14);
495 #endif
496 break;
497
498 case 'd':
499 if (Ustrcmp(p, "eliver_firsttime") == 0)
500 deliver_firsttime = TRUE;
501 /* Check if the dsn flags have been set in the header file */
502 else if (Ustrncmp(p, "sn_ret", 6) == 0)
503 dsn_ret= atoi(CS big_buffer + 8);
504 else if (Ustrncmp(p, "sn_envid", 8) == 0)
505 dsn_envid = string_copy(big_buffer + 11);
506 break;
507
508 case 'f':
509 if (Ustrncmp(p, "rozen", 5) == 0)
510 {
511 deliver_freeze = TRUE;
512 sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
513 }
514 break;
515
516 case 'h':
517 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
518 host_lookup_deferred = TRUE;
519 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
520 host_lookup_failed = TRUE;
521 else if (Ustrncmp(p, "ost_auth", 8) == 0)
522 sender_host_authenticated = string_copy(big_buffer + 11);
523 else if (Ustrncmp(p, "ost_name", 8) == 0)
524 sender_host_name = string_copy(big_buffer + 11);
525 else if (Ustrncmp(p, "elo_name", 8) == 0)
526 sender_helo_name = string_copy(big_buffer + 11);
527
528 /* We now record the port number after the address, separated by a
529 dot. For compatibility during upgrading, do nothing if there
530 isn't a value (it gets left at zero). */
531
532 else if (Ustrncmp(p, "ost_address", 11) == 0)
533 {
534 sender_host_port = host_address_extract_port(big_buffer + 14);
535 sender_host_address = string_copy(big_buffer + 14);
536 }
537 break;
538
539 case 'i':
540 if (Ustrncmp(p, "nterface_address", 16) == 0)
541 {
542 interface_port = host_address_extract_port(big_buffer + 19);
543 interface_address = string_copy(big_buffer + 19);
544 }
545 else if (Ustrncmp(p, "dent", 4) == 0)
546 sender_ident = string_copy(big_buffer + 7);
547 break;
548
549 case 'l':
550 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
551 else if (Ustrcmp(big_buffer, "-localerror") == 0)
552 local_error_message = TRUE;
553 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
554 local_scan_data = string_copy(big_buffer + 12);
555 break;
556
557 case 'm':
558 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
559 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
560 max_received_linelength = Uatoi(big_buffer + 24);
561 break;
562
563 case 'N':
564 if (*p == 0) dont_deliver = TRUE; /* -N */
565 break;
566
567 case 'r':
568 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
569 received_protocol = string_copy(big_buffer + 19);
570 break;
571
572 case 's':
573 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
574 sender_set_untrusted = TRUE;
575 #ifdef WITH_CONTENT_SCAN
576 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
577 spam_score_int = string_copy(big_buffer + 16);
578 #endif
579 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
580 else if (Ustrncmp(p, "mtputf8", 7) == 0)
581 message_smtputf8 = TRUE;
582 #endif
583 break;
584
585 #ifdef SUPPORT_TLS
586 case 't':
587 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
588 tls_in.certificate_verified = TRUE;
589 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
590 tls_in.cipher = string_copy(big_buffer + 12);
591 # ifndef COMPILE_UTILITY /* tls support fns not built in */
592 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
593 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
594 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
595 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
596 # endif
597 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
598 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
599 else if (Ustrncmp(p, "ls_sni", 6) == 0)
600 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
601 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
602 tls_in.ocsp = big_buffer[10] - '0';
603 break;
604 #endif
605
606 #if defined(EXPERIMENTAL_INTERNATIONAL) && !defined(COMPILE_UTILITY)
607 case 'u':
608 if (Ustrncmp(p, "tf8_downcvt", 11) == 0)
609 message_utf8_downconvert = 1;
610 else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0)
611 message_utf8_downconvert = -1;
612 break;
613 #endif
614
615 default: /* Present because some compilers complain if all */
616 break; /* possibilities are not covered. */
617 }
618 }
619
620 /* Build sender_fullhost if required */
621
622 #ifndef COMPILE_UTILITY
623 host_build_sender_fullhost();
624 #endif /* COMPILE_UTILITY */
625
626 #ifndef COMPILE_UTILITY
627 DEBUG(D_deliver)
628 debug_printf("sender_local=%d ident=%s\n", sender_local,
629 (sender_ident == NULL)? US"unset" : sender_ident);
630 #endif /* COMPILE_UTILITY */
631
632 /* We now have the tree of addresses NOT to deliver to, or a line
633 containing "XX", indicating no tree. */
634
635 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
636 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
637 goto SPOOL_FORMAT_ERROR;
638
639 #ifndef COMPILE_UTILITY
640 DEBUG(D_deliver)
641 {
642 debug_printf("Non-recipients:\n");
643 debug_print_tree(tree_nonrecipients);
644 }
645 #endif /* COMPILE_UTILITY */
646
647 /* After reading the tree, the next line has not yet been read into the
648 buffer. It contains the count of recipients which follow on separate lines. */
649
650 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
651 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
652
653 #ifndef COMPILE_UTILITY
654 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
655 #endif /* COMPILE_UTILITY */
656
657 recipients_list_max = rcount;
658 recipients_list = store_get(rcount * sizeof(recipient_item));
659
660 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
661 {
662 int nn;
663 int pno = -1;
664 int dsn_flags = 0;
665 uschar *orcpt = NULL;
666 uschar *errors_to = NULL;
667 uschar *p;
668
669 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
670 nn = Ustrlen(big_buffer);
671 if (nn < 2) goto SPOOL_FORMAT_ERROR;
672
673 /* Remove the newline; this terminates the address if there is no additional
674 data on the line. */
675
676 p = big_buffer + nn - 1;
677 *p-- = 0;
678
679 /* Look back from the end of the line for digits and special terminators.
680 Since an address must end with a domain, we can tell that extra data is
681 present by the presence of the terminator, which is always some character
682 that cannot exist in a domain. (If I'd thought of the need for additional
683 data early on, I'd have put it at the start, with the address at the end. As
684 it is, we have to operate backwards. Addresses are permitted to contain
685 spaces, you see.)
686
687 This code has to cope with various versions of this data that have evolved
688 over time. In all cases, the line might just contain an address, with no
689 additional data. Otherwise, the possibilities are as follows:
690
691 Exim 3 type: <address><space><digits>,<digits>,<digits>
692
693 The second set of digits is the parent number for one_time addresses. The
694 other values were remnants of earlier experiments that were abandoned.
695
696 Exim 4 first type: <address><space><digits>
697
698 The digits are the parent number for one_time addresses.
699
700 Exim 4 new type: <address><space><data>#<type bits>
701
702 The type bits indicate what the contents of the data are.
703
704 Bit 01 indicates that, reading from right to left, the data
705 ends with <errors_to address><space><len>,<pno> where pno is
706 the parent number for one_time addresses, and len is the length
707 of the errors_to address (zero meaning none).
708
709 Bit 02 indicates that, again reading from right to left, the data continues
710 with orcpt len(orcpt),dsn_flags
711 */
712
713 while (isdigit(*p)) p--;
714
715 /* Handle Exim 3 spool files */
716
717 if (*p == ',')
718 {
719 int dummy;
720 while (isdigit(*(--p)) || *p == ',');
721 if (*p == ' ')
722 {
723 *p++ = 0;
724 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
725 }
726 }
727
728 /* Handle early Exim 4 spool files */
729
730 else if (*p == ' ')
731 {
732 *p++ = 0;
733 (void)sscanf(CS p, "%d", &pno);
734 }
735
736 /* Handle current format Exim 4 spool files */
737
738 else if (*p == '#')
739 {
740 int flags;
741
742 #if !defined (COMPILE_UTILITY)
743 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
744 #endif
745
746 (void)sscanf(CS p+1, "%d", &flags);
747
748 if ((flags & 0x01) != 0) /* one_time data exists */
749 {
750 int len;
751 while (isdigit(*(--p)) || *p == ',' || *p == '-');
752 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
753 *p = 0;
754 if (len > 0)
755 {
756 p -= len;
757 errors_to = string_copy(p);
758 }
759 }
760
761 *(--p) = 0; /* Terminate address */
762 if ((flags & 0x02) != 0) /* one_time data exists */
763 {
764 int len;
765 while (isdigit(*(--p)) || *p == ',' || *p == '-');
766 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
767 *p = 0;
768 if (len > 0)
769 {
770 p -= len;
771 orcpt = string_copy(p);
772 }
773 }
774
775 *(--p) = 0; /* Terminate address */
776 }
777 #if !defined(COMPILE_UTILITY)
778 else
779 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
780
781 if ((orcpt != NULL) || (dsn_flags != 0))
782 {
783 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
784 big_buffer, orcpt, dsn_flags);
785 }
786 if (errors_to != NULL)
787 {
788 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
789 big_buffer, errors_to);
790 }
791 #endif
792
793 recipients_list[recipients_count].address = string_copy(big_buffer);
794 recipients_list[recipients_count].pno = pno;
795 recipients_list[recipients_count].errors_to = errors_to;
796 recipients_list[recipients_count].orcpt = orcpt;
797 recipients_list[recipients_count].dsn_flags = dsn_flags;
798 }
799
800 /* The remainder of the spool header file contains the headers for the message,
801 separated off from the previous data by a blank line. Each header is preceded
802 by a count of its length and either a certain letter (for various identified
803 headers), space (for a miscellaneous live header) or an asterisk (for a header
804 that has been rewritten). Count the Received: headers. We read the headers
805 always, in order to check on the format of the file, but only create a header
806 list if requested to do so. */
807
808 inheader = TRUE;
809 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
810 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
811
812 while ((n = fgetc(f)) != EOF)
813 {
814 header_line *h;
815 uschar flag[4];
816 int i;
817
818 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
819 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
820 goto SPOOL_READ_ERROR;
821 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
822
823 if (read_headers)
824 {
825 h = store_get(sizeof(header_line));
826 h->next = NULL;
827 h->type = flag[0];
828 h->slen = n;
829 h->text = store_get(n+1);
830
831 if (h->type == htype_received) received_count++;
832
833 if (header_list == NULL) header_list = h;
834 else header_last->next = h;
835 header_last = h;
836
837 for (i = 0; i < n; i++)
838 {
839 int c = fgetc(f);
840 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
841 if (c == '\n' && h->type != htype_old) message_linecount++;
842 h->text[i] = c;
843 }
844 h->text[i] = 0;
845 }
846
847 /* Not requiring header data, just skip through the bytes */
848
849 else for (i = 0; i < n; i++)
850 {
851 int c = fgetc(f);
852 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
853 }
854 }
855
856 /* We have successfully read the data in the header file. Update the message
857 line count by adding the body linecount to the header linecount. Close the file
858 and give a positive response. */
859
860 #ifndef COMPILE_UTILITY
861 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
862 body_linecount, message_linecount);
863 #endif /* COMPILE_UTILITY */
864
865 message_linecount += body_linecount;
866
867 fclose(f);
868 return spool_read_OK;
869
870
871 /* There was an error reading the spool or there was missing data,
872 or there was a format error. A "read error" with no errno means an
873 unexpected EOF, which we treat as a format error. */
874
875 SPOOL_READ_ERROR:
876 if (errno != 0)
877 {
878 n = errno;
879
880 #ifndef COMPILE_UTILITY
881 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
882 #endif /* COMPILE_UTILITY */
883
884 fclose(f);
885 errno = n;
886 return inheader? spool_read_hdrerror : spool_read_enverror;
887 }
888
889 SPOOL_FORMAT_ERROR:
890
891 #ifndef COMPILE_UTILITY
892 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
893 #endif /* COMPILE_UTILITY */
894
895 fclose(f);
896 errno = ERRNO_SPOOLFORMAT;
897 return inheader? spool_read_hdrerror : spool_read_enverror;
898 }
899
900 /* vi: aw ai sw=2
901 */
902 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.