projects / exim.git / blob
? search:


6341387a206f45f6a91181548e26e1da3d0b2cb2
[exim.git] / src / src / spool_in.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2016 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
10
11
12 #include "exim.h"
13
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
20
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
26 with append.
27
28 Argument: the id of the message
29 Returns: fd if file successfully opened and locked, else -1
30
31 Side effect: message_subdir is set for the (possibly split) spool directory
32 */
33
34 int
35 spool_open_datafile(uschar *id)
36 {
37 int i;
38 struct stat statbuf;
39 flock_t lock_data;
40 uschar spoolname[256];
41 int fd;
42
43 /* If split_spool_directory is set, first look for the file in the appropriate
44 sub-directory of the input directory. If it is not found there, try the input
45 directory itself, to pick up leftovers from before the splitting. If split_
46 spool_directory is not set, first look in the main input directory. If it is
47 not found there, try the split sub-directory, in case it is left over from a
48 splitting state. */
49
50 for (i = 0; i < 2; i++)
51 {
52 int save_errno;
53 message_subdir[0] = split_spool_directory == (i == 0) ? id[5] : 0;
54 snprintf(CS spoolname, sizeof(spoolname), "%s/input/%s/%s/%s-D",
55 spool_directory, queue_name, message_subdir, id);
56 DEBUG(D_deliver) debug_printf("Trying spool file %s\n", spoolname);
57
58 if ((fd = Uopen(spoolname, O_RDWR | O_APPEND, 0)) >= 0)
59 break;
60 save_errno = errno;
61 if (errno == ENOENT)
62 {
63 if (i == 0) continue;
64 if (!queue_running)
65 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
66 }
67 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
68 strerror(errno));
69 errno = save_errno;
70 return -1;
71 }
72
73 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
74 the file. We lock only the first line of the file (containing the message ID)
75 because this apparently is needed for running Exim under Cygwin. If the entire
76 file is locked in one process, a sub-process cannot access it, even when passed
77 an open file descriptor (at least, I think that's the Cygwin story). On real
78 Unix systems it doesn't make any difference as long as Exim is consistent in
79 what it locks. */
80
81 (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) |
82 FD_CLOEXEC);
83
84 lock_data.l_type = F_WRLCK;
85 lock_data.l_whence = SEEK_SET;
86 lock_data.l_start = 0;
87 lock_data.l_len = SPOOL_DATA_START_OFFSET;
88
89 if (fcntl(fd, F_SETLK, &lock_data) < 0)
90 {
91 log_write(L_skip_delivery,
92 LOG_MAIN,
93 "Spool file is locked (another process is handling this message)");
94 (void)close(fd);
95 errno = 0;
96 return -1;
97 }
98
99 /* Get the size of the data; don't include the leading filename line
100 in the count, but add one for the newline before the data. */
101
102 if (fstat(fd, &statbuf) == 0)
103 {
104 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
105 message_size = message_body_size + 1;
106 }
107
108 return fd;
109 }
110 #endif /* COMPILE_UTILITY */
111
112
113
114 /*************************************************
115 * Read non-recipients tree from spool file *
116 *************************************************/
117
118 /* The tree of non-recipients is written to the spool file in a form that
119 makes it easy to read back into a tree. The format is as follows:
120
121 . Each node is preceded by two letter(Y/N) indicating whether it has left
122 or right children. There's one space after the two flags, before the name.
123
124 . The left subtree (if any) then follows, then the right subtree (if any).
125
126 This function is entered with the next input line in the buffer. Note we must
127 save the right flag before recursing with the same buffer.
128
129 Once the tree is read, we re-construct the balance fields by scanning the tree.
130 I forgot to write them out originally, and the compatible fix is to do it this
131 way. This initial local recursing function does the necessary.
132
133 Arguments:
134 node tree node
135
136 Returns: maximum depth below the node, including the node itself
137 */
138
139 static int
140 count_below(tree_node *node)
141 {
142 int nleft, nright;
143 if (node == NULL) return 0;
144 nleft = count_below(node->left);
145 nright = count_below(node->right);
146 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
147 return 1 + ((nleft > nright)? nleft : nright);
148 }
149
150 /* This is the real function...
151
152 Arguments:
153 connect pointer to the root of the tree
154 f FILE to read data from
155 buffer contains next input line; further lines read into it
156 buffer_size size of the buffer
157
158 Returns: FALSE on format error
159 */
160
161 static BOOL
162 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
163 int buffer_size)
164 {
165 tree_node *node;
166 int n = Ustrlen(buffer);
167 BOOL right = buffer[1] == 'Y';
168
169 if (n < 5) return FALSE; /* malformed line */
170 buffer[n-1] = 0; /* Remove \n */
171 node = store_get(sizeof(tree_node) + n - 3);
172 *connect = node;
173 Ustrcpy(node->name, buffer + 3);
174 node->data.ptr = NULL;
175
176 if (buffer[0] == 'Y')
177 {
178 if (Ufgets(buffer, buffer_size, f) == NULL ||
179 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
180 return FALSE;
181 }
182 else node->left = NULL;
183
184 if (right)
185 {
186 if (Ufgets(buffer, buffer_size, f) == NULL ||
187 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
188 return FALSE;
189 }
190 else node->right = NULL;
191
192 (void) count_below(*connect);
193 return TRUE;
194 }
195
196
197
198
199 /*************************************************
200 * Read spool header file *
201 *************************************************/
202
203 /* This function reads a spool header file and places the data into the
204 appropriate global variables. The header portion is always read, but header
205 structures are built only if read_headers is set true. It isn't, for example,
206 while generating -bp output.
207
208 It may be possible for blocks of nulls (binary zeroes) to get written on the
209 end of a file if there is a system crash during writing. It was observed on an
210 earlier version of Exim that omitted to fsync() the files - this is thought to
211 have been the cause of that incident, but in any case, this code must be robust
212 against such an event, and if such a file is encountered, it must be treated as
213 malformed.
214
215 Arguments:
216 name name of the header file, including the -H
217 read_headers TRUE if in-store header structures are to be built
218 subdir_set TRUE is message_subdir is already set
219
220 Returns: spool_read_OK success
221 spool_read_notopen open failed
222 spool_read_enverror error in the envelope portion
223 spool_read_hdrdrror error in the header portion
224 */
225
226 int
227 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
228 {
229 FILE *f = NULL;
230 int n;
231 int rcount = 0;
232 long int uid, gid;
233 BOOL inheader = FALSE;
234 uschar *p;
235
236 /* Reset all the global variables to their default values. However, there is
237 one exception. DO NOT change the default value of dont_deliver, because it may
238 be forced by an external setting. */
239
240 acl_var_c = acl_var_m = NULL;
241 authenticated_id = NULL;
242 authenticated_sender = NULL;
243 allow_unqualified_recipient = FALSE;
244 allow_unqualified_sender = FALSE;
245 body_linecount = 0;
246 body_zerocount = 0;
247 deliver_firsttime = FALSE;
248 deliver_freeze = FALSE;
249 deliver_frozen_at = 0;
250 deliver_manual_thaw = FALSE;
251 /* dont_deliver must NOT be reset */
252 header_list = header_last = NULL;
253 host_lookup_deferred = FALSE;
254 host_lookup_failed = FALSE;
255 interface_address = NULL;
256 interface_port = 0;
257 local_error_message = FALSE;
258 local_scan_data = NULL;
259 max_received_linelength = 0;
260 message_linecount = 0;
261 received_protocol = NULL;
262 received_count = 0;
263 recipients_list = NULL;
264 sender_address = NULL;
265 sender_fullhost = NULL;
266 sender_helo_name = NULL;
267 sender_host_address = NULL;
268 sender_host_name = NULL;
269 sender_host_port = 0;
270 sender_host_authenticated = NULL;
271 sender_ident = NULL;
272 sender_local = FALSE;
273 sender_set_untrusted = FALSE;
274 smtp_active_hostname = primary_hostname;
275 tree_nonrecipients = NULL;
276
277 #ifdef EXPERIMENTAL_BRIGHTMAIL
278 bmi_run = 0;
279 bmi_verdicts = NULL;
280 #endif
281
282 #ifndef DISABLE_DKIM
283 dkim_signers = NULL;
284 dkim_disable_verify = FALSE;
285 dkim_collect_input = FALSE;
286 #endif
287
288 #ifdef SUPPORT_TLS
289 tls_in.certificate_verified = FALSE;
290 # ifdef EXPERIMENTAL_DANE
291 tls_in.dane_verified = FALSE;
292 # endif
293 tls_in.cipher = NULL;
294 # ifndef COMPILE_UTILITY /* tls support fns not built in */
295 tls_free_cert(&tls_in.ourcert);
296 tls_free_cert(&tls_in.peercert);
297 # endif
298 tls_in.peerdn = NULL;
299 tls_in.sni = NULL;
300 tls_in.ocsp = OCSP_NOT_REQ;
301 #endif
302
303 #ifdef WITH_CONTENT_SCAN
304 spam_bar = NULL;
305 spam_score = NULL;
306 spam_score_int = NULL;
307 #endif
308
309 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
310 message_smtputf8 = FALSE;
311 message_utf8_downconvert = 0;
312 #endif
313
314 dsn_ret = 0;
315 dsn_envid = NULL;
316
317 /* Generate the full name and open the file. If message_subdir is already
318 set, just look in the given directory. Otherwise, look in both the split
319 and unsplit directories, as for the data file above. */
320
321 for (n = 0; n < 2; n++)
322 {
323 if (!subdir_set)
324 message_subdir[0] = split_spool_directory == (n == 0) ? name[5] : 0;
325 sprintf(CS big_buffer, "%s/input/%s/%s/%s",
326 spool_directory, queue_name, message_subdir, name);
327 if ((f = Ufopen(big_buffer, "rb"))) break;
328 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
329 }
330
331 errno = 0;
332
333 #ifndef COMPILE_UTILITY
334 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
335 #endif /* COMPILE_UTILITY */
336
337 /* The first line of a spool file contains the message id followed by -H (i.e.
338 the file name), in order to make the file self-identifying. */
339
340 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
341 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
342 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
343 goto SPOOL_FORMAT_ERROR;
344
345 /* The next three lines in the header file are in a fixed format. The first
346 contains the login, uid, and gid of the user who caused the file to be written.
347 There are known cases where a negative gid is used, so we allow for both
348 negative uids and gids. The second contains the mail address of the message's
349 sender, enclosed in <>. The third contains the time the message was received,
350 and the number of warning messages for delivery delays that have been sent. */
351
352 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
353
354 p = big_buffer + Ustrlen(big_buffer);
355 while (p > big_buffer && isspace(p[-1])) p--;
356 *p = 0;
357 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
358 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
359 gid = Uatoi(p);
360 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
361 *p = 0;
362 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
363 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
364 uid = Uatoi(p);
365 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
366 *p = 0;
367
368 originator_login = string_copy(big_buffer);
369 originator_uid = (uid_t)uid;
370 originator_gid = (gid_t)gid;
371
372 /* envelope from */
373 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
374 n = Ustrlen(big_buffer);
375 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
376 goto SPOOL_FORMAT_ERROR;
377
378 sender_address = store_get(n-2);
379 Ustrncpy(sender_address, big_buffer+1, n-3);
380 sender_address[n-3] = 0;
381
382 /* time */
383 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
384 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
385 goto SPOOL_FORMAT_ERROR;
386
387 message_age = time(NULL) - received_time;
388
389 #ifndef COMPILE_UTILITY
390 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
391 originator_login, (long int)originator_uid, (long int)originator_gid,
392 sender_address);
393 #endif /* COMPILE_UTILITY */
394
395 /* Now there may be a number of optional lines, each starting with "-". If you
396 add a new setting here, make sure you set the default above.
397
398 Because there are now quite a number of different possibilities, we use a
399 switch on the first character to avoid too many failing tests. Thanks to Nico
400 Erfurth for the patch that implemented this. I have made it even more efficient
401 by not re-scanning the first two characters.
402
403 To allow new versions of Exim that add additional flags to interwork with older
404 versions that do not understand them, just ignore any lines starting with "-"
405 that we don't recognize. Otherwise it wouldn't be possible to back off a new
406 version that left new-style flags written on the spool. */
407
408 p = big_buffer + 2;
409 for (;;)
410 {
411 int len;
412 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
413 if (big_buffer[0] != '-') break;
414 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
415 && big_buffer[len-1] != '\n'
416 )
417 { /* buffer not big enough for line; certs make this possible */
418 uschar * buf;
419 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
420 buf = store_get_perm(big_buffer_size *= 2);
421 memcpy(buf, big_buffer, --len);
422 big_buffer = buf;
423 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
424 goto SPOOL_READ_ERROR;
425 }
426 big_buffer[len-1] = 0;
427
428 switch(big_buffer[1])
429 {
430 case 'a':
431
432 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
433 variable, because Exim allows any number of them, with arbitrary names.
434 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
435 the c or m. */
436
437 if (Ustrncmp(p, "clc ", 4) == 0 ||
438 Ustrncmp(p, "clm ", 4) == 0)
439 {
440 uschar *name, *endptr;
441 int count;
442 tree_node *node;
443 endptr = Ustrchr(big_buffer + 6, ' ');
444 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
445 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
446 big_buffer + 6);
447 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
448 node = acl_var_create(name);
449 node->data.ptr = store_get(count + 1);
450 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
451 ((uschar*)node->data.ptr)[count] = 0;
452 }
453
454 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
455 allow_unqualified_recipient = TRUE;
456 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
457 allow_unqualified_sender = TRUE;
458
459 else if (Ustrncmp(p, "uth_id", 6) == 0)
460 authenticated_id = string_copy(big_buffer + 9);
461 else if (Ustrncmp(p, "uth_sender", 10) == 0)
462 authenticated_sender = string_copy(big_buffer + 13);
463 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
464 smtp_active_hostname = string_copy(big_buffer + 17);
465
466 /* For long-term backward compatibility, we recognize "-acl", which was
467 used before the number of ACL variables changed from 10 to 20. This was
468 before the subsequent change to an arbitrary number of named variables.
469 This code is retained so that upgrades from very old versions can still
470 handle old-format spool files. The value given after "-acl" is a number
471 that is 0-9 for connection variables, and 10-19 for message variables. */
472
473 else if (Ustrncmp(p, "cl ", 3) == 0)
474 {
475 int index, count;
476 uschar name[20]; /* Need plenty of space for %d format */
477 tree_node *node;
478 if ( sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2
479 || index >= 20
480 )
481 goto SPOOL_FORMAT_ERROR;
482 if (index < 10)
483 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
484 else
485 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
486 node = acl_var_create(name);
487 node->data.ptr = store_get(count + 1);
488 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
489 ((uschar*)node->data.ptr)[count] = 0;
490 }
491 break;
492
493 case 'b':
494 if (Ustrncmp(p, "ody_linecount", 13) == 0)
495 body_linecount = Uatoi(big_buffer + 15);
496 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
497 body_zerocount = Uatoi(big_buffer + 15);
498 #ifdef EXPERIMENTAL_BRIGHTMAIL
499 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
500 bmi_verdicts = string_copy(big_buffer + 14);
501 #endif
502 break;
503
504 case 'd':
505 if (Ustrcmp(p, "eliver_firsttime") == 0)
506 deliver_firsttime = TRUE;
507 /* Check if the dsn flags have been set in the header file */
508 else if (Ustrncmp(p, "sn_ret", 6) == 0)
509 dsn_ret= atoi(CS big_buffer + 8);
510 else if (Ustrncmp(p, "sn_envid", 8) == 0)
511 dsn_envid = string_copy(big_buffer + 11);
512 break;
513
514 case 'f':
515 if (Ustrncmp(p, "rozen", 5) == 0)
516 {
517 deliver_freeze = TRUE;
518 if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1)
519 goto SPOOL_READ_ERROR;
520 }
521 break;
522
523 case 'h':
524 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
525 host_lookup_deferred = TRUE;
526 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
527 host_lookup_failed = TRUE;
528 else if (Ustrncmp(p, "ost_auth", 8) == 0)
529 sender_host_authenticated = string_copy(big_buffer + 11);
530 else if (Ustrncmp(p, "ost_name", 8) == 0)
531 sender_host_name = string_copy(big_buffer + 11);
532 else if (Ustrncmp(p, "elo_name", 8) == 0)
533 sender_helo_name = string_copy(big_buffer + 11);
534
535 /* We now record the port number after the address, separated by a
536 dot. For compatibility during upgrading, do nothing if there
537 isn't a value (it gets left at zero). */
538
539 else if (Ustrncmp(p, "ost_address", 11) == 0)
540 {
541 sender_host_port = host_address_extract_port(big_buffer + 14);
542 sender_host_address = string_copy(big_buffer + 14);
543 }
544 break;
545
546 case 'i':
547 if (Ustrncmp(p, "nterface_address", 16) == 0)
548 {
549 interface_port = host_address_extract_port(big_buffer + 19);
550 interface_address = string_copy(big_buffer + 19);
551 }
552 else if (Ustrncmp(p, "dent", 4) == 0)
553 sender_ident = string_copy(big_buffer + 7);
554 break;
555
556 case 'l':
557 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
558 else if (Ustrcmp(big_buffer, "-localerror") == 0)
559 local_error_message = TRUE;
560 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
561 local_scan_data = string_copy(big_buffer + 12);
562 break;
563
564 case 'm':
565 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
566 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
567 max_received_linelength = Uatoi(big_buffer + 24);
568 break;
569
570 case 'N':
571 if (*p == 0) dont_deliver = TRUE; /* -N */
572 break;
573
574 case 'r':
575 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
576 received_protocol = string_copy(big_buffer + 19);
577 break;
578
579 case 's':
580 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
581 sender_set_untrusted = TRUE;
582 #ifdef WITH_CONTENT_SCAN
583 else if (Ustrncmp(p, "pam_bar ", 8) == 0)
584 spam_bar = string_copy(big_buffer + 10);
585 else if (Ustrncmp(p, "pam_score ", 10) == 0)
586 spam_score = string_copy(big_buffer + 12);
587 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
588 spam_score_int = string_copy(big_buffer + 16);
589 #endif
590 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
591 else if (Ustrncmp(p, "mtputf8", 7) == 0)
592 message_smtputf8 = TRUE;
593 #endif
594 break;
595
596 #ifdef SUPPORT_TLS
597 case 't':
598 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
599 tls_in.certificate_verified = TRUE;
600 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
601 tls_in.cipher = string_copy(big_buffer + 12);
602 # ifndef COMPILE_UTILITY /* tls support fns not built in */
603 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
604 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
605 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
606 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
607 # endif
608 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
609 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
610 else if (Ustrncmp(p, "ls_sni", 6) == 0)
611 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
612 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
613 tls_in.ocsp = big_buffer[10] - '0';
614 break;
615 #endif
616
617 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
618 case 'u':
619 if (Ustrncmp(p, "tf8_downcvt", 11) == 0)
620 message_utf8_downconvert = 1;
621 else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0)
622 message_utf8_downconvert = -1;
623 break;
624 #endif
625
626 default: /* Present because some compilers complain if all */
627 break; /* possibilities are not covered. */
628 }
629 }
630
631 /* Build sender_fullhost if required */
632
633 #ifndef COMPILE_UTILITY
634 host_build_sender_fullhost();
635 #endif /* COMPILE_UTILITY */
636
637 #ifndef COMPILE_UTILITY
638 DEBUG(D_deliver)
639 debug_printf("sender_local=%d ident=%s\n", sender_local,
640 (sender_ident == NULL)? US"unset" : sender_ident);
641 #endif /* COMPILE_UTILITY */
642
643 /* We now have the tree of addresses NOT to deliver to, or a line
644 containing "XX", indicating no tree. */
645
646 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
647 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
648 goto SPOOL_FORMAT_ERROR;
649
650 #ifndef COMPILE_UTILITY
651 DEBUG(D_deliver)
652 {
653 debug_printf("Non-recipients:\n");
654 debug_print_tree(tree_nonrecipients);
655 }
656 #endif /* COMPILE_UTILITY */
657
658 /* After reading the tree, the next line has not yet been read into the
659 buffer. It contains the count of recipients which follow on separate lines. */
660
661 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
662 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
663
664 #ifndef COMPILE_UTILITY
665 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
666 #endif /* COMPILE_UTILITY */
667
668 recipients_list_max = rcount;
669 recipients_list = store_get(rcount * sizeof(recipient_item));
670
671 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
672 {
673 int nn;
674 int pno = -1;
675 int dsn_flags = 0;
676 uschar *orcpt = NULL;
677 uschar *errors_to = NULL;
678 uschar *p;
679
680 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
681 nn = Ustrlen(big_buffer);
682 if (nn < 2) goto SPOOL_FORMAT_ERROR;
683
684 /* Remove the newline; this terminates the address if there is no additional
685 data on the line. */
686
687 p = big_buffer + nn - 1;
688 *p-- = 0;
689
690 /* Look back from the end of the line for digits and special terminators.
691 Since an address must end with a domain, we can tell that extra data is
692 present by the presence of the terminator, which is always some character
693 that cannot exist in a domain. (If I'd thought of the need for additional
694 data early on, I'd have put it at the start, with the address at the end. As
695 it is, we have to operate backwards. Addresses are permitted to contain
696 spaces, you see.)
697
698 This code has to cope with various versions of this data that have evolved
699 over time. In all cases, the line might just contain an address, with no
700 additional data. Otherwise, the possibilities are as follows:
701
702 Exim 3 type: <address><space><digits>,<digits>,<digits>
703
704 The second set of digits is the parent number for one_time addresses. The
705 other values were remnants of earlier experiments that were abandoned.
706
707 Exim 4 first type: <address><space><digits>
708
709 The digits are the parent number for one_time addresses.
710
711 Exim 4 new type: <address><space><data>#<type bits>
712
713 The type bits indicate what the contents of the data are.
714
715 Bit 01 indicates that, reading from right to left, the data
716 ends with <errors_to address><space><len>,<pno> where pno is
717 the parent number for one_time addresses, and len is the length
718 of the errors_to address (zero meaning none).
719
720 Bit 02 indicates that, again reading from right to left, the data continues
721 with orcpt len(orcpt),dsn_flags
722 */
723
724 while (isdigit(*p)) p--;
725
726 /* Handle Exim 3 spool files */
727
728 if (*p == ',')
729 {
730 int dummy;
731 while (isdigit(*(--p)) || *p == ',');
732 if (*p == ' ')
733 {
734 *p++ = 0;
735 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
736 }
737 }
738
739 /* Handle early Exim 4 spool files */
740
741 else if (*p == ' ')
742 {
743 *p++ = 0;
744 (void)sscanf(CS p, "%d", &pno);
745 }
746
747 /* Handle current format Exim 4 spool files */
748
749 else if (*p == '#')
750 {
751 int flags;
752
753 #if !defined (COMPILE_UTILITY)
754 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
755 #endif
756
757 (void)sscanf(CS p+1, "%d", &flags);
758
759 if ((flags & 0x01) != 0) /* one_time data exists */
760 {
761 int len;
762 while (isdigit(*(--p)) || *p == ',' || *p == '-');
763 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
764 *p = 0;
765 if (len > 0)
766 {
767 p -= len;
768 errors_to = string_copy(p);
769 }
770 }
771
772 *(--p) = 0; /* Terminate address */
773 if ((flags & 0x02) != 0) /* one_time data exists */
774 {
775 int len;
776 while (isdigit(*(--p)) || *p == ',' || *p == '-');
777 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
778 *p = 0;
779 if (len > 0)
780 {
781 p -= len;
782 orcpt = string_copy(p);
783 }
784 }
785
786 *(--p) = 0; /* Terminate address */
787 }
788 #if !defined(COMPILE_UTILITY)
789 else
790 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
791
792 if ((orcpt != NULL) || (dsn_flags != 0))
793 {
794 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
795 big_buffer, orcpt, dsn_flags);
796 }
797 if (errors_to != NULL)
798 {
799 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
800 big_buffer, errors_to);
801 }
802 #endif
803
804 recipients_list[recipients_count].address = string_copy(big_buffer);
805 recipients_list[recipients_count].pno = pno;
806 recipients_list[recipients_count].errors_to = errors_to;
807 recipients_list[recipients_count].orcpt = orcpt;
808 recipients_list[recipients_count].dsn_flags = dsn_flags;
809 }
810
811 /* The remainder of the spool header file contains the headers for the message,
812 separated off from the previous data by a blank line. Each header is preceded
813 by a count of its length and either a certain letter (for various identified
814 headers), space (for a miscellaneous live header) or an asterisk (for a header
815 that has been rewritten). Count the Received: headers. We read the headers
816 always, in order to check on the format of the file, but only create a header
817 list if requested to do so. */
818
819 inheader = TRUE;
820 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
821 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
822
823 while ((n = fgetc(f)) != EOF)
824 {
825 header_line *h;
826 uschar flag[4];
827 int i;
828
829 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
830 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
831 goto SPOOL_READ_ERROR;
832 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
833
834 if (read_headers)
835 {
836 h = store_get(sizeof(header_line));
837 h->next = NULL;
838 h->type = flag[0];
839 h->slen = n;
840 h->text = store_get(n+1);
841
842 if (h->type == htype_received) received_count++;
843
844 if (header_list == NULL) header_list = h;
845 else header_last->next = h;
846 header_last = h;
847
848 for (i = 0; i < n; i++)
849 {
850 int c = fgetc(f);
851 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
852 if (c == '\n' && h->type != htype_old) message_linecount++;
853 h->text[i] = c;
854 }
855 h->text[i] = 0;
856 }
857
858 /* Not requiring header data, just skip through the bytes */
859
860 else for (i = 0; i < n; i++)
861 {
862 int c = fgetc(f);
863 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
864 }
865 }
866
867 /* We have successfully read the data in the header file. Update the message
868 line count by adding the body linecount to the header linecount. Close the file
869 and give a positive response. */
870
871 #ifndef COMPILE_UTILITY
872 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
873 body_linecount, message_linecount);
874 #endif /* COMPILE_UTILITY */
875
876 message_linecount += body_linecount;
877
878 fclose(f);
879 return spool_read_OK;
880
881
882 /* There was an error reading the spool or there was missing data,
883 or there was a format error. A "read error" with no errno means an
884 unexpected EOF, which we treat as a format error. */
885
886 SPOOL_READ_ERROR:
887 if (errno != 0)
888 {
889 n = errno;
890
891 #ifndef COMPILE_UTILITY
892 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
893 #endif /* COMPILE_UTILITY */
894
895 fclose(f);
896 errno = n;
897 return inheader? spool_read_hdrerror : spool_read_enverror;
898 }
899
900 SPOOL_FORMAT_ERROR:
901
902 #ifndef COMPILE_UTILITY
903 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
904 #endif /* COMPILE_UTILITY */
905
906 fclose(f);
907 errno = ERRNO_SPOOLFORMAT;
908 return inheader? spool_read_hdrerror : spool_read_enverror;
909 }
910
911 /* vi: aw ai sw=2
912 */
913 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.