projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'exim_github/pr/18'
[exim.git] / src / src / spool_in.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
10
11
12 #include "exim.h"
13
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
20
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
26 with append.
27
28 Argument: the id of the message
29 Returns: TRUE if file successfully opened and locked
30
31 Side effect: deliver_datafile is set to the fd of the open file.
32 */
33
34 BOOL
35 spool_open_datafile(uschar *id)
36 {
37 int i;
38 struct stat statbuf;
39 flock_t lock_data;
40 uschar spoolname[256];
41
42 /* If split_spool_directory is set, first look for the file in the appropriate
43 sub-directory of the input directory. If it is not found there, try the input
44 directory itself, to pick up leftovers from before the splitting. If split_
45 spool_directory is not set, first look in the main input directory. If it is
46 not found there, try the split sub-directory, in case it is left over from a
47 splitting state. */
48
49 for (i = 0; i < 2; i++)
50 {
51 int save_errno;
52 message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0;
53 sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id);
54 deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0);
55 if (deliver_datafile >= 0) break;
56 save_errno = errno;
57 if (errno == ENOENT)
58 {
59 if (i == 0) continue;
60 if (!queue_running)
61 log_write(0, LOG_MAIN, "Spool file %s-D not found", id);
62 }
63 else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname,
64 strerror(errno));
65 errno = save_errno;
66 return FALSE;
67 }
68
69 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
70 the file. We lock only the first line of the file (containing the message ID)
71 because this apparently is needed for running Exim under Cygwin. If the entire
72 file is locked in one process, a sub-process cannot access it, even when passed
73 an open file descriptor (at least, I think that's the Cygwin story). On real
74 Unix systems it doesn't make any difference as long as Exim is consistent in
75 what it locks. */
76
77 (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
78 FD_CLOEXEC);
79
80 lock_data.l_type = F_WRLCK;
81 lock_data.l_whence = SEEK_SET;
82 lock_data.l_start = 0;
83 lock_data.l_len = SPOOL_DATA_START_OFFSET;
84
85 if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0)
86 {
87 log_write(L_skip_delivery,
88 LOG_MAIN,
89 "Spool file is locked (another process is handling this message)");
90 (void)close(deliver_datafile);
91 deliver_datafile = -1;
92 errno = 0;
93 return FALSE;
94 }
95
96 /* Get the size of the data; don't include the leading filename line
97 in the count, but add one for the newline before the data. */
98
99 if (fstat(deliver_datafile, &statbuf) == 0)
100 {
101 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
102 message_size = message_body_size + 1;
103 }
104
105 return TRUE;
106 }
107 #endif /* COMPILE_UTILITY */
108
109
110
111 /*************************************************
112 * Read non-recipients tree from spool file *
113 *************************************************/
114
115 /* The tree of non-recipients is written to the spool file in a form that
116 makes it easy to read back into a tree. The format is as follows:
117
118 . Each node is preceded by two letter(Y/N) indicating whether it has left
119 or right children. There's one space after the two flags, before the name.
120
121 . The left subtree (if any) then follows, then the right subtree (if any).
122
123 This function is entered with the next input line in the buffer. Note we must
124 save the right flag before recursing with the same buffer.
125
126 Once the tree is read, we re-construct the balance fields by scanning the tree.
127 I forgot to write them out originally, and the compatible fix is to do it this
128 way. This initial local recursing function does the necessary.
129
130 Arguments:
131 node tree node
132
133 Returns: maximum depth below the node, including the node itself
134 */
135
136 static int
137 count_below(tree_node *node)
138 {
139 int nleft, nright;
140 if (node == NULL) return 0;
141 nleft = count_below(node->left);
142 nright = count_below(node->right);
143 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
144 return 1 + ((nleft > nright)? nleft : nright);
145 }
146
147 /* This is the real function...
148
149 Arguments:
150 connect pointer to the root of the tree
151 f FILE to read data from
152 buffer contains next input line; further lines read into it
153 buffer_size size of the buffer
154
155 Returns: FALSE on format error
156 */
157
158 static BOOL
159 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
160 int buffer_size)
161 {
162 tree_node *node;
163 int n = Ustrlen(buffer);
164 BOOL right = buffer[1] == 'Y';
165
166 if (n < 5) return FALSE; /* malformed line */
167 buffer[n-1] = 0; /* Remove \n */
168 node = store_get(sizeof(tree_node) + n - 3);
169 *connect = node;
170 Ustrcpy(node->name, buffer + 3);
171 node->data.ptr = NULL;
172
173 if (buffer[0] == 'Y')
174 {
175 if (Ufgets(buffer, buffer_size, f) == NULL ||
176 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
177 return FALSE;
178 }
179 else node->left = NULL;
180
181 if (right)
182 {
183 if (Ufgets(buffer, buffer_size, f) == NULL ||
184 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
185 return FALSE;
186 }
187 else node->right = NULL;
188
189 (void) count_below(*connect);
190 return TRUE;
191 }
192
193
194
195
196 /*************************************************
197 * Read spool header file *
198 *************************************************/
199
200 /* This function reads a spool header file and places the data into the
201 appropriate global variables. The header portion is always read, but header
202 structures are built only if read_headers is set true. It isn't, for example,
203 while generating -bp output.
204
205 It may be possible for blocks of nulls (binary zeroes) to get written on the
206 end of a file if there is a system crash during writing. It was observed on an
207 earlier version of Exim that omitted to fsync() the files - this is thought to
208 have been the cause of that incident, but in any case, this code must be robust
209 against such an event, and if such a file is encountered, it must be treated as
210 malformed.
211
212 Arguments:
213 name name of the header file, including the -H
214 read_headers TRUE if in-store header structures are to be built
215 subdir_set TRUE is message_subdir is already set
216
217 Returns: spool_read_OK success
218 spool_read_notopen open failed
219 spool_read_enverror error in the envelope portion
220 spool_read_hdrdrror error in the header portion
221 */
222
223 int
224 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
225 {
226 FILE *f = NULL;
227 int n;
228 int rcount = 0;
229 long int uid, gid;
230 BOOL inheader = FALSE;
231 uschar *p;
232
233 /* Reset all the global variables to their default values. However, there is
234 one exception. DO NOT change the default value of dont_deliver, because it may
235 be forced by an external setting. */
236
237 acl_var_c = acl_var_m = NULL;
238 authenticated_id = NULL;
239 authenticated_sender = NULL;
240 allow_unqualified_recipient = FALSE;
241 allow_unqualified_sender = FALSE;
242 body_linecount = 0;
243 body_zerocount = 0;
244 deliver_firsttime = FALSE;
245 deliver_freeze = FALSE;
246 deliver_frozen_at = 0;
247 deliver_manual_thaw = FALSE;
248 /* dont_deliver must NOT be reset */
249 header_list = header_last = NULL;
250 host_lookup_deferred = FALSE;
251 host_lookup_failed = FALSE;
252 interface_address = NULL;
253 interface_port = 0;
254 local_error_message = FALSE;
255 local_scan_data = NULL;
256 max_received_linelength = 0;
257 message_linecount = 0;
258 received_protocol = NULL;
259 received_count = 0;
260 recipients_list = NULL;
261 sender_address = NULL;
262 sender_fullhost = NULL;
263 sender_helo_name = NULL;
264 sender_host_address = NULL;
265 sender_host_name = NULL;
266 sender_host_port = 0;
267 sender_host_authenticated = NULL;
268 sender_ident = NULL;
269 sender_local = FALSE;
270 sender_set_untrusted = FALSE;
271 smtp_active_hostname = primary_hostname;
272 tree_nonrecipients = NULL;
273
274 #ifdef EXPERIMENTAL_BRIGHTMAIL
275 bmi_run = 0;
276 bmi_verdicts = NULL;
277 #endif
278
279 #ifndef DISABLE_DKIM
280 dkim_signers = NULL;
281 dkim_disable_verify = FALSE;
282 dkim_collect_input = FALSE;
283 #endif
284
285 #ifdef SUPPORT_TLS
286 tls_in.certificate_verified = FALSE;
287 # ifdef EXPERIMENTAL_DANE
288 tls_in.dane_verified = FALSE;
289 # endif
290 tls_in.cipher = NULL;
291 tls_in.ourcert = NULL;
292 tls_in.peercert = NULL;
293 tls_in.peerdn = NULL;
294 tls_in.sni = NULL;
295 tls_in.ocsp = OCSP_NOT_REQ;
296 #endif
297
298 #ifdef WITH_CONTENT_SCAN
299 spam_score_int = NULL;
300 #endif
301
302 #ifdef EXPERIMENTAL_DSN
303 dsn_ret = 0;
304 dsn_envid = NULL;
305 #endif
306
307 /* Generate the full name and open the file. If message_subdir is already
308 set, just look in the given directory. Otherwise, look in both the split
309 and unsplit directories, as for the data file above. */
310
311 for (n = 0; n < 2; n++)
312 {
313 if (!subdir_set)
314 message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0;
315 sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
316 name);
317 f = Ufopen(big_buffer, "rb");
318 if (f != NULL) break;
319 if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen;
320 }
321
322 errno = 0;
323
324 #ifndef COMPILE_UTILITY
325 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
326 #endif /* COMPILE_UTILITY */
327
328 /* The first line of a spool file contains the message id followed by -H (i.e.
329 the file name), in order to make the file self-identifying. */
330
331 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
332 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
333 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
334 goto SPOOL_FORMAT_ERROR;
335
336 /* The next three lines in the header file are in a fixed format. The first
337 contains the login, uid, and gid of the user who caused the file to be written.
338 There are known cases where a negative gid is used, so we allow for both
339 negative uids and gids. The second contains the mail address of the message's
340 sender, enclosed in <>. The third contains the time the message was received,
341 and the number of warning messages for delivery delays that have been sent. */
342
343 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
344
345 p = big_buffer + Ustrlen(big_buffer);
346 while (p > big_buffer && isspace(p[-1])) p--;
347 *p = 0;
348 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
349 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
350 gid = Uatoi(p);
351 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
352 *p = 0;
353 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
354 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
355 uid = Uatoi(p);
356 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
357 *p = 0;
358
359 originator_login = string_copy(big_buffer);
360 originator_uid = (uid_t)uid;
361 originator_gid = (gid_t)gid;
362
363 /* envelope from */
364 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
365 n = Ustrlen(big_buffer);
366 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
367 goto SPOOL_FORMAT_ERROR;
368
369 sender_address = store_get(n-2);
370 Ustrncpy(sender_address, big_buffer+1, n-3);
371 sender_address[n-3] = 0;
372
373 /* time */
374 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
375 if (sscanf(CS big_buffer, "%d %d", &received_time, &warning_count) != 2)
376 goto SPOOL_FORMAT_ERROR;
377
378 message_age = time(NULL) - received_time;
379
380 #ifndef COMPILE_UTILITY
381 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
382 originator_login, (long int)originator_uid, (long int)originator_gid,
383 sender_address);
384 #endif /* COMPILE_UTILITY */
385
386 /* Now there may be a number of optional lines, each starting with "-". If you
387 add a new setting here, make sure you set the default above.
388
389 Because there are now quite a number of different possibilities, we use a
390 switch on the first character to avoid too many failing tests. Thanks to Nico
391 Erfurth for the patch that implemented this. I have made it even more efficient
392 by not re-scanning the first two characters.
393
394 To allow new versions of Exim that add additional flags to interwork with older
395 versions that do not understand them, just ignore any lines starting with "-"
396 that we don't recognize. Otherwise it wouldn't be possible to back off a new
397 version that left new-style flags written on the spool. */
398
399 p = big_buffer + 2;
400 for (;;)
401 {
402 int len;
403 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
404 if (big_buffer[0] != '-') break;
405 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
406 && big_buffer[len-1] != '\n'
407 )
408 { /* buffer not big enough for line; certs make this possible */
409 uschar * buf;
410 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
411 buf = store_get_perm(big_buffer_size *= 2);
412 memcpy(buf, big_buffer, --len);
413 big_buffer = buf;
414 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
415 goto SPOOL_READ_ERROR;
416 }
417 big_buffer[len-1] = 0;
418
419 switch(big_buffer[1])
420 {
421 case 'a':
422
423 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
424 variable, because Exim allows any number of them, with arbitrary names.
425 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
426 the c or m. */
427
428 if (Ustrncmp(p, "clc ", 4) == 0 ||
429 Ustrncmp(p, "clm ", 4) == 0)
430 {
431 uschar *name, *endptr;
432 int count;
433 tree_node *node;
434 endptr = Ustrchr(big_buffer + 6, ' ');
435 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
436 name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
437 big_buffer + 6);
438 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
439 node = acl_var_create(name);
440 node->data.ptr = store_get(count + 1);
441 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
442 ((uschar*)node->data.ptr)[count] = 0;
443 }
444
445 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
446 allow_unqualified_recipient = TRUE;
447 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
448 allow_unqualified_sender = TRUE;
449
450 else if (Ustrncmp(p, "uth_id", 6) == 0)
451 authenticated_id = string_copy(big_buffer + 9);
452 else if (Ustrncmp(p, "uth_sender", 10) == 0)
453 authenticated_sender = string_copy(big_buffer + 13);
454 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
455 smtp_active_hostname = string_copy(big_buffer + 17);
456
457 /* For long-term backward compatibility, we recognize "-acl", which was
458 used before the number of ACL variables changed from 10 to 20. This was
459 before the subsequent change to an arbitrary number of named variables.
460 This code is retained so that upgrades from very old versions can still
461 handle old-format spool files. The value given after "-acl" is a number
462 that is 0-9 for connection variables, and 10-19 for message variables. */
463
464 else if (Ustrncmp(p, "cl ", 3) == 0)
465 {
466 int index, count;
467 uschar name[20]; /* Need plenty of space for %d format */
468 tree_node *node;
469 if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
470 goto SPOOL_FORMAT_ERROR;
471 if (index < 10)
472 (void) string_format(name, sizeof(name), "%c%d", 'c', index);
473 else if (index < 20) /* ignore out-of-range index */
474 (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
475 node = acl_var_create(name);
476 node->data.ptr = store_get(count + 1);
477 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
478 ((uschar*)node->data.ptr)[count] = 0;
479 }
480 break;
481
482 case 'b':
483 if (Ustrncmp(p, "ody_linecount", 13) == 0)
484 body_linecount = Uatoi(big_buffer + 15);
485 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
486 body_zerocount = Uatoi(big_buffer + 15);
487 #ifdef EXPERIMENTAL_BRIGHTMAIL
488 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
489 bmi_verdicts = string_copy(big_buffer + 14);
490 #endif
491 break;
492
493 case 'd':
494 if (Ustrcmp(p, "eliver_firsttime") == 0)
495 deliver_firsttime = TRUE;
496 #ifdef EXPERIMENTAL_DSN
497 /* Check if the dsn flags have been set in the header file */
498 else if (Ustrncmp(p, "sn_ret", 6) == 0)
499 {
500 dsn_ret= atoi(big_buffer + 8);
501 }
502 else if (Ustrncmp(p, "sn_envid", 8) == 0)
503 {
504 dsn_envid = string_copy(big_buffer + 11);
505 }
506 #endif
507 break;
508
509 case 'f':
510 if (Ustrncmp(p, "rozen", 5) == 0)
511 {
512 deliver_freeze = TRUE;
513 sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
514 }
515 break;
516
517 case 'h':
518 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
519 host_lookup_deferred = TRUE;
520 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
521 host_lookup_failed = TRUE;
522 else if (Ustrncmp(p, "ost_auth", 8) == 0)
523 sender_host_authenticated = string_copy(big_buffer + 11);
524 else if (Ustrncmp(p, "ost_name", 8) == 0)
525 sender_host_name = string_copy(big_buffer + 11);
526 else if (Ustrncmp(p, "elo_name", 8) == 0)
527 sender_helo_name = string_copy(big_buffer + 11);
528
529 /* We now record the port number after the address, separated by a
530 dot. For compatibility during upgrading, do nothing if there
531 isn't a value (it gets left at zero). */
532
533 else if (Ustrncmp(p, "ost_address", 11) == 0)
534 {
535 sender_host_port = host_address_extract_port(big_buffer + 14);
536 sender_host_address = string_copy(big_buffer + 14);
537 }
538 break;
539
540 case 'i':
541 if (Ustrncmp(p, "nterface_address", 16) == 0)
542 {
543 interface_port = host_address_extract_port(big_buffer + 19);
544 interface_address = string_copy(big_buffer + 19);
545 }
546 else if (Ustrncmp(p, "dent", 4) == 0)
547 sender_ident = string_copy(big_buffer + 7);
548 break;
549
550 case 'l':
551 if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
552 else if (Ustrcmp(big_buffer, "-localerror") == 0)
553 local_error_message = TRUE;
554 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
555 local_scan_data = string_copy(big_buffer + 12);
556 break;
557
558 case 'm':
559 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
560 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
561 max_received_linelength = Uatoi(big_buffer + 24);
562 break;
563
564 case 'N':
565 if (*p == 0) dont_deliver = TRUE; /* -N */
566 break;
567
568 case 'r':
569 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
570 received_protocol = string_copy(big_buffer + 19);
571 break;
572
573 case 's':
574 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
575 sender_set_untrusted = TRUE;
576 #ifdef WITH_CONTENT_SCAN
577 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
578 spam_score_int = string_copy(big_buffer + 16);
579 #endif
580 break;
581
582 #ifdef SUPPORT_TLS
583 case 't':
584 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
585 tls_in.certificate_verified = TRUE;
586 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
587 tls_in.cipher = string_copy(big_buffer + 12);
588 # ifndef COMPILE_UTILITY /* tls support fns not built in */
589 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
590 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
591 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
592 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
593 # endif
594 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
595 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
596 else if (Ustrncmp(p, "ls_sni", 6) == 0)
597 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
598 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
599 tls_in.ocsp = big_buffer[10] - '0';
600 break;
601 #endif
602
603 default: /* Present because some compilers complain if all */
604 break; /* possibilities are not covered. */
605 }
606 }
607
608 /* Build sender_fullhost if required */
609
610 #ifndef COMPILE_UTILITY
611 host_build_sender_fullhost();
612 #endif /* COMPILE_UTILITY */
613
614 #ifndef COMPILE_UTILITY
615 DEBUG(D_deliver)
616 debug_printf("sender_local=%d ident=%s\n", sender_local,
617 (sender_ident == NULL)? US"unset" : sender_ident);
618 #endif /* COMPILE_UTILITY */
619
620 /* We now have the tree of addresses NOT to deliver to, or a line
621 containing "XX", indicating no tree. */
622
623 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
624 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
625 goto SPOOL_FORMAT_ERROR;
626
627 #ifndef COMPILE_UTILITY
628 DEBUG(D_deliver)
629 {
630 debug_printf("Non-recipients:\n");
631 debug_print_tree(tree_nonrecipients);
632 }
633 #endif /* COMPILE_UTILITY */
634
635 /* After reading the tree, the next line has not yet been read into the
636 buffer. It contains the count of recipients which follow on separate lines. */
637
638 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
639 if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR;
640
641 #ifndef COMPILE_UTILITY
642 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
643 #endif /* COMPILE_UTILITY */
644
645 recipients_list_max = rcount;
646 recipients_list = store_get(rcount * sizeof(recipient_item));
647
648 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
649 {
650 int nn;
651 int pno = -1;
652 #ifdef EXPERIMENTAL_DSN
653 int dsn_flags = 0;
654 uschar *orcpt = NULL;
655 #endif
656 uschar *errors_to = NULL;
657 uschar *p;
658
659 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
660 nn = Ustrlen(big_buffer);
661 if (nn < 2) goto SPOOL_FORMAT_ERROR;
662
663 /* Remove the newline; this terminates the address if there is no additional
664 data on the line. */
665
666 p = big_buffer + nn - 1;
667 *p-- = 0;
668
669 /* Look back from the end of the line for digits and special terminators.
670 Since an address must end with a domain, we can tell that extra data is
671 present by the presence of the terminator, which is always some character
672 that cannot exist in a domain. (If I'd thought of the need for additional
673 data early on, I'd have put it at the start, with the address at the end. As
674 it is, we have to operate backwards. Addresses are permitted to contain
675 spaces, you see.)
676
677 This code has to cope with various versions of this data that have evolved
678 over time. In all cases, the line might just contain an address, with no
679 additional data. Otherwise, the possibilities are as follows:
680
681 Exim 3 type: <address><space><digits>,<digits>,<digits>
682
683 The second set of digits is the parent number for one_time addresses. The
684 other values were remnants of earlier experiments that were abandoned.
685
686 Exim 4 first type: <address><space><digits>
687
688 The digits are the parent number for one_time addresses.
689
690 Exim 4 new type: <address><space><data>#<type bits>
691
692 The type bits indicate what the contents of the data are.
693
694 Bit 01 indicates that, reading from right to left, the data
695 ends with <errors_to address><space><len>,<pno> where pno is
696 the parent number for one_time addresses, and len is the length
697 of the errors_to address (zero meaning none).
698
699 Bit 02 indicates that, again reading from right to left, the data continues
700 with orcpt len(orcpt),dsn_flags
701 */
702
703 while (isdigit(*p)) p--;
704
705 /* Handle Exim 3 spool files */
706
707 if (*p == ',')
708 {
709 int dummy;
710 while (isdigit(*(--p)) || *p == ',');
711 if (*p == ' ')
712 {
713 *p++ = 0;
714 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
715 }
716 }
717
718 /* Handle early Exim 4 spool files */
719
720 else if (*p == ' ')
721 {
722 *p++ = 0;
723 (void)sscanf(CS p, "%d", &pno);
724 }
725
726 /* Handle current format Exim 4 spool files */
727
728 else if (*p == '#')
729 {
730 int flags;
731
732 #if defined(EXPERIMENTAL_DSN) && !defined (COMPILE_UTILITY)
733 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
734 #endif
735
736 (void)sscanf(CS p+1, "%d", &flags);
737
738 if ((flags & 0x01) != 0) /* one_time data exists */
739 {
740 int len;
741 while (isdigit(*(--p)) || *p == ',' || *p == '-');
742 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
743 *p = 0;
744 if (len > 0)
745 {
746 p -= len;
747 errors_to = string_copy(p);
748 }
749 }
750
751 *(--p) = 0; /* Terminate address */
752 #ifdef EXPERIMENTAL_DSN
753 if ((flags & 0x02) != 0) /* one_time data exists */
754 {
755 int len;
756 while (isdigit(*(--p)) || *p == ',' || *p == '-');
757 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
758 *p = 0;
759 if (len > 0)
760 {
761 p -= len;
762 orcpt = string_copy(p);
763 }
764 }
765
766 *(--p) = 0; /* Terminate address */
767 #endif /* EXPERIMENTAL_DSN */
768 }
769 #if defined(EXPERIMENTAL_DSN) && !defined(COMPILE_UTILITY)
770 else
771 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
772
773 if ((orcpt != NULL) || (dsn_flags != 0))
774 {
775 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
776 big_buffer, orcpt, dsn_flags);
777 }
778 if (errors_to != NULL)
779 {
780 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
781 big_buffer, errors_to);
782 }
783 #endif /* EXPERIMENTAL_DSN */
784
785 recipients_list[recipients_count].address = string_copy(big_buffer);
786 recipients_list[recipients_count].pno = pno;
787 recipients_list[recipients_count].errors_to = errors_to;
788 #ifdef EXPERIMENTAL_DSN
789 recipients_list[recipients_count].orcpt = orcpt;
790 recipients_list[recipients_count].dsn_flags = dsn_flags;
791 #endif
792 }
793
794 /* The remainder of the spool header file contains the headers for the message,
795 separated off from the previous data by a blank line. Each header is preceded
796 by a count of its length and either a certain letter (for various identified
797 headers), space (for a miscellaneous live header) or an asterisk (for a header
798 that has been rewritten). Count the Received: headers. We read the headers
799 always, in order to check on the format of the file, but only create a header
800 list if requested to do so. */
801
802 inheader = TRUE;
803 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
804 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
805
806 while ((n = fgetc(f)) != EOF)
807 {
808 header_line *h;
809 uschar flag[4];
810 int i;
811
812 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
813 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
814 goto SPOOL_READ_ERROR;
815 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
816
817 if (read_headers)
818 {
819 h = store_get(sizeof(header_line));
820 h->next = NULL;
821 h->type = flag[0];
822 h->slen = n;
823 h->text = store_get(n+1);
824
825 if (h->type == htype_received) received_count++;
826
827 if (header_list == NULL) header_list = h;
828 else header_last->next = h;
829 header_last = h;
830
831 for (i = 0; i < n; i++)
832 {
833 int c = fgetc(f);
834 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
835 if (c == '\n' && h->type != htype_old) message_linecount++;
836 h->text[i] = c;
837 }
838 h->text[i] = 0;
839 }
840
841 /* Not requiring header data, just skip through the bytes */
842
843 else for (i = 0; i < n; i++)
844 {
845 int c = fgetc(f);
846 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
847 }
848 }
849
850 /* We have successfully read the data in the header file. Update the message
851 line count by adding the body linecount to the header linecount. Close the file
852 and give a positive response. */
853
854 #ifndef COMPILE_UTILITY
855 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
856 body_linecount, message_linecount);
857 #endif /* COMPILE_UTILITY */
858
859 message_linecount += body_linecount;
860
861 fclose(f);
862 return spool_read_OK;
863
864
865 /* There was an error reading the spool or there was missing data,
866 or there was a format error. A "read error" with no errno means an
867 unexpected EOF, which we treat as a format error. */
868
869 SPOOL_READ_ERROR:
870 if (errno != 0)
871 {
872 n = errno;
873
874 #ifndef COMPILE_UTILITY
875 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
876 #endif /* COMPILE_UTILITY */
877
878 fclose(f);
879 errno = n;
880 return inheader? spool_read_hdrerror : spool_read_enverror;
881 }
882
883 SPOOL_FORMAT_ERROR:
884
885 #ifndef COMPILE_UTILITY
886 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
887 #endif /* COMPILE_UTILITY */
888
889 fclose(f);
890 errno = ERRNO_SPOOLFORMAT;
891 return inheader? spool_read_hdrerror : spool_read_enverror;
892 }
893
894 /* vi: aw ai sw=2
895 */
896 /* End of spool_in.c */
Unnamed repository; edit this file 'description' to name the repository.