projects / exim.git / blob
? search:


d4f8930fd74eccc4953c0238a5e1145e7b1432aa
[exim.git] / src / src / transport.c
1 /* $Cambridge: exim/src/src/transport.c,v 1.7 2005/03/22 16:44:04 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2005 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10 /* General functions concerned with transportation, and generic options for all
11 transports. */
12
13
14 #include "exim.h"
15
16
17 /* Structure for keeping list of addresses that have been added to
18 Envelope-To:, in order to avoid duplication. */
19
20 struct aci {
21 struct aci *next;
22 address_item *ptr;
23 };
24
25
26 /* Static data for write_chunk() */
27
28 static uschar *chunk_ptr; /* chunk pointer */
29 static uschar *nl_check; /* string to look for at line start */
30 static int nl_check_length; /* length of same */
31 static uschar *nl_escape; /* string to insert */
32 static int nl_escape_length; /* length of same */
33 static int nl_partial_match; /* length matched at chunk end */
34
35
36 /* Generic options for transports, all of which live inside transport_instance
37 data blocks and which therefore have the opt_public flag set. Note that there
38 are other options living inside this structure which can be set only from
39 certain transports. */
40
41 optionlist optionlist_transports[] = {
42 { "*expand_group", opt_stringptr|opt_hidden|opt_public,
43 (void *)offsetof(transport_instance, expand_gid) },
44 { "*expand_user", opt_stringptr|opt_hidden|opt_public,
45 (void *)offsetof(transport_instance, expand_uid) },
46 { "*headers_rewrite_flags", opt_int|opt_public|opt_hidden,
47 (void *)offsetof(transport_instance, rewrite_existflags) },
48 { "*headers_rewrite_rules", opt_void|opt_public|opt_hidden,
49 (void *)offsetof(transport_instance, rewrite_rules) },
50 { "*set_group", opt_bool|opt_hidden|opt_public,
51 (void *)offsetof(transport_instance, gid_set) },
52 { "*set_user", opt_bool|opt_hidden|opt_public,
53 (void *)offsetof(transport_instance, uid_set) },
54 { "body_only", opt_bool|opt_public,
55 (void *)offsetof(transport_instance, body_only) },
56 { "current_directory", opt_stringptr|opt_public,
57 (void *)offsetof(transport_instance, current_dir) },
58 { "debug_print", opt_stringptr | opt_public,
59 (void *)offsetof(transport_instance, debug_string) },
60 { "delivery_date_add", opt_bool|opt_public,
61 (void *)(offsetof(transport_instance, delivery_date_add)) },
62 { "disable_logging", opt_bool|opt_public,
63 (void *)(offsetof(transport_instance, disable_logging)) },
64 { "driver", opt_stringptr|opt_public,
65 (void *)offsetof(transport_instance, driver_name) },
66 { "envelope_to_add", opt_bool|opt_public,
67 (void *)(offsetof(transport_instance, envelope_to_add)) },
68 { "group", opt_expand_gid|opt_public,
69 (void *)offsetof(transport_instance, gid) },
70 { "headers_add", opt_stringptr|opt_public,
71 (void *)offsetof(transport_instance, add_headers) },
72 { "headers_only", opt_bool|opt_public,
73 (void *)offsetof(transport_instance, headers_only) },
74 { "headers_remove", opt_stringptr|opt_public,
75 (void *)offsetof(transport_instance, remove_headers) },
76 { "headers_rewrite", opt_rewrite|opt_public,
77 (void *)offsetof(transport_instance, headers_rewrite) },
78 { "home_directory", opt_stringptr|opt_public,
79 (void *)offsetof(transport_instance, home_dir) },
80 { "initgroups", opt_bool|opt_public,
81 (void *)offsetof(transport_instance, initgroups) },
82 { "message_size_limit", opt_stringptr|opt_public,
83 (void *)offsetof(transport_instance, message_size_limit) },
84 { "rcpt_include_affixes", opt_bool|opt_public,
85 (void *)offsetof(transport_instance, rcpt_include_affixes) },
86 { "retry_use_local_part", opt_bool|opt_public,
87 (void *)offsetof(transport_instance, retry_use_local_part) },
88 { "return_path", opt_stringptr|opt_public,
89 (void *)(offsetof(transport_instance, return_path)) },
90 { "return_path_add", opt_bool|opt_public,
91 (void *)(offsetof(transport_instance, return_path_add)) },
92 { "shadow_condition", opt_stringptr|opt_public,
93 (void *)offsetof(transport_instance, shadow_condition) },
94 { "shadow_transport", opt_stringptr|opt_public,
95 (void *)offsetof(transport_instance, shadow) },
96 { "transport_filter", opt_stringptr|opt_public,
97 (void *)offsetof(transport_instance, filter_command) },
98 { "transport_filter_timeout", opt_time|opt_public,
99 (void *)offsetof(transport_instance, filter_timeout) },
100 { "user", opt_expand_uid|opt_public,
101 (void *)offsetof(transport_instance, uid) }
102 };
103
104 int optionlist_transports_size =
105 sizeof(optionlist_transports)/sizeof(optionlist);
106
107
108 /*************************************************
109 * Initialize transport list *
110 *************************************************/
111
112 /* Read the transports section of the configuration file, and set up a chain of
113 transport instances according to its contents. Each transport has generic
114 options and may also have its own private options. This function is only ever
115 called when transports == NULL. We use generic code in readconf to do most of
116 the work. */
117
118 void
119 transport_init(void)
120 {
121 transport_instance *t;
122
123 readconf_driver_init(US"transport",
124 (driver_instance **)(&transports), /* chain anchor */
125 (driver_info *)transports_available, /* available drivers */
126 sizeof(transport_info), /* size of info block */
127 &transport_defaults, /* default values for generic options */
128 sizeof(transport_instance), /* size of instance block */
129 optionlist_transports, /* generic options */
130 optionlist_transports_size);
131
132 /* Now scan the configured transports and check inconsistencies. A shadow
133 transport is permitted only for local transports. */
134
135 for (t = transports; t != NULL; t = t->next)
136 {
137 if (!t->info->local)
138 {
139 if (t->shadow != NULL)
140 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
141 "shadow transport not allowed on non-local transport %s", t->name);
142 }
143
144 if (t->body_only && t->headers_only)
145 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
146 "%s transport: body_only and headers_only are mutually exclusive",
147 t->name);
148 }
149 }
150
151
152
153 /*************************************************
154 * Write block of data *
155 *************************************************/
156
157 /* Subroutine called by write_chunk() and at the end of the message actually
158 to write a data block. Also called directly by some transports to write
159 additional data to the file descriptor (e.g. prefix, suffix).
160
161 If a transport wants data transfers to be timed, it sets a non-zero value in
162 transport_write_timeout. A non-zero transport_write_timeout causes a timer to
163 be set for each block of data written from here. If time runs out, then write()
164 fails and provokes an error return. The caller can then inspect sigalrm_seen to
165 check for a timeout.
166
167 On some systems, if a quota is exceeded during the write, the yield is the
168 number of bytes written rather than an immediate error code. This also happens
169 on some systems in other cases, for example a pipe that goes away because the
170 other end's process terminates (Linux). On other systems, (e.g. Solaris 2) you
171 get the error codes the first time.
172
173 The write() function is also interruptible; the Solaris 2.6 man page says:
174
175 If write() is interrupted by a signal before it writes any
176 data, it will return -1 with errno set to EINTR.
177
178 If write() is interrupted by a signal after it successfully
179 writes some data, it will return the number of bytes written.
180
181 To handle these cases, we want to restart the write() to output the remainder
182 of the data after a non-negative return from write(), except after a timeout.
183 In the error cases (EDQUOT, EPIPE) no bytes get written the second time, and a
184 proper error then occurs. In principle, after an interruption, the second
185 write() could suffer the same fate, but we do not want to continue for
186 evermore, so stick a maximum repetition count on the loop to act as a
187 longstop.
188
189 Arguments:
190 fd file descriptor to write to
191 block block of bytes to write
192 len number of bytes to write
193
194 Returns: TRUE on success, FALSE on failure (with errno preserved);
195 transport_count is incremented by the number of bytes written
196 */
197
198 BOOL
199 transport_write_block(int fd, uschar *block, int len)
200 {
201 int i, rc, save_errno;
202
203 for (i = 0; i < 100; i++)
204 {
205 DEBUG(D_transport)
206 debug_printf("writing data block fd=%d size=%d timeout=%d\n",
207 fd, len, transport_write_timeout);
208 if (transport_write_timeout > 0) alarm(transport_write_timeout);
209
210 #ifdef SUPPORT_TLS
211 if (tls_active == fd) rc = tls_write(block, len); else
212 #endif
213
214 rc = write(fd, block, len);
215 save_errno = errno;
216
217 /* Cancel the alarm and deal with a timeout */
218
219 if (transport_write_timeout > 0)
220 {
221 alarm(0);
222 if (sigalrm_seen)
223 {
224 errno = ETIMEDOUT;
225 return FALSE;
226 }
227 }
228
229 /* Hopefully, the most common case is success, so test that first. */
230
231 if (rc == len) { transport_count += len; return TRUE; }
232
233 /* A non-negative return code is an incomplete write. Try again. */
234
235 if (rc >= 0)
236 {
237 len -= rc;
238 block += rc;
239 transport_count += rc;
240 DEBUG(D_transport) debug_printf("write incomplete (%d)\n", rc);
241 continue;
242 }
243
244 /* A negative return code with an EINTR error is another form of
245 incomplete write, zero bytes having been written */
246
247 if (save_errno == EINTR)
248 {
249 DEBUG(D_transport)
250 debug_printf("write interrupted before anything written\n");
251 continue;
252 }
253
254 /* A response of EAGAIN from write() is likely only in the case of writing
255 to a FIFO that is not swallowing the data as fast as Exim is writing it. */
256
257 if (save_errno == EAGAIN)
258 {
259 DEBUG(D_transport)
260 debug_printf("write temporarily locked out, waiting 1 sec\n");
261 sleep(1);
262 continue;
263 }
264
265 /* Otherwise there's been an error */
266
267 DEBUG(D_transport) debug_printf("writing error %d: %s\n", save_errno,
268 strerror(save_errno));
269 errno = save_errno;
270 return FALSE;
271 }
272
273 /* We've tried and tried and tried but still failed */
274
275 errno = ERRNO_WRITEINCOMPLETE;
276 return FALSE;
277 }
278
279
280
281
282 /*************************************************
283 * Write formatted string *
284 *************************************************/
285
286 /* This is called by various transports. It is a convenience function.
287
288 Arguments:
289 fd file descriptor
290 format string format
291 ... arguments for format
292
293 Returns: the yield of transport_write_block()
294 */
295
296 BOOL
297 transport_write_string(int fd, char *format, ...)
298 {
299 va_list ap;
300 va_start(ap, format);
301 if (!string_vformat(big_buffer, big_buffer_size, format, ap))
302 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong formatted string in transport");
303 va_end(ap);
304 return transport_write_block(fd, big_buffer, Ustrlen(big_buffer));
305 }
306
307
308
309
310 /*************************************************
311 * Write character chunk *
312 *************************************************/
313
314 /* Subroutine used by transport_write_message() to scan character chunks for
315 newlines and act appropriately. The object is to minimise the number of writes.
316 The output byte stream is buffered up in deliver_out_buffer, which is written
317 only when it gets full, thus minimizing write operations and TCP packets.
318
319 Static data is used to handle the case when the last character of the previous
320 chunk was NL, or matched part of the data that has to be escaped.
321
322 Arguments:
323 fd file descript to write to
324 chunk pointer to data to write
325 len length of data to write
326 usr_crlf TRUE if CR LF is wanted at the end of each line
327
328 In addition, the static nl_xxx variables must be set as required.
329
330 Returns: TRUE on success, FALSE on failure (with errno preserved)
331 */
332
333 static BOOL
334 write_chunk(int fd, uschar *chunk, int len, BOOL use_crlf)
335 {
336 uschar *start = chunk;
337 uschar *end = chunk + len;
338 register uschar *ptr;
339 int mlen = DELIVER_OUT_BUFFER_SIZE - nl_escape_length - 2;
340
341 /* The assumption is made that the check string will never stretch over move
342 than one chunk since the only time there are partial matches is when copying
343 the body in large buffers. There is always enough room in the buffer for an
344 escape string, since the loop below ensures this for each character it
345 processes, and it won't have stuck in the escape string if it left a partial
346 match. */
347
348 if (nl_partial_match >= 0)
349 {
350 if (nl_check_length > 0 && len >= nl_check_length &&
351 Ustrncmp(start, nl_check + nl_partial_match,
352 nl_check_length - nl_partial_match) == 0)
353 {
354 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
355 chunk_ptr += nl_escape_length;
356 start += nl_check_length - nl_partial_match;
357 }
358
359 /* The partial match was a false one. Insert the characters carried over
360 from the previous chunk. */
361
362 else if (nl_partial_match > 0)
363 {
364 Ustrncpy(chunk_ptr, nl_check, nl_partial_match);
365 chunk_ptr += nl_partial_match;
366 }
367
368 nl_partial_match = -1;
369 }
370
371 /* Now process the characters in the chunk. Whenever we hit a newline we check
372 for possible escaping. The code for the non-NL route should be as fast as
373 possible. */
374
375 for (ptr = start; ptr < end; ptr++)
376 {
377 register int ch;
378
379 /* Flush the buffer if it has reached the threshold - we want to leave enough
380 room for the next uschar, plus a possible extra CR for an LF, plus the escape
381 string. */
382
383 if (chunk_ptr - deliver_out_buffer > mlen)
384 {
385 if (!transport_write_block(fd, deliver_out_buffer,
386 chunk_ptr - deliver_out_buffer))
387 return FALSE;
388 chunk_ptr = deliver_out_buffer;
389 }
390
391 if ((ch = *ptr) == '\n')
392 {
393 int left = end - ptr - 1; /* count of chars left after NL */
394
395 /* Insert CR before NL if required */
396
397 if (use_crlf) *chunk_ptr++ = '\r';
398 *chunk_ptr++ = '\n';
399
400 /* The check_string test (formerly "from hack") replaces the specific
401 string at the start of a line with an escape string (e.g. "From " becomes
402 ">From " or "." becomes "..". It is a case-sensitive test. The length
403 check above ensures there is always enough room to insert this string. */
404
405 if (nl_check_length > 0)
406 {
407 if (left >= nl_check_length &&
408 Ustrncmp(ptr+1, nl_check, nl_check_length) == 0)
409 {
410 Ustrncpy(chunk_ptr, nl_escape, nl_escape_length);
411 chunk_ptr += nl_escape_length;
412 ptr += nl_check_length;
413 }
414
415 /* Handle the case when there isn't enough left to match the whole
416 check string, but there may be a partial match. We remember how many
417 characters matched, and finish processing this chunk. */
418
419 else if (left <= 0) nl_partial_match = 0;
420
421 else if (Ustrncmp(ptr+1, nl_check, left) == 0)
422 {
423 nl_partial_match = left;
424 ptr = end;
425 }
426 }
427 }
428
429 /* Not a NL character */
430
431 else *chunk_ptr++ = ch;
432 }
433
434 return TRUE;
435 }
436
437
438
439
440 /*************************************************
441 * Generate address for RCPT TO *
442 *************************************************/
443
444 /* This function puts together an address for RCPT to, using the caseful
445 version of the local part and the caseful version of the domain. If there is no
446 prefix or suffix, or if affixes are to be retained, we can just use the
447 original address. Otherwise, if there is a prefix but no suffix we can use a
448 pointer into the original address. If there is a suffix, however, we have to
449 build a new string.
450
451 Arguments:
452 addr the address item
453 include_affixes TRUE if affixes are to be included
454
455 Returns: a string
456 */
457
458 uschar *
459 transport_rcpt_address(address_item *addr, BOOL include_affixes)
460 {
461 uschar *at;
462 int plen, slen;
463
464 if (include_affixes)
465 {
466 setflag(addr, af_include_affixes); /* Affects logged => line */
467 return addr->address;
468 }
469
470 if (addr->suffix == NULL)
471 {
472 if (addr->prefix == NULL) return addr->address;
473 return addr->address + Ustrlen(addr->prefix);
474 }
475
476 at = Ustrrchr(addr->address, '@');
477 plen = (addr->prefix == NULL)? 0 : Ustrlen(addr->prefix);
478 slen = Ustrlen(addr->suffix);
479
480 return string_sprintf("%.*s@%s", (at - addr->address - plen - slen),
481 addr->address + plen, at + 1);
482 }
483
484
485 /*************************************************
486 * Output Envelope-To: address & scan duplicates *
487 *************************************************/
488
489 /* This function is called from internal_transport_write_message() below, when
490 generating an Envelope-To: header line. It checks for duplicates of the given
491 address and its ancestors. When one is found, this function calls itself
492 recursively, to output the envelope address of the duplicate.
493
494 We want to avoid duplication in the list, which can arise for example when
495 A->B,C and then both B and C alias to D. This can also happen when there are
496 unseen drivers in use. So a list of addresses that have been output is kept in
497 the plist variable.
498
499 It is also possible to have loops in the address ancestry/duplication graph,
500 for example if there are two top level addresses A and B and we have A->B,C and
501 B->A. To break the loop, we use a list of processed addresses in the dlist
502 variable.
503
504 After handling duplication, this function outputs the progenitor of the given
505 address.
506
507 Arguments:
508 p the address we are interested in
509 pplist address of anchor of the list of addresses not to output
510 pdlist address of anchor of the list of processed addresses
511 first TRUE if this is the first address; set it FALSE afterwards
512 fd the file descriptor to write to
513 use_crlf to be passed on to write_chunk()
514
515 Returns: FALSE if writing failed
516 */
517
518 static BOOL
519 write_env_to(address_item *p, struct aci **pplist, struct aci **pdlist,
520 BOOL *first, int fd, BOOL use_crlf)
521 {
522 address_item *pp;
523 struct aci *ppp;
524
525 /* Do nothing if we have already handled this address. If not, remember it
526 so that we don't handle it again. */
527
528 for (ppp = *pdlist; ppp != NULL; ppp = ppp->next)
529 { if (p == ppp->ptr) return TRUE; }
530
531 ppp = store_get(sizeof(struct aci));
532 ppp->next = *pdlist;
533 *pdlist = ppp;
534 ppp->ptr = p;
535
536 /* Now scan up the ancestry, checking for duplicates at each generation. */
537
538 for (pp = p;; pp = pp->parent)
539 {
540 address_item *dup;
541 for (dup = addr_duplicate; dup != NULL; dup = dup->next)
542 {
543 if (dup->dupof != pp) continue; /* Not a dup of our address */
544 if (!write_env_to(dup, pplist, pdlist, first, fd, use_crlf)) return FALSE;
545 }
546 if (pp->parent == NULL) break;
547 }
548
549 /* Check to see if we have already output the progenitor. */
550
551 for (ppp = *pplist; ppp != NULL; ppp = ppp->next)
552 { if (pp == ppp->ptr) break; }
553 if (ppp != NULL) return TRUE;
554
555 /* Remember what we have output, and output it. */
556
557 ppp = store_get(sizeof(struct aci));
558 ppp->next = *pplist;
559 *pplist = ppp;
560 ppp->ptr = pp;
561
562 if (!(*first) && !write_chunk(fd, US",\n ", 3, use_crlf)) return FALSE;
563 *first = FALSE;
564 return write_chunk(fd, pp->address, Ustrlen(pp->address), use_crlf);
565 }
566
567
568
569
570 /*************************************************
571 * Write the message *
572 *************************************************/
573
574 /* This function writes the message to the given file descriptor. The headers
575 are in the in-store data structure, and the rest of the message is in the open
576 file descriptor deliver_datafile. Make sure we start it at the beginning.
577
578 . If add_return_path is TRUE, a "return-path:" header is added to the message,
579 containing the envelope sender's address.
580
581 . If add_envelope_to is TRUE, a "envelope-to:" header is added to the message,
582 giving the top-level envelope address that caused this delivery to happen.
583
584 . If add_delivery_date is TRUE, a "delivery-date:" header is added to the
585 message. It gives the time and date that delivery took place.
586
587 . If check_string is not null, the start of each line is checked for that
588 string. If it is found, it is replaced by escape_string. This used to be
589 the "from hack" for files, and "smtp_dots" for escaping SMTP dots.
590
591 . If use_crlf is true, newlines are turned into CRLF (SMTP output).
592
593 The yield is TRUE if all went well, and FALSE if not. Exit *immediately* after
594 any writing or reading error, leaving the code in errno intact. Error exits
595 can include timeouts for certain transports, which are requested by setting
596 transport_write_timeout non-zero.
597
598 Arguments:
599 addr (chain of) addresses (for extra headers), or NULL;
600 only the first address is used
601 fd file descriptor to write the message to
602 options bit-wise options:
603 add_return_path if TRUE, add a "return-path" header
604 add_envelope_to if TRUE, add a "envelope-to" header
605 add_delivery_date if TRUE, add a "delivery-date" header
606 use_crlf if TRUE, turn NL into CR LF
607 end_dot if TRUE, send a terminating "." line at the end
608 no_headers if TRUE, omit the headers
609 no_body if TRUE, omit the body
610 size_limit if > 0, this is a limit to the size of message written;
611 it is used when returning messages to their senders,
612 and is approximate rather than exact, owing to chunk
613 buffering
614 add_headers a string containing one or more headers to add; it is
615 expanded, and must be in correct RFC 822 format as
616 it is transmitted verbatim; NULL => no additions,
617 and so does empty string or forced expansion fail
618 remove_headers a colon-separated list of headers to remove, or NULL
619 check_string a string to check for at the start of lines, or NULL
620 escape_string a string to insert in front of any check string
621 rewrite_rules chain of header rewriting rules
622 rewrite_existflags flags for the rewriting rules
623
624 Returns: TRUE on success; FALSE (with errno) on failure.
625 In addition, the global variable transport_count
626 is incremented by the number of bytes written.
627 */
628
629 static BOOL
630 internal_transport_write_message(address_item *addr, int fd, int options,
631 int size_limit, uschar *add_headers, uschar *remove_headers, uschar *check_string,
632 uschar *escape_string, rewrite_rule *rewrite_rules, int rewrite_existflags)
633 {
634 int written = 0;
635 int len;
636 header_line *h;
637 BOOL use_crlf = (options & topt_use_crlf) != 0;
638
639 /* Initialize pointer in output buffer. */
640
641 chunk_ptr = deliver_out_buffer;
642
643 /* Set up the data for start-of-line data checking and escaping */
644
645 nl_partial_match = -1;
646 if (check_string != NULL && escape_string != NULL)
647 {
648 nl_check = check_string;
649 nl_check_length = Ustrlen(nl_check);
650 nl_escape = escape_string;
651 nl_escape_length = Ustrlen(nl_escape);
652 }
653 else nl_check_length = nl_escape_length = 0;
654
655 /* Whether the escaping mechanism is applied to headers or not is controlled by
656 an option (set for SMTP, not otherwise). Negate the length if not wanted till
657 after the headers. */
658
659 if ((options & topt_escape_headers) == 0) nl_check_length = -nl_check_length;
660
661 /* Write the headers if required, including any that have to be added. If there
662 are header rewriting rules, apply them. */
663
664 if ((options & topt_no_headers) == 0)
665 {
666 /* Add return-path: if requested. */
667
668 if ((options & topt_add_return_path) != 0)
669 {
670 uschar buffer[ADDRESS_MAXLENGTH + 20];
671 sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH,
672 return_path);
673 if (!write_chunk(fd, buffer, Ustrlen(buffer), use_crlf)) return FALSE;
674 }
675
676 /* Add envelope-to: if requested */
677
678 if ((options & topt_add_envelope_to) != 0)
679 {
680 BOOL first = TRUE;
681 address_item *p;
682 struct aci *plist = NULL;
683 struct aci *dlist = NULL;
684 void *reset_point = store_get(0);
685
686 if (!write_chunk(fd, US"Envelope-to: ", 13, use_crlf)) return FALSE;
687
688 /* Pick up from all the addresses. The plist and dlist variables are
689 anchors for lists of addresses already handled; they have to be defined at
690 this level becuase write_env_to() calls itself recursively. */
691
692 for (p = addr; p != NULL; p = p->next)
693 {
694 if (!write_env_to(p, &plist, &dlist, &first, fd, use_crlf)) return FALSE;
695 }
696
697 /* Add a final newline and reset the store used for tracking duplicates */
698
699 if (!write_chunk(fd, US"\n", 1, use_crlf)) return FALSE;
700 store_reset(reset_point);
701 }
702
703 /* Add delivery-date: if requested. */
704
705 if ((options & topt_add_delivery_date) != 0)
706 {
707 uschar buffer[100];
708 sprintf(CS buffer, "Delivery-date: %s\n", tod_stamp(tod_full));
709 if (!write_chunk(fd, buffer, Ustrlen(buffer), use_crlf)) return FALSE;
710 }
711
712 /* Then the message's headers. Don't write any that are flagged as "old";
713 that means they were rewritten, or are a record of envelope rewriting, or
714 were removed (e.g. Bcc). If remove_headers is not null, skip any headers that
715 match any entries therein. Then check addr->p.remove_headers too, provided that
716 addr is not NULL. */
717
718 if (remove_headers != NULL)
719 {
720 uschar *s = expand_string(remove_headers);
721 if (s == NULL && !expand_string_forcedfail)
722 {
723 errno = ERRNO_CHHEADER_FAIL;
724 return FALSE;
725 }
726 remove_headers = s;
727 }
728
729 for (h = header_list; h != NULL; h = h->next)
730 {
731 int i;
732 uschar *list = NULL;
733 BOOL include_header;
734
735 if (h->type == htype_old) continue;
736
737 include_header = TRUE;
738 list = remove_headers;
739
740 for (i = 0; i < 2; i++) /* For remove_headers && addr->p.remove_headers */
741 {
742 if (list != NULL)
743 {
744 int sep = ':'; /* This is specified as a colon-separated list */
745 uschar *s, *ss;
746 uschar buffer[128];
747 while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
748 != NULL)
749 {
750 int len = Ustrlen(s);
751 if (strncmpic(h->text, s, len) != 0) continue;
752 ss = h->text + len;
753 while (*ss == ' ' || *ss == '\t') ss++;
754 if (*ss == ':') break;
755 }
756 if (s != NULL) { include_header = FALSE; break; }
757 }
758 if (addr != NULL) list = addr->p.remove_headers;
759 }
760
761 /* If this header is to be output, try to rewrite it if there are rewriting
762 rules. */
763
764 if (include_header)
765 {
766 if (rewrite_rules != NULL)
767 {
768 void *reset_point = store_get(0);
769 header_line *hh =
770 rewrite_header(h, NULL, NULL, rewrite_rules, rewrite_existflags,
771 FALSE);
772 if (hh != NULL)
773 {
774 if (!write_chunk(fd, hh->text, hh->slen, use_crlf)) return FALSE;
775 store_reset(reset_point);
776 continue; /* With the next header line */
777 }
778 }
779
780 /* Either no rewriting rules, or it didn't get rewritten */
781
782 if (!write_chunk(fd, h->text, h->slen, use_crlf)) return FALSE;
783 }
784
785 /* Header removed */
786
787 else
788 {
789 DEBUG(D_transport) debug_printf("removed header line:\n%s---\n",
790 h->text);
791 }
792 }
793
794 /* Add on any address-specific headers. If there are multiple addresses,
795 they will all have the same headers in order to be batched. The headers
796 are chained in reverse order of adding (so several addresses from the
797 same alias might share some of them) but we want to output them in the
798 opposite order. This is a bit tedious, but there shouldn't be very many
799 of them. We just walk the list twice, reversing the pointers each time,
800 but on the second time, write out the items.
801
802 Headers added to an address by a router are guaranteed to end with a newline.
803 */
804
805 if (addr != NULL)
806 {
807 int i;
808 header_line *hprev = addr->p.extra_headers;
809 header_line *hnext;
810 for (i = 0; i < 2; i++)
811 {
812 for (h = hprev, hprev = NULL; h != NULL; h = hnext)
813 {
814 hnext = h->next;
815 h->next = hprev;
816 hprev = h;
817 if (i == 1)
818 {
819 if (!write_chunk(fd, h->text, h->slen, use_crlf)) return FALSE;
820 DEBUG(D_transport)
821 debug_printf("added header line(s):\n%s---\n", h->text);
822 }
823 }
824 }
825 }
826
827 /* If a string containing additional headers exists, expand it and write
828 out the result. This is done last so that if it (deliberately or accidentally)
829 isn't in header format, it won't mess up any other headers. An empty string
830 or a forced expansion failure are noops. An added header string from a
831 transport may not end with a newline; add one if it does not. */
832
833 if (add_headers != NULL)
834 {
835 uschar *s = expand_string(add_headers);
836 if (s == NULL)
837 {
838 if (!expand_string_forcedfail)
839 {
840 errno = ERRNO_CHHEADER_FAIL;
841 return FALSE;
842 }
843 }
844 else
845 {
846 int len = Ustrlen(s);
847 if (len > 0)
848 {
849 if (!write_chunk(fd, s, len, use_crlf)) return FALSE;
850 if (s[len-1] != '\n' && !write_chunk(fd, US"\n", 1, use_crlf))
851 return FALSE;
852 DEBUG(D_transport)
853 {
854 debug_printf("added header line(s):\n%s", s);
855 if (s[len-1] != '\n') debug_printf("\n");
856 debug_printf("---\n");
857 }
858 }
859 }
860 }
861
862 /* Separate headers from body with a blank line */
863
864 if (!write_chunk(fd, US"\n", 1, use_crlf)) return FALSE;
865 }
866
867 /* If the body is required, ensure that the data for check strings (formerly
868 the "from hack") is enabled by negating the length if necessary. (It will be
869 negative in cases where it isn't to apply to the headers). Then ensure the body
870 is positioned at the start of its file (following the message id), then write
871 it, applying the size limit if required. */
872
873 if ((options & topt_no_body) == 0)
874 {
875 nl_check_length = abs(nl_check_length);
876 nl_partial_match = 0;
877 lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET);
878 while ((len = read(deliver_datafile, deliver_in_buffer,
879 DELIVER_IN_BUFFER_SIZE)) > 0)
880 {
881 if (!write_chunk(fd, deliver_in_buffer, len, use_crlf)) return FALSE;
882 if (size_limit > 0)
883 {
884 written += len;
885 if (written > size_limit)
886 {
887 len = 0; /* Pretend EOF */
888 break;
889 }
890 }
891 }
892
893 /* Finished with the check string */
894
895 nl_check_length = nl_escape_length = 0;
896
897 /* A read error on the body will have left len == -1 and errno set. */
898
899 if (len != 0) return FALSE;
900
901 /* If requested, add a terminating "." line (SMTP output). */
902
903 if ((options & topt_end_dot) != 0 && !write_chunk(fd, US".\n", 2, use_crlf))
904 return FALSE;
905 }
906
907 /* Write out any remaining data in the buffer before returning. */
908
909 return (len = chunk_ptr - deliver_out_buffer) <= 0 ||
910 transport_write_block(fd, deliver_out_buffer, len);
911 }
912
913
914 #ifdef EXPERIMENTAL_DOMAINKEYS
915
916 /**********************************************************************************
917 * External interface to write the message, while signing it with domainkeys *
918 **********************************************************************************/
919
920 /* This function is a wrapper around transport_write_message(). It is only called
921 from the smtp transport if
922 (1) Domainkeys support is compiled in.
923 (2) The dk_private_key option on the smtp transport is set.
924 The function sets up a replacement fd into a -K file, then calls the normal
925 function. This way, the exact bits that exim would have put "on the wire" will
926 end up in the file (except for TLS encapsulation, which is the very
927 very last thing). When we are done signing the file, send the
928 signed message down the original fd (or TLS fd).
929
930 Arguments: as for internal_transport_write_message() above, with additional
931 arguments:
932 uschar *dk_private_key The private key to use (filename or plain data)
933 uschar *dk_domain Override domain (normally NULL)
934 uschar *dk_selector The selector to use.
935 uschar *dk_canon The canonalization scheme to use, "simple" or "nofws"
936 uschar *dk_headers Colon-separated header list to include in the signing
937 process.
938 uschar *dk_strict What to do if signing fails: 1/true => throw error
939 0/false => send anyway
940
941 Returns: TRUE on success; FALSE (with errno) for any failure
942 */
943
944 BOOL
945 dk_transport_write_message(address_item *addr, int fd, int options,
946 int size_limit, uschar *add_headers, uschar *remove_headers,
947 uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules,
948 int rewrite_existflags, uschar *dk_private_key, uschar *dk_domain,
949 uschar *dk_selector, uschar *dk_canon, uschar *dk_headers, uschar *dk_strict)
950 {
951 int dk_fd;
952 int save_errno = 0;
953 BOOL rc;
954 uschar dk_spool_name[256];
955 char sbuf[2048];
956 int sread = 0;
957 int wwritten = 0;
958 uschar *dk_signature = NULL;
959
960 snprintf(CS dk_spool_name, 256, "%s/input/%s/%s-K",
961 spool_directory, message_subdir, message_id);
962 dk_fd = Uopen(dk_spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
963 if (dk_fd < 0)
964 {
965 /* Can't create spool file. Ugh. */
966 rc = FALSE;
967 save_errno = errno;
968 goto CLEANUP;
969 }
970
971 /* Call original function */
972 rc = transport_write_message(addr, dk_fd, options,
973 size_limit, add_headers, remove_headers,
974 check_string, escape_string, rewrite_rules,
975 rewrite_existflags);
976
977 /* Save error state. We must clean up before returning. */
978 if (!rc)
979 {
980 save_errno = errno;
981 goto CLEANUP;
982 }
983
984 /* Rewind file and feed it to the goats^W DK lib */
985 lseek(dk_fd, 0, SEEK_SET);
986 dk_signature = dk_exim_sign(dk_fd,
987 dk_private_key,
988 dk_domain,
989 dk_selector,
990 dk_canon);
991
992 if (dk_signature != NULL)
993 {
994 /* Send the signature first */
995 int siglen = Ustrlen(dk_signature);
996 while(siglen > 0)
997 {
998 #ifdef SUPPORT_TLS
999 if (tls_active == fd) wwritten = tls_write(dk_signature, siglen); else
1000 #endif
1001 wwritten = write(fd,dk_signature,siglen);
1002 if (wwritten == -1)
1003 {
1004 /* error, bail out */
1005 save_errno = errno;
1006 rc = FALSE;
1007 goto CLEANUP;
1008 }
1009 siglen -= wwritten;
1010 dk_signature += wwritten;
1011 }
1012 }
1013 else if (dk_strict != NULL)
1014 {
1015 uschar *dk_strict_result = expand_string(dk_strict);
1016 if (dk_strict_result != NULL)
1017 {
1018 if ( (strcmpic(dk_strict,"1") == 0) ||
1019 (strcmpic(dk_strict,"true") == 0) )
1020 {
1021 save_errno = errno;
1022 rc = FALSE;
1023 goto CLEANUP;
1024 }
1025 }
1026 }
1027
1028 /* Rewind file and send it down the original fd. */
1029 lseek(dk_fd, 0, SEEK_SET);
1030
1031 while((sread = read(dk_fd,sbuf,2048)) > 0)
1032 {
1033 char *p = sbuf;
1034 /* write the chunk */
1035 DK_WRITE:
1036 #ifdef SUPPORT_TLS
1037 if (tls_active == fd) wwritten = tls_write(p, sread); else
1038 #endif
1039 wwritten = write(fd,p,sread);
1040 if (wwritten == -1)
1041 {
1042 /* error, bail out */
1043 save_errno = errno;
1044 rc = FALSE;
1045 goto CLEANUP;
1046 }
1047 if (wwritten < sread)
1048 {
1049 /* short write, try again */
1050 p += wwritten;
1051 sread -= wwritten;
1052 goto DK_WRITE;
1053 }
1054 }
1055
1056 if (sread == -1)
1057 {
1058 save_errno = errno;
1059 rc = FALSE;
1060 goto CLEANUP;
1061 }
1062
1063
1064 CLEANUP:
1065 /* unlink -K file */
1066 close(dk_fd);
1067 Uunlink(dk_spool_name);
1068 errno = save_errno;
1069 return rc;
1070 }
1071 #endif
1072
1073
1074 /*************************************************
1075 * External interface to write the message *
1076 *************************************************/
1077
1078 /* If there is no filtering required, call the internal function above to do
1079 the real work, passing over all the arguments from this function. Otherwise,
1080 set up a filtering process, fork another process to call the internal function
1081 to write to the filter, and in this process just suck from the filter and write
1082 down the given fd. At the end, tidy up the pipes and the processes.
1083
1084 Arguments: as for internal_transport_write_message() above
1085
1086 Returns: TRUE on success; FALSE (with errno) for any failure
1087 transport_count is incremented by the number of bytes written
1088 */
1089
1090 BOOL
1091 transport_write_message(address_item *addr, int fd, int options,
1092 int size_limit, uschar *add_headers, uschar *remove_headers,
1093 uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules,
1094 int rewrite_existflags)
1095 {
1096 BOOL use_crlf;
1097 BOOL last_filter_was_NL = TRUE;
1098 int rc, len, yield, fd_read, fd_write, save_errno;
1099 int pfd[2];
1100 pid_t filter_pid, write_pid;
1101
1102 /* If there is no filter command set up, call the internal function that does
1103 the actual work, passing it the incoming fd, and return its result. */
1104
1105 if (transport_filter_argv == NULL)
1106 return internal_transport_write_message(addr, fd, options, size_limit,
1107 add_headers, remove_headers, check_string, escape_string,
1108 rewrite_rules, rewrite_existflags);
1109
1110 /* Otherwise the message must be written to a filter process and read back
1111 before being written to the incoming fd. First set up the special processing to
1112 be done during the copying. */
1113
1114 use_crlf = (options & topt_use_crlf) != 0;
1115 nl_partial_match = -1;
1116
1117 if (check_string != NULL && escape_string != NULL)
1118 {
1119 nl_check = check_string;
1120 nl_check_length = Ustrlen(nl_check);
1121 nl_escape = escape_string;
1122 nl_escape_length = Ustrlen(nl_escape);
1123 }
1124 else nl_check_length = nl_escape_length = 0;
1125
1126 /* Start up a subprocess to run the command. Ensure that our main fd will
1127 be closed when the subprocess execs, but remove the flag afterwards.
1128 (Otherwise, if this is a TCP/IP socket, it can't get passed on to another
1129 process to deliver another message.) We get back stdin/stdout file descriptors.
1130 If the process creation failed, give an error return. */
1131
1132 fd_read = -1;
1133 fd_write = -1;
1134 save_errno = 0;
1135 yield = FALSE;
1136 write_pid = (pid_t)(-1);
1137
1138 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
1139 filter_pid = child_open(transport_filter_argv, NULL, 077, &fd_write, &fd_read,
1140 FALSE);
1141 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) & ~FD_CLOEXEC);
1142 if (filter_pid < 0) goto TIDY_UP; /* errno set */
1143
1144 DEBUG(D_transport)
1145 debug_printf("process %d running as transport filter: write=%d read=%d\n",
1146 (int)filter_pid, fd_write, fd_read);
1147
1148 /* Fork subprocess to write the message to the filter, and return the result
1149 via a(nother) pipe. While writing to the filter, we do not do the CRLF,
1150 smtp dots, or check string processing. */
1151
1152 if (pipe(pfd) != 0) goto TIDY_UP; /* errno set */
1153 if ((write_pid = fork()) == 0)
1154 {
1155 BOOL rc;
1156 close(fd_read);
1157 close(pfd[pipe_read]);
1158 nl_check_length = nl_escape_length = 0;
1159 rc = internal_transport_write_message(addr, fd_write,
1160 (options & ~(topt_use_crlf | topt_end_dot)),
1161 size_limit, add_headers, remove_headers, NULL, NULL,
1162 rewrite_rules, rewrite_existflags);
1163 save_errno = errno;
1164 write(pfd[pipe_write], (void *)&rc, sizeof(BOOL));
1165 write(pfd[pipe_write], (void *)&save_errno, sizeof(int));
1166 write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int));
1167 _exit(0);
1168 }
1169 save_errno = errno;
1170
1171 /* Parent process: close our copy of the writing subprocess' pipes. */
1172
1173 close(pfd[pipe_write]);
1174 close(fd_write);
1175 fd_write = -1;
1176
1177 /* Writing process creation failed */
1178
1179 if (write_pid < 0)
1180 {
1181 errno = save_errno; /* restore */
1182 goto TIDY_UP;
1183 }
1184
1185 /* When testing, let the subprocess get going */
1186
1187 if (running_in_test_harness) millisleep(250);
1188
1189 DEBUG(D_transport)
1190 debug_printf("process %d writing to transport filter\n", (int)write_pid);
1191
1192 /* Copy the message from the filter to the output fd. A read error leaves len
1193 == -1 and errno set. We need to apply a timeout to the read, to cope with
1194 the case when the filter gets stuck, but it can be quite a long one. The
1195 default is 5m, but this is now configurable. */
1196
1197 DEBUG(D_transport) debug_printf("copying from the filter\n");
1198
1199 /* Copy the output of the filter, remembering if the last character was NL. If
1200 no data is returned, that counts as "ended with NL" (default setting of the
1201 variable is TRUE). */
1202
1203 chunk_ptr = deliver_out_buffer;
1204
1205 for (;;)
1206 {
1207 sigalrm_seen = FALSE;
1208 alarm(transport_filter_timeout);
1209 len = read(fd_read, deliver_in_buffer, DELIVER_IN_BUFFER_SIZE);
1210 alarm(0);
1211 if (sigalrm_seen)
1212 {
1213 errno = ETIMEDOUT;
1214 goto TIDY_UP;
1215 }
1216
1217 /* If the read was successful, write the block down the original fd,
1218 remembering whether it ends in \n or not. */
1219
1220 if (len > 0)
1221 {
1222 if (!write_chunk(fd, deliver_in_buffer, len, use_crlf)) goto TIDY_UP;
1223 last_filter_was_NL = (deliver_in_buffer[len-1] == '\n');
1224 }
1225
1226 /* Otherwise, break the loop. If we have hit EOF, set yield = TRUE. */
1227
1228 else
1229 {
1230 if (len == 0) yield = TRUE;
1231 break;
1232 }
1233 }
1234
1235 /* Tidying up code. If yield = FALSE there has been an error and errno is set
1236 to something. Ensure the pipes are all closed and the processes are removed. If
1237 there has been an error, kill the processes before waiting for them, just to be
1238 sure. Also apply a paranoia timeout. */
1239
1240 TIDY_UP:
1241 save_errno = errno;
1242
1243 close(fd_read);
1244 if (fd_write > 0) close(fd_write);
1245
1246 if (!yield)
1247 {
1248 if (filter_pid > 0) kill(filter_pid, SIGKILL);
1249 if (write_pid > 0) kill(write_pid, SIGKILL);
1250 }
1251
1252 /* Wait for the filter process to complete. */
1253
1254 DEBUG(D_transport) debug_printf("waiting for filter process\n");
1255 if (filter_pid > 0 && (rc = child_close(filter_pid, 30)) != 0 && yield)
1256 {
1257 yield = FALSE;
1258 save_errno = ERRNO_FILTER_FAIL;
1259 addr->more_errno = rc;
1260 DEBUG(D_transport) debug_printf("filter process returned %d\n", rc);
1261 }
1262
1263 /* Wait for the writing process to complete. If it ends successfully,
1264 read the results from its pipe, provided we haven't already had a filter
1265 process failure. */
1266
1267 DEBUG(D_transport) debug_printf("waiting for writing process\n");
1268 if (write_pid > 0)
1269 {
1270 rc = child_close(write_pid, 30);
1271 if (yield)
1272 {
1273 if (rc == 0)
1274 {
1275 BOOL ok;
1276 read(pfd[pipe_read], (void *)&ok, sizeof(BOOL));
1277 if (!ok)
1278 {
1279 read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
1280 read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int));
1281 yield = FALSE;
1282 }
1283 }
1284 else
1285 {
1286 yield = FALSE;
1287 save_errno = ERRNO_FILTER_FAIL;
1288 addr->more_errno = rc;
1289 DEBUG(D_transport) debug_printf("writing process returned %d\n", rc);
1290 }
1291 }
1292 }
1293 close(pfd[pipe_read]);
1294
1295 /* If there have been no problems we can now add the terminating "." if this is
1296 SMTP output, turning off escaping beforehand. If the last character from the
1297 filter was not NL, insert a NL to make the SMTP protocol work. */
1298
1299 if (yield)
1300 {
1301 nl_check_length = nl_escape_length = 0;
1302 if ((options & topt_end_dot) != 0 && (last_filter_was_NL?
1303 !write_chunk(fd, US".\n", 2, use_crlf) :
1304 !write_chunk(fd, US"\n.\n", 3, use_crlf)))
1305 {
1306 yield = FALSE;
1307 }
1308
1309 /* Write out any remaining data in the buffer. */
1310
1311 else
1312 {
1313 yield = (len = chunk_ptr - deliver_out_buffer) <= 0 ||
1314 transport_write_block(fd, deliver_out_buffer, len);
1315 }
1316 }
1317 else errno = save_errno; /* From some earlier error */
1318
1319 DEBUG(D_transport)
1320 {
1321 debug_printf("end of filtering transport writing: yield=%d\n", yield);
1322 if (!yield)
1323 debug_printf("errno=%d more_errno=%d\n", errno, addr->more_errno);
1324 }
1325
1326 return yield;
1327 }
1328
1329
1330
1331
1332
1333 /*************************************************
1334 * Update waiting database *
1335 *************************************************/
1336
1337 /* This is called when an address is deferred by remote transports that are
1338 capable of sending more than one message over one connection. A database is
1339 maintained for each transport, keeping track of which messages are waiting for
1340 which hosts. The transport can then consult this when eventually a successful
1341 delivery happens, and if it finds that another message is waiting for the same
1342 host, it can fire up a new process to deal with it using the same connection.
1343
1344 The database records are keyed by host name. They can get full if there are
1345 lots of messages waiting, and so there is a continuation mechanism for them.
1346
1347 Each record contains a list of message ids, packed end to end without any
1348 zeros. Each one is MESSAGE_ID_LENGTH bytes long. The count field says how many
1349 in this record, and the sequence field says if there are any other records for
1350 this host. If the sequence field is 0, there are none. If it is 1, then another
1351 record with the name <hostname>:0 exists; if it is 2, then two other records
1352 with sequence numbers 0 and 1 exist, and so on.
1353
1354 Currently, an exhaustive search of all continuation records has to be done to
1355 determine whether to add a message id to a given record. This shouldn't be
1356 too bad except in extreme cases. I can't figure out a *simple* way of doing
1357 better.
1358
1359 Old records should eventually get swept up by the exim_tidydb utility.
1360
1361 Arguments:
1362 hostlist list of hosts that this message could be sent to;
1363 the update_waiting flag is set if a host is to be noted
1364 tpname name of the transport
1365
1366 Returns: nothing
1367 */
1368
1369 void
1370 transport_update_waiting(host_item *hostlist, uschar *tpname)
1371 {
1372 uschar buffer[256];
1373 uschar *prevname = US"";
1374 host_item *host;
1375 open_db dbblock;
1376 open_db *dbm_file;
1377
1378 /* Open the database for this transport */
1379
1380 sprintf(CS buffer, "wait-%.200s", tpname);
1381 dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1382 if (dbm_file == NULL) return;
1383
1384 /* Scan the list of hosts for which this message is waiting, and ensure
1385 that the message id is in each host record for those that have the
1386 update_waiting flag set. */
1387
1388 for (host = hostlist; host!= NULL; host = host->next)
1389 {
1390 BOOL already = FALSE;
1391 dbdata_wait *host_record;
1392 uschar *s;
1393 int i, host_length;
1394
1395 /* Skip if the update_waiting flag is not set. */
1396
1397 if (!host->update_waiting) continue;
1398
1399 /* Skip if this is the same host as we just processed; otherwise remember
1400 the name for next time. */
1401
1402 if (Ustrcmp(prevname, host->name) == 0) continue;
1403 prevname = host->name;
1404
1405 /* Look up the host record; if there isn't one, make an empty one. */
1406
1407 host_record = dbfn_read(dbm_file, host->name);
1408 if (host_record == NULL)
1409 {
1410 host_record = store_get(sizeof(dbdata_wait) + MESSAGE_ID_LENGTH);
1411 host_record->count = host_record->sequence = 0;
1412 }
1413
1414 /* Compute the current length */
1415
1416 host_length = host_record->count * MESSAGE_ID_LENGTH;
1417
1418 /* Search the record to see if the current message is already in it. */
1419
1420 for (s = host_record->text; s < host_record->text + host_length;
1421 s += MESSAGE_ID_LENGTH)
1422 {
1423 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1424 { already = TRUE; break; }
1425 }
1426
1427 /* If we haven't found this message in the main record, search any
1428 continuation records that exist. */
1429
1430 for (i = host_record->sequence - 1; i >= 0 && !already; i--)
1431 {
1432 dbdata_wait *cont;
1433 sprintf(CS buffer, "%.200s:%d", host->name, i);
1434 cont = dbfn_read(dbm_file, buffer);
1435 if (cont != NULL)
1436 {
1437 int clen = cont->count * MESSAGE_ID_LENGTH;
1438 for (s = cont->text; s < cont->text + clen; s += MESSAGE_ID_LENGTH)
1439 {
1440 if (Ustrncmp(s, message_id, MESSAGE_ID_LENGTH) == 0)
1441 { already = TRUE; break; }
1442 }
1443 }
1444 }
1445
1446 /* If this message is already in a record, no need to update. */
1447
1448 if (already) continue;
1449
1450
1451 /* If this record is full, write it out with a new name constructed
1452 from the sequence number, increase the sequence number, and empty
1453 the record. */
1454
1455 if (host_record->count >= WAIT_NAME_MAX)
1456 {
1457 sprintf(CS buffer, "%.200s:%d", host->name, host_record->sequence);
1458 dbfn_write(dbm_file, buffer, host_record, sizeof(dbdata_wait) + host_length);
1459 host_record->sequence++;
1460 host_record->count = 0;
1461 host_length = 0;
1462 }
1463
1464 /* If this record is not full, increase the size of the record to
1465 allow for one new message id. */
1466
1467 else
1468 {
1469 dbdata_wait *newr =
1470 store_get(sizeof(dbdata_wait) + host_length + MESSAGE_ID_LENGTH);
1471 memcpy(newr, host_record, sizeof(dbdata_wait) + host_length);
1472 host_record = newr;
1473 }
1474
1475 /* Now add the new name on the end */
1476
1477 memcpy(host_record->text + host_length, message_id, MESSAGE_ID_LENGTH);
1478 host_record->count++;
1479 host_length += MESSAGE_ID_LENGTH;
1480
1481 /* Update the database */
1482
1483 dbfn_write(dbm_file, host->name, host_record, sizeof(dbdata_wait) + host_length);
1484 }
1485
1486 /* All now done */
1487
1488 dbfn_close(dbm_file);
1489 }
1490
1491
1492
1493
1494 /*************************************************
1495 * Test for waiting messages *
1496 *************************************************/
1497
1498 /* This function is called by a remote transport which uses the previous
1499 function to remember which messages are waiting for which remote hosts. It's
1500 called after a successful delivery and its job is to check whether there is
1501 another message waiting for the same host. However, it doesn't do this if the
1502 current continue sequence is greater than the maximum supplied as an argument,
1503 or greater than the global connection_max_messages, which, if set, overrides.
1504
1505 Arguments:
1506 transport_name name of the transport
1507 hostname name of the host
1508 local_message_max maximum number of messages down one connection
1509 as set by the caller transport
1510 new_message_id set to the message id of a waiting message
1511 more set TRUE if there are yet more messages waiting
1512
1513 Returns: TRUE if new_message_id set; FALSE otherwise
1514 */
1515
1516 BOOL
1517 transport_check_waiting(uschar *transport_name, uschar *hostname,
1518 int local_message_max, uschar *new_message_id, BOOL *more)
1519 {
1520 dbdata_wait *host_record;
1521 int host_length, path_len;
1522 open_db dbblock;
1523 open_db *dbm_file;
1524 uschar buffer[256];
1525
1526 *more = FALSE;
1527
1528 DEBUG(D_transport)
1529 {
1530 debug_printf("transport_check_waiting entered\n");
1531 debug_printf(" sequence=%d local_max=%d global_max=%d\n",
1532 continue_sequence, local_message_max, connection_max_messages);
1533 }
1534
1535 /* Do nothing if we have hit the maximum number that can be send down one
1536 connection. */
1537
1538 if (connection_max_messages >= 0) local_message_max = connection_max_messages;
1539 if (local_message_max > 0 && continue_sequence >= local_message_max)
1540 {
1541 DEBUG(D_transport)
1542 debug_printf("max messages for one connection reached: returning\n");
1543 return FALSE;
1544 }
1545
1546 /* Open the waiting information database. */
1547
1548 sprintf(CS buffer, "wait-%.200s", transport_name);
1549 dbm_file = dbfn_open(buffer, O_RDWR, &dbblock, TRUE);
1550 if (dbm_file == NULL) return FALSE;
1551
1552 /* See if there is a record for this host; if not, there's nothing to do. */
1553
1554 host_record = dbfn_read(dbm_file, hostname);
1555 if (host_record == NULL)
1556 {
1557 dbfn_close(dbm_file);
1558 DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname);
1559 return FALSE;
1560 }
1561
1562 /* If the data in the record looks corrupt, just log something and
1563 don't try to use it. */
1564
1565 if (host_record->count > WAIT_NAME_MAX)
1566 {
1567 dbfn_close(dbm_file);
1568 log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad "
1569 "count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX);
1570 return FALSE;
1571 }
1572
1573 /* Scan the message ids in the record from the end towards the beginning,
1574 until one is found for which a spool file actually exists. If the record gets
1575 emptied, delete it and continue with any continuation records that may exist.
1576 */
1577
1578 host_length = host_record->count * MESSAGE_ID_LENGTH;
1579
1580 /* Loop to handle continuation host records in the database */
1581
1582 for (;;)
1583 {
1584 BOOL found = FALSE;
1585
1586 sprintf(CS buffer, "%s/input/", spool_directory);
1587 path_len = Ustrlen(buffer);
1588
1589 for (host_length -= MESSAGE_ID_LENGTH; host_length >= 0;
1590 host_length -= MESSAGE_ID_LENGTH)
1591 {
1592 struct stat statbuf;
1593 Ustrncpy(new_message_id, host_record->text + host_length,
1594 MESSAGE_ID_LENGTH);
1595 new_message_id[MESSAGE_ID_LENGTH] = 0;
1596
1597 if (split_spool_directory)
1598 sprintf(CS(buffer + path_len), "%c/%s-D", new_message_id[5], new_message_id);
1599 else
1600 sprintf(CS(buffer + path_len), "%s-D", new_message_id);
1601
1602 /* The listed message may be the one we are currently processing. If
1603 so, we want to remove it from the list without doing anything else.
1604 If not, do a stat to see if it is an existing message. If it is, break
1605 the loop to handle it. No need to bother about locks; as this is all
1606 "hint" processing, it won't matter if it doesn't exist by the time exim
1607 actually tries to deliver it. */
1608
1609 if (Ustrcmp(new_message_id, message_id) != 0 &&
1610 Ustat(buffer, &statbuf) == 0)
1611 {
1612 found = TRUE;
1613 break;
1614 }
1615 }
1616
1617 /* If we have removed all the message ids from the record delete the record.
1618 If there is a continuation record, fetch it and remove it from the file,
1619 as it will be rewritten as the main record. Repeat in the case of an
1620 empty continuation. */
1621
1622 while (host_length <= 0)
1623 {
1624 int i;
1625 dbdata_wait *newr = NULL;
1626
1627 /* Search for a continuation */
1628
1629 for (i = host_record->sequence - 1; i >= 0 && newr == NULL; i--)
1630 {
1631 sprintf(CS buffer, "%.200s:%d", hostname, i);
1632 newr = dbfn_read(dbm_file, buffer);
1633 }
1634
1635 /* If no continuation, delete the current and break the loop */
1636
1637 if (newr == NULL)
1638 {
1639 dbfn_delete(dbm_file, hostname);
1640 break;
1641 }
1642
1643 /* Else replace the current with the continuation */
1644
1645 dbfn_delete(dbm_file, buffer);
1646 host_record = newr;
1647 host_length = host_record->count * MESSAGE_ID_LENGTH;
1648 }
1649
1650 /* If we found an existing message, break the continuation loop. */
1651
1652 if (found) break;
1653
1654 /* If host_length <= 0 we have emptied a record and not found a good message,
1655 and there are no continuation records. Otherwise there is a continuation
1656 record to process. */
1657
1658 if (host_length <= 0)
1659 {
1660 dbfn_close(dbm_file);
1661 DEBUG(D_transport) debug_printf("waiting messages already delivered\n");
1662 return FALSE;
1663 }
1664 }
1665
1666 /* Control gets here when an existing message has been encountered; its
1667 id is in new_message_id, and host_length is the revised length of the
1668 host record. If it is zero, the record has been removed. Update the
1669 record if required, close the database, and return TRUE. */
1670
1671 if (host_length > 0)
1672 {
1673 host_record->count = host_length/MESSAGE_ID_LENGTH;
1674 dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length);
1675 *more = TRUE;
1676 }
1677
1678 dbfn_close(dbm_file);
1679 return TRUE;
1680 }
1681
1682
1683
1684 /*************************************************
1685 * Deliver waiting message down same socket *
1686 *************************************************/
1687
1688 /* Fork a new exim process to deliver the message, and do a re-exec, both to
1689 get a clean delivery process, and to regain root privilege in cases where it
1690 has been given away.
1691
1692 Arguments:
1693 transport_name to pass to the new process
1694 hostname ditto
1695 hostaddress ditto
1696 id the new message to process
1697 socket_fd the connected socket
1698
1699 Returns: FALSE if fork fails; TRUE otherwise
1700 */
1701
1702 BOOL
1703 transport_pass_socket(uschar *transport_name, uschar *hostname,
1704 uschar *hostaddress, uschar *id, int socket_fd)
1705 {
1706 pid_t pid;
1707 int status;
1708
1709 DEBUG(D_transport) debug_printf("transport_pass_socket entered\n");
1710
1711 if ((pid = fork()) == 0)
1712 {
1713 int i = 16;
1714 uschar **argv;
1715
1716 /* Disconnect entirely from the parent process. If we are running in the
1717 test harness, wait for a bit to allow the previous process time to finish,
1718 write the log, etc., so that the output is always in the same order for
1719 automatic comparison. */
1720
1721 if ((pid = fork()) != 0) _exit(EXIT_SUCCESS);
1722 if (running_in_test_harness) millisleep(500);
1723
1724 /* Set up the calling arguments; use the standard function for the basics,
1725 but we have a number of extras that may be added. */
1726
1727 argv = child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0);
1728
1729 if (smtp_authenticated) argv[i++] = US"-MCA";
1730
1731 #ifdef SUPPORT_TLS
1732 if (tls_offered) argv[i++] = US"-MCT";
1733 #endif
1734
1735 if (smtp_use_size) argv[i++] = US"-MCS";
1736 if (smtp_use_pipelining) argv[i++] = US"-MCP";
1737
1738 if (queue_run_pid != (pid_t)0)
1739 {
1740 argv[i++] = US"-MCQ";
1741 argv[i++] = string_sprintf("%d", queue_run_pid);
1742 argv[i++] = string_sprintf("%d", queue_run_pipe);
1743 }
1744
1745 argv[i++] = US"-MC";
1746 argv[i++] = transport_name;
1747 argv[i++] = hostname;
1748 argv[i++] = hostaddress;
1749 argv[i++] = string_sprintf("%d", continue_sequence + 1);
1750 argv[i++] = id;
1751 argv[i++] = NULL;
1752
1753 /* Arrange for the channel to be on stdin. */
1754
1755 if (socket_fd != 0)
1756 {
1757 dup2(socket_fd, 0);
1758 close(socket_fd);
1759 }
1760
1761 DEBUG(D_exec) debug_print_argv(argv);
1762 exim_nullstd(); /* Ensure std{out,err} exist */
1763 execv(CS argv[0], (char *const *)argv);
1764
1765 DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));
1766 _exit(errno); /* Note: must be _exit(), NOT exit() */
1767 }
1768
1769 /* If the process creation succeeded, wait for the first-level child, which
1770 immediately exits, leaving the second level process entirely disconnected from
1771 this one. */
1772
1773 if (pid > 0)
1774 {
1775 int rc;
1776 while ((rc = wait(&status)) != pid && (rc >= 0 || errno != ECHILD));
1777 DEBUG(D_transport) debug_printf("transport_pass_socket succeeded\n");
1778 return TRUE;
1779 }
1780 else
1781 {
1782 DEBUG(D_transport) debug_printf("transport_pass_socket failed to fork: %s\n",
1783 strerror(errno));
1784 return FALSE;
1785 }
1786 }
1787
1788
1789
1790 /*************************************************
1791 * Set up direct (non-shell) command *
1792 *************************************************/
1793
1794 /* This function is called when a command line is to be parsed and executed
1795 directly, without the use of /bin/sh. It is called by the pipe transport,
1796 the queryprogram router, and also from the main delivery code when setting up a
1797 transport filter process. The code for ETRN also makes use of this; in that
1798 case, no addresses are passed.
1799
1800 Arguments:
1801 argvptr pointer to anchor for argv vector
1802 cmd points to the command string
1803 expand_arguments true if expansion is to occur
1804 expand_failed error value to set if expansion fails; not relevant if
1805 addr == NULL
1806 addr chain of addresses, or NULL
1807 etext text for use in error messages
1808 errptr where to put error message if addr is NULL;
1809 otherwise it is put in the first address
1810
1811 Returns: TRUE if all went well; otherwise an error will be
1812 set in the first address and FALSE returned
1813 */
1814
1815 BOOL
1816 transport_set_up_command(uschar ***argvptr, uschar *cmd, BOOL expand_arguments,
1817 int expand_failed, address_item *addr, uschar *etext, uschar **errptr)
1818 {
1819 address_item *ad;
1820 uschar **argv;
1821 uschar *s, *ss;
1822 int address_count = 0;
1823 int argcount = 0;
1824 int i, max_args;
1825
1826 /* Get store in which to build an argument list. Count the number of addresses
1827 supplied, and allow for that many arguments, plus an additional 60, which
1828 should be enough for anybody. Multiple addresses happen only when the local
1829 delivery batch option is set. */
1830
1831 for (ad = addr; ad != NULL; ad = ad->next) address_count++;
1832 max_args = address_count + 60;
1833 *argvptr = argv = store_get((max_args+1)*sizeof(uschar *));
1834
1835 /* Split the command up into arguments terminated by white space. Lose
1836 trailing space at the start and end. Double-quoted arguments can contain \\ and
1837 \" escapes and so can be handled by the standard function; single-quoted
1838 arguments are verbatim. Copy each argument into a new string. */
1839
1840 s = cmd;
1841 while (isspace(*s)) s++;
1842
1843 while (*s != 0 && argcount < max_args)
1844 {
1845 if (*s == '\'')
1846 {
1847 ss = s + 1;
1848 while (*ss != 0 && *ss != '\'') ss++;
1849 argv[argcount++] = ss = store_get(ss - s++);
1850 while (*s != 0 && *s != '\'') *ss++ = *s++;
1851 if (*s != 0) s++;
1852 *ss++ = 0;
1853 }
1854 else argv[argcount++] = string_dequote(&s);
1855 while (isspace(*s)) s++;
1856 }
1857
1858 argv[argcount] = (uschar *)0;
1859
1860 /* If *s != 0 we have run out of argument slots. */
1861
1862 if (*s != 0)
1863 {
1864 uschar *msg = string_sprintf("Too many arguments in command \"%s\" in "
1865 "%s", cmd, etext);
1866 if (addr != NULL)
1867 {
1868 addr->transport_return = FAIL;
1869 addr->message = msg;
1870 }
1871 else *errptr = msg;
1872 return FALSE;
1873 }
1874
1875 /* Expand each individual argument if required. Expansion happens for pipes set
1876 up in filter files and with directly-supplied commands. It does not happen if
1877 the pipe comes from a traditional .forward file. A failing expansion is a big
1878 disaster if the command came from Exim's configuration; if it came from a user
1879 it is just a normal failure. The expand_failed value is used as the error value
1880 to cater for these two cases.
1881
1882 An argument consisting just of the text "$pipe_addresses" is treated specially.
1883 It is not passed to the general expansion function. Instead, it is replaced by
1884 a number of arguments, one for each address. This avoids problems with shell
1885 metacharacters and spaces in addresses.
1886
1887 If the parent of the top address has an original part of "system-filter", this
1888 pipe was set up by the system filter, and we can permit the expansion of
1889 $recipients. */
1890
1891 DEBUG(D_transport)
1892 {
1893 debug_printf("direct command:\n");
1894 for (i = 0; argv[i] != (uschar *)0; i++)
1895 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
1896 }
1897
1898 if (expand_arguments)
1899 {
1900 BOOL allow_dollar_recipients = addr != NULL &&
1901 addr->parent != NULL &&
1902 Ustrcmp(addr->parent->address, "system-filter") == 0;
1903
1904 for (i = 0; argv[i] != (uschar *)0; i++)
1905 {
1906
1907 /* Handle special fudge for passing an address list */
1908
1909 if (addr != NULL &&
1910 (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
1911 Ustrcmp(argv[i], "${pipe_addresses}") == 0))
1912 {
1913 int additional;
1914
1915 if (argcount + address_count - 1 > max_args)
1916 {
1917 addr->transport_return = FAIL;
1918 addr->message = string_sprintf("Too many arguments to command \"%s\" "
1919 "in %s", cmd, etext);
1920 return FALSE;
1921 }
1922
1923 additional = address_count - 1;
1924 if (additional > 0)
1925 memmove(argv + i + 1 + additional, argv + i + 1,
1926 (argcount - i)*sizeof(uschar *));
1927
1928 for (ad = addr; ad != NULL; ad = ad->next) argv[i++] = ad->address;
1929 i--;
1930 }
1931
1932 /* Handle normal expansion string */
1933
1934 else
1935 {
1936 uschar *expanded_arg;
1937 enable_dollar_recipients = allow_dollar_recipients;
1938 expanded_arg = expand_string(argv[i]);
1939 enable_dollar_recipients = FALSE;
1940
1941 if (expanded_arg == NULL)
1942 {
1943 uschar *msg = string_sprintf("Expansion of \"%s\" "
1944 "from command \"%s\" in %s failed: %s",
1945 argv[i], cmd, etext, expand_string_message);
1946 if (addr != NULL)
1947 {
1948 addr->transport_return = expand_failed;
1949 addr->message = msg;
1950 }
1951 else *errptr = msg;
1952 return FALSE;
1953 }
1954 argv[i] = expanded_arg;
1955 }
1956 }
1957
1958 DEBUG(D_transport)
1959 {
1960 debug_printf("direct command after expansion:\n");
1961 for (i = 0; argv[i] != (uschar *)0; i++)
1962 debug_printf(" argv[%d] = %s\n", i, string_printing(argv[i]));
1963 }
1964 }
1965
1966 return TRUE;
1967 }
1968
1969 /* End of transport.c */
Unnamed repository; edit this file 'description' to name the repository.