1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2016 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* Functions for reading spool files. When compiling for a utility (eximon),
9 not all are needed, and some functionality can be cut out. */
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Open and lock data file *
19 *************************************************/
21 /* The data file is the one that is used for locking, because the header file
22 can get replaced during delivery because of header rewriting. The file has
23 to opened with write access so that we can get an exclusive lock, but in
24 fact it won't be written to. Just in case there's a major disaster (e.g.
25 overwriting some other file descriptor with the value of this one), open it
28 As called by deliver_message() (at least) we are operating as root.
30 Argument: the id of the message
31 Returns: fd if file successfully opened and locked, else -1
33 Side effect: message_subdir is set for the (possibly split) spool directory
37 spool_open_datafile(uschar *id)
44 /* If split_spool_directory is set, first look for the file in the appropriate
45 sub-directory of the input directory. If it is not found there, try the input
46 directory itself, to pick up leftovers from before the splitting. If split_
47 spool_directory is not set, first look in the main input directory. If it is
48 not found there, try the split sub-directory, in case it is left over from a
51 for (i = 0; i < 2; i++)
56 message_subdir[0] = split_spool_directory == i ? '\0' : id[5];
57 fname = spool_fname(US"input", message_subdir, id, US"-D");
58 DEBUG(D_deliver) debug_printf("Trying spool file %s\n", fname);
60 if ((fd = Uopen(fname,
64 O_RDWR | O_APPEND, 0)) >= 0)
71 log_write(0, LOG_MAIN, "Spool%s%s file %s-D not found",
72 *queue_name ? US" Q=" : US"",
73 *queue_name ? queue_name : US"",
77 log_write(0, LOG_MAIN, "Spool error for %s: %s", fname, strerror(errno));
82 /* File is open and message_subdir is set. Set the close-on-exec flag, and lock
83 the file. We lock only the first line of the file (containing the message ID)
84 because this apparently is needed for running Exim under Cygwin. If the entire
85 file is locked in one process, a sub-process cannot access it, even when passed
86 an open file descriptor (at least, I think that's the Cygwin story). On real
87 Unix systems it doesn't make any difference as long as Exim is consistent in
91 (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
94 lock_data.l_type = F_WRLCK;
95 lock_data.l_whence = SEEK_SET;
96 lock_data.l_start = 0;
97 lock_data.l_len = SPOOL_DATA_START_OFFSET;
99 if (fcntl(fd, F_SETLK, &lock_data) < 0)
101 log_write(L_skip_delivery,
103 "Spool file is locked (another process is handling this message)");
109 /* Get the size of the data; don't include the leading filename line
110 in the count, but add one for the newline before the data. */
112 if (fstat(fd, &statbuf) == 0)
114 message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET;
115 message_size = message_body_size + 1;
120 #endif /* COMPILE_UTILITY */
124 /*************************************************
125 * Read non-recipients tree from spool file *
126 *************************************************/
128 /* The tree of non-recipients is written to the spool file in a form that
129 makes it easy to read back into a tree. The format is as follows:
131 . Each node is preceded by two letter(Y/N) indicating whether it has left
132 or right children. There's one space after the two flags, before the name.
134 . The left subtree (if any) then follows, then the right subtree (if any).
136 This function is entered with the next input line in the buffer. Note we must
137 save the right flag before recursing with the same buffer.
139 Once the tree is read, we re-construct the balance fields by scanning the tree.
140 I forgot to write them out originally, and the compatible fix is to do it this
141 way. This initial local recursing function does the necessary.
146 Returns: maximum depth below the node, including the node itself
150 count_below(tree_node *node)
153 if (node == NULL) return 0;
154 nleft = count_below(node->left);
155 nright = count_below(node->right);
156 node->balance = (nleft > nright)? 1 : ((nright > nleft)? 2 : 0);
157 return 1 + ((nleft > nright)? nleft : nright);
160 /* This is the real function...
163 connect pointer to the root of the tree
164 f FILE to read data from
165 buffer contains next input line; further lines read into it
166 buffer_size size of the buffer
168 Returns: FALSE on format error
172 read_nonrecipients_tree(tree_node **connect, FILE *f, uschar *buffer,
176 int n = Ustrlen(buffer);
177 BOOL right = buffer[1] == 'Y';
179 if (n < 5) return FALSE; /* malformed line */
180 buffer[n-1] = 0; /* Remove \n */
181 node = store_get(sizeof(tree_node) + n - 3);
183 Ustrcpy(node->name, buffer + 3);
184 node->data.ptr = NULL;
186 if (buffer[0] == 'Y')
188 if (Ufgets(buffer, buffer_size, f) == NULL ||
189 !read_nonrecipients_tree(&node->left, f, buffer, buffer_size))
192 else node->left = NULL;
196 if (Ufgets(buffer, buffer_size, f) == NULL ||
197 !read_nonrecipients_tree(&node->right, f, buffer, buffer_size))
200 else node->right = NULL;
202 (void) count_below(*connect);
209 /*************************************************
210 * Read spool header file *
211 *************************************************/
213 /* This function reads a spool header file and places the data into the
214 appropriate global variables. The header portion is always read, but header
215 structures are built only if read_headers is set true. It isn't, for example,
216 while generating -bp output.
218 It may be possible for blocks of nulls (binary zeroes) to get written on the
219 end of a file if there is a system crash during writing. It was observed on an
220 earlier version of Exim that omitted to fsync() the files - this is thought to
221 have been the cause of that incident, but in any case, this code must be robust
222 against such an event, and if such a file is encountered, it must be treated as
225 As called from deliver_message() (at least) we are running as root.
228 name name of the header file, including the -H
229 read_headers TRUE if in-store header structures are to be built
230 subdir_set TRUE is message_subdir is already set
232 Returns: spool_read_OK success
233 spool_read_notopen open failed
234 spool_read_enverror error in the envelope portion
235 spool_read_hdrerror error in the header portion
239 spool_read_header(uschar *name, BOOL read_headers, BOOL subdir_set)
245 BOOL inheader = FALSE;
248 /* Reset all the global variables to their default values. However, there is
249 one exception. DO NOT change the default value of dont_deliver, because it may
250 be forced by an external setting. */
252 acl_var_c = acl_var_m = NULL;
253 authenticated_id = NULL;
254 authenticated_sender = NULL;
255 allow_unqualified_recipient = FALSE;
256 allow_unqualified_sender = FALSE;
259 deliver_firsttime = FALSE;
260 deliver_freeze = FALSE;
261 deliver_frozen_at = 0;
262 deliver_manual_thaw = FALSE;
263 /* dont_deliver must NOT be reset */
264 header_list = header_last = NULL;
265 host_lookup_deferred = FALSE;
266 host_lookup_failed = FALSE;
267 interface_address = NULL;
269 local_error_message = FALSE;
270 local_scan_data = NULL;
271 max_received_linelength = 0;
272 message_linecount = 0;
273 received_protocol = NULL;
275 recipients_list = NULL;
276 sender_address = NULL;
277 sender_fullhost = NULL;
278 sender_helo_name = NULL;
279 sender_host_address = NULL;
280 sender_host_name = NULL;
281 sender_host_port = 0;
282 sender_host_authenticated = NULL;
284 sender_local = FALSE;
285 sender_set_untrusted = FALSE;
286 smtp_active_hostname = primary_hostname;
287 #ifndef COMPILE_UTILITY
288 spool_file_wireformat = FALSE;
290 tree_nonrecipients = NULL;
292 #ifdef EXPERIMENTAL_BRIGHTMAIL
299 dkim_disable_verify = FALSE;
300 dkim_collect_input = FALSE;
304 tls_in.certificate_verified = FALSE;
305 # ifdef EXPERIMENTAL_DANE
306 tls_in.dane_verified = FALSE;
308 tls_in.cipher = NULL;
309 # ifndef COMPILE_UTILITY /* tls support fns not built in */
310 tls_free_cert(&tls_in.ourcert);
311 tls_free_cert(&tls_in.peercert);
313 tls_in.peerdn = NULL;
315 tls_in.ocsp = OCSP_NOT_REQ;
318 #ifdef WITH_CONTENT_SCAN
321 spam_score_int = NULL;
324 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
325 message_smtputf8 = FALSE;
326 message_utf8_downconvert = 0;
332 /* Generate the full name and open the file. If message_subdir is already
333 set, just look in the given directory. Otherwise, look in both the split
334 and unsplit directories, as for the data file above. */
336 for (n = 0; n < 2; n++)
339 message_subdir[0] = split_spool_directory == (n == 0) ? name[5] : 0;
341 if ((f = Ufopen(spool_fname(US"input", message_subdir, name, US""), "rb")))
343 if (n != 0 || subdir_set || errno != ENOENT)
344 return spool_read_notopen;
349 #ifndef COMPILE_UTILITY
350 DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
351 #endif /* COMPILE_UTILITY */
353 /* The first line of a spool file contains the message id followed by -H (i.e.
354 the file name), in order to make the file self-identifying. */
356 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
357 if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 ||
358 Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0)
359 goto SPOOL_FORMAT_ERROR;
361 /* The next three lines in the header file are in a fixed format. The first
362 contains the login, uid, and gid of the user who caused the file to be written.
363 There are known cases where a negative gid is used, so we allow for both
364 negative uids and gids. The second contains the mail address of the message's
365 sender, enclosed in <>. The third contains the time the message was received,
366 and the number of warning messages for delivery delays that have been sent. */
368 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
370 p = big_buffer + Ustrlen(big_buffer);
371 while (p > big_buffer && isspace(p[-1])) p--;
373 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
374 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
376 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
378 if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
379 while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
381 if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
384 originator_login = string_copy(big_buffer);
385 originator_uid = (uid_t)uid;
386 originator_gid = (gid_t)gid;
389 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
390 n = Ustrlen(big_buffer);
391 if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>')
392 goto SPOOL_FORMAT_ERROR;
394 sender_address = store_get(n-2);
395 Ustrncpy(sender_address, big_buffer+1, n-3);
396 sender_address[n-3] = 0;
399 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
400 if (sscanf(CS big_buffer, TIME_T_FMT " %d", &received_time.tv_sec, &warning_count) != 2)
401 goto SPOOL_FORMAT_ERROR;
402 received_time.tv_usec = 0;
404 message_age = time(NULL) - received_time.tv_sec;
406 #ifndef COMPILE_UTILITY
407 DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
408 originator_login, (long int)originator_uid, (long int)originator_gid,
410 #endif /* COMPILE_UTILITY */
412 /* Now there may be a number of optional lines, each starting with "-". If you
413 add a new setting here, make sure you set the default above.
415 Because there are now quite a number of different possibilities, we use a
416 switch on the first character to avoid too many failing tests. Thanks to Nico
417 Erfurth for the patch that implemented this. I have made it even more efficient
418 by not re-scanning the first two characters.
420 To allow new versions of Exim that add additional flags to interwork with older
421 versions that do not understand them, just ignore any lines starting with "-"
422 that we don't recognize. Otherwise it wouldn't be possible to back off a new
423 version that left new-style flags written on the spool. */
429 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
430 if (big_buffer[0] != '-') break;
431 while ( (len = Ustrlen(big_buffer)) == big_buffer_size-1
432 && big_buffer[len-1] != '\n'
434 { /* buffer not big enough for line; certs make this possible */
436 if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
437 buf = store_get_perm(big_buffer_size *= 2);
438 memcpy(buf, big_buffer, --len);
440 if (Ufgets(big_buffer+len, big_buffer_size-len, f) == NULL)
441 goto SPOOL_READ_ERROR;
443 big_buffer[len-1] = 0;
445 switch(big_buffer[1])
449 /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
450 variable, because Exim allows any number of them, with arbitrary names.
451 The line in the spool file is "-acl[cm] <name> <length>". The name excludes
454 if (Ustrncmp(p, "clc ", 4) == 0 ||
455 Ustrncmp(p, "clm ", 4) == 0)
457 uschar *name, *endptr;
460 endptr = Ustrchr(big_buffer + 6, ' ');
461 if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
462 name = string_sprintf("%c%.*s", big_buffer[4],
463 (int)(endptr - big_buffer - 6), big_buffer + 6);
464 if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
465 node = acl_var_create(name);
466 node->data.ptr = store_get(count + 1);
467 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
468 ((uschar*)node->data.ptr)[count] = 0;
471 else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
472 allow_unqualified_recipient = TRUE;
473 else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
474 allow_unqualified_sender = TRUE;
476 else if (Ustrncmp(p, "uth_id", 6) == 0)
477 authenticated_id = string_copy(big_buffer + 9);
478 else if (Ustrncmp(p, "uth_sender", 10) == 0)
479 authenticated_sender = string_copy(big_buffer + 13);
480 else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
481 smtp_active_hostname = string_copy(big_buffer + 17);
483 /* For long-term backward compatibility, we recognize "-acl", which was
484 used before the number of ACL variables changed from 10 to 20. This was
485 before the subsequent change to an arbitrary number of named variables.
486 This code is retained so that upgrades from very old versions can still
487 handle old-format spool files. The value given after "-acl" is a number
488 that is 0-9 for connection variables, and 10-19 for message variables. */
490 else if (Ustrncmp(p, "cl ", 3) == 0)
492 unsigned index, count;
493 uschar name[20]; /* Need plenty of space for %u format */
495 if ( sscanf(CS big_buffer + 5, "%u %u", &index, &count) != 2
497 || count > 16384 /* arbitrary limit on variable size */
499 goto SPOOL_FORMAT_ERROR;
501 (void) string_format(name, sizeof(name), "%c%u", 'c', index);
503 (void) string_format(name, sizeof(name), "%c%u", 'm', index - 10);
504 node = acl_var_create(name);
505 node->data.ptr = store_get(count + 1);
506 /* We sanity-checked the count, so disable the Coverity error */
507 /* coverity[tainted_data] */
508 if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
509 (US node->data.ptr)[count] = '\0';
514 if (Ustrncmp(p, "ody_linecount", 13) == 0)
515 body_linecount = Uatoi(big_buffer + 15);
516 else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
517 body_zerocount = Uatoi(big_buffer + 15);
518 #ifdef EXPERIMENTAL_BRIGHTMAIL
519 else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
520 bmi_verdicts = string_copy(big_buffer + 14);
525 if (Ustrcmp(p, "eliver_firsttime") == 0)
526 deliver_firsttime = TRUE;
527 /* Check if the dsn flags have been set in the header file */
528 else if (Ustrncmp(p, "sn_ret", 6) == 0)
529 dsn_ret= atoi(CS big_buffer + 8);
530 else if (Ustrncmp(p, "sn_envid", 8) == 0)
531 dsn_envid = string_copy(big_buffer + 11);
535 if (Ustrncmp(p, "rozen", 5) == 0)
537 deliver_freeze = TRUE;
538 if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1)
539 goto SPOOL_READ_ERROR;
544 if (Ustrcmp(p, "ost_lookup_deferred") == 0)
545 host_lookup_deferred = TRUE;
546 else if (Ustrcmp(p, "ost_lookup_failed") == 0)
547 host_lookup_failed = TRUE;
548 else if (Ustrncmp(p, "ost_auth", 8) == 0)
549 sender_host_authenticated = string_copy(big_buffer + 11);
550 else if (Ustrncmp(p, "ost_name", 8) == 0)
551 sender_host_name = string_copy(big_buffer + 11);
552 else if (Ustrncmp(p, "elo_name", 8) == 0)
553 sender_helo_name = string_copy(big_buffer + 11);
555 /* We now record the port number after the address, separated by a
556 dot. For compatibility during upgrading, do nothing if there
557 isn't a value (it gets left at zero). */
559 else if (Ustrncmp(p, "ost_address", 11) == 0)
561 sender_host_port = host_address_extract_port(big_buffer + 14);
562 sender_host_address = string_copy(big_buffer + 14);
567 if (Ustrncmp(p, "nterface_address", 16) == 0)
569 interface_port = host_address_extract_port(big_buffer + 19);
570 interface_address = string_copy(big_buffer + 19);
572 else if (Ustrncmp(p, "dent", 4) == 0)
573 sender_ident = string_copy(big_buffer + 7);
577 if (Ustrcmp(p, "ocal") == 0)
579 else if (Ustrcmp(big_buffer, "-localerror") == 0)
580 local_error_message = TRUE;
581 else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
582 local_scan_data = string_copy(big_buffer + 12);
586 if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
587 else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
588 max_received_linelength = Uatoi(big_buffer + 24);
592 if (*p == 0) dont_deliver = TRUE; /* -N */
596 if (Ustrncmp(p, "eceived_protocol", 16) == 0)
597 received_protocol = string_copy(big_buffer + 19);
598 else if (Ustrncmp(p, "eceived_time_usec", 17) == 0)
601 if (sscanf(CS big_buffer + 21, "%u", &usec) == 1)
602 received_time.tv_usec = usec;
607 if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
608 sender_set_untrusted = TRUE;
609 #ifdef WITH_CONTENT_SCAN
610 else if (Ustrncmp(p, "pam_bar ", 8) == 0)
611 spam_bar = string_copy(big_buffer + 10);
612 else if (Ustrncmp(p, "pam_score ", 10) == 0)
613 spam_score = string_copy(big_buffer + 12);
614 else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
615 spam_score_int = string_copy(big_buffer + 16);
617 #ifndef COMPILE_UTILITY
618 else if (Ustrncmp(p, "pool_file_wireformat", 20) == 0)
619 spool_file_wireformat = TRUE;
621 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
622 else if (Ustrncmp(p, "mtputf8", 7) == 0)
623 message_smtputf8 = TRUE;
629 if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
630 tls_in.certificate_verified = TRUE;
631 else if (Ustrncmp(p, "ls_cipher", 9) == 0)
632 tls_in.cipher = string_copy(big_buffer + 12);
633 # ifndef COMPILE_UTILITY /* tls support fns not built in */
634 else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
635 (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
636 else if (Ustrncmp(p, "ls_peercert", 11) == 0)
637 (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
639 else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
640 tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
641 else if (Ustrncmp(p, "ls_sni", 6) == 0)
642 tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
643 else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
644 tls_in.ocsp = big_buffer[10] - '0';
648 #if defined(SUPPORT_I18N) && !defined(COMPILE_UTILITY)
650 if (Ustrncmp(p, "tf8_downcvt", 11) == 0)
651 message_utf8_downconvert = 1;
652 else if (Ustrncmp(p, "tf8_optdowncvt", 15) == 0)
653 message_utf8_downconvert = -1;
657 default: /* Present because some compilers complain if all */
658 break; /* possibilities are not covered. */
662 /* Build sender_fullhost if required */
664 #ifndef COMPILE_UTILITY
665 host_build_sender_fullhost();
666 #endif /* COMPILE_UTILITY */
668 #ifndef COMPILE_UTILITY
670 debug_printf("sender_local=%d ident=%s\n", sender_local,
671 (sender_ident == NULL)? US"unset" : sender_ident);
672 #endif /* COMPILE_UTILITY */
674 /* We now have the tree of addresses NOT to deliver to, or a line
675 containing "XX", indicating no tree. */
677 if (Ustrncmp(big_buffer, "XX\n", 3) != 0 &&
678 !read_nonrecipients_tree(&tree_nonrecipients, f, big_buffer, big_buffer_size))
679 goto SPOOL_FORMAT_ERROR;
681 #ifndef COMPILE_UTILITY
684 debug_printf("Non-recipients:\n");
685 debug_print_tree(tree_nonrecipients);
687 #endif /* COMPILE_UTILITY */
689 /* After reading the tree, the next line has not yet been read into the
690 buffer. It contains the count of recipients which follow on separate lines.
691 Apply an arbitrary sanity check.*/
693 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
694 if (sscanf(CS big_buffer, "%d", &rcount) != 1 || rcount > 16384)
695 goto SPOOL_FORMAT_ERROR;
697 #ifndef COMPILE_UTILITY
698 DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
699 #endif /* COMPILE_UTILITY */
701 recipients_list_max = rcount;
702 recipients_list = store_get(rcount * sizeof(recipient_item));
704 /* We sanitised the count and know we have enough memory, so disable
705 the Coverity error on recipients_count */
706 /* coverity[tainted_data] */
708 for (recipients_count = 0; recipients_count < rcount; recipients_count++)
713 uschar *orcpt = NULL;
714 uschar *errors_to = NULL;
717 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
718 nn = Ustrlen(big_buffer);
719 if (nn < 2) goto SPOOL_FORMAT_ERROR;
721 /* Remove the newline; this terminates the address if there is no additional
724 p = big_buffer + nn - 1;
727 /* Look back from the end of the line for digits and special terminators.
728 Since an address must end with a domain, we can tell that extra data is
729 present by the presence of the terminator, which is always some character
730 that cannot exist in a domain. (If I'd thought of the need for additional
731 data early on, I'd have put it at the start, with the address at the end. As
732 it is, we have to operate backwards. Addresses are permitted to contain
735 This code has to cope with various versions of this data that have evolved
736 over time. In all cases, the line might just contain an address, with no
737 additional data. Otherwise, the possibilities are as follows:
739 Exim 3 type: <address><space><digits>,<digits>,<digits>
741 The second set of digits is the parent number for one_time addresses. The
742 other values were remnants of earlier experiments that were abandoned.
744 Exim 4 first type: <address><space><digits>
746 The digits are the parent number for one_time addresses.
748 Exim 4 new type: <address><space><data>#<type bits>
750 The type bits indicate what the contents of the data are.
752 Bit 01 indicates that, reading from right to left, the data
753 ends with <errors_to address><space><len>,<pno> where pno is
754 the parent number for one_time addresses, and len is the length
755 of the errors_to address (zero meaning none).
757 Bit 02 indicates that, again reading from right to left, the data continues
758 with orcpt len(orcpt),dsn_flags
761 while (isdigit(*p)) p--;
763 /* Handle Exim 3 spool files */
768 while (isdigit(*(--p)) || *p == ',');
772 (void)sscanf(CS p, "%d,%d", &dummy, &pno);
776 /* Handle early Exim 4 spool files */
781 (void)sscanf(CS p, "%d", &pno);
784 /* Handle current format Exim 4 spool files */
790 #if !defined (COMPILE_UTILITY)
791 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
794 (void)sscanf(CS p+1, "%d", &flags);
796 if ((flags & 0x01) != 0) /* one_time data exists */
799 while (isdigit(*(--p)) || *p == ',' || *p == '-');
800 (void)sscanf(CS p+1, "%d,%d", &len, &pno);
805 errors_to = string_copy(p);
809 *(--p) = 0; /* Terminate address */
810 if ((flags & 0x02) != 0) /* one_time data exists */
813 while (isdigit(*(--p)) || *p == ',' || *p == '-');
814 (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
819 orcpt = string_copy(p);
823 *(--p) = 0; /* Terminate address */
825 #if !defined(COMPILE_UTILITY)
827 { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
829 if ((orcpt != NULL) || (dsn_flags != 0))
831 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
832 big_buffer, orcpt, dsn_flags);
834 if (errors_to != NULL)
836 DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
837 big_buffer, errors_to);
841 recipients_list[recipients_count].address = string_copy(big_buffer);
842 recipients_list[recipients_count].pno = pno;
843 recipients_list[recipients_count].errors_to = errors_to;
844 recipients_list[recipients_count].orcpt = orcpt;
845 recipients_list[recipients_count].dsn_flags = dsn_flags;
848 /* The remainder of the spool header file contains the headers for the message,
849 separated off from the previous data by a blank line. Each header is preceded
850 by a count of its length and either a certain letter (for various identified
851 headers), space (for a miscellaneous live header) or an asterisk (for a header
852 that has been rewritten). Count the Received: headers. We read the headers
853 always, in order to check on the format of the file, but only create a header
854 list if requested to do so. */
857 if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
858 if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR;
860 while ((n = fgetc(f)) != EOF)
866 if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
867 if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
868 goto SPOOL_READ_ERROR;
869 if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
873 h = store_get(sizeof(header_line));
877 h->text = store_get(n+1);
879 if (h->type == htype_received) received_count++;
881 if (header_list == NULL) header_list = h;
882 else header_last->next = h;
885 for (i = 0; i < n; i++)
888 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
889 if (c == '\n' && h->type != htype_old) message_linecount++;
895 /* Not requiring header data, just skip through the bytes */
897 else for (i = 0; i < n; i++)
900 if (c == 0 || c == EOF) goto SPOOL_FORMAT_ERROR;
904 /* We have successfully read the data in the header file. Update the message
905 line count by adding the body linecount to the header linecount. Close the file
906 and give a positive response. */
908 #ifndef COMPILE_UTILITY
909 DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
910 body_linecount, message_linecount);
911 #endif /* COMPILE_UTILITY */
913 message_linecount += body_linecount;
916 return spool_read_OK;
919 /* There was an error reading the spool or there was missing data,
920 or there was a format error. A "read error" with no errno means an
921 unexpected EOF, which we treat as a format error. */
928 #ifndef COMPILE_UTILITY
929 DEBUG(D_any) debug_printf("Error while reading spool file %s\n", name);
930 #endif /* COMPILE_UTILITY */
934 return inheader? spool_read_hdrerror : spool_read_enverror;
939 #ifndef COMPILE_UTILITY
940 DEBUG(D_any) debug_printf("Format error in spool file %s\n", name);
941 #endif /* COMPILE_UTILITY */
944 errno = ERRNO_SPOOLFORMAT;
945 return inheader? spool_read_hdrerror : spool_read_enverror;
950 /* End of spool_in.c */