* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* Functions concerned with routing, and the list of generic router options. */
/* Build a host list if fallback hosts is set. */
- host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
+ {
+ int old_pool = store_pool;
+ store_pool = POOL_PERM;
+ host_build_hostlist(&r->fallback_hostlist, r->fallback_hosts, FALSE);
+ store_pool = old_pool;
+ }
/* Check redirect_router and pass_router are valid */
BOOL ugid_set = FALSE;
const uschar *listptr;
uschar *check;
-uschar buffer[1024];
if (!s) return OK;
DEBUG(D_route) debug_printf("checking require_files\n");
listptr = s;
-while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))))
+while ((check = string_nextinlist(&listptr, &sep, NULL, 0)))
{
int rc;
int eacces_code = 0;
otherwise. Save the old state for resetting on the wait. */
oldsignal = signal(SIGCHLD, SIG_DFL);
- pid = fork();
+ pid = exim_fork(US"require-files");
/* If fork() fails, reinstate the original error and behave as if
this block of code were not present. This is the same behaviour as happens
exim_setugid(uid, gid, TRUE,
string_sprintf("require_files check, file=%s", ss));
if (route_check_access(ss, uid, gid, 4))
- exim_underbar_exit(0, US"route-check-access");
+ exim_underbar_exit(EXIT_SUCCESS);
DEBUG(D_route) debug_printf("route_check_access() failed\n");
- exim_underbar_exit(1, US"route-check-access");
+ exim_underbar_exit(EXIT_FAILURE);
}
/* In the parent, wait for the child to finish */
*/
static BOOL
-check_router_conditions(router_instance *r, address_item *addr, int verify,
- struct passwd **pw, uschar **perror)
+check_router_conditions(router_instance * r, address_item * addr, int verify,
+ struct passwd ** pw, uschar ** perror)
{
int rc;
-uschar *check_local_part;
-unsigned int *localpart_cache;
+uschar * check_local_part;
+unsigned int * localpart_cache;
/* Reset variables to hold a home directory and data from lookup of a domain or
local part, and ensure search_find_defer is unset, in case there aren't any
required. Also, we only use the match cache for local parts that have not had
a prefix or suffix stripped. */
+check_local_part = string_copy(addr->cc_local_part);
if (!addr->prefix && !addr->suffix)
- {
localpart_cache = addr->localpart_cache;
- check_local_part = addr->cc_local_part;
- }
else
{
localpart_cache = NULL;
- check_local_part = string_copy(addr->cc_local_part);
if (addr->prefix)
check_local_part += Ustrlen(addr->prefix);
if (addr->suffix)
login of a local user. Note: the third argument to route_finduser() must be
NULL here, to prevent a numeric string being taken as a numeric uid. If the
user is found, set deliver_home to the home directory, and also set
-local_user_{uid,gid} and local_part_verified. */
+local_user_{uid,gid} and local_part_data. */
if (r->check_local_user)
{
r->name, addr->local_part);
return SKIP;
}
- deliver_localpart_verified = string_copy(US (*pw)->pw_name);
+ addr->prop.localpart_data =
+ deliver_localpart_data = string_copy(US (*pw)->pw_name);
deliver_home = string_copy(US (*pw)->pw_dir);
local_user_gid = (*pw)->pw_gid;
local_user_uid = (*pw)->pw_uid;
if (r->router_home_directory)
{
- uschar *router_home = expand_string(r->router_home_directory);
- if (!router_home)
- {
- if (!f.expand_string_forcedfail)
- {
- *perror = string_sprintf("failed to expand \"%s\" for "
- "router_home_directory: %s", r->router_home_directory,
- expand_string_message);
- return DEFER;
- }
- }
- else
+ uschar * router_home = expand_string(r->router_home_directory);
+ if (router_home)
{
setflag(addr, af_home_expanded); /* Note set from router_home_directory */
deliver_home = router_home;
}
+ else if (!f.expand_string_forcedfail)
+ {
+ *perror = string_sprintf("failed to expand \"%s\" for "
+ "router_home_directory: %s", r->router_home_directory,
+ expand_string_message);
+ return DEFER;
+ }
}
/* Skip if the sender condition is not met. We leave this one till after the
{
addr->message = string_sprintf("expansion of \"%s\" failed "
"in %s router: %s", ele, r->name, expand_string_message);
- return DEFER;
+ /* Caller will replace that for logging, if a DB lookup, to avoid exposing
+ passwords */
+ DEBUG(D_route) debug_printf("%s\n", addr->message);
+ if (!f.search_find_defer)
+ return f.search_find_defer ? DEFER : FAIL;
}
if (!(node = tree_search(*root, name)))
{ /* name should never be tainted */
- node = store_get(sizeof(tree_node) + Ustrlen(name), FALSE);
+ node = store_get(sizeof(tree_node) + Ustrlen(name), GET_UNTAINTED);
Ustrcpy(node->name, name);
(void)tree_insertnode(root, node);
}
{
int yield = OK;
BOOL unseen;
-router_instance *r, *nextr;
-const uschar *old_domain = addr->domain;
+router_instance * r, * nextr;
+const uschar * old_domain = addr->domain;
HDEBUG(D_route)
{
for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
{
- uschar *error;
- struct passwd *pw = NULL;
+ uschar * error;
+ struct passwd * pw = NULL;
struct passwd pwcopy;
BOOL loop_detected = FALSE;
BOOL more;
int plen = route_check_prefix(addr->local_part, r->prefix, &vlen);
if (plen > 0)
{
- addr->prefix = string_copyn(addr->local_part, plen);
- if (vlen) addr->prefix_v = string_copyn(addr->local_part, vlen);
+ /* If the variable-part is zero-length then the prefix was not
+ wildcarded and we can detaint-copy it since it matches the
+ (non-expandable) router option. Otherwise copy the (likely) tainted match
+ and the variable-part of the match from the local_part. */
+
+ if (vlen)
+ {
+ addr->prefix = string_copyn(addr->local_part, plen);
+ addr->prefix_v = string_copyn(addr->local_part, vlen);
+ }
+ else
+ addr->prefix = string_copyn_taint(addr->local_part, plen, GET_UNTAINTED);
addr->local_part += plen;
DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
}
if (slen > 0)
{
int lplen = Ustrlen(addr->local_part) - slen;
- addr->suffix = addr->local_part + lplen;
+ addr->suffix = vlen
+ ? addr->local_part + lplen
+ : string_copy_taint(addr->local_part + lplen, GET_UNTAINTED);
addr->suffix_v = addr->suffix + Ustrlen(addr->suffix) - vlen;
addr->local_part = string_copyn(addr->local_part, lplen);
DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
the local part sorted. */
router_name = r->name;
- deliver_localpart_verified = NULL;
+ driver_srcfile = r->srcfile;
+ driver_srcline = r->srcline;
deliver_set_expansions(addr);
/* For convenience, the pre-router checks are in a separate function, which
if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
{
- router_name = NULL;
+ driver_srcfile = router_name = NULL; driver_srcline = 0;
if (rc == SKIP) continue;
addr->message = error;
yield = rc;
router traversal. On the addr string they are held as a variable tree, so
as to maintain the post-expansion taints separate. */
- switch (set_router_vars(addr, r))
+ switch (rc = set_router_vars(addr, r))
{
case OK: break;
case PASS: continue; /* with next router */
- default: goto ROUTE_EXIT;
+ default: yield = rc; goto ROUTE_EXIT;
}
/* Finally, expand the address_data field in the router. Forced failure
{
DEBUG(D_route)
debug_printf("\"more\"=false: skipping remaining routers\n");
- router_name = NULL;
+ driver_srcfile = router_name = NULL; driver_srcline = 0;
r = NULL;
break;
}
yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
addr_new, addr_succeed);
- router_name = NULL;
+ driver_srcfile = router_name = NULL; driver_srcline = 0;
if (yield == FAIL)
{
addr->message = expand_hide_passwords(addr->message);
deliver_set_expansions(NULL);
-router_name = NULL;
+driver_srcfile = router_name = NULL; driver_srcline = 0;
f.disable_logging = FALSE;
return yield;
}
+
+
+/* For error messages, a string describing the config location associated
+with current processing. NULL if we are not in a router. */
+/* Name only, for now */
+
+uschar *
+router_current_name(void)
+{
+if (!router_name) return NULL;
+return string_sprintf(" (router %s, %s %d)", router_name, driver_srcfile, driver_srcline);
+}
+
#endif /*!MACRO_PREDEF*/
/* End of route.c */
git://git.exim.org / exim.git / blobdiff