X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/273f34d076393a3df1b85a93f10d16f1a68f66a1..e2f5dc151e2e79058e93924e6d35510557f0535d:/src/src/exim.c diff --git a/src/src/exim.c b/src/src/exim.c index 6f80dd131..0d8f24492 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.54 2007/01/25 15:51:28 ph10 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.71 2010/06/07 00:12:42 pdp Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2007 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -681,161 +681,12 @@ else -/************************************************* -* Decode bit settings for log/debug * -*************************************************/ - -/* This function decodes a string containing bit settings in the form of +name -and/or -name sequences, and sets/unsets bits in a bit string accordingly. It -also recognizes a numeric setting of the form =, but this is not -intended for user use. It's an easy way for Exim to pass the debug settings -when it is re-exec'ed. - -The log options are held in two unsigned ints (because there became too many -for one). The top bit in the table means "put in 2nd selector". This does not -yet apply to debug options, so the "=" facility sets only the first selector. - -The "all" selector, which must be equal to 0xffffffff, is recognized specially. -It sets all the bits in both selectors. However, there is a facility for then -unsetting certain bits, because we want to turn off "memory" in the debug case. - -A bad value for a debug setting is treated as an unknown option - error message -to stderr and die. For log settings, which come from the configuration file, -we write to the log on the way out... - -Arguments: - selector1 address of the first bit string - selector2 address of the second bit string, or NULL - notall1 bits to exclude from "all" for selector1 - notall2 bits to exclude from "all" for selector2 - string the configured string - options the table of option names - count size of table - which "log" or "debug" - -Returns: nothing on success - bomb out on failure -*/ - -static void -decode_bits(unsigned int *selector1, unsigned int *selector2, int notall1, - int notall2, uschar *string, bit_table *options, int count, uschar *which) -{ -uschar *errmsg; -if (string == NULL) return; - -if (*string == '=') - { - char *end; /* Not uschar */ - *selector1 = strtoul(CS string+1, &end, 0); - if (*end == 0) return; - errmsg = string_sprintf("malformed numeric %s_selector setting: %s", which, - string); - goto ERROR_RETURN; - } - -/* Handle symbolic setting */ - -else for(;;) - { - BOOL adding; - uschar *s; - int len; - bit_table *start, *end; - - while (isspace(*string)) string++; - if (*string == 0) return; - - if (*string != '+' && *string != '-') - { - errmsg = string_sprintf("malformed %s_selector setting: " - "+ or - expected but found \"%s\"", which, string); - goto ERROR_RETURN; - } - - adding = *string++ == '+'; - s = string; - while (isalnum(*string) || *string == '_') string++; - len = string - s; - - start = options; - end = options + count; - - while (start < end) - { - bit_table *middle = start + (end - start)/2; - int c = Ustrncmp(s, middle->name, len); - if (c == 0) - { - if (middle->name[len] != 0) c = -1; else - { - unsigned int bit = middle->bit; - unsigned int *selector; - - /* The value with all bits set means "force all bits in both selectors" - in the case where two are being handled. However, the top bit in the - second selector is never set. When setting, some bits can be excluded. - */ - - if (bit == 0xffffffff) - { - if (adding) - { - *selector1 = 0xffffffff ^ notall1; - if (selector2 != NULL) *selector2 = 0x7fffffff ^ notall2; - } - else - { - *selector1 = 0; - if (selector2 != NULL) *selector2 = 0; - } - } - - /* Otherwise, the 0x80000000 bit means "this value, without the top - bit, belongs in the second selector". */ - - else - { - if ((bit & 0x80000000) != 0) - { - selector = selector2; - bit &= 0x7fffffff; - } - else selector = selector1; - if (adding) *selector |= bit; else *selector &= ~bit; - } - break; /* Out of loop to match selector name */ - } - } - if (c < 0) end = middle; else start = middle + 1; - } /* Loop to match selector name */ - - if (start >= end) - { - errmsg = string_sprintf("unknown %s_selector setting: %c%.*s", which, - adding? '+' : '-', len, s); - goto ERROR_RETURN; - } - } /* Loop for selector names */ - -/* Handle disasters */ - -ERROR_RETURN: -if (Ustrcmp(which, "debug") == 0) - { - fprintf(stderr, "exim: %s\n", errmsg); - exit(EXIT_FAILURE); - } -else log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "%s", errmsg); -} - - - /************************************************* * Show supported features * *************************************************/ -/* This function is called for -bV and for -d to output the optional features -of the current Exim binary. +/* This function is called for -bV/--version and for -d to output the optional +features of the current Exim binary. Arguments: a FILE for printing Returns: nothing @@ -905,6 +756,9 @@ fprintf(f, "Support for:"); #ifdef WITH_CONTENT_SCAN fprintf(f, " Content_Scanning"); #endif +#ifndef DISABLE_DKIM + fprintf(f, " DKIM"); +#endif #ifdef WITH_OLD_DEMIME fprintf(f, " Old_Demime"); #endif @@ -917,8 +771,8 @@ fprintf(f, "Support for:"); #ifdef EXPERIMENTAL_BRIGHTMAIL fprintf(f, " Experimental_Brightmail"); #endif -#ifdef EXPERIMENTAL_DOMAINKEYS - fprintf(f, " Experimental_DomainKeys"); +#ifdef EXPERIMENTAL_DCC + fprintf(f, " Experimental_DCC"); #endif fprintf(f, "\n"); @@ -1051,7 +905,15 @@ if (fixed_never_users[0] > 0) fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); } -fprintf(f, "Size of off_t: %d\n", sizeof(off_t)); +fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); + +/* This runtime check is to help diagnose library linkage mismatches which +result in segfaults and the like; as such, it's left until the end, +just in case. There will still be a "Configuration file is" line still to +come. */ +#ifdef SUPPORT_TLS +tls_version_report(f); +#endif } @@ -1232,6 +1094,43 @@ return yield; +/************************************************* +* Output usage information for the program * +*************************************************/ + +/* This function is called when there are no recipients + or a specific --help argument was added. + +Arguments: + progname information on what name we were called by + +Returns: DOES NOT RETURN +*/ + +static void +exim_usage(uschar *progname) +{ + +/* Handle specific program invocation varients */ +if (Ustrcmp(progname, US"-mailq") == 0) + { + fprintf(stderr, + "mailq - list the contents of the mail queue\n\n" + "For a list of options, see the Exim documentation.\n"); + exit(EXIT_FAILURE); + } + +/* Generic usage - we output this whatever happens */ +fprintf(stderr, + "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n" + "not directly from a shell command line. Options and/or arguments control\n" + "what it does when called. For a list of options, see the Exim documentation.\n"); + +exit(EXIT_FAILURE); +} + + + /************************************************* * Entry point and high-level code * *************************************************/ @@ -1291,8 +1190,10 @@ BOOL one_msg_action = FALSE; BOOL queue_only_set = FALSE; BOOL receiving_message = TRUE; BOOL sender_ident_set = FALSE; +BOOL session_local_queue_only; BOOL unprivileged; BOOL removed_privilege = FALSE; +BOOL usage_wanted = FALSE; BOOL verify_address_mode = FALSE; BOOL verify_as_sender = FALSE; BOOL version_printed = FALSE; @@ -1305,6 +1206,7 @@ uschar *ftest_domain = NULL; uschar *ftest_localpart = NULL; uschar *ftest_prefix = NULL; uschar *ftest_suffix = NULL; +uschar *malware_test_file = NULL; uschar *real_sender_address; uschar *originator_home = US"/"; void *reset_point; @@ -1332,6 +1234,12 @@ This is a feature to make the lives of binary distributors easier. */ #ifdef EXIM_USERNAME if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid)) { + if (exim_uid == 0) + { + fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n", + EXIM_USERNAME); + exit(EXIT_FAILURE); + } exim_gid = pw->pw_gid; } else @@ -1587,11 +1495,6 @@ running in an unprivileged state. */ unprivileged = (real_uid != root_uid && original_euid != root_uid); -/* If the first argument is --help, pretend there are no arguments. This will -cause a brief message to be given. */ - -if (argc > 1 && Ustrcmp(argv[1], "--help") == 0) argc = 1; - /* Scan the program's arguments. Some can be dealt with right away; others are simply recorded for checking and handling afterwards. Do a high-level switch on the second character (the one after '-'), to save some effort. */ @@ -1656,6 +1559,21 @@ for (i = 1; i < argc; i++) argrest++; } + /* deal with --option_aliases */ + else if (switchchar == '-') + { + if (Ustrcmp(argrest, "help") == 0) + { + usage_wanted = TRUE; + break; + } + else if (Ustrcmp(argrest, "version") == 0) + { + switchchar = 'b'; + argrest = US"V"; + } + } + /* High-level switch on active initial letter */ switch(switchchar) @@ -1766,6 +1684,14 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "m") == 0) receiving_message = TRUE; + /* -bmalware: test the filename given for malware */ + + else if (Ustrcmp(argrest, "malware") == 0) + { + if (++i >= argc) { badarg = TRUE; break; } + malware_test_file = argv[i]; + } + /* -bnq: For locally originating messages, do not qualify unqualified addresses. In the envelope, this causes errors; in header lines they just get left. */ @@ -1922,6 +1848,7 @@ for (i = 1; i < argc; i++) config_main_filelist = argrest; config_changed = TRUE; + trusted_config = FALSE; } break; @@ -2016,7 +1943,7 @@ for (i = 1; i < argc; i++) } if (*argrest != 0) decode_bits(&selector, NULL, D_memory, 0, argrest, debug_options, - debug_options_count, US"debug"); + debug_options_count, US"debug", 0); debug_selector = selector; } break; @@ -2165,6 +2092,9 @@ for (i = 1; i < argc; i++) if (Ustrcmp(argrest, "C") == 0) { + union sockaddr_46 interface_sock; + EXIM_SOCKLEN_T size = sizeof(interface_sock); + if (argc != i + 6) { fprintf(stderr, "exim: too many or too few arguments after -MC\n"); @@ -2194,6 +2124,19 @@ for (i = 1; i < argc; i++) return EXIT_FAILURE; } + /* Set up $sending_ip_address and $sending_port */ + + if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), + &size) == 0) + sending_ip_address = host_ntoa(-1, &interface_sock, NULL, + &sending_port); + else + { + fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", + strerror(errno)); + return EXIT_FAILURE; + } + if (running_in_test_harness) millisleep(500); break; } @@ -2267,6 +2210,7 @@ for (i = 1; i < argc; i++) -Mes edit sender -Mset load a message for use with -be -Mvb show body + -Mvc show copy (of whole message, in RFC 2822 format) -Mvh show header -Mvl show log */ @@ -2314,6 +2258,11 @@ for (i = 1; i < argc; i++) msg_action = MSG_SHOW_BODY; one_msg_action = TRUE; } + else if (Ustrcmp(argrest, "vc") == 0) + { + msg_action = MSG_SHOW_COPY; + one_msg_action = TRUE; + } else if (Ustrcmp(argrest, "vh") == 0) { msg_action = MSG_SHOW_HEADER; @@ -2903,9 +2852,11 @@ if ((deliver_selectstring != NULL || deliver_selectstring_sender != NULL) && queue_interval < 0) queue_interval = 0; -/* Arguments have been processed. Check for incompatibilities. */ - END_ARG: +/* If usage_wanted is set we call the usage function - which never returns */ +if (usage_wanted) exim_usage(called_as); + +/* Arguments have been processed. Check for incompatibilities. */ if (( (smtp_input || extract_recipients || recipients_arg < argc) && (daemon_listen || queue_interval >= 0 || bi_option || @@ -3096,7 +3047,7 @@ values (such as the path name). If running in the test harness, pretend that configuration file changes and macro definitions haven't happened. */ if (( /* EITHER */ - (config_changed || macros != NULL) && /* Config changed, and */ + (!trusted_config || macros != NULL) && /* Config changed, and */ real_uid != root_uid && /* Not root, and */ #ifndef ALT_CONFIG_ROOT_ONLY /* (when not locked out) */ real_uid != exim_uid && /* Not exim, and */ @@ -3161,8 +3112,8 @@ readconf_main(); /* Handle the decoding of logging options. */ -decode_bits(&log_write_selector, &log_extra_selector, 0, 0, log_selector_string, - log_options, log_options_count, US"log"); +decode_bits(&log_write_selector, &log_extra_selector, 0, 0, + log_selector_string, log_options, log_options_count, US"log", 0); DEBUG(D_any) { @@ -3315,7 +3266,7 @@ If ALT_CONFIG_ROOT_ONLY is defined, we don't know whether we were called by the built-in exim user or one defined in the configuration. In either event, re-enable log processing, assuming the sysadmin knows what they are doing. */ -if (removed_privilege && (config_changed || macros != NULL) && +if (removed_privilege && (!trusted_config || macros != NULL) && real_uid == exim_uid) { #ifdef ALT_CONFIG_ROOT_ONLY @@ -3327,7 +3278,7 @@ if (removed_privilege && (config_changed || macros != NULL) && else log_write(0, LOG_MAIN|LOG_PANIC, "exim user (uid=%d) is defined only at runtime; privilege lost for %s", - (int)exim_uid, config_changed? "-C" : "-D"); + (int)exim_uid, trusted_config? "-D" : "-C"); #endif } @@ -3458,7 +3409,6 @@ if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid) else { int i, j; - for (i = 0; i < group_count; i++) { if (group_list[i] == exim_gid) admin_user = TRUE; @@ -3514,12 +3464,13 @@ configuration, but the queue run restriction can be relaxed. Only an admin user may request that a message be returned to its sender forthwith. Only an admin user may specify a debug level greater than D_v (because it might show passwords, etc. in lookup queries). Only an admin user may request a queue -count. */ +count. Only an admin user can use the test interface to scan for email +(because Exim will be in the spool dir and able to look at mails). */ if (!admin_user) { BOOL debugset = (debug_selector & ~D_v) != 0; - if (deliver_give_up || daemon_listen || + if (deliver_give_up || daemon_listen || malware_test_file || (count_queue && queue_list_requires_admin) || (list_queue && queue_list_requires_admin) || (queue_interval >= 0 && prod_requires_admin) || @@ -3622,7 +3573,7 @@ if (receiving_message && (is_inetd && smtp_load_reserve >= 0) )) { - load_average = os_getloadavg(); + load_average = OS_GETLOADAVG(); } #endif @@ -3670,6 +3621,33 @@ if (!unprivileged && /* originally had root AND */ else setgid(exim_gid); +/* Handle a request to scan a file for malware */ +if (malware_test_file) + { +#ifdef WITH_CONTENT_SCAN + int result; + set_process_info("scanning file for malware"); + result = malware_in_file(malware_test_file); + if (result == FAIL) + { + printf("No malware found.\n"); + exit(EXIT_SUCCESS); + } + if (result != OK) + { + printf("Malware lookup returned non-okay/fail: %d\n", result); + exit(EXIT_FAILURE); + } + if (malware_name) + printf("Malware found: %s\n", malware_name); + else + printf("Malware scan detected malware of unknown name.\n"); +#else + printf("Malware scanning not enabled at compile time.\n"); +#endif + exit(EXIT_FAILURE); + } + /* Handle a request to list the delivery queue */ if (list_queue) @@ -3861,7 +3839,8 @@ if (list_options) if (i < argc - 1 && (Ustrcmp(argv[i], "router") == 0 || Ustrcmp(argv[i], "transport") == 0 || - Ustrcmp(argv[i], "authenticator") == 0)) + Ustrcmp(argv[i], "authenticator") == 0 || + Ustrcmp(argv[i], "macro") == 0)) { readconf_print(argv[i+1], argv[i]); i++; @@ -4402,14 +4381,9 @@ if (recipients_arg >= argc && !extract_recipients && !smtp_input) printf("Configuration file is %s\n", config_main_filename); return EXIT_SUCCESS; } + if (filter_test == FTEST_NONE) - { - fprintf(stderr, -"Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n" -"not directly from a shell command line. Options and/or arguments control\n" -"what it does when called. For a list of options, see the Exim documentation.\n"); - return EXIT_FAILURE; - } + exim_usage(called_as); } @@ -4507,11 +4481,11 @@ else sender_address); } -/* Initialize the local_queue-only flag (this will be ignored if mua_wrapper is -set) */ +/* Initialize the session_local_queue-only flag (this will be ignored if +mua_wrapper is set) */ queue_check_only(); -local_queue_only = queue_only; +session_local_queue_only = queue_only; /* For non-SMTP and for batched SMTP input, check that there is enough space on the spool if so configured. On failure, we must not attempt to send an error @@ -4870,27 +4844,36 @@ while (more) } /* Else act on the result of message reception. We should not get here unless - message_id[0] is non-zero. If queue_only is set, local_queue_only will be - TRUE. If it is not, check on the number of messages received in this - connection. If that's OK and queue_only_load is set, check that the load - average is below it. If it is not, set local_queue_only TRUE. Note that it - then remains this way for any subsequent messages on the same SMTP connection. - This is a deliberate choice; even though the load average may fall, it - doesn't seem right to deliver later messages on the same call when not - delivering earlier ones. */ - - if (!local_queue_only) + message_id[0] is non-zero. If queue_only is set, session_local_queue_only + will be TRUE. If it is not, check on the number of messages received in this + connection. */ + + if (!session_local_queue_only && + smtp_accept_queue_per_connection > 0 && + receive_messagecount > smtp_accept_queue_per_connection) { - if (smtp_accept_queue_per_connection > 0 && - receive_messagecount > smtp_accept_queue_per_connection) - { - local_queue_only = TRUE; - queue_only_reason = 2; - } - else if (queue_only_load >= 0) + session_local_queue_only = TRUE; + queue_only_reason = 2; + } + + /* Initialize local_queue_only from session_local_queue_only. If it is false, + and queue_only_load is set, check that the load average is below it. If it is + not, set local_queue_only TRUE. If queue_only_load_latch is true (the + default), we put the whole session into queue_only mode. It then remains this + way for any subsequent messages on the same SMTP connection. This is a + deliberate choice; even though the load average may fall, it doesn't seem + right to deliver later messages on the same call when not delivering earlier + ones. However, there are odd cases where this is not wanted, so this can be + changed by setting queue_only_load_latch false. */ + + local_queue_only = session_local_queue_only; + if (!local_queue_only && queue_only_load >= 0) + { + local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load; + if (local_queue_only) { - local_queue_only = (load_average = os_getloadavg()) > queue_only_load; - if (local_queue_only) queue_only_reason = 3; + queue_only_reason = 3; + if (queue_only_load_latch) session_local_queue_only = TRUE; } }