X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6c6d6e483411af2c087ff258f4041d38eb65e775..7adc9ca07a9a870f92a14d16740abfecde0bdfa4:/src/src/exim.c diff --git a/src/src/exim.c b/src/src/exim.c index d7cb5d88b..ab2d673dd 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -2,7 +2,8 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -12,6 +13,10 @@ Also a few functions that don't naturally fit elsewhere. */ #include "exim.h" +#if defined(__GLIBC__) && !defined(__UCLIBC__) +# include +#endif + #ifdef USE_GNUTLS # include # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP) @@ -19,6 +24,10 @@ Also a few functions that don't naturally fit elsewhere. */ # endif #endif +#ifndef _TIME_H +# include +#endif + extern void init_lookup_list(void); @@ -38,7 +47,9 @@ regular expression for a long time; the other for short-term use. */ static void * function_store_get(size_t size) { -return store_get((int)size); +/* For now, regard all RE results as potentially tainted. We might need +more intelligence on this point. */ +return store_get((int)size, TRUE); } static void @@ -100,7 +111,7 @@ if (use_malloc) pcre_free = function_store_free; } if (caseless) options |= PCRE_CASELESS; -yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL); +yield = pcre_compile(CCS pattern, options, CCSS &error, &offset, NULL); pcre_malloc = function_store_get; pcre_free = function_dummy_free; if (yield == NULL) @@ -136,14 +147,13 @@ regex_match_and_setup(const pcre *re, const uschar *subject, int options, int se int ovector[3*(EXPAND_MAXN+1)]; uschar * s = string_copy(subject); /* de-constifying */ int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0, - PCRE_EOPT | options, ovector, sizeof(ovector)/sizeof(int)); + PCRE_EOPT | options, ovector, nelem(ovector)); BOOL yield = n >= 0; if (n == 0) n = EXPAND_MAXN + 1; if (yield) { - int nn; - expand_nmax = (setup < 0)? 0 : setup + 1; - for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2) + expand_nmax = setup < 0 ? 0 : setup + 1; + for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2) { expand_nstring[expand_nmax] = s + ovector[nn]; expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; @@ -170,22 +180,35 @@ Returns: nothing void set_process_info(const char *format, ...) { +gstring gs = { .size = PROCESS_INFO_SIZE - 2, .ptr = 0, .s = process_info }; +gstring * g; int len; va_list ap; -sprintf(CS process_info, "%5d ", (int)getpid()); -len = Ustrlen(process_info); + +g = string_fmt_append(&gs, "%5d ", (int)getpid()); +len = g->ptr; va_start(ap, format); -if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap)) - Ustrcpy(process_info + len, "**** string overflowed buffer ****"); -len = Ustrlen(process_info); -process_info[len+0] = '\n'; -process_info[len+1] = '\0'; -process_info_len = len + 1; +if (!string_vformat(g, 0, format, ap)) + { + gs.ptr = len; + g = string_cat(&gs, US"**** string overflowed buffer ****"); + } +g = string_catn(g, US"\n", 1); +string_from_gstring(g); +process_info_len = g->ptr; DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info); va_end(ap); } +/*********************************************** +* Handler for SIGTERM * +***********************************************/ +static void +term_handler(int sig) +{ +exit(1); +} /************************************************* @@ -210,8 +233,7 @@ int fd; os_restarting_signal(sig, usr1_handler); -fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE); -if (fd < 0) +if ((fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE)) < 0) { /* If we are already running as the Exim user, try to create it in the current process (assuming spool_directory exists). Otherwise, if we are @@ -230,7 +252,7 @@ to disrupt whatever is going on outside the signal handler. */ if (fd < 0) return; -{int dummy = write(fd, process_info, process_info_len); dummy = dummy; } +(void)write(fd, process_info, process_info_len); (void)close(fd); } @@ -275,7 +297,7 @@ will wait for ever, so we panic in this instance. (There was a case of this when a bug in a function that calls milliwait() caused it to pass invalid data. That's when I added the check. :-) -We assume it to be not worth sleeping for under 100us; this value will +We assume it to be not worth sleeping for under 50us; this value will require revisiting as hardware advances. This avoids the issue of a zero-valued timer setting meaning "never fire". @@ -288,8 +310,9 @@ milliwait(struct itimerval *itval) { sigset_t sigmask; sigset_t old_sigmask; +int save_errno = errno; -if (itval->it_value.tv_usec < 100 && itval->it_value.tv_sec == 0) +if (itval->it_value.tv_usec < 50 && itval->it_value.tv_sec == 0) return; (void)sigemptyset(&sigmask); /* Empty mask */ (void)sigaddset(&sigmask, SIGALRM); /* Add SIGALRM */ @@ -301,6 +324,8 @@ if (setitimer(ITIMER_REAL, itval, NULL) < 0) /* Start timer */ (void)sigdelset(&sigmask, SIGALRM); /* Remove SIGALRM */ (void)sigsuspend(&sigmask); /* Until SIGALRM */ (void)sigprocmask(SIG_SETMASK, &old_sigmask, NULL); /* Restore mask */ +errno = save_errno; +sigalrm_seen = FALSE; } @@ -321,11 +346,9 @@ Returns: nothing void millisleep(int msec) { -struct itimerval itval; -itval.it_interval.tv_sec = 0; -itval.it_interval.tv_usec = 0; -itval.it_value.tv_sec = msec/1000; -itval.it_value.tv_usec = (msec % 1000) * 1000; +struct itimerval itval = {.it_interval = {.tv_sec = 0, .tv_usec = 0}, + .it_value = {.tv_sec = msec/1000, + .tv_usec = (msec % 1000) * 1000}}; milliwait(&itval); } @@ -343,7 +366,7 @@ Arguments: Returns: -1, 0, or +1 */ -int +static int exim_tvcmp(struct timeval *t1, struct timeval *t2) { if (t1->tv_sec > t2->tv_sec) return +1; @@ -360,10 +383,29 @@ return 0; * Clock tick wait function * *************************************************/ +#ifdef _POSIX_MONOTONIC_CLOCK +/* Amount CLOCK_MONOTONIC is behind realtime, at startup. */ +static struct timespec offset_ts; + +static void +exim_clock_init(void) +{ +struct timeval tv; +if (clock_gettime(CLOCK_MONOTONIC, &offset_ts) != 0) return; +(void)gettimeofday(&tv, NULL); +offset_ts.tv_sec = tv.tv_sec - offset_ts.tv_sec; +offset_ts.tv_nsec = tv.tv_usec * 1000 - offset_ts.tv_nsec; +if (offset_ts.tv_nsec >= 0) return; +offset_ts.tv_sec--; +offset_ts.tv_nsec += 1000*1000*1000; +} +#endif + + /* Exim uses a time + a pid to generate a unique identifier in two places: its message IDs, and in file names for maildir deliveries. Because some OS now re-use pids within the same second, sub-second times are now being used. -However, for absolute certaintly, we must ensure the clock has ticked before +However, for absolute certainty, we must ensure the clock has ticked before allowing the relevant process to complete. At the time of implementation of this code (February 2003), the speed of processors is such that the clock will invariably have ticked already by the time a process has done its job. This @@ -371,7 +413,7 @@ function prepares for the time when things are faster - and it also copes with clocks that go backwards. Arguments: - then_tv A timeval which was used to create uniqueness; its usec field + tgt_tv A timeval which was used to create uniqueness; its usec field has been rounded down to the value of the resolution. We want to be sure the current time is greater than this. resolution The resolution that was used to divide the microseconds @@ -381,26 +423,45 @@ Returns: nothing */ void -exim_wait_tick(struct timeval *then_tv, int resolution) +exim_wait_tick(struct timeval * tgt_tv, int resolution) { struct timeval now_tv; long int now_true_usec; -(void)gettimeofday(&now_tv, NULL); -now_true_usec = now_tv.tv_usec; -now_tv.tv_usec = (now_true_usec/resolution) * resolution; +#ifdef _POSIX_MONOTONIC_CLOCK +struct timespec now_ts; + +if (clock_gettime(CLOCK_MONOTONIC, &now_ts) == 0) + { + now_ts.tv_sec += offset_ts.tv_sec; + if ((now_ts.tv_nsec += offset_ts.tv_nsec) >= 1000*1000*1000) + { + now_ts.tv_sec++; + now_ts.tv_nsec -= 1000*1000*1000; + } + now_tv.tv_sec = now_ts.tv_sec; + now_true_usec = (now_ts.tv_nsec / (resolution * 1000)) * resolution; + now_tv.tv_usec = now_true_usec; + } +else +#endif + { + (void)gettimeofday(&now_tv, NULL); + now_true_usec = now_tv.tv_usec; + now_tv.tv_usec = (now_true_usec/resolution) * resolution; + } -if (exim_tvcmp(&now_tv, then_tv) <= 0) +while (exim_tvcmp(&now_tv, tgt_tv) <= 0) { struct itimerval itval; itval.it_interval.tv_sec = 0; itval.it_interval.tv_usec = 0; - itval.it_value.tv_sec = then_tv->tv_sec - now_tv.tv_sec; - itval.it_value.tv_usec = then_tv->tv_usec + resolution - now_true_usec; + itval.it_value.tv_sec = tgt_tv->tv_sec - now_tv.tv_sec; + itval.it_value.tv_usec = tgt_tv->tv_usec + resolution - now_true_usec; /* We know that, overall, "now" is less than or equal to "then". Therefore, a negative value for the microseconds is possible only in the case when "now" - is more than a second less than "then". That means that itval.it_value.tv_sec + is more than a second less than "tgt". That means that itval.it_value.tv_sec is greater than zero. The following correction is therefore safe. */ if (itval.it_value.tv_usec < 0) @@ -411,17 +472,24 @@ if (exim_tvcmp(&now_tv, then_tv) <= 0) DEBUG(D_transport|D_receive) { - if (!running_in_test_harness) + if (!f.running_in_test_harness) { debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n", - then_tv->tv_sec, (long) then_tv->tv_usec, + tgt_tv->tv_sec, (long) tgt_tv->tv_usec, now_tv.tv_sec, (long) now_tv.tv_usec); - debug_printf("waiting " TIME_T_FMT ".%06lu\n", + debug_printf("waiting " TIME_T_FMT ".%06lu sec\n", itval.it_value.tv_sec, (long) itval.it_value.tv_usec); } } milliwait(&itval); + + /* Be prapared to go around if the kernel does not implement subtick + granularity (GNU Hurd) */ + + (void)gettimeofday(&now_tv, NULL); + now_true_usec = now_tv.tv_usec; + now_tv.tv_usec = (now_true_usec/resolution) * resolution; } } @@ -458,8 +526,6 @@ return f; } - - /************************************************* * Ensure stdin, stdout, and stderr exist * *************************************************/ @@ -481,16 +547,15 @@ Returns: Nothing void exim_nullstd(void) { -int i; int devnull = -1; struct stat statbuf; -for (i = 0; i <= 2; i++) +for (int i = 0; i <= 2; i++) { if (fstat(i, &statbuf) < 0 && errno == EBADF) { if (devnull < 0) devnull = open("/dev/null", O_RDWR); if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", - string_open_failed(errno, "/dev/null")); + string_open_failed(errno, "/dev/null", NULL)); if (devnull != i) (void)dup2(devnull, i); } } @@ -541,9 +606,9 @@ close_unwanted(void) { if (smtp_input) { - #ifdef SUPPORT_TLS - tls_close(TRUE, FALSE); /* Shut down the TLS library */ - #endif +#ifndef DISABLE_TLS + tls_close(NULL, TLS_NO_SHUTDOWN); /* Shut down the TLS library */ +#endif (void)close(fileno(smtp_in)); (void)close(fileno(smtp_out)); smtp_in = NULL; @@ -554,7 +619,7 @@ else if ((debug_selector & D_resolver) == 0) (void)close(1); /* stdout */ if (debug_selector == 0) /* stderr */ { - if (!synchronous_delivery) + if (!f.synchronous_delivery) { (void)close(2); log_stderr = NULL; @@ -600,21 +665,18 @@ if (euid == root_uid || euid != uid || egid != gid || igflag) if (igflag) { struct passwd *pw = getpwuid(uid); - if (pw != NULL) - { - if (initgroups(pw->pw_name, gid) != 0) - log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s", - (long int)uid, strerror(errno)); - } - else log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): " - "no passwd entry for uid=%ld", (long int)uid); + if (!pw) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): " + "no passwd entry for uid=%ld", (long int)uid); + + if (initgroups(pw->pw_name, gid) != 0) + log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s", + (long int)uid, strerror(errno)); } if (setgid(gid) < 0 || setuid(uid) < 0) - { log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to set gid=%ld or uid=%ld " "(euid=%ld): %s", (long int)gid, (long int)uid, (long int)euid, msg); - } } /* Debugging output included uid/gid and all groups */ @@ -622,17 +684,14 @@ if (euid == root_uid || euid != uid || egid != gid || igflag) DEBUG(D_uid) { int group_count, save_errno; - gid_t group_list[NGROUPS_MAX]; + gid_t group_list[EXIM_GROUPLIST_SIZE]; debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg, (long int)geteuid(), (long int)getegid(), (long int)getpid()); - group_count = getgroups(NGROUPS_MAX, group_list); + group_count = getgroups(nelem(group_list), group_list); save_errno = errno; debug_printf(" auxiliary group list:"); if (group_count > 0) - { - int i; - for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]); - } + for (int i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]); else if (group_count < 0) debug_printf(" ", strerror(save_errno)); else debug_printf(" "); @@ -660,13 +719,68 @@ void exim_exit(int rc) { search_tidyup(); +store_exit(); DEBUG(D_any) - debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d terminating with rc=%d " - ">>>>>>>>>>>>>>>>\n", (int)getpid(), rc); + debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d (%s) terminating with rc=%d " + ">>>>>>>>>>>>>>>>\n", + (int)getpid(), process_purpose, rc); exit(rc); } +void +exim_underbar_exit(int rc) +{ +store_exit(); +DEBUG(D_any) + debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d (%s) terminating with rc=%d " + ">>>>>>>>>>>>>>>>\n", + (int)getpid(), process_purpose, rc); +_exit(rc); +} + + + +/* Print error string, then die */ +static void +exim_fail(const char * fmt, ...) +{ +va_list ap; +va_start(ap, fmt); +vfprintf(stderr, fmt, ap); +exit(EXIT_FAILURE); +} + +/* exim_chown_failure() called from exim_chown()/exim_fchown() on failure +of chown()/fchown(). See src/functions.h for more explanation */ +int +exim_chown_failure(int fd, const uschar *name, uid_t owner, gid_t group) +{ +int saved_errno = errno; /* from the preceeding chown call */ +#if 1 +log_write(0, LOG_MAIN|LOG_PANIC, + __FILE__ ":%d: chown(%s, %d:%d) failed (%s)." + " Please contact the authors and refer to https://bugs.exim.org/show_bug.cgi?id=2391", + __LINE__, name?name:US"", owner, group, strerror(errno)); +#else +/* I leave this here, commented, in case the "bug"(?) comes up again. + It is not an Exim bug, but we can provide a workaround. + See Bug 2391 + HS 2019-04-18 */ + +struct stat buf; + +if (0 == (fd < 0 ? stat(name, &buf) : fstat(fd, &buf))) +{ + if (buf.st_uid == owner && buf.st_gid == group) return 0; + log_write(0, LOG_MAIN|LOG_PANIC, "Wrong ownership on %s", name); +} +else log_write(0, LOG_MAIN|LOG_PANIC, "Stat failed on %s: %s", name, strerror(errno)); + +#endif +errno = saved_errno; +return -1; +} /************************************************* @@ -689,10 +803,7 @@ check_port(uschar *address) { int port = host_address_extract_port(address); if (string_is_ip_address(address, NULL) == 0) - { - fprintf(stderr, "exim abandoned: \"%s\" is not an IP address\n", address); - exit(EXIT_FAILURE); - } + exim_fail("exim abandoned: \"%s\" is not an IP address\n", address); return port; } @@ -721,7 +832,7 @@ int start, end, domain; uschar *parse_error = NULL; uschar *address = parse_extract_address(s, &parse_error, &start, &end, &domain, FALSE); -if (address == NULL) +if (!address) { fprintf(stdout, "syntax error: %s\n", parse_error); *exit_value = 2; @@ -741,26 +852,26 @@ else * Show supported features * *************************************************/ -/* This function is called for -bV/--version and for -d to output the optional -features of the current Exim binary. - -Arguments: a FILE for printing -Returns: nothing -*/ - static void -show_whats_supported(FILE *f) +show_db_version(FILE * f) { - auth_info *authi; - #ifdef DB_VERSION_STRING -fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING); +DEBUG(D_any) + { + fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING); + fprintf(f, " Runtime: %s\n", + db_version(NULL, NULL, NULL)); + } +else + fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING); + #elif defined(BTREEVERSION) && defined(HASHVERSION) #ifdef USE_DB fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n"); #else fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n"); #endif + #elif defined(_DBM_RDONLY) || defined(dbm_dirfno) fprintf(f, "Probably ndbm\n"); #elif defined(USE_TDB) @@ -772,249 +883,226 @@ fprintf(f, "Using tdb\n"); fprintf(f, "Probably GDBM (compatibility mode)\n"); #endif #endif +} + -fprintf(f, "Support for:"); +/* This function is called for -bV/--version and for -d to output the optional +features of the current Exim binary. + +Arguments: a FILE for printing +Returns: nothing +*/ + +static void +show_whats_supported(FILE * fp) +{ +rmark reset_point = store_mark(); +gstring * g; +DEBUG(D_any) {} else show_db_version(fp); + +g = string_cat(NULL, US"Support for:"); #ifdef SUPPORT_CRYPTEQ - fprintf(f, " crypteq"); + g = string_cat(g, US" crypteq"); #endif #if HAVE_ICONV - fprintf(f, " iconv()"); + g = string_cat(g, US" iconv()"); #endif #if HAVE_IPV6 - fprintf(f, " IPv6"); + g = string_cat(g, US" IPv6"); #endif #ifdef HAVE_SETCLASSRESOURCES - fprintf(f, " use_setclassresources"); + g = string_cat(g, US" use_setclassresources"); #endif #ifdef SUPPORT_PAM - fprintf(f, " PAM"); + g = string_cat(g, US" PAM"); #endif #ifdef EXIM_PERL - fprintf(f, " Perl"); + g = string_cat(g, US" Perl"); #endif #ifdef EXPAND_DLFUNC - fprintf(f, " Expand_dlfunc"); + g = string_cat(g, US" Expand_dlfunc"); #endif #ifdef USE_TCP_WRAPPERS - fprintf(f, " TCPwrappers"); + g = string_cat(g, US" TCPwrappers"); #endif -#ifdef SUPPORT_TLS - #ifdef USE_GNUTLS - fprintf(f, " GnuTLS"); - #else - fprintf(f, " OpenSSL"); - #endif +#ifdef USE_GNUTLS + g = string_cat(g, US" GnuTLS"); +#endif +#ifdef USE_OPENSSL + g = string_cat(g, US" OpenSSL"); #endif #ifdef SUPPORT_TRANSLATE_IP_ADDRESS - fprintf(f, " translate_ip_address"); + g = string_cat(g, US" translate_ip_address"); #endif #ifdef SUPPORT_MOVE_FROZEN_MESSAGES - fprintf(f, " move_frozen_messages"); + g = string_cat(g, US" move_frozen_messages"); #endif #ifdef WITH_CONTENT_SCAN - fprintf(f, " Content_Scanning"); + g = string_cat(g, US" Content_Scanning"); +#endif +#ifdef SUPPORT_DANE + g = string_cat(g, US" DANE"); #endif #ifndef DISABLE_DKIM - fprintf(f, " DKIM"); + g = string_cat(g, US" DKIM"); #endif -#ifdef WITH_OLD_DEMIME - fprintf(f, " Old_Demime"); +#ifdef SUPPORT_DMARC + g = string_cat(g, US" DMARC"); #endif #ifndef DISABLE_DNSSEC - fprintf(f, " DNSSEC"); + g = string_cat(g, US" DNSSEC"); #endif -#ifndef DISABLE_PRDR - fprintf(f, " PRDR"); +#ifndef DISABLE_EVENT + g = string_cat(g, US" Event"); +#endif +#ifdef SUPPORT_I18N + g = string_cat(g, US" I18N"); #endif #ifndef DISABLE_OCSP - fprintf(f, " OCSP"); + g = string_cat(g, US" OCSP"); #endif -#ifdef EXPERIMENTAL_SPF - fprintf(f, " Experimental_SPF"); +#ifndef DISABLE_PIPE_CONNECT + g = string_cat(g, US" PIPE_CONNECT"); #endif -#ifdef EXPERIMENTAL_SRS - fprintf(f, " Experimental_SRS"); +#ifndef DISABLE_PRDR + g = string_cat(g, US" PRDR"); #endif -#ifdef EXPERIMENTAL_BRIGHTMAIL - fprintf(f, " Experimental_Brightmail"); +#ifdef SUPPORT_PROXY + g = string_cat(g, US" PROXY"); #endif -#ifdef EXPERIMENTAL_DANE - fprintf(f, " Experimental_DANE"); +#ifndef DISABLE_QUEUE_RAMP + g = string_cat(g, US" Experimental_Queue_Ramp"); #endif -#ifdef EXPERIMENTAL_DCC - fprintf(f, " Experimental_DCC"); +#ifdef SUPPORT_SOCKS + g = string_cat(g, US" SOCKS"); +#endif +#ifdef SUPPORT_SPF + g = string_cat(g, US" SPF"); +#endif +#if defined(SUPPORT_SRS) + g = string_cat(g, US" SRS"); +#endif +#ifdef TCP_FASTOPEN + tcp_init(); + if (f.tcp_fastopen_ok) g = string_cat(g, US" TCP_Fast_Open"); #endif -#ifdef EXPERIMENTAL_DMARC - fprintf(f, " Experimental_DMARC"); +#ifdef EXPERIMENTAL_ARC + g = string_cat(g, US" Experimental_ARC"); +#endif +#ifdef EXPERIMENTAL_BRIGHTMAIL + g = string_cat(g, US" Experimental_Brightmail"); +#endif +#ifdef EXPERIMENTAL_DCC + g = string_cat(g, US" Experimental_DCC"); #endif -#ifdef EXPERIMENTAL_PROXY - fprintf(f, " Experimental_Proxy"); +#ifdef EXPERIMENTAL_DSN_INFO + g = string_cat(g, US" Experimental_DSN_info"); #endif -#ifdef EXPERIMENTAL_EVENT - fprintf(f, " Experimental_Event"); +#ifdef EXPERIMENTAL_LMDB + g = string_cat(g, US" Experimental_LMDB"); #endif -#ifdef EXPERIMENTAL_REDIS - fprintf(f, " Experimental_Redis"); +#ifdef EXPERIMENTAL_QUEUEFILE + g = string_cat(g, US" Experimental_QUEUEFILE"); #endif -#ifdef EXPERIMENTAL_SOCKS - fprintf(f, " Experimental_SOCKS"); +#if defined(EXPERIMENTAL_SRS_ALT) + g = string_cat(g, US" Experimental_SRS"); #endif -#ifdef EXPERIMENTAL_INTERNATIONAL - fprintf(f, " Experimental_International"); +#ifdef EXPERIMENTAL_TLS_RESUME + g = string_cat(g, US" Experimental_TLS_resume"); #endif -fprintf(f, "\n"); +g = string_cat(g, US"\n"); -fprintf(f, "Lookups (built-in):"); +g = string_cat(g, US"Lookups (built-in):"); #if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2 - fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch"); + g = string_cat(g, US" lsearch wildlsearch nwildlsearch iplsearch"); #endif #if defined(LOOKUP_CDB) && LOOKUP_CDB!=2 - fprintf(f, " cdb"); + g = string_cat(g, US" cdb"); #endif #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 - fprintf(f, " dbm dbmjz dbmnz"); + g = string_cat(g, US" dbm dbmjz dbmnz"); #endif #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 - fprintf(f, " dnsdb"); + g = string_cat(g, US" dnsdb"); #endif #if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2 - fprintf(f, " dsearch"); + g = string_cat(g, US" dsearch"); #endif #if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2 - fprintf(f, " ibase"); + g = string_cat(g, US" ibase"); +#endif +#if defined(LOOKUP_JSON) && LOOKUP_JSON!=2 + g = string_cat(g, US" json"); #endif #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2 - fprintf(f, " ldap ldapdn ldapm"); + g = string_cat(g, US" ldap ldapdn ldapm"); +#endif +#ifdef EXPERIMENTAL_LMDB + g = string_cat(g, US" lmdb"); #endif #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 - fprintf(f, " mysql"); + g = string_cat(g, US" mysql"); #endif #if defined(LOOKUP_NIS) && LOOKUP_NIS!=2 - fprintf(f, " nis nis0"); + g = string_cat(g, US" nis nis0"); #endif #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2 - fprintf(f, " nisplus"); + g = string_cat(g, US" nisplus"); #endif #if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2 - fprintf(f, " oracle"); + g = string_cat(g, US" oracle"); #endif #if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2 - fprintf(f, " passwd"); + g = string_cat(g, US" passwd"); #endif #if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2 - fprintf(f, " pgsql"); + g = string_cat(g, US" pgsql"); +#endif +#if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2 + g = string_cat(g, US" redis"); #endif #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 - fprintf(f, " sqlite"); + g = string_cat(g, US" sqlite"); #endif #if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2 - fprintf(f, " testdb"); + g = string_cat(g, US" testdb"); #endif #if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2 - fprintf(f, " whoson"); + g = string_cat(g, US" whoson"); #endif -fprintf(f, "\n"); +g = string_cat(g, US"\n"); -fprintf(f, "Authenticators:"); -#ifdef AUTH_CRAM_MD5 - fprintf(f, " cram_md5"); -#endif -#ifdef AUTH_CYRUS_SASL - fprintf(f, " cyrus_sasl"); -#endif -#ifdef AUTH_DOVECOT - fprintf(f, " dovecot"); -#endif -#ifdef AUTH_GSASL - fprintf(f, " gsasl"); -#endif -#ifdef AUTH_HEIMDAL_GSSAPI - fprintf(f, " heimdal_gssapi"); -#endif -#ifdef AUTH_PLAINTEXT - fprintf(f, " plaintext"); -#endif -#ifdef AUTH_SPA - fprintf(f, " spa"); -#endif -#ifdef AUTH_TLS - fprintf(f, " tls"); -#endif -fprintf(f, "\n"); - -fprintf(f, "Routers:"); -#ifdef ROUTER_ACCEPT - fprintf(f, " accept"); -#endif -#ifdef ROUTER_DNSLOOKUP - fprintf(f, " dnslookup"); -#endif -#ifdef ROUTER_IPLITERAL - fprintf(f, " ipliteral"); -#endif -#ifdef ROUTER_IPLOOKUP - fprintf(f, " iplookup"); -#endif -#ifdef ROUTER_MANUALROUTE - fprintf(f, " manualroute"); -#endif -#ifdef ROUTER_QUERYPROGRAM - fprintf(f, " queryprogram"); -#endif -#ifdef ROUTER_REDIRECT - fprintf(f, " redirect"); -#endif -fprintf(f, "\n"); +g = auth_show_supported(g); +g = route_show_supported(g); +g = transport_show_supported(g); -fprintf(f, "Transports:"); -#ifdef TRANSPORT_APPENDFILE - fprintf(f, " appendfile"); - #ifdef SUPPORT_MAILDIR - fprintf(f, "/maildir"); - #endif - #ifdef SUPPORT_MAILSTORE - fprintf(f, "/mailstore"); - #endif - #ifdef SUPPORT_MBX - fprintf(f, "/mbx"); - #endif -#endif -#ifdef TRANSPORT_AUTOREPLY - fprintf(f, " autoreply"); -#endif -#ifdef TRANSPORT_LMTP - fprintf(f, " lmtp"); -#endif -#ifdef TRANSPORT_PIPE - fprintf(f, " pipe"); -#endif -#ifdef TRANSPORT_SMTP - fprintf(f, " smtp"); +#ifdef WITH_CONTENT_SCAN +g = malware_show_supported(g); #endif -fprintf(f, "\n"); if (fixed_never_users[0] > 0) { int i; - fprintf(f, "Fixed never_users: "); + g = string_cat(g, US"Fixed never_users: "); for (i = 1; i <= (int)fixed_never_users[0] - 1; i++) - fprintf(f, "%d:", (unsigned int)fixed_never_users[i]); - fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); + string_fmt_append(g, "%u:", (unsigned)fixed_never_users[i]); + g = string_fmt_append(g, "%u\n", (unsigned)fixed_never_users[i]); } -fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); +g = string_fmt_append(g, "Configure owner: %d:%d\n", config_uid, config_gid); +fputs(CS string_from_gstring(g), fp); + +fprintf(fp, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); /* Everything else is details which are only worth reporting when debugging. Perhaps the tls_version_report should move into this too. */ DEBUG(D_any) do { - int i; - /* clang defines __GNUC__ (at least, for me) so test for it first */ #if defined(__clang__) - fprintf(f, "Compiler: CLang [%s]\n", __clang_version__); + fprintf(fp, "Compiler: CLang [%s]\n", __clang_version__); #elif defined(__GNUC__) - fprintf(f, "Compiler: GCC [%s]\n", + fprintf(fp, "Compiler: GCC [%s]\n", # ifdef __VERSION__ __VERSION__ # else @@ -1022,29 +1110,42 @@ DEBUG(D_any) do { # endif ); #else - fprintf(f, "Compiler: \n"); + fprintf(fp, "Compiler: \n"); +#endif + +#if defined(__GLIBC__) && !defined(__UCLIBC__) + fprintf(fp, "Library version: Glibc: Compile: %d.%d\n", + __GLIBC__, __GLIBC_MINOR__); + if (__GLIBC_PREREQ(2, 1)) + fprintf(fp, " Runtime: %s\n", + gnu_get_libc_version()); #endif -#ifdef SUPPORT_TLS - tls_version_report(f); +show_db_version(fp); + +#ifndef DISABLE_TLS + tls_version_report(fp); #endif -#ifdef EXPERIMENTAL_INTERNATIONAL - utf8_version_report(f); +#ifdef SUPPORT_I18N + utf8_version_report(fp); +#endif +#ifdef SUPPORT_SPF + spf_lib_version_report(fp); #endif - for (authi = auths_available; *authi->driver_name != '\0'; ++authi) + for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi) if (authi->version_report) - (*authi->version_report)(f); + (*authi->version_report)(fp); /* PCRE_PRERELEASE is either defined and empty or a bare sequence of characters; unless it's an ancient version of PCRE in which case it is not defined. */ #ifndef PCRE_PRERELEASE -#define PCRE_PRERELEASE +# define PCRE_PRERELEASE #endif #define QUOTE(X) #X #define EXPAND_AND_QUOTE(X) QUOTE(X) - fprintf(f, "Library version: PCRE: Compile: %d.%d%s\n" + fprintf(fp, "Library version: PCRE: Compile: %d.%d%s\n" " Runtime: %s\n", PCRE_MAJOR, PCRE_MINOR, EXPAND_AND_QUOTE(PCRE_PRERELEASE) "", @@ -1053,22 +1154,23 @@ DEBUG(D_any) do { #undef EXPAND_AND_QUOTE init_lookup_list(); - for (i = 0; i < lookup_list_count; i++) + for (int i = 0; i < lookup_list_count; i++) if (lookup_list[i]->version_report) - lookup_list[i]->version_report(f); + lookup_list[i]->version_report(fp); #ifdef WHITELIST_D_MACROS - fprintf(f, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS); + fprintf(fp, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS); #else - fprintf(f, "WHITELIST_D_MACROS unset\n"); + fprintf(fp, "WHITELIST_D_MACROS unset\n"); #endif #ifdef TRUSTED_CONFIG_LIST - fprintf(f, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST); + fprintf(fp, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST); #else - fprintf(f, "TRUSTED_CONFIG_LIST unset\n"); + fprintf(fp, "TRUSTED_CONFIG_LIST unset\n"); #endif } while (0); +store_reset(reset_point); } @@ -1079,8 +1181,6 @@ DEBUG(D_any) do { static void show_exim_information(enum commandline_info request, FILE *stream) { -const uschar **pp; - switch(request) { case CMDINFO_NONE: @@ -1092,12 +1192,12 @@ switch(request) "If the string is not recognised, you'll get this help (on stderr).\n" "\n" " exim -bI:help this information\n" -" exim -bI:dscp dscp value keywords known\n" -" exim -bI:sieve list of supported sieve extensions, one per line.\n" +" exim -bI:dscp list of known dscp value keywords\n" +" exim -bI:sieve list of supported sieve extensions\n" ); return; case CMDINFO_SIEVE: - for (pp = exim_sieve_extension_list; *pp; ++pp) + for (const uschar ** pp = exim_sieve_extension_list; *pp; ++pp) fprintf(stream, "%s\n", *pp); return; case CMDINFO_DSCP: @@ -1123,11 +1223,9 @@ uschar * local_part_quote(uschar *lpart) { BOOL needs_quote = FALSE; -int size, ptr; -uschar *yield; -uschar *t; +gstring * g; -for (t = lpart; !needs_quote && *t != 0; t++) +for (uschar * t = lpart; !needs_quote && *t != 0; t++) { needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL && (*t != '.' || t == lpart || t[1] == 0); @@ -1135,26 +1233,24 @@ for (t = lpart; !needs_quote && *t != 0; t++) if (!needs_quote) return lpart; -size = ptr = 0; -yield = string_cat(NULL, &size, &ptr, US"\"", 1); +g = string_catn(NULL, US"\"", 1); for (;;) { uschar *nq = US Ustrpbrk(lpart, "\\\""); if (nq == NULL) { - yield = string_cat(yield, &size, &ptr, lpart, Ustrlen(lpart)); + g = string_cat(g, lpart); break; } - yield = string_cat(yield, &size, &ptr, lpart, nq - lpart); - yield = string_cat(yield, &size, &ptr, US"\\", 1); - yield = string_cat(yield, &size, &ptr, nq, 1); + g = string_catn(g, lpart, nq - lpart); + g = string_catn(g, US"\\", 1); + g = string_catn(g, nq, 1); lpart = nq + 1; } -yield = string_cat(yield, &size, &ptr, US"\"", 1); -yield[ptr] = 0; -return yield; +g = string_catn(g, US"\"", 1); +return string_from_gstring(g); } @@ -1185,9 +1281,9 @@ void *dlhandle; void *dlhandle_curses = dlopen("libcurses." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_LAZY); dlhandle = dlopen("libreadline." DYNLIB_FN_EXT, RTLD_GLOBAL|RTLD_NOW); -if (dlhandle_curses != NULL) dlclose(dlhandle_curses); +if (dlhandle_curses) dlclose(dlhandle_curses); -if (dlhandle != NULL) +if (dlhandle) { /* Checked manual pages; at least in GNU Readline 6.1, the prototypes are: * char * readline (const char *prompt); @@ -1197,9 +1293,7 @@ if (dlhandle != NULL) *fn_addhist_ptr = (void(*)(const char*))dlsym(dlhandle, "add_history"); } else - { DEBUG(D_any) debug_printf("failed to load readline: %s\n", dlerror()); - } return dlhandle; } @@ -1226,24 +1320,21 @@ Returns: pointer to dynamic memory, or NULL at end of file static uschar * get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *)) { -int i; -int size = 0; -int ptr = 0; -uschar *yield = NULL; +gstring * g = NULL; -if (fn_readline == NULL) { printf("> "); fflush(stdout); } +if (!fn_readline) { printf("> "); fflush(stdout); } -for (i = 0;; i++) +for (int i = 0;; i++) { uschar buffer[1024]; uschar *p, *ss; #ifdef USE_READLINE char *readline_line = NULL; - if (fn_readline != NULL) + if (fn_readline) { - if ((readline_line = fn_readline((i > 0)? "":"> ")) == NULL) break; - if (*readline_line != 0 && fn_addhist != NULL) fn_addhist(readline_line); + if (!(readline_line = fn_readline((i > 0)? "":"> "))) break; + if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line); p = US readline_line; } else @@ -1262,26 +1353,24 @@ for (i = 0;; i++) while (ss > p && isspace(ss[-1])) ss--; if (i > 0) - { while (p < ss && isspace(*p)) p++; /* leading space after cont */ - } - yield = string_cat(yield, &size, &ptr, p, ss - p); + g = string_catn(g, p, ss - p); #ifdef USE_READLINE - if (fn_readline != NULL) free(readline_line); + if (fn_readline) free(readline_line); #endif - if (ss == p || yield[ptr-1] != '\\') - { - yield[ptr] = 0; + /* g can only be NULL if ss==p */ + if (ss == p || g->s[g->ptr-1] != '\\') break; - } - yield[--ptr] = 0; + + --g->ptr; + (void) string_from_gstring(g); } -if (yield == NULL) printf("\n"); -return yield; +if (!g) printf("\n"); +return string_from_gstring(g); } @@ -1303,22 +1392,17 @@ static void exim_usage(uschar *progname) { -/* Handle specific program invocation varients */ +/* Handle specific program invocation variants */ if (Ustrcmp(progname, US"-mailq") == 0) - { - fprintf(stderr, + exim_fail( "mailq - list the contents of the mail queue\n\n" "For a list of options, see the Exim documentation.\n"); - exit(EXIT_FAILURE); - } /* Generic usage - we output this whatever happens */ -fprintf(stderr, +exim_fail( "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n" "not directly from a shell command line. Options and/or arguments control\n" "what it does when called. For a list of options, see the Exim documentation.\n"); - -exit(EXIT_FAILURE); } @@ -1330,22 +1414,21 @@ exit(EXIT_FAILURE); /* Typically, Exim will drop privileges if macros are supplied. In some cases, we want to not do so. -Arguments: none (macros is a global) +Arguments: opt_D_used - true if the commandline had a "-D" option Returns: true if trusted, false otherwise */ static BOOL -macros_trusted(void) +macros_trusted(BOOL opt_D_used) { #ifdef WHITELIST_D_MACROS -macro_item *m; -uschar *whitelisted, *end, *p, **whites, **w; +uschar *whitelisted, *end, *p, **whites; int white_count, i, n; size_t len; BOOL prev_char_item, found; #endif -if (macros == NULL) +if (!opt_D_used) return TRUE; #ifndef WHITELIST_D_MACROS return FALSE; @@ -1367,7 +1450,7 @@ if ( ! ((real_uid == root_uid) } /* Get a list of macros which are whitelisted */ -whitelisted = string_copy_malloc(US WHITELIST_D_MACROS); +whitelisted = string_copy_perm(US WHITELIST_D_MACROS, FALSE); prev_char_item = FALSE; white_count = 0; for (p = whitelisted; *p != '\0'; ++p) @@ -1402,11 +1485,12 @@ for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p) } whites[i] = NULL; -/* The list of macros should be very short. Accept the N*M complexity. */ -for (m = macros; m != NULL; m = m->next) +/* The list of commandline macros should be very short. +Accept the N*M complexity. */ +for (macro_item * m = macros_user; m; m = m->next) if (m->command_line) { found = FALSE; - for (w = whites; *w; ++w) + for (uschar ** w = whites; *w; ++w) if (Ustrcmp(*w, m->name) == 0) { found = TRUE; @@ -1414,10 +1498,9 @@ for (m = macros; m != NULL; m = m->next) } if (!found) return FALSE; - if (m->replacement == NULL) + if (!m->replacement) continue; - len = Ustrlen(m->replacement); - if (len == 0) + if ((len = m->replen) == 0) continue; n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len, 0, PCRE_EOPT, NULL, 0); @@ -1434,6 +1517,40 @@ return TRUE; } +/************************************************* +* Expansion testing * +*************************************************/ + +/* Expand and print one item, doing macro-processing. + +Arguments: + item line for expansion +*/ + +static void +expansion_test_line(uschar * line) +{ +int len; +BOOL dummy_macexp; + +Ustrncpy(big_buffer, line, big_buffer_size); +big_buffer[big_buffer_size-1] = '\0'; +len = Ustrlen(big_buffer); + +(void) macros_expand(0, &len, &dummy_macexp); + +if (isupper(big_buffer[0])) + { + if (macro_read_assignment(big_buffer)) + printf("Defined macro '%s'\n", mlast->name); + } +else + if ((line = expand_string(big_buffer))) printf("%s\n", CS line); + else printf("Failed: %s\n", expand_string_message); +} + + + /************************************************* * Entry point and high-level code * *************************************************/ @@ -1476,6 +1593,7 @@ int recipients_arg = argc; int sender_address_domain = 0; int test_retry_arg = -1; int test_rewrite_arg = -1; +gid_t original_egid; BOOL arg_queue_only = FALSE; BOOL bi_option = FALSE; BOOL checking = FALSE; @@ -1489,9 +1607,11 @@ BOOL f_end_dot = FALSE; BOOL deliver_give_up = FALSE; BOOL list_queue = FALSE; BOOL list_options = FALSE; +BOOL list_config = FALSE; BOOL local_queue_only; BOOL more = TRUE; BOOL one_msg_action = FALSE; +BOOL opt_D_used = FALSE; BOOL queue_only_set = FALSE; BOOL receiving_message = TRUE; BOOL sender_ident_set = FALSE; @@ -1517,13 +1637,12 @@ uschar *malware_test_file = NULL; uschar *real_sender_address; uschar *originator_home = US"/"; size_t sz; -void *reset_point; struct passwd *pw; struct stat statbuf; pid_t passed_qr_pid = (pid_t)0; int passed_qr_pipe = -1; -gid_t group_list[NGROUPS_MAX]; +gid_t group_list[EXIM_GROUPLIST_SIZE]; /* For the -bI: flag */ enum commandline_info info_flag = CMDINFO_NONE; @@ -1539,6 +1658,10 @@ because some OS define it in /usr/include/unistd.h. */ extern char **environ; +#ifdef MEASURE_TIMING +(void)gettimeofday(×tamp_startup, NULL); +#endif + /* If the Exim user and/or group and/or the configuration file owner/group were defined by ref:name at build time, we must now find the actual uid/gid values. This is a feature to make the lives of binary distributors easier. */ @@ -1547,49 +1670,32 @@ This is a feature to make the lives of binary distributors easier. */ if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid)) { if (exim_uid == 0) - { - fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n", - EXIM_USERNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: refusing to run with uid 0 for \"%s\"\n", EXIM_USERNAME); + /* If ref:name uses a number as the name, route_finduser() returns TRUE with exim_uid set and pw coerced to NULL. */ if (pw) exim_gid = pw->pw_gid; #ifndef EXIM_GROUPNAME else - { - fprintf(stderr, + exim_fail( "exim: ref:name should specify a usercode, not a group.\n" "exim: can't let you get away with it unless you also specify a group.\n"); - exit(EXIT_FAILURE); - } #endif } else - { - fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", - EXIM_USERNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: failed to find uid for user name \"%s\"\n", EXIM_USERNAME); #endif #ifdef EXIM_GROUPNAME if (!route_findgroup(US EXIM_GROUPNAME, &exim_gid)) - { - fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", - EXIM_GROUPNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: failed to find gid for group name \"%s\"\n", EXIM_GROUPNAME); #endif #ifdef CONFIGURE_OWNERNAME if (!route_finduser(US CONFIGURE_OWNERNAME, NULL, &config_uid)) - { - fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", + exim_fail("exim: failed to find uid for user name \"%s\"\n", CONFIGURE_OWNERNAME); - exit(EXIT_FAILURE); - } #endif /* We default the system_filter_user to be the Exim run-time user, as a @@ -1598,15 +1704,13 @@ system_filter_uid = exim_uid; #ifdef CONFIGURE_GROUPNAME if (!route_findgroup(US CONFIGURE_GROUPNAME, &config_gid)) - { - fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", + exim_fail("exim: failed to find gid for group name \"%s\"\n", CONFIGURE_GROUPNAME); - exit(EXIT_FAILURE); - } #endif -/* In the Cygwin environment, some initialization needs doing. It is fudged -in by means of this macro. */ +/* In the Cygwin environment, some initialization used to need doing. +It was fudged in by means of this macro; now no longer but we'll leave +it in case of others. */ #ifdef OS_INIT OS_INIT @@ -1615,8 +1719,10 @@ OS_INIT /* Check a field which is patched when we are running Exim within its testing harness; do a fast initial check, and then the whole thing. */ -running_in_test_harness = +f.running_in_test_harness = *running_status == '<' && Ustrcmp(running_status, "<<>>") == 0; +if (f.running_in_test_harness) + debug_store = TRUE; /* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed at the start of a program; however, it seems that some environments do not @@ -1625,6 +1731,12 @@ make quite sure. */ setlocale(LC_ALL, "C"); +/* Get the offset between CLOCK_MONOTONIC and wallclock */ + +#ifdef _POSIX_MONOTONIC_CLOCK +exim_clock_init(); +#endif + /* Set up the default handler for timing using alarm(). */ os_non_restarting_signal(SIGALRM, sigalrm_handler); @@ -1632,12 +1744,8 @@ os_non_restarting_signal(SIGALRM, sigalrm_handler); /* Ensure we have a buffer for constructing log entries. Use malloc directly, because store_malloc writes a log entry on failure. */ -log_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); -if (log_buffer == NULL) - { - fprintf(stderr, "exim: failed to get store for log buffer\n"); - exit(EXIT_FAILURE); - } +if (!(log_buffer = US malloc(LOG_BUFFER_SIZE))) + exim_fail("exim: failed to get store for log buffer\n"); /* Initialize the default log options. */ @@ -1667,9 +1775,14 @@ big_buffer = store_malloc(big_buffer_size); /* Set up the handler for the data request signal, and set the initial descriptive text. */ +process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */ set_process_info("initializing"); os_restarting_signal(SIGUSR1, usr1_handler); +/* If running in a dockerized environment, the TERM signal is only +delegated to the PID 1 if we request it by setting an signal handler */ +if (getpid() == 1) signal(SIGTERM, term_handler); + /* SIGHUP is used to get the daemon to reconfigure. It gets set as appropriate in the daemon code. For the rest of Exim's uses, we ignore it. */ @@ -1753,6 +1866,7 @@ regex_whitelisted_macro = regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); #endif +for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; this seems to be a generally accepted convention, since one finds symbolic @@ -1775,7 +1889,7 @@ message has been sent). */ if ((namelen == 5 && Ustrcmp(argv[0], "rmail") == 0) || (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rmail", 6) == 0)) { - dot_ends = FALSE; + f.dot_ends = FALSE; called_as = US"-rmail"; errors_sender_rc = EXIT_SUCCESS; } @@ -1816,6 +1930,7 @@ if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) || normally be root, but in some esoteric environments it may not be. */ original_euid = geteuid(); +original_egid = getegid(); /* Get the real uid and gid. If the caller is root, force the effective uid/gid to be the same as the real ones. This makes a difference only if Exim is setuid @@ -1827,20 +1942,12 @@ real_gid = getgid(); if (real_uid == root_uid) { - rv = setgid(real_gid); - if (rv) - { - fprintf(stderr, "exim: setgid(%ld) failed: %s\n", + if ((rv = setgid(real_gid))) + exim_fail("exim: setgid(%ld) failed: %s\n", (long int)real_gid, strerror(errno)); - exit(EXIT_FAILURE); - } - rv = setuid(real_uid); - if (rv) - { - fprintf(stderr, "exim: setuid(%ld) failed: %s\n", + if ((rv = setuid(real_uid))) + exim_fail("exim: setuid(%ld) failed: %s\n", (long int)real_uid, strerror(errno)); - exit(EXIT_FAILURE); - } } /* If neither the original real uid nor the original euid was root, Exim is @@ -1848,15 +1955,20 @@ running in an unprivileged state. */ unprivileged = (real_uid != root_uid && original_euid != root_uid); +/* For most of the args-parsing we need to use permanent pool memory */ + { + int old_pool = store_pool; + store_pool = POOL_PERM; + /* Scan the program's arguments. Some can be dealt with right away; others are simply recorded for checking and handling afterwards. Do a high-level switch on the second character (the one after '-'), to save some effort. */ -for (i = 1; i < argc; i++) + for (i = 1; i < argc; i++) { BOOL badarg = FALSE; - uschar *arg = argv[i]; - uschar *argrest; + uschar * arg = argv[i]; + uschar * argrest; int switchchar; /* An argument not starting with '-' is the start of a recipients list; @@ -1868,7 +1980,7 @@ for (i = 1; i < argc; i++) break; } - /* An option consistion of -- terminates the options */ + /* An option consisting of -- terminates the options */ if (Ustrcmp(arg, "--") == 0) { @@ -1897,7 +2009,7 @@ for (i = 1; i < argc; i++) { switchchar = arg[3]; argrest += 2; - queue_2stage = TRUE; + f.queue_2stage = TRUE; } /* Make -r synonymous with -f, since it is a documented alias */ @@ -1935,7 +2047,7 @@ for (i = 1; i < argc; i++) /* sendmail uses -Ac and -Am to control which .cf file is used; we ignore them. */ case 'A': - if (*argrest == '\0') { badarg = TRUE; break; } + if (!*argrest) { badarg = TRUE; break; } else { BOOL ignore = FALSE; @@ -1947,7 +2059,7 @@ for (i = 1; i < argc; i++) ignore = TRUE; break; } - if (!ignore) { badarg = TRUE; break; } + if (!ignore) badarg = TRUE; } break; @@ -1955,312 +2067,314 @@ for (i = 1; i < argc; i++) so has no need of it. */ case 'B': - if (*argrest == 0) i++; /* Skip over the type */ + if (!*argrest) i++; /* Skip over the type */ break; case 'b': - receiving_message = FALSE; /* Reset TRUE for -bm, -bS, -bs below */ - - /* -bd: Run in daemon mode, awaiting SMTP connections. - -bdf: Ditto, but in the foreground. - */ - - if (*argrest == 'd') - { - daemon_listen = TRUE; - if (*(++argrest) == 'f') background_daemon = FALSE; - else if (*argrest != 0) { badarg = TRUE; break; } - } - - /* -be: Run in expansion test mode - -bem: Ditto, but read a message from a file first - */ - - else if (*argrest == 'e') - { - expansion_test = checking = TRUE; - if (argrest[1] == 'm') - { - if (++i >= argc) { badarg = TRUE; break; } - expansion_test_message = argv[i]; - argrest++; - } - if (argrest[1] != 0) { badarg = TRUE; break; } - } - - /* -bF: Run system filter test */ - - else if (*argrest == 'F') { - filter_test |= FTEST_SYSTEM; - if (*(++argrest) != 0) { badarg = TRUE; break; } - if (++i < argc) filter_test_sfile = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } - } - - /* -bf: Run user filter test - -bfd: Set domain for filter testing - -bfl: Set local part for filter testing - -bfp: Set prefix for filter testing - -bfs: Set suffix for filter testing - */ - - else if (*argrest == 'f') - { - if (*(++argrest) == 0) - { - filter_test |= FTEST_USER; - if (++i < argc) filter_test_ufile = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } - } - else - { - if (++i >= argc) - { - fprintf(stderr, "exim: string expected after %s\n", arg); - exit(EXIT_FAILURE); - } - if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i]; - else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i]; - else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i]; - else if (Ustrcmp(argrest, "s") == 0) ftest_suffix = argv[i]; - else { badarg = TRUE; break; } - } - } - - /* -bh: Host checking - an IP address must follow. */ - - else if (Ustrcmp(argrest, "h") == 0 || Ustrcmp(argrest, "hc") == 0) - { - if (++i >= argc) { badarg = TRUE; break; } - sender_host_address = argv[i]; - host_checking = checking = log_testing_mode = TRUE; - host_checking_callout = argrest[1] == 'c'; - } + receiving_message = FALSE; /* Reset TRUE for -bm, -bS, -bs below */ - /* -bi: This option is used by sendmail to initialize *the* alias file, - though it has the -oA option to specify a different file. Exim has no - concept of *the* alias file, but since Sun's YP make script calls - sendmail this way, some support must be provided. */ - - else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE; - - /* -bI: provide information, of the type to follow after a colon. - This is an Exim flag. */ - - else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':') - { - uschar *p = &argrest[2]; - info_flag = CMDINFO_HELP; - if (Ustrlen(p)) - { - if (strcmpic(p, CUS"sieve") == 0) - { - info_flag = CMDINFO_SIEVE; - info_stdout = TRUE; - } - else if (strcmpic(p, CUS"dscp") == 0) - { - info_flag = CMDINFO_DSCP; - info_stdout = TRUE; - } - else if (strcmpic(p, CUS"help") == 0) - { - info_stdout = TRUE; - } - } - } - - /* -bm: Accept and deliver message - the default option. Reinstate - receiving_message, which got turned off for all -b options. */ - - else if (Ustrcmp(argrest, "m") == 0) receiving_message = TRUE; - - /* -bmalware: test the filename given for malware */ - - else if (Ustrcmp(argrest, "malware") == 0) - { - if (++i >= argc) { badarg = TRUE; break; } - malware_test_file = argv[i]; - } - - /* -bnq: For locally originating messages, do not qualify unqualified - addresses. In the envelope, this causes errors; in header lines they - just get left. */ - - else if (Ustrcmp(argrest, "nq") == 0) - { - allow_unqualified_sender = FALSE; - allow_unqualified_recipient = FALSE; - } - - /* -bpxx: List the contents of the mail queue, in various forms. If - the option is -bpc, just a queue count is needed. Otherwise, if the - first letter after p is r, then order is random. */ - - else if (*argrest == 'p') - { - if (*(++argrest) == 'c') - { - count_queue = TRUE; - if (*(++argrest) != 0) badarg = TRUE; - break; - } - - if (*argrest == 'r') - { - list_queue_option = 8; - argrest++; - } - else list_queue_option = 0; - - list_queue = TRUE; - - /* -bp: List the contents of the mail queue, top-level only */ - - if (*argrest == 0) {} - - /* -bpu: List the contents of the mail queue, top-level undelivered */ - - else if (Ustrcmp(argrest, "u") == 0) list_queue_option += 1; - - /* -bpa: List the contents of the mail queue, including all delivered */ - - else if (Ustrcmp(argrest, "a") == 0) list_queue_option += 2; - - /* Unknown after -bp[r] */ - - else - { - badarg = TRUE; - break; - } - } - - - /* -bP: List the configuration variables given as the address list. - Force -v, so configuration errors get displayed. */ - - else if (Ustrcmp(argrest, "P") == 0) - { - list_options = TRUE; - debug_selector |= D_v; - debug_file = stderr; - } - - /* -brt: Test retry configuration lookup */ - - else if (Ustrcmp(argrest, "rt") == 0) - { - test_retry_arg = i + 1; - goto END_ARG; - } - - /* -brw: Test rewrite configuration */ + switch (*argrest++) + { + /* -bd: Run in daemon mode, awaiting SMTP connections. + -bdf: Ditto, but in the foreground. + */ + case 'd': + f.daemon_listen = TRUE; + if (*argrest == 'f') f.background_daemon = FALSE; + else if (*argrest) badarg = TRUE; + break; + + /* -be: Run in expansion test mode + -bem: Ditto, but read a message from a file first + */ + case 'e': + expansion_test = checking = TRUE; + if (*argrest == 'm') + { + if (++i >= argc) { badarg = TRUE; break; } + expansion_test_message = argv[i]; + argrest++; + } + if (*argrest) badarg = TRUE; + break; + + /* -bF: Run system filter test */ + case 'F': + filter_test |= checking = FTEST_SYSTEM; + if (*argrest) badarg = TRUE; + else if (++i < argc) filter_test_sfile = argv[i]; + else exim_fail("exim: file name expected after %s\n", argv[i-1]); + break; + + /* -bf: Run user filter test + -bfd: Set domain for filter testing + -bfl: Set local part for filter testing + -bfp: Set prefix for filter testing + -bfs: Set suffix for filter testing + */ + case 'f': + if (!*argrest) + { + filter_test |= checking = FTEST_USER; + if (++i < argc) filter_test_ufile = argv[i]; + else exim_fail("exim: file name expected after %s\n", argv[i-1]); + } + else + { + if (++i >= argc) + exim_fail("exim: string expected after %s\n", arg); + if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i]; + else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i]; + else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i]; + else if (Ustrcmp(argrest, "s") == 0) ftest_suffix = argv[i]; + else badarg = TRUE; + } + break; + + /* -bh: Host checking - an IP address must follow. */ + case 'h': + if (!*argrest || Ustrcmp(argrest, "c") == 0) + { + if (++i >= argc) { badarg = TRUE; break; } + sender_host_address = string_copy_taint(argv[i], TRUE); + host_checking = checking = f.log_testing_mode = TRUE; + f.host_checking_callout = *argrest == 'c'; + message_logs = FALSE; + } + else badarg = TRUE; + break; + + /* -bi: This option is used by sendmail to initialize *the* alias file, + though it has the -oA option to specify a different file. Exim has no + concept of *the* alias file, but since Sun's YP make script calls + sendmail this way, some support must be provided. */ + case 'i': + if (!*++argrest) bi_option = TRUE; + else badarg = TRUE; + break; + + /* -bI: provide information, of the type to follow after a colon. + This is an Exim flag. */ + case 'I': + if (Ustrlen(argrest) >= 1 && *argrest == ':') + { + uschar *p = argrest+1; + info_flag = CMDINFO_HELP; + if (Ustrlen(p)) + if (strcmpic(p, CUS"sieve") == 0) + { + info_flag = CMDINFO_SIEVE; + info_stdout = TRUE; + } + else if (strcmpic(p, CUS"dscp") == 0) + { + info_flag = CMDINFO_DSCP; + info_stdout = TRUE; + } + else if (strcmpic(p, CUS"help") == 0) + info_stdout = TRUE; + } + else badarg = TRUE; + break; + + /* -bm: Accept and deliver message - the default option. Reinstate + receiving_message, which got turned off for all -b options. + -bmalware: test the filename given for malware */ + case 'm': + if (!*argrest) receiving_message = TRUE; + else if (Ustrcmp(argrest, "alware") == 0) + { + if (++i >= argc) { badarg = TRUE; break; } + checking = TRUE; + malware_test_file = argv[i]; + } + else badarg = TRUE; + break; + + /* -bnq: For locally originating messages, do not qualify unqualified + addresses. In the envelope, this causes errors; in header lines they + just get left. */ + case 'n': + if (Ustrcmp(argrest, "q") == 0) + { + f.allow_unqualified_sender = FALSE; + f.allow_unqualified_recipient = FALSE; + } + else badarg = TRUE; + break; + + /* -bpxx: List the contents of the mail queue, in various forms. If + the option is -bpc, just a queue count is needed. Otherwise, if the + first letter after p is r, then order is random. */ + case 'p': + if (*argrest == 'c') + { + count_queue = TRUE; + if (*++argrest) badarg = TRUE; + break; + } - else if (Ustrcmp(argrest, "rw") == 0) - { - test_rewrite_arg = i + 1; - goto END_ARG; - } + if (*argrest == 'r') + { + list_queue_option = 8; + argrest++; + } + else list_queue_option = 0; - /* -bS: Read SMTP commands on standard input, but produce no replies - - all errors are reported by sending messages. */ + list_queue = TRUE; - else if (Ustrcmp(argrest, "S") == 0) - smtp_input = smtp_batched_input = receiving_message = TRUE; + /* -bp: List the contents of the mail queue, top-level only */ - /* -bs: Read SMTP commands on standard input and produce SMTP replies - on standard output. */ + if (!*argrest) {} - else if (Ustrcmp(argrest, "s") == 0) smtp_input = receiving_message = TRUE; + /* -bpu: List the contents of the mail queue, top-level undelivered */ - /* -bt: address testing mode */ + else if (Ustrcmp(argrest, "u") == 0) list_queue_option += 1; - else if (Ustrcmp(argrest, "t") == 0) - address_test_mode = checking = log_testing_mode = TRUE; + /* -bpa: List the contents of the mail queue, including all delivered */ - /* -bv: verify addresses */ + else if (Ustrcmp(argrest, "a") == 0) list_queue_option += 2; - else if (Ustrcmp(argrest, "v") == 0) - verify_address_mode = checking = log_testing_mode = TRUE; + /* Unknown after -bp[r] */ - /* -bvs: verify sender addresses */ + else badarg = TRUE; + break; - else if (Ustrcmp(argrest, "vs") == 0) - { - verify_address_mode = checking = log_testing_mode = TRUE; - verify_as_sender = TRUE; - } - /* -bV: Print version string and support details */ + /* -bP: List the configuration variables given as the address list. + Force -v, so configuration errors get displayed. */ + case 'P': - else if (Ustrcmp(argrest, "V") == 0) - { - printf("Exim version %s #%s built %s\n", version_string, - version_cnumber, version_date); - printf("%s\n", CS version_copyright); - version_printed = TRUE; - show_whats_supported(stdout); - } + /* -bP config: we need to setup here, because later, + * when list_options is checked, the config is read already */ + if (*argrest) + badarg = TRUE; + else if (argv[i+1] && Ustrcmp(argv[i+1], "config") == 0) + { + list_config = TRUE; + readconf_save_config(version_string); + } + else + { + list_options = TRUE; + debug_selector |= D_v; + debug_file = stderr; + } + break; + + /* -brt: Test retry configuration lookup */ + case 'r': + if (Ustrcmp(argrest, "t") == 0) + { + checking = TRUE; + test_retry_arg = i + 1; + goto END_ARG; + } - /* -bw: inetd wait mode, accept a listening socket as stdin */ + /* -brw: Test rewrite configuration */ - else if (*argrest == 'w') - { - inetd_wait_mode = TRUE; - background_daemon = FALSE; - daemon_listen = TRUE; - if (*(++argrest) != '\0') - { - inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE); - if (inetd_wait_timeout <= 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } - } + else if (Ustrcmp(argrest, "w") == 0) + { + checking = TRUE; + test_rewrite_arg = i + 1; + goto END_ARG; + } + else badarg = TRUE; + break; + + /* -bS: Read SMTP commands on standard input, but produce no replies - + all errors are reported by sending messages. */ + case 'S': + if (!*argrest) + smtp_input = smtp_batched_input = receiving_message = TRUE; + else badarg = TRUE; + break; + + /* -bs: Read SMTP commands on standard input and produce SMTP replies + on standard output. */ + case 's': + if (!*argrest) smtp_input = receiving_message = TRUE; + else badarg = TRUE; + break; + + /* -bt: address testing mode */ + case 't': + if (!*argrest) + f.address_test_mode = checking = f.log_testing_mode = TRUE; + else badarg = TRUE; + break; + + /* -bv: verify addresses */ + case 'v': + if (!*argrest) + verify_address_mode = checking = f.log_testing_mode = TRUE; + + /* -bvs: verify sender addresses */ + + else if (Ustrcmp(argrest, "s") == 0) + { + verify_address_mode = checking = f.log_testing_mode = TRUE; + verify_as_sender = TRUE; + } + else badarg = TRUE; + break; + + /* -bV: Print version string and support details */ + case 'V': + if (!*argrest) + { + printf("Exim version %s #%s built %s\n", version_string, + version_cnumber, version_date); + printf("%s\n", CS version_copyright); + version_printed = TRUE; + show_whats_supported(stdout); + f.log_testing_mode = TRUE; + } + else badarg = TRUE; + break; + + /* -bw: inetd wait mode, accept a listening socket as stdin */ + case 'w': + f.inetd_wait_mode = TRUE; + f.background_daemon = FALSE; + f.daemon_listen = TRUE; + if (*argrest) + if ((inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE)) <= 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); + break; + + default: + badarg = TRUE; + break; + } + break; } - else badarg = TRUE; - break; - /* -C: change configuration file list; ignore if it isn't really a change! Enforce a prefix check if required. */ case 'C': - if (*argrest == 0) - { - if(++i < argc) argrest = argv[i]; else - { badarg = TRUE; break; } - } + if (!*argrest) + if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; } if (Ustrcmp(config_main_filelist, argrest) != 0) { #ifdef ALT_CONFIG_PREFIX int sep = 0; int len = Ustrlen(ALT_CONFIG_PREFIX); - uschar *list = argrest; + const uschar *list = argrest; uschar *filename; while((filename = string_nextinlist(&list, &sep, big_buffer, - big_buffer_size)) != NULL) - { - if ((Ustrlen(filename) < len || - Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 || - Ustrstr(filename, "/../") != NULL) && - (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid)) - { - fprintf(stderr, "-C Permission denied\n"); - exit(EXIT_FAILURE); - } - } + big_buffer_size))) + if ( ( Ustrlen(filename) < len + || Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 + || Ustrstr(filename, "/../") != NULL + ) + && (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid) + ) + exim_fail("-C Permission denied\n"); #endif if (real_uid != root_uid) { @@ -2271,7 +2385,7 @@ for (i = 1; i < argc; i++) && real_uid != config_uid #endif ) - trusted_config = FALSE; + f.trusted_config = FALSE; else { FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb"); @@ -2293,17 +2407,20 @@ for (i = 1; i < argc; i++) ) || /* or */ (statbuf.st_mode & 2) != 0) /* world writeable */ { - trusted_config = FALSE; + f.trusted_config = FALSE; fclose(trust_list); } else { /* Well, the trust list at least is up to scratch... */ - void *reset_point = store_get(0); + rmark reset_point; uschar *trusted_configs[32]; int nr_configs = 0; int i = 0; + int old_pool = store_pool; + store_pool = POOL_MAIN; + reset_point = store_mark(); while (Ufgets(big_buffer, big_buffer_size, trust_list)) { uschar *start = big_buffer, *nl; @@ -2315,7 +2432,7 @@ for (i = 1; i < argc; i++) if (nl) *nl = 0; trusted_configs[nr_configs++] = string_copy(start); - if (nr_configs == 32) + if (nr_configs == nelem(trusted_configs)) break; } fclose(trust_list); @@ -2325,43 +2442,36 @@ for (i = 1; i < argc; i++) int sep = 0; const uschar *list = argrest; uschar *filename; - while (trusted_config && (filename = string_nextinlist(&list, - &sep, big_buffer, big_buffer_size)) != NULL) + while (f.trusted_config && (filename = string_nextinlist(&list, + &sep, big_buffer, big_buffer_size))) { for (i=0; i < nr_configs; i++) - { if (Ustrcmp(filename, trusted_configs[i]) == 0) break; - } if (i == nr_configs) { - trusted_config = FALSE; + f.trusted_config = FALSE; break; } } - store_reset(reset_point); - } - else - { - /* No valid prefixes found in trust_list file. */ - trusted_config = FALSE; } + else /* No valid prefixes found in trust_list file. */ + f.trusted_config = FALSE; + store_reset(reset_point); + store_pool = old_pool; } } - else - { - /* Could not open trust_list file. */ - trusted_config = FALSE; - } + else /* Could not open trust_list file. */ + f.trusted_config = FALSE; } #else /* Not root; don't trust config */ - trusted_config = FALSE; + f.trusted_config = FALSE; #endif } config_main_filelist = argrest; - config_changed = TRUE; + f.config_changed = TRUE; } break; @@ -2369,25 +2479,21 @@ for (i = 1; i < argc; i++) /* -D: set up a macro definition */ case 'D': - #ifdef DISABLE_D_OPTION - fprintf(stderr, "exim: -D is not available in this Exim binary\n"); - exit(EXIT_FAILURE); - #else +#ifdef DISABLE_D_OPTION + exim_fail("exim: -D is not available in this Exim binary\n"); +#else { int ptr = 0; - macro_item *mlast = NULL; macro_item *m; uschar name[24]; uschar *s = argrest; + opt_D_used = TRUE; while (isspace(*s)) s++; if (*s < 'A' || *s > 'Z') - { - fprintf(stderr, "exim: macro name set by -D must start with " + exim_fail("exim: macro name set by -D must start with " "an upper case letter\n"); - exit(EXIT_FAILURE); - } while (isalnum(*s) || *s == '_') { @@ -2403,30 +2509,16 @@ for (i = 1; i < argc; i++) while (isspace(*s)) s++; } - for (m = macros; m != NULL; m = m->next) - { + for (m = macros_user; m; m = m->next) if (Ustrcmp(m->name, name) == 0) - { - fprintf(stderr, "exim: duplicated -D in command line\n"); - exit(EXIT_FAILURE); - } - mlast = m; - } + exim_fail("exim: duplicated -D in command line\n"); - m = store_get(sizeof(macro_item) + Ustrlen(name)); - m->next = NULL; - m->command_line = TRUE; - if (mlast == NULL) macros = m; else mlast->next = m; - Ustrcpy(m->name, name); - m->replacement = string_copy(s); + m = macro_create(name, s, TRUE); if (clmacro_count >= MAX_CLMACROS) - { - fprintf(stderr, "exim: too many -D options on command line\n"); - exit(EXIT_FAILURE); - } - clmacros[clmacro_count++] = string_sprintf("-D%s=%s", m->name, - m->replacement); + exim_fail("exim: too many -D options on command line\n"); + clmacros[clmacro_count++] = + string_sprintf("-D%s=%s", m->name, m->replacement); } #endif break; @@ -2451,10 +2543,10 @@ for (i = 1; i < argc; i++) debug_file = NULL; if (*argrest == 'd') { - debug_daemon = TRUE; + f.debug_daemon = TRUE; argrest++; } - if (*argrest != 0) + if (*argrest) decode_bits(&selector, 1, debug_notall, argrest, debug_options, debug_options_count, US"debug", 0); debug_selector = selector; @@ -2470,7 +2562,7 @@ for (i = 1; i < argc; i++) message_reference at it, for logging. */ case 'E': - local_error_message = TRUE; + f.local_error_message = TRUE; if (mac_ismsgid(argrest)) message_reference = argrest; break; @@ -2501,13 +2593,10 @@ for (i = 1; i < argc; i++) the -F or be in the next argument. */ case 'F': - if (*argrest == 0) - { - if(++i < argc) argrest = argv[i]; else - { badarg = TRUE; break; } - } - originator_name = argrest; - sender_name_forced = TRUE; + if (!*argrest) + if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; } + originator_name = string_copy_taint(argrest, TRUE); + f.sender_name_forced = TRUE; break; @@ -2530,38 +2619,33 @@ for (i = 1; i < argc; i++) { int dummy_start, dummy_end; uschar *errmess; - if (*argrest == 0) - { - if (i+1 < argc) argrest = argv[++i]; else - { badarg = TRUE; break; } - } - if (*argrest == 0) - sender_address = string_sprintf(""); /* Ensure writeable memory */ + if (!*argrest) + if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; } + if (!*argrest) + *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */ else { - uschar *temp = argrest + Ustrlen(argrest) - 1; + uschar * temp = argrest + Ustrlen(argrest) - 1; while (temp >= argrest && isspace(*temp)) temp--; if (temp >= argrest && *temp == '.') f_end_dot = TRUE; allow_domain_literals = TRUE; strip_trailing_dot = TRUE; -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N allow_utf8_domains = TRUE; #endif - sender_address = parse_extract_address(argrest, &errmess, - &dummy_start, &dummy_end, &sender_address_domain, TRUE); -#ifdef EXPERIMENTAL_INTERNATIONAL + if (!(sender_address = parse_extract_address(argrest, &errmess, + &dummy_start, &dummy_end, &sender_address_domain, TRUE))) + exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess); + + sender_address = string_copy_taint(sender_address, TRUE); +#ifdef SUPPORT_I18N message_smtputf8 = string_is_utf8(sender_address); allow_utf8_domains = FALSE; #endif allow_domain_literals = FALSE; strip_trailing_dot = FALSE; - if (sender_address == NULL) - { - fprintf(stderr, "exim: bad -f address \"%s\": %s\n", argrest, errmess); - return EXIT_FAILURE; - } } - sender_address_forced = TRUE; + f.sender_address_forced = TRUE; } break; @@ -2579,11 +2663,8 @@ for (i = 1; i < argc; i++) To put it in will require a change to the spool header file format. */ case 'h': - if (*argrest == 0) - { - if(++i < argc) argrest = argv[i]; else - { badarg = TRUE; break; } - } + if (!*argrest) + if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; } if (!isdigit(*argrest)) badarg = TRUE; break; @@ -2592,7 +2673,7 @@ for (i = 1; i < argc; i++) not to be documented for sendmail but mailx (at least) uses it) */ case 'i': - if (*argrest == 0) dot_ends = FALSE; else badarg = TRUE; + if (!*argrest) f.dot_ends = FALSE; else badarg = TRUE; break; @@ -2600,23 +2681,13 @@ for (i = 1; i < argc; i++) syslog_processname in the config file, but needs to be an admin option. */ case 'L': - if (*argrest == '\0') - { - if(++i < argc) argrest = argv[i]; else - { badarg = TRUE; break; } - } - sz = Ustrlen(argrest); - if (sz > 32) - { - fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest); - return EXIT_FAILURE; - } + if (!*argrest) + if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; } + if ((sz = Ustrlen(argrest)) > 32) + exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest); if (sz < 1) - { - fprintf(stderr, "exim: the -L syslog name is too short\n"); - return EXIT_FAILURE; - } - cmdline_syslog_name = argrest; + exim_fail("exim: the -L syslog name is too short\n"); + cmdline_syslog_name = string_copy_taint(argrest, TRUE); break; case 'M': @@ -2641,20 +2712,14 @@ for (i = 1; i < argc; i++) EXIM_SOCKLEN_T size = sizeof(interface_sock); if (argc != i + 6) - { - fprintf(stderr, "exim: too many or too few arguments after -MC\n"); - return EXIT_FAILURE; - } + exim_fail("exim: too many or too few arguments after -MC\n"); if (msg_action_arg >= 0) - { - fprintf(stderr, "exim: incompatible arguments\n"); - return EXIT_FAILURE; - } + exim_fail("exim: incompatible arguments\n"); - continue_transport = argv[++i]; - continue_hostname = argv[++i]; - continue_host_address = argv[++i]; + continue_transport = string_copy_taint(argv[++i], TRUE); + continue_hostname = string_copy_taint(argv[++i], TRUE); + continue_host_address = string_copy_taint(argv[++i], TRUE); continue_sequence = Uatoi(argv[++i]); msg_action = MSG_DELIVER; msg_action_arg = ++i; @@ -2663,89 +2728,104 @@ for (i = 1; i < argc; i++) queue_run_pipe = passed_qr_pipe; if (!mac_ismsgid(argv[i])) - { - fprintf(stderr, "exim: malformed message id %s after -MC option\n", + exim_fail("exim: malformed message id %s after -MC option\n", argv[i]); - return EXIT_FAILURE; - } - /* Set up $sending_ip_address and $sending_port */ + /* Set up $sending_ip_address and $sending_port, unless proxied */ - if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), - &size) == 0) - sending_ip_address = host_ntoa(-1, &interface_sock, NULL, - &sending_port); - else - { - fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", - strerror(errno)); - return EXIT_FAILURE; - } + if (!continue_proxy_cipher) + if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), + &size) == 0) + sending_ip_address = host_ntoa(-1, &interface_sock, NULL, + &sending_port); + else + exim_fail("exim: getsockname() failed after -MC option: %s\n", + strerror(errno)); - if (running_in_test_harness) millisleep(500); + testharness_pause_ms(500); break; } + else if (*argrest == 'C' && argrest[1] && !argrest[2]) + { + switch(argrest[1]) + { /* -MCA: set the smtp_authenticated flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has accepted an AUTH sequence. */ - else if (Ustrcmp(argrest, "CA") == 0) - { - smtp_authenticated = TRUE; - break; - } + case 'A': f.smtp_authenticated = TRUE; break; /* -MCD: set the smtp_use_dsn flag; this indicates that the host that exim is connected to supports the esmtp extension DSN */ - else if (Ustrcmp(argrest, "CD") == 0) - { - smtp_use_dsn = TRUE; - break; - } + + case 'D': smtp_peer_options |= OPTION_DSN; break; + + /* -MCd: for debug, set a process-purpose string */ + + case 'd': if (++i < argc) + process_purpose = string_copy_taint(argv[i], TRUE); + else badarg = TRUE; + break; + + /* -MCG: set the queue name, to a non-default value */ + + case 'G': if (++i < argc) queue_name = string_copy_taint(argv[i], TRUE); + else badarg = TRUE; + break; + + /* -MCK: the peer offered CHUNKING. Must precede -MC */ + + case 'K': smtp_peer_options |= OPTION_CHUNKING; break; /* -MCP: set the smtp_use_pipelining flag; this is useful only when it preceded -MC (see above) */ - else if (Ustrcmp(argrest, "CP") == 0) - { - smtp_use_pipelining = TRUE; - break; - } + case 'P': smtp_peer_options |= OPTION_PIPE; break; /* -MCQ: pass on the pid of the queue-running process that started this chain of deliveries and the fd of its synchronizing pipe; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CQ") == 0) - { - if(++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); - else badarg = TRUE; - if(++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); - else badarg = TRUE; - break; - } + case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); + else badarg = TRUE; + if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); + else badarg = TRUE; + break; /* -MCS: set the smtp_use_size flag; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CS") == 0) - { - smtp_use_size = TRUE; - break; - } + case 'S': smtp_peer_options |= OPTION_SIZE; break; + +#ifndef DISABLE_TLS + /* -MCt: similar to -MCT below but the connection is still open + via a proxy process which handles the TLS context and coding. + Require three arguments for the proxied local address and port, + and the TLS cipher. */ + + case 't': if (++i < argc) + sending_ip_address = string_copy_taint(argv[i], TRUE); + else badarg = TRUE; + if (++i < argc) + sending_port = (int)(Uatol(argv[i])); + else badarg = TRUE; + if (++i < argc) + continue_proxy_cipher = string_copy_taint(argv[i], TRUE); + else badarg = TRUE; + /*FALLTHROUGH*/ /* -MCT: set the tls_offered flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has offered TLS support. */ - #ifdef SUPPORT_TLS - else if (Ustrcmp(argrest, "CT") == 0) - { - tls_offered = TRUE; + case 'T': smtp_peer_options |= OPTION_TLS; break; +#endif + + default: badarg = TRUE; break; + } break; } - #endif /* -M[x]: various operations on the following list of message ids: -M deliver the messages, ignoring next retry times and thawing @@ -2768,10 +2848,10 @@ for (i = 1; i < argc; i++) -Mvl show log */ - else if (*argrest == 0) + else if (!*argrest) { msg_action = MSG_DELIVER; - forced_delivery = deliver_force_thaw = TRUE; + forced_delivery = f.deliver_force_thaw = TRUE; } else if (Ustrcmp(argrest, "ar") == 0) { @@ -2790,6 +2870,11 @@ for (i = 1; i < argc; i++) msg_action = MSG_DELIVER; deliver_give_up = TRUE; } + else if (Ustrcmp(argrest, "G") == 0) + { + msg_action = MSG_SETQUEUE; + queue_name_dest = string_copy_taint(argv[++i], TRUE); + } else if (Ustrcmp(argrest, "mad") == 0) { msg_action = MSG_MARK_ALL_DELIVERED; @@ -2832,22 +2917,15 @@ for (i = 1; i < argc; i++) msg_action_arg = i + 1; if (msg_action_arg >= argc) - { - fprintf(stderr, "exim: no message ids given after %s option\n", arg); - return EXIT_FAILURE; - } + exim_fail("exim: no message ids given after %s option\n", arg); /* Some require only message ids to follow */ if (!one_msg_action) { - int j; - for (j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j])) - { - fprintf(stderr, "exim: malformed message id %s after %s option\n", + for (int j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j])) + exim_fail("exim: malformed message id %s after %s option\n", argv[j], arg); - return EXIT_FAILURE; - } goto END_ARG; /* Remaining args are ids */ } @@ -2857,11 +2935,8 @@ for (i = 1; i < argc; i++) else { if (!mac_ismsgid(argv[msg_action_arg])) - { - fprintf(stderr, "exim: malformed message id %s after %s option\n", + exim_fail("exim: malformed message id %s after %s option\n", argv[msg_action_arg], arg); - return EXIT_FAILURE; - } i++; } break; @@ -2871,7 +2946,7 @@ for (i = 1; i < argc; i++) for sendmail it askes for "me too". Exim always does this. */ case 'm': - if (*argrest != 0) badarg = TRUE; + if (*argrest) badarg = TRUE; break; @@ -2879,9 +2954,9 @@ for (i = 1; i < argc; i++) their thing. It implies debugging at the D_v level. */ case 'N': - if (*argrest == 0) + if (!*argrest) { - dont_deliver = TRUE; + f.dont_deliver = TRUE; debug_selector |= D_v; debug_file = stderr; } @@ -2902,226 +2977,228 @@ for (i = 1; i < argc; i++) -O option=value and -Ooption=value. */ case 'O': - if (*argrest == 0) - { + if (!*argrest) if (++i >= argc) - { - fprintf(stderr, "exim: string expected after -O\n"); - exit(EXIT_FAILURE); - } - } + exim_fail("exim: string expected after -O\n"); break; case 'o': - - /* -oA: Set an argument for the bi command (sendmail's "alternate alias - file" option). */ - - if (*argrest == 'A') - { - alias_arg = argrest + 1; - if (alias_arg[0] == 0) - { - if (i+1 < argc) alias_arg = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -oA\n"); - exit(EXIT_FAILURE); - } - } - } - - /* -oB: Set a connection message max value for remote deliveries */ - - else if (*argrest == 'B') - { - uschar *p = argrest + 1; - if (p[0] == 0) - { - if (i+1 < argc && isdigit((argv[i+1][0]))) p = argv[++i]; else - { - connection_max_messages = 1; - p = NULL; - } - } - - if (p != NULL) - { - if (!isdigit(*p)) - { - fprintf(stderr, "exim: number expected after -oB\n"); - exit(EXIT_FAILURE); - } - connection_max_messages = Uatoi(p); - } - } - - /* -odb: background delivery */ - - else if (Ustrcmp(argrest, "db") == 0) - { - synchronous_delivery = FALSE; - arg_queue_only = FALSE; - queue_only_set = TRUE; - } - - /* -odf: foreground delivery (smail-compatible option); same effect as - -odi: interactive (synchronous) delivery (sendmail-compatible option) - */ - - else if (Ustrcmp(argrest, "df") == 0 || Ustrcmp(argrest, "di") == 0) - { - synchronous_delivery = TRUE; - arg_queue_only = FALSE; - queue_only_set = TRUE; - } - - /* -odq: queue only */ - - else if (Ustrcmp(argrest, "dq") == 0) - { - synchronous_delivery = FALSE; - arg_queue_only = TRUE; - queue_only_set = TRUE; - } - - /* -odqs: queue SMTP only - do local deliveries and remote routing, - but no remote delivery */ - - else if (Ustrcmp(argrest, "dqs") == 0) + switch (*argrest++) { - queue_smtp = TRUE; - arg_queue_only = FALSE; - queue_only_set = TRUE; - } - - /* -oex: Sendmail error flags. As these are also accepted without the - leading -o prefix, for compatibility with vacation and other callers, - they are handled with -e above. */ - - /* -oi: Set flag so dot doesn't end non-SMTP input (same as -i) - -oitrue: Another sendmail syntax for the same */ + /* -oA: Set an argument for the bi command (sendmail's "alternate alias + file" option). */ + case 'A': + if (!*(alias_arg = argrest)) + if (i+1 < argc) alias_arg = argv[++i]; + else exim_fail("exim: string expected after -oA\n"); + break; + + /* -oB: Set a connection message max value for remote deliveries */ + case 'B': + { + uschar * p = argrest; + if (!*p) + if (i+1 < argc && isdigit((argv[i+1][0]))) + p = argv[++i]; + else + { + connection_max_messages = 1; + p = NULL; + } - else if (Ustrcmp(argrest, "i") == 0 || - Ustrcmp(argrest, "itrue") == 0) - dot_ends = FALSE; + if (p) + { + if (!isdigit(*p)) + exim_fail("exim: number expected after -oB\n"); + connection_max_messages = Uatoi(p); + } + } + break; + + /* -odb: background delivery */ + + case 'd': + if (Ustrcmp(argrest, "b") == 0) + { + f.synchronous_delivery = FALSE; + arg_queue_only = FALSE; + queue_only_set = TRUE; + } + + /* -odd: testsuite-only: add no inter-process delays */ + + else if (Ustrcmp(argrest, "d") == 0) + f.testsuite_delays = FALSE; + + /* -odf: foreground delivery (smail-compatible option); same effect as + -odi: interactive (synchronous) delivery (sendmail-compatible option) + */ + + else if (Ustrcmp(argrest, "f") == 0 || Ustrcmp(argrest, "i") == 0) + { + f.synchronous_delivery = TRUE; + arg_queue_only = FALSE; + queue_only_set = TRUE; + } + + /* -odq: queue only */ + + else if (Ustrcmp(argrest, "q") == 0) + { + f.synchronous_delivery = FALSE; + arg_queue_only = TRUE; + queue_only_set = TRUE; + } + + /* -odqs: queue SMTP only - do local deliveries and remote routing, + but no remote delivery */ + + else if (Ustrcmp(argrest, "qs") == 0) + { + f.queue_smtp = TRUE; + arg_queue_only = FALSE; + queue_only_set = TRUE; + } + else badarg = TRUE; + break; + + /* -oex: Sendmail error flags. As these are also accepted without the + leading -o prefix, for compatibility with vacation and other callers, + they are handled with -e above. */ + + /* -oi: Set flag so dot doesn't end non-SMTP input (same as -i) + -oitrue: Another sendmail syntax for the same */ + + case 'i': + if (!*argrest || Ustrcmp(argrest, "true") == 0) + f.dot_ends = FALSE; + else badarg = TRUE; + break; /* -oM*: Set various characteristics for an incoming message; actually acted on for trusted callers only. */ - else if (*argrest == 'M') - { - if (i+1 >= argc) - { - fprintf(stderr, "exim: data expected after -o%s\n", argrest); - exit(EXIT_FAILURE); - } + case 'M': + { + if (i+1 >= argc) + exim_fail("exim: data expected after -oM%s\n", argrest); - /* -oMa: Set sender host address */ + /* -oMa: Set sender host address */ - if (Ustrcmp(argrest, "Ma") == 0) sender_host_address = argv[++i]; + if (Ustrcmp(argrest, "a") == 0) + sender_host_address = string_copy_taint(argv[++i], TRUE); - /* -oMaa: Set authenticator name */ + /* -oMaa: Set authenticator name */ - else if (Ustrcmp(argrest, "Maa") == 0) - sender_host_authenticated = argv[++i]; + else if (Ustrcmp(argrest, "aa") == 0) + sender_host_authenticated = string_copy_taint(argv[++i], TRUE); - /* -oMas: setting authenticated sender */ + /* -oMas: setting authenticated sender */ - else if (Ustrcmp(argrest, "Mas") == 0) authenticated_sender = argv[++i]; + else if (Ustrcmp(argrest, "as") == 0) + authenticated_sender = string_copy_taint(argv[++i], TRUE); - /* -oMai: setting authenticated id */ + /* -oMai: setting authenticated id */ - else if (Ustrcmp(argrest, "Mai") == 0) authenticated_id = argv[++i]; + else if (Ustrcmp(argrest, "ai") == 0) + authenticated_id = string_copy_taint(argv[++i], TRUE); - /* -oMi: Set incoming interface address */ + /* -oMi: Set incoming interface address */ - else if (Ustrcmp(argrest, "Mi") == 0) interface_address = argv[++i]; + else if (Ustrcmp(argrest, "i") == 0) + interface_address = string_copy_taint(argv[++i], TRUE); - /* -oMm: Message reference */ + /* -oMm: Message reference */ - else if (Ustrcmp(argrest, "Mm") == 0) - { - if (!mac_ismsgid(argv[i+1])) - { - fprintf(stderr,"-oMm must be a valid message ID\n"); - exit(EXIT_FAILURE); - } - if (!trusted_config) - { - fprintf(stderr,"-oMm must be called by a trusted user/config\n"); - exit(EXIT_FAILURE); - } - message_reference = argv[++i]; - } + else if (Ustrcmp(argrest, "m") == 0) + { + if (!mac_ismsgid(argv[i+1])) + exim_fail("-oMm must be a valid message ID\n"); + if (!f.trusted_config) + exim_fail("-oMm must be called by a trusted user/config\n"); + message_reference = argv[++i]; + } - /* -oMr: Received protocol */ + /* -oMr: Received protocol */ - else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; + else if (Ustrcmp(argrest, "r") == 0) - /* -oMs: Set sender host name */ + if (received_protocol) + exim_fail("received_protocol is set already\n"); + else + received_protocol = string_copy_taint(argv[++i], TRUE); - else if (Ustrcmp(argrest, "Ms") == 0) sender_host_name = argv[++i]; + /* -oMs: Set sender host name */ - /* -oMt: Set sender ident */ + else if (Ustrcmp(argrest, "s") == 0) + sender_host_name = string_copy_taint(argv[++i], TRUE); - else if (Ustrcmp(argrest, "Mt") == 0) - { - sender_ident_set = TRUE; - sender_ident = argv[++i]; - } + /* -oMt: Set sender ident */ - /* Else a bad argument */ - - else - { - badarg = TRUE; - break; - } - } + else if (Ustrcmp(argrest, "t") == 0) + { + sender_ident_set = TRUE; + sender_ident = string_copy_taint(argv[++i], TRUE); + } - /* -om: Me-too flag for aliases. Exim always does this. Some programs - seem to call this as -m (undocumented), so that is also accepted (see - above). */ + /* Else a bad argument */ - else if (Ustrcmp(argrest, "m") == 0) {} + else + badarg = TRUE; + } + break; - /* -oo: An ancient flag for old-style addresses which still seems to - crop up in some calls (see in SCO). */ + /* -om: Me-too flag for aliases. Exim always does this. Some programs + seem to call this as -m (undocumented), so that is also accepted (see + above). */ + /* -oo: An ancient flag for old-style addresses which still seems to + crop up in some calls (see in SCO). */ - else if (Ustrcmp(argrest, "o") == 0) {} + case 'm': + case 'o': + if (*argrest) badarg = TRUE; + break; - /* -oP : set pid file path for daemon */ + /* -oP : set pid file path for daemon + -oPX: delete pid file of daemon */ - else if (Ustrcmp(argrest, "P") == 0) - override_pid_file_path = argv[++i]; + case 'P': + if (!*argrest) override_pid_file_path = argv[++i]; + else if (Ustrcmp(argrest, "X") == 0) delete_pid_file(); + else badarg = TRUE; + break; - /* -or : set timeout for non-SMTP acceptance - -os : set timeout for SMTP acceptance */ - else if (*argrest == 'r' || *argrest == 's') - { - int *tp = (*argrest == 'r')? - &arg_receive_timeout : &arg_smtp_receive_timeout; - if (argrest[1] == 0) - { - if (i+1 < argc) *tp= readconf_readtime(argv[++i], 0, FALSE); - } - else *tp = readconf_readtime(argrest + 1, 0, FALSE); - if (*tp < 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } - } + /* -or : set timeout for non-SMTP acceptance + -os : set timeout for SMTP acceptance */ - /* -oX : Override local_interfaces and/or default daemon ports */ + case 'r': + case 's': + { + int * tp = argrest[-1] == 'r' + ? &arg_receive_timeout : &arg_smtp_receive_timeout; + if (*argrest) + *tp = readconf_readtime(argrest, 0, FALSE); + else if (i+1 < argc) + *tp = readconf_readtime(argv[++i], 0, FALSE); + + if (*tp < 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); + } + break; - else if (Ustrcmp(argrest, "X") == 0) - override_local_interfaces = argv[++i]; + /* -oX : Override local_interfaces and/or default daemon ports */ - /* Unknown -o argument */ + case 'X': + if (*argrest) badarg = TRUE; + else override_local_interfaces = string_copy_taint(argv[++i], TRUE); + break; - else badarg = TRUE; + /* Unknown -o argument */ + + default: + badarg = TRUE; + } break; @@ -3144,23 +3221,22 @@ for (i = 1; i < argc; i++) /* -panythingelse is taken as the Sendmail-compatible argument -prval:sval, which sets the host protocol and host name */ - if (*argrest == 0) - { - if (i+1 < argc) argrest = argv[++i]; else - { badarg = TRUE; break; } - } + if (!*argrest) + if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; } - if (*argrest != 0) + if (*argrest) { - uschar *hn = Ustrchr(argrest, ':'); - if (hn == NULL) - { - received_protocol = argrest; - } + uschar * hn = Ustrchr(argrest, ':'); + + if (received_protocol) + exim_fail("received_protocol is set already\n"); + + if (!hn) + received_protocol = string_copy_taint(argrest, TRUE); else { - received_protocol = string_copyn(argrest, hn - argrest); - sender_host_name = hn + 1; + received_protocol = string_copyn_taint(argrest, hn - argrest, TRUE); + sender_host_name = string_copy_taint(hn + 1, TRUE); } } break; @@ -3169,16 +3245,13 @@ for (i = 1; i < argc; i++) case 'q': receiving_message = FALSE; if (queue_interval >= 0) - { - fprintf(stderr, "exim: -q specified more than once\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: -q specified more than once\n"); /* -qq...: Do queue runs in a 2-stage manner */ if (*argrest == 'q') { - queue_2stage = TRUE; + f.queue_2stage = TRUE; argrest++; } @@ -3186,7 +3259,7 @@ for (i = 1; i < argc; i++) if (*argrest == 'i') { - queue_run_first_delivery = TRUE; + f.queue_run_first_delivery = TRUE; argrest++; } @@ -3195,10 +3268,10 @@ for (i = 1; i < argc; i++) if (*argrest == 'f') { - queue_run_force = TRUE; - if (*(++argrest) == 'f') + f.queue_run_force = TRUE; + if (*++argrest == 'f') { - deliver_force_thaw = TRUE; + f.deliver_force_thaw = TRUE; argrest++; } } @@ -3207,38 +3280,41 @@ for (i = 1; i < argc; i++) if (*argrest == 'l') { - queue_run_local = TRUE; + f.queue_run_local = TRUE; argrest++; } - /* -q[f][f][l]: Run the queue, optionally forced, optionally local only, - optionally starting from a given message id. */ + /* -q[f][f][l][G]... Work on the named queue */ - if (*argrest == 0 && - (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) + if (*argrest == 'G') { - queue_interval = 0; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - start_queue_run_id = argv[++i]; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - stop_queue_run_id = argv[++i]; + int i; + for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++; + queue_name = string_copyn(argrest, i); + argrest += i; + if (*argrest == '/') argrest++; } - /* -q[f][f][l]: Run the queue at regular intervals, optionally forced, - optionally local only. */ + /* -q[f][f][l][G]: Run the queue, optionally forced, optionally local + only, optionally named, optionally starting from a given message id. */ - else - { - if (*argrest != 0) - queue_interval = readconf_readtime(argrest, 0, FALSE); - else - queue_interval = readconf_readtime(argv[++i], 0, FALSE); - if (queue_interval <= 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } - } + if (!(list_queue || count_queue)) + if ( !*argrest + && (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) + { + queue_interval = 0; + if (i+1 < argc && mac_ismsgid(argv[i+1])) + start_queue_run_id = string_copy_taint(argv[++i], TRUE); + if (i+1 < argc && mac_ismsgid(argv[i+1])) + stop_queue_run_id = string_copy_taint(argv[++i], TRUE); + } + + /* -q[f][f][l][G/]: Run the queue at regular intervals, optionally + forced, optionally local only, optionally named. */ + + else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], + 0, FALSE)) <= 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); break; @@ -3254,33 +3330,25 @@ for (i = 1; i < argc; i++) in all cases provided there are no further characters in this argument. */ - if (*argrest != 0) - { - int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + if (*argrest) + for (int i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { - if (i != 2) queue_run_force = TRUE; - if (i >= 2) deliver_selectstring_regex = TRUE; - if (i == 1 || i == 4) deliver_force_thaw = TRUE; + if (i != 2) f.queue_run_force = TRUE; + if (i >= 2) f.deliver_selectstring_regex = TRUE; + if (i == 1 || i == 4) f.deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } - } /* -R: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) - { - if (i+1 < argc) deliver_selectstring = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -R\n"); - exit(EXIT_FAILURE); - } - } - else deliver_selectstring = argrest; + if (*argrest) + deliver_selectstring = string_copy_taint(argrest, TRUE); + else if (i+1 < argc) + deliver_selectstring = string_copy_taint(argv[++i], TRUE); + else + exim_fail("exim: string expected after -R\n"); break; @@ -3301,33 +3369,25 @@ for (i = 1; i < argc; i++) in all cases provided there are no further characters in this argument. */ - if (*argrest != 0) - { - int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + if (*argrest) + for (int i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { - if (i != 2) queue_run_force = TRUE; - if (i >= 2) deliver_selectstring_sender_regex = TRUE; - if (i == 1 || i == 4) deliver_force_thaw = TRUE; + if (i != 2) f.queue_run_force = TRUE; + if (i >= 2) f.deliver_selectstring_sender_regex = TRUE; + if (i == 1 || i == 4) f.deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } - } /* -S: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) - { - if (i+1 < argc) deliver_selectstring_sender = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -S\n"); - exit(EXIT_FAILURE); - } - } - else deliver_selectstring_sender = argrest; + if (*argrest) + deliver_selectstring_sender = string_copy_taint(argrest, TRUE); + else if (i+1 < argc) + deliver_selectstring_sender = string_copy_taint(argv[++i], TRUE); + else + exim_fail("exim: string expected after -S\n"); break; /* -Tqt is an option that is exclusively for use by the testing suite. @@ -3336,8 +3396,8 @@ for (i = 1; i < argc; i++) tested. Otherwise variability of clock ticks etc. cause problems. */ case 'T': - if (running_in_test_harness && Ustrcmp(argrest, "qt") == 0) - fudged_queue_times = argv[++i]; + if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0) + fudged_queue_times = string_copy_taint(argv[++i], TRUE); else badarg = TRUE; break; @@ -3345,7 +3405,7 @@ for (i = 1; i < argc; i++) /* -t: Set flag to extract recipients from body of message. */ case 't': - if (*argrest == 0) extract_recipients = TRUE; + if (!*argrest) extract_recipients = TRUE; /* -ti: Set flag to extract recipients from body of message, and also specify that dot does not end the message. */ @@ -3353,12 +3413,12 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "i") == 0) { extract_recipients = TRUE; - dot_ends = FALSE; + f.dot_ends = FALSE; } /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ - #ifdef SUPPORT_TLS + #ifndef DISABLE_TLS else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; #endif @@ -3377,7 +3437,7 @@ for (i = 1; i < argc; i++) /* -v: verify things - this is a very low-level debugging */ case 'v': - if (*argrest == 0) + if (!*argrest) { debug_selector |= D_v; debug_file = stderr; @@ -3397,28 +3457,24 @@ for (i = 1; i < argc; i++) As Exim is 8-bit clean, it just ignores this flag. */ case 'x': - if (*argrest != 0) badarg = TRUE; + if (*argrest) badarg = TRUE; break; /* -X: in sendmail: takes one parameter, logfile, and sends debugging logs to that file. We swallow the parameter and otherwise ignore it. */ case 'X': - if (*argrest == '\0') + if (!*argrest) if (++i >= argc) - { - fprintf(stderr, "exim: string expected after -X\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: string expected after -X\n"); break; case 'z': - if (*argrest == '\0') - if (++i < argc) log_oneline = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } + if (!*argrest) + if (++i < argc) + log_oneline = string_copy_taint(argv[i], TRUE); + else + exim_fail("exim: file name expected after %s\n", argv[i-1]); break; /* All other initial characters are errors */ @@ -3431,47 +3487,48 @@ for (i = 1; i < argc; i++) /* Failed to recognize the option, or syntax error */ if (badarg) - { - fprintf(stderr, "exim abandoned: unknown, malformed, or incomplete " + exim_fail("exim abandoned: unknown, malformed, or incomplete " "option %s\n", arg); - exit(EXIT_FAILURE); - } } /* If -R or -S have been specified without -q, assume a single queue run. */ -if ((deliver_selectstring != NULL || deliver_selectstring_sender != NULL) && - queue_interval < 0) queue_interval = 0; + if ( (deliver_selectstring || deliver_selectstring_sender) + && queue_interval < 0) + queue_interval = 0; END_ARG: + store_pool = old_pool; + } + /* If usage_wanted is set we call the usage function - which never returns */ if (usage_wanted) exim_usage(called_as); /* Arguments have been processed. Check for incompatibilities. */ if (( (smtp_input || extract_recipients || recipients_arg < argc) && - (daemon_listen || queue_interval >= 0 || bi_option || + (f.daemon_listen || queue_interval >= 0 || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0 || filter_test != FTEST_NONE || (msg_action_arg > 0 && !one_msg_action)) ) || ( msg_action_arg > 0 && - (daemon_listen || queue_interval >= 0 || list_options || + (f.daemon_listen || queue_interval > 0 || list_options || (checking && msg_action != MSG_LOAD) || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0) ) || ( - (daemon_listen || queue_interval >= 0) && + (f.daemon_listen || queue_interval > 0) && (sender_address != NULL || list_options || list_queue || checking || bi_option) ) || ( - daemon_listen && queue_interval == 0 + f.daemon_listen && queue_interval == 0 ) || ( - inetd_wait_mode && queue_interval >= 0 + f.inetd_wait_mode && queue_interval >= 0 ) || ( list_options && @@ -3480,11 +3537,11 @@ if (( ) || ( verify_address_mode && - (address_test_mode || smtp_input || extract_recipients || + (f.address_test_mode || smtp_input || extract_recipients || filter_test != FTEST_NONE || bi_option) ) || ( - address_test_mode && (smtp_input || extract_recipients || + f.address_test_mode && (smtp_input || extract_recipients || filter_test != FTEST_NONE || bi_option) ) || ( @@ -3499,10 +3556,7 @@ if (( (!expansion_test || expansion_test_message != NULL) ) ) - { - fprintf(stderr, "exim: incompatible command-line options or arguments\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: incompatible command-line options or arguments\n"); /* If debugging is set up, set the file and the file descriptor to pass on to child processes. It should, of course, be 2 for stderr. Also, force the daemon @@ -3512,8 +3566,8 @@ if (debug_selector != 0) { debug_file = stderr; debug_fd = fileno(debug_file); - background_daemon = FALSE; - if (running_in_test_harness) millisleep(100); /* lets caller finish */ + f.background_daemon = FALSE; + testharness_pause_ms(100); /* lets caller finish */ if (debug_selector != D_v) /* -v only doesn't show this */ { debug_printf("Exim version %s uid=%ld gid=%ld pid=%d D=%x\n", @@ -3599,12 +3653,8 @@ check on the additional groups for the admin user privilege - can't do that till after reading the config, which might specify the exim gid. Therefore, save the group list here first. */ -group_count = getgroups(NGROUPS_MAX, group_list); -if (group_count < 0) - { - fprintf(stderr, "exim: getgroups() failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } +if ((group_count = getgroups(nelem(group_list), group_list)) < 0) + exim_fail("exim: getgroups() failed: %s\n", strerror(errno)); /* There is a fundamental difference in some BSD systems in the matter of groups. FreeBSD and BSDI are known to be different; NetBSD and OpenBSD are @@ -3617,19 +3667,22 @@ over a single group - the current group, which is always the first group in the list. Calling setgroups() with zero groups on a "different" system results in an error return. The following code should cope with both types of system. + Unfortunately, recent MacOS, which should be a FreeBSD, "helpfully" succeeds + the "setgroups() with zero groups" - and changes the egid. + Thanks to that we had to stash the original_egid above, for use below + in the call to exim_setugid(). + However, if this process isn't running as root, setgroups() can't be used -since you have to be root to run it, even if throwing away groups. Not being -root here happens only in some unusual configurations. We just ignore the -error. */ +since you have to be root to run it, even if throwing away groups. +Except, sigh, for Hurd - where you can. +Not being root here happens only in some unusual configurations. */ -if (setgroups(0, NULL) != 0) - { - if (setgroups(1, group_list) != 0 && !unprivileged) - { - fprintf(stderr, "exim: setgroups() failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - } +if ( !unprivileged +#ifndef OS_SETGROUPS_ZERO_DROPS_ALL + && setgroups(0, NULL) != 0 +#endif + && setgroups(1, group_list) != 0) + exim_fail("exim: setgroups() failed: %s\n", strerror(errno)); /* If the configuration file name has been altered by an argument on the command line (either a new file name or a macro definition) and the caller is @@ -3649,10 +3702,10 @@ values (such as the path name). If running in the test harness, pretend that configuration file changes and macro definitions haven't happened. */ if (( /* EITHER */ - (!trusted_config || /* Config changed, or */ - !macros_trusted()) && /* impermissible macros and */ + (!f.trusted_config || /* Config changed, or */ + !macros_trusted(opt_D_used)) && /* impermissible macros and */ real_uid != root_uid && /* Not root, and */ - !running_in_test_harness /* Not fudged */ + !f.running_in_test_harness /* Not fudged */ ) || /* OR */ expansion_test /* expansion testing */ || /* OR */ @@ -3672,8 +3725,8 @@ if (( /* EITHER */ Note that if the invoker is Exim, the logs remain available. Messing with this causes unlogged successful deliveries. */ - if ((log_stderr != NULL) && (real_uid != exim_uid)) - really_exim = FALSE; + if (log_stderr && real_uid != exim_uid) + f.really_exim = FALSE; } /* Privilege is to be retained for the moment. It may be dropped later, @@ -3681,32 +3734,21 @@ depending on the job that this Exim process has been asked to do. For now, set the real uid to the effective so that subsequent re-execs of Exim are done by a privileged user. */ -else exim_setugid(geteuid(), getegid(), FALSE, US"forcing real = effective"); +else + exim_setugid(geteuid(), original_egid, FALSE, US"forcing real = effective"); /* If testing a filter, open the file(s) now, before wasting time doing other setups and reading the message. */ -if ((filter_test & FTEST_SYSTEM) != 0) - { - filter_sfd = Uopen(filter_test_sfile, O_RDONLY, 0); - if (filter_sfd < 0) - { - fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_sfile, +if (filter_test & FTEST_SYSTEM) + if ((filter_sfd = Uopen(filter_test_sfile, O_RDONLY, 0)) < 0) + exim_fail("exim: failed to open %s: %s\n", filter_test_sfile, strerror(errno)); - return EXIT_FAILURE; - } - } -if ((filter_test & FTEST_USER) != 0) - { - filter_ufd = Uopen(filter_test_ufile, O_RDONLY, 0); - if (filter_ufd < 0) - { - fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_ufile, +if (filter_test & FTEST_USER) + if ((filter_ufd = Uopen(filter_test_ufile, O_RDONLY, 0)) < 0) + exim_fail("exim: failed to open %s: %s\n", filter_test_ufile, strerror(errno)); - return EXIT_FAILURE; - } - } /* Initialise lookup_list If debugging, already called above via version reporting. @@ -3719,15 +3761,57 @@ is equivalent to the ability to modify a setuid binary! This needs to happen before we read the main configuration. */ init_lookup_list(); -#ifdef EXPERIMENTAL_INTERNATIONAL -if (running_in_test_harness) smtputf8_advertise_hosts = NULL; +#ifdef SUPPORT_I18N +if (f.running_in_test_harness) smtputf8_advertise_hosts = NULL; #endif /* Read the main runtime configuration data; this gives up if there is a failure. It leaves the configuration file open so that the subsequent -configuration data for delivery can be read if needed. */ +configuration data for delivery can be read if needed. + +NOTE: immediately after opening the configuration file we change the working +directory to "/"! Later we change to $spool_directory. We do it there, because +during readconf_main() some expansion takes place already. */ + +/* Store the initial cwd before we change directories. Can be NULL if the +dir has already been unlinked. */ +initial_cwd = os_getcwd(NULL, 0); + +/* checking: + -be[m] expansion test - + -b[fF] filter test new + -bh[c] host test - + -bmalware malware_test_file new + -brt retry test new + -brw rewrite test new + -bt address test - + -bv[s] address verify - + list_options: + -bP