X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/803628d5b0b175dfa78f0b19b35213ace01207b1..8de9db65575ccd8013753bb3d23426f0da2a669a:/src/src/deliver.c diff --git a/src/src/deliver.c b/src/src/deliver.c index 202f7a400..c416ebf3f 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -268,6 +268,8 @@ msglog directory that are used to catch output from pipes. Try to create the directory if it does not exist. From release 4.21, normal message logs should be created when the message is received. +Called from deliver_message(), can be operating as root. + Argument: filename the file name mode the mode required @@ -279,37 +281,49 @@ Returns: a file descriptor, or -1 (with errno set) static int open_msglog_file(uschar *filename, int mode, uschar **error) { -int fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); +int fd, i; -if (fd < 0 && errno == ENOENT) +for (i = 2; i > 0; i--) { + fd = Uopen(filename, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif +#ifdef O_NOFOLLOW + O_NOFOLLOW | +#endif + O_WRONLY|O_APPEND|O_CREAT, mode); + if (fd >= 0) + { + /* Set the close-on-exec flag and change the owner to the exim uid/gid (this + function is called as root). Double check the mode, because the group setting + doesn't always get set automatically. */ + +#ifndef O_CLOEXEC + (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + if (fchown(fd, exim_uid, exim_gid) < 0) + { + *error = US"chown"; + return -1; + } + if (fchmod(fd, mode) < 0) + { + *error = US"chmod"; + return -1; + } + return fd; + } + if (errno != ENOENT) + break; + (void)directory_make(spool_directory, spool_sname(US"msglog", message_subdir), MSGLOG_DIRECTORY_MODE, TRUE); - fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); - } - -/* Set the close-on-exec flag and change the owner to the exim uid/gid (this -function is called as root). Double check the mode, because the group setting -doesn't always get set automatically. */ - -if (fd >= 0) - { - (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); - if (fchown(fd, exim_uid, exim_gid) < 0) - { - *error = US"chown"; - return -1; - } - if (fchmod(fd, mode) < 0) - { - *error = US"chmod"; - return -1; - } } -else *error = US"create"; -return fd; +*error = US"create"; +return -1; } @@ -446,6 +460,10 @@ while (one && two) two = end_two; } + /* if the names matched but ports do not, mismatch */ + else if (one->port != two->port) + return FALSE; + /* Hosts matched */ one = one->next; @@ -715,7 +733,7 @@ host_item * h = addr->host_used; s = string_append(s, sp, pp, 2, US" H=", h->name); if (LOGGING(dnssec) && h->dnssec == DS_YES) - s = string_cat(s, sp, pp, US" DS"); + s = string_catn(s, sp, pp, US" DS", 3); s = string_append(s, sp, pp, 3, US" [", h->address, US"]"); @@ -836,6 +854,184 @@ router_name = transport_name = NULL; +/******************************************************************************/ + + +/************************************************* +* Generate local prt for logging * +*************************************************/ + +/* This function is a subroutine for use in string_log_address() below. + +Arguments: + addr the address being logged + yield the current dynamic buffer pointer + sizeptr points to current size + ptrptr points to current insert pointer + +Returns: the new value of the buffer pointer +*/ + +static uschar * +string_get_localpart(address_item *addr, uschar *yield, int *sizeptr, + int *ptrptr) +{ +uschar * s; + +s = addr->prefix; +if (testflag(addr, af_include_affixes) && s) + { +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + yield = string_cat(yield, sizeptr, ptrptr, s); + } + +s = addr->local_part; +#ifdef SUPPORT_I18N +if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif +yield = string_cat(yield, sizeptr, ptrptr, s); + +s = addr->suffix; +if (testflag(addr, af_include_affixes) && s) + { +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + yield = string_cat(yield, sizeptr, ptrptr, s); + } + +return yield; +} + + +/************************************************* +* Generate log address list * +*************************************************/ + +/* This function generates a list consisting of an address and its parents, for +use in logging lines. For saved onetime aliased addresses, the onetime parent +field is used. If the address was delivered by a transport with rcpt_include_ +affixes set, the af_include_affixes bit will be set in the address. In that +case, we include the affixes here too. + +Arguments: + str points to start of growing string, or NULL + size points to current allocation for string + ptr points to offset for append point; updated on exit + addr bottom (ultimate) address + all_parents if TRUE, include all parents + success TRUE for successful delivery + +Returns: a growable string in dynamic store +*/ + +static uschar * +string_log_address(uschar * str, int * size, int * ptr, + address_item *addr, BOOL all_parents, BOOL success) +{ +BOOL add_topaddr = TRUE; +address_item *topaddr; + +/* Find the ultimate parent */ + +for (topaddr = addr; topaddr->parent; topaddr = topaddr->parent) ; + +/* We start with just the local part for pipe, file, and reply deliveries, and +for successful local deliveries from routers that have the log_as_local flag +set. File deliveries from filters can be specified as non-absolute paths in +cases where the transport is going to complete the path. If there is an error +before this happens (expansion failure) the local part will not be updated, and +so won't necessarily look like a path. Add extra text for this case. */ + +if ( testflag(addr, af_pfr) + || ( success + && addr->router && addr->router->log_as_local + && addr->transport && addr->transport->info->local + ) ) + { + if (testflag(addr, af_file) && addr->local_part[0] != '/') + str = string_catn(str, size, ptr, CUS"save ", 5); + str = string_get_localpart(addr, str, size, ptr); + } + +/* Other deliveries start with the full address. It we have split it into local +part and domain, use those fields. Some early failures can happen before the +splitting is done; in those cases use the original field. */ + +else + { + uschar * cmp = str + *ptr; + + if (addr->local_part) + { + const uschar * s; + str = string_get_localpart(addr, str, size, ptr); + str = string_catn(str, size, ptr, US"@", 1); + s = addr->domain; +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + str = string_cat(str, size, ptr, s); + } + else + str = string_cat(str, size, ptr, addr->address); + + /* If the address we are going to print is the same as the top address, + and all parents are not being included, don't add on the top address. First + of all, do a caseless comparison; if this succeeds, do a caseful comparison + on the local parts. */ + + str[*ptr] = 0; + if ( strcmpic(cmp, topaddr->address) == 0 + && Ustrncmp(cmp, topaddr->address, Ustrchr(cmp, '@') - cmp) == 0 + && !addr->onetime_parent + && (!all_parents || !addr->parent || addr->parent == topaddr) + ) + add_topaddr = FALSE; + } + +/* If all parents are requested, or this is a local pipe/file/reply, and +there is at least one intermediate parent, show it in brackets, and continue +with all of them if all are wanted. */ + +if ( (all_parents || testflag(addr, af_pfr)) + && addr->parent + && addr->parent != topaddr) + { + uschar *s = US" ("; + address_item *addr2; + for (addr2 = addr->parent; addr2 != topaddr; addr2 = addr2->parent) + { + str = string_catn(str, size, ptr, s, 2); + str = string_cat (str, size, ptr, addr2->address); + if (!all_parents) break; + s = US", "; + } + str = string_catn(str, size, ptr, US")", 1); + } + +/* Add the top address if it is required */ + +if (add_topaddr) + str = string_append(str, size, ptr, 3, + US" <", + addr->onetime_parent ? addr->onetime_parent : topaddr->address, + US">"); + +return str; +} + + +/******************************************************************************/ + + + /* If msg is NULL this is a delivery log and logchar is used. Otherwise this is a nonstandard call; no two-character delivery flag is written but sender-host and sender are prefixed and "msg" is inserted in the log line. @@ -846,11 +1042,10 @@ Arguments: void delivery_log(int flags, address_item * addr, int logchar, uschar * msg) { -uschar *log_address; int size = 256; /* Used for a temporary, */ int ptr = 0; /* expanding buffer, for */ -uschar *s; /* building log lines; */ -void *reset_point; /* released afterwards. */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ /* Log the delivery on the main log. We use an extensible string to build up the log line, and reset the store afterwards. Remote deliveries should always @@ -864,14 +1059,14 @@ pointer to a single host item in their host list, for use by the transport. */ s = reset_point = store_get(size); -log_address = string_log_address(addr, LOGGING(all_parents), TRUE); if (msg) - s = string_append(s, &size, &ptr, 3, host_and_ident(TRUE), US" ", log_address); + s = string_append(s, &size, &ptr, 2, host_and_ident(TRUE), US" "); else { s[ptr++] = logchar; - s = string_append(s, &size, &ptr, 2, US"> ", log_address); + s = string_catn(s, &size, &ptr, US"> ", 2); } +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), TRUE); if (LOGGING(sender_on_delivery) || msg) s = string_append(s, &size, &ptr, 3, US" F=<", @@ -962,8 +1157,11 @@ else #ifndef DISABLE_PRDR if (addr->flags & af_prdr_used) - s = string_append(s, &size, &ptr, 1, US" PRDR"); + s = string_catn(s, &size, &ptr, US" PRDR", 5); #endif + + if (addr->flags & af_chunking_used) + s = string_catn(s, &size, &ptr, US" K", 2); } /* confirmation message (SMTP (host_used) and LMTP (driver_name)) */ @@ -1014,6 +1212,163 @@ return; +static void +deferral_log(address_item * addr, uschar * now, + int logflags, uschar * driver_name, uschar * driver_kind) +{ +int size = 256; /* Used for a temporary, */ +int ptr = 0; /* expanding buffer, for */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ + +uschar ss[32]; + +/* Build up the line that is used for both the message log and the main +log. */ + +s = reset_point = store_get(size); + +/* Create the address string for logging. Must not do this earlier, because +an OK result may be changed to FAIL when a pipe returns text. */ + +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), FALSE); + +if (*queue_name) + s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); + +/* Either driver_name contains something and driver_kind contains +" router" or " transport" (note the leading space), or driver_name is +a null string and driver_kind contains "routing" without the leading +space, if all routing has been deferred. When a domain has been held, +so nothing has been done at all, both variables contain null strings. */ + +if (driver_name) + { + if (driver_kind[1] == 't' && addr->router) + s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); + Ustrcpy(ss, " ?="); + ss[1] = toupper(driver_kind[1]); + s = string_append(s, &size, &ptr, 2, ss, driver_name); + } +else if (driver_kind) + s = string_append(s, &size, &ptr, 2, US" ", driver_kind); + +/*XXX need an s+s+p sprintf */ +sprintf(CS ss, " defer (%d)", addr->basic_errno); +s = string_cat(s, &size, &ptr, ss); + +if (addr->basic_errno > 0) + s = string_append(s, &size, &ptr, 2, US": ", + US strerror(addr->basic_errno)); + +if (addr->host_used) + { + s = string_append(s, &size, &ptr, 5, + US" H=", addr->host_used->name, + US" [", addr->host_used->address, US"]"); + if (LOGGING(outgoing_port)) + { + int port = addr->host_used->port; + s = string_append(s, &size, &ptr, 2, + US":", port == PORT_NONE ? US"25" : string_sprintf("%d", port)); + } + } + +if (addr->message) + s = string_append(s, &size, &ptr, 2, US": ", addr->message); + +s[ptr] = 0; + +/* Log the deferment in the message log, but don't clutter it +up with retry-time defers after the first delivery attempt. */ + +if (deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE) + deliver_msglog("%s %s\n", now, s); + +/* Write the main log and reset the store. +For errors of the type "retry time not reached" (also remotes skipped +on queue run), logging is controlled by L_retry_defer. Note that this kind +of error number is negative, and all the retry ones are less than any +others. */ + + +log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags, + "== %s", s); + +store_reset(reset_point); +return; +} + + + +static void +failure_log(address_item * addr, uschar * driver_kind, uschar * now) +{ +int size = 256; /* Used for a temporary, */ +int ptr = 0; /* expanding buffer, for */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ + +/* Build up the log line for the message and main logs */ + +s = reset_point = store_get(size); + +/* Create the address string for logging. Must not do this earlier, because +an OK result may be changed to FAIL when a pipe returns text. */ + +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), FALSE); + +if (LOGGING(sender_on_delivery)) + s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); + +if (*queue_name) + s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); + +/* Return path may not be set if no delivery actually happened */ + +if (used_return_path && LOGGING(return_path_on_delivery)) + s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); + +if (addr->router) + s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); +if (addr->transport) + s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); + +if (addr->host_used) + s = d_hostlog(s, &size, &ptr, addr); + +#ifdef SUPPORT_TLS +s = d_tlslog(s, &size, &ptr, addr); +#endif + +if (addr->basic_errno > 0) + s = string_append(s, &size, &ptr, 2, US": ", US strerror(addr->basic_errno)); + +if (addr->message) + s = string_append(s, &size, &ptr, 2, US": ", addr->message); + +s[ptr] = 0; + +/* Do the logging. For the message log, "routing failed" for those cases, +just to make it clearer. */ + +if (driver_kind) + deliver_msglog("%s %s failed for %s\n", now, driver_kind, s); +else + deliver_msglog("%s %s\n", now, s); + +log_write(0, LOG_MAIN, "** %s", s); + +#ifndef DISABLE_EVENT +msg_event_raise(US"msg:fail:delivery", addr); +#endif + +store_reset(reset_point); +return; +} + + + /************************************************* * Actions at the end of handling an address * *************************************************/ @@ -1039,12 +1394,6 @@ post_process_one(address_item *addr, int result, int logflags, int driver_type, uschar *now = tod_stamp(tod_log); uschar *driver_kind = NULL; uschar *driver_name = NULL; -uschar *log_address; - -int size = 256; /* Used for a temporary, */ -int ptr = 0; /* expanding buffer, for */ -uschar *s; /* building log lines; */ -void *reset_point; /* released afterwards. */ DEBUG(D_deliver) debug_printf("post-process %s (%d)\n", addr->address, result); @@ -1250,85 +1599,7 @@ else if (result == DEFER || result == PANIC) log or the main log for SMTP defers. */ if (!queue_2stage || addr->basic_errno != 0) - { - uschar ss[32]; - - /* For errors of the type "retry time not reached" (also remotes skipped - on queue run), logging is controlled by L_retry_defer. Note that this kind - of error number is negative, and all the retry ones are less than any - others. */ - - unsigned int use_log_selector = addr->basic_errno <= ERRNO_RETRY_BASE - ? L_retry_defer : 0; - - /* Build up the line that is used for both the message log and the main - log. */ - - s = reset_point = store_get(size); - - /* Create the address string for logging. Must not do this earlier, because - an OK result may be changed to FAIL when a pipe returns text. */ - - log_address = string_log_address(addr, LOGGING(all_parents), result == OK); - - s = string_cat(s, &size, &ptr, log_address); - - if (*queue_name) - s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); - - /* Either driver_name contains something and driver_kind contains - " router" or " transport" (note the leading space), or driver_name is - a null string and driver_kind contains "routing" without the leading - space, if all routing has been deferred. When a domain has been held, - so nothing has been done at all, both variables contain null strings. */ - - if (driver_name) - { - if (driver_kind[1] == 't' && addr->router) - s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); - Ustrcpy(ss, " ?="); - ss[1] = toupper(driver_kind[1]); - s = string_append(s, &size, &ptr, 2, ss, driver_name); - } - else if (driver_kind) - s = string_append(s, &size, &ptr, 2, US" ", driver_kind); - - sprintf(CS ss, " defer (%d)", addr->basic_errno); - s = string_cat(s, &size, &ptr, ss); - - if (addr->basic_errno > 0) - s = string_append(s, &size, &ptr, 2, US": ", - US strerror(addr->basic_errno)); - - if (addr->host_used) - { - s = string_append(s, &size, &ptr, 5, - US" H=", addr->host_used->name, - US" [", addr->host_used->address, US"]"); - if (LOGGING(outgoing_port)) - { - int port = addr->host_used->port; - s = string_append(s, &size, &ptr, 2, - US":", port == PORT_NONE ? US"25" : string_sprintf("%d", port)); - } - } - - if (addr->message) - s = string_append(s, &size, &ptr, 2, US": ", addr->message); - - s[ptr] = 0; - - /* Log the deferment in the message log, but don't clutter it - up with retry-time defers after the first delivery attempt. */ - - if (deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE) - deliver_msglog("%s %s\n", now, s); - - /* Write the main log and reset the store */ - - log_write(use_log_selector, logflags, "== %s", s); - store_reset(reset_point); - } + deferral_log(addr, now, logflags, driver_name, driver_kind); } @@ -1344,7 +1615,7 @@ else force the af_ignore_error flag. This will cause the address to be discarded later (with a log entry). */ - if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) + if (!*sender_address && message_age >= ignore_bounce_errors_after) setflag(addr, af_ignore_error); /* Freeze the message if requested, or if this is a bounce message (or other @@ -1383,64 +1654,7 @@ else addr_failed = addr; } - /* Build up the log line for the message and main logs */ - - s = reset_point = store_get(size); - - /* Create the address string for logging. Must not do this earlier, because - an OK result may be changed to FAIL when a pipe returns text. */ - - log_address = string_log_address(addr, LOGGING(all_parents), result == OK); - - s = string_cat(s, &size, &ptr, log_address); - - if (LOGGING(sender_on_delivery)) - s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); - - if (*queue_name) - s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); - - /* Return path may not be set if no delivery actually happened */ - - if (used_return_path && LOGGING(return_path_on_delivery)) - s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); - - if (addr->router) - s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); - if (addr->transport) - s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); - - if (addr->host_used) - s = d_hostlog(s, &size, &ptr, addr); - -#ifdef SUPPORT_TLS - s = d_tlslog(s, &size, &ptr, addr); -#endif - - if (addr->basic_errno > 0) - s = string_append(s, &size, &ptr, 2, US": ", - US strerror(addr->basic_errno)); - - if (addr->message) - s = string_append(s, &size, &ptr, 2, US": ", addr->message); - - s[ptr] = 0; - - /* Do the logging. For the message log, "routing failed" for those cases, - just to make it clearer. */ - - if (driver_name) - deliver_msglog("%s %s\n", now, s); - else - deliver_msglog("%s %s failed for %s\n", now, driver_kind, s); - - log_write(0, LOG_MAIN, "** %s", s); - -#ifndef DISABLE_EVENT - msg_event_raise(US"msg:fail:delivery", addr); -#endif - - store_reset(reset_point); + failure_log(addr, driver_name ? NULL : driver_kind, now); } /* Ensure logging is turned on again in all cases */ @@ -2146,7 +2360,7 @@ if ((pid = fork()) == 0) ) ) ) - log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s", ret == -1 ? strerror(errno) : "short write"); /* Now any messages */ @@ -2157,7 +2371,7 @@ if ((pid = fork()) == 0) if( (ret = write(pfd[pipe_write], &message_length, sizeof(int))) != sizeof(int) || message_length > 0 && (ret = write(pfd[pipe_write], s, message_length)) != message_length ) - log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s", ret == -1 ? strerror(errno) : "short write"); } } @@ -2188,8 +2402,7 @@ will remain. Afterwards, close the reading end. */ for (addr2 = addr; addr2; addr2 = addr2->next) { - len = read(pfd[pipe_read], &status, sizeof(int)); - if (len > 0) + if ((len = read(pfd[pipe_read], &status, sizeof(int))) > 0) { int i; uschar **sptr; @@ -2206,10 +2419,24 @@ for (addr2 = addr; addr2; addr2 = addr2->next) if (testflag(addr2, af_file)) { - int local_part_length; - len = read(pfd[pipe_read], &local_part_length, sizeof(int)); - len = read(pfd[pipe_read], big_buffer, local_part_length); - big_buffer[local_part_length] = 0; + int llen; + if ( read(pfd[pipe_read], &llen, sizeof(int)) != sizeof(int) + || llen > 64*4 /* limit from rfc 5821, times I18N factor */ + ) + { + log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part length read" + " from delivery subprocess"); + break; + } + /* sanity-checked llen so disable the Coverity error */ + /* coverity[tainted_data] */ + if (read(pfd[pipe_read], big_buffer, llen) != llen) + { + log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part read" + " from delivery subprocess"); + break; + } + big_buffer[llen] = 0; addr2->local_part = string_copy(big_buffer); } @@ -3011,7 +3238,7 @@ uschar *endptr = big_buffer; uschar *ptr = endptr; uschar *msg = p->msg; BOOL done = p->done; -BOOL unfinished = TRUE; +BOOL finished = FALSE; /* minimum size to read is header size including id, subid and length */ int required = PIPE_HEADER_SIZE; @@ -3044,7 +3271,7 @@ while (!done) There will be only one read if we get all the available data (i.e. don't fill the buffer completely). */ - if (remaining < required && unfinished) + if (remaining < required && !finished) { int len; int available = big_buffer_size - remaining; @@ -3074,11 +3301,11 @@ while (!done) /* If the length is zero (eof or no-more-data), just process what we already have. Note that if the process is still running and we have read all the data in the pipe (but less that "available") then we - won't read any more, as "unfinished" will get set FALSE. */ + won't read any more, as "finished" will get set. */ endptr += len; remaining += len; - unfinished = len == available; + finished = len != available; } /* If we are at the end of the available data, exit the loop. */ @@ -3099,8 +3326,8 @@ while (!done) } DEBUG(D_deliver) - debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n", - id, subid, header+2, required, remaining, unfinished); + debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,finished:%d\n", + id, subid, header+2, required, remaining, finished); /* is there room for the dataset we want to read ? */ if (required > big_buffer_size - PIPE_HEADER_SIZE) @@ -3112,22 +3339,22 @@ while (!done) break; } - /* we wrote all datasets with atomic write() calls - remaining < required only happens if big_buffer was too small - to get all available data from pipe. unfinished has to be true - as well. */ + /* We wrote all datasets with atomic write() calls. Remaining < required only + happens if big_buffer was too small to get all available data from pipe; + finished has to be false as well. */ + if (remaining < required) { - if (unfinished) + if (!finished) continue; msg = string_sprintf("failed to read pipe from transport process " - "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", + "%d for transport %s: required size=%d > remaining size=%d and finished=true", pid, addr->transport->driver_name, required, remaining); done = TRUE; break; } - /* step behind the header */ + /* Step past the header */ ptr += PIPE_HEADER_SIZE; /* Handle each possible type of item, assuming the complete item is @@ -3289,6 +3516,10 @@ while (!done) break; #endif + case 'K': + addr->flags |= af_chunking_used; + break; + case 'D': if (!addr) goto ADDR_MISMATCH; memcpy(&(addr->dsn_aware), ptr, sizeof(addr->dsn_aware)); @@ -3311,7 +3542,7 @@ while (!done) { #ifdef SUPPORT_SOCKS case '2': /* proxy information; must arrive before A0 and applies to that addr XXX oops*/ - proxy_session = TRUE; /*XXX shouod this be cleared somewhere? */ + proxy_session = TRUE; /*XXX should this be cleared somewhere? */ if (*ptr == 0) ptr++; else @@ -4113,7 +4344,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) ) ) && ( !multi_domain || ( ( - !tp->expand_multi_domain || (deliver_set_expansions(next), 1), + (void)(!tp->expand_multi_domain || ((void)deliver_set_expansions(next), 1)), exp_bool(addr, US"transport", next->transport->name, D_transport, US"multi_domain", next->transport->multi_domain, @@ -4221,6 +4452,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) ok = FALSE; for (h = addr->host_list; h; h = h->next) if (Ustrcmp(h->name, continue_hostname) == 0) +/*XXX should also check port here */ { ok = TRUE; break; } } @@ -4244,9 +4476,13 @@ for (delivery_count = 0; addr_remote; delivery_count++) addr_fallback = addr; } - else if (next) + else { - while (next->next) next = next->next; + for (next = addr; ; next = next->next) + { + DEBUG(D_deliver) debug_printf(" %s to def list\n", next->address); + if (!next->next) break; + } next->next = addr_defer; addr_defer = addr; } @@ -4333,7 +4569,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) } /* Now fork a subprocess to do the remote delivery, but before doing so, - ensure that any cached resourses are released so as not to interfere with + ensure that any cached resources are released so as not to interfere with what happens in the subprocess. */ search_tidyup(); @@ -4388,15 +4624,20 @@ for (delivery_count = 0; addr_remote; delivery_count++) { uschar * fname = spool_fname(US"input", message_subdir, message_id, US"-D"); - if ((deliver_datafile = Uopen(fname, O_RDWR | O_APPEND, 0)) < 0) + if ((deliver_datafile = Uopen(fname, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_RDWR | O_APPEND, 0)) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to reopen %s for remote " "parallel delivery: %s", fname, strerror(errno)); } /* Set the close-on-exec flag */ - +#ifndef O_CLOEXEC (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) | FD_CLOEXEC); +#endif /* Set the uid/gid of this process; bombs out on failure. */ @@ -4527,6 +4768,9 @@ for (delivery_count = 0; addr_remote; delivery_count++) rmt_dlv_checked_write(fd, 'P', '0', NULL, 0); #endif + if (addr->flags & af_chunking_used) + rmt_dlv_checked_write(fd, 'K', '0', NULL, 0); + memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware)); rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware)); DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware); @@ -5136,6 +5380,8 @@ A delivery operation has a process all to itself; we never deliver more than one message in the same process. Therefore we needn't worry too much about store leakage. +Liable to be called as root. + Arguments: id the id of the message to be delivered forced TRUE if delivery was forced by an administrator; this overrides @@ -5160,7 +5406,6 @@ int final_yield = DELIVER_ATTEMPTED_NORMAL; time_t now = time(NULL); address_item *addr_last = NULL; uschar *filter_message = NULL; -FILE *jread; int process_recipients = RECIP_ACCEPT; open_db dbblock; open_db *dbm_file; @@ -5300,8 +5545,19 @@ Otherwise it might be needed again. */ { uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); + FILE * jread; - if ((jread = Ufopen(fname, "rb"))) + if ( (journal_fd = Uopen(fname, O_RDWR|O_APPEND +#ifdef O_CLOEXEC + | O_CLOEXEC +#endif +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + , SPOOL_MODE)) >= 0 + && lseek(journal_fd, 0, SEEK_SET) == 0 + && (jread = fdopen(journal_fd, "rb")) + ) { while (Ufgets(big_buffer, big_buffer_size, jread)) { @@ -5311,7 +5567,12 @@ Otherwise it might be needed again. */ DEBUG(D_deliver) debug_printf("Previously delivered address %s taken from " "journal file\n", big_buffer); } - (void)fclose(jread); + rewind(jread); + if ((journal_fd = dup(fileno(jread))) < 0) + journal_fd = fileno(jread); + else + (void) fclose(jread); /* Try to not leak the FILE resource */ + /* Panic-dies on error */ (void)spool_write_header(message_id, SW_DELIVERING, NULL); } @@ -5366,10 +5627,8 @@ if (deliver_freeze) ignore timer is exceeded. The message will be discarded if this delivery fails. */ - else if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) - { + else if (!*sender_address && message_age >= ignore_bounce_errors_after) log_write(0, LOG_MAIN, "Unfrozen by errmsg timer"); - } /* If this is a bounce message, or there's no auto thaw, or we haven't reached the auto thaw time yet, and this delivery is not forced by an admin @@ -5701,22 +5960,18 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) tpname = tmp; } else - { p->message = string_sprintf("system_filter_%s_transport is unset", type); - } if (tpname) { transport_instance *tp; for (tp = transports; tp; tp = tp->next) - { if (Ustrcmp(tp->name, tpname) == 0) { p->transport = tp; break; } - } if (!tp) p->message = string_sprintf("failed to find \"%s\" transport " "for system filter delivery", tpname); @@ -6629,10 +6884,8 @@ there is only address to be delivered - if it succeeds the spool write need not happen. */ if ( header_rewritten - && ( ( addr_local - && (addr_local->next || addr_remote) - ) - || (addr_remote && addr_remote->next) + && ( addr_local && (addr_local->next || addr_remote) + || addr_remote && addr_remote->next ) ) { /* Panic-dies on error */ @@ -6641,10 +6894,10 @@ if ( header_rewritten } -/* If there are any deliveries to be done, open the journal file. This is used -to record successful deliveries as soon as possible after each delivery is -known to be complete. A file opened with O_APPEND is used so that several -processes can run simultaneously. +/* If there are any deliveries to be and we do not already have the journal +file, create it. This is used to record successful deliveries as soon as +possible after each delivery is known to be complete. A file opened with +O_APPEND is used so that several processes can run simultaneously. The journal is just insurance against crashes. When the spool file is ultimately updated at the end of processing, the journal is deleted. If a @@ -6653,33 +6906,47 @@ therein are added to the non-recipients. */ if (addr_local || addr_remote) { - uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); - - if ((journal_fd = Uopen(fname, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE)) <0) + if (journal_fd < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s", - fname, strerror(errno)); - return DELIVER_NOT_ATTEMPTED; - } + uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); + + if ((journal_fd = Uopen(fname, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0) + { + log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s", + fname, strerror(errno)); + return DELIVER_NOT_ATTEMPTED; + } - /* Set the close-on-exec flag, make the file owned by Exim, and ensure - that the mode is correct - the group setting doesn't always seem to get - set automatically. */ + /* Set the close-on-exec flag, make the file owned by Exim, and ensure + that the mode is correct - the group setting doesn't always seem to get + set automatically. */ - if( fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) - || fchown(journal_fd, exim_uid, exim_gid) - || fchmod(journal_fd, SPOOL_MODE) - ) - { - int ret = Uunlink(fname); - log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", - fname, strerror(errno)); - if(ret && errno != ENOENT) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", - fname, strerror(errno)); - return DELIVER_NOT_ATTEMPTED; + if( fchown(journal_fd, exim_uid, exim_gid) + || fchmod(journal_fd, SPOOL_MODE) +#ifndef O_CLOEXEC + || fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) +#endif + ) + { + int ret = Uunlink(fname); + log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", + fname, strerror(errno)); + if(ret && errno != ENOENT) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", + fname, strerror(errno)); + return DELIVER_NOT_ATTEMPTED; + } } } +else if (journal_fd >= 0) + { + close(journal_fd); + journal_fd = -1; + } @@ -6907,7 +7174,7 @@ if (addr_senddsn) FILE *f = fdopen(fd, "wb"); /* header only as required by RFC. only failure DSN needs to honor RET=FULL */ uschar * bound; - transport_ctx tctx; + transport_ctx tctx = {0}; DEBUG(D_deliver) debug_printf("sending error message to: %s\n", sender_address); @@ -6987,7 +7254,6 @@ if (addr_senddsn) /* Write the original email out */ - bzero(&tctx, sizeof(tctx)); tctx.options = topt_add_return_path | topt_no_body; transport_write_message(fileno(f), &tctx, 0); fflush(f); @@ -7081,7 +7347,7 @@ while (addr_failed) /* Otherwise, handle the sending of a message. Find the error address for the first address, then send a message that includes all failed addresses that have the same error address. Note the bounce_recipient is a global so - that it can be accesssed by $bounce_recipient while creating a customized + that it can be accessed by $bounce_recipient while creating a customized error message. */ else @@ -7445,16 +7711,14 @@ wording. */ transport_filter_argv = NULL; /* Just in case */ return_path = sender_address; /* In case not previously set */ { /* Dummy transport for headers add */ - transport_ctx * tctx = - store_get(sizeof(*tctx) + sizeof(transport_instance)); - transport_instance * tb = (transport_instance *)(tctx+1); + transport_ctx tctx = {0}; + transport_instance tb = {0}; - bzero(tctx, sizeof(*tctx)+sizeof(*tb)); - tctx->tblock = tb; - tctx->options = topt; - tb->add_headers = dsnnotifyhdr; + tctx.tblock = &tb; + tctx.options = topt; + tb.add_headers = dsnnotifyhdr; - transport_write_message(fileno(f), tctx, 0); + transport_write_message(fileno(f), &tctx, 0); } fflush(f); @@ -7660,10 +7924,12 @@ else if (addr_defer != (address_item *)(+1)) } /* Didn't find the address already in the list, and did find the - ultimate parent's address in the list. After adding the recipient, + ultimate parent's address in the list, and they really are different + (i.e. not from an identity-redirect). After adding the recipient, update the errors address in the recipients list. */ - if (i >= recipients_count && t < recipients_count) + if ( i >= recipients_count && t < recipients_count + && Ustrcmp(otaddr->address, otaddr->parent->address) != 0) { DEBUG(D_deliver) debug_printf("one_time: adding %s in place of %s\n", otaddr->address, otaddr->parent->address); @@ -7678,19 +7944,14 @@ else if (addr_defer != (address_item *)(+1)) this deferred address or, if there is none, the sender address, is on the list of recipients for a warning message. */ - if (sender_address[0] != 0) - if (addr->prop.errors_address) - { - if (Ustrstr(recipients, addr->prop.errors_address) == NULL) - recipients = string_sprintf("%s%s%s", recipients, - (recipients[0] == 0)? "" : ",", addr->prop.errors_address); - } - else - { - if (Ustrstr(recipients, sender_address) == NULL) - recipients = string_sprintf("%s%s%s", recipients, - (recipients[0] == 0)? "" : ",", sender_address); - } + if (sender_address[0]) + { + uschar * s = addr->prop.errors_address; + if (!s) s = sender_address; + if (Ustrstr(recipients, s) == NULL) + recipients = string_sprintf("%s%s%s", recipients, + recipients[0] ? "," : "", s); + } } /* Send a warning message if the conditions are right. If the condition check @@ -7771,9 +8032,7 @@ else if (addr_defer != (address_item *)(+1)) FILE *wmf = NULL; FILE *f = fdopen(fd, "wb"); uschar * bound; - transport_ctx tctx; - - bzero(&tctx, sizeof(tctx)); + transport_ctx tctx = {0}; if (warn_message_file) if (!(wmf = Ufopen(warn_message_file, "rb"))) @@ -8042,7 +8301,7 @@ if (remove_journal) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", fname, strerror(errno)); - /* Move the message off the spool if reqested */ + /* Move the message off the spool if requested */ #ifdef SUPPORT_MOVE_FROZEN_MESSAGES if (deliver_freeze && move_frozen_messages) @@ -8089,6 +8348,9 @@ if (!regex_STARTTLS) regex_STARTTLS = regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); #endif +if (!regex_CHUNKING) regex_CHUNKING = + regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); + #ifndef DISABLE_PRDR if (!regex_PRDR) regex_PRDR = regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);