X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9883af7240d3c25b7a8a859c9e8482caacd5f1aa..dbad5895097fab8bee7ebe53e98a959c336b735d:/src/src/spool_out.c diff --git a/src/src/spool_out.c b/src/src/spool_out.c index 3970206cb..8531112c0 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for writing spool files, and moving them about. */ @@ -92,7 +93,7 @@ double-check the mode because the group setting doesn't always get set automatically. */ if (fd >= 0) - if (fchown(fd, exim_uid, exim_gid) || fchmod(fd, SPOOL_MODE)) + if (exim_fchown(fd, exim_uid, exim_gid, temp_name) || fchmod(fd, SPOOL_MODE)) { DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name); (void) close(fd); fd = -1; @@ -104,6 +105,25 @@ return fd; +static const uschar * +zap_newlines(const uschar *s) +{ +uschar *z, *p; + +if (Ustrchr(s, '\n') == NULL) return s; + +p = z = string_copy(s); +while ((p = Ustrchr(p, '\n')) != NULL) *p++ = ' '; +return z; +} + +static void +spool_var_write(FILE * fp, const uschar * name, const uschar * val) +{ +if (is_tainted(val)) putc('-', fp); +fprintf(fp, "-%s %s\n", name, val); +} + /************************************************* * Write the header spool file * *************************************************/ @@ -134,8 +154,7 @@ struct stat statbuf; uschar * tname; uschar * fname; -tname = spool_fname(US"input", message_subdir, - string_sprintf("hdr.%d", (int)getpid()), US""); +tname = spool_fname(US"input", message_subdir, US"hdr.", message_id); if ((fd = spool_open_temp(tname)) < 0) return spool_write_error(where, errmsg, US"open", NULL, NULL); @@ -155,40 +174,48 @@ fprintf(fp, "<%s>\n", sender_address); fprintf(fp, "%d %d\n", (int)received_time.tv_sec, warning_count); fprintf(fp, "-received_time_usec .%06d\n", (int)received_time.tv_usec); +fprintf(fp, "-received_time_complete %d.%06d\n", + (int)received_time_complete.tv_sec, (int)received_time_complete.tv_usec); /* If there is information about a sending host, remember it. The HELO data can be set for local SMTP as well as remote. */ -if (sender_helo_name) - fprintf(fp, "-helo_name %s\n", sender_helo_name); +if (sender_helo_name) spool_var_write(fp, US"helo_name", sender_helo_name); if (sender_host_address) { + if (is_tainted(sender_host_address)) putc('-', fp); fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port); if (sender_host_name) - fprintf(fp, "-host_name %s\n", sender_host_name); - if (sender_host_authenticated) - fprintf(fp, "-host_auth %s\n", sender_host_authenticated); + spool_var_write(fp, US"host_name", sender_host_name); } +if (sender_host_authenticated) + spool_var_write(fp, US"host_auth", sender_host_authenticated); +if (sender_host_auth_pubname) + spool_var_write(fp, US"host_auth_pubname", sender_host_auth_pubname); /* Also about the interface a message came in on */ if (interface_address) + { + if (is_tainted(interface_address)) putc('-', fp); fprintf(fp, "-interface_address %s.%d\n", interface_address, interface_port); + } if (smtp_active_hostname != primary_hostname) - fprintf(fp, "-active_hostname %s\n", smtp_active_hostname); + spool_var_write(fp, US"active_hostname", smtp_active_hostname); /* Likewise for any ident information; for local messages this is likely to be the same as originator_login, but will be different if the originator was root, forcing a different ident. */ -if (sender_ident) fprintf(fp, "-ident %s\n", sender_ident); +if (sender_ident) + spool_var_write(fp, US"ident", sender_ident); /* Ditto for the received protocol */ if (received_protocol) - fprintf(fp, "-received_protocol %s\n", received_protocol); + spool_var_write(fp, US"received_protocol", received_protocol); /* Preserve any ACL variables that are set. */ @@ -206,9 +233,9 @@ fprintf(fp, "-max_received_linelength %d\n", max_received_linelength); if (body_zerocount > 0) fprintf(fp, "-body_zerocount %d\n", body_zerocount); if (authenticated_id) - fprintf(fp, "-auth_id %s\n", authenticated_id); + spool_var_write(fp, US"auth_id", authenticated_id); if (authenticated_sender) - fprintf(fp, "-auth_sender %s\n", authenticated_sender); + spool_var_write(fp, US"auth_sender", zap_newlines(authenticated_sender)); if (f.allow_unqualified_recipient) fprintf(fp, "-allow_unqualified_recipient\n"); if (f.allow_unqualified_sender) fprintf(fp, "-allow_unqualified_sender\n"); @@ -220,36 +247,40 @@ if (host_lookup_failed) fprintf(fp, "-host_lookup_failed\n"); if (f.sender_local) fprintf(fp, "-local\n"); if (f.local_error_message) fprintf(fp, "-localerror\n"); #ifdef HAVE_LOCAL_SCAN -if (local_scan_data) fprintf(fp, "-local_scan %s\n", local_scan_data); +if (local_scan_data) spool_var_write(fp, US"local_scan", local_scan_data); #endif #ifdef WITH_CONTENT_SCAN -if (spam_bar) fprintf(fp,"-spam_bar %s\n", spam_bar); -if (spam_score) fprintf(fp,"-spam_score %s\n", spam_score); -if (spam_score_int) fprintf(fp,"-spam_score_int %s\n", spam_score_int); +if (spam_bar) spool_var_write(fp, US"spam_bar", spam_bar); +if (spam_score) spool_var_write(fp, US"spam_score", spam_score); +if (spam_score_int) spool_var_write(fp, US"spam_score_int", spam_score_int); #endif if (f.deliver_manual_thaw) fprintf(fp, "-manual_thaw\n"); if (f.sender_set_untrusted) fprintf(fp, "-sender_set_untrusted\n"); #ifdef EXPERIMENTAL_BRIGHTMAIL -if (bmi_verdicts) fprintf(fp, "-bmi_verdicts %s\n", bmi_verdicts); +if (bmi_verdicts) spool_var_write(fp, US"bmi_verdicts", bmi_verdicts); #endif -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS if (tls_in.certificate_verified) fprintf(fp, "-tls_certificate_verified\n"); -if (tls_in.cipher) fprintf(fp, "-tls_cipher %s\n", tls_in.cipher); +if (tls_in.cipher) spool_var_write(fp, US"tls_cipher", tls_in.cipher); if (tls_in.peercert) { - (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert); - fprintf(fp, "-tls_peercert %s\n", CS big_buffer); + if (tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert)) + fprintf(fp, "--tls_peercert %s\n", CS big_buffer); } -if (tls_in.peerdn) fprintf(fp, "-tls_peerdn %s\n", string_printing(tls_in.peerdn)); -if (tls_in.sni) fprintf(fp, "-tls_sni %s\n", string_printing(tls_in.sni)); +if (tls_in.peerdn) spool_var_write(fp, US"tls_peerdn", string_printing(tls_in.peerdn)); +if (tls_in.sni) spool_var_write(fp, US"tls_sni", string_printing(tls_in.sni)); if (tls_in.ourcert) { - (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert); - fprintf(fp, "-tls_ourcert %s\n", CS big_buffer); + if (tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert)) + fprintf(fp, "-tls_ourcert %s\n", CS big_buffer); } if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp); +# ifndef DISABLE_TLS_RESUME +fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption); +# endif +if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver); #endif #ifdef SUPPORT_I18N @@ -262,9 +293,9 @@ if (message_smtputf8) #endif /* Write the dsn flags to the spool header file */ -DEBUG(D_deliver) debug_printf("DSN: Write SPOOL :-dsn_envid %s\n", dsn_envid); +/* DEBUG(D_deliver) debug_printf("DSN: Write SPOOL: -dsn_envid %s\n", dsn_envid); */ if (dsn_envid) fprintf(fp, "-dsn_envid %s\n", dsn_envid); -DEBUG(D_deliver) debug_printf("DSN: Write SPOOL :-dsn_ret %d\n", dsn_ret); +/* DEBUG(D_deliver) debug_printf("DSN: Write SPOOL: -dsn_ret %d\n", dsn_ret); */ if (dsn_ret) fprintf(fp, "-dsn_ret %d\n", dsn_ret); /* To complete the envelope, write out the tree of non-recipients, followed by @@ -277,24 +308,25 @@ fprintf(fp, "%d\n", recipients_count); for (int i = 0; i < recipients_count; i++) { recipient_item *r = recipients_list + i; + const uschar *address = zap_newlines(r->address); - DEBUG(D_deliver) debug_printf("DSN: Flags :%d\n", r->dsn_flags); + /* DEBUG(D_deliver) debug_printf("DSN: Flags: 0x%x\n", r->dsn_flags); */ - if (r->pno < 0 && r->errors_to == NULL && r->dsn_flags == 0) - fprintf(fp, "%s\n", r->address); + if (r->pno < 0 && !r->errors_to && r->dsn_flags == 0) + fprintf(fp, "%s\n", address); else { - uschar * errors_to = r->errors_to ? r->errors_to : US""; + const uschar *errors_to = r->errors_to ? zap_newlines(r->errors_to) : CUS""; /* for DSN SUPPORT extend exim 4 spool in a compatible way by adding new values upfront and add flag 0x02 */ - uschar * orcpt = r->orcpt ? r->orcpt : US""; + const uschar *orcpt = r->orcpt ? zap_newlines(r->orcpt) : CUS""; - fprintf(fp, "%s %s %d,%d %s %d,%d#3\n", r->address, orcpt, Ustrlen(orcpt), + fprintf(fp, "%s %s %d,%d %s %d,%d#3\n", address, orcpt, Ustrlen(orcpt), r->dsn_flags, errors_to, Ustrlen(errors_to), r->pno); } DEBUG(D_deliver) debug_printf("DSN: **** SPOOL_OUT - " - "address: |%s| errorsto: |%s| orcpt: |%s| dsn_flags: %d\n", + "address: <%s> errorsto: <%s> orcpt: <%s> dsn_flags: 0x%x\n", r->address, r->errors_to, r->orcpt, r->dsn_flags); } @@ -392,8 +424,6 @@ return statbuf.st_size - size_correction; } -#ifdef SUPPORT_MOVE_FROZEN_MESSAGES - /************************************************ * Make a hard link * ************************************************/ @@ -404,6 +434,7 @@ start-up time. Arguments: dir base directory name + dq destiinationqueue name subdir subdirectory name id message id suffix suffix to add to id @@ -416,11 +447,11 @@ Returns: TRUE if all went well */ static BOOL -make_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, - uschar *to, BOOL noentok) +make_link(uschar *dir, uschar * dq, uschar *subdir, uschar *id, uschar *suffix, + uschar *from, uschar *to, BOOL noentok) { uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); -uschar * tname = spool_fname(string_sprintf("%s%s", to, dir), subdir, id, suffix); +uschar * tname = spool_q_fname(string_sprintf("%s%s", to, dir), dq, subdir, id, suffix); if (Ulink(fname, tname) < 0 && (!noentok || errno != ENOENT)) { log_write(0, LOG_MAIN|LOG_PANIC, "link(\"%s\", \"%s\") failed while moving " @@ -474,8 +505,7 @@ return TRUE; /* Move the files for a message (-H, -D, and msglog) from one directory (or hierarchy) to another. It is assume that there is no -J file in existence when -this is done. At present, this is used only when move_frozen_messages is set, -so compile it only when that support is configured. +this is done. Arguments: id the id of the message to be delivered @@ -490,13 +520,18 @@ Returns: TRUE if all is well BOOL spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to) { +uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name; + +/* Since we are working within the spool, de-taint the dest queue name */ +dest_qname = string_copy_taint(dest_qname, FALSE); + /* Create any output directories that do not exist. */ (void) directory_make(spool_directory, - spool_sname(string_sprintf("%sinput", to), subdir), + spool_q_sname(string_sprintf("%sinput", to), dest_qname, subdir), INPUT_DIRECTORY_MODE, TRUE); (void) directory_make(spool_directory, - spool_sname(string_sprintf("%smsglog", to), subdir), + spool_q_sname(string_sprintf("%smsglog", to), dest_qname, subdir), INPUT_DIRECTORY_MODE, TRUE); /* Move the message by first creating new hard links for all the files, and @@ -508,9 +543,9 @@ rule of waiting for a -H file before doing anything. When moving messages off the mail spool, the -D file should be open and locked at the time, thus keeping Exim's hands off. */ -if (!make_link(US"msglog", subdir, id, US"", from, to, TRUE) || - !make_link(US"input", subdir, id, US"-D", from, to, FALSE) || - !make_link(US"input", subdir, id, US"-H", from, to, FALSE)) +if (!make_link(US"msglog", dest_qname, subdir, id, US"", from, to, TRUE) || + !make_link(US"input", dest_qname, subdir, id, US"-D", from, to, FALSE) || + !make_link(US"input", dest_qname, subdir, id, US"-H", from, to, FALSE)) return FALSE; if (!break_link(US"input", subdir, id, US"-H", from, FALSE) || @@ -518,13 +553,15 @@ if (!break_link(US"input", subdir, id, US"-H", from, FALSE) || !break_link(US"msglog", subdir, id, US"", from, TRUE)) return FALSE; -log_write(0, LOG_MAIN, "moved from %sinput, %smsglog to %sinput, %smsglog", - from, from, to, to); +log_write(0, LOG_MAIN, "moved from %s%s%s%sinput, %smsglog to %s%s%s%sinput, %smsglog", + *queue_name?"(":"", *queue_name?queue_name:US"", *queue_name?") ":"", + from, from, + *dest_qname?"(":"", *dest_qname?dest_qname:US"", *dest_qname?") ":"", + to, to); return TRUE; } -#endif /* End of spool_out.c */ /* vi: aw ai sw=2