X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ce3258931d05becb2c87f17d80ee7c4b01f5a55a..d85cdeb5e554b59bf4c43c54461409c15c6ee9c5:/src/src/exim.c diff --git a/src/src/exim.c b/src/src/exim.c index f8cfda8a8..68734e35c 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -12,6 +12,10 @@ Also a few functions that don't naturally fit elsewhere. */ #include "exim.h" +#if defined(__GLIBC__) && !defined(__UCLIBC__) +# include +#endif + #ifdef USE_GNUTLS # include # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP) @@ -38,7 +42,9 @@ regular expression for a long time; the other for short-term use. */ static void * function_store_get(size_t size) { -return store_get((int)size); +/* For now, regard all RE results as potentially tainted. We might need +more intelligence on this point. */ +return store_get((int)size, TRUE); } static void @@ -136,14 +142,13 @@ regex_match_and_setup(const pcre *re, const uschar *subject, int options, int se int ovector[3*(EXPAND_MAXN+1)]; uschar * s = string_copy(subject); /* de-constifying */ int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0, - PCRE_EOPT | options, ovector, sizeof(ovector)/sizeof(int)); + PCRE_EOPT | options, ovector, nelem(ovector)); BOOL yield = n >= 0; if (n == 0) n = EXPAND_MAXN + 1; if (yield) { - int nn; - expand_nmax = (setup < 0)? 0 : setup + 1; - for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2) + expand_nmax = setup < 0 ? 0 : setup + 1; + for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2) { expand_nstring[expand_nmax] = s + ovector[nn]; expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; @@ -170,22 +175,35 @@ Returns: nothing void set_process_info(const char *format, ...) { +gstring gs = { .size = PROCESS_INFO_SIZE - 2, .ptr = 0, .s = process_info }; +gstring * g; int len; va_list ap; -sprintf(CS process_info, "%5d ", (int)getpid()); -len = Ustrlen(process_info); + +g = string_fmt_append(&gs, "%5d ", (int)getpid()); +len = g->ptr; va_start(ap, format); -if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap)) - Ustrcpy(process_info + len, "**** string overflowed buffer ****"); -len = Ustrlen(process_info); -process_info[len+0] = '\n'; -process_info[len+1] = '\0'; -process_info_len = len + 1; +if (!string_vformat(g, 0, format, ap)) + { + gs.ptr = len; + g = string_cat(&gs, US"**** string overflowed buffer ****"); + } +g = string_catn(g, US"\n", 1); +string_from_gstring(g); +process_info_len = g->ptr; DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info); va_end(ap); } +/*********************************************** +* Handler for SIGTERM * +***********************************************/ +static void +term_handler(int sig) +{ + exit(1); +} /************************************************* @@ -210,8 +228,7 @@ int fd; os_restarting_signal(sig, usr1_handler); -fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE); -if (fd < 0) +if ((fd = Uopen(process_log_path, O_APPEND|O_WRONLY, LOG_MODE)) < 0) { /* If we are already running as the Exim user, try to create it in the current process (assuming spool_directory exists). Otherwise, if we are @@ -343,7 +360,7 @@ Arguments: Returns: -1, 0, or +1 */ -int +static int exim_tvcmp(struct timeval *t1, struct timeval *t2) { if (t1->tv_sec > t2->tv_sec) return +1; @@ -363,7 +380,7 @@ return 0; /* Exim uses a time + a pid to generate a unique identifier in two places: its message IDs, and in file names for maildir deliveries. Because some OS now re-use pids within the same second, sub-second times are now being used. -However, for absolute certaintly, we must ensure the clock has ticked before +However, for absolute certainty, we must ensure the clock has ticked before allowing the relevant process to complete. At the time of implementation of this code (February 2003), the speed of processors is such that the clock will invariably have ticked already by the time a process has done its job. This @@ -411,7 +428,7 @@ if (exim_tvcmp(&now_tv, then_tv) <= 0) DEBUG(D_transport|D_receive) { - if (!running_in_test_harness) + if (!f.running_in_test_harness) { debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n", then_tv->tv_sec, (long) then_tv->tv_usec, @@ -458,8 +475,6 @@ return f; } - - /************************************************* * Ensure stdin, stdout, and stderr exist * *************************************************/ @@ -481,16 +496,15 @@ Returns: Nothing void exim_nullstd(void) { -int i; int devnull = -1; struct stat statbuf; -for (i = 0; i <= 2; i++) +for (int i = 0; i <= 2; i++) { if (fstat(i, &statbuf) < 0 && errno == EBADF) { if (devnull < 0) devnull = open("/dev/null", O_RDWR); if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", - string_open_failed(errno, "/dev/null")); + string_open_failed(errno, "/dev/null", NULL)); if (devnull != i) (void)dup2(devnull, i); } } @@ -541,9 +555,9 @@ close_unwanted(void) { if (smtp_input) { - #ifdef SUPPORT_TLS - tls_close(TRUE, FALSE); /* Shut down the TLS library */ - #endif +#ifndef DISABLE_TLS + tls_close(NULL, TLS_NO_SHUTDOWN); /* Shut down the TLS library */ +#endif (void)close(fileno(smtp_in)); (void)close(fileno(smtp_out)); smtp_in = NULL; @@ -554,7 +568,7 @@ else if ((debug_selector & D_resolver) == 0) (void)close(1); /* stdout */ if (debug_selector == 0) /* stderr */ { - if (!synchronous_delivery) + if (!f.synchronous_delivery) { (void)close(2); log_stderr = NULL; @@ -600,21 +614,18 @@ if (euid == root_uid || euid != uid || egid != gid || igflag) if (igflag) { struct passwd *pw = getpwuid(uid); - if (pw != NULL) - { - if (initgroups(pw->pw_name, gid) != 0) - log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s", - (long int)uid, strerror(errno)); - } - else log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): " - "no passwd entry for uid=%ld", (long int)uid); + if (!pw) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "cannot run initgroups(): " + "no passwd entry for uid=%ld", (long int)uid); + + if (initgroups(pw->pw_name, gid) != 0) + log_write(0,LOG_MAIN|LOG_PANIC_DIE,"initgroups failed for uid=%ld: %s", + (long int)uid, strerror(errno)); } if (setgid(gid) < 0 || setuid(uid) < 0) - { log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to set gid=%ld or uid=%ld " "(euid=%ld): %s", (long int)gid, (long int)uid, (long int)euid, msg); - } } /* Debugging output included uid/gid and all groups */ @@ -622,17 +633,14 @@ if (euid == root_uid || euid != uid || egid != gid || igflag) DEBUG(D_uid) { int group_count, save_errno; - gid_t group_list[NGROUPS_MAX]; + gid_t group_list[EXIM_GROUPLIST_SIZE]; debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg, (long int)geteuid(), (long int)getegid(), (long int)getpid()); - group_count = getgroups(NGROUPS_MAX, group_list); + group_count = getgroups(nelem(group_list), group_list); save_errno = errno; debug_printf(" auxiliary group list:"); if (group_count > 0) - { - int i; - for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]); - } + for (int i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]); else if (group_count < 0) debug_printf(" ", strerror(save_errno)); else debug_printf(" "); @@ -657,16 +665,67 @@ Returns: does not return */ void -exim_exit(int rc) +exim_exit(int rc, const uschar * process) { search_tidyup(); +store_exit(); DEBUG(D_any) - debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d terminating with rc=%d " - ">>>>>>>>>>>>>>>>\n", (int)getpid(), rc); + debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d %s%s%sterminating with rc=%d " + ">>>>>>>>>>>>>>>>\n", (int)getpid(), + process ? "(" : "", process, process ? ") " : "", rc); exit(rc); } +void +exim_underbar_exit(int rc) +{ +store_exit(); +_exit(rc); +} + + + +/* Print error string, then die */ +static void +exim_fail(const char * fmt, ...) +{ +va_list ap; +va_start(ap, fmt); +vfprintf(stderr, fmt, ap); +exit(EXIT_FAILURE); +} + +/* exim_chown_failure() called from exim_chown()/exim_fchown() on failure +of chown()/fchown(). See src/functions.h for more explanation */ +int +exim_chown_failure(int fd, const uschar *name, uid_t owner, gid_t group) +{ +int saved_errno = errno; /* from the preceeding chown call */ +#if 1 +log_write(0, LOG_MAIN|LOG_PANIC, + __FILE__ ":%d: chown(%s, %d:%d) failed (%s)." + " Please contact the authors and refer to https://bugs.exim.org/show_bug.cgi?id=2391", + __LINE__, name?name:US"", owner, group, strerror(errno)); +#else +/* I leave this here, commented, in case the "bug"(?) comes up again. + It is not an Exim bug, but we can provide a workaround. + See Bug 2391 + HS 2019-04-18 */ + +struct stat buf; + +if (0 == (fd < 0 ? stat(name, &buf) : fstat(fd, &buf))) +{ + if (buf.st_uid == owner && buf.st_gid == group) return 0; + log_write(0, LOG_MAIN|LOG_PANIC, "Wrong ownership on %s", name); +} +else log_write(0, LOG_MAIN|LOG_PANIC, "Stat failed on %s: %s", name, strerror(errno)); + +#endif +errno = saved_errno; +return -1; +} /************************************************* @@ -689,10 +748,7 @@ check_port(uschar *address) { int port = host_address_extract_port(address); if (string_is_ip_address(address, NULL) == 0) - { - fprintf(stderr, "exim abandoned: \"%s\" is not an IP address\n", address); - exit(EXIT_FAILURE); - } + exim_fail("exim abandoned: \"%s\" is not an IP address\n", address); return port; } @@ -741,26 +797,26 @@ else * Show supported features * *************************************************/ -/* This function is called for -bV/--version and for -d to output the optional -features of the current Exim binary. - -Arguments: a FILE for printing -Returns: nothing -*/ - static void -show_whats_supported(FILE *f) +show_db_version(FILE * f) { - auth_info *authi; - #ifdef DB_VERSION_STRING -fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING); +DEBUG(D_any) + { + fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING); + fprintf(f, " Runtime: %s\n", + db_version(NULL, NULL, NULL)); + } +else + fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING); + #elif defined(BTREEVERSION) && defined(HASHVERSION) #ifdef USE_DB fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n"); #else fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n"); #endif + #elif defined(_DBM_RDONLY) || defined(dbm_dirfno) fprintf(f, "Probably ndbm\n"); #elif defined(USE_TDB) @@ -772,252 +828,217 @@ fprintf(f, "Using tdb\n"); fprintf(f, "Probably GDBM (compatibility mode)\n"); #endif #endif +} + + +/* This function is called for -bV/--version and for -d to output the optional +features of the current Exim binary. + +Arguments: a FILE for printing +Returns: nothing +*/ -fprintf(f, "Support for:"); +static void +show_whats_supported(FILE * fp) +{ +DEBUG(D_any) {} else show_db_version(fp); + +fprintf(fp, "Support for:"); #ifdef SUPPORT_CRYPTEQ - fprintf(f, " crypteq"); + fprintf(fp, " crypteq"); #endif #if HAVE_ICONV - fprintf(f, " iconv()"); + fprintf(fp, " iconv()"); #endif #if HAVE_IPV6 - fprintf(f, " IPv6"); + fprintf(fp, " IPv6"); #endif #ifdef HAVE_SETCLASSRESOURCES - fprintf(f, " use_setclassresources"); + fprintf(fp, " use_setclassresources"); #endif #ifdef SUPPORT_PAM - fprintf(f, " PAM"); + fprintf(fp, " PAM"); #endif #ifdef EXIM_PERL - fprintf(f, " Perl"); + fprintf(fp, " Perl"); #endif #ifdef EXPAND_DLFUNC - fprintf(f, " Expand_dlfunc"); + fprintf(fp, " Expand_dlfunc"); #endif #ifdef USE_TCP_WRAPPERS - fprintf(f, " TCPwrappers"); + fprintf(fp, " TCPwrappers"); #endif -#ifdef SUPPORT_TLS - #ifdef USE_GNUTLS - fprintf(f, " GnuTLS"); - #else - fprintf(f, " OpenSSL"); - #endif +#ifdef USE_GNUTLS + fprintf(fp, " GnuTLS"); +#endif +#ifdef USE_OPENSSL + fprintf(fp, " OpenSSL"); #endif #ifdef SUPPORT_TRANSLATE_IP_ADDRESS - fprintf(f, " translate_ip_address"); + fprintf(fp, " translate_ip_address"); #endif #ifdef SUPPORT_MOVE_FROZEN_MESSAGES - fprintf(f, " move_frozen_messages"); + fprintf(fp, " move_frozen_messages"); #endif #ifdef WITH_CONTENT_SCAN - fprintf(f, " Content_Scanning"); + fprintf(fp, " Content_Scanning"); #endif -#ifdef WITH_OLD_DEMIME - fprintf(f, " Old_Demime"); +#ifdef SUPPORT_DANE + fprintf(fp, " DANE"); #endif #ifndef DISABLE_DKIM - fprintf(f, " DKIM"); + fprintf(fp, " DKIM"); #endif #ifndef DISABLE_DNSSEC - fprintf(f, " DNSSEC"); + fprintf(fp, " DNSSEC"); #endif #ifndef DISABLE_EVENT - fprintf(f, " Event"); + fprintf(fp, " Event"); #endif #ifdef SUPPORT_I18N - fprintf(f, " I18N"); + fprintf(fp, " I18N"); #endif #ifndef DISABLE_OCSP - fprintf(f, " OCSP"); + fprintf(fp, " OCSP"); +#endif +#ifdef SUPPORT_PIPE_CONNECT + fprintf(fp, " PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR - fprintf(f, " PRDR"); + fprintf(fp, " PRDR"); #endif #ifdef SUPPORT_PROXY - fprintf(f, " PROXY"); + fprintf(fp, " PROXY"); #endif #ifdef SUPPORT_SOCKS - fprintf(f, " SOCKS"); + fprintf(fp, " SOCKS"); +#endif +#ifdef SUPPORT_SPF + fprintf(fp, " SPF"); +#endif +#ifdef SUPPORT_DMARC + fprintf(fp, " DMARC"); #endif -#ifdef EXPERIMENTAL_SPF - fprintf(f, " Experimental_SPF"); +#ifdef TCP_FASTOPEN + tcp_init(); + if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open"); +#endif +#ifdef EXPERIMENTAL_LMDB + fprintf(fp, " Experimental_LMDB"); +#endif +#ifdef EXPERIMENTAL_QUEUEFILE + fprintf(fp, " Experimental_QUEUEFILE"); #endif #ifdef EXPERIMENTAL_SRS - fprintf(f, " Experimental_SRS"); + fprintf(fp, " Experimental_SRS"); #endif -#ifdef EXPERIMENTAL_BRIGHTMAIL - fprintf(f, " Experimental_Brightmail"); +#ifdef EXPERIMENTAL_ARC + fprintf(fp, " Experimental_ARC"); #endif -#ifdef EXPERIMENTAL_DANE - fprintf(f, " Experimental_DANE"); +#ifdef EXPERIMENTAL_BRIGHTMAIL + fprintf(fp, " Experimental_Brightmail"); #endif #ifdef EXPERIMENTAL_DCC - fprintf(f, " Experimental_DCC"); -#endif -#ifdef EXPERIMENTAL_DMARC - fprintf(f, " Experimental_DMARC"); + fprintf(fp, " Experimental_DCC"); #endif #ifdef EXPERIMENTAL_DSN_INFO - fprintf(f, " Experimental_DSN_info"); + fprintf(fp, " Experimental_DSN_info"); #endif -#ifdef EXPERIMENTAL_REDIS - fprintf(f, " Experimental_Redis"); +#ifdef EXPERIMENTAL_TLS_RESUME + fprintf(fp, " Experimental_TLS_resume"); #endif -fprintf(f, "\n"); +fprintf(fp, "\n"); -fprintf(f, "Lookups (built-in):"); +fprintf(fp, "Lookups (built-in):"); #if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2 - fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch"); + fprintf(fp, " lsearch wildlsearch nwildlsearch iplsearch"); #endif #if defined(LOOKUP_CDB) && LOOKUP_CDB!=2 - fprintf(f, " cdb"); + fprintf(fp, " cdb"); #endif #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 - fprintf(f, " dbm dbmjz dbmnz"); + fprintf(fp, " dbm dbmjz dbmnz"); #endif #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 - fprintf(f, " dnsdb"); + fprintf(fp, " dnsdb"); #endif #if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2 - fprintf(f, " dsearch"); + fprintf(fp, " dsearch"); #endif #if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2 - fprintf(f, " ibase"); + fprintf(fp, " ibase"); +#endif +#if defined(LOOKUP_JSON) && LOOKUP_JSON!=2 + fprintf(fp, " json"); #endif #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2 - fprintf(f, " ldap ldapdn ldapm"); + fprintf(fp, " ldap ldapdn ldapm"); +#endif +#ifdef EXPERIMENTAL_LMDB + fprintf(fp, " lmdb"); #endif #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 - fprintf(f, " mysql"); + fprintf(fp, " mysql"); #endif #if defined(LOOKUP_NIS) && LOOKUP_NIS!=2 - fprintf(f, " nis nis0"); + fprintf(fp, " nis nis0"); #endif #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2 - fprintf(f, " nisplus"); + fprintf(fp, " nisplus"); #endif #if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2 - fprintf(f, " oracle"); + fprintf(fp, " oracle"); #endif #if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2 - fprintf(f, " passwd"); + fprintf(fp, " passwd"); #endif #if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2 - fprintf(f, " pgsql"); + fprintf(fp, " pgsql"); +#endif +#if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2 + fprintf(fp, " redis"); #endif #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 - fprintf(f, " sqlite"); + fprintf(fp, " sqlite"); #endif #if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2 - fprintf(f, " testdb"); + fprintf(fp, " testdb"); #endif #if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2 - fprintf(f, " whoson"); -#endif -fprintf(f, "\n"); - -fprintf(f, "Authenticators:"); -#ifdef AUTH_CRAM_MD5 - fprintf(f, " cram_md5"); -#endif -#ifdef AUTH_CYRUS_SASL - fprintf(f, " cyrus_sasl"); -#endif -#ifdef AUTH_DOVECOT - fprintf(f, " dovecot"); + fprintf(fp, " whoson"); #endif -#ifdef AUTH_GSASL - fprintf(f, " gsasl"); -#endif -#ifdef AUTH_HEIMDAL_GSSAPI - fprintf(f, " heimdal_gssapi"); -#endif -#ifdef AUTH_PLAINTEXT - fprintf(f, " plaintext"); -#endif -#ifdef AUTH_SPA - fprintf(f, " spa"); -#endif -#ifdef AUTH_TLS - fprintf(f, " tls"); -#endif -fprintf(f, "\n"); +fprintf(fp, "\n"); -fprintf(f, "Routers:"); -#ifdef ROUTER_ACCEPT - fprintf(f, " accept"); -#endif -#ifdef ROUTER_DNSLOOKUP - fprintf(f, " dnslookup"); -#endif -#ifdef ROUTER_IPLITERAL - fprintf(f, " ipliteral"); -#endif -#ifdef ROUTER_IPLOOKUP - fprintf(f, " iplookup"); -#endif -#ifdef ROUTER_MANUALROUTE - fprintf(f, " manualroute"); -#endif -#ifdef ROUTER_QUERYPROGRAM - fprintf(f, " queryprogram"); -#endif -#ifdef ROUTER_REDIRECT - fprintf(f, " redirect"); -#endif -fprintf(f, "\n"); +auth_show_supported(fp); +route_show_supported(fp); +transport_show_supported(fp); -fprintf(f, "Transports:"); -#ifdef TRANSPORT_APPENDFILE - fprintf(f, " appendfile"); - #ifdef SUPPORT_MAILDIR - fprintf(f, "/maildir"); - #endif - #ifdef SUPPORT_MAILSTORE - fprintf(f, "/mailstore"); - #endif - #ifdef SUPPORT_MBX - fprintf(f, "/mbx"); - #endif -#endif -#ifdef TRANSPORT_AUTOREPLY - fprintf(f, " autoreply"); -#endif -#ifdef TRANSPORT_LMTP - fprintf(f, " lmtp"); -#endif -#ifdef TRANSPORT_PIPE - fprintf(f, " pipe"); -#endif -#ifdef TRANSPORT_SMTP - fprintf(f, " smtp"); +#ifdef WITH_CONTENT_SCAN +malware_show_supported(fp); #endif -fprintf(f, "\n"); if (fixed_never_users[0] > 0) { int i; - fprintf(f, "Fixed never_users: "); + fprintf(fp, "Fixed never_users: "); for (i = 1; i <= (int)fixed_never_users[0] - 1; i++) - fprintf(f, "%d:", (unsigned int)fixed_never_users[i]); - fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); + fprintf(fp, "%d:", (unsigned int)fixed_never_users[i]); + fprintf(fp, "%d\n", (unsigned int)fixed_never_users[i]); } -fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); +fprintf(fp, "Configure owner: %d:%d\n", config_uid, config_gid); + +fprintf(fp, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); /* Everything else is details which are only worth reporting when debugging. Perhaps the tls_version_report should move into this too. */ DEBUG(D_any) do { - int i; - /* clang defines __GNUC__ (at least, for me) so test for it first */ #if defined(__clang__) - fprintf(f, "Compiler: CLang [%s]\n", __clang_version__); + fprintf(fp, "Compiler: CLang [%s]\n", __clang_version__); #elif defined(__GNUC__) - fprintf(f, "Compiler: GCC [%s]\n", + fprintf(fp, "Compiler: GCC [%s]\n", # ifdef __VERSION__ __VERSION__ # else @@ -1025,29 +1046,39 @@ DEBUG(D_any) do { # endif ); #else - fprintf(f, "Compiler: \n"); + fprintf(fp, "Compiler: \n"); #endif -#ifdef SUPPORT_TLS - tls_version_report(f); +#if defined(__GLIBC__) && !defined(__UCLIBC__) + fprintf(fp, "Library version: Glibc: Compile: %d.%d\n", + __GLIBC__, __GLIBC_MINOR__); + if (__GLIBC_PREREQ(2, 1)) + fprintf(fp, " Runtime: %s\n", + gnu_get_libc_version()); +#endif + +show_db_version(fp); + +#ifndef DISABLE_TLS + tls_version_report(fp); #endif #ifdef SUPPORT_I18N - utf8_version_report(f); + utf8_version_report(fp); #endif - for (authi = auths_available; *authi->driver_name != '\0'; ++authi) + for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi) if (authi->version_report) - (*authi->version_report)(f); + (*authi->version_report)(fp); /* PCRE_PRERELEASE is either defined and empty or a bare sequence of characters; unless it's an ancient version of PCRE in which case it is not defined. */ #ifndef PCRE_PRERELEASE -#define PCRE_PRERELEASE +# define PCRE_PRERELEASE #endif #define QUOTE(X) #X #define EXPAND_AND_QUOTE(X) QUOTE(X) - fprintf(f, "Library version: PCRE: Compile: %d.%d%s\n" + fprintf(fp, "Library version: PCRE: Compile: %d.%d%s\n" " Runtime: %s\n", PCRE_MAJOR, PCRE_MINOR, EXPAND_AND_QUOTE(PCRE_PRERELEASE) "", @@ -1056,19 +1087,19 @@ DEBUG(D_any) do { #undef EXPAND_AND_QUOTE init_lookup_list(); - for (i = 0; i < lookup_list_count; i++) + for (int i = 0; i < lookup_list_count; i++) if (lookup_list[i]->version_report) - lookup_list[i]->version_report(f); + lookup_list[i]->version_report(fp); #ifdef WHITELIST_D_MACROS - fprintf(f, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS); + fprintf(fp, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS); #else - fprintf(f, "WHITELIST_D_MACROS unset\n"); + fprintf(fp, "WHITELIST_D_MACROS unset\n"); #endif #ifdef TRUSTED_CONFIG_LIST - fprintf(f, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST); + fprintf(fp, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST); #else - fprintf(f, "TRUSTED_CONFIG_LIST unset\n"); + fprintf(fp, "TRUSTED_CONFIG_LIST unset\n"); #endif } while (0); @@ -1082,8 +1113,6 @@ DEBUG(D_any) do { static void show_exim_information(enum commandline_info request, FILE *stream) { -const uschar **pp; - switch(request) { case CMDINFO_NONE: @@ -1095,12 +1124,12 @@ switch(request) "If the string is not recognised, you'll get this help (on stderr).\n" "\n" " exim -bI:help this information\n" -" exim -bI:dscp dscp value keywords known\n" -" exim -bI:sieve list of supported sieve extensions, one per line.\n" +" exim -bI:dscp list of known dscp value keywords\n" +" exim -bI:sieve list of supported sieve extensions\n" ); return; case CMDINFO_SIEVE: - for (pp = exim_sieve_extension_list; *pp; ++pp) + for (const uschar ** pp = exim_sieve_extension_list; *pp; ++pp) fprintf(stream, "%s\n", *pp); return; case CMDINFO_DSCP: @@ -1126,11 +1155,9 @@ uschar * local_part_quote(uschar *lpart) { BOOL needs_quote = FALSE; -int size, ptr; -uschar *yield; -uschar *t; +gstring * g; -for (t = lpart; !needs_quote && *t != 0; t++) +for (uschar * t = lpart; !needs_quote && *t != 0; t++) { needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL && (*t != '.' || t == lpart || t[1] == 0); @@ -1138,26 +1165,24 @@ for (t = lpart; !needs_quote && *t != 0; t++) if (!needs_quote) return lpart; -size = ptr = 0; -yield = string_cat(NULL, &size, &ptr, US"\"", 1); +g = string_catn(NULL, US"\"", 1); for (;;) { uschar *nq = US Ustrpbrk(lpart, "\\\""); if (nq == NULL) { - yield = string_cat(yield, &size, &ptr, lpart, Ustrlen(lpart)); + g = string_cat(g, lpart); break; } - yield = string_cat(yield, &size, &ptr, lpart, nq - lpart); - yield = string_cat(yield, &size, &ptr, US"\\", 1); - yield = string_cat(yield, &size, &ptr, nq, 1); + g = string_catn(g, lpart, nq - lpart); + g = string_catn(g, US"\\", 1); + g = string_catn(g, nq, 1); lpart = nq + 1; } -yield = string_cat(yield, &size, &ptr, US"\"", 1); -yield[ptr] = 0; -return yield; +g = string_catn(g, US"\"", 1); +return string_from_gstring(g); } @@ -1229,24 +1254,21 @@ Returns: pointer to dynamic memory, or NULL at end of file static uschar * get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *)) { -int i; -int size = 0; -int ptr = 0; -uschar *yield = NULL; +gstring * g = NULL; -if (fn_readline == NULL) { printf("> "); fflush(stdout); } +if (!fn_readline) { printf("> "); fflush(stdout); } -for (i = 0;; i++) +for (int i = 0;; i++) { uschar buffer[1024]; uschar *p, *ss; #ifdef USE_READLINE char *readline_line = NULL; - if (fn_readline != NULL) + if (fn_readline) { - if ((readline_line = fn_readline((i > 0)? "":"> ")) == NULL) break; - if (*readline_line != 0 && fn_addhist != NULL) fn_addhist(readline_line); + if (!(readline_line = fn_readline((i > 0)? "":"> "))) break; + if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line); p = US readline_line; } else @@ -1265,26 +1287,24 @@ for (i = 0;; i++) while (ss > p && isspace(ss[-1])) ss--; if (i > 0) - { while (p < ss && isspace(*p)) p++; /* leading space after cont */ - } - yield = string_cat(yield, &size, &ptr, p, ss - p); + g = string_catn(g, p, ss - p); #ifdef USE_READLINE - if (fn_readline != NULL) free(readline_line); + if (fn_readline) free(readline_line); #endif - if (ss == p || yield[ptr-1] != '\\') - { - yield[ptr] = 0; + /* g can only be NULL if ss==p */ + if (ss == p || g->s[g->ptr-1] != '\\') break; - } - yield[--ptr] = 0; + + --g->ptr; + (void) string_from_gstring(g); } -if (yield == NULL) printf("\n"); -return yield; +if (!g) printf("\n"); +return string_from_gstring(g); } @@ -1306,22 +1326,17 @@ static void exim_usage(uschar *progname) { -/* Handle specific program invocation varients */ +/* Handle specific program invocation variants */ if (Ustrcmp(progname, US"-mailq") == 0) - { - fprintf(stderr, + exim_fail( "mailq - list the contents of the mail queue\n\n" "For a list of options, see the Exim documentation.\n"); - exit(EXIT_FAILURE); - } /* Generic usage - we output this whatever happens */ -fprintf(stderr, +exim_fail( "Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,\n" "not directly from a shell command line. Options and/or arguments control\n" "what it does when called. For a list of options, see the Exim documentation.\n"); - -exit(EXIT_FAILURE); } @@ -1333,22 +1348,21 @@ exit(EXIT_FAILURE); /* Typically, Exim will drop privileges if macros are supplied. In some cases, we want to not do so. -Arguments: none (macros is a global) +Arguments: opt_D_used - true if the commandline had a "-D" option Returns: true if trusted, false otherwise */ static BOOL -macros_trusted(void) +macros_trusted(BOOL opt_D_used) { #ifdef WHITELIST_D_MACROS -macro_item *m; -uschar *whitelisted, *end, *p, **whites, **w; +uschar *whitelisted, *end, *p, **whites; int white_count, i, n; size_t len; BOOL prev_char_item, found; #endif -if (macros == NULL) +if (!opt_D_used) return TRUE; #ifndef WHITELIST_D_MACROS return FALSE; @@ -1370,7 +1384,7 @@ if ( ! ((real_uid == root_uid) } /* Get a list of macros which are whitelisted */ -whitelisted = string_copy_malloc(US WHITELIST_D_MACROS); +whitelisted = string_copy_perm(US WHITELIST_D_MACROS, FALSE); prev_char_item = FALSE; white_count = 0; for (p = whitelisted; *p != '\0'; ++p) @@ -1405,11 +1419,12 @@ for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p) } whites[i] = NULL; -/* The list of macros should be very short. Accept the N*M complexity. */ -for (m = macros; m != NULL; m = m->next) +/* The list of commandline macros should be very short. +Accept the N*M complexity. */ +for (macro_item * m = macros_user; m; m = m->next) if (m->command_line) { found = FALSE; - for (w = whites; *w; ++w) + for (uschar ** w = whites; *w; ++w) if (Ustrcmp(*w, m->name) == 0) { found = TRUE; @@ -1417,10 +1432,9 @@ for (m = macros; m != NULL; m = m->next) } if (!found) return FALSE; - if (m->replacement == NULL) + if (!m->replacement) continue; - len = Ustrlen(m->replacement); - if (len == 0) + if ((len = m->replen) == 0) continue; n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len, 0, PCRE_EOPT, NULL, 0); @@ -1437,6 +1451,40 @@ return TRUE; } +/************************************************* +* Expansion testing * +*************************************************/ + +/* Expand and print one item, doing macro-processing. + +Arguments: + item line for expansion +*/ + +static void +expansion_test_line(uschar * line) +{ +int len; +BOOL dummy_macexp; + +Ustrncpy(big_buffer, line, big_buffer_size); +big_buffer[big_buffer_size-1] = '\0'; +len = Ustrlen(big_buffer); + +(void) macros_expand(0, &len, &dummy_macexp); + +if (isupper(big_buffer[0])) + { + if (macro_read_assignment(big_buffer)) + printf("Defined macro '%s'\n", mlast->name); + } +else + if ((line = expand_string(big_buffer))) printf("%s\n", CS line); + else printf("Failed: %s\n", expand_string_message); +} + + + /************************************************* * Entry point and high-level code * *************************************************/ @@ -1479,6 +1527,7 @@ int recipients_arg = argc; int sender_address_domain = 0; int test_retry_arg = -1; int test_rewrite_arg = -1; +gid_t original_egid; BOOL arg_queue_only = FALSE; BOOL bi_option = FALSE; BOOL checking = FALSE; @@ -1496,6 +1545,7 @@ BOOL list_config = FALSE; BOOL local_queue_only; BOOL more = TRUE; BOOL one_msg_action = FALSE; +BOOL opt_D_used = FALSE; BOOL queue_only_set = FALSE; BOOL receiving_message = TRUE; BOOL sender_ident_set = FALSE; @@ -1521,13 +1571,13 @@ uschar *malware_test_file = NULL; uschar *real_sender_address; uschar *originator_home = US"/"; size_t sz; -void *reset_point; +rmark reset_point; struct passwd *pw; struct stat statbuf; pid_t passed_qr_pid = (pid_t)0; int passed_qr_pipe = -1; -gid_t group_list[NGROUPS_MAX]; +gid_t group_list[EXIM_GROUPLIST_SIZE]; /* For the -bI: flag */ enum commandline_info info_flag = CMDINFO_NONE; @@ -1543,6 +1593,10 @@ because some OS define it in /usr/include/unistd.h. */ extern char **environ; +#ifdef MEASURE_TIMING +(void)gettimeofday(×tamp_startup, NULL); +#endif + /* If the Exim user and/or group and/or the configuration file owner/group were defined by ref:name at build time, we must now find the actual uid/gid values. This is a feature to make the lives of binary distributors easier. */ @@ -1551,49 +1605,32 @@ This is a feature to make the lives of binary distributors easier. */ if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid)) { if (exim_uid == 0) - { - fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n", - EXIM_USERNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: refusing to run with uid 0 for \"%s\"\n", EXIM_USERNAME); + /* If ref:name uses a number as the name, route_finduser() returns TRUE with exim_uid set and pw coerced to NULL. */ if (pw) exim_gid = pw->pw_gid; #ifndef EXIM_GROUPNAME else - { - fprintf(stderr, + exim_fail( "exim: ref:name should specify a usercode, not a group.\n" "exim: can't let you get away with it unless you also specify a group.\n"); - exit(EXIT_FAILURE); - } #endif } else - { - fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", - EXIM_USERNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: failed to find uid for user name \"%s\"\n", EXIM_USERNAME); #endif #ifdef EXIM_GROUPNAME if (!route_findgroup(US EXIM_GROUPNAME, &exim_gid)) - { - fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", - EXIM_GROUPNAME); - exit(EXIT_FAILURE); - } + exim_fail("exim: failed to find gid for group name \"%s\"\n", EXIM_GROUPNAME); #endif #ifdef CONFIGURE_OWNERNAME if (!route_finduser(US CONFIGURE_OWNERNAME, NULL, &config_uid)) - { - fprintf(stderr, "exim: failed to find uid for user name \"%s\"\n", + exim_fail("exim: failed to find uid for user name \"%s\"\n", CONFIGURE_OWNERNAME); - exit(EXIT_FAILURE); - } #endif /* We default the system_filter_user to be the Exim run-time user, as a @@ -1602,11 +1639,8 @@ system_filter_uid = exim_uid; #ifdef CONFIGURE_GROUPNAME if (!route_findgroup(US CONFIGURE_GROUPNAME, &config_gid)) - { - fprintf(stderr, "exim: failed to find gid for group name \"%s\"\n", + exim_fail("exim: failed to find gid for group name \"%s\"\n", CONFIGURE_GROUPNAME); - exit(EXIT_FAILURE); - } #endif /* In the Cygwin environment, some initialization used to need doing. @@ -1620,8 +1654,10 @@ OS_INIT /* Check a field which is patched when we are running Exim within its testing harness; do a fast initial check, and then the whole thing. */ -running_in_test_harness = +f.running_in_test_harness = *running_status == '<' && Ustrcmp(running_status, "<<>>") == 0; +if (f.running_in_test_harness) + debug_store = TRUE; /* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed at the start of a program; however, it seems that some environments do not @@ -1637,12 +1673,8 @@ os_non_restarting_signal(SIGALRM, sigalrm_handler); /* Ensure we have a buffer for constructing log entries. Use malloc directly, because store_malloc writes a log entry on failure. */ -log_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); -if (log_buffer == NULL) - { - fprintf(stderr, "exim: failed to get store for log buffer\n"); - exit(EXIT_FAILURE); - } +if (!(log_buffer = US malloc(LOG_BUFFER_SIZE))) + exim_fail("exim: failed to get store for log buffer\n"); /* Initialize the default log options. */ @@ -1672,9 +1704,14 @@ big_buffer = store_malloc(big_buffer_size); /* Set up the handler for the data request signal, and set the initial descriptive text. */ +process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */ set_process_info("initializing"); os_restarting_signal(SIGUSR1, usr1_handler); +/* If running in a dockerized environment, the TERM signal is only +delegated to the PID 1 if we request it by setting an signal handler */ +if (getpid() == 1) signal(SIGTERM, term_handler); + /* SIGHUP is used to get the daemon to reconfigure. It gets set as appropriate in the daemon code. For the rest of Exim's uses, we ignore it. */ @@ -1760,7 +1797,6 @@ regex_whitelisted_macro = for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; - /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; this seems to be a generally accepted convention, since one finds symbolic links called "mailq" in standard OS configurations. */ @@ -1782,7 +1818,7 @@ message has been sent). */ if ((namelen == 5 && Ustrcmp(argv[0], "rmail") == 0) || (namelen > 5 && Ustrncmp(argv[0] + namelen - 6, "/rmail", 6) == 0)) { - dot_ends = FALSE; + f.dot_ends = FALSE; called_as = US"-rmail"; errors_sender_rc = EXIT_SUCCESS; } @@ -1823,6 +1859,7 @@ if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) || normally be root, but in some esoteric environments it may not be. */ original_euid = geteuid(); +original_egid = getegid(); /* Get the real uid and gid. If the caller is root, force the effective uid/gid to be the same as the real ones. This makes a difference only if Exim is setuid @@ -1834,20 +1871,12 @@ real_gid = getgid(); if (real_uid == root_uid) { - rv = setgid(real_gid); - if (rv) - { - fprintf(stderr, "exim: setgid(%ld) failed: %s\n", + if ((rv = setgid(real_gid))) + exim_fail("exim: setgid(%ld) failed: %s\n", (long int)real_gid, strerror(errno)); - exit(EXIT_FAILURE); - } - rv = setuid(real_uid); - if (rv) - { - fprintf(stderr, "exim: setuid(%ld) failed: %s\n", + if ((rv = setuid(real_uid))) + exim_fail("exim: setuid(%ld) failed: %s\n", (long int)real_uid, strerror(errno)); - exit(EXIT_FAILURE); - } } /* If neither the original real uid nor the original euid was root, Exim is @@ -1875,7 +1904,7 @@ for (i = 1; i < argc; i++) break; } - /* An option consistion of -- terminates the options */ + /* An option consisting of -- terminates the options */ if (Ustrcmp(arg, "--") == 0) { @@ -1904,7 +1933,7 @@ for (i = 1; i < argc; i++) { switchchar = arg[3]; argrest += 2; - queue_2stage = TRUE; + f.queue_2stage = TRUE; } /* Make -r synonymous with -f, since it is a documented alias */ @@ -1975,8 +2004,8 @@ for (i = 1; i < argc; i++) if (*argrest == 'd') { - daemon_listen = TRUE; - if (*(++argrest) == 'f') background_daemon = FALSE; + f.daemon_listen = TRUE; + if (*(++argrest) == 'f') f.background_daemon = FALSE; else if (*argrest != 0) { badarg = TRUE; break; } } @@ -2000,13 +2029,10 @@ for (i = 1; i < argc; i++) else if (*argrest == 'F') { - filter_test |= FTEST_SYSTEM; + filter_test |= checking = FTEST_SYSTEM; if (*(++argrest) != 0) { badarg = TRUE; break; } if (++i < argc) filter_test_sfile = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } + exim_fail("exim: file name expected after %s\n", argv[i-1]); } /* -bf: Run user filter test @@ -2020,20 +2046,14 @@ for (i = 1; i < argc; i++) { if (*(++argrest) == 0) { - filter_test |= FTEST_USER; + filter_test |= checking = FTEST_USER; if (++i < argc) filter_test_ufile = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } + exim_fail("exim: file name expected after %s\n", argv[i-1]); } else { if (++i >= argc) - { - fprintf(stderr, "exim: string expected after %s\n", arg); - exit(EXIT_FAILURE); - } + exim_fail("exim: string expected after %s\n", arg); if (Ustrcmp(argrest, "d") == 0) ftest_domain = argv[i]; else if (Ustrcmp(argrest, "l") == 0) ftest_localpart = argv[i]; else if (Ustrcmp(argrest, "p") == 0) ftest_prefix = argv[i]; @@ -2048,8 +2068,9 @@ for (i = 1; i < argc; i++) { if (++i >= argc) { badarg = TRUE; break; } sender_host_address = argv[i]; - host_checking = checking = log_testing_mode = TRUE; - host_checking_callout = argrest[1] == 'c'; + host_checking = checking = f.log_testing_mode = TRUE; + f.host_checking_callout = argrest[1] == 'c'; + message_logs = FALSE; } /* -bi: This option is used by sendmail to initialize *the* alias file, @@ -2095,6 +2116,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "malware") == 0) { if (++i >= argc) { badarg = TRUE; break; } + checking = TRUE; malware_test_file = argv[i]; } @@ -2104,8 +2126,8 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "nq") == 0) { - allow_unqualified_sender = FALSE; - allow_unqualified_recipient = FALSE; + f.allow_unqualified_sender = FALSE; + f.allow_unqualified_recipient = FALSE; } /* -bpxx: List the contents of the mail queue, in various forms. If @@ -2176,6 +2198,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "rt") == 0) { + checking = TRUE; test_retry_arg = i + 1; goto END_ARG; } @@ -2184,6 +2207,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "rw") == 0) { + checking = TRUE; test_rewrite_arg = i + 1; goto END_ARG; } @@ -2202,18 +2226,18 @@ for (i = 1; i < argc; i++) /* -bt: address testing mode */ else if (Ustrcmp(argrest, "t") == 0) - address_test_mode = checking = log_testing_mode = TRUE; + f.address_test_mode = checking = f.log_testing_mode = TRUE; /* -bv: verify addresses */ else if (Ustrcmp(argrest, "v") == 0) - verify_address_mode = checking = log_testing_mode = TRUE; + verify_address_mode = checking = f.log_testing_mode = TRUE; /* -bvs: verify sender addresses */ else if (Ustrcmp(argrest, "vs") == 0) { - verify_address_mode = checking = log_testing_mode = TRUE; + verify_address_mode = checking = f.log_testing_mode = TRUE; verify_as_sender = TRUE; } @@ -2226,24 +2250,19 @@ for (i = 1; i < argc; i++) printf("%s\n", CS version_copyright); version_printed = TRUE; show_whats_supported(stdout); + f.log_testing_mode = TRUE; } /* -bw: inetd wait mode, accept a listening socket as stdin */ else if (*argrest == 'w') { - inetd_wait_mode = TRUE; - background_daemon = FALSE; - daemon_listen = TRUE; + f.inetd_wait_mode = TRUE; + f.background_daemon = FALSE; + f.daemon_listen = TRUE; if (*(++argrest) != '\0') - { - inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE); - if (inetd_wait_timeout <= 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } - } + if ((inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE)) <= 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); } else badarg = TRUE; @@ -2264,7 +2283,7 @@ for (i = 1; i < argc; i++) #ifdef ALT_CONFIG_PREFIX int sep = 0; int len = Ustrlen(ALT_CONFIG_PREFIX); - uschar *list = argrest; + const uschar *list = argrest; uschar *filename; while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) != NULL) @@ -2273,10 +2292,7 @@ for (i = 1; i < argc; i++) Ustrncmp(filename, ALT_CONFIG_PREFIX, len) != 0 || Ustrstr(filename, "/../") != NULL) && (Ustrcmp(filename, "/dev/null") != 0 || real_uid != root_uid)) - { - fprintf(stderr, "-C Permission denied\n"); - exit(EXIT_FAILURE); - } + exim_fail("-C Permission denied\n"); } #endif if (real_uid != root_uid) @@ -2288,7 +2304,7 @@ for (i = 1; i < argc; i++) && real_uid != config_uid #endif ) - trusted_config = FALSE; + f.trusted_config = FALSE; else { FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb"); @@ -2310,13 +2326,13 @@ for (i = 1; i < argc; i++) ) || /* or */ (statbuf.st_mode & 2) != 0) /* world writeable */ { - trusted_config = FALSE; + f.trusted_config = FALSE; fclose(trust_list); } else { /* Well, the trust list at least is up to scratch... */ - void *reset_point = store_get(0); + rmark reset_point = store_mark(); uschar *trusted_configs[32]; int nr_configs = 0; int i = 0; @@ -2342,43 +2358,35 @@ for (i = 1; i < argc; i++) int sep = 0; const uschar *list = argrest; uschar *filename; - while (trusted_config && (filename = string_nextinlist(&list, + while (f.trusted_config && (filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) != NULL) { for (i=0; i < nr_configs; i++) - { if (Ustrcmp(filename, trusted_configs[i]) == 0) break; - } if (i == nr_configs) { - trusted_config = FALSE; + f.trusted_config = FALSE; break; } } - store_reset(reset_point); - } - else - { - /* No valid prefixes found in trust_list file. */ - trusted_config = FALSE; } + else /* No valid prefixes found in trust_list file. */ + f.trusted_config = FALSE; + store_reset(reset_point); } } - else - { - /* Could not open trust_list file. */ - trusted_config = FALSE; - } + else /* Could not open trust_list file. */ + f.trusted_config = FALSE; } #else /* Not root; don't trust config */ - trusted_config = FALSE; + f.trusted_config = FALSE; #endif } config_main_filelist = argrest; - config_changed = TRUE; + f.config_changed = TRUE; } break; @@ -2386,25 +2394,21 @@ for (i = 1; i < argc; i++) /* -D: set up a macro definition */ case 'D': - #ifdef DISABLE_D_OPTION - fprintf(stderr, "exim: -D is not available in this Exim binary\n"); - exit(EXIT_FAILURE); - #else +#ifdef DISABLE_D_OPTION + exim_fail("exim: -D is not available in this Exim binary\n"); +#else { int ptr = 0; - macro_item *mlast = NULL; macro_item *m; uschar name[24]; uschar *s = argrest; + opt_D_used = TRUE; while (isspace(*s)) s++; if (*s < 'A' || *s > 'Z') - { - fprintf(stderr, "exim: macro name set by -D must start with " + exim_fail("exim: macro name set by -D must start with " "an upper case letter\n"); - exit(EXIT_FAILURE); - } while (isalnum(*s) || *s == '_') { @@ -2420,30 +2424,16 @@ for (i = 1; i < argc; i++) while (isspace(*s)) s++; } - for (m = macros; m != NULL; m = m->next) - { + for (m = macros_user; m; m = m->next) if (Ustrcmp(m->name, name) == 0) - { - fprintf(stderr, "exim: duplicated -D in command line\n"); - exit(EXIT_FAILURE); - } - mlast = m; - } + exim_fail("exim: duplicated -D in command line\n"); - m = store_get(sizeof(macro_item) + Ustrlen(name)); - m->next = NULL; - m->command_line = TRUE; - if (mlast == NULL) macros = m; else mlast->next = m; - Ustrcpy(m->name, name); - m->replacement = string_copy(s); + m = macro_create(name, s, TRUE); if (clmacro_count >= MAX_CLMACROS) - { - fprintf(stderr, "exim: too many -D options on command line\n"); - exit(EXIT_FAILURE); - } - clmacros[clmacro_count++] = string_sprintf("-D%s=%s", m->name, - m->replacement); + exim_fail("exim: too many -D options on command line\n"); + clmacros[clmacro_count++] = + string_sprintf("-D%s=%s", m->name, m->replacement); } #endif break; @@ -2468,7 +2458,7 @@ for (i = 1; i < argc; i++) debug_file = NULL; if (*argrest == 'd') { - debug_daemon = TRUE; + f.debug_daemon = TRUE; argrest++; } if (*argrest != 0) @@ -2487,7 +2477,7 @@ for (i = 1; i < argc; i++) message_reference at it, for logging. */ case 'E': - local_error_message = TRUE; + f.local_error_message = TRUE; if (mac_ismsgid(argrest)) message_reference = argrest; break; @@ -2524,7 +2514,7 @@ for (i = 1; i < argc; i++) { badarg = TRUE; break; } } originator_name = argrest; - sender_name_forced = TRUE; + f.sender_name_forced = TRUE; break; @@ -2553,7 +2543,7 @@ for (i = 1; i < argc; i++) { badarg = TRUE; break; } } if (*argrest == 0) - sender_address = string_sprintf(""); /* Ensure writeable memory */ + *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */ else { uschar *temp = argrest + Ustrlen(argrest) - 1; @@ -2566,19 +2556,17 @@ for (i = 1; i < argc; i++) #endif sender_address = parse_extract_address(argrest, &errmess, &dummy_start, &dummy_end, &sender_address_domain, TRUE); + sender_address = string_copy_taint(sender_address, TRUE); #ifdef SUPPORT_I18N message_smtputf8 = string_is_utf8(sender_address); allow_utf8_domains = FALSE; #endif allow_domain_literals = FALSE; strip_trailing_dot = FALSE; - if (sender_address == NULL) - { - fprintf(stderr, "exim: bad -f address \"%s\": %s\n", argrest, errmess); - return EXIT_FAILURE; - } + if (!sender_address) + exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess); } - sender_address_forced = TRUE; + f.sender_address_forced = TRUE; } break; @@ -2609,7 +2597,7 @@ for (i = 1; i < argc; i++) not to be documented for sendmail but mailx (at least) uses it) */ case 'i': - if (*argrest == 0) dot_ends = FALSE; else badarg = TRUE; + if (*argrest == 0) f.dot_ends = FALSE; else badarg = TRUE; break; @@ -2622,17 +2610,10 @@ for (i = 1; i < argc; i++) if(++i < argc) argrest = argv[i]; else { badarg = TRUE; break; } } - sz = Ustrlen(argrest); - if (sz > 32) - { - fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest); - return EXIT_FAILURE; - } + if ((sz = Ustrlen(argrest)) > 32) + exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest); if (sz < 1) - { - fprintf(stderr, "exim: the -L syslog name is too short\n"); - return EXIT_FAILURE; - } + exim_fail("exim: the -L syslog name is too short\n"); cmdline_syslog_name = argrest; break; @@ -2658,16 +2639,10 @@ for (i = 1; i < argc; i++) EXIM_SOCKLEN_T size = sizeof(interface_sock); if (argc != i + 6) - { - fprintf(stderr, "exim: too many or too few arguments after -MC\n"); - return EXIT_FAILURE; - } + exim_fail("exim: too many or too few arguments after -MC\n"); if (msg_action_arg >= 0) - { - fprintf(stderr, "exim: incompatible arguments\n"); - return EXIT_FAILURE; - } + exim_fail("exim: incompatible arguments\n"); continue_transport = argv[++i]; continue_hostname = argv[++i]; @@ -2680,89 +2655,94 @@ for (i = 1; i < argc; i++) queue_run_pipe = passed_qr_pipe; if (!mac_ismsgid(argv[i])) - { - fprintf(stderr, "exim: malformed message id %s after -MC option\n", + exim_fail("exim: malformed message id %s after -MC option\n", argv[i]); - return EXIT_FAILURE; - } - /* Set up $sending_ip_address and $sending_port */ + /* Set up $sending_ip_address and $sending_port, unless proxied */ - if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), - &size) == 0) - sending_ip_address = host_ntoa(-1, &interface_sock, NULL, - &sending_port); - else - { - fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", - strerror(errno)); - return EXIT_FAILURE; - } + if (!continue_proxy_cipher) + if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), + &size) == 0) + sending_ip_address = host_ntoa(-1, &interface_sock, NULL, + &sending_port); + else + exim_fail("exim: getsockname() failed after -MC option: %s\n", + strerror(errno)); - if (running_in_test_harness) millisleep(500); + testharness_pause_ms(500); break; } + else if (*argrest == 'C' && argrest[1] && !argrest[2]) + { + switch(argrest[1]) + { /* -MCA: set the smtp_authenticated flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has accepted an AUTH sequence. */ - else if (Ustrcmp(argrest, "CA") == 0) - { - smtp_authenticated = TRUE; - break; - } + case 'A': f.smtp_authenticated = TRUE; break; /* -MCD: set the smtp_use_dsn flag; this indicates that the host that exim is connected to supports the esmtp extension DSN */ - else if (Ustrcmp(argrest, "CD") == 0) - { - smtp_use_dsn = TRUE; - break; - } + + case 'D': smtp_peer_options |= OPTION_DSN; break; + + /* -MCG: set the queue name, to a non-default value */ + + case 'G': if (++i < argc) queue_name = string_copy(argv[i]); + else badarg = TRUE; + break; + + /* -MCK: the peer offered CHUNKING. Must precede -MC */ + + case 'K': smtp_peer_options |= OPTION_CHUNKING; break; /* -MCP: set the smtp_use_pipelining flag; this is useful only when it preceded -MC (see above) */ - else if (Ustrcmp(argrest, "CP") == 0) - { - smtp_use_pipelining = TRUE; - break; - } + case 'P': smtp_peer_options |= OPTION_PIPE; break; /* -MCQ: pass on the pid of the queue-running process that started this chain of deliveries and the fd of its synchronizing pipe; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CQ") == 0) - { - if(++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); - else badarg = TRUE; - if(++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); - else badarg = TRUE; - break; - } + case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); + else badarg = TRUE; + if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); + else badarg = TRUE; + break; /* -MCS: set the smtp_use_size flag; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CS") == 0) - { - smtp_use_size = TRUE; - break; - } + case 'S': smtp_peer_options |= OPTION_SIZE; break; + +#ifndef DISABLE_TLS + /* -MCt: similar to -MCT below but the connection is still open + via a proxy process which handles the TLS context and coding. + Require three arguments for the proxied local address and port, + and the TLS cipher. */ + + case 't': if (++i < argc) sending_ip_address = argv[i]; + else badarg = TRUE; + if (++i < argc) sending_port = (int)(Uatol(argv[i])); + else badarg = TRUE; + if (++i < argc) continue_proxy_cipher = argv[i]; + else badarg = TRUE; + /*FALLTHROUGH*/ /* -MCT: set the tls_offered flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has offered TLS support. */ - #ifdef SUPPORT_TLS - else if (Ustrcmp(argrest, "CT") == 0) - { - tls_offered = TRUE; + case 'T': smtp_peer_options |= OPTION_TLS; break; +#endif + + default: badarg = TRUE; break; + } break; } - #endif /* -M[x]: various operations on the following list of message ids: -M deliver the messages, ignoring next retry times and thawing @@ -2788,7 +2768,7 @@ for (i = 1; i < argc; i++) else if (*argrest == 0) { msg_action = MSG_DELIVER; - forced_delivery = deliver_force_thaw = TRUE; + forced_delivery = f.deliver_force_thaw = TRUE; } else if (Ustrcmp(argrest, "ar") == 0) { @@ -2849,22 +2829,15 @@ for (i = 1; i < argc; i++) msg_action_arg = i + 1; if (msg_action_arg >= argc) - { - fprintf(stderr, "exim: no message ids given after %s option\n", arg); - return EXIT_FAILURE; - } + exim_fail("exim: no message ids given after %s option\n", arg); /* Some require only message ids to follow */ if (!one_msg_action) { - int j; - for (j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j])) - { - fprintf(stderr, "exim: malformed message id %s after %s option\n", + for (int j = msg_action_arg; j < argc; j++) if (!mac_ismsgid(argv[j])) + exim_fail("exim: malformed message id %s after %s option\n", argv[j], arg); - return EXIT_FAILURE; - } goto END_ARG; /* Remaining args are ids */ } @@ -2874,11 +2847,8 @@ for (i = 1; i < argc; i++) else { if (!mac_ismsgid(argv[msg_action_arg])) - { - fprintf(stderr, "exim: malformed message id %s after %s option\n", + exim_fail("exim: malformed message id %s after %s option\n", argv[msg_action_arg], arg); - return EXIT_FAILURE; - } i++; } break; @@ -2898,7 +2868,7 @@ for (i = 1; i < argc; i++) case 'N': if (*argrest == 0) { - dont_deliver = TRUE; + f.dont_deliver = TRUE; debug_selector |= D_v; debug_file = stderr; } @@ -2922,10 +2892,7 @@ for (i = 1; i < argc; i++) if (*argrest == 0) { if (++i >= argc) - { - fprintf(stderr, "exim: string expected after -O\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: string expected after -O\n"); } break; @@ -2940,10 +2907,7 @@ for (i = 1; i < argc; i++) if (alias_arg[0] == 0) { if (i+1 < argc) alias_arg = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -oA\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: string expected after -oA\n"); } } @@ -2964,10 +2928,7 @@ for (i = 1; i < argc; i++) if (p != NULL) { if (!isdigit(*p)) - { - fprintf(stderr, "exim: number expected after -oB\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: number expected after -oB\n"); connection_max_messages = Uatoi(p); } } @@ -2976,7 +2937,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "db") == 0) { - synchronous_delivery = FALSE; + f.synchronous_delivery = FALSE; arg_queue_only = FALSE; queue_only_set = TRUE; } @@ -2987,7 +2948,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "df") == 0 || Ustrcmp(argrest, "di") == 0) { - synchronous_delivery = TRUE; + f.synchronous_delivery = TRUE; arg_queue_only = FALSE; queue_only_set = TRUE; } @@ -2996,7 +2957,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "dq") == 0) { - synchronous_delivery = FALSE; + f.synchronous_delivery = FALSE; arg_queue_only = TRUE; queue_only_set = TRUE; } @@ -3006,7 +2967,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "dqs") == 0) { - queue_smtp = TRUE; + f.queue_smtp = TRUE; arg_queue_only = FALSE; queue_only_set = TRUE; } @@ -3020,7 +2981,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "i") == 0 || Ustrcmp(argrest, "itrue") == 0) - dot_ends = FALSE; + f.dot_ends = FALSE; /* -oM*: Set various characteristics for an incoming message; actually acted on for trusted callers only. */ @@ -3028,10 +2989,7 @@ for (i = 1; i < argc; i++) else if (*argrest == 'M') { if (i+1 >= argc) - { - fprintf(stderr, "exim: data expected after -o%s\n", argrest); - exit(EXIT_FAILURE); - } + exim_fail("exim: data expected after -o%s\n", argrest); /* -oMa: Set sender host address */ @@ -3044,11 +3002,13 @@ for (i = 1; i < argc; i++) /* -oMas: setting authenticated sender */ - else if (Ustrcmp(argrest, "Mas") == 0) authenticated_sender = argv[++i]; + else if (Ustrcmp(argrest, "Mas") == 0) + authenticated_sender = string_copy_taint(argv[++i], TRUE); /* -oMai: setting authenticated id */ - else if (Ustrcmp(argrest, "Mai") == 0) authenticated_id = argv[++i]; + else if (Ustrcmp(argrest, "Mai") == 0) + authenticated_id = string_copy_taint(argv[++i], TRUE); /* -oMi: Set incoming interface address */ @@ -3059,25 +3019,25 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "Mm") == 0) { if (!mac_ismsgid(argv[i+1])) - { - fprintf(stderr,"-oMm must be a valid message ID\n"); - exit(EXIT_FAILURE); - } - if (!trusted_config) - { - fprintf(stderr,"-oMm must be called by a trusted user/config\n"); - exit(EXIT_FAILURE); - } + exim_fail("-oMm must be a valid message ID\n"); + if (!f.trusted_config) + exim_fail("-oMm must be called by a trusted user/config\n"); message_reference = argv[++i]; } /* -oMr: Received protocol */ - else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; + else if (Ustrcmp(argrest, "Mr") == 0) + + if (received_protocol) + exim_fail("received_protocol is set already\n"); + else + received_protocol = argv[++i]; /* -oMs: Set sender host name */ - else if (Ustrcmp(argrest, "Ms") == 0) sender_host_name = argv[++i]; + else if (Ustrcmp(argrest, "Ms") == 0) + sender_host_name = string_copy_taint(argv[++i], TRUE); /* -oMt: Set sender ident */ @@ -3125,10 +3085,7 @@ for (i = 1; i < argc; i++) } else *tp = readconf_readtime(argrest + 1, 0, FALSE); if (*tp < 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); } /* -oX : Override local_interfaces and/or default daemon ports */ @@ -3162,21 +3119,27 @@ for (i = 1; i < argc; i++) which sets the host protocol and host name */ if (*argrest == 0) - { - if (i+1 < argc) argrest = argv[++i]; else + if (i+1 < argc) + argrest = argv[++i]; + else { badarg = TRUE; break; } - } if (*argrest != 0) { - uschar *hn = Ustrchr(argrest, ':'); + uschar *hn; + + if (received_protocol) + exim_fail("received_protocol is set already\n"); + + hn = Ustrchr(argrest, ':'); if (hn == NULL) - { received_protocol = argrest; - } else { + int old_pool = store_pool; + store_pool = POOL_PERM; received_protocol = string_copyn(argrest, hn - argrest); + store_pool = old_pool; sender_host_name = hn + 1; } } @@ -3186,16 +3149,13 @@ for (i = 1; i < argc; i++) case 'q': receiving_message = FALSE; if (queue_interval >= 0) - { - fprintf(stderr, "exim: -q specified more than once\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: -q specified more than once\n"); /* -qq...: Do queue runs in a 2-stage manner */ if (*argrest == 'q') { - queue_2stage = TRUE; + f.queue_2stage = TRUE; argrest++; } @@ -3203,7 +3163,7 @@ for (i = 1; i < argc; i++) if (*argrest == 'i') { - queue_run_first_delivery = TRUE; + f.queue_run_first_delivery = TRUE; argrest++; } @@ -3212,10 +3172,10 @@ for (i = 1; i < argc; i++) if (*argrest == 'f') { - queue_run_force = TRUE; - if (*(++argrest) == 'f') + f.queue_run_force = TRUE; + if (*++argrest == 'f') { - deliver_force_thaw = TRUE; + f.deliver_force_thaw = TRUE; argrest++; } } @@ -3224,38 +3184,41 @@ for (i = 1; i < argc; i++) if (*argrest == 'l') { - queue_run_local = TRUE; + f.queue_run_local = TRUE; argrest++; } - /* -q[f][f][l]: Run the queue, optionally forced, optionally local only, - optionally starting from a given message id. */ + /* -q[f][f][l][G]... Work on the named queue */ - if (*argrest == 0 && - (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) + if (*argrest == 'G') { - queue_interval = 0; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - start_queue_run_id = argv[++i]; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - stop_queue_run_id = argv[++i]; + int i; + for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++; + queue_name = string_copyn(argrest, i); + argrest += i; + if (*argrest == '/') argrest++; } - /* -q[f][f][l]: Run the queue at regular intervals, optionally forced, - optionally local only. */ + /* -q[f][f][l][G]: Run the queue, optionally forced, optionally local + only, optionally named, optionally starting from a given message id. */ - else - { - if (*argrest != 0) - queue_interval = readconf_readtime(argrest, 0, FALSE); - else - queue_interval = readconf_readtime(argv[++i], 0, FALSE); - if (queue_interval <= 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } - } + if (!(list_queue || count_queue)) + if (*argrest == 0 + && (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) + { + queue_interval = 0; + if (i+1 < argc && mac_ismsgid(argv[i+1])) + start_queue_run_id = argv[++i]; + if (i+1 < argc && mac_ismsgid(argv[i+1])) + stop_queue_run_id = argv[++i]; + } + + /* -q[f][f][l][G/]: Run the queue at regular intervals, optionally + forced, optionally local only, optionally named. */ + + else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], + 0, FALSE)) <= 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); break; @@ -3272,32 +3235,24 @@ for (i = 1; i < argc; i++) argument. */ if (*argrest != 0) - { - int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + for (int i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { - if (i != 2) queue_run_force = TRUE; - if (i >= 2) deliver_selectstring_regex = TRUE; - if (i == 1 || i == 4) deliver_force_thaw = TRUE; + if (i != 2) f.queue_run_force = TRUE; + if (i >= 2) f.deliver_selectstring_regex = TRUE; + if (i == 1 || i == 4) f.deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } - } /* -R: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) - { - if (i+1 < argc) deliver_selectstring = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -R\n"); - exit(EXIT_FAILURE); - } - } - else deliver_selectstring = argrest; + if (*argrest) + deliver_selectstring = argrest; + else if (i+1 < argc) + deliver_selectstring = argv[++i]; + else + exim_fail("exim: string expected after -R\n"); break; @@ -3318,33 +3273,25 @@ for (i = 1; i < argc; i++) in all cases provided there are no further characters in this argument. */ - if (*argrest != 0) - { - int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + if (*argrest) + for (int i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { - if (i != 2) queue_run_force = TRUE; - if (i >= 2) deliver_selectstring_sender_regex = TRUE; - if (i == 1 || i == 4) deliver_force_thaw = TRUE; + if (i != 2) f.queue_run_force = TRUE; + if (i >= 2) f.deliver_selectstring_sender_regex = TRUE; + if (i == 1 || i == 4) f.deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } - } /* -S: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) - { - if (i+1 < argc) deliver_selectstring_sender = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -S\n"); - exit(EXIT_FAILURE); - } - } - else deliver_selectstring_sender = argrest; + if (*argrest) + deliver_selectstring_sender = argrest; + else if (i+1 < argc) + deliver_selectstring_sender = argv[++i]; + else + exim_fail("exim: string expected after -S\n"); break; /* -Tqt is an option that is exclusively for use by the testing suite. @@ -3353,7 +3300,7 @@ for (i = 1; i < argc; i++) tested. Otherwise variability of clock ticks etc. cause problems. */ case 'T': - if (running_in_test_harness && Ustrcmp(argrest, "qt") == 0) + if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0) fudged_queue_times = argv[++i]; else badarg = TRUE; break; @@ -3370,12 +3317,12 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "i") == 0) { extract_recipients = TRUE; - dot_ends = FALSE; + f.dot_ends = FALSE; } /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ - #ifdef SUPPORT_TLS + #ifndef DISABLE_TLS else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; #endif @@ -3423,19 +3370,15 @@ for (i = 1; i < argc; i++) case 'X': if (*argrest == '\0') if (++i >= argc) - { - fprintf(stderr, "exim: string expected after -X\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: string expected after -X\n"); break; case 'z': if (*argrest == '\0') - if (++i < argc) log_oneline = argv[i]; else - { - fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); - exit(EXIT_FAILURE); - } + if (++i < argc) + log_oneline = argv[i]; + else + exim_fail("exim: file name expected after %s\n", argv[i-1]); break; /* All other initial characters are errors */ @@ -3448,18 +3391,16 @@ for (i = 1; i < argc; i++) /* Failed to recognize the option, or syntax error */ if (badarg) - { - fprintf(stderr, "exim abandoned: unknown, malformed, or incomplete " + exim_fail("exim abandoned: unknown, malformed, or incomplete " "option %s\n", arg); - exit(EXIT_FAILURE); - } } /* If -R or -S have been specified without -q, assume a single queue run. */ -if ((deliver_selectstring != NULL || deliver_selectstring_sender != NULL) && - queue_interval < 0) queue_interval = 0; +if ( (deliver_selectstring || deliver_selectstring_sender) + && queue_interval < 0) + queue_interval = 0; END_ARG: @@ -3469,26 +3410,26 @@ if (usage_wanted) exim_usage(called_as); /* Arguments have been processed. Check for incompatibilities. */ if (( (smtp_input || extract_recipients || recipients_arg < argc) && - (daemon_listen || queue_interval >= 0 || bi_option || + (f.daemon_listen || queue_interval >= 0 || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0 || filter_test != FTEST_NONE || (msg_action_arg > 0 && !one_msg_action)) ) || ( msg_action_arg > 0 && - (daemon_listen || queue_interval >= 0 || list_options || + (f.daemon_listen || queue_interval > 0 || list_options || (checking && msg_action != MSG_LOAD) || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0) ) || ( - (daemon_listen || queue_interval >= 0) && + (f.daemon_listen || queue_interval > 0) && (sender_address != NULL || list_options || list_queue || checking || bi_option) ) || ( - daemon_listen && queue_interval == 0 + f.daemon_listen && queue_interval == 0 ) || ( - inetd_wait_mode && queue_interval >= 0 + f.inetd_wait_mode && queue_interval >= 0 ) || ( list_options && @@ -3497,11 +3438,11 @@ if (( ) || ( verify_address_mode && - (address_test_mode || smtp_input || extract_recipients || + (f.address_test_mode || smtp_input || extract_recipients || filter_test != FTEST_NONE || bi_option) ) || ( - address_test_mode && (smtp_input || extract_recipients || + f.address_test_mode && (smtp_input || extract_recipients || filter_test != FTEST_NONE || bi_option) ) || ( @@ -3516,10 +3457,7 @@ if (( (!expansion_test || expansion_test_message != NULL) ) ) - { - fprintf(stderr, "exim: incompatible command-line options or arguments\n"); - exit(EXIT_FAILURE); - } + exim_fail("exim: incompatible command-line options or arguments\n"); /* If debugging is set up, set the file and the file descriptor to pass on to child processes. It should, of course, be 2 for stderr. Also, force the daemon @@ -3529,8 +3467,8 @@ if (debug_selector != 0) { debug_file = stderr; debug_fd = fileno(debug_file); - background_daemon = FALSE; - if (running_in_test_harness) millisleep(100); /* lets caller finish */ + f.background_daemon = FALSE; + testharness_pause_ms(100); /* lets caller finish */ if (debug_selector != D_v) /* -v only doesn't show this */ { debug_printf("Exim version %s uid=%ld gid=%ld pid=%d D=%x\n", @@ -3616,12 +3554,8 @@ check on the additional groups for the admin user privilege - can't do that till after reading the config, which might specify the exim gid. Therefore, save the group list here first. */ -group_count = getgroups(NGROUPS_MAX, group_list); -if (group_count < 0) - { - fprintf(stderr, "exim: getgroups() failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } +if ((group_count = getgroups(nelem(group_list), group_list)) < 0) + exim_fail("exim: getgroups() failed: %s\n", strerror(errno)); /* There is a fundamental difference in some BSD systems in the matter of groups. FreeBSD and BSDI are known to be different; NetBSD and OpenBSD are @@ -3634,19 +3568,18 @@ over a single group - the current group, which is always the first group in the list. Calling setgroups() with zero groups on a "different" system results in an error return. The following code should cope with both types of system. + Unfortunately, recent MacOS, which should be a FreeBSD, "helpfully" succeeds + the "setgroups() with zero groups" - and changes the egid. + Thanks to that we had to stash the original_egid above, for use below + in the call to exim_setugid(). + However, if this process isn't running as root, setgroups() can't be used since you have to be root to run it, even if throwing away groups. Not being root here happens only in some unusual configurations. We just ignore the error. */ -if (setgroups(0, NULL) != 0) - { - if (setgroups(1, group_list) != 0 && !unprivileged) - { - fprintf(stderr, "exim: setgroups() failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - } +if (setgroups(0, NULL) != 0 && setgroups(1, group_list) != 0 && !unprivileged) + exim_fail("exim: setgroups() failed: %s\n", strerror(errno)); /* If the configuration file name has been altered by an argument on the command line (either a new file name or a macro definition) and the caller is @@ -3666,10 +3599,10 @@ values (such as the path name). If running in the test harness, pretend that configuration file changes and macro definitions haven't happened. */ if (( /* EITHER */ - (!trusted_config || /* Config changed, or */ - !macros_trusted()) && /* impermissible macros and */ + (!f.trusted_config || /* Config changed, or */ + !macros_trusted(opt_D_used)) && /* impermissible macros and */ real_uid != root_uid && /* Not root, and */ - !running_in_test_harness /* Not fudged */ + !f.running_in_test_harness /* Not fudged */ ) || /* OR */ expansion_test /* expansion testing */ || /* OR */ @@ -3689,8 +3622,8 @@ if (( /* EITHER */ Note that if the invoker is Exim, the logs remain available. Messing with this causes unlogged successful deliveries. */ - if ((log_stderr != NULL) && (real_uid != exim_uid)) - really_exim = FALSE; + if (log_stderr && real_uid != exim_uid) + f.really_exim = FALSE; } /* Privilege is to be retained for the moment. It may be dropped later, @@ -3698,32 +3631,21 @@ depending on the job that this Exim process has been asked to do. For now, set the real uid to the effective so that subsequent re-execs of Exim are done by a privileged user. */ -else exim_setugid(geteuid(), getegid(), FALSE, US"forcing real = effective"); +else + exim_setugid(geteuid(), original_egid, FALSE, US"forcing real = effective"); /* If testing a filter, open the file(s) now, before wasting time doing other setups and reading the message. */ -if ((filter_test & FTEST_SYSTEM) != 0) - { - filter_sfd = Uopen(filter_test_sfile, O_RDONLY, 0); - if (filter_sfd < 0) - { - fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_sfile, +if (filter_test & FTEST_SYSTEM) + if ((filter_sfd = Uopen(filter_test_sfile, O_RDONLY, 0)) < 0) + exim_fail("exim: failed to open %s: %s\n", filter_test_sfile, strerror(errno)); - return EXIT_FAILURE; - } - } -if ((filter_test & FTEST_USER) != 0) - { - filter_ufd = Uopen(filter_test_ufile, O_RDONLY, 0); - if (filter_ufd < 0) - { - fprintf(stderr, "exim: failed to open %s: %s\n", filter_test_ufile, +if (filter_test & FTEST_USER) + if ((filter_ufd = Uopen(filter_test_ufile, O_RDONLY, 0)) < 0) + exim_fail("exim: failed to open %s: %s\n", filter_test_ufile, strerror(errno)); - return EXIT_FAILURE; - } - } /* Initialise lookup_list If debugging, already called above via version reporting. @@ -3737,14 +3659,56 @@ This needs to happen before we read the main configuration. */ init_lookup_list(); #ifdef SUPPORT_I18N -if (running_in_test_harness) smtputf8_advertise_hosts = NULL; +if (f.running_in_test_harness) smtputf8_advertise_hosts = NULL; #endif /* Read the main runtime configuration data; this gives up if there is a failure. It leaves the configuration file open so that the subsequent -configuration data for delivery can be read if needed. */ +configuration data for delivery can be read if needed. + +NOTE: immediately after opening the configuration file we change the working +directory to "/"! Later we change to $spool_directory. We do it there, because +during readconf_main() some expansion takes place already. */ + +/* Store the initial cwd before we change directories. Can be NULL if the +dir has already been unlinked. */ +initial_cwd = os_getcwd(NULL, 0); + +/* checking: + -be[m] expansion test - + -b[fF] filter test new + -bh[c] host test - + -bmalware malware_test_file new + -brt retry test new + -brw rewrite test new + -bt address test - + -bv[s] address verify - + list_options: + -bP