1 /* $Cambridge: exim/src/src/rda.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
10 /* This module contains code for extracting addresses from a forwarding list
11 (from an alias or forward file) or by running the filter interpreter. It may do
12 this in a sub-process if a uid/gid are supplied. */
17 enum { FILE_EXIST, FILE_NOT_EXIST, FILE_EXIST_UNCLEAR };
19 #define REPLY_EXISTS 0x01
20 #define REPLY_EXPAND 0x02
21 #define REPLY_RETURN 0x04
24 /*************************************************
25 * Check string for filter program *
26 *************************************************/
28 /* This function checks whether a string is actually a filter program. The rule
29 is that it must start with "# Exim filter ..." (any capitalization, spaces
30 optional). It is envisaged that in future, other kinds of filter may be
31 implemented. That's why it is implemented the way it is. The function is global
32 because it is also called from filter.c when checking filters.
36 Returns: FILTER_EXIM if it starts with "# Exim filter"
37 FILTER_SIEVE if it starts with "# Sieve filter"
38 FILTER_FORWARD otherwise
41 /* This is an auxiliary function for matching a tag. */
44 match_tag(const uschar *s, const uschar *tag)
46 for (; *tag != 0; s++, tag++)
50 while (*s == ' ' || *s == '\t') s++;
53 else if (tolower(*s) != tolower(*tag)) break;
58 /* This is the real function. It should be easy to add checking different
59 tags for other types of filter. */
62 rda_is_filter(const uschar *s)
64 while (isspace(*s)) s++; /* Skips initial blank lines */
65 if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
66 else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
67 else return FILTER_FORWARD;
73 /*************************************************
74 * Check for existence of file *
75 *************************************************/
77 /* First of all, we stat the file. If this fails, we try to stat the enclosing
78 directory, because a file in an unmounted NFS directory will look the same as a
79 non-existent file. It seems that in Solaris 2.6, statting an entry in an
80 indirect map that is currently unmounted does not cause the mount to happen.
81 Instead, dummy data is returned, which defeats the whole point of this test.
82 However, if a stat() is done on some object inside the directory, such as the
83 "." back reference to itself, then the mount does occur. If an NFS host is
84 taken offline, it is possible for the stat() to get stuck until it comes back.
85 To guard against this, stick a timer round it. If we can't access the "."
86 inside the directory, try the plain directory, just in case that helps.
89 filename the file name
90 error for message on error
92 Returns: FILE_EXIST the file exists
93 FILE_NOT_EXIST the file does not exist
94 FILE_EXIST_UNCLEAR cannot determine existence
98 rda_exists(uschar *filename, uschar **error)
104 if ((rc = Ustat(filename, &statbuf)) >= 0) return FILE_EXIST;
107 Ustrncpy(big_buffer, filename, big_buffer_size - 3);
108 sigalrm_seen = FALSE;
110 if (saved_errno == ENOENT)
112 slash = Ustrrchr(big_buffer, '/');
113 Ustrcpy(slash+1, ".");
116 rc = Ustat(big_buffer, &statbuf);
117 if (rc != 0 && errno == EACCES && !sigalrm_seen)
120 rc = Ustat(big_buffer, &statbuf);
125 DEBUG(D_route) debug_printf("stat(%s)=%d\n", big_buffer, rc);
128 if (sigalrm_seen || rc != 0)
130 *error = string_sprintf("failed to stat %s (%s)", big_buffer,
131 sigalrm_seen? "timeout" : strerror(saved_errno));
132 return FILE_EXIST_UNCLEAR;
135 *error = string_sprintf("%s does not exist", filename);
136 DEBUG(D_route) debug_printf("%s\n", *error);
137 return FILE_NOT_EXIST;
142 /*************************************************
143 * Get forwarding list from a file *
144 *************************************************/
146 /* Open a file and read its entire contents into a block of memory. Certain
147 opening errors are optionally treated the same as "file does not exist".
149 ENOTDIR means that something along the line is not a directory: there are
150 installations that set home directories to be /dev/null for non-login accounts
151 but in normal circumstances this indicates some kind of configuration error.
153 EACCES means there's a permissions failure. Some users turn off read permission
154 on a .forward file to suspend forwarding, but this is probably an error in any
155 kind of mailing list processing.
157 The redirect block that contains the file name also contains constraints such
158 as who may own the file, and mode bits that must not be set. This function is
161 rdata rdirect block, containing file name and constraints
162 options for the RDO_ENOTDIR and RDO_EACCES options
163 error where to put an error message
164 yield what to return from rda_interpret on error
166 Returns: pointer to string in store; NULL on error
170 rda_get_file_contents(redirect_block *rdata, int options, uschar **error,
175 uschar *filename = rdata->string;
176 BOOL uid_ok = !rdata->check_owner;
177 BOOL gid_ok = !rdata->check_group;
180 /* Attempt to open the file. If it appears not to exist, check up on the
181 containing directory by statting it. If the directory does not exist, we treat
182 this situation as an error (which will cause delivery to defer); otherwise we
183 pass back FF_NONEXIST, which causes the redirect router to decline.
185 However, if the ignore_enotdir option is set (to ignore "something on the
186 path is not a directory" errors), the right behaviour seems to be not to do the
189 fwd = Ufopen(filename, "rb");
194 case ENOENT: /* File does not exist */
195 DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
197 ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
198 *yield = (((options & RDO_ENOTDIR) != 0) ||
199 rda_exists(filename, error) == FILE_NOT_EXIST)?
200 FF_NONEXIST : FF_ERROR;
203 case ENOTDIR: /* Something on the path isn't a directory */
204 if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
205 DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
206 "exist\n", filename);
207 *yield = FF_NONEXIST;
210 case EACCES: /* Permission denied */
211 if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
212 DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
213 "exist\n", filename);
214 *yield = FF_NONEXIST;
219 *error = string_open_failed(errno, "%s", filename);
225 /* Check that we have a regular file. */
227 if (fstat(fileno(fwd), &statbuf) != 0)
229 *error = string_sprintf("failed to stat %s: %s", filename, strerror(errno));
233 if ((statbuf.st_mode & S_IFMT) != S_IFREG)
235 *error = string_sprintf("%s is not a regular file", filename);
239 /* Check for unwanted mode bits */
241 if ((statbuf.st_mode & rdata->modemask) != 0)
243 *error = string_sprintf("bad mode (0%o) for %s: 0%o bit(s) unexpected",
244 statbuf.st_mode, filename, statbuf.st_mode & rdata->modemask);
248 /* Check the file owner and file group if required to do so. */
252 if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
254 else if (rdata->owners != NULL)
257 for (i = 1; i <= (int)(rdata->owners[0]); i++)
258 if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
264 if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
266 else if (rdata->owngroups != NULL)
269 for (i = 1; i <= (int)(rdata->owngroups[0]); i++)
270 if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
274 if (!uid_ok || !gid_ok)
276 *error = string_sprintf("bad %s for %s", uid_ok? "group" : "owner", filename);
280 /* Put an upper limit on the size of the file, just to stop silly people
281 feeding in ridiculously large files, which can easily be created by making
282 files that have holes in them. */
284 if (statbuf.st_size > MAX_FILTER_SIZE)
286 *error = string_sprintf("%s is too big (max %d)", filename, MAX_FILTER_SIZE);
290 /* Read the file in one go in order to minimize the time we have it open. */
292 filebuf = store_get(statbuf.st_size + 1);
294 if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
296 *error = string_sprintf("error while reading %s: %s",
297 filename, strerror(errno));
300 filebuf[statbuf.st_size] = 0;
302 /* Don't pass statbuf.st_size directly to debug_printf. On some systems it
303 is a long, which may not be the same as an int. */
307 int size = (int)statbuf.st_size;
308 debug_printf("%d bytes read from %s\n", size, filename);
314 /* Return an error: the string is already set up. */
324 /*************************************************
325 * Extract info from list or filter *
326 *************************************************/
328 /* This function calls the appropriate function to extract addresses from a
329 forwarding list, or to run a filter file and get addresses from there.
332 rdata the redirection block
333 options the options bits
334 include_directory restrain to this directory
335 sieve_vacation_directory passed to sieve_interpret
336 generated where to hang generated addresses
337 error for error messages
338 eblockp for details of skipped syntax errors
340 filtertype set to the filter type:
341 FILTER_FORWARD => a traditional .forward file
342 FILTER_EXIM => an Exim filter file
343 FILTER_SIEVE => a Sieve filter file
344 a system filter is always forced to be FILTER_EXIM
346 Returns: a suitable return for rda_interpret()
350 rda_extract(redirect_block *rdata, int options, uschar *include_directory,
351 uschar *sieve_vacation_directory, address_item **generated, uschar **error,
352 error_block **eblockp, int *filtertype)
359 data = rda_get_file_contents(rdata, options, error, &yield);
360 if (data == NULL) return yield;
362 else data = rdata->string;
364 *filtertype = system_filtering? FILTER_EXIM : rda_is_filter(data);
366 /* Filter interpretation is done by a general function that is also called from
367 the filter testing option (-bf). There are two versions: one for Exim filtering
368 and one for Sieve filtering. Several features of string expansion may be locked
369 out at sites that don't trust users. This is done by setting flags in
370 expand_forbid that the expander inspects. */
372 if (*filtertype != FILTER_FORWARD)
375 int old_expand_forbid = expand_forbid;
377 if ((options & RDO_FILTER) == 0)
379 *error = US"filtering not enabled";
383 DEBUG(D_route) debug_printf("data is %s filter program\n",
384 (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve");
387 (expand_forbid & ~RDO_FILTER_EXPANSIONS) |
388 (options & RDO_FILTER_EXPANSIONS);
390 frc = (*filtertype == FILTER_EXIM)?
391 filter_interpret(data, options, generated, error)
393 sieve_interpret(data, options, sieve_vacation_directory, generated, error);
395 expand_forbid = old_expand_forbid;
399 /* Not a filter script */
401 DEBUG(D_route) debug_printf("file is not a filter file\n");
403 return parse_forward_list(data,
404 options, /* specials that are allowed */
405 generated, /* where to hang them */
406 error, /* for errors */
407 deliver_domain, /* to qualify \name */
408 include_directory, /* restrain to directory */
409 eblockp); /* for skipped syntax errors */
415 /*************************************************
416 * Write string down pipe *
417 *************************************************/
419 /* This function is used for tranferring a string down a pipe between
420 processes. If the pointer is NULL, a length of zero is written.
430 rda_write_string(int fd, uschar *s)
432 int len = (s == NULL)? 0 : Ustrlen(s) + 1;
433 write(fd, &len, sizeof(int));
434 if (s != NULL) write(fd, s, len);
439 /*************************************************
440 * Read string from pipe *
441 *************************************************/
443 /* This function is used for receiving a string from a pipe.
447 sp where to put the string
449 Returns: FALSE if data missing
453 rda_read_string(int fd, uschar **sp)
457 if (read(fd, &len, sizeof(int)) != sizeof(int)) return FALSE;
458 if (len == 0) *sp = NULL; else
460 *sp = store_get(len);
461 if (read(fd, *sp, len) != len) return FALSE;
468 /*************************************************
469 * Interpret forward list or filter *
470 *************************************************/
472 /* This function is passed a forward list string (unexpanded) or the name of a
473 file (unexpanded) whose contents are the forwarding list. The list may in fact
474 be a filter program if it starts with "#Exim filter" or "#Sieve filter". Other
475 types of filter, with different inital tag strings, may be introduced in due
478 The job of the function is to process the forwarding list or filter. It is
479 pulled out into this separate function, because it is used for system filter
480 files as well as from the redirect router.
482 If the function is given a uid/gid, it runs a subprocess that passes the
483 results back via a pipe. This provides security for things like :include:s in
484 users' .forward files, and "logwrite" calls in users' filter files. A
485 sub-process is NOT used when:
487 . No uid/gid is provided
488 . The input is a string which is not a filter string, and does not contain
490 . The input is a file whose non-existence can be detected in the main
491 process (which is usually running as root).
494 rdata redirect data (file + constraints, or data string)
495 options options to pass to the extraction functions,
496 plus ENOTDIR and EACCES handling bits
497 include_directory restrain :include: to this directory
498 sieve_vacation_directory directory passed to sieve_interpret()
499 ugid uid/gid to run under - if NULL, no change
500 generated where to hang generated addresses, initially NULL
501 error pointer for error message
502 eblockp for skipped syntax errors; NULL if no skipping
503 filtertype set to the type of file:
504 FILTER_FORWARD => traditional .forward file
505 FILTER_EXIM => an Exim filter file
506 FILTER_SIEVE => a Sieve filter file
507 a system filter is always forced to be FILTER_EXIM
508 rname router name for error messages in the format
509 "xxx router" or "system filter"
511 Returns: values from extraction function, or FF_NONEXIST:
512 FF_DELIVERED success, a significant action was taken
513 FF_NOTDELIVERED success, no significant action
514 FF_BLACKHOLE :blackhole:
515 FF_DEFER defer requested
516 FF_FAIL fail requested
517 FF_INCLUDEFAIL some problem with :include:
518 FF_FREEZE freeze requested
519 FF_ERROR there was a problem
520 FF_NONEXIST the file does not exist
524 rda_interpret(redirect_block *rdata, int options, uschar *include_directory,
525 uschar *sieve_vacation_directory, ugid_block *ugid, address_item **generated,
526 uschar **error, error_block **eblockp, int *filtertype, uschar *rname)
530 BOOL had_disaster = FALSE;
533 uschar *readerror = US"";
534 void (*oldsignal)(int);
536 DEBUG(D_route) debug_printf("rda_interpret (%s): %s\n",
537 (rdata->isfile)? "file" : "string", rdata->string);
539 /* Do the expansions of the file name or data first, while still privileged. */
541 data = expand_string(rdata->string);
544 if (expand_string_forcedfail) return FF_NOTDELIVERED;
545 *error = string_sprintf("failed to expand \"%s\": %s", rdata->string,
546 expand_string_message);
549 rdata->string = data;
551 DEBUG(D_route) debug_printf("expanded: %s\n", data);
553 if (rdata->isfile && data[0] != '/')
555 *error = string_sprintf("\"%s\" is not an absolute path", data);
559 /* If no uid/gid are supplied, or if we have a data string which does not start
560 with #Exim filter or #Sieve filter, and does not contain :include:, do all the
561 work in this process. Note that for a system filter, we always have a file, so
562 the work is done in this process only if no user is supplied. */
564 if (!ugid->uid_set || /* Either there's no uid, or */
565 (!rdata->isfile && /* We've got the data, and */
566 rda_is_filter(data) == FILTER_FORWARD && /* It's not a filter script, */
567 Ustrstr(data, ":include:") == NULL)) /* and there's no :include: */
569 return rda_extract(rdata, options, include_directory,
570 sieve_vacation_directory, generated, error, eblockp, filtertype);
573 /* We need to run the processing code in a sub-process. However, if we can
574 determine the non-existence of a file first, we can decline without having to
575 create the sub-process. */
577 if (rdata->isfile && rda_exists(data, error) == FILE_NOT_EXIST)
580 /* If the file does exist, or we can't tell (non-root mounted NFS directory)
581 we have to create the subprocess to do everything as the given user. The
582 results of processing are passed back via a pipe. */
585 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "creation of pipe for filter or "
586 ":include: failed for %s: %s", rname, strerror(errno));
588 /* Ensure that SIGCHLD is set to SIG_DFL before forking, so that the child
589 process can be waited for. We sometimes get here with it set otherwise. Save
590 the old state for resetting on the wait. */
592 oldsignal = signal(SIGCHLD, SIG_DFL);
593 if ((pid = fork()) == 0)
595 header_line *waslast = header_last; /* Save last header */
597 fd = pfd[pipe_write];
598 close(pfd[pipe_read]);
599 exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
601 /* Addresses can get rewritten in filters; if we are not root or the exim
602 user (and we probably are not), turn off rewrite logging, because we cannot
603 write to the log now. */
605 if (ugid->uid != root_uid && ugid->uid != exim_uid)
607 DEBUG(D_rewrite) debug_printf("turned off address rewrite logging (not "
608 "root or exim in this process)\n");
609 log_write_selector &= ~L_address_rewrite;
612 /* Now do the business */
614 yield = rda_extract(rdata, options, include_directory,
615 sieve_vacation_directory, generated, error, eblockp, filtertype);
617 /* Pass back whether it was a filter, and the return code and any overall
618 error text via the pipe. */
620 write(fd, filtertype, sizeof(int));
621 write(fd, &yield, sizeof(int));
622 rda_write_string(fd, *error);
624 /* Pass back the contents of any syntax error blocks if we have a pointer */
629 for (ep = *eblockp; ep != NULL; ep = ep->next)
631 rda_write_string(fd, ep->text1);
632 rda_write_string(fd, ep->text2);
634 rda_write_string(fd, NULL); /* Indicates end of eblocks */
637 /* If this is a system filter, we have to pass back the numbers of any
638 original header lines that were removed, and then any header lines that were
639 added but not subsequently removed. */
641 if (system_filtering)
645 for (h = header_list; h != waslast->next; i++, h = h->next)
647 if (h->type == htype_old) write(fd, &i, sizeof(i));
650 write(fd, &i, sizeof(i));
652 while (waslast != header_last)
654 waslast = waslast->next;
655 if (waslast->type != htype_old)
657 rda_write_string(fd, waslast->text);
658 write(fd, &(waslast->type), sizeof(waslast->type));
661 rda_write_string(fd, NULL); /* Indicates end of added headers */
664 /* Write the contents of the $n variables */
666 write(fd, filter_n, sizeof(filter_n));
668 /* If the result was DELIVERED or NOTDELIVERED, we pass back the generated
669 addresses, and their associated information, through the pipe. This is
670 just tedious, but it seems to be the only safe way. We do this also for
671 FAIL and FREEZE, because a filter is allowed to set up deliveries that
672 are honoured before freezing or failing. */
674 if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
675 yield == FF_FAIL || yield == FF_FREEZE)
678 for (addr = *generated; addr != NULL; addr = addr->next)
680 int reply_options = 0;
682 rda_write_string(fd, addr->address);
683 write(fd, &(addr->mode), sizeof(addr->mode));
684 write(fd, &(addr->flags), sizeof(addr->flags));
685 rda_write_string(fd, addr->p.errors_address);
687 if (addr->pipe_expandn != NULL)
690 for (pp = addr->pipe_expandn; *pp != NULL; pp++)
691 rda_write_string(fd, *pp);
693 rda_write_string(fd, NULL);
695 if (addr->reply == NULL)
696 write(fd, &reply_options, sizeof(int)); /* 0 means no reply */
699 reply_options |= REPLY_EXISTS;
700 if (addr->reply->file_expand) reply_options |= REPLY_EXPAND;
701 if (addr->reply->return_message) reply_options |= REPLY_RETURN;
702 write(fd, &reply_options, sizeof(int));
703 write(fd, &(addr->reply->expand_forbid), sizeof(int));
704 write(fd, &(addr->reply->once_repeat), sizeof(time_t));
705 rda_write_string(fd, addr->reply->to);
706 rda_write_string(fd, addr->reply->cc);
707 rda_write_string(fd, addr->reply->bcc);
708 rda_write_string(fd, addr->reply->from);
709 rda_write_string(fd, addr->reply->reply_to);
710 rda_write_string(fd, addr->reply->subject);
711 rda_write_string(fd, addr->reply->headers);
712 rda_write_string(fd, addr->reply->text);
713 rda_write_string(fd, addr->reply->file);
714 rda_write_string(fd, addr->reply->logfile);
715 rda_write_string(fd, addr->reply->oncelog);
719 rda_write_string(fd, NULL); /* Marks end of addresses */
722 /* OK, this process is now done. Must use _exit() and not exit() !! */
728 /* Back in the main process: panic if the fork did not succeed. */
731 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for %s", rname);
733 /* Read the pipe to get the data from the filter/forward. Our copy of the
734 writing end must be closed first, as otherwise read() won't return zero on an
735 empty pipe. Afterwards, close the reading end. */
737 close(pfd[pipe_write]);
739 /* Read initial data, including yield and contents of *error */
742 if (read(fd, filtertype, sizeof(int)) != sizeof(int) ||
743 read(fd, &yield, sizeof(int)) != sizeof(int) ||
744 !rda_read_string(fd, error)) goto DISASTER;
747 debug_printf("rda_interpret: subprocess yield=%d error=%s\n", yield, *error);
749 /* Read the contents of any syntax error blocks if we have a pointer */
755 error_block **p = eblockp;
758 if (!rda_read_string(fd, &s)) goto DISASTER;
759 if (s == NULL) break;
760 e = store_get(sizeof(error_block));
763 if (!rda_read_string(fd, &s)) goto DISASTER;
770 /* If this is a system filter, read the identify of any original header lines
771 that were removed, and then read data for any new ones that were added. */
773 if (system_filtering)
776 header_line *h = header_list;
781 if (read(fd, &n, sizeof(int)) != sizeof(int)) goto DISASTER;
787 if (h == NULL) goto DISASTER_NO_HEADER;
796 if (!rda_read_string(fd, &s)) goto DISASTER;
797 if (s == NULL) break;
798 if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER;
799 header_add(type, "%s", s);
803 /* Read the values of the $n variables */
805 if (read(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n)) goto DISASTER;
807 /* If the yield is DELIVERED, NOTDELIVERED, FAIL, or FREEZE there may follow
808 addresses and data to go with them. Keep them in the same order in the
811 if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED ||
812 yield == FF_FAIL || yield == FF_FREEZE)
814 address_item **nextp = generated;
818 int i, reply_options;
821 uschar *expandn[EXPAND_MAXN + 2];
823 /* First string is the address; NULL => end of addresses */
825 if (!rda_read_string(fd, &recipient)) goto DISASTER;
826 if (recipient == NULL) break;
828 /* Hang on the end of the chain */
830 addr = deliver_make_addr(recipient, FALSE);
832 nextp = &(addr->next);
834 /* Next comes the mode and the flags fields */
836 if (read(fd, &(addr->mode), sizeof(addr->mode)) != sizeof(addr->mode) ||
837 read(fd, &(addr->flags), sizeof(addr->flags)) != sizeof(addr->flags) ||
838 !rda_read_string(fd, &(addr->p.errors_address))) goto DISASTER;
840 /* Next comes a possible setting for $thisaddress and any numerical
841 variables for pipe expansion, terminated by a NULL string. The maximum
842 number of numericals is EXPAND_MAXN. Note that we put filter_thisaddress
843 into the zeroth item in the vector - this is sorted out inside the pipe
846 for (i = 0; i < EXPAND_MAXN + 1; i++)
849 if (!rda_read_string(fd, &temp)) goto DISASTER;
850 if (i == 0) filter_thisaddress = temp; /* Just in case */
852 if (temp == NULL) break;
857 addr->pipe_expandn = store_get((i+1) * sizeof(uschar **));
858 addr->pipe_expandn[i] = NULL;
859 while (--i >= 0) addr->pipe_expandn[i] = expandn[i];
862 /* Then an int containing reply options; zero => no reply data. */
864 if (read(fd, &reply_options, sizeof(int)) != sizeof(int)) goto DISASTER;
865 if ((reply_options & REPLY_EXISTS) != 0)
867 addr->reply = store_get(sizeof(reply_item));
869 addr->reply->file_expand = (reply_options & REPLY_EXPAND) != 0;
870 addr->reply->return_message = (reply_options & REPLY_RETURN) != 0;
872 if (read(fd,&(addr->reply->expand_forbid),sizeof(int)) !=
874 read(fd,&(addr->reply->once_repeat),sizeof(time_t)) !=
876 !rda_read_string(fd, &(addr->reply->to)) ||
877 !rda_read_string(fd, &(addr->reply->cc)) ||
878 !rda_read_string(fd, &(addr->reply->bcc)) ||
879 !rda_read_string(fd, &(addr->reply->from)) ||
880 !rda_read_string(fd, &(addr->reply->reply_to)) ||
881 !rda_read_string(fd, &(addr->reply->subject)) ||
882 !rda_read_string(fd, &(addr->reply->headers)) ||
883 !rda_read_string(fd, &(addr->reply->text)) ||
884 !rda_read_string(fd, &(addr->reply->file)) ||
885 !rda_read_string(fd, &(addr->reply->logfile)) ||
886 !rda_read_string(fd, &(addr->reply->oncelog)))
892 /* All data has been transferred from the sub-process. Reap it, close the
893 reading end of the pipe, and we are done. */
896 while ((rc = wait(&status)) != pid)
898 if (rc < 0 && errno == ECHILD) /* Process has vanished */
900 log_write(0, LOG_MAIN, "redirection process %d vanished unexpectedly", pid);
907 *error = string_sprintf("internal problem in %s: failure to transfer "
908 "data from subprocess: status=%04x%s%s%s", rname,
910 (*error == NULL)? US"" : US": error=",
911 (*error == NULL)? US"" : *error);
912 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error);
914 else if (status != 0)
916 log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status "
917 "%04x from redirect subprocess (but data correctly received)", rname,
923 signal(SIGCHLD, oldsignal); /* restore */
927 /* Come here if the data indicates removal of a header that we can't find */
930 readerror = US" readerror=bad header identifier";
935 /* Come here is there's a shambles in transferring the data over the pipe. The
936 value of errno should still be set. */
939 readerror = string_sprintf(" readerror='%s'", strerror(errno));