-/* $Cambridge: exim/src/src/spool_in.c,v 1.5 2005/01/12 12:24:13 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2012 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for reading spool files. When compiling for a utility (eximon),
Unix systems it doesn't make any difference as long as Exim is consistent in
what it locks. */
-fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
+(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
FD_CLOEXEC);
lock_data.l_type = F_WRLCK;
log_write(L_skip_delivery,
LOG_MAIN,
"Spool file is locked (another process is handling this message)");
- close(deliver_datafile);
+ (void)close(deliver_datafile);
deliver_datafile = -1;
errno = 0;
return FALSE;
int rcount = 0;
long int uid, gid;
BOOL inheader = FALSE;
-uschar originator[64];
+uschar *p;
/* Reset all the global variables to their default values. However, there is
one exception. DO NOT change the default value of dont_deliver, because it may
be forced by an external setting. */
-for (n = 0; n < ACL_C_MAX + ACL_M_MAX; n++) acl_var[n] = NULL;
-
+acl_var_c = acl_var_m = NULL;
authenticated_id = NULL;
authenticated_sender = NULL;
allow_unqualified_recipient = FALSE;
deliver_manual_thaw = FALSE;
/* dont_deliver must NOT be reset */
header_list = header_last = NULL;
+host_lookup_deferred = FALSE;
host_lookup_failed = FALSE;
interface_address = NULL;
interface_port = 0;
local_error_message = FALSE;
local_scan_data = NULL;
+max_received_linelength = 0;
message_linecount = 0;
received_protocol = NULL;
received_count = 0;
bmi_verdicts = NULL;
#endif
+#ifndef DISABLE_DKIM
+dkim_signers = NULL;
+dkim_disable_verify = FALSE;
+dkim_collect_input = FALSE;
+#endif
+
#ifdef SUPPORT_TLS
-tls_certificate_verified = FALSE;
-tls_cipher = NULL;
-tls_peerdn = NULL;
+tls_in.certificate_verified = FALSE;
+# ifdef EXPERIMENTAL_DANE
+tls_in.dane_verified = FALSE;
+# endif
+tls_in.cipher = NULL;
+tls_in.ourcert = NULL;
+tls_in.peercert = NULL;
+tls_in.peerdn = NULL;
+tls_in.sni = NULL;
+tls_in.ocsp = OCSP_NOT_REQ;
#endif
#ifdef WITH_CONTENT_SCAN
spam_score_int = NULL;
#endif
+#ifdef EXPERIMENTAL_DSN
+dsn_ret = 0;
+dsn_envid = NULL;
+#endif
+
/* Generate the full name and open the file. If message_subdir is already
set, just look in the given directory. Otherwise, look in both the split
and unsplit directories, as for the data file above. */
/* The next three lines in the header file are in a fixed format. The first
contains the login, uid, and gid of the user who caused the file to be written.
-The second contains the mail address of the message's sender, enclosed in <>.
-The third contains the time the message was received, and the number of warning
-messages for delivery delays that have been sent. */
+There are known cases where a negative gid is used, so we allow for both
+negative uids and gids. The second contains the mail address of the message's
+sender, enclosed in <>. The third contains the time the message was received,
+and the number of warning messages for delivery delays that have been sent. */
if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
-if (sscanf(CS big_buffer, "%s %ld %ld", originator, &uid, &gid) != 3)
- goto SPOOL_FORMAT_ERROR;
-originator_login = string_copy(originator);
+p = big_buffer + Ustrlen(big_buffer);
+while (p > big_buffer && isspace(p[-1])) p--;
+*p = 0;
+if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
+while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
+gid = Uatoi(p);
+if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
+*p = 0;
+if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR;
+while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--;
+uid = Uatoi(p);
+if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR;
+*p = 0;
+
+originator_login = string_copy(big_buffer);
originator_uid = (uid_t)uid;
originator_gid = (gid_t)gid;
sender_address);
#endif /* COMPILE_UTILITY */
-/* Now there may be a number of optional lines, each starting with "-".
-If you add a new setting here, make sure you set the default above. */
+/* Now there may be a number of optional lines, each starting with "-". If you
+add a new setting here, make sure you set the default above.
+
+Because there are now quite a number of different possibilities, we use a
+switch on the first character to avoid too many failing tests. Thanks to Nico
+Erfurth for the patch that implemented this. I have made it even more efficient
+by not re-scanning the first two characters.
+To allow new versions of Exim that add additional flags to interwork with older
+versions that do not understand them, just ignore any lines starting with "-"
+that we don't recognize. Otherwise it wouldn't be possible to back off a new
+version that left new-style flags written on the spool. */
+
+p = big_buffer + 2;
for (;;)
{
if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR;
if (big_buffer[0] != '-') break;
-
big_buffer[Ustrlen(big_buffer) - 1] = 0;
- if (Ustrncmp(big_buffer, "-acl ", 5) == 0)
+
+ switch(big_buffer[1])
{
- int index, count;
- if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
- goto SPOOL_FORMAT_ERROR;
- /* Ignore if index too big - might be if a later release with more
- variables built this spool file. */
- if (index < ACL_C_MAX + ACL_M_MAX)
+ case 'a':
+
+ /* Nowadays we use "-aclc" and "-aclm" for the different types of ACL
+ variable, because Exim allows any number of them, with arbitrary names.
+ The line in the spool file is "-acl[cm] <name> <length>". The name excludes
+ the c or m. */
+
+ if (Ustrncmp(p, "clc ", 4) == 0 ||
+ Ustrncmp(p, "clm ", 4) == 0)
{
- acl_var[index] = store_get(count + 1);
- if (fread(acl_var[index], 1, count+1, f) < count) goto SPOOL_READ_ERROR;
- acl_var[index][count] = 0;
+ uschar *name, *endptr;
+ int count;
+ tree_node *node;
+ endptr = Ustrchr(big_buffer + 6, ' ');
+ if (endptr == NULL) goto SPOOL_FORMAT_ERROR;
+ name = string_sprintf("%c%.*s", big_buffer[4], endptr - big_buffer - 6,
+ big_buffer + 6);
+ if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
+ node = acl_var_create(name);
+ node->data.ptr = store_get(count + 1);
+ if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
+ ((uschar*)node->data.ptr)[count] = 0;
}
- }
- else if (Ustrcmp(big_buffer, "-local") == 0) sender_local = TRUE;
- else if (Ustrcmp(big_buffer, "-localerror") == 0)
- local_error_message = TRUE;
- else if (Ustrncmp(big_buffer, "-local_scan ", 12) == 0)
- local_scan_data = string_copy(big_buffer + 12);
-#ifdef WITH_CONTENT_SCAN
- else if (Ustrncmp(big_buffer, "-spam_score_int ", 16) == 0)
- spam_score_int = string_copy(big_buffer + 16);
-#endif
-#ifdef EXPERIMENTAL_BRIGHTMAIL
- else if (Ustrncmp(big_buffer, "-bmi_verdicts ", 14) == 0)
- bmi_verdicts = string_copy(big_buffer + 14);
-#endif
- else if (Ustrcmp(big_buffer, "-host_lookup_failed") == 0)
- host_lookup_failed = TRUE;
- else if (Ustrncmp(big_buffer, "-body_linecount", 15) == 0)
- body_linecount = Uatoi(big_buffer + 15);
- else if (Ustrncmp(big_buffer, "-body_zerocount", 15) == 0)
- body_zerocount = Uatoi(big_buffer + 15);
- else if (Ustrncmp(big_buffer, "-frozen", 7) == 0)
- {
- deliver_freeze = TRUE;
- deliver_frozen_at = Uatoi(big_buffer + 7);
- }
- else if (Ustrcmp(big_buffer, "-allow_unqualified_recipient") == 0)
- allow_unqualified_recipient = TRUE;
- else if (Ustrcmp(big_buffer, "-allow_unqualified_sender") == 0)
- allow_unqualified_sender = TRUE;
- else if (Ustrcmp(big_buffer, "-deliver_firsttime") == 0)
- deliver_firsttime = TRUE;
- else if (Ustrcmp(big_buffer, "-manual_thaw") == 0)
- deliver_manual_thaw = TRUE;
- else if (Ustrncmp(big_buffer, "-auth_id", 8) == 0)
- authenticated_id = string_copy(big_buffer + 9);
- else if (Ustrncmp(big_buffer, "-auth_sender", 12) == 0)
- authenticated_sender = string_copy(big_buffer + 13);
- else if (Ustrncmp(big_buffer, "-sender_set_untrusted", 21) == 0)
- sender_set_untrusted = TRUE;
-
- #ifdef SUPPORT_TLS
- else if (Ustrncmp(big_buffer, "-tls_certificate_verified", 25) == 0)
- tls_certificate_verified = TRUE;
- else if (Ustrncmp(big_buffer, "-tls_cipher", 11) == 0)
- tls_cipher = string_copy(big_buffer + 12);
- else if (Ustrncmp(big_buffer, "-tls_peerdn", 11) == 0)
- tls_peerdn = string_copy(big_buffer + 12);
- #endif
- /* We now record the port number after the address, separated by a
- dot. For compatibility during upgrading, do nothing if there
- isn't a value (it gets left at zero). */
+ else if (Ustrcmp(p, "llow_unqualified_recipient") == 0)
+ allow_unqualified_recipient = TRUE;
+ else if (Ustrcmp(p, "llow_unqualified_sender") == 0)
+ allow_unqualified_sender = TRUE;
+
+ else if (Ustrncmp(p, "uth_id", 6) == 0)
+ authenticated_id = string_copy(big_buffer + 9);
+ else if (Ustrncmp(p, "uth_sender", 10) == 0)
+ authenticated_sender = string_copy(big_buffer + 13);
+ else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
+ smtp_active_hostname = string_copy(big_buffer + 17);
+
+ /* For long-term backward compatibility, we recognize "-acl", which was
+ used before the number of ACL variables changed from 10 to 20. This was
+ before the subsequent change to an arbitrary number of named variables.
+ This code is retained so that upgrades from very old versions can still
+ handle old-format spool files. The value given after "-acl" is a number
+ that is 0-9 for connection variables, and 10-19 for message variables. */
+
+ else if (Ustrncmp(p, "cl ", 3) == 0)
+ {
+ int index, count;
+ uschar name[20]; /* Need plenty of space for %d format */
+ tree_node *node;
+ if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
+ goto SPOOL_FORMAT_ERROR;
+ if (index < 10)
+ (void) string_format(name, sizeof(name), "%c%d", 'c', index);
+ else if (index < 20) /* ignore out-of-range index */
+ (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
+ node = acl_var_create(name);
+ node->data.ptr = store_get(count + 1);
+ if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR;
+ ((uschar*)node->data.ptr)[count] = 0;
+ }
+ break;
+
+ case 'b':
+ if (Ustrncmp(p, "ody_linecount", 13) == 0)
+ body_linecount = Uatoi(big_buffer + 15);
+ else if (Ustrncmp(p, "ody_zerocount", 13) == 0)
+ body_zerocount = Uatoi(big_buffer + 15);
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
+ else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
+ bmi_verdicts = string_copy(big_buffer + 14);
+ #endif
+ break;
+
+ case 'd':
+ if (Ustrcmp(p, "eliver_firsttime") == 0)
+ deliver_firsttime = TRUE;
+ #ifdef EXPERIMENTAL_DSN
+ /* Check if the dsn flags have been set in the header file */
+ else if (Ustrncmp(p, "sn_ret", 6) == 0)
+ {
+ dsn_ret= atoi(big_buffer + 8);
+ }
+ else if (Ustrncmp(p, "sn_envid", 8) == 0)
+ {
+ dsn_envid = string_copy(big_buffer + 11);
+ }
+ #endif
+ break;
- else if (Ustrncmp(big_buffer, "-host_address", 13) == 0)
- {
- sender_host_port = host_extract_port(big_buffer + 14);
- sender_host_address = string_copy(big_buffer + 14);
- }
+ case 'f':
+ if (Ustrncmp(p, "rozen", 5) == 0)
+ {
+ deliver_freeze = TRUE;
+ sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
+ }
+ break;
+
+ case 'h':
+ if (Ustrcmp(p, "ost_lookup_deferred") == 0)
+ host_lookup_deferred = TRUE;
+ else if (Ustrcmp(p, "ost_lookup_failed") == 0)
+ host_lookup_failed = TRUE;
+ else if (Ustrncmp(p, "ost_auth", 8) == 0)
+ sender_host_authenticated = string_copy(big_buffer + 11);
+ else if (Ustrncmp(p, "ost_name", 8) == 0)
+ sender_host_name = string_copy(big_buffer + 11);
+ else if (Ustrncmp(p, "elo_name", 8) == 0)
+ sender_helo_name = string_copy(big_buffer + 11);
+
+ /* We now record the port number after the address, separated by a
+ dot. For compatibility during upgrading, do nothing if there
+ isn't a value (it gets left at zero). */
+
+ else if (Ustrncmp(p, "ost_address", 11) == 0)
+ {
+ sender_host_port = host_address_extract_port(big_buffer + 14);
+ sender_host_address = string_copy(big_buffer + 14);
+ }
+ break;
- else if (Ustrncmp(big_buffer, "-interface_address", 18) == 0)
- {
- interface_port = host_extract_port(big_buffer + 19);
- interface_address = string_copy(big_buffer + 19);
+ case 'i':
+ if (Ustrncmp(p, "nterface_address", 16) == 0)
+ {
+ interface_port = host_address_extract_port(big_buffer + 19);
+ interface_address = string_copy(big_buffer + 19);
+ }
+ else if (Ustrncmp(p, "dent", 4) == 0)
+ sender_ident = string_copy(big_buffer + 7);
+ break;
+
+ case 'l':
+ if (Ustrcmp(p, "ocal") == 0) sender_local = TRUE;
+ else if (Ustrcmp(big_buffer, "-localerror") == 0)
+ local_error_message = TRUE;
+ else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
+ local_scan_data = string_copy(big_buffer + 12);
+ break;
+
+ case 'm':
+ if (Ustrcmp(p, "anual_thaw") == 0) deliver_manual_thaw = TRUE;
+ else if (Ustrncmp(p, "ax_received_linelength", 22) == 0)
+ max_received_linelength = Uatoi(big_buffer + 24);
+ break;
+
+ case 'N':
+ if (*p == 0) dont_deliver = TRUE; /* -N */
+ break;
+
+ case 'r':
+ if (Ustrncmp(p, "eceived_protocol", 16) == 0)
+ received_protocol = string_copy(big_buffer + 19);
+ break;
+
+ case 's':
+ if (Ustrncmp(p, "ender_set_untrusted", 19) == 0)
+ sender_set_untrusted = TRUE;
+ #ifdef WITH_CONTENT_SCAN
+ else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
+ spam_score_int = string_copy(big_buffer + 16);
+ #endif
+ break;
+
+ #ifdef SUPPORT_TLS
+ case 't':
+ if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
+ tls_in.certificate_verified = TRUE;
+ else if (Ustrncmp(p, "ls_cipher", 9) == 0)
+ tls_in.cipher = string_copy(big_buffer + 12);
+#ifndef COMPILE_UTILITY
+ else if (Ustrncmp(p, "ls_ourcert", 10) == 0)
+ (void) tls_import_cert(big_buffer + 13, &tls_in.ourcert);
+ else if (Ustrncmp(p, "ls_peercert", 11) == 0)
+ (void) tls_import_cert(big_buffer + 14, &tls_in.peercert);
+#endif
+ else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
+ tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
+ else if (Ustrncmp(p, "ls_sni", 6) == 0)
+ tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
+ else if (Ustrncmp(p, "ls_ocsp", 7) == 0)
+ tls_in.ocsp = big_buffer[10] - '0';
+ break;
+ #endif
+
+ default: /* Present because some compilers complain if all */
+ break; /* possibilities are not covered. */
}
-
- else if (Ustrncmp(big_buffer, "-active_hostname", 16) == 0)
- smtp_active_hostname = string_copy(big_buffer + 17);
- else if (Ustrncmp(big_buffer, "-host_auth", 10) == 0)
- sender_host_authenticated = string_copy(big_buffer + 11);
- else if (Ustrncmp(big_buffer, "-host_name", 10) == 0)
- sender_host_name = string_copy(big_buffer + 11);
- else if (Ustrncmp(big_buffer, "-helo_name", 10) == 0)
- sender_helo_name = string_copy(big_buffer + 11);
- else if (Ustrncmp(big_buffer, "-ident", 6) == 0)
- sender_ident = string_copy(big_buffer + 7);
- else if (Ustrncmp(big_buffer, "-received_protocol", 18) == 0)
- received_protocol = string_copy(big_buffer + 19);
- else if (Ustrncmp(big_buffer, "-N", 2) == 0)
- dont_deliver = TRUE;
-
- /* To allow new versions of Exim that add additional flags to interwork
- with older versions that do not understand them, just ignore any flagged
- lines that we don't recognize. Otherwise it wouldn't be possible to back
- off a new version that left new-style flags written on the spool. That's
- why the following line is commented out. */
-
- /* else goto SPOOL_FORMAT_ERROR; */
}
/* Build sender_fullhost if required */
{
int nn;
int pno = -1;
+ #ifdef EXPERIMENTAL_DSN
+ int dsn_flags = 0;
+ uschar *orcpt = NULL;
+ #endif
uschar *errors_to = NULL;
uschar *p;
ends with <errors_to address><space><len>,<pno> where pno is
the parent number for one_time addresses, and len is the length
of the errors_to address (zero meaning none).
+
+ Bit 02 indicates that, again reading from right to left, the data continues
+ with orcpt len(orcpt),dsn_flags
*/
while (isdigit(*p)) p--;
if (*p == ' ')
{
*p++ = 0;
- sscanf(CS p, "%d,%d", &dummy, &pno);
+ (void)sscanf(CS p, "%d,%d", &dummy, &pno);
}
}
else if (*p == ' ')
{
*p++ = 0;
- sscanf(CS p, "%d", &pno);
+ (void)sscanf(CS p, "%d", &pno);
}
/* Handle current format Exim 4 spool files */
else if (*p == '#')
{
int flags;
- sscanf(CS p+1, "%d", &flags);
+
+ #ifdef EXPERIMENTAL_DSN
+ #ifndef COMPILE_UTILITY
+ DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 4 standard format spoolfile\n");
+ #endif /* COMPILE_UTILITY */
+ #endif
+
+ (void)sscanf(CS p+1, "%d", &flags);
if ((flags & 0x01) != 0) /* one_time data exists */
{
int len;
while (isdigit(*(--p)) || *p == ',' || *p == '-');
- sscanf(CS p+1, "%d,%d", &len, &pno);
+ (void)sscanf(CS p+1, "%d,%d", &len, &pno);
*p = 0;
if (len > 0)
{
p -= len;
errors_to = string_copy(p);
- }
+ }
}
*(--p) = 0; /* Terminate address */
+#ifdef EXPERIMENTAL_DSN
+ if ((flags & 0x02) != 0) /* one_time data exists */
+ {
+ int len;
+ while (isdigit(*(--p)) || *p == ',' || *p == '-');
+ (void)sscanf(CS p+1, "%d,%d", &len, &dsn_flags);
+ *p = 0;
+ if (len > 0)
+ {
+ p -= len;
+ orcpt = string_copy(p);
+ }
+ }
+
+ *(--p) = 0; /* Terminate address */
+#endif /* EXPERIMENTAL_DSN */
+ }
+#ifdef EXPERIMENTAL_DSN
+ #ifndef COMPILE_UTILITY
+ else
+ {
+ DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n");
}
+ if ((orcpt != NULL) || (dsn_flags != 0))
+ {
+ DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| orcpt: |%s| dsn_flags: %d\n",
+ big_buffer, orcpt, dsn_flags);
+ }
+ if (errors_to != NULL)
+ {
+ DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: |%s| errorsto: |%s|\n",
+ big_buffer, errors_to);
+ }
+ #endif /* COMPILE_UTILITY */
+#endif /* EXPERIMENTAL_DSN */
+
recipients_list[recipients_count].address = string_copy(big_buffer);
recipients_list[recipients_count].pno = pno;
recipients_list[recipients_count].errors_to = errors_to;
+ #ifdef EXPERIMENTAL_DSN
+ recipients_list[recipients_count].orcpt = orcpt;
+ recipients_list[recipients_count].dsn_flags = dsn_flags;
+ #endif
}
/* The remainder of the spool header file contains the headers for the message,
int i;
if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
- ungetc(n, f);
- fscanf(f, "%d%c ", &n, flag);
+ if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
+ goto SPOOL_READ_ERROR;
if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
if (read_headers)
return inheader? spool_read_hdrerror : spool_read_enverror;
}
+/* vi: aw ai sw=2
+*/
/* End of spool_in.c */