1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions concerned with rewriting headers */
9
10
11 #include "exim.h"
12
13 /* Names for testing rewriting */
14
15 static const char *rrname[] = {
16 " sender",
17 " from",
18 " to",
19 " cc",
20 " bcc",
21 "reply-to",
22 "env-from",
23 " env-to"
24 };
25
26 /* Structure and table for finding source of address for debug printing */
27
28 typedef struct where_list_block {
29 int bit;
30 const uschar *string;
31 } where_list_block;
32
33 static where_list_block where_list[] = {
34 { rewrite_sender, CUS"sender:" },
35 { rewrite_from, CUS"from:" },
36 { rewrite_to, CUS"to:" },
37 { rewrite_cc, CUS"cc:" },
38 { rewrite_bcc, CUS"bcc:" },
39 { rewrite_replyto, CUS"reply-to:" },
40 { rewrite_envfrom, CUS"env-from" },
41 { rewrite_envto, CUS"env-to" },
42 { rewrite_smtp, CUS"smtp recipient" },
43 { rewrite_smtp|rewrite_smtp_sender, CUS"smtp sender" }
44 };
45
46 static int where_list_size = sizeof(where_list)/sizeof(where_list_block);
47
48
49
50 /*************************************************
51 * Ensure an address is qualified *
52 *************************************************/
53
54 /*
55 Arguments:
56 s address to check
57 is_recipient TRUE if a recipient address; FALSE if a sender address
58
59 Returns: fully-qualified address
60 */
61
62 const uschar *
rewrite_address_qualify(const uschar * s,BOOL is_recipient)63 rewrite_address_qualify(const uschar *s, BOOL is_recipient)
64 {
65 return parse_find_at(s)
66 ? s : string_sprintf("%s@%s", s,
67 is_recipient ? qualify_domain_recipient : qualify_domain_sender);
68 }
69
70
71
72 /*************************************************
73 * Rewrite a single address *
74 *************************************************/
75
76 /* The yield is the input address if there is no rewriting to be done. Assume
77 the input is a valid address, except in the case of SMTP-time rewriting, which
78 is handled specially. When this function is called while processing filter and
79 forward files, the uid may be that of the user. Ensure it is reset while
80 expanding a replacement, in case that involves file lookups.
81
82 Arguments:
83 s address to rewrite
84 flag indicates where this address comes from; it must match the
85 flags in the rewriting rule
86 whole if not NULL, set TRUE if any rewriting rule contained the
87 "whole" bit and it is a header that is being rewritten
88 add_header if TRUE and rewriting occurs, add an "X-rewrote-xxx" header
89 if headers are in existence; this should be TRUE only when
90 a message is being received, not during delivery
91 name name of header, for use when adding X-rewrote-xxxx
92 rewrite_rules chain of rewriting rules
93
94 Returns: new address if rewritten; the input address if no change;
95 for a header rewrite, if the "whole" bit is set, the entire
96 rewritten address is returned, not just the active bit.
97 */
98
99 const uschar *
rewrite_one(const uschar * s,int flag,BOOL * whole,BOOL add_header,uschar * name,rewrite_rule * rewrite_rules)100 rewrite_one(const uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *name,
101 rewrite_rule *rewrite_rules)
102 {
103 const uschar *yield = s;
104 const uschar *subject = s;
105 uschar *domain = NULL;
106 BOOL done = FALSE;
107 int rule_number = 1;
108 int yield_start = 0, yield_end = 0;
109
110 if (whole) *whole = FALSE;
111
112 /* Scan the rewriting rules, ignoring any without matching flag */
113
114 for (rewrite_rule * rule = rewrite_rules;
115 rule && !done;
116 rule_number++, rule = rule->next) if (rule->flags & flag)
117 {
118 int start, end, pdomain;
119 int count = 0;
120 uschar *save_localpart;
121 const uschar *save_domain;
122 uschar *error, *new;
123 const uschar * newparsed;
124
125 /* Come back here for a repeat after a successful rewrite. We do this
126 only so many times. */
127
128 REPEAT_RULE:
129
130 /* If this is an SMTP-time rewrite, the pattern must be a regex and
131 the subject may have any structure. No local part or domain variables
132 can be set for the expansion. We expand the pattern in order to be consistent
133 with the other kinds of rewrite, where expansion happens inside
134 match_address_list(). */
135
136 if (flag & rewrite_smtp)
137 {
138 uschar *key = expand_string(rule->key);
139 if (!key)
140 {
141 if (!f.expand_string_forcedfail)
142 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" while "
143 "checking for SMTP rewriting: %s", rule->key, expand_string_message);
144 continue;
145 }
146 if (match_check_string(subject, key, 0, TRUE, FALSE, FALSE, NULL) != OK)
147 continue;
148 new = expand_string(rule->replacement);
149 }
150
151 /* All other rewrites expect the input to be a valid address, so local part
152 and domain variables can be set for expansion. For the first rule, to be
153 applied to this address, domain will be NULL and needs to be set. */
154
155 else
156 {
157 if (!domain) domain = Ustrrchr(subject, '@') + 1;
158
159 /* Use the general function for matching an address against a list (here
160 just one item, so use the "impossible value" separator UCHAR_MAX+1). */
161
162 if (match_address_list(subject, FALSE, TRUE, CUSS &(rule->key), NULL, 0,
163 UCHAR_MAX + 1, NULL) != OK)
164 continue;
165
166 /* The source address matches, and numerical variables have been
167 set up. If the replacement string consists of precisely "*" then no
168 rewriting is required for this address - the behaviour is as for "fail"
169 in the replacement expansion, but assuming the quit flag. */
170
171 if (Ustrcmp(rule->replacement, "*") == 0) break;
172
173 /* Otherwise, expand the replacement string. Set $local_part and $domain to
174 the appropriate values, restoring whatever value they previously had
175 afterwards. */
176
177 save_localpart = deliver_localpart;
178 save_domain = deliver_domain;
179
180 /* We have subject pointing to "localpart@domain" and domain pointing to
181 the domain. Temporarily terminate the local part so that it can be
182 set up as an expansion variable */
183
184 domain[-1] = 0;
185 deliver_localpart = US subject;
186 deliver_domain = domain;
187
188 new = expand_string(rule->replacement);
189
190 domain[-1] = '@';
191 deliver_localpart = save_localpart;
192 deliver_domain = save_domain;
193 }
194
195 /* If the expansion failed with the "forcedfail" flag, don't generate
196 an error - just give up on this rewriting rule. If the "q" flag is set,
197 give up altogether. For other expansion failures we have a configuration
198 error. */
199
200 if (!new)
201 {
202 if (f.expand_string_forcedfail)
203 { if (rule->flags & rewrite_quit) break; else continue; }
204
205 expand_string_message = expand_hide_passwords(expand_string_message);
206
207 log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
208 "%s", rule->replacement, expand_string_message);
209 break;
210 }
211
212 /* Check the what has been generated is a valid RFC 2822 address. Only
213 envelope from or SMTP sender is permitted to be rewritten as <>.*/
214
215 newparsed = parse_extract_address(new, &error, &start, &end, &pdomain,
216 flag == rewrite_envfrom || flag == (rewrite_smtp|rewrite_smtp_sender));
217
218 if (!newparsed)
219 {
220 log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unparseable "
221 "address: %s in address %s", subject, error, new);
222 break; /* Give up on this address */
223 }
224
225 /* A non-null unqualified address can be qualified if requested. Otherwise,
226 this is an error unless it's the empty address in circumstances where that is
227 permitted. */
228
229 if (pdomain == 0 && (*newparsed != 0 ||
230 (flag != rewrite_envfrom && flag != (rewrite_smtp|rewrite_smtp_sender))))
231 {
232 if (rule->flags & rewrite_qualify)
233 {
234 newparsed = rewrite_address_qualify(newparsed, TRUE);
235 new = string_sprintf("%.*s%s%.*s", start, new, newparsed,
236 Ustrlen(new) - end, new + end);
237 end = start + Ustrlen(newparsed);
238 }
239 else
240 {
241 log_write(0, LOG_MAIN|LOG_PANIC, "Rewrite of %s yielded unqualified "
242 "address \"%s\"", subject, new);
243 break; /* Give up on this address */
244 }
245 }
246
247 /* We have a validly rewritten address */
248
249 if (LOGGING(address_rewrite) || (debug_selector & D_rewrite) != 0)
250 {
251 const uschar *where = CUS"?";
252
253 for (int i = 0; i < where_list_size; i++)
254 if (flag == where_list[i].bit)
255 {
256 where = where_list[i].string;
257 break;
258 }
259 log_write(L_address_rewrite,
260 LOG_MAIN, "\"%s\" from %s rewritten as \"%s\" by rule %d",
261 yield, where, new, rule_number);
262 }
263
264 /* A header will only actually be added if header_last is non-NULL,
265 i.e. during message reception or delivery, but add_header should not
266 be set TRUE during delivery, as otherwise multiple instances of the header
267 can fill up the -H file and make it embarrassingly large. We don't need
268 to set header_rewritten because the -H file always gets written at the end
269 of message reception. */
270
271 if (add_header)
272 header_add(htype_old, "X-rewrote-%s: %s\n", name, subject);
273
274 /* Handle the case when replacement of the whole address is possible.
275 This happens only when whole is not NULL and we are rewriting a header.
276 If *whole is already TRUE it means that a previous rule had the w
277 flag set and so we must preserve the non-active portion of the current
278 subject unless the current rule also has the w flag set. */
279
280 if (whole && (flag & rewrite_all_headers))
281 {
282 /* Current rule has the w flag set. We must ensure the phrase parts
283 are syntactically valid if they are present. */
284
285 if (rule->flags & rewrite_whole)
286 {
287 if (start > 0 && new[start-1] == '<')
288 {
289 uschar *p1 = new + start - 1;
290 uschar *p2 = new + end + 1;
291 const uschar *pf1, *pf2;
292
293 while (p1 > new && p1[-1] == ' ') p1--;
294 pf1 = parse_fix_phrase(new, p1 - new);
295 while (*p2 == ' ') p2++;
296 pf2 = parse_fix_phrase(p2, Ustrlen(p2));
297
298 start = Ustrlen(pf1) + start + new - p1;
299 end = start + Ustrlen(newparsed);
300 new = string_sprintf("%s%.*s%s", pf1, (int)(p2 - p1), p1, pf2);
301 }
302
303 /* Now accept the whole thing */
304
305 yield = new;
306 yield_start = start;
307 yield_end = end;
308 subject = newparsed;
309 *whole = TRUE;
310 }
311
312 /* Current rule does not have the w flag set; if not previously
313 done any whole rewriting, behave in non-whole manner. */
314
315 else if (!*whole) goto NEVER_WHOLE;
316
317 /* Current rule does not have the w flag set, but a previous
318 rule did rewrite the whole address. Thus yield and subject will be
319 different. Preserve the previous non-active part of the address. */
320
321 else
322 {
323 subject = newparsed;
324 new = string_sprintf("%.*s%s%n%s",
325 yield_start, yield, subject, &end, yield + yield_end);
326 yield_end = end;
327 yield = new;
328 }
329 }
330
331 /* Rule just rewrites active part, or handling an envelope. This
332 code is obeyed only when all rules so far have not done "whole"
333 replacement. */
334
335 else
336 {
337 NEVER_WHOLE:
338 subject = yield = newparsed;
339 }
340
341 domain = NULL; /* Reset for next rule */
342
343 /* If no further rewrites are to be done, set the done flag. This allows
344 repeats of the current rule if configured before breaking the loop. */
345
346 if (rule->flags & rewrite_quit) done = TRUE;
347
348 /* Allow the current rule to be applied up to 10 times if
349 requested. */
350
351 if (rule->flags & rewrite_repeat)
352 {
353 if (count++ < 10) goto REPEAT_RULE;
354 log_write(0, LOG_MAIN|LOG_PANIC, "rewrite rule repeat ignored after 10 "
355 "times");
356 }
357 }
358
359 /* Unset expansion numeric variables, and that's it. */
360
361 expand_nmax = -1;
362 return yield;
363 }
364
365
366
367 /*************************************************
368 * Ensure qualification and rewrite *
369 *************************************************/
370
371 /* This function is called for envelope addresses, the boolean specifying
372 whether a recipient or a sender. It must first of all ensure the address is
373 fully qualified, and then apply any relevant re-writing rules. The add-header
374 flag causes a header to be added, recording the old address. This is marked
375 "old", so that it is never transported anywhere; it exists for local checking
376 and debugging purposes.
377
378 Arguments:
379 s the address to be considered
380 is_recipient TRUE for recipient addresses; FALSE otherwise
381 add_header add "X-rewrote-xxx" header when rewriting; this is
382 set TRUE only for calls from the reception functions
383 rewrite_rules points to chain of rewrite rules
384 existflags bits indicating which headers there are rewrites for
385 (just an optimisation)
386
387 Returns: possibly rewritten address
388 */
389
390 const uschar *
rewrite_address(const uschar * s,BOOL is_recipient,BOOL add_header,rewrite_rule * rewrite_rules,int existflags)391 rewrite_address(const uschar *s, BOOL is_recipient, BOOL add_header,
392 rewrite_rule *rewrite_rules, int existflags)
393 {
394 int flag = is_recipient ? rewrite_envto : rewrite_envfrom;
395
396 s = rewrite_address_qualify(s, is_recipient);
397 if (existflags & flag)
398 {
399 const uschar *new = rewrite_one(s, flag, NULL, add_header, is_recipient?
400 US"original-recipient" : US"sender", rewrite_rules);
401 if (new != s) s = new;
402 }
403 return s;
404 }
405
406
407
408 /*************************************************
409 * Qualify and possibly rewrite one header *
410 *************************************************/
411
412 /* This is called only from rewrite_header() below, either when reading a
413 message. or when routing, in order to rewrite addresses that get changed by a
414 router. This is normally the addition of full qualification to a partial
415 domain. The first rewriting rule in this case is "change routed_old into
416 routed_new", and it applies to all header lines that contain addresses. Then
417 header-specific rewriting rules are applied.
418
419 Before rewriting can be done, addresses without domains have to be qualified.
420 This should only be done for messages from "local" senders. This is a difficult
421 concept to pin down, what with the use of SMTP both as a submission and as a
422 transmission protocol. Exim normally requires incoming SMTP to contain fully-
423 qualified addresses, but there are options to permit unqualified ones from
424 certain hosts. For those hosts only, addresses in headers can also be
425 qualified. For other hosts, unqualified addresses in headers do not get touched
426 in any way. For locally sourced messages, unqualified addresses always get
427 qualified, except when -bnq is used to explicitly suppress this.
428
429 Arguments:
430 h pointer to header line block
431 flag indicates which header this is
432 routed_old if not NULL, this is a rewrite caused by a router, changing
433 this domain into routed_new
434 routed_new new routed domain if routed_old is not NULL
435 rewrite_rules points to chain of rewriting rules
436 existflags bits indicating which rewrites exist
437 replace if TRUE, insert the new header in the chain after the old
438 one, and mark the old one "replaced"
439
440 Returns: NULL if header unchanged; otherwise the rewritten header
441 */
442
443 static header_line *
rewrite_one_header(header_line * h,int flag,const uschar * routed_old,const uschar * routed_new,rewrite_rule * rewrite_rules,int existflags,BOOL replace)444 rewrite_one_header(header_line *h, int flag,
445 const uschar *routed_old, const uschar *routed_new,
446 rewrite_rule *rewrite_rules, int existflags, BOOL replace)
447 {
448 int lastnewline = 0;
449 header_line *newh = NULL;
450 rmark function_reset_point = store_mark();
451 uschar *s = Ustrchr(h->text, ':') + 1;
452
453 while (isspace(*s)) s++;
454
455 DEBUG(D_rewrite)
456 debug_printf("rewrite_one_header: type=%c:\n %s", h->type, h->text);
457
458 f.parse_allow_group = TRUE; /* Allow group syntax */
459
460 /* Loop for multiple addresses in the header. We have to go through them all
461 in case any need qualifying, even if there's no rewriting. Pathological headers
462 may have thousands of addresses in them, so cause the store to be reset for
463 any that don't actually get rewritten. We also play silly games for those that
464 _are_ rewritten so as to avoid runaway store usage for these kinds of header.
465 We want to avoid keeping store for any intermediate versions. */
466
467 while (*s)
468 {
469 uschar *sprev;
470 uschar *ss = parse_find_address_end(s, FALSE);
471 uschar *recipient, *new;
472 rmark loop_reset_point = store_mark();
473 uschar *errmess = NULL;
474 BOOL changed = FALSE;
475 int terminator = *ss;
476 int start, end, domain;
477
478 /* Temporarily terminate the string at this point, and extract the
479 operative address within. Then put back the terminator and prepare for
480 the next address, saving the start of the old one. */
481
482 *ss = 0;
483 recipient = parse_extract_address(s, &errmess, &start, &end, &domain, FALSE);
484 *ss = terminator;
485 sprev = s;
486 s = ss + (terminator ? 1 :0);
487 while (isspace(*s)) s++;
488
489 /* There isn't much we can do for syntactic disasters at this stage.
490 Pro tem (possibly for ever) ignore them.
491 If we got nothing, then there was any sort of error: non-parsable address,
492 empty address, overlong addres. Sometimes the result matters, sometimes not.
493 It seems this function is called for *any* header we see. */
494
495
496 if (!recipient)
497 {
498 #if 0
499 /* FIXME:
500 This was(!) an attempt tho handle empty rewrits, but seemingly it
501 needs more effort to decide if the returned empty address matters.
502 Now this will now break test 471 again.
503
504 471 fails now because it uses an overlong address, for wich parse_extract_address()
505 returns an empty address (which was not expected).
506
507 Checking the output and exit if rewrite_rules or routed_old are present
508 isn't a good idea either: It's enough to have *any* rewrite rule
509 in the configuration plus "To: undisclosed recpients:;" to exit(), which
510 is not what we want.
511 */
512
513 if (rewrite_rules || routed_old)
514 {
515 log_write(0, LOG_MAIN, "rewrite: %s", errmess);
516 exim_exit(EXIT_FAILURE);
517 }
518 #endif
519 loop_reset_point = store_reset(loop_reset_point);
520 continue;
521 }
522
523 /* If routed_old is not NULL, this is a rewrite caused by a router,
524 consisting of changing routed_old into routed_new, and applying to all
525 headers. If the header address has no domain, it is excluded, since a router
526 rewrite affects domains only. The new value should always be fully qualified,
527 but it may be something that has an explicit re-write rule set, so we need to
528 check the configured rules subsequently as well. (Example: there's an
529 explicit rewrite turning *.foo.com into foo.com, and an address is supplied
530 as abc@xyz, which the DNS lookup turns into abc@xyz.foo.com). However, if no
531 change is made here, don't bother carrying on. */
532
533 if (routed_old)
534 {
535 if (domain <= 0 || strcmpic(recipient+domain, routed_old) != 0) continue;
536 recipient[domain-1] = 0;
537 new = string_sprintf("%s@%s", recipient, routed_new);
538 DEBUG(D_rewrite)
539 {
540 recipient[domain-1] = '@';
541 debug_printf("%s rewritten by router as %s\n", recipient, new);
542 }
543 recipient = new;
544 changed = TRUE;
545 }
546
547 /* This is not a router-inspired rewrite. Ensure the address is fully
548 qualified if that is permitted. If an unqualified address was received
549 from a host that isn't listed, do not continue rewriting this address.
550 Sender, From or Reply-To headers are treated as senders, the rest as
551 recipients. This matters only when there are different qualify strings. */
552
553 else
554 {
555 BOOL is_recipient =
556 (flag & (rewrite_sender | rewrite_from | rewrite_replyto)) == 0;
557 /* deconst ok as recipient was notconst */
558 new = US rewrite_address_qualify(recipient, is_recipient);
559 changed = (new != recipient);
560 recipient = new;
561
562 /* Can only qualify if permitted; if not, no rewrite. */
563
564 if (changed && ((is_recipient && !f.allow_unqualified_recipient) ||
565 (!is_recipient && !f.allow_unqualified_sender)))
566 {
567 loop_reset_point = store_reset(loop_reset_point);
568 continue;
569 }
570 }
571
572 /* If there are rewrite rules for this type of header, apply
573 them. This test is just for efficiency, to save scanning the rules
574 in cases when nothing is going to change. If any rewrite rule had the
575 "whole" flag set, adjust the pointers so that the whole address gets
576 replaced, except possibly a final \n. */
577
578 if (existflags & flag)
579 {
580 BOOL whole;
581 /* deconst ok as recipient was notconst */
582 new = US rewrite_one(recipient, flag, &whole, FALSE, NULL, rewrite_rules);
583 if (new != recipient)
584 {
585 changed = TRUE;
586 if (whole)
587 {
588 start = 0;
589 end = ss - sprev;
590 if (sprev[end-1] == '\n') end--;
591 }
592 }
593 }
594
595 /* If nothing has changed, lose all dynamic store obtained in this loop, and
596 move on to the next address. We can't reset to the function start store
597 point, because we may have a rewritten line from a previous time round the
598 loop. */
599
600 if (!changed) loop_reset_point = store_reset(loop_reset_point);
601
602 /* If the address has changed, create a new header containing the
603 rewritten address. We do not need to set the chain pointers at this
604 stage. We want to avoid using more and more memory if the header is very long
605 and contains lots and lots of rewritten addresses. Therefore, we build the
606 new text string in malloc store, then at the end we reset dynamic store
607 before copying the new header to a new block (and then freeing the malloc
608 block). The header must end up in dynamic store so that it's freed at the end
609 of receiving a message. */
610
611 else
612 {
613 int remlen;
614 int newlen = Ustrlen(new);
615 int oldlen = end - start;
616
617 header_line * prev = newh ? newh : h;
618 uschar * newt = store_get_perm(prev->slen - oldlen + newlen + 4, TRUE);
619 uschar * newtstart = newt;
620
621 int type = prev->type;
622 int slen = prev->slen - oldlen + newlen;
623
624 /* Build the new header text by copying the old and putting in the
625 replacement. This process may make the header substantially longer
626 than it was before - qualification of a list of bare addresses can
627 often do this - so we stick in a newline after the re-written address
628 if it has increased in length and ends more than 40 characters in. In
629 fact, the code is not perfect, since it does not scan for existing
630 newlines in the header, but it doesn't seem worth going to that
631 amount of trouble. */
632
633 Ustrncpy(newt, prev->text, sprev - prev->text + start);
634 newt += sprev - prev->text + start;
635 *newt = 0;
636 Ustrcat(newt, new);
637 newt += newlen;
638 remlen = s - (sprev + end);
639 if (remlen > 0)
640 {
641 Ustrncpy(newt, sprev + end, remlen);
642 newt += remlen;
643 *newt = 0;
644 }
645
646 /* Must check that there isn't a newline here anyway; in particular, there
647 will be one at the very end of the header, where we DON'T want to insert
648 another one! The pointer s has been skipped over white space, so just
649 look back to see if the last non-space-or-tab was a newline. */
650
651 if (newlen > oldlen && newt - newtstart - lastnewline > 40)
652 {
653 uschar *p = s - 1;
654 while (p >= prev->text && (*p == ' ' || *p == '\t')) p--;
655 if (*p != '\n')
656 {
657 lastnewline = newt - newtstart;
658 Ustrcat(newt, US"\n\t");
659 slen += 2;
660 }
661 }
662
663 /* Finally, the remaining unprocessed addresses, if any. */
664
665 Ustrcat(newt, s);
666
667 DEBUG(D_rewrite) debug_printf("newlen=%d newtype=%c newtext:\n%s",
668 slen, type, newtstart);
669
670 /* Compute the length of the rest of the header line before we possibly
671 flatten a previously rewritten copy. */
672
673 remlen = (s - prev->text) - oldlen + newlen;
674
675 /* We have the new text in a malloc block. That enables us to release all
676 the memory that has been used, back to the point at which the function was
677 entered. Then set up a new header in dynamic store. This will override a
678 rewritten copy from a previous time round this loop. */
679
680 store_reset(function_reset_point);
681 function_reset_point = store_mark();
682 newh = store_get(sizeof(header_line), FALSE);
683 newh->type = type;
684 newh->slen = slen;
685 newh->text = string_copyn(newtstart, slen);
686
687 /* Set up for scanning the rest of the header */
688
689 s = newh->text + remlen;
690 DEBUG(D_rewrite) debug_printf("remainder: %s", *s ? s : US"\n");
691 }
692 }
693
694 f.parse_allow_group = FALSE; /* Reset group flags */
695 f.parse_found_group = FALSE;
696
697 /* If a rewrite happened and "replace" is true, put the new header into the
698 chain following the old one, and mark the old one as replaced. */
699
700 if (newh && replace)
701 {
702 newh->next = h->next;
703 if (!newh->next) header_last = newh;
704 h->type = htype_old;
705 h->next = newh;
706 }
707
708 return newh;
709 }
710
711
712
713
714 /*************************************************
715 * Rewrite a header line *
716 *************************************************/
717
718 /* This function may be passed any old header line. It must detect those which
719 contain addresses, then then apply any rewriting rules that apply. If
720 routed_old is NULL, only the configured rewriting rules are consulted.
721 Otherwise, the rewriting rule is "change routed_old into routed_new", and it
722 applies to all header lines that contain addresses. Then header-specific
723 rewriting rules are applied.
724
725 The old header line is flagged as "old". Old headers are saved on the spool for
726 debugging but are never sent to any recipients.
727
728 Arguments:
729 h header line to rewrite
730 routed_old if not NULL, this is a rewrite caused by a router, changing
731 this domain into routed_new
732 routed_new new routed domain if routed_old is not NULL
733 rewrite_rules points to chain of rewrite rules
734 existflags bits indicating which rewrites exist
735 replace if TRUE, the new header is inserted into the header chain
736 after the old one, and the old one is marked replaced
737
738 Returns: NULL if header unchanged; otherwise the rewritten header
739 */
740
741 header_line *
rewrite_header(header_line * h,const uschar * routed_old,const uschar * routed_new,rewrite_rule * rewrite_rules,int existflags,BOOL replace)742 rewrite_header(header_line *h,
743 const uschar *routed_old, const uschar *routed_new,
744 rewrite_rule *rewrite_rules, int existflags, BOOL replace)
745 {
746 int flag;
747 switch (h->type)
748 {
749 case htype_sender: flag = rewrite_sender; break;
750 case htype_from: flag = rewrite_from; break;
751 case htype_to: flag = rewrite_to; break;
752 case htype_cc: flag = rewrite_cc; break;
753 case htype_bcc: flag = rewrite_bcc; break;
754 case htype_reply_to: flag = rewrite_replyto; break;
755 default: return NULL;
756 }
757 return rewrite_one_header(h, flag, routed_old, routed_new,
758 rewrite_rules, existflags, replace);
759 }
760
761
762
763 /************************************************
764 * Test rewriting rules *
765 ************************************************/
766
767 /* Called from the mainline as a result of the -brw option. Test the
768 address for all possible cases.
769
770 Argument: the address to test
771 Returns: nothing
772 */
773
774 void
rewrite_test(const uschar * s)775 rewrite_test(const uschar *s)
776 {
777 uschar *recipient, *error;
778 int start, end, domain;
779 BOOL done_smtp = FALSE;
780
781 if (rewrite_existflags == 0)
782 {
783 printf("No rewrite rules are defined\n");
784 return;
785 }
786
787 /* Do SMTP rewrite only if a rule with the S flag exists. Allow <> by
788 pretending it is a sender. */
789
790 if ((rewrite_existflags & rewrite_smtp) != 0)
791 {
792 const uschar * new = rewrite_one(s, rewrite_smtp|rewrite_smtp_sender, NULL,
793 FALSE, US"", global_rewrite_rules);
794 if (new != s)
795 {
796 if (*new == 0)
797 printf(" SMTP: <>\n");
798 else
799 printf(" SMTP: %s\n", new);
800 done_smtp = TRUE;
801 }
802 }
803
804 /* Do the other rewrites only if a rule without the S flag exists */
805
806 if ((rewrite_existflags & ~rewrite_smtp) == 0) return;
807
808 /* Qualify if necessary before extracting the address */
809
810 if (parse_find_at(s) == NULL)
811 s = string_sprintf("%s@%s", s, qualify_domain_recipient);
812
813 recipient = parse_extract_address(s, &error, &start, &end, &domain, FALSE);
814
815 if (!recipient)
816 {
817 if (!done_smtp)
818 printf("Syntax error in %s\n%c%s\n", s, toupper(error[0]), error+1);
819 return;
820 }
821
822 for (int i = 0; i < 8; i++)
823 {
824 BOOL whole = FALSE;
825 int flag = 1 << i;
826 const uschar * new = rewrite_one(recipient, flag, &whole, FALSE, US"",
827 global_rewrite_rules);
828 printf("%s: ", rrname[i]);
829 if (*new == 0)
830 printf("<>\n");
831 else if (whole || (flag & rewrite_all_headers) == 0)
832 printf("%s\n", CS new);
833 else printf("%.*s%s%s\n", start, s, new, s+end);
834 }
835 }
836
837 /* End of rewrite.c */
838