diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-08 23:36:01 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-08 23:36:01 +0000 |
| commit | 1d717e1c110562fd6bf28478c79f180cafeba776 (patch) | |
| tree | cefecf48467c646663f9af1048239b65d727571a /src | |
| parent | a2ce7b0f5da40b6a7a3094f75b156eede00539c0 (diff) | |
| parent | 277b99794bf90e4a64b4adee88c08bed417bc5ee (diff) | |
Merge branch '4.next'
Diffstat (limited to 'src')
38 files changed, 1181 insertions, 697 deletions
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 1f42e0ec3..36af8308d 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -82,6 +82,7 @@ Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \ os.h: $(SCRIPTS)/Configure-os.h \ $(O)/os.h-Darwin \ $(O)/os.h-FreeBSD \ + $(O)/os.h-GNU \ $(O)/os.h-Linux \ $(O)/os.h-OpenBSD \ $(O)/os.h-SunOS5 @@ -92,6 +93,7 @@ os.h: $(SCRIPTS)/Configure-os.h \ os.c: ../src/os.c \ $(SCRIPTS)/Configure-os.c \ $(O)/os.c-FreeBSD \ + $(O)/os.c-GNU \ $(O)/os.c-Linux \ $(O)/os.c-SunOS5 $(SHELL) $(SCRIPTS)/Configure-os.c diff --git a/src/OS/unsupported/Makefile-GNU b/src/OS/Makefile-GNU index e46434187..e46434187 100644 --- a/src/OS/unsupported/Makefile-GNU +++ b/src/OS/Makefile-GNU diff --git a/src/OS/os.c-FreeBSD b/src/OS/os.c-FreeBSD index 4cc46c752..c0fd48df8 100644 --- a/src/OS/os.c-FreeBSD +++ b/src/OS/os.c-FreeBSD @@ -10,7 +10,7 @@ src/os.c file. */ /************* -* Sendfile * +Sendfile shim *************/ ssize_t @@ -23,4 +23,25 @@ if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1; return (ssize_t)written; } +/************************************************* +TCP Fast Open: check that the ioctl is accepted +*************************************************/ + +#ifndef COMPILE_UTILITY +void +tfo_probe(void) +{ +# ifdef TCP_FASTOPEN +int sock; + +if ( (sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0 + && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on) >= 0) + ) + f.tcp_fastopen_ok = TRUE; +close(sock); +# endif +} +#endif + + /* End of os.c-Linux */ diff --git a/src/OS/unsupported/os.c-GNU b/src/OS/os.c-GNU index e5d6ff66c..e5d6ff66c 100644 --- a/src/OS/unsupported/os.c-GNU +++ b/src/OS/os.c-GNU diff --git a/src/OS/os.h-FreeBSD b/src/OS/os.h-FreeBSD index 4f1c616f0..a15d47508 100644 --- a/src/OS/os.h-FreeBSD +++ b/src/OS/os.h-FreeBSD @@ -57,15 +57,9 @@ extern ssize_t os_sendfile(int, int, off_t *, size_t); /*******************/ -/* TCP_FASTOPEN support. There does not seems to be a -MSG_FASTOPEN defined yet... */ #define EXIM_TFO_PROBE +#define EXIM_TFO_FREEBSD -#include <netinet/tcp.h> /* for TCP_FASTOPEN */ -#include <sys/socket.h> /* for MSG_FASTOPEN */ -#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) -# define MSG_FASTOPEN 0x20000000 -#endif /* for TCP state-variable values, for TFO logging */ #include <netinet/tcp_fsm.h> diff --git a/src/OS/unsupported/os.h-GNU b/src/OS/os.h-GNU index 44993163d..44993163d 100644 --- a/src/OS/unsupported/os.h-GNU +++ b/src/OS/os.h-GNU diff --git a/src/src/EDITME b/src/src/EDITME index 83325abfd..9024b6f73 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -590,6 +590,10 @@ DISABLE_MAL_MKS=yes # CFLAGS += -I/usr/local/include # LDFLAGS += -lsrs_alt +# Uncomment the following lines to add SRS (Sender rewriting scheme) support +# using only native facilities. +# EXPERIMENTAL_SRS_NATIVE=yes + # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. # SUPPORT_DMARC=yes diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 480010bab..4b4f45b94 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -89,16 +89,13 @@ to be set up. */ /* Auxiliary function, passed in data to sasl_server_init(). */ static int -mysasl_config(void *context, - const char *plugin_name, - const char *option, - const char **result, - unsigned int *len) +mysasl_config(void *context, const char *plugin_name, const char *option, + const char **result, unsigned int *len) { if (context && !strcmp(option, "mech_list")) { *result = context; - if (len != NULL) *len = strlen(*result); + if (len) *len = strlen(*result); return SASL_OK; } return SASL_FAIL; @@ -124,41 +121,37 @@ sasl_callback_t cbs[] = { {SASL_CB_LIST_END, NULL, NULL}}; /* default the mechanism to our "public name" */ -if (ob->server_mech == NULL) - ob->server_mech = string_copy(ablock->public_name); -expanded_hostname = expand_string(ob->server_hostname); -if (expanded_hostname == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); + +if (!(expanded_hostname = expand_string(ob->server_hostname))) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't expand server_hostname [%s]: %s", ablock->name, ob->server_hostname, expand_string_message); realm_expanded = NULL; -if (ob->server_realm != NULL) { - realm_expanded = CS expand_string(ob->server_realm); - if (realm_expanded == NULL) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "couldn't expand server_realm [%s]: %s", - ablock->name, ob->server_realm, expand_string_message); -} +if ( ob->server_realm + && !(realm_expanded = CS expand_string(ob->server_realm))) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "couldn't expand server_realm [%s]: %s", + ablock->name, ob->server_realm, expand_string_message); /* we're going to initialise the library to check that there is an - * authenticator of type whatever mechanism we're using - */ +authenticator of type whatever mechanism we're using */ cbs[0].proc = (int(*)(void)) &mysasl_config; cbs[0].context = ob->server_mech; -if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK ) +if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL library.", ablock->name); if ((rc = sasl_server_new(CS ob->server_service, CS expanded_hostname, - realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK ) + realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL server connection.", ablock->name); -if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK ) +if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't get Cyrus SASL mechanism list.", ablock->name); @@ -173,16 +166,16 @@ HDEBUG(D_auth) } /* the store_get / store_reset mechanism is hierarchical - * the hierarchy is stored for us behind our back. This point - * creates a hierarchy point for this function. - */ + the hierarchy is stored for us behind our back. This point + creates a hierarchy point for this function. */ + rs_point = store_mark(); /* loop until either we get to the end of the list, or we match the - * public name of this authenticator - */ -while ( ( buffer = string_nextinlist(&listptr, &i, NULL, 0) ) && - strcmpic(buffer,ob->server_mech) ); +public name of this authenticator */ + +while ( (buffer = string_nextinlist(&listptr, &i, NULL, 0)) + && strcmpic(buffer,ob->server_mech) ); if (!buffer) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " @@ -206,8 +199,7 @@ sasl_done(); /* For interface, see auths/README */ /* note, we don't care too much about memory allocation in this, because this is entirely - * within a shortlived child - */ +within a shortlived child */ int auth_cyrus_sasl_server(auth_instance *ablock, uschar *data) @@ -276,6 +268,9 @@ if (tls_in.cipher) } else HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_in.bits); + + /*XXX Set channel-binding here with sasl_channel_binding_t / SASL_CHANNEL_BINDING + Unclear what the "name" element does though, ditto the "critical" flag. */ } else HDEBUG(D_auth) debug_printf("Cyrus SASL: no TLS, no EXTERNAL SSF set\n"); @@ -291,45 +286,34 @@ So the docs are too strict and we shouldn't worry about :: contractions. */ /* Set properties for remote and local host-ip;port */ for (int i = 0; i < 2; ++i) { - struct sockaddr_storage ss; - int (*query)(int, struct sockaddr *, socklen_t *); - int propnum, port; - const uschar *label; - uschar *address, *address_port; + int propnum; + const uschar * label; + uschar * address_port; const char *s_err; socklen_t sslen; if (i) { - query = &getpeername; propnum = SASL_IPREMOTEPORT; label = CUS"peer"; + address_port = string_sprintf("%s;%d", + sender_host_address, sender_host_port); } else { - query = &getsockname; propnum = SASL_IPLOCALPORT; label = CUS"local"; + address_port = string_sprintf("%s;%d", interface_address, interface_port); } - sslen = sizeof(ss); - if ((rc = query(fileno(smtp_in), (struct sockaddr *) &ss, &sslen)) < 0) - { - HDEBUG(D_auth) - debug_printf("Failed to get %s address information: %s\n", - label, strerror(errno)); - break; - } - - address = host_ntoa(-1, &ss, NULL, &port); - address_port = string_sprintf("%s;%d", address, port); - if ((rc = sasl_setprop(conn, propnum, address_port)) != SASL_OK) { - s_err = sasl_errdetail(conn); HDEBUG(D_auth) + { + s_err = sasl_errdetail(conn); debug_printf("Failed to set %s SASL property: [%d] %s\n", label, rc, s_err ? s_err : "<unknown reason>"); + } break; } HDEBUG(D_auth) debug_printf("Cyrus SASL set %s hostport to: %s\n", @@ -353,7 +337,7 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) if ((rc = auth_get_data(&input, out2, outlen)) != OK) { /* we couldn't get the data, so free up the library before - * returning whatever error we get */ + returning whatever error we get */ sasl_dispose(&conn); sasl_done(); return rc; @@ -422,9 +406,9 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) case SASL_NOMECH: /* this is a temporary failure, because the mechanism is not - * available for this user. If it wasn't available at all, we - * shouldn't have got here in the first place... - */ + available for this user. If it wasn't available at all, we + shouldn't have got here in the first place... */ + HDEBUG(D_auth) debug_printf("Cyrus SASL temporary failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL)); auth_defer_msg = diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index faf30bb8a..78a63cd0e 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -134,27 +134,29 @@ auth_gsasl_options_block *ob = the default for the mechanism name; we don't handle multiple mechanisms in one authenticator, but the same driver can be used multiple times. */ -if (ob->server_mech == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); /* Can get multiple session contexts from one library context, so just initialise the once. */ -if (gsasl_ctx == NULL) { - rc = gsasl_init(&gsasl_ctx); - if (rc != GSASL_OK) { + +if (!gsasl_ctx) + { + if ((rc = gsasl_init(&gsasl_ctx)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise GNU SASL library: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); - } + gsasl_callback_set(gsasl_ctx, main_callback); -} + } /* We don't need this except to log it for debugging. */ -rc = gsasl_server_mechlist(gsasl_ctx, &p); -if (rc != GSASL_OK) + +if ((rc = gsasl_server_mechlist(gsasl_ctx, &p)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "failed to retrieve list of mechanisms: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); + HDEBUG(D_auth) debug_printf("GNU SASL supports: %s\n", p); supported = gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech); @@ -163,19 +165,21 @@ if (!supported) "GNU SASL does not support mechanism \"%s\"", ablock->name, ob->server_mech); -if ((ablock->server_condition == NULL) && - (streqic(ob->server_mech, US"EXTERNAL") || - streqic(ob->server_mech, US"ANONYMOUS") || - streqic(ob->server_mech, US"PLAIN") || - streqic(ob->server_mech, US"LOGIN"))) +if ( !ablock->server_condition + && ( streqic(ob->server_mech, US"EXTERNAL") + || streqic(ob->server_mech, US"ANONYMOUS") + || streqic(ob->server_mech, US"PLAIN") + || streqic(ob->server_mech, US"LOGIN") + ) ) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_condition for %s mechanism", ablock->name, ob->server_mech); /* This does *not* scale to new SASL mechanisms. Need a better way to ask which properties will be needed. */ -if ((ob->server_realm == NULL) && - streqic(ob->server_mech, US"DIGEST-MD5")) + +if ( !ob->server_realm + && streqic(ob->server_mech, US"DIGEST-MD5")) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_realm for %s mechanism", ablock->name, ob->server_mech); @@ -187,7 +191,8 @@ etc) it clearly is critical. So don't activate without server_condition, this might be relaxed in the future. */ -if (ablock->server_condition != NULL) ablock->server = TRUE; + +if (ablock->server_condition) ablock->server = TRUE; ablock->client = FALSE; } @@ -206,7 +211,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n", prop, callback_loop); -if (cb_state == NULL) +if (!cb_state) { HDEBUG(D_auth) debug_printf(" not from our server/client processing.\n"); return GSASL_NO_CALLBACK; @@ -259,8 +264,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL: initialising session for %s, mechanism %s.\n", ablock->name, ob->server_mech); -rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx); -if (rc != GSASL_OK) +if ((rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK) { auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)", gsasl_strerror_name(rc), gsasl_strerror(rc)); @@ -286,8 +290,9 @@ if (ob->server_realm) } /* We don't support protection layers. */ gsasl_property_set(sctx, GSASL_QOPS, "qop-auth"); + #ifndef DISABLE_TLS -if (tls_channelbinding_b64) +if (tls_in.channelbinding) { /* Some auth mechanisms can ensure that both sides are talking withing the same security context; for TLS, this means that even if a bad certificate @@ -312,14 +317,12 @@ if (tls_channelbinding_b64) HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n", ablock->name); gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, - CCS tls_channelbinding_b64); + CCS tls_in.channelbinding); } else - { HDEBUG(D_auth) debug_printf("Auth %s: Not enabling channel-binding (data available)\n", ablock->name); - } } else HDEBUG(D_auth) @@ -334,9 +337,7 @@ to_send = NULL; exim_error = exim_error_override = OK; do { - rc = gsasl_step64(sctx, received, &to_send); - - switch (rc) + switch (rc = gsasl_step64(sctx, received, &to_send)) { case GSASL_OK: if (!to_send) @@ -373,10 +374,8 @@ do { goto STOP_INTERACTION; } - if ((rc == GSASL_NEEDS_MORE) || - (to_send && *to_send)) - exim_error = - auth_get_no64_data((uschar **)&received, US to_send); + if ((rc == GSASL_NEEDS_MORE) || (to_send && *to_send)) + exim_error = auth_get_no64_data((uschar **)&received, US to_send); if (to_send) { @@ -419,29 +418,25 @@ return checked_server_condition ? OK : auth_check_serv_cond(ablock); static int condition_check(auth_instance *ablock, uschar *label, uschar *condition_string) { -int exim_rc; - -exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); - -if (exim_rc == OK) - return GSASL_OK; -else if (exim_rc == DEFER) +int exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); +switch (exim_rc) { - sasl_error_should_defer = TRUE; - return GSASL_AUTHENTICATION_ERROR; + case OK: return GSASL_OK; + case DEFER: sasl_error_should_defer = TRUE; + return GSASL_AUTHENTICATION_ERROR; + case FAIL: return GSASL_AUTHENTICATION_ERROR; + default: log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "Unhandled return from checking %s: %d", + ablock->name, label, exim_rc); } -else if (exim_rc == FAIL) - return GSASL_AUTHENTICATION_ERROR; -log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "Unhandled return from checking %s: %d", - ablock->name, label, exim_rc); /* NOTREACHED */ return GSASL_AUTHENTICATION_ERROR; } static int -server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock) +server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, + auth_instance *ablock) { char *tmps; uschar *propval; @@ -475,13 +470,14 @@ switch (prop) break; case GSASL_VALIDATE_EXTERNAL: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); + /* We always set $auth1, even if only to empty string. */ auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); @@ -493,14 +489,16 @@ switch (prop) break; case GSASL_VALIDATE_ANONYMOUS: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN); + /* We always set $auth1, even if only to empty string. */ + auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); expand_nmax = 1; @@ -516,10 +514,10 @@ switch (prop) by the SASL integration after authentication; protected against tampering (if the SASL mechanism supports that, which Kerberos does) but is unverified, same as normal for other mechanisms. - - First coding, we had these values swapped, but for consistency and prior + First coding, we had these values swapped, but for consistency and prior to the first release of Exim with this authenticator, they've been switched to match the ordering of GSASL_VALIDATE_SIMPLE. */ + propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -530,6 +528,7 @@ switch (prop) /* In this one case, it perhaps makes sense to default back open? But for consistency, let's just mandate server_condition here too. */ + cbrc = condition_check(ablock, US"server_condition (GSSAPI family)", ablock->server_condition); checked_server_condition = TRUE; @@ -551,12 +550,14 @@ switch (prop) tmps = CS expand_string(ob->server_scram_salt); gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps); } + /* Asking for GSASL_AUTHZID calls back into us if we use gsasl_property_get(), thus the use of gsasl_property_fast(). Do we really want to hardcode limits per mechanism? What happens when a new mechanism is added to the library. It *shouldn't* result in us needing to add more glue, since avoiding that is a large part of the point of SASL. */ + propval = US gsasl_property_fast(sctx, GSASL_AUTHID); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -567,8 +568,7 @@ switch (prop) for (int i = 1; i <= 3; ++i) expand_nlength[i] = Ustrlen(expand_nstring[i]); - tmps = CS expand_string(ob->server_password); - if (tmps == NULL) + if (!(tmps = CS expand_string(ob->server_password))) { sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE; HDEBUG(D_auth) debug_printf("server_password expansion failed, so " @@ -576,9 +576,11 @@ switch (prop) return GSASL_AUTHENTICATION_ERROR; } gsasl_property_set(sctx, GSASL_PASSWORD, tmps); + /* This is inadequate; don't think Exim's store stacks are geared for memory wiping, so expanding strings will leave stuff laying around. But no need to compound the problem, so get rid of the one we can. */ + memset(tmps, '\0', strlen(tmps)); cbrc = GSASL_OK; break; diff --git a/src/src/base64.c b/src/src/base64.c index 6c8191462..aa46c2b32 100644 --- a/src/src/base64.c +++ b/src/src/base64.c @@ -242,9 +242,9 @@ static uschar *enc64table = US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; uschar * -b64encode(const uschar * clear, int len) +b64encode_taint(const uschar * clear, int len, BOOL tainted) { -uschar *code = store_get(4*((len+2)/3) + 1, is_tainted(clear)); +uschar *code = store_get(4*((len+2)/3) + 1, tainted); uschar *p = code; while (len-- >0) @@ -283,6 +283,12 @@ while (len-- >0) return code; } +uschar * +b64encode(const uschar * clear, int len) +{ +return b64encode_taint(clear, len, is_tainted(clear)); +} + /* End of base64.c */ /* vi: sw ai sw=2 diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b94b36866..223e2d645 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -50,6 +50,7 @@ Do not put spaces between # and the 'define'. #define DISABLE_DKIM #define DISABLE_EVENT #define DISABLE_OCSP +#define DISABLE_PIPE_CONNECT #define DISABLE_PRDR #define DISABLE_TLS #define DISABLE_D_OPTION @@ -151,7 +152,6 @@ Do not put spaces between # and the 'define'. #define SUPPORT_MAILSTORE #define SUPPORT_MBX #define SUPPORT_MOVE_FROZEN_MESSAGES -#define SUPPORT_PIPE_CONNECT #define SUPPORT_PAM #define SUPPORT_PROXY #define SUPPORT_SOCKS @@ -204,6 +204,7 @@ Do not put spaces between # and the 'define'. #define EXPERIMENTAL_LMDB #define EXPERIMENTAL_QUEUEFILE #define EXPERIMENTAL_SRS +#define EXPERIMENTAL_SRS_NATIVE #define EXPERIMENTAL_TLS_RESUME diff --git a/src/src/daemon.c b/src/src/daemon.c index 99fa909d2..61371f592 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -31,6 +31,7 @@ static smtp_slot empty_smtp_slot = { .pid = 0, .host_address = NULL }; static SIGNAL_BOOL sigchld_seen; static SIGNAL_BOOL sighup_seen; +static SIGNAL_BOOL sigterm_seen; static int accept_retry_count = 0; static int accept_retry_errno; @@ -87,6 +88,16 @@ sigchld_seen = TRUE; } +/* SIGTERM handler. Try to get the damon pif file removed +before exiting. */ + +static void +main_sigterm_handler(int sig) +{ +sigterm_seen = TRUE; +} + + /************************************************* @@ -430,6 +441,7 @@ if (pid == 0) #else signal(SIGCHLD, SIG_IGN); #endif + signal(SIGTERM, SIG_DFL); /* Attempt to get an id from the sending machine via the RFC 1413 protocol. We do this in the sub-process in order not to hold up the @@ -654,6 +666,7 @@ if (pid == 0) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); if (geteuid() != root_uid && !deliver_drop_privilege) { @@ -888,6 +901,77 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) +static void +set_pid_file_path(void) +{ +if (override_pid_file_path) + pid_file_path = override_pid_file_path; + +if (!*pid_file_path) + pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); +} + + +/* Remove the daemon's pidfile. Note: runs with root privilege, +as a direct child of the daemon. Does not return. */ + +void +delete_pid_file(void) +{ +uschar * daemon_pid = string_sprintf("%d\n", (int)getppid()); +FILE * f; + +set_pid_file_path(); +if ((f = Ufopen(pid_file_path, "rb"))) + { + if ( fgets(CS big_buffer, big_buffer_size, f) + && Ustrcmp(daemon_pid, big_buffer) == 0 + ) + if (Uunlink(pid_file_path) == 0) + { + DEBUG(D_any) + debug_printf("%s unlink: %s\n", pid_file_path, strerror(errno)); + } + else + DEBUG(D_any) + debug_printf("unlinked %s\n", pid_file_path); + fclose(f); + } +else + DEBUG(D_any) + debug_printf("%s\n", string_open_failed(errno, "pid file %s", + pid_file_path)); +exim_exit(EXIT_SUCCESS, US"pid file remover"); +} + + +/* Called by the daemon; exec a child to get the pid file deleted +since we may require privs for the containing directory */ + +static void +daemon_die(void) +{ +int pid; + +if (f.running_in_test_harness || write_pid) + { + if ((pid = fork()) == 0) + { + if (override_pid_file_path) + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 3, + "-oP", override_pid_file_path, "-oPX"); + else + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 1, "-oPX"); + + /* Control never returns here. */ + } + if (pid > 0) + child_close(pid, 1); + } +exim_exit(EXIT_SUCCESS, US"daemon"); +} + + /************************************************* * Exim Daemon Mainline * *************************************************/ @@ -1068,19 +1152,14 @@ if (f.daemon_listen && !f.inetd_wait_mode) gstring * new_smtp_port = NULL; gstring * new_local_interfaces = NULL; - if (override_pid_file_path == NULL) write_pid = FALSE; + if (!override_pid_file_path) write_pid = FALSE; list = override_local_interfaces; sep = 0; while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) { uschar joinstr[4]; - gstring ** gp; - - if (Ustrpbrk(s, ".:") == NULL) - gp = &new_smtp_port; - else - gp = &new_local_interfaces; + gstring ** gp = Ustrpbrk(s, ".:") ? &new_local_interfaces : &new_smtp_port; if (!*gp) { @@ -1538,12 +1617,7 @@ if (f.running_in_test_harness || write_pid) { FILE *f; - if (override_pid_file_path) - pid_file_path = override_pid_file_path; - - if (pid_file_path[0] == 0) - pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); - + set_pid_file_path(); if ((f = modefopen(pid_file_path, "wb", 0644))) { (void)fprintf(f, "%d\n", (int)getpid()); @@ -1586,11 +1660,15 @@ if (queue_interval > 0 && local_queue_run_max > 0) for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0; } -/* Set up the handler for termination of child processes. */ +/* Set up the handler for termination of child processes, and the one +telling us to die. */ sigchld_seen = FALSE; os_non_restarting_signal(SIGCHLD, main_sigchld_handler); +sigterm_seen = FALSE; +os_non_restarting_signal(SIGTERM, main_sigterm_handler); + /* If we are to run the queue periodically, pretend the alarm has just gone off. This will cause the first queue-runner to get kicked off straight away. */ @@ -1740,6 +1818,20 @@ else (eg: compile regex) */ dns_pattern_init(); +smtp_deliver_init(); /* Used for callouts */ + +#ifndef DISABLE_DKIM + { +# ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +# endif + dkim_exim_init(); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"dkim_exim_init (delta)"); +# endif + } +#endif #ifdef WITH_CONTENT_SCAN malware_init(); @@ -1777,6 +1869,9 @@ for (;;) EXIM_SOCKLEN_T len; pid_t pid; + if (sigterm_seen) + daemon_die(); /* Does not return */ + /* This code is placed first in the loop, so that it gets obeyed at the start, before the first wait, for the queue-runner case, so that the first one can be started immediately. @@ -1854,6 +1949,7 @@ for (;;) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); /* Re-exec if privilege has been given up, unless deliver_drop_ privilege is set. Reset SIGALRM before exec(). */ diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index b7889bd8e..bf5fa3f6e 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -786,7 +786,7 @@ typedef struct { uschar bloom[40]; /* Bloom filter which may be larger than this */ } dbdata_ratelimit_unique; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* This structure records the EHLO responses, cleartext and crypted, for an IP, as bitmasks (cf. OPTION_TLS) */ diff --git a/src/src/deliver.c b/src/src/deliver.c index 94bc9a89c..28a1174af 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1221,7 +1221,7 @@ else { if (testflag(addr, af_pipelining)) g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) g = string_catn(g, US"*", 1); #endif @@ -3537,7 +3537,7 @@ while (!done) case 'L': switch (*subid) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case 2: setflag(addr, af_early_pipe); /*FALLTHROUGH*/ #endif case 1: setflag(addr, af_pipelining); break; @@ -4844,7 +4844,7 @@ all pipes, so I do not see a reason to use non-blocking IO here #endif if (testflag(addr, af_pipelining)) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) rmt_dlv_checked_write(fd, 'L', '2', NULL, 0); else @@ -7172,7 +7172,7 @@ if (addr_remote) /* Precompile some regex that are used to recognize parameters in response to an EHLO command, if they aren't already compiled. */ - deliver_init(); + smtp_deliver_init(); /* Now sort the addresses if required, and do the deliveries. The yield of do_remote_deliveries is FALSE when mua_wrapper is set and all addresses @@ -8495,52 +8495,13 @@ return final_yield; void -deliver_init(void) +tcp_init(void) { #ifdef EXIM_TFO_PROBE tfo_probe(); #else f.tcp_fastopen_ok = TRUE; #endif - - -if (!regex_PIPELINING) regex_PIPELINING = - regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_SIZE) regex_SIZE = - regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_AUTH) regex_AUTH = - regex_must_compile(AUTHS_REGEX, FALSE, TRUE); - -#ifndef DISABLE_TLS -if (!regex_STARTTLS) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_CHUNKING) regex_CHUNKING = - regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); - -#ifndef DISABLE_PRDR -if (!regex_PRDR) regex_PRDR = - regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); -#endif - -#ifdef SUPPORT_I18N -if (!regex_UTF8) regex_UTF8 = - regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_DSN) regex_DSN = - regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = - regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); - -#ifdef SUPPORT_PIPE_CONNECT -if (!regex_EARLY_PIPE) regex_EARLY_PIPE = - regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); -#endif } diff --git a/src/src/dkim.c b/src/src/dkim.c index 065170444..5c9d2279e 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -95,6 +95,8 @@ return NULL; /*XXX better error detail? logging? */ void dkim_exim_init(void) { +if (f.dkim_init_done) return; +f.dkim_init_done = TRUE; pdkim_init(); } @@ -103,6 +105,8 @@ pdkim_init(); void dkim_exim_verify_init(BOOL dot_stuffing) { +dkim_exim_init(); + /* There is a store-reset between header & body reception so cannot use the main pool. Any allocs done by Exim memory-handling must use the perm pool. */ @@ -569,6 +573,8 @@ void dkim_exim_sign_init(void) { int old_pool = store_pool; + +dkim_exim_init(); store_pool = POOL_MAIN; pdkim_init_context(&dkim_sign_ctx, FALSE, &dkim_exim_query_dns_txt); store_pool = old_pool; diff --git a/src/src/exim.c b/src/src/exim.c index 6a2e7a644..8c3c8e7ed 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -202,7 +202,7 @@ va_end(ap); static void term_handler(int sig) { - exit(1); +exit(1); } @@ -901,7 +901,7 @@ fprintf(fp, "Support for:"); #ifndef DISABLE_OCSP fprintf(fp, " OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fprintf(fp, " PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR @@ -920,7 +920,7 @@ fprintf(fp, "Support for:"); fprintf(fp, " DMARC"); #endif #ifdef TCP_FASTOPEN - deliver_init(); + tcp_init(); if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open"); #endif #ifdef EXPERIMENTAL_LMDB @@ -929,7 +929,7 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_QUEUEFILE fprintf(fp, " Experimental_QUEUEFILE"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) fprintf(fp, " Experimental_SRS"); #endif #ifdef EXPERIMENTAL_ARC @@ -3072,11 +3072,15 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "o") == 0) {} - /* -oP <name>: set pid file path for daemon */ + /* -oP <name>: set pid file path for daemon + -oPX: delete pid file of daemon */ else if (Ustrcmp(argrest, "P") == 0) override_pid_file_path = argv[++i]; + else if (Ustrcmp(argrest, "PX") == 0) + delete_pid_file(); + /* -or <n>: set timeout for non-SMTP acceptance -os <n>: set timeout for SMTP acceptance */ @@ -4488,31 +4492,9 @@ if (list_config) } -/* Initialise subsystems as required */ -#ifndef DISABLE_DKIM - { -# ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -# endif - dkim_exim_init(); -# ifdef MEASURE_TIMING - report_time_since(&t0, US"dkim_exim_init (delta)"); -# endif - } -#endif - - { -#ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -#endif - deliver_init(); -#ifdef MEASURE_TIMING - report_time_since(&t0, US"deliver_init (delta)"); -#endif - } +/* Initialise subsystems as required. */ +tcp_init(); /* Handle a request to deliver one or more messages that are already on the queue. Values of msg_action other than MSG_DELIVER and MSG_LOAD are dealt with @@ -4707,6 +4689,23 @@ if (f.daemon_listen || f.inetd_wait_mode || queue_interval > 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Daemon cannot be run when " "mua_wrapper is set"); } + +# ifndef DISABLE_TLS + /* This also checks that the library linkage is working and we can call + routines in it, so call even if tls_require_ciphers is unset */ + { +# ifdef MEASURE_TIMING + struct timeval t0, diff; + (void)gettimeofday(&t0, NULL); +# endif + if (!tls_dropprivs_validate_require_cipher(FALSE)) + exit(1); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"validate_ciphers (delta)"); +# endif + } +#endif + daemon_go(); } @@ -4822,8 +4821,9 @@ if (verify_address_mode || f.address_test_mode) { while (recipients_arg < argc) { - uschar *s = argv[recipients_arg++]; - while (*s != 0) + /* Supplied addresses are tainted since they come from a user */ + uschar * s = string_copy_taint(argv[recipients_arg++], TRUE); + while (*s) { BOOL finished = FALSE; uschar *ss = parse_find_address_end(s, FALSE); @@ -4831,16 +4831,16 @@ if (verify_address_mode || f.address_test_mode) test_address(s, flags, &exit_value); s = ss; if (!finished) - while (*(++s) != 0 && (*s == ',' || isspace(*s))); + while (*++s == ',' || isspace(*s)) ; } } } else for (;;) { - uschar *s = get_stdinput(NULL, NULL); - if (s == NULL) break; - test_address(s, flags, &exit_value); + uschar * s = get_stdinput(NULL, NULL); + if (!s) break; + test_address(string_copy_taint(s, TRUE), flags, &exit_value); } route_tidyup(); @@ -5334,13 +5334,13 @@ while (more) raw_sender = string_copy(sender_address); - /* Loop for each argument */ + /* Loop for each argument (supplied by user hence tainted) */ for (int i = 0; i < count; i++) { int start, end, domain; - uschar *errmess; - uschar *s = list[i]; + uschar * errmess; + uschar * s = string_copy_taint(list[i], TRUE); /* Loop for each comma-separated address */ diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 80f656530..7b13859cd 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -332,7 +332,7 @@ if (asprintf(CSS &filename, "%s/%s", dirname, name) < 0) return NULL; #else filename = string_sprintf("%s/%s", dirname, name); #endif -EXIM_DBOPEN(filename, dirname, flags, 0, &(dbblock->dbptr)); +EXIM_DBOPEN(filename, dirname, flags, 0, &dbblock->dbptr); if (!dbblock->dbptr) { diff --git a/src/src/expand.c b/src/src/expand.c index 21686e99c..366cd737a 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -129,6 +129,9 @@ static uschar *item_table[] = { US"run", US"sg", US"sort", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"srs_encode", +#endif US"substr", US"tr" }; @@ -160,6 +163,9 @@ enum { EITEM_RUN, EITEM_SG, EITEM_SORT, +#ifdef EXPERIMENTAL_SRS_NATIVE + EITEM_SRS_ENCODE, +#endif EITEM_SUBSTR, EITEM_TR }; @@ -323,6 +329,9 @@ static uschar *cond_table[] = { US"gei", US"gt", US"gti", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"inbound_srs", +#endif US"inlist", US"inlisti", US"isip", @@ -373,6 +382,9 @@ enum { ECOND_STR_GEI, ECOND_STR_GT, ECOND_STR_GTI, +#ifdef EXPERIMENTAL_SRS_NATIVE + ECOND_INBOUND_SRS, +#endif ECOND_INLIST, ECOND_INLISTI, ECOND_ISIP, @@ -736,7 +748,11 @@ static var_entry var_table[] = { { "srs_db_key", vtype_stringptr, &srs_db_key }, { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient }, { "srs_orig_sender", vtype_stringptr, &srs_orig_sender }, +#endif +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) { "srs_recipient", vtype_stringptr, &srs_recipient }, +#endif +#ifdef EXPERIMENTAL_SRS { "srs_status", vtype_stringptr, &srs_status }, #endif { "thisaddress", vtype_stringptr, &filter_thisaddress }, @@ -941,18 +957,16 @@ Returns: TRUE if condition is met, FALSE if not BOOL expand_check_condition(uschar *condition, uschar *m1, uschar *m2) { -int rc; -uschar *ss = expand_string(condition); -if (ss == NULL) +uschar * ss = expand_string(condition); +if (!ss) { if (!f.expand_string_forcedfail && !f.search_find_defer) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" " "for %s %s: %s", condition, m1, m2, expand_string_message); return FALSE; } -rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && +return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && strcmpic(ss, US"false") != 0; -return rc; } @@ -1055,7 +1069,7 @@ static const uschar * read_name(uschar *name, int max, const uschar *s, uschar *extras) { int ptr = 0; -while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) +while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) { if (ptr < max-1) name[ptr++] = *s; s++; @@ -2295,6 +2309,127 @@ return chop_match(name, cond_table, nelem(cond_table)); /************************************************* +* Handle MD5 or SHA-1 computation for HMAC * +*************************************************/ + +/* These are some wrapping functions that enable the HMAC code to be a bit +cleaner. A good compiler will spot the tail recursion. + +Arguments: + type HMAC_MD5 or HMAC_SHA1 + remaining are as for the cryptographic hash functions + +Returns: nothing +*/ + +static void +chash_start(int type, void * base) +{ +if (type == HMAC_MD5) + md5_start((md5 *)base); +else + sha1_start((hctx *)base); +} + +static void +chash_mid(int type, void * base, const uschar * string) +{ +if (type == HMAC_MD5) + md5_mid((md5 *)base, string); +else + sha1_mid((hctx *)base, string); +} + +static void +chash_end(int type, void * base, const uschar * string, int length, + uschar * digest) +{ +if (type == HMAC_MD5) + md5_end((md5 *)base, string, length, digest); +else + sha1_end((hctx *)base, string, length, digest); +} + + + + +/* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as +the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer. + +Arguments: + key encoding key, nul-terminated + src data to be hashed, nul-terminated + buf output buffer + len size of output buffer +*/ + +static void +hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len) +{ +md5 md5_base; +const uschar * keyptr; +uschar * p; +unsigned int keylen; + +#define MD5_HASHLEN 16 +#define MD5_HASHBLOCKLEN 64 + +uschar keyhash[MD5_HASHLEN]; +uschar innerhash[MD5_HASHLEN]; +uschar finalhash[MD5_HASHLEN]; +uschar innerkey[MD5_HASHBLOCKLEN]; +uschar outerkey[MD5_HASHBLOCKLEN]; + +keyptr = key; +keylen = Ustrlen(keyptr); + +/* If the key is longer than the hash block length, then hash the key +first */ + +if (keylen > MD5_HASHBLOCKLEN) + { + chash_start(HMAC_MD5, &md5_base); + chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash); + keyptr = keyhash; + keylen = MD5_HASHLEN; + } + +/* Now make the inner and outer key values */ + +memset(innerkey, 0x36, MD5_HASHBLOCKLEN); +memset(outerkey, 0x5c, MD5_HASHBLOCKLEN); + +for (int i = 0; i < keylen; i++) + { + innerkey[i] ^= keyptr[i]; + outerkey[i] ^= keyptr[i]; + } + +/* Now do the hashes */ + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, innerkey); +chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash); + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, outerkey); +chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash); + +/* Encode the final hash as a hex string, limited by output buffer size */ + +p = buf; +for (int i = 0, j = len; i < MD5_HASHLEN; i++) + { + if (j-- <= 0) break; + *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4]; + if (j-- <= 0) break; + *p++ = hex_digits[finalhash[i] & 0x0f]; + } +return; +} + + +/************************************************* * Read and evaluate a condition * *************************************************/ @@ -2394,14 +2529,14 @@ switch(cond_type = identify_operator(&s, &opname)) /* first_delivery tests for first delivery attempt */ case ECOND_FIRST_DELIVERY: - if (yield != NULL) *yield = f.deliver_firsttime == testfor; + if (yield) *yield = f.deliver_firsttime == testfor; return s; /* queue_running tests for any process started by a queue runner */ case ECOND_QUEUE_RUNNING: - if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor; + if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor; return s; @@ -2428,11 +2563,11 @@ switch(cond_type = identify_operator(&s, &opname)) if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!sub[0]) return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; - if (yield == NULL) return s; /* No need to run the test if skipping */ + if (!yield) return s; /* No need to run the test if skipping */ switch(cond_type) { @@ -2534,7 +2669,7 @@ switch(cond_type = identify_operator(&s, &opname)) case 3: return NULL; } - if (yield != NULL) + if (yield) { int rc; *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */ @@ -2585,8 +2720,8 @@ switch(cond_type = identify_operator(&s, &opname)) case 2: case 3: return NULL; } - if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */ - if (yield != NULL) + if (!sub[2]) sub[3] = NULL; /* realm if no service */ + if (yield) { int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3], &expand_string_message); @@ -2673,7 +2808,7 @@ switch(cond_type = identify_operator(&s, &opname)) conditions that compare numbers do not start with a letter. This just saves checking for them individually. */ - if (!isalpha(opname[0]) && yield != NULL) + if (!isalpha(opname[0]) && yield) if (sub[i][0] == 0) { num[i] = 0; @@ -2683,13 +2818,13 @@ switch(cond_type = identify_operator(&s, &opname)) else { num[i] = expanded_string_integer(sub[i], FALSE); - if (expand_string_message != NULL) return NULL; + if (expand_string_message) return NULL; } } /* Result not required */ - if (yield == NULL) return s; + if (!yield) return s; /* Do an appropriate comparison */ @@ -2757,9 +2892,8 @@ switch(cond_type = identify_operator(&s, &opname)) break; case ECOND_MATCH: /* Regular expression match */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -3013,7 +3147,7 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_AND: case ECOND_OR: - subcondptr = (yield == NULL)? NULL : &tempcond; + subcondptr = (yield == NULL) ? NULL : &tempcond; combined_cond = (cond_type == ECOND_AND); while (isspace(*s)) s++; @@ -3048,8 +3182,7 @@ switch(cond_type = identify_operator(&s, &opname)) return NULL; } - if (yield != NULL) - { + if (yield) if (cond_type == ECOND_AND) { combined_cond &= tempcond; @@ -3060,10 +3193,9 @@ switch(cond_type = identify_operator(&s, &opname)) combined_cond |= tempcond; if (combined_cond) subcondptr = NULL; /* once true, don't */ } /* evaluate any more */ - } } - if (yield != NULL) *yield = (combined_cond == testfor); + if (yield) *yield = (combined_cond == testfor); return ++s; @@ -3086,8 +3218,8 @@ switch(cond_type = identify_operator(&s, &opname)) while (isspace(*s)) s++; if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ - sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok))) + return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; @@ -3227,10 +3359,104 @@ switch(cond_type = identify_operator(&s, &opname)) } DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname, boolvalue? "true":"false"); - if (yield != NULL) *yield = (boolvalue == testfor); + if (yield) *yield = (boolvalue == testfor); return s; } +#ifdef EXPERIMENTAL_SRS_NATIVE + case ECOND_INBOUND_SRS: + /* ${if inbound_srs {local_part}{secret} {yes}{no}} */ + { + uschar * sub[2]; + const pcre * re; + int ovec[3*(4+1)]; + int n; + uschar cksum[4]; + BOOL boolvalue = FALSE; + + switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok)) + { + case 1: expand_string_message = US"too few arguments or bracketing " + "error for inbound_srs"; + case 2: + case 3: return NULL; + } + + /* Match the given local_part against the SRS-encoded pattern */ + + re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$", + TRUE, FALSE); + if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT, + ovec, nelem(ovec)) < 0) + { + DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n"); + goto srs_result; + } + + /* Side-effect: record the decoded recipient */ + + srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */ + ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */ + ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */ + + /* If a zero-length secret was given, we're done. Otherwise carry on + and validate the given SRS local_part againt our secret. */ + + if (!*sub[1]) + { + boolvalue = TRUE; + goto srs_result; + } + + /* check the timestamp */ + { + struct timeval now; + uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ + long d; + + gettimeofday(&now, NULL); + now.tv_sec /= 86400; /* days since epoch */ + + /* Decode substring 2 from base32 to a number */ + + for (d = 0, n = ovec[5]-ovec[4]; n; n--) + { + uschar * t = Ustrchr(base32_chars, *ss++); + d = d * 32 + (t - base32_chars); + } + + if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + { + DEBUG(D_expand) debug_printf("SRS too old\n"); + goto srs_result; + } + } + + /* check length of substring 1, the offered checksum */ + + if (ovec[3]-ovec[2] != 4) + { + DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); + goto srs_result; + } + + /* Hash the address with our secret, and compare that computed checksum + with the one extracted from the arg */ + + hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); + if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) + { + DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); + goto srs_result; + } + boolvalue = TRUE; + +srs_result: + if (yield) *yield = (boolvalue == testfor); + return s; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ + /* Unknown condition */ default: @@ -3503,52 +3729,6 @@ FAILED: -/************************************************* -* Handle MD5 or SHA-1 computation for HMAC * -*************************************************/ - -/* These are some wrapping functions that enable the HMAC code to be a bit -cleaner. A good compiler will spot the tail recursion. - -Arguments: - type HMAC_MD5 or HMAC_SHA1 - remaining are as for the cryptographic hash functions - -Returns: nothing -*/ - -static void -chash_start(int type, void * base) -{ -if (type == HMAC_MD5) - md5_start((md5 *)base); -else - sha1_start((hctx *)base); -} - -static void -chash_mid(int type, void * base, const uschar * string) -{ -if (type == HMAC_MD5) - md5_mid((md5 *)base, string); -else - sha1_mid((hctx *)base, string); -} - -static void -chash_end(int type, void * base, const uschar * string, int length, - uschar * digest) -{ -if (type == HMAC_MD5) - md5_end((md5 *)base, string, length, digest); -else - sha1_end((hctx *)base, string, length, digest); -} - - - - - /******************************************************** * prvs: Get last three digits of days since Jan 1, 1970 * ********************************************************/ @@ -3608,7 +3788,7 @@ uschar innerkey[64]; uschar outerkey[64]; uschar *finalhash_hex; -if (key_num == NULL) +if (!key_num) key_num = US"0"; if (Ustrlen(key) > 64) @@ -3816,13 +3996,13 @@ eval_op_mult(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_unary(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '*' || *s == '/' || *s == '%') { int op = *s++; int_eximarith_t y = eval_op_unary(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where @@ -3903,7 +4083,7 @@ eval_op_shift(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_sum(&s, decimal, error); -if (*error == NULL) +if (!*error) { while ((*s == '<' || *s == '>') && s[1] == s[0]) { @@ -3911,7 +4091,7 @@ if (*error == NULL) int op = *s++; s++; y = eval_op_sum(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; if (op == '<') x <<= y; else x >>= y; } } @@ -3925,14 +4105,14 @@ eval_op_and(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_shift(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '&') { int_eximarith_t y; s++; y = eval_op_shift(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x &= y; } } @@ -3946,14 +4126,14 @@ eval_op_xor(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_and(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '^') { int_eximarith_t y; s++; y = eval_op_and(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x ^= y; } } @@ -3967,14 +4147,14 @@ eval_op_or(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_xor(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '|') { int_eximarith_t y; s++; y = eval_op_xor(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x |= y; } } @@ -4235,7 +4415,7 @@ while (*s != 0) if (!value) { - if (Ustrchr(name, '}') != NULL) malformed_header = TRUE; + if (Ustrchr(name, '}')) malformed_header = TRUE; continue; } } @@ -4415,8 +4595,8 @@ while (*s != 0) save_expand_strings(save_expand_nstring, save_expand_nlength); while (isspace(*s)) s++; - next_s = eval_condition(s, &resetok, skipping ? NULL : &cond); - if (next_s == NULL) goto EXPAND_FAILED; /* message already set */ + if (!(next_s = eval_condition(s, &resetok, skipping ? NULL : &cond))) + goto EXPAND_FAILED; /* message already set */ DEBUG(D_expand) DEBUG(D_noutf8) @@ -4475,7 +4655,7 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - if (sub_arg[1] == NULL) /* One argument */ + if (!sub_arg[1]) /* One argument */ { sub_arg[1] = US"/"; /* default separator */ sub_arg[2] = NULL; @@ -4577,7 +4757,7 @@ while (*s != 0) if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery)) { - if (key == NULL) + if (!key) { expand_string_message = string_sprintf("missing {key} for single-" "key \"%s\" lookup", name); @@ -4586,7 +4766,7 @@ while (*s != 0) } else { - if (key != NULL) + if (key) { expand_string_message = string_sprintf("a single key was given for " "lookup type \"%s\", which is not a single-key lookup type", name); @@ -4604,8 +4784,8 @@ while (*s != 0) expand_string_message = US"missing '{' for lookup file-or-query arg"; goto EXPAND_FAILED_CURLY; } - filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (filename == NULL) goto EXPAND_FAILED; + if (!(filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = US"missing '}' closing lookup file-or-query arg"; @@ -4656,7 +4836,7 @@ while (*s != 0) else { void *handle = search_open(filename, stype, 0, NULL, NULL); - if (handle == NULL) + if (!handle) { expand_string_message = search_error_message; goto EXPAND_FAILED; @@ -4738,15 +4918,14 @@ while (*s != 0) if (!opt_perl_started) { uschar *initerror; - if (opt_perl_startup == NULL) + if (!opt_perl_startup) { expand_string_message = US"A setting of perl_startup is needed when " "using the Perl interpreter"; goto EXPAND_FAILED; } DEBUG(D_any) debug_printf("Starting Perl interpreter\n"); - initerror = init_perl(opt_perl_startup); - if (initerror != NULL) + if ((initerror = init_perl(opt_perl_startup))) { expand_string_message = string_sprintf("error in perl_startup code: %s\n", initerror); @@ -4765,9 +4944,9 @@ while (*s != 0) NULL, the yield was undef, indicating a forced failure. Otherwise the message will indicate some kind of Perl error. */ - if (new_yield == NULL) + if (!new_yield) { - if (expand_string_message == NULL) + if (!expand_string_message) { expand_string_message = string_sprintf("Perl subroutine \"%s\" returned undef to force " @@ -5273,7 +5452,7 @@ while (*s != 0) if (*s == '{') { - if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL) + if (!expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok)) goto EXPAND_FAILED; if (*s++ != '}') { @@ -5332,8 +5511,8 @@ while (*s != 0) expand_string_message = US"missing '{' for command arg of run"; goto EXPAND_FAILED_CURLY; } - arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (arg == NULL) goto EXPAND_FAILED; + if (!(arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; while (isspace(*s)) s++; if (*s++ != '}') { @@ -5446,7 +5625,7 @@ while (*s != 0) if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++) { uschar *m = Ustrrchr(sub[1], yield->s[oldptr]); - if (m != NULL) + if (m) { int o = m - sub[1]; yield->s[oldptr] = sub[2][(o < o2m)? o : o2m]; @@ -5485,7 +5664,7 @@ while (*s != 0) string to the last position and make ${length{n}{str}} equivalent to ${substr{0}{n}{str}}. See the defaults for val[] above. */ - if (sub[2] == NULL) + if (!sub[2]) { sub[2] = sub[1]; sub[1] = NULL; @@ -5508,13 +5687,13 @@ while (*s != 0) } ret = - (item_type == EITEM_HASH)? - compute_hash(sub[2], val[0], val[1], &len) : - (item_type == EITEM_NHASH)? - compute_nhash(sub[2], val[0], val[1], &len) : - extract_substr(sub[2], val[0], val[1], &len); - - if (ret == NULL) goto EXPAND_FAILED; + item_type == EITEM_HASH + ? compute_hash(sub[2], val[0], val[1], &len) + : item_type == EITEM_NHASH + ? compute_nhash(sub[2], val[0], val[1], &len) + : extract_substr(sub[2], val[0], val[1], &len); + if (!ret) + goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -5654,10 +5833,8 @@ while (*s != 0) /* Compile the regular expression */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -5713,8 +5890,8 @@ while (*s != 0) /* Copy the characters before the match, plus the expanded insertion. */ yield = string_catn(yield, subject + moffset, ovector[0] - moffset); - insert = expand_string(sub[2]); - if (insert == NULL) goto EXPAND_FAILED; + if (!(insert = expand_string(sub[2]))) + goto EXPAND_FAILED; yield = string_cat(yield, insert); moffset = ovector[1]; @@ -5808,8 +5985,8 @@ while (*s != 0) while (isspace(*s)) s++; if (*s == '{') /*'}'*/ { - sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (sub[i] == NULL) goto EXPAND_FAILED; /*'{'*/ + if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; /*'{'*/ if (*s++ != '}') { expand_string_message = string_sprintf( @@ -6184,8 +6361,8 @@ while (*s != 0) goto EXPAND_FAILED_CURLY; } - list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); - if (list == NULL) goto EXPAND_FAILED; + if (!(list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = @@ -6230,13 +6407,13 @@ while (*s != 0) if (item_type == EITEM_FILTER) { - temp = eval_condition(expr, &resetok, NULL); - if (temp != NULL) s = temp; + if ((temp = eval_condition(expr, &resetok, NULL))) + s = temp; } else temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok); - if (temp == NULL) + if (!temp) { expand_string_message = string_sprintf("%s inside \"%s\" item", expand_string_message, name); @@ -6274,7 +6451,7 @@ while (*s != 0) if (item_type == EITEM_FILTER) { BOOL condresult; - if (eval_condition(expr, &resetok, &condresult) == NULL) + if (!eval_condition(expr, &resetok, &condresult)) { iterate_item = save_iterate_item; lookup_value = save_lookup_value; @@ -6296,7 +6473,7 @@ while (*s != 0) { uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok); temp = t; - if (temp == NULL) + if (!temp) { iterate_item = save_iterate_item; expand_string_message = string_sprintf("%s inside \"%s\" item", @@ -6584,7 +6761,7 @@ while (*s != 0) if (!(t = tree_search(dlobj_anchor, argv[0]))) { void *handle = dlopen(CS argv[0], RTLD_LAZY); - if (handle == NULL) + if (!handle) { expand_string_message = string_sprintf("dlopen \"%s\" failed: %s", argv[0], dlerror()); @@ -6600,8 +6777,7 @@ while (*s != 0) /* Having obtained the dynamically loaded object handle, look up the function pointer. */ - func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]); - if (func == NULL) + if (!(func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]))) { expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: " "%s", argv[1], argv[0], dlerror()); @@ -6618,20 +6794,21 @@ while (*s != 0) resetok = FALSE; result = NULL; - for (argc = 0; argv[argc] != NULL; argc++); + for (argc = 0; argv[argc]; argc++); status = func(&result, argc - 2, &argv[2]); if(status == OK) { - if (result == NULL) result = US""; + if (!result) result = US""; yield = string_cat(yield, result); continue; } else { - expand_string_message = result == NULL ? US"(no message)" : result; - if(status == FAIL_FORCED) f.expand_string_forcedfail = TRUE; - else if(status != FAIL) - log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", + expand_string_message = result ? result : US"(no message)"; + if (status == FAIL_FORCED) + f.expand_string_forcedfail = TRUE; + else if (status != FAIL) + log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", argv[0], argv[1], status, expand_string_message); goto EXPAND_FAILED; } @@ -6671,6 +6848,62 @@ while (*s != 0) } continue; } + +#ifdef EXPERIMENTAL_SRS_NATIVE + case EITEM_SRS_ENCODE: + /* ${srs_encode {secret} {return_path} {orig_domain}} */ + { + uschar * sub[3]; + uschar cksum[4]; + + switch (read_subs(sub, 3, 3, CUSS &s, skipping, TRUE, name, &resetok)) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + + yield = string_catn(yield, US"SRS0=", 5); + + /* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */ + hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum)); + yield = string_catn(yield, cksum, sizeof(cksum)); + yield = string_catn(yield, US"=", 1); + + /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + { + struct timeval now; + unsigned long i; + gstring * g = NULL; + + gettimeofday(&now, NULL); + for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) + g = string_catn(g, &base32_chars[i & 0x1f], 1); + if (g) while (g->ptr > 0) + yield = string_catn(yield, &g->s[--g->ptr], 1); + } + yield = string_catn(yield, US"=", 1); + + /* ${domain:$return_path}=${local_part:$return_path} */ + { + int start, end, domain; + uschar * t = parse_extract_address(sub[1], &expand_string_message, + &start, &end, &domain, FALSE); + if (!t) + goto EXPAND_FAILED; + + if (domain > 0) yield = string_cat(yield, t + domain); + yield = string_catn(yield, US"=", 1); + yield = domain > 0 + ? string_catn(yield, t, domain - 1) : string_cat(yield, t); + } + + /* @$original_domain */ + yield = string_catn(yield, US"@", 1); + yield = string_cat(yield, sub[2]); + continue; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ } /* EITEM_* switch */ /* Control reaches here if the name is not recognized as one of the more @@ -6695,11 +6928,11 @@ while (*s != 0) if ((c = chop_match(name, op_table_underscore, nelem(op_table_underscore))) < 0) { - arg = Ustrchr(name, '_'); - if (arg != NULL) *arg = 0; - c = chop_match(name, op_table_main, nelem(op_table_main)); - if (c >= 0) c += nelem(op_table_underscore); - if (arg != NULL) *arg++ = '_'; /* Put back for error messages */ + if ((arg = Ustrchr(name, '_'))) + *arg = 0; + if ((c = chop_match(name, op_table_main, nelem(op_table_main))) >= 0) + c += nelem(op_table_underscore); + if (arg) *arg++ = '_'; /* Put back for error messages */ } /* Deal specially with operators that might take a certificate variable @@ -6774,11 +7007,10 @@ while (*s != 0) { uschar *tt = sub; unsigned long int n = 0; - uschar * s; while (*tt) { uschar * t = Ustrchr(base32_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base32d " "operator is \"%s\", which is not a base 32 number", sub); @@ -6786,8 +7018,7 @@ while (*s != 0) } n = n * 32 + (t - base32_chars); } - s = string_sprintf("%ld", n); - yield = string_cat(yield, s); + yield = string_fmt_append(yield, "%ld", n); continue; } @@ -6801,8 +7032,7 @@ while (*s != 0) "operator is \"%s\", which is not a decimal number", sub); goto EXPAND_FAILED; } - t = string_base62(n); - yield = string_cat(yield, t); + yield = string_cat(yield, string_base62(n)); continue; } @@ -6815,7 +7045,7 @@ while (*s != 0) while (*tt != 0) { uschar *t = Ustrchr(base62_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base62d " "operator is \"%s\", which is not a base %d number", sub, @@ -6831,7 +7061,7 @@ while (*s != 0) case EOP_EXPAND: { uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok); - if (expanded == NULL) + if (!expanded) { expand_string_message = string_sprintf("internal expansion of \"%s\" failed: %s", sub, @@ -7030,7 +7260,7 @@ while (*s != 0) int sep = 0; uschar buffer[256]; - while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++; + while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++; yield = string_fmt_append(yield, "%d", cnt); continue; } @@ -7049,7 +7279,7 @@ while (*s != 0) uschar buffer[256]; if (*sub == '+') sub++; - if (arg == NULL) /* no-argument version */ + if (!arg) /* no-argument version */ { if (!(t = tree_search(addresslist_anchor, sub)) && !(t = tree_search(domainlist_anchor, sub)) && @@ -7299,7 +7529,7 @@ while (*s != 0) case EOP_QUOTE: case EOP_QUOTE_LOCAL_PART: - if (arg == NULL) + if (!arg) { BOOL needs_quote = (*sub == 0); /* TRUE for empty string */ uschar *t = sub - 1; @@ -7347,20 +7577,20 @@ while (*s != 0) int n; uschar *opt = Ustrchr(arg, '_'); - if (opt != NULL) *opt++ = 0; + if (opt) *opt++ = 0; - n = search_findtype(arg, Ustrlen(arg)); - if (n < 0) + if ((n = search_findtype(arg, Ustrlen(arg))) < 0) { expand_string_message = search_error_message; goto EXPAND_FAILED; } - if (lookup_list[n]->quote != NULL) + if (lookup_list[n]->quote) sub = (lookup_list[n]->quote)(sub, opt); - else if (opt != NULL) sub = NULL; + else if (opt) + sub = NULL; - if (sub == NULL) + if (!sub) { expand_string_message = string_sprintf( "\"%s\" unrecognized after \"${quote_%s\"", @@ -7407,7 +7637,7 @@ while (*s != 0) uschar *error; uschar *decoded = rfc2047_decode(sub, check_rfc2047_length, headers_charset, '?', &len, &error); - if (error != NULL) + if (error) { expand_string_message = error; goto EXPAND_FAILED; @@ -7769,14 +7999,13 @@ while (*s != 0) /* Perform the required operation */ - ret = - (c == EOP_HASH || c == EOP_H)? - compute_hash(sub, value1, value2, &len) : - (c == EOP_NHASH || c == EOP_NH)? - compute_nhash(sub, value1, value2, &len) : - extract_substr(sub, value1, value2, &len); + ret = c == EOP_HASH || c == EOP_H + ? compute_hash(sub, value1, value2, &len) + : c == EOP_NHASH || c == EOP_NH + ? compute_nhash(sub, value1, value2, &len) + : extract_substr(sub, value1, value2, &len); + if (!ret) goto EXPAND_FAILED; - if (ret == NULL) goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -8138,7 +8367,7 @@ uschar *endptr; /* If expansion failed, expand_string_message will be set. */ -if (s == NULL) return -1; +if (!s) return -1; /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno to ERANGE. When there isn't an overflow, errno is not changed, at least on some @@ -8233,10 +8462,9 @@ exp_bool(address_item *addr, uschar *svalue, BOOL *rvalue) { uschar *expanded; -if (svalue == NULL) { *rvalue = bvalue; return OK; } +if (!svalue) { *rvalue = bvalue; return OK; } -expanded = expand_string(svalue); -if (expanded == NULL) +if (!(expanded = expand_string(svalue))) { if (f.expand_string_forcedfail) { diff --git a/src/src/functions.h b/src/src/functions.h index f4fcd1e19..ea3cf257c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -55,6 +55,7 @@ extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *, extern void tls_close(void *, int); extern BOOL tls_could_read(void); extern void tls_daemon_init(void); +extern BOOL tls_dropprivs_validate_require_cipher(BOOL); extern BOOL tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); @@ -136,6 +137,7 @@ extern gstring *authres_spf(gstring *); #endif extern uschar *b64encode(const uschar *, int); +extern uschar *b64encode_taint(const uschar *, int, BOOL); extern int b64decode(const uschar *, uschar **); extern int bdat_getc(unsigned); extern uschar *bdat_getbuf(unsigned *); @@ -175,8 +177,8 @@ extern void debug_print_tree(tree_node *); extern void debug_vprintf(int, const char *, va_list); extern void decode_bits(unsigned int *, size_t, int *, uschar *, bit_table *, int, uschar *, int); +extern void delete_pid_file(void); extern address_item *deliver_make_addr(uschar *, BOOL); -extern void deliver_init(void); extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); @@ -446,6 +448,7 @@ extern void smtp_command_timeout_exit(void) NORETURN; extern void smtp_command_sigterm_exit(void) NORETURN; extern void smtp_data_timeout_exit(void) NORETURN; extern void smtp_data_sigint_exit(void) NORETURN; +extern void smtp_deliver_init(void); extern uschar *smtp_cmd_hist(void); extern int smtp_connect(smtp_connect_args *, const blob *); extern int smtp_sock_connect(host_item *, int, int, uschar *, @@ -540,6 +543,7 @@ extern int strncmpic(const uschar *, const uschar *, int); extern uschar *strstric(uschar *, uschar *, BOOL); extern int test_harness_fudged_queue_time(int); +extern void tcp_init(void); #ifdef EXIM_TFO_PROBE extern void tfo_probe(void); #endif diff --git a/src/src/globals.c b/src/src/globals.c index 358c380a8..de1149b6c 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -238,6 +238,7 @@ struct global_flags f = .disable_logging = FALSE, #ifndef DISABLE_DKIM .dkim_disable_verify = FALSE, + .dkim_init_done = FALSE, #endif #ifdef SUPPORT_DMARC .dmarc_has_been_checked = FALSE, @@ -297,7 +298,7 @@ struct global_flags f = .sender_name_forced = FALSE, .sender_set_untrusted = FALSE, .smtp_authenticated = FALSE, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .smtp_in_early_pipe_advertised = FALSE, .smtp_in_early_pipe_no_auth = FALSE, .smtp_in_early_pipe_used = FALSE, @@ -830,7 +831,7 @@ void *dkim_signatures = NULL; uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; -uschar *dkim_verify_hashes = US"sha256:sha512:sha1"; +uschar *dkim_verify_hashes = US"sha256:sha512"; uschar *dkim_verify_keytypes = US"ed25519:rsa"; BOOL dkim_verify_minimal = FALSE; uschar *dkim_verify_overall = NULL; @@ -1167,7 +1168,7 @@ uschar *override_pid_file_path = NULL; uschar *percent_hack_domains = NULL; uschar *pid_file_path = US PID_FILE_PATH "\0<--------------Space to patch pid_file_path->"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *pipe_connect_advertise_hosts = US"*"; #endif uschar *pipelining_advertise_hosts = US"*"; @@ -1259,7 +1260,7 @@ const pcre *regex_From = NULL; const pcre *regex_IGNOREQUOTA = NULL; const pcre *regex_PIPELINING = NULL; const pcre *regex_SIZE = NULL; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT const pcre *regex_EARLY_PIPE = NULL; #endif const pcre *regex_ismsgid = NULL; @@ -1499,6 +1500,9 @@ uschar *srs_recipient = NULL; uschar *srs_secrets = NULL; uschar *srs_status = NULL; #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +uschar *srs_recipient = NULL; +#endif int string_datestamp_offset= -1; int string_datestamp_length= 0; int string_datestamp_type = -1; diff --git a/src/src/globals.h b/src/src/globals.h index ca342acc2..03a56f0f2 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -97,6 +97,7 @@ typedef struct { void *peercert; /* Certificate of peer, binary */ uschar *peerdn; /* DN from peer */ uschar *sni; /* Server Name Indication */ + uschar *channelbinding; /* b64'd data identifying channel, for authenticators */ enum { OCSP_NOT_REQ=0, /* not requested */ OCSP_NOT_RESP, /* no response to request */ @@ -120,7 +121,6 @@ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules * extern uschar *openssl_options; /* OpenSSL compatibility options */ extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */ extern uschar *tls_certificate; /* Certificate file */ -extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */ extern uschar *tls_crl; /* CRL File */ extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ extern uschar *tls_dhparam; /* DH param file */ @@ -199,6 +199,7 @@ extern struct global_flags { BOOL disable_logging :1; /* Disables log writing when TRUE */ #ifndef DISABLE_DKIM BOOL dkim_disable_verify :1; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ + BOOL dkim_init_done :1; /* lazy-init status */ #endif #ifdef SUPPORT_DMARC BOOL dmarc_has_been_checked :1; /* Global variable to check if test has been called yet */ @@ -258,7 +259,7 @@ extern struct global_flags { BOOL sender_name_forced :1; /* Set by -F */ BOOL sender_set_untrusted :1; /* Sender set by untrusted caller */ BOOL smtp_authenticated :1; /* Sending client has authenticated */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL smtp_in_early_pipe_advertised :1; /* server advertised PIPE_CONNECT */ BOOL smtp_in_early_pipe_no_auth :1; /* too many authenticator names */ BOOL smtp_in_early_pipe_used :1; /* client did send early data */ @@ -750,7 +751,7 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */ extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */ #endif extern uschar *pipelining_advertise_hosts; /* As it says */ @@ -834,7 +835,7 @@ extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ #endif extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ @@ -987,6 +988,9 @@ extern uschar *srs_status; /* SRS staus */ extern BOOL srs_usehash; /* SRS use hash flag */ extern BOOL srs_usetimestamp; /* SRS use timestamp flag */ #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +extern uschar *srs_recipient; /* SRS recipient */ +#endif extern BOOL strict_acl_vars; /* ACL variables have to be set before being used */ extern int string_datestamp_offset;/* After insertion by string_format */ extern int string_datestamp_length;/* After insertion by string_format */ diff --git a/src/src/ip.c b/src/src/ip.c index 19be51a03..108c21d92 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -14,6 +14,12 @@ different places in the code where sockets are used. */ #include "exim.h" +#if defined(TCP_FASTOPEN) +# if defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX) || defined(EXIM_TFO_FREEBSD) +# define EXIM_SUPPORT_TFO +# endif +#endif + /************************************************* * Create a socket * *************************************************/ @@ -161,26 +167,6 @@ return bind(sock, (struct sockaddr *)&sin, s_len); /************************************************* -*************************************************/ - -#ifdef EXIM_TFO_PROBE -void -tfo_probe(void) -{ -# ifdef TCP_FASTOPEN -int sock, backlog = 5; - -if ( (sock = socket(SOCK_STREAM, AF_INET, 0)) < 0 - && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog)) - ) - f.tcp_fastopen_ok = TRUE; -close(sock); -# endif -} -#endif - - -/************************************************* * Connect socket to remote host * *************************************************/ @@ -245,7 +231,7 @@ callout_address = string_sprintf("[%s]:%d", address, port); sigalrm_seen = FALSE; if (timeout > 0) ALARM(timeout); -#ifdef TCP_FASTOPEN +#ifdef EXIM_SUPPORT_TFO /* TCP Fast Open, if the system has a cookie from a previous call to this peer, can send data in the SYN packet. The peer can send data before it gets our ACK of its SYN,ACK - the latter is useful for @@ -255,8 +241,7 @@ possibly use the data-on-syn, so support that too. */ if (fastopen_blob && f.tcp_fastopen_ok) { # ifdef MSG_FASTOPEN - /* This is a Linux implementation. It might be useable on FreeBSD; I have - not checked. */ + /* This is a Linux implementation. */ if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0) @@ -292,8 +277,26 @@ if (fastopen_blob && f.tcp_fastopen_ok) debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); goto legacy_connect; } -# endif -# ifdef EXIM_TFO_CONNECTX + +# elif defined(EXIM_TFO_FREEBSD) + /* Re: https://people.freebsd.org/~pkelsey/tfo-tools/tfo-client.c */ + + if (setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)) < 0) + { + DEBUG(D_transport) + debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); + goto legacy_connect; + } + if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, 0, + s_ptr, s_len)) >= 0) + { + DEBUG(D_transport|D_v) + debug_printf(" TFO mode connection attempt to %s, %lu data\n", + address, (unsigned long)fastopen_blob->len); + tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; + } + +# elif defined(EXIM_TFO_CONNECTX) /* MacOS */ sa_endpoints_t ends = { .sae_srcif = 0, .sae_srcaddr = NULL, .sae_srcaddrlen = 0, @@ -329,9 +332,9 @@ if (fastopen_blob && f.tcp_fastopen_ok) # endif } else -#endif /*TCP_FASTOPEN*/ +#endif /*EXIM_SUPPORT_TFO*/ { -#if defined(TCP_FASTOPEN) && defined(MSG_FASTOPEN) +#if defined(EXIM_SUPPORT_TFO) && !defined(EXIM_TFO_CONNECTX) legacy_connect: #endif diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index e96fef938..383b0b38c 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -161,7 +161,7 @@ due to conflicts with other common macros. */ #ifndef DISABLE_OCSP builtin_macro_create(US"_HAVE_OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT builtin_macro_create(US"_HAVE_PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR @@ -182,9 +182,12 @@ due to conflicts with other common macros. */ #ifdef SUPPORT_SPF builtin_macro_create(US"_HAVE_SPF"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) builtin_macro_create(US"_HAVE_SRS"); #endif +#if defined(EXPERIMENTAL_SRS_NATIVE) + builtin_macro_create(US"_HAVE_NATIVE_SRS"); /* beware clash with _HAVE_SRS */ +#endif #ifdef EXPERIMENTAL_ARC builtin_macro_create(US"_HAVE_ARC"); #endif diff --git a/src/src/macros.h b/src/src/macros.h index 76913d64e..cc96c8516 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -550,11 +550,8 @@ table exim_errstrings[] in log.c */ #define ERRNO_DATA4XX (-46) /* DATA gave 4xx error */ #define ERRNO_PROXYFAIL (-47) /* Negotiation failed for proxy configured host */ #define ERRNO_AUTHPROB (-48) /* Authenticator "other" failure */ - -#ifdef SUPPORT_I18N -# define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ -#endif - /* -50 free for re-use */ +#define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ +#define ERRNO_HOST_IS_LOCAL (-50) /* Transport refuses to talk to localhost */ /* These must be last, so all retry deferments can easily be identified */ diff --git a/src/src/readconf.c b/src/src/readconf.c index 0233019cf..08014c9af 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -244,7 +244,7 @@ static optionlist optionlist_config[] = { #endif { "pid_file_path", opt_stringptr, &pid_file_path }, { "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "pipelining_connect_advertise_hosts", opt_stringptr, &pipe_connect_advertise_hosts }, #endif @@ -3075,80 +3075,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malformed ratelimit data: %s", s); /************************************************* -* Drop privs for checking TLS config * -*************************************************/ - -/* We want to validate TLS options during readconf, but do not want to be -root when we call into the TLS library, in case of library linkage errors -which cause segfaults; before this check, those were always done as the Exim -runtime user and it makes sense to continue with that. - -Assumes: tls_require_ciphers has been set, if it will be - exim_user has been set, if it will be - exim_group has been set, if it will be - -Returns: bool for "okay"; false will cause caller to immediately exit. -*/ - -#ifndef DISABLE_TLS -static BOOL -tls_dropprivs_validate_require_cipher(BOOL nowarn) -{ -const uschar *errmsg; -pid_t pid; -int rc, status; -void (*oldsignal)(int); - -/* If TLS will never be used, no point checking ciphers */ - -if ( !tls_advertise_hosts - || !*tls_advertise_hosts - || Ustrcmp(tls_advertise_hosts, ":") == 0 - ) - return TRUE; -else if (!nowarn && !tls_certificate) - log_write(0, LOG_MAIN, - "Warning: No server certificate defined; will use a selfsigned one.\n" - " Suggested action: either install a certificate or change tls_advertise_hosts option"); - -oldsignal = signal(SIGCHLD, SIG_DFL); - -fflush(NULL); -if ((pid = fork()) < 0) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); - -if (pid == 0) - { - /* in some modes, will have dropped privilege already */ - if (!geteuid()) - exim_setugid(exim_uid, exim_gid, FALSE, - US"calling tls_validate_require_cipher"); - - if ((errmsg = tls_validate_require_cipher())) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "tls_require_ciphers invalid: %s", errmsg); - fflush(NULL); - exim_underbar_exit(0); - } - -do { - rc = waitpid(pid, &status, 0); -} while (rc < 0 && errno == EINTR); - -DEBUG(D_tls) - debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", - (int)pid, status); - -signal(SIGCHLD, oldsignal); - -return status == 0; -} -#endif /*DISABLE_TLS*/ - - - - -/************************************************* * Read main configuration options * *************************************************/ @@ -3645,11 +3571,6 @@ if ((tls_verify_hosts || tls_try_verify_hosts) && !tls_verify_certificates) "tls_%sverify_hosts is set, but tls_verify_certificates is not set", tls_verify_hosts ? "" : "try_"); -/* This also checks that the library linkage is working and we can call -routines in it, so call even if tls_require_ciphers is unset */ -if (!tls_dropprivs_validate_require_cipher(nowarn)) - exit(1); - /* Magic number: at time of writing, 1024 has been the long-standing value used by so many clients, and what Exim used to use always, that it makes sense to just min-clamp this max-clamp at that. */ @@ -4222,7 +4143,7 @@ Returns: nothing static void auths_init(void) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int nauths = 0; #endif @@ -4248,11 +4169,11 @@ for (auth_instance * au = auths; au; au = au->next) "(%s and %s) have the same public name (%s)", au->client ? US"client" : US"server", au->name, bu->name, au->public_name); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT nauths++; #endif } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT f.smtp_in_early_pipe_no_auth = nauths > 16; #endif } diff --git a/src/src/receive.c b/src/src/receive.c index 31e3f7cbb..83613092f 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1343,7 +1343,7 @@ if (received_protocol) if (LOGGING(pipelining) && f.smtp_in_pipelining_advertised) { g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (f.smtp_in_early_pipe_used) g = string_catn(g, US"*", 1); else if (f.smtp_in_early_pipe_advertised) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index f37b2f6e0..9e2b39c4e 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -142,7 +142,7 @@ static struct { BOOL helo_verify :1; BOOL helo_seen :1; BOOL helo_accept_junk :1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pipe_connect_acceptable :1; #endif BOOL rcpt_smtp_response_same :1; @@ -397,7 +397,7 @@ return TRUE; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static BOOL pipeline_connect_sends(void) { @@ -952,16 +952,13 @@ if (fl.rcpt_in_progress) /* Now write the string */ +if ( #ifndef DISABLE_TLS -if (tls_in.active.sock >= 0) - { - if (tls_write(NULL, gs.s, gs.ptr, more) < 0) - smtp_write_error = -1; - } -else + tls_in.active.sock >= 0 ? (tls_write(NULL, gs.s, gs.ptr, more) < 0) : #endif - -if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; + (fwrite(gs.s, gs.ptr, 1, smtp_out) == 0) + ) + smtp_write_error = -1; } @@ -972,8 +969,7 @@ if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; /* This function isn't currently used within Exim (it detects errors when it tries to read the next SMTP input), but is available for use in local_scan(). -For non-TLS connections, it flushes the output and checks for errors. For -TLS-connections, it checks for a previously-detected TLS write error. +It flushes the output and checks for errors. Arguments: none Returns: 0 for no error; -1 after an error @@ -983,6 +979,15 @@ int smtp_fflush(void) { if (tls_in.active.sock < 0 && fflush(smtp_out) != 0) smtp_write_error = -1; + +if ( +#ifndef DISABLE_TLS + tls_in.active.sock >= 0 ? (tls_write(NULL, NULL, 0, FALSE) < 0) : +#endif + (fflush(smtp_out) != 0) + ) + smtp_write_error = -1; + return smtp_write_error; } @@ -2400,24 +2405,47 @@ return FALSE; static void tfo_in_check(void) { -# ifdef TCP_INFO +# ifdef __FreeBSD__ +int is_fastopen; +socklen_t len = sizeof(is_fastopen); + +/* The tinfo TCPOPT_FAST_OPEN bit seems unreliable, and we don't see state +TCP_SYN_RCV (as of 12.1) so no idea about data-use. */ + +if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_FASTOPEN, &is_fastopen, &len) == 0) + { + if (is_fastopen) + { + DEBUG(D_receive) + debug_printf("TFO mode connection (TCP_FASTOPEN getsockopt)\n"); + f.tcp_in_fastopen = TRUE; + } + } +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); + +# elif defined(TCP_INFO) struct tcp_info tinfo; socklen_t len = sizeof(tinfo); if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) -#ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11 does not seem to have this yet */ +# ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11,12 do not seem to have this yet */ if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (ACKd data-on-SYN)\n"); + DEBUG(D_receive) + debug_printf("TFO mode connection (ACKd data-on-SYN)\n"); f.tcp_in_fastopen_data = f.tcp_in_fastopen = TRUE; } else -#endif - if (tinfo.tcpi_state == TCP_SYN_RECV) +# endif + if (tinfo.tcpi_state == TCP_SYN_RECV) /* Not seen on FreeBSD 12.1 */ { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (state TCP_SYN_RECV)\n"); + DEBUG(D_receive) + debug_printf("TFO mode connection (state TCP_SYN_RECV)\n"); f.tcp_in_fastopen = TRUE; } +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); # endif } #endif @@ -2997,7 +3025,7 @@ while (*p); /* Before we write the banner, check that there is no input pending, unless this synchronisation check is disabled. */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = sender_host_address && verify_check_host(&pipe_connect_advertise_hosts) == OK; @@ -3024,7 +3052,7 @@ if (!check_sync()) /*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */ smtp_printf("%s", -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends(), #else FALSE, @@ -3035,7 +3063,7 @@ smtp_printf("%s", handshake arrived. If so we must have managed a TFO. */ #ifdef TCP_FASTOPEN -tfo_in_check(); +if (sender_host_address && !f.sender_host_notsocket) tfo_in_check(); #endif return TRUE; @@ -3719,60 +3747,60 @@ if (rc != OK) switch(rc) { case OK: - if (!au->set_id || set_id) /* Complete success */ - { - if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); - sender_host_authenticated = au->name; - sender_host_auth_pubname = au->public_name; - authentication_failed = FALSE; - authenticated_fail_id = NULL; /* Impossible to already be set? */ - - received_protocol = - (sender_host_address ? protocols : protocols_local) - [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; - *s = *ss = US"235 Authentication succeeded"; - authenticated_by = au; - break; - } + if (!au->set_id || set_id) /* Complete success */ + { + if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); + sender_host_authenticated = au->name; + sender_host_auth_pubname = au->public_name; + authentication_failed = FALSE; + authenticated_fail_id = NULL; /* Impossible to already be set? */ - /* Authentication succeeded, but we failed to expand the set_id string. - Treat this as a temporary error. */ + received_protocol = + (sender_host_address ? protocols : protocols_local) + [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; + *s = *ss = US"235 Authentication succeeded"; + authenticated_by = au; + break; + } + + /* Authentication succeeded, but we failed to expand the set_id string. + Treat this as a temporary error. */ - auth_defer_msg = expand_string_message; - /* Fall through */ + auth_defer_msg = expand_string_message; + /* Fall through */ case DEFER: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = string_sprintf("435 Unable to authenticate at present%s", - auth_defer_user_msg); - *ss = string_sprintf("435 Unable to authenticate at present%s: %s", - set_id, auth_defer_msg); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = string_sprintf("435 Unable to authenticate at present%s", + auth_defer_user_msg); + *ss = string_sprintf("435 Unable to authenticate at present%s: %s", + set_id, auth_defer_msg); + break; case BAD64: - *s = *ss = US"501 Invalid base64 data"; - break; + *s = *ss = US"501 Invalid base64 data"; + break; case CANCELLED: - *s = *ss = US"501 Authentication cancelled"; - break; + *s = *ss = US"501 Authentication cancelled"; + break; case UNEXPECTED: - *s = *ss = US"553 Initial data not expected"; - break; + *s = *ss = US"553 Initial data not expected"; + break; case FAIL: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"535 Incorrect authentication data"; - *ss = string_sprintf("535 Incorrect authentication data%s", set_id); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"535 Incorrect authentication data"; + *ss = string_sprintf("535 Incorrect authentication data%s", set_id); + break; default: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"435 Internal error"; - *ss = string_sprintf("435 Internal error%s: return %d from authentication " - "check", set_id, rc); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"435 Internal error"; + *ss = string_sprintf("435 Internal error%s: return %d from authentication " + "check", set_id, rc); + break; } return rc; @@ -3975,7 +4003,7 @@ while (done <= 0) #endif switch(smtp_read_command( -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT !fl.pipe_connect_acceptable, #else TRUE, @@ -4211,7 +4239,7 @@ while (done <= 0) host_build_sender_fullhost(); /* Rebuild */ break; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT else if (!fl.pipe_connect_acceptable && !check_sync()) #else else if (!check_sync()) @@ -4344,7 +4372,7 @@ while (done <= 0) sync_cmd_limit = NON_SYNC_CMD_PIPELINING; f.smtp_in_pipelining_advertised = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (fl.pipe_connect_acceptable) { f.smtp_in_early_pipe_advertised = TRUE; @@ -4462,7 +4490,7 @@ while (done <= 0) #ifndef DISABLE_TLS if (tls_in.active.sock >= 0) (void)tls_write(NULL, g->s, g->ptr, -# ifdef SUPPORT_PIPE_CONNECT +# ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends()); # else FALSE); @@ -5240,7 +5268,7 @@ while (done <= 0) f.dot_ends = TRUE; DATA_BDAT: /* Common code for DATA and BDAT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = FALSE; #endif if (!discarded && recipients_count <= 0) diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index ece79de10..96ee15282 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -155,7 +155,28 @@ return TRUE; static void tfo_out_check(int sock) { -# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) +# ifdef __FreeBSD__ +struct tcp_info tinfo; +int val; +socklen_t len = sizeof(val); + +/* The observability as of 12.1 is not useful as a client, only telling us that +a TFO option was used on SYN. It could have been a TFO-R, or ignored by the +server. */ + +/* +if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA) + if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {} +*/ +switch (tcp_out_fastopen) + { + case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break; + case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break; + default: break; /* compiler quietening */ + } + +# else /* Linux & Apple */ +# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) struct tcp_info tinfo; socklen_t len = sizeof(tinfo); @@ -205,7 +226,8 @@ switch (tcp_out_fastopen) default: break; /* compiler quietening */ } -# endif +# endif +# endif /* Linux & Apple */ } #endif @@ -717,7 +739,7 @@ time_t timelimit = time(NULL) + timeout; errno = 0; /* Ensure errno starts out zero */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->pending_BANNER || sx->pending_EHLO) { int rc; diff --git a/src/src/structs.h b/src/src/structs.h index 3b5818df0..9927bc527 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -626,7 +626,7 @@ typedef struct address_item { BOOL af_tcp_fastopen:1; /* delivery usefully used TCP Fast Open */ BOOL af_tcp_fastopen_data:1; /* delivery sent SMTP commands on TCP Fast Open */ BOOL af_pipelining:1; /* delivery used (traditional) pipelining */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL af_early_pipe:1; /* delivery used connect-time pipelining */ #endif #ifndef DISABLE_PRDR @@ -648,11 +648,11 @@ typedef struct address_item { unsigned int domain_cache[(MAX_NAMED_LIST * 2)/32]; unsigned int localpart_cache[(MAX_NAMED_LIST * 2)/32]; int mode; /* mode for local transporting to a file */ + int basic_errno; /* status after failure */ int more_errno; /* additional error information */ /* (may need to hold a timestamp) */ unsigned int delivery_usec; /* subsecond part of delivery time */ - short int basic_errno; /* status after failure */ unsigned short child_count; /* number of child addresses */ short int return_file; /* fileno of return data file */ short int special_action; /* ( used when when deferred or failed */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index fc426a251..837b991df 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -167,7 +167,7 @@ Some of these correspond to variables in globals.c; those variables will be set to point to content in one of these instances, as appropriate for the stage of the process lifetime. -Not handled here: global tls_channelbinding_b64. +Not handled here: global tlsp->tls_channelbinding. */ typedef struct exim_gnutls_state { @@ -479,7 +479,7 @@ Sets: tls_active fd tls_bits strength indicator tls_certificate_verified bool indicator - tls_channelbinding_b64 for some SASL mechanisms + tls_channelbinding for some SASL mechanisms tls_ver a string tls_cipher a string tls_peercert pointer to library internal @@ -511,10 +511,10 @@ tlsp->certificate_verified = state->peer_cert_verified; tlsp->dane_verified = state->peer_dane_verified; #endif -/* note that tls_channelbinding_b64 is not saved to the spool file, since it's +/* note that tls_channelbinding is not saved to the spool file, since it's only available for use for authenticators while this TLS session is running. */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING channel.data = NULL; channel.size = 0; @@ -522,11 +522,15 @@ if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, & { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); } else { + /* Declare the taintedness of the binding info. On server, untainted; on + client, tainted - being the Finish msg from the server. */ + old_pool = store_pool; store_pool = POOL_PERM; - tls_channelbinding_b64 = b64encode(CUS channel.data, (int)channel.size); + tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size, + !!state->host); store_pool = old_pool; - DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n"); + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); } #endif @@ -2407,9 +2411,20 @@ and sent an SMTP response. */ DEBUG(D_tls) debug_printf("initialising GnuTLS as a server\n"); -if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, - NULL, tls_verify_certificates, tls_crl, - require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, + NULL, tls_verify_certificates, tls_crl, + require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"server tls_init (delta)"); +#endif + } #ifdef EXPERIMENTAL_TLS_RESUME tls_server_resume_prehandshake(state); @@ -2843,10 +2858,21 @@ if (conn_args->dane && ob->dane_require_tls_ciphers) if (!cipher_list) cipher_list = ob->tls_require_ciphers; -if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, - ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, - cipher_list, &state, tlsp, errstr) != OK) - return FALSE; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, + ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, + cipher_list, &state, tlsp, errstr) != OK) + return FALSE; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"client tls_init (delta)"); +#endif + } { int dh_min_bits = ob->tls_dh_min_bits; @@ -3084,7 +3110,7 @@ gnutls_certificate_free_credentials(state->x509_cred); tlsp->active.sock = -1; tlsp->active.tls_ctx = NULL; /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; if (state->xfer_buffer) store_free(state->xfer_buffer); @@ -3298,6 +3324,9 @@ Arguments: len number of bytes more more data expected soon +Calling with len zero and more unset will flush buffered writes. The buff +argument can be null for that case. + Returns: the number of bytes after a successful write, -1 after a failed write */ diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 063c23df7..a236bc0c6 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2820,6 +2820,20 @@ DEBUG(D_tls) tls_in.ourcert = crt ? X509_dup(crt) : NULL; } +/* Channel-binding info for authenticators +See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */ + { + uschar c, * s; + size_t len = SSL_get_peer_finished(server_ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_peer_finished(server_ssl, s = store_get((int)len, FALSE), len); + store_pool = POOL_PERM; + tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + /* Only used by the server-side tls (tls_in), including tls_getc. Client-side (tls_out) reads (seem to?) go via smtp_read_response()/ip_recv(). @@ -3382,6 +3396,20 @@ tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl); tlsp->ourcert = crt ? X509_dup(crt) : NULL; } +/*XXX will this work with continued-TLS? */ +/* Channel-binding info for authenticators */ + { + uschar c, * s; + size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, TRUE), len); + store_pool = POOL_PERM; + tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + tlsp->active.sock = cctx->sock; tlsp->active.tls_ctx = exim_client_ctx; cctx->tls_ctx = exim_client_ctx; @@ -3582,11 +3610,12 @@ Arguments: Returns: the number of bytes after a successful write, -1 after a failed write -Used by both server-side and client-side TLS. +Used by both server-side and client-side TLS. Calling with len zero and more unset +will flush buffered writes; buff can be null for this case. */ int -tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more) +tls_write(void * ct_ctx, const uschar * buff, size_t len, BOOL more) { size_t olen = len; int outbytes, error; @@ -3612,14 +3641,16 @@ a store reset there, so use POOL_PERM. */ if ((more || corked)) { -#ifdef SUPPORT_PIPE_CONNECT + if (!len) buff = US &error; /* dummy just so that string_catn is ok */ + +#ifndef DISABLE_PIPE_CONNECT int save_pool = store_pool; store_pool = POOL_PERM; #endif corked = string_catn(corked, buff, len); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT store_pool = save_pool; #endif @@ -3641,16 +3672,16 @@ for (int left = len; left > 0;) DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error); switch (error) { + case SSL_ERROR_NONE: /* the usual case */ + left -= outbytes; + buff += outbytes; + break; + case SSL_ERROR_SSL: ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring)); log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring); return -1; - case SSL_ERROR_NONE: - left -= outbytes; - buff += outbytes; - break; - case SSL_ERROR_ZERO_RETURN: log_write(0, LOG_MAIN, "SSL channel closed on write"); return -1; diff --git a/src/src/tls.c b/src/src/tls.c index a541a3c7a..f95091218 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -61,8 +61,6 @@ static int ssl_xfer_eof = FALSE; static BOOL ssl_xfer_error = FALSE; #endif -uschar *tls_channelbinding_b64 = NULL; - /************************************************* * Expand string; give error on failure * @@ -403,6 +401,79 @@ if (path) unsetenv("SSLKEYLOGFILE"); } } + +/************************************************* +* Drop privs for checking TLS config * +*************************************************/ + +/* We want to validate TLS options during readconf, but do not want to be +root when we call into the TLS library, in case of library linkage errors +which cause segfaults; before this check, those were always done as the Exim +runtime user and it makes sense to continue with that. + +Assumes: tls_require_ciphers has been set, if it will be + exim_user has been set, if it will be + exim_group has been set, if it will be + +Returns: bool for "okay"; false will cause caller to immediately exit. +*/ + +BOOL +tls_dropprivs_validate_require_cipher(BOOL nowarn) +{ +const uschar *errmsg; +pid_t pid; +int rc, status; +void (*oldsignal)(int); + +/* If TLS will never be used, no point checking ciphers */ + +if ( !tls_advertise_hosts + || !*tls_advertise_hosts + || Ustrcmp(tls_advertise_hosts, ":") == 0 + ) + return TRUE; +else if (!nowarn && !tls_certificate) + log_write(0, LOG_MAIN, + "Warning: No server certificate defined; will use a selfsigned one.\n" + " Suggested action: either install a certificate or change tls_advertise_hosts option"); + +oldsignal = signal(SIGCHLD, SIG_DFL); + +fflush(NULL); +if ((pid = fork()) < 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); + +if (pid == 0) + { + /* in some modes, will have dropped privilege already */ + if (!geteuid()) + exim_setugid(exim_uid, exim_gid, FALSE, + US"calling tls_validate_require_cipher"); + + if ((errmsg = tls_validate_require_cipher())) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG, + "tls_require_ciphers invalid: %s", errmsg); + fflush(NULL); + exim_underbar_exit(0); + } + +do { + rc = waitpid(pid, &status, 0); +} while (rc < 0 && errno == EINTR); + +DEBUG(D_tls) + debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", + (int)pid, status); + +signal(SIGCHLD, oldsignal); + +return status == 0; +} + + + + #endif /*!DISABLE_TLS*/ #endif /*!MACRO_PREDEF*/ diff --git a/src/src/transport.c b/src/src/transport.c index df7fd1628..14bd91cdb 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -172,6 +172,20 @@ for (transport_instance * t = transports; t; t = t->next) * Write block of data * *************************************************/ +static int +tpt_write(int fd, uschar * block, int len, BOOL more, int options) +{ +return +#ifndef DISABLE_TLS + tls_out.active.sock == fd + ? tls_write(tls_out.active.tls_ctx, block, len, more) : +#endif +#ifdef MSG_MORE + more && !(options & topt_not_socket) ? send(fd, block, len, MSG_MORE) : +#endif + write(fd, block, len); +} + /* Subroutine called by write_chunk() and at the end of the message actually to write a data block. Also called directly by some transports to write additional data to the file descriptor (e.g. prefix, suffix). @@ -215,10 +229,11 @@ Returns: TRUE on success, FALSE on failure (with errno preserved); */ static BOOL -transport_write_block_fd(transport_ctx * tctx, uschar *block, int len, BOOL more) +transport_write_block_fd(transport_ctx * tctx, uschar * block, int len, BOOL more) { int rc, save_errno; int local_timeout = transport_write_timeout; +int connretry = 1; int fd = tctx->u.fd; /* This loop is for handling incomplete writes and other retries. In most @@ -230,48 +245,42 @@ for (int i = 0; i < 100; i++) debug_printf("writing data block fd=%d size=%d timeout=%d%s\n", fd, len, local_timeout, more ? " (more expected)" : ""); - /* This code makes use of alarm() in order to implement the timeout. This - isn't a very tidy way of doing things. Using non-blocking I/O with select() - provides a neater approach. However, I don't know how to do this when TLS is - in use. */ - - if (transport_write_timeout <= 0) /* No timeout wanted */ - { - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - save_errno = errno; - } + /* When doing TCP Fast Open we may get this far before the 3-way handshake + is complete, and write returns ENOTCONN. Detect that, wait for the socket + to become writable, and retry once only. */ - /* Timeout wanted. */ - - else + for(;;) { - ALARM(local_timeout); + fd_set fds; + /* This code makes use of alarm() in order to implement the timeout. This + isn't a very tidy way of doing things. Using non-blocking I/O with select() + provides a neater approach. However, I don't know how to do this when TLS is + in use. */ - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - - save_errno = errno; - local_timeout = ALARM_CLR(0); - if (sigalrm_seen) + if (transport_write_timeout <= 0) /* No timeout wanted */ { - errno = ETIMEDOUT; - return FALSE; + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; } + else /* Timeout wanted. */ + { + ALARM(local_timeout); + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; + local_timeout = ALARM_CLR(0); + if (sigalrm_seen) + { + errno = ETIMEDOUT; + return FALSE; + } + } + + if (rc >= 0 || errno != ENOTCONN || connretry <= 0) + break; + + FD_ZERO(&fds); FD_SET(fd, &fds); + select(fd+1, NULL, &fds, NULL, NULL); /* could set timout? */ + connretry--; } /* Hopefully, the most common case is success, so test that first. */ diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index 1aef02aaf..68f8d1f58 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -433,10 +433,10 @@ if (oncelog && *oncelog != 0 && to) if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to %s \"once\" file %s when " "sending message from %s transport: %s", - (cache_fd < 0)? "open" : "stat", oncelog, tblock->name, - strerror(errno)); + cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); goto END_OFF; } @@ -489,6 +489,7 @@ if (oncelog && *oncelog != 0 && to) if (!dbm_file) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to open %s file %s when sending " "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, strerror(errno)); @@ -544,16 +545,13 @@ if (oncelog && *oncelog != 0 && to) /* We are going to send a message. Ensure any requested file is available. */ -if (file) +if (file && !(ff = Ufopen(file, "rb")) && !ob->file_optional) { - ff = Ufopen(file, "rb"); - if (!ff && !ob->file_optional) - { - addr->transport_return = DEFER; - addr->message = string_sprintf("Failed to open file %s when sending " - "message from %s transport: %s", file, tblock->name, strerror(errno)); - return FALSE; - } + addr->transport_return = DEFER; + addr->basic_errno = errno; + addr->message = string_sprintf("Failed to open file %s when sending " + "message from %s transport: %s", file, tblock->name, strerror(errno)); + return FALSE; } /* Make a subprocess to send the message */ @@ -565,6 +563,7 @@ pid = child_open_exim(&fd); if (pid < 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to create child process to send " "message from %s transport: %s", tblock->name, strerror(errno)); DEBUG(D_transport) debug_printf("%s\n", addr->message); diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index 4386a9ae6..a16a197a4 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -686,8 +686,7 @@ else if (timezone_string != NULL && timezone_string[0] != 0) if (envlist) { - envlist = expand_cstring(envlist); - if (envlist == NULL) + if (!(envlist = expand_cstring(envlist))) { addr->transport_return = DEFER; addr->message = string_sprintf("failed to expand string \"%s\" " @@ -702,6 +701,7 @@ while ((ss = string_nextinlist(&envlist, &envsep, big_buffer, big_buffer_size))) if (envcount > nelem(envp) - 2) { addr->transport_return = DEFER; + addr->basic_errno = E2BIG; addr->message = string_sprintf("too many environment settings for " "%s transport", tblock->name); return FALSE; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 3fd94a19c..a91770225 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -110,7 +110,7 @@ optionlist smtp_transport_options[] = { #endif { "hosts_override", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_override) }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "hosts_pipe_connect", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) }, #endif @@ -260,7 +260,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { .hosts_avoid_tls = NULL, .hosts_verify_avoid_tls = NULL, .hosts_avoid_pipelining = NULL, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .hosts_pipe_connect = NULL, #endif .hosts_avoid_esmtp = NULL, @@ -357,6 +357,51 @@ static BOOL pipelining_active; /* current transaction is in pipe mode */ static unsigned ehlo_response(uschar * buf, unsigned checks); +/******************************************************************************/ + +void +smtp_deliver_init(void) +{ +if (!regex_PIPELINING) regex_PIPELINING = + regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_SIZE) regex_SIZE = + regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_AUTH) regex_AUTH = + regex_must_compile(AUTHS_REGEX, FALSE, TRUE); + +#ifndef DISABLE_TLS +if (!regex_STARTTLS) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_CHUNKING) regex_CHUNKING = + regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); + +#ifndef DISABLE_PRDR +if (!regex_PRDR) regex_PRDR = + regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); +#endif + +#ifdef SUPPORT_I18N +if (!regex_UTF8) regex_UTF8 = + regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_DSN) regex_DSN = + regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = + regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); + +#ifndef DISABLE_PIPE_CONNECT +if (!regex_EARLY_PIPE) regex_EARLY_PIPE = + regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); +#endif +} + + /************************************************* * Setup entry point * *************************************************/ @@ -823,7 +868,7 @@ return TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static uschar * ehlo_cache_key(const smtp_context * sx) { @@ -1089,7 +1134,7 @@ address_item * addr = sx->sync_addr; smtp_transport_options_block * ob = sx->conn_args.ob; int yield = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int rc; if ((rc = smtp_reap_early_pipe(sx, &count)) != OK) return rc == FAIL ? -4 : -5; @@ -1411,7 +1456,7 @@ smtp_auth(smtp_context * sx) host_item * host = sx->conn_args.host; /* host to deliver to */ smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */ int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT unsigned short authbits = tls_out.active.sock >= 0 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths; #endif @@ -1427,7 +1472,7 @@ if (!regex_AUTH) if ( sx->esmtp && -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? authbits : #endif @@ -1437,7 +1482,7 @@ if ( sx->esmtp uschar * names = NULL; expand_nmax = -1; /* reset */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif names = string_copyn(expand_nstring[1], expand_nlength[1]); @@ -1451,7 +1496,7 @@ if ( sx->esmtp DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); fail_reason = US"no common mechanisms were found"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { /* Scan our authenticators (which support use by a client and were offered @@ -1737,7 +1782,7 @@ if ( checks & OPTION_SIZE && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) checks &= ~OPTION_SIZE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( checks & OPTION_EARLY_PIPE && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) @@ -1784,7 +1829,7 @@ there may be more writes (like, the chunk data) done soon. */ if (chunk_size > 0) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL new_conn = !!(sx->outblock.conn_args); #endif if((cmd_count = smtp_write_command(sx, @@ -1793,7 +1838,7 @@ if (chunk_size > 0) ) < 0) return ERROR; if (flags & tc_chunk_last) data_command = string_copy(big_buffer); /* Save for later error message */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* That command write could have been the one that made the connection. Copy the fd from the client conn ctx (smtp transport specific) to the generic transport ctx. */ @@ -1826,7 +1871,7 @@ if (flags & tc_reap_prev && prev_cmd_count > 0) case -5: errno = ERRNO_TLSFAILURE; return DEFER; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: /* non-2xx for pipelined banner or EHLO */ #endif case -1: /* Timeout on RCPT */ @@ -1919,7 +1964,7 @@ sx->conn_args.dane = FALSE; sx->dane_required = verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active = sx->early_pipe_ok = FALSE; sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; sx->pending_BANNER = sx->pending_EHLO = FALSE; @@ -2049,7 +2094,7 @@ if (!continue_hostname) sx->inblock.cctx = sx->outblock.cctx = &sx->cctx; sx->avoid_option = sx->peer_offered = smtp_peer_options = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect, sx->conn_args.host) == OK) @@ -2124,7 +2169,7 @@ will be? Somehow I doubt it. */ if (!sx->smtps) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */ @@ -2225,7 +2270,7 @@ goto SEND_QUIT; if (sx->esmtp) { if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, @@ -2233,7 +2278,7 @@ goto SEND_QUIT; goto SEND_FAILED; sx->esmtp_sent = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_EHLO = TRUE; @@ -2266,7 +2311,7 @@ goto SEND_QUIT; DEBUG(D_transport) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif if (!sx->esmtp) @@ -2301,13 +2346,13 @@ goto SEND_QUIT; if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, OPTION_TLS /* others checked later */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->early_pipe_ok ? OPTION_IGNQ | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE @@ -2319,7 +2364,7 @@ goto SEND_QUIT; ) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_ok) { sx->ehlo_resp.cleartext_features = sx->peer_offered; @@ -2412,7 +2457,7 @@ if ( smtp_peer_options & OPTION_TLS if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If doing early-pipelining reap the banner and EHLO-response but leave the response for the STARTTLS we just sent alone. */ @@ -2517,7 +2562,7 @@ if (tls_out.active.sock >= 0) goto SEND_QUIT; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit. We're unlikely to get the group sent and delivered before the server sends its banner, but it's still worth sending as a group. @@ -2535,7 +2580,7 @@ if (tls_out.active.sock >= 0) /* For SMTPS we need to wait for the initial OK response. */ if (sx->smtps) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; @@ -2558,14 +2603,14 @@ if (tls_out.active.sock >= 0) } if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, "%s %s\r\n", greeting_cmd, sx->helo_data) < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) sx->pending_EHLO = TRUE; else @@ -2630,13 +2675,13 @@ if (continue_hostname == NULL { if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, 0 /* no TLS */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0) | OPTION_DSN | OPTION_PIPE | OPTION_SIZE | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 @@ -2657,7 +2702,7 @@ if (continue_hostname == NULL | (ob->size_addition >= 0 ? OPTION_SIZE : 0) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (tls_out.active.sock >= 0) sx->ehlo_resp.crypted_features = sx->peer_offered; #endif @@ -2705,7 +2750,7 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("%susing DSN\n", sx->peer_offered & OPTION_DSN ? "" : "not "); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( sx->early_pipe_ok && !sx->early_pipe_active && tls_out.active.sock >= 0 @@ -3221,7 +3266,7 @@ for (addr = sx->first_addr, address_count = 0; case -2: return -2; /* non-MAIL read i/o error */ default: return -1; /* any MAIL error */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: return -1; /* non-2xx for pipelined banner or EHLO */ case -5: return -1; /* TLS first-read error */ #endif @@ -3457,6 +3502,11 @@ if (tblock->filter_command) && *transport_filter_argv && **transport_filter_argv && sx.peer_offered & OPTION_CHUNKING +#ifndef DISABLE_DKIM + /* When dkim signing, chunking is handled even with a transport-filter */ + && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector) + && !ob->dkim.force_bodyhash +#endif ) { sx.peer_offered &= ~OPTION_CHUNKING; @@ -3555,7 +3605,7 @@ if ( !(sx.peer_offered & OPTION_CHUNKING) case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3711,7 +3761,7 @@ else case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3863,7 +3913,7 @@ else if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data); } if (sx.pipelining_used) setflag(addr, af_pipelining); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx.early_pipe_active) setflag(addr, af_early_pipe); #endif #ifndef DISABLE_PRDR @@ -4065,7 +4115,7 @@ if (!sx.ok) else { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If we were early-pipelinng and the actual EHLO response did not match the cached value we assumed, we could have detected it and passed a custom errno through to here. It would be nice to RSET and retry right @@ -4805,7 +4855,7 @@ retry_non_continued: { for (address_item * addr = addrlist; addr; addr = addr->next) { - addr->basic_errno = 0; + addr->basic_errno = ERRNO_HOST_IS_LOCAL; addr->message = string_sprintf("%s transport found host %s to be " "local", tblock->name, host->name); } diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index ac5620971..8ea844b38 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -46,7 +46,7 @@ typedef struct { uschar *hosts_avoid_tls; uschar *hosts_verify_avoid_tls; uschar *hosts_avoid_pipelining; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *hosts_pipe_connect; #endif uschar *hosts_avoid_esmtp; @@ -121,7 +121,7 @@ typedef struct { BOOL smtps:1; BOOL ok:1; BOOL setting_up:1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL early_pipe_ok:1; BOOL early_pipe_active:1; #endif @@ -138,7 +138,7 @@ typedef struct { #if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) BOOL dane_required:1; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pending_BANNER:1; BOOL pending_EHLO:1; #endif @@ -160,7 +160,7 @@ typedef struct { uschar * smtp_greeting; uschar * helo_response; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT ehlo_resp_precis ehlo_resp; #endif diff --git a/src/src/verify.c b/src/src/verify.c index fc8cd84ea..b68d60442 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -586,6 +586,10 @@ else log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); + /* Compile regex' used by client-side smtp */ + + smtp_deliver_init(); + /* Default the connect and overall callout timeouts if not set, and record the time we are starting so that we can enforce it. */ |