PROXY: Move Proxy Protocol support from Experimental to mainline.

No testsuite coverage yet.
author: Jeremy Harris <jgh146exb@wizmail.org> 2015-12-05 20:21:51 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2015-12-08 17:07:11 +0000
commit: cee5f132d1b81d3b8738944036eb02af418b54be (patch)
tree: 327f03366dffd7a25f195aeb210dcebd420d8661 /src
parent: f0989ec0ec69cc6a881ef9f7f118194c04875a36 (diff)
10 files changed, 33 insertions, 28 deletions
diff --git a/src/src/EDITME b/src/src/EDITME
index c6d693017..a67343b3a 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -402,6 +402,7 @@ EXIM_MONITOR=eximon.bin
 #
 # WITH_OLD_CLAMAV_STREAM=yes
 
+
 #------------------------------------------------------------------------------
 # By default Exim includes code to support DKIM (DomainKeys Identified
 # Mail, RFC4871) signing and verification.  Verification of signatures is
@@ -487,9 +488,6 @@ EXIM_MONITOR=eximon.bin
 # CFLAGS += -I/usr/local/include
 # LDFLAGS += -lhiredis
 
-# Uncomment the following line to enable Experimental Proxy Protocol
-# EXPERIMENTAL_PROXY=yes
-
 # Uncomment the following line to enable support for checking certificate
 # ownership
 # EXPERIMENTAL_CERTNAMES=yes
@@ -921,11 +919,18 @@ ZCAT_COMMAND=/usr/bin/zcat
 
 #------------------------------------------------------------------------------
 # Proxying.
-# If you may want to use outbound (client-side) proxying, uncomment the SOCKS
-# line below.
+#
+# If you may want to use outbound (client-side) proxying, using Socks5,
+# uncomment the line below.
 
 # SUPPORT_SOCKS=yes
 
+# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
+# uncomment the line below.
+
+# SUPPORT_PROXY=yes
+
+
 
 #------------------------------------------------------------------------------
 # Support for authentication via Radius is also available. The Exim support,
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 54b5598c9..6e2c22063 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -138,6 +138,7 @@ it's a default value. */
 #define SUPPORT_MBX
 #define SUPPORT_MOVE_FROZEN_MESSAGES
 #define SUPPORT_PAM
+#define SUPPORT_PROXY
 #define SUPPORT_SOCKS
 #define SUPPORT_TLS
 #define SUPPORT_TRANSLATE_IP_ADDRESS
@@ -177,7 +178,6 @@ it's a default value. */
 #define EXPERIMENTAL_DMARC
 #define EXPERIMENTAL_EVENT
 #define EXPERIMENTAL_INTERNATIONAL
-#define EXPERIMENTAL_PROXY
 #define EXPERIMENTAL_REDIS
 #define EXPERIMENTAL_SPF
 #define EXPERIMENTAL_SRS
diff --git a/src/src/exim.c b/src/src/exim.c
index e6777a3db..4e90ca8fd 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -829,6 +829,9 @@ fprintf(f, "Support for:");
 #ifndef DISABLE_PRDR
   fprintf(f, " PRDR");
 #endif
+#ifdef SUPPORT_PROXY
+  fprintf(f, " PROXY");
+#endif
 #ifdef SUPPORT_SOCKS
   fprintf(f, " SOCKS");
 #endif
@@ -856,9 +859,6 @@ fprintf(f, "Support for:");
 #ifdef EXPERIMENTAL_INTERNATIONAL
   fprintf(f, " Experimental_International");
 #endif
-#ifdef EXPERIMENTAL_PROXY
-  fprintf(f, " Experimental_Proxy");
-#endif
 #ifdef EXPERIMENTAL_EVENT
   fprintf(f, " Experimental_Event");
 #endif
diff --git a/src/src/expand.c b/src/src/expand.c
index bd16f4956..f3baee9af 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -615,7 +615,7 @@ static var_entry var_table[] = {
   { "prdr_requested",      vtype_bool,        &prdr_requested },
 #endif
   { "primary_hostname",    vtype_stringptr,   &primary_hostname },
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
   { "proxy_host_address",  vtype_stringptr,   &proxy_host_address },
   { "proxy_host_port",     vtype_int,         &proxy_host_port },
   { "proxy_session",       vtype_bool,        &proxy_session },
diff --git a/src/src/globals.c b/src/src/globals.c
index eea84d3e3..fbfb9b8a2 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -875,7 +875,7 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, outgoing_interface),
   BIT_TABLE(L, outgoing_port),
   BIT_TABLE(L, pid),
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
   BIT_TABLE(L, proxy),
 #endif
   BIT_TABLE(L, queue_run),
@@ -1001,10 +1001,10 @@ int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
 BOOL    prod_requires_admin    = TRUE;
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
+uschar *hosts_proxy            = US"";
 uschar *proxy_host_address     = US"";
 int     proxy_host_port        = 0;
-uschar *proxy_required_hosts   = US"";
 BOOL    proxy_session          = FALSE;
 BOOL    proxy_session_failed   = FALSE;
 uschar *proxy_target_address   = US"";
diff --git a/src/src/globals.h b/src/src/globals.h
index fed049531..4263e104d 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -645,10 +645,10 @@ extern int     process_info_len;
 extern uschar *process_log_path;       /* Alternate path */
 extern BOOL    prod_requires_admin;    /* TRUE if prodding requires admin */
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
+extern uschar *hosts_proxy;            /* Hostlist which (require) use proxy protocol */
 extern uschar *proxy_host_address;     /* IP of host being proxied */
 extern int     proxy_host_port;        /* Port of host being proxied */
-extern uschar *proxy_required_hosts;   /* Hostlist which (require) use proxy protocol */
 extern BOOL    proxy_session;          /* TRUE if receiving mail from valid proxy  */
 extern BOOL    proxy_session_failed;   /* TRUE if required proxy negotiation failed */
 extern uschar *proxy_target_address;   /* IP of proxy server inbound */
diff --git a/src/src/macros.h b/src/src/macros.h
index 4df7e5150..1cec4abd5 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -194,7 +194,7 @@ record. */
 /* Wait this long before determining that a Proxy Protocol configured
 host isn't speaking the protocol, and so is disallowed. Can be moved to
 runtime configuration if per site settings become needed. */
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
 #define PROXY_NEGOTIATION_TIMEOUT_SEC 3
 #define PROXY_NEGOTIATION_TIMEOUT_USEC 0
 #endif
diff --git a/src/src/readconf.c b/src/src/readconf.c
index f127d5202..cba33ac35 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -285,6 +285,9 @@ static optionlist optionlist_config[] = {
   { "host_lookup_order",        opt_stringptr,   &host_lookup_order },
   { "host_reject_connection",   opt_stringptr,   &host_reject_connection },
   { "hosts_connection_nolog",   opt_stringptr,   &hosts_connection_nolog },
+#ifdef SUPPORT_PROXY
+  { "hosts_proxy",              opt_stringptr,   &proxy_required_hosts },
+#endif
   { "hosts_treat_as_local",     opt_stringptr,   &hosts_treat_as_local },
 #ifdef LOOKUP_IBASE
   { "ibase_servers",            opt_stringptr,   &ibase_servers },
@@ -354,9 +357,6 @@ static optionlist optionlist_config[] = {
   { "print_topbitchars",        opt_bool,        &print_topbitchars },
   { "process_log_path",         opt_stringptr,   &process_log_path },
   { "prod_requires_admin",      opt_bool,        &prod_requires_admin },
-#ifdef EXPERIMENTAL_PROXY
-  { "proxy_required_hosts",     opt_stringptr,   &proxy_required_hosts },
-#endif
   { "qualify_domain",           opt_stringptr,   &qualify_domain_sender },
   { "qualify_recipient",        opt_stringptr,   &qualify_domain_recipient },
   { "queue_domains",            opt_stringptr,   &queue_domains },
diff --git a/src/src/receive.c b/src/src/receive.c
index b430ee261..01f461650 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3775,7 +3775,7 @@ if (prdr_requested)
   s = string_append(s, &size, &sptr, 1, US" PRDR");
 #endif
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
 if (proxy_session && LOGGING(proxy))
   s = string_append(s, &size, &sptr, 2, US" PRX=", proxy_host_address);
 #endif
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index d940c69f0..d99f02e69 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -96,7 +96,7 @@ enum {
 
   QUIT_CMD, HELP_CMD,
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
   PROXY_FAIL_IGNORE_CMD,
 #endif
 
@@ -583,7 +583,7 @@ exim_exit(EXIT_FAILURE);
 
 
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
 /*************************************************
 *     Restore socket timeout to previous value   *
 *************************************************/
@@ -620,7 +620,7 @@ int rc;
 /* Cannot configure local connection as a proxy inbound */
 if (sender_host_address == NULL) return proxy_session;
 
-rc = verify_check_this_host(&proxy_required_hosts, NULL, NULL,
+rc = verify_check_this_host(&hosts_proxy, NULL, NULL,
                            sender_host_address, NULL);
 if (rc == OK)
   {
@@ -1025,7 +1025,7 @@ if required. */
 
 for (p = cmd_list; p < cmd_list_end; p++)
   {
-  #ifdef EXPERIMENTAL_PROXY
+  #ifdef SUPPORT_PROXY
   /* Only allow QUIT command if Proxy Protocol parsing failed */
   if (proxy_session && proxy_session_failed)
     {
@@ -1082,7 +1082,7 @@ for (p = cmd_list; p < cmd_list_end; p++)
     }
   }
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
 /* Only allow QUIT command if Proxy Protocol parsing failed */
 if (proxy_session && proxy_session_failed)
   return PROXY_FAIL_IGNORE_CMD;
@@ -2311,7 +2311,7 @@ if (!sender_host_unknown)
 
 if (smtp_batched_input) return TRUE;
 
-#ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
 /* If valid Proxy Protocol source is connecting, set up session.
  * Failure will not allow any SMTP function other than QUIT. */
 proxy_session = FALSE;
@@ -5103,11 +5103,11 @@ while (done <= 0)
     done = 1;   /* Pretend eof - drops connection */
     break;
 
-    #ifdef EXPERIMENTAL_PROXY
+#ifdef SUPPORT_PROXY
     case PROXY_FAIL_IGNORE_CMD:
     smtp_printf("503 Command refused, required Proxy negotiation failed\r\n");
     break;
-    #endif
+#endif
 
     default:
     if (unknown_command_count++ >= smtp_max_unknown_commands)
author	Jeremy Harris <jgh146exb@wizmail.org>	2015-12-05 20:21:51 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2015-12-08 17:07:11 +0000
commit	cee5f132d1b81d3b8738944036eb02af418b54be (patch)
tree	327f03366dffd7a25f195aeb210dcebd420d8661 /src
parent	f0989ec0ec69cc6a881ef9f7f118194c04875a36 (diff)