summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2022-04-03 21:37:01 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2022-04-04 23:33:21 +0100
commitcb45303cf2a8d9922702f13db42b3285c48f6aa7 (patch)
tree55483617237f8d9aa6c81c369f302687571db6ca /src
parenta9231f68f7c21597260c867dc6f7ad6207a4baf1 (diff)
Support PIPECONNECT with helo_data using the local IP, when interface is known.
Diffstat (limited to 'src')
-rw-r--r--src/src/functions.h4
-rw-r--r--src/src/smtp_out.c149
-rw-r--r--src/src/structs.h1
-rw-r--r--src/src/transports/smtp.c12
-rw-r--r--src/src/transports/smtp_socks.c13
-rw-r--r--src/src/verify.c1
6 files changed, 109 insertions, 71 deletions
diff --git a/src/src/functions.h b/src/src/functions.h
index e231ce204..8badd90a4 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -485,6 +485,7 @@ extern int sieve_interpret(const uschar *, int, const uschar *,
const uschar *, const uschar *, const uschar *,
address_item **, uschar **);
extern void sigalrm_handler(int);
+extern int smtp_boundsock(smtp_connect_args *);
extern void smtp_closedown(uschar *);
extern void smtp_command_timeout_exit(void) NORETURN;
extern void smtp_command_sigterm_exit(void) NORETURN;
@@ -493,8 +494,6 @@ extern void smtp_data_sigint_exit(void) NORETURN;
extern void smtp_deliver_init(void);
extern uschar *smtp_cmd_hist(void);
extern int smtp_connect(smtp_connect_args *, const blob *);
-extern int smtp_sock_connect(host_item *, int, int, uschar *,
- transport_instance * tb, int, const blob *);
extern int smtp_feof(void);
extern int smtp_ferror(void);
extern uschar *smtp_get_connection_info(void);
@@ -516,6 +515,7 @@ extern void smtp_notquit_exit(uschar *, uschar *, uschar *, ...);
extern void smtp_port_for_connect(host_item *, int);
extern void smtp_send_prohibition_message(int, uschar *);
extern int smtp_setup_msg(void);
+extern int smtp_sock_connect(smtp_connect_args *, int, const blob *);
extern BOOL smtp_start_session(void);
extern int smtp_ungetc(int);
extern BOOL smtp_verify_helo(void);
diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index 7b8212477..610e4a068 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -252,44 +252,21 @@ switch (tcp_out_fastopen)
#endif
-/* Arguments:
- host host item containing name and address and port
- host_af AF_INET or AF_INET6
- port TCP port number
- interface outgoing interface address or NULL
- tb transport
- timeout timeout value or 0
- early_data if non-NULL, idempotent data to be sent -
- preferably in the TCP SYN segment
- Special case: non-NULL but with NULL blob.data - caller is
- client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
- acceptable.
-
-Returns: connected socket number, or -1 with errno set
+/* Create and bind a socket, given the connect-args.
+Update those with the state. Return the fd, or -1 with errno set.
*/
int
-smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
- transport_instance * tb, int timeout, const blob * early_data)
+smtp_boundsock(smtp_connect_args * sc)
{
+transport_instance * tb = sc->tblock;
smtp_transport_options_block * ob =
(smtp_transport_options_block *)tb->options_block;
const uschar * dscp = ob->dscp;
-int dscp_value;
-int dscp_level;
-int dscp_option;
-int sock;
-int save_errno = 0;
-const blob * fastopen_blob = NULL;
+int sock, dscp_value, dscp_level, dscp_option;
-
-#ifndef DISABLE_EVENT
-deliver_host_address = host->address;
-deliver_host_port = port;
-if (event_raise(tb->event_action, US"tcp:connect", NULL, &errno)) return -1;
-#endif
-
-if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
+if ((sock = ip_socket(SOCK_STREAM, sc->host_af)) < 0)
+ return -1;
/* Set TCP_NODELAY; Exim does its own buffering. */
@@ -300,7 +277,7 @@ if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
/* Set DSCP value, if we can. For now, if we fail to set the value, we don't
bomb out, just log it and continue in default traffic class. */
-if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
+if (dscp && dscp_lookup(dscp, sc->host_af, &dscp_level, &dscp_option, &dscp_value))
{
HDEBUG(D_transport|D_acl|D_v)
debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
@@ -309,7 +286,7 @@ if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
/* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
option for both; ignore failures here */
- if (host_af == AF_INET6 &&
+ if (sc->host_af == AF_INET6 &&
dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
(void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
}
@@ -317,24 +294,76 @@ if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
/* Bind to a specific interface if requested. Caller must ensure the interface
is the same type (IPv4 or IPv6) as the outgoing address. */
-if (interface && ip_bind(sock, host_af, interface, 0) < 0)
+if (sc->interface)
{
- save_errno = errno;
- HDEBUG(D_transport|D_acl|D_v)
- debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
- strerror(errno));
+ union sockaddr_46 interface_sock;
+ EXIM_SOCKLEN_T size = sizeof(interface_sock);
+
+ if ( ip_bind(sock, sc->host_af, sc->interface, 0) < 0
+ || getsockname(sock, (struct sockaddr *) &interface_sock, &size) < 0
+ )
+ {
+ HDEBUG(D_transport|D_acl|D_v)
+ debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", sc->interface,
+ strerror(errno));
+ close(sock);
+ return -1;
+ }
+ sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
}
+sc->sock = sock;
+return sock;
+}
+
+
+/* Arguments:
+ host host item containing name and address and port
+ host_af AF_INET or AF_INET6
+ port TCP port number
+ interface outgoing interface address or NULL
+ tb transport
+ timeout timeout value or 0
+ early_data if non-NULL, idempotent data to be sent -
+ preferably in the TCP SYN segment
+ Special case: non-NULL but with NULL blob.data - caller is
+ client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
+ acceptable.
+
+Returns: connected socket number, or -1 with errno set
+*/
+
+int
+smtp_sock_connect(smtp_connect_args * sc, int timeout, const blob * early_data)
+{
+smtp_transport_options_block * ob =
+ (smtp_transport_options_block *)sc->tblock->options_block;
+int sock;
+int save_errno = 0;
+const blob * fastopen_blob = NULL;
+
+
+#ifndef DISABLE_EVENT
+deliver_host_address = sc->host->address;
+deliver_host_port = sc->host->port;
+if (event_raise(sc->tblock->event_action, US"tcp:connect", NULL, &errno)) return -1;
+#endif
+
+if ( (sock = sc->sock) < 0
+ && (sock = smtp_boundsock(sc)) < 0)
+ save_errno = errno;
+sc->sock = -1;
+
/* Connect to the remote host, and add keepalive to the socket before returning
it, if requested. If the build supports TFO, request it - and if the caller
requested some early-data then include that in the TFO request. If there is
early-data but no TFO support, send it after connecting. */
-else
+if (!save_errno)
{
#ifdef TCP_FASTOPEN
/* See if TCP Fast Open usable. Default is a traditional 3WHS connect */
- if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
+ if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, sc->host) == OK)
{
if (!early_data)
fastopen_blob = &tcp_fastopen_nodata; /* TFO, with no data */
@@ -351,7 +380,7 @@ else
}
#endif
- if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
+ if (ip_connect(sock, sc->host_af, sc->host->address, sc->host->port, timeout, fastopen_blob) < 0)
save_errno = errno;
else if (early_data && !fastopen_blob && early_data->data && early_data->len)
{
@@ -374,29 +403,13 @@ else
#endif
}
-/* Either bind() or connect() failed */
-
-if (save_errno != 0)
- {
- HDEBUG(D_transport|D_acl|D_v)
- {
- debug_printf_indent(" failed: %s", CUstrerror(save_errno));
- if (save_errno == ETIMEDOUT)
- debug_printf(" (timeout=%s)", readconf_printtime(timeout));
- debug_printf("\n");
- }
- (void)close(sock);
- errno = save_errno;
- return -1;
- }
-
-/* Both bind() and connect() succeeded, and any early-data */
-
-else
+if (!save_errno)
{
union sockaddr_46 interface_sock;
EXIM_SOCKLEN_T size = sizeof(interface_sock);
+ /* Both bind() and connect() succeeded, and any early-data */
+
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
@@ -408,12 +421,25 @@ else
return -1;
}
- if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
+ if (ob->keepalive) ip_keepalive(sock, sc->host->address, TRUE);
#ifdef TCP_FASTOPEN
tfo_out_check(sock);
#endif
return sock;
}
+
+/* Either bind() or connect() failed */
+
+HDEBUG(D_transport|D_acl|D_v)
+ {
+ debug_printf_indent(" failed: %s", CUstrerror(save_errno));
+ if (save_errno == ETIMEDOUT)
+ debug_printf(" (timeout=%s)", readconf_printtime(timeout));
+ debug_printf("\n");
+ }
+(void)close(sock);
+errno = save_errno;
+return -1;
}
@@ -501,8 +527,7 @@ if (ob->socks_proxy)
}
#endif
-return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
- sc->tblock, ob->connect_timeout, early_data);
+return smtp_sock_connect(sc, ob->connect_timeout, early_data);
}
diff --git a/src/src/structs.h b/src/src/structs.h
index 8c103caa8..46cc99ff6 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -830,6 +830,7 @@ typedef struct {
host_item * host;
int host_af;
uschar * interface;
+ int sock; /* used for a bound but not connected socket */
#ifdef SUPPORT_DANE
BOOL dane:1; /* connection must do dane */
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index d897c691e..4d6135be7 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -2251,6 +2251,7 @@ if (!continue_hostname)
the helo string might use it avoid doing early-pipelining. */
if ( !sx->helo_data
+ || sx->conn_args.interface
|| !Ustrstr(sx->helo_data, "$sending_ip_address")
|| Ustrstr(sx->helo_data, "def:sending_ip_address")
)
@@ -2270,7 +2271,10 @@ if (!continue_hostname)
PIPE_CONNECT_RETRY:
if (sx->early_pipe_active)
+ {
sx->outblock.conn_args = &sx->conn_args;
+ (void) smtp_boundsock(&sx->conn_args);
+ }
else
#endif
{
@@ -2295,9 +2299,10 @@ PIPE_CONNECT_RETRY:
}
/* Expand the greeting message while waiting for the initial response. (Makes
sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
- delayed till here so that $sending_interface and $sending_port are set. */
-/*XXX early-pipe: they still will not be. Is there any way to find out what they
-will be? Somehow I doubt it. */
+ delayed till here so that $sending_ip_address and $sending_port are set.
+ Those will be known even for a TFO lazy-connect, having been set by the bind().
+ For early-pipe, we are ok if binding to a local interface; otherwise (if
+ $sending_ip_address is seen in helo_data) we disabled early-pipe above. */
if (sx->helo_data)
if (!(sx->helo_data = expand_string(sx->helo_data)))
@@ -3716,6 +3721,7 @@ sx->port = defport;
sx->conn_args.interface = interface;
sx->helo_data = NULL;
sx->conn_args.tblock = tblock;
+sx->conn_args.sock = -1;
gettimeofday(&sx->delivery_start, NULL);
sx->sync_addr = sx->first_addr = addrlist;
diff --git a/src/src/transports/smtp_socks.c b/src/src/transports/smtp_socks.c
index 5aff62c15..4dd03c1f1 100644
--- a/src/src/transports/smtp_socks.c
+++ b/src/src/transports/smtp_socks.c
@@ -274,7 +274,7 @@ for(;;)
{
int idx;
host_item proxy;
- int proxy_af;
+ smtp_connect_args sc = {.sock = -1};
if ((idx = socks_get_proxy(proxies, nproxies)) < 0)
{
@@ -286,11 +286,16 @@ for(;;)
/* bodge up a host struct for the proxy */
proxy.address = proxy.name = sob->proxy_host;
- proxy_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET;
+ proxy.port = sob->port;
+
+ sc.tblock = tb;
+ sc.ob = ob;
+ sc.host = &proxy;
+ sc.host_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET;
+ sc.interface = interface;
/*XXX we trust that the method-select command is idempotent */
- if ((fd = smtp_sock_connect(&proxy, proxy_af, sob->port,
- interface, tb, sob->timeout, &early_data)) >= 0)
+ if ((fd = smtp_sock_connect(&sc, sob->timeout, &early_data)) >= 0)
{
proxy_local_address = string_copy(proxy.address);
proxy_local_port = sob->port;
diff --git a/src/src/verify.c b/src/src/verify.c
index d1c4af275..ed0898c9b 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -661,6 +661,7 @@ coding means skipping this whole loop and doing the append separately. */
sx->conn_args.interface = interface;
sx->helo_data = tf->helo_data;
sx->conn_args.tblock = addr->transport;
+ sx->conn_args.sock = -1;
sx->verify = TRUE;
tls_retry_connection: