diff options
Diffstat (limited to 'src')
163 files changed, 10059 insertions, 8138 deletions
diff --git a/src/Makefile b/src/Makefile index adda7ceb3..ccaca1c13 100644 --- a/src/Makefile +++ b/src/Makefile @@ -19,8 +19,14 @@ RM_COMMAND=/bin/rm # provide an override for the OS type and architecture type; they still have # to be used for the OS-specific files. To override them, you can set the # shell variables OSTYPE and ARCHTYPE when running make. - -buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`} +# +# EXIM_BUILD_SUFFIX should be used to enable parallel builds on a file +# system shared among different Linux distros (same os-type, same +# arch-type). The ../test/runtest script is expected to honour the +# EXIM_BUILD_SUFFIX when searching the Exim binary. +# NOTE: EXIM_BUILD_SUFFIX is considered *experimental*. + +buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}$${EXIM_BUILD_SUFFIX:+.$$EXIM_BUILD_SUFFIX} # The default target checks for the existence of Local/Makefile, that the main # makefile is built and up-to-date, and then it runs it. diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 9bc819dd7..b9eaabaa6 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -4,6 +4,8 @@ # concatentates the configuration settings from Local/Makefile and other, # optional, Local/* files at the front of this file, to create Makefile in the # build directory. +# +# Copyright (c) The Exim Maintainers 2016 SHELL = $(MAKE_SHELL) SCRIPTS = ../scripts @@ -277,6 +279,7 @@ exipick: Makefile ../src/exipick.src @rm -f exipick @sed -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \ -e "s?SPOOL_DIRECTORY?$(SPOOL_DIRECTORY)?" \ + -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \ ../src/exipick.src > exipick-t @mv exipick-t exipick @chmod a+x exipick @@ -312,7 +315,6 @@ convert4r4: Makefile ../src/convert4r4.src # are thrown away by the linker. OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o -OBJ_WITH_OLD_DEMIME = demime.o OBJ_EXPERIMENTAL = bmi_spam.o \ dane.o \ dcc.o \ @@ -329,15 +331,16 @@ OBJ_LOOKUPS = lookups/lf_quote.o lookups/lf_check_file.o lookups/lf_sqlperform.o OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \ directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \ - filtertest.o globals.o dkim.o \ + filtertest.o globals.o dkim.o hash.o \ header.o host.o ip.o log.o lss.o match.o moan.o \ os.o parse.o queue.o \ rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \ route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \ std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \ + environment.o \ $(OBJ_LOOKUPS) \ local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \ - $(OBJ_WITH_OLD_DEMIME) $(OBJ_EXPERIMENTAL) + $(OBJ_EXPERIMENTAL) exim: buildlookups buildauths pdkim/pdkim.a \ buildrouters buildtransports \ @@ -407,7 +410,7 @@ exim_tidydb: $(OBJ_TIDYDB) exim_dbmbuild: exim_dbmbuild.o @echo "$(LNCC) -o exim_dbmbuild" - $(FE)$(LNCC) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \ + $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \ $(LIBS) $(EXTRALIBS) $(DBMLIB) @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ echo $(STRIP_COMMAND) exim_dbmbuild; \ @@ -445,7 +448,13 @@ MONBIN = em_StripChart.o $(EXIMON_TEXTPOP) em_globals.o em_init.o \ # The complete modules list also includes some specially compiled versions of # code from the main Exim source tree. -OBJ_MONBIN = util-spool_in.o util-store.o util-string.o tod.o tree.o $(MONBIN) +OBJ_MONBIN = util-spool_in.o \ + util-store.o \ + util-string.o \ + util-queue.o \ + tod.o \ + tree.o \ + $(MONBIN) eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ ../exim_monitor/em_version.c @@ -454,7 +463,7 @@ eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c @echo "$(LNCC) -o eximon.bin" $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \ - $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \ + $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ echo $(STRIP_COMMAND) eximon.bin; \ @@ -470,15 +479,18 @@ eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ # in one. This list is overkill, but it doesn't really take much time to # rebuild Exim on a modern computer. -HDRS = config.h \ +HDRS = blob.h \ + config.h \ dbfunctions.h \ dbstuff.h \ exim.h \ functions.h \ globals.h \ + hash.h \ local_scan.h \ macros.h \ mytypes.h \ + sha_ver.h \ structs.h \ os.h PHDRS = ../config.h \ @@ -562,6 +574,10 @@ util-string.o: $(HDRS) string.c @echo "$(CC) -DCOMPILE_UTILITY string.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-string.o string.c +util-queue.o: $(HDRS) queue.c + @echo "$(CC) -DCOMPILE_UTILITY queue.c" + $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-queue.o queue.c + util-os.o: $(HDRS) os.c @echo "$(CC) -DCOMPILE_UTILITY os.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \ @@ -592,9 +608,11 @@ dns.o: $(HDRS) dns.c enq.o: $(HDRS) enq.c exim.o: $(HDRS) exim.c expand.o: $(HDRS) expand.c +environment.o: $(HDRS) environment.c filter.o: $(HDRS) filter.c filtertest.o: $(HDRS) filtertest.c globals.o: $(HDRS) globals.c +hash.o: $(HDRS) hash.c header.o: $(HDRS) header.c host.o: $(HDRS) host.c ip.o: $(HDRS) ip.c @@ -602,7 +620,7 @@ log.o: $(HDRS) log.c lss.o: $(HDRS) lss.c match.o: $(HDRS) match.c moan.o: $(HDRS) moan.c -os.o: $(HDRS) os.c +os.o: $(HDRS) $(OS_C_INCLUDES) os.c parse.o: $(HDRS) parse.c queue.o: $(HDRS) queue.c rda.o: $(HDRS) rda.c @@ -621,7 +639,7 @@ spool_out.o: $(HDRS) spool_out.c std-crypto.o: $(HDRS) std-crypto.c store.o: $(HDRS) store.c string.o: $(HDRS) string.c -tls.o: $(HDRS) tls.c setenv.c \ +tls.o: $(HDRS) tls.c \ tls-gnu.c tlscert-gnu.c \ tls-openssl.c tlscert-openssl.c tod.o: $(HDRS) tod.c @@ -639,11 +657,6 @@ spam.o: $(HDRS) spam.c spool_mbox.o: $(HDRS) spool_mbox.c -# Dependencies for WITH_OLD_DEMIME modules - -demime.o: $(HDRS) demime.c - - # Dependencies for EXPERIMENTAL_* modules bmi_spam.o: $(HDRS) bmi_spam.c diff --git a/src/OS/Makefile-CYGWIN b/src/OS/Makefile-CYGWIN index 23981d479..cda5d26cc 100644 --- a/src/OS/Makefile-CYGWIN +++ b/src/OS/Makefile-CYGWIN @@ -80,7 +80,6 @@ LOOKUP_PASSWD=yes LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_LIBS=-lldap -llber -# WITH_OLD_DEMIME=yes WITH_CONTENT_SCAN=yes # It is important to define these variables but the values are always overridden diff --git a/src/OS/Makefile-HP-UX b/src/OS/Makefile-HP-UX index 073d67aba..ea35144bb 100644 --- a/src/OS/Makefile-HP-UX +++ b/src/OS/Makefile-HP-UX @@ -22,4 +22,6 @@ EXIMON_TEXTPOP= DBMLIB=-lndbm RANLIB=@true +OS_C_INCLUDES=setenv.c + # End diff --git a/src/OS/Makefile-SunOS5 b/src/OS/Makefile-SunOS5 index e60a6c088..568e99f1c 100644 --- a/src/OS/Makefile-SunOS5 +++ b/src/OS/Makefile-SunOS5 @@ -19,4 +19,6 @@ XINCLUDE=-I$(X11)/include XLFLAGS=-L$(X11)/lib -R$(X11)/lib X11LIB=$(X11)/lib +OS_C_INCLUDES=setenv.c + # End diff --git a/src/OS/os.c-BSDI b/src/OS/os.c-BSDI new file mode 100644 index 000000000..3cef2ac6d --- /dev/null +++ b/src/OS/os.c-BSDI @@ -0,0 +1,19 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) 2016 Heiko Schlittermann <hs@schlittermann.de> */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* BSDI-specific code. This is concatenated onto the generic +src/os.c file. */ + +#ifndef OS_UNSETENV +#define OS_UNSETENV + +int +os_unsetenv(const unsigned char * name) +{ +unsetenv((char *)name); +return 0; +} diff --git a/src/OS/os.c-HP-UX b/src/OS/os.c-HP-UX new file mode 100644 index 000000000..fdd8708a2 --- /dev/null +++ b/src/OS/os.c-HP-UX @@ -0,0 +1,16 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2016 */ +/* Copyright (c) Jeremy Harris 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* HP-UX-specific code. This is concatenated onto the generic +src/os.c file. */ + +#ifndef COMPILE_UTILITY +# include "setenv.c" +#endif + +/* End of os.c-SunHP-UX */ diff --git a/src/OS/os.c-Linux b/src/OS/os.c-Linux index 0043e8627..4bca77615 100644 --- a/src/OS/os.c-Linux +++ b/src/OS/os.c-Linux @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1997 - 2014 */ +/* Copyright (c) University of Cambridge 1997 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Linux-specific code. This is concatenated onto the generic diff --git a/src/OS/os.c-SunOS5 b/src/OS/os.c-SunOS5 new file mode 100644 index 000000000..162486958 --- /dev/null +++ b/src/OS/os.c-SunOS5 @@ -0,0 +1,16 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2016 */ +/* Copyright (c) Jeremy Harris 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* Solaris-specific code. This is concatenated onto the generic +src/os.c file. */ + +#if defined(MISSING_UNSETENV_3) && !defined(COMPILE_UTILITY) +# include "setenv.c" +#endif + +/* End of os.c-SunOS5 */ diff --git a/src/OS/os.h-BSDI b/src/OS/os.h-BSDI index 6e16722fd..a1705ec95 100644 --- a/src/OS/os.h-BSDI +++ b/src/OS/os.h-BSDI @@ -5,6 +5,7 @@ #define HAVE_MMAP #define HAVE_SYS_MOUNT_H #define SIOCGIFCONF_GIVES_ADDR +#define OS_UNSETENV typedef struct flock flock_t; diff --git a/src/OS/os.h-HP-UX b/src/OS/os.h-HP-UX index 1b599231d..4998734f6 100644 --- a/src/OS/os.h-HP-UX +++ b/src/OS/os.h-HP-UX @@ -10,7 +10,6 @@ #define FSCALE 1.0 #define HAVE_SYS_STATVFS_H -#define MISSING_UNSETENV_3 #define F_FREESP O_TRUNC #define NEED_H_ERRNO 1 diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux index 05c153e2c..510865c66 100644 --- a/src/OS/os.h-Linux +++ b/src/OS/os.h-Linux @@ -65,5 +65,13 @@ then change the 0 to 1 in the next block. */ # define LLONG_MAX LONG_LONG_MAX #endif +#if _POSIX_C_SOURCE >= 200809L || _ATFILE_SOUCE +# define EXIM_HAVE_OPENAT +#endif + +#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) +# define MSG_FASTOPEN 0x20000000 +#endif + /* End */ diff --git a/src/OS/os.h-SunOS5 b/src/OS/os.h-SunOS5 index 45a1171c8..807212b85 100644 --- a/src/OS/os.h-SunOS5 +++ b/src/OS/os.h-SunOS5 @@ -37,4 +37,10 @@ it seems. */ #endif +/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate +a buffer */ + +#define OS_GETCWD + + /* End */ diff --git a/src/README.UPDATING b/src/README.UPDATING index 590642f3e..8cb59e91e 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,6 +26,17 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.88 +----------------- + + * The "demime" ACL condition, deprecated for the past 10 years, has + now been removed. + + * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac", + and "gnutls_require_protocols" have now been removed. (Inoperative from + 4.80, per below; logging warnings since 4.83, again per below). + + Exim version 4.83 ----------------- diff --git a/src/exim_monitor/em_TextPop.c b/src/exim_monitor/em_TextPop.c index faa51ed89..03f97da52 100644 --- a/src/exim_monitor/em_TextPop.c +++ b/src/exim_monitor/em_TextPop.c @@ -468,7 +468,7 @@ struct SearchAndReplace * search; text.firstPos = 0; text.format = FMT8BIT; - dir = (XawTextScanDirection)(int) ((caddr_t)XawToggleGetCurrent(search->left_toggle) - + dir = (XawTextScanDirection) ((long)XawToggleGetCurrent(search->left_toggle) - R_OFFSET); pos = XawTextSearch( tw, dir, &text); diff --git a/src/exim_monitor/em_globals.c b/src/exim_monitor/em_globals.c index 6415e4238..54032362c 100644 --- a/src/exim_monitor/em_globals.c +++ b/src/exim_monitor/em_globals.c @@ -187,13 +187,15 @@ uid_t originator_uid; uschar *primary_hostname = NULL; +uschar *queue_name = US""; + int received_count = 0; uschar *received_protocol = NULL; int received_time = 0; int recipients_count = 0; recipient_item *recipients_list = NULL; int recipients_list_max = 0; -int running_in_test_harness=FALSE; +BOOL running_in_test_harness=FALSE; uschar *sender_address = NULL; uschar *sender_fullhost = NULL; diff --git a/src/exim_monitor/em_hdr.h b/src/exim_monitor/em_hdr.h index ed95716a3..a7e874a87 100644 --- a/src/exim_monitor/em_hdr.h +++ b/src/exim_monitor/em_hdr.h @@ -92,6 +92,7 @@ the benefit of structs.h. One of these days I should tidy up this interface so that this kind of kludge isn't needed. */ #define MAXPACKET 1024 +typedef void hctx; #include "config.h" #include "mytypes.h" diff --git a/src/exim_monitor/em_log.c b/src/exim_monitor/em_log.c index 6efd9c0c9..9ff994ced 100644 --- a/src/exim_monitor/em_log.c +++ b/src/exim_monitor/em_log.c @@ -2,7 +2,7 @@ * Exim Monitor * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2014 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module contains code for scanning the main log, @@ -217,7 +217,11 @@ uschar buffer[log_buffer_len]; if (LOG != NULL) { - fseek(LOG, log_position, SEEK_SET); + if (fseek(LOG, log_position, SEEK_SET)) + { + perror("logfile fseek"); + exit(1); + } while (Ufgets(buffer, log_buffer_len, LOG) != NULL) { @@ -393,7 +397,11 @@ if (LOG == NULL || { if (LOG != NULL) fclose(LOG); LOG = TEST; - fstat(fileno(LOG), &statdata); + if (fstat(fileno(LOG), &statdata)) + { + fprintf(stderr, "fstat %s: %s\n", log_file_open, strerror(errno)); + exit(1); + } log_inode = statdata.st_ino; } } diff --git a/src/exim_monitor/em_main.c b/src/exim_monitor/em_main.c index 69354c086..3034a041c 100644 --- a/src/exim_monitor/em_main.c +++ b/src/exim_monitor/em_main.c @@ -2,7 +2,7 @@ * Exim Monitor * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2014 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -669,8 +669,14 @@ if (log_file[0] != 0) { fseek(LOG, 0, SEEK_END); log_position = ftell(LOG); - fstat(fileno(LOG), &statdata); - log_inode = statdata.st_ino; + if (fstat(fileno(LOG), &statdata)) + { + perror("log file fstat"); + fclose(LOG); + LOG=NULL; + } + else + log_inode = statdata.st_ino; } } else diff --git a/src/exim_monitor/em_menu.c b/src/exim_monitor/em_menu.c index 9d3ca1c14..6deb909da 100644 --- a/src/exim_monitor/em_menu.c +++ b/src/exim_monitor/em_menu.c @@ -2,7 +2,7 @@ * Exim Monitor * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2009 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -133,32 +133,33 @@ menu_is_up = FALSE; * Display the message log * *************************************************/ -static void msglogAction(Widget w, XtPointer client_data, XtPointer call_data) +static void +msglogAction(Widget w, XtPointer client_data, XtPointer call_data) { int i; -uschar buffer[256]; -Widget text = text_create((uschar *)client_data, text_depth); -FILE *f = NULL; +Widget text = text_create(US client_data, text_depth); +uschar * fname = NULL; +FILE * f = NULL; w = w; /* Keep picky compilers happy */ call_data = call_data; /* End up with the split version, so message looks right when non-exist */ -for (i = 0; i < (spool_is_split? 2:1); i++) +for (i = 0; i < (spool_is_split ? 2:1); i++) { - message_subdir[0] = (i != 0)? ((uschar *)client_data)[5] : 0; - sprintf(CS buffer, "%s/msglog/%s/%s", spool_directory, message_subdir, - (uschar *)client_data); - f = fopen(CS buffer, "r"); - if (f != NULL) break; + message_subdir[0] = i != 0 ? (US client_data)[5] : 0; + fname = spool_fname(US"msglog", message_subdir, US client_data, US""); + if ((f = fopen(CS fname, "r"))) + break; } -if (f == NULL) - text_showf(text, "%s: %s\n", buffer, strerror(errno)); +if (!f) + text_showf(text, "%s: %s\n", fname, strerror(errno)); else { - while (Ufgets(buffer, 256, f) != NULL) text_show(text, buffer); + uschar buffer[256]; + while (Ufgets(buffer, sizeof(buffer), f) != NULL) text_show(text, buffer); fclose(f); } } @@ -169,10 +170,10 @@ else * Display the message body * *************************************************/ -static void bodyAction(Widget w, XtPointer client_data, XtPointer call_data) +static void +bodyAction(Widget w, XtPointer client_data, XtPointer call_data) { int i; -uschar buffer[256]; Widget text = text_create((uschar *)client_data, text_depth); FILE *f = NULL; @@ -181,19 +182,21 @@ call_data = call_data; for (i = 0; i < (spool_is_split? 2:1); i++) { - message_subdir[0] = (i != 0)? ((uschar *)client_data)[5] : 0; - sprintf(CS buffer, "%s/input/%s/%s-D", spool_directory, message_subdir, - (uschar *)client_data); - f = fopen(CS buffer, "r"); - if (f != NULL) break; + uschar * fname; + message_subdir[0] = i != 0 ? ((uschar *)client_data)[5] : 0; + fname = spool_fname(US"input", message_subdir, US client_data, US"-D"); + if ((f = fopen(CS fname, "r"))) + break; } if (f == NULL) text_showf(text, "Failed to open file: %s\n", strerror(errno)); else { + uschar buffer[256]; int count = 0; - while (Ufgets(buffer, 256, f) != NULL) + + while (Ufgets(buffer, sizeof(buffer), f) != NULL) { text_show(text, buffer); count += Ustrlen(buffer); @@ -273,8 +276,12 @@ if (pipe(pipe_fd) != 0) return; } -fcntl(pipe_fd[0], F_SETFL, O_NONBLOCK); -fcntl(pipe_fd[1], F_SETFL, O_NONBLOCK); +if ( fcntl(pipe_fd[0], F_SETFL, O_NONBLOCK) + || fcntl(pipe_fd[1], F_SETFL, O_NONBLOCK)) + { + perror("set nonblocking on pipe"); + exit(1); + } /* Delivering a message can take some time, and we want to show the output as it goes along. This requires subprocesses and is coded below. For @@ -373,7 +380,7 @@ if ((pid = fork()) == 0) /* Main process - set up an item for the main ticker to watch. */ -if (pid < 0) text_showf(text, "Failed to fork: %s\n", strerror(pid)); else +if (pid < 0) text_showf(text, "Failed to fork: %s\n", strerror(errno)); else { pipe_item *p = (pipe_item *)store_malloc(sizeof(pipe_item)); @@ -551,7 +558,8 @@ static void addrecipAction(Widget w, XtPointer client_data, XtPointer call_data) { w = w; /* Keep picky compilers happy */ call_data = call_data; -Ustrcpy(actioned_message, (uschar *)client_data); +Ustrncpy(actioned_message, client_data, 24); +actioned_message[23] = '\0'; action_required = US"-Mar"; dialog_ref_widget = menushell; create_dialog(US"Recipient address to add?", US""); @@ -567,7 +575,8 @@ static void markdelAction(Widget w, XtPointer client_data, XtPointer call_data) { w = w; /* Keep picky compilers happy */ call_data = call_data; -Ustrcpy(actioned_message, (uschar *)client_data); +Ustrncpy(actioned_message, client_data, 24); +actioned_message[23] = '\0'; action_required = US"-Mmd"; dialog_ref_widget = menushell; create_dialog(US"Recipient address to mark delivered?", US""); @@ -582,7 +591,7 @@ static void markalldelAction(Widget w, XtPointer client_data, XtPointer call_dat { w = w; /* Keep picky compilers happy */ call_data = call_data; -ActOnMessage((uschar *)client_data, US"-Mmad", US""); +ActOnMessage(US client_data, US"-Mmad", US""); } @@ -597,9 +606,10 @@ queue_item *q; uschar *sender; w = w; /* Keep picky compilers happy */ call_data = call_data; -Ustrcpy(actioned_message, (uschar *)client_data); +Ustrncpy(actioned_message, client_data, 24); +actioned_message[23] = '\0'; q = find_queue(actioned_message, queue_noop, 0); -sender = (q == NULL)? US"" : (q->sender[0] == 0)? US"<>" : q->sender; +sender = !q ? US"" : q->sender[0] == 0 ? US"<>" : q->sender; action_required = US"-Mes"; dialog_ref_widget = menushell; create_dialog(US"New sender address?", sender); diff --git a/src/exim_monitor/em_queue.c b/src/exim_monitor/em_queue.c index c01a80fe0..4bdc57ab9 100644 --- a/src/exim_monitor/em_queue.c +++ b/src/exim_monitor/em_queue.c @@ -263,7 +263,8 @@ else sender_address = NULL; -sprintf(CS buffer, "%s/input/%s/%s-D", spool_directory, message_subdir, name); +snprintf(CS buffer, sizeof(buffer), "%s/input/%s/%s/%s-D", + spool_directory, queue_name, message_subdir, name); if (Ustat(buffer, &statdata) == 0) q->size = message_size + statdata.st_size - SPOOL_DATA_START_OFFSET + 1; @@ -271,7 +272,6 @@ if (Ustat(buffer, &statdata) == 0) been delivered, and removing visible names. */ if (recipients_list != NULL) - { for (i = 0; i < recipients_count; i++) { uschar *r = recipients_list[i].address; @@ -282,7 +282,6 @@ if (recipients_list != NULL) (void)find_dest(q, r, dest_add, FALSE); } } - } /* Recover the dynamic store used by spool_read_header(). */ @@ -617,11 +616,13 @@ uschar buffer[1024]; message_subdir[0] = p->dir_char; -sprintf(CS buffer, "%s/input/%s/%s-J", spool_directory, message_subdir, p->name); -jread = fopen(CS buffer, "r"); -if (jread == NULL) +snprintf(CS buffer, sizeof(buffer), "%s/input/%s/%s/%s-J", + spool_directory, queue_name, message_subdir, p->name); + +if (!(jread = fopen(CS buffer, "r"))) { - sprintf(CS buffer, "%s/input/%s/%s-H", spool_directory, message_subdir, p->name); + snprintf(CS buffer, sizeof(buffer), "%s/input/%s/%s/%s-H", + spool_directory, queue_name, message_subdir, p->name); if (Ustat(buffer, &statdata) < 0 || p->update_time == statdata.st_mtime) return; } @@ -655,32 +656,23 @@ if (jread != NULL) been delivered, and removing visible names. In the nonrecipients tree, domains are lower cased. */ -if (recipients_list != NULL) - { +if (recipients_list) for (i = 0; i < recipients_count; i++) { - uschar *pp; - uschar *r = recipients_list[i].address; - tree_node *node = tree_search(tree_nonrecipients, r); + uschar * pp; + uschar * r = recipients_list[i].address; + tree_node * node; - if (node == NULL) - { - uschar temp[256]; - uschar *rr = temp; - Ustrcpy(temp, r); - while (*rr != 0 && *rr != '@') rr++; - while (*rr != 0) { *rr = tolower(*rr); rr++; } - node = tree_search(tree_nonrecipients, temp); - } + if (!(node = tree_search(tree_nonrecipients, r))) + node = tree_search(tree_nonrecipients, string_copylc(r)); - if ((pp = strstric(r+1, qualify_domain, FALSE)) != NULL && - *(--pp) == '@') *pp = 0; - if (node == NULL) + if ((pp = strstric(r+1, qualify_domain, FALSE)) && *(--pp) == '@') + *pp = 0; + if (!node) (void)find_dest(p, r, dest_add, FALSE); else (void)find_dest(p, r, dest_remove, FALSE); } - } /* We also need to scan the tree of non-recipients, which might contain child addresses that are not in the recipients list, but diff --git a/src/exim_monitor/em_strip.c b/src/exim_monitor/em_strip.c index 00675d46f..f0ad3abbb 100644 --- a/src/exim_monitor/em_strip.c +++ b/src/exim_monitor/em_strip.c @@ -58,12 +58,13 @@ a little game in order to ensure that the double value is correctly passed back via the value pointer without the compiler doing an unwanted cast. */ -static void stripchartAction(Widget w, XtPointer client_data, XtPointer value) +static void +stripchartAction(Widget w, XtPointer client_data, XtPointer value) { -double *ptr = (double *)value; +double * ptr = (double *)value; static int thresholds[] = {10, 20, 50, 100, 200, 500, 1000, 2000, 5000, 10000, 0}; -int num = (int)client_data; +int num = (long)client_data; int oldmax = 0; int newmax = 0; int newvalue = 0; @@ -213,7 +214,8 @@ and for the second if it is a partition size display; its update time is initially set to 1 second so that it gives an immediate display of the queue. The first time its callback function is obeyed, the update time gets reset. */ -void create_stripchart(Widget parent, uschar *title) +void +create_stripchart(Widget parent, uschar *title) { Widget chart; @@ -249,7 +251,7 @@ xs_SetValues(chart, 11, XtNfromVert, label); XtAddCallback(chart, "getValue", stripchartAction, - (XtPointer)stripchart_count); + (XtPointer)(long)stripchart_count); stripchart_last_total[stripchart_count] = 0; stripchart_max[stripchart_count] = 10; diff --git a/src/exim_monitor/em_xs.c b/src/exim_monitor/em_xs.c index 87371b50c..b145fb993 100644 --- a/src/exim_monitor/em_xs.c +++ b/src/exim_monitor/em_xs.c @@ -2,7 +2,7 @@ * Exim Monitor * *************************************************/ -/* Copyright (c) University of Cambridge, 1995 - 2007 */ +/* Copyright (c) University of Cambridge, 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file contains a number of subroutines that are in effect @@ -37,6 +37,7 @@ for (i = 0; i < num_args; i++) aa[i].name = va_arg(ap, String); aa[i].value = va_arg(ap, XtArgVal); } +va_end(ap); XtSetValues(w, aa, num_args); if (num_args > 15) free(aa); } diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index eeb26eeb1..3e486a6bb 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -4,6 +4,8 @@ # from inside the directory. It does its own checking of when to rebuild; it # just got too horrendous to get it right in "make", because of the optionally # existing configuration files. +# +# Copyright (c) The Exim Maintainers 2016 # First off, get the OS type, and check that there is a make file for it. @@ -110,7 +112,9 @@ do if test -r ../$f echo "# End of $f" echo "" fi -done >> $mft || exit 1 +done \ + | sed 's/^TMPDIR=/EXIM_&/' \ + >> $mft || exit 1 # handle pkg-config # beware portability of extended regexps with sed. @@ -132,13 +136,16 @@ then USE_*_PC) eval "pc_value=\"\$$var\"" need_this='' + need_core='' if [ ".$SUPPORT_TLS" = "." ]; then # no TLS, not referencing true elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then need_this=t + need_core="gnutls-special" elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then need_this=t + need_core=t fi if [ ".$need_this" != "." ]; then tls_include=`pkg-config --cflags $pc_value` @@ -149,6 +156,19 @@ then tls_libs=`pkg-config --libs $pc_value` echo "TLS_INCLUDE=$tls_include" echo "TLS_LIBS=$tls_libs" + # With hash.h pulling crypto into the core, we need to also handle that + if [ ".$need_this" = ".t" ]; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + elif [ ".$need_this" = ".gnutls-special" ]; then + if pkg-config --atleast-version=2.10 gnutls ; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + else + echo "CFLAGS += $(libgcrypt-config --cflags)" + echo "LDFLAGS += $(libgcrypt-config --libs)" + fi + fi fi ;; diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks index 886214030..b710c2fd8 100755 --- a/src/scripts/MakeLinks +++ b/src/scripts/MakeLinks @@ -2,6 +2,8 @@ # Script to build links for all the exim source files from the system- # specific build directory. It should be run from within that directory. +# +# Copyright (c) The Exim Maintainers 2016 test ! -d ../src && \ echo "*** $0 should be run in a system-specific subdirectory." && \ @@ -29,7 +31,7 @@ mkdir lookups cd lookups # Makefile is generated for f in README cdb.c dbmdb.c dnsdb.c dsearch.c ibase.c ldap.h ldap.c \ - lsearch.c mysql.c redis.c nis.c nisplus.c oracle.c passwd.c \ + lmdb.c lsearch.c mysql.c redis.c nis.c nisplus.c oracle.c passwd.c \ pgsql.c spf.c sqlite.c testdb.c whoson.c \ lf_functions.h lf_check_file.c lf_quote.c lf_sqlperform.c do @@ -57,8 +59,8 @@ cd .. mkdir transports cd transports for f in README Makefile appendfile.h appendfile.c autoreply.h \ - autoreply.c lmtp.h lmtp.c pipe.h pipe.c smtp.h smtp.c smtp_socks.c \ - tf_maildir.c tf_maildir.h + autoreply.c lmtp.h lmtp.c pipe.h pipe.c queuefile.c queuefile.h \ + smtp.h smtp.c smtp_socks.c tf_maildir.c tf_maildir.h do ln -s ../../src/transports/$f $f done @@ -93,15 +95,16 @@ cd .. # but local_scan.c does not, because its location is taken from the build-time # configuration. Likewise for the os.c file, which gets build dynamically. -for f in dbfunctions.h dbstuff.h exim.h functions.h globals.h local_scan.h \ - macros.h mytypes.h osfunctions.h store.h structs.h lookupapi.h \ +for f in blob.h dbfunctions.h dbstuff.h exim.h functions.h globals.h \ + hash.h local_scan.h \ + macros.h mytypes.h osfunctions.h store.h structs.h lookupapi.h sha_ver.h \ \ acl.c buildconfig.c base64.c child.c crypt16.c daemon.c dbfn.c debug.c deliver.c \ directory.c dns.c drtables.c dummies.c enq.c exim.c exim_dbmbuild.c \ exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c globals.c \ - header.c host.c ip.c log.c lss.c match.c moan.c parse.c perl.c queue.c \ + hash.c header.c host.c ip.c log.c lss.c match.c moan.c parse.c perl.c queue.c \ rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \ - setenv.c \ + setenv.c environment.c \ sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \ string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-gnu.c tls-openssl.c \ tod.c transport.c tree.c verify.c version.c dkim.c dkim.h dmarc.c dmarc.h \ @@ -116,12 +119,6 @@ do ln -s ../src/$f $f done -# WITH_OLD_DEMIME -for f in demime.c demime.h -do - ln -s ../src/$f $f -done - # EXPERIMENTAL_* for f in bmi_spam.c bmi_spam.h dcc.c dcc.h dane.c dane-gnu.c dane-openssl.c \ danessl.h imap_utf7.c spf.c spf.h srs.c srs.h utf8.c diff --git a/src/scripts/exim_install b/src/scripts/exim_install index b9330ae0c..1e8805024 100755 --- a/src/scripts/exim_install +++ b/src/scripts/exim_install @@ -217,13 +217,15 @@ while [ $# -gt 0 ]; do # The exim binary is handled specially if [ $name = exim${EXE} ]; then - version=exim-`./exim -bV -C /dev/null | \ + exim="./exim -bV -C /dev/null" + version=exim-`$exim 2>/dev/null | \ awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE} if [ "${version}" = "exim-${EXE}" ]; then echo $com "" - echo $com "*** Could not run ./exim to find version number ***" + echo $com "*** Could not run $exim to find version number ***" echo $com "*** Exim installation ${ver}failed ***" + $exim exit 1 fi diff --git a/src/scripts/lookups-Makefile b/src/scripts/lookups-Makefile index 4e69a9a77..db2d184a7 100755 --- a/src/scripts/lookups-Makefile +++ b/src/scripts/lookups-Makefile @@ -177,6 +177,11 @@ fi OBJ="${OBJ} spf.o" +if want_experimental LMDB +then + OBJ="${OBJ} lmdb.o" +fi + echo "MODS = $MODS" echo "OBJ = $OBJ" diff --git a/src/scripts/reversion b/src/scripts/reversion index c4618868e..9707b9c1c 100755 --- a/src/scripts/reversion +++ b/src/scripts/reversion @@ -1,4 +1,9 @@ #!/bin/sh +# Copyright (c) The Exim Maintainers 2016 + +set -e +LC_ALL=C +export LC_ALL # Update Exim's version header file. @@ -37,8 +42,13 @@ then # Modify the output of git describe into separate parts for # the name "exim" and the release and variant versions. # Put a dot in the version number and remove a spurious g. - set $(git describe --dirty=-XX --match 'exim-4*' | - sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') + if [ "$2" ] + then + description=$(git describe "$2") + else + description=$(git describe --dirty=-XX --match 'exim-4*') + fi + set $(echo "$description" | sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') # Only update if we need to if [ "$2 $3" != "$EXIM_RELEASE_VERSION $EXIM_VARIANT_VERSION" ] then diff --git a/src/scripts/source_checks b/src/scripts/source_checks index eac4b8d1b..918a6f8eb 100644 --- a/src/scripts/source_checks +++ b/src/scripts/source_checks @@ -19,6 +19,7 @@ done <<-END globals.c header_names globals.c log_options expand.c item_table + std-crypto.c dh_constants transport.c optionlist_transports route.c optionlist_routers transports/appendfile.c appendfile_transport_options @@ -27,6 +28,8 @@ done <<-END transports/pipe.c pipe_transport_options transports/smtp.c smtp_transport_options expand.c var_table + acl.c conditions + acl.c controls_list END # Tables with just string items @@ -45,6 +48,5 @@ done <<-END expand.c op_table_main expand.c cond_table acl.c verbs - acl.c conditions END diff --git a/src/src/EDITME b/src/src/EDITME index 30a296e89..69293467e 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -392,13 +392,6 @@ EXIM_MONITOR=eximon.bin # WITH_CONTENT_SCAN=yes -# If you want to use the deprecated "demime" condition in the DATA ACL, -# uncomment the line below. Doing so will also explicitly turn on the -# WITH_CONTENT_SCAN option. If possible, use the MIME ACL instead of -# the "demime" condition. - -# WITH_OLD_DEMIME=yes - #------------------------------------------------------------------------------ # If you're using ClamAV and are backporting fixes to an old version, instead # of staying current (which is the more usual approach) then you may need to @@ -472,6 +465,12 @@ EXIM_MONITOR=eximon.bin # CFLAGS += -I/usr/local/include # LDFLAGS += -lsrs_alt +# Uncomment the following line to add DMARC checking capability, implemented +# using libopendmarc libraries. You must have SPF support enabled also. +# EXPERIMENTAL_DMARC=yes +# CFLAGS += -I/usr/local/include +# LDFLAGS += -lopendmarc + # Uncomment the following lines to add Brightmail AntiSpam support. You need # to have the Brightmail client SDK installed. Please check the experimental # documentation for implementation details. You need to edit the CFLAGS and @@ -481,19 +480,24 @@ EXIM_MONITOR=eximon.bin # CFLAGS += -I/opt/brightmail/bsdk-6.0/include # LDFLAGS += -lxml2_single -lbmiclient_single -L/opt/brightmail/bsdk-6.0/lib -# Uncomment the following line to add DMARC checking capability, implemented -# using libopendmarc libraries. -# EXPERIMENTAL_DMARC=yes -# CFLAGS += -I/usr/local/include -# LDFLAGS += -lopendmarc - # Uncomment the following line to add DANE support # Note: Enabling this unconditionally overrides DISABLE_DNSSEC +# Note: DANE is only supported when using OpenSSL # EXPERIMENTAL_DANE=yes # Uncomment the following to include extra information in fail DSN message (bounces) # EXPERIMENTAL_DSN_INFO=yes +# Uncomment the following to add LMDB lookup support +# You need to have LMDB installed on your system (https://github.com/LMDB/lmdb) +# Depending on where it is installed you may have to edit the CFLAGS and LDFLAGS lines. +# EXPERIMENTAL_LMDB=yes +# CFLAGS += -I/usr/local/include +# LDFLAGS += -llmdb + +# Uncomment the following line to add queuefile transport support +# EXPERIMENTAL_QUEUEFILE=yes + ############################################################################### # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # ############################################################################### @@ -742,6 +746,10 @@ HEADERS_CHARSET="ISO-8859-1" # USE_GNUTLS_PC=gnutls # TLS_LIBS=-lgnutls -ltasn1 -lgcrypt +# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's +# build process will require libgcrypt-config to exist in your $PATH. A +# version that old is likely to become unsupported by Exim in 2017. + # The security fix we provide with the gnutls_allow_auto_pkcs11 option # (4.82 PP/09) introduces a compatibility regression. The symbol is # not available if GnuTLS is build without p11-kit (--without-p11-kit @@ -1121,9 +1129,11 @@ SYSTEM_ALIASES_FILE=/etc/aliases # files, and thus be influenced by the value of TMPDIR. For this reason, when # Exim starts, it checks the environment for TMPDIR, and if it finds it is set, # it replaces the value with what is defined here. Commenting this setting -# suppresses the check altogether. +# suppresses the check altogether. Older installations call this macro +# just TMPDIR, but this has side effects at build time. At runtime +# TMPDIR is checked as before. -TMPDIR="/tmp" +EXIM_TMPDIR="/tmp" #------------------------------------------------------------------------------ diff --git a/src/src/acl.c b/src/src/acl.c index 684b93bbb..1ac2bee23 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for handling Access Control Lists (ACLs) */ @@ -46,7 +46,7 @@ static int msgcond[] = { }; /* ACL condition and modifier codes - keep in step with the table that -follows, and the cond_expand_at_top and uschar cond_modifiers tables lower +follows. down. */ enum { ACLC_ACL, @@ -65,9 +65,6 @@ enum { ACLC_ACL, ACLC_DECODE, #endif ACLC_DELAY, -#ifdef WITH_OLD_DEMIME - ACLC_DEMIME, -#endif #ifndef DISABLE_DKIM ACLC_DKIM_SIGNER, ACLC_DKIM_STATUS, @@ -91,6 +88,7 @@ enum { ACLC_ACL, #ifdef WITH_CONTENT_SCAN ACLC_MIME_REGEX, #endif + ACLC_QUEUE, ACLC_RATELIMIT, ACLC_RECIPIENTS, #ifdef WITH_CONTENT_SCAN @@ -111,79 +109,251 @@ enum { ACLC_ACL, ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "continue", "endpass", -"message", "log_message", "log_reject_target", "logwrite", and "set" are +"message", "log_message", "log_reject_target", "logwrite", "queue" and "set" are modifiers that look like conditions but always return TRUE. They are used for their side effects. */ -static uschar *conditions[] = { - US"acl", - US"add_header", - US"authenticated", +typedef struct condition_def { + uschar *name; + +/* Flag to indicate the condition/modifier has a string expansion done +at the outer level. In the other cases, expansion already occurs in the +checking functions. */ + BOOL expand_at_top:1; + + BOOL is_modifier:1; + +/* Bit map vector of which conditions and modifiers are not allowed at certain +times. For each condition and modifier, there's a bitmap of dis-allowed times. +For some, it is easier to specify the negation of a small number of allowed +times. */ + unsigned forbids; + +} condition_def; + +static condition_def conditions[] = { + { US"acl", FALSE, FALSE, 0 }, + + { US"add_header", TRUE, TRUE, + (unsigned int) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| +#ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +#endif + (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_DKIM)| + (1<<ACL_WHERE_NOTSMTP_START)), + }, + + { US"authenticated", FALSE, FALSE, + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START)| + (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO), + }, #ifdef EXPERIMENTAL_BRIGHTMAIL - US"bmi_optin", + { US"bmi_optin", TRUE, TRUE, + (1<<ACL_WHERE_AUTH)| + (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)| +# ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +# endif + (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| + (1<<ACL_WHERE_MAILAUTH)| + (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START), + }, #endif - US"condition", - US"continue", - US"control", + { US"condition", TRUE, FALSE, 0 }, + { US"continue", TRUE, TRUE, 0 }, + + /* Certain types of control are always allowed, so we let it through + always and check in the control processing itself. */ + { US"control", TRUE, TRUE, 0 }, + #ifdef EXPERIMENTAL_DCC - US"dcc", + { US"dcc", TRUE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_DATA)| +# ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +# endif + (1<<ACL_WHERE_NOTSMTP)), + }, #endif #ifdef WITH_CONTENT_SCAN - US"decode", -#endif - US"delay", -#ifdef WITH_OLD_DEMIME - US"demime", + { US"decode", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) }, + #endif + { US"delay", TRUE, TRUE, (1<<ACL_WHERE_NOTQUIT) }, #ifndef DISABLE_DKIM - US"dkim_signers", - US"dkim_status", + { US"dkim_signers", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) }, + { US"dkim_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) }, #endif #ifdef EXPERIMENTAL_DMARC - US"dmarc_status", + { US"dmarc_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DATA) }, +#endif + + /* Explicit key lookups can be made in non-smtp ACLs so pass + always and check in the verify processing itself. */ + { US"dnslists", TRUE, FALSE, 0 }, + + { US"domains", FALSE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_RCPT) + |(1<<ACL_WHERE_VRFY) +#ifndef DISABLE_PRDR + |(1<<ACL_WHERE_PRDR) #endif - US"dnslists", - US"domains", - US"encrypted", - US"endpass", - US"hosts", - US"local_parts", - US"log_message", - US"log_reject_target", - US"logwrite", + ), + }, + { US"encrypted", FALSE, FALSE, + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_NOTSMTP_START)| + (1<<ACL_WHERE_HELO), + }, + + { US"endpass", TRUE, TRUE, 0 }, + + { US"hosts", FALSE, FALSE, + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START), + }, + { US"local_parts", FALSE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_RCPT) + |(1<<ACL_WHERE_VRFY) + #ifndef DISABLE_PRDR + |(1<<ACL_WHERE_PRDR) + #endif + ), + }, + + { US"log_message", TRUE, TRUE, 0 }, + { US"log_reject_target", TRUE, TRUE, 0 }, + { US"logwrite", TRUE, TRUE, 0 }, + #ifdef WITH_CONTENT_SCAN - US"malware", + { US"malware", TRUE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_DATA)| +# ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +# endif + (1<<ACL_WHERE_NOTSMTP)), + }, #endif - US"message", + + { US"message", TRUE, TRUE, 0 }, #ifdef WITH_CONTENT_SCAN - US"mime_regex", + { US"mime_regex", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) }, #endif - US"ratelimit", - US"recipients", + + { US"queue", TRUE, TRUE, + (1<<ACL_WHERE_NOTSMTP)| +#ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +#endif + (1<<ACL_WHERE_DATA), + }, + + { US"ratelimit", TRUE, FALSE, 0 }, + { US"recipients", FALSE, FALSE, (unsigned int) ~(1<<ACL_WHERE_RCPT) }, + #ifdef WITH_CONTENT_SCAN - US"regex", + { US"regex", TRUE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_DATA)| +# ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +# endif + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_MIME)), + }, + +#endif + { US"remove_header", TRUE, TRUE, + (unsigned int) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| +#ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| #endif - US"remove_header", - US"sender_domains", US"senders", US"set", + (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START)), + }, + { US"sender_domains", FALSE, FALSE, + (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_HELO)| + (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| + (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), + }, + { US"senders", FALSE, FALSE, + (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_HELO)| + (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| + (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), + }, + + { US"set", TRUE, TRUE, 0 }, + #ifdef WITH_CONTENT_SCAN - US"spam", + { US"spam", TRUE, FALSE, + (unsigned int) + ~((1<<ACL_WHERE_DATA)| +# ifndef DISABLE_PRDR + (1<<ACL_WHERE_PRDR)| +# endif + (1<<ACL_WHERE_NOTSMTP)), + }, #endif #ifdef EXPERIMENTAL_SPF - US"spf", - US"spf_guess", + { US"spf", TRUE, FALSE, + (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_HELO)| + (1<<ACL_WHERE_MAILAUTH)| + (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START), + }, + { US"spf_guess", TRUE, FALSE, + (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_HELO)| + (1<<ACL_WHERE_MAILAUTH)| + (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START), + }, #endif - US"udpsend", - US"verify" }; + { US"udpsend", TRUE, TRUE, 0 }, + /* Certain types of verify are always allowed, so we let it through + always and check in the verify function itself */ + { US"verify", TRUE, FALSE, + 0 + }, +}; -/* Return values from decode_control(); keep in step with the table of names -that follows! */ + + +/* Return values from decode_control(); used as index so keep in step +with the controls_list table that follows! */ enum { CONTROL_AUTH_UNADVERTISED, #ifdef EXPERIMENTAL_BRIGHTMAIL CONTROL_BMI_RUN, #endif + CONTROL_CASEFUL_LOCAL_PART, + CONTROL_CASELOWER_LOCAL_PART, + CONTROL_CUTTHROUGH_DELIVERY, CONTROL_DEBUG, #ifndef DISABLE_DKIM CONTROL_DKIM_VERIFY, @@ -193,571 +363,155 @@ enum { CONTROL_DMARC_FORENSIC, #endif CONTROL_DSCP, - CONTROL_ERROR, - CONTROL_CASEFUL_LOCAL_PART, - CONTROL_CASELOWER_LOCAL_PART, - CONTROL_CUTTHROUGH_DELIVERY, CONTROL_ENFORCE_SYNC, - CONTROL_NO_ENFORCE_SYNC, + CONTROL_ERROR, /* pseudo-value for decode errors */ + CONTROL_FAKEDEFER, + CONTROL_FAKEREJECT, CONTROL_FREEZE, - CONTROL_QUEUE_ONLY, - CONTROL_SUBMISSION, - CONTROL_SUPPRESS_LOCAL_FIXUPS, + + CONTROL_NO_CALLOUT_FLUSH, + CONTROL_NO_DELAY_FLUSH, + CONTROL_NO_ENFORCE_SYNC, #ifdef WITH_CONTENT_SCAN CONTROL_NO_MBOX_UNSPOOL, #endif - CONTROL_FAKEDEFER, - CONTROL_FAKEREJECT, -#ifdef SUPPORT_I18N - CONTROL_UTF8_DOWNCONVERT, -#endif CONTROL_NO_MULTILINE, CONTROL_NO_PIPELINING, - CONTROL_NO_DELAY_FLUSH, - CONTROL_NO_CALLOUT_FLUSH -}; -/* ACL control names; keep in step with the table above! This list is used for -turning ids into names. The actual list of recognized names is in the variable -control_def controls_list[] below. The fact that there are two lists is a mess -and should be tidied up. */ - -static uschar *controls[] = { - US"allow_auth_unadvertised", -#ifdef EXPERIMENTAL_BRIGHTMAIL - US"bmi_run", -#endif - US"debug", -#ifndef DISABLE_DKIM - US"dkim_disable_verify", -#endif -#ifdef EXPERIMENTAL_DMARC - US"dmarc_disable_verify", - US"dmarc_enable_forensic", -#endif - US"dscp", - US"error", - US"caseful_local_part", - US"caselower_local_part", - US"cutthrough_delivery", - US"enforce_sync", - US"no_enforce_sync", - US"freeze", - US"queue_only", - US"submission", - US"suppress_local_fixups", -#ifdef WITH_CONTENT_SCAN - US"no_mbox_unspool", -#endif - US"fakedefer", - US"fakereject", + CONTROL_QUEUE_ONLY, + CONTROL_SUBMISSION, + CONTROL_SUPPRESS_LOCAL_FIXUPS, #ifdef SUPPORT_I18N - US"utf8_downconvert", -#endif - US"no_multiline_responses", - US"no_pipelining", - US"no_delay_flush", - US"no_callout_flush" -}; - -/* Flags to indicate for which conditions/modifiers a string expansion is done -at the outer level. In the other cases, expansion already occurs in the -checking functions. */ - -static uschar cond_expand_at_top[] = { - FALSE, /* acl */ - TRUE, /* add_header */ - FALSE, /* authenticated */ -#ifdef EXPERIMENTAL_BRIGHTMAIL - TRUE, /* bmi_optin */ -#endif - TRUE, /* condition */ - TRUE, /* continue */ - TRUE, /* control */ -#ifdef EXPERIMENTAL_DCC - TRUE, /* dcc */ -#endif -#ifdef WITH_CONTENT_SCAN - TRUE, /* decode */ -#endif - TRUE, /* delay */ -#ifdef WITH_OLD_DEMIME - TRUE, /* demime */ -#endif -#ifndef DISABLE_DKIM - TRUE, /* dkim_signers */ - TRUE, /* dkim_status */ -#endif -#ifdef EXPERIMENTAL_DMARC - TRUE, /* dmarc_status */ -#endif - TRUE, /* dnslists */ - FALSE, /* domains */ - FALSE, /* encrypted */ - TRUE, /* endpass */ - FALSE, /* hosts */ - FALSE, /* local_parts */ - TRUE, /* log_message */ - TRUE, /* log_reject_target */ - TRUE, /* logwrite */ -#ifdef WITH_CONTENT_SCAN - TRUE, /* malware */ -#endif - TRUE, /* message */ -#ifdef WITH_CONTENT_SCAN - TRUE, /* mime_regex */ -#endif - TRUE, /* ratelimit */ - FALSE, /* recipients */ -#ifdef WITH_CONTENT_SCAN - TRUE, /* regex */ -#endif - TRUE, /* remove_header */ - FALSE, /* sender_domains */ - FALSE, /* senders */ - TRUE, /* set */ -#ifdef WITH_CONTENT_SCAN - TRUE, /* spam */ -#endif -#ifdef EXPERIMENTAL_SPF - TRUE, /* spf */ - TRUE, /* spf_guess */ -#endif - TRUE, /* udpsend */ - TRUE /* verify */ -}; - -/* Flags to identify the modifiers */ - -static uschar cond_modifiers[] = { - FALSE, /* acl */ - TRUE, /* add_header */ - FALSE, /* authenticated */ -#ifdef EXPERIMENTAL_BRIGHTMAIL - TRUE, /* bmi_optin */ -#endif - FALSE, /* condition */ - TRUE, /* continue */ - TRUE, /* control */ -#ifdef EXPERIMENTAL_DCC - FALSE, /* dcc */ -#endif -#ifdef WITH_CONTENT_SCAN - FALSE, /* decode */ -#endif - TRUE, /* delay */ -#ifdef WITH_OLD_DEMIME - FALSE, /* demime */ -#endif -#ifndef DISABLE_DKIM - FALSE, /* dkim_signers */ - FALSE, /* dkim_status */ -#endif -#ifdef EXPERIMENTAL_DMARC - FALSE, /* dmarc_status */ -#endif - FALSE, /* dnslists */ - FALSE, /* domains */ - FALSE, /* encrypted */ - TRUE, /* endpass */ - FALSE, /* hosts */ - FALSE, /* local_parts */ - TRUE, /* log_message */ - TRUE, /* log_reject_target */ - TRUE, /* logwrite */ -#ifdef WITH_CONTENT_SCAN - FALSE, /* malware */ -#endif - TRUE, /* message */ -#ifdef WITH_CONTENT_SCAN - FALSE, /* mime_regex */ -#endif - FALSE, /* ratelimit */ - FALSE, /* recipients */ -#ifdef WITH_CONTENT_SCAN - FALSE, /* regex */ -#endif - TRUE, /* remove_header */ - FALSE, /* sender_domains */ - FALSE, /* senders */ - TRUE, /* set */ -#ifdef WITH_CONTENT_SCAN - FALSE, /* spam */ -#endif -#ifdef EXPERIMENTAL_SPF - FALSE, /* spf */ - FALSE, /* spf_guess */ + CONTROL_UTF8_DOWNCONVERT, #endif - TRUE, /* udpsend */ - FALSE /* verify */ }; -/* Bit map vector of which conditions and modifiers are not allowed at certain -times. For each condition and modifier, there's a bitmap of dis-allowed times. -For some, it is easier to specify the negation of a small number of allowed -times. */ -static unsigned int cond_forbids[] = { - 0, /* acl */ - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_DKIM)| - (1<<ACL_WHERE_NOTSMTP_START)), - - (1<<ACL_WHERE_NOTSMTP)| /* authenticated */ - (1<<ACL_WHERE_NOTSMTP_START)| - (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO), - - #ifdef EXPERIMENTAL_BRIGHTMAIL - (1<<ACL_WHERE_AUTH)| /* bmi_optin */ - (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)| - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_MAILAUTH)| - (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)| - (1<<ACL_WHERE_NOTSMTP_START), - #endif - - 0, /* condition */ - - 0, /* continue */ - /* Certain types of control are always allowed, so we let it through - always and check in the control processing itself. */ - - 0, /* control */ - - #ifdef EXPERIMENTAL_DCC - (unsigned int) - ~((1<<ACL_WHERE_DATA)| /* dcc */ - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_NOTSMTP)), - #endif - - #ifdef WITH_CONTENT_SCAN - (unsigned int) - ~(1<<ACL_WHERE_MIME), /* decode */ - #endif - - (1<<ACL_WHERE_NOTQUIT), /* delay */ - - #ifdef WITH_OLD_DEMIME - (unsigned int) - ~((1<<ACL_WHERE_DATA)| /* demime */ - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_NOTSMTP)), - #endif - - #ifndef DISABLE_DKIM - (unsigned int) - ~(1<<ACL_WHERE_DKIM), /* dkim_signers */ - - (unsigned int) - ~(1<<ACL_WHERE_DKIM), /* dkim_status */ - #endif - - #ifdef EXPERIMENTAL_DMARC - (unsigned int) - ~(1<<ACL_WHERE_DATA), /* dmarc_status */ - #endif - - /* Explicit key lookups can be made in non-smtp ACLs so pass - always and check in the verify processing itself. */ - - 0, /* dnslists */ - - (unsigned int) - ~((1<<ACL_WHERE_RCPT) /* domains */ - |(1<<ACL_WHERE_VRFY) - #ifndef DISABLE_PRDR - |(1<<ACL_WHERE_PRDR) - #endif - ), - - (1<<ACL_WHERE_NOTSMTP)| /* encrypted */ - (1<<ACL_WHERE_CONNECT)| - (1<<ACL_WHERE_NOTSMTP_START)| - (1<<ACL_WHERE_HELO), - - 0, /* endpass */ - - (1<<ACL_WHERE_NOTSMTP)| /* hosts */ - (1<<ACL_WHERE_NOTSMTP_START), +/* Structure listing various control arguments, with their characteristics. +For each control, there's a bitmap of dis-allowed times. For some, it is easier +to specify the negation of a small number of allowed times. */ - (unsigned int) - ~((1<<ACL_WHERE_RCPT) /* local_parts */ - |(1<<ACL_WHERE_VRFY) - #ifndef DISABLE_PRDR - |(1<<ACL_WHERE_PRDR) - #endif - ), - - 0, /* log_message */ - - 0, /* log_reject_target */ - - 0, /* logwrite */ - - #ifdef WITH_CONTENT_SCAN - (unsigned int) - ~((1<<ACL_WHERE_DATA)| /* malware */ - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_NOTSMTP)), - #endif - - 0, /* message */ - - #ifdef WITH_CONTENT_SCAN - (unsigned int) - ~(1<<ACL_WHERE_MIME), /* mime_regex */ - #endif - - 0, /* ratelimit */ - - (unsigned int) - ~(1<<ACL_WHERE_RCPT), /* recipients */ - - #ifdef WITH_CONTENT_SCAN - (unsigned int) - ~((1<<ACL_WHERE_DATA)| /* regex */ - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_MIME)), - #endif - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* remove_header */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_NOTSMTP_START)), - - (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* sender_domains */ - (1<<ACL_WHERE_HELO)| - (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| - (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), - - (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* senders */ - (1<<ACL_WHERE_HELO)| - (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| - (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), - - 0, /* set */ - - #ifdef WITH_CONTENT_SCAN - (unsigned int) - ~((1<<ACL_WHERE_DATA)| /* spam */ - #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| - #endif - (1<<ACL_WHERE_NOTSMTP)), - #endif - - #ifdef EXPERIMENTAL_SPF - (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* spf */ - (1<<ACL_WHERE_HELO)| - (1<<ACL_WHERE_MAILAUTH)| - (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| - (1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_NOTSMTP_START), - - (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* spf_guess */ - (1<<ACL_WHERE_HELO)| - (1<<ACL_WHERE_MAILAUTH)| - (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| - (1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_NOTSMTP_START), - #endif - - 0, /* udpsend */ - - /* Certain types of verify are always allowed, so we let it through - always and check in the verify function itself */ - - 0 /* verify */ -}; - - -/* Bit map vector of which controls are not allowed at certain times. For -each control, there's a bitmap of dis-allowed times. For some, it is easier to -specify the negation of a small number of allowed times. */ - -static unsigned int control_forbids[] = { - (unsigned int) - ~((1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)), /* allow_auth_unadvertised */ +typedef struct control_def { + uschar *name; + BOOL has_option; /* Has /option(s) following */ + unsigned forbids; /* bitmap of dis-allowed times */ +} control_def; +static control_def controls_list[] = { + { US"allow_auth_unadvertised", FALSE, + (unsigned) + ~((1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)) + }, #ifdef EXPERIMENTAL_BRIGHTMAIL - 0, /* bmi_run */ + { US"bmi_run", FALSE, 0 }, #endif - - 0, /* debug */ + { US"caseful_local_part", FALSE, (unsigned) ~(1<<ACL_WHERE_RCPT) }, + { US"caselower_local_part", FALSE, (unsigned) ~(1<<ACL_WHERE_RCPT) }, + { US"cutthrough_delivery", TRUE, 0 }, + { US"debug", TRUE, 0 }, #ifndef DISABLE_DKIM - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dkim_disable_verify */ + { US"dkim_disable_verify", FALSE, + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| # ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| + (1<<ACL_WHERE_PRDR)| # endif - (1<<ACL_WHERE_NOTSMTP_START), + (1<<ACL_WHERE_NOTSMTP_START) + }, #endif #ifdef EXPERIMENTAL_DMARC - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dmarc_disable_verify */ - (1<<ACL_WHERE_NOTSMTP_START), - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dmarc_enable_forensic */ - (1<<ACL_WHERE_NOTSMTP_START), + { US"dmarc_disable_verify", FALSE, + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, + { US"dmarc_enable_forensic", FALSE, + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, #endif - (1<<ACL_WHERE_NOTSMTP)| - (1<<ACL_WHERE_NOTSMTP_START)| - (1<<ACL_WHERE_NOTQUIT), /* dscp */ - - 0, /* error */ - - (unsigned int) - ~(1<<ACL_WHERE_RCPT), /* caseful_local_part */ - - (unsigned int) - ~(1<<ACL_WHERE_RCPT), /* caselower_local_part */ - - (unsigned int) - 0, /* cutthrough_delivery */ - - (1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */ - (1<<ACL_WHERE_NOTSMTP_START), - - (1<<ACL_WHERE_NOTSMTP)| /* no_enforce_sync */ - (1<<ACL_WHERE_NOTSMTP_START), + { US"dscp", TRUE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)|(1<<ACL_WHERE_NOTQUIT) + }, + { US"enforce_sync", FALSE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)), + /* Pseudo-value for decode errors */ + { US"error", FALSE, 0 }, - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* queue_only */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)), - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* submission */ - (1<<ACL_WHERE_PREDATA)), - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* suppress_local_fixups */ - (1<<ACL_WHERE_PREDATA)| - (1<<ACL_WHERE_NOTSMTP_START)), - -#ifdef WITH_CONTENT_SCAN - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* no_mbox_unspool */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ - (1<<ACL_WHERE_MIME)), -#endif - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakedefer */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| + { US"fakedefer", TRUE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| + (1<<ACL_WHERE_PRDR)| #endif - (1<<ACL_WHERE_MIME)), - - (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakereject */ - (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| + (1<<ACL_WHERE_MIME)) + }, + { US"fakereject", TRUE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| #ifndef DISABLE_PRDR - (1<<ACL_WHERE_PRDR)| -#endif - (1<<ACL_WHERE_MIME)), - -#ifdef SUPPORT_I18N - 0, /* utf8_downconvert */ -#endif - - (1<<ACL_WHERE_NOTSMTP)| /* no_multiline */ - (1<<ACL_WHERE_NOTSMTP_START), - - (1<<ACL_WHERE_NOTSMTP)| /* no_pipelining */ - (1<<ACL_WHERE_NOTSMTP_START), - - (1<<ACL_WHERE_NOTSMTP)| /* no_delay_flush */ - (1<<ACL_WHERE_NOTSMTP_START), - - (1<<ACL_WHERE_NOTSMTP)| /* no_callout_flush */ - (1<<ACL_WHERE_NOTSMTP_START) -}; - -/* Structure listing various control arguments, with their characteristics. */ - -typedef struct control_def { - uschar *name; - int value; /* CONTROL_xxx value */ - BOOL has_option; /* Has /option(s) following */ -} control_def; - -static control_def controls_list[] = { - { US"allow_auth_unadvertised", CONTROL_AUTH_UNADVERTISED, FALSE }, -#ifdef EXPERIMENTAL_BRIGHTMAIL - { US"bmi_run", CONTROL_BMI_RUN, FALSE }, -#endif - { US"debug", CONTROL_DEBUG, TRUE }, -#ifndef DISABLE_DKIM - { US"dkim_disable_verify", CONTROL_DKIM_VERIFY, FALSE }, -#endif -#ifdef EXPERIMENTAL_DMARC - { US"dmarc_disable_verify", CONTROL_DMARC_VERIFY, FALSE }, - { US"dmarc_enable_forensic", CONTROL_DMARC_FORENSIC, FALSE }, + (1<<ACL_WHERE_PRDR)| #endif - { US"dscp", CONTROL_DSCP, TRUE }, - { US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE }, - { US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART, FALSE }, - { US"enforce_sync", CONTROL_ENFORCE_SYNC, FALSE }, - { US"freeze", CONTROL_FREEZE, TRUE }, - { US"no_callout_flush", CONTROL_NO_CALLOUT_FLUSH, FALSE }, - { US"no_delay_flush", CONTROL_NO_DELAY_FLUSH, FALSE }, - { US"no_enforce_sync", CONTROL_NO_ENFORCE_SYNC, FALSE }, - { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE }, - { US"no_pipelining", CONTROL_NO_PIPELINING, FALSE }, - { US"queue_only", CONTROL_QUEUE_ONLY, FALSE }, + (1<<ACL_WHERE_MIME)) + }, + { US"freeze", TRUE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| + // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)) + }, + + { US"no_callout_flush", FALSE, + (1<<ACL_WHERE_NOTSMTP)| (1<<ACL_WHERE_NOTSMTP_START) + }, + { US"no_delay_flush", FALSE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, + + { US"no_enforce_sync", FALSE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, #ifdef WITH_CONTENT_SCAN - { US"no_mbox_unspool", CONTROL_NO_MBOX_UNSPOOL, FALSE }, + { US"no_mbox_unspool", FALSE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| + // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ + (1<<ACL_WHERE_MIME)) + }, #endif - { US"fakedefer", CONTROL_FAKEDEFER, TRUE }, - { US"fakereject", CONTROL_FAKEREJECT, TRUE }, - { US"submission", CONTROL_SUBMISSION, TRUE }, - { US"suppress_local_fixups", CONTROL_SUPPRESS_LOCAL_FIXUPS, FALSE }, - { US"cutthrough_delivery", CONTROL_CUTTHROUGH_DELIVERY, FALSE }, + { US"no_multiline_responses", FALSE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, + { US"no_pipelining", FALSE, + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START) + }, + + { US"queue_only", FALSE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| + (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| + // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */ + (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)) + }, + { US"submission", TRUE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)) + }, + { US"suppress_local_fixups", FALSE, + (unsigned) + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START)) + }, #ifdef SUPPORT_I18N - { US"utf8_downconvert", CONTROL_UTF8_DOWNCONVERT, TRUE } + { US"utf8_downconvert", TRUE, 0 } #endif - }; +}; /* Support data structures for Client SMTP Authorization. acl_verify_csa() caches its result in a tree to avoid repeated DNS queries. The result is an @@ -824,6 +578,68 @@ static int acl_check_wargs(int, address_item *, const uschar *, int, uschar **, /************************************************* +* Find control in list * +*************************************************/ + +/* The lists are always in order, so binary chop can be used. + +Arguments: + name the control name to search for + ol the first entry in the control list + last one more than the offset of the last entry in the control list + +Returns: index of a control entry, or -1 if not found +*/ + +static int +find_control(const uschar * name, control_def * ol, int last) +{ +int first = 0; +while (last > first) + { + int middle = (first + last)/2; + uschar * s = ol[middle].name; + int c = Ustrncmp(name, s, Ustrlen(s)); + if (c == 0) return middle; + else if (c > 0) first = middle + 1; + else last = middle; + } +return -1; +} + + + +/************************************************* +* Pick out condition from list * +*************************************************/ + +/* Use a binary chop method + +Arguments: + name name to find + list list of conditions + end size of list + +Returns: offset in list, or -1 if not found +*/ + +static int +acl_checkcondition(uschar * name, condition_def * list, int end) +{ +int start = 0; +while (start < end) + { + int mid = (start + end)/2; + int c = Ustrcmp(name, list[mid].name); + if (c == 0) return mid; + if (c < 0) end = mid; + else start = mid + 1; + } +return -1; +} + + +/************************************************* * Pick out name from list * *************************************************/ @@ -910,8 +726,7 @@ while ((s = (*func)()) != NULL) /* If a verb is unrecognized, it may be another condition or modifier that continues the previous verb. */ - v = acl_checkname(name, verbs, sizeof(verbs)/sizeof(char *)); - if (v < 0) + if ((v = acl_checkname(name, verbs, nelem(verbs))) < 0) { if (this == NULL) { @@ -948,8 +763,7 @@ while ((s = (*func)()) != NULL) /* Handle a condition or modifier. */ - c = acl_checkname(name, conditions, sizeof(conditions)/sizeof(char *)); - if (c < 0) + if ((c = acl_checkcondition(name, conditions, nelem(conditions))) < 0) { *error = string_sprintf("unknown ACL condition/modifier in \"%s\"", saveline); @@ -958,10 +772,10 @@ while ((s = (*func)()) != NULL) /* The modifiers may not be negated */ - if (negated && cond_modifiers[c]) + if (negated && conditions[c].is_modifier) { *error = string_sprintf("ACL error: negation is not allowed with " - "\"%s\"", conditions[c]); + "\"%s\"", conditions[c].name); return NULL; } @@ -972,7 +786,7 @@ while ((s = (*func)()) != NULL) this->verb != ACL_DISCARD) { *error = string_sprintf("ACL error: \"%s\" is not allowed with \"%s\"", - conditions[c], verbs[this->verb]); + conditions[c].name, verbs[this->verb]); return NULL; } @@ -1039,7 +853,7 @@ while ((s = (*func)()) != NULL) if (*s++ != '=') { *error = string_sprintf("\"=\" missing after ACL \"%s\" %s", name, - cond_modifiers[c]? US"modifier" : US"condition"); + conditions[c].is_modifier ? US"modifier" : US"condition"); return NULL; } while (isspace(*s)) s++; @@ -1076,9 +890,9 @@ while (*hstring == '\n') hstring++, hlen--; /* An empty string does nothing; ensure exactly one final newline. */ if (hlen <= 0) return; -if (hstring[--hlen] != '\n') +if (hstring[--hlen] != '\n') /* no newline */ q = string_sprintf("%s\n", hstring); -else if (hstring[hlen-1] == '\n') +else if (hstring[hlen-1] == '\n') /* double newline */ { uschar * s = string_copy(hstring); while(s[--hlen] == '\n') @@ -1101,7 +915,7 @@ for (p = q; *p != 0; ) for (;;) { - q = Ustrchr(q, '\n'); + q = Ustrchr(q, '\n'); /* we know there was a newline */ if (*(++q) != ' ' && *q != '\t') break; } @@ -1180,11 +994,11 @@ uschar * fn_hdrs_added(void) { uschar * ret = NULL; +int size = 0; +int ptr = 0; header_line * h = acl_added_headers; uschar * s; uschar * cp; -int size = 0; -int ptr = 0; if (!h) return NULL; @@ -1196,13 +1010,13 @@ do if (cp[1] == '\0') break; /* contains embedded newline; needs doubling */ - ret = string_cat(ret, &size, &ptr, s, cp-s+1); - ret = string_cat(ret, &size, &ptr, US"\n", 1); + ret = string_catn(ret, &size, &ptr, s, cp-s+1); + ret = string_catn(ret, &size, &ptr, US"\n", 1); s = cp+1; } /* last bit of header */ - ret = string_cat(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */ + ret = string_catn(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */ } while((h = h->next)); @@ -1469,7 +1283,6 @@ acl_verify_csa(const uschar *domain) { tree_node *t; const uschar *found; -uschar *p; int priority, weight, port; dns_answer dnsa; dns_scan dnss; @@ -1547,14 +1360,13 @@ switch (dns_special_lookup(&dnsa, domain, T_CSA, &found)) /* Scan the reply for well-formed CSA SRV records. */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr != NULL; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) + rr; + rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV) { - if (rr->type != T_SRV) continue; + const uschar * p = rr->data; /* Extract the numerical SRV fields (p is incremented) */ - p = rr->data; GETSHORT(priority, p); GETSHORT(weight, p); GETSHORT(port, p); @@ -1573,12 +1385,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); SRV records of their own. */ if (Ustrcmp(found, domain) != 0) - { - if (port & 1) - return t->data.val = CSA_FAIL_EXPLICIT; - else - return t->data.val = CSA_UNKNOWN; - } + return t->data.val = port & 1 ? CSA_FAIL_EXPLICIT : CSA_UNKNOWN; /* This CSA SRV record refers directly to our domain, so we check the value in the weight field to work out the domain's authorization. 0 and 1 are @@ -2026,15 +1833,15 @@ message if giving out verification details. */ if (verify_header_sender) { int verrno; - rc = verify_check_header_address(user_msgptr, log_msgptr, callout, + + if ((rc = verify_check_header_address(user_msgptr, log_msgptr, callout, callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options, - &verrno); - if (rc != OK) + &verrno)) != OK) { *basic_errno = verrno; if (smtp_return_error_details) { - if (*user_msgptr == NULL && *log_msgptr != NULL) + if (!*user_msgptr && *log_msgptr) *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); if (rc == DEFER) acl_temp_details = TRUE; } @@ -2056,10 +1863,9 @@ Therefore, we always do a full sender verify when any kind of callout is specified. Caching elsewhere, for instance in the DNS resolver and in the callout handling, should ensure that this is not terribly inefficient. */ -else if (verify_sender_address != NULL) +else if (verify_sender_address) { - if ((verify_options & (vopt_callout_recipsender|vopt_callout_recippmaster)) - != 0) + if ((verify_options & (vopt_callout_recipsender|vopt_callout_recippmaster))) { *log_msgptr = US"use_sender or use_postmaster cannot be used for a " "sender verify callout"; @@ -2075,7 +1881,9 @@ else if (verify_sender_address != NULL) callout that was done previously). If the "routed" flag is not set, routing must have failed, so we use the saved return code. */ - if (testflag(sender_vaddr, af_verify_routed)) rc = OK; else + if (testflag(sender_vaddr, af_verify_routed)) + rc = OK; + else { rc = sender_vaddr->special_action; *basic_errno = sender_vaddr->basic_errno; @@ -2129,22 +1937,21 @@ else if (verify_sender_address != NULL) HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); - if (rc == OK) - { - if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0) - { - DEBUG(D_acl) debug_printf("sender %s verified ok as %s\n", - verify_sender_address, sender_vaddr->address); - } - else - { - DEBUG(D_acl) debug_printf("sender %s verified ok\n", - verify_sender_address); - } - } - else *basic_errno = sender_vaddr->basic_errno; + if (rc != OK) + *basic_errno = sender_vaddr->basic_errno; + else + DEBUG(D_acl) + { + if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0) + debug_printf("sender %s verified ok as %s\n", + verify_sender_address, sender_vaddr->address); + else + debug_printf("sender %s verified ok\n", + verify_sender_address); + } } - else rc = OK; /* Null sender */ + else + rc = OK; /* Null sender */ /* Cache the result code */ @@ -2265,26 +2072,20 @@ Returns: CONTROL_xxx value static int decode_control(const uschar *arg, const uschar **pptr, int where, uschar **log_msgptr) { -int len; -control_def *d; +int idx, len; +control_def * d; -for (d = controls_list; - d < controls_list + sizeof(controls_list)/sizeof(control_def); - d++) - { - len = Ustrlen(d->name); - if (Ustrncmp(d->name, arg, len) == 0) break; - } - -if (d >= controls_list + sizeof(controls_list)/sizeof(control_def) || - (arg[len] != 0 && (!d->has_option || arg[len] != '/'))) +if ( (idx = find_control(arg, controls_list, nelem(controls_list))) < 0 + || ( arg[len = Ustrlen((d = controls_list+idx)->name)] != 0 + && (!d->has_option || arg[len] != '/') + ) ) { *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg); return CONTROL_ERROR; } *pptr = arg + len; -return d->value; +return idx; } @@ -2376,17 +2177,13 @@ rate measurement as opposed to rate limiting. */ sender_rate_limit = string_nextinlist(&arg, &sep, NULL, 0); if (sender_rate_limit == NULL) - { - limit = -1.0; - ss = NULL; /* compiler quietening */ - } -else - { - limit = Ustrtod(sender_rate_limit, &ss); - if (tolower(*ss) == 'k') { limit *= 1024.0; ss++; } - else if (tolower(*ss) == 'm') { limit *= 1024.0*1024.0; ss++; } - else if (tolower(*ss) == 'g') { limit *= 1024.0*1024.0*1024.0; ss++; } - } + return ratelimit_error(log_msgptr, "sender rate limit not set"); + +limit = Ustrtod(sender_rate_limit, &ss); +if (tolower(*ss) == 'k') { limit *= 1024.0; ss++; } +else if (tolower(*ss) == 'm') { limit *= 1024.0*1024.0; ss++; } +else if (tolower(*ss) == 'g') { limit *= 1024.0*1024.0*1024.0; ss++; } + if (limit < 0.0 || *ss != '\0') return ratelimit_error(log_msgptr, "\"%s\" is not a positive number", sender_rate_limit); @@ -2892,17 +2689,17 @@ uschar * errstr; hostname = string_nextinlist(&arg, &sep, NULL, 0); portstr = string_nextinlist(&arg, &sep, NULL, 0); -if (hostname == NULL) +if (!hostname) { *log_msgptr = US"missing destination host in \"udpsend\" modifier"; return ERROR; } -if (portstr == NULL) +if (!portstr) { *log_msgptr = US"missing destination port in \"udpsend\" modifier"; return ERROR; } -if (arg == NULL) +if (!arg) { *log_msgptr = US"missing datagram payload in \"udpsend\" modifier"; return ERROR; @@ -3001,8 +2798,6 @@ acl_check_condition(int verb, acl_condition_block *cb, int where, { uschar *user_message = NULL; uschar *log_message = NULL; -uschar *debug_tag = NULL; -uschar *debug_opts = NULL; int rc = OK; #ifdef WITH_CONTENT_SCAN int sep = -'/'; @@ -3043,7 +2838,7 @@ for (; cb != NULL; cb = cb->next) of them, but not for all, because expansion happens down in some lower level checking functions in some cases. */ - if (cond_expand_at_top[cb->type]) + if (conditions[cb->type].expand_at_top) { arg = expand_string(cb->arg); if (arg == NULL) @@ -3062,8 +2857,8 @@ for (; cb != NULL; cb = cb->next) { int lhswidth = 0; debug_printf("check %s%s %n", - (!cond_modifiers[cb->type] && cb->u.negated)? "!":"", - conditions[cb->type], &lhswidth); + (!conditions[cb->type].is_modifier && cb->u.negated)? "!":"", + conditions[cb->type].name, &lhswidth); if (cb->type == ACLC_SET) { @@ -3080,11 +2875,11 @@ for (; cb != NULL; cb = cb->next) /* Check that this condition makes sense at this time */ - if ((cond_forbids[cb->type] & (1 << where)) != 0) + if ((conditions[cb->type].forbids & (1 << where)) != 0) { *log_msgptr = string_sprintf("cannot %s %s condition in %s ACL", - cond_modifiers[cb->type]? "use" : "test", - conditions[cb->type], acl_wherenames[where]); + conditions[cb->type].is_modifier ? "use" : "test", + conditions[cb->type].name, acl_wherenames[where]); return ERROR; } @@ -3155,10 +2950,10 @@ for (; cb != NULL; cb = cb->next) /* Check if this control makes sense at this time */ - if ((control_forbids[control_type] & (1 << where)) != 0) + if (controls_list[control_type].forbids & (1 << where)) { *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL", - controls[control_type], acl_wherenames[where]); + controls_list[control_type].name, acl_wherenames[where]); return ERROR; } @@ -3354,24 +3149,39 @@ for (; cb != NULL; cb = cb->next) break; case CONTROL_DEBUG: - while (*p == '/') { - if (Ustrncmp(p, "/tag=", 5) == 0) - { - const uschar *pp = p + 5; - while (*pp != '\0' && *pp != '/') pp++; - debug_tag = string_copyn(p+5, pp-p-5); - p = pp; - } - else if (Ustrncmp(p, "/opts=", 6) == 0) + uschar * debug_tag = NULL; + uschar * debug_opts = NULL; + BOOL kill = FALSE; + + while (*p == '/') { - const uschar *pp = p + 6; - while (*pp != '\0' && *pp != '/') pp++; - debug_opts = string_copyn(p+6, pp-p-6); + const uschar * pp = p+1; + if (Ustrncmp(pp, "tag=", 4) == 0) + { + for (pp += 4; *pp && *pp != '/';) pp++; + debug_tag = string_copyn(p+5, pp-p-5); + } + else if (Ustrncmp(pp, "opts=", 5) == 0) + { + for (pp += 5; *pp && *pp != '/';) pp++; + debug_opts = string_copyn(p+6, pp-p-6); + } + else if (Ustrncmp(pp, "kill", 4) == 0) + { + for (pp += 4; *pp && *pp != '/';) pp++; + kill = TRUE; + } + else + while (*pp && *pp != '/') pp++; p = pp; } + + if (kill) + debug_logging_stop(); + else + debug_logging_activate(debug_tag, debug_opts); } - debug_logging_activate(debug_tag, debug_opts); break; case CONTROL_SUPPRESS_LOCAL_FIXUPS: @@ -3398,7 +3208,23 @@ for (; cb != NULL; cb = cb->next) *log_msgptr = US"fakereject"; else { - if (rcpt_count == 1) cutthrough.delivery = TRUE; + if (rcpt_count == 1) + { + cutthrough.delivery = TRUE; + while (*p == '/') + { + const uschar * pp = p+1; + if (Ustrncmp(pp, "defer=", 6) == 0) + { + pp += 6; + if (Ustrncmp(pp, "pass", 4) == 0) cutthrough.defer_pass = TRUE; + /* else if (Ustrncmp(pp, "spool") == 0) ; default */ + } + else + while (*pp && *pp != '/') pp++; + p = pp; + } + } break; } *log_msgptr = string_sprintf("\"control=%s\" on %s item", @@ -3537,19 +3363,13 @@ for (; cb != NULL; cb = cb->next) } break; - #ifdef WITH_OLD_DEMIME - case ACLC_DEMIME: - rc = demime(&arg); - break; - #endif - #ifndef DISABLE_DKIM case ACLC_DKIM_SIGNER: if (dkim_cur_signer != NULL) rc = match_isinlist(dkim_cur_signer, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); else - rc = FAIL; + rc = FAIL; break; case ACLC_DKIM_STATUS: @@ -3708,6 +3528,10 @@ for (; cb != NULL; cb = cb->next) break; #endif + case ACLC_QUEUE: + queue_name = string_copy_malloc(arg); + break; + case ACLC_RATELIMIT: rc = acl_ratelimit(arg, where, log_msgptr); break; @@ -3813,11 +3637,9 @@ for (; cb != NULL; cb = cb->next) /* If a condition was negated, invert OK/FAIL. */ - if (!cond_modifiers[cb->type] && cb->u.negated) - { + if (!conditions[cb->type].is_modifier && cb->u.negated) if (rc == OK) rc = FAIL; - else if (rc == FAIL || rc == FAIL_DROP) rc = OK; - } + else if (rc == FAIL || rc == FAIL_DROP) rc = OK; if (rc != OK) break; /* Conditions loop */ } @@ -4489,8 +4311,8 @@ and WHERE_RCPT and not yet opened conn as result of recipient-verify, and rcpt acl returned accept, and first recipient (cancel on any subsequents) open one now and run it up to RCPT acceptance. -A failed verify should cancel cutthrough request. - +A failed verify should cancel cutthrough request, +and will pass the fail to the originator. Initial implementation: dual-write to spool. Assume the rxd datastream is now being copied byte-for-byte to an open cutthrough connection. @@ -4504,30 +4326,50 @@ If temp-reject, close the conn (and keep the spooled copy). If conn-failure, no action (and keep the spooled copy). */ switch (where) -{ -case ACL_WHERE_RCPT: + { + case ACL_WHERE_RCPT: #ifndef DISABLE_PRDR -case ACL_WHERE_PRDR: + case ACL_WHERE_PRDR: #endif - if (rc == OK && cutthrough.delivery && rcpt_count > cutthrough.nrcpt) - open_cutthrough_connection(addr); - break; + if (host_checking_callout) /* -bhc mode */ + cancel_cutthrough_connection("host-checking mode"); + + else if ( rc == OK + && cutthrough.delivery + && rcpt_count > cutthrough.nrcpt + && (rc = open_cutthrough_connection(addr)) == DEFER + ) + if (cutthrough.defer_pass) + { + uschar * s = addr->message; + /* Horrid kludge to recover target's SMTP message */ + while (*s) s++; + do --s; while (!isdigit(*s)); + if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s; + acl_temp_details = TRUE; + } + else + { + HDEBUG(D_acl) debug_printf("cutthrough defer; will spool\n"); + rc = OK; + } + break; -case ACL_WHERE_PREDATA: - if( rc == OK ) - cutthrough_predata(); - else - cancel_cutthrough_connection("predata acl not ok"); - break; + case ACL_WHERE_PREDATA: + if (rc == OK) + cutthrough_predata(); + else + cancel_cutthrough_connection("predata acl not ok"); + break; -case ACL_WHERE_QUIT: -case ACL_WHERE_NOTQUIT: - cancel_cutthrough_connection("quit or notquit"); - break; + case ACL_WHERE_QUIT: + case ACL_WHERE_NOTQUIT: + cancel_cutthrough_connection("quit or notquit"); + break; -default: - break; -} + default: + break; + } deliver_domain = deliver_localpart = deliver_address_data = sender_address_data = NULL; diff --git a/src/src/auths/Makefile b/src/src/auths/Makefile index 358d018e3..62ce9d0a9 100644 --- a/src/src/auths/Makefile +++ b/src/src/auths/Makefile @@ -8,7 +8,7 @@ OBJ = auth-spa.o call_pam.o call_pwcheck.o \ call_radius.o check_serv_cond.o cram_md5.o cyrus_sasl.o dovecot.o \ get_data.o get_no64_data.o gsasl_exim.o heimdal_gssapi.o \ - md5.o plaintext.o pwcheck.o sha1.o \ + md5.o plaintext.o pwcheck.o \ spa.o tls.o xtextdecode.o xtextencode.o auths.a: $(OBJ) @@ -30,7 +30,6 @@ get_data.o: $(HDRS) get_data.c get_no64_data.o: $(HDRS) get_no64_data.c md5.o: $(HDRS) md5.c pwcheck.o: $(HDRS) pwcheck.c pwcheck.h -sha1.o: $(HDRS) sha1.c xtextdecode.o: $(HDRS) xtextdecode.c xtextencode.o: $(HDRS) xtextencode.c diff --git a/src/src/auths/auth-spa.c b/src/src/auths/auth-spa.c index 9abc7b778..d1df7f2cb 100644 --- a/src/src/auths/auth-spa.c +++ b/src/src/auths/auth-spa.c @@ -68,7 +68,7 @@ int main (int argc, char ** argv) spa_build_auth_request (&request, username, domain); - spa_bits_to_base64 (msgbuf, (unsigned char*)&request, + spa_bits_to_base64 (msgbuf, US &request, spa_request_length(&request)); printf ("SPA Login request for username=%s:\n %s\n", @@ -91,7 +91,7 @@ int main (int argc, char ** argv) } spa_build_auth_response (&challenge, &response, username, password); - spa_bits_to_base64 (msgbuf, (unsigned char*)&response, + spa_bits_to_base64 (msgbuf, US &response, spa_request_length(&response)); printf ("SPA Response to challenge:\n %s\n for " \ @@ -153,87 +153,73 @@ int main (int argc, char ** argv) up with a different answer to the one above) */ -#define DEBUG(a,b) ; +#define DEBUG_X(a,b) ; extern int DEBUGLEVEL; -#include <sys/types.h> /* For size_t */ +#include "../exim.h" #include "auth-spa.h" #include <assert.h> -#include <ctype.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -#ifndef _AIX -typedef unsigned char uchar; -#endif - -typedef int BOOL; -#define False 0 -#define True 1 #ifndef _BYTEORDER_H -#define _BYTEORDER_H +# define _BYTEORDER_H -#define RW_PCVAL(read,inbuf,outbuf,len) \ +# define RW_PCVAL(read,inbuf,outbuf,len) \ { if (read) { PCVAL (inbuf,0,outbuf,len); } \ else { PSCVAL(inbuf,0,outbuf,len); } } -#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ +# define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } -#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ +# define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } -#define RW_CVAL(read, inbuf, outbuf, offset) \ +# define RW_CVAL(read, inbuf, outbuf, offset) \ { if (read) { (outbuf) = CVAL (inbuf,offset); } \ else { SCVAL(inbuf,offset,outbuf); } } -#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ +# define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } -#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ +# define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } -#undef CAREFUL_ALIGNMENT +# undef CAREFUL_ALIGNMENT /* we know that the 386 can handle misalignment and has the "right" byteorder */ -#ifdef __i386__ -#define CAREFUL_ALIGNMENT 0 -#endif +# ifdef __i386__ +# define CAREFUL_ALIGNMENT 0 +# endif -#ifndef CAREFUL_ALIGNMENT -#define CAREFUL_ALIGNMENT 1 -#endif +# ifndef CAREFUL_ALIGNMENT +# define CAREFUL_ALIGNMENT 1 +# endif -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) +# define CVAL(buf,pos) ((US (buf))[pos]) +# define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +# define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) -#if CAREFUL_ALIGNMENT +# if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16x)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32x)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16x)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32x)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16x)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32x)(val))) +# define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) +# define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) +# define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +# define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) +# define SVALS(buf,pos) ((int16x)SVAL(buf,pos)) +# define IVALS(buf,pos) ((int32x)IVAL(buf,pos)) +# define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16x)(val))) +# define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32x)(val))) +# define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16x)(val))) +# define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32x)(val))) -#else /* CAREFUL_ALIGNMENT */ +# else /* CAREFUL_ALIGNMENT */ /* this handles things for architectures like the 386 that can handle alignment errors */ @@ -243,116 +229,116 @@ typedef int BOOL; */ /* get single value from an SMB buffer */ -#define SVAL(buf,pos) (*(uint16x *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32x *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16x *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32x *)((char *)(buf) + (pos))) +# define SVAL(buf,pos) (*(uint16x *)((char *)(buf) + (pos))) +# define IVAL(buf,pos) (*(uint32x *)((char *)(buf) + (pos))) +# define SVALS(buf,pos) (*(int16x *)((char *)(buf) + (pos))) +# define IVALS(buf,pos) (*(int32x *)((char *)(buf) + (pos))) /* store single value in an SMB buffer */ -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16x)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32x)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16x)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32x)(val)) +# define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16x)(val)) +# define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32x)(val)) +# define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16x)(val)) +# define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32x)(val)) -#endif /* CAREFUL_ALIGNMENT */ +# endif /* CAREFUL_ALIGNMENT */ /* macros for reading / writing arrays */ -#define SMBMACRO(macro,buf,pos,val,len,size) \ +# define SMBMACRO(macro,buf,pos,val,len,size) \ { int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } -#define SSMBMACRO(macro,buf,pos,val,len,size) \ +# define SSMBMACRO(macro,buf,pos,val,len,size) \ { int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } /* reads multiple data from an SMB buffer */ -#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) -#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) -#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) -#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) -#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) -#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) +# define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) +# define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) +# define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) +# define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) +# define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) +# define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) /* stores multiple data in an SMB buffer */ -#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) -#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) -#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) -#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) -#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) -#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) +# define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) +# define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) +# define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) +# define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) +# define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) +# define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) /* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) - -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) -#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) +# define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) +# define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) + +# define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +# define RSVALS(buf,pos) SREV(SVALS(buf,pos)) +# define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +# define RIVALS(buf,pos) IREV(IVALS(buf,pos)) +# define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +# define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) +# define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) +# define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) /* reads multiple data from an SMB buffer (big-endian) */ -#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) -#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) -#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) -#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) +# define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) +# define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) +# define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) +# define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) /* stores multiple data in an SMB buffer (big-endian) */ -#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) -#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) -#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) -#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) +# define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) +# define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) +# define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) +# define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) -#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ +# define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ { RW_PCVAL(read,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ + DEBUG_X(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } + if (charmode) print_asc(5, US (outbuf), (len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG_X(5,("%02x ", (outbuf)[idx])); } } \ + DEBUG_X(5,("\n")); } -#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ +# define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ + DEBUG_X(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } + if (charmode) print_asc(5, US (outbuf), 2*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG_X(5,("%04x ", (outbuf)[idx])); } } \ + DEBUG_X(5,("\n")); } -#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ +# define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ + DEBUG_X(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } + if (charmode) print_asc(5, US (outbuf), 4*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG_X(5,("%08x ", (outbuf)[idx])); } } \ + DEBUG_X(5,("\n")); } -#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ +# define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ { RW_CVAL(read,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %02x\n", \ + DEBUG_X(5,("%s%04x %s: %02x\n", \ tab_depth(depth), base, string, outbuf)); } -#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ +# define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %04x\n", \ + DEBUG_X(5,("%s%04x %s: %04x\n", \ tab_depth(depth), base, string, outbuf)); } -#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ +# define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %08x\n", \ + DEBUG_X(5,("%s%04x %s: %08x\n", \ tab_depth(depth), base, string, outbuf)); } #endif /* _BYTEORDER_H */ -void E_P16 (unsigned char *p14, unsigned char *p16); -void E_P24 (unsigned char *p21, unsigned char *c8, unsigned char *p24); -void D_P16 (unsigned char *p14, unsigned char *in, unsigned char *out); -void SMBOWFencrypt (uchar passwd[16], uchar * c8, uchar p24[24]); +void E_P16 (uschar *p14, uschar *p16); +void E_P24 (uschar *p21, uschar *c8, uschar *p24); +void D_P16 (uschar *p14, uschar *in, uschar *out); +void SMBOWFencrypt (uschar passwd[16], uschar * c8, uschar p24[24]); -void mdfour (unsigned char *out, unsigned char *in, int n); +void mdfour (uschar *out, uschar *in, int n); /* @@ -385,7 +371,7 @@ static const char base64val[] = { #define DECODE64(c) (isascii(c) ? base64val[c] : BAD) void -spa_bits_to_base64 (unsigned char *out, const unsigned char *in, int inlen) +spa_bits_to_base64 (uschar *out, const uschar *in, int inlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { for (; inlen >= 3; inlen -= 3) @@ -398,7 +384,7 @@ spa_bits_to_base64 (unsigned char *out, const unsigned char *in, int inlen) } if (inlen > 0) { - unsigned char fragment; + uschar fragment; *out++ = base64digits[in[0] >> 2]; fragment = (in[0] << 4) & 0x30; @@ -419,7 +405,7 @@ spa_base64_to_bits (char *out, int outlength, const char *in) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ { int len = 0; - register unsigned char digit1, digit2, digit3, digit4; + register uschar digit1, digit2, digit3, digit4; if (in[0] == '+' && in[1] == ' ') in += 2; @@ -467,9 +453,7 @@ spa_base64_to_bits (char *out, int outlength, const char *in) } -#define uchar unsigned char - -static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, +static uschar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, @@ -479,7 +463,7 @@ static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, 21, 13, 5, 28, 20, 12, 4 }; -static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, +static uschar perm2[48] = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, @@ -489,7 +473,7 @@ static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, 46, 42, 50, 36, 29, 32 }; -static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, +static uschar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, @@ -499,7 +483,7 @@ static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 63, 55, 47, 39, 31, 23, 15, 7 }; -static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, +static uschar perm4[48] = { 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, @@ -509,7 +493,7 @@ static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, 28, 29, 30, 31, 32, 1 }; -static uchar perm5[32] = { 16, 7, 20, 21, +static uschar perm5[32] = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, @@ -520,7 +504,7 @@ static uchar perm5[32] = { 16, 7, 20, 21, }; -static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, +static uschar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, @@ -531,9 +515,9 @@ static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, }; -static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; +static uschar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; -static uchar sbox[8][4][16] = { +static uschar sbox[8][4][16] = { {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, @@ -576,7 +560,7 @@ static uchar sbox[8][4][16] = { }; static void -permute (char *out, char *in, uchar * p, int n) +permute (char *out, char *in, uschar * p, int n) { int i; for (i = 0; i < n; i++) @@ -696,7 +680,7 @@ dohash (char *out, char *in, char *key, int forw) } static void -str_to_key (unsigned char *str, unsigned char *key) +str_to_key (uschar *str, uschar *key) { int i; @@ -716,13 +700,13 @@ str_to_key (unsigned char *str, unsigned char *key) static void -smbhash (unsigned char *out, unsigned char *in, unsigned char *key, int forw) +smbhash (uschar *out, uschar *in, uschar *key, int forw) { int i; char outb[64]; char inb[64]; char keyb[64]; - unsigned char key2[8]; + uschar key2[8]; str_to_key (key, key2); @@ -748,15 +732,15 @@ smbhash (unsigned char *out, unsigned char *in, unsigned char *key, int forw) } void -E_P16 (unsigned char *p14, unsigned char *p16) +E_P16 (uschar *p14, uschar *p16) { - unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + uschar sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; smbhash (p16, sp8, p14, 1); smbhash (p16 + 8, sp8, p14 + 7, 1); } void -E_P24 (unsigned char *p21, unsigned char *c8, unsigned char *p24) +E_P24 (uschar *p21, uschar *c8, uschar *p24) { smbhash (p24, c8, p21, 1); smbhash (p24 + 8, c8, p21 + 7, 1); @@ -764,7 +748,7 @@ E_P24 (unsigned char *p21, unsigned char *c8, unsigned char *p24) } void -D_P16 (unsigned char *p14, unsigned char *in, unsigned char *out) +D_P16 (uschar *p14, uschar *in, uschar *out) { smbhash (out, in, p14, 0); smbhash (out + 8, in + 8, p14 + 7, 0); @@ -814,7 +798,7 @@ safe_strcpy (char *dest, const char *src, size_t maxlength) if (!dest) { - DEBUG (0, ("ERROR: NULL dest in safe_strcpy\n")); + DEBUG_X (0, ("ERROR: NULL dest in safe_strcpy\n")); return NULL; } @@ -828,7 +812,7 @@ safe_strcpy (char *dest, const char *src, size_t maxlength) if (len > maxlength) { - DEBUG (0, ("ERROR: string overflow by %d in safe_strcpy [%.50s]\n", + DEBUG_X (0, ("ERROR: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); len = maxlength; } @@ -850,7 +834,7 @@ strupper (char *s) s += skip; else { - if (islower ((unsigned char)(*s))) + if (islower ((uschar)(*s))) *s = toupper (*s); s++; } @@ -866,9 +850,9 @@ strupper (char *s) */ void -spa_smb_encrypt (uchar * passwd, uchar * c8, uchar * p24) +spa_smb_encrypt (uschar * passwd, uschar * c8, uschar * p24) { - uchar p14[15], p21[21]; + uschar p14[15], p21[21]; memset (p21, '\0', 21); memset (p14, '\0', 14); @@ -880,7 +864,7 @@ spa_smb_encrypt (uchar * passwd, uchar * c8, uchar * p24) SMBOWFencrypt (p21, c8, p24); #ifdef DEBUG_PASSWORD - DEBUG (100, ("spa_smb_encrypt: lm#, challenge, response\n")); + DEBUG_X (100, ("spa_smb_encrypt: lm#, challenge, response\n")); dump_data (100, (char *) p21, 16); dump_data (100, (char *) c8, 8); dump_data (100, (char *) p24, 24); @@ -905,7 +889,7 @@ _my_wcslen (int16x * str) */ static int -_my_mbstowcs (int16x * dst, uchar * src, int len) +_my_mbstowcs (int16x * dst, uschar * src, int len) { int i; int16x val; @@ -927,7 +911,7 @@ _my_mbstowcs (int16x * dst, uchar * src, int len) */ void -E_md4hash (uchar * passwd, uchar * p16) +E_md4hash (uschar * passwd, uschar * p16) { int len; int16x wpwd[129]; @@ -942,12 +926,12 @@ E_md4hash (uchar * passwd, uchar * p16) /* Calculate length in bytes */ len = _my_wcslen (wpwd) * sizeof (int16x); - mdfour (p16, (unsigned char *) wpwd, len); + mdfour (p16, US wpwd, len); } /* Does both the NT and LM owfs of a user's password */ void -nt_lm_owf_gen (char *pwd, uchar nt_p16[16], uchar p16[16]) +nt_lm_owf_gen (char *pwd, uschar nt_p16[16], uschar p16[16]) { char passwd[130]; @@ -956,10 +940,10 @@ nt_lm_owf_gen (char *pwd, uchar nt_p16[16], uchar p16[16]) /* Calculate the MD4 hash (NT compatible) of the password */ memset (nt_p16, '\0', 16); - E_md4hash ((uchar *) passwd, nt_p16); + E_md4hash (US passwd, nt_p16); #ifdef DEBUG_PASSWORD - DEBUG (100, ("nt_lm_owf_gen: pwd, nt#\n")); + DEBUG_X (100, ("nt_lm_owf_gen: pwd, nt#\n")); dump_data (120, passwd, strlen (passwd)); dump_data (100, (char *) nt_p16, 16); #endif @@ -971,10 +955,10 @@ nt_lm_owf_gen (char *pwd, uchar nt_p16[16], uchar p16[16]) /* Calculate the SMB (lanman) hash functions of the password */ memset (p16, '\0', 16); - E_P16 ((uchar *) passwd, (uchar *) p16); + E_P16 (US passwd, US p16); #ifdef DEBUG_PASSWORD - DEBUG (100, ("nt_lm_owf_gen: pwd, lm#\n")); + DEBUG_X (100, ("nt_lm_owf_gen: pwd, lm#\n")); dump_data (120, passwd, strlen (passwd)); dump_data (100, (char *) p16, 16); #endif @@ -984,9 +968,9 @@ nt_lm_owf_gen (char *pwd, uchar nt_p16[16], uchar p16[16]) /* Does the des encryption from the NT or LM MD4 hash. */ void -SMBOWFencrypt (uchar passwd[16], uchar * c8, uchar p24[24]) +SMBOWFencrypt (uschar passwd[16], uschar * c8, uschar p24[24]) { - uchar p21[21]; + uschar p21[21]; memset (p21, '\0', 21); @@ -996,9 +980,9 @@ SMBOWFencrypt (uchar passwd[16], uchar * c8, uchar p24[24]) /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ void -NTLMSSPOWFencrypt (uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) +NTLMSSPOWFencrypt (uschar passwd[8], uschar * ntlmchalresp, uschar p24[24]) { - uchar p21[21]; + uschar p21[21]; memset (p21, '\0', 21); memcpy (p21, passwd, 8); @@ -1006,7 +990,7 @@ NTLMSSPOWFencrypt (uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) E_P24 (p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD - DEBUG (100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); + DEBUG_X (100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); dump_data (100, (char *) p21, 21); dump_data (100, (char *) ntlmchalresp, 8); dump_data (100, (char *) p24, 24); @@ -1017,9 +1001,9 @@ NTLMSSPOWFencrypt (uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) /* Does the NT MD4 hash then des encryption. */ void -spa_smb_nt_encrypt (uchar * passwd, uchar * c8, uchar * p24) +spa_smb_nt_encrypt (uschar * passwd, uschar * c8, uschar * p24) { - uchar p21[21]; + uschar p21[21]; memset (p21, '\0', 21); @@ -1027,7 +1011,7 @@ spa_smb_nt_encrypt (uchar * passwd, uchar * c8, uchar * p24) SMBOWFencrypt (p21, c8, p24); #ifdef DEBUG_PASSWORD - DEBUG (100, ("spa_smb_nt_encrypt: nt#, challenge, response\n")); + DEBUG_X (100, ("spa_smb_nt_encrypt: nt#, challenge, response\n")); dump_data (100, (char *) p21, 16); dump_data (100, (char *) c8, 8); dump_data (100, (char *) p24, 24); @@ -1147,7 +1131,7 @@ spa_mdfour64 (uint32x * M) } static void -copy64 (uint32x * M, unsigned char *in) +copy64 (uint32x * M, uschar *in) { int i; @@ -1157,7 +1141,7 @@ copy64 (uint32x * M, unsigned char *in) } static void -copy4 (unsigned char *out, uint32x x) +copy4 (uschar *out, uint32x x) { out[0] = x & 0xFF; out[1] = (x >> 8) & 0xFF; @@ -1167,9 +1151,9 @@ copy4 (unsigned char *out, uint32x x) /* produce a md4 message digest from data of length n bytes */ void -mdfour (unsigned char *out, unsigned char *in, int n) +mdfour (uschar *out, uschar *in, int n) { - unsigned char buf[128]; + uschar buf[128]; uint32x M[16]; uint32x b = n * 8; int i; @@ -1257,13 +1241,13 @@ else \ char *p = string; \ int len = 0; \ if (p) len = strlen(p); \ -spa_bytes_add(ptr, header, ((unsigned char*)p), len); \ +spa_bytes_add(ptr, header, (US p), len); \ } #define spa_unicode_add_string(ptr, header, string) \ { \ char *p = string; \ -unsigned char *b = NULL; \ +uschar *b = NULL; \ int len = 0; \ if (p) \ { \ @@ -1278,12 +1262,15 @@ spa_bytes_add(ptr, header, b, len*2); \ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) #define GetString(structPtr, header) \ toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) + +#ifdef notdef + #define DumpBuffer(fp, structPtr, header) \ -dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) +dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) static void -dumpRaw (FILE * fp, unsigned char *buf, size_t len) +dumpRaw (FILE * fp, uschar *buf, size_t len) { int i; @@ -1293,6 +1280,8 @@ dumpRaw (FILE * fp, unsigned char *buf, size_t len) fprintf (fp, "\n"); } +#endif + char * unicodeToString (char *p, size_t len) { @@ -1311,10 +1300,10 @@ unicodeToString (char *p, size_t len) return buf; } -static unsigned char * +static uschar * strToUnicode (char *p) { - static unsigned char buf[1024]; + static uschar buf[1024]; size_t l = strlen (p); int i = 0; @@ -1329,10 +1318,10 @@ strToUnicode (char *p) return buf; } -static unsigned char * +static uschar * toString (char *p, size_t len) { - static unsigned char buf[1024]; + static uschar buf[1024]; assert (len + 1 < sizeof buf); @@ -1341,6 +1330,8 @@ toString (char *p, size_t len) return buf; } +#ifdef notdef + void dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request) { @@ -1381,6 +1372,7 @@ dumpSmbNtlmAuthResponse (FILE * fp, SPAAuthResponse * response) DumpBuffer (fp, response, sessionKey); fprintf (fp, " Flags = %08x\n", IVAL (&response->flags, 0)); } +#endif void spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain) @@ -1432,7 +1424,7 @@ spa_build_auth_challenge (SPAAuthRequest * request, SPAAuthChallenge * challenge /* generate eight pseudo random bytes (method ripped from host.c) */ for(i=0;i<8;i++) { - chalstr[i] = (unsigned char)(random_seed >> 16) % 256; + chalstr[i] = (uschar)(random_seed >> 16) % 256; random_seed = (1103515245 - (chalstr[i])) * random_seed + 12345; }; @@ -1467,8 +1459,8 @@ spa_build_auth_response (SPAAuthChallenge * challenge, *p = '\0'; } - spa_smb_encrypt ((uchar *)password, challenge->challengeData, lmRespData); - spa_smb_nt_encrypt ((uchar *)password, challenge->challengeData, ntRespData); + spa_smb_encrypt (US password, challenge->challengeData, lmRespData); + spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy (response->ident, "NTLMSSP\0\0\0", 8); @@ -1514,8 +1506,8 @@ spa_build_auth_response (SPAAuthChallenge * challenge, (const char *)GetUnicodeString(challenge, uDomain) : (const char *)GetString(challenge, uDomain)); - spa_smb_encrypt ((uchar *)password, challenge->challengeData, lmRespData); - spa_smb_nt_encrypt ((uchar *)password, challenge->challengeData, ntRespData); + spa_smb_encrypt (US password, challenge->challengeData, lmRespData); + spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy (response->ident, "NTLMSSP\0\0\0", 8); diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c index 455000ea7..c3637436d 100644 --- a/src/src/auths/call_radius.c +++ b/src/src/auths/call_radius.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file was originally supplied by Ian Kirk. The libradius support came @@ -165,6 +165,7 @@ switch (result) case OK_RC: return OK; + case REJECT_RC: case ERROR_RC: return FAIL; diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c index 2d5c0d1e2..3be00082d 100644 --- a/src/src/auths/cram_md5.c +++ b/src/src/auths/cram_md5.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -263,7 +263,7 @@ uschar digest[16]; /* If expansion of either the secret or the user name failed, return CANCELLED or ERROR, as approriate. */ -if (secret == NULL || name == NULL) +if (!secret || !name) { if (expand_string_forcedfail) { @@ -272,7 +272,7 @@ if (secret == NULL || name == NULL) } string_format(buffer, buffsize, "expansion of \"%s\" failed in " "%s authenticator: %s", - (secret == NULL)? ob->client_secret : ob->client_name, + !secret ? ob->client_secret : ob->client_name, ablock->name, expand_string_message); return ERROR; } @@ -282,7 +282,7 @@ in base 64. */ if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0) return FAIL_SEND; -if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0) +if (!smtp_read_response(inblock, buffer, buffsize, '3', timeout)) return FAIL; if (b64decode(buffer + 4, &challenge) < 0) @@ -299,8 +299,7 @@ compute_cram_md5(secret, challenge, digest); /* Create the response from the user name plus the CRAM-MD5 digest */ string_format(big_buffer, big_buffer_size - 36, "%s", name); -p = big_buffer; -while (*p != 0) p++; +for (p = big_buffer; *p; ) p++; *p++ = ' '; for (i = 0; i < 16; i++) @@ -317,8 +316,8 @@ buffer[0] = 0; if (smtp_write_command(outblock, FALSE, "%s\r\n", b64encode(big_buffer, p - big_buffer)) < 0) return FAIL_SEND; -return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)? - OK : FAIL; +return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout) + ? OK : FAIL; } #endif /* STAND_ALONE */ diff --git a/src/src/auths/dovecot.c b/src/src/auths/dovecot.c index c89411af8..5bf7b9cc3 100644 --- a/src/src/auths/dovecot.c +++ b/src/src/auths/dovecot.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> - * Copyright (c) 2006-2014 The Exim Maintainers + * Copyright (c) 2006-2016 The Exim Maintainers * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -228,244 +228,270 @@ return s; * Server entry point * *************************************************/ -int auth_dovecot_server(auth_instance *ablock, uschar *data) +int +auth_dovecot_server(auth_instance * ablock, uschar * data) { - auth_dovecot_options_block *ob = - (auth_dovecot_options_block *)(ablock->options_block); - struct sockaddr_un sa; - uschar buffer[DOVECOT_AUTH_MAXLINELEN]; - uschar *args[DOVECOT_AUTH_MAXFIELDCOUNT]; - uschar *auth_command; - uschar *auth_extra_data = US""; - uschar *p; - int nargs, tmp; - int crequid = 1, cont = 1, fd, ret = DEFER; - BOOL found = FALSE, have_mech_line = FALSE; - - HDEBUG(D_auth) debug_printf("dovecot authentication\n"); - - memset(&sa, 0, sizeof(sa)); - sa.sun_family = AF_UNIX; - - /* This was the original code here: it is nonsense because strncpy() - does not return an integer. I have converted this to use the function - that formats and checks length. PH */ - - /* - if (strncpy(sa.sun_path, ob->server_socket, sizeof(sa.sun_path)) < 0) { - */ - - if (!string_format(US sa.sun_path, sizeof(sa.sun_path), "%s", - ob->server_socket)) { - auth_defer_msg = US"authentication socket path too long"; - return DEFER; - } - - auth_defer_msg = US"authentication socket connection error"; - - fd = socket(PF_UNIX, SOCK_STREAM, 0); - if (fd < 0) - return DEFER; - - if (connect(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0) - goto out; +auth_dovecot_options_block *ob = + (auth_dovecot_options_block *) ablock->options_block; +struct sockaddr_un sa; +uschar buffer[DOVECOT_AUTH_MAXLINELEN]; +uschar *args[DOVECOT_AUTH_MAXFIELDCOUNT]; +uschar *auth_command; +uschar *auth_extra_data = US""; +uschar *p; +int nargs, tmp; +int crequid = 1, cont = 1, fd = -1, ret = DEFER; +BOOL found = FALSE, have_mech_line = FALSE; + +HDEBUG(D_auth) debug_printf("dovecot authentication\n"); + +if (!data) + { + ret = FAIL; + goto out; + } - auth_defer_msg = US"authentication socket protocol error"; +memset(&sa, 0, sizeof(sa)); +sa.sun_family = AF_UNIX; - socket_buffer_left = 0; /* Global, used to read more than a line but return by line */ - while (cont) { - if (dc_gets(buffer, sizeof(buffer), fd) == NULL) - OUT("authentication socket read error or premature eof"); - p = buffer + Ustrlen(buffer) - 1; - if (*p != '\n') { - OUT("authentication socket protocol line too long"); - } - *p = '\0'; - HDEBUG(D_auth) debug_printf("received: %s\n", buffer); - nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); - /* HDEBUG(D_auth) debug_strcut(args, nargs, sizeof(args) / sizeof(args[0])); */ - - /* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that - Exim will need. Original code also failed if Dovecot server sent unknown - command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */ - /* pdp: note that CUID is a per-connection identifier sent by the server, - which increments at server discretion. - By contrast, the "id" field of the protocol is a connection-specific request - identifier, which needs to be unique per request from the client and is not - connected to the CUID value, so we ignore CUID from server. It's purely for - diagnostics. */ - if (Ustrcmp(args[0], US"VERSION") == 0) { - CHECK_COMMAND("VERSION", 2, 2); - if (Uatoi(args[1]) != VERSION_MAJOR) - OUT("authentication socket protocol version mismatch"); - } else if (Ustrcmp(args[0], US"MECH") == 0) { - CHECK_COMMAND("MECH", 1, INT_MAX); - have_mech_line = TRUE; - if (strcmpic(US args[1], ablock->public_name) == 0) - found = TRUE; - } else if (Ustrcmp(args[0], US"SPID") == 0) { - /* Unfortunately the auth protocol handshake wasn't designed well - to differentiate between auth-client/userdb/master. auth-userdb - and auth-master send VERSION + SPID lines only and nothing - afterwards, while auth-client sends VERSION + MECH + SPID + - CUID + more. The simplest way that we can determine if we've - connected to the correct socket is to see if MECH line exists or - not (alternatively we'd have to have a small timeout after SPID - to see if CUID is sent or not). */ - if (!have_mech_line) - OUT("authentication socket type mismatch (connected to auth-master instead of auth-client)"); - } else if (Ustrcmp(args[0], US"DONE") == 0) { - CHECK_COMMAND("DONE", 0, 0); - cont = 0; - } - } +/* This was the original code here: it is nonsense because strncpy() +does not return an integer. I have converted this to use the function +that formats and checks length. PH */ - if (!found) { - auth_defer_msg = string_sprintf("Dovecot did not advertise mechanism \"%s\" to us", ablock->public_name); - goto out; - } +/* +if (strncpy(sa.sun_path, ob->server_socket, sizeof(sa.sun_path)) < 0) { +} +*/ - /* Added by PH: data must not contain tab (as it is - b64 it shouldn't, but check for safety). */ +if (!string_format(US sa.sun_path, sizeof(sa.sun_path), "%s", + ob->server_socket)) + { + auth_defer_msg = US"authentication socket path too long"; + return DEFER; + } - if (Ustrchr(data, '\t') != NULL) { - ret = FAIL; - goto out; - } +auth_defer_msg = US"authentication socket connection error"; - /* Added by PH: extra fields when TLS is in use or if the TCP/IP - connection is local. */ +if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + return DEFER; - if (tls_in.cipher != NULL) - auth_extra_data = string_sprintf("secured\t%s%s", - tls_in.certificate_verified? "valid-client-cert" : "", - tls_in.certificate_verified? "\t" : ""); - else if (interface_address != NULL && - Ustrcmp(sender_host_address, interface_address) == 0) - auth_extra_data = US"secured\t"; +if (connect(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0) + goto out; +auth_defer_msg = US"authentication socket protocol error"; -/**************************************************************************** - The code below was the original code here. It didn't work. A reading of the - file auth-protocol.txt.gz that came with Dovecot 1.0_beta8 indicated that - this was not right. Maybe something changed. I changed it to move the - service indication into the AUTH command, and it seems to be better. PH - - fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" - "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", - VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, - ablock->public_name, sender_host_address, interface_address, - data ? (char *) data : ""); - - Subsequently, the command was modified to add "secured" and "valid-client- - cert" when relevant. -****************************************************************************/ +socket_buffer_left = 0; /* Global, used to read more than a line but return by line */ +while (cont) + { + if (dc_gets(buffer, sizeof(buffer), fd) == NULL) + OUT("authentication socket read error or premature eof"); + p = buffer + Ustrlen(buffer) - 1; + if (*p != '\n') + OUT("authentication socket protocol line too long"); + + *p = '\0'; + HDEBUG(D_auth) debug_printf("received: %s\n", buffer); + + nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); + + /* HDEBUG(D_auth) debug_strcut(args, nargs, sizeof(args) / sizeof(args[0])); */ + + /* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that + Exim will need. Original code also failed if Dovecot server sent unknown + command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */ + /* pdp: note that CUID is a per-connection identifier sent by the server, + which increments at server discretion. + By contrast, the "id" field of the protocol is a connection-specific request + identifier, which needs to be unique per request from the client and is not + connected to the CUID value, so we ignore CUID from server. It's purely for + diagnostics. */ + + if (Ustrcmp(args[0], US"VERSION") == 0) + { + CHECK_COMMAND("VERSION", 2, 2); + if (Uatoi(args[1]) != VERSION_MAJOR) + OUT("authentication socket protocol version mismatch"); + } + else if (Ustrcmp(args[0], US"MECH") == 0) + { + CHECK_COMMAND("MECH", 1, INT_MAX); + have_mech_line = TRUE; + if (strcmpic(US args[1], ablock->public_name) == 0) + found = TRUE; + } + else if (Ustrcmp(args[0], US"SPID") == 0) + { + /* Unfortunately the auth protocol handshake wasn't designed well + to differentiate between auth-client/userdb/master. auth-userdb + and auth-master send VERSION + SPID lines only and nothing + afterwards, while auth-client sends VERSION + MECH + SPID + + CUID + more. The simplest way that we can determine if we've + connected to the correct socket is to see if MECH line exists or + not (alternatively we'd have to have a small timeout after SPID + to see if CUID is sent or not). */ + + if (!have_mech_line) + OUT("authentication socket type mismatch" + " (connected to auth-master instead of auth-client)"); + } + else if (Ustrcmp(args[0], US"DONE") == 0) + { + CHECK_COMMAND("DONE", 0, 0); + cont = 0; + } + } - auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n" - "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tnologin\tresp=%s\n", - VERSION_MAJOR, VERSION_MINOR, getpid(), crequid, - ablock->public_name, auth_extra_data, sender_host_address, - interface_address, data ? (char *) data : ""); +if (!found) + { + auth_defer_msg = string_sprintf( + "Dovecot did not advertise mechanism \"%s\" to us", ablock->public_name); + goto out; + } - if (write(fd, auth_command, Ustrlen(auth_command)) < 0) - HDEBUG(D_auth) debug_printf("error sending auth_command: %s\n", - strerror(errno)); +/* Added by PH: data must not contain tab (as it is +b64 it shouldn't, but check for safety). */ - HDEBUG(D_auth) debug_printf("sent: %s", auth_command); +if (Ustrchr(data, '\t') != NULL) + { + ret = FAIL; + goto out; + } - while (1) { - uschar *temp; - uschar *auth_id_pre = NULL; - int i; +/* Added by PH: extra fields when TLS is in use or if the TCP/IP +connection is local. */ - if (dc_gets(buffer, sizeof(buffer), fd) == NULL) { - auth_defer_msg = US"authentication socket read error or premature eof"; - goto out; - } +if (tls_in.cipher != NULL) + auth_extra_data = string_sprintf("secured\t%s%s", + tls_in.certificate_verified? "valid-client-cert" : "", + tls_in.certificate_verified? "\t" : ""); - buffer[Ustrlen(buffer) - 1] = 0; - HDEBUG(D_auth) debug_printf("received: %s\n", buffer); - nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); +else if ( interface_address != NULL + && Ustrcmp(sender_host_address, interface_address) == 0) + auth_extra_data = US"secured\t"; - if (Uatoi(args[1]) != crequid) - OUT("authentication socket connection id mismatch"); - switch (toupper(*args[0])) { - case 'C': - CHECK_COMMAND("CONT", 1, 2); +/**************************************************************************** +The code below was the original code here. It didn't work. A reading of the +file auth-protocol.txt.gz that came with Dovecot 1.0_beta8 indicated that +this was not right. Maybe something changed. I changed it to move the +service indication into the AUTH command, and it seems to be better. PH + +fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" + "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", + VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, + ablock->public_name, sender_host_address, interface_address, + data ? (char *) data : ""); + +Subsequently, the command was modified to add "secured" and "valid-client- +cert" when relevant. +****************************************************************************/ - tmp = auth_get_no64_data(&data, US args[2]); - if (tmp != OK) { - ret = tmp; - goto out; - } +auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n" + "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tnologin\tresp=%s\n", + VERSION_MAJOR, VERSION_MINOR, getpid(), crequid, + ablock->public_name, auth_extra_data, sender_host_address, + interface_address, data); - /* Added by PH: data must not contain tab (as it is - b64 it shouldn't, but check for safety). */ +if (write(fd, auth_command, Ustrlen(auth_command)) < 0) + HDEBUG(D_auth) debug_printf("error sending auth_command: %s\n", + strerror(errno)); - if (Ustrchr(data, '\t') != NULL) { - ret = FAIL; - goto out; - } +HDEBUG(D_auth) debug_printf("sent: %s", auth_command); - temp = string_sprintf("CONT\t%d\t%s\n", crequid, data); - if (write(fd, temp, Ustrlen(temp)) < 0) - OUT("authentication socket write error"); - break; - - case 'F': - CHECK_COMMAND("FAIL", 1, -1); - - for (i=2; (i<nargs) && (auth_id_pre == NULL); i++) - { - if ( Ustrncmp(args[i], US"user=", 5) == 0 ) - { - auth_id_pre = args[i]+5; - expand_nstring[1] = auth_vars[0] = - string_copy(auth_id_pre); /* PH */ - expand_nlength[1] = Ustrlen(auth_id_pre); - expand_nmax = 1; - } - } +while (1) + { + uschar *temp; + uschar *auth_id_pre = NULL; + int i; - ret = FAIL; - goto out; - - case 'O': - CHECK_COMMAND("OK", 2, -1); - - /* - * Search for the "user=$USER" string in the args array - * and return the proper value. - */ - for (i=2; (i<nargs) && (auth_id_pre == NULL); i++) - { - if ( Ustrncmp(args[i], US"user=", 5) == 0 ) - { - auth_id_pre = args[i]+5; - expand_nstring[1] = auth_vars[0] = - string_copy(auth_id_pre); /* PH */ - expand_nlength[1] = Ustrlen(auth_id_pre); - expand_nmax = 1; - } - } + if (dc_gets(buffer, sizeof(buffer), fd) == NULL) + { + auth_defer_msg = US"authentication socket read error or premature eof"; + goto out; + } - if (auth_id_pre == NULL) - OUT("authentication socket protocol error, username missing"); + buffer[Ustrlen(buffer) - 1] = 0; + HDEBUG(D_auth) debug_printf("received: %s\n", buffer); + nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); - ret = OK; - /* fallthrough */ + if (Uatoi(args[1]) != crequid) + OUT("authentication socket connection id mismatch"); - default: - goto out; - } - } + switch (toupper(*args[0])) + { + case 'C': + CHECK_COMMAND("CONT", 1, 2); + + if ((tmp = auth_get_no64_data(&data, US args[2])) != OK) + { + ret = tmp; + goto out; + } + + /* Added by PH: data must not contain tab (as it is + b64 it shouldn't, but check for safety). */ + + if (Ustrchr(data, '\t') != NULL) + { + ret = FAIL; + goto out; + } + + temp = string_sprintf("CONT\t%d\t%s\n", crequid, data); + if (write(fd, temp, Ustrlen(temp)) < 0) + OUT("authentication socket write error"); + break; + + case 'F': + CHECK_COMMAND("FAIL", 1, -1); + + for (i=2; (i<nargs) && (auth_id_pre == NULL); i++) + { + if ( Ustrncmp(args[i], US"user=", 5) == 0 ) + { + auth_id_pre = args[i]+5; + expand_nstring[1] = auth_vars[0] = string_copy(auth_id_pre); /* PH */ + expand_nlength[1] = Ustrlen(auth_id_pre); + expand_nmax = 1; + } + } + + ret = FAIL; + goto out; + + case 'O': + CHECK_COMMAND("OK", 2, -1); + + /* Search for the "user=$USER" string in the args array + and return the proper value. */ + + for (i=2; (i<nargs) && (auth_id_pre == NULL); i++) + { + if ( Ustrncmp(args[i], US"user=", 5) == 0 ) + { + auth_id_pre = args[i]+5; + expand_nstring[1] = auth_vars[0] = string_copy(auth_id_pre); /* PH */ + expand_nlength[1] = Ustrlen(auth_id_pre); + expand_nmax = 1; + } + } + + if (auth_id_pre == NULL) + OUT("authentication socket protocol error, username missing"); + + ret = OK; + /* fallthrough */ + + default: + goto out; + } + } out: - /* close the socket used by dovecot */ - if (fd >= 0) - close(fd); +/* close the socket used by dovecot */ +if (fd >= 0) + close(fd); - /* Expand server_condition as an authorization check */ - return (ret == OK)? auth_check_serv_cond(ablock) : ret; +/* Expand server_condition as an authorization check */ +return ret == OK ? auth_check_serv_cond(ablock) : ret; } diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c index 4d6c6d4a6..f839a010e 100644 --- a/src/src/auths/get_data.c +++ b/src/src/auths/get_data.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c index 94e689d58..732a67381 100644 --- a/src/src/auths/heimdal_gssapi.c +++ b/src/src/auths/heimdal_gssapi.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Copyright (c) Twitter Inc 2012 diff --git a/src/src/auths/tls.c b/src/src/auths/tls.c index 51c096cd0..99c756374 100644 --- a/src/src/auths/tls.c +++ b/src/src/auths/tls.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2015 */ +/* Copyright (c) Jeremy Harris 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file provides an Exim authenticator driver for @@ -71,7 +71,7 @@ if (ob->server_param1) auth_vars[expand_nmax++] = expand_string(ob->server_param1); if (ob->server_param2) auth_vars[expand_nmax++] = expand_string(ob->server_param2); -if (ob->server_param2) +if (ob->server_param3) auth_vars[expand_nmax++] = expand_string(ob->server_param3); return auth_check_serv_cond(ablock); } diff --git a/src/src/base64.c b/src/src/base64.c index 031beb923..cee77c3c3 100644 --- a/src/src/base64.c +++ b/src/src/base64.c @@ -5,7 +5,7 @@ /* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004, 2015 */ /* License: GPL */ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ diff --git a/src/src/pdkim/blob.h b/src/src/blob.h index e1481c9f4..a3f1e24d4 100644 --- a/src/src/pdkim/blob.h +++ b/src/src/blob.h @@ -1,9 +1,7 @@ /* - * PDKIM - a RFC4871 (DKIM) implementation + * Blob - a general pointer/size item for a memory chunk * * Copyright (C) 2016 Exim maintainers - * - * RSA signing/verification interface */ #ifndef BLOB_H /* entire file */ diff --git a/src/src/buildconfig.c b/src/src/buildconfig.c index 45e820c81..4ed287414 100644 --- a/src/src/buildconfig.c +++ b/src/src/buildconfig.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2012 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -105,8 +105,10 @@ time_t test_time_t = 0; size_t test_size_t = 0; ssize_t test_ssize_t = 0; unsigned long test_ulong_t = 0L; +unsigned int test_uint_t = 0; #endif long test_long_t = 0; +int test_int_t = 0; FILE *base; FILE *new; int last_initial = 'A'; @@ -190,12 +192,17 @@ fprintf(new, "#define SSIZE_T_FMT \"%%zd\"\n"); #else if (sizeof(test_size_t) > sizeof (test_ulong_t)) fprintf(new, "#define SIZE_T_FMT \"%%llu\"\n"); -else +else if (sizeof(test_size_t) > sizeof (test_uint_t)) fprintf(new, "#define SIZE_T_FMT \"%%lu\"\n"); +else + fprintf(new, "#define SIZE_T_FMT \"%%u\"\n"); + if (sizeof(test_ssize_t) > sizeof(test_long_t)) fprintf(new, "#define SSIZE_T_FMT \"%%lld\"\n"); -else +else if (sizeof(test_ssize_t) > sizeof(test_int_t)) fprintf(new, "#define SSIZE_T_FMT \"%%ld\"\n"); +else + fprintf(new, "#define SSIZE_T_FMT \"%%d\"\n"); #endif /* Now search the makefile for certain settings */ @@ -720,17 +727,16 @@ else if (isgroup) continue; } - /* WITH_CONTENT_SCAN is another special case: it must be set if either it or - WITH_OLD_DEMIME is set. */ + /* WITH_CONTENT_SCAN is another special case: it must be set if it or + EXPERIMENTAL_DCC is set. */ if (strcmp(name, "WITH_CONTENT_SCAN") == 0) { char *wcs = getenv("WITH_CONTENT_SCAN"); - char *wod = getenv("WITH_OLD_DEMIME"); char *dcc = getenv("EXPERIMENTAL_DCC"); - if (wcs != NULL || wod != NULL || dcc != NULL) - fprintf(new, "#define WITH_CONTENT_SCAN yes\n"); - else fprintf(new, "/* WITH_CONTENT_SCAN not set */\n"); + fprintf(new, wcs || dcc + ? "#define WITH_CONTENT_SCAN yes\n" + : "/* WITH_CONTENT_SCAN not set */\n"); continue; } @@ -819,7 +825,11 @@ else if (isgroup) strncpy(buffer, ss, sss-ss); buffer[sss-ss] = 0; /* For empty case */ } - else strcpy(buffer, ss); + else + { + strncpy(buffer, ss, sizeof(buffer)); + buffer[sizeof(buffer)-1] = 0; + } pp = buffer + (int)strlen(buffer); while (pp > buffer && isspace((unsigned char)pp[-1])) pp--; *pp = 0; diff --git a/src/src/child.c b/src/src/child.c index 36d192e9a..7f5b90929 100644 --- a/src/src/child.c +++ b/src/src/child.c @@ -72,9 +72,9 @@ child_exec_exim(int exec_type, BOOL kill_v, int *pcount, BOOL minimal, { int first_special = -1; int n = 0; -int extra = (pcount != NULL)? *pcount : 0; +int extra = pcount ? *pcount : 0; uschar **argv = - store_get((extra + acount + MAX_CLMACROS + 16) * sizeof(char *)); + store_get((extra + acount + MAX_CLMACROS + 18) * sizeof(char *)); /* In all case, the list starts out with the path, any macros, and a changed config file. */ @@ -113,6 +113,11 @@ if (!minimal) if (synchronous_delivery) argv[n++] = US"-odi"; if (connection_max_messages >= 0) argv[n++] = string_sprintf("-oB%d", connection_max_messages); + if (*queue_name) + { + argv[n++] = US"-MCG"; + argv[n++] = queue_name; + } } /* Now add in any others that are in the call. Remember which they were, diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 14de083fe..bafdc1ba4 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* The default settings for Exim configuration variables. A #define without @@ -150,7 +150,7 @@ it's a default value. */ #define TCP_WRAPPERS_DAEMON_NAME "exim" #define TIMEZONE_DEFAULT -#define TMPDIR +#define EXIM_TMPDIR #define TRANSPORT_APPENDFILE #define TRANSPORT_AUTOREPLY @@ -169,7 +169,6 @@ it's a default value. */ #define WHITELIST_D_MACROS #define WITH_CONTENT_SCAN -#define WITH_OLD_DEMIME #define WITH_OLD_CLAMAV_STREAM /* EXPERIMENTAL features */ @@ -178,6 +177,8 @@ it's a default value. */ #define EXPERIMENTAL_DCC #define EXPERIMENTAL_DSN_INFO #define EXPERIMENTAL_DMARC +#define EXPERIMENTAL_LMDB +#define EXPERIMENTAL_QUEUEFILE #define EXPERIMENTAL_SPF #define EXPERIMENTAL_SRS @@ -195,7 +196,7 @@ just in case. */ /* Sizes for integer arithmetic. Go for 64bit; can be overridden in OS/Makefile-FOO If you make it a different number of bits, provide a definition -for EXIM_64B_MAX and _MIN in OS/oh.h-FOO */ +for EXIM_ARITH_MAX and _MIN in OS/oh.h-FOO */ #define int_eximarith_t int64_t #define PR_EXIM_ARITH "%" PRId64 /* C99 standard, printf %lld */ #define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */ diff --git a/src/src/configure.default b/src/src/configure.default index ee94d2f91..985f1d0d8 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -40,6 +40,7 @@ ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### +# # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the @@ -329,6 +330,18 @@ timeout_frozen_after = 7d # accept_8bitmime = false +# Exim does not make use of environment variables itself. However, +# libraries that Exim uses (e.g. LDAP) depend on specific environment settings. +# There are two lists: keep_environment for the variables we trust, and +# add_environment for variables we want to set to a specific value. +# Note that TZ is handled separateley by the timezone runtime option +# and TIMEZONE_DEFAULT buildtime option. + +# keep_environment = ^LDAP +# add_environment = PATH=/usr/bin::/bin + + + ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # @@ -500,7 +513,9 @@ acl_check_data: # Deny if the message contains an overlong line. Per the standards # we should never receive one such via SMTP. # - deny condition = ${if > {$max_received_linelength}{998}} + deny message = maximum allowed line length is 998 octets, \ + got $max_received_linelength + condition = ${if > {$max_received_linelength}{998}} # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. @@ -694,8 +709,8 @@ begin transports # This transport is used for delivering messages over SMTP connections. -# Refuse to send any messsage with over-long lines, which could have -# been receved other than via SMTP. The use of message_size_limit to +# Refuse to send any message with over-long lines, which could have +# been received other than via SMTP. The use of message_size_limit to # enforce this is a red herring. remote_smtp: diff --git a/src/src/crypt16.c b/src/src/crypt16.c index e8a4fe8a7..56353c326 100644 --- a/src/src/crypt16.c +++ b/src/src/crypt16.c @@ -44,31 +44,33 @@ static void dummy(int x) { dummy(x-1); } #include <crypt.h> #endif -char *crypt16(char *key, char *salt) +char * +crypt16(char *key, char *salt) { - static char res[25]; - static char s2[3]; - char *p; +static char res[25]; /* Not threadsafe; like crypt() */ +static char s2[3]; +char *p; - /* Clear the string of any previous data */ - memset (res, 0, sizeof (res)); +/* Clear the string of any previous data */ +memset (res, 0, sizeof (res)); - /* crypt the first part */ - p = crypt (key, salt); - strncpy (res, p, 13); +/* crypt the first part */ +if (!(p = crypt (key, salt))) return NULL; +strncpy (res, p, 13); - if (strlen (key) > 8) - { - /* crypt the rest - * the first two characters of the first block (not counting - * the salt) make up the new salt */ - strncpy (s2, &(res[2]), 2); - p = crypt (&(key[8]), s2); - strncpy (&(res[13]), &(p[2]), 11); - memset (s2, 0, sizeof (s2)); - } +if (strlen (key) > 8) + { + /* crypt the rest + * the first two characters of the first block (not counting + * the salt) make up the new salt */ - return (res); + strncpy (s2, res+2, 2); + p = crypt (key+8, s2); + strncpy (res+13, p+2, 11); + memset (s2, 0, sizeof(s2)); + } + +return (res); } #endif diff --git a/src/src/daemon.c b/src/src/daemon.c index f2c8dbfaf..bc33aec45 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with running Exim as a daemon */ @@ -161,23 +161,20 @@ DEBUG(D_any) debug_printf("Connection request from %s port %d\n", input stream. These operations fail only the exceptional circumstances. Note that never_error() won't use smtp_out if it is NULL. */ -smtp_out = fdopen(accept_socket, "wb"); -if (smtp_out == NULL) +if (!(smtp_out = fdopen(accept_socket, "wb"))) { never_error(US"daemon: fdopen() for smtp_out failed", US"", errno); goto ERROR_RETURN; } -dup_accept_socket = dup(accept_socket); -if (dup_accept_socket < 0) +if ((dup_accept_socket = dup(accept_socket)) < 0) { never_error(US"daemon: couldn't dup socket descriptor", US"Connection setup failed", errno); goto ERROR_RETURN; } -smtp_in = fdopen(dup_accept_socket, "rb"); -if (smtp_in == NULL) +if (!(smtp_in = fdopen(dup_accept_socket, "rb"))) { never_error(US"daemon: fdopen() for smtp_in failed", US"Connection setup failed", errno); @@ -293,7 +290,6 @@ if ((max_for_this_host > 0) && int other_host_count = 0; /* keep a count of non matches to optimise */ for (i = 0; i < smtp_accept_max; ++i) - { if (smtp_slots[i].host_address != NULL) { if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0) @@ -309,7 +305,6 @@ if ((max_for_this_host > 0) && ((smtp_accept_count - other_host_count) < max_for_this_host)) break; } - } if (host_accept_count >= max_for_this_host) { @@ -390,10 +385,10 @@ if (pid == 0) likely what it depends on.) */ smtp_active_hostname = primary_hostname; - if (raw_active_hostname != NULL) + if (raw_active_hostname) { - uschar *nah = expand_string(raw_active_hostname); - if (nah == NULL) + uschar * nah = expand_string(raw_active_hostname); + if (!nah) { if (!expand_string_forcedfail) { @@ -407,7 +402,7 @@ if (pid == 0) _exit(EXIT_FAILURE); } } - else if (nah[0] != 0) smtp_active_hostname = nah; + else if (*nah) smtp_active_hostname = nah; } /* Initialize the queueing flags */ @@ -523,10 +518,23 @@ if (pid == 0) } else { - mac_smtp_fflush(); + if (smtp_out) + { + int i, fd = fileno(smtp_in); + uschar buf[128]; + + mac_smtp_fflush(); + /* drain socket, for clean TCP FINs */ + if (fcntl(fd, F_SETFL, O_NONBLOCK) == 0) + for(i = 16; read(fd, buf, sizeof(buf)) > 0 && i > 0; ) i--; + } search_tidyup(); smtp_log_no_mail(); /* Log no mail if configured */ - _exit((rc == 0)? EXIT_SUCCESS : EXIT_FAILURE); + + /*XXX should we pause briefly, hoping that the client will be the + active TCP closer hence get the TCP_WAIT endpoint? */ + DEBUG(D_receive) debug_printf("SMTP>>(close on process exit)\n"); + _exit(rc ? EXIT_FAILURE : EXIT_SUCCESS); } /* Show the recipients when debugging */ @@ -582,15 +590,13 @@ if (pid == 0) very long-lived connections from scanning appliances where this is not the best strategy. In such cases, queue_only_load_latch should be set false. */ - local_queue_only = session_local_queue_only; - if (!local_queue_only && queue_only_load >= 0) + if ( !(local_queue_only = session_local_queue_only) + && queue_only_load >= 0 + && (local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load) + ) { - local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load; - if (local_queue_only) - { - queue_only_reason = 3; - if (queue_only_load_latch) session_local_queue_only = TRUE; - } + queue_only_reason = 3; + if (queue_only_load_latch) session_local_queue_only = TRUE; } /* Log the queueing here, when it will get a message id attached, but @@ -598,23 +604,20 @@ if (pid == 0) if (local_queue_only) switch(queue_only_reason) { - case 1: - log_write(L_delay_delivery, + case 1: log_write(L_delay_delivery, LOG_MAIN, "no immediate delivery: too many connections " "(%d, max %d)", smtp_accept_count, smtp_accept_queue); - break; + break; - case 2: - log_write(L_delay_delivery, + case 2: log_write(L_delay_delivery, LOG_MAIN, "no immediate delivery: more than %d messages " "received in one connection", smtp_accept_queue_per_connection); - break; + break; - case 3: - log_write(L_delay_delivery, + case 3: log_write(L_delay_delivery, LOG_MAIN, "no immediate delivery: load average %.2f", (double)load_average/1000.0); - break; + break; } /* If a delivery attempt is required, spin off a new process to handle it. @@ -651,8 +654,8 @@ if (pid == 0) if (geteuid() != root_uid && !deliver_drop_privilege) { signal(SIGALRM, SIG_DFL); - (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 2, US"-Mc", - message_id); + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, + 2, US"-Mc", message_id); /* Control does not return here. */ } @@ -668,10 +671,8 @@ if (pid == 0) DEBUG(D_any) debug_printf("forked delivery process %d\n", (int)dpid); } else - { log_write(0, LOG_MAIN|LOG_PANIC, "daemon: delivery process fork " "failed: %s", strerror(errno)); - } } } } @@ -682,14 +683,11 @@ failed. Otherwise, keep count of the number of accepting processes and remember the pid for ticking off when the child completes. */ if (pid < 0) - { never_error(US"daemon: accept process fork failed", US"Fork failed", errno); - } else { int i; for (i = 0; i < smtp_accept_max; ++i) - { if (smtp_slots[i].pid <= 0) { smtp_slots[i].pid = pid; @@ -698,7 +696,6 @@ else smtp_accept_count++; break; } - } DEBUG(D_any) debug_printf("%d SMTP accept process%s running\n", smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); } @@ -715,7 +712,7 @@ manifest itself as a broken pipe, so drop that one too. If the streams don't exist, something went wrong while setting things up. Make sure the socket descriptors are closed, in order to drop the connection. */ -if (smtp_out != NULL) +if (smtp_out) { if (fclose(smtp_out) != 0 && errno != ECONNRESET && errno != EPIPE) log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_out) failed: %s", @@ -724,7 +721,7 @@ if (smtp_out != NULL) } else (void)close(accept_socket); -if (smtp_in != NULL) +if (smtp_in) { if (fclose(smtp_in) != 0 && errno != ECONNRESET && errno != EPIPE) log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_in) failed: %s", @@ -866,10 +863,10 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) /* If it wasn't an accepting process, see if it was a queue-runner process that we are tracking. */ - if (queue_pid_slots != NULL) + if (queue_pid_slots) { - for (i = 0; i < queue_run_max; i++) - { + int max = atoi(CS expand_string(queue_run_max)); + for (i = 0; i < max; i++) if (queue_pid_slots[i] == pid) { queue_pid_slots[i] = 0; @@ -878,7 +875,6 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) queue_run_count, (queue_run_count == 1)? "" : "es"); break; } - } } } } @@ -916,6 +912,7 @@ int *listen_sockets = NULL; int listen_socket_count = 0; ip_address_item *addresses = NULL; time_t last_connection_time = (time_t)0; +int local_queue_run_max = atoi(CS expand_string(queue_run_max)); /* If any debugging options are set, turn on the D_pid bit so that all debugging lines get the pid added. */ @@ -924,16 +921,13 @@ DEBUG(D_any|D_v) debug_selector |= D_pid; if (inetd_wait_mode) { - int on = 1; - listen_socket_count = 1; - listen_sockets = store_get(sizeof(int *)); + listen_sockets = store_get(sizeof(int)); (void) close(3); if (dup2(0, 3) == -1) - { log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to dup inetd socket safely away: %s", strerror(errno)); - } + listen_sockets[0] = 3; (void) close(0); (void) close(1); @@ -957,8 +951,10 @@ if (inetd_wait_mode) /* As per below, when creating sockets ourselves, we handle tcp_nodelay for our own buffering; we assume though that inetd set the socket REUSEADDR. */ - if (tcp_nodelay) setsockopt(3, IPPROTO_TCP, TCP_NODELAY, - (uschar *)(&on), sizeof(on)); + if (tcp_nodelay) + if (setsockopt(3, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on))) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to set socket NODELAY: %s", + strerror(errno)); } @@ -1097,11 +1093,11 @@ if (daemon_listen && !inetd_wait_mode) { joinstr[0] = sep; joinstr[1] = ' '; - *ptr = string_cat(*ptr, sizeptr, ptrptr, US"<", 1); + *ptr = string_catn(*ptr, sizeptr, ptrptr, US"<", 1); } - *ptr = string_cat(*ptr, sizeptr, ptrptr, joinstr, 2); - *ptr = string_cat(*ptr, sizeptr, ptrptr, s, Ustrlen(s)); + *ptr = string_catn(*ptr, sizeptr, ptrptr, joinstr, 2); + *ptr = string_cat (*ptr, sizeptr, ptrptr, s); } if (new_smtp_port != NULL) @@ -1276,7 +1272,7 @@ if (daemon_listen && !inetd_wait_mode) for (ipa = addresses; ipa != NULL; ipa = ipa->next) listen_socket_count++; - listen_sockets = store_get(sizeof(int *) * listen_socket_count); + listen_sockets = store_get(sizeof(int) * listen_socket_count); } /* daemon_listen but not inetd_wait_mode */ @@ -1355,7 +1351,6 @@ the listening sockets if required. */ if (daemon_listen && !inetd_wait_mode) { int sk; - int on = 1; ip_address_item *ipa; /* For each IP address, create a socket, bind it to the appropriate port, and @@ -1381,8 +1376,7 @@ if (daemon_listen && !inetd_wait_mode) wildcard = ipa->address[0] == 0; } - listen_sockets[sk] = ip_socket(SOCK_STREAM, af); - if (listen_sockets[sk] < 0) + if ((listen_sockets[sk] = ip_socket(SOCK_STREAM, af)) < 0) { if (check_special_case(0, addresses, ipa, FALSE)) { @@ -1458,13 +1452,17 @@ if (daemon_listen && !inetd_wait_mode) } DEBUG(D_any) - { if (wildcard) debug_printf("listening on all interfaces (IPv%c) port %d\n", - (af == AF_INET6)? '6' : '4', ipa->port); + af == AF_INET6 ? '6' : '4', ipa->port); else debug_printf("listening on %s port %d\n", ipa->address, ipa->port); - } + +#ifdef TCP_FASTOPEN + if (setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN, + &smtp_connect_backlog, sizeof(smtp_connect_backlog))) + DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno)); +#endif /* Start listening on the bound socket, establishing the maximum backlog of connections that is allowed. On success, continue to the next address. */ @@ -1479,8 +1477,8 @@ if (daemon_listen && !inetd_wait_mode) if (!check_special_case(errno, addresses, ipa, TRUE)) log_write(0, LOG_PANIC_DIE, "listen() failed on interface %s: %s", - wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") : - ipa->address, + wildcard + ? af == AF_INET6 ? US"(any IPv6)" : US"(any IPv4)" : ipa->address, strerror(errno)); DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 " @@ -1572,11 +1570,11 @@ originator_login = ((pw = getpwuid(exim_uid)) != NULL)? /* Get somewhere to keep the list of queue-runner pids if we are keeping track of them (and also if we are doing queue runs). */ -if (queue_interval > 0 && queue_run_max > 0) +if (queue_interval > 0 && local_queue_run_max > 0) { int i; - queue_pid_slots = store_get(queue_run_max * sizeof(pid_t)); - for (i = 0; i < queue_run_max; i++) queue_pid_slots[i] = 0; + queue_pid_slots = store_get(local_queue_run_max * sizeof(pid_t)); + for (i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0; } /* Set up the handler for termination of child processes. */ @@ -1615,12 +1613,11 @@ else if (daemon_listen) int i, j; int smtp_ports = 0; int smtps_ports = 0; - ip_address_item *ipa; - uschar *p = big_buffer; - uschar *qinfo = (queue_interval > 0)? - string_sprintf("-q%s", readconf_printtime(queue_interval)) - : - US"no queue runs"; + ip_address_item * ipa; + uschar * p = big_buffer; + uschar * qinfo = queue_interval > 0 + ? string_sprintf("-q%s", readconf_printtime(queue_interval)) + : US"no queue runs"; /* Build a list of listening addresses in big_buffer, but limit it to 10 items. The style is for backwards compatibility. @@ -1631,30 +1628,30 @@ else if (daemon_listen) for (j = 0; j < 2; j++) { - for (i = 0, ipa = addresses; i < 10 && ipa != NULL; i++, ipa = ipa->next) + for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next) { /* First time round, look for SMTP ports; second time round, look for SMTPS ports. For the first one of each, insert leading text. */ if (host_is_tls_on_connect_port(ipa->port) == (j > 0)) { - if (j == 0) - { - if (smtp_ports++ == 0) + if (j == 0) + { + if (smtp_ports++ == 0) { memcpy(p, "SMTP on", 8); p += 7; } - } - else - { - if (smtps_ports++ == 0) + } + else + { + if (smtps_ports++ == 0) { (void)sprintf(CS p, "%sSMTPS on", - (smtp_ports == 0)? "":" and for "); - while (*p != 0) p++; + smtp_ports == 0 ? "" : " and for "); + while (*p) p++; } - } + } /* Now the information about the port (and sometimes interface) */ @@ -1679,7 +1676,7 @@ else if (daemon_listen) } } - if (ipa != NULL) + if (ipa) { memcpy(p, " ...", 5); p += 4; @@ -1689,17 +1686,19 @@ else if (daemon_listen) log_write(0, LOG_MAIN, "exim %s daemon started: pid=%d, %s, listening for %s", version_string, getpid(), qinfo, big_buffer); - set_process_info("daemon(%s): %s, listening for %s", version_string, qinfo, big_buffer); + set_process_info("daemon(%s): %s, listening for %s", + version_string, qinfo, big_buffer); } else { + uschar * s = *queue_name + ? string_sprintf("-qG%s/%s", queue_name, readconf_printtime(queue_interval)) + : string_sprintf("-q%s", readconf_printtime(queue_interval)); log_write(0, LOG_MAIN, - "exim %s daemon started: pid=%d, -q%s, not listening for SMTP", - version_string, getpid(), readconf_printtime(queue_interval)); - set_process_info("daemon(%s): -q%s, not listening", - version_string, - readconf_printtime(queue_interval)); + "exim %s daemon started: pid=%d, %s, not listening for SMTP", + version_string, getpid(), s); + set_process_info("daemon(%s): %s, not listening", version_string, s); } /* Do any work it might be useful to amortize over our children @@ -1791,7 +1790,7 @@ for (;;) re-exec is required. */ if (queue_interval > 0 && - (queue_run_max <= 0 || queue_run_count < queue_run_max)) + (local_queue_run_max <= 0 || queue_run_count < local_queue_run_max)) { if ((pid = fork()) == 0) { @@ -1835,21 +1834,22 @@ for (;;) if (deliver_force_thaw) *p++ = 'f'; if (queue_run_local) *p++ = 'l'; *p = 0; - extra[0] = opt; + extra[0] = queue_name + ? string_sprintf("%sG%s", opt, queue_name) : opt; /* If -R or -S were on the original command line, ensure they get passed on. */ - if (deliver_selectstring != NULL) + if (deliver_selectstring) { - extra[extracount++] = deliver_selectstring_regex? US"-Rr" : US"-R"; + extra[extracount++] = deliver_selectstring_regex ? US"-Rr" : US"-R"; extra[extracount++] = deliver_selectstring; } - if (deliver_selectstring_sender != NULL) + if (deliver_selectstring_sender) { - extra[extracount++] = deliver_selectstring_sender_regex? - US"-Sr" : US"-S"; + extra[extracount++] = deliver_selectstring_sender_regex + ? US"-Sr" : US"-S"; extra[extracount++] = deliver_selectstring_sender; } @@ -1876,15 +1876,13 @@ for (;;) else { int i; - for (i = 0; i < queue_run_max; ++i) - { + for (i = 0; i < local_queue_run_max; ++i) if (queue_pid_slots[i] <= 0) { queue_pid_slots[i] = pid; queue_run_count++; break; } - } DEBUG(D_any) debug_printf("%d queue-runner process%s running\n", queue_run_count, (queue_run_count == 1)? "" : "es"); } diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 803fb0652..62778d18f 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -1,6 +1,8 @@ /* * Author: Viktor Dukhovni * License: THIS CODE IS IN THE PUBLIC DOMAIN. + * + * Copyright (c) The Exim Maintainers 2014 - 2016 */ #include <stdio.h> #include <string.h> @@ -18,11 +20,35 @@ #if OPENSSL_VERSION_NUMBER < 0x1000000fL # error "OpenSSL 1.0.0 or higher required" -#else /* remainder of file */ +#endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +# define EXIM_OPAQUE_X509 +#else +# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify +# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb +# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert +# define X509_STORE_CTX_get0_chain(ctx) (ctx)->chain +# define X509_STORE_CTX_get0_untrusted(ctx) (ctx)->untrusted + +# define X509_STORE_CTX_set_verify(ctx, verify_chain) (ctx)->verify = (verify_chain) +# define X509_STORE_CTX_set0_verified_chain(ctx, sk) (ctx)->chain = (sk) +# define X509_STORE_CTX_set_error_depth(ctx, val) (ctx)->error_depth = (val) +# define X509_STORE_CTX_set_current_cert(ctx, cert) (ctx)->current_cert = (cert) + +# define ASN1_STRING_get0_data ASN1_STRING_data +# define X509_getm_notBefore X509_get_notBefore +# define X509_getm_notAfter X509_get_notAfter + +# define CRYPTO_ONCE_STATIC_INIT 0 +# define CRYPTO_THREAD_run_once run_once +typedef int CRYPTO_ONCE; +#endif + #include "danessl.h" @@ -39,6 +65,7 @@ #define DANESSL_F_SET_TRUST_ANCHOR 110 #define DANESSL_F_VERIFY_CERT 111 #define DANESSL_F_WRAP_CERT 112 +#define DANESSL_F_DANESSL_VERIFY_CHAIN 113 #define DANESSL_R_BAD_CERT 100 #define DANESSL_R_BAD_CERT_PKEY 101 @@ -275,13 +302,14 @@ return matched; static int push_ext(X509 *cert, X509_EXTENSION *ext) { - if (ext) { - if (X509_add_ext(cert, ext, -1)) - return 1; - X509_EXTENSION_free(ext); - } - DANEerr(DANESSL_F_PUSH_EXT, ERR_R_MALLOC_FAILURE); - return 0; +if (ext) + { + if (X509_add_ext(cert, ext, -1)) + return 1; + X509_EXTENSION_free(ext); + } +DANEerr(DANESSL_F_PUSH_EXT, ERR_R_MALLOC_FAILURE); +return 0; } static int @@ -320,7 +348,7 @@ static int add_akid(X509 *cert, AUTHORITY_KEYID *akid) { int nid = NID_authority_key_identifier; -ASN1_STRING *id; +ASN1_OCTET_STRING *id; unsigned char c = 0; int ret = 0; @@ -331,13 +359,17 @@ int ret = 0; * exempt from any potential (off by default for now in OpenSSL) * self-signature checks! */ -id = (akid && akid->keyid) ? akid->keyid : 0; -if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c) +id = akid && akid->keyid ? akid->keyid : 0; +if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_get0_data(id) == c) c = 1; if ( (akid = AUTHORITY_KEYID_new()) != 0 && (akid->keyid = ASN1_OCTET_STRING_new()) != 0 +#ifdef EXIM_HAVE_ASN1_MACROS + && ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) +#else && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) +#endif && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_APPEND)) ret = 1; if (akid) @@ -412,7 +444,11 @@ if (cert) { if (trusted && !X509_add1_trust_object(cert, serverAuth)) return 0; +#ifdef EXIM_OPAQUE_X509 + X509_up_ref(cert); +#else CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); +#endif if (!sk_X509_push(*xs, cert)) { X509_free(cert); @@ -462,10 +498,10 @@ akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0); */ if ( !X509_set_version(cert, 2) || !set_serial(cert, akid, subject) - || !X509_set_subject_name(cert, name) || !set_issuer_name(cert, akid) - || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L) - || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L) + || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) + || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) + || !X509_set_subject_name(cert, name) || !X509_set_pubkey(cert, newkey) || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE") || (!top && !add_akid(cert, akid)) @@ -577,7 +613,7 @@ int i; int depth = 0; EVP_PKEY *takey; X509 *ca; -STACK_OF(X509) *in = ctx->untrusted; /* XXX: Accessor? */ +STACK_OF(X509) *in = X509_STORE_CTX_get0_untrusted(ctx); if (!grow_chain(dane, UNTRUSTED, 0)) return -1; @@ -688,13 +724,17 @@ if (matched > 0) dane->mdpth = 0; dane->match = cert; X509_up_ref(cert); - if(!ctx->chain) + if(!X509_STORE_CTX_get0_chain(ctx)) { - if ( (ctx->chain = sk_X509_new_null()) != 0 - && sk_X509_push(ctx->chain, cert)) + STACK_OF(X509) * sk = sk_X509_new_null(); + if (sk && sk_X509_push(sk, cert)) + { X509_up_ref(cert); + X509_STORE_CTX_set0_verified_chain(ctx, sk); + } else { + if (sk) sk_X509_free(sk); DANEerr(DANESSL_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE); return -1; } @@ -751,10 +791,10 @@ for (hosts = dane->hosts; hosts; hosts = hosts->next) return 0; } -static char * -check_name(char *name, int len) +static const char * +check_name(const char *name, int len) { -char *cp = name + len; +const char *cp = name + len; while (len > 0 && !*--cp) --len; /* Ignore trailing NULs */ @@ -775,14 +815,14 @@ if (cp - name != len) /* Guard against internal NULs */ return name; } -static char * +static const char * parse_dns_name(const GENERAL_NAME *gn) { if (gn->type != GEN_DNS) return 0; if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) return 0; -return check_name((char *) ASN1_STRING_data(gn->d.ia5), +return check_name((const char *) ASN1_STRING_get0_data(gn->d.ia5), ASN1_STRING_length(gn->d.ia5)); } @@ -870,21 +910,21 @@ return matched; static int verify_chain(X509_STORE_CTX *ctx) { -dane_selector_list issuer_rrs; -dane_selector_list leaf_rrs; -int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb; +int (*cb)(int, X509_STORE_CTX *) = X509_STORE_CTX_get_verify_cb(ctx); +X509 *cert = X509_STORE_CTX_get0_cert(ctx); +STACK_OF(X509) * chain = X509_STORE_CTX_get0_chain(ctx); +int chain_length = sk_X509_num(chain); int ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx); ssl_dane *dane = SSL_get_ex_data(ssl, dane_idx); -X509 *cert = ctx->cert; /* XXX: accessor? */ +dane_selector_list issuer_rrs = dane->selectors[DANESSL_USAGE_PKIX_TA]; +dane_selector_list leaf_rrs = dane->selectors[DANESSL_USAGE_PKIX_EE]; int matched = 0; -int chain_length = sk_X509_num(ctx->chain); DEBUG(D_tls) debug_printf("Dane verify_chain\n"); -issuer_rrs = dane->selectors[DANESSL_USAGE_PKIX_TA]; -leaf_rrs = dane->selectors[DANESSL_USAGE_PKIX_EE]; -ctx->verify = dane->verify; +/* Restore OpenSSL's internal_verify() as the signature check function */ +X509_STORE_CTX_set_verify(ctx, dane->verify); if ((matched = name_check(dane, cert)) < 0) { @@ -894,8 +934,8 @@ if ((matched = name_check(dane, cert)) < 0) if (!matched) { - ctx->error_depth = 0; - ctx->current_cert = cert; + X509_STORE_CTX_set_error_depth(ctx, 0); + X509_STORE_CTX_set_current_cert(ctx, cert); X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH); if (!cb(0, ctx)) return 0; @@ -907,28 +947,28 @@ matched = 0; * matched a usage 2 trust anchor. * * XXX: internal_verify() doesn't callback with top certs that are not - * self-issued. This should be fixed in a future OpenSSL. + * self-issued. This is fixed in OpenSSL 1.1.0. */ if (dane->roots && sk_X509_num(dane->roots)) { - X509 *top = sk_X509_value(ctx->chain, dane->depth); + X509 *top = sk_X509_value(chain, dane->depth); dane->mdpth = dane->depth; dane->match = top; X509_up_ref(top); -#ifndef NO_CALLBACK_WORKAROUND +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (X509_check_issued(top, top) != X509_V_OK) { - ctx->error_depth = dane->depth; - ctx->current_cert = top; + X509_STORE_CTX_set_error_depth(ctx, dane->depth); + X509_STORE_CTX_set_current_cert(ctx, top); if (!cb(1, ctx)) return 0; } #endif /* Pop synthetic trust-anchor ancestors off the chain! */ while (--chain_length > dane->depth) - X509_free(sk_X509_pop(ctx->chain)); + X509_free(sk_X509_pop(chain)); } else { @@ -946,7 +986,7 @@ else if (!matched && issuer_rrs) for (n = chain_length-1; !matched && n >= 0; --n) { - xn = sk_X509_value(ctx->chain, n); + xn = sk_X509_value(chain, n); if (n > 0 || X509_check_issued(xn, xn) == X509_V_OK) matched = match(issuer_rrs, xn, n); } @@ -955,8 +995,8 @@ else if (!matched) { - ctx->current_cert = cert; - ctx->error_depth = 0; + X509_STORE_CTX_set_error_depth(ctx, 0); + X509_STORE_CTX_set_current_cert(ctx, cert); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_UNTRUSTED); if (!cb(0, ctx)) return 0; @@ -969,7 +1009,8 @@ else } } -return ctx->verify(ctx); +/* Tail recurse into OpenSSL's internal_verify */ +return dane->verify(ctx); } static void @@ -1005,9 +1046,9 @@ verify_cert(X509_STORE_CTX *ctx, void *unused_ctx) static int ssl_idx = -1; SSL *ssl; ssl_dane *dane; -int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb; +int (*cb)(int, X509_STORE_CTX *) = X509_STORE_CTX_get_verify_cb(ctx); +X509 *cert = X509_STORE_CTX_get0_cert(ctx); int matched; -X509 *cert = ctx->cert; /* XXX: accessor? */ DEBUG(D_tls) debug_printf("Dane verify_cert\n"); @@ -1030,8 +1071,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_EE]) { if ((matched = check_end_entity(ctx, dane, cert)) > 0) { - ctx->error_depth = 0; - ctx->current_cert = cert; + X509_STORE_CTX_set_error_depth(ctx, 0); + X509_STORE_CTX_set_current_cert(ctx, cert); return cb(1, ctx); } if (matched < 0) @@ -1056,7 +1097,7 @@ if (dane->selectors[DANESSL_USAGE_DANE_EE]) */ X509_STORE_CTX_trusted_stack(ctx, dane->roots); X509_STORE_CTX_set_chain(ctx, dane->chain); - OPENSSL_assert(ctx->untrusted == dane->chain); + OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx)); } } @@ -1065,8 +1106,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_EE]) * X509_verify_cert() builds the full chain and calls our verify_chain() * wrapper. */ - dane->verify = ctx->verify; - ctx->verify = verify_chain; + dane->verify = X509_STORE_CTX_get_verify(ctx); + X509_STORE_CTX_set_verify(ctx, verify_chain); if (X509_verify_cert(ctx)) return 1; @@ -1127,9 +1168,15 @@ for (head = (dane_list) list; head; head = next) } static void +ossl_free(void * p) +{ +OPENSSL_free(p); +} + +static void dane_mtype_free(void *p) { -list_free(((dane_mtype) p)->data, CRYPTO_free); +list_free(((dane_mtype) p)->data, ossl_free); OPENSSL_free(p); } @@ -1170,7 +1217,7 @@ if (dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx))) dane_reset(dane); if (dane->hosts) - list_free(dane->hosts, CRYPTO_free); + list_free(dane->hosts, ossl_free); for (u = 0; u <= DANESSL_USAGE_LAST; ++u) if (dane->selectors[u]) list_free(dane->selectors[u], dane_selector_free); @@ -1191,7 +1238,7 @@ while (*src) dane_host_list elem = (dane_host_list) OPENSSL_malloc(sizeof(*elem)); if (elem == 0) { - list_free(head, CRYPTO_free); + list_free(head, ossl_free); return 0; } elem->value = OPENSSL_strdup(*src++); @@ -1232,28 +1279,36 @@ DANESSL_verify_chain(SSL *ssl, STACK_OF(X509) *chain) { int ret; X509 *cert; -X509_STORE_CTX store_ctx; +X509_STORE_CTX * store_ctx; SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); cert = sk_X509_value(chain, 0); -if (!X509_STORE_CTX_init(&store_ctx, store, cert, chain)) +if (!(store_ctx = X509_STORE_CTX_new())) + { + DANEerr(DANESSL_F_DANESSL_VERIFY_CHAIN, ERR_R_MALLOC_FAILURE); return 0; -X509_STORE_CTX_set_ex_data(&store_ctx, store_ctx_idx, ssl); + } +if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) + { + X509_STORE_CTX_free(store_ctx); + return 0; + } +X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl); -X509_STORE_CTX_set_default(&store_ctx, +X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); -X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&store_ctx), +X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), SSL_get0_param(ssl)); if (SSL_get_verify_callback(ssl)) - X509_STORE_CTX_set_verify_cb(&store_ctx, SSL_get_verify_callback(ssl)); + X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); -ret = verify_cert(&store_ctx, NULL); +ret = verify_cert(store_ctx, NULL); -SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(&store_ctx)); -X509_STORE_CTX_cleanup(&store_ctx); +SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); +X509_STORE_CTX_cleanup(store_ctx); return (ret); } @@ -1422,7 +1477,7 @@ if (!m) { if ((m = (dane_mtype_list) list_alloc(sizeof(*m->value))) == 0) { - list_free(d, CRYPTO_free); + list_free(d, ossl_free); xkfreeret(0); } m->value->data = 0; @@ -1563,31 +1618,6 @@ DANEerr(DANESSL_F_CTX_INIT, DANESSL_R_LIBRARY_INIT); return -1; } -static int -init_once(volatile int *value, int (*init)(void), void (*postinit)(void)) -{ -int wlock = 0; - -CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); -if (*value < 0) - { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - wlock = 1; - if (*value < 0) - { - *value = init(); - if (postinit) - postinit(); - } - } -if (wlock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); -else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); -return *value; -} - static void dane_init(void) { @@ -1595,10 +1625,15 @@ dane_init(void) * Store library id in zeroth function slot, used to locate the library * name. This must be done before we load the error strings. */ +err_lib_dane = ERR_get_next_error_library(); + #ifndef OPENSSL_NO_ERR -dane_str_functs[0].error |= ERR_PACK(err_lib_dane, 0, 0); -ERR_load_strings(err_lib_dane, dane_str_functs); -ERR_load_strings(err_lib_dane, dane_str_reasons); +if (err_lib_dane > 0) + { + dane_str_functs[0].error |= ERR_PACK(err_lib_dane, 0, 0); + ERR_load_strings(err_lib_dane, dane_str_functs); + ERR_load_strings(err_lib_dane, dane_str_reasons); + } #endif /* @@ -1623,6 +1658,32 @@ dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static void +run_once(volatile int * once, void (*init)(void)) +{ +int wlock = 0; + +CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); +if (!*once) + { + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + wlock = 1; + if (!*once) + { + *once = 1; + init(); + } + } +if (wlock) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); +else + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); +} +#endif + + /* @@ -1639,9 +1700,10 @@ Return int DANESSL_library_init(void) { +static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; + DEBUG(D_tls) debug_printf("Dane lib-init\n"); -if (err_lib_dane < 0) - init_once(&err_lib_dane, ERR_get_next_error_library, dane_init); +(void) CRYPTO_THREAD_run_once(&once, dane_init); #if defined(LN_sha256) /* No DANE without SHA256 support */ @@ -1653,6 +1715,5 @@ return 0; } -#endif /* OPENSSL_VERSION_NUMBER */ /* vi: aw ai sw=2 */ diff --git a/src/src/dbfn.c b/src/src/dbfn.c index f521f2c20..c9c6fb707 100644 --- a/src/src/dbfn.c +++ b/src/src/dbfn.c @@ -141,14 +141,14 @@ if (sigalrm_seen) errno = ETIMEDOUT; if (rc < 0) { log_write(0, LOG_MAIN|LOG_PANIC, "Failed to get %s lock for %s: %s", - read_only? "read" : "write", buffer, - (errno == ETIMEDOUT)? "timed out" : strerror(errno)); + read_only ? "read" : "write", buffer, + errno == ETIMEDOUT ? "timed out" : strerror(errno)); (void)close(dbblock->lockfd); errno = 0; /* Indicates locking failure */ return NULL; } -DEBUG(D_hints_lookup) debug_printf("locked %s\n", buffer); +DEBUG(D_hints_lookup) debug_printf("locked %s\n", buffer); /* At this point we have an opened and locked separate lock file, that is, exclusive access to the database, so we can go ahead and open it. If we are @@ -164,7 +164,7 @@ DEBUG(D_hints_lookup) debug_printf("EXIM_DBOPEN(%s)\n", buffer); EXIM_DBOPEN(buffer, flags, EXIMDB_MODE, &(dbblock->dbptr)); DEBUG(D_hints_lookup) debug_printf("returned from EXIM_DBOPEN\n"); -if (dbblock->dbptr == NULL && errno == ENOENT && flags == O_RDWR) +if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR) { DEBUG(D_hints_lookup) debug_printf("%s appears not to exist: trying to create\n", buffer); @@ -199,8 +199,7 @@ if (created && geteuid() == root_uid) *lastname = 0; dd = opendir(CS buffer); - while ((ent = readdir(dd)) != NULL) - { + while ((ent = readdir(dd))) if (Ustrncmp(ent->d_name, name, namelen) == 0) { struct stat statbuf; @@ -212,7 +211,6 @@ if (created && geteuid() == root_uid) DEBUG(D_hints_lookup) debug_printf("failed setting %s to owned by exim\n", buffer); } } - } closedir(dd); } @@ -220,10 +218,9 @@ if (created && geteuid() == root_uid) /* If the open has failed, return NULL, leaving errno set. If lof is TRUE, log the event - also for debugging - but not if the file just doesn't exist. */ -if (dbblock->dbptr == NULL) +if (!dbblock->dbptr) { if (save_errno != ENOENT) - { if (lof) log_write(0, LOG_MAIN, "%s", string_open_failed(save_errno, "DB file %s", buffer)); @@ -231,7 +228,6 @@ if (dbblock->dbptr == NULL) DEBUG(D_hints_lookup) debug_printf("%s", CS string_open_failed(save_errno, "DB file %s\n", buffer)); - } (void)close(dbblock->lockfd); errno = save_errno; return NULL; @@ -239,8 +235,10 @@ if (dbblock->dbptr == NULL) DEBUG(D_hints_lookup) debug_printf("opened hints database %s: flags=%s\n", buffer, - (flags == O_RDONLY)? "O_RDONLY" : (flags == O_RDWR)? "O_RDWR" : - (flags == (O_RDWR|O_CREAT))? "O_RDWR|O_CREAT" : "??"); + flags == O_RDONLY ? "O_RDONLY" + : flags == O_RDWR ? "O_RDWR" + : flags == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT" + : "??"); /* Pass back the block containing the opened database handle and the open fd for the lock. */ @@ -267,6 +265,7 @@ dbfn_close(open_db *dbblock) { EXIM_DBCLOSE(dbblock->dbptr); (void)close(dbblock->lockfd); +DEBUG(D_hints_lookup) debug_printf("closed hints database and lockfile\n"); } diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index ce81f1eb4..93c715ac2 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -64,7 +64,7 @@ tdb_traverse to be called) */ /* EXIM_DBCREATE_CURSOR - initialize for scanning operation */ #define EXIM_DBCREATE_CURSOR(db, cursor) { \ - *(cursor) = malloc(sizeof(TDB_DATA)); (*(cursor))->dptr = NULL; } + *(cursor) = store_malloc(sizeof(TDB_DATA)); (*(cursor))->dptr = NULL; } /* EXIM_DBSCAN - This is complicated because we have to free the last datum free() must not die when passed NULL */ diff --git a/src/src/dcc.c b/src/src/dcc.c index b03690ca6..1841e733d 100644 --- a/src/src/dcc.c +++ b/src/src/dcc.c @@ -6,6 +6,8 @@ * Vienna University Computer Center * wbreyha@gmx.net * See the file NOTICE for conditions of use and distribution. + * + * Copyright (c) The Exim Maintainers 2015 - 2016 */ /* This patch is based on code from Tom Kistners exiscan (ACL integration) and @@ -70,7 +72,6 @@ dcc_process(uschar **listptr) uschar sendbuf[4096]; uschar recvbuf[4096]; uschar dcc_return_text[1024]; - uschar mbox_path[1024]; uschar message_subdir[2]; struct header_line *dcchdr; uschar *dcc_acl_options; @@ -79,50 +80,42 @@ dcc_process(uschar **listptr) /* grep 1st option */ if ((dcc_acl_options = string_nextinlist(&list, &sep, - dcc_acl_options_buffer, - sizeof(dcc_acl_options_buffer))) != NULL) - { + dcc_acl_options_buffer, sizeof(dcc_acl_options_buffer)))) + { /* parse 1st option */ - if ( (strcmpic(dcc_acl_options,US"false") == 0) || - (Ustrcmp(dcc_acl_options,"0") == 0) ) { - /* explicitly no matching */ - return FAIL; - }; - - /* special cases (match anything except empty) */ - if ( (strcmpic(dcc_acl_options,US"true") == 0) || - (Ustrcmp(dcc_acl_options,"*") == 0) || - (Ustrcmp(dcc_acl_options,"1") == 0) ) { - dcc_acl_options = dcc_acl_options; - }; - } - else { - /* empty means "don't match anything" */ - return FAIL; - }; + if ( strcmpic(dcc_acl_options, US"false") == 0 + || Ustrcmp(dcc_acl_options, "0") == 0 + ) + return FAIL; /* explicitly no matching */ + } + else + return FAIL; /* empty means "don't match anything" */ sep = 0; /* if we scanned this message last time, just return */ - if ( dcc_ok ) - return dcc_rc; + if (dcc_ok) + return dcc_rc; /* open the spooled body */ message_subdir[1] = '\0'; - for (i = 0; i < 2; i++) { - message_subdir[0] = (split_spool_directory == (i == 0))? message_id[5] : 0; - sprintf(CS mbox_path, "%s/input/%s/%s-D", spool_directory, message_subdir, message_id); - data_file = Ufopen(mbox_path,"rb"); - if (data_file != NULL) + for (i = 0; i < 2; i++) + { + message_subdir[0] = split_spool_directory == (i == 0) ? message_id[5] : 0; + + if ((data_file = Ufopen( + spool_fname(US"input", message_subdir, message_id, US"-D"), + "rb"))) break; - }; + } - if (data_file == NULL) { + if (!data_file) + { /* error while spooling */ log_write(0, LOG_MAIN|LOG_PANIC, "dcc acl condition: error while opening spool file"); return DEFER; - }; + } /* Initialize the variables */ @@ -216,9 +209,9 @@ dcc_process(uschar **listptr) } } else { /* connecting to the dccifd UNIX socket */ - bzero((char *)&serv_addr,sizeof(serv_addr)); + bzero(&serv_addr, sizeof(serv_addr)); serv_addr.sun_family = AF_UNIX; - Ustrcpy(serv_addr.sun_path, sockpath); + Ustrncpy(serv_addr.sun_path, sockpath, sizeof(serv_addr.sun_path)); if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0){ DEBUG(D_acl) debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno)); @@ -434,11 +427,11 @@ dcc_process(uschar **listptr) } } else { - /* We're on the first line but not on the first character, - * there must be something wrong. */ - DEBUG(D_acl) - debug_printf("DCC: Line = %d but i = %d != 0 character is %c - This is wrong!\n", line, i, recvbuf[i]); - log_write(0,LOG_MAIN,"Wrong header from DCC, output is %s\n", recvbuf); + /* We're on the first line but not on the first character, + * there must be something wrong. */ + DEBUG(D_acl) debug_printf("DCC: Line = %d but i = %d != 0" + " character is %c - This is wrong!\n", line, i, recvbuf[i]); + log_write(0,LOG_MAIN,"Wrong header from DCC, output is %s\n", recvbuf); } } else if(line == 2) { @@ -456,8 +449,8 @@ dcc_process(uschar **listptr) k++; } else { - DEBUG(D_acl) - debug_printf("DCC: We got more output than we can store in the X-DCC header. Truncating at 120 characters.\n"); + DEBUG(D_acl) debug_printf("DCC: We got more output than we can store" + " in the X-DCC header. Truncating at 120 characters.\n"); } } else { diff --git a/src/src/deliver.c b/src/src/deliver.c index e588ee4a4..9fe74df7c 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* The main code for delivering a message. */ @@ -76,8 +76,6 @@ static int return_count; static uschar *frozen_info = US""; static uschar *used_return_path = NULL; -static uschar spoolname[PATH_MAX]; - /************************************************* @@ -270,6 +268,8 @@ msglog directory that are used to catch output from pipes. Try to create the directory if it does not exist. From release 4.21, normal message logs should be created when the message is received. +Called from deliver_message(), can be operating as root. + Argument: filename the file name mode the mode required @@ -281,38 +281,49 @@ Returns: a file descriptor, or -1 (with errno set) static int open_msglog_file(uschar *filename, int mode, uschar **error) { -int fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); - -if (fd < 0 && errno == ENOENT) - { - uschar temp[16]; - sprintf(CS temp, "msglog/%s", message_subdir); - if (message_subdir[0] == 0) temp[6] = 0; - (void)directory_make(spool_directory, temp, MSGLOG_DIRECTORY_MODE, TRUE); - fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); - } - -/* Set the close-on-exec flag and change the owner to the exim uid/gid (this -function is called as root). Double check the mode, because the group setting -doesn't always get set automatically. */ +int fd, i; -if (fd >= 0) +for (i = 2; i > 0; i--) { - (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); - if (fchown(fd, exim_uid, exim_gid) < 0) - { - *error = US"chown"; - return -1; - } - if (fchmod(fd, mode) < 0) + fd = Uopen(filename, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif +#ifdef O_NOFOLLOW + O_NOFOLLOW | +#endif + O_WRONLY|O_APPEND|O_CREAT, mode); + if (fd >= 0) { - *error = US"chmod"; - return -1; + /* Set the close-on-exec flag and change the owner to the exim uid/gid (this + function is called as root). Double check the mode, because the group setting + doesn't always get set automatically. */ + +#ifndef O_CLOEXEC + (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + if (fchown(fd, exim_uid, exim_gid) < 0) + { + *error = US"chown"; + return -1; + } + if (fchmod(fd, mode) < 0) + { + *error = US"chmod"; + return -1; + } + return fd; } + if (errno != ENOENT) + break; + + (void)directory_make(spool_directory, + spool_sname(US"msglog", message_subdir), + MSGLOG_DIRECTORY_MODE, TRUE); } -else *error = US"create"; -return fd; +*error = US"create"; +return -1; } @@ -449,6 +460,10 @@ while (one && two) two = end_two; } + /* if the names matched but ports do not, mismatch */ + else if (one->port != two->port) + return FALSE; + /* Hosts matched */ one = one->next; @@ -703,7 +718,7 @@ if (LOGGING(incoming_interface) && LOGGING(outgoing_interface) s = LOGGING(outgoing_port) ? string_append(s, sizep, ptrp, 2, US"]:", string_sprintf("%d", sending_port)) - : string_cat(s, sizep, ptrp, US"]", 1); + : string_catn(s, sizep, ptrp, US"]", 1); } return s; } @@ -711,25 +726,31 @@ return s; static uschar * -d_hostlog(uschar *s, int *sizep, int *ptrp, address_item *addr) +d_hostlog(uschar * s, int * sp, int * pp, address_item * addr) { -s = string_append(s, sizep, ptrp, 5, US" H=", addr->host_used->name, - US" [", addr->host_used->address, US"]"); +host_item * h = addr->host_used; + +s = string_append(s, sp, pp, 2, US" H=", h->name); + +if (LOGGING(dnssec) && h->dnssec == DS_YES) + s = string_catn(s, sp, pp, US" DS", 3); + +s = string_append(s, sp, pp, 3, US" [", h->address, US"]"); + if (LOGGING(outgoing_port)) - s = string_append(s, sizep, ptrp, 2, US":", string_sprintf("%d", - addr->host_used->port)); + s = string_append(s, sp, pp, 2, US":", string_sprintf("%d", h->port)); #ifdef SUPPORT_SOCKS if (LOGGING(proxy) && proxy_local_address) { - s = string_append(s, sizep, ptrp, 3, US" PRX=[", proxy_local_address, US"]"); + s = string_append(s, sp, pp, 3, US" PRX=[", proxy_local_address, US"]"); if (LOGGING(outgoing_port)) - s = string_append(s, sizep, ptrp, 2, US":", string_sprintf("%d", + s = string_append(s, sp, pp, 2, US":", string_sprintf("%d", proxy_local_port)); } #endif -return d_log_interface(s, sizep, ptrp); +return d_log_interface(s, sp, pp); } @@ -833,6 +854,184 @@ router_name = transport_name = NULL; +/******************************************************************************/ + + +/************************************************* +* Generate local prt for logging * +*************************************************/ + +/* This function is a subroutine for use in string_log_address() below. + +Arguments: + addr the address being logged + yield the current dynamic buffer pointer + sizeptr points to current size + ptrptr points to current insert pointer + +Returns: the new value of the buffer pointer +*/ + +static uschar * +string_get_localpart(address_item *addr, uschar *yield, int *sizeptr, + int *ptrptr) +{ +uschar * s; + +s = addr->prefix; +if (testflag(addr, af_include_affixes) && s) + { +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + yield = string_cat(yield, sizeptr, ptrptr, s); + } + +s = addr->local_part; +#ifdef SUPPORT_I18N +if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif +yield = string_cat(yield, sizeptr, ptrptr, s); + +s = addr->suffix; +if (testflag(addr, af_include_affixes) && s) + { +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + yield = string_cat(yield, sizeptr, ptrptr, s); + } + +return yield; +} + + +/************************************************* +* Generate log address list * +*************************************************/ + +/* This function generates a list consisting of an address and its parents, for +use in logging lines. For saved onetime aliased addresses, the onetime parent +field is used. If the address was delivered by a transport with rcpt_include_ +affixes set, the af_include_affixes bit will be set in the address. In that +case, we include the affixes here too. + +Arguments: + str points to start of growing string, or NULL + size points to current allocation for string + ptr points to offset for append point; updated on exit + addr bottom (ultimate) address + all_parents if TRUE, include all parents + success TRUE for successful delivery + +Returns: a growable string in dynamic store +*/ + +static uschar * +string_log_address(uschar * str, int * size, int * ptr, + address_item *addr, BOOL all_parents, BOOL success) +{ +BOOL add_topaddr = TRUE; +address_item *topaddr; + +/* Find the ultimate parent */ + +for (topaddr = addr; topaddr->parent; topaddr = topaddr->parent) ; + +/* We start with just the local part for pipe, file, and reply deliveries, and +for successful local deliveries from routers that have the log_as_local flag +set. File deliveries from filters can be specified as non-absolute paths in +cases where the transport is goin to complete the path. If there is an error +before this happens (expansion failure) the local part will not be updated, and +so won't necessarily look like a path. Add extra text for this case. */ + +if ( testflag(addr, af_pfr) + || ( success + && addr->router && addr->router->log_as_local + && addr->transport && addr->transport->info->local + ) ) + { + if (testflag(addr, af_file) && addr->local_part[0] != '/') + str = string_catn(str, size, ptr, CUS"save ", 5); + str = string_get_localpart(addr, str, size, ptr); + } + +/* Other deliveries start with the full address. It we have split it into local +part and domain, use those fields. Some early failures can happen before the +splitting is done; in those cases use the original field. */ + +else + { + uschar * cmp = str + *ptr; + + if (addr->local_part) + { + const uschar * s; + str = string_get_localpart(addr, str, size, ptr); + str = string_catn(str, size, ptr, US"@", 1); + s = addr->domain; +#ifdef SUPPORT_I18N + if (testflag(addr, af_utf8_downcvt)) + s = string_localpart_utf8_to_alabel(s, NULL); +#endif + str = string_cat(str, size, ptr, s); + } + else + str = string_cat(str, size, ptr, addr->address); + + /* If the address we are going to print is the same as the top address, + and all parents are not being included, don't add on the top address. First + of all, do a caseless comparison; if this succeeds, do a caseful comparison + on the local parts. */ + + str[*ptr] = 0; + if ( strcmpic(cmp, topaddr->address) == 0 + && Ustrncmp(cmp, topaddr->address, Ustrchr(cmp, '@') - cmp) == 0 + && !addr->onetime_parent + && (!all_parents || !addr->parent || addr->parent == topaddr) + ) + add_topaddr = FALSE; + } + +/* If all parents are requested, or this is a local pipe/file/reply, and +there is at least one intermediate parent, show it in brackets, and continue +with all of them if all are wanted. */ + +if ( (all_parents || testflag(addr, af_pfr)) + && addr->parent + && addr->parent != topaddr) + { + uschar *s = US" ("; + address_item *addr2; + for (addr2 = addr->parent; addr2 != topaddr; addr2 = addr2->parent) + { + str = string_catn(str, size, ptr, s, 2); + str = string_cat (str, size, ptr, addr2->address); + if (!all_parents) break; + s = US", "; + } + str = string_catn(str, size, ptr, US")", 1); + } + +/* Add the top address if it is required */ + +if (add_topaddr) + str = string_append(str, size, ptr, 3, + US" <", + addr->onetime_parent ? addr->onetime_parent : topaddr->address, + US">"); + +return str; +} + + +/******************************************************************************/ + + + /* If msg is NULL this is a delivery log and logchar is used. Otherwise this is a nonstandard call; no two-character delivery flag is written but sender-host and sender are prefixed and "msg" is inserted in the log line. @@ -843,11 +1042,10 @@ Arguments: void delivery_log(int flags, address_item * addr, int logchar, uschar * msg) { -uschar *log_address; int size = 256; /* Used for a temporary, */ int ptr = 0; /* expanding buffer, for */ -uschar *s; /* building log lines; */ -void *reset_point; /* released afterwards. */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ /* Log the delivery on the main log. We use an extensible string to build up the log line, and reset the store afterwards. Remote deliveries should always @@ -861,14 +1059,14 @@ pointer to a single host item in their host list, for use by the transport. */ s = reset_point = store_get(size); -log_address = string_log_address(addr, LOGGING(all_parents), TRUE); if (msg) - s = string_append(s, &size, &ptr, 3, host_and_ident(TRUE), US" ", log_address); + s = string_append(s, &size, &ptr, 2, host_and_ident(TRUE), US" "); else { s[ptr++] = logchar; - s = string_append(s, &size, &ptr, 2, US"> ", log_address); + s = string_catn(s, &size, &ptr, US"> ", 2); } +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), TRUE); if (LOGGING(sender_on_delivery) || msg) s = string_append(s, &size, &ptr, 3, US" F=<", @@ -880,6 +1078,9 @@ if (LOGGING(sender_on_delivery) || msg) sender_address, US">"); +if (*queue_name) + s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); + #ifdef EXPERIMENTAL_SRS if(addr->prop.srs_sender) s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->prop.srs_sender, US">"); @@ -914,8 +1115,7 @@ if (addr->transport->info->local) s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name); s = d_log_interface(s, &size, &ptr); if (addr->shadow_message) - s = string_cat(s, &size, &ptr, addr->shadow_message, - Ustrlen(addr->shadow_message)); + s = string_cat(s, &size, &ptr, addr->shadow_message); } /* Remote delivery */ @@ -926,7 +1126,7 @@ else { s = d_hostlog(s, &size, &ptr, addr); if (continue_sequence > 1) - s = string_cat(s, &size, &ptr, US"*", 1); + s = string_catn(s, &size, &ptr, US"*", 1); #ifndef DISABLE_EVENT deliver_host_address = addr->host_used->address; @@ -957,8 +1157,11 @@ else #ifndef DISABLE_PRDR if (addr->flags & af_prdr_used) - s = string_append(s, &size, &ptr, 1, US" PRDR"); + s = string_catn(s, &size, &ptr, US" PRDR", 5); #endif + + if (addr->flags & af_chunking_used) + s = string_catn(s, &size, &ptr, US" K", 2); } /* confirmation message (SMTP (host_used) and LMTP (driver_name)) */ @@ -1009,6 +1212,163 @@ return; +static void +deferral_log(address_item * addr, uschar * now, + int logflags, uschar * driver_name, uschar * driver_kind) +{ +int size = 256; /* Used for a temporary, */ +int ptr = 0; /* expanding buffer, for */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ + +uschar ss[32]; + +/* Build up the line that is used for both the message log and the main +log. */ + +s = reset_point = store_get(size); + +/* Create the address string for logging. Must not do this earlier, because +an OK result may be changed to FAIL when a pipe returns text. */ + +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), FALSE); + +if (*queue_name) + s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); + +/* Either driver_name contains something and driver_kind contains +" router" or " transport" (note the leading space), or driver_name is +a null string and driver_kind contains "routing" without the leading +space, if all routing has been deferred. When a domain has been held, +so nothing has been done at all, both variables contain null strings. */ + +if (driver_name) + { + if (driver_kind[1] == 't' && addr->router) + s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); + Ustrcpy(ss, " ?="); + ss[1] = toupper(driver_kind[1]); + s = string_append(s, &size, &ptr, 2, ss, driver_name); + } +else if (driver_kind) + s = string_append(s, &size, &ptr, 2, US" ", driver_kind); + +/*XXX need an s+s+p sprintf */ +sprintf(CS ss, " defer (%d)", addr->basic_errno); +s = string_cat(s, &size, &ptr, ss); + +if (addr->basic_errno > 0) + s = string_append(s, &size, &ptr, 2, US": ", + US strerror(addr->basic_errno)); + +if (addr->host_used) + { + s = string_append(s, &size, &ptr, 5, + US" H=", addr->host_used->name, + US" [", addr->host_used->address, US"]"); + if (LOGGING(outgoing_port)) + { + int port = addr->host_used->port; + s = string_append(s, &size, &ptr, 2, + US":", port == PORT_NONE ? US"25" : string_sprintf("%d", port)); + } + } + +if (addr->message) + s = string_append(s, &size, &ptr, 2, US": ", addr->message); + +s[ptr] = 0; + +/* Log the deferment in the message log, but don't clutter it +up with retry-time defers after the first delivery attempt. */ + +if (deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE) + deliver_msglog("%s %s\n", now, s); + +/* Write the main log and reset the store. +For errors of the type "retry time not reached" (also remotes skipped +on queue run), logging is controlled by L_retry_defer. Note that this kind +of error number is negative, and all the retry ones are less than any +others. */ + + +log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags, + "== %s", s); + +store_reset(reset_point); +return; +} + + + +static void +failure_log(address_item * addr, uschar * driver_kind, uschar * now) +{ +int size = 256; /* Used for a temporary, */ +int ptr = 0; /* expanding buffer, for */ +uschar * s; /* building log lines; */ +void * reset_point; /* released afterwards. */ + +/* Build up the log line for the message and main logs */ + +s = reset_point = store_get(size); + +/* Create the address string for logging. Must not do this earlier, because +an OK result may be changed to FAIL when a pipe returns text. */ + +s = string_log_address(s, &size, &ptr, addr, LOGGING(all_parents), FALSE); + +if (LOGGING(sender_on_delivery)) + s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); + +if (*queue_name) + s = string_append(s, &size, &ptr, 2, US" Q=", queue_name); + +/* Return path may not be set if no delivery actually happened */ + +if (used_return_path && LOGGING(return_path_on_delivery)) + s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); + +if (addr->router) + s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); +if (addr->transport) + s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); + +if (addr->host_used) + s = d_hostlog(s, &size, &ptr, addr); + +#ifdef SUPPORT_TLS +s = d_tlslog(s, &size, &ptr, addr); +#endif + +if (addr->basic_errno > 0) + s = string_append(s, &size, &ptr, 2, US": ", US strerror(addr->basic_errno)); + +if (addr->message) + s = string_append(s, &size, &ptr, 2, US": ", addr->message); + +s[ptr] = 0; + +/* Do the logging. For the message log, "routing failed" for those cases, +just to make it clearer. */ + +if (driver_kind) + deliver_msglog("%s %s failed for %s\n", now, driver_kind, s); +else + deliver_msglog("%s %s\n", now, s); + +log_write(0, LOG_MAIN, "** %s", s); + +#ifndef DISABLE_EVENT +msg_event_raise(US"msg:fail:delivery", addr); +#endif + +store_reset(reset_point); +return; +} + + + /************************************************* * Actions at the end of handling an address * *************************************************/ @@ -1034,12 +1394,6 @@ post_process_one(address_item *addr, int result, int logflags, int driver_type, uschar *now = tod_stamp(tod_log); uschar *driver_kind = NULL; uschar *driver_name = NULL; -uschar *log_address; - -int size = 256; /* Used for a temporary, */ -int ptr = 0; /* expanding buffer, for */ -uschar *s; /* building log lines; */ -void *reset_point; /* released afterwards. */ DEBUG(D_deliver) debug_printf("post-process %s (%d)\n", addr->address, result); @@ -1077,21 +1431,9 @@ malformed, it won't ever have gone near LDAP.) */ if (addr->message) { const uschar * s = string_printing(addr->message); - if (s != addr->message) - addr->message = US s; - /* deconst cast ok as string_printing known to have alloc'n'copied */ - if ( ( Ustrstr(s, "failed to expand") != NULL - || Ustrstr(s, "expansion of ") != NULL - ) - && ( Ustrstr(s, "mysql") != NULL - || Ustrstr(s, "pgsql") != NULL - || Ustrstr(s, "redis") != NULL - || Ustrstr(s, "sqlite") != NULL - || Ustrstr(s, "ldap:") != NULL - || Ustrstr(s, "ldapdn:") != NULL - || Ustrstr(s, "ldapm:") != NULL - ) ) - addr->message = string_sprintf("Temporary internal error"); + + /* deconst cast ok as string_printing known to have alloc'n'copied */ + addr->message = expand_hide_passwords(US s); } /* If we used a transport that has one of the "return_output" options set, and @@ -1257,82 +1599,7 @@ else if (result == DEFER || result == PANIC) log or the main log for SMTP defers. */ if (!queue_2stage || addr->basic_errno != 0) - { - uschar ss[32]; - - /* For errors of the type "retry time not reached" (also remotes skipped - on queue run), logging is controlled by L_retry_defer. Note that this kind - of error number is negative, and all the retry ones are less than any - others. */ - - unsigned int use_log_selector = addr->basic_errno <= ERRNO_RETRY_BASE - ? L_retry_defer : 0; - - /* Build up the line that is used for both the message log and the main - log. */ - - s = reset_point = store_get(size); - - /* Create the address string for logging. Must not do this earlier, because - an OK result may be changed to FAIL when a pipe returns text. */ - - log_address = string_log_address(addr, LOGGING(all_parents), result == OK); - - s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); - - /* Either driver_name contains something and driver_kind contains - " router" or " transport" (note the leading space), or driver_name is - a null string and driver_kind contains "routing" without the leading - space, if all routing has been deferred. When a domain has been held, - so nothing has been done at all, both variables contain null strings. */ - - if (driver_name) - { - if (driver_kind[1] == 't' && addr->router) - s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); - Ustrcpy(ss, " ?="); - ss[1] = toupper(driver_kind[1]); - s = string_append(s, &size, &ptr, 2, ss, driver_name); - } - else if (driver_kind) - s = string_append(s, &size, &ptr, 2, US" ", driver_kind); - - sprintf(CS ss, " defer (%d)", addr->basic_errno); - s = string_cat(s, &size, &ptr, ss, Ustrlen(ss)); - - if (addr->basic_errno > 0) - s = string_append(s, &size, &ptr, 2, US": ", - US strerror(addr->basic_errno)); - - if (addr->host_used) - { - s = string_append(s, &size, &ptr, 5, - US" H=", addr->host_used->name, - US" [", addr->host_used->address, US"]"); - if (LOGGING(outgoing_port)) - { - int port = addr->host_used->port; - s = string_append(s, &size, &ptr, 2, - US":", port == PORT_NONE ? US"25" : string_sprintf("%d", port)); - } - } - - if (addr->message) - s = string_append(s, &size, &ptr, 2, US": ", addr->message); - - s[ptr] = 0; - - /* Log the deferment in the message log, but don't clutter it - up with retry-time defers after the first delivery attempt. */ - - if (deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE) - deliver_msglog("%s %s\n", now, s); - - /* Write the main log and reset the store */ - - log_write(use_log_selector, logflags, "== %s", s); - store_reset(reset_point); - } + deferral_log(addr, now, logflags, driver_name, driver_kind); } @@ -1348,7 +1615,7 @@ else force the af_ignore_error flag. This will cause the address to be discarded later (with a log entry). */ - if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) + if (!*sender_address && message_age >= ignore_bounce_errors_after) setflag(addr, af_ignore_error); /* Freeze the message if requested, or if this is a bounce message (or other @@ -1387,61 +1654,7 @@ else addr_failed = addr; } - /* Build up the log line for the message and main logs */ - - s = reset_point = store_get(size); - - /* Create the address string for logging. Must not do this earlier, because - an OK result may be changed to FAIL when a pipe returns text. */ - - log_address = string_log_address(addr, LOGGING(all_parents), result == OK); - - s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); - - if (LOGGING(sender_on_delivery)) - s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); - - /* Return path may not be set if no delivery actually happened */ - - if (used_return_path && LOGGING(return_path_on_delivery)) - s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); - - if (addr->router) - s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); - if (addr->transport) - s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); - - if (addr->host_used) - s = d_hostlog(s, &size, &ptr, addr); - -#ifdef SUPPORT_TLS - s = d_tlslog(s, &size, &ptr, addr); -#endif - - if (addr->basic_errno > 0) - s = string_append(s, &size, &ptr, 2, US": ", - US strerror(addr->basic_errno)); - - if (addr->message) - s = string_append(s, &size, &ptr, 2, US": ", addr->message); - - s[ptr] = 0; - - /* Do the logging. For the message log, "routing failed" for those cases, - just to make it clearer. */ - - if (driver_name) - deliver_msglog("%s %s\n", now, s); - else - deliver_msglog("%s %s failed for %s\n", now, driver_kind, s); - - log_write(0, LOG_MAIN, "** %s", s); - -#ifndef DISABLE_EVENT - msg_event_raise(US"msg:fail:delivery", addr); -#endif - - store_reset(reset_point); + failure_log(addr, driver_name ? NULL : driver_kind, now); } /* Ensure logging is turned on again in all cases */ @@ -1957,12 +2170,13 @@ if ( !shadowing || tp->log_output || tp->log_fail_output || tp->log_defer_output ) ) { - uschar *error; + uschar * error; + addr->return_filename = - string_sprintf("%s/msglog/%s/%s-%d-%d", spool_directory, message_subdir, - message_id, getpid(), return_count++); - addr->return_file = open_msglog_file(addr->return_filename, 0400, &error); - if (addr->return_file < 0) + spool_fname(US"msglog", message_subdir, message_id, + string_sprintf("-%d-%d", getpid(), return_count++)); + + if ((addr->return_file = open_msglog_file(addr->return_filename, 0400, &error)) < 0) { common_error(TRUE, addr, errno, US"Unable to %s file for %s transport " "to return message: %s", error, tp->name, strerror(errno)); @@ -2146,7 +2360,7 @@ if ((pid = fork()) == 0) ) ) ) - log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s", ret == -1 ? strerror(errno) : "short write"); /* Now any messages */ @@ -2157,7 +2371,7 @@ if ((pid = fork()) == 0) if( (ret = write(pfd[pipe_write], &message_length, sizeof(int))) != sizeof(int) || message_length > 0 && (ret = write(pfd[pipe_write], s, message_length)) != message_length ) - log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s", ret == -1 ? strerror(errno) : "short write"); } } @@ -2188,8 +2402,7 @@ will remain. Afterwards, close the reading end. */ for (addr2 = addr; addr2; addr2 = addr2->next) { - len = read(pfd[pipe_read], &status, sizeof(int)); - if (len > 0) + if ((len = read(pfd[pipe_read], &status, sizeof(int))) > 0) { int i; uschar **sptr; @@ -2206,10 +2419,24 @@ for (addr2 = addr; addr2; addr2 = addr2->next) if (testflag(addr2, af_file)) { - int local_part_length; - len = read(pfd[pipe_read], &local_part_length, sizeof(int)); - len = read(pfd[pipe_read], big_buffer, local_part_length); - big_buffer[local_part_length] = 0; + int llen; + if ( read(pfd[pipe_read], &llen, sizeof(int)) != sizeof(int) + || llen > 64*4 /* limit from rfc 5821, times I18N factor */ + ) + { + log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part length read" + " from delivery subprocess"); + break; + } + /* sanity-checked llen so disable the Coverity error */ + /* coverity[tainted_data] */ + if (read(pfd[pipe_read], big_buffer, llen) != llen) + { + log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part read" + " from delivery subprocess"); + break; + } + big_buffer[llen] = 0; addr2->local_part = string_copy(big_buffer); } @@ -2220,6 +2447,7 @@ for (addr2 = addr; addr2; addr2 = addr2->next) if (message_length > 0) { len = read(pfd[pipe_read], big_buffer, message_length); + big_buffer[big_buffer_size-1] = '\0'; /* guard byte */ if (len > 0) *sptr = string_copy(big_buffer); } } @@ -3288,6 +3516,10 @@ while (!done) break; #endif + case 'K': + addr->flags |= af_chunking_used; + break; + case 'D': if (!addr) goto ADDR_MISMATCH; memcpy(&(addr->dsn_aware), ptr, sizeof(addr->dsn_aware)); @@ -3855,7 +4087,8 @@ static void rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size) { uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE]; -int header_length; +int header_length; +int ret; /* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */ /* complain to log if someone tries with buffer sizes we can't handle*/ @@ -3885,8 +4118,7 @@ if (buf && size > 0) memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size); size += PIPE_HEADER_SIZE; -int ret = write(fd, writebuffer, size); -if(ret != size) +if ((ret = write(fd, writebuffer, size)) != size) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n", ret == -1 ? strerror(errno) : "short write"); } @@ -4220,6 +4452,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) ok = FALSE; for (h = addr->host_list; h; h = h->next) if (Ustrcmp(h->name, continue_hostname) == 0) +/*XXX should also check port here */ { ok = TRUE; break; } } @@ -4245,7 +4478,11 @@ for (delivery_count = 0; addr_remote; delivery_count++) else { - while (next->next) next = next->next; + for (next = addr; ; next = next->next) + { + DEBUG(D_deliver) debug_printf(" %s to def list\n", next->address); + if (!next->next) break; + } next->next = addr_defer; addr_defer = addr; } @@ -4384,18 +4621,23 @@ for (delivery_count = 0; addr_remote; delivery_count++) a dup-with-new-file-pointer. */ (void)close(deliver_datafile); - sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, - message_id); - deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0); + { + uschar * fname = spool_fname(US"input", message_subdir, message_id, US"-D"); - if (deliver_datafile < 0) + if ((deliver_datafile = Uopen(fname, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_RDWR | O_APPEND, 0)) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to reopen %s for remote " - "parallel delivery: %s", spoolname, strerror(errno)); + "parallel delivery: %s", fname, strerror(errno)); + } /* Set the close-on-exec flag */ - +#ifndef O_CLOEXEC (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) | FD_CLOEXEC); +#endif /* Set the uid/gid of this process; bombs out on failure. */ @@ -4526,6 +4768,9 @@ for (delivery_count = 0; addr_remote; delivery_count++) rmt_dlv_checked_write(fd, 'P', '0', NULL, 0); #endif + if (addr->flags & af_chunking_used) + rmt_dlv_checked_write(fd, 'K', '0', NULL, 0); + memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware)); rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware)); DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware); @@ -4721,13 +4966,17 @@ Returns: OK */ int -deliver_split_address(address_item *addr) +deliver_split_address(address_item * addr) { -uschar *address = addr->address; -uschar *domain = Ustrrchr(address, '@'); -uschar *t; -int len = domain - address; +uschar * address = addr->address; +uschar * domain; +uschar * t; +int len; +if (!(domain = Ustrrchr(address, '@'))) + return DEFER; /* should always have a domain, but just in case... */ + +len = domain - address; addr->domain = string_copylc(domain+1); /* Domains are always caseless */ /* The implication in the RFCs (though I can't say I've seen it spelled out @@ -4739,7 +4988,7 @@ removing quoting backslashes and any unquoted doublequotes. */ t = addr->cc_local_part = store_get(len+1); while(len-- > 0) { - register int c = *address++; + int c = *address++; if (c == '\"') continue; if (c == '\\') { @@ -4831,7 +5080,7 @@ if (!Ufgets(buffer, sizeof(buffer), f) || Ustrcmp(buffer, "****\n") == 0) para = store_get(size); for (;;) { - para = string_cat(para, &size, &ptr, buffer, Ustrlen(buffer)); + para = string_cat(para, &size, &ptr, buffer); if (!Ufgets(buffer, sizeof(buffer), f) || Ustrcmp(buffer, "****\n") == 0) break; } @@ -5131,6 +5380,8 @@ A delivery operation has a process all to itself; we never deliver more than one message in the same process. Therefore we needn't worry too much about store leakage. +Liable to be called as root. + Arguments: id the id of the message to be delivered forced TRUE if delivery was forced by an administrator; this overrides @@ -5155,7 +5406,6 @@ int final_yield = DELIVER_ATTEMPTED_NORMAL; time_t now = time(NULL); address_item *addr_last = NULL; uschar *filter_message = NULL; -FILE *jread; int process_recipients = RECIP_ACCEPT; open_db dbblock; open_db *dbm_file; @@ -5226,7 +5476,7 @@ Any failures cause messages to be written to the log, except for missing files while queue running - another process probably completed delivery. As part of opening the data file, message_subdir gets set. */ -if (!spool_open_datafile(id)) +if ((deliver_datafile = spool_open_datafile(id)) < 0) return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ /* The value of message_size at this point has been set to the data length, @@ -5237,53 +5487,51 @@ store, and also the list of recipients and the tree of non-recipients and assorted flags. It updates message_size. If there is a reading or format error, give up; if the message has been around for sufficiently long, remove it. */ -sprintf(CS spoolname, "%s-H", id); -if ((rc = spool_read_header(spoolname, TRUE, TRUE)) != spool_read_OK) { - if (errno == ERRNO_SPOOLFORMAT) + uschar * spoolname = string_sprintf("%s-H", id); + if ((rc = spool_read_header(spoolname, TRUE, TRUE)) != spool_read_OK) { - struct stat statbuf; - sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, - spoolname); - if (Ustat(big_buffer, &statbuf) == 0) - log_write(0, LOG_MAIN, "Format error in spool file %s: " - "size=" OFF_T_FMT, spoolname, statbuf.st_size); - else log_write(0, LOG_MAIN, "Format error in spool file %s", spoolname); - } - else - log_write(0, LOG_MAIN, "Error reading spool file %s: %s", spoolname, - strerror(errno)); + if (errno == ERRNO_SPOOLFORMAT) + { + struct stat statbuf; + if (Ustat(spool_fname(US"input", message_subdir, spoolname, US""), + &statbuf) == 0) + log_write(0, LOG_MAIN, "Format error in spool file %s: " + "size=" OFF_T_FMT, spoolname, statbuf.st_size); + else + log_write(0, LOG_MAIN, "Format error in spool file %s", spoolname); + } + else + log_write(0, LOG_MAIN, "Error reading spool file %s: %s", spoolname, + strerror(errno)); - /* If we managed to read the envelope data, received_time contains the - time the message was received. Otherwise, we can calculate it from the - message id. */ + /* If we managed to read the envelope data, received_time contains the + time the message was received. Otherwise, we can calculate it from the + message id. */ - if (rc != spool_read_hdrerror) - { - received_time = 0; - for (i = 0; i < 6; i++) - received_time = received_time * BASE_62 + tab62[id[i] - '0']; - } + if (rc != spool_read_hdrerror) + { + received_time = 0; + for (i = 0; i < 6; i++) + received_time = received_time * BASE_62 + tab62[id[i] - '0']; + } - /* If we've had this malformed message too long, sling it. */ + /* If we've had this malformed message too long, sling it. */ - if (now - received_time > keep_malformed) - { - sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, id); - Uunlink(spoolname); - sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); - Uunlink(spoolname); - sprintf(CS spoolname, "%s/input/%s/%s-H", spool_directory, message_subdir, id); - Uunlink(spoolname); - sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); - Uunlink(spoolname); - log_write(0, LOG_MAIN, "Message removed because older than %s", - readconf_printtime(keep_malformed)); - } + if (now - received_time > keep_malformed) + { + Uunlink(spool_fname(US"msglog", message_subdir, id, US"")); + Uunlink(spool_fname(US"input", message_subdir, id, US"-D")); + Uunlink(spool_fname(US"input", message_subdir, id, US"-H")); + Uunlink(spool_fname(US"input", message_subdir, id, US"-J")); + log_write(0, LOG_MAIN, "Message removed because older than %s", + readconf_printtime(keep_malformed)); + } - (void)close(deliver_datafile); - deliver_datafile = -1; - return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ + (void)close(deliver_datafile); + deliver_datafile = -1; + return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ + } } /* The spool header file has been read. Look to see if there is an existing @@ -5295,37 +5543,55 @@ existence, as it will get further successful deliveries added to it in this run, and it will be deleted if this function gets to its end successfully. Otherwise it might be needed again. */ -sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); -jread = Ufopen(spoolname, "rb"); -if (jread) { - while (Ufgets(big_buffer, big_buffer_size, jread)) + uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); + FILE * jread; + + if ( (journal_fd = Uopen(fname, O_RDWR|O_APPEND +#ifdef O_CLOEXEC + | O_CLOEXEC +#endif +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + , SPOOL_MODE)) >= 0 + && lseek(journal_fd, 0, SEEK_SET) == 0 + && (jread = fdopen(journal_fd, "rb")) + ) + { + while (Ufgets(big_buffer, big_buffer_size, jread)) + { + int n = Ustrlen(big_buffer); + big_buffer[n-1] = 0; + tree_add_nonrecipient(big_buffer); + DEBUG(D_deliver) debug_printf("Previously delivered address %s taken from " + "journal file\n", big_buffer); + } + rewind(jread); + if ((journal_fd = dup(fileno(jread))) < 0) + journal_fd = fileno(jread); + else + (void) fclose(jread); /* Try to not leak the FILE resource */ + + /* Panic-dies on error */ + (void)spool_write_header(message_id, SW_DELIVERING, NULL); + } + else if (errno != ENOENT) { - int n = Ustrlen(big_buffer); - big_buffer[n-1] = 0; - tree_add_nonrecipient(big_buffer); - DEBUG(D_deliver) debug_printf("Previously delivered address %s taken from " - "journal file\n", big_buffer); + log_write(0, LOG_MAIN|LOG_PANIC, "attempt to open journal for reading gave: " + "%s", strerror(errno)); + return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ } - (void)fclose(jread); - /* Panic-dies on error */ - (void)spool_write_header(message_id, SW_DELIVERING, NULL); - } -else if (errno != ENOENT) - { - log_write(0, LOG_MAIN|LOG_PANIC, "attempt to open journal for reading gave: " - "%s", strerror(errno)); - return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ - } -/* A null recipients list indicates some kind of disaster. */ + /* A null recipients list indicates some kind of disaster. */ -if (!recipients_list) - { - (void)close(deliver_datafile); - deliver_datafile = -1; - log_write(0, LOG_MAIN, "Spool error: no recipients for %s", spoolname); - return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ + if (!recipients_list) + { + (void)close(deliver_datafile); + deliver_datafile = -1; + log_write(0, LOG_MAIN, "Spool error: no recipients for %s", fname); + return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ + } } @@ -5361,10 +5627,8 @@ if (deliver_freeze) ignore timer is exceeded. The message will be discarded if this delivery fails. */ - else if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) - { + else if (!*sender_address && message_age >= ignore_bounce_errors_after) log_write(0, LOG_MAIN, "Unfrozen by errmsg timer"); - } /* If this is a bounce message, or there's no auto thaw, or we haven't reached the auto thaw time yet, and this delivery is not forced by an admin @@ -5413,16 +5677,14 @@ done by rewriting the header spool file. */ if (message_logs) { - uschar *error; + uschar * fname = spool_fname(US"msglog", message_subdir, id, US""); + uschar * error; int fd; - sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, id); - fd = open_msglog_file(spoolname, SPOOL_MODE, &error); - - if (fd < 0) + if ((fd = open_msglog_file(fname, SPOOL_MODE, &error)) < 0) { log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't %s message log %s: %s", error, - spoolname, strerror(errno)); + fname, strerror(errno)); return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ } @@ -5431,7 +5693,7 @@ if (message_logs) if (!(message_log = fdopen(fd, "a"))) { log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't fdopen message log %s: %s", - spoolname, strerror(errno)); + fname, strerror(errno)); return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ } } @@ -5698,22 +5960,18 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) tpname = tmp; } else - { p->message = string_sprintf("system_filter_%s_transport is unset", type); - } if (tpname) { transport_instance *tp; for (tp = transports; tp; tp = tp->next) - { if (Ustrcmp(tp->name, tpname) == 0) { p->transport = tp; break; } - } if (!tp) p->message = string_sprintf("failed to find \"%s\" transport " "for system filter delivery", tpname); @@ -6626,10 +6884,8 @@ there is only address to be delivered - if it succeeds the spool write need not happen. */ if ( header_rewritten - && ( ( addr_local - && (addr_local->next || addr_remote) - ) - || (addr_remote && addr_remote->next) + && ( addr_local && (addr_local->next || addr_remote) + || addr_remote && addr_remote->next ) ) { /* Panic-dies on error */ @@ -6638,10 +6894,10 @@ if ( header_rewritten } -/* If there are any deliveries to be done, open the journal file. This is used -to record successful deliveries as soon as possible after each delivery is -known to be complete. A file opened with O_APPEND is used so that several -processes can run simultaneously. +/* If there are any deliveries to be and we do not already have the journal +file, create it. This is used to record successful deliveries as soon as +possible after each delivery is known to be complete. A file opened with +O_APPEND is used so that several processes can run simultaneously. The journal is just insurance against crashes. When the spool file is ultimately updated at the end of processing, the journal is deleted. If a @@ -6650,34 +6906,47 @@ therein are added to the non-recipients. */ if (addr_local || addr_remote) { - sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); - journal_fd = Uopen(spoolname, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE); - if (journal_fd < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s", - spoolname, strerror(errno)); - return DELIVER_NOT_ATTEMPTED; - } + uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); + + if ((journal_fd = Uopen(fname, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0) + { + log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s", + fname, strerror(errno)); + return DELIVER_NOT_ATTEMPTED; + } - /* Set the close-on-exec flag, make the file owned by Exim, and ensure - that the mode is correct - the group setting doesn't always seem to get - set automatically. */ + /* Set the close-on-exec flag, make the file owned by Exim, and ensure + that the mode is correct - the group setting doesn't always seem to get + set automatically. */ - if( fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) - || fchown(journal_fd, exim_uid, exim_gid) - || fchmod(journal_fd, SPOOL_MODE) - ) - { - int ret = Uunlink(spoolname); - log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", - spoolname, strerror(errno)); - if(ret && errno != ENOENT) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", - spoolname, strerror(errno)); - return DELIVER_NOT_ATTEMPTED; + if( fchown(journal_fd, exim_uid, exim_gid) + || fchmod(journal_fd, SPOOL_MODE) +#ifndef O_CLOEXEC + || fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) +#endif + ) + { + int ret = Uunlink(fname); + log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", + fname, strerror(errno)); + if(ret && errno != ENOENT) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", + fname, strerror(errno)); + return DELIVER_NOT_ATTEMPTED; + } } } +else if (journal_fd >= 0) + { + close(journal_fd); + journal_fd = -1; + } @@ -6904,8 +7173,8 @@ if (addr_senddsn) { FILE *f = fdopen(fd, "wb"); /* header only as required by RFC. only failure DSN needs to honor RET=FULL */ - int topt = topt_add_return_path | topt_no_body; uschar * bound; + transport_ctx tctx = {0}; DEBUG(D_deliver) debug_printf("sending error message to: %s\n", sender_address); @@ -6953,7 +7222,7 @@ if (addr_senddsn) if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) fprintf(f, "Original-Envelope-ID: %s\n", dsn_envid); else - fprintf(f, "X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); + fprintf(f, "X-Original-Envelope-ID: error decoding xtext formatted ENVID\n"); } fputc('\n', f); @@ -6984,7 +7253,9 @@ if (addr_senddsn) return_path = sender_address; /* In case not previously set */ /* Write the original email out */ - transport_write_message(NULL, fileno(f), topt, 0, NULL, NULL, NULL, NULL, NULL, 0); + + tctx.options = topt_add_return_path | topt_no_body; + transport_write_message(fileno(f), &tctx, 0); fflush(f); fprintf(f,"\n--%s--\n", bound); @@ -7339,7 +7610,7 @@ wording. */ if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) fprintf(f, "Original-Envelope-ID: %s\n", dsn_envid); else - fprintf(f, "X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); + fprintf(f, "X-Original-Envelope-ID: error decoding xtext formatted ENVID\n"); } fputc('\n', f); @@ -7439,8 +7710,16 @@ wording. */ fflush(f); transport_filter_argv = NULL; /* Just in case */ return_path = sender_address; /* In case not previously set */ - transport_write_message(NULL, fileno(f), topt, - 0, dsnnotifyhdr, NULL, NULL, NULL, NULL, 0); + { /* Dummy transport for headers add */ + transport_ctx tctx = {0}; + transport_instance tb = {0}; + + tctx.tblock = &tb; + tctx.options = topt; + tb.add_headers = dsnnotifyhdr; + + transport_write_message(fileno(f), &tctx, 0); + } fflush(f); /* we never add the final text. close the file */ @@ -7515,40 +7794,43 @@ Then delete the message itself. */ if (!addr_defer) { + uschar * fname; + if (message_logs) { - sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, - id); + fname = spool_fname(US"msglog", message_subdir, id, US""); if (preserve_message_logs) { int rc; - sprintf(CS big_buffer, "%s/msglog.OLD/%s", spool_directory, id); - if ((rc = Urename(spoolname, big_buffer)) < 0) + uschar * moname = spool_fname(US"msglog.OLD", US"", id, US""); + + if ((rc = Urename(fname, moname)) < 0) { - (void)directory_make(spool_directory, US"msglog.OLD", - MSGLOG_DIRECTORY_MODE, TRUE); - rc = Urename(spoolname, big_buffer); + (void)directory_make(spool_directory, + spool_sname(US"msglog.OLD", US""), + MSGLOG_DIRECTORY_MODE, TRUE); + rc = Urename(fname, moname); } if (rc < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to move %s to the " - "msglog.OLD directory", spoolname); + "msglog.OLD directory", fname); } else - if (Uunlink(spoolname) < 0) + if (Uunlink(fname) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", - spoolname, strerror(errno)); + fname, strerror(errno)); } /* Remove the two message files. */ - sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); - if (Uunlink(spoolname) < 0) + fname = spool_fname(US"input", message_subdir, id, US"-D"); + if (Uunlink(fname) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", - spoolname, strerror(errno)); - sprintf(CS spoolname, "%s/input/%s/%s-H", spool_directory, message_subdir, id); - if (Uunlink(spoolname) < 0) + fname, strerror(errno)); + fname = spool_fname(US"input", message_subdir, id, US"-H"); + if (Uunlink(fname) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", - spoolname, strerror(errno)); + fname, strerror(errno)); /* Log the end of this message, with queue time if requested. */ @@ -7642,10 +7924,12 @@ else if (addr_defer != (address_item *)(+1)) } /* Didn't find the address already in the list, and did find the - ultimate parent's address in the list. After adding the recipient, + ultimate parent's address in the list, and they really are different + (i.e. not from an identity-redirect). After adding the recipient, update the errors address in the recipients list. */ - if (i >= recipients_count && t < recipients_count) + if ( i >= recipients_count && t < recipients_count + && Ustrcmp(otaddr->address, otaddr->parent->address) != 0) { DEBUG(D_deliver) debug_printf("one_time: adding %s in place of %s\n", otaddr->address, otaddr->parent->address); @@ -7660,19 +7944,14 @@ else if (addr_defer != (address_item *)(+1)) this deferred address or, if there is none, the sender address, is on the list of recipients for a warning message. */ - if (sender_address[0] != 0) - if (addr->prop.errors_address) - { - if (Ustrstr(recipients, addr->prop.errors_address) == NULL) - recipients = string_sprintf("%s%s%s", recipients, - (recipients[0] == 0)? "" : ",", addr->prop.errors_address); - } - else - { - if (Ustrstr(recipients, sender_address) == NULL) - recipients = string_sprintf("%s%s%s", recipients, - (recipients[0] == 0)? "" : ",", sender_address); - } + if (sender_address[0]) + { + uschar * s = addr->prop.errors_address; + if (!s) s = sender_address; + if (Ustrstr(recipients, s) == NULL) + recipients = string_sprintf("%s%s%s", recipients, + recipients[0] ? "," : "", s); + } } /* Send a warning message if the conditions are right. If the condition check @@ -7753,7 +8032,7 @@ else if (addr_defer != (address_item *)(+1)) FILE *wmf = NULL; FILE *f = fdopen(fd, "wb"); uschar * bound; - int topt; + transport_ctx tctx = {0}; if (warn_message_file) if (!(wmf = Ufopen(warn_message_file, "rb"))) @@ -7872,7 +8151,7 @@ else if (addr_defer != (address_item *)(+1)) if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) fprintf(f,"Original-Envelope-ID: %s\n", dsn_envid); else - fprintf(f,"X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); + fprintf(f,"X-Original-Envelope-ID: error decoding xtext formatted ENVID\n"); } fputc('\n', f); @@ -7900,11 +8179,12 @@ else if (addr_defer != (address_item *)(+1)) fflush(f); /* header only as required by RFC. only failure DSN needs to honor RET=FULL */ - topt = topt_add_return_path | topt_no_body; + tctx.options = topt_add_return_path | topt_no_body; transport_filter_argv = NULL; /* Just in case */ return_path = sender_address; /* In case not previously set */ + /* Write the original email out */ - transport_write_message(NULL, fileno(f), topt, 0, NULL, NULL, NULL, NULL, NULL, 0); + transport_write_message(fileno(f), &tctx, 0); fflush(f); fprintf(f,"\n--%s--\n", bound); @@ -8015,9 +8295,10 @@ if (journal_fd >= 0) (void)close(journal_fd); if (remove_journal) { - sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); - if (Uunlink(spoolname) < 0 && errno != ENOENT) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", spoolname, + uschar * fname = spool_fname(US"input", message_subdir, id, US"-J"); + + if (Uunlink(fname) < 0 && errno != ENOENT) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", fname, strerror(errno)); /* Move the message off the spool if reqested */ @@ -8067,6 +8348,9 @@ if (!regex_STARTTLS) regex_STARTTLS = regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); #endif +if (!regex_CHUNKING) regex_CHUNKING = + regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); + #ifndef DISABLE_PRDR if (!regex_PRDR) regex_PRDR = regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); @@ -8091,8 +8375,18 @@ deliver_get_sender_address (uschar * id) int rc; uschar * new_sender_address, * save_sender_address; +BOOL save_qr = queue_running; +uschar * spoolname; + +/* make spool_open_datafile non-noisy on fail */ + +queue_running = TRUE; + +/* Side effect: message_subdir is set for the (possibly split) spool directory */ -if (!spool_open_datafile(id)) +deliver_datafile = spool_open_datafile(id); +queue_running = save_qr; +if (deliver_datafile < 0) return NULL; /* Save and restore the global sender_address. I'm not sure if we should @@ -8101,7 +8395,7 @@ spool_read_header() may change all of them. But OTOH, when this deliver_get_sender_address() gets called, the current message is done already and nobody needs the globals anymore. (HS12, 2015-08-21) */ -sprintf(CS spoolname, "%s-H", id); +spoolname = string_sprintf("%s-H", id); save_sender_address = sender_address; rc = spool_read_header(spoolname, TRUE, TRUE); diff --git a/src/src/demime.c b/src/src/demime.c deleted file mode 100644 index 887678db3..000000000 --- a/src/src/demime.c +++ /dev/null @@ -1,1243 +0,0 @@ -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-???? */ -/* License: GPL */ - -/* Code for unpacking MIME containers. Called from acl.c. */ - -#include "exim.h" -#ifdef WITH_OLD_DEMIME - -#include "demime.h" - -uschar demime_reason_buffer[1024]; -struct file_extension *file_extensions = NULL; - -int demime(uschar **listptr) { - int sep = 0; - uschar *list = *listptr; - uschar *option; - uschar option_buffer[64]; - unsigned long mbox_size; - FILE *mbox_file; - uschar defer_error_buffer[1024]; - int demime_rc = 0; - - /* reset found_extension variable */ - found_extension = NULL; - - /* try to find 1st option */ - if ((option = string_nextinlist(&list, &sep, - option_buffer, - sizeof(option_buffer))) != NULL) { - - /* parse 1st option */ - if ( (Ustrcmp(option,"false") == 0) || (Ustrcmp(option,"0") == 0) ) { - /* explicitly no demimeing */ - return FAIL; - }; - } - else { - /* no options -> no demimeing */ - return FAIL; - }; - - /* make sure the eml mbox file is spooled up */ - mbox_file = spool_mbox(&mbox_size, NULL); - - if (mbox_file == NULL) { - /* error while spooling */ - log_write(0, LOG_MAIN|LOG_PANIC, - "demime acl condition: error while creating mbox spool file"); - return DEFER; - }; - - /* call demimer if not already done earlier */ - if (!demime_ok) - demime_rc = mime_demux(mbox_file, defer_error_buffer); - - (void)fclose(mbox_file); - - if (demime_rc == DEFER) { - /* temporary failure (DEFER => DEFER) */ - log_write(0, LOG_MAIN, - "demime acl condition: %s", defer_error_buffer); - return DEFER; - }; - - /* set demime_ok to avoid unpacking again */ - demime_ok = 1; - - /* check for file extensions, if there */ - while (option != NULL) { - struct file_extension *this_extension = file_extensions; - - /* Look for the wildcard. If it is found, we always return true. - The user must then use a custom condition to evaluate demime_errorlevel */ - if (Ustrcmp(option,"*") == 0) { - found_extension = NULL; - return OK; - }; - - /* loop thru extension list */ - while (this_extension != NULL) { - if (strcmpic(option, this_extension->file_extension_string) == 0) { - /* found one */ - found_extension = this_extension->file_extension_string; - return OK; - }; - this_extension = this_extension->next; - }; - - /* grab next extension from option list */ - option = string_nextinlist(&list, &sep, - option_buffer, - sizeof(option_buffer)); - }; - - /* nothing found */ - return FAIL; -} - - -/************************************************* -* small hex_str -> integer conversion function * -*************************************************/ - -/* needed for quoted-printable -*/ - -unsigned int mime_hstr_i(uschar *cptr) { - unsigned int i, j = 0; - - while (cptr && *cptr && isxdigit(*cptr)) { - i = *cptr++ - '0'; - if (9 < i) i -= 7; - j <<= 4; - j |= (i & 0x0f); - } - - return(j); -} - - -/************************************************* -* decode quoted-printable chars * -*************************************************/ - -/* gets called when we hit a = - returns: new pointer position - result code in c: - -2 - decode error - -1 - soft line break, no char - 0-255 - char to write -*/ - -uschar *mime_decode_qp(uschar *qp_p,int *c) { - uschar hex[] = {0,0,0}; - int nan = 0; - uschar *initial_pos = qp_p; - - /* advance one char */ - qp_p++; - - REPEAT_FIRST: - if ( (*qp_p == '\t') || (*qp_p == ' ') || (*qp_p == '\r') ) { - /* tab or whitespace may follow - just ignore it, but remember - that this is not a valid hex - encoding any more */ - nan = 1; - qp_p++; - goto REPEAT_FIRST; - } - else if ( (('0' <= *qp_p) && (*qp_p <= '9')) || (('A' <= *qp_p) && (*qp_p <= 'F')) || (('a' <= *qp_p) && (*qp_p <= 'f')) ) { - /* this is a valid hex char, if nan is unset */ - if (nan) { - /* this is illegal */ - *c = -2; - return initial_pos; - } - else { - hex[0] = *qp_p; - qp_p++; - }; - } - else if (*qp_p == '\n') { - /* hit soft line break already, continue */ - *c = -1; - return qp_p; - } - else { - /* illegal char here */ - *c = -2; - return initial_pos; - }; - - if ( (('0' <= *qp_p) && (*qp_p <= '9')) || (('A' <= *qp_p) && (*qp_p <= 'F')) || (('a' <= *qp_p) && (*qp_p <= 'f')) ) { - if (hex[0] > 0) { - hex[1] = *qp_p; - /* do hex conversion */ - *c = mime_hstr_i(hex); - qp_p++; - return qp_p; - } - else { - /* huh ? */ - *c = -2; - return initial_pos; - }; - } - else { - /* illegal char */ - *c = -2; - return initial_pos; - }; - -} - - -/************************************************* -* open new dump file * -*************************************************/ - -/* open new dump file - returns: -2 soft error - or file #, FILE * in f -*/ - -int mime_get_dump_file(uschar *extension, FILE **f, uschar *info) { - uschar file_name[1024]; - int result; - unsigned int file_nr; - uschar default_extension[] = ".com"; - uschar *p; - - if (extension == NULL) - extension = default_extension; - - /* scan the proposed extension. - if it is longer than 4 chars, or - contains exotic chars, use the default extension */ - -/* if (Ustrlen(extension) > 4) { - extension = default_extension; - }; -*/ - - p = extension+1; - - while (*p != 0) { - *p = (uschar)tolower((uschar)*p); - if ( (*p < 97) || (*p > 122) ) { - extension = default_extension; - break; - }; - p++; - }; - - /* find a new file to write to */ - file_nr = 0; - do { - struct stat mystat; - - (void)string_format(file_name,1024,"%s/scan/%s/%s-%05u%s",spool_directory,message_id,message_id,file_nr,extension); - file_nr++; - if (file_nr >= MIME_SANITY_MAX_DUMP_FILES) { - /* max parts reached */ - mime_trigger_error(MIME_ERRORLEVEL_TOO_MANY_PARTS); - break; - }; - result = stat(CS file_name,&mystat); - } - while(result != -1); - - *f = modefopen(file_name,"wb+",SPOOL_MODE); - if (*f == NULL) { - /* cannot open new dump file, disk full ? -> soft error */ - (void)string_format(info, 1024,"unable to open dump file"); - return -2; - }; - - return file_nr; -} - - -/************************************************* -* Find a string in a mime header * -*************************************************/ - -/* Find a string in a mime header, and optionally fill in - the value associated with it into *value - - returns: 0 - nothing found - 1 - found param - 2 - found param + value -*/ - -int mime_header_find(uschar *header, uschar *param, uschar **value) { - uschar *needle; - - needle = strstric(header,param,FALSE); - if (needle != NULL) { - if (value != NULL) { - needle += Ustrlen(param); - if (*needle == '=') { - uschar *value_start; - uschar *value_end; - - value_start = needle + 1; - value_end = strstric(value_start,US";",FALSE); - if (value_end != NULL) { - /* allocate mem for value */ - *value = (uschar *)malloc((value_end - value_start)+1); - if (*value == NULL) - return 0; - - Ustrncpy(*value,value_start,(value_end - value_start)); - (*value)[(value_end - value_start)] = '\0'; - return 2; - }; - }; - }; - return 1; - }; - return 0; -} - - -/************************************************* -* Read a line of MIME input * -*************************************************/ -/* returns status code, one of - MIME_READ_LINE_EOF 0 - MIME_READ_LINE_OK 1 - MIME_READ_LINE_OVERFLOW 2 - - In header mode, the line will be "cooked". -*/ - -int mime_read_line(FILE *f, int mime_demux_mode, uschar *buffer, long *num_copied) { - int c = EOF; - int done = 0; - int header_value_mode = 0; - int header_open_brackets = 0; - - *num_copied = 0; - - while(!done) { - - c = fgetc(f); - if (c == EOF) break; - - /* --------- header mode -------------- */ - if (mime_demux_mode == MIME_DEMUX_MODE_MIME_HEADERS) { - - /* always skip CRs */ - if (c == '\r') continue; - - if (c == '\n') { - if ((*num_copied) > 0) { - /* look if next char is '\t' or ' ' */ - c = fgetc(f); - if (c == EOF) break; - if ( (c == '\t') || (c == ' ') ) continue; - (void)ungetc(c,f); - }; - /* end of the header, terminate with ';' */ - c = ';'; - done = 1; - }; - - /* skip control characters */ - if (c < 32) continue; - - /* skip whitespace + tabs */ - if ( (c == ' ') || (c == '\t') ) - continue; - - if (header_value_mode) { - /* --------- value mode ----------- */ - /* skip quotes */ - if (c == '"') continue; - - /* leave value mode on ';' */ - if (c == ';') { - header_value_mode = 0; - }; - /* -------------------------------- */ - } - else { - /* -------- non-value mode -------- */ - if (c == '\\') { - /* quote next char. can be used - to escape brackets. */ - c = fgetc(f); - if (c == EOF) break; - } - else if (c == '(') { - header_open_brackets++; - continue; - } - else if ((c == ')') && header_open_brackets) { - header_open_brackets--; - continue; - } - else if ( (c == '=') && !header_open_brackets ) { - /* enter value mode */ - header_value_mode = 1; - }; - - /* skip chars while we are in a comment */ - if (header_open_brackets > 0) - continue; - /* -------------------------------- */ - }; - } - /* ------------------------------------ */ - else { - /* ----------- non-header mode -------- */ - /* break on '\n' */ - if (c == '\n') - done = 1; - /* ------------------------------------ */ - }; - - /* copy the char to the buffer */ - buffer[*num_copied] = (uschar)c; - /* raise counter */ - (*num_copied)++; - - /* break if buffer is full */ - if (*num_copied > MIME_SANITY_MAX_LINE_LENGTH-1) { - done = 1; - }; - } - - /* 0-terminate */ - buffer[*num_copied] = '\0'; - - if (*num_copied > MIME_SANITY_MAX_LINE_LENGTH-1) - return MIME_READ_LINE_OVERFLOW; - else - if (c == EOF) - return MIME_READ_LINE_EOF; - else - return MIME_READ_LINE_OK; -} - - -/************************************************* -* Check for a MIME boundary * -*************************************************/ - -/* returns: 0 - no boundary found - 1 - start boundary found - 2 - end boundary found -*/ - -int mime_check_boundary(uschar *line, struct boundary *boundaries) { - struct boundary *thisboundary = boundaries; - uschar workbuf[MIME_SANITY_MAX_LINE_LENGTH+1]; - unsigned int i,j=0; - - /* check for '--' first */ - if (Ustrncmp(line,"--",2) == 0) { - - /* strip tab and space */ - for (i = 2; i < Ustrlen(line); i++) { - if ((line[i] != ' ') && (line[i] != '\t')) { - workbuf[j] = line[i]; - j++; - }; - }; - workbuf[j+1]='\0'; - - while(thisboundary != NULL) { - if (Ustrncmp(workbuf,thisboundary->boundary_string,Ustrlen(thisboundary->boundary_string)) == 0) { - if (Ustrncmp(&workbuf[Ustrlen(thisboundary->boundary_string)],"--",2) == 0) { - /* final boundary found */ - return 2; - }; - return 1; - }; - thisboundary = thisboundary->next; - }; - }; - - return 0; -} - - -/************************************************* -* Check for start of a UUENCODE block * -*************************************************/ - -/* returns 0 for no hit, - >0 for hit -*/ - -int mime_check_uu_start(uschar *line, uschar *uu_file_extension, int *has_tnef) { - - if ( (strncmpic(line,US"begin ",6) == 0)) { - uschar *uu_filename = &line[6]; - - /* skip perms, if present */ - Ustrtoul(&line[6],&uu_filename,10); - - /* advance one char */ - uu_filename++; - - /* This should be the filename. - Check if winmail.dat is present, - which indicates TNEF. */ - if (strncmpic(uu_filename,US"winmail.dat",11) == 0) { - *has_tnef = 1; - }; - - /* reverse to dot if present, - copy up to 4 chars for the extension */ - if (Ustrrchr(uu_filename,'.') != NULL) - uu_filename = Ustrrchr(uu_filename,'.'); - - return sscanf(CS uu_filename, "%4[.0-9A-Za-z]",CS uu_file_extension); - } - else { - /* nothing found */ - return 0; - }; -} - - -/************************************************* -* Decode a uu line * -*************************************************/ - -/* returns number of decoded bytes - -2 for soft errors -*/ - -int warned_about_uudec_line_sanity_1 = 0; -int warned_about_uudec_line_sanity_2 = 0; -long uu_decode_line(uschar *line, uschar **data, long line_len, uschar *info) { - uschar *p; - long num_decoded = 0; - uschar tmp_c; - uschar *work; - int uu_decoded_line_len, uu_encoded_line_len; - - /* allocate memory for data and work buffer */ - *data = (uschar *)malloc(line_len); - if (*data == NULL) { - (void)string_format(info, 1024,"unable to allocate %lu bytes",line_len); - return -2; - }; - - work = (uschar *)malloc(line_len); - if (work == NULL) { - (void)string_format(info, 1024,"unable to allocate %lu bytes",line_len); - return -2; - }; - - memcpy(work,line,line_len); - - /* First char is line length - This is microsofts way of getting it. Scary. */ - if (work[0] < 32) { - /* ignore this line */ - return 0; - } - else { - uu_decoded_line_len = uudec[work[0]]; - }; - - p = &work[1]; - - while (*p > 32) { - *p = uudec[*p]; - p++; - }; - - uu_encoded_line_len = (p - &work[1]); - p = &work[1]; - - /* check that resulting line length is a multiple of 4 */ - if ( ( uu_encoded_line_len % 4 ) != 0) { - if (!warned_about_uudec_line_sanity_1) { - mime_trigger_error(MIME_ERRORLEVEL_UU_MISALIGNED); - warned_about_uudec_line_sanity_1 = 1; - }; - return -1; - }; - - /* check that the line length matches */ - if ( ( (((uu_encoded_line_len/4)*3)-2) > uu_decoded_line_len ) || (((uu_encoded_line_len/4)*3) < uu_decoded_line_len) ) { - if (!warned_about_uudec_line_sanity_2) { - mime_trigger_error(MIME_ERRORLEVEL_UU_LINE_LENGTH); - warned_about_uudec_line_sanity_2 = 1; - }; - return -1; - }; - - while ( ((p - &work[1]) < uu_encoded_line_len) && (num_decoded < uu_decoded_line_len)) { - - /* byte 0 ---------------------- */ - if ((p - &work[1] + 1) >= uu_encoded_line_len) { - return 0; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 2; - - tmp_c = *(p+1); - tmp_c >>= 4; - (*data)[num_decoded] |= tmp_c; - - num_decoded++; - p++; - - /* byte 1 ---------------------- */ - if ((p - &work[1] + 1) >= uu_encoded_line_len) { - return 0; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 4; - - tmp_c = *(p+1); - tmp_c >>= 2; - (*data)[num_decoded] |= tmp_c; - - num_decoded++; - p++; - - /* byte 2 ---------------------- */ - if ((p - &work[1] + 1) >= uu_encoded_line_len) { - return 0; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 6; - - (*data)[num_decoded] |= *(p+1); - - num_decoded++; - p+=2; - - }; - - return uu_decoded_line_len; -} - - -/************************************************* -* Decode a b64 or qp line * -*************************************************/ - -/* returns number of decoded bytes - -1 for hard errors - -2 for soft errors -*/ - -int warned_about_b64_line_length = 0; -int warned_about_b64_line_sanity = 0; -int warned_about_b64_illegal_char = 0; -int warned_about_qp_line_sanity = 0; -long mime_decode_line(int mime_demux_mode,uschar *line, uschar **data, long max_data_len, uschar *info) { - uschar *p; - long num_decoded = 0; - int offset = 0; - uschar tmp_c; - - /* allocate memory for data */ - *data = (uschar *)malloc(max_data_len); - if (*data == NULL) { - (void)string_format(info, 1024,"unable to allocate %lu bytes",max_data_len); - return -2; - }; - - if (mime_demux_mode == MIME_DEMUX_MODE_BASE64) { - /* ---------------------------------------------- */ - - /* NULL out trailing '\r' and '\n' chars */ - while (Ustrrchr(line,'\r') != NULL) { - *(Ustrrchr(line,'\r')) = '\0'; - }; - while (Ustrrchr(line,'\n') != NULL) { - *(Ustrrchr(line,'\n')) = '\0'; - }; - - /* check maximum base 64 line length */ - if (Ustrlen(line) > MIME_SANITY_MAX_B64_LINE_LENGTH ) { - if (!warned_about_b64_line_length) { - mime_trigger_error(MIME_ERRORLEVEL_B64_LINE_LENGTH); - warned_about_b64_line_length = 1; - }; - }; - - p = line; - offset = 0; - while (*(p+offset) != '\0') { - /* hit illegal char ? */ - if (b64[*(p+offset)] == 128) { - if (!warned_about_b64_illegal_char) { - mime_trigger_error(MIME_ERRORLEVEL_B64_ILLEGAL_CHAR); - warned_about_b64_illegal_char = 1; - }; - offset++; - } - else { - *p = b64[*(p+offset)]; - p++; - }; - }; - *p = 255; - - /* check that resulting line length is a multiple of 4 */ - if ( ( (p - &line[0]) % 4 ) != 0) { - if (!warned_about_b64_line_sanity) { - mime_trigger_error(MIME_ERRORLEVEL_B64_MISALIGNED); - warned_about_b64_line_sanity = 1; - }; - }; - - /* line is translated, start bit shifting */ - p = line; - num_decoded = 0; - - while(*p != 255) { - - /* byte 0 ---------------------- */ - if (*(p+1) == 255) { - break; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 2; - - tmp_c = *(p+1); - tmp_c >>= 4; - (*data)[num_decoded] |= tmp_c; - - num_decoded++; - p++; - - /* byte 1 ---------------------- */ - if (*(p+1) == 255) { - break; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 4; - - tmp_c = *(p+1); - tmp_c >>= 2; - (*data)[num_decoded] |= tmp_c; - - num_decoded++; - p++; - - /* byte 2 ---------------------- */ - if (*(p+1) == 255) { - break; - } - - (*data)[num_decoded] = *p; - (*data)[num_decoded] <<= 6; - - (*data)[num_decoded] |= *(p+1); - - num_decoded++; - p+=2; - - }; - return num_decoded; - /* ---------------------------------------------- */ - } - else if (mime_demux_mode == MIME_DEMUX_MODE_QP) { - /* ---------------------------------------------- */ - p = line; - - while (*p != 0) { - if (*p == '=') { - int decode_qp_result; - - p = mime_decode_qp(p,&decode_qp_result); - - if (decode_qp_result == -2) { - /* Error from decoder. p is unchanged. */ - if (!warned_about_qp_line_sanity) { - mime_trigger_error(MIME_ERRORLEVEL_QP_ILLEGAL_CHAR); - warned_about_qp_line_sanity = 1; - }; - (*data)[num_decoded] = '='; - num_decoded++; - p++; - } - else if (decode_qp_result == -1) { - /* End of the line with soft line break. - Bail out. */ - goto QP_RETURN; - } - else if (decode_qp_result >= 0) { - (*data)[num_decoded] = decode_qp_result; - num_decoded++; - }; - } - else { - (*data)[num_decoded] = *p; - num_decoded++; - p++; - }; - }; - QP_RETURN: - return num_decoded; - /* ---------------------------------------------- */ - }; - - return 0; -} - - - -/************************************************* -* Log demime errors and set mime error level * -*************************************************/ - -/* This sets the global demime_reason expansion -variable and the demime_errorlevel gauge. */ - -void mime_trigger_error(int level, uschar *format, ...) { - char *f; - va_list ap; - - if( (f = malloc(16384+23)) != NULL ) { - /* first log the incident */ - sprintf(f,"demime acl condition: "); - f+=22; - va_start(ap, format); - (void)string_vformat(US f, 16383,(char *)format, ap); - va_end(ap); - f-=22; - log_write(0, LOG_MAIN, "%s", f); - /* then copy to demime_reason_buffer if new - level is greater than old level */ - if (level > demime_errorlevel) { - demime_errorlevel = level; - Ustrcpy(demime_reason_buffer, US f); - demime_reason = demime_reason_buffer; - }; - free(f); - }; -} - -/************************************************* -* Demultiplex MIME stream. * -*************************************************/ - -/* We can handle BASE64, QUOTED-PRINTABLE, and UUENCODE. - UUENCODE does not need to have a proper - transfer-encoding header, we detect it with "begin" - - This function will report human parsable errors in - *info. - - returns DEFER -> soft error (see *info) - OK -> EOF hit, all ok -*/ - -int mime_demux(FILE *f, uschar *info) { - int mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; - int uu_mode = MIME_UU_MODE_OFF; - FILE *mime_dump_file = NULL; - FILE *uu_dump_file = NULL; - uschar *line; - int mime_read_line_status = MIME_READ_LINE_OK; - long line_len; - struct boundary *boundaries = NULL; - struct mime_part mime_part_p; - int has_tnef = 0; - int has_rfc822 = 0; - - /* allocate room for our linebuffer */ - line = (uschar *)malloc(MIME_SANITY_MAX_LINE_LENGTH); - if (line == NULL) { - (void)string_format(info, 1024,"unable to allocate %u bytes",MIME_SANITY_MAX_LINE_LENGTH); - return DEFER; - }; - - /* clear MIME header structure */ - memset(&mime_part_p,0,sizeof(mime_part)); - - /* ----------------------- start demux loop --------------------- */ - while (mime_read_line_status == MIME_READ_LINE_OK) { - - /* read a line of input. Depending on the mode we are in, - the returned format will differ. */ - mime_read_line_status = mime_read_line(f,mime_demux_mode,line,&line_len); - - if (mime_read_line_status == MIME_READ_LINE_OVERFLOW) { - mime_trigger_error(MIME_ERRORLEVEL_LONG_LINE); - /* despite the error, continue .. */ - mime_read_line_status = MIME_READ_LINE_OK; - continue; - } - else if (mime_read_line_status == MIME_READ_LINE_EOF) { - break; - }; - - if (mime_demux_mode == MIME_DEMUX_MODE_MIME_HEADERS) { - /* -------------- header mode --------------------- */ - - /* Check for an empty line, which is the end of the headers. - In HEADER mode, the line is returned "cooked", with the - final '\n' replaced by a ';' */ - if (line_len == 1) { - int tmp; - - /* We have reached the end of the headers. Start decoding - with the collected settings. */ - if (mime_part_p.seen_content_transfer_encoding > 1) { - mime_demux_mode = mime_part_p.seen_content_transfer_encoding; - } - else { - /* default to plain mode if no specific encoding type found */ - mime_demux_mode = MIME_DEMUX_MODE_PLAIN; - }; - - /* open new dump file */ - tmp = mime_get_dump_file(mime_part_p.extension, &mime_dump_file, info); - if (tmp < 0) { - return DEFER; - }; - - /* clear out mime_part */ - memset(&mime_part_p,0,sizeof(mime_part)); - } - else { - /* Another header to check for file extensions, - encoding type and boundaries */ - if (strncmpic(US"content-type:",line,Ustrlen("content-type:")) == 0) { - /* ---------------------------- Content-Type header ------------------------------- */ - uschar *value = line; - - /* check for message/partial MIME type and reject it */ - if (mime_header_find(line,US"message/partial",NULL) > 0) - mime_trigger_error(MIME_ERRORLEVEL_MESSAGE_PARTIAL); - - /* check for TNEF content type, remember to unpack TNEF later. */ - if (mime_header_find(line,US"application/ms-tnef",NULL) > 0) - has_tnef = 1; - - /* check for message/rfcxxx attachments */ - if (mime_header_find(line,US"message/rfc822",NULL) > 0) - has_rfc822 = 1; - - /* find the file extension, but do not fill it in - it is already set, since content-disposition has - precedence. */ - if (mime_part_p.extension == NULL) { - if (mime_header_find(line,US"name",&value) == 2) { - if (Ustrlen(value) > MIME_SANITY_MAX_FILENAME) - mime_trigger_error(MIME_ERRORLEVEL_FILENAME_LENGTH); - mime_part_p.extension = value; - mime_part_p.extension = Ustrrchr(value,'.'); - if (mime_part_p.extension == NULL) { - /* file without extension, setting - NULL will use the default extension later */ - mime_part_p.extension = NULL; - } - else { - struct file_extension *this_extension = - (struct file_extension *)malloc(sizeof(file_extension)); - - this_extension->file_extension_string = - (uschar *)malloc(Ustrlen(mime_part_p.extension)+1); - Ustrcpy(this_extension->file_extension_string, - mime_part_p.extension+1); - this_extension->next = file_extensions; - file_extensions = this_extension; - }; - }; - }; - - /* find a boundary and add it to the list, if present */ - value = line; - if (mime_header_find(line,US"boundary",&value) == 2) { - struct boundary *thisboundary; - - if (Ustrlen(value) > MIME_SANITY_MAX_BOUNDARY_LENGTH) { - mime_trigger_error(MIME_ERRORLEVEL_BOUNDARY_LENGTH); - } - else { - thisboundary = (struct boundary*)malloc(sizeof(boundary)); - thisboundary->next = boundaries; - thisboundary->boundary_string = value; - boundaries = thisboundary; - }; - }; - - if (mime_part_p.seen_content_type == 0) { - mime_part_p.seen_content_type = 1; - } - else { - mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); - }; - /* ---------------------------------------------------------------------------- */ - } - else if (strncmpic(US"content-transfer-encoding:",line,Ustrlen("content-transfer-encoding:")) == 0) { - /* ---------------------------- Content-Transfer-Encoding header -------------- */ - - if (mime_part_p.seen_content_transfer_encoding == 0) { - if (mime_header_find(line,US"base64",NULL) > 0) { - mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_BASE64; - } - else if (mime_header_find(line,US"quoted-printable",NULL) > 0) { - mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_QP; - } - else { - mime_part_p.seen_content_transfer_encoding = MIME_DEMUX_MODE_PLAIN; - }; - } - else { - mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); - }; - /* ---------------------------------------------------------------------------- */ - } - else if (strncmpic(US"content-disposition:",line,Ustrlen("content-disposition:")) == 0) { - /* ---------------------------- Content-Disposition header -------------------- */ - uschar *value = line; - - if (mime_part_p.seen_content_disposition == 0) { - mime_part_p.seen_content_disposition = 1; - - if (mime_header_find(line,US"filename",&value) == 2) { - if (Ustrlen(value) > MIME_SANITY_MAX_FILENAME) - mime_trigger_error(MIME_ERRORLEVEL_FILENAME_LENGTH); - mime_part_p.extension = value; - mime_part_p.extension = Ustrrchr(value,'.'); - if (mime_part_p.extension == NULL) { - /* file without extension, setting - NULL will use the default extension later */ - mime_part_p.extension = NULL; - } - else { - struct file_extension *this_extension = - (struct file_extension *)malloc(sizeof(file_extension)); - - this_extension->file_extension_string = - (uschar *)malloc(Ustrlen(mime_part_p.extension)+1); - Ustrcpy(this_extension->file_extension_string, - mime_part_p.extension+1); - this_extension->next = file_extensions; - file_extensions = this_extension; - }; - }; - } - else { - mime_trigger_error(MIME_ERRORLEVEL_DOUBLE_HEADERS); - }; - /* ---------------------------------------------------------------------------- */ - }; - }; /* End of header checks */ - /* ------------------------------------------------ */ - } - else { - /* -------------- non-header mode ----------------- */ - int tmp; - - if (uu_mode == MIME_UU_MODE_OFF) { - uschar uu_file_extension[5]; - /* We are not currently decoding UUENCODE - Check for possible UUENCODE start tag. */ - if (mime_check_uu_start(line,uu_file_extension,&has_tnef)) { - /* possible UUENCODING start detected. - Set unconfirmed mode first. */ - uu_mode = MIME_UU_MODE_UNCONFIRMED; - /* open new uu dump file */ - tmp = mime_get_dump_file(uu_file_extension, &uu_dump_file, info); - if (tmp < 0) { - free(line); - return DEFER; - }; - }; - } - else { - uschar *data; - long data_len = 0; - - if (uu_mode == MIME_UU_MODE_UNCONFIRMED) { - /* We are in unconfirmed UUENCODE mode. */ - - data_len = uu_decode_line(line,&data,line_len,info); - - if (data_len == -2) { - /* temp error, turn off uudecode mode */ - if (uu_dump_file != NULL) { - (void)fclose(uu_dump_file); uu_dump_file = NULL; - }; - uu_mode = MIME_UU_MODE_OFF; - return DEFER; - } - else if (data_len == -1) { - if (uu_dump_file != NULL) { - (void)fclose(uu_dump_file); uu_dump_file = NULL; - }; - uu_mode = MIME_UU_MODE_OFF; - data_len = 0; - } - else if (data_len > 0) { - /* we have at least decoded a valid byte - turn on confirmed mode */ - uu_mode = MIME_UU_MODE_CONFIRMED; - }; - } - else if (uu_mode == MIME_UU_MODE_CONFIRMED) { - /* If we are in confirmed UU mode, - check for single "end" tag on line */ - if ((strncmpic(line,US"end",3) == 0) && (line[3] < 32)) { - if (uu_dump_file != NULL) { - (void)fclose(uu_dump_file); uu_dump_file = NULL; - }; - uu_mode = MIME_UU_MODE_OFF; - } - else { - data_len = uu_decode_line(line,&data,line_len,info); - if (data_len == -2) { - /* temp error, turn off uudecode mode */ - if (uu_dump_file != NULL) { - (void)fclose(uu_dump_file); uu_dump_file = NULL; - }; - uu_mode = MIME_UU_MODE_OFF; - return DEFER; - } - else if (data_len == -1) { - /* skip this line */ - data_len = 0; - }; - }; - }; - - /* write data to dump file, if available */ - if (data_len > 0) { - if (fwrite(data,1,data_len,uu_dump_file) < data_len) { - /* short write */ - (void)string_format(info, 1024,"short write on uudecode dump file"); - free(line); - return DEFER; - }; - }; - }; - - if (mime_demux_mode != MIME_DEMUX_MODE_SCANNING) { - /* Non-scanning and Non-header mode. That means - we are currently decoding data to the dump - file. */ - - /* Check for a known boundary. */ - tmp = mime_check_boundary(line,boundaries); - if (tmp == 1) { - /* We have hit a known start boundary. - That will put us back in header mode. */ - mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; - if (mime_dump_file != NULL) { - /* if the attachment was a RFC822 message, recurse into it */ - if (has_rfc822) { - has_rfc822 = 0; - rewind(mime_dump_file); - mime_demux(mime_dump_file,info); - }; - - (void)fclose(mime_dump_file); mime_dump_file = NULL; - }; - } - else if (tmp == 2) { - /* We have hit a known end boundary. - That puts us into scanning mode, which will end when we hit another known start boundary */ - mime_demux_mode = MIME_DEMUX_MODE_SCANNING; - if (mime_dump_file != NULL) { - /* if the attachment was a RFC822 message, recurse into it */ - if (has_rfc822) { - has_rfc822 = 0; - rewind(mime_dump_file); - mime_demux(mime_dump_file,info); - }; - - (void)fclose(mime_dump_file); mime_dump_file = NULL; - }; - } - else { - uschar *data; - long data_len = 0; - - /* decode the line with the appropriate method */ - if (mime_demux_mode == MIME_DEMUX_MODE_PLAIN) { - /* in plain mode, just dump the line */ - data = line; - data_len = line_len; - } - else if ( (mime_demux_mode == MIME_DEMUX_MODE_QP) || (mime_demux_mode == MIME_DEMUX_MODE_BASE64) ) { - data_len = mime_decode_line(mime_demux_mode,line,&data,line_len,info); - if (data_len < 0) { - /* Error reported from the line decoder. */ - data_len = 0; - }; - }; - - /* write data to dump file */ - if (data_len > 0) { - if (fwrite(data,1,data_len,mime_dump_file) < data_len) { - /* short write */ - (void)string_format(info, 1024,"short write on dump file"); - free(line); - return DEFER; - }; - }; - - }; - } - else { - /* Scanning mode. We end up here after a end boundary. - This will usually be at the end of a message or at - the end of a MIME container. - We need to look for another start boundary to get - back into header mode. */ - if (mime_check_boundary(line,boundaries) == 1) { - mime_demux_mode = MIME_DEMUX_MODE_MIME_HEADERS; - }; - - }; - /* ------------------------------------------------ */ - }; - }; - /* ----------------------- end demux loop ----------------------- */ - - /* close files, they could still be open */ - if (mime_dump_file != NULL) - (void)fclose(mime_dump_file); - if (uu_dump_file != NULL) - (void)fclose(uu_dump_file); - - /* release line buffer */ - free(line); - - /* FIXME: release boundary buffers. - Not too much of a problem since - this instance of exim is not resident. */ - - if (has_tnef) { - uschar file_name[1024]; - /* at least one file could be TNEF encoded. - attempt to send all decoded files thru the TNEF decoder */ - - (void)string_format(file_name,1024,"%s/scan/%s",spool_directory,message_id); - /* Removed FTTB. We need to decide on TNEF inclusion */ - /* mime_unpack_tnef(file_name); */ - }; - - return 0; -} - -#endif diff --git a/src/src/demime.h b/src/src/demime.h deleted file mode 100644 index 0fec5be0c..000000000 --- a/src/src/demime.h +++ /dev/null @@ -1,134 +0,0 @@ -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-???? */ -/* License: GPL */ - -/* demime defines */ - -#ifdef WITH_OLD_DEMIME - -#define MIME_DEMUX_MODE_SCANNING 0 -#define MIME_DEMUX_MODE_MIME_HEADERS 1 -#define MIME_DEMUX_MODE_BASE64 2 -#define MIME_DEMUX_MODE_QP 3 -#define MIME_DEMUX_MODE_PLAIN 4 - -#define MIME_UU_MODE_OFF 0 -#define MIME_UU_MODE_UNCONFIRMED 1 -#define MIME_UU_MODE_CONFIRMED 2 - -#define MIME_MAX_EXTENSION 128 - -#define MIME_READ_LINE_EOF 0 -#define MIME_READ_LINE_OK 1 -#define MIME_READ_LINE_OVERFLOW 2 - -#define MIME_SANITY_MAX_LINE_LENGTH 131071 -#define MIME_SANITY_MAX_FILENAME 512 -#define MIME_SANITY_MAX_HEADER_OPTION_VALUE 1024 -#define MIME_SANITY_MAX_B64_LINE_LENGTH 76 -#define MIME_SANITY_MAX_BOUNDARY_LENGTH 1024 -#define MIME_SANITY_MAX_DUMP_FILES 1024 - - - -/* MIME errorlevel settings */ - -#define MIME_ERRORLEVEL_LONG_LINE 3,US"line length in message or single header size exceeds %u bytes",MIME_SANITY_MAX_LINE_LENGTH -#define MIME_ERRORLEVEL_TOO_MANY_PARTS 3,US"too many MIME parts (max %u)",MIME_SANITY_MAX_DUMP_FILES -#define MIME_ERRORLEVEL_MESSAGE_PARTIAL 3,US"'message/partial' MIME type" -#define MIME_ERRORLEVEL_FILENAME_LENGTH 3,US"proposed filename exceeds %u characters",MIME_SANITY_MAX_FILENAME -#define MIME_ERRORLEVEL_BOUNDARY_LENGTH 3,US"boundary length exceeds %u characters",MIME_SANITY_MAX_BOUNDARY_LENGTH -#define MIME_ERRORLEVEL_DOUBLE_HEADERS 2,US"double headers (content-type, content-disposition or content-transfer-encoding)" -#define MIME_ERRORLEVEL_UU_MISALIGNED 1,US"uuencoded line length is not a multiple of 4 characters" -#define MIME_ERRORLEVEL_UU_LINE_LENGTH 1,US"uuencoded line length does not match advertised number of bytes" -#define MIME_ERRORLEVEL_B64_LINE_LENGTH 1,US"base64 line length exceeds %u characters",MIME_SANITY_MAX_B64_LINE_LENGTH -#define MIME_ERRORLEVEL_B64_ILLEGAL_CHAR 2,US"base64 line contains illegal character" -#define MIME_ERRORLEVEL_B64_MISALIGNED 1,US"base64 line length is not a multiple of 4 characters" -#define MIME_ERRORLEVEL_QP_ILLEGAL_CHAR 1,US"quoted-printable encoding contains illegal character" - - -/* demime structures */ - -typedef struct mime_part { - /* true if there was a content-type header */ - int seen_content_type; - /* true if there was a content-transfer-encoding header - contains the encoding type */ - int seen_content_transfer_encoding; - /* true if there was a content-disposition header */ - int seen_content_disposition; - /* pointer to a buffer with the proposed file extension */ - uschar *extension; -} mime_part; - -typedef struct boundary { - struct boundary *next; - uschar *boundary_string; -} boundary; - -typedef struct file_extension { - struct file_extension *next; - uschar *file_extension_string; -} file_extension; - -/* demime.c prototypes */ - -unsigned int mime_hstr_i(uschar *); -uschar *mime_decode_qp(uschar *, int *); -int mime_get_dump_file(uschar *, FILE **, uschar *); -int mime_header_find(uschar *, uschar *, uschar **); -int mime_read_line(FILE *, int, uschar *, long *); -int mime_check_boundary(uschar *, struct boundary *); -int mime_check_uu_start(uschar *, uschar *, int *); -long uu_decode_line(uschar *, uschar **, long, uschar *); -long mime_decode_line(int ,uschar *, uschar **, long, uschar *); -void mime_trigger_error(int, uschar *, ...); -int mime_demux(FILE *, uschar *); - - - -/* BASE64 decoder matrix */ -static unsigned char b64[256]={ -/* 0 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, -/* 16 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, -/* 32 */ 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 62, 128, 128, 128, 63, -/* 48 */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 128, 128, 128, 255, 128, 128, -/* 64 */ 128, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, -/* 80 */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 128, 128, 128, 128, 128, -/* 96 */ 128, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128 -}; - - -/* Microsoft-Style uudecode matrix */ -static unsigned char uudec[256]={ -/* 0 */ 0, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, -/* 16 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -/* 32 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, -/* 48 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, -/* 64 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, -/* 80 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -/* 96 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, -/* 112 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, -/* 128 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, -/* 144 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -/* 160 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, -/* 176 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, -/* 192 */ 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, -/* 208 */ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -/* 224 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, -/* 240 */ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 -}; - -#endif diff --git a/src/src/dkim.c b/src/src/dkim.c index 349947ab1..3fa11c800 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge, 1995 - 2015 */ +/* Copyright (c) University of Cambridge, 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for DKIM support. Other DKIM relevant code is in @@ -14,6 +14,7 @@ #include "pdkim/pdkim.h" +int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; pdkim_signature *dkim_signatures = NULL; pdkim_signature *dkim_cur_sig = NULL; @@ -27,7 +28,7 @@ dns_record *rr; lookup_dnssec_authenticated = NULL; if (dns_lookup(&dnsa, US name, T_TXT, NULL) != DNS_SUCCEED) - return PDKIM_FAIL; + return PDKIM_FAIL; /*XXX better error detail? logging? */ /* Search for TXT record */ @@ -50,12 +51,12 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr_offset += len; answer_offset += len; if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) - return PDKIM_FAIL; + return PDKIM_FAIL; /*XXX better error detail? logging? */ } return PDKIM_OK; } -return PDKIM_FAIL; +return PDKIM_FAIL; /*XXX better error detail? logging? */ } @@ -66,9 +67,17 @@ pdkim_init(); } + void -dkim_exim_verify_init(void) +dkim_exim_verify_init(BOOL dot_stuffing) { +/* There is a store-reset between header & body reception +so cannot use the main pool. Any allocs done by Exim +memory-handling must use the perm pool. */ + +dkim_verify_oldpool = store_pool; +store_pool = POOL_PERM; + /* Free previous context if there is one */ if (dkim_verify_ctx) @@ -76,17 +85,30 @@ if (dkim_verify_ctx) /* Create new context */ -dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt); +dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing); dkim_collect_input = !!dkim_verify_ctx; + +/* Start feed up with any cached data */ +receive_get_cache(); + +store_pool = dkim_verify_oldpool; } void dkim_exim_verify_feed(uschar * data, int len) { +int rc; + +store_pool = POOL_PERM; if ( dkim_collect_input - && pdkim_feed(dkim_verify_ctx, (char *)data, len) != PDKIM_OK) + && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK) + { + log_write(0, LOG_MAIN, + "DKIM: validation error: %.100s", pdkim_errstr(rc)); dkim_collect_input = FALSE; + } +store_pool = dkim_verify_oldpool; } @@ -97,6 +119,9 @@ pdkim_signature *sig = NULL; int dkim_signers_size = 0; int dkim_signers_ptr = 0; dkim_signers = NULL; +int rc; + +store_pool = POOL_PERM; /* Delete eventual previous signature chain */ @@ -112,15 +137,19 @@ if (!dkim_collect_input) "DKIM: Error while running this message through validation," " disabling signature verification."); dkim_disable_verify = TRUE; - return; + goto out; } dkim_collect_input = FALSE; /* Finish DKIM operation and fetch link to signatures chain */ -if (pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures) != PDKIM_OK) - return; +if ((rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures)) != PDKIM_OK) + { + log_write(0, LOG_MAIN, + "DKIM: validation error: %.100s", pdkim_errstr(rc)); + goto out; + } for (sig = dkim_signatures; sig; sig = sig->next) { @@ -133,10 +162,12 @@ for (sig = dkim_signatures; sig; sig = sig->next) string_sprintf("d=%s s=%s c=%s/%s a=%s b=%d ", sig->domain, sig->selector, - sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->algo == PDKIM_ALGO_RSA_SHA256 ? "rsa-sha256" : "rsa-sha1", - sig->sigdata.len * 8 + sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + sig->algo == PDKIM_ALGO_RSA_SHA256 + ? "rsa-sha256" + : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err", + (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0 ), sig->identity ? string_sprintf("i=%s ", sig->identity) : US"", @@ -171,6 +202,16 @@ for (sig = dkim_signatures; sig; sig = sig->next) "syntax error in public key record]"); break; + case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: + logmsg = string_append(logmsg, &size, &ptr, 1, + "signature tag missing or invalid]"); + break; + + case PDKIM_VERIFY_INVALID_DKIM_VERSION: + logmsg = string_append(logmsg, &size, &ptr, 1, + "unsupported DKIM version]"); + break; + default: logmsg = string_append(logmsg, &size, &ptr, 1, "unspecified problem]"); @@ -228,6 +269,9 @@ if (dkim_signers) if (Ustrlen(dkim_signers) > 0) dkim_signers[Ustrlen(dkim_signers) - 1] = '\0'; } + +out: +store_pool = dkim_verify_oldpool; } @@ -416,10 +460,9 @@ switch (what) uschar * -dkim_exim_sign(int dkim_fd, uschar * dkim_private_key, - const uschar * dkim_domain, uschar * dkim_selector, - uschar * dkim_canon, uschar * dkim_sign_headers) +dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim) { +const uschar * dkim_domain; int sep = 0; uschar *seen_items = NULL; int seen_items_size = 0; @@ -443,13 +486,12 @@ int old_pool = store_pool; store_pool = POOL_MAIN; -if (!(dkim_domain = expand_cstring(dkim_domain))) +if (!(dkim_domain = expand_cstring(dkim->dkim_domain))) { /* expansion error, do not send message. */ log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand " "dkim_domain: %s", expand_string_message); - rc = NULL; - goto CLEANUP; + goto bad; } /* Set $dkim_domain expansion variable to each unique domain in list. */ @@ -482,24 +524,23 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, /* Set up $dkim_selector expansion variable. */ - if (!(dkim_signing_selector = expand_string(dkim_selector))) + if (!(dkim_signing_selector = expand_string(dkim->dkim_selector))) { log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand " "dkim_selector: %s", expand_string_message); - rc = NULL; - goto CLEANUP; + goto bad; } /* Get canonicalization to use */ - dkim_canon_expanded = dkim_canon ? expand_string(dkim_canon) : US"relaxed"; + dkim_canon_expanded = dkim->dkim_canon + ? expand_string(dkim->dkim_canon) : US"relaxed"; if (!dkim_canon_expanded) { /* expansion error, do not send message. */ log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand " "dkim_canon: %s", expand_string_message); - rc = NULL; - goto CLEANUP; + goto bad; } if (Ustrcmp(dkim_canon_expanded, "relaxed") == 0) @@ -515,24 +556,22 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, } dkim_sign_headers_expanded = NULL; - if (dkim_sign_headers) - if (!(dkim_sign_headers_expanded = expand_string(dkim_sign_headers))) + if (dkim->dkim_sign_headers) + if (!(dkim_sign_headers_expanded = expand_string(dkim->dkim_sign_headers))) { log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand " "dkim_sign_headers: %s", expand_string_message); - rc = NULL; - goto CLEANUP; + goto bad; } /* else pass NULL, which means default header list */ /* Get private key to use. */ - if (!(dkim_private_key_expanded = expand_string(dkim_private_key))) + if (!(dkim_private_key_expanded = expand_string(dkim->dkim_private_key))) { log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand " "dkim_private_key: %s", expand_string_message); - rc = NULL; - goto CLEANUP; + goto bad; } if ( Ustrlen(dkim_private_key_expanded) == 0 @@ -548,62 +587,53 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, /* Looks like a filename, load the private key. */ memset(big_buffer, 0, big_buffer_size); - privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY); - if (privkey_fd < 0) + + if ((privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY)) < 0) { log_write(0, LOG_MAIN | LOG_PANIC, "unable to open " "private key file for reading: %s", dkim_private_key_expanded); - rc = NULL; - goto CLEANUP; + goto bad; } if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0) { log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", dkim_private_key_expanded); - rc = NULL; - goto CLEANUP; + goto bad; } (void) close(privkey_fd); dkim_private_key_expanded = big_buffer; } - ctx = pdkim_init_sign( (char *) dkim_signing_domain, - (char *) dkim_signing_selector, - (char *) dkim_private_key_expanded, - PDKIM_ALGO_RSA_SHA256); + ctx = pdkim_init_sign( CS dkim_signing_domain, + CS dkim_signing_selector, + CS dkim_private_key_expanded, + PDKIM_ALGO_RSA_SHA256, + dkim->dot_stuffed); pdkim_set_optional(ctx, - (char *) dkim_sign_headers_expanded, + CS dkim_sign_headers_expanded, NULL, pdkim_canon, pdkim_canon, -1, 0, 0); lseek(dkim_fd, 0, SEEK_SET); - while ((sread = read(dkim_fd, &buf, 4096)) > 0) - if (pdkim_feed(ctx, buf, sread) != PDKIM_OK) - { - rc = NULL; - goto CLEANUP; - } + while ((sread = read(dkim_fd, &buf, sizeof(buf))) > 0) + if ((pdkim_rc = pdkim_feed(ctx, buf, sread)) != PDKIM_OK) + goto pk_bad; /* Handle failed read above. */ if (sread == -1) { debug_printf("DKIM: Error reading -K file.\n"); save_errno = errno; - rc = NULL; - goto CLEANUP; + goto bad; } if ((pdkim_rc = pdkim_feed_finish(ctx, &signature)) != PDKIM_OK) - { - log_write(0, LOG_MAIN|LOG_PANIC, "DKIM: signing failed (RC %d)", pdkim_rc); - rc = NULL; - goto CLEANUP; - } + goto pk_bad; sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2, US signature->signature_header, US"\r\n"); @@ -621,11 +651,18 @@ else rc = US""; CLEANUP: -if (ctx) - pdkim_free_ctx(ctx); -store_pool = old_pool; -errno = save_errno; -return rc; + if (ctx) + pdkim_free_ctx(ctx); + store_pool = old_pool; + errno = save_errno; + return rc; + +pk_bad: + log_write(0, LOG_MAIN|LOG_PANIC, + "DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc)); +bad: + rc = NULL; + goto CLEANUP; } #endif diff --git a/src/src/dkim.h b/src/src/dkim.h index 1655f8e45..8474962fc 100644 --- a/src/src/dkim.h +++ b/src/src/dkim.h @@ -2,12 +2,12 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge, 1995 - 2015 */ +/* Copyright (c) University of Cambridge, 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ void dkim_exim_init(void); -uschar *dkim_exim_sign(int, uschar *, const uschar *, uschar *, uschar *, uschar *); -void dkim_exim_verify_init(void); +uschar *dkim_exim_sign(int, struct ob_dkim *); +void dkim_exim_verify_init(BOOL); void dkim_exim_verify_feed(uschar *, int); void dkim_exim_verify_finish(void); void dkim_exim_acl_setup(uschar *); diff --git a/src/src/dmarc.c b/src/src/dmarc.c index 769e4d40e..c005d4ab9 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -57,7 +57,7 @@ static dmarc_exim_p dmarc_policy_description[] = { static error_block * add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) { -error_block *eb = malloc(sizeof(error_block)); +error_block *eb = store_malloc(sizeof(error_block)); if (eblock == NULL) eblock = eb; else @@ -150,6 +150,63 @@ int dmarc_store_data(header_line *hdr) { } +static void +dmarc_send_forensic_report(u_char **ruf) +{ +int c; +uschar *recipient, *save_sender; +BOOL send_status = FALSE; +error_block *eblock = NULL; +FILE *message_file = NULL; + +/* Earlier ACL does not have *required* control=dmarc_enable_forensic */ +if (!dmarc_enable_forensic) + return; + +if ( dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT + || dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE + || dmarc_policy == DMARC_POLICY_NONE && action == DMARC_RESULT_REJECT + || dmarc_policy == DMARC_POLICY_NONE && action == DMARC_RESULT_QUARANTINE + ) + if (ruf) + { + eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); + eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); + eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); + eblock = add_to_eblock(eblock, US"SPF Alignment", + (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); + eblock = add_to_eblock(eblock, US"DKIM Alignment", + (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); + eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); + /* Set a sane default envelope sender */ + dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : + dsn_from ? dsn_from : + string_sprintf("do-not-reply@%s",primary_hostname); + for (c = 0; ruf[c]; c++) + { + recipient = string_copylc(ruf[c]); + if (Ustrncmp(recipient, "mailto:",7)) + continue; + /* Move to first character past the colon */ + recipient += 7; + DEBUG(D_receive) + debug_printf("DMARC forensic report to %s%s\n", recipient, + (host_checking || running_in_test_harness) ? " (not really)" : ""); + if (host_checking || running_in_test_harness) + continue; + + save_sender = sender_address; + sender_address = recipient; + send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, + header_list, message_file, FALSE); + sender_address = save_sender; + if (!send_status) + log_write(0, LOG_MAIN|LOG_PANIC, + "failure to send DMARC forensic report to %s", recipient); + } + } +} + /* dmarc_process adds the envelope sender address to the existing context (if any), retrieves the result, sets up expansion strings and evaluates the condition outcome. */ @@ -295,7 +352,8 @@ if (!dmarc_abort && !sender_host_authenticated) vs == PDKIM_VERIFY_INVALID ? ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR : ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR : - ves == PDKIM_VERIFY_INVALID_PUBKEY_PARSING ? ARES_RESULT_PERMERROR : + ves == PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD ? ARES_RESULT_PERMERROR : + ves == PDKIM_VERIFY_INVALID_PUBKEY_IMPORT ? ARES_RESULT_PERMERROR : ARES_RESULT_UNKNOWN : ARES_RESULT_UNKNOWN; dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer, @@ -517,60 +575,6 @@ else return DMARC_HIST_OK; } -void -dmarc_send_forensic_report(u_char **ruf) -{ -int c; -uschar *recipient, *save_sender; -BOOL send_status = FALSE; -error_block *eblock = NULL; -FILE *message_file = NULL; - -/* Earlier ACL does not have *required* control=dmarc_enable_forensic */ -if (!dmarc_enable_forensic) - return; - -if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) || - (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) ) - if (ruf) - { - eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); - eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); - eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); - eblock = add_to_eblock(eblock, US"SPF Alignment", - (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); - eblock = add_to_eblock(eblock, US"DKIM Alignment", - (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); - eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); - /* Set a sane default envelope sender */ - dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : - dsn_from ? dsn_from : - string_sprintf("do-not-reply@%s",primary_hostname); - for (c = 0; ruf[c]; c++) - { - recipient = string_copylc(ruf[c]); - if (Ustrncmp(recipient, "mailto:",7)) - continue; - /* Move to first character past the colon */ - recipient += 7; - DEBUG(D_receive) - debug_printf("DMARC forensic report to %s%s\n", recipient, - (host_checking || running_in_test_harness) ? " (not really)" : ""); - if (host_checking || running_in_test_harness) - continue; - - save_sender = sender_address; - sender_address = recipient; - send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, - header_list, message_file, FALSE); - sender_address = save_sender; - if (!send_status) - log_write(0, LOG_MAIN|LOG_PANIC, - "failure to send DMARC forensic report to %s", recipient); - } - } -} - uschar * dmarc_exim_expand_query(int what) { diff --git a/src/src/dmarc.h b/src/src/dmarc.h index 63d451c5d..78e2a5b7b 100644 --- a/src/src/dmarc.h +++ b/src/src/dmarc.h @@ -24,7 +24,6 @@ uschar *dmarc_exim_expand_query(int); uschar *dmarc_exim_expand_defaults(int); uschar *dmarc_auth_results_header(header_line *,uschar *); int dmarc_write_history_file(); -void dmarc_send_forensic_report(u_char **); #define DMARC_AR_HEADER US"Authentication-Results:" #define DMARC_VERIFY_STATUS 1 diff --git a/src/src/dns.c b/src/src/dns.c index bb6693254..fc0ffb2ba 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for interfacing with the DNS. */ @@ -309,7 +309,7 @@ else Return: TRUE for a bad result */ static BOOL -dnss_inc(dns_answer * dnsa, dns_scan * dnss, unsigned delta) +dnss_inc_aptr(const dns_answer * dnsa, dns_scan * dnss, unsigned delta) { return (dnss->aptr += delta) >= dnsa->answer + dnsa->answerlen; } @@ -332,9 +332,9 @@ Returns: next dns record, or NULL when no more */ dns_record * -dns_next_rr(dns_answer *dnsa, dns_scan *dnss, int reset) +dns_next_rr(const dns_answer *dnsa, dns_scan *dnss, int reset) { -HEADER *h = (HEADER *)dnsa->answer; +const HEADER * h = (const HEADER *)dnsa->answer; int namelen; char * trace = NULL; @@ -363,7 +363,7 @@ if (reset != RESET_NEXT) if (namelen < 0) goto null_return; /* skip name & type & class */ TRACE trace = "Q-skip"; - if (dnss_inc(dnsa, dnss, namelen+4)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, namelen+4)) goto null_return; } /* Get the number of answer records. */ @@ -392,11 +392,11 @@ if (reset != RESET_NEXT) if (namelen < 0) goto null_return; /* skip name, type, class & TTL */ TRACE trace = "A-hdr"; - if (dnss_inc(dnsa, dnss, namelen+8)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, namelen+8)) goto null_return; GETSHORT(dnss->srr.size, dnss->aptr); /* size of data portion */ /* skip over it */ TRACE trace = "A-skip"; - if (dnss_inc(dnsa, dnss, dnss->srr.size)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, dnss->srr.size)) goto null_return; } dnss->rrcount = reset == RESET_AUTHORITY ? ntohs(h->nscount) : ntohs(h->arcount); @@ -423,11 +423,11 @@ if (namelen < 0) goto null_return; from the following bytes. */ TRACE trace = "R-name"; -if (dnss_inc(dnsa, dnss, namelen)) goto null_return; +if (dnss_inc_aptr(dnsa, dnss, namelen)) goto null_return; GETSHORT(dnss->srr.type, dnss->aptr); /* Record type */ TRACE trace = "R-class"; -if (dnss_inc(dnsa, dnss, 2)) goto null_return; /* Don't want class */ +if (dnss_inc_aptr(dnsa, dnss, 2)) goto null_return; /* Don't want class */ GETLONG(dnss->srr.ttl, dnss->aptr); /* TTL */ GETSHORT(dnss->srr.size, dnss->aptr); /* Size of data portion */ dnss->srr.data = dnss->aptr; /* The record's data follows */ @@ -450,29 +450,30 @@ null_return: } -/* Extract the AUTHORITY information from the answer. If the -answer isn't authoritive (AA not set), we do not extract anything. +/* Extract the AUTHORITY information from the answer. If the answer isn't +authoritive (AA not set), we do not extract anything. -The AUTHORITIVE section contains NS records if -the name in question was found, it contains a SOA record -otherwise. (This is just from experience and some tests, is there -some spec?) +The AUTHORITIVE section contains NS records if the name in question was found, +it contains a SOA record otherwise. (This is just from experience and some +tests, is there some spec?) -We've cycle through the AUTHORITY section, since it may contain -other records (e.g. NSEC3) too. */ +Scan the whole AUTHORITY section, since it may contain other records +(e.g. NSEC3) too. + +Return: name for the authority, in an allocated string, or NULL if none found */ static const uschar * dns_extract_auth_name(const dns_answer * dnsa) /* FIXME: const dns_answer */ { dns_scan dnss; dns_record * rr; -HEADER * h = (HEADER *) dnsa->answer; +const HEADER * h = (const HEADER *) dnsa->answer; -if (!h->nscount || !h->aa) return NULL; -for (rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_AUTHORITY); - rr; - rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_NEXT)) - if (rr->type == (h->ancount ? T_NS : T_SOA)) return rr->name; +if (h->nscount && h->aa) + for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + if (rr->type == (h->ancount ? T_NS : T_SOA)) + return string_copy(rr->name); return NULL; } @@ -499,7 +500,7 @@ DEBUG(D_dns) debug_printf("DNSSEC support disabled at build-time; dns_is_secure() false\n"); return FALSE; #else -HEADER * h = (HEADER *) dnsa->answer; +const HEADER * h = (const HEADER *) dnsa->answer; const uschar * auth_name; const uschar * trusted; @@ -534,7 +535,7 @@ dns_set_insecure(dns_answer * dnsa) { #ifndef DISABLE_DNSSEC HEADER * h = (HEADER *)dnsa->answer; -h->ad = 0; +h->aa = h->ad = 0; #endif } @@ -550,7 +551,7 @@ dns_is_aa(const dns_answer *dnsa) #ifdef DISABLE_DNSSEC return FALSE; #else -return ((HEADER*)dnsa->answer)->aa; +return ((const HEADER*)dnsa->answer)->aa; #endif } @@ -663,8 +664,7 @@ caching for successful lookups. */ sprintf(CS node_name, "%.255s-%s-%lx", name, dns_text_type(type), (unsigned long) resp->options); -previous = tree_search(tree_dns_fails, node_name); -if (previous != NULL) +if ((previous = tree_search(tree_dns_fails, node_name))) { DEBUG(D_dns) debug_printf("DNS lookup of %.255s-%s: using cached value %s\n", name, dns_text_type(type), @@ -769,48 +769,48 @@ if (dnsa->answerlen > MAXPACKET) if (dnsa->answerlen < 0) switch (h_errno) { case HOST_NOT_FOUND: - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave HOST_NOT_FOUND\n" - "returning DNS_NOMATCH\n", name, dns_text_type(type)); - return dns_return(name, type, DNS_NOMATCH); + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave HOST_NOT_FOUND\n" + "returning DNS_NOMATCH\n", name, dns_text_type(type)); + return dns_return(name, type, DNS_NOMATCH); case TRY_AGAIN: - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n", - name, dns_text_type(type)); + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n", + name, dns_text_type(type)); - /* Cut this out for various test programs */ + /* Cut this out for various test programs */ #ifndef STAND_ALONE - save_domain = deliver_domain; - deliver_domain = string_copy(name); /* set $domain */ - rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); - deliver_domain = save_domain; - if (rc != OK) - { - DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n"); - return dns_return(name, type, DNS_AGAIN); - } - DEBUG(D_dns) debug_printf("%s is in dns_again_means_nonexist: returning " - "DNS_NOMATCH\n", name); - return dns_return(name, type, DNS_NOMATCH); + save_domain = deliver_domain; + deliver_domain = string_copy(name); /* set $domain */ + rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL, + MCL_DOMAIN, TRUE, NULL); + deliver_domain = save_domain; + if (rc != OK) + { + DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n"); + return dns_return(name, type, DNS_AGAIN); + } + DEBUG(D_dns) debug_printf("%s is in dns_again_means_nonexist: returning " + "DNS_NOMATCH\n", name); + return dns_return(name, type, DNS_NOMATCH); #else /* For stand-alone tests */ - return dns_return(name, type, DNS_AGAIN); + return dns_return(name, type, DNS_AGAIN); #endif case NO_RECOVERY: - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_RECOVERY\n" - "returning DNS_FAIL\n", name, dns_text_type(type)); - return dns_return(name, type, DNS_FAIL); + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_RECOVERY\n" + "returning DNS_FAIL\n", name, dns_text_type(type)); + return dns_return(name, type, DNS_FAIL); case NO_DATA: - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_DATA\n" - "returning DNS_NODATA\n", name, dns_text_type(type)); - return dns_return(name, type, DNS_NODATA); + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_DATA\n" + "returning DNS_NODATA\n", name, dns_text_type(type)); + return dns_return(name, type, DNS_NODATA); default: - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave unknown DNS error %d\n" - "returning DNS_FAIL\n", name, dns_text_type(type), h_errno); - return dns_return(name, type, DNS_FAIL); + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave unknown DNS error %d\n" + "returning DNS_FAIL\n", name, dns_text_type(type), h_errno); + return dns_return(name, type, DNS_FAIL); } DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) succeeded\n", @@ -868,14 +868,15 @@ BOOL secure_so_far = TRUE; for (i = 0; i < 10; i++) { - uschar data[256]; + uschar * data; dns_record *rr, cname_rr, type_rr; dns_scan dnss; int datalen, rc; /* DNS lookup failures get passed straight back. */ - if ((rc = dns_basic_lookup(dnsa, name, type)) != DNS_SUCCEED) return rc; + if ((rc = dns_basic_lookup(dnsa, name, type)) != DNS_SUCCEED) + return rc; /* We should have either records of the required type, or a CNAME record, or both. We need to know whether both exist for getting the fully qualified @@ -885,24 +886,22 @@ for (i = 0; i < 10; i++) cname_rr.data = type_rr.data = NULL; for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); - rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) - { + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type) { if (type_rr.data == NULL) type_rr = *rr; if (cname_rr.data != NULL) break; } - else if (rr->type == T_CNAME) cname_rr = *rr; - } + else if (rr->type == T_CNAME) + cname_rr = *rr; /* For the first time round this loop, if a CNAME was found, take the fully qualified name from it; otherwise from the first data record, if present. */ - if (i == 0 && fully_qualified_name != NULL) + if (i == 0 && fully_qualified_name) { - uschar * rr_name = cname_rr.data ? cname_rr.name - : type_rr.data ? type_rr.name : NULL; + uschar * rr_name = cname_rr.data + ? cname_rr.name : type_rr.data ? type_rr.name : NULL; if ( rr_name && Ustrcmp(rr_name, *fully_qualified_name) != 0 && rr_name[0] != '*' @@ -918,7 +917,7 @@ for (i = 0; i < 10; i++) /* If any data records of the correct type were found, we are done. */ - if (type_rr.data != NULL) + if (type_rr.data) { if (!secure_so_far) /* mark insecure if any element of CNAME chain was */ dns_set_insecure(dnsa); @@ -930,10 +929,13 @@ for (i = 0; i < 10; i++) have had a failure from dns_lookup). However code against the possibility of its not existing. */ - if (cname_rr.data == NULL) return DNS_FAIL; - datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, sizeof(data)); - if (datalen < 0) return DNS_FAIL; + if (!cname_rr.data) + return DNS_FAIL; + + data = store_get(256); + if ((datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256)) < 0) + return DNS_FAIL; name = data; if (!dns_is_secure(dnsa)) @@ -1080,7 +1082,7 @@ switch (type) success and packet length return values.) For added safety we only reset the packet length if the packet header looks plausible. */ - HEADER *h = (HEADER *)dnsa->answer; + const HEADER * h = (const HEADER *)dnsa->answer; if (h->qr == 1 && h->opcode == QUERY && h->tc == 0 && (h->rcode == NOERROR || h->rcode == NXDOMAIN) && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0 @@ -1088,8 +1090,7 @@ switch (type) dnsa->answerlen = MAXPACKET; for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); - rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) ) if (rr->type != T_SOA) continue; else if (strcmpic(rr->name, US"") == 0 || @@ -1124,13 +1125,11 @@ switch (type) might make stricter assertions than its parent domain. */ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); - rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV) { - if (rr->type != T_SRV) continue; + const uschar * p = rr->data; /* Extract the numerical SRV fields (p is incremented) */ - p = rr->data; GETSHORT(priority, p); GETSHORT(weight, p); weight = weight; /* compiler quietening */ GETSHORT(port, p); diff --git a/src/src/drtables.c b/src/src/drtables.c index f6629634d..a3fa328b9 100644 --- a/src/src/drtables.c +++ b/src/src/drtables.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -228,6 +228,10 @@ exim binary. */ #include "transports/pipe.h" #endif +#ifdef EXPERIMENTAL_QUEUEFILE +#include "transports/queuefile.h" +#endif + #ifdef TRANSPORT_SMTP #include "transports/smtp.h" #endif @@ -389,6 +393,20 @@ transport_info transports_available[] = { TRUE /* local flag */ }, #endif +#ifdef EXPERIMENTAL_QUEUEFILE + { + US"queuefile", /* driver name */ + queuefile_transport_options, /* local options table */ + &queuefile_transport_options_count, /* number of entries */ + &queuefile_transport_option_defaults, /* private options defaults */ + sizeof(queuefile_transport_options_block), /* size of private block */ + queuefile_transport_init, /* init entry point */ + queuefile_transport_entry, /* main entry point */ + NULL, /* no tidyup entry */ + NULL, /* no closedown entry */ + TRUE /* local flag */ + }, +#endif #ifdef TRANSPORT_SMTP { US"smtp", /* driver name */ @@ -415,37 +433,42 @@ struct lookupmodulestr static struct lookupmodulestr *lookupmodules = NULL; -static void addlookupmodule(void *dl, struct lookup_module_info *info) +static void +addlookupmodule(void *dl, struct lookup_module_info *info) { - struct lookupmodulestr *p = store_malloc(sizeof(struct lookupmodulestr)); - p->dl = dl; - p->info = info; - p->next = lookupmodules; - lookupmodules = p; - lookup_list_count += info->lookupcount; +struct lookupmodulestr *p = store_malloc(sizeof(struct lookupmodulestr)); + +p->dl = dl; +p->info = info; +p->next = lookupmodules; +lookupmodules = p; +lookup_list_count += info->lookupcount; } /* only valid after lookup_list and lookup_list_count are assigned */ -static void add_lookup_to_list(lookup_info *info) +static void +add_lookup_to_list(lookup_info *info) { - /* need to add the lookup to lookup_list, sorted */ - int pos = 0; - - /* strategy is to go through the list until we find - * either an empty spot or a name that is higher. - * this can't fail because we have enough space. */ - while (lookup_list[pos] - && (Ustrcmp(lookup_list[pos]->name, info->name) <= 0)) { - pos++; - } - if (lookup_list[pos]) { - /* need to insert it, so move all the other items up - * (last slot is still empty, of course) */ - memmove(&lookup_list[pos+1], - &lookup_list[pos], - sizeof(lookup_info **) * (lookup_list_count-pos-1)); +/* need to add the lookup to lookup_list, sorted */ +int pos = 0; + +/* strategy is to go through the list until we find +either an empty spot or a name that is higher. +this can't fail because we have enough space. */ + +while (lookup_list[pos] && (Ustrcmp(lookup_list[pos]->name, info->name) <= 0)) + pos++; + +if (lookup_list[pos]) + { + /* need to insert it, so move all the other items up + (last slot is still empty, of course) */ + + memmove(&lookup_list[pos+1], + &lookup_list[pos], + sizeof(lookup_info *) * (lookup_list_count-pos-1)); } - lookup_list[pos] = info; +lookup_list[pos] = info; } @@ -453,62 +476,67 @@ static void add_lookup_to_list(lookup_info *info) * which give parse errors on an extern in function scope. Each entry needs * to also be invoked in init_lookup_list() below */ -#if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2 -extern lookup_module_info whoson_lookup_module_info; +#if defined(LOOKUP_CDB) && LOOKUP_CDB!=2 +extern lookup_module_info cdb_lookup_module_info; #endif -#if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2 -extern lookup_module_info testdb_lookup_module_info; +#if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 +extern lookup_module_info dbmdb_lookup_module_info; #endif -#if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 -extern lookup_module_info sqlite_lookup_module_info; +#if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 +extern lookup_module_info dnsdb_lookup_module_info; #endif -#ifdef EXPERIMENTAL_SPF -extern lookup_module_info spf_lookup_module_info; +#if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2 +extern lookup_module_info dsearch_lookup_module_info; #endif -#if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2 -extern lookup_module_info pgsql_lookup_module_info; +#if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2 +extern lookup_module_info ibase_lookup_module_info; #endif -#if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2 -extern lookup_module_info passwd_lookup_module_info; +#if defined(LOOKUP_LDAP) +extern lookup_module_info ldap_lookup_module_info; #endif -#if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2 -extern lookup_module_info redis_lookup_module_info; +#if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2 +extern lookup_module_info lsearch_lookup_module_info; #endif -#if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2 -extern lookup_module_info oracle_lookup_module_info; +#if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 +extern lookup_module_info mysql_lookup_module_info; +#endif +#if defined(LOOKUP_NIS) && LOOKUP_NIS!=2 +extern lookup_module_info nis_lookup_module_info; #endif #if defined(LOOKUP_NISPLUS) && LOOKUP_NISPLUS!=2 extern lookup_module_info nisplus_lookup_module_info; #endif -#if defined(LOOKUP_NIS) && LOOKUP_NIS!=2 -extern lookup_module_info nis_lookup_module_info; +#if defined(LOOKUP_ORACLE) && LOOKUP_ORACLE!=2 +extern lookup_module_info oracle_lookup_module_info; #endif -#if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 -extern lookup_module_info mysql_lookup_module_info; +#if defined(LOOKUP_PASSWD) && LOOKUP_PASSWD!=2 +extern lookup_module_info passwd_lookup_module_info; #endif -#if defined(LOOKUP_LSEARCH) && LOOKUP_LSEARCH!=2 -extern lookup_module_info lsearch_lookup_module_info; +#if defined(LOOKUP_PGSQL) && LOOKUP_PGSQL!=2 +extern lookup_module_info pgsql_lookup_module_info; #endif -#ifdef LOOKUP_LDAP -extern lookup_module_info ldap_lookup_module_info; +#if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2 +extern lookup_module_info redis_lookup_module_info; #endif -#if defined(LOOKUP_IBASE) && LOOKUP_IBASE!=2 -extern lookup_module_info ibase_lookup_module_info; +#if defined(EXPERIMENTAL_LMDB) +extern lookup_module_info lmdb_lookup_module_info; #endif -#if defined(LOOKUP_DSEARCH) && LOOKUP_DSEARCH!=2 -extern lookup_module_info dsearch_lookup_module_info; +#if defined(EXPERIMENTAL_SPF) +extern lookup_module_info spf_lookup_module_info; #endif -#if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 -extern lookup_module_info dnsdb_lookup_module_info; +#if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 +extern lookup_module_info sqlite_lookup_module_info; #endif -#if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 -extern lookup_module_info dbmdb_lookup_module_info; +#if defined(LOOKUP_TESTDB) && LOOKUP_TESTDB!=2 +extern lookup_module_info testdb_lookup_module_info; #endif -#if defined(LOOKUP_CDB) && LOOKUP_CDB!=2 -extern lookup_module_info cdb_lookup_module_info; +#if defined(LOOKUP_WHOSON) && LOOKUP_WHOSON!=2 +extern lookup_module_info whoson_lookup_module_info; #endif -void init_lookup_list(void) + +void +init_lookup_list(void) { #ifdef LOOKUP_MODULE_DIR DIR *dd; @@ -578,6 +606,10 @@ void init_lookup_list(void) addlookupmodule(NULL, &redis_lookup_module_info); #endif +#ifdef EXPERIMENTAL_LMDB + addlookupmodule(NULL, &lmdb_lookup_module_info); +#endif + #ifdef EXPERIMENTAL_SPF addlookupmodule(NULL, &spf_lookup_module_info); #endif diff --git a/src/src/environment.c b/src/src/environment.c new file mode 100644 index 000000000..c394eb7e7 --- /dev/null +++ b/src/src/environment.c @@ -0,0 +1,72 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) Heiko Schlittermann 2016 + * hs@schlittermann.de + * See the file NOTICE for conditions of use and distribution. + */ + +#include "exim.h" + +extern char **environ; + +/* The cleanup_environment() function is used during the startup phase +of the Exim process, right after reading the configurations main +part, before any expansions take place. It retains the environment +variables we trust (via the keep_environment option) and allows to +set additional variables (via add_environment). + +Returns: TRUE if successful + FALSE otherwise +*/ + +BOOL +cleanup_environment() +{ +if (!keep_environment || *keep_environment == '\0') + { + /* From: https://github.com/dovecot/core/blob/master/src/lib/env-util.c#L55 + Try to clear the environment. + a) environ = NULL crashes on OS X. + b) *environ = NULL doesn't work on FreeBSD 7.0. + c) environ = emptyenv doesn't work on Haiku OS + d) environ = calloc() should work everywhere */ + + if (environ) *environ = NULL; + + } +else if (Ustrcmp(keep_environment, "*") != 0) + { + uschar **p; + if (environ) for (p = USS environ; *p; /* see below */) + { + /* It's considered broken if we do not find the '=', according to + Florian Weimer. For now we ignore such strings. unsetenv() would complain, + getenv() would complain. */ + uschar * eqp = Ustrchr(*p, '='); + + if (eqp) + { + uschar * name = string_copyn(*p, eqp - *p); + + if (OK != match_isinlist(name, CUSS &keep_environment, + 0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL)) + if (os_unsetenv(name) < 0) return FALSE; + else p = USS environ; /* RESTART from the beginning */ + else p++; + store_reset(name); + } + } + } +if (add_environment) + { + uschar * p; + int sep = 0; + const uschar * envlist = add_environment; + + while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) putenv(CS p); + } + + return TRUE; +} diff --git a/src/src/exim.c b/src/src/exim.c index ed3035247..e63997030 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -12,6 +12,10 @@ Also a few functions that don't naturally fit elsewhere. */ #include "exim.h" +#ifdef __GLIBC__ +# include <gnu/libc-version.h> +#endif + #ifdef USE_GNUTLS # include <gnutls/gnutls.h> # if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP) @@ -170,10 +174,8 @@ Returns: nothing void set_process_info(const char *format, ...) { -int len; +int len = sprintf(CS process_info, "%5d ", (int)getpid()); va_list ap; -sprintf(CS process_info, "%5d ", (int)getpid()); -len = Ustrlen(process_info); va_start(ap, format); if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap)) Ustrcpy(process_info + len, "**** string overflowed buffer ****"); @@ -814,9 +816,6 @@ fprintf(f, "Support for:"); #ifdef WITH_CONTENT_SCAN fprintf(f, " Content_Scanning"); #endif -#ifdef WITH_OLD_DEMIME - fprintf(f, " Old_Demime"); -#endif #ifndef DISABLE_DKIM fprintf(f, " DKIM"); #endif @@ -841,6 +840,15 @@ fprintf(f, "Support for:"); #ifdef SUPPORT_SOCKS fprintf(f, " SOCKS"); #endif +#ifdef TCP_FASTOPEN + fprintf(f, " TCP_Fast_Open"); +#endif +#ifdef EXPERIMENTAL_LMDB + fprintf(f, " Experimental_LMDB"); +#endif +#ifdef EXPERIMENTAL_QUEUEFILE + fprintf(f, " Experimental_QUEUEFILE"); +#endif #ifdef EXPERIMENTAL_SPF fprintf(f, " Experimental_SPF"); #endif @@ -886,6 +894,9 @@ fprintf(f, "Lookups (built-in):"); #if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2 fprintf(f, " ldap ldapdn ldapm"); #endif +#ifdef EXPERIMENTAL_LMDB + fprintf(f, " lmdb"); +#endif #if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2 fprintf(f, " mysql"); #endif @@ -991,6 +1002,9 @@ fprintf(f, "Transports:"); #ifdef TRANSPORT_PIPE fprintf(f, " pipe"); #endif +#ifdef EXPERIMENTAL_QUEUEFILE + fprintf(f, " queuefile"); +#endif #ifdef TRANSPORT_SMTP fprintf(f, " smtp"); #endif @@ -1005,6 +1019,8 @@ if (fixed_never_users[0] > 0) fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); } +fprintf(f, "Configure owner: %d:%d\n", config_uid, config_gid); + fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t)); /* Everything else is details which are only worth reporting when debugging. @@ -1028,6 +1044,14 @@ DEBUG(D_any) do { fprintf(f, "Compiler: <unknown>\n"); #endif +#ifdef __GLIBC__ + fprintf(f, "Library version: Glibc: Compile: %d.%d\n", + __GLIBC__, __GLIBC_MINOR__); + if (__GLIBC_PREREQ(2, 1)) + fprintf(f, " Runtime: %s\n", + gnu_get_libc_version()); +#endif + #ifdef SUPPORT_TLS tls_version_report(f); #endif @@ -1043,7 +1067,7 @@ DEBUG(D_any) do { characters; unless it's an ancient version of PCRE in which case it is not defined. */ #ifndef PCRE_PRERELEASE -#define PCRE_PRERELEASE +# define PCRE_PRERELEASE #endif #define QUOTE(X) #X #define EXPAND_AND_QUOTE(X) QUOTE(X) @@ -1139,23 +1163,23 @@ for (t = lpart; !needs_quote && *t != 0; t++) if (!needs_quote) return lpart; size = ptr = 0; -yield = string_cat(NULL, &size, &ptr, US"\"", 1); +yield = string_catn(NULL, &size, &ptr, US"\"", 1); for (;;) { uschar *nq = US Ustrpbrk(lpart, "\\\""); if (nq == NULL) { - yield = string_cat(yield, &size, &ptr, lpart, Ustrlen(lpart)); + yield = string_cat(yield, &size, &ptr, lpart); break; } - yield = string_cat(yield, &size, &ptr, lpart, nq - lpart); - yield = string_cat(yield, &size, &ptr, US"\\", 1); - yield = string_cat(yield, &size, &ptr, nq, 1); + yield = string_catn(yield, &size, &ptr, lpart, nq - lpart); + yield = string_catn(yield, &size, &ptr, US"\\", 1); + yield = string_catn(yield, &size, &ptr, nq, 1); lpart = nq + 1; } -yield = string_cat(yield, &size, &ptr, US"\"", 1); +yield = string_catn(yield, &size, &ptr, US"\"", 1); yield[ptr] = 0; return yield; } @@ -1269,15 +1293,16 @@ for (i = 0;; i++) while (p < ss && isspace(*p)) p++; /* leading space after cont */ } - yield = string_cat(yield, &size, &ptr, p, ss - p); + yield = string_catn(yield, &size, &ptr, p, ss - p); #ifdef USE_READLINE if (fn_readline != NULL) free(readline_line); #endif + /* yield can only be NULL if ss==p */ if (ss == p || yield[ptr-1] != '\\') { - yield[ptr] = 0; + if (yield) yield[ptr] = 0; break; } yield[--ptr] = 0; @@ -1333,12 +1358,12 @@ exit(EXIT_FAILURE); /* Typically, Exim will drop privileges if macros are supplied. In some cases, we want to not do so. -Arguments: none (macros is a global) +Arguments: opt_D_used - true if the commandline had a "-D" option Returns: true if trusted, false otherwise */ static BOOL -macros_trusted(void) +macros_trusted(BOOL opt_D_used) { #ifdef WHITELIST_D_MACROS macro_item *m; @@ -1348,7 +1373,7 @@ size_t len; BOOL prev_char_item, found; #endif -if (macros == NULL) +if (!opt_D_used) return TRUE; #ifndef WHITELIST_D_MACROS return FALSE; @@ -1405,8 +1430,9 @@ for (p = whitelisted, i = 0; (p != end) && (i < white_count); ++p) } whites[i] = NULL; -/* The list of macros should be very short. Accept the N*M complexity. */ -for (m = macros; m != NULL; m = m->next) +/* The list of commandline macros should be very short. +Accept the N*M complexity. */ +for (m = macros; m; m = m->next) if (m->command_line) { found = FALSE; for (w = whites; *w; ++w) @@ -1496,6 +1522,7 @@ BOOL list_config = FALSE; BOOL local_queue_only; BOOL more = TRUE; BOOL one_msg_action = FALSE; +BOOL opt_D_used = FALSE; BOOL queue_only_set = FALSE; BOOL receiving_message = TRUE; BOOL sender_ident_set = FALSE; @@ -1637,8 +1664,7 @@ os_non_restarting_signal(SIGALRM, sigalrm_handler); /* Ensure we have a buffer for constructing log entries. Use malloc directly, because store_malloc writes a log entry on failure. */ -log_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); -if (log_buffer == NULL) +if (!(log_buffer = US malloc(LOG_BUFFER_SIZE))) { fprintf(stderr, "exim: failed to get store for log buffer\n"); exit(EXIT_FAILURE); @@ -1999,7 +2025,7 @@ for (i = 1; i < argc; i++) else if (*argrest == 'F') { - filter_test |= FTEST_SYSTEM; + filter_test |= checking = FTEST_SYSTEM; if (*(++argrest) != 0) { badarg = TRUE; break; } if (++i < argc) filter_test_sfile = argv[i]; else { @@ -2019,7 +2045,7 @@ for (i = 1; i < argc; i++) { if (*(++argrest) == 0) { - filter_test |= FTEST_USER; + filter_test |= checking = FTEST_USER; if (++i < argc) filter_test_ufile = argv[i]; else { fprintf(stderr, "exim: file name expected after %s\n", argv[i-1]); @@ -2049,6 +2075,7 @@ for (i = 1; i < argc; i++) sender_host_address = argv[i]; host_checking = checking = log_testing_mode = TRUE; host_checking_callout = argrest[1] == 'c'; + message_logs = FALSE; } /* -bi: This option is used by sendmail to initialize *the* alias file, @@ -2094,6 +2121,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "malware") == 0) { if (++i >= argc) { badarg = TRUE; break; } + checking = TRUE; malware_test_file = argv[i]; } @@ -2175,6 +2203,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "rt") == 0) { + checking = TRUE; test_retry_arg = i + 1; goto END_ARG; } @@ -2183,6 +2212,7 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "rw") == 0) { + checking = TRUE; test_rewrite_arg = i + 1; goto END_ARG; } @@ -2225,6 +2255,7 @@ for (i = 1; i < argc; i++) printf("%s\n", CS version_copyright); version_printed = TRUE; show_whats_supported(stdout); + log_testing_mode = TRUE; } /* -bw: inetd wait mode, accept a listening socket as stdin */ @@ -2391,11 +2422,11 @@ for (i = 1; i < argc; i++) #else { int ptr = 0; - macro_item *mlast = NULL; macro_item *m; uschar name[24]; uschar *s = argrest; + opt_D_used = TRUE; while (isspace(*s)) s++; if (*s < 'A' || *s > 'Z') @@ -2419,22 +2450,14 @@ for (i = 1; i < argc; i++) while (isspace(*s)) s++; } - for (m = macros; m != NULL; m = m->next) - { + for (m = macros; m; m = m->next) if (Ustrcmp(m->name, name) == 0) { fprintf(stderr, "exim: duplicated -D in command line\n"); exit(EXIT_FAILURE); } - mlast = m; - } - m = store_get(sizeof(macro_item) + Ustrlen(name)); - m->next = NULL; - m->command_line = TRUE; - if (mlast == NULL) macros = m; else mlast->next = m; - Ustrcpy(m->name, name); - m->replacement = string_copy(s); + m = macro_create(name, s, TRUE, FALSE); if (clmacro_count >= MAX_CLMACROS) { @@ -2702,66 +2725,63 @@ for (i = 1; i < argc; i++) break; } + else if (*argrest == 'C' && argrest[1] && !argrest[2]) + { + switch(argrest[1]) + { /* -MCA: set the smtp_authenticated flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has accepted an AUTH sequence. */ - else if (Ustrcmp(argrest, "CA") == 0) - { - smtp_authenticated = TRUE; - break; - } + case 'A': smtp_authenticated = TRUE; break; /* -MCD: set the smtp_use_dsn flag; this indicates that the host that exim is connected to supports the esmtp extension DSN */ - else if (Ustrcmp(argrest, "CD") == 0) - { - smtp_use_dsn = TRUE; - break; - } + + case 'D': smtp_peer_options |= PEER_OFFERED_DSN; break; + + /* -MCG: set the queue name, to a non-default value */ + + case 'G': if (++i < argc) queue_name = string_copy(argv[i]); + else badarg = TRUE; + break; + + /* -MCK: the peer offered CHUNKING. Must precede -MC */ + + case 'K': smtp_peer_options |= PEER_OFFERED_CHUNKING; break; /* -MCP: set the smtp_use_pipelining flag; this is useful only when it preceded -MC (see above) */ - else if (Ustrcmp(argrest, "CP") == 0) - { - smtp_use_pipelining = TRUE; - break; - } + case 'P': smtp_peer_options |= PEER_OFFERED_PIPE; break; /* -MCQ: pass on the pid of the queue-running process that started this chain of deliveries and the fd of its synchronizing pipe; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CQ") == 0) - { - if(++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); - else badarg = TRUE; - if(++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); - else badarg = TRUE; - break; - } + case 'Q': if (++i < argc) passed_qr_pid = (pid_t)(Uatol(argv[i])); + else badarg = TRUE; + if (++i < argc) passed_qr_pipe = (int)(Uatol(argv[i])); + else badarg = TRUE; + break; /* -MCS: set the smtp_use_size flag; this is useful only when it precedes -MC (see above) */ - else if (Ustrcmp(argrest, "CS") == 0) - { - smtp_use_size = TRUE; - break; - } + case 'S': smtp_peer_options |= PEER_OFFERED_SIZE; break; +#ifdef SUPPORT_TLS /* -MCT: set the tls_offered flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has offered TLS support. */ - #ifdef SUPPORT_TLS - else if (Ustrcmp(argrest, "CT") == 0) - { - tls_offered = TRUE; - break; + case 'T': smtp_peer_options |= PEER_OFFERED_TLS; break; +#endif + + default: badarg = TRUE; break; + } + break; } - #endif /* -M[x]: various operations on the following list of message ids: -M deliver the messages, ignoring next retry times and thawing @@ -3212,7 +3232,7 @@ for (i = 1; i < argc; i++) if (*argrest == 'f') { queue_run_force = TRUE; - if (*(++argrest) == 'f') + if (*++argrest == 'f') { deliver_force_thaw = TRUE; argrest++; @@ -3227,8 +3247,19 @@ for (i = 1; i < argc; i++) argrest++; } - /* -q[f][f][l]: Run the queue, optionally forced, optionally local only, - optionally starting from a given message id. */ + /* -q[f][f][l][G<name>]... Work on the named queue */ + + if (*argrest == 'G') + { + int i; + for (argrest++, i = 0; argrest[i] && argrest[i] != '/'; ) i++; + queue_name = string_copyn(argrest, i); + argrest += i; + if (*argrest == '/') argrest++; + } + + /* -q[f][f][l][G<name>]: Run the queue, optionally forced, optionally local + only, optionally named, optionally starting from a given message id. */ if (*argrest == 0 && (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) @@ -3240,20 +3271,14 @@ for (i = 1; i < argc; i++) stop_queue_run_id = argv[++i]; } - /* -q[f][f][l]<n>: Run the queue at regular intervals, optionally forced, - optionally local only. */ + /* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally + forced, optionally local only, optionally named. */ - else + else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], + 0, FALSE)) <= 0) { - if (*argrest != 0) - queue_interval = readconf_readtime(argrest, 0, FALSE); - else - queue_interval = readconf_readtime(argv[++i], 0, FALSE); - if (queue_interval <= 0) - { - fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); - exit(EXIT_FAILURE); - } + fprintf(stderr, "exim: bad time value %s: abandoned\n", argv[i]); + exit(EXIT_FAILURE); } break; @@ -3273,8 +3298,7 @@ for (i = 1; i < argc; i++) if (*argrest != 0) { int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + for (i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { if (i != 2) queue_run_force = TRUE; @@ -3282,21 +3306,20 @@ for (i = 1; i < argc; i++) if (i == 1 || i == 4) deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } } /* -R: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) + if (*argrest) + deliver_selectstring = argrest; + else if (i+1 < argc) + deliver_selectstring = argv[++i]; + else { - if (i+1 < argc) deliver_selectstring = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -R\n"); - exit(EXIT_FAILURE); - } + fprintf(stderr, "exim: string expected after -R\n"); + exit(EXIT_FAILURE); } - else deliver_selectstring = argrest; break; @@ -3317,11 +3340,10 @@ for (i = 1; i < argc; i++) in all cases provided there are no further characters in this argument. */ - if (*argrest != 0) + if (*argrest) { int i; - for (i = 0; i < sizeof(rsopts)/sizeof(uschar *); i++) - { + for (i = 0; i < nelem(rsopts); i++) if (Ustrcmp(argrest, rsopts[i]) == 0) { if (i != 2) queue_run_force = TRUE; @@ -3329,21 +3351,20 @@ for (i = 1; i < argc; i++) if (i == 1 || i == 4) deliver_force_thaw = TRUE; argrest += Ustrlen(rsopts[i]); } - } } /* -S: Set string to match in addresses for forced queue run to pick out particular messages. */ - if (*argrest == 0) + if (*argrest) + deliver_selectstring_sender = argrest; + else if (i+1 < argc) + deliver_selectstring_sender = argv[++i]; + else { - if (i+1 < argc) deliver_selectstring_sender = argv[++i]; else - { - fprintf(stderr, "exim: string expected after -S\n"); - exit(EXIT_FAILURE); - } + fprintf(stderr, "exim: string expected after -S\n"); + exit(EXIT_FAILURE); } - else deliver_selectstring_sender = argrest; break; /* -Tqt is an option that is exclusively for use by the testing suite. @@ -3457,8 +3478,9 @@ for (i = 1; i < argc; i++) /* If -R or -S have been specified without -q, assume a single queue run. */ -if ((deliver_selectstring != NULL || deliver_selectstring_sender != NULL) && - queue_interval < 0) queue_interval = 0; +if ( (deliver_selectstring || deliver_selectstring_sender) + && queue_interval < 0) + queue_interval = 0; END_ARG: @@ -3474,12 +3496,12 @@ if (( ) || ( msg_action_arg > 0 && - (daemon_listen || queue_interval >= 0 || list_options || + (daemon_listen || queue_interval > 0 || list_options || (checking && msg_action != MSG_LOAD) || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0) ) || ( - (daemon_listen || queue_interval >= 0) && + (daemon_listen || queue_interval > 0) && (sender_address != NULL || list_options || list_queue || checking || bi_option) ) || @@ -3666,7 +3688,7 @@ configuration file changes and macro definitions haven't happened. */ if (( /* EITHER */ (!trusted_config || /* Config changed, or */ - !macros_trusted()) && /* impermissible macros and */ + !macros_trusted(opt_D_used)) && /* impermissible macros and */ real_uid != root_uid && /* Not root, and */ !running_in_test_harness /* Not fudged */ ) || /* OR */ @@ -3741,9 +3763,42 @@ if (running_in_test_harness) smtputf8_advertise_hosts = NULL; /* Read the main runtime configuration data; this gives up if there is a failure. It leaves the configuration file open so that the subsequent -configuration data for delivery can be read if needed. */ +configuration data for delivery can be read if needed. + +NOTE: immediatly after opening the configuration file we change the working +directory to "/"! Later we change to $spool_directory. We do it there, because +during readconf_main() some expansion takes place already. */ + +/* Store the initial cwd before we change directories */ +if ((initial_cwd = os_getcwd(NULL, 0)) == NULL) + { + perror("exim: can't get the current working directory"); + exit(EXIT_FAILURE); + } + +/* checking: + -be[m] expansion test - + -b[fF] filter test new + -bh[c] host test - + -bmalware malware_test_file new + -brt retry test new + -brw rewrite test new + -bt address test - + -bv[s] address verify - + list_options: + -bP <option> (except -bP config, which sets list_config) + +If any of these options is set, we suppress warnings about configuration +issues (currently about tls_advertise_hosts and keep_environment not being +defined) */ + +readconf_main(checking || list_options); + +/* Now in directory "/" */ + +if (cleanup_environment() == FALSE) + log_write(0, LOG_PANIC_DIE, "Can't cleanup environment"); -readconf_main(); /* If an action on specific messages is requested, or if a daemon or queue runner is being started, we need to know if Exim was called by an admin user. @@ -3885,7 +3940,6 @@ if (Ustrlen(syslog_processname) > 32) "syslog_processname is longer than 32 chars: aborting"); if (log_oneline) - { if (admin_user) { log_write(0, LOG_MAIN, "%s", log_oneline); @@ -3893,28 +3947,27 @@ if (log_oneline) } else return EXIT_FAILURE; - } /* In some operating systems, the environment variable TMPDIR controls where temporary files are created; Exim doesn't use these (apart from when delivering to MBX mailboxes), but called libraries such as DBM libraries may require them. If TMPDIR is found in the environment, reset it to the value defined in the -TMPDIR macro, if this macro is defined. */ +EXIM_TMPDIR macro, if this macro is defined. For backward compatibility this +macro may be called TMPDIR in old "Local/Makefile"s. It's converted to +EXIM_TMPDIR by the build scripts. +*/ -#ifdef TMPDIR +#ifdef EXIM_TMPDIR { uschar **p; - for (p = USS environ; *p != NULL; p++) - { - if (Ustrncmp(*p, "TMPDIR=", 7) == 0 && - Ustrcmp(*p+7, TMPDIR) != 0) + if (environ) for (p = USS environ; *p; p++) + if (Ustrncmp(*p, "TMPDIR=", 7) == 0 && Ustrcmp(*p+7, EXIM_TMPDIR) != 0) { - uschar *newp = malloc(Ustrlen(TMPDIR) + 8); - sprintf(CS newp, "TMPDIR=%s", TMPDIR); + uschar * newp = store_malloc(Ustrlen(EXIM_TMPDIR) + 8); + sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR); *p = newp; - DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR); + DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR); } - } } #endif @@ -3928,33 +3981,28 @@ about this earlier - but hopefully nothing will normally be logged earlier than this. We have to make a new environment if TZ is wrong, but don't bother if timestamps_utc is set, because then all times are in UTC anyway. */ -if (timezone_string != NULL && strcmpic(timezone_string, US"UTC") == 0) - { +if (timezone_string && strcmpic(timezone_string, US"UTC") == 0) timestamps_utc = TRUE; - } else { uschar *envtz = US getenv("TZ"); - if ((envtz == NULL && timezone_string != NULL) || - (envtz != NULL && - (timezone_string == NULL || - Ustrcmp(timezone_string, envtz) != 0))) + if (envtz + ? !timezone_string || Ustrcmp(timezone_string, envtz) != 0 + : timezone_string != NULL + ) { uschar **p = USS environ; uschar **new; uschar **newp; int count = 0; - while (*p++ != NULL) count++; - if (envtz == NULL) count++; - newp = new = malloc(sizeof(uschar *) * (count + 1)); - for (p = USS environ; *p != NULL; p++) + if (environ) while (*p++) count++; + if (!envtz) count++; + newp = new = store_malloc(sizeof(uschar *) * (count + 1)); + if (environ) for (p = USS environ; *p; p++) + if (Ustrncmp(*p, "TZ=", 3) != 0) *newp++ = *p; + if (timezone_string) { - if (Ustrncmp(*p, "TZ=", 3) == 0) continue; - *newp++ = *p; - } - if (timezone_string != NULL) - { - *newp = malloc(Ustrlen(timezone_string) + 4); + *newp = store_malloc(Ustrlen(timezone_string) + 4); sprintf(CS *newp++, "TZ=%s", timezone_string); } *newp = NULL; @@ -3986,16 +4034,15 @@ Exim user", but it hasn't, because either the -D option set macros, or the root for -C or -D, the caller must either be root or be invoking a trusted configuration file (when deliver_drop_privilege is false). */ -if (removed_privilege && (!trusted_config || macros != NULL) && - real_uid == exim_uid) - { +if ( removed_privilege + && (!trusted_config || opt_D_used) + && real_uid == exim_uid) if (deliver_drop_privilege) really_exim = TRUE; /* let logging work normally */ else log_write(0, LOG_MAIN|LOG_PANIC, "exim user lost privilege for using %s option", trusted_config? "-D" : "-C"); - } /* Start up Perl interpreter if Perl support is configured and there is a perl_startup option, and the configuration or the command line specifies @@ -4029,9 +4076,10 @@ if (((debug_selector & D_any) != 0 || LOGGING(arguments)) { int i; uschar *p = big_buffer; - char * dummy; Ustrcpy(p, "cwd= (failed)"); - dummy = /* quieten compiler */ getcwd(CS p+4, big_buffer_size - 4); + + Ustrncpy(p + 4, initial_cwd, big_buffer_size-5); + while (*p) p++; (void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc); while (*p) p++; @@ -4163,7 +4211,7 @@ real, but are permitted when checking things (-be, -bv, -bt, -bh, -bf, -bF). Note that authority for performing certain actions on messages is tested in the queue_action() function. */ -if (!trusted_caller && !checking && filter_test == FTEST_NONE) +if (!trusted_caller && !checking) { sender_host_name = sender_host_address = interface_address = sender_ident = received_protocol = NULL; @@ -4537,7 +4585,8 @@ if (list_options) (Ustrcmp(argv[i], "router") == 0 || Ustrcmp(argv[i], "transport") == 0 || Ustrcmp(argv[i], "authenticator") == 0 || - Ustrcmp(argv[i], "macro") == 0)) + Ustrcmp(argv[i], "macro") == 0 || + Ustrcmp(argv[i], "environment") == 0)) { readconf_print(argv[i+1], argv[i], flag_n); i++; @@ -4550,7 +4599,7 @@ if (list_options) if (list_config) { set_process_info("listing config"); - readconf_print(US"config", NULL, FALSE); + readconf_print(US"config", NULL, flag_n); exim_exit(EXIT_SUCCESS); } @@ -4617,7 +4666,10 @@ if (queue_interval == 0 && !daemon_listen) (start_queue_run_id == NULL)? US"" : start_queue_run_id, (stop_queue_run_id == NULL)? US"" : US" stopping at ", (stop_queue_run_id == NULL)? US"" : stop_queue_run_id); - set_process_info("running the queue (single queue run)"); + if (*queue_name) + set_process_info("running the '%s' queue (single queue run)", queue_name); + else + set_process_info("running the queue (single queue run)"); queue_run(start_queue_run_id, stop_queue_run_id, FALSE); exim_exit(EXIT_SUCCESS); } @@ -4816,8 +4868,7 @@ if ((!smtp_input && sender_address == NULL) || if (sender_address == NULL /* No sender_address set */ || /* OR */ (sender_address[0] != 0 && /* Non-empty sender address, AND */ - !checking && /* Not running tests, AND */ - filter_test == FTEST_NONE)) /* Not testing a filter */ + !checking)) /* Not running tests, including filter tests */ { sender_address = originator_login; sender_address_forced = FALSE; @@ -4902,7 +4953,7 @@ Otherwise, if -bem was used, read a message from stdin. */ if (expansion_test) { - dns_init(0, 0); + dns_init(FALSE, FALSE, FALSE); if (msg_action_arg > 0 && msg_action == MSG_LOAD) { uschar spoolname[256]; /* Not big_buffer; used in spool_read_header() */ @@ -4913,7 +4964,7 @@ if (expansion_test) } message_id = argv[msg_action_arg]; (void)string_format(spoolname, sizeof(spoolname), "%s-H", message_id); - if (!spool_open_datafile(message_id)) + if ((deliver_datafile = spool_open_datafile(message_id)) < 0) printf ("Failed to load message datafile %s\n", message_id); if (spool_read_header(spoolname, TRUE, FALSE) != spool_read_OK) printf ("Failed to load message %s\n", message_id); @@ -5489,7 +5540,7 @@ while (more) ignored; rejecting here would just add complication, and it can just as well be done later. Allow $recipients to be visible in the ACL. */ - if (acl_not_smtp_start != NULL) + if (acl_not_smtp_start) { uschar *user_msg, *log_msg; enable_dollar_recipients = TRUE; @@ -5498,6 +5549,20 @@ while (more) enable_dollar_recipients = FALSE; } + /* Pause for a while waiting for input. If none received in that time, + close the logfile, if we had one open; then if we wait for a long-running + datasource (months, in one use-case) log rotation will not leave us holding + the file copy. */ + + if (!receive_timeout) + { + struct timeval t = { 30*60, 0 }; /* 30 minutess */ + fd_set r; + + FD_ZERO(&r); FD_SET(0, &r); + if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close(); + } + /* Read the data for the message. If filter_test is not FTEST_NONE, this will just read the headers for the message, and not write anything onto the spool. */ @@ -5662,8 +5727,8 @@ while (more) if (geteuid() != root_uid && !deliver_drop_privilege && !unprivileged) { - (void)child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 2, US"-Mc", - message_id); + (void)child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, + 2, US"-Mc", message_id); /* Control does not return here. */ } diff --git a/src/src/exim.h b/src/src/exim.h index 385c3624e..9ae96b2a0 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -493,6 +493,7 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #include "dbstuff.h" #include "structs.h" #include "globals.h" +#include "hash.h" #include "functions.h" #include "dbfunctions.h" #include "osfunctions.h" @@ -584,19 +585,9 @@ default to EDQUOT if it exists, otherwise ENOSPC. */ # endif #endif -/* Ensure PATH_MAX is defined */ - -#ifndef PATH_MAX - #ifdef MAXPATHLEN - # define PATH_MAX MAXPATHLEN - #else - # define PATH_MAX 1024 - #endif -#endif - /* DANE w/o DNSSEC is useless */ #if defined(EXPERIMENTAL_DANE) && defined(DISABLE_DNSSEC) - #undef DISABLE_DNSSEC +# undef DISABLE_DNSSEC #endif #endif diff --git a/src/src/exim_dbmbuild.c b/src/src/exim_dbmbuild.c index 7babc643e..85ae9012b 100644 --- a/src/src/exim_dbmbuild.c +++ b/src/src/exim_dbmbuild.c @@ -478,9 +478,11 @@ if (yield == 0 || yield == 1) else { printf("dbmbuild abandoned\n"); - #if defined(USE_DB) || defined(USE_TDB) || defined(USE_GDBM) +#if defined(USE_DB) || defined(USE_TDB) || defined(USE_GDBM) + /* We created it, so safe to delete despite the name coming from outside */ + /* coverity[tainted_string] */ Uunlink(temp_dbmname); - #else +#else if (is_db) { sprintf(CS real_dbmname, "%s.db", temp_dbmname); @@ -493,7 +495,7 @@ else sprintf(CS real_dbmname, "%s.pag", temp_dbmname); Uunlink(real_dbmname); } - #endif /* USE_DB || USE_TDB */ +#endif /* USE_DB || USE_TDB */ } return yield; diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 417a42db6..c710772ed 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -259,7 +259,7 @@ uschar buffer[256]; ensures that Exim has exclusive use of the database before it even tries to open it. If there is a database, there should be a lock file in existence. */ -sprintf(CS buffer, "%s/db/%s.lockfile", spool_directory, name); +sprintf(CS buffer, "%s/db/%.200s.lockfile", spool_directory, name); dbblock->lockfd = Uopen(buffer, flags, 0); if (dbblock->lockfd < 0) @@ -285,8 +285,9 @@ if (sigalrm_seen) errno = ETIMEDOUT; if (rc < 0) { printf("** Failed to get %s lock for %s: %s", - ((flags & O_RDONLY) != 0)? "read" : "write", buffer, - (errno == ETIMEDOUT)? "timed out" : strerror(errno)); + flags & O_WRONLY ? "write" : "read", + buffer, + errno == ETIMEDOUT ? "timed out" : strerror(errno)); (void)close(dbblock->lockfd); return NULL; } @@ -801,13 +802,13 @@ for(;;) if (record == NULL) printf("not found\n"); else { time_t tt; - int length = 0; /* Stops compiler warning */ + /*int length = 0; Stops compiler warning */ switch(dbdata_type) { case type_retry: retry = (dbdata_retry *)record; - length = sizeof(dbdata_retry) + Ustrlen(retry->text); + /* length = sizeof(dbdata_retry) + Ustrlen(retry->text); */ switch(fieldno) { @@ -857,7 +858,7 @@ for(;;) case type_callout: callout = (dbdata_callout_cache *)record; - length = sizeof(dbdata_callout_cache); + /* length = sizeof(dbdata_callout_cache); */ switch(fieldno) { case 0: diff --git a/src/src/exim_lock.c b/src/src/exim_lock.c index 37d974477..068216816 100644 --- a/src/src/exim_lock.c +++ b/src/src/exim_lock.c @@ -9,6 +9,8 @@ Options: -fcntl use fcntl() lock Default is -fcntl -lockfile. Argument: the name of the lock file + +Copyright (c) The Exim Maintainers 2016 */ #include "os.h" @@ -36,7 +38,7 @@ in sys/file.h. */ #endif -typedef int BOOL; +typedef unsigned BOOL; #define FALSE 0 #define TRUE 1 @@ -216,7 +218,7 @@ for (i = 1; i < argc; i++) else usage(); } -if (quiet) verbose = 0; +if (quiet) verbose = FALSE; /* Can't use flock() if the OS doesn't provide it */ @@ -322,7 +324,7 @@ for (j = 0; j < lock_retries; j++) if (use_lockfile) { - int rc; + int rc, rc2; if (verbose) printf("exim_lock: creating lock file\n"); hd = open(hitchname, O_WRONLY | O_CREAT | O_EXCL, 0440); if (hd < 0) @@ -334,11 +336,12 @@ for (j = 0; j < lock_retries; j++) /* Apply hitching post algorithm. */ - if ((rc = link(hitchname, lockname)) != 0) fstat(hd, &statbuf); + if ((rc = link(hitchname, lockname)) != 0) + rc2 = fstat(hd, &statbuf); (void)close(hd); unlink(hitchname); - if (rc != 0 && statbuf.st_nlink != 2) + if (rc != 0 && (rc2 != 0 || statbuf.st_nlink != 2)) { printf("exim_lock: failed to link hitching post to lock file\n"); hd = -1; @@ -354,8 +357,7 @@ for (j = 0; j < lock_retries; j++) /* Open the file for writing. */ - fd = open(filename, O_RDWR + O_APPEND); - if (fd < 0) + if ((fd = open(filename, O_RDWR + O_APPEND)) < 0) { printf("exim_lock: failed to open %s for writing: %s\n", filename, strerror(errno)); @@ -374,7 +376,6 @@ for (j = 0; j < lock_retries; j++) a timeout changes it to blocking. */ if (!use_mbx && (use_fcntl || use_flock)) - { if (apply_lock(fd, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock, lock_flock_timeout) >= 0) { @@ -385,8 +386,8 @@ for (j = 0; j < lock_retries; j++) } break; } - else goto RETRY; /* Message already output */ - } + else + goto RETRY; /* Message already output */ /* Lock using MBX rules. This is complicated and is documented with the source of the c-client library that goes with Pine and IMAP. What has to @@ -583,12 +584,37 @@ else if (restore_times) { struct stat strestore; +#ifdef EXIM_HAVE_OPENAT + int fd = open(filename, O_RDWR); /* use fd for both get & restore */ + struct timespec tt[2]; + + if (fd < 0) + { + printf("open '%s': %s\n", filename, strerror(errno)); + yield = 1; + goto CLEAN_UP; + } + if (fstat(fd, &strestore) != 0) + { + printf("fstat '%s': %s\n", filename, strerror(errno)); + yield = 1; + close(fd); + goto CLEAN_UP; + } + i = system(command); + tt[0] = strestore.st_atim; + tt[1] = strestore.st_mtim; + (void) futimens(fd, tt); + (void) close(fd); +#else struct utimbuf ut; + stat(filename, &strestore); i = system(command); ut.actime = strestore.st_atime; ut.modtime = strestore.st_mtime; utime(filename, &ut); +#endif } else i = system(command); diff --git a/src/src/eximstats.src b/src/src/eximstats.src index 4370b4eab..e6485fffc 100644 --- a/src/src/eximstats.src +++ b/src/src/eximstats.src @@ -1,6 +1,6 @@ #!PERL_COMMAND -w -# Copyright (c) 2001-2014 University of Cambridge. +# Copyright (c) 2001-2016 University of Cambridge. # See the file NOTICE for conditions of use and distribution. # Perl script to generate statistics from one or more Exim log files. @@ -757,7 +757,7 @@ sub volume_rounded { } else { # We don't want any rounding to be done. - # and we don't need broken formated output which on one hand avoids numbers from + # and we don't need broken formatted output which on one hand avoids numbers from # being interpreted as string by Spreadsheed Calculators, on the other hand # breaks if more than 4 digits! -> flexible length instead of fixed length # Format the return value at the output routine! -fh @@ -871,10 +871,10 @@ $p; # Eg 3h20m5s => 12005 ####################################################################### sub unformat_time { - my($formated_time) = pop @_; + my($formatted_time) = pop @_; my $time = 0; - while ($formated_time =~ s/^(\d+)([wdhms]?)//) { + while ($formatted_time =~ s/^(\d+)([wdhms]?)//) { $time += $1 if ($2 eq '' || $2 eq 's'); $time += $1 * 60 if ($2 eq 'm'); $time += $1 * 60 * 60 if ($2 eq 'h'); @@ -3360,8 +3360,8 @@ sub parse_old_eximstat_reports { my $previous_seconds_on_queue = 0; if (/^\s*(Under|Over|)\s+(\d+[smhdw])\s+(\d+)/) { print STDERR "Parsing $_" if $debug; - my($modifier,$formated_time,$count) = ($1,$2,$3); - my $seconds = unformat_time($formated_time); + my($modifier,$formatted_time,$count) = ($1,$2,$3); + my $seconds = unformat_time($formatted_time); my $time_on_queue = ($seconds + $previous_seconds_on_queue) / 2; $previous_seconds_on_queue = $seconds; $time_on_queue = $seconds * 2 if ($modifier eq 'Over'); diff --git a/src/src/exipick.src b/src/src/exipick.src index 4708ebb4a..bdeba95fc 100644 --- a/src/src/exipick.src +++ b/src/src/exipick.src @@ -1,7 +1,9 @@ #!PERL_COMMAND -# This variable should be set by the building process to Exim's spool directory. -my $spool = 'SPOOL_DIRECTORY'; +# This variables should be set by the building process +my $spool = 'SPOOL_DIRECTORY'; # may be overridden later +my $exim = 'BIN_DIRECTORY/exim'; + # Need to set this dynamically during build, but it's not used right now anyway. my $charset = 'ISO-8859-1'; @@ -111,7 +113,9 @@ $G::and = $G::and; # shut up -w $G::msg_ids = {}; # short circuit when crit is only MID $G::caseless = $G::caseful ? 0 : 1; # nocase by default, case if both @G::recipients_crit = (); # holds per-recip criteria -$spool = $G::spool if ($G::spool); +$spool = defined $G::spool ? $G::spool + : do { chomp($_ = `$exim -n -bP spool_directory`); + $_ // $spool }; my $input_dir = $G::input_dir || ($G::finput ? "Finput" : "input"); my $count_only = 1 if ($G::mailq_bpc || $G::qgrep_c); my $unsorted = 1 if ($G::mailq_bpr || $G::mailq_bpra || @@ -1427,7 +1431,8 @@ Same as '$shown_message_size eq <string>' (exiqgrep) =item --spool <path> -Set the path to the exim spool to use. This value will have the argument to --input or 'input' appended, or be ignored if --input is a full path. +Set the path to the exim spool to use. This value will have the argument to --input or 'input' appended, or be ignored if --input is a full path. If not specified, exipick uses the value from C<exim -bP spool_directory>, and if this fails, the F<SPOOL_DIRECTORY> +from build time (F<Local/Makefile>) is used. =item --show-rules diff --git a/src/src/expand.c b/src/src/expand.c index 624c3c4db..cfde23610 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -207,6 +207,7 @@ static uschar *op_table_main[] = { US"base64d", US"domain", US"escape", + US"escape8bit", US"eval", US"eval10", US"expand", @@ -233,6 +234,7 @@ static uschar *op_table_main[] = { US"s", US"sha1", US"sha256", + US"sha3", US"stat", US"str2b64", US"strlen", @@ -251,6 +253,7 @@ enum { EOP_BASE64D, EOP_DOMAIN, EOP_ESCAPE, + EOP_ESCAPE8BIT, EOP_EVAL, EOP_EVAL10, EOP_EXPAND, @@ -277,6 +280,7 @@ enum { EOP_S, EOP_SHA1, EOP_SHA256, + EOP_SHA3, EOP_STAT, EOP_STR2B64, EOP_STRLEN, @@ -484,10 +488,6 @@ static var_entry var_table[] = { { "dcc_header", vtype_stringptr, &dcc_header }, { "dcc_result", vtype_stringptr, &dcc_result }, #endif -#ifdef WITH_OLD_DEMIME - { "demime_errorlevel", vtype_int, &demime_errorlevel }, - { "demime_reason", vtype_stringptr, &demime_reason }, -#endif #ifndef DISABLE_DKIM { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO }, { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH }, @@ -536,9 +536,6 @@ static var_entry var_table[] = { { "exim_path", vtype_stringptr, &exim_path }, { "exim_uid", vtype_uid, &exim_uid }, { "exim_version", vtype_stringptr, &version_string }, -#ifdef WITH_OLD_DEMIME - { "found_extension", vtype_stringptr, &found_extension }, -#endif { "headers_added", vtype_string_func, &fn_hdrs_added }, { "home", vtype_stringptr, &deliver_home }, { "host", vtype_stringptr, &deliver_host }, @@ -547,6 +544,7 @@ static var_entry var_table[] = { { "host_lookup_deferred",vtype_int, &host_lookup_deferred }, { "host_lookup_failed", vtype_int, &host_lookup_failed }, { "host_port", vtype_int, &deliver_host_port }, + { "initial_cwd", vtype_stringptr, &initial_cwd }, { "inode", vtype_ino, &deliver_inode }, { "interface_address", vtype_stringptr, &interface_address }, { "interface_port", vtype_int, &interface_port }, @@ -635,6 +633,7 @@ static var_entry var_table[] = { { "prvscheck_result", vtype_stringptr, &prvscheck_result }, { "qualify_domain", vtype_stringptr, &qualify_domain_sender }, { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient }, + { "queue_name", vtype_stringptr, &queue_name }, { "rcpt_count", vtype_int, &rcpt_count }, { "rcpt_defer_count", vtype_int, &rcpt_defer_count }, { "rcpt_fail_count", vtype_int, &rcpt_fail_count }, @@ -1080,6 +1079,8 @@ return s; Returns: a pointer to the character after the last digit */ +/*XXX consider expanding to int_eximarith_t. But the test for +"overbig numbers" in 0002 still needs to overflow it. */ static uschar * read_number(int *n, uschar *s) @@ -1680,9 +1681,8 @@ if (!enable_dollar_recipients) return NULL; else uschar * s = store_get(size); for (i = 0; i < recipients_count; i++) { - if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2); - s = string_cat(s, &size, &ptr, recipients_list[i].address, - Ustrlen(recipients_list[i].address)); + if (i != 0) s = string_catn(s, &size, &ptr, US", ", 2); + s = string_cat(s, &size, &ptr, recipients_list[i].address); } s[ptr] = 0; /* string_cat() leaves room */ return s; @@ -1856,7 +1856,9 @@ switch (vp->type) start_offset = SPOOL_DATA_START_OFFSET; } } - lseek(deliver_datafile, start_offset, SEEK_SET); + if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s", + strerror(errno)); len = read(deliver_datafile, body, len); if (len > 0) { @@ -2001,12 +2003,17 @@ for (i = 0; i < n; i++) { if (*s != '{') { - if (i < m) return 1; + if (i < m) + { + expand_string_message = string_sprintf("Not enough arguments for '%s' " + "(min is %d)", name, m); + return 1; + } sub[i] = NULL; break; } - sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok); - if (sub[i] == NULL) return 3; + if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok))) + return 3; if (*s++ != '}') return 1; while (isspace(*s)) s++; } @@ -2014,10 +2021,11 @@ if (check_end && *s++ != '}') { if (s[-1] == '{') { - expand_string_message = string_sprintf("Too many arguments for \"%s\" " + expand_string_message = string_sprintf("Too many arguments for '%s' " "(max is %d)", name, n); return 2; } + expand_string_message = string_sprintf("missing '}' after '%s'", name); return 1; } @@ -2060,7 +2068,7 @@ Load args from sub array to globals, and call acl_check(). Sub array will be corrupted on return. Returns: OK access is granted by an ACCEPT verb - DISCARD access is granted by a DISCARD verb + DISCARD access is (apparently) granted by a DISCARD verb FAIL access is denied FAIL_DROP access is denied; drop the connection DEFER can't tell at the moment @@ -2375,7 +2383,7 @@ switch(cond_type) case 3: return NULL; } - *resetok = FALSE; + *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */ if (yield != NULL) switch(eval_acl(sub, nelem(sub), &user_msg)) { case OK: @@ -2384,7 +2392,7 @@ switch(cond_type) lookup_value = NULL; if (user_msg) { - lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg)); + lookup_value = string_cat(NULL, &size, &ptr, user_msg); lookup_value[ptr] = '\0'; } *yield = cond == testfor; @@ -2392,6 +2400,7 @@ switch(cond_type) case DEFER: expand_string_forcedfail = TRUE; + /*FALLTHROUGH*/ default: expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]); return NULL; @@ -2509,7 +2518,6 @@ switch(cond_type) checking for them individually. */ if (!isalpha(name[0]) && yield != NULL) - { if (sub[i][0] == 0) { num[i] = 0; @@ -2521,7 +2529,6 @@ switch(cond_type) num[i] = expanded_string_integer(sub[i], FALSE); if (expand_string_message != NULL) return NULL; } - } } /* Result not required */ @@ -2689,7 +2696,7 @@ switch(cond_type) uschar digest[16]; md5_start(&base); - md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest); + md5_end(&base, sub[0], Ustrlen(sub[0]), digest); /* If the length that we are comparing against is 24, the MD5 digest is expressed as a base64 string. This is the way LDAP does it. However, @@ -2698,7 +2705,7 @@ switch(cond_type) if (sublen == 24) { - uschar *coded = b64encode((uschar *)digest, 16); + uschar *coded = b64encode(digest, 16); DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+5); tempcond = (Ustrcmp(coded, sub[1]+5) == 0); @@ -2724,11 +2731,11 @@ switch(cond_type) else if (strncmpic(sub[1], US"{sha1}", 6) == 0) { int sublen = Ustrlen(sub[1]+6); - sha1 base; + hctx h; uschar digest[20]; - sha1_start(&base); - sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest); + sha1_start(&h); + sha1_end(&h, sub[0], Ustrlen(sub[0]), digest); /* If the length that we are comparing against is 28, assume the SHA1 digest is expressed as a base64 string. If the length is 40, assume a @@ -2736,7 +2743,7 @@ switch(cond_type) if (sublen == 28) { - uschar *coded = b64encode((uschar *)digest, 20); + uschar *coded = b64encode(digest, 20); DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+6); tempcond = (Ustrcmp(coded, sub[1]+6) == 0); @@ -3043,6 +3050,8 @@ switch(cond_type) "value \"%s\"", t); return NULL; } + DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", ourname, + boolvalue? "true":"false"); if (yield != NULL) *yield = (boolvalue == testfor); return s; } @@ -3174,6 +3183,7 @@ process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr, int rc = 0; const uschar *s = *sptr; /* Local value */ uschar *sub1, *sub2; +const uschar * errwhere; /* If there are no following strings, we substitute the contents of $value for lookups and for extractions in the success case. For the ${if item, the string @@ -3183,24 +3193,28 @@ items. */ while (isspace(*s)) s++; if (*s == '}') { - if (type[0] == 'i') - { - if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4); - } - else - { - if (yes && lookup_value) - *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value, - Ustrlen(lookup_value)); - lookup_value = save_lookup; - } + if (!skipping) + if (type[0] == 'i') + { + if (yes) *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4); + } + else + { + if (yes && lookup_value) + *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value); + lookup_value = save_lookup; + } s++; goto RETURN; } /* The first following string must be braced. */ -if (*s++ != '{') goto FAILED_CURLY; +if (*s++ != '{') + { + errwhere = US"'yes' part did not start with '{'"; + goto FAILED_CURLY; + } /* Expand the first substring. Forced failures are noticed only if we actually want this string. Set skipping in the call in the fail case (this will always @@ -3209,12 +3223,16 @@ be the case if we were already skipping). */ sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok); if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED; expand_string_forcedfail = FALSE; -if (*s++ != '}') goto FAILED_CURLY; +if (*s++ != '}') + { + errwhere = US"'yes' part did not end with '}'"; + goto FAILED_CURLY; + } /* If we want the first string, add it to the output */ if (yes) - *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1)); + *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1); /* If this is called from a lookup/env or a (cert)extract, we want to restore $value to what it was at the start of the item, so that it has this value @@ -3235,12 +3253,16 @@ if (*s == '{') sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok); if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED; expand_string_forcedfail = FALSE; - if (*s++ != '}') goto FAILED_CURLY; + if (*s++ != '}') + { + errwhere = US"'no' part did not start with '{'"; + goto FAILED_CURLY; + } /* If we want the second string, add it to the output */ if (!yes) - *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2)); + *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2); } /* If there is no second string, but the word "fail" is present when the use of @@ -3258,7 +3280,11 @@ else if (*s != '}') if (!yes && !skipping) { while (isspace(*s)) s++; - if (*s++ != '}') goto FAILED_CURLY; + if (*s++ != '}') + { + errwhere = US"did not close with '}' after forcedfail"; + goto FAILED_CURLY; + } expand_string_message = string_sprintf("\"%s\" failed and \"fail\" requested", type); expand_string_forcedfail = TRUE; @@ -3276,23 +3302,30 @@ else if (*s != '}') /* All we have to do now is to check on the final closing brace. */ while (isspace(*s)) s++; -if (*s++ == '}') goto RETURN; - -/* Get here if there is a bracketing failure */ - -FAILED_CURLY: -rc++; - -/* Get here for other failures */ - -FAILED: -rc++; +if (*s++ != '}') + { + errwhere = US"did not close with '}'"; + goto FAILED_CURLY; + } -/* Update the input pointer value before returning */ RETURN: +/* Update the input pointer value before returning */ *sptr = s; return rc; + +FAILED_CURLY: + /* Get here if there is a bracketing failure */ + expand_string_message = string_sprintf( + "curly-bracket problem in conditional yes/no parsing: %s\n" + " remaining string is '%s'", errwhere, --s); + rc = 2; + goto RETURN; + +FAILED: + /* Get here for other failures */ + rc = 1; + goto RETURN; } @@ -3318,7 +3351,7 @@ chash_start(int type, void *base) if (type == HMAC_MD5) md5_start((md5 *)base); else - sha1_start((sha1 *)base); + sha1_start((hctx *)base); } static void @@ -3327,7 +3360,7 @@ chash_mid(int type, void *base, uschar *string) if (type == HMAC_MD5) md5_mid((md5 *)base, string); else - sha1_mid((sha1 *)base, string); + sha1_mid((hctx *)base, string); } static void @@ -3336,7 +3369,7 @@ chash_end(int type, void *base, uschar *string, int length, uschar *digest) if (type == HMAC_MD5) md5_end((md5 *)base, string, length, digest); else - sha1_end((sha1 *)base, string, length, digest); + sha1_end((hctx *)base, string, length, digest); } @@ -3395,8 +3428,7 @@ prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp) { uschar *hash_source, *p; int size = 0,offset = 0,i; -sha1 sha1_base; -void *use_base = &sha1_base; +hctx h; uschar innerhash[20]; uschar finalhash[20]; uschar innerkey[64]; @@ -3409,9 +3441,9 @@ if (key_num == NULL) if (Ustrlen(key) > 64) return NULL; -hash_source = string_cat(NULL,&size,&offset,key_num,1); -string_cat(hash_source,&size,&offset,daystamp,3); -string_cat(hash_source,&size,&offset,address,Ustrlen(address)); +hash_source = string_catn(NULL, &size, &offset, key_num, 1); +hash_source = string_catn(hash_source, &size, &offset, daystamp, 3); +hash_source = string_cat(hash_source, &size, &offset, address); hash_source[offset] = '\0'; DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source); @@ -3425,13 +3457,13 @@ for (i = 0; i < Ustrlen(key); i++) outerkey[i] ^= key[i]; } -chash_start(HMAC_SHA1, use_base); -chash_mid(HMAC_SHA1, use_base, innerkey); -chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash); +chash_start(HMAC_SHA1, &h); +chash_mid(HMAC_SHA1, &h, innerkey); +chash_end(HMAC_SHA1, &h, hash_source, offset, innerhash); -chash_start(HMAC_SHA1, use_base); -chash_mid(HMAC_SHA1, use_base, outerkey); -chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash); +chash_start(HMAC_SHA1, &h); +chash_mid(HMAC_SHA1, &h, outerkey); +chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash); p = finalhash_hex; for (i = 0; i < 3; i++) @@ -3468,16 +3500,15 @@ Returns: new value of string pointer static uschar * cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol) { -int eollen = eol ? Ustrlen(eol) : 0; uschar buffer[1024]; while (Ufgets(buffer, sizeof(buffer), f)) { int len = Ustrlen(buffer); if (eol && buffer[len-1] == '\n') len--; - yield = string_cat(yield, sizep, ptrp, buffer, len); - if (buffer[len] != 0) - yield = string_cat(yield, sizep, ptrp, eol, eollen); + yield = string_catn(yield, sizep, ptrp, buffer, len); + if (eol && buffer[len]) + yield = string_cat(yield, sizep, ptrp, eol); } if (yield) yield[*ptrp] = 0; @@ -3654,13 +3685,20 @@ eval_op_sum(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_mult(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '+' || *s == '-') { int op = *s++; int_eximarith_t y = eval_op_mult(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; + if ( (x >= EXIM_ARITH_MAX/2 && x >= EXIM_ARITH_MAX/2) + || (x <= -(EXIM_ARITH_MAX/2) && y <= -(EXIM_ARITH_MAX/2))) + { /* over-conservative check */ + *error = op == '+' + ? US"overflow in sum" : US"overflow in difference"; + break; + } if (op == '+') x += y; else x -= y; } } @@ -3824,13 +3862,16 @@ expand_string_internal(const uschar *string, BOOL ket_ends, const uschar **left, { int ptr = 0; int size = Ustrlen(string)+ 64; -int item_type; uschar *yield = store_get(size); +int item_type; const uschar *s = string; uschar *save_expand_nstring[EXPAND_MAXN+1]; int save_expand_nlength[EXPAND_MAXN+1]; BOOL resetok = TRUE; +DEBUG(D_expand) + debug_printf("%s: %s\n", skipping ? " scanning" : "considering", string); + expand_string_forcedfail = FALSE; expand_string_message = US""; @@ -3856,7 +3897,7 @@ while (*s != 0) { const uschar * t = s + 2; for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break; - yield = string_cat(yield, &size, &ptr, t, s - t); + yield = string_catn(yield, &size, &ptr, t, s - t); if (*s != 0) s += 2; } @@ -3865,7 +3906,7 @@ while (*s != 0) uschar ch[1]; ch[0] = string_interpret_escape(&s); s++; - yield = string_cat(yield, &size, &ptr, ch, 1); + yield = string_catn(yield, &size, &ptr, ch, 1); } continue; @@ -3880,7 +3921,7 @@ while (*s != 0) if (*s != '$' || !honour_dollar) { - yield = string_cat(yield, &size, &ptr, s++, 1); + yield = string_catn(yield, &size, &ptr, s++, 1); continue; } @@ -3958,7 +3999,7 @@ while (*s != 0) size = newsize; ptr = len; } - else yield = string_cat(yield, &size, &ptr, value, len); + else yield = string_catn(yield, &size, &ptr, value, len); continue; } @@ -3968,7 +4009,7 @@ while (*s != 0) int n; s = read_cnumber(&n, s); if (n >= 0 && n <= expand_nmax) - yield = string_cat(yield, &size, &ptr, expand_nstring[n], + yield = string_catn(yield, &size, &ptr, expand_nstring[n], expand_nlength[n]); continue; } @@ -3994,7 +4035,7 @@ while (*s != 0) goto EXPAND_FAILED; } if (n >= 0 && n <= expand_nmax) - yield = string_cat(yield, &size, &ptr, expand_nstring[n], + yield = string_catn(yield, &size, &ptr, expand_nstring[n], expand_nlength[n]); continue; } @@ -4046,11 +4087,12 @@ while (*s != 0) DEBUG(D_expand) debug_printf("acl expansion yield: %s\n", user_msg); if (user_msg) - yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg)); + yield = string_cat(yield, &size, &ptr, user_msg); continue; case DEFER: expand_string_forcedfail = TRUE; + /*FALLTHROUGH*/ default: expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]); goto EXPAND_FAILED; @@ -4070,12 +4112,13 @@ while (*s != 0) save_expand_strings(save_expand_nstring, save_expand_nlength); while (isspace(*s)) s++; - next_s = eval_condition(s, &resetok, skipping? NULL : &cond); + next_s = eval_condition(s, &resetok, skipping ? NULL : &cond); if (next_s == NULL) goto EXPAND_FAILED; /* message already set */ DEBUG(D_expand) - debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s, - cond? "true" : "false"); + debug_printf(" condition: %.*s\n result: %s\n", + (int)(next_s - s), s, + cond ? "true" : "false"); s = next_s; @@ -4133,11 +4176,13 @@ while (*s != 0) goto EXPAND_FAILED; } - if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset, - sub_arg[1][0], sub_arg[2], &expand_string_message))) - goto EXPAND_FAILED; if (!skipping) - yield = string_cat(yield, &size, &ptr, encoded, Ustrlen(encoded)); + { + if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset, + sub_arg[1][0], sub_arg[2], &expand_string_message))) + goto EXPAND_FAILED; + yield = string_cat(yield, &size, &ptr, encoded); + } continue; } #endif @@ -4173,8 +4218,12 @@ while (*s != 0) if (*s == '{') /*}*/ { key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (key == NULL) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (!key) goto EXPAND_FAILED; /*{{*/ + if (*s++ != '}') + { + expand_string_message = US"missing '}' after lookup key"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; } else key = NULL; @@ -4237,10 +4286,18 @@ while (*s != 0) queries that also require a file name (e.g. sqlite), the file name comes first. */ - if (*s != '{') goto EXPAND_FAILED_CURLY; + if (*s != '{') + { + expand_string_message = US"missing '{' for lookup file-or-query arg"; + goto EXPAND_FAILED_CURLY; + } filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (filename == NULL) goto EXPAND_FAILED; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing lookup file-or-query arg"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; /* If this isn't a single-key+file lookup, re-arrange the variables @@ -4248,15 +4305,13 @@ while (*s != 0) there is just a "key", and no file name. For the special query-style + file types, the query (i.e. "key") starts with a file name. */ - if (key == NULL) + if (!key) { while (isspace(*filename)) filename++; key = filename; if (mac_islookup(stype, lookup_querystyle)) - { filename = NULL; - } else { if (*filename != '/') @@ -4466,14 +4521,14 @@ while (*s != 0) /* Now separate the domain from the local part */ *domain++ = '\0'; - yield = string_cat(yield,&size,&ptr,US"prvs=",5); - string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1); - string_cat(yield,&size,&ptr,prvs_daystamp(7),3); - string_cat(yield,&size,&ptr,p,6); - string_cat(yield,&size,&ptr,US"=",1); - string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0])); - string_cat(yield,&size,&ptr,US"@",1); - string_cat(yield,&size,&ptr,domain,Ustrlen(domain)); + yield = string_catn(yield, &size, &ptr, US"prvs=", 5); + yield = string_catn(yield, &size, &ptr, sub_arg[2] ? sub_arg[2] : US"0", 1); + yield = string_catn(yield, &size, &ptr, prvs_daystamp(7), 3); + yield = string_catn(yield, &size, &ptr, p, 6); + yield = string_catn(yield, &size, &ptr, US"=", 1); + yield = string_cat (yield, &size, &ptr, sub_arg[0]); + yield = string_catn(yield, &size, &ptr, US"@", 1); + yield = string_cat (yield, &size, &ptr, domain); continue; } @@ -4527,9 +4582,9 @@ while (*s != 0) DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain); /* Set up expansion variables */ - prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part)); - string_cat(prvscheck_address,&mysize,&myptr,US"@",1); - string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain)); + prvscheck_address = string_cat (NULL, &mysize, &myptr, local_part); + prvscheck_address = string_catn(prvscheck_address, &mysize, &myptr, US"@", 1); + prvscheck_address = string_cat (prvscheck_address, &mysize, &myptr, domain); prvscheck_address[myptr] = '\0'; prvscheck_keynum = string_copy(key_num); @@ -4595,10 +4650,8 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - if (sub_arg[0] == NULL || *sub_arg[0] == '\0') - yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address)); - else - yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0])); + yield = string_cat(yield, &size, &ptr, + !sub_arg[0] || !*sub_arg[0] ? prvscheck_address : sub_arg[0]); /* Reset the "internal" variables afterwards, because they are in dynamic store that will be reclaimed if the expansion succeeded. */ @@ -4607,7 +4660,6 @@ while (*s != 0) prvscheck_keynum = NULL; } else - { /* Does not look like a prvs encoded address, return the empty string. We need to make sure all subs are expanded first, so as to skip over the entire item. */ @@ -4618,7 +4670,6 @@ while (*s != 0) case 2: case 3: goto EXPAND_FAILED; } - } continue; } @@ -4845,10 +4896,20 @@ while (*s != 0) { if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL) goto EXPAND_FAILED; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing failstring for readsocket"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; } - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + + readsock_done: + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing readsocket"; + goto EXPAND_FAILED_CURLY; + } continue; /* Come here on failure to create socket, connect socket, write to the @@ -4858,13 +4919,16 @@ while (*s != 0) SOCK_FAIL: if (*s != '{') goto EXPAND_FAILED; DEBUG(D_any) debug_printf("%s\n", expand_string_message); - arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok); - if (arg == NULL) goto EXPAND_FAILED; - yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg)); - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok))) + goto EXPAND_FAILED; + yield = string_cat(yield, &size, &ptr, arg); + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing failstring for readsocket"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; - continue; + goto readsock_done; } /* Handle "run" to execute a program. */ @@ -4885,16 +4949,25 @@ while (*s != 0) } while (isspace(*s)) s++; - if (*s != '{') goto EXPAND_FAILED_CURLY; + if (*s != '{') + { + expand_string_message = US"missing '{' for command arg of run"; + goto EXPAND_FAILED_CURLY; + } arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (arg == NULL) goto EXPAND_FAILED; while (isspace(*s)) s++; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing command arg of run"; + goto EXPAND_FAILED_CURLY; + } if (skipping) /* Just pretend it worked when we're skipping */ - { + { runrc = 0; - } + lookup_value = NULL; + } else { if (!transport_set_up_command(&argv, /* anchor for arg list */ @@ -4936,9 +5009,9 @@ while (*s != 0) return code for serious disasters. Simple non-zero returns are passed on. */ - if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0) + if (sigalrm_seen || (runrc = child_close(pid, 30)) < 0) { - if (sigalrm_seen == TRUE || runrc == -256) + if (sigalrm_seen || runrc == -256) { expand_string_message = string_sprintf("command timed out"); killpg(pid, SIGKILL); /* Kill the whole process group */ @@ -4991,7 +5064,7 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0])); + yield = string_cat(yield, &size, &ptr, sub[0]); o2m = Ustrlen(sub[2]) - 1; if (o2m >= 0) for (; oldptr < ptr; oldptr++) @@ -5068,7 +5141,7 @@ while (*s != 0) extract_substr(sub[2], val[0], val[1], &len); if (ret == NULL) goto EXPAND_FAILED; - yield = string_cat(yield, &size, &ptr, ret, len); + yield = string_catn(yield, &size, &ptr, ret, len); continue; } @@ -5086,7 +5159,7 @@ while (*s != 0) { uschar *sub[3]; md5 md5_base; - sha1 sha1_base; + hctx sha1_ctx; void *use_base; int type, i; int hashlen; /* Number of octets for the hash algorithm's output */ @@ -5120,7 +5193,7 @@ while (*s != 0) else if (Ustrcmp(sub[0], "sha1") == 0) { type = HMAC_SHA1; - use_base = &sha1_base; + use_base = &sha1_ctx; hashlen = 20; hashblocklen = 64; } @@ -5175,16 +5248,14 @@ while (*s != 0) *p++ = hex_digits[finalhash[i] & 0x0f]; } - DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", - sub[0], (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, - finalhash_hex); + DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%s)=%.*s\n", + sub[0], (int)keylen, keyptr, sub[2], hashlen*2, finalhash_hex); - yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2); + yield = string_catn(yield, &size, &ptr, finalhash_hex, hashlen*2); } + continue; } - continue; - /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator. We have to save the numerical variables and restore them afterwards. */ @@ -5251,7 +5322,7 @@ while (*s != 0) emptyopt = 0; continue; } - yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset); + yield = string_catn(yield, &size, &ptr, subject+moffset, slen-moffset); break; } @@ -5268,11 +5339,11 @@ while (*s != 0) /* Copy the characters before the match, plus the expanded insertion. */ - yield = string_cat(yield, &size, &ptr, subject + moffset, + yield = string_catn(yield, &size, &ptr, subject + moffset, ovector[0] - moffset); insert = expand_string(sub[2]); if (insert == NULL) goto EXPAND_FAILED; - yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert)); + yield = string_cat(yield, &size, &ptr, insert); moffset = ovector[1]; moffsetextra = 0; @@ -5305,7 +5376,7 @@ while (*s != 0) case EITEM_EXTRACT: { int i; - int j = 2; + int j; int field_number = 1; BOOL field_number_set = FALSE; uschar *save_lookup_value = lookup_value; @@ -5313,16 +5384,51 @@ while (*s != 0) int save_expand_nmax = save_expand_strings(save_expand_nstring, save_expand_nlength); - /* Read the arguments */ + /* While skipping we cannot rely on the data for expansions being + available (eg. $item) hence cannot decide on numeric vs. keyed. + Read a maximum of 5 arguments (inclding the yes/no) */ - for (i = 0; i < j; i++) + if (skipping) + { + while (isspace(*s)) s++; + for (j = 5; j > 0 && *s == '{'; j--) + { + if (!expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok)) + goto EXPAND_FAILED; /*{*/ + if (*s++ != '}') + { + expand_string_message = US"missing '{' for arg of extract"; + goto EXPAND_FAILED_CURLY; + } + while (isspace(*s)) s++; + } + if ( Ustrncmp(s, "fail", 4) == 0 + && (s[4] == '}' || s[4] == ' ' || s[4] == '\t' || !s[4]) + ) + { + s += 4; + while (isspace(*s)) s++; + } + if (*s != '}') + { + expand_string_message = US"missing '}' closing extract"; + goto EXPAND_FAILED_CURLY; + } + } + + else for (i = 0, j = 2; i < j; i++) /* Read the proper number of arguments */ { while (isspace(*s)) s++; if (*s == '{') /*}*/ { sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = string_sprintf( + "missing '}' closing arg %d of extract", i+1); + goto EXPAND_FAILED_CURLY; + } /* After removal of leading and trailing white space, the first argument must not be empty; if it consists entirely of digits @@ -5342,31 +5448,33 @@ while (*s != 0) while (len > 0 && isspace(p[len-1])) len--; p[len] = 0; - if (!skipping) + if (*p == 0) { - if (*p == 0) - { - expand_string_message = US"first argument of \"extract\" must " - "not be empty"; - goto EXPAND_FAILED; - } + expand_string_message = US"first argument of \"extract\" must " + "not be empty"; + goto EXPAND_FAILED; + } - if (*p == '-') - { - field_number = -1; - p++; - } - while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0'; - if (*p == 0) - { - field_number *= x; - j = 3; /* Need 3 args */ - field_number_set = TRUE; - } + if (*p == '-') + { + field_number = -1; + p++; + } + while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0'; + if (*p == 0) + { + field_number *= x; + j = 3; /* Need 3 args */ + field_number_set = TRUE; } } } - else goto EXPAND_FAILED_CURLY; + else + { + expand_string_message = string_sprintf( + "missing '{' for arg %d of extract", i+1); + goto EXPAND_FAILED_CURLY; + } } /* Extract either the numbered or the keyed substring into $value. If @@ -5419,11 +5527,20 @@ while (*s != 0) { while (isspace(*s)) s++; if (*s != '{') /*}*/ + { + expand_string_message = string_sprintf( + "missing '{' for arg %d of listextract", i+1); goto EXPAND_FAILED_CURLY; + } sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (!sub[i]) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = string_sprintf( + "missing '}' closing arg %d of listextract", i+1); + goto EXPAND_FAILED_CURLY; + } /* After removal of leading and trailing white space, the first argument must be numeric and nonempty. */ @@ -5506,10 +5623,17 @@ while (*s != 0) /* Read the field argument */ while (isspace(*s)) s++; if (*s != '{') /*}*/ + { + expand_string_message = US"missing '{' for field arg of certextract"; goto EXPAND_FAILED_CURLY; + } sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (!sub[0]) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing field arg of certextract"; + goto EXPAND_FAILED_CURLY; + } /* strip spaces fore & aft */ { int len; @@ -5526,7 +5650,10 @@ while (*s != 0) /* inspect the cert argument */ while (isspace(*s)) s++; if (*s != '{') /*}*/ + { + expand_string_message = US"missing '{' for cert variable arg of certextract"; goto EXPAND_FAILED_CURLY; + } if (*++s != '$') { expand_string_message = US"second argument of \"certextract\" must " @@ -5535,7 +5662,11 @@ while (*s != 0) } sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok); if (!sub[1]) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing cert variable arg of certextract"; + goto EXPAND_FAILED_CURLY; + } if (skipping) lookup_value = NULL; @@ -5579,25 +5710,48 @@ while (*s != 0) uschar *save_lookup_value = lookup_value; while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = + string_sprintf("missing '{' for first arg of %s", name); + goto EXPAND_FAILED_CURLY; + } list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); if (list == NULL) goto EXPAND_FAILED; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = + string_sprintf("missing '}' closing first arg of %s", name); + goto EXPAND_FAILED_CURLY; + } if (item_type == EITEM_REDUCE) { uschar * t; while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = US"missing '{' for second arg of reduce"; + goto EXPAND_FAILED_CURLY; + } t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); if (!t) goto EXPAND_FAILED; lookup_value = t; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing second arg of reduce"; + goto EXPAND_FAILED_CURLY; + } } while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = + string_sprintf("missing '{' for last arg of %s", name); + goto EXPAND_FAILED_CURLY; + } expr = s; @@ -5695,7 +5849,7 @@ while (*s != 0) separator character, or is an empty string. */ if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0)) - yield = string_cat(yield, &size, &ptr, US" ", 1); + yield = string_catn(yield, &size, &ptr, US" ", 1); /* Add the string in "temp" to the output list that we are building, This is done in chunks by searching for the separator character. */ @@ -5703,21 +5857,22 @@ while (*s != 0) for (;;) { size_t seglen = Ustrcspn(temp, outsep); - yield = string_cat(yield, &size, &ptr, temp, seglen + 1); + + yield = string_catn(yield, &size, &ptr, temp, seglen + 1); /* If we got to the end of the string we output one character too many; backup and end the loop. Otherwise arrange to double the separator. */ if (temp[seglen] == '\0') { ptr--; break; } - yield = string_cat(yield, &size, &ptr, outsep, 1); + yield = string_catn(yield, &size, &ptr, outsep, 1); temp += seglen + 1; } /* Output a separator after the string: we will remove the redundant final one at the end. */ - yield = string_cat(yield, &size, &ptr, outsep, 1); + yield = string_catn(yield, &size, &ptr, outsep, 1); } /* End of iteration over the list loop */ /* REDUCE has generated no output above: output the final value of @@ -5725,8 +5880,7 @@ while (*s != 0) if (item_type == EITEM_REDUCE) { - yield = string_cat(yield, &size, &ptr, lookup_value, - Ustrlen(lookup_value)); + yield = string_cat(yield, &size, &ptr, lookup_value); lookup_value = save_lookup_value; /* Restore $value */ } @@ -5752,28 +5906,52 @@ while (*s != 0) uschar *save_iterate_item = iterate_item; while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = US"missing '{' for list arg of sort"; + goto EXPAND_FAILED_CURLY; + } srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); if (!srclist) goto EXPAND_FAILED; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing list arg of sort"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = US"missing '{' for comparator arg of sort"; + goto EXPAND_FAILED_CURLY; + } cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok); if (!cmp) goto EXPAND_FAILED; - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing comparator arg of sort"; + goto EXPAND_FAILED_CURLY; + } while (isspace(*s)) s++; - if (*s++ != '{') goto EXPAND_FAILED_CURLY; + if (*s++ != '{') + { + expand_string_message = US"missing '{' for extractor arg of sort"; + goto EXPAND_FAILED_CURLY; + } xtract = s; tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok); if (!tmp) goto EXPAND_FAILED; xtract = string_copyn(xtract, s - xtract); - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '}' closing extractor arg of sort"; + goto EXPAND_FAILED_CURLY; + } /*{*/ if (*s++ != '}') { /*{*/ @@ -5869,7 +6047,7 @@ while (*s != 0) } if (dstlist) - yield = string_cat(yield, &size, &ptr, dstlist, Ustrlen(dstlist)); + yield = string_cat(yield, &size, &ptr, dstlist); /* Restore preserved $item */ iterate_item = save_iterate_item; @@ -5967,7 +6145,7 @@ while (*s != 0) if(status == OK) { if (result == NULL) result = US""; - yield = string_cat(yield, &size, &ptr, result, Ustrlen(result)); + yield = string_cat(yield, &size, &ptr, result); continue; } else @@ -5993,7 +6171,11 @@ while (*s != 0) key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); if (!key) goto EXPAND_FAILED; /*{*/ - if (*s++ != '}') goto EXPAND_FAILED_CURLY; + if (*s++ != '}') + { + expand_string_message = US"missing '{' for name arg of env"; + goto EXPAND_FAILED_CURLY; + } lookup_value = US getenv(CS key); @@ -6057,7 +6239,12 @@ while (*s != 0) sub = expand_string_internal(s+2, TRUE, &s1, skipping, FALSE, &resetok); if (!sub) goto EXPAND_FAILED; /*{*/ - if (*s1 != '}') goto EXPAND_FAILED_CURLY; + if (*s1 != '}') + { + expand_string_message = + string_sprintf("missing '}' closing cert arg of %s", name); + goto EXPAND_FAILED_CURLY; + } if ((vp = find_var_ent(sub)) && vp->type == vtype_cert) { s = s1+1; @@ -6100,9 +6287,9 @@ while (*s != 0) goto EXPAND_FAILED; } for ( ; n; n >>= 5) - s = string_cat(s, &sz, &i, &base32_chars[n & 0x1f], 1); + s = string_catn(s, &sz, &i, &base32_chars[n & 0x1f], 1); - while (i > 0) yield = string_cat(yield, &size, &ptr, &s[--i], 1); + while (i > 0) yield = string_catn(yield, &size, &ptr, &s[--i], 1); continue; } @@ -6123,7 +6310,7 @@ while (*s != 0) n = n * 32 + (t - base32_chars); } s = string_sprintf("%ld", n); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -6138,7 +6325,7 @@ while (*s != 0) goto EXPAND_FAILED; } t = string_base62(n); - yield = string_cat(yield, &size, &ptr, t, Ustrlen(t)); + yield = string_cat(yield, &size, &ptr, t); continue; } @@ -6162,7 +6349,7 @@ while (*s != 0) n = n * BASE_62 + (t - base62_chars); } (void)sprintf(CS buf, "%ld", n); - yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf)); + yield = string_cat(yield, &size, &ptr, buf); continue; } @@ -6176,7 +6363,7 @@ while (*s != 0) expand_string_message); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded)); + yield = string_cat(yield, &size, &ptr, expanded); continue; } @@ -6185,7 +6372,7 @@ while (*s != 0) int count = 0; uschar *t = sub - 1; while (*(++t) != 0) { *t = tolower(*t); count++; } - yield = string_cat(yield, &size, &ptr, sub, count); + yield = string_catn(yield, &size, &ptr, sub, count); continue; } @@ -6194,7 +6381,7 @@ while (*s != 0) int count = 0; uschar *t = sub - 1; while (*(++t) != 0) { *t = toupper(*t); count++; } - yield = string_cat(yield, &size, &ptr, sub, count); + yield = string_catn(yield, &size, &ptr, sub, count); continue; } @@ -6203,7 +6390,7 @@ while (*s != 0) if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_md5(*(void **)vp->value); - yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); + yield = string_cat(yield, &size, &ptr, cp); } else #endif @@ -6215,7 +6402,7 @@ while (*s != 0) md5_start(&base); md5_end(&base, sub, Ustrlen(sub), digest); for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]); - yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st)); + yield = string_cat(yield, &size, &ptr, US st); } continue; @@ -6224,34 +6411,83 @@ while (*s != 0) if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value); - yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); + yield = string_cat(yield, &size, &ptr, cp); } else #endif { - sha1 base; + hctx h; uschar digest[20]; int j; char st[41]; - sha1_start(&base); - sha1_end(&base, sub, Ustrlen(sub), digest); + sha1_start(&h); + sha1_end(&h, sub, Ustrlen(sub), digest); for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]); - yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st)); + yield = string_catn(yield, &size, &ptr, US st, 40); } continue; case EOP_SHA256: -#ifdef SUPPORT_TLS +#ifdef EXIM_HAVE_SHA2 if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value); - yield = string_cat(yield, &size, &ptr, cp, (int)Ustrlen(cp)); + yield = string_cat(yield, &size, &ptr, cp); } else + { + hctx h; + blob b; + char st[3]; + + exim_sha_init(&h, HASH_SHA256); + exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_finish(&h, &b); + while (b.len-- > 0) + { + sprintf(st, "%02X", *b.data++); + yield = string_catn(yield, &size, &ptr, US st, 2); + } + } +#else + expand_string_message = US"sha256 only supported with TLS"; #endif - expand_string_message = US"sha256 only supported for certificates"; continue; + case EOP_SHA3: +#ifdef EXIM_HAVE_SHA3 + { + hctx h; + blob b; + char st[3]; + hashmethod m = !arg ? HASH_SHA3_256 + : Ustrcmp(arg, "224") == 0 ? HASH_SHA3_224 + : Ustrcmp(arg, "256") == 0 ? HASH_SHA3_256 + : Ustrcmp(arg, "384") == 0 ? HASH_SHA3_384 + : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512 + : HASH_BADTYPE; + + if (m == HASH_BADTYPE) + { + expand_string_message = US"unrecognised sha3 variant"; + goto EXPAND_FAILED; + } + + exim_sha_init(&h, m); + exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_finish(&h, &b); + while (b.len-- > 0) + { + sprintf(st, "%02X", *b.data++); + yield = string_catn(yield, &size, &ptr, US st, 2); + } + } + continue; +#else + expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 +"; + goto EXPAND_FAILED; +#endif + /* Convert hex encoding to base64 encoding */ case EOP_HEX2B64: @@ -6296,7 +6532,7 @@ while (*s != 0) } enc = b64encode(sub, out - sub); - yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc)); + yield = string_cat(yield, &size, &ptr, enc); continue; } @@ -6308,10 +6544,10 @@ while (*s != 0) while (*(++t) != 0) { if (*t < 0x21 || 0x7E < *t) - yield = string_cat(yield, &size, &ptr, + yield = string_catn(yield, &size, &ptr, string_sprintf("\\x%02x", *t), 4); else - yield = string_cat(yield, &size, &ptr, t, 1); + yield = string_catn(yield, &size, &ptr, t, 1); } continue; } @@ -6327,7 +6563,7 @@ while (*s != 0) while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++; cp = string_sprintf("%d", cnt); - yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); + yield = string_cat(yield, &size, &ptr, cp); continue; } @@ -6381,7 +6617,7 @@ while (*s != 0) { uschar * buf = US" : "; if (needsep) - yield = string_cat(yield, &size, &ptr, buf, 3); + yield = string_catn(yield, &size, &ptr, buf, 3); else needsep = TRUE; @@ -6397,21 +6633,21 @@ while (*s != 0) tok[0] = sep; tok[1] = ':'; tok[2] = 0; while ((cp= strpbrk((const char *)item, tok))) { - yield = string_cat(yield, &size, &ptr, item, cp-(char *)item); + yield = string_catn(yield, &size, &ptr, item, cp-(char *)item); if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */ { - yield = string_cat(yield, &size, &ptr, US"::", 2); + yield = string_catn(yield, &size, &ptr, US"::", 2); item = (uschar *)cp; } else /* sep in item; should already be doubled; emit once */ { - yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1); + yield = string_catn(yield, &size, &ptr, (uschar *)tok, 1); if (*cp == sep) cp++; item = (uschar *)cp; } } } - yield = string_cat(yield, &size, &ptr, item, Ustrlen(item)); + yield = string_cat(yield, &size, &ptr, item); } continue; } @@ -6459,7 +6695,7 @@ while (*s != 0) /* Convert to masked textual format and add to output. */ - yield = string_cat(yield, &size, &ptr, buffer, + yield = string_catn(yield, &size, &ptr, buffer, host_nmtoa(count, binary, mask, buffer, '.')); continue; } @@ -6489,7 +6725,7 @@ while (*s != 0) goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, buffer, + yield = string_catn(yield, &size, &ptr, buffer, c == EOP_IPV6NORM ? ipv6_nmtoa(binary, buffer) : host_nmtoa(4, binary, -1, buffer, ':') @@ -6510,12 +6746,12 @@ while (*s != 0) if (c != EOP_DOMAIN) { if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1; - yield = string_cat(yield, &size, &ptr, sub+start, end-start); + yield = string_catn(yield, &size, &ptr, sub+start, end-start); } else if (domain != 0) { domain += start; - yield = string_cat(yield, &size, &ptr, sub+domain, end-domain); + yield = string_catn(yield, &size, &ptr, sub+domain, end-domain); } } continue; @@ -6550,25 +6786,25 @@ while (*s != 0) if (address != NULL) { if (ptr != save_ptr && address[0] == *outsep) - yield = string_cat(yield, &size, &ptr, US" ", 1); + yield = string_catn(yield, &size, &ptr, US" ", 1); for (;;) { size_t seglen = Ustrcspn(address, outsep); - yield = string_cat(yield, &size, &ptr, address, seglen + 1); + yield = string_catn(yield, &size, &ptr, address, seglen + 1); /* If we got to the end of the string we output one character too many. */ if (address[seglen] == '\0') { ptr--; break; } - yield = string_cat(yield, &size, &ptr, outsep, 1); + yield = string_catn(yield, &size, &ptr, outsep, 1); address += seglen + 1; } /* Output a separator after the string: we will remove the redundant final one at the end. */ - yield = string_cat(yield, &size, &ptr, outsep, 1); + yield = string_catn(yield, &size, &ptr, outsep, 1); } if (saveend == '\0') break; @@ -6615,24 +6851,24 @@ while (*s != 0) if (needs_quote) { - yield = string_cat(yield, &size, &ptr, US"\"", 1); + yield = string_catn(yield, &size, &ptr, US"\"", 1); t = sub - 1; while (*(++t) != 0) { if (*t == '\n') - yield = string_cat(yield, &size, &ptr, US"\\n", 2); + yield = string_catn(yield, &size, &ptr, US"\\n", 2); else if (*t == '\r') - yield = string_cat(yield, &size, &ptr, US"\\r", 2); + yield = string_catn(yield, &size, &ptr, US"\\r", 2); else { if (*t == '\\' || *t == '"') - yield = string_cat(yield, &size, &ptr, US"\\", 1); - yield = string_cat(yield, &size, &ptr, t, 1); + yield = string_catn(yield, &size, &ptr, US"\\", 1); + yield = string_catn(yield, &size, &ptr, t, 1); } } - yield = string_cat(yield, &size, &ptr, US"\"", 1); + yield = string_catn(yield, &size, &ptr, US"\"", 1); } - else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub)); + else yield = string_cat(yield, &size, &ptr, sub); continue; } @@ -6664,7 +6900,7 @@ while (*s != 0) goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub)); + yield = string_cat(yield, &size, &ptr, sub); continue; } @@ -6677,8 +6913,8 @@ while (*s != 0) while (*(++t) != 0) { if (!isalnum(*t)) - yield = string_cat(yield, &size, &ptr, US"\\", 1); - yield = string_cat(yield, &size, &ptr, t, 1); + yield = string_catn(yield, &size, &ptr, US"\\", 1); + yield = string_catn(yield, &size, &ptr, t, 1); } continue; } @@ -6691,7 +6927,7 @@ while (*s != 0) uschar buffer[2048]; const uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset, buffer, sizeof(buffer), FALSE); - yield = string_cat(yield, &size, &ptr, string, Ustrlen(string)); + yield = string_cat(yield, &size, &ptr, string); continue; } @@ -6708,7 +6944,7 @@ while (*s != 0) expand_string_message = error; goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, decoded, len); + yield = string_catn(yield, &size, &ptr, decoded, len); continue; } @@ -6724,7 +6960,7 @@ while (*s != 0) GETUTF8INC(c, sub); if (c > 255) c = '_'; buff[0] = c; - yield = string_cat(yield, &size, &ptr, buff, 1); + yield = string_catn(yield, &size, &ptr, buff, 1); } continue; } @@ -6759,7 +6995,7 @@ while (*s != 0) complete = -1; /* error (RFC3629 limit) */ else { /* finished; output utf-8 sequence */ - yield = string_cat(yield, &size, &ptr, seq_buff, seq_len); + yield = string_catn(yield, &size, &ptr, seq_buff, seq_len); index = 0; } } @@ -6768,7 +7004,7 @@ while (*s != 0) { if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */ { - yield = string_cat(yield, &size, &ptr, &c, 1); + yield = string_catn(yield, &size, &ptr, &c, 1); continue; } if((c & 0xe0) == 0xc0) /* 2-byte sequence */ @@ -6801,11 +7037,11 @@ while (*s != 0) if (complete != 0) { bytes_left = index = 0; - yield = string_cat(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1); + yield = string_catn(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1); } if ((complete == 1) && ((c & 0x80) == 0)) /* ASCII character follows incomplete sequence */ - yield = string_cat(yield, &size, &ptr, &c, 1); + yield = string_catn(yield, &size, &ptr, &c, 1); } continue; } @@ -6822,7 +7058,7 @@ while (*s != 0) string_printing(sub), error); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -6837,7 +7073,7 @@ while (*s != 0) string_printing(sub), error); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -6852,7 +7088,7 @@ while (*s != 0) string_printing(sub), error); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); DEBUG(D_expand) debug_printf("yield: '%s'\n", yield); continue; } @@ -6868,7 +7104,7 @@ while (*s != 0) string_printing(sub), error); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } #endif /* EXPERIMENTAL_INTERNATIONAL */ @@ -6877,11 +7113,23 @@ while (*s != 0) case EOP_ESCAPE: { - const uschar *t = string_printing(sub); - yield = string_cat(yield, &size, &ptr, t, Ustrlen(t)); + const uschar * t = string_printing(sub); + yield = string_cat(yield, &size, &ptr, t); continue; } + case EOP_ESCAPE8BIT: + { + const uschar * s = sub; + uschar c; + + for (s = sub; (c = *s); s++) + yield = c < 127 && c != '\\' + ? string_catn(yield, &size, &ptr, s, 1) + : string_catn(yield, &size, &ptr, string_sprintf("\\%03o", c), 4); + continue; + } + /* Handle numeric expression evaluation */ case EOP_EVAL: @@ -6898,7 +7146,7 @@ while (*s != 0) goto EXPAND_FAILED; } sprintf(CS var_buffer, PR_EXIM_ARITH, n); - yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer)); + yield = string_cat(yield, &size, &ptr, var_buffer); continue; } @@ -6914,7 +7162,7 @@ while (*s != 0) goto EXPAND_FAILED; } sprintf(CS var_buffer, "%d", n); - yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer)); + yield = string_cat(yield, &size, &ptr, var_buffer); continue; } @@ -6929,7 +7177,7 @@ while (*s != 0) goto EXPAND_FAILED; } t = readconf_printtime(n); - yield = string_cat(yield, &size, &ptr, t, Ustrlen(t)); + yield = string_cat(yield, &size, &ptr, t); continue; } @@ -6945,7 +7193,7 @@ while (*s != 0) #else uschar * s = b64encode(sub, Ustrlen(sub)); #endif - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -6959,7 +7207,7 @@ while (*s != 0) "well-formed for \"%s\" operator", sub, name); goto EXPAND_FAILED; } - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -6969,7 +7217,7 @@ while (*s != 0) { uschar buff[24]; (void)sprintf(CS buff, "%d", Ustrlen(sub)); - yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff)); + yield = string_cat(yield, &size, &ptr, buff); continue; } @@ -7060,7 +7308,7 @@ while (*s != 0) extract_substr(sub, value1, value2, &len); if (ret == NULL) goto EXPAND_FAILED; - yield = string_cat(yield, &size, &ptr, ret, len); + yield = string_catn(yield, &size, &ptr, ret, len); continue; } @@ -7115,7 +7363,7 @@ while (*s != 0) (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid, (long)st.st_gid, st.st_size, (long)st.st_atime, (long)st.st_mtime, (long)st.st_ctime); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -7130,7 +7378,7 @@ while (*s != 0) if (expand_string_message != NULL) goto EXPAND_FAILED; s = string_sprintf("%d", vaguely_random_number((int)max)); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); continue; } @@ -7149,7 +7397,7 @@ while (*s != 0) goto EXPAND_FAILED; } invert_address(reversed, sub); - yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed)); + yield = string_cat(yield, &size, &ptr, reversed); continue; } @@ -7179,8 +7427,7 @@ while (*s != 0) yield = NULL; size = 0; } - value = find_variable(name, FALSE, skipping, &newsize); - if (value == NULL) + if (!(value = find_variable(name, FALSE, skipping, &newsize))) { expand_string_message = string_sprintf("unknown variable in \"${%s}\"", name); @@ -7188,13 +7435,14 @@ while (*s != 0) goto EXPAND_FAILED; } len = Ustrlen(value); - if (yield == NULL && newsize != 0) + if (!yield && newsize) { yield = value; size = newsize; ptr = len; } - else yield = string_cat(yield, &size, &ptr, value, len); + else + yield = string_catn(yield, &size, &ptr, value, len); continue; } @@ -7235,9 +7483,9 @@ else if (resetok_p) *resetok_p = FALSE; DEBUG(D_expand) { - debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string, + debug_printf(" expanding: %.*s\n result: %s\n", (int)(s - string), string, yield); - if (skipping) debug_printf("skipping: result is not used\n"); + if (skipping) debug_printf(" skipping: result is not used\n"); } return yield; @@ -7246,10 +7494,12 @@ to update the pointer to the terminator, for cases of nested calls with "fail". */ EXPAND_FAILED_CURLY: -expand_string_message = malformed_header? - US"missing or misplaced { or } - could be header name not terminated by colon" - : - US"missing or misplaced { or }"; +if (malformed_header) + expand_string_message = + US"missing or misplaced { or } - could be header name not terminated by colon"; + +else if (!expand_string_message || !*expand_string_message) + expand_string_message = US"missing or misplaced { or }"; /* At one point, Exim reset the store to yield (if yield was not NULL), but that is a bad idea, because expand_string_message is in dynamic store. */ @@ -7500,6 +7750,29 @@ return OK; +/* Avoid potentially exposing a password in a string about to be logged */ + +uschar * +expand_hide_passwords(uschar * s) +{ +return ( ( Ustrstr(s, "failed to expand") != NULL + || Ustrstr(s, "expansion of ") != NULL + ) + && ( Ustrstr(s, "mysql") != NULL + || Ustrstr(s, "pgsql") != NULL + || Ustrstr(s, "redis") != NULL + || Ustrstr(s, "sqlite") != NULL + || Ustrstr(s, "ldap:") != NULL + || Ustrstr(s, "ldaps:") != NULL + || Ustrstr(s, "ldapi:") != NULL + || Ustrstr(s, "ldapdn:") != NULL + || Ustrstr(s, "ldapm:") != NULL + ) ) + ? US"Temporary internal error" : s; +} + + + /************************************************* ************************************************** diff --git a/src/src/filter.c b/src/src/filter.c index bba1a520e..59ab3192f 100644 --- a/src/src/filter.c +++ b/src/src/filter.c @@ -519,14 +519,14 @@ for (;;) string_item *aa; uschar *saveptr = ptr; ptr = nextword(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; if (Ustrcmp(buffer, "alias") != 0) { ptr = saveptr; break; } ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; aa = store_get(sizeof(string_item)); aa->text = string_copy(buffer); aa->next = c->left.a; @@ -540,7 +540,7 @@ for (;;) else if (Ustrcmp(buffer, "foranyaddress") == 0) { ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; if (*ptr != '(') { *error_pointer = string_sprintf("\"(\" expected after \"foranyaddress\" " @@ -552,18 +552,13 @@ for (;;) c->left.u = string_copy(buffer); ptr = read_condition(nextsigchar(ptr+1, TRUE), &(c->right.c), FALSE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; if (*ptr != ')') { *error_pointer = string_sprintf("expected \")\" in line %d of " "filter file", line_number); break; } - if (!testfor) - { - c->testfor = !c->testfor; - testfor = TRUE; - } ptr = nextsigchar(ptr+1, TRUE); } @@ -577,7 +572,7 @@ for (;;) c->left.u = string_copy(buffer); ptr = nextword(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; /* Handle "does|is [not]", preserving the pointer after "is" in case it isn't that, but the form "is <string>". */ @@ -588,13 +583,13 @@ for (;;) if (buffer[0] == 'I') { c->type = cond_IS; isptr = ptr; } ptr = nextword(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; if (strcmpic(buffer, US"not") == 0) { c->testfor = !c->testfor; - if (isptr != NULL) isptr = ptr; + if (isptr) isptr = ptr; ptr = nextword(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; } } @@ -612,22 +607,19 @@ for (;;) if (i >= cond_word_count) { - if (isptr != NULL) - { - ptr = isptr; - } - else + if (!isptr) { *error_pointer = string_sprintf("unrecognized condition word \"%s\" " "near line %d of filter file", buffer, line_number); break; } + ptr = isptr; } /* Get the RH argument. */ ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; c->right.u = string_copy(buffer); } } @@ -664,7 +656,7 @@ for (;;) { uschar *saveptr = ptr; ptr = nextword(ptr, buffer, sizeof(buffer), FALSE); - if (*error_pointer != NULL) break; + if (*error_pointer) break; /* "Then" terminates a toplevel condition; otherwise a closing bracket has been omitted. Put a string terminator at the start of "then" so @@ -673,7 +665,7 @@ for (;;) if (Ustrcmp(buffer, "then") == 0) { if (toplevel) *saveptr = 0; - else *error_pointer = string_sprintf("missing \")\" at end of " + else *error_pointer = string_sprintf("missing \")\" at end of " "condition near line %d of filter file", line_number); break; } @@ -707,21 +699,21 @@ for (;;) condition_block *orc = store_get(sizeof(condition_block)); condition_block *or_parent = NULL; - if (current_parent != NULL) + if (current_parent) { - while (current_parent->parent != NULL && + while (current_parent->parent && current_parent->parent->type == cond_and) current_parent = current_parent->parent; /* If the parent has a parent, it must be an "or" parent. */ - if (current_parent->parent != NULL) + if (current_parent->parent) or_parent = current_parent->parent; } orc->parent = or_parent; - if (or_parent == NULL) *cond = orc; else - or_parent->right.c = orc; + if (!or_parent) *cond = orc; + else or_parent->right.c = orc; orc->type = cond_or; orc->testfor = TRUE; orc->left.c = (current_parent == NULL)? c : current_parent; @@ -2281,17 +2273,16 @@ while (commands != NULL) if (recipient != NULL) { - log_addr = string_cat(log_addr, &size, &ptr, - (log_addr == NULL)? US">" : US",", 1); - log_addr = string_cat(log_addr, &size, &ptr, recipient, - Ustrlen(recipient)); + log_addr = string_catn(log_addr, &size, &ptr, + log_addr ? US"," : US">", 1); + log_addr = string_cat(log_addr, &size, &ptr, recipient); } /* Check size */ if (ptr > 256) { - log_addr = string_cat(log_addr, &size, &ptr, US", ...", 5); + log_addr = string_catn(log_addr, &size, &ptr, US", ...", 5); break; } diff --git a/src/src/functions.h b/src/src/functions.h index 4cee9bf8b..cc4e22b2e 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -56,6 +56,7 @@ extern int tls_feof(void); extern int tls_ferror(void); extern void tls_free_cert(void **); extern int tls_getc(void); +extern void tls_get_cache(void); extern int tls_import_cert(const uschar *, void **); extern int tls_read(BOOL, uschar *, size_t); extern int tls_server_start(const uschar *); @@ -71,7 +72,7 @@ extern uschar * tls_field_from_dn(uschar *, const uschar *); extern BOOL tls_is_name_for_cert(const uschar *, void *); # ifdef EXPERIMENTAL_DANE -extern int tlsa_lookup(const host_item *, dns_answer *, BOOL, BOOL *); +extern int tlsa_lookup(const host_item *, dns_answer *, BOOL); # endif #endif /*SUPPORT_TLS*/ @@ -100,6 +101,7 @@ extern int auth_xtextdecode(uschar *, uschar **); extern uschar *b64encode(uschar *, int); extern int b64decode(uschar *, uschar **); +extern int bdat_getc(void); extern void bits_clear(unsigned int *, size_t, int *); extern void bits_set(unsigned int *, size_t, int *); @@ -108,6 +110,7 @@ extern int check_host(void *, const uschar *, const uschar **, uschar **); extern uschar **child_exec_exim(int, BOOL, int *, BOOL, int, ...); extern pid_t child_open_uid(const uschar **, const uschar **, int, uid_t *, gid_t *, int *, int *, uschar *, BOOL); +extern BOOL cleanup_environment(void); extern uschar *cutthrough_finaldot(void); extern BOOL cutthrough_flush_send(void); extern BOOL cutthrough_headers_send(void); @@ -122,6 +125,7 @@ extern int dcc_process(uschar **); #endif extern void debug_logging_activate(uschar *, uschar *); +extern void debug_logging_stop(void); extern void debug_print_argv(const uschar **); extern void debug_print_ids(uschar *); extern void debug_print_string(uschar *); @@ -140,14 +144,10 @@ extern void deliver_succeeded(address_item *); extern uschar *deliver_get_sender_address (uschar *id); -#ifdef WITH_OLD_DEMIME -extern int demime(uschar **); -#endif extern BOOL directory_make(const uschar *, const uschar *, int, BOOL); #ifndef DISABLE_DKIM -extern BOOL dkim_transport_write_message(address_item *, int, int, - int, uschar *, uschar *, uschar *, uschar *, rewrite_rule *, - int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *); +extern BOOL dkim_transport_write_message(int, transport_ctx *, + struct ob_dkim *); #endif extern dns_address *dns_address_from_rr(dns_answer *, dns_record *); extern int dns_basic_lookup(dns_answer *, const uschar *, int); @@ -158,7 +158,7 @@ extern BOOL dns_is_secure(const dns_answer *); extern int dns_lookup(dns_answer *, const uschar *, int, const uschar **); extern void dns_pattern_init(void); extern int dns_special_lookup(dns_answer *, const uschar *, int, const uschar **); -extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int); +extern dns_record *dns_next_rr(const dns_answer *, dns_scan *, int); extern uschar *dns_text_type(int); extern void dscp_list_to_stream(FILE *); extern BOOL dscp_lookup(const uschar *, int, int *, int *, int *); @@ -170,6 +170,7 @@ extern uschar *event_raise(uschar *, const uschar *, uschar *); extern void msg_event_raise(const uschar *, const address_item *); #endif extern uschar ehlo_response(uschar *, size_t, uschar); +extern const uschar * exim_errstr(int); extern void exim_exit(int); extern void exim_nullstd(void); extern void exim_setugid(uid_t, gid_t, BOOL, uschar *); @@ -181,6 +182,7 @@ extern int exp_bool(address_item *addr, extern BOOL expand_check_condition(uschar *, uschar *, uschar *); extern uschar *expand_string(uschar *); /* public, cannot make const */ extern const uschar *expand_cstring(const uschar *); /* ... so use this one */ +extern uschar *expand_hide_passwords(uschar * ); extern uschar *expand_string_copy(const uschar *); extern int_eximarith_t expand_string_integer(uschar *, BOOL); extern void modify_variable(uschar *, void *); @@ -204,7 +206,7 @@ extern void host_build_hostlist(host_item **, const uschar *, BOOL); extern ip_address_item *host_build_ifacelist(const uschar *, uschar *); extern void host_build_log_info(void); extern void host_build_sender_fullhost(void); -extern BOOL host_find_byname(host_item *, const uschar *, int, +extern int host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL); extern int host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *, uschar *, const dnssec_domains *, const uschar **, BOOL *); @@ -224,7 +226,7 @@ extern uschar *imap_utf7_encode(uschar *, const uschar *, extern void invert_address(uschar *, uschar *); extern int ip_addr(void *, int, const uschar *, int); extern int ip_bind(int, int, uschar *, int); -extern int ip_connect(int, int, const uschar *, int, int); +extern int ip_connect(int, int, const uschar *, int, int, BOOL); extern int ip_connectedsocket(int, const uschar *, int, int, int, host_item *, uschar **); extern int ip_get_address_family(int); @@ -243,6 +245,8 @@ extern int log_create(uschar *); extern int log_create_as_exim(uschar *); extern void log_close_all(void); +extern macro_item * macro_create(const uschar *, const uschar *, BOOL, BOOL); +extern void mainlog_close(void); #ifdef WITH_CONTENT_SCAN extern int malware(const uschar *, int); extern int malware_in_file(uschar *); @@ -280,7 +284,7 @@ extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL); extern void moan_write_from(FILE *); extern FILE *modefopen(const uschar *, const char *, mode_t); -extern void open_cutthrough_connection( address_item * addr ); +extern int open_cutthrough_connection( address_item * addr ); extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *, BOOL); @@ -312,7 +316,10 @@ extern BOOL readconf_depends(driver_instance *, uschar *); extern void readconf_driver_init(uschar *, driver_instance **, driver_info *, int, void *, int, optionlist *, int); extern uschar *readconf_find_option(void *); -extern void readconf_main(void); +extern void readconf_main(BOOL); +extern void readconf_options_from_list(optionlist *, unsigned, uschar *); +extern void readconf_options_routers(void); +extern void readconf_options_transports(void); extern void readconf_print(uschar *, uschar *, BOOL); extern uschar *readconf_printtime(int); extern uschar *readconf_readname(uschar *, int, uschar *); @@ -370,9 +377,9 @@ extern int search_findtype_partial(const uschar *, int *, const uschar **, i extern void *search_open(uschar *, int, int, uid_t *, gid_t *); extern void search_tidyup(void); extern void set_process_info(const char *, ...) PRINTF_FUNCTION(1,2); -extern void sha1_end(sha1 *, const uschar *, int, uschar *); -extern void sha1_mid(sha1 *, const uschar *); -extern void sha1_start(sha1 *); +extern void sha1_end(hctx *, const uschar *, int, uschar *); +extern void sha1_mid(hctx *, const uschar *); +extern void sha1_start(hctx *); extern int sieve_interpret(uschar *, int, uschar *, uschar *, uschar *, uschar *, address_item **, uschar **); extern void sigalrm_handler(int); @@ -389,6 +396,7 @@ extern BOOL smtp_get_interface(uschar *, int, address_item *, uschar **, uschar *); extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); extern int smtp_getc(void); +extern void smtp_get_cache(void); extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); extern void smtp_log_no_mail(void); extern void smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL); @@ -406,7 +414,10 @@ extern int spam(const uschar **); extern FILE *spool_mbox(unsigned long *, const uschar *); #endif extern BOOL spool_move_message(uschar *, uschar *, uschar *, uschar *); -extern BOOL spool_open_datafile(uschar *); +extern uschar *spool_dname(const uschar *, uschar *); +extern uschar *spool_fname(const uschar *, const uschar *, const uschar *, const uschar *); +extern uschar *spool_sname(const uschar *, uschar *); +extern int spool_open_datafile(uschar *); extern int spool_open_temp(uschar *); extern int spool_read_header(uschar *, BOOL, BOOL); extern int spool_write_header(uschar *, int, uschar **); @@ -418,7 +429,9 @@ extern uschar *string_append(uschar *, int *, int *, int, ...); extern uschar *string_append_listele(uschar *, uschar, const uschar *); extern uschar *string_append_listele_n(uschar *, uschar, const uschar *, unsigned); extern uschar *string_base62(unsigned long int); -extern uschar *string_cat(uschar *, int *, int *, const uschar *, int); +extern uschar *string_cat(uschar *, int *, int *, const uschar *); +extern uschar *string_catn(uschar *, int *, int *, const uschar *, int); +extern int string_compare_by_pointer(const void *, const void *); extern uschar *string_copy_dnsdomain(uschar *); extern uschar *string_copy_malloc(const uschar *); extern uschar *string_copylc(const uschar *); @@ -431,7 +444,6 @@ extern int string_is_ip_address(const uschar *, int *); #ifdef SUPPORT_I18N extern BOOL string_is_utf8(const uschar *); #endif -extern uschar *string_log_address(address_item *, BOOL, BOOL); extern uschar *string_nextinlist(const uschar **, int *, uschar *, int); extern uschar *string_open_failed(int, const char *, ...) PRINTF_FUNCTION(2,3); extern const uschar *string_printing2(const uschar *, BOOL); @@ -463,10 +475,9 @@ extern BOOL transport_set_up_command(const uschar ***, uschar *, extern void transport_update_waiting(host_item *, uschar *); extern BOOL transport_write_block(int, uschar *, int); extern BOOL transport_write_string(int, const char *, ...); -extern BOOL transport_headers_send(address_item *, int, uschar *, uschar *, - BOOL (*)(int, uschar *, int, BOOL), BOOL, rewrite_rule *, int); -extern BOOL transport_write_message(address_item *, int, int, int, uschar *, - uschar *, uschar *, uschar *, rewrite_rule *, int); +extern BOOL transport_headers_send(int, transport_ctx *, + BOOL (*)(int, transport_ctx *, uschar *, int)); +extern BOOL transport_write_message(int, transport_ctx *, int); extern void tree_add_duplicate(uschar *, address_item *); extern void tree_add_nonrecipient(uschar *); extern void tree_add_unusable(host_item *); diff --git a/src/src/globals.c b/src/src/globals.c index adf87380e..b862015a2 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* All the global variables are defined together in this one module, so @@ -35,7 +35,7 @@ optionlist optionlist_auths[] = { (void *)(offsetof(auth_instance, set_id)) } }; -int optionlist_auths_size = sizeof(optionlist_auths)/sizeof(optionlist); +int optionlist_auths_size = nelem(optionlist_auths); /* An empty host aliases list. */ @@ -138,15 +138,11 @@ tls_support tls_out = { uschar *dsn_envid = NULL; int dsn_ret = 0; const pcre *regex_DSN = NULL; -BOOL smtp_use_dsn = FALSE; uschar *dsn_advertise_hosts = NULL; #ifdef SUPPORT_TLS BOOL gnutls_compat_mode = FALSE; BOOL gnutls_allow_auto_pkcs11 = FALSE; -uschar *gnutls_require_mac = NULL; -uschar *gnutls_require_kx = NULL; -uschar *gnutls_require_proto = NULL; uschar *openssl_options = NULL; const pcre *regex_STARTTLS = NULL; uschar *tls_advertise_hosts = US"*"; @@ -161,7 +157,6 @@ uschar *tls_eccurve = US"prime256v1"; # ifndef DISABLE_OCSP uschar *tls_ocsp_file = NULL; # endif -BOOL tls_offered = FALSE; uschar *tls_privatekey = NULL; BOOL tls_remember_esmtp = FALSE; uschar *tls_require_ciphers = NULL; @@ -188,7 +183,10 @@ incoming TCP/IP. The defaults use stdin. We never need these for any stand-alone tests. */ #ifndef STAND_ALONE +int (*lwr_receive_getc)(void) = stdin_getc; +int (*lwr_receive_ungetc)(int) = stdin_ungetc; int (*receive_getc)(void) = stdin_getc; +void (*receive_get_cache)(void)= NULL; int (*receive_ungetc)(int) = stdin_ungetc; int (*receive_feof)(void) = stdin_feof; int (*receive_ferror)(void) = stdin_ferror; @@ -322,6 +320,7 @@ uschar *acl_wherecodes[] = { US"550", /* RCPT */ BOOL active_local_from_check = FALSE; BOOL active_local_sender_retain = FALSE; BOOL accept_8bitmime = TRUE; /* deliberately not RFC compliant */ +uschar *add_environment = NULL; address_item *addr_duplicate = NULL; address_item address_defaults = { @@ -489,14 +488,22 @@ int callout_cache_positive_expire = 24*60*60; int callout_cache_negative_expire = 2*60*60; uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing"; uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\\.?)$"; -int check_log_inodes = 0; -int check_log_space = 0; +int check_log_inodes = 100; +int check_log_space = 10*1024; /* 10K Kbyte == 10MB */ BOOL check_rfc2047_length = TRUE; -int check_spool_inodes = 0; -int check_spool_space = 0; -uschar *client_authenticator = NULL; -uschar *client_authenticated_id = NULL; -uschar *client_authenticated_sender = NULL; +int check_spool_inodes = 100; +int check_spool_space = 10*1024; /* 10K Kbyte == 10MB */ + +uschar *chunking_advertise_hosts = US"*"; +unsigned chunking_datasize = 0; +unsigned chunking_data_left = 0; +BOOL chunking_offered = FALSE; +chunking_state_t chunking_state= CHUNKING_NOT_OFFERED; +const pcre *regex_CHUNKING = NULL; + +uschar *client_authenticator = NULL; +uschar *client_authenticated_id = NULL; +uschar *client_authenticated_sender = NULL; int clmacro_count = 0; uschar *clmacros[MAX_CLMACROS]; BOOL config_changed = FALSE; @@ -505,6 +512,8 @@ uschar *config_filename = NULL; int config_lineno = 0; #ifdef CONFIGURE_GROUP gid_t config_gid = CONFIGURE_GROUP; +#else +gid_t config_gid = 0; #endif uschar *config_main_filelist = US CONFIGURE_FILE "\0<-----------Space to patch configure_filename->"; @@ -513,6 +522,8 @@ uschar *config_main_directory = NULL; #ifdef CONFIGURE_OWNER uid_t config_uid = CONFIGURE_OWNER; +#else +uid_t config_uid = 0; #endif int connection_max_messages= -1; @@ -525,6 +536,7 @@ uschar *continue_transport = NULL; uschar *csa_status = NULL; cut_t cutthrough = { FALSE, /* delivery: when to attempt */ + FALSE, /* on defer: spool locally */ -1, /* fd: open connection */ 0, /* nrcpt: number of addresses */ }; @@ -625,11 +637,6 @@ uschar *deliver_selectstring = NULL; BOOL deliver_selectstring_regex = FALSE; uschar *deliver_selectstring_sender = NULL; BOOL deliver_selectstring_sender_regex = FALSE; -#ifdef WITH_OLD_DEMIME -int demime_errorlevel = 0; -int demime_ok = 0; -uschar *demime_reason = NULL; -#endif BOOL disable_callout_flush = FALSE; BOOL disable_delay_flush = FALSE; #ifdef ENABLE_DISABLE_FSYNC @@ -728,9 +735,6 @@ uschar *filter_test_sfile = NULL; uschar *filter_test_ufile = NULL; uschar *filter_thisaddress = NULL; int finduser_retries = 0; -#ifdef WITH_OLD_DEMIME -uschar *found_extension = NULL; -#endif uid_t fixed_never_users[] = { FIXED_NEVER_USERS }; uschar *freeze_tell = NULL; uschar *freeze_tell_config = NULL; @@ -797,6 +801,7 @@ BOOL ignore_fromline_local = FALSE; uschar *ignore_fromline_hosts = NULL; BOOL inetd_wait_mode = FALSE; int inetd_wait_timeout = -1; +uschar *initial_cwd = NULL; uschar *interface_address = NULL; int interface_port = -1; BOOL is_inetd = FALSE; @@ -804,6 +809,8 @@ uschar *iterate_item = NULL; int journal_fd = -1; +uschar *keep_environment = NULL; + int keep_malformed = 4*24*60*60; /* 4 days */ uschar *eldap_dn = NULL; @@ -868,6 +875,7 @@ bit_table log_options[] = { /* must be in alphabetical order */ BIT_TABLE(L, deliver_time), BIT_TABLE(L, delivery_size), BIT_TABLE(L, dnslist_defer), + BIT_TABLE(L, dnssec), BIT_TABLE(L, etrn), BIT_TABLE(L, host_lookup_failed), BIT_TABLE(L, ident_timeout), @@ -921,6 +929,8 @@ int lookup_open_max = 25; uschar *lookup_value = NULL; macro_item *macros = NULL; +macro_item *mlast = NULL; +BOOL macros_builtin_created = FALSE; uschar *mailstore_basename = NULL; #ifdef WITH_CONTENT_SCAN uschar *malware_name = NULL; /* Virus Name */ @@ -980,6 +990,9 @@ BOOL no_mbox_unspool = FALSE; #endif BOOL no_multiline_responses = FALSE; +const int on = 1; /* for setsockopt */ +const int off = 0; + uid_t original_euid; gid_t originator_gid; uschar *originator_login = NULL; @@ -1024,6 +1037,7 @@ BOOL queue_2stage = FALSE; uschar *queue_domains = NULL; int queue_interval = -1; BOOL queue_list_requires_admin = TRUE; +uschar *queue_name = US""; BOOL queue_only = FALSE; uschar *queue_only_file = NULL; int queue_only_load = -1; @@ -1034,7 +1048,7 @@ BOOL queue_run_first_delivery = FALSE; BOOL queue_run_force = FALSE; BOOL queue_run_in_order = FALSE; BOOL queue_run_local = FALSE; -int queue_run_max = 5; +uschar *queue_run_max = US"5"; pid_t queue_run_pid = (pid_t)0; int queue_run_pipe = -1; BOOL queue_running = FALSE; @@ -1316,8 +1330,8 @@ int smtp_rlr_base = 0; double smtp_rlr_factor = 0.0; int smtp_rlr_limit = 0; int smtp_rlr_threshold = INT_MAX; -BOOL smtp_use_pipelining = FALSE; -BOOL smtp_use_size = FALSE; +unsigned smtp_peer_options = 0; +unsigned smtp_peer_options_wrap= 0; #ifdef SUPPORT_I18N uschar *smtputf8_advertise_hosts = US"*"; /* overridden under test-harness */ #endif @@ -1370,6 +1384,7 @@ BOOL suppress_local_fixups_default = FALSE; BOOL synchronous_delivery = FALSE; BOOL syslog_duplication = TRUE; int syslog_facility = LOG_MAIL; +BOOL syslog_pid = TRUE; uschar *syslog_processname = US"exim"; BOOL syslog_timestamp = TRUE; uschar *system_filter = NULL; @@ -1503,8 +1518,8 @@ uschar *uucp_from_sender = US"$1"; uschar *verify_mode = NULL; uschar *version_copyright = - US"Copyright (c) University of Cambridge, 1995 - 2015\n" - "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2015"; + US"Copyright (c) University of Cambridge, 1995 - 2016\n" + "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016"; uschar *version_date = US"?"; uschar *version_cnumber = US"????"; uschar *version_string = US"?"; diff --git a/src/src/globals.h b/src/src/globals.h index 7f6537a9a..b3747a84a 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Almost all the global variables are defined together in this one header, so @@ -108,9 +108,6 @@ extern tls_support tls_out; #ifdef SUPPORT_TLS extern BOOL gnutls_compat_mode; /* Less security, more compatibility */ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */ -extern uschar *gnutls_require_mac; /* So some can be avoided */ -extern uschar *gnutls_require_kx; /* So some can be avoided */ -extern uschar *gnutls_require_proto; /* So some can be avoided */ extern uschar *openssl_options; /* OpenSSL compatibility options */ extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */ extern uschar *tls_certificate; /* Certificate file */ @@ -122,7 +119,6 @@ extern uschar *tls_eccurve; /* EC curve */ # ifndef DISABLE_OCSP extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ # endif -extern BOOL tls_offered; /* Server offered TLS */ extern uschar *tls_privatekey; /* Private key file */ extern BOOL tls_remember_esmtp; /* For YAEB */ extern uschar *tls_require_ciphers; /* So some can be avoided */ @@ -135,13 +131,15 @@ extern uschar *tls_advertise_hosts; /* host for which TLS is advertised */ extern uschar *dsn_envid; /* DSN envid string */ extern int dsn_ret; /* DSN ret type*/ extern const pcre *regex_DSN; /* For recognizing DSN settings */ -extern BOOL smtp_use_dsn; /* Global for passed connections */ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ /* Input-reading functions for messages, so we can use special ones for incoming TCP/IP. */ +extern int (*lwr_receive_getc)(void); +extern int (*lwr_receive_ungetc)(int); extern int (*receive_getc)(void); +extern void (*receive_get_cache)(void); extern int (*receive_ungetc)(int); extern int (*receive_feof)(void); extern int (*receive_ferror)(void); @@ -157,6 +155,7 @@ extern const uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT]; /* General global variables */ extern BOOL accept_8bitmime; /* Allow *BITMIME incoming */ +extern uschar *add_environment; /* List of environment variables to add */ extern header_line *acl_added_headers; /* Headers added by an ACL */ extern tree_node *acl_anchor; /* Tree of named ACLs */ extern uschar *acl_arg[9]; /* Argument to ACL call */ @@ -193,7 +192,7 @@ extern uschar *acl_smtp_starttls; /* ACL run for STARTTLS */ extern uschar *acl_smtp_vrfy; /* ACL run for VRFY */ extern BOOL acl_temp_details; /* TRUE to give details for 4xx error */ extern tree_node *acl_var_c; /* ACL connection variables */ -extern tree_node *acl_var_m; /* ACL messsage variables */ +extern tree_node *acl_var_m; /* ACL message variables */ extern uschar *acl_verify_message; /* User message for verify failure */ extern string_item *acl_warn_logged; /* Logged lines */ extern uschar *acl_wherecodes[]; /* Response codes for ACL fails */ @@ -269,6 +268,11 @@ extern int check_log_space; /* Minimum for message acceptance */ extern BOOL check_rfc2047_length; /* Check RFC 2047 encoded string length */ extern int check_spool_inodes; /* Minimum for message acceptance */ extern int check_spool_space; /* Minimum for message acceptance */ +extern uschar *chunking_advertise_hosts; /* RFC 3030 CHUNKING */ +extern unsigned chunking_datasize; +extern unsigned chunking_data_left; +extern BOOL chunking_offered; +extern chunking_state_t chunking_state; extern uschar *client_authenticator; /* Authenticator name used for smtp delivery */ extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH */ extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */ @@ -278,16 +282,12 @@ extern int connection_max_messages;/* Max down one SMTP connection */ extern BOOL config_changed; /* True if -C used */ extern FILE *config_file; /* Configuration file */ extern uschar *config_filename; /* Configuration file name */ -#ifdef CONFIGURE_GROUP extern gid_t config_gid; /* Additional group owner */ -#endif extern int config_lineno; /* Line number */ extern uschar *config_main_filelist; /* List of possible config files */ extern uschar *config_main_filename; /* File name actually used */ extern uschar *config_main_directory; /* Directory where the main config file was found */ -#ifdef CONFIGURE_OWNER extern uid_t config_uid; /* Additional owner */ -#endif extern uschar *continue_hostname; /* Host for continued delivery */ extern uschar *continue_host_address; /* IP address for ditto */ extern BOOL continue_more; /* Flag more addresses waiting */ @@ -297,7 +297,8 @@ extern uschar *continue_transport; /* Transport for continued delivery */ extern uschar *csa_status; /* Client SMTP Authorization result */ typedef struct { - BOOL delivery; /* When to attempt */ + unsigned delivery:1; /* When to attempt */ + unsigned defer_pass:1; /* Pass 4xx to caller rather than spoolling */ int fd; /* Open connection */ int nrcpt; /* Count of addresses */ uschar * interface; /* (address of) */ @@ -362,11 +363,6 @@ extern uschar *deliver_selectstring; /* For selecting by recipient */ extern BOOL deliver_selectstring_regex; /* String is regex */ extern uschar *deliver_selectstring_sender; /* For selecting by sender */ extern BOOL deliver_selectstring_sender_regex; /* String is regex */ -#ifdef WITH_OLD_DEMIME -extern int demime_errorlevel; /* Severity of MIME error */ -extern int demime_ok; /* Nonzero if message has been demimed */ -extern uschar *demime_reason; /* Reason for broken MIME container */ -#endif extern BOOL disable_callout_flush; /* Don't flush before callouts */ extern BOOL disable_delay_flush; /* Don't flush before "delay" in ACL */ #ifdef ENABLE_DISABLE_FSYNC @@ -426,7 +422,7 @@ extern BOOL drop_cr; /* For broken local MUAs */ extern uschar *dsn_from; /* From: string for DSNs */ extern BOOL enable_dollar_recipients; /* Make $recipients available */ -extern int envelope_to_remove; /* Remove envelope_to_headers */ +extern BOOL envelope_to_remove; /* Remove envelope_to_headers */ extern int errno_quota; /* Quota errno in this OS */ extern int error_handling; /* Error handling style */ extern uschar *errors_copy; /* For taking copies of errors */ @@ -465,9 +461,6 @@ extern uschar *filter_test_ufile; /* User filter test file */ extern uschar *filter_thisaddress; /* For address looping */ extern int finduser_retries; /* Retry count for getpwnam() */ extern uid_t fixed_never_users[]; /* Can't be overridden */ -#ifdef WITH_OLD_DEMIME -extern uschar *found_extension; /* demime acl condition: file extension found */ -#endif extern uschar *freeze_tell; /* Message on (some) freezings */ extern uschar *freeze_tell_config; /* The configured setting */ extern uschar *fudged_queue_times; /* For use in test harness */ @@ -512,11 +505,13 @@ extern BOOL ignore_fromline_local; /* Local SMTP ignore fromline */ extern uschar *ignore_fromline_hosts; /* Hosts permitted to send "From " */ extern BOOL inetd_wait_mode; /* Whether running in inetd wait mode */ extern int inetd_wait_timeout; /* Timeout for inetd wait mode */ +extern uschar *initial_cwd; /* The directory we where in at startup */ extern BOOL is_inetd; /* True for inetd calls */ extern uschar *iterate_item; /* Item from iterate list */ extern int journal_fd; /* Fd for journal file */ +extern uschar *keep_environment; /* Whitelist for environment variables */ extern int keep_malformed; /* Time to keep malformed messages */ extern uschar *eldap_dn; /* Where LDAP DNs are left */ @@ -555,6 +550,8 @@ extern int lookup_open_max; /* Max lookup files to cache */ extern uschar *lookup_value; /* Value looked up from file */ extern macro_item *macros; /* Configuration macros */ +extern macro_item *mlast; /* Last item in macro list */ +extern BOOL macros_builtin_created; /* Flag for lazy-create */ extern uschar *mailstore_basename; /* For mailstore deliveries */ #ifdef WITH_CONTENT_SCAN extern uschar *malware_name; /* Name of virus or malware ("W32/Klez-H") */ @@ -614,6 +611,9 @@ extern BOOL no_mbox_unspool; /* don't unlink files in /scan directory #endif extern BOOL no_multiline_responses; /* For broken clients */ +extern const int on; /* For setsockopt */ +extern const int off; + extern optionlist optionlist_auths[]; /* These option lists are made */ extern int optionlist_auths_size; /* global so that readconf can */ extern optionlist optionlist_routers[]; /* see them for printing out */ @@ -674,6 +674,7 @@ extern BOOL queue_running; /* TRUE for queue running process and */ extern pid_t queue_run_pid; /* PID of the queue running process or 0 */ extern int queue_run_pipe; /* Pipe for synchronizing */ extern int queue_interval; /* Queue running interval */ +extern uschar *queue_name; /* Name of queue, if nondefault spooling */ extern BOOL queue_only; /* TRUE to disable immediate delivery */ extern int queue_only_load; /* Max load before auto-queue */ extern BOOL queue_only_load_latch; /* Latch queue_only_load TRUE */ @@ -681,7 +682,7 @@ extern uschar *queue_only_file; /* Queue if file exists/not-exists */ extern BOOL queue_only_override; /* Allow override from command line */ extern BOOL queue_only_policy; /* ACL or local_scan wants queue_only */ extern BOOL queue_run_in_order; /* As opposed to random */ -extern int queue_run_max; /* Max queue runners */ +extern uschar *queue_run_max; /* Max queue runners */ extern BOOL queue_smtp; /* Disable all immediate STMP (-odqs)*/ extern uschar *queue_smtp_domains; /* Ditto, for these domains */ @@ -714,10 +715,11 @@ extern uschar *recipient_verify_failure; /* What went wrong */ extern BOOL recipients_discarded; /* By an ACL */ extern int recipients_list_max; /* Maximum number fitting in list */ extern int recipients_max; /* Max permitted */ -extern int recipients_max_reject; /* If TRUE, reject whole message */ +extern BOOL recipients_max_reject; /* If TRUE, reject whole message */ extern const pcre *regex_AUTH; /* For recognizing AUTH settings */ extern const pcre *regex_check_dns_names; /* For DNS name checking */ extern const pcre *regex_From; /* For recognizing "From_" lines */ +extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ @@ -836,8 +838,8 @@ extern int smtp_rlr_base; /* Base interval for RCPT rate limit */ extern double smtp_rlr_factor; /* Factor for RCPT rate limit */ extern int smtp_rlr_limit; /* Max delay */ extern int smtp_rlr_threshold; /* Threshold for RCPT rate limit */ -extern BOOL smtp_use_pipelining; /* Global for passed connections */ -extern BOOL smtp_use_size; /* Global for passed connections */ +extern unsigned smtp_peer_options; /* Global flags for passed connections */ +extern unsigned smtp_peer_options_wrap; /* stacked version hidden by TLS */ #ifdef SUPPORT_I18N extern uschar *smtputf8_advertise_hosts; /* ingress control */ #endif @@ -888,6 +890,7 @@ extern BOOL suppress_local_fixups_default; /* former is reset to this; overri extern BOOL synchronous_delivery; /* TRUE if -odi is set */ extern BOOL syslog_duplication; /* FALSE => no duplicate logging */ extern int syslog_facility; /* As defined by Syslog.h */ +extern BOOL syslog_pid; /* TRUE if PID on syslogs */ extern uschar *syslog_processname; /* 'ident' param to openlog() */ extern BOOL syslog_timestamp; /* TRUE if time on syslogs */ extern uschar *system_filter; /* Name of system filter file */ diff --git a/src/src/auths/sha1.c b/src/src/hash.c index 67a11912e..c2be85d17 100644 --- a/src/src/auths/sha1.c +++ b/src/src/hash.c @@ -1,28 +1,180 @@ -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) University of Cambridge 1995 - 2009 */ -/* See the file NOTICE for conditions of use and distribution. */ +/* + * Exim - an Internet mail transport agent + * + * Copyright (C) 2016 Exim maintainers + * Copyright (c) University of Cambridge 1995 - 2016 + * + * Hash interface functions + */ #ifndef STAND_ALONE -#include "../exim.h" +# include "exim.h" + +#else /* For stand-alone testing, we need to have the structure defined, and to be able to do I/O */ -#else -#include <stdio.h> -#include <stdlib.h> +# include <stdio.h> +# include <stdlib.h> typedef unsigned char uschar; typedef struct sha1 { unsigned int H[5]; unsigned int length; } sha1; +#endif /*STAND_ALONE*/ + + + +/******************************************************************************/ +#ifdef SHA_OPENSSL + +void +exim_sha_init(hctx * h, hashmethod m) +{ +switch (h->method = m) + { + case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break; + case HASH_SHA256: h->hashlen = 32; SHA256_Init(&h->u.sha2); break; + default: h->hashlen = 0; break; + } +} + + +void +exim_sha_update(hctx * h, const uschar * data, int len) +{ +switch (h->method) + { + case HASH_SHA1: SHA1_Update (&h->u.sha1, data, len); break; + case HASH_SHA256: SHA256_Update(&h->u.sha2, data, len); break; + } +} + + +void +exim_sha_finish(hctx * h, blob * b) +{ +b->data = store_get(b->len = h->hashlen); +switch (h->method) + { + case HASH_SHA1: SHA1_Final (b->data, &h->u.sha1); break; + case HASH_SHA256: SHA256_Final(b->data, &h->u.sha2); break; + } +} + + + +#elif defined(SHA_GNUTLS) +/******************************************************************************/ + +void +exim_sha_init(hctx * h, hashmethod m) +{ +switch (h->method = m) + { + case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break; + case HASH_SHA256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA256); break; +#ifdef EXIM_HAVE_SHA3 + case HASH_SHA3_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_256); break; #endif + default: h->hashlen = 0; break; + } +} + + +void +exim_sha_update(hctx * h, const uschar * data, int len) +{ +gnutls_hash(h->sha, data, len); +} + + +void +exim_sha_finish(hctx * h, blob * b) +{ +b->data = store_get(b->len = h->hashlen); +gnutls_hash_output(h->sha, b->data); +} + + + +#elif defined(SHA_GCRYPT) +/******************************************************************************/ + +void +exim_sha_init(hctx * h, hashmethod m) +{ +switch (h->method = m) + { + case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break; + case HASH_SHA256: h->hashlen = 32; gcry_md_open(&h->sha, GCRY_MD_SHA256, 0); break; + default: h->hashlen = 0; break; + } +} + + +void +exim_sha_update(hctx * h, const uschar * data, int len) +{ +gcry_md_write(h->sha, data, len); +} + + +void +exim_sha_finish(hctx * h, blob * b) +{ +b->data = store_get(b->len = h->hashlen); +memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); +} + + +#elif defined(SHA_POLARSSL) +/******************************************************************************/ + +void +exim_sha_init(hctx * h, hashmethod m) +{ +switch (h->method = m) + { + case HASH_SHA1: h->hashlen = 20; sha1_starts(&h->u.sha1); break; + case HASH_SHA256: h->hashlen = 32; sha2_starts(&h->u.sha2, 0); break; + default: h->hashlen = 0; break; + } +} + + +void +exim_sha_update(hctx * h, const uschar * data, int len) +{ +switch (h->method) + { + case HASH_SHA1: sha1_update(h->u.sha1, US data, len); break; + case HASH_SHA256: sha2_update(h->u.sha2, US data, len); break; + } +} + + +void +exim_sha_finish(hctx * h, blob * b) +{ +b->data = store_get(b->len = h->hashlen); +switch (h->method) + { + case HASH_SHA1: sha1_finish(h->u.sha1, b->data); break; + case HASH_SHA256: sha2_finish(h->u.sha2, b->data); break; + } +} + + + + +#elif defined(SHA_NATIVE) +/******************************************************************************/ +/* Only sha-1 supported */ /************************************************* * Start off a new SHA-1 computation. * @@ -33,8 +185,8 @@ Argument: pointer to sha1 storage structure Returns: nothing */ -void -sha1_start(sha1 *base) +static void +native_sha1_start(sha1 *base) { base->H[0] = 0x67452301; base->H[1] = 0xefcdab89; @@ -59,18 +211,18 @@ Arguments: Returns: nothing */ -void -sha1_mid(sha1 *base, const uschar *text) +static void +native_sha1_mid(sha1 *base, const uschar *text) { -register int i; -unsigned int A, B, C, D, E; -unsigned int W[80]; +int i; +uint A, B, C, D, E; +uint W[80]; base->length += 64; for (i = 0; i < 16; i++) { - W[i] = (text[0] << 24) | (text[1] << 16) | (text[2] << 8) | text[3]; + W[i] = ((uint)text[0] << 24) | (text[1] << 16) | (text[2] << 8) | text[3]; text += 4; } @@ -158,8 +310,8 @@ Arguments: Returns: nothing */ -void -sha1_end(sha1 *base, const uschar *text, int length, uschar *digest) +static void +native_sha1_end(sha1 *base, const uschar *text, int length, uschar *digest) { int i; uschar work[64]; @@ -168,7 +320,7 @@ uschar work[64]; while (length >= 64) { - sha1_mid(base, text); + native_sha1_mid(base, text); text += 64; length -= 64; } @@ -184,7 +336,7 @@ work[length] = 0x80; if (length > 55) { memset(work+length+1, 0, 63-length); - sha1_mid(base, work); + native_sha1_mid(base, work); base->length -= 64; memset(work, 0, 56); } @@ -210,7 +362,7 @@ memset(work+56, 0, 4); /* Process the final 64-byte chunk */ -sha1_mid(base, work); +native_sha1_mid(base, work); /* Pass back the result, high-order byte first in each word. */ @@ -226,13 +378,112 @@ for (i = 0; i < 5; i++) + + + +# ifdef notdef +void +exim_sha_init(hctx * h, hashmethod m) +{ +h->hashlen = 20; +native_sha1_start(&h->sha1); +} + + +void +exim_sha_update(hctx * h, const uschar * data, int len) +{ +native_sha1_mid(&h->sha1, US data); /* implicit size always 64 */ +} + + +void +exim_sha_finish(hctx * h, blob * b) +{ +b->data = store_get(b->len = h->hashlen); + +native_sha1_end(&h->sha1, NULL, 0, b->data); +} +# endif + + +#endif +/******************************************************************************/ + +/* Common to all library versions */ +int +exim_sha_hashlen(hctx * h) +{ +return h->method == HASH_SHA1 ? 20 + : h->method == HASH_SHA256 ? 32 + : 0; +} + + +/******************************************************************************/ +/******************************************************************************/ +/******************************************************************************/ +/******************************************************************************/ +/* Original sha-1 interface used by crypteq{shal1}, +${sha1:} ${hmac:} and ${prvs:} */ + +#ifdef SHA_NATIVE + +void +sha1_start(hctx * h) +{ +native_sha1_start(&h->sha1); +} + +void +sha1_mid(hctx * h, const uschar * data) +{ +native_sha1_mid(&h->sha1, data); +} + +void +sha1_end(hctx * h, const uschar * data, int len, uschar *digest) +{ +native_sha1_end(&h->sha1, data, len, digest); +} + +#else + +void +sha1_start(hctx * h) +{ +exim_sha_init(h, HASH_SHA1); +} + +void +sha1_mid(hctx * h, const uschar * data) +{ +exim_sha_update(h, data, 64); +} + +void +sha1_end(hctx * h, const uschar * data, int len, uschar *digest) +{ +blob b; +exim_sha_update(h, data, len); +exim_sha_finish(h, &b); +memcpy(digest, b.data, 20); +} + +#endif + + + + + + /************************************************* ************************************************** * Stand-alone test program * ************************************************** *************************************************/ -#ifdef STAND_ALONE +# ifdef STAND_ALONE /* Test values. The first 128 may contain binary zeros and have increasing length. */ @@ -525,8 +776,8 @@ printf("Checking sha1: %s-endian\n\n", (ctest[0] == 0x04)? "little" : "big"); for (i = 0; i < sizeof(tests)/sizeof(uschar *); i ++) { printf("%d.\nShould be: %s\n", i, hashes[i]); - sha1_start(&base); - sha1_end(&base, tests[i], (i <= 128)? i : strlen(tests[i]), digest); + native_sha1_start(&base); + native_sha1_end(&base, tests[i], (i <= 128)? i : strlen(tests[i]), digest); for (j = 0; j < 20; j++) sprintf(s+2*j, "%02X", digest[j]); printf("Computed: %s\n", s); if (strcmp(s, hashes[i]) != 0) printf("*** No match ***\n"); @@ -540,13 +791,13 @@ memset(ctest, 'a', 1000000); printf("1 000 000 repetitions of 'a'\n"); printf("Should be: %s\n", atest); -sha1_start(&base); -sha1_end(&base, ctest, 1000000, digest); +native_sha1_start(&base); +native_sha1_end(&base, ctest, 1000000, digest); for (j = 0; j < 20; j++) sprintf(s+2*j, "%02X", digest[j]); printf("Computed: %s\n", s); if (strcmp(s, atest) != 0) printf("*** No match ***\n"); } -#endif +# endif /*STAND_ALONE*/ -/* End of sha1.c */ +/* End of File */ diff --git a/src/src/pdkim/hash.h b/src/src/hash.h index afd7ea6a6..9e91f1aad 100644 --- a/src/src/pdkim/hash.h +++ b/src/src/hash.h @@ -1,46 +1,47 @@ /* - * PDKIM - a RFC4871 (DKIM) implementation + * Exim - an Internet mail transport agent * * Copyright (C) 2016 Exim maintainers * * Hash interface functions */ -#include "../exim.h" +#include "exim.h" -#if !defined(DISABLE_DKIM) && !defined(PDKIM_HASH_H) /* entire file */ -#define PDKIM_HASH_H +#if !defined(HASH_H) /* entire file */ +#define HASH_H -#ifndef SUPPORT_TLS -# error Need SUPPORT_TLS for DKIM -#endif - -#include "crypt_ver.h" +#include "sha_ver.h" #include "blob.h" -#ifdef RSA_OPENSSL -# include <openssl/rsa.h> -# include <openssl/ssl.h> -# include <openssl/err.h> -#elif defined(RSA_GNUTLS) -# include <gnutls/gnutls.h> -# include <gnutls/x509.h> -#endif - -#ifdef SHA_GNUTLS +#ifdef SHA_OPENSSL +# include <openssl/sha.h> +#elif defined SHA_GNUTLS # include <gnutls/crypto.h> #elif defined(SHA_GCRYPT) # include <gcrypt.h> #elif defined(SHA_POLARSSL) -# include "pdkim.h" -# include "polarssl/sha1.h" -# include "polarssl/sha2.h" +# include "pdkim/pdkim.h" /*XXX ugly */ +# include "pdkim/polarssl/sha1.h" +# include "pdkim/polarssl/sha2.h" #endif -/* Hash context */ + +/* Hash context for the exim_sha_* routines */ + +typedef enum hashmethod { + HASH_BADTYPE, + HASH_SHA1, + HASH_SHA256, + HASH_SHA3_224, + HASH_SHA3_256, + HASH_SHA3_384, + HASH_SHA3_512, +} hashmethod; + typedef struct { - int sha1; - int hashlen; + hashmethod method; + int hashlen; #ifdef SHA_OPENSSL union { @@ -59,21 +60,17 @@ typedef struct { sha1_context sha1; /* SHA1 block */ sha2_context sha2; /* SHA256 block */ } u; -#endif - -} hctx; -#if defined(SHA_OPENSSL) -# include "pdkim.h" -#elif defined(SHA_GCRYPT) -# include "pdkim.h" +#elif defined(SHA_NATIVE) + sha1 sha1; #endif +} hctx; -extern void exim_sha_init(hctx *, BOOL); -extern void exim_sha_update(hctx *, const char *a, int); +extern void exim_sha_init(hctx *, hashmethod); +extern void exim_sha_update(hctx *, const uschar *a, int); extern void exim_sha_finish(hctx *, blob *); extern int exim_sha_hashlen(hctx *); -#endif /*DISABLE_DKIM*/ +#endif /* End of File */ diff --git a/src/src/header.c b/src/src/header.c index 8136c69fe..dad1638cb 100644 --- a/src/src/header.c +++ b/src/src/header.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2009 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -450,10 +450,11 @@ for (s = strings; s != NULL; s = s->next) va_start(ap, count); for (i = 0; i < count; i++) - { if (one_pattern_match(name, slen, has_addresses, va_arg(ap, uschar *))) + { + va_end(ap); return cond; - } + } va_end(ap); return !cond; diff --git a/src/src/host.c b/src/src/host.c index 90ba852d8..25dab2bb8 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or @@ -257,7 +257,7 @@ else count++; yield = store_get(sizeof(struct hostent)); - alist = store_get((count + 1) * sizeof(char **)); + alist = store_get((count + 1) * sizeof(char *)); adds = store_get(count *alen); yield->h_name = CS name; @@ -597,12 +597,12 @@ if (sender_host_name == NULL) sender_fullhost = (sender_helo_name == NULL)? address : string_sprintf("(%s) %s", sender_helo_name, address); - sender_rcvhost = string_cat(NULL, &size, &ptr, address, adlen); + sender_rcvhost = string_catn(NULL, &size, &ptr, address, adlen); if (sender_ident != NULL || show_helo || portptr != NULL) { int firstptr; - sender_rcvhost = string_cat(sender_rcvhost, &size, &ptr, US" (", 2); + sender_rcvhost = string_catn(sender_rcvhost, &size, &ptr, US" (", 2); firstptr = ptr; if (portptr != NULL) @@ -617,7 +617,7 @@ if (sender_host_name == NULL) sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2, (firstptr == ptr)? US"ident=" : US" ident=", sender_ident); - sender_rcvhost = string_cat(sender_rcvhost, &size, &ptr, US")", 1); + sender_rcvhost = string_catn(sender_rcvhost, &size, &ptr, US")", 1); } sender_rcvhost[ptr] = 0; /* string_cat() always leaves room */ @@ -1067,7 +1067,7 @@ if (Ustrchr(address, ':') != NULL) /* Handle IPv4 address */ (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3); -bin[v4offset] = (x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3]; +bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3]; return v4offset+1; } @@ -1098,7 +1098,7 @@ for (i = 0; i < count; i++) if (mask == 0) wordmask = 0; else if (mask < 32) { - wordmask = (-1) << (32 - mask); + wordmask = (uint)(-1) << (32 - mask); mask = 0; } else @@ -1321,7 +1321,7 @@ for (i = 0; i < size; i++) if (mlen == 0) mask = 0; else if (mlen < 32) { - mask = (-1) << (32 - mlen); + mask = (uint)(-1) << (32 - mlen); mlen = 0; } else @@ -1521,7 +1521,7 @@ int len; uschar *s, *t; struct hostent *hosts; struct in_addr addr; -unsigned long time_msec; +unsigned long time_msec = 0; /* init to quieten dumb static analysis */ if (slow_lookup_log) time_msec = get_time_in_ms(); @@ -2777,17 +2777,15 @@ host which is not the primary hostname. */ last = NULL; /* Indicates that not even the first item is filled yet */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr != NULL; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) + rr; + rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type) { int precedence; int weight = 0; /* For SRV records */ int port = PORT_NONE; - uschar *s; /* MUST be unsigned for GETSHORT */ + const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */ uschar data[256]; - if (rr->type != ind_type) continue; - s = rr->data; GETSHORT(precedence, s); /* Pointer s is advanced */ /* For MX records, we use a random "weight" which causes multiple records of @@ -2920,6 +2918,12 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); NEXT_MX_RR: continue; } +if (!last) /* No rr of correct type; give up */ + { + yield = HOST_FIND_FAILED; + goto out; + } + /* If the list of hosts was obtained from SRV records, there are two things to do. First, if there is only one host, and it's name is ".", it means there is no SMTP service at this domain. Otherwise, we have to sort the hosts of equal @@ -2946,7 +2950,7 @@ if (ind_type == T_SRV) debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000); } - for (pptr = &host, h = host; h != last; pptr = &(h->next), h = h->next) + for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next) { int sum = 0; host_item *hh; @@ -3051,7 +3055,8 @@ dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */ for (h = host; h != last->next; h = h->next) { - if (h->address != NULL) continue; /* Inserted by a multihomed host */ + if (h->address) continue; /* Inserted by a multihomed host */ + rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, NULL, dnssec_request, dnssec_require); if (rc != HOST_FOUND) @@ -3063,7 +3068,7 @@ for (h = host; h != last->next; h = h->next) h->why = hwhy_deferred; } else - h->why = (rc == HOST_IGNORED)? hwhy_ignored : hwhy_failed; + h->why = rc == HOST_IGNORED ? hwhy_ignored : hwhy_failed; } } diff --git a/src/src/imap_utf7.c b/src/src/imap_utf7.c index dcccaeef8..0c3d5a20d 100644 --- a/src/src/imap_utf7.c +++ b/src/src/imap_utf7.c @@ -165,13 +165,12 @@ while (slen > 0) else { *error = string_sprintf("imapfolder: illegal character '%c'", s[1]); - if (yield) store_reset(yield); return NULL; } if (outptr > outbuf + sizeof(outbuf) - 3) { - yield = string_cat(yield, &size, &ptr, outbuf, outptr - outbuf); + yield = string_catn(yield, &size, &ptr, outbuf, outptr - outbuf); outptr = outbuf; } @@ -197,7 +196,7 @@ if (base64mode) iconv_close(icd); #endif -yield = string_cat(yield, &size, &ptr, outbuf, outptr - outbuf); +yield = string_catn(yield, &size, &ptr, outbuf, outptr - outbuf); if (yield[ptr-1] == '.') ptr--; yield[ptr] = '\0'; diff --git a/src/src/ip.c b/src/src/ip.c index 4960e3b29..c275b1f00 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for doing things with sockets. With the advent of IPv6 this has @@ -175,12 +175,14 @@ Arguments: address the remote address, in text form port the remote port timeout a timeout (zero for indefinite timeout) + fastopen TRUE iff TCP_FASTOPEN can be used Returns: 0 on success; -1 on failure, with errno set */ int -ip_connect(int sock, int af, const uschar *address, int port, int timeout) +ip_connect(int sock, int af, const uschar *address, int port, int timeout, + BOOL fastopen) { struct sockaddr_in s_in4; struct sockaddr *s_ptr; @@ -218,9 +220,34 @@ IPv6 support. */ /* If no connection timeout is set, just call connect() without setting a timer, thereby allowing the inbuilt OS timeout to operate. */ +callout_address = string_sprintf("[%s]:%d", address, port); sigalrm_seen = FALSE; if (timeout > 0) alarm(timeout); -rc = connect(sock, s_ptr, s_len); + +#if defined(TCP_FASTOPEN) && defined(MSG_FASTOPEN) +/* TCP Fast Open, if the system has a cookie from a previous call to +this peer, can send data in the SYN packet. The peer can send data +before it gets our ACK of its SYN,ACK - the latter is useful for +the SMTP banner. Is there any usage where the former might be? +We might extend the ip_connect() args for data if so. For now, +connect in FASTOPEN mode but with zero data. +*/ + +if (fastopen) + { + if ( (rc = sendto(sock, NULL, 0, MSG_FASTOPEN, s_ptr, s_len)) < 0 + && errno == EOPNOTSUPP + ) + { + DEBUG(D_transport) + debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); + rc = connect(sock, s_ptr, s_len); + } + } +else +#endif + rc = connect(sock, s_ptr, s_len); + save_errno = errno; alarm(0); @@ -238,10 +265,7 @@ if (running_in_test_harness && save_errno == ECONNREFUSED && timeout == 999999) /* Success */ if (rc >= 0) - { - callout_address = string_sprintf("[%s]:%d", address, port); return 0; - } /* A failure whose error code is "Interrupted system call" is in fact an externally applied timeout if the signal handler has been run. */ @@ -293,7 +317,6 @@ if (hostname[0] == '[' && hostname[namelen - 1] == ']') { uschar * host = string_copyn(hostname+1, namelen-2); -debug_printf("%s: 1\n", __FUNCTION__); if (string_is_ip_address(host, NULL) == 0) { *errstr = string_sprintf("malformed IP address \"%s\"", hostname); @@ -305,16 +328,12 @@ debug_printf("%s: 1\n", __FUNCTION__); /* Otherwise check for an unadorned IP address */ else if (string_is_ip_address(hostname, NULL) != 0) - { -debug_printf("%s: 2\n", __FUNCTION__); shost.name = shost.address = string_copyn(hostname, namelen); - } /* Otherwise lookup IP address(es) from the name */ else { -debug_printf("%s: 3\n", __FUNCTION__); shost.name = string_copyn(hostname, namelen); if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE) != HOST_FOUND) @@ -328,7 +347,6 @@ debug_printf("%s: 3\n", __FUNCTION__); for (h = &shost; h; h = h->next) { -debug_printf("%s: 4 '%s'\n", __FUNCTION__, h->address); fd = Ustrchr(h->address, ':') != 0 ? fd6 < 0 ? (fd6 = ip_socket(type, af = AF_INET6)) : fd6 : fd4 < 0 ? (fd4 = ip_socket(type, af = AF_INET )) : fd4; @@ -340,7 +358,7 @@ debug_printf("%s: 4 '%s'\n", __FUNCTION__, h->address); } for(port = portlo; port <= porthi; port++) - if (ip_connect(fd, af, h->address, port, timeout) == 0) + if (ip_connect(fd, af, h->address, port, timeout, type == SOCK_STREAM) == 0) { if (fd != fd6) close(fd6); if (fd != fd4) close(fd4); @@ -397,6 +415,7 @@ if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) return -1; } +callout_address = string_copy(path); server.sun_family = AF_UNIX; Ustrncpy(server.sun_path, path, sizeof(server.sun_path)-1); server.sun_path[sizeof(server.sun_path)-1] = '\0'; @@ -408,7 +427,6 @@ if (connect(sock, (struct sockaddr *) &server, sizeof(server)) < 0) path, strerror(err)); return -1; } -callout_address = string_copy(path); return sock; } diff --git a/src/src/log.c b/src/src/log.c index 558c000d7..52570ac13 100644 --- a/src/src/log.c +++ b/src/src/log.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for writing log files. The code for maintaining datestamped @@ -47,8 +47,80 @@ static BOOL path_inspected = FALSE; static int logging_mode = LOG_MODE_FILE; static uschar *file_path = US""; - - +static size_t pid_position[2]; + + +/* These should be kept in-step with the private delivery error +number definitions in macros.h */ + +static const uschar * exim_errstrings[] = { + US"", + US"unknown error", + US"user slash", + US"exist race", + US"not regular", + US"not directory", + US"bad ugid", + US"bad mode", + US"inode changed", + US"lock failed", + US"bad address2", + US"forbid pipe", + US"forbid file", + US"forbid reply", + US"missing pipe", + US"missing file", + US"missing reply", + US"bad redirect", + US"smtp closed", + US"smtp format", + US"spool format", + US"not absolute", + US"Exim-imposed quota", + US"held", + US"Delivery filter process failure", + US"Delivery add/remove header failure", + US"Delivery write incomplete error", + US"Some expansion failed", + US"Failed to get gid", + US"Failed to get uid", + US"Unset or non-existent transport", + US"MBX length mismatch", + US"Lookup failed routing or in smtp tpt", + US"Can't match format in appendfile", + US"Creation outside home in appendfile", + US"Can't check a list; lookup defer", + US"DNS lookup defer", + US"Failed to start TLS session", + US"Mandatory TLS session not started", + US"Failed to chown a file", + US"Failed to create a pipe", + US"When verifying", + US"When required by client", + US"Used internally in smtp transport", + US"RCPT gave 4xx error", + US"MAIL gave 4xx error", + US"DATA gave 4xx error", + US"Negotiation failed for proxy configured host", + US"Authenticator 'other' failure", + US"target not supporting SMTPUTF8", + US"", + + US"Not time for routing", + US"Not time for local delivery", + US"Not time for any remote host", + US"Local-only delivery", + US"Domain in queue_domains", + US"Transport concurrency limit", +}; + + +/************************************************/ +const uschar * +exim_errstr(int err) +{ +return err < 0 ? exim_errstrings[-err] : CUS strerror(err); +} /************************************************* * Write to syslog * @@ -62,7 +134,7 @@ can get here if there is a failure to open the panic log.) Arguments: priority syslog priority - s the string to be written + s the string to be written, the string may be modified! Returns: nothing */ @@ -76,6 +148,8 @@ int linecount = 0; if (running_in_test_harness) return; if (!syslog_timestamp) s += log_timezone? 26 : 20; +if (!syslog_pid && LOGGING(pid)) + memmove(s + pid_position[0], s + pid_position[1], pid_position[1] - pid_position[0]); len = Ustrlen(s); @@ -182,7 +256,11 @@ Returns: a file descriptor, or < 0 on failure (errno set) int log_create(uschar *name) { -int fd = Uopen(name, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); +int fd = Uopen(name, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); /* If creation failed, attempt to build a log directory in case that is the problem. */ @@ -196,7 +274,11 @@ if (fd < 0 && errno == ENOENT) DEBUG(D_any) debug_printf("%s log directory %s\n", created? "created" : "failed to create", name); *lastslash = '/'; - if (created) fd = Uopen(name, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); + if (created) fd = Uopen(name, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); } return fd; @@ -246,7 +328,11 @@ if (pid == 0) /* If we created a subprocess, wait for it. If it succeeded, try the open. */ while (pid > 0 && waitpid(pid, &status, 0) != pid); -if (status == 0) fd = Uopen(name, O_APPEND|O_WRONLY, LOG_MODE); +if (status == 0) fd = Uopen(name, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_APPEND|O_WRONLY, LOG_MODE); /* If we failed to create a subprocess, we are in a bad way. We return with fd still < 0, and errno set, letting the caller handle the error. */ @@ -368,11 +454,17 @@ if (!ok) /* We now have the file name. Try to open an existing file. After a successful open, arrange for automatic closure on exec(), and then return. */ -*fd = Uopen(buffer, O_APPEND|O_WRONLY, LOG_MODE); +*fd = Uopen(buffer, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_APPEND|O_WRONLY, LOG_MODE); if (*fd >= 0) { +#ifndef O_CLOEXEC (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC); +#endif return; } @@ -399,7 +491,9 @@ else if (euid == root_uid) *fd = log_create_as_exim(buffer); if (*fd >= 0) { +#ifndef O_CLOEXEC (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC); +#endif return; } @@ -420,12 +514,9 @@ log. If possible, save a copy of the original line that was being logged. If we are recursing (can't open the panic log either), the pointer will already be set. */ -if (panic_save_buffer == NULL) - { - panic_save_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); - if (panic_save_buffer != NULL) +if (!panic_save_buffer) + if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE))) memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE); - } log_write(0, LOG_PANIC_DIE, "Cannot open %s log file \"%s\": %s: " "euid=%d egid=%d", log_names[type], buffer, strerror(errno), euid, getegid()); @@ -433,6 +524,13 @@ log_write(0, LOG_PANIC_DIE, "Cannot open %s log file \"%s\": %s: " } +static void +unlink_log(int type) +{ +if (type == lt_debug) unlink(CS debuglog_name); +} + + /************************************************* * Add configuration file info to log line * @@ -498,12 +596,9 @@ log_write_failed(uschar *name, int length, int rc) { int save_errno = errno; -if (panic_save_buffer == NULL) - { - panic_save_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); - if (panic_save_buffer != NULL) +if (!panic_save_buffer) + if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE))) memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE); - } log_write(0, LOG_PANIC_DIE, "failed to write to %s: length=%d result=%d " "errno=%d (%s)", name, length, rc, save_errno, @@ -572,6 +667,14 @@ while ((t = string_nextinlist(&tt, &sep, log_buffer, LOG_BUFFER_SIZE))) } +void +mainlog_close(void) +{ +if (mainlogfd < 0) return; +(void)close(mainlogfd); +mainlogfd = -1; +mainlog_inode = 0; +} /************************************************* * Write message to log file * @@ -659,15 +762,12 @@ if (panic_recurseflag) /* Ensure we have a buffer (see comment above); this should never be obeyed when running Exim proper, only when running utilities. */ -if (log_buffer == NULL) - { - log_buffer = (uschar *)malloc(LOG_BUFFER_SIZE); - if (log_buffer == NULL) +if (!log_buffer) + if (!(log_buffer = US malloc(LOG_BUFFER_SIZE))) { fprintf(stderr, "exim: failed to get store for log buffer\n"); exim_exit(EXIT_FAILURE); } - } /* If we haven't already done so, inspect the setting of log_file_path to determine whether to log to files and/or to syslog. Bits in logging_mode @@ -809,7 +909,9 @@ while(*ptr) ptr++; if (LOGGING(pid)) { sprintf(CS ptr, "[%d] ", (int)getpid()); + if (!syslog_pid) pid_position[0] = ptr - log_buffer; /* remember begin … */ while (*ptr) ptr++; + if (!syslog_pid) pid_position[1] = ptr - log_buffer; /* … and end+1 of the PID */ } if (really_exim && message_id[0] != 0) @@ -883,14 +985,14 @@ been opened, but we don't want to keep on writing to it for too long after it has been renamed. Therefore, do a stat() and see if the inode has changed, and if so, re-open. */ -if ((flags & LOG_MAIN) != 0 && - (selector == 0 || (selector & log_selector[0]) != 0)) +if ( flags & LOG_MAIN + && (!selector || selector & log_selector[0])) { - if ((logging_mode & LOG_MODE_SYSLOG) != 0 && - (syslog_duplication || (flags & (LOG_REJECT|LOG_PANIC)) == 0)) + if ( logging_mode & LOG_MODE_SYSLOG + && (syslog_duplication || !(flags & (LOG_REJECT|LOG_PANIC)))) write_syslog(LOG_INFO, log_buffer); - if ((logging_mode & LOG_MODE_FILE) != 0) + if (logging_mode & LOG_MODE_FILE) { struct stat statbuf; @@ -916,14 +1018,8 @@ if ((flags & LOG_MAIN) != 0 && happening. */ if (mainlogfd >= 0) - { if (Ustat(mainlog_name, &statbuf) < 0 || statbuf.st_ino != mainlog_inode) - { - (void)close(mainlogfd); - mainlogfd = -1; - mainlog_inode = 0; - } - } + mainlog_close(); /* If the log is closed, open it. Then write the line. */ @@ -1325,7 +1421,7 @@ int fd = -1; if (debug_file) { debug_printf("DEBUGGING ACTIVATED FROM WITHIN CONFIG.\n" - "DEBUG: Tag=\"%s\" Opts=\"%s\"\n", tag_name, opts ? opts : US""); + "DEBUG: Tag=\"%s\" opts=\"%s\"\n", tag_name, opts ? opts : US""); return; } @@ -1356,4 +1452,16 @@ else } +void +debug_logging_stop(void) +{ +if (!debug_file || !debuglog_name[0]) return; + +debug_selector = 0; +fclose(debug_file); +debug_file = NULL; +unlink_log(lt_debug); +} + + /* End of log.c */ diff --git a/src/src/lookups/Makefile b/src/src/lookups/Makefile index 6ba0cb169..7c9700690 100644 --- a/src/src/lookups/Makefile +++ b/src/src/lookups/Makefile @@ -34,6 +34,7 @@ dnsdb.o: $(PHDRS) dnsdb.c dsearch.o: $(PHDRS) dsearch.c ibase.o: $(PHDRS) ibase.c ldap.o: $(PHDRS) ldap.c +lmdb.o: $(PHDRS) lmdb.c lsearch.o: $(PHDRS) lsearch.c mysql.o: $(PHDRS) mysql.c nis.o: $(PHDRS) nis.c @@ -53,6 +54,7 @@ dnsdb.so: $(PHDRS) dnsdb.c dsearch.so: $(PHDRS) dsearch.c ibase.so: $(PHDRS) ibase.c ldap.so: $(PHDRS) ldap.c +lmdb.so: $(PHDRS) lmdb.c lsearch.so: $(PHDRS) lsearch.c mysql.so: $(PHDRS) mysql.c nis.so: $(PHDRS) nis.c diff --git a/src/src/lookups/cdb.c b/src/src/lookups/cdb.c index ba925dc12..3a9078a4e 100644 --- a/src/src/lookups/cdb.c +++ b/src/src/lookups/cdb.c @@ -94,7 +94,7 @@ typedef unsigned int uint32; * Internal function to make hash value */ static uint32 -cdb_hash(uschar *buf, unsigned int len) +cdb_hash(const uschar *buf, unsigned int len) { uint32 h; @@ -281,135 +281,171 @@ cdb_find(void *handle, uschar **errmsg, uint *do_cache) { - struct cdb_state * cdbp = handle; - uint32 item_key_len, - item_dat_len, - key_hash, - item_hash, - item_posn, - cur_offset, - end_offset, - hash_offset_entry, - hash_offset, - hash_offlen, - hash_slotnm; - int loop; - - /* Keep picky compilers happy */ - do_cache = do_cache; - - key_hash = cdb_hash((uschar *)keystring, key_len); - - hash_offset_entry = CDB_HASH_ENTRY * (key_hash & CDB_HASH_MASK); - hash_offset = cdb_unpack(cdbp->cdb_offsets + hash_offset_entry); - hash_offlen = cdb_unpack(cdbp->cdb_offsets + hash_offset_entry + 4); - - /* If the offset length is zero this key cannot be in the file */ - if (hash_offlen == 0) { - return FAIL; - } - hash_slotnm = (key_hash >> 8) % hash_offlen; - - /* check to ensure that the file is not corrupt - * if the hash_offset + (hash_offlen * CDB_HASH_ENTRY) is longer - * than the file, then we have problems.... */ - if ((hash_offset + (hash_offlen * CDB_HASH_ENTRY)) > cdbp->filelen) { - *errmsg = string_sprintf("cdb: corrupt cdb file %s (too short)", - filename); - DEBUG(D_lookup) debug_printf("%s\n", *errmsg); - return DEFER; +struct cdb_state * cdbp = handle; +uint32 item_key_len, +item_dat_len, +key_hash, +item_hash, +item_posn, +cur_offset, +end_offset, +hash_offset_entry, +hash_offset, +hash_offlen, +hash_slotnm; +int loop; + +/* Keep picky compilers happy */ +do_cache = do_cache; + +key_hash = cdb_hash(keystring, key_len); + +hash_offset_entry = CDB_HASH_ENTRY * (key_hash & CDB_HASH_MASK); +hash_offset = cdb_unpack(cdbp->cdb_offsets + hash_offset_entry); +hash_offlen = cdb_unpack(cdbp->cdb_offsets + hash_offset_entry + 4); + +/* If the offset length is zero this key cannot be in the file */ + +if (hash_offlen == 0) + return FAIL; + +hash_slotnm = (key_hash >> 8) % hash_offlen; + +/* check to ensure that the file is not corrupt + * if the hash_offset + (hash_offlen * CDB_HASH_ENTRY) is longer + * than the file, then we have problems.... */ + +if ((hash_offset + (hash_offlen * CDB_HASH_ENTRY)) > cdbp->filelen) + { + *errmsg = string_sprintf("cdb: corrupt cdb file %s (too short)", + filename); + DEBUG(D_lookup) debug_printf("%s\n", *errmsg); + return DEFER; } - cur_offset = hash_offset + (hash_slotnm * CDB_HASH_ENTRY); - end_offset = hash_offset + (hash_offlen * CDB_HASH_ENTRY); - /* if we are allowed to we use mmap here.... */ +cur_offset = hash_offset + (hash_slotnm * CDB_HASH_ENTRY); +end_offset = hash_offset + (hash_offlen * CDB_HASH_ENTRY); + +/* if we are allowed to we use mmap here.... */ + #ifdef HAVE_MMAP - /* make sure the mmap was OK */ - if (cdbp->cdb_map != NULL) { - uschar * cur_pos = cur_offset + cdbp->cdb_map; - uschar * end_pos = end_offset + cdbp->cdb_map; - for (loop = 0; (loop < hash_offlen); ++loop) { - item_hash = cdb_unpack(cur_pos); - cur_pos += 4; - item_posn = cdb_unpack(cur_pos); - cur_pos += 4; - /* if the position is zero then we have a definite miss */ - if (item_posn == 0) - return FAIL; - - if (item_hash == key_hash) { - /* matching hash value */ - uschar * item_ptr = cdbp->cdb_map + item_posn; - item_key_len = cdb_unpack(item_ptr); - item_ptr += 4; - item_dat_len = cdb_unpack(item_ptr); - item_ptr += 4; - /* check key length matches */ - if (item_key_len == key_len) { - /* finally check if key matches */ - if (Ustrncmp(keystring, item_ptr, key_len) == 0) { - /* we have a match.... - * make item_ptr point to data */ - item_ptr += item_key_len; - /* ... and the returned result */ - *result = store_get(item_dat_len + 1); - memcpy(*result, item_ptr, item_dat_len); - (*result)[item_dat_len] = 0; - return OK; - } - } - } - /* handle warp round of table */ - if (cur_pos == end_pos) - cur_pos = cdbp->cdb_map + hash_offset; - } - /* looks like we failed... */ - return FAIL; - } -#endif /* HAVE_MMAP */ - for (loop = 0; (loop < hash_offlen); ++loop) { - uschar packbuf[8]; - if (lseek(cdbp->fileno, (off_t) cur_offset,SEEK_SET) == -1) return DEFER; - if (cdb_bread(cdbp->fileno, packbuf,8) == -1) return DEFER; - item_hash = cdb_unpack(packbuf); - item_posn = cdb_unpack(packbuf + 4); +/* make sure the mmap was OK */ +if (cdbp->cdb_map != NULL) + { + uschar * cur_pos = cur_offset + cdbp->cdb_map; + uschar * end_pos = end_offset + cdbp->cdb_map; + + for (loop = 0; (loop < hash_offlen); ++loop) + { + item_hash = cdb_unpack(cur_pos); + cur_pos += 4; + item_posn = cdb_unpack(cur_pos); + cur_pos += 4; + /* if the position is zero then we have a definite miss */ + if (item_posn == 0) return FAIL; - if (item_hash == key_hash) { - /* matching hash value */ - if (lseek(cdbp->fileno, (off_t) item_posn, SEEK_SET) == -1) return DEFER; - if (cdb_bread(cdbp->fileno, packbuf, 8) == -1) return DEFER; - item_key_len = cdb_unpack(packbuf); + if (item_hash == key_hash) + { /* matching hash value */ + uschar * item_ptr = cdbp->cdb_map + item_posn; + + item_key_len = cdb_unpack(item_ptr); + item_ptr += 4; + item_dat_len = cdb_unpack(item_ptr); + item_ptr += 4; + /* check key length matches */ - if (item_key_len == key_len) { - /* finally check if key matches */ - uschar * item_key = store_get(key_len); - if (cdb_bread(cdbp->fileno, item_key, key_len) == -1) return DEFER; - if (Ustrncmp(keystring, item_key, key_len) == 0) { - /* Reclaim some store */ - store_reset(item_key); - /* matches - get data length */ - item_dat_len = cdb_unpack(packbuf + 4); - /* then we build a new result string */ - *result = store_get(item_dat_len + 1); - if (cdb_bread(cdbp->fileno, *result, item_dat_len) == -1) - return DEFER; - (*result)[item_dat_len] = 0; - return OK; - } + + if (item_key_len == key_len) + { + /* finally check if key matches */ + if (Ustrncmp(keystring, item_ptr, key_len) == 0) + { + /* we have a match.... * make item_ptr point to data */ + + item_ptr += item_key_len; + + /* ... and the returned result */ + + *result = store_get(item_dat_len + 1); + memcpy(*result, item_ptr, item_dat_len); + (*result)[item_dat_len] = 0; + return OK; + } + } + } + /* handle warp round of table */ + if (cur_pos == end_pos) + cur_pos = cdbp->cdb_map + hash_offset; + } + /* looks like we failed... */ + return FAIL; + } + +#endif /* HAVE_MMAP */ + +for (loop = 0; (loop < hash_offlen); ++loop) + { + uschar packbuf[8]; + + if (lseek(cdbp->fileno, (off_t) cur_offset,SEEK_SET) == -1) return DEFER; + if (cdb_bread(cdbp->fileno, packbuf,8) == -1) return DEFER; + + item_hash = cdb_unpack(packbuf); + item_posn = cdb_unpack(packbuf + 4); + + /* if the position is zero then we have a definite miss */ + + if (item_posn == 0) + return FAIL; + + if (item_hash == key_hash) + { /* matching hash value */ + if (lseek(cdbp->fileno, (off_t) item_posn, SEEK_SET) == -1) return DEFER; + if (cdb_bread(cdbp->fileno, packbuf, 8) == -1) return DEFER; + + item_key_len = cdb_unpack(packbuf); + + /* check key length matches */ + + if (item_key_len == key_len) + { /* finally check if key matches */ + uschar * item_key = store_get(key_len); + + if (cdb_bread(cdbp->fileno, item_key, key_len) == -1) return DEFER; + if (Ustrncmp(keystring, item_key, key_len) == 0) { + /* Reclaim some store */ store_reset(item_key); + + /* matches - get data length */ + item_dat_len = cdb_unpack(packbuf + 4); + + /* then we build a new result string. We know we have enough + memory so disable Coverity errors about the tainted item_dat_ken */ + + *result = store_get(item_dat_len + 1); + /* coverity[tainted_data] */ + if (cdb_bread(cdbp->fileno, *result, item_dat_len) == -1) + return DEFER; + + /* coverity[tainted_data] */ + (*result)[item_dat_len] = 0; + return OK; + } + /* Reclaim some store */ + store_reset(item_key); } } - cur_offset += 8; + cur_offset += 8; - /* handle warp round of table */ - if (cur_offset == end_offset) - cur_offset = hash_offset; + /* handle warp round of table */ + if (cur_offset == end_offset) + cur_offset = hash_offset; } - return FAIL; +return FAIL; } diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index 70e6c8c63..da3495beb 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -396,9 +396,8 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) dns_address *da; for (da = dns_address_from_rr(&dnsa, rr); da; da = da->next) { - if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); - yield = string_cat(yield, &size, &ptr, da->address, - Ustrlen(da->address)); + if (ptr != 0) yield = string_catn(yield, &size, &ptr, outsep, 1); + yield = string_cat(yield, &size, &ptr, da->address); } continue; } @@ -406,14 +405,14 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) /* Other kinds of record just have one piece of data each, but there may be several of them, of course. */ - if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); + if (ptr != 0) yield = string_catn(yield, &size, &ptr, outsep, 1); if (type == T_TXT || type == T_SPF) { if (outsep2 == NULL) { /* output only the first item of data */ - yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1), + yield = string_catn(yield, &size, &ptr, (uschar *)(rr->data+1), (rr->data)[0]); } else @@ -424,9 +423,9 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) { uschar chunk_len = (rr->data)[data_offset++]; if (outsep2[0] != '\0' && data_offset != 1) - yield = string_cat(yield, &size, &ptr, outsep2, 1); - yield = string_cat(yield, &size, &ptr, - (uschar *)((rr->data)+data_offset), chunk_len); + yield = string_catn(yield, &size, &ptr, outsep2, 1); + yield = string_catn(yield, &size, &ptr, + US ((rr->data)+data_offset), chunk_len); data_offset += chunk_len; } } @@ -452,7 +451,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) i++) sp += sprintf(CS sp, "%02x", (unsigned char)p[i]); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); } else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SOA, T_SRV */ { @@ -470,7 +469,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) case T_MX: GETSHORT(priority, p); sprintf(CS s, "%d%c", priority, *outsep2); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); break; case T_SRV: @@ -479,7 +478,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) GETSHORT(port, p); sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2, weight, *outsep2, port, *outsep2); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); break; case T_CSA: @@ -508,7 +507,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) } s[1] = ' '; - yield = string_cat(yield, &size, &ptr, s, 2); + yield = string_catn(yield, &size, &ptr, s, 2); break; default: @@ -529,14 +528,14 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) "domain=%s", dns_text_type(type), domain); break; } - else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + else yield = string_cat(yield, &size, &ptr, s); if (type == T_SOA && outsep2 != NULL) { unsigned long serial, refresh, retry, expire, minimum; p += rc; - yield = string_cat(yield, &size, &ptr, outsep2, 1); + yield = string_catn(yield, &size, &ptr, outsep2, 1); rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p, (DN_EXPAND_ARG4_TYPE)s, sizeof(s)); @@ -546,7 +545,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) "domain=%s", dns_text_type(type), domain); break; } - else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + else yield = string_cat(yield, &size, &ptr, s); p += rc; GETLONG(serial, p); GETLONG(refresh, p); @@ -554,7 +553,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) sprintf(CS s, "%c%lu%c%lu%c%lu%c%lu%c%lu", *outsep2, serial, *outsep2, refresh, *outsep2, retry, *outsep2, expire, *outsep2, minimum); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); } } } /* Loop for list of returned records */ diff --git a/src/src/lookups/ibase.c b/src/src/lookups/ibase.c index 10c962019..6405a6448 100644 --- a/src/src/lookups/ibase.c +++ b/src/src/lookups/ibase.c @@ -353,14 +353,14 @@ has the password removed. This copy is also used for debugging output. */ } if (result != NULL) - result = string_cat(result, &ssize, &offset, US "\n", 1); + result = string_catn(result, &ssize, &offset, US "\n", 1); /* Find the number of fields returned. If this is one, we don't add field names to the data. Otherwise we do. */ if (out_sqlda->sqld == 1) { if (out_sqlda->sqlvar[0].sqlind == NULL || *out_sqlda->sqlvar[0].sqlind != -1) /* NULL value yields nothing */ result = - string_cat(result, &ssize, &offset, US buffer, + string_catn(result, &ssize, &offset, US buffer, fetch_field(buffer, sizeof(buffer), &out_sqlda->sqlvar[0])); } @@ -374,19 +374,19 @@ has the password removed. This copy is also used for debugging output. */ string_cat(result, &ssize, &offset, US out_sqlda->sqlvar[i].aliasname, out_sqlda->sqlvar[i].aliasname_length); - result = string_cat(result, &ssize, &offset, US "=", 1); + result = string_catn(result, &ssize, &offset, US "=", 1); /* Quote the value if it contains spaces or is empty */ if (*out_sqlda->sqlvar[i].sqlind == -1) { /* NULL value */ result = - string_cat(result, &ssize, &offset, US "\"\"", 2); + string_catn(result, &ssize, &offset, US "\"\"", 2); } else if (buffer[0] == 0 || Ustrchr(buffer, ' ') != NULL) { int j; result = - string_cat(result, &ssize, &offset, US "\"", 1); + string_catn(result, &ssize, &offset, US "\"", 1); for (j = 0; j < len; j++) { if (buffer[j] == '\"' || buffer[j] == '\\') result = @@ -397,13 +397,12 @@ has the password removed. This copy is also used for debugging output. */ US buffer + j, 1); } result = - string_cat(result, &ssize, &offset, US "\"", 1); + string_catn(result, &ssize, &offset, US "\"", 1); } else { result = - string_cat(result, &ssize, &offset, US buffer, - len); + string_catn(result, &ssize, &offset, US buffer, len); } - result = string_cat(result, &ssize, &offset, US " ", 1); + result = string_catn(result, &ssize, &offset, US " ", 1); } } diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index fe67e7f0a..3db787cce 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Many thanks to Stuart Lynne for contributing the original code for this @@ -734,7 +734,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == /* Results for multiple entries values are separated by newlines. */ - if (data != NULL) data = string_cat(data, &size, &ptr, US"\n", 1); + if (data != NULL) data = string_catn(data, &size, &ptr, US"\n", 1); /* Get the DN from the last result. */ @@ -762,7 +762,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == { /* condition, because of the else */ if (new_dn != NULL) /* below, that's for the first only */ { - data = string_cat(data, &size, &ptr, new_dn, Ustrlen(new_dn)); + data = string_cat(data, &size, &ptr, new_dn); data[ptr] = 0; attribute_found = TRUE; } @@ -796,11 +796,11 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == if (attrs_requested != 1) { if (insert_space) - data = string_cat(data, &size, &ptr, US" ", 1); + data = string_catn(data, &size, &ptr, US" ", 1); else insert_space = TRUE; - data = string_cat(data, &size, &ptr, attr, Ustrlen(attr)); - data = string_cat(data, &size, &ptr, US"=\"", 2); + data = string_cat(data, &size, &ptr, attr); + data = string_catn(data, &size, &ptr, US"=\"", 2); } while (*values != NULL) @@ -818,7 +818,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == attribute and append only every non first value. */ if (data && valuecount > 1) - data = string_cat(data, &size, &ptr, US",", 1); + data = string_catn(data, &size, &ptr, US",", 1); /* For multiple attributes, the data is in quotes. We must escape internal quotes, backslashes, newlines, and must double commas. */ @@ -829,14 +829,14 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == for (j = 0; j < len; j++) { if (value[j] == '\n') - data = string_cat(data, &size, &ptr, US"\\n", 2); + data = string_catn(data, &size, &ptr, US"\\n", 2); else if (value[j] == ',') - data = string_cat(data, &size, &ptr, US",,", 2); + data = string_catn(data, &size, &ptr, US",,", 2); else { if (value[j] == '\"' || value[j] == '\\') - data = string_cat(data, &size, &ptr, US"\\", 1); - data = string_cat(data, &size, &ptr, value+j, 1); + data = string_catn(data, &size, &ptr, US"\\", 1); + data = string_catn(data, &size, &ptr, value+j, 1); } } } @@ -847,12 +847,10 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == { int j; for (j = 0; j < len; j++) - { if (value[j] == ',') - data = string_cat(data, &size, &ptr, US",,", 2); + data = string_catn(data, &size, &ptr, US",,", 2); else - data = string_cat(data, &size, &ptr, value+j, 1); - } + data = string_catn(data, &size, &ptr, value+j, 1); } @@ -865,7 +863,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == /* Closing quote at the end of the data for a named attribute. */ if (attrs_requested != 1) - data = string_cat(data, &size, &ptr, US"\"", 1); + data = string_catn(data, &size, &ptr, US"\"", 1); /* Free the values */ diff --git a/src/src/lookups/lf_quote.c b/src/src/lookups/lf_quote.c index 60c0a760c..2a76756e9 100644 --- a/src/src/lookups/lf_quote.c +++ b/src/src/lookups/lf_quote.c @@ -37,7 +37,11 @@ result = string_append(result, asize, aoffset, 2, name, US"="); /* NULL is handled as an empty string */ -if (value == NULL) value = US""; +if (!value) + { + value = US""; + vlength = 0; + } /* Quote the value if it is empty, contains white space, or starts with a quote character. */ @@ -45,21 +49,19 @@ character. */ if (value[0] == 0 || Ustrpbrk(value, " \t\n\r") != NULL || value[0] == '\"') { int j; - result = string_cat(result, asize, aoffset, US"\"", 1); + result = string_catn(result, asize, aoffset, US"\"", 1); for (j = 0; j < vlength; j++) { if (value[j] == '\"' || value[j] == '\\') - result = string_cat(result, asize, aoffset, US"\\", 1); - result = string_cat(result, asize, aoffset, US value+j, 1); + result = string_catn(result, asize, aoffset, US"\\", 1); + result = string_catn(result, asize, aoffset, US value+j, 1); } - result = string_cat(result, asize, aoffset, US"\"", 1); + result = string_catn(result, asize, aoffset, US"\"", 1); } else - { - result = string_cat(result, asize, aoffset, US value, vlength); - } + result = string_catn(result, asize, aoffset, US value, vlength); -return string_cat(result, asize, aoffset, US" ", 1); +return string_catn(result, asize, aoffset, US" ", 1); } /* End of lf_quote.c */ diff --git a/src/src/lookups/lmdb.c b/src/src/lookups/lmdb.c new file mode 100644 index 000000000..8b0ffd2dd --- /dev/null +++ b/src/src/lookups/lmdb.c @@ -0,0 +1,160 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +#include "../exim.h" + +#ifdef EXPERIMENTAL_LMDB + +#include <lmdb.h> + +typedef struct lmdbstrct +{ +MDB_txn *txn; +MDB_dbi db_dbi; +} Lmdbstrct; + + +/************************************************* +* Open entry point * +*************************************************/ + +static void * +lmdb_open(uschar * filename, uschar ** errmsg) +{ +MDB_env * db_env = NULL; +Lmdbstrct * lmdb_p; +int ret, save_errno; +const uschar * errstr; + +lmdb_p = store_get(sizeof(Lmdbstrct)); +lmdb_p->txn = NULL; + +if ((ret = mdb_env_create(&db_env))) + { + errstr = US"create environment"; + goto bad; + } + +if ((ret = mdb_env_open(db_env, CS filename, MDB_NOSUBDIR|MDB_RDONLY, 0660))) + { + errstr = US"open environment"; + goto bad; + } + +if ((ret = mdb_txn_begin(db_env, NULL, MDB_RDONLY, &lmdb_p->txn))) + { + errstr = US"start transaction"; + goto bad; + } + +if ((ret = mdb_open(lmdb_p->txn, NULL, 0, &lmdb_p->db_dbi))) + { + errstr = US"open database"; + goto bad; + } + +return lmdb_p; + +bad: + save_errno = errno; + if (lmdb_p->txn) mdb_txn_abort(lmdb_p->txn); + if (db_env) mdb_env_close(db_env); + *errmsg = string_sprintf("LMDB: Unable to %s: %s", errstr, mdb_strerror(ret)); + errno = save_errno; + return NULL; +} + + +/************************************************* +* Find entry point * +*************************************************/ + +static int +lmdb_find(void * handle, uschar * filename, + const uschar * keystring, int length, uschar ** result, uschar ** errmsg, + uint * do_cache) +{ +int ret; +MDB_val dbkey, data; +Lmdbstrct * lmdb_p = handle; + +dbkey.mv_data = CS keystring; +dbkey.mv_size = length; + +DEBUG(D_lookup) debug_printf("LMDB: lookup key: %s\n", (char *)keystring); + +if ((ret = mdb_get(lmdb_p->txn, lmdb_p->db_dbi, &dbkey, &data)) == 0) + { + *result = string_copyn(US data.mv_data, data.mv_size); + DEBUG(D_lookup) debug_printf("LMDB: lookup result: %s\n", *result); + return OK; + } +else if (ret == MDB_NOTFOUND) + { + *errmsg = US"LMDB: lookup, no data found"; + DEBUG(D_lookup) debug_printf("%s\n", *errmsg); + return FAIL; + } +else + { + *errmsg = string_sprintf("LMDB: lookup error: %s", mdb_strerror(ret)); + DEBUG(D_lookup) debug_printf("%s\n", *errmsg); + return DEFER; + } +} + + +/************************************************* +* Close entry point * +*************************************************/ + +static void +lmdb_close(void * handle) +{ +Lmdbstrct * lmdb_p = handle; +MDB_env * db_env = mdb_txn_env(lmdb_p->txn); +mdb_txn_abort(lmdb_p->txn); +mdb_env_close(db_env); +} + + +/************************************************* +* Version reporting entry point * +*************************************************/ + +#include "../version.h" + +void +lmdb_version_report(FILE * f) +{ +fprintf(f, "Library version: LMDB: Compile: %d.%d.%d\n", + MDB_VERSION_MAJOR, MDB_VERSION_MINOR, MDB_VERSION_PATCH); +#ifdef DYNLOOKUP +fprintf(f, " Exim version %s\n", EXIM_VERSION_STR); +#endif +} + +static lookup_info lmdb_lookup_info = { + US"lmdb", /* lookup name */ + lookup_absfile, /* query-style lookup */ + lmdb_open, /* open function */ + NULL, /* no check function */ + lmdb_find, /* find function */ + lmdb_close, /* close function */ + NULL, /* tidy function */ + NULL, /* quoting function */ + lmdb_version_report /* version reporting */ +}; + +#ifdef DYNLOOKUP +# define lmdb_lookup_module_info _lookup_module_info +#endif /* DYNLOOKUP */ + +static lookup_info *_lookup_list[] = { &lmdb_lookup_info }; +lookup_module_info lmdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 }; + +#endif /* EXPERIMENTAL_LMDB */ diff --git a/src/src/lookups/lsearch.c b/src/src/lookups/lsearch.c index eb70a45fa..6101d00ac 100644 --- a/src/src/lookups/lsearch.c +++ b/src/src/lookups/lsearch.c @@ -258,7 +258,7 @@ for (last_was_eol = TRUE; ptr = 0; yield = store_get(size); if (*s != 0) - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); /* Now handle continuations */ @@ -294,7 +294,7 @@ for (last_was_eol = TRUE; /* Join a physical or logical line continuation onto the result string. */ - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + yield = string_cat(yield, &size, &ptr, s); } yield[ptr] = 0; diff --git a/src/src/lookups/mysql.c b/src/src/lookups/mysql.c index 68b04dcc8..632541a61 100644 --- a/src/src/lookups/mysql.c +++ b/src/src/lookups/mysql.c @@ -266,12 +266,12 @@ while ((mysql_row_data = mysql_fetch_row(mysql_result)) != NULL) unsigned long *lengths = mysql_fetch_lengths(mysql_result); if (result != NULL) - result = string_cat(result, &ssize, &offset, US"\n", 1); + result = string_catn(result, &ssize, &offset, US"\n", 1); if (num_fields == 1) { if (mysql_row_data[0] != NULL) /* NULL value yields nothing */ - result = string_cat(result, &ssize, &offset, US mysql_row_data[0], + result = string_catn(result, &ssize, &offset, US mysql_row_data[0], lengths[0]); } diff --git a/src/src/lookups/nisplus.c b/src/src/lookups/nisplus.c index 00f30193c..ff632a1ca 100644 --- a/src/src/lookups/nisplus.c +++ b/src/src/lookups/nisplus.c @@ -156,27 +156,26 @@ for (i = 0; i < eo->en_cols.en_cols_len; i++) if (field_name == NULL) { - yield = string_cat(yield, &ssize, &offset,US tc->tc_name, - Ustrlen(tc->tc_name)); - yield = string_cat(yield, &ssize, &offset, US"=", 1); + yield = string_cat(yield, &ssize, &offset,US tc->tc_name); + yield = string_catn(yield, &ssize, &offset, US"=", 1); /* Quote the value if it contains spaces or is empty */ if (value[0] == 0 || Ustrchr(value, ' ') != NULL) { int j; - yield = string_cat(yield, &ssize, &offset, US"\"", 1); + yield = string_catn(yield, &ssize, &offset, US"\"", 1); for (j = 0; j < len; j++) { if (value[j] == '\"' || value[j] == '\\') - yield = string_cat(yield, &ssize, &offset, US"\\", 1); - yield = string_cat(yield, &ssize, &offset, value+j, 1); + yield = string_catn(yield, &ssize, &offset, US"\\", 1); + yield = string_catn(yield, &ssize, &offset, value+j, 1); } - yield = string_cat(yield, &ssize, &offset, US"\"", 1); + yield = string_catn(yield, &ssize, &offset, US"\"", 1); } - else yield = string_cat(yield, &ssize, &offset, value, len); + else yield = string_catn(yield, &ssize, &offset, value, len); - yield = string_cat(yield, &ssize, &offset, US" ", 1); + yield = string_catn(yield, &ssize, &offset, US" ", 1); } /* When the specified field is found, grab its data and finish */ diff --git a/src/src/lookups/oracle.c b/src/src/lookups/oracle.c index 33d223436..d3fba5e4c 100644 --- a/src/src/lookups/oracle.c +++ b/src/src/lookups/oracle.c @@ -400,12 +400,12 @@ while (cda->rc != NO_DATA_FOUND) /* Loop for each row */ ofetch(cda); if(cda->rc == NO_DATA_FOUND) break; - if (result != NULL) result = string_cat(result, &ssize, &offset, "\n", 1); + if (result) result = string_catn(result, &ssize, &offset, "\n", 1); /* Single field - just add on the data */ if (num_fields == 1) - result = string_cat(result, &ssize, &offset, def[0].buf, def[0].col_retlen); + result = string_catn(result, &ssize, &offset, def[0].buf, def[0].col_retlen); /* Multiple fields - precede by file name, removing {lead,trail}ing WS */ @@ -417,8 +417,8 @@ while (cda->rc != NO_DATA_FOUND) /* Loop for each row */ while (*s != 0 && isspace(*s)) s++; slen = Ustrlen(s); while (slen > 0 && isspace(s[slen-1])) slen--; - result = string_cat(result, &ssize, &offset, s, slen); - result = string_cat(result, &ssize, &offset, US"=", 1); + result = string_catn(result, &ssize, &offset, s, slen); + result = string_catn(result, &ssize, &offset, US"=", 1); /* int and float type wont ever need escaping. Otherwise, quote the value if it contains spaces or is empty. */ @@ -427,30 +427,30 @@ while (cda->rc != NO_DATA_FOUND) /* Loop for each row */ (def[i].buf[0] == 0 || strchr(def[i].buf, ' ') != NULL)) { int j; - result = string_cat(result, &ssize, &offset, "\"", 1); + result = string_catn(result, &ssize, &offset, "\"", 1); for (j = 0; j < def[i].col_retlen; j++) { if (def[i].buf[j] == '\"' || def[i].buf[j] == '\\') - result = string_cat(result, &ssize, &offset, "\\", 1); - result = string_cat(result, &ssize, &offset, def[i].buf+j, 1); + result = string_catn(result, &ssize, &offset, "\\", 1); + result = string_catn(result, &ssize, &offset, def[i].buf+j, 1); } - result = string_cat(result, &ssize, &offset, "\"", 1); + result = string_catn(result, &ssize, &offset, "\"", 1); } else switch(desc[i].dbtype) { case INT_TYPE: sprintf(CS tmp, "%d", def[i].int_buf); - result = string_cat(result, &ssize, &offset, tmp, Ustrlen(tmp)); + result = string_cat(result, &ssize, &offset, tmp); break; case FLOAT_TYPE: sprintf(CS tmp, "%f", def[i].flt_buf); - result = string_cat(result, &ssize, &offset, tmp, Ustrlen(tmp)); + result = string_cat(result, &ssize, &offset, tmp); break; case STRING_TYPE: - result = string_cat(result, &ssize, &offset, def[i].buf, + result = string_catn(result, &ssize, &offset, def[i].buf, def[i].col_retlen); break; @@ -461,7 +461,7 @@ while (cda->rc != NO_DATA_FOUND) /* Loop for each row */ goto ORACLE_EXIT; } - result = string_cat(result, &ssize, &offset, " ", 1); + result = string_catn(result, &ssize, &offset, " ", 1); } } diff --git a/src/src/lookups/pgsql.c b/src/src/lookups/pgsql.c index 01c5375bc..735f85554 100644 --- a/src/src/lookups/pgsql.c +++ b/src/src/lookups/pgsql.c @@ -125,11 +125,11 @@ PGconn *pg_conn = NULL; PGresult *pg_result = NULL; int i; +uschar *result = NULL; int ssize = 0; int offset = 0; int yield = DEFER; unsigned int num_fields, num_tuples; -uschar *result = NULL; pgsql_connection *cn; uschar *server_copy = NULL; uschar *sdata[3]; @@ -327,11 +327,11 @@ row, we insert '\n' between them. */ for (i = 0; i < num_tuples; i++) { if (result != NULL) - result = string_cat(result, &ssize, &offset, US"\n", 1); + result = string_catn(result, &ssize, &offset, US"\n", 1); if (num_fields == 1) { - result = string_cat(result, &ssize, &offset, + result = string_catn(result, &ssize, &offset, US PQgetvalue(pg_result, i, 0), PQgetlength(pg_result, i, 0)); } diff --git a/src/src/lookups/redis.c b/src/src/lookups/redis.c index 854d4162a..df4cf0ca6 100644 --- a/src/src/lookups/redis.c +++ b/src/src/lookups/redis.c @@ -219,7 +219,7 @@ if(sdata[1]) { for (argv[i] = NULL, siz = ptr = 0; (c = *s) && !isspace(c); s++) if (c != '\\' || *++s) /* backslash protects next char */ - argv[i] = string_cat(argv[i], &siz, &ptr, s, 1); + argv[i] = string_catn(argv[i], &siz, &ptr, s, 1); *(argv[i]+ptr) = '\0'; DEBUG(D_lookup) debug_printf("REDIS: argv[%d] '%s'\n", i, argv[i]); while (isspace(*s)) s++; @@ -256,12 +256,12 @@ switch (redis_reply->type) case REDIS_REPLY_INTEGER: ttmp = (redis_reply->integer != 0) ? US"true" : US"false"; - result = string_cat(result, &ssize, &offset, US ttmp, Ustrlen(ttmp)); + result = string_cat(result, &ssize, &offset, US ttmp); break; case REDIS_REPLY_STRING: case REDIS_REPLY_STATUS: - result = string_cat(result, &ssize, &offset, + result = string_catn(result, &ssize, &offset, US redis_reply->str, redis_reply->len); break; @@ -275,16 +275,16 @@ switch (redis_reply->type) entry = redis_reply->element[i]; if (result) - result = string_cat(result, &ssize, &offset, US"\n", 1); + result = string_catn(result, &ssize, &offset, US"\n", 1); switch (entry->type) { case REDIS_REPLY_INTEGER: tmp = string_sprintf("%d", entry->integer); - result = string_cat(result, &ssize, &offset, US tmp, Ustrlen(tmp)); + result = string_cat(result, &ssize, &offset, US tmp); break; case REDIS_REPLY_STRING: - result = string_cat(result, &ssize, &offset, + result = string_catn(result, &ssize, &offset, US entry->str, entry->len); break; case REDIS_REPLY_ARRAY: @@ -293,17 +293,16 @@ switch (redis_reply->type) tentry = entry->element[j]; if (result) - result = string_cat(result, &ssize, &offset, US"\n", 1); + result = string_catn(result, &ssize, &offset, US"\n", 1); switch (tentry->type) { case REDIS_REPLY_INTEGER: ttmp = string_sprintf("%d", tentry->integer); - result = string_cat(result, &ssize, &offset, - US ttmp, Ustrlen(ttmp)); + result = string_cat(result, &ssize, &offset, US ttmp); break; case REDIS_REPLY_STRING: - result = string_cat(result, &ssize, &offset, + result = string_catn(result, &ssize, &offset, US tentry->str, tentry->len); break; case REDIS_REPLY_ARRAY: diff --git a/src/src/lookups/spf.c b/src/src/lookups/spf.c index 2671fc9c4..ad56a2a8d 100644 --- a/src/src/lookups/spf.c +++ b/src/src/lookups/spf.c @@ -13,6 +13,7 @@ * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * + * Copyright (c) The Exim Maintainers 2016 */ #include "../exim.h" @@ -51,7 +52,7 @@ spf_close(void *handle) } static int -spf_find(void *handle, uschar *filename, uschar *keystring, int key_len, +spf_find(void *handle, uschar *filename, const uschar *keystring, int key_len, uschar **result, uschar **errmsg, uint *do_cache) { SPF_server_t *spf_server = handle; diff --git a/src/src/lookups/sqlite.c b/src/src/lookups/sqlite.c index e2330f920..6e7b015bc 100644 --- a/src/src/lookups/sqlite.c +++ b/src/src/lookups/sqlite.c @@ -55,7 +55,7 @@ int i; /* For second and subsequent results, insert \n */ if (res->string != NULL) - res->string = string_cat(res->string, &res->size, &res->len, US"\n", 1); + res->string = string_catn(res->string, &res->size, &res->len, US"\n", 1); if (argc > 1) { diff --git a/src/src/macros.h b/src/src/macros.h index 645799d99..1b7cf4abf 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -15,6 +15,11 @@ a string as a text string. This is sometimes useful for debugging output. */ /* Number of elements of an array */ #define nelem(arr) (sizeof(arr) / sizeof(*arr)) +/* Maximum of two items */ +#ifndef MAX +# define MAX(a,b) ((a) > (b) ? (a) : (b)) +#endif + /* When running in the test harness, the load average is fudged. */ @@ -320,6 +325,13 @@ for having to swallow the rest of an SMTP message is whether the value is #define END_NOTENDED 3 /* Message reading not yet ended */ #define END_SIZE 4 /* Reading ended because message too big */ #define END_WERROR 5 /* Write error while reading the message */ +#define END_PROTOCOL 6 /* Protocol error in CHUNKING sequence */ + +/* result codes for bdat_getc() (which can also return EOF) */ + +#define EOD (-2) +#define ERR (-3) + /* Bit masks for debug and log selectors */ @@ -446,15 +458,19 @@ enum { LOG_BIT(smtp_protocol_error), LOG_BIT(smtp_syntax_error), - Li_acl_warn_skipped = BITWORDSIZE, + Li_8bitmime = BITWORDSIZE, + Li_acl_warn_skipped, Li_arguments, Li_deliver_time, Li_delivery_size, + Li_dnssec, Li_ident_timeout, Li_incoming_interface, Li_incoming_port, + Li_outgoing_interface, Li_outgoing_port, Li_pid, + Li_proxy, Li_queue_time, Li_queue_time_overall, Li_received_sender, @@ -464,6 +480,7 @@ enum { Li_sender_on_delivery, Li_sender_verify_fail, Li_smtp_confirmation, + Li_smtp_mailauth, Li_smtp_no_mail, Li_subject, Li_tls_certificate_verified, @@ -471,18 +488,15 @@ enum { Li_tls_peerdn, Li_tls_sni, Li_unknown_in_list, - Li_8bitmime, - Li_smtp_mailauth, - Li_proxy, - Li_outgoing_interface, - log_selector_size = BITWORD(Li_outgoing_interface) + 1 + log_selector_size = BITWORD(Li_unknown_in_list) + 1 }; #define LOGGING(opt) BIT_TEST(log_selector, log_selector_size, Li_##opt) /* Private error numbers for delivery failures, set negative so as not -to conflict with system errno values. */ +to conflict with system errno values. Take care to maintain the string +table exim_errstrings[] in log.c */ #define ERRNO_UNKNOWNERROR (-1) #define ERRNO_USERSLASH (-2) @@ -547,6 +561,8 @@ to conflict with system errno values. */ #define ERRNO_QUEUE_DOMAIN (-55) /* Domain in queue_domains */ #define ERRNO_TRETRY (-56) /* Transport concurrency limit */ + + /* Special actions to take after failure or deferment. */ enum { @@ -783,7 +799,8 @@ most recent SMTP commands. Must be kept in step with the list of names in smtp_in.c that is used for creating the smtp_no_mail logging action. SCH_NONE is "empty". */ -enum { SCH_NONE, SCH_AUTH, SCH_DATA, SCH_EHLO, SCH_ETRN, SCH_EXPN, SCH_HELO, +enum { SCH_NONE, SCH_AUTH, SCH_DATA, SCH_BDAT, + SCH_EHLO, SCH_ETRN, SCH_EXPN, SCH_HELO, SCH_HELP, SCH_MAIL, SCH_NOOP, SCH_QUIT, SCH_RCPT, SCH_RSET, SCH_STARTTLS, SCH_VRFY }; @@ -833,6 +850,7 @@ enum { #define topt_no_headers 0x020 /* Omit headers */ #define topt_no_body 0x040 /* Omit body */ #define topt_escape_headers 0x080 /* Apply escape check to headers */ +#define topt_use_bdat 0x100 /* prepend chunks with RFC3030 BDAT header */ /* Flags for recipient_block, used in DSN support */ @@ -948,6 +966,7 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; #define PEER_OFFERED_DSN BIT(4) #define PEER_OFFERED_PIPE BIT(5) #define PEER_OFFERED_SIZE BIT(6) +#define PEER_OFFERED_CHUNKING BIT(7) /* End of macros.h */ diff --git a/src/src/malware.c b/src/src/malware.c index 9dd241b8c..b36bf0d64 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ /* Code for calling virus (malware) scanners. Called from acl.c. */ @@ -106,7 +108,7 @@ BOOL malware_ok = FALSE; the scan directory normally for that case, but look into rigging up the needed header variables if not already set on the command-line? */ extern int spool_mbox_ok; -extern uschar spooled_message_id[17]; +extern uschar spooled_message_id[MESSAGE_ID_LENGTH+1]; @@ -628,7 +630,7 @@ if (!malware_ok) sock); } - if (!(drweb_fbuf = (uschar *) malloc (fsize_uint))) + if (!(drweb_fbuf = US malloc(fsize_uint))) { (void)close(drweb_fd); return m_errlog_defer_3(scanent, NULL, @@ -657,7 +659,6 @@ if (!malware_ok) "unable to send file body to socket (%s)", scanner_options), sock); } - (void)close(drweb_fd); } else { @@ -1002,7 +1003,9 @@ if (!malware_ok) kav_re = kav_re_inf; } - /* read report, linewise */ + /* read report, linewise. Using size from stream to read amount of data + from same stream is safe enough. */ + /* coverity[tainted_data] */ while (kav_reportlen > 0) { if ((bread = recv_line(sock, tmpbuf, sizeof(tmpbuf), tmo)) < 0) @@ -1304,11 +1307,8 @@ if (!malware_ok) /* parse options */ /*XXX should these options be common over scanner types? */ if (clamd_option(cd, sublist, &subsep) != OK) - { return m_errlog_defer(scanent, NULL, string_sprintf("bad option '%s'", scanner_options)); - continue; - } cv[num_servers++] = cd; if (num_servers >= MAX_CLAMD_SERVERS) @@ -1488,7 +1488,7 @@ if (!malware_ok) } lseek(clam_fd, 0, SEEK_SET); - if (!(clamav_fbuf = (uschar *) malloc (fsize_uint))) + if (!(clamav_fbuf = US malloc(fsize_uint))) { CLOSE_SOCKDATA; (void)close(clam_fd); return m_errlog_defer_3(scanent, NULL, @@ -1949,15 +1949,15 @@ Returns: Exim message processing code (OK, FAIL, DEFER, ...) int malware(const uschar * malware_re, int timeout) { - uschar * scan_filename; - int ret; +uschar * scan_filename; +int ret; - scan_filename = string_sprintf("%s/scan/%s/%s.eml", - spool_directory, message_id, message_id); - ret = malware_internal(malware_re, scan_filename, timeout, FALSE); - if (ret == DEFER) av_failed = TRUE; +scan_filename = string_sprintf("%s/scan/%s/%s.eml", + spool_directory, message_id, message_id); +ret = malware_internal(malware_re, scan_filename, timeout, FALSE); +if (ret == DEFER) av_failed = TRUE; - return ret; +return ret; } @@ -1979,32 +1979,35 @@ Returns: Exim message processing code (OK, FAIL, DEFER, ...) int malware_in_file(uschar *eml_filename) { - uschar message_id_buf[64]; - int ret; - - /* spool_mbox() assumes various parameters exist, when creating - the relevant directory and the email within */ - (void) string_format(message_id_buf, sizeof(message_id_buf), - "dummy-%d", vaguely_random_number(INT_MAX)); - message_id = message_id_buf; - sender_address = US"malware-sender@example.net"; - return_path = US""; - recipients_list = NULL; - receive_add_recipient(US"malware-victim@example.net", -1); - enable_dollar_recipients = TRUE; - - ret = malware_internal(US"*", eml_filename, 0, TRUE); - - Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id)); - spool_mbox_ok = 1; - /* don't set no_mbox_unspool; at present, there's no way for it to become - set, but if that changes, then it should apply to these tests too */ - unspool_mbox(); - - /* silence static analysis tools */ - message_id = NULL; - - return ret; +uschar message_id_buf[64]; +int ret; + +/* spool_mbox() assumes various parameters exist, when creating +the relevant directory and the email within */ + +(void) string_format(message_id_buf, sizeof(message_id_buf), + "dummy-%d", vaguely_random_number(INT_MAX)); +message_id = message_id_buf; +sender_address = US"malware-sender@example.net"; +return_path = US""; +recipients_list = NULL; +receive_add_recipient(US"malware-victim@example.net", -1); +enable_dollar_recipients = TRUE; + +ret = malware_internal(US"*", eml_filename, 0, TRUE); + +Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id)); +spool_mbox_ok = 1; + +/* don't set no_mbox_unspool; at present, there's no way for it to become +set, but if that changes, then it should apply to these tests too */ + +unspool_mbox(); + +/* silence static analysis tools */ +message_id = NULL; + +return ret; } diff --git a/src/src/mime.c b/src/src/mime.c index 7b1fa387d..5ed15b081 100644 --- a/src/src/mime.c +++ b/src/src/mime.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004, 2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004, 2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ #include "exim.h" #ifdef WITH_CONTENT_SCAN /* entire file */ @@ -12,7 +14,16 @@ FILE *mime_stream = NULL; uschar *mime_current_boundary = NULL; -static int mime_header_list_size = sizeof(mime_header_list)/sizeof(mime_header); + +static mime_header mime_header_list[] = { + { US"content-type:", 13, &mime_content_type }, + { US"content-disposition:", 20, &mime_content_disposition }, + { US"content-transfer-encoding:", 26, &mime_content_transfer_encoding }, + { US"content-id:", 11, &mime_content_id }, + { US"content-description:", 20, &mime_content_description } +}; + +static int mime_header_list_size = nelem(mime_header_list); static mime_parameter mime_parameter_list[] = { { US"name=", 5, &mime_filename }, @@ -177,21 +188,17 @@ return size; } +/* + * Return open filehandle for combo of path and file. + * Side-effect: set mime_decoded_filename, to copy in allocated mem + */ static FILE * mime_get_decode_file(uschar *pname, uschar *fname) { -FILE *f = NULL; -uschar *filename; - -filename = (uschar *)malloc(2048); - if (pname && fname) - { - (void)string_format(filename, 2048, "%s/%s", pname, fname); - f = modefopen(filename,"wb+",SPOOL_MODE); - } + mime_decoded_filename = string_sprintf("%s/%s", pname, fname); else if (!pname) - f = modefopen(fname,"wb+",SPOOL_MODE); + mime_decoded_filename = string_copy(fname); else if (!fname) { int file_nr = 0; @@ -201,21 +208,15 @@ else if (!fname) do { struct stat mystat; - (void)string_format(filename, 2048, - "%s/%s-%05u", pname, message_id, file_nr++); + mime_decoded_filename = string_sprintf("%s/%s-%05u", pname, message_id, file_nr++); /* security break */ if (file_nr >= 1024) break; - result = stat(CS filename, &mystat); + result = stat(CS mime_decoded_filename, &mystat); } while(result != -1); - - f = modefopen(filename, "wb+", SPOOL_MODE); } -/* set expansion variable */ -mime_decoded_filename = filename; - -return f; +return modefopen(mime_decoded_filename, "wb+", SPOOL_MODE); } @@ -232,11 +233,9 @@ long f_pos = 0; ssize_t size_counter = 0; ssize_t (*decode_function)(FILE*, FILE*, uschar*); -if (mime_stream == NULL) +if (!mime_stream || (f_pos = ftell(mime_stream)) < 0) return FAIL; -f_pos = ftell(mime_stream); - /* build default decode path (will exist since MBOX must be spooled up) */ (void)string_format(decode_path,1024,"%s/scan/%s",spool_directory,message_id); @@ -246,7 +245,7 @@ if ((option = string_nextinlist(&list, &sep, sizeof(option_buffer))) != NULL) { /* parse 1st option */ - if ( (Ustrcmp(option,"false") == 0) || (Ustrcmp(option,"0") == 0) ) + if ((Ustrcmp(option,"false") == 0) || (Ustrcmp(option,"0") == 0)) /* explicitly no decoding */ return FAIL; @@ -295,7 +294,8 @@ decode_function = size_counter = decode_function(mime_stream, decode_file, mime_current_boundary); clearerr(mime_stream); -fseek(mime_stream, f_pos, SEEK_SET); +if (fseek(mime_stream, f_pos, SEEK_SET)) + return DEFER; if (fclose(decode_file) != 0 || size_counter < 0) return DEFER; @@ -453,11 +453,11 @@ while (*s && *s != ';') /* ; terminates */ { s++; /* skip opening " */ while (*s && *s != '"') /* " protects ; */ - val = string_cat(val, &size, &ptr, s++, 1); + val = string_catn(val, &size, &ptr, s++, 1); if (*s) s++; /* skip closing " */ } else - val = string_cat(val, &size, &ptr, s++, 1); + val = string_catn(val, &size, &ptr, s++, 1); if (val) val[ptr] = '\0'; *sp = s; return val; @@ -484,24 +484,24 @@ static uschar * rfc2231_to_2047(const uschar * fname, const uschar * charset, int * len) { int size = 0, ptr = 0; -uschar * val = string_cat(NULL, &size, &ptr, US"=?", 2); +uschar * val = string_catn(NULL, &size, &ptr, US"=?", 2); uschar c; if (charset) - val = string_cat(val, &size, &ptr, charset, Ustrlen(charset)); -val = string_cat(val, &size, &ptr, US"?Q?", 3); + val = string_cat(val, &size, &ptr, charset); +val = string_catn(val, &size, &ptr, US"?Q?", 3); while ((c = *fname)) if (c == '%' && isxdigit(fname[1]) && isxdigit(fname[2])) { - val = string_cat(val, &size, &ptr, US"=", 1); - val = string_cat(val, &size, &ptr, ++fname, 2); + val = string_catn(val, &size, &ptr, US"=", 1); + val = string_catn(val, &size, &ptr, ++fname, 2); fname += 2; } else - val = string_cat(val, &size, &ptr, fname++, 1); + val = string_catn(val, &size, &ptr, fname++, 1); -val = string_cat(val, &size, &ptr, US"?=", 2); +val = string_catn(val, &size, &ptr, US"?=", 2); val[*len = ptr] = '\0'; return val; } @@ -799,7 +799,7 @@ while(1) if (!mime_decoded_filename) /* decoding failed */ { log_write(0, LOG_MAIN, - "mime_regex acl condition warning - could not decode RFC822 MIME part to file."); + "MIME acl condition warning - could not decode RFC822 MIME part to file."); rc = DEFER; goto out; } diff --git a/src/src/mime.h b/src/src/mime.h index 5c030ebca..5fd4392d5 100644 --- a/src/src/mime.h +++ b/src/src/mime.h @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004, 2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004, 2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ #ifdef WITH_CONTENT_SCAN @@ -27,16 +29,6 @@ typedef struct mime_header { uschar ** value; } mime_header; -static mime_header mime_header_list[] = { - { US"content-type:", 13, &mime_content_type }, - { US"content-disposition:", 20, &mime_content_disposition }, - { US"content-transfer-encoding:", 26, &mime_content_transfer_encoding }, - { US"content-id:", 11, &mime_content_id }, - { US"content-description:", 20, &mime_content_description } -}; - - - typedef struct mime_parameter { uschar * name; diff --git a/src/src/moan.c b/src/src/moan.c index 7d1a2c681..6d922a5a4 100644 --- a/src/src/moan.c +++ b/src/src/moan.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for sending messages to sender or to mailmaster. */ @@ -279,14 +279,12 @@ if (bounce_return_message) if (bounce_return_body && message_file) { - int ch; - enum {midline, beginline, haddot} state = beginline; BOOL enddot = dot_ends && message_file == stdin; uschar * buf = store_get(bounce_return_linesize_limit+2); if (firstline) fprintf(f, "%s", CS firstline); - while (fgets(buf, bounce_return_linesize_limit+2, message_file)) + while (fgets(CS buf, bounce_return_linesize_limit+2, message_file)) { int len; @@ -306,11 +304,11 @@ if (bounce_return_message) if (size_limit > 0 && len > size_limit - written) { buf[size_limit - written] = '\0'; - fputs(buf, f); + fputs(CS buf, f); break; } - fputs(buf, f); + fputs(CS buf, f); } } #ifdef EXPERIMENTAL_DMARC diff --git a/src/src/mytypes.h b/src/src/mytypes.h index 4d367a95b..b288a32cb 100644 --- a/src/src/mytypes.h +++ b/src/src/mytypes.h @@ -14,15 +14,15 @@ local_scan.h includes it and exim.h includes them both (to get this earlier). */ #define MYTYPES_H #ifndef FALSE -#define FALSE 0 +# define FALSE 0 #endif #ifndef TRUE -#define TRUE 1 +# define TRUE 1 #endif #ifndef TRUE_UNSET -#define TRUE_UNSET 2 +# define TRUE_UNSET 2 #endif @@ -30,17 +30,17 @@ local_scan.h includes it and exim.h includes them both (to get this earlier). */ the arguments of printf-like functions. This is done by a macro. */ #if defined(__GNUC__) || defined(__clang__) -#define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B))) -#define ARG_UNUSED __attribute__((__unused__)) +# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B))) +# define ARG_UNUSED __attribute__((__unused__)) #else -#define PRINTF_FUNCTION(A,B) -#define ARG_UNUSED /**/ +# define PRINTF_FUNCTION(A,B) +# define ARG_UNUSED /**/ #endif #ifdef WANT_DEEPER_PRINTF_CHECKS -#define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B) +# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B) #else -#define ALMOST_PRINTF(A, B) +# define ALMOST_PRINTF(A, B) #endif @@ -49,7 +49,7 @@ the standard header files, so we use "uschar". Solaris has u_char in sys/types.h. This is just a typing convenience, of course. */ typedef unsigned char uschar; -typedef int BOOL; +typedef unsigned BOOL; /* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined elsewhere */ diff --git a/src/src/os.c b/src/src/os.c index ee754f9f2..47af038f7 100644 --- a/src/src/os.c +++ b/src/src/os.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2014 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ #ifdef STAND_ALONE @@ -833,9 +833,57 @@ os_get_dns_resolver_res(void) #endif /* OS_GET_DNS_RESOLVER_RES */ +/* ----------------------------------------------------------------------- */ + +/*********************************************************** +* unsetenv() * +***********************************************************/ + +/* Most modern systems define int unsetenv(const char*), +* some don't. */ + +#if !defined(OS_UNSETENV) +int +os_unsetenv(const unsigned char * name) +{ +return unsetenv((char *)name); +} +#endif /* ----------------------------------------------------------------------- */ +/*********************************************************** +* getcwd() * +***********************************************************/ + +/* Glibc allows getcwd(NULL, 0) to do auto-allocation. Some systems +do auto-allocation, but need the size of the buffer, and others +may not even do this. If the OS supports getcwd(NULL, 0) we'll use +this, for all other systems we provide our own getcwd() */ + +#if !defined(OS_GETCWD) +unsigned char * +os_getcwd(unsigned char * buffer, size_t size) +{ +return (unsigned char *) getcwd((char *)buffer, size); +} +#else +#ifndef PATH_MAX +# define PATH_MAX 4096 +#endif +unsigned char * +os_getcwd(unsigned char * buffer, size_t size) +{ +char * b = (char *)buffer; + +if (!size) size = PATH_MAX; +if (!b && !(b = malloc(size))) return NULL; +if (!(b = getcwd(b, size))) return NULL; +return realloc(b, strlen(b) + 1); +} +#endif + +/* ----------------------------------------------------------------------- */ diff --git a/src/src/osfunctions.h b/src/src/osfunctions.h index 552712744..4e6e9a91c 100644 --- a/src/src/osfunctions.h +++ b/src/src/osfunctions.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2009 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Prototypes for os-specific functions. For utilities, we don't need the one @@ -32,5 +32,11 @@ extern const char *os_strexit(int); /* char to match os_strsignal */ #ifndef os_strsignal extern const char *os_strsignal(int); /* char to match strsignal in some OS */ #endif +#ifndef os_unsetenv +extern int os_unsetenv(const uschar *); +#endif +#ifndef os_getcwd +extern uschar *os_getcwd(uschar *, size_t); +#endif /* End of osfunctions.h */ diff --git a/src/src/parse.c b/src/src/parse.c index d3f382b96..3d942fd95 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -1425,7 +1425,7 @@ for (;;) /* Check file name if required */ - if (directory != NULL) + if (directory) { int len = Ustrlen(directory); uschar *p = filename + len; @@ -1437,16 +1437,53 @@ for (;;) return FF_ERROR; } +#ifdef EXIM_HAVE_OPENAT + /* It is necessary to check that every component inside the directory + is NOT a symbolic link, in order to keep the file inside the directory. + This is mighty tedious. We open the directory and openat every component, + with a flag that fails symlinks. */ + + { + int fd = open(CS directory, O_RDONLY); + if (fd < 0) + { + *error = string_sprintf("failed to open directory %s", directory); + return FF_ERROR; + } + while (*p) + { + uschar temp; + int fd2; + uschar * q = p; + + while (*++p && *p != '/') ; + temp = *p; + *p = '\0'; + + fd2 = openat(fd, CS q, O_RDONLY|O_NOFOLLOW); + close(fd); + *p = temp; + if (fd2 < 0) + { + *error = string_sprintf("failed to open %s (component of included " + "file); could be symbolic link", filename); + return FF_ERROR; + } + fd = fd2; + } + f = fdopen(fd, "rb"); + } +#else /* It is necessary to check that every component inside the directory is NOT a symbolic link, in order to keep the file inside the directory. This is mighty tedious. It is also not totally foolproof in that it leaves the possibility of a race attack, but I don't know how to do any better. */ - while (*p != 0) + while (*p) { int temp; - while (*(++p) != 0 && *p != '/'); + while (*++p && *p != '/'); temp = *p; *p = 0; if (Ulstat(filename, &statbuf) != 0) @@ -1466,11 +1503,16 @@ for (;;) return FF_ERROR; } } +#endif } - /* Open and stat the file */ +#ifdef EXIM_HAVE_OPENAT + else +#endif + /* Open and stat the file */ + f = Ufopen(filename, "rb"); - if ((f = Ufopen(filename, "rb")) == NULL) + if (!f) { *error = string_open_failed(errno, "included file %s", filename); return FF_INCLUDEFAIL; @@ -1486,7 +1528,7 @@ for (;;) /* If directory was checked, double check that we opened a regular file */ - if (directory != NULL && (statbuf.st_mode & S_IFMT) != S_IFREG) + if (directory && (statbuf.st_mode & S_IFMT) != S_IFREG) { *error = string_sprintf("included file %s is not a regular file in " "the %s directory", filename, directory); @@ -1518,10 +1560,9 @@ for (;;) error, incoming_domain, directory, syntax_errors); if (frc != FF_DELIVERED && frc != FF_NOTDELIVERED) return frc; - if (addr != NULL) + if (addr) { - last = addr; - while (last->next != NULL) { count++; last = last->next; } + for (last = addr; last->next; last = last->next) count++; last->next = *anchor; *anchor = addr; count++; diff --git a/src/src/pdkim/Makefile b/src/src/pdkim/Makefile index c72a9426b..c298568ea 100644 --- a/src/src/pdkim/Makefile +++ b/src/src/pdkim/Makefile @@ -1,6 +1,6 @@ # Make file for building the pdkim library. -OBJ = pdkim.o hash.o rsa.o +OBJ = pdkim.o rsa.o pdkim.a: $(OBJ) @$(RM_COMMAND) -f pdkim.a @@ -12,8 +12,7 @@ pdkim.a: $(OBJ) .c.o:; @echo "$(CC) $*.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -I. $*.c -pdkim.o: $(HDRS) crypt_ver.h hash.h blob.h pdkim.h pdkim.c -hash.o: $(HDRS) crypt_ver.h hash.h blob.h pdkim.h hash.c -rsa.o: $(HDRS) crypt_ver.h rsa.h blob.h rsa.c +pdkim.o: $(HDRS) crypt_ver.h pdkim.h pdkim.c +rsa.o: $(HDRS) crypt_ver.h rsa.h rsa.c # End diff --git a/src/src/pdkim/crypt_ver.h b/src/src/pdkim/crypt_ver.h index 2a9dde952..cd2171c82 100644 --- a/src/src/pdkim/crypt_ver.h +++ b/src/src/pdkim/crypt_ver.h @@ -8,25 +8,19 @@ /* RSA and SHA routine selection for PDKIM */ #include "../exim.h" +#include "../sha_ver.h" #ifdef USE_GNUTLS # include <gnutls/gnutls.h> -# if GNUTLS_VERSION_NUMBER > 0x020c00 +# if GNUTLS_VERSION_NUMBER >= 0x30000 # define RSA_GNUTLS # else # define RSA_GCRYPT # endif -# if GNUTLS_VERSION_NUMBER >= 0x020a00 -# define SHA_GNUTLS -# else -# define SHA_GCRYPT -# endif - #else # define RSA_OPENSSL -# define SHA_OPENSSL #endif diff --git a/src/src/pdkim/hash.c b/src/src/pdkim/hash.c deleted file mode 100644 index 0751683e4..000000000 --- a/src/src/pdkim/hash.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * PDKIM - a RFC4871 (DKIM) implementation - * - * Copyright (C) 2016 Exim maintainers - * - * Hash interface functions - */ - -#include "../exim.h" - -#ifndef DISABLE_DKIM /* entire file */ - -#ifndef SUPPORT_TLS -# error Need SUPPORT_TLS for DKIM -#endif - -#include "crypt_ver.h" - -#ifdef RSA_OPENSSL -# include <openssl/rsa.h> -# include <openssl/ssl.h> -# include <openssl/err.h> -#elif defined(RSA_GNUTLS) -# include <gnutls/gnutls.h> -# include <gnutls/x509.h> -# ifdef RSA_VERIFY_GNUTLS -# include <gnutls/abstract.h> -# endif -#endif - -#ifdef SHA_GNUTLS -# include <gnutls/crypto.h> -#endif - -#include "hash.h" - - -/******************************************************************************/ -#ifdef SHA_OPENSSL - -void -exim_sha_init(hctx * h, BOOL sha1) -{ -h->sha1 = sha1; -h->hashlen = sha1 ? 20 : 32; -if (h->sha1) - SHA1_Init (&h->u.sha1); -else - SHA256_Init(&h->u.sha2); -} - - -void -exim_sha_update(hctx * h, const char * data, int len) -{ -if (h->sha1) - SHA1_Update (&h->u.sha1, data, len); -else - SHA256_Update(&h->u.sha2, data, len); -} - - -void -exim_sha_finish(hctx * h, blob * b) -{ -b->data = store_get(b->len = h->hashlen); - -if (h->sha1) - SHA1_Final (b->data, &h->u.sha1); -else - SHA256_Final(b->data, &h->u.sha2); -} - - - -#elif defined(SHA_GNUTLS) -/******************************************************************************/ - -void -exim_sha_init(hctx * h, BOOL sha1) -{ -h->sha1 = sha1; -h->hashlen = sha1 ? 20 : 32; -gnutls_hash_init(&h->sha, sha1 ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256); -} - - -void -exim_sha_update(hctx * h, const char * data, int len) -{ -gnutls_hash(h->sha, data, len); -} - - -void -exim_sha_finish(hctx * h, blob * b) -{ -b->data = store_get(b->len = h->hashlen); -gnutls_hash_output(h->sha, b->data); -} - - - -#elif defined(SHA_GCRYPT) -/******************************************************************************/ - -void -exim_sha_init(hctx * h, BOOL sha1) -{ -h->sha1 = sha1; -h->hashlen = sha1 ? 20 : 32; -gcry_md_open(&h->sha, sha1 ? GCRY_MD_SHA1 : GCRY_MD_SHA256, 0); -} - - -void -exim_sha_update(hctx * h, const char * data, int len) -{ -gcry_md_write(h->sha, data, len); -} - - -void -exim_sha_finish(hctx * h, blob * b) -{ -b->data = store_get(b->len = h->hashlen); -memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); -} - - - - -#elif defined(SHA_POLARSSL) -/******************************************************************************/ - -void -exim_sha_init(hctx * h, BOOL sha1) -{ -h->sha1 = sha1; -h->hashlen = sha1 ? 20 : 32; -if (h->sha1) - sha1_starts(&h->u.sha1); -else - sha2_starts(&h->u.sha2, 0); -} - - -void -exim_sha_update(hctx * h, const char * data, int len) -{ -if (h->sha1) - sha1_update(h->u.sha1, US data, len); -else - sha2_update(h->u.sha2, US data, len); -} - - -void -exim_sha_finish(hctx * h, blob * b) -{ -b->data = store_get(b->len = h->hashlen); - -if (h->sha1) - sha1_finish(h->u.sha1, b->data); -else - sha2_finish(h->u.sha2, b->data); -} - -#endif -/******************************************************************************/ - -/* Common to all library versions */ -int -exim_sha_hashlen(hctx * h) -{ -return h->sha1 ? 20 : 32; -} - - -#endif /*DISABLE_DKIM*/ -/* End of File */ diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 64b158184..7bfcdf4aa 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -45,7 +45,7 @@ #include "rsa.h" #define PDKIM_SIGNATURE_VERSION "1" -#define PDKIM_PUB_RECORD_VERSION "DKIM1" +#define PDKIM_PUB_RECORD_VERSION US "DKIM1" #define PDKIM_MAX_HEADER_LEN 65536 #define PDKIM_MAX_HEADERS 512 @@ -62,58 +62,51 @@ /* -------------------------------------------------------------------------- */ struct pdkim_stringlist { - char *value; - int tag; - void *next; -}; - -#define PDKIM_STR_ALLOC_FRAG 256 -struct pdkim_str { - char *str; - unsigned int len; - unsigned int allocated; + uschar * value; + int tag; + void * next; }; /* -------------------------------------------------------------------------- */ /* A bunch of list constants */ -const char *pdkim_querymethods[] = { - "dns/txt", +const uschar * pdkim_querymethods[] = { + US"dns/txt", NULL }; -const char *pdkim_algos[] = { - "rsa-sha256", - "rsa-sha1", +const uschar * pdkim_algos[] = { + US"rsa-sha256", + US"rsa-sha1", NULL }; -const char *pdkim_canons[] = { - "simple", - "relaxed", +const uschar * pdkim_canons[] = { + US"simple", + US"relaxed", NULL }; -const char *pdkim_hashes[] = { - "sha256", - "sha1", +const uschar * pdkim_hashes[] = { + US"sha256", + US"sha1", NULL }; -const char *pdkim_keytypes[] = { - "rsa", +const uschar * pdkim_keytypes[] = { + US"rsa", NULL }; typedef struct pdkim_combined_canon_entry { - const char *str; + const uschar * str; int canon_headers; int canon_body; } pdkim_combined_canon_entry; pdkim_combined_canon_entry pdkim_combined_canons[] = { - { "simple/simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE }, - { "simple/relaxed", PDKIM_CANON_SIMPLE, PDKIM_CANON_RELAXED }, - { "relaxed/simple", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE }, - { "relaxed/relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_RELAXED }, - { "simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE }, - { "relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE }, - { NULL, 0, 0 } + { US"simple/simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE }, + { US"simple/relaxed", PDKIM_CANON_SIMPLE, PDKIM_CANON_RELAXED }, + { US"relaxed/simple", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE }, + { US"relaxed/relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_RELAXED }, + { US"simple", PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE }, + { US"relaxed", PDKIM_CANON_RELAXED, PDKIM_CANON_SIMPLE }, + { NULL, 0, 0 } }; @@ -122,26 +115,47 @@ pdkim_combined_canon_entry pdkim_combined_canons[] = { const char * pdkim_verify_status_str(int status) { - switch(status) { - case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE"; - case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID"; - case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL"; - case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS"; - default: return "PDKIM_VERIFY_UNKNOWN"; +switch(status) + { + case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE"; + case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID"; + case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL"; + case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS"; + default: return "PDKIM_VERIFY_UNKNOWN"; } } const char * pdkim_verify_ext_status_str(int ext_status) { - switch(ext_status) { - case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY"; - case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE"; - case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE"; - case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE"; - case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD"; - case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT"; - default: return "PDKIM_VERIFY_UNKNOWN"; +switch(ext_status) + { + case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY"; + case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE"; + case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE"; + case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE"; + case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD"; + case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT"; + case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: return "PDKIM_VERIFY_INVALID_SIGNATURE_ERROR"; + case PDKIM_VERIFY_INVALID_DKIM_VERSION: return "PDKIM_VERIFY_INVALID_DKIM_VERSION"; + default: return "PDKIM_VERIFY_UNKNOWN"; + } +} + +const char * +pdkim_errstr(int status) +{ +switch(status) + { + case PDKIM_OK: return "OK"; + case PDKIM_FAIL: return "FAIL"; + case PDKIM_ERR_RSA_PRIVKEY: return "RSA_PRIVKEY"; + case PDKIM_ERR_RSA_SIGNING: return "RSA SIGNING"; + case PDKIM_ERR_LONG_LINE: return "RSA_LONG_LINE"; + case PDKIM_ERR_BUFFER_TOO_SMALL: return "BUFFER_TOO_SMALL"; + case PDKIM_SIGN_PRIVKEY_WRAP: return "PRIVKEY_WRAP"; + case PDKIM_SIGN_PRIVKEY_B64D: return "PRIVKEY_B64D"; + default: return "(unknown)"; } } @@ -149,14 +163,12 @@ pdkim_verify_ext_status_str(int ext_status) /* -------------------------------------------------------------------------- */ /* Print debugging functions */ static void -pdkim_quoteprint(const char *data, int len) +pdkim_quoteprint(const uschar *data, int len) { int i; -const unsigned char *p = (const unsigned char *)data; - for (i = 0; i < len; i++) { - const int c = p[i]; + const int c = data[i]; switch (c) { case ' ' : debug_printf("{SP}"); break; @@ -177,210 +189,52 @@ debug_printf("\n"); } static void -pdkim_hexprint(const char *data, int len) +pdkim_hexprint(const uschar *data, int len) { int i; -const unsigned char *p = (const unsigned char *)data; - -for (i = 0 ; i < len; i++) - debug_printf("%02x", p[i]); +for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]); debug_printf("\n"); } -/* SSS probably want to keep the "stringlist" notion */ - static pdkim_stringlist * -pdkim_prepend_stringlist(pdkim_stringlist *base, char *str) +pdkim_prepend_stringlist(pdkim_stringlist * base, const uschar * str) { -pdkim_stringlist *new_entry = malloc(sizeof(pdkim_stringlist)); +pdkim_stringlist * new_entry = store_get(sizeof(pdkim_stringlist)); -if (!new_entry) return NULL; memset(new_entry, 0, sizeof(pdkim_stringlist)); -if (!(new_entry->value = strdup(str))) return NULL; -if (base) - { - pdkim_stringlist *last = base; - while (last->next != NULL) { last = last->next; } - last->next = new_entry; - return base; - } -else - return new_entry; -} - - -/* -------------------------------------------------------------------------- */ -/* A small "growing string" implementation to escape malloc/realloc hell */ -/* String package: should be replaced by Exim standard ones */ -/* SSS Ustrcpy */ - -static pdkim_str * -pdkim_strnew (const char *cstr) -{ -unsigned int len = cstr ? strlen(cstr) : 0; -pdkim_str *p = malloc(sizeof(pdkim_str)); - -if (!p) return NULL; -memset(p, 0, sizeof(pdkim_str)); -if (!(p->str = malloc(len+1))) - { - free(p); - return NULL; - } -p->allocated = len+1; -p->len = len; -if (cstr) - strcpy(p->str, cstr); -else - p->str[p->len] = '\0'; -return p; -} - - -/*SSS Ustrncat */ - -static char * -pdkim_strncat(pdkim_str *str, const char *data, int len) -{ -if ((str->allocated - str->len) < (len+1)) - { - /* Extend the buffer */ - int num_frags = ((len+1)/PDKIM_STR_ALLOC_FRAG)+1; - char *n = realloc(str->str, - (str->allocated+(num_frags*PDKIM_STR_ALLOC_FRAG))); - if (n == NULL) return NULL; - str->str = n; - str->allocated += (num_frags*PDKIM_STR_ALLOC_FRAG); - } -strncpy(&(str->str[str->len]), data, len); -str->len += len; -str->str[str->len] = '\0'; -return str->str; -} - - -/* SSS Ustrcat */ - -static char * -pdkim_strcat(pdkim_str *str, const char *cstr) -{ -return pdkim_strncat(str, cstr, strlen(cstr)); +new_entry->value = string_copy(str); +if (base) new_entry->next = base; +return new_entry; } /* Trim whitespace fore & aft */ -static char * -pdkim_strtrim(pdkim_str *str) +static void +pdkim_strtrim(uschar * str) { -char *p = str->str; -char *q = str->str; +uschar * p = str; +uschar * q = str; while (*p == '\t' || *p == ' ') p++; /* skip whitespace */ while (*p) {*q = *p; q++; p++;} /* dump the leading whitespace */ *q = '\0'; -while (q != str->str && ( (*q == '\0') || (*q == '\t') || (*q == ' ') ) ) +while (q != str && ( (*q == '\0') || (*q == '\t') || (*q == ' ') ) ) { /* dump trailing whitespace */ *q = '\0'; q--; } -str->len = strlen(str->str); -return str->str; -} - - - -static char * -pdkim_strclear(pdkim_str *str) -{ -str->str[0] = '\0'; -str->len = 0; -return str->str; -} - - - -static void -pdkim_strfree(pdkim_str *str) -{ -if (!str) return; -if (str->str) free(str->str); -free(str); } -static void -pdkim_stringlist_free(pdkim_stringlist * e) -{ -while(e) - { - pdkim_stringlist * c = e; - if (e->value) free(e->value); - e = e->next; - free(c); - } -} - - - -/* -------------------------------------------------------------------------- */ - -static void -pdkim_free_pubkey(pdkim_pubkey *pub) -{ -if (pub) - { - if (pub->version ) free(pub->version); - if (pub->granularity) free(pub->granularity); - if (pub->hashes ) free(pub->hashes); - if (pub->keytype ) free(pub->keytype); - if (pub->srvtype ) free(pub->srvtype); - if (pub->notes ) free(pub->notes); - free(pub); - } -} - - -/* -------------------------------------------------------------------------- */ - -static void -pdkim_free_sig(pdkim_signature *sig) -{ -if (sig) - { - pdkim_signature *next = (pdkim_signature *)sig->next; - - pdkim_stringlist_free(sig->headers); - if (sig->selector ) free(sig->selector); - if (sig->domain ) free(sig->domain); - if (sig->identity ) free(sig->identity); - if (sig->copiedheaders ) free(sig->copiedheaders); - if (sig->rsa_privkey ) free(sig->rsa_privkey); - if (sig->sign_headers ) free(sig->sign_headers); - if (sig->signature_header) free(sig->signature_header); - - if (sig->pubkey) pdkim_free_pubkey(sig->pubkey); - - free(sig); - if (next) pdkim_free_sig(next); - } -} - /* -------------------------------------------------------------------------- */ DLLEXPORT void pdkim_free_ctx(pdkim_ctx *ctx) { -if (ctx) - { - pdkim_stringlist_free(ctx->headers); - pdkim_free_sig(ctx->sig); - pdkim_strfree(ctx->cur_header); - free(ctx); - } } @@ -391,81 +245,59 @@ if (ctx) /*XXX might be safer done using a pdkim_stringlist for "tick" */ static int -header_name_match(const char * header, char * tick) +header_name_match(const uschar * header, uschar * tick) { -char *hname; -char *lcopy; -char *p; -char *q; -int rc = PDKIM_FAIL; - -/* Get header name */ -char *hcolon = strchr(header, ':'); +uschar * hname; +uschar * lcopy; +uschar * p; +uschar * q; +uschar * hcolon = Ustrchr(header, ':'); /* Get header name */ -if (!hcolon) return rc; /* This isn't a header */ +if (!hcolon) + return PDKIM_FAIL; /* This isn't a header */ -if (!(hname = malloc((hcolon-header)+1))) - return PDKIM_ERR_OOM; -memset(hname, 0, (hcolon-header)+1); -strncpy(hname, header, (hcolon-header)); +/* if we had strncmpic() we wouldn't need this copy */ +hname = string_copyn(header, hcolon-header); /* Copy tick-off list locally, so we can punch zeroes into it */ -if (!(lcopy = strdup(tick))) - { - free(hname); - return PDKIM_ERR_OOM; - } -p = lcopy; -q = strchr(p, ':'); -while (q) +p = lcopy = string_copy(tick); + +for (q = Ustrchr(p, ':'); q; q = Ustrchr(p, ':')) { *q = '\0'; - - if (strcasecmp(p, hname) == 0) - { - rc = PDKIM_OK; - /* Invalidate header name instance in tick-off list */ - tick[p-lcopy] = '_'; - goto BAIL; - } + if (strcmpic(p, hname) == 0) + goto found; p = q+1; - q = strchr(p, ':'); } -if (strcasecmp(p, hname) == 0) - { - rc = PDKIM_OK; +if (strcmpic(p, hname) == 0) + goto found; + +return PDKIM_FAIL; + +found: /* Invalidate header name instance in tick-off list */ tick[p-lcopy] = '_'; - } - -BAIL: -free(hname); -free(lcopy); -return rc; + return PDKIM_OK; } /* -------------------------------------------------------------------------- */ -/* Performs "relaxed" canonicalization of a header. The returned pointer needs - to be free()d. */ +/* Performs "relaxed" canonicalization of a header. */ -static char * -pdkim_relax_header (char *header, int crlf) +static uschar * +pdkim_relax_header(const uschar * header, int crlf) { BOOL past_field_name = FALSE; BOOL seen_wsp = FALSE; -char *p; -char *q; -char *relaxed = malloc(strlen(header)+3); +const uschar * p; +uschar * relaxed = store_get(Ustrlen(header)+3); +uschar * q = relaxed; -if (!relaxed) return NULL; - -q = relaxed; -for (p = header; *p != '\0'; p++) +for (p = header; *p; p++) { - int c = *p; + uschar c = *p; /* Ignore CR & LF */ if (c == '\r' || c == '\n') continue; @@ -492,9 +324,9 @@ for (p = header; *p != '\0'; p++) } if (q > relaxed && q[-1] == ' ') q--; /* Squash eventual trailing SP */ -*q = '\0'; -if (crlf) strcat(relaxed, "\r\n"); +if (crlf) { *q++ = '\r'; *q++ = '\n'; } +*q = '\0'; return relaxed; } @@ -502,10 +334,10 @@ return relaxed; /* -------------------------------------------------------------------------- */ #define PDKIM_QP_ERROR_DECODE -1 -static char * -pdkim_decode_qp_char(char *qp_p, int *c) +static uschar * +pdkim_decode_qp_char(uschar *qp_p, int *c) { -char *initial_pos = qp_p; +uschar *initial_pos = qp_p; /* Advance one char */ qp_p++; @@ -527,19 +359,17 @@ return initial_pos; /* -------------------------------------------------------------------------- */ -static char * -pdkim_decode_qp(char *str) +static uschar * +pdkim_decode_qp(uschar * str) { int nchar = 0; -char *q; -char *p = str; -char *n = malloc(strlen(p)+1); - -if (!n) return NULL; +uschar * q; +uschar * p = str; +uschar * n = store_get(Ustrlen(str)+1); *n = '\0'; q = n; -while (*p != '\0') +while (*p) { if (*p == '=') { @@ -565,24 +395,15 @@ static void pdkim_decode_base64(uschar *str, blob * b) { int dlen; -char *res; dlen = b64decode(str, &b->data); if (dlen < 0) b->data = NULL; b->len = dlen; } -/* -------------------------------------------------------------------------- */ - -static char * +static uschar * pdkim_encode_base64(blob * b) { -char * ret; -int old_pool = store_pool; - -store_pool = POOL_PERM; -ret = CS b64encode(b->data, b->len); -store_pool = old_pool; -return ret; +return b64encode(b->data, b->len); } @@ -592,35 +413,26 @@ return ret; #define PDKIM_HDR_VALUE 2 static pdkim_signature * -pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) +pdkim_parse_sig_header(pdkim_ctx *ctx, uschar * raw_hdr) { pdkim_signature *sig ; -char *p, *q; -pdkim_str *cur_tag = NULL; -pdkim_str *cur_val = NULL; +uschar *p, *q; +uschar * cur_tag = NULL; int ts = 0, tl = 0; +uschar * cur_val = NULL; int vs = 0, vl = 0; BOOL past_hname = FALSE; BOOL in_b_val = FALSE; int where = PDKIM_HDR_LIMBO; int i; -int old_pool = store_pool; - -/* There is a store-reset between header & body reception -so cannot use the main pool. Any allocs done by Exim -memory-handling must use the perm pool. */ - -store_pool = POOL_PERM; -if (!(sig = malloc(sizeof(pdkim_signature)))) return NULL; +sig = store_get(sizeof(pdkim_signature)); memset(sig, 0, sizeof(pdkim_signature)); sig->bodylength = -1; -if (!(sig->rawsig_no_b_val = malloc(strlen(raw_hdr)+1))) - { - free(sig); - return NULL; - } +/* Set so invalid/missing data error display is accurate */ +sig->algo = -1; +sig->version = 0; -q = sig->rawsig_no_b_val; +q = sig->rawsig_no_b_val = store_get(Ustrlen(raw_hdr)+1); for (p = raw_hdr; ; p++) { @@ -648,17 +460,15 @@ for (p = raw_hdr; ; p++) if (where == PDKIM_HDR_TAG) { - if (!cur_tag) - cur_tag = pdkim_strnew(NULL); - if (c >= 'a' && c <= 'z') - pdkim_strncat(cur_tag, p, 1); + cur_tag = string_catn(cur_tag, &ts, &tl, p, 1); if (c == '=') { - if (strcmp(cur_tag->str, "b") == 0) + cur_tag[tl] = '\0'; + if (Ustrcmp(cur_tag, "b") == 0) { - *q = '='; q++; + *q++ = '='; in_b_val = TRUE; } where = PDKIM_HDR_VALUE; @@ -668,37 +478,35 @@ for (p = raw_hdr; ; p++) if (where == PDKIM_HDR_VALUE) { - if (!cur_val) - cur_val = pdkim_strnew(NULL); - if (c == '\r' || c == '\n' || c == ' ' || c == '\t') goto NEXT_CHAR; if (c == ';' || c == '\0') { - if (cur_tag->len > 0) + if (tl && vl) { + cur_val[vl] = '\0'; pdkim_strtrim(cur_val); - DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->str, cur_val->str); + DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag, cur_val); - switch (cur_tag->str[0]) + switch (*cur_tag) { case 'b': - if (cur_tag->str[1] == 'h') - pdkim_decode_base64(US cur_val->str, &sig->bodyhash); + if (cur_tag[1] == 'h') + pdkim_decode_base64(cur_val, &sig->bodyhash); else - pdkim_decode_base64(US cur_val->str, &sig->sigdata); + pdkim_decode_base64(cur_val, &sig->sigdata); break; case 'v': /* We only support version 1, and that is currently the only version there is. */ - if (strcmp(cur_val->str, PDKIM_SIGNATURE_VERSION) == 0) - sig->version = 1; + sig->version = + Ustrcmp(cur_val, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1; break; case 'a': for (i = 0; pdkim_algos[i]; i++) - if (strcmp(cur_val->str, pdkim_algos[i]) == 0) + if (Ustrcmp(cur_val, pdkim_algos[i]) == 0) { sig->algo = i; break; @@ -706,7 +514,7 @@ for (p = raw_hdr; ; p++) break; case 'c': for (i = 0; pdkim_combined_canons[i].str; i++) - if (strcmp(cur_val->str, pdkim_combined_canons[i].str) == 0) + if (Ustrcmp(cur_val, pdkim_combined_canons[i].str) == 0) { sig->canon_headers = pdkim_combined_canons[i].canon_headers; sig->canon_body = pdkim_combined_canons[i].canon_body; @@ -715,40 +523,40 @@ for (p = raw_hdr; ; p++) break; case 'q': for (i = 0; pdkim_querymethods[i]; i++) - if (strcmp(cur_val->str, pdkim_querymethods[i]) == 0) + if (Ustrcmp(cur_val, pdkim_querymethods[i]) == 0) { sig->querymethod = i; break; } break; case 's': - sig->selector = strdup(cur_val->str); break; + sig->selector = string_copy(cur_val); break; case 'd': - sig->domain = strdup(cur_val->str); break; + sig->domain = string_copy(cur_val); break; case 'i': - sig->identity = pdkim_decode_qp(cur_val->str); break; + sig->identity = pdkim_decode_qp(cur_val); break; case 't': - sig->created = strtoul(cur_val->str, NULL, 10); break; + sig->created = strtoul(CS cur_val, NULL, 10); break; case 'x': - sig->expires = strtoul(cur_val->str, NULL, 10); break; + sig->expires = strtoul(CS cur_val, NULL, 10); break; case 'l': - sig->bodylength = strtol(cur_val->str, NULL, 10); break; + sig->bodylength = strtol(CS cur_val, NULL, 10); break; case 'h': - sig->headernames = string_copy(cur_val->str); break; + sig->headernames = string_copy(cur_val); break; case 'z': - sig->copiedheaders = pdkim_decode_qp(cur_val->str); break; + sig->copiedheaders = pdkim_decode_qp(cur_val); break; default: DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break; } } - pdkim_strclear(cur_tag); - pdkim_strclear(cur_val); + tl = 0; + vl = 0; in_b_val = FALSE; where = PDKIM_HDR_LIMBO; } else - pdkim_strncat(cur_val, p, 1); + cur_val = string_catn(cur_val, &vs, &vl, p, 1); } NEXT_CHAR: @@ -759,36 +567,23 @@ NEXT_CHAR: *q++ = c; } -store_pool = old_pool; - -/* Make sure the most important bits are there. */ -if (!(sig->domain && (*(sig->domain) != '\0') && - sig->selector && (*(sig->selector) != '\0') && - sig->headernames && (*(sig->headernames) != '\0') && - sig->version)) - { - pdkim_free_sig(sig); - return NULL; - } - *q = '\0'; /* Chomp raw header. The final newline must not be added to the signature. */ -q--; -while (q > sig->rawsig_no_b_val && (*q == '\r' || *q == '\n')) - *q = '\0'; q--; /*XXX questionable code layout; possible bug */ +while (--q > sig->rawsig_no_b_val && (*q == '\r' || *q == '\n')) + *q = '\0'; DEBUG(D_acl) { debug_printf( "PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - pdkim_quoteprint(sig->rawsig_no_b_val, strlen(sig->rawsig_no_b_val)); + pdkim_quoteprint(US sig->rawsig_no_b_val, Ustrlen(sig->rawsig_no_b_val)); debug_printf( - "PDKIM >> Sig size: %4d bits\n", sig->sigdata.len*8); + "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sigdata.len*8); debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } -exim_sha_init(&sig->body_hash, sig->algo == PDKIM_ALGO_RSA_SHA1); +exim_sha_init(&sig->body_hash, sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256); return sig; } @@ -796,15 +591,15 @@ return sig; /* -------------------------------------------------------------------------- */ static pdkim_pubkey * -pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) +pdkim_parse_pubkey_record(pdkim_ctx *ctx, const uschar *raw_record) { pdkim_pubkey *pub; -char *p; -pdkim_str *cur_tag = NULL; -pdkim_str *cur_val = NULL; +const uschar *p; +uschar * cur_tag = NULL; int ts = 0, tl = 0; +uschar * cur_val = NULL; int vs = 0, vl = 0; int where = PDKIM_HDR_LIMBO; -if (!(pub = malloc(sizeof(pdkim_pubkey)))) return NULL; +pub = store_get(sizeof(pdkim_pubkey)); memset(pub, 0, sizeof(pdkim_pubkey)); for (p = raw_record; ; p++) @@ -826,14 +621,12 @@ for (p = raw_record; ; p++) if (where == PDKIM_HDR_TAG) { - if (!cur_tag) - cur_tag = pdkim_strnew(NULL); - if (c >= 'a' && c <= 'z') - pdkim_strncat(cur_tag, p, 1); + cur_tag = string_catn(cur_tag, &ts, &tl, p, 1); if (c == '=') { + cur_tag[tl] = '\0'; where = PDKIM_HDR_VALUE; goto NEXT_CHAR; } @@ -841,20 +634,15 @@ for (p = raw_record; ; p++) if (where == PDKIM_HDR_VALUE) { - if (!cur_val) - cur_val = pdkim_strnew(NULL); - - if (c == '\r' || c == '\n') - goto NEXT_CHAR; - if (c == ';' || c == '\0') { - if (cur_tag->len > 0) + if (tl && vl) { + cur_val[vl] = '\0'; pdkim_strtrim(cur_val); - DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->str, cur_val->str); + DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag, cur_val); - switch (cur_tag->str[0]) + switch (cur_tag[0]) { case 'v': /* This tag isn't evaluated because: @@ -863,33 +651,32 @@ for (p = raw_record; ; p++) - Other versions are currently not specified. */ break; case 'h': - pub->hashes = strdup(cur_val->str); break; + case 'k': + pub->hashes = string_copy(cur_val); break; case 'g': - pub->granularity = strdup(cur_val->str); break; + pub->granularity = string_copy(cur_val); break; case 'n': - pub->notes = pdkim_decode_qp(cur_val->str); break; + pub->notes = pdkim_decode_qp(cur_val); break; case 'p': - pdkim_decode_base64(US cur_val->str, &pub->key); + pdkim_decode_base64(US cur_val, &pub->key); break; - case 'k': - pub->hashes = strdup(cur_val->str); break; case 's': - pub->srvtype = strdup(cur_val->str); break; + pub->srvtype = string_copy(cur_val); break; case 't': - if (strchr(cur_val->str, 'y') != NULL) pub->testing = 1; - if (strchr(cur_val->str, 's') != NULL) pub->no_subdomaining = 1; + if (Ustrchr(cur_val, 'y') != NULL) pub->testing = 1; + if (Ustrchr(cur_val, 's') != NULL) pub->no_subdomaining = 1; break; default: DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break; } } - pdkim_strclear(cur_tag); - pdkim_strclear(cur_val); + tl = 0; + vl = 0; where = PDKIM_HDR_LIMBO; } else - pdkim_strncat(cur_val, p, 1); + cur_val = string_catn(cur_val, &vs, &vl, p, 1); } NEXT_CHAR: @@ -897,16 +684,15 @@ NEXT_CHAR: } /* Set fallback defaults */ -if (!pub->version ) pub->version = strdup(PDKIM_PUB_RECORD_VERSION); -if (!pub->granularity) pub->granularity = strdup("*"); -if (!pub->keytype ) pub->keytype = strdup("rsa"); -if (!pub->srvtype ) pub->srvtype = strdup("*"); +if (!pub->version ) pub->version = string_copy(PDKIM_PUB_RECORD_VERSION); +if (!pub->granularity) pub->granularity = string_copy(US"*"); +if (!pub->keytype ) pub->keytype = string_copy(US"rsa"); +if (!pub->srvtype ) pub->srvtype = string_copy(US"*"); /* p= is required */ if (pub->key.data) return pub; -pdkim_free_pubkey(pub); return NULL; } @@ -918,15 +704,15 @@ pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) { pdkim_signature *sig = ctx->sig; /* Cache relaxed version of data */ -char *relaxed_data = NULL; -int relaxed_len = 0; +uschar *relaxed_data = NULL; +int relaxed_len = 0; /* Traverse all signatures, updating their hashes. */ while (sig) { /* Defaults to simple canon (no further treatment necessary) */ - const char *canon_data = data; - int canon_len = len; + const uschar *canon_data = CUS data; + int canon_len = len; if (sig->canon_body == PDKIM_CANON_RELAXED) { @@ -937,8 +723,12 @@ while (sig) const char *p; int q = 0; - if (!(relaxed_data = malloc(len+1))) - return PDKIM_ERR_OOM; + /* We want to be able to free this else we allocate + for the entire message which could be many MB. Since + we don't know what allocations the SHA routines might + do, not safe to use store_get()/store_reset(). */ + + relaxed_data = store_malloc(len+1); for (p = data; *p; p++) { @@ -974,7 +764,7 @@ while (sig) if (canon_len > 0) { - exim_sha_update(&sig->body_hash, canon_data, canon_len); + exim_sha_update(&sig->body_hash, CUS canon_data, canon_len); sig->signed_body_bytes += canon_len; DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len); } @@ -982,14 +772,14 @@ while (sig) sig = sig->next; } -if (relaxed_data) free(relaxed_data); +if (relaxed_data) store_free(relaxed_data); return PDKIM_OK; } /* -------------------------------------------------------------------------- */ -static int +static void pdkim_finish_bodyhash(pdkim_ctx *ctx) { pdkim_signature *sig; @@ -1006,11 +796,11 @@ for (sig = ctx->sig; sig; sig = sig->next) debug_printf("PDKIM [%s] Body bytes hashed: %lu\n" "PDKIM [%s] bh computed: ", sig->domain, sig->signed_body_bytes, sig->domain); - pdkim_hexprint(CS bh.data, bh.len); + pdkim_hexprint(CUS bh.data, bh.len); } /* SIGNING -------------------------------------------------------------- */ - if (ctx->mode == PDKIM_MODE_SIGN) + if (ctx->flags & PDKIM_MODE_SIGN) { sig->bodyhash = bh; @@ -1042,14 +832,36 @@ for (sig = ctx->sig; sig; sig = sig->next) } } } +} + + + +static int +pdkim_body_complete(pdkim_ctx * ctx) +{ +pdkim_signature * sig = ctx->sig; /*XXX assumes only one sig */ + +/* In simple body mode, if any empty lines were buffered, +replace with one. rfc 4871 3.4.3 */ +/*XXX checking the signed-body-bytes is a gross hack; I think +it indicates that all linebreaks should be buffered, including +the one terminating a text line */ + +if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE + && sig->signed_body_bytes == 0 + && ctx->num_buffered_crlf > 0 + ) + pdkim_update_bodyhash(ctx, "\r\n", 2); +ctx->flags |= PDKIM_SEEN_EOD; +ctx->linebuf_offset = 0; return PDKIM_OK; } /* -------------------------------------------------------------------------- */ -/* Callback from pdkim_feed below for processing complete body lines */ +/* Call from pdkim_feed below for processing complete body lines */ static int pdkim_bodyline_complete(pdkim_ctx *ctx) @@ -1059,33 +871,23 @@ int n = ctx->linebuf_offset; pdkim_signature *sig = ctx->sig; /*XXX assumes only one sig */ /* Ignore extra data if we've seen the end-of-data marker */ -if (ctx->seen_eod) goto BAIL; +if (ctx->flags & PDKIM_SEEN_EOD) goto BAIL; /* We've always got one extra byte to stuff a zero ... */ ctx->linebuf[ctx->linebuf_offset] = '\0'; /* Terminate on EOD marker */ -if (memcmp(p, ".\r\n", 3) == 0) +if (ctx->flags & PDKIM_DOT_TERM) { - /* In simple body mode, if any empty lines were buffered, - replace with one. rfc 4871 3.4.3 */ - /*XXX checking the signed-body-bytes is a gross hack; I think - it indicates that all linebreaks should be buffered, including - the one terminating a text line */ - if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE - && sig->signed_body_bytes == 0 - && ctx->num_buffered_crlf > 0 - ) - pdkim_update_bodyhash(ctx, "\r\n", 2); + if ( memcmp(p, ".\r\n", 3) == 0) + return pdkim_body_complete(ctx); - ctx->seen_eod = TRUE; - goto BAIL; - } -/* Unstuff dots */ -if (memcmp(p, "..", 2) == 0) - { - p++; - n--; + /* Unstuff dots */ + if (memcmp(p, "..", 2) == 0) + { + p++; + n--; + } } /* Empty lines need to be buffered until we find a non-empty line */ @@ -1136,42 +938,33 @@ static int pdkim_header_complete(pdkim_ctx *ctx) { /* Special case: The last header can have an extra \r appended */ -if ( (ctx->cur_header->len > 1) && - (ctx->cur_header->str[(ctx->cur_header->len)-1] == '\r') ) - { - ctx->cur_header->str[(ctx->cur_header->len)-1] = '\0'; - ctx->cur_header->len--; - } +if ( (ctx->cur_header_len > 1) && + (ctx->cur_header[(ctx->cur_header_len)-1] == '\r') ) + --ctx->cur_header_len; +ctx->cur_header[ctx->cur_header_len] = '\0'; ctx->num_headers++; if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL; /* SIGNING -------------------------------------------------------------- */ -if (ctx->mode == PDKIM_MODE_SIGN) +if (ctx->flags & PDKIM_MODE_SIGN) { pdkim_signature *sig; for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */ - if (header_name_match(ctx->cur_header->str, - sig->sign_headers) == PDKIM_OK) - { - pdkim_stringlist *list; - /* Add header to the signed headers list (in reverse order) */ - if (!(list = pdkim_prepend_stringlist(sig->headers, - ctx->cur_header->str))) - return PDKIM_ERR_OOM; - sig->headers = list; - } + /* Add header to the signed headers list (in reverse order) */ + sig->headers = pdkim_prepend_stringlist(sig->headers, + ctx->cur_header); } /* VERIFICATION ----------------------------------------------------------- */ /* DKIM-Signature: headers are added to the verification list */ -if (ctx->mode == PDKIM_MODE_VERIFY) +else { - if (strncasecmp(ctx->cur_header->str, + if (strncasecmp(CCS ctx->cur_header, DKIM_SIGNATURE_HEADERNAME, - strlen(DKIM_SIGNATURE_HEADERNAME)) == 0) + Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0) { pdkim_signature *new_sig; @@ -1179,7 +972,7 @@ if (ctx->mode == PDKIM_MODE_VERIFY) DEBUG(D_acl) debug_printf( "PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header->str))) + if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header))) { pdkim_signature *last_sig = ctx->sig; if (!last_sig) @@ -1198,17 +991,12 @@ if (ctx->mode == PDKIM_MODE_VERIFY) /* every other header is stored for signature verification */ else - { - pdkim_stringlist *list; - - if (!(list = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header->str))) - return PDKIM_ERR_OOM; - ctx->headers = list; - } + ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header); } BAIL: -pdkim_strclear(ctx->cur_header); /* Re-use existing pdkim_str */ +*ctx->cur_header = '\0'; +ctx->cur_header_len = 0; /* leave buffer for reuse */ return PDKIM_OK; } @@ -1218,15 +1006,19 @@ return PDKIM_OK; #define HEADER_BUFFER_FRAG_SIZE 256 DLLEXPORT int -pdkim_feed (pdkim_ctx *ctx, char *data, int len) +pdkim_feed(pdkim_ctx *ctx, char *data, int len) { int p; -for (p = 0; p<len; p++) +/* Alternate EOD signal, used in non-dotstuffing mode */ +if (!data) + pdkim_body_complete(ctx); + +else for (p = 0; p<len; p++) { - char c = data[p]; + uschar c = data[p]; - if (ctx->past_headers) + if (ctx->flags & PDKIM_PAST_HDRS) { /* Processing body byte */ ctx->linebuf[ctx->linebuf_offset++] = c; @@ -1245,51 +1037,61 @@ for (p = 0; p<len; p++) { if (c == '\n') { - if (ctx->seen_lf) + if (ctx->flags & PDKIM_SEEN_LF) { int rc = pdkim_header_complete(ctx); /* Seen last header line */ if (rc != PDKIM_OK) return rc; - ctx->past_headers = TRUE; - ctx->seen_lf = 0; + ctx->flags = ctx->flags & ~PDKIM_SEEN_LF | PDKIM_PAST_HDRS; DEBUG(D_acl) debug_printf( "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>\n"); continue; } else - ctx->seen_lf = TRUE; + ctx->flags |= PDKIM_SEEN_LF; } - else if (ctx->seen_lf) + else if (ctx->flags & PDKIM_SEEN_LF) { if (!(c == '\t' || c == ' ')) { int rc = pdkim_header_complete(ctx); /* End of header */ if (rc != PDKIM_OK) return rc; } - ctx->seen_lf = FALSE; + ctx->flags &= ~PDKIM_SEEN_LF; } } - if (!ctx->cur_header) - if (!(ctx->cur_header = pdkim_strnew(NULL))) - return PDKIM_ERR_OOM; - - if (ctx->cur_header->len < PDKIM_MAX_HEADER_LEN) - if (!pdkim_strncat(ctx->cur_header, &data[p], 1)) - return PDKIM_ERR_OOM; + if (ctx->cur_header_len < PDKIM_MAX_HEADER_LEN) + ctx->cur_header = string_catn(ctx->cur_header, &ctx->cur_header_size, + &ctx->cur_header_len, CUS &data[p], 1); } } return PDKIM_OK; } + + +/* Extend a grwong header with a continuation-linebreak */ +static uschar * +pdkim_hdr_cont(uschar * str, int * size, int * ptr, int * col) +{ +*col = 1; +return string_catn(str, size, ptr, US"\r\n\t", 3); +} + + + /* * RFC 5322 specifies that header line length SHOULD be no more than 78 * lets make it so! * pdkim_headcat - * returns char* + * + * returns uschar * (not nul-terminated) * * col: this int holds and receives column number (octets since last '\n') * str: partial string to append to + * size: current buffer size for str + * ptr: current tail-pointer for str * pad: padding, split line or space after before or after eg: ";" * intro: - must join to payload eg "h=", usually the tag name * payload: eg base64 data - long data can be split arbitrarily. @@ -1303,40 +1105,36 @@ return PDKIM_OK; * names longer than 78, or bogus col. Input is assumed to be free of line breaks. */ -static char * -pdkim_headcat(int *col, pdkim_str *str, const char * pad, - const char *intro, const char *payload) +static uschar * +pdkim_headcat(int * col, uschar * str, int * size, int * ptr, + const uschar * pad, const uschar * intro, const uschar * payload) { size_t l; if (pad) { - l = strlen(pad); + l = Ustrlen(pad); if (*col + l > 78) - { - pdkim_strcat(str, "\r\n\t"); - *col = 1; - } - pdkim_strncat(str, pad, l); + str = pdkim_hdr_cont(str, size, ptr, col); + str = string_catn(str, size, ptr, pad, l); *col += l; } -l = (pad?1:0) + (intro?strlen(intro):0); +l = (pad?1:0) + (intro?Ustrlen(intro):0); if (*col + l > 78) { /*can't fit intro - start a new line to make room.*/ - pdkim_strcat(str, "\r\n\t"); - *col = 1; - l = intro?strlen(intro):0; + str = pdkim_hdr_cont(str, size, ptr, col); + l = intro?Ustrlen(intro):0; } -l += payload ? strlen(payload):0 ; +l += payload ? Ustrlen(payload):0 ; while (l>77) { /* this fragment will not fit on a single line */ if (pad) { - pdkim_strcat(str, " "); + str = string_catn(str, size, ptr, US" ", 1); *col += 1; pad = NULL; /* only want this once */ l--; @@ -1344,9 +1142,9 @@ while (l>77) if (intro) { - size_t sl = strlen(intro); + size_t sl = Ustrlen(intro); - pdkim_strncat(str, intro, sl); + str = string_catn(str, size, ptr, intro, sl); *col += sl; l -= sl; intro = NULL; /* only want this once */ @@ -1354,39 +1152,37 @@ while (l>77) if (payload) { - size_t sl = strlen(payload); + size_t sl = Ustrlen(payload); size_t chomp = *col+sl < 77 ? sl : 78-*col; - pdkim_strncat(str, payload, chomp); + str = string_catn(str, size, ptr, payload, chomp); *col += chomp; payload += chomp; l -= chomp-1; } /* the while precondition tells us it didn't fit. */ - pdkim_strcat(str, "\r\n\t"); - *col = 1; + str = pdkim_hdr_cont(str, size, ptr, col); } if (*col + l > 78) { - pdkim_strcat(str, "\r\n\t"); - *col = 1; + str = pdkim_hdr_cont(str, size, ptr, col); pad = NULL; } if (pad) { - pdkim_strcat(str, " "); + str = string_catn(str, size, ptr, US" ", 1); *col += 1; pad = NULL; } if (intro) { - size_t sl = strlen(intro); + size_t sl = Ustrlen(intro); - pdkim_strncat(str, intro, sl); + str = string_catn(str, size, ptr, intro, sl); *col += sl; l -= sl; intro = NULL; @@ -1394,137 +1190,116 @@ if (intro) if (payload) { - size_t sl = strlen(payload); + size_t sl = Ustrlen(payload); - pdkim_strncat(str, payload, sl); + str = string_catn(str, size, ptr, payload, sl); *col += sl; } -return str->str; +return str; } /* -------------------------------------------------------------------------- */ -static char * +static uschar * pdkim_create_header(pdkim_signature *sig, BOOL final) { -char *rc = NULL; -char *base64_bh = NULL; -char *base64_b = NULL; +uschar * base64_bh; +uschar * base64_b; int col = 0; -pdkim_str *hdr; -pdkim_str *canon_all; - -if (!(hdr = pdkim_strnew("DKIM-Signature: v="PDKIM_SIGNATURE_VERSION))) - return NULL; +uschar * hdr; int hdr_size = 0, hdr_len = 0; +uschar * canon_all; int can_size = 0, can_len = 0; -if (!(canon_all = pdkim_strnew(pdkim_canons[sig->canon_headers]))) - goto BAIL; - -if (!(base64_bh = pdkim_encode_base64(&sig->bodyhash))) - goto BAIL; +canon_all = string_cat (NULL, &can_size, &can_len, + pdkim_canons[sig->canon_headers]); +canon_all = string_catn(canon_all, &can_size, &can_len, US"/", 1); +canon_all = string_cat (canon_all, &can_size, &can_len, + pdkim_canons[sig->canon_body]); +canon_all[can_len] = '\0'; -col = strlen(hdr->str); +hdr = string_cat(NULL, &hdr_size, &hdr_len, + US"DKIM-Signature: v="PDKIM_SIGNATURE_VERSION); +col = hdr_len; /* Required and static bits */ -if ( pdkim_headcat(&col, hdr, ";", "a=", pdkim_algos[sig->algo]) - && pdkim_headcat(&col, hdr, ";", "q=", pdkim_querymethods[sig->querymethod]) - && pdkim_strcat(canon_all, "/") - && pdkim_strcat(canon_all, pdkim_canons[sig->canon_body]) - && pdkim_headcat(&col, hdr, ";", "c=", canon_all->str) - && pdkim_headcat(&col, hdr, ";", "d=", sig->domain) - && pdkim_headcat(&col, hdr, ";", "s=", sig->selector) - ) +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"a=", + pdkim_algos[sig->algo]); +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"q=", + pdkim_querymethods[sig->querymethod]); +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"c=", + canon_all); +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"d=", + sig->domain); +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"s=", + sig->selector); + +/* list of header names can be split between items. */ { - /* list of header names can be split between items. */ - { - char *n = CS string_copy(sig->headernames); - char *f = n; - char *i = "h="; - char *s = ";"; + uschar * n = string_copy(sig->headernames); + uschar * i = US"h="; + uschar * s = US";"; - if (!n) goto BAIL; - while (*n) - { - char *c = strchr(n, ':'); + while (*n) + { + uschar * c = Ustrchr(n, ':'); - if (c) *c ='\0'; + if (c) *c ='\0'; - if (!i) - if (!pdkim_headcat(&col, hdr, NULL, NULL, ":")) - goto BAIL; + if (!i) + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, NULL, NULL, US":"); - if (!pdkim_headcat(&col, hdr, s, i, n)) - goto BAIL; + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, s, i, n); - if (!c) - break; + if (!c) + break; - n = c+1; - s = NULL; - i = NULL; - } + n = c+1; + s = NULL; + i = NULL; } + } - if(!pdkim_headcat(&col, hdr, ";", "bh=", base64_bh)) - goto BAIL; - - /* Optional bits */ - if (sig->identity) - if(!pdkim_headcat(&col, hdr, ";", "i=", sig->identity)) - goto BAIL; +base64_bh = pdkim_encode_base64(&sig->bodyhash); +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"bh=", base64_bh); - if (sig->created > 0) - { - char minibuf[20]; +/* Optional bits */ +if (sig->identity) + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"i=", sig->identity); - snprintf(minibuf, 20, "%lu", sig->created); - if(!pdkim_headcat(&col, hdr, ";", "t=", minibuf)) - goto BAIL; - } - - if (sig->expires > 0) - { - char minibuf[20]; +if (sig->created > 0) + { + uschar minibuf[20]; - snprintf(minibuf, 20, "%lu", sig->expires); - if(!pdkim_headcat(&col, hdr, ";", "x=", minibuf)) - goto BAIL; - } + snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->created); + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"t=", minibuf); +} - if (sig->bodylength >= 0) - { - char minibuf[20]; +if (sig->expires > 0) + { + uschar minibuf[20]; - snprintf(minibuf, 20, "%lu", sig->bodylength); - if(!pdkim_headcat(&col, hdr, ";", "l=", minibuf)) - goto BAIL; - } + snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->expires); + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"x=", minibuf); + } - /* Preliminary or final version? */ - if (final) - { - if (!(base64_b = pdkim_encode_base64(&sig->sigdata))) - goto BAIL; - if (!pdkim_headcat(&col, hdr, ";", "b=", base64_b)) - goto BAIL; - } - else - if(!pdkim_headcat(&col, hdr, ";", "b=", "")) - goto BAIL; +if (sig->bodylength >= 0) + { + uschar minibuf[20]; - /* add trailing semicolon: I'm not sure if this is actually needed */ - if (!pdkim_headcat(&col, hdr, NULL, ";", "")) - goto BAIL; + snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->bodylength); + hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"l=", minibuf); } -rc = strdup(hdr->str); +/* Preliminary or final version? */ +base64_b = final ? pdkim_encode_base64(&sig->sigdata) : US""; +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"b=", base64_b); -BAIL: -pdkim_strfree(hdr); -if (canon_all) pdkim_strfree(canon_all); -return rc; +/* add trailing semicolon: I'm not sure if this is actually needed */ +hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, NULL, US";", US""); + +hdr[hdr_len] = '\0'; +return hdr; } @@ -1534,12 +1309,11 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures) { pdkim_signature *sig = ctx->sig; -pdkim_str *headernames = NULL; /* Collected signed header names */ /* Check if we must still flush a (partial) header. If that is the case, the message has no body, and we must compute a body hash out of '<CR><LF>' */ -if (ctx->cur_header && ctx->cur_header->len) +if (ctx->cur_header && ctx->cur_header_len) { int rc = pdkim_header_complete(ctx); if (rc != PDKIM_OK) return rc; @@ -1550,20 +1324,13 @@ else "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); /* Build (and/or evaluate) body hash */ -if (pdkim_finish_bodyhash(ctx) != PDKIM_OK) - return PDKIM_ERR_OOM; - -/* SIGNING -------------------------------------------------------------- */ -if (ctx->mode == PDKIM_MODE_SIGN) - if (!(headernames = pdkim_strnew(NULL))) - return PDKIM_ERR_OOM; -/* ---------------------------------------------------------------------- */ +pdkim_finish_bodyhash(ctx); while (sig) { BOOL is_sha1 = sig->algo == PDKIM_ALGO_RSA_SHA1; hctx hhash_ctx; - char * sig_hdr; + uschar * sig_hdr = US""; blob hhash; blob hdata; int hdata_alloc = 0; @@ -1571,7 +1338,7 @@ while (sig) hdata.data = NULL; hdata.len = 0; - exim_sha_init(&hhash_ctx, is_sha1); + exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256); DEBUG(D_acl) debug_printf( "PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>\n"); @@ -1582,48 +1349,54 @@ while (sig) Then append to that list any remaining header names for which there was no header to sign. */ - if (ctx->mode == PDKIM_MODE_SIGN) + if (ctx->flags & PDKIM_MODE_SIGN) { + uschar * headernames = NULL; /* Collected signed header names */ + int hs = 0, hl = 0; pdkim_stringlist *p; const uschar * l; uschar * s; int sep = 0; for (p = sig->headers; p; p = p->next) - { - uschar * rh; - /* Collect header names (Note: colon presence is guaranteed here) */ - uschar * q = Ustrchr(p->value, ':'); + if (header_name_match(p->value, sig->sign_headers) == PDKIM_OK) + { + uschar * rh; + /* Collect header names (Note: colon presence is guaranteed here) */ + uschar * q = Ustrchr(p->value, ':'); - if (!(pdkim_strncat(headernames, p->value, - (q - US p->value) + (p->next ? 1 : 0)))) - return PDKIM_ERR_OOM; + headernames = string_catn(headernames, &hs, &hl, + p->value, (q - US p->value) + (p->next ? 1 : 0)); - rh = sig->canon_headers == PDKIM_CANON_RELAXED - ? US pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */ - : string_copy(p->value); /* just copy it for simple canon */ - if (!rh) - return PDKIM_ERR_OOM; + rh = sig->canon_headers == PDKIM_CANON_RELAXED + ? pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */ + : string_copy(CUS p->value); /* just copy it for simple canon */ - /* Feed header to the hash algorithm */ - exim_sha_update(&hhash_ctx, rh, strlen(rh)); + /* Feed header to the hash algorithm */ + exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh)); - /* Remember headers block for signing (when the library cannot do incremental) */ - (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh); + /* Remember headers block for signing (when the library cannot do incremental) */ + (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh); - DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh)); - } + DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh)); + } - l = US sig->sign_headers; + l = sig->sign_headers; while((s = string_nextinlist(&l, &sep, NULL, 0))) if (*s != '_') - { - if (headernames->len > 0) - if (!(pdkim_strncat(headernames, ":", 1))) - return PDKIM_ERR_OOM; - if (!(pdkim_strncat(headernames, CS s, Ustrlen(s)))) - return PDKIM_ERR_OOM; + { /*SSS string_append_listele() */ + if (hl > 0 && headernames[hl-1] != ':') + headernames = string_catn(headernames, &hs, &hl, US":", 1); + + headernames = string_cat(headernames, &hs, &hl, s); } + headernames[hl] = '\0'; + + /* Copy headernames to signature struct */ + sig->headernames = headernames; + + /* Create signature header with b= omitted */ + sig_hdr = pdkim_create_header(sig, FALSE); } /* VERIFICATION ----------------------------------------------------------- */ @@ -1631,91 +1404,69 @@ while (sig) add the headers to the hash in that order. */ else { - uschar * b = string_copy(sig->headernames); - uschar * p = b; + uschar * p = sig->headernames; uschar * q; pdkim_stringlist * hdrs; - if (!b) return PDKIM_ERR_OOM; - - /* clear tags */ - for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next) - hdrs->tag = 0; - - while(1) + if (p) { - if ((q = Ustrchr(p, ':'))) - *q = '\0'; - + /* clear tags */ for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next) - if ( hdrs->tag == 0 - && strncasecmp(hdrs->value, CS p, Ustrlen(p)) == 0 - && (hdrs->value)[Ustrlen(p)] == ':' - ) - { - uschar * rh = sig->canon_headers == PDKIM_CANON_RELAXED - ? US pdkim_relax_header(hdrs->value, 1) /* cook header for relaxed canon */ - : string_copy(hdrs->value); /* just copy it for simple canon */ - if (!rh) - return PDKIM_ERR_OOM; - - /* Feed header to the hash algorithm */ - exim_sha_update(&hhash_ctx, rh, strlen(rh)); - - DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh)); - hdrs->tag = 1; - break; - } + hdrs->tag = 0; - if (!q) break; - p = q+1; + p = string_copy(p); + while(1) + { + if ((q = Ustrchr(p, ':'))) + *q = '\0'; + + /*XXX walk the list of headers in same order as received. */ + for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next) + if ( hdrs->tag == 0 + && strncasecmp(CCS hdrs->value, CCS p, Ustrlen(p)) == 0 + && (hdrs->value)[Ustrlen(p)] == ':' + ) + { + /* cook header for relaxed canon, or just copy it for simple */ + + uschar * rh = sig->canon_headers == PDKIM_CANON_RELAXED + ? pdkim_relax_header(hdrs->value, 1) + : string_copy(CUS hdrs->value); + + /* Feed header to the hash algorithm */ + exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh)); + + DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh)); + hdrs->tag = 1; + break; + } + + if (!q) break; + p = q+1; + } + + sig_hdr = string_copy(sig->rawsig_no_b_val); } } DEBUG(D_acl) debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); - /* SIGNING ---------------------------------------------------------------- */ - if (ctx->mode == PDKIM_MODE_SIGN) - { - /* Copy headernames to signature struct */ - sig->headernames = string_copy(US headernames->str); - pdkim_strfree(headernames); - - /* Create signature header with b= omitted */ - sig_hdr = pdkim_create_header(sig, FALSE); - } - - /* VERIFICATION ----------------------------------------------------------- */ - else - sig_hdr = strdup(sig->rawsig_no_b_val); - /* ------------------------------------------------------------------------ */ - - if (!sig_hdr) - return PDKIM_ERR_OOM; - /* Relax header if necessary */ if (sig->canon_headers == PDKIM_CANON_RELAXED) - { - char *relaxed_hdr = pdkim_relax_header(sig_hdr, 0); - - free(sig_hdr); - if (!relaxed_hdr) - return PDKIM_ERR_OOM; - sig_hdr = relaxed_hdr; - } + sig_hdr = pdkim_relax_header(sig_hdr, 0); DEBUG(D_acl) { debug_printf( "PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>\n"); - pdkim_quoteprint(sig_hdr, strlen(sig_hdr)); + pdkim_quoteprint(CUS sig_hdr, Ustrlen(sig_hdr)); debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } /* Finalize header hash */ - exim_sha_update(&hhash_ctx, sig_hdr, strlen(sig_hdr)); + exim_sha_update(&hhash_ctx, CUS sig_hdr, Ustrlen(sig_hdr)); exim_sha_finish(&hhash_ctx, &hhash); DEBUG(D_acl) @@ -1725,19 +1476,17 @@ while (sig) } /* Remember headers block for signing (when the library cannot do incremental) */ - if (ctx->mode == PDKIM_MODE_SIGN) - (void) exim_rsa_data_append(&hdata, &hdata_alloc, sig_hdr); - - free(sig_hdr); + if (ctx->flags & PDKIM_MODE_SIGN) + (void) exim_rsa_data_append(&hdata, &hdata_alloc, US sig_hdr); /* SIGNING ---------------------------------------------------------------- */ - if (ctx->mode == PDKIM_MODE_SIGN) + if (ctx->flags & PDKIM_MODE_SIGN) { es_ctx sctx; const uschar * errstr; /* Import private key */ - if ((errstr = exim_rsa_signing_init(sig->rsa_privkey, &sctx))) + if ((errstr = exim_rsa_signing_init(US sig->rsa_privkey, &sctx))) { DEBUG(D_acl) debug_printf("signing_init: %s\n", errstr); return PDKIM_ERR_RSA_PRIVKEY; @@ -1763,8 +1512,7 @@ while (sig) pdkim_hexprint(sig->sigdata.data, sig->sigdata.len); } - if (!(sig->signature_header = pdkim_create_header(sig, TRUE))) - return PDKIM_ERR_OOM; + sig->signature_header = pdkim_create_header(sig, TRUE); } /* VERIFICATION ----------------------------------------------------------- */ @@ -1773,32 +1521,48 @@ while (sig) ev_ctx vctx; const uschar * errstr; - char *dns_txt_name, *dns_txt_reply; - - /* Fetch public key for signing domain, from DNS */ - - if (!(dns_txt_name = malloc(PDKIM_DNS_TXT_MAX_NAMELEN))) - return PDKIM_ERR_OOM; - - if (!(dns_txt_reply = malloc(PDKIM_DNS_TXT_MAX_RECLEN))) + uschar *dns_txt_name, *dns_txt_reply; + + /* Make sure we have all required signature tags */ + if (!( sig->domain && *sig->domain + && sig->selector && *sig->selector + && sig->headernames && *sig->headernames + && sig->bodyhash.data + && sig->sigdata.data + && sig->algo > -1 + && sig->version + ) ) { - free(dns_txt_name); - return PDKIM_ERR_OOM; - } + sig->verify_status = PDKIM_VERIFY_INVALID; + sig->verify_ext_status = PDKIM_VERIFY_INVALID_SIGNATURE_ERROR; - memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN); - memset(dns_txt_name , 0, PDKIM_DNS_TXT_MAX_NAMELEN); + DEBUG(D_acl) debug_printf( + " Error in DKIM-Signature header: tags missing or invalid\n" + "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + goto NEXT_VERIFY; + } - if (snprintf(dns_txt_name, PDKIM_DNS_TXT_MAX_NAMELEN, - "%s._domainkey.%s.", - sig->selector, sig->domain) >= PDKIM_DNS_TXT_MAX_NAMELEN) + /* Make sure sig uses supported DKIM version (only v1) */ + if (sig->version != 1) { - sig->verify_status = PDKIM_VERIFY_INVALID; - sig->verify_ext_status = PDKIM_VERIFY_INVALID_BUFFER_SIZE; + sig->verify_status = PDKIM_VERIFY_INVALID; + sig->verify_ext_status = PDKIM_VERIFY_INVALID_DKIM_VERSION; + + DEBUG(D_acl) debug_printf( + " Error in DKIM-Signature header: unsupported DKIM version\n" + "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); goto NEXT_VERIFY; } - if ( ctx->dns_txt_callback(dns_txt_name, dns_txt_reply) != PDKIM_OK + /* Fetch public key for signing domain, from DNS */ + + dns_txt_name = string_sprintf("%s._domainkey.%s.", + sig->selector, sig->domain); + + dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN); + memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN); + + if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK || dns_txt_reply[0] == '\0') { sig->verify_status = PDKIM_VERIFY_INVALID; @@ -1811,10 +1575,10 @@ while (sig) debug_printf( "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n" " Raw record: "); - pdkim_quoteprint(dns_txt_reply, strlen(dns_txt_reply)); + pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply)); } - if (!(sig->pubkey = pdkim_parse_pubkey_record(ctx, dns_txt_reply))) + if (!(sig->pubkey = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply))) { sig->verify_status = PDKIM_VERIFY_INVALID; sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD; @@ -1863,9 +1627,6 @@ NEXT_VERIFY: else debug_printf("\n"); } - - free(dns_txt_name); - free(dns_txt_reply); } sig = sig->next; @@ -1882,21 +1643,15 @@ return PDKIM_OK; /* -------------------------------------------------------------------------- */ DLLEXPORT pdkim_ctx * -pdkim_init_verify(int(*dns_txt_callback)(char *, char *)) +pdkim_init_verify(int(*dns_txt_callback)(char *, char *), BOOL dot_stuffing) { -pdkim_ctx *ctx = malloc(sizeof(pdkim_ctx)); +pdkim_ctx * ctx; -if (!ctx) - return NULL; +ctx = store_get(sizeof(pdkim_ctx)); memset(ctx, 0, sizeof(pdkim_ctx)); -if (!(ctx->linebuf = malloc(PDKIM_MAX_BODY_LINE_LEN))) - { - free(ctx); - return NULL; - } - -ctx->mode = PDKIM_MODE_VERIFY; +if (dot_stuffing) ctx->flags = PDKIM_DOT_TERM; +ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN); ctx->dns_txt_callback = dns_txt_callback; return ctx; @@ -1906,7 +1661,8 @@ return ctx; /* -------------------------------------------------------------------------- */ DLLEXPORT pdkim_ctx * -pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo) +pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo, + BOOL dot_stuffed) { pdkim_ctx *ctx; pdkim_signature *sig; @@ -1914,43 +1670,25 @@ pdkim_signature *sig; if (!domain || !selector || !rsa_privkey) return NULL; -if (!(ctx = malloc(sizeof(pdkim_ctx)))) - return NULL; +ctx = store_get(sizeof(pdkim_ctx)); memset(ctx, 0, sizeof(pdkim_ctx)); -if (!(ctx->linebuf = malloc(PDKIM_MAX_BODY_LINE_LEN))) - { - free(ctx); - return NULL; - } +ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN; +ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN); -if (!(sig = malloc(sizeof(pdkim_signature)))) - { - free(ctx->linebuf); - free(ctx); - return NULL; - } +sig = store_get(sizeof(pdkim_signature)); memset(sig, 0, sizeof(pdkim_signature)); sig->bodylength = -1; - -ctx->mode = PDKIM_MODE_SIGN; ctx->sig = sig; -sig->domain = strdup(domain); -sig->selector = strdup(selector); -sig->rsa_privkey = strdup(rsa_privkey); +sig->domain = string_copy(US domain); +sig->selector = string_copy(US selector); +sig->rsa_privkey = string_copy(US rsa_privkey); sig->algo = algo; -if (!sig->domain || !sig->selector || !sig->rsa_privkey) - goto BAIL; - -exim_sha_init(&sig->body_hash, algo == PDKIM_ALGO_RSA_SHA1); +exim_sha_init(&sig->body_hash, algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256); return ctx; - -BAIL: - pdkim_free_ctx(ctx); - return NULL; } @@ -1969,12 +1707,10 @@ pdkim_set_optional(pdkim_ctx *ctx, pdkim_signature * sig = ctx->sig; if (identity) - if (!(sig->identity = strdup(identity))) - return PDKIM_ERR_OOM; + sig->identity = string_copy(US identity); -if (!(sig->sign_headers = strdup(sign_headers - ? sign_headers : PDKIM_DEFAULT_SIGN_HEADERS))) - return PDKIM_ERR_OOM; +sig->sign_headers = string_copy(sign_headers + ? US sign_headers : US PDKIM_DEFAULT_SIGN_HEADERS); sig->canon_headers = canon_headers; sig->canon_body = canon_body; diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 4de0a7ad6..536e5af69 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -2,6 +2,7 @@ * PDKIM - a RFC4871 (DKIM) implementation * * Copyright (C) 2009 - 2012 Tom Kistner <tom@duncanthrax.net> + * Copyright (c) Jeremy Harris 2016 * * http://duncanthrax.net/pdkim/ * @@ -22,8 +23,8 @@ #ifndef PDKIM_H #define PDKIM_H -#include "blob.h" -#include "hash.h" +#include "../blob.h" +#include "../hash.h" /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt @@ -34,7 +35,6 @@ /* Function success / error codes */ #define PDKIM_OK 0 #define PDKIM_FAIL -1 -#define PDKIM_ERR_OOM -100 #define PDKIM_ERR_RSA_PRIVKEY -101 #define PDKIM_ERR_RSA_SIGNING -102 #define PDKIM_ERR_LONG_LINE -103 @@ -49,12 +49,14 @@ #define PDKIM_VERIFY_FAIL 2 #define PDKIM_VERIFY_PASS 3 -#define PDKIM_VERIFY_FAIL_BODY 1 -#define PDKIM_VERIFY_FAIL_MESSAGE 2 -#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3 -#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4 -#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 5 -#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 6 +#define PDKIM_VERIFY_FAIL_BODY 1 +#define PDKIM_VERIFY_FAIL_MESSAGE 2 +#define PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE 3 +#define PDKIM_VERIFY_INVALID_BUFFER_SIZE 4 +#define PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD 5 +#define PDKIM_VERIFY_INVALID_PUBKEY_IMPORT 6 +#define PDKIM_VERIFY_INVALID_SIGNATURE_ERROR 7 +#define PDKIM_VERIFY_INVALID_DKIM_VERSION 8 /* -------------------------------------------------------------------------- */ /* Some parameter values */ @@ -95,13 +97,13 @@ typedef struct sha2_context sha2_context; /* -------------------------------------------------------------------------- */ /* Public key as (usually) fetched from DNS */ typedef struct pdkim_pubkey { - char *version; /* v= */ - char *granularity; /* g= */ + uschar *version; /* v= */ + uschar *granularity; /* g= */ - char *hashes; /* h= */ - char *keytype; /* k= */ - char *srvtype; /* s= */ - char *notes; /* n= */ + uschar *hashes; /* h= */ + uschar *keytype; /* k= */ + uschar *srvtype; /* s= */ + uschar *notes; /* n= */ blob key; /* p= */ @@ -135,13 +137,13 @@ typedef struct pdkim_signature { int querymethod; /* (s=) The selector string as given in the signature */ - char *selector; + uschar *selector; /* (d=) The domain as given in the signature */ - char *domain; + uschar *domain; /* (i=) The identity as given in the signature */ - char *identity; + uschar *identity; /* (t=) Timestamp of signature creation */ unsigned long created; @@ -158,7 +160,7 @@ typedef struct pdkim_signature { uschar *headernames; /* (z=) */ - char *copiedheaders; + uschar *copiedheaders; /* (b=) Raw signature data, along with its length in bytes */ blob sigdata; @@ -170,7 +172,7 @@ typedef struct pdkim_signature { Ready for insertion into the message. Note: Folded using CRLFTB, but final line terminator is NOT included. Note2: This buffer is free()d when you call pdkim_free_ctx(). */ - char *signature_header; + uschar *signature_header; /* The main verification status. Verification only. One of: @@ -235,20 +237,22 @@ typedef struct pdkim_signature { unsigned long signed_body_bytes; /* How many body bytes we hashed */ pdkim_stringlist *headers; /* Raw headers included in the sig */ /* Signing specific ------------------------------------------------- */ - char *rsa_privkey; /* Private RSA key */ - char *sign_headers; /* To-be-signed header names */ - char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */ + uschar * rsa_privkey; /* Private RSA key */ + uschar * sign_headers; /* To-be-signed header names */ + uschar * rawsig_no_b_val; /* Original signature header w/o b= tag value. */ } pdkim_signature; /* -------------------------------------------------------------------------- */ /* Context to keep state between all operations. */ -#define PDKIM_MODE_SIGN 0 -#define PDKIM_MODE_VERIFY 1 typedef struct pdkim_ctx { - /* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */ - int mode; +#define PDKIM_MODE_SIGN BIT(0) /* if unset, mode==verify */ +#define PDKIM_DOT_TERM BIT(1) /* dot termination and unstuffing */ +#define PDKIM_SEEN_LF BIT(2) +#define PDKIM_SEEN_EOD BIT(3) +#define PDKIM_PAST_HDRS BIT(4) + unsigned flags; /* One (signing) or several chained (verification) signatures */ pdkim_signature *sig; @@ -257,12 +261,11 @@ typedef struct pdkim_ctx { int(*dns_txt_callback)(char *, char *); /* Coder's little helpers */ - pdkim_str *cur_header; + uschar *cur_header; + int cur_header_size; + int cur_header_len; char *linebuf; int linebuf_offset; - BOOL seen_lf; - BOOL seen_eod; - BOOL past_headers; int num_buffered_crlf; int num_headers; pdkim_stringlist *headers; /* Raw headers for verification */ @@ -281,10 +284,10 @@ extern "C" { void pdkim_init (void); DLLEXPORT -pdkim_ctx *pdkim_init_sign (char *, char *, char *, int); +pdkim_ctx *pdkim_init_sign (char *, char *, char *, int, BOOL); DLLEXPORT -pdkim_ctx *pdkim_init_verify (int(*)(char *, char *)); +pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL); DLLEXPORT int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int, @@ -300,6 +303,9 @@ int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **); DLLEXPORT void pdkim_free_ctx (pdkim_ctx *); + +const char * pdkim_errstr(int); + #ifdef __cplusplus } #endif diff --git a/src/src/pdkim/pdkim_hash.h b/src/src/pdkim/pdkim_hash.h new file mode 100644 index 000000000..143cd19df --- /dev/null +++ b/src/src/pdkim/pdkim_hash.h @@ -0,0 +1,38 @@ +/* + * PDKIM - a RFC4871 (DKIM) implementation + * + * Copyright (C) 2016 Exim maintainers + * + * Hash interface functions + */ + +#include "../exim.h" + +#if !defined(HASH_H) /* entire file */ +#define HASH_H + +#ifndef SUPPORT_TLS +# error Need SUPPORT_TLS for DKIM +#endif + +#include "crypt_ver.h" +#include "../blob.h" +#include "../hash.h" + +#ifdef RSA_OPENSSL +# include <openssl/rsa.h> +# include <openssl/ssl.h> +# include <openssl/err.h> +#elif defined(RSA_GNUTLS) +# include <gnutls/gnutls.h> +# include <gnutls/x509.h> +#endif + +#if defined(SHA_OPENSSL) +# include "pdkim.h" +#elif defined(SHA_GCRYPT) +# include "pdkim.h" +#endif + +#endif +/* End of File */ diff --git a/src/src/pdkim/rsa.c b/src/src/pdkim/rsa.c index c5d4c2efa..aeb016ce5 100644 --- a/src/src/pdkim/rsa.c +++ b/src/src/pdkim/rsa.c @@ -586,7 +586,7 @@ if (!(sign_ctx->rsa = d2i_RSAPrivateKey(NULL, CUSS &p, len))) char ssl_errstring[256]; ERR_load_crypto_strings(); /*XXX move to a startup routine */ ERR_error_string(ERR_get_error(), ssl_errstring); - return string_copy(ssl_errstring); + return string_copy(US ssl_errstring); } return NULL; @@ -620,7 +620,7 @@ if (RSA_sign(is_sha1 ? NID_sha1 : NID_sha256, char ssl_errstring[256]; ERR_load_crypto_strings(); /*XXX move to a startup routine */ ERR_error_string(ERR_get_error(), ssl_errstring); - ret = string_copy(ssl_errstring); + ret = string_copy(US ssl_errstring); } RSA_free(sign_ctx->rsa); @@ -643,7 +643,7 @@ if (!(verify_ctx->rsa = d2i_RSA_PUBKEY(NULL, &p, (long) pubkey_der->len))) char ssl_errstring[256]; ERR_load_crypto_strings(); /*XXX move to a startup routine */ ERR_error_string(ERR_get_error(), ssl_errstring); - ret = string_copy(ssl_errstring); + ret = string_copy(CUS ssl_errstring); } return ret; } @@ -666,7 +666,7 @@ if (RSA_verify(is_sha1 ? NID_sha1 : NID_sha256, char ssl_errstring[256]; ERR_load_crypto_strings(); /*XXX move to a startup routine */ ERR_error_string(ERR_get_error(), ssl_errstring); - ret = string_copy(ssl_errstring); + ret = string_copy(US ssl_errstring); } return ret; } diff --git a/src/src/pdkim/rsa.h b/src/src/pdkim/rsa.h index 32631fdac..6018eba64 100644 --- a/src/src/pdkim/rsa.h +++ b/src/src/pdkim/rsa.h @@ -25,7 +25,7 @@ # include <libtasn1.h> #endif -#include "blob.h" +#include "../blob.h" #ifdef RSA_OPENSSL diff --git a/src/src/perl.c b/src/src/perl.c index fbe9ee842..92218a6ef 100644 --- a/src/src/perl.c +++ b/src/src/perl.c @@ -186,7 +186,7 @@ call_perl_cat(uschar *yield, int *sizep, int *ptrp, uschar **errstrp, return NULL; } str = US SvPV(sv, len); - yield = string_cat(yield, sizep, ptrp, str, (int)len); + yield = string_catn(yield, sizep, ptrp, str, (int)len); FREETMPS; LEAVE; diff --git a/src/src/queue.c b/src/src/queue.c index bf62aea88..e7ae019d2 100644 --- a/src/src/queue.c +++ b/src/src/queue.c @@ -12,6 +12,45 @@ +/* Routines with knowlege of spool layout */ + +#ifndef COMPILE_UTILITY +static void +spool_pname_buf(uschar * buf, int len) +{ +snprintf(CS buf, len, "%s/%s/input", spool_directory, queue_name); +} + +uschar * +spool_dname(const uschar * purpose, uschar * subdir) +{ +return string_sprintf("%s/%s/%s/%s", + spool_directory, queue_name, purpose, subdir); +} +#endif + +uschar * +spool_sname(const uschar * purpose, uschar * subdir) +{ +return string_sprintf("%s%s%s%s%s", + queue_name, *queue_name ? "/" : "", + purpose, + *subdir ? "/" : "", subdir); +} + +uschar * +spool_fname(const uschar * purpose, const uschar * subdir, const uschar * fname, + const uschar * suffix) +{ +return string_sprintf("%s/%s/%s/%s/%s%s", + spool_directory, queue_name, purpose, subdir, fname, suffix); +} + + + + +#ifndef COMPILE_UTILITY + /* The number of nodes to use for the bottom-up merge sort when a list of queue items is to be ordered. The code for this sort was contributed as a patch by Michael Haardt. */ @@ -40,8 +79,7 @@ merge_queue_lists(queue_filename *a, queue_filename *b) queue_filename *first = NULL; queue_filename **append = &first; -while (a != NULL && b != NULL) - { +while (a && b) if (Ustrcmp(a->text, b->text) < 0) { *append = a; @@ -54,9 +92,8 @@ while (a != NULL && b != NULL) append= &b->next; b = b->next; } - } -*append=((a != NULL)? a : b); +*append = a ? a : b; return first; } @@ -125,8 +162,11 @@ according to the bits of the flags variable. Get a collection of bits from the current time. Use the bottom 16 and just keep re-using them if necessary. When not randomizing, initialize the sublists for the bottom-up merge sort. */ -if (randomize) resetflags = time(NULL) & 0xFFFF; - else for (i = 0; i < LOG2_MAXNODES; i++) root[i] = NULL; +if (randomize) + resetflags = time(NULL) & 0xFFFF; +else + for (i = 0; i < LOG2_MAXNODES; i++) + root[i] = NULL; /* If processing the full queue, or just the top-level, start at the base directory, and initialize the first subdirectory name (as none). Otherwise, @@ -138,11 +178,13 @@ if (subdiroffset <= 0) subdirs[0] = 0; *subcount = 0; } -else i = subdiroffset; +else + i = subdiroffset; /* Set up prototype for the directory name. */ -sprintf(CS buffer, "%s/input", spool_directory); +spool_pname_buf(buffer, sizeof(buffer)); +buffer[sizeof(buffer) - 3] = 0; subptr = Ustrlen(buffer); buffer[subptr+2] = 0; /* terminator for lengthened name */ @@ -161,12 +203,13 @@ for (; i <= *subcount; i++) buffer[subptr+1] = subdirchar; } - dd = opendir(CS buffer); - if (dd == NULL) continue; + DEBUG(D_queue_run) debug_printf("looking in %s\n", buffer); + if (!(dd = opendir(CS buffer))) + continue; /* Now scan the directory. */ - while ((ent = readdir(dd)) != NULL) + while ((ent = readdir(dd))) { uschar *name = US ent->d_name; int len = Ustrlen(name); @@ -202,15 +245,15 @@ for (; i <= *subcount; i++) to store the number with each item. */ if (randomize) - { - if (yield == NULL) + if (!yield) { next->next = NULL; yield = last = next; } else { - if (flags == 0) flags = resetflags; + if (flags == 0) + flags = resetflags; if ((flags & 1) == 0) { next->next = yield; @@ -224,7 +267,6 @@ for (; i <= *subcount; i++) } flags = flags >> 1; } - } /* Otherwise do a bottom-up merge sort based on the name. */ @@ -233,8 +275,7 @@ for (; i <= *subcount; i++) int j; next->next = NULL; for (j = 0; j < LOG2_MAXNODES; j++) - { - if (root[j] != NULL) + if (root[j]) { next = merge_queue_lists(next, root[j]); root[j] = (j == LOG2_MAXNODES - 1)? next : NULL; @@ -244,7 +285,6 @@ for (; i <= *subcount; i++) root[j] = next; break; } - } } } } @@ -264,9 +304,11 @@ for (; i <= *subcount; i++) { if (!split_spool_directory && count <= 2) { + uschar subdir[2]; + rmdir(CS buffer); - sprintf(CS big_buffer, "%s/msglog/%c", spool_directory, subdirchar); - rmdir(CS big_buffer); + subdir[0] = subdirchar; subdir[1] = 0; + rmdir(CS spool_dname(US"msglog", subdir)); } if (subdiroffset > 0) break; /* Single sub-directory */ } @@ -274,10 +316,8 @@ for (; i <= *subcount; i++) /* If we have just scanned the base directory, and subdiroffset is 0, we do not want to continue scanning the sub-directories. */ - else - { - if (subdiroffset == 0) break; - } + else if (subdiroffset == 0) + break; } /* Loop for multiple subdirectories */ /* When using a bottom-up merge sort, do the final merging of the sublists. @@ -389,7 +429,11 @@ if (!recurse) } log_detail = string_copy(big_buffer); - log_write(L_queue_run, LOG_MAIN, "Start queue run: %s", log_detail); + if (*queue_name) + log_write(L_queue_run, LOG_MAIN, "Start '%s' queue run: %s", + queue_name, log_detail); + else + log_write(L_queue_run, LOG_MAIN, "Start queue run: %s", log_detail); } /* If deliver_selectstring is a regex, compile it. */ @@ -434,7 +478,7 @@ for (i = (queue_run_in_order? -1 : 0); } for (f = queue_get_spool_list(i, subdirs, &subcount, !queue_run_in_order); - f != NULL; + f; f = f->next) { pid_t pid; @@ -447,9 +491,7 @@ for (i = (queue_run_in_order? -1 : 0); check that the load average is low enough to permit deliveries. */ if (!queue_run_force && deliver_queue_load_max >= 0) - { - load_average = os_getloadavg(); - if (load_average > deliver_queue_load_max) + if ((load_average = os_getloadavg()) > deliver_queue_load_max) { log_write(L_queue_run, LOG_MAIN, "Abandon queue run: %s (load %.2f, max %.2f)", log_detail, @@ -459,26 +501,22 @@ for (i = (queue_run_in_order? -1 : 0); break; } else - { DEBUG(D_load) debug_printf("load average = %.2f max = %.2f\n", (double)load_average/1000.0, (double)deliver_queue_load_max/1000.0); - } - } /* Skip this message unless it's within the ID limits */ - if (stop_id != NULL && Ustrncmp(f->text, stop_id, MESSAGE_ID_LENGTH) > 0) + if (stop_id && Ustrncmp(f->text, stop_id, MESSAGE_ID_LENGTH) > 0) continue; - if (start_id != NULL && Ustrncmp(f->text, start_id, MESSAGE_ID_LENGTH) < 0) + if (start_id && Ustrncmp(f->text, start_id, MESSAGE_ID_LENGTH) < 0) continue; /* Check that the message still exists */ message_subdir[0] = f->dir_uschar; - sprintf(CS buffer, "%s/input/%s/%s", spool_directory, message_subdir, - f->text); - if (Ustat(buffer, &statbuf) < 0) continue; + if (Ustat(spool_fname(US"input", message_subdir, f->text, US""), &statbuf) < 0) + continue; /* There are some tests that require the reading of the header file. Ensure the store used is scavenged afterwards so that this process doesn't keep @@ -486,7 +524,7 @@ for (i = (queue_run_in_order? -1 : 0); delivering, but it's cheaper than forking a delivery process for each message when many are not going to be delivered. */ - if (deliver_selectstring != NULL || deliver_selectstring_sender != NULL || + if (deliver_selectstring || deliver_selectstring_sender || queue_run_first_delivery) { BOOL wanted = TRUE; @@ -519,19 +557,20 @@ for (i = (queue_run_in_order? -1 : 0); wanted = FALSE; } - /* Check for a matching address if deliver_selectstring[_sender} is set. + /* Check for a matching address if deliver_selectstring[_sender] is set. If so, we do a fully delivery - don't want to omit other addresses since their routing might trigger re-writing etc. */ /* Sender matching */ - else if (deliver_selectstring_sender != NULL && - !(deliver_selectstring_sender_regex? - (pcre_exec(selectstring_regex_sender, NULL, CS sender_address, - Ustrlen(sender_address), 0, PCRE_EOPT, NULL, 0) >= 0) - : - (strstric(sender_address, deliver_selectstring_sender, FALSE) - != NULL))) + else if ( deliver_selectstring_sender + && !(deliver_selectstring_sender_regex + ? (pcre_exec(selectstring_regex_sender, NULL, + CS sender_address, Ustrlen(sender_address), 0, PCRE_EOPT, + NULL, 0) >= 0) + : (strstric(sender_address, deliver_selectstring_sender, FALSE) + != NULL) + ) ) { DEBUG(D_queue_run) debug_printf("%s: sender address did not match %s\n", f->text, deliver_selectstring_sender); @@ -540,19 +579,19 @@ for (i = (queue_run_in_order? -1 : 0); /* Recipient matching */ - else if (deliver_selectstring != NULL) + else if (deliver_selectstring) { int i; for (i = 0; i < recipients_count; i++) { uschar *address = recipients_list[i].address; - if ((deliver_selectstring_regex? - (pcre_exec(selectstring_regex, NULL, CS address, - Ustrlen(address), 0, PCRE_EOPT, NULL, 0) >= 0) - : - (strstric(address, deliver_selectstring, FALSE) != NULL)) - && - tree_search(tree_nonrecipients, address) == NULL) + if ( (deliver_selectstring_regex + ? (pcre_exec(selectstring_regex, NULL, CS address, + Ustrlen(address), 0, PCRE_EOPT, NULL, 0) >= 0) + : (strstric(address, deliver_selectstring, FALSE) != NULL) + ) + && tree_search(tree_nonrecipients, address) == NULL + ) break; } @@ -581,10 +620,8 @@ for (i = (queue_run_in_order? -1 : 0); pretty cheap. */ if (pipe(pfd) < 0) - { log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to create pipe in queue " "runner process %d: %s", queue_run_pid, strerror(errno)); - } queue_run_pipe = pfd[pipe_write]; /* To ensure it gets passed on. */ /* Make sure it isn't stdin. This seems unlikely, but just to be on the @@ -638,11 +675,9 @@ for (i = (queue_run_in_order? -1 : 0); /* If the process crashed, tell somebody */ else if ((status & 0x00ff) != 0) - { log_write(0, LOG_MAIN|LOG_PANIC, "queue run: process %d crashed with signal %d while delivering %s", (int)pid, status & 0x00ff, f->text); - } /* Before continuing, wait till the pipe gets closed at the far end. This tells us that any children created by the delivery to re-use any SMTP @@ -650,8 +685,9 @@ for (i = (queue_run_in_order? -1 : 0); the mere fact that read() unblocks is enough. */ set_process_info("running queue: waiting for children of %d", pid); - if (read(pfd[pipe_read], buffer, sizeof(buffer)) > 0) - log_write(0, LOG_MAIN|LOG_PANIC, "queue run: unexpected data on pipe"); + if ((status = read(pfd[pipe_read], buffer, sizeof(buffer))) != 0) + log_write(0, LOG_MAIN|LOG_PANIC, "queue run: %s on pipe", + status > 0 ? "unexpected data" : "error"); (void)close(pfd[pipe_read]); set_process_info("running queue"); @@ -672,18 +708,15 @@ for (i = (queue_run_in_order? -1 : 0); if (i == 0 && subcount > 1 && !queue_run_in_order) { - int j; + int j, r; for (j = 1; j <= subcount; j++) - { - int r = random_number(100); - if (r >= 50) + if ((r = random_number(100)) >= 50) { int k = (r % subcount) + 1; int x = subdirs[j]; subdirs[j] = subdirs[k]; subdirs[k] = x; } - } } } /* End loop for multiple directories */ @@ -698,7 +731,12 @@ if (queue_2stage) /* At top level, log the end of the run. */ -if (!recurse) log_write(L_queue_run, LOG_MAIN, "End queue run: %s", log_detail); +if (!recurse) + if (*queue_name) + log_write(L_queue_run, LOG_MAIN, "End '%s' queue run: %s", + queue_name, log_detail); + else + log_write(L_queue_run, LOG_MAIN, "End queue run: %s", log_detail); } @@ -841,17 +879,16 @@ for (; f != NULL; f = f->next) int ptr; FILE *jread; struct stat statbuf; + uschar * fname = spool_fname(US"input", message_subdir, f->text, US""); - sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, - f->text); - ptr = Ustrlen(big_buffer)-1; - big_buffer[ptr] = 'D'; + ptr = Ustrlen(fname)-1; + fname[ptr] = 'D'; /* Add the data size to the header size; don't count the file name at the start of the data file, but add one for the notional blank line that precedes the data. */ - if (Ustat(big_buffer, &statbuf) == 0) + if (Ustat(fname, &statbuf) == 0) size = message_size + statbuf.st_size - SPOOL_DATA_START_OFFSET + 1; i = (now - received_time)/60; /* minutes on queue */ if (i > 90) @@ -863,8 +900,8 @@ for (; f != NULL; f = f->next) /* Collect delivered addresses from any J file */ - big_buffer[ptr] = 'J'; - jread = Ufopen(big_buffer, "rb"); + fname[ptr] = 'J'; + jread = Ufopen(fname, "rb"); if (jread != NULL) { while (Ufgets(big_buffer, big_buffer_size, jread) != NULL) @@ -892,9 +929,9 @@ for (; f != NULL; f = f->next) if (save_errno == ERRNO_SPOOLFORMAT) { struct stat statbuf; - sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, - f->text); - if (Ustat(big_buffer, &statbuf) == 0) + uschar * fname = spool_fname(US"input", message_subdir, f->text, US""); + + if (Ustat(fname, &statbuf) == 0) printf("*** spool format error: size=" OFF_T_FMT " ***", statbuf.st_size); else printf("*** spool format error ***"); @@ -959,7 +996,7 @@ struct passwd *pw; uschar *doing = NULL; uschar *username; uschar *errmsg; -uschar spoolname[256]; +uschar spoolname[32]; /* Set the global message_id variable, used when re-writing spool files. This also causes message ids to be added to log messages. */ @@ -1004,12 +1041,13 @@ if (action >= MSG_SHOW_BODY) for (i = 0; i < 2; i++) { - message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0; - sprintf(CS spoolname, "%s/%s/%s/%s%s", spool_directory, subdirectory, - message_subdir, id, suffix); - fd = Uopen(spoolname, O_RDONLY, 0); - if (fd >= 0) break; - if (i == 0) continue; + message_subdir[0] = split_spool_directory == (i == 0) ? id[5] : 0; + if ((fd = Uopen(spool_fname(subdirectory, message_subdir, id, suffix), + O_RDONLY, 0)) >= 0) + break; + if (i == 0) + continue; + printf("Failed to open %s file for %s%s: %s\n", subdirectory, id, suffix, strerror(errno)); if (action == MSG_SHOW_LOG && !message_logs) @@ -1030,8 +1068,7 @@ other process is working on this message. If the file does not exist, continue only if the action is remove and the user is an admin user, to allow for tidying up broken states. */ -if (!spool_open_datafile(id)) - { +if ((deliver_datafile = spool_open_datafile(id)) < 0) if (errno == ENOENT) { yield = FALSE; @@ -1046,7 +1083,6 @@ if (!spool_open_datafile(id)) strerror(errno)); return FALSE; } - } /* Read the spool header file for the message. Again, continue after an error only in the case of deleting by an administrator. Setting the third @@ -1099,7 +1135,7 @@ switch(action) case MSG_SHOW_COPY: deliver_in_buffer = store_malloc(DELIVER_IN_BUFFER_SIZE); deliver_out_buffer = store_malloc(DELIVER_OUT_BUFFER_SIZE); - transport_write_message(NULL, 1, 0, 0, NULL, NULL, NULL, NULL, NULL, 0); + transport_write_message(1, NULL, 0); break; @@ -1159,49 +1195,70 @@ switch(action) operation, just run everything twice. */ case MSG_REMOVE: - message_subdir[0] = id[5]; - for (j = 0; j < 2; message_subdir[0] = 0, j++) { - sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, id); - if (Uunlink(spoolname) < 0) - { - if (errno != ENOENT) - { - yield = FALSE; - printf("Error while removing %s: %s\n", spoolname, - strerror(errno)); - } - } - else removed = TRUE; + uschar suffix[3]; - for (i = 0; i < 3; i++) + suffix[0] = '-'; + suffix[2] = 0; + message_subdir[0] = id[5]; + + for (j = 0; j < 2; message_subdir[0] = 0, j++) { - sprintf(CS spoolname, "%s/input/%s/%s-%c", spool_directory, message_subdir, - id, "DHJ"[i]); - if (Uunlink(spoolname) < 0) - { - if (errno != ENOENT) - { - yield = FALSE; - printf("Error while removing %s: %s\n", spoolname, - strerror(errno)); - } - } - else removed = TRUE; + uschar * fname = spool_fname(US"msglog", message_subdir, id, US""); + + DEBUG(D_any) debug_printf(" removing %s", fname); + if (Uunlink(fname) < 0) + { + if (errno != ENOENT) + { + yield = FALSE; + printf("Error while removing %s: %s\n", fname, strerror(errno)); + } + else DEBUG(D_any) debug_printf(" (no file)\n"); + } + else + { + removed = TRUE; + DEBUG(D_any) debug_printf(" (ok)\n"); + } + + for (i = 0; i < 3; i++) + { + uschar * fname; + + suffix[1] = (US"DHJ")[i]; + fname = spool_fname(US"input", message_subdir, id, suffix); + + DEBUG(D_any) debug_printf(" removing %s", fname); + if (Uunlink(fname) < 0) + { + if (errno != ENOENT) + { + yield = FALSE; + printf("Error while removing %s: %s\n", fname, strerror(errno)); + } + else DEBUG(D_any) debug_printf(" (no file)\n"); + } + else + { + removed = TRUE; + DEBUG(D_any) debug_printf(" (done)\n"); + } + } } - } - /* In the common case, the datafile is open (and locked), so give the - obvious message. Otherwise be more specific. */ + /* In the common case, the datafile is open (and locked), so give the + obvious message. Otherwise be more specific. */ - if (deliver_datafile >= 0) printf("has been removed\n"); - else printf("has been removed or did not exist\n"); - if (removed) - { - log_write(0, LOG_MAIN, "removed by %s", username); - log_write(0, LOG_MAIN, "Completed"); + if (deliver_datafile >= 0) printf("has been removed\n"); + else printf("has been removed or did not exist\n"); + if (removed) + { + log_write(0, LOG_MAIN, "removed by %s", username); + log_write(0, LOG_MAIN, "Completed"); + } + break; } - break; case MSG_MARK_ALL_DELIVERED: @@ -1311,7 +1368,6 @@ switch(action) } if (yield) - { if (spool_write_header(id, SW_MODIFYING, &errmsg) >= 0) printf("has been modified\n"); else @@ -1319,7 +1375,6 @@ switch(action) yield = FALSE; printf("- while %s: %s\n", doing, errmsg); } - } break; } @@ -1327,8 +1382,11 @@ switch(action) /* Closing the datafile releases the lock and permits other processes to operate on the message (if it still exists). */ -(void)close(deliver_datafile); -deliver_datafile = -1; +if (deliver_datafile >= 0) + { + (void)close(deliver_datafile); + deliver_datafile = -1; + } return yield; } @@ -1380,4 +1438,6 @@ while ((ss = string_nextinlist(&s, &sep, buffer, sizeof(buffer))) != NULL) } } +#endif /*!COMPILE_UTILITY*/ + /* End of queue.c */ diff --git a/src/src/rda.c b/src/src/rda.c index 2afd6dc8a..5df361e31 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module contains code for extracting addresses from a forwarding list @@ -474,11 +474,12 @@ rda_read_string(int fd, uschar **sp) int len; if (read(fd, &len, sizeof(int)) != sizeof(int)) return FALSE; -if (len == 0) *sp = NULL; else - { - *sp = store_get(len); - if (read(fd, *sp, len) != len) return FALSE; - } +if (len == 0) + *sp = NULL; +else + /* We know we have enough memory so disable the error on "len" */ + /* coverity[tainted_data] */ + if (read(fd, *sp = store_get(len), len) != len) return FALSE; return TRUE; } @@ -911,7 +912,7 @@ if (yield == FF_DELIVERED || yield == FF_NOTDELIVERED || if (i > 0) { - addr->pipe_expandn = store_get((i+1) * sizeof(uschar **)); + addr->pipe_expandn = store_get((i+1) * sizeof(uschar *)); addr->pipe_expandn[i] = NULL; while (--i >= 0) addr->pipe_expandn[i] = expandn[i]; } diff --git a/src/src/readconf.c b/src/src/readconf.c index 2dfc9af8e..27a834b3f 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for reading the configuration file, and for displaying @@ -11,10 +11,14 @@ implementation of the conditional .ifdef etc. */ #include "exim.h" +extern char **environ; + static void fn_smtp_receive_timeout(const uschar * name, const uschar * str); static void save_config_line(const uschar* line); static void save_config_position(const uschar *file, int line); -static void print_config(BOOL admin); +static void print_config(BOOL admin, BOOL terse); +static void readconf_options_auths(void); + #define CSTATE_STACK_SIZE 10 @@ -178,6 +182,7 @@ static optionlist optionlist_config[] = { { "acl_smtp_starttls", opt_stringptr, &acl_smtp_starttls }, #endif { "acl_smtp_vrfy", opt_stringptr, &acl_smtp_vrfy }, + { "add_environment", opt_stringptr, &add_environment }, { "admin_groups", opt_gidlist, &admin_groups }, { "allow_domain_literals", opt_bool, &allow_domain_literals }, { "allow_mx_to_ip", opt_bool, &allow_mx_to_ip }, @@ -208,6 +213,7 @@ static optionlist optionlist_config[] = { { "check_rfc2047_length", opt_bool, &check_rfc2047_length }, { "check_spool_inodes", opt_int, &check_spool_inodes }, { "check_spool_space", opt_Kint, &check_spool_space }, + { "chunking_advertise_hosts", opt_stringptr, &chunking_advertise_hosts }, { "daemon_smtp_port", opt_stringptr|opt_hidden, &daemon_smtp_port }, { "daemon_smtp_ports", opt_stringptr, &daemon_smtp_port }, { "daemon_startup_retries", opt_int, &daemon_startup_retries }, @@ -267,11 +273,6 @@ static optionlist optionlist_config[] = { #ifdef SUPPORT_TLS { "gnutls_allow_auto_pkcs11", opt_bool, &gnutls_allow_auto_pkcs11 }, { "gnutls_compat_mode", opt_bool, &gnutls_compat_mode }, - /* These three gnutls_require_* options stopped working in Exim 4.80 */ - /* From 4.83 we log a warning; a future relase will remove them */ - { "gnutls_require_kx", opt_stringptr, &gnutls_require_kx }, - { "gnutls_require_mac", opt_stringptr, &gnutls_require_mac }, - { "gnutls_require_protocols", opt_stringptr, &gnutls_require_proto }, #endif { "header_line_maxsize", opt_int, &header_line_maxsize }, { "header_maxsize", opt_int, &header_maxsize }, @@ -296,6 +297,7 @@ static optionlist optionlist_config[] = { { "ignore_bounce_errors_after", opt_time, &ignore_bounce_errors_after }, { "ignore_fromline_hosts", opt_stringptr, &ignore_fromline_hosts }, { "ignore_fromline_local", opt_bool, &ignore_fromline_local }, + { "keep_environment", opt_stringptr, &keep_environment }, { "keep_malformed", opt_time, &keep_malformed }, #ifdef LOOKUP_LDAP { "ldap_ca_cert_dir", opt_stringptr, &eldap_ca_cert_dir }, @@ -369,7 +371,7 @@ static optionlist optionlist_config[] = { { "queue_only_load_latch", opt_bool, &queue_only_load_latch }, { "queue_only_override", opt_bool, &queue_only_override }, { "queue_run_in_order", opt_bool, &queue_run_in_order }, - { "queue_run_max", opt_int, &queue_run_max }, + { "queue_run_max", opt_stringptr, &queue_run_max }, { "queue_smtp_domains", opt_stringptr, &queue_smtp_domains }, { "receive_timeout", opt_time, &receive_timeout }, { "received_header_text", opt_stringptr, &received_header_text }, @@ -443,6 +445,7 @@ static optionlist optionlist_config[] = { { "strip_trailing_dot", opt_bool, &strip_trailing_dot }, { "syslog_duplication", opt_bool, &syslog_duplication }, { "syslog_facility", opt_stringptr, &syslog_facility_str }, + { "syslog_pid", opt_bool, &syslog_pid }, { "syslog_processname", opt_stringptr, &syslog_processname }, { "syslog_timestamp", opt_bool, &syslog_timestamp }, { "system_filter", opt_stringptr, &system_filter }, @@ -487,8 +490,7 @@ static optionlist optionlist_config[] = { { "write_rejectlog", opt_bool, &write_rejectlog } }; -static int optionlist_config_size = - sizeof(optionlist_config)/sizeof(optionlist); +static int optionlist_config_size = nelem(optionlist_config); @@ -513,10 +515,10 @@ int i; router_instance *r; transport_instance *t; -for (i = 0; i < optionlist_config_size; i++) +for (i = 0; i < nelem(optionlist_config); i++) if (p == optionlist_config[i].value) return US optionlist_config[i].name; -for (r = routers; r != NULL; r = r->next) +for (r = routers; r; r = r->next) { router_info *ri = r->info; for (i = 0; i < *ri->options_count; i++) @@ -527,7 +529,7 @@ for (r = routers; r != NULL; r = r->next) } } -for (t = transports; t != NULL; t = t->next) +for (t = transports; t; t = t->next) { transport_info *ti = t->info; for (i = 0; i < *ti->options_count; i++) @@ -553,6 +555,45 @@ return US""; * Deal with an assignment to a macro * *************************************************/ +/* We have a new definition. The macro_item structure includes a final vector +called "name" which is one byte long. Thus, adding "namelen" gives us enough +room to store the "name" string. +If a builtin macro we place at head of list, else tail. This lets us lazy-create +builtins. */ + +macro_item * +macro_create(const uschar * name, const uschar * val, + BOOL command_line, BOOL builtin) +{ +unsigned namelen = Ustrlen(name); +macro_item * m = store_get(sizeof(macro_item) + namelen); + +/* fprintf(stderr, "%s: '%s' '%s'\n", __FUNCTION__, name, val) */ +if (!macros) + { + macros = m; + mlast = m; + m->next = NULL; + } +else if (builtin) + { + m->next = macros; + macros = m; + } +else + { + mlast->next = m; + mlast = m; + m->next = NULL; + } +m->command_line = command_line; +m->namelen = namelen; +m->replacement = string_copy(val); +Ustrcpy(m->name, name); +return m; +} + + /* This function is called when a line that starts with an upper case letter is encountered. The argument "line" should contain a complete logical line, and start with the first letter of the macro name. The macro name and the @@ -572,7 +613,6 @@ uschar name[64]; int namelen = 0; BOOL redef = FALSE; macro_item *m; -macro_item *mlast = NULL; while (isalnum(*s) || *s == '_') { @@ -598,13 +638,13 @@ while (isspace(*s)) s++; just skip this definition. It's an error to attempt to redefine a macro without redef set to TRUE, or to redefine a macro when it hasn't been defined earlier. It is also an error to define a macro whose name begins with the name of a -previously defined macro. Note: it is documented that the other way round -works. */ +previously defined macro. This is the requirement that make using a tree +for macros hard; we must check all macros for the substring. Perhaps a +sorted list, and a bsearch, would work? +Note: it is documented that the other way round works. */ -for (m = macros; m != NULL; m = m->next) +for (m = macros; m; m = m->next) { - int len = Ustrlen(m->name); - if (Ustrcmp(m->name, name) == 0) { if (!m->command_line && !redef) @@ -613,7 +653,7 @@ for (m = macros; m != NULL; m = m->next) break; } - if (len < namelen && Ustrstr(name, m->name) != NULL) + if (m->namelen < namelen && Ustrstr(name, m->name) != NULL) log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "\"%s\" cannot be defined as " "a macro because previously defined macro \"%s\" is a substring", name, m->name); @@ -621,49 +661,240 @@ for (m = macros; m != NULL; m = m->next) /* We cannot have this test, because it is documented that a substring macro is permitted (there is even an example). * - * if (len > namelen && Ustrstr(m->name, name) != NULL) + * if (m->namelen > namelen && Ustrstr(m->name, name) != NULL) * log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "\"%s\" cannot be defined as " * "a macro because it is a substring of previously defined macro \"%s\"", * name, m->name); */ - - mlast = m; } /* Check for an overriding command-line definition. */ -if (m != NULL && m->command_line) return; +if (m && m->command_line) return; /* Redefinition must refer to an existing macro. */ if (redef) - { - if (m == NULL) + if (m) + m->replacement = string_copy(s); + else log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "can't redefine an undefined macro " "\"%s\"", name); - } - -/* We have a new definition. The macro_item structure includes a final vector -called "name" which is one byte long. Thus, adding "namelen" gives us enough -room to store the "name" string. */ +/* We have a new definition. */ else - { - m = store_get(sizeof(macro_item) + namelen); - if (macros == NULL) macros = m; else mlast->next = m; - Ustrncpy(m->name, name, namelen); - m->name[namelen] = 0; - m->next = NULL; - m->command_line = FALSE; - } + (void) macro_create(name, s, FALSE, FALSE); +} + + + + + +/*************************************************/ +/* Create compile-time feature macros */ +static void +readconf_features(void) +{ +/* Probably we could work out a static initialiser for wherever +macros are stored, but this will do for now. Some names are awkward +due to conflicts with other common macros. */ + +#ifdef SUPPORT_CRYPTEQ + macro_create(US"_HAVE_CRYPTEQ", US"y", FALSE, TRUE); +#endif +#if HAVE_ICONV + macro_create(US"_HAVE_ICONV", US"y", FALSE, TRUE); +#endif +#if HAVE_IPV6 + macro_create(US"_HAVE_IPV6", US"y", FALSE, TRUE); +#endif +#ifdef HAVE_SETCLASSRESOURCES + macro_create(US"_HAVE_SETCLASSRESOURCES", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_PAM + macro_create(US"_HAVE_PAM", US"y", FALSE, TRUE); +#endif +#ifdef EXIM_PERL + macro_create(US"_HAVE_PERL", US"y", FALSE, TRUE); +#endif +#ifdef EXPAND_DLFUNC + macro_create(US"_HAVE_DLFUNC", US"y", FALSE, TRUE); +#endif +#ifdef USE_TCP_WRAPPERS + macro_create(US"_HAVE_TCPWRAPPERS", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_TLS + macro_create(US"_HAVE_TLS", US"y", FALSE, TRUE); +# ifdef USE_GNUTLS + macro_create(US"_HAVE_GNUTLS", US"y", FALSE, TRUE); +# else + macro_create(US"_HAVE_OPENSSL", US"y", FALSE, TRUE); +# endif +#endif +#ifdef SUPPORT_TRANSLATE_IP_ADDRESS + macro_create(US"_HAVE_TRANSLATE_IP_ADDRESS", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_MOVE_FROZEN_MESSAGES + macro_create(US"_HAVE_MOVE_FROZEN_MESSAGES", US"y", FALSE, TRUE); +#endif +#ifdef WITH_CONTENT_SCAN + macro_create(US"_HAVE_CONTENT_SCANNING", US"y", FALSE, TRUE); +#endif +#ifndef DISABLE_DKIM + macro_create(US"_HAVE_DKIM", US"y", FALSE, TRUE); +#endif +#ifndef DISABLE_DNSSEC + macro_create(US"_HAVE_DNSSEC", US"y", FALSE, TRUE); +#endif +#ifndef DISABLE_EVENT + macro_create(US"_HAVE_EVENT", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_I18N + macro_create(US"_HAVE_I18N", US"y", FALSE, TRUE); +#endif +#ifndef DISABLE_OCSP + macro_create(US"_HAVE_OCSP", US"y", FALSE, TRUE); +#endif +#ifndef DISABLE_PRDR + macro_create(US"_HAVE_PRDR", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_PROXY + macro_create(US"_HAVE_PROXY", US"y", FALSE, TRUE); +#endif +#ifdef SUPPORT_SOCKS + macro_create(US"_HAVE_SOCKS", US"y", FALSE, TRUE); +#endif +#ifdef TCP_FASTOPEN + macro_create(US"_HAVE_TCP_FASTOPEN", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_LMDB + macro_create(US"_HAVE_LMDB", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_SPF + macro_create(US"_HAVE_SPF", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_SRS + macro_create(US"_HAVE_SRS", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_BRIGHTMAIL + macro_create(US"_HAVE_BRIGHTMAIL", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_DANE + macro_create(US"_HAVE_DANE", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_DCC + macro_create(US"_HAVE_DCC", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_DMARC + macro_create(US"_HAVE_DMARC", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_DSN_INFO + macro_create(US"_HAVE_DSN_INFO", US"y", FALSE, TRUE); +#endif + +#ifdef LOOKUP_LSEARCH + macro_create(US"_HAVE_LKUP_LSEARCH", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_CDB + macro_create(US"_HAVE_LKUP_CDB", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_DBM + macro_create(US"_HAVE_LKUP_DBM", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_DNSDB + macro_create(US"_HAVE_LKUP_DNSDB", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_DSEARCH + macro_create(US"_HAVE_LKUP_DSEARCH", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_IBASE + macro_create(US"_HAVE_LKUP_IBASE", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_LDAP + macro_create(US"_HAVE_LKUP_LDAP", US"y", FALSE, TRUE); +#endif +#ifdef EXPERIMENTAL_LMDB + macro_create(US"_HAVE_LKUP_LMDB", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_MYSQL + macro_create(US"_HAVE_LKUP_MYSQL", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_NIS + macro_create(US"_HAVE_LKUP_NIS", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_NISPLUS + macro_create(US"_HAVE_LKUP_NISPLUS", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_ORACLE + macro_create(US"_HAVE_LKUP_ORACLE", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_PASSWD + macro_create(US"_HAVE_LKUP_PASSWD", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_PGSQL + macro_create(US"_HAVE_LKUP_PGSQL", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_REDIS + macro_create(US"_HAVE_LKUP_REDIS", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_SQLITE + macro_create(US"_HAVE_LKUP_SQLITE", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_TESTDB + macro_create(US"_HAVE_LKUP_TESTDB", US"y", FALSE, TRUE); +#endif +#ifdef LOOKUP_WHOSON + macro_create(US"_HAVE_LKUP_WHOSON", US"y", FALSE, TRUE); +#endif + +#ifdef TRANSPORT_APPENDFILE +# ifdef SUPPORT_MAILDIR + macro_create(US"_HAVE_TPT_APPEND_MAILDR", US"y", FALSE, TRUE); +# endif +# ifdef SUPPORT_MAILSTORE + macro_create(US"_HAVE_TPT_APPEND_MAILSTORE", US"y", FALSE, TRUE); +# endif +# ifdef SUPPORT_MBX + macro_create(US"_HAVE_TPT_APPEND_MBX", US"y", FALSE, TRUE); +# endif +#endif +} -/* Set the value of the new or redefined macro */ -m->replacement = string_copy(s); +void +readconf_options_from_list(optionlist * opts, unsigned nopt, uschar * group) +{ +int i; +const uschar * s; + +/* The 'previously-defined-substring' rule for macros in config file +lines is done so for these builtin macros: we know that the table +we source from is in strict alpha order, hence the builtins portion +of the macros list is in reverse-alpha (we prepend them) - so longer +macros that have substrings are always discovered first during +expansion. */ + +for (i = 0; i < nopt; i++) if (*(s = opts[i].name) && *s != '*') + macro_create(string_sprintf("_OPT_%T_%T", group, s), US"y", FALSE, TRUE); } +static void +readconf_options(void) +{ +readconf_options_from_list(optionlist_config, nelem(optionlist_config), US"MAIN"); +readconf_options_routers(); +readconf_options_transports(); +readconf_options_auths(); +} +static void +macros_create_builtin(void) +{ +readconf_features(); +readconf_options(); +macros_builtin_created = TRUE; +} /************************************************* @@ -775,11 +1006,28 @@ for (;;) if (*s != '=') s = ss; /* Not a macro definition */ } + /* If the builtin macros are not yet defined, and the line contains an + underscrore followed by an one of the three possible chars used by + builtins, create them. */ + + if (!macros_builtin_created) + { + const uschar * t, * p; + uschar c; + for (t = s; (p = CUstrchr(t, '_')); t = p+1) + if (c = p[1], c == 'O' || c == 'D' || c == 'H') + { +/* fprintf(stderr, "%s: builtins create triggered by '%s'\n", __FUNCTION__, s); */ + macros_create_builtin(); + break; + } + } + /* For each defined macro, scan the line (from after XXX= if present), replacing all occurrences of the macro. */ macro_found = FALSE; - for (m = macros; m != NULL; m = m->next) + for (m = macros; m; m = m->next) { uschar *p, *pp; uschar *t = s; @@ -787,12 +1035,12 @@ for (;;) while ((p = Ustrstr(t, m->name)) != NULL) { int moveby; - int namelen = Ustrlen(m->name); int replen = Ustrlen(m->replacement); +/* fprintf(stderr, "%s: matched '%s' in '%s'\n", __FUNCTION__, m->name, t) */ /* Expand the buffer if necessary */ - while (newlen - namelen + replen + 1 > big_buffer_size) + while (newlen - m->namelen + replen + 1 > big_buffer_size) { int newsize = big_buffer_size + BIG_BUFFER_SIZE; uschar *newbuffer = store_malloc(newsize); @@ -810,9 +1058,8 @@ for (;;) copying in the replacement text. Don't rescan the replacement for this same macro. */ - pp = p + namelen; - moveby = replen - namelen; - if (moveby != 0) + pp = p + m->namelen; + if ((moveby = replen - m->namelen) != 0) { memmove(p + replen, pp, (big_buffer + newlen) - pp + 1); newlen += moveby; @@ -931,10 +1178,10 @@ for (;;) save->filename = config_filename; save->lineno = config_lineno; - config_file = Ufopen(ss, "rb"); - if (config_file == NULL) + if (!(config_file = Ufopen(ss, "rb"))) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "failed to open included " "configuration file %s", ss); + config_filename = string_copy(ss); config_lineno = 0; continue; @@ -1162,9 +1409,10 @@ while (last > first) { int middle = (first + last)/2; int c = Ustrcmp(name, ol[middle].name); + if (c == 0) return ol + middle; - else if (c > 0) first = middle + 1; - else last = middle; + else if (c > 0) first = middle + 1; + else last = middle; } return NULL; } @@ -1461,7 +1709,6 @@ int intbase = 0; uschar *inttype = US""; uschar *sptr; uschar *s = buffer; -uschar *saved_condition, *strtemp; uschar **str_target; uschar name[64]; uschar name2[64]; @@ -1508,9 +1755,7 @@ if (Ustrncmp(name, "not_", 4) == 0) /* Search the list for the given name. A non-existent name, or an option that is set twice, is a disaster. */ -ol = find_option(name + offset, oltop, last); - -if (ol == NULL) +if (!(ol = find_option(name + offset, oltop, last))) { if (unknown_txt == NULL) return FALSE; log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, CS unknown_txt, name); @@ -1598,19 +1843,18 @@ switch (type) control block and flags word. */ case opt_stringptr: - if (data_block == NULL) - str_target = (uschar **)(ol->value); - else - str_target = (uschar **)((uschar *)data_block + (long int)(ol->value)); + str_target = data_block ? USS (US data_block + (long int)(ol->value)) + : USS (ol->value); if (ol->type & opt_rep_con) { + uschar * saved_condition; /* We already have a condition, we're conducting a crude hack to let multiple condition rules be chained together, despite storing them in text form. */ - saved_condition = *str_target; - strtemp = string_sprintf("${if and{{bool_lax{%s}}{bool_lax{%s}}}}", - saved_condition, sptr); - *str_target = string_copy_malloc(strtemp); + *str_target = string_copy_malloc( (saved_condition = *str_target) + ? string_sprintf("${if and{{bool_lax{%s}}{bool_lax{%s}}}}", + saved_condition, sptr) + : sptr); /* TODO(pdp): there is a memory leak here and just below when we set 3 or more conditions; I still don't understand the store mechanism enough to know @@ -1646,10 +1890,10 @@ switch (type) break; case opt_rewrite: - if (data_block == NULL) - *((uschar **)(ol->value)) = sptr; + if (data_block) + *USS (US data_block + (long int)(ol->value)) = sptr; else - *((uschar **)((uschar *)data_block + (long int)(ol->value))) = sptr; + *USS (ol->value) = sptr; freesptr = FALSE; if (type == opt_rewrite) { @@ -1984,7 +2228,7 @@ switch (type) inttype = US"octal "; /* Integer: a simple(ish) case; allow octal and hex formats, and - suffixes K and M. The different types affect output, not input. */ + suffixes K, M and G. The different types affect output, not input. */ case opt_mkint: case opt_int: @@ -2000,7 +2244,6 @@ switch (type) inttype, name); if (errno != ERANGE) - { if (tolower(*endptr) == 'k') { if (lvalue > INT_MAX/1024 || lvalue < INT_MIN/1024) errno = ERANGE; @@ -2014,7 +2257,13 @@ switch (type) else lvalue *= 1024*1024; endptr++; } - } + else if (tolower(*endptr) == 'g') + { + if (lvalue > INT_MAX/(1024*1024*1024) || lvalue < INT_MIN/(1024*1024*1024)) + errno = ERANGE; + else lvalue *= 1024*1024*1024; + endptr++; + } if (errno == ERANGE || lvalue > INT_MAX || lvalue < INT_MIN) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, @@ -2033,8 +2282,9 @@ switch (type) *((int *)((uschar *)data_block + (long int)(ol->value))) = value; break; - /* Integer held in K: again, allow octal and hex formats, and suffixes K and - M. */ + /* Integer held in K: again, allow octal and hex formats, and suffixes K, M + and G. */ + /*XXX consider moving to int_eximarith_t (but mind the overflow test 0415) */ case opt_Kint: { @@ -2047,22 +2297,26 @@ switch (type) inttype, name); if (errno != ERANGE) - { - if (tolower(*endptr) == 'm') + if (tolower(*endptr) == 'g') { - if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE; - else value *= 1024; + if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024)) + errno = ERANGE; + else + value *= 1024*1024; endptr++; } - else if (tolower(*endptr) == 'k') + else if (tolower(*endptr) == 'm') { + if (value > INT_MAX/1024 || value < INT_MIN/1024) + errno = ERANGE; + else + value *= 1024; endptr++; } + else if (tolower(*endptr) == 'k') + endptr++; else - { value = (value + 512)/1024; - } - } if (errno == ERANGE) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "absolute value of integer \"%s\" is too large (overflow)", s); @@ -2093,6 +2347,11 @@ switch (type) if (value < 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "integer \"%s\" is too large (overflow)", s); + /* We get a coverity error here for using count, as it derived + from the tainted buffer pointed to by s, as parsed by sscanf(). + By the definition of sscanf we must be aceessing between start + and end of s (assuming it is nul-terminated...) so ignore the error. */ + /* coverity[tainted_data] */ if (s[count] == '.') { int d = 100; @@ -2550,6 +2809,7 @@ second argument is NULL. There are some special values: +name print a named list item local_scan print the local_scan options config print the configuration as it is parsed + environment print the used execution environment If the second argument is not NULL, it must be one of "router", "transport", "authenticator" or "macro" in which case the first argument identifies the @@ -2606,8 +2866,8 @@ if (type == NULL) return; } - if ( Ustrcmp(name, "configure_file") == 0 - ||Ustrcmp(name, "config_file") == 0) + if ( Ustrcmp(name, "configure_file") == 0 + || Ustrcmp(name, "config_file") == 0) { printf("%s\n", CS config_main_filename); return; @@ -2616,11 +2876,11 @@ if (type == NULL) if (Ustrcmp(name, "all") == 0) { for (ol = optionlist_config; - ol < optionlist_config + optionlist_config_size; ol++) + ol < optionlist_config + nelem(optionlist_config); ol++) { if ((ol->type & opt_hidden) == 0) print_ol(ol, US ol->name, NULL, - optionlist_config, optionlist_config_size, + optionlist_config, nelem(optionlist_config), no_labels); } return; @@ -2643,7 +2903,7 @@ if (type == NULL) if (Ustrcmp(name, "config") == 0) { - print_config(admin_user); + print_config(admin_user, no_labels); return; } @@ -2698,10 +2958,28 @@ if (type == NULL) names_only = TRUE; } + else if (Ustrcmp(name, "environment") == 0) + { + if (environ) + { + uschar ** p; + for (p = USS environ; *p; p++) ; + qsort(environ, p - USS environ, sizeof(*p), string_compare_by_pointer); + + for (p = USS environ; *p; p++) + { + uschar * q; + if (no_labels && (q = Ustrchr(*p, '='))) *q = '\0'; + puts(CS *p); + } + } + return; + } + else { - print_ol(find_option(name, optionlist_config, optionlist_config_size), - name, NULL, optionlist_config, optionlist_config_size, no_labels); + print_ol(find_option(name, optionlist_config, nelem(optionlist_config)), + name, NULL, optionlist_config, nelem(optionlist_config), no_labels); return; } } @@ -2740,19 +3018,18 @@ else if (Ustrcmp(type, "macro") == 0) fprintf(stderr, "exim: permission denied\n"); exit(EXIT_FAILURE); } - for (m = macros; m != NULL; m = m->next) - { - if (name == NULL || Ustrcmp(name, m->name) == 0) + if (!macros_builtin_created) macros_create_builtin(); + for (m = macros; m; m = m->next) + if (!name || Ustrcmp(name, m->name) == 0) { if (names_only) printf("%s\n", CS m->name); else printf("%s=%s\n", CS m->name, CS m->replacement); - if (name != NULL) + if (name) return; } - } - if (name != NULL) + if (name) printf("%s %s not found\n", type, name); return; } @@ -2923,7 +3200,7 @@ Returns: bool for "okay"; false will cause caller to immediately exit. #ifdef SUPPORT_TLS static BOOL -tls_dropprivs_validate_require_cipher(void) +tls_dropprivs_validate_require_cipher(BOOL nowarn) { const uschar *errmsg; pid_t pid; @@ -2937,9 +3214,9 @@ if ( !tls_advertise_hosts || Ustrcmp(tls_advertise_hosts, ":") == 0 ) return TRUE; -else if (!tls_certificate) - log_write(0, LOG_MAIN|LOG_PANIC, - "Warning: No server certificate defined; TLS connections will fail.\n" +else if (!nowarn && !tls_certificate) + log_write(0, LOG_MAIN, + "Warning: No server certificate defined; will use a selfsigned one.\n" " Suggested action: either install a certificate or change tls_advertise_hosts option"); oldsignal = signal(SIGCHLD, SIG_DFL); @@ -3011,7 +3288,7 @@ systems. Therefore they are available only when requested by compile-time options. */ void -readconf_main(void) +readconf_main(BOOL nowarn) { int sep = 0; struct stat statbuf; @@ -3020,9 +3297,9 @@ const uschar *list = config_main_filelist; /* Loop through the possible file names */ -while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) - != NULL) +while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) { + /* Cut out all the fancy processing unless specifically wanted */ #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID) @@ -3076,6 +3353,15 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) if (config_file != NULL || errno != ENOENT) break; } +/* Now, once we found and opened our configuration file, we change the directory +to a safe place. Later we change to $spool_directory. */ + +if (Uchdir("/") < 0) + { + perror("exim: chdir `/': "); + exit(EXIT_FAILURE); + } + /* On success, save the name for verification; config_filename is used when logging configuration errors (it changes for .included files) whereas config_main_filename is the name shown by -bP. Failure to open a configuration @@ -3439,7 +3725,7 @@ if ((tls_verify_hosts != NULL || tls_try_verify_hosts != NULL) && /* This also checks that the library linkage is working and we can call routines in it, so call even if tls_require_ciphers is unset */ -if (!tls_dropprivs_validate_require_cipher()) +if (!tls_dropprivs_validate_require_cipher(nowarn)) exit(1); /* Magic number: at time of writing, 1024 has been the long-standing value @@ -3462,12 +3748,12 @@ if (openssl_options != NULL) "openssl_options parse error: %s", openssl_options); # endif } - -if (gnutls_require_kx || gnutls_require_mac || gnutls_require_proto) - log_write(0, LOG_MAIN, "WARNING: main options" - " gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols" - " are obsolete\n"); #endif /*SUPPORT_TLS*/ + +if (!nowarn && !keep_environment && environ && *environ) + log_write(0, LOG_MAIN, + "Warning: purging the environment.\n" + " Suggested action: use keep_environment."); } @@ -3580,9 +3866,9 @@ while ((buffer = get_config_line()) != NULL) if (isupper(*name) && *s == '=') { - if (d != NULL) + if (d) { - if (d->driver_name == NULL) + if (!d->driver_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "no driver defined for %s \"%s\"", class, d->name); (d->info->init)(d); @@ -3602,9 +3888,9 @@ while ((buffer = get_config_line()) != NULL) /* Finish off initializing the previous driver. */ - if (d != NULL) + if (d) { - if (d->driver_name == NULL) + if (!d->driver_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "no driver defined for %s \"%s\"", class, d->name); (d->info->init)(d); @@ -3612,7 +3898,7 @@ while ((buffer = get_config_line()) != NULL) /* Check that we haven't already got a driver of this name */ - for (d = *anchor; d != NULL; d = d->next) + for (d = *anchor; d; d = d->next) if (Ustrcmp(name, d->name) == 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "there are two %ss called \"%s\"", class, name); @@ -3623,7 +3909,7 @@ while ((buffer = get_config_line()) != NULL) d = store_get(instance_size); memcpy(d, instance_default, instance_size); *p = d; - p = &(d->next); + p = &d->next; d->name = string_copy(name); /* Clear out the "set" bits in the generic options */ @@ -3641,8 +3927,8 @@ while ((buffer = get_config_line()) != NULL) /* Not the start of a new driver. Give an error if we have not set up a current driver yet. */ - if (d == NULL) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, - "%s name missing", class); + if (!d) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%s name missing", class); /* First look to see if this is a generic option; if it is "driver", initialize the driver. If is it not a generic option, we can look for a @@ -3651,7 +3937,7 @@ while ((buffer = get_config_line()) != NULL) if (readconf_handle_option(buffer, driver_optionlist, driver_optionlist_count, d, NULL)) { - if (d->info == NULL && d->driver_name != NULL) + if (!d->info && d->driver_name) init_driver(d, drivers_available, size_of_info, class); } @@ -3659,11 +3945,9 @@ while ((buffer = get_config_line()) != NULL) live therein. A flag with each option indicates if it is in the public block. */ - else if (d->info != NULL) - { + else if (d->info) readconf_handle_option(buffer, d->info->options, *(d->info->options_count), d, US"option \"%s\" unknown"); - } /* The option is not generic and the driver name has not yet been given. */ @@ -3673,9 +3957,9 @@ while ((buffer = get_config_line()) != NULL) /* Run the initialization function for the final driver. */ -if (d != NULL) +if (d) { - if (d->driver_name == NULL) + if (!d->driver_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "no driver defined for %s \"%s\"", class, d->name); (d->info->init)(d); @@ -4015,6 +4299,21 @@ while ((p = get_config_line())) * Initialize authenticators * *************************************************/ +static void +readconf_options_auths(void) +{ +struct auth_info * ai; + +readconf_options_from_list(optionlist_auths, optionlist_auths_size, US"AU"); + +for (ai = auths_available; ai->driver_name[0]; ai++) + { + macro_create(string_sprintf("_DRVR_AUTH_%T", ai->driver_name), US"y", FALSE, TRUE); + readconf_options_from_list(ai->options, (unsigned)*ai->options_count, ai->driver_name); + } +} + + /* Read the authenticators section of the configuration file. Arguments: none @@ -4025,6 +4324,7 @@ static void auths_init(void) { auth_instance *au, *bu; + readconf_driver_init(US"authenticator", (driver_instance **)(&auths), /* chain anchor */ (driver_info *)auths_available, /* available drivers */ @@ -4034,22 +4334,19 @@ readconf_driver_init(US"authenticator", optionlist_auths, /* generic options */ optionlist_auths_size); -for (au = auths; au != NULL; au = au->next) +for (au = auths; au; au = au->next) { - if (au->public_name == NULL) + if (!au->public_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "no public name specified for " "the %s authenticator", au->name); - for (bu = au->next; bu != NULL; bu = bu->next) - { + + for (bu = au->next; bu; bu = bu->next) if (strcmpic(au->public_name, bu->public_name) == 0) - { if ((au->client && bu->client) || (au->server && bu->server)) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "two %s authenticators " "(%s and %s) have the same public name (%s)", - (au->client)? US"client" : US"server", au->name, bu->name, + au->client ? US"client" : US"server", au->name, bu->name, au->public_name); - } - } } } @@ -4269,10 +4566,10 @@ current = next; /* List the parsed config lines, care about nice formatting and hide the <hide> values unless we're the admin user */ void -print_config(BOOL admin) +print_config(BOOL admin, BOOL terse) { config_line_item *i; -const int TS = 2; +const int TS = terse ? 0 : 2; int indent = 0; for (i = config_lines; i; i = i->next) @@ -4312,7 +4609,7 @@ for (i = config_lines; i; i = i->next) /* begin lines are left aligned */ else if (Ustrncmp(current, "begin", 5) == 0 && isspace(current[5])) { - puts(""); + if (!terse) puts(""); puts(CCS current); indent = TS; } @@ -4320,7 +4617,8 @@ for (i = config_lines; i; i = i->next) /* router/acl/transport block names */ else if (current[Ustrlen(current)-1] == ':' && !Ustrchr(current, '=')) { - printf("\n%*s%s\n", TS, "", current); + if (!terse) puts(""); + printf("%*s%s\n", TS, "", current); indent = 2 * TS; } diff --git a/src/src/receive.c b/src/src/receive.c index a479e12cd..e53587619 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for receiving a message and setting up spool files. */ @@ -23,7 +23,7 @@ extern int dcc_ok; static FILE *data_file = NULL; static int data_fd = -1; -static uschar spool_name[256]; +static uschar *spool_name = US""; @@ -124,6 +124,7 @@ receive_statvfs(BOOL isspool, int *inodeptr) { #ifdef HAVE_STATFS struct STATVFS statbuf; +struct stat dummy; uschar *path; uschar *name; uschar buffer[1024]; @@ -180,12 +181,18 @@ else memset(&statbuf, 0, sizeof(statbuf)); if (STATVFS(CS path, &statbuf) != 0) - { - log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat " - "%s directory %s: %s", name, spool_directory, strerror(errno)); - smtp_closedown(US"spool or log directory problem"); - exim_exit(EXIT_FAILURE); - } + if (stat(CS path, &dummy) == -1 && errno == ENOENT) + { /* Can happen on first run after installation */ + *inodeptr = -1; + return -1; + } + else + { + log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat " + "%s directory %s: %s", name, path, strerror(errno)); + smtp_closedown(US"spool or log directory problem"); + exim_exit(EXIT_FAILURE); + } *inodeptr = (statbuf.F_FILES > 0)? statbuf.F_FAVAIL : -1; @@ -193,9 +200,9 @@ if (STATVFS(CS path, &statbuf) != 0) return (int)(((double)statbuf.F_BAVAIL * (double)statbuf.F_FRSIZE)/1024.0); +#else /* Unable to find partition sizes in this environment. */ -#else *inodeptr = -1; return -1; #endif @@ -682,7 +689,8 @@ while ((ch = (receive_getc)()) != EOF) case 1: /* After written "\n" */ if (ch == '.') { ch_state = 3; continue; } if (ch == '\r') { ch_state = 2; continue; } - if (ch != '\n') ch_state = 0; else linelength = -1; + if (ch == '\n') { body_linecount++; linelength = -1; } + else ch_state = 0; break; case 2: @@ -776,7 +784,7 @@ read_message_data_smtp(FILE *fout) { int ch_state = 0; int ch; -register int linelength = 0; +int linelength = 0; while ((ch = (receive_getc)()) != EOF) { @@ -866,7 +874,7 @@ while ((ch = (receive_getc)()) != EOF) message_size++; linelength++; - if (fout != NULL) + if (fout) { if (fputc(ch, fout) == EOF) return END_WERROR; if (message_size > thismessage_size_limit) return END_SIZE; @@ -875,7 +883,7 @@ while ((ch = (receive_getc)()) != EOF) (void) cutthrough_put_nl(); else { - uschar c= ch; + uschar c = ch; (void) cutthrough_puts(&c, 1); } } @@ -889,6 +897,63 @@ return END_EOF; +/* Variant of the above read_message_data_smtp() specialised for RFC 3030 +CHUNKING. We assume that the incoming has proper CRLF, so only have to scan +for and strip CR. On the downside there are more protocol reasons to stop. + +Arguments: + fout a FILE to which to write the message; NULL if skipping + +Returns: One of the END_xxx values indicating why it stopped reading +*/ + +static int +read_message_bdat_smtp(FILE *fout) +{ +int ch; +int linelength = 0; + +for (;;) switch (ch = bdat_getc()) + { + case EOF: return END_EOF; + case EOD: return END_DOT; + case ERR: return END_PROTOCOL; + + case '\r': + body_linecount++; + if (linelength > max_received_linelength) + max_received_linelength = linelength; + linelength = -1; + break; + + case 0: + body_zerocount++; + /*FALLTHROUGH*/ + default: + message_size++; + linelength++; + if (fout) + { + if (fputc(ch, fout) == EOF) return END_WERROR; + if (message_size > thismessage_size_limit) return END_SIZE; + } +#ifdef notyet + if(ch == '\n') + (void) cutthrough_put_nl(); + else + { + uschar c = ch; + (void) cutthrough_puts(&c, 1); + } +#endif + break; + } +/*NOTREACHED*/ +} + + + + /************************************************* * Swallow SMTP message * *************************************************/ @@ -905,6 +970,7 @@ Returns: nothing void receive_swallow_smtp(void) { +/*XXX CHUNKING: not enough. read chunks until RSET? */ if (message_ended >= END_NOTENDED) message_ended = read_message_data_smtp(NULL); } @@ -927,6 +993,7 @@ handle_lost_connection(uschar *s) { log_write(L_lost_incoming_connection | L_smtp_connection, LOG_MAIN, "%s lost while reading message data%s", smtp_get_connection_info(), s); +smtp_notquit_exit(US"connection-lost", NULL, NULL); return US"421 Lost incoming connection"; } @@ -961,10 +1028,12 @@ if (error_handling == ERRORS_SENDER) error_block eblock; eblock.next = NULL; eblock.text1 = text1; + eblock.text2 = US""; if (!moan_to_sender(errcode, &eblock, hptr, f, FALSE)) error_rc = EXIT_FAILURE; } -else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */ +else + fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */ (void)fclose(f); exim_exit(error_rc); } @@ -1121,16 +1190,17 @@ Returns: the extended string */ static uschar * -add_host_info_for_log(uschar *s, int *sizeptr, int *ptrptr) +add_host_info_for_log(uschar * s, int * sizeptr, int * ptrptr) { -if (sender_fullhost != NULL) +if (sender_fullhost) { + if (LOGGING(dnssec) && sender_host_dnssec) /*XXX sender_helo_dnssec? */ + s = string_cat(s, sizeptr, ptrptr, US" DS"); s = string_append(s, sizeptr, ptrptr, 2, US" H=", sender_fullhost); if (LOGGING(incoming_interface) && interface_address != NULL) { - uschar *ss = string_sprintf(" I=[%s]:%d", interface_address, - interface_port); - s = string_cat(s, sizeptr, ptrptr, ss, Ustrlen(ss)); + s = string_cat(s, sizeptr, ptrptr, + string_sprintf(" I=[%s]:%d", interface_address, interface_port)); } } if (sender_ident != NULL) @@ -1290,7 +1360,7 @@ else if (rc != OK) if ( smtp_input && smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0) { - *smtp_yield_ptr = FALSE; /* No more messsages after dropped connection */ + *smtp_yield_ptr = FALSE; /* No more messages after dropped connection */ *smtp_reply_ptr = US""; /* Indicate reply already sent */ } message_id[0] = 0; /* Indicate no message accepted */ @@ -1316,7 +1386,7 @@ if (recipients_count == 1) received_for = recipients_list[0].address; received = expand_string(received_header_text); received_for = NULL; -if (received == NULL) +if (!received) { if(spool_name[0] != 0) Uunlink(spool_name); /* Lose the data file */ @@ -1540,7 +1610,7 @@ yet, initialize the size and warning count, and deal with no size limit. */ message_id[0] = 0; data_file = NULL; data_fd = -1; -spool_name[0] = 0; +spool_name = US""; message_size = 0; warning_count = 0; received_count = 1; /* For the one we will add */ @@ -1553,8 +1623,10 @@ message_linecount = body_linecount = body_zerocount = max_received_linelength = 0; #ifndef DISABLE_DKIM -/* Call into DKIM to set up the context. */ -if (smtp_input && !smtp_batched_input && !dkim_disable_verify) dkim_exim_verify_init(); +/* Call into DKIM to set up the context. In CHUNKING mode +we clear the dot-stuffing flag */ +if (smtp_input && !smtp_batched_input && !dkim_disable_verify) + dkim_exim_verify_init(chunking_state <= CHUNKING_OFFERED); #endif #ifdef EXPERIMENTAL_DMARC @@ -2469,7 +2541,7 @@ it will fit. */ to be the least significant base-62 digit of the time of arrival. Otherwise ensure that it is an empty string. */ -message_subdir[0] = split_spool_directory? message_id[5] : 0; +message_subdir[0] = split_spool_directory ? message_id[5] : 0; /* Now that we have the message-id, if there is no message-id: header, generate one, but only for local (without suppress_local_fixups) or submission mode @@ -2828,6 +2900,14 @@ if (filter_test != FTEST_NONE) return message_ended == END_DOT; } +/*XXX CHUNKING: need to cancel cutthrough under BDAT, for now. In future, +think more if it could be handled. Cannot do onward CHUNKING unless +inbound is, but inbound chunking ought to be ok with outbound plain. +Could we do onward CHUNKING given inbound CHUNKING? +*/ +if (chunking_state > CHUNKING_OFFERED) + cancel_cutthrough_connection("chunking active"); + /* Cutthrough delivery: We have to create the Received header now rather than at the end of reception, so the timestamp behaviour is a change to the normal case. @@ -2858,20 +2938,18 @@ if (cutthrough.fd >= 0) /* Open a new spool file for the data portion of the message. We need to access it both via a file descriptor and a stream. Try to make the -directory if it isn't there. Note re use of sprintf: spool_directory -is checked on input to be < 200 characters long. */ +directory if it isn't there. */ + +spool_name = spool_fname(US"input", message_subdir, message_id, US"-D"); +DEBUG(D_receive) debug_printf("Data file name: %s\n", spool_name); -sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, message_subdir, - message_id); -data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); -if (data_fd < 0) +if ((data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE)) < 0) { if (errno == ENOENT) { - uschar temp[16]; - sprintf(CS temp, "input/%s", message_subdir); - if (message_subdir[0] == 0) temp[5] = 0; - (void)directory_make(spool_directory, temp, INPUT_DIRECTORY_MODE, TRUE); + (void) directory_make(spool_directory, + spool_sname(US"input", message_subdir), + INPUT_DIRECTORY_MODE, TRUE); data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE); } if (data_fd < 0) @@ -2927,7 +3005,9 @@ if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT) { if (smtp_input) { - message_ended = read_message_data_smtp(data_file); + message_ended = chunking_state > CHUNKING_OFFERED + ? read_message_bdat_smtp(data_file) + : read_message_data_smtp(data_file); receive_linecount++; /* The terminating "." line */ } else message_ended = read_message_data(data_file); @@ -2935,51 +3015,64 @@ if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT) receive_linecount += body_linecount; /* For BSMTP errors mainly */ message_linecount += body_linecount; - /* Handle premature termination of SMTP */ - - if (smtp_input && message_ended == END_EOF) + switch (message_ended) { - Uunlink(spool_name); /* Lose data file when closed */ - cancel_cutthrough_connection("sender closed connection"); - message_id[0] = 0; /* Indicate no message accepted */ - smtp_reply = handle_lost_connection(US""); - smtp_yield = FALSE; - goto TIDYUP; /* Skip to end of function */ - } + /* Handle premature termination of SMTP */ - /* Handle message that is too big. Don't use host_or_ident() in the log - message; we want to see the ident value even for non-remote messages. */ + case END_EOF: + if (smtp_input) + { + Uunlink(spool_name); /* Lose data file when closed */ + cancel_cutthrough_connection("sender closed connection"); + message_id[0] = 0; /* Indicate no message accepted */ + smtp_reply = handle_lost_connection(US""); + smtp_yield = FALSE; + goto TIDYUP; /* Skip to end of function */ + } + break; - if (message_ended == END_SIZE) - { - Uunlink(spool_name); /* Lose the data file when closed */ - cancel_cutthrough_connection("mail too big"); - if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */ + /* Handle message that is too big. Don't use host_or_ident() in the log + message; we want to see the ident value even for non-remote messages. */ - log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: " - "message too big: read=%d max=%d", - sender_address, - (sender_fullhost == NULL)? "" : " H=", - (sender_fullhost == NULL)? US"" : sender_fullhost, - (sender_ident == NULL)? "" : " U=", - (sender_ident == NULL)? US"" : sender_ident, - message_size, - thismessage_size_limit); + case END_SIZE: + Uunlink(spool_name); /* Lose the data file when closed */ + cancel_cutthrough_connection("mail too big"); + if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */ - if (smtp_input) - { - smtp_reply = US"552 Message size exceeds maximum permitted"; - message_id[0] = 0; /* Indicate no message accepted */ - goto TIDYUP; /* Skip to end of function */ - } - else - { - fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); - give_local_error(ERRMESS_TOOBIG, - string_sprintf("message too big (max=%d)", thismessage_size_limit), - US"message rejected: ", error_rc, data_file, header_list); - /* Does not return */ - } + log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: " + "message too big: read=%d max=%d", + sender_address, + (sender_fullhost == NULL)? "" : " H=", + (sender_fullhost == NULL)? US"" : sender_fullhost, + (sender_ident == NULL)? "" : " U=", + (sender_ident == NULL)? US"" : sender_ident, + message_size, + thismessage_size_limit); + + if (smtp_input) + { + smtp_reply = US"552 Message size exceeds maximum permitted"; + message_id[0] = 0; /* Indicate no message accepted */ + goto TIDYUP; /* Skip to end of function */ + } + else + { + fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); + give_local_error(ERRMESS_TOOBIG, + string_sprintf("message too big (max=%d)", thismessage_size_limit), + US"message rejected: ", error_rc, data_file, header_list); + /* Does not return */ + } + break; + + /* Handle bad BDAT protocol sequence */ + + case END_PROTOCOL: + Uunlink(spool_name); /* Lose the data file when closed */ + cancel_cutthrough_connection("sender protocol error"); + smtp_reply = US""; /* Response already sent */ + message_id[0] = 0; /* Indicate no message accepted */ + goto TIDYUP; /* Skip to end of function */ } } @@ -3162,9 +3255,8 @@ user_msg = NULL; enable_dollar_recipients = TRUE; if (recipients_count == 0) - { - blackholed_by = recipients_discarded? US"MAIL ACL" : US"RCPT ACL"; - } + blackholed_by = recipients_discarded ? US"MAIL ACL" : US"RCPT ACL"; + else { /* Handle interactive SMTP messages */ @@ -3180,18 +3272,15 @@ else dkim_exim_verify_finish(); /* Check if we must run the DKIM ACL */ - if ((acl_smtp_dkim != NULL) && - (dkim_verify_signers != NULL) && - (dkim_verify_signers[0] != '\0')) + if (acl_smtp_dkim && dkim_verify_signers && *dkim_verify_signers) { uschar *dkim_verify_signers_expanded = expand_string(dkim_verify_signers); - if (dkim_verify_signers_expanded == NULL) - { + if (!dkim_verify_signers_expanded) log_write(0, LOG_MAIN|LOG_PANIC, "expansion of dkim_verify_signers option failed: %s", expand_string_message); - } + else { int sep = 0; @@ -3200,28 +3289,23 @@ else uschar *seen_items = NULL; int seen_items_size = 0; int seen_items_offset = 0; - uschar itembuf[256]; /* Default to OK when no items are present */ rc = OK; - while ((item = string_nextinlist(&ptr, &sep, - itembuf, - sizeof(itembuf)))) + while ((item = string_nextinlist(&ptr, &sep, NULL, 0))) { /* Prevent running ACL for an empty item */ - if (!item || (item[0] == '\0')) continue; + if (!item || !*item) continue; /* Only run ACL once for each domain or identity, no matter how often it appears in the expanded list. */ if (seen_items) { uschar *seen_item = NULL; - uschar seen_item_buf[256]; const uschar *seen_items_list = seen_items; BOOL seen_this_item = FALSE; while ((seen_item = string_nextinlist(&seen_items_list, &sep, - seen_item_buf, - sizeof(seen_item_buf)))) + NULL, 0))) if (Ustrcmp(seen_item,item) == 0) { seen_this_item = TRUE; @@ -3273,7 +3357,7 @@ else { Uunlink(spool_name); if (smtp_handle_acl_fail(ACL_WHERE_DKIM, rc, user_msg, log_msg) != 0) - smtp_yield = FALSE; /* No more messsages after dropped connection */ + smtp_yield = FALSE; /* No more messages after dropped connection */ smtp_reply = US""; /* Indicate reply already sent */ message_id[0] = 0; /* Indicate no message accepted */ goto TIDYUP; /* Skip to end of function */ @@ -3391,7 +3475,7 @@ else dcc_ok = 0; #endif if (smtp_handle_acl_fail(ACL_WHERE_DATA, rc, user_msg, log_msg) != 0) - smtp_yield = FALSE; /* No more messsages after dropped connection */ + smtp_yield = FALSE; /* No more messages after dropped connection */ smtp_reply = US""; /* Indicate reply already sent */ message_id[0] = 0; /* Indicate no message accepted */ goto TIDYUP; /* Skip to end of function */ @@ -3647,11 +3731,11 @@ signal(SIGINT, SIG_IGN); deliver_firsttime = TRUE; #ifdef EXPERIMENTAL_BRIGHTMAIL -if (bmi_run == 1) { - /* rewind data file */ +if (bmi_run == 1) + { /* rewind data file */ lseek(data_fd, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); bmi_verdicts = bmi_process_message(header_list, data_fd); -}; + } #endif /* Update the timstamp in our Received: header to account for any time taken by @@ -3689,7 +3773,6 @@ if (host_checking || blackholed_by != NULL) /* Write the -H file */ else - { if ((msg_size = spool_write_header(message_id, SW_RECEIVING, &errmsg)) < 0) { log_write(0, LOG_MAIN, "Message abandoned: %s", errmsg); @@ -3709,7 +3792,6 @@ else /* Does not return */ } } - } /* The message has now been successfully received. */ @@ -3748,9 +3830,10 @@ size = 256; sptr = 0; s = store_get(size); -s = string_append(s, &size, &sptr, 2, US"<= ", - (sender_address[0] == 0)? US"<>" : sender_address); -if (message_reference != NULL) +s = string_append(s, &size, &sptr, 2, + fake_response == FAIL ? US"(= " : US"<= ", + sender_address[0] == 0 ? US"<>" : sender_address); +if (message_reference) s = string_append(s, &size, &sptr, 2, US" R=", message_reference); s = add_host_info_for_log(s, &size, &sptr); @@ -3760,7 +3843,7 @@ if (LOGGING(tls_cipher) && tls_in.cipher) s = string_append(s, &size, &sptr, 2, US" X=", tls_in.cipher); if (LOGGING(tls_certificate_verified) && tls_in.cipher) s = string_append(s, &size, &sptr, 2, US" CV=", - tls_in.certificate_verified? "yes":"no"); + tls_in.certificate_verified ? "yes":"no"); if (LOGGING(tls_peerdn) && tls_in.peerdn) s = string_append(s, &size, &sptr, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); @@ -3772,17 +3855,17 @@ if (LOGGING(tls_sni) && tls_in.sni) if (sender_host_authenticated) { s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated); - if (authenticated_id != NULL) + if (authenticated_id) { s = string_append(s, &size, &sptr, 2, US":", authenticated_id); - if (LOGGING(smtp_mailauth) && authenticated_sender != NULL) + if (LOGGING(smtp_mailauth) && authenticated_sender) s = string_append(s, &size, &sptr, 2, US":", authenticated_sender); } } #ifndef DISABLE_PRDR if (prdr_requested) - s = string_append(s, &size, &sptr, 1, US" PRDR"); + s = string_catn(s, &size, &sptr, US" PRDR", 5); #endif #ifdef SUPPORT_PROXY @@ -3790,6 +3873,9 @@ if (proxy_session && LOGGING(proxy)) s = string_append(s, &size, &sptr, 2, US" PRX=", proxy_local_address); #endif +if (chunking_state > CHUNKING_OFFERED) + s = string_catn(s, &size, &sptr, US" K", 2); + sprintf(CS big_buffer, "%d", msg_size); s = string_append(s, &size, &sptr, 2, US" S=", big_buffer); @@ -3803,12 +3889,15 @@ if (LOGGING(8bitmime)) s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer); } +if (*queue_name) + s = string_append(s, &size, &sptr, 2, US" Q=", queue_name); + /* If an addr-spec in a message-id contains a quoted string, it can contain any characters except " \ and CR and so in particular it can contain NL! Therefore, make sure we use a printing-characters only version for the log. Also, allow for domain literals in the message id. */ -if (msgid_header != NULL) +if (msgid_header) { uschar *old_id; BOOL save_allow_domain_literals = allow_domain_literals; @@ -3857,16 +3946,15 @@ if (message_logs && blackholed_by == NULL) { int fd; - sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, message_subdir, - message_id); - fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE); - - if (fd < 0 && errno == ENOENT) + spool_name = spool_fname(US"msglog", message_subdir, message_id, US""); + + if ( (fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE)) < 0 + && errno == ENOENT + ) { - uschar temp[16]; - sprintf(CS temp, "msglog/%s", message_subdir); - if (message_subdir[0] == 0) temp[6] = 0; - (void)directory_make(spool_directory, temp, MSGLOG_DIRECTORY_MODE, TRUE); + (void)directory_make(spool_directory, + spool_sname(US"msglog", message_subdir), + MSGLOG_DIRECTORY_MODE, TRUE); fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE); } @@ -3892,7 +3980,9 @@ if (message_logs && blackholed_by == NULL) if (deliver_freeze) fprintf(message_log, "%s frozen by %s\n", now, frozen_by); if (queue_only_policy) fprintf(message_log, - "%s no immediate delivery: queued by %s\n", now, queued_by); + "%s no immediate delivery: queued%s%s by %s\n", now, + *queue_name ? " in " : "", *queue_name ? CS queue_name : "", + queued_by); (void)fclose(message_log); } } @@ -3937,31 +4027,23 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket && int c = (receive_getc)(); if (c != EOF) (receive_ungetc)(c); else { - uschar *msg = US"SMTP connection lost after final dot"; + smtp_notquit_exit(US"connection-lost", NULL, NULL); smtp_reply = US""; /* No attempt to send a response */ smtp_yield = FALSE; /* Nothing more on this connection */ /* Re-use the log line workspace */ sptr = 0; - s = string_cat(s, &size, &sptr, msg, Ustrlen(msg)); + s = string_cat(s, &size, &sptr, US"SMTP connection lost after final dot"); s = add_host_info_for_log(s, &size, &sptr); s[sptr] = 0; log_write(0, LOG_MAIN, "%s", s); /* Delete the files for this aborted message. */ - sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); - - sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); - - sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-D")); + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-H")); + Uunlink(spool_fname(US"msglog", message_subdir, message_id, US"")); goto TIDYUP; } @@ -3977,7 +4059,8 @@ for this message. */ Send dot onward. If accepted, wipe the spooled files, log as delivered and accept the sender's dot (below). If rejected: copy response to sender, wipe the spooled files, log approriately. - If temp-reject: accept to sender, keep the spooled files. + If temp-reject: normally accept to sender, keep the spooled file - unless defer=pass + in which case pass temp-reject back to initiator and dump the files. Having the normal spool files lets us do data-filtering, and store/forward on temp-reject. @@ -3985,7 +4068,7 @@ for this message. */ */ if(cutthrough.fd >= 0) { - uschar * msg= cutthrough_finaldot(); /* Ask the target system to accept the messsage */ + uschar * msg= cutthrough_finaldot(); /* Ask the target system to accept the message */ /* Logging was done in finaldot() */ switch(msg[0]) { @@ -3993,13 +4076,17 @@ if(cutthrough.fd >= 0) cutthrough_done = ACCEPTED; break; /* message_id needed for SMTP accept below */ + case '4': /* Temp-reject. Keep spoolfiles and accept, unless defer-pass mode. + ... for which, pass back the exact error */ + if (cutthrough.defer_pass) smtp_reply = string_copy_malloc(msg); + /*FALLTRHOUGH*/ + default: /* Unknown response, or error. Treat as temp-reject. */ - case '4': /* Temp-reject. Keep spoolfiles and accept. */ cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */ break; /* message_id needed for SMTP accept below */ case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */ - smtp_reply= msg; /* Pass on the exact error */ + smtp_reply = string_copy_malloc(msg); /* Pass on the exact error */ cutthrough_done = PERM_REJ; break; } @@ -4020,7 +4107,9 @@ if(!smtp_reply) if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by); if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN, - "no immediate delivery: queued by %s", queued_by); + "no immediate delivery: queued%s%s by %s", + *queue_name ? " in " : "", *queue_name ? CS queue_name : "", + queued_by); } receive_call_bombout = FALSE; @@ -4076,15 +4165,15 @@ if (smtp_input) if (!smtp_batched_input) { - if (smtp_reply == NULL) + if (!smtp_reply) { if (fake_response != OK) - smtp_respond((fake_response == DEFER)? US"450" : US"550", 3, TRUE, - fake_response_text); + smtp_respond(fake_response == DEFER ? US"450" : US"550", + 3, TRUE, fake_response_text); /* An OK response is required; use "message" text if present. */ - else if (user_msg != NULL) + else if (user_msg) { uschar *code = US"250"; int len = 3; @@ -4094,8 +4183,15 @@ if (smtp_input) /* Default OK response */ + else if (chunking_state > CHUNKING_OFFERED) + { + smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n", + chunking_datasize, message_size+message_linecount, message_id); + chunking_state = CHUNKING_OFFERED; + } else smtp_printf("250 OK id=%s\r\n", message_id); + if (host_checking) fprintf(stdout, "\n**** SMTP testing: that is not a real message id!\n\n"); @@ -4104,39 +4200,45 @@ if (smtp_input) /* smtp_reply is set non-empty */ else if (smtp_reply[0] != 0) - { if (fake_response != OK && (smtp_reply[0] == '2')) smtp_respond((fake_response == DEFER)? US"450" : US"550", 3, TRUE, fake_response_text); else smtp_printf("%.1024s\r\n", smtp_reply); - } switch (cutthrough_done) { - case ACCEPTED: log_write(0, LOG_MAIN, "Completed");/* Delivery was done */ - case PERM_REJ: { /* Delete spool files */ - sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); - sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); - sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, - message_subdir, message_id); - Uunlink(spool_name); - } - case TMP_REJ: message_id[0] = 0; /* Prevent a delivery from starting */ - default:break; + case ACCEPTED: + log_write(0, LOG_MAIN, "Completed");/* Delivery was done */ + case PERM_REJ: + /* Delete spool files */ + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-D")); + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-H")); + Uunlink(spool_fname(US"msglog", message_subdir, message_id, US"")); + message_id[0] = 0; /* Prevent a delivery from starting */ + break; + + case TMP_REJ: + if (cutthrough.defer_pass) + { + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-D")); + Uunlink(spool_fname(US"input", message_subdir, message_id, US"-H")); + Uunlink(spool_fname(US"msglog", message_subdir, message_id, US"")); + } + message_id[0] = 0; /* Prevent a delivery from starting */ + default: + break; } cutthrough.delivery = FALSE; + cutthrough.defer_pass = FALSE; } /* For batched SMTP, generate an error message on failure, and do nothing on success. The function moan_smtp_batch() does not return - it exits from the program with a non-zero return code. */ - else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply); + else if (smtp_reply) + moan_smtp_batch(NULL, "%s", smtp_reply); } @@ -4145,7 +4247,7 @@ file has already been unlinked, and the header file was never written to disk. We must now indicate that nothing was received, to prevent a delivery from starting. */ -if (blackholed_by != NULL) +if (blackholed_by) { const uschar *detail = local_scan_data ? string_printing(local_scan_data) diff --git a/src/src/regex.c b/src/src/regex.c index 3852ad8c5..9274f9095 100644 --- a/src/src/regex.c +++ b/src/src/regex.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ /* Code for matching regular expressions against headers and body. Called from acl.c. */ @@ -112,7 +114,12 @@ if (!mime_stream) /* We are in the DATA ACL */ } else { - f_pos = ftell(mime_stream); + if ((f_pos = ftell(mime_stream)) < 0) + { + log_write(0, LOG_MAIN|LOG_PANIC, + "regex acl condition: mime_stream: %s", strerror(errno)); + return DEFER; + } mbox_file = mime_stream; } @@ -141,7 +148,12 @@ if (!mime_stream) else { clearerr(mime_stream); - fseek(mime_stream, f_pos, SEEK_SET); + if (fseek(mime_stream, f_pos, SEEK_SET) == -1) + { + log_write(0, LOG_MAIN|LOG_PANIC, + "regex acl condition: mime_stream: %s", strerror(errno)); + clearerr(mime_stream); + } } return ret; diff --git a/src/src/retry.c b/src/src/retry.c index 0099b6e6a..364591bd0 100644 --- a/src/src/retry.c +++ b/src/src/retry.c @@ -536,12 +536,12 @@ for (i = 0; i < 3; i++) { address_item *endaddr, *addr; address_item *last_first = NULL; - address_item **paddr = (i==0)? addr_succeed : - (i==1)? addr_failed : addr_defer; + address_item **paddr = i==0 ? addr_succeed : + i==1 ? addr_failed : addr_defer; address_item **saved_paddr = NULL; - DEBUG(D_retry) debug_printf("%s addresses:\n", (i == 0)? "Succeeded" : - (i == 1)? "Failed" : "Deferred"); + DEBUG(D_retry) debug_printf("%s addresses:\n", + i == 0 ? "Succeeded" : i == 1 ? "Failed" : "Deferred"); /* Loop for each address on the chain. For deferred addresses, the whole address times out unless one of its retry addresses has a retry rule that @@ -553,22 +553,22 @@ for (i = 0; i < 3; i++) retry items for any parent addresses - these are typically "delete" items, because the parent must have succeeded in order to generate the child. */ - while ((endaddr = *paddr) != NULL) + while ((endaddr = *paddr)) { BOOL timed_out = FALSE; retry_item *rti; - for (addr = endaddr; addr != NULL; addr = addr->parent) + for (addr = endaddr; addr; addr = addr->parent) { int update_count = 0; int timedout_count = 0; - DEBUG(D_retry) debug_printf("%s%s\n", addr->address, (addr->retries == NULL)? - ": no retry items" : ""); + DEBUG(D_retry) debug_printf(" %s%s\n", addr->address, + addr->retries ? "" : ": no retry items"); /* Loop for each retry item. */ - for (rti = addr->retries; rti != NULL; rti = rti->next) + for (rti = addr->retries; rti; rti = rti->next) { uschar *message; int message_length, message_space, failing_interval, next_try; @@ -582,10 +582,10 @@ for (i = 0; i < 3; i++) opening if no addresses have retry items - common when none have yet reached their retry next try time. */ - if (dbm_file == NULL) + if (!dbm_file) dbm_file = dbfn_open(US"retry", O_RDWR, &dbblock, TRUE); - if (dbm_file == NULL) + if (!dbm_file) { DEBUG(D_deliver|D_retry|D_hints_lookup) debug_printf("retry database not available for updating\n"); @@ -600,13 +600,13 @@ for (i = 0; i < 3; i++) but the address gets delivered to the second one. This optimization doesn't succeed in cleaning out all the dead entries, but it helps. */ - if (*addr_defer == NULL && (rti->flags & rf_message) != 0) + if (!*addr_defer && rti->flags & rf_message) rti->flags |= rf_delete; /* Handle the case of a request to delete the retry info for this destination. */ - if ((rti->flags & rf_delete) != 0) + if (rti->flags & rf_delete) { (void)dbfn_delete(dbm_file, rti->key); DEBUG(D_retry) @@ -626,21 +626,21 @@ for (i = 0; i < 3; i++) information is found, we can't generate a retry time, so there is no point updating the database. This retry item is timed out. */ - if ((retry = retry_find_config(rti->key + 2, - ((rti->flags & rf_host) != 0)? addr->domain : NULL, - rti->basic_errno, rti->more_errno)) == NULL) + if (!(retry = retry_find_config(rti->key + 2, + rti->flags & rf_host ? addr->domain : NULL, + rti->basic_errno, rti->more_errno))) { DEBUG(D_retry) debug_printf("No configured retry item for %s%s%s\n", rti->key, - ((rti->flags & rf_host) != 0)? US" or " : US"", - ((rti->flags & rf_host) != 0)? addr->domain : US""); + rti->flags & rf_host ? US" or " : US"", + rti->flags & rf_host ? addr->domain : US""); if (addr == endaddr) timedout_count++; continue; } DEBUG(D_retry) { - if ((rti->flags & rf_host) != 0) + if (rti->flags & rf_host) debug_printf("retry for %s (%s) = %s %d %d\n", rti->key, addr->domain, retry->pattern, retry->basic_errno, retry->more_errno); @@ -653,9 +653,11 @@ for (i = 0; i < 3; i++) records have a maximum data length, we enforce a limit. There isn't much point in keeping a huge message here, anyway. */ - message = (rti->basic_errno > 0)? US strerror(rti->basic_errno) : - (rti->message == NULL)? - US"unknown error" : US string_printing(rti->message); + message = rti->basic_errno > 0 + ? US strerror(rti->basic_errno) + : rti->message + ? US string_printing(rti->message) + : US"unknown error"; message_length = Ustrlen(message); if (message_length > 150) message_length = 150; @@ -663,11 +665,11 @@ for (i = 0; i < 3; i++) Ignore an old one if it is too old since it was last updated. */ retry_record = dbfn_read(dbm_file, rti->key); - if (retry_record != NULL && - now - retry_record->time_stamp > retry_data_expire) + if ( retry_record + && now - retry_record->time_stamp > retry_data_expire) retry_record = NULL; - if (retry_record == NULL) + if (!retry_record) { retry_record = store_get(sizeof(dbdata_retry) + message_length); message_space = message_length; @@ -691,7 +693,7 @@ for (i = 0; i < 3; i++) successful delivery will reset the first_failed time, and this can lead to a failing message being retried too often. */ - if ((rti->flags & rf_host) == 0 && message_age > failing_interval) + if (!(rti->flags & rf_host) && message_age > failing_interval) failing_interval = message_age; /* Search for the current retry rule. The cutoff time of the @@ -702,7 +704,7 @@ for (i = 0; i < 3; i++) always times out, but we can't compute a retry time. */ final_rule = NULL; - for (rule = retry->rules; rule != NULL; rule = rule->next) + for (rule = retry->rules; rule; rule = rule->next) { if (failing_interval <= rule->timeout) break; final_rule = rule; @@ -714,10 +716,8 @@ for (i = 0; i < 3; i++) flag is false (can be forced via fixdb from outside, but ensure it is consistent with the rules whenever we go through here). */ - if (rule != NULL) - { + if (rule) retry_record->expired = FALSE; - } /* Otherwise, set the retry timeout expired, and set the final rule as the one from which to compute the next retry time. Subsequent @@ -756,13 +756,14 @@ for (i = 0; i < 3; i++) this is a small bit of code, and it does no harm to leave it in place, just in case. */ - if (received_time <= retry_record->first_failed && - addr == endaddr && !retry_record->expired && rule != NULL) + if ( received_time <= retry_record->first_failed + && addr == endaddr + && !retry_record->expired + && rule) { retry_rule *last_rule; - for (last_rule = rule; - last_rule->next != NULL; - last_rule = last_rule->next); + for (last_rule = rule; last_rule->next; last_rule = last_rule->next) + ; if (now - received_time > last_rule->timeout) { DEBUG(D_retry) debug_printf("on queue longer than maximum retry\n"); @@ -778,9 +779,12 @@ for (i = 0; i < 3; i++) case set the next retry time to now, so that one delivery attempt happens for subsequent messages. */ - if (rule == NULL) next_try = now; else + if (!rule) + next_try = now; + else { - if (rule->rule == 'F') next_try = now + rule->p1; + if (rule->rule == 'F') + next_try = now + rule->p1; else /* rule = 'G' or 'H' */ { int last_predicted_gap = @@ -790,9 +794,7 @@ for (i = 0; i < 3; i++) last_predicted_gap : last_actual_gap; int next_gap = (lastgap * rule->p2)/1000; if (rule->rule == 'G') - { next_try = now + ((lastgap < rule->p1)? rule->p1 : next_gap); - } else /* The 'H' rule */ { next_try = now + rule->p1; @@ -853,7 +855,6 @@ for (i = 0; i < 3; i++) time was not reached (or because of hosts_max_try). */ if (update_count > 0 && update_count == timedout_count) - { if (!testflag(endaddr, af_retry_skipped)) { DEBUG(D_retry) debug_printf("timed out: all retries expired\n"); @@ -864,7 +865,6 @@ for (i = 0; i < 3; i++) DEBUG(D_retry) debug_printf("timed out but some hosts were skipped\n"); } - } } /* Loop for an address and its parents */ /* If this is a deferred address, and retry processing was requested by @@ -880,7 +880,7 @@ for (i = 0; i < 3; i++) if (i == 2) /* Handling defers */ { - if (endaddr->retries != NULL && timed_out) + if (endaddr->retries && timed_out) { if (last_first == endaddr) paddr = saved_paddr; addr = *paddr; @@ -928,7 +928,7 @@ for (i = 0; i < 3; i++) /* Close and unlock the database */ -if (dbm_file != NULL) dbfn_close(dbm_file); +if (dbm_file) dbfn_close(dbm_file); DEBUG(D_retry) debug_printf("end of retry processing\n"); } diff --git a/src/src/rewrite.c b/src/src/rewrite.c index ca7fb6a11..830d2bb8d 100644 --- a/src/src/rewrite.c +++ b/src/src/rewrite.c @@ -205,6 +205,9 @@ for (rule = rewrite_rules; { if (expand_string_forcedfail) { if ((rule->flags & rewrite_quit) != 0) break; else continue; } + + expand_string_message = expand_hide_passwords(expand_string_message); + log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: " "%s", rule->replacement, expand_string_message); break; diff --git a/src/src/rfc2047.c b/src/src/rfc2047.c index 1a2e9c758..5c987e292 100644 --- a/src/src/rfc2047.c +++ b/src/src/rfc2047.c @@ -218,7 +218,7 @@ while (mimeword != NULL) #endif if (mimeword != string) - yield = string_cat(yield, &size, &ptr, string, mimeword - string); + yield = string_catn(yield, &size, &ptr, string, mimeword - string); /* Do a charset translation if required. This is supported only on hosts that have the iconv() function. Translation errors set error, but carry on, @@ -305,7 +305,7 @@ while (mimeword != NULL) /* Add the new string onto the result */ - yield = string_cat(yield, &size, &ptr, tptr, tlen); + yield = string_catn(yield, &size, &ptr, tptr, tlen); } #if HAVE_ICONV @@ -328,7 +328,7 @@ while (mimeword != NULL) /* Copy the remaining characters of the string, zero-terminate it, and return the length as well if requested. */ -yield = string_cat(yield, &size, &ptr, string, Ustrlen(string)); +yield = string_cat(yield, &size, &ptr, string); yield[ptr] = 0; if (lenptr != NULL) *lenptr = ptr; if (sizeptr != NULL) *sizeptr = size; diff --git a/src/src/route.c b/src/src/route.c index b289b0f34..3ca1afbfb 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -143,6 +143,19 @@ optionlist optionlist_routers[] = { int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist); +void +readconf_options_routers(void) +{ +struct router_info * ri; + +readconf_options_from_list(optionlist_routers, nelem(optionlist_routers), US"RT"); + +for (ri = routers_available; ri->driver_name[0]; ri++) + { + macro_create(string_sprintf("_DRVR_RTR_%T", ri->driver_name), US"y", FALSE, TRUE); + readconf_options_from_list(ri->options, (unsigned)*ri->options_count, ri->driver_name); + } +} /************************************************* * Set router pointer from name * @@ -979,7 +992,7 @@ if ((rc = check_files(r->require_files, perror)) != OK) if (r->condition) { - DEBUG(D_route) debug_printf("checking \"condition\"\n"); + DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition); if (!expand_check_condition(r->condition, r->name, US"router")) { if (search_find_defer) @@ -1657,10 +1670,10 @@ for (r = addr->start_router ? addr->start_router : routers; r; r = nextr) set flag. */ if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop)) - { + { addr->dsn_flags |= rf_dsnlasthop; HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address); - } + } HDEBUG(D_route) debug_printf("calling %s router\n", r->name); @@ -1897,21 +1910,8 @@ if (unseen && r->next) /* Unset the address expansions, and return the final result. */ ROUTE_EXIT: -if ( yield == DEFER - && addr->message - && ( Ustrstr(addr->message, "failed to expand") != NULL - || Ustrstr(addr->message, "expansion of ") != NULL - ) - && ( Ustrstr(addr->message, "mysql") != NULL - || Ustrstr(addr->message, "pgsql") != NULL - || Ustrstr(addr->message, "redis") != NULL - || Ustrstr(addr->message, "sqlite") != NULL - || Ustrstr(addr->message, "ldap:") != NULL - || Ustrstr(addr->message, "ldapdn:") != NULL - || Ustrstr(addr->message, "ldapm:") != NULL - ) - ) - addr->message = string_sprintf("Temporary internal error"); +if (yield == DEFER && addr->message) + addr->message = expand_hide_passwords(addr->message); deliver_set_expansions(NULL); router_name = NULL; diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c index 83ba5f689..d2be40e0f 100644 --- a/src/src/routers/dnslookup.c +++ b/src/src/routers/dnslookup.c @@ -305,6 +305,22 @@ for (;;) if (rc != HOST_FIND_FAILED) break; + if (ob->fail_defer_domains) + switch(match_isinlist(fully_qualified_name, + CUSS &ob->fail_defer_domains, 0, + &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL)) + { + case DEFER: + addr->message = US"lookup defer for fail_defer_domains option"; + return DEFER; + + case OK: + DEBUG(D_route) debug_printf("%s router: matched fail_defer_domains\n", + rblock->name); + addr->message = US"missing MX, or all MXs point to missing A records," + " and defer requested"; + return DEFER; + } /* Check to see if the failure is the result of MX records pointing to non-existent domains, and if so, set an appropriate error message; the case of an MX or SRV record pointing to "." is another special case that we can @@ -335,22 +351,6 @@ for (;;) addr->message); } } - if (ob->fail_defer_domains) - { - switch(match_isinlist(fully_qualified_name, - CUSS &ob->fail_defer_domains, 0, - &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL)) - { - case DEFER: - addr->message = US"lookup defer for fail_defer_domains"; - return DEFER; - - case OK: - DEBUG(D_route) debug_printf("%s router: matched fail_defer_domains\n", - rblock->name); - return DEFER; - } - } return DECLINE; } diff --git a/src/src/routers/iplookup.c b/src/src/routers/iplookup.c index 310e4d66d..e6a35a7f3 100644 --- a/src/src/routers/iplookup.c +++ b/src/src/routers/iplookup.c @@ -191,7 +191,7 @@ being a host list. */ listptr = ob->hosts; while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, - sizeof(host_buffer))) != NULL) + sizeof(host_buffer)))) { host_item *h; @@ -214,19 +214,20 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, /* Loop for possible multiple IP addresses for the given name. */ - for (h = host; h != NULL; h = h->next) + for (h = host; h; h = h->next) { int host_af, query_socket; /* Skip any hosts for which we have no address */ - if (h->address == NULL) continue; + if (!h->address) continue; /* Create a socket, for UDP or TCP, as configured. IPv6 addresses are detected by checking for a colon in the address. */ host_af = (Ustrchr(h->address, ':') != NULL)? AF_INET6 : AF_INET; - query_socket = ip_socket((ob->protocol == ip_udp)? SOCK_DGRAM:SOCK_STREAM, + + query_socket = ip_socket(ob->protocol == ip_udp ? SOCK_DGRAM:SOCK_STREAM, host_af); if (query_socket < 0) { @@ -240,7 +241,8 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, here only for TCP calls; for a UDP socket, "connect" always works (the router will timeout later on the read call). */ - if (ip_connect(query_socket, host_af, h->address,ob->port, ob->timeout) < 0) + if (ip_connect(query_socket, host_af, h->address,ob->port, ob->timeout, + ob->protocol != ip_udp) < 0) { close(query_socket); DEBUG(D_route) @@ -282,7 +284,7 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, /* If h == NULL we have tried all the IP addresses and failed on all of them, so we must continue to try more host names. Otherwise we have succeeded. */ - if (h != NULL) break; + if (h) break; } diff --git a/src/src/routers/manualroute.c b/src/src/routers/manualroute.c index 46177df43..95c69328d 100644 --- a/src/src/routers/manualroute.c +++ b/src/src/routers/manualroute.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -415,7 +415,7 @@ if (hostlist[0] == 0) { if (verify != v_none) goto ROUTED; addr->message = string_sprintf("error in %s router: no host(s) specified " - "for domain %s", rblock->name, domain); + "for domain %s", rblock->name, addr->domain); log_write(0, LOG_MAIN, "%s", addr->message); return DEFER; } diff --git a/src/src/routers/queryprogram.c b/src/src/routers/queryprogram.c index 138062e16..bfcaefcfd 100644 --- a/src/src/routers/queryprogram.c +++ b/src/src/routers/queryprogram.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" @@ -214,6 +214,7 @@ ugid.uid_set = ugid.gid_set = FALSE; /* Set up the propagated data block with the current address_data and the errors address and extra header stuff. */ +bzero(&addr_prop, sizeof(addr_prop)); addr_prop.address_data = deliver_address_data; rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address); @@ -223,6 +224,10 @@ rc = rf_get_munge_headers(addr, rblock, &addr_prop.extra_headers, &addr_prop.remove_headers); if (rc != OK) return rc; +#ifdef EXPERIMENTAL_SRS +addr_prop.srs_sender = NULL; +#endif + /* Get the fixed or expanded uid under which the command is to run (initialization ensures that one or the other is set). */ diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c index 7bbaa82e4..8aad1d4ab 100644 --- a/src/src/routers/redirect.c +++ b/src/src/routers/redirect.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -325,7 +325,7 @@ add_generated(router_instance *rblock, address_item **addr_new, redirect_router_options_block *ob = (redirect_router_options_block *)(rblock->options_block); -while (generated != NULL) +while (generated) { address_item *parent; address_item *next = generated; @@ -347,7 +347,7 @@ while (generated != NULL) if (ob->one_time && !queue_2stage) { - for (parent = addr; parent->parent != NULL; parent = parent->parent); + for (parent = addr; parent->parent; parent = parent->parent) ; next->onetime_parent = parent->address; } @@ -358,21 +358,16 @@ while (generated != NULL) unless the ancestor was routed by a case-sensitive router. */ if (ob->check_ancestor) - { - for (parent = addr; parent != NULL; parent = parent->parent) - { - if (((parent->router != NULL && parent->router->caseful_local_part)? - Ustrcmp(next->address, parent->address) - : - strcmpic(next->address, parent->address) + for (parent = addr; parent; parent = parent->parent) + if ((parent->router && parent->router->caseful_local_part + ? Ustrcmp(next->address, parent->address) + : strcmpic(next->address, parent->address) ) == 0) { DEBUG(D_route) debug_printf("generated parent replaced by child\n"); next->address = string_copy(addr->address); break; } - } - } /* A user filter may, under some circumstances, set up an errors address. If so, we must take care to re-instate it when we copy in the propagated @@ -553,6 +548,12 @@ addr_prop.remove_headers = NULL; #ifdef EXPERIMENTAL_SRS addr_prop.srs_sender = NULL; #endif +#ifdef SUPPORT_I18N +addr_prop.utf8_msg = FALSE; /*XXX should we not copy this from the parent? */ +addr_prop.utf8_downcvt = FALSE; +addr_prop.utf8_downcvt_maybe = FALSE; +#endif + /* When verifying and testing addresses, the "logwrite" command in filters must be bypassed. */ @@ -649,8 +650,8 @@ if (!ugid.gid_set && pw != NULL) // eximsrs_db_set(FALSE, NULL); */ - if(ob->srs_alias != NULL ? (usedomain = expand_string(ob->srs_alias)) == NULL : 1) - usedomain = deliver_domain; + if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL)) + usedomain = string_copy(deliver_domain); if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK) { diff --git a/src/src/routers/rf_functions.h b/src/src/routers/rf_functions.h index 1344faadf..f310d5a42 100644 --- a/src/src/routers/rf_functions.h +++ b/src/src/routers/rf_functions.h @@ -14,7 +14,7 @@ extern void rf_add_generated(router_instance *, address_item **, extern void rf_change_domain(address_item *, const uschar *, BOOL, address_item **); extern uschar *rf_expand_data(address_item *, uschar *, int *); extern int rf_get_errors_address(address_item *, router_instance *, - BOOL, uschar **); + int, uschar **); extern int rf_get_munge_headers(address_item *, router_instance *, header_line **, uschar **); extern BOOL rf_get_transport(uschar *, transport_instance **, address_item *, diff --git a/src/src/setenv.c b/src/src/setenv.c index 6da56d58d..ceeb8ef1c 100644 --- a/src/src/setenv.c +++ b/src/src/setenv.c @@ -2,15 +2,16 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Michael Haardt 2015 */ -/* Copyright (c) Jeremy Harris 2015 */ +/* Copyright (c) Michael Haardt 2015 + * Copyright (c) Jeremy Harris 2015 - 2016 + * Copyright (c) The Exim Maintainers 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides (un)setenv routines for those environments -lacking them in libraries. */ +lacking them in libraries. It is #include'd by OS/os.c-foo files. */ -static int +int setenv(const char * name, const char * val, int overwrite) { uschar * s; @@ -20,7 +21,7 @@ if (overwrite || !getenv(name)) return 0; } -static int +int unsetenv(const char *name) { size_t len; @@ -34,6 +35,9 @@ if (!name) return -1; } +if (!environ) + return 0; + for (end = name; *end != '=' && *end; ) end++; len = end - name; diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h new file mode 100644 index 000000000..387ac52c1 --- /dev/null +++ b/src/src/sha_ver.h @@ -0,0 +1,42 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) Jeremy Harris 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* SHA routine selection */ + +#include "exim.h" + +/* Please be aware that pulling in extra headers which are not in the system + * includes may require careful juggling of CFLAGS in + * scripts/Configure-Makefile -- that logic should be kept in sync with this. + * In particular, building with just something like USE_OPENSSL_PC=openssl + * and not massaging CFLAGS in Local/Makefile is fully supported. + */ + +#ifdef SUPPORT_TLS + +# define EXIM_HAVE_SHA2 + +# ifdef USE_GNUTLS +# include <gnutls/gnutls.h> + +# if GNUTLS_VERSION_NUMBER >= 0x020a00 +# define SHA_GNUTLS +# if GNUTLS_VERSION_NUMBER >= 0x030500 +# define EXIM_HAVE_SHA3 +# endif +# else +# define SHA_GCRYPT +# endif + +# else +# define SHA_OPENSSL +# endif + +#else +# define SHA_NATIVE +#endif + diff --git a/src/src/sieve.c b/src/src/sieve.c index 3d7e99b27..19bc5337b 100644 --- a/src/src/sieve.c +++ b/src/src/sieve.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Michael Haardt 2003 - 2015 */ -/* See the file NOTICE for conditions of use and distribution. */ +/* Copyright (c) Michael Haardt 2003 - 2015 + * Copyright (c) The Exim Maintainers 2016 + * See the file NOTICE for conditions of use and distribution. + */ /* This code was contributed by Michael Haardt. */ @@ -232,6 +234,9 @@ uschar *new = NULL; uschar ch; size_t line; +/* Two passes: one to count output allocation size, second +to do the encoding */ + for (pass=0; pass<=1; ++pass) { line=0; @@ -245,54 +250,47 @@ for (pass=0; pass<=1; ++pass) for (start=src->character,end=start+src->length; start<end; ++start) { ch=*start; - if (line>=73) + if (line>=73) /* line length limit */ { if (pass==0) dst->length+=2; else { - *new++='='; + *new++='='; /* line split */ *new++='\n'; } line=0; } - if - ( - (ch>=33 && ch<=60) - || (ch>=62 && ch<=126) - || - ( - (ch==9 || ch==32) - && start+2<end - && (*(start+1)!='\r' || *(start+2)!='\n') - ) - ) + if ( (ch>='!' && ch<='<') + || (ch>='>' && ch<='~') + || ( (ch=='\t' || ch==' ') + && start+2<end + && (*(start+1)!='\r' || *(start+2)!='\n') /* CRLF */ + ) + ) { if (pass==0) ++dst->length; else - *new++=*start; + *new++=*start; /* copy char */ ++line; } - else if (ch=='\r' && start+1<end && *(start+1)=='\n') + else if (ch=='\r' && start+1<end && *(start+1)=='\n') /* CRLF */ { if (pass==0) - { ++dst->length; - line=0; - } else - *new++='\n'; - line=0; - ++start; + *new++='\n'; /* NL */ + line=0; + ++start; /* consume extra input char */ } else { if (pass==0) dst->length+=3; else - { - sprintf(CS new,"=%02X",ch); + { /* encoded char */ + new += sprintf(CS new,"=%02X",ch); new+=3; } line+=3; @@ -415,7 +413,8 @@ Returns static int parse_mailto_uri(struct Sieve *filter, const uschar *uri, string_item **recipient, struct String *header, struct String *subject, struct String *body) { const uschar *start; -struct String to,hname,hvalue; +struct String to, hname; +struct String hvalue = {NULL, 0}; int capacity; string_item *new; @@ -424,6 +423,7 @@ if (Ustrncmp(uri,"mailto:",7)) filter->errmsg=US "Unknown URI scheme"; return 0; } + uri+=7; if (*uri && *uri!='?') for (;;) @@ -433,9 +433,9 @@ if (*uri && *uri!='?') if (uri>start) { capacity=0; - to.character=(uschar*)0; + to.character= NULL; to.length=0; - to.character=string_cat(to.character,&capacity,&to.length,start,uri-start); + to.character=string_catn(to.character, &capacity, &to.length, start, uri-start); to.character[to.length]='\0'; if (uri_decode(&to)==-1) { @@ -467,9 +467,9 @@ if (*uri=='?') if (uri>start) { capacity=0; - hname.character=(uschar*)0; + hname.character= NULL; hname.length=0; - hname.character=string_cat(hname.character,&capacity,&hname.length,start,uri-start); + hname.character = string_catn(hname.character, &capacity, &hname.length, start, uri-start); hname.character[hname.length]='\0'; if (uri_decode(&hname)==-1) { @@ -490,9 +490,9 @@ if (*uri=='?') if (uri>start) { capacity=0; - hvalue.character=(uschar*)0; + hvalue.character= NULL; hvalue.length=0; - hvalue.character=string_cat(hvalue.character,&capacity,&hvalue.length,start,uri-start); + hvalue.character=string_catn(hvalue.character,&capacity,&hvalue.length,start,uri-start); hvalue.character[hvalue.length]='\0'; if (uri_decode(&hvalue)==-1) { @@ -531,10 +531,10 @@ if (*uri=='?') { if (header->length==-1) header->length=0; capacity=header->length; - header->character=string_cat(header->character,&capacity,&header->length,hname.character,hname.length); - header->character=string_cat(header->character,&capacity,&header->length,CUS ": ",2); - header->character=string_cat(header->character,&capacity,&header->length,hvalue.character,hvalue.length); - header->character=string_cat(header->character,&capacity,&header->length,CUS "\n",1); + header->character=string_catn(header->character,&capacity,&header->length,hname.character,hname.length); + header->character=string_catn(header->character,&capacity,&header->length,CUS ": ",2); + header->character=string_catn(header->character,&capacity,&header->length,hvalue.character,hvalue.length); + header->character=string_catn(header->character,&capacity,&header->length,CUS "\n",1); header->character[header->length]='\0'; } } @@ -1008,24 +1008,24 @@ while (l) { case '\0': { - quoted=string_cat(quoted,&size,&ptr,CUS "\\0",2); + quoted=string_catn(quoted,&size,&ptr,CUS "\\0",2); break; } case '$': case '{': case '}': { - quoted=string_cat(quoted,&size,&ptr,CUS "\\",1); + quoted=string_catn(quoted,&size,&ptr,CUS "\\",1); } default: { - quoted=string_cat(quoted,&size,&ptr,h,1); + quoted=string_catn(quoted,&size,&ptr,h,1); } } ++h; --l; } -quoted=string_cat(quoted,&size,&ptr,CUS "",1); +quoted=string_catn(quoted,&size,&ptr,CUS "",1); return quoted; } @@ -1489,7 +1489,7 @@ if (*filter->pc=='"') /* quoted string */ ++filter->pc; /* that way, there will be at least one character allocated */ - data->character=string_cat(data->character,&dataCapacity,&foo,CUS "",1); + data->character=string_catn(data->character,&dataCapacity,&foo,CUS "",1); #ifdef ENCODED_CHARACTER if (filter->require_encoded_character && string_decode(filter,data)==-1) @@ -1499,7 +1499,7 @@ if (*filter->pc=='"') /* quoted string */ } else if (*filter->pc=='\\' && *(filter->pc+1)) /* quoted character */ { - data->character=string_cat(data->character,&dataCapacity,&data->length,filter->pc+1,1); + data->character=string_catn(data->character,&dataCapacity,&data->length,filter->pc+1,1); filter->pc+=2; } else /* regular character */ @@ -1509,11 +1509,11 @@ if (*filter->pc=='"') /* quoted string */ #else if (*filter->pc=='\n') { - data->character=string_cat(data->character,&dataCapacity,&data->length,US"\r",1); + data->character=string_catn(data->character,&dataCapacity,&data->length,US"\r",1); ++filter->line; } #endif - data->character=string_cat(data->character,&dataCapacity,&data->length,filter->pc,1); + data->character=string_catn(data->character,&dataCapacity,&data->length,filter->pc,1); filter->pc++; } } @@ -1555,7 +1555,7 @@ else if (Ustrncmp(filter->pc,CUS "text:",5)==0) /* multiline string */ if (*filter->pc=='\n') /* end of line */ #endif { - data->character=string_cat(data->character,&dataCapacity,&data->length,CUS "\r\n",2); + data->character=string_catn(data->character,&dataCapacity,&data->length,CUS "\r\n",2); #ifdef RFC_EOL filter->pc+=2; #else @@ -1571,7 +1571,7 @@ else if (Ustrncmp(filter->pc,CUS "text:",5)==0) /* multiline string */ int foo=data->length; /* that way, there will be at least one character allocated */ - data->character=string_cat(data->character,&dataCapacity,&foo,CUS "",1); + data->character=string_catn(data->character,&dataCapacity,&foo,CUS "",1); #ifdef RFC_EOL filter->pc+=3; #else @@ -1587,13 +1587,13 @@ else if (Ustrncmp(filter->pc,CUS "text:",5)==0) /* multiline string */ } else if (*filter->pc=='.' && *(filter->pc+1)=='.') /* remove dot stuffing */ { - data->character=string_cat(data->character,&dataCapacity,&data->length,CUS ".",1); + data->character=string_catn(data->character,&dataCapacity,&data->length,CUS ".",1); filter->pc+=2; } } else /* regular character */ { - data->character=string_cat(data->character,&dataCapacity,&data->length,filter->pc,1); + data->character=string_catn(data->character,&dataCapacity,&data->length,filter->pc,1); filter->pc++; } } @@ -1706,12 +1706,13 @@ Returns: 1 success -1 no string list found */ -static int parse_stringlist(struct Sieve *filter, struct String **data) +static int +parse_stringlist(struct Sieve *filter, struct String **data) { const uschar *orig=filter->pc; -int dataCapacity=0; -int dataLength=0; -struct String *d=(struct String*)0; +int dataCapacity = 0; +int dataLength = 0; +struct String *d = NULL; int m; if (*filter->pc=='[') /* string list */ @@ -1720,20 +1721,18 @@ if (*filter->pc=='[') /* string list */ for (;;) { if (parse_white(filter)==-1) goto error; - if ((dataLength+1)>=dataCapacity) /* increase buffer */ + if (dataLength+1 >= dataCapacity) /* increase buffer */ { struct String *new; int newCapacity; /* Don't amalgamate with next line; some compilers grumble */ - newCapacity=dataCapacity?(dataCapacity*=2):(dataCapacity=4); - if ((new=(struct String*)store_get(sizeof(struct String)*newCapacity))==(struct String*)0) - { - filter->errmsg=CUstrerror(errno); - goto error; - } + + dataCapacity = dataCapacity ? dataCapacity * 2 : 4; + new = store_get(sizeof(struct String) * dataCapacity); + if (d) memcpy(new,d,sizeof(struct String)*dataLength); - d=new; - dataCapacity=newCapacity; + d = new; } + m=parse_string(filter,&d[dataLength]); if (m==0) { @@ -3299,10 +3298,10 @@ while (*filter->pc) capacity=0; if (handle.length==-1) { - if (subject.length!=-1) key.character=string_cat(key.character,&capacity,&key.length,subject.character,subject.length); - if (from.length!=-1) key.character=string_cat(key.character,&capacity,&key.length,from.character,from.length); - key.character=string_cat(key.character,&capacity,&key.length,reason_is_mime?US"1":US"0",1); - key.character=string_cat(key.character,&capacity,&key.length,reason.character,reason.length); + if (subject.length!=-1) key.character=string_catn(key.character,&capacity,&key.length,subject.character,subject.length); + if (from.length!=-1) key.character=string_catn(key.character,&capacity,&key.length,from.character,from.length); + key.character=string_catn(key.character,&capacity,&key.length,reason_is_mime?US"1":US"0",1); + key.character=string_catn(key.character,&capacity,&key.length,reason.character,reason.length); } else key=handle; @@ -3317,8 +3316,8 @@ while (*filter->pc) { capacity=Ustrlen(filter->vacation_directory); start=capacity; - once=string_cat(filter->vacation_directory,&capacity,&start,US"/",1); - once=string_cat(once,&capacity,&start,hexdigest,33); + once=string_catn(filter->vacation_directory,&capacity,&start,US"/",1); + once=string_catn(once,&capacity,&start,hexdigest,33); once[start] = '\0'; /* process subject */ @@ -3333,7 +3332,7 @@ while (*filter->pc) expand_header(&subject,&str_subject); capacity=6; start=6; - subject.character=string_cat(US"Auto: ",&capacity,&start,subject.character,subject.length); + subject.character=string_catn(US"Auto: ",&capacity,&start,subject.character,subject.length); subject.length=start; } else @@ -3380,13 +3379,13 @@ while (*filter->pc) ); capacity = 0; start = 0; - addr->reply->headers = string_cat(NULL,&capacity,&start,reason.character,mime_body-reason.character); + addr->reply->headers = string_catn(NULL,&capacity,&start,reason.character,mime_body-reason.character); addr->reply->headers[start] = '\0'; capacity = 0; start = 0; if (mime_body+(sizeof(nlnl)-1)<reason_end) mime_body+=(sizeof(nlnl)-1); else mime_body=reason_end-1; - addr->reply->text = string_cat(NULL,&capacity,&start,mime_body,reason_end-mime_body); + addr->reply->text = string_catn(NULL,&capacity,&start,mime_body,reason_end-mime_body); addr->reply->text[start] = '\0'; } else diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 0498ecb18..d7080168a 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for handling an incoming SMTP call. */ @@ -82,6 +82,15 @@ enum { MAIL_CMD, RCPT_CMD, RSET_CMD, + /* RFC3030 section 2: "After all MAIL and RCPT responses are collected and + processed the message is sent using a series of BDAT commands" + implies that BDAT should be synchronized. However, we see Google, at least, + sending MAIL,RCPT,BDAT-LAST in a single packet, clearly not waiting for + processing of the RPCT response(s). We shall do the same, and not require + synch for BDAT. */ + + BDAT_CMD, + /* This is a dummy to identify the non-sync commands when not pipelining */ NON_SYNC_CMD_NON_PIPELINING, @@ -182,6 +191,7 @@ static smtp_cmd_list cmd_list[] = { { "mail from:", sizeof("mail from:")-1, MAIL_CMD, TRUE, TRUE }, { "rcpt to:", sizeof("rcpt to:")-1, RCPT_CMD, TRUE, TRUE }, { "data", sizeof("data")-1, DATA_CMD, FALSE, TRUE }, + { "bdat", sizeof("bdat")-1, BDAT_CMD, TRUE, TRUE }, { "quit", sizeof("quit")-1, QUIT_CMD, FALSE, TRUE }, { "noop", sizeof("noop")-1, NOOP_CMD, TRUE, FALSE }, { "etrn", sizeof("etrn")-1, ETRN_CMD, TRUE, FALSE }, @@ -205,9 +215,9 @@ It must be kept in step with the SCH_xxx enumerations. */ static uschar *smtp_names[] = { - US"NONE", US"AUTH", US"DATA", US"EHLO", US"ETRN", US"EXPN", US"HELO", - US"HELP", US"MAIL", US"NOOP", US"QUIT", US"RCPT", US"RSET", US"STARTTLS", - US"VRFY" }; + US"NONE", US"AUTH", US"DATA", US"BDAT", US"EHLO", US"ETRN", US"EXPN", + US"HELO", US"HELP", US"MAIL", US"NOOP", US"QUIT", US"RCPT", US"RSET", + US"STARTTLS", US"VRFY" }; static uschar *protocols_local[] = { US"local-smtp", /* HELO */ @@ -289,6 +299,13 @@ static int smtp_had_eof; static int smtp_had_error; +/* forward declarations */ +int bdat_ungetc(int ch); +static int smtp_read_command(BOOL check_sync); +static int synprot_error(int type, int code, uschar *data, uschar *errmess); +static void smtp_quit_handler(uschar **, uschar **); +static void smtp_rset_handler(void); + /************************************************* * SMTP version of getc() * *************************************************/ @@ -308,6 +325,7 @@ smtp_getc(void) if (smtp_inptr >= smtp_inend) { int rc, save_errno; + if (!smtp_out) return EOF; fflush(smtp_out); if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size); @@ -335,6 +353,145 @@ if (smtp_inptr >= smtp_inend) return *smtp_inptr++; } +void +smtp_get_cache(void) +{ +#ifndef DISABLE_DKIM +int n = smtp_inend - smtp_inptr; +if (n > 0) + dkim_exim_verify_feed(smtp_inptr, n); +#endif +} + + +/* Get a byte from the smtp input, in CHUNKING mode. Handle ack of the +previous BDAT chunk and getting new ones when we run out. Uses the +underlying smtp_getc or tls_getc both for that and for getting the +(buffered) data byte. EOD signals (an expected) no further data. +ERR signals a protocol error, and EOF a closed input stream. + +Called from read_bdat_smtp() in receive.c for the message body, but also +by the headers read loop in receive_msg(); manipulates chunking_state +to handle the BDAT command/response. +Placed here due to the correlation with the above smtp_getc(), which it wraps, +and also by the need to do smtp command/response handling. + +Arguments: none +Returns: the next character or ERR, EOD or EOF +*/ + +int +bdat_getc(void) +{ +uschar * user_msg = NULL; +uschar * log_msg; + +for(;;) + { + if (chunking_data_left-- > 0) + return lwr_receive_getc(); + + receive_getc = lwr_receive_getc; + receive_ungetc = lwr_receive_ungetc; + + /* If not the last, ack the received chunk. The last response is delayed + until after the data ACL decides on it */ + + if (chunking_state == CHUNKING_LAST) + { +#ifndef DISABLE_DKIM + dkim_exim_verify_feed(NULL, 0); /* notify EOD */ +#endif + return EOD; + } + + chunking_state = CHUNKING_OFFERED; + smtp_printf("250 %u byte chunk received\r\n", chunking_datasize); + + /* Expect another BDAT cmd from input. RFC 3030 says nothing about + QUIT, RSET or NOOP but handling them seems obvious */ + +next_cmd: + switch(smtp_read_command(TRUE)) + { + default: + (void) synprot_error(L_smtp_protocol_error, 503, NULL, + US"only BDAT permissible after non-LAST BDAT"); + + repeat_until_rset: + switch(smtp_read_command(TRUE)) + { + case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */ + case EOF_CMD: return EOF; + case RSET_CMD: smtp_rset_handler(); return ERR; + default: if (synprot_error(L_smtp_protocol_error, 503, NULL, + US"only RSET accepted now") > 0) + return EOF; + goto repeat_until_rset; + } + + case QUIT_CMD: + smtp_quit_handler(&user_msg, &log_msg); + /*FALLTHROUGH*/ + case EOF_CMD: + return EOF; + + case RSET_CMD: + smtp_rset_handler(); + return ERR; + + case NOOP_CMD: + HAD(SCH_NOOP); + smtp_printf("250 OK\r\n"); + goto next_cmd; + + case BDAT_CMD: + { + int n; + + if (sscanf(CS smtp_cmd_data, "%u %n", &chunking_datasize, &n) < 1) + { + (void) synprot_error(L_smtp_protocol_error, 501, NULL, + US"missing size for BDAT command"); + return ERR; + } + chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 + ? CHUNKING_LAST : CHUNKING_ACTIVE; + chunking_data_left = chunking_datasize; + + if (chunking_datasize == 0) + if (chunking_state == CHUNKING_LAST) + return EOD; + else + { + (void) synprot_error(L_smtp_protocol_error, 504, NULL, + US"zero size for BDAT command"); + goto repeat_until_rset; + } + + receive_getc = bdat_getc; + receive_ungetc = bdat_ungetc; + break; /* to top of main loop */ + } + } + } +} + +static void +bdat_flush_data(void) +{ +while (chunking_data_left-- > 0) + if (lwr_receive_getc() < 0) + break; + +receive_getc = lwr_receive_getc; +receive_ungetc = lwr_receive_ungetc; + +if (chunking_state != CHUNKING_LAST) + chunking_state = CHUNKING_OFFERED; +} + + /************************************************* @@ -353,11 +510,18 @@ Returns: the character int smtp_ungetc(int ch) { -*(--smtp_inptr) = ch; +*--smtp_inptr = ch; return ch; } +int +bdat_ungetc(int ch) +{ +chunking_data_left++; +return lwr_receive_ungetc(ch); +} + /************************************************* @@ -597,10 +761,10 @@ Arguments: fd - File descriptor for input Returns: none */ static void -restore_socket_timeout(int fd, int get_ok, struct timeval tvtmp, socklen_t vslen) +restore_socket_timeout(int fd, int get_ok, struct timeval * tvtmp, socklen_t vslen) { if (get_ok == 0) - setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tvtmp, vslen); + (void) setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS tvtmp, vslen); } /************************************************* @@ -641,7 +805,7 @@ so exit with an error if do not find the exact required pieces. This includes an incorrect number of spaces separating args. Arguments: none -Returns: int +Returns: Boolean success */ static BOOL @@ -685,27 +849,23 @@ char tmpip6[INET6_ADDRSTRLEN]; struct sockaddr_in6 tmpaddr6; int get_ok = 0; -int size, ret, fd; +int size, ret; +int fd = fileno(smtp_in); const char v2sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A"; uschar *iptype; /* To display debug info */ struct timeval tv; -socklen_t vslen = 0; struct timeval tvtmp; - -vslen = sizeof(struct timeval); - -fd = fileno(smtp_in); +socklen_t vslen = sizeof(struct timeval); /* Save current socket timeout values */ -get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tvtmp, - &vslen); +get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tvtmp, &vslen); /* Proxy Protocol host must send header within a short time (default 3 seconds) or it's considered invalid */ tv.tv_sec = PROXY_NEGOTIATION_TIMEOUT_SEC; tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC; -setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, - sizeof(struct timeval)); +if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tv, sizeof(tv)) < 0) + return FALSE; do { @@ -716,10 +876,7 @@ do while (ret == -1 && errno == EINTR); if (ret == -1) - { - restore_socket_timeout(fd, get_ok, tvtmp, vslen); - return (errno == EAGAIN) ? 0 : ERRNO_PROXYFAIL; - } + goto proxyfail; if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0) @@ -759,7 +916,7 @@ if (ret >= 16 && if (!string_is_ip_address(US tmpip,NULL)) { DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); - return ERRNO_PROXYFAIL; + goto proxyfail; } proxy_local_address = sender_host_address; sender_host_address = string_copy(US tmpip); @@ -772,7 +929,7 @@ if (ret >= 16 && if (!string_is_ip_address(US tmpip,NULL)) { DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); - return ERRNO_PROXYFAIL; + goto proxyfail; } proxy_external_address = string_copy(US tmpip); tmpport = ntohs(hdr.v2.addr.ip4.dst_port); @@ -785,7 +942,7 @@ if (ret >= 16 && if (!string_is_ip_address(US tmpip6,NULL)) { DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); - return ERRNO_PROXYFAIL; + goto proxyfail; } proxy_local_address = sender_host_address; sender_host_address = string_copy(US tmpip6); @@ -798,7 +955,7 @@ if (ret >= 16 && if (!string_is_ip_address(US tmpip6,NULL)) { DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); - return ERRNO_PROXYFAIL; + goto proxyfail; } proxy_external_address = string_copy(US tmpip6); tmpport = ntohs(hdr.v2.addr.ip6.dst_port); @@ -939,13 +1096,13 @@ else } proxyfail: -restore_socket_timeout(fd, get_ok, tvtmp, vslen); +restore_socket_timeout(fd, get_ok, &tvtmp, vslen); /* Don't flush any potential buffer contents. Any input should cause a synchronization failure */ return FALSE; done: -restore_socket_timeout(fd, get_ok, tvtmp, vslen); +restore_socket_timeout(fd, get_ok, &tvtmp, vslen); DEBUG(D_receive) debug_printf("Valid %s sender from Proxy Protocol header\n", iptype); return proxy_session; @@ -1180,26 +1337,23 @@ if (smtp_in == NULL || smtp_batched_input) return; receive_swallow_smtp(); smtp_printf("421 %s\r\n", message); -for (;;) +for (;;) switch(smtp_read_command(FALSE)) { - switch(smtp_read_command(FALSE)) - { - case EOF_CMD: - return; + case EOF_CMD: + return; - case QUIT_CMD: - smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); - mac_smtp_fflush(); - return; + case QUIT_CMD: + smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); + mac_smtp_fflush(); + return; - case RSET_CMD: - smtp_printf("250 Reset OK\r\n"); - break; + case RSET_CMD: + smtp_printf("250 Reset OK\r\n"); + break; - default: - smtp_printf("421 %s\r\n", message); - break; - } + default: + smtp_printf("421 %s\r\n", message); + break; } } @@ -1222,8 +1376,8 @@ Returns: a string describing the connection uschar * smtp_get_connection_info(void) { -uschar *hostname = (sender_fullhost == NULL)? - sender_host_address : sender_fullhost; +const uschar * hostname = sender_fullhost + ? sender_fullhost : sender_host_address; if (host_checking) return string_sprintf("SMTP connection from %s", hostname); @@ -1520,14 +1674,6 @@ sender_verified_list = NULL; /* No senders verified */ memset(sender_address_cache, 0, sizeof(sender_address_cache)); memset(sender_domain_cache, 0, sizeof(sender_domain_cache)); -#ifndef DISABLE_PRDR -prdr_requested = FALSE; -#endif - -/* Reset the DSN flags */ -dsn_ret = 0; -dsn_envid = NULL; - authenticated_sender = NULL; #ifdef EXPERIMENTAL_BRIGHTMAIL bmi_run = 0; @@ -1538,6 +1684,11 @@ dkim_signers = NULL; dkim_disable_verify = FALSE; dkim_collect_input = FALSE; #endif +dsn_ret = 0; +dsn_envid = NULL; +#ifndef DISABLE_PRDR +prdr_requested = FALSE; +#endif #ifdef EXPERIMENTAL_SPF spf_header_comment = NULL; spf_received = NULL; @@ -1729,16 +1880,15 @@ while (done <= 0) /* Apply SMTP rewrite, then extract address. Don't allow "<>" as a recipient address */ - recipient = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", - global_rewrite_rules) : smtp_cmd_data; + recipient = rewrite_existflags & rewrite_smtp + ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", + global_rewrite_rules) + : smtp_cmd_data; - /* rfc821_domains = TRUE; << no longer needed */ recipient = parse_extract_address(recipient, &errmess, &start, &end, &recipient_domain, FALSE); - /* rfc821_domains = FALSE; << no longer needed */ - if (recipient == NULL) + if (!recipient) /* The function moan_smtp_batch() does not return. */ moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess); @@ -1890,10 +2040,10 @@ acl_var_c = NULL; /* Allow for trailing 0 in the command and data buffers. */ -smtp_cmd_buffer = (uschar *)malloc(2*smtp_cmd_buffer_size + 2); -if (smtp_cmd_buffer == NULL) +if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP command buffer"); + smtp_cmd_buffer[0] = 0; smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1; @@ -1902,7 +2052,7 @@ command line by a trusted caller. */ if (smtp_batched_input) { - if (received_protocol == NULL) received_protocol = US"local-bsmtp"; + if (!received_protocol) received_protocol = US"local-bsmtp"; } /* For non-batched SMTP input, the protocol setting is forced here. It will be @@ -1915,10 +2065,11 @@ else /* Set up the buffer for inputting using direct read() calls, and arrange to call the local functions instead of the standard C ones. */ -smtp_inbuffer = (uschar *)malloc(in_buffer_size); -if (smtp_inbuffer == NULL) +if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer"); + receive_getc = smtp_getc; +receive_get_cache = smtp_get_cache; receive_ungetc = smtp_ungetc; receive_feof = smtp_feof; receive_ferror = smtp_ferror; @@ -2315,8 +2466,7 @@ if (smtp_batched_input) return TRUE; proxy_session = FALSE; proxy_session_failed = FALSE; if (check_proxy_protocol_host()) - { - if (setup_proxy_protocol_host() == FALSE) + if (!setup_proxy_protocol_host()) { proxy_session_failed = TRUE; DEBUG(D_receive) @@ -2328,20 +2478,18 @@ if (check_proxy_protocol_host()) (void)host_name_lookup(); host_build_sender_fullhost(); } - } #endif /* Run the ACL if it exists */ user_msg = NULL; -if (acl_smtp_connect != NULL) +if (acl_smtp_connect) { int rc; - rc = acl_check(ACL_WHERE_CONNECT, NULL, acl_smtp_connect, &user_msg, - &log_msg); - if (rc != OK) + if ((rc = acl_check(ACL_WHERE_CONNECT, NULL, acl_smtp_connect, &user_msg, + &log_msg)) != OK) { - (void)smtp_handle_acl_fail(ACL_WHERE_CONNECT, rc, user_msg, log_msg); + (void) smtp_handle_acl_fail(ACL_WHERE_CONNECT, rc, user_msg, log_msg); return FALSE; } } @@ -2353,10 +2501,9 @@ code = US"220"; /* Default status code */ esc = US""; /* Default extended status code */ esclen = 0; /* Length of esc */ -if (user_msg == NULL) +if (!user_msg) { - s = expand_string(smtp_banner); - if (s == NULL) + if (!(s = expand_string(smtp_banner))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" (smtp_banner) " "failed: %s", smtp_banner, expand_string_message); } @@ -2395,20 +2542,20 @@ do /* At least once, in case we have an empty string */ { int len; uschar *linebreak = Ustrchr(p, '\n'); - ss = string_cat(ss, &size, &ptr, code, 3); + ss = string_catn(ss, &size, &ptr, code, 3); if (linebreak == NULL) { len = Ustrlen(p); - ss = string_cat(ss, &size, &ptr, US" ", 1); + ss = string_catn(ss, &size, &ptr, US" ", 1); } else { len = linebreak - p; - ss = string_cat(ss, &size, &ptr, US"-", 1); + ss = string_catn(ss, &size, &ptr, US"-", 1); } - ss = string_cat(ss, &size, &ptr, esc, esclen); - ss = string_cat(ss, &size, &ptr, p, len); - ss = string_cat(ss, &size, &ptr, US"\r\n", 2); + ss = string_catn(ss, &size, &ptr, esc, esclen); + ss = string_catn(ss, &size, &ptr, p, len); + ss = string_catn(ss, &size, &ptr, US"\r\n", 2); p += len; if (linebreak != NULL) p++; } @@ -2708,16 +2855,16 @@ uschar *lognl; uschar *sender_info = US""; uschar *what = #ifdef WITH_CONTENT_SCAN - (where == ACL_WHERE_MIME)? US"during MIME ACL checks" : + where == ACL_WHERE_MIME ? US"during MIME ACL checks" : #endif - (where == ACL_WHERE_PREDATA)? US"DATA" : - (where == ACL_WHERE_DATA)? US"after DATA" : + where == ACL_WHERE_PREDATA ? US"DATA" : + where == ACL_WHERE_DATA ? US"after DATA" : #ifndef DISABLE_PRDR - (where == ACL_WHERE_PRDR)? US"after DATA PRDR" : + where == ACL_WHERE_PRDR ? US"after DATA PRDR" : #endif - (smtp_cmd_data == NULL)? - string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]) : - string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data); + smtp_cmd_data ? + string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data) : + string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]); if (drop) rc = FAIL; @@ -2794,16 +2941,16 @@ if (sender_verified_failed != NULL && /* Sort out text for logging */ -log_msg = (log_msg == NULL)? US"" : string_sprintf(": %s", log_msg); -lognl = Ustrchr(log_msg, '\n'); -if (lognl != NULL) *lognl = 0; +log_msg = log_msg ? string_sprintf(": %s", log_msg) : US""; +if ((lognl = Ustrchr(log_msg, '\n'))) *lognl = 0; /* Send permanent failure response to the command, but the code used isn't always a 5xx one - see comments at the start of this function. If the original rc was FAIL_DROP we drop the connection and yield 2. */ -if (rc == FAIL) smtp_respond(smtp_code, codelen, TRUE, (user_msg == NULL)? - US"Administrative prohibition" : user_msg); +if (rc == FAIL) + smtp_respond(smtp_code, codelen, TRUE, + user_msg ? user_msg : US"Administrative prohibition"); /* Send temporary failure response to the command. Don't give any details, unless acl_temp_details is set. This is TRUE for a callout defer, a "defer" @@ -2814,21 +2961,19 @@ interactions between temp_details and return_error_details. One day it should be re-implemented in a tidier fashion. */ else - { - if (acl_temp_details && user_msg != NULL) + if (acl_temp_details && user_msg) { - if (smtp_return_error_details && - sender_verified_failed != NULL && - sender_verified_failed->message != NULL) - { + if ( smtp_return_error_details + && sender_verified_failed + && sender_verified_failed->message + ) smtp_respond(smtp_code, codelen, FALSE, sender_verified_failed->message); - } + smtp_respond(smtp_code, codelen, TRUE, user_msg); } else smtp_respond(smtp_code, codelen, TRUE, US"Temporary local problem - please try later"); - } /* Log the incident to the logs that are specified by log_reject_target (default main, reject). This can be empty to suppress logging of rejections. If @@ -2838,14 +2983,19 @@ is closing if required and return 2. */ if (log_reject_target != 0) { #ifdef SUPPORT_TLS - uschar * s = s_tlslog(NULL, NULL, NULL); - if (!s) s = US""; + uschar * tls = s_tlslog(NULL, NULL, NULL); + if (!tls) tls = US""; #else - uschar * s = US""; + uschar * tls = US""; #endif - log_write(0, log_reject_target, "%s%s %s%srejected %s%s", - host_and_ident(TRUE), s, - sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg); + log_write(where == ACL_WHERE_CONNECT ? L_connection_reject : 0, + log_reject_target, "%s%s%s %s%srejected %s%s", + LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"", + host_and_ident(TRUE), + tls, + sender_info, + rc == FAIL ? US"" : US"temporarily ", + what, log_msg); } if (!drop) return 0; @@ -2908,12 +3058,11 @@ smtp_exit_function_called = TRUE; /* Call the not-QUIT ACL, if there is one, unless no reason is given. */ -if (acl_smtp_notquit != NULL && reason != NULL) +if (acl_smtp_notquit && reason) { smtp_notquit_reason = reason; - rc = acl_check(ACL_WHERE_NOTQUIT, NULL, acl_smtp_notquit, &user_msg, - &log_msg); - if (rc == ERROR) + if ((rc = acl_check(ACL_WHERE_NOTQUIT, NULL, acl_smtp_notquit, &user_msg, + &log_msg)) == ERROR) log_write(0, LOG_MAIN|LOG_PANIC, "ACL for not-QUIT returned ERROR: %s", log_msg); } @@ -2923,9 +3072,11 @@ responses are all internal, they should always fit in the buffer, but code a warning, just in case. Note that string_vformat() still leaves a complete string, even if it is incomplete. */ -if (code != NULL && defaultrespond != NULL) +if (code && defaultrespond) { - if (user_msg == NULL) + if (user_msg) + smtp_respond(code, 3, TRUE, user_msg); + else { uschar buffer[128]; va_list ap; @@ -2935,8 +3086,6 @@ if (code != NULL && defaultrespond != NULL) smtp_printf("%s %s\r\n", code, buffer); va_end(ap); } - else - smtp_respond(code, 3, TRUE, user_msg); mac_smtp_fflush(); } } @@ -3212,6 +3361,68 @@ return rc; + + +static int +qualify_recipient(uschar ** recipient, uschar * smtp_cmd_data, uschar * tag) +{ +int rd; +if (allow_unqualified_recipient || strcmpic(*recipient, US"postmaster") == 0) + { + DEBUG(D_receive) debug_printf("unqualified address %s accepted\n", + *recipient); + rd = Ustrlen(recipient) + 1; + *recipient = rewrite_address_qualify(*recipient, TRUE); + return rd; + } +smtp_printf("501 %s: recipient address must contain a domain\r\n", + smtp_cmd_data); +log_write(L_smtp_syntax_error, + LOG_MAIN|LOG_REJECT, "unqualified %s rejected: <%s> %s%s", + tag, *recipient, host_and_ident(TRUE), host_lookup_msg); +return 0; +} + + + + +static void +smtp_quit_handler(uschar ** user_msgp, uschar ** log_msgp) +{ +HAD(SCH_QUIT); +incomplete_transaction_log(US"QUIT"); +if (acl_smtp_quit) + { + int rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, user_msgp, log_msgp); + if (rc == ERROR) + log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s", + *log_msgp); + } +if (*user_msgp) + smtp_respond(US"221", 3, TRUE, *user_msgp); +else + smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); + +#ifdef SUPPORT_TLS +tls_close(TRUE, TRUE); +#endif + +log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT", + smtp_get_connection_info()); +} + + +static void +smtp_rset_handler(void) +{ +HAD(SCH_RSET); +incomplete_transaction_log(US"RSET"); +smtp_printf("250 Reset OK\r\n"); +cmd_list[CMD_LIST_RSET].is_mail_cmd = FALSE; +} + + + /************************************************* * Initialize for SMTP incoming message * *************************************************/ @@ -3258,6 +3469,8 @@ for the host). Note: we do NOT reset AUTH at this point. */ smtp_reset(reset_point); message_ended = END_NOTSTARTED; +chunking_state = chunking_offered ? CHUNKING_OFFERED : CHUNKING_NOT_OFFERED; + cmd_list[CMD_LIST_RSET].is_mail_cmd = TRUE; cmd_list[CMD_LIST_HELO].is_mail_cmd = TRUE; cmd_list[CMD_LIST_EHLO].is_mail_cmd = TRUE; @@ -3323,14 +3536,20 @@ while (done <= 0) smtp_cmd_data = NULL; if (smtp_in_auth(au, &s, &ss) == OK) - DEBUG(D_auth) debug_printf("tls auth succeeded\n"); + { DEBUG(D_auth) debug_printf("tls auth succeeded\n"); } else - DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); + { DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); } break; } } #endif +#ifdef TCP_QUICKACK + if (smtp_in) /* Avoid pure-ACKs while in cmd pingpong phase */ + (void) setsockopt(fileno(smtp_in), IPPROTO_TCP, TCP_QUICKACK, + US &off, sizeof(off)); +#endif + switch(smtp_read_command(TRUE)) { /* The AUTH command is not permitted to occur inside a transaction, and may @@ -3593,10 +3812,9 @@ while (done <= 0) if (sender_host_address != NULL) { - s = string_cat(s, &size, &ptr, US" [", 2); - s = string_cat(s, &size, &ptr, sender_host_address, - Ustrlen(sender_host_address)); - s = string_cat(s, &size, &ptr, US"]", 1); + s = string_catn(s, &size, &ptr, US" [", 2); + s = string_cat (s, &size, &ptr, sender_host_address); + s = string_catn(s, &size, &ptr, US"]", 1); } } @@ -3620,7 +3838,7 @@ while (done <= 0) size = ptr + 1; } - s = string_cat(s, &size, &ptr, US"\r\n", 2); + s = string_catn(s, &size, &ptr, US"\r\n", 2); /* If we received EHLO, we must create a multiline response which includes the functions supported. */ @@ -3639,12 +3857,12 @@ while (done <= 0) { sprintf(CS big_buffer, "%.3s-SIZE %d\r\n", smtp_code, thismessage_size_limit); - s = string_cat(s, &size, &ptr, big_buffer, Ustrlen(big_buffer)); + s = string_cat(s, &size, &ptr, big_buffer); } else { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-SIZE\r\n", 7); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-SIZE\r\n", 7); } /* Exim does not do protocol conversion or data conversion. It is 8-bit @@ -3656,15 +3874,15 @@ while (done <= 0) if (accept_8bitmime) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-8BITMIME\r\n", 11); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-8BITMIME\r\n", 11); } /* Advertise DSN support if configured to do so. */ if (verify_check_host(&dsn_advertise_hosts) != FAIL) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-DSN\r\n", 6); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-DSN\r\n", 6); dsn_advertised = TRUE; } @@ -3673,8 +3891,8 @@ while (done <= 0) if (acl_smtp_etrn != NULL) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-ETRN\r\n", 7); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-ETRN\r\n", 7); } /* Advertise EXPN if there's an ACL checking whether a host is @@ -3682,8 +3900,8 @@ while (done <= 0) if (acl_smtp_expn != NULL) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-EXPN\r\n", 7); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-EXPN\r\n", 7); } /* Exim is quite happy with pipelining, so let the other end know that @@ -3692,8 +3910,8 @@ while (done <= 0) if (pipelining_enable && verify_check_host(&pipelining_advertise_hosts) == OK) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-PIPELINING\r\n", 13); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-PIPELINING\r\n", 13); sync_cmd_limit = NON_SYNC_CMD_PIPELINING; pipelining_advertised = TRUE; } @@ -3726,24 +3944,33 @@ while (done <= 0) int saveptr; if (first) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-AUTH", 5); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-AUTH", 5); first = FALSE; auth_advertised = TRUE; } saveptr = ptr; - s = string_cat(s, &size, &ptr, US" ", 1); - s = string_cat(s, &size, &ptr, au->public_name, - Ustrlen(au->public_name)); + s = string_catn(s, &size, &ptr, US" ", 1); + s = string_cat (s, &size, &ptr, au->public_name); while (++saveptr < ptr) s[saveptr] = toupper(s[saveptr]); au->advertised = TRUE; } else au->advertised = FALSE; - if (!first) s = string_cat(s, &size, &ptr, US"\r\n", 2); + if (!first) s = string_catn(s, &size, &ptr, US"\r\n", 2); } + /* RFC 3030 CHUNKING */ + + if (verify_check_host(&chunking_advertise_hosts) != FAIL) + { + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-CHUNKING\r\n", 11); + chunking_offered = TRUE; + chunking_state = CHUNKING_OFFERED; + } + /* Advertise TLS (Transport Level Security) aka SSL (Secure Socket Layer) if it has been included in the binary, and the host matches tls_advertise_hosts. We must *not* advertise if we are already in a @@ -3753,8 +3980,8 @@ while (done <= 0) if (tls_in.active < 0 && verify_check_host(&tls_advertise_hosts) != FAIL) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-STARTTLS\r\n", 11); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-STARTTLS\r\n", 11); tls_advertised = TRUE; } #endif @@ -3763,8 +3990,8 @@ while (done <= 0) /* Per Recipient Data Response, draft by Eric A. Hall extending RFC */ if (prdr_enable) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-PRDR\r\n", 7); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-PRDR\r\n", 7); } #endif @@ -3772,16 +3999,16 @@ while (done <= 0) if ( accept_8bitmime && verify_check_host(&smtputf8_advertise_hosts) != FAIL) { - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US"-SMTPUTF8\r\n", 11); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-SMTPUTF8\r\n", 11); smtputf8_advertised = TRUE; } #endif /* Finish off the multiline reply with one that is always available. */ - s = string_cat(s, &size, &ptr, smtp_code, 3); - s = string_cat(s, &size, &ptr, US" HELP\r\n", 7); + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US" HELP\r\n", 7); } /* Terminate the string (for debug), write it, and note that HELO/EHLO @@ -4100,13 +4327,11 @@ while (done <= 0) global_rewrite_rules) : smtp_cmd_data; - /* rfc821_domains = TRUE; << no longer needed */ raw_sender = parse_extract_address(raw_sender, &errmess, &start, &end, &sender_domain, TRUE); - /* rfc821_domains = FALSE; << no longer needed */ - if (raw_sender == NULL) + if (!raw_sender) { done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_data, errmess); break; @@ -4351,16 +4576,13 @@ while (done <= 0) /* Apply SMTP rewriting then extract the working address. Don't allow "<>" as a recipient address */ - recipient = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", - global_rewrite_rules) : smtp_cmd_data; - - /* rfc821_domains = TRUE; << no longer needed */ - recipient = parse_extract_address(recipient, &errmess, &start, &end, - &recipient_domain, FALSE); - /* rfc821_domains = FALSE; << no longer needed */ + recipient = rewrite_existflags & rewrite_smtp + ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", + global_rewrite_rules) + : smtp_cmd_data; - if (recipient == NULL) + if (!(recipient = parse_extract_address(recipient, &errmess, &start, &end, + &recipient_domain, FALSE))) { done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_data, errmess); rcpt_fail_count++; @@ -4379,27 +4601,12 @@ while (done <= 0) we must always qualify this address, regardless. */ if (recipient_domain == 0) - { - if (allow_unqualified_recipient || - strcmpic(recipient, US"postmaster") == 0) - { - DEBUG(D_receive) debug_printf("unqualified address %s accepted\n", - recipient); - recipient_domain = Ustrlen(recipient) + 1; - recipient = rewrite_address_qualify(recipient, TRUE); - } - else + if (!(recipient_domain = qualify_recipient(&recipient, smtp_cmd_data, + US"recipient"))) { rcpt_fail_count++; - smtp_printf("501 %s: recipient address must contain a domain\r\n", - smtp_cmd_data); - log_write(L_smtp_syntax_error, - LOG_MAIN|LOG_REJECT, "unqualified recipient rejected: " - "<%s> %s%s", recipient, host_and_ident(TRUE), - host_lookup_msg); break; } - } /* Check maximum allowed */ @@ -4446,20 +4653,22 @@ while (done <= 0) there may be a delay in this, re-check for a synchronization error afterwards, unless pipelining was advertised. */ - if (recipients_discarded) rc = DISCARD; else - { - rc = acl_check(ACL_WHERE_RCPT, recipient, acl_smtp_rcpt, &user_msg, - &log_msg); - if (rc == OK && !pipelining_advertised && !check_sync()) + if (recipients_discarded) + rc = DISCARD; + else + if ( (rc = acl_check(ACL_WHERE_RCPT, recipient, acl_smtp_rcpt, &user_msg, + &log_msg)) == OK + && !pipelining_advertised && !check_sync()) goto SYNC_FAILURE; - } /* The ACL was happy */ if (rc == OK) { - if (user_msg == NULL) smtp_printf("250 Accepted\r\n"); - else smtp_user_msg(US"250", user_msg); + if (user_msg) + smtp_user_msg(US"250", user_msg); + else + smtp_printf("250 Accepted\r\n"); receive_add_recipient(recipient, -1); /* Set the dsn flags in the recipients_list */ @@ -4475,8 +4684,10 @@ while (done <= 0) else if (rc == DISCARD) { - if (user_msg == NULL) smtp_printf("250 Accepted\r\n"); - else smtp_user_msg(US"250", user_msg); + if (user_msg) + smtp_user_msg(US"250", user_msg); + else + smtp_printf("250 Accepted\r\n"); rcpt_fail_count++; discarded = TRUE; log_write(0, LOG_MAIN|LOG_REJECT, "%s F=<%s> RCPT %s: " @@ -4516,8 +4727,44 @@ while (done <= 0) (often indicating some kind of system error), it is helpful to include it with the DATA rejection (an idea suggested by Tony Finch). */ + case BDAT_CMD: + HAD(SCH_BDAT); + { + int n; + + if (chunking_state != CHUNKING_OFFERED) + { + done = synprot_error(L_smtp_protocol_error, 503, NULL, + US"BDAT command used when CHUNKING not advertised"); + break; + } + + /* grab size, endmarker */ + + if (sscanf(CS smtp_cmd_data, "%u %n", &chunking_datasize, &n) < 1) + { + done = synprot_error(L_smtp_protocol_error, 501, NULL, + US"missing size for BDAT command"); + break; + } + chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 + ? CHUNKING_LAST : CHUNKING_ACTIVE; + chunking_data_left = chunking_datasize; + + lwr_receive_getc = receive_getc; + lwr_receive_ungetc = receive_ungetc; + receive_getc = bdat_getc; + receive_ungetc = bdat_ungetc; + + DEBUG(D_any) + debug_printf("chunking state %d\n", (int)chunking_state); + goto DATA_BDAT; + } + case DATA_CMD: HAD(SCH_DATA); + + DATA_BDAT: /* Common code for DATA and BDAT */ if (!discarded && recipients_count <= 0) { if (rcpt_smtp_response_same && rcpt_smtp_response != NULL) @@ -4532,10 +4779,16 @@ while (done <= 0) smtp_respond(code, 3, FALSE, rcpt_smtp_response); } if (pipelining_advertised && last_was_rcpt) - smtp_printf("503 Valid RCPT command must precede DATA\r\n"); + smtp_printf("503 Valid RCPT command must precede %s\r\n", + smtp_names[smtp_connection_had[smtp_ch_index-1]]); else done = synprot_error(L_smtp_protocol_error, 503, NULL, - US"valid RCPT command must precede DATA"); + smtp_connection_had[smtp_ch_index-1] == SCH_DATA + ? US"valid RCPT command must precede DATA" + : US"valid RCPT command must precede BDAT"); + + if (chunking_state > CHUNKING_OFFERED) + bdat_flush_data(); break; } @@ -4547,35 +4800,48 @@ while (done <= 0) break; } - /* If there is an ACL, re-check the synchronization afterwards, since the - ACL may have delayed. To handle cutthrough delivery enforce a dummy call - to get the DATA command sent. */ - - if (acl_smtp_predata == NULL && cutthrough.fd < 0) rc = OK; else + if (chunking_state > CHUNKING_OFFERED) + rc = OK; /* No predata ACL or go-ahead output for BDAT */ + else { - uschar * acl= acl_smtp_predata ? acl_smtp_predata : US"accept"; - enable_dollar_recipients = TRUE; - rc = acl_check(ACL_WHERE_PREDATA, NULL, acl, &user_msg, - &log_msg); - enable_dollar_recipients = FALSE; - if (rc == OK && !check_sync()) goto SYNC_FAILURE; - } + /* If there is an ACL, re-check the synchronization afterwards, since the + ACL may have delayed. To handle cutthrough delivery enforce a dummy call + to get the DATA command sent. */ - if (rc == OK) - { - uschar * code; - code = US"354"; - if (user_msg == NULL) - smtp_printf("%s Enter message, ending with \".\" on a line by itself\r\n", code); - else smtp_user_msg(code, user_msg); - done = 3; - message_ended = END_NOTENDED; /* Indicate in middle of data */ + if (acl_smtp_predata == NULL && cutthrough.fd < 0) + rc = OK; + else + { + uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept"; + enable_dollar_recipients = TRUE; + rc = acl_check(ACL_WHERE_PREDATA, NULL, acl, &user_msg, + &log_msg); + enable_dollar_recipients = FALSE; + if (rc == OK && !check_sync()) + goto SYNC_FAILURE; + + if (rc != OK) + { /* Either the ACL failed the address, or it was deferred. */ + done = smtp_handle_acl_fail(ACL_WHERE_PREDATA, rc, user_msg, log_msg); + break; + } + } + + if (user_msg) + smtp_user_msg(US"354", user_msg); + else + smtp_printf( + "354 Enter message, ending with \".\" on a line by itself\r\n"); } - /* Either the ACL failed the address, or it was deferred. */ +#ifdef TCP_QUICKACK + if (smtp_in) /* all ACKs needed to ramp window up for bulk data */ + (void) setsockopt(fileno(smtp_in), IPPROTO_TCP, TCP_QUICKACK, + US &on, sizeof(on)); +#endif + done = 3; + message_ended = END_NOTENDED; /* Indicate in middle of data */ - else - done = smtp_handle_acl_fail(ACL_WHERE_PREDATA, rc, user_msg, log_msg); break; @@ -4585,18 +4851,26 @@ while (done <= 0) HAD(SCH_VRFY); - if(!(address = parse_extract_address(smtp_cmd_data, &errmess, &start, &end, - &recipient_domain, FALSE))) + if (!(address = parse_extract_address(smtp_cmd_data, &errmess, + &start, &end, &recipient_domain, FALSE))) + { smtp_printf("501 %s\r\n", errmess); + break; + } + + if (recipient_domain == 0) + if (!(recipient_domain = qualify_recipient(&address, smtp_cmd_data, + US"verify"))) + break; - else if ((rc = acl_check(ACL_WHERE_VRFY, address, acl_smtp_vrfy, + if ((rc = acl_check(ACL_WHERE_VRFY, address, acl_smtp_vrfy, &user_msg, &log_msg)) != OK) done = smtp_handle_acl_fail(ACL_WHERE_VRFY, rc, user_msg, log_msg); else { - uschar *s = NULL; + uschar * s = NULL; + address_item * addr = deliver_make_addr(address, FALSE); - address_item *addr = deliver_make_addr(address, FALSE); switch(verify_address(addr, NULL, vopt_is_recipient | vopt_qualify, -1, -1, -1, NULL, NULL, NULL)) { @@ -4686,7 +4960,7 @@ while (done <= 0) if (receive_smtp_buffered()) { DEBUG(D_any) - debug_printf("Non-empty input buffer after STARTTLS; naive attack?"); + debug_printf("Non-empty input buffer after STARTTLS; naive attack?\n"); if (tls_in.active < 0) smtp_inend = smtp_inptr = smtp_inbuffer; /* and if TLS is already active, tls_server_start() should fail */ @@ -4753,45 +5027,39 @@ while (done <= 0) set, but we must still reject all incoming commands. */ DEBUG(D_tls) debug_printf("TLS failed to start\n"); - while (done <= 0) + while (done <= 0) switch(smtp_read_command(FALSE)) { - switch(smtp_read_command(FALSE)) - { - case EOF_CMD: - log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF", - smtp_get_connection_info()); - smtp_notquit_exit(US"tls-failed", NULL, NULL); - done = 2; - break; - - /* It is perhaps arguable as to which exit ACL should be called here, - but as it is probably a situation that almost never arises, it - probably doesn't matter. We choose to call the real QUIT ACL, which in - some sense is perhaps "right". */ + case EOF_CMD: + log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF", + smtp_get_connection_info()); + smtp_notquit_exit(US"tls-failed", NULL, NULL); + done = 2; + break; - case QUIT_CMD: - user_msg = NULL; - if (acl_smtp_quit != NULL) - { - rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, &user_msg, - &log_msg); - if (rc == ERROR) - log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s", - log_msg); - } - if (user_msg == NULL) - smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); - else - smtp_respond(US"221", 3, TRUE, user_msg); - log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT", - smtp_get_connection_info()); - done = 2; - break; + /* It is perhaps arguable as to which exit ACL should be called here, + but as it is probably a situation that almost never arises, it + probably doesn't matter. We choose to call the real QUIT ACL, which in + some sense is perhaps "right". */ + + case QUIT_CMD: + user_msg = NULL; + if ( acl_smtp_quit + && ((rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, &user_msg, + &log_msg)) == ERROR)) + log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s", + log_msg); + if (user_msg) + smtp_respond(US"221", 3, TRUE, user_msg); + else + smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); + log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT", + smtp_get_connection_info()); + done = 2; + break; - default: - smtp_printf("554 Security failure\r\n"); - break; - } + default: + smtp_printf("554 Security failure\r\n"); + break; } tls_close(TRUE, TRUE); break; @@ -4803,37 +5071,15 @@ while (done <= 0) message. */ case QUIT_CMD: - HAD(SCH_QUIT); - incomplete_transaction_log(US"QUIT"); - if (acl_smtp_quit != NULL) - { - rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, &user_msg, &log_msg); - if (rc == ERROR) - log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s", - log_msg); - } - if (user_msg == NULL) - smtp_printf("221 %s closing connection\r\n", smtp_active_hostname); - else - smtp_respond(US"221", 3, TRUE, user_msg); - - #ifdef SUPPORT_TLS - tls_close(TRUE, TRUE); - #endif - + smtp_quit_handler(&user_msg, &log_msg); done = 2; - log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT", - smtp_get_connection_info()); break; case RSET_CMD: - HAD(SCH_RSET); - incomplete_transaction_log(US"RSET"); + smtp_rset_handler(); smtp_reset(reset_point); toomany = FALSE; - smtp_printf("250 Reset OK\r\n"); - cmd_list[CMD_LIST_RSET].is_mail_cmd = FALSE; break; @@ -4860,7 +5106,7 @@ while (done <= 0) verify_check_host(&tls_advertise_hosts) != FAIL) Ustrcat(buffer, " STARTTLS"); #endif - Ustrcat(buffer, " HELO EHLO MAIL RCPT DATA"); + Ustrcat(buffer, " HELO EHLO MAIL RCPT DATA BDAT"); Ustrcat(buffer, " NOOP QUIT RSET HELP"); if (acl_smtp_etrn != NULL) Ustrcat(buffer, " ETRN"); if (acl_smtp_expn != NULL) Ustrcat(buffer, " EXPN"); @@ -4950,8 +5196,10 @@ while (done <= 0) break; } etrn_command = US"exim -R"; - argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, NULL, TRUE, 2, US"-R", - smtp_cmd_data); + argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, NULL, TRUE, + *queue_name ? 4 : 2, + US"-R", smtp_cmd_data, + US"-MCG", queue_name); } /* If we are host-testing, don't actually do anything. */ diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index c55b29254..3154c9767 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* A number of functions for driving outgoing SMTP calls. */ @@ -41,10 +41,9 @@ const uschar * expint; uschar *iface; int sep = 0; -if (istring == NULL) return TRUE; +if (!istring) return TRUE; -expint = expand_string(istring); -if (expint == NULL) +if (!(expint = expand_string(istring))) { if (expand_string_forcedfail) return TRUE; addr->transport_return = PANIC; @@ -57,7 +56,7 @@ while (isspace(*expint)) expint++; if (*expint == 0) return TRUE; while ((iface = string_nextinlist(&expint, &sep, big_buffer, - big_buffer_size)) != NULL) + big_buffer_size))) { if (string_is_ip_address(iface, NULL) == 0) { @@ -72,7 +71,7 @@ while ((iface = string_nextinlist(&expint, &sep, big_buffer, break; } -if (iface != NULL) *interface = string_copy(iface); +if (iface) *interface = string_copy(iface); return TRUE; } @@ -152,8 +151,8 @@ int dscp_value; int dscp_level; int dscp_option; int sock; -int on = 1; int save_errno = 0; +BOOL fastopen = FALSE; #ifndef DISABLE_EVENT deliver_host_address = host->address; @@ -165,7 +164,9 @@ if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1; /* Set TCP_NODELAY; Exim does its own buffering. */ -setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (uschar *)(&on), sizeof(on)); +if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on))) + HDEBUG(D_transport|D_acl|D_v) + debug_printf("failed to set NODELAY: %s ", strerror(errno)); /* Set DSCP value, if we can. For now, if we fail to set the value, we don't bomb out, just log it and continue in default traffic class. */ @@ -184,6 +185,10 @@ if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value)) (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)); } +#ifdef TCP_FASTOPEN +if (verify_check_given_host (&ob->hosts_try_fastopen, host) == OK) fastopen = TRUE; +#endif + /* Bind to a specific interface if requested. Caller must ensure the interface is the same type (IPv4 or IPv6) as the outgoing address. */ @@ -198,7 +203,7 @@ if (interface && ip_bind(sock, host_af, interface, 0) < 0) /* Connect to the remote host, and add keepalive to the socket before returning it, if requested. */ -else if (ip_connect(sock, host_af, host->address, port, timeout) < 0) +else if (ip_connect(sock, host_af, host->address, port, timeout, fastopen) < 0) save_errno = errno; /* Either bind() or connect() failed */ @@ -322,14 +327,16 @@ static BOOL flush_buffer(smtp_outblock *outblock) { int rc; +int n = outblock->ptr - outblock->buffer; +HDEBUG(D_transport|D_acl) debug_printf("cmd buf flush %d bytes\n", n); #ifdef SUPPORT_TLS if (tls_out.active == outblock->sock) - rc = tls_write(FALSE, outblock->buffer, outblock->ptr - outblock->buffer); + rc = tls_write(FALSE, outblock->buffer, n); else #endif + rc = send(outblock->sock, outblock->buffer, n, 0); -rc = send(outblock->sock, outblock->buffer, outblock->ptr - outblock->buffer, 0); if (rc <= 0) { HDEBUG(D_transport|D_acl) debug_printf("send failed: %s\n", strerror(errno)); @@ -355,6 +362,7 @@ Arguments: noflush if TRUE, save the command in the output buffer, for pipelining format a format, starting with one of of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT. + If NULL, flush pipeline buffer only. ... data for the format Returns: 0 if command added to pipelining buffer, with nothing transmitted @@ -369,48 +377,51 @@ int count; int rc = 0; va_list ap; -va_start(ap, format); -if (!string_vformat(big_buffer, big_buffer_size, CS format, ap)) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing " - "SMTP"); -va_end(ap); -count = Ustrlen(big_buffer); - -if (count > outblock->buffersize) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing " - "SMTP"); - -if (count > outblock->buffersize - (outblock->ptr - outblock->buffer)) +if (format) { - rc = outblock->cmd_count; /* flush resets */ - if (!flush_buffer(outblock)) return -1; - } + va_start(ap, format); + if (!string_vformat(big_buffer, big_buffer_size, CS format, ap)) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing " + "SMTP"); + va_end(ap); + count = Ustrlen(big_buffer); + + if (count > outblock->buffersize) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing " + "SMTP"); + + if (count > outblock->buffersize - (outblock->ptr - outblock->buffer)) + { + rc = outblock->cmd_count; /* flush resets */ + if (!flush_buffer(outblock)) return -1; + } -Ustrncpy(CS outblock->ptr, big_buffer, count); -outblock->ptr += count; -outblock->cmd_count++; -count -= 2; -big_buffer[count] = 0; /* remove \r\n for error message */ + Ustrncpy(CS outblock->ptr, big_buffer, count); + outblock->ptr += count; + outblock->cmd_count++; + count -= 2; + big_buffer[count] = 0; /* remove \r\n for error message */ -/* We want to hide the actual data sent in AUTH transactions from reflections -and logs. While authenticating, a flag is set in the outblock to enable this. -The AUTH command itself gets any data flattened. Other lines are flattened -completely. */ + /* We want to hide the actual data sent in AUTH transactions from reflections + and logs. While authenticating, a flag is set in the outblock to enable this. + The AUTH command itself gets any data flattened. Other lines are flattened + completely. */ -if (outblock->authenticating) - { - uschar *p = big_buffer; - if (Ustrncmp(big_buffer, "AUTH ", 5) == 0) + if (outblock->authenticating) { - p += 5; - while (isspace(*p)) p++; - while (!isspace(*p)) p++; - while (isspace(*p)) p++; + uschar *p = big_buffer; + if (Ustrncmp(big_buffer, "AUTH ", 5) == 0) + { + p += 5; + while (isspace(*p)) p++; + while (!isspace(*p)) p++; + while (isspace(*p)) p++; + } + while (*p != 0) *p++ = '*'; } - while (*p != 0) *p++ = '*'; - } -HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> %s\n", big_buffer); + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> %s\n", big_buffer); + } if (!noflush) { @@ -525,7 +536,7 @@ Arguments: buffer where to put the response size the size of the buffer okdigit the expected first digit of the response - timeout the timeout to use + timeout the timeout to use, in seconds Returns: TRUE if a valid, non-error response was received; else FALSE */ diff --git a/src/src/spam.c b/src/src/spam.c index 6a0ca3c20..93c0a540d 100644 --- a/src/src/spam.c +++ b/src/src/spam.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ /* Code for calling spamassassin's spamd. Called from acl.c. */ @@ -139,7 +141,7 @@ long rnd, weights; unsigned pri; static BOOL srandomed = FALSE; -/* seedup, if we have only 1 server */ +/* speedup, if we have only 1 server */ if (num_servers == 1) return (spamds[0]->is_failed ? -1 : 0); @@ -367,13 +369,6 @@ start = time(NULL); } } -if (spamd_sock == -1) - { - log_write(0, LOG_MAIN|LOG_PANIC, - "programming fault, spamd_sock unexpectedly unset"); - goto defer; - } - (void)fcntl(spamd_sock, F_SETFL, O_NONBLOCK); /* now we are connected to spamd on spamd_sock */ if (sd->is_rspamd) @@ -499,7 +494,8 @@ if (ferror(mbox_file)) (void)fclose(mbox_file); /* we're done sending, close socket for writing */ -shutdown(spamd_sock,SHUT_WR); +if (!sd->is_rspamd) + shutdown(spamd_sock,SHUT_WR); /* read spamd response using what's left of the timeout. */ memset(spamd_buffer, 0, sizeof(spamd_buffer)); @@ -507,8 +503,9 @@ offset = 0; while ((i = ip_recv(spamd_sock, spamd_buffer + offset, sizeof(spamd_buffer) - offset - 1, - sd->timeout - time(NULL) + start)) > 0 ) + sd->timeout - time(NULL) + start)) > 0) offset += i; +spamd_buffer[offset] = '\0'; /* guard byte */ /* error handling */ if (i <= 0 && errno != 0) @@ -525,10 +522,12 @@ if (i <= 0 && errno != 0) if (sd->is_rspamd) { /* rspamd variant of reply */ int r; - if ((r = sscanf(CS spamd_buffer, + if ( (r = sscanf(CS spamd_buffer, "RSPAMD/%7s 0 EX_OK\r\nMetric: default; %7s %lf / %lf / %lf\r\n%n", spamd_version, spamd_short_result, &spamd_score, &spamd_threshold, - &spamd_reject_score, &spamd_report_offset)) != 5) + &spamd_reject_score, &spamd_report_offset)) != 5 + || spamd_report_offset >= offset /* verify within buffer */ + ) { log_write(0, LOG_MAIN|LOG_PANIC, "%s cannot parse spamd %s, output: %d", loglabel, callout_address, r); diff --git a/src/src/spf.c b/src/src/spf.c index 7167f5778..9ab56af23 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -4,7 +4,9 @@ /* Experimental SPF support. Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014 - License: GPL */ + License: GPL + Copyright (c) The Exim Maintainers 2016 +*/ /* Code for calling spf checks via libspf-alt. Called from acl.c. */ @@ -74,9 +76,9 @@ int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) { context (if any), retrieves the result, sets up expansion strings and evaluates the condition outcome. */ -int spf_process(uschar **listptr, uschar *spf_envelope_sender, int action) { +int spf_process(const uschar **listptr, uschar *spf_envelope_sender, int action) { int sep = 0; - uschar *list = *listptr; + const uschar *list = *listptr; uschar *spf_result_id; uschar spf_result_id_buffer[128]; int rc = SPF_RESULT_PERMERROR; diff --git a/src/src/spf.h b/src/src/spf.h index 0ce5d007a..2a7c04094 100644 --- a/src/src/spf.h +++ b/src/src/spf.h @@ -4,13 +4,15 @@ /* Experimental SPF support. Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - License: GPL */ + License: GPL + Copyright (c) The Exim Maintainers 2016 +*/ #ifdef EXPERIMENTAL_SPF /* Yes, we do have ns_type. spf.h redefines it if we don't set this. Doh */ #ifndef HAVE_NS_TYPE -#define HAVE_NS_TYPE +# define HAVE_NS_TYPE #endif #include <spf2/spf.h> @@ -24,7 +26,7 @@ typedef struct spf_result_id { /* prototypes */ int spf_init(uschar *,uschar *); -int spf_process(uschar **, uschar *, int); +int spf_process(const uschar **, uschar *, int); #define SPF_PROCESS_NORMAL 0 #define SPF_PROCESS_GUESS 1 diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 59192ef30..e1d6e3422 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for reading spool files. When compiling for a utility (eximon), @@ -25,19 +25,21 @@ fact it won't be written to. Just in case there's a major disaster (e.g. overwriting some other file descriptor with the value of this one), open it with append. +As called by deliver_message() (at least) we are operating as root. + Argument: the id of the message -Returns: TRUE if file successfully opened and locked +Returns: fd if file successfully opened and locked, else -1 -Side effect: deliver_datafile is set to the fd of the open file. +Side effect: message_subdir is set for the (possibly split) spool directory */ -BOOL +int spool_open_datafile(uschar *id) { int i; struct stat statbuf; flock_t lock_data; -uschar spoolname[256]; +int fd; /* If split_spool_directory is set, first look for the file in the appropriate sub-directory of the input directory. If it is not found there, try the input @@ -48,22 +50,33 @@ splitting state. */ for (i = 0; i < 2; i++) { + uschar * fname; int save_errno; - message_subdir[0] = (split_spool_directory == (i == 0))? id[5] : 0; - sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); - deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0); - if (deliver_datafile >= 0) break; + + message_subdir[0] = split_spool_directory == i ? '\0' : id[5]; + fname = spool_fname(US"input", message_subdir, id, US"-D"); + DEBUG(D_deliver) debug_printf("Trying spool file %s\n", fname); + + if ((fd = Uopen(fname, +#ifdef O_CLOEXEC + O_CLOEXEC | +#endif + O_RDWR | O_APPEND, 0)) >= 0) + break; save_errno = errno; if (errno == ENOENT) { if (i == 0) continue; if (!queue_running) - log_write(0, LOG_MAIN, "Spool file %s-D not found", id); + log_write(0, LOG_MAIN, "Spool%s%s file %s-D not found", + *queue_name ? US" Q=" : US"", + *queue_name ? queue_name : US"", + id); } - else log_write(0, LOG_MAIN, "Spool error for %s: %s", spoolname, - strerror(errno)); + else + log_write(0, LOG_MAIN, "Spool error for %s: %s", fname, strerror(errno)); errno = save_errno; - return FALSE; + return -1; } /* File is open and message_subdir is set. Set the close-on-exec flag, and lock @@ -74,35 +87,35 @@ an open file descriptor (at least, I think that's the Cygwin story). On real Unix systems it doesn't make any difference as long as Exim is consistent in what it locks. */ -(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) | - FD_CLOEXEC); +#ifndef O_CLOEXEC +(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif lock_data.l_type = F_WRLCK; lock_data.l_whence = SEEK_SET; lock_data.l_start = 0; lock_data.l_len = SPOOL_DATA_START_OFFSET; -if (fcntl(deliver_datafile, F_SETLK, &lock_data) < 0) +if (fcntl(fd, F_SETLK, &lock_data) < 0) { log_write(L_skip_delivery, LOG_MAIN, "Spool file is locked (another process is handling this message)"); - (void)close(deliver_datafile); - deliver_datafile = -1; + (void)close(fd); errno = 0; - return FALSE; + return -1; } /* Get the size of the data; don't include the leading filename line in the count, but add one for the newline before the data. */ -if (fstat(deliver_datafile, &statbuf) == 0) +if (fstat(fd, &statbuf) == 0) { message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET; message_size = message_body_size + 1; } -return TRUE; +return fd; } #endif /* COMPILE_UTILITY */ @@ -209,6 +222,8 @@ have been the cause of that incident, but in any case, this code must be robust against such an event, and if such a file is encountered, it must be treated as malformed. +As called from deliver_message() (at least) we are running as root. + Arguments: name name of the header file, including the -H read_headers TRUE if in-store header structures are to be built @@ -318,12 +333,12 @@ and unsplit directories, as for the data file above. */ for (n = 0; n < 2; n++) { if (!subdir_set) - message_subdir[0] = (split_spool_directory == (n == 0))? name[5] : 0; - sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, - name); - f = Ufopen(big_buffer, "rb"); - if (f != NULL) break; - if (n != 0 || subdir_set || errno != ENOENT) return spool_read_notopen; + message_subdir[0] = split_spool_directory == (n == 0) ? name[5] : 0; + + if ((f = Ufopen(spool_fname(US"input", message_subdir, name, US""), "rb"))) + break; + if (n != 0 || subdir_set || errno != ENOENT) + return spool_read_notopen; } errno = 0; @@ -470,19 +485,24 @@ for (;;) else if (Ustrncmp(p, "cl ", 3) == 0) { - int index, count; - uschar name[20]; /* Need plenty of space for %d format */ - tree_node *node; - if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2) + unsigned index, count; + uschar name[20]; /* Need plenty of space for %u format */ + tree_node * node; + if ( sscanf(CS big_buffer + 5, "%u %u", &index, &count) != 2 + || index >= 20 + || count > 16384 /* arbitrary limit on variable size */ + ) goto SPOOL_FORMAT_ERROR; if (index < 10) - (void) string_format(name, sizeof(name), "%c%d", 'c', index); - else if (index < 20) /* ignore out-of-range index */ - (void) string_format(name, sizeof(name), "%c%d", 'm', index - 10); + (void) string_format(name, sizeof(name), "%c%u", 'c', index); + else + (void) string_format(name, sizeof(name), "%c%u", 'm', index - 10); node = acl_var_create(name); node->data.ptr = store_get(count + 1); + /* We sanity-checked the count, so disable the Coverity error */ + /* coverity[tainted_data] */ if (fread(node->data.ptr, 1, count+1, f) < count) goto SPOOL_READ_ERROR; - ((uschar*)node->data.ptr)[count] = 0; + (US node->data.ptr)[count] = '\0'; } break; @@ -511,7 +531,8 @@ for (;;) if (Ustrncmp(p, "rozen", 5) == 0) { deliver_freeze = TRUE; - sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at); + if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1) + goto SPOOL_READ_ERROR; } break; @@ -651,10 +672,12 @@ DEBUG(D_deliver) #endif /* COMPILE_UTILITY */ /* After reading the tree, the next line has not yet been read into the -buffer. It contains the count of recipients which follow on separate lines. */ +buffer. It contains the count of recipients which follow on separate lines. +Apply an arbitrary sanity check.*/ if (Ufgets(big_buffer, big_buffer_size, f) == NULL) goto SPOOL_READ_ERROR; -if (sscanf(CS big_buffer, "%d", &rcount) != 1) goto SPOOL_FORMAT_ERROR; +if (sscanf(CS big_buffer, "%d", &rcount) != 1 || rcount > 16384) + goto SPOOL_FORMAT_ERROR; #ifndef COMPILE_UTILITY DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount); @@ -663,6 +686,10 @@ DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount); recipients_list_max = rcount; recipients_list = store_get(rcount * sizeof(recipient_item)); +/* We sanitised the count and know we have enough memory, so disable +the Coverity error on recipients_count */ +/* coverity[tainted_data] */ + for (recipients_count = 0; recipients_count < rcount; recipients_count++) { int nn; diff --git a/src/src/spool_mbox.c b/src/src/spool_mbox.c index 126037574..b1de39e7d 100644 --- a/src/src/spool_mbox.c +++ b/src/src/spool_mbox.c @@ -2,8 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 */ -/* License: GPL */ +/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 + * License: GPL + * Copyright (c) The Exim Maintainers 2016 + */ /* Code for setting up a MBOX style spool file inside a /scan/<msgid> sub directory of exim's spool directory. */ @@ -11,17 +13,11 @@ sub directory of exim's spool directory. */ #include "exim.h" #ifdef WITH_CONTENT_SCAN -/* externals, we must reset them on unspooling */ -#ifdef WITH_OLD_DEMIME -extern int demime_ok; -extern struct file_extension *file_extensions; -#endif - extern int malware_ok; extern int spam_ok; int spool_mbox_ok = 0; -uschar spooled_message_id[17]; +uschar spooled_message_id[MESSAGE_ID_LENGTH+1]; /* returns a pointer to the FILE, and puts the size in bytes into mbox_file_size * normally, source_file_override is NULL */ @@ -117,17 +113,15 @@ if (!spool_mbox_ok) message_subdir[1] = '\0'; for (i = 0; i < 2; i++) { - message_subdir[0] = (split_spool_directory == (i == 0))? message_id[5] : 0; - temp_string = string_sprintf("%s/input/%s/%s-D", spool_directory, - message_subdir, message_id); - data_file = Ufopen(temp_string, "rb"); - if (data_file != NULL) break; + message_subdir[0] = split_spool_directory == (i == 0) ? message_id[5] : 0; + temp_string = spool_fname(US"input", message_subdir, message_id, US"-D"); + if ((data_file = Ufopen(temp_string, "rb"))) break; } } else data_file = Ufopen(source_file_override, "rb"); - if (data_file == NULL) + if (!data_file) { log_write(0, LOG_MAIN|LOG_PANIC, "Could not open datafile for message %s", message_id); @@ -165,20 +159,20 @@ if (!spool_mbox_ok) (void)fclose(mbox_file); mbox_file = NULL; - Ustrcpy(spooled_message_id, message_id); + Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id)); + spooled_message_id[sizeof(spooled_message_id)-1] = '\0'; spool_mbox_ok = 1; } /* get the size of the mbox message and open [message_id].eml file for reading*/ -if (Ustat(mbox_path, &statbuf) != 0 || - (yield = Ufopen(mbox_path,"rb")) == NULL) - { + +if ( !(yield = Ufopen(mbox_path,"rb")) + || fstat(fileno(yield), &statbuf) != 0 + ) log_write(0, LOG_MAIN|LOG_PANIC, "%s", string_open_failed(errno, "scan file %s", mbox_path)); - goto OUT; - } - -*mbox_file_size = statbuf.st_size; +else + *mbox_file_size = statbuf.st_size; OUT: if (data_file) (void)fclose(data_file); @@ -190,20 +184,11 @@ return yield; -/* remove mbox spool file, demimed files and temp directory */ +/* remove mbox spool file and temp directory */ void unspool_mbox(void) { - -/* reset all exiscan state variables */ -#ifdef WITH_OLD_DEMIME -demime_ok = 0; -demime_errorlevel = 0; -demime_reason = NULL; -file_extensions = NULL; -#endif - spam_ok = 0; malware_ok = 0; @@ -211,7 +196,6 @@ if (spool_mbox_ok && !no_mbox_unspool) { uschar *mbox_path; uschar *file_path; - int n; struct dirent *entry; DIR *tempdir; @@ -229,11 +213,12 @@ if (spool_mbox_ok && !no_mbox_unspool) while((entry = readdir(tempdir)) != NULL) { uschar *name = US entry->d_name; + int dummy; if (Ustrcmp(name, US".") == 0 || Ustrcmp(name, US"..") == 0) continue; file_path = string_sprintf("%s/%s", mbox_path, name); debug_printf("unspool_mbox(): unlinking '%s'\n", file_path); - n = unlink(CS file_path); + dummy = unlink(CS file_path); } closedir(tempdir); diff --git a/src/src/spool_out.c b/src/src/spool_out.c index 8d0ee7c71..e49d89a09 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for writing spool files, and moving them about. */ @@ -17,7 +17,7 @@ *************************************************/ /* This function is called immediately after errors in writing the spool, with -errno still set. It creates and error message, depending on the circumstances. +errno still set. It creates an error message, depending on the circumstances. If errmsg is NULL, it logs the message and panic-dies. Otherwise errmsg is set to point to the message, and -1 is returned. This function makes the code of spool_write_header() a bit neater. @@ -36,22 +36,21 @@ static int spool_write_error(int where, uschar **errmsg, uschar *s, uschar *temp_name, FILE *f) { -uschar *msg = (where == SW_RECEIVING)? - string_sprintf("spool file %s error while receiving from %s: %s", s, - (sender_fullhost != NULL)? sender_fullhost : sender_ident, - strerror(errno)) - : - string_sprintf("spool file %s error while %s: %s", s, - (where == SW_DELIVERING)? "delivering" : "modifying", - strerror(errno)); - -if (temp_name != NULL) Uunlink(temp_name); -if (f != NULL) (void)fclose(f); - -if (errmsg == NULL) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", msg); -else +uschar *msg = where == SW_RECEIVING + ? string_sprintf("spool file %s error while receiving from %s: %s", s, + sender_fullhost ? sender_fullhost : sender_ident, + strerror(errno)) + : string_sprintf("spool file %s error while %s: %s", s, + where == SW_DELIVERING ? "delivering" : "modifying", + strerror(errno)); + +if (temp_name) Uunlink(temp_name); +if (f) (void)fclose(f); + +if (errmsg) *errmsg = msg; +else + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", msg); return -1; } @@ -134,15 +133,16 @@ int size_correction; FILE *f; header_line *h; struct stat statbuf; -uschar name[256]; -uschar temp_name[256]; +uschar * tname; +uschar * fname; + +tname = spool_fname(US"input", message_subdir, + string_sprintf("hdr.%d", (int)getpid()), US""); -sprintf(CS temp_name, "%s/input/%s/hdr.%d", spool_directory, message_subdir, - (int)getpid()); -fd = spool_open_temp(temp_name); -if (fd < 0) return spool_write_error(where, errmsg, US"open", NULL, NULL); +if ((fd = spool_open_temp(tname)) < 0) + return spool_write_error(where, errmsg, US"open", NULL, NULL); f = fdopen(fd, "wb"); -DEBUG(D_receive|D_deliver) debug_printf("Writing spool header file\n"); +DEBUG(D_receive|D_deliver) debug_printf("Writing spool header file: %s\n", tname); /* We now have an open file to which the header data is to be written. Start with the file's leaf name, to make the file self-identifying. Continue with the @@ -272,21 +272,25 @@ fprintf(f, "%d\n", recipients_count); for (i = 0; i < recipients_count; i++) { recipient_item *r = recipients_list + i; -DEBUG(D_deliver) debug_printf("DSN: Flags :%d\n", r->dsn_flags); + + DEBUG(D_deliver) debug_printf("DSN: Flags :%d\n", r->dsn_flags); + if (r->pno < 0 && r->errors_to == NULL && r->dsn_flags == 0) fprintf(f, "%s\n", r->address); else { - uschar *errors_to = (r->errors_to == NULL)? US"" : r->errors_to; + uschar * errors_to = r->errors_to ? r->errors_to : US""; /* for DSN SUPPORT extend exim 4 spool in a compatible way by - adding new values upfront and add flag 0x02 */ - uschar *orcpt = (r->orcpt == NULL)? US"" : r->orcpt; - fprintf(f, "%s %s %d,%d %s %d,%d#3\n", r->address, orcpt, Ustrlen(orcpt), r->dsn_flags, - errors_to, Ustrlen(errors_to), r->pno); + adding new values upfront and add flag 0x02 */ + uschar * orcpt = r->orcpt ? r->orcpt : US""; + + fprintf(f, "%s %s %d,%d %s %d,%d#3\n", r->address, orcpt, Ustrlen(orcpt), + r->dsn_flags, errors_to, Ustrlen(errors_to), r->pno); } - DEBUG(D_deliver) debug_printf("DSN: **** SPOOL_OUT - address: |%s| errorsto: |%s| orcpt: |%s| dsn_flags: %d\n", - r->address, r->errors_to, r->orcpt, r->dsn_flags); + DEBUG(D_deliver) debug_printf("DSN: **** SPOOL_OUT - " + "address: |%s| errorsto: |%s| orcpt: |%s| dsn_flags: %d\n", + r->address, r->errors_to, r->orcpt, r->dsn_flags); } /* Put a blank line before the headers */ @@ -297,7 +301,8 @@ fprintf(f, "\n"); to get the actual size of the headers. */ fflush(f); -fstat(fd, &statbuf); +if (fstat(fd, &statbuf)) + return spool_write_error(where, errmsg, US"fstat", tname, f); size_correction = statbuf.st_size; /* Finally, write out the message's headers. To make it easier to read them @@ -318,28 +323,30 @@ for (h = header_list; h != NULL; h = h->next) /* Flush and check for any errors while writing */ if (fflush(f) != 0 || ferror(f)) - return spool_write_error(where, errmsg, US"write", temp_name, f); + return spool_write_error(where, errmsg, US"write", tname, f); /* Force the file's contents to be written to disk. Note that fflush() just pushes it out of C, and fclose() doesn't guarantee to do the write either. That's just the way Unix works... */ if (EXIMfsync(fileno(f)) < 0) - return spool_write_error(where, errmsg, US"sync", temp_name, f); + return spool_write_error(where, errmsg, US"sync", tname, f); /* Get the size of the file, and close it. */ -fstat(fd, &statbuf); +if (fstat(fd, &statbuf) != 0) + return spool_write_error(where, errmsg, US"fstat", tname, NULL); if (fclose(f) != 0) - return spool_write_error(where, errmsg, US"close", temp_name, NULL); + return spool_write_error(where, errmsg, US"close", tname, NULL); /* Rename the file to its correct name, thereby replacing any previous incarnation. */ -sprintf(CS name, "%s/input/%s/%s-H", spool_directory, message_subdir, id); +fname = spool_fname(US"input", message_subdir, id, US"-H"); +DEBUG(D_receive|D_deliver) debug_printf("Renaming spool header file: %s\n", fname); -if (Urename(temp_name, name) < 0) - return spool_write_error(where, errmsg, US"rename", temp_name, NULL); +if (Urename(tname, fname) < 0) + return spool_write_error(where, errmsg, US"rename", tname, NULL); /* Linux (and maybe other OS?) does not automatically sync a directory after an operation like rename. We therefore have to do it forcibly ourselves in @@ -353,20 +360,20 @@ these cases. One hack on top of another... but that's life. */ #ifdef NEED_SYNC_DIRECTORY -sprintf(CS temp_name, "%s/input/%s/.", spool_directory, message_subdir); +tname = spool_fname(US"input", message_subdir, US".", US""); -#ifndef O_DIRECTORY -#define O_DIRECTORY 0 -#endif +# ifndef O_DIRECTORY +# define O_DIRECTORY 0 +# endif -if ((fd = Uopen(temp_name, O_RDONLY|O_DIRECTORY, 0)) < 0) - return spool_write_error(where, errmsg, US"directory open", name, NULL); +if ((fd = Uopen(tname, O_RDONLY|O_DIRECTORY, 0)) < 0) + return spool_write_error(where, errmsg, US"directory open", fname, NULL); if (EXIMfsync(fd) < 0 && errno != EINVAL) - return spool_write_error(where, errmsg, US"directory sync", name, NULL); + return spool_write_error(where, errmsg, US"directory sync", fname, NULL); if (close(fd) < 0) - return spool_write_error(where, errmsg, US"directory close", name, NULL); + return spool_write_error(where, errmsg, US"directory close", fname, NULL); #endif /* NEED_SYNC_DIRECTORY */ @@ -407,13 +414,12 @@ static BOOL make_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, uschar *to, BOOL noentok) { -uschar f[256], t[256]; -sprintf(CS f, "%s/%s%s/%s/%s%s", spool_directory, from, dir, subdir, id, suffix); -sprintf(CS t, "%s/%s%s/%s/%s%s", spool_directory, to, dir, subdir, id, suffix); -if (Ulink(f, t) < 0 && (!noentok || errno != ENOENT)) +uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); +uschar * tname = spool_fname(string_sprintf("%s%s", to, dir), subdir, id, suffix); +if (Ulink(fname, tname) < 0 && (!noentok || errno != ENOENT)) { log_write(0, LOG_MAIN|LOG_PANIC, "link(\"%s\", \"%s\") failed while moving " - "message: %s", f, t, strerror(errno)); + "message: %s", fname, tname, strerror(errno)); return FALSE; } return TRUE; @@ -445,12 +451,11 @@ static BOOL break_link(uschar *dir, uschar *subdir, uschar *id, uschar *suffix, uschar *from, BOOL noentok) { -uschar f[256]; -sprintf(CS f, "%s/%s%s/%s/%s%s", spool_directory, from, dir, subdir, id, suffix); -if (Uunlink(f) < 0 && (!noentok || errno != ENOENT)) +uschar * fname = spool_fname(string_sprintf("%s%s", from, dir), subdir, id, suffix); +if (Uunlink(fname) < 0 && (!noentok || errno != ENOENT)) { log_write(0, LOG_MAIN|LOG_PANIC, "unlink(\"%s\") failed while moving " - "message: %s", f, strerror(errno)); + "message: %s", fname, strerror(errno)); return FALSE; } return TRUE; @@ -482,17 +487,19 @@ spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to) { /* Create any output directories that do not exist. */ -sprintf(CS big_buffer, "%sinput/%s", to, subdir); -(void)directory_make(spool_directory, big_buffer, INPUT_DIRECTORY_MODE, TRUE); -sprintf(CS big_buffer, "%smsglog/%s", to, subdir); -(void)directory_make(spool_directory, big_buffer, INPUT_DIRECTORY_MODE, TRUE); +(void) directory_make(spool_directory, + spool_sname(string_sprintf("%sinput", to), subdir), + INPUT_DIRECTORY_MODE, TRUE); +(void) directory_make(spool_directory, + spool_sname(string_sprintf("%smsglog", to), subdir), + INPUT_DIRECTORY_MODE, TRUE); /* Move the message by first creating new hard links for all the files, and then removing the old links. When moving messages onto the main spool, the -H file should be set up last, because that's the one that tells Exim there is a message to be delivered, so we create its new link last and remove its old link first. Programs that look at the alternate directories should follow the same -rule of waiting for a -H file before doing anything. When moving messsages off +rule of waiting for a -H file before doing anything. When moving messages off the mail spool, the -D file should be open and locked at the time, thus keeping Exim's hands off. */ diff --git a/src/src/srs.c b/src/src/srs.c index 0115c0b51..1ff391f65 100644 --- a/src/src/srs.c +++ b/src/src/srs.c @@ -4,6 +4,7 @@ /* SRS - Sender rewriting scheme support (C)2004 Miles Wilton <miles@mirtol.com> + Copyright (c) The Exim Maintainers 2016 SRS Support Version: 1.0a @@ -25,7 +26,7 @@ uschar *srs_db_reverse = NULL; int eximsrs_init() { - uschar *list = srs_config; + const uschar *list = srs_config; uschar secret_buf[SRS_MAX_SECRET_LENGTH]; uschar *secret = NULL; uschar sbuf[4]; diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c index 3f0fec897..8ccef122b 100644 --- a/src/src/std-crypto.c +++ b/src/src/std-crypto.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Phil Pennock 2012 +/* Copyright (c) Phil Pennock 2012, 2016 * But almost everything here is fixed published constants from RFCs, so also: * Copyright (C) The Internet Society (2003) * Copyright (C) The IETF Trust (2008) @@ -459,6 +459,497 @@ static const char dh_ike_24_pem[] = "KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ\n" "-----END DH PARAMETERS-----\n"; +/* ------------------------------------------------------------------------- */ +/* RFC 7919 Published August 2016, so strength estimates date from then. + +A.1. ffdhe2048 + + The 2048-bit group has registry value 256 and is calculated from the + following formula: + + The modulus is: + + p = 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 61285C97 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 30942E4B FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 103 + bits. +*/ +static const char dh_ffdhe2048_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIH+AoH4DfhUWKK7Spqv3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v\n" +"42NjDHXY9oGyAq7EYXrT3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhP\n" +"DHDg5ot34qaJ2vPv6HId8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq\n" +"2rdg1/RoHU9Co945TfSuVu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy\n" +"/pzphYP/jk8SMu7ygYPD/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohr\n" +"QjhhKFyX//////////8CAQI=\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.2. ffdhe3072 + + The 3072-bit prime has registry value 257 and is calculated from the + following formula: + + The modulus is: + + p = 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 66C62E37 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B363171B FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 125 + bits. +*/ +static const char dh_ffdhe3072_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" +"N///////////AgEC\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.3. ffdhe4096 + + The 4096-bit group has registry value 258 and is calculated from the + following formula: + + The modulus is: + + p = 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A + FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F32AFB5 + 7FFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 150 + bits. +*/ +static const char dh_ffdhe4096_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.4. ffdhe6144 + + The 6144-bit group has registry value 259 and is calculated from the + following formula: + + The modulus is: + + p = 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902 + 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6 + 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A + CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477 + A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3 + 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4 + 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6 + B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C + D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A + E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04 + 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1 + A41D570D 7938DAD4 A40E329C D0E40E65 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81 + 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53 + 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D + 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B + D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1 + 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA + 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB + 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6 + 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5 + 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582 + 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0 + D20EAB86 BC9C6D6A 5207194E 68720732 FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 175 + bits. +*/ +static const char dh_ffdhe6144_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n" +"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n" +"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n" +"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n" +"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n" +"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO\n" +"Zf//////////AgEC\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.5. ffdhe8192 + + The 8192-bit group has registry value 260 and is calculated from the + following formula: + + The modulus is: + + p = 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902 + 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6 + 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A + CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477 + A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3 + 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4 + 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6 + B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C + D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A + E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04 + 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1 + A41D570D 7938DAD4 A40E329C CFF46AAA 36AD004C F600C838 + 1E425A31 D951AE64 FDB23FCE C9509D43 687FEB69 EDD1CC5E + 0B8CC3BD F64B10EF 86B63142 A3AB8829 555B2F74 7C932665 + CB2C0F1C C01BD702 29388839 D2AF05E4 54504AC7 8B758282 + 2846C0BA 35C35F5C 59160CC0 46FD8251 541FC68C 9C86B022 + BB709987 6A460E74 51A8A931 09703FEE 1C217E6C 3826E52C + 51AA691E 0E423CFC 99E9E316 50C1217B 624816CD AD9A95F9 + D5B80194 88D9C0A0 A1FE3075 A577E231 83F81D4A 3F2FA457 + 1EFC8CE0 BA8A4FE8 B6855DFE 72B0A66E DED2FBAB FBE58A30 + FAFABE1C 5D71A87E 2F741EF8 C1FE86FE A6BBFDE5 30677F0D + 97D11D49 F7A8443D 0822E506 A9F4614E 011E2A94 838FF88C + D68C8BB7 C5C6424C FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81 + 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53 + 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D + 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B + D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1 + 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA + 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB + 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6 + 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5 + 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582 + 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0 + D20EAB86 BC9C6D6A 5207194E 67FA3555 1B568026 7B00641C + 0F212D18 ECA8D732 7ED91FE7 64A84EA1 B43FF5B4 F6E8E62F + 05C661DE FB258877 C35B18A1 51D5C414 AAAD97BA 3E499332 + E596078E 600DEB81 149C441C E95782F2 2A282563 C5BAC141 + 1423605D 1AE1AFAE 2C8B0660 237EC128 AA0FE346 4E435811 + 5DB84CC3 B523073A 28D45498 84B81FF7 0E10BF36 1C137296 + 28D5348F 07211E7E 4CF4F18B 286090BD B1240B66 D6CD4AFC + EADC00CA 446CE050 50FF183A D2BBF118 C1FC0EA5 1F97D22B + 8F7E4670 5D4527F4 5B42AEFF 39585337 6F697DD5 FDF2C518 + 7D7D5F0E 2EB8D43F 17BA0F7C 60FF437F 535DFEF2 9833BF86 + CBE88EA4 FBD4221E 84117283 54FA30A7 008F154A 41C7FC46 + 6B4645DB E2E32126 7FFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 192 + bits. +*/ +static const char dh_ffdhe8192_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n" +"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n" +"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n" +"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n" +"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n" +"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq\n" +"qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI\n" +"KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C\n" +"UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh\n" +"e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm\n" +"bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh\n" +"TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* ========================================================================= */ + +/* + * Generated by Phil as a non-standard option. + * openssl dhparam -2 2048 + * No provenance to prove non-tampering available, beyond trusting that this + * developer generated this as stated above. + */ + +/* MacOSX 10.10.5 invoking system OpenSSL 0.9.8zg */ +static const char dh_exim_20160529_1[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEA8ZMf89Gaye4bDEX1BXZ9+2edkXym9EK0GxmFilHEGpnhgLNmCk+H\n" +"cCb+zn8Ed5bpCOmRuEv9N/VKPjSpno8jYiQbFgUL3vh8uKvQLJNTzDVDbpd3YO7E\n" +"tiS0L0qWL57zIf8b3VZTMRsH4Orz2Rla61wVl6XpxE5WRfGqPS264Vvfew7xmCoi\n" +"INaFzIU6zwk2WeD6K5asctYlQG/UtgY1nRFkQTebIOpm03a6/hw7F14l3yUZgXfv\n" +"I3m4MFaWvxGcuZxddTijXw3VfjMdWvdH3Iz7IcqD32uEzK6Rgi/t4OVSw1kE2oDt\n" +"cFThPUCWb7O4TVq9Xt2UZqZFNU6kUAkv2wIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* MacOSX 10.10.5 invoking OpenSSL 1.0.2h installed from brew bottle */ +static const char dh_exim_20160529_2[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEAot84eqyfSb5l8GRCN2ioWP5T85Z/2lVX9A9r9JzwDfvliAAqm6Vp\n" +"UcHdAfVt54kc8DsmLiHdDhxY1I/wo+DcBylfVx13cmkroAocowOD5dwQMYk6iXjV\n" +"ys4heRJhYlAHgt8QZH8dA8c/HLs+rlAHhSUPnetsZmcoPE0LRsjigJsiVXasm+sl\n" +"g/77u5FCkgSrFILcD9PLPto1ciIXp2y8cjXQDk+D9FH1HaSCXLCLkuHxhQXxjTYO\n" +"C3Q53aNLkDJ4zpPt7Kc9NxQFBVlNc260IFDOHTWhgV2zpyG6oIzQoHSmmiLAAfcF\n" +"HrG7I06uZBLjuNGGaM0eeuxHNhs2G2EduwIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* Ubuntu 14.04.4 running on dual-core Atom D2500 with OneRNG entropy key */ +static const char dh_exim_20160529_3[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEAkbRYVoge2PtrmV1eKCKluSBFELgckuLSnkuH0TffqbmfoYM34lFu\n" +"2vPM2LhnzKvEBQlIICOTzQD29kROacRfSKpsNINRXhXKUqI6sFXzUZu4Flk69XKG\n" +"ZOSDYvWkI5pSn1amQ4Nnvn6s+uwn/f0ZDZDiKLW9TgntxJV4A2+yeymaeoGCbIXX\n" +"5q8WgajFhAeut36RL93HBnXT1hT7Eja1Y81w9fOzQrwBuXhyfCkAdiMA/VCp0UD4\n" +"0p7uf+okpckVnwD6WnUCHMij8nGlVblZELFYzNi0udtzIrSwlALbZXIeAqhbZXJO\n" +"lCuYspJhzV0Vs0lDJwrxvNwtdg1ernVIowIBAg==\n" +"-----END DH PARAMETERS-----\n"; /* ========================================================================= */ @@ -470,7 +961,15 @@ struct dh_constant { /* KEEP SORTED ALPHABETICALLY; * duplicate PEM are okay, if we want aliases, but names must be alphabetical */ static struct dh_constant dh_constants[] = { - { "default", dh_ike_23_pem }, + { "default", dh_exim_20160529_3 }, + { "exim.dev.20160529.1", dh_exim_20160529_1 }, + { "exim.dev.20160529.2", dh_exim_20160529_2 }, + { "exim.dev.20160529.3", dh_exim_20160529_3 }, + { "ffdhe2048", dh_ffdhe2048_pem }, + { "ffdhe3072", dh_ffdhe3072_pem }, + { "ffdhe4096", dh_ffdhe4096_pem }, + { "ffdhe6144", dh_ffdhe6144_pem }, + { "ffdhe8192", dh_ffdhe8192_pem }, { "ike1", dh_ike_1_pem }, { "ike14", dh_ike_14_pem }, { "ike15", dh_ike_15_pem }, diff --git a/src/src/store.c b/src/src/store.c index e402835c7..b1a47799b 100644 --- a/src/src/store.c +++ b/src/src/store.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Exim gets and frees all its store through these functions. In the original @@ -354,7 +354,11 @@ the released memory. */ newlength = bc + b->length - (char *)ptr; #ifndef COMPILE_UTILITY -if (running_in_test_harness) memset(ptr, 0xF0, newlength); +if (running_in_test_harness) + { + (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength); + memset(ptr, 0xF0, newlength); + } #endif (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength); yield_length[store_pool] = newlength - (newlength % alignment); @@ -493,9 +497,8 @@ store_malloc_3(int size, const char *filename, int linenumber) void *yield; if (size < 16) size = 16; -yield = malloc((size_t)size); -if (yield == NULL) +if (!(yield = malloc((size_t)size))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " "called from line %d of %s", size, linenumber, filename); diff --git a/src/src/string.c b/src/src/string.c index c0dfd04b6..be1a1d7a4 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Miscellaneous string-handling functions. Some are not required for @@ -913,7 +913,7 @@ sep_is_special = iscntrl(sep); if (buffer != NULL) { - register int p = 0; + int p = 0; for (; *s != 0; s++) { if (*s == sep && (*(++s) != sep || sep_is_special)) break; @@ -952,7 +952,7 @@ else for (;;) { for (ss = s + 1; *ss != 0 && *ss != sep; ss++); - buffer = string_cat(buffer, &size, &ptr, s, ss-s); + buffer = string_catn(buffer, &size, &ptr, s, ss-s); s = ss; if (*s == 0 || *(++s) != sep || sep_is_special) break; } @@ -995,17 +995,17 @@ uschar * sp; if (list) { - new = string_cat(new, &sz, &off, list, Ustrlen(list)); - new = string_cat(new, &sz, &off, &sep, 1); + new = string_cat (new, &sz, &off, list); + new = string_catn(new, &sz, &off, &sep, 1); } while((sp = Ustrchr(ele, sep))) { - new = string_cat(new, &sz, &off, ele, sp-ele+1); - new = string_cat(new, &sz, &off, &sep, 1); + new = string_catn(new, &sz, &off, ele, sp-ele+1); + new = string_catn(new, &sz, &off, &sep, 1); ele = sp+1; } -new = string_cat(new, &sz, &off, ele, Ustrlen(ele)); +new = string_cat(new, &sz, &off, ele); new[off] = '\0'; return new; } @@ -1039,18 +1039,18 @@ const uschar * sp; if (list) { - new = string_cat(new, &sz, &off, list, Ustrlen(list)); - new = string_cat(new, &sz, &off, &sep, 1); + new = string_cat (new, &sz, &off, list); + new = string_catn(new, &sz, &off, &sep, 1); } while((sp = Ustrnchr(ele, sep, &len))) { - new = string_cat(new, &sz, &off, ele, sp-ele+1); - new = string_cat(new, &sz, &off, &sep, 1); + new = string_catn(new, &sz, &off, ele, sp-ele+1); + new = string_catn(new, &sz, &off, &sep, 1); ele = sp+1; len--; } -new = string_cat(new, &sz, &off, ele, len); +new = string_catn(new, &sz, &off, ele, len); new[off] = '\0'; return new; } @@ -1078,7 +1078,7 @@ Arguments: characters, updated to the new offset s points to characters to add count count of characters to add; must not exceed the length of s, if s - is a C string + is a C string. If -1 given, strlen(s) is used. If string is given as NULL, *size and *ptr should both be zero. @@ -1086,10 +1086,12 @@ Returns: pointer to the start of the string, changed if copied for expansion. Note that a NUL is not added, though space is left for one. This is because string_cat() is often called multiple times to build up a string - there's no point adding the NUL till the end. + */ +/* coverity[+alloc] */ uschar * -string_cat(uschar *string, int *size, int *ptr, const uschar *s, int count) +string_catn(uschar *string, int *size, int *ptr, const uschar *s, int count) { int p = *ptr; @@ -1132,12 +1134,25 @@ if (p + count >= *size) /* Because we always specify the exact number of characters to copy, we can use memcpy(), which is likely to be more efficient than strncopy() because the -latter has to check for zero bytes. */ +latter has to check for zero bytes. + +The Coverity annotation deals with the lack of correlated variable tracking; +common use is a null string and zero size and pointer, on first use for a +string being built. The "if" above then allocates, but Coverity assume that +the "if" might not happen and whines for a null-deref done by the memcpy(). */ +/* coverity[deref_parm_field_in_call] : FALSE */ memcpy(string + p, s, count); *ptr = p + count; return string; } + + +uschar * +string_cat(uschar *string, int *size, int *ptr, const uschar *s) +{ +return string_catn(string, size, ptr, s, Ustrlen(s)); +} #endif /* COMPILE_UTILITY */ @@ -1175,7 +1190,7 @@ va_start(ap, count); for (i = 0; i < count; i++) { uschar *t = va_arg(ap, uschar *); - string = string_cat(string, size, ptr, t, Ustrlen(t)); + string = string_cat(string, size, ptr, t); } va_end(ap); @@ -1197,10 +1212,10 @@ on whether the variable length list of data arguments are given explicitly or as a va_list item. The formats are the usual printf() ones, with some omissions (never used) and -two additions for strings: %S forces lower case, and %#s or %#S prints nothing -for a NULL string. Without the # "NULL" is printed (useful in debugging). There -is also the addition of %D and %M, which insert the date in the form used for -datestamped log files. +three additions for strings: %S forces lower case, %T forces upper case, and +%#s or %#S prints nothing for a NULL string. Without thr # "NULL" is printed +(useful in debugging). There is also the addition of %D and %M, which insert +the date in the form used for datestamped log files. Arguments: buffer a buffer in which to put the formatted string @@ -1413,6 +1428,7 @@ while (*fp != 0) case 's': case 'S': /* Forces *lower* case */ + case 'T': /* Forces *upper* case */ s = va_arg(ap, char *); if (s == NULL) s = null; @@ -1460,6 +1476,8 @@ while (*fp != 0) sprintf(CS p, "%*.*s", width, precision, s); if (fp[-1] == 'S') while (*p) { *p = tolower(*p); p++; } + else if (fp[-1] == 'T') + while (*p) { *p = toupper(*p); p++; } else while (*p) p++; if (!yield) goto END_FORMAT; @@ -1518,6 +1536,7 @@ specified messages. If it does, the message just gets truncated, and there doesn't seem much we can do about that. */ (void)string_vformat(buffer+15, sizeof(buffer) - 15, format, ap); +va_end(ap); return (eno == EACCES)? string_sprintf("%s: %s (euid=%ld egid=%ld)", buffer, strerror(eno), @@ -1528,185 +1547,19 @@ return (eno == EACCES)? -#ifndef COMPILE_UTILITY -/************************************************* -* Generate local prt for logging * -*************************************************/ - -/* This function is a subroutine for use in string_log_address() below. - -Arguments: - addr the address being logged - yield the current dynamic buffer pointer - sizeptr points to current size - ptrptr points to current insert pointer - -Returns: the new value of the buffer pointer -*/ - -static uschar * -string_get_localpart(address_item *addr, uschar *yield, int *sizeptr, - int *ptrptr) -{ -uschar * s; - -s = addr->prefix; -if (testflag(addr, af_include_affixes) && s) - { -#ifdef SUPPORT_I18N - if (testflag(addr, af_utf8_downcvt)) - s = string_localpart_utf8_to_alabel(s, NULL); -#endif - yield = string_cat(yield, sizeptr, ptrptr, s, Ustrlen(s)); - } - -s = addr->local_part; -#ifdef SUPPORT_I18N -if (testflag(addr, af_utf8_downcvt)) - s = string_localpart_utf8_to_alabel(s, NULL); -#endif -yield = string_cat(yield, sizeptr, ptrptr, s, Ustrlen(s)); - -s = addr->suffix; -if (testflag(addr, af_include_affixes) && s) - { -#ifdef SUPPORT_I18N - if (testflag(addr, af_utf8_downcvt)) - s = string_localpart_utf8_to_alabel(s, NULL); -#endif - yield = string_cat(yield, sizeptr, ptrptr, s, Ustrlen(s)); - } - -return yield; -} - - -/************************************************* -* Generate log address list * -*************************************************/ - -/* This function generates a list consisting of an address and its parents, for -use in logging lines. For saved onetime aliased addresses, the onetime parent -field is used. If the address was delivered by a transport with rcpt_include_ -affixes set, the af_include_affixes bit will be set in the address. In that -case, we include the affixes here too. -Arguments: - addr bottom (ultimate) address - all_parents if TRUE, include all parents - success TRUE for successful delivery -Returns: a string in dynamic store -*/ +#ifndef COMPILE_UTILITY +/* qsort(3), currently used to sort the environment variables +for -bP environment output, needs a function to compare two pointers to string +pointers. Here it is. */ -uschar * -string_log_address(address_item *addr, BOOL all_parents, BOOL success) +int +string_compare_by_pointer(const void *a, const void *b) { -int size = 64; -int ptr = 0; -BOOL add_topaddr = TRUE; -uschar *yield = store_get(size); -address_item *topaddr; - -/* Find the ultimate parent */ - -for (topaddr = addr; topaddr->parent != NULL; topaddr = topaddr->parent); - -/* We start with just the local part for pipe, file, and reply deliveries, and -for successful local deliveries from routers that have the log_as_local flag -set. File deliveries from filters can be specified as non-absolute paths in -cases where the transport is goin to complete the path. If there is an error -before this happens (expansion failure) the local part will not be updated, and -so won't necessarily look like a path. Add extra text for this case. */ - -if (testflag(addr, af_pfr) || - (success && - addr->router != NULL && addr->router->log_as_local && - addr->transport != NULL && addr->transport->info->local)) - { - if (testflag(addr, af_file) && addr->local_part[0] != '/') - yield = string_cat(yield, &size, &ptr, CUS"save ", 5); - yield = string_get_localpart(addr, yield, &size, &ptr); - } - -/* Other deliveries start with the full address. It we have split it into local -part and domain, use those fields. Some early failures can happen before the -splitting is done; in those cases use the original field. */ - -else - { - if (addr->local_part != NULL) - { - const uschar * s; - yield = string_get_localpart(addr, yield, &size, &ptr); - yield = string_cat(yield, &size, &ptr, US"@", 1); - s = addr->domain; -#ifdef SUPPORT_I18N - if (testflag(addr, af_utf8_downcvt)) - s = string_localpart_utf8_to_alabel(s, NULL); -#endif - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s) ); - } - else - { - yield = string_cat(yield, &size, &ptr, addr->address, Ustrlen(addr->address)); - } - yield[ptr] = 0; - - /* If the address we are going to print is the same as the top address, - and all parents are not being included, don't add on the top address. First - of all, do a caseless comparison; if this succeeds, do a caseful comparison - on the local parts. */ - - if (strcmpic(yield, topaddr->address) == 0 && - Ustrncmp(yield, topaddr->address, Ustrchr(yield, '@') - yield) == 0 && - addr->onetime_parent == NULL && - (!all_parents || addr->parent == NULL || addr->parent == topaddr)) - add_topaddr = FALSE; - } - -/* If all parents are requested, or this is a local pipe/file/reply, and -there is at least one intermediate parent, show it in brackets, and continue -with all of them if all are wanted. */ - -if ((all_parents || testflag(addr, af_pfr)) && - addr->parent != NULL && - addr->parent != topaddr) - { - uschar *s = US" ("; - address_item *addr2; - for (addr2 = addr->parent; addr2 != topaddr; addr2 = addr2->parent) - { - yield = string_cat(yield, &size, &ptr, s, 2); - yield = string_cat(yield, &size, &ptr, addr2->address, Ustrlen(addr2->address)); - if (!all_parents) break; - s = US", "; - } - yield = string_cat(yield, &size, &ptr, US")", 1); - } - -/* Add the top address if it is required */ - -if (add_topaddr) - { - yield = string_cat(yield, &size, &ptr, US" <", 2); - - if (addr->onetime_parent == NULL) - yield = string_cat(yield, &size, &ptr, topaddr->address, - Ustrlen(topaddr->address)); - else - yield = string_cat(yield, &size, &ptr, addr->onetime_parent, - Ustrlen(addr->onetime_parent)); - - yield = string_cat(yield, &size, &ptr, US">", 1); - } - -yield[ptr] = 0; /* string_cat() leaves space */ -return yield; +return Ustrcmp(* CUSS a, * CUSS b); } -#endif /* COMPILE_UTILITY */ - - +#endif /* COMPILE_UTILITY */ diff --git a/src/src/structs.h b/src/src/structs.h index 78f5a8087..12d714f28 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -28,10 +28,11 @@ struct router_info; /* Structure for remembering macros for the configuration file */ typedef struct macro_item { - struct macro_item *next; - BOOL command_line; - uschar *replacement; - uschar name[1]; + struct macro_item *next; + BOOL command_line; + unsigned namelen; + uschar * replacement; + uschar name[1]; } macro_item; /* Structure for bit tables for debugging and logging */ @@ -51,6 +52,11 @@ typedef struct ugid_block { BOOL initgroups; } ugid_block; +typedef enum { CHUNKING_NOT_OFFERED = -1, + CHUNKING_OFFERED, + CHUNKING_ACTIVE, + CHUNKING_LAST} chunking_state_t; + /* Structure for holding information about a host for use mainly by routers, but also used when checking lists of hosts and when transporting. Looking up host addresses is done using this structure. */ @@ -218,6 +224,40 @@ typedef struct transport_info { } transport_info; +/* smtp transport datachunk callback */ + +#define tc_reap_prev BIT(0) /* Flags: reap previous SMTP cmd responses */ +#define tc_chunk_last BIT(1) /* annotate chunk SMTP cmd as LAST */ + +struct transport_context; +typedef int (*tpt_chunk_cmd_cb)(int fd, struct transport_context * tctx, + unsigned len, unsigned flags); + +/* Structure for information about a delivery-in-progress */ + +typedef struct transport_context { + transport_instance * tblock; /* transport */ + struct address_item * addr; + uschar * check_string; /* string replacement */ + uschar * escape_string; + int options; /* output processing topt_* */ + + /* items below only used with option topt_use_bdat */ + tpt_chunk_cmd_cb chunk_cb; /* per-datachunk callback */ + struct smtp_inblock * inblock; + struct smtp_outblock * outblock; + host_item * host; + struct address_item * first_addr; + struct address_item **sync_addr; + BOOL pending_MAIL; + BOOL pending_BDAT; + BOOL good_RCPT; + BOOL * completed_address; + int cmd_count; + uschar * buffer; +} transport_ctx; + + typedef struct { uschar *request; @@ -506,12 +546,13 @@ typedef struct address_item_propagated { #ifndef DISABLE_PRDR # define af_prdr_used 0x08000000 /* delivery used SMTP PRDR */ #endif -#define af_force_command 0x10000000 /* force_command in pipe transport */ +#define af_chunking_used 0x10000000 /* delivery used SMTP CHUNKING */ +#define af_force_command 0x20000000 /* force_command in pipe transport */ #ifdef EXPERIMENTAL_DANE -# define af_dane_verified 0x20000000 /* TLS cert verify done with DANE */ +# define af_dane_verified 0x40000000 /* TLS cert verify done with DANE */ #endif #ifdef SUPPORT_I18N -# define af_utf8_downcvt 0x40000000 /* downconvert was done for delivery */ +# define af_utf8_downcvt 0x80000000 /* downconvert was done for delivery */ #endif /* These flags must be propagated when a child is created */ @@ -690,11 +731,11 @@ typedef struct search_cache { uncompressed, but the data pointer is into the raw data. */ typedef struct { - uschar name[DNS_MAXNAME]; /* domain name */ - int type; /* record type */ - unsigned short ttl; /* time-to-live, seconds */ - int size; /* size of data */ - uschar *data; /* pointer to data */ + uschar name[DNS_MAXNAME]; /* domain name */ + int type; /* record type */ + unsigned short ttl; /* time-to-live, seconds */ + int size; /* size of data */ + const uschar *data; /* pointer to data */ } dns_record; /* Structure for holding the result of a DNS query. */ @@ -708,9 +749,9 @@ typedef struct { block. */ typedef struct { - int rrcount; /* count of RRs in the answer */ - uschar *aptr; /* pointer in the answer while scanning */ - dns_record srr; /* data from current record in scan */ + int rrcount; /* count of RRs in the answer */ + const uschar *aptr; /* pointer in the answer while scanning */ + dns_record srr; /* data from current record in scan */ } dns_scan; /* Structure for holding a chain of IP addresses that are extracted from @@ -826,4 +867,15 @@ typedef struct acl_block { /* smtp transport calc outbound_ip */ typedef BOOL (*oicf) (uschar *message_id, void *data); +/* DKIM information for transport */ +struct ob_dkim { + uschar *dkim_domain; + uschar *dkim_private_key; + uschar *dkim_selector; + uschar *dkim_canon; + uschar *dkim_sign_headers; + uschar *dkim_strict; + BOOL dot_stuffed; +}; + /* End of structs.h */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 601197475..10bfaca32 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -42,6 +42,7 @@ require current GnuTLS, then we'll drop support for the ancient libraries). /* needed to disable PKCS11 autoload unless requested */ #if GNUTLS_VERSION_NUMBER >= 0x020c00 # include <gnutls/pkcs11.h> +# define SUPPORT_PARAM_TO_PK_BITS #endif #if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP) # warning "GnuTLS library version too old; define DISABLE_OCSP in Makefile" @@ -492,8 +493,7 @@ else if (Ustrcmp(exp_tls_dhparam, "none") == 0) } else if (exp_tls_dhparam[0] != '/') { - m.data = US std_dh_prime_named(exp_tls_dhparam); - if (m.data == NULL) + if (!(m.data = US std_dh_prime_named(exp_tls_dhparam))) return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL); m.size = Ustrlen(m.data); } @@ -547,8 +547,7 @@ if (use_file_in_spool) /* Open the cache file for reading and if successful, read it and set up the parameters. */ -fd = Uopen(filename, O_RDONLY, 0); -if (fd >= 0) +if ((fd = Uopen(filename, O_RDONLY, 0)) >= 0) { struct stat statbuf; FILE *fp; @@ -565,8 +564,7 @@ if (fd >= 0) (void)close(fd); return tls_error(US"TLS cache not a file", NULL, NULL); } - fp = fdopen(fd, "rb"); - if (!fp) + if (!(fp = fdopen(fd, "rb"))) { saved_errno = errno; (void)close(fd); @@ -575,14 +573,12 @@ if (fd >= 0) } m.size = statbuf.st_size; - m.data = malloc(m.size); - if (m.data == NULL) + if (!(m.data = malloc(m.size))) { fclose(fp); return tls_error(US"malloc failed", strerror(errno), NULL); } - sz = fread(m.data, m.size, 1, fp); - if (!sz) + if (!(sz = fread(m.data, m.size, 1, fp))) { saved_errno = errno; fclose(fp); @@ -626,8 +622,7 @@ if (rc < 0) CS filename, NULL); temp_fn = string_copy(US "%s.XXXXXXX"); - fd = mkstemp(CS temp_fn); /* modifies temp_fn */ - if (fd < 0) + if ((fd = mkstemp(CS temp_fn)) < 0) /* modifies temp_fn */ return tls_error(US"Unable to open temp file", strerror(errno), NULL); (void)fchown(fd, exim_uid, exim_gid); /* Probably not necessary */ @@ -664,9 +659,9 @@ if (rc < 0) if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER) exim_gnutls_err_check(US"gnutls_dh_params_export_pkcs3(NULL) sizing"); m.size = sz; - m.data = malloc(m.size); - if (m.data == NULL) + if (!(m.data = malloc(m.size))) return tls_error(US"memory allocation failed", strerror(errno), NULL); + /* this will return a size 1 less than the allocation size above */ rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM, m.data, &sz); @@ -677,23 +672,19 @@ if (rc < 0) } m.size = sz; /* shrink by 1, probably */ - sz = write_to_fd_buf(fd, m.data, (size_t) m.size); - if (sz != m.size) + if ((sz = write_to_fd_buf(fd, m.data, (size_t) m.size)) != m.size) { free(m.data); return tls_error(US"TLS cache write D-H params failed", strerror(errno), NULL); } free(m.data); - sz = write_to_fd_buf(fd, US"\n", 1); - if (sz != 1) + if ((sz = write_to_fd_buf(fd, US"\n", 1)) != 1) return tls_error(US"TLS cache write D-H params final newline failed", strerror(errno), NULL); - rc = close(fd); - if (rc) - return tls_error(US"TLS cache write close() failed", - strerror(errno), NULL); + if ((rc = close(fd))) + return tls_error(US"TLS cache write close() failed", strerror(errno), NULL); if (Urename(temp_fn, filename) < 0) return tls_error(string_sprintf("failed to rename \"%s\" as \"%s\"", @@ -709,6 +700,74 @@ return OK; +/* Create and install a selfsigned certificate, for use in server mode */ + +static int +tls_install_selfsign(exim_gnutls_state_st * state) +{ +gnutls_x509_crt_t cert = NULL; +time_t now; +gnutls_x509_privkey_t pkey = NULL; +const uschar * where; +int rc; + +where = US"initialising pkey"; +if ((rc = gnutls_x509_privkey_init(&pkey))) goto err; + +where = US"initialising cert"; +if ((rc = gnutls_x509_crt_init(&cert))) goto err; + +where = US"generating pkey"; +if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA, +#ifdef SUPPORT_PARAM_TO_PK_BITS + gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_LOW), +#else + 1024, +#endif + 0))) + goto err; + +where = US"configuring cert"; +now = 0; +if ( (rc = gnutls_x509_crt_set_version(cert, 3)) + || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now))) + || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL))) + || (rc = gnutls_x509_crt_set_expiration_time(cert, now + 60 * 60)) /* 1 hr */ + || (rc = gnutls_x509_crt_set_key(cert, pkey)) + + || (rc = gnutls_x509_crt_set_dn_by_oid(cert, + GNUTLS_OID_X520_COUNTRY_NAME, 0, "UK", 2)) + || (rc = gnutls_x509_crt_set_dn_by_oid(cert, + GNUTLS_OID_X520_ORGANIZATION_NAME, 0, "Exim Developers", 15)) + || (rc = gnutls_x509_crt_set_dn_by_oid(cert, + GNUTLS_OID_X520_COMMON_NAME, 0, + smtp_active_hostname, Ustrlen(smtp_active_hostname))) + ) + goto err; + +where = US"signing cert"; +if ((rc = gnutls_x509_crt_sign(cert, cert, pkey))) goto err; + +where = US"installing selfsign cert"; + /* Since: 2.4.0 */ +if ((rc = gnutls_certificate_set_x509_key(state->x509_cred, &cert, 1, pkey))) + goto err; + +rc = OK; + +out: + if (cert) gnutls_x509_crt_deinit(cert); + if (pkey) gnutls_x509_privkey_deinit(pkey); + return rc; + +err: + rc = tls_error(where, gnutls_strerror(rc), NULL); + goto out; +} + + + + /************************************************* * Variables re-expanded post-SNI * *************************************************/ @@ -741,7 +800,6 @@ int cert_count; /* We check for tls_sni *before* expansion. */ if (!host) /* server */ - { if (!state->received_sni) { if (state->tls_certificate && @@ -762,7 +820,6 @@ if (!host) /* server */ saved_tls_verify_certificates = state->exp_tls_verify_certificates; saved_tls_crl = state->exp_tls_crl; } - } rc = gnutls_certificate_allocate_credentials(&state->x509_cred); exim_gnutls_err_check(US"gnutls_certificate_allocate_credentials"); @@ -779,14 +836,13 @@ if (!expand_check_tlsvar(tls_certificate)) /* certificate is mandatory in server, optional in client */ -if ((state->exp_tls_certificate == NULL) || - (*state->exp_tls_certificate == '\0')) - { +if ( !state->exp_tls_certificate + || !*state->exp_tls_certificate + ) if (!host) - return tls_error(US"no TLS server certificate is specified", NULL, NULL); + return tls_install_selfsign(state); else DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n"); - } if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey)) return DEFER; @@ -806,9 +862,9 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) state->exp_tls_certificate, state->exp_tls_privatekey); if (state->received_sni) - { - if ((Ustrcmp(state->exp_tls_certificate, saved_tls_certificate) == 0) && - (Ustrcmp(state->exp_tls_privatekey, saved_tls_privatekey) == 0)) + if ( Ustrcmp(state->exp_tls_certificate, saved_tls_certificate) == 0 + && Ustrcmp(state->exp_tls_privatekey, saved_tls_privatekey) == 0 + ) { DEBUG(D_tls) debug_printf("TLS SNI: cert and key unchanged\n"); } @@ -816,7 +872,6 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) { DEBUG(D_tls) debug_printf("TLS SNI: have a changed cert/key pair.\n"); } - } rc = gnutls_certificate_set_x509_key_file(state->x509_cred, CS state->exp_tls_certificate, CS state->exp_tls_privatekey, @@ -911,7 +966,7 @@ else but who knows if someone has some weird FIFO which always dumps some certs, or other weirdness. The thing we really want to check is that it's not a directory, since while OpenSSL supports that, GnuTLS does not. - So s/!S_ISREG/S_ISDIR/ and change some messsaging ... */ + So s/!S_ISREG/S_ISDIR/ and change some messaging ... */ if (S_ISDIR(statbuf.st_mode)) { DEBUG(D_tls) @@ -1448,7 +1503,7 @@ else int sep = 0; const uschar * list = state->exp_tls_verify_cert_hostnames; uschar * name; - while (name = string_nextinlist(&list, &sep, NULL, 0)) + while ((name = string_nextinlist(&list, &sep, NULL, 0))) if (gnutls_x509_crt_check_hostname(state->tlsp->peercert, CS name)) break; if (!name) @@ -1761,24 +1816,33 @@ state->fd_out = fileno(smtp_out); sigalrm_seen = FALSE; if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); do - { rc = gnutls_handshake(state->session); - } while ((rc == GNUTLS_E_AGAIN) || - (rc == GNUTLS_E_INTERRUPTED && !sigalrm_seen)); +while (rc == GNUTLS_E_AGAIN || rc == GNUTLS_E_INTERRUPTED && !sigalrm_seen); alarm(0); if (rc != GNUTLS_E_SUCCESS) { - tls_error(US"gnutls_handshake", - sigalrm_seen ? "timed out" : gnutls_strerror(rc), NULL); /* It seems that, except in the case of a timeout, we have to close the connection right here; otherwise if the other end is running OpenSSL it hangs until the server times out. */ - if (!sigalrm_seen) + if (sigalrm_seen) + { + tls_error(US"gnutls_handshake", "timed out", NULL); + gnutls_db_remove_session(state->session); + } + else { + tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL); + (void) gnutls_alert_send_appropriate(state->session, rc); + gnutls_deinit(state->session); + gnutls_certificate_free_credentials(state->x509_cred); + millisleep(500); + shutdown(state->fd_out, SHUT_WR); + for (rc = 1024; fgetc(smtp_in) != EOF && rc > 0; ) rc--; /* drain skt */ (void)fclose(smtp_out); (void)fclose(smtp_in); + smtp_out = smtp_in = NULL; } return FAIL; @@ -1803,8 +1867,7 @@ if ( state->verify_requirement != VERIFY_NONE /* Figure out peer DN, and if authenticated, etc. */ -rc = peer_status(state); -if (rc != OK) return rc; +if ((rc = peer_status(state)) != OK) return rc; /* Sets various Exim expansion variables; always safe within server */ @@ -1816,6 +1879,7 @@ and initialize appropriately. */ state->xfer_buffer = store_malloc(ssl_xfer_buffer_size); receive_getc = tls_getc; +receive_get_cache = tls_get_cache; receive_ungetc = tls_ungetc; receive_feof = tls_feof; receive_ferror = tls_ferror; @@ -1867,7 +1931,7 @@ tls_client_start(int fd, host_item *host, address_item *addr ARG_UNUSED, transport_instance *tb #ifdef EXPERIMENTAL_DANE - , dne_answer * unused_tlsa_dnsa + , dns_answer * unused_tlsa_dnsa #endif ) { @@ -1979,8 +2043,13 @@ do alarm(0); if (rc != GNUTLS_E_SUCCESS) - return tls_error(US"gnutls_handshake", - sigalrm_seen ? "timed out" : gnutls_strerror(rc), state->host); + if (sigalrm_seen) + { + gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_USER_CANCELED); + return tls_error(US"gnutls_handshake", "timed out", state->host); + } + else + return tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host); DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n"); @@ -2062,6 +2131,8 @@ if (shutdown) } gnutls_deinit(state->session); +gnutls_certificate_free_credentials(state->x509_cred); + state->tlsp->active = -1; memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); @@ -2107,21 +2178,32 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) ssl_xfer_buffer_size); alarm(0); - /* A zero-byte return appears to mean that the TLS session has been + /* Timeouts do not get this far; see command_timeout_handler(). + A zero-byte return appears to mean that the TLS session has been closed down, not that the socket itself has been closed down. Revert to non-TLS handling. */ - if (inbytes == 0) + if (sigalrm_seen) + { + DEBUG(D_tls) debug_printf("Got tls read timeout\n"); + state->xfer_error = 1; + return EOF; + } + + else if (inbytes == 0) { DEBUG(D_tls) debug_printf("Got TLS_EOF\n"); receive_getc = smtp_getc; + receive_get_cache = smtp_get_cache; receive_ungetc = smtp_ungetc; receive_feof = smtp_feof; receive_ferror = smtp_ferror; receive_smtp_buffered = smtp_buffered; gnutls_deinit(state->session); + gnutls_certificate_free_credentials(state->x509_cred); + state->session = NULL; state->tlsp->active = -1; state->tlsp->bits = 0; @@ -2154,6 +2236,17 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) return state->xfer_buffer[state->xfer_buffer_lwm++]; } +void +tls_get_cache() +{ +#ifndef DISABLE_DKIM +exim_gnutls_state_st * state = &state_server; +int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm; +if (n > 0) + dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n); +#endif +} + diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 9e008e149..452452df2 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Portions Copyright (c) The OpenSSL Project 1999 */ @@ -41,6 +41,18 @@ functions from the OpenSSL library. */ #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) # define EXIM_HAVE_OPENSSL_TLSEXT #endif +#if OPENSSL_VERSION_NUMBER >= 0x00908000L +# define EXIM_HAVE_RSA_GENKEY_EX +#endif +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_OCSP_RESP_COUNT +#else +# define EXIM_HAVE_EPHEM_RSA_KEX +# define EXIM_HAVE_RAND_PSEUDO +#endif +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) +# define EXIM_HAVE_SHA256 +#endif /* * X509_check_host provides sane certificate hostname checking, but was added @@ -71,7 +83,9 @@ functions from the OpenSSL library. */ # define EXIM_HAVE_ECDH # endif # if OPENSSL_VERSION_NUMBER >= 0x10002000L -# define EXIM_HAVE_OPENSSL_ECDH_AUTO +# if OPENSSL_VERSION_NUMBER < 0x10100000L +# define EXIM_HAVE_OPENSSL_ECDH_AUTO +# endif # define EXIM_HAVE_OPENSSL_EC_NIST2NID # endif # endif @@ -137,6 +151,7 @@ typedef struct tls_ext_ctx_cb { uschar *privatekey; #ifndef DISABLE_OCSP BOOL is_server; + STACK_OF(X509) *verify_stack; /* chain for verifying the proof */ union { struct { uschar *file; @@ -200,7 +215,7 @@ Returns: OK/DEFER/FAIL */ static int -tls_error(uschar * prefix, const host_item * host, uschar * msg) +tls_error(uschar * prefix, const host_item * host, uschar * msg) { if (!msg) { @@ -228,6 +243,7 @@ else +#ifdef EXIM_HAVE_EPHEM_RSA_KEX /************************************************* * Callback to generate RSA key * *************************************************/ @@ -245,10 +261,22 @@ static RSA * rsa_callback(SSL *s, int export, int keylength) { RSA *rsa_key; +#ifdef EXIM_HAVE_RSA_GENKEY_EX +BIGNUM *bn = BN_new(); +#endif + export = export; /* Shut picky compilers up */ DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength); -rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL); -if (rsa_key == NULL) + +#ifdef EXIM_HAVE_RSA_GENKEY_EX +if ( !BN_set_word(bn, (unsigned long)RSA_F4) + || !(rsa_key = RSA_new()) + || !RSA_generate_key_ex(rsa_key, keylength, bn, NULL) + ) +#else +if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL))) +#endif + { ERR_error_string(ERR_get_error(), ssl_errstring); log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (RSA_generate_key): %s", @@ -257,6 +285,7 @@ if (rsa_key == NULL) } return rsa_key; } +#endif @@ -398,6 +427,7 @@ else if (depth != 0) if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store, cert)) ERR_clear_error(); + sk_X509_push(client_static_cbinfo->verify_stack, cert); } #endif #ifndef DISABLE_EVENT @@ -751,7 +781,6 @@ return !rv; /************************************************* * Load OCSP information into state * *************************************************/ - /* Called to load the server OCSP response from the given file into memory, once caller has determined this is needed. Checks validity. Debugs a message if invalid. @@ -768,12 +797,12 @@ Arguments: static void ocsp_load_response(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo, const uschar *expanded) { -BIO *bio; -OCSP_RESPONSE *resp; -OCSP_BASICRESP *basic_response; -OCSP_SINGLERESP *single_response; -ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; -X509_STORE *store; +BIO * bio; +OCSP_RESPONSE * resp; +OCSP_BASICRESP * basic_response; +OCSP_SINGLERESP * single_response; +ASN1_GENERALIZEDTIME * rev, * thisupd, * nextupd; +STACK_OF(X509) * sk; unsigned long verify_flags; int status, reason, i; @@ -784,8 +813,7 @@ if (cbinfo->u_ocsp.server.response) cbinfo->u_ocsp.server.response = NULL; } -bio = BIO_new_file(CS cbinfo->u_ocsp.server.file_expanded, "rb"); -if (!bio) +if (!(bio = BIO_new_file(CS cbinfo->u_ocsp.server.file_expanded, "rb"))) { DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n", cbinfo->u_ocsp.server.file_expanded); @@ -800,33 +828,54 @@ if (!resp) return; } -status = OCSP_response_status(resp); -if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) +if ((status = OCSP_response_status(resp)) != OCSP_RESPONSE_STATUS_SUCCESSFUL) { DEBUG(D_tls) debug_printf("OCSP response not valid: %s (%d)\n", OCSP_response_status_str(status), status); goto bad; } -basic_response = OCSP_response_get1_basic(resp); -if (!basic_response) +if (!(basic_response = OCSP_response_get1_basic(resp))) { DEBUG(D_tls) debug_printf("OCSP response parse error: unable to extract basic response.\n"); goto bad; } -store = SSL_CTX_get_cert_store(sctx); +sk = cbinfo->verify_stack; verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */ /* May need to expose ability to adjust those flags? OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT OCSP_TRUSTOTHER OCSP_NOINTERN */ -i = OCSP_basic_verify(basic_response, NULL, store, verify_flags); -if (i <= 0) +/* This does a full verify on the OCSP proof before we load it for serviing +up; possibly overkill - just date-checks might be nice enough. + +OCSP_basic_verify takes a "store" arg, but does not +use it for the chain verification, which is all we do +when OCSP_NOVERIFY is set. The content from the wire +"basic_response" and a cert-stack "sk" are all that is used. + +We have a stack, loaded in setup_certs() if tls_verify_certificates +was a file (not a directory, or "system"). It is unfortunate we +cannot used the connection context store, as that would neatly +handle the "system" case too, but there seems to be no library +function for getting a stack from a store. +[ In OpenSSL 1.1 - ? X509_STORE_CTX_get0_chain(ctx) ? ] +We do not free the stack since it could be needed a second time for +SNI handling. + +Seperately we might try to replace using OCSP_basic_verify() - which seems to not +be a public interface into the OpenSSL library (there's no manual entry) - +But what with? We also use OCSP_basic_verify in the client stapling callback. +And there we NEED it; we miust verify that status... unless the +library does it for us anyway? */ + +if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0) { - DEBUG(D_tls) { + DEBUG(D_tls) + { ERR_error_string(ERR_get_error(), ssl_errstring); debug_printf("OCSP response verify failure: %s\n", US ssl_errstring); } @@ -840,8 +889,8 @@ proves false, we need to extract a cert id from our issued cert right cert in the stack and then calls OCSP_single_get0_status()). I'm hoping to avoid reworking a bunch more of how we handle state here. */ -single_response = OCSP_resp_get0(basic_response, 0); -if (!single_response) + +if (!(single_response = OCSP_resp_get0(basic_response, 0))) { DEBUG(D_tls) debug_printf("Unable to get first response from OCSP basic response.\n"); @@ -872,7 +921,7 @@ bad: { extern char ** environ; uschar ** p; - for (p = USS environ; *p != NULL; p++) + if (environ) for (p = USS environ; *p != NULL; p++) if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0) { DEBUG(D_tls) debug_printf("Supplying known bad OCSP response\n"); @@ -886,6 +935,73 @@ return; +/* Create and install a selfsigned certificate, for use in server mode */ + +static int +tls_install_selfsign(SSL_CTX * sctx) +{ +X509 * x509 = NULL; +EVP_PKEY * pkey; +RSA * rsa; +X509_NAME * name; +uschar * where; + +where = US"allocating pkey"; +if (!(pkey = EVP_PKEY_new())) + goto err; + +where = US"allocating cert"; +if (!(x509 = X509_new())) + goto err; + +where = US"generating pkey"; + /* deprecated, use RSA_generate_key_ex() */ +if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) + goto err; + +where = US"assiging pkey"; +if (!EVP_PKEY_assign_RSA(pkey, rsa)) + goto err; + +X509_set_version(x509, 2); /* N+1 - version 3 */ +ASN1_INTEGER_set(X509_get_serialNumber(x509), 0); +X509_gmtime_adj(X509_get_notBefore(x509), 0); +X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */ +X509_set_pubkey(x509, pkey); + +name = X509_get_subject_name(x509); +X509_NAME_add_entry_by_txt(name, "C", + MBSTRING_ASC, CUS "UK", -1, -1, 0); +X509_NAME_add_entry_by_txt(name, "O", + MBSTRING_ASC, CUS "Exim Developers", -1, -1, 0); +X509_NAME_add_entry_by_txt(name, "CN", + MBSTRING_ASC, CUS smtp_active_hostname, -1, -1, 0); +X509_set_issuer_name(x509, name); + +where = US"signing cert"; +if (!X509_sign(x509, pkey, EVP_md5())) + goto err; + +where = US"installing selfsign cert"; +if (!SSL_CTX_use_certificate(sctx, x509)) + goto err; + +where = US"installing selfsign key"; +if (!SSL_CTX_use_PrivateKey(sctx, pkey)) + goto err; + +return OK; + +err: + (void) tls_error(where, NULL, NULL); + if (x509) X509_free(x509); + if (pkey) EVP_PKEY_free(pkey); + return DEFER; +} + + + + /************************************************* * Expand key and cert file specs * *************************************************/ @@ -906,41 +1022,49 @@ tls_expand_session_files(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo) { uschar *expanded; -if (cbinfo->certificate == NULL) - return OK; - -if (Ustrstr(cbinfo->certificate, US"tls_sni") || - Ustrstr(cbinfo->certificate, US"tls_in_sni") || - Ustrstr(cbinfo->certificate, US"tls_out_sni") - ) - reexpand_tls_files_for_sni = TRUE; - -if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded)) - return DEFER; - -if (expanded != NULL) +if (!cbinfo->certificate) { - DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded); - if (!SSL_CTX_use_certificate_chain_file(sctx, CS expanded)) - return tls_error(string_sprintf( - "SSL_CTX_use_certificate_chain_file file=%s", expanded), - cbinfo->host, NULL); + if (cbinfo->host) /* client */ + return OK; + /* server */ + if (tls_install_selfsign(sctx) != OK) + return DEFER; } +else + { + if (Ustrstr(cbinfo->certificate, US"tls_sni") || + Ustrstr(cbinfo->certificate, US"tls_in_sni") || + Ustrstr(cbinfo->certificate, US"tls_out_sni") + ) + reexpand_tls_files_for_sni = TRUE; -if (cbinfo->privatekey != NULL && - !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded)) - return DEFER; + if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded)) + return DEFER; + + if (expanded != NULL) + { + DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded); + if (!SSL_CTX_use_certificate_chain_file(sctx, CS expanded)) + return tls_error(string_sprintf( + "SSL_CTX_use_certificate_chain_file file=%s", expanded), + cbinfo->host, NULL); + } -/* If expansion was forced to fail, key_expanded will be NULL. If the result -of the expansion is an empty string, ignore it also, and assume the private -key is in the same file as the certificate. */ + if (cbinfo->privatekey != NULL && + !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded)) + return DEFER; -if (expanded && *expanded) - { - DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded); - if (!SSL_CTX_use_PrivateKey_file(sctx, CS expanded, SSL_FILETYPE_PEM)) - return tls_error(string_sprintf( - "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL); + /* If expansion was forced to fail, key_expanded will be NULL. If the result + of the expansion is an empty string, ignore it also, and assume the private + key is in the same file as the certificate. */ + + if (expanded && *expanded) + { + DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded); + if (!SSL_CTX_use_PrivateKey_file(sctx, CS expanded, SSL_FILETYPE_PEM)) + return tls_error(string_sprintf( + "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL); + } } #ifndef DISABLE_OCSP @@ -958,9 +1082,7 @@ if (cbinfo->is_server && cbinfo->u_ocsp.server.file) DEBUG(D_tls) debug_printf(" - value unchanged, using existing values\n"); } else - { ocsp_load_response(sctx, cbinfo, expanded); - } } } #endif @@ -1047,8 +1169,9 @@ if (cbinfo->u_ocsp.server.file) } #endif -rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, verify_callback_server); -if (rc != OK) return SSL_TLSEXT_ERR_NOACK; +if ((rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, + verify_callback_server)) != OK) + return SSL_TLSEXT_ERR_NOACK; /* do this after setup_certs, because this can require the certs for verifying OCSP information. */ @@ -1176,7 +1299,7 @@ if(!(bs = OCSP_response_get1_basic(rsp))) /* Use the chain that verified the server cert to verify the stapled info */ /* DEBUG(D_tls) x509_store_dump_cert_s_names(cbinfo->u_ocsp.client.verify_store); */ - if ((i = OCSP_basic_verify(bs, NULL, + if ((i = OCSP_basic_verify(bs, cbinfo->verify_stack, cbinfo->u_ocsp.client.verify_store, 0)) <= 0) { tls_out.ocsp = OCSP_FAILED; @@ -1184,23 +1307,33 @@ if(!(bs = OCSP_response_get1_basic(rsp))) log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable"); BIO_printf(bp, "OCSP response verify failure\n"); ERR_print_errors(bp); - i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; - goto out; + goto failed; } BIO_printf(bp, "OCSP response well-formed and signed OK\n"); + /*XXX So we have a good stapled OCSP status. How do we know + it is for the cert of interest? OpenSSL 1.1.0 has a routine + OCSP_resp_find_status() which matches on a cert id, which presumably + we should use. Making an id needs OCSP_cert_id_new(), which takes + issuerName, issuerKey, serialNumber. Are they all in the cert? + + For now, carry on blindly accepting the resp. */ + { - STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses; OCSP_SINGLERESP * single; +#ifdef EXIM_HAVE_OCSP_RESP_COUNT + if (OCSP_resp_count(bs) != 1) +#else + STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses; if (sk_OCSP_SINGLERESP_num(sresp) != 1) +#endif { tls_out.ocsp = OCSP_FAILED; log_write(0, LOG_MAIN, "OCSP stapling " "with multiple responses not handled"); - i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; - goto out; + goto failed; } single = OCSP_resp_get0(bs, 0); status = OCSP_single_get0_status(single, &reason, &rev, @@ -1215,7 +1348,6 @@ if(!(bs = OCSP_response_get1_basic(rsp))) tls_out.ocsp = OCSP_FAILED; DEBUG(D_tls) ERR_print_errors(bp); log_write(0, LOG_MAIN, "Server OSCP dates invalid"); - i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; } else { @@ -1226,24 +1358,24 @@ if(!(bs = OCSP_response_get1_basic(rsp))) case V_OCSP_CERTSTATUS_GOOD: tls_out.ocsp = OCSP_VFIED; i = 1; - break; + goto good; case V_OCSP_CERTSTATUS_REVOKED: tls_out.ocsp = OCSP_FAILED; log_write(0, LOG_MAIN, "Server certificate revoked%s%s", reason != -1 ? "; reason: " : "", reason != -1 ? OCSP_crl_reason_str(reason) : ""); DEBUG(D_tls) time_print(bp, "Revocation Time", rev); - i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; break; default: tls_out.ocsp = OCSP_FAILED; log_write(0, LOG_MAIN, "Server certificate status unknown, in OCSP stapling"); - i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; break; } } - out: + failed: + i = cbinfo->u_ocsp.client.verify_required ? 0 : 1; + good: BIO_free(bp); } @@ -1290,6 +1422,7 @@ cbinfo = store_malloc(sizeof(tls_ext_ctx_cb)); cbinfo->certificate = certificate; cbinfo->privatekey = privatekey; #ifndef DISABLE_OCSP +cbinfo->verify_stack = NULL; if ((cbinfo->is_server = host==NULL)) { cbinfo->u_ocsp.server.file = ocsp_file; @@ -1309,7 +1442,7 @@ cbinfo->event_action = NULL; SSL_load_error_strings(); /* basic set up */ OpenSSL_add_ssl_algorithms(); -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) +#ifdef EXIM_HAVE_SHA256 /* SHA256 is becoming ever more popular. This makes sure it gets added to the list of available digests. */ EVP_add_digest(EVP_sha256()); @@ -1323,10 +1456,9 @@ when OpenSSL is built without SSLv2 support. By disabling with openssl_options, we can let admins re-enable with the existing knob. */ -*ctxp = SSL_CTX_new((host == NULL)? - SSLv23_server_method() : SSLv23_client_method()); +*ctxp = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method()); -if (*ctxp == NULL) return tls_error(US"SSL_CTX_new", host, NULL); +if (!*ctxp) return tls_error(US"SSL_CTX_new", host, NULL); /* It turns out that we need to seed the random number generator this early in order to get the full complement of ciphers to work. It took me roughly a day @@ -1392,11 +1524,20 @@ if ( !init_dh(*ctxp, dhparam, host) /* Set up certificate and key (and perhaps OCSP info) */ -rc = tls_expand_session_files(*ctxp, cbinfo); -if (rc != OK) return rc; +if ((rc = tls_expand_session_files(*ctxp, cbinfo)) != OK) + return rc; + +/* If we need to handle SNI or OCSP, do so */ -/* If we need to handle SNI, do so */ #ifdef EXIM_HAVE_OPENSSL_TLSEXT +# ifndef DISABLE_OCSP + if (!(cbinfo->verify_stack = sk_X509_new_null())) + { + DEBUG(D_tls) debug_printf("failed to create stack for stapling verify\n"); + return FAIL; + } +# endif + if (host == NULL) /* server */ { # ifndef DISABLE_OCSP @@ -1432,9 +1573,10 @@ else /* client */ cbinfo->verify_cert_hostnames = NULL; +#ifdef EXIM_HAVE_EPHEM_RSA_KEX /* Set up the RSA callback */ - SSL_CTX_set_tmp_rsa_callback(*ctxp, rsa_callback); +#endif /* Finally, set the timeout, and we are done */ @@ -1512,6 +1654,23 @@ else * Set up for verifying certificates * *************************************************/ +/* Load certs from file, return TRUE on success */ + +static BOOL +chain_from_pem_file(const uschar * file, STACK_OF(X509) * verify_stack) +{ +BIO * bp; +X509 * x; + +if (!(bp = BIO_new_file(CS file, "r"))) return FALSE; +while ((x = PEM_read_bio_X509(bp, NULL, 0, NULL))) + sk_X509_push(verify_stack, x); +BIO_free(bp); +return TRUE; +} + + + /* Called by both client and server startup Arguments: @@ -1559,12 +1718,29 @@ if (expcerts && *expcerts) if ((statbuf.st_mode & S_IFMT) == S_IFDIR) { file = NULL; dir = expcerts; } else - { file = expcerts; dir = NULL; } + { + file = expcerts; dir = NULL; +#ifndef DISABLE_OCSP + /* In the server if we will be offering an OCSP proof, load chain from + file for verifying the OCSP proof at load time. */ + + if ( !host + && statbuf.st_size > 0 + && server_static_cbinfo->u_ocsp.server.file + && !chain_from_pem_file(file, server_static_cbinfo->verify_stack) + ) + { + log_write(0, LOG_MAIN|LOG_PANIC, + "failed to load cert hain from %s", file); + return DEFER; + } +#endif + } /* If a certificate file is empty, the next function fails with an unhelpful error message. If we skip it, we get the correct behaviour (no certificates are recognized, but the error message is still misleading (it - says no certificate was supplied.) But this is better. */ + says no certificate was supplied). But this is better. */ if ( (!file || statbuf.st_size > 0) && !SSL_CTX_load_verify_locations(sctx, CS file, CS dir)) @@ -1711,9 +1887,9 @@ were historically separated by underscores. So that I can use either form in my tests, and also for general convenience, we turn underscores into hyphens here. */ -if (expciphers != NULL) +if (expciphers) { - uschar *s = expciphers; + uschar * s = expciphers; while (*s != 0) { if (*s == '_') *s = '-'; s++; } DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers); if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers)) @@ -1747,7 +1923,7 @@ else if (verify_check_host(&tls_try_verify_hosts) == OK) /* Prepare for new connection */ -if ((server_ssl = SSL_new(server_ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL); +if (!(server_ssl = SSL_new(server_ctx))) return tls_error(US"SSL_new", NULL, NULL); /* Warning: we used to SSL_clear(ssl) here, it was removed. * @@ -1831,6 +2007,7 @@ ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0; ssl_xfer_eof = ssl_xfer_error = 0; receive_getc = tls_getc; +receive_get_cache = tls_get_cache; receive_ungetc = tls_ungetc; receive_feof = tls_feof; receive_ferror = tls_ferror; @@ -1900,7 +2077,7 @@ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) ) if (rr->type == T_TLSA) { - uschar * p = rr->data; + const uschar * p = rr->data; uint8_t usage, selector, mtype; const char * mdname; @@ -1924,8 +2101,8 @@ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); switch (DANESSL_add_tlsa(ssl, usage, selector, mdname, p, rr->size - 3)) { default: - case 0: /* action not taken */ return tls_error(US"tlsa load", host, NULL); + case 0: /* action not taken */ case 1: break; } @@ -2082,8 +2259,7 @@ if (ob->tls_sni) DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_out.sni); SSL_set_tlsext_host_name(client_ssl, tls_out.sni); #else - DEBUG(D_tls) - debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n", + log_write(0, LOG_MAIN, "SNI unusable with this OpenSSL library version; ignoring \"%s\"\n", tls_out.sni); #endif } @@ -2202,6 +2378,7 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n"); receive_getc = smtp_getc; + receive_get_cache = smtp_get_cache; receive_ungetc = smtp_ungetc; receive_feof = smtp_feof; receive_ferror = smtp_ferror; @@ -2247,6 +2424,16 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) return ssl_xfer_buffer[ssl_xfer_buffer_lwm++]; } +void +tls_get_cache() +{ +#ifndef DISABLE_DKIM +int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm; +if (n > 0) + dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n); +#endif +} + /************************************************* @@ -2328,27 +2515,28 @@ while (left > 0) switch (error) { case SSL_ERROR_SSL: - ERR_error_string(ERR_get_error(), ssl_errstring); - log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring); - return -1; + ERR_error_string(ERR_get_error(), ssl_errstring); + log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring); + return -1; case SSL_ERROR_NONE: - left -= outbytes; - buff += outbytes; - break; + left -= outbytes; + buff += outbytes; + break; case SSL_ERROR_ZERO_RETURN: - log_write(0, LOG_MAIN, "SSL channel closed on write"); - return -1; + log_write(0, LOG_MAIN, "SSL channel closed on write"); + return -1; case SSL_ERROR_SYSCALL: - log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s", - sender_fullhost ? sender_fullhost : US"<unknown>", - strerror(errno)); + log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s", + sender_fullhost ? sender_fullhost : US"<unknown>", + strerror(errno)); + return -1; default: - log_write(0, LOG_MAIN, "SSL_write error %d", error); - return -1; + log_write(0, LOG_MAIN, "SSL_write error %d", error); + return -1; } } return len; @@ -2559,8 +2747,13 @@ i = (i + 7) / 8; if (i < needed_len) needed_len = i; +#ifdef EXIM_HAVE_RAND_PSEUDO /* We do not care if crypto-strong */ i = RAND_pseudo_bytes(smallbuf, needed_len); +#else +i = RAND_bytes(smallbuf, needed_len); +#endif + if (i < 0) { DEBUG(D_all) @@ -2780,6 +2973,7 @@ for (s=option_spec; *s != '\0'; /**/) keep_c = *end; *end = '\0'; item_parsed = tls_openssl_one_option_parse(s, &item); + *end = keep_c; if (!item_parsed) { DEBUG(D_tls) debug_printf("openssl option setting unrecognised: \"%s\"\n", s); @@ -2791,7 +2985,6 @@ for (s=option_spec; *s != '\0'; /**/) result |= item; else result &= ~item; - *end = keep_c; s = end; } diff --git a/src/src/tls.c b/src/src/tls.c index 5958dfc1c..55295108c 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is @@ -84,26 +84,23 @@ return TRUE; * Timezone environment flipping * *************************************************/ -#ifdef MISSING_UNSETENV_3 -# include "setenv.c" -#endif - static uschar * to_tz(uschar * tz) { - uschar * old = US getenv("TZ"); - (void) setenv("TZ", CCS tz, 1); - tzset(); - return old; +uschar * old = US getenv("TZ"); +(void) setenv("TZ", CCS tz, 1); +tzset(); +return old; } + static void restore_tz(uschar * tz) { - if (tz) - (void) setenv("TZ", CCS tz, 1); - else - (void) unsetenv("TZ"); - tzset(); +if (tz) + (void) setenv("TZ", CCS tz, 1); +else + (void) os_unsetenv(US"TZ"); +tzset(); } /************************************************* diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index 80b6fb142..296398ae9 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -142,12 +142,12 @@ uschar * cp = NULL; int ret; size_t siz = 0; -if ((ret = gnutls_x509_crt_get_issuer_dn(cert, cp, &siz)) +if ((ret = gnutls_x509_crt_get_issuer_dn(cert, CS cp, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gi0", __FUNCTION__, ret); cp = store_get(siz); -if ((ret = gnutls_x509_crt_get_issuer_dn(cert, cp, &siz)) < 0) +if ((ret = gnutls_x509_crt_get_issuer_dn(cert, CS cp, &siz)) < 0) return g_err("gi1", __FUNCTION__, ret); return mod ? tls_field_from_dn(cp, mod) : cp; @@ -183,7 +183,7 @@ if ((ret = gnutls_x509_crt_get_serial((gnutls_x509_crt_t)cert, return g_err("gs0", __FUNCTION__, ret); for(dp = txt, sp = bin; sz; dp += 2, sp++, sz--) - sprintf(dp, "%.2x", *sp); + sprintf(CS dp, "%.2x", *sp); for(sp = txt; sp[0]=='0' && sp[1]; ) sp++; /* leading zeroes */ return string_copy(sp); } @@ -197,16 +197,16 @@ uschar * cp3; size_t len = 0; int ret; -if ((ret = gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, cp1, &len)) +if ((ret = gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, CS cp1, &len)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gs0", __FUNCTION__, ret); cp1 = store_get(len*4+1); -if (gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, cp1, &len) != 0) +if (gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, CS cp1, &len) != 0) return g_err("gs1", __FUNCTION__, ret); for(cp3 = cp2 = cp1+len; cp1 < cp2; cp3 += 3, cp1++) - sprintf(cp3, "%.2x ", *cp1); + sprintf(CS cp3, "%.2x ", *cp1); cp3[-1]= '\0'; return cp2; @@ -217,7 +217,7 @@ tls_cert_signature_algorithm(void * cert, uschar * mod) { gnutls_sign_algorithm_t algo = gnutls_x509_crt_get_signature_algorithm((gnutls_x509_crt_t)cert); -return algo < 0 ? NULL : string_copy(gnutls_sign_get_name(algo)); +return algo < 0 ? NULL : string_copy(US gnutls_sign_get_name(algo)); } uschar * @@ -227,12 +227,12 @@ uschar * cp = NULL; int ret; size_t siz = 0; -if ((ret = gnutls_x509_crt_get_dn(cert, cp, &siz)) +if ((ret = gnutls_x509_crt_get_dn(cert, CS cp, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gs0", __FUNCTION__, ret); cp = store_get(siz); -if ((ret = gnutls_x509_crt_get_dn(cert, cp, &siz)) < 0) +if ((ret = gnutls_x509_crt_get_dn(cert, CS cp, &siz)) < 0) return g_err("gs1", __FUNCTION__, ret); return mod ? tls_field_from_dn(cp, mod) : cp; @@ -255,14 +255,14 @@ unsigned int crit; int ret; ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, - oid, idx, cp1, &siz, &crit); + oid, idx, CS cp1, &siz, &crit); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("ge0", __FUNCTION__, ret); cp1 = store_get(siz*4 + 1); ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, - oid, idx, cp1, &siz, &crit); + oid, idx, CS cp1, &siz, &crit); if (ret < 0) return g_err("ge1", __FUNCTION__, ret); @@ -270,7 +270,7 @@ if (ret < 0) /* just dump for now */ for(cp3 = cp2 = cp1+siz; cp1 < cp2; cp3 += 3, cp1++) - sprintf(cp3, "%.2x ", *cp1); + sprintf(CS cp3, "%.2x ", *cp1); cp3[-1]= '\0'; return cp2; @@ -458,7 +458,7 @@ if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, cp, &siz)) < 0) return g_err("gf1", __FUNCTION__, ret); for (cp3 = cp2 = cp+siz; cp < cp2; cp++, cp3+=2) - sprintf(cp3, "%02X",*cp); + sprintf(CS cp3, "%02X",*cp); return cp2; } diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 4d45ad9f9..690f95081 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2014 - 2015 */ +/* Copyright (c) Jeremy Harris 2014 - 2016 */ /* This module provides TLS (aka SSL) support for Exim using the OpenSSL library. It is #included into the tls.c file when that library is used. @@ -17,6 +17,10 @@ library. It is #included into the tls.c file when that library is used. #include <openssl/rand.h> #include <openssl/x509v3.h> +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +#endif + /***************************************************** * Export/import a certificate, binary/printable @@ -119,7 +123,7 @@ int len; if (!bp) return badalloc(); len = ASN1_TIME_print(bp, asntime); -len = len > 0 ? (int) BIO_get_mem_data(bp, &s) : 0; +len = len > 0 ? (int) BIO_get_mem_data(bp, CSS &s) : 0; if (mod && Ustrcmp(mod, "raw") == 0) /* native ASN */ s = string_copyn(s, len); @@ -137,7 +141,7 @@ else /*XXX %Z might be glibc-specific? Solaris has it, at least*/ /*XXX should we switch to POSIX locale for this? */ tm.tm_isdst = 0; - if (!strptime(CCS s, "%b %e %T %Y %Z", &tm)) + if (!len || !strptime(CCS s, "%b %e %T %Y %Z", &tm)) expand_string_message = US"failed time conversion"; else @@ -314,9 +318,13 @@ uschar * cp3; if (!bp) return badalloc(); +#ifdef EXIM_HAVE_ASN1_MACROS +ASN1_STRING_print(bp, adata); +#else M_ASN1_OCTET_STRING_print(bp, adata); -/* binary data, DER encoded */ +#endif +/* binary data, DER encoded */ /* just dump for now */ len = BIO_get_mem_data(bp, &cp1); cp3 = cp2 = store_get(len*3+1); diff --git a/src/src/transport.c b/src/src/transport.c index 13f3c07fc..8381913fc 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* General functions concerned with transportation, and generic options for all @@ -108,10 +108,23 @@ optionlist optionlist_transports[] = { (void *)offsetof(transport_instance, uid) } }; -int optionlist_transports_size = - sizeof(optionlist_transports)/sizeof(optionlist); +int optionlist_transports_size = nelem(optionlist_transports); +void +readconf_options_transports(void) +{ +struct transport_info * ti; + +readconf_options_from_list(optionlist_transports, nelem(optionlist_transports), US"TP"); + +for (ti = transports_available; ti->driver_name[0]; ti++) + { + macro_create(string_sprintf("_DRVR_TPT_%T", ti->driver_name), US"y", FALSE, TRUE); + readconf_options_from_list(ti->options, (unsigned)*ti->options_count, ti->driver_name); + } +} + /************************************************* * Initialize transport list * *************************************************/ @@ -139,14 +152,11 @@ readconf_driver_init(US"transport", /* Now scan the configured transports and check inconsistencies. A shadow transport is permitted only for local transports. */ -for (t = transports; t != NULL; t = t->next) +for (t = transports; t; t = t->next) { - if (!t->info->local) - { - if (t->shadow != NULL) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "shadow transport not allowed on non-local transport %s", t->name); - } + if (!t->info->local && t->shadow) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG, + "shadow transport not allowed on non-local transport %s", t->name); if (t->body_only && t->headers_only) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, @@ -236,10 +246,12 @@ for (i = 0; i < 100; i++) else { alarm(local_timeout); - #ifdef SUPPORT_TLS - if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else - #endif - rc = write(fd, block, len); +#ifdef SUPPORT_TLS + if (tls_out.active == fd) + rc = tls_write(FALSE, block, len); + else +#endif + rc = write(fd, block, len); save_errno = errno; local_timeout = alarm(0); if (sigalrm_seen) @@ -357,7 +369,7 @@ Arguments: fd file descript to write to chunk pointer to data to write len length of data to write - usr_crlf TRUE if CR LF is wanted at the end of each line + tctx transport context - processing to be done during output In addition, the static nl_xxx variables must be set as required. @@ -365,11 +377,11 @@ Returns: TRUE on success, FALSE on failure (with errno preserved) */ static BOOL -write_chunk(int fd, uschar *chunk, int len, BOOL use_crlf) +write_chunk(int fd, transport_ctx * tctx, uschar *chunk, int len) { uschar *start = chunk; uschar *end = chunk + len; -register uschar *ptr; +uschar *ptr; int mlen = DELIVER_OUT_BUFFER_SIZE - nl_escape_length - 2; /* The assumption is made that the check string will never stretch over move @@ -408,17 +420,30 @@ possible. */ for (ptr = start; ptr < end; ptr++) { - register int ch; + int ch, len; /* Flush the buffer if it has reached the threshold - we want to leave enough room for the next uschar, plus a possible extra CR for an LF, plus the escape string. */ - if (chunk_ptr - deliver_out_buffer > mlen) + if ((len = chunk_ptr - deliver_out_buffer) > mlen) { - if (!transport_write_block(fd, deliver_out_buffer, - chunk_ptr - deliver_out_buffer)) - return FALSE; + DEBUG(D_transport) debug_printf("flushing headers buffer\n"); + + /* If CHUNKING, prefix with BDAT (size) NON-LAST. Also, reap responses + from previous SMTP commands. */ + + if (tctx && tctx->options & topt_use_bdat && tctx->chunk_cb) + { + if ( tctx->chunk_cb(fd, tctx, (unsigned)len, 0) != OK + || !transport_write_block(fd, deliver_out_buffer, len) + || tctx->chunk_cb(fd, tctx, 0, tc_reap_prev) != OK + ) + return FALSE; + } + else + if (!transport_write_block(fd, deliver_out_buffer, len)) + return FALSE; chunk_ptr = deliver_out_buffer; } @@ -428,7 +453,7 @@ for (ptr = start; ptr < end; ptr++) /* Insert CR before NL if required */ - if (use_crlf) *chunk_ptr++ = '\r'; + if (tctx && tctx->options & topt_use_crlf) *chunk_ptr++ = '\r'; *chunk_ptr++ = '\n'; transport_newlines++; @@ -545,14 +570,14 @@ Arguments: pdlist address of anchor of the list of processed addresses first TRUE if this is the first address; set it FALSE afterwards fd the file descriptor to write to - use_crlf to be passed on to write_chunk() + tctx transport context - processing to be done during output Returns: FALSE if writing failed */ static BOOL write_env_to(address_item *p, struct aci **pplist, struct aci **pdlist, - BOOL *first, int fd, BOOL use_crlf) + BOOL *first, int fd, transport_ctx * tctx) { address_item *pp; struct aci *ppp; @@ -560,8 +585,7 @@ struct aci *ppp; /* Do nothing if we have already handled this address. If not, remember it so that we don't handle it again. */ -for (ppp = *pdlist; ppp != NULL; ppp = ppp->next) - { if (p == ppp->ptr) return TRUE; } +for (ppp = *pdlist; ppp; ppp = ppp->next) if (p == ppp->ptr) return TRUE; ppp = store_get(sizeof(struct aci)); ppp->next = *pdlist; @@ -573,19 +597,17 @@ ppp->ptr = p; for (pp = p;; pp = pp->parent) { address_item *dup; - for (dup = addr_duplicate; dup != NULL; dup = dup->next) - { - if (dup->dupof != pp) continue; /* Not a dup of our address */ - if (!write_env_to(dup, pplist, pdlist, first, fd, use_crlf)) return FALSE; - } - if (pp->parent == NULL) break; + for (dup = addr_duplicate; dup; dup = dup->next) + if (dup->dupof == pp) /* a dup of our address */ + if (!write_env_to(dup, pplist, pdlist, first, fd, tctx)) + return FALSE; + if (!pp->parent) break; } /* Check to see if we have already output the progenitor. */ -for (ppp = *pplist; ppp != NULL; ppp = ppp->next) - { if (pp == ppp->ptr) break; } -if (ppp != NULL) return TRUE; +for (ppp = *pplist; ppp; ppp = ppp->next) if (pp == ppp->ptr) break; +if (ppp) return TRUE; /* Remember what we have output, and output it. */ @@ -594,9 +616,9 @@ ppp->next = *pplist; *pplist = ppp; ppp->ptr = pp; -if (!(*first) && !write_chunk(fd, US",\n ", 3, use_crlf)) return FALSE; +if (!*first && !write_chunk(fd, tctx, US",\n ", 3)) return FALSE; *first = FALSE; -return write_chunk(fd, pp->address, Ustrlen(pp->address), use_crlf); +return write_chunk(fd, tctx, pp->address, Ustrlen(pp->address)); } @@ -611,19 +633,19 @@ Arguments: addr (chain of) addresses (for extra headers), or NULL; only the first address is used fd file descriptor to write the message to - sendfn function for output - use_crlf turn NL into CR LF - rewrite_rules chain of header rewriting rules - rewrite_existflags flags for the rewriting rules + tctx transport context + sendfn function for output (transport or verify) Returns: TRUE on success; FALSE on failure. */ BOOL -transport_headers_send(address_item *addr, int fd, uschar *add_headers, uschar *remove_headers, - BOOL (*sendfn)(int fd, uschar * s, int len, BOOL use_crlf), - BOOL use_crlf, rewrite_rule *rewrite_rules, int rewrite_existflags) +transport_headers_send(int fd, transport_ctx * tctx, + BOOL (*sendfn)(int fd, transport_ctx * tctx, uschar * s, int len)) { header_line *h; +const uschar *list; +transport_instance * tblock = tctx ? tctx->tblock : NULL; +address_item * addr = tctx ? tctx->addr : NULL; /* Then the message's headers. Don't write any that are flagged as "old"; that means they were rewritten, or are a record of envelope rewriting, or @@ -632,13 +654,12 @@ match any entries therein. It is a colon-sep list; expand the items separately and squash any empty ones. Then check addr->prop.remove_headers too, provided that addr is not NULL. */ -for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old) +for (h = header_list; h; h = h->next) if (h->type != htype_old) { int i; - const uschar *list = remove_headers; - BOOL include_header = TRUE; + list = tblock ? tblock->remove_headers : NULL; for (i = 0; i < 2; i++) /* For remove_headers && addr->prop.remove_headers */ { if (list) @@ -655,15 +676,15 @@ for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old) errno = ERRNO_CHHEADER_FAIL; return FALSE; } - len = Ustrlen(s); + len = s ? Ustrlen(s) : 0; if (strncmpic(h->text, s, len) != 0) continue; ss = h->text + len; while (*ss == ' ' || *ss == '\t') ss++; if (*ss == ':') break; } - if (s != NULL) { include_header = FALSE; break; } + if (s) { include_header = FALSE; break; } } - if (addr != NULL) list = addr->prop.remove_headers; + if (addr) list = addr->prop.remove_headers; } /* If this header is to be output, try to rewrite it if there are rewriting @@ -671,14 +692,15 @@ for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old) if (include_header) { - if (rewrite_rules) + if (tblock && tblock->rewrite_rules) { void *reset_point = store_get(0); header_line *hh; - if ((hh = rewrite_header(h, NULL, NULL, rewrite_rules, rewrite_existflags, FALSE))) + if ((hh = rewrite_header(h, NULL, NULL, tblock->rewrite_rules, + tblock->rewrite_existflags, FALSE))) { - if (!sendfn(fd, hh->text, hh->slen, use_crlf)) return FALSE; + if (!sendfn(fd, tctx, hh->text, hh->slen)) return FALSE; store_reset(reset_point); continue; /* With the next header line */ } @@ -686,7 +708,7 @@ for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old) /* Either no rewriting rules, or it didn't get rewritten */ - if (!sendfn(fd, h->text, h->slen, use_crlf)) return FALSE; + if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE; } /* Header removed */ @@ -714,20 +736,18 @@ if (addr) header_line *hprev = addr->prop.extra_headers; header_line *hnext; for (i = 0; i < 2; i++) - { - for (h = hprev, hprev = NULL; h != NULL; h = hnext) + for (h = hprev, hprev = NULL; h; h = hnext) { hnext = h->next; h->next = hprev; hprev = h; if (i == 1) { - if (!sendfn(fd, h->text, h->slen, use_crlf)) return FALSE; + if (!sendfn(fd, tctx, h->text, h->slen)) return FALSE; DEBUG(D_transport) debug_printf("added header line(s):\n%s---\n", h->text); } } - } } /* If a string containing additional headers exists it is a newline-sep @@ -737,24 +757,19 @@ up any other headers. An empty string or a forced expansion failure are noops. An added header string from a transport may not end with a newline; add one if it does not. */ -if (add_headers) +if (tblock && (list = CUS tblock->add_headers)) { int sep = '\n'; uschar * s; - while ((s = string_nextinlist(CUSS &add_headers, &sep, NULL, 0))) - if (!(s = expand_string(s))) - { - if (!expand_string_forcedfail) - { errno = ERRNO_CHHEADER_FAIL; return FALSE; } - } - else + while ((s = string_nextinlist(&list, &sep, NULL, 0))) + if ((s = expand_string(s))) { int len = Ustrlen(s); if (len > 0) { - if (!sendfn(fd, s, len, use_crlf)) return FALSE; - if (s[len-1] != '\n' && !sendfn(fd, US"\n", 1, use_crlf)) + if (!sendfn(fd, tctx, s, len)) return FALSE; + if (s[len-1] != '\n' && !sendfn(fd, tctx, US"\n", 1)) return FALSE; DEBUG(D_transport) { @@ -764,11 +779,13 @@ if (add_headers) } } } + else if (!expand_string_forcedfail) + { errno = ERRNO_CHHEADER_FAIL; return FALSE; } } /* Separate headers from body with a blank line */ -return sendfn(fd, US"\n", 1, use_crlf); +return sendfn(fd, tctx, US"\n", 1); } @@ -801,30 +818,32 @@ can include timeouts for certain transports, which are requested by setting transport_write_timeout non-zero. Arguments: - addr (chain of) addresses (for extra headers), or NULL; - only the first address is used fd file descriptor to write the message to - options bit-wise options: - add_return_path if TRUE, add a "return-path" header - add_envelope_to if TRUE, add a "envelope-to" header - add_delivery_date if TRUE, add a "delivery-date" header - use_crlf if TRUE, turn NL into CR LF - end_dot if TRUE, send a terminating "." line at the end - no_headers if TRUE, omit the headers - no_body if TRUE, omit the body - size_limit if > 0, this is a limit to the size of message written; - it is used when returning messages to their senders, - and is approximate rather than exact, owing to chunk - buffering - add_headers a string containing one or more headers to add; it is - expanded, and must be in correct RFC 822 format as - it is transmitted verbatim; NULL => no additions, - and so does empty string or forced expansion fail - remove_headers a colon-separated list of headers to remove, or NULL - check_string a string to check for at the start of lines, or NULL - escape_string a string to insert in front of any check string - rewrite_rules chain of header rewriting rules - rewrite_existflags flags for the rewriting rules + tctx + addr (chain of) addresses (for extra headers), or NULL; + only the first address is used + tblock optional transport instance block (NULL signifies NULL/0): + add_headers a string containing one or more headers to add; it is + expanded, and must be in correct RFC 822 format as + it is transmitted verbatim; NULL => no additions, + and so does empty string or forced expansion fail + remove_headers a colon-separated list of headers to remove, or NULL + rewrite_rules chain of header rewriting rules + rewrite_existflags flags for the rewriting rules + options bit-wise options: + add_return_path if TRUE, add a "return-path" header + add_envelope_to if TRUE, add a "envelope-to" header + add_delivery_date if TRUE, add a "delivery-date" header + use_crlf if TRUE, turn NL into CR LF + end_dot if TRUE, send a terminating "." line at the end + no_headers if TRUE, omit the headers + no_body if TRUE, omit the body + check_string a string to check for at the start of lines, or NULL + escape_string a string to insert in front of any check string + size_limit if > 0, this is a limit to the size of message written; + it is used when returning messages to their senders, + and is approximate rather than exact, owing to chunk + buffering Returns: TRUE on success; FALSE (with errno) on failure. In addition, the global variable transport_count @@ -832,13 +851,9 @@ Returns: TRUE on success; FALSE (with errno) on failure. */ static BOOL -internal_transport_write_message(address_item *addr, int fd, int options, - int size_limit, uschar *add_headers, uschar *remove_headers, uschar *check_string, - uschar *escape_string, rewrite_rule *rewrite_rules, int rewrite_existflags) +internal_transport_write_message(int fd, transport_ctx * tctx, int size_limit) { -int written = 0; int len; -BOOL use_crlf = (options & topt_use_crlf) != 0; /* Initialize pointer in output buffer. */ @@ -847,39 +862,41 @@ chunk_ptr = deliver_out_buffer; /* Set up the data for start-of-line data checking and escaping */ nl_partial_match = -1; -if (check_string != NULL && escape_string != NULL) +if (tctx->check_string && tctx->escape_string) { - nl_check = check_string; + nl_check = tctx->check_string; nl_check_length = Ustrlen(nl_check); - nl_escape = escape_string; + nl_escape = tctx->escape_string; nl_escape_length = Ustrlen(nl_escape); } -else nl_check_length = nl_escape_length = 0; +else + nl_check_length = nl_escape_length = 0; /* Whether the escaping mechanism is applied to headers or not is controlled by an option (set for SMTP, not otherwise). Negate the length if not wanted till after the headers. */ -if ((options & topt_escape_headers) == 0) nl_check_length = -nl_check_length; +if (!(tctx->options & topt_escape_headers)) + nl_check_length = -nl_check_length; /* Write the headers if required, including any that have to be added. If there are header rewriting rules, apply them. */ -if ((options & topt_no_headers) == 0) +if (!(tctx->options & topt_no_headers)) { /* Add return-path: if requested. */ - if ((options & topt_add_return_path) != 0) + if (tctx->options & topt_add_return_path) { uschar buffer[ADDRESS_MAXLENGTH + 20]; - sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH, + int n = sprintf(CS buffer, "Return-path: <%.*s>\n", ADDRESS_MAXLENGTH, return_path); - if (!write_chunk(fd, buffer, Ustrlen(buffer), use_crlf)) return FALSE; + if (!write_chunk(fd, tctx, buffer, n)) return FALSE; } /* Add envelope-to: if requested */ - if ((options & topt_add_envelope_to) != 0) + if (tctx->options & topt_add_envelope_to) { BOOL first = TRUE; address_item *p; @@ -887,30 +904,29 @@ if ((options & topt_no_headers) == 0) struct aci *dlist = NULL; void *reset_point = store_get(0); - if (!write_chunk(fd, US"Envelope-to: ", 13, use_crlf)) return FALSE; + if (!write_chunk(fd, tctx, US"Envelope-to: ", 13)) return FALSE; /* Pick up from all the addresses. The plist and dlist variables are anchors for lists of addresses already handled; they have to be defined at this level becuase write_env_to() calls itself recursively. */ - for (p = addr; p != NULL; p = p->next) - { - if (!write_env_to(p, &plist, &dlist, &first, fd, use_crlf)) return FALSE; - } + for (p = tctx->addr; p; p = p->next) + if (!write_env_to(p, &plist, &dlist, &first, fd, tctx)) + return FALSE; /* Add a final newline and reset the store used for tracking duplicates */ - if (!write_chunk(fd, US"\n", 1, use_crlf)) return FALSE; + if (!write_chunk(fd, tctx, US"\n", 1)) return FALSE; store_reset(reset_point); } /* Add delivery-date: if requested. */ - if ((options & topt_add_delivery_date) != 0) + if (tctx->options & topt_add_delivery_date) { uschar buffer[100]; - sprintf(CS buffer, "Delivery-date: %s\n", tod_stamp(tod_full)); - if (!write_chunk(fd, buffer, Ustrlen(buffer), use_crlf)) return FALSE; + int n = sprintf(CS buffer, "Delivery-date: %s\n", tod_stamp(tod_full)); + if (!write_chunk(fd, tctx, buffer, n)) return FALSE; } /* Then the message's headers. Don't write any that are flagged as "old"; @@ -918,35 +934,88 @@ if ((options & topt_no_headers) == 0) were removed (e.g. Bcc). If remove_headers is not null, skip any headers that match any entries therein. Then check addr->prop.remove_headers too, provided that addr is not NULL. */ - if (!transport_headers_send(addr, fd, add_headers, remove_headers, &write_chunk, - use_crlf, rewrite_rules, rewrite_existflags)) + + if (!transport_headers_send(fd, tctx, &write_chunk)) return FALSE; } +/* When doing RFC3030 CHUNKING output, work out how much data would be in a +last-BDAT, consisting of the current write_chunk() output buffer fill +(optimally, all of the headers - but it does not matter if we already had to +flush that buffer with non-last BDAT prependix) plus the amount of body data +(as expanded for CRLF lines). Then create and write BDAT(s), and ensure +that further use of write_chunk() will not prepend BDATs. +The first BDAT written will also first flush any outstanding MAIL and RCPT +commands which were buffered thans to PIPELINING. +Commands go out (using a send()) from a different buffer to data (using a +write()). They might not end up in the same TCP segment, which is +suboptimal. */ + +if (tctx->options & topt_use_bdat) + { + off_t fsize; + int hsize, size = 0; + + if ((hsize = chunk_ptr - deliver_out_buffer) < 0) + hsize = 0; + if (!(tctx->options & topt_no_body)) + { + if ((fsize = lseek(deliver_datafile, 0, SEEK_END)) < 0) return FALSE; + fsize -= SPOOL_DATA_START_OFFSET; + if (size_limit > 0 && fsize > size_limit) + fsize = size_limit; + size = hsize + fsize; + if (tctx->options & topt_use_crlf) + size += body_linecount; /* account for CRLF-expansion */ + } + + /* If the message is large, emit first a non-LAST chunk with just the + headers, and reap the command responses. This lets us error out early + on RCPT rejects rather than sending megabytes of data. Include headers + on the assumption they are cheap enough and some clever implementations + might errorcheck them too, on-the-fly, and reject that chunk. */ + + if (size > DELIVER_OUT_BUFFER_SIZE && hsize > 0) + { + DEBUG(D_transport) + debug_printf("sending small initial BDAT; hssize=%d\n", hsize); + if ( tctx->chunk_cb(fd, tctx, hsize, 0) != OK + || !transport_write_block(fd, deliver_out_buffer, hsize) + || tctx->chunk_cb(fd, tctx, 0, tc_reap_prev) != OK + ) + return FALSE; + chunk_ptr = deliver_out_buffer; + size -= hsize; + } + + /* Emit a LAST datachunk command. */ + + if (tctx->chunk_cb(fd, tctx, size, tc_chunk_last) != OK) + return FALSE; + + tctx->options &= ~topt_use_bdat; + } + /* If the body is required, ensure that the data for check strings (formerly the "from hack") is enabled by negating the length if necessary. (It will be negative in cases where it isn't to apply to the headers). Then ensure the body is positioned at the start of its file (following the message id), then write it, applying the size limit if required. */ -if ((options & topt_no_body) == 0) +if (!(tctx->options & topt_no_body)) { + int size = size_limit; + nl_check_length = abs(nl_check_length); nl_partial_match = 0; - lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET); - while ((len = read(deliver_datafile, deliver_in_buffer, - DELIVER_IN_BUFFER_SIZE)) > 0) + if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0) + return FALSE; + while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0 + && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0) { - if (!write_chunk(fd, deliver_in_buffer, len, use_crlf)) return FALSE; - if (size_limit > 0) - { - written += len; - if (written > size_limit) - { - len = 0; /* Pretend EOF */ - break; - } - } + if (!write_chunk(fd, tctx, deliver_in_buffer, len)) + return FALSE; + size -= len; } /* A read error on the body will have left len == -1 and errno set. */ @@ -960,7 +1029,7 @@ nl_check_length = nl_escape_length = 0; /* If requested, add a terminating "." line (SMTP output). */ -if ((options & topt_end_dot) != 0 && !write_chunk(fd, US".\n", 2, use_crlf)) +if (tctx->options & topt_end_dot && !write_chunk(fd, tctx, US".\n", 2)) return FALSE; /* Write out any remaining data in the buffer before returning. */ @@ -985,49 +1054,34 @@ return (len = chunk_ptr - deliver_out_buffer) <= 0 || signing the file, send the signed message down the original fd (or TLS fd). Arguments: - as for internal_transport_write_message() above, with additional arguments: - uschar *dkim_private_key DKIM: The private key to use (filename or - plain data) - uschar *dkim_domain DKIM: The domain to use - uschar *dkim_selector DKIM: The selector to use. - uschar *dkim_canon DKIM: The canonalization scheme to use, - "simple" or "relaxed" - uschar *dkim_strict DKIM: What to do if signing fails: - 1/true => throw error - 0/false => send anyway - uschar *dkim_sign_headers DKIM: List of headers that should be included - in signature generation + as for internal_transport_write_message() above, with additional arguments + for DKIM. Returns: TRUE on success; FALSE (with errno) for any failure */ BOOL -dkim_transport_write_message(address_item *addr, int fd, int options, - int size_limit, uschar *add_headers, uschar *remove_headers, - uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules, - int rewrite_existflags, uschar *dkim_private_key, uschar *dkim_domain, - uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers - ) +dkim_transport_write_message(int out_fd, transport_ctx * tctx, + struct ob_dkim * dkim) { int dkim_fd; int save_errno = 0; BOOL rc; -uschar dkim_spool_name[256]; -char sbuf[2048]; +uschar * dkim_spool_name; int sread = 0; int wwritten = 0; uschar *dkim_signature = NULL; +int siglen = 0; +off_t k_file_size; +int options; /* If we can't sign, just call the original function. */ -if (!(dkim_private_key && dkim_domain && dkim_selector)) - return transport_write_message(addr, fd, options, - size_limit, add_headers, remove_headers, - check_string, escape_string, rewrite_rules, - rewrite_existflags); +if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)) + return transport_write_message(out_fd, tctx, 0); -(void)string_format(dkim_spool_name, 256, "%s/input/%s/%s-%d-K", - spool_directory, message_subdir, message_id, (int)getpid()); +dkim_spool_name = spool_fname(US"input", message_subdir, message_id, + string_sprintf("-%d-K", (int)getpid())); if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0) { @@ -1037,12 +1091,13 @@ if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0) goto CLEANUP; } -/* Call original function to write the -K file */ +/* Call original function to write the -K file; does the CRLF expansion +(but, in the CHUNKING case, not dot-stuffing and dot-termination). */ -rc = transport_write_message(addr, dkim_fd, options, - size_limit, add_headers, remove_headers, - check_string, escape_string, rewrite_rules, - rewrite_existflags); +options = tctx->options; +tctx->options &= ~topt_use_bdat; +rc = transport_write_message(dkim_fd, tctx, 0); +tctx->options = options; /* Save error state. We must clean up before returning. */ if (!rc) @@ -1051,80 +1106,73 @@ if (!rc) goto CLEANUP; } -if (dkim_private_key && dkim_domain && dkim_selector) +/* Rewind file and feed it to the goats^W DKIM lib */ +dkim->dot_stuffed = !!(options & topt_end_dot); +lseek(dkim_fd, 0, SEEK_SET); +if ((dkim_signature = dkim_exim_sign(dkim_fd, dkim))) + siglen = Ustrlen(dkim_signature); +else if (dkim->dkim_strict) { - /* Rewind file and feed it to the goats^W DKIM lib */ - lseek(dkim_fd, 0, SEEK_SET); - dkim_signature = dkim_exim_sign(dkim_fd, - dkim_private_key, - dkim_domain, - dkim_selector, - dkim_canon, - dkim_sign_headers); - if (!dkim_signature) - { - if (dkim_strict) + uschar *dkim_strict_result = expand_string(dkim->dkim_strict); + if (dkim_strict_result) + if ( (strcmpic(dkim->dkim_strict,US"1") == 0) || + (strcmpic(dkim->dkim_strict,US"true") == 0) ) { - uschar *dkim_strict_result = expand_string(dkim_strict); - if (dkim_strict_result) - if ( (strcmpic(dkim_strict,US"1") == 0) || - (strcmpic(dkim_strict,US"true") == 0) ) - { - /* Set errno to something halfway meaningful */ - save_errno = EACCES; - log_write(0, LOG_MAIN, "DKIM: message could not be signed," - " and dkim_strict is set. Deferring message delivery."); - rc = FALSE; - goto CLEANUP; - } + /* Set errno to something halfway meaningful */ + save_errno = EACCES; + log_write(0, LOG_MAIN, "DKIM: message could not be signed," + " and dkim_strict is set. Deferring message delivery."); + rc = FALSE; + goto CLEANUP; } - } - else - { - int siglen = Ustrlen(dkim_signature); - while(siglen > 0) - { -#ifdef SUPPORT_TLS - wwritten = tls_out.active == fd - ? tls_write(FALSE, dkim_signature, siglen) - : write(fd, dkim_signature, siglen); -#else - wwritten = write(fd, dkim_signature, siglen); + } + +#ifndef HAVE_LINUX_SENDFILE +if (options & topt_use_bdat) #endif - if (wwritten == -1) - { - /* error, bail out */ - save_errno = errno; - rc = FALSE; - goto CLEANUP; - } - siglen -= wwritten; - dkim_signature += wwritten; - } + k_file_size = lseek(dkim_fd, 0, SEEK_END); /* Fetch file size */ + +if (options & topt_use_bdat) + { + + /* On big messages output a precursor chunk to get any pipelined + MAIL & RCPT commands flushed, then reap the responses so we can + error out on RCPT rejects before sending megabytes. */ + + if (siglen + k_file_size > DELIVER_OUT_BUFFER_SIZE && siglen > 0) + { + if ( tctx->chunk_cb(out_fd, tctx, siglen, 0) != OK + || !transport_write_block(out_fd, dkim_signature, siglen) + || tctx->chunk_cb(out_fd, tctx, 0, tc_reap_prev) != OK + ) + goto err; + siglen = 0; } + + if (tctx->chunk_cb(out_fd, tctx, siglen + k_file_size, tc_chunk_last) != OK) + goto err; } +if(siglen > 0 && !transport_write_block(out_fd, dkim_signature, siglen)) + goto err; + #ifdef HAVE_LINUX_SENDFILE /* We can use sendfile() to shove the file contents to the socket. However only if we don't use TLS, as then there's another layer of indirection before the data finally hits the socket. */ -if (tls_out.active != fd) +if (tls_out.active != out_fd) { - off_t size = lseek(dkim_fd, 0, SEEK_END); /* Fetch file size */ ssize_t copied = 0; off_t offset = 0; /* Rewind file */ lseek(dkim_fd, 0, SEEK_SET); - while(copied >= 0 && offset < size) - copied = sendfile(fd, dkim_fd, &offset, size - offset); + while(copied >= 0 && offset < k_file_size) + copied = sendfile(out_fd, dkim_fd, &offset, k_file_size - offset); if (copied < 0) - { - save_errno = errno; - rc = FALSE; - } + goto err; } else @@ -1135,27 +1183,22 @@ else lseek(dkim_fd, 0, SEEK_SET); /* Send file down the original fd */ - while((sread = read(dkim_fd, sbuf, 2048)) > 0) + while((sread = read(dkim_fd, deliver_out_buffer, DELIVER_OUT_BUFFER_SIZE)) >0) { - char *p = sbuf; + uschar * p = deliver_out_buffer; /* write the chunk */ while (sread) { #ifdef SUPPORT_TLS - wwritten = tls_out.active == fd - ? tls_write(FALSE, US p, sread) - : write(fd, p, sread); + wwritten = tls_out.active == out_fd + ? tls_write(FALSE, p, sread) + : write(out_fd, CS p, sread); #else - wwritten = write(fd, p, sread); + wwritten = write(out_fd, CS p, sread); #endif if (wwritten == -1) - { - /* error, bail out */ - save_errno = errno; - rc = FALSE; - goto CLEANUP; - } + goto err; p += wwritten; sread -= wwritten; } @@ -1169,11 +1212,16 @@ else } CLEANUP: -/* unlink -K file */ -(void)close(dkim_fd); -Uunlink(dkim_spool_name); -errno = save_errno; -return rc; + /* unlink -K file */ + (void)close(dkim_fd); + Uunlink(dkim_spool_name); + errno = save_errno; + return rc; + +err: + save_errno = errno; + rc = FALSE; + goto CLEANUP; } #endif @@ -1190,6 +1238,7 @@ set up a filtering process, fork another process to call the internal function to write to the filter, and in this process just suck from the filter and write down the given fd. At the end, tidy up the pipes and the processes. +XXX Arguments: as for internal_transport_write_message() above Returns: TRUE on success; FALSE (with errno) for any failure @@ -1197,16 +1246,15 @@ Returns: TRUE on success; FALSE (with errno) for any failure */ BOOL -transport_write_message(address_item *addr, int fd, int options, - int size_limit, uschar *add_headers, uschar *remove_headers, - uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules, - int rewrite_existflags) +transport_write_message(int fd, transport_ctx * tctx, int size_limit) { -BOOL use_crlf; BOOL last_filter_was_NL = TRUE; int rc, len, yield, fd_read, fd_write, save_errno; -int pfd[2]; +int pfd[2] = {-1, -1}; pid_t filter_pid, write_pid; +static transport_ctx dummy_tctx = {0}; + +if (!tctx) tctx = &dummy_tctx; transport_filter_timed_out = FALSE; @@ -1217,22 +1265,19 @@ if ( !transport_filter_argv || !*transport_filter_argv || !**transport_filter_argv ) - return internal_transport_write_message(addr, fd, options, size_limit, - add_headers, remove_headers, check_string, escape_string, - rewrite_rules, rewrite_existflags); + return internal_transport_write_message(fd, tctx, size_limit); /* Otherwise the message must be written to a filter process and read back before being written to the incoming fd. First set up the special processing to be done during the copying. */ -use_crlf = (options & topt_use_crlf) != 0; nl_partial_match = -1; -if (check_string != NULL && escape_string != NULL) +if (tctx->check_string && tctx->escape_string) { - nl_check = check_string; + nl_check = tctx->check_string; nl_check_length = Ustrlen(nl_check); - nl_escape = escape_string; + nl_escape = tctx->escape_string; nl_escape_length = Ustrlen(nl_escape); } else nl_check_length = nl_escape_length = 0; @@ -1249,14 +1294,17 @@ save_errno = 0; yield = FALSE; write_pid = (pid_t)(-1); -(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -filter_pid = child_open(USS transport_filter_argv, NULL, 077, - &fd_write, &fd_read, FALSE); -(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) & ~FD_CLOEXEC); + { + int bits = fcntl(fd, F_GETFD); + (void)fcntl(fd, F_SETFD, bits | FD_CLOEXEC); + filter_pid = child_open(USS transport_filter_argv, NULL, 077, + &fd_write, &fd_read, FALSE); + (void)fcntl(fd, F_SETFD, bits & ~FD_CLOEXEC); + } if (filter_pid < 0) goto TIDY_UP; /* errno set */ DEBUG(D_transport) - debug_printf("process %d running as transport filter: write=%d read=%d\n", + debug_printf("process %d running as transport filter: fd_write=%d fd_read=%d\n", (int)filter_pid, fd_write, fd_read); /* Fork subprocess to write the message to the filter, and return the result @@ -1270,16 +1318,18 @@ if ((write_pid = fork()) == 0) (void)close(fd_read); (void)close(pfd[pipe_read]); nl_check_length = nl_escape_length = 0; - rc = internal_transport_write_message(addr, fd_write, - (options & ~(topt_use_crlf | topt_end_dot)), - size_limit, add_headers, remove_headers, NULL, NULL, - rewrite_rules, rewrite_existflags); + + tctx->check_string = tctx->escape_string = NULL; + tctx->options &= ~(topt_use_crlf | topt_end_dot | topt_use_bdat); + + rc = internal_transport_write_message(fd_write, tctx, size_limit); + save_errno = errno; if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL)) != sizeof(BOOL) || write(pfd[pipe_write], (void *)&save_errno, sizeof(int)) != sizeof(int) - || write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int)) + || write(pfd[pipe_write], (void *)&tctx->addr->more_errno, sizeof(int)) != sizeof(int) ) rc = FALSE; /* compiler quietening */ @@ -1339,7 +1389,7 @@ for (;;) if (len > 0) { - if (!write_chunk(fd, deliver_in_buffer, len, use_crlf)) goto TIDY_UP; + if (!write_chunk(fd, tctx, deliver_in_buffer, len)) goto TIDY_UP; last_filter_was_NL = (deliver_in_buffer[len-1] == '\n'); } @@ -1376,7 +1426,7 @@ if (filter_pid > 0 && (rc = child_close(filter_pid, 30)) != 0 && yield) { yield = FALSE; save_errno = ERRNO_FILTER_FAIL; - addr->more_errno = rc; + tctx->addr->more_errno = rc; DEBUG(D_transport) debug_printf("filter process returned %d\n", rc); } @@ -1389,15 +1439,20 @@ if (write_pid > 0) { rc = child_close(write_pid, 30); if (yield) - { if (rc == 0) { BOOL ok; - int dummy = read(pfd[pipe_read], (void *)&ok, sizeof(BOOL)); - if (!ok) + if (read(pfd[pipe_read], (void *)&ok, sizeof(BOOL)) != sizeof(BOOL)) + { + DEBUG(D_transport) + debug_printf("pipe read from writing process: %s\n", strerror(errno)); + save_errno = ERRNO_FILTER_FAIL; + yield = FALSE; + } + else if (!ok) { - dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int)); - dummy = read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int)); + int dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int)); + dummy = read(pfd[pipe_read], (void *)&(tctx->addr->more_errno), sizeof(int)); yield = FALSE; } } @@ -1405,10 +1460,9 @@ if (write_pid > 0) { yield = FALSE; save_errno = ERRNO_FILTER_FAIL; - addr->more_errno = rc; + tctx->addr->more_errno = rc; DEBUG(D_transport) debug_printf("writing process returned %d\n", rc); } - } } (void)close(pfd[pipe_read]); @@ -1419,28 +1473,27 @@ filter was not NL, insert a NL to make the SMTP protocol work. */ if (yield) { nl_check_length = nl_escape_length = 0; - if ((options & topt_end_dot) != 0 && (last_filter_was_NL? - !write_chunk(fd, US".\n", 2, use_crlf) : - !write_chunk(fd, US"\n.\n", 3, use_crlf))) - { + if ( tctx->options & topt_end_dot + && ( last_filter_was_NL + ? !write_chunk(fd, tctx, US".\n", 2) + : !write_chunk(fd, tctx, US"\n.\n", 3) + ) ) yield = FALSE; - } /* Write out any remaining data in the buffer. */ else - { - yield = (len = chunk_ptr - deliver_out_buffer) <= 0 || - transport_write_block(fd, deliver_out_buffer, len); - } + yield = (len = chunk_ptr - deliver_out_buffer) <= 0 + || transport_write_block(fd, deliver_out_buffer, len); } -else errno = save_errno; /* From some earlier error */ +else + errno = save_errno; /* From some earlier error */ DEBUG(D_transport) { debug_printf("end of filtering transport writing: yield=%d\n", yield); if (!yield) - debug_printf("errno=%d more_errno=%d\n", errno, addr->more_errno); + debug_printf("errno=%d more_errno=%d\n", errno, tctx->addr->more_errno); } return yield; @@ -1653,15 +1706,8 @@ open_db dbblock; open_db *dbm_file; uschar buffer[256]; -msgq_t *msgq = NULL; -int msgq_count = 0; -int msgq_actual = 0; int i; -BOOL bFound = FALSE; -uschar spool_dir [PATH_MAX]; -uschar spool_file [PATH_MAX]; struct stat statbuf; -BOOL bContinuation = FALSE; *more = FALSE; @@ -1691,8 +1737,7 @@ if (dbm_file == NULL) return FALSE; /* See if there is a record for this host; if not, there's nothing to do. */ -host_record = dbfn_read(dbm_file, hostname); -if (host_record == NULL) +if (!(host_record = dbfn_read(dbm_file, hostname))) { dbfn_close(dbm_file); DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname); @@ -1719,15 +1764,19 @@ emptied, delete it and continue with any continuation records that may exist. but the 1 off will remain without it. This code now allows me to SKIP over a message I do not want to send out on this run. */ -sprintf(CS spool_dir, "%s/input/", spool_directory); - host_length = host_record->count * MESSAGE_ID_LENGTH; while (1) { + msgq_t *msgq; + int msgq_count = 0; + int msgq_actual = 0; + BOOL bFound = FALSE; + BOOL bContinuation = FALSE; + /* create an array to read entire message queue into memory for processing */ - msgq = (msgq_t*) malloc(sizeof(msgq_t) * host_record->count); + msgq = store_malloc(sizeof(msgq_t) * host_record->count); msgq_count = host_record->count; msgq_actual = msgq_count; @@ -1751,17 +1800,15 @@ while (1) /* now find the next acceptable message_id */ - bFound = FALSE; - for (i = msgq_count - 1; i >= 0; --i) if (msgq[i].bKeep) { - if (split_spool_directory) - sprintf(CS spool_file, "%s%c/%s-D", - spool_dir, msgq[i].message_id[5], msgq[i].message_id); - else - sprintf(CS spool_file, "%s%s-D", spool_dir, msgq[i].message_id); + uschar subdir[2]; + + subdir[0] = split_spool_directory ? msgq[i].message_id[5] : 0; + subdir[1] = 0; - if (Ustat(spool_file, &statbuf) != 0) + if (Ustat(spool_fname(US"input", subdir, msgq[i].message_id, US"-D"), + &statbuf) != 0) msgq[i].bKeep = FALSE; else if (!oicf_func || oicf_func(msgq[i].message_id, oicf_data)) { @@ -1778,8 +1825,7 @@ while (1) msgq_actual++; /* reassemble the host record, based on removed message ids, from in - * memory queue. - */ + memory queue */ if (msgq_actual <= 0) { @@ -1806,8 +1852,6 @@ while (1) /* Jeremy: check for a continuation record, this code I do not know how to test but the code should work */ - bContinuation = FALSE; - while (host_length <= 0) { int i; @@ -1838,8 +1882,11 @@ test but the code should work */ bContinuation = TRUE; } - if (bFound) + if (bFound) /* Usual exit from main loop */ + { + store_free (msgq); break; + } /* If host_length <= 0 we have emptied a record and not found a good message, and there are no continuation records. Otherwise there is a continuation @@ -1858,20 +1905,13 @@ test but the code should work */ if (!bContinuation) { - Ustrcpy (new_message_id, message_id); + Ustrcpy(new_message_id, message_id); dbfn_close(dbm_file); return FALSE; } - } /* we need to process a continuation record */ -/* clean up in memory queue */ -if (msgq) - { - free (msgq); - msgq = NULL; - msgq_count = 0; - msgq_actual = 0; - } + store_free(msgq); + } /* we need to process a continuation record */ /* Control gets here when an existing message has been encountered; its id is in new_message_id, and host_length is the revised length of the @@ -1880,19 +1920,8 @@ record if required, close the database, and return TRUE. */ if (host_length > 0) { - uschar msg [MESSAGE_ID_LENGTH + 1]; - int i; - host_record->count = host_length/MESSAGE_ID_LENGTH; - /* rebuild the host_record->text */ - - for (i = 0; i < host_record->count; ++i) - { - Ustrncpy(msg, host_record->text + (i*MESSAGE_ID_LENGTH), MESSAGE_ID_LENGTH); - msg[MESSAGE_ID_LENGTH] = 0; - } - dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length); *more = TRUE; } @@ -1930,7 +1959,7 @@ DEBUG(D_transport) debug_printf("transport_pass_socket entered\n"); if ((pid = fork()) == 0) { - int i = 16; + int i = 17; const uschar **argv; /* Disconnect entirely from the parent process. If we are running in the @@ -1946,17 +1975,15 @@ if ((pid = fork()) == 0) argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0); - /* Call with the dsn flag */ - if (smtp_use_dsn) argv[i++] = US"-MCD"; - if (smtp_authenticated) argv[i++] = US"-MCA"; - #ifdef SUPPORT_TLS - if (tls_offered) argv[i++] = US"-MCT"; - #endif - - if (smtp_use_size) argv[i++] = US"-MCS"; - if (smtp_use_pipelining) argv[i++] = US"-MCP"; + if (smtp_peer_options & PEER_OFFERED_CHUNKING) argv[i++] = US"-MCK"; + if (smtp_peer_options & PEER_OFFERED_DSN) argv[i++] = US"-MCD"; + if (smtp_peer_options & PEER_OFFERED_PIPE) argv[i++] = US"-MCP"; + if (smtp_peer_options & PEER_OFFERED_SIZE) argv[i++] = US"-MCS"; +#ifdef SUPPORT_TLS + if (smtp_peer_options & PEER_OFFERED_TLS) argv[i++] = US"-MCT"; +#endif if (queue_run_pid != (pid_t)0) { diff --git a/src/src/transports/Makefile b/src/src/transports/Makefile index 25973d5df..4eea141ec 100644 --- a/src/src/transports/Makefile +++ b/src/src/transports/Makefile @@ -2,7 +2,7 @@ # calling it transports.a. This is called from the main make file, after cd'ing # to the transports subdirectory. -OBJ = appendfile.o autoreply.o lmtp.o pipe.o smtp.o smtp_socks.o tf_maildir.o +OBJ = appendfile.o autoreply.o lmtp.o pipe.o queuefile.o smtp.o smtp_socks.o tf_maildir.o transports.a: $(OBJ) @$(RM_COMMAND) -f transports.a @@ -18,6 +18,7 @@ appendfile.o: $(HDRS) appendfile.c appendfile.h tf_maildir.h autoreply.o: $(HDRS) autoreply.c autoreply.h lmtp.o: $(HDRS) lmtp.c lmtp.h pipe.o: $(HDRS) pipe.c pipe.h +queuefile.o: $(HDRS) queuefile.c queuefile.h smtp.o: $(HDRS) smtp.c smtp.h smtp_socks.o: $(HDRS) smtp_socks.c smtp.h diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index c8abe9bc5..884452208 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -619,19 +619,18 @@ if (host_find_byname(&host, NULL, 0, NULL, FALSE) == HOST_FIND_FAILED) host.address = US"127.0.0.1"; -for (h = &host; h != NULL; h = h->next) +for (h = &host; h; h = h->next) { int sock, rc; - int host_af = (Ustrchr(h->address, ':') != NULL)? AF_INET6 : AF_INET; + int host_af = Ustrchr(h->address, ':') != NULL ? AF_INET6 : AF_INET; DEBUG(D_transport) debug_printf("calling comsat on %s\n", h->address); - sock = ip_socket(SOCK_DGRAM, host_af); - if (sock < 0) continue; + if ((sock = ip_socket(SOCK_DGRAM, host_af)) < 0) continue; /* Connect never fails for a UDP socket, so don't set a timeout. */ - (void)ip_connect(sock, host_af, h->address, ntohs(sp->s_port), 0); + (void)ip_connect(sock, host_af, h->address, ntohs(sp->s_port), 0, FALSE); rc = send(sock, buffer, Ustrlen(buffer) + 1, 0); (void)close(sock); @@ -679,15 +678,16 @@ if (len == 0) return tblock; /* Search the formats for a match */ -while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size))!= NULL) +while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size))) { int slen = Ustrlen(s); BOOL match = len >= slen && Ustrncmp(data, s, slen) == 0; uschar *tp = string_nextinlist(&format, &sep, big_buffer, big_buffer_size); - if (match) + + if (match && tp) { transport_instance *tt; - for (tt = transports; tt != NULL; tt = tt->next) + for (tt = transports; tt; tt = tt->next) if (Ustrcmp(tp, tt->name) == 0) { DEBUG(D_transport) @@ -2873,9 +2873,14 @@ at initialization time. */ if (yield == OK) { - if (!transport_write_message(addr, fd, ob->options, 0, tblock->add_headers, - tblock->remove_headers, ob->check_string, ob->escape_string, - tblock->rewrite_rules, tblock->rewrite_existflags)) + transport_ctx tctx = { + tblock, + addr, + ob->check_string, + ob->escape_string, + ob->options + }; + if (!transport_write_message(fd, &tctx, 0)) yield = DEFER; } diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index d2aad542a..f07cd83cf 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -267,7 +267,6 @@ autoreply_transport_entry( { int fd, pid, rc; int cache_fd = -1; -int log_fd = -1; int cache_size = 0; int add_size = 0; EXIM_DB *dbm_file = NULL; @@ -522,9 +521,10 @@ if (oncelog != NULL && *oncelog != 0 && to != NULL) if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec)) { + int log_fd; DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to, (once_repeat_sec > 0)? " and repeat time not reached" : ""); - log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode); + log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1; if (log_fd >= 0) { uschar *ptr = log_buffer; @@ -691,6 +691,16 @@ if (return_message) US"------ This is a copy of the body of the message, without the headers.\n" : US"------ This is a copy of the message, including all the headers.\n"; + transport_ctx tctx = { + tblock, + addr, + NULL, NULL, + (tblock->body_only ? topt_no_headers : 0) | + (tblock->headers_only ? topt_no_body : 0) | + (tblock->return_path_add ? topt_add_return_path : 0) | + (tblock->delivery_date_add ? topt_add_delivery_date : 0) | + (tblock->envelope_to_add ? topt_add_envelope_to : 0) + }; if (bounce_return_size_limit > 0 && !tblock->headers_only) { @@ -710,14 +720,7 @@ if (return_message) fflush(f); transport_count = 0; - transport_write_message(addr, fileno(f), - (tblock->body_only? topt_no_headers : 0) | - (tblock->headers_only? topt_no_body : 0) | - (tblock->return_path_add? topt_add_return_path : 0) | - (tblock->delivery_date_add? topt_add_delivery_date : 0) | - (tblock->envelope_to_add? topt_add_envelope_to : 0), - bounce_return_size_limit, tblock->add_headers, tblock->remove_headers, - NULL, NULL, tblock->rewrite_rules, tblock->rewrite_existflags); + transport_write_message(fileno(f), &tctx, bounce_return_size_limit); } /* End the message and wait for the child process to end; no timeout. */ diff --git a/src/src/transports/lmtp.c b/src/src/transports/lmtp.c index 1f4d7a6bf..0cc981064 100644 --- a/src/src/transports/lmtp.c +++ b/src/src/transports/lmtp.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -217,6 +217,7 @@ va_list ap; va_start(ap, format); if (!string_vformat(big_buffer, big_buffer_size, CS format, ap)) { + va_end(ap); errno = ERRNO_SMTPFORMAT; return FALSE; } @@ -608,6 +609,12 @@ for (addr = addrlist; addr != NULL; addr = addr->next) if (send_data) { BOOL ok; + transport_ctx tctx = { + tblock, + addrlist, + US".", US"..", + ob->options + }; if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED; if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout)) @@ -627,9 +634,7 @@ if (send_data) debug_printf(" LMTP>> writing message and terminating \".\"\n"); transport_count = 0; - ok = transport_write_message(addrlist, fd_in, ob->options, 0, - tblock->add_headers, tblock->remove_headers, US".", US"..", - tblock->rewrite_rules, tblock->rewrite_existflags); + ok = transport_write_message(fd_in, &tctx, 0); /* Failure can either be some kind of I/O disaster (including timeout), or the failure of a transport filter or the expansion of added headers. */ diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index eaf04d150..d3841e050 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -489,11 +489,12 @@ if (expand_arguments) for (ad = addr; ad != NULL; ad = ad->next) { - if (ad != addr) string_cat(s, &size, &offset, US" ", 1); - string_cat(s, &size, &offset, ad->address, Ustrlen(ad->address)); + /*XXX string_append_listele() ? */ + if (ad != addr) s = string_catn(s, &size, &offset, US" ", 1); + s = string_cat(s, &size, &offset, ad->address); } - string_cat(s, &size, &offset, q, Ustrlen(q)); + s = string_cat(s, &size, &offset, q); s[offset] = 0; } @@ -553,7 +554,14 @@ const uschar **argv; uschar *envp[50]; const uschar *envlist = ob->environment; uschar *cmd, *ss; -uschar *eol = (ob->use_crlf)? US"\r\n" : US"\n"; +uschar *eol = ob->use_crlf ? US"\r\n" : US"\n"; +transport_ctx tctx = { + tblock, + addr, + ob->check_string, + ob->escape_string, + ob->options /* set at initialization time */ +}; DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name); @@ -841,23 +849,19 @@ if (ob->use_bsmtp) if (!transport_write_string(fd_in, "MAIL FROM:<%s>%s", return_path, eol)) goto END_WRITE; - for (a = addr; a != NULL; a = a->next) - { + for (a = addr; a; a = a->next) if (!transport_write_string(fd_in, "RCPT TO:<%s>%s", transport_rcpt_address(a, tblock->rcpt_include_affixes), eol)) goto END_WRITE; - } if (!transport_write_string(fd_in, "DATA%s", eol)) goto END_WRITE; } -/* Now the actual message - the options were set at initialization time */ +/* Now the actual message */ -if (!transport_write_message(addr, fd_in, ob->options, 0, tblock->add_headers, - tblock->remove_headers, ob->check_string, ob->escape_string, - tblock->rewrite_rules, tblock->rewrite_existflags)) +if (!transport_write_message(fd_in, &tctx, 0)) goto END_WRITE; /* Now any configured suffix */ @@ -1100,36 +1104,33 @@ if ((rc = child_close(pid, timeout)) != 0) if (*ss != 0) { - addr->message = string_cat(addr->message, &size, &ptr, US" ", 1); - addr->message = string_cat(addr->message, &size, &ptr, - ss, Ustrlen(ss)); + addr->message = string_catn(addr->message, &size, &ptr, US" ", 1); + addr->message = string_cat (addr->message, &size, &ptr, ss); } /* Now add the command and arguments */ - addr->message = string_cat(addr->message, &size, &ptr, + addr->message = string_catn(addr->message, &size, &ptr, US" from command:", 14); for (i = 0; i < sizeof(argv)/sizeof(int *) && argv[i] != NULL; i++) { BOOL quote = FALSE; - addr->message = string_cat(addr->message, &size, &ptr, US" ", 1); + addr->message = string_catn(addr->message, &size, &ptr, US" ", 1); if (Ustrpbrk(argv[i], " \t") != NULL) { quote = TRUE; - addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1); + addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1); } - addr->message = string_cat(addr->message, &size, &ptr, argv[i], - Ustrlen(argv[i])); + addr->message = string_cat(addr->message, &size, &ptr, argv[i]); if (quote) - addr->message = string_cat(addr->message, &size, &ptr, US"\"", 1); + addr->message = string_catn(addr->message, &size, &ptr, US"\"", 1); } /* Add previous filter timeout message, if present. */ - if (*tmsg != 0) - addr->message = string_cat(addr->message, &size, &ptr, tmsg, - Ustrlen(tmsg)); + if (*tmsg) + addr->message = string_cat(addr->message, &size, &ptr, tmsg); addr->message[ptr] = 0; /* Ensure concatenated string terminated */ } diff --git a/src/src/transports/queuefile.c b/src/src/transports/queuefile.c new file mode 100644 index 000000000..7f10706c1 --- /dev/null +++ b/src/src/transports/queuefile.c @@ -0,0 +1,256 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) Andrew Colin Kissa <andrew@topdog.za.net> 2016 */ +/* Copyright (c) University of Cambridge 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + + +#include "../exim.h" +#include "queuefile.h" + +/* Options specific to the appendfile transport. They must be in alphabetic +order (note that "_" comes before the lower case letters). Some of them are +stored in the publicly visible instance block - these are flagged with the +opt_public flag. */ + +optionlist queuefile_transport_options[] = { + { "directory", opt_stringptr, + (void *)offsetof(queuefile_transport_options_block, dirname) }, +}; + +/* Size of the options list. An extern variable has to be used so that its +address can appear in the tables drtables.c. */ + +int queuefile_transport_options_count = + sizeof(queuefile_transport_options) / sizeof(optionlist); + +/* Default private options block for the appendfile transport. */ + +queuefile_transport_options_block queuefile_transport_option_defaults = { + NULL, /* dirname */ +}; + +/************************************************* +* Initialization entry point * +*************************************************/ + +void queuefile_transport_init(transport_instance *tblock) +{ +queuefile_transport_options_block *ob = + (queuefile_transport_options_block *) tblock->options_block; + +if (!ob->dirname) + log_write(0, LOG_PANIC_DIE | LOG_CONFIG, + "directory must be set for the %s transport", tblock->name); +} + +/* This function will copy from a file to another + +Arguments: + dst fd to write to (the destination queue file) + src fd to read from (the spool queue file) + +Returns: TRUE if all went well, FALSE otherwise with errno set +*/ + +static BOOL +copy_spool_file(int dst, int src) +{ +int i, j; +uschar buffer[16384]; +uschar * s; + +if (lseek(src, 0, SEEK_SET) != 0) + return FALSE; + +do + if ((j = read(src, buffer, sizeof(buffer))) > 0) + for (s = buffer; (i = write(dst, s, j)) != j; s += i, j -= i) + if (i < 0) + return FALSE; + else if (j < 0) + return FALSE; +while (j > 0); +return TRUE; +} + +/* This function performs the actual copying of the header +and data files to the destination directory + +Arguments: + tb the transport block + addr address_item being processed + sdfd int Source directory fd + ddfd int Destination directory fd + link_file BOOL use linkat instead of data copy + srcfd fd for data file, or -1 for header file + +Returns: TRUE if all went well, FALSE otherwise +*/ + +static BOOL +copy_spool_files(transport_instance * tb, address_item * addr, + int sdfd, int ddfd, BOOL link_file, int srcfd) +{ +BOOL is_hdr_file = srcfd < 0; +const uschar * suffix = srcfd < 0 ? US"H" : US"D"; +int dstfd; +const uschar * filename = string_sprintf("%s-%s", message_id, suffix); +const uschar * srcpath = spool_fname(US"input", message_subdir, message_id, suffix); +const uschar * dstpath = string_sprintf("%s/%s-%s", + ((queuefile_transport_options_block *) tb->options_block)->dirname, + message_id, suffix); +const uschar * s; +const uschar * op; + +if (link_file) + { + DEBUG(D_transport) debug_printf("%s transport, linking %s => %s\n", + tb->name, srcpath, dstpath); + + if (linkat(sdfd, CCS filename, ddfd, CCS filename, 0) >= 0) + return TRUE; + + op = US"linking"; + s = dstpath; + } +else /* use data copy */ + { + DEBUG(D_transport) debug_printf("%s transport, copying %s => %s\n", + tb->name, srcpath, dstpath); + + if ( (s = dstpath, + (dstfd = openat(ddfd, CCS filename, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE)) + < 0 + ) + || is_hdr_file + && (s = srcpath, (srcfd = openat(sdfd, CCS filename, O_RDONLY)) < 0) + ) + op = US"opening"; + + else + if (s = dstpath, fchmod(dstfd, SPOOL_MODE) != 0) + op = US"setting perms on"; + else + if (!copy_spool_file(dstfd, srcfd)) + op = US"creating"; + else + return TRUE; + } + +addr->basic_errno = errno; +addr->message = string_sprintf("%s transport %s file: %s failed with error: %s", + tb->name, op, s, strerror(errno)); +addr->transport_return = DEFER; +return FALSE; +} + +/************************************************* +* Main entry point * +*************************************************/ + +/* This transport always returns FALSE, indicating that the status in +the first address is the status for all addresses in a batch. */ + +BOOL +queuefile_transport_entry(transport_instance * tblock, address_item * addr) +{ +queuefile_transport_options_block * ob = + (queuefile_transport_options_block *) tblock->options_block; +BOOL can_link; +uschar * sourcedir = spool_dname(US"input", message_subdir); +uschar * s; +struct stat dstatbuf, sstatbuf; +int ddfd = -1, sdfd = -1; + +DEBUG(D_transport) + debug_printf("%s transport entered\n", tblock->name); + +#ifndef O_DIRECTORY +# define O_DIRECTORY 0 +#endif +#ifndef O_NOFOLLOW +# define O_NOFOLLOW 0 +#endif + +if (ob->dirname[0] != '/') + { + addr->transport_return = PANIC; + addr->message = string_sprintf("%s transport directory: " + "%s is not absolute", tblock->name, ob->dirname); + return FALSE; + } + +/* Open the source and destination directories and check if they are +on the same filesystem, so we can hard-link files rather than copying. */ + +if ( (s = ob->dirname, + (ddfd = Uopen(s, O_RDONLY | O_DIRECTORY | O_NOFOLLOW, 0)) < 0) + || (s = sourcedir, + (sdfd = Uopen(sourcedir, O_RDONLY | O_DIRECTORY | O_NOFOLLOW, 0)) < 0) + ) + { + addr->transport_return = PANIC; + addr->basic_errno = errno; + addr->message = string_sprintf("%s transport accessing directory: %s " + "failed with error: %s", tblock->name, s, strerror(errno)); + if (ddfd >= 0) (void) close(ddfd); + return FALSE; + } + +if ( (s = ob->dirname, fstat(ddfd, &dstatbuf) < 0) + || (s = sourcedir, fstat(sdfd, &sstatbuf) < 0) + ) + { + addr->transport_return = PANIC; + addr->basic_errno = errno; + addr->message = string_sprintf("%s transport fstat on directory fd: " + "%s failed with error: %s", tblock->name, s, strerror(errno)); + goto RETURN; + } +can_link = (dstatbuf.st_dev == sstatbuf.st_dev); + +if (dont_deliver) + { + DEBUG(D_transport) + debug_printf("*** delivery by %s transport bypassed by -N option\n", + tblock->name); + addr->transport_return = OK; + goto RETURN; + } + +/* Link or copy the header and data spool files */ + +DEBUG(D_transport) + debug_printf("%s transport, copying header file\n", tblock->name); + +if (!copy_spool_files(tblock, addr, sdfd, ddfd, can_link, -1)) + goto RETURN; + +DEBUG(D_transport) + debug_printf("%s transport, copying data file\n", tblock->name); + +if (!copy_spool_files(tblock, addr, sdfd, ddfd, can_link, deliver_datafile)) + { + DEBUG(D_transport) + debug_printf("%s transport, copying data file failed, " + "unlinking the header file\n", tblock->name); + Uunlink(string_sprintf("%s/%s-H", ob->dirname, message_id)); + goto RETURN; + } + +DEBUG(D_transport) + debug_printf("%s transport succeeded\n", tblock->name); + +addr->transport_return = OK; + +RETURN: +if (ddfd >= 0) (void) close(ddfd); +if (sdfd >= 0) (void) close(sdfd); + +/* A return of FALSE means that if there was an error, a common error was +put in the first address of a batch. */ +return FALSE; +} diff --git a/src/src/transports/queuefile.h b/src/src/transports/queuefile.h new file mode 100644 index 000000000..0e45b51b0 --- /dev/null +++ b/src/src/transports/queuefile.h @@ -0,0 +1,29 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) Andrew Colin Kissa <andrew@topdog.za.net> 2016 */ +/* Copyright (c) University of Cambridge 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* Private structure for the private options. */ + +typedef struct { + uschar *dirname; +} queuefile_transport_options_block; + +/* Data for reading the private options. */ + +extern optionlist queuefile_transport_options[]; +extern int queuefile_transport_options_count; + +/* Block containing default values. */ + +extern queuefile_transport_options_block queuefile_transport_option_defaults; + +/* The main and init entry points for the transport */ + +extern BOOL queuefile_transport_entry(transport_instance *, address_item *); +extern void queuefile_transport_init(transport_instance *); + +/* End of transports/queuefile.h */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 78673d4c8..d6ef34eff 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" @@ -12,6 +12,8 @@ #define PENDING_DEFER (PENDING + DEFER) #define PENDING_OK (PENDING + OK) +#define DELIVER_BUFFER_SIZE 4096 + /* Options specific to the smtp transport. This transport also supports LMTP over TCP/IP. The options must be in alphabetic order (note that "_" comes @@ -44,17 +46,17 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) }, #ifndef DISABLE_DKIM { "dkim_canon", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_canon) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) }, { "dkim_domain", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_domain) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) }, { "dkim_private_key", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_private_key) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) }, { "dkim_selector", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_selector) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) }, { "dkim_sign_headers", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) }, { "dkim_strict", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dkim_strict) }, + (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) }, #endif { "dns_qualify_single", opt_bool, (void *)offsetof(smtp_transport_options_block, dns_qualify_single) }, @@ -72,17 +74,6 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, final_timeout) }, { "gethostbyname", opt_bool, (void *)offsetof(smtp_transport_options_block, gethostbyname) }, -#ifdef SUPPORT_TLS - /* These are no longer honoured, as of Exim 4.80; for now, we silently - ignore; 4.83 will warn, and a later-still release will remove - these options, so that using them becomes an error. */ - { "gnutls_require_kx", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) }, - { "gnutls_require_mac", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) }, - { "gnutls_require_protocols", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) }, -#endif { "helo_data", opt_stringptr, (void *)offsetof(smtp_transport_options_block, helo_data) }, { "hosts", opt_stringptr, @@ -127,10 +118,14 @@ optionlist smtp_transport_options[] = { #endif { "hosts_try_auth", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_try_auth) }, + { "hosts_try_chunking", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) }, #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) { "hosts_try_dane", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_try_dane) }, #endif + { "hosts_try_fastopen", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) }, #ifndef DISABLE_PRDR { "hosts_try_prdr", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) }, @@ -211,12 +206,14 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* serialize_hosts */ NULL, /* hosts_try_auth */ NULL, /* hosts_require_auth */ + US"*", /* hosts_try_chunking */ #ifdef EXPERIMENTAL_DANE NULL, /* hosts_try_dane */ NULL, /* hosts_require_dane */ #endif + NULL, /* hosts_try_fastopen */ #ifndef DISABLE_PRDR - US"*", /* hosts_try_prdr */ + US"*", /* hosts_try_prdr */ #endif #ifndef DISABLE_OCSP US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */ @@ -257,9 +254,6 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* tls_crl */ NULL, /* tls_privatekey */ NULL, /* tls_require_ciphers */ - NULL, /* gnutls_require_kx */ - NULL, /* gnutls_require_mac */ - NULL, /* gnutls_require_proto */ NULL, /* tls_sni */ US"system", /* tls_verify_certificates */ EXIM_CLIENT_DH_DEFAULT_MIN_BITS, @@ -270,12 +264,13 @@ smtp_transport_options_block smtp_transport_option_defaults = { US"*" /* tls_verify_cert_hostnames */ #endif #ifndef DISABLE_DKIM - ,NULL, /* dkim_canon */ - NULL, /* dkim_domain */ - NULL, /* dkim_private_key */ - NULL, /* dkim_selector */ - NULL, /* dkim_sign_headers */ - NULL /* dkim_strict */ + , {NULL, /* dkim_canon */ + NULL, /* dkim_domain */ + NULL, /* dkim_private_key */ + NULL, /* dkim_selector */ + NULL, /* dkim_sign_headers */ + NULL, /* dkim_strict */ + FALSE} /* dot_stuffed */ #endif }; @@ -293,6 +288,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" }; static uschar *smtp_command; /* Points to last cmd for error messages */ static uschar *mail_command; /* Points to MAIL cmd for error messages */ static BOOL update_waiting; /* TRUE to update the "wait" database */ +static BOOL pipelining_active; /* current transaction is in pipe mode */ /************************************************* @@ -411,15 +407,6 @@ if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE; for them, but do not do any lookups at this time. */ host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE); - -#ifdef SUPPORT_TLS -if ( ob->gnutls_require_kx - || ob->gnutls_require_mac - || ob->gnutls_require_proto) - log_write(0, LOG_MAIN, "WARNING: smtp transport options" - " gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols" - " are obsolete\n"); -#endif } @@ -530,13 +517,7 @@ static BOOL check_response(host_item *host, int *errno_value, int more_errno, uschar *buffer, int *yield, uschar **message, BOOL *pass_message) { -uschar *pl = US""; - -if (smtp_use_pipelining && - (Ustrcmp(smtp_command, "MAIL") == 0 || - Ustrcmp(smtp_command, "RCPT") == 0 || - Ustrcmp(smtp_command, "DATA") == 0)) - pl = US"pipelined "; +uschar * pl = pipelining_active ? US"pipelined " : US""; *yield = '4'; /* Default setting is to give a temporary error */ @@ -653,11 +634,11 @@ Returns: nothing static void write_logs(address_item *addr, host_item *host) { -uschar * message = string_sprintf("H=%s [%s]", host->name, host->address); +uschar * message = LOGGING(outgoing_port) + ? string_sprintf("H=%s [%s]:%d", host->name, host->address, + host->port == PORT_NONE ? 25 : host->port) + : string_sprintf("H=%s [%s]", host->name, host->address); -if (LOGGING(outgoing_port)) - message = string_sprintf("%s:%d", message, - host->port == PORT_NONE ? 25 : host->port); if (addr->message) { message = string_sprintf("%s: %s", message, addr->message); @@ -668,17 +649,17 @@ if (addr->message) } else { - log_write(0, LOG_MAIN, "%s %s", message, strerror(addr->basic_errno)); - deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message, - strerror(addr->basic_errno)); + const uschar * s = exim_errstr(addr->basic_errno); + log_write(0, LOG_MAIN, "%s %s", message, s); + deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message, s); } } static void msglog_line(host_item * host, uschar * message) { - deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log), - host->name, host->address, message); +deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log), + host->name, host->address, message); } @@ -806,6 +787,7 @@ if (pending_MAIL) count--; if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout)) { + DEBUG(D_transport) debug_printf("bad response for MAIL\n"); Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */ if (errno == 0 && buffer[0] != 0) { @@ -1215,9 +1197,15 @@ return FALSE; #ifdef EXPERIMENTAL_DANE +/* Lookup TLSA record for host/port. +Return: OK success with dnssec; DANE mode + DEFER Do not use this host now, may retry later + FAIL_FORCED No TLSA record; DANE not usable + FAIL Do not use this connection +*/ + int -tlsa_lookup(const host_item * host, dns_answer * dnsa, - BOOL dane_required, BOOL * dane) +tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required) { /* move this out to host.c given the similarity to dns_lookup() ? */ uschar buffer[300]; @@ -1228,25 +1216,25 @@ const uschar * fullname = buffer; switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname)) { - case DNS_AGAIN: - return DEFER; /* just defer this TLS'd conn */ - - default: - case DNS_FAIL: - if (dane_required) - return FAIL; - break; - case DNS_SUCCEED: if (!dns_is_secure(dnsa)) { log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC"); return DEFER; } - *dane = TRUE; - break; + return OK; + + case DNS_AGAIN: + return DEFER; /* just defer this TLS'd conn */ + + case DNS_NODATA: /* no TLSA RR for this lookup */ + case DNS_NOMATCH: /* no records at all for this lookup */ + return dane_required ? FAIL : FAIL_FORCED; + + default: + case DNS_FAIL: + return dane_required ? FAIL : DEFER; } -return OK; } #endif @@ -1311,7 +1299,6 @@ we will veto this new message. */ static BOOL smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare) { - uschar * message_local_identity, * current_local_identity, * new_sender_address; @@ -1334,45 +1321,146 @@ uschar ehlo_response(uschar * buf, size_t bsize, uschar checks) { #ifdef SUPPORT_TLS -if (checks & PEER_OFFERED_TLS) - if (pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_TLS; +if ( checks & PEER_OFFERED_TLS + && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_TLS; #endif - if ( checks & PEER_OFFERED_IGNQ - && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0, - PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_IGNQ; +if ( checks & PEER_OFFERED_IGNQ + && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0, + PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_IGNQ; + +if ( checks & PEER_OFFERED_CHUNKING + && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_CHUNKING; #ifndef DISABLE_PRDR - if ( checks & PEER_OFFERED_PRDR - && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_PRDR; +if ( checks & PEER_OFFERED_PRDR + && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_PRDR; #endif #ifdef SUPPORT_I18N - if ( checks & PEER_OFFERED_UTF8 - && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_UTF8; +if ( checks & PEER_OFFERED_UTF8 + && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_UTF8; #endif - if ( checks & PEER_OFFERED_DSN - && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_DSN; +if ( checks & PEER_OFFERED_DSN + && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_DSN; - if ( checks & PEER_OFFERED_PIPE - && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0, - PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_PIPE; +if ( checks & PEER_OFFERED_PIPE + && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0, + PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_PIPE; - if ( checks & PEER_OFFERED_SIZE - && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) - checks &= ~PEER_OFFERED_SIZE; +if ( checks & PEER_OFFERED_SIZE + && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_SIZE; return checks; } + +/* Callback for emitting a BDAT data chunk header. + +If given a nonzero size, first flush any buffered SMTP commands +then emit the command. + +Reap previous SMTP command responses if requested. +Reap one SMTP command response if requested. + +Returns: OK or ERROR +*/ + +static int +smtp_chunk_cmd_callback(int fd, transport_ctx * tctx, + unsigned chunk_size, unsigned flags) +{ +smtp_transport_options_block * ob = + (smtp_transport_options_block *)(tctx->tblock->options_block); +int cmd_count = 0; +int prev_cmd_count; +uschar * buffer = tctx->buffer; + + +/* Write SMTP chunk header command */ + +if (chunk_size > 0) + if((cmd_count = smtp_write_command(tctx->outblock, FALSE, "BDAT %u%s\r\n", + chunk_size, + flags & tc_chunk_last ? " LAST" : "") + ) < 0) return ERROR; + +prev_cmd_count = cmd_count += tctx->cmd_count; + +/* Reap responses for any previous, but not one we just emitted */ + +if (chunk_size > 0) + prev_cmd_count--; +if (tctx->pending_BDAT) + prev_cmd_count--; + +if (flags & tc_reap_prev && prev_cmd_count > 0) + { + DEBUG(D_transport) debug_printf("look for %d responses" + " for previous pipelined cmds\n", prev_cmd_count); + + switch(sync_responses(tctx->first_addr, tctx->tblock->rcpt_include_affixes, + tctx->sync_addr, tctx->host, prev_cmd_count, + ob->address_retry_include_sender, + tctx->pending_MAIL, 0, + tctx->inblock, + ob->command_timeout, + buffer, DELIVER_BUFFER_SIZE)) + { + case 1: /* 2xx (only) => OK */ + case 3: tctx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: *tctx->completed_address = TRUE; /* 5xx (only) => progress made */ + case 0: break; /* No 2xx or 5xx, but no probs */ + + case -1: /* Timeout on RCPT */ + default: return ERROR; /* I/O error, or any MAIL/DATA error */ + } + cmd_count = 1; + if (!tctx->pending_BDAT) + pipelining_active = FALSE; + } + +/* Reap response for an outstanding BDAT */ + +if (tctx->pending_BDAT) + { + DEBUG(D_transport) debug_printf("look for one response for BDAT\n"); + + if (!smtp_read_response(tctx->inblock, buffer, DELIVER_BUFFER_SIZE, '2', + ob->command_timeout)) + { + if (errno == 0 && buffer[0] == '4') + { + errno = ERRNO_DATA4XX; /*XXX does this actually get used? */ + tctx->first_addr->more_errno |= + ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + } + return ERROR; + } + cmd_count--; + tctx->pending_BDAT = FALSE; + pipelining_active = FALSE; + } +else if (chunk_size > 0) + tctx->pending_BDAT = TRUE; + + +tctx->cmd_count = cmd_count; +return OK; +} + + + /************************************************* * Deliver address list to given host * *************************************************/ @@ -1432,27 +1520,33 @@ int rc; time_t start_delivery_time = time(NULL); smtp_transport_options_block *ob = (smtp_transport_options_block *)(tblock->options_block); -BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0; -BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0; -BOOL ok = FALSE; -BOOL send_rset = TRUE; -BOOL send_quit = TRUE; -BOOL setting_up = TRUE; -BOOL completed_address = FALSE; -BOOL esmtp = TRUE; -BOOL pending_MAIL; -BOOL pass_message = FALSE; -uschar peer_offered = 0; /*XXX should this be handed on cf. tls_offered, smtp_use_dsn ? */ +struct lflags { + BOOL lmtp:1; + BOOL smtps:1; + BOOL ok:1; + BOOL send_rset:1; + BOOL send_quit:1; + BOOL setting_up:1; + BOOL esmtp:1; + BOOL esmtp_sent:1; + BOOL pending_MAIL:1; #ifndef DISABLE_PRDR -BOOL prdr_active; + BOOL prdr_active:1; #endif #ifdef SUPPORT_I18N -BOOL utf8_needed = FALSE; + BOOL utf8_needed:1; #endif -BOOL dsn_all_lasthop = TRUE; + BOOL dsn_all_lasthop:1; +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) + BOOL dane:1; + BOOL dane_required:1; +#endif +} lflags; + +BOOL pass_message = FALSE; +BOOL completed_address = FALSE; +uschar peer_offered = 0; #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) -BOOL dane = FALSE; -BOOL dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK; dns_answer tlsa_dnsa; #endif smtp_inblock inblock; @@ -1469,14 +1563,32 @@ uschar *helo_data = NULL; uschar *message = NULL; uschar new_message_id[MESSAGE_ID_LENGTH + 1]; uschar *p; -uschar buffer[4096]; +uschar buffer[DELIVER_BUFFER_SIZE]; uschar inbuffer[4096]; uschar outbuffer[4096]; suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */ +lflags.lmtp = strcmpic(ob->protocol, US"lmtp") == 0; +lflags.smtps = strcmpic(ob->protocol, US"smtps") == 0; +lflags.ok = FALSE; +lflags.send_rset = TRUE; +lflags.send_quit = TRUE; +lflags.setting_up = TRUE; +lflags.esmtp = TRUE; +lflags.esmtp_sent = FALSE; +#ifdef SUPPORT_I18N +lflags.utf8_needed = FALSE; +#endif +lflags.dsn_all_lasthop = TRUE; +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) +lflags.dane = FALSE; +lflags.dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK; +#endif + *message_defer = FALSE; smtp_command = US"initial connection"; +buffer[0] = '\0'; if (max_rcpt == 0) max_rcpt = 999999; /* Set up the buffer for reading SMTP response packets. */ @@ -1513,7 +1625,7 @@ afterward as we're in a subprocess. */ tls_modify_variables(&tls_out); #ifndef SUPPORT_TLS -if (smtps) +if (lflags.smtps) { set_errno_nohost(addrlist, ERRNO_TLSFAILURE, US"TLS support not available", DEFER, FALSE); @@ -1533,7 +1645,7 @@ if (continue_hostname == NULL) if (inblock.sock < 0) { - set_errno_nohost(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno, + set_errno_nohost(addrlist, errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno, NULL, DEFER, FALSE); return DEFER; } @@ -1545,29 +1657,29 @@ if (continue_hostname == NULL) if (host->dnssec == DS_YES) { - if( ( dane_required - || verify_check_given_host(&ob->hosts_try_dane, host) == OK - ) - && (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK - && dane_required /* do not error on only dane-requested */ + if( lflags.dane_required + || verify_check_given_host(&ob->hosts_try_dane, host) == OK ) - { - set_errno_nohost(addrlist, ERRNO_DNSDEFER, - string_sprintf("DANE error: tlsa lookup %s", - rc == DEFER ? "DEFER" : "FAIL"), - rc, FALSE); - return rc; - } + switch (rc = tlsa_lookup(host, &tlsa_dnsa, lflags.dane_required)) + { + case OK: lflags.dane = TRUE; break; + case FAIL_FORCED: break; + default: set_errno_nohost(addrlist, ERRNO_DNSDEFER, + string_sprintf("DANE error: tlsa lookup %s", + rc == DEFER ? "DEFER" : "FAIL"), + rc, FALSE); + return rc; + } } - else if (dane_required) + else if (lflags.dane_required) { set_errno_nohost(addrlist, ERRNO_DNSDEFER, string_sprintf("DANE error: %s lookup not DNSSEC", host->name), FAIL, FALSE); - return FAIL; + return FAIL; } - if (dane) + if (lflags.dane) ob->tls_tempfail_tryclear = FALSE; } #endif /*DANE*/ @@ -1595,9 +1707,14 @@ if (continue_hostname == NULL) is nevertheless a reasonably clean way of programming this kind of logic, where you want to escape on any error. */ - if (!smtps) + if (!lflags.smtps) { - BOOL good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), + BOOL good_response; + +#ifdef TCP_QUICKACK + (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); +#endif + good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO smtp_greeting = string_copy(buffer); @@ -1624,7 +1741,7 @@ if (continue_hostname == NULL) /* Now check if the helo_data expansion went well, and sign off cleanly if it didn't. */ - if (helo_data == NULL) + if (!helo_data) { uschar *message = string_sprintf("failed to expand helo_data: %s", expand_string_message); @@ -1669,15 +1786,15 @@ goto SEND_QUIT; mailers use upper case for some reason (the RFC is quite clear about case independence) so, for peace of mind, I gave in. */ - esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK; + lflags.esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK; /* Alas; be careful, since this goto is not an error-out, so conceivably we might set data between here and the target which we assume to exist and be usable. I can see this coming back to bite us. */ #ifdef SUPPORT_TLS - if (smtps) + if (lflags.smtps) { - tls_offered = TRUE; + smtp_peer_options |= PEER_OFFERED_TLS; suppress_tls = FALSE; ob->tls_tempfail_tryclear = FALSE; smtp_command = US"SSL-on-connect"; @@ -1685,69 +1802,88 @@ goto SEND_QUIT; } #endif - if (esmtp) + if (lflags.esmtp) { if (smtp_write_command(&outblock, FALSE, "%s %s\r\n", - lmtp? "LHLO" : "EHLO", helo_data) < 0) + lflags.lmtp ? "LHLO" : "EHLO", helo_data) < 0) goto SEND_FAILED; + lflags.esmtp_sent = TRUE; if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout)) { - if (errno != 0 || buffer[0] == 0 || lmtp) + if (errno != 0 || buffer[0] == 0 || lflags.lmtp) { #ifdef EXPERIMENTAL_DSN_INFO helo_response = string_copy(buffer); #endif goto RESPONSE_FAILED; } - esmtp = FALSE; + lflags.esmtp = FALSE; } #ifdef EXPERIMENTAL_DSN_INFO helo_response = string_copy(buffer); #endif } else - { DEBUG(D_transport) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); - } - if (!esmtp) + if (!lflags.esmtp) { BOOL good_response; + int n = sizeof(buffer); + uschar * rsp = buffer; + + if (lflags.esmtp_sent && (n = Ustrlen(buffer)) < sizeof(buffer)/2) + { rsp = buffer + n + 1; n = sizeof(buffer) - n; } if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0) goto SEND_FAILED; - good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), + good_response = smtp_read_response(&inblock, rsp, n, '2', ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO - helo_response = string_copy(buffer); + helo_response = string_copy(rsp); #endif - if (!good_response) goto RESPONSE_FAILED; + if (!good_response) + { + /* Handle special logging for a closed connection after HELO + when had previously sent EHLO */ + + if (rsp != buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET)) + { + message = NULL; + lflags.send_quit = FALSE; + save_errno = ERRNO_SMTPCLOSED; + message = string_sprintf("Remote host closed connection " + "in response to %s (EHLO response was: %s)", + smtp_command, buffer); + goto FAILED; + } + Ustrncpy(buffer, rsp, sizeof(buffer)/2); + goto RESPONSE_FAILED; + } } - if (esmtp || lmtp) + peer_offered = smtp_peer_options = 0; + + if (lflags.esmtp || lflags.lmtp) + { peer_offered = ehlo_response(buffer, Ustrlen(buffer), - PEER_OFFERED_TLS - | 0 /* IGNQ checked later */ - | 0 /* PRDR checked later */ - | 0 /* UTF8 checked later */ - | 0 /* DSN checked later */ - | 0 /* PIPE checked later */ - | 0 /* SIZE checked later */ + PEER_OFFERED_TLS /* others checked later */ ); /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ #ifdef SUPPORT_TLS - tls_offered = !!(peer_offered & PEER_OFFERED_TLS); + smtp_peer_options |= peer_offered & PEER_OFFERED_TLS; #endif + } } /* For continuing deliveries down the same channel, the socket is the standard input, and we don't need to redo EHLO here (but may need to do so for TLS - see below). Set up the pointer to where subsequent commands will be left, for -error messages. Note that smtp_use_size and smtp_use_pipelining will have been +error messages. Note that smtp_peer_options will have been set from the command line if they were set in the process that passed the connection on. */ @@ -1772,7 +1908,7 @@ the client not be required to use TLS. If the response is bad, copy the buffer for error analysis. */ #ifdef SUPPORT_TLS -if ( tls_offered +if ( smtp_peer_options & PEER_OFFERED_TLS && !suppress_tls && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK) { @@ -1790,8 +1926,10 @@ if ( tls_offered if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', ob->command_timeout)) { - if (errno != 0 || buffer2[0] == 0 || - (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)) + if ( errno != 0 + || buffer2[0] == 0 + || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear) + ) { Ustrncpy(buffer, buffer2, sizeof(buffer)); goto RESPONSE_FAILED; @@ -1805,7 +1943,7 @@ if ( tls_offered { int rc = tls_client_start(inblock.sock, host, addrlist, tblock # ifdef EXPERIMENTAL_DANE - , dane ? &tlsa_dnsa : NULL + , lflags.dane ? &tlsa_dnsa : NULL # endif ); @@ -1816,24 +1954,20 @@ if ( tls_offered if (rc != OK) { # ifdef EXPERIMENTAL_DANE - if (rc == DEFER && dane && !dane_required) - { - log_write(0, LOG_MAIN, "DANE attempt failed;" - " trying CA-root TLS to %s [%s] (not in hosts_require_dane)", + if (lflags.dane) log_write(0, LOG_MAIN, + "DANE attempt failed; no TLS connection to %s [%s]", host->name, host->address); - dane = FALSE; - goto TLS_NEGOTIATE; - } # endif save_errno = ERRNO_TLSFAILURE; message = US"failure while setting up TLS session"; - send_quit = FALSE; + lflags.send_quit = FALSE; goto TLS_FAILED; } /* TLS session is set up */ + smtp_peer_options_wrap = smtp_peer_options; for (addr = addrlist; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { @@ -1875,7 +2009,7 @@ if (tls_out.active >= 0) } /* For SMTPS we need to wait for the initial OK response. */ - if (smtps) + if (lflags.smtps) { good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout); @@ -1885,7 +2019,7 @@ if (tls_out.active >= 0) if (!good_response) goto RESPONSE_FAILED; } - if (esmtp) + if (lflags.esmtp) greeting_cmd = "EHLO"; else { @@ -1895,7 +2029,7 @@ if (tls_out.active >= 0) } if (smtp_write_command(&outblock, FALSE, "%s %s\r\n", - lmtp? "LHLO" : greeting_cmd, helo_data) < 0) + lflags.lmtp ? "LHLO" : greeting_cmd, helo_data) < 0) goto SEND_FAILED; good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout); @@ -1903,22 +2037,23 @@ if (tls_out.active >= 0) helo_response = string_copy(buffer); #endif if (!good_response) goto RESPONSE_FAILED; + smtp_peer_options = 0; } /* If the host is required to use a secure channel, ensure that we have one. */ -else if ( +else if ( lflags.smtps # ifdef EXPERIMENTAL_DANE - dane || + || lflags.dane # endif - verify_check_given_host(&ob->hosts_require_tls, host) == OK + || verify_check_given_host(&ob->hosts_require_tls, host) == OK ) { save_errno = ERRNO_TLSREQUIRED; message = string_sprintf("a TLS session is required, but %s", - tls_offered? "an attempt to start TLS failed" : - "the server did not offer TLS support"); + smtp_peer_options & PEER_OFFERED_TLS + ? "an attempt to start TLS failed" : "the server did not offer TLS support"); goto TLS_FAILED; } #endif /*SUPPORT_TLS*/ @@ -1934,14 +2069,16 @@ if (continue_hostname == NULL #endif ) { - if (esmtp || lmtp) + if (lflags.esmtp || lflags.lmtp) + { peer_offered = ehlo_response(buffer, Ustrlen(buffer), 0 /* no TLS */ - | (lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0) + | (lflags.lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0) + | PEER_OFFERED_CHUNKING | PEER_OFFERED_PRDR #ifdef SUPPORT_I18N | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0) - /*XXX if we hand peercaps on to continued-conn processes, + /*XXX if we hand peercaps on to continued-conn processes, must not depend on this addr */ #endif | PEER_OFFERED_DSN @@ -1949,70 +2086,82 @@ if (continue_hostname == NULL | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0) ); - /* Set for IGNOREQUOTA if the response to LHLO specifies support and the - lmtp_ignore_quota option was set. */ + /* Set for IGNOREQUOTA if the response to LHLO specifies support and the + lmtp_ignore_quota option was set. */ - igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US""; + igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US""; - /* If the response to EHLO specified support for the SIZE parameter, note - this, provided size_addition is non-negative. */ + /* If the response to EHLO specified support for the SIZE parameter, note + this, provided size_addition is non-negative. */ - smtp_use_size = !!(peer_offered & PEER_OFFERED_SIZE); + smtp_peer_options |= peer_offered & PEER_OFFERED_SIZE; - /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched - the current host, esmtp will be false, so PIPELINING can never be used. If - the current host matches hosts_avoid_pipelining, don't do it. */ + /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched + the current host, esmtp will be false, so PIPELINING can never be used. If + the current host matches hosts_avoid_pipelining, don't do it. */ - smtp_use_pipelining = peer_offered & PEER_OFFERED_PIPE - && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK; + if ( peer_offered & PEER_OFFERED_PIPE + && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK) + smtp_peer_options |= PEER_OFFERED_PIPE; - DEBUG(D_transport) debug_printf("%susing PIPELINING\n", - smtp_use_pipelining ? "" : "not "); + DEBUG(D_transport) debug_printf("%susing PIPELINING\n", + smtp_peer_options & PEER_OFFERED_PIPE ? "" : "not "); + + if ( peer_offered & PEER_OFFERED_CHUNKING + && verify_check_given_host(&ob->hosts_try_chunking, host) != OK) + peer_offered &= ~PEER_OFFERED_CHUNKING; + + if (peer_offered & PEER_OFFERED_CHUNKING) + {DEBUG(D_transport) debug_printf("CHUNKING usable\n");} #ifndef DISABLE_PRDR - if ( peer_offered & PEER_OFFERED_PRDR - && verify_check_given_host(&ob->hosts_try_prdr, host) != OK) - peer_offered &= ~PEER_OFFERED_PRDR; + if ( peer_offered & PEER_OFFERED_PRDR + && verify_check_given_host(&ob->hosts_try_prdr, host) != OK) + peer_offered &= ~PEER_OFFERED_PRDR; - if (peer_offered & PEER_OFFERED_PRDR) - {DEBUG(D_transport) debug_printf("PRDR usable\n");} + if (peer_offered & PEER_OFFERED_PRDR) + {DEBUG(D_transport) debug_printf("PRDR usable\n");} #endif - /* Note if the server supports DSN */ - smtp_use_dsn = !!(peer_offered & PEER_OFFERED_DSN); - DEBUG(D_transport) debug_printf("%susing DSN\n", smtp_use_dsn ? "" : "not "); + /* Note if the server supports DSN */ + smtp_peer_options |= peer_offered & PEER_OFFERED_DSN; + DEBUG(D_transport) debug_printf("%susing DSN\n", + peer_offered & PEER_OFFERED_DSN ? "" : "not "); - /* Note if the response to EHLO specifies support for the AUTH extension. - If it has, check that this host is one we want to authenticate to, and do - the business. The host name and address must be available when the - authenticator's client driver is running. */ + /* Note if the response to EHLO specifies support for the AUTH extension. + If it has, check that this host is one we want to authenticate to, and do + the business. The host name and address must be available when the + authenticator's client driver is running. */ - switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host, - ob, esmtp, &inblock, &outblock)) - { - default: goto SEND_QUIT; - case OK: break; - case FAIL_SEND: goto SEND_FAILED; - case FAIL: goto RESPONSE_FAILED; + switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host, + ob, lflags.esmtp, &inblock, &outblock)) + { + default: goto SEND_QUIT; + case OK: break; + case FAIL_SEND: goto SEND_FAILED; + case FAIL: goto RESPONSE_FAILED; + } } } +pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE); /* The setting up of the SMTP call is now complete. Any subsequent errors are message-specific. */ -setting_up = FALSE; +lflags.setting_up = FALSE; #ifdef SUPPORT_I18N if (addrlist->prop.utf8_msg) { - utf8_needed = !addrlist->prop.utf8_downcvt - && !addrlist->prop.utf8_downcvt_maybe; - DEBUG(D_transport) if (!utf8_needed) debug_printf("utf8: %s downconvert\n", - addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); + lflags.utf8_needed = !addrlist->prop.utf8_downcvt + && !addrlist->prop.utf8_downcvt_maybe; + DEBUG(D_transport) if (!lflags.utf8_needed) + debug_printf("utf8: %s downconvert\n", + addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); } /* If this is an international message we need the host to speak SMTPUTF8 */ -if (utf8_needed && !(peer_offered & PEER_OFFERED_UTF8)) +if (lflags.utf8_needed && !(peer_offered & PEER_OFFERED_UTF8)) { errno = ERRNO_UTF8_FWD; goto RESPONSE_FAILED; @@ -2025,10 +2174,10 @@ set it up. This cannot be done until the identify of the host is known. */ if (tblock->filter_command != NULL) { BOOL rc; - uschar buffer[64]; - sprintf(CS buffer, "%.50s transport", tblock->name); + uschar fbuf[64]; + sprintf(CS fbuf, "%.50s transport", tblock->name); rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command, - TRUE, DEFER, addrlist, buffer, NULL); + TRUE, DEFER, addrlist, fbuf, NULL); transport_filter_timeout = tblock->filter_timeout; /* On failure, copy the error to all addresses, abandon the SMTP call, and @@ -2041,6 +2190,16 @@ if (tblock->filter_command != NULL) yield = ERROR; goto SEND_QUIT; } + + if ( transport_filter_argv + && *transport_filter_argv + && **transport_filter_argv + && peer_offered & PEER_OFFERED_CHUNKING + ) + { + peer_offered &= ~PEER_OFFERED_CHUNKING; + DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n"); + } } @@ -2055,8 +2214,8 @@ transaction to handle. */ SEND_MESSAGE: sync_addr = first_addr; address_count = 0; -ok = FALSE; -send_rset = TRUE; +lflags.ok = FALSE; +lflags.send_rset = TRUE; completed_address = FALSE; @@ -2070,14 +2229,14 @@ included in the count.) */ p = buffer; *p = 0; -if (smtp_use_size) +if (peer_offered & PEER_OFFERED_SIZE) { sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition); while (*p) p++; } #ifndef DISABLE_PRDR -prdr_active = FALSE; +lflags.prdr_active = FALSE; if (peer_offered & PEER_OFFERED_PRDR) for (addr = first_addr; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) @@ -2085,7 +2244,7 @@ if (peer_offered & PEER_OFFERED_PRDR) for (addr = addr->next; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { /* at least two recipients to send */ - prdr_active = TRUE; + lflags.prdr_active = TRUE; sprintf(CS p, " PRDR"); p += 5; break; } @@ -2103,30 +2262,25 @@ if ( addrlist->prop.utf8_msg /* check if all addresses have lasthop flag */ /* do not send RET and ENVID if true */ -for (dsn_all_lasthop = TRUE, addr = first_addr; +for (lflags.dsn_all_lasthop = TRUE, addr = first_addr; address_count < max_rcpt && addr != NULL; addr = addr->next) if ((addr->dsn_flags & rf_dsnlasthop) != 1) { - dsn_all_lasthop = FALSE; + lflags.dsn_all_lasthop = FALSE; break; } /* Add any DSN flags to the mail command */ -if (smtp_use_dsn && !dsn_all_lasthop) +if (peer_offered & PEER_OFFERED_DSN && !lflags.dsn_all_lasthop) { if (dsn_ret == dsn_ret_hdrs) - { - Ustrcpy(p, " RET=HDRS"); - while (*p) p++; - } + { Ustrcpy(p, " RET=HDRS"); p += 9; } else if (dsn_ret == dsn_ret_full) - { - Ustrcpy(p, " RET=FULL"); - while (*p) p++; - } - if (dsn_envid != NULL) + { Ustrcpy(p, " RET=FULL"); p += 9; } + + if (dsn_envid) { string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid); while (*p) p++; @@ -2152,7 +2306,7 @@ at any point, for when the buffer fills up, so we write it totally generally. When PIPELINING is off, each command written reports that it has flushed the buffer. */ -pending_MAIL = TRUE; /* The block starts with MAIL */ +lflags.pending_MAIL = TRUE; /* The block starts with MAIL */ { uschar * s = return_path; @@ -2177,7 +2331,7 @@ pending_MAIL = TRUE; /* The block starts with MAIL */ } #endif - rc = smtp_write_command(&outblock, smtp_use_pipelining, + rc = smtp_write_command(&outblock, pipelining_active, "MAIL FROM:<%s>%s\r\n", s, buffer); } @@ -2199,7 +2353,7 @@ switch(rc) } goto RESPONSE_FAILED; } - pending_MAIL = FALSE; + lflags.pending_MAIL = FALSE; break; } @@ -2217,28 +2371,28 @@ the PENDING_DEFER status, because only one attempt is ever made, and we know that max_rcpt will be large, so all addresses will be done at once. */ for (addr = first_addr; - address_count < max_rcpt && addr != NULL; + addr && address_count < max_rcpt; addr = addr->next) + if (addr->transport_return == PENDING_DEFER) { int count; BOOL no_flush; uschar * rcpt_addr; - addr->dsn_aware = smtp_use_dsn ? dsn_support_yes : dsn_support_no; - - if (addr->transport_return != PENDING_DEFER) continue; + addr->dsn_aware = peer_offered & PEER_OFFERED_DSN + ? dsn_support_yes : dsn_support_no; address_count++; - no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL); + no_flush = pipelining_active && (!mua_wrapper || addr->next); /* Add any DSN flags to the rcpt command and add to the sent string */ p = buffer; *p = 0; - if (smtp_use_dsn && (addr->dsn_flags & rf_dsnlasthop) != 1) + if (peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop)) { - if ((addr->dsn_flags & rf_dsnflags) != 0) + if (addr->dsn_flags & rf_dsnflags) { int i; BOOL first = TRUE; @@ -2254,7 +2408,7 @@ for (addr = first_addr; } } - if (addr->dsn_orcpt != NULL) + if (addr->dsn_orcpt) { string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s", addr->dsn_orcpt); @@ -2291,22 +2445,22 @@ for (addr = first_addr; { switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr, host, count, ob->address_retry_include_sender, - pending_MAIL, 0, &inblock, ob->command_timeout, buffer, + lflags.pending_MAIL, 0, &inblock, ob->command_timeout, buffer, sizeof(buffer))) { - case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ case 2: completed_address = TRUE; /* 5xx (only) => progress made */ break; - case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ - if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */ + case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ case 0: /* No 2xx or 5xx, but no probs */ break; case -1: goto END_OFF; /* Timeout on RCPT */ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */ } - pending_MAIL = FALSE; /* Dealt with MAIL */ + lflags.pending_MAIL = FALSE; /* Dealt with MAIL */ } } /* Loop for next address */ @@ -2323,7 +2477,7 @@ if (mua_wrapper) /*XXX could we find a better errno than 0 here? */ set_errno_nohost(addrlist, 0, badaddr->message, FAIL, testflag(badaddr, af_pass_message)); - ok = FALSE; + lflags.ok = FALSE; break; } } @@ -2332,33 +2486,34 @@ if (mua_wrapper) send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still have a good recipient buffered up if we are pipelining. We don't want to waste time sending DATA needlessly, so we only send it if either ok is TRUE or if we -are pipelining. The responses are all handled by sync_responses(). */ +are pipelining. The responses are all handled by sync_responses(). +If using CHUNKING, do not send a BDAT until we know how big a chunk we want +to send is. */ -if (ok || (smtp_use_pipelining && !mua_wrapper)) +if ( !(peer_offered & PEER_OFFERED_CHUNKING) + && (lflags.ok || (pipelining_active && !mua_wrapper))) { int count = smtp_write_command(&outblock, FALSE, "DATA\r\n"); + if (count < 0) goto SEND_FAILED; switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr, - host, count, ob->address_retry_include_sender, pending_MAIL, - ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer))) + host, count, ob->address_retry_include_sender, lflags.pending_MAIL, + lflags.ok ? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer))) { - case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ case 2: completed_address = TRUE; /* 5xx (only) => progress made */ break; - case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ - if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */ + case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ case 0: break; /* No 2xx or 5xx, but no probs */ case -1: goto END_OFF; /* Timeout on RCPT */ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ } + pipelining_active = FALSE; } -/* Save the first address of the next batch. */ - -first_addr = addr; - /* If there were no good recipients (but otherwise there have been no problems), just set ok TRUE, since we have handled address-specific errors already. Otherwise, it's OK to send the message. Use the check/escape mechanism @@ -2366,42 +2521,74 @@ for handling the SMTP dot-handling protocol, flagging to apply to headers as well as body. Set the appropriate timeout value to be used for each chunk. (Haven't been able to make it work using select() for writing yet.) */ -if (!ok) ok = TRUE; else +if (!(peer_offered & PEER_OFFERED_CHUNKING) && !lflags.ok) + { + /* Save the first address of the next batch. */ + first_addr = addr; + + lflags.ok = TRUE; + } +else { + transport_ctx tctx = { + tblock, + addrlist, + US".", US"..", /* Escaping strings */ + topt_use_crlf | topt_escape_headers + | (tblock->body_only ? topt_no_headers : 0) + | (tblock->headers_only ? topt_no_body : 0) + | (tblock->return_path_add ? topt_add_return_path : 0) + | (tblock->delivery_date_add ? topt_add_delivery_date : 0) + | (tblock->envelope_to_add ? topt_add_envelope_to : 0) + }; + + /* If using CHUNKING we need a callback from the generic transport + support to us, for the sending of BDAT smtp commands and the reaping + of responses. The callback needs a whole bunch of state so set up + a transport-context structure to be passed around. */ + + if (peer_offered & PEER_OFFERED_CHUNKING) + { + tctx.check_string = tctx.escape_string = NULL; + tctx.options |= topt_use_bdat; + tctx.chunk_cb = smtp_chunk_cmd_callback; + tctx.inblock = &inblock; + tctx.outblock = &outblock; + tctx.host = host; + tctx.first_addr = first_addr; + tctx.sync_addr = &sync_addr; + tctx.pending_MAIL = lflags.pending_MAIL; + tctx.pending_BDAT = FALSE; + tctx.good_RCPT = lflags.ok; + tctx.completed_address = &completed_address; + tctx.cmd_count = 0; + tctx.buffer = buffer; + } + else + tctx.options |= topt_end_dot; + + /* Save the first address of the next batch. */ + first_addr = addr; + + /* Responses from CHUNKING commands go in buffer. Otherwise, + there has not been a response. */ + + buffer[0] = 0; + sigalrm_seen = FALSE; transport_write_timeout = ob->data_timeout; smtp_command = US"sending data block"; /* For error messages */ DEBUG(D_transport|D_v) - debug_printf(" SMTP>> writing message and terminating \".\"\n"); + if (peer_offered & PEER_OFFERED_CHUNKING) + debug_printf(" will write message using CHUNKING\n"); + else + debug_printf(" SMTP>> writing message and terminating \".\"\n"); transport_count = 0; #ifndef DISABLE_DKIM - ok = dkim_transport_write_message(addrlist, inblock.sock, - topt_use_crlf | topt_end_dot | topt_escape_headers | - (tblock->body_only? topt_no_headers : 0) | - (tblock->headers_only? topt_no_body : 0) | - (tblock->return_path_add? topt_add_return_path : 0) | - (tblock->delivery_date_add? topt_add_delivery_date : 0) | - (tblock->envelope_to_add? topt_add_envelope_to : 0), - 0, /* No size limit */ - tblock->add_headers, tblock->remove_headers, - US".", US"..", /* Escaping strings */ - tblock->rewrite_rules, tblock->rewrite_existflags, - ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector, - ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers - ); + lflags.ok = dkim_transport_write_message(inblock.sock, &tctx, &ob->dkim); #else - ok = transport_write_message(addrlist, inblock.sock, - topt_use_crlf | topt_end_dot | topt_escape_headers | - (tblock->body_only? topt_no_headers : 0) | - (tblock->headers_only? topt_no_body : 0) | - (tblock->return_path_add? topt_add_return_path : 0) | - (tblock->delivery_date_add? topt_add_delivery_date : 0) | - (tblock->envelope_to_add? topt_add_envelope_to : 0), - 0, /* No size limit */ - tblock->add_headers, tblock->remove_headers, - US".", US"..", /* Escaping strings */ - tblock->rewrite_rules, tblock->rewrite_existflags); + lflags.ok = transport_write_message(inblock.sock, &tctx, 0); #endif /* transport_write_message() uses write() because it is called from other @@ -2412,13 +2599,11 @@ if (!ok) ok = TRUE; else transport_write_timeout = 0; /* for subsequent transports */ /* Failure can either be some kind of I/O disaster (including timeout), - or the failure of a transport filter or the expansion of added headers. */ + or the failure of a transport filter or the expansion of added headers. + Or, when CHUNKING, it can be a protocol-detected failure. */ - if (!ok) - { - buffer[0] = 0; /* There hasn't been a response */ + if (!lflags.ok) goto RESPONSE_FAILED; - } /* We used to send the terminating "." explicitly here, but because of buffering effects at both ends of TCP/IP connections, you don't gain @@ -2428,25 +2613,46 @@ if (!ok) ok = TRUE; else smtp_command = US"end of data"; + if (peer_offered & PEER_OFFERED_CHUNKING && tctx.cmd_count > 1) + { + /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */ + switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr, + host, tctx.cmd_count-1, ob->address_retry_include_sender, + lflags.pending_MAIL, 0, + &inblock, ob->command_timeout, buffer, sizeof(buffer))) + { + case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: completed_address = TRUE; /* 5xx (only) => progress made */ + break; + + case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ + case 0: break; /* No 2xx or 5xx, but no probs */ + + case -1: goto END_OFF; /* Timeout on RCPT */ + default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ + } + } + #ifndef DISABLE_PRDR /* For PRDR we optionally get a partial-responses warning * followed by the individual responses, before going on with * the overall response. If we don't get the warning then deal * with per non-PRDR. */ - if(prdr_active) + if(lflags.prdr_active) { - ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3', + lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3', ob->final_timeout); - if (!ok && errno == 0) - switch(buffer[0]) - { - case '2': prdr_active = FALSE; - ok = TRUE; - break; - case '4': errno = ERRNO_DATA4XX; - addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; - break; - } + if (!lflags.ok && errno == 0) switch(buffer[0]) + { + case '2': lflags.prdr_active = FALSE; + lflags.ok = TRUE; + break; + case '4': errno = ERRNO_DATA4XX; + addrlist->more_errno |= + ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + break; + } } else #endif @@ -2454,11 +2660,11 @@ if (!ok) ok = TRUE; else /* For non-PRDR SMTP, we now read a single response that applies to the whole message. If it is OK, then all the addresses have been delivered. */ - if (!lmtp) + if (!lflags.lmtp) { - ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', + lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->final_timeout); - if (!ok && errno == 0 && buffer[0] == '4') + if (!lflags.ok && errno == 0 && buffer[0] == '4') { errno = ERRNO_DATA4XX; addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; @@ -2477,13 +2683,15 @@ if (!ok) ok = TRUE; else software before the spool gets updated. Also record the final SMTP confirmation if needed (for SMTP only). */ - if (ok) + if (lflags.ok) { int flag = '='; int delivery_time = (int)(time(NULL) - start_delivery_time); int len; uschar *conf = NULL; - send_rset = FALSE; + + lflags.send_rset = FALSE; + pipelining_active = FALSE; /* Set up confirmation if needed - applies only to SMTP */ @@ -2491,7 +2699,7 @@ if (!ok) ok = TRUE; else #ifdef DISABLE_EVENT LOGGING(smtp_confirmation) && #endif - !lmtp + !lflags.lmtp ) { const uschar *s = string_printing(buffer); @@ -2512,9 +2720,9 @@ if (!ok) ok = TRUE; else it doesn't get tried again too soon. */ #ifndef DISABLE_PRDR - if (lmtp || prdr_active) + if (lflags.lmtp || lflags.prdr_active) #else - if (lmtp) + if (lflags.lmtp) #endif { if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', @@ -2523,7 +2731,7 @@ if (!ok) ok = TRUE; else if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED; addr->message = string_sprintf( #ifndef DISABLE_PRDR - "%s error after %s: %s", prdr_active ? "PRDR":"LMTP", + "%s error after %s: %s", lflags.prdr_active ? "PRDR":"LMTP", #else "LMTP error after %s: %s", #endif @@ -2537,7 +2745,7 @@ if (!ok) ok = TRUE; else addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; addr->transport_return = DEFER; #ifndef DISABLE_PRDR - if (!prdr_active) + if (!lflags.prdr_active) #endif retry_add_item(addr, addr->address_retry_key, 0); } @@ -2561,12 +2769,13 @@ if (!ok) ok = TRUE; else addr->special_action = flag; addr->message = conf; #ifndef DISABLE_PRDR - if (prdr_active) addr->flags |= af_prdr_used; + if (lflags.prdr_active) addr->flags |= af_prdr_used; #endif + if (peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used; flag = '-'; #ifndef DISABLE_PRDR - if (!prdr_active) + if (!lflags.prdr_active) #endif { /* Update the journal. For homonymic addresses, use the base address plus @@ -2588,13 +2797,13 @@ if (!ok) ok = TRUE; else } #ifndef DISABLE_PRDR - if (prdr_active) + if (lflags.prdr_active) { /* PRDR - get the final, overall response. For any non-success upgrade all the address statuses. */ - ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', + lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->final_timeout); - if (!ok) + if (!lflags.ok) { if(errno == 0 && buffer[0] == '4') { @@ -2644,7 +2853,7 @@ assumed if errno == 0 and there is no text in the buffer. If control reaches here during the setting up phase (i.e. before MAIL FROM) then always defer, as the problem is not related to this specific message. */ -if (!ok) +if (!lflags.ok) { int code, set_rc; uschar * set_message; @@ -2653,7 +2862,7 @@ if (!ok) { save_errno = errno; message = NULL; - send_quit = check_response(host, &save_errno, addrlist->more_errno, + lflags.send_quit = check_response(host, &save_errno, addrlist->more_errno, buffer, &code, &message, &pass_message); goto FAILED; } @@ -2664,7 +2873,7 @@ if (!ok) code = '4'; message = US string_sprintf("send() to %s [%s] failed: %s", host->name, host->address, strerror(save_errno)); - send_quit = FALSE; + lflags.send_quit = FALSE; goto FAILED; } @@ -2686,16 +2895,14 @@ if (!ok) tried again for a while. */ FAILED: - ok = FALSE; /* For when reached by GOTO */ + lflags.ok = FALSE; /* For when reached by GOTO */ set_message = message; - if (setting_up) - { + if (lflags.setting_up) if (code == '5') set_rc = FAIL; else yield = set_rc = DEFER; - } /* We want to handle timeouts after MAIL or "." and loss of connection after "." specially. They can indicate a problem with the sender address or with @@ -2822,10 +3029,10 @@ hosts_nopass_tls. */ DEBUG(D_transport) debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d " - "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset, - continue_more, yield, (first_addr == NULL)? "":"not "); + "yield=%d first_address is %sNULL\n", lflags.ok, lflags.send_quit, + lflags.send_rset, continue_more, yield, first_addr ? "not " : ""); -if (completed_address && ok && send_quit) +if (completed_address && lflags.ok && lflags.send_quit) { BOOL more; smtp_compare_t t_compare; @@ -2847,21 +3054,21 @@ if (completed_address && ok && send_quit) uschar *msg; BOOL pass_message; - if (send_rset) + if (lflags.send_rset) { - if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0)) + if (! (lflags.ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0)) { msg = US string_sprintf("send() to %s [%s] failed: %s", host->name, host->address, strerror(save_errno)); - send_quit = FALSE; + lflags.send_quit = FALSE; } - else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->command_timeout))) + else if (! (lflags.ok = smtp_read_response(&inblock, buffer, + sizeof(buffer), '2', ob->command_timeout))) { int code; - send_quit = check_response(host, &errno, 0, buffer, &code, &msg, + lflags.send_quit = check_response(host, &errno, 0, buffer, &code, &msg, &pass_message); - if (!send_quit) + if (!lflags.send_quit) { DEBUG(D_transport) debug_printf("H=%s [%s] %s\n", host->name, host->address, msg); @@ -2871,7 +3078,7 @@ if (completed_address && ok && send_quit) /* Either RSET was not needed, or it succeeded */ - if (ok) + if (lflags.ok) { if (first_addr != NULL) /* More addresses still to be sent */ { /* in this run of the transport */ @@ -2889,10 +3096,11 @@ if (completed_address && ok && send_quit) if (tls_out.active >= 0) { tls_close(FALSE, TRUE); - if (smtps) - ok = FALSE; + smtp_peer_options = smtp_peer_options_wrap; + if (lflags.smtps) + lflags.ok = FALSE; else - ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 && + lflags.ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 && smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout); } @@ -2904,11 +3112,9 @@ if (completed_address && ok && send_quit) /*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to propagate it from the initial */ - if (ok && transport_pass_socket(tblock->name, host->name, host->address, - new_message_id, inblock.sock)) - { - send_quit = FALSE; - } + if (lflags.ok && transport_pass_socket(tblock->name, host->name, + host->address, new_message_id, inblock.sock)) + lflags.send_quit = FALSE; } /* If RSET failed and there are addresses left, they get deferred. */ @@ -2940,7 +3146,7 @@ This change is being made on 31-Jul-98. After over a year of trouble-free operation, the old commented-out code was removed on 17-Sep-99. */ SEND_QUIT: -if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); +if (lflags.send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); END_OFF: @@ -2958,6 +3164,14 @@ writing RSET might have failed, or there may be other addresses whose hosts are specified in the transports, and therefore not visible at top level, in which case continue_more won't get set. */ +HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); +if (lflags.send_quit) + { + shutdown(outblock.sock, SHUT_WR); + if (fcntl(inblock.sock, F_SETFL, O_NONBLOCK) == 0) + for (rc = 16; read(inblock.sock, inbuffer, sizeof(inbuffer)) > 0 && rc > 0;) + rc--; /* drain socket */ + } (void)close(inblock.sock); #ifndef DISABLE_EVENT @@ -3044,10 +3258,10 @@ prepare_addresses(address_item *addrlist, host_item *host) { address_item *first_addr = NULL; address_item *addr; -for (addr = addrlist; addr != NULL; addr = addr->next) +for (addr = addrlist; addr; addr = addr->next) if (addr->transport_return == DEFER) { - if (first_addr == NULL) first_addr = addr; + if (!first_addr) first_addr = addr; addr->transport_return = PENDING_DEFER; addr->basic_errno = 0; addr->more_errno = (host->mx >= 0)? 'M' : 'A'; @@ -3095,7 +3309,6 @@ int hosts_total = 0; int total_hosts_tried = 0; address_item *addr; BOOL expired = TRUE; -BOOL continuing = continue_hostname != NULL; uschar *expanded_hosts = NULL; uschar *pistring; uschar *tid = string_sprintf("%s transport", tblock->name); @@ -3107,9 +3320,15 @@ host_item *host = NULL; DEBUG(D_transport) { debug_printf("%s transport entered\n", tblock->name); - for (addr = addrlist; addr != NULL; addr = addr->next) + for (addr = addrlist; addr; addr = addr->next) debug_printf(" %s\n", addr->address); - if (continuing) debug_printf("already connected to %s [%s]\n", + if (hostlist) + { + debug_printf("hostlist:\n"); + for (host = hostlist; host; host = host->next) + debug_printf(" %s:%d\n", host->name, host->port); + } + if (continue_hostname) debug_printf("already connected to %s [%s]\n", continue_hostname, continue_host_address); } @@ -3125,9 +3344,9 @@ same one in order to be passed to a single transport - or if the transport has a host list with hosts_override set, use the host list supplied with the transport. It is an error for this not to exist. */ -if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL)) +if (!hostlist || (ob->hosts_override && ob->hosts)) { - if (ob->hosts == NULL) + if (!ob->hosts) { addrlist->message = string_sprintf("%s transport called with no hosts set", tblock->name); @@ -3146,7 +3365,7 @@ if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL)) as the hosts string will never be used again, it doesn't matter that we replace all the : characters with zeros. */ - if (ob->hostlist == NULL) + if (!ob->hostlist) { uschar *s = ob->hosts; @@ -3156,7 +3375,7 @@ if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL)) { addrlist->message = string_sprintf("failed to expand list of hosts " "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message); - addrlist->transport_return = search_find_defer? DEFER : PANIC; + addrlist->transport_return = search_find_defer ? DEFER : PANIC; return FALSE; /* Only top address has status */ } DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to " @@ -3169,7 +3388,7 @@ if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL)) host_build_hostlist(&hostlist, s, ob->hosts_randomize); /* Check that the expansion yielded something useful. */ - if (hostlist == NULL) + if (!hostlist) { addrlist->message = string_sprintf("%s transport has empty hosts setting", tblock->name); @@ -3195,17 +3414,17 @@ must sort it into a random order if it did not come from MX records and has not already been randomized (but don't bother if continuing down an existing connection). */ -else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing) +else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname) { host_item *newlist = NULL; - while (hostlist != NULL) + while (hostlist) { host_item *h = hostlist; hostlist = hostlist->next; h->sort_key = random_number(100); - if (newlist == NULL) + if (!newlist) { h->next = NULL; newlist = h; @@ -3218,7 +3437,7 @@ else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing) else { host_item *hh = newlist; - while (hh->next != NULL) + while (hh->next) { if (h->sort_key < hh->next->sort_key) break; hh = hh->next; @@ -3280,23 +3499,22 @@ the current message. To cope with this, we have to go round the loop a second time. After that, set the status and error data for any addresses that haven't had it set already. */ -for (cutoff_retry = 0; expired && - cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2); +for (cutoff_retry = 0; + expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2); cutoff_retry++) { host_item *nexthost = NULL; int unexpired_hosts_tried = 0; for (host = hostlist; - host != NULL && - unexpired_hosts_tried < ob->hosts_max_try && - total_hosts_tried < ob->hosts_max_try_hardlimit; + host + && unexpired_hosts_tried < ob->hosts_max_try + && total_hosts_tried < ob->hosts_max_try_hardlimit; host = nexthost) { int rc; int host_af; uschar *rs; - BOOL serialized = FALSE; BOOL host_is_expired = FALSE; BOOL message_defer = FALSE; BOOL some_deferred = FALSE; @@ -3326,7 +3544,7 @@ for (cutoff_retry = 0; expired && Note that we mustn't skip unusable hosts if the address is not unset; they may be needed as expired hosts on the 2nd time round the cutoff loop. */ - if (host->address == NULL) + if (!host->address) { int new_port, flags; host_item *hh; @@ -3385,7 +3603,7 @@ for (cutoff_retry = 0; expired && "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name); host->status = hstatus_unusable; - for (addr = addrlist; addr != NULL; addr = addr->next) + for (addr = addrlist; addr; addr = addr->next) { if (addr->transport_return != DEFER) continue; addr->basic_errno = ERRNO_UNKNOWNHOST; @@ -3401,7 +3619,7 @@ for (cutoff_retry = 0; expired && if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost) { - for (addr = addrlist; addr != NULL; addr = addr->next) + for (addr = addrlist; addr; addr = addr->next) { addr->basic_errno = 0; addr->message = string_sprintf("%s transport found host %s to be " @@ -3417,8 +3635,10 @@ for (cutoff_retry = 0; expired && result of the lookup. Set expired FALSE, to save the outer loop executing twice. */ - if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 || - Ustrcmp(continue_host_address, host->address) != 0)) + if ( continue_hostname + && ( Ustrcmp(continue_hostname, host->name) != 0 + || Ustrcmp(continue_host_address, host->address) != 0 + ) ) { expired = FALSE; continue; /* With next host */ @@ -3442,11 +3662,9 @@ for (cutoff_retry = 0; expired && &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)) { expired = FALSE; - for (addr = addrlist; addr != NULL; addr = addr->next) - { - if (addr->transport_return != DEFER) continue; - addr->message = US"domain matches queue_smtp_domains, or -odqs set"; - } + for (addr = addrlist; addr; addr = addr->next) + if (addr->transport_return == DEFER) + addr->message = US"domain matches queue_smtp_domains, or -odqs set"; continue; /* With next host */ } @@ -3469,8 +3687,8 @@ for (cutoff_retry = 0; expired && the standard SMTP port. A host may have its own port setting that overrides the default. */ - pistring = string_sprintf(":%d", (host->port == PORT_NONE)? - port : host->port); + pistring = string_sprintf(":%d", host->port == PORT_NONE + ? port : host->port); if (Ustrcmp(pistring, ":25") == 0) pistring = US""; /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface @@ -3479,7 +3697,7 @@ for (cutoff_retry = 0; expired && because connections to the same host from a different interface should be treated separately. */ - host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6; + host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6; if ((rs = ob->interface) && *rs) { if (!smtp_get_interface(rs, host_af, addrlist, &interface, tid)) @@ -3520,24 +3738,24 @@ for (cutoff_retry = 0; expired && switch (host->status) { case hstatus_unusable: - expired = FALSE; - setflag(addrlist, af_retry_skipped); - /* Fall through */ + expired = FALSE; + setflag(addrlist, af_retry_skipped); + /* Fall through */ case hstatus_unusable_expired: - switch (host->why) - { - case hwhy_retry: hosts_retry++; break; - case hwhy_failed: hosts_fail++; break; - case hwhy_deferred: hosts_defer++; break; - } - - /* If there was a retry message key, implying that previously there - was a message-specific defer, we don't want to update the list of - messages waiting for these hosts. */ - - if (retry_message_key != NULL) update_waiting = FALSE; - continue; /* With the next host or IP address */ + switch (host->why) + { + case hwhy_retry: hosts_retry++; break; + case hwhy_failed: hosts_fail++; break; + case hwhy_deferred: hosts_defer++; break; + } + + /* If there was a retry message key, implying that previously there + was a message-specific defer, we don't want to update the list of + messages waiting for these hosts. */ + + if (retry_message_key) update_waiting = FALSE; + continue; /* With the next host or IP address */ } } @@ -3546,12 +3764,11 @@ for (cutoff_retry = 0; expired && else { - if (host->address == NULL || - host->status != hstatus_unusable_expired || - host->last_try > received_time) + if ( !host->address + || host->status != hstatus_unusable_expired + || host->last_try > received_time) continue; - DEBUG(D_transport) - debug_printf("trying expired host %s [%s]%s\n", + DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n", host->name, host->address, pistring); host_is_expired = TRUE; } @@ -3568,8 +3785,8 @@ for (cutoff_retry = 0; expired && and remember this for later deletion. Do not do any of this if we are sending the message down a pre-existing connection. */ - if (!continuing && - verify_check_given_host(&ob->serialize_hosts, host) == OK) + if ( !continue_hostname + && verify_check_given_host(&ob->serialize_hosts, host) == OK) { serialize_key = string_sprintf("host-serialize-%s", host->name); if (!enq_start(serialize_key, 1)) @@ -3580,7 +3797,6 @@ for (cutoff_retry = 0; expired && hosts_serial++; continue; } - serialized = TRUE; } /* OK, we have an IP address that is not waiting for its retry time to @@ -3594,11 +3810,11 @@ for (cutoff_retry = 0; expired && DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n", message_id, host->name, host->address, addrlist->address, - (addrlist->next == NULL)? "" : ", ..."); + addrlist->next ? ", ..." : ""); set_process_info("delivering %s to %s [%s] (%s%s)", message_id, host->name, host->address, addrlist->address, - (addrlist->next == NULL)? "" : ", ..."); + addrlist->next ? ", ..." : ""); /* This is not for real; don't do the delivery. If there are any remaining hosts, list them. */ @@ -3607,7 +3823,7 @@ for (cutoff_retry = 0; expired && { host_item *host2; set_errno_nohost(addrlist, 0, NULL, OK, FALSE); - for (addr = addrlist; addr != NULL; addr = addr->next) + for (addr = addrlist; addr; addr = addr->next) { addr->host_used = host; addr->special_action = '*'; @@ -3617,9 +3833,9 @@ for (cutoff_retry = 0; expired && { debug_printf("*** delivery by %s transport bypassed by -N option\n" "*** host and remaining hosts:\n", tblock->name); - for (host2 = host; host2 != NULL; host2 = host2->next) + for (host2 = host; host2; host2 = host2->next) debug_printf(" %s [%s]\n", host2->name, - (host2->address == NULL)? US"unset" : host2->address); + host2->address ? host2->address : US"unset"); } rc = OK; } @@ -3689,8 +3905,8 @@ for (cutoff_retry = 0; expired && failures, where the log has already been written. If all hosts defer a general message is written at the end. */ - if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL && - first_addr->basic_errno != ERRNO_TLSFAILURE) + if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL + && first_addr->basic_errno != ERRNO_TLSFAILURE) write_logs(first_addr, host); #ifndef DISABLE_EVENT @@ -3731,16 +3947,18 @@ for (cutoff_retry = 0; expired && /* Delivery attempt finished */ - rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)? - US"ERROR" : US"?"; + rs = rc == OK ? US"OK" + : rc == DEFER ? US"DEFER" + : rc == ERROR ? US"ERROR" + : US"?"; set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s", message_id, host->name, host->address, addrlist->address, - (addrlist->next == NULL)? "" : " (& others)", rs); + addrlist->next ? " (& others)" : "", rs); /* Release serialization if set up */ - if (serialized) enq_end(serialize_key); + if (serialize_key) enq_end(serialize_key); /* If the result is DEFER, or if a host retry record is known to exist, we need to add an item to the retry chain for updating the retry database @@ -3750,10 +3968,10 @@ for (cutoff_retry = 0; expired && the unusable tree at the outer level, so even if different address blocks contain the same address, it still won't get tried again.) */ - if (rc == DEFER || retry_host_key != NULL) + if (rc == DEFER || retry_host_key) { - int delete_flag = (rc != DEFER)? rf_delete : 0; - if (retry_host_key == NULL) + int delete_flag = rc != DEFER ? rf_delete : 0; + if (!retry_host_key) { BOOL incl_ip; if (exp_bool(addrlist, US"transport", tblock->name, D_transport, @@ -3761,9 +3979,9 @@ for (cutoff_retry = 0; expired && ob->expand_retry_include_ip_address, &incl_ip) != OK) incl_ip = TRUE; /* error; use most-specific retry record */ - retry_host_key = incl_ip ? - string_sprintf("T:%S:%s%s", host->name, host->address, pistring) : - string_sprintf("T:%S%s", host->name, pistring); + retry_host_key = incl_ip + ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring) + : string_sprintf("T:%S%s", host->name, pistring); } /* If a delivery of another message over an existing SMTP connection @@ -3776,7 +3994,7 @@ for (cutoff_retry = 0; expired && host is genuinely down, another non-continued message delivery will notice it soon enough. */ - if (delete_flag != 0 || !continuing) + if (delete_flag != 0 || !continue_hostname) retry_add_item(first_addr, retry_host_key, rf_host | delete_flag); /* We may have tried an expired host, if its retry time has come; ensure @@ -3784,8 +4002,8 @@ for (cutoff_retry = 0; expired && if (rc == DEFER) { - host->status = (host_is_expired)? - hstatus_unusable_expired : hstatus_unusable; + host->status = host_is_expired + ? hstatus_unusable_expired : hstatus_unusable; host->why = hwhy_deferred; } } @@ -3798,10 +4016,10 @@ for (cutoff_retry = 0; expired && reasonable. Also, stop the message from being remembered as waiting for specific hosts. */ - if (message_defer || retry_message_key != NULL) + if (message_defer || retry_message_key) { - int delete_flag = message_defer? 0 : rf_delete; - if (retry_message_key == NULL) + int delete_flag = message_defer ? 0 : rf_delete; + if (!retry_message_key) { BOOL incl_ip; if (exp_bool(addrlist, US"transport", tblock->name, D_transport, @@ -3809,10 +4027,10 @@ for (cutoff_retry = 0; expired && ob->expand_retry_include_ip_address, &incl_ip) != OK) incl_ip = TRUE; /* error; use most-specific retry record */ - retry_message_key = incl_ip ? - string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring, - message_id) : - string_sprintf("T:%S%s:%s", host->name, pistring, message_id); + retry_message_key = incl_ip + ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring, + message_id) + : string_sprintf("T:%S%s:%s", host->name, pistring, message_id); } retry_add_item(addrlist, retry_message_key, rf_message | rf_host | delete_flag); @@ -3846,7 +4064,7 @@ for (cutoff_retry = 0; expired && case when we were trying to deliver down an existing channel and failed. Don't try any other hosts in this case. */ - if (continuing) break; + if (continue_hostname) break; /* If the whole delivery, or some individual addresses, were deferred and there are more hosts that could be tried, do not count this host towards @@ -3856,16 +4074,16 @@ for (cutoff_retry = 0; expired && important because if we don't try all hosts, the address will never time out. NOTE: this does not apply to hosts_max_try_hardlimit. */ - if ((rc == DEFER || some_deferred) && nexthost != NULL) + if ((rc == DEFER || some_deferred) && nexthost) { BOOL timedout; retry_config *retry = retry_find_config(host->name, NULL, 0, 0); - if (retry != NULL && retry->rules != NULL) + if (retry && retry->rules) { retry_rule *last_rule; for (last_rule = retry->rules; - last_rule->next != NULL; + last_rule->next; last_rule = last_rule->next); timedout = time(NULL) - received_time > last_rule->timeout; } @@ -3899,7 +4117,7 @@ specific failures. Force the delivery status for all addresses to FAIL. */ if (mua_wrapper) { - for (addr = addrlist; addr != NULL; addr = addr->next) + for (addr = addrlist; addr; addr = addr->next) addr->transport_return = FAIL; goto END_TRANSPORT; } @@ -3916,7 +4134,7 @@ If queue_smtp is set, or this transport was called to send a subsequent message down an existing TCP/IP connection, and something caused the host not to be found, we end up here, but can detect these cases and handle them specially. */ -for (addr = addrlist; addr != NULL; addr = addr->next) +for (addr = addrlist; addr; addr = addr->next) { /* If host is not NULL, it means that we stopped processing the host list because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this @@ -3925,8 +4143,7 @@ for (addr = addrlist; addr != NULL; addr = addr->next) However, if we have hit hosts_max_try_hardlimit, we want to behave as if all hosts were tried. */ - if (host != NULL) - { + if (host) if (total_hosts_tried >= ob->hosts_max_try_hardlimit) { DEBUG(D_transport) @@ -3939,7 +4156,6 @@ for (addr = addrlist; addr != NULL; addr = addr->next) debug_printf("hosts_max_try limit caused some hosts to be skipped\n"); setflag(addr, af_retry_skipped); } - } if (queue_smtp) /* no deliveries attempted */ { @@ -3948,45 +4164,45 @@ for (addr = addrlist; addr != NULL; addr = addr->next) addr->message = US"SMTP delivery explicitly queued"; } - else if (addr->transport_return == DEFER && - (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) && - addr->message == NULL) + else if ( addr->transport_return == DEFER + && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) + && !addr->message + ) { addr->basic_errno = ERRNO_HRETRY; - if (continue_hostname != NULL) - { + if (continue_hostname) addr->message = US"no host found for existing SMTP connection"; - } else if (expired) { setflag(addr, af_pass_message); /* This is not a security risk */ - addr->message = ob->delay_after_cutoff - ? US"retry time not reached for any host after a long failure period" - : US"all hosts have been failing for a long time and were last tried " - "after this message arrived"; + addr->message = string_sprintf( + "all hosts%s have been failing for a long time %s", + addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"", + ob->delay_after_cutoff + ? US"(and retry time not reached)" + : US"and were last tried after this message arrived"); /* If we are already using fallback hosts, or there are no fallback hosts defined, convert the result to FAIL to cause a bounce. */ - if (addr->host_list == addr->fallback_hosts || - addr->fallback_hosts == NULL) + if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts) addr->transport_return = FAIL; } else { - const uschar * s; + const char * s; if (hosts_retry == hosts_total) - s = US"retry time not reached for any host%s"; + s = "retry time not reached for any host%s"; else if (hosts_fail == hosts_total) - s = US"all host address lookups%s failed permanently"; + s = "all host address lookups%s failed permanently"; else if (hosts_defer == hosts_total) - s = US"all host address lookups%s failed temporarily"; + s = "all host address lookups%s failed temporarily"; else if (hosts_serial == hosts_total) - s = US"connection limit reached for all hosts%s"; + s = "connection limit reached for all hosts%s"; else if (hosts_fail+hosts_defer == hosts_total) - s = US"all host address lookups%s failed"; + s = "all host address lookups%s failed"; else - s = US"some host address lookups failed and retry time " + s = "some host address lookups failed and retry time " "not reached for other hosts or connection limit reached%s"; addr->message = string_sprintf(s, diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index 07b601a96..c8df38ab4 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -21,10 +21,12 @@ typedef struct { uschar *serialize_hosts; uschar *hosts_try_auth; uschar *hosts_require_auth; + uschar *hosts_try_chunking; #ifdef EXPERIMENTAL_DANE uschar *hosts_try_dane; uschar *hosts_require_dane; #endif + uschar *hosts_try_fastopen; #ifndef DISABLE_PRDR uschar *hosts_try_prdr; #endif @@ -67,9 +69,6 @@ typedef struct { uschar *tls_crl; uschar *tls_privatekey; uschar *tls_require_ciphers; - uschar *gnutls_require_kx; - uschar *gnutls_require_mac; - uschar *gnutls_require_proto; uschar *tls_sni; uschar *tls_verify_certificates; int tls_dh_min_bits; @@ -79,12 +78,7 @@ typedef struct { uschar *tls_verify_cert_hostnames; #endif #ifndef DISABLE_DKIM - uschar *dkim_domain; - uschar *dkim_private_key; - uschar *dkim_selector; - uschar *dkim_canon; - uschar *dkim_sign_headers; - uschar *dkim_strict; + struct ob_dkim dkim; #endif } smtp_transport_options_block; diff --git a/src/src/utf8.c b/src/src/utf8.c index 84ad1dc18..e394db0a8 100644 --- a/src/src/utf8.c +++ b/src/src/utf8.c @@ -18,7 +18,7 @@ BOOL string_is_utf8(const uschar * s) { uschar c; -while ((c = *s++)) if (c & 0x80) return TRUE; +if (s) while ((c = *s++)) if (c & 0x80) return TRUE; return FALSE; } diff --git a/src/src/verify.c b/src/src/verify.c index 53a1daade..9652a395f 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with verifying things. The original code for callout @@ -39,7 +39,8 @@ static tree_node *dnsbl_cache = NULL; #define MT_NOT 1 #define MT_ALL 2 -static uschar cutthrough_response(char, uschar **); +static uschar cutthrough_response(char, uschar **, int); + /************************************************* @@ -155,10 +156,6 @@ do_callout(address_item *addr, host_item *host_list, transport_feedback *tf, int callout, int callout_overall, int callout_connect, int options, uschar *se_mailfrom, uschar *pm_mailfrom) { -BOOL is_recipient = (options & vopt_is_recipient) != 0; -BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0; -BOOL callout_random = (options & vopt_callout_random) != 0; - int yield = OK; int old_domain_cache_result = ccache_accept; BOOL done = FALSE; @@ -166,8 +163,8 @@ uschar *address_key; uschar *from_address; uschar *random_local_part = NULL; const uschar *save_deliver_domain = deliver_domain; -uschar **failure_ptr = is_recipient? - &recipient_verify_failure : &sender_verify_failure; +uschar **failure_ptr = options & vopt_is_recipient + ? &recipient_verify_failure : &sender_verify_failure; open_db dbblock; open_db *dbm_file = NULL; dbdata_callout_cache new_domain_record; @@ -189,12 +186,13 @@ because that may influence the result of the callout. */ address_key = addr->address; from_address = US""; -if (is_recipient) +if (options & vopt_is_recipient) { if (options & vopt_callout_recipsender) { address_key = string_sprintf("%s/<%s>", addr->address, sender_address); from_address = sender_address; + if (cutthrough.delivery) options |= vopt_callout_no_cache; } else if (options & vopt_callout_recippmaster) { @@ -217,7 +215,7 @@ else /* Open the callout cache database, it it exists, for reading only at this stage, unless caching has been disabled. */ -if (callout_no_cache) +if (options & vopt_callout_no_cache) { HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n"); } @@ -229,7 +227,7 @@ else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL) /* If a cache database is available see if we can avoid the need to do an actual callout by making use of previously-obtained data. */ -if (dbm_file != NULL) +if (dbm_file) { dbdata_callout_cache_address *cache_address_record; dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file, @@ -240,7 +238,7 @@ if (dbm_file != NULL) /* If an unexpired cache record was found for this domain, see if the callout process can be short-circuited. */ - if (cache_record != NULL) + if (cache_record) { /* In most cases, if an early command (up to and including MAIL FROM:<>) was rejected, there is no point carrying on. The callout fails. However, if @@ -273,26 +271,26 @@ if (dbm_file != NULL) the data in the new record. If a random check is required but hasn't been done, skip the remaining cache processing. */ - if (callout_random) switch(cache_record->random_result) + if (options & vopt_callout_random) switch(cache_record->random_result) { case ccache_accept: - HDEBUG(D_verify) - debug_printf("callout cache: domain accepts random addresses\n"); - goto END_CALLOUT; /* Default yield is OK */ + HDEBUG(D_verify) + debug_printf("callout cache: domain accepts random addresses\n"); + goto END_CALLOUT; /* Default yield is OK */ case ccache_reject: - HDEBUG(D_verify) - debug_printf("callout cache: domain rejects random addresses\n"); - callout_random = FALSE; - new_domain_record.random_result = ccache_reject; - new_domain_record.random_stamp = cache_record->random_stamp; - break; + HDEBUG(D_verify) + debug_printf("callout cache: domain rejects random addresses\n"); + options &= ~vopt_callout_random; + new_domain_record.random_result = ccache_reject; + new_domain_record.random_stamp = cache_record->random_stamp; + break; default: - HDEBUG(D_verify) - debug_printf("callout cache: need to check random address handling " - "(not cached or cache expired)\n"); - goto END_CACHE; + HDEBUG(D_verify) + debug_printf("callout cache: need to check random address handling " + "(not cached or cache expired)\n"); + goto END_CACHE; } /* If a postmaster check is requested, but there was a previous failure, @@ -300,7 +298,7 @@ if (dbm_file != NULL) but has not been done before, we are going to have to do a callout, so skip remaining cache processing. */ - if (pm_mailfrom != NULL) + if (pm_mailfrom) { if (cache_record->postmaster_result == ccache_reject) { @@ -346,7 +344,7 @@ if (dbm_file != NULL) callout_cache_positive_expire, callout_cache_negative_expire); - if (cache_address_record != NULL) + if (cache_address_record) { if (cache_address_record->result == ccache_accept) { @@ -389,7 +387,7 @@ else with a random local part, ensure that such a local part is available. If not, log the fact, but carry on without randomming. */ - if (callout_random && callout_random_local_part != NULL) + if (options & vopt_callout_random && callout_random_local_part != NULL) if (!(random_local_part = expand_string(callout_random_local_part))) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); @@ -407,7 +405,7 @@ else and cause the client to time out. So in this case we forgo the PIPELINING optimization. */ - if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush(); + if (smtp_out && !disable_callout_flush) mac_smtp_fflush(); /* cutthrough-multi: if a nonfirst rcpt has the same routing as the first, and we are holding a cutthrough conn open, we can just append the rcpt to @@ -456,7 +454,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. && port == cutthrough.host.port ) { - uschar * resp; + uschar * resp = NULL; /* Match! Send the RCPT TO, append the addr, set done */ done = @@ -464,7 +462,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. transport_rcpt_address(addr, (addr->transport == NULL)? FALSE : addr->transport->rcpt_include_affixes)) >= 0 && - cutthrough_response('2', &resp) == '2'; + cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2'; /* This would go horribly wrong if a callout fail was ignored by ACL. We punt by abandoning cutthrough on a reject, like the @@ -483,7 +481,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. else { cancel_cutthrough_connection("recipient rejected"); - if (errno == ETIMEDOUT) + if (!resp || errno == ETIMEDOUT) { HDEBUG(D_verify) debug_printf("SMTP timeout\n"); } @@ -519,7 +517,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Now make connections to the hosts and do real callouts. The list of hosts is passed in as an argument. */ - for (host = host_list; host != NULL && !done; host = host->next) + for (host = host_list; host && !done; host = host->next) { smtp_inblock inblock; smtp_outblock outblock; @@ -547,7 +545,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Skip this host if we don't have an IP address for it. */ - if (host->address == NULL) + if (!host->address) { DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n", host->name); @@ -564,7 +562,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Set IPv4 or IPv6 */ - host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; + host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6; /* Expand and interpret the interface and port strings. The latter will not be used if there is a host-specific port (e.g. from a manualroute router). @@ -620,6 +618,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. addr->transport); if (inblock.sock < 0) { + HDEBUG(D_verify) debug_printf("connect: %s\n", strerror(errno)); addr->message = string_sprintf("could not connect to %s [%s]: %s", host->name, host->address, strerror(errno)); transport_name = NULL; @@ -640,12 +639,14 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. if (host->dnssec == DS_YES) { - if( ( dane_required - || verify_check_given_host(&ob->hosts_try_dane, host) == OK - ) - && (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK + if( dane_required + || verify_check_given_host(&ob->hosts_try_dane, host) == OK ) - return rc; + { + if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required)) != OK) + return rc; + dane = TRUE; + } } else if (dane_required) { @@ -660,10 +661,10 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Expand the helo_data string to find the host name to use. */ - if (tf->helo_data != NULL) + if (tf->helo_data) { - uschar *s = expand_string(tf->helo_data); - if (s == NULL) + uschar * s = expand_string(tf->helo_data); + if (!s) log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " "helo_data value for callout: %s", addr->address, expand_string_message); @@ -683,6 +684,9 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. if (!smtps || (smtps && tls_out.active >= 0)) #endif { +#ifdef TCP_QUICKACK + (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); +#endif if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) goto RESPONSE_FAILED; @@ -756,11 +760,11 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. : 0; } - size_str = peer_offered & PEER_OFFERED_SIZE + size_str = options & vopt_is_recipient && peer_offered & PEER_OFFERED_SIZE ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US""; #ifdef SUPPORT_TLS - tls_offered = !!(peer_offered & PEER_OFFERED_TLS); + smtp_peer_options |= peer_offered & PEER_OFFERED_TLS; #endif /* If TLS is available on this connection attempt to @@ -792,8 +796,10 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', ob->command_timeout)) { - if (errno != 0 || buffer2[0] == 0 || - (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)) + if ( errno != 0 + || buffer2[0] == 0 + || buffer2[0] == '4' && !ob->tls_tempfail_tryclear + ) { Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer)); done= FALSE; @@ -807,7 +813,6 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. int oldtimeout = ob->command_timeout; int rc; - tls_negotiate: ob->command_timeout = callout; rc = tls_client_start(inblock.sock, host, addr, addr->transport # ifdef EXPERIMENTAL_DANE @@ -820,38 +825,22 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. connection, if the options permit it for this host. */ if (rc != OK) { - if (rc == DEFER) - { - (void)close(inblock.sock); + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); + (void)close(inblock.sock); # ifndef DISABLE_EVENT - (void) event_raise(addr->transport->event_action, - US"tcp:close", NULL); -# endif -# ifdef EXPERIMENTAL_DANE - if (dane) - { - if (!dane_required) - { - log_write(0, LOG_MAIN, "DANE attempt failed;" - " trying CA-root TLS to %s [%s] (not in hosts_require_dane)", - host->name, host->address); - dane = FALSE; - goto tls_negotiate; - } - } - else + (void) event_raise(addr->transport->event_action, + US"tcp:close", NULL); # endif - if ( ob->tls_tempfail_tryclear - && !smtps - && verify_check_given_host(&ob->hosts_require_tls, host) != OK - ) - { - log_write(0, LOG_MAIN, "TLS session failure:" - " delivering unencrypted to %s [%s] (not in hosts_require_tls)", - host->name, host->address); - suppress_tls = TRUE; - goto tls_retry_connection; - } + if ( ob->tls_tempfail_tryclear + && !smtps + && verify_check_given_host(&ob->hosts_require_tls, host) != OK + ) + { + log_write(0, LOG_MAIN, "TLS session failure:" + " callout unencrypted to %s [%s] (not in hosts_require_tls)", + host->name, host->address); + suppress_tls = TRUE; + goto tls_retry_connection; } /*save_errno = ERRNO_TLSFAILURE;*/ @@ -902,13 +891,16 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Need proper integration with the proper transport mechanism. */ if (cutthrough.delivery) { +#ifndef DISABLE_DKIM + uschar * s; +#endif if (addr->transport->filter_command) { cutthrough.delivery = FALSE; HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n"); } #ifndef DISABLE_DKIM - if (ob->dkim_domain) + else if ((s = ob->dkim.dkim_domain) && (s = expand_string(s)) && *s) { cutthrough.delivery = FALSE; HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n"); @@ -1104,6 +1096,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); (void)close(inblock.sock); #ifndef DISABLE_EVENT (void) event_raise(addr->transport->event_action, @@ -1255,10 +1248,9 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. big_buffer, host->name, host->address, string_printing(responsebuffer)); - addr->user_message = is_recipient? - string_sprintf("Callout verification failed:\n%s", responsebuffer) - : - string_sprintf("Called: %s\nSent: %s\nResponse: %s", + addr->user_message = options & vopt_is_recipient + ? string_sprintf("Callout verification failed:\n%s", responsebuffer) + : string_sprintf("Called: %s\nSent: %s\nResponse: %s", host->address, big_buffer, responsebuffer); /* Hard rejection ends the process */ @@ -1280,13 +1272,16 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. && rcpt_count == 1 && done && yield == OK - && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender + && (options & (vopt_callout_recipsender|vopt_callout_recippmaster|vopt_success_on_redirect)) + == vopt_callout_recipsender && !random_local_part && !pm_mailfrom && cutthrough.fd < 0 && !lmtp ) { + HDEBUG(D_acl|D_v) debug_printf("holding verify callout open for cutthrough delivery\n"); + cutthrough.fd = outblock.sock; /* We assume no buffer in use in the outblock */ cutthrough.nrcpt = 1; cutthrough.interface = interface; @@ -1307,12 +1302,20 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. { /* Ensure no cutthrough on multiple address verifies */ if (options & vopt_callout_recipsender) - cancel_cutthrough_connection("multiple verify calls"); - if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + cancel_cutthrough_connection("not usable for cutthrough"); + if (send_quit) + { + (void) smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + + /* Wait a short time for response, and discard it */ + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', 1); + } #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); (void)close(inblock.sock); #ifndef DISABLE_EVENT (void) event_raise(addr->transport->event_action, US"tcp:close", NULL); @@ -1332,7 +1335,8 @@ there was an error before or with MAIL FROM:, and errno was not zero, implying some kind of I/O error. We don't want to write the cache in that case. Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */ -if (!callout_no_cache && new_domain_record.result != ccache_unknown) +if ( !(options & vopt_callout_no_cache) + && new_domain_record.result != ccache_unknown) { if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE)) == NULL) @@ -1343,8 +1347,9 @@ if (!callout_no_cache && new_domain_record.result != ccache_unknown) { (void)dbfn_write(dbm_file, addr->domain, &new_domain_record, (int)sizeof(dbdata_callout_cache)); - HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n" + HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n" " result=%d postmaster=%d random=%d\n", + addr->domain, new_domain_record.result, new_domain_record.postmaster_result, new_domain_record.random_result); @@ -1356,11 +1361,12 @@ is disabled. */ if (done) { - if (!callout_no_cache && new_address_record.result != ccache_unknown) + if ( !(options & vopt_callout_no_cache) + && new_address_record.result != ccache_unknown) { - if (dbm_file == NULL) + if (!dbm_file) dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE); - if (dbm_file == NULL) + if (!dbm_file) { HDEBUG(D_verify) debug_printf("no callout cache available\n"); } @@ -1368,8 +1374,9 @@ if (done) { (void)dbfn_write(dbm_file, address_key, &new_address_record, (int)sizeof(dbdata_callout_cache_address)); - HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n", - (new_address_record.result == ccache_accept)? "positive" : "negative"); + HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n", + new_address_record.result == ccache_accept ? "positive" : "negative", + address_key); } } } /* done */ @@ -1380,23 +1387,24 @@ it alone if supplying details. Otherwise, give a generic response. */ else /* !done */ { - uschar *dullmsg = string_sprintf("Could not complete %s verify callout", - is_recipient? "recipient" : "sender"); + uschar * dullmsg = string_sprintf("Could not complete %s verify callout", + options & vopt_is_recipient ? "recipient" : "sender"); yield = DEFER; - if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg; + if (host_list->next || !addr->message) + addr->message = dullmsg; - addr->user_message = (!smtp_return_error_details)? dullmsg : - string_sprintf("%s for <%s>.\n" + addr->user_message = smtp_return_error_details + ? string_sprintf("%s for <%s>.\n" "The mail server(s) for the domain may be temporarily unreachable, or\n" "they may be permanently unreachable from this server. In the latter case,\n%s", dullmsg, addr->address, - is_recipient? - "the address will never be accepted." - : - "you need to change the address or create an MX record for its domain\n" - "if it is supposed to be generally accessible from the Internet.\n" - "Talk to your mail administrator for details."); + options & vopt_is_recipient + ? "the address will never be accepted." + : "you need to change the address or create an MX record for its domain\n" + "if it is supposed to be generally accessible from the Internet.\n" + "Talk to your mail administrator for details.") + : dullmsg; /* Force a specific error code */ @@ -1406,7 +1414,7 @@ else /* !done */ /* Come here from within the cache-reading code on fast-track exit. */ END_CALLOUT: -if (dbm_file != NULL) dbfn_close(dbm_file); +if (dbm_file) dbfn_close(dbm_file); return yield; } @@ -1415,10 +1423,11 @@ return yield; /* Called after recipient-acl to get a cutthrough connection open when one was requested and a recipient-verify wasn't subsequently done. */ -void +int open_cutthrough_connection( address_item * addr ) { address_item addr2; +int rc; /* Use a recipient-verify-callout to set up the cutthrough connection. */ /* We must use a copy of the address for verification, because it might @@ -1427,12 +1436,14 @@ get rewritten. */ addr2 = *addr; HDEBUG(D_acl) debug_printf("----------- %s cutthrough setup ------------\n", rcpt_count > 1 ? "more" : "start"); -(void) verify_address(&addr2, NULL, +rc = verify_address(&addr2, NULL, vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache, CUTTHROUGH_CMD_TIMEOUT, -1, -1, NULL, NULL, NULL); +addr->message = addr2.message; +addr->user_message = addr2.user_message; HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n"); -return; +return rc; } @@ -1518,7 +1529,7 @@ return cutthrough_puts(US"\r\n", 2); /* Get and check response from cutthrough target */ static uschar -cutthrough_response(char expect, uschar ** copy) +cutthrough_response(char expect, uschar ** copy, int timeout) { smtp_inblock inblock; uschar inbuffer[4096]; @@ -1530,7 +1541,7 @@ inblock.ptr = inbuffer; inblock.ptrend = inbuffer; inblock.sock = cutthrough.fd; /* this relies on (inblock.sock == tls_out.active) */ -if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, CUTTHROUGH_DATA_TIMEOUT)) +if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, timeout)) cancel_cutthrough_connection("target timeout on read"); if(copy != NULL) @@ -1559,13 +1570,13 @@ cutthrough_puts(US"DATA\r\n", 6); cutthrough_flush_send(); /* Assume nothing buffered. If it was it gets ignored. */ -return cutthrough_response('3', NULL) == '3'; +return cutthrough_response('3', NULL, CUTTHROUGH_DATA_TIMEOUT) == '3'; } -/* fd and use_crlf args only to match write_chunk() */ +/* fd and tctx args only to match write_chunk() */ static BOOL -cutthrough_write_chunk(int fd, uschar * s, int len, BOOL use_crlf) +cutthrough_write_chunk(int fd, transport_ctx * tctx, uschar * s, int len) { uschar * s2; while(s && (s2 = Ustrchr(s, '\n'))) @@ -1584,6 +1595,8 @@ return TRUE; BOOL cutthrough_headers_send(void) { +transport_ctx tctx; + if(cutthrough.fd < 0) return FALSE; @@ -1592,12 +1605,13 @@ if(cutthrough.fd < 0) */ HDEBUG(D_acl) debug_printf("----------- start cutthrough headers send -----------\n"); -if (!transport_headers_send(&cutthrough.addr, cutthrough.fd, - cutthrough.addr.transport->add_headers, - cutthrough.addr.transport->remove_headers, - &cutthrough_write_chunk, TRUE, - cutthrough.addr.transport->rewrite_rules, - cutthrough.addr.transport->rewrite_existflags)) +tctx.tblock = cutthrough.addr.transport; +tctx.addr = &cutthrough.addr; +tctx.check_string = US"."; +tctx.escape_string = US".."; +tctx.options = topt_use_crlf; + +if (!transport_headers_send(cutthrough.fd, &tctx, &cutthrough_write_chunk)) return FALSE; HDEBUG(D_acl) debug_printf("----------- done cutthrough headers send ------------\n"); @@ -1618,11 +1632,14 @@ if(cutthrough.fd >= 0) HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n"); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); - /* No wait for response */ + + /* Wait a short time for response, and discard it */ + cutthrough_response('2', NULL, 1); #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); (void)close(cutthrough.fd); cutthrough.fd = -1; HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why); @@ -1659,7 +1676,7 @@ if( !cutthrough_puts(US".", 1) ) return cutthrough.addr.message; -res = cutthrough_response('2', &cutthrough.addr.message); +res = cutthrough_response('2', &cutthrough.addr.message, CUTTHROUGH_DATA_TIMEOUT); for (addr = &cutthrough.addr; addr; addr = addr->next) { addr->message = cutthrough.addr.message; @@ -1817,21 +1834,20 @@ verify_address(address_item *vaddr, FILE *f, int options, int callout, { BOOL allok = TRUE; BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0); -BOOL is_recipient = (options & vopt_is_recipient) != 0; BOOL expn = (options & vopt_expn) != 0; BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0; int i; int yield = OK; int verify_type = expn? v_expn : address_test_mode? v_none : - is_recipient? v_recipient : v_sender; + options & vopt_is_recipient? v_recipient : v_sender; address_item *addr_list; address_item *addr_new = NULL; address_item *addr_remote = NULL; address_item *addr_local = NULL; address_item *addr_succeed = NULL; -uschar **failure_ptr = is_recipient? - &recipient_verify_failure : &sender_verify_failure; +uschar **failure_ptr = options & vopt_is_recipient + ? &recipient_verify_failure : &sender_verify_failure; uschar *ko_prefix, *cr; uschar *address = vaddr->address; uschar *save_sender; @@ -1864,7 +1880,7 @@ if (parse_find_at(address) == NULL) *failure_ptr = US"qualify"; return FAIL; } - address = rewrite_address_qualify(address, is_recipient); + address = rewrite_address_qualify(address, options & vopt_is_recipient); } DEBUG(D_verify) @@ -1879,7 +1895,7 @@ may have been set by domains and local part tests during an ACL. */ if (global_rewrite_rules != NULL) { uschar *old = address; - address = rewrite_address(address, is_recipient, FALSE, + address = rewrite_address(address, options & vopt_is_recipient, FALSE, global_rewrite_rules, rewrite_existflags); if (address != old) { @@ -1903,7 +1919,7 @@ if (address[0] == 0) return OK; /* Flip the legacy TLS-related variables over to the outbound set in case they're used in the context of a transport used by verification. Reset them -at exit from this routine. */ +at exit from this routine (so no returns allowed from here on). */ tls_modify_variables(&tls_out); @@ -1912,6 +1928,10 @@ while verifying a sender address (a nice bit of self-reference there). */ save_sender = sender_address; +/* Observability variable for router/transport use */ + +verify_mode = options & vopt_is_recipient ? US"R" : US"S"; + /* Update the address structure with the possibly qualified and rewritten address. Set it up as the starting address on the chain of new addresses. */ @@ -1927,7 +1947,7 @@ If an address generates more than one child, the loop is used only when full_info is set, and this can only be set locally. Remote enquiries just get information about the top level address, not anything that it generated. */ -while (addr_new != NULL) +while (addr_new) { int rc; address_item *addr = addr_new; @@ -1976,18 +1996,18 @@ while (addr_new != NULL) /* Just in case some router parameter refers to it. */ - return_path = (addr->prop.errors_address != NULL)? - addr->prop.errors_address : sender_address; + return_path = addr->prop.errors_address + ? addr->prop.errors_address : sender_address; /* Split the address into domain and local part, handling the %-hack if necessary, and then route it. While routing a sender address, set $sender_address to <> because that is what it will be if we were trying to send a bounce to the sender. */ - if (routed != NULL) *routed = FALSE; + if (routed) *routed = FALSE; if ((rc = deliver_split_address(addr)) == OK) { - if (!is_recipient) sender_address = null_sender; + if (!(options & vopt_is_recipient)) sender_address = null_sender; rc = route_address(addr, &addr_local, &addr_remote, &addr_new, &addr_succeed, verify_type); sender_address = save_sender; /* Put back the real sender */ @@ -2001,11 +2021,11 @@ while (addr_new != NULL) if (rc == OK) { - if (routed != NULL) *routed = TRUE; + if (routed) *routed = TRUE; if (callout > 0) { - host_item *host_list = addr->host_list; transport_instance * tp; + host_item * host_list = addr->host_list; /* Make up some data for use in the case where there is no remote transport. */ @@ -2035,7 +2055,7 @@ while (addr_new != NULL) transport is configured to override the router's hosts, we must build a host list of the transport's hosts, and find the IP addresses */ - if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override)) + if (tf.hosts && (!host_list || tf.hosts_override)) { uschar *s; const uschar *save_deliver_domain = deliver_domain; @@ -2049,7 +2069,7 @@ while (addr_new != NULL) deliver_domain = save_deliver_domain; deliver_localpart = save_deliver_localpart; - if (s == NULL) + if (!s) { log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts " "\"%s\" in %s transport for callout: %s", tf.hosts, @@ -2071,7 +2091,7 @@ while (addr_new != NULL) if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE; if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS; - for (host = host_list; host != NULL; host = nexthost) + for (host = host_list; host; host = nexthost) { nexthost = host->next; if (tf.gethostbyname || @@ -2098,7 +2118,7 @@ while (addr_new != NULL) /* Can only do a callout if we have at least one host! If the callout fails, it will have set ${sender,recipient}_verify_failure. */ - if (host_list != NULL) + if (host_list) { HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n"); if (host_checking && !host_checking_callout) @@ -2112,10 +2132,8 @@ while (addr_new != NULL) #ifdef SUPPORT_TLS deliver_set_expansions(addr); #endif - verify_mode = is_recipient ? US"R" : US"S"; rc = do_callout(addr, host_list, &tf, callout, callout_overall, callout_connect, options, se_mailfrom, pm_mailfrom); - verify_mode = NULL; } } else @@ -2141,24 +2159,24 @@ while (addr_new != NULL) if (rc == FAIL) { allok = FALSE; - if (f != NULL) + if (f) { address_item *p = addr->parent; respond_printf(f, "%s%s %s", ko_prefix, - full_info? addr->address : address, - address_test_mode? "is undeliverable" : "failed to verify"); + full_info ? addr->address : address, + address_test_mode ? "is undeliverable" : "failed to verify"); if (!expn && admin_user) { if (addr->basic_errno > 0) respond_printf(f, ": %s", strerror(addr->basic_errno)); - if (addr->message != NULL) + if (addr->message) respond_printf(f, ": %s", addr->message); } /* Show parents iff doing full info */ - if (full_info) while (p != NULL) + if (full_info) while (p) { respond_printf(f, "%s\n <-- %s", cr, p->address); p = p->parent; @@ -2168,11 +2186,11 @@ while (addr_new != NULL) cancel_cutthrough_connection("routing hard fail"); if (!full_info) - { + { yield = copy_error(vaddr, addr, FAIL); goto out; - } - else yield = FAIL; + } + yield = FAIL; } /* Soft failure */ @@ -2180,7 +2198,7 @@ while (addr_new != NULL) else if (rc == DEFER) { allok = FALSE; - if (f != NULL) + if (f) { address_item *p = addr->parent; respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix, @@ -2189,7 +2207,7 @@ while (addr_new != NULL) { if (addr->basic_errno > 0) respond_printf(f, ": %s", strerror(addr->basic_errno)); - if (addr->message != NULL) + if (addr->message) respond_printf(f, ": %s", addr->message); else if (addr->basic_errno <= 0) respond_printf(f, ": unknown error"); @@ -2197,7 +2215,7 @@ while (addr_new != NULL) /* Show parents iff doing full info */ - if (full_info) while (p != NULL) + if (full_info) while (p) { respond_printf(f, "%s\n <-- %s", cr, p->address); p = p->parent; @@ -2211,7 +2229,7 @@ while (addr_new != NULL) yield = copy_error(vaddr, addr, DEFER); goto out; } - else if (yield == OK) yield = DEFER; + if (yield == OK) yield = DEFER; } /* If we are handling EXPN, we do not want to continue to route beyond @@ -2220,20 +2238,20 @@ while (addr_new != NULL) else if (expn) { uschar *ok_prefix = US"250-"; - if (addr_new == NULL) - { - if (addr_local == NULL && addr_remote == NULL) + + if (!addr_new) + if (!addr_local && !addr_remote) respond_printf(f, "250 mail to <%s> is discarded\r\n", address); else respond_printf(f, "250 <%s>\r\n", address); - } - else while (addr_new != NULL) + + else do { address_item *addr2 = addr_new; addr_new = addr2->next; - if (addr_new == NULL) ok_prefix = US"250 "; + if (!addr_new) ok_prefix = US"250 "; respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address); - } + } while (addr_new); yield = OK; goto out; } @@ -2255,21 +2273,30 @@ while (addr_new != NULL) just a single new address as a special case, and continues on to verify the generated address. */ - if (!full_info && /* Stop if short info wanted AND */ - (((addr_new == NULL || /* No new address OR */ - addr_new->next != NULL || /* More than one new address OR */ - testflag(addr_new, af_pfr))) /* New address is pfr */ - || /* OR */ - (addr_new != NULL && /* At least one new address AND */ - success_on_redirect))) /* success_on_redirect is set */ + if ( !full_info /* Stop if short info wanted AND */ + && ( ( !addr_new /* No new address OR */ + || addr_new->next /* More than one new address OR */ + || testflag(addr_new, af_pfr) /* New address is pfr */ + ) + || /* OR */ + ( addr_new /* At least one new address AND */ + && success_on_redirect /* success_on_redirect is set */ + ) ) + ) { - if (f != NULL) fprintf(f, "%s %s\n", address, - address_test_mode? "is deliverable" : "verified"); + if (f) fprintf(f, "%s %s\n", + address, address_test_mode ? "is deliverable" : "verified"); /* If we have carried on to verify a child address, we want the value of $address_data to be that of the child */ vaddr->prop.address_data = addr->prop.address_data; + + /* If stopped because more than one new address, cannot cutthrough */ + + if (addr_new && addr_new->next) + cancel_cutthrough_connection("multiple addresses from routing"); + yield = OK; goto out; } @@ -2285,7 +2312,7 @@ If there are no local and no remote addresses, and there were no pipes, files, or autoreplies, and there were no errors or deferments, the message is to be discarded, usually because of the use of :blackhole: in an alias file. */ -if (allok && addr_local == NULL && addr_remote == NULL) +if (allok && !addr_local && !addr_remote) { fprintf(f, "mail to %s is discarded\n", address); goto out; @@ -2366,6 +2393,7 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) the -bv or -bt case). */ out: +verify_mode = NULL; tls_modify_variables(&tls_in); return yield; @@ -2888,9 +2916,8 @@ DEBUG(D_ident) debug_printf("doing ident callback\n"); to the incoming interface address. If the sender host address is an IPv6 address, the incoming interface address will also be IPv6. */ -host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6; -sock = ip_socket(SOCK_STREAM, host_af); -if (sock < 0) return; +host_af = Ustrchr(sender_host_address, ':') == NULL ? AF_INET : AF_INET6; +if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return; if (ip_bind(sock, host_af, interface_address, 0) < 0) { @@ -2899,19 +2926,15 @@ if (ip_bind(sock, host_af, interface_address, 0) < 0) goto END_OFF; } -if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout) - < 0) +if (ip_connect(sock, host_af, sender_host_address, port, + rfc1413_query_timeout, TRUE) < 0) { if (errno == ETIMEDOUT && LOGGING(ident_timeout)) - { log_write(0, LOG_MAIN, "ident connection to %s timed out", sender_host_address); - } else - { DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n", sender_host_address, strerror(errno)); - } goto END_OFF; } @@ -3192,9 +3215,9 @@ if (iplookup) /* Now do the actual lookup; note that there is no search_close() because of the caching arrangements. */ - handle = search_open(filename, search_type, 0, NULL, NULL); - if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", - search_error_message); + if (!(handle = search_open(filename, search_type, 0, NULL, NULL))) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); + result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL); if (valueptr != NULL) *valueptr = result; return (result != NULL)? OK : search_find_defer? DEFER: FAIL; diff --git a/src/util/.gitignore b/src/util/.gitignore new file mode 100644 index 000000000..5d4972483 --- /dev/null +++ b/src/util/.gitignore @@ -0,0 +1,2 @@ +# Compiled programs: +gen_pkcs3 diff --git a/src/util/gen_pkcs3.c b/src/util/gen_pkcs3.c index 4be2c581e..6a467e07a 100644 --- a/src/util/gen_pkcs3.c +++ b/src/util/gen_pkcs3.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2012 Phil Pennock. +/* Copyright (C) 2012,2016 Phil Pennock. * This is distributed as part of Exim and licensed under the GPL. * See the file "NOTICE" for more details. */ @@ -86,7 +86,7 @@ bn_from_text(const char *text) rc = BN_hex2bn(&b, spaceless); if (rc != p - spaceless) - die("BN_hex2bn did not convert entire input; took %d of %z bytes", + die("BN_hex2bn did not convert entire input; took %d of %zu bytes", rc, p - spaceless); return b; @@ -134,7 +134,7 @@ emit_c_format_dh(FILE *stream, DH *dh) break; } *nl = '\0'; - fprintf(stream, "\"%s\\n\"\n", p); + fprintf(stream, "\"%s\\n\"%s\n", p, (nl == end - 1 ? ";" : "")); p = nl + 1; } } @@ -143,9 +143,11 @@ emit_c_format_dh(FILE *stream, DH *dh) void __attribute__((__noreturn__)) usage(FILE *stream, int exitcode) { - fprintf(stream, "Usage: %s [-CPcst] <dh_p> <dh_g>\n" + fprintf(stream, "Usage: %s [-CPcst] <dh_p> <dh_g> [<dh_q>]\n" "Both dh_p and dh_g should be hex strings representing the numbers\n" +"The same applies to the optional dh_q (prime-order subgroup).\n" "They may contain whitespace.\n" +"Older values, dh_g is often just '2', not a long string.\n" "\n" " -C show C string form of PEM result\n" " -P do not show PEM\n" @@ -161,7 +163,7 @@ usage(FILE *stream, int exitcode) int main(int argc, char *argv[]) { - BIGNUM *p, *g; + BIGNUM *p, *g, *q; DH *dh; int ch; bool perform_dh_check = false; @@ -169,6 +171,7 @@ main(int argc, char *argv[]) bool show_numbers = false; bool show_pem = true; bool show_text = false; + bool given_q = false; while ((ch = getopt(argc, argv, "CPcsth")) != -1) { switch (ch) { @@ -201,25 +204,49 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - if (argc != 3) { + if ((argc < 3) || (argc > 4)) { fprintf(stderr, "argc: %d\n", argc); usage(stderr, 1); } + // If we use DH_set0_pqg instead of setting dh fields directly; the q value + // is optional and may be NULL. + // Just blank them all. + p = g = q = NULL; + p = bn_from_text(argv[1]); g = bn_from_text(argv[2]); + if (argc >= 4) { + q = bn_from_text(argv[3]); + given_q = true; + } if (show_numbers) { printf("p = "); BN_print_fp(stdout, p); printf("\ng = "); BN_print_fp(stdout, g); + if (given_q) { + printf("\nq = "); + BN_print_fp(stdout, q); + } printf("\n"); } dh = DH_new(); + // The documented method for setting q appeared in OpenSSL 1.1.0. +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + // NULL okay for q; yes, the optional value is in the middle. + if (DH_set0_pqg(dh, p, q, g) != 1) { + die_openssl_err("initialising DH pqg values failed"); + } +#else dh->p = p; dh->g = g; + if (given_q) { + dh->q = q; + } +#endif if (perform_dh_check) our_dh_check(dh); @@ -234,6 +261,6 @@ main(int argc, char *argv[]) PEM_write_DHparams(stdout, dh); } - DH_free(dh); /* should free p & g too */ + DH_free(dh); /* should free p,g (& q if non-NULL) too */ return 0; } |