Taint: hybrid checking mode
[users/jgh/exim.git] / src / src / globals.c
index 94fab000d498729cb608e235de24e0aae936d005..f16e19bc534f8851742334eb45fb5ebd65db300a 100644 (file)
@@ -102,38 +102,12 @@ them. Also, the tls_ variables are now always visible.  Note that these are
 only used for smtp connections, not for service-daemon access. */
 
 tls_support tls_in = {
- .active =             {.sock = -1},
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ .active =             {.sock = -1}
+ /* all other elements zero */
 };
 tls_support tls_out = {
  .active =             {.sock = -1},
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ /* all other elements zero */
 };
 
 uschar *dsn_envid              = NULL;
@@ -141,7 +115,7 @@ int     dsn_ret                = 0;
 const pcre  *regex_DSN         = NULL;
 uschar *dsn_advertise_hosts    = NULL;
 
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
 BOOL    gnutls_compat_mode     = FALSE;
 BOOL    gnutls_allow_auto_pkcs11 = FALSE;
 uschar *openssl_options        = NULL;
@@ -161,15 +135,13 @@ uschar *tls_ocsp_file          = NULL;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
-# ifdef EXPERIMENTAL_REQUIRETLS
-uschar  tls_requiretls         = 0;    /* REQUIRETLS_MSG etc. bit #defines */
-uschar *tls_advertise_requiretls = US"*";
-const pcre *regex_REQUIRETLS   = NULL;
+# ifdef EXPERIMENTAL_TLS_RESUME
+uschar *tls_resumption_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
 uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_hosts       = NULL;
-#else  /*!SUPPORT_TLS*/
+#else  /*DISABLE_TLS*/
 uschar *tls_advertise_hosts    = NULL;
 #endif
 
@@ -266,8 +238,9 @@ struct global_flags f =
        .disable_logging        = FALSE,
 #ifndef DISABLE_DKIM
        .dkim_disable_verify      = FALSE,
+       .dkim_init_done           = FALSE,
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
        .dmarc_has_been_checked  = FALSE,
        .dmarc_disable_verify    = FALSE,
        .dmarc_enable_forensic   = FALSE,
@@ -325,7 +298,7 @@ struct global_flags f =
        .sender_name_forced     = FALSE,
        .sender_set_untrusted   = FALSE,
        .smtp_authenticated     = FALSE,
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
        .smtp_in_early_pipe_advertised = FALSE,
        .smtp_in_early_pipe_no_auth = FALSE,
        .smtp_in_early_pipe_used = FALSE,
@@ -339,6 +312,7 @@ struct global_flags f =
        .synchronous_delivery   = FALSE,
        .system_filtering       = FALSE,
 
+       .taint_check_slow       = FALSE,
        .tcp_fastopen_ok        = FALSE,
        .tcp_in_fastopen        = FALSE,
        .tcp_in_fastopen_data   = FALSE,
@@ -576,7 +550,7 @@ address_item address_defaults = {
   .return_filename =   NULL,
   .self_hostname =     NULL,
   .shadow_message =    NULL,
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
   .cipher =            NULL,
   .ourcert =           NULL,
   .peercert =          NULL,
@@ -600,7 +574,7 @@ address_item address_defaults = {
   .localpart_cache =   { 0 },                /* localpart_cache - ditto */
   .mode =              -1,
   .more_errno =                0,
-  .delivery_usec =     0,
+  .delivery_time =     {.tv_sec = 0, .tv_usec = 0},
   .basic_errno =       ERRNO_UNKNOWNERROR,
   .child_count =       0,
   .return_file =       -1,
@@ -613,6 +587,7 @@ address_item address_defaults = {
     .errors_address =  NULL,
     .extra_headers =   NULL,
     .remove_headers =  NULL,
+    .variables =       NULL,
 #ifdef EXPERIMENTAL_SRS
     .srs_sender =      NULL,
 #endif
@@ -843,6 +818,7 @@ uschar *deliver_localpart_orig = NULL;
 uschar *deliver_localpart_parent = NULL;
 uschar *deliver_localpart_prefix = NULL;
 uschar *deliver_localpart_suffix = NULL;
+uschar *deliver_localpart_verified = NULL;
 uschar *deliver_out_buffer     = NULL;
 int     deliver_queue_load_max = -1;
 address_item  *deliver_recipients = NULL;
@@ -857,12 +833,15 @@ void   *dkim_signatures            = NULL;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_hashes       = US"sha256:sha512";
+uschar *dkim_verify_keytypes     = US"ed25519:rsa";
+BOOL   dkim_verify_minimal      = FALSE;
 uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
 uschar *dkim_verify_status      = NULL;
 uschar *dkim_verify_reason      = NULL;
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
@@ -1052,7 +1031,8 @@ uschar *log_file_path          = US LOG_FILE_PATH
 int     log_notall[]           = {
   -1
 };
-bit_table log_options[]        = { /* must be in alphabetical order */
+bit_table log_options[]        = { /* must be in alphabetical order,
+                               with definitions from enum logbit. */
   BIT_TABLE(L, 8bitmime),
   BIT_TABLE(L, acl_warn_skipped),
   BIT_TABLE(L, address_rewrite),
@@ -1110,6 +1090,7 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, tls_certificate_verified),
   BIT_TABLE(L, tls_cipher),
   BIT_TABLE(L, tls_peerdn),
+  BIT_TABLE(L, tls_resumption),
   BIT_TABLE(L, tls_sni),
   BIT_TABLE(L, unknown_in_list),
 };
@@ -1189,12 +1170,12 @@ uschar *override_pid_file_path = NULL;
 uschar *percent_hack_domains   = NULL;
 uschar *pid_file_path          = US PID_FILE_PATH
                            "\0<--------------Space to patch pid_file_path->";
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
 uschar *pipe_connect_advertise_hosts = US"*";
 #endif
 uschar *pipelining_advertise_hosts = US"*";
 uschar *primary_hostname       = NULL;
-uschar  process_info[PROCESS_INFO_SIZE];
+uschar *process_info;
 int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
 
@@ -1216,6 +1197,7 @@ uschar *qualify_domain_sender  = NULL;
 uschar *queue_domains          = NULL;
 int     queue_interval         = -1;
 uschar *queue_name             = US"";
+uschar *queue_name_dest        = NULL;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
 uschar *queue_run_max          = US"5";
@@ -1253,7 +1235,8 @@ uschar *received_header_text   = US
          "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
      "by $primary_hostname "
      "${if def:received_protocol {with $received_protocol }}"
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
+     "${if def:tls_in_ver        { ($tls_in_ver)}}"
      "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
 #endif
      "(Exim $version_number)\n\t"
@@ -1279,7 +1262,7 @@ const pcre *regex_From         = NULL;
 const pcre *regex_IGNOREQUOTA  = NULL;
 const pcre *regex_PIPELINING   = NULL;
 const pcre *regex_SIZE         = NULL;
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
 const pcre *regex_EARLY_PIPE   = NULL;
 #endif
 const pcre *regex_ismsgid      = NULL;
@@ -1366,6 +1349,7 @@ router_instance  router_defaults = {
     .retry_use_local_part =    TRUE_UNSET,
     .same_domain_copy_routing =        FALSE,
     .self_rewrite =            FALSE,
+    .set =                     NULL,
     .suffix_optional =         FALSE,
     .verify_only =             FALSE,
     .verify_recipient =                TRUE,
@@ -1383,10 +1367,11 @@ router_instance  router_defaults = {
     .pass_router =             NULL,
     .redirect_router =         NULL,
 
-    .dnssec =                  { NULL, NULL },            /* dnssec_domains {require,request} */
+    .dnssec =                   { .request= US"*", .require=NULL },
 };
 
 uschar *router_name            = NULL;
+tree_node *router_var         = NULL;
 
 ip_address_item *running_interfaces = NULL;
 
@@ -1517,6 +1502,9 @@ uschar *srs_recipient          = NULL;
 uschar *srs_secrets            = NULL;
 uschar *srs_status             = NULL;
 #endif
+#ifdef EXPERIMENTAL_SRS_NATIVE
+uschar *srs_recipient          = NULL;
+#endif
 int     string_datestamp_offset= -1;
 int     string_datestamp_length= 0;
 int     string_datestamp_type  = -1;
@@ -1542,6 +1530,9 @@ uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
 int     test_harness_load_avg  = 0;
 int     thismessage_size_limit = 0;
 int     timeout_frozen_after   = 0;
+#ifdef MEASURE_TIMING
+struct timeval timestamp_startup;
+#endif
 
 transport_instance  *transports = NULL;