* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* A number of functions for driving outgoing SMTP calls. */
which case the function does nothing
host_af AF_INET or AF_INET6 for the outgoing IP address
addr the mail address being handled (for setting errors)
- interface point this to the interface
+ interface point this to the interface if there is one defined
msg to add to any error message
Returns: TRUE on success, FALSE on failure, with error message
return FALSE;
}
-while (isspace(*expint)) expint++;
-if (*expint == 0) return TRUE;
+if (is_tainted(expint))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "attempt to use tainted value '%s' from '%s' for interface",
+ expint, istring);
+ addr->transport_return = PANIC;
+ addr->message = string_sprintf("failed to expand \"interface\" "
+ "option for %s: configuration error", msg);
+ return FALSE;
+ }
+
+Uskip_whitespace(&expint);
+if (!*expint) return TRUE;
-while ((iface = string_nextinlist(&expint, &sep, big_buffer,
- big_buffer_size)))
+while ((iface = string_nextinlist(&expint, &sep, NULL, 0)))
{
- if (string_is_ip_address(iface, NULL) == 0)
+ int if_af = string_is_ip_address(iface, NULL);
+ if (if_af == 0)
{
addr->transport_return = PANIC;
addr->message = string_sprintf("\"%s\" is not a valid IP "
return FALSE;
}
- if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
+ if ((if_af == 4 ? AF_INET : AF_INET6) == host_af)
break;
}
-if (iface) *interface = string_copy(iface);
+*interface = iface;
return TRUE;
}
#ifdef TCP_FASTOPEN
+/* Try to record if TFO was attmepted and if it was successfully used. */
+
static void
tfo_out_check(int sock)
{
-# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
+static BOOL done_once = FALSE;
+
+if (done_once) return;
+done_once = TRUE;
+
+# ifdef __FreeBSD__
+struct tcp_info tinfo;
+socklen_t len = sizeof(tinfo);
+
+/* A getsockopt TCP_FASTOPEN unfortunately returns "was-used" for a TFO/R as
+well as a TFO/C. Use what we can of the Linux hack below; reliability issues ditto. */
+switch (tcp_out_fastopen)
+ {
+ case TFO_ATTEMPTED_NODATA:
+ if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
+ && tinfo.tcpi_state == TCPS_SYN_SENT
+ && tinfo.__tcpi_unacked > 0
+ )
+ {
+ DEBUG(D_transport|D_v)
+ debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.__tcpi_unacked);
+ tcp_out_fastopen = TFO_USED_NODATA;
+ }
+ break;
+ /*
+ case TFO_ATTEMPTED_DATA:
+ case TFO_ATTEMPTED_DATA:
+ if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) XXX no equvalent as of 12.2
+ */
+ }
+
+switch (tcp_out_fastopen)
+ {
+ case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
+ default: break; /* compiler quietening */
+ }
+
+# else /* Linux & Apple */
+# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
struct tcp_info tinfo;
socklen_t len = sizeof(tinfo);
default: break; /* compiler quietening */
}
-# endif
+# endif
+# endif /* Linux & Apple */
}
#endif
-/* Arguments as for smtp_connect(), plus
- early_data if non-NULL, idenmpotent data to be sent -
- preferably in the TCP SYN segment
-
-Returns: connected socket number, or -1 with errno set
+/* Create and bind a socket, given the connect-args.
+Update those with the state. Return the fd, or -1 with errno set.
*/
int
-smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
- transport_instance * tb, int timeout, const blob * early_data)
+smtp_boundsock(smtp_connect_args * sc)
{
-smtp_transport_options_block * ob =
- (smtp_transport_options_block *)tb->options_block;
+transport_instance * tb = sc->tblock;
+smtp_transport_options_block * ob = tb->drinst.options_block;
const uschar * dscp = ob->dscp;
-int dscp_value;
-int dscp_level;
-int dscp_option;
-int sock;
-int save_errno = 0;
-const blob * fastopen_blob = NULL;
+int sock, dscp_value, dscp_level, dscp_option;
-
-#ifndef DISABLE_EVENT
-deliver_host_address = host->address;
-deliver_host_port = port;
-if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
-#endif
-
-if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
+if ((sock = ip_socket(SOCK_STREAM, sc->host_af)) < 0)
+ return -1;
/* Set TCP_NODELAY; Exim does its own buffering. */
/* Set DSCP value, if we can. For now, if we fail to set the value, we don't
bomb out, just log it and continue in default traffic class. */
-if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
+GET_OPTION("dscp");
+if (dscp && dscp_lookup(dscp, sc->host_af, &dscp_level, &dscp_option, &dscp_value))
{
HDEBUG(D_transport|D_acl|D_v)
debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
/* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
option for both; ignore failures here */
- if (host_af == AF_INET6 &&
+ if (sc->host_af == AF_INET6 &&
dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
(void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
}
/* Bind to a specific interface if requested. Caller must ensure the interface
is the same type (IPv4 or IPv6) as the outgoing address. */
-if (interface && ip_bind(sock, host_af, interface, 0) < 0)
+if (sc->interface)
{
- save_errno = errno;
- HDEBUG(D_transport|D_acl|D_v)
- debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
- strerror(errno));
+ union sockaddr_46 interface_sock;
+ EXIM_SOCKLEN_T size = sizeof(interface_sock);
+
+ if ( ip_bind(sock, sc->host_af, sc->interface, 0) < 0
+ || getsockname(sock, (struct sockaddr *) &interface_sock, &size) < 0
+ )
+ {
+ HDEBUG(D_transport|D_acl|D_v)
+ debug_printf_indent("unable to bind outgoing SMTP call to %s: %s\n", sc->interface,
+ strerror(errno));
+ close(sock);
+ return -1;
+ }
+ sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
}
+sc->sock = sock;
+return sock;
+}
+
+
+/* Arguments:
+ sc details for making connection: host, af, interface, transport
+ timeout timeout value or 0
+ early_data if non-NULL, idempotent data to be sent -
+ preferably in the TCP SYN segment
+ Special case: non-NULL but with NULL blob.data - caller is
+ client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
+ acceptable.
+
+Returns: connected socket number, or -1 with errno set
+*/
+
+int
+smtp_sock_connect(smtp_connect_args * sc, int timeout, const blob * early_data)
+{
+smtp_transport_options_block * ob = sc->tblock->drinst.options_block;
+int sock;
+int save_errno = 0;
+const blob * fastopen_blob = NULL;
+
+
+#ifndef DISABLE_EVENT
+deliver_host_address = sc->host->address;
+deliver_host_port = sc->host->port;
+if (event_raise(sc->tblock->event_action, US"tcp:connect", NULL, &errno)) return -1;
+#endif
+
+if ( (sock = sc->sock) < 0
+ && (sock = smtp_boundsock(sc)) < 0)
+ save_errno = errno;
+sc->sock = -1;
+
/* Connect to the remote host, and add keepalive to the socket before returning
it, if requested. If the build supports TFO, request it - and if the caller
requested some early-data then include that in the TFO request. If there is
early-data but no TFO support, send it after connecting. */
-else
+if (!save_errno)
{
#ifdef TCP_FASTOPEN
- if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
- fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
+ /* See if TCP Fast Open usable. Default is a traditional 3WHS connect */
+ expand_level++;
+ if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, sc->host) == OK)
+ {
+ if (!early_data)
+ fastopen_blob = &tcp_fastopen_nodata; /* TFO, with no data */
+ else if (early_data->data)
+ fastopen_blob = early_data; /* TFO, with data */
+# ifdef TCP_FASTOPEN_CONNECT
+ else
+ { /* expecting client data */
+ DEBUG(D_transport|D_acl|D_v) debug_printf(" set up lazy-connect\n");
+ setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, US &on, sizeof(on));
+ /* fastopen_blob = NULL; lazy TFO, triggered by data write */
+ }
+# endif
+ }
+ expand_level--;
#endif
- if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
+ if (ip_connect(sock, sc->host_af, sc->host->address, sc->host->port, timeout, fastopen_blob) < 0)
save_errno = errno;
else if (early_data && !fastopen_blob && early_data->data && early_data->len)
{
+ /* We had some early-data to send, but couldn't do TFO */
HDEBUG(D_transport|D_acl|D_v)
debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
-#ifdef TCP_QUICKACK
+#ifdef TCP_QUICKACK_notdef
(void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
#endif
if (send(sock, early_data->data, early_data->len, 0) < 0)
save_errno = errno;
}
+#ifdef TCP_QUICKACK_notdef
+ /* Under TFO (with openssl & pipe-conn; testcase 4069, as of
+ 5.10.8-100.fc32.x86_64) this seems to be inop.
+ Perhaps overwritten when we (client) go -> ESTABLISHED on seeing the 3rd-ACK?
+ For that case, added at smtp_reap_banner(). */
+ (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
}
-/* Either bind() or connect() failed */
-
-if (save_errno != 0)
- {
- HDEBUG(D_transport|D_acl|D_v)
- {
- debug_printf_indent("failed: %s", CUstrerror(save_errno));
- if (save_errno == ETIMEDOUT)
- debug_printf(" (timeout=%s)", readconf_printtime(timeout));
- debug_printf("\n");
- }
- (void)close(sock);
- errno = save_errno;
- return -1;
- }
-
-/* Both bind() and connect() succeeded, and any early-data */
-
-else
+if (!save_errno)
{
union sockaddr_46 interface_sock;
EXIM_SOCKLEN_T size = sizeof(interface_sock);
+ /* Both bind() and connect() succeeded, and any early-data */
+
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("connected\n");
if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
return -1;
}
- if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
+ if (ob->keepalive) ip_keepalive(sock, sc->host->address, TRUE);
#ifdef TCP_FASTOPEN
tfo_out_check(sock);
#endif
return sock;
}
+
+/* Either bind() or connect() failed */
+
+HDEBUG(D_transport|D_acl|D_v)
+ {
+ debug_printf_indent(" failed: %s", CUstrerror(save_errno));
+ if (save_errno == ETIMEDOUT)
+ debug_printf(" (timeout=%s)", readconf_printtime(timeout));
+ debug_printf("\n");
+ }
+(void)close(sock);
+errno = save_errno;
+return -1;
}
{
if (host->port != PORT_NONE)
{
- HDEBUG(D_transport|D_acl|D_v)
+ HDEBUG(D_transport|D_acl|D_v) if (port != host->port)
debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
host->port);
port = host->port;
Arguments:
sc details for making connection: host, af, interface, transport
early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
+ Special case: non-NULL but with NULL blob.data - caller is
+ client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
+ acceptable.
Returns: connected socket number, or -1 with errno set
*/
int
smtp_connect(smtp_connect_args * sc, const blob * early_data)
{
-int port = sc->host->port;
smtp_transport_options_block * ob = sc->ob;
-callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
+callout_address = string_sprintf("[%s]:%d", sc->host->address, sc->host->port);
HDEBUG(D_transport|D_acl|D_v)
{
- uschar * s = US" ";
- if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
+ gstring * g = sc->interface
+ ? string_fmt_append(NULL, " from %s", sc->interface)
+ : string_get(10);
#ifdef SUPPORT_SOCKS
- if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
+ if (ob->socks_proxy) g = string_catn(g, US"via proxy", 9);
#endif
- debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
+ debug_printf_indent("Connecting to %s %s%Y ...\n",
+ sc->host->name, callout_address, g);
}
/* Create and connect the socket */
#ifdef SUPPORT_SOCKS
+GET_OPTION("socks_proxy");
if (ob->socks_proxy)
{
- int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
- sc->tblock, ob->connect_timeout);
-
- if (sock >= 0)
+ if (!(ob->socks_proxy = expand_string(ob->socks_proxy)))
{
- if (early_data && early_data->data && early_data->len)
- if (send(sock, early_data->data, early_data->len, 0) < 0)
- {
- int save_errno = errno;
- HDEBUG(D_transport|D_acl|D_v)
- {
- debug_printf_indent("failed: %s", CUstrerror(save_errno));
- if (save_errno == ETIMEDOUT)
- debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
- debug_printf("\n");
- }
- (void)close(sock);
- sock = -1;
- errno = save_errno;
- }
+ log_write(0, LOG_MAIN|LOG_PANIC, "Bad expansion for socks_proxy in %s",
+ sc->tblock->drinst.name);
+ return -1;
}
- return sock;
+ if (*ob->socks_proxy)
+ return socks_sock_connect(sc, early_data);
}
#endif
-return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
- sc->tblock, ob->connect_timeout, early_data);
+return smtp_sock_connect(sc, ob->connect_timeout, early_data);
}
static BOOL
flush_buffer(smtp_outblock * outblock, int mode)
{
-int rc;
-int n = outblock->ptr - outblock->buffer;
+int n = outblock->ptr - outblock->buffer, rc;
BOOL more = mode == SCMD_MORE;
+client_conn_ctx * cctx;
+const uschar * where;
HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
more ? " (more expected)" : "");
+if (!(cctx = outblock->cctx))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer");
+ errno = 0;
+ return FALSE;
+ }
+
#ifndef DISABLE_TLS
-if (outblock->cctx->tls_ctx)
- rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
+where = US"tls_write";
+if (cctx->tls_ctx) /*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */
+ rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more);
else
#endif
requirement: TFO with data can, in rare cases, replay the data to the
receiver. */
- if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
+ where = US"smtp_connect";
+ if ( (cctx->sock = smtp_connect(outblock->conn_args, &early_data))
< 0)
return FALSE;
outblock->conn_args = NULL;
rc = n;
}
else
-
- rc = send(outblock->cctx->sock, outblock->buffer, n,
+ {
+ where = US"send";
+ rc = send(cctx->sock, outblock->buffer, n,
#ifdef MSG_MORE
more ? MSG_MORE : 0
#else
0
#endif
);
+
+#if defined(__linux__)
+ /* This is a workaround for a current linux kernel bug: as of
+ 5.6.8-200.fc31.x86_64 small (<MSS) writes get delayed by about 200ms,
+ This is despite NODELAY being active.
+ https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
+
+ where = US"cork";
+ if (!more)
+ setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
+#endif
+ }
}
if (rc <= 0)
{
- HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
+ HDEBUG(D_transport|D_acl) debug_printf_indent("%s (fd %d) failed: %s\n",
+ where, cctx->sock, strerror(errno));
return FALSE;
}
sx SMTP connection, contains buffer for pipelining, and socket
mode buffer, write-with-more-likely, write
format a format, starting with one of
- of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
+ of HELO, MAIL FROM, RCPT TO, DATA, BDAT, ".", or QUIT.
If NULL, flush pipeline buffer only.
... data for the format
*/
int
-smtp_write_command(void * sx, int mode, const char *format, ...)
+smtp_write_command(void * sx, int mode, const char * format, ...)
{
smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
int rc = 0;
gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
va_list ap;
+ /* Use taint-unchecked routines for writing into big_buffer, trusting that
+ we'll never expand the results. Actually, the error-message use - leaving
+ the results in big_buffer for potential later use - is uncomfortably distant.
+ XXX Would be better to assume all smtp commands are short, use normal pool
+ alloc rather than big_buffer, and another global for the data-for-error. */
+
va_start(ap, format);
- if (!string_vformat(&gs, FALSE, CS format, ap))
+ if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
"SMTP");
va_end(ap);
- string_from_gstring(&gs);
if (gs.ptr > outblock->buffersize)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
}
- Ustrncpy(CS outblock->ptr, gs.s, gs.ptr);
+ Ustrncpy(outblock->ptr, gs.s, gs.ptr);
outblock->ptr += gs.ptr;
outblock->cmd_count++;
gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
if (outblock->authenticating)
{
- uschar *p = big_buffer;
+ uschar * p = big_buffer;
if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
{
p += 5;
- while (isspace(*p)) p++;
- while (!isspace(*p)) p++;
- while (isspace(*p)) p++;
+ Uskip_whitespace(&p);
+ Uskip_nonwhite(&p);
+ Uskip_whitespace(&p);
}
- while (*p != 0) *p++ = '*';
+ while (*p) *p++ = '*';
}
- HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
+ smtp_debug_cmd(big_buffer, mode);
}
if (mode != SCMD_BUFFER)
timelimit deadline for reading the lime, seconds past epoch
Returns: length of a line that has been put in the buffer
- -1 otherwise, with errno set
+ -1 otherwise, with errno set, and inblock->ptr adjusted
*/
static int
{
*p = 0; /* Leave malformed line for error message */
errno = ERRNO_SMTPFORMAT;
+ inblock->ptr = ptr;
return -1;
}
}
/* Get here if there has been some kind of recv() error; errno is set, but we
ensure that the result buffer is empty before returning. */
+inblock->ptr = inblock->ptrend = inblock->buffer;
*buffer = 0;
return -1;
}
uschar * ptr = buffer;
int count = 0;
time_t timelimit = time(NULL) + timeout;
+BOOL yield = FALSE;
errno = 0; /* Ensure errno starts out zero */
+buffer[0] = '\0';
-#ifdef SUPPORT_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
if (sx->pending_BANNER || sx->pending_EHLO)
{
int rc;
if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
{
DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
- buffer[0] = '\0';
if (rc == DEFER) errno = ERRNO_TLSFAILURE;
- return FALSE;
+ goto out;
}
}
#endif
(ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
{
errno = ERRNO_SMTPFORMAT; /* format error */
- return FALSE;
+ goto out;
}
/* If the line we have just read is a terminal line, line, we are done.
}
#ifdef TCP_FASTOPEN
- tfo_out_check(sx->cctx.sock);
+tfo_out_check(sx->cctx.sock);
#endif
/* Return a value that depends on the SMTP return code. On some systems a
timeouts, lost connections, etc. */
errno = 0;
-return buffer[0] == okdigit;
+yield = buffer[0] == okdigit;
+
+out:
+ smtp_debug_resp(buffer);
+ return yield;
}
/* End of smtp_out.c */
git://git.exim.org / exim.git / blobdiff