git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Overhaul the debug_selector and log_selector machinery to support variable-length...
[exim.git]
/
src
/
src
/
transports
/
smtp.c
diff --git
a/src/src/transports/smtp.c
b/src/src/transports/smtp.c
index 7537e6e4b7f64b84c1b31090fca491e633285406..609dba3aedb5362b4c1ecd6da33213fbe60ff65d 100644
(file)
--- a/
src/src/transports/smtp.c
+++ b/
src/src/transports/smtp.c
@@
-2,7
+2,7
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 201
4
*/
+/* Copyright (c) University of Cambridge 1995 - 201
5
*/
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
@@
-61,9
+61,9
@@
optionlist smtp_transport_options[] = {
{ "dns_search_parents", opt_bool,
(void *)offsetof(smtp_transport_options_block, dns_search_parents) },
{ "dnssec_request_domains", opt_stringptr,
{ "dns_search_parents", opt_bool,
(void *)offsetof(smtp_transport_options_block, dns_search_parents) },
{ "dnssec_request_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec
_request_domains
) },
+ (void *)offsetof(smtp_transport_options_block, dnssec
.request
) },
{ "dnssec_require_domains", opt_stringptr,
{ "dnssec_require_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec
_require_domains
) },
+ (void *)offsetof(smtp_transport_options_block, dnssec
.require
) },
{ "dscp", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dscp) },
{ "fallback_hosts", opt_stringptr,
{ "dscp", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dscp) },
{ "fallback_hosts", opt_stringptr,
@@
-241,8
+241,7
@@
smtp_transport_options_block smtp_transport_option_defaults = {
FALSE, /* gethostbyname */
TRUE, /* dns_qualify_single */
FALSE, /* dns_search_parents */
FALSE, /* gethostbyname */
TRUE, /* dns_qualify_single */
FALSE, /* dns_search_parents */
- NULL, /* dnssec_request_domains */
- NULL, /* dnssec_require_domains */
+ { NULL, NULL }, /* dnssec_domains {request,require} */
TRUE, /* delay_after_cutoff */
FALSE, /* hosts_override */
FALSE, /* hosts_randomize */
TRUE, /* delay_after_cutoff */
FALSE, /* hosts_override */
FALSE, /* hosts_randomize */
@@
-639,7
+638,7
@@
if (addr->message)
}
else
{
}
else
{
- if (
log_extra_selector & LX_outgoing_port
)
+ if (
LOGGING(outgoing_port)
)
message = string_sprintf("%s:%d", message,
host->port == PORT_NONE ? 25 : host->port);
log_write(0, LOG_MAIN, "%s %s", message, strerror(addr->basic_errno));
message = string_sprintf("%s:%d", message,
host->port == PORT_NONE ? 25 : host->port);
log_write(0, LOG_MAIN, "%s %s", message, strerror(addr->basic_errno));
@@
-1198,10
+1197,7
@@
switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
default:
case DNS_FAIL:
if (dane_required)
default:
case DNS_FAIL:
if (dane_required)
- {
- log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed");
return FAIL;
return FAIL;
- }
break;
case DNS_SUCCEED:
break;
case DNS_SUCCEED:
@@
-1372,7
+1368,7
@@
BOOL utf8_offered = FALSE;
BOOL dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
BOOL dane = FALSE;
BOOL dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
BOOL dane = FALSE;
-BOOL dane_required;
+BOOL dane_required
= verify_check_given_host(&ob->hosts_require_dane, host) == OK
;
dns_answer tlsa_dnsa;
#endif
smtp_inblock inblock;
dns_answer tlsa_dnsa;
#endif
smtp_inblock inblock;
@@
-1388,7
+1384,6
@@
uschar *p;
uschar buffer[4096];
uschar inbuffer[4096];
uschar outbuffer[4096];
uschar buffer[4096];
uschar inbuffer[4096];
uschar outbuffer[4096];
-address_item * current_address;
suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
@@
-1460,21
+1455,28
@@
if (continue_hostname == NULL)
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
- dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
-
if (host->dnssec == DS_YES)
{
if( ( dane_required
|| verify_check_given_host(&ob->hosts_try_dane, host) == OK
)
&& (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK
if (host->dnssec == DS_YES)
{
if( ( dane_required
|| verify_check_given_host(&ob->hosts_try_dane, host) == OK
)
&& (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK
+ && dane_required /* do not error on only dane-requested */
)
)
+ {
+ set_errno(addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: tlsa lookup %s",
+ rc == DEFER ? "DEFER" : "FAIL"),
+ rc, FALSE, NULL);
return rc;
return rc;
+ }
}
else if (dane_required)
{
}
else if (dane_required)
{
- log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
- return FAIL;
+ set_errno(addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: %s lookup not DNSSEC", host->name),
+ FAIL, FALSE, NULL);
+ return FAIL;
}
if (dane)
}
if (dane)
@@
-2378,7
+2380,7
@@
if (!ok) ok = TRUE; else
if (
#ifndef EXPERIMENTAL_EVENT
if (
#ifndef EXPERIMENTAL_EVENT
-
(log_extra_selector & LX_smtp_confirmation) != 0
&&
+
LOGGING(smtp_confirmation)
&&
#endif
!lmtp
)
#endif
!lmtp
)
@@
-2433,7
+2435,7
@@
if (!ok) ok = TRUE; else
continue;
}
completed_address = TRUE; /* NOW we can set this flag */
continue;
}
completed_address = TRUE; /* NOW we can set this flag */
- if (
(log_extra_selector & LX_smtp_confirmation) != 0
)
+ if (
LOGGING(smtp_confirmation)
)
{
const uschar *s = string_printing(buffer);
/* deconst cast ok here as string_printing was checked to have alloc'n'copied */
{
const uschar *s = string_printing(buffer);
/* deconst cast ok here as string_printing was checked to have alloc'n'copied */
@@
-3229,7
+3231,7
@@
for (cutoff_retry = 0; expired &&
rc = host_find_byname(host, NULL, flags, NULL, TRUE);
else
rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
rc = host_find_byname(host, NULL, flags, NULL, TRUE);
else
rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
- ob->dnssec_request_domains, ob->dnssec_require_domains,
+ &ob->dnssec, /* domains for request/require */
NULL, NULL);
/* Update the host (and any additional blocks, resulting from
NULL, NULL);
/* Update the host (and any additional blocks, resulting from
@@
-3691,16
+3693,12
@@
for (cutoff_retry = 0; expired &&
case, see if any of them are deferred. */
if (rc == OK)
case, see if any of them are deferred. */
if (rc == OK)
- {
- for (addr = addrlist; addr != NULL; addr = addr->next)
- {
+ for (addr = addrlist; addr; addr = addr->next)
if (addr->transport_return == DEFER)
{
some_deferred = TRUE;
break;
}
if (addr->transport_return == DEFER)
{
some_deferred = TRUE;
break;
}
- }
- }
/* If no addresses deferred or the result was ERROR, return. We do this for
ERROR because a failing filter set-up or add_headers expansion is likely to
/* If no addresses deferred or the result was ERROR, return. We do this for
ERROR because a failing filter set-up or add_headers expansion is likely to