/* Enable recursion between acl_check_internal() and acl_check_condition() */
-static int acl_check_wargs(int, address_item *, const uschar *, int, uschar **,
+static int acl_check_wargs(int, address_item *, const uschar *, uschar **,
uschar **);
/* Need to do a lookup */
HDEBUG(D_acl)
- debug_printf("looking up host name to force name/address consistency check\n");
+ debug_printf_indent("looking up host name to force name/address consistency check\n");
if ((rc = host_name_lookup()) != OK)
{
{
/* If the client IP address matches the target IP address, it's good! */
- DEBUG(D_acl) debug_printf("CSA target address is %s\n", da->address);
+ DEBUG(D_acl) debug_printf_indent("CSA target address is %s\n", da->address);
if (strcmpic(sender_host_address, da->address) == 0) return CSA_OK;
}
GETSHORT(port, p);
DEBUG(D_acl)
- debug_printf("CSA priority=%d weight=%d port=%d\n", priority, weight, port);
+ debug_printf_indent("CSA priority=%d weight=%d port=%d\n", priority, weight, port);
/* Check the CSA version number */
(void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
(DN_EXPAND_ARG4_TYPE)target, sizeof(target));
- DEBUG(D_acl) debug_printf("CSA target is %s\n", target);
+ DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target);
break;
}
enum { CALLOUT_DEFER_OK, CALLOUT_NOCACHE, CALLOUT_RANDOM, CALLOUT_USE_SENDER,
CALLOUT_USE_POSTMASTER, CALLOUT_POSTMASTER, CALLOUT_FULLPOSTMASTER,
CALLOUT_MAILFROM, CALLOUT_POSTMASTER_MAILFROM, CALLOUT_MAXWAIT, CALLOUT_CONNECT,
- CALLOUT_TIME
+ CALLOUT_HOLD, CALLOUT_TIME /* TIME must be last */
};
typedef struct {
uschar * name;
{ US"mailfrom", CALLOUT_MAILFROM, 0, TRUE, FALSE },
{ US"maxwait", CALLOUT_MAXWAIT, 0, TRUE, TRUE },
{ US"connect", CALLOUT_CONNECT, 0, TRUE, TRUE },
+ { US"hold", CALLOUT_HOLD, vopt_callout_hold, FALSE, FALSE },
{ NULL, CALLOUT_TIME, 0, FALSE, TRUE }
};
*log_msgptr = *user_msgptr = string_sprintf("client SMTP authorization %s",
csa_reason_string[rc]);
csa_status = csa_status_string[rc];
- DEBUG(D_acl) debug_printf("CSA result %s\n", csa_status);
+ DEBUG(D_acl) debug_printf_indent("CSA result %s\n", csa_status);
return csa_return_code[rc];
case VERIFY_HDR_SYNTAX:
uschar buffer[256];
while (isspace(*sublist)) sublist++;
- while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer)))
- != NULL)
+ while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer))))
{
callout_opt_t * op;
double period = 1.0F;
}
while (isspace(*opt)) opt++;
}
- if (op->timeval)
+ if (op->timeval && (period = readconf_readtime(opt, 0, FALSE)) < 0)
{
- period = readconf_readtime(opt, 0, FALSE);
- if (period < 0)
- {
- *log_msgptr = string_sprintf("bad time value in ACL condition "
- "\"verify %s\"", arg);
- return ERROR;
- }
+ *log_msgptr = string_sprintf("bad time value in ACL condition "
+ "\"verify %s\"", arg);
+ return ERROR;
}
switch(op->value)
rc = sender_vaddr->special_action;
*basic_errno = sender_vaddr->basic_errno;
}
- HDEBUG(D_acl) debug_printf("using cached sender verify result\n");
+ HDEBUG(D_acl) debug_printf_indent("using cached sender verify result\n");
}
/* Do a new verification, and cache the result. The cache is used to avoid
rc = verify_address(sender_vaddr, NULL, verify_options, callout,
callout_overall, callout_connect, se_mailfrom, pm_mailfrom, &routed);
- HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
+ HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n");
if (rc != OK)
*basic_errno = sender_vaddr->basic_errno;
DEBUG(D_acl)
{
if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0)
- debug_printf("sender %s verified ok as %s\n",
+ debug_printf_indent("sender %s verified ok as %s\n",
verify_sender_address, sender_vaddr->address);
else
- debug_printf("sender %s verified ok\n",
+ debug_printf_indent("sender %s verified ok\n",
verify_sender_address);
}
}
addr2 = *addr;
rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout,
callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL);
- HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
+ HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n");
*basic_errno = addr2.basic_errno;
*log_msgptr = addr2.message;
if (rc == DEFER && (defer_ok ||
(callout_defer_ok && *basic_errno == ERRNO_CALLOUTDEFER)))
{
- HDEBUG(D_acl) debug_printf("verify defer overridden by %s\n",
+ HDEBUG(D_acl) debug_printf_indent("verify defer overridden by %s\n",
defer_ok? "defer_ok" : "callout_defer_ok");
rc = OK;
}
key);
HDEBUG(D_acl)
- debug_printf("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key);
+ debug_printf_indent("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key);
/* See if we have already computed the rate by looking in the relevant tree.
For per-connection rate limiting, store tree nodes and dbdata in the permanent
store_pool = old_pool;
sender_rate = string_sprintf("%.1f", dbd->rate);
HDEBUG(D_acl)
- debug_printf("ratelimit found pre-computed rate %s\n", sender_rate);
+ debug_printf_indent("ratelimit found pre-computed rate %s\n", sender_rate);
return rc;
}
{
store_pool = old_pool;
sender_rate = NULL;
- HDEBUG(D_acl) debug_printf("ratelimit database not available\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit database not available\n");
*log_msgptr = US"ratelimit database not available";
return DEFER;
}
if (dbdb != NULL)
{
/* Locate the basic ratelimit block inside the DB data. */
- HDEBUG(D_acl) debug_printf("ratelimit found key in database\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit found key in database\n");
dbd = &dbdb->dbd;
/* Forget the old Bloom filter if it is too old, so that we count each
if(unique != NULL && tv.tv_sec > dbdb->bloom_epoch + period)
{
- HDEBUG(D_acl) debug_printf("ratelimit discarding old Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit discarding old Bloom filter\n");
dbdb = NULL;
}
if(unique != NULL && dbdb_size < sizeof(*dbdb))
{
- HDEBUG(D_acl) debug_printf("ratelimit discarding undersize Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit discarding undersize Bloom filter\n");
dbdb = NULL;
}
}
if (unique == NULL)
{
/* No Bloom filter. This basic ratelimit block is initialized below. */
- HDEBUG(D_acl) debug_printf("ratelimit creating new rate data block\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit creating new rate data block\n");
dbdb_size = sizeof(*dbd);
dbdb = store_get(dbdb_size);
}
else
{
int extra;
- HDEBUG(D_acl) debug_printf("ratelimit creating new Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit creating new Bloom filter\n");
/* See the long comment below for an explanation of the magic number 2.
The filter has a minimum size in case the rate limit is very small;
/* Scan the bits corresponding to this event. A zero bit means we have
not seen it before. Ensure all bits are set to record this event. */
- HDEBUG(D_acl) debug_printf("ratelimit checking uniqueness of %s\n", unique);
+ HDEBUG(D_acl) debug_printf_indent("ratelimit checking uniqueness of %s\n", unique);
seen = TRUE;
for (n = 0; n < 8; n++, hash += hinc)
if (seen)
{
- HDEBUG(D_acl) debug_printf("ratelimit event found in Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit event found in Bloom filter\n");
count = 0.0;
}
else
- HDEBUG(D_acl) debug_printf("ratelimit event added to Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit event added to Bloom filter\n");
}
/* If there was no previous ratelimit data block for this key, initialize
if (dbd == NULL)
{
- HDEBUG(D_acl) debug_printf("ratelimit initializing new key's rate data\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit initializing new key's rate data\n");
dbd = &dbdb->dbd;
dbd->time_stamp = tv.tv_sec;
dbd->time_usec = tv.tv_usec;
if ((rc == FAIL && leaky) || strict)
{
dbfn_write(dbm, key, dbdb, dbdb_size);
- HDEBUG(D_acl) debug_printf("ratelimit db updated\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit db updated\n");
}
else
{
- HDEBUG(D_acl) debug_printf("ratelimit db not updated: %s\n",
+ HDEBUG(D_acl) debug_printf_indent("ratelimit db not updated: %s\n",
readonly? "readonly mode" : "over the limit, but leaky");
}
sender_rate = string_sprintf("%.1f", dbd->rate);
HDEBUG(D_acl)
- debug_printf("ratelimit computed rate %s\n", sender_rate);
+ debug_printf_indent("ratelimit computed rate %s\n", sender_rate);
return rc;
}
}
HDEBUG(D_acl)
- debug_printf("udpsend [%s]:%d %s\n", h->address, portnum, arg);
+ debug_printf_indent("udpsend [%s]:%d %s\n", h->address, portnum, arg);
r = s = ip_connectedsocket(SOCK_DGRAM, h->address, portnum, portnum,
1, NULL, &errstr);
}
HDEBUG(D_acl)
- debug_printf("udpsend %d bytes\n", r);
+ debug_printf_indent("udpsend %d bytes\n", r);
return OK;
if (cb->type == ACLC_MESSAGE)
{
- HDEBUG(D_acl) debug_printf(" message: %s\n", cb->arg);
+ HDEBUG(D_acl) debug_printf_indent(" message: %s\n", cb->arg);
user_message = cb->arg;
continue;
}
if (cb->type == ACLC_LOG_MESSAGE)
{
- HDEBUG(D_acl) debug_printf("l_message: %s\n", cb->arg);
+ HDEBUG(D_acl) debug_printf_indent("l_message: %s\n", cb->arg);
log_message = cb->arg;
continue;
}
of them, but not for all, because expansion happens down in some lower level
checking functions in some cases. */
- if (conditions[cb->type].expand_at_top)
+ if (!conditions[cb->type].expand_at_top)
+ arg = cb->arg;
+ else if (!(arg = expand_string(cb->arg)))
{
- arg = expand_string(cb->arg);
- if (arg == NULL)
- {
- if (expand_string_forcedfail) continue;
- *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s",
- cb->arg, expand_string_message);
- return search_find_defer? DEFER : ERROR;
- }
+ if (expand_string_forcedfail) continue;
+ *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s",
+ cb->arg, expand_string_message);
+ return search_find_defer ? DEFER : ERROR;
}
- else arg = cb->arg;
/* Show condition, and expanded condition if it's different */
HDEBUG(D_acl)
{
int lhswidth = 0;
- debug_printf("check %s%s %n",
+ debug_printf_indent("check %s%s %n",
(!conditions[cb->type].is_modifier && cb->u.negated)? "!":"",
conditions[cb->type].name, &lhswidth);
"discard" verb. */
case ACLC_ACL:
- rc = acl_check_wargs(where, addr, arg, level+1, user_msgptr, log_msgptr);
+ rc = acl_check_wargs(where, addr, arg, user_msgptr, log_msgptr);
if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD)
{
*log_msgptr = string_sprintf("nested ACL returned \"discard\" for "
if (af < 0)
{
HDEBUG(D_acl)
- debug_printf("smtp input is probably not a socket [%s], not setting DSCP\n",
+ debug_printf_indent("smtp input is probably not a socket [%s], not setting DSCP\n",
strerror(errno));
break;
}
{
if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0)
{
- HDEBUG(D_acl) debug_printf("failed to set input DSCP[%s]: %s\n",
+ HDEBUG(D_acl) debug_printf_indent("failed to set input DSCP[%s]: %s\n",
p+1, strerror(errno));
}
else
{
- HDEBUG(D_acl) debug_printf("set input DSCP to \"%s\"\n", p+1);
+ HDEBUG(D_acl) debug_printf_indent("set input DSCP to \"%s\"\n", p+1);
}
}
else
break;
case CONTROL_FAKEREJECT:
- cancel_cutthrough_connection("fakereject");
+ cancel_cutthrough_connection(TRUE, US"fakereject");
case CONTROL_FAKEDEFER:
fake_response = (control_type == CONTROL_FAKEDEFER) ? DEFER : FAIL;
if (*p == '/')
*log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg);
return ERROR;
}
- cancel_cutthrough_connection("item frozen");
+ cancel_cutthrough_connection(TRUE, US"item frozen");
break;
case CONTROL_QUEUE_ONLY:
queue_only_policy = TRUE;
- cancel_cutthrough_connection("queueing forced");
+ cancel_cutthrough_connection(TRUE, US"queueing forced");
break;
case CONTROL_SUBMISSION:
}
else
{
- HDEBUG(D_acl) debug_printf("delay modifier requests %d-second delay\n",
+ HDEBUG(D_acl) debug_printf_indent("delay modifier requests %d-second delay\n",
delay);
if (host_checking)
{
HDEBUG(D_acl)
- debug_printf("delay skipped in -bh checking mode\n");
+ debug_printf_indent("delay skipped in -bh checking mode\n");
}
/* NOTE 1: Remember that we may be
n = 1;
}
if (poll(&p, n, delay*1000) > 0)
- HDEBUG(D_acl) debug_printf("delay cancelled by peer close\n");
+ HDEBUG(D_acl) debug_printf_indent("delay cancelled by peer close\n");
}
#else
/* It appears to be impossible to detect that a TCP/IP connection has
break;
case ACLC_RECIPIENTS:
- rc = match_address_list((const uschar *)addr->address, TRUE, TRUE, &arg, NULL, -1, 0,
+ rc = match_address_list(CUS addr->address, TRUE, TRUE, &arg, NULL, -1, 0,
CUSS &recipient_data);
break;
{
uschar *sdomain;
sdomain = Ustrrchr(sender_address, '@');
- sdomain = (sdomain == NULL)? US"" : sdomain + 1;
+ sdomain = sdomain ? sdomain + 1 : US"";
rc = match_isinlist(sdomain, &arg, 0, &domainlist_anchor,
sender_domain_cache, MCL_DOMAIN, TRUE, NULL);
}
break;
case ACLC_SENDERS:
- rc = match_address_list((const uschar *)sender_address, TRUE, TRUE, &arg,
+ rc = match_address_list(CUS sender_address, TRUE, TRUE, &arg,
sender_address_cache, -1, 0, CUSS &sender_data);
break;
where where called from
addr address item when called from RCPT; otherwise NULL
s the input string; NULL is the same as an empty ACL => DENY
- level the nesting level
user_msgptr where to put a user error (for SMTP response)
log_msgptr where to put a logging message (not for SMTP response)
*/
static int
-acl_check_internal(int where, address_item *addr, uschar *s, int level,
+acl_check_internal(int where, address_item *addr, uschar *s,
uschar **user_msgptr, uschar **log_msgptr)
{
int fd = -1;
/* Catch configuration loops */
-if (level > 20)
+if (acl_level > 20)
{
*log_msgptr = US"ACL nested too deep: possible loop";
return ERROR;
}
-if (s == NULL)
+if (!s)
{
- HDEBUG(D_acl) debug_printf("ACL is NULL: implicit DENY\n");
+ HDEBUG(D_acl) debug_printf_indent("ACL is NULL: implicit DENY\n");
return FAIL;
}
/* At top level, we expand the incoming string. At lower levels, it has already
been expanded as part of condition processing. */
-if (level == 0)
+if (acl_level == 0)
{
- ss = expand_string(s);
- if (ss == NULL)
+ if (!(ss = expand_string(s)))
{
if (expand_string_forcedfail) return OK;
*log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", s,
acl = (acl_block *)(t->data.ptr);
if (acl == NULL)
{
- HDEBUG(D_acl) debug_printf("ACL \"%s\" is empty: implicit DENY\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("ACL \"%s\" is empty: implicit DENY\n", ss);
return FAIL;
}
acl_name = string_sprintf("ACL \"%s\"", ss);
- HDEBUG(D_acl) debug_printf("using ACL \"%s\"\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("using ACL \"%s\"\n", ss);
}
else if (*ss == '/')
(void)close(fd);
acl_name = string_sprintf("ACL \"%s\"", ss);
- HDEBUG(D_acl) debug_printf("read ACL from file %s\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("read ACL from file %s\n", ss);
}
}
int cond;
int basic_errno = 0;
BOOL endpass_seen = FALSE;
- BOOL acl_quit_check = level == 0
+ BOOL acl_quit_check = acl_level == 0
&& (where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT);
*log_msgptr = *user_msgptr = NULL;
acl_temp_details = FALSE;
- HDEBUG(D_acl) debug_printf("processing \"%s\"\n", verbs[acl->verb]);
+ HDEBUG(D_acl) debug_printf_indent("processing \"%s\"\n", verbs[acl->verb]);
/* Clear out any search error message from a previous check before testing
this condition. */
search_error_message = NULL;
- cond = acl_check_condition(acl->verb, acl->condition, where, addr, level,
+ cond = acl_check_condition(acl->verb, acl->condition, where, addr, acl_level,
&endpass_seen, user_msgptr, log_msgptr, &basic_errno);
/* Handle special returns: DEFER causes a return except on a WARN verb;
switch (cond)
{
case DEFER:
- HDEBUG(D_acl) debug_printf("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name);
if (basic_errno != ERRNO_CALLOUTDEFER)
{
if (search_error_message != NULL && *search_error_message != 0)
default: /* Paranoia */
case ERROR:
- HDEBUG(D_acl) debug_printf("%s: condition test error in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test error in %s\n", verbs[acl->verb], acl_name);
return ERROR;
case OK:
- HDEBUG(D_acl) debug_printf("%s: condition test succeeded in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test succeeded in %s\n",
verbs[acl->verb], acl_name);
break;
case FAIL:
- HDEBUG(D_acl) debug_printf("%s: condition test failed in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test failed in %s\n", verbs[acl->verb], acl_name);
break;
/* DISCARD and DROP can happen only from a nested ACL condition, and
DISCARD can happen only for an "accept" or "discard" verb. */
case DISCARD:
- HDEBUG(D_acl) debug_printf("%s: condition test yielded \"discard\" in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"discard\" in %s\n",
verbs[acl->verb], acl_name);
break;
case FAIL_DROP:
- HDEBUG(D_acl) debug_printf("%s: condition test yielded \"drop\" in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"drop\" in %s\n",
verbs[acl->verb], acl_name);
break;
}
case ACL_ACCEPT:
if (cond == OK || cond == DISCARD)
{
- HDEBUG(D_acl) debug_printf("end of %s: ACCEPT\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: ACCEPT\n", acl_name);
return cond;
}
if (endpass_seen)
{
- HDEBUG(D_acl) debug_printf("accept: endpass encountered - denying access\n");
+ HDEBUG(D_acl) debug_printf_indent("accept: endpass encountered - denying access\n");
return cond;
}
break;
case ACL_DEFER:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DEFER\n", acl_name);
if (acl_quit_check) goto badquit;
acl_temp_details = TRUE;
return DEFER;
case ACL_DENY:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DENY\n", acl_name);
if (acl_quit_check) goto badquit;
return FAIL;
}
case ACL_DISCARD:
if (cond == OK || cond == DISCARD)
{
- HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DISCARD\n", acl_name);
if (acl_quit_check) goto badquit;
return DISCARD;
}
if (endpass_seen)
{
- HDEBUG(D_acl) debug_printf("discard: endpass encountered - denying access\n");
+ HDEBUG(D_acl) debug_printf_indent("discard: endpass encountered - denying access\n");
return cond;
}
break;
case ACL_DROP:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DROP\n", acl_name);
if (acl_quit_check) goto badquit;
return FAIL_DROP;
}
case ACL_REQUIRE:
if (cond != OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: not OK\n", acl_name);
if (acl_quit_check) goto badquit;
return cond;
}
/* We have reached the end of the ACL. This is an implicit DENY. */
-HDEBUG(D_acl) debug_printf("end of %s: implicit DENY\n", acl_name);
+HDEBUG(D_acl) debug_printf_indent("end of %s: implicit DENY\n", acl_name);
return FAIL;
badquit:
the name of an ACL followed optionally by up to 9 space-separated arguments.
The name and args are separately expanded. Args go into $acl_arg globals. */
static int
-acl_check_wargs(int where, address_item *addr, const uschar *s, int level,
+acl_check_wargs(int where, address_item *addr, const uschar *s,
uschar **user_msgptr, uschar **log_msgptr)
{
uschar * tmp;
acl_arg[i++] = NULL;
}
-ret = acl_check_internal(where, addr, name, level, user_msgptr, log_msgptr);
+acl_level++;
+ret = acl_check_internal(where, addr, name, user_msgptr, log_msgptr);
+acl_level--;
acl_narg = sav_narg;
for (i = 0; i < 9; i++) acl_arg[i] = sav_arg[i];
{
address_item adb;
address_item *addr = NULL;
+int rc;
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
addr->lc_local_part = deliver_localpart;
}
-return acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+acl_level++;
+rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr);
+acl_level--;
+return rc;
}
}
acl_where = where;
-rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+acl_level = 0;
+rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr);
+acl_level = 0;
acl_where = ACL_WHERE_UNKNOWN;
/* Cutthrough - if requested,
#ifndef DISABLE_PRDR
case ACL_WHERE_PRDR:
#endif
+
if (host_checking_callout) /* -bhc mode */
- cancel_cutthrough_connection("host-checking mode");
+ cancel_cutthrough_connection(TRUE, US"host-checking mode");
else if ( rc == OK
&& cutthrough.delivery
if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s;
acl_temp_details = TRUE;
}
- else
+ else
{
- HDEBUG(D_acl) debug_printf("cutthrough defer; will spool\n");
+ HDEBUG(D_acl) debug_printf_indent("cutthrough defer; will spool\n");
rc = OK;
}
break;
if (rc == OK)
cutthrough_predata();
else
- cancel_cutthrough_connection("predata acl not ok");
+ cancel_cutthrough_connection(TRUE, US"predata acl not ok");
break;
case ACL_WHERE_QUIT:
case ACL_WHERE_NOTQUIT:
- cancel_cutthrough_connection("quit or notquit");
+ /* Drop cutthrough conns, and drop heldopen verify conns if
+ the previous was not DATA */
+ {
+ uschar prev = smtp_connection_had[smtp_ch_index-2];
+ BOOL dropverify = !(prev == SCH_DATA || prev == SCH_BDAT);
+
+ cancel_cutthrough_connection(dropverify, US"quit or conndrop");
break;
+ }
default:
break;
*/
tree_node *
-acl_var_create(uschar *name)
+acl_var_create(uschar * name)
{
-tree_node *node, **root;
-root = (name[0] == 'c')? &acl_var_c : &acl_var_m;
-node = tree_search(*root, name);
-if (node == NULL)
+tree_node * node, ** root = name[0] == 'c' ? &acl_var_c : &acl_var_m;
+if (!(node = tree_search(*root, name)))
{
node = store_get(sizeof(tree_node) + Ustrlen(name));
Ustrcpy(node->name, name);