* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
+/* Copyright (c) University of Cambridge 1995 - 2023 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* Functions concerned with verifying things. The original code for callout
caching was contributed by Kevin Fleming (but I hacked it around a bit). */
*/
static BOOL
-cached_callout_lookup(address_item * addr, uschar * address_key,
- uschar * from_address, int * opt_ptr, uschar ** pm_ptr,
+cached_callout_lookup(address_item * addr, const uschar * address_key,
+ const uschar * from_address, int * opt_ptr, uschar ** pm_ptr,
int * yield, uschar ** failure_ptr,
dbdata_callout_cache * new_domain_record, int * old_domain_res)
{
*/
static void
cache_callout_write(dbdata_callout_cache * dom_rec, const uschar * domain,
- int done, dbdata_callout_cache_address * addr_rec, uschar * address_key)
+ int done, dbdata_callout_cache_address * addr_rec, const uschar * address_key)
{
open_db dbblock;
-open_db *dbm_file = NULL;
+open_db * dbm_file = NULL;
/* If we get here with done == TRUE, a successful callout happened, and yield
will be set OK or FAIL according to the response to the RCPT command.
}
+
+
+/* A rcpt callout, or cached record of one, verified the address.
+Set $domain_data and $local_part_data to detainted versions.
+*/
+static void
+callout_verified_rcpt(const address_item * addr)
+{
+address_item a = {.address = addr->address};
+if (deliver_split_address(&a) != OK) return;
+deliver_localpart_data = string_copy_taint(a.local_part, GET_UNTAINTED);
+deliver_domain_data = string_copy_taint(a.domain, GET_UNTAINTED);
+}
+
+
/*************************************************
* Do callout verification for an address *
*************************************************/
int yield = OK;
int old_domain_cache_result = ccache_accept;
BOOL done = FALSE;
-uschar *address_key;
-uschar *from_address;
-uschar *random_local_part = NULL;
-const uschar *save_deliver_domain = deliver_domain;
-uschar **failure_ptr = options & vopt_is_recipient
+const uschar * address_key;
+const uschar * from_address;
+uschar * random_local_part = NULL;
+const uschar * save_deliver_domain = deliver_domain;
+uschar ** failure_ptr = options & vopt_is_recipient
? &recipient_verify_failure : &sender_verify_failure;
dbdata_callout_cache new_domain_record;
dbdata_callout_cache_address new_address_record;
sx->conn_args.interface = interface;
sx->helo_data = tf->helo_data;
sx->conn_args.tblock = addr->transport;
+ sx->cctx.sock = sx->conn_args.sock = -1;
sx->verify = TRUE;
tls_retry_connection:
if (yield != OK)
{
errno = addr->basic_errno;
+
+ /* For certain errors we want specifically to log the transport name,
+ for ease of fixing config errors. Slightly ugly doing it here, but we want
+ to not leak that also in the SMTP response. */
+ switch (errno)
+ {
+ case EPROTOTYPE:
+ case ENOPROTOOPT:
+ case EPROTONOSUPPORT:
+ case ESOCKTNOSUPPORT:
+ case EOPNOTSUPP:
+ case EPFNOSUPPORT:
+ case EAFNOSUPPORT:
+ case EADDRINUSE:
+ case EADDRNOTAVAIL:
+ case ENETDOWN:
+ case ENETUNREACH:
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "%s verify %s (making calloout connection): T=%s %s",
+ options & vopt_is_recipient ? "sender" : "recipient",
+ yield == FAIL ? "fail" : "defer",
+ transport_name, strerror(errno));
+ }
+
transport_name = NULL;
deliver_host = deliver_host_address = NULL;
deliver_domain = save_deliver_domain;
if (random_local_part)
{
- uschar * main_address = addr->address;
+ const uschar * main_address = addr->address;
const uschar * rcpt_domain = addr->domain;
#ifdef SUPPORT_I18N
/* Remember when we last did a random test */
new_domain_record.random_stamp = time(NULL);
- if (smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0)
+ if (smtp_write_mail_and_rcpt_cmds(sx, &yield) == sw_mrc_ok)
switch(addr->transport_return)
{
case PENDING_OK: /* random was accepted, unfortunately */
done = FALSE;
switch(smtp_write_mail_and_rcpt_cmds(sx, &yield))
{
- case 0: switch(addr->transport_return) /* ok so far */
- {
- case PENDING_OK: done = TRUE;
- new_address_record.result = ccache_accept;
- break;
- case FAIL: done = TRUE;
- yield = FAIL;
- *failure_ptr = US"recipient";
- new_address_record.result = ccache_reject;
- break;
- default: break;
- }
- break;
+ case sw_mrc_ok:
+ switch(addr->transport_return) /* ok so far */
+ {
+ case PENDING_OK: done = TRUE;
+ new_address_record.result = ccache_accept;
+ break;
+ case FAIL: done = TRUE;
+ yield = FAIL;
+ *failure_ptr = US"recipient";
+ new_address_record.result = ccache_reject;
+ break;
+ default: break;
+ }
+ break;
- case -1: /* MAIL response error */
- *failure_ptr = US"mail";
- if (errno == 0 && sx->buffer[0] == '5')
- {
- setflag(addr, af_verify_nsfail);
- if (from_address[0] == 0)
- new_domain_record.result = ccache_reject_mfnull;
- }
- break;
- /* non-MAIL read i/o error */
- /* non-MAIL response timeout */
- /* internal error; channel still usable */
- default: break; /* transmit failed */
+ case sw_mrc_bad_mail: /* MAIL response error */
+ *failure_ptr = US"mail";
+ if (errno == 0 && sx->buffer[0] == '5')
+ {
+ setflag(addr, af_verify_nsfail);
+ if (from_address[0] == 0)
+ new_domain_record.result = ccache_reject_mfnull;
+ }
+ break;
+ /* non-MAIL read i/o error */
+ /* non-MAIL response timeout */
+ /* internal error; channel still usable */
+ default: break; /* transmit failed */
}
}
if (done)
{
- uschar * main_address = addr->address;
+ const uschar * main_address = addr->address;
/*XXX oops, affixes */
addr->address = string_sprintf("postmaster@%.1000s", addr->domain);
sx->completed_addr = FALSE;
sx->avoid_option = OPTION_SIZE;
- if( smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0
+ if( smtp_write_mail_and_rcpt_cmds(sx, &yield) == sw_mrc_ok
&& addr->transport_return == PENDING_OK
)
done = TRUE;
HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
}
#ifndef DISABLE_DKIM
+ /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy
+ body bytes to the outbound as they are received, which is the intent of cutthrough. */
if (ob->dkim.dkim_domain)
{
cutthrough.delivery= FALSE;
/* Ensure no cutthrough on multiple verifies that were incompatible */
if (options & vopt_callout_recipsender)
cancel_cutthrough_connection(TRUE, US"not usable for cutthrough");
- if (sx->send_quit)
+ if (sx->send_quit && sx->cctx.sock >= 0)
if (smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n") != -1)
/* Wait a short time for response, and discard it */
smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
static BOOL
-_cutthrough_puts(uschar * cp, int n)
+_cutthrough_puts(const uschar * cp, int n)
{
while(n--)
{
/* Buffered output of counted data block. Return boolean success */
static BOOL
-cutthrough_puts(uschar * cp, int n)
+cutthrough_puts(const uschar * cp, int n)
{
if (cutthrough.cctx.sock < 0) return TRUE;
if (_cutthrough_puts(cp, n)) return TRUE;
}
-/* Get and check response from cutthrough target */
+/* Get and check response from cutthrough target.
+Used for
+- nonfirst RCPT
+- predata
+- data finaldot
+- cutthrough conn close
+*/
static uschar
cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout)
{
sx.inblock.ptrend = inbuffer;
sx.inblock.cctx = cctx;
if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout))
- cancel_cutthrough_connection(TRUE, US"target timeout on read");
+ cancel_cutthrough_connection(TRUE, US"unexpected response to smtp command");
if(copy)
{
/* tctx arg only to match write_chunk() */
static BOOL
-cutthrough_write_chunk(transport_ctx * tctx, uschar * s, int len)
+cutthrough_write_chunk(transport_ctx * tctx, const uschar * s, int len)
{
-uschar * s2;
+const uschar * s2;
while(s && (s2 = Ustrchr(s, '\n')))
{
if(!cutthrough_puts(s, s2-s) || !cutthrough_put_nl())
int verify_type = expn ? v_expn :
f.address_test_mode ? v_none :
options & vopt_is_recipient ? v_recipient : v_sender;
-address_item *addr_list;
-address_item *addr_new = NULL;
-address_item *addr_remote = NULL;
-address_item *addr_local = NULL;
-address_item *addr_succeed = NULL;
-uschar **failure_ptr = options & vopt_is_recipient
+address_item * addr_list;
+address_item * addr_new = NULL;
+address_item * addr_remote = NULL;
+address_item * addr_local = NULL;
+address_item * addr_succeed = NULL;
+uschar ** failure_ptr = options & vopt_is_recipient
? &recipient_verify_failure : &sender_verify_failure;
-uschar *ko_prefix, *cr;
-uschar *address = vaddr->address;
-uschar *save_sender;
+uschar * ko_prefix, * cr;
+const uschar * address = vaddr->address;
+const uschar * save_sender;
uschar null_sender[] = { 0 }; /* Ensure writeable memory */
/* Clear, just in case */
if (global_rewrite_rules)
{
- uschar *old = address;
- /* deconst ok as address was not const */
- address = US rewrite_address(address, options & vopt_is_recipient, FALSE,
+ const uschar * old = address;
+ address = rewrite_address(address, options & vopt_is_recipient, FALSE,
global_rewrite_rules, rewrite_existflags);
if (address != old)
{
if (tf.hosts && (!host_list || tf.hosts_override))
{
uschar *s;
- const uschar *save_deliver_domain = deliver_domain;
- uschar *save_deliver_localpart = deliver_localpart;
+ const uschar * save_deliver_domain = deliver_domain;
+ const uschar * save_deliver_localpart = deliver_localpart;
host_list = NULL; /* Ignore the router's hosts */
#ifndef DISABLE_TLS
deliver_set_expansions(NULL);
#endif
+ if ( options & vopt_is_recipient
+ && rc == OK
+ /* set to "random", with OK, for an accepted random */
+ && !recipient_verify_failure
+ )
+ callout_verified_rcpt(addr);
}
}
else if (local_verify)
for (int i = 0; i < recipients_count; i++)
{
BOOL found = FALSE;
- uschar *address = recipients_list[i].address;
+ const uschar * address = recipients_list[i].address;
for (header_line * h = header_list; !found && h; h = h->next)
{
- uschar *colon, *s;
+ uschar * colon, * s;
if (h->type != htype_to && h->type != htype_cc) continue;
*/
address_item *
-verify_checked_sender(uschar *sender)
+verify_checked_sender(const uschar * sender)
{
for (address_item * addr = sender_verified_list; addr; addr = addr->next)
if (Ustrcmp(sender, addr->address) == 0) return addr;
a (possibly masked) comparison with the current IP address. */
if (string_is_ip_address(ss, &maskoffset) != 0)
- return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
+ return host_is_in_net(cb->host_address, ss, maskoffset) ? OK : FAIL;
/* The pattern is not an IP address. A common error that people make is to omit
one component of an IPv4 address, either by accident, or believing that, for
error if the pattern contains only digits and dots or contains a slash preceded
only by digits and dots (a slash at the start indicates a file name and of
course slashes may be present in lookups, but not preceded only by digits and
-dots). */
+dots). Then the equivalent for IPv6 (roughly). */
-for (t = ss; isdigit(*t) || *t == '.'; ) t++;
-if (!*t || (*t == '/' && t != ss))
+if (Ustrchr(ss, ':'))
{
- *error = US"malformed IPv4 address or address mask";
- return ERROR;
+ for (t = ss; isxdigit(*t) || *t == ':' || *t == '.'; ) t++;
+ if (!*t || (*t == '/' || *t == '%') && t != ss)
+ {
+ *error = string_sprintf("malformed IPv6 address or address mask: %.*s", (int)(t - ss), ss);
+ return ERROR;
+ }
+ }
+else
+ {
+ for (t = ss; isdigit(*t) || *t == '.'; ) t++;
+ if (!*t || (*t == '/' && t != ss))
+ {
+ *error = string_sprintf("malformed IPv4 address or address mask: %.*s", (int)(t - ss), ss);
+ return ERROR;
+ }
}
/* See if there is a semicolon in the pattern, separating a searchtype
endname = semicolon;
opts = NULL;
}
+else
+ opts = NULL;
/* If we are doing an IP address only match, then all lookups must be IP
address lookups, even if there is no "net-". */
underscores, as they are all too commonly found. Sigh. Also, if
allow_utf8_domains is set, allow top-bit characters. */
-for (t = ss; *t != 0; t++)
+for (t = ss; *t; t++)
if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
(!allow_utf8_domains || *t < 128)) break;
its IP address and match against that. Note that a multi-homed host will add
items to the chain. */
-if (*t == 0)
+if (!*t)
{
int rc;
host_item h;
must use sender_host_name and its aliases, looking them up if necessary. */
if (cb->host_name) /* Explicit host name given */
- return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
- valueptr);
+ return match_check_string(cb->host_name, ss, -1,
+ MCS_PARTIAL | MCS_CASELESS | MCS_AT_SPECIAL | cb->flags, valueptr);
/* Host name not given; in principle we need the sender host name and its
aliases. However, for query-style lookups, we do not need the name if the
if (isquery)
{
- switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
+ switch(match_check_string(US"", ss, -1,
+ MCS_PARTIAL| MCS_CASELESS| MCS_AT_SPECIAL | (cb->flags & MCS_CACHEABLE),
+ valueptr))
{
case OK: return OK;
case DEFER: return DEFER;
/* Match on the sender host name, using the general matching function */
-switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE, valueptr))
+switch(match_check_string(sender_host_name, ss, -1,
+ MCS_PARTIAL| MCS_CASELESS| MCS_AT_SPECIAL | (cb->flags & MCS_CACHEABLE),
+ valueptr))
{
case OK: return OK;
case DEFER: return DEFER;
aliases = sender_host_aliases;
while (*aliases)
- switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
+ switch(match_check_string(*aliases++, ss, -1,
+ MCS_PARTIAL| MCS_CASELESS| MCS_AT_SPECIAL | (cb->flags & MCS_CACHEABLE),
+ valueptr))
{
case OK: return OK;
case DEFER: return DEFER;
check_host, /* function for testing */
&cb, /* argument for function */
MCL_HOST, /* type of check */
- (host_address == sender_host_address)?
- US"host" : host_address, /* text for debugging */
+ host_address == sender_host_address
+ ? US"host" : host_address, /* text for debugging */
valueptr); /* where to pass back data */
deliver_host_address = save_host_address;
return rc;
if (n > 4)
save_errno = (buf[1] << 24) | (buf[2] << 16) | (buf[3] << 8) | buf[4];
if ((recipient_verify_failure = n > 5
- ? string_copyn_taint(buf+5, n-5, FALSE) : NULL))
+ ? string_copyn_taint(buf+5, n-5, GET_UNTAINTED) : NULL))
{
int m;
s = buf + 5 + Ustrlen(recipient_verify_failure) + 1;
m = n - (s - buf);
acl_verify_message = *msg =
- m > 0 ? string_copyn_taint(s, m, FALSE) : NULL;
+ m > 0 ? string_copyn_taint(s, m, GET_UNTAINTED) : NULL;
}
DEBUG(D_verify) debug_printf_indent("verify call response:"