#define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */
#define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */
-static smtp_outblock ctblock;
+static smtp_context ctctx;
uschar ctbuffer[8192];
/* Match! Send the RCPT TO, set done from the response */
done =
- smtp_write_command(&ctblock, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n",
+ smtp_write_command(&ctctx, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n",
transport_rcpt_address(addr,
addr->transport->rcpt_include_affixes)) >= 0
&& cutthrough_response(&cutthrough.cctx, '2', &resp,
and cause the client to time out. So in this case we forgo the PIPELINING
optimization. */
- if (smtp_out && !disable_callout_flush) mac_smtp_fflush();
+ if (smtp_out && !f.disable_callout_flush) mac_smtp_fflush();
clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
clearflag(addr, af_verify_nsfail); /* null sender callout flag */
addr->message);
sx.addrlist = addr;
- sx.host = host;
- sx.host_af = host_af,
+ sx.conn_args.host = host;
+ sx.conn_args.host_af = host_af,
sx.port = port;
- sx.interface = interface;
+ sx.conn_args.interface = interface;
sx.helo_data = tf->helo_data;
- sx.tblock = addr->transport;
+ sx.conn_args.tblock = addr->transport;
sx.verify = TRUE;
tls_retry_connection:
if ( yield == DEFER
&& addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
- && verify_check_given_host(&ob->hosts_require_tls, host) != OK
+ && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK
)
{
log_write(0, LOG_MAIN,
XXX We don't care about that for postmaster_full. Should we? */
if ((done =
- smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0 &&
- smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
- '2', callout)))
+ smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 &&
+ smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout)))
break;
HDEBUG(D_acl|D_v)
cancel_cutthrough_connection(TRUE, US"postmaster verify");
HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n");
- done = smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0
- && smtp_read_response(&sx.inblock, sx.buffer,
- sizeof(sx.buffer), '2', callout);
+ done = smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0
+ && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout);
if (done)
{
done = TRUE;
else
done = (options & vopt_callout_fullpm) != 0
- && smtp_write_command(&sx.outblock, SCMD_FLUSH,
+ && smtp_write_command(&sx, SCMD_FLUSH,
"RCPT TO:<postmaster>\r\n") >= 0
- && smtp_read_response(&sx.inblock, sx.buffer,
+ && smtp_read_response(&sx, sx.buffer,
sizeof(sx.buffer), '2', callout);
/* Sort out the cache record */
&& !sx.lmtp
)
{
+ address_item * parent, * caddr;
+
HDEBUG(D_acl|D_v) debug_printf_indent("holding verify callout open for %s\n",
cutthrough.delivery
? "cutthrough delivery" : "potential further verifies and delivery");
cutthrough.host.address = string_copy(host->address);
store_pool = oldpool;
}
- cutthrough.addr = *addr; /* Save the address_item for later logging */
+
+ /* Save the address_item and parent chain for later logging */
+ cutthrough.addr = *addr;
cutthrough.addr.next = NULL;
cutthrough.addr.host_used = &cutthrough.host;
- if (addr->parent)
- *(cutthrough.addr.parent = store_get(sizeof(address_item))) =
- *addr->parent;
- ctblock.buffer = ctbuffer;
- ctblock.buffersize = sizeof(ctbuffer);
- ctblock.ptr = ctbuffer;
- /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */
- ctblock.cctx = &cutthrough.cctx;
+ for (caddr = &cutthrough.addr, parent = addr->parent;
+ parent;
+ caddr = caddr->parent, parent = parent->parent)
+ *(caddr->parent = store_get(sizeof(address_item))) = *parent;
+
+ ctctx.outblock.buffer = ctbuffer;
+ ctctx.outblock.buffersize = sizeof(ctbuffer);
+ ctctx.outblock.ptr = ctbuffer;
+ /* ctctx.outblock.cmd_count = 0; ctctx.outblock.authenticating = FALSE; */
+ ctctx.outblock.cctx = &cutthrough.cctx;
}
else
{
cancel_cutthrough_connection(TRUE, US"not usable for cutthrough");
if (sx.send_quit)
{
- (void) smtp_write_command(&sx.outblock, SCMD_FLUSH, "QUIT\r\n");
+ (void) smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
/* Wait a short time for response, and discard it */
- smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
- '2', 1);
+ smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', 1);
}
if (sx.cctx.sock >= 0)
one was requested and a recipient-verify wasn't subsequently done.
*/
int
-open_cutthrough_connection( address_item * addr )
+open_cutthrough_connection(address_item * addr)
{
address_item addr2;
int rc;
if(
#ifdef SUPPORT_TLS
cutthrough.is_tls
- ? tls_write(cutthrough.cctx.tls_ctx, ctblock.buffer, n, FALSE)
+ ? tls_write(cutthrough.cctx.tls_ctx, ctctx.outblock.buffer, n, FALSE)
:
#endif
- send(cutthrough.cctx.sock, ctblock.buffer, n, 0) > 0
+ send(cutthrough.cctx.sock, ctctx.outblock.buffer, n, 0) > 0
)
{
transport_count += n;
- ctblock.ptr= ctblock.buffer;
+ ctctx.outblock.ptr= ctctx.outblock.buffer;
return TRUE;
}
{
while(n--)
{
- if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize)
- if(!cutthrough_send(ctblock.buffersize))
+ if(ctctx.outblock.ptr >= ctctx.outblock.buffer+ctctx.outblock.buffersize)
+ if(!cutthrough_send(ctctx.outblock.buffersize))
return FALSE;
- *ctblock.ptr++ = *cp++;
+ *ctctx.outblock.ptr++ = *cp++;
}
return TRUE;
}
static BOOL
_cutthrough_flush_send(void)
{
-int n = ctblock.ptr - ctblock.buffer;
+int n = ctctx.outblock.ptr - ctctx.outblock.buffer;
if(n>0)
if(!cutthrough_send(n))
static uschar
cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout)
{
-smtp_inblock inblock;
+smtp_context sx = {0};
uschar inbuffer[4096];
uschar responsebuffer[4096];
-inblock.buffer = inbuffer;
-inblock.buffersize = sizeof(inbuffer);
-inblock.ptr = inbuffer;
-inblock.ptrend = inbuffer;
-inblock.cctx = cctx;
-if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, timeout))
+sx.inblock.buffer = inbuffer;
+sx.inblock.buffersize = sizeof(inbuffer);
+sx.inblock.ptr = inbuffer;
+sx.inblock.ptrend = inbuffer;
+sx.inblock.cctx = cctx;
+if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout))
cancel_cutthrough_connection(TRUE, US"target timeout on read");
if(copy)
conn before the final dot.
*/
client_conn_ctx tmp_ctx = cutthrough.cctx;
- ctblock.ptr = ctbuffer;
+ ctctx.outblock.ptr = ctbuffer;
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n");
_cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */
_cutthrough_flush_send();
(void)close(fd);
HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why);
}
-ctblock.ptr = ctbuffer;
+ctctx.outblock.ptr = ctbuffer;
}
void
*/
int
-verify_address(address_item *vaddr, FILE *f, int options, int callout,
- int callout_overall, int callout_connect, uschar *se_mailfrom,
+verify_address(address_item * vaddr, FILE * fp, int options, int callout,
+ int callout_overall, int callout_connect, uschar * se_mailfrom,
uschar *pm_mailfrom, BOOL *routed)
{
BOOL allok = TRUE;
-BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
+BOOL full_info = fp ? debug_selector != 0 : FALSE;
BOOL expn = (options & vopt_expn) != 0;
BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
int i;
int yield = OK;
int verify_type = expn? v_expn :
- address_test_mode? v_none :
+ f.address_test_mode? v_none :
options & vopt_is_recipient? v_recipient : v_sender;
address_item *addr_list;
address_item *addr_new = NULL;
{
if (!(options & vopt_qualify))
{
- if (f)
- respond_printf(f, "%sA domain is required for \"%s\"%s\n",
+ if (fp)
+ respond_printf(fp, "%sA domain is required for \"%s\"%s\n",
ko_prefix, address, cr);
*failure_ptr = US"qualify";
return FAIL;
DEBUG(D_verify)
{
debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
+ debug_printf("%s %s\n", f.address_test_mode? "Testing" : "Verifying", address);
}
/* Rewrite and report on it. Clear the domain and local part caches - these
{
for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
- if (f && !expn) fprintf(f, "Address rewritten as: %s\n", address);
+ if (fp && !expn) fprintf(fp, "Address rewritten as: %s\n", address);
}
}
if (testflag(addr, af_pfr))
{
allok = FALSE;
- if (f)
+ if (fp)
{
BOOL allow;
if (addr->address[0] == '>')
{
allow = testflag(addr, af_allow_reply);
- fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
+ fprintf(fp, "%s -> mail %s", addr->parent->address, addr->address + 1);
}
else
{
allow = addr->address[0] == '|'
? testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
- fprintf(f, "%s -> %s", addr->parent->address, addr->address);
+ fprintf(fp, "%s -> %s", addr->parent->address, addr->address);
}
if (addr->basic_errno == ERRNO_BADTRANSPORT)
- fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
+ fprintf(fp, "\n*** Error in setting up pipe, file, or autoreply:\n"
"%s\n", addr->message);
else if (allow)
- fprintf(f, "\n transport = %s\n", addr->transport->name);
+ fprintf(fp, "\n transport = %s\n", addr->transport->name);
else
- fprintf(f, " *** forbidden ***\n");
+ fprintf(fp, " *** forbidden ***\n");
}
continue;
}
if (host_list)
{
HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
- if (host_checking && !host_checking_callout)
+ if (host_checking && !f.host_checking_callout)
{
HDEBUG(D_verify)
debug_printf("... callout omitted by default when host testing\n"
#endif
rc = do_callout(addr, host_list, &tf, callout, callout_overall,
callout_connect, options, se_mailfrom, pm_mailfrom);
+#ifdef SUPPORT_TLS
+ deliver_set_expansions(NULL);
+#endif
}
}
else
if (rc == FAIL)
{
allok = FALSE;
- if (f)
+ if (fp)
{
address_item *p = addr->parent;
- respond_printf(f, "%s%s %s", ko_prefix,
+ respond_printf(fp, "%s%s %s", ko_prefix,
full_info ? addr->address : address,
- address_test_mode ? "is undeliverable" : "failed to verify");
- if (!expn && admin_user)
+ f.address_test_mode ? "is undeliverable" : "failed to verify");
+ if (!expn && f.admin_user)
{
if (addr->basic_errno > 0)
- respond_printf(f, ": %s", strerror(addr->basic_errno));
+ respond_printf(fp, ": %s", strerror(addr->basic_errno));
if (addr->message)
- respond_printf(f, ": %s", addr->message);
+ respond_printf(fp, ": %s", addr->message);
}
/* Show parents iff doing full info */
if (full_info) while (p)
{
- respond_printf(f, "%s\n <-- %s", cr, p->address);
+ respond_printf(fp, "%s\n <-- %s", cr, p->address);
p = p->parent;
}
- respond_printf(f, "%s\n", cr);
+ respond_printf(fp, "%s\n", cr);
}
cancel_cutthrough_connection(TRUE, US"routing hard fail");
else if (rc == DEFER)
{
allok = FALSE;
- if (f)
+ if (fp)
{
address_item *p = addr->parent;
- respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix,
+ respond_printf(fp, "%s%s cannot be resolved at this time", ko_prefix,
full_info? addr->address : address);
- if (!expn && admin_user)
+ if (!expn && f.admin_user)
{
if (addr->basic_errno > 0)
- respond_printf(f, ": %s", strerror(addr->basic_errno));
+ respond_printf(fp, ": %s", strerror(addr->basic_errno));
if (addr->message)
- respond_printf(f, ": %s", addr->message);
+ respond_printf(fp, ": %s", addr->message);
else if (addr->basic_errno <= 0)
- respond_printf(f, ": unknown error");
+ respond_printf(fp, ": unknown error");
}
/* Show parents iff doing full info */
if (full_info) while (p)
{
- respond_printf(f, "%s\n <-- %s", cr, p->address);
+ respond_printf(fp, "%s\n <-- %s", cr, p->address);
p = p->parent;
}
- respond_printf(f, "%s\n", cr);
+ respond_printf(fp, "%s\n", cr);
}
cancel_cutthrough_connection(TRUE, US"routing soft fail");
if (!addr_new)
if (!addr_local && !addr_remote)
- respond_printf(f, "250 mail to <%s> is discarded\r\n", address);
+ respond_printf(fp, "250 mail to <%s> is discarded\r\n", address);
else
- respond_printf(f, "250 <%s>\r\n", address);
+ respond_printf(fp, "250 <%s>\r\n", address);
else do
{
address_item *addr2 = addr_new;
addr_new = addr2->next;
if (!addr_new) ok_prefix = US"250 ";
- respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
+ respond_printf(fp, "%s<%s>\r\n", ok_prefix, addr2->address);
} while (addr_new);
yield = OK;
goto out;
) )
)
{
- if (f) fprintf(f, "%s %s\n",
- address, address_test_mode ? "is deliverable" : "verified");
+ if (fp) fprintf(fp, "%s %s\n",
+ address, f.address_test_mode ? "is deliverable" : "verified");
/* If we have carried on to verify a child address, we want the value
of $address_data to be that of the child */
} /* Loop for generated addresses */
/* Display the full results of the successful routing, including any generated
-addresses. Control gets here only when full_info is set, which requires f not
+addresses. Control gets here only when full_info is set, which requires fp not
to be NULL, and this occurs only when a top-level verify is called with the
debugging switch on.
if (allok && !addr_local && !addr_remote)
{
- fprintf(f, "mail to %s is discarded\n", address);
+ fprintf(fp, "mail to %s is discarded\n", address);
goto out;
}
addr_list = addr->next;
- fprintf(f, "%s", CS addr->address);
+ fprintf(fp, "%s", CS addr->address);
#ifdef EXPERIMENTAL_SRS
if(addr->prop.srs_sender)
- fprintf(f, " [srs = %s]", addr->prop.srs_sender);
+ fprintf(fp, " [srs = %s]", addr->prop.srs_sender);
#endif
/* If the address is a duplicate, show something about it. */
{
tree_node *tnode;
if ((tnode = tree_search(tree_duplicates, addr->unique)))
- fprintf(f, " [duplicate, would not be delivered]");
+ fprintf(fp, " [duplicate, would not be delivered]");
else tree_add_duplicate(addr->unique, addr);
}
/* Now show its parents */
for (p = addr->parent; p; p = p->parent)
- fprintf(f, "\n <-- %s", p->address);
- fprintf(f, "\n ");
+ fprintf(fp, "\n <-- %s", p->address);
+ fprintf(fp, "\n ");
/* Show router, and transport */
- fprintf(f, "router = %s, transport = %s\n",
+ fprintf(fp, "router = %s, transport = %s\n",
addr->router->name, tp ? tp->name : US"unset");
/* Show any hosts that are set up by a router unless the transport
}
for (h = addr->host_list; h; h = h->next)
{
- fprintf(f, " host %-*s ", maxlen, h->name);
+ fprintf(fp, " host %-*s ", maxlen, h->name);
if (h->address)
- fprintf(f, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']');
+ fprintf(fp, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']');
else if (tp->info->local)
- fprintf(f, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */
+ fprintf(fp, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */
else
- fprintf(f, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']');
+ fprintf(fp, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']');
- if (h->mx >= 0) fprintf(f, " MX=%d", h->mx);
- if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
- if (running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", f);
- if (h->status == hstatus_unusable) fputs(" ** unusable **", f);
- fputc('\n', f);
+ if (h->mx >= 0) fprintf(fp, " MX=%d", h->mx);
+ if (h->port != PORT_NONE) fprintf(fp, " port=%d", h->port);
+ if (f.running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", fp);
+ if (h->status == hstatus_unusable) fputs(" ** unusable **", fp);
+ fputc('\n', fp);
}
}
}
/* Loop for multiple addresses in the header, enabling group syntax. Note
that we have to reset this after the header has been scanned. */
- parse_allow_group = TRUE;
+ f.parse_allow_group = TRUE;
while (*s)
{
{
if (h->type == htype_from || h->type == htype_sender)
{
- if (!allow_unqualified_sender) recipient = NULL;
+ if (!f.allow_unqualified_sender) recipient = NULL;
}
else
{
- if (!allow_unqualified_recipient) recipient = NULL;
+ if (!f.allow_unqualified_recipient) recipient = NULL;
}
if (recipient == NULL) errmess = US"unqualified address not permitted";
}
while (isspace(*s)) s++;
} /* Next address */
- parse_allow_group = FALSE;
- parse_found_group = FALSE;
+ f.parse_allow_group = FALSE;
+ f.parse_found_group = FALSE;
} /* Next header unless yield has been set FALSE */
return yield;
/* Loop for multiple addresses in the header, enabling group syntax. Note
that we have to reset this after the header has been scanned. */
- parse_allow_group = TRUE;
+ f.parse_allow_group = TRUE;
while (*s != 0)
{
while (isspace(*s)) s++;
} /* Next address */
- parse_allow_group = FALSE;
- parse_found_group = FALSE;
+ f.parse_allow_group = FALSE;
+ f.parse_found_group = FALSE;
} /* Next header (if found is false) */
if (!found) return FAIL;
/* Scan the addresses in the header, enabling group syntax. Note that we
have to reset this after the header has been scanned. */
- parse_allow_group = TRUE;
+ f.parse_allow_group = TRUE;
while (*s != 0)
{
s = ss;
} /* Next address */
- parse_allow_group = FALSE;
- parse_found_group = FALSE;
+ f.parse_allow_group = FALSE;
+ f.parse_found_group = FALSE;
} /* Next header, unless done */
} /* Next header type unless done */
early_data.data = buffer;
early_data.len = qlen;
+/*XXX we trust that the query is idempotent */
if (ip_connect(ident_conn_ctx.sock, host_af, sender_host_address, port,
rfc1413_query_timeout, &early_data) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message);
result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
- if (valueptr != NULL) *valueptr = result;
- return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
+ if (valueptr) *valueptr = result;
+ return result ? OK : f.search_find_defer ? DEFER: FAIL;
}
/* The pattern is not an IP address or network reference of any kind. That is,
* Check the given host item matches a list *
*************************************************/
int
-verify_check_given_host(uschar **listptr, host_item *host)
+verify_check_given_host(const uschar **listptr, const host_item *host)
{
-return verify_check_this_host(CUSS listptr, NULL, host->name, host->address, NULL);
+return verify_check_this_host(listptr, NULL, host->name, host->address, NULL);
}
/*************************************************