Framework to build dane support

[exim.git] / src / src / globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index 5661489a7b66d1ff0b9a14e8fcbc0a6256823809..32ddd16e29f6d249ca75996255f8f8a62cb59146 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2012 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Almost all the global variables are defined together in this one header, so
@@ -85,8 +85,17 @@ typedef struct {
   uschar *cipher;             /* Cipher used */
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
+  void   *ourcert;            /* Certificate we presented, binary */
+  void  *peercert;           /* Certificate of peer, binary */
   uschar *peerdn;             /* DN from peer */
   uschar *sni;                /* Server Name Indication */
+  enum {
+    OCSP_NOT_REQ=0,            /* not requested */
+    OCSP_NOT_RESP,             /* no response to request */
+    OCSP_VFY_NOT_TRIED,                /* response not verified */
+    OCSP_FAILED,               /* verify failed */
+    OCSP_VFIED                 /* verified */
+    }     ocsp;                      /* Stapled OCSP status */
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
@@ -105,7 +114,7 @@ extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */
 extern uschar *tls_crl;                /* CRL File */
 extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions */
 extern uschar *tls_dhparam;            /* DH param file */
-#if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+#ifndef DISABLE_OCSP
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 #endif
 extern BOOL    tls_offered;            /* Server offered TLS */
@@ -117,6 +126,13 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
 #endif
 
+#ifdef EXPERIMENTAL_DSN
+extern uschar  *dsn_envid;             /* DSN envid string */
+extern int      dsn_ret;               /* DSN ret type*/
+extern const pcre  *regex_DSN;         /* For recognizing DSN settings */
+extern BOOL     smtp_use_dsn;          /* Global for passed connections */
+extern uschar  *dsn_advertise_hosts;   /* host for which TLS is advertised */
+#endif
 
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. */
@@ -151,7 +167,7 @@ extern uschar *acl_removed_headers;    /* Headers deleted by an ACL */
 extern uschar *acl_smtp_auth;          /* ACL run for AUTH */
 extern uschar *acl_smtp_connect;       /* ACL run on SMTP connection */
 extern uschar *acl_smtp_data;          /* ACL run after DATA received */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
 extern uschar *acl_smtp_data_prdr;     /* ACL run after DATA received if in PRDR mode*/
 const extern pcre *regex_PRDR;         /* For recognizing PRDR settings */
 #endif
@@ -307,7 +323,7 @@ extern BOOL    deliver_drop_privilege; /* TRUE for unprivileged delivery */
 extern BOOL    deliver_firsttime;      /* True for first delivery attempt */
 extern BOOL    deliver_force;          /* TRUE if delivery was forced */
 extern BOOL    deliver_freeze;         /* TRUE if delivery is frozen */
-extern int     deliver_frozen_at;      /* Time of freezing */
+extern time_t  deliver_frozen_at;      /* Time of freezing */
 extern uschar *deliver_home;           /* Home directory for pipes */
 extern uschar *deliver_host;           /* (First) host for routed local deliveries */
                                        /* Remote host for filter */
@@ -354,6 +370,7 @@ extern BOOL    dkim_disable_verify;    /* Set via ACL control statement. When se
 #ifdef EXPERIMENTAL_DMARC
 extern BOOL    dmarc_has_been_checked; /* Global variable to check if test has been called yet */
 extern uschar *dmarc_ar_header;        /* Expansion variable, suggested header for dmarc auth results */
+extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */
 extern uschar *dmarc_status;           /* Expansion variable, one word value */
@@ -368,6 +385,9 @@ extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
 extern int     dns_csa_search_limit;   /* How deep to search for CSA SRV records */
 extern BOOL    dns_csa_use_reverse;    /* Check CSA in reverse DNS? (non-standard) */
 extern uschar *dns_ipv4_lookup;        /* For these domains, don't look for AAAA (or A6) */
+#ifdef EXPERIMENTAL_DANE
+extern int     dns_dane_ok;            /* Ok to use DANE when checking TLS authenticity */
+#endif
 extern int     dns_retrans;            /* Retransmission time setting */
 extern int     dns_retry;              /* Number of retries */
 extern int     dns_dnssec_ok;          /* When constructing DNS query, set DO flag */
@@ -502,6 +522,7 @@ extern unsigned int log_write_selector;/* Bit map of logging options for log_wri
 extern uschar *login_sender_address;   /* The actual sender address */
 extern lookup_info **lookup_list;      /* Array of pointers to available lookups */
 extern int     lookup_list_count;      /* Number of entries in the list */
+extern uschar *lookup_dnssec_authenticated; /* AD status of dns lookup */
 extern int     lookup_open_max;        /* Max lookup files to cache */
 extern uschar *lookup_value;           /* Value looked up from file */
 
@@ -581,7 +602,7 @@ extern uschar *percent_hack_domains;   /* Local domains for which '% operates */
 extern uschar *pid_file_path;          /* For writing daemon pids */
 extern uschar *pipelining_advertise_hosts; /* As it says */
 extern BOOL    pipelining_enable;      /* As it says */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
 extern BOOL    prdr_enable;            /* As it says */
 extern BOOL    prdr_requested;         /* Connecting mail server wants PRDR */
 #endif
@@ -594,11 +615,13 @@ extern uschar *process_log_path;       /* Alternate path */
 extern BOOL    prod_requires_admin;    /* TRUE if prodding requires admin */
 
 #ifdef EXPERIMENTAL_PROXY
-extern uschar *proxy_host;             /* IP of proxy server */
-extern int     proxy_port;             /* Port of proxy server */
+extern uschar *proxy_host_address;     /* IP of host being proxied */
+extern int     proxy_host_port;        /* Port of host being proxied */
 extern uschar *proxy_required_hosts;   /* Hostlist which (require) use proxy protocol */
 extern BOOL    proxy_session;          /* TRUE if receiving mail from valid proxy  */
 extern BOOL    proxy_session_failed;   /* TRUE if required proxy negotiation failed */
+extern uschar *proxy_target_address;   /* IP of proxy server inbound */
+extern int     proxy_target_port;      /* Port of proxy server inbound */
 #endif
 
 extern uschar *prvscheck_address;      /* Set during prvscheck expansion item */