* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2017 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
#ifdef STAND_ALONE
-#ifndef SUPPORT_CRYPTEQ
-#define SUPPORT_CRYPTEQ
-#endif
+# ifndef SUPPORT_CRYPTEQ
+# define SUPPORT_CRYPTEQ
+# endif
#endif
#ifdef LOOKUP_LDAP
-#include "lookups/ldap.h"
+# include "lookups/ldap.h"
#endif
#ifdef SUPPORT_CRYPTEQ
-#ifdef CRYPT_H
-#include <crypt.h>
-#endif
-#ifndef HAVE_CRYPT16
+# ifdef CRYPT_H
+# include <crypt.h>
+# endif
+# ifndef HAVE_CRYPT16
extern char* crypt16(char*, char*);
-#endif
+# endif
#endif
/* The handling of crypt16() is a mess. I will record below the analysis of the
static uschar *item_table[] = {
US"acl",
+ US"authresults",
US"certextract",
US"dlfunc",
US"env",
enum {
EITEM_ACL,
+ EITEM_AUTHRESULTS,
EITEM_CERTEXTRACT,
EITEM_DLFUNC,
EITEM_ENV,
{ "spam_score", vtype_stringptr, &spam_score },
{ "spam_score_int", vtype_stringptr, &spam_score_int },
#endif
-#ifdef EXPERIMENTAL_SPF
+#ifdef SUPPORT_SPF
{ "spf_guess", vtype_stringptr, &spf_guess },
{ "spf_header_comment", vtype_stringptr, &spf_header_comment },
{ "spf_received", vtype_stringptr, &spf_received },
{ "tls_out_bits", vtype_int, &tls_out.bits },
{ "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
{ "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
-#ifdef EXPERIMENTAL_DANE
+#ifdef SUPPORT_DANE
{ "tls_out_dane", vtype_bool, &tls_out.dane_verified },
#endif
{ "tls_out_ocsp", vtype_int, &tls_out.ocsp },
#if defined(SUPPORT_TLS)
{ "tls_out_sni", vtype_stringptr, &tls_out.sni },
#endif
-#ifdef EXPERIMENTAL_DANE
+#ifdef SUPPORT_DANE
{ "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
#endif
+/* Append an "iprev" element to an Autherntication-Results: header
+if we have attempted to get the calling host's name.
+*/
+
+static gstring *
+authres_iprev(gstring * g)
+{
+if (sender_host_name)
+ return string_append(g, 3, US";\\n\\tiprev=pass (", sender_host_name, US")");
+if (host_lookup_deferred)
+ return string_catn(g, US";\\n\\tiprev=temperror", 21);
+if (host_lookup_failed)
+ return string_catn(g, US";\\n\\tiprev=fail", 15);
+return g;
+}
+
+
+
/*************************************************
* Return list of recipients *
*************************************************/
return var_buffer;
case vtype_host_lookup: /* Lookup if not done so */
- if (sender_host_name == NULL && sender_host_address != NULL &&
- !host_lookup_failed && host_name_lookup() == OK)
+ if ( !sender_host_name && sender_host_address
+ && !host_lookup_failed && host_name_lookup() == OK)
host_build_sender_fullhost();
- return (sender_host_name == NULL)? US"" : sender_host_name;
+ return sender_host_name ? sender_host_name : US"";
case vtype_localpart: /* Get local part from address */
s = *((uschar **)(val));
"after \"%s\"", name);
return NULL;
}
- sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
- honour_dollar, resetok);
- if (sub[i] == NULL) return NULL;
+ if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
+ honour_dollar, resetok)))
+ return NULL;
+ DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
+ debug_printf_indent("WARNING: the second arg is NOT expanded,"
+ " for security reasons\n");
if (*s++ != '}') goto COND_FAILED_CURLY_END;
/* Convert to numerical if required; we know that the names of all the
}
}
+ case EITEM_AUTHRESULTS:
+ /* ${authresults {mysystemname}} */
+ {
+ uschar *sub_arg[1];
+
+ switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
+ &resetok))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ yield = string_append(yield, 3,
+ US"Authentication-Results: ", sub_arg[0], US"; none");
+ yield->ptr -= 6;
+
+ yield = authres_iprev(yield);
+ yield = authres_smtpauth(yield);
+#ifdef SUPPORT_SPF
+ yield = authres_spf(yield);
+#endif
+#ifndef DISABLE_DKIM
+ yield = authres_dkim(yield);
+#endif
+ continue;
+ }
+
/* Handle conditionals - preserve the values of the numerical expansion
variables in case they get changed by a regular expression match in the
condition. If not, they retain their external settings. At the end
if (*s++ != '}')
{ /*{*/
expand_string_message = string_sprintf("missing } at end of condition "
- "or expression inside \"%s\"", name);
+ "or expression inside \"%s\"; could be an unquoted } in the content",
+ name);
goto EXPAND_FAILED;
}
}
continue;
#else
- expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 +";
+ expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +";
goto EXPAND_FAILED;
#endif
if (expand_string_forcedfail)
debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
}
-if (resetok_p) *resetok_p = resetok;
+if (resetok_p && !resetok) *resetok_p = FALSE;
expand_level--;
return NULL;
}
due to a lookup deferring, search_find_defer will be TRUE
*/
-uschar *
-expand_string(uschar *string)
+const uschar *
+expand_cstring(const uschar * string)
{
-search_find_defer = FALSE;
-malformed_header = FALSE;
-return (Ustrpbrk(string, "$\\") == NULL)? string :
- expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
+if (Ustrpbrk(string, "$\\") != NULL)
+ {
+ int old_pool = store_pool;
+ uschar * s;
+
+ search_find_defer = FALSE;
+ malformed_header = FALSE;
+ store_pool = POOL_MAIN;
+ s = expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
+ store_pool = old_pool;
+ return s;
+ }
+return string;
}
-
-const uschar *
-expand_cstring(const uschar *string)
+uschar *
+expand_string(uschar * string)
{
-search_find_defer = FALSE;
-malformed_header = FALSE;
-return (Ustrpbrk(string, "$\\") == NULL)? string :
- expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
+return US expand_cstring(CUS string);
}
+
+
/*************************************************
* Expand and copy *
*************************************************/
* Error-checking for testsuite *
*************************************************/
typedef struct {
- const char * filename;
- int linenumber;
uschar * region_start;
uschar * region_end;
const uschar *var_name;
void
assert_no_variables(void * ptr, int len, const char * filename, int linenumber)
{
-err_ctx e = {filename, linenumber, ptr, US ptr + len, NULL };
+err_ctx e = { .region_start = ptr, .region_end = US ptr + len,
+ .var_name = NULL, .var_data = NULL };
int i;
var_entry * v;
if (v->type == vtype_stringptr)
assert_variable_notin(US v->name, *(USS v->value), &e);
+/* check dns and address trees */
+tree_walk(tree_dns_fails, assert_variable_notin, &e);
+tree_walk(tree_duplicates, assert_variable_notin, &e);
+tree_walk(tree_nonrecipients, assert_variable_notin, &e);
+tree_walk(tree_unusable, assert_variable_notin, &e);
+
if (e.var_name)
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'",
- e.var_name, e.filename, e.linenumber, e.var_data);
+ e.var_name, filename, linenumber, e.var_data);
}
git://git.exim.org / exim.git / blobdiff