X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5ef5dd52d1ded8b0ffdf4708e1d00e4ef458b86a..e983e85a314998aed1d586990969fea128a8b4c7:/src/src/acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 911ecfed2..492e9bf17 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for handling Access Control Lists (ACLs) */
@@ -65,9 +65,6 @@ enum { ACLC_ACL,
        ACLC_DECODE,
 #endif
        ACLC_DELAY,
-#ifdef WITH_OLD_DEMIME
-       ACLC_DEMIME,
-#endif
 #ifndef DISABLE_DKIM
        ACLC_DKIM_SIGNER,
        ACLC_DKIM_STATUS,
@@ -91,6 +88,7 @@ enum { ACLC_ACL,
 #ifdef WITH_CONTENT_SCAN
        ACLC_MIME_REGEX,
 #endif
+       ACLC_QUEUE,
        ACLC_RATELIMIT,
        ACLC_RECIPIENTS,
 #ifdef WITH_CONTENT_SCAN
@@ -111,7 +109,7 @@ enum { ACLC_ACL,
        ACLC_VERIFY };
 
 /* ACL conditions/modifiers: "delay", "control", "continue", "endpass",
-"message", "log_message", "log_reject_target", "logwrite", and "set" are
+"message", "log_message", "log_reject_target", "logwrite", "queue" and "set" are
 modifiers that look like conditions but always return TRUE. They are used for
 their side effects. */
 
@@ -132,9 +130,6 @@ static uschar *conditions[] = {
   US"decode",
 #endif
   US"delay",
-#ifdef WITH_OLD_DEMIME
-  US"demime",
-#endif
 #ifndef DISABLE_DKIM
   US"dkim_signers",
   US"dkim_status",
@@ -158,13 +153,16 @@ static uschar *conditions[] = {
 #ifdef WITH_CONTENT_SCAN
   US"mime_regex",
 #endif
+  US"queue",
   US"ratelimit",
   US"recipients",
 #ifdef WITH_CONTENT_SCAN
   US"regex",
 #endif
   US"remove_header",
-  US"sender_domains", US"senders", US"set",
+  US"sender_domains",
+  US"senders",
+  US"set",
 #ifdef WITH_CONTENT_SCAN
   US"spam",
 #endif
@@ -208,7 +206,7 @@ enum {
 #endif
   CONTROL_FAKEDEFER,
   CONTROL_FAKEREJECT,
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
   CONTROL_UTF8_DOWNCONVERT,
 #endif
   CONTROL_NO_MULTILINE,
@@ -251,7 +249,7 @@ static uschar *controls[] = {
 #endif
   US"fakedefer",
   US"fakereject",
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
   US"utf8_downconvert",
 #endif
   US"no_multiline_responses",
@@ -281,9 +279,6 @@ static uschar cond_expand_at_top[] = {
   TRUE,    /* decode */
 #endif
   TRUE,    /* delay */
-#ifdef WITH_OLD_DEMIME
-  TRUE,    /* demime */
-#endif
 #ifndef DISABLE_DKIM
   TRUE,    /* dkim_signers */
   TRUE,    /* dkim_status */
@@ -307,6 +302,7 @@ static uschar cond_expand_at_top[] = {
 #ifdef WITH_CONTENT_SCAN
   TRUE,    /* mime_regex */
 #endif
+  TRUE,    /* queue */
   TRUE,    /* ratelimit */
   FALSE,   /* recipients */
 #ifdef WITH_CONTENT_SCAN
@@ -346,9 +342,6 @@ static uschar cond_modifiers[] = {
   FALSE,   /* decode */
 #endif
   TRUE,    /* delay */
-#ifdef WITH_OLD_DEMIME
-  FALSE,   /* demime */
-#endif
 #ifndef DISABLE_DKIM
   FALSE,   /* dkim_signers */
   FALSE,   /* dkim_status */
@@ -372,6 +365,7 @@ static uschar cond_modifiers[] = {
 #ifdef WITH_CONTENT_SCAN
   FALSE,   /* mime_regex */
 #endif
+  TRUE,    /* queue */
   FALSE,   /* ratelimit */
   FALSE,   /* recipients */
 #ifdef WITH_CONTENT_SCAN
@@ -453,15 +447,6 @@ static unsigned int cond_forbids[] = {
 
   (1<<ACL_WHERE_NOTQUIT),                          /* delay */
 
-  #ifdef WITH_OLD_DEMIME
-  (unsigned int)
-  ~((1<<ACL_WHERE_DATA)|                           /* demime */
-  #ifndef DISABLE_PRDR
-    (1<<ACL_WHERE_PRDR)|
-  #endif
-    (1<<ACL_WHERE_NOTSMTP)),
-  #endif
-
   #ifndef DISABLE_DKIM
   (unsigned int)
   ~(1<<ACL_WHERE_DKIM),                            /* dkim_signers */
@@ -475,11 +460,14 @@ static unsigned int cond_forbids[] = {
   ~(1<<ACL_WHERE_DATA),                            /* dmarc_status */
   #endif
 
-  (1<<ACL_WHERE_NOTSMTP)|                          /* dnslists */
-    (1<<ACL_WHERE_NOTSMTP_START),
+  /* Explicit key lookups can be made in non-smtp ACLs so pass
+  always and check in the verify processing itself. */
+
+  0,						   /* dnslists */
 
   (unsigned int)
   ~((1<<ACL_WHERE_RCPT)                            /* domains */
+    |(1<<ACL_WHERE_VRFY)
   #ifndef DISABLE_PRDR
     |(1<<ACL_WHERE_PRDR)
   #endif
@@ -497,6 +485,7 @@ static unsigned int cond_forbids[] = {
 
   (unsigned int)
   ~((1<<ACL_WHERE_RCPT)                             /* local_parts */
+    |(1<<ACL_WHERE_VRFY)
   #ifndef DISABLE_PRDR
     |(1<<ACL_WHERE_PRDR)
   #endif
@@ -524,6 +513,12 @@ static unsigned int cond_forbids[] = {
   ~(1<<ACL_WHERE_MIME),                            /* mime_regex */
   #endif
 
+  (1<<ACL_WHERE_NOTSMTP)|                          /* queue */
+  #ifndef DISABLE_PRDR
+    (1<<ACL_WHERE_PRDR)|
+  #endif
+    (1<<ACL_WHERE_DATA),
+
   0,                                               /* ratelimit */
 
   (unsigned int)
@@ -693,7 +688,7 @@ static unsigned int control_forbids[] = {
 #endif
     (1<<ACL_WHERE_MIME)),
 
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
   0,                                               /* utf8_downconvert */
 #endif
 
@@ -750,7 +745,7 @@ static control_def controls_list[] = {
   { US"submission",              CONTROL_SUBMISSION,            TRUE },
   { US"suppress_local_fixups",   CONTROL_SUPPRESS_LOCAL_FIXUPS, FALSE },
   { US"cutthrough_delivery",     CONTROL_CUTTHROUGH_DELIVERY,   FALSE },
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
   { US"utf8_downconvert",        CONTROL_UTF8_DOWNCONVERT,      TRUE }
 #endif
   };
@@ -1072,9 +1067,9 @@ while (*hstring == '\n') hstring++, hlen--;
 
 /* An empty string does nothing; ensure exactly one final newline. */
 if (hlen <= 0) return;
-if (hstring[--hlen] != '\n')
+if (hstring[--hlen] != '\n')		/* no newline */
   q = string_sprintf("%s\n", hstring);
-else if (hstring[hlen-1] == '\n')
+else if (hstring[hlen-1] == '\n')	/* double newline */
   {
   uschar * s = string_copy(hstring);
   while(s[--hlen] == '\n')
@@ -1097,7 +1092,7 @@ for (p = q; *p != 0; )
 
   for (;;)
     {
-    q = Ustrchr(q, '\n');
+    q = Ustrchr(q, '\n');		/* we know there was a newline */
     if (*(++q) != ' ' && *q != '\t') break;
     }
 
@@ -1176,11 +1171,11 @@ uschar *
 fn_hdrs_added(void)
 {
 uschar * ret = NULL;
+int size = 0;
+int ptr = 0;
 header_line * h = acl_added_headers;
 uschar * s;
 uschar * cp;
-int size = 0;
-int ptr = 0;
 
 if (!h) return NULL;
 
@@ -1192,13 +1187,13 @@ do
     if (cp[1] == '\0') break;
 
     /* contains embedded newline; needs doubling */
-    ret = string_cat(ret, &size, &ptr, s, cp-s+1);
-    ret = string_cat(ret, &size, &ptr, US"\n", 1);
+    ret = string_catn(ret, &size, &ptr, s, cp-s+1);
+    ret = string_catn(ret, &size, &ptr, US"\n", 1);
     s = cp+1;
     }
   /* last bit of header */
 
-  ret = string_cat(ret, &size, &ptr, s, cp-s+1);	/* newline-sep list */
+  ret = string_catn(ret, &size, &ptr, s, cp-s+1);	/* newline-sep list */
   }
 while((h = h->next));
 
@@ -2022,15 +2017,15 @@ message if giving out verification details. */
 if (verify_header_sender)
   {
   int verrno;
-  rc = verify_check_header_address(user_msgptr, log_msgptr, callout,
+
+  if ((rc = verify_check_header_address(user_msgptr, log_msgptr, callout,
     callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options,
-    &verrno);
-  if (rc != OK)
+    &verrno)) != OK)
     {
     *basic_errno = verrno;
     if (smtp_return_error_details)
       {
-      if (*user_msgptr == NULL && *log_msgptr != NULL)
+      if (!*user_msgptr && *log_msgptr)
         *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
       if (rc == DEFER) acl_temp_details = TRUE;
       }
@@ -2052,10 +2047,9 @@ Therefore, we always do a full sender verify when any kind of callout is
 specified. Caching elsewhere, for instance in the DNS resolver and in the
 callout handling, should ensure that this is not terribly inefficient. */
 
-else if (verify_sender_address != NULL)
+else if (verify_sender_address)
   {
-  if ((verify_options & (vopt_callout_recipsender|vopt_callout_recippmaster))
-       != 0)
+  if ((verify_options & (vopt_callout_recipsender|vopt_callout_recippmaster)))
     {
     *log_msgptr = US"use_sender or use_postmaster cannot be used for a "
       "sender verify callout";
@@ -2071,7 +2065,9 @@ else if (verify_sender_address != NULL)
     callout that was done previously). If the "routed" flag is not set, routing
     must have failed, so we use the saved return code. */
 
-    if (testflag(sender_vaddr, af_verify_routed)) rc = OK; else
+    if (testflag(sender_vaddr, af_verify_routed))
+      rc = OK;
+    else
       {
       rc = sender_vaddr->special_action;
       *basic_errno = sender_vaddr->basic_errno;
@@ -2095,7 +2091,7 @@ else if (verify_sender_address != NULL)
     uschar *save_address_data = deliver_address_data;
 
     sender_vaddr = deliver_make_addr(verify_sender_address, TRUE);
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
     if ((sender_vaddr->prop.utf8_msg = message_smtputf8))
       {
       sender_vaddr->prop.utf8_downcvt =       message_utf8_downconvert == 1;
@@ -2125,22 +2121,21 @@ else if (verify_sender_address != NULL)
 
       HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
 
-      if (rc == OK)
-        {
-        if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0)
-          {
-          DEBUG(D_acl) debug_printf("sender %s verified ok as %s\n",
-            verify_sender_address, sender_vaddr->address);
-          }
-        else
-          {
-          DEBUG(D_acl) debug_printf("sender %s verified ok\n",
-            verify_sender_address);
-          }
-        }
-      else *basic_errno = sender_vaddr->basic_errno;
+      if (rc != OK)
+        *basic_errno = sender_vaddr->basic_errno;
+      else
+	DEBUG(D_acl)
+	  {
+	  if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0)
+	    debug_printf("sender %s verified ok as %s\n",
+	      verify_sender_address, sender_vaddr->address);
+	  else
+	    debug_printf("sender %s verified ok\n",
+	      verify_sender_address);
+	  }
       }
-    else rc = OK;  /* Null sender */
+    else
+      rc = OK;  /* Null sender */
 
     /* Cache the result code */
 
@@ -2372,17 +2367,13 @@ rate measurement as opposed to rate limiting. */
 
 sender_rate_limit = string_nextinlist(&arg, &sep, NULL, 0);
 if (sender_rate_limit == NULL)
-  {
-  limit = -1.0;
-  ss = NULL;	/* compiler quietening */
-  }
-else
-  {
-  limit = Ustrtod(sender_rate_limit, &ss);
-  if (tolower(*ss) == 'k') { limit *= 1024.0; ss++; }
-  else if (tolower(*ss) == 'm') { limit *= 1024.0*1024.0; ss++; }
-  else if (tolower(*ss) == 'g') { limit *= 1024.0*1024.0*1024.0; ss++; }
-  }
+  return ratelimit_error(log_msgptr, "sender rate limit not set");
+
+limit = Ustrtod(sender_rate_limit, &ss);
+if      (tolower(*ss) == 'k') { limit *= 1024.0; ss++; }
+else if (tolower(*ss) == 'm') { limit *= 1024.0*1024.0; ss++; }
+else if (tolower(*ss) == 'g') { limit *= 1024.0*1024.0*1024.0; ss++; }
+
 if (limit < 0.0 || *ss != '\0')
   return ratelimit_error(log_msgptr,
     "\"%s\" is not a positive number", sender_rate_limit);
@@ -2997,8 +2988,6 @@ acl_check_condition(int verb, acl_condition_block *cb, int where,
 {
 uschar *user_message = NULL;
 uschar *log_message = NULL;
-uschar *debug_tag = NULL;
-uschar *debug_opts = NULL;
 int rc = OK;
 #ifdef WITH_CONTENT_SCAN
 int sep = -'/';
@@ -3350,24 +3339,39 @@ for (; cb != NULL; cb = cb->next)
 	break;
 
 	case CONTROL_DEBUG:
-	while (*p == '/')
 	  {
-	  if (Ustrncmp(p, "/tag=", 5) == 0)
-	    {
-	    const uschar *pp = p + 5;
-	    while (*pp != '\0' && *pp != '/') pp++;
-	    debug_tag = string_copyn(p+5, pp-p-5);
-	    p = pp;
-	    }
-	  else if (Ustrncmp(p, "/opts=", 6) == 0)
+	  uschar * debug_tag = NULL;
+	  uschar * debug_opts = NULL;
+	  BOOL kill = FALSE;
+
+	  while (*p == '/')
 	    {
-	    const uschar *pp = p + 6;
-	    while (*pp != '\0' && *pp != '/') pp++;
-	    debug_opts = string_copyn(p+6, pp-p-6);
+	    const uschar * pp = p+1;
+	    if (Ustrncmp(pp, "tag=", 4) == 0)
+	      {
+	      for (pp += 4; *pp && *pp != '/';) pp++;
+	      debug_tag = string_copyn(p+5, pp-p-5);
+	      }
+	    else if (Ustrncmp(pp, "opts=", 5) == 0)
+	      {
+	      for (pp += 5; *pp && *pp != '/';) pp++;
+	      debug_opts = string_copyn(p+6, pp-p-6);
+	      }
+	    else if (Ustrncmp(pp, "kill", 4) == 0)
+	      {
+	      for (pp += 4; *pp && *pp != '/';) pp++;
+	      kill = TRUE;
+	      }
+	    else
+	      while (*pp && *pp != '/') pp++;
 	    p = pp;
 	    }
+
+	    if (kill)
+	      debug_logging_stop();
+	    else
+	      debug_logging_activate(debug_tag, debug_opts);
 	  }
-	  debug_logging_activate(debug_tag, debug_opts);
 	break;
 
 	case CONTROL_SUPPRESS_LOCAL_FIXUPS:
@@ -3402,7 +3406,7 @@ for (; cb != NULL; cb = cb->next)
 	  }
 	return ERROR;
 
-    #ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
 	case CONTROL_UTF8_DOWNCONVERT:
 	if (*p == '/')
 	  {
@@ -3440,7 +3444,7 @@ for (; cb != NULL; cb = cb->next)
 	  break;
 	  }
 	return ERROR;
-    #endif
+#endif
 
 	}
       break;
@@ -3533,19 +3537,13 @@ for (; cb != NULL; cb = cb->next)
       }
     break;
 
-    #ifdef WITH_OLD_DEMIME
-    case ACLC_DEMIME:
-      rc = demime(&arg);
-    break;
-    #endif
-
     #ifndef DISABLE_DKIM
     case ACLC_DKIM_SIGNER:
     if (dkim_cur_signer != NULL)
       rc = match_isinlist(dkim_cur_signer,
                           &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
     else
-       rc = FAIL;
+      rc = FAIL;
     break;
 
     case ACLC_DKIM_STATUS:
@@ -3567,7 +3565,7 @@ for (; cb != NULL; cb = cb->next)
     #endif
 
     case ACLC_DNSLISTS:
-    rc = verify_check_dnsbl(&arg);
+    rc = verify_check_dnsbl(where, &arg, log_msgptr);
     break;
 
     case ACLC_DOMAINS:
@@ -3704,6 +3702,10 @@ for (; cb != NULL; cb = cb->next)
     break;
     #endif
 
+    case ACLC_QUEUE:
+    queue_name = string_copy_malloc(arg);
+    break;
+
     case ACLC_RATELIMIT:
     rc = acl_ratelimit(arg, where, log_msgptr);
     break;
@@ -3744,7 +3746,7 @@ for (; cb != NULL; cb = cb->next)
       {
       int old_pool = store_pool;
       if (  cb->u.varname[0] == 'c'
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 	 || event_name		/* An event is being delivered */
 #endif
 	 )
@@ -4452,9 +4454,9 @@ ratelimiters_cmd = NULL;
 log_reject_target = LOG_MAIN|LOG_REJECT;
 
 #ifndef DISABLE_PRDR
-if (where == ACL_WHERE_RCPT || where == ACL_WHERE_PRDR)
+if (where==ACL_WHERE_RCPT || where==ACL_WHERE_VRFY || where==ACL_WHERE_PRDR)
 #else
-if (where == ACL_WHERE_RCPT)
+if (where==ACL_WHERE_RCPT || where==ACL_WHERE_VRFY)
 #endif
   {
   adb = address_defaults;
@@ -4465,7 +4467,7 @@ if (where == ACL_WHERE_RCPT)
     *log_msgptr = US"defer in percent_hack_domains check";
     return DEFER;
     }
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
   if ((addr->prop.utf8_msg = message_smtputf8))
     {
     addr->prop.utf8_downcvt =       message_utf8_downconvert == 1;
@@ -4485,8 +4487,8 @@ and WHERE_RCPT and not yet opened conn as result of recipient-verify,
 and rcpt acl returned accept,
 and first recipient (cancel on any subsequents)
 open one now and run it up to RCPT acceptance.
-A failed verify should cancel cutthrough request.
-
+A failed verify should cancel cutthrough request,
+and will pass the fail to the originator.
 Initial implementation:  dual-write to spool.
 Assume the rxd datastream is now being copied byte-for-byte to an open cutthrough connection.
 
@@ -4505,12 +4507,14 @@ case ACL_WHERE_RCPT:
 #ifndef DISABLE_PRDR
 case ACL_WHERE_PRDR:
 #endif
-  if (rc == OK  &&  cutthrough.delivery  && rcpt_count > cutthrough.nrcpt)
-    open_cutthrough_connection(addr);
+  if (host_checking_callout)	/* -bhc mode */
+    cancel_cutthrough_connection("host-checking mode");
+  else if (rc == OK && cutthrough.delivery && rcpt_count > cutthrough.nrcpt)
+    rc = open_cutthrough_connection(addr);
   break;
 
 case ACL_WHERE_PREDATA:
-  if( rc == OK )
+  if (rc == OK)
     cutthrough_predata();
   else
     cancel_cutthrough_connection("predata acl not ok");