X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7d5055276a22a91de71104775ade236051cebefc..HEAD:/src/src/verify.c diff --git a/src/src/verify.c b/src/src/verify.c index afc18d553..05b15858a 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2,9 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) The Exim Maintainers 2020 - 2022 */ -/* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 - 2024 */ +/* Copyright (c) University of Cambridge 1995 - 2023 */ /* See the file NOTICE for conditions of use and distribution. */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* Functions concerned with verifying things. The original code for callout caching was contributed by Kevin Fleming (but I hacked it around a bit). */ @@ -104,8 +105,8 @@ Return: TRUE if result found */ static BOOL -cached_callout_lookup(address_item * addr, uschar * address_key, - uschar * from_address, int * opt_ptr, uschar ** pm_ptr, +cached_callout_lookup(address_item * addr, const uschar * address_key, + const uschar * from_address, int * opt_ptr, uschar ** pm_ptr, int * yield, uschar ** failure_ptr, dbdata_callout_cache * new_domain_record, int * old_domain_res) { @@ -120,7 +121,7 @@ if (options & vopt_callout_no_cache) { HDEBUG(D_verify) debug_printf_indent("callout cache: disabled by no_cache\n"); } -else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE))) +else if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE))) { HDEBUG(D_verify) debug_printf_indent("callout cache: not available\n"); } @@ -277,10 +278,10 @@ return FALSE; */ static void cache_callout_write(dbdata_callout_cache * dom_rec, const uschar * domain, - int done, dbdata_callout_cache_address * addr_rec, uschar * address_key) + int done, dbdata_callout_cache_address * addr_rec, const uschar * address_key) { open_db dbblock; -open_db *dbm_file = NULL; +open_db * dbm_file = NULL; /* If we get here with done == TRUE, a successful callout happened, and yield will be set OK or FAIL according to the response to the RCPT command. @@ -363,10 +364,11 @@ if (addr->transport == cutthrough.addr.transport) deliver_host_address = host->address; deliver_host_port = host->port; deliver_domain = addr->domain; - transport_name = addr->transport->name; + transport_name = addr->transport->drinst.name; host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET; + GET_OPTION("interface"); if ( !smtp_get_interface(tf->interface, host_af, addr, &interface, US"callout") || !smtp_get_port(tf->port, addr, &port, US"callout") @@ -501,11 +503,11 @@ do_callout(address_item *addr, host_item *host_list, transport_feedback *tf, int yield = OK; int old_domain_cache_result = ccache_accept; BOOL done = FALSE; -uschar *address_key; -uschar *from_address; -uschar *random_local_part = NULL; -const uschar *save_deliver_domain = deliver_domain; -uschar **failure_ptr = options & vopt_is_recipient +const uschar * address_key; +const uschar * from_address; +uschar * random_local_part = NULL; +const uschar * save_deliver_domain = deliver_domain; +uschar ** failure_ptr = options & vopt_is_recipient ? &recipient_verify_failure : &sender_verify_failure; dbdata_callout_cache new_domain_record; dbdata_callout_cache_address new_address_record; @@ -563,13 +565,12 @@ if (!addr->transport) HDEBUG(D_verify) debug_printf("cannot callout via null transport\n"); } -else if (Ustrcmp(addr->transport->driver_name, "smtp") != 0) +else if (Ustrcmp(addr->transport->drinst.driver_name, "smtp") != 0) log_write(0, LOG_MAIN|LOG_PANIC|LOG_CONFIG_FOR, "callout transport '%s': %s is non-smtp", - addr->transport->name, addr->transport->driver_name); + addr->transport->drinst.name, addr->transport->drinst.driver_name); else { - smtp_transport_options_block *ob = - (smtp_transport_options_block *)addr->transport->options_block; + smtp_transport_options_block * ob = addr->transport->drinst.options_block; smtp_context * sx = NULL; /* The information wasn't available in the cache, so we have to do a real @@ -578,10 +579,14 @@ else with a random local part, ensure that such a local part is available. If not, log the fact, but carry on without randomising. */ - if (options & vopt_callout_random && callout_random_local_part) - if (!(random_local_part = expand_string(callout_random_local_part))) + if (options & vopt_callout_random) + { + GET_OPTION("callout_random_local_part"); + if ( callout_random_local_part + && !(random_local_part = expand_string(callout_random_local_part))) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); + } /* Compile regex' used by client-side smtp */ @@ -657,8 +662,9 @@ coding means skipping this whole loop and doing the append separately. */ deliver_host_address = host->address; deliver_host_port = host->port; deliver_domain = addr->domain; - transport_name = addr->transport->name; + transport_name = addr->transport->drinst.name; + GET_OPTION("interface"); if ( !smtp_get_interface(tf->interface, host_af, addr, &interface, US"callout") || !smtp_get_port(tf->port, addr, &port, US"callout") @@ -676,7 +682,7 @@ coding means skipping this whole loop and doing the append separately. */ sx->conn_args.interface = interface; sx->helo_data = tf->helo_data; sx->conn_args.tblock = addr->transport; - sx->conn_args.sock = -1; + sx->cctx.sock = sx->conn_args.sock = -1; sx->verify = TRUE; tls_retry_connection: @@ -707,7 +713,33 @@ tls_retry_connection: #endif if (yield != OK) { + smtp_debug_cmd_report(); /*XXX we seem to exit without what should + be a common call to this. How? */ errno = addr->basic_errno; + + /* For certain errors we want specifically to log the transport name, + for ease of fixing config errors. Slightly ugly doing it here, but we want + to not leak that also in the SMTP response. */ + switch (errno) + { + case EPROTOTYPE: + case ENOPROTOOPT: + case EPROTONOSUPPORT: + case ESOCKTNOSUPPORT: + case EOPNOTSUPP: + case EPFNOSUPPORT: + case EAFNOSUPPORT: + case EADDRINUSE: + case EADDRNOTAVAIL: + case ENETDOWN: + case ENETUNREACH: + log_write(0, LOG_MAIN|LOG_PANIC, + "%s verify %s (making calloout connection): T=%s %s", + options & vopt_is_recipient ? "sender" : "recipient", + yield == FAIL ? "fail" : "defer", + transport_name, strerror(errno)); + } + transport_name = NULL; deliver_host = deliver_host_address = NULL; deliver_domain = save_deliver_domain; @@ -746,7 +778,7 @@ tls_retry_connection: if (random_local_part) { - uschar * main_address = addr->address; + const uschar * main_address = addr->address; const uschar * rcpt_domain = addr->domain; #ifdef SUPPORT_I18N @@ -798,7 +830,7 @@ tls_retry_connection: /* Remember when we last did a random test */ new_domain_record.random_stamp = time(NULL); - if (smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0) + if (smtp_write_mail_and_rcpt_cmds(sx, &yield) == sw_mrc_ok) switch(addr->transport_return) { case PENDING_OK: /* random was accepted, unfortunately */ @@ -866,33 +898,34 @@ tls_retry_connection: done = FALSE; switch(smtp_write_mail_and_rcpt_cmds(sx, &yield)) { - case 0: switch(addr->transport_return) /* ok so far */ - { - case PENDING_OK: done = TRUE; - new_address_record.result = ccache_accept; - break; - case FAIL: done = TRUE; - yield = FAIL; - *failure_ptr = US"recipient"; - new_address_record.result = ccache_reject; - break; - default: break; - } - break; + case sw_mrc_ok: + switch(addr->transport_return) /* ok so far */ + { + case PENDING_OK: done = TRUE; + new_address_record.result = ccache_accept; + break; + case FAIL: done = TRUE; + yield = FAIL; + *failure_ptr = US"recipient"; + new_address_record.result = ccache_reject; + break; + default: break; + } + break; - case -1: /* MAIL response error */ - *failure_ptr = US"mail"; - if (errno == 0 && sx->buffer[0] == '5') - { - setflag(addr, af_verify_nsfail); - if (from_address[0] == 0) - new_domain_record.result = ccache_reject_mfnull; - } - break; - /* non-MAIL read i/o error */ - /* non-MAIL response timeout */ - /* internal error; channel still usable */ - default: break; /* transmit failed */ + case sw_mrc_bad_mail: /* MAIL response error */ + *failure_ptr = US"mail"; + if (errno == 0 && sx->buffer[0] == '5') + { + setflag(addr, af_verify_nsfail); + if (from_address[0] == 0) + new_domain_record.result = ccache_reject_mfnull; + } + break; + /* non-MAIL read i/o error */ + /* non-MAIL response timeout */ + /* internal error; channel still usable */ + default: break; /* transmit failed */ } } @@ -917,7 +950,7 @@ tls_retry_connection: if (done) { - uschar * main_address = addr->address; + const uschar * main_address = addr->address; /*XXX oops, affixes */ addr->address = string_sprintf("postmaster@%.1000s", addr->domain); @@ -930,7 +963,7 @@ tls_retry_connection: sx->completed_addr = FALSE; sx->avoid_option = OPTION_SIZE; - if( smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0 + if( smtp_write_mail_and_rcpt_cmds(sx, &yield) == sw_mrc_ok && addr->transport_return == PENDING_OK ) done = TRUE; @@ -1055,6 +1088,8 @@ no_conn: HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n"); } #ifndef DISABLE_DKIM + /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy + body bytes to the outbound as they are received, which is the intent of cutthrough. */ if (ob->dkim.dkim_domain) { cutthrough.delivery= FALSE; @@ -1091,7 +1126,7 @@ no_conn: /* We assume no buffer in use in the outblock */ cutthrough.cctx = sx->cctx; cutthrough.nrcpt = 1; - cutthrough.transport = addr->transport->name; + cutthrough.transport = addr->transport->drinst.name; cutthrough.interface = interface; cutthrough.snd_port = sending_port; cutthrough.peer_options = smtp_peer_options; @@ -1125,7 +1160,7 @@ no_conn: /* Ensure no cutthrough on multiple verifies that were incompatible */ if (options & vopt_callout_recipsender) cancel_cutthrough_connection(TRUE, US"not usable for cutthrough"); - if (sx->send_quit) + if (sx->send_quit && sx->cctx.sock >= 0) if (smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n") != -1) /* Wait a short time for response, and discard it */ smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1); @@ -1259,7 +1294,7 @@ return FALSE; static BOOL -_cutthrough_puts(uschar * cp, int n) +_cutthrough_puts(const uschar * cp, int n) { while(n--) { @@ -1274,7 +1309,7 @@ return TRUE; /* Buffered output of counted data block. Return boolean success */ static BOOL -cutthrough_puts(uschar * cp, int n) +cutthrough_puts(const uschar * cp, int n) { if (cutthrough.cctx.sock < 0) return TRUE; if (_cutthrough_puts(cp, n)) return TRUE; @@ -1326,7 +1361,13 @@ cutthrough_data_puts(US"\r\n", 2); } -/* Get and check response from cutthrough target */ +/* Get and check response from cutthrough target. +Used for +- nonfirst RCPT +- predata +- data finaldot +- cutthrough conn close +*/ static uschar cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout) { @@ -1340,7 +1381,7 @@ sx.inblock.ptr = inbuffer; sx.inblock.ptrend = inbuffer; sx.inblock.cctx = cctx; if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout)) - cancel_cutthrough_connection(TRUE, US"target timeout on read"); + cancel_cutthrough_connection(TRUE, US"unexpected response to smtp command"); if(copy) { @@ -1374,9 +1415,9 @@ return cutthrough_response(&cutthrough.cctx, '3', NULL, CUTTHROUGH_DATA_TIMEOUT) /* tctx arg only to match write_chunk() */ static BOOL -cutthrough_write_chunk(transport_ctx * tctx, uschar * s, int len) +cutthrough_write_chunk(transport_ctx * tctx, const uschar * s, int len) { -uschar * s2; +const uschar * s2; while(s && (s2 = Ustrchr(s, '\n'))) { if(!cutthrough_puts(s, s2-s) || !cutthrough_put_nl()) @@ -1664,16 +1705,16 @@ int yield = OK; int verify_type = expn ? v_expn : f.address_test_mode ? v_none : options & vopt_is_recipient ? v_recipient : v_sender; -address_item *addr_list; -address_item *addr_new = NULL; -address_item *addr_remote = NULL; -address_item *addr_local = NULL; -address_item *addr_succeed = NULL; -uschar **failure_ptr = options & vopt_is_recipient +address_item * addr_list; +address_item * addr_new = NULL; +address_item * addr_remote = NULL; +address_item * addr_local = NULL; +address_item * addr_succeed = NULL; +uschar ** failure_ptr = options & vopt_is_recipient ? &recipient_verify_failure : &sender_verify_failure; -uschar *ko_prefix, *cr; -uschar *address = vaddr->address; -uschar *save_sender; +uschar * ko_prefix, * cr; +const uschar * address = vaddr->address; +const uschar * save_sender; uschar null_sender[] = { 0 }; /* Ensure writeable memory */ /* Clear, just in case */ @@ -1718,9 +1759,8 @@ may have been set by domains and local part tests during an ACL. */ if (global_rewrite_rules) { - uschar *old = address; - /* deconst ok as address was not const */ - address = US rewrite_address(address, options & vopt_is_recipient, FALSE, + const uschar * old = address; + address = rewrite_address(address, options & vopt_is_recipient, FALSE, global_rewrite_rules, rewrite_existflags); if (address != old) { @@ -1812,7 +1852,7 @@ while (addr_new) fprintf(fp, "\n*** Error in setting up pipe, file, or autoreply:\n" "%s\n", addr->message); else if (allow) - fprintf(fp, "\n transport = %s\n", addr->transport->name); + fprintf(fp, "\n transport = %s\n", addr->transport->drinst.name); else fprintf(fp, " *** forbidden ***\n"); } @@ -1875,7 +1915,9 @@ while (addr_new) sending a message to this address. */ if ((tp = addr->transport)) - if (!tp->info->local) + { + transport_info * ti = tp->drinst.info; + if (!ti->local) { (void)(tp->setup)(tp, addr, &tf, 0, 0, NULL); @@ -1886,8 +1928,8 @@ while (addr_new) if (tf.hosts && (!host_list || tf.hosts_override)) { uschar *s; - const uschar *save_deliver_domain = deliver_domain; - uschar *save_deliver_localpart = deliver_localpart; + const uschar * save_deliver_domain = deliver_domain; + const uschar * save_deliver_localpart = deliver_localpart; host_list = NULL; /* Ignore the router's hosts */ @@ -1901,7 +1943,7 @@ while (addr_new) { log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts " "\"%s\" in %s transport for callout: %s", tf.hosts, - tp->name, expand_string_message); + tp->drinst.name, expand_string_message); } else { @@ -1927,10 +1969,9 @@ while (addr_new) else { const dnssec_domains * dsp = NULL; - if (Ustrcmp(tp->driver_name, "smtp") == 0) + if (Ustrcmp(tp->drinst.driver_name, "smtp") == 0) { - smtp_transport_options_block * ob = - (smtp_transport_options_block *) tp->options_block; + smtp_transport_options_block * ob = tp->drinst.options_block; dsp = &ob->dnssec; } @@ -1942,8 +1983,9 @@ while (addr_new) } } else if ( options & vopt_quota - && Ustrcmp(tp->driver_name, "appendfile") == 0) + && Ustrcmp(tp->drinst.driver_name, "appendfile") == 0) local_verify = TRUE; + } /* Can only do a callout if we have at least one host! If the callout fails, it will have set ${sender,recipient}_verify_failure. */ @@ -2194,13 +2236,14 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) /* Show router, and transport */ fprintf(fp, "router = %s, transport = %s\n", - addr->router->name, tp ? tp->name : US"unset"); + addr->router->drinst.name, tp ? tp->drinst.name : US"unset"); /* Show any hosts that are set up by a router unless the transport is going to override them; fiddle a bit to get a nice format. */ if (addr->host_list && tp && !tp->overrides_hosts) { + transport_info * ti = tp->drinst.info; int maxlen = 0; int maxaddlen = 0; for (host_item * h = addr->host_list; h; h = h->next) @@ -2216,7 +2259,7 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) if (h->address) fprintf(fp, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']'); - else if (tp->info->local) + else if (ti->local) fprintf(fp, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */ else fprintf(fp, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']'); @@ -2422,11 +2465,11 @@ verify_check_notblind(BOOL case_sensitive) for (int i = 0; i < recipients_count; i++) { BOOL found = FALSE; - uschar *address = recipients_list[i].address; + const uschar * address = recipients_list[i].address; for (header_line * h = header_list; !found && h; h = h->next) { - uschar *colon, *s; + uschar * colon, * s; if (h->type != htype_to && h->type != htype_cc) continue; @@ -2500,7 +2543,7 @@ Returns: pointer to an address item, or NULL */ address_item * -verify_checked_sender(uschar *sender) +verify_checked_sender(const uschar * sender) { for (address_item * addr = sender_verified_list; addr; addr = addr->next) if (Ustrcmp(sender, addr->address) == 0) return addr; @@ -2573,12 +2616,12 @@ for (int i = 0; i < 3 && !done; i++) f.parse_allow_group = TRUE; - while (*s != 0) + while (*s) { - address_item *vaddr; + address_item * vaddr; while (isspace(*s) || *s == ',') s++; - if (*s == 0) break; /* End of header */ + if (!*s) break; /* End of header */ ss = parse_find_address_end(s, FALSE); @@ -2589,7 +2632,7 @@ for (int i = 0; i < 3 && !done; i++) while (isspace(ss[-1])) ss--; terminator = *ss; - *ss = 0; + *ss = '\0'; HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n", (int)(endname - h->text), h->text, s); @@ -2834,17 +2877,17 @@ if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port, goto END_OFF; p = buffer + qlen + n; -while(isspace(*p)) p++; +Uskip_whitespace(&p); if (*p++ != ':') goto END_OFF; -while(isspace(*p)) p++; +Uskip_whitespace(&p); if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF; p += 6; -while(isspace(*p)) p++; +Uskip_whitespace(&p); if (*p++ != ':') goto END_OFF; -while (*p != 0 && *p != ':') p++; -if (*p++ == 0) goto END_OFF; -while(isspace(*p)) p++; -if (*p == 0) goto END_OFF; +while (*p && *p != ':') p++; +if (!*p++) goto END_OFF; +Uskip_whitespace(&p); +if (!*p) goto END_OFF; /* The rest of the line is the data we want. We turn it into printing characters when we save it, so that it cannot mess up the format of any logging @@ -2939,7 +2982,7 @@ if (*ss == '@') a (possibly masked) comparison with the current IP address. */ if (string_is_ip_address(ss, &maskoffset) != 0) - return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL); + return host_is_in_net(cb->host_address, ss, maskoffset) ? OK : FAIL; /* The pattern is not an IP address. A common error that people make is to omit one component of an IPv4 address, either by accident, or believing that, for @@ -2950,13 +2993,25 @@ ancient specification.) To aid in debugging these cases, we give a specific error if the pattern contains only digits and dots or contains a slash preceded only by digits and dots (a slash at the start indicates a file name and of course slashes may be present in lookups, but not preceded only by digits and -dots). */ +dots). Then the equivalent for IPv6 (roughly). */ -for (t = ss; isdigit(*t) || *t == '.'; ) t++; -if (!*t || (*t == '/' && t != ss)) +if (Ustrchr(ss, ':')) { - *error = US"malformed IPv4 address or address mask"; - return ERROR; + for (t = ss; isxdigit(*t) || *t == ':' || *t == '.'; ) t++; + if (!*t || (*t == '/' || *t == '%') && t != ss) + { + *error = string_sprintf("malformed IPv6 address or address mask: %.*s", (int)(t - ss), ss); + return ERROR; + } + } +else + { + for (t = ss; isdigit(*t) || *t == '.'; ) t++; + if (!*t || (*t == '/' && t != ss)) + { + *error = string_sprintf("malformed IPv4 address or address mask: %.*s", (int)(t - ss), ss); + return ERROR; + } } /* See if there is a semicolon in the pattern, separating a searchtype @@ -2973,6 +3028,8 @@ if ((semicolon = Ustrchr(ss, ';'))) endname = semicolon; opts = NULL; } +else + opts = NULL; /* If we are doing an IP address only match, then all lookups must be IP address lookups, even if there is no "net-". */ @@ -3002,19 +3059,16 @@ else if (iplookup) { - int insize; - int search_type; - int incoming[4]; - void *handle; - uschar *filename, *key, *result; + const lookup_info * li; + int incoming[4], insize; + void * handle; + uschar * filename, * key, * result; uschar buffer[64]; /* Find the search type */ - search_type = search_findtype(t, endname - t); - - if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", - search_error_message); + if (!(li = search_findtype(t, endname - t))) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); /* Adjust parameters for the type of lookup. For a query-style lookup, there is no file name, and the "key" is just the query. For query-style with a file @@ -3024,26 +3078,25 @@ if (iplookup) dot separators instead of colons, except when the lookup type is "iplsearch". */ - if (mac_islookup(search_type, lookup_absfilequery)) + if (mac_islookup(li, lookup_absfilequery)) { filename = semicolon + 1; key = filename; - while (*key != 0 && !isspace(*key)) key++; + Uskip_nonwhite(&key); filename = string_copyn(filename, key - filename); - while (isspace(*key)) key++; + Uskip_whitespace(&key); } - else if (mac_islookup(search_type, lookup_querystyle)) + else if (mac_islookup(li, lookup_querystyle)) { filename = NULL; key = semicolon + 1; } else /* Single-key style */ { - int sep = (Ustrcmp(lookup_list[search_type]->name, "iplsearch") == 0)? - ':' : '.'; + int sep = Ustrcmp(li->name, "iplsearch") == 0 ? ':' : '.'; insize = host_aton(cb->host_address, incoming); host_mask(insize, incoming, mlen); - (void)host_nmtoa(insize, incoming, mlen, buffer, sep); + (void) host_nmtoa(insize, incoming, mlen, buffer, sep); key = buffer; filename = semicolon + 1; } @@ -3051,7 +3104,7 @@ if (iplookup) /* Now do the actual lookup; note that there is no search_close() because of the caching arrangements. */ - if (!(handle = search_open(filename, search_type, 0, NULL, NULL))) + if (!(handle = search_open(filename, li, 0, NULL, NULL))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL, opts); @@ -3125,20 +3178,21 @@ on spec. */ if ((semicolon = Ustrchr(ss, ';'))) { const uschar * affix, * opts; - int partial, affixlen, starflags, id; + int partial, affixlen, starflags; + const lookup_info * li; *semicolon = 0; - id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags, + li = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags, &opts); *semicolon=';'; - if (id < 0) /* Unknown lookup type */ + if (!li) /* Unknown lookup type */ { log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"", search_error_message, ss); return DEFER; } - isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery); + isquery = mac_islookup(li, lookup_querystyle|lookup_absfilequery); } if (isquery) @@ -3442,7 +3496,7 @@ dbdata_callout_cache_address * cache_address_record; if (!pos_cache && !neg_cache) return FALSE; -if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE))) +if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE))) { HDEBUG(D_verify) debug_printf_indent("quota cache: not available\n"); return FALSE;