X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/80c2ec2e47c556daff00c79ee068ce68f25fd264..d56e798eb66ac044ff22f0daa2185549f5d49632:/src/src/functions.h diff --git a/src/src/functions.h b/src/src/functions.h index 110d4db19..38c8e40a0 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -53,31 +53,38 @@ extern uschar * tls_cert_fprt_sha256(void *); extern void tls_clean_env(void); extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *, void *, tls_support *, uschar **); +extern void tls_client_creds_reload(BOOL); extern void tls_close(void *, int); extern BOOL tls_could_read(void); extern void tls_daemon_init(void); +extern int tls_daemon_tick(void); extern BOOL tls_dropprivs_validate_require_cipher(BOOL); extern BOOL tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); +extern uschar *tls_field_from_dn(uschar *, const uschar *); extern void tls_free_cert(void **); extern int tls_getc(unsigned); extern uschar *tls_getbuf(unsigned *); extern void tls_get_cache(void); extern BOOL tls_import_cert(const uschar *, void **); +extern BOOL tls_is_name_for_cert(const uschar *, void *); +# ifdef USE_OPENSSL +extern BOOL tls_openssl_options_parse(uschar *, long *); +# endif extern int tls_read(void *, uschar *, size_t); -extern int tls_server_start(const uschar *, uschar **); +extern int tls_server_start(uschar **); +extern void tls_shutdown_wr(void *); extern BOOL tls_smtp_buffered(void); extern int tls_ungetc(int); +#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT) +extern void tls_watch_discard_event(int); +extern void tls_watch_invalidate(void); +#endif extern int tls_write(void *, const uschar *, size_t, BOOL); extern uschar *tls_validate_require_cipher(void); extern void tls_version_report(FILE *); -# ifdef USE_OPENSSL -extern BOOL tls_openssl_options_parse(uschar *, long *); -# endif -extern uschar * tls_field_from_dn(uschar *, const uschar *); -extern BOOL tls_is_name_for_cert(const uschar *, void *); # ifdef SUPPORT_DANE extern int tlsa_lookup(const host_item *, dns_answer *, BOOL); @@ -182,7 +189,7 @@ extern void debug_print_argv(const uschar **); extern void debug_print_ids(uschar *); extern void debug_printf_indent(const char *, ...) PRINTF_FUNCTION(1,2); extern void debug_print_string(uschar *); -extern void debug_print_tree(tree_node *); +extern void debug_print_tree(const char *, tree_node *); extern void debug_vprintf(int, const char *, va_list); extern void debug_print_socket(int); @@ -198,7 +205,6 @@ extern void deliver_set_expansions(address_item *); extern int deliver_split_address(address_item *); extern void deliver_succeeded(address_item *); -extern uschar *deliver_get_sender_address (uschar *id); extern void delivery_re_exec(int); extern void die_tainted(const uschar *, const uschar *, int); @@ -235,6 +241,7 @@ extern void msg_event_raise(const uschar *, const address_item *); extern int exim_chown_failure(int, const uschar*, uid_t, gid_t); extern const uschar * exim_errstr(int); extern void exim_exit(int) NORETURN; +extern void exim_gettime(struct timeval *); extern void exim_nullstd(void); extern void exim_setugid(uid_t, gid_t, BOOL, uschar *); extern void exim_underbar_exit(int) NORETURN; @@ -309,8 +316,7 @@ extern int ip_streamsocket(const uschar *, uschar **, int, host_item *); extern int ipv6_nmtoa(int *, uschar *); extern uschar *local_part_quote(uschar *); -extern int log_create(uschar *); -extern int log_create_as_exim(uschar *); +extern int log_open_as_exim(uschar * const); extern void log_close_all(void); extern macro_item * macro_create(const uschar *, const uschar *, BOOL); @@ -333,6 +339,9 @@ extern int match_isinlist(const uschar *, const uschar **, int, tree_node ** unsigned int *, int, BOOL, const uschar **); extern int match_check_string(const uschar *, const uschar *, int, BOOL, BOOL, BOOL, const uschar **); + +extern void message_start(void); +extern void message_tidyup(void); extern void md5_end(md5 *, const uschar *, int, uschar *); extern void md5_mid(md5 *, const uschar *); extern void md5_start(md5 *); @@ -361,16 +370,18 @@ extern FILE *modefopen(const uschar *, const char *, mode_t); extern int open_cutthrough_connection( address_item * addr ); -extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *, +extern uschar *parse_extract_address(const uschar *, uschar **, int *, int *, int *, BOOL); extern int parse_forward_list(uschar *, int, address_item **, uschar **, const uschar *, uschar *, error_block **); extern uschar *parse_find_address_end(uschar *, BOOL); -extern uschar *parse_find_at(uschar *); -extern const uschar *parse_fix_phrase(const uschar *, int, uschar *, int); -extern uschar *parse_message_id(uschar *, uschar **, uschar **); -extern const uschar *parse_quote_2047(const uschar *, int, uschar *, uschar *, int, BOOL); -extern uschar *parse_date_time(uschar *str, time_t *t); +extern const uschar *parse_find_at(const uschar *); +extern const uschar *parse_fix_phrase(const uschar *, int); +extern const uschar *parse_message_id(const uschar *, uschar **, uschar **); +extern const uschar *parse_quote_2047(const uschar *, int, uschar *, BOOL); +extern const uschar *parse_date_time(const uschar *str, time_t *t); +extern void priv_drop_temp(const uid_t, const gid_t); +extern void priv_restore(void); extern int vaguely_random_number(int); #ifndef DISABLE_TLS extern int vaguely_random_number_fallback(int); @@ -398,7 +409,7 @@ extern void readconf_driver_init(uschar *, driver_instance **, extern uschar *readconf_find_option(void *); extern void readconf_main(BOOL); extern void readconf_options_from_list(optionlist *, unsigned, const uschar *, uschar *); -extern BOOL readconf_print(uschar *, uschar *, BOOL); +extern BOOL readconf_print(const uschar *, uschar *, BOOL); extern uschar *readconf_printtime(int); extern uschar *readconf_readname(uschar *, int, uschar *); extern int readconf_readtime(const uschar *, int, BOOL); @@ -424,14 +435,14 @@ extern retry_config *retry_find_config(const uschar *, const uschar *, int, int) extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *, dbdata_retry *, time_t); extern void retry_update(address_item **, address_item **, address_item **); -extern uschar *rewrite_address(uschar *, BOOL, BOOL, rewrite_rule *, int); -extern uschar *rewrite_address_qualify(uschar *, BOOL); +extern const uschar *rewrite_address(const uschar *, BOOL, BOOL, rewrite_rule *, int); +extern const uschar *rewrite_address_qualify(const uschar *, BOOL); extern header_line *rewrite_header(header_line *, const uschar *, const uschar *, rewrite_rule *, int, BOOL); -extern uschar *rewrite_one(uschar *, int, BOOL *, BOOL, uschar *, +extern const uschar *rewrite_one(const uschar *, int, BOOL *, BOOL, uschar *, rewrite_rule *); -extern void rewrite_test(uschar *); +extern void rewrite_test(const uschar *); extern uschar *rfc2047_decode2(uschar *, BOOL, uschar *, int, int *, int *, uschar **); extern int route_address(address_item *, address_item **, address_item **, @@ -507,6 +518,7 @@ extern BOOL spool_move_message(uschar *, uschar *, uschar *, uschar *); extern int spool_open_datafile(uschar *); extern int spool_open_temp(uschar *); extern int spool_read_header(uschar *, BOOL, BOOL); +extern uschar *spool_sender_from_msgid(const uschar *); extern int spool_write_header(uschar *, int, uschar **); extern int stdin_getc(unsigned); extern int stdin_feof(void); @@ -514,6 +526,9 @@ extern int stdin_ferror(void); extern int stdin_ungetc(int); extern void store_exit(void); +extern void store_init(void); +extern void store_writeprotect(int); + extern gstring *string_append(gstring *, int, ...) WARN_UNUSED_RESULT; extern gstring *string_append_listele(gstring *, uschar, const uschar *) WARN_UNUSED_RESULT; extern gstring *string_append_listele_n(gstring *, uschar, const uschar *, unsigned) WARN_UNUSED_RESULT; @@ -531,7 +546,7 @@ extern int string_is_ip_address(const uschar *, int *); #ifdef SUPPORT_I18N extern BOOL string_is_utf8(const uschar *); #endif -extern const uschar *string_printing2(const uschar *, BOOL); +extern const uschar *string_printing2(const uschar *, int); extern uschar *string_split_message(uschar *); extern uschar *string_unprinting(uschar *); #ifdef SUPPORT_I18N @@ -553,10 +568,10 @@ extern BOOL string_format_trc(uschar *, int, const uschar *, unsigned, extern gstring *string_vformat_trc(gstring *, const uschar *, unsigned, unsigned, unsigned, const char *, va_list); -#define string_open_failed(eno, fmt, ...) \ - string_open_failed_trc(eno, US __FUNCTION__, __LINE__, fmt, __VA_ARGS__) -extern uschar *string_open_failed_trc(int, const uschar *, unsigned, - const char *, ...) PRINTF_FUNCTION(4,5); +#define string_open_failed(fmt, ...) \ + string_open_failed_trc(US __FUNCTION__, __LINE__, fmt, __VA_ARGS__) +extern uschar *string_open_failed_trc(const uschar *, unsigned, + const char *, ...) PRINTF_FUNCTION(3,4); #define string_nextinlist(lp, sp, b, l) \ string_nextinlist_trc((lp), (sp), (b), (l), US __FUNCTION__, __LINE__) @@ -576,12 +591,15 @@ extern void tls_modify_variables(tls_support *); extern uschar *tod_stamp(int); extern BOOL transport_check_waiting(const uschar *, const uschar *, int, uschar *, - BOOL *, oicf, void*); + oicf, void*); extern void transport_init(void); extern void transport_do_pass_socket(const uschar *, const uschar *, const uschar *, uschar *, int); -extern BOOL transport_pass_socket(const uschar *, const uschar *, const uschar *, uschar *, - int); +extern BOOL transport_pass_socket(const uschar *, const uschar *, const uschar *, uschar *, int +#ifdef EXPERIMENTAL_ESMTP_LIMITS + , unsigned, unsigned, unsigned +#endif + ); extern uschar *transport_rcpt_address(address_item *, BOOL); extern BOOL transport_set_up_command(const uschar ***, uschar *, BOOL, int, address_item *, uschar *, uschar **); @@ -593,9 +611,9 @@ extern BOOL transport_headers_send(transport_ctx *, BOOL (*)(transport_ctx *, uschar *, int)); extern gstring * transport_show_supported(gstring *); extern BOOL transport_write_message(transport_ctx *, int); -extern void tree_add_duplicate(uschar *, address_item *); -extern void tree_add_nonrecipient(uschar *); -extern void tree_add_unusable(host_item *); +extern void tree_add_duplicate(const uschar *, address_item *); +extern void tree_add_nonrecipient(const uschar *); +extern void tree_add_unusable(const host_item *); extern void tree_dup(tree_node **, tree_node *); extern int tree_insertnode(tree_node **, tree_node *); extern tree_node *tree_search(tree_node *, const uschar *); @@ -953,20 +971,34 @@ g->s = s; } +# ifndef COMPILE_UTILITY /******************************************************************************/ +/* Use store_malloc for DNSA structs, and explicit frees. Using the same pool +for them as the strings we proceed to copy from them meant they could not be +released, hence blowing 64k for every DNS lookup. That mounted up. With malloc +we do have to take care over marking tainted all copied strings. A separate pool +could be used and would handle that implicitly. */ #define store_get_dns_answer() store_get_dns_answer_trc(CUS __FUNCTION__, __LINE__) static inline dns_answer * store_get_dns_answer_trc(const uschar * func, unsigned line) { -return store_get_3(sizeof(dns_answer), TRUE, CCS func, line); /* use tainted mem */ +/* return store_get_3(sizeof(dns_answer), TRUE, CCS func, line); use tainted mem */ +return store_malloc_3(sizeof(dns_answer), CCS func, line); +} + +#define store_free_dns_answer(dnsa) store_free_dns_answer_trc(dnsa, CUS __FUNCTION__, __LINE__) + +static inline void +store_free_dns_answer_trc(dns_answer * dnsa, const uschar * func, unsigned line) +{ +store_free_3(dnsa, CCS func, line); } /******************************************************************************/ /* Routines with knowledge of spool layout */ -# ifndef COMPILE_UTILITY static inline void spool_pname_buf(uschar * buf, int len) { @@ -1032,18 +1064,25 @@ subdir_str[1] = '\0'; /******************************************************************************/ /* Time calculations */ +/* Diff two times (later, earlier) returning diff in 1st arg */ static inline void -timesince(struct timeval * diff, const struct timeval * then) +timediff(struct timeval * later, const struct timeval * earlier) { -gettimeofday(diff, NULL); -diff->tv_sec -= then->tv_sec; -if ((diff->tv_usec -= then->tv_usec) < 0) +later->tv_sec -= earlier->tv_sec; +if ((later->tv_usec -= earlier->tv_usec) < 0) { - diff->tv_sec--; - diff->tv_usec += 1000*1000; + later->tv_sec--; + later->tv_usec += 1000*1000; } } +static inline void +timesince(struct timeval * diff, const struct timeval * then) +{ +gettimeofday(diff, NULL); +timediff(diff, then); +} + static inline uschar * string_timediff(const struct timeval * diff) { @@ -1087,45 +1126,77 @@ if (f.running_in_test_harness && f.testsuite_delays) millisleep(millisec); /******************************************************************************/ /* Taint-checked file opens */ +static inline uschar * +is_tainted2(const void *p, int lflags, const char* fmt, ...) +{ +va_list ap; +uschar *msg; +rmark mark; + +if (!is_tainted(p)) + return NULL; + +mark = store_mark(); +va_start(ap, fmt); +msg = string_from_gstring(string_vformat(NULL, SVFMT_TAINT_NOCHK|SVFMT_EXTEND, fmt, ap)); +va_end(ap); + +#ifdef ALLOW_INSECURE_TAINTED_DATA +if (allow_insecure_tainted_data) + { + if LOGGING(tainted) log_write(0, LOG_MAIN, "Warning: %s", msg); + store_reset(mark); + return NULL; + } +#endif + +if (lflags) log_write(0, lflags, "%s", msg); +return msg; /* no store_reset(), as the message might be used afterwards and Exim + is expected to exit anyway, so we do not care about the leaked + storage */ +} static inline int exim_open2(const char *pathname, int flags) { -if (!is_tainted(pathname)) return open(pathname, flags); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); +if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) + return open(pathname, flags); errno = EACCES; return -1; } + static inline int exim_open(const char *pathname, int flags, mode_t mode) { -if (!is_tainted(pathname)) return open(pathname, flags, mode); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); +if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) + return open(pathname, flags, mode); errno = EACCES; return -1; } +#ifdef EXIM_HAVE_OPENAT static inline int exim_openat(int dirfd, const char *pathname, int flags) { -if (!is_tainted(pathname)) return openat(dirfd, pathname, flags); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); +if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) + return openat(dirfd, pathname, flags); errno = EACCES; return -1; } static inline int exim_openat4(int dirfd, const char *pathname, int flags, mode_t mode) { -if (!is_tainted(pathname)) return openat(dirfd, pathname, flags, mode); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); +if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) + return openat(dirfd, pathname, flags, mode); errno = EACCES; return -1; } +#endif static inline FILE * exim_fopen(const char *pathname, const char *mode) { -if (!is_tainted(pathname)) return fopen(pathname, mode); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); +if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) + return fopen(pathname, mode); errno = EACCES; return NULL; } @@ -1133,8 +1204,8 @@ return NULL; static inline DIR * exim_opendir(const uschar * name) { -if (!is_tainted(name)) return opendir(CCS name); -log_write(0, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name); +if (!is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name)) + return opendir(CCS name); errno = EACCES; return NULL; }