X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8ac90765750f87c573300b9e953af3d8090cab8b..9fa3eec7bb2e6a14a0b62dbc713c0ba5b2b5cd34:/src/src/verify.c diff --git a/src/src/verify.c b/src/src/verify.c index 35b21a54d..9aff78a9a 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -14,7 +14,7 @@ caching was contributed by Kevin Fleming (but I hacked it around a bit). */ #define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */ #define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */ -static smtp_outblock ctblock; +static smtp_context ctctx; uschar ctbuffer[8192]; @@ -409,7 +409,7 @@ if (addr->transport == cutthrough.addr.transport) /* Match! Send the RCPT TO, set done from the response */ done = - smtp_write_command(&ctblock, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n", + smtp_write_command(&ctctx, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n", transport_rcpt_address(addr, addr->transport->rcpt_include_affixes)) >= 0 && cutthrough_response(&cutthrough.cctx, '2', &resp, @@ -601,7 +601,7 @@ else and cause the client to time out. So in this case we forgo the PIPELINING optimization. */ - if (smtp_out && !disable_callout_flush) mac_smtp_fflush(); + if (smtp_out && !f.disable_callout_flush) mac_smtp_fflush(); clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ clearflag(addr, af_verify_nsfail); /* null sender callout flag */ @@ -693,7 +693,7 @@ tls_retry_connection: if ( yield == DEFER && addr->basic_errno == ERRNO_TLSFAILURE && ob->tls_tempfail_tryclear - && verify_check_given_host(&ob->hosts_require_tls, host) != OK + && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK ) { log_write(0, LOG_MAIN, @@ -814,9 +814,8 @@ tls_retry_connection: XXX We don't care about that for postmaster_full. Should we? */ if ((done = - smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0 && - smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), - '2', callout))) + smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 && + smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout))) break; HDEBUG(D_acl|D_v) @@ -911,9 +910,8 @@ tls_retry_connection: cancel_cutthrough_connection(TRUE, US"postmaster verify"); HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n"); - done = smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0 - && smtp_read_response(&sx.inblock, sx.buffer, - sizeof(sx.buffer), '2', callout); + done = smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 + && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout); if (done) { @@ -936,9 +934,9 @@ tls_retry_connection: done = TRUE; else done = (options & vopt_callout_fullpm) != 0 - && smtp_write_command(&sx.outblock, SCMD_FLUSH, + && smtp_write_command(&sx, SCMD_FLUSH, "RCPT TO:\r\n") >= 0 - && smtp_read_response(&sx.inblock, sx.buffer, + && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout); /* Sort out the cache record */ @@ -1070,6 +1068,8 @@ no_conn: && !sx.lmtp ) { + address_item * parent, * caddr; + HDEBUG(D_acl|D_v) debug_printf_indent("holding verify callout open for %s\n", cutthrough.delivery ? "cutthrough delivery" : "potential further verifies and delivery"); @@ -1092,17 +1092,21 @@ no_conn: cutthrough.host.address = string_copy(host->address); store_pool = oldpool; } - cutthrough.addr = *addr; /* Save the address_item for later logging */ + + /* Save the address_item and parent chain for later logging */ + cutthrough.addr = *addr; cutthrough.addr.next = NULL; cutthrough.addr.host_used = &cutthrough.host; - if (addr->parent) - *(cutthrough.addr.parent = store_get(sizeof(address_item))) = - *addr->parent; - ctblock.buffer = ctbuffer; - ctblock.buffersize = sizeof(ctbuffer); - ctblock.ptr = ctbuffer; - /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */ - ctblock.cctx = &cutthrough.cctx; + for (caddr = &cutthrough.addr, parent = addr->parent; + parent; + caddr = caddr->parent, parent = parent->parent) + *(caddr->parent = store_get(sizeof(address_item))) = *parent; + + ctctx.outblock.buffer = ctbuffer; + ctctx.outblock.buffersize = sizeof(ctbuffer); + ctctx.outblock.ptr = ctbuffer; + /* ctctx.outblock.cmd_count = 0; ctctx.outblock.authenticating = FALSE; */ + ctctx.outblock.cctx = &cutthrough.cctx; } else { @@ -1111,11 +1115,10 @@ no_conn: cancel_cutthrough_connection(TRUE, US"not usable for cutthrough"); if (sx.send_quit) { - (void) smtp_write_command(&sx.outblock, SCMD_FLUSH, "QUIT\r\n"); + (void) smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n"); /* Wait a short time for response, and discard it */ - smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), - '2', 1); + smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', 1); } if (sx.cctx.sock >= 0) @@ -1194,7 +1197,7 @@ return yield; one was requested and a recipient-verify wasn't subsequently done. */ int -open_cutthrough_connection( address_item * addr ) +open_cutthrough_connection(address_item * addr) { address_item addr2; int rc; @@ -1228,14 +1231,14 @@ if(cutthrough.cctx.sock < 0) if( #ifdef SUPPORT_TLS cutthrough.is_tls - ? tls_write(cutthrough.cctx.tls_ctx, ctblock.buffer, n, FALSE) + ? tls_write(cutthrough.cctx.tls_ctx, ctctx.outblock.buffer, n, FALSE) : #endif - send(cutthrough.cctx.sock, ctblock.buffer, n, 0) > 0 + send(cutthrough.cctx.sock, ctctx.outblock.buffer, n, 0) > 0 ) { transport_count += n; - ctblock.ptr= ctblock.buffer; + ctctx.outblock.ptr= ctctx.outblock.buffer; return TRUE; } @@ -1250,11 +1253,11 @@ _cutthrough_puts(uschar * cp, int n) { while(n--) { - if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize) - if(!cutthrough_send(ctblock.buffersize)) + if(ctctx.outblock.ptr >= ctctx.outblock.buffer+ctctx.outblock.buffersize) + if(!cutthrough_send(ctctx.outblock.buffersize)) return FALSE; - *ctblock.ptr++ = *cp++; + *ctctx.outblock.ptr++ = *cp++; } return TRUE; } @@ -1280,7 +1283,7 @@ return; static BOOL _cutthrough_flush_send(void) { -int n = ctblock.ptr - ctblock.buffer; +int n = ctctx.outblock.ptr - ctctx.outblock.buffer; if(n>0) if(!cutthrough_send(n)) @@ -1317,16 +1320,16 @@ cutthrough_data_puts(US"\r\n", 2); static uschar cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout) { -smtp_inblock inblock; +smtp_context sx; uschar inbuffer[4096]; uschar responsebuffer[4096]; -inblock.buffer = inbuffer; -inblock.buffersize = sizeof(inbuffer); -inblock.ptr = inbuffer; -inblock.ptrend = inbuffer; -inblock.cctx = cctx; -if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, timeout)) +sx.inblock.buffer = inbuffer; +sx.inblock.buffersize = sizeof(inbuffer); +sx.inblock.ptr = inbuffer; +sx.inblock.ptrend = inbuffer; +sx.inblock.cctx = cctx; +if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout)) cancel_cutthrough_connection(TRUE, US"target timeout on read"); if(copy) @@ -1417,7 +1420,7 @@ if(fd >= 0) conn before the final dot. */ client_conn_ctx tmp_ctx = cutthrough.cctx; - ctblock.ptr = ctbuffer; + ctctx.outblock.ptr = ctbuffer; HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); @@ -1439,7 +1442,7 @@ if(fd >= 0) (void)close(fd); HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why); } -ctblock.ptr = ctbuffer; +ctctx.outblock.ptr = ctbuffer; } void @@ -1636,18 +1639,18 @@ Returns: OK address verified */ int -verify_address(address_item *vaddr, FILE *f, int options, int callout, - int callout_overall, int callout_connect, uschar *se_mailfrom, +verify_address(address_item * vaddr, FILE * fp, int options, int callout, + int callout_overall, int callout_connect, uschar * se_mailfrom, uschar *pm_mailfrom, BOOL *routed) { BOOL allok = TRUE; -BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0); +BOOL full_info = fp ? debug_selector != 0 : FALSE; BOOL expn = (options & vopt_expn) != 0; BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0; int i; int yield = OK; int verify_type = expn? v_expn : - address_test_mode? v_none : + f.address_test_mode? v_none : options & vopt_is_recipient? v_recipient : v_sender; address_item *addr_list; address_item *addr_new = NULL; @@ -1682,8 +1685,8 @@ if (parse_find_at(address) == NULL) { if (!(options & vopt_qualify)) { - if (f) - respond_printf(f, "%sA domain is required for \"%s\"%s\n", + if (fp) + respond_printf(fp, "%sA domain is required for \"%s\"%s\n", ko_prefix, address, cr); *failure_ptr = US"qualify"; return FAIL; @@ -1694,7 +1697,7 @@ if (parse_find_at(address) == NULL) DEBUG(D_verify) { debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address); + debug_printf("%s %s\n", f.address_test_mode? "Testing" : "Verifying", address); } /* Rewrite and report on it. Clear the domain and local part caches - these @@ -1709,7 +1712,7 @@ if (global_rewrite_rules) { for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0; for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0; - if (f && !expn) fprintf(f, "Address rewritten as: %s\n", address); + if (fp && !expn) fprintf(fp, "Address rewritten as: %s\n", address); } } @@ -1775,29 +1778,29 @@ while (addr_new) if (testflag(addr, af_pfr)) { allok = FALSE; - if (f) + if (fp) { BOOL allow; if (addr->address[0] == '>') { allow = testflag(addr, af_allow_reply); - fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1); + fprintf(fp, "%s -> mail %s", addr->parent->address, addr->address + 1); } else { allow = addr->address[0] == '|' ? testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file); - fprintf(f, "%s -> %s", addr->parent->address, addr->address); + fprintf(fp, "%s -> %s", addr->parent->address, addr->address); } if (addr->basic_errno == ERRNO_BADTRANSPORT) - fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n" + fprintf(fp, "\n*** Error in setting up pipe, file, or autoreply:\n" "%s\n", addr->message); else if (allow) - fprintf(f, "\n transport = %s\n", addr->transport->name); + fprintf(fp, "\n transport = %s\n", addr->transport->name); else - fprintf(f, " *** forbidden ***\n"); + fprintf(fp, " *** forbidden ***\n"); } continue; } @@ -1929,7 +1932,7 @@ while (addr_new) if (host_list) { HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n"); - if (host_checking && !host_checking_callout) + if (host_checking && !f.host_checking_callout) { HDEBUG(D_verify) debug_printf("... callout omitted by default when host testing\n" @@ -1942,6 +1945,9 @@ while (addr_new) #endif rc = do_callout(addr, host_list, &tf, callout, callout_overall, callout_connect, options, se_mailfrom, pm_mailfrom); +#ifdef SUPPORT_TLS + deliver_set_expansions(NULL); +#endif } } else @@ -1967,29 +1973,29 @@ while (addr_new) if (rc == FAIL) { allok = FALSE; - if (f) + if (fp) { address_item *p = addr->parent; - respond_printf(f, "%s%s %s", ko_prefix, + respond_printf(fp, "%s%s %s", ko_prefix, full_info ? addr->address : address, - address_test_mode ? "is undeliverable" : "failed to verify"); - if (!expn && admin_user) + f.address_test_mode ? "is undeliverable" : "failed to verify"); + if (!expn && f.admin_user) { if (addr->basic_errno > 0) - respond_printf(f, ": %s", strerror(addr->basic_errno)); + respond_printf(fp, ": %s", strerror(addr->basic_errno)); if (addr->message) - respond_printf(f, ": %s", addr->message); + respond_printf(fp, ": %s", addr->message); } /* Show parents iff doing full info */ if (full_info) while (p) { - respond_printf(f, "%s\n <-- %s", cr, p->address); + respond_printf(fp, "%s\n <-- %s", cr, p->address); p = p->parent; } - respond_printf(f, "%s\n", cr); + respond_printf(fp, "%s\n", cr); } cancel_cutthrough_connection(TRUE, US"routing hard fail"); @@ -2006,29 +2012,29 @@ while (addr_new) else if (rc == DEFER) { allok = FALSE; - if (f) + if (fp) { address_item *p = addr->parent; - respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix, + respond_printf(fp, "%s%s cannot be resolved at this time", ko_prefix, full_info? addr->address : address); - if (!expn && admin_user) + if (!expn && f.admin_user) { if (addr->basic_errno > 0) - respond_printf(f, ": %s", strerror(addr->basic_errno)); + respond_printf(fp, ": %s", strerror(addr->basic_errno)); if (addr->message) - respond_printf(f, ": %s", addr->message); + respond_printf(fp, ": %s", addr->message); else if (addr->basic_errno <= 0) - respond_printf(f, ": unknown error"); + respond_printf(fp, ": unknown error"); } /* Show parents iff doing full info */ if (full_info) while (p) { - respond_printf(f, "%s\n <-- %s", cr, p->address); + respond_printf(fp, "%s\n <-- %s", cr, p->address); p = p->parent; } - respond_printf(f, "%s\n", cr); + respond_printf(fp, "%s\n", cr); } cancel_cutthrough_connection(TRUE, US"routing soft fail"); @@ -2049,16 +2055,16 @@ while (addr_new) if (!addr_new) if (!addr_local && !addr_remote) - respond_printf(f, "250 mail to <%s> is discarded\r\n", address); + respond_printf(fp, "250 mail to <%s> is discarded\r\n", address); else - respond_printf(f, "250 <%s>\r\n", address); + respond_printf(fp, "250 <%s>\r\n", address); else do { address_item *addr2 = addr_new; addr_new = addr2->next; if (!addr_new) ok_prefix = US"250 "; - respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address); + respond_printf(fp, "%s<%s>\r\n", ok_prefix, addr2->address); } while (addr_new); yield = OK; goto out; @@ -2092,8 +2098,8 @@ while (addr_new) ) ) ) { - if (f) fprintf(f, "%s %s\n", - address, address_test_mode ? "is deliverable" : "verified"); + if (fp) fprintf(fp, "%s %s\n", + address, f.address_test_mode ? "is deliverable" : "verified"); /* If we have carried on to verify a child address, we want the value of $address_data to be that of the child */ @@ -2112,7 +2118,7 @@ while (addr_new) } /* Loop for generated addresses */ /* Display the full results of the successful routing, including any generated -addresses. Control gets here only when full_info is set, which requires f not +addresses. Control gets here only when full_info is set, which requires fp not to be NULL, and this occurs only when a top-level verify is called with the debugging switch on. @@ -2122,7 +2128,7 @@ discarded, usually because of the use of :blackhole: in an alias file. */ if (allok && !addr_local && !addr_remote) { - fprintf(f, "mail to %s is discarded\n", address); + fprintf(fp, "mail to %s is discarded\n", address); goto out; } @@ -2135,10 +2141,10 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) addr_list = addr->next; - fprintf(f, "%s", CS addr->address); + fprintf(fp, "%s", CS addr->address); #ifdef EXPERIMENTAL_SRS if(addr->prop.srs_sender) - fprintf(f, " [srs = %s]", addr->prop.srs_sender); + fprintf(fp, " [srs = %s]", addr->prop.srs_sender); #endif /* If the address is a duplicate, show something about it. */ @@ -2147,19 +2153,19 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) { tree_node *tnode; if ((tnode = tree_search(tree_duplicates, addr->unique))) - fprintf(f, " [duplicate, would not be delivered]"); + fprintf(fp, " [duplicate, would not be delivered]"); else tree_add_duplicate(addr->unique, addr); } /* Now show its parents */ for (p = addr->parent; p; p = p->parent) - fprintf(f, "\n <-- %s", p->address); - fprintf(f, "\n "); + fprintf(fp, "\n <-- %s", p->address); + fprintf(fp, "\n "); /* Show router, and transport */ - fprintf(f, "router = %s, transport = %s\n", + fprintf(fp, "router = %s, transport = %s\n", addr->router->name, tp ? tp->name : US"unset"); /* Show any hosts that are set up by a router unless the transport @@ -2179,20 +2185,20 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) } for (h = addr->host_list; h; h = h->next) { - fprintf(f, " host %-*s ", maxlen, h->name); + fprintf(fp, " host %-*s ", maxlen, h->name); if (h->address) - fprintf(f, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']'); + fprintf(fp, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']'); else if (tp->info->local) - fprintf(f, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */ + fprintf(fp, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */ else - fprintf(f, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']'); + fprintf(fp, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']'); - if (h->mx >= 0) fprintf(f, " MX=%d", h->mx); - if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port); - if (running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", f); - if (h->status == hstatus_unusable) fputs(" ** unusable **", f); - fputc('\n', f); + if (h->mx >= 0) fprintf(fp, " MX=%d", h->mx); + if (h->port != PORT_NONE) fprintf(fp, " port=%d", h->port); + if (f.running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", fp); + if (h->status == hstatus_unusable) fputs(" ** unusable **", fp); + fputc('\n', fp); } } } @@ -2248,7 +2254,7 @@ for (h = header_list; h && yield == OK; h = h->next) /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; while (*s) { @@ -2271,11 +2277,11 @@ for (h = header_list; h && yield == OK; h = h->next) { if (h->type == htype_from || h->type == htype_sender) { - if (!allow_unqualified_sender) recipient = NULL; + if (!f.allow_unqualified_sender) recipient = NULL; } else { - if (!allow_unqualified_recipient) recipient = NULL; + if (!f.allow_unqualified_recipient) recipient = NULL; } if (recipient == NULL) errmess = US"unqualified address not permitted"; } @@ -2325,8 +2331,8 @@ for (h = header_list; h && yield == OK; h = h->next) while (isspace(*s)) s++; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header unless yield has been set FALSE */ return yield; @@ -2408,7 +2414,7 @@ for (i = 0; i < recipients_count; i++) /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; while (*s != 0) { @@ -2443,8 +2449,8 @@ for (i = 0; i < recipients_count; i++) while (isspace(*s)) s++; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header (if found is false) */ if (!found) return FAIL; @@ -2545,7 +2551,7 @@ for (i = 0; i < 3 && !done; i++) /* Scan the addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; while (*s != 0) { @@ -2663,8 +2669,8 @@ for (i = 0; i < 3 && !done; i++) s = ss; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header, unless done */ } /* Next header type unless done */ @@ -3022,8 +3028,8 @@ if (iplookup) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL); - if (valueptr != NULL) *valueptr = result; - return (result != NULL)? OK : search_find_defer? DEFER: FAIL; + if (valueptr) *valueptr = result; + return result ? OK : f.search_find_defer ? DEFER: FAIL; } /* The pattern is not an IP address or network reference of any kind. That is, @@ -3238,9 +3244,9 @@ return rc; * Check the given host item matches a list * *************************************************/ int -verify_check_given_host(uschar **listptr, host_item *host) +verify_check_given_host(const uschar **listptr, const host_item *host) { -return verify_check_this_host(CUSS listptr, NULL, host->name, host->address, NULL); +return verify_check_this_host(listptr, NULL, host->name, host->address, NULL); } /*************************************************