X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9eed571fd7c3236326cc6ea74f1455b027df7604..fdf263214d6536aba14944283ffc131597870a46:/src/src/acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 297489b3f..aaf0ce63e 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1186,8 +1186,6 @@ acl_verify_reverse(uschar **user_msgptr, uschar **log_msgptr)
 {
 int rc;
 
-user_msgptr = user_msgptr;  /* stop compiler warning */
-
 /* Previous success */
 
 if (sender_host_name != NULL) return OK;
@@ -1373,18 +1371,18 @@ switch (dns_special_lookup(dnsa, domain, T_CSA, &found))
   /* If something bad happened (most commonly DNS_AGAIN), defer. */
 
   default:
-  return t->data.val = CSA_DEFER_SRV;
+    return t->data.val = CSA_DEFER_SRV;
 
   /* If we found nothing, the client's authorization is unknown. */
 
   case DNS_NOMATCH:
   case DNS_NODATA:
-  return t->data.val = CSA_UNKNOWN;
+    return t->data.val = CSA_UNKNOWN;
 
   /* We got something! Go on to look at the reply in more detail. */
 
   case DNS_SUCCEED:
-  break;
+    break;
   }
 
 /* Scan the reply for well-formed CSA SRV records. */
@@ -1517,14 +1515,14 @@ static verify_type_t verify_type_list[] = {
     { US"certificate",	  	VERIFY_CERT,	 	(unsigned)~0,	TRUE,  0 },
     { US"helo",	  		VERIFY_HELO,	 	(unsigned)~0,	TRUE,  0 },
     { US"csa",	  		VERIFY_CSA,	 	(unsigned)~0,	FALSE, 0 },
-    { US"header_syntax",	VERIFY_HDR_SYNTAX,	ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
-    { US"not_blind",	  	VERIFY_NOT_BLIND,	ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
-    { US"header_sender",	VERIFY_HDR_SNDR,	ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
+    { US"header_syntax",	VERIFY_HDR_SYNTAX,	ACL_BITS_HAVEDATA, TRUE, 0 },
+    { US"not_blind",	  	VERIFY_NOT_BLIND,	ACL_BITS_HAVEDATA, FALSE, 0 },
+    { US"header_sender",	VERIFY_HDR_SNDR,	ACL_BITS_HAVEDATA, FALSE, 0 },
     { US"sender",	  	VERIFY_SNDR,		ACL_BIT_MAIL | ACL_BIT_RCPT
 			| ACL_BIT_PREDATA | ACL_BIT_DATA | ACL_BIT_NOTSMTP,
 										FALSE, 6 },
     { US"recipient",	  	VERIFY_RCPT,	 	ACL_BIT_RCPT,	FALSE, 0 },
-    { US"header_names_ascii",	VERIFY_HDR_NAMES_ASCII, ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
+    { US"header_names_ascii",	VERIFY_HDR_NAMES_ASCII, ACL_BITS_HAVEDATA, TRUE, 0 },
 #ifdef EXPERIMENTAL_ARC
     { US"arc",			VERIFY_ARC,	 	ACL_BIT_DATA,	FALSE , 0 },
 #endif
@@ -1946,7 +1944,8 @@ if (quota)
       {
       if (!*user_msgptr && *log_msgptr)
         *user_msgptr = string_sprintf("Rejected after %s: %s",
-	    smtp_names[smtp_connection_had[smtp_ch_index-1]], *log_msgptr);
+	    smtp_names[smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)]],
+	    *log_msgptr);
       if (rc == DEFER) f.acl_temp_details = TRUE;
       }
     }
@@ -3270,8 +3269,7 @@ for (; cb; cb = cb->next)
 	      {
 	      const uschar *pp = p + 6;
 	      while (*pp) pp++;
-	      submission_name = string_copy(parse_fix_phrase(p+6, pp-p-6,
-		big_buffer, big_buffer_size));
+	      submission_name = parse_fix_phrase(p+6, pp-p-6);
 	      p = pp;
 	      }
 	    else break;
@@ -3335,37 +3333,41 @@ for (; cb; cb = cb->next)
 	    the case where both sides handle prdr and this-node prdr acl
 	    is "accept" */
 	    ignored = US"PRDR active";
+	  else if (f.deliver_freeze)
+	    ignored = US"frozen";
+	  else if (f.queue_only_policy)
+	    ignored = US"queue-only";
+	  else if (fake_response == FAIL)
+	    ignored = US"fakereject";
+	  else if (rcpt_count != 1)
+	    ignored = US"nonfirst rcpt";
+	  else if (cutthrough.delivery)
+	    ignored = US"repeated";
+	  else if (cutthrough.callout_hold_only)
+	    {
+	    DEBUG(D_acl)
+	      debug_printf_indent(" cutthrough request upgrades callout hold\n");
+	    cutthrough.callout_hold_only = FALSE;
+	    cutthrough.delivery = TRUE;	/* control accepted */
+	    }
 	  else
 	    {
-	    if (f.deliver_freeze)
-	      ignored = US"frozen";
-	    else if (f.queue_only_policy)
-	      ignored = US"queue-only";
-	    else if (fake_response == FAIL)
-	      ignored = US"fakereject";
-	    else
+	    cutthrough.delivery = TRUE;	/* control accepted */
+	    while (*p == '/')
 	      {
-	      if (rcpt_count == 1)
+	      const uschar * pp = p+1;
+	      if (Ustrncmp(pp, "defer=", 6) == 0)
 		{
-		cutthrough.delivery = TRUE;	/* control accepted */
-		while (*p == '/')
-		  {
-		  const uschar * pp = p+1;
-		  if (Ustrncmp(pp, "defer=", 6) == 0)
-		    {
-		    pp += 6;
-		    if (Ustrncmp(pp, "pass", 4) == 0) cutthrough.defer_pass = TRUE;
-		    /* else if (Ustrncmp(pp, "spool") == 0) ;	default */
-		    }
-		  else
-		    while (*pp && *pp != '/') pp++;
-		  p = pp;
-		  }
+		pp += 6;
+		if (Ustrncmp(pp, "pass", 4) == 0) cutthrough.defer_pass = TRUE;
+		/* else if (Ustrncmp(pp, "spool") == 0) ;	default */
 		}
 	      else
-		ignored = US"nonfirst rcpt";
+		while (*pp && *pp != '/') pp++;
+	      p = pp;
 	      }
 	    }
+
 	  DEBUG(D_acl) if (ignored)
 	    debug_printf(" cutthrough request ignored on %s item\n", ignored);
 	  }
@@ -4541,7 +4543,8 @@ switch (where)
     /* Drop cutthrough conns, and drop heldopen verify conns if
     the previous was not DATA */
     {
-    uschar prev = smtp_connection_had[smtp_ch_index-2];
+    uschar prev =
+      smtp_connection_had[SMTP_HBUFF_PREV(SMTP_HBUFF_PREV(smtp_ch_index))];
     BOOL dropverify = !(prev == SCH_DATA || prev == SCH_BDAT);
 
     cancel_cutthrough_connection(dropverify, US"quit or conndrop");