X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/afe12dd0d6fae1da98dabdab607f5dab22b14345..685bbd33eed692f3da8a92241b4cdce95d1792ab:/src/src/exim.h diff --git a/src/src/exim.h b/src/src/exim.h index 75d14660f..b0906d34a 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2014 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -11,6 +11,9 @@ that is needed. They don't all need everything, of course, but it's far too messy to have each one importing its own list, and anyway, most of them need most of these includes. */ +#ifndef EXIM_H +#define EXIM_H + /* Assume most systems have statfs() unless os.h undefines this macro */ #define HAVE_STATFS @@ -84,6 +87,13 @@ making unique names. */ # include #endif +#ifdef EXIM_HAVE_INOTIFY +# include +#endif +#ifdef EXIM_HAVE_KEVENT +# include +#endif + /* C99 integer types, figure out how to undo this if needed for older systems */ #include @@ -125,6 +135,51 @@ making unique names. */ # endif #endif +/* RFC 5321 specifies that the maximum length of a local-part is 64 octets +and the maximum length of a domain is 255 octets, but then also defines +the maximum length of a forward/reverse path as 256 not 64+1+255. +For an IP address, the maximum is 45 without a scope and we don't work +with scoped addresses, so go with that. (IPv6 with mapped IPv4). + +A hostname maximum length is in practice the same as the domainname, for +the same core reasons (maximum length of a DNS name), but the semantics +are different and seeing "DOMAIN" in source is confusing when talking about +hostnames; so we define a second macro. We'll use RFC 2181 as the reference +for this one. + +There is no known (to me) specification on the maximum length of a human name +in email addresses and we should be careful about imposing such a limit on +received email, but in terms of limiting what untrusted callers specify, or +local generation, having a limit makes sense. Err on the side of generosity. + +For a display mail address, we have a human name, an email in brackets, +possibly some (Comments), so it needs to be at least 512+3 and some more to +avoid extraneous errors. +Since the sane SMTP line length limit is 998, constraining such parameters to +be 1024 seems generous and unlikely to spuriously reject legitimate +invocations. + +The driver name is a name of a router/transport/authenticator etc in the +configuration file. We also use this for some other short strings, such +as queue names. +Also TLS ciphersuite name (no real known limit since the protocols use +integers, but max seen in reality is 45 octets). + +RFC 1413 gives us the 512 limit on IDENT protocol userids. +*/ + +#define EXIM_EMAILADDR_MAX 256 +#define EXIM_LOCALPART_MAX 64 +#define EXIM_DOMAINNAME_MAX 255 +#define EXIM_IPADDR_MAX 45 +#define EXIM_HOSTNAME_MAX 255 +#define EXIM_HUMANNAME_MAX 256 +#define EXIM_DISPLAYMAIL_MAX 1024 +#define EXIM_DRIVERNAME_MAX 64 +#define EXIM_CIPHERNAME_MAX 64 +#define EXIM_IDENTUSER_MAX 512 + + #include #include #include @@ -281,18 +336,6 @@ disabused of the notion. Luckily, since EX_OK is not used, it didn't matter.] */ #include -/* If arpa/nameser.h defines a maximum name server packet size, use it, -provided it is greater than 2048. Otherwise go for a default. PACKETSZ was used -for this, but it seems that NS_PACKETSZ is coming into use. */ - -#if defined(NS_PACKETSZ) && NS_PACKETSZ >= 2048 - #define MAXPACKET NS_PACKETSZ -#elif defined(PACKETSZ) && PACKETSZ >= 2048 - #define MAXPACKET PACKETSZ -#else - #define MAXPACKET 2048 -#endif - /* While IPv6 is still young the definitions of T_AAAA and T_A6 may not be included in arpa/nameser.h. Fudge them here. */ @@ -479,7 +522,8 @@ extern int ferror(FILE *); /* The header from the PCRE regex package */ -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include /* Exim includes are in several files. Note that local_scan.h #includes config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. @@ -489,7 +533,9 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #include "macros.h" #include "dbstuff.h" #include "structs.h" +#include "blob.h" #include "globals.h" +#include "hash.h" #include "functions.h" #include "dbfunctions.h" #include "osfunctions.h" @@ -497,16 +543,16 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #ifdef EXPERIMENTAL_BRIGHTMAIL # include "bmi_spam.h" #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF # include "spf.h" #endif -#ifdef EXPERIMENTAL_SRS +#ifdef EXPERIMENTAL_SRS_ALT # include "srs.h" #endif #ifndef DISABLE_DKIM # include "dkim.h" #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC # include "dmarc.h" # include #endif @@ -546,11 +592,19 @@ union sockaddr_46 { struct sockaddr v0; }; -/* If SUPPORT_TLS is not defined, ensure that USE_GNUTLS is also not defined -so that if USE_GNUTLS *is* set, we can assume SUPPORT_TLS is also set. */ +/* If DISABLE_TLS is defined, ensure that USE_GNUTLS is not defined +so that if USE_GNUTLS *is* set, we can assume DISABLE_TLS is not set. +Ditto USE_OPENSSL. +Likewise, OSCP, AUTH_TLS and CERTNAMES cannot be supported. */ -#ifndef SUPPORT_TLS +#ifdef DISABLE_TLS +# undef USE_OPENSSL # undef USE_GNUTLS +# ifndef DISABLE_OCSP +# define DISABLE_OCSP +# endif +# undef EXPERIMENTAL_CERTNAMES +# undef AUTH_TLS #endif /* If SPOOL_DIRECTORY, LOG_FILE_PATH or PID_FILE_PATH have not been defined, @@ -581,19 +635,38 @@ default to EDQUOT if it exists, otherwise ENOSPC. */ # endif #endif -/* Ensure PATH_MAX is defined */ +/* DANE w/o DNSSEC is useless */ +#if defined(SUPPORT_DANE) && defined(DISABLE_DNSSEC) +# error DANE support requires DNSSEC support +#endif + +/* Some platforms (FreeBSD, OpenBSD, Solaris) do not seem to define this */ -#ifndef PATH_MAX - #ifdef MAXPATHLEN - # define PATH_MAX MAXPATHLEN - #else - # define PATH_MAX 1024 - #endif +#ifndef POLLRDHUP +# define POLLRDHUP (POLLIN | POLLHUP) #endif -/* DANE w/o DNSSEC is useless */ -#if defined(EXPERIMENTAL_DANE) && defined(DISABLE_DNSSEC) - #undef DISABLE_DNSSEC +/* Some platforms (Darwin) have to define a larger limit on groups membership */ + +#ifndef EXIM_GROUPLIST_SIZE +# define EXIM_GROUPLIST_SIZE NGROUPS_MAX #endif +/* Linux has TCP_CORK, FreeBSD has TCP_NOPUSH; they do pretty much the same */ + +#ifdef TCP_CORK +# define EXIM_TCP_CORK TCP_CORK +#elif defined(TCP_NOPUSH) +# define EXIM_TCP_CORK TCP_NOPUSH +#endif + +/* LibreSSL seems to not push out the SMTP response to QUIT with our usual +handling which is trying to get the client to FIN first so that the server does +not get the TIME_WAIT */ + +#if !defined(DISABLE_TLS) && defined(USE_OPENSSL) && defined(LIBRESSL_VERSION_NUMBER) +# define SERVERSIDE_CLOSE_NOWAIT +#endif + +#endif /* End of exim.h */