X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/c679ee08b006c8fe4c62b353d909c992a725fc11..8ac90765750f87c573300b9e953af3d8090cab8b:/src/src/acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 35d955da6..4f335df36 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -367,6 +367,9 @@ enum {
   CONTROL_NO_PIPELINING,
 
   CONTROL_QUEUE_ONLY,
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
+  CONTROL_REQUIRETLS,
+#endif
   CONTROL_SUBMISSION,
   CONTROL_SUPPRESS_LOCAL_FIXUPS,
 #ifdef SUPPORT_I18N
@@ -510,6 +513,18 @@ static control_def controls_list[] = {
 	    // ACL_BIT_PRDR|    /* Not allow one user to freeze for all */
 	    ACL_BIT_NOTSMTP | ACL_BIT_MIME)
   },
+
+
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
+[CONTROL_REQUIRETLS] =
+  { US"requiretls",		 FALSE,
+	  (unsigned)
+	  ~(ACL_BIT_MAIL | ACL_BIT_RCPT | ACL_BIT_PREDATA |
+	    ACL_BIT_DATA | ACL_BIT_MIME |
+	    ACL_BIT_NOTSMTP)
+  },
+#endif
+
 [CONTROL_SUBMISSION] =
   { US"submission",              TRUE,
 	  (unsigned)
@@ -1042,33 +1057,16 @@ uschar *
 fn_hdrs_added(void)
 {
 gstring * g = NULL;
-header_line * h = acl_added_headers;
-uschar * s;
-uschar * cp;
+header_line * h;
 
-if (!h) return NULL;
-
-do
+for (h = acl_added_headers; h; h = h->next)
   {
-  s = h->text;
-  while ((cp = Ustrchr(s, '\n')) != NULL)
-    {
-    if (cp[1] == '\0') break;
-
-    /* contains embedded newline; needs doubling */
-    g = string_catn(g, s, cp-s+1);
-    g = string_catn(g, US"\n", 1);
-    s = cp+1;
-    }
-  /* last bit of header */
-
-/*XXX could we use add_listele? */
-  g = string_catn(g, s, cp-s+1);	/* newline-sep list */
+  int i = h->slen;
+  if (h->text[i-1] == '\n') i--;
+  g = string_append_listele_n(g, '\n', h->text, i);
   }
-while((h = h->next));
 
-g->s[g->ptr - 1] = '\0';	/* overwrite last newline */
-return g->s;
+return g ? g->s : NULL;
 }
 
 
@@ -1087,7 +1085,7 @@ Returns:    nothing
 static void
 setup_remove_header(const uschar *hnames)
 {
-if (*hnames != 0)
+if (*hnames)
   acl_removed_headers = acl_removed_headers
     ? string_sprintf("%s : %s", acl_removed_headers, hnames)
     : string_copy(hnames);
@@ -2340,7 +2338,7 @@ if (leaky + strict + readonly > 1)
   return ratelimit_error(log_msgptr, "conflicting update modes");
 if (badacl && (leaky || strict) && !noupdate)
   return ratelimit_error(log_msgptr,
-    "\"%s\" must not have /leaky or /strict option in %s ACL",
+    "\"%s\" must not have /leaky or /strict option, or cannot be used in %s ACL",
     ratelimit_option_string[mode], acl_wherenames[where]);
 
 /* Set the default values of any unset options. In readonly mode we
@@ -2865,7 +2863,7 @@ int rc = OK;
 int sep = -'/';
 #endif
 
-for (; cb != NULL; cb = cb->next)
+for (; cb; cb = cb->next)
   {
   const uschar *arg;
   int control_type;
@@ -3180,6 +3178,11 @@ for (; cb != NULL; cb = cb->next)
 	cancel_cutthrough_connection(TRUE, US"queueing forced");
 	break;
 
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
+	case CONTROL_REQUIRETLS:
+	tls_requiretls |= REQUIRETLS_MSG;
+	break;
+#endif
 	case CONTROL_SUBMISSION:
 	originator_name = US"";
 	submission_mode = TRUE;