X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d27f98fe90545fc2e794afc0b3b2494dccc65183..1ac6b2e7857d7b6645dbd09047c4c2ac3b6cef1d:/src/src/smtp_in.c

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 58d1a971e..243b8f7d1 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -455,9 +455,10 @@ if (rcpt_in_progress)
 /* Now write the string */
 
 #ifdef SUPPORT_TLS
-if (tls_active >= 0)
+if (tls_in.active >= 0)
   {
-  if (tls_write(big_buffer, Ustrlen(big_buffer)) < 0) smtp_write_error = -1;
+  if (tls_write(TRUE, big_buffer, Ustrlen(big_buffer)) < 0)
+    smtp_write_error = -1;
   }
 else
 #endif
@@ -483,7 +484,7 @@ Returns:    0 for no error; -1 after an error
 int
 smtp_fflush(void)
 {
-if (tls_active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1;
+if (tls_in.active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1;
 return smtp_write_error;
 }
 
@@ -506,7 +507,7 @@ command_timeout_handler(int sig)
 sig = sig;    /* Keep picky compilers happy */
 log_write(L_lost_incoming_connection,
           LOG_MAIN, "SMTP command timeout on%s connection from %s",
-          (tls_active >= 0)? " TLS" : "",
+          (tls_in.active >= 0)? " TLS" : "",
           host_and_ident(FALSE));
 if (smtp_batched_input)
   moan_smtp_batch(NULL, "421 SMTP command timeout");  /* Does not return */
@@ -707,7 +708,7 @@ fd_set fds;
 struct timeval tzero;
 
 if (!smtp_enforce_sync || sender_host_address == NULL ||
-    sender_host_notsocket || tls_active >= 0)
+    sender_host_notsocket || tls_in.active >= 0)
   return TRUE;
 
 fd = fileno(smtp_in);
@@ -850,18 +851,18 @@ if (sender_host_authenticated != NULL)
   }
 
 #ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
-  s = string_append(s, &size, &ptr, 2, US" X=", tls_cipher);
+if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
+  s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
 if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
-     tls_cipher != NULL)
+     tls_in.cipher != NULL)
   s = string_append(s, &size, &ptr, 2, US" CV=",
-    tls_certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
+    tls_in.certificate_verified? "yes":"no");
+if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
   s = string_append(s, &size, &ptr, 3, US" DN=\"",
-    string_printing(tls_peerdn), US"\"");
-if ((log_extra_selector & LX_tls_sni) != 0 && tls_sni != NULL)
+    string_printing(tls_in.peerdn), US"\"");
+if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
   s = string_append(s, &size, &ptr, 3, US" SNI=\"",
-    string_printing(tls_sni), US"\"");
+    string_printing(tls_in.sni), US"\"");
 #endif
 
 sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)?
@@ -1036,9 +1037,11 @@ store_reset(reset_point);
 recipients_list = NULL;
 rcpt_count = rcpt_defer_count = rcpt_fail_count =
   raw_recipients_count = recipients_count = recipients_list_max = 0;
+cancel_cutthrough_connection("smtp reset");
 message_linecount = 0;
 message_size = -1;
 acl_added_headers = NULL;
+acl_removed_headers = NULL;
 queue_only_policy = FALSE;
 rcpt_smtp_response = NULL;
 rcpt_smtp_response_same = TRUE;
@@ -1403,7 +1406,7 @@ if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL;
 authenticated_by = NULL;
 
 #ifdef SUPPORT_TLS
-tls_cipher = tls_peerdn = NULL;
+tls_in.cipher = tls_in.peerdn = NULL;
 tls_advertised = FALSE;
 #endif
 
@@ -1691,8 +1694,7 @@ if (!sender_host_unknown)
   smtps port for use with older style SSL MTAs. */
 
   #ifdef SUPPORT_TLS
-  if (tls_on_connect &&
-      tls_server_start(tls_require_ciphers) != OK)
+  if (tls_in.on_connect && tls_server_start(tls_require_ciphers) != OK)
     return FALSE;
   #endif
 
@@ -2807,7 +2809,7 @@ while (done <= 0)
         sender_host_authenticated = au->name;
         authentication_failed = FALSE;
         received_protocol =
-          protocols[pextend + pauthed + ((tls_active >= 0)? pcrpted:0)] +
+          protocols[pextend + pauthed + ((tls_in.active >= 0)? pcrpted:0)] +
             ((sender_host_address != NULL)? pnlocal : 0);
         s = ss = US"235 Authentication succeeded";
         authenticated_by = au;
@@ -2941,7 +2943,7 @@ while (done <= 0)
 
       host_build_sender_fullhost();  /* Rebuild */
       set_process_info("handling%s incoming connection from %s",
-        (tls_active >= 0)? " TLS" : "", host_and_ident(FALSE));
+        (tls_in.active >= 0)? " TLS" : "", host_and_ident(FALSE));
 
       /* Verify if configured. This doesn't give much security, but it does
       make some people happy to be able to do it. If helo_required is set,
@@ -3166,7 +3168,7 @@ while (done <= 0)
       secure connection. */
 
       #ifdef SUPPORT_TLS
-      if (tls_active < 0 &&
+      if (tls_in.active < 0 &&
           verify_check_host(&tls_advertise_hosts) != FAIL)
         {
         s = string_cat(s, &size, &ptr, smtp_code, 3);
@@ -3187,10 +3189,12 @@ while (done <= 0)
     s[ptr] = 0;
 
     #ifdef SUPPORT_TLS
-    if (tls_active >= 0) (void)tls_write(s, ptr); else
+    if (tls_in.active >= 0) (void)tls_write(TRUE, s, ptr); else
     #endif
 
-    (void)fwrite(s, 1, ptr, smtp_out);
+      {
+      int i = fwrite(s, 1, ptr, smtp_out); i = i; /* compiler quietening */
+      }
     DEBUG(D_receive)
       {
       uschar *cr;
@@ -3205,9 +3209,9 @@ while (done <= 0)
     received_protocol = (esmtp?
       protocols[pextend +
         ((sender_host_authenticated != NULL)? pauthed : 0) +
-        ((tls_active >= 0)? pcrpted : 0)]
+        ((tls_in.active >= 0)? pcrpted : 0)]
       :
-      protocols[pnormal + ((tls_active >= 0)? pcrpted : 0)])
+      protocols[pnormal + ((tls_in.active >= 0)? pcrpted : 0)])
       +
       ((sender_host_address != NULL)? pnlocal : 0);
 
@@ -3318,10 +3322,20 @@ while (done <= 0)
         some sites want the action that is provided. We recognize both "8BITMIME"
         and "7BIT" as body types, but take no action. */
         case ENV_MAIL_OPT_BODY:
-          if (accept_8bitmime &&
-              (strcmpic(value, US"8BITMIME") == 0 ||
-               strcmpic(value, US"7BIT") == 0) )
-            break;
+          if (accept_8bitmime) {
+            if (strcmpic(value, US"8BITMIME") == 0) {
+              body_8bitmime = 8;
+            } else if (strcmpic(value, US"7BIT") == 0) {
+              body_8bitmime = 7;
+            } else {
+              body_8bitmime = 0;
+              done = synprot_error(L_smtp_syntax_error, 501, NULL,
+                US"invalid data for BODY");
+              goto COMMAND_LOOP;
+            }
+            DEBUG(D_receive) debug_printf("8BITMIME: %d\n", body_8bitmime);
+	    break;
+          }
           arg_error = TRUE;
           break;
 
@@ -3772,12 +3786,14 @@ while (done <= 0)
       }
 
     /* If there is an ACL, re-check the synchronization afterwards, since the
-    ACL may have delayed. */
+    ACL may have delayed.  To handle cutthrough delivery enforce a dummy call
+    to get the DATA command sent. */
 
-    if (acl_smtp_predata == NULL) rc = OK; else
+    if (acl_smtp_predata == NULL && cutthrough_fd < 0) rc = OK; else
       {
+      uschar * acl= acl_smtp_predata ? acl_smtp_predata : US"accept";
       enable_dollar_recipients = TRUE;
-      rc = acl_check(ACL_WHERE_PREDATA, NULL, acl_smtp_predata, &user_msg,
+      rc = acl_check(ACL_WHERE_PREDATA, NULL, acl, &user_msg,
         &log_msg);
       enable_dollar_recipients = FALSE;
       if (rc == OK && !check_sync()) goto SYNC_FAILURE;
@@ -3911,7 +3927,7 @@ while (done <= 0)
       {
       DEBUG(D_any)
         debug_printf("Non-empty input buffer after STARTTLS; naive attack?");
-      if (tls_active < 0)
+      if (tls_in.active < 0)
         smtp_inend = smtp_inptr = smtp_inbuffer;
       /* and if TLS is already active, tls_server_start() should fail */
       }
@@ -3972,7 +3988,7 @@ while (done <= 0)
       }
 
     /* Hard failure. Reject everything except QUIT or closed connection. One
-    cause for failure is a nested STARTTLS, in which case tls_active remains
+    cause for failure is a nested STARTTLS, in which case tls_in.active remains
     set, but we must still reject all incoming commands. */
 
     DEBUG(D_tls) debug_printf("TLS failed to start\n");
@@ -3988,7 +4004,7 @@ while (done <= 0)
         break;
 
         /* It is perhaps arguable as to which exit ACL should be called here,
-        but as it is probably a situtation that almost never arises, it
+        but as it is probably a situation that almost never arises, it
         probably doesn't matter. We choose to call the real QUIT ACL, which in
         some sense is perhaps "right". */
 
@@ -4016,7 +4032,7 @@ while (done <= 0)
         break;
         }
       }
-    tls_close(TRUE);
+    tls_close(TRUE, TRUE);
     break;
     #endif
 
@@ -4041,7 +4057,7 @@ while (done <= 0)
       smtp_respond(US"221", 3, TRUE, user_msg);
 
     #ifdef SUPPORT_TLS
-    tls_close(TRUE);
+    tls_close(TRUE, TRUE);
     #endif
 
     done = 2;
@@ -4079,7 +4095,7 @@ while (done <= 0)
       buffer[0] = 0;
       Ustrcat(buffer, " AUTH");
       #ifdef SUPPORT_TLS
-      if (tls_active < 0 &&
+      if (tls_in.active < 0 &&
           verify_check_host(&tls_advertise_hosts) != FAIL)
         Ustrcat(buffer, " STARTTLS");
       #endif
@@ -4314,7 +4330,7 @@ while (done <= 0)
     incomplete_transaction_log(US"too many non-mail commands");
     log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
       "nonmail commands (last was \"%.*s\")",  host_and_ident(FALSE),
-      s - smtp_cmd_buffer, smtp_cmd_buffer);
+      (int)(s - smtp_cmd_buffer), smtp_cmd_buffer);
     smtp_notquit_exit(US"bad-commands", US"554", US"Too many nonmail commands");
     done = 1;   /* Pretend eof - drops connection */
     break;