X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ffc3d145e3819e1a3762caa1bbe8b07e723fbaf2..254f38d1c5ada5e4df0bccb385dc466549620c71:/src/src/expand.c

diff --git a/src/src/expand.c b/src/src/expand.c
index ec5660adb..2fc3a81f1 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -668,9 +668,6 @@ static var_entry var_table[] = {
   { "regex_match_string",  vtype_stringptr,   &regex_match_string },
 #endif
   { "reply_address",       vtype_reply,       NULL },
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-  { "requiretls",          vtype_bool,        &tls_requiretls },
-#endif
   { "return_path",         vtype_stringptr,   &return_path },
   { "return_size_limit",   vtype_int,         &bounce_return_size_limit },
   { "router_name",         vtype_stringptr,   &router_name },
@@ -4837,7 +4834,7 @@ while (*s != 0)
           (void)sscanf(CS now,"%u",&inow);
           (void)sscanf(CS daystamp,"%u",&iexpire);
 
-          /* When "iexpire" is < 7, a "flip" has occured.
+          /* When "iexpire" is < 7, a "flip" has occurred.
              Adjust "inow" accordingly. */
           if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
 
@@ -4934,7 +4931,7 @@ while (*s != 0)
 
     case EITEM_READSOCK:
       {
-      int fd;
+      client_conn_ctx cctx;
       int timeout = 5;
       int save_ptr = yield->ptr;
       FILE * fp;
@@ -4944,7 +4941,6 @@ while (*s != 0)
       host_item host;
       BOOL do_shutdown = TRUE;
       BOOL do_tls = FALSE;	/* Only set under SUPPORT_TLS */
-      void * tls_ctx = NULL;	/* ditto		      */
       blob reqstr;
 
       if (expand_forbid & RDO_READSOCK)
@@ -5045,11 +5041,11 @@ while (*s != 0)
             }
 
 	  /*XXX we trust that the request is idempotent.  Hmm. */
-	  fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
+	  cctx.sock = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
 		  timeout, &host, &expand_string_message,
 		  do_tls ? NULL : &reqstr);
 	  callout_address = NULL;
-	  if (fd < 0)
+	  if (cctx.sock < 0)
 	    goto SOCK_FAIL;
 	  if (!do_tls)
 	    reqstr.len = 0;
@@ -5062,7 +5058,7 @@ while (*s != 0)
 	  struct sockaddr_un sockun;         /* don't call this "sun" ! */
           int rc;
 
-          if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
+          if ((cctx.sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
             {
             expand_string_message = string_sprintf("failed to create socket: %s",
               strerror(errno));
@@ -5076,7 +5072,7 @@ while (*s != 0)
 
           sigalrm_seen = FALSE;
           ALARM(timeout);
-          rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
+          rc = connect(cctx.sock, (struct sockaddr *)(&sockun), sizeof(sockun));
           ALARM_CLR(0);
           if (sigalrm_seen)
             {
@@ -5098,14 +5094,11 @@ while (*s != 0)
 #ifdef SUPPORT_TLS
 	if (do_tls)
 	  {
+	  smtp_connect_args conn_args = {.host = &host };
 	  tls_support tls_dummy = {.sni=NULL};
 	  uschar * errstr;
 
-	  if (!(tls_ctx = tls_client_start(fd, &host, NULL, NULL,
-# ifdef SUPPORT_DANE
-				NULL,
-# endif
-	  			&tls_dummy, &errstr)))
+	  if (!tls_client_start(&cctx, &conn_args, NULL, &tls_dummy, &errstr))
 	    {
 	    expand_string_message = string_sprintf("TLS connect failed: %s", errstr);
 	    goto SOCK_FAIL;
@@ -5124,9 +5117,9 @@ while (*s != 0)
             reqstr.data);
           if ( (
 #ifdef SUPPORT_TLS
-	      tls_ctx ? tls_write(tls_ctx, reqstr.data, reqstr.len, FALSE) :
+	      do_tls ? tls_write(cctx.tls_ctx, reqstr.data, reqstr.len, FALSE) :
 #endif
-			write(fd, reqstr.data, reqstr.len)) != reqstr.len)
+			write(cctx.sock, reqstr.data, reqstr.len)) != reqstr.len)
             {
             expand_string_message = string_sprintf("request write to socket "
               "failed: %s", strerror(errno));
@@ -5139,7 +5132,7 @@ while (*s != 0)
         system doesn't have this function, make it conditional. */
 
 #ifdef SHUT_WR
-	if (!tls_ctx && do_shutdown) shutdown(fd, SHUT_WR);
+	if (!do_tls && do_shutdown) shutdown(cctx.sock, SHUT_WR);
 #endif
 
 	if (f.running_in_test_harness) millisleep(100);
@@ -5147,22 +5140,22 @@ while (*s != 0)
         /* Now we need to read from the socket, under a timeout. The function
         that reads a file can be used. */
 
-	if (!tls_ctx)
-	  fp = fdopen(fd, "rb");
+	if (!do_tls)
+	  fp = fdopen(cctx.sock, "rb");
         sigalrm_seen = FALSE;
         ALARM(timeout);
         yield =
 #ifdef SUPPORT_TLS
-	  tls_ctx ? cat_file_tls(tls_ctx, yield, sub_arg[3]) :
+	  do_tls ? cat_file_tls(cctx.tls_ctx, yield, sub_arg[3]) :
 #endif
 		    cat_file(fp, yield, sub_arg[3]);
         ALARM_CLR(0);
 
 #ifdef SUPPORT_TLS
-	if (tls_ctx)
+	if (do_tls)
 	  {
-	  tls_close(tls_ctx, TRUE);
-	  close(fd);
+	  tls_close(cctx.tls_ctx, TRUE);
+	  close(cctx.sock);
 	  }
 	else
 #endif
@@ -5664,6 +5657,12 @@ while (*s != 0)
       uschar *sub[3];
       int save_expand_nmax =
         save_expand_strings(save_expand_nstring, save_expand_nlength);
+
+      /* On reflection the original behaviour of extract-json for a string
+      result, leaving it quoted, was a mistake.  But it was already published,
+      hence the addition of jsons.  In a future major version, make json
+      work like josons, and withdraw jsons. */
+
       enum {extract_basic, extract_json, extract_jsons} fmt = extract_basic;
 
       while (isspace(*s)) s++;
@@ -5811,10 +5810,11 @@ while (*s != 0)
 	      }
 	    while (field_number > 0 && (item = json_nextinlist(&list)))
 	      field_number--;
-	    s = item;
-	    lookup_value = s;
-	    while (*s) s++;
-	    while (--s >= lookup_value && isspace(*s)) *s = '\0';
+	    if ((lookup_value = s = item))
+	      {
+	      while (*s) s++;
+	      while (--s >= lookup_value && isspace(*s)) *s = '\0';
+	      }
 	    }
 	  else
 	    {
@@ -5850,14 +5850,16 @@ while (*s != 0)
 	    }
 	  }
 
-	  if (fmt == extract_jsons)
-	    if (!(lookup_value = dewrap(lookup_value, US"\"\"")))
-	      {
-	      expand_string_message =
-		string_sprintf("%s wrapping string result for extract jsons",
-		  expand_string_message);
-	      goto EXPAND_FAILED_CURLY;
-	      }
+	  if (  fmt == extract_jsons
+	     && lookup_value
+	     && !(lookup_value = dewrap(lookup_value, US"\"\"")))
+	    {
+	    expand_string_message =
+	      string_sprintf("%s wrapping string result for extract jsons",
+		expand_string_message);
+	    goto EXPAND_FAILED_CURLY;
+	    }
+	  break;	/* json/s */
 	}
 
       /* If no string follows, $value gets substituted; otherwise there can
@@ -7094,16 +7096,11 @@ while (*s != 0)
         uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
           FALSE);
         if (t)
-          if (c != EOP_DOMAIN)
-            {
-            if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
-            yield = string_catn(yield, sub+start, end-start);
-            }
-          else if (domain != 0)
-            {
-            domain += start;
-            yield = string_catn(yield, sub+domain, end-domain);
-            }
+	  yield = c == EOP_DOMAIN
+	    ? string_cat(yield, t + domain)
+	    : c == EOP_LOCAL_PART && domain > 0
+	    ? string_catn(yield, t, domain - 1 )
+	    : string_cat(yield, t);
         continue;
         }
 
@@ -7127,7 +7124,7 @@ while (*s != 0)
 
         for (;;)
           {
-          uschar *p = parse_find_address_end(sub, FALSE);
+          uschar * p = parse_find_address_end(sub, FALSE);
           uschar saveend = *p;
           *p = '\0';
           address = parse_extract_address(sub, &error, &start, &end, &domain,
@@ -7140,7 +7137,7 @@ while (*s != 0)
           list, add in a space if the new address begins with the separator
           character, or is an empty string. */
 
-          if (address != NULL)
+          if (address)
             {
             if (yield->ptr != save_ptr && address[0] == *outsep)
               yield = string_catn(yield, US" ", 1);
@@ -7513,7 +7510,7 @@ while (*s != 0)
         continue;
         }
 
-      /* Handle time period formating */
+      /* Handle time period formatting */
 
       case EOP_TIME_EVAL:
         {