.vitem &$sender_host_address$&
.vindex "&$sender_host_address$&"
-When a message is received from a remote host, this variable contains that
-host's IP address. For locally submitted messages, it is empty.
+When a message is received from a remote host using SMTP,
+this variable contains that
+host's IP address. For locally non-SMTP submitted messages, it is empty.
.vitem &$sender_host_authenticated$&
.vindex "&$sender_host_authenticated$&"
adjusted lightly. An unrecognised item will be detected at startup, by
invoking Exim with the &%-bV%& flag.
+The option affects Exim operating both as a server and as a client.
+
Historical note: prior to release 4.80, Exim defaulted this value to
"+dont_insert_empty_fragments", which may still be needed for compatibility
with some clients, but which lowers security by increasing exposure to
some now infamous attacks.
-An example:
+Examples:
.code
# Make both old MS and old Eudora happy:
openssl_options = -all +microsoft_big_sslv3_buffer \
+dont_insert_empty_fragments
+
+# Disable older protocol versions:
+openssl_options = +no_sslv2 +no_sslv3
.endd
Possible options may include:
as part of the &[gnutls_priority_init]& function. This is very similar to the
ciphersuite specification in OpenSSL.
-The &%tls_require_ciphers%& option is treated as the GnuTLS priority string.
+The &%tls_require_ciphers%& option is treated as the GnuTLS priority string
+and controls both protocols and ciphers.
The &%tls_require_ciphers%& option is available both as an global option,
controlling how Exim behaves as a server, and also as an option of the
&url(http://www.gnutls.org/manual/gnutls.html#Listing-the-ciphersuites-in-a-priority-string, then the example code)
on that site can be used to test a given string.
+For example:
+.code
+# Disable older versions of protocols
+tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
+.endd
+
Prior to Exim 4.80, an older API of GnuTLS was used, and Exim supported three
additional options, "&%gnutls_require_kx%&", "&%gnutls_require_mac%&" and
"&%gnutls_require_protocols%&". &%tls_require_ciphers%& was an Exim list.
raised for inbound connections, if the main configuration event_action
option is defined.
+TL/06 In test suite, disable OCSP for old versions of openssl which contained
+ early OCSP support, but no stapling (appears to be less than 1.0.0).
+
JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
server certificate names available under the smtp transport option
"tls_verify_cert_hostname" now do not permit multi-component wildcard
If built with EXPERIMENTAL_CERTNAMES defined, code is
included to do so for server certificates, and a new smtp transport option
-"tls_verify_cert_hostname" supported which takes a list of
-names for which the checks must be made. The host must
-also be in "tls_verify_hosts".
+"tls_verify_cert_hostnames" supported which takes a list of
+names for which the additional checks must be made.
+The option currently defaults to empty, but this may change in
+the future. "*" is probably a suitable value.
+Whether certificate verification is done at all, and the result of
+it failing, is stll under the control of "tls_verify_hosts" nad
+"tls_try_verify_hosts".
Both Subject and Subject-Alternate-Name certificate fields
are supported, as are wildcard certificates (limited to
#ifdef EXPERIMENTAL_EVENT
-int
+uschar *
event_raise(uschar * action, uschar * event, uschar * ev_data)
{
uschar * s;
{
DEBUG(D_deliver)
debug_printf("Event(%s): event_action returned \"%s\"\n", event, s);
- return DEFER;
+ return s;
}
}
-return OK;
+return NULL;
}
static void
#include "exim.h"
+#ifdef USE_GNUTLS
+# include <gnutls/gnutls.h>
+# if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP)
+# define DISABLE_OCSP
+# endif
+#endif
+
extern void init_lookup_list(void);
extern void enq_end(uschar *);
extern BOOL enq_start(uschar *);
#ifdef EXPERIMENTAL_EVENT
-extern int event_raise(uschar *, uschar *, uschar *);
+extern uschar *event_raise(uschar *, uschar *, uschar *);
#endif
extern void exim_exit(int);
extern void exim_nullstd(void);
yield);
for (h = host; h != last->next; h = h->next)
{
- debug_printf(" %s %s MX=%d ", h->name,
- (h->address == NULL)? US"<null>" : h->address, h->mx);
+ debug_printf(" %s %s MX=%d %s", h->name,
+ !h->address ? US"<null>" : h->address, h->mx,
+ h->dnssec == DS_YES ? US"DNSSEC " : US"");
if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
if (h->status >= hstatus_unusable) debug_printf("*");
debug_printf("\n");
if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
- /* if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no"); */
+ if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no");
debug_printf("\n");
}
}
}
#ifdef EXPERIMENTAL_EVENT
- /*XXX Called from both delivery and verify. Is that status observable? */
deliver_host_address = host->address;
deliver_host_port = port;
- if (event_raise(event, US"tcp:connect", NULL) == DEFER) return -1;
+ if (event_raise(event, US"tcp:connect", NULL)) return -1;
+ /* Logging? Debug? */
#endif
/* Create the socket */
unsigned int cert_list_size = 0;
gnutls_x509_crt_t crt;
int rc;
+uschar * yield;
exim_gnutls_state_st * state = gnutls_session_get_ptr(session);
cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
}
state->tlsp->peercert = crt;
- if (event_raise(state->event_action,
- US"tls:cert", string_sprintf("%d", cert_list_size)) == DEFER)
+ if ((yield = event_raise(state->event_action,
+ US"tls:cert", string_sprintf("%d", cert_list_size))))
{
log_write(0, LOG_MAIN,
- "SSL verify denied by event-action: depth=%d", cert_list_size);
+ "SSL verify denied by event-action: depth=%d: %s",
+ cert_list_size, yield);
return 1; /* reject */
}
state->tlsp->peercert = NULL;
{
X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
-uschar * ev;
static uschar txt[256];
+#ifdef EXPERIMENTAL_EVENT
+uschar * ev;
+uschar * yield;
+#endif
X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt));
depth,
X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)),
txt);
- tlsp->certificate_verified = FALSE;
*calledp = TRUE;
if (!*optionalp)
{
if (ev)
{
tlsp->peercert = X509_dup(cert);
- if (event_raise(ev, US"tls:cert", string_sprintf("%d", depth)) == DEFER)
+ if ((yield = event_raise(ev, US"tls:cert", string_sprintf("%d", depth))))
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
- "depth=%d cert=%s", depth, txt);
- tlsp->certificate_verified = FALSE;
+ "depth=%d cert=%s: %s", depth, txt, yield);
*calledp = TRUE;
- return 0; /* reject */
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+ "(host in tls_try_verify_hosts)\n");
}
X509_free(tlsp->peercert);
tlsp->peercert = NULL;
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
- return 0; /* reject */
+ *calledp = TRUE;
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+ "tls_try_verify_hosts)\n");
}
}
# else
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
- return 0; /* reject */
+ *calledp = TRUE;
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+ "tls_try_verify_hosts)\n");
}
# endif
#endif /*EXPERIMENTAL_CERTNAMES*/
#ifdef EXPERIMENTAL_EVENT
ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
if (ev)
- if (event_raise(ev, US"tls:cert", US"0") == DEFER)
+ if ((yield = event_raise(ev, US"tls:cert", US"0")))
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
- "depth=0 cert=%s", txt);
- tlsp->certificate_verified = FALSE;
+ "depth=0 cert=%s: %s", txt, yield);
*calledp = TRUE;
- return 0; /* reject */
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+ "(host in tls_try_verify_hosts)\n");
}
#endif
static uschar txt[256];
#ifdef EXPERIMENTAL_EVENT
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+uschar * yield;
#endif
X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt));
#ifdef EXPERIMENTAL_EVENT
if (client_static_cbinfo->event_action)
{
- if (event_raise(client_static_cbinfo->event_action,
- US"tls:cert", string_sprintf("%d", depth)) == DEFER)
+ if ((yield = event_raise(client_static_cbinfo->event_action,
+ US"tls:cert", string_sprintf("%d", depth))))
{
log_write(0, LOG_MAIN, "DANE verify denied by event-action: "
- "depth=%d cert=%s", depth, txt);
+ "depth=%d cert=%s: %s", depth, txt, yield);
tls_out.certificate_verified = FALSE;
return 0; /* reject */
}
ob->command_timeout)) goto RESPONSE_FAILED;
#ifdef EXPERIMENTAL_EVENT
- if (event_raise(tblock->event_action, US"smtp:connect", buffer)
- == DEFER)
+ {
+ uschar * s;
+ lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
+ : host->dnssec==DS_NO ? US"no" : NULL;
+ s = event_raise(tblock->event_action, US"smtp:connect", buffer);
+ if (s)
{
- uschar *message = US"deferred by smtp:connect event expansion";
- set_errno(addrlist, 0, message, DEFER, FALSE, NULL);
+ set_errno(addrlist, 0,
+ string_sprintf("deferred by smtp:connect event expansion: %s", s),
+ DEFER, FALSE, NULL);
yield = DEFER;
goto SEND_QUIT;
}
+ }
#endif
/* Now check if the helo_data expansion went well, and sign off cleanly if
goto RESPONSE_FAILED;
#ifdef EXPERIMENTAL_EVENT
+ lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
+ : host->dnssec==DS_NO ? US"no" : NULL;
if (event_raise(addr->transport->event_action,
- US"smtp:connect", responsebuffer) == DEFER)
+ US"smtp:connect", responsebuffer))
{
+ lookup_dnssec_authenticated = NULL;
/* Logging? Debug? */
goto RESPONSE_FAILED;
}
+ lookup_dnssec_authenticated = NULL;
#endif
}
It is controlled by a script read from its standard input, details of which are
given below. There are two options. One is -t, which must be followed directly
by a number, to specify the command timeout in seconds (e.g. -t5). The default
-timeout is 1 second. The other option is -tls-on-connect, which causes the
+timeout is 5 seconds. The other option is -tls-on-connect, which causes the
client to try to start up a TLS session as soon as it has connected, without
using the STARTTLS command. The client program connects to the given IP address
and port, using the specified interface, if one is given.
# This script outputs certain information about the environment, for use when
# testing pipe transports.
-name=`whoami 2>/dev/null` || name=`who . . | awk '{print $1}'`
+cmd=/usr/xpg4/bin/id
+[ -x $cmd ] || cmd=id
+name=`$cmd -un`
echo Test pipe script
echo Running as: $name
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host 127.0.0.1 [127.0.0.1]: 450 Temporary error
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=r1 T=t1 defer (-45): SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host ::1 [::1]: 450 Temporary error
+1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=r1 T=t1 defer (-45) H=::1 [::1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
s/\d\d-[A-Z][a-z]{2}-\d{4}\s\d\d:\d\d:\d\d/07-Mar-2000 12:21:52/g;
# Time on queue tolerance
- s/QT=1s/QT=0s/;
+ s/(QT|D)=1s/$1=0s/;
# Eximstats heading
s/Exim\sstatistics\sfrom\s\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\sto\s
# As of Exim 4.74, we log when a setgid fails; because we invoke Exim
# with -be, privileges will have been dropped, so this will always
# be the case
- next if /^changing group to \d+ failed: Operation not permitted/;
+ next if /^changing group to \d+ failed: (Operation not permitted|Not owner)/;
# We might not keep this check; rather than change all the tests, just
# ignore it as long as it succeeds; then we only need to change the
next;
}
+ # ======== log ========
+
+ elsif ($is_log)
+ {
+ # Berkeley DB version differences
+ next if / Berkeley DB error: /;
+ }
+
# ======== All files other than stderr ========
print MUNGED;
# paniclog, rejectlog, mainlog, stdout, stderr, msglog, mail
# Search strings starting with 's' do substitutions;
# with '/' do line-skips.
+# Triggered by a scriptfile line "munge <name>"
##################################################
$munges =
{ 'dnssec' =>
'gnutls_handshake' =>
{ 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/', },
- 'tpda' =>
- { 'stdout' => '/tpda_event_action =/', },
+ 'optional_events' =>
+ { 'stdout' => '/event_action =/', },
+
+ 'optional_ocsp' =>
+ { 'stderr' => '/127.0.0.1 in hosts_requ(ire|est)_ocsp/', },
};
$parm_caller_group = getgrgid($parm_caller_gid);
-print "Program caller is $parm_caller, whose group is $parm_caller_group\n";
+print "Program caller is $parm_caller ($parm_caller_uid), whose group is $parm_caller_group ($parm_caller_gid)\n";
print "Home directory is $parm_caller_home\n";
unless (defined $parm_eximgroup)
# .ifdef etc
-munge tpda
+#
+munge optional_events
+#
exim -bP accept_8bitmime acl_not_smtp acl_smtp_auth acl_smtp_connect acl_smtp_data acl_smtp_etrn acl_smtp_expn acl_smtp_mail acl_smtp_rcpt acl_smtp_vrfy
****
exim -DAA -bP accept_8bitmime acl_not_smtp acl_smtp_auth acl_smtp_connect acl_smtp_data acl_smtp_etrn acl_smtp_expn acl_smtp_mail acl_smtp_rcpt acl_smtp_vrfy
killdaemon
exim -DSERVER=server -DD6=disable_ipv6 -bd -oX PORT_D
****
-1
+85
client HOSTIPV6 PORT_D
****
killdaemon
# cutthrough_delivery to target offering TLS
+#
+munge optional_ocsp
+#
exim -DSERVER=server -bd -oX PORT_D
****
exim -d-all+acl+transport+expand+lists -bs
/* TLS support can be optionally included, either for OpenSSL or GnuTLS. The
latter needs a whole pile of tables. */
-
#ifdef HAVE_OPENSSL
# define HAVE_TLS
# include <openssl/crypto.h>
# include <openssl/ssl.h>
# include <openssl/err.h>
# include <openssl/rand.h>
-# include <openssl/ocsp.h>
+
+# if OPENSSL_VERSION_NUMBER < 0x0090806fL && !defined(DISABLE_OCSP) && !defined(OPENSSL_NO_TLSEXT)
+# warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile"
+# define DISABLE_OCSP
+# endif
+# ifndef DISABLE_OCSP
+# include <openssl/ocsp.h>
+# endif
#endif
}
+#ifndef DISABLE_OCSP
static int
tls_client_stapling_cb(SSL *s, void *arg)
{
X509_STORE_free(store);
return ret;
}
+#endif
/*************************************************
tls_start(int sock, SSL **ssl, SSL_CTX *ctx)
{
int rc;
-static const char *sid_ctx = "exim";
+static const unsigned char *sid_ctx = US"exim";
RAND_load_file("client.c", -1); /* Not *very* random! */
*ssl = SSL_new (ctx);
-SSL_set_session_id_context(*ssl, sid_ctx, strlen(sid_ctx));
+SSL_set_session_id_context(*ssl, sid_ctx, strlen(CS sid_ctx));
SSL_set_fd (*ssl, sock);
SSL_set_connect_state(*ssl);
+#ifndef DISABLE_OCSP
if (ocsp_stapling)
{
SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);
SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE));
SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp);
}
+#endif
signal(SIGALRM, sigalrm_handler_flag);
sigalrm_seen = 0;
if (rc < 0)
{
close(sock);
- printf("failed: %s\n", strerror(save_errno));
+ printf("connect failed: %s\n", strerror(save_errno));
exit(85);
}
}
#endif
-while (fgets(outbuffer, sizeof(outbuffer), stdin) != NULL)
+while (fgets(CS outbuffer, sizeof(outbuffer), stdin) != NULL)
{
- int n = (int)strlen(outbuffer);
+ int n = (int)strlen(CS outbuffer);
while (n > 0 && isspace(outbuffer[n-1])) n--;
outbuffer[n] = 0;
/* Expect incoming */
- if (strncmp(outbuffer, "??? ", 4) == 0)
+ if (strncmp(CS outbuffer, "??? ", 4) == 0)
{
unsigned char *lineptr;
printf("%s\n", outbuffer);
}
printf("<<< %s\n", lineptr);
- if (strncmp(lineptr, outbuffer + 4, (int)strlen(outbuffer) - 4) != 0)
+ if (strncmp(CS lineptr, CS outbuffer + 4, (int)strlen(CS outbuffer) - 4) != 0)
{
printf("\n******** Input mismatch ********\n");
exit(79);
/* Wait for a bit before proceeding */
- else if (strncmp(outbuffer, "+++ ", 4) == 0)
+ else if (strncmp(CS outbuffer, "+++ ", 4) == 0)
{
printf("%s\n", outbuffer);
- sleep(atoi(outbuffer + 4));
+ sleep(atoi(CS outbuffer + 4));
}
/* Send outgoing, but barf if unconsumed incoming */
/* Shutdown TLS */
- if (strcmp(outbuffer, "stoptls") == 0 ||
- strcmp(outbuffer, "STOPTLS") == 0)
+ if (strcmp(CS outbuffer, "stoptls") == 0 ||
+ strcmp(CS outbuffer, "STOPTLS") == 0)
{
if (!tls_active)
{
/* Remember that we sent STARTTLS */
- sent_starttls = (strcmp(outbuffer, "starttls") == 0 ||
- strcmp(outbuffer, "STARTTLS") == 0);
+ sent_starttls = (strcmp(CS outbuffer, "starttls") == 0 ||
+ strcmp(CS outbuffer, "STARTTLS") == 0);
/* Fudge: if the command is "starttls_wait", we send the starttls bit,
but we haven't set the flag, so that there is no negotiation. This is for
testing the server's timeout. */
- if (strcmp(outbuffer, "starttls_wait") == 0)
+ if (strcmp(CS outbuffer, "starttls_wait") == 0)
{
outbuffer[8] = 0;
n = 8;
#endif
printf(">>> %s\n", outbuffer);
- strcpy(outbuffer + n, "\r\n");
+ strcpy(CS outbuffer + n, "\r\n");
/* Turn "\n" and "\r" into the relevant characters. This is a hack. */
- while ((escape = strstr(outbuffer, "\\r")) != NULL)
+ while ((escape = US strstr(CS outbuffer, "\\r")) != NULL)
{
*escape = '\r';
memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);
n--;
}
- while ((escape = strstr(outbuffer, "\\n")) != NULL)
+ while ((escape = US strstr(CS outbuffer, "\\n")) != NULL)
{
*escape = '\n';
memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);
#include <ctype.h>
#include <stdarg.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <errno.h>
char buffer[256];
va_list ap;
va_start(ap, format);
-vsprintf(buffer, format, ap);
+vsprintf(buffer, CS format, ap);
va_end(ap);
yield = (uschar *)malloc(Ustrlen(buffer) + 1);
Ustrcpy(yield, buffer);
case ns_t_mx:
pk = shortfield(&p, pk);
- if (ep[-1] != '.') sprintf(ep, "%s.", zone);
+ if (ep[-1] != '.') sprintf(CS ep, "%s.", zone);
pk = packname(p, pk);
plen = Ustrlen(p);
break;
case ns_t_cname:
case ns_t_ns:
case ns_t_ptr:
- if (ep[-1] != '.') sprintf(ep, "%s.", zone);
+ if (ep[-1] != '.') sprintf(CS ep, "%s.", zone);
pk = packname(p, pk);
plen = Ustrlen(p);
break;
/* Find the zones */
-(void)sprintf(buffer, "%s/../dnszones", argv[1]);
+(void)sprintf(CS buffer, "%s/../dnszones", argv[1]);
d = opendir(CCS buffer);
if (d == NULL)
while ((de = readdir(d)) != NULL)
{
- uschar *name = de->d_name;
+ uschar *name = US de->d_name;
if (Ustrncmp(name, "qualify.", 8) == 0)
{
- qualify = fcopystring("%s", name + 7);
+ qualify = fcopystring(US "%s", name + 7);
continue;
}
if (Ustrncmp(name, "db.", 3) != 0) continue;
if (Ustrncmp(name + 3, "ip4.", 4) == 0)
- zones[zonecount].zone = fcopystring("%s.in-addr.arpa", name + 6);
+ zones[zonecount].zone = fcopystring(US "%s.in-addr.arpa", name + 6);
else if (Ustrncmp(name + 3, "ip6.", 4) == 0)
- zones[zonecount].zone = fcopystring("%s.ip6.arpa", name + 6);
+ zones[zonecount].zone = fcopystring(US "%s.ip6.arpa", name + 6);
else
- zones[zonecount].zone = fcopystring("%s", name + 2);
- zones[zonecount++].zonefile = fcopystring("%s", name);
+ zones[zonecount].zone = fcopystring(US "%s", name + 2);
+ zones[zonecount++].zonefile = fcopystring(US "%s", name);
}
(void)closedir(d);
return PASS_ON;
}
-(void)sprintf(buffer, "%s/../dnszones/%s", argv[1], zonefile);
+(void)sprintf(CS buffer, "%s/../dnszones/%s", argv[1], zonefile);
/* Initialize the start of the response packet. We don't have to fake up
everything, because we know that Exim will look only at the answer and
/* Open the zone file. */
-f = fopen(buffer, "r");
+f = fopen(CS buffer, "r");
if (f == NULL)
{
fprintf(stderr, "fakens: failed to open %s: %s\n", buffer, strerror(errno));
#include <errno.h>
#include <unistd.h>
+#ifndef CS
+# define CS (char *)
+#endif
+
static FILE *log;
/* Read the script, and do what it says. */
-while (fgets(sbuffer, sizeof(sbuffer), script) != NULL)
+while (fgets(CS sbuffer, sizeof(sbuffer), script) != NULL)
{
- int n = (int)strlen(sbuffer);
+ int n = (int)strlen(CS sbuffer);
while (n > 0 && isspace(sbuffer[n-1])) n--;
sbuffer[n] = 0;
before continuing. Do not write this to the log, as it may not get
written at the right place in a log that's being shared. */
- else if (strncmp(sbuffer, "*sleep ", 7) == 0)
+ else if (strncmp(CS sbuffer, "*sleep ", 7) == 0)
{
- sleep(atoi(sbuffer+7));
+ sleep(atoi(CS sbuffer+7));
}
/* Otherwise the script line is the start of an input line we are expecting
else
{
- int data = strcmp(sbuffer, ".") == 0;
+ int data = strcmp(CS sbuffer, ".") == 0;
fprintf(log, "%s\n", sbuffer);
fflush(log);
{
int n;
alarm(5);
- if (fgets(ibuffer, sizeof(ibuffer), stdin) == NULL)
+ if (fgets(CS ibuffer, sizeof(ibuffer), stdin) == NULL)
{
fprintf(log, "%sxpected EOF read from client\n",
- (strncmp(sbuffer, "*eof", 4) == 0)? "E" : "Une");
+ (strncmp(CS sbuffer, "*eof", 4) == 0)? "E" : "Une");
goto END_OFF;
}
alarm(0);
- n = (int)strlen(ibuffer);
+ n = (int)strlen(CS ibuffer);
while (n > 0 && isspace(ibuffer[n-1])) n--;
ibuffer[n] = 0;
fprintf(log, "<<< %s\n", ibuffer);
- if (!data || strcmp(ibuffer, ".") == 0) break;
+ if (!data || strcmp(CS ibuffer, ".") == 0) break;
}
/* Check received what was expected */
- if (strncmp(sbuffer, ibuffer, (int)strlen(sbuffer)) != 0)
+ if (strncmp(CS sbuffer, CS ibuffer, (int)strlen(CS sbuffer)) != 0)
{
fprintf(log, "Comparison failed - bailing out\n");
goto END_OFF;
#include <utime.h>
#ifdef AF_INET6
-#define HAVE_IPV6 1
+# define HAVE_IPV6 1
#endif
#ifndef S_ADDR_TYPE
-#define S_ADDR_TYPE u_long
+# define S_ADDR_TYPE u_long
+#endif
+
+#ifndef CS
+# define CS (char *)
#endif
to do. The driving script adds the "++++" automatically - it doesn't actually
appear in the test script. */
-while (fgets(buffer, sizeof(buffer), stdin) != NULL)
+while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
{
line *next;
- int n = (int)strlen(buffer);
+ int n = (int)strlen(CS buffer);
while (n > 0 && isspace(buffer[n-1])) n--;
buffer[n] = 0;
- if (strcmp(buffer, "++++") == 0) break;
+ if (strcmp(CS buffer, "++++") == 0) break;
next = malloc(sizeof(line) + n);
next->next = NULL;
- strcpy(next->line, buffer);
+ strcpy(next->line, CS buffer);
if (last == NULL) script = last = next;
else last->next = next;
last = next;
dup_accept_socket = dup(accept_socket);
if (port > 0)
- printf("\nConnection request from [%s]\n", host_ntoa(&accepted, buffer));
+ printf("\nConnection request from [%s]\n", host_ntoa(&accepted, CS buffer));
else
{
printf("\nConnection request\n");
{
int n;
alarm(timeout);
- if (fgets(buffer+offset, sizeof(buffer)-offset, in) == NULL)
+ if (fgets(CS buffer+offset, sizeof(buffer)-offset, in) == NULL)
{
printf("%sxpected EOF read from client\n",
(strncmp(ss, "*eof", 4) == 0)? "E" : "Une");
goto END_OFF;
}
alarm(0);
- n = (int)strlen(buffer);
+ n = (int)strlen(CS buffer);
while (n > 0 && isspace(buffer[n-1])) n--;
buffer[n] = 0;
printf("%s\n", buffer);
- if (!data || strcmp(buffer, ".") == 0) break;
+ if (!data || strcmp(CS buffer, ".") == 0) break;
}
- if (strncmp(ss, buffer, (int)strlen(ss)) != 0)
+ if (strncmp(ss, CS buffer, (int)strlen(ss)) != 0)
{
printf("Comparison failed - bailing out\n");
printf("Expected: %s\n", ss);
127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
SMTP>> STARTTLS
SMTP<< 220 TLS go ahead
-127.0.0.1 in hosts_require_ocsp? no (option unset)
-127.0.0.1 in hosts_request_ocsp? yes (matched "*")
in tls_verify_hosts? no (option unset)
in tls_try_verify_hosts? no (option unset)
SMTP>> EHLO myhost.test.ex
??? 221
<<< 221 myhost.test.ex closing connection
End of script
-Connecting to ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6 port 1225 ... failed: Connection refused
+Connecting to ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6 port 1225 ... connect failed: Connection refused
+++++++++++++++++++++++++++
- T:127.0.0.1:127.0.0.1:1224:10HmaX-0005vi-00 -45 12865 SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host 127.0.0.1 [127.0.0.1]: 450 Temporary error
+ T:127.0.0.1:127.0.0.1:1224:10HmaX-0005vi-00 -45 12865 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
first failed = time last try = time2 next try = time2 + 7200
- T:::1:::1:1224:10HmaX-0005vi-00 -45 12865 SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host ::1 [::1]: 450 Temporary error
+ T:::1:::1:1224:10HmaX-0005vi-00 -45 12865 H=::1 [::1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
first failed = time last try = time2 next try = time2 + 7200
-Transport: 127.0.0.1 [127.0.0.1]:1111 10HmaX-0005vi-00 error -45: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host 127.0.0.1 [127.0.0.1]: 450 Temporary error
+Transport: 127.0.0.1 [127.0.0.1]:1111 10HmaX-0005vi-00 error -45: H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
first failed: 07-Mar-2000 12:21:52
last tried: 07-Mar-2000 12:21:52
next try at: 07-Mar-2000 12:21:52
-Transport: ::1 [::1]:1111 10HmaX-0005vi-00 error -45: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host ::1 [::1]: 450 Temporary error
+Transport: [:1:::1:1224:10HmaX-0005vi-00]:1224 10HmaX-0005vi-00 error -45: H=::1 [::1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
first failed: 07-Mar-2000 12:21:52
last tried: 07-Mar-2000 12:21:52
next try at: 07-Mar-2000 12:21:52
exinext exit code = 0
-Transport: ::1 [::1]:1111 10HmaX-0005vi-00 error -45: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: host ::1 [::1]: 450 Temporary error
+Transport: [:1:::1:1224:10HmaX-0005vi-00] error -45: H=::1 [::1]: SMTP error from remote mail server after MAIL FROM:<CALLER@the.local.host.name>: 450 Temporary error
first failed: 07-Mar-2000 12:21:52
last tried: 07-Mar-2000 12:21:52
next try at: 07-Mar-2000 12:21:52