git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
570cb1b
)
Constification
author
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 17 Sep 2018 16:20:14 +0000
(17:20 +0100)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 17 Sep 2018 16:20:14 +0000
(17:20 +0100)
src/src/functions.h
patch
|
blob
|
history
src/src/smtp_out.c
patch
|
blob
|
history
src/src/tls-gnu.c
patch
|
blob
|
history
src/src/transports/smtp.c
patch
|
blob
|
history
src/src/verify.c
patch
|
blob
|
history
diff --git
a/src/src/functions.h
b/src/src/functions.h
index 920f3d96fc4b5fb4b0dc15cbce6e65afb47abd96..f37c10733445c7d26de9599f237438d4de8e737a 100644
(file)
--- a/
src/src/functions.h
+++ b/
src/src/functions.h
@@
-570,7
+570,7
@@
extern int verify_check_headers(uschar **);
extern int verify_check_header_names_ascii(uschar **);
extern int verify_check_host(uschar **);
extern int verify_check_notblind(void);
extern int verify_check_header_names_ascii(uschar **);
extern int verify_check_host(uschar **);
extern int verify_check_notblind(void);
-extern int verify_check_given_host(
uschar **,
host_item *);
+extern int verify_check_given_host(
const uschar **, const
host_item *);
extern int verify_check_this_host(const uschar **, unsigned int *,
const uschar*, const uschar *, const uschar **);
extern address_item *verify_checked_sender(uschar *);
extern int verify_check_this_host(const uschar **, unsigned int *,
const uschar*, const uschar *, const uschar **);
extern address_item *verify_checked_sender(uschar *);
diff --git
a/src/src/smtp_out.c
b/src/src/smtp_out.c
index 6fd0bf72909d3a659d543d6f4d2016a739f04799..62d4c7333bb26bd6f4ae9543605cf93ea5d50c54 100644
(file)
--- a/
src/src/smtp_out.c
+++ b/
src/src/smtp_out.c
@@
-264,7
+264,7
@@
requested some early-data then include that in the TFO request. */
else
{
#ifdef TCP_FASTOPEN
else
{
#ifdef TCP_FASTOPEN
- if (verify_check_given_host(&ob->hosts_try_fastopen, host) == OK)
+ if (verify_check_given_host(
CUSS
&ob->hosts_try_fastopen, host) == OK)
fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
#endif
fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
#endif
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index 3e618a69756f87e6e305a1e5d80ebf6fa7842a61..9fcb50dfecee63bfed5771bfa41edb00601df9a3 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-2158,7
+2158,7
@@
static void
tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
smtp_transport_options_block * ob)
{
tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
smtp_transport_options_block * ob)
{
-if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
+if (verify_check_given_host(
CUSS
&ob->tls_verify_cert_hostnames, host) == OK)
{
state->exp_tls_verify_cert_hostnames =
#ifdef SUPPORT_I18N
{
state->exp_tls_verify_cert_hostnames =
#ifdef SUPPORT_I18N
@@
-2284,9
+2284,9
@@
uschar *cipher_list = NULL;
#ifndef DISABLE_OCSP
BOOL require_ocsp =
#ifndef DISABLE_OCSP
BOOL require_ocsp =
- verify_check_given_host(&ob->hosts_require_ocsp, host) == OK;
+ verify_check_given_host(
CUSS
&ob->hosts_require_ocsp, host) == OK;
BOOL request_ocsp = require_ocsp ? TRUE
BOOL request_ocsp = require_ocsp ? TRUE
- : verify_check_given_host(&ob->hosts_request_ocsp, host) == OK;
+ : verify_check_given_host(
CUSS
&ob->hosts_request_ocsp, host) == OK;
#endif
DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
#endif
DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
@@
-2346,7
+2346,7
@@
else
&& !ob->tls_verify_hosts
&& (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
)
&& !ob->tls_verify_hosts
&& (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
)
- || verify_check_given_host(&ob->tls_verify_hosts, host) == OK
+ || verify_check_given_host(
CUSS
&ob->tls_verify_hosts, host) == OK
)
{
tls_client_setup_hostname_checks(host, state, ob);
)
{
tls_client_setup_hostname_checks(host, state, ob);
@@
-2355,7
+2355,7
@@
else
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
-else if (verify_check_given_host(&ob->tls_try_verify_hosts, host) == OK)
+else if (verify_check_given_host(
CUSS
&ob->tls_try_verify_hosts, host) == OK)
{
tls_client_setup_hostname_checks(host, state, ob);
DEBUG(D_tls)
{
tls_client_setup_hostname_checks(host, state, ob);
DEBUG(D_tls)
diff --git
a/src/src/transports/smtp.c
b/src/src/transports/smtp.c
index aac47aa5a1fbfe6e015fc7fc64adb4926a274a2d..b2adeb555a260c5cdf92f41813adb0a905d9bc7b 100644
(file)
--- a/
src/src/transports/smtp.c
+++ b/
src/src/transports/smtp.c
@@
-1022,7
+1022,7
@@
uschar *fail_reason = US"server did not advertise AUTH support";
f.smtp_authenticated = FALSE;
client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
f.smtp_authenticated = FALSE;
client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
-require_auth = verify_check_given_host(&ob->hosts_require_auth, sx->host);
+require_auth = verify_check_given_host(
CUSS
&ob->hosts_require_auth, sx->host);
if (sx->esmtp && !regex_AUTH) regex_AUTH =
regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
if (sx->esmtp && !regex_AUTH) regex_AUTH =
regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
@@
-1037,7
+1037,7
@@
if (sx->esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
regex match above. */
if (require_auth == OK ||
regex match above. */
if (require_auth == OK ||
- verify_check_given_host(&ob->hosts_try_auth, sx->host) == OK)
+ verify_check_given_host(
CUSS
&ob->hosts_try_auth, sx->host) == OK)
{
auth_instance *au;
fail_reason = US"no common mechanisms were found";
{
auth_instance *au;
fail_reason = US"no common mechanisms were found";
@@
-1569,7
+1569,7
@@
sx->dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
sx->dane = FALSE;
sx->dane_required =
#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
sx->dane = FALSE;
sx->dane_required =
- verify_check_given_host(&sx->ob->hosts_require_dane, sx->host) == OK;
+ verify_check_given_host(
CUSS
&sx->ob->hosts_require_dane, sx->host) == OK;
#endif
if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
#endif
if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
@@
-1650,7
+1650,7
@@
if (!continue_hostname)
if (sx->host->dnssec == DS_YES)
{
if( sx->dane_required
if (sx->host->dnssec == DS_YES)
{
if( sx->dane_required
- || verify_check_given_host(&sx->ob->hosts_try_dane, sx->host) == OK
+ || verify_check_given_host(
CUSS
&sx->ob->hosts_try_dane, sx->host) == OK
)
switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required))
{
)
switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required))
{
@@
-1819,7
+1819,7
@@
goto SEND_QUIT;
mailers use upper case for some reason (the RFC is quite clear about case
independence) so, for peace of mind, I gave in. */
mailers use upper case for some reason (the RFC is quite clear about case
independence) so, for peace of mind, I gave in. */
- sx->esmtp = verify_check_given_host(&sx->ob->hosts_avoid_esmtp, sx->host) != OK;
+ sx->esmtp = verify_check_given_host(
CUSS
&sx->ob->hosts_avoid_esmtp, sx->host) != OK;
/* Alas; be careful, since this goto is not an error-out, so conceivably
we might set data between here and the target which we assume to exist
/* Alas; be careful, since this goto is not an error-out, so conceivably
we might set data between here and the target which we assume to exist
@@
-1966,9
+1966,9
@@
for error analysis. */
#ifdef SUPPORT_TLS
if ( smtp_peer_options & OPTION_TLS
&& !suppress_tls
#ifdef SUPPORT_TLS
if ( smtp_peer_options & OPTION_TLS
&& !suppress_tls
- && verify_check_given_host(&sx->ob->hosts_avoid_tls, sx->host) != OK
+ && verify_check_given_host(
CUSS
&sx->ob->hosts_avoid_tls, sx->host) != OK
&& ( !sx->verify
&& ( !sx->verify
- || verify_check_given_host(&sx->ob->hosts_verify_avoid_tls, sx->host) != OK
+ || verify_check_given_host(
CUSS
&sx->ob->hosts_verify_avoid_tls, sx->host) != OK
) )
{
uschar buffer2[4096];
) )
{
uschar buffer2[4096];
@@
-2116,7
+2116,7
@@
else if ( sx->smtps
# ifdef EXPERIMENTAL_REQUIRETLS
|| tls_requiretls & REQUIRETLS_MSG
# endif
# ifdef EXPERIMENTAL_REQUIRETLS
|| tls_requiretls & REQUIRETLS_MSG
# endif
- || verify_check_given_host(&sx->ob->hosts_require_tls, sx->host) == OK
+ || verify_check_given_host(
CUSS
&sx->ob->hosts_require_tls, sx->host) == OK
)
{
errno =
)
{
errno =
@@
-2184,14
+2184,14
@@
if (continue_hostname == NULL
the current host matches hosts_avoid_pipelining, don't do it. */
if ( sx->peer_offered & OPTION_PIPE
the current host matches hosts_avoid_pipelining, don't do it. */
if ( sx->peer_offered & OPTION_PIPE
- && verify_check_given_host(&sx->ob->hosts_avoid_pipelining, sx->host) != OK)
+ && verify_check_given_host(
CUSS
&sx->ob->hosts_avoid_pipelining, sx->host) != OK)
smtp_peer_options |= OPTION_PIPE;
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_peer_options & OPTION_PIPE ? "" : "not ");
if ( sx->peer_offered & OPTION_CHUNKING
smtp_peer_options |= OPTION_PIPE;
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_peer_options & OPTION_PIPE ? "" : "not ");
if ( sx->peer_offered & OPTION_CHUNKING
- && verify_check_given_host(&sx->ob->hosts_try_chunking, sx->host) != OK)
+ && verify_check_given_host(
CUSS
&sx->ob->hosts_try_chunking, sx->host) != OK)
sx->peer_offered &= ~OPTION_CHUNKING;
if (sx->peer_offered & OPTION_CHUNKING)
sx->peer_offered &= ~OPTION_CHUNKING;
if (sx->peer_offered & OPTION_CHUNKING)
@@
-2199,7
+2199,7
@@
if (continue_hostname == NULL
#ifndef DISABLE_PRDR
if ( sx->peer_offered & OPTION_PRDR
#ifndef DISABLE_PRDR
if ( sx->peer_offered & OPTION_PRDR
- && verify_check_given_host(&sx->ob->hosts_try_prdr, sx->host) != OK)
+ && verify_check_given_host(
CUSS
&sx->ob->hosts_try_prdr, sx->host) != OK)
sx->peer_offered &= ~OPTION_PRDR;
if (sx->peer_offered & OPTION_PRDR)
sx->peer_offered &= ~OPTION_PRDR;
if (sx->peer_offered & OPTION_PRDR)
@@
-3602,7
+3602,7
@@
if (sx.completed_addr && sx.ok && sx.send_quit)
|| (
#ifdef SUPPORT_TLS
( tls_out.active.sock < 0 && !continue_proxy_cipher
|| (
#ifdef SUPPORT_TLS
( tls_out.active.sock < 0 && !continue_proxy_cipher
- || verify_check_given_host(&sx.ob->hosts_nopass_tls, host) != OK
+ || verify_check_given_host(
CUSS
&sx.ob->hosts_nopass_tls, host) != OK
)
&&
#endif
)
&&
#endif
@@
-3658,7
+3658,7
@@
if (sx.completed_addr && sx.ok && sx.send_quit)
#ifdef SUPPORT_TLS
if (tls_out.active.sock >= 0)
if ( f.continue_more
#ifdef SUPPORT_TLS
if (tls_out.active.sock >= 0)
if ( f.continue_more
- || verify_check_given_host(&sx.ob->hosts_noproxy_tls, host) == OK)
+ || verify_check_given_host(
CUSS
&sx.ob->hosts_noproxy_tls, host) == OK)
{
/* Before passing the socket on, or returning to caller with it still
open, we must shut down TLS. Not all MTAs allow for the continuation
{
/* Before passing the socket on, or returning to caller with it still
open, we must shut down TLS. Not all MTAs allow for the continuation
@@
-4435,7
+4435,7
@@
retry_non_continued:
sending the message down a pre-existing connection. */
if ( !continue_hostname
sending the message down a pre-existing connection. */
if ( !continue_hostname
- && verify_check_given_host(&ob->serialize_hosts, host) == OK)
+ && verify_check_given_host(
CUSS
&ob->serialize_hosts, host) == OK)
{
serialize_key = string_sprintf("host-serialize-%s", host->name);
if (!enq_start(serialize_key, 1))
{
serialize_key = string_sprintf("host-serialize-%s", host->name);
if (!enq_start(serialize_key, 1))
@@
-4576,7
+4576,7
@@
retry_non_continued:
if ( rc == DEFER
&& first_addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
if ( rc == DEFER
&& first_addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
- && verify_check_given_host(&ob->hosts_require_tls, host) != OK
+ && verify_check_given_host(
CUSS
&ob->hosts_require_tls, host) != OK
)
{
log_write(0, LOG_MAIN,
)
{
log_write(0, LOG_MAIN,
diff --git
a/src/src/verify.c
b/src/src/verify.c
index 8d31f5d8e7d0e2d9ea76df0cd45d958144ee5de0..9aff78a9a83129dc0148a6d50c7bc492c364f1eb 100644
(file)
--- a/
src/src/verify.c
+++ b/
src/src/verify.c
@@
-693,7
+693,7
@@
tls_retry_connection:
if ( yield == DEFER
&& addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
if ( yield == DEFER
&& addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
- && verify_check_given_host(&ob->hosts_require_tls, host) != OK
+ && verify_check_given_host(
CUSS
&ob->hosts_require_tls, host) != OK
)
{
log_write(0, LOG_MAIN,
)
{
log_write(0, LOG_MAIN,
@@
-3244,9
+3244,9
@@
return rc;
* Check the given host item matches a list *
*************************************************/
int
* Check the given host item matches a list *
*************************************************/
int
-verify_check_given_host(
uschar **listptr,
host_item *host)
+verify_check_given_host(
const uschar **listptr, const
host_item *host)
{
{
-return verify_check_this_host(
CUSS
listptr, NULL, host->name, host->address, NULL);
+return verify_check_this_host(listptr, NULL, host->name, host->address, NULL);
}
/*************************************************
}
/*************************************************