git://git.exim.org
/
users
/
heiko
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
506900a
)
Refactor common uses of list-checking
author
Jeremy Harris
<jgh146exb@wizmail.org>
Thu, 20 Nov 2014 16:32:35 +0000
(16:32 +0000)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 12 Jan 2015 18:58:33 +0000
(18:58 +0000)
src/src/functions.h
patch
|
blob
|
history
src/src/tls-gnu.c
patch
|
blob
|
history
src/src/tls-openssl.c
patch
|
blob
|
history
src/src/transports/smtp.c
patch
|
blob
|
history
src/src/verify.c
patch
|
blob
|
history
diff --git
a/src/src/functions.h
b/src/src/functions.h
index 32d2997d5372c913cbd3ebe9a80fc2bcc9ebca27..a74c94b83efe800aa1cda7476c761803862ecb30 100644
(file)
--- a/
src/src/functions.h
+++ b/
src/src/functions.h
@@
-452,6
+452,7
@@
extern int verify_check_headers(uschar **);
extern int verify_check_header_names_ascii(uschar **);
extern int verify_check_host(uschar **);
extern int verify_check_notblind(void);
extern int verify_check_header_names_ascii(uschar **);
extern int verify_check_host(uschar **);
extern int verify_check_notblind(void);
+extern int verify_check_given_host(uschar **, host_item *);
extern int verify_check_this_host(uschar **, unsigned int *, uschar*,
uschar *, uschar **);
extern address_item *verify_checked_sender(uschar *);
extern int verify_check_this_host(uschar **, unsigned int *, uschar*,
uschar *, uschar **);
extern address_item *verify_checked_sender(uschar *);
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index 9d72ebc66e3a391e0f3ea90d3c635769c7469e1c..bdc032f35ca3d1e92a08db13b2c9a961eaed7382 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-1776,8
+1776,7
@@
static void
tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
smtp_transport_options_block * ob)
{
tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
smtp_transport_options_block * ob)
{
-if (verify_check_this_host(&ob->tls_verify_cert_hostnames, NULL,
- host->name, host->address, NULL) == OK)
+if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
{
state->exp_tls_verify_cert_hostnames = host->name;
DEBUG(D_tls)
{
state->exp_tls_verify_cert_hostnames = host->name;
DEBUG(D_tls)
@@
-1819,11
+1818,10
@@
int rc;
const char *error;
exim_gnutls_state_st *state = NULL;
#ifndef DISABLE_OCSP
const char *error;
exim_gnutls_state_st *state = NULL;
#ifndef DISABLE_OCSP
-BOOL require_ocsp =
verify_check_this_host(&ob->hosts_require_ocsp,
-
NULL, host->name, host->address, NULL
) == OK;
+BOOL require_ocsp =
+
verify_check_given_host(&ob->hosts_require_ocsp, host
) == OK;
BOOL request_ocsp = require_ocsp ? TRUE
BOOL request_ocsp = require_ocsp ? TRUE
- : verify_check_this_host(&ob->hosts_request_ocsp,
- NULL, host->name, host->address, NULL) == OK;
+ : verify_check_given_host(&ob->hosts_request_ocsp, host) == OK;
#endif
DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
#endif
DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
@@
-1858,8
+1856,7
@@
if ( ( state->exp_tls_verify_certificates
&& !ob->tls_verify_hosts
&& !ob->tls_try_verify_hosts
)
&& !ob->tls_verify_hosts
&& !ob->tls_try_verify_hosts
)
- || verify_check_this_host(&ob->tls_verify_hosts, NULL,
- host->name, host->address, NULL) == OK
+ || verify_check_given_host(&ob->tls_verify_hosts, host) == OK
)
{
#ifdef EXPERIMENTAL_CERTNAMES
)
{
#ifdef EXPERIMENTAL_CERTNAMES
@@
-1870,8
+1867,7
@@
if ( ( state->exp_tls_verify_certificates
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
-else if (verify_check_this_host(&ob->tls_try_verify_hosts, NULL,
- host->name, host->address, NULL) == OK)
+else if (verify_check_given_host(&ob->tls_try_verify_hosts, host) == OK)
{
#ifdef EXPERIMENTAL_CERTNAMES
tls_client_setup_hostname_checks(host, state, ob);
{
#ifdef EXPERIMENTAL_CERTNAMES
tls_client_setup_hostname_checks(host, state, ob);
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index c23ac031f5b544f6486710e4e8b24344c0a539e6..43fbaa41aba5dc8e82d359ddaaef6dead78bcef3 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-1684,12
+1684,10
@@
int rc;
the specified host patterns if one of them is defined */
if ( (!ob->tls_verify_hosts && !ob->tls_try_verify_hosts)
the specified host patterns if one of them is defined */
if ( (!ob->tls_verify_hosts && !ob->tls_try_verify_hosts)
- || (verify_check_this_host(&ob->tls_verify_hosts, NULL,
- host->name, host->address, NULL) == OK)
+ || (verify_check_given_host(&ob->tls_verify_hosts, host) == OK)
)
client_verify_optional = FALSE;
)
client_verify_optional = FALSE;
-else if (verify_check_this_host(&ob->tls_try_verify_hosts, NULL,
- host->name, host->address, NULL) == OK)
+else if (verify_check_given_host(&ob->tls_try_verify_hosts, host) == OK)
client_verify_optional = TRUE;
else
return OK;
client_verify_optional = TRUE;
else
return OK;
@@
-1699,8
+1697,7
@@
if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
return rc;
#ifdef EXPERIMENTAL_CERTNAMES
return rc;
#ifdef EXPERIMENTAL_CERTNAMES
-if (verify_check_this_host(&ob->tls_verify_cert_hostnames, NULL,
- host->name, host->address, NULL) == OK)
+if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
{
cbinfo->verify_cert_hostnames = host->name;
DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
{
cbinfo->verify_cert_hostnames = host->name;
DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
@@
-1829,15
+1826,15
@@
tls_out.tlsa_usage = 0;
}
# endif
}
# endif
- if ((require_ocsp =
verify_check_this_host(&ob->hosts_require_ocsp,
-
NULL, host->name, host->address, NULL
) == OK))
+ if ((require_ocsp =
+
verify_check_given_host(&ob->hosts_require_ocsp, host
) == OK))
request_ocsp = TRUE;
else
# ifdef EXPERIMENTAL_DANE
if (!request_ocsp)
# endif
request_ocsp = TRUE;
else
# ifdef EXPERIMENTAL_DANE
if (!request_ocsp)
# endif
- request_ocsp =
verify_check_this_host(&ob->hosts_request_ocsp,
-
NULL, host->name, host->address, NULL
) == OK;
+ request_ocsp =
+
verify_check_given_host(&ob->hosts_request_ocsp, host
) == OK;
}
#endif
}
#endif
@@
-1940,11
+1937,9
@@
if (request_ocsp)
{ /* Re-eval now $tls_out_tlsa_usage is populated. If
this means we avoid the OCSP request, we wasted the setup
cost in tls_init(). */
{ /* Re-eval now $tls_out_tlsa_usage is populated. If
this means we avoid the OCSP request, we wasted the setup
cost in tls_init(). */
- require_ocsp = verify_check_this_host(&ob->hosts_require_ocsp,
- NULL, host->name, host->address, NULL) == OK;
- request_ocsp = require_ocsp ? TRUE
- : verify_check_this_host(&ob->hosts_request_ocsp,
- NULL, host->name, host->address, NULL) == OK;
+ require_ocsp = verify_check_given_host(&ob->hosts_require_ocsp, host) == OK;
+ request_ocsp = require_ocsp
+ || verify_check_given_host(&ob->hosts_request_ocsp, host) == OK;
}
}
# endif
}
}
# endif
diff --git
a/src/src/transports/smtp.c
b/src/src/transports/smtp.c
index 69bbc4d0c8df1295907f5b9dc0572bffa01d5865..f919508bcbafe9363ff020d2038e925a2b082999 100644
(file)
--- a/
src/src/transports/smtp.c
+++ b/
src/src/transports/smtp.c
@@
-976,8
+976,7
@@
uschar *fail_reason = US"server did not advertise AUTH support";
smtp_authenticated = FALSE;
client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
smtp_authenticated = FALSE;
client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
-require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
- host->name, host->address, NULL);
+require_auth = verify_check_given_host(&ob->hosts_require_auth, host);
if (is_esmtp && !regex_AUTH) regex_AUTH =
regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
if (is_esmtp && !regex_AUTH) regex_AUTH =
regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
@@
-992,8
+991,7
@@
if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
regex match above. */
if (require_auth == OK ||
regex match above. */
if (require_auth == OK ||
- verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
- host->address, NULL) == OK)
+ verify_check_given_host(&ob->hosts_try_auth, host) == OK)
{
auth_instance *au;
fail_reason = US"no common mechanisms were found";
{
auth_instance *au;
fail_reason = US"no common mechanisms were found";
@@
-1379,14
+1377,12
@@
if (continue_hostname == NULL)
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
- dane_required = verify_check_this_host(&ob->hosts_require_dane, NULL,
- host->name, host->address, NULL) == OK;
+ dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
if (host->dnssec == DS_YES)
{
if( dane_required
if (host->dnssec == DS_YES)
{
if( dane_required
- || verify_check_this_host(&ob->hosts_try_dane, NULL,
- host->name, host->address, NULL) == OK
+ || verify_check_given_host(&ob->hosts_try_dane, host) == OK
)
if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
return rc;
)
if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
return rc;
@@
-1482,8
+1478,7
@@
goto SEND_QUIT;
mailers use upper case for some reason (the RFC is quite clear about case
independence) so, for peace of mind, I gave in. */
mailers use upper case for some reason (the RFC is quite clear about case
independence) so, for peace of mind, I gave in. */
- esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
- host->name, host->address, NULL) != OK;
+ esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK;
/* Alas; be careful, since this goto is not an error-out, so conceivably
we might set data between here and the target which we assume to exist
/* Alas; be careful, since this goto is not an error-out, so conceivably
we might set data between here and the target which we assume to exist
@@
-1541,11
+1536,10
@@
goto SEND_QUIT;
#endif
#ifndef DISABLE_PRDR
#endif
#ifndef DISABLE_PRDR
- prdr_offered = esmtp &&
- (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0) &&
- (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
- host->address, NULL) == OK);
+ prdr_offered = esmtp
+ && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
+ PCRE_EOPT, NULL, 0) >= 0
+ && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
if (prdr_offered)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
if (prdr_offered)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
@@
-1575,9
+1569,9
@@
the client not be required to use TLS. If the response is bad, copy the buffer
for error analysis. */
#ifdef SUPPORT_TLS
for error analysis. */
#ifdef SUPPORT_TLS
-if (
tls_offered && !suppress_tls &&
- verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
-
host->address, NULL
) != OK)
+if (
tls_offered
+ && !suppress_tls
+
&& verify_check_given_host(&ob->hosts_avoid_tls, host
) != OK)
{
uschar buffer2[4096];
if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
{
uschar buffer2[4096];
if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
@@
-1695,8
+1689,7
@@
else if (
# ifdef EXPERIMENTAL_DANE
dane ||
# endif
# ifdef EXPERIMENTAL_DANE
dane ||
# endif
- verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
- host->address, NULL) == OK
+ verify_check_given_host(&ob->hosts_require_tls, host) == OK
)
{
save_errno = ERRNO_TLSREQUIRED;
)
{
save_errno = ERRNO_TLSREQUIRED;
@@
-1736,21
+1729,19
@@
if (continue_hostname == NULL
the current host, esmtp will be false, so PIPELINING can never be used. If
the current host matches hosts_avoid_pipelining, don't do it. */
the current host, esmtp will be false, so PIPELINING can never be used. If
the current host matches hosts_avoid_pipelining, don't do it. */
- smtp_use_pipelining = esmtp &&
- verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
- host->address, NULL) != OK &&
- pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
+ smtp_use_pipelining = esmtp
+ && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK
+ && pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
+ PCRE_EOPT, NULL, 0) >= 0;
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_use_pipelining? "" : "not ");
#ifndef DISABLE_PRDR
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_use_pipelining? "" : "not ");
#ifndef DISABLE_PRDR
- prdr_offered = esmtp &&
- pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0 &&
- verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
- host->address, NULL) == OK;
+ prdr_offered = esmtp
+ && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
+ PCRE_EOPT, NULL, 0) >= 0
+ && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
if (prdr_offered)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
if (prdr_offered)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
@@
-2537,15
+2528,15
@@
DEBUG(D_transport)
if (completed_address && ok && send_quit)
{
BOOL more;
if (completed_address && ok && send_quit)
{
BOOL more;
- if (
first_addr != NULL || continue_more ||
- (
- (tls_out.active < 0 ||
- verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
-
host->address, NULL) != OK
)
+ if (
first_addr != NULL
+ || continue_more
+ || ( ( tls_out.active < 0
+ || verify_check_given_host(&ob->hosts_nopass_tls, host) != OK
+ )
&&
transport_check_waiting(tblock->name, host->name,
tblock->connection_max_messages, new_message_id, &more)
&&
transport_check_waiting(tblock->name, host->name,
tblock->connection_max_messages, new_message_id, &more)
-
)
)
+
)
)
{
uschar *msg;
BOOL pass_message;
{
uschar *msg;
BOOL pass_message;
@@
-3260,8
+3251,7
@@
for (cutoff_retry = 0; expired &&
sending the message down a pre-existing connection. */
if (!continuing &&
sending the message down a pre-existing connection. */
if (!continuing &&
- verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
- host->address, NULL) == OK)
+ verify_check_given_host(&ob->serialize_hosts, host) == OK)
{
serialize_key = string_sprintf("host-serialize-%s", host->name);
if (!enq_start(serialize_key))
{
serialize_key = string_sprintf("host-serialize-%s", host->name);
if (!enq_start(serialize_key))
@@
-3404,8
+3394,7
@@
for (cutoff_retry = 0; expired &&
if ( rc == DEFER
&& first_addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
if ( rc == DEFER
&& first_addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
- && verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
- host->address, NULL) != OK
+ && verify_check_given_host(&ob->hosts_require_tls, host) != OK
)
{
log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
)
{
log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
diff --git
a/src/src/verify.c
b/src/src/verify.c
index b74d6ab5e6b40049ba8715688eff40bb4004a882..96740f8f382acdf44f13ac99e940005efbfe992a 100644
(file)
--- a/
src/src/verify.c
+++ b/
src/src/verify.c
@@
-491,14
+491,13
@@
else
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
- dane_required =
verify_check_this_host(&ob->hosts_require_dane, NULL,
-
host->name, host->address, NULL
) == OK;
+ dane_required =
+
verify_check_given_host(&ob->hosts_require_dane, host
) == OK;
if (host->dnssec == DS_YES)
{
if( dane_required
if (host->dnssec == DS_YES)
{
if( dane_required
- || verify_check_this_host(&ob->hosts_try_dane, NULL,
- host->name, host->address, NULL) == OK
+ || verify_check_given_host(&ob->hosts_try_dane, host) == OK
)
if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
return rc;
)
if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
return rc;
@@
-598,8
+597,7
@@
else
}
/* Not worth checking greeting line for ESMTP support */
}
/* Not worth checking greeting line for ESMTP support */
- if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
- host->name, host->address, NULL) != OK))
+ if (!(esmtp = verify_check_given_host(&(ob->hosts_avoid_esmtp), host) != OK))
DEBUG(D_transport)
debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
DEBUG(D_transport)
debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
@@
-657,11
+655,9
@@
else
for error analysis. */
#ifdef SUPPORT_TLS
for error analysis. */
#ifdef SUPPORT_TLS
- if (tls_offered &&
- verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
- host->address, NULL) != OK &&
- verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
- host->address, NULL) != OK
+ if ( tls_offered
+ && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK
+ && verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK
)
{
uschar buffer2[4096];
)
{
uschar buffer2[4096];
@@
-709,8
+705,7
@@
else
if ( rc == DEFER
&& ob->tls_tempfail_tryclear
&& !smtps
if ( rc == DEFER
&& ob->tls_tempfail_tryclear
&& !smtps
- && verify_check_this_host(&(ob->hosts_require_tls), NULL,
- host->name, host->address, NULL) != OK
+ && verify_check_given_host(&ob->hosts_require_tls, host) != OK
)
{
(void)close(inblock.sock);
)
{
(void)close(inblock.sock);
@@
-749,8
+744,7
@@
else
#ifdef EXPERIMENTAL_DANE
dane ||
#endif
#ifdef EXPERIMENTAL_DANE
dane ||
#endif
- verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
- host->address, NULL) == OK
+ verify_check_given_host(&ob->hosts_require_tls, host) == OK
)
{
/*save_errno = ERRNO_TLSREQUIRED;*/
)
{
/*save_errno = ERRNO_TLSREQUIRED;*/
@@
-3162,6
+3156,15
@@
return rc;
+/*************************************************
+* Check the given host item matches a list *
+*************************************************/
+int
+verify_check_given_host(uschar **listptr, host_item *host)
+{
+return verify_check_this_host(listptr, NULL, host->name, host->address, NULL);
+}
+
/*************************************************
* Check the remote host matches a list *
*************************************************/
/*************************************************
* Check the remote host matches a list *
*************************************************/
git://git.exim.org / users / heiko / exim.git / commitdiff