X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fglobals.h;h=e4725a7195e10fb7484ac14a7ff436ccf12105f0;hb=9f01e50d7efc5c625614e4e055790ca4a92a52a8;hp=465266e1a5f3396667d5bc6652c9d6e69c5dda49;hpb=a45431fa71165d56a6775099fad1c8806c593b0a;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/globals.h b/src/src/globals.h index 465266e1a..e4725a719 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -88,6 +88,8 @@ typedef struct { int tlsa_usage; /* TLSA record(s) usage */ #endif uschar *cipher; /* Cipher used */ + const uschar *cipher_stdname; /* Cipher used, RFC version */ + BOOL on_connect; /* For older MTAs that don't STARTTLS */ uschar *on_connect_ports; /* Ports always tls-on-connect */ void *ourcert; /* Certificate we presented, binary */ @@ -101,11 +103,17 @@ typedef struct { OCSP_FAILED, /* verify failed */ OCSP_VFIED /* verified */ } ocsp; /* Stapled OCSP status */ +#ifdef EXPERIMENTAL_TLS_RESUME + unsigned resumption; /* Session resumption */ + BOOL host_resumable:1; + BOOL ticket_received:1; +#endif + BOOL verify_override:1; /* certificate_verified only due to tls_try_verify_hosts */ } tls_support; extern tls_support tls_in; extern tls_support tls_out; -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS extern BOOL gnutls_compat_mode; /* Less security, more compatibility */ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */ extern uschar *openssl_options; /* OpenSSL compatibility options */ @@ -120,13 +128,11 @@ extern uschar *tls_eccurve; /* EC curve */ extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ # endif extern uschar *tls_privatekey; /* Private key file */ -# ifdef EXPERIMENTAL_REQUIRETLS -extern uschar tls_requiretls; /* REQUIRETLS active for this message */ -extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */ -extern const pcre *regex_REQUIRETLS; /* for recognising the command */ -# endif extern BOOL tls_remember_esmtp; /* For YAEB */ extern uschar *tls_require_ciphers; /* So some can be avoided */ +# ifdef EXPERIMENTAL_TLS_RESUME +extern uschar *tls_resumption_hosts; /* TLS session resumption */ +# endif extern uschar *tls_try_verify_hosts; /* Optional client verification */ extern uschar *tls_verify_certificates;/* Path for certificates to check */ extern uschar *tls_verify_hosts; /* Mandatory client verification */ @@ -193,7 +199,7 @@ extern struct global_flags { #ifndef DISABLE_DKIM BOOL dkim_disable_verify :1; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC BOOL dmarc_has_been_checked :1; /* Global variable to check if test has been called yet */ BOOL dmarc_disable_verify :1; /* Set via ACL control statement. When set, DMARC verification is disabled for the current message */ BOOL dmarc_enable_forensic :1; /* Set via ACL control statement. When set, DMARC forensic reports are enabled for the current message */ @@ -251,6 +257,11 @@ extern struct global_flags { BOOL sender_name_forced :1; /* Set by -F */ BOOL sender_set_untrusted :1; /* Sender set by untrusted caller */ BOOL smtp_authenticated :1; /* Sending client has authenticated */ +#ifdef SUPPORT_PIPE_CONNECT + BOOL smtp_in_early_pipe_advertised :1; /* server advertised PIPE_CONNECT */ + BOOL smtp_in_early_pipe_no_auth :1; /* too many authenticator names */ + BOOL smtp_in_early_pipe_used :1; /* client did send early data */ +#endif BOOL smtp_in_pipelining_advertised :1; /* server advertised PIPELINING */ BOOL smtp_in_pipelining_used :1; /* server noted client using PIPELINING */ BOOL spool_file_wireformat :1; /* current -D file has CRLF rather than NL */ @@ -262,6 +273,7 @@ extern struct global_flags { BOOL tcp_fastopen_ok :1; /* appears to be supported by kernel */ BOOL tcp_in_fastopen :1; /* conn usefully used fastopen */ + BOOL tcp_in_fastopen_data :1; /* fastopen carried data */ BOOL tcp_in_fastopen_logged :1; /* one-time logging */ BOOL tcp_out_fastopen_logged :1; /* one-time logging */ BOOL timestamps_utc :1; /* Use UTC for all times */ @@ -484,19 +496,22 @@ extern BOOL disable_fsync; /* Not for normal use */ extern BOOL disable_ipv6; /* Don't do any IPv6 things */ #ifndef DISABLE_DKIM -extern unsigned dkim_collect_input; /* Runtime count of dkim signtures; tracks wether SMTP input is fed to DKIM validation */ +extern unsigned dkim_collect_input; /* Runtime count of dkim signtures; tracks whether SMTP input is fed to DKIM validation */ extern uschar *dkim_cur_signer; /* Expansion variable, holds the current "signer" domain or identity during a acl_smtp_dkim run */ extern int dkim_key_length; /* Expansion variable, length of signing key in bits */ extern void *dkim_signatures; /* Actually a (pdkim_signature *) but most files do not need to know */ extern uschar *dkim_signers; /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */ extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */ extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */ +extern uschar *dkim_verify_hashes; /* Preference order for signatures */ +extern uschar *dkim_verify_keytypes; /* Preference order for signatures */ +extern BOOL dkim_verify_minimal; /* Shortcircuit signture verification */ extern uschar *dkim_verify_overall; /* First successful domain verified, or null */ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for each of which we call the DKIM ACL */ extern uschar *dkim_verify_status; /* result for this signature */ extern uschar *dkim_verify_reason; /* result for this signature */ #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC extern uschar *dmarc_domain_policy; /* Expansion for declared policy of used domain */ extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */ extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */ @@ -734,6 +749,9 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */ extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ +#ifdef SUPPORT_PIPE_CONNECT +extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */ +#endif extern uschar *pipelining_advertise_hosts; /* As it says */ #ifndef DISABLE_PRDR extern BOOL prdr_enable; /* As it says */ @@ -742,7 +760,7 @@ extern BOOL prdr_requested; /* Connecting mail server wants PRDR */ extern BOOL preserve_message_logs; /* Save msglog files */ extern uschar *primary_hostname; /* Primary name of this computer */ extern BOOL print_topbitchars; /* Topbit chars are printing chars */ -extern uschar process_info[]; /* For SIGUSR1 output */ +extern uschar *process_info; /* For SIGUSR1 output */ extern int process_info_len; extern uschar *process_log_path; /* Alternate path */ extern BOOL prod_requires_admin; /* TRUE if prodding requires admin */ @@ -786,6 +804,7 @@ extern uschar *raw_active_hostname; /* Pre-expansion */ extern uschar *raw_sender; /* Before rewriting */ extern uschar **raw_recipients; /* Before rewriting */ extern int raw_recipients_count; +extern const uschar * rc_names[]; /* Mostly for debug output */ extern int rcpt_count; /* Count of RCPT commands in a message */ extern int rcpt_fail_count; /* Those that got 5xx */ extern int rcpt_defer_count; /* Those that got 4xx */ @@ -813,6 +832,9 @@ extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ +#ifdef SUPPORT_PIPE_CONNECT +extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ +#endif extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ extern const pcre *regex_smtp_code; /* For recognizing SMTP codes */ extern uschar *regex_vars[]; /* $regexN variables */ @@ -841,6 +863,7 @@ extern router_info routers_available[];/* Vector of available routers */ extern router_instance *routers; /* Chain of instantiated routers */ extern router_instance router_defaults;/* Default values */ extern uschar *router_name; /* Name of router last started */ +extern tree_node *router_var; /* Variables set by router */ extern ip_address_item *running_interfaces; /* Host's running interfaces */ extern uschar *running_status; /* Flag string for testing */ extern int runrc; /* rc from ${run} */ @@ -989,13 +1012,16 @@ extern BOOL system_filter_uid_set; /* TRUE if uid set */ extern blob tcp_fastopen_nodata; /* for zero-data TFO connect requests */ extern BOOL tcp_nodelay; /* Controls TCP_NODELAY on daemon */ -extern tfo_state_t tcp_out_fastopen; /* 0: no 1: conn used 2: useful */ +extern tfo_state_t tcp_out_fastopen; /* TCP fast open */ #ifdef USE_TCP_WRAPPERS extern uschar *tcp_wrappers_daemon_name; /* tcpwrappers daemon lookup name */ #endif extern int test_harness_load_avg; /* For use when testing */ extern int thismessage_size_limit; /* Limit for this message */ extern int timeout_frozen_after; /* Max time to keep frozen messages */ +#ifdef MEASURE_TIMING +extern struct timeval timestamp_startup; /* For development measurements */ +#endif extern uschar *transport_name; /* Name of transport last started */ extern int transport_count; /* Count of bytes transported */