X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=528a668b81be3f1dfda0b1730db424c893f3ecd4;hb=c09dbcfb71f4b9a42cbfd8a20e0be6bfa1b12488;hp=35b21a54d6737f5574383e1be104d6cbef767910;hpb=8ac90765750f87c573300b9e953af3d8090cab8b;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/verify.c b/src/src/verify.c index 35b21a54d..528a668b8 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -14,7 +14,7 @@ caching was contributed by Kevin Fleming (but I hacked it around a bit). */ #define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */ #define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */ -static smtp_outblock ctblock; +static smtp_context ctctx; uschar ctbuffer[8192]; @@ -370,10 +370,9 @@ cutthrough_multi(address_item * addr, host_item * host_list, transport_feedback * tf, int * yield) { BOOL done = FALSE; -host_item * host; if (addr->transport == cutthrough.addr.transport) - for (host = host_list; host; host = host->next) + for (host_item * host = host_list; host; host = host->next) if (Ustrcmp(host->address, cutthrough.host.address) == 0) { int host_af; @@ -409,7 +408,7 @@ if (addr->transport == cutthrough.addr.transport) /* Match! Send the RCPT TO, set done from the response */ done = - smtp_write_command(&ctblock, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n", + smtp_write_command(&ctctx, SCMD_FLUSH, "RCPT TO:<%.1000s>\r\n", transport_rcpt_address(addr, addr->transport->rcpt_include_affixes)) >= 0 && cutthrough_response(&cutthrough.cctx, '2', &resp, @@ -575,7 +574,6 @@ else { smtp_transport_options_block *ob = (smtp_transport_options_block *)addr->transport->options_block; - host_item * host; /* The information wasn't available in the cache, so we have to do a real callout and save the result in the cache for next time, unless no_cache is set, @@ -601,7 +599,7 @@ else and cause the client to time out. So in this case we forgo the PIPELINING optimization. */ - if (smtp_out && !disable_callout_flush) mac_smtp_fflush(); + if (smtp_out && !f.disable_callout_flush) mac_smtp_fflush(); clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ clearflag(addr, af_verify_nsfail); /* null sender callout flag */ @@ -623,7 +621,7 @@ coding means skipping this whole loop and doing the append separately. */ /* If we did not use a cached connection, make connections to the hosts and do real callouts. The list of hosts is passed in as an argument. */ - for (host = host_list; host && !done; host = host->next) + for (host_item * host = host_list; host && !done; host = host->next) { int host_af; int port = 25; @@ -669,12 +667,12 @@ coding means skipping this whole loop and doing the append separately. */ addr->message); sx.addrlist = addr; - sx.host = host; - sx.host_af = host_af, + sx.conn_args.host = host; + sx.conn_args.host_af = host_af, sx.port = port; - sx.interface = interface; + sx.conn_args.interface = interface; sx.helo_data = tf->helo_data; - sx.tblock = addr->transport; + sx.conn_args.tblock = addr->transport; sx.verify = TRUE; tls_retry_connection: @@ -693,7 +691,7 @@ tls_retry_connection: if ( yield == DEFER && addr->basic_errno == ERRNO_TLSFAILURE && ob->tls_tempfail_tryclear - && verify_check_given_host(&ob->hosts_require_tls, host) != OK + && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK ) { log_write(0, LOG_MAIN, @@ -814,9 +812,8 @@ tls_retry_connection: XXX We don't care about that for postmaster_full. Should we? */ if ((done = - smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0 && - smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), - '2', callout))) + smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 && + smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout))) break; HDEBUG(D_acl|D_v) @@ -911,9 +908,8 @@ tls_retry_connection: cancel_cutthrough_connection(TRUE, US"postmaster verify"); HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n"); - done = smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0 - && smtp_read_response(&sx.inblock, sx.buffer, - sizeof(sx.buffer), '2', callout); + done = smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 + && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout); if (done) { @@ -936,9 +932,9 @@ tls_retry_connection: done = TRUE; else done = (options & vopt_callout_fullpm) != 0 - && smtp_write_command(&sx.outblock, SCMD_FLUSH, + && smtp_write_command(&sx, SCMD_FLUSH, "RCPT TO:\r\n") >= 0 - && smtp_read_response(&sx.inblock, sx.buffer, + && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout); /* Sort out the cache record */ @@ -989,13 +985,6 @@ no_conn: done = TRUE; } break; -#endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - case ERRNO_REQUIRETLS: - addr->user_message = US"530 5.7.4 REQUIRETLS support required"; - yield = FAIL; - done = TRUE; - break; #endif case ECONNREFUSED: sx.send_quit = FALSE; @@ -1092,17 +1081,21 @@ no_conn: cutthrough.host.address = string_copy(host->address); store_pool = oldpool; } - cutthrough.addr = *addr; /* Save the address_item for later logging */ + + /* Save the address_item and parent chain for later logging */ + cutthrough.addr = *addr; cutthrough.addr.next = NULL; cutthrough.addr.host_used = &cutthrough.host; - if (addr->parent) - *(cutthrough.addr.parent = store_get(sizeof(address_item))) = - *addr->parent; - ctblock.buffer = ctbuffer; - ctblock.buffersize = sizeof(ctbuffer); - ctblock.ptr = ctbuffer; - /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */ - ctblock.cctx = &cutthrough.cctx; + for (address_item * caddr = &cutthrough.addr, * parent = addr->parent; + parent; + caddr = caddr->parent, parent = parent->parent) + *(caddr->parent = store_get(sizeof(address_item))) = *parent; + + ctctx.outblock.buffer = ctbuffer; + ctctx.outblock.buffersize = sizeof(ctbuffer); + ctctx.outblock.ptr = ctbuffer; + /* ctctx.outblock.cmd_count = 0; ctctx.outblock.authenticating = FALSE; */ + ctctx.outblock.cctx = &cutthrough.cctx; } else { @@ -1111,11 +1104,10 @@ no_conn: cancel_cutthrough_connection(TRUE, US"not usable for cutthrough"); if (sx.send_quit) { - (void) smtp_write_command(&sx.outblock, SCMD_FLUSH, "QUIT\r\n"); + (void) smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n"); /* Wait a short time for response, and discard it */ - smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), - '2', 1); + smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', 1); } if (sx.cctx.sock >= 0) @@ -1194,7 +1186,7 @@ return yield; one was requested and a recipient-verify wasn't subsequently done. */ int -open_cutthrough_connection( address_item * addr ) +open_cutthrough_connection(address_item * addr) { address_item addr2; int rc; @@ -1228,14 +1220,14 @@ if(cutthrough.cctx.sock < 0) if( #ifdef SUPPORT_TLS cutthrough.is_tls - ? tls_write(cutthrough.cctx.tls_ctx, ctblock.buffer, n, FALSE) + ? tls_write(cutthrough.cctx.tls_ctx, ctctx.outblock.buffer, n, FALSE) : #endif - send(cutthrough.cctx.sock, ctblock.buffer, n, 0) > 0 + send(cutthrough.cctx.sock, ctctx.outblock.buffer, n, 0) > 0 ) { transport_count += n; - ctblock.ptr= ctblock.buffer; + ctctx.outblock.ptr= ctctx.outblock.buffer; return TRUE; } @@ -1250,11 +1242,11 @@ _cutthrough_puts(uschar * cp, int n) { while(n--) { - if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize) - if(!cutthrough_send(ctblock.buffersize)) + if(ctctx.outblock.ptr >= ctctx.outblock.buffer+ctctx.outblock.buffersize) + if(!cutthrough_send(ctctx.outblock.buffersize)) return FALSE; - *ctblock.ptr++ = *cp++; + *ctctx.outblock.ptr++ = *cp++; } return TRUE; } @@ -1280,7 +1272,7 @@ return; static BOOL _cutthrough_flush_send(void) { -int n = ctblock.ptr - ctblock.buffer; +int n = ctctx.outblock.ptr - ctctx.outblock.buffer; if(n>0) if(!cutthrough_send(n)) @@ -1317,16 +1309,16 @@ cutthrough_data_puts(US"\r\n", 2); static uschar cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout) { -smtp_inblock inblock; +smtp_context sx = {0}; uschar inbuffer[4096]; uschar responsebuffer[4096]; -inblock.buffer = inbuffer; -inblock.buffersize = sizeof(inbuffer); -inblock.ptr = inbuffer; -inblock.ptrend = inbuffer; -inblock.cctx = cctx; -if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, timeout)) +sx.inblock.buffer = inbuffer; +sx.inblock.buffersize = sizeof(inbuffer); +sx.inblock.ptr = inbuffer; +sx.inblock.ptrend = inbuffer; +sx.inblock.cctx = cctx; +if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout)) cancel_cutthrough_connection(TRUE, US"target timeout on read"); if(copy) @@ -1417,7 +1409,7 @@ if(fd >= 0) conn before the final dot. */ client_conn_ctx tmp_ctx = cutthrough.cctx; - ctblock.ptr = ctbuffer; + ctctx.outblock.ptr = ctbuffer; HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); @@ -1439,7 +1431,7 @@ if(fd >= 0) (void)close(fd); HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why); } -ctblock.ptr = ctbuffer; +ctctx.outblock.ptr = ctbuffer; } void @@ -1473,7 +1465,6 @@ uschar * cutthrough_finaldot(void) { uschar res; -address_item * addr; HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> .\n"); /* Assume data finshed with new-line */ @@ -1485,7 +1476,7 @@ if( !cutthrough_puts(US".", 1) res = cutthrough_response(&cutthrough.cctx, '2', &cutthrough.addr.message, CUTTHROUGH_DATA_TIMEOUT); -for (addr = &cutthrough.addr; addr; addr = addr->next) +for (address_item * addr = &cutthrough.addr; addr; addr = addr->next) { addr->message = cutthrough.addr.message; switch(res) @@ -1636,18 +1627,18 @@ Returns: OK address verified */ int -verify_address(address_item *vaddr, FILE *f, int options, int callout, - int callout_overall, int callout_connect, uschar *se_mailfrom, +verify_address(address_item * vaddr, FILE * fp, int options, int callout, + int callout_overall, int callout_connect, uschar * se_mailfrom, uschar *pm_mailfrom, BOOL *routed) { BOOL allok = TRUE; -BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0); +BOOL full_info = fp ? debug_selector != 0 : FALSE; BOOL expn = (options & vopt_expn) != 0; BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0; int i; int yield = OK; int verify_type = expn? v_expn : - address_test_mode? v_none : + f.address_test_mode? v_none : options & vopt_is_recipient? v_recipient : v_sender; address_item *addr_list; address_item *addr_new = NULL; @@ -1682,8 +1673,8 @@ if (parse_find_at(address) == NULL) { if (!(options & vopt_qualify)) { - if (f) - respond_printf(f, "%sA domain is required for \"%s\"%s\n", + if (fp) + respond_printf(fp, "%sA domain is required for \"%s\"%s\n", ko_prefix, address, cr); *failure_ptr = US"qualify"; return FAIL; @@ -1694,7 +1685,7 @@ if (parse_find_at(address) == NULL) DEBUG(D_verify) { debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address); + debug_printf("%s %s\n", f.address_test_mode? "Testing" : "Verifying", address); } /* Rewrite and report on it. Clear the domain and local part caches - these @@ -1707,9 +1698,9 @@ if (global_rewrite_rules) global_rewrite_rules, rewrite_existflags); if (address != old) { - for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0; - for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0; - if (f && !expn) fprintf(f, "Address rewritten as: %s\n", address); + for (int i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0; + for (int i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0; + if (fp && !expn) fprintf(fp, "Address rewritten as: %s\n", address); } } @@ -1775,29 +1766,29 @@ while (addr_new) if (testflag(addr, af_pfr)) { allok = FALSE; - if (f) + if (fp) { BOOL allow; if (addr->address[0] == '>') { allow = testflag(addr, af_allow_reply); - fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1); + fprintf(fp, "%s -> mail %s", addr->parent->address, addr->address + 1); } else { allow = addr->address[0] == '|' ? testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file); - fprintf(f, "%s -> %s", addr->parent->address, addr->address); + fprintf(fp, "%s -> %s", addr->parent->address, addr->address); } if (addr->basic_errno == ERRNO_BADTRANSPORT) - fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n" + fprintf(fp, "\n*** Error in setting up pipe, file, or autoreply:\n" "%s\n", addr->message); else if (allow) - fprintf(f, "\n transport = %s\n", addr->transport->name); + fprintf(fp, "\n transport = %s\n", addr->transport->name); else - fprintf(f, " *** forbidden ***\n"); + fprintf(fp, " *** forbidden ***\n"); } continue; } @@ -1886,7 +1877,6 @@ while (addr_new) else { int flags; - host_item *host, *nexthost; host_build_hostlist(&host_list, s, tf.hosts_randomize); /* Just ignore failures to find a host address. If we don't manage @@ -1899,7 +1889,7 @@ while (addr_new) if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE; if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS; - for (host = host_list; host; host = nexthost) + for (host_item * host = host_list, * nexthost; host; host = nexthost) { nexthost = host->next; if (tf.gethostbyname || @@ -1929,7 +1919,7 @@ while (addr_new) if (host_list) { HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n"); - if (host_checking && !host_checking_callout) + if (host_checking && !f.host_checking_callout) { HDEBUG(D_verify) debug_printf("... callout omitted by default when host testing\n" @@ -1942,6 +1932,9 @@ while (addr_new) #endif rc = do_callout(addr, host_list, &tf, callout, callout_overall, callout_connect, options, se_mailfrom, pm_mailfrom); +#ifdef SUPPORT_TLS + deliver_set_expansions(NULL); +#endif } } else @@ -1967,29 +1960,29 @@ while (addr_new) if (rc == FAIL) { allok = FALSE; - if (f) + if (fp) { address_item *p = addr->parent; - respond_printf(f, "%s%s %s", ko_prefix, + respond_printf(fp, "%s%s %s", ko_prefix, full_info ? addr->address : address, - address_test_mode ? "is undeliverable" : "failed to verify"); - if (!expn && admin_user) + f.address_test_mode ? "is undeliverable" : "failed to verify"); + if (!expn && f.admin_user) { if (addr->basic_errno > 0) - respond_printf(f, ": %s", strerror(addr->basic_errno)); + respond_printf(fp, ": %s", strerror(addr->basic_errno)); if (addr->message) - respond_printf(f, ": %s", addr->message); + respond_printf(fp, ": %s", addr->message); } /* Show parents iff doing full info */ if (full_info) while (p) { - respond_printf(f, "%s\n <-- %s", cr, p->address); + respond_printf(fp, "%s\n <-- %s", cr, p->address); p = p->parent; } - respond_printf(f, "%s\n", cr); + respond_printf(fp, "%s\n", cr); } cancel_cutthrough_connection(TRUE, US"routing hard fail"); @@ -2006,29 +1999,29 @@ while (addr_new) else if (rc == DEFER) { allok = FALSE; - if (f) + if (fp) { address_item *p = addr->parent; - respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix, + respond_printf(fp, "%s%s cannot be resolved at this time", ko_prefix, full_info? addr->address : address); - if (!expn && admin_user) + if (!expn && f.admin_user) { if (addr->basic_errno > 0) - respond_printf(f, ": %s", strerror(addr->basic_errno)); + respond_printf(fp, ": %s", strerror(addr->basic_errno)); if (addr->message) - respond_printf(f, ": %s", addr->message); + respond_printf(fp, ": %s", addr->message); else if (addr->basic_errno <= 0) - respond_printf(f, ": unknown error"); + respond_printf(fp, ": unknown error"); } /* Show parents iff doing full info */ if (full_info) while (p) { - respond_printf(f, "%s\n <-- %s", cr, p->address); + respond_printf(fp, "%s\n <-- %s", cr, p->address); p = p->parent; } - respond_printf(f, "%s\n", cr); + respond_printf(fp, "%s\n", cr); } cancel_cutthrough_connection(TRUE, US"routing soft fail"); @@ -2049,16 +2042,16 @@ while (addr_new) if (!addr_new) if (!addr_local && !addr_remote) - respond_printf(f, "250 mail to <%s> is discarded\r\n", address); + respond_printf(fp, "250 mail to <%s> is discarded\r\n", address); else - respond_printf(f, "250 <%s>\r\n", address); + respond_printf(fp, "250 <%s>\r\n", address); else do { address_item *addr2 = addr_new; addr_new = addr2->next; if (!addr_new) ok_prefix = US"250 "; - respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address); + respond_printf(fp, "%s<%s>\r\n", ok_prefix, addr2->address); } while (addr_new); yield = OK; goto out; @@ -2092,8 +2085,8 @@ while (addr_new) ) ) ) { - if (f) fprintf(f, "%s %s\n", - address, address_test_mode ? "is deliverable" : "verified"); + if (fp) fprintf(fp, "%s %s\n", + address, f.address_test_mode ? "is deliverable" : "verified"); /* If we have carried on to verify a child address, we want the value of $address_data to be that of the child */ @@ -2112,7 +2105,7 @@ while (addr_new) } /* Loop for generated addresses */ /* Display the full results of the successful routing, including any generated -addresses. Control gets here only when full_info is set, which requires f not +addresses. Control gets here only when full_info is set, which requires fp not to be NULL, and this occurs only when a top-level verify is called with the debugging switch on. @@ -2122,7 +2115,7 @@ discarded, usually because of the use of :blackhole: in an alias file. */ if (allok && !addr_local && !addr_remote) { - fprintf(f, "mail to %s is discarded\n", address); + fprintf(fp, "mail to %s is discarded\n", address); goto out; } @@ -2130,15 +2123,14 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) while (addr_list) { address_item *addr = addr_list; - address_item *p = addr->parent; transport_instance * tp = addr->transport; addr_list = addr->next; - fprintf(f, "%s", CS addr->address); + fprintf(fp, "%s", CS addr->address); #ifdef EXPERIMENTAL_SRS if(addr->prop.srs_sender) - fprintf(f, " [srs = %s]", addr->prop.srs_sender); + fprintf(fp, " [srs = %s]", addr->prop.srs_sender); #endif /* If the address is a duplicate, show something about it. */ @@ -2147,19 +2139,19 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) { tree_node *tnode; if ((tnode = tree_search(tree_duplicates, addr->unique))) - fprintf(f, " [duplicate, would not be delivered]"); + fprintf(fp, " [duplicate, would not be delivered]"); else tree_add_duplicate(addr->unique, addr); } /* Now show its parents */ - for (p = addr->parent; p; p = p->parent) - fprintf(f, "\n <-- %s", p->address); - fprintf(f, "\n "); + for (address_item * p = addr->parent; p; p = p->parent) + fprintf(fp, "\n <-- %s", p->address); + fprintf(fp, "\n "); /* Show router, and transport */ - fprintf(f, "router = %s, transport = %s\n", + fprintf(fp, "router = %s, transport = %s\n", addr->router->name, tp ? tp->name : US"unset"); /* Show any hosts that are set up by a router unless the transport @@ -2167,32 +2159,31 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) if (addr->host_list && tp && !tp->overrides_hosts) { - host_item *h; int maxlen = 0; int maxaddlen = 0; - for (h = addr->host_list; h; h = h->next) + for (host_item * h = addr->host_list; h; h = h->next) { /* get max lengths of host names, addrs */ int len = Ustrlen(h->name); if (len > maxlen) maxlen = len; len = h->address ? Ustrlen(h->address) : 7; if (len > maxaddlen) maxaddlen = len; } - for (h = addr->host_list; h; h = h->next) + for (host_item * h = addr->host_list; h; h = h->next) { - fprintf(f, " host %-*s ", maxlen, h->name); + fprintf(fp, " host %-*s ", maxlen, h->name); if (h->address) - fprintf(f, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']'); + fprintf(fp, "[%s%-*c", h->address, maxaddlen+1 - Ustrlen(h->address), ']'); else if (tp->info->local) - fprintf(f, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */ + fprintf(fp, " %-*s ", maxaddlen, ""); /* Omit [unknown] for local */ else - fprintf(f, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']'); + fprintf(fp, "[%s%-*c", "unknown", maxaddlen+1 - 7, ']'); - if (h->mx >= 0) fprintf(f, " MX=%d", h->mx); - if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port); - if (running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", f); - if (h->status == hstatus_unusable) fputs(" ** unusable **", f); - fputc('\n', f); + if (h->mx >= 0) fprintf(fp, " MX=%d", h->mx); + if (h->port != PORT_NONE) fprintf(fp, " port=%d", h->port); + if (f.running_in_test_harness && h->dnssec == DS_YES) fputs(" AD", fp); + if (h->status == hstatus_unusable) fputs(" ** unusable **", fp); + fputc('\n', fp); } } } @@ -2227,11 +2218,10 @@ Returns: OK int verify_check_headers(uschar **msgptr) { -header_line *h; uschar *colon, *s; int yield = OK; -for (h = header_list; h && yield == OK; h = h->next) +for (header_line * h = header_list; h && yield == OK; h = h->next) { if (h->type != htype_from && h->type != htype_reply_to && @@ -2248,7 +2238,7 @@ for (h = header_list; h && yield == OK; h = h->next) /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; while (*s) { @@ -2271,11 +2261,11 @@ for (h = header_list; h && yield == OK; h = h->next) { if (h->type == htype_from || h->type == htype_sender) { - if (!allow_unqualified_sender) recipient = NULL; + if (!f.allow_unqualified_sender) recipient = NULL; } else { - if (!allow_unqualified_recipient) recipient = NULL; + if (!f.allow_unqualified_recipient) recipient = NULL; } if (recipient == NULL) errmess = US"unqualified address not permitted"; } @@ -2325,8 +2315,8 @@ for (h = header_list; h && yield == OK; h = h->next) while (isspace(*s)) s++; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header unless yield has been set FALSE */ return yield; @@ -2350,13 +2340,12 @@ Returns: OK int verify_check_header_names_ascii(uschar **msgptr) { -header_line *h; -uschar *colon, *s; +uschar *colon; -for (h = header_list; h; h = h->next) +for (header_line * h = header_list; h; h = h->next) { colon = Ustrchr(h->text, ':'); - for(s = h->text; s < colon; s++) + for(uschar * s = h->text; s < colon; s++) if ((*s < 33) || (*s > 126)) { *msgptr = string_sprintf("Invalid character in header \"%.*s\" found", @@ -2380,22 +2369,20 @@ The original proposed patch did the former, but I have chosen to do the latter, because (a) it requires no memory and (b) will use fewer resources when there are many addresses in To: and/or Cc: and only one or two envelope recipients. -Arguments: none +Arguments: case_sensitive true if case sensitive matching should be used Returns: OK if there are no blind recipients FAIL if there is at least one blind recipient */ int -verify_check_notblind(void) +verify_check_notblind(BOOL case_sensitive) { -int i; -for (i = 0; i < recipients_count; i++) +for (int i = 0; i < recipients_count; i++) { - header_line *h; BOOL found = FALSE; uschar *address = recipients_list[i].address; - for (h = header_list; !found && h != NULL; h = h->next) + for (header_line * h = header_list; !found && h; h = h->next) { uschar *colon, *s; @@ -2408,12 +2395,12 @@ for (i = 0; i < recipients_count; i++) /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; - while (*s != 0) + while (*s) { - uschar *ss = parse_find_address_end(s, FALSE); - uschar *recipient,*errmess; + uschar * ss = parse_find_address_end(s, FALSE); + uschar * recipient, * errmess; int terminator = *ss; int start, end, domain; @@ -2425,26 +2412,27 @@ for (i = 0; i < recipients_count; i++) *ss = terminator; /* If we found a valid recipient that has a domain, compare it with the - envelope recipient. Local parts are compared case-sensitively, domains - case-insensitively. By comparing from the start with length "domain", we - include the "@" at the end, which ensures that we are comparing the whole - local part of each address. */ - - if (recipient != NULL && domain != 0) - { - found = Ustrncmp(recipient, address, domain) == 0 && - strcmpic(recipient + domain, address + domain) == 0; - if (found) break; - } + envelope recipient. Local parts are compared with case-sensitivity + according to the routine arg, domains case-insensitively. + By comparing from the start with length "domain", we include the "@" at + the end, which ensures that we are comparing the whole local part of each + address. */ + + if (recipient && domain != 0) + if ((found = (case_sensitive + ? Ustrncmp(recipient, address, domain) == 0 + : strncmpic(recipient, address, domain) == 0) + && strcmpic(recipient + domain, address + domain) == 0)) + break; /* Advance to the next address */ - s = ss + (terminator? 1:0); + s = ss + (terminator ? 1:0); while (isspace(*s)) s++; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header (if found is false) */ if (!found) return FAIL; @@ -2472,10 +2460,9 @@ Returns: pointer to an address item, or NULL address_item * verify_checked_sender(uschar *sender) { -address_item *addr; -for (addr = sender_verified_list; addr != NULL; addr = addr->next) - if (Ustrcmp(sender, addr->address) == 0) break; -return addr; +for (address_item * addr = sender_verified_list; addr; addr = addr->next) + if (Ustrcmp(sender, addr->address) == 0) return addr; +return NULL; } @@ -2529,12 +2516,9 @@ verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr, static int header_types[] = { htype_sender, htype_reply_to, htype_from }; BOOL done = FALSE; int yield = FAIL; -int i; -for (i = 0; i < 3 && !done; i++) - { - header_line *h; - for (h = header_list; h != NULL && !done; h = h->next) +for (int i = 0; i < 3 && !done; i++) + for (header_line * h = header_list; h != NULL && !done; h = h->next) { int terminator, new_ok; uschar *s, *ss, *endname; @@ -2545,7 +2529,7 @@ for (i = 0; i < 3 && !done; i++) /* Scan the addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ - parse_allow_group = TRUE; + f.parse_allow_group = TRUE; while (*s != 0) { @@ -2663,10 +2647,10 @@ for (i = 0; i < 3 && !done; i++) s = ss; } /* Next address */ - parse_allow_group = FALSE; - parse_found_group = FALSE; + f.parse_allow_group = FALSE; + f.parse_found_group = FALSE; } /* Next header, unless done */ - } /* Next header type unless done */ + /* Next header type unless done */ if (yield == FAIL && *log_msgptr == NULL) *log_msgptr = US"there is no valid sender in any header line"; @@ -2739,6 +2723,7 @@ qlen = snprintf(CS buffer, sizeof(buffer), "%d , %d\r\n", early_data.data = buffer; early_data.len = qlen; +/*XXX we trust that the query is idempotent */ if (ip_connect(ident_conn_ctx.sock, host_af, sender_host_address, port, rfc1413_query_timeout, &early_data) < 0) { @@ -2905,8 +2890,7 @@ if (*ss == '@') } else if (Ustrcmp(ss, "@[]") == 0) { - ip_address_item *ip; - for (ip = host_find_interfaces(); ip != NULL; ip = ip->next) + for (ip_address_item * ip = host_find_interfaces(); ip; ip = ip->next) if (Ustrcmp(ip->address, cb->host_address) == 0) return OK; return FAIL; } @@ -2929,7 +2913,7 @@ only by digits and dots (a slash at the start indicates a file name and of course slashes may be present in lookups, but not preceded only by digits and dots). */ -for (t = ss; isdigit(*t) || *t == '.'; t++); +for (t = ss; isdigit(*t) || *t == '.'; ) t++; if (*t == 0 || (*t == '/' && t != ss)) { *error = US"malformed IPv4 address or address mask"; @@ -2963,7 +2947,8 @@ if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL) if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */ iplookup = (*t++ == '-'); } -else t = ss; +else + t = ss; /* Do the IP address lookup if that is indeed what we have */ @@ -3022,8 +3007,8 @@ if (iplookup) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL); - if (valueptr != NULL) *valueptr = result; - return (result != NULL)? OK : search_find_defer? DEFER: FAIL; + if (valueptr) *valueptr = result; + return result ? OK : f.search_find_defer ? DEFER: FAIL; } /* The pattern is not an IP address or network reference of any kind. That is, @@ -3065,11 +3050,8 @@ if (*t == 0) rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE); if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL) { - host_item *hh; - for (hh = &h; hh != NULL; hh = hh->next) - { + for (host_item * hh = &h; hh; hh = hh->next) if (host_is_in_net(hh->address, cb->host_address, 0)) return OK; - } return FAIL; } if (rc == HOST_FIND_AGAIN) return DEFER; @@ -3238,9 +3220,9 @@ return rc; * Check the given host item matches a list * *************************************************/ int -verify_check_given_host(uschar **listptr, host_item *host) +verify_check_given_host(const uschar **listptr, const host_item *host) { -return verify_check_this_host(CUSS listptr, NULL, host->name, host->address, NULL); +return verify_check_this_host(listptr, NULL, host->name, host->address, NULL); } /************************************************* @@ -3298,9 +3280,8 @@ always 1. */ if (host_aton(address, bin) == 1) { - int i; int x = bin[0]; - for (i = 0; i < 4; i++) + for (int i = 0; i < 4; i++) { sprintf(CS bptr, "%d.", x & 255); while (*bptr) bptr++; @@ -3314,19 +3295,16 @@ unknown. This is just a guess. */ #if HAVE_IPV6 else - { - int i, j; - for (j = 3; j >= 0; j--) + for (int j = 3; j >= 0; j--) { int x = bin[j]; - for (i = 0; i < 8; i++) + for (int i = 0; i < 8; i++) { sprintf(CS bptr, "%x.", x & 15); while (*bptr) bptr++; x >>= 4; } } - } #endif /* Remove trailing period -- this is needed so that both arbitrary @@ -3445,10 +3423,8 @@ else if (cb->rc == DNS_SUCCEED) { - dns_record *rr; - dns_address **addrp = &(cb->rhs); - for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr; + dns_address ** addrp = &(cb->rhs); + for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == T_A) { @@ -3601,21 +3577,17 @@ if (cb->rc == DNS_SUCCEED) { cb->text_set = TRUE; if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED) - { - dns_record *rr; - for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr; + for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) - if (rr->type == T_TXT) break; - if (rr) - { - int len = (rr->data)[0]; - if (len > 511) len = 127; - store_pool = POOL_PERM; - cb->text = string_sprintf("%.*s", len, CUS (rr->data+1)); - store_pool = old_pool; - } - } + if (rr->type == T_TXT) + { + int len = (rr->data)[0]; + if (len > 511) len = 127; + store_pool = POOL_PERM; + cb->text = string_sprintf("%.*s", len, CUS (rr->data+1)); + store_pool = old_pool; + break; + } } dnslist_value = addlist; @@ -3709,7 +3681,6 @@ int sep = 0; int defer_return = FAIL; const uschar *list = *listptr; uschar *domain; -uschar *s; uschar buffer[1024]; uschar revadd[128]; /* Long enough for IPv6 address */ @@ -3800,32 +3771,28 @@ while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL actually causing an error here, because that would no doubt hold up incoming mail. Instead, I'll just log it. */ - for (s = domain; *s != 0; s++) - { + for (uschar * s = domain; *s; s++) if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_') { log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains " "strange characters - is this right?", domain); break; } - } /* Check the alternate domain if present */ - if (domain_txt != domain) for (s = domain_txt; *s != 0; s++) - { + if (domain_txt != domain) for (uschar * s = domain_txt; *s; s++) if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_') { log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains " "strange characters - is this right?", domain_txt); break; } - } /* If there is no key string, construct the query by adding the domain name onto the inverted host address, and perform a single DNS lookup. */ - if (key == NULL) + if (!key) { if (where == ACL_WHERE_NOTSMTP_START || where == ACL_WHERE_NOTSMTP) {