X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=7f1752120e8244009f863c6c88313e3ef2ce32d8;hb=4284f0712acb9ba047fc32792472b348181d98d8;hp=4b584c05e6f6af45480adb97a69669056551a3a4;hpb=137ae145e066dda8f9d81cf6d2c9f76c15929605;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/verify.c b/src/src/verify.c index 4b584c05e..7f1752120 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with verifying things. The original code for callout @@ -70,7 +71,7 @@ dbdata_callout_cache *cache_record; if (!(cache_record = dbfn_read_with_length(dbm_file, key, &length))) { - HDEBUG(D_verify) debug_printf("callout cache: no %s record found for %s\n", type, key); + HDEBUG(D_verify) debug_printf_indent("callout cache: no %s record found for %s\n", type, key); return NULL; } @@ -84,7 +85,7 @@ now = time(NULL); if (now - cache_record->time_stamp > expire) { - HDEBUG(D_verify) debug_printf("callout cache: %s record expired for %s\n", type, key); + HDEBUG(D_verify) debug_printf_indent("callout cache: %s record expired for %s\n", type, key); return NULL; } @@ -111,7 +112,7 @@ if (type[0] == 'd' && cache_record->result != ccache_reject) cache_record->random_result = ccache_unknown; } -HDEBUG(D_verify) debug_printf("callout cache: found %s record for %s\n", type, key); +HDEBUG(D_verify) debug_printf_indent("callout cache: found %s record for %s\n", type, key); return cache_record; } @@ -138,11 +139,11 @@ stage, unless caching has been disabled. */ if (options & vopt_callout_no_cache) { - HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n"); + HDEBUG(D_verify) debug_printf_indent("callout cache: disabled by no_cache\n"); } else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE))) { - HDEBUG(D_verify) debug_printf("callout cache: not available\n"); + HDEBUG(D_verify) debug_printf_indent("callout cache: not available\n"); } else { @@ -173,7 +174,7 @@ else || *from_address == 0 && cache_record->result == ccache_reject_mfnull) { HDEBUG(D_verify) - debug_printf("callout cache: domain gave initial rejection, or " + debug_printf_indent("callout cache: domain gave initial rejection, or " "does not accept HELO or MAIL FROM:<>\n"); setflag(addr, af_verify_nsfail); addr->user_message = US"(result of an earlier callout reused)."; @@ -194,14 +195,14 @@ else { case ccache_accept: HDEBUG(D_verify) - debug_printf("callout cache: domain accepts random addresses\n"); + debug_printf_indent("callout cache: domain accepts random addresses\n"); *failure_ptr = US"random"; dbfn_close(dbm_file); return TRUE; /* Default yield is OK */ case ccache_reject: HDEBUG(D_verify) - debug_printf("callout cache: domain rejects random addresses\n"); + debug_printf_indent("callout cache: domain rejects random addresses\n"); *opt_ptr = options & ~vopt_callout_random; new_domain_record->random_result = ccache_reject; new_domain_record->random_stamp = cache_record->random_stamp; @@ -209,7 +210,7 @@ else default: HDEBUG(D_verify) - debug_printf("callout cache: need to check random address handling " + debug_printf_indent("callout cache: need to check random address handling " "(not cached or cache expired)\n"); dbfn_close(dbm_file); return FALSE; @@ -226,7 +227,7 @@ else { setflag(addr, af_verify_pmfail); HDEBUG(D_verify) - debug_printf("callout cache: domain does not accept " + debug_printf_indent("callout cache: domain does not accept " "RCPT TO:\n"); *yield = FAIL; *failure_ptr = US"postmaster"; @@ -238,7 +239,7 @@ else if (cache_record->postmaster_result == ccache_unknown) { HDEBUG(D_verify) - debug_printf("callout cache: need to check RCPT " + debug_printf_indent("callout cache: need to check RCPT " "TO: (not cached or cache expired)\n"); dbfn_close(dbm_file); return FALSE; @@ -249,7 +250,7 @@ else that the value in the cache record is preserved (with its old timestamp). */ - HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT " + HDEBUG(D_verify) debug_printf_indent("callout cache: domain accepts RCPT " "TO:\n"); *pm_ptr = NULL; new_domain_record->postmaster_result = ccache_accept; @@ -273,12 +274,12 @@ else if (cache_address_record->result == ccache_accept) { HDEBUG(D_verify) - debug_printf("callout cache: address record is positive\n"); + debug_printf_indent("callout cache: address record is positive\n"); } else { HDEBUG(D_verify) - debug_printf("callout cache: address record is negative\n"); + debug_printf_indent("callout cache: address record is negative\n"); addr->user_message = US"Previous (cached) callout verification failure"; *failure_ptr = US"recipient"; *yield = FAIL; @@ -315,13 +316,13 @@ Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */ if (dom_rec->result != ccache_unknown) if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE))) { - HDEBUG(D_verify) debug_printf("callout cache: not available\n"); + HDEBUG(D_verify) debug_printf_indent("callout cache: not available\n"); } else { (void)dbfn_write(dbm_file, domain, dom_rec, (int)sizeof(dbdata_callout_cache)); - HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n" + HDEBUG(D_verify) debug_printf_indent("wrote callout cache domain record for %s:\n" " result=%d postmaster=%d random=%d\n", domain, dom_rec->result, @@ -338,13 +339,13 @@ if (done && addr_rec->result != ccache_unknown) dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE); if (!dbm_file) { - HDEBUG(D_verify) debug_printf("no callout cache available\n"); + HDEBUG(D_verify) debug_printf_indent("no callout cache available\n"); } else { (void)dbfn_write(dbm_file, address_key, addr_rec, (int)sizeof(dbdata_callout_cache_address)); - HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n", + HDEBUG(D_verify) debug_printf_indent("wrote %s callout cache address record for %s\n", addr_rec->result == ccache_accept ? "positive" : "negative", address_key); } @@ -1611,7 +1612,7 @@ address testing (-bt), which is indicated by address_test_mode being set. Arguments: vaddr contains the address to verify; the next field in this block must be NULL - f if not NULL, write the result to this file + fp if not NULL, write the result to this file options various option bits: vopt_fake_sender => this sender verify is not for the real sender (it was verify=sender=xxxx or an address from a @@ -1662,9 +1663,9 @@ BOOL expn = (options & vopt_expn) != 0; BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0; int i; int yield = OK; -int verify_type = expn? v_expn : - f.address_test_mode? v_none : - options & vopt_is_recipient? v_recipient : v_sender; +int verify_type = expn ? v_expn : + f.address_test_mode ? v_none : + options & vopt_is_recipient ? v_recipient : v_sender; address_item *addr_list; address_item *addr_new = NULL; address_item *addr_remote = NULL; @@ -2155,7 +2156,7 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) addr_list = addr->next; fprintf(fp, "%s", CS addr->address); -#ifdef EXPERIMENTAL_SRS +#ifdef EXPERIMENTAL_SRS_ALT if(addr->prop.srs_sender) fprintf(fp, " [srs = %s]", addr->prop.srs_sender); #endif @@ -2260,7 +2261,7 @@ for (header_line * h = header_list; h && yield == OK; h = h->next) colon = Ustrchr(h->text, ':'); s = colon + 1; - while (isspace(*s)) s++; + Uskip_whitespace(&s); /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ @@ -2339,7 +2340,7 @@ for (header_line * h = header_list; h && yield == OK; h = h->next) /* Advance to the next address */ s = ss + (terminator ? 1 : 0); - while (isspace(*s)) s++; + Uskip_whitespace(&s); } /* Next address */ f.parse_allow_group = FALSE; @@ -2909,7 +2910,6 @@ provided that host name matching is permitted; if it's "@[]" match against the local host's IP addresses. */ if (*ss == '@') - { if (ss[1] == 0) { if (isiponly) return ERROR; @@ -2921,7 +2921,6 @@ if (*ss == '@') if (Ustrcmp(ip->address, cb->host_address) == 0) return OK; return FAIL; } - } /* If the pattern is an IP address, optionally followed by a bitmask count, do a (possibly masked) comparison with the current IP address. */ @@ -2947,10 +2946,20 @@ if (*t == 0 || (*t == '/' && t != ss)) return ERROR; } -/* See if there is a semicolon in the pattern */ +/* See if there is a semicolon in the pattern, separating a searchtype +prefix. If there is one then check for comma-sep options. */ if ((semicolon = Ustrchr(ss, ';'))) - endname = (opts = Ustrchr(ss, ',')) ? opts : semicolon; + if ((opts = Ustrchr(ss, ',')) && opts < semicolon) + { + endname = opts++; + opts = string_copyn(opts, semicolon - opts); + } + else + { + endname = semicolon; + opts = NULL; + } /* If we are doing an IP address only match, then all lookups must be IP address lookups, even if there is no "net-". */ @@ -3383,11 +3392,13 @@ dns_scan dnss; tree_node *t; dnsbl_cache_block *cb; int old_pool = store_pool; -uschar query[256]; /* DNS domain max length */ +uschar * query; +int qlen; /* Construct the specific query domainname */ -if (!string_format(query, sizeof(query), "%s.%s", prepend, domain)) +query = string_sprintf("%s.%s", prepend, domain); +if ((qlen = Ustrlen(query)) >= 256) { log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long " "(ignored): %s...", query); @@ -3422,7 +3433,7 @@ else else { /* Set up a tree entry to cache the lookup */ - t = store_get(sizeof(tree_node) + Ustrlen(query), is_tainted(query)); + t = store_get(sizeof(tree_node) + qlen + 1 + 1, is_tainted(query)); Ustrcpy(t->name, query); t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE); (void)tree_insertnode(&dnsbl_cache, t); @@ -3529,7 +3540,6 @@ if (cb->rc == DNS_SUCCEED) for (da = cb->rhs; da; da = da->next) { int ipsep = ','; - uschar ip[46]; const uschar *ptr = iplist; uschar *res; @@ -3537,8 +3547,8 @@ if (cb->rc == DNS_SUCCEED) if (!bitmask) { - while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)))) - if (Ustrcmp(CS da->address, ip) == 0) + while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0))) + if (Ustrcmp(CS da->address, res) == 0) break; } @@ -3560,9 +3570,9 @@ if (cb->rc == DNS_SUCCEED) /* Scan the returned addresses, skipping any that are IPv6 */ - while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)))) + while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0))) { - if (host_aton(ip, address) != 1) continue; + if (host_aton(res, address) != 1) continue; if ((address[0] & mask) == address[0]) break; } } @@ -3732,7 +3742,6 @@ int sep = 0; int defer_return = FAIL; const uschar *list = *listptr; uschar *domain; -uschar buffer[1024]; uschar revadd[128]; /* Long enough for IPv6 address */ /* Indicate that the inverted IP address is not yet set up */ @@ -3745,7 +3754,7 @@ dns_init(FALSE, FALSE, FALSE); /*XXX dnssec? */ /* Loop through all the domains supplied, until something matches */ -while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) +while ((domain = string_nextinlist(&list, &sep, NULL, 0))) { int rc; BOOL bitmask = FALSE;