X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fexim.c;h=3ab657fea12df65c9cc4ca97277755ec354adcfb;hb=5a66c31b0ec1f4128df4398e18dfe497c2a34de7;hp=8eb6022457176d2b603117e7d1a975b2f0650f05;hpb=a3fb9793861eb9c5ece5c37c08c5c519fe1e01b7;p=exim.git diff --git a/src/src/exim.c b/src/src/exim.c index 8eb602245..3ab657fea 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2012 */ +/* Copyright (c) University of Cambridge 1995 - 2014 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -222,7 +222,7 @@ to disrupt whatever is going on outside the signal handler. */ if (fd < 0) return; -(void)write(fd, process_info, process_info_len); +{int dummy = write(fd, process_info, process_info_len); dummy = dummy; } (void)close(fd); } @@ -526,7 +526,7 @@ close_unwanted(void) if (smtp_input) { #ifdef SUPPORT_TLS - tls_close(FALSE); /* Shut down the TLS library */ + tls_close(TRUE, FALSE); /* Shut down the TLS library */ #endif (void)close(fileno(smtp_in)); (void)close(fileno(smtp_out)); @@ -816,6 +816,24 @@ fprintf(f, "Support for:"); #ifdef EXPERIMENTAL_DCC fprintf(f, " Experimental_DCC"); #endif +#ifdef EXPERIMENTAL_DMARC + fprintf(f, " Experimental_DMARC"); +#endif +#ifdef EXPERIMENTAL_OCSP + fprintf(f, " Experimental_OCSP"); +#endif +#ifdef EXPERIMENTAL_PRDR + fprintf(f, " Experimental_PRDR"); +#endif +#ifdef EXPERIMENTAL_PROXY + fprintf(f, " Experimental_Proxy"); +#endif +#ifdef EXPERIMENTAL_TPDA + fprintf(f, " Experimental_TPDA"); +#endif +#ifdef EXPERIMENTAL_REDIS + fprintf(f, " Experimental_Redis"); +#endif fprintf(f, "\n"); fprintf(f, "Lookups (built-in):"); @@ -1434,6 +1452,7 @@ BOOL checking = FALSE; BOOL count_queue = FALSE; BOOL expansion_test = FALSE; BOOL extract_recipients = FALSE; +BOOL flag_G = FALSE; BOOL flag_n = FALSE; BOOL forced_delivery = FALSE; BOOL f_end_dot = FALSE; @@ -2507,11 +2526,12 @@ for (i = 1; i < argc; i++) break; /* -G: sendmail invocation to specify that it's a gateway submission and - sendmail may complain about problems instead of fixing them. We might use - it to disable submission mode fixups for command-line? Currently we just - ignore it. */ + sendmail may complain about problems instead of fixing them. + We make it equivalent to an ACL "control = suppress_local_fixups" and do + not at this time complain about problems. */ case 'G': + flag_G = TRUE; break; /* -h: Set the hop count for an incoming message. Exim does not currently @@ -3274,7 +3294,7 @@ for (i = 1; i < argc; i++) /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ #ifdef SUPPORT_TLS - else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_on_connect = TRUE; + else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; #endif else badarg = TRUE; @@ -3903,8 +3923,9 @@ if (((debug_selector & D_any) != 0 || (log_extra_selector & LX_arguments) != 0) { int i; uschar *p = big_buffer; - Ustrcpy(p, "cwd="); - (void)getcwd(CS p+4, big_buffer_size - 4); + char * dummy; + Ustrcpy(p, "cwd= (failed)"); + dummy = /* quieten compiler */ getcwd(CS p+4, big_buffer_size - 4); while (*p) p++; (void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc); while (*p) p++; @@ -3947,8 +3968,9 @@ privilege by now. Before the chdir, we try to ensure that the directory exists. if (Uchdir(spool_directory) != 0) { + int dummy; (void)directory_make(spool_directory, US"", SPOOL_DIRECTORY_MODE, FALSE); - (void)Uchdir(spool_directory); + dummy = /* quieten compiler */ Uchdir(spool_directory); } /* Handle calls with the -bi option. This is a sendmail option to rebuild *the* @@ -4055,6 +4077,21 @@ else interface_port = check_port(interface_address); } +/* If the caller is trusted, then they can use -G to suppress_local_fixups. */ +if (flag_G) + { + if (trusted_caller) + { + suppress_local_fixups = suppress_local_fixups_default = TRUE; + DEBUG(D_acl) debug_printf("suppress_local_fixups forced on by -G\n"); + } + else + { + fprintf(stderr, "exim: permission denied (-G requires a trusted user)\n"); + return EXIT_FAILURE; + } + } + /* If an SMTP message is being received check to see if the standard input is a TCP/IP socket. If it is, we assume that Exim was called from inetd if the caller is root or the Exim user, or if the port is a privileged one. Otherwise, @@ -4076,7 +4113,7 @@ if (smtp_input) interface_address = host_ntoa(-1, &interface_sock, NULL, &interface_port); - if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE; + if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE; if (real_uid == root_uid || real_uid == exim_uid || interface_port < 1024) { @@ -4242,13 +4279,12 @@ if (msg_action_arg > 0 && msg_action != MSG_DELIVER && msg_action != MSG_LOAD) exit(yield); } -/* All the modes below here require the remaining configuration sections -to be read, except that we can skip over the ACL setting when delivering -specific messages, or doing a queue run. (For various testing cases we could -skip too, but as they are rare, it doesn't really matter.) The argument is TRUE -for skipping. */ +/* We used to set up here to skip reading the ACL section, on + (msg_action_arg > 0 || (queue_interval == 0 && !daemon_listen) +Now, since the intro of the ${acl } expansion, ACL definitions may be +needed in transports so we lost the optimisation. */ -readconf_rest(msg_action_arg > 0 || (queue_interval == 0 && !daemon_listen)); +readconf_rest(); /* The configuration data will have been read into POOL_PERM because we won't ever want to reset back past it. Change the current pool to POOL_MAIN. In fact, @@ -5381,7 +5417,11 @@ while (more) if (ftest_prefix != NULL) printf("Prefix = %s\n", ftest_prefix); if (ftest_suffix != NULL) printf("Suffix = %s\n", ftest_suffix); - (void)chdir("/"); /* Get away from wherever the user is running this from */ + if (chdir("/")) /* Get away from wherever the user is running this from */ + { + DEBUG(D_receive) debug_printf("chdir(\"/\") failed\n"); + exim_exit(EXIT_FAILURE); + } /* Now we run either a system filter test, or a user filter test, or both. In the latter case, headers added by the system filter will persist and be