X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fglobals.h;h=800ec9c31d0df905fdff2288fa905db6a52c327b;hb=0eb51736637f6c93a2fd6cb65316f8ae11f0a0be;hp=4acc7f8c22322c7b2021fae22d04de07e6577a31;hpb=9bdd29ad5c5d394229753b114f6f288893f616f4;p=exim.git

diff --git a/src/src/globals.h b/src/src/globals.h
index 4acc7f8c2..800ec9c31 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2012 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Almost all the global variables are defined together in this one header, so
@@ -82,18 +82,31 @@ typedef struct {
   int     active;             /* fd/socket when in a TLS session */
   int     bits;               /* bits used in TLS session */
   BOOL    certificate_verified; /* Client certificate verified */
+#ifdef EXPERIMENTAL_DANE
+  BOOL    dane_verified;        /* ... via DANE */
+  int     tlsa_usage;         /* TLSA record(s) usage */
+#endif
   uschar *cipher;             /* Cipher used */
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
+  void   *ourcert;            /* Certificate we presented, binary */
+  void	 *peercert;           /* Certificate of peer, binary */
   uschar *peerdn;             /* DN from peer */
   uschar *sni;                /* Server Name Indication */
+  enum {
+    OCSP_NOT_REQ=0,		/* not requested */
+    OCSP_NOT_RESP,		/* no response to request */
+    OCSP_VFY_NOT_TRIED,		/* response not verified */
+    OCSP_FAILED,		/* verify failed */
+    OCSP_VFIED			/* verified */
+    }     ocsp;		      /* Stapled OCSP status */
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
 
 #ifdef SUPPORT_TLS
 extern BOOL    gnutls_compat_mode;     /* Less security, more compatibility */
-extern BOOL    gnutls_enable_pkcs11;   /* Let GnuTLS autoload PKCS11 modules */
+extern BOOL    gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */
 extern uschar *gnutls_require_mac;     /* So some can be avoided */
 extern uschar *gnutls_require_kx;      /* So some can be avoided */
 extern uschar *gnutls_require_proto;   /* So some can be avoided */
@@ -105,7 +118,7 @@ extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */
 extern uschar *tls_crl;                /* CRL File */
 extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions */
 extern uschar *tls_dhparam;            /* DH param file */
-#if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+#ifndef DISABLE_OCSP
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 #endif
 extern BOOL    tls_offered;            /* Server offered TLS */
@@ -117,6 +130,13 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
 #endif
 
+#ifdef EXPERIMENTAL_DSN
+extern uschar  *dsn_envid;             /* DSN envid string */
+extern int      dsn_ret;               /* DSN ret type*/
+extern const pcre  *regex_DSN;         /* For recognizing DSN settings */
+extern BOOL     smtp_use_dsn;          /* Global for passed connections */
+extern uschar  *dsn_advertise_hosts;   /* host for which TLS is advertised */
+#endif
 
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. */
@@ -151,7 +171,7 @@ extern uschar *acl_removed_headers;    /* Headers deleted by an ACL */
 extern uschar *acl_smtp_auth;          /* ACL run for AUTH */
 extern uschar *acl_smtp_connect;       /* ACL run on SMTP connection */
 extern uschar *acl_smtp_data;          /* ACL run after DATA received */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
 extern uschar *acl_smtp_data_prdr;     /* ACL run after DATA received if in PRDR mode*/
 const extern pcre *regex_PRDR;         /* For recognizing PRDR settings */
 #endif
@@ -307,11 +327,12 @@ extern BOOL    deliver_drop_privilege; /* TRUE for unprivileged delivery */
 extern BOOL    deliver_firsttime;      /* True for first delivery attempt */
 extern BOOL    deliver_force;          /* TRUE if delivery was forced */
 extern BOOL    deliver_freeze;         /* TRUE if delivery is frozen */
-extern int     deliver_frozen_at;      /* Time of freezing */
+extern time_t  deliver_frozen_at;      /* Time of freezing */
 extern uschar *deliver_home;           /* Home directory for pipes */
 extern uschar *deliver_host;           /* (First) host for routed local deliveries */
                                        /* Remote host for filter */
 extern uschar *deliver_host_address;   /* Address for remote delivery filter */
+extern int     deliver_host_port;      /* Address for remote delivery filter */
 extern uschar *deliver_in_buffer;      /* Buffer for copying file */
 extern ino_t   deliver_inode;          /* Inode for appendfile */
 extern uschar *deliver_localpart;      /* The local part for delivery */
@@ -354,6 +375,7 @@ extern BOOL    dkim_disable_verify;    /* Set via ACL control statement. When se
 #ifdef EXPERIMENTAL_DMARC
 extern BOOL    dmarc_has_been_checked; /* Global variable to check if test has been called yet */
 extern uschar *dmarc_ar_header;        /* Expansion variable, suggested header for dmarc auth results */
+extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */
 extern uschar *dmarc_status;           /* Expansion variable, one word value */
@@ -368,6 +390,9 @@ extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
 extern int     dns_csa_search_limit;   /* How deep to search for CSA SRV records */
 extern BOOL    dns_csa_use_reverse;    /* Check CSA in reverse DNS? (non-standard) */
 extern uschar *dns_ipv4_lookup;        /* For these domains, don't look for AAAA (or A6) */
+#ifdef EXPERIMENTAL_DANE
+extern int     dns_dane_ok;            /* Ok to use DANE when checking TLS authenticity */
+#endif
 extern int     dns_retrans;            /* Retransmission time setting */
 extern int     dns_retry;              /* Number of retries */
 extern int     dns_dnssec_ok;          /* When constructing DNS query, set DO flag */
@@ -502,6 +527,7 @@ extern unsigned int log_write_selector;/* Bit map of logging options for log_wri
 extern uschar *login_sender_address;   /* The actual sender address */
 extern lookup_info **lookup_list;      /* Array of pointers to available lookups */
 extern int     lookup_list_count;      /* Number of entries in the list */
+extern uschar *lookup_dnssec_authenticated; /* AD status of dns lookup */
 extern int     lookup_open_max;        /* Max lookup files to cache */
 extern uschar *lookup_value;           /* Value looked up from file */
 
@@ -581,7 +607,7 @@ extern uschar *percent_hack_domains;   /* Local domains for which '% operates */
 extern uschar *pid_file_path;          /* For writing daemon pids */
 extern uschar *pipelining_advertise_hosts; /* As it says */
 extern BOOL    pipelining_enable;      /* As it says */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
 extern BOOL    prdr_enable;            /* As it says */
 extern BOOL    prdr_requested;         /* Connecting mail server wants PRDR */
 #endif
@@ -592,6 +618,17 @@ extern uschar  process_info[];         /* For SIGUSR1 output */
 extern int     process_info_len;
 extern uschar *process_log_path;       /* Alternate path */
 extern BOOL    prod_requires_admin;    /* TRUE if prodding requires admin */
+
+#ifdef EXPERIMENTAL_PROXY
+extern uschar *proxy_host_address;     /* IP of host being proxied */
+extern int     proxy_host_port;        /* Port of host being proxied */
+extern uschar *proxy_required_hosts;   /* Hostlist which (require) use proxy protocol */
+extern BOOL    proxy_session;          /* TRUE if receiving mail from valid proxy  */
+extern BOOL    proxy_session_failed;   /* TRUE if required proxy negotiation failed */
+extern uschar *proxy_target_address;   /* IP of proxy server inbound */
+extern int     proxy_target_port;      /* Port of proxy server inbound */
+#endif
+
 extern uschar *prvscheck_address;      /* Set during prvscheck expansion item */
 extern uschar *prvscheck_keynum;       /* Set during prvscheck expansion item */
 extern uschar *prvscheck_result;       /* Set during prvscheck expansion item */
@@ -841,13 +878,9 @@ extern BOOL    timestamps_utc;         /* Use UTC for all times */
 
 #ifdef EXPERIMENTAL_TPDA
 extern int     tpda_defer_errno;        /* error number set when a remote delivery is deferred with a host error */
-extern uschar *tpda_defer_errstr;       /* error string set when a remote delivery is deferred with a host error */
-extern uschar *tpda_delivery_ip;        /* IP of host, which has accepted delivery */
-extern int     tpda_delivery_port;       /* port of host, which has accepted delivery */
-extern uschar *tpda_delivery_fqdn;      /* FQDN of host, which has accepted delivery */
-extern uschar *tpda_delivery_local_part;/* local part of address being delivered */
-extern uschar *tpda_delivery_domain;    /* domain part of address being delivered */
-extern uschar *tpda_delivery_confirmation; /* SMTP confirmation message */
+extern uschar *tpda_event;		/* event classification */
+extern uschar *tpda_data;		/* event data */
+extern uschar *delivery_event_action;   /* expansion for delivery events */
 #endif
 
 extern uschar *transport_name;         /* Name of transport last started */