X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Freadconf.c;h=08014c9af480ef00993feda19e487044a688613d;hb=5031095fd4553935c70e1c24a9936dfc609cdc67;hp=b34372c445d756734532cbb131270c23c71d555a;hpb=c5db348c5e29e93e51389fa0079f829967c5da82;p=exim.git diff --git a/src/src/readconf.c b/src/src/readconf.c index b34372c44..08014c9af 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2017 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for reading the configuration file, and for displaying @@ -15,8 +15,11 @@ implementation of the conditional .ifdef etc. */ # include "macro_predef.h" #endif +#define READCONF_DEBUG if (FALSE) /* Change to TRUE to enable */ + + static uschar * syslog_facility_str; -static void fn_smtp_receive_timeout(const uschar *, const uschar *); +static void fn_smtp_receive_timeout(const uschar *, const uschar *, unsigned); /************************************************* * Main configuration options * @@ -57,7 +60,7 @@ static optionlist optionlist_config[] = { { "acl_smtp_predata", opt_stringptr, &acl_smtp_predata }, { "acl_smtp_quit", opt_stringptr, &acl_smtp_quit }, { "acl_smtp_rcpt", opt_stringptr, &acl_smtp_rcpt }, -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS { "acl_smtp_starttls", opt_stringptr, &acl_smtp_starttls }, #endif { "acl_smtp_vrfy", opt_stringptr, &acl_smtp_vrfy }, @@ -114,15 +117,19 @@ static optionlist optionlist_config[] = { #endif { "disable_ipv6", opt_bool, &disable_ipv6 }, #ifndef DISABLE_DKIM + { "dkim_verify_hashes", opt_stringptr, &dkim_verify_hashes }, + { "dkim_verify_keytypes", opt_stringptr, &dkim_verify_keytypes }, + { "dkim_verify_minimal", opt_bool, &dkim_verify_minimal }, { "dkim_verify_signers", opt_stringptr, &dkim_verify_signers }, #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC { "dmarc_forensic_sender", opt_stringptr, &dmarc_forensic_sender }, { "dmarc_history_file", opt_stringptr, &dmarc_history_file }, { "dmarc_tld_file", opt_stringptr, &dmarc_tld_file }, #endif { "dns_again_means_nonexist", opt_stringptr, &dns_again_means_nonexist }, { "dns_check_names_pattern", opt_stringptr, &check_dns_names_pattern }, + { "dns_cname_loops", opt_int, &dns_cname_loops }, { "dns_csa_search_limit", opt_int, &dns_csa_search_limit }, { "dns_csa_use_reverse", opt_bool, &dns_csa_use_reverse }, { "dns_dnssec_ok", opt_int, &dns_dnssec_ok }, @@ -145,13 +152,14 @@ static optionlist optionlist_config[] = { { "exim_group", opt_gid, &exim_gid }, { "exim_path", opt_stringptr, &exim_path }, { "exim_user", opt_uid, &exim_uid }, + { "exim_version", opt_stringptr, &version_string }, { "extra_local_interfaces", opt_stringptr, &extra_local_interfaces }, { "extract_addresses_remove_arguments", opt_bool, &extract_addresses_remove_arguments }, { "finduser_retries", opt_int, &finduser_retries }, { "freeze_tell", opt_stringptr, &freeze_tell }, { "gecos_name", opt_stringptr, &gecos_name }, { "gecos_pattern", opt_stringptr, &gecos_pattern }, -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS { "gnutls_allow_auto_pkcs11", opt_bool, &gnutls_allow_auto_pkcs11 }, { "gnutls_compat_mode", opt_bool, &gnutls_compat_mode }, #endif @@ -195,7 +203,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, &local_from_prefix }, { "local_from_suffix", opt_stringptr, &local_from_suffix }, { "local_interfaces", opt_stringptr, &local_interfaces }, +#ifdef HAVE_LOCAL_SCAN { "local_scan_timeout", opt_time, &local_scan_timeout }, +#endif { "local_sender_retain", opt_bool, &local_sender_retain }, { "localhost_number", opt_stringptr, &host_number_string }, { "log_file_path", opt_stringptr, &log_file_path }, @@ -217,7 +227,7 @@ static optionlist optionlist_config[] = { { "mysql_servers", opt_stringptr, &mysql_servers }, #endif { "never_users", opt_uidlist, &never_users }, -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS { "openssl_options", opt_stringptr, &openssl_options }, #endif #ifdef LOOKUP_ORACLE @@ -234,6 +244,10 @@ static optionlist optionlist_config[] = { #endif { "pid_file_path", opt_stringptr, &pid_file_path }, { "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts }, +#ifndef DISABLE_PIPE_CONNECT + { "pipelining_connect_advertise_hosts", opt_stringptr, + &pipe_connect_advertise_hosts }, +#endif #ifndef DISABLE_PRDR { "prdr_enable", opt_bool, &prdr_enable }, #endif @@ -295,7 +309,7 @@ static optionlist optionlist_config[] = { { "smtp_ratelimit_hosts", opt_stringptr, &smtp_ratelimit_hosts }, { "smtp_ratelimit_mail", opt_stringptr, &smtp_ratelimit_mail }, { "smtp_ratelimit_rcpt", opt_stringptr, &smtp_ratelimit_rcpt }, - { "smtp_receive_timeout", opt_func, &fn_smtp_receive_timeout }, + { "smtp_receive_timeout", opt_func, (void *) &fn_smtp_receive_timeout }, { "smtp_reserve_hosts", opt_stringptr, &smtp_reserve_hosts }, { "smtp_return_error_details",opt_bool, &smtp_return_error_details }, #ifdef SUPPORT_I18N @@ -304,7 +318,7 @@ static optionlist optionlist_config[] = { #ifdef WITH_CONTENT_SCAN { "spamd_address", opt_stringptr, &spamd_address }, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF { "spf_guess", opt_stringptr, &spf_guess }, #endif { "split_spool_directory", opt_bool, &split_spool_directory }, @@ -344,7 +358,7 @@ static optionlist optionlist_config[] = { { "timeout_frozen_after", opt_time, &timeout_frozen_after }, { "timezone", opt_stringptr, &timezone_string }, { "tls_advertise_hosts", opt_stringptr, &tls_advertise_hosts }, -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS { "tls_certificate", opt_stringptr, &tls_certificate }, { "tls_crl", opt_stringptr, &tls_crl }, { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, @@ -357,6 +371,9 @@ static optionlist optionlist_config[] = { { "tls_privatekey", opt_stringptr, &tls_privatekey }, { "tls_remember_esmtp", opt_bool, &tls_remember_esmtp }, { "tls_require_ciphers", opt_stringptr, &tls_require_ciphers }, +# ifdef EXPERIMENTAL_TLS_RESUME + { "tls_resumption_hosts", opt_stringptr, &tls_resumption_hosts }, +# endif { "tls_try_verify_hosts", opt_stringptr, &tls_try_verify_hosts }, { "tls_verify_certificates", opt_stringptr, &tls_verify_certificates }, { "tls_verify_hosts", opt_stringptr, &tls_verify_hosts }, @@ -379,7 +396,8 @@ static int optionlist_config_size = nelem(optionlist_config); #ifdef MACRO_PREDEF -static void fn_smtp_receive_timeout(const uschar * name, const uschar * str) {/*Dummy*/} +static void +fn_smtp_receive_timeout(const uschar * name, const uschar * str, unsigned flags) {/*Dummy*/} void options_main(void) @@ -390,12 +408,11 @@ options_from_list(optionlist_config, nelem(optionlist_config), US"MAIN", NULL); void options_auths(void) { -struct auth_info * ai; uschar buf[64]; options_from_list(optionlist_auths, optionlist_auths_size, US"AUTHENTICATORS", NULL); -for (ai = auths_available; ai->driver_name[0]; ai++) +for (struct auth_info * ai = auths_available; ai->driver_name[0]; ai++) { spf(buf, sizeof(buf), US"_DRIVER_AUTHENTICATOR_%T", ai->driver_name); builtin_macro_create(buf); @@ -403,6 +420,18 @@ for (ai = auths_available; ai->driver_name[0]; ai++) } } +void +options_logging(void) +{ +uschar buf[64]; + +for (bit_table * bp = log_options; bp < log_options + log_options_count; bp++) + { + spf(buf, sizeof(buf), US"_LOG_%T", bp->name); + builtin_macro_create(buf); + } +} + #else /*!MACRO_PREDEF*/ @@ -533,6 +562,8 @@ static syslog_fac_item syslog_list[] = { static int syslog_list_size = sizeof(syslog_list)/sizeof(syslog_fac_item); +#define opt_fn_print BIT(0) +#define opt_fn_print_label BIT(1) /************************************************* @@ -552,17 +583,13 @@ Returns: the option name, or an empty string uschar * readconf_find_option(void *p) { -int i; -router_instance *r; -transport_instance *t; - -for (i = 0; i < nelem(optionlist_config); i++) +for (int i = 0; i < nelem(optionlist_config); i++) if (p == optionlist_config[i].value) return US optionlist_config[i].name; -for (r = routers; r; r = r->next) +for (router_instance * r = routers; r; r = r->next) { router_info *ri = r->info; - for (i = 0; i < *ri->options_count; i++) + for (int i = 0; i < *ri->options_count; i++) { if ((ri->options[i].type & opt_mask) != opt_stringptr) continue; if (p == CS (r->options_block) + (long int)(ri->options[i].value)) @@ -570,10 +597,10 @@ for (r = routers; r; r = r->next) } } -for (t = transports; t; t = t->next) +for (transport_instance * t = transports; t; t = t->next) { transport_info *ti = t->info; - for (i = 0; i < *ti->options_count; i++) + for (int i = 0; i < *ti->options_count; i++) { optionlist * op = &ti->options[i]; if ((op->type & opt_mask) != opt_stringptr) continue; @@ -599,24 +626,29 @@ return US""; /* We have a new definition; append to the list. Args: - name Name of the macro. Must be in storage persistent past the call - val Expansion result for the macro. Ditto persistence. + name Name of the macro; will be copied + val Expansion result for the macro; will be copied */ macro_item * macro_create(const uschar * name, const uschar * val, BOOL command_line) { -macro_item * m = store_get(sizeof(macro_item)); +macro_item * m = store_get(sizeof(macro_item), FALSE); -/* fprintf(stderr, "%s: '%s' '%s'\n", __FUNCTION__, name, val); */ +READCONF_DEBUG fprintf(stderr, "%s: '%s' '%s'\n", __FUNCTION__, name, val); m->next = NULL; m->command_line = command_line; m->namelen = Ustrlen(name); m->replen = Ustrlen(val); -m->name = name; -m->replacement = val; -mlast->next = m; +m->name = string_copy(name); +m->replacement = string_copy(val); +if (mlast) + mlast->next = m; +else + macros = m; mlast = m; +if (!macros_user) + macros_user = m; return m; } @@ -630,11 +662,11 @@ non-command line, macros is permitted using '==' instead of '='. Arguments: s points to the start of the logical line -Returns: nothing +Returns: FALSE iff fatal error */ -static void -read_macro_assignment(uschar *s) +BOOL +macro_read_assignment(uschar *s) { uschar name[64]; int namelen = 0; @@ -644,15 +676,21 @@ macro_item *m; while (isalnum(*s) || *s == '_') { if (namelen >= sizeof(name) - 1) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, + { + log_write(0, LOG_PANIC|LOG_CONFIG_IN, "macro name too long (maximum is " SIZE_T_FMT " characters)", sizeof(name) - 1); + return FALSE; + } name[namelen++] = *s++; } name[namelen] = 0; while (isspace(*s)) s++; if (*s++ != '=') - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "malformed macro definition"); + { + log_write(0, LOG_PANIC|LOG_CONFIG_IN, "malformed macro definition"); + return FALSE; + } if (*s == '=') { @@ -675,15 +713,21 @@ for (m = macros; m; m = m->next) if (Ustrcmp(m->name, name) == 0) { if (!m->command_line && !redef) - log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "macro \"%s\" is already " - "defined (use \"==\" if you want to redefine it", name); + { + log_write(0, LOG_CONFIG|LOG_PANIC, "macro \"%s\" is already " + "defined (use \"==\" if you want to redefine it)", name); + return FALSE; + } break; } if (m->namelen < namelen && Ustrstr(name, m->name) != NULL) - log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "\"%s\" cannot be defined as " + { + log_write(0, LOG_CONFIG|LOG_PANIC, "\"%s\" cannot be defined as " "a macro because previously defined macro \"%s\" is a substring", name, m->name); + return FALSE; + } /* We cannot have this test, because it is documented that a substring macro is permitted (there is even an example). @@ -697,7 +741,7 @@ for (m = macros; m; m = m->next) /* Check for an overriding command-line definition. */ -if (m && m->command_line) return; +if (m && m->command_line) return TRUE; /* Redefinition must refer to an existing macro. */ @@ -708,18 +752,123 @@ if (redef) m->replacement = string_copy(s); } else - log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "can't redefine an undefined macro " + { + log_write(0, LOG_CONFIG|LOG_PANIC, "can't redefine an undefined macro " "\"%s\"", name); + return FALSE; + } /* We have a new definition. */ else - (void) macro_create(string_copy(name), string_copy(s), FALSE); + (void) macro_create(name, s, FALSE); +return TRUE; } +/* Process line for macros. The line is in big_buffer starting at offset len. +Expand big_buffer if needed. Handle definitions of new macros, and +macro expansions, rewriting the line in the buffer. + +Arguments: + len Offset in buffer of start of line + newlen Pointer to offset of end of line, updated on return + macro_found Pointer to return that a macro was expanded + +Return: pointer to first nonblank char in line +*/ + +uschar * +macros_expand(int len, int * newlen, BOOL * macro_found) +{ +uschar * ss = big_buffer + len; +uschar * s; + +/* Find the true start of the physical line - leading spaces are always +ignored. */ + +while (isspace(*ss)) ss++; + +/* Process the physical line for macros. If this is the start of the logical +line, skip over initial text at the start of the line if it starts with an +upper case character followed by a sequence of name characters and an equals +sign, because that is the definition of a new macro, and we don't do +replacement therein. */ + +s = ss; +if (len == 0 && isupper(*s)) + { + while (isalnum(*s) || *s == '_') s++; + while (isspace(*s)) s++; + if (*s != '=') s = ss; /* Not a macro definition */ + } + +/* Skip leading chars which cannot start a macro name, to avoid multiple +pointless rescans in Ustrstr calls. */ + +while (*s && !isupper(*s) && !(*s == '_' && isupper(s[1]))) s++; + +/* For each defined macro, scan the line (from after XXX= if present), +replacing all occurrences of the macro. */ + +*macro_found = FALSE; +if (*s) for (macro_item * m = *s == '_' ? macros : macros_user; m; m = m->next) + { + uschar * p, *pp; + uschar * t; + + while (*s && !isupper(*s) && !(*s == '_' && isupper(s[1]))) s++; + if (!*s) break; + + t = s; + while ((p = Ustrstr(t, m->name)) != NULL) + { + int moveby; + + READCONF_DEBUG fprintf(stderr, "%s: matched '%s' in '%.*s'\n", __FUNCTION__, + m->name, (int) Ustrlen(ss)-1, ss); + /* Expand the buffer if necessary */ + + while (*newlen - m->namelen + m->replen + 1 > big_buffer_size) + { + int newsize = big_buffer_size + BIG_BUFFER_SIZE; + uschar *newbuffer = store_malloc(newsize); + memcpy(newbuffer, big_buffer, *newlen + 1); + p = newbuffer + (p - big_buffer); + s = newbuffer + (s - big_buffer); + ss = newbuffer + (ss - big_buffer); + t = newbuffer + (t - big_buffer); + big_buffer_size = newsize; + store_free(big_buffer); + big_buffer = newbuffer; + } + + /* Shuffle the remaining characters up or down in the buffer before + copying in the replacement text. Don't rescan the replacement for this + same macro. */ + + pp = p + m->namelen; + if ((moveby = m->replen - m->namelen) != 0) + { + memmove(p + m->replen, pp, (big_buffer + *newlen) - pp + 1); + *newlen += moveby; + } + Ustrncpy(p, m->replacement, m->replen); + t = p + m->replen; + while (*t && !isupper(*t) && !(*t == '_' && isupper(t[1]))) t++; + *macro_found = TRUE; + } + } + +/* An empty macro replacement at the start of a line could mean that ss no +longer points to the first non-blank character. */ + +while (isspace(*ss)) ss++; +return ss; +} + /************************************************* * Read configuration line * *************************************************/ @@ -749,7 +898,6 @@ int startoffset = 0; /* To first non-blank char in logical line */ int len = 0; /* Of logical line so far */ int newlen; uschar *s, *ss; -macro_item *m; BOOL macro_found; /* Loop for handling continuation lines, skipping comments, and dealing with @@ -810,82 +958,7 @@ for (;;) newlen += Ustrlen(big_buffer + newlen); } - /* Find the true start of the physical line - leading spaces are always - ignored. */ - - ss = big_buffer + len; - while (isspace(*ss)) ss++; - - /* Process the physical line for macros. If this is the start of the logical - line, skip over initial text at the start of the line if it starts with an - upper case character followed by a sequence of name characters and an equals - sign, because that is the definition of a new macro, and we don't do - replacement therein. */ - - s = ss; - if (len == 0 && isupper(*s)) - { - while (isalnum(*s) || *s == '_') s++; - while (isspace(*s)) s++; - if (*s != '=') s = ss; /* Not a macro definition */ - } - - /* Skip leading chars which cannot start a macro name, to avoid multiple - pointless rescans in Ustrstr calls. */ - - while (*s && !isupper(*s) && *s != '_') s++; - - /* For each defined macro, scan the line (from after XXX= if present), - replacing all occurrences of the macro. */ - - macro_found = FALSE; - for (m = macros; m; m = m->next) - { - uschar * p, *pp; - uschar * t = s; - - while ((p = Ustrstr(t, m->name)) != NULL) - { - int moveby; - -/* fprintf(stderr, "%s: matched '%s' in '%s'\n", __FUNCTION__, m->name, ss); */ - /* Expand the buffer if necessary */ - - while (newlen - m->namelen + m->replen + 1 > big_buffer_size) - { - int newsize = big_buffer_size + BIG_BUFFER_SIZE; - uschar *newbuffer = store_malloc(newsize); - memcpy(newbuffer, big_buffer, newlen + 1); - p = newbuffer + (p - big_buffer); - s = newbuffer + (s - big_buffer); - ss = newbuffer + (ss - big_buffer); - t = newbuffer + (t - big_buffer); - big_buffer_size = newsize; - store_free(big_buffer); - big_buffer = newbuffer; - } - - /* Shuffle the remaining characters up or down in the buffer before - copying in the replacement text. Don't rescan the replacement for this - same macro. */ - - pp = p + m->namelen; - if ((moveby = m->replen - m->namelen) != 0) - { - memmove(p + m->replen, pp, (big_buffer + newlen) - pp + 1); - newlen += moveby; - } - Ustrncpy(p, m->replacement, m->replen); - t = p + m->replen; - while (*t && !isupper(*t) && *t != '_') t++; - macro_found = TRUE; - } - } - - /* An empty macro replacement at the start of a line could mean that ss no - longer points to the first non-blank character. */ - - while (isspace(*ss)) ss++; + ss = macros_expand(len, &newlen, ¯o_found); /* Check for comment lines - these are physical lines. */ @@ -893,7 +966,7 @@ for (;;) /* Handle conditionals, which are also applied to physical lines. Conditions are of the form ".ifdef ANYTEXT" and are treated as true if any macro - expansion occured on the rest of the line. A preliminary test for the leading + expansion occurred on the rest of the line. A preliminary test for the leading '.' saves effort on most lines. */ if (*ss == '.') @@ -991,7 +1064,7 @@ for (;;) if (config_lines) save_config_position(config_filename, config_lineno); - save = store_get(sizeof(config_file_item)); + save = store_get(sizeof(config_file_item), FALSE); save->next = config_file_stack; config_file_stack = save; save->file = config_file; @@ -1331,7 +1404,7 @@ Returns: the control block for the parsed rule. static rewrite_rule * readconf_one_rewrite(const uschar *p, int *existflags, BOOL isglobal) { -rewrite_rule *next = store_get(sizeof(rewrite_rule)); +rewrite_rule *next = store_get(sizeof(rewrite_rule), FALSE); next->next = NULL; next->key = string_dequote(&p); @@ -1459,9 +1532,16 @@ return yield; * Custom-handler options * *************************************************/ static void -fn_smtp_receive_timeout(const uschar * name, const uschar * str) +fn_smtp_receive_timeout(const uschar * name, const uschar * str, unsigned flags) { -if (*str == '$') +if (flags & opt_fn_print) + { + if (flags & opt_fn_print_label) printf("%s = ", name); + printf("%s\n", smtp_receive_timeout_s + ? string_printing2(smtp_receive_timeout_s, FALSE) + : readconf_printtime(smtp_receive_timeout)); + } +else if (*str == '$') smtp_receive_timeout_s = string_copy(str); else { @@ -1518,7 +1598,7 @@ readconf_handle_option(uschar *buffer, optionlist *oltop, int last, { int ptr = 0; int offset = 0; -int n, count, type, value; +int count, type, value; int issecure = 0; uid_t uid; gid_t gid; @@ -1526,7 +1606,7 @@ BOOL boolvalue = TRUE; BOOL freesptr = TRUE; optionlist *ol, *ol2; struct passwd *pw; -void *reset_point; +rmark reset_point; int intbase = 0; uschar *inttype = US""; uschar *sptr; @@ -1546,7 +1626,7 @@ if (!isalpha(*s)) it turns out that what we read was "hide", set the flag indicating that this is a secure option, and loop to read the next word. */ -for (n = 0; n < 2; n++) +for (int n = 0; n < 2; n++) { while (isalnum(*s) || *s == '_') { @@ -1650,7 +1730,8 @@ switch (type) case opt_gidlist: case opt_rewrite: - reset_point = sptr = read_string(s, name); + reset_point = store_mark(); + sptr = read_string(s, name); /* Having read a string, we now have several different ways of using it, depending on the data type, so do another switch. If keeping the actual @@ -1673,10 +1754,11 @@ switch (type) /* We already have a condition, we're conducting a crude hack to let multiple condition rules be chained together, despite storing them in text form. */ - *str_target = string_copy_malloc( (saved_condition = *str_target) + *str_target = string_copy_perm( (saved_condition = *str_target) ? string_sprintf("${if and{{bool_lax{%s}}{bool_lax{%s}}}}", saved_condition, sptr) - : sptr); + : sptr, + FALSE); /* TODO(pdp): there is a memory leak here and just below when we set 3 or more conditions; I still don't understand the store mechanism enough to know @@ -1693,7 +1775,10 @@ switch (type) } else if (ol->type & opt_rep_str) { - uschar sep_o = Ustrncmp(name, "headers_add", 11)==0 ? '\n' : ':'; + uschar sep_o = + Ustrncmp(name, "headers_add", 11) == 0 ? '\n' + : Ustrncmp(name, "set", 3) == 0 ? ';' + : ':'; int sep_i = -(int)sep_o; const uschar * list = sptr; uschar * s; @@ -1709,7 +1794,7 @@ switch (type) list_o = string_append_listele(list_o, sep_o, s); if (list_o) - *str_target = string_copy_malloc(string_from_gstring(list_o)); + *str_target = string_copy_perm(string_from_gstring(list_o), FALSE); } else { @@ -1811,7 +1896,7 @@ switch (type) ignore. Also ignore if the value is already set. */ if (pw == NULL) break; - Ustrcpy(name+Ustrlen(name)-4, "group"); + Ustrcpy(name+Ustrlen(name)-4, US"group"); ol2 = find_option(name, oltop, last); if (ol2 != NULL && ((ol2->type & opt_mask) == opt_gid || (ol2->type & opt_mask) == opt_expand_gid)) @@ -1951,7 +2036,7 @@ switch (type) /* Release store if the value of the string doesn't need to be kept. */ - if (freesptr) store_reset(reset_point); + if (freesptr) reset_point = store_reset(reset_point); break; /* Expanded boolean: if no characters follow, or if there are no dollar @@ -1962,10 +2047,10 @@ switch (type) if (*s != 0 && Ustrchr(s, '$') != 0) { sprintf(CS name2, "*expand_%.50s", name); - ol2 = find_option(name2, oltop, last); - if (ol2 != NULL) + if ((ol2 = find_option(name2, oltop, last))) { - reset_point = sptr = read_string(s, name); + reset_point = store_mark(); + sptr = read_string(s, name); if (data_block == NULL) *((uschar **)(ol2->value)) = sptr; else @@ -2057,7 +2142,7 @@ switch (type) inttype = US"octal "; /* Integer: a simple(ish) case; allow octal and hex formats, and - suffixes K, M and G. The different types affect output, not input. */ + suffixes K, M, G, and T. The different types affect output, not input. */ case opt_mkint: case opt_int: @@ -2072,80 +2157,75 @@ switch (type) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%sinteger expected for %s", inttype, name); - if (errno != ERANGE) - if (tolower(*endptr) == 'k') - { - if (lvalue > INT_MAX/1024 || lvalue < INT_MIN/1024) errno = ERANGE; - else lvalue *= 1024; - endptr++; - } - else if (tolower(*endptr) == 'm') - { - if (lvalue > INT_MAX/(1024*1024) || lvalue < INT_MIN/(1024*1024)) - errno = ERANGE; - else lvalue *= 1024*1024; - endptr++; - } - else if (tolower(*endptr) == 'g') - { - if (lvalue > INT_MAX/(1024*1024*1024) || lvalue < INT_MIN/(1024*1024*1024)) - errno = ERANGE; - else lvalue *= 1024*1024*1024; - endptr++; - } + if (errno != ERANGE && *endptr) + { + uschar * mp = US"TtGgMmKk\0"; /* YyZzEePpTtGgMmKk */ + + if ((mp = Ustrchr(mp, *endptr))) + { + endptr++; + do + { + if (lvalue > INT_MAX/1024 || lvalue < INT_MIN/1024) + { + errno = ERANGE; + break; + } + lvalue *= 1024; + } + while (*(mp += 2)); + } + } if (errno == ERANGE || lvalue > INT_MAX || lvalue < INT_MIN) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "absolute value of integer \"%s\" is too large (overflow)", s); while (isspace(*endptr)) endptr++; - if (*endptr != 0) + if (*endptr) extra_chars_error(endptr, inttype, US"integer value for ", name); value = (int)lvalue; } - if (data_block == NULL) - *((int *)(ol->value)) = value; + if (data_block) + *(int *)(US data_block + (long int)ol->value) = value; else - *((int *)(US data_block + (long int)(ol->value))) = value; + *(int *)ol->value = value; break; - /* Integer held in K: again, allow octal and hex formats, and suffixes K, M - and G. */ - /*XXX consider moving to int_eximarith_t (but mind the overflow test 0415) */ + /* Integer held in K: again, allow formats and suffixes as above. */ case opt_Kint: { uschar *endptr; errno = 0; - value = strtol(CS s, CSS &endptr, intbase); + int_eximarith_t lvalue = strtol(CS s, CSS &endptr, intbase); if (endptr == s) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%sinteger expected for %s", inttype, name); - if (errno != ERANGE) - if (tolower(*endptr) == 'g') - { - if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024)) - errno = ERANGE; - else - value *= 1024*1024; - endptr++; - } - else if (tolower(*endptr) == 'm') - { - if (value > INT_MAX/1024 || value < INT_MIN/1024) - errno = ERANGE; - else - value *= 1024; - endptr++; - } - else if (tolower(*endptr) == 'k') - endptr++; + if (errno != ERANGE && *endptr) + { + uschar * mp = US"ZzEePpTtGgMmKk\0"; /* YyZzEePpTtGgMmKk */ + + if ((mp = Ustrchr(mp, *endptr))) + { + endptr++; + while (*(mp += 2)) + { + if (lvalue > EXIM_ARITH_MAX/1024 || lvalue < EXIM_ARITH_MIN/1024) + { + errno = ERANGE; + break; + } + lvalue *= 1024; + } + } else - value = (value + 512)/1024; + lvalue = (lvalue + 512)/1024; + } if (errno == ERANGE) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "absolute value of integer \"%s\" is too large (overflow)", s); @@ -2153,13 +2233,13 @@ switch (type) while (isspace(*endptr)) endptr++; if (*endptr != 0) extra_chars_error(endptr, inttype, US"integer value for ", name); - } - if (data_block == NULL) - *((int *)(ol->value)) = value; - else - *((int *)(US data_block + (long int)(ol->value))) = value; - break; + if (data_block) + *(int_eximarith_t *)(US data_block + (long int)ol->value) = lvalue; + else + *(int_eximarith_t *)ol->value = lvalue; + break; + } /* Fixed-point number: held to 3 decimal places. */ @@ -2260,7 +2340,7 @@ switch (type) case opt_func: { void (*fn)() = ol->value; - fn(name, s); + fn(name, s, 0); break; } } @@ -2333,10 +2413,10 @@ Arguments: last one more than the offset of the last entry in optop no_labels do not show "foo = " at the start. -Returns: nothing +Returns: boolean success */ -static void +static BOOL print_ol(optionlist *ol, uschar *name, void *options_block, optionlist *oltop, int last, BOOL no_labels) { @@ -2349,30 +2429,30 @@ gid_t *gidlist; uschar *s; uschar name2[64]; -if (ol == NULL) +if (!ol) { printf("%s is not a known option\n", name); - return; + return FALSE; } /* Non-admin callers cannot see options that have been flagged secure by the "hide" prefix. */ -if (!admin_user && (ol->type & opt_secure) != 0) +if (!f.admin_user && ol->type & opt_secure) { if (no_labels) printf("%s\n", hidden); else printf("%s = %s\n", name, hidden); - return; + return TRUE; } /* Else show the value of the option */ value = ol->value; -if (options_block != NULL) +if (options_block) { - if ((ol->type & opt_public) == 0) + if (!(ol->type & opt_public)) options_block = (void *)(((driver_instance *)options_block)->options_block); value = (void *)(US options_block + (long int)value); } @@ -2381,15 +2461,15 @@ switch(ol->type & opt_mask) { case opt_stringptr: case opt_rewrite: /* Show the text value */ - s = *((uschar **)value); - if (!no_labels) printf("%s = ", name); - printf("%s\n", (s == NULL)? US"" : string_printing2(s, FALSE)); - break; + s = *(USS value); + if (!no_labels) printf("%s = ", name); + printf("%s\n", s ? string_printing2(s, FALSE) : US""); + break; case opt_int: - if (!no_labels) printf("%s = ", name); - printf("%d\n", *((int *)value)); - break; + if (!no_labels) printf("%s = ", name); + printf("%d\n", *((int *)value)); + break; case opt_mkint: { @@ -2412,22 +2492,24 @@ switch(ol->type & opt_mask) printf("%d\n", x); } } - break; + break; case opt_Kint: { - int x = *((int *)value); + int_eximarith_t x = *((int_eximarith_t *)value); if (!no_labels) printf("%s = ", name); if (x == 0) printf("0\n"); - else if ((x & 1023) == 0) printf("%dM\n", x >> 10); - else printf("%dK\n", x); + else if ((x & ((1<<30)-1)) == 0) printf(PR_EXIM_ARITH "T\n", x >> 30); + else if ((x & ((1<<20)-1)) == 0) printf(PR_EXIM_ARITH "G\n", x >> 20); + else if ((x & ((1<<10)-1)) == 0) printf(PR_EXIM_ARITH "M\n", x >> 10); + else printf(PR_EXIM_ARITH "K\n", x); } - break; + break; case opt_octint: - if (!no_labels) printf("%s = ", name); - printf("%#o\n", *((int *)value)); - break; + if (!no_labels) printf("%s = ", name); + printf("%#o\n", *((int *)value)); + break; /* Can be negative only when "unset", in which case integer */ @@ -2450,167 +2532,162 @@ switch(ol->type & opt_mask) printf("\n"); } } - break; + break; /* If the numerical value is unset, try for the string value */ case opt_expand_uid: - if (! *get_set_flag(name, oltop, last, options_block)) - { - sprintf(CS name2, "*expand_%.50s", name); - ol2 = find_option(name2, oltop, last); - if (ol2 != NULL) + if (! *get_set_flag(name, oltop, last, options_block)) { - void *value2 = ol2->value; - if (options_block != NULL) - value2 = (void *)(US options_block + (long int)value2); - s = *((uschar **)value2); - if (!no_labels) printf("%s = ", name); - printf("%s\n", (s == NULL)? US"" : string_printing(s)); - break; + sprintf(CS name2, "*expand_%.50s", name); + if ((ol2 = find_option(name2, oltop, last))) + { + void *value2 = ol2->value; + if (options_block) + value2 = (void *)(US options_block + (long int)value2); + s = *(USS value2); + if (!no_labels) printf("%s = ", name); + printf("%s\n", s ? string_printing(s) : US""); + break; + } } - } - /* Else fall through */ + /* Else fall through */ case opt_uid: - if (!no_labels) printf("%s = ", name); - if (! *get_set_flag(name, oltop, last, options_block)) - printf("\n"); - else - { - pw = getpwuid(*((uid_t *)value)); - if (pw == NULL) - printf("%ld\n", (long int)(*((uid_t *)value))); - else printf("%s\n", pw->pw_name); - } - break; + if (!no_labels) printf("%s = ", name); + if (! *get_set_flag(name, oltop, last, options_block)) + printf("\n"); + else + if ((pw = getpwuid(*((uid_t *)value)))) + printf("%s\n", pw->pw_name); + else + printf("%ld\n", (long int)(*((uid_t *)value))); + break; /* If the numerical value is unset, try for the string value */ case opt_expand_gid: - if (! *get_set_flag(name, oltop, last, options_block)) - { - sprintf(CS name2, "*expand_%.50s", name); - ol2 = find_option(name2, oltop, last); - if (ol2 != NULL && (ol2->type & opt_mask) == opt_stringptr) + if (! *get_set_flag(name, oltop, last, options_block)) { - void *value2 = ol2->value; - if (options_block != NULL) - value2 = (void *)(US options_block + (long int)value2); - s = *((uschar **)value2); - if (!no_labels) printf("%s = ", name); - printf("%s\n", (s == NULL)? US"" : string_printing(s)); - break; + sprintf(CS name2, "*expand_%.50s", name); + if ( (ol2 = find_option(name2, oltop, last)) + && (ol2->type & opt_mask) == opt_stringptr) + { + void *value2 = ol2->value; + if (options_block) + value2 = (void *)(US options_block + (long int)value2); + s = *(USS value2); + if (!no_labels) printf("%s = ", name); + printf("%s\n", s ? string_printing(s) : US""); + break; + } } - } - /* Else fall through */ + /* Else fall through */ case opt_gid: - if (!no_labels) printf("%s = ", name); - if (! *get_set_flag(name, oltop, last, options_block)) - printf("\n"); - else - { - gr = getgrgid(*((int *)value)); - if (gr == NULL) - printf("%ld\n", (long int)(*((int *)value))); - else printf("%s\n", gr->gr_name); - } - break; + if (!no_labels) printf("%s = ", name); + if (! *get_set_flag(name, oltop, last, options_block)) + printf("\n"); + else + if ((gr = getgrgid(*((int *)value)))) + printf("%s\n", gr->gr_name); + else + printf("%ld\n", (long int)(*((int *)value))); + break; case opt_uidlist: - uidlist = *((uid_t **)value); - if (!no_labels) printf("%s =", name); - if (uidlist != NULL) - { - int i; - uschar sep = ' '; - if (no_labels) sep = '\0'; - for (i = 1; i <= (int)(uidlist[0]); i++) + uidlist = *((uid_t **)value); + if (!no_labels) printf("%s =", name); + if (uidlist) { - uschar *name = NULL; - pw = getpwuid(uidlist[i]); - if (pw != NULL) name = US pw->pw_name; - if (sep != '\0') printf("%c", sep); - if (name != NULL) printf("%s", name); - else printf("%ld", (long int)(uidlist[i])); - sep = ':'; + uschar sep = no_labels ? '\0' : ' '; + for (int i = 1; i <= (int)(uidlist[0]); i++) + { + uschar *name = NULL; + if ((pw = getpwuid(uidlist[i]))) name = US pw->pw_name; + if (sep != '\0') printf("%c", sep); + if (name) printf("%s", name); + else printf("%ld", (long int)(uidlist[i])); + sep = ':'; + } } - } - printf("\n"); - break; + printf("\n"); + break; case opt_gidlist: - gidlist = *((gid_t **)value); - if (!no_labels) printf("%s =", name); - if (gidlist != NULL) - { - int i; - uschar sep = ' '; - if (no_labels) sep = '\0'; - for (i = 1; i <= (int)(gidlist[0]); i++) + gidlist = *((gid_t **)value); + if (!no_labels) printf("%s =", name); + if (gidlist) { - uschar *name = NULL; - gr = getgrgid(gidlist[i]); - if (gr != NULL) name = US gr->gr_name; - if (sep != '\0') printf("%c", sep); - if (name != NULL) printf("%s", name); - else printf("%ld", (long int)(gidlist[i])); - sep = ':'; + uschar sep = no_labels ? '\0' : ' '; + for (int i = 1; i <= (int)(gidlist[0]); i++) + { + uschar *name = NULL; + if ((gr = getgrgid(gidlist[i]))) name = US gr->gr_name; + if (sep != '\0') printf("%c", sep); + if (name) printf("%s", name); + else printf("%ld", (long int)(gidlist[i])); + sep = ':'; + } } - } - printf("\n"); - break; + printf("\n"); + break; case opt_time: - if (!no_labels) printf("%s = ", name); - printf("%s\n", readconf_printtime(*((int *)value))); - break; + if (!no_labels) printf("%s = ", name); + printf("%s\n", readconf_printtime(*((int *)value))); + break; case opt_timelist: { - int i; int *list = (int *)value; if (!no_labels) printf("%s = ", name); - for (i = 0; i < list[1]; i++) - printf("%s%s", (i == 0)? "" : ":", readconf_printtime(list[i+2])); + for (int i = 0; i < list[1]; i++) + printf("%s%s", i == 0 ? "" : ":", readconf_printtime(list[i+2])); printf("\n"); } - break; + break; case opt_bit: - printf("%s%s\n", ((*((int *)value)) & (1 << ((ol->type >> 16) & 31)))? - "" : "no_", name); - break; + printf("%s%s\n", ((*((int *)value)) & (1 << ((ol->type >> 16) & 31)))? + "" : "no_", name); + break; case opt_expand_bool: - sprintf(CS name2, "*expand_%.50s", name); - ol2 = find_option(name2, oltop, last); - if (ol2 != NULL && ol2->value != NULL) - { - void *value2 = ol2->value; - if (options_block != NULL) - value2 = (void *)(US options_block + (long int)value2); - s = *((uschar **)value2); - if (s != NULL) + sprintf(CS name2, "*expand_%.50s", name); + if ((ol2 = find_option(name2, oltop, last)) && ol2->value) { - if (!no_labels) printf("%s = ", name); - printf("%s\n", string_printing(s)); - break; + void *value2 = ol2->value; + if (options_block) + value2 = (void *)(US options_block + (long int)value2); + s = *(USS value2); + if (s) + { + if (!no_labels) printf("%s = ", name); + printf("%s\n", string_printing(s)); + break; + } + /* s == NULL => string not set; fall through */ } - /* s == NULL => string not set; fall through */ - } - /* Fall through */ + /* Fall through */ case opt_bool: case opt_bool_verify: case opt_bool_set: - printf("%s%s\n", (*((BOOL *)value))? "" : "no_", name); - break; + printf("%s%s\n", (*((BOOL *)value))? "" : "no_", name); + break; + + case opt_func: + { + void (*fn)() = ol->value; + fn(name, NULL, no_labels ? opt_fn_print : opt_fn_print|opt_fn_print_label); + break; + } } +return TRUE; } @@ -2649,24 +2726,21 @@ Arguments: type NULL or driver type name, as described above no_labels avoid the "foo = " at the start of an item -Returns: nothing +Returns: Boolean success */ -void +BOOL readconf_print(uschar *name, uschar *type, BOOL no_labels) { BOOL names_only = FALSE; -optionlist *ol; optionlist *ol2 = NULL; driver_instance *d = NULL; -macro_item *m; int size = 0; -if (type == NULL) +if (!type) { if (*name == '+') { - int i; tree_node *t; BOOL found = FALSE; static uschar *types[] = { US"address", US"domain", US"host", @@ -2674,10 +2748,8 @@ if (type == NULL) static tree_node **anchors[] = { &addresslist_anchor, &domainlist_anchor, &hostlist_anchor, &localpartlist_anchor }; - for (i = 0; i < 4; i++) - { - t = tree_search(*(anchors[i]), name+1); - if (t != NULL) + for (int i = 0; i < 4; i++) + if ((t = tree_search(*(anchors[i]), name+1))) { found = TRUE; if (no_labels) @@ -2686,54 +2758,50 @@ if (type == NULL) printf("%slist %s = %s\n", types[i], name+1, ((namedlist_block *)(t->data.ptr))->string); } - } if (!found) printf("no address, domain, host, or local part list called \"%s\" " "exists\n", name+1); - return; + return found; } if ( Ustrcmp(name, "configure_file") == 0 || Ustrcmp(name, "config_file") == 0) { printf("%s\n", CS config_main_filename); - return; + return TRUE; } if (Ustrcmp(name, "all") == 0) { - for (ol = optionlist_config; + for (optionlist * ol = optionlist_config; ol < optionlist_config + nelem(optionlist_config); ol++) - { - if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, NULL, - optionlist_config, nelem(optionlist_config), - no_labels); - } - return; + if (!(ol->type & opt_hidden)) + (void) print_ol(ol, US ol->name, NULL, + optionlist_config, nelem(optionlist_config), + no_labels); + return TRUE; } if (Ustrcmp(name, "local_scan") == 0) { - #ifndef LOCAL_SCAN_HAS_OPTIONS +#ifndef LOCAL_SCAN_HAS_OPTIONS printf("local_scan() options are not supported\n"); - #else - for (ol = local_scan_options; + return FALSE; +#else + for (optionlist * ol = local_scan_options; ol < local_scan_options + local_scan_options_count; ol++) - { - print_ol(ol, US ol->name, NULL, local_scan_options, - local_scan_options_count, no_labels); - } - #endif - return; + (void) print_ol(ol, US ol->name, NULL, local_scan_options, + local_scan_options_count, no_labels); + return TRUE; +#endif } if (Ustrcmp(name, "config") == 0) { - print_config(admin_user, no_labels); - return; + print_config(f.admin_user, no_labels); + return TRUE; } if (Ustrcmp(name, "routers") == 0) @@ -2746,47 +2814,40 @@ if (type == NULL) type = US"transport"; name = NULL; } - else if (Ustrcmp(name, "authenticators") == 0) { type = US"authenticator"; name = NULL; } - else if (Ustrcmp(name, "macros") == 0) { type = US"macro"; name = NULL; } - else if (Ustrcmp(name, "router_list") == 0) { type = US"router"; name = NULL; names_only = TRUE; } - else if (Ustrcmp(name, "transport_list") == 0) { type = US"transport"; name = NULL; names_only = TRUE; } - else if (Ustrcmp(name, "authenticator_list") == 0) { type = US"authenticator"; name = NULL; names_only = TRUE; } - else if (Ustrcmp(name, "macro_list") == 0) { type = US"macro"; name = NULL; names_only = TRUE; } - else if (Ustrcmp(name, "environment") == 0) { if (environ) @@ -2802,15 +2863,13 @@ if (type == NULL) puts(CS *p); } } - return; + return TRUE; } else - { - print_ol(find_option(name, optionlist_config, nelem(optionlist_config)), + return print_ol(find_option(name, + optionlist_config, nelem(optionlist_config)), name, NULL, optionlist_config, nelem(optionlist_config), no_labels); - return; - } } /* Handle the options for a router or transport. Skip options that are flagged @@ -2842,55 +2901,60 @@ else if (Ustrcmp(type, "macro") == 0) { /* People store passwords in macros and they were previously not available for printing. So we have an admin_users restriction. */ - if (!admin_user) + if (!f.admin_user) { fprintf(stderr, "exim: permission denied\n"); - exit(EXIT_FAILURE); + return FALSE; } - for (m = macros; m; m = m->next) + for (macro_item * m = macros; m; m = m->next) if (!name || Ustrcmp(name, m->name) == 0) { if (names_only) printf("%s\n", CS m->name); + else if (no_labels) + printf("%s\n", CS m->replacement); else printf("%s=%s\n", CS m->name, CS m->replacement); if (name) - return; + return TRUE; } - if (name) - printf("%s %s not found\n", type, name); - return; + if (!name) return TRUE; + + printf("%s %s not found\n", type, name); + return FALSE; } if (names_only) { - for (; d != NULL; d = d->next) printf("%s\n", CS d->name); - return; + for (; d; d = d->next) printf("%s\n", CS d->name); + return TRUE; } /* Either search for a given driver, or print all of them */ -for (; d != NULL; d = d->next) +for (; d; d = d->next) { - if (name == NULL) + BOOL rc = FALSE; + if (!name) printf("\n%s %s:\n", d->name, type); else if (Ustrcmp(d->name, name) != 0) continue; - for (ol = ol2; ol < ol2 + size; ol++) - { - if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, d, ol2, size, no_labels); - } + for (optionlist * ol = ol2; ol < ol2 + size; ol++) + if (!(ol->type & opt_hidden)) + rc |= print_ol(ol, US ol->name, d, ol2, size, no_labels); - for (ol = d->info->options; + for (optionlist * ol = d->info->options; ol < d->info->options + *(d->info->options_count); ol++) - { - if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, d, d->info->options, *(d->info->options_count), no_labels); - } - if (name != NULL) return; + if (!(ol->type & opt_hidden)) + rc |= print_ol(ol, US ol->name, d, d->info->options, + *d->info->options_count, no_labels); + + if (name) return rc; } -if (name != NULL) printf("%s %s not found\n", type, name); +if (!name) return TRUE; + +printf("%s %s not found\n", type, name); +return FALSE; } @@ -2924,7 +2988,7 @@ read_named_list(tree_node **anchorp, int *numberp, int max, uschar *s, BOOL forcecache = FALSE; uschar *ss; tree_node *t; -namedlist_block *nb = store_get(sizeof(namedlist_block)); +namedlist_block *nb = store_get(sizeof(namedlist_block), FALSE); if (Ustrncmp(s, "_cache", 6) == 0) { @@ -2942,7 +3006,7 @@ if (*numberp >= max) while (isspace(*s)) s++; ss = s; while (isalnum(*s) || *s == '_') s++; -t = store_get(sizeof(tree_node) + s-ss); +t = store_get(sizeof(tree_node) + s-ss, is_tainted(ss)); Ustrncpy(t->name, ss, s-ss); t->name[s-ss] = 0; while (isspace(*s)) s++; @@ -3010,80 +3074,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malformed ratelimit data: %s", s); -/************************************************* -* Drop privs for checking TLS config * -*************************************************/ - -/* We want to validate TLS options during readconf, but do not want to be -root when we call into the TLS library, in case of library linkage errors -which cause segfaults; before this check, those were always done as the Exim -runtime user and it makes sense to continue with that. - -Assumes: tls_require_ciphers has been set, if it will be - exim_user has been set, if it will be - exim_group has been set, if it will be - -Returns: bool for "okay"; false will cause caller to immediately exit. -*/ - -#ifdef SUPPORT_TLS -static BOOL -tls_dropprivs_validate_require_cipher(BOOL nowarn) -{ -const uschar *errmsg; -pid_t pid; -int rc, status; -void (*oldsignal)(int); - -/* If TLS will never be used, no point checking ciphers */ - -if ( !tls_advertise_hosts - || !*tls_advertise_hosts - || Ustrcmp(tls_advertise_hosts, ":") == 0 - ) - return TRUE; -else if (!nowarn && !tls_certificate) - log_write(0, LOG_MAIN, - "Warning: No server certificate defined; will use a selfsigned one.\n" - " Suggested action: either install a certificate or change tls_advertise_hosts option"); - -oldsignal = signal(SIGCHLD, SIG_DFL); - -fflush(NULL); -if ((pid = fork()) < 0) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); - -if (pid == 0) - { - /* in some modes, will have dropped privilege already */ - if (!geteuid()) - exim_setugid(exim_uid, exim_gid, FALSE, - US"calling tls_validate_require_cipher"); - - if ((errmsg = tls_validate_require_cipher())) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "tls_require_ciphers invalid: %s", errmsg); - fflush(NULL); - _exit(0); - } - -do { - rc = waitpid(pid, &status, 0); -} while (rc < 0 && errno == EINTR); - -DEBUG(D_tls) - debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", - (int)pid, status); - -signal(SIGCHLD, oldsignal); - -return status == 0; -} -#endif /* SUPPORT_TLS */ - - - - /************************************************* * Read main configuration options * *************************************************/ @@ -3244,7 +3234,7 @@ if (Uchdir("/") < 0) /* Check the status of the file we have opened, if we have retained root privileges and the file isn't /dev/null (which *should* be 0666). */ -if (trusted_config && Ustrcmp(filename, US"/dev/null")) +if (f.trusted_config && Ustrcmp(filename, US"/dev/null")) { if (fstat(fileno(config_file), &statbuf) != 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to stat configuration file %s", @@ -3265,6 +3255,19 @@ if (trusted_config && Ustrcmp(filename, US"/dev/null")) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Exim configuration file %s has the " "wrong owner, group, or mode", big_buffer); + + /* Do a dummy store-allocation of a size related to the (toplevel) file size. + This assumes we will need this much storage to handle all the allocations + during startup; it won't help when .include is being used. When it does, it + will cut down on the number of store blocks (and malloc calls, and sbrk + syscalls). It also assume we're on the relevant pool. */ + + if (statbuf.st_size > 8192) + { + rmark r = store_mark(); + void * dummy = store_get((int)statbuf.st_size, FALSE); + store_reset(r); + } } /* Process the main configuration settings. They all begin with a lower case @@ -3277,7 +3280,8 @@ while ((s = get_config_line())) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "found unexpected BOM (Byte Order Mark)"); - if (isupper(s[0])) read_macro_assignment(s); + if (isupper(s[0])) + { if (!macro_read_assignment(s)) exim_exit(EXIT_FAILURE, US""); } else if (Ustrncmp(s, "domainlist", 10) == 0) read_named_list(&domainlist_anchor, &domainlist_count, @@ -3388,15 +3392,14 @@ smtp_active_hostname = primary_hostname; got set above. Of course, writing to the log may not work if log_file_path is not set, but it will at least get to syslog or somewhere, with any luck. */ -if (*spool_directory == 0) +if (!*spool_directory) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "spool_directory undefined: cannot " "proceed"); /* Expand the spool directory name; it may, for example, contain the primary host name. Same comment about failure. */ -s = expand_string(spool_directory); -if (s == NULL) +if (!(s = expand_string(spool_directory))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand spool_directory " "\"%s\": %s", spool_directory, expand_string_message); spool_directory = s; @@ -3405,32 +3408,27 @@ spool_directory = s; the null string or "syslog". It is also allowed to contain one instance of %D or %M. However, it must NOT contain % followed by anything else. */ -if (*log_file_path != 0) +if (*log_file_path) { const uschar *ss, *sss; int sep = ':'; /* Fixed for log file path */ - s = expand_string(log_file_path); - if (s == NULL) + if (!(s = expand_string(log_file_path))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand log_file_path " "\"%s\": %s", log_file_path, expand_string_message); ss = s; - while ((sss = string_nextinlist(&ss,&sep,big_buffer,big_buffer_size)) != NULL) + while ((sss = string_nextinlist(&ss, &sep, big_buffer, big_buffer_size))) { uschar *t; if (sss[0] == 0 || Ustrcmp(sss, "syslog") == 0) continue; - t = Ustrstr(sss, "%s"); - if (t == NULL) + if (!(t = Ustrstr(sss, "%s"))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "log_file_path \"%s\" does not " "contain \"%%s\"", sss); *t = 'X'; - t = Ustrchr(sss, '%'); - if (t != NULL) - { + if ((t = Ustrchr(sss, '%'))) if ((t[1] != 'D' && t[1] != 'M') || Ustrchr(t+2, '%') != NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "log_file_path \"%s\" contains " "unexpected \"%%\" character", s); - } } log_file_path = s; @@ -3565,7 +3563,7 @@ if (host_number_string) host_number = n; } -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS /* If tls_verify_hosts is set, tls_verify_certificates must also be set */ if ((tls_verify_hosts || tls_try_verify_hosts) && !tls_verify_certificates) @@ -3573,11 +3571,6 @@ if ((tls_verify_hosts || tls_try_verify_hosts) && !tls_verify_certificates) "tls_%sverify_hosts is set, but tls_verify_certificates is not set", tls_verify_hosts ? "" : "try_"); -/* This also checks that the library linkage is working and we can call -routines in it, so call even if tls_require_ciphers is unset */ -if (!tls_dropprivs_validate_require_cipher(nowarn)) - exit(1); - /* Magic number: at time of writing, 1024 has been the long-standing value used by so many clients, and what Exim used to use always, that it makes sense to just min-clamp this max-clamp at that. */ @@ -3598,7 +3591,7 @@ if (openssl_options) "openssl_options parse error: %s", openssl_options); # endif } -#endif /*SUPPORT_TLS*/ +#endif /*DISABLE_TLS*/ if (!nowarn && !keep_environment && environ && *environ) log_write(0, LOG_MAIN, @@ -3631,23 +3624,18 @@ static driver_info * init_driver(driver_instance *d, driver_info *drivers_available, int size_of_info, uschar *class) { -driver_info *dd; - -for (dd = drivers_available; dd->driver_name[0] != 0; +for (driver_info * dd = drivers_available; dd->driver_name[0] != 0; dd = (driver_info *)((US dd) + size_of_info)) - { if (Ustrcmp(d->driver_name, dd->driver_name) == 0) { - int i; int len = dd->options_len; d->info = dd; - d->options_block = store_get(len); + d->options_block = store_get(len, FALSE); memcpy(d->options_block, dd->options_block, len); - for (i = 0; i < *(dd->options_count); i++) + for (int i = 0; i < *(dd->options_count); i++) dd->options[i].type &= ~opt_set; return dd; } - } log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%s %s: cannot find %s driver \"%s\"", class, d->name, class, d->driver_name); @@ -3724,7 +3712,7 @@ while ((buffer = get_config_line()) != NULL) (d->info->init)(d); d = NULL; } - read_macro_assignment(buffer); + if (!macro_read_assignment(buffer)) exim_exit(EXIT_FAILURE, US""); continue; } @@ -3734,8 +3722,6 @@ while ((buffer = get_config_line()) != NULL) if (*s++ == ':') { - int i; - /* Finish off initializing the previous driver. */ if (d) @@ -3756,7 +3742,7 @@ while ((buffer = get_config_line()) != NULL) /* Set up a new driver instance data block on the chain, with its default values installed. */ - d = store_get(instance_size); + d = store_get(instance_size, FALSE); memcpy(d, instance_default, instance_size); *p = d; p = &d->next; @@ -3764,7 +3750,7 @@ while ((buffer = get_config_line()) != NULL) /* Clear out the "set" bits in the generic options */ - for (i = 0; i < driver_optionlist_count; i++) + for (int i = 0; i < driver_optionlist_count; i++) driver_optionlist[i].type &= ~opt_set; /* Check nothing more on this line, then do the next loop iteration. */ @@ -3837,10 +3823,9 @@ BOOL readconf_depends(driver_instance *d, uschar *s) { int count = *(d->info->options_count); -optionlist *ol; uschar *ss; -for (ol = d->info->options; ol < d->info->options + count; ol++) +for (optionlist * ol = d->info->options; ol < d->info->options + count; ol++) { void *options_block; uschar *value; @@ -4056,7 +4041,7 @@ while ((p = get_config_line())) const uschar *pp; uschar *error; - next = store_get(sizeof(retry_config)); + next = store_get(sizeof(retry_config), FALSE); next->next = NULL; *chain = next; chain = &(next->next); @@ -4100,7 +4085,7 @@ while ((p = get_config_line())) while (*p != 0) { - retry_rule *rule = store_get(sizeof(retry_rule)); + retry_rule *rule = store_get(sizeof(retry_rule), FALSE); *rchain = rule; rchain = &(rule->next); rule->next = NULL; @@ -4158,7 +4143,9 @@ Returns: nothing static void auths_init(void) { -auth_instance *au, *bu; +#ifndef DISABLE_PIPE_CONNECT +int nauths = 0; +#endif readconf_driver_init(US"authenticator", (driver_instance **)(&auths), /* chain anchor */ @@ -4169,20 +4156,26 @@ readconf_driver_init(US"authenticator", optionlist_auths, /* generic options */ optionlist_auths_size); -for (au = auths; au; au = au->next) +for (auth_instance * au = auths; au; au = au->next) { if (!au->public_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "no public name specified for " "the %s authenticator", au->name); - for (bu = au->next; bu; bu = bu->next) + for (auth_instance * bu = au->next; bu; bu = bu->next) if (strcmpic(au->public_name, bu->public_name) == 0) if ((au->client && bu->client) || (au->server && bu->server)) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "two %s authenticators " "(%s and %s) have the same public name (%s)", au->client ? US"client" : US"server", au->name, bu->name, au->public_name); +#ifndef DISABLE_PIPE_CONNECT + nauths++; +#endif } +#ifndef DISABLE_PIPE_CONNECT +f.smtp_in_early_pipe_no_auth = nauths > 16; +#endif } @@ -4225,7 +4218,7 @@ between ACLs. */ acl_line = get_config_line(); -while(acl_line != NULL) +while(acl_line) { uschar name[64]; tree_node *node; @@ -4234,7 +4227,7 @@ while(acl_line != NULL) p = readconf_readname(name, sizeof(name), acl_line); if (isupper(*name) && *p == '=') { - read_macro_assignment(acl_line); + if (!macro_read_assignment(acl_line)) exim_exit(EXIT_FAILURE, US""); acl_line = get_config_line(); continue; } @@ -4242,7 +4235,7 @@ while(acl_line != NULL) if (*p != ':' || name[0] == 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "missing or malformed ACL name"); - node = store_get(sizeof(tree_node) + Ustrlen(name)); + node = store_get(sizeof(tree_node) + Ustrlen(name), is_tainted(name)); Ustrcpy(node->name, name); if (!tree_insertnode(&acl_anchor, node)) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, @@ -4278,7 +4271,7 @@ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "local_scan() options not supported: " #else uschar *p; -while ((p = get_config_line()) != NULL) +while ((p = get_config_line())) { (void) readconf_handle_option(p, local_scan_options, local_scan_options_count, NULL, US"local_scan option \"%s\" unknown"); @@ -4330,7 +4323,7 @@ while(next_section[0] != 0) int mid = last/2; int n = Ustrlen(next_section); - if (tolower(next_section[n-1]) != 's') Ustrcpy(next_section+n, "s"); + if (tolower(next_section[n-1]) != 's') Ustrcpy(next_section+n, US"s"); for (;;) { @@ -4368,14 +4361,14 @@ while(next_section[0] != 0) void readconf_save_config(const uschar *s) { - save_config_line(string_sprintf("# Exim Configuration (%s)", - running_in_test_harness ? US"X" : s)); +save_config_line(string_sprintf("# Exim Configuration (%s)", + f.running_in_test_harness ? US"X" : s)); } static void save_config_position(const uschar *file, int line) { - save_config_line(string_sprintf("# %d \"%s\"", line, file)); +save_config_line(string_sprintf("# %d \"%s\"", line, file)); } /* Append a pre-parsed logical line to the config lines store, @@ -4389,7 +4382,7 @@ save_config_line(const uschar* line) static config_line_item *current; config_line_item *next; -next = (config_line_item*) store_get(sizeof(config_line_item)); +next = (config_line_item*) store_get(sizeof(config_line_item), FALSE); next->line = string_copy(line); next->next = NULL; @@ -4404,11 +4397,10 @@ hide the values unless we're the admin user */ void print_config(BOOL admin, BOOL terse) { -config_line_item *i; const int TS = terse ? 0 : 2; int indent = 0; -for (i = config_lines; i; i = i->next) +for (config_line_item * i = config_lines; i; i = i->next) { uschar *current; uschar *p;