X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fsmtp_in.c;h=b46f3e876a9141844ba40e17db60a611f135fe1d;hb=675a21420d11f4971d93d7e680ca96bff8d325c2;hp=2e3c9b9ecb8baa85920981980c97f7f0739be335;hpb=dbcb6d0acbbd69b8a68ba117530e00300ec698ba;p=exim.git diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 2e3c9b9ec..b46f3e876 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -135,9 +135,6 @@ static struct { BOOL auth_advertised :1; #ifdef SUPPORT_TLS BOOL tls_advertised :1; -# ifdef EXPERIMENTAL_REQUIRETLS - BOOL requiretls_advertised :1; -# endif #endif BOOL dsn_advertised :1; BOOL esmtp :1; @@ -267,9 +264,6 @@ enum { ENV_MAIL_OPT_RET, ENV_MAIL_OPT_ENVID, #ifdef SUPPORT_I18N ENV_MAIL_OPT_UTF8, -#endif -#ifdef EXPERIMENTAL_REQUIRETLS - ENV_MAIL_OPT_REQTLS, #endif }; typedef struct { @@ -289,10 +283,6 @@ static env_mail_type_t env_mail_type_list[] = { { US"ENVID", ENV_MAIL_OPT_ENVID, TRUE }, #ifdef SUPPORT_I18N { US"SMTPUTF8",ENV_MAIL_OPT_UTF8, FALSE }, /* rfc6531 */ -#endif -#ifdef EXPERIMENTAL_REQUIRETLS - /* https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03 */ - { US"REQUIRETLS",ENV_MAIL_OPT_REQTLS, FALSE }, #endif /* keep this the last entry */ { US"NULL", ENV_MAIL_OPT_NULL, FALSE }, @@ -435,17 +425,16 @@ Returns: nothing static void incomplete_transaction_log(uschar *what) { -if (sender_address == NULL || /* No transaction in progress */ - !LOGGING(smtp_incomplete_transaction)) +if (!sender_address /* No transaction in progress */ + || !LOGGING(smtp_incomplete_transaction)) return; /* Build list of recipients for logging */ if (recipients_count > 0) { - int i; raw_recipients = store_get(recipients_count * sizeof(uschar *)); - for (i = 0; i < recipients_count; i++) + for (int i = 0; i < recipients_count; i++) raw_recipients[i] = recipients_list[i].address; raw_recipients_count = recipients_count; } @@ -913,18 +902,20 @@ call another vararg function, only a function which accepts a va_list. */ void smtp_vprintf(const char *format, BOOL more, va_list ap) { +gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }; BOOL yield; -yield = string_vformat(big_buffer, big_buffer_size, format, ap); +yield = !! string_vformat(&gs, FALSE, format, ap); +string_from_gstring(&gs); DEBUG(D_receive) { void *reset_point = store_get(0); uschar *msg_copy, *cr, *end; - msg_copy = string_copy(big_buffer); - end = msg_copy + Ustrlen(msg_copy); + msg_copy = string_copy(gs.s); + end = msg_copy + gs.ptr; while ((cr = Ustrchr(msg_copy, '\r')) != NULL) /* lose CRs */ - memmove(cr, cr + 1, (end--) - cr); + memmove(cr, cr + 1, (end--) - cr); debug_printf("SMTP>> %s", msg_copy); store_reset(reset_point); } @@ -957,13 +948,13 @@ if (fl.rcpt_in_progress) #ifdef SUPPORT_TLS if (tls_in.active.sock >= 0) { - if (tls_write(NULL, big_buffer, Ustrlen(big_buffer), more) < 0) + if (tls_write(NULL, gs.s, gs.ptr, more) < 0) smtp_write_error = -1; } else #endif -if (fprintf(smtp_out, "%s", big_buffer) < 0) smtp_write_error = -1; +if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; } @@ -1579,7 +1570,6 @@ smtp_read_command(BOOL check_sync, unsigned buffer_lim) { int c; int ptr = 0; -smtp_cmd_list *p; BOOL hadnull = FALSE; had_command_timeout = 0; @@ -1624,7 +1614,7 @@ if (hadnull) return BADCHAR_CMD; to the start of the actual data characters. Check for SMTP synchronization if required. */ -for (p = cmd_list; p < cmd_list_end; p++) +for (smtp_cmd_list * p = cmd_list; p < cmd_list_end; p++) { #ifdef SUPPORT_PROXY /* Only allow QUIT command if Proxy Protocol parsing failed */ @@ -1775,7 +1765,7 @@ if (f.sender_host_unknown || f.sender_host_notsocket) if (f.is_inetd) return string_sprintf("SMTP connection from %s (via inetd)", hostname); -if (LOGGING(incoming_interface) && interface_address != NULL) +if (LOGGING(incoming_interface) && interface_address) return string_sprintf("SMTP connection from %s I=[%s]:%d", hostname, interface_address, interface_port); @@ -1822,7 +1812,6 @@ Returns: nothing void smtp_log_no_mail(void) { -int i; uschar * sep, * s; gstring * g = NULL; @@ -1841,14 +1830,14 @@ g = s_tlslog(g); sep = smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE ? US" C=..." : US" C="; -for (i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++) +for (int i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++) if (smtp_connection_had[i] != SCH_NONE) { g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]); sep = US","; } -for (i = 0; i < smtp_ch_index; i++) +for (int i = 0; i < smtp_ch_index; i++) { g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]); sep = US","; @@ -1867,15 +1856,14 @@ log_write(0, LOG_MAIN, "no MAIL in %sSMTP connection from %s D=%s%s", uschar * smtp_cmd_hist(void) { -int i; gstring * list = NULL; uschar * s; -for (i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++) +for (int i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++) if (smtp_connection_had[i] != SCH_NONE) list = string_append_listele(list, ',', smtp_names[smtp_connection_had[i]]); -for (i = 0; i < smtp_ch_index; i++) +for (int i = 0; i < smtp_ch_index; i++) list = string_append_listele(list, ',', smtp_names[smtp_connection_had[i]]); s = string_from_gstring(list); @@ -2082,7 +2070,6 @@ f.dkim_disable_verify = FALSE; dkim_collect_input = 0; dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL; dkim_key_length = 0; -dkim_verify_signers = US"$dkim_signers"; #endif #ifdef EXPERIMENTAL_DMARC f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE; @@ -2479,9 +2466,6 @@ tls_in.ourcert = tls_in.peercert = NULL; tls_in.sni = NULL; tls_in.ocsp = OCSP_NOT_REQ; fl.tls_advertised = FALSE; -# ifdef EXPERIMENTAL_REQUIRETLS -fl.requiretls_advertised = FALSE; -# endif #endif fl.dsn_advertised = FALSE; #ifdef SUPPORT_I18N @@ -2648,7 +2632,7 @@ if (!f.sender_host_unknown) { uschar *p = big_buffer; uschar *pend = big_buffer + big_buffer_size; - uschar *opt, *adptr; + uschar *adptr; int optcount; struct in_addr addr; @@ -2665,9 +2649,7 @@ if (!f.sender_host_unknown) Ustrcpy(p, "IP options on incoming call:"); p += Ustrlen(p); - for (opt = optstart; opt != NULL && - opt < US (ipopt) + optlen;) - { + for (uschar * opt = optstart; opt && opt < US (ipopt) + optlen; ) switch (*opt) { case IPOPT_EOL: @@ -2715,18 +2697,16 @@ if (!f.sender_host_unknown) default: { - int i; if (pend - p < 4 + 3*opt[1]) { opt = NULL; break; } Ustrcat(p, "[ "); p += 2; - for (i = 0; i < opt[1]; i++) + for (int i = 0; i < opt[1]; i++) p += sprintf(CS p, "%2.2x ", opt[i]); *p++ = ']'; } opt += opt[1]; break; } - } *p = 0; log_write(0, LOG_MAIN, "%s", big_buffer); @@ -3483,7 +3463,7 @@ int rc; uschar *user_msg = NULL; uschar *log_msg = NULL; -/* Check for recursive acll */ +/* Check for recursive call */ if (fl.smtp_exit_function_called) { @@ -3508,9 +3488,7 @@ if (acl_smtp_notquit && reason) tls_in.active.sock = -1; /* Write an SMTP response if we are expected to give one. As the default -responses are all internal, they should always fit in the buffer, but code a -warning, just in case. Note that string_vformat() still leaves a complete -string, even if it is incomplete. */ +responses are all internal, they should be reasonable size. */ if (code && defaultrespond) { @@ -3518,13 +3496,13 @@ if (code && defaultrespond) smtp_respond(code, 3, TRUE, user_msg); else { - uschar buffer[128]; + gstring * g; va_list ap; + va_start(ap, defaultrespond); - if (!string_vformat(buffer, sizeof(buffer), CS defaultrespond, ap)) - log_write(0, LOG_MAIN|LOG_PANIC, "string too large in smtp_notquit_exit()"); - smtp_printf("%s %s\r\n", FALSE, code, buffer); + g = string_vformat(NULL, TRUE, CS defaultrespond, ap); va_end(ap); + smtp_printf("%s %s\r\n", FALSE, code, string_from_gstring(g)); } mac_smtp_fflush(); } @@ -3629,33 +3607,25 @@ else if (!f.helo_verified) { int rc; - host_item h; - dnssec_domains d; - host_item *hh; - - h.name = sender_helo_name; - h.address = NULL; - h.mx = MX_NONE; - h.next = NULL; - d.request = US"*"; - d.require = US""; + host_item h = + {.name = sender_helo_name, .address = NULL, .mx = MX_NONE, .next = NULL}; + dnssec_domains d = + {.request = US"*", .require = US""}; HDEBUG(D_receive) debug_printf("getting IP address for %s\n", sender_helo_name); rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA, NULL, NULL, NULL, &d, NULL, NULL); if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL) - for (hh = &h; hh; hh = hh->next) + for (host_item * hh = &h; hh; hh = hh->next) if (Ustrcmp(hh->address, sender_host_address) == 0) { f.helo_verified = TRUE; if (h.dnssec == DS_YES) sender_helo_dnssec = TRUE; HDEBUG(D_receive) - { debug_printf("IP address for %s matches calling address\n" "Forward DNS security status: %sverified\n", sender_helo_name, sender_helo_dnssec ? "" : "un"); - } break; } } @@ -3698,7 +3668,7 @@ static int smtp_in_auth(auth_instance *au, uschar ** s, uschar ** ss) { const uschar *set_id = NULL; -int rc, i; +int rc; /* Run the checking code, passing the remainder of the command line as data. Initials the $auth variables as empty. Initialize $0 empty and set @@ -3712,14 +3682,14 @@ userid. On success, require set_id to expand and exist, and put it in authenticated_id. Save this in permanent store, as the working store gets reset at HELO, RSET, etc. */ -for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; +for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; expand_nmax = 0; expand_nlength[0] = 0; /* $0 contains nothing */ rc = (au->info->servercode)(au, smtp_cmd_data); if (au->set_id) set_id = expand_string(au->set_id); expand_nmax = -1; /* Reset numeric variables */ -for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth */ +for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth */ /* The value of authenticated_id is stored in the spool file and printed in log lines. It must not contain binary zeros or newline characters. In @@ -3839,6 +3809,11 @@ if (acl_smtp_quit) log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s", *log_msgp); } + +#ifdef TCP_CORK +(void) setsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_CORK, US &on, sizeof(on)); +#endif + if (*user_msgp) smtp_respond(US"221", 3, TRUE, *user_msgp); else @@ -3949,7 +3924,6 @@ while (done <= 0) int start, end, sender_domain, recipient_domain; int rc; int c; - auth_instance *au; uschar *orcpt = NULL; int dsn_flags; gstring * g; @@ -3964,7 +3938,7 @@ while (done <= 0) { cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = FALSE; - for (au = auths; au; au = au->next) + for (auth_instance * au = auths; au; au = au->next) if (strcmpic(US"tls", au->driver_name) == 0) { if ( acl_smtp_auth @@ -4076,23 +4050,26 @@ while (done <= 0) as a server and which has been advertised (unless, sigh, allow_auth_ unadvertised is set). */ - for (au = auths; au; au = au->next) - if (strcmpic(s, au->public_name) == 0 && au->server && - (au->advertised || f.allow_auth_unadvertised)) - break; - - if (au) { - c = smtp_in_auth(au, &s, &ss); + auth_instance * au; + for (au = auths; au; au = au->next) + if (strcmpic(s, au->public_name) == 0 && au->server && + (au->advertised || f.allow_auth_unadvertised)) + break; - smtp_printf("%s\r\n", FALSE, s); - if (c != OK) - log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s", - au->name, host_and_ident(FALSE), ss); + if (au) + { + c = smtp_in_auth(au, &s, &ss); + + smtp_printf("%s\r\n", FALSE, s); + if (c != OK) + log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s", + au->name, host_and_ident(FALSE), ss); + } + else + done = synprot_error(L_smtp_protocol_error, 504, NULL, + string_sprintf("%s authentication mechanism not supported", s)); } - else - done = synprot_error(L_smtp_protocol_error, 504, NULL, - string_sprintf("%s authentication mechanism not supported", s)); break; /* AUTH_CMD */ @@ -4169,9 +4146,8 @@ while (done <= 0) because otherwise the log can be confusing. */ if ( !sender_host_name - && (deliver_domain = sender_helo_name, /* set $domain */ - match_isinlist(sender_helo_name, CUSS &helo_lookup_domains, 0, - &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL)) == OK) + && match_isinlist(sender_helo_name, CUSS &helo_lookup_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK) (void)host_name_lookup(); /* Rebuild the fullhost info to include the HELO name (and the real name @@ -4248,9 +4224,6 @@ while (done <= 0) f.smtp_in_pipelining_advertised = FALSE; #ifdef SUPPORT_TLS fl.tls_advertised = FALSE; -# ifdef EXPERIMENTAL_REQUIRETLS - fl.requiretls_advertised = FALSE; -# endif #endif fl.dsn_advertised = FALSE; #ifdef SUPPORT_I18N @@ -4260,20 +4233,15 @@ while (done <= 0) smtp_code = US"250 "; /* Default response code plus space*/ if (!user_msg) { - s = string_sprintf("%.3s %s Hello %s%s%s", + g = string_fmt_append(NULL, "%.3s %s Hello %s%s%s", smtp_code, smtp_active_hostname, sender_ident ? sender_ident : US"", sender_ident ? US" at " : US"", sender_host_name ? sender_host_name : sender_helo_name); - g = string_cat(NULL, s); if (sender_host_address) - { - g = string_catn(g, US" [", 2); - g = string_cat (g, sender_host_address); - g = string_catn(g, US"]", 1); - } + g = string_fmt_append(g, " [%s]", sender_host_address); } /* A user-supplied EHLO greeting may not contain more than one line. Note @@ -4311,11 +4279,8 @@ while (done <= 0) till then, VRFY and EXPN can be used after EHLO when space is short. */ if (thismessage_size_limit > 0) - { - sprintf(CS big_buffer, "%.3s-SIZE %d\r\n", smtp_code, + g = string_fmt_append(g, "%.3s-SIZE %d\r\n", smtp_code, thismessage_size_limit); - g = string_cat(g, big_buffer); - } else { g = string_catn(g, smtp_code, 3); @@ -4401,9 +4366,8 @@ while (done <= 0) && verify_check_host(&auth_advertise_hosts) == OK ) { - auth_instance *au; BOOL first = TRUE; - for (au = auths; au; au = au->next) + for (auth_instance * au = auths; au; au = au->next) { au->advertised = FALSE; if (au->server) @@ -4459,17 +4423,6 @@ while (done <= 0) g = string_catn(g, US"-STARTTLS\r\n", 11); fl.tls_advertised = TRUE; } - -# ifdef EXPERIMENTAL_REQUIRETLS - /* Advertise REQUIRETLS only once we are in a secure connection */ - if ( tls_in.active.sock >= 0 - && verify_check_host(&tls_advertise_requiretls) != FAIL) - { - g = string_catn(g, smtp_code, 3); - g = string_catn(g, US"-REQUIRETLS\r\n", 13); - fl.requiretls_advertised = TRUE; - } -# endif #endif #ifndef DISABLE_PRDR @@ -4794,28 +4747,6 @@ while (done <= 0) break; #endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - case ENV_MAIL_OPT_REQTLS: - { - uschar * r, * t; - - if (!fl.requiretls_advertised) - { - done = synprot_error(L_smtp_syntax_error, 555, NULL, - US"unadvertised MAIL option: REQUIRETLS"); - goto COMMAND_LOOP; - } - - DEBUG(D_receive) debug_printf("requiretls requested\n"); - tls_requiretls = REQUIRETLS_MSG; - - r = string_copy_malloc(received_protocol); - if ((t = Ustrrchr(r, 's'))) *t = 'S'; - received_protocol = r; - } - break; -#endif - /* No valid option. Stick back the terminator characters and break the loop. Do the name-terminator second as extract_option sets value==name when it found no equal-sign. @@ -4833,17 +4764,6 @@ while (done <= 0) if (arg_error) break; } -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - if (tls_requiretls & REQUIRETLS_MSG) - { - /* Ensure headers-only bounces whether a RET option was given or not. */ - - DEBUG(D_receive) if (dsn_ret == dsn_ret_full) - debug_printf("requiretls override: dsn_ret_full -> dsn_ret_hdrs\n"); - dsn_ret = dsn_ret_hdrs; - } -#endif - /* If we have passed the threshold for rate limiting, apply the current delay, and update it for next time, provided this is a limited host. */