X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=27121616d6c5123332699736f03508ca05e13313;hb=e7a1b6ff65f1bebbc290f2a4fd7554fde00ae2f6;hp=678ee6315bb78096fe113fdd08c564a687a44630;hpb=bf7aabb41b04efb076bed9de84b15b03f3006073;p=exim.git

diff --git a/src/src/verify.c b/src/src/verify.c
index 678ee6315..27121616d 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -70,7 +70,7 @@ cache_record = dbfn_read_with_length(dbm_file, key, &length);
 
 if (cache_record == NULL)
   {
-  HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
+  HDEBUG(D_verify) debug_printf("callout cache: no %s record found for %s\n", type, key);
   return NULL;
   }
 
@@ -84,7 +84,7 @@ now = time(NULL);
 
 if (now - cache_record->time_stamp > expire)
   {
-  HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
+  HDEBUG(D_verify) debug_printf("callout cache: %s record expired for %s\n", type, key);
   return NULL;
   }
 
@@ -111,7 +111,7 @@ if (type[0] == 'd' && cache_record->result != ccache_reject)
     cache_record->random_result = ccache_unknown;
   }
 
-HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
+HDEBUG(D_verify) debug_printf("callout cache: found %s record for %s\n", type, key);
 return cache_record;
 }
 
@@ -173,6 +173,9 @@ dbdata_callout_cache new_domain_record;
 dbdata_callout_cache_address new_address_record;
 host_item *host;
 time_t callout_start_time;
+#ifdef EXPERIMENTAL_INTERNATIONAL
+BOOL utf8_offered = FALSE;
+#endif
 
 new_domain_record.result = ccache_unknown;
 new_domain_record.postmaster_result = ccache_unknown;
@@ -920,6 +923,40 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
         }
       }
 
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    else if (  addr->prop.utf8_msg
+	    && !addr->prop.utf8_downcvt
+	    && !(  esmtp
+		&& (  regex_UTF8
+		   || ( (regex_UTF8 = regex_must_compile(
+			  US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE)),
+		      TRUE
+		   )  )
+		&& (  (utf8_offered = pcre_exec(regex_UTF8, NULL,
+			    CS responsebuffer, Ustrlen(responsebuffer),
+			    0, PCRE_EOPT, NULL, 0) >= 0)
+		   || addr->prop.utf8_downcvt_maybe
+	    )   )  )
+      {
+      HDEBUG(D_acl|D_v) debug_printf("utf8 required but not offered\n");
+      errno = ERRNO_UTF8_FWD;
+      setflag(addr, af_verify_nsfail);
+      done = FALSE;
+      }
+    else if (  addr->prop.utf8_msg
+	    && (addr->prop.utf8_downcvt || !utf8_offered)
+	    && (setflag(addr, af_utf8_downcvt),
+	        from_address = string_address_utf8_to_alabel(from_address,
+				      &addr->message),
+		addr->message
+	    )  )
+      {
+      errno = ERRNO_EXPANDFAIL;
+      setflag(addr, af_verify_nsfail);
+      done = FALSE;
+      }
+#endif
+
     /* If we haven't authenticated, but are required to, give up. */
     /* Try to AUTH */
 
@@ -937,7 +974,13 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
       ( (addr->auth_sndr = client_authenticated_sender),
 
     /* Send the MAIL command */
-        (smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n",
+        (smtp_write_command(&outblock, FALSE,
+#ifdef EXPERIMENTAL_INTERNATIONAL
+	  addr->prop.utf8_msg && !addr->prop.utf8_downcvt
+	  ? "MAIL FROM:<%s>%s SMTPUTF8\r\n"
+	  :
+#endif
+	    "MAIL FROM:<%s>%s\r\n",
           from_address, responsebuffer) >= 0)
       )  &&
 
@@ -976,6 +1019,23 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 
     else
       {
+      const uschar * rcpt_domain = addr->domain;
+
+#ifdef EXPERIMENTAL_INTERNATIONAL
+      uschar * errstr = NULL;
+      if (  testflag(addr, af_utf8_downcvt)
+	 && (rcpt_domain = string_domain_utf8_to_alabel(rcpt_domain,
+				    &errstr), errstr)
+	 )
+	{
+	addr->message = errstr;
+	errno = ERRNO_EXPANDFAIL;
+	setflag(addr, af_verify_nsfail);
+	done = FALSE;
+	rcpt_domain = US"";  /*XXX errorhandling! */
+	}
+#endif
+
       new_domain_record.result =
         (old_domain_cache_result == ccache_reject_mfnull)?
           ccache_reject_mfnull: ccache_accept;
@@ -988,7 +1048,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
         BOOL random_ok =
           smtp_write_command(&outblock, FALSE,
             "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
-            addr->domain) >= 0 &&
+            rcpt_domain) >= 0 &&
           smtp_read_response(&inblock, randombuffer,
             sizeof(randombuffer), '2', callout);
 
@@ -1022,7 +1082,13 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
             smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
               '2', callout) &&
 
-            smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
+            smtp_write_command(&outblock, FALSE,
+#ifdef EXPERIMENTAL_INTERNATIONAL
+	      addr->prop.utf8_msg && !addr->prop.utf8_downcvt
+	      ? "MAIL FROM:<%s> SMTPUTF8\r\n"
+	      :
+#endif
+	        "MAIL FROM:<%s>\r\n",
               from_address) >= 0 &&
             smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
               '2', callout);
@@ -1054,11 +1120,27 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
         /* Get the rcpt_include_affixes flag from the transport if there is one,
         but assume FALSE if there is not. */
 
+	uschar * rcpt = transport_rcpt_address(addr,
+              addr->transport ? addr->transport->rcpt_include_affixes : FALSE);
+
+#ifdef EXPERIMENTAL_INTERNATIONAL
+	/*XXX should the conversion be moved into transport_rcpt_address() ? */
+	uschar * dummy_errstr = NULL;
+	if (  testflag(addr, af_utf8_downcvt)
+	   && (rcpt = string_address_utf8_to_alabel(rcpt, &dummy_errstr),
+	       dummy_errstr
+	   )  )
+	{
+	errno = ERRNO_EXPANDFAIL;
+	*failure_ptr = US"recipient";
+	done = FALSE;
+	}
+	else
+#endif
+
         done =
           smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
-            transport_rcpt_address(addr,
-              (addr->transport == NULL)? FALSE :
-               addr->transport->rcpt_include_affixes)) >= 0 &&
+            rcpt) >= 0 &&
           smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
             '2', callout);
 
@@ -1095,7 +1177,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 
             ((
             smtp_write_command(&outblock, FALSE,
-              "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
+              "RCPT TO:<postmaster@%.1000s>\r\n", rcpt_domain) >= 0 &&
             smtp_read_response(&inblock, responsebuffer,
               sizeof(responsebuffer), '2', callout)
             )
@@ -1146,6 +1228,21 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
         HDEBUG(D_verify) debug_printf("SMTP timeout\n");
         send_quit = FALSE;
         }
+#ifdef EXPERIMENTAL_INTERNATIONAL
+      else if (errno == ERRNO_UTF8_FWD)
+	{
+	extern int acl_where;	/* src/acl.c */
+	errno = 0;
+	addr->message = string_sprintf(
+	    "response to \"%s\" from %s [%s] did not include SMTPUTF8",
+            big_buffer, host->name, host->address);
+        addr->user_message = acl_where == ACL_WHERE_RCPT
+	  ? US"533 mailbox name not allowed"
+	  : US"550 mailbox unavailable";
+	yield = FAIL;
+	done = TRUE;
+	}
+#endif
       else if (errno == 0)
         {
         if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
@@ -1616,7 +1713,7 @@ if (addr != vaddr)
   vaddr->user_message = addr->user_message;
   vaddr->basic_errno = addr->basic_errno;
   vaddr->more_errno = addr->more_errno;
-  vaddr->p.address_data = addr->p.address_data;
+  vaddr->prop.address_data = addr->prop.address_data;
   copyflag(vaddr, addr, af_pass_message);
   }
 return yield;
@@ -1877,8 +1974,8 @@ while (addr_new != NULL)
 
   /* Just in case some router parameter refers to it. */
 
-  return_path = (addr->p.errors_address != NULL)?
-    addr->p.errors_address : sender_address;
+  return_path = (addr->prop.errors_address != NULL)?
+    addr->prop.errors_address : sender_address;
 
   /* Split the address into domain and local part, handling the %-hack if
   necessary, and then route it. While routing a sender address, set
@@ -2171,7 +2268,7 @@ while (addr_new != NULL)
       /* If we have carried on to verify a child address, we want the value
       of $address_data to be that of the child */
 
-      vaddr->p.address_data = addr->p.address_data;
+      vaddr->prop.address_data = addr->prop.address_data;
       yield = OK;
       goto out;
       }
@@ -2203,8 +2300,8 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
 
     fprintf(f, "%s", CS addr->address);
 #ifdef EXPERIMENTAL_SRS
-    if(addr->p.srs_sender)
-      fprintf(f, "    [srs = %s]", addr->p.srs_sender);
+    if(addr->prop.srs_sender)
+      fprintf(f, "    [srs = %s]", addr->prop.srs_sender);
 #endif
 
     /* If the address is a duplicate, show something about it. */
@@ -2267,6 +2364,11 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
         while (len++ < maxaddlen) fprintf(f," ");
         if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
         if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
+#ifndef DISABLE_DNSSEC
+          fprintf(f, " ad=%s", h->dnssec==DS_YES ? "yes" : "no");
+#else
+          fprintf(f, " ad=no");
+#endif
         if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
         fprintf(f, "\n");
         }
@@ -3517,13 +3619,13 @@ if (t == NULL)
     dns_record *rr;
     dns_address **addrp = &(cb->rhs);
     for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
-         rr != NULL;
+         rr;
          rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
       {
       if (rr->type == T_A)
         {
         dns_address *da = dns_address_from_rr(&dnsa, rr);
-        if (da != NULL)
+        if (da)
           {
           *addrp = da;
           while (da->next != NULL) da = da->next;