{ "dkim_verify_minimal", opt_bool, &dkim_verify_minimal },
{ "dkim_verify_signers", opt_stringptr, &dkim_verify_signers },
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
{ "dmarc_forensic_sender", opt_stringptr, &dmarc_forensic_sender },
{ "dmarc_history_file", opt_stringptr, &dmarc_history_file },
{ "dmarc_tld_file", opt_stringptr, &dmarc_tld_file },
#endif
{ "pid_file_path", opt_stringptr, &pid_file_path },
{ "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts },
-#ifdef SUPPORT_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
{ "pipelining_connect_advertise_hosts", opt_stringptr,
&pipe_connect_advertise_hosts },
#endif
spf(buf, sizeof(buf), US"_DRIVER_AUTHENTICATOR_%T", ai->driver_name);
builtin_macro_create(buf);
options_from_list(ai->options, (unsigned)*ai->options_count, US"AUTHENTICATOR", ai->driver_name);
+
+ if (ai->macros_create) (ai->macros_create)();
}
}
} syslog_fac_item;
/* constants */
-static const char * const hidden = "<value not displayable>";
+static const uschar * const hidden = US"<value not displayable>";
/* Static variables */
if (!f.admin_user && ol->type & opt_secure)
{
if (no_labels)
- printf("%s\n", hidden);
+ printf("%s\n", CCS hidden);
else
- printf("%s = %s\n", name, hidden);
+ printf("%s = %s\n", name, CCS hidden);
return TRUE;
}
for (int i = 0; i < 4; i++)
if ((t = tree_search(*(anchors[i]), name+1)))
{
+ namedlist_block * nb = t->data.ptr;
+ const uschar * s = nb->hide ? hidden : nb->string;
found = TRUE;
if (no_labels)
- printf("%s\n", ((namedlist_block *)(t->data.ptr))->string);
+ printf("%s\n", CCS s);
else
- printf("%slist %s = %s\n", types[i], name+1,
- ((namedlist_block *)(t->data.ptr))->string);
+ printf("%slist %s = %s\n", types[i], name+1, CCS s);
}
if (!found)
s the text of the option line, starting immediately after the name
of the list type
tname the name of the list type, for messages
+ hide do not output value on "-bP"
Returns: nothing
*/
static void
read_named_list(tree_node **anchorp, int *numberp, int max, uschar *s,
- uschar *tname)
+ uschar *tname, BOOL hide)
{
BOOL forcecache = FALSE;
uschar *ss;
tree_node *t;
-namedlist_block *nb = store_get(sizeof(namedlist_block), FALSE);
+namedlist_block * nb = store_get(sizeof(namedlist_block), FALSE);
if (Ustrncmp(s, "_cache", 6) == 0)
{
t->data.ptr = nb;
nb->number = *numberp;
*numberp += 1;
+nb->hide = hide;
if (*s++ != '=') log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
"missing '=' after \"%s\"", t->name);
-/*************************************************
-* Drop privs for checking TLS config *
-*************************************************/
-
-/* We want to validate TLS options during readconf, but do not want to be
-root when we call into the TLS library, in case of library linkage errors
-which cause segfaults; before this check, those were always done as the Exim
-runtime user and it makes sense to continue with that.
-
-Assumes: tls_require_ciphers has been set, if it will be
- exim_user has been set, if it will be
- exim_group has been set, if it will be
-
-Returns: bool for "okay"; false will cause caller to immediately exit.
-*/
-
-#ifndef DISABLE_TLS
-static BOOL
-tls_dropprivs_validate_require_cipher(BOOL nowarn)
-{
-const uschar *errmsg;
-pid_t pid;
-int rc, status;
-void (*oldsignal)(int);
-
-/* If TLS will never be used, no point checking ciphers */
-
-if ( !tls_advertise_hosts
- || !*tls_advertise_hosts
- || Ustrcmp(tls_advertise_hosts, ":") == 0
- )
- return TRUE;
-else if (!nowarn && !tls_certificate)
- log_write(0, LOG_MAIN,
- "Warning: No server certificate defined; will use a selfsigned one.\n"
- " Suggested action: either install a certificate or change tls_advertise_hosts option");
-
-oldsignal = signal(SIGCHLD, SIG_DFL);
-
-fflush(NULL);
-if ((pid = fork()) < 0)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check");
-
-if (pid == 0)
- {
- /* in some modes, will have dropped privilege already */
- if (!geteuid())
- exim_setugid(exim_uid, exim_gid, FALSE,
- US"calling tls_validate_require_cipher");
-
- if ((errmsg = tls_validate_require_cipher()))
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
- "tls_require_ciphers invalid: %s", errmsg);
- fflush(NULL);
- exim_underbar_exit(0);
- }
-
-do {
- rc = waitpid(pid, &status, 0);
-} while (rc < 0 && errno == EINTR);
-
-DEBUG(D_tls)
- debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n",
- (int)pid, status);
-
-signal(SIGCHLD, oldsignal);
-
-return status == 0;
-}
-#endif /*DISABLE_TLS*/
-
-
-
-
/*************************************************
* Read main configuration options *
*************************************************/
}
}
-/* Do a dummy store-allocation of a size related to the (toplevel) file size.
-This assumes we will need this much storage to handle all the allocations
-during startup; it won't help when .include is being used. When it does, it
-will cut down on the number of store blocks (and malloc calls, and sbrk
-syscalls). It also assume we're on the relevant pool. */
-
-if (statbuf.st_size > 8192)
- {
- rmark r = store_mark();
- void * dummy = store_get((int)statbuf.st_size, FALSE);
- store_reset(r);
- }
-
/* Process the main configuration settings. They all begin with a lower case
letter. If we see something starting with an upper case letter, it is taken as
a macro definition. */
while ((s = get_config_line()))
{
+ BOOL hide;
+ uschar * t;
+
if (config_lineno == 1 && Ustrstr(s, "\xef\xbb\xbf") == s)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
"found unexpected BOM (Byte Order Mark)");
- if (isupper(s[0]))
- { if (!macro_read_assignment(s)) exim_exit(EXIT_FAILURE, US""); }
+ if (isupper(*s))
+ {
+ if (!macro_read_assignment(s)) exim_exit(EXIT_FAILURE, US"");
+ continue;
+ }
+
+ t = (hide = Ustrncmp(s, "hide", 4) == 0 && isspace(s[4])) ? s + 5 : s;
- else if (Ustrncmp(s, "domainlist", 10) == 0)
+ if (Ustrncmp(t, "domainlist", 10) == 0)
read_named_list(&domainlist_anchor, &domainlist_count,
- MAX_NAMED_LIST, s+10, US"domain list");
+ MAX_NAMED_LIST, t+10, US"domain list", hide);
- else if (Ustrncmp(s, "hostlist", 8) == 0)
+ else if (Ustrncmp(t, "hostlist", 8) == 0)
read_named_list(&hostlist_anchor, &hostlist_count,
- MAX_NAMED_LIST, s+8, US"host list");
+ MAX_NAMED_LIST, t+8, US"host list", hide);
- else if (Ustrncmp(s, US"addresslist", 11) == 0)
+ else if (Ustrncmp(t, US"addresslist", 11) == 0)
read_named_list(&addresslist_anchor, &addresslist_count,
- MAX_NAMED_LIST, s+11, US"address list");
+ MAX_NAMED_LIST, t+11, US"address list", hide);
- else if (Ustrncmp(s, US"localpartlist", 13) == 0)
+ else if (Ustrncmp(t, US"localpartlist", 13) == 0)
read_named_list(&localpartlist_anchor, &localpartlist_count,
- MAX_NAMED_LIST, s+13, US"local part list");
+ MAX_NAMED_LIST, t+13, US"local part list", hide);
else
(void) readconf_handle_option(s, optionlist_config, optionlist_config_size,
"tls_%sverify_hosts is set, but tls_verify_certificates is not set",
tls_verify_hosts ? "" : "try_");
-/* This also checks that the library linkage is working and we can call
-routines in it, so call even if tls_require_ciphers is unset */
-if (!tls_dropprivs_validate_require_cipher(nowarn))
- exit(1);
-
/* Magic number: at time of writing, 1024 has been the long-standing value
used by so many clients, and what Exim used to use always, that it makes
sense to just min-clamp this max-clamp at that. */
driver_instance *d = NULL;
uschar *buffer;
-while ((buffer = get_config_line()) != NULL)
+while ((buffer = get_config_line()))
{
uschar name[64];
uschar *s;
if (!d->driver_name)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
"no driver defined for %s \"%s\"", class, d->name);
+ /* s is using big_buffer, so this call had better not */
(d->info->init)(d);
d = NULL;
}
static void
auths_init(void)
{
-#ifdef SUPPORT_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
int nauths = 0;
#endif
"(%s and %s) have the same public name (%s)",
au->client ? US"client" : US"server", au->name, bu->name,
au->public_name);
-#ifdef SUPPORT_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
nauths++;
#endif
}
-#ifdef SUPPORT_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
f.smtp_in_early_pipe_no_auth = nauths > 16;
#endif
}
uschar *p;
while ((p = get_config_line()))
- {
(void) readconf_handle_option(p, local_scan_options, local_scan_options_count,
NULL, US"local_scan option \"%s\" unknown");
- }
#endif
}
if ((p = Ustrchr(current, '=')))
{
*p = '\0';
- printf("%*s%s= %s\n", indent, "", current, hidden);
+ printf("%*s%s= %s\n", indent, "", current, CCS hidden);
}
/* e.g.: hide split_spool_directory */
else
- printf("%*s\n", indent, hidden);
+ printf("%*s\n", indent, CCS hidden);
}
else