*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
before the lower case letters). Some live in the transport_instance block so as
to be publicly visible; these are flagged with opt_public. */
+#define LOFF(field) OPT_OFF(smtp_transport_options_block, field)
+
optionlist smtp_transport_options[] = {
{ "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
- (void *)offsetof(transport_instance, expand_multi_domain) },
+ OPT_OFF(transport_instance, expand_multi_domain) },
{ "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
- (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
+ LOFF(expand_retry_include_ip_address) },
{ "address_retry_include_sender", opt_bool,
- (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
- { "allow_localhost", opt_bool,
- (void *)offsetof(smtp_transport_options_block, allow_localhost) },
+ LOFF(address_retry_include_sender) },
+ { "allow_localhost", opt_bool, LOFF(allow_localhost) },
#ifdef EXPERIMENTAL_ARC
- { "arc_sign", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, arc_sign) },
-#endif
- { "authenticated_sender", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
- { "authenticated_sender_force", opt_bool,
- (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
- { "command_timeout", opt_time,
- (void *)offsetof(smtp_transport_options_block, command_timeout) },
- { "connect_timeout", opt_time,
- (void *)offsetof(smtp_transport_options_block, connect_timeout) },
+ { "arc_sign", opt_stringptr, LOFF(arc_sign) },
+#endif
+ { "authenticated_sender", opt_stringptr, LOFF(authenticated_sender) },
+ { "authenticated_sender_force", opt_bool, LOFF(authenticated_sender_force) },
+ { "command_timeout", opt_time, LOFF(command_timeout) },
+ { "connect_timeout", opt_time, LOFF(connect_timeout) },
{ "connection_max_messages", opt_int | opt_public,
- (void *)offsetof(transport_instance, connection_max_messages) },
+ OPT_OFF(transport_instance, connection_max_messages) },
# ifdef SUPPORT_DANE
- { "dane_require_tls_ciphers", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
+ { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
# endif
- { "data_timeout", opt_time,
- (void *)offsetof(smtp_transport_options_block, data_timeout) },
- { "delay_after_cutoff", opt_bool,
- (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
+ { "data_timeout", opt_time, LOFF(data_timeout) },
+ { "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },
#ifndef DISABLE_DKIM
- { "dkim_canon", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
- { "dkim_domain", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
- { "dkim_hash", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
- { "dkim_identity", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
- { "dkim_private_key", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
- { "dkim_selector", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
- { "dkim_sign_headers", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
- { "dkim_strict", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
- { "dkim_timestamps", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
-#endif
- { "dns_qualify_single", opt_bool,
- (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
- { "dns_search_parents", opt_bool,
- (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
- { "dnssec_request_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec.request) },
- { "dnssec_require_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec.require) },
- { "dscp", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dscp) },
- { "fallback_hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
- { "final_timeout", opt_time,
- (void *)offsetof(smtp_transport_options_block, final_timeout) },
- { "gethostbyname", opt_bool,
- (void *)offsetof(smtp_transport_options_block, gethostbyname) },
- { "helo_data", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, helo_data) },
- { "hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts) },
- { "hosts_avoid_esmtp", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
- { "hosts_avoid_pipelining", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
+ { "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },
+ { "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },
+ { "dkim_hash", opt_stringptr, LOFF(dkim.dkim_hash) },
+ { "dkim_identity", opt_stringptr, LOFF(dkim.dkim_identity) },
+ { "dkim_private_key", opt_stringptr, LOFF(dkim.dkim_private_key) },
+ { "dkim_selector", opt_stringptr, LOFF(dkim.dkim_selector) },
+ { "dkim_sign_headers", opt_stringptr, LOFF(dkim.dkim_sign_headers) },
+ { "dkim_strict", opt_stringptr, LOFF(dkim.dkim_strict) },
+ { "dkim_timestamps", opt_stringptr, LOFF(dkim.dkim_timestamps) },
+#endif
+ { "dns_qualify_single", opt_bool, LOFF(dns_qualify_single) },
+ { "dns_search_parents", opt_bool, LOFF(dns_search_parents) },
+ { "dnssec_request_domains", opt_stringptr, LOFF(dnssec.request) },
+ { "dnssec_require_domains", opt_stringptr, LOFF(dnssec.require) },
+ { "dscp", opt_stringptr, LOFF(dscp) },
+ { "fallback_hosts", opt_stringptr, LOFF(fallback_hosts) },
+ { "final_timeout", opt_time, LOFF(final_timeout) },
+ { "gethostbyname", opt_bool, LOFF(gethostbyname) },
+ { "helo_data", opt_stringptr, LOFF(helo_data) },
+ { "hosts", opt_stringptr, LOFF(hosts) },
+ { "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
+ { "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
#ifndef DISABLE_TLS
- { "hosts_avoid_tls", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
+ { "hosts_avoid_tls", opt_stringptr, LOFF(hosts_avoid_tls) },
#endif
- { "hosts_max_try", opt_int,
- (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
- { "hosts_max_try_hardlimit", opt_int,
- (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
+ { "hosts_max_try", opt_int, LOFF(hosts_max_try) },
+ { "hosts_max_try_hardlimit", opt_int, LOFF(hosts_max_try_hardlimit) },
#ifndef DISABLE_TLS
- { "hosts_nopass_tls", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
- { "hosts_noproxy_tls", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
+ { "hosts_nopass_tls", opt_stringptr, LOFF(hosts_nopass_tls) },
+ { "hosts_noproxy_tls", opt_stringptr, LOFF(hosts_noproxy_tls) },
#endif
- { "hosts_override", opt_bool,
- (void *)offsetof(smtp_transport_options_block, hosts_override) },
+ { "hosts_override", opt_bool, LOFF(hosts_override) },
#ifndef DISABLE_PIPE_CONNECT
- { "hosts_pipe_connect", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) },
+ { "hosts_pipe_connect", opt_stringptr, LOFF(hosts_pipe_connect) },
#endif
- { "hosts_randomize", opt_bool,
- (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
+ { "hosts_randomize", opt_bool, LOFF(hosts_randomize) },
#if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
- { "hosts_request_ocsp", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
+ { "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },
#endif
- { "hosts_require_auth", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
+ { "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },
#ifndef DISABLE_TLS
# ifdef SUPPORT_DANE
- { "hosts_require_dane", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
+ { "hosts_require_dane", opt_stringptr, LOFF(hosts_require_dane) },
# endif
# ifndef DISABLE_OCSP
- { "hosts_require_ocsp", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
+ { "hosts_require_ocsp", opt_stringptr, LOFF(hosts_require_ocsp) },
# endif
- { "hosts_require_tls", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
+ { "hosts_require_tls", opt_stringptr, LOFF(hosts_require_tls) },
#endif
- { "hosts_try_auth", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
- { "hosts_try_chunking", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
+ { "hosts_try_auth", opt_stringptr, LOFF(hosts_try_auth) },
+ { "hosts_try_chunking", opt_stringptr, LOFF(hosts_try_chunking) },
#ifdef SUPPORT_DANE
- { "hosts_try_dane", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
+ { "hosts_try_dane", opt_stringptr, LOFF(hosts_try_dane) },
#endif
- { "hosts_try_fastopen", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
+ { "hosts_try_fastopen", opt_stringptr, LOFF(hosts_try_fastopen) },
#ifndef DISABLE_PRDR
- { "hosts_try_prdr", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
+ { "hosts_try_prdr", opt_stringptr, LOFF(hosts_try_prdr) },
#endif
#ifndef DISABLE_TLS
- { "hosts_verify_avoid_tls", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
-#endif
- { "interface", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, interface) },
- { "keepalive", opt_bool,
- (void *)offsetof(smtp_transport_options_block, keepalive) },
- { "lmtp_ignore_quota", opt_bool,
- (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
+ { "hosts_verify_avoid_tls", opt_stringptr, LOFF(hosts_verify_avoid_tls) },
+#endif
+ { "interface", opt_stringptr, LOFF(interface) },
+ { "keepalive", opt_bool, LOFF(keepalive) },
+ { "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },
{ "max_rcpt", opt_int | opt_public,
- (void *)offsetof(transport_instance, max_addresses) },
+ OPT_OFF(transport_instance, max_addresses) },
{ "multi_domain", opt_expand_bool | opt_public,
- (void *)offsetof(transport_instance, multi_domain) },
- { "port", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, port) },
- { "protocol", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, protocol) },
- { "retry_include_ip_address", opt_expand_bool,
- (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
- { "serialize_hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
- { "size_addition", opt_int,
- (void *)offsetof(smtp_transport_options_block, size_addition) },
+ OPT_OFF(transport_instance, multi_domain) },
+ { "port", opt_stringptr, LOFF(port) },
+ { "protocol", opt_stringptr, LOFF(protocol) },
+ { "retry_include_ip_address", opt_expand_bool, LOFF(retry_include_ip_address) },
+ { "serialize_hosts", opt_stringptr, LOFF(serialize_hosts) },
+ { "size_addition", opt_int, LOFF(size_addition) },
#ifdef SUPPORT_SOCKS
- { "socks_proxy", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, socks_proxy) },
+ { "socks_proxy", opt_stringptr, LOFF(socks_proxy) },
#endif
#ifndef DISABLE_TLS
- { "tls_certificate", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_certificate) },
- { "tls_crl", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_crl) },
- { "tls_dh_min_bits", opt_int,
- (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
- { "tls_privatekey", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
- { "tls_require_ciphers", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
+ { "tls_certificate", opt_stringptr, LOFF(tls_certificate) },
+ { "tls_crl", opt_stringptr, LOFF(tls_crl) },
+ { "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },
+ { "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },
+ { "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },
# ifdef EXPERIMENTAL_TLS_RESUME
- { "tls_resumption_hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_resumption_hosts) },
+ { "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },
# endif
- { "tls_sni", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_sni) },
- { "tls_tempfail_tryclear", opt_bool,
- (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
- { "tls_try_verify_hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
- { "tls_verify_cert_hostnames", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
- { "tls_verify_certificates", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
- { "tls_verify_hosts", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) },
+ { "tls_sni", opt_stringptr, LOFF(tls_sni) },
+ { "tls_tempfail_tryclear", opt_bool, LOFF(tls_tempfail_tryclear) },
+ { "tls_try_verify_hosts", opt_stringptr, LOFF(tls_try_verify_hosts) },
+ { "tls_verify_cert_hostnames", opt_stringptr, LOFF(tls_verify_cert_hostnames)},
+ { "tls_verify_certificates", opt_stringptr, LOFF(tls_verify_certificates) },
+ { "tls_verify_hosts", opt_stringptr, LOFF(tls_verify_hosts) },
#endif
#ifdef SUPPORT_I18N
- { "utf8_downconvert", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, utf8_downconvert) },
+ { "utf8_downconvert", opt_stringptr, LOFF(utf8_downconvert) },
#endif
};
for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
{
const uschar * list = names;
- int sep = ' ';
- uschar name[32];
-
- while (string_nextinlist(&list, &sep, name, sizeof(name)))
- if (strcmpic(au->public_name, name) == 0)
+ uschar * s;
+ for (int sep = ' '; s = string_nextinlist(&list, &sep, NULL, 0); )
+ if (strcmpic(au->public_name, s) == 0)
{ authbits |= BIT(authnum); break; }
}
if (require_auth == OK && !f.smtp_authenticated)
{
+ invalidate_ehlo_cache_entry(sx);
set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
string_sprintf("authentication required but %s", fail_reason), DEFER,
FALSE, &sx->delivery_start);
smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
if (!(new_sender_address = deliver_get_sender_address(message_id)))
- return 0;
+ return FALSE;
message_local_identity =
smtp_local_identity(new_sender_address, s_compare->tblock);
else DEBUG(D_transport)
debug_printf("helo needs $sending_ip_address\n");
+PIPE_CONNECT_RETRY:
if (sx->early_pipe_active)
sx->outblock.conn_args = &sx->conn_args;
else
}
sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
smtp_command = big_buffer;
+ sx->peer_offered = smtp_peer_options;
sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
/* For a continued connection with TLS being proxied for us, or a
&& cutthrough.is_tls)
)
{
- sx->peer_offered = smtp_peer_options;
sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
continue_proxy_cipher ? "proxied" : "verify conn with");
{
HDEBUG(D_transport)
debug_printf("failed reaping pipelined cmd responses\n");
- goto RESPONSE_FAILED;
+ close(sx->cctx.sock);
+ sx->cctx.sock = -1;
+ sx->early_pipe_active = FALSE;
+ goto PIPE_CONNECT_RETRY;
}
#endif
int rc, i;
close(pfd[1]);
-if ((rc = fork()))
- {
- DEBUG(D_transport) debug_printf("proxy-proc final-pid %d\n", rc);
+if ((rc = exim_fork(US"tls-proxy")))
_exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
- }
-testharness_pause_ms(100); /* let parent debug out */
set_process_info("proxying TLS connection for continued transport");
FD_ZERO(&rfds);
FD_SET(tls_out.active.sock, &rfds);
done:
testharness_pause_ms(100); /* let logging complete */
- exim_exit(0, US"TLS proxy");
+ exim_exit(EXIT_SUCCESS);
}
#endif
/* If continue_hostname is not null, we get here only when continuing to
deliver down an existing channel. The channel was passed as the standard
-input. TLS is never active on a passed channel; the previous process always
-closes it down before passing the connection on.
+input. TLS is never active on a passed channel; the previous process either
+closes it down before passing the connection on, or inserts a TLS-proxy
+process and passes on a cleartext conection.
Otherwise, we have to make a connection to the remote host, and do the
initial protocol exchange.
}
/* If there is a filter command specified for this transport, we can now
-set it up. This cannot be done until the identify of the host is known. */
+set it up. This cannot be done until the identity of the host is known. */
if (tblock->filter_command)
{
if (continue_hostname && continue_sequence == 1)
{
- sx->peer_offered = smtp_peer_options;
/* sx->pending_MAIL = FALSE; */
sx->ok = TRUE;
/* sx->next_addr = NULL; */
#ifndef DISABLE_TLS
if (tls_out.active.sock >= 0)
{
- int pid = fork();
+ int pid = exim_fork(US"tls-proxy-interproc");
if (pid == 0) /* child; fork again to disconnect totally */
{
- testharness_pause_ms(100); /* let parent debug out */
/* does not return */
smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
ob->command_timeout);
if (pid > 0) /* parent */
{
- DEBUG(D_transport) debug_printf("proxy-proc inter-pid %d\n", pid);
close(pfd[0]);
/* tidy the inter-proc to disconn the proxy proc */
waitpid(pid, NULL, 0);
were not in it. We don't want to hold up all SMTP deliveries! Except when
doing a two-stage queue run, don't do this if forcing. */
- if ((!f.deliver_force || f.queue_2stage) && (f.queue_smtp ||
- match_isinlist(addrlist->domain,
- (const uschar **)&queue_smtp_domains, 0,
- &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
+ if ( (!f.deliver_force || f.queue_2stage)
+ && ( f.queue_smtp
+ || match_isinlist(addrlist->domain,
+ CUSS &queue_smtp_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
+ )
{
+ DEBUG(D_transport) debug_printf("first-pass routing only\n");
expired = FALSE;
for (address_item * addr = addrlist; addr; addr = addr->next)
if (addr->transport_return == DEFER)
- addr->message = US"domain matches queue_smtp_domains, or -odqs set";
+ addr->message = US"first-pass only routing due to -odqs, "
+ "queue_smtp_domains or control=queue";
continue; /* With next host */
}
#ifndef DISABLE_EVENT
/* If the last host gave a defer raise a per-message event */
- if (!nexthost && (message_defer || rc == DEFER))
+ if ( !( nexthost
+ && unexpired_hosts_tried < ob->hosts_max_try
+ && total_hosts_tried < ob->hosts_max_try_hardlimit
+ )
+ && (message_defer || rc == DEFER)
+ )
deferred_event_raise(first_addr, host, US"msg:defer");
#endif
}
projects / exim.git / blobdiff