{
if (length == sizeof(dbdata_callout_cache_obs))
{
- dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
+ dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache), FALSE);
memcpy(new, cache_record, length);
new->postmaster_stamp = new->random_stamp = new->time_stamp;
cache_record = new;
if (done)
{
- address_item * na = store_get(sizeof(address_item));
+ address_item * na = store_get(sizeof(address_item), FALSE);
*na = cutthrough.addr;
cutthrough.addr = *addr;
cutthrough.addr.host_used = &cutthrough.host;
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)addr->transport->options_block;
+ smtp_context * sx = NULL;
/* The information wasn't available in the cache, so we have to do a real
callout and save the result in the cache for next time, unless no_cache is set,
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"callout_random_local_part: %s", expand_string_message);
+ /* Compile regex' used by client-side smtp */
+
+ smtp_deliver_init();
+
/* Default the connect and overall callout timeouts if not set, and record the
time we are starting so that we can enforce it. */
{
int host_af;
int port = 25;
- uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
- smtp_context sx;
+ uschar * interface = NULL; /* Outgoing interface to use; NULL => any */
if (!host->address)
{
log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
addr->message);
- sx.addrlist = addr;
- sx.conn_args.host = host;
- sx.conn_args.host_af = host_af,
- sx.port = port;
- sx.conn_args.interface = interface;
- sx.helo_data = tf->helo_data;
- sx.conn_args.tblock = addr->transport;
- sx.verify = TRUE;
+ if (!sx) sx = store_get(sizeof(*sx), TRUE); /* tainted buffers */
+ memset(sx, 0, sizeof(*sx));
+
+ sx->addrlist = addr;
+ sx->conn_args.host = host;
+ sx->conn_args.host_af = host_af,
+ sx->port = port;
+ sx->conn_args.interface = interface;
+ sx->helo_data = tf->helo_data;
+ sx->conn_args.tblock = addr->transport;
+ sx->verify = TRUE;
tls_retry_connection:
/* Set the address state so that errors are recorded in it */
SMTP command to send. If we tried TLS but it failed, try again without
if permitted */
- yield = smtp_setup_conn(&sx, FALSE);
+ yield = smtp_setup_conn(sx, FALSE);
#ifndef DISABLE_TLS
if ( yield == DEFER
&& addr->basic_errno == ERRNO_TLSFAILURE
"%s: callout unencrypted to %s [%s] (not in hosts_require_tls)",
addr->message, host->name, host->address);
addr->transport_return = PENDING_DEFER;
- yield = smtp_setup_conn(&sx, TRUE);
+ yield = smtp_setup_conn(sx, TRUE);
}
#endif
if (yield != OK)
addr->authenticator = client_authenticator;
addr->auth_id = client_authenticated_id;
- sx.from_addr = from_address;
- sx.first_addr = sx.sync_addr = addr;
- sx.ok = FALSE; /*XXX these 3 last might not be needed for verify? */
- sx.send_rset = TRUE;
- sx.completed_addr = FALSE;
+ sx->from_addr = from_address;
+ sx->first_addr = sx->sync_addr = addr;
+ sx->ok = FALSE; /*XXX these 3 last might not be needed for verify? */
+ sx->send_rset = TRUE;
+ sx->completed_addr = FALSE;
new_domain_record.result = old_domain_cache_result == ccache_reject_mfnull
? ccache_reject_mfnull : ccache_accept;
Avoid using a SIZE option on the MAIL for all random-rcpt checks.
*/
- sx.avoid_option = OPTION_SIZE;
+ sx->avoid_option = OPTION_SIZE;
/* Remember when we last did a random test */
new_domain_record.random_stamp = time(NULL);
- if (smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0)
+ if (smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0)
switch(addr->transport_return)
{
case PENDING_OK: /* random was accepted, unfortunately */
goto no_conn;
case FAIL: /* rejected: the preferred result */
new_domain_record.random_result = ccache_reject;
- sx.avoid_option = 0;
+ sx->avoid_option = 0;
/* Between each check, issue RSET, because some servers accept only
one recipient after MAIL FROM:<>.
XXX We don't care about that for postmaster_full. Should we? */
if ((done =
- smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0 &&
- smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout)))
+ smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0 &&
+ smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', callout)))
break;
HDEBUG(D_acl|D_v)
debug_printf_indent("problem after random/rset/mfrom; reopen conn\n");
random_local_part = NULL;
#ifndef DISABLE_TLS
- tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
+ tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
#endif
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
- (void)close(sx.cctx.sock);
- sx.cctx.sock = -1;
+ (void)close(sx->cctx.sock);
+ sx->cctx.sock = -1;
#ifndef DISABLE_EVENT
(void) event_raise(addr->transport->event_action,
US"tcp:close", NULL);
#endif
addr->address = main_address;
addr->transport_return = PENDING_DEFER;
- sx.first_addr = sx.sync_addr = addr;
- sx.ok = FALSE;
- sx.send_rset = TRUE;
- sx.completed_addr = FALSE;
+ sx->first_addr = sx->sync_addr = addr;
+ sx->ok = FALSE;
+ sx->send_rset = TRUE;
+ sx->completed_addr = FALSE;
goto tls_retry_connection;
case DEFER: /* 4xx response to random */
break; /* Just to be clear. ccache_unknown, !done. */
/* Re-setup for main verify, or for the error message when failing */
addr->address = main_address;
addr->transport_return = PENDING_DEFER;
- sx.first_addr = sx.sync_addr = addr;
- sx.ok = FALSE;
- sx.send_rset = TRUE;
- sx.completed_addr = FALSE;
+ sx->first_addr = sx->sync_addr = addr;
+ sx->ok = FALSE;
+ sx->send_rset = TRUE;
+ sx->completed_addr = FALSE;
}
else
done = TRUE;
if (done)
{
if (!(options & vopt_is_recipient && options & vopt_callout_no_cache))
- sx.avoid_option = OPTION_SIZE;
+ sx->avoid_option = OPTION_SIZE;
done = FALSE;
- switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
+ switch(smtp_write_mail_and_rcpt_cmds(sx, &yield))
{
case 0: switch(addr->transport_return) /* ok so far */
{
case -1: /* MAIL response error */
*failure_ptr = US"mail";
- if (errno == 0 && sx.buffer[0] == '5')
+ if (errno == 0 && sx->buffer[0] == '5')
{
setflag(addr, af_verify_nsfail);
if (from_address[0] == 0)
cancel_cutthrough_connection(TRUE, US"postmaster verify");
HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n");
- done = smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0
- && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', callout);
+ done = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0
+ && smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', callout);
if (done)
{
addr->address = string_sprintf("postmaster@%.1000s", addr->domain);
addr->transport_return = PENDING_DEFER;
- sx.from_addr = pm_mailfrom;
- sx.first_addr = sx.sync_addr = addr;
- sx.ok = FALSE;
- sx.send_rset = TRUE;
- sx.completed_addr = FALSE;
- sx.avoid_option = OPTION_SIZE;
+ sx->from_addr = pm_mailfrom;
+ sx->first_addr = sx->sync_addr = addr;
+ sx->ok = FALSE;
+ sx->send_rset = TRUE;
+ sx->completed_addr = FALSE;
+ sx->avoid_option = OPTION_SIZE;
- if( smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0
+ if( smtp_write_mail_and_rcpt_cmds(sx, &yield) == 0
&& addr->transport_return == PENDING_OK
)
done = TRUE;
else
done = (options & vopt_callout_fullpm) != 0
- && smtp_write_command(&sx, SCMD_FLUSH,
+ && smtp_write_command(sx, SCMD_FLUSH,
"RCPT TO:<postmaster>\r\n") >= 0
- && smtp_read_response(&sx, sx.buffer,
- sizeof(sx.buffer), '2', callout);
+ && smtp_read_response(sx, sx->buffer,
+ sizeof(sx->buffer), '2', callout);
/* Sort out the cache record */
if (done)
new_domain_record.postmaster_result = ccache_accept;
- else if (errno == 0 && sx.buffer[0] == '5')
+ else if (errno == 0 && sx->buffer[0] == '5')
{
*failure_ptr = US"postmaster";
setflag(addr, af_verify_pmfail);
{
case ETIMEDOUT:
HDEBUG(D_verify) debug_printf("SMTP timeout\n");
- sx.send_quit = FALSE;
+ sx->send_quit = FALSE;
break;
#ifdef SUPPORT_I18N
{
extern int acl_where; /* src/acl.c */
errno = 0;
- addr->message = string_sprintf(
- "response to \"EHLO\" did not include SMTPUTF8");
+ addr->message = US"response to \"EHLO\" did not include SMTPUTF8";
addr->user_message = acl_where == ACL_WHERE_RCPT
? US"533 no support for internationalised mailbox name"
: US"550 mailbox unavailable";
break;
#endif
case ECONNREFUSED:
- sx.send_quit = FALSE;
+ sx->send_quit = FALSE;
break;
case 0:
- if (*sx.buffer == 0) Ustrcpy(sx.buffer, US"connection dropped");
+ if (*sx->buffer == 0) Ustrcpy(sx->buffer, US"connection dropped");
/*XXX test here is ugly; seem to have a split of responsibility for
building this message. Need to rationalise. Where is it done
*/
if (!addr->message) addr->message =
string_sprintf("response to \"%s\" was: %s",
- big_buffer, string_printing(sx.buffer));
+ big_buffer, string_printing(sx->buffer));
+
+ /* RFC 5321 section 4.2: the text portion of the response may have only
+ HT, SP, Printable US-ASCII. Deal with awkward chars by cutting the
+ received message off before passing it onward. Newlines are ok; they
+ just become a multiline response (but wrapped in the error code we
+ produce). */
+ for (uschar * s = sx->buffer;
+ *s && s < sx->buffer + sizeof(sx->buffer);
+ s++)
+ {
+ uschar c = *s;
+ if (c != '\t' && c != '\n' && (c < ' ' || c > '~'))
+ {
+ if (s - sx->buffer < sizeof(sx->buffer) - 12)
+ memcpy(s, "(truncated)", 12);
+ else
+ *s = '\0';
+ break;
+ }
+ }
addr->user_message = options & vopt_is_recipient
- ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
+ ? string_sprintf("Callout verification failed:\n%s", sx->buffer)
: string_sprintf("Called: %s\nSent: %s\nResponse: %s",
- host->address, big_buffer, sx.buffer);
+ host->address, big_buffer, sx->buffer);
/* Hard rejection ends the process */
- if (sx.buffer[0] == '5') /* Address rejected */
+ if (sx->buffer[0] == '5') /* Address rejected */
{
yield = FAIL;
done = TRUE;
&& !random_local_part
&& !pm_mailfrom
&& cutthrough.cctx.sock < 0
- && !sx.lmtp
+ && !sx->lmtp
)
{
HDEBUG(D_acl|D_v) debug_printf_indent("holding verify callout open for %s\n",
cutthrough.callout_hold_only = !cutthrough.delivery;
cutthrough.is_tls = tls_out.active.sock >= 0;
/* We assume no buffer in use in the outblock */
- cutthrough.cctx = sx.cctx;
+ cutthrough.cctx = sx->cctx;
cutthrough.nrcpt = 1;
cutthrough.transport = addr->transport->name;
cutthrough.interface = interface;
for (address_item * caddr = &cutthrough.addr, * parent = addr->parent;
parent;
caddr = caddr->parent, parent = parent->parent)
- *(caddr->parent = store_get(sizeof(address_item))) = *parent;
+ *(caddr->parent = store_get(sizeof(address_item), FALSE)) = *parent;
ctctx.outblock.buffer = ctbuffer;
ctctx.outblock.buffersize = sizeof(ctbuffer);
/* Ensure no cutthrough on multiple verifies that were incompatible */
if (options & vopt_callout_recipsender)
cancel_cutthrough_connection(TRUE, US"not usable for cutthrough");
- if (sx.send_quit)
- if (smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n") != -1)
+ if (sx->send_quit)
+ if (smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n") != -1)
/* Wait a short time for response, and discard it */
- smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2', 1);
+ smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
- if (sx.cctx.sock >= 0)
+ if (sx->cctx.sock >= 0)
{
#ifndef DISABLE_TLS
- if (sx.cctx.tls_ctx)
+ if (sx->cctx.tls_ctx)
{
- tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
- sx.cctx.tls_ctx = NULL;
+ tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
+ sx->cctx.tls_ctx = NULL;
}
#endif
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
- (void)close(sx.cctx.sock);
- sx.cctx.sock = -1;
+ (void)close(sx->cctx.sock);
+ sx->cctx.sock = -1;
#ifndef DISABLE_EVENT
(void) event_raise(addr->transport->event_action, US"tcp:close", NULL);
#endif
/* Come here from within the cache-reading code on fast-track exit. */
END_CALLOUT:
-tls_modify_variables(&tls_in);
+tls_modify_variables(&tls_in); /* return variables to inbound values */
return yield;
}
vaddr->basic_errno = addr->basic_errno;
vaddr->more_errno = addr->more_errno;
vaddr->prop.address_data = addr->prop.address_data;
- vaddr->prop.set = addr->prop.set;
+ vaddr->prop.variables = NULL;
+ tree_dup((tree_node **)&vaddr->prop.variables, addr->prop.variables);
copyflag(vaddr, addr, af_pass_message);
}
return yield;
of $address_data to be that of the child */
vaddr->prop.address_data = addr->prop.address_data;
- vaddr->prop.set = addr->prop.set;
+ vaddr->prop.variables = NULL;
+ tree_dup((tree_node **)&vaddr->prop.variables, addr->prop.variables);
/* If stopped because more than one new address, cannot cutthrough */
out:
verify_mode = NULL;
-tls_modify_variables(&tls_in);
+tls_modify_variables(&tls_in); /* return variables to inbound values */
return yield;
}
{
if (!f.allow_unqualified_recipient) recipient = NULL;
}
- if (recipient == NULL) errmess = US"unqualified address not permitted";
+ if (!recipient) errmess = US"unqualified address not permitted";
}
/* It's an error if no address could be extracted, except for the special
if ((*s < 33) || (*s > 126))
{
*msgptr = string_sprintf("Invalid character in header \"%.*s\" found",
- colon - h->text, h->text);
+ (int)(colon - h->text), h->text);
return FAIL;
}
}
/* If we found an empty address, just carry on with the next one, but
kill the message. */
- if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
+ if (!address && Ustrcmp(*log_msgptr, "empty address") == 0)
{
*log_msgptr = NULL;
s = ss;
function, and ensure that the failing address gets added to the error
message. */
- if (address == NULL)
+ if (!address)
{
new_ok = FAIL;
while (ss > s && isspace(ss[-1])) ss--;
uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
int defer_return)
{
-dns_answer dnsa;
+dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
tree_node *t;
dnsbl_cache_block *cb;
/* Previous lookup was cached */
{
- HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
+ HDEBUG(D_dnsbl) debug_printf("dnslists: using result of previous lookup\n");
}
/* If not cached from a previous lookup, we must do a DNS lookup, and
else
{
- uint ttl = 3600;
+ uint ttl = 3600; /* max TTL for positive cache entries */
store_pool = POOL_PERM;
else
{ /* Set up a tree entry to cache the lookup */
- t = store_get(sizeof(tree_node) + Ustrlen(query));
+ t = store_get(sizeof(tree_node) + Ustrlen(query), is_tainted(query));
Ustrcpy(t->name, query);
- t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
+ t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE);
(void)tree_insertnode(&dnsbl_cache, t);
}
/* Do the DNS lookup . */
HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
- cb->rc = dns_basic_lookup(&dnsa, query, T_A);
+ cb->rc = dns_basic_lookup(dnsa, query, T_A);
cb->text_set = FALSE;
cb->text = NULL;
cb->rhs = NULL;
addresses generated in that way as well.
Mark the cache entry with the "now" plus the minimum of the address TTLs,
- or some suitably far-future time if none were found. */
+ or the RFC 2308 negative-cache value from the SOA if none were found. */
- if (cb->rc == DNS_SUCCEED)
+ switch (cb->rc)
{
- dns_address ** addrp = &(cb->rhs);
- for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
- if (rr->type == T_A)
- {
- dns_address *da = dns_address_from_rr(&dnsa, rr);
- if (da)
- {
- *addrp = da;
- while (da->next) da = da->next;
- addrp = &da->next;
+ case DNS_SUCCEED:
+ {
+ dns_address ** addrp = &cb->rhs;
+ dns_address * da;
+ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
+ if (rr->type == T_A && (da = dns_address_from_rr(dnsa, rr)))
+ {
+ *addrp = da;
+ while (da->next) da = da->next;
+ addrp = &da->next;
if (ttl > rr->ttl) ttl = rr->ttl;
- }
- }
+ }
+
+ if (cb->rhs)
+ {
+ cb->expiry = time(NULL) + ttl;
+ break;
+ }
+
+ /* If we didn't find any A records, change the return code. This can
+ happen when there is a CNAME record but there are no A records for what
+ it points to. */
- /* If we didn't find any A records, change the return code. This can
- happen when there is a CNAME record but there are no A records for what
- it points to. */
+ cb->rc = DNS_NODATA;
+ }
+ /*FALLTHROUGH*/
- if (!cb->rhs) cb->rc = DNS_NODATA;
+ case DNS_NOMATCH:
+ case DNS_NODATA:
+ {
+ /* Although there already is a neg-cache layer maintained by
+ dns_basic_lookup(), we have a dnslist cache entry allocated and
+ tree-inserted. So we may as well use it. */
+
+ time_t soa_negttl = dns_expire_from_soa(dnsa, T_A);
+ cb->expiry = soa_negttl ? soa_negttl : time(NULL) + ttl;
+ break;
+ }
+
+ default:
+ cb->expiry = time(NULL) + ttl;
+ break;
}
- cb->expiry = time(NULL)+ttl;
store_pool = old_pool;
+ HDEBUG(D_dnsbl) debug_printf("dnslists: wrote cache entry, ttl=%d\n",
+ (int)(cb->expiry - time(NULL)));
}
/* We now have the result of the DNS lookup, either newly done, or cached
if (cb->rc == DNS_SUCCEED)
{
- dns_address *da = NULL;
+ dns_address * da = NULL;
uschar *addlist = cb->rhs->address;
/* For A and AAAA records, there may be multiple addresses from multiple
if (!cb->text_set)
{
cb->text_set = TRUE;
- if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
- for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ if (dns_basic_lookup(dnsa, query, T_TXT) == DNS_SUCCEED)
+ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
if (rr->type == T_TXT)
{
int len = (rr->data)[0];
/* Loop through all the domains supplied, until something matches */
-while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
+while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
{
int rc;
BOOL bitmask = FALSE;
uschar *iplist;
uschar *key;
- HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
+ HDEBUG(D_dnsbl) debug_printf("dnslists check: %s\n", domain);
/* Deal with special values that change the behaviour on defer */
set domain_txt == domain. */
domain_txt = domain;
- comma = Ustrchr(domain, ',');
- if (comma != NULL)
+ if ((comma = Ustrchr(domain, ',')))
{
*comma++ = 0;
domain = comma;
acl_wherenames[where]);
return ERROR;
}
- if (sender_host_address == NULL) return FAIL; /* can never match */
+ if (!sender_host_address) return FAIL; /* can never match */
if (revadd[0] == 0) invert_address(revadd, sender_host_address);
rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
iplist, bitmask, match_type, defer_return);
int keysep = 0;
BOOL defer = FALSE;
uschar *keydomain;
- uschar keybuffer[256];
uschar keyrevadd[128];
- while ((keydomain = string_nextinlist(CUSS &key, &keysep, keybuffer,
- sizeof(keybuffer))) != NULL)
+ while ((keydomain = string_nextinlist(CUSS &key, &keysep, NULL, 0)))
{
uschar *prepend = keydomain;
rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
bitmask, match_type, defer_return);
-
if (rc == OK)
{
dnslist_domain = string_copy(domain_txt);
projects / exim.git / blobdiff