summaryrefslogtreecommitdiff
path: root/src/readcf.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/readcf.c')
-rw-r--r--src/readcf.c383
1 files changed, 269 insertions, 114 deletions
diff --git a/src/readcf.c b/src/readcf.c
index 10eac0bc6724b..e6f62961f2203 100644
--- a/src/readcf.c
+++ b/src/readcf.c
@@ -13,12 +13,18 @@
#include <sendmail.h>
#include <sm/sendmail.h>
+#if STARTTLS
+# include <tls.h>
+#endif
+#if DNSSEC_TEST
+# include <sm_resolve.h>
+#endif
SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#define SECONDS
@@ -194,7 +200,7 @@ readcf(cfname, safe, e)
#if XLA
xla_zero();
-#endif /* XLA */
+#endif
while (bufsize = sizeof(buf),
(bp = fgetfolded(buf, &bufsize, cf)) != NULL)
@@ -351,7 +357,7 @@ readcf(cfname, safe, e)
int args, endtoken;
#if _FFR_EXTRA_MAP_CHECK
int nexttoken;
-#endif /* _FFR_EXTRA_MAP_CHECK */
+#endif
bool inmap;
rwp->r_rhs = copyplist(rwp->r_rhs, true, NULL);
@@ -424,7 +430,7 @@ readcf(cfname, safe, e)
nexttoken = ap[1][0] & 0377;
if (nexttoken == CANONHOST ||
nexttoken == CANONUSER ||
- nexttoken == endtoken))
+ nexttoken == endtoken)
{
syserr("missing map name for lookup");
break;
@@ -434,7 +440,7 @@ readcf(cfname, safe, e)
syserr("syntax error in map lookup");
break;
}
- if (ap[0][0] == HOSTBEGIN)
+ if ((unsigned char) ap[0][0] == HOSTBEGIN)
break;
nexttoken = ap[2][0] & 0377;
if (nexttoken == CANONHOST ||
@@ -553,10 +559,10 @@ readcf(cfname, safe, e)
register char *wd;
char delim;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
wd = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
delim = *p;
*p = '\0';
@@ -570,15 +576,15 @@ readcf(cfname, safe, e)
mid = macid_parse(&bp[1], &ep);
if (mid == 0)
break;
- for (p = ep; isascii(*p) && isspace(*p); )
+ for (p = ep; SM_ISSPACE(*p); )
p++;
if (p[0] == '-' && p[1] == 'o')
{
optional = true;
while (*p != '\0' &&
- !(isascii(*p) && isspace(*p)))
+ !(SM_ISSPACE(*p)))
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
}
else
@@ -635,7 +641,7 @@ readcf(cfname, safe, e)
case 'L': /* extended load average description */
xla_init(&bp[1]);
break;
-#endif /* XLA */
+#endif
#if defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO)
case 'L': /* lookup macro */
@@ -676,7 +682,7 @@ readcf(cfname, safe, e)
break;
case 'V': /* configuration syntax version */
- for (p = &bp[1]; isascii(*p) && isspace(*p); p++)
+ for (p = &bp[1]; SM_ISSPACE(*p); p++)
continue;
if (!isascii(*p) || !isdigit(*p))
{
@@ -849,7 +855,7 @@ translate_dollars(ibp, obp, bsp)
default:
/* delete leading white space */
- while (isascii(*p) && isspace(*p) &&
+ while (SM_ISSPACE(*p) &&
*p != '\n' && p > bp)
{
p--;
@@ -887,7 +893,7 @@ translate_dollars(ibp, obp, bsp)
}
/* strip trailing white space from the line */
- while (--p > bp && isascii(*p) && isspace(*p))
+ while (--p > bp && SM_ISSPACE(*p))
*p = '\0';
if (tTd(37, 53))
@@ -954,14 +960,14 @@ parse_class_words(class, line)
register char *q;
/* strip leading spaces */
- while (isascii(*line) && isspace(*line))
+ while (SM_ISSPACE(*line))
line++;
if (*line == '\0')
break;
/* find the end of the word */
q = line;
- while (*line != '\0' && !(isascii(*line) && isspace(*line)))
+ while (*line != '\0' && !(SM_ISSPACE(*line)))
line++;
if (*line != '\0')
*line++ = '\0';
@@ -1184,7 +1190,7 @@ fileclass(class, filename, fmt, ismap, safe, optional)
{
#if SCANF
char wordbuf[MAXLINE + 1];
-#endif /* SCANF */
+#endif
if (buf[0] == '#')
continue;
@@ -1226,7 +1232,7 @@ static char frst[MAXMAILERS + 1];
**
** Returns:
** none
-**
+**
** Note: space is not valid in cf defined mailers hence the function
** will always find a char. It's not nice, but this is for
** internal names only.
@@ -1381,7 +1387,7 @@ makemailer(line)
/* collect the mailer name */
for (p = line;
- *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
+ *p != '\0' && *p != ',' && !(SM_ISSPACE(*p));
p++)
continue;
if (*p != '\0')
@@ -1405,7 +1411,7 @@ makemailer(line)
auto char *delimptr;
while (*p != '\0' &&
- (*p == ',' || (isascii(*p) && isspace(*p))))
+ (*p == ',' || (SM_ISSPACE(*p))))
p++;
/* p now points to field code */
@@ -1417,7 +1423,7 @@ makemailer(line)
syserr("mailer %s: `=' expected", m->m_name);
return;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* p now points to the field body */
@@ -1434,7 +1440,7 @@ makemailer(line)
case 'F': /* flags */
for (; *p != '\0'; p++)
{
- if (!(isascii(*p) && isspace(*p)))
+ if (!(SM_ISSPACE(*p)))
{
if (*p == M_INTERNAL)
sm_syslog(LOG_WARNING, NOQID,
@@ -1573,11 +1579,11 @@ makemailer(line)
while (*p != '\0' && isascii(*p) &&
# if _FFR_DOTTED_USERNAMES
(isalnum(*p) || strchr(SM_PWN_CHARS, *p) != NULL))
-# else /* _FFR_DOTTED_USERNAMES */
+# else
(isalnum(*p) || strchr("-_", *p) != NULL))
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
if (*p != '\0')
*p++ = '\0';
@@ -1605,12 +1611,12 @@ makemailer(line)
m->m_uid = strtol(p, &q, 0);
p = q;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '\0')
p++;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
@@ -1732,7 +1738,7 @@ makemailer(line)
if (strcmp(m->m_argv[0], "TCP") != 0
#if NETUNIX
&& strcmp(m->m_argv[0], "FILE") != 0
-#endif /* NETUNIX */
+#endif
)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
@@ -1740,9 +1746,9 @@ makemailer(line)
m->m_name, m->m_mailer,
#if NETUNIX
"TCP or FILE"
-#else /* NETUNIX */
+#else
"TCP"
-#endif /* NETUNIX */
+#endif
);
}
if (m->m_mtatype == NULL)
@@ -1972,9 +1978,9 @@ makeargv(p)
while (*p != '\0' && i < MAXPV)
{
q = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
argv[i++] = newstr(q);
}
@@ -2189,6 +2195,9 @@ static struct ssl_options
#ifdef SSL_OP_NO_TLSv1
{ "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 },
#endif
+#ifdef SSL_OP_NO_TLSv1_3
+ { "SSL_OP_NO_TLSv1_3", SSL_OP_NO_TLSv1_3 },
+#endif
#ifdef SSL_OP_NO_TLSv1_2
{ "SSL_OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 },
#endif
@@ -2213,6 +2222,24 @@ static struct ssl_options
#ifdef SSL_OP_TLSEXT_PADDING
{ "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
#endif
+#ifdef SSL_OP_NO_RENEGOTIATION
+ { "SSL_OP_NO_RENEGOTIATION", SSL_OP_NO_RENEGOTIATION },
+#endif
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ { "SSL_OP_NO_ANTI_REPLAY", SSL_OP_NO_ANTI_REPLAY },
+#endif
+#ifdef SSL_OP_ALLOW_NO_DHE_KEX
+ { "SSL_OP_ALLOW_NO_DHE_KEX", SSL_OP_ALLOW_NO_DHE_KEX },
+#endif
+#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
+ { "SSL_OP_NO_ENCRYPT_THEN_MAC", SSL_OP_NO_ENCRYPT_THEN_MAC },
+#endif
+#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ { "SSL_OP_ENABLE_MIDDLEBOX_COMPAT", SSL_OP_ENABLE_MIDDLEBOX_COMPAT },
+#endif
+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ { "SSL_OP_PRIORITIZE_CHACHA", SSL_OP_PRIORITIZE_CHACHA },
+#endif
{ NULL, 0 }
};
@@ -2231,7 +2258,8 @@ static struct ssl_options
#define SSLOPERR_NAN 1
#define SSLOPERR_NOTFOUND 2
-#define SM_ISSPACE(c) (isascii(c) && isspace(c))
+
+static int readssloptions __P((char *, char *, unsigned long *, int ));
static int
readssloptions(opt, val, pssloptions, delim)
@@ -2312,13 +2340,13 @@ readssloptions(opt, val, pssloptions, delim)
return ret;
}
-# if _FFR_TLS_SE_OPTS
/*
** GET_TLS_SE_OPTIONS -- get TLS session options (from ruleset)
**
** Parameters:
** e -- envelope
** ssl -- TLS session context
+** tlsi_ctx -- TLS info context
** srv -- server?
**
** Returns:
@@ -2326,9 +2354,10 @@ readssloptions(opt, val, pssloptions, delim)
*/
int
-get_tls_se_options(e, ssl, srv)
+get_tls_se_options(e, ssl, tlsi_ctx, srv)
ENVELOPE *e;
SSL *ssl;
+ tlsi_ctx_T *tlsi_ctx;
bool srv;
{
bool saveQuickAbort, saveSuprErrs, ok;
@@ -2374,7 +2403,7 @@ get_tls_se_options(e, ssl, srv)
if (LogLevel > 9)
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=empty, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
return ok ? 0 : 1;
}
@@ -2389,7 +2418,7 @@ get_tls_se_options(e, ssl, srv)
if (LogLevel > 9 && len > 1)
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=too_short, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
/* this is not treated as error! */
return 0;
@@ -2402,7 +2431,7 @@ get_tls_se_options(e, ssl, srv)
if (LogLevel > 7) \
sm_syslog(LOG_INFO, NOQID, \
"tls_%s_features=invalid_syntax, opt=%s, relay=%s [%s]", \
- WHICH, opt, NAME_C_S, ADDR_C_S); \
+ WHICH, opt, NAME_C_S, ADDR_C_S); \
return -1; \
} while (0)
@@ -2483,11 +2512,20 @@ get_tls_se_options(e, ssl, srv)
"STARTTLS=%s, error: SSL_set_cipher_list(%s) failed",
who, val);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
}
+ else if (sm_strcasecmp(opt, "flags") == 0)
+ {
+ char *p;
+
+ for (p = val; *p != '\0'; p++)
+ {
+ if (isascii(*p) && isalnum(*p))
+ setbitn(bitidx(*p), tlsi_ctx->tlsi_flags);
+ }
+ }
else if (sm_strcasecmp(opt, "keyfile") == 0)
keyfile = val;
else if (sm_strcasecmp(opt, "certfile") == 0)
@@ -2499,7 +2537,7 @@ get_tls_se_options(e, ssl, srv)
{
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=unknown_option, opt=%s, relay=%s [%s]",
- WHICH, opt, NAME_C_S, ADDR_C_S);
+ WHICH, opt, NAME_C_S, ADDR_C_S);
}
}
@@ -2519,7 +2557,7 @@ get_tls_se_options(e, ssl, srv)
{
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=only_one_of_CertFile/KeyFile_specified, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
}
}
@@ -2529,7 +2567,6 @@ get_tls_se_options(e, ssl, srv)
# undef ADDR_C_S
# undef WHICH
}
-# endif /* _FFR_TLS_SE_OPTS */
#endif /* STARTTLS */
/*
@@ -2573,7 +2610,17 @@ static struct resolverflags
{ "dnsrch", RES_DNSRCH },
# ifdef RES_USE_INET6
{ "use_inet6", RES_USE_INET6 },
-# endif /* RES_USE_INET6 */
+# endif
+# ifdef RES_USE_EDNS0
+ { "use_edns0", RES_USE_EDNS0 },
+# endif
+# ifdef RES_USE_DNSSEC
+ { "use_dnssec", RES_USE_DNSSEC },
+# endif
+# if RES_TRUSTAD
+ { "trustad", RES_TRUSTAD },
+# endif
+ { "true", 0 }, /* avoid error on old syntax */
{ "true", 0 }, /* avoid error on old syntax */
{ NULL, 0 }
};
@@ -2593,7 +2640,7 @@ static struct optioninfo
{
#if defined(SUN_EXTENSIONS) && defined(REMOTE_MODE)
{ "RemoteMode", '>', OI_NONE },
-#endif /* defined(SUN_EXTENSIONS) && defined(REMOTE_MODE) */
+#endif
{ "SevenBitInput", '7', OI_SAFE },
{ "EightBitMode", '8', OI_SAFE },
{ "AliasFile", 'A', OI_NONE },
@@ -2716,7 +2763,7 @@ static struct optioninfo
#if _FFR_DONTLOCKFILESFORREAD_OPTION
# define O_DONTLOCK 0xa4
{ "DontLockFilesForRead", O_DONTLOCK, OI_NONE },
-#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
+#endif
#define O_MAXALIASRCSN 0xa5
{ "MaxAliasRecursion", O_MAXALIASRCSN, OI_NONE },
#define O_CNCTONLYTO 0xa6
@@ -2732,15 +2779,15 @@ static struct optioninfo
#if _FFR_MAX_FORWARD_ENTRIES
# define O_MAXFORWARD 0xab
{ "MaxForwardEntries", O_MAXFORWARD, OI_NONE },
-#endif /* _FFR_MAX_FORWARD_ENTRIES */
+#endif
#define O_PROCTITLEPREFIX 0xac
{ "ProcessTitlePrefix", O_PROCTITLEPREFIX, OI_NONE },
#define O_SASLINFO 0xad
#if _FFR_ALLOW_SASLINFO
{ "DefaultAuthInfo", O_SASLINFO, OI_SAFE },
-#else /* _FFR_ALLOW_SASLINFO */
+#else
{ "DefaultAuthInfo", O_SASLINFO, OI_NONE },
-#endif /* _FFR_ALLOW_SASLINFO */
+#endif
#define O_SASLMECH 0xae
{ "AuthMechanisms", O_SASLMECH, OI_NONE },
#define O_CLIENTPORT 0xaf
@@ -2821,10 +2868,8 @@ static struct optioninfo
{ "FallbackSmartHost", O_FALLBACKSMARTHOST, OI_NONE },
#define O_SASLREALM 0xd6
{ "AuthRealm", O_SASLREALM, OI_NONE },
-#if _FFR_CRLPATH
-# define O_CRLPATH 0xd7
+#define O_CRLPATH 0xd7
{ "CRLPath", O_CRLPATH, OI_NONE },
-#endif /* _FFR_CRLPATH */
#define O_HELONAME 0xd8
{ "HeloName", O_HELONAME, OI_NONE },
#if _FFR_MEMSTAT
@@ -2840,22 +2885,22 @@ static struct optioninfo
#if _FFR_MSG_ACCEPT
# define O_MSG_ACCEPT 0xdd
{ "MessageAccept", O_MSG_ACCEPT, OI_NONE },
-#endif /* _FFR_MSG_ACCEPT */
+#endif
#if _FFR_QUEUE_RUN_PARANOIA
# define O_CHK_Q_RUNNERS 0xde
{ "CheckQueueRunners", O_CHK_Q_RUNNERS, OI_NONE },
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
#if _FFR_EIGHT_BIT_ADDR_OK
# if !ALLOW_255
# ERROR FFR_EIGHT_BIT_ADDR_OK requires _ALLOW_255
-# endif /* !ALLOW_255 */
+# endif
# define O_EIGHT_BIT_ADDR_OK 0xdf
{ "EightBitAddrOK", O_EIGHT_BIT_ADDR_OK, OI_NONE },
#endif /* _FFR_EIGHT_BIT_ADDR_OK */
#if _FFR_ADDR_TYPE_MODES
# define O_ADDR_TYPE_MODES 0xe0
{ "AddrTypeModes", O_ADDR_TYPE_MODES, OI_NONE },
-#endif /* _FFR_ADDR_TYPE_MODES */
+#endif
#if _FFR_BADRCPT_SHUTDOWN
# define O_RCPTSHUTD 0xe1
{ "BadRcptShutdown", O_RCPTSHUTD, OI_SAFE },
@@ -2871,7 +2916,7 @@ static struct optioninfo
#if _FFR_RCPTTHROTDELAY
# define O_RCPTTHROTDELAY 0xe6
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
# define O_INETQOS 0xe7 /* reserved for FFR_QOS */
{ "InetQoS", O_INETQOS, OI_NONE },
@@ -2879,21 +2924,60 @@ static struct optioninfo
#if STARTTLS && _FFR_FIPSMODE
# define O_FIPSMODE 0xe8
{ "FIPSMode", O_FIPSMODE, OI_NONE },
-#endif /* STARTTLS && _FFR_FIPSMODE */
+#endif
#if _FFR_REJECT_NUL_BYTE
# define O_REJECTNUL 0xe9
{ "RejectNUL", O_REJECTNUL, OI_SAFE },
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
#if _FFR_BOUNCE_QUEUE
# define O_BOUNCEQUEUE 0xea
{ "BounceQueue", O_BOUNCEQUEUE, OI_NONE },
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
#if _FFR_ADD_BCC
# define O_ADDBCC 0xeb
{ "AddBcc", O_ADDBCC, OI_NONE },
#endif
#define O_USECOMPRESSEDIPV6ADDRESSES 0xec
{ "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
+#if STARTTLS
+# define O_SSLENGINE 0xed
+ { "SSLEngine", O_SSLENGINE, OI_NONE },
+# define O_SSLENGINEPATH 0xee
+ { "SSLEnginePath", O_SSLENGINEPATH, OI_NONE },
+# define O_TLSFB2CLEAR 0xef
+ { "TLSFallbacktoClear", O_TLSFB2CLEAR, OI_NONE },
+#endif
+#if DNSSEC_TEST
+# define O_NSPORTIP 0xf0
+ { "NameServer", O_NSPORTIP, OI_NONE },
+#endif
+#if DANE
+# define O_DANE 0xf1
+ { "DANE", O_DANE, OI_NONE },
+#endif
+#if DNSSEC_TEST
+# define O_NSSRCHLIST 0xf2
+ { "NameSearchList", O_NSSRCHLIST, OI_NONE },
+#endif
+#if _FFR_BLANKENV_MACV
+# define O_HACKS 0xf4
+ { "Hacks", O_HACKS, OI_NONE },
+#endif
+#if _FFR_KEEPBCC
+# define O_KEEPBCC 0xf3
+ { "KeepBcc", O_KEEPBCC, OI_NONE },
+#endif
+
+#if _FFR_CLIENTCA
+#define O_CLTCACERTFILE 0xf5
+ { "ClientCACertFile", O_CLTCACERTFILE, OI_NONE },
+#define O_CLTCACERTPATH 0xf6
+ { "ClientCACertPath", O_CLTCACERTPATH, OI_NONE },
+#endif
+#if _FFR_TLS_ALTNAMES
+# define O_CHECKALTNAMES 0xf7
+ { "SetCertAltnames", O_CHECKALTNAMES, OI_NONE },
+#endif
{ NULL, '\0', OI_NONE }
};
@@ -2926,18 +3010,18 @@ setoption(opt, val, safe, sticky, e)
register char *p;
register struct optioninfo *o;
char *subopt;
- int mid;
+ int i;
bool can_setuid = RunAsUid == 0;
auto char *ep;
char buf[50];
extern bool Warn_Q_option;
#if _FFR_ALLOW_SASLINFO
extern unsigned int SubmitMode;
-#endif /* _FFR_ALLOW_SASLINFO */
+#endif
#if STARTTLS || SM_CONF_SHM
char *newval;
char exbuf[MAXLINE];
-#endif /* STARTTLS || SM_CONF_SHM */
+#endif
#if STARTTLS
unsigned long *pssloptions = NULL;
#endif
@@ -3181,7 +3265,7 @@ setoption(opt, val, safe, sticky, e)
#if _FFR_DM_ONE
/* deliver first TA in background, then queue */
case SM_DM_ONE:
-#endif /* _FFR_DM_ONE */
+#endif
set_delivery_mode(*val, e);
break;
@@ -3280,7 +3364,7 @@ setoption(opt, val, safe, sticky, e)
p--;
p++;
q = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
@@ -3348,13 +3432,13 @@ setoption(opt, val, safe, sticky, e)
case 'M': /* define macro */
sticky = false;
- mid = macid_parse(val, &ep);
- if (mid == 0)
+ i = macid_parse(val, &ep);
+ if (i == 0)
break;
p = newstr(ep);
if (!safe)
cleanstrcpy(p, p, strlen(p) + 1);
- macdefine(&CurEnv->e_macro, A_TEMP, mid, p);
+ macdefine(&CurEnv->e_macro, A_TEMP, i, p);
break;
case 'm': /* send to me too */
@@ -3490,9 +3574,9 @@ setoption(opt, val, safe, sticky, e)
{
# if _FFR_DOTTED_USERNAMES
if (*p == '/' || *p == ':')
-# else /* _FFR_DOTTED_USERNAMES */
+# else
if (*p == '.' || *p == '/' || *p == ':')
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
{
*p++ = '\0';
break;
@@ -3583,7 +3667,7 @@ setoption(opt, val, safe, sticky, e)
#if _FFR_QUEUE_GROUP_SORTORDER
/* coordinate this with makequeue() */
-#endif /* _FFR_QUEUE_GROUP_SORTORDER */
+#endif
case O_QUEUESORTORD: /* queue sorting order */
switch (*val)
{
@@ -3718,7 +3802,7 @@ setoption(opt, val, safe, sticky, e)
#if !HASNICE
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: NiceQueueRun set on system that doesn't support nice()\n");
-#endif /* !HASNICE */
+#endif
/* XXX do we want to check the range? > 0 ? */
NiceQueueRun = atoi(val);
@@ -3748,7 +3832,7 @@ setoption(opt, val, safe, sticky, e)
case O_MAXFORWARD: /* max # of forward entries */
MaxForwardEntries = atoi(val);
break;
-#endif /* _FFR_MAX_FORWARD_ENTRIES */
+#endif
case O_KEEPCNAMES: /* don't expand CNAME records */
DontExpandCnames = atobool(val);
@@ -3826,9 +3910,9 @@ setoption(opt, val, safe, sticky, e)
{
# if _FFR_DOTTED_USERNAMES
if (*p == '/' || *p == ':')
-# else /* _FFR_DOTTED_USERNAMES */
+# else
if (*p == '.' || *p == '/' || *p == ':')
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
{
*p++ = '\0';
break;
@@ -3973,7 +4057,7 @@ setoption(opt, val, safe, sticky, e)
case O_RCPTTHROTDELAY:
BadRcptThrottleDelay = atoi(val);
break;
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
case O_DEADLETTER:
CANONIFY(val);
@@ -3984,7 +4068,7 @@ setoption(opt, val, safe, sticky, e)
case O_DONTLOCK:
DontLockReadFiles = atobool(val);
break;
-#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
+#endif
case O_MAXALIASRCSN:
MaxAliasRecursion = atoi(val);
@@ -3993,11 +4077,30 @@ setoption(opt, val, safe, sticky, e)
case O_CNCTONLYTO:
/* XXX should probably use gethostbyname */
#if NETINET || NETINET6
+ i = 0;
+ if ((subopt = strchr(val, '@')) != NULL)
+ {
+ *subopt = '\0';
+ i = (int) strtoul(val, NULL, 0);
+
+ /* stricter checks? probably not useful. */
+ if (i > USHRT_MAX)
+ {
+ syserr("readcf: option ConnectOnlyTo: invalid port %s",
+ val);
+ break;
+ }
+ val = subopt + 1;
+ }
ConnectOnlyTo.sa.sa_family = AF_UNSPEC;
# if NETINET6
if (anynet_pton(AF_INET6, val,
&ConnectOnlyTo.sin6.sin6_addr) == 1)
+ {
ConnectOnlyTo.sa.sa_family = AF_INET6;
+ if (i != 0)
+ ConnectOnlyTo.sin6.sin6_port = htons(i);
+ }
else
# endif /* NETINET6 */
# if NETINET
@@ -4005,6 +4108,8 @@ setoption(opt, val, safe, sticky, e)
ConnectOnlyTo.sin.sin_addr.s_addr = inet_addr(val);
if (ConnectOnlyTo.sin.sin_addr.s_addr != INADDR_NONE)
ConnectOnlyTo.sa.sa_family = AF_INET;
+ if (i != 0)
+ ConnectOnlyTo.sin.sin_port = htons(i);
}
# endif /* NETINET */
@@ -4217,6 +4322,9 @@ setoption(opt, val, safe, sticky, e)
#endif /* SASL */
#if STARTTLS
+ case O_TLSFB2CLEAR:
+ TLSFallbacktoClear = atobool(val);
+ break;
case O_SRVCERTFILE:
SET_STRING_EXP(SrvCertFile);
case O_SRVKEYFILE:
@@ -4229,12 +4337,34 @@ setoption(opt, val, safe, sticky, e)
SET_STRING_EXP(CACertFile);
case O_CACERTPATH:
SET_STRING_EXP(CACertPath);
+#if _FFR_CLIENTCA
+ case O_CLTCACERTFILE:
+ SET_STRING_EXP(CltCACertFile);
+ case O_CLTCACERTPATH:
+ SET_STRING_EXP(CltCACertPath);
+#endif
case O_DHPARAMS:
SET_STRING_EXP(DHParams);
case O_CIPHERLIST:
SET_STRING_EXP(CipherList);
case O_DIG_ALG:
SET_STRING_EXP(CertFingerprintAlgorithm);
+ case O_SSLENGINEPATH:
+ SET_STRING_EXP(SSLEnginePath);
+ case O_SSLENGINE:
+ newval = sm_pstrdup_x(val);
+ if (SSLEngine != NULL)
+ sm_free(SSLEngine);
+ SSLEngine = newval;
+
+ /*
+ ** Which engines need to be initialized before fork()?
+ ** XXX hack, should be an option?
+ */
+
+ if (strcmp(SSLEngine, "chil") == 0)
+ SSLEngineprefork = true;
+ break;
case O_SRV_SSL_OPTIONS:
pssloptions = &Srv_SSL_Options;
case O_CLT_SSL_OPTIONS:
@@ -4248,26 +4378,12 @@ setoption(opt, val, safe, sticky, e)
break;
case O_CRLFILE:
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
SET_STRING_EXP(CRLFile);
-# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "Warning: Option: %s requires at least OpenSSL 0.9.7\n",
- OPTNAME);
break;
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-# if _FFR_CRLPATH
case O_CRLPATH:
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
SET_STRING_EXP(CRLPath);
-# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "Warning: Option: %s requires at least OpenSSL 0.9.7\n",
- OPTNAME);
break;
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-# endif /* _FFR_CRLPATH */
/*
** XXX How about options per daemon/client instead of globally?
@@ -4329,14 +4445,17 @@ setoption(opt, val, safe, sticky, e)
case O_CLTKEYFILE:
case O_CACERTFILE:
case O_CACERTPATH:
+#if _FFR_CLIENTCA
+ case O_CLTCACERTFILE:
+ case O_CLTCACERTPATH:
+#endif
case O_DHPARAMS:
case O_SRV_SSL_OPTIONS:
case O_CLT_SSL_OPTIONS:
case O_CIPHERLIST:
+ case O_DIG_ALG:
case O_CRLFILE:
-# if _FFR_CRLPATH
case O_CRLPATH:
-# endif /* _FFR_CRLPATH */
case O_RANDFILE:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires TLS support\n",
@@ -4348,7 +4467,7 @@ setoption(opt, val, safe, sticky, e)
case O_FIPSMODE:
FipsMode = atobool(val);
break;
-#endif /* STARTTLS && _FFR_FIPSMODE */
+#endif
case O_CLIENTPORT:
setclientoptions(val);
@@ -4435,9 +4554,9 @@ setoption(opt, val, safe, sticky, e)
case O_REQUIRES_DIR_FSYNC:
#if REQUIRES_DIR_FSYNC
RequiresDirfsync = atobool(val);
-#else /* REQUIRES_DIR_FSYNC */
+#else
/* silently ignored... required for cf file option */
-#endif /* REQUIRES_DIR_FSYNC */
+#endif
break;
case O_CONNECTION_RATE_WINDOW_SIZE:
@@ -4473,25 +4592,25 @@ setoption(opt, val, safe, sticky, e)
case O_MSG_ACCEPT:
MessageAccept = newstr(val);
break;
-#endif /* _FFR_MSG_ACCEPT */
+#endif
#if _FFR_QUEUE_RUN_PARANOIA
case O_CHK_Q_RUNNERS:
CheckQueueRunners = atoi(val);
break;
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
#if _FFR_EIGHT_BIT_ADDR_OK
case O_EIGHT_BIT_ADDR_OK:
EightBitAddrOK = atobool(val);
break;
-#endif /* _FFR_EIGHT_BIT_ADDR_OK */
+#endif
#if _FFR_ADDR_TYPE_MODES
case O_ADDR_TYPE_MODES:
AddrTypeModes = atobool(val);
break;
-#endif /* _FFR_ADDR_TYPE_MODES */
+#endif
#if _FFR_BADRCPT_SHUTDOWN
case O_RCPTSHUTD:
@@ -4507,13 +4626,13 @@ setoption(opt, val, safe, sticky, e)
case O_REJECTNUL:
RejectNUL = atobool(val);
break;
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
#if _FFR_BOUNCE_QUEUE
case O_BOUNCEQUEUE:
bouncequeue = newstr(val);
break;
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
#if _FFR_ADD_BCC
case O_ADDBCC:
@@ -4524,6 +4643,42 @@ setoption(opt, val, safe, sticky, e)
UseCompressedIPv6Addresses = atobool(val);
break;
+#if DNSSEC_TEST
+ case O_NSPORTIP:
+ nsportip(val);
+ break;
+ case O_NSSRCHLIST:
+ NameSearchList = sm_strdup(val);
+ break;
+#endif
+
+#if DANE
+ case O_DANE:
+ if (sm_strcasecmp(val, "always") == 0)
+ Dane = DANE_ALWAYS;
+ else
+ Dane = atobool(val) ? DANE_SECURE : DANE_NEVER;
+ break;
+#endif
+
+#if _FFR_BLANKENV_MACV
+ case O_HACKS:
+ Hacks = (int) strtol(val, NULL, 0);
+ break;
+#endif
+
+#if _FFR_KEEPBCC
+ case O_KEEPBCC:
+ KeepBcc = atobool(val);
+ break;
+#endif
+
+# if _FFR_TLS_ALTNAMES
+ case O_CHECKALTNAMES:
+ SetCertAltnames = atobool(val);
+ break;
+# endif
+
default:
if (tTd(37, 1))
{
@@ -4614,7 +4769,7 @@ makemapentry(line)
register STAB *s;
STAB *class;
- for (p = line; isascii(*p) && isspace(*p); p++)
+ for (p = line; SM_ISSPACE(*p); p++)
continue;
if (!(isascii(*p) && isalnum(*p)))
{
@@ -4627,7 +4782,7 @@ makemapentry(line)
continue;
if (*p != '\0')
*p++ = '\0';
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (!(isascii(*p) && isalnum(*p)))
{
@@ -4639,7 +4794,7 @@ makemapentry(line)
continue;
if (*p != '\0')
*p++ = '\0';
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* look up the class */
@@ -4693,7 +4848,7 @@ strtorwset(p, endp, stabmode)
int ruleset;
static int nextruleset = MAXRWSETS;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (!isascii(*p))
{
@@ -4725,7 +4880,7 @@ strtorwset(p, endp, stabmode)
syserr("invalid ruleset name: \"%.20s\"", q);
return -1;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
delim = *p;
if (delim != '\0')
@@ -5114,13 +5269,13 @@ settimeout(name, val, sticky)
case TO_AUTH:
TimeOuts.to_auth = toval;
break;
-#endif /* SASL */
+#endif
#if STARTTLS
case TO_STARTTLS:
TimeOuts.to_starttls = toval;
break;
-#endif /* STARTTLS */
+#endif
default:
syserr("settimeout: invalid timeout %s", name);
@@ -5176,18 +5331,18 @@ inittimeouts(val, sticky)
TimeOuts.to_miscshort = (time_t) 2 MINUTES;
#if IDENTPROTO
TimeOuts.to_ident = (time_t) 5 SECONDS;
-#else /* IDENTPROTO */
+#else
TimeOuts.to_ident = (time_t) 0 SECONDS;
-#endif /* IDENTPROTO */
+#endif
TimeOuts.to_fileopen = (time_t) 60 SECONDS;
TimeOuts.to_control = (time_t) 2 MINUTES;
TimeOuts.to_lhlo = (time_t) 2 MINUTES;
#if SASL
TimeOuts.to_auth = (time_t) 10 MINUTES;
-#endif /* SASL */
+#endif
#if STARTTLS
TimeOuts.to_starttls = (time_t) 1 HOUR;
-#endif /* STARTTLS */
+#endif
if (tTd(37, 5))
{
sm_dprintf("Timeouts:\n");
@@ -5225,7 +5380,7 @@ inittimeouts(val, sticky)
for (;; val = p)
{
- while (isascii(*val) && isspace(*val))
+ while (SM_ISSPACE(*val))
val++;
if (*val == '\0')
break;
generated by cgit v1.3 (git 2.53.0) at 2026-05-30 12:10:46 +0000