20210705
- Bugfix (introduced: Postfix 3.3): with "header_from_format
- = standard" (the default as of Postfix 3.3) the cleanup
- daemon crashed with a "null pointer read" error when email
- was submitted with /usr/sbin/sendmail without From: header,
- and an all-space full name was specified in the password
- file, with "sendmail -F", or with the NAME environment
- variable. Found by Renaud Metrich. File:
- cleanup/cleanup_message.c.
+ Bugfix (introduced: Postfix 3.3): "null pointer read" error
+ in the cleanup daemon when "header_from_format = standard"
+ (the default as of Postfix 3.3) and email was submitted
+ with /usr/sbin/sendmail without From: header, and an all-space
+ full name was specified in 1) the password file, 2) with
+ "sendmail -F", or 3) with the NAME environment variable.
+ Found by Renaud Metrich. File: cleanup/cleanup_message.c.
20210708
Bugfix (introduced: 1999): the Postfix SMTP server was
sending all session transcripts to the error_notice_recipient,
instead of sending transcripts of bounced mail to the
- bounce_notice_recipient. File: smtpd/smtpd_chat.c.
+ bounce_notice_recipient. Reported by Hans van Zijst. File:
+ smtpd/smtpd_chat.c.
20210713
- Cleanup: the 20060903 code for record loop detection was
- comparing memory addresses instead of queue file names. It
- now properly compares strings. File: global/record.c.
+ Bugfix (introduced: Postfix 2.4): false "too many reverse
+ jump" warnings in the showq daemon. The loop detection code
+ was comparing memory addresses instead of queue file names.
+ It now properly compares strings. Reported by Mehmet Avcioglu.
+ File: global/record.c.
+
+20210724
+
+ Cleanup: missing const in the 20210713 bugfix. File:
+ global/record.c.
+
+20210728
+
+ Bitrot: GLIBC 2.34 has closefrom(), and of course their
+ interface is different. File: util/sys_defs.h.
+
+20210804
+
+ Cleanup: replace ad-hoc object-to-VSTRING serialization with
+ attr_print*() based serialization. Files: tls/tls_proxy.h,
+ tls/tls_proxy_client_misc.c, tlsproxy.c/tlsproxy.c.
+
+ Cleanup: left-over code from a DANE on/off workaround. File:
+ tlsproxy.c/tlsproxy.c.
+
+ Constified the object argument of functions that write objects
+ to VSTREAM. Files: global/bounce.c, global/defer.c,
+ global/deliver_pass.c, global/deliver_request.c,
+ global/dsn_print.c, global/dsn_print.h,
+ global/msg_stats.h, global/msg_stats_print.c,
+ global/rcpt_print.c, global/rcpt_print.h, global/trace.c,
+ milter/milter8.c, milter/milter.c, milter/milter.h,
+ milter/milter_macros.c, oqmgr/qmgr_deliver.c,
+ qmgr/qmgr_deliver.c, tls/tls_proxy_client_misc.c,
+ tls/tls_proxy_client_print.c, tls/tls_proxy_context_print.c,
+ tls/tls_proxy.h, tls/tls_proxy_server_print.c, util/argv_attr.h,
+ util/argv_attr_print.c, util/attr.h.
Add verp=+= to the qmgr "from=" logging.
+ Need canonical Dovecot example that has virtual_mailbox_domains,
+ (virtual_mailbox_maps or reject unverified_recipient), and
+ virtual_transport.
+
In addition to the xxx_per_record_deadline, specify
a minimum data rate for the DATA stage.
SEND_ATTR_INT(MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND),
SEND_ATTR_INT(MAIL_ATTR_FLAGS, flags),
SEND_ATTR_STR(MAIL_ATTR_QUEUEID, id),
- SEND_ATTR_FUNC(rcpt_print, (void *) rcpt),
- SEND_ATTR_FUNC(dsn_print, (void *) &my_dsn),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) rcpt),
+ SEND_ATTR_FUNC(dsn_print, (const void *) &my_dsn),
ATTR_TYPE_END) == 0
&& ((flags & DEL_REQ_FLAG_RECORD) == 0
|| trace_append(flags, id, stats, rcpt, relay,
SEND_ATTR_STR(MAIL_ATTR_SENDER, sender),
SEND_ATTR_STR(MAIL_ATTR_DSN_ENVID, dsn_envid),
SEND_ATTR_INT(MAIL_ATTR_DSN_RET, dsn_ret),
- SEND_ATTR_FUNC(rcpt_print, (void *) rcpt),
- SEND_ATTR_FUNC(dsn_print, (void *) &my_dsn),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) rcpt),
+ SEND_ATTR_FUNC(dsn_print, (const void *) &my_dsn),
ATTR_TYPE_END) == 0
&& ((flags & DEL_REQ_FLAG_RECORD) == 0
|| trace_append(flags, id, stats, rcpt, relay,
SEND_ATTR_INT(MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND),
SEND_ATTR_INT(MAIL_ATTR_FLAGS, flags),
SEND_ATTR_STR(MAIL_ATTR_QUEUEID, id),
- SEND_ATTR_FUNC(rcpt_print, (void *) rcpt),
- SEND_ATTR_FUNC(dsn_print, (void *) &my_dsn),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) rcpt),
+ SEND_ATTR_FUNC(dsn_print, (const void *) &my_dsn),
ATTR_TYPE_END) != 0)
msg_warn("%s: %s service failure", id, var_defer_service);
log_adhoc(id, stats, rcpt, relay, &my_dsn, "deferred");
SEND_ATTR_STR(MAIL_ATTR_SENDER, request->sender),
SEND_ATTR_STR(MAIL_ATTR_DSN_ENVID, request->dsn_envid),
SEND_ATTR_INT(MAIL_ATTR_DSN_RET, request->dsn_ret),
- SEND_ATTR_FUNC(msg_stats_print, (void *) &request->msg_stats),
+ SEND_ATTR_FUNC(msg_stats_print, (const void *) &request->msg_stats),
/* XXX Should be encapsulated with ATTR_TYPE_FUNC. */
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_NAME, request->client_name),
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_ADDR, request->client_addr),
SEND_ATTR_INT(MAIL_ATTR_RCPT_COUNT, 1),
ATTR_TYPE_END);
attr_print(stream, ATTR_FLAG_NONE,
- SEND_ATTR_FUNC(rcpt_print, (void *) rcpt),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) rcpt),
ATTR_TYPE_END);
if (vstream_fflush(stream)) {
msg_info("deliver_request_final: send: \"%s\" %d",
hop_status->reason, status);
attr_print(stream, ATTR_FLAG_NONE,
- SEND_ATTR_FUNC(dsn_print, (void *) hop_status),
+ SEND_ATTR_FUNC(dsn_print, (const void *) hop_status),
SEND_ATTR_INT(MAIL_ATTR_STATUS, status),
ATTR_TYPE_END);
if ((err = vstream_fflush(stream)) != 0)
/* the specified attribute print routine. dsn_print() is meant
/* to be passed as a call-back to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(dsn_print, (void *) dsn), ...
+/* ... SEND_ATTR_FUNC(dsn_print, (const void *) dsn), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* dsn_print - write DSN to stream */
int dsn_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
DSN *dsn = (DSN *) ptr;
int ret;
/*
* External interface.
*/
-extern int dsn_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int dsn_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
/* LICENSE
/* .ad
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20210717"
+#define MAIL_RELEASE_DATE "20210807"
#define MAIL_VERSION_NUMBER "3.7"
#ifdef SNAPSHOT
)
extern int msg_stats_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
-extern int msg_stats_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int msg_stats_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
/* LICENSE
/* .ad
/* msg_stats_print() is meant to be passed as a call-back to
/* attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(msg_stats_print, (void *) stats), ...
+/* ... SEND_ATTR_FUNC(msg_stats_print, (const void *) stats), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* msg_stats_print - write MSG_STATS to stream */
int msg_stats_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
int ret;
/* routine. rcpt_print() is meant to be passed as a call-back
/* to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(rcpt_print, (void *) recipient), ...
+/* ... SEND_ATTR_FUNC(rcpt_print, (const void *) recipient), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* rcpt_print - write recipient to stream */
int rcpt_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
RECIPIENT *rcpt = (RECIPIENT *) ptr;
int ret;
/*
* External interface.
*/
-extern int rcpt_print(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
+extern int rcpt_print(ATTR_SCAN_COMMON_FN, VSTREAM *, int, const void *);
/* LICENSE
/* .ad
int rec_goto(VSTREAM *stream, const char *buf)
{
off_t offset;
- static const char *saved_path;
+ static char *saved_path;
static off_t saved_offset;
static int reverse_count;
SEND_ATTR_INT(MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND),
SEND_ATTR_INT(MAIL_ATTR_FLAGS, flags),
SEND_ATTR_STR(MAIL_ATTR_QUEUEID, id),
- SEND_ATTR_FUNC(rcpt_print, (void *) rcpt),
- SEND_ATTR_FUNC(dsn_print, (void *) &my_dsn),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) rcpt),
+ SEND_ATTR_FUNC(dsn_print, (const void *) &my_dsn),
ATTR_TYPE_END) != 0) {
msg_warn("%s: %s service failure", id, var_trace_service);
req_stat = -1;
*/
(void) attr_print(stream, ATTR_FLAG_MORE,
SEND_ATTR_FUNC(milter_macros_print,
- (void *) milters->macros),
+ (const void *) milters->macros),
ATTR_TYPE_END);
/*
const char *, const char *);
extern MILTER_MACROS *milter_macros_alloc(int);
extern void milter_macros_free(MILTER_MACROS *);
-extern int milter_macros_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int milter_macros_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int milter_macros_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
#define MILTER_MACROS_ALLOC_ZERO 1 /* null pointer */
|| (milter->m.macros != 0
&& attr_print(stream, ATTR_FLAG_NONE,
SEND_ATTR_FUNC(milter_macros_print,
- (void *) milter->m.macros),
+ (const void *) milter->m.macros),
ATTR_TYPE_END) != 0)
|| (milter->m.macros == 0
&& attr_print(stream, ATTR_FLAG_NONE,
/* print routine. milter_macros_print() is meant to be passed
/* as a call-back to attr_print*(), thusly:
/*
-/* SEND_ATTR_FUNC(milter_macros_print, (void *) macros),
+/* SEND_ATTR_FUNC(milter_macros_print, (const void *) macros),
/*
/* milter_macros_scan() reads a MILTER_MACROS structure from
/* the named stream using the specified attribute scan routine.
/* milter_macros_print - write macros structure to stream */
int milter_macros_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
MILTER_MACROS *mp = (MILTER_MACROS *) ptr;
int ret;
SEND_ATTR_STR(MAIL_ATTR_SENDER, sender),
SEND_ATTR_STR(MAIL_ATTR_DSN_ENVID, message->dsn_envid),
SEND_ATTR_INT(MAIL_ATTR_DSN_RET, message->dsn_ret),
- SEND_ATTR_FUNC(msg_stats_print, (void *) &stats),
+ SEND_ATTR_FUNC(msg_stats_print, (const void *) &stats),
/* XXX Should be encapsulated with ATTR_TYPE_FUNC. */
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_NAME, message->client_name),
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_ADDR, message->client_addr),
vstring_free(sender_buf);
for (recipient = list.info; recipient < list.info + list.len; recipient++)
attr_print(stream, ATTR_FLAG_NONE,
- SEND_ATTR_FUNC(rcpt_print, (void *) recipient),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) recipient),
ATTR_TYPE_END);
if (vstream_fflush(stream) != 0) {
msg_warn("write to process (%s): %m", entry->queue->transport->name);
SEND_ATTR_STR(MAIL_ATTR_SENDER, sender),
SEND_ATTR_STR(MAIL_ATTR_DSN_ENVID, message->dsn_envid),
SEND_ATTR_INT(MAIL_ATTR_DSN_RET, message->dsn_ret),
- SEND_ATTR_FUNC(msg_stats_print, (void *) &stats),
+ SEND_ATTR_FUNC(msg_stats_print, (const void *) &stats),
/* XXX Should be encapsulated with ATTR_TYPE_FUNC. */
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_NAME, message->client_name),
SEND_ATTR_STR(MAIL_ATTR_LOG_CLIENT_ADDR, message->client_addr),
vstring_free(sender_buf);
for (recipient = list.info; recipient < list.info + list.len; recipient++)
attr_print(stream, ATTR_FLAG_NONE,
- SEND_ATTR_FUNC(rcpt_print, (void *) recipient),
+ SEND_ATTR_FUNC(rcpt_print, (const void *) recipient),
ATTR_TYPE_END);
if (vstream_fflush(stream) != 0) {
msg_warn("write to process (%s): %m", entry->queue->transport->name);
* tls_proxy_client_param_scan.c.
*/
extern TLS_CLIENT_PARAMS *tls_proxy_client_param_from_config(TLS_CLIENT_PARAMS *);
-extern char *tls_proxy_client_param_to_string(VSTRING *, TLS_CLIENT_PARAMS *);
-extern char *tls_proxy_client_param_with_names_to_string(VSTRING *, TLS_CLIENT_PARAMS *);
-extern int tls_proxy_client_param_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern char *tls_proxy_client_param_serialize(ATTR_PRINT_COMMON_FN, VSTRING *, const TLS_CLIENT_PARAMS *);
+extern int tls_proxy_client_param_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern void tls_proxy_client_param_free(TLS_CLIENT_PARAMS *);
extern int tls_proxy_client_param_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
extern TLS_SESS_STATE *tls_proxy_context_receive(VSTREAM *);
extern void tls_proxy_context_free(TLS_SESS_STATE *);
-extern int tls_proxy_context_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int tls_proxy_context_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int tls_proxy_context_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
-extern int tls_proxy_client_init_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int tls_proxy_client_init_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int tls_proxy_client_init_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
extern void tls_proxy_client_init_free(TLS_CLIENT_INIT_PROPS *);
-extern char *tls_proxy_client_init_to_string(VSTRING *, TLS_CLIENT_INIT_PROPS *);
-extern char *tls_proxy_client_init_with_names_to_string(VSTRING *, TLS_CLIENT_INIT_PROPS *);
+extern char *tls_proxy_client_init_serialize(ATTR_PRINT_COMMON_FN, VSTRING *, const TLS_CLIENT_INIT_PROPS *);
-extern int tls_proxy_client_start_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int tls_proxy_client_start_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int tls_proxy_client_start_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
extern void tls_proxy_client_start_free(TLS_CLIENT_START_PROPS *);
-extern int tls_proxy_server_init_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int tls_proxy_server_init_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
extern void tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *);
-extern int tls_proxy_server_start_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int tls_proxy_server_start_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
extern void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *);
/* TLS_CLIENT_PARAMS *tls_proxy_client_param_from_config(params)
/* TLS_CLIENT_PARAMS *params;
/*
-/* char *tls_proxy_client_param_to_string(buf, params)
+/* char *tls_proxy_client_param_serialize(print_fn, buf, params)
+/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTRING *buf;
-/* TLS_CLIENT_PARAMS *params;
+/* const TLS_CLIENT_PARAMS *params;
/*
-/* char *tls_proxy_client_param_with_names_to_string(buf, params)
+/* char *tls_proxy_client_init_serialize(print_fn, buf, init_props)
+/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTRING *buf;
-/* TLS_CLIENT_PARAMS *params;
-/*
-/* char *tls_proxy_client_init_to_string(buf, init_props)
-/* VSTRING *buf;
-/* TLS_CLIENT_INIT_PROPS *init_props;
+/* const TLS_CLIENT_INIT_PROPS *init_props;
/* DESCRIPTION
/* tls_proxy_client_param_from_config() initializes a TLS_CLIENT_PARAMS
/* structure from configuration parameters and returns its
/* argument. Strings are not copied. The result must therefore
/* not be passed to tls_proxy_client_param_free().
/*
-/* tls_proxy_client_param_to_string() produces a lookup key
-/* that is unique for the TLS_CLIENT_PARAMS member values.
-/*
-/* tls_proxy_client_param_with_names_to_string() produces a
-/* string with "name = value\n" for each TLS_CLIENT_PARAMS
-/* member. This may be useful for reporting differences between
-/* TLS_CLIENT_PARAMS instances.
-/*
-/* tls_proxy_client_init_to_string() produces a lookup key
-/* that is unique for the properties received by
-/* tls_proxy_client_init_scan().
-/*
-/* tls_proxy_client_init_with_names_to_string() produces a
-/* string with "name = value\n" for each TLS_CLIENT_INIT_PROPS
-/* member. This may be useful for reporting differences between
-/* TLS_CLIENT_INIT_PROPS instances.
+/* tls_proxy_client_param_serialize() and
+/* tls_proxy_client_init_serialize() serialize the specified
+/* object to a memory buffer, using the specified print function
+/* (typically, attr_print_plain). The result can be used
+/* determine whether there are any differences between instances
+/* of the same object type.
/* LICENSE
/* .ad
/* .fi
return (params);
}
-/* tls_proxy_client_param_to_string - serialize TLS_CLIENT_PARAMS to string */
-
-char *tls_proxy_client_param_to_string(VSTRING *buf, TLS_CLIENT_PARAMS *params)
-{
- vstring_sprintf(buf, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n"
- "%s\n%s\n%d\n%d\n%d\n%d\n%d\n",
- params->tls_high_clist, params->tls_medium_clist,
- params->tls_low_clist, params->tls_export_clist,
- params->tls_null_clist, params->tls_eecdh_auto,
- params->tls_eecdh_strong, params->tls_eecdh_ultra,
- params->tls_bug_tweaks, params->tls_ssl_options,
- params->tls_dane_digests, params->tls_mgr_service,
- params->tls_tkt_cipher, params->tls_daemon_rand_bytes,
- params->tls_append_def_CA, params->tls_bc_pkey_fprint,
- params->tls_preempt_clist, params->tls_multi_wildcard);
- return (vstring_str(buf));
-}
-
-/* tls_proxy_client_param_with_names_to_string - serialize TLS_CLIENT_PARAMS to string */
-
-char *tls_proxy_client_param_with_names_to_string(VSTRING *buf, TLS_CLIENT_PARAMS *params)
-{
- vstring_sprintf(buf, "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
- "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
- "%s = %s\n%s = %s\n%s = %d\n"
- "%s = %d\n%s = %d\n%s = %d\n%s = %d\n",
- VAR_TLS_HIGH_CLIST, params->tls_high_clist,
- VAR_TLS_MEDIUM_CLIST, params->tls_medium_clist,
- VAR_TLS_LOW_CLIST, params->tls_low_clist,
- VAR_TLS_EXPORT_CLIST, params->tls_export_clist,
- VAR_TLS_NULL_CLIST, params->tls_null_clist,
- VAR_TLS_EECDH_AUTO, params->tls_eecdh_auto,
- VAR_TLS_EECDH_STRONG, params->tls_eecdh_strong,
- VAR_TLS_EECDH_ULTRA, params->tls_eecdh_ultra,
- VAR_TLS_BUG_TWEAKS, params->tls_bug_tweaks,
- VAR_TLS_SSL_OPTIONS, params->tls_ssl_options,
- VAR_TLS_DANE_DIGESTS, params->tls_dane_digests,
- VAR_TLS_MGR_SERVICE, params->tls_mgr_service,
- VAR_TLS_TKT_CIPHER, params->tls_tkt_cipher,
- VAR_TLS_DAEMON_RAND_BYTES, params->tls_daemon_rand_bytes,
- VAR_TLS_APPEND_DEF_CA, params->tls_append_def_CA,
- VAR_TLS_BC_PKEY_FPRINT, params->tls_bc_pkey_fprint,
- VAR_TLS_PREEMPT_CLIST, params->tls_preempt_clist,
- VAR_TLS_MULTI_WILDCARD, params->tls_multi_wildcard);
- return (vstring_str(buf));
-}
-
-/* tls_proxy_client_init_to_string - serialize to string */
+/* tls_proxy_client_param_serialize - serialize TLS_CLIENT_PARAMS to string */
-char *tls_proxy_client_init_to_string(VSTRING *buf,
- TLS_CLIENT_INIT_PROPS *props)
+char *tls_proxy_client_param_serialize(ATTR_PRINT_COMMON_FN print_fn,
+ VSTRING *buf,
+ const TLS_CLIENT_PARAMS *params)
{
- vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n%s\n"
- "%s\n%s\n%s\n%s\n%s\n", props->log_param,
- props->log_level, props->verifydepth,
- props->cache_type, props->chain_files,
- props->cert_file, props->key_file,
- props->dcert_file, props->dkey_file,
- props->eccert_file, props->eckey_file,
- props->CAfile, props->CApath, props->mdalg);
+ const char myname[] = "tls_proxy_client_param_serialize";
+ VSTREAM *mp;
+
+ if ((mp = vstream_memopen(buf, O_WRONLY)) == 0
+ || print_fn(mp, ATTR_FLAG_NONE,
+ SEND_ATTR_FUNC(tls_proxy_client_param_print,
+ (const void *) params),
+ ATTR_TYPE_END) != 0
+ || vstream_fclose(mp) != 0)
+ msg_fatal("%s: can't serialize properties: %m", myname);
return (vstring_str(buf));
}
-/* tls_proxy_client_init_with_names_to_string - serialize to string */
+/* tls_proxy_client_init_serialize - serialize to string */
-char *tls_proxy_client_init_with_names_to_string(VSTRING *buf,
- TLS_CLIENT_INIT_PROPS *props)
+char *tls_proxy_client_init_serialize(ATTR_PRINT_COMMON_FN print_fn,
+ VSTRING *buf,
+ const TLS_CLIENT_INIT_PROPS *props)
{
- vstring_sprintf(buf, "%s = %s\n%s = %s\n%s = %d\n%s = %s\n%s = %s\n"
- "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
- "%s = %s\n%s = %s\n%s = %s\n%s = %s\n",
- TLS_ATTR_LOG_PARAM, props->log_param,
- TLS_ATTR_LOG_LEVEL, props->log_level,
- TLS_ATTR_VERIFYDEPTH, props->verifydepth,
- TLS_ATTR_CACHE_TYPE, props->cache_type,
- TLS_ATTR_CHAIN_FILES, props->chain_files,
- TLS_ATTR_CERT_FILE, props->cert_file,
- TLS_ATTR_KEY_FILE, props->key_file,
- TLS_ATTR_DCERT_FILE, props->dcert_file,
- TLS_ATTR_DKEY_FILE, props->dkey_file,
- TLS_ATTR_ECCERT_FILE, props->eccert_file,
- TLS_ATTR_ECKEY_FILE, props->eckey_file,
- TLS_ATTR_CAFILE, props->CAfile,
- TLS_ATTR_CAPATH, props->CApath,
- TLS_ATTR_MDALG, props->mdalg);
+ const char myname[] = "tls_proxy_client_init_serialize";
+ VSTREAM *mp;
+
+ if ((mp = vstream_memopen(buf, O_WRONLY)) == 0
+ || print_fn(mp, ATTR_FLAG_NONE,
+ SEND_ATTR_FUNC(tls_proxy_client_init_print,
+ (const void *) props),
+ ATTR_TYPE_END) != 0
+ || vstream_fclose(mp) != 0)
+ msg_fatal("%s: can't serialize properties: %m", myname);
return (vstring_str(buf));
}
/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTREAM *stream;
/* int flags;
-/* void *ptr;
+/* const void *ptr;
/*
/* int tls_proxy_client_init_print(print_fn, stream, flags, ptr)
/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTREAM *stream;
/* int flags;
-/* void *ptr;
+/* const void *ptr;
/*
/* int tls_proxy_client_start_print(print_fn, stream, flags, ptr)
/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTREAM *stream;
/* int flags;
-/* void *ptr;
+/* const void *ptr;
/* DESCRIPTION
/* tls_proxy_client_param_print() writes a TLS_CLIENT_PARAMS structure to
/* the named stream using the specified attribute print routine.
/* tls_proxy_client_param_print() is meant to be passed as a call-back to
/* attr_print(), thusly:
/*
-/* SEND_ATTR_FUNC(tls_proxy_client_param_print, (void *) param), ...
+/* SEND_ATTR_FUNC(tls_proxy_client_param_print, (const void *) param), ...
/*
/* tls_proxy_client_init_print() writes a full TLS_CLIENT_INIT_PROPS
/* structure to the named stream using the specified attribute
/* print routine. tls_proxy_client_init_print() is meant to
/* be passed as a call-back to attr_print(), thusly:
/*
-/* SEND_ATTR_FUNC(tls_proxy_client_init_print, (void *) init_props), ...
+/* SEND_ATTR_FUNC(tls_proxy_client_init_print, (const void *) init_props), ...
/*
/* tls_proxy_client_start_print() writes a TLS_CLIENT_START_PROPS
/* structure, without stream or file descriptor members, to
/* tls_proxy_client_start_print() is meant to be passed as a
/* call-back to attr_print(), thusly:
/*
-/* SEND_ATTR_FUNC(tls_proxy_client_start_print, (void *) start_props), ...
+/* SEND_ATTR_FUNC(tls_proxy_client_start_print, (const void *) start_props), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* tls_proxy_client_param_print - send TLS_CLIENT_PARAMS over stream */
int tls_proxy_client_param_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
- TLS_CLIENT_PARAMS *params = (TLS_CLIENT_PARAMS *) ptr;
+ const TLS_CLIENT_PARAMS *params = (const TLS_CLIENT_PARAMS *) ptr;
int ret;
if (msg_verbose)
/* tls_proxy_client_init_print - send TLS_CLIENT_INIT_PROPS over stream */
int tls_proxy_client_init_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
- TLS_CLIENT_INIT_PROPS *props = (TLS_CLIENT_INIT_PROPS *) ptr;
+ const TLS_CLIENT_INIT_PROPS *props = (const TLS_CLIENT_INIT_PROPS *) ptr;
int ret;
if (msg_verbose)
/* tls_proxy_client_tlsa_print - send TLS_TLSA over stream */
static int tls_proxy_client_tlsa_print(ATTR_PRINT_COMMON_FN print_fn,
- VSTREAM *fp, int flags, void *ptr)
+ VSTREAM *fp, int flags, const void *ptr)
{
- TLS_TLSA *head = (TLS_TLSA *) ptr;
- TLS_TLSA *tp;
+ const TLS_TLSA *head = (const TLS_TLSA *) ptr;
+ const TLS_TLSA *tp;
int count;
int ret;
/* tls_proxy_client_dane_print - send TLS_DANE over stream */
static int tls_proxy_client_dane_print(ATTR_PRINT_COMMON_FN print_fn,
- VSTREAM *fp, int flags, void *ptr)
+ VSTREAM *fp, int flags, const void *ptr)
{
- TLS_DANE *dane = (TLS_DANE *) ptr;
+ const TLS_DANE *dane = (const TLS_DANE *) ptr;
int ret;
ret = print_fn(fp, flags | ATTR_FLAG_MORE,
SEND_ATTR_STR(TLS_ATTR_DOMAIN,
STRING_OR_EMPTY(dane->base_domain)),
SEND_ATTR_FUNC(tls_proxy_client_tlsa_print,
- (void *) dane->tlsa),
+ (const void *) dane->tlsa),
ATTR_TYPE_END);
}
/* Do not flush the stream. */
/* tls_proxy_client_start_print - send TLS_CLIENT_START_PROPS over stream */
int tls_proxy_client_start_print(ATTR_PRINT_COMMON_FN print_fn,
- VSTREAM *fp, int flags, void *ptr)
+ VSTREAM *fp, int flags, const void *ptr)
{
- TLS_CLIENT_START_PROPS *props = (TLS_CLIENT_START_PROPS *) ptr;
+ const TLS_CLIENT_START_PROPS *props = (const TLS_CLIENT_START_PROPS *) ptr;
int ret;
if (msg_verbose)
SEND_ATTR_STR(TLS_ATTR_CIPHER_EXCLUSIONS,
STRING_OR_EMPTY(props->cipher_exclusions)),
SEND_ATTR_FUNC(argv_attr_print,
- (void *) props->matchargv),
+ (const void *) props->matchargv),
SEND_ATTR_STR(TLS_ATTR_MDALG,
STRING_OR_EMPTY(props->mdalg)),
SEND_ATTR_FUNC(tls_proxy_client_dane_print,
- (void *) props->dane),
+ (const void *) props->dane),
ATTR_TYPE_END);
/* Do not flush the stream. */
if (msg_verbose)
/* ATTR_PRINT_COMMON_FN print_fn;
/* VSTREAM *stream;
/* int flags;
-/* void *ptr;
+/* const void *ptr;
/* DESCRIPTION
/* tls_proxy_context_print() writes the public members of a
/* TLS_ATTR_STATE structure to the named stream using the
/* specified attribute print routine. tls_proxy_context_print()
/* is meant to be passed as a call-back to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(tls_proxy_context_print, (void *) tls_context), ...
+/* ... SEND_ATTR_FUNC(tls_proxy_context_print, (const void *) tls_context), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* tls_proxy_context_print - send TLS session state over stream */
int tls_proxy_context_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
- TLS_SESS_STATE *tp = (TLS_SESS_STATE *) ptr;
+ const TLS_SESS_STATE *tp = (const TLS_SESS_STATE *) ptr;
int ret;
#define STRING_OR_EMPTY(s) ((s) ? (s) : "")
/* routine. tls_proxy_server_init_print() is meant to be passed as
/* a call-back to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(tls_proxy_server_init_print, (void *) init_props), ...
+/* ... SEND_ATTR_FUNC(tls_proxy_server_init_print, (const void *) init_props), ...
/*
/* tls_proxy_server_start_print() writes a TLS_SERVER_START_PROPS
/* structure to the named stream using the specified attribute print
/* routine. tls_proxy_server_start_print() is meant to be passed as
/* a call-back to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(tls_proxy_server_start_print, (void *) start_props), ...
+/* ... SEND_ATTR_FUNC(tls_proxy_server_start_print, (const void *) start_props), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE
/* tls_proxy_server_init_print - send TLS_SERVER_INIT_PROPS over stream */
int tls_proxy_server_init_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
- TLS_SERVER_INIT_PROPS *props = (TLS_SERVER_INIT_PROPS *) ptr;
+ const TLS_SERVER_INIT_PROPS *props = (const TLS_SERVER_INIT_PROPS *) ptr;
int ret;
#define STRING_OR_EMPTY(s) ((s) ? (s) : "")
/* tls_proxy_server_start_print - send TLS_SERVER_START_PROPS over stream */
int tls_proxy_server_start_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
- TLS_SERVER_START_PROPS *props = (TLS_SERVER_START_PROPS *) ptr;
+ const TLS_SERVER_START_PROPS *props = (const TLS_SERVER_START_PROPS *) ptr;
int ret;
#define STRING_OR_EMPTY(s) ((s) ? (s) : "")
char *param_key;
VSTRING *init_buf;
char *init_key;
- VSTRING *init_buf_for_hashing;
- char *init_key_for_hashing;
int log_hints = 0;
/*
* First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the
* pre-jail request TLS_CLIENT_PARAMS and TLSPROXY_CLIENT_INIT_PROPS
* settings, so that we can detect post-jail requests that do not match.
- *
- * Workaround: salt the hash-table key with DANE on/off info. This avoids
- * cross-talk between DANE and non-DANE sessions. Postfix DANE support
- * modifies SSL_CTX to override certificate verification because there is
- * no other way to do this before OpenSSL 1.1.0.
*/
param_buf = vstring_alloc(100);
- param_key = tls_proxy_client_param_with_names_to_string(
- param_buf, tls_params);
+ param_key = tls_proxy_client_param_serialize(attr_print_plain, param_buf,
+ tls_params);
init_buf = vstring_alloc(100);
- init_key = tls_proxy_client_init_with_names_to_string(
- init_buf, init_props);
- init_buf_for_hashing = vstring_alloc(100);
- init_key_for_hashing = STR(vstring_sprintf(init_buf_for_hashing, "%s\n",
- init_key));
+ init_key = tls_proxy_client_init_serialize(attr_print_plain, init_buf,
+ init_props);
if (tlsp_pre_jail_done == 0) {
if (tlsp_pre_jail_client_param_key == 0
|| tlsp_pre_jail_client_init_key == 0) {
* Look up the cached TLS_APPL_STATE for this tls_client_init request.
*/
if ((appl_state = (TLS_APPL_STATE *)
- htable_find(tlsp_client_app_cache, init_key_for_hashing)) == 0) {
+ htable_find(tlsp_client_app_cache, init_key)) == 0) {
/*
* Before creating a TLS_APPL_STATE instance, log a warning if a
*/
if (appl_state == 0
&& (appl_state = tls_client_init(init_props)) != 0) {
- (void) htable_enter(tlsp_client_app_cache, init_key_for_hashing,
+ (void) htable_enter(tlsp_client_app_cache, init_key,
(void *) appl_state);
/*
SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
}
- vstring_free(init_buf_for_hashing);
vstring_free(init_buf);
vstring_free(param_buf);
return (appl_state);
#define ARGV_ATTR_VALUE "argv_value"
#define ARGV_ATTR_MAX 1024
-extern int argv_attr_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+extern int argv_attr_print(ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
extern int argv_attr_scan(ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
/* LICENSE
/* the specified attribute print routine. argv_attr_print() is meant
/* to be passed as a call-back to attr_print(), thusly:
/*
-/* ... SEND_ATTR_FUNC(argv_attr_print, (void *) argv), ...
+/* ... SEND_ATTR_FUNC(argv_attr_print, (const void *) argv), ...
/* DIAGNOSTICS
/* Fatal: out of memory.
/*
/* argv_attr_print - write ARGV to stream */
int argv_attr_print(ATTR_PRINT_COMMON_FN print_fn, VSTREAM *fp,
- int flags, void *ptr)
+ int flags, const void *ptr)
{
ARGV *argv = (ARGV *) ptr;
int n;
typedef int (*ATTR_SCAN_COMMON_FN) (VSTREAM *, int,...);
typedef int (*ATTR_SCAN_CUSTOM_FN) (ATTR_SCAN_COMMON_FN, VSTREAM *, int, void *);
typedef int (*ATTR_PRINT_COMMON_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_PRINT_CUSTOM_FN) (ATTR_PRINT_COMMON_FN, VSTREAM *, int, void *);
+typedef int (*ATTR_PRINT_CUSTOM_FN) (ATTR_PRINT_COMMON_FN, VSTREAM *, int, const void *);
/*
* Attribute types. See attr_scan(3) for documentation.
#define HAVE_POSIX_GETPW_R
#endif
#endif
+#if HAVE_GLIBC_API_VERSION_SUPPORT(2, 34)
+#define HAS_CLOSEFROM
+#endif
#endif
projects / thirdparty / postfix.git / commitdiff
