Cleanup: simplified a tlsproxy-internal API. File:
tlsproxy/tlsproxy.c.
+
+20181201
+
+ Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
+ calls with safe vstring_set_payload_size() calls, in code
+ that directly writes into VSTRING. Files: tls/tls_session.c,
+ tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
+ xsasl/xsasl_cyrus_client.c.
+
+ Cleanup: postscreen_command_time_limit did not need to be
+ a 'raw' parameter. This makes "postconf -x" behavior more
+ consistent. Files: global/mail_params.h, postscreen/postscreen.c.
+
+ Documentation: added text that the following parameter
+ values are not subject to Postfix parameter $name expansion:
+ default_rbl_reply, command_execution_directory, luser_relay,
+ smtpd_reject_footer. These have their own documented $name
+ substitution mechanism. File: proto/postconf.proto.
Wish list:
- Declumsify code that calls vstream_fread() to read data
- into VSTRING buffer. This needs vstream_fread_buf(VSTREAM *,
- VSTRING *, ssize_t) which calls VSTRING_SPACE(), appends
- data to the buffer, and calls VSTRING_AT_OFFSET(). Current
- code is error-prone.
-
With DICT_FLAG_RHS_IS_FILE, should dict_update() open a
file? base64-encode the value?
to ~0 so that STARTTLS, BDAT, DSN, etc. work only for clients
that send EHLO.
+ Wordsmithing: "replace by X" -> "replace with X" unless X
+ is "responsible" for making the substitution.
+
In postscreen, don't fork after 'postfix reload' when
psc_check_queue_length (and psc_post_queue_length?) is zero.
- With smtpd_reject_footer=$foo in master.cf, and foo defined
- in main.cf, postconf complains about an unused setting in
- main.cf. Note that "postconf -Px" will expand $name in
- the parameter value, which is probably why the warning
- exists.
-
Things to do before the stable release:
Spell-check, double-word check, HTML validator check,
external command. Failure to change directory causes the delivery
to be deferred. </p>
-<p> The following $name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>
-before the directory is changed. Expansion happens in the context
+<p> The <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> value is not subject to Postfix
+configuration parameter $name expansion. Instead, the following
+$name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> before the
+directory is used. Expansion happens in the context
of the delivery request. The result of $name expansion is filtered
with the character set that is specified with the
<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p>
</p>
<p>
-The template is subject to exactly one level of $name substitution:
+The template does not support Postfix configuration parameter $name
+substitution. Instead, it supports exactly one level of $name
+substitution for the following attributes:
</p>
<dl>
file with user-specified delivery methods. The first file that is
found is used. </p>
-<p> The following $name expansions are done on <a href="postconf.5.html#forward_path">forward_path</a> before
-the search actually happens. The result of $name expansion is
+<p> The <a href="postconf.5.html#forward_path">forward_path</a> value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done on <a href="postconf.5.html#forward_path">forward_path</a> before the search actually happens.
+The result of $name expansion is
filtered with the character set that is specified with the
<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p>
</p>
<p>
-The following $name expansions are done on <a href="postconf.5.html#luser_relay">luser_relay</a>:
+The <a href="postconf.5.html#luser_relay">luser_relay</a> value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done:
</p>
<dl>
</p>
<p>
-This parameter is not subjected to $parameter expansion.
+The <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> value is not subject to Postfix configuration
+parameter $name expansion.
</p>
<p>
file, or before it is returned to the sender in a delivery status
notification. </p>
-<p> This feature supports a limited number of $name attributes in
-the footer text. These are replaced by their current value for the
-SMTP session. </p>
+<p> The template text is not subject to Postfix configuration
+parameter $name expansion. Instead, this feature supports a limited
+number of $name attributes in the footer text. These attributes are
+replaced with their current value for the SMTP session. </p>
<p> Note: specify $$name in footer text that is looked up from
<a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>:-based <a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>, otherwise the
accepted for this parameter.</p>
<p> This feature is available in Postfix 3.4 and later. Prior versions use
-"<a href="postconf.5.html#line_length_limit">line_length_limit</a>", which may need to be raised to accomodate larger client
-responses, as may be needed with GSSAPI authenticaiton of Windows AD users
+"<a href="postconf.5.html#line_length_limit">line_length_limit</a>", which may need to be raised to accommodate larger client
+responses, as may be needed with GSSAPI authentication of Windows AD users
who are members of many groups. </p>
external command. Failure to change directory causes the delivery
to be deferred.
.PP
-The following $name expansions are done on command_execution_directory
-before the directory is changed. Expansion happens in the context
+The command_execution_directory value is not subject to Postfix
+configuration parameter $name expansion. Instead, the following
+$name expansions are done on command_execution_directory before the
+directory is used. Expansion happens in the context
of the delivery request. The result of $name expansion is filtered
with the character set that is specified with the
execution_directory_expansion_filter parameter.
.PP
This feature is available in Postfix 2.0 and later.
.PP
-The template is subject to exactly one level of $name substitution:
+The template does not support Postfix configuration parameter $name
+substitution. Instead, it supports exactly one level of $name
+substitution for the following attributes:
.IP "\fB$client\fR"
The client hostname and IP address, formatted as name[address].
.br
file with user\-specified delivery methods. The first file that is
found is used.
.PP
-The following $name expansions are done on forward_path before
-the search actually happens. The result of $name expansion is
+The forward_path value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done on forward_path before the search actually happens.
+The result of $name expansion is
filtered with the character set that is specified with the
forward_expansion_filter parameter.
.IP "\fB$user\fR"
$mydestination, $inet_interfaces or $proxy_interfaces is returned
as undeliverable.
.PP
-The following $name expansions are done on luser_relay:
+The luser_relay value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done:
.IP "\fB$domain\fR"
The recipient domain.
.br
templates. Characters not in the allowed set are replaced by "_".
Use C like escapes to specify special characters such as whitespace.
.PP
-This parameter is not subjected to $parameter expansion.
+The smtpd_expansion_filter value is not subject to Postfix configuration
+parameter $name expansion.
.PP
This feature is available in Postfix 2.0 and later.
.SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
file, or before it is returned to the sender in a delivery status
notification.
.PP
-This feature supports a limited number of $name attributes in
-the footer text. These are replaced by their current value for the
-SMTP session.
+The template text is not subject to Postfix configuration
+parameter $name expansion. Instead, this feature supports a limited
+number of $name attributes in the footer text. These attributes are
+replaced with their current value for the SMTP session.
.PP
Note: specify $$name in footer text that is looked up from
regexp: or pcre:\-based smtpd_reject_footer_maps, otherwise the
accepted for this parameter.
.PP
This feature is available in Postfix 3.4 and later. Prior versions use
-"line_length_limit", which may need to be raised to accomodate larger client
-responses, as may be needed with GSSAPI authenticaiton of Windows AD users
+"line_length_limit", which may need to be raised to accommodate larger client
+responses, as may be needed with GSSAPI authentication of Windows AD users
who are members of many groups.
.SH smtpd_sasl_security_options (default: noanonymous)
Postfix SMTP server SASL security options; as of Postfix 2.3
</p>
<p>
-The template is subject to exactly one level of $name substitution:
+The template does not support Postfix configuration parameter $name
+substitution. Instead, it supports exactly one level of $name
+substitution for the following attributes:
</p>
<dl>
</ul>
-%PARAM smtpd_expansion_filter see "postconf -d" output
-
-<p>
-The smtpd_expansion_filter configuration parameter controls what
-characters may appear in $name expansions.
-</p>
-
%PARAM default_recipient_limit 20000
<p>
external command. Failure to change directory causes the delivery
to be deferred. </p>
-<p> The following $name expansions are done on command_execution_directory
-before the directory is changed. Expansion happens in the context
+<p> The command_execution_directory value is not subject to Postfix
+configuration parameter $name expansion. Instead, the following
+$name expansions are done on command_execution_directory before the
+directory is used. Expansion happens in the context
of the delivery request. The result of $name expansion is filtered
with the character set that is specified with the
execution_directory_expansion_filter parameter. </p>
file with user-specified delivery methods. The first file that is
found is used. </p>
-<p> The following $name expansions are done on forward_path before
-the search actually happens. The result of $name expansion is
+<p> The forward_path value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done on forward_path before the search actually happens.
+The result of $name expansion is
filtered with the character set that is specified with the
forward_expansion_filter parameter. </p>
</p>
<p>
-The following $name expansions are done on luser_relay:
+The luser_relay value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done:
</p>
<dl>
</p>
<p>
-This parameter is not subjected to $parameter expansion.
+The smtpd_expansion_filter value is not subject to Postfix configuration
+parameter $name expansion.
</p>
<p>
accepted for this parameter.</p>
<p> This feature is available in Postfix 3.4 and later. Prior versions use
-"line_length_limit", which may need to be raised to accomodate larger client
-responses, as may be needed with GSSAPI authenticaiton of Windows AD users
+"line_length_limit", which may need to be raised to accommodate larger client
+responses, as may be needed with GSSAPI authentication of Windows AD users
who are members of many groups. </p>
%PARAM cyrus_sasl_config_path
file, or before it is returned to the sender in a delivery status
notification. </p>
-<p> This feature supports a limited number of $name attributes in
-the footer text. These are replaced by their current value for the
-SMTP session. </p>
+<p> The template text is not subject to Postfix configuration
+parameter $name expansion. Instead, this feature supports a limited
+number of $name attributes in the footer text. These attributes are
+replaced with their current value for the SMTP session. </p>
<p> Note: specify $$name in footer text that is looked up from
regexp: or pcre:-based smtpd_reject_footer_maps, otherwise the
#define VAR_PSC_CMD_TIME "postscreen_command_time_limit"
#define DEF_PSC_CMD_TIME DEF_SMTPD_TMOUT
-extern char *var_psc_cmd_time;
+extern int var_psc_cmd_time;
#define VAR_PSC_WATCHDOG "postscreen_watchdog_timeout"
#define DEF_PSC_WATCHDOG "10s"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20181130"
+#define MAIL_RELEASE_DATE "20181202"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
int var_psc_barlf_ttl;
int var_psc_cmd_count;
-char *var_psc_cmd_time;
+int var_psc_cmd_time;
char *var_dnsblog_service;
char *var_tlsproxy_service;
0,
};
static const CONFIG_TIME_TABLE time_table[] = {
+ VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, &var_psc_cmd_time, 1, 0,
VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, &var_psc_greet_wait, 1, 0,
VAR_PSC_PREGR_TTL, DEF_PSC_PREGR_TTL, &var_psc_pregr_ttl, 1, 0,
VAR_PSC_DNSBL_MIN_TTL, DEF_PSC_DNSBL_MIN_TTL, &var_psc_dnsbl_min_ttl, 1, 0,
0,
};
static const CONFIG_RAW_TABLE raw_table[] = {
- VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, &var_psc_cmd_time, 1, 0,
VAR_SMTPD_REJ_FOOTER, DEF_SMTPD_REJ_FOOTER, &var_smtpd_rej_footer, 0, 0,
VAR_PSC_REJ_FOOTER, DEF_PSC_REJ_FOOTER, &var_psc_rej_footer, 0, 0,
VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter, 1, 0,
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*
/* Victor Duchovni
/* Morgan Stanley
/*--*/
vstring_free(session_data);
return (0);
}
- VSTRING_AT_OFFSET(session_data, actual_size); /* XXX not public */
+ vstring_set_payload_size(session_data, actual_size);
return (session_data);
}
} else {
VSTRING_SPACE(buffer, len);
RAND_bytes((unsigned char *) STR(buffer), len);
- VSTRING_AT_OFFSET(buffer, len); /* XXX not part of the
- * official interface */
+ vstring_set_payload_size(buffer, len);
status = TLS_MGR_STAT_OK;
}
}
space_needed = ucasemap_utf8FoldCase(csm, STR(dest) + old_len,
vstring_avail(dest), src, len, &error);
if (U_SUCCESS(error)) {
- VSTRING_AT_OFFSET(dest, old_len + space_needed);
+ vstring_set_payload_size(dest, old_len + space_needed);
if (vstring_avail(dest) == 0) /* exact fit, no terminator */
VSTRING_TERMINATE(dest); /* add terminator */
break;
/* Utility library. */
+#define VSTRING_INTERNAL
+
#include "mymalloc.h"
#include "msg.h"
#include "vbuf_print.h"
/* VSTRING *vp;
/* ssize_t len;
/*
+/* VSTRING *vstring_set_payload_size(vp, len)
+/* VSTRING *vp;
+/* ssize_t len;
+/*
/* void VSTRING_RESET(vp)
/* VSTRING *vp;
/*
/* The operation has no effect when the string is shorter.
/* The string is not null-terminated.
/*
+/* vstring_set_payload_size() sets the number of 'used' bytes
+/* in the named buffer's metadata. This determines the buffer
+/* write position and the VSTRING_LEN() result. The payload
+/* size must be within the closed range [0, number of allocated
+/* bytes]. The typical usage is to request buffer space with
+/* VSTRING_SPACE(), to use some non-VSTRING operations to write
+/* to the buffer, and to call vstring_set_payload_size() to
+/* update buffer metadata, perhaps followed by VSTRING_TERMINATE().
+/*
/* VSTRING_RESET() is a macro that resets the write position of its
/* string argument to the very beginning. Note that VSTRING_RESET()
/* is an unsafe macro that evaluates some arguments more than once.
/* Utility library. */
+#define VSTRING_INTERNAL
+
#include "mymalloc.h"
#include "msg.h"
#include "vbuf_print.h"
return (vp);
}
+/* vstring_set_payload_size - public version of VSTRING_AT_OFFSET */
+
+VSTRING *vstring_set_payload_size(VSTRING *vp, ssize_t len)
+{
+ if (len < 0 || len > vp->vbuf.len)
+ msg_panic("vstring_set_payload_size: invalid offset: %ld", (long) len);
+ VSTRING_AT_OFFSET(vp, len);
+ return (vp);
+}
+
/* vstring_strcpy - copy string */
VSTRING *vstring_strcpy(VSTRING *vp, const char *src)
extern VSTRING *vstring_alloc(ssize_t);
extern void vstring_ctl(VSTRING *,...);
extern VSTRING *vstring_truncate(VSTRING *, ssize_t);
+extern VSTRING *vstring_set_payload_size(VSTRING *, ssize_t);
extern VSTRING *vstring_free(VSTRING *);
extern VSTRING *vstring_strcpy(VSTRING *, const char *);
extern VSTRING *vstring_strncpy(VSTRING *, const char *, ssize_t);
* The following macro is not part of the public interface, because it can
* really screw up a buffer by positioning past allocated memory.
*/
+#ifdef VSTRING_INTERNAL
#define VSTRING_AT_OFFSET(vp, offset) do { \
(vp)->vbuf.ptr = (vp)->vbuf.data + (offset); \
(vp)->vbuf.cnt = (vp)->vbuf.len - (offset); \
} while (0)
+#endif
extern VSTRING *vstring_vsprintf(VSTRING *, const char *, va_list);
extern VSTRING *vstring_vsprintf_append(VSTRING *, const char *, va_list);
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/*
&enc_length_out)) != SASL_OK)
msg_panic("%s: sasl_encode64 botch: %s",
myname, xsasl_cyrus_strerror(sasl_status));
- VSTRING_AT_OFFSET(init_resp, enc_length_out); /* XXX */
+ vstring_set_payload_size(init_resp, enc_length_out);
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
projects / thirdparty / postfix.git / commitdiff
