From: Wietse Z Venema Date: Sun, 16 Nov 2025 05:00:00 +0000 (-0500) Subject: postfix-3.11-20251116 X-Git-Tag: v3.11.0-RC1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5264d741da6f3c1652a00fcbd1f071ec0312c2b2;p=thirdparty%2Fpostfix.git postfix-3.11-20251116 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 4900500a9..71b5b6358 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -30016,10 +30016,28 @@ Apologies for any names omitted. Merged the non-production REQUIRETLS branch. -TODO +20251115 - Decide whether or how to enable REQUIRETLS for non-SMTP - inputs: qmqpd.c ot pickup (sendmail). The smtputf8 auto-detect - strategy is not applicable because REQUIRETLS trumps - "TLS-Required: no". It should be easy for sendmail submissions - to choose whether TLS shall be required or optional. + Code cleanup: migrate "#ifdef TEST" code from foo.c to + foo_test.c. Files: util/Makefile.in, global/login_sender_match.c, + global/login_sender_match_test.c, util/hash_fnv.c, + util/hash_fnv_test.c. There are about 143 more of these. + + Cleanup: fix malformed postconf(5) nroff source. The HTML + to MAN converter did not escape an initial ' in text after + a
tag. This broke some smtp_log_tls_feature_status + examples. File: mantools/postconf2man. + +20250116 + + Cleanup: missing #include , missing #ifdef USE_TLS. + postconf/postconf_unused.c, posttls-finger/posttls-finger.c, + smtp/lmtp_params.c, smtp/smtp.h, smtp/smtp_params.c, + smtp/smtp_proto.c, smtp/smtp_state.c. + + Documentation: added whitespace to make smtp_requiretls_policy + examples easier to read. Files: proto/REQUIRETLS_README.html, + proto/postconf.proto. + + Testing: add 'update' to global library test targets. File: + global/Makefile.in. diff --git a/postfix/README_FILES/REQUIRETLS_README b/postfix/README_FILES/REQUIRETLS_README index 0078447d1..72eaf1681 100644 --- a/postfix/README_FILES/REQUIRETLS_README +++ b/postfix/README_FILES/REQUIRETLS_README @@ -116,12 +116,12 @@ For REQUIRETLS, the relevant Postfix 3.11 configuration default settings are: 4 lmtp_requiretls_policy = opportunistic 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ - 11 {0.0.0.0/0 opportunistic} - 12 {::/0 opportunistic} } + 11 { 0.0.0.0/0 opportunistic } + 12 { ::/0 opportunistic } } 13 ...to be completed in section "Communication with external servers"... @@ -203,12 +203,12 @@ FILTER_README. 4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ - 11 {0.0.0.0/0 opportunistic} - 12 {::/0 opportunistic} } + 11 { 0.0.0.0/0 opportunistic } + 12 { ::/0 opportunistic } } 13 enforce * New at line 13: The 'enforce' policy for external destinations is @@ -253,12 +253,12 @@ STS policy. The configuration below makes that change by replacing the default 4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ - 11 {0.0.0.0/0 opportunistic} - 12 {::/0 opportunistic} } + 11 { 0.0.0.0/0 opportunistic } + 12 { ::/0 opportunistic } } 13 opportunistic+starttls * New at line 13: the 'opportunistic+starttls' policy relaxes the requirement diff --git a/postfix/html/REQUIRETLS_README.html b/postfix/html/REQUIRETLS_README.html index 70ab2bd49..b29a5b78d 100644 --- a/postfix/html/REQUIRETLS_README.html +++ b/postfix/html/REQUIRETLS_README.html @@ -165,12 +165,12 @@ settings are:

4 lmtp_requiretls_policy = opportunistic 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 ...to be completed in section "Communication with external servers"... @@ -273,12 +273,12 @@ does not use content inspection based on SMTPD 4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 enforce @@ -336,12 +336,12 @@ below makes that change by replacing the default 'enforce' with 4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 opportunistic+starttls diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 516becd14..f0d689939 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3273,9 +3273,9 @@ start-up error.

contains the default setting: 

 smtp_requiretls_policy = inline:{
-    {${domain_to_ascii{$mydomain}} = opportunistic },
-    {.${domain_to_ascii{$mydomain}} = opportunistic },
-     ... }
+    { ${domain_to_ascii{$mydomain}} = opportunistic },
+    { .${domain_to_ascii{$mydomain}} = opportunistic },
+     ...

  • Example 1: when mydomain contains only ASCII characters, @@ -3283,9 +3283,9 @@ contains the default setting: 

     # postconf -o 'mydomain=foo.example' -x smtp_requiretls_policy
 smtp_requiretls_policy = inline:{
-    {foo.example = opportunistic},
-    {.foo.example = opportunistic},
-     ... }
+    { foo.example = opportunistic },
+    { .foo.example = opportunistic },
+     ...

  • Example 2: when mydomain contains non-ASCII characters, @@ -3293,9 +3293,9 @@ contains the default setting: 

     # postconf -o 'mydomain=π.example' -x smtp_requiretls_policy
 smtp_requiretls_policy = inline:{
-    {xn--1xa.example = opportunistic},
-    {.xn--1xa.example = opportunistic},
-    ... }
+    { xn--1xa.example = opportunistic },
+    { .xn--1xa.example = opportunistic },
+     ...
    @@ -13006,12 +13006,12 @@ names.

    3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 enforce @@ -13035,12 +13035,12 @@ and you will need to enter explicit ASCII domain names.

    3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 opportunistic+starttls @@ -13052,12 +13052,12 @@ file for easier maintenance.

    smtp_tls_policy_maps = ...dane/sts plugin... smtp_requiretls_policy = inline:{ - {${domain_to_ascii{$mydomain}} = opportunistic} - {.${domain_to_ascii{$mydomain}} = opportunistic} - {localhost = opportunistic} } + { ${domain_to_ascii{$mydomain}} = opportunistic } + { .${domain_to_ascii{$mydomain}} = opportunistic } + { localhost = opportunistic } } cidr:{ - {0.0.0.0/0 opportunistic}, - {::/0 opportunistic} }, + { 0.0.0.0/0 opportunistic }, + { ::/0 opportunistic } }, hash:/etc/postfix/requiretls-per-site opportunistic+starttls diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index dd4caaa78..aad40767b 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2057,9 +2057,9 @@ contains the default setting: .nf .na smtp_requiretls_policy = inline:{ - {${domain_to_ascii{$mydomain}} = opportunistic }, - {.${domain_to_ascii{$mydomain}} = opportunistic }, - ... } + { ${domain_to_ascii{$mydomain}} = opportunistic }, + { .${domain_to_ascii{$mydomain}} = opportunistic }, + ... .fi .ad .IP \(bu @@ -2070,9 +2070,9 @@ domain_to_ascii{} returns the same value. .na # postconf \-o 'mydomain=foo.example' \-x smtp_requiretls_policy smtp_requiretls_policy = inline:{ - {foo.example = opportunistic}, - {.foo.example = opportunistic}, - ... } + { foo.example = opportunistic }, + { .foo.example = opportunistic }, + ... .fi .ad .IP \(bu @@ -2083,9 +2083,9 @@ domain_to_ascii{} returns the Punycode representation. .na # postconf \-o 'mydomain=π.example' \-x smtp_requiretls_policy smtp_requiretls_policy = inline:{ - {xn\-\-1xa.example = opportunistic}, - {.xn\-\-1xa.example = opportunistic}, - ... } + { xn\-\-1xa.example = opportunistic }, + { .xn\-\-1xa.example = opportunistic }, + ... .fi .ad .br @@ -7897,46 +7897,46 @@ connection failed before or in the TLS handshake. Examples for REQUIRETLS policies (set with smtp_requiretls_policy), where "\fIxxx\fR" is a TLS security level: .IP "tls=xxx/requiretls" -'Enforce' policy compliant. +\&ddEnforce' policy compliant. After a successful TLS handshake that required a certificate match, the remote server announced REQUIRETLS support, and the client sent REQUIRETLS. .IP "tls=xxx/!requiretls:nocertmatch" -'Enforce' policy +\&ddEnforce' policy violation. The connection was not used because the remote server certificate did not match as required by the TLS security policy, or no connection was made because the TLS security policy disabled server certificate matching. .br .IP "tls=xxx/requiretls:nocertmatch" -'Opportunistic+starttls' +\&ddOpportunistic+starttls' or 'opportunistic' policy compliant. After a successful TLS handshake that did not require a server certificate match, the remote server announced REQUIRETLS support, and the client sent REQUIRETLS. .br .IP "tls=xxx/!requiretls:nostarttls" -'Enforce' or +\&ddEnforce' or \&'opportunistic+starttls' policy violation. The connection was not used because the remote server did not support STARTTLS. .br .IP "tls=xxx/!requiretls:noencryption" -'Enforce' or +\&ddEnforce' or \&'opportunistic+starttls' policy violation. No connection was made used because the TLS security policy disabled encryption. .br .IP "tls=xxx/!requiretls:none" -'Enforce' policy violation. +\&ddEnforce' policy violation. After a successful TLS handshake, the connection was not used because the remote server did not support REQUIRETLS. .br .IP "tls=xxx/requiretls:none" -'Opportunistic+starttls' +\&ddOpportunistic+starttls' policy compliant. After a successful TLS handshake, the remote server did not announce REQUIRETLS support, and the connection was used without sending REQUIRETLS. .br .IP "tls=xxx/requiretls:none" -'Opportunistic' policy +\&ddOpportunistic' policy compliant. The remote server did not announce support for STARTTLS or REQUIRETLS, and the connection was used without sending REQUIRETLS. .br @@ -8364,12 +8364,12 @@ names. 3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 enforce .fi .ad @@ -8396,12 +8396,12 @@ and you will need to enter explicit ASCII domain names. 3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 opportunistic+starttls .fi .ad @@ -8416,12 +8416,12 @@ file for easier maintenance. smtp_tls_policy_maps = ...dane/sts plugin... smtp_requiretls_policy = inline:{ - {${domain_to_ascii{$mydomain}} = opportunistic} - {.${domain_to_ascii{$mydomain}} = opportunistic} - {localhost = opportunistic} } + { ${domain_to_ascii{$mydomain}} = opportunistic } + { .${domain_to_ascii{$mydomain}} = opportunistic } + { localhost = opportunistic } } cidr:{ - {0.0.0.0/0 opportunistic}, - {::/0 opportunistic} }, + { 0.0.0.0/0 opportunistic }, + { ::/0 opportunistic } }, hash:/etc/postfix/requiretls\-per\-site opportunistic+starttls .sp diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man index f8d7cd29e..601547460 100755 --- a/postfix/mantools/postconf2man +++ b/postfix/mantools/postconf2man @@ -39,6 +39,7 @@ while(<>) { #$block =~ s/\n\./\n\\\&./g; $block =~ s/\n\./\n\134\&./g; $block =~ s/\n'/\n\134\&'/g; + $block =~ s/(<(p|dd|br)+>\s*)(['.])/$1\134\&$2/g; if ($block =~ /

    /) { $block =~ s/

    ]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g; $block =~ tr/a-z/A-Z/; diff --git a/postfix/proto/REQUIRETLS_README.html b/postfix/proto/REQUIRETLS_README.html index 42c4dfcb7..a3b0c4a32 100644 --- a/postfix/proto/REQUIRETLS_README.html +++ b/postfix/proto/REQUIRETLS_README.html @@ -165,12 +165,12 @@ settings are:

    4 lmtp_requiretls_policy = opportunistic 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 ...to be completed in section "Communication with external servers"... @@ -273,12 +273,12 @@ FILTER_README.

    4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 enforce @@ -336,12 +336,12 @@ below makes that change by replacing the default 'enforce' with 4 requiretls_esmtp_header = yes 5 smtp_requiretls_policy = 6 inline:{ - 7 {${domain_to_ascii{$mydomain}} = opportunistic} - 8 {.${domain_to_ascii{$mydomain}} = opportunistic} - 9 {localhost = opportunistic} } + 7 { ${domain_to_ascii{$mydomain}} = opportunistic } + 8 { .${domain_to_ascii{$mydomain}} = opportunistic } + 9 { localhost = opportunistic } } 10 cidr:{ -11 {0.0.0.0/0 opportunistic} -12 {::/0 opportunistic} } +11 { 0.0.0.0/0 opportunistic } +12 { ::/0 opportunistic } } 13 opportunistic+starttls diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index a352a322e..b642166b4 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -19879,12 +19879,12 @@ names.

    3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 enforce @@ -19908,12 +19908,12 @@ and you will need to enter explicit ASCII domain names.

    3 smtp_tls_policy_maps = ...dane/sts plugin... 4 smtp_requiretls_policy = 5 inline:{ - 6 {${domain_to_ascii{$mydomain}} = opportunistic} - 7 {.${domain_to_ascii{$mydomain}} = opportunistic} - 8 {localhost = opportunistic} } + 6 { ${domain_to_ascii{$mydomain}} = opportunistic } + 7 { .${domain_to_ascii{$mydomain}} = opportunistic } + 8 { localhost = opportunistic } } 9 cidr:{ -10 {0.0.0.0/0 opportunistic}, -11 {::/0 opportunistic} }, +10 { 0.0.0.0/0 opportunistic }, +11 { ::/0 opportunistic } }, 12 opportunistic+starttls @@ -19925,12 +19925,12 @@ file for easier maintenance.

    smtp_tls_policy_maps = ...dane/sts plugin... smtp_requiretls_policy = inline:{ - {${domain_to_ascii{$mydomain}} = opportunistic} - {.${domain_to_ascii{$mydomain}} = opportunistic} - {localhost = opportunistic} } + { ${domain_to_ascii{$mydomain}} = opportunistic } + { .${domain_to_ascii{$mydomain}} = opportunistic } + { localhost = opportunistic } } cidr:{ - {0.0.0.0/0 opportunistic}, - {::/0 opportunistic} }, + { 0.0.0.0/0 opportunistic }, + { ::/0 opportunistic } }, hash:/etc/postfix/requiretls-per-site opportunistic+starttls @@ -20215,9 +20215,9 @@ start-up error.

    contains the default setting: 

     smtp_requiretls_policy = inline:{
-    {${domain_to_ascii{$mydomain}} = opportunistic },
-    {.${domain_to_ascii{$mydomain}} = opportunistic },
-     ... }
+    { ${domain_to_ascii{$mydomain}} = opportunistic },
+    { .${domain_to_ascii{$mydomain}} = opportunistic },
+     ...

  • Example 1: when mydomain contains only ASCII characters, @@ -20225,9 +20225,9 @@ domain_to_ascii{} returns the same value. 

     # postconf -o 'mydomain=foo.example' -x smtp_requiretls_policy
 smtp_requiretls_policy = inline:{
-    {foo.example = opportunistic},
-    {.foo.example = opportunistic}, 
-     ... }
+    { foo.example = opportunistic },
+    { .foo.example = opportunistic }, 
+     ...

  • Example 2: when mydomain contains non-ASCII characters, @@ -20235,9 +20235,9 @@ domain_to_ascii{} returns the Punycode representation. 

     # postconf -o 'mydomain=π.example' -x smtp_requiretls_policy
 smtp_requiretls_policy = inline:{
-    {xn--1xa.example = opportunistic},
-    {.xn--1xa.example = opportunistic},
-    ... }
+    { xn--1xa.example = opportunistic },
+    { .xn--1xa.example = opportunistic },
+     ...
    diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 9385bcb4a..bb2e2418f 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -250,3 +250,4 @@ proto proto REQUIRETLS_README html global mail_params hc showq showq c Ditto for sendmail O smtputf8 yes no smtpd smtpd c smtp smtp_connect c smtp smtp_proto c util mac_expand ref proto postconf proto proto Makefile in + smtp lmtp_params c smtp smtp h smtp smtp_params c diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 01b9fa291..a57ef1446 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -133,7 +133,7 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \ data_redirect addr_match_list safe_ultostr verify_sender_addr \ mail_version mail_dict server_acl uxtext mail_parm_split \ fold_addr smtp_reply_footer mail_addr_map normalize_mailhost_addr \ - haproxy_srvr_test map_search delivered_hdr login_sender_match \ + haproxy_srvr_test map_search delivered_hdr login_sender_match_test \ compat_level config_known_tcp_ports hfrom_format rfc2047_code \ ascii_header_text sendopts_test dict_sqlite_test pol_stats_test @@ -394,7 +394,7 @@ map_search: map_search.c $(LIB) $(LIBS) delivered_hdr: delivered_hdr.c $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) -login_sender_match: login_sender_match.c $(LIB) $(LIBS) +login_sender_match_test: login_sender_match_test.c $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) compat_level: compat_level.c $(LIB) $(LIBS) @@ -431,7 +431,7 @@ tests: tok822_test mime_tests strip_addr_test tok822_limit_test \ smtp_reply_footer_test off_cvt_test mail_addr_crunch_test \ mail_addr_find_test mail_addr_map_test quote_822_local_test \ normalize_mailhost_addr_test test_haproxy_srvr map_search_test \ - delivered_hdr_test login_sender_match_test compat_level_test \ + delivered_hdr_test test_login_sender_match compat_level_test \ config_known_tcp_ports_test hfrom_format_test rfc2047_code_test \ ascii_header_text_test test_sendopts test_dict_sqlite test_pol_stats @@ -762,10 +762,8 @@ delivered_hdr_test: update delivered_hdr delivered_hdr.ref diff delivered_hdr.ref delivered_hdr.tmp rm -f delivered_hdr.tmp -login_sender_match_test: update login_sender_match login_sender_match.ref - -$(SHLIB_ENV) $(VALGRIND) ./login_sender_match >login_sender_match.tmp 2>&1 - diff login_sender_match.ref login_sender_match.tmp - rm -f login_sender_match.tmp +test_login_sender_match: update login_sender_match_test + $(SHLIB_ENV) $(VALGRIND) ./login_sender_match_test compat_level_test: compat_level_expand_test compat_level_convert_test @@ -1702,6 +1700,20 @@ login_sender_match.o: maps.h login_sender_match.o: quote_822_local.h login_sender_match.o: quote_flags.h login_sender_match.o: strip_addr.h +login_sender_match_test.o: ../../include/argv.h +login_sender_match_test.o: ../../include/check_arg.h +login_sender_match_test.o: ../../include/dict.h +login_sender_match_test.o: ../../include/msg.h +login_sender_match_test.o: ../../include/msg_vstream.h +login_sender_match_test.o: ../../include/myflock.h +login_sender_match_test.o: ../../include/stringops.h +login_sender_match_test.o: ../../include/sys_defs.h +login_sender_match_test.o: ../../include/vbuf.h +login_sender_match_test.o: ../../include/vstream.h +login_sender_match_test.o: ../../include/vstring.h +login_sender_match_test.o: login_sender_match.h +login_sender_match_test.o: login_sender_match_test.c +login_sender_match_test.o: mail_params.h mail_addr.o: ../../include/check_arg.h mail_addr.o: ../../include/stringops.h mail_addr.o: ../../include/sys_defs.h diff --git a/postfix/src/global/login_sender_match.c b/postfix/src/global/login_sender_match.c index e263762ef..c03c53f3d 100644 --- a/postfix/src/global/login_sender_match.c +++ b/postfix/src/global/login_sender_match.c @@ -234,131 +234,3 @@ int login_sender_match(LOGIN_SENDER_MATCH *lsm, const char *login_name, } return (found_or_error); } - -#ifdef TEST - -int main(int argc, char **argv) -{ - struct testcase { - const char *title; - const char *map_names; - const char *ext_delimiters; - const char *null_sender; - const char *wildcard; - const char *login_name; - const char *sender_addr; - int exp_return; - }; - struct testcase testcases[] = { - {"wildcard works", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "root", "anything", LSM_STAT_FOUND - }, - {"unknown user", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "toor", "anything", LSM_STAT_NOTFOUND - }, - {"bare user", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "foo", LSM_STAT_FOUND - }, - {"user@domain", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "foo@example.com", LSM_STAT_FOUND - }, - {"user+ext@domain", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "foo+bar@example.com", LSM_STAT_FOUND - }, - {"wrong sender", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "bar@example.com", LSM_STAT_NOTFOUND - }, - {"@domain", - "inline:{root=*, {foo = @example.com}, bar=<>}", - "+-", "<>", "*", "foo", "anyone@example.com", LSM_STAT_FOUND - }, - {"wrong @domain", - "inline:{root=*, {foo = @example.com}, bar=<>}", - "+-", "<>", "*", "foo", "anyone@example.org", LSM_STAT_NOTFOUND - }, - {"null sender", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "bar", "", LSM_STAT_FOUND - }, - {"wrong null sender", - "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "baz", "", LSM_STAT_NOTFOUND - }, - {"error", - "inline:{root=*}, fail:sorry", - "+-", "<>", "*", "baz", "whatever", LSM_STAT_RETRY - }, - {"no error", - "inline:{root=*}, fail:sorry", - "+-", "<>", "*", "root", "whatever", LSM_STAT_FOUND - }, - {"unknown uid:number", - "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "uid:54321", "foo", LSM_STAT_NOTFOUND - }, - {"known uid:number", - "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}", - "+-", "<>", "*", "uid:12345", "foo", LSM_STAT_FOUND - }, - {"unknown \"other last\"", - "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "other last", LSM_STAT_NOTFOUND - }, - {"bare \"first last\"", - "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "first last", LSM_STAT_FOUND - }, - {"\"first last\"@domain", - "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", - "+-", "<>", "*", "foo", "first last@example.com", LSM_STAT_FOUND - }, - }; - struct testcase *tp; - int act_return; - int pass; - int fail; - LOGIN_SENDER_MATCH *lsm; - - /* - * Fake variable settings. - */ - var_double_bounce_sender = DEF_DOUBLE_BOUNCE; - var_ownreq_special = DEF_OWNREQ_SPECIAL; - -#define NUM_TESTS sizeof(testcases)/sizeof(testcases[0]) - - for (pass = fail = 0, tp = testcases; tp < testcases + NUM_TESTS; tp++) { - msg_info("RUN test case %ld %s", (long) (tp - testcases), tp->title); -#if 0 - msg_info("title=%s", tp->title); - msg_info("map_names=%s", tp->map_names); - msg_info("ext_delimiters=%s", tp->ext_delimiters); - msg_info("null_sender=%s", tp->null_sender); - msg_info("wildcard=%s", tp->wildcard); - msg_info("login_name=%s", tp->login_name); - msg_info("sender_addr=%s", tp->sender_addr); - msg_info("exp_return=%d", tp->exp_return); -#endif - lsm = login_sender_create("test map", tp->map_names, - tp->ext_delimiters, tp->null_sender, - tp->wildcard); - act_return = login_sender_match(lsm, tp->login_name, tp->sender_addr); - if (act_return == tp->exp_return) { - msg_info("PASS test %ld", (long) (tp - testcases)); - pass++; - } else { - msg_info("FAIL test %ld", (long) (tp - testcases)); - fail++; - } - login_sender_free(lsm); - } - return (fail > 0); -} - -#endif /* TEST */ diff --git a/postfix/src/global/login_sender_match_test.c b/postfix/src/global/login_sender_match_test.c new file mode 100644 index 000000000..36d806d52 --- /dev/null +++ b/postfix/src/global/login_sender_match_test.c @@ -0,0 +1,144 @@ + /* + * System library. + */ +#include + + /* + * Utility library. + */ +#include +#include +#include + + /* + * Global library. + */ +#include +#include + +int main(int argc, char **argv) +{ + struct testcase { + const char *title; + const char *map_names; + const char *ext_delimiters; + const char *null_sender; + const char *wildcard; + const char *login_name; + const char *sender_addr; + int exp_return; + }; + struct testcase testcases[] = { + {"wildcard works", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "root", "anything", LSM_STAT_FOUND + }, + {"unknown user", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "toor", "anything", LSM_STAT_NOTFOUND + }, + {"bare user", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "foo", LSM_STAT_FOUND + }, + {"user@domain", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "foo@example.com", LSM_STAT_FOUND + }, + {"user+ext@domain", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "foo+bar@example.com", LSM_STAT_FOUND + }, + {"wrong sender", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "bar@example.com", LSM_STAT_NOTFOUND + }, + {"@domain", + "inline:{root=*, {foo = @example.com}, bar=<>}", + "+-", "<>", "*", "foo", "anyone@example.com", LSM_STAT_FOUND + }, + {"wrong @domain", + "inline:{root=*, {foo = @example.com}, bar=<>}", + "+-", "<>", "*", "foo", "anyone@example.org", LSM_STAT_NOTFOUND + }, + {"null sender", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "bar", "", LSM_STAT_FOUND + }, + {"wrong null sender", + "inline:{root=*, {foo = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "baz", "", LSM_STAT_NOTFOUND + }, + {"error", + "inline:{root=*}, fail:sorry", + "+-", "<>", "*", "baz", "whatever", LSM_STAT_RETRY + }, + {"no error", + "inline:{root=*}, fail:sorry", + "+-", "<>", "*", "root", "whatever", LSM_STAT_FOUND + }, + {"unknown uid:number", + "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "uid:54321", "foo", LSM_STAT_NOTFOUND + }, + {"known uid:number", + "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}", + "+-", "<>", "*", "uid:12345", "foo", LSM_STAT_FOUND + }, + {"unknown \"other last\"", + "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "other last", LSM_STAT_NOTFOUND + }, + {"bare \"first last\"", + "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "first last", LSM_STAT_FOUND + }, + {"\"first last\"@domain", + "inline:{root=*, {foo = \"first last\",\"first last\"@example.com}, bar=<>}", + "+-", "<>", "*", "foo", "first last@example.com", LSM_STAT_FOUND + }, + }; + struct testcase *tp; + int act_return; + int pass; + int fail; + LOGIN_SENDER_MATCH *lsm; + + msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR); + + /* + * Fake variable settings. + */ + var_double_bounce_sender = DEF_DOUBLE_BOUNCE; + var_ownreq_special = DEF_OWNREQ_SPECIAL; + +#define NUM_TESTS sizeof(testcases)/sizeof(testcases[0]) + + for (pass = fail = 0, tp = testcases; tp < testcases + NUM_TESTS; tp++) { + msg_info("RUN test case %ld %s", (long) (tp - testcases), tp->title); +#if 0 + msg_info("title=%s", tp->title); + msg_info("map_names=%s", tp->map_names); + msg_info("ext_delimiters=%s", tp->ext_delimiters); + msg_info("null_sender=%s", tp->null_sender); + msg_info("wildcard=%s", tp->wildcard); + msg_info("login_name=%s", tp->login_name); + msg_info("sender_addr=%s", tp->sender_addr); + msg_info("exp_return=%d", tp->exp_return); +#endif + lsm = login_sender_create("test map", tp->map_names, + tp->ext_delimiters, tp->null_sender, + tp->wildcard); + act_return = login_sender_match(lsm, tp->login_name, tp->sender_addr); + if (act_return == tp->exp_return) { + msg_info("PASS test %ld", (long) (tp - testcases)); + pass++; + } else { + msg_info("FAIL test %ld", (long) (tp - testcases)); + fail++; + } + login_sender_free(lsm); + } + msg_info("PASS=%d FAIL=%d", pass, fail); + return (fail > 0); +} diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 1d6203993..a2a56d994 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20251114" +#define MAIL_RELEASE_DATE "20251116" #define MAIL_VERSION_NUMBER "3.11" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/postconf_unused.c b/postfix/src/postconf/postconf_unused.c index bf101119d..4ea7b87bb 100644 --- a/postfix/src/postconf/postconf_unused.c +++ b/postfix/src/postconf/postconf_unused.c @@ -45,6 +45,7 @@ /* System library. */ #include +#include #include /* Utility library. */ diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index a1971009a..b4f0ed1f9 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -1869,7 +1869,7 @@ static void usage(void) exit(1); } - +#ifdef USE_TLS #ifndef OPENSSL_NO_SSL_TRACE static void ssl_trace(int write_p, int version, int content_type, const void *buf, size_t msglen, SSL *ssl, void *arg) @@ -1883,7 +1883,7 @@ static void ssl_trace(int write_p, int version, int content_type, } #endif - +#endif /* tls_init - initialize application TLS library context */ diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c index 876decf0b..5b2445b68 100644 --- a/postfix/src/smtp/lmtp_params.c +++ b/postfix/src/smtp/lmtp_params.c @@ -143,8 +143,7 @@ VAR_LMTP_TLSRPT_SKIP_REUSED_HS, DEF_LMTP_TLSRPT_SKIP_REUSED_HS, &var_smtp_tlsrpt_skip_reused_hs, #ifdef USE_TLS VAR_LMTP_TLS_ENF_STS_MX_PAT, DEF_LMTP_TLS_ENF_STS_MX_PAT, &var_smtp_tls_enf_sts_mx_pat, -#endif - VAR_LMTP_TLS_ENF_STS_MX_PAT, DEF_LMTP_TLS_ENF_STS_MX_PAT, &var_smtp_tls_enf_sts_mx_pat, VAR_LMTP_LOG_TLS_FEATURE_STATUS, DEF_LMTP_LOG_TLS_FEATURE_STATUS, &var_log_tls_feature_status, +#endif 0, }; diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index df83a5fe8..c25288c84 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -209,8 +209,8 @@ typedef struct SMTP_STATE { struct TLSRPT_WRAPPER *tlsrpt; #endif int reqtls_level; /* from smtp_reqtls_policy */ - POL_STATS *tls_stats; /* TLS feature policy compliance */ #endif + POL_STATS *tls_stats; /* TLS feature policy compliance */ /* * Connection cache support. diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c index b6ddac534..63aac7f0f 100644 --- a/postfix/src/smtp/smtp_params.c +++ b/postfix/src/smtp/smtp_params.c @@ -147,8 +147,7 @@ VAR_SMTP_TLSRPT_SKIP_REUSED_HS, DEF_SMTP_TLSRPT_SKIP_REUSED_HS, &var_smtp_tlsrpt_skip_reused_hs, #ifdef USE_TLS VAR_SMTP_TLS_ENF_STS_MX_PAT, DEF_SMTP_TLS_ENF_STS_MX_PAT, &var_smtp_tls_enf_sts_mx_pat, -#endif - VAR_SMTP_TLS_ENF_STS_MX_PAT, DEF_SMTP_TLS_ENF_STS_MX_PAT, &var_smtp_tls_enf_sts_mx_pat, VAR_SMTP_LOG_TLS_FEATURE_STATUS, DEF_SMTP_LOG_TLS_FEATURE_STATUS, &var_log_tls_feature_status, +#endif 0, }; diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 9e4238639..69a02311e 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -1901,11 +1901,14 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, xtext_quote_append(next_command, request->dsn_envid, "+="); } /* Fix 20250825: limit content exposure in bounce. */ +#ifdef USE_TLS if (state->reqtls_level > SMTP_REQTLS_POLICY_ACT_DISABLE && (session->features & SMTP_FEATURE_REQTLS) == 0) vstring_sprintf_append(next_command, " RET=%s", dsn_ret_str(DSN_RET_HDRS)); - else if (request->dsn_ret) + else +#endif + if (request->dsn_ret) vstring_sprintf_append(next_command, " RET=%s", dsn_ret_str(request->dsn_ret)); } diff --git a/postfix/src/smtp/smtp_state.c b/postfix/src/smtp/smtp_state.c index bb1e8f6a9..34fa70c6b 100644 --- a/postfix/src/smtp/smtp_state.c +++ b/postfix/src/smtp/smtp_state.c @@ -88,8 +88,8 @@ SMTP_STATE *smtp_state_alloc(void) if (var_log_tls_feature_status) state->tls_stats = pol_stats_create(); else - state->tls_stats = 0; #endif + state->tls_stats = 0; if (var_smtp_cache_conn) { state->dest_label = vstring_alloc(10); state->dest_prop = vstring_alloc(10); diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index e296d7972..328eb77f4 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -153,7 +153,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ valid_utf8_string ip_match base32_code msg_rate_delay netstring \ vstream timecmp dict_cache midna_domain casefold strcasecmp_utf8 \ vbuf_print split_qnameval vstream msg_logger byte_mask \ - known_tcp_ports dict_stream find_inet binhash hash_fnv argv \ + known_tcp_ports dict_stream find_inet binhash hash_fnv_test argv \ clean_env inet_prefix_top printable readlline quote_for_json \ normalize_ws valid_uri_scheme clean_ascii_cntrl_space \ normalize_v4mapped_addr_test ossl_digest_test dict_pipe_test \ @@ -458,10 +458,8 @@ binhash: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o -hash_fnv: $(LIB) - mv $@.o junk - $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) - mv junk $@.o +hash_fnv_test: $(LIB) update + $(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(SYSLIBS) unix_recv_fd: $(LIB) mv $@.o junk @@ -662,7 +660,7 @@ tests: all valid_hostname_test mac_expand_test dict_test unescape_test \ valid_utf8_string_test readlline_test quote_for_json_test \ normalize_ws_test valid_uri_scheme_test clean_ascii_cntrl_space_test \ test_normalize_v4mapped_addr test_ossl_digest test_dict_pipe \ - test_dict_union + test_dict_union test_hash_fnv dict_tests: all dict_test \ dict_pcre_tests dict_cidr_test dict_thash_test dict_static_test \ @@ -833,8 +831,8 @@ htable_test: htable /usr/share/dict/words binhash_test: binhash /usr/share/dict/words $(SHLIB_ENV) ${VALGRIND} ./binhash < /usr/share/dict/words -hash_fnv_test: hash_fnv - $(SHLIB_ENV) ${VALGRIND} ./hash_fnv +test_hash_fnv: hash_fnv_test + $(SHLIB_ENV) ${VALGRIND} ./hash_fnv_test hex_code_test: hex_code $(SHLIB_ENV) ${VALGRIND} ./hex_code @@ -2096,6 +2094,16 @@ hash_fnv.o: hash_fnv.h hash_fnv.o: ldseed.h hash_fnv.o: msg.h hash_fnv.o: sys_defs.h +hash_fnv_test.o: check_arg.h +hash_fnv_test.o: hash_fnv.h +hash_fnv_test.o: hash_fnv_test.c +hash_fnv_test.o: msg.h +hash_fnv_test.o: msg_vstream.h +hash_fnv_test.o: stringops.h +hash_fnv_test.o: sys_defs.h +hash_fnv_test.o: vbuf.h +hash_fnv_test.o: vstream.h +hash_fnv_test.o: vstring.h hex_code.o: check_arg.h hex_code.o: hex_code.c hex_code.o: hex_code.h diff --git a/postfix/src/util/hash_fnv.c b/postfix/src/util/hash_fnv.c index 3daf93fe7..6a7283255 100644 --- a/postfix/src/util/hash_fnv.c +++ b/postfix/src/util/hash_fnv.c @@ -137,101 +137,3 @@ HASH_FNV_T hash_fnvz(const char *src) } return (hash); } - -#ifdef TEST -#include -#include -#include - -int main(void) -{ - int pass = 0; - int fail = 0; - - /* - * Sanity check. - */ -#ifdef STRICT_FNV1A - msg_fatal("This test requires no STRICT_FNV1A"); -#endif - - /* - * Force unseeded hash, to make tests predictable. - */ - if (putenv("NORANDOMIZE=") != 0) - msg_fatal("putenv(\"NORANDOMIZE=\"): %m"); - - /* - * Test: hashing produces the expected results. - */ - { - struct testcase { - HASH_FNV_T hval; - const char *str; - }; - static struct testcase testcases[] = - { -#ifdef USE_FNV_32BIT - 0x1c00fc06UL, "overdeeply", - 0x1c00fc06UL, "undescript", - 0x1e1e52a4UL, "fanfold", - 0x1e1e52a4UL, "phrensied", -#else - 0xda19999ec0bda706ULL, "overdeeply", - 0xd7b9e43f26396a66ULL, "undescript", - 0xa50c585d385a2604ULL, "fanfold", - 0x1ec3ef9bb2b734a4ULL, "phrensied", -#endif - 0, - }; - struct testcase *tp; - HASH_FNV_T hval; - int test_failed; - - for (tp = testcases; tp->str; tp++) { - test_failed = 0; - if ((hval = hash_fnvz(tp->str)) != tp->hval) { - msg_warn("hash_fnv(\"%s\") want %lu, got: %lu", - tp->str, (unsigned long) tp->hval, - (unsigned long) hval); - test_failed = 1; - } - if (test_failed) { - fail += 1; - msg_info("FAIL: %s", tp->str); - } else { - pass += 1; - msg_info("PASS: %s", tp->str); - } - } - } - - /* - * Test: hash_fnvz(s) is equivalent to hash_fnv(s, strlen(s)). No need to - * verify the actual result; we already did that above. - */ - { - const char *strval = "foobar"; - HASH_FNV_T h1 = hash_fnv(strval, strlen(strval)); - HASH_FNV_T h2 = hash_fnvz(strval); - - if (h1 == h2) { - pass += 1; - msg_info("PASS: hash_fnvz(\"%s\") == hash_fnv(\"%s\", %ld)", - strval, strval, (long) strlen(strval)); - } else { - fail += 1; - msg_info("FAIL: hash_fnvz(\"%s\") == hash_fnv(\"%s\", %ld)", - strval, strval, (long) strlen(strval)); - } - } - - - /* - * Wrap up. - */ - msg_info("PASS=%d FAIL=%d", pass, fail); - return (fail != 0); -} - -#endif diff --git a/postfix/src/util/hash_fnv_test.c b/postfix/src/util/hash_fnv_test.c new file mode 100644 index 000000000..84f665238 --- /dev/null +++ b/postfix/src/util/hash_fnv_test.c @@ -0,0 +1,114 @@ + /* + * System library. + */ +#include +#include +#include + + /* + * Utility library. + */ +#include +#include +#include +#include + +int main(int srgc, char **argv) +{ + int pass = 0; + int fail = 0; + + msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR); + + /* + * Sanity check. + */ +#ifdef STRICT_FNV1A + msg_fatal("This test requires no STRICT_FNV1A"); +#endif + + /* + * Force unseeded hash, to make tests predictable. + */ + if (putenv("NORANDOMIZE=") != 0) + msg_fatal("putenv(\"NORANDOMIZE=\"): %m"); + + /* + * Test: hashing produces the expected results. + */ + { + struct testcase { + HASH_FNV_T hval; + const char *str; + }; + static struct testcase testcases[] = + { +#ifdef USE_FNV_32BIT + 0x1c00fc06UL, "overdeeply", + 0x1c00fc06UL, "undescript", + 0x1e1e52a4UL, "fanfold", + 0x1e1e52a4UL, "phrensied", +#else + 0xda19999ec0bda706ULL, "overdeeply", + 0xd7b9e43f26396a66ULL, "undescript", + 0xa50c585d385a2604ULL, "fanfold", + 0x1ec3ef9bb2b734a4ULL, "phrensied", +#endif + 0, + }; + struct testcase *tp; + HASH_FNV_T hval; + int test_failed; + + for (tp = testcases; tp->str; tp++) { + test_failed = 0; + msg_info("RUN hash_fnvz(\"%s\")", tp->str); + if ((hval = hash_fnvz(tp->str)) != tp->hval) { + msg_warn("hash_fnv(\"%s\") want %lu, got: %lu", + tp->str, (unsigned long) tp->hval, + (unsigned long) hval); + test_failed = 1; + } + if (test_failed) { + fail += 1; + msg_info("FAIL hash_fnvz(\"%s\")", tp->str); + } else { + pass += 1; + msg_info("PASS hash_fnvz(\"%s\")", tp->str); + } + } + } + + /* + * Test: hash_fnvz(s) is equivalent to hash_fnv(s, strlen(s)). No need to + * verify the actual result; we already did that above. + */ + { + const char *strval = "foobar"; + HASH_FNV_T h1; + HASH_FNV_T h2; + + msg_info("RUN hash_fnvz(\"%s\") == hash_fnv(\"%s\", %ld)", + strval, strval, (long) strlen(strval)); + + h1 = hash_fnv(strval, strlen(strval)); + h2 = hash_fnvz(strval); + + if (h1 == h2) { + pass += 1; + msg_info("PASS: hash_fnvz(\"%s\") == hash_fnv(\"%s\", %ld)", + strval, strval, (long) strlen(strval)); + } else { + fail += 1; + msg_info("FAIL: hash_fnvz(\"%s\") == hash_fnv(\"%s\", %ld)", + strval, strval, (long) strlen(strval)); + } + } + + + /* + * Wrap up. + */ + msg_info("PASS=%d FAIL=%d", pass, fail); + return (fail != 0); +}