[exim-cvs] For connects and certificate-verifies denied by e…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] For connects and certificate-verifies denied by event actions, log
Gitweb: http://git.exim.org/exim.git/commitdiff/b30275b8a70b539c195a3a12580f29ebdcc12d99
Commit:     b30275b8a70b539c195a3a12580f29ebdcc12d99
Parent:     eca4debb8fa74d67fbeb4aefdcc3d67ef51386e0
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Oct 30 12:12:31 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Oct 30 12:14:50 2014 +0000


    For connects and certificate-verifies denied by event actions, log
    the string resulting from the event expansion
---
 src/src/deliver.c         |    6 +++---
 src/src/functions.h       |    2 +-
 src/src/smtp_out.c        |    4 ++--
 src/src/tls-gnu.c         |    8 +++++---
 src/src/tls-openssl.c     |   20 ++++++++++++--------
 src/src/transports/smtp.c |   11 +++++++----
 src/src/verify.c          |    2 +-
 7 files changed, 31 insertions(+), 22 deletions(-)


diff --git a/src/src/deliver.c b/src/src/deliver.c
index 4cc05b4..27a4344 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -719,7 +719,7 @@ d_tlslog(uschar * s, int * sizep, int * ptrp, address_item * addr)


 #ifdef EXPERIMENTAL_EVENT
-int
+uschar *
 event_raise(uschar * action, uschar * event, uschar * ev_data)
 {
 uschar * s;
@@ -747,10 +747,10 @@ if (action)
     {
     DEBUG(D_deliver)
       debug_printf("Event(%s): event_action returned \"%s\"\n", event, s);
-    return DEFER;
+    return s;
     }
   }
-return OK;
+return NULL;
 }


 static void
diff --git a/src/src/functions.h b/src/src/functions.h
index ba4760f..07d0eb4 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -158,7 +158,7 @@ extern BOOL    dscp_lookup(const uschar *, int, int *, int *, int *);
 extern void    enq_end(uschar *);
 extern BOOL    enq_start(uschar *);
 #ifdef EXPERIMENTAL_EVENT
-extern int     event_raise(uschar *, uschar *, uschar *);
+extern uschar *event_raise(uschar *, uschar *, uschar *);
 #endif
 extern void    exim_exit(int);
 extern void    exim_nullstd(void);
diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index e3f2588..530fcfe 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -204,10 +204,10 @@ HDEBUG(D_transport|D_acl|D_v)
   }


#ifdef EXPERIMENTAL_EVENT
- /*XXX Called from both delivery and verify. Is that status observable? */
deliver_host_address = host->address;
deliver_host_port = port;
- if (event_raise(event, US"tcp:connect", NULL) == DEFER) return -1;
+ if (event_raise(event, US"tcp:connect", NULL)) return -1;
+ /* Logging? Debug? */
#endif

/* Create the socket */
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 1966c55..04de02d 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1559,6 +1559,7 @@ const gnutls_datum * cert_list;
unsigned int cert_list_size = 0;
gnutls_x509_crt_t crt;
int rc;
+uschar * yield;
exim_gnutls_state_st * state = gnutls_session_get_ptr(session);

 cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
@@ -1574,11 +1575,12 @@ if (cert_list)
     }


   state->tlsp->peercert = crt;
-  if (event_raise(state->event_action,
-          US"tls:cert", string_sprintf("%d", cert_list_size)) == DEFER)
+  if ((yield = event_raise(state->event_action,
+          US"tls:cert", string_sprintf("%d", cert_list_size))))
     {
     log_write(0, LOG_MAIN,
-          "SSL verify denied by event-action: depth=%d", cert_list_size);
+          "SSL verify denied by event-action: depth=%d: %s",
+          cert_list_size, yield);
     return 1;                     /* reject */
     }
   state->tlsp->peercert = NULL;
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 25d5232..c489ea5 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -294,8 +294,11 @@ verify_callback(int state, X509_STORE_CTX *x509ctx,
 {
 X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
 int depth = X509_STORE_CTX_get_error_depth(x509ctx);
-uschar * ev;
 static uschar txt[256];
+#ifdef EXPERIMENTAL_EVENT
+uschar * ev;
+uschar * yield;
+#endif


X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt));

@@ -335,10 +338,10 @@ else if (depth != 0)
   if (ev)
     {
     tlsp->peercert = X509_dup(cert);
-    if (event_raise(ev, US"tls:cert", string_sprintf("%d", depth)) == DEFER)
+    if ((yield = event_raise(ev, US"tls:cert", string_sprintf("%d", depth))))
       {
       log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
-                  "depth=%d cert=%s", depth, txt);
+                  "depth=%d cert=%s: %s", depth, txt, yield);
       tlsp->certificate_verified = FALSE;
       *calledp = TRUE;
       return 0;                /* reject */
@@ -402,10 +405,10 @@ else
 #ifdef EXPERIMENTAL_EVENT
   ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
   if (ev)
-    if (event_raise(ev, US"tls:cert", US"0") == DEFER)
+    if ((yield = event_raise(ev, US"tls:cert", US"0")))
       {
       log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
-                  "depth=0 cert=%s", txt);
+                  "depth=0 cert=%s: %s", txt, yield);
       tlsp->certificate_verified = FALSE;
       *calledp = TRUE;
       return 0;                /* reject */
@@ -446,6 +449,7 @@ X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
 static uschar txt[256];
 #ifdef EXPERIMENTAL_EVENT
 int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+uschar * yield;
 #endif


 X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt));
@@ -457,11 +461,11 @@ tls_out.peercert = X509_dup(cert);
 #ifdef EXPERIMENTAL_EVENT
   if (client_static_cbinfo->event_action)
     {
-    if (event_raise(client_static_cbinfo->event_action,
-            US"tls:cert", string_sprintf("%d", depth)) == DEFER)
+    if ((yield = event_raise(client_static_cbinfo->event_action,
+            US"tls:cert", string_sprintf("%d", depth))))
       {
       log_write(0, LOG_MAIN, "DANE verify denied by event-action: "
-                  "depth=%d cert=%s", depth, txt);
+                  "depth=%d cert=%s: %s", depth, txt, yield);
       tls_out.certificate_verified = FALSE;
       return 0;                /* reject */
       }
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 6886fd5..c572306 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1414,14 +1414,17 @@ if (continue_hostname == NULL)
       ob->command_timeout)) goto RESPONSE_FAILED;


 #ifdef EXPERIMENTAL_EVENT
-    if (event_raise(tblock->event_action, US"smtp:connect", buffer)
-    == DEFER)
+      {
+      uschar * s = event_raise(tblock->event_action, US"smtp:connect", buffer);
+      if (s)
     {
-    uschar *message = US"deferred by smtp:connect event expansion";
-    set_errno(addrlist, 0, message, DEFER, FALSE, NULL);
+    set_errno(addrlist, 0,
+      string_sprintf("deferred by smtp:connect event expansion: %s", s),
+      DEFER, FALSE, NULL);
     yield = DEFER;
     goto SEND_QUIT;
     }
+      }
 #endif


     /* Now check if the helo_data expansion went well, and sign off cleanly if
diff --git a/src/src/verify.c b/src/src/verify.c
index f8e176b..82dc5cc 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -585,7 +585,7 @@ else


 #ifdef EXPERIMENTAL_EVENT
       if (event_raise(addr->transport->event_action,
-                US"smtp:connect", responsebuffer) == DEFER)
+                US"smtp:connect", responsebuffer))
     {
     /* Logging?  Debug? */
     goto RESPONSE_FAILED;