Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Heiko Schlittermann
Date:  
À: exim-users
Sujet: Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)
Victor Ustugov via Exim-users <exim-users@???> (Mi 05 Mai 2021 14:48:20 CEST):
> Heiko Schlittermann via Exim-users wrote on 05.05.2021 14:57:
> > Victor Ustugov via Exim-users <exim-users@???> (Mi 05 Mai 2021 13:21:55 CEST):
> >>> I'd just refuse to create a bloated 4.94+fixes, instead of releasing
> >>> 4.95 as soon as possible.
> >>
> >> Yesterday I built exim 4.94.2 with adapted code from Jeremy's commit.
> >> It works as expected on FreeBSD (exim 4.94.2 from ports with my patches)
> >> and Ubuntu (exim 4.94.2-1 built from Debian deb-src with my patches).
> >
> > What did you do?
>
> I built exim 4.94.2 with patch
> https://mta.org.ua/exim-4.94-conf/patches/exim-4.94%2Bfixes-fix-sqlite-tainted-filename/patch-src__exim-4.94%2Bfixes-fix-sqlite-tainted-filename.patch
>
> As I remember patch for exim 4.94 based on:
>
> https://git.exim.org/exim.git/patch/44644c2e404a3ea0191db0b0458e86924fb240bb

This one isn't related to the file= feture


These both I located too and "backported" to 4.94.2 (as did too,
probably):
> https://git.exim.org/exim.git/patch/4a7dca52352d0976f200b89a50825433b7551554
> https://git.exim.org/exim.git/patch/b8514d1960e259d49ab2c84c89eba52ab993da3f


See the attached patches.

@Odhiambo: as it seems you're building your own version of Exim, we
recommend you the patches from Victor or my (attached). Currently we do
not plan to do the backport officially, because we'll start working
to release 4.95 as soon as possible.

--
Heiko
From 7ecb8213b1c9a6d9db1886d54cce8a60c5b0b55a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@???>
Date: Sat, 6 Jun 2020 14:45:47 +0100
Subject: [PATCH 1/2] Refactor lookup argument shuffling

(cherry picked from commit 4a7dca52352d0976f200b89a50825433b7551554)
---
 src/src/expand.c    | 20 +++-----------------
 src/src/functions.h |  1 +
 src/src/match.c     | 17 +----------------
 src/src/search.c    | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 33 deletions(-)


diff --git a/src/src/expand.c b/src/src/expand.c
index 05de94c49..ad9f54402 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4391,7 +4391,7 @@ if (is_tainted(string))
goto EXPAND_FAILED;
}

-while (*s != 0)
+while (*s)
   {
   uschar *value;
   uschar name[256];
@@ -4777,7 +4777,7 @@ while (*s != 0)
       int save_expand_nmax =
         save_expand_strings(save_expand_nstring, save_expand_nlength);


-      if ((expand_forbid & RDO_LOOKUP) != 0)
+      if (expand_forbid & RDO_LOOKUP)
         {
         expand_string_message = US"lookup expansions are not permitted";
         goto EXPAND_FAILED;
@@ -4876,21 +4876,7 @@ while (*s != 0)
       file types, the query (i.e. "key") starts with a file name. */


       if (!key)
-        {
-    Uskip_whitespace(&filename);
-        key = filename;
-
-        if (mac_islookup(stype, lookup_querystyle))
-          filename = NULL;
-        else
-          if (*filename == '/')
-        {
-        while (*key && !isspace(*key)) key++;
-        if (*key) *key++ = '\0';
-        }
-      else
-        filename = NULL;
-        }
+    key = search_args(stype, name, filename, &filename);


       /* If skipping, don't do the next bit - just lookup_value == NULL, as if
       the entry was not found. Note that there is no search_close() function.
diff --git a/src/src/functions.h b/src/src/functions.h
index e22fd4f99..a4914b730 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -448,6 +448,7 @@ extern void    route_init(void);
 extern gstring * route_show_supported(gstring *);
 extern void    route_tidyup(void);


+extern uschar *search_args(int, uschar *, uschar *, uschar **);
 extern uschar *search_find(void *, const uschar *, uschar *, int,
          const uschar *, int, int, int *, const uschar *);
 extern int     search_findtype(const uschar *, int);
diff --git a/src/src/match.c b/src/src/match.c
index dfb4b5148..eb8315b46 100644
--- a/src/src/match.c
+++ b/src/src/match.c
@@ -286,22 +286,7 @@ if (!cb->use_partial) partial = -1;


/* Set the parameters for the three different kinds of lookup. */

-keyquery = semicolon + 1;
-Uskip_whitespace(&keyquery);
-
-if (mac_islookup(search_type, lookup_absfilequery))
- {
- filename = keyquery;
- while (*keyquery && !isspace(*keyquery)) keyquery++;
- filename = string_copyn(filename, keyquery - filename);
- Uskip_whitespace(&keyquery);
- }
-
-else if (!mac_islookup(search_type, lookup_querystyle))
- {
- filename = keyquery;
- keyquery = s;
- }
+keyquery = search_args(search_type, s, semicolon+1, &filename);

/* Now do the actual lookup; throw away the data returned unless it was asked
for; partial matching is all handled inside search_find(). Note that there is
diff --git a/src/src/search.c b/src/src/search.c
index f8aaacb04..125dd1c48 100644
--- a/src/src/search.c
+++ b/src/src/search.c
@@ -217,6 +217,42 @@ return stype;
}


+/* Set the parameters for the three different kinds of lookup.
+Arguments:
+ search_type    the search-type code
+ search        the search-type string
+ query        argument for the search; filename or query
+ fnamep        pointer to return filename
+
+Return:    keyquery    the search-type (for single-key) or query (for query-type)
+ */
+uschar *
+search_args(int search_type, uschar * search, uschar * query, uschar ** fnamep)
+{
+Uskip_whitespace(&query);
+if (mac_islookup(search_type, lookup_absfilequery))
+  {                    /* query-style but with file (sqlite) */
+  uschar * s = query;
+  if (*query == '/')
+    {
+    while (*query && !isspace(*query)) query++;
+    *fnamep = string_copyn(s, query - s);
+    Uskip_whitespace(&query);
+    }
+  else
+    *fnamep = NULL;
+  return query;        /* remainder after file skipped */
+  }
+if (!mac_islookup(search_type, lookup_querystyle))
+  {                    /* single-key */
+  *fnamep = query;
+  return search;    /* modifiers important so use "keyquery" for them */
+  }
+*fnamep = NULL;                /* else query-style */
+return query;
+}
+
+


 /*************************************************
 *               Release cached resources         *
-- 
2.20.1


From ea5285147460d4f5235ae11acc2d2ed51a1045a6 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@???>
Date: Sat, 6 Jun 2020 18:04:36 +0100
Subject: [PATCH 2/2] Sqlite: new-style option to specify db file

(cherry picked from commit b8514d1960e259d49ab2c84c89eba52ab993da3f)
---
 doc/doc-docbook/spec.xfpt     |  40 ++++----
 doc/doc-txt/NewStuff          |  28 ++++++
 src/src/expand.c              |   2 +-
 src/src/functions.h           |   2 +-
 src/src/match.c               |   2 +-
 src/src/search.c              |  17 +++-
 test/confs/2600               |   6 ++
 test/runtest                  |  12 +--
 test/scripts/2600-SQLite/2600 |  28 ++++--
 test/stderr/2600              | 175 ++++++++++++++++++++++++++++------
 test/stdout/2600              |  12 +++
 11 files changed, 256 insertions(+), 68 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9c66f5cc9..8320a537c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6620,14 +6620,15 @@ cause parts of the string to be replaced by data that is obtained from the
lookup. Lookups of this type are conditional expansion items. Different results
can be defined for the cases of lookup success and failure. See chapter
&<<CHAPexpand>>&, where string expansions are described in detail.
-The key for the lookup is specified as part of the string expansion.
+The key for the lookup is &*specified*& as part of the string expansion.
.next
Lists of domains, hosts, and email addresses can contain lookup requests as a
way of avoiding excessively long linear lists. In this case, the data that is
returned by the lookup is often (but not always) discarded; whether the lookup
succeeds or fails is what really counts. These kinds of list are described in
chapter &<<CHAPdomhosaddlists>>&.
-The key for the lookup is given by the context in which the list is expanded.
+The key for the lookup is &*implicit*&,
+given by the context in which the list is expanded.
.endlist

String expansions, lists, and lookups interact with each other in such a way
@@ -6662,7 +6663,8 @@ The result of the expansion is not tainted.

In the second example, the lookup is a single item in a domain list. It causes
Exim to use a lookup to see if the domain that is being processed can be found
-in the file. The file could contains lines like this:
+in the file.
+The file could contains lines like this:
.code
domain1:
domain2:
@@ -7084,11 +7086,9 @@ passed to a Redis database. See section &<<SECTsql>>&.
.cindex "sqlite lookup type"
.cindex "lookup" "sqlite"
&(sqlite)&: The format of the query is
-new
-an optional filename
+.new
+an SQL statement that is passed to an SQLite database. See section &<<SECTsqlite>>&.
.wen
-followed by an SQL statement
-that is passed to an SQLite database. See section &<<SECTsqlite>>&.

.next
&(testdb)&: This is a lookup type that is used for testing Exim. It is
@@ -8153,19 +8153,26 @@ daemon as in the other SQL databases.

.new
.oindex &%sqlite_dbfile%&
-The preferred way of specifying the file is by using the
-&%sqlite_dbfile%& option, set to
-an absolute path.
+There are two ways of
+specifying the file.
+The first is is by using the &%sqlite_dbfile%& main option.
+The second, which allows separate files for each query,
+is to use an option appended, comma-separated, to the &"sqlite"&
+lookup type word. The option is the word &"file"&, then an equals,
+then the filename.
+The filename in this case cannot contain whitespace or open-brace charachters.
.wen
+
A deprecated method is available, prefixing the query with the filename
separated by white space.
-This means that the path name cannot contain white space.
+This means that
.cindex "tainted data" "sqlite file"
-It also means that the query cannot use any tainted values, as that taints
+the query cannot use any tainted values, as that taints
the entire query including the filename - resulting in a refusal to open
the file.

-.new
+In all the above cases the filename must be an absolute path.
+
Here is a lookup expansion example:
.code
sqlite_dbfile = /some/thing/sqlitedb
@@ -10204,11 +10211,8 @@ in a list using the given separator.


 .vitem "&*${lookup{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
-        {*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&"
-This is the first of one of two different types of lookup item, which are both
-described in the next item.
-
-.vitem "&*${lookup&~*&<&'search&~type'&>&*&~{*&<&'query'&>&*}&~&&&
+        {*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&" &&&
+       "&*${lookup&~*&<&'search&~type'&>&*&~{*&<&'query'&>&*}&~&&&
         {*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&"
 .cindex "expansion" "lookup in"
 .cindex "file" "lookups"
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 16dec8808..7bbc5d9a3 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -6,6 +6,34 @@ Before a formal release, there may be quite a lot of detail so that people can
 test from the snapshots or the Git before the documentation is updated. Once
 the documentation is updated, this file is reduced to a short list.


+Version 4.95
+------------
+
+ 1. The fast-ramp two phase queue run support, previously experimental, is
+    now supported by default.
+
+ 2. The native SRS support, previously experimental, is now supported. It is
+    not built unless specified in the Local/Makefile.
+
+ 3. TLS resumption support, previously experimental, is now supported and
+    included in default builds.
+
+ 4. Single-key LMDB lookups, previously experimental, are now supported.
+    The support is not built unless specified in the Local/Makefile.
+
+ 5. Option "message_linelength_limit" on the smtp transport to enforce (by
+    default) the RFC 998 character limit.
+
+ 6. An option to ignore the cache on a lookup.
+
+ 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
+    transport-managed quotas.
+
+ 8. Sqlite lookups accept a "file=<path>" option to specify a per-operation
+    db file, replacing the previous prefix to the SQL string (which had
+    issues when the SQL used tainted values).
+
+
 Version 4.94
 ------------


diff --git a/src/src/expand.c b/src/src/expand.c
index ad9f54402..a33b6345b 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4876,7 +4876,7 @@ while (*s)
       file types, the query (i.e. "key") starts with a file name. */


       if (!key)
-    key = search_args(stype, name, filename, &filename);
+    key = search_args(stype, name, filename, &filename, opts);


       /* If skipping, don't do the next bit - just lookup_value == NULL, as if
       the entry was not found. Note that there is no search_close() function.
diff --git a/src/src/functions.h b/src/src/functions.h
index a4914b730..bf7adf735 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -448,7 +448,7 @@ extern void    route_init(void);
 extern gstring * route_show_supported(gstring *);
 extern void    route_tidyup(void);


-extern uschar *search_args(int, uschar *, uschar *, uschar **);
+extern uschar *search_args(int, uschar *, uschar *, uschar **, const uschar *);
 extern uschar *search_find(void *, const uschar *, uschar *, int,
          const uschar *, int, int, int *, const uschar *);
 extern int     search_findtype(const uschar *, int);
diff --git a/src/src/match.c b/src/src/match.c
index eb8315b46..20ed4efb2 100644
--- a/src/src/match.c
+++ b/src/src/match.c
@@ -286,7 +286,7 @@ if (!cb->use_partial) partial = -1;


/* Set the parameters for the three different kinds of lookup. */

-keyquery = search_args(search_type, s, semicolon+1, &filename);
+keyquery = search_args(search_type, s, semicolon+1, &filename, opts);

 /* Now do the actual lookup; throw away the data returned unless it was asked
 for; partial matching is all handled inside search_find(). Note that there is
diff --git a/src/src/search.c b/src/src/search.c
index 125dd1c48..22d6e6e6d 100644
--- a/src/src/search.c
+++ b/src/src/search.c
@@ -223,18 +223,31 @@ Arguments:
  search        the search-type string
  query        argument for the search; filename or query
  fnamep        pointer to return filename
+ opts        options


 Return:    keyquery    the search-type (for single-key) or query (for query-type)
  */
 uschar *
-search_args(int search_type, uschar * search, uschar * query, uschar ** fnamep)
+search_args(int search_type, uschar * search, uschar * query, uschar ** fnamep,
+  const uschar * opts)
 {
 Uskip_whitespace(&query);
 if (mac_islookup(search_type, lookup_absfilequery))
   {                    /* query-style but with file (sqlite) */
-  uschar * s = query;
+  int sep = ',';
+
+  /* Check options first for new-style file spec */
+  if (opts) for (uschar * s; s = string_nextinlist(&opts, &sep, NULL, 0); )
+    if (Ustrncmp(s, "file=", 5) == 0)
+      {
+      *fnamep = s+5;
+      return query;
+      }
+
+  /* If no filename from options, use old-tyle space-sep prefix on query */
   if (*query == '/')
     {
+    uschar * s = query;
     while (*query && !isspace(*query)) query++;
     *fnamep = string_copyn(s, query - s);
     Uskip_whitespace(&query);
diff --git a/test/confs/2600 b/test/confs/2600
index e42cbe33c..29f5afbbe 100644
--- a/test/confs/2600
+++ b/test/confs/2600
@@ -7,9 +7,15 @@ primary_hostname = myhost.test.ex
 # ----- Main settings -----


 domainlist local_domains = @
+.ifdef OPT
+hostlist   relay_hosts = sqlite,file=DIR/aux-fixed/sqlitedb; \
+                                     select * from them where \
+                                     id='$sender_host_address'
+.else
 hostlist   relay_hosts = sqlite;DIR/aux-fixed/sqlitedb \
                                      select * from them where \
                                      id='$sender_host_address'
+.endif


acl_smtp_rcpt = check_recipient
sqlite_lock_timeout = 2
diff --git a/test/runtest b/test/runtest
index 05af33325..60dcf2b76 100755
--- a/test/runtest
+++ b/test/runtest
@@ -951,12 +951,6 @@ RESET_AFTER_EXTRA_LINE_READ:
s/^\d\d\d(?=[PFS*])/ddd/;


-  # ========= Exim lookups ==================
-  # Lookups have a char which depends on the number of lookup types compiled in,
-  # in stderr output.  Replace with a "0".  Recognising this while avoiding
-  # other output is fragile; perhaps the debug output should be revised instead.
-  s%(?<!sqlite)(?<!lsearch\*@)(?<!lsearch\*)(?<!lsearch)[0-?]TESTSUITE/aux-fixed/%0TESTSUITE/aux-fixed/%g;
-
   # ==========================================================
   # MIME boundaries in RFC3461 DSN messages
   s/\d{8,10}-eximdsn-\d+/NNNNNNNNNN-eximdsn-MMMMMMMMMM/;
@@ -1056,6 +1050,12 @@ RESET_AFTER_EXTRA_LINE_READ:
     # we don't care what TZ enviroment the testhost was running
     next if /^Reset TZ to/;


+    # ========= Exim lookups ==================
+    # Lookups have a char which depends on the number of lookup types compiled in,
+    # in stderr output.  Replace with a "0".  Recognising this while avoiding
+    # other output is fragile; perhaps the debug output should be revised instead.
+    s%^\s+(:?closing )?\K[0-?]TESTSUITE/aux-fixed/%0TESTSUITE/aux-fixed/%g;
+
     # drop gnutls version strings
     next if /GnuTLS compile-time version: \d+[\.\d]+$/;
     next if /GnuTLS runtime version: \d+[\.\d]+$/;
diff --git a/test/scripts/2600-SQLite/2600 b/test/scripts/2600-SQLite/2600
index 2c3092ef2..a11d46ef1 100644
--- a/test/scripts/2600-SQLite/2600
+++ b/test/scripts/2600-SQLite/2600
@@ -1,15 +1,23 @@
 # sqlite lookups
 exim -d-all+lookup -be
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select name from them where id='userx';}}
 ${lookup sqlite{DIR/aux-fixed/sqlitedb select name from them where id='userx';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select name from them where id='userx';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select name from them where id='xxxx';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select name from them where id='nothing';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select id,name from them where id='nothing';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select * from them where id='quote2';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select * from them where id='newline';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select * from them where id='tab';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select * from them where id='its';}}
-${lookup sqlite{DIR/aux-fixed/sqlitedb select * from them where name='${quote_sqlite:it's}';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{ select name from them where id='userx';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{ select name from them where id='userx';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{ select name from them where id='xxxx';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select name from them where id='nothing';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select id,name from them where id='nothing';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb {select * from them where id='quote2';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select * from them where id='newline';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select * from them where id='tab';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select * from them where id='its';}}
+${lookup sqlite,file=DIR/aux-fixed/sqlitedb{select * from them where name='${quote_sqlite:it's}';}}
+****
+exim -d -DOPT=y -bh 10.0.0.0
+mail from:<a@b>
+rcpt to:<c@d>
+rcpt to:<c@d>
+quit
 ****
 exim -d -bh 10.0.0.0
 mail from:<a@b>
@@ -23,7 +31,7 @@ rcpt to:<c@d>
 rcpt to:<c@d>
 quit
 ****
-exim -odi -d userx
+exim -DOPT=y -odi -d userx
 Test message
 .
 ****
diff --git a/test/stderr/2600 b/test/stderr/2600
index 77b0f2a62..92529c845 100644
--- a/test/stderr/2600
+++ b/test/stderr/2600
@@ -4,10 +4,10 @@ admin user
 dropping to exim gid; retaining priv uid
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select name from them where id='userx';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select name from them where id='userx';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select name from them where id='userx';" opts=NULL
+   type=sqlite key="select name from them where id='userx';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select name from them where id='userx';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: Ayen Other
@@ -18,16 +18,38 @@ dropping to exim gid; retaining priv uid
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
    type=sqlite key="select name from them where id='userx';" opts=NULL
+ cached data found but wrong opts;  file lookup required for select name from them where id='userx';
+ c  in TESTSUITE/aux-fixed/sqlitedb
+ replacing old cache entry
+ lookup yielded: Ayen Other
+ search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
+   cached open
+ search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+   key="select name from them where id='userx';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
+ LRU list:
+ internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+   type=sqlite key="select name from them where id='userx';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
+ cached data found but wrong opts;  file lookup required for select name from them where id='userx';
+ c  in TESTSUITE/aux-fixed/sqlitedb
+ replacing old cache entry
+ lookup yielded: Ayen Other
+ search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
+   cached open
+ search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+   key="select name from them where id='userx';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
+ LRU list:
+ internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+   type=sqlite key="select name from them where id='userx';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  cached data used for lookup of select name from them where id='userx';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: Ayen Other
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select name from them where id='xxxx';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select name from them where id='xxxx';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select name from them where id='xxxx';" opts=NULL
+   type=sqlite key="select name from them where id='xxxx';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select name from them where id='xxxx';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup forced cache cleanup
@@ -35,40 +57,40 @@ dropping to exim gid; retaining priv uid
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select name from them where id='nothing';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select name from them where id='nothing';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select name from them where id='nothing';" opts=NULL
+   type=sqlite key="select name from them where id='nothing';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select name from them where id='nothing';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: 
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select id,name from them where id='nothing';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select id,name from them where id='nothing';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select id,name from them where id='nothing';" opts=NULL
+   type=sqlite key="select id,name from them where id='nothing';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select id,name from them where id='nothing';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: id=nothing name="" 
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select * from them where id='quote2';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select * from them where id='quote2';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select * from them where id='quote2';" opts=NULL
+   type=sqlite key="select * from them where id='quote2';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select * from them where id='quote2';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: name="\"stquot" id=quote2 
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select * from them where id='newline';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select * from them where id='newline';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select * from them where id='newline';" opts=NULL
+   type=sqlite key="select * from them where id='newline';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select * from them where id='newline';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: name="before
@@ -76,30 +98,30 @@ dropping to exim gid; retaining priv uid
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select * from them where id='tab';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select * from them where id='tab';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select * from them where id='tab';" opts=NULL
+   type=sqlite key="select * from them where id='tab';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select * from them where id='tab';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: name="x    x" id=tab 
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select * from them where id='its';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select * from them where id='its';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select * from them where id='its';" opts=NULL
+   type=sqlite key="select * from them where id='its';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select * from them where id='its';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: name=it's id=its 
  search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
    cached open
  search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   key="select * from them where name='it''s';" partial=-1 affix=NULL starflags=0 opts=NULL
+   key="select * from them where name='it''s';" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
  LRU list:
  internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
-   type=sqlite key="select * from them where name='it''s';" opts=NULL
+   type=sqlite key="select * from them where name='it''s';" opts="file=TESTSUITE/aux-fixed/sqlitedb"
  file lookup required for select * from them where name='it''s';
    in TESTSUITE/aux-fixed/sqlitedb
  lookup yielded: name=it's id=its 
@@ -137,12 +159,107 @@ log directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100

SMTP>> 250 OK

SMTP<< rcpt to:<c@d>
using ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 26)
+processing "accept" (TESTSUITE/test-config 32)
+check domains = +local_domains
+d in "@"? no (end of list)
+d in "+local_domains"? no (end of list)
+accept: condition test failed in ACL "check_recipient"
+processing "accept" (TESTSUITE/test-config 33)
+check hosts = +relay_hosts
+search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
+search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+ key="select * from them where id='10.0.0.0'" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
+LRU list:
+internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+ type=sqlite key="select * from them where id='10.0.0.0'" opts="file=TESTSUITE/aux-fixed/sqlitedb"
+file lookup required for select * from them where id='10.0.0.0'
+ in TESTSUITE/aux-fixed/sqlitedb
+lookup forced cache cleanup
+lookup failed
+host in "sqlite,file=TESTSUITE/aux-fixed/sqlitedb; select * from them where id='10.0.0.0'"? no (end of list)
+host in "+relay_hosts"? no (end of list)
+accept: condition test failed in ACL "check_recipient"
+processing "deny" (TESTSUITE/test-config 34)
+ message: relay not permitted
+deny: condition test succeeded in ACL "check_recipient"
+end of ACL "check_recipient": DENY
+SMTP>> 550 relay not permitted
+LOG: MAIN REJECT
+ H=[10.0.0.0] F=<a@b> rejected RCPT <c@d>: relay not permitted
+SMTP<< rcpt to:<c@d>
+using ACL "check_recipient"
+processing "accept" (TESTSUITE/test-config 32)
+check domains = +local_domains
+d in "@"? no (end of list)
+d in "+local_domains"? no (end of list)
+accept: condition test failed in ACL "check_recipient"
+processing "accept" (TESTSUITE/test-config 33)
+check hosts = +relay_hosts
+search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
+ cached open
+search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+ key="select * from them where id='10.0.0.0'" partial=-1 affix=NULL starflags=0 opts="file=TESTSUITE/aux-fixed/sqlitedb"
+LRU list:
+internal_search_find: file="TESTSUITE/aux-fixed/sqlitedb"
+ type=sqlite key="select * from them where id='10.0.0.0'" opts="file=TESTSUITE/aux-fixed/sqlitedb"
+file lookup required for select * from them where id='10.0.0.0'
+ in TESTSUITE/aux-fixed/sqlitedb
+lookup forced cache cleanup
+lookup failed
+host in "sqlite,file=TESTSUITE/aux-fixed/sqlitedb; select * from them where id='10.0.0.0'"? no (end of list)
+host in "+relay_hosts"? no (end of list)
+accept: condition test failed in ACL "check_recipient"
+processing "deny" (TESTSUITE/test-config 34)
+ message: relay not permitted
+deny: condition test succeeded in ACL "check_recipient"
+end of ACL "check_recipient": DENY
+SMTP>> 550 relay not permitted
+LOG: MAIN REJECT
+ H=[10.0.0.0] F=<a@b> rejected RCPT <c@d>: relay not permitted
+SMTP<< quit
+SMTP>> 221 myhost.test.ex closing connection
+LOG: smtp_connection MAIN
+ SMTP connection from [10.0.0.0] closed by QUIT
+search_tidyup called
+>>>>>>>>>>>>>>>> Exim pid=pppp (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+changed uid/gid: forcing real = effective
+ uid=uuuu gid=CALLER_GID pid=pppp
+configuration file is TESTSUITE/test-config
+admin user
+changed uid/gid: privilege not needed
+ uid=EXIM_UID gid=EXIM_GID pid=pppp
+seeking password data for user "CALLER": cache not available
+getpwnam() succeeded uid=CALLER_UID gid=CALLER_GID
+originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME
+sender address = CALLER@???
+sender_fullhost = [10.0.0.0]
+sender_rcvhost = [10.0.0.0]
+host in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from [10.0.0.0]
+host in host_lookup? no (option unset)
+set_process_info: pppp handling incoming connection from [10.0.0.0]
+host in host_reject_connection? no (option unset)
+host in sender_unqualified_hosts? no (option unset)
+host in recipient_unqualified_hosts? no (option unset)
+host in helo_verify_hosts? no (option unset)
+host in helo_try_verify_hosts? no (option unset)
+host in helo_accept_junk_hosts? no (option unset)
+SMTP>> 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+smtp_setup_msg entered
+SMTP<< mail from:<a@b>
+spool directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 msg_size = 0
+log directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100
+SMTP>> 250 OK
+SMTP<< rcpt to:<c@d>
+using ACL "check_recipient"
+processing "accept" (TESTSUITE/test-config 32)
check domains = +local_domains
d in "@"? no (end of list)
d in "+local_domains"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 27)
+processing "accept" (TESTSUITE/test-config 33)
check hosts = +relay_hosts
search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
search_find: file="TESTSUITE/aux-fixed/sqlitedb"
@@ -157,7 +274,7 @@ lookup failed
host in "sqlite;TESTSUITE/aux-fixed/sqlitedb select * from them where id='10.0.0.0'"? no (end of list)
host in "+relay_hosts"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "deny" (TESTSUITE/test-config 28)
+processing "deny" (TESTSUITE/test-config 34)
message: relay not permitted
deny: condition test succeeded in ACL "check_recipient"
end of ACL "check_recipient": DENY
@@ -166,12 +283,12 @@ LOG: MAIN REJECT
H=[10.0.0.0] F=<a@b> rejected RCPT <c@d>: relay not permitted
SMTP<< rcpt to:<c@d>
using ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 26)
+processing "accept" (TESTSUITE/test-config 32)
check domains = +local_domains
d in "@"? no (end of list)
d in "+local_domains"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 27)
+processing "accept" (TESTSUITE/test-config 33)
check hosts = +relay_hosts
search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
cached open
@@ -187,7 +304,7 @@ lookup failed
host in "sqlite;TESTSUITE/aux-fixed/sqlitedb select * from them where id='10.0.0.0'"? no (end of list)
host in "+relay_hosts"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "deny" (TESTSUITE/test-config 28)
+processing "deny" (TESTSUITE/test-config 34)
message: relay not permitted
deny: condition test succeeded in ACL "check_recipient"
end of ACL "check_recipient": DENY
@@ -232,12 +349,12 @@ log directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100
SMTP>> 250 OK

SMTP<< rcpt to:<c@d>
using ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 26)
+processing "accept" (TESTSUITE/test-config 32)
check domains = +local_domains
d in "@"? no (end of list)
d in "+local_domains"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 27)
+processing "accept" (TESTSUITE/test-config 33)
check hosts = +relay_hosts
search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
search_find: file="TESTSUITE/aux-fixed/sqlitedb"
@@ -255,12 +372,12 @@ end of ACL "check_recipient": ACCEPT
SMTP>> 250 Accepted

SMTP<< rcpt to:<c@d>
using ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 26)
+processing "accept" (TESTSUITE/test-config 32)
check domains = +local_domains
d in "@"? no (end of list)
d in "+local_domains"? no (end of list)
accept: condition test failed in ACL "check_recipient"
-processing "accept" (TESTSUITE/test-config 27)
+processing "accept" (TESTSUITE/test-config 33)
check hosts = +relay_hosts
search_open: sqlite "TESTSUITE/aux-fixed/sqlitedb"
cached open
@@ -326,7 +443,7 @@ LOG: MAIN
<= CALLER@??? U=CALLER P=local S=sss
created log directory TESTSUITE/spool/log
search_tidyup called
-exec TESTSUITE/eximdir/exim -DEXIM_PATH=TESTSUITE/eximdir/exim -C TESTSUITE/test-config -d=0xf7715cfd -MCd local-accept-delivery -odi -Mc 10HmaX-0005vi-00
+exec TESTSUITE/eximdir/exim -DEXIM_PATH=TESTSUITE/eximdir/exim -DOPT=y -C TESTSUITE/test-config -d=0xf7715cfd -MCd local-accept-delivery -odi -Mc 10HmaX-0005vi-00
Exim version x.yz ....
changed uid/gid: forcing real = effective
uid=uuuu gid=EXIM_GID pid=pppp
diff --git a/test/stdout/2600 b/test/stdout/2600
index 4116be7a7..0a0a461ce 100644
--- a/test/stdout/2600
+++ b/test/stdout/2600
@@ -1,5 +1,7 @@
> Ayen Other
> Ayen Other

+> Ayen Other
+> Ayen Other
>
>
> id=nothing name=""

@@ -21,6 +23,16 @@ after" id=newline
550 relay not permitted
221 myhost.test.ex closing connection

+**** SMTP testing session as if from host 10.0.0.0
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+550 relay not permitted
+550 relay not permitted
+221 myhost.test.ex closing connection
+
**** SMTP testing session as if from host 10.10.10.10
**** but without any ident (RFC 1413) callback.
**** This is not for real!
--
2.20.1