From 3703d8187af01d13ca71f7918c7ef78529bb784d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 21 Aug 2015 18:08:39 +0100 Subject: [PATCH] Remember the fail reason for verify=headers_syntax. Bug 264 --- src/src/acl.c | 30 +++++++++++++----------- test/confs/0086 | 3 ++- test/stderr/0086 | 61 ++++++++++++++++++++++++++++++------------------ 3 files changed, 57 insertions(+), 37 deletions(-) diff --git a/src/src/acl.c b/src/src/acl.c index f2e0ef28b..064ee6ccb 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1803,27 +1803,27 @@ switch(vp->value) test whether it was successful or not. (This is for optional verification; for mandatory verification, the connection doesn't last this long.) */ - if (tls_in.certificate_verified) return OK; - *user_msgptr = US"no verified certificate"; - return FAIL; + if (tls_in.certificate_verified) return OK; + *user_msgptr = US"no verified certificate"; + return FAIL; case VERIFY_HELO: /* We can test the result of optional HELO verification that might have occurred earlier. If not, we can attempt the verification now. */ - if (!helo_verified && !helo_verify_failed) smtp_verify_helo(); - return helo_verified? OK : FAIL; + if (!helo_verified && !helo_verify_failed) smtp_verify_helo(); + return helo_verified? OK : FAIL; case VERIFY_CSA: /* Do Client SMTP Authorization checks in a separate function, and turn the result code into user-friendly strings. */ - rc = acl_verify_csa(list); - *log_msgptr = *user_msgptr = string_sprintf("client SMTP authorization %s", + rc = acl_verify_csa(list); + *log_msgptr = *user_msgptr = string_sprintf("client SMTP authorization %s", csa_reason_string[rc]); - csa_status = csa_status_string[rc]; - DEBUG(D_acl) debug_printf("CSA result %s\n", csa_status); - return csa_return_code[rc]; + csa_status = csa_status_string[rc]; + DEBUG(D_acl) debug_printf("CSA result %s\n", csa_status); + return csa_return_code[rc]; case VERIFY_HDR_SYNTAX: /* Check that all relevant header lines have the correct syntax. If there is @@ -1832,8 +1832,11 @@ switch(vp->value) always). */ rc = verify_check_headers(log_msgptr); - if (rc != OK && smtp_return_error_details && *log_msgptr != NULL) - *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); + if (rc != OK && *log_msgptr) + if (smtp_return_error_details) + *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); + else + acl_verify_message = *log_msgptr; return rc; case VERIFY_HDR_NAMES_ASCII: @@ -3788,7 +3791,8 @@ for (; cb != NULL; cb = cb->next) case ACLC_VERIFY: rc = acl_verify(where, addr, arg, user_msgptr, log_msgptr, basic_errno); - acl_verify_message = *user_msgptr; + if (*user_msgptr) + acl_verify_message = *user_msgptr; if (verb == ACL_WARN) *user_msgptr = NULL; break; diff --git a/test/confs/0086 b/test/confs/0086 index 2bf285a97..6f14a0d83 100644 --- a/test/confs/0086 +++ b/test/confs/0086 @@ -20,7 +20,8 @@ recipient_unqualified_hosts = V4NET.10.10.9 begin acl check_message: - require verify = header_syntax + deny !verify = header_syntax + logwrite = acl_verify_message: '$acl_verify_message' accept # End diff --git a/test/stderr/0086 b/test/stderr/0086 index 1d133ff73..e80c9c3a5 100644 --- a/test/stderr/0086 +++ b/test/stderr/0086 @@ -11,10 +11,13 @@ >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test failed in ACL "check_message" ->>> end of ACL "check_message": not OK +>>> processing "deny" +>>> check !verify = header_syntax +>>> check logwrite = acl_verify_message: '$acl_verify_message' +>>> = acl_verify_message: ''>' missing at end of address: failing address in "Cc:" header is: ' missing at end of address: failing address in "Cc:" header is: >> deny: condition test succeeded in ACL "check_message" +>>> end of ACL "check_message": DENY LOG: 10HmaY-0005vi-00 H=[V4NET.10.10.10] F= rejected after DATA: '>' missing at end of address: failing address in "Cc:" header is: >> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) @@ -29,10 +32,13 @@ LOG: 10HmaY-0005vi-00 H=[V4NET.10.10.10] F= rejected after D >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test failed in ACL "check_message" ->>> end of ACL "check_message": not OK +>>> processing "deny" +>>> check !verify = header_syntax +>>> check logwrite = acl_verify_message: '$acl_verify_message' +>>> = acl_verify_message: ''>' missing at end of address: failing address in "Cc:" header is: ' missing at end of address: failing address in "Cc:" header is: >> deny: condition test succeeded in ACL "check_message" +>>> end of ACL "check_message": DENY LOG: 10HmaZ-0005vi-00 H=[V4NET.10.10.10] F= rejected after DATA: '>' missing at end of address: failing address in "Cc:" header is: >> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) @@ -47,10 +53,13 @@ LOG: 10HmaZ-0005vi-00 H=[V4NET.10.10.10] F= rejected after D >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test failed in ACL "check_message" ->>> end of ACL "check_message": not OK +>>> processing "deny" +>>> check !verify = header_syntax +>>> check logwrite = acl_verify_message: '$acl_verify_message' +>>> = acl_verify_message: ''>' missing at end of address: failing address in "Resent-To:" header is: ' missing at end of address: failing address in "Resent-To:" header is: >> deny: condition test succeeded in ACL "check_message" +>>> end of ACL "check_message": DENY LOG: 10HmbA-0005vi-00 H=[V4NET.10.10.10] F= rejected after DATA: '>' missing at end of address: failing address in "Resent-To:" header is: >> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) @@ -65,10 +74,13 @@ LOG: 10HmbA-0005vi-00 H=[V4NET.10.10.10] F= rejected after D >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test failed in ACL "check_message" ->>> end of ACL "check_message": not OK +>>> processing "deny" +>>> check !verify = header_syntax +>>> check logwrite = acl_verify_message: '$acl_verify_message' +>>> = acl_verify_message: 'unmatched doublequote in local part: failing address in "Cc:" header begins: "abcd@x.y.z (missing quote),\n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addre' +LOG: 10HmbB-0005vi-00 acl_verify_message: 'unmatched doublequote in local part: failing address in "Cc:" header begins: "abcd@x.y.z (missing quote),\n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addre' +>>> deny: condition test succeeded in ACL "check_message" +>>> end of ACL "check_message": DENY LOG: 10HmbB-0005vi-00 H=[V4NET.10.10.10] F= rejected after DATA: unmatched doublequote in local part: failing address in "Cc:" header begins: "abcd@x.y.z (missing quote),\n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addresses.addresses.addresses, \n longlonglonglonglong@long.long.long.long.long.long.long.long,\n listlistlistlistlist@list.list.list.list.list.list.list.list,\n ofofofofofofofofofof@of.of.of.of.of.of.of.of.of.of.of.of.of,\n addressesaddresses@addresses.addre >>> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) @@ -83,10 +95,13 @@ LOG: 10HmbB-0005vi-00 H=[V4NET.10.10.10] F= rejected after D >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test failed in ACL "check_message" ->>> end of ACL "check_message": not OK +>>> processing "deny" +>>> check !verify = header_syntax +>>> check logwrite = acl_verify_message: '$acl_verify_message' +>>> = acl_verify_message: 'unqualified address not permitted: failing address in "Cc:" header is: ' +LOG: 10HmbC-0005vi-00 acl_verify_message: 'unqualified address not permitted: failing address in "Cc:" header is: ' +>>> deny: condition test succeeded in ACL "check_message" +>>> end of ACL "check_message": DENY LOG: 10HmbC-0005vi-00 H=[V4NET.10.10.10] F= rejected after DATA: unqualified address not permitted: failing address in "Cc:" header is: >>> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) @@ -101,9 +116,9 @@ LOG: 10HmbC-0005vi-00 H=[V4NET.10.10.10] F= rejected after D >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_message" ->>> processing "require" ->>> check verify = header_syntax ->>> require: condition test succeeded in ACL "check_message" +>>> processing "deny" +>>> check !verify = header_syntax +>>> deny: condition test failed in ACL "check_message" >>> processing "accept" >>> accept: condition test succeeded in ACL "check_message" >>> end of ACL "check_message": ACCEPT -- 2.30.2