X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/059ec3d9952740285fb1ebf47961b8aca2eb1b4a..c988f1f4faa9f679f79beddf3c14676c5dcb8e28:/src/src/acl.c diff --git a/src/src/acl.c b/src/src/acl.c index d6a354cf2..014721f12 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.11 2005/01/04 10:00:42 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2005 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for handling Access Control Lists (ACLs) */ @@ -34,20 +34,84 @@ static int msgcond[] = { FAIL, OK, OK, FAIL, OK, FAIL, OK }; /* ACL condition and modifier codes - keep in step with the table that follows. */ -enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY, - ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS, - ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, ACLC_MESSAGE, - ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY }; +enum { ACLC_ACL, ACLC_AUTHENTICATED, +#ifdef EXPERIMENTAL_BRIGHTMAIL + ACLC_BMI_OPTIN, +#endif +ACLC_CONDITION, ACLC_CONTROL, +#ifdef WITH_CONTENT_SCAN + ACLC_DECODE, +#endif + ACLC_DELAY, +#ifdef WITH_OLD_DEMIME + ACLC_DEMIME, +#endif + ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, + ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, +#ifdef WITH_CONTENT_SCAN + ACLC_MALWARE, +#endif + ACLC_MESSAGE, +#ifdef WITH_CONTENT_SCAN + ACLC_MIME_REGEX, +#endif + ACLC_RECIPIENTS, +#ifdef WITH_CONTENT_SCAN + ACLC_REGEX, +#endif + ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, +#ifdef WITH_CONTENT_SCAN + ACLC_SPAM, +#endif +#ifdef EXPERIMENTAL_SPF + ACLC_SPF, +#endif + ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "endpass", "message", "log_message", "logwrite", and "set" are modifiers that look like conditions but always return TRUE. They are used for their side effects. */ -static uschar *conditions[] = { US"acl", US"authenticated", US"condition", - US"control", US"delay", US"dnslists", US"domains", US"encrypted", +static uschar *conditions[] = { US"acl", US"authenticated", +#ifdef EXPERIMENTAL_BRIGHTMAIL + US"bmi_optin", +#endif + US"condition", + US"control", +#ifdef WITH_CONTENT_SCAN + US"decode", +#endif + US"delay", +#ifdef WITH_OLD_DEMIME + US"demime", +#endif + US"dnslists", US"domains", US"encrypted", US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite", - US"message", US"recipients", US"sender_domains", US"senders", US"set", +#ifdef WITH_CONTENT_SCAN + US"malware", +#endif + US"message", +#ifdef WITH_CONTENT_SCAN + US"mime_regex", +#endif + US"recipients", +#ifdef WITH_CONTENT_SCAN + US"regex", +#endif + US"sender_domains", US"senders", US"set", +#ifdef WITH_CONTENT_SCAN + US"spam", +#endif +#ifdef EXPERIMENTAL_SPF + US"spf", +#endif US"verify" }; + +/* ACL control names */ + +static uschar *controls[] = { US"error", US"caseful_local_part", + US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze", + US"queue_only", US"submission", US"no_multiline"}; /* Flags to indicate for which conditions /modifiers a string expansion is done at the outer level. In the other cases, expansion already occurs in the @@ -56,9 +120,18 @@ checking functions. */ static uschar cond_expand_at_top[] = { TRUE, /* acl */ FALSE, /* authenticated */ +#ifdef EXPERIMENTAL_BRIGHTMAIL + TRUE, /* bmi_optin */ +#endif TRUE, /* condition */ TRUE, /* control */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* decode */ +#endif TRUE, /* delay */ +#ifdef WITH_OLD_DEMIME + TRUE, /* demime */ +#endif TRUE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -67,11 +140,26 @@ static uschar cond_expand_at_top[] = { FALSE, /* local_parts */ TRUE, /* log_message */ TRUE, /* logwrite */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* malware */ +#endif TRUE, /* message */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* mime_regex */ +#endif FALSE, /* recipients */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* regex */ +#endif FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* spam */ +#endif +#ifdef EXPERIMENTAL_SPF + TRUE, /* spf */ +#endif TRUE /* verify */ }; @@ -80,9 +168,18 @@ static uschar cond_expand_at_top[] = { static uschar cond_modifiers[] = { FALSE, /* acl */ FALSE, /* authenticated */ +#ifdef EXPERIMENTAL_BRIGHTMAIL + TRUE, /* bmi_optin */ +#endif FALSE, /* condition */ TRUE, /* control */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* decode */ +#endif TRUE, /* delay */ +#ifdef WITH_OLD_DEMIME + FALSE, /* demime */ +#endif FALSE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -90,29 +187,77 @@ static uschar cond_modifiers[] = { FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ - TRUE, /* log_write */ + TRUE, /* logwrite */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* malware */ +#endif TRUE, /* message */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* mime_regex */ +#endif FALSE, /* recipients */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* regex */ +#endif FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* spam */ +#endif +#ifdef EXPERIMENTAL_SPF + FALSE, /* spf */ +#endif FALSE /* verify */ }; -/* Bit map of which conditions are not allowed at certain times. For each -condition, there's a bitmap of dis-allowed times. */ +/* Bit map vector of which conditions are not allowed at certain times. For +each condition, there's a bitmap of dis-allowed times. */ static unsigned int cond_forbids[] = { 0, /* acl */ (1< 0) newtype = htype_add_rec; p += 16; } + else if (strncmpic(p, US":at_start_rfc:", 14) == 0) + { + newtype = htype_add_rfc; + p += 14; + } else if (strncmpic(p, US":at_start:", 10) == 0) { newtype = htype_add_top; @@ -671,6 +905,7 @@ acl_verify(int where, address_item *addr, uschar *arg, int sep = '/'; int callout = -1; int callout_overall = -1; +int callout_connect = -1; int verify_options = 0; int rc; BOOL verify_header_sender = FALSE; @@ -817,6 +1052,11 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) uschar *opt; uschar buffer[256]; while (isspace(*ss)) ss++; + + /* This callout option handling code has become a mess as new options + have been added in an ad hoc manner. It should be tidied up into some + kind of table-driven thing. */ + while ((opt = string_nextinlist(&ss, &optsep, buffer, sizeof(buffer))) != NULL) { @@ -885,6 +1125,25 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) return ERROR; } } + else if (strncmpic(opt, US"connect", 7) == 0) + { + opt += 7; + while (isspace(*opt)) opt++; + if (*opt++ != '=') + { + *log_msgptr = string_sprintf("'=' expected after " + "\"callout_overaall\" in ACL condition \"%s\"", arg); + return ERROR; + } + while (isspace(*opt)) opt++; + callout_connect = readconf_readtime(opt, 0, FALSE); + if (callout_connect < 0) + { + *log_msgptr = string_sprintf("bad time value in ACL condition " + "\"verify %s\"", arg); + return ERROR; + } + } else /* Plain time is callout connect/command timeout */ { callout = readconf_readtime(opt, 0, FALSE); @@ -930,7 +1189,7 @@ message if giving out verification details. */ if (verify_header_sender) { rc = verify_check_header_address(user_msgptr, log_msgptr, callout, - callout_overall, se_mailfrom, pm_mailfrom, verify_options); + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options); if (smtp_return_error_details) { if (*user_msgptr == NULL && *log_msgptr != NULL) @@ -994,6 +1253,8 @@ else if (verify_sender_address != NULL) else { BOOL routed = TRUE; + uschar *save_address_data = deliver_address_data; + sender_vaddr = deliver_make_addr(verify_sender_address, TRUE); if (no_details) setflag(sender_vaddr, af_sverify_told); if (verify_sender_address[0] != 0) @@ -1011,7 +1272,7 @@ else if (verify_sender_address != NULL) verify_options. */ rc = verify_address(sender_vaddr, NULL, verify_options, callout, - callout_overall, se_mailfrom, pm_mailfrom, &routed); + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, &routed); HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); @@ -1039,7 +1300,16 @@ else if (verify_sender_address != NULL) sender_vaddr->special_action = rc; sender_vaddr->next = sender_verified_list; sender_verified_list = sender_vaddr; + + /* Restore the recipient address data, which might have been clobbered by + the sender verification. */ + + deliver_address_data = save_address_data; } + + /* Put the sender address_data value into $sender_address_data */ + + sender_address_data = sender_vaddr->p.address_data; } /* A recipient address just gets a straightforward verify; again we must handle @@ -1054,7 +1324,7 @@ else addr2 = *addr; rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout, - callout_overall, se_mailfrom, pm_mailfrom, NULL); + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL); HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); *log_msgptr = addr2.message; *user_msgptr = addr2.user_message; @@ -1155,13 +1425,6 @@ if (d >= controls_list + sizeof(controls_list)/sizeof(control_def) || return CONTROL_ERROR; } -if (where > d->where_max) - { - *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL", - arg, acl_wherenames[where]); - return CONTROL_ERROR; - } - *pptr = arg + len; return d->value; } @@ -1206,10 +1469,14 @@ uschar *user_message = NULL; uschar *log_message = NULL; uschar *p; int rc = OK; +#ifdef WITH_CONTENT_SCAN +int sep = '/'; +#endif for (; cb != NULL; cb = cb->next) { uschar *arg; + int control_type; /* The message and log_message items set up messages to be used in case of rejection. They are expanded later. */ @@ -1312,6 +1579,17 @@ for (; cb != NULL; cb = cb->next) TRUE, NULL); break; +#ifdef EXPERIMENTAL_BRIGHTMAIL + case ACLC_BMI_OPTIN: + { + int old_pool = store_pool; + store_pool = POOL_PERM; + bmi_current_optin = string_copy(arg); + store_pool = old_pool; + } + break; +#endif + case ACLC_CONDITION: if (Ustrspn(arg, "0123456789") == Ustrlen(arg)) /* Digits, or empty */ rc = (Uatoi(arg) == 0)? FAIL : OK; @@ -1325,8 +1603,25 @@ for (; cb != NULL; cb = cb->next) break; case ACLC_CONTROL: - switch (decode_control(arg, &p, where, log_msgptr)) + control_type = decode_control(arg, &p, where, log_msgptr); + + /* Check if this control makes sense at this time */ + + if ((control_forbids[control_type] & (1 << where)) != 0) { + *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL", + controls[control_type], acl_wherenames[where]); + return ERROR; + } + + switch(control_type) + { +#ifdef EXPERIMENTAL_BRIGHTMAIL + case CONTROL_BMI_RUN: + bmi_run = 1; + break; +#endif + case CONTROL_ERROR: return ERROR; @@ -1346,10 +1641,32 @@ for (; cb != NULL; cb = cb->next) smtp_enforce_sync = FALSE; break; +#ifdef WITH_CONTENT_SCAN + case CONTROL_NO_MBOX_UNSPOOL: + no_mbox_unspool = TRUE; + break; +#endif + case CONTROL_NO_MULTILINE: no_multiline_responses = TRUE; break; + case CONTROL_FAKEREJECT: + fake_reject = TRUE; + if (*p == '/') + { + uschar *pp = p + 1; + while (*pp != 0) pp++; + fake_reject_text = expand_string(string_copyn(p+1, pp-p)); + p = pp; + } + else + { + /* Explicitly reset to default string */ + fake_reject_text = US"Your message has been rejected but is being kept for evaluation.\nIf it was a legit message, it may still be delivered to the target recipient(s)."; + } + break; + case CONTROL_FREEZE: deliver_freeze = TRUE; deliver_frozen_at = time(NULL); @@ -1361,20 +1678,38 @@ for (; cb != NULL; cb = cb->next) case CONTROL_SUBMISSION: submission_mode = TRUE; - if (Ustrncmp(p, "/domain=", 8) == 0) - { - submission_domain = string_copy(p+8); - } - else if (*p != 0) + while (*p == '/') + { + if (Ustrncmp(p, "/sender_retain", 14) == 0) + { + p += 14; + active_local_sender_retain = TRUE; + active_local_from_check = FALSE; + } + else if (Ustrncmp(p, "/domain=", 8) == 0) + { + uschar *pp = p + 8; + while (*pp != 0 && *pp != '/') pp++; + submission_domain = string_copyn(p+8, pp-p); + p = pp; + } + else break; + } + if (*p != 0) { - *log_msgptr = string_sprintf("syntax error in argument for " - "\"control\" modifier \"%s\"", arg); + *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg); return ERROR; } break; } break; +#ifdef WITH_CONTENT_SCAN + case ACLC_DECODE: + rc = mime_decode(&arg); + break; +#endif + case ACLC_DELAY: { int delay = readconf_readtime(arg, 0, FALSE); @@ -1398,6 +1733,12 @@ for (; cb != NULL; cb = cb->next) } break; +#ifdef WITH_OLD_DEMIME + case ACLC_DEMIME: + rc = demime(&arg); + break; +#endif + case ACLC_DNSLISTS: rc = verify_check_dnsbl(&arg); break; @@ -1477,12 +1818,42 @@ for (; cb != NULL; cb = cb->next) log_write(0, logbits, "%s", string_printing(s)); } break; + +#ifdef WITH_CONTENT_SCAN + case ACLC_MALWARE: + { + /* Seperate the regular expression and any optional parameters. */ + uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size); + /* Run the malware backend. */ + rc = malware(&ss); + /* Modify return code based upon the existance of options. */ + while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size)) + != NULL) { + if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) + { + /* FAIL so that the message is passed to the next ACL */ + rc = FAIL; + } + } + } + break; + + case ACLC_MIME_REGEX: + rc = mime_regex(&arg); + break; +#endif case ACLC_RECIPIENTS: rc = match_address_list(addr->address, TRUE, TRUE, &arg, NULL, -1, 0, &recipient_data); break; +#ifdef WITH_CONTENT_SCAN + case ACLC_REGEX: + rc = regex(&arg); + break; +#endif + case ACLC_SENDER_DOMAINS: { uschar *sdomain; @@ -1509,6 +1880,32 @@ for (; cb != NULL; cb = cb->next) } break; +#ifdef WITH_CONTENT_SCAN + case ACLC_SPAM: + { + /* Seperate the regular expression and any optional parameters. */ + uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size); + /* Run the spam backend. */ + rc = spam(&ss); + /* Modify return code based upon the existance of options. */ + while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size)) + != NULL) { + if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) + { + /* FAIL so that the message is passed to the next ACL */ + rc = FAIL; + } + } + } + break; +#endif + +#ifdef EXPERIMENTAL_SPF + case ACLC_SPF: + rc = spf_process(&arg, sender_address); + break; +#endif + /* If the verb is WARN, discard any user message from verification, because such messages are SMTP responses, not header additions. The latter come only from explicit "message" modifiers. */ @@ -2074,7 +2471,7 @@ else rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); smtp_command_argument = deliver_domain = - deliver_localpart = deliver_address_data = NULL; + deliver_localpart = deliver_address_data = sender_address_data = NULL; /* A DISCARD response is permitted only for message ACLs, excluding the PREDATA ACL, which is really in the middle of an SMTP command. */