X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/69358f0206debf14a18c7e798e23133d304232b6..8e669ac162fe3b1040297f1d021de10778dce9d9:/src/src/acl.c diff --git a/src/src/acl.c b/src/src/acl.c index 31087809b..7b176b690 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.3 2004/10/19 11:04:26 ph10 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.19 2005/02/17 11:58:25 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2005 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for handling Access Control Lists (ACLs) */ @@ -34,26 +34,84 @@ static int msgcond[] = { FAIL, OK, OK, FAIL, OK, FAIL, OK }; /* ACL condition and modifier codes - keep in step with the table that follows. */ -enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY, - ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS, - ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, ACLC_MESSAGE, - ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY }; +enum { ACLC_ACL, ACLC_AUTHENTICATED, +#ifdef EXPERIMENTAL_BRIGHTMAIL + ACLC_BMI_OPTIN, +#endif +ACLC_CONDITION, ACLC_CONTROL, +#ifdef WITH_CONTENT_SCAN + ACLC_DECODE, +#endif + ACLC_DELAY, +#ifdef WITH_OLD_DEMIME + ACLC_DEMIME, +#endif + ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, + ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, +#ifdef WITH_CONTENT_SCAN + ACLC_MALWARE, +#endif + ACLC_MESSAGE, +#ifdef WITH_CONTENT_SCAN + ACLC_MIME_REGEX, +#endif + ACLC_RECIPIENTS, +#ifdef WITH_CONTENT_SCAN + ACLC_REGEX, +#endif + ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, +#ifdef WITH_CONTENT_SCAN + ACLC_SPAM, +#endif +#ifdef EXPERIMENTAL_SPF + ACLC_SPF, +#endif + ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "endpass", "message", "log_message", "logwrite", and "set" are modifiers that look like conditions but always return TRUE. They are used for their side effects. */ -static uschar *conditions[] = { US"acl", US"authenticated", US"condition", - US"control", US"delay", US"dnslists", US"domains", US"encrypted", +static uschar *conditions[] = { US"acl", US"authenticated", +#ifdef EXPERIMENTAL_BRIGHTMAIL + US"bmi_optin", +#endif + US"condition", + US"control", +#ifdef WITH_CONTENT_SCAN + US"decode", +#endif + US"delay", +#ifdef WITH_OLD_DEMIME + US"demime", +#endif + US"dnslists", US"domains", US"encrypted", US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite", - US"message", US"recipients", US"sender_domains", US"senders", US"set", +#ifdef WITH_CONTENT_SCAN + US"malware", +#endif + US"message", +#ifdef WITH_CONTENT_SCAN + US"mime_regex", +#endif + US"recipients", +#ifdef WITH_CONTENT_SCAN + US"regex", +#endif + US"sender_domains", US"senders", US"set", +#ifdef WITH_CONTENT_SCAN + US"spam", +#endif +#ifdef EXPERIMENTAL_SPF + US"spf", +#endif US"verify" }; - + /* ACL control names */ static uschar *controls[] = { US"error", US"caseful_local_part", US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze", - US"queue_only", US"submission", US"no_multiline"}; + US"queue_only", US"submission", US"no_multiline"}; /* Flags to indicate for which conditions /modifiers a string expansion is done at the outer level. In the other cases, expansion already occurs in the @@ -62,9 +120,18 @@ checking functions. */ static uschar cond_expand_at_top[] = { TRUE, /* acl */ FALSE, /* authenticated */ +#ifdef EXPERIMENTAL_BRIGHTMAIL + TRUE, /* bmi_optin */ +#endif TRUE, /* condition */ TRUE, /* control */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* decode */ +#endif TRUE, /* delay */ +#ifdef WITH_OLD_DEMIME + TRUE, /* demime */ +#endif TRUE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -73,11 +140,26 @@ static uschar cond_expand_at_top[] = { FALSE, /* local_parts */ TRUE, /* log_message */ TRUE, /* logwrite */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* malware */ +#endif TRUE, /* message */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* mime_regex */ +#endif FALSE, /* recipients */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* regex */ +#endif FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ +#ifdef WITH_CONTENT_SCAN + TRUE, /* spam */ +#endif +#ifdef EXPERIMENTAL_SPF + TRUE, /* spf */ +#endif TRUE /* verify */ }; @@ -86,9 +168,18 @@ static uschar cond_expand_at_top[] = { static uschar cond_modifiers[] = { FALSE, /* acl */ FALSE, /* authenticated */ +#ifdef EXPERIMENTAL_BRIGHTMAIL + TRUE, /* bmi_optin */ +#endif FALSE, /* condition */ TRUE, /* control */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* decode */ +#endif TRUE, /* delay */ +#ifdef WITH_OLD_DEMIME + FALSE, /* demime */ +#endif FALSE, /* dnslists */ FALSE, /* domains */ FALSE, /* encrypted */ @@ -96,12 +187,27 @@ static uschar cond_modifiers[] = { FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ - TRUE, /* log_write */ + TRUE, /* logwrite */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* malware */ +#endif TRUE, /* message */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* mime_regex */ +#endif FALSE, /* recipients */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* regex */ +#endif FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ +#ifdef WITH_CONTENT_SCAN + FALSE, /* spam */ +#endif +#ifdef EXPERIMENTAL_SPF + FALSE, /* spf */ +#endif FALSE /* verify */ }; @@ -110,15 +216,49 @@ each condition, there's a bitmap of dis-allowed times. */ static unsigned int cond_forbids[] = { 0, /* acl */ + (1< 0) newtype = htype_add_rec; p += 16; } + else if (strncmpic(p, US":at_start_rfc:", 14) == 0) + { + newtype = htype_add_rfc; + p += 14; + } else if (strncmpic(p, US":at_start:", 10) == 0) { newtype = htype_add_top; @@ -689,6 +924,7 @@ acl_verify(int where, address_item *addr, uschar *arg, int sep = '/'; int callout = -1; int callout_overall = -1; +int callout_connect = -1; int verify_options = 0; int rc; BOOL verify_header_sender = FALSE; @@ -835,6 +1071,11 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) uschar *opt; uschar buffer[256]; while (isspace(*ss)) ss++; + + /* This callout option handling code has become a mess as new options + have been added in an ad hoc manner. It should be tidied up into some + kind of table-driven thing. */ + while ((opt = string_nextinlist(&ss, &optsep, buffer, sizeof(buffer))) != NULL) { @@ -903,6 +1144,25 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) return ERROR; } } + else if (strncmpic(opt, US"connect", 7) == 0) + { + opt += 7; + while (isspace(*opt)) opt++; + if (*opt++ != '=') + { + *log_msgptr = string_sprintf("'=' expected after " + "\"callout_overaall\" in ACL condition \"%s\"", arg); + return ERROR; + } + while (isspace(*opt)) opt++; + callout_connect = readconf_readtime(opt, 0, FALSE); + if (callout_connect < 0) + { + *log_msgptr = string_sprintf("bad time value in ACL condition " + "\"verify %s\"", arg); + return ERROR; + } + } else /* Plain time is callout connect/command timeout */ { callout = readconf_readtime(opt, 0, FALSE); @@ -947,13 +1207,19 @@ message if giving out verification details. */ if (verify_header_sender) { + int verrno; rc = verify_check_header_address(user_msgptr, log_msgptr, callout, - callout_overall, se_mailfrom, pm_mailfrom, verify_options); - if (smtp_return_error_details) + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options, + &verrno); + if (rc != OK) { - if (*user_msgptr == NULL && *log_msgptr != NULL) - *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); - if (rc == DEFER) acl_temp_details = TRUE; + *basic_errno = verrno; + if (smtp_return_error_details) + { + if (*user_msgptr == NULL && *log_msgptr != NULL) + *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); + if (rc == DEFER) acl_temp_details = TRUE; + } } } @@ -1012,6 +1278,8 @@ else if (verify_sender_address != NULL) else { BOOL routed = TRUE; + uschar *save_address_data = deliver_address_data; + sender_vaddr = deliver_make_addr(verify_sender_address, TRUE); if (no_details) setflag(sender_vaddr, af_sverify_told); if (verify_sender_address[0] != 0) @@ -1029,7 +1297,7 @@ else if (verify_sender_address != NULL) verify_options. */ rc = verify_address(sender_vaddr, NULL, verify_options, callout, - callout_overall, se_mailfrom, pm_mailfrom, &routed); + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, &routed); HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); @@ -1057,7 +1325,16 @@ else if (verify_sender_address != NULL) sender_vaddr->special_action = rc; sender_vaddr->next = sender_verified_list; sender_verified_list = sender_vaddr; + + /* Restore the recipient address data, which might have been clobbered by + the sender verification. */ + + deliver_address_data = save_address_data; } + + /* Put the sender address_data value into $sender_address_data */ + + sender_address_data = sender_vaddr->p.address_data; } /* A recipient address just gets a straightforward verify; again we must handle @@ -1072,10 +1349,12 @@ else addr2 = *addr; rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout, - callout_overall, se_mailfrom, pm_mailfrom, NULL); + callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL); HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); + *log_msgptr = addr2.message; - *user_msgptr = addr2.user_message; + *user_msgptr = (addr2.user_message != NULL)? + addr2.user_message : addr2.message; *basic_errno = addr2.basic_errno; /* Make $address_data visible */ @@ -1217,11 +1496,14 @@ uschar *user_message = NULL; uschar *log_message = NULL; uschar *p; int rc = OK; +#ifdef WITH_CONTENT_SCAN +int sep = '/'; +#endif for (; cb != NULL; cb = cb->next) { uschar *arg; - int control_type; + int control_type; /* The message and log_message items set up messages to be used in case of rejection. They are expanded later. */ @@ -1324,6 +1606,17 @@ for (; cb != NULL; cb = cb->next) TRUE, NULL); break; +#ifdef EXPERIMENTAL_BRIGHTMAIL + case ACLC_BMI_OPTIN: + { + int old_pool = store_pool; + store_pool = POOL_PERM; + bmi_current_optin = string_copy(arg); + store_pool = old_pool; + } + break; +#endif + case ACLC_CONDITION: if (Ustrspn(arg, "0123456789") == Ustrlen(arg)) /* Digits, or empty */ rc = (Uatoi(arg) == 0)? FAIL : OK; @@ -1339,17 +1632,23 @@ for (; cb != NULL; cb = cb->next) case ACLC_CONTROL: control_type = decode_control(arg, &p, where, log_msgptr); - /* Check this control makes sense at this time */ + /* Check if this control makes sense at this time */ if ((control_forbids[control_type] & (1 << where)) != 0) { *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL", controls[control_type], acl_wherenames[where]); return ERROR; - } + } switch(control_type) { +#ifdef EXPERIMENTAL_BRIGHTMAIL + case CONTROL_BMI_RUN: + bmi_run = 1; + break; +#endif + case CONTROL_ERROR: return ERROR; @@ -1369,10 +1668,32 @@ for (; cb != NULL; cb = cb->next) smtp_enforce_sync = FALSE; break; +#ifdef WITH_CONTENT_SCAN + case CONTROL_NO_MBOX_UNSPOOL: + no_mbox_unspool = TRUE; + break; +#endif + case CONTROL_NO_MULTILINE: no_multiline_responses = TRUE; break; + case CONTROL_FAKEREJECT: + fake_reject = TRUE; + if (*p == '/') + { + uschar *pp = p + 1; + while (*pp != 0) pp++; + fake_reject_text = expand_string(string_copyn(p+1, pp-p)); + p = pp; + } + else + { + /* Explicitly reset to default string */ + fake_reject_text = US"Your message has been rejected but is being kept for evaluation.\nIf it was a legitimate message, it may still be delivered to the target recipient(s)."; + } + break; + case CONTROL_FREEZE: deliver_freeze = TRUE; deliver_frozen_at = time(NULL); @@ -1385,22 +1706,22 @@ for (; cb != NULL; cb = cb->next) case CONTROL_SUBMISSION: submission_mode = TRUE; while (*p == '/') - { + { if (Ustrncmp(p, "/sender_retain", 14) == 0) { p += 14; active_local_sender_retain = TRUE; - active_local_from_check = FALSE; - } + active_local_from_check = FALSE; + } else if (Ustrncmp(p, "/domain=", 8) == 0) { uschar *pp = p + 8; - while (*pp != 0 && *pp != '/') pp++; + while (*pp != 0 && *pp != '/') pp++; submission_domain = string_copyn(p+8, pp-p); - p = pp; + p = pp; } - else break; - } + else break; + } if (*p != 0) { *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg); @@ -1410,6 +1731,12 @@ for (; cb != NULL; cb = cb->next) } break; +#ifdef WITH_CONTENT_SCAN + case ACLC_DECODE: + rc = mime_decode(&arg); + break; +#endif + case ACLC_DELAY: { int delay = readconf_readtime(arg, 0, FALSE); @@ -1428,11 +1755,20 @@ for (; cb != NULL; cb = cb->next) HDEBUG(D_acl) debug_printf("delay skipped in -bh checking mode\n"); } - else sleep(delay); + else + { + while (delay > 0) delay = sleep(delay); + } } } break; +#ifdef WITH_OLD_DEMIME + case ACLC_DEMIME: + rc = demime(&arg); + break; +#endif + case ACLC_DNSLISTS: rc = verify_check_dnsbl(&arg); break; @@ -1513,11 +1849,41 @@ for (; cb != NULL; cb = cb->next) } break; +#ifdef WITH_CONTENT_SCAN + case ACLC_MALWARE: + { + /* Seperate the regular expression and any optional parameters. */ + uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size); + /* Run the malware backend. */ + rc = malware(&ss); + /* Modify return code based upon the existance of options. */ + while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size)) + != NULL) { + if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) + { + /* FAIL so that the message is passed to the next ACL */ + rc = FAIL; + } + } + } + break; + + case ACLC_MIME_REGEX: + rc = mime_regex(&arg); + break; +#endif + case ACLC_RECIPIENTS: rc = match_address_list(addr->address, TRUE, TRUE, &arg, NULL, -1, 0, &recipient_data); break; +#ifdef WITH_CONTENT_SCAN + case ACLC_REGEX: + rc = regex(&arg); + break; +#endif + case ACLC_SENDER_DOMAINS: { uschar *sdomain; @@ -1544,6 +1910,32 @@ for (; cb != NULL; cb = cb->next) } break; +#ifdef WITH_CONTENT_SCAN + case ACLC_SPAM: + { + /* Seperate the regular expression and any optional parameters. */ + uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size); + /* Run the spam backend. */ + rc = spam(&ss); + /* Modify return code based upon the existance of options. */ + while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size)) + != NULL) { + if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) + { + /* FAIL so that the message is passed to the next ACL */ + rc = FAIL; + } + } + } + break; +#endif + +#ifdef EXPERIMENTAL_SPF + case ACLC_SPF: + rc = spf_process(&arg, sender_address); + break; +#endif + /* If the verb is WARN, discard any user message from verification, because such messages are SMTP responses, not header additions. The latter come only from explicit "message" modifiers. */ @@ -2109,7 +2501,7 @@ else rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); smtp_command_argument = deliver_domain = - deliver_localpart = deliver_address_data = NULL; + deliver_localpart = deliver_address_data = sender_address_data = NULL; /* A DISCARD response is permitted only for message ACLs, excluding the PREDATA ACL, which is really in the middle of an SMTP command. */