X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3dcf4a2e22328f9edfbc403986875307f4ca395..8800895ae8a1e9c49c739839a6623292d7a473d0:/src/src/acl.c diff --git a/src/src/acl.c b/src/src/acl.c index f2b1aaa13..06fa6e898 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.37 2005/05/31 17:07:39 fanf2 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.47 2005/09/12 10:08:54 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -81,7 +81,9 @@ ACLC_CONDITION, ACLC_CONTROL, "log_message", "logwrite", and "set" are modifiers that look like conditions but always return TRUE. They are used for their side effects. */ -static uschar *conditions[] = { US"acl", US"authenticated", +static uschar *conditions[] = { + US"acl", + US"authenticated", #ifdef EXPERIMENTAL_BRIGHTMAIL US"bmi_optin", #endif @@ -125,11 +127,45 @@ static uschar *conditions[] = { US"acl", US"authenticated", #endif US"verify" }; -/* ACL control names */ -static uschar *controls[] = { US"error", US"caseful_local_part", +/* Return values from decode_control(); keep in step with the table of names +that follows! */ + +enum { +#ifdef EXPERIMENTAL_BRIGHTMAIL + CONTROL_BMI_RUN, +#endif +#ifdef EXPERIMENTAL_DOMAINKEYS + CONTROL_DK_VERIFY, +#endif + CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART, + CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE, + CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION, CONTROL_SUPPRESS_LOCAL_FIXUPS, +#ifdef WITH_CONTENT_SCAN + CONTROL_NO_MBOX_UNSPOOL, +#endif + CONTROL_FAKEDEFER, CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE }; + +/* ACL control names; keep in step with the table above! This list is used for +turning ids into names. The actual list of recognized names is in the variable +control_def controls_list[] below. The fact that there are two lists is a mess +and should be tidied up. */ + +static uschar *controls[] = { + #ifdef EXPERIMENTAL_BRIGHTMAIL + US"bmi_run", + #endif + #ifdef EXPERIMENTAL_DOMAINKEYS + US"dk_verify", + #endif + US"error", US"caseful_local_part", US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze", - US"queue_only", US"submission", US"no_multiline"}; + US"queue_only", US"submission", US"suppress_local_fixups", + #ifdef WITH_CONTENT_SCAN + US"no_mbox_unspool", + #endif + + US"no_multiline"}; /* Flags to indicate for which conditions /modifiers a string expansion is done at the outer level. In the other cases, expansion already occurs in the @@ -412,23 +448,6 @@ static unsigned int cond_forbids[] = { }; -/* Return values from decode_control() */ - -enum { -#ifdef EXPERIMENTAL_BRIGHTMAIL - CONTROL_BMI_RUN, -#endif -#ifdef EXPERIMENTAL_DOMAINKEYS - CONTROL_DK_VERIFY, -#endif - CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART, - CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE, - CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION, -#ifdef WITH_CONTENT_SCAN - CONTROL_NO_MBOX_UNSPOOL, -#endif - CONTROL_FAKEDEFER, CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE }; - /* Bit map vector of which controls are not allowed at certain times. For each control, there's a bitmap of dis-allowed times. For some, it is easier to specify the negation of a small number of allowed times. */ @@ -467,6 +486,10 @@ static unsigned int control_forbids[] = { ~((1<name, domain); /* Now we are ready to do the actual DNS lookup(s). */ +found = domain; switch (dns_special_lookup(&dnsa, domain, T_CSA, &found)) { /* If something bad happened (most commonly DNS_AGAIN), defer. */ @@ -1322,6 +1347,7 @@ BOOL verify_header_sender = FALSE; BOOL defer_ok = FALSE; BOOL callout_defer_ok = FALSE; BOOL no_details = FALSE; +BOOL success_on_redirect = FALSE; address_item *sender_vaddr = NULL; uschar *verify_sender_address = NULL; uschar *pm_mailfrom = NULL; @@ -1359,12 +1385,16 @@ if (strcmpic(ss, US"certificate") == 0) return FAIL; } -/* We can test the result of optional HELO verification */ +/* We can test the result of optional HELO verification that might have +occurred earlier. If not, we can attempt the verification now. */ if (strcmpic(ss, US"helo") == 0) { if (slash != NULL) goto NO_OPTIONS; - return helo_verified? OK : FAIL; + if (helo_verified) return OK; + if (helo_verify_failed) return FAIL; + if (smtp_verify_helo()) return helo_verified? OK : FAIL; + return DEFER; } /* Do Client SMTP Authorization checks in a separate function, and turn the @@ -1388,18 +1418,29 @@ always). */ if (strcmpic(ss, US"header_syntax") == 0) { if (slash != NULL) goto NO_OPTIONS; - if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) - { - *log_msgptr = string_sprintf("cannot check header contents in ACL for %s " - "(only possible in ACL for DATA)", acl_wherenames[where]); - return ERROR; - } + if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL; rc = verify_check_headers(log_msgptr); if (rc != OK && smtp_return_error_details && *log_msgptr != NULL) *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); return rc; } +/* Check that no recipient of this message is "blind", that is, every envelope +recipient must be mentioned in either To: or Cc:. */ + +if (strcmpic(ss, US"not_blind") == 0) + { + if (slash != NULL) goto NO_OPTIONS; + if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL; + rc = verify_check_notblind(); + if (rc != OK) + { + *log_msgptr = string_sprintf("bcc recipient detected"); + if (smtp_return_error_details) + *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); + } + return rc; + } /* The remaining verification tests check recipient and sender addresses, either from the envelope or from the header. There are a number of @@ -1412,12 +1453,7 @@ sender and recipient. */ if (strcmpic(ss, US"header_sender") == 0) { - if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) - { - *log_msgptr = string_sprintf("cannot check header contents in ACL for %s " - "(only possible in ACL for DATA)", acl_wherenames[where]); - return ERROR; - } + if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL; verify_header_sender = TRUE; } @@ -1464,6 +1500,7 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) { if (strcmpic(ss, US"defer_ok") == 0) defer_ok = TRUE; else if (strcmpic(ss, US"no_details") == 0) no_details = TRUE; + else if (strcmpic(ss, US"success_on_redirect") == 0) success_on_redirect = TRUE; /* These two old options are left for backwards compatibility */ @@ -1721,6 +1758,9 @@ else if (verify_sender_address != NULL) else verify_options |= vopt_fake_sender; + if (success_on_redirect) + verify_options |= vopt_success_on_redirect; + /* The recipient, qualify, and expn options are never set in verify_options. */ @@ -1772,6 +1812,9 @@ else { address_item addr2; + if (success_on_redirect) + verify_options |= vopt_success_on_redirect; + /* We must use a copy of the address for verification, because it might get rewritten. */ @@ -1847,6 +1890,13 @@ NO_OPTIONS: *log_msgptr = string_sprintf("unexpected '/' found in \"%s\" " "(this verify item has no options)", arg); return ERROR; + +/* Calls in the wrong ACL come here */ + +WRONG_ACL: +*log_msgptr = string_sprintf("cannot check header contents in ACL for %s " + "(only possible in ACL for DATA)", acl_wherenames[where]); +return ERROR; } @@ -2011,8 +2061,7 @@ if (!have_key && sender_host_address != NULL) HDEBUG(D_acl) debug_printf("ratelimit condition limit=%.0f period=%.0f key=%s\n", limit, period, key); -/* If we are dealing with rate limits per connection, per message, or per byte, -see if we have already computed the rate by looking in the relevant tree. For +/* See if we have already computed the rate by looking in the relevant tree. For per-connection rate limiting, store tree nodes and dbdata in the permanent pool so that they survive across resets. */ @@ -2024,8 +2073,10 @@ if (per_conn) anchor = &ratelimiters_conn; store_pool = POOL_PERM; } -if (per_mail || per_byte) +else if (per_mail || per_byte) anchor = &ratelimiters_mail; +else if (per_cmd) + anchor = &ratelimiters_cmd; if (anchor != NULL && (t = tree_search(*anchor, key)) != NULL) { @@ -2452,7 +2503,7 @@ for (; cb != NULL; cb = cb->next) { uschar *pp = p + 6; while (*pp != 0 && *pp != '/') pp++; - originator_name = string_copy(parse_fix_phrase(p+6, pp-p-6, + submission_name = string_copy(parse_fix_phrase(p+6, pp-p-6, big_buffer, big_buffer_size)); p = pp; } @@ -2464,6 +2515,10 @@ for (; cb != NULL; cb = cb->next) return ERROR; } break; + + case CONTROL_SUPPRESS_LOCAL_FIXUPS: + suppress_local_fixups = TRUE; + break; } break; @@ -3115,7 +3170,7 @@ if (Ustrchr(ss, ' ') == NULL) return ERROR; } acl_text[statbuf.st_size] = 0; - close(fd); + (void)close(fd); acl_name = string_sprintf("ACL \"%s\"", ss); HDEBUG(D_acl) debug_printf("read ACL from file %s\n", ss); @@ -3302,7 +3357,7 @@ acl_check_internal() to do the actual work. Arguments: where ACL_WHERE_xxxx indicating where called from - data_string RCPT address, or SMTP command argument, or NULL + recipient RCPT address for RCPT check, else NULL s the input string; NULL is the same as an empty ACL => DENY user_msgptr where to put a user error (for SMTP response) log_msgptr where to put a logging message (not for SMTP response) @@ -3316,21 +3371,22 @@ Returns: OK access is granted by an ACCEPT verb */ int -acl_check(int where, uschar *data_string, uschar *s, uschar **user_msgptr, +acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr, uschar **log_msgptr) { int rc; address_item adb; -address_item *addr; +address_item *addr = NULL; *user_msgptr = *log_msgptr = NULL; sender_verified_failed = NULL; +ratelimiters_cmd = NULL; if (where == ACL_WHERE_RCPT) { adb = address_defaults; addr = &adb; - addr->address = data_string; + addr->address = recipient; if (deliver_split_address(addr) == DEFER) { *log_msgptr = US"defer in percent_hack_domains check"; @@ -3339,16 +3395,11 @@ if (where == ACL_WHERE_RCPT) deliver_domain = addr->domain; deliver_localpart = addr->local_part; } -else - { - addr = NULL; - smtp_command_argument = data_string; - } rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); -smtp_command_argument = deliver_domain = - deliver_localpart = deliver_address_data = sender_address_data = NULL; +deliver_domain = deliver_localpart = deliver_address_data = + sender_address_data = NULL; /* A DISCARD response is permitted only for message ACLs, excluding the PREDATA ACL, which is really in the middle of an SMTP command. */