X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Facl.c;h=9efc85844ca484d02f5c3040fb31848ed6cf4dc4;hb=06fdb9f73dedfffc8b8613017ec1bb23f970b246;hp=b5ffa0193ed58372ca72918d9d922eaf543f502f;hpb=d5b80e59458182b2d557a929a18cb8c70cd56b68;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/acl.c b/src/src/acl.c index b5ffa0193..9efc85844 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for handling Access Control Lists (ACLs) */ @@ -37,13 +37,13 @@ are held as a bitmap. This is to avoid expanding the strings unnecessarily. For the code. */ static int msgcond[] = { - [ACL_ACCEPT] = (1<u.varname = string_copyn(s, 18); + s = endptr; + while (isspace(*s)) s++; + } + else +#endif { uschar *endptr; @@ -1036,9 +1046,7 @@ for (p = q; *p != 0; ) uschar * fn_hdrs_added(void) { -uschar * ret = NULL; -int size = 0; -int ptr = 0; +gstring * g = NULL; header_line * h = acl_added_headers; uschar * s; uschar * cp; @@ -1053,18 +1061,19 @@ do if (cp[1] == '\0') break; /* contains embedded newline; needs doubling */ - ret = string_catn(ret, &size, &ptr, s, cp-s+1); - ret = string_catn(ret, &size, &ptr, US"\n", 1); + g = string_catn(g, s, cp-s+1); + g = string_catn(g, US"\n", 1); s = cp+1; } /* last bit of header */ - ret = string_catn(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */ +/*XXX could we use add_listele? */ + g = string_catn(g, s, cp-s+1); /* newline-sep list */ } while((h = h->next)); -ret[ptr-1] = '\0'; /* overwrite last newline */ -return ret; +g->s[g->ptr - 1] = '\0'; /* overwrite last newline */ +return g->s; } @@ -1515,7 +1524,7 @@ switch (dns_lookup(&dnsa, target, type, NULL)) enum { VERIFY_REV_HOST_LKUP, VERIFY_CERT, VERIFY_HELO, VERIFY_CSA, VERIFY_HDR_SYNTAX, VERIFY_NOT_BLIND, VERIFY_HDR_SNDR, VERIFY_SNDR, VERIFY_RCPT, - VERIFY_HDR_NAMES_ASCII + VERIFY_HDR_NAMES_ASCII, VERIFY_ARC }; typedef struct { uschar * name; @@ -1527,17 +1536,20 @@ typedef struct { static verify_type_t verify_type_list[] = { /* name value where no-opt opt-sep */ { US"reverse_host_lookup", VERIFY_REV_HOST_LKUP, ~0, FALSE, 0 }, - { US"certificate", VERIFY_CERT, ~0, TRUE, 0 }, - { US"helo", VERIFY_HELO, ~0, TRUE, 0 }, + { US"certificate", VERIFY_CERT, ~0, TRUE, 0 }, + { US"helo", VERIFY_HELO, ~0, TRUE, 0 }, { US"csa", VERIFY_CSA, ~0, FALSE, 0 }, - { US"header_syntax", VERIFY_HDR_SYNTAX, (1<= CS verify_type_list + sizeof(verify_type_list)) goto BAD_VERIFY; -if (vp->no_options && slash != NULL) +if (vp->no_options && slash) { *log_msgptr = string_sprintf("unexpected '/' found in \"%s\" " "(this verify item has no options)", arg); return ERROR; } -if (!(vp->where_allowed & (1<where_allowed & BIT(where))) { - *log_msgptr = string_sprintf("cannot verify %s in ACL for %s", vp->name, acl_wherenames[where]); + *log_msgptr = string_sprintf("cannot verify %s in ACL for %s", + vp->name, acl_wherenames[where]); return ERROR; } switch(vp->value) @@ -1683,7 +1696,7 @@ switch(vp->value) return csa_return_code[rc]; case VERIFY_HDR_SYNTAX: - /* Check that all relevant header lines have the correct syntax. If there is + /* Check that all relevant header lines have the correct 5322-syntax. If there is a syntax error, we return details of the error to the sender if configured to send out full details. (But a "message" setting on the ACL can override, as always). */ @@ -2900,8 +2913,19 @@ for (; cb != NULL; cb = cb->next) if (cb->type == ACLC_SET) { - debug_printf("acl_%s ", cb->u.varname); - lhswidth += 5 + Ustrlen(cb->u.varname); +#ifndef DISABLE_DKIM + if ( Ustrcmp(cb->u.varname, "dkim_verify_status") == 0 + || Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0) + { + debug_printf("%s ", cb->u.varname); + lhswidth += 19; + } + else +#endif + { + debug_printf("acl_%s ", cb->u.varname); + lhswidth += 5 + Ustrlen(cb->u.varname); + } } debug_printf("= %s\n", cb->arg); @@ -3263,6 +3287,8 @@ for (; cb != NULL; cb = cb->next) p = pp; } } + else + DEBUG(D_acl) debug_printf(" cutthrough request ignored for nonfirst rcpt\n"); break; } *log_msgptr = string_sprintf("\"control=%s\" on %s item", @@ -3403,7 +3429,7 @@ for (; cb != NULL; cb = cb->next) #ifndef DISABLE_DKIM case ACLC_DKIM_SIGNER: - if (dkim_cur_signer != NULL) + if (dkim_cur_signer) rc = match_isinlist(dkim_cur_signer, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); else @@ -3411,7 +3437,7 @@ for (; cb != NULL; cb = cb->next) break; case ACLC_DKIM_STATUS: - rc = match_isinlist(dkim_exim_expand_query(DKIM_VERIFY_STATUS), + rc = match_isinlist(dkim_verify_status, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); break; #endif @@ -3567,6 +3593,12 @@ for (; cb != NULL; cb = cb->next) #endif case ACLC_QUEUE: + if (Ustrchr(arg, '/')) + { + *log_msgptr = string_sprintf( + "Directory separator not permitted in queue name: '%s'", arg); + return ERROR; + } queue_name = string_copy_malloc(arg); break; @@ -3610,45 +3642,50 @@ for (; cb != NULL; cb = cb->next) { int old_pool = store_pool; if ( cb->u.varname[0] == 'c' +#ifndef DISABLE_DKIM + || cb->u.varname[0] == 'd' +#endif #ifndef DISABLE_EVENT || event_name /* An event is being delivered */ #endif ) store_pool = POOL_PERM; - acl_var_create(cb->u.varname)->data.ptr = string_copy(arg); +#ifndef DISABLE_DKIM /* Overwriteable dkim result variables */ + if (Ustrcmp(cb->u.varname, "dkim_verify_status") == 0) + dkim_verify_status = string_copy(arg); + else if (Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0) + dkim_verify_reason = string_copy(arg); + else +#endif + acl_var_create(cb->u.varname)->data.ptr = string_copy(arg); store_pool = old_pool; } break; - #ifdef WITH_CONTENT_SCAN +#ifdef WITH_CONTENT_SCAN case ACLC_SPAM: { /* Separate the regular expression and any optional parameters. */ const uschar * list = arg; uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size); - /* Run the spam backend. */ + rc = spam(CUSS &ss); /* Modify return code based upon the existence of options. */ - while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) - != NULL) { + while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) - { - /* FAIL so that the message is passed to the next ACL */ - rc = FAIL; - } - } + rc = FAIL; /* FAIL so that the message is passed to the next ACL */ } break; - #endif +#endif - #ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF case ACLC_SPF: rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL); break; case ACLC_SPF_GUESS: rc = spf_process(&arg, sender_address, SPF_PROCESS_GUESS); break; - #endif +#endif case ACLC_UDPSEND: rc = acl_udpsend(arg, log_msgptr); @@ -3701,7 +3738,7 @@ present. */ if (*epp && rc == OK) user_message = NULL; -if (((1< cutthrough.nrcpt - && (rc = open_cutthrough_connection(addr)) == DEFER ) - if (cutthrough.defer_pass) - { - uschar * s = addr->message; - /* Horrid kludge to recover target's SMTP message */ - while (*s) s++; - do --s; while (!isdigit(*s)); - if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s; - acl_temp_details = TRUE; - } - else - { - HDEBUG(D_acl) debug_printf_indent("cutthrough defer; will spool\n"); - rc = OK; - } + { + if ((rc = open_cutthrough_connection(addr)) == DEFER) + if (cutthrough.defer_pass) + { + uschar * s = addr->message; + /* Horrid kludge to recover target's SMTP message */ + while (*s) s++; + do --s; while (!isdigit(*s)); + if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s; + acl_temp_details = TRUE; + } + else + { + HDEBUG(D_acl) debug_printf_indent("cutthrough defer; will spool\n"); + rc = OK; + } + } + else HDEBUG(D_acl) if (cutthrough.delivery) + if (rcpt_count <= cutthrough.nrcpt) + debug_printf_indent("ignore cutthrough request; nonfirst message\n"); + else if (rc != OK) + debug_printf_indent("ignore cutthrough request; ACL did not accept\n"); break; case ACL_WHERE_PREDATA: