[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Philip Hazel
Datum:  
To: exim-cvs
Betreff: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src acl.c receive.c exim/exim-test-orig/AutoTest List exim/exim-test-orig/AutoTest/confs 590 exim/exim-test-orig/AutoTest/log 59
ph10 2004/10/18 12:36:23 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         acl.c receive.c 
    exim-test-orig/AutoTest List 
  Added files:
    exim-test-orig/AutoTest/confs 590 
    exim-test-orig/AutoTest/log 590 
    exim-test-orig/AutoTest/paniclog 590 
    exim-test-orig/AutoTest/rejectlog 590 
    exim-test-orig/AutoTest/scripts 590 
    exim-test-orig/AutoTest/stderr 590 
    exim-test-orig/AutoTest/stdout 590 
  Log:
  (1) Checking for invalid "control=" modifiers was not working (for example,
  "submission" was allowed in a DATA ACL, though that is too late). Proper
  checks are now done. (2) Minor fix to the testing "List" script to
  ignore CVS directories.


  Revision  Changes    Path
  1.9       +6 -0      exim/exim-doc/doc-txt/ChangeLog
  1.2       +55 -32    exim/exim-src/src/acl.c
  1.2       +1 -0      exim/exim-src/src/receive.c
  1.2       +1 -1      exim/exim-test-orig/AutoTest/List
  1.1       +29 -0     exim/exim-test-orig/AutoTest/confs/590 (new)
  1.1       +5 -0      exim/exim-test-orig/AutoTest/log/590 (new)
  1.1       +1 -0      exim/exim-test-orig/AutoTest/paniclog/590 (new)
  1.1       +19 -0     exim/exim-test-orig/AutoTest/rejectlog/590 (new)
  1.1       +31 -0     exim/exim-test-orig/AutoTest/scripts/590 (new)
  1.1       +2 -0      exim/exim-test-orig/AutoTest/stderr/590 (new)
  1.1       +17 -0     exim/exim-test-orig/AutoTest/stdout/590 (new)


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ChangeLog    18 Oct 2004 09:26:02 -0000    1.8
  +++ ChangeLog    18 Oct 2004 11:36:23 -0000    1.9
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.8 2004/10/18 09:26:02 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.9 2004/10/18 11:36:23 ph10 Exp $


   Change log file for Exim from version 4.21
   -------------------------------------------
  @@ -31,6 +31,12 @@
       descriptors. Exim was using setrlimit() to set 1000 as a large value
       unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
       systems. I've change it so that if it can't get 1000, it tries for 256.
  +
  + 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
  +    was an oversight, and furthermore, ever since the addition of extra
  +    controls (e.g. 4.43/32), the checks on when to allow different forms of
  +    "control" were broken. There should now be diagnostics for all cases when a
  +    control that does not make sense is encountered.



Exim version 4.43

  Index: acl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/acl.c,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- acl.c    7 Oct 2004 10:39:01 -0000    1.1
  +++ acl.c    18 Oct 2004 11:36:23 -0000    1.2
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/acl.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/acl.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -48,6 +48,12 @@
     US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
     US"message", US"recipients", US"sender_domains", US"senders", US"set",
     US"verify" };
  +  
  +/* ACL control names */
  +
  +static uschar *controls[] = { US"error", US"caseful_local_part",
  +  US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze",
  +  US"queue_only", US"submission", US"no_multiline"}; 


   /* Flags to indicate for which conditions /modifiers a string expansion is done
   at the outer level. In the other cases, expansion already occurs in the
  @@ -99,8 +105,8 @@
     FALSE    /* verify */
   };


-/* Bit map of which conditions are not allowed at certain times. For each
-condition, there's a bitmap of dis-allowed times. */
+/* Bit map vector of which conditions are not allowed at certain times. For
+each condition, there's a bitmap of dis-allowed times. */

   static unsigned int cond_forbids[] = {
     0,                                               /* acl */
  @@ -166,7 +172,6 @@
     always and check in the verify function itself */


     0                                                /* verify */
  -
   };



  @@ -176,35 +181,48 @@
     CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
     CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION, CONTROL_NO_MULTILINE };


  -/* Structure listing various control arguments, with their characteristics.
  -The maximum "where" value controls the ACLs in which the various controls are
  -permitted to occur. Specifying ACL_WHERE_RCPT limits it to just the RCPT ACL;
  -specifying ACL_WHERE_NOTSMTP limits it to "message" ACLs. */
  +/* Bit map vector of which controls are not allowed at certain times. For
  +each control, there's a bitmap of dis-allowed times. For some, it is easier to
  +specify the negation of a small number of allowed times. */
  +
  +static unsigned int control_forbids[] = {
  +  0,                                               /* error */
  +  ~(1<<ACL_WHERE_RCPT),                            /* caseful_local_part */
  +  ~(1<<ACL_WHERE_RCPT),                            /* caselower_local_part */
  +  (1<<ACL_WHERE_NOTSMTP),                          /* enforce_sync */
  +  (1<<ACL_WHERE_NOTSMTP),                          /* no_enforce_sync */
  +   
  +  ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* freeze */
  +    (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
  +    (1<<ACL_WHERE_NOTSMTP)),
  +     
  +  ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* queue_only */
  +    (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
  +    (1<<ACL_WHERE_NOTSMTP)),
  +     
  +  ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* submission */
  +    (1<<ACL_WHERE_PREDATA)),                       
  +     
  +  (1<<ACL_WHERE_NOTSMTP)                           /* no_multiline */
  +};
  +
  +/* Structure listing various control arguments, with their characteristics. */


   typedef struct control_def {
     uschar *name;
     int    value;                  /* CONTROL_xxx value */
  -  int    where_max;              /* Maximum "where" value */
     BOOL   has_option;             /* Has /option(s) following */
   } control_def;


   static control_def controls_list[] = {
  -  { US"caseful_local_part",     CONTROL_CASEFUL_LOCAL_PART,
  -    ACL_WHERE_RCPT,    FALSE },
  -  { US"caselower_local_part",   CONTROL_CASELOWER_LOCAL_PART,
  -    ACL_WHERE_RCPT,    FALSE },
  -  { US"enforce_sync",           CONTROL_ENFORCE_SYNC,
  -    INT_MAX,           FALSE },
  -  { US"freeze",                 CONTROL_FREEZE,
  -    ACL_WHERE_NOTSMTP, FALSE },
  -  { US"no_enforce_sync",        CONTROL_NO_ENFORCE_SYNC,
  -    INT_MAX,           FALSE },
  -  { US"no_multiline_responses", CONTROL_NO_MULTILINE,
  -    INT_MAX,           FALSE },
  -  { US"queue_only",             CONTROL_QUEUE_ONLY,
  -    ACL_WHERE_NOTSMTP, FALSE },
  -  { US"submission",             CONTROL_SUBMISSION,
  -    ACL_WHERE_NOTSMTP, TRUE  }
  +  { US"caseful_local_part",     CONTROL_CASEFUL_LOCAL_PART, FALSE},
  +  { US"caselower_local_part",   CONTROL_CASELOWER_LOCAL_PART, FALSE},
  +  { US"enforce_sync",           CONTROL_ENFORCE_SYNC, FALSE},
  +  { US"freeze",                 CONTROL_FREEZE, FALSE},
  +  { US"no_enforce_sync",        CONTROL_NO_ENFORCE_SYNC, FALSE},
  +  { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE},
  +  { US"queue_only",             CONTROL_QUEUE_ONLY, FALSE},
  +  { US"submission",             CONTROL_SUBMISSION, TRUE}
     };


   /* Enable recursion between acl_check_internal() and acl_check_condition() */
  @@ -1155,13 +1173,6 @@
     return CONTROL_ERROR;
     }


  -if (where > d->where_max)
  -  {
  -  *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL",
  -    arg, acl_wherenames[where]);
  -  return CONTROL_ERROR;
  -  }
  -
   *pptr = arg + len;
   return d->value;
   }
  @@ -1210,6 +1221,7 @@
   for (; cb != NULL; cb = cb->next)
     {
     uschar *arg;
  +  int control_type; 


     /* The message and log_message items set up messages to be used in
     case of rejection. They are expanded later. */
  @@ -1325,7 +1337,18 @@
       break;


       case ACLC_CONTROL:
  -    switch (decode_control(arg, &p, where, log_msgptr))
  +    control_type = decode_control(arg, &p, where, log_msgptr);
  +
  +    /* Check this control makes sense at this time */
  +
  +    if ((control_forbids[control_type] & (1 << where)) != 0)
  +      {
  +      *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL",
  +        controls[control_type], acl_wherenames[where]);
  +      return ERROR;
  +      }                                                     
  +
  +    switch(control_type)
         {
         case CONTROL_ERROR:
         return ERROR;


  Index: receive.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/receive.c,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- receive.c    7 Oct 2004 10:39:01 -0000    1.1
  +++ receive.c    18 Oct 2004 11:36:23 -0000    1.2
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/receive.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/receive.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -2723,6 +2723,7 @@
         Uunlink(spool_name);
         log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
           sender_address, log_msg);
  +      if (user_msg == NULL) user_msg = US"local configuration problem";   
         if (smtp_batched_input)
           {
           moan_smtp_batch(NULL, "%d %s", 550, user_msg);


  Index: List
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/List,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- List    8 Oct 2004 14:49:15 -0000    1.1
  +++ List    18 Oct 2004 11:36:23 -0000    1.2
  @@ -11,7 +11,7 @@


   foreach $test (@tests)
     {
  -  next if ($test eq "." || $test eq "..");
  +  next if ($test eq "." || $test eq ".." || $test eq "CVS");
     open S, "scripts/$test" || die "Failed to open scripts/$test\n";
     do { chomp($_ = <S>) } while $_ =~ /^#/;
     die "** Missing return code at start of test data: $_\n" if !/^\d/;


Index: 590
====================================================================
# Exim test configuration 590

ACL=
CONTROL=
RECIPIENT=acl_smtp_rcpt=accept

# Macros are set externally in order to get the path
# of the Exim that is being tested, and the directory
# in which the test data lives.

exim_path = EXIM_PATH
primary_hostname = myhost.test.ex
spool_directory = DIR/spool

# ----- Main settings -----

acl_ACL = test_acl
RECIPIENT

queue_only

# ----- ACLs -----

begin acl

  test_acl:
    accept control = CONTROL


# End

Index: 590
====================================================================
1999-03-02 09:44:33 10HmaX-0005vi-00 U=ph10 F=<ph10@???> temporarily rejected after DATA: cannot use "control=submission" in DATA ACL
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ph10@??? U=ph10 P=local-smtp S=269
1999-03-02 09:44:33 U=ph10 temporarily rejected EHLO or HELO xxx: cannot use "control=submission" in EHLO or HELO ACL
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL
1999-03-02 09:44:33 10HmaY-0005vi-00 F=<ph10@???> rejected by non-SMTP ACL: cannot use "control=enforce_sync" in non-SMTP ACL

Index: 590
====================================================================
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL

  Index: 590
  ====================================================================
  1999-03-02 09:44:33 10HmaX-0005vi-00 U=ph10 F=<ph10@???> temporarily rejected after DATA: cannot use "control=submission" in DATA ACL
  Envelope-from: <ph10@???>
  Envelope-to: <ph10@???>
  P Received: from ph10 by myhost.test.ex with local-smtp (Exim x.yz)
      id 10HmaX-0005vi-00
      for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
  I Message-Id: <E10HmaX-0005vi-00@???>
  F From: Philip Hazel <ph10@???>
    Date: Tue, 2 Mar 1999 09:44:33 +0000
  1999-03-02 09:44:33 U=ph10 temporarily rejected EHLO or HELO xxx: cannot use "control=submission" in EHLO or HELO ACL
  1999-03-02 09:44:33 10HmaY-0005vi-00 F=<ph10@???> rejected by non-SMTP ACL: cannot use "control=enforce_sync" in non-SMTP ACL
  Envelope-from: <ph10@???>
  Envelope-to: <ph10@???>
  P Received: from ph10 by myhost.test.ex with local (Exim x.yz)
      id 10HmaY-0005vi-00
      for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
  I Message-Id: <E10HmaY-0005vi-00@???>
  F From: Philip Hazel <ph10@???>
    Date: Tue, 2 Mar 1999 09:44:33 +0000


Index: 590
====================================================================
0 check illegally placed ACL control modifiers
exim -DACL=smtp_data -DCONTROL=submission -bs
mail from:<>
rcpt to:<ph10@???>
data
Rhubarb
.
quit
****
0
exim -DACL=smtp_predata -DCONTROL=submission -bs
mail from:<>
rcpt to:<ph10@???>
data
Rhubarb
.
quit
****
0
exim -DACL=smtp_helo -DCONTROL=submission -bs
ehlo xxx
quit
****
0
exim -DACL=smtp_quit -DCONTROL=freeze -bs
quit
****
1
exim -DACL=not_smtp -DCONTROL=enforce_sync -oep ph10
****
no_msglog_check

Index: 590
====================================================================
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL
exim: message rejected by non-SMTP ACL: local configuration problem

Index: 590
====================================================================
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
451 Temporary local problem - please try later
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
250 OK id=10HmaZ-0005vi-00
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
451 Temporary local problem - please try later
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
221 myhost.test.ex closing connection