ph10 2004/10/18 12:36:23 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src acl.c receive.c
exim-test-orig/AutoTest List
Added files:
exim-test-orig/AutoTest/confs 590
exim-test-orig/AutoTest/log 590
exim-test-orig/AutoTest/paniclog 590
exim-test-orig/AutoTest/rejectlog 590
exim-test-orig/AutoTest/scripts 590
exim-test-orig/AutoTest/stderr 590
exim-test-orig/AutoTest/stdout 590
Log:
(1) Checking for invalid "control=" modifiers was not working (for example,
"submission" was allowed in a DATA ACL, though that is too late). Proper
checks are now done. (2) Minor fix to the testing "List" script to
ignore CVS directories.
Revision Changes Path
1.9 +6 -0 exim/exim-doc/doc-txt/ChangeLog
1.2 +55 -32 exim/exim-src/src/acl.c
1.2 +1 -0 exim/exim-src/src/receive.c
1.2 +1 -1 exim/exim-test-orig/AutoTest/List
1.1 +29 -0 exim/exim-test-orig/AutoTest/confs/590 (new)
1.1 +5 -0 exim/exim-test-orig/AutoTest/log/590 (new)
1.1 +1 -0 exim/exim-test-orig/AutoTest/paniclog/590 (new)
1.1 +19 -0 exim/exim-test-orig/AutoTest/rejectlog/590 (new)
1.1 +31 -0 exim/exim-test-orig/AutoTest/scripts/590 (new)
1.1 +2 -0 exim/exim-test-orig/AutoTest/stderr/590 (new)
1.1 +17 -0 exim/exim-test-orig/AutoTest/stdout/590 (new)
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ChangeLog 18 Oct 2004 09:26:02 -0000 1.8
+++ ChangeLog 18 Oct 2004 11:36:23 -0000 1.9
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.8 2004/10/18 09:26:02 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.9 2004/10/18 11:36:23 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -31,6 +31,12 @@
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
+
+ 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
+ was an oversight, and furthermore, ever since the addition of extra
+ controls (e.g. 4.43/32), the checks on when to allow different forms of
+ "control" were broken. There should now be diagnostics for all cases when a
+ control that does not make sense is encountered.
Exim version 4.43
Index: acl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/acl.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- acl.c 7 Oct 2004 10:39:01 -0000 1.1
+++ acl.c 18 Oct 2004 11:36:23 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/acl.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/acl.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -48,6 +48,12 @@
US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
US"message", US"recipients", US"sender_domains", US"senders", US"set",
US"verify" };
+
+/* ACL control names */
+
+static uschar *controls[] = { US"error", US"caseful_local_part",
+ US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze",
+ US"queue_only", US"submission", US"no_multiline"};
/* Flags to indicate for which conditions /modifiers a string expansion is done
at the outer level. In the other cases, expansion already occurs in the
@@ -99,8 +105,8 @@
FALSE /* verify */
};
-/* Bit map of which conditions are not allowed at certain times. For each
-condition, there's a bitmap of dis-allowed times. */
+/* Bit map vector of which conditions are not allowed at certain times. For
+each condition, there's a bitmap of dis-allowed times. */
static unsigned int cond_forbids[] = {
0, /* acl */
@@ -166,7 +172,6 @@
always and check in the verify function itself */
0 /* verify */
-
};
@@ -176,35 +181,48 @@
CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION, CONTROL_NO_MULTILINE };
-/* Structure listing various control arguments, with their characteristics.
-The maximum "where" value controls the ACLs in which the various controls are
-permitted to occur. Specifying ACL_WHERE_RCPT limits it to just the RCPT ACL;
-specifying ACL_WHERE_NOTSMTP limits it to "message" ACLs. */
+/* Bit map vector of which controls are not allowed at certain times. For
+each control, there's a bitmap of dis-allowed times. For some, it is easier to
+specify the negation of a small number of allowed times. */
+
+static unsigned int control_forbids[] = {
+ 0, /* error */
+ ~(1<<ACL_WHERE_RCPT), /* caseful_local_part */
+ ~(1<<ACL_WHERE_RCPT), /* caselower_local_part */
+ (1<<ACL_WHERE_NOTSMTP), /* enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */
+
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ (1<<ACL_WHERE_NOTSMTP)),
+
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* queue_only */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ (1<<ACL_WHERE_NOTSMTP)),
+
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* submission */
+ (1<<ACL_WHERE_PREDATA)),
+
+ (1<<ACL_WHERE_NOTSMTP) /* no_multiline */
+};
+
+/* Structure listing various control arguments, with their characteristics. */
typedef struct control_def {
uschar *name;
int value; /* CONTROL_xxx value */
- int where_max; /* Maximum "where" value */
BOOL has_option; /* Has /option(s) following */
} control_def;
static control_def controls_list[] = {
- { US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART,
- ACL_WHERE_RCPT, FALSE },
- { US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART,
- ACL_WHERE_RCPT, FALSE },
- { US"enforce_sync", CONTROL_ENFORCE_SYNC,
- INT_MAX, FALSE },
- { US"freeze", CONTROL_FREEZE,
- ACL_WHERE_NOTSMTP, FALSE },
- { US"no_enforce_sync", CONTROL_NO_ENFORCE_SYNC,
- INT_MAX, FALSE },
- { US"no_multiline_responses", CONTROL_NO_MULTILINE,
- INT_MAX, FALSE },
- { US"queue_only", CONTROL_QUEUE_ONLY,
- ACL_WHERE_NOTSMTP, FALSE },
- { US"submission", CONTROL_SUBMISSION,
- ACL_WHERE_NOTSMTP, TRUE }
+ { US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE},
+ { US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART, FALSE},
+ { US"enforce_sync", CONTROL_ENFORCE_SYNC, FALSE},
+ { US"freeze", CONTROL_FREEZE, FALSE},
+ { US"no_enforce_sync", CONTROL_NO_ENFORCE_SYNC, FALSE},
+ { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE},
+ { US"queue_only", CONTROL_QUEUE_ONLY, FALSE},
+ { US"submission", CONTROL_SUBMISSION, TRUE}
};
/* Enable recursion between acl_check_internal() and acl_check_condition() */
@@ -1155,13 +1173,6 @@
return CONTROL_ERROR;
}
-if (where > d->where_max)
- {
- *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL",
- arg, acl_wherenames[where]);
- return CONTROL_ERROR;
- }
-
*pptr = arg + len;
return d->value;
}
@@ -1210,6 +1221,7 @@
for (; cb != NULL; cb = cb->next)
{
uschar *arg;
+ int control_type;
/* The message and log_message items set up messages to be used in
case of rejection. They are expanded later. */
@@ -1325,7 +1337,18 @@
break;
case ACLC_CONTROL:
- switch (decode_control(arg, &p, where, log_msgptr))
+ control_type = decode_control(arg, &p, where, log_msgptr);
+
+ /* Check this control makes sense at this time */
+
+ if ((control_forbids[control_type] & (1 << where)) != 0)
+ {
+ *log_msgptr = string_sprintf("cannot use \"control=%s\" in %s ACL",
+ controls[control_type], acl_wherenames[where]);
+ return ERROR;
+ }
+
+ switch(control_type)
{
case CONTROL_ERROR:
return ERROR;
Index: receive.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/receive.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- receive.c 7 Oct 2004 10:39:01 -0000 1.1
+++ receive.c 18 Oct 2004 11:36:23 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/receive.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/receive.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -2723,6 +2723,7 @@
Uunlink(spool_name);
log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
sender_address, log_msg);
+ if (user_msg == NULL) user_msg = US"local configuration problem";
if (smtp_batched_input)
{
moan_smtp_batch(NULL, "%d %s", 550, user_msg);
Index: List
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/List,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- List 8 Oct 2004 14:49:15 -0000 1.1
+++ List 18 Oct 2004 11:36:23 -0000 1.2
@@ -11,7 +11,7 @@
foreach $test (@tests)
{
- next if ($test eq "." || $test eq "..");
+ next if ($test eq "." || $test eq ".." || $test eq "CVS");
open S, "scripts/$test" || die "Failed to open scripts/$test\n";
do { chomp($_ = <S>) } while $_ =~ /^#/;
die "** Missing return code at start of test data: $_\n" if !/^\d/;
Index: 590
====================================================================
# Exim test configuration 590
ACL=
CONTROL=
RECIPIENT=acl_smtp_rcpt=accept
# Macros are set externally in order to get the path
# of the Exim that is being tested, and the directory
# in which the test data lives.
exim_path = EXIM_PATH
primary_hostname = myhost.test.ex
spool_directory = DIR/spool
# ----- Main settings -----
acl_ACL = test_acl
RECIPIENT
queue_only
# ----- ACLs -----
begin acl
test_acl:
accept control = CONTROL
# End
Index: 590
====================================================================
1999-03-02 09:44:33 10HmaX-0005vi-00 U=ph10 F=<ph10@???> temporarily rejected after DATA: cannot use "control=submission" in DATA ACL
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ph10@??? U=ph10 P=local-smtp S=269
1999-03-02 09:44:33 U=ph10 temporarily rejected EHLO or HELO xxx: cannot use "control=submission" in EHLO or HELO ACL
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL
1999-03-02 09:44:33 10HmaY-0005vi-00 F=<ph10@???> rejected by non-SMTP ACL: cannot use "control=enforce_sync" in non-SMTP ACL
Index: 590
====================================================================
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL
Index: 590
====================================================================
1999-03-02 09:44:33 10HmaX-0005vi-00 U=ph10 F=<ph10@???> temporarily rejected after DATA: cannot use "control=submission" in DATA ACL
Envelope-from: <ph10@???>
Envelope-to: <ph10@???>
P Received: from ph10 by myhost.test.ex with local-smtp (Exim x.yz)
id 10HmaX-0005vi-00
for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
I Message-Id: <E10HmaX-0005vi-00@???>
F From: Philip Hazel <ph10@???>
Date: Tue, 2 Mar 1999 09:44:33 +0000
1999-03-02 09:44:33 U=ph10 temporarily rejected EHLO or HELO xxx: cannot use "control=submission" in EHLO or HELO ACL
1999-03-02 09:44:33 10HmaY-0005vi-00 F=<ph10@???> rejected by non-SMTP ACL: cannot use "control=enforce_sync" in non-SMTP ACL
Envelope-from: <ph10@???>
Envelope-to: <ph10@???>
P Received: from ph10 by myhost.test.ex with local (Exim x.yz)
id 10HmaY-0005vi-00
for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
I Message-Id: <E10HmaY-0005vi-00@???>
F From: Philip Hazel <ph10@???>
Date: Tue, 2 Mar 1999 09:44:33 +0000
Index: 590
====================================================================
0 check illegally placed ACL control modifiers
exim -DACL=smtp_data -DCONTROL=submission -bs
mail from:<>
rcpt to:<ph10@???>
data
Rhubarb
.
quit
****
0
exim -DACL=smtp_predata -DCONTROL=submission -bs
mail from:<>
rcpt to:<ph10@???>
data
Rhubarb
.
quit
****
0
exim -DACL=smtp_helo -DCONTROL=submission -bs
ehlo xxx
quit
****
0
exim -DACL=smtp_quit -DCONTROL=freeze -bs
quit
****
1
exim -DACL=not_smtp -DCONTROL=enforce_sync -oep ph10
****
no_msglog_check
Index: 590
====================================================================
1999-03-02 09:44:33 ACL for QUIT returned ERROR: cannot use "control=freeze" in QUIT ACL
exim: message rejected by non-SMTP ACL: local configuration problem
Index: 590
====================================================================
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
451 Temporary local problem - please try later
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
250 OK id=10HmaZ-0005vi-00
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
451 Temporary local problem - please try later
221 myhost.test.ex closing connection
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
221 myhost.test.ex closing connection