Re: [exim] time-of-day ACLs

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: Yan Seiner
CC: Exim-users
Assumpte: Re: [exim] time-of-day ACLs
On 2009-06-16 at 08:17 -0700, Yan Seiner wrote:
> I'd like to be able to deny access to specific users at specific times of
> day.
>
> For example, user Joe might have access during the following hours (local
> time):
>
> 0600-0745
> 1700-1900
> 2000-2145
>
> At times other than these Joe's access to the smtp server should be
> denied. I'd like to be able to do this on a per-user basis.


So you will have a lookup on the $authenticated_id (since I'm guessing
that's how you know it's Joe) that will return a list of timestamps.
Call the results of that LOOKUP, let's assume it's colon-separated,
looking like:
0600-0745:1700-1900:2000-2145

Have the tool which generates the lookup normalise the times to GMT.

You can then use $tod_zulu to get the current date and time in GMT as a
sequence of digits followed by 'Z', and substr to extract the current
time.

Thus ${substr_8_4:$tod_zulu} yields the current time in an appropriate
format.

So the expression to check if the current time is within 0500 and 0600
would be:
${if and{{>{${substr_8_4:$tod_zulu}}{0500}}{<{${substr_8_4:$tod_zulu}}{0600}}}}

So, if this holds true for any of the time ranges in LOOKUP, then we can
have a condition be true, otherwise false.

Let's assume that you've made sure that each time-range is nine digits
long, "0600-0745" and not validate that much; feel free to change the
split logic according to your degree of trust in the DB building tools
you have, but the simplest is to just use substring extraction again;
${substr_0_4:RANGE} and ${substr_5_4:RANGE} for the given timestamps.

  ${if forany{LOOKUP}{and{\
      {>{${substr_8_4:$tod_zulu}}{${substr_0_4:$item}}}\
      {<{${substr_8_4:$tod_zulu}}{${substr_5_4:$item}}}\
      }}}


The value of $tod_zulu changes but it shouldn't affect the results much;
reverse the order of the checks if you want to grant a few microseconds
more leeway. ;)

It's up to you to provide LOOKUP and use the result of the condition
accordingly.

-Phil