Gitweb:
https://git.exim.org/exim.git/commitdiff/e89d95f1909c0972b0e854ae05f50246f4d727d6
Commit: e89d95f1909c0972b0e854ae05f50246f4d727d6
Parent: 9eed571fd7c3236326cc6ea74f1455b027df7604
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jun 14 21:29:08 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jun 14 21:29:08 2020 +0100
Relax restrictions on which ACLs verify conditions may be used
---
doc/doc-docbook/spec.xfpt | 7 ++++---
doc/doc-txt/ChangeLog | 5 +++++
src/src/acl.c | 8 ++++----
src/src/macros.h | 8 +++++++-
4 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e3684ba..8350b4d 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31776,8 +31776,9 @@ send email. Details of how this works are given in section
.cindex "header lines" "verifying header names only ASCII"
.cindex "verifying" "header names only ASCII"
This condition is relevant only in an ACL that is run after a message has been
-received, that is, in an ACL specified by &%acl_smtp_data%& or
-&%acl_not_smtp%&. It checks all header names (not the content) to make sure
+received.
+This usually means an ACL specified by &%acl_smtp_data%& or &%acl_not_smtp%&.
+It checks all header names (not the content) to make sure
there are no non-ASCII characters, also excluding control characters. The
allowable characters are decimal ASCII values 33 through 126.
@@ -31932,7 +31933,7 @@ Note that '/' is legal in local-parts; if the address may have such
(eg. is generated from the received message)
they must be protected from the options parsing by doubling:
.code
-verify = sender=${sg{${address:$h_sender:}}{/}{//}}
+verify = sender=${listquote{/}{${address:$h_sender:}}}
.endd
.endlist
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index fef4c74..0354ff2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -44,6 +44,11 @@ JH/08 Bug 2598: Fix verify ACL condition. The options for the condition are
expanded; previously using tainted values was rejected. Fix by using
dynamically-created buffers.
+JH/09 Relax restrictions on ACL verify condition needing access to message
+ headers. Previously they were only permitted in data and non-smtp ACLs;
+ permit also mime, dkim, prdr quit and notquit. Applies to header-syntax,
+ not_blind, header_sender and header_names_ascii verification.
+
Exim version 4.94
-----------------
diff --git a/src/src/acl.c b/src/src/acl.c
index 297489b..e1e6f9c 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1517,14 +1517,14 @@ static verify_type_t verify_type_list[] = {
{ US"certificate", VERIFY_CERT, (unsigned)~0, TRUE, 0 },
{ US"helo", VERIFY_HELO, (unsigned)~0, TRUE, 0 },
{ US"csa", VERIFY_CSA, (unsigned)~0, FALSE, 0 },
- { US"header_syntax", VERIFY_HDR_SYNTAX, ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
- { US"not_blind", VERIFY_NOT_BLIND, ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
- { US"header_sender", VERIFY_HDR_SNDR, ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
+ { US"header_syntax", VERIFY_HDR_SYNTAX, ACL_BITS_HAVEDATA, TRUE, 0 },
+ { US"not_blind", VERIFY_NOT_BLIND, ACL_BITS_HAVEDATA, FALSE, 0 },
+ { US"header_sender", VERIFY_HDR_SNDR, ACL_BITS_HAVEDATA, FALSE, 0 },
{ US"sender", VERIFY_SNDR, ACL_BIT_MAIL | ACL_BIT_RCPT
| ACL_BIT_PREDATA | ACL_BIT_DATA | ACL_BIT_NOTSMTP,
FALSE, 6 },
{ US"recipient", VERIFY_RCPT, ACL_BIT_RCPT, FALSE, 0 },
- { US"header_names_ascii", VERIFY_HDR_NAMES_ASCII, ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
+ { US"header_names_ascii", VERIFY_HDR_NAMES_ASCII, ACL_BITS_HAVEDATA, TRUE, 0 },
#ifdef EXPERIMENTAL_ARC
{ US"arc", VERIFY_ARC, ACL_BIT_DATA, FALSE , 0 },
#endif
diff --git a/src/src/macros.h b/src/src/macros.h
index f601244..b5221c7 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -974,7 +974,9 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */
#define ACL_BIT_MIME BIT(ACL_WHERE_MIME)
#define ACL_BIT_DKIM BIT(ACL_WHERE_DKIM)
#define ACL_BIT_DATA BIT(ACL_WHERE_DATA)
-#ifndef DISABLE_PRDR
+#ifdef DISABLE_PRDR
+# define ACL_BIT_PRDR 0
+#else
# define ACL_BIT_PRDR BIT(ACL_WHERE_PRDR)
#endif
#define ACL_BIT_NOTSMTP BIT(ACL_WHERE_NOTSMTP)
@@ -992,6 +994,10 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */
#define ACL_BIT_DELIVERY BIT(ACL_WHERE_DELIVERY)
#define ACL_BIT_UNKNOWN BIT(ACL_WHERE_UNKNOWN)
+#define ACL_BITS_HAVEDATA (ACL_BIT_MIME | ACL_BIT_DKIM | ACL_BIT_DATA \
+ | ACL_BIT_PRDR \
+ | ACL_BIT_NOTSMTP | ACL_BIT_QUIT | ACL_BIT_NOTQUIT)
+
/* Situations for spool_write_header() */