[exim-cvs] Use flag bit macros for ACL conditions

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Use flag bit macros for ACL conditions
Gitweb: https://git.exim.org/exim.git/commitdiff/e7a31a822d93d144d51ad9940dc48c6c9aa7cded
Commit:     e7a31a822d93d144d51ad9940dc48c6c9aa7cded
Parent:     7e0622f31e19fea0cf50dea09b5ddc783d20a742
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Aug 28 00:01:06 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Aug 28 00:01:06 2024 +0100


    Use flag bit macros for ACL conditions
---
 src/src/acl.c | 101 ++++++++++++++++++++++++++++------------------------------
 1 file changed, 49 insertions(+), 52 deletions(-)


diff --git a/src/src/acl.c b/src/src/acl.c
index 4f010c925..36f31d7d1 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -129,12 +129,9 @@ being the prefix of another; the binary-search in the list will go wrong. */
 typedef struct condition_def {
   uschar    *name;


-/* Flag to indicate the condition/modifier has a string expansion done
-at the outer level. In the other cases, expansion already occurs in the
-checking functions. */
-  BOOL        expand_at_top:1;
-
-  BOOL        is_modifier:1;
+  unsigned    flags;
+#define ACD_EXP        BIT(0)    /* do expansion at outer level*/
+#define ACD_MOD        BIT(1)    /* is a modifier */


/* Bit map vector of which conditions and modifiers are not allowed at certain
times. For each condition and modifier, there's a bitmap of dis-allowed times.
@@ -145,9 +142,9 @@ times. */
} condition_def;

 static condition_def conditions[] = {
-  [ACLC_ACL] =            { US"acl",        FALSE, FALSE,    0 },
+  [ACLC_ACL] =            { US"acl",        0,    0 },


-  [ACLC_ADD_HEADER] =        { US"add_header",    TRUE, TRUE,
+  [ACLC_ADD_HEADER] =        { US"add_header",    ACD_EXP | ACD_MOD,
                   (unsigned)
                   ~(ACL_BIT_MAIL | ACL_BIT_RCPT |
                     ACL_BIT_PREDATA | ACL_BIT_DATA |
@@ -159,12 +156,12 @@ static condition_def conditions[] = {
                     ACL_BIT_NOTSMTP_START),
   },


-  [ACLC_AUTHENTICATED] =    { US"authenticated",    FALSE, FALSE,
+  [ACLC_AUTHENTICATED] =    { US"authenticated",    0,
                   ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START |
                     ACL_BIT_CONNECT | ACL_BIT_HELO,
   },
 #ifdef EXPERIMENTAL_BRIGHTMAIL
-  [ACLC_BMI_OPTIN] =        { US"bmi_optin",    TRUE, TRUE,
+  [ACLC_BMI_OPTIN] =        { US"bmi_optin",    ACD_EXP | ACD_MOD,
                   ACL_BIT_AUTH |
                     ACL_BIT_CONNECT | ACL_BIT_HELO |
                     ACL_BIT_DATA | ACL_BIT_MIME |
@@ -178,15 +175,15 @@ static condition_def conditions[] = {
                     ACL_BIT_NOTSMTP_START,
   },
 #endif
-  [ACLC_CONDITION] =        { US"condition",    TRUE, FALSE,    0 },
-  [ACLC_CONTINUE] =        { US"continue",    TRUE, TRUE,    0 },
+  [ACLC_CONDITION] =        { US"condition",    ACD_EXP,    0 },
+  [ACLC_CONTINUE] =        { US"continue",        ACD_EXP | ACD_MOD, 0 },


   /* Certain types of control are always allowed, so we let it through
   always and check in the control processing itself. */
-  [ACLC_CONTROL] =        { US"control",    TRUE, TRUE,    0 },
+  [ACLC_CONTROL] =        { US"control",        ACD_EXP | ACD_MOD, 0 },


 #ifdef EXPERIMENTAL_DCC
-  [ACLC_DCC] =            { US"dcc",        TRUE, FALSE,
+  [ACLC_DCC] =            { US"dcc",        ACD_EXP,
                   (unsigned)
                   ~(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
@@ -196,13 +193,13 @@ static condition_def conditions[] = {
   },
 #endif
 #ifdef WITH_CONTENT_SCAN
-  [ACLC_DECODE] =        { US"decode",        TRUE, FALSE, (unsigned int) ~ACL_BIT_MIME },
+  [ACLC_DECODE] =        { US"decode",        ACD_EXP, (unsigned) ~ACL_BIT_MIME },


 #endif
-  [ACLC_DELAY] =        { US"delay",        TRUE, TRUE, ACL_BIT_NOTQUIT },
+  [ACLC_DELAY] =        { US"delay",        ACD_EXP | ACD_MOD, ACL_BIT_NOTQUIT },
 #ifndef DISABLE_DKIM
-  [ACLC_DKIM_SIGNER] =        { US"dkim_signers",    TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
-  [ACLC_DKIM_STATUS] =        { US"dkim_status",    TRUE, FALSE,
+  [ACLC_DKIM_SIGNER] =        { US"dkim_signers",    ACD_EXP, (unsigned) ~ACL_BIT_DKIM },
+  [ACLC_DKIM_STATUS] =        { US"dkim_status",    ACD_EXP,
                   (unsigned)
                   ~(ACL_BIT_DKIM | ACL_BIT_DATA | ACL_BIT_MIME
 # ifndef DISABLE_PRDR
@@ -212,14 +209,14 @@ static condition_def conditions[] = {
   },
 #endif
 #ifdef SUPPORT_DMARC
-  [ACLC_DMARC_STATUS] =        { US"dmarc_status",    TRUE, FALSE, (unsigned int) ~ACL_BIT_DATA },
+  [ACLC_DMARC_STATUS] =        { US"dmarc_status",    ACD_EXP, (unsigned int) ~ACL_BIT_DATA },
 #endif


   /* Explicit key lookups can be made in non-smtp ACLs so pass
   always and check in the verify processing itself. */
-  [ACLC_DNSLISTS] =        { US"dnslists",    TRUE, FALSE,    0 },
+  [ACLC_DNSLISTS] =        { US"dnslists",        ACD_EXP, 0 },


-  [ACLC_DOMAINS] =        { US"domains",    FALSE, FALSE,
+  [ACLC_DOMAINS] =        { US"domains",        0,
                   (unsigned)
                   ~(ACL_BIT_RCPT | ACL_BIT_VRFY
 #ifndef DISABLE_PRDR
@@ -227,17 +224,17 @@ static condition_def conditions[] = {
 #endif
       ),
   },
-  [ACLC_ENCRYPTED] =        { US"encrypted",    FALSE, FALSE,
+  [ACLC_ENCRYPTED] =        { US"encrypted",    0,
                   ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START |
                     ACL_BIT_CONNECT
   },


-  [ACLC_ENDPASS] =        { US"endpass",    TRUE, TRUE,    0 },
+  [ACLC_ENDPASS] =        { US"endpass",    ACD_EXP | ACD_MOD,    0 },


-  [ACLC_HOSTS] =        { US"hosts",        FALSE, FALSE,
+  [ACLC_HOSTS] =        { US"hosts",        0,
                   ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
   },
-  [ACLC_LOCAL_PARTS] =        { US"local_parts",    FALSE, FALSE,
+  [ACLC_LOCAL_PARTS] =        { US"local_parts",    0,
                   (unsigned)
                   ~(ACL_BIT_RCPT | ACL_BIT_VRFY
 #ifndef DISABLE_PRDR
@@ -246,12 +243,12 @@ static condition_def conditions[] = {
       ),
   },


-  [ACLC_LOG_MESSAGE] =        { US"log_message",    TRUE, TRUE,    0 },
-  [ACLC_LOG_REJECT_TARGET] =    { US"log_reject_target", TRUE, TRUE,    0 },
-  [ACLC_LOGWRITE] =        { US"logwrite",    TRUE, TRUE,    0 },
+  [ACLC_LOG_MESSAGE] =        { US"log_message",    ACD_EXP | ACD_MOD, 0 },
+  [ACLC_LOG_REJECT_TARGET] =    { US"log_reject_target", ACD_EXP | ACD_MOD, 0 },
+  [ACLC_LOGWRITE] =        { US"logwrite",        ACD_EXP | ACD_MOD, 0 },


 #ifdef WITH_CONTENT_SCAN
-  [ACLC_MALWARE] =        { US"malware",    TRUE, FALSE,
+  [ACLC_MALWARE] =        { US"malware",        ACD_EXP,
                   (unsigned)
                     ~(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
@@ -261,12 +258,12 @@ static condition_def conditions[] = {
   },
 #endif


-  [ACLC_MESSAGE] =        { US"message",    TRUE, TRUE,    0 },
+  [ACLC_MESSAGE] =        { US"message",        ACD_EXP | ACD_MOD, 0 },
 #ifdef WITH_CONTENT_SCAN
-  [ACLC_MIME_REGEX] =        { US"mime_regex",    TRUE, FALSE, (unsigned int) ~ACL_BIT_MIME },
+  [ACLC_MIME_REGEX] =        { US"mime_regex",    ACD_EXP, (unsigned) ~ACL_BIT_MIME },
 #endif


-  [ACLC_QUEUE] =        { US"queue",        TRUE, TRUE,
+  [ACLC_QUEUE] =        { US"queue",        ACD_EXP | ACD_MOD,
                   ACL_BIT_NOTSMTP |
 #ifndef DISABLE_PRDR
                   ACL_BIT_PRDR |
@@ -274,11 +271,11 @@ static condition_def conditions[] = {
                   ACL_BIT_DATA,
   },


-  [ACLC_RATELIMIT] =        { US"ratelimit",    TRUE, FALSE,    0 },
-  [ACLC_RECIPIENTS] =        { US"recipients",    FALSE, FALSE, (unsigned int) ~ACL_BIT_RCPT },
+  [ACLC_RATELIMIT] =        { US"ratelimit",    ACD_EXP,    0 },
+  [ACLC_RECIPIENTS] =        { US"recipients",    0, (unsigned) ~ACL_BIT_RCPT },


 #ifdef WITH_CONTENT_SCAN
-  [ACLC_REGEX] =        { US"regex",        TRUE, FALSE,
+  [ACLC_REGEX] =        { US"regex",        ACD_EXP,
                   (unsigned)
                   ~(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
@@ -289,7 +286,7 @@ static condition_def conditions[] = {
   },


 #endif
-  [ACLC_REMOVE_HEADER] =    { US"remove_header",    TRUE, TRUE,
+  [ACLC_REMOVE_HEADER] =    { US"remove_header",    ACD_EXP | ACD_MOD,
                   (unsigned)
                   ~(ACL_BIT_MAIL|ACL_BIT_RCPT |
                     ACL_BIT_PREDATA | ACL_BIT_DATA |
@@ -299,15 +296,15 @@ static condition_def conditions[] = {
                     ACL_BIT_MIME | ACL_BIT_NOTSMTP |
                     ACL_BIT_NOTSMTP_START),
   },
-  [ACLC_SEEN] =            { US"seen",        TRUE, FALSE,    0 },
-  [ACLC_SENDER_DOMAINS] =    { US"sender_domains",    FALSE, FALSE,
+  [ACLC_SEEN] =            { US"seen",        ACD_EXP,    0 },
+  [ACLC_SENDER_DOMAINS] =    { US"sender_domains",    0,
                   ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO |
                     ACL_BIT_MAILAUTH | ACL_BIT_QUIT |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
                     ACL_BIT_STARTTLS | ACL_BIT_VRFY,
   },
-  [ACLC_SENDERS] =        { US"senders",    FALSE, FALSE,
+  [ACLC_SENDERS] =        { US"senders",    0,
                   ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO |
                     ACL_BIT_MAILAUTH | ACL_BIT_QUIT |
@@ -315,10 +312,10 @@ static condition_def conditions[] = {
                     ACL_BIT_STARTTLS | ACL_BIT_VRFY,
   },


-  [ACLC_SET] =            { US"set",        TRUE, TRUE,    0 },
+  [ACLC_SET] =            { US"set",        ACD_EXP | ACD_MOD, 0 },


 #ifdef WITH_CONTENT_SCAN
-  [ACLC_SPAM] =            { US"spam",        TRUE, FALSE,
+  [ACLC_SPAM] =            { US"spam",        ACD_EXP,
                   (unsigned) ~(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
                   ACL_BIT_PRDR |
@@ -327,14 +324,14 @@ static condition_def conditions[] = {
   },
 #endif
 #ifdef SUPPORT_SPF
-  [ACLC_SPF] =            { US"spf",        TRUE, FALSE,
+  [ACLC_SPF] =            { US"spf",        ACD_EXP,
                   ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO | ACL_BIT_MAILAUTH |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
                     ACL_BIT_STARTTLS | ACL_BIT_VRFY |
                     ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
   },
-  [ACLC_SPF_GUESS] =        { US"spf_guess",    TRUE, FALSE,
+  [ACLC_SPF_GUESS] =        { US"spf_guess",    ACD_EXP,
                   ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO | ACL_BIT_MAILAUTH |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
@@ -342,11 +339,11 @@ static condition_def conditions[] = {
                     ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
   },
 #endif
-  [ACLC_UDPSEND] =        { US"udpsend",        TRUE, TRUE,    0 },
+  [ACLC_UDPSEND] =        { US"udpsend",        ACD_EXP | ACD_MOD,    0 },


   /* Certain types of verify are always allowed, so we let it through
   always and check in the verify function itself */
-  [ACLC_VERIFY] =        { US"verify",        TRUE, FALSE, 0 },
+  [ACLC_VERIFY] =        { US"verify",        ACD_EXP,    0 },
 };



@@ -358,7 +355,7 @@ features_acl(void)
 for (condition_def * c = conditions; c < conditions + nelem(conditions); c++)
   {
   uschar buf[64], * p, * s;
-  int n = sprintf(CS buf, "_ACL_%s_", c->is_modifier ? "MOD" : "COND");
+  int n = sprintf(CS buf, "_ACL_%s_", c->flags & ACD_MOD ? "MOD" : "COND");
   for (p = buf + n, s = c->name; *s; s++) *p++ = toupper(*s);
   *p = '\0';
   builtin_macro_create(buf);
@@ -811,7 +808,7 @@ acl_data_to_cond(const uschar * s, acl_condition_block * cond,
 if (*s++ != '=')
   {
   *error = string_sprintf("\"=\" missing after ACL \"%s\" %s", name,
-    conditions[cond->type].is_modifier ? US"modifier" : US"condition");
+    conditions[cond->type].flags & ACD_MOD ? US"modifier" : US"condition");
   return FALSE;
   }
 Uskip_whitespace(&s);
@@ -922,7 +919,7 @@ while ((s = (*func)()))


/* The modifiers may not be negated */

-  if (negated && conditions[c].is_modifier)
+  if (negated && conditions[c].flags & ACD_MOD )
     {
     *error = string_sprintf("ACL error: negation is not allowed with "
       "\"%s\"", conditions[c].name);
@@ -3276,7 +3273,7 @@ for (; cb; cb = cb->next)
   of them, but not for all, because expansion happens down in some lower level
   checking functions in some cases. */


-  if (!conditions[cb->type].expand_at_top)
+  if (!(conditions[cb->type].flags & ACD_EXP))
     arg = cb->arg;


   else if (!(arg = expand_string_2(cb->arg, &textonly)))
@@ -3293,7 +3290,7 @@ for (; cb; cb = cb->next)
     {
     int lhswidth = 0;
     debug_printf_indent("check %s%s %n",
-      (!conditions[cb->type].is_modifier && cb->u.negated)? "!":"",
+      (!(conditions[cb->type].flags & ACD_MOD) && cb->u.negated) ? "!":"",
       conditions[cb->type].name, &lhswidth);


     if (cb->type == ACLC_SET)
@@ -3325,7 +3322,7 @@ for (; cb; cb = cb->next)
   if ((conditions[cb->type].forbids & (1 << where)) != 0)
     {
     *log_msgptr = string_sprintf("cannot %s %s condition in %s ACL",
-      conditions[cb->type].is_modifier ? "use" : "test",
+      conditions[cb->type].flags & ACD_MOD ? "use" : "test",
       conditions[cb->type].name, acl_wherenames[where]);
     return ERROR;
     }
@@ -4146,7 +4143,7 @@ for (; cb; cb = cb->next)


/* If a condition was negated, invert OK/FAIL. */

-  if (!conditions[cb->type].is_modifier && cb->u.negated)
+  if (!(conditions[cb->type].flags & ACD_MOD) && cb->u.negated)
     if (rc == OK) rc = FAIL;
     else if (rc == FAIL || rc == FAIL_DROP) rc = OK;



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/