[exim-cvs] Clarify forbit/permit coding for ACL conditions

Góra strony
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] Clarify forbit/permit coding for ACL conditions
Gitweb: https://git.exim.org/exim.git/commitdiff/a0ecb20496a00e26cf7345a75cc1137eb3ac0709
Commit:     a0ecb20496a00e26cf7345a75cc1137eb3ac0709
Parent:     e7a31a822d93d144d51ad9940dc48c6c9aa7cded
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 26 16:44:06 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Aug 28 00:03:34 2024 +0100


    Clarify forbit/permit coding for ACL conditions
---
 src/src/acl.c | 129 +++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 73 insertions(+), 56 deletions(-)


diff --git a/src/src/acl.c b/src/src/acl.c
index 36f31d7d1..533dcd60a 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -138,15 +138,17 @@ times. For each condition and modifier, there's a bitmap of dis-allowed times.
 For some, it is easier to specify the negation of a small number of allowed
 times. */
   unsigned    forbids;
+#define FORBIDDEN(times)    (times)
+#define PERMITTED(times)    ((unsigned) ~(times))


} condition_def;

 static condition_def conditions[] = {
-  [ACLC_ACL] =            { US"acl",        0,    0 },
+  [ACLC_ACL] =            { US"acl",        0,
+                  FORBIDDEN(0) },


   [ACLC_ADD_HEADER] =        { US"add_header",    ACD_EXP | ACD_MOD,
-                  (unsigned)
-                  ~(ACL_BIT_MAIL | ACL_BIT_RCPT |
+                  PERMITTED(ACL_BIT_MAIL | ACL_BIT_RCPT |
                     ACL_BIT_PREDATA | ACL_BIT_DATA |
 #ifndef DISABLE_PRDR
                     ACL_BIT_PRDR |
@@ -157,12 +159,13 @@ static condition_def conditions[] = {
   },


   [ACLC_AUTHENTICATED] =    { US"authenticated",    0,
-                  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START |
-                    ACL_BIT_CONNECT | ACL_BIT_HELO,
+                  FORBIDDEN(ACL_BIT_NOTSMTP |
+                    ACL_BIT_NOTSMTP_START |
+                    ACL_BIT_CONNECT | ACL_BIT_HELO),
   },
 #ifdef EXPERIMENTAL_BRIGHTMAIL
   [ACLC_BMI_OPTIN] =        { US"bmi_optin",    ACD_EXP | ACD_MOD,
-                  ACL_BIT_AUTH |
+                  FORBIDDEN(ACL_BIT_AUTH |
                     ACL_BIT_CONNECT | ACL_BIT_HELO |
                     ACL_BIT_DATA | ACL_BIT_MIME |
 # ifndef DISABLE_PRDR
@@ -172,20 +175,22 @@ static condition_def conditions[] = {
                     ACL_BIT_MAILAUTH |
                     ACL_BIT_MAIL | ACL_BIT_STARTTLS |
                     ACL_BIT_VRFY | ACL_BIT_PREDATA |
-                    ACL_BIT_NOTSMTP_START,
+                    ACL_BIT_NOTSMTP_START),
   },
 #endif
-  [ACLC_CONDITION] =        { US"condition",    ACD_EXP,    0 },
-  [ACLC_CONTINUE] =        { US"continue",        ACD_EXP | ACD_MOD, 0 },
+  [ACLC_CONDITION] =        { US"condition",    ACD_EXP,
+                  FORBIDDEN(0) },
+  [ACLC_CONTINUE] =        { US"continue",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


   /* Certain types of control are always allowed, so we let it through
   always and check in the control processing itself. */
-  [ACLC_CONTROL] =        { US"control",        ACD_EXP | ACD_MOD, 0 },
+  [ACLC_CONTROL] =        { US"control",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


 #ifdef EXPERIMENTAL_DCC
   [ACLC_DCC] =            { US"dcc",        ACD_EXP,
-                  (unsigned)
-                  ~(ACL_BIT_DATA |
+                  PERMITTED(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
                   ACL_BIT_PRDR |
 # endif
@@ -193,15 +198,17 @@ static condition_def conditions[] = {
   },
 #endif
 #ifdef WITH_CONTENT_SCAN
-  [ACLC_DECODE] =        { US"decode",        ACD_EXP, (unsigned) ~ACL_BIT_MIME },
+  [ACLC_DECODE] =        { US"decode",        ACD_EXP,
+                  PERMITTED(ACL_BIT_MIME) },


 #endif
-  [ACLC_DELAY] =        { US"delay",        ACD_EXP | ACD_MOD, ACL_BIT_NOTQUIT },
+  [ACLC_DELAY] =        { US"delay",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(ACL_BIT_NOTQUIT) },
 #ifndef DISABLE_DKIM
-  [ACLC_DKIM_SIGNER] =        { US"dkim_signers",    ACD_EXP, (unsigned) ~ACL_BIT_DKIM },
+  [ACLC_DKIM_SIGNER] =        { US"dkim_signers",    ACD_EXP, 
+                  PERMITTED(ACL_BIT_DKIM) },
   [ACLC_DKIM_STATUS] =        { US"dkim_status",    ACD_EXP,
-                  (unsigned)
-                  ~(ACL_BIT_DKIM | ACL_BIT_DATA | ACL_BIT_MIME
+                  PERMITTED(ACL_BIT_DKIM | ACL_BIT_DATA | ACL_BIT_MIME
 # ifndef DISABLE_PRDR
                   | ACL_BIT_PRDR
 # endif
@@ -209,48 +216,52 @@ static condition_def conditions[] = {
   },
 #endif
 #ifdef SUPPORT_DMARC
-  [ACLC_DMARC_STATUS] =        { US"dmarc_status",    ACD_EXP, (unsigned int) ~ACL_BIT_DATA },
+  [ACLC_DMARC_STATUS] =        { US"dmarc_status",    ACD_EXP,
+                  PERMITTED(ACL_BIT_DATA) },
 #endif


   /* Explicit key lookups can be made in non-smtp ACLs so pass
   always and check in the verify processing itself. */
-  [ACLC_DNSLISTS] =        { US"dnslists",        ACD_EXP, 0 },
+  [ACLC_DNSLISTS] =        { US"dnslists",        ACD_EXP,
+                  FORBIDDEN(0) },


   [ACLC_DOMAINS] =        { US"domains",        0,
-                  (unsigned)
-                  ~(ACL_BIT_RCPT | ACL_BIT_VRFY
+                  PERMITTED(ACL_BIT_RCPT | ACL_BIT_VRFY
 #ifndef DISABLE_PRDR
-                  |ACL_BIT_PRDR
+                  | ACL_BIT_PRDR
 #endif
       ),
   },
   [ACLC_ENCRYPTED] =        { US"encrypted",    0,
-                  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START |
-                    ACL_BIT_CONNECT
+                  FORBIDDEN(ACL_BIT_NOTSMTP |
+                    ACL_BIT_NOTSMTP_START | ACL_BIT_CONNECT)
   },


-  [ACLC_ENDPASS] =        { US"endpass",    ACD_EXP | ACD_MOD,    0 },
+  [ACLC_ENDPASS] =        { US"endpass",    ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


   [ACLC_HOSTS] =        { US"hosts",        0,
-                  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
+                  FORBIDDEN(ACL_BIT_NOTSMTP |
+                    ACL_BIT_NOTSMTP_START),
   },
   [ACLC_LOCAL_PARTS] =        { US"local_parts",    0,
-                  (unsigned)
-                  ~(ACL_BIT_RCPT | ACL_BIT_VRFY
+                  PERMITTED(ACL_BIT_RCPT | ACL_BIT_VRFY
 #ifndef DISABLE_PRDR
                   | ACL_BIT_PRDR
 #endif
       ),
   },


-  [ACLC_LOG_MESSAGE] =        { US"log_message",    ACD_EXP | ACD_MOD, 0 },
-  [ACLC_LOG_REJECT_TARGET] =    { US"log_reject_target", ACD_EXP | ACD_MOD, 0 },
-  [ACLC_LOGWRITE] =        { US"logwrite",        ACD_EXP | ACD_MOD, 0 },
+  [ACLC_LOG_MESSAGE] =        { US"log_message",    ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },
+  [ACLC_LOG_REJECT_TARGET] =    { US"log_reject_target", ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },
+  [ACLC_LOGWRITE] =        { US"logwrite",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


 #ifdef WITH_CONTENT_SCAN
   [ACLC_MALWARE] =        { US"malware",        ACD_EXP,
-                  (unsigned)
-                    ~(ACL_BIT_DATA |
+                  PERMITTED(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
                     ACL_BIT_PRDR |
 # endif
@@ -258,26 +269,29 @@ static condition_def conditions[] = {
   },
 #endif


-  [ACLC_MESSAGE] =        { US"message",        ACD_EXP | ACD_MOD, 0 },
+  [ACLC_MESSAGE] =        { US"message",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },
 #ifdef WITH_CONTENT_SCAN
-  [ACLC_MIME_REGEX] =        { US"mime_regex",    ACD_EXP, (unsigned) ~ACL_BIT_MIME },
+  [ACLC_MIME_REGEX] =        { US"mime_regex",    ACD_EXP,
+                  PERMITTED(ACL_BIT_MIME) },
 #endif


   [ACLC_QUEUE] =        { US"queue",        ACD_EXP | ACD_MOD,
-                  ACL_BIT_NOTSMTP |
+                  FORBIDDEN(ACL_BIT_NOTSMTP |
 #ifndef DISABLE_PRDR
                   ACL_BIT_PRDR |
 #endif
-                  ACL_BIT_DATA,
+                  ACL_BIT_DATA),
   },


-  [ACLC_RATELIMIT] =        { US"ratelimit",    ACD_EXP,    0 },
-  [ACLC_RECIPIENTS] =        { US"recipients",    0, (unsigned) ~ACL_BIT_RCPT },
+  [ACLC_RATELIMIT] =        { US"ratelimit",    ACD_EXP,
+                  FORBIDDEN(0) },
+  [ACLC_RECIPIENTS] =        { US"recipients",    0,
+                  PERMITTED(ACL_BIT_RCPT) },


 #ifdef WITH_CONTENT_SCAN
   [ACLC_REGEX] =        { US"regex",        ACD_EXP,
-                  (unsigned)
-                  ~(ACL_BIT_DATA |
+                  PERMITTED(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
                     ACL_BIT_PRDR |
 # endif
@@ -287,8 +301,7 @@ static condition_def conditions[] = {


 #endif
   [ACLC_REMOVE_HEADER] =    { US"remove_header",    ACD_EXP | ACD_MOD,
-                  (unsigned)
-                  ~(ACL_BIT_MAIL|ACL_BIT_RCPT |
+                  PERMITTED(ACL_BIT_MAIL|ACL_BIT_RCPT |
                     ACL_BIT_PREDATA | ACL_BIT_DATA |
 #ifndef DISABLE_PRDR
                     ACL_BIT_PRDR |
@@ -296,27 +309,29 @@ static condition_def conditions[] = {
                     ACL_BIT_MIME | ACL_BIT_NOTSMTP |
                     ACL_BIT_NOTSMTP_START),
   },
-  [ACLC_SEEN] =            { US"seen",        ACD_EXP,    0 },
+  [ACLC_SEEN] =            { US"seen",        ACD_EXP,
+                  FORBIDDEN(0) },
   [ACLC_SENDER_DOMAINS] =    { US"sender_domains",    0,
-                  ACL_BIT_AUTH | ACL_BIT_CONNECT |
+                  FORBIDDEN(ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO |
                     ACL_BIT_MAILAUTH | ACL_BIT_QUIT |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
-                    ACL_BIT_STARTTLS | ACL_BIT_VRFY,
+                    ACL_BIT_STARTTLS | ACL_BIT_VRFY),
   },
   [ACLC_SENDERS] =        { US"senders",    0,
-                  ACL_BIT_AUTH | ACL_BIT_CONNECT |
+                  FORBIDDEN(ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO |
                     ACL_BIT_MAILAUTH | ACL_BIT_QUIT |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
-                    ACL_BIT_STARTTLS | ACL_BIT_VRFY,
+                    ACL_BIT_STARTTLS | ACL_BIT_VRFY),
   },


-  [ACLC_SET] =            { US"set",        ACD_EXP | ACD_MOD, 0 },
+  [ACLC_SET] =            { US"set",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


 #ifdef WITH_CONTENT_SCAN
   [ACLC_SPAM] =            { US"spam",        ACD_EXP,
-                  (unsigned) ~(ACL_BIT_DATA |
+                  PERMITTED(ACL_BIT_DATA |
 # ifndef DISABLE_PRDR
                   ACL_BIT_PRDR |
 # endif
@@ -325,25 +340,27 @@ static condition_def conditions[] = {
 #endif
 #ifdef SUPPORT_SPF
   [ACLC_SPF] =            { US"spf",        ACD_EXP,
-                  ACL_BIT_AUTH | ACL_BIT_CONNECT |
+                  FORBIDDEN(ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO | ACL_BIT_MAILAUTH |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
                     ACL_BIT_STARTTLS | ACL_BIT_VRFY |
-                    ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
+                    ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START),
   },
   [ACLC_SPF_GUESS] =        { US"spf_guess",    ACD_EXP,
-                  ACL_BIT_AUTH | ACL_BIT_CONNECT |
+                  FORBIDDEN(ACL_BIT_AUTH | ACL_BIT_CONNECT |
                     ACL_BIT_HELO | ACL_BIT_MAILAUTH |
                     ACL_BIT_ETRN | ACL_BIT_EXPN |
                     ACL_BIT_STARTTLS | ACL_BIT_VRFY |
-                    ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START,
+                    ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START),
   },
 #endif
-  [ACLC_UDPSEND] =        { US"udpsend",        ACD_EXP | ACD_MOD,    0 },
+  [ACLC_UDPSEND] =        { US"udpsend",        ACD_EXP | ACD_MOD,
+                  FORBIDDEN(0) },


   /* Certain types of verify are always allowed, so we let it through
   always and check in the verify function itself */
-  [ACLC_VERIFY] =        { US"verify",        ACD_EXP,    0 },
+  [ACLC_VERIFY] =        { US"verify",        ACD_EXP,
+                  FORBIDDEN(0) },
 };




--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/