From d8024efa365d10d2dba4f06977776f4091250462 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 4 May 2020 22:38:08 +0100 Subject: [PATCH] Consolidate $local_part_verified into $local_part_data This removes the former; the latter having been around since before the last release. The router check_local_user option now writes the latter and -verified no longer exists. --- doc/doc-docbook/spec.xfpt | 30 +++++++++++++++++------------- doc/doc-txt/NewStuff | 4 ++-- src/src/configure.default | 2 +- src/src/deliver.c | 1 - src/src/expand.c | 1 - src/src/globals.c | 2 -- src/src/globals.h | 3 +-- src/src/route.c | 6 +++--- src/src/structs.h | 1 - test/confs/0005 | 2 +- test/confs/0587 | 2 +- test/scripts/0000-Basic/0587 | 2 +- 12 files changed, 27 insertions(+), 29 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 9336151e5..56c7329ee 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6381,7 +6381,7 @@ All other options are defaulted. .code local_delivery: driver = appendfile - file = /var/mail/$local_part_verified + file = /var/mail/$local_part_data delivery_date_add envelope_to_add return_path_add @@ -6394,7 +6394,7 @@ traditional BSD mailbox format. .new We prefer to avoid using &$local_part$& directly to define the mailbox filename, as it is provided by a potential bad actor. -Instead we use &$local_part_verified$&, +Instead we use &$local_part_data$&, the result of looking up &$local_part$& in the user database (done by using &%check_local_user%& in the the router). .wen @@ -12550,7 +12550,7 @@ Consider carefully the implications of using it unvalidated as a name for file access. This presents issues for users' &_.forward_& and filter files. For traditional full user accounts, use &%check_local_users%& and the -&$local_part_verified$& variable rather than this one. +&$local_part_data$& variable rather than this one. For virtual users, store a suitable pathname component in the database which is used for account name validation, and use that retrieved value rather than this variable. @@ -12599,6 +12599,10 @@ router as &$local_part_data$&. In addition, if the driver routes the address to a transport, the value is available in that transport. If the transport is handling multiple addresses, the value from the first address is used. +.new +The &%check_local_user%& router option also sets this variable. +.wen + &$local_part_data$& is also set when the &%local_parts%& condition in an ACL matches a local part by means of a lookup. The data read by the lookup is available during the rest of the ACL statement. In all other situations, this @@ -19167,7 +19171,7 @@ but the user is specified symbolically, the gid associated with the uid is used. For example: .code require_files = mail:/some/file -require_files = $local_part_verified:$home/.procmailrc +require_files = $local_part_data:$home/.procmailrc .endd If a user or group name in a &%require_files%& list does not exist, the &%require_files%& condition fails. @@ -21798,7 +21802,7 @@ local_users: # This transport overrides the group group_delivery: driver = appendfile - file = /var/spool/mail/$local_part_verified + file = /var/spool/mail/$local_part_data group = mail .endd If &%user%& is set for a transport, its value overrides what is set in the @@ -22633,7 +22637,7 @@ is used as a result of a &"keep"& action in the filter. This example shows one way of handling this requirement: .code file = ${if eq{$address_file}{inbox} \ - {/var/mail/$local_part_verified} \ + {/var/mail/$local_part_data} \ {${if eq{${substr_0_1:$address_file}}{/} \ {$address_file} \ {$home/mail/$address_file} \ @@ -22814,8 +22818,8 @@ The string value is expanded for each delivery, and must yield an absolute path. The most common settings of this option are variations on one of these examples: .code -file = /var/spool/mail/$local_part_verified -file = /home/$local_part_verified/inbox +file = /var/spool/mail/$local_part_data +file = /home/$local_part_data/inbox file = $home/inbox .endd .cindex "&""sticky""& bit" @@ -23571,7 +23575,7 @@ and directories in a maildir mailbox, including subdirectories for maildir++ folders. Consider this example: .code maildir_format = true -directory = /var/mail/$local_part_verified\ +directory = /var/mail/$local_part_data\ ${if eq{$local_part_suffix}{}{}\ {/.${substr_1:$local_part_suffix}}} maildirfolder_create_regex = /\.[^/]+$ @@ -24561,14 +24565,14 @@ configuration for &%procmail%&: # transport procmail_pipe: driver = pipe - command = /usr/local/bin/procmail -d $local_part + command = /usr/local/bin/procmail -d $local_part_data return_path_add delivery_date_add envelope_to_add check_string = "From " escape_string = ">From " umask = 077 - user = $local_part + user = $local_part_data group = mail # router @@ -35123,7 +35127,7 @@ central_filter: check_local_user driver = redirect domains = +local_domains - file = /central/filters/$local_part_verified + file = /central/filters/$local_part_data no_verify allow_filter allow_freeze @@ -36993,9 +36997,9 @@ another MTA: userforward: driver = redirect check_local_user - file = $home/.forward$local_part_suffix local_part_suffix = -* local_part_suffix_optional + file = ${lookup {.forward$local_part_suffix} dsearch,ret=full {$home} {$value}fail} allow_filter .endd If there is no suffix, &_.forward_& is used; if the suffix is &'-special'&, for diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 6676e0b9f..493244ff1 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -24,8 +24,8 @@ Version 4.94 5. Server-side support in the gsasl authenticator for encrypted passwords, as an alternate for the existing plaintext. - 6. Variable $local_part_verified, set by the router check_local_part condition - with untainted data. + 6. Variable $local_part_data now also set by router check_local_user option, + with an de-tainted version of $local_part. 7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do not output the content. Previously this could only be done on options. diff --git a/src/src/configure.default b/src/src/configure.default index 40cc333f6..b758c8950 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -863,7 +863,7 @@ smarthost_smtp: local_delivery: driver = appendfile - file = /var/mail/$local_part_verified + file = /var/mail/$local_part_data delivery_date_add envelope_to_add return_path_add diff --git a/src/src/deliver.c b/src/src/deliver.c index c6e9aa66a..85b061b30 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -220,7 +220,6 @@ if (!addr->next) address_item *addr_orig; deliver_localpart = addr->local_part; - deliver_localpart_verified = addr->local_part_verified; deliver_localpart_prefix = addr->prefix; deliver_localpart_prefix_v = addr->prefix_v; deliver_localpart_suffix = addr->suffix; diff --git a/src/src/expand.c b/src/src/expand.c index 4f4cbbff3..7c9d48100 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -595,7 +595,6 @@ static var_entry var_table[] = { { "local_part_prefix_v", vtype_stringptr, &deliver_localpart_prefix_v }, { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix }, { "local_part_suffix_v", vtype_stringptr, &deliver_localpart_suffix_v }, - { "local_part_verified", vtype_stringptr, &deliver_localpart_verified }, #ifdef HAVE_LOCAL_SCAN { "local_scan_data", vtype_stringptr, &local_scan_data }, #endif diff --git a/src/src/globals.c b/src/src/globals.c index d630df030..ba772c631 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -187,7 +187,6 @@ const uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT] = { CUSS &deliver_domain_orig, CUSS &deliver_domain_parent, CUSS &deliver_localpart, - CUSS &deliver_localpart_verified, CUSS &deliver_localpart_data, CUSS &deliver_localpart_orig, CUSS &deliver_localpart_parent, @@ -830,7 +829,6 @@ uschar *deliver_localpart_prefix = NULL; uschar *deliver_localpart_prefix_v = NULL; uschar *deliver_localpart_suffix = NULL; uschar *deliver_localpart_suffix_v = NULL; -uschar *deliver_localpart_verified = NULL; uschar *deliver_out_buffer = NULL; int deliver_queue_load_max = -1; address_item *deliver_recipients = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 039aaf3d1..3a8e824cf 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -488,14 +488,13 @@ extern int deliver_host_port; /* Address for remote delivery filter */ extern uschar *deliver_in_buffer; /* Buffer for copying file */ extern ino_t deliver_inode; /* Inode for appendfile */ extern uschar *deliver_localpart; /* The local part for delivery */ -extern uschar *deliver_localpart_data; /* From local part lookup */ +extern uschar *deliver_localpart_data; /* From local part lookup (de-tainted) */ extern uschar *deliver_localpart_orig; /* The original local part for delivery */ extern uschar *deliver_localpart_parent; /* The parent local part for delivery */ extern uschar *deliver_localpart_prefix; /* The stripped prefix, if any */ extern uschar *deliver_localpart_prefix_v; /* The stripped-prefix variable portion, if any */ extern uschar *deliver_localpart_suffix; /* The stripped suffix, if any */ extern uschar *deliver_localpart_suffix_v; /* The stripped-suffix variable portion, if any */ -extern uschar *deliver_localpart_verified; /* de-tainted by check_local_part */ extern uschar *deliver_out_buffer; /* Buffer for copying file */ extern int deliver_queue_load_max; /* Different value for queue running */ extern address_item *deliver_recipients; /* Current set of addresses */ diff --git a/src/src/route.c b/src/src/route.c index 7538b7565..a5f5feeaf 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -948,7 +948,7 @@ if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts, login of a local user. Note: the third argument to route_finduser() must be NULL here, to prevent a numeric string being taken as a numeric uid. If the user is found, set deliver_home to the home directory, and also set -local_user_{uid,gid} and local_part_verified. */ +local_user_{uid,gid} and local_part_data. */ if (r->check_local_user) { @@ -959,8 +959,8 @@ if (r->check_local_user) r->name, addr->local_part); return SKIP; } - addr->local_part_verified = - deliver_localpart_verified = string_copy(US (*pw)->pw_name); + addr->prop.localpart_data = + deliver_localpart_data = string_copy(US (*pw)->pw_name); deliver_home = string_copy(US (*pw)->pw_dir); local_user_gid = (*pw)->pw_gid; local_user_uid = (*pw)->pw_uid; diff --git a/src/src/structs.h b/src/src/structs.h index ae37f3461..c6700d513 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -553,7 +553,6 @@ typedef struct address_item { uschar *cc_local_part; /* caseful local part */ uschar *lc_local_part; /* lowercased local part */ uschar *local_part; /* points to cc or lc version */ - uschar *local_part_verified; /* result from check_local_user */ uschar *prefix; /* stripped prefix of local part */ uschar *prefix_v; /* variable part of above */ uschar *suffix; /* stripped suffix of local part */ diff --git a/test/confs/0005 b/test/confs/0005 index 77b79100c..babeacb41 100644 --- a/test/confs/0005 +++ b/test/confs/0005 @@ -52,7 +52,7 @@ local_delivery: driver = appendfile delivery_date_add envelope_to_add - file = DIR/test-mail/$local_part_verified + file = DIR/test-mail/$local_part_data headers_add = "X-body-linecount: $body_linecount\n\ X-message-linecount: $message_linecount\n\ X-received-count: $received_count" diff --git a/test/confs/0587 b/test/confs/0587 index a47ca664a..c54c63fcd 100644 --- a/test/confs/0587 +++ b/test/confs/0587 @@ -32,6 +32,6 @@ begin transports local_delivery: driver = appendfile - file = DIR/test-mail/$local_part_verified + file = DIR/test-mail/$local_part_data # End diff --git a/test/scripts/0000-Basic/0587 b/test/scripts/0000-Basic/0587 index 337b05ac6..038254eab 100644 --- a/test/scripts/0000-Basic/0587 +++ b/test/scripts/0000-Basic/0587 @@ -1,4 +1,4 @@ -# $local_part_verified, multi-rcpt message +# $local_part_data, multi-rcpt message # exim -bs -odi mail from: -- 2.25.1