# Exim test configuration 2620

PARTIAL=localhost::PORT_N
SERVERS=PARTIAL/test/CALLER/

.include DIR/aux-var/std_conf_prefix

primary_hostname = myhost.test.ex

# ----- Main settings -----

domainlist local_domains = @
hostlist   relay_hosts = net-pgsql;select * from them where \
                                     id='$sender_host_address'

acl_smtp_rcpt = check_recipient

pgsql_servers = SERVERS


# ----- ACL -----

begin acl

check_recipient:
	  # Tainted-data checks
  warn
	  # taint only in lookup string
	  set acl_m0 =	ok:   ${lookup pgsql                    {select name from them where id = '$local_part'}}
	  # option on lookup type unaffected
	  set acl_m0 =	ok:   ${lookup pgsql,servers=SSPEC      {select name from them where id = '$local_part'}}
	  # partial server-spec, indexing main-option, works
	  set acl_m0 =	ok:   ${lookup pgsql,servers=PARTIAL    {select name from them where id = '$local_part'}}
	  # oldstyle server spec, prepended to lookup string, fails with taint
	  set acl_m0 =	FAIL: ${lookup pgsql     {servers=SSPEC; select name from them where id = '$local_part'}}

	  # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option
  warn	  set acl_m0 =	ok:   hostlist
	  hosts =	net-pgsql;select * from them where id='$local_part'
	  # ... but setting a per-query servers spec fails due to the taint
  warn	  set acl_m0 =	FAIL: hostlist
	  hosts =	<& net-pgsql;servers=SSPEC; select * from them where id='$local_part'

	  # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because
	  # string-expansion is done before list-expansion so the taint contaminates the entire list.
  warn	  set acl_m0 =	FAIL: hostlist
	  hosts =	<& net-pgsql,servers=SSPEC; select * from them where id='$local_part'

  accept  domains = +local_domains
  accept  hosts = +relay_hosts
  deny    message = relay not permitted


# ----- Routers -----

begin routers

r1:
  driver = accept
  address_data = ${lookup pgsql{select name from them where id='ph10'}}
  transport = t1


# ----- Transports -----

begin transports

t1:
  driver = appendfile
  file = DIR/test-mail/\
    ${lookup pgsql{select id from them where id='ph10'}{$value}fail}
  user = CALLER


# End