Added forbid_exim_filter and forbid_sieve_filter to the redirect router.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b9eb75700ea1d9cc76dbd09328cc4955d3492672..a57b077a174380c808b6542c2baac18bdc41f9c1 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.13 2004/10/19 13:40:39 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.14 2004/11/04 10:42:11 ph10 Exp $

 
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------


@@ -54,6 +54,8 @@ Exim version 4.44
 13. The value of address_data from a sender verification is now available in
     $sender_address_data in subsequent conditions in the ACL statement.
 
 13. The value of address_data from a sender verification is now available in
     $sender_address_data in subsequent conditions in the ACL statement.
 

+14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router.
+

 
 Exim version 4.43
 -----------------
 
 Exim version 4.43
 -----------------

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index f66a9e81a33770b7f0f66fd1fe933272c7b9e355..b8cf61cc9396013ad002feba21e930fccc5bdf25 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.4 2004/10/21 15:24:42 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.5 2004/11/04 10:42:11 ph10 Exp $

 
 New Features in Exim
 --------------------
 
 New Features in Exim
 --------------------


@@ -28,6 +28,11 @@ Version 4.44
     of the current ACL statement. If you want to preserve it, you can use one
     of the ACL variables.
 
     of the current ACL statement. If you want to preserve it, you can use one
     of the ACL variables.
 

+ 5. The redirect router has two new options: forbid_sieve_filter and
+    forbid_exim_filter. When filtering is enabled by allow_filter, these
+    options control which type(s) of filtering are permitted. By default, both
+    Exim and Sieve filters are allowed.
+

 
 Version 4.43
 ------------
 
 Version 4.43
 ------------

diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 753aa91b00044a006d398dcc4f374887825a0204..42d1d267fcfb3267aae74dd48580a0135bbd3b24 100644 (file)
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.2 2004/10/18 09:16:57 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.3 2004/11/04 10:42:11 ph10 Exp $

 
 LISTS OF EXIM OPTIONS
 ---------------------
 
 LISTS OF EXIM OPTIONS
 ---------------------


@@ -196,6 +196,7 @@ file_transport                       string*         unset         redirect
 final_timeout                        time            10m           smtp
 finduser_retries                     integer         0             main
 forbid_blackhole                     boolean         false         redirect          4.00
 final_timeout                        time            10m           smtp
 finduser_retries                     integer         0             main
 forbid_blackhole                     boolean         false         redirect          4.00

+forbid_exim_filter                   boolean         false         redirect          4.44

 forbid_fail                          boolean         false         redirect          4.00
 forbid_file                          boolean         false         redirect          4.00
 forbid_filter_existstest             boolean         false         redirect          4.00
 forbid_fail                          boolean         false         redirect          4.00
 forbid_file                          boolean         false         redirect          4.00
 forbid_filter_existstest             boolean         false         redirect          4.00


@@ -208,6 +209,7 @@ forbid_filter_reply                  boolean         false         redirect
 forbid_filter_run                    boolean         false         redirect          4.00
 forbid_include                       boolean         false         redirect          4.00
 forbid_pipe                          boolean         false         redirect          4.00
 forbid_filter_run                    boolean         false         redirect          4.00
 forbid_include                       boolean         false         redirect          4.00
 forbid_pipe                          boolean         false         redirect          4.00

+forbid_sieve_filter                  boolean         false         redirect          4.44

 freeze_exec_fail                     boolean         false         pipe              1.89
 freeze_tell                          boolean         false         main              4.00 replaces freeze_tell_mailmaster
 from                                 string*         unset         autoreply
 freeze_exec_fail                     boolean         false         pipe              1.89
 freeze_tell                          boolean         false         main              4.00 replaces freeze_tell_mailmaster
 from                                 string*         unset         autoreply

diff --git a/src/src/macros.h b/src/src/macros.h
index e21fb8b9f3a3e88f6e55cc38842e32ce51cdadbe..bc685dac833804c9f769e63b1cb3ff08cc3f5475 100644 (file)
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/macros.h,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/macros.h,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -467,23 +467,25 @@ and some forbid, reflecting the "allow" and "forbid" options in the redirect
 router, which were chosen to represent the standard situation for users'
 .forward files. */
 
 router, which were chosen to represent the standard situation for users'
 .forward files. */
 

-#define RDO_BLACKHOLE  0x00000001  /* Forbid :blackhole: */
-#define RDO_DEFER      0x00000002  /* Allow :defer: or "defer" */
-#define RDO_EACCES     0x00000004  /* Ignore EACCES */
-#define RDO_ENOTDIR    0x00000008  /* Ignore ENOTDIR */
-#define RDO_EXISTS     0x00000010  /* Forbid "exists" in expansion in filter */
-#define RDO_FAIL       0x00000020  /* Allow :fail: or "fail" */
-#define RDO_FILTER     0x00000040  /* Allow a filter script */
-#define RDO_FREEZE     0x00000080  /* Allow "freeze" */
-#define RDO_INCLUDE    0x00000100  /* Forbid :include: */
-#define RDO_LOG        0x00000200  /* Forbid "log" */
-#define RDO_LOOKUP     0x00000400  /* Forbid "lookup" in expansion in filter */
-#define RDO_PERL       0x00000800  /* Forbid "perl" in expansion in filter */
-#define RDO_READFILE   0x00001000  /* Forbid "readfile" in exp in filter */
-#define RDO_READSOCK   0x00002000  /* Forbid "readsocket" in exp in filter */
-#define RDO_RUN        0x00004000  /* Forbid "run" in expansion in filter */
-#define RDO_REALLOG    0x00008000  /* Really do log (not testing/verifying) */
-#define RDO_REWRITE    0x00010000  /* Rewrite generated addresses */
+#define RDO_BLACKHOLE    0x00000001  /* Forbid :blackhole: */
+#define RDO_DEFER        0x00000002  /* Allow :defer: or "defer" */
+#define RDO_EACCES       0x00000004  /* Ignore EACCES */
+#define RDO_ENOTDIR      0x00000008  /* Ignore ENOTDIR */
+#define RDO_EXISTS       0x00000010  /* Forbid "exists" in expansion in filter */
+#define RDO_FAIL         0x00000020  /* Allow :fail: or "fail" */
+#define RDO_FILTER       0x00000040  /* Allow a filter script */
+#define RDO_FREEZE       0x00000080  /* Allow "freeze" */
+#define RDO_INCLUDE      0x00000100  /* Forbid :include: */
+#define RDO_LOG          0x00000200  /* Forbid "log" */
+#define RDO_LOOKUP       0x00000400  /* Forbid "lookup" in expansion in filter */
+#define RDO_PERL         0x00000800  /* Forbid "perl" in expansion in filter */
+#define RDO_READFILE     0x00001000  /* Forbid "readfile" in exp in filter */
+#define RDO_READSOCK     0x00002000  /* Forbid "readsocket" in exp in filter */
+#define RDO_RUN          0x00004000  /* Forbid "run" in expansion in filter */
+#define RDO_REALLOG      0x00008000  /* Really do log (not testing/verifying) */
+#define RDO_REWRITE      0x00010000  /* Rewrite generated addresses */
+#define RDO_EXIM_FILTER  0x00020000  /* Forbid Exim filters */
+#define RDO_SIEVE_FILTER 0x00040000  /* Forbid Sieve filters */

 
 /* This is the set that apply to expansions in filters */
 
 
 /* This is the set that apply to expansions in filters */
 


@@ -497,7 +499,7 @@ automated, but I haven't bothered. Keep this list in step with the above! */
 enum { RDON_BLACKHOLE, RDON_DEFER, RDON_EACCES, RDON_ENOTDIR, RDON_EXISTS,
   RDON_FAIL, RDON_FILTER, RDON_FREEZE, RDON_INCLUDE, RDON_LOG, RDON_LOOKUP,
   RDON_PERL, RDON_READFILE, RDON_READSOCK, RDON_RUN, RDON_REALLOG,
 enum { RDON_BLACKHOLE, RDON_DEFER, RDON_EACCES, RDON_ENOTDIR, RDON_EXISTS,
   RDON_FAIL, RDON_FILTER, RDON_FREEZE, RDON_INCLUDE, RDON_LOG, RDON_LOOKUP,
   RDON_PERL, RDON_READFILE, RDON_READSOCK, RDON_RUN, RDON_REALLOG,

-  RDON_REWRITE };
+  RDON_REWRITE, RDON_EXIM_FILTER, RDON_SIEVE_FILTER };

 
 /* Results of filter or forward file processing. Some are only from a filter;
 some are only from a forward file. */
 
 /* Results of filter or forward file processing. Some are only from a filter;
 some are only from a forward file. */

diff --git a/src/src/rda.c b/src/src/rda.c
index 66fd8745d7682d5e9e2ce34be48e45e3f60bc527..443cbb1bdcd64103217a7d36b96ed9c59e0ea486 100644 (file)
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/rda.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/rda.c,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -374,23 +374,42 @@ if (*filtertype != FILTER_FORWARD)
   int frc;
   int old_expand_forbid = expand_forbid;
 
   int frc;
   int old_expand_forbid = expand_forbid;
 

+  DEBUG(D_route) debug_printf("data is %s filter program\n",
+    (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve");
+
+  /* RDO_FILTER is an "allow" bit */
+   

   if ((options & RDO_FILTER) == 0)
     {
     *error = US"filtering not enabled";
     return FF_ERROR;
     }
 
   if ((options & RDO_FILTER) == 0)
     {
     *error = US"filtering not enabled";
     return FF_ERROR;
     }
 

-  DEBUG(D_route) debug_printf("data is %s filter program\n",
-    (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve");
-

   expand_forbid =
     (expand_forbid & ~RDO_FILTER_EXPANSIONS) |
     (options & RDO_FILTER_EXPANSIONS);
   expand_forbid =
     (expand_forbid & ~RDO_FILTER_EXPANSIONS) |
     (options & RDO_FILTER_EXPANSIONS);

-
-  frc = (*filtertype == FILTER_EXIM)?
-    filter_interpret(data, options, generated, error)
-    :
-    sieve_interpret(data, options, sieve_vacation_directory, generated, error);
+  
+  /* RDO_{EXIM,SIEVE}_FILTER are forbid bits */
+   
+  if (*filtertype == FILTER_EXIM)
+    {
+    if ((options & RDO_EXIM_FILTER) != 0)
+      {
+      *error = US"Exim filtering not enabled";
+      return FF_ERROR;
+      }    
+    frc = filter_interpret(data, options, generated, error);
+    }  
+  else
+    {
+    if ((options & RDO_SIEVE_FILTER) != 0)
+      {
+      *error = US"Sieve filtering not enabled";
+      return FF_ERROR;
+      }
+    frc = sieve_interpret(data, options, sieve_vacation_directory, generated, 
+      error);
+    }   

 
   expand_forbid = old_expand_forbid;
   return frc;
 
   expand_forbid = old_expand_forbid;
   return frc;

diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c
index e33a5fe49fec8adbd424f1f6adedb88685c5ad64..0e23bb0b3ef4b2fd1c98d72287c6768d0bc1d0ec 100644 (file)
--- a/src/src/routers/redirect.c
+++ b/src/src/routers/redirect.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/routers/redirect.c,v 1.1 2004/10/07 13:10:02 ph10 Exp $ */
+/* $Cambridge: exim/src/src/routers/redirect.c,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -41,6 +41,8 @@ optionlist redirect_router_options[] = {
       (void *)offsetof(redirect_router_options_block, file_transport_name) },
   { "forbid_blackhole",   opt_bit | (RDON_BLACKHOLE << 16),
       (void *)offsetof(redirect_router_options_block, bit_options) },
       (void *)offsetof(redirect_router_options_block, file_transport_name) },
   { "forbid_blackhole",   opt_bit | (RDON_BLACKHOLE << 16),
       (void *)offsetof(redirect_router_options_block, bit_options) },

+  { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16),
+      (void *)offsetof(redirect_router_options_block, bit_options) },

   { "forbid_file",        opt_bool,
       (void *)offsetof(redirect_router_options_block, forbid_file) },
   { "forbid_filter_existstest",  opt_bit | (RDON_EXISTS << 16),
   { "forbid_file",        opt_bool,
       (void *)offsetof(redirect_router_options_block, forbid_file) },
   { "forbid_filter_existstest",  opt_bit | (RDON_EXISTS << 16),


@@ -65,6 +67,8 @@ optionlist redirect_router_options[] = {
       (void *)offsetof(redirect_router_options_block, bit_options) },
   { "forbid_pipe",        opt_bool,
       (void *)offsetof(redirect_router_options_block, forbid_pipe) },
       (void *)offsetof(redirect_router_options_block, bit_options) },
   { "forbid_pipe",        opt_bool,
       (void *)offsetof(redirect_router_options_block, forbid_pipe) },

+  { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16),
+      (void *)offsetof(redirect_router_options_block, bit_options) },

   { "hide_child_in_errmsg", opt_bool,
       (void *)offsetof(redirect_router_options_block,  hide_child_in_errmsg) },
   { "ignore_eacces",      opt_bit | (RDON_EACCES << 16),
   { "hide_child_in_errmsg", opt_bool,
       (void *)offsetof(redirect_router_options_block,  hide_child_in_errmsg) },
   { "ignore_eacces",      opt_bit | (RDON_EACCES << 16),