From: Philip Hazel Date: Thu, 4 Nov 2004 10:42:11 +0000 (+0000) Subject: Added forbid_exim_filter and forbid_sieve_filter to the redirect router. X-Git-Tag: exim-4_50~123 X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=23c7ff99864ed699b3c6e547c1396a02eb6e4b73 Added forbid_exim_filter and forbid_sieve_filter to the redirect router. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index b9eb75700..a57b077a1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.13 2004/10/19 13:40:39 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.14 2004/11/04 10:42:11 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -54,6 +54,8 @@ Exim version 4.44 13. The value of address_data from a sender verification is now available in $sender_address_data in subsequent conditions in the ACL statement. +14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. + Exim version 4.43 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index f66a9e81a..b8cf61cc9 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.4 2004/10/21 15:24:42 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.5 2004/11/04 10:42:11 ph10 Exp $ New Features in Exim -------------------- @@ -28,6 +28,11 @@ Version 4.44 of the current ACL statement. If you want to preserve it, you can use one of the ACL variables. + 5. The redirect router has two new options: forbid_sieve_filter and + forbid_exim_filter. When filtering is enabled by allow_filter, these + options control which type(s) of filtering are permitted. By default, both + Exim and Sieve filters are allowed. + Version 4.43 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 753aa91b0..42d1d267f 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.2 2004/10/18 09:16:57 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.3 2004/11/04 10:42:11 ph10 Exp $ LISTS OF EXIM OPTIONS --------------------- @@ -196,6 +196,7 @@ file_transport string* unset redirect final_timeout time 10m smtp finduser_retries integer 0 main forbid_blackhole boolean false redirect 4.00 +forbid_exim_filter boolean false redirect 4.44 forbid_fail boolean false redirect 4.00 forbid_file boolean false redirect 4.00 forbid_filter_existstest boolean false redirect 4.00 @@ -208,6 +209,7 @@ forbid_filter_reply boolean false redirect forbid_filter_run boolean false redirect 4.00 forbid_include boolean false redirect 4.00 forbid_pipe boolean false redirect 4.00 +forbid_sieve_filter boolean false redirect 4.44 freeze_exec_fail boolean false pipe 1.89 freeze_tell boolean false main 4.00 replaces freeze_tell_mailmaster from string* unset autoreply diff --git a/src/src/macros.h b/src/src/macros.h index e21fb8b9f..bc685dac8 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/macros.h,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/macros.h,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -467,23 +467,25 @@ and some forbid, reflecting the "allow" and "forbid" options in the redirect router, which were chosen to represent the standard situation for users' .forward files. */ -#define RDO_BLACKHOLE 0x00000001 /* Forbid :blackhole: */ -#define RDO_DEFER 0x00000002 /* Allow :defer: or "defer" */ -#define RDO_EACCES 0x00000004 /* Ignore EACCES */ -#define RDO_ENOTDIR 0x00000008 /* Ignore ENOTDIR */ -#define RDO_EXISTS 0x00000010 /* Forbid "exists" in expansion in filter */ -#define RDO_FAIL 0x00000020 /* Allow :fail: or "fail" */ -#define RDO_FILTER 0x00000040 /* Allow a filter script */ -#define RDO_FREEZE 0x00000080 /* Allow "freeze" */ -#define RDO_INCLUDE 0x00000100 /* Forbid :include: */ -#define RDO_LOG 0x00000200 /* Forbid "log" */ -#define RDO_LOOKUP 0x00000400 /* Forbid "lookup" in expansion in filter */ -#define RDO_PERL 0x00000800 /* Forbid "perl" in expansion in filter */ -#define RDO_READFILE 0x00001000 /* Forbid "readfile" in exp in filter */ -#define RDO_READSOCK 0x00002000 /* Forbid "readsocket" in exp in filter */ -#define RDO_RUN 0x00004000 /* Forbid "run" in expansion in filter */ -#define RDO_REALLOG 0x00008000 /* Really do log (not testing/verifying) */ -#define RDO_REWRITE 0x00010000 /* Rewrite generated addresses */ +#define RDO_BLACKHOLE 0x00000001 /* Forbid :blackhole: */ +#define RDO_DEFER 0x00000002 /* Allow :defer: or "defer" */ +#define RDO_EACCES 0x00000004 /* Ignore EACCES */ +#define RDO_ENOTDIR 0x00000008 /* Ignore ENOTDIR */ +#define RDO_EXISTS 0x00000010 /* Forbid "exists" in expansion in filter */ +#define RDO_FAIL 0x00000020 /* Allow :fail: or "fail" */ +#define RDO_FILTER 0x00000040 /* Allow a filter script */ +#define RDO_FREEZE 0x00000080 /* Allow "freeze" */ +#define RDO_INCLUDE 0x00000100 /* Forbid :include: */ +#define RDO_LOG 0x00000200 /* Forbid "log" */ +#define RDO_LOOKUP 0x00000400 /* Forbid "lookup" in expansion in filter */ +#define RDO_PERL 0x00000800 /* Forbid "perl" in expansion in filter */ +#define RDO_READFILE 0x00001000 /* Forbid "readfile" in exp in filter */ +#define RDO_READSOCK 0x00002000 /* Forbid "readsocket" in exp in filter */ +#define RDO_RUN 0x00004000 /* Forbid "run" in expansion in filter */ +#define RDO_REALLOG 0x00008000 /* Really do log (not testing/verifying) */ +#define RDO_REWRITE 0x00010000 /* Rewrite generated addresses */ +#define RDO_EXIM_FILTER 0x00020000 /* Forbid Exim filters */ +#define RDO_SIEVE_FILTER 0x00040000 /* Forbid Sieve filters */ /* This is the set that apply to expansions in filters */ @@ -497,7 +499,7 @@ automated, but I haven't bothered. Keep this list in step with the above! */ enum { RDON_BLACKHOLE, RDON_DEFER, RDON_EACCES, RDON_ENOTDIR, RDON_EXISTS, RDON_FAIL, RDON_FILTER, RDON_FREEZE, RDON_INCLUDE, RDON_LOG, RDON_LOOKUP, RDON_PERL, RDON_READFILE, RDON_READSOCK, RDON_RUN, RDON_REALLOG, - RDON_REWRITE }; + RDON_REWRITE, RDON_EXIM_FILTER, RDON_SIEVE_FILTER }; /* Results of filter or forward file processing. Some are only from a filter; some are only from a forward file. */ diff --git a/src/src/rda.c b/src/src/rda.c index 66fd8745d..443cbb1bd 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/rda.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/rda.c,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -374,23 +374,42 @@ if (*filtertype != FILTER_FORWARD) int frc; int old_expand_forbid = expand_forbid; + DEBUG(D_route) debug_printf("data is %s filter program\n", + (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve"); + + /* RDO_FILTER is an "allow" bit */ + if ((options & RDO_FILTER) == 0) { *error = US"filtering not enabled"; return FF_ERROR; } - DEBUG(D_route) debug_printf("data is %s filter program\n", - (*filtertype == FILTER_EXIM)? "an Exim" : "a Sieve"); - expand_forbid = (expand_forbid & ~RDO_FILTER_EXPANSIONS) | (options & RDO_FILTER_EXPANSIONS); - - frc = (*filtertype == FILTER_EXIM)? - filter_interpret(data, options, generated, error) - : - sieve_interpret(data, options, sieve_vacation_directory, generated, error); + + /* RDO_{EXIM,SIEVE}_FILTER are forbid bits */ + + if (*filtertype == FILTER_EXIM) + { + if ((options & RDO_EXIM_FILTER) != 0) + { + *error = US"Exim filtering not enabled"; + return FF_ERROR; + } + frc = filter_interpret(data, options, generated, error); + } + else + { + if ((options & RDO_SIEVE_FILTER) != 0) + { + *error = US"Sieve filtering not enabled"; + return FF_ERROR; + } + frc = sieve_interpret(data, options, sieve_vacation_directory, generated, + error); + } expand_forbid = old_expand_forbid; return frc; diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c index e33a5fe49..0e23bb0b3 100644 --- a/src/src/routers/redirect.c +++ b/src/src/routers/redirect.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/routers/redirect.c,v 1.1 2004/10/07 13:10:02 ph10 Exp $ */ +/* $Cambridge: exim/src/src/routers/redirect.c,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -41,6 +41,8 @@ optionlist redirect_router_options[] = { (void *)offsetof(redirect_router_options_block, file_transport_name) }, { "forbid_blackhole", opt_bit | (RDON_BLACKHOLE << 16), (void *)offsetof(redirect_router_options_block, bit_options) }, + { "forbid_exim_filter", opt_bit | (RDON_EXIM_FILTER << 16), + (void *)offsetof(redirect_router_options_block, bit_options) }, { "forbid_file", opt_bool, (void *)offsetof(redirect_router_options_block, forbid_file) }, { "forbid_filter_existstest", opt_bit | (RDON_EXISTS << 16), @@ -65,6 +67,8 @@ optionlist redirect_router_options[] = { (void *)offsetof(redirect_router_options_block, bit_options) }, { "forbid_pipe", opt_bool, (void *)offsetof(redirect_router_options_block, forbid_pipe) }, + { "forbid_sieve_filter",opt_bit | (RDON_SIEVE_FILTER << 16), + (void *)offsetof(redirect_router_options_block, bit_options) }, { "hide_child_in_errmsg", opt_bool, (void *)offsetof(redirect_router_options_block, hide_child_in_errmsg) }, { "ignore_eacces", opt_bit | (RDON_EACCES << 16),