From 82c0c8ea2f3fe5524740c4b46bd9dc907b9d555d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 21 Feb 2015 23:51:57 +0000 Subject: [PATCH] Relax rules on verb use in QUIT/not-QUIT ACLs. Bug 608 --- doc/doc-docbook/spec.xfpt | 4 ++-- doc/doc-txt/ChangeLog | 5 ++++- src/src/acl.c | 21 ++++++++++++--------- test/confs/0502 | 6 ++++++ test/log/0502 | 2 +- test/paniclog/0502 | 2 +- test/stderr/0502 | 2 +- test/stdout/0502 | 2 +- 8 files changed, 28 insertions(+), 16 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index af000dc8f..a647066ca 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -27105,8 +27105,8 @@ the feature was not requested by the client. .cindex "QUIT, ACL for" The ACL for the SMTP QUIT command is anomalous, in that the outcome of the ACL does not affect the response code to QUIT, which is always 221. Thus, the ACL -does not in fact control any access. For this reason, the only verbs that are -permitted are &%accept%& and &%warn%&. +does not in fact control any access. For this reason, it may only accept +or warn as its final result. This ACL can be used for tasks such as custom logging at the end of an SMTP session. For example, you can use ACL variables in other ACLs to count diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c9e35733e..b027a6611 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -70,11 +70,14 @@ JH/18 Bug 1581: Router and transport options headers_add/remove can JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry option values. -JH/20 BUG 1571: Ensure that $tls_in_peerdn is set, when verification fails +JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails under OpenSSL. JH/21 Support for the A6 type of dns record is withdrawn. +JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters + rather than the verbs used. + Exim version 4.85 diff --git a/src/src/acl.c b/src/src/acl.c index 18119ecfa..ea078f6fd 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -4077,19 +4077,12 @@ while (acl != NULL) int cond; int basic_errno = 0; BOOL endpass_seen = FALSE; + BOOL acl_quit_check = level == 0 + && (where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT); *log_msgptr = *user_msgptr = NULL; acl_temp_details = FALSE; - if ((where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT) && - acl->verb != ACL_ACCEPT && - acl->verb != ACL_WARN) - { - *log_msgptr = string_sprintf("\"%s\" is not allowed in a QUIT or not-QUIT ACL", - verbs[acl->verb]); - return ERROR; - } - HDEBUG(D_acl) debug_printf("processing \"%s\"\n", verbs[acl->verb]); /* Clear out any search error message from a previous check before testing @@ -4170,6 +4163,7 @@ while (acl != NULL) if (cond == OK) { HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name); + if (acl_quit_check) goto badquit; acl_temp_details = TRUE; return DEFER; } @@ -4179,6 +4173,7 @@ while (acl != NULL) if (cond == OK) { HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name); + if (acl_quit_check) goto badquit; return FAIL; } break; @@ -4187,6 +4182,7 @@ while (acl != NULL) if (cond == OK || cond == DISCARD) { HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name); + if (acl_quit_check) goto badquit; return DISCARD; } if (endpass_seen) @@ -4200,6 +4196,7 @@ while (acl != NULL) if (cond == OK) { HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name); + if (acl_quit_check) goto badquit; return FAIL_DROP; } break; @@ -4208,6 +4205,7 @@ while (acl != NULL) if (cond != OK) { HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name); + if (acl_quit_check) goto badquit; return cond; } break; @@ -4238,6 +4236,11 @@ while (acl != NULL) HDEBUG(D_acl) debug_printf("end of %s: implicit DENY\n", acl_name); return FAIL; + +badquit: + *log_msgptr = string_sprintf("QUIT or not-QUIT teplevel ACL may not fail " + "('%s' verb used incorrectly)", verbs[acl->verb]); + return ERROR; } diff --git a/test/confs/0502 b/test/confs/0502 index aab2adaae..cf3ceb74f 100644 --- a/test/confs/0502 +++ b/test/confs/0502 @@ -33,11 +33,17 @@ check_mail: warn set acl_c1 = ${eval:$acl_c1+1} accept +q_sub: + deny + check_quit: warn logwrite = Messages received: $acl_c1 logwrite = Messages accepted: $acl_c0 logwrite = Recipients: $acl_c2 logwrite = Accepted: $acl_c3 + + require !acl = q_sub + LAST check_rcpt: diff --git a/test/log/0502 b/test/log/0502 index d55bd6e3e..37d82e43b 100644 --- a/test/log/0502 +++ b/test/log/0502 @@ -8,7 +8,7 @@ 1999-03-02 09:44:33 Messages accepted: 1999-03-02 09:44:33 Recipients: 1999-03-02 09:44:33 Accepted: -1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL +1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly) 1999-03-02 09:44:33 Messages received: 1 1999-03-02 09:44:33 Messages accepted: 1999-03-02 09:44:33 Recipients: diff --git a/test/paniclog/0502 b/test/paniclog/0502 index 8ab24fba4..71afc025b 100644 --- a/test/paniclog/0502 +++ b/test/paniclog/0502 @@ -1 +1 @@ -1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL +1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly) diff --git a/test/stderr/0502 b/test/stderr/0502 index 8ab24fba4..71afc025b 100644 --- a/test/stderr/0502 +++ b/test/stderr/0502 @@ -1 +1 @@ -1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL +1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly) diff --git a/test/stdout/0502 b/test/stdout/0502 index 4b307e817..a0fbe6b00 100644 --- a/test/stdout/0502 +++ b/test/stdout/0502 @@ -15,7 +15,7 @@ 250 OK id=10HmaY-0005vi-00 221 Your message here 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -221 myhost.test.ex closing connection +221 Your message here 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 250 OK 221 myhost.test.ex closing connection -- 2.25.1