diff options
author | Gilles Chehade <gilles@poolp.org> | 2019-11-26 08:57:08 +0100 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2019-11-26 08:57:08 +0100 |
commit | 3c731722818164570e3a8088368975a0463b409a (patch) | |
tree | 308d2b37a912a243bb9a50528e8357bb603ddd7f | |
parent | Merge branch 'portable' of ssh://ssh.github.com/OpenSMTPD/OpenSMTPD into portable (diff) | |
parent | sync (diff) | |
download | OpenSMTPD-3c731722818164570e3a8088368975a0463b409a.tar.xz OpenSMTPD-3c731722818164570e3a8088368975a0463b409a.zip |
Merge branch 'master' into portable
-rw-r--r-- | smtpd/parse.y | 61 | ||||
-rw-r--r-- | smtpd/smtpd.conf.5 | 24 |
2 files changed, 81 insertions, 4 deletions
diff --git a/smtpd/parse.y b/smtpd/parse.y index ea894b89..ab192343 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.265 2019/11/26 06:10:20 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.267 2019/11/26 07:50:01 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1027,7 +1027,7 @@ negation TAG REGEX tables { YYERROR; } - if (!table_check_use(t, T_DYNAMIC|T_LIST, K_CREDENTIALS)) { + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_STRING|K_CREDENTIALS)) { yyerror("table \"%s\" may not be used for auth lookups", t->t_name); YYERROR; @@ -1233,6 +1233,61 @@ negation TAG REGEX tables { rule->flag_from_rdns = 1; rule->table_from = strdup(t->t_name); } + +| negation FROM AUTH { + struct table *anyhost = table_find(conf, "<anyhost>"); + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; +} +| negation FROM AUTH tables { + struct table *anyhost = table_find(conf, "<anyhost>"); + struct table *t = $4; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_STRING|K_CREDENTIALS)) { + yyerror("table \"%s\" may not be used for from lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; + rule->table_smtp_auth = strdup(t->t_name); +} +| negation FROM AUTH REGEX tables { + struct table *anyhost = table_find(conf, "<anyhost>"); + struct table *t = $5; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_REGEX)) { + yyerror("table \"%s\" may not be used for from lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; + rule->flag_smtp_auth_regex = 1; + rule->table_smtp_auth = strdup(t->t_name); +} + | negation FROM MAIL_FROM tables { struct table *anyhost = table_find(conf, "<anyhost>"); struct table *t = $4; @@ -1970,7 +2025,7 @@ opt_sock_listen : FILTER STRING { listen_opts.options |= LO_TAG; if (strlen($2) >= SMTPD_TAG_SIZE) { - yyerror("tag name too long"); + yyerror("tag name too long"); free($2); YYERROR; } diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index f8a9f0e0..adcf09bc 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.230 2019/11/26 06:10:20 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.231 2019/11/26 07:50:01 gilles Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -607,6 +607,28 @@ Specify that session may address the regex or regex table Specify that session may originate from any source. .It Xo .Op Ic \&! +.Cm from auth +.Xc +Specify that session may originate from any authenticated user, +no matter the source IP address. +.It Xo +.Op Ic \&! +.Cm from auth +.Ar user | Pf < Ar user Ns > +.Xc +Specify that session may originate from authenticated user or user list +.Ar user , +no matter the source IP address. +.It Xo +.Op Ic \&! +.Cm from auth +.Ar user | Pf < Ar user Ns > +.Xc +Specify that session may originate from authenticated regex or regex list +.Ar user , +no matter the source IP address. +.It Xo +.Op Ic \&! .Cm from local .Xc Specify that session may only originate from a local IP address, |