diff options
author | Gilles Chehade <gilles@poolp.org> | 2019-11-26 08:56:55 +0100 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2019-11-26 08:56:55 +0100 |
commit | 4a84095b81aae1a98253da66e1757c4e11f18496 (patch) | |
tree | 2e2790dc1a904e4d95bd738e405879dcdeaa5585 | |
parent | sync (diff) | |
download | OpenSMTPD-4a84095b81aae1a98253da66e1757c4e11f18496.tar.xz OpenSMTPD-4a84095b81aae1a98253da66e1757c4e11f18496.zip |
sync
-rw-r--r-- | smtpd/parse.y | 61 | ||||
-rw-r--r-- | smtpd/smtpd.conf.5 | 24 |
2 files changed, 81 insertions, 4 deletions
diff --git a/smtpd/parse.y b/smtpd/parse.y index f94b4685..e26ab927 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.265 2019/11/26 06:10:20 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.267 2019/11/26 07:50:01 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1021,7 +1021,7 @@ negation TAG REGEX tables { YYERROR; } - if (!table_check_use(t, T_DYNAMIC|T_LIST, K_CREDENTIALS)) { + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_STRING|K_CREDENTIALS)) { yyerror("table \"%s\" may not be used for auth lookups", t->t_name); YYERROR; @@ -1227,6 +1227,61 @@ negation TAG REGEX tables { rule->flag_from_rdns = 1; rule->table_from = strdup(t->t_name); } + +| negation FROM AUTH { + struct table *anyhost = table_find(conf, "<anyhost>"); + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; +} +| negation FROM AUTH tables { + struct table *anyhost = table_find(conf, "<anyhost>"); + struct table *t = $4; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_STRING|K_CREDENTIALS)) { + yyerror("table \"%s\" may not be used for from lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; + rule->table_smtp_auth = strdup(t->t_name); +} +| negation FROM AUTH REGEX tables { + struct table *anyhost = table_find(conf, "<anyhost>"); + struct table *t = $5; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_REGEX)) { + yyerror("table \"%s\" may not be used for from lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = 1; + rule->table_from = strdup(anyhost->t_name); + rule->flag_smtp_auth = $1 ? -1 : 1; + rule->flag_smtp_auth_regex = 1; + rule->table_smtp_auth = strdup(t->t_name); +} + | negation FROM MAIL_FROM tables { struct table *anyhost = table_find(conf, "<anyhost>"); struct table *t = $4; @@ -1964,7 +2019,7 @@ opt_sock_listen : FILTER STRING { listen_opts.options |= LO_TAG; if (strlen($2) >= SMTPD_TAG_SIZE) { - yyerror("tag name too long"); + yyerror("tag name too long"); free($2); YYERROR; } diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index f8a9f0e0..adcf09bc 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.230 2019/11/26 06:10:20 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.231 2019/11/26 07:50:01 gilles Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -607,6 +607,28 @@ Specify that session may address the regex or regex table Specify that session may originate from any source. .It Xo .Op Ic \&! +.Cm from auth +.Xc +Specify that session may originate from any authenticated user, +no matter the source IP address. +.It Xo +.Op Ic \&! +.Cm from auth +.Ar user | Pf < Ar user Ns > +.Xc +Specify that session may originate from authenticated user or user list +.Ar user , +no matter the source IP address. +.It Xo +.Op Ic \&! +.Cm from auth +.Ar user | Pf < Ar user Ns > +.Xc +Specify that session may originate from authenticated regex or regex list +.Ar user , +no matter the source IP address. +.It Xo +.Op Ic \&! .Cm from local .Xc Specify that session may only originate from a local IP address, |