diff options
| author |   gilles <gilles@openbsd.org> | 2018-12-09 18:24:15 +0000 |
|---|---|---|
| committer | gilles <gilles@openbsd.org> | 2018-12-09 18:24:15 +0000 |
| commit | 24a10ad46f706bc2ab88e0e8572b90af83bb44a7 (patch) | |
| tree | 95eb4c22dcd53e861cf47e524abb2d1958b156ff | |
| parent | add check-fcrdns builtin filter (diff) | |
| download | wireguard-openbsd-24a10ad46f706bc2ab88e0e8572b90af83bb44a7.tar.xz wireguard-openbsd-24a10ad46f706bc2ab88e0e8572b90af83bb44a7.zip | |
allow check-rdns and check-fcrdns in connect, helo/ehlo, mail-from, rcpt-to
hooks
ok eric@
| -rw-r--r-- | usr.sbin/smtpd/lka_filter.c | 40 | ||||
| -rw-r--r-- | usr.sbin/smtpd/parse.y | 8 |
2 files changed, 21 insertions, 27 deletions
diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c index a17b75c977c..a93c43cc9e2 100644 --- a/usr.sbin/smtpd/lka_filter.c +++ b/usr.sbin/smtpd/lka_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_filter.c,v 1.11 2018/12/09 18:05:20 gilles Exp $ */ +/* $OpenBSD: lka_filter.c,v 1.12 2018/12/09 18:24:15 gilles Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -434,7 +434,7 @@ filter_check_regex(struct filter_rule *rule, const char *key) } static int -filter_check_fcrdns_connected(struct filter_rule *rule, int fcrdns) +filter_check_fcrdns(struct filter_rule *rule, int fcrdns) { int ret = 0; @@ -446,7 +446,7 @@ filter_check_fcrdns_connected(struct filter_rule *rule, int fcrdns) } static int -filter_check_rdns_connected(struct filter_rule *rule, const char *hostname) +filter_check_rdns(struct filter_rule *rule, const char *hostname) { int ret = 0; struct netaddr netaddr; @@ -462,21 +462,6 @@ filter_check_rdns_connected(struct filter_rule *rule, const char *hostname) } static int -filter_check_rdns_helo(struct filter_rule *rule, const char *hostname, const char *param) -{ - int ret = 0; - struct netaddr netaddr; - - if (rule->rdns) { - ret = text_to_netaddr(&netaddr, hostname); - if (!ret) - ret = strcasecmp(hostname, param); - ret = rule->not_rdns < 0 ? !ret : ret; - } - return ret; -} - -static int filter_exec_notimpl(uint64_t reqid, struct filter_rule *rule, const char *param) { return 0; @@ -490,8 +475,8 @@ filter_exec_connected(uint64_t reqid, struct filter_rule *rule, const char *para fs = tree_xget(&sessions, reqid); if (filter_check_table(rule, K_NETADDR, param) || filter_check_regex(rule, param) || - filter_check_rdns_connected(rule, fs->rdns) || - filter_check_fcrdns_connected(rule, fs->fcrdns)) + filter_check_rdns(rule, fs->rdns) || + filter_check_fcrdns(rule, fs->fcrdns)) return 1; return 0; } @@ -504,7 +489,8 @@ filter_exec_helo(uint64_t reqid, struct filter_rule *rule, const char *param) fs = tree_xget(&sessions, reqid); if (filter_check_table(rule, K_DOMAIN, param) || filter_check_regex(rule, param) || - filter_check_rdns_helo(rule, fs->rdns, param)) + filter_check_rdns(rule, fs->rdns) || + filter_check_fcrdns(rule, fs->fcrdns)) return 1; return 0; } @@ -513,13 +499,17 @@ static int filter_exec_mail_from(uint64_t reqid, struct filter_rule *rule, const char *param) { char buffer[SMTPD_MAXMAILADDRSIZE]; + struct filter_session *fs; + fs = tree_xget(&sessions, reqid); (void)strlcpy(buffer, param+1, sizeof(buffer)); buffer[strcspn(buffer, ">")] = '\0'; param = buffer; if (filter_check_table(rule, K_MAILADDR, param) || - filter_check_regex(rule, param)) + filter_check_regex(rule, param) || + filter_check_rdns(rule, fs->rdns) || + filter_check_fcrdns(rule, fs->fcrdns)) return 1; return 0; } @@ -528,13 +518,17 @@ static int filter_exec_rcpt_to(uint64_t reqid, struct filter_rule *rule, const char *param) { char buffer[SMTPD_MAXMAILADDRSIZE]; + struct filter_session *fs; + fs = tree_xget(&sessions, reqid); (void)strlcpy(buffer, param+1, sizeof(buffer)); buffer[strcspn(buffer, ">")] = '\0'; param = buffer; if (filter_check_table(rule, K_MAILADDR, param) || - filter_check_regex(rule, param)) + filter_check_regex(rule, param) || + filter_check_rdns(rule, fs->rdns) || + filter_check_fcrdns(rule, fs->fcrdns)) return 1; return 0; } diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 1d1268f2658..4accf8ff57c 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.234 2018/12/09 18:05:20 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.235 2018/12/09 18:24:15 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1206,7 +1206,7 @@ CONNECT { ; filter_phase_helo_options: -filter_phase_check_table | filter_phase_check_regex | filter_phase_check_rdns; +filter_phase_check_table | filter_phase_check_regex | filter_phase_check_fcrdns | filter_phase_check_rdns; filter_phase_helo: HELO { @@ -1227,7 +1227,7 @@ EHLO { ; filter_phase_mail_from_options: -filter_phase_check_table | filter_phase_check_regex; +filter_phase_check_table | filter_phase_check_regex | filter_phase_check_fcrdns | filter_phase_check_rdns; filter_phase_mail_from: MAIL_FROM { @@ -1239,7 +1239,7 @@ MAIL_FROM { ; filter_phase_rcpt_to_options: -filter_phase_check_table | filter_phase_check_regex; +filter_phase_check_table | filter_phase_check_regex | filter_phase_check_fcrdns | filter_phase_check_rdns; filter_phase_rcpt_to: RCPT_TO { |