diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2012-09-30 14:28:17 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2012-09-30 14:28:17 +0000 |
| commit | ecc3449fcd0ae04cd064c0c9cdd2a3329eb24870 (patch) | |
| tree | f2a04a4bcfc344aad17db59f1340c5e2a80aa162 | |
| parent | 2886267b41781966763889aea9be00c84a6be13a (diff) | |
- add decision to the rule so that we can actually perform a reject match
ie:
reject from 192.168.1.0/24 for domain "openbsd.org"
accept from 192.168.0.0/16 for domain "openbsd.org" deliver to mbox
it was documented but not working.
ok eric@ & chl@
| -rw-r--r-- | usr.sbin/smtpd/lka.c | 4 | ||||
| -rw-r--r-- | usr.sbin/smtpd/lka_session.c | 6 | ||||
| -rw-r--r-- | usr.sbin/smtpd/parse.y | 52 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 8 |
4 files changed, 57 insertions, 13 deletions
diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c index 7f855d88e77..dcc0893b8d1 100644 --- a/usr.sbin/smtpd/lka.c +++ b/usr.sbin/smtpd/lka.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka.c,v 1.142 2012/09/29 10:35:00 eric Exp $ */ +/* $OpenBSD: lka.c,v 1.143 2012/09/30 14:28:15 gilles Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -84,7 +84,7 @@ lka_imsg(struct imsgev *iev, struct imsg *imsg) ss = imsg->data; ss->code = 530; rule = ruleset_match(&ss->envelope); - if (rule) + if (rule && rule->r_decision == R_ACCEPT) ss->code = 250; imsg_compose_event(iev, IMSG_LKA_RULEMATCH, 0, 0, -1, ss, sizeof *ss); diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c index 88be6d8b656..9ffe9a0f034 100644 --- a/usr.sbin/smtpd/lka_session.c +++ b/usr.sbin/smtpd/lka_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_session.c,v 1.37 2012/09/29 10:35:01 eric Exp $ */ +/* $OpenBSD: lka_session.c,v 1.38 2012/09/30 14:28:16 gilles Exp $ */ /* * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org> @@ -217,10 +217,10 @@ lka_expand(struct lka_session *lks, struct rule *rule, struct expandnode *xn) if (xn->parent) /* nodes with parent are forward addresses */ ep.flags |= DF_INTERNAL; rule = ruleset_match(&ep); - if (rule == NULL) { + if (rule == NULL || rule->r_decision == R_REJECT) { lks->flags |= F_ERROR; lks->ss.code = 530; - break; /* no rule for address */ + break; /* no rule for address or REJECT match */ } if (rule->r_action == A_RELAY || rule->r_action == A_RELAYVIA) { lka_submit(lks, rule, xn); diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index a2cdde9bccc..05fae030520 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.102 2012/09/29 10:32:08 eric Exp $ */ +/* $OpenBSD: parse.y,v 1.103 2012/09/30 14:28:16 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -128,7 +128,7 @@ typedef struct { %token <v.string> STRING %token <v.number> NUMBER %type <v.map> map -%type <v.number> quantifier decision port from auth ssl size expire +%type <v.number> quantifier port from auth ssl size expire %type <v.cond> condition %type <v.tv> interval %type <v.object> mapref @@ -529,10 +529,6 @@ mapref : STRING { } ; -decision : ACCEPT { $$ = 1; } - | REJECT { $$ = 0; } - ; - alias : ALIAS STRING { $$ = $2; } | /* empty */ { $$ = NULL; } ; @@ -820,10 +816,11 @@ on : ON STRING { | /* empty */ { $$ = NULL; } ; -rule : decision on from { +rule : ACCEPT on from { if ((rule = calloc(1, sizeof(*rule))) == NULL) fatal("out of memory"); + rule->r_decision = R_ACCEPT; rule->r_sources = map_find($3); @@ -877,6 +874,47 @@ rule : decision on from { conditions = NULL; rule = NULL; } + | REJECT on from { + + if ((rule = calloc(1, sizeof(*rule))) == NULL) + fatal("out of memory"); + rule->r_decision = R_REJECT; + rule->r_sources = map_find($3); + + + if ((conditions = calloc(1, sizeof(*conditions))) == NULL) + fatal("out of memory"); + + if ($2) + (void)strlcpy(rule->r_tag, $2, sizeof(rule->r_tag)); + free($2); + + + TAILQ_INIT(conditions); + + } FOR conditions { + struct rule *subr; + struct cond *cond; + + while ((cond = TAILQ_FIRST(conditions)) != NULL) { + + if ((subr = calloc(1, sizeof(*subr))) == NULL) + fatal("out of memory"); + + *subr = *rule; + + subr->r_condition = *cond; + + TAILQ_REMOVE(conditions, cond, c_entry); + TAILQ_INSERT_TAIL(conf->sc_rules, subr, r_entry); + + free(cond); + } + free(conditions); + free(rule); + conditions = NULL; + rule = NULL; + } ; %% diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 6e186fdc569..22b2582c244 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.375 2012/09/29 11:02:41 eric Exp $ */ +/* $OpenBSD: smtpd.h,v 1.376 2012/09/30 14:28:16 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -295,8 +295,14 @@ enum action_type { A_MDA }; +enum decision { + R_REJECT, + R_ACCEPT +}; + struct rule { TAILQ_ENTRY(rule) r_entry; + enum decision r_decision; char r_tag[MAX_TAG_SIZE]; int r_accept; struct map *r_sources; |