Browse code
bb#1684
aCaB authored on 2010/02/10 04:45:32Showing 4 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Tue Feb 9 20:44:11 CET 2010 (acab) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * clamav-milter: allow SkipAuthenticated to read names from a file |
|
| 4 |
+ (bb#1684) |
|
| 5 |
+ |
|
| 1 | 6 |
Tue Feb 9 16:35:36 CET 2010 (acab) |
| 2 | 7 |
----------------------------------- |
| 3 | 8 |
* libclamav/scanners.c: fix gzip handler |
| ... | ... |
@@ -120,10 +120,79 @@ int whitelisted(const char *addr, int from) {
|
| 120 | 120 |
|
| 121 | 121 |
|
| 122 | 122 |
int smtpauth_init(const char *r) {
|
| 123 |
- if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
|
|
| 124 |
- logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r);
|
|
| 123 |
+ char *regex = NULL; |
|
| 124 |
+ |
|
| 125 |
+ if(!strncmp(r, "file:", 5)) {
|
|
| 126 |
+ char buf[2048]; |
|
| 127 |
+ FILE *f = fopen(r+5, "r"); |
|
| 128 |
+ int rxsize = 0, rxavail = 0, rxused=0; |
|
| 129 |
+ |
|
| 130 |
+ if(!f) {
|
|
| 131 |
+ logg("!Cannot open whitelist file '%s'\n", r+5);
|
|
| 132 |
+ return 1; |
|
| 133 |
+ } |
|
| 134 |
+ while(fgets(buf, sizeof(buf), f) != NULL) {
|
|
| 135 |
+ int len; |
|
| 136 |
+ char *ptr; |
|
| 137 |
+ |
|
| 138 |
+ if(*buf == '#' || *buf == ':' || *buf == '!') |
|
| 139 |
+ continue; |
|
| 140 |
+ len = strlen(buf) - 1; |
|
| 141 |
+ for(;len>=0; len--) {
|
|
| 142 |
+ if(buf[len] != '\n' && buf[len] != '\r') break; |
|
| 143 |
+ buf[len] = '\0'; |
|
| 144 |
+ } |
|
| 145 |
+ if(len<=0) continue; |
|
| 146 |
+ if(len*3+1 > rxavail) {
|
|
| 147 |
+ ptr = regex; |
|
| 148 |
+ regex = realloc(regex, rxsize + 2048); |
|
| 149 |
+ if(!regex) {
|
|
| 150 |
+ logg("!Cannot allocate memory for SkipAuthenticated file\n");
|
|
| 151 |
+ return 1; |
|
| 152 |
+ } |
|
| 153 |
+ rxavail = 2048; |
|
| 154 |
+ rxsize += 2048; |
|
| 155 |
+ if(!ptr) {
|
|
| 156 |
+ regex[0] = '^'; |
|
| 157 |
+ regex[1] = '(';
|
|
| 158 |
+ rxavail -= 2; |
|
| 159 |
+ rxused = 2; |
|
| 160 |
+ } |
|
| 161 |
+ } |
|
| 162 |
+ ptr = buf; |
|
| 163 |
+ while(*ptr) {
|
|
| 164 |
+ if((*ptr>='A' && *ptr<='Z') || (*ptr>='a' && *ptr<='z') || (*ptr>='0' && *ptr<='9') || *ptr=='@') {
|
|
| 165 |
+ regex[rxused] = *ptr; |
|
| 166 |
+ rxused++; |
|
| 167 |
+ rxavail--; |
|
| 168 |
+ } else {
|
|
| 169 |
+ regex[rxused] = '['; |
|
| 170 |
+ regex[rxused+1] = *ptr; |
|
| 171 |
+ regex[rxused+2] = ']'; |
|
| 172 |
+ rxused += 3; |
|
| 173 |
+ rxavail -= 3; |
|
| 174 |
+ } |
|
| 175 |
+ ptr++; |
|
| 176 |
+ } |
|
| 177 |
+ regex[rxused++] = '|'; |
|
| 178 |
+ rxavail--; |
|
| 179 |
+ } |
|
| 180 |
+ if(rxavail < 4 && !(regex = realloc(regex, rxsize + 4))) {
|
|
| 181 |
+ logg("!Cannot allocate memory for SkipAuthenticated file\n");
|
|
| 182 |
+ return 1; |
|
| 183 |
+ } |
|
| 184 |
+ regex[rxused-1] = ')'; |
|
| 185 |
+ regex[rxused] = '$'; |
|
| 186 |
+ regex[rxused+1] = '\0'; |
|
| 187 |
+ r = regex; |
|
| 188 |
+ } |
|
| 189 |
+ |
|
| 190 |
+ if(cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
|
|
| 191 |
+ logg("!Failed to compile regex '%s' for SkipAuthenticated\n", r);
|
|
| 192 |
+ if(regex) free(regex); |
|
| 125 | 193 |
return 1; |
| 126 | 194 |
} |
| 195 |
+ if(regex) free(regex); |
|
| 127 | 196 |
skipauth = 1; |
| 128 | 197 |
return 0; |
| 129 | 198 |
} |
| ... | ... |
@@ -120,6 +120,10 @@ Example |
| 120 | 120 |
|
| 121 | 121 |
# Messages from authenticated SMTP users matching this extended POSIX |
| 122 | 122 |
# regular expression (egrep-like) will not be scanned. |
| 123 |
+# As an alternative, a file containing a plain (not regex) list of names (one |
|
| 124 |
+# per line) can be specified using the prefix "file:". |
|
| 125 |
+# e.g. SkipAuthenticated file:/etc/good_guys |
|
| 126 |
+# |
|
| 123 | 127 |
# Note: this is the AUTH login name! |
| 124 | 128 |
# |
| 125 | 129 |
# Default: unset (no whitelisting based on SMTP auth) |
| ... | ... |
@@ -417,7 +417,7 @@ const struct clam_option __clam_options[] = {
|
| 417 | 417 |
|
| 418 | 418 |
{ "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" },
|
| 419 | 419 |
|
| 420 |
- { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" },
|
|
| 420 |
+ { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nAs an alternative, a file containing a plain (not regex) list of names (one\nper line) can be specified using the prefix \"file:\".\ne.g. SkipAuthenticated file:/etc/good_guys\n\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" },
|
|
| 421 | 421 |
|
| 422 | 422 |
{ "LogInfected", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option allows to tune what is logged when a message is infected.\nPossible values are Off (the default - nothing is logged),\nBasic (minimal info logged), Full (verbose info logged)\nNote:\nFor this to work properly in sendmail, make sure the msg_id, mail_addr,\nrcpt_addr and i macroes are available in eom. In other words add a line like:\nMilter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i\nto your .cf file. Alternatively use the macro:\ndefine(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')\nPostfix should be working fine with the default settings.", "Basic" },
|
| 423 | 423 |
|