... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue Feb 9 20:44:11 CET 2010 (acab) |
|
2 |
+----------------------------------- |
|
3 |
+ * clamav-milter: allow SkipAuthenticated to read names from a file |
|
4 |
+ (bb#1684) |
|
5 |
+ |
|
1 | 6 |
Tue Feb 9 16:35:36 CET 2010 (acab) |
2 | 7 |
----------------------------------- |
3 | 8 |
* libclamav/scanners.c: fix gzip handler |
... | ... |
@@ -120,10 +120,79 @@ int whitelisted(const char *addr, int from) { |
120 | 120 |
|
121 | 121 |
|
122 | 122 |
int smtpauth_init(const char *r) { |
123 |
- if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) { |
|
124 |
- logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r); |
|
123 |
+ char *regex = NULL; |
|
124 |
+ |
|
125 |
+ if(!strncmp(r, "file:", 5)) { |
|
126 |
+ char buf[2048]; |
|
127 |
+ FILE *f = fopen(r+5, "r"); |
|
128 |
+ int rxsize = 0, rxavail = 0, rxused=0; |
|
129 |
+ |
|
130 |
+ if(!f) { |
|
131 |
+ logg("!Cannot open whitelist file '%s'\n", r+5); |
|
132 |
+ return 1; |
|
133 |
+ } |
|
134 |
+ while(fgets(buf, sizeof(buf), f) != NULL) { |
|
135 |
+ int len; |
|
136 |
+ char *ptr; |
|
137 |
+ |
|
138 |
+ if(*buf == '#' || *buf == ':' || *buf == '!') |
|
139 |
+ continue; |
|
140 |
+ len = strlen(buf) - 1; |
|
141 |
+ for(;len>=0; len--) { |
|
142 |
+ if(buf[len] != '\n' && buf[len] != '\r') break; |
|
143 |
+ buf[len] = '\0'; |
|
144 |
+ } |
|
145 |
+ if(len<=0) continue; |
|
146 |
+ if(len*3+1 > rxavail) { |
|
147 |
+ ptr = regex; |
|
148 |
+ regex = realloc(regex, rxsize + 2048); |
|
149 |
+ if(!regex) { |
|
150 |
+ logg("!Cannot allocate memory for SkipAuthenticated file\n"); |
|
151 |
+ return 1; |
|
152 |
+ } |
|
153 |
+ rxavail = 2048; |
|
154 |
+ rxsize += 2048; |
|
155 |
+ if(!ptr) { |
|
156 |
+ regex[0] = '^'; |
|
157 |
+ regex[1] = '('; |
|
158 |
+ rxavail -= 2; |
|
159 |
+ rxused = 2; |
|
160 |
+ } |
|
161 |
+ } |
|
162 |
+ ptr = buf; |
|
163 |
+ while(*ptr) { |
|
164 |
+ if((*ptr>='A' && *ptr<='Z') || (*ptr>='a' && *ptr<='z') || (*ptr>='0' && *ptr<='9') || *ptr=='@') { |
|
165 |
+ regex[rxused] = *ptr; |
|
166 |
+ rxused++; |
|
167 |
+ rxavail--; |
|
168 |
+ } else { |
|
169 |
+ regex[rxused] = '['; |
|
170 |
+ regex[rxused+1] = *ptr; |
|
171 |
+ regex[rxused+2] = ']'; |
|
172 |
+ rxused += 3; |
|
173 |
+ rxavail -= 3; |
|
174 |
+ } |
|
175 |
+ ptr++; |
|
176 |
+ } |
|
177 |
+ regex[rxused++] = '|'; |
|
178 |
+ rxavail--; |
|
179 |
+ } |
|
180 |
+ if(rxavail < 4 && !(regex = realloc(regex, rxsize + 4))) { |
|
181 |
+ logg("!Cannot allocate memory for SkipAuthenticated file\n"); |
|
182 |
+ return 1; |
|
183 |
+ } |
|
184 |
+ regex[rxused-1] = ')'; |
|
185 |
+ regex[rxused] = '$'; |
|
186 |
+ regex[rxused+1] = '\0'; |
|
187 |
+ r = regex; |
|
188 |
+ } |
|
189 |
+ |
|
190 |
+ if(cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) { |
|
191 |
+ logg("!Failed to compile regex '%s' for SkipAuthenticated\n", r); |
|
192 |
+ if(regex) free(regex); |
|
125 | 193 |
return 1; |
126 | 194 |
} |
195 |
+ if(regex) free(regex); |
|
127 | 196 |
skipauth = 1; |
128 | 197 |
return 0; |
129 | 198 |
} |
... | ... |
@@ -120,6 +120,10 @@ Example |
120 | 120 |
|
121 | 121 |
# Messages from authenticated SMTP users matching this extended POSIX |
122 | 122 |
# regular expression (egrep-like) will not be scanned. |
123 |
+# As an alternative, a file containing a plain (not regex) list of names (one |
|
124 |
+# per line) can be specified using the prefix "file:". |
|
125 |
+# e.g. SkipAuthenticated file:/etc/good_guys |
|
126 |
+# |
|
123 | 127 |
# Note: this is the AUTH login name! |
124 | 128 |
# |
125 | 129 |
# Default: unset (no whitelisting based on SMTP auth) |
... | ... |
@@ -417,7 +417,7 @@ const struct clam_option __clam_options[] = { |
417 | 417 |
|
418 | 418 |
{ "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" }, |
419 | 419 |
|
420 |
- { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" }, |
|
420 |
+ { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nAs an alternative, a file containing a plain (not regex) list of names (one\nper line) can be specified using the prefix \"file:\".\ne.g. SkipAuthenticated file:/etc/good_guys\n\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" }, |
|
421 | 421 |
|
422 | 422 |
{ "LogInfected", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option allows to tune what is logged when a message is infected.\nPossible values are Off (the default - nothing is logged),\nBasic (minimal info logged), Full (verbose info logged)\nNote:\nFor this to work properly in sendmail, make sure the msg_id, mail_addr,\nrcpt_addr and i macroes are available in eom. In other words add a line like:\nMilter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i\nto your .cf file. Alternatively use the macro:\ndefine(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')\nPostfix should be working fine with the default settings.", "Basic" }, |
423 | 423 |
|