summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt30
-rw-r--r--doc/doc-txt/NewStuff4
-rw-r--r--src/src/configure.default2
-rw-r--r--src/src/deliver.c1
-rw-r--r--src/src/expand.c1
-rw-r--r--src/src/globals.c2
-rw-r--r--src/src/globals.h3
-rw-r--r--src/src/route.c6
-rw-r--r--src/src/structs.h1
-rw-r--r--test/confs/00052
-rw-r--r--test/confs/05872
-rw-r--r--test/scripts/0000-Basic/05872
12 files changed, 27 insertions, 29 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9336151e5..56c7329ee 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6381,7 +6381,7 @@ All other options are defaulted.
.code
local_delivery:
driver = appendfile
- file = /var/mail/$local_part_verified
+ file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
@@ -6394,7 +6394,7 @@ traditional BSD mailbox format.
.new
We prefer to avoid using &$local_part$& directly to define the mailbox filename,
as it is provided by a potential bad actor.
-Instead we use &$local_part_verified$&,
+Instead we use &$local_part_data$&,
the result of looking up &$local_part$& in the user database
(done by using &%check_local_user%& in the the router).
.wen
@@ -12550,7 +12550,7 @@ Consider carefully the implications of using it unvalidated as a name
for file access.
This presents issues for users' &_.forward_& and filter files.
For traditional full user accounts, use &%check_local_users%& and the
-&$local_part_verified$& variable rather than this one.
+&$local_part_data$& variable rather than this one.
For virtual users, store a suitable pathname component in the database
which is used for account name validation, and use that retrieved value
rather than this variable.
@@ -12599,6 +12599,10 @@ router as &$local_part_data$&. In addition, if the driver routes the address
to a transport, the value is available in that transport. If the transport is
handling multiple addresses, the value from the first address is used.
+.new
+The &%check_local_user%& router option also sets this variable.
+.wen
+
&$local_part_data$& is also set when the &%local_parts%& condition in an ACL
matches a local part by means of a lookup. The data read by the lookup is
available during the rest of the ACL statement. In all other situations, this
@@ -19167,7 +19171,7 @@ but the user is specified symbolically, the gid associated with the uid is
used. For example:
.code
require_files = mail:/some/file
-require_files = $local_part_verified:$home/.procmailrc
+require_files = $local_part_data:$home/.procmailrc
.endd
If a user or group name in a &%require_files%& list does not exist, the
&%require_files%& condition fails.
@@ -21798,7 +21802,7 @@ local_users:
# This transport overrides the group
group_delivery:
driver = appendfile
- file = /var/spool/mail/$local_part_verified
+ file = /var/spool/mail/$local_part_data
group = mail
.endd
If &%user%& is set for a transport, its value overrides what is set in the
@@ -22633,7 +22637,7 @@ is used as a result of a &"keep"& action in the filter. This example shows one
way of handling this requirement:
.code
file = ${if eq{$address_file}{inbox} \
- {/var/mail/$local_part_verified} \
+ {/var/mail/$local_part_data} \
{${if eq{${substr_0_1:$address_file}}{/} \
{$address_file} \
{$home/mail/$address_file} \
@@ -22814,8 +22818,8 @@ The string value is expanded for each delivery, and must yield an absolute
path. The most common settings of this option are variations on one of these
examples:
.code
-file = /var/spool/mail/$local_part_verified
-file = /home/$local_part_verified/inbox
+file = /var/spool/mail/$local_part_data
+file = /home/$local_part_data/inbox
file = $home/inbox
.endd
.cindex "&""sticky""& bit"
@@ -23571,7 +23575,7 @@ and directories in a maildir mailbox, including subdirectories for maildir++
folders. Consider this example:
.code
maildir_format = true
-directory = /var/mail/$local_part_verified\
+directory = /var/mail/$local_part_data\
${if eq{$local_part_suffix}{}{}\
{/.${substr_1:$local_part_suffix}}}
maildirfolder_create_regex = /\.[^/]+$
@@ -24561,14 +24565,14 @@ configuration for &%procmail%&:
# transport
procmail_pipe:
driver = pipe
- command = /usr/local/bin/procmail -d $local_part
+ command = /usr/local/bin/procmail -d $local_part_data
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
umask = 077
- user = $local_part
+ user = $local_part_data
group = mail
# router
@@ -35123,7 +35127,7 @@ central_filter:
check_local_user
driver = redirect
domains = +local_domains
- file = /central/filters/$local_part_verified
+ file = /central/filters/$local_part_data
no_verify
allow_filter
allow_freeze
@@ -36993,9 +36997,9 @@ another MTA:
userforward:
driver = redirect
check_local_user
- file = $home/.forward$local_part_suffix
local_part_suffix = -*
local_part_suffix_optional
+ file = ${lookup {.forward$local_part_suffix} dsearch,ret=full {$home} {$value}fail}
allow_filter
.endd
If there is no suffix, &_.forward_& is used; if the suffix is &'-special'&, for
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 6676e0b9f..493244ff1 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -24,8 +24,8 @@ Version 4.94
5. Server-side support in the gsasl authenticator for encrypted passwords, as
an alternate for the existing plaintext.
- 6. Variable $local_part_verified, set by the router check_local_part condition
- with untainted data.
+ 6. Variable $local_part_data now also set by router check_local_user option,
+ with an de-tainted version of $local_part.
7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do
not output the content. Previously this could only be done on options.
diff --git a/src/src/configure.default b/src/src/configure.default
index 40cc333f6..b758c8950 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -863,7 +863,7 @@ smarthost_smtp:
local_delivery:
driver = appendfile
- file = /var/mail/$local_part_verified
+ file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
diff --git a/src/src/deliver.c b/src/src/deliver.c
index c6e9aa66a..85b061b30 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -220,7 +220,6 @@ if (!addr->next)
address_item *addr_orig;
deliver_localpart = addr->local_part;
- deliver_localpart_verified = addr->local_part_verified;
deliver_localpart_prefix = addr->prefix;
deliver_localpart_prefix_v = addr->prefix_v;
deliver_localpart_suffix = addr->suffix;
diff --git a/src/src/expand.c b/src/src/expand.c
index 4f4cbbff3..7c9d48100 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -595,7 +595,6 @@ static var_entry var_table[] = {
{ "local_part_prefix_v", vtype_stringptr, &deliver_localpart_prefix_v },
{ "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
{ "local_part_suffix_v", vtype_stringptr, &deliver_localpart_suffix_v },
- { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
#ifdef HAVE_LOCAL_SCAN
{ "local_scan_data", vtype_stringptr, &local_scan_data },
#endif
diff --git a/src/src/globals.c b/src/src/globals.c
index d630df030..ba772c631 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -187,7 +187,6 @@ const uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT] = {
CUSS &deliver_domain_orig,
CUSS &deliver_domain_parent,
CUSS &deliver_localpart,
- CUSS &deliver_localpart_verified,
CUSS &deliver_localpart_data,
CUSS &deliver_localpart_orig,
CUSS &deliver_localpart_parent,
@@ -830,7 +829,6 @@ uschar *deliver_localpart_prefix = NULL;
uschar *deliver_localpart_prefix_v = NULL;
uschar *deliver_localpart_suffix = NULL;
uschar *deliver_localpart_suffix_v = NULL;
-uschar *deliver_localpart_verified = NULL;
uschar *deliver_out_buffer = NULL;
int deliver_queue_load_max = -1;
address_item *deliver_recipients = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 039aaf3d1..3a8e824cf 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -488,14 +488,13 @@ extern int deliver_host_port; /* Address for remote delivery filter */
extern uschar *deliver_in_buffer; /* Buffer for copying file */
extern ino_t deliver_inode; /* Inode for appendfile */
extern uschar *deliver_localpart; /* The local part for delivery */
-extern uschar *deliver_localpart_data; /* From local part lookup */
+extern uschar *deliver_localpart_data; /* From local part lookup (de-tainted) */
extern uschar *deliver_localpart_orig; /* The original local part for delivery */
extern uschar *deliver_localpart_parent; /* The parent local part for delivery */
extern uschar *deliver_localpart_prefix; /* The stripped prefix, if any */
extern uschar *deliver_localpart_prefix_v; /* The stripped-prefix variable portion, if any */
extern uschar *deliver_localpart_suffix; /* The stripped suffix, if any */
extern uschar *deliver_localpart_suffix_v; /* The stripped-suffix variable portion, if any */
-extern uschar *deliver_localpart_verified; /* de-tainted by check_local_part */
extern uschar *deliver_out_buffer; /* Buffer for copying file */
extern int deliver_queue_load_max; /* Different value for queue running */
extern address_item *deliver_recipients; /* Current set of addresses */
diff --git a/src/src/route.c b/src/src/route.c
index 7538b7565..a5f5feeaf 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -948,7 +948,7 @@ if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
login of a local user. Note: the third argument to route_finduser() must be
NULL here, to prevent a numeric string being taken as a numeric uid. If the
user is found, set deliver_home to the home directory, and also set
-local_user_{uid,gid} and local_part_verified. */
+local_user_{uid,gid} and local_part_data. */
if (r->check_local_user)
{
@@ -959,8 +959,8 @@ if (r->check_local_user)
r->name, addr->local_part);
return SKIP;
}
- addr->local_part_verified =
- deliver_localpart_verified = string_copy(US (*pw)->pw_name);
+ addr->prop.localpart_data =
+ deliver_localpart_data = string_copy(US (*pw)->pw_name);
deliver_home = string_copy(US (*pw)->pw_dir);
local_user_gid = (*pw)->pw_gid;
local_user_uid = (*pw)->pw_uid;
diff --git a/src/src/structs.h b/src/src/structs.h
index ae37f3461..c6700d513 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -553,7 +553,6 @@ typedef struct address_item {
uschar *cc_local_part; /* caseful local part */
uschar *lc_local_part; /* lowercased local part */
uschar *local_part; /* points to cc or lc version */
- uschar *local_part_verified; /* result from check_local_user */
uschar *prefix; /* stripped prefix of local part */
uschar *prefix_v; /* variable part of above */
uschar *suffix; /* stripped suffix of local part */
diff --git a/test/confs/0005 b/test/confs/0005
index 77b79100c..babeacb41 100644
--- a/test/confs/0005
+++ b/test/confs/0005
@@ -52,7 +52,7 @@ local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
- file = DIR/test-mail/$local_part_verified
+ file = DIR/test-mail/$local_part_data
headers_add = "X-body-linecount: $body_linecount\n\
X-message-linecount: $message_linecount\n\
X-received-count: $received_count"
diff --git a/test/confs/0587 b/test/confs/0587
index a47ca664a..c54c63fcd 100644
--- a/test/confs/0587
+++ b/test/confs/0587
@@ -32,6 +32,6 @@ begin transports
local_delivery:
driver = appendfile
- file = DIR/test-mail/$local_part_verified
+ file = DIR/test-mail/$local_part_data
# End
diff --git a/test/scripts/0000-Basic/0587 b/test/scripts/0000-Basic/0587
index 337b05ac6..038254eab 100644
--- a/test/scripts/0000-Basic/0587
+++ b/test/scripts/0000-Basic/0587
@@ -1,4 +1,4 @@
-# $local_part_verified, multi-rcpt message
+# $local_part_data, multi-rcpt message
#
exim -bs -odi
mail from:<someone@some.domain>