dovecot-2.1-pigeonhole: lib-sieve: added means to prohibit use o...

pigeonhole at rename-it.nl pigeonhole at rename-it.nl
Sat Jan 7 13:42:09 EET 2012 

details:   http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/83fc2f6edefa
changeset: 1591:83fc2f6edefa
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Sat Jan 07 12:42:01 2012 +0100
description:
lib-sieve: added means to prohibit use of redirect action.
Setting sieve_max_redirects=0 now means that redirects are prohibited rather than unlimited.
Now there is always a limit, but it can be enormous if the administrator wants to.

diffstat:

 INSTALL                                 |  20 ++++++++++----------
 doc/example-config/conf.d/90-sieve.conf |  19 +++++++++++--------
 src/lib-sieve/cmd-redirect.c            |  14 ++++++++++++++
 3 files changed, 35 insertions(+), 18 deletions(-)

diffs (123 lines):

diff -r 8602aa5093be -r 83fc2f6edefa INSTALL
--- a/INSTALL	Fri Jan 06 23:20:59 2012 +0100
+++ b/INSTALL	Sat Jan 07 12:42:01 2012 +0100
@@ -161,17 +161,16 @@
 
  sieve_max_script_size = 1M
    The maximum size of a Sieve script. The compiler will refuse to compile any
-   script larger than this limit. 
+   script larger than this limit. If set to 0, no limit on the script size is
+   enforced.
 
  sieve_max_actions = 32
    The maximum number of actions that can be performed during a single script
-   execution.
+   execution. If set to 0, no limit on the total number of actions is enforced.
 
  sieve_max_redirects = 4
    The maximum number of redirect actions that can be performed during a single
-   script execution.
-
-A value of 0 for these settings means that the limit is not enforced.
+   script execution. If set to 0, no redirect actions are allowed.
 
 Sieve Interpreter - Per-user Sieve script location
 --------------------------------------------------
@@ -495,15 +494,16 @@
 the plugin section of the Dovecot configuration as follows:
 
  sieve_max_script_size = 1M
-   The maximum size of a Sieve script.
+   The maximum size of a Sieve script. If set to 0, no limit on the script size
+   is enforced.
 
  sieve_quota_max_scripts = 0
-   The maximum number of personal Sieve scripts a single user can have.
+   The maximum number of personal Sieve scripts a single user can have. If set
+   to 0, no limit on the number of scripts is enforced.
 
  sieve_quota_max_storage = 0
-   The maximum amount of disk storage a single user's scripts may occupy.
-
-A value of 0 for these settings means that no limit is enforced.
+   The maximum amount of disk storage a single user's scripts may occupy. If set
+   to 0, no limit on the used amount of disk storage is enforced.
 
 ManageSieve Service - Proxying
 ------------------------------
diff -r 8602aa5093be -r 83fc2f6edefa doc/example-config/conf.d/90-sieve.conf
--- a/doc/example-config/conf.d/90-sieve.conf	Fri Jan 06 23:20:59 2012 +0100
+++ b/doc/example-config/conf.d/90-sieve.conf	Sat Jan 07 12:42:01 2012 +0100
@@ -73,23 +73,26 @@
   # is also used by Dovecot's LMTP service.
   #recipient_delimiter = +
 
-  # The maximum size of a Sieve script. The compiler will refuse to 
-  # compile any script larger than this limit.
+  # The maximum size of a Sieve script. The compiler will refuse to compile any
+  # script larger than this limit. If set to 0, no limit on the script size is
+  # enforced.
   #sieve_max_script_size = 1M
 
-  # The maximum number of actions that can be performed during a single
-  # script execution.
+  # The maximum number of actions that can be performed during a single script
+  # execution. If set to 0, no limit on the total number of actions is enforced.
   #sieve_max_actions = 32
 
-  # The maximum number of redirect actions that can be performed during
-  # a single script execution.
+  # The maximum number of redirect actions that can be performed during a single
+  # script execution. If set to 0, no redirect actions are allowed.
   #sieve_max_redirects = 4
 
-  # The maximum number of personal Sieve scripts a single user can have.
+  # The maximum number of personal Sieve scripts a single user can have. If set
+  # to 0, no limit on the number of scripts is enforced.
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_scripts = 0
 
-  # The maximum amount of disk storage a single user's scripts may occupy.
+  # The maximum amount of disk storage a single user's scripts may occupy. If
+  # set to 0, no limit on the used amount of disk storage is enforced.
   # (Currently only relevant for ManageSieve) 
   #sieve_quota_max_storage = 0
 }
diff -r 8602aa5093be -r 83fc2f6edefa src/lib-sieve/cmd-redirect.c
--- a/src/lib-sieve/cmd-redirect.c	Fri Jan 06 23:20:59 2012 +0100
+++ b/src/lib-sieve/cmd-redirect.c	Sat Jan 07 12:42:01 2012 +0100
@@ -114,6 +114,7 @@
 static bool cmd_redirect_validate
 (struct sieve_validator *validator, struct sieve_command *cmd) 
 {
+	struct sieve_instance *svinst = sieve_validator_svinst(validator);
 	struct sieve_ast_argument *arg = cmd->first_positional;
 
 	/* Check and activate address argument */
@@ -152,6 +153,13 @@
 		return ( norm_address != NULL );
 	}
 
+	if ( svinst->max_redirects == 0 ) {
+		sieve_command_validate_error(validator, cmd,
+			"local policy prohibits the use of a redirect action");
+		return FALSE;
+	}
+
+
 	return TRUE;
 }
 
@@ -233,6 +241,12 @@
 		norm_address = str_c(redirect);
 	}
 
+	if ( svinst->max_redirects == 0 ) {
+		sieve_runtime_error(renv, NULL,
+			"local policy prohibits the use of a redirect action");
+		return SIEVE_EXEC_FAILURE;
+	}
+
 	if ( sieve_runtime_trace_active(renv, SIEVE_TRLVL_ACTIONS) ) {
 		sieve_runtime_trace(renv, 0, "redirect action");
 		sieve_runtime_trace_descend(renv);

More information about the dovecot-cvs mailing list