Scenario.pm 57.2 KB
Newer Older
1
2
3
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$
4
5

# Sympa - SYsteme de Multi-Postage Automatique
6
7
8
9
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
10
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
11
12
# Copyright 2017, 2018 The Sympa Community. See the AUTHORS.md file at the
# top-level directory of this distribution and at
13
# <https://github.com/sympa-community/sympa.git>.
14
15
16
17
18
19
20
21
22
23
24
25
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
26
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
27

28
package Sympa::Scenario;
29
30

use strict;
31
use warnings;
32
use English qw(-no_match_vars);
33
use Mail::Address;
sikeda's avatar
sikeda committed
34
use Net::CIDR;
35

36
use Sympa;
37
use Conf;
38
use Sympa::ConfDef;
39
use Sympa::Constants;
40
use Sympa::Database;
41
use Sympa::Language;
42
use Sympa::List;
43
use Sympa::Log;
44
use Sympa::Regexps;
45
46
47
use Sympa::Tools::Data;
use Sympa::Tools::File;
use Sympa::Tools::Time;
48
use Sympa::User;
49

50
51
my $log = Sympa::Log->instance;

52
our %all_scenarios;
53
54
my %persistent_cache;

Luc Didry's avatar
Luc Didry committed
55
my $picache         = {};
56
57
my $picache_refresh = 10;

58
#FIXME: should be taken from Sympa::ListDef.
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
my %list_ppath_maps = (
    visibility          => 'visibility',
    send                => 'send',
    info                => 'info',
    subscribe           => 'subscribe',
    add                 => 'add',
    unsubscribe         => 'unsubscribe',
    del                 => 'del',
    invite              => 'invite',
    remind              => 'remind',
    review              => 'review',
    d_read              => 'shared_doc.d_read',
    d_edit              => 'shared_doc.d_edit',
    archive_web_access  => 'archive.web_access',
    archive_mail_access => 'archive.mail_access',
    tracking            => 'tracking.tracking',
);

77
#FIXME: should be taken from Sympa::ConfDef.
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
my %domain_ppath_maps = (
    create_list             => 'create_list',
    global_remind           => 'global_remind',
    move_user               => 'move_user',
    automatic_list_creation => 'automatic_list_creation',
    spam_status             => 'spam_status',
);

# For compatibility to obsoleted use of parameter name instead of function.
my %compat_function_maps = (
    'shared_doc.d_read'   => 'd_read',
    'shared_doc.d_edit'   => 'd_edit',
    'archive.access'      => 'archive_mail_access',    # obsoleted
    'web_archive.access'  => 'archive_web_access',     # obsoleted
    'mail_access'         => 'archive_mail_access',    # mislead
    'web_access'          => 'archive_web_access',     # mislead
    'archive.mail_access' => 'archive_mail_access',
    'archive.web_access'  => 'archive_web_access',
    'tracking.tracking'   => 'tracking',
);

99
100
## Creates a new object
## Supported parameters : function, robot, name, directory, file_path, options
101
102
## Output object has the following entries : name, file_path, rules, date,
## title, struct, data
103
sub new {
104
105
106
107
108
109
    $log->syslog('debug2', '(%s, %s, %s, ...)', @_);
    my $class    = shift;
    my $that     = shift || $Conf::Conf{'domain'};    # List or domain
    my $function = shift;
    my %options  = @_;

110
111
    my $scenario_name_re = Sympa::Regexps::scenario_name();

112
113
    # Compatibility for obsoleted use of parameter names.
    $function = $compat_function_maps{$function} || $function;
114
    die 'bug in logic. Ask developer'
115
        unless defined $function and $function =~ /\A$scenario_name_re\z/;
116
117
118
119
120
121
122
123
124
125
126

    # Determine parameter to get the name of scenario.
    # 'include' and 'topics_visibility' functions are special: They don't
    # have corresponding list/domain parameters.
    my $ppath =
        (ref $that eq 'Sympa::List')
        ? $list_ppath_maps{$function}
        : $domain_ppath_maps{$function};
    unless ($function eq 'include'
        or (ref $that ne 'Sympa::List' and $function eq 'topics_visibility')
        or $ppath) {
127
        $log->syslog('err', 'Unknown scenario function "%s"', $function);
128
        return undef;
129
130
    }

131
132
133
134
135
136
137
138
139
140
141
142
143
144
    my $name;
    if ($options{name}) {
        $name = $options{name};
    } elsif ($function eq 'include') {
        # {name} option is mandatory.
        die 'bug in logic. Ask developer';
    } elsif (ref $that eq 'Sympa::List') {
        #FIXME: Use Sympa::List::Config.
        if ($ppath =~ /[.]/) {
            my ($pname, $key) = split /[.]/, $ppath, 2;
            $name = ($that->{'admin'}{$pname}{$key} || {})->{name}
                if $that->{'admin'}{$pname};
        } else {
            $name = ($that->{'admin'}{$ppath} || {})->{name};
145
        }
146
147
148
    } elsif ($function eq 'topics_visibility') {
        # {name} option is mandatory.
        die 'bug in logic. Ask developer';
149
    } else {
150
        $name = Conf::get_robot_conf($that, $ppath);
151
    }
152
153
154
155

    unless (
        defined $name
        and (  $function eq 'include' and $name =~ m{\A[^/]+\z}
156
            or $name =~ /\A$scenario_name_re\z/)
157
    ) {
Luc Didry's avatar
Luc Didry committed
158
159
160
161
162
163
        $log->syslog(
            'err',
            'Unknown or undefined scenario function "%s", scenario name "%s"',
            $function,
            $name
        );
164
        return undef;
165
166
    }

167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
    my $data;
    my $file_path = Sympa::search_fullpath(
        $that,
        $function . '.' . $name,
        subdir => 'scenari'
    );
    if ($file_path) {
        # Load the scenario if previously loaded in memory.
        if ($all_scenarios{$file_path}
            and ($options{dont_reload_scenario}
                or Sympa::Tools::File::get_mtime($file_path) <=
                $all_scenarios{$file_path}->{date})
        ) {
            return bless {
                context   => $that,
                function  => $function,
                name      => $name,
                file_path => $file_path,
                _scenario => $all_scenarios{$file_path}
            } => $class;
        }

        # Get the data from file.
        if (open my $ifh, '<', $file_path) {
            $data = do { local $RS; <$ifh> };
            close $ifh;
        } else {
            $log->syslog('err', 'Failed to open scenario file "%s": %m',
                $file_path);
196
197
            return undef;
        }
198
199
    } elsif ($function eq 'include') {
        # include.xx not found will not raise an error message.
200
201
        return undef;
    } else {
202
203
204
205
206
207
208
209
210
211
212
213
214
215
        if ($all_scenarios{"ERROR/$function.$name"}) {
            return bless {
                context   => $that,
                function  => $function,
                name      => $name,
                file_path => 'ERROR',
                _scenario => $all_scenarios{"ERROR/$function.$name"}
            } => $class;
        }

        $log->syslog('err', 'Unable to find scenario file "%s.%s"',
            $function, $name);
        # Default rule is rejecting always.
        $data = 'true() smtp -> reject';
216
217
    }

IKEDA Soji's avatar
IKEDA Soji committed
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
    my $parsed = Sympa::Scenario::compile(
        $that, $data,
        function  => $function,
        file_path => $file_path
    );
    # Keep the scenario in memory.
    $all_scenarios{$file_path || "ERROR/$function.$name"} = $parsed;

    return bless {
        context   => $that,
        function  => $function,
        name      => $name,
        file_path => ($file_path || 'ERROR'),
        _scenario => $parsed,
    } => $class;
}

sub compile {
    my $that    = shift;
    my $data    = shift;
    my %options = @_;

    my $function  = $options{function};
    my $file_path = $options{file_path};

243
    my $parsed = _parse_scenario($data, $file_path);
IKEDA Soji's avatar
IKEDA Soji committed
244
    if ($parsed and not($function and $function eq 'include')) {
245
246
247
        $parsed->{compiled} = _compile_scenario($that, $function, $parsed);
        if ($parsed->{compiled}) {
            $parsed->{sub} = eval $parsed->{compiled};
248
            # Bad syntax in compiled Perl code.
249
250
251
            $log->syslog('err', '%s: %s\n', ($file_path || '(data)'),
                $EVAL_ERROR)
                unless ref $parsed->{sub} eq 'CODE';
252
253
        }
    }
254

IKEDA Soji's avatar
IKEDA Soji committed
255
    return $parsed;
256
257
}

258
# Parse scenario rules.  On failure, returns hash with empty rules.
259
sub _parse_scenario {
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
    $log->syslog('debug3', '(%s, %s)', @_);
    my $data      = shift;
    my $file_path = shift;

    my (%title, @rules);
    my @lines = split /\r\n|\r|\n/, $data;
    my $lineno = 0;
    foreach my $line (@lines) {
        $lineno++;

        next if $line =~ /^\s*\w+\s*$/;    # skip paragraph name
        $line =~ s/\#.*$//;                # remove comments
        next if $line =~ /^\s*$/;          # skip empty lines

        if ($line =~ /^\s*title\.gettext\s+(.*)\s*$/i) {
            $title{gettext} = $1;
276
            next;
277
        } elsif ($line =~ /^\s*title\.(\S+)\s+(.*)\s*$/i) {
278
279
280
            my ($lang, $title) = ($1, $2);
            # canonicalize lang if possible.
            $lang = Sympa::Language::canonic_lang($lang) || $lang;
281
            $title{$lang} = $title;
282
            next;
283
284
        } elsif ($line =~ /^\s*title\s+(.*)\s*$/i) {
            $title{default} = $1;
285
286
287
            next;
        }

288
289
290
        if ($line =~ /\s*(include\s*\(?\'?(.*)\'?\)?)\s*$/i) {
            push @rules, {condition => $1, lineno => $lineno};
        } elsif ($line =~
291
            /^\s*(.*?)\s+((\s*(md5|pgp|smtp|smime|dkim)\s*,?)*)\s*->\s*(.*)\s*$/gi
Luc Didry's avatar
Luc Didry committed
292
        ) {
293
            my ($condition, $auth_methods, $action) = ($1, $2 || 'smtp', $5);
294
            $auth_methods =~ s/\s//g;
295

296
297
298
299
300
301
302
            push @rules,
                {
                condition   => $condition,
                auth_method => [split /,/, $auth_methods],
                action      => $action,
                lineno      => $lineno,
                };
303
        } else {
304
305
306
307
308
309
            $log->syslog(
                'err',
                'Error parsing %s line %s: "%s"',
                $file_path || '(file)',
                $lineno, $line
            );
310
311
            @rules = ();
            last;
312
        }
313
    }
314

315
316
317
318
319
    my $purely_closed =
        not
        grep { not($_->{condition} eq 'true' and $_->{action} =~ /reject/) }
        @rules;

320
    return {
321
322
323
324
        data          => $data,
        title         => {%title},
        rules         => [@rules],
        purely_closed => $purely_closed,
325
326
327
328
329
        # Keep track of the current time ; used later to reload scenario files
        # when they changed on disk
        date => ($file_path ? time : 0),
    };
}
330

331
332
sub to_string {
    shift->{_scenario}{data};
333
334
335
}

sub request_action {
336
    my $that        = shift;
337
    my $function    = shift;
338
    my $auth_method = shift;
339
    my $context     = shift;
340
341
    my %options     = @_;

342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
    my $self = Sympa::Scenario->new($that, $function, %options);
    unless ($self) {
        $log->syslog('err', 'Failed to load scenario for "%s"', $function);
        return undef;
    }

    return $self->authz($auth_method, $context, %options);
}

# Old name: Sympa::Scenario::request_action().
sub authz {
    $log->syslog('debug2', '(%s, %s, %s, ...)', @_);
    my $self        = shift;
    my $auth_method = shift;
    my $context     = shift;
    my %options     = @_;

    my $that     = $self->{context};
    my $function = $self->{function};
361
362
363
364
365
366
367
368
369
370
371
372

    # Pending/closed lists => send/visibility are closed.
    if (    ref $that eq 'Sympa::List'
        and not($that->{'admin'}{'status'} eq 'open')
        and grep { $function eq $_ } qw(send visibility)) {
        $log->syslog('debug3', '%s rejected reason list not open', $function);
        return {
            action      => 'reject',
            reason      => 'list-no-open',
            auth_method => '',
            condition   => '',
        };
373
    }
374

375
    # Check that authorization method is one of those known by Sympa.
376
    unless ($auth_method =~ /^(smtp|md5|pgp|smime|dkim)/) {  #FIXME: regex '$'
377
378
379
380
381
382
383
384
385
386
        $log->syslog('info', 'Unknown auth method %s', $auth_method);
        return {
            action      => 'reject',
            reason      => 'unknown-auth-method',
            auth_method => $auth_method,
            condition   => '',
        };
    }

    # Defining default values for parameters.
387
388
389
390
    $context->{'sender'}      ||= 'nobody';
    $context->{'email'}       ||= $context->{'sender'};
    $context->{'remote_host'} ||= 'unknown_host';
    $context->{'msg_encrypted'} = 'smime'
391
        if defined $context->{'message'}
392
        and $context->{'message'}->{'smime_crypted'};
393

IKEDA Soji's avatar
IKEDA Soji committed
394
395
396
    $context->{'execution_date'} = time
        unless defined $context->{'execution_date'};

397
398
399
    if (ref $that eq 'Sympa::List') {
        foreach my $var (@{$that->{'admin'}{'custom_vars'} || []}) {
            $context->{'custom_vars'}{$var->{'name'}} = $var->{'value'};
400
        }
IKEDA Soji's avatar
IKEDA Soji committed
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419

        $context->{listname} = $that->{'name'};
        $context->{domain}   = $that->{'domain'};
        # Compat.<6.2.32
        $context->{host} = $that->{'domain'};

        if ($context->{message}) {
            #FIXME: need more accurate test.
            $context->{is_bcc} = (
                0 <= index(
                    lc join(', ',
                        $context->{message}->get_header('To'),
                        $context->{message}->get_header('Cc')),
                    lc $that->{'name'}
                )
            ) ? 0 : 1;
        }
    } else {
        $context->{domain} = Conf::get_robot_conf($that || '*', 'domain');
420
    }
421
422

    my $sub = ($self->{_scenario} || {})->{sub};
423
424
    my $result = eval { $sub->($that, $context, $auth_method) }
        if ref $sub eq 'CODE';
425
    # Cope with errors.
IKEDA Soji's avatar
IKEDA Soji committed
426
    unless ($result) {
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
        unless ($sub) {
            $result = {reason => 'not-compiled'};
        } elsif (ref $EVAL_ERROR eq 'HASH') {
            $result = $EVAL_ERROR;
        } else {
            # Fatal error will be logged but not be exposed.
            $log->syslog('err', 'Error in scenario %s, context %s: (%s)',
                $self, $that, $EVAL_ERROR || 'unknown');
            $result = {};
        }
        $result->{action}      ||= 'reject';
        $result->{reason}      ||= 'error-performing-condition';
        $result->{auth_method} ||= $auth_method;
        $result->{condition}   ||= 'default';

        if ($result->{reason} eq 'not-compiled') {
            $log->syslog('info', '%s: Not compiled, reject', $self);
        } elsif ($result->{reason} eq 'no-rule-match') {
IKEDA Soji's avatar
IKEDA Soji committed
445
            $log->syslog('info', '%s: No rule match, reject', $self);
446
447
448
449
450
451
        } else {
            $log->syslog('info', 'Error in scenario %s, context %s: (%s)',
                $self, $that, $result->{reason});
            Sympa::send_notify_to_listmaster($that,
                'error_performing_condition', {error => $result->{reason}})
                unless $options{debug};
452
        }
453
        return $result;
454
455
    }

456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
    my %action = %$result;
    # Check syntax of returned action
    if (   $options{debug}
        or $action{action} =~
        /^(do_it|reject|request_auth|owner|editor|editorkey|listmaster|ham|spam|unsure)/
    ) {
        return {%action, auth_method => $auth_method,};
    } else {
        $log->syslog('err', 'Matched unknown action "%s" in scenario',
            $action{action});
        return {
            action      => 'reject',
            reason      => 'unknown-action',
            auth_method => $auth_method,
        };
    }
472
}
473

474
475
476
477
# Old name: Sympa::Scenario::_parse_action().
sub _compile_action {
    my $action    = shift;
    my $condition = shift;
478

479
    my %action;
480
    $action{condition} = $condition if $condition;
481

482
483
484
485
486
487
488
489
490
491
492
    ## reject : get parameters
    if ($action =~ /^(ham|spam|unsure)/) {
        $action = $1;
    }
    if ($action =~ /^reject(\((.+)\))?(\s?,\s?(quiet))?/) {
        if ($4) {
            $action = 'reject,quiet';
        } else {
            $action = 'reject';
        }
        my @param = split /,/, $2 if defined $2;
493

494
495
496
497
        foreach my $p (@param) {
            if ($p =~ /^reason=\'?(\w+)\'?/) {
                $action{reason} = $1;
                next;
498

499
500
501
            } elsif ($p =~ /^tt2=\'?(\w+)\'?/) {
                $action{tt2} = $1;
                next;
502

503
            }
IKEDA Soji's avatar
IKEDA Soji committed
504
505
            if ($p =~ /^\'?([^'=]+)\'?/) {
                $action{tt2} = $1;
506
507
508
                # keeping existing only, not merging with reject
                # parameters in scenarios
                last;
509
510
            }
        }
511
    }
512
    $action{action} = $action;
513

IKEDA Soji's avatar
IKEDA Soji committed
514
    return _compile_hashref({%action});
515
516
517
}

## check if email respect some condition
518
# Old name: Sympa::Scenario::verify().
519
520
521
522
523
524
525
526
527
528
529
530
531
532
# Deprecated: No longer used.
#sub _verify;

# Old names: (part of) Sympa::Scenario::authz().
sub _compile_scenario {
    $log->syslog('debug2', '(%s, %s, ...)', @_);
    my $that     = shift;
    my $function = shift;
    my $parsed   = shift;

    my @rules = @{$parsed->{rules} || []};

    # Include include.<function>.header if found.
    my $include_scenario =
IKEDA Soji's avatar
IKEDA Soji committed
533
534
        Sympa::Scenario->new($that, 'include', name => $function . '.header')
        if $function;
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
    if ($include_scenario) {
        # Add rules at the beginning.
        unshift @rules, @{$include_scenario->{_scenario}{rules}};
    }
    # Look for 'include' directives amongst rules first.
    foreach my $index (0 .. $#rules) {
        if ($rules[$index]{'condition'} =~
            /^\s*include\s*\(?\'?([\w\.]+)\'?\)?\s*$/i) {
            my $include_file = $1;
            my $include_scenario =
                Sympa::Scenario->new($that, 'include', name => $include_file);
            if ($include_scenario) {
                # Replace the include directive with included rules.
                splice @rules, $index, 1,
                    @{$include_scenario->{_scenario}{rules}};
            }
        }
    }

    ## Include a Blacklist rules if configured for this action
IKEDA Soji's avatar
IKEDA Soji committed
555
    if ($function and $Conf::Conf{'blacklist'}{$function}) {
556
557
558
559
560
561
562
563
564
565
        ## Add rules at the beginning of the array
        unshift @rules,
            {
            'condition'   => "search('blacklist.txt',[sender])",
            'action'      => 'reject,quiet',
            'auth_method' => ['smtp', 'dkim', 'md5', 'pgp', 'smime'],
            };
    }

    my @codes;
IKEDA Soji's avatar
IKEDA Soji committed
566
    my %required;
567
568
569
570
571
572
573
574
575
    foreach my $rule (@rules) {
        $log->syslog(
            'debug3',
            'Verify rule %s, auth %s, action %s',
            $rule->{'condition'},
            join(',', @{$rule->{'auth_method'} || []}),
            $rule->{'action'}
        );

IKEDA Soji's avatar
IKEDA Soji committed
576
        my ($code, @required) = _compile_rule($rule);
577
578
        return undef unless defined $code;    # Bad syntax.
        push @codes, $code;
IKEDA Soji's avatar
IKEDA Soji committed
579
580

        %required = (%required, map { ($_ => 1) } @required);
581
582
    }

IKEDA Soji's avatar
IKEDA Soji committed
583
584
585
586
587
588
589
590
591
592
593
    my $required = join "\n", map {
        my $req;
        if ($_ eq 'list_object') {
            $req = 'return undef unless ref $that eq \'Sympa::List\';';
        } else {
            $req = sprintf 'return undef unless exists $context->{%s};', $_;
        }
        "    $req";
    } sort keys %required;

    return sprintf(<<'EOF', $required, join '', @codes);
594
595
596
597
598
sub {
    my $that        = shift;
    my $context     = shift;
    my $auth_method = shift;

IKEDA Soji's avatar
IKEDA Soji committed
599
600
%s

601
%s
602
    die {reason => 'no-rule-match'};
603
604
605
606
607
608
609
610
}
EOF

}

sub _compile_rule {
    my $rule = shift;

IKEDA Soji's avatar
IKEDA Soji committed
611
    my ($cond, @required) = _compile_condition($rule);
612
613
614
615
616
    return unless defined $cond and length $cond;

    my $auth_methods = join ' ', sort @{$rule->{'auth_method'} || []};
    my $result = _compile_action($rule->{action}, $rule->{condition});

IKEDA Soji's avatar
IKEDA Soji committed
617
618
619
620
621
622
623
624
    if (1 == scalar @{$rule->{'auth_method'} || []}) {
        return (sprintf(<<'EOF', $auth_methods, $result, $cond), @required);
    if ($auth_method eq '%s') {
        return %s if %s;
    }
EOF
    } elsif ($auth_methods eq join(' ', sort qw(smtp dkim md5 smime))) {
        return (sprintf(<<'EOF', $result, $cond), @required);
625
626
627
    return %s if %s;
EOF
    } else {
IKEDA Soji's avatar
IKEDA Soji committed
628
        return (sprintf(<<'EOF', $auth_methods, $result, $cond), @required);
629
630
631
632
633
634
635
636
637
638
639
640
    if (grep {$auth_method eq $_} qw(%s)) {
        return %s if %s;
    }
EOF
    }
}

sub _compile_condition {
    my $rule = shift;

    my $condition = $rule->{condition};

641
642
    unless ($condition =~
        /(\!)?\s*(true|is_listmaster|verify_netmask|is_editor|is_owner|is_subscriber|less_than|match|equal|message|older|newer|all|search|customcondition\:\:\w+)\s*\(\s*(.*)\s*\)\s*/i
Luc Didry's avatar
Luc Didry committed
643
    ) {
644
        $log->syslog('err', 'Error rule syntaxe: unknown condition %s',
645
            $condition);
646
        return undef;
647
    }
648
649
    my $negation      = ($1 and $1 eq '!') ? '!' : '';
    my $condition_key = lc $2;
650
651
652
653
    my $arguments     = $3;

    ## The expression for regexp is tricky because we don't allow the '/'
    ## character (that indicates the end of the regexp
654
    ## but we allow any number of \/ escape sequence)
655
656
657
    my @args;
    my %required_keys;
    pos $arguments = 0;
658
    while (
IKEDA Soji's avatar
Typos.    
IKEDA Soji committed
659
        $arguments =~ m{
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
        \G\s*(
            (\[\w+(\-\>[\w\-]+)?\](\[[-+]?\d+\])?)
            |
            ([\w\-\.]+)
            |
            '[^,)]*'
            |
            "[^,)]*"
            |
            /([^/]*((\\/)*[^/]+))*/
            |
            (\w+)\.ldap
            |
            (\w+)\.sql
        )\s*,?
IKEDA Soji's avatar
Typos.    
IKEDA Soji committed
675
        }cgx
Luc Didry's avatar
Luc Didry committed
676
    ) {
677
678
        my $value = $1;

679
        if ($value =~ m{\A/(.+)/\z}) {
680
            my $re = $1;
IKEDA Soji's avatar
IKEDA Soji committed
681
682
            # Fix orphan "'" and "\".
            $re =~ s{(\\.|.)}{($1 eq "'" or $1 eq "\\")? "\\$1" : $1}eg;
683
            # regexp w/o interpolates
IKEDA Soji's avatar
IKEDA Soji committed
684
685
686
687
688
689
690
691
692
693
            unless (defined eval "qr'$re'") {
                $log->syslog('err', 'Bad regexp /%s/: %s', $re, $EVAL_ERROR);
                return undef;
            }
            if ($re =~ /[[](domain|host)[]]/) {
                $value = sprintf 'Sympa::Scenario::safe_qr(\'%s\', $context)',
                    $re;
            } else {
                $value = "qr'$re'";
            }
694
695
696
697
698
699
700
701
        } elsif ($value =~ /\[custom_vars\-\>([\w\-]+)\]/i) {
            # Custom vars
            $value = sprintf '$context->{custom_vars}{%1}', $1;
        } elsif ($value =~ /\[family\-\>([\w\-]+)\]/i) {
            # Family vars
            $value = sprintf '$context->{family}{%s}', $1;
        } elsif ($value =~ /\[conf\-\>([\w\-]+)\]/i) {
            # Config param
702
            my $conf_key = $1;
703
704
705
            # Compat. < 6.2.32
            $conf_key = 'domain' if $conf_key and $conf_key eq 'host';

706
707
708
709
            if (grep { $_->{'name'} and $_->{'name'} eq $conf_key }
                @Sympa::ConfDef::params) {
                $value =
                    sprintf
IKEDA Soji's avatar
IKEDA Soji committed
710
                    'Conf::get_robot_conf(((ref $that eq \'Sympa::List\') ? $that->{domain} : $that), \'%s\')',
711
                    $conf_key;
712
713
714
            } else {
                # a condition related to a undefined context variable is
                # always false
IKEDA Soji's avatar
IKEDA Soji committed
715
716
                $log->syslog('err', '%s: Unknown key for [conf->%s]',
                    $conf_key);
717
                $value = 'undef()';
718
            }
719
720
        } elsif ($value =~ /\[list\-\>([\w\-]+)\]/i) {
            # List param
721
            my $param = $1;
IKEDA Soji's avatar
IKEDA Soji committed
722
            $required_keys{list_object} = 1;
723

IKEDA Soji's avatar
IKEDA Soji committed
724
725
            if ($param eq 'name') {
                $value = '$that->{name}';
726
            } elsif ($param eq 'total') {
IKEDA Soji's avatar
IKEDA Soji committed
727
                $value = '$that->get_total';
728
            } elsif ($param eq 'address') {
IKEDA Soji's avatar
IKEDA Soji committed
729
                $value = 'Sympa::get_address($that)';
730
            } else {
IKEDA Soji's avatar
IKEDA Soji committed
731
732
                my $pinfo = {%Sympa::ListDef::pinfo};    #FIXME

733
734
735
736
737
738
739
                my $canon_param = $param;
                if (exists $pinfo->{$param}) {
                    my $alias = $pinfo->{$param}{'obsolete'};
                    if ($alias and exists $pinfo->{$alias}) {
                        $canon_param = $alias;
                    }
                }
740
741
742
                if (    exists $pinfo->{$canon_param}
                    and ref $pinfo->{$canon_param}{format} ne 'HASH'
                    and $pinfo->{$canon_param}{occurrence} !~ /n$/) {
IKEDA Soji's avatar
IKEDA Soji committed
743
                    $value = sprintf '$that->{admin}{%s}', $canon_param;
744
                } else {
sikeda's avatar
sikeda committed
745
746
                    $log->syslog('err',
                        'Unknown list parameter %s in rule %s',
747
748
749
                        $value, $condition);
                    return undef;
                }
750
751
            }
        } elsif ($value =~ /\[env\-\>([\w\-]+)\]/i) {
752
753
            my $env = $1;
            $value = sprintf '$ENV{\'%s\'}', $env;
754
        } elsif ($value =~ /\[user\-\>([\w\-]+)\]/i) {
755
            # Sender's user/subscriber attributes (if subscriber)
756
757
758
759
760
            my $key = $1;
            $value =
                sprintf
                '($context->{user} || Sympa::User->new($context->{sender}))->{%s}',
                $key;
761
        } elsif ($value =~ /\[user_attributes\-\>([\w\-]+)\]/i) {
762
763
764
765
766
767
768
769
770
            my $key = $1;
            $value =
                sprintf
                '($context->{user} || Sympa::User->new($context->{sender}))->{attributes}{%s}',
                $key;
        } elsif ($value =~ /\[subscriber\-\>([\w\-]+)\]/i) {
            my $key = $1;
            $value =
                sprintf
IKEDA Soji's avatar
IKEDA Soji committed
771
                '($context->{subscriber} || $that->get_list_memner($context->{sender}) || {})->{%s}',
772
                $key;
773
774
775
        } elsif ($value =~
            /\[(msg_header|header)\-\>([\w\-]+)\](?:\[([-+]?\d+)\])?/i) {
            ## SMTP header field.
776
            ## "[msg_header->field]" returns arrayref of field values,
777
778
779
780
            ## preserving order. "[msg_header->field][index]" returns one
            ## field value.
            my $field_name = $2;
            my $index = (defined $3) ? $3 + 0 : undef;
781
782
783
784
785
786
787
788
789
            ## Defaulting empty or missing fields to '', so that we can
            ## test their value in Scenario, considering that, for an
            ## incoming message, a missing field is equivalent to an empty
            ## field : the information it is supposed to contain isn't
            ## available.
            if (defined $index) {
                $value =
                    sprintf '[$context->{message}->get_header(\'%s\')]->[%s]',
                    $field_name, $index;
790
            } else {
791
792
                $value = sprintf '[$context->{message}->get_header(\'%s\')]',
                    $field_name;
793
            }
794
            $required_keys{message} = 1;
795
        } elsif ($value =~ /\[msg_body\]/i) {
796
797
798
799
800
801
            $value = '$context->{message}->body_as_string';
            $value =
                sprintf
                '((0 == index lc($context->{message}->as_entity->effective_type || "text"), "text") ? %s : undef)',
                $value;
            $required_keys{message} = 1;
802
        } elsif ($value =~ /\[msg_part\-\>body\]/i) {
803
804
805
806
            #FIXME:Should be recurcive...
            $value =
                '[map {$_->bodyhandle->as_string} grep { defined $_->bodyhandle and 0 == index ($_->effective_type || "text"), "text" } $context->{message}->as_entity->parts]';
            $required_keys{message} = 1;
807
        } elsif ($value =~ /\[msg_part\-\>type\]/i) {
808
809
810
            $value =
                '[map {$_->effective_type} $context->{message}->as_entity->parts]';
            $required_keys{message} = 1;
811
        } elsif ($value =~ /\[msg\-\>(\w+)\]/i) {
812
813
814
815
816
817
            my $key = $1;
            $value =
                sprintf
                '(exists $context->{message}{%s} ? $context->{message}{%s} : undef)',
                $key;
            $required_keys{message} = 1;
818
        } elsif ($value =~ /\[current_date\]/i) {
819
            $value = 'time()';
820
        } elsif ($value =~ /\[(\w+)\]/i) {
821
822
            # Quoted string
            my $key = $1;
IKEDA Soji's avatar
IKEDA Soji committed
823
824
825
826
827
828
829
            if ($key eq 'listname') {
                $value = sprintf '$that->{name}';
                $required_keys{list_object} = 1;
            } else {
                $value = sprintf '$context->{%s}', $key;
                $required_keys{$key} = 1;
            }
830
        } elsif ($value =~ /^'(.*)'$/ || $value =~ /^"(.*)"$/) {
831
832
833
834
            my $str = $1;
            $str =~ s{(\\.|.)}{($1 eq "'" or $1 eq "\\")? "\\\'" : $1}eg;
            $value = sprintf "'%s'", $str;
        } else {
835
836
837
838
839
            # Texts with unknown format may be treated as the string constants
            # for compatibility to loose parsing with earlier ver (<=6.2.48).
            my $str = $value;
            $str =~ s/([\\\'])/\\$1/g;
            $value = sprintf "'%s'", $str;
840
841
        }
        push(@args, $value);
842
    }
843
844
845
846
847
848
849
850
851
852
853
854

    my $term = _compile_condition_term($rule, $condition_key, @args);
    return unless $term;

    return ("$negation$term", sort keys %required_keys);
}

sub _compile_condition_term {
    my $rule          = shift;
    my $condition_key = shift;
    my @args          = @_;

855
856
857
    # Getting rid of spaces.
    $condition_key =~ s/^\s*//g;
    $condition_key =~ s/\s*$//g;
858

859
    if ($condition_key =~ /^(true|all)$/i) {
860
861
        # condition that require 0 argument
        if (@args) {
862
863
            $log->syslog(
                'err',
864
865
                'Syntax error: Incorrect number of argument or incorrect argument syntax in %s',
                $condition_key
866
867
868
            );
            return undef;
        }
869
        return '1';
870
    } elsif ($condition_key =~ /^(is_listmaster|verify_netmask)$/) {
871
872
873
874
875
        # condition that require 1 argument
        unless (scalar @args == 1) {
            $log->syslog('err',
                'Syntax error: Incorrect argument number for condition %s',
                $condition_key);
876
877
878
            return undef;
        }
    } elsif ($condition_key =~ /^search$/o) {
879
880
881
882
883
        # condition that require 1 or 2 args (search : historical reasons)
        unless (scalar @args == 1 or scalar @args == 2) {
            $log->syslog('err',
                'Syntax error: Incorrect argument number for condition %s',
                $condition_key);
884
885
            return undef;
        }
886
        # We could search in the family if we got ref on Sympa::Family object.
IKEDA Soji's avatar
typos.    
IKEDA Soji committed
887
888
        return sprintf 'Sympa::Scenario::do_search($that, $context, %s)',
            join ', ', @args;
889
890
    } elsif (
        $condition_key =~
891
892
        # condition that require 2 args
        /^(is_owner|is_editor|is_subscriber|less_than|match|equal|message|newer|older)$/o
Luc Didry's avatar
Luc Didry committed
893
    ) {
894
        unless (scalar @args == 2) {
895
            $log->syslog(
896
                'err',
897
898
                'Syntax error: Incorrect argument number (%d instead of %d) for condition %s',
                scalar(@args),
899
900
                2,
                $condition_key
901
902
903
            );
            return undef;
        }
IKEDA Soji's avatar
IKEDA Soji committed
904
905
906
907
        if ($condition_key =~ /\A(is_owner|is_editor|is_subscriber)\z/) {
            # Interpret '[listname]' as $that.
            $args[0] = '$that' if $args[0] eq '$that->{name}';
        } elsif ($condition_key eq 'match') {
908
909
910
            return sprintf '(%s =~ %s)', $args[0], $args[1];
        }
    } elsif ($condition_key =~ /^customcondition::(\w+)$/) {
IKEDA Soji's avatar
IKEDA Soji committed
911
912
        return sprintf 'do_verify_custom($that, %s, %s, %s)',
            _compile_hashref($rule), $1, join ', ', @args;
913
914
    } else {
        $log->syslog('err', 'Syntax error: Unknown condition %s',
915
            $condition_key);
916
        return undef;
917
    }
918

IKEDA Soji's avatar
typos.    
IKEDA Soji committed
919
920
    return sprintf 'Sympa::Scenario::do_%s($that, \'%s\', %s)',
        $condition_key, $condition_key, join ', ', @args;
921
}
922

IKEDA Soji's avatar
IKEDA Soji committed
923
924
925
926
927
928
929
930
931
932
933
934
935
sub _compile_hashref {
    my $hashref = shift;

    return '{' . join(
        ', ',
        map {
            my ($k, $v) = ($_, $hashref->{$_});
            $v =~ s/([\\\'])/\\$1/g;
            sprintf "%s => '%s'", $k, $v;
        } sort keys %$hashref
    ) . '}';
}

936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
sub safe_qr {
    my $re      = shift;
    my $context = shift;

    my $domain = $context->{domain};
    $domain =~ s/[.]/[.]/g;
    $re =~ s/[[](domain|host)[]]/$domain/g;
    eval "qr'$re'";
}

##### condition : true

##### condition is_listmaster
sub do_is_listmaster {
    my $that          = shift;
    my $condition_key = shift;
    my @args          = @_;

    return 0 if not ref $args[0] and $args[0] eq 'nobody';

    my @arg;
    my $ok = undef;
    if (ref $args[0] eq 'ARRAY') {
        @arg = map { $_->address }
            grep {$_} map { (Mail::Address->parse($_)) } @{$args[0]};
    } else {
        @arg = map { $_->address }
            grep {$_} Mail::Address->parse($args[0]);
    }
    foreach my $arg (@arg) {
        if (Sympa::is_listmaster($that, $arg)) {
            $ok = $arg;
            last;
969
        }
970
971
    }

972
973
    return $ok ? 1 : 0;
}
974

975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
##### condition verify_netmask
sub do_verify_netmask {
    my $that          = shift;
    my $condition_key = shift;
    my @args          = @_;
    ## Check that the IP address of the client is available
    ## Means we are in a web context
    # always skip this rule because we can't evaluate it.
    return 0 unless defined $ENV{'REMOTE_ADDR'};

    my @cidr;
    if ($args[0] eq 'default' or $args[0] eq 'any') {
        # Compatibility with Net::Netmask, adding IPv6 feature.
        @cidr = ('0.0.0.0/0', '::/0');
    } else {
        if ($args[0] =~ /\A(\d+\.\d+\.\d+\.\d+):(\d+\.\d+\.\d+\.\d+)\z/) {
            # Compatibility with Net::Netmask.
            eval { @cidr = Net::CIDR::range2cidr("$1/$2"); };
993
        } else {
994
            eval { @cidr = Net::CIDR::range2cidr($args[0]); };
995
        }
996
997
998
        if ($@ or scalar(@cidr) != 1) {
            # Compatibility with Net::Netmask: Should be single range.
            @cidr = ();
999
        } else {
1000
            @cidr = grep { Net::CIDR::cidrvalidate($_) } @cidr;
For faster browsing, not all history is shown. View entire blame