1SYMPA_SCENARIO(5) sympa 6.2.48 SYMPA_SCENARIO(5)
2
6 sympa_scenario - Authorization scenario
7
9 An example del.auth file:
10 title deletion performed only by list owners, need authentication
12 title.es eliminacin reservada slo para el propietario, necesita autentificacin
13 is_owner([listname],[sender]) smtp -> request_auth
15 is_listmaster([sender]) smtp -> request_auth
16 true() md5,smime -> do_it
17
19 File format
20 Basically, a scenario file is composed of titles on the first lines and
21 a set of rules on the following lines.
22 Rules consist of one or more line in the form:
24 condition authentication_methods -> action
26 Some terms of conditions may take one or more arguments. The arguments
28 are variables or literals (see "Terms of conditions", "Variables").
29 Authentication methods is a comma-separated list of one or more methods
31 (see "Authentication methods").
32 Some actions may have optional modifiers (see "Actions").
34 Terms of conditions
36 "true" "(" ")"
38 Always returns true.
39 "equal" "(" var1"," var2 ")"
41 Tests if two arguments are equal.
42 "is_subscriber" "(" listname"," var ")"
44 "is_owner" "(" listname"," var ")"
45 "is_editor" "(" listname"," var ")"
46 Tests if var is the subscriber, owner or editor of the list
47 listname. listname is the variable "[listname]" or list address,
48 "name" or "name"@"domain".
49 "is_listmaster" "(" var ")"
51 Tests if var is the listmaster.
52 "less_than" "(" var1"," var2 ")"
54 Tests if var1 is less than var2.
55 "match" "(" var"," "/"perl_regexp"/" ")"
57 Tests if var matches with perl_regexp.
58 perl_regexp is a perl regular expression. Don't forget to escape
60 special characters ("^", "$", "{", "(", ...): Check perlre(1) for
61 regular expression syntax. It can contain the string "[domain]"
62 (interpreted at run time as the list or robot domain).
63 Note: Sympa prior to 6.2.32 recognized "[host]" instead of
65 "[domain]".
66 "newer" "(" date"," date ")"
68 Returns true if first date is posterior to the second
69 "older" "(" date"," date ")"
71 Returns true if first date is anterior to the second date
72 date is Unix time or the string "n"y"n"m"n"d"n"h"n"min"n"sec"",
74 where each n is a number.
75 "search" "(" named_filter_file"," var")"
77 Tests if var is found by named filter.
78 named_filter_file is a file name ending with ".ldap", ".sql" or
80 ".txt".
81 "verify_netmask" "(" network_block ")"
83 Tests if "REMOTE_ADDR" CGI environment variable matches with
84 network_block.
85 This allows the user to configure their local network to only be
87 accessible to those that are members of it.
88 "CustomCondition::"package_name "(" arguments, ... ")"
90 Evaluates custom condition. package_name is the name of a Perl
91 package in $SYSCONFDIR/custom_conditions/ (lowercase).
92 Variables
94 "[custom_vars->"custom_var_name"]"
96 Allows you to introduce custom parameters in your scenario.
97 custom_var_name is the name of the custom parameter you want to
98 use.
99 "[date]"
101 Date of reception of the message.
102 "[domain]"
104 Mail domain of current list.
105 Note: This variable was introduced by Sympa 6.2.32. Previous
107 versions used a variable "[conf->host]" (obsoleted) instead.
108 "[env->"env_var"]"
110 env_var is the name of CGI environment variable (note that it is
111 case-sensitive).
112 "[is_bcc]"
114 Set to 1 if the list is neither in To: nor Cc: field.
115 "[listname]"
117 Name of current list.
118 "[msg_encrypted]"
120 Set to ""smime"" if the message was S/MIME encrypted.
121 "[msg_header->"field_name"]"
123 "[msg_header->"field_name"]["index"]"
124 Value of message header field, available only when evaluating the
125 authorization scenario for sending messages. It can be used, for
126 example, to require editor validation for multipart messages.
127 Optional index may be integer (may be less than 0) to choose
128 particular entry from multiple fields.
129 "[msg_part->type]"
131 "[msg_part->body]"
132 The MIME content types and bodies; the body is available for MIME
133 parts in text/xxx format only.
134 "[previous_email]"
136 Old email when changing subscription email in preference page.
137 "[sender]"
139 The email address of the current user (used on web or mail
140 interface). Default value is "nobody".
141 "[topic]"
143 Topic of the message. This variable has a value if any of the
144 previous "[topic-*]" variable has a value.
145 "[topic-auto]"
147 Topic of the message if it has been automatically tagged.
148 "[topic-editor]"
150 Topic of the message if it has been tagged by editor.
151 "[topic-needed]"
153 The message has not got any topic and message topic are required
154 for the list.
155 "[topic-sender]"
157 Topic of the message if it has been tagged by sender.
158 "[user_attributes->"user_attributes_key_word"]"
160 user_attributes_key_word is one of the names of user attributes
161 provided by the SSO system via environment variables. Available
162 only if user authenticated with a "generic_sso".
163 Authentication methods
165 The e-mail of authenticated user is given by "[sender]" variable. If
167 it is not given, '"nobody"' will be set.
168 "smtp"
170 Default method. No actual authentication, and if any, sender of
171 the message is used.
172 "dkim"
174 Authenticated by DKIM signature.
175 "md5"
177 Authenticated by web authentication (password), or by
178 authentication key in e-mail message.
179 "smime"
181 Authenticated by S/MIME signature, or TLS client certificate.
182 Actions
184 An action consists of an action name and optional modifiers.
186 Action names:
188 "do_it"
190 Allows operation.
191 "editor"
193 The message will be forwarded to list editor.
194 "editorkey"
196 The message will be held for moderation by list editor.
197 "listmaster"
199 Same as "do_it" but makes newly created list be pending.
200 "owner"
202 The operation is held and waits for approval by list owner.
203 "reject"
205 Denies operation.
206 "request_auth"
208 The operation is held and waits for confirmation by the user.
209 Modifiers:
211 "([email])"
213 Only for "request_auth" action. Sends authentication request to
214 the target user of operation (given as the value of ""[email]""
215 variable) instead of original sender.
216 Note that "[email]" is a literal and no other variable names can't
218 be used.
219 "," "notify"
221 Only for "do_it" and "listmaster" actions. Sends a notification to
222 list owner.
223 "," "quiet"
225 Sends no notification to the message sender.
226 "(reason='"reason_key"')"
228 Only for "reject" action. Matches a key in
229 mail_tt2/authorization_reject.tt2 template corresponding to an
230 information message about the reason of the reject of the user.
231 reason_key have to be a static string enclosed by '...'.
232 "(tt2='"tpl_name"')"
234 Only for "reject" action. Corresponding template (tpl_name".tt2")
235 is sent to the sender. tpl_name have to be a static string
236 enclosed by '...'.
237 Formal syntax
239 # Below is the formal syntax definition by modified BNF.
240 rule : condition spaces auth_list "->" action
242 # Condition
244 condition : "!" condition
246 | "true" "(" ")"
247 | "equal" "(" var "," var ")"
248 | "is_editor" "(" listname "," var ")"
249 | "is_listmaster" "(" var ")"
250 | "is_owner" "(" listname "," var ")"
251 | "is_subscriber" "(" listname "," var ")"
252 | "less_than" "(" var "," var ")"
253 | "match" "(" var "," "/" perl_regexp "/" ")"
254 | "newer" "(" date "," date ")"
255 | "older" "(" date "," date ")"
256 | "search" "(" named_filter_file ")"
257 | "verify_netmask" "(" network_block ")"
258 | "CustomCondition::" package_name "(" var* ")"
259 var : "[email]"
261 | "[conf->" conf_key_word "]"
262 | "[current_date]"
263 | "[custom_vars->" custom_var_name "]"
264 | "[env->" env_var "]"
265 | "[is_bcc]"
266 | "[list->" list_key_word "]"
267 | "[msg_body]"
268 | "[msg_encrypted]"
269 | "[msg_header->" field_name "]" "[" index "]"
270 | "[msg_header->" field_name "]"
271 | "[msg_part->type]"
272 | "[msg_part->body]"
273 | "[previous_email]"
274 | "[sender]"
275 | "[subscriber->" subscriber_key_word "]"
276 | "[topic]"
277 | "[topic-auto]"
278 | "[topic-editor]"
279 | "[topic-needed]"
280 | "[topic-sender]"
281 | "[user->" user_key_word "]"
282 | "[user_attributes->" user_attributes_keyword "]"
283 | string
284 listname : "[listname]"
286 | listname_string
287 | listname_string "@" domain_string
288 date : "[date]"
290 | date_expr
291 | integer
292 user_key_word : "email"
294 | "gecos"
295 | "lang"
296 | "password"
297 | "cookie_delay_user"
298 | additional_user_fields
299 subscriber_key_word : "email"
301 | "date"
302 | "bounce"
303 | "gecos"
304 | "reception"
305 | "update_date"
306 | "visibility"
307 | additional_subscriber_fields
308 list_key_word : "name"
310 | "address"
311 | "domain"
312 | "lang"
313 | "max_size"
314 | "priority"
315 | "reply_to"
316 | "status"
317 | "subject"
318 | "total"
319 | "account"
320 conf_key_word : "domain"
322 | "default_list_priority"
323 | "email"
324 | "lang"
325 | "listmaster"
326 | "max_size"
327 | "request_priority"
328 | "sympa_priority"
329 # Authentication methods
331 auth_list : auth "," auth_list
333 | auth
334 | ""
335 auth : "smtp"
337 | "dkim"
338 | "md5"
339 | "smime"
340 # Actions
342 action : "do_it" ( "," "quiet" | "," "notify" )*
344 | "editor" [ "," "quiet" ]
345 | "editorkey" [ "," "quiet" ]
346 | "listmaster" [ "," "notify" ]
347 | "owner" [ "," "quiet" ]
348 | "reject" (
349 "(" "reason=" reason_key ")"
350 | "(" "tt2=" tpl_name ")"
351 | "," "quiet"
352 )*
353 | "reject(tt2=" tpl_name ")" [ "," "quiet" ]
354 | "request_auth" [ "([email])" ]
355
357 $EXPLDIR"/"list path"/scenari"
358 $SYSCONFDIR"/"virtual host"/scenari"
359 $SYSCONFDIR"/scenari"
360 $DEFAULTDIR"/scenari"
361 Path of scenario files: List, robot and site levels, and
362 distribution defaults.
363
365 Sympa::Scenario.
366
368 Original contents of this document were partially taken from a chapter
369 "Authorization scenarios" in Sympa, Mailing List Management Software -
370 Reference manual.
3716.2.48 2019-11-29 SYMPA_SCENARIO(5)