1SYMPA_SCENARIO(5)                sympa 6.2.64                SYMPA_SCENARIO(5)
2
3
4

NAME

6       sympa_scenario - Authorization scenario
7

SYNOPSIS

9       An example del.auth file:
10
11         title    deletion performed only by list owners, need authentication
12         title.es eliminacin reservada slo para el propietario, necesita autentificacin
13
14         is_owner([listname],[sender])  smtp       -> request_auth
15         is_listmaster([sender])        smtp       -> request_auth
16         true()                         md5,smime  -> do_it
17

DESCRIPTION

19   File format
20       Basically, a scenario file is composed of titles on the first lines and
21       a set of rules on the following lines.
22
23       Rules consist of one or more line in the form:
24
25         condition authentication_methods -> action
26
27       Some terms of conditions may take one or more arguments.  The arguments
28       are variables or literals (see "Terms of conditions", "Variables").
29
30       Authentication methods is a comma-separated list of one or more methods
31       (see "Authentication methods").
32
33       Some actions may have optional modifiers (see "Actions").
34
35       Terms of conditions
36
37       "true" "(" ")"
38           Always returns true.
39
40       "equal" "(" var1"," var2 ")"
41           Tests if two arguments are equal.
42
43       "is_subscriber" "(" listname"," var ")"
44       "is_owner" "(" listname"," var ")"
45       "is_editor" "(" listname"," var ")"
46           Tests if var is the subscriber, owner or editor of the list
47           listname.  listname is the variable "[listname]" or list address,
48           "name" or "name"@"domain".
49
50       "is_listmaster" "(" var ")"
51           Tests if var is the listmaster.
52
53       "less_than" "(" var1"," var2 ")"
54           Tests if var1 is less than var2.
55
56       "match" "(" var"," "/"perl_regexp"/" ")"
57           Tests if var matches with perl_regexp.
58
59           perl_regexp is a perl regular expression.  Don't forget to escape
60           special characters ("^", "$", "{", "(", ...): Check perlre(1) for
61           regular expression syntax.  It can contain the string "[domain]"
62           (interpreted at run time as the list or robot domain).
63
64           Note: Sympa prior to 6.2.32 recognized "[host]" instead of
65           "[domain]".
66
67       "newer" "(" date"," date ")"
68           Returns true if first date is posterior to the second
69
70       "older" "(" date"," date ")"
71           Returns true if first date is anterior to the second date
72
73           date is Unix time or the string "n"y"n"m"n"d"n"h"n"min"n"sec"",
74           where each n is a number.
75
76       "search" "(" named_filter_file"," var")"
77           Tests if var is found by named filter.
78
79           named_filter_file is a file name ending with ".ldap", ".sql" or
80           ".txt".
81
82       "verify_netmask" "(" network_block ")"
83           Tests if "REMOTE_ADDR" CGI environment variable matches with
84           network_block.
85
86           This allows the user to configure their local network to only be
87           accessible to those that are members of it.
88
89       "CustomCondition::"package_name "(" arguments, ... ")"
90           Evaluates custom condition.  package_name is the name of a Perl
91           package in $SYSCONFDIR/custom_conditions/ (lowercase).
92
93       Variables
94
95       "[custom_vars->"custom_var_name"]"
96           Allows you to introduce custom parameters in your scenario.
97           custom_var_name is the name of the custom parameter you want to
98           use.
99
100       "[date]"
101           Date of reception of the message.
102
103       "[domain]"
104           Mail domain of current list.
105
106           Note: This variable was introduced by Sympa 6.2.32.  Previous
107           versions used a variable "[conf->host]" (obsoleted) instead.
108
109       "[env->"env_var"]"
110           env_var is the name of CGI environment variable (note that it is
111           case-sensitive).
112
113       "[is_bcc]"
114           Set to 1 if the list is neither in To: nor Cc: field.
115
116       "[listname]"
117           Name of current list.
118
119       "[msg_encrypted]"
120           Set to ""smime"" if the message was S/MIME encrypted.
121
122       "[msg_header->"field_name"]"
123       "[msg_header->"field_name"]["index"]"
124           Value of message header field, available only when evaluating the
125           authorization scenario for sending messages.  It can be used, for
126           example, to require editor validation for multipart messages.
127           Optional index may be integer (may be less than 0) to choose
128           particular entry from multiple fields.
129
130       "[msg_part->type]"
131       "[msg_part->body]"
132           The MIME content types and bodies; the body is available for MIME
133           parts in text/xxx format only.
134
135       "[previous_email]"
136           Old email when changing subscription email in preference page.
137
138       "[sender]"
139           The email address of the current user (used on web or mail
140           interface).  Default value is "nobody".
141
142       "[topic]"
143           Topic of the message.  This variable has a value if any of the
144           following "[topic_*]" variables has a value.
145
146       "[topic_auto]"
147           Topic of the message if it has been automatically tagged.
148
149       "[topic_editor]"
150           Topic of the message if it has been tagged by editor.
151
152       "[topic_needed]"
153           The message has not got any topic and message topic are required
154           for the list.
155
156       "[topic_sender]"
157           Topic of the message if it has been tagged by sender.
158
159       "[user_attributes->"user_attributes_key_word"]"
160           user_attributes_key_word is one of the names of user attributes
161           provided by the SSO system via environment variables.  Available
162           only if user authenticated with a "generic_sso".
163
164       Authentication methods
165
166       The e-mail of authenticated user is given by "[sender]" variable.  If
167       it is not given, '"nobody"' will be set.
168
169       "smtp"
170           Default method.  No actual authentication, and if any, sender of
171           the message is used.
172
173       "dkim"
174           Authenticated by DKIM signature.
175
176       "md5"
177           Authenticated by web authentication (password), or by
178           authentication key in e-mail message.
179
180       "smime"
181           Authenticated by S/MIME signature, or TLS client certificate.
182
183       Actions
184
185       An action consists of an action name and optional modifiers.
186
187       Action names:
188
189       "do_it"
190           Allows operation.
191
192       "editor"
193           The message will be forwarded to list editor.
194
195       "editorkey"
196           The message will be held for moderation by list editor.
197
198       "listmaster"
199           Same as "do_it" but makes newly created list be pending.
200
201       "owner"
202           The operation is held and waits for approval by list owner.
203
204       "reject"
205           Denies operation.
206
207       "request_auth"
208           The operation is held and waits for confirmation by the user.
209
210       Modifiers:
211
212       "([email])"
213           Only for "request_auth" action.  Sends authentication request to
214           the target user of operation (given as the value of ""[email]""
215           variable) instead of original sender.
216
217           Note that "[email]" is a literal and no other variable names can't
218           be used.
219
220       "," "notify"
221           Only for "do_it" and "listmaster" actions.  Sends a notification to
222           list owner.
223
224       "," "quiet"
225           Sends no notification to the message sender.
226
227       "(reason='"reason_key"')"
228           Only for "reject" action.  Matches a key in
229           mail_tt2/authorization_reject.tt2 template corresponding to an
230           information message about the reason of the reject of the user.
231           reason_key have to be a static string enclosed by '...'.
232
233       "(tt2='"tpl_name"')"
234           Only for "reject" action.  Corresponding template (tpl_name".tt2")
235           is sent to the sender.  tpl_name have to be a static string
236           enclosed by '...'.
237
238   Formal syntax
239       # Below is the formal syntax definition by modified BNF.
240
241       rule : condition spaces auth_list "->" action
242
243       # Condition
244
245       condition : "!" condition
246           | "true" "(" ")"
247           | "equal" "(" var "," var ")"
248           | "is_editor" "(" listname "," var ")"
249           | "is_listmaster" "(" var ")"
250           | "is_owner" "(" listname "," var ")"
251           | "is_subscriber" "(" listname "," var ")"
252           | "less_than" "(" var "," var ")"
253           | "match" "(" var "," "/" perl_regexp "/" ")"
254           | "newer" "(" date "," date ")"
255           | "older" "(" date "," date ")"
256           | "search" "(" named_filter_file ")"
257           | "verify_netmask" "(" network_block ")"
258           | "CustomCondition::" package_name "(" var* ")"
259
260       var : "[email]"
261           | "[conf->" conf_key_word "]"
262           | "[current_date]"
263           | "[custom_vars->" custom_var_name "]"
264           | "[env->" env_var "]"
265           | "[is_bcc]"
266           | "[list->" list_key_word "]"
267           | "[msg_body]"
268           | "[msg_encrypted]"
269           | "[msg_header->" field_name "]" "[" index "]"
270           | "[msg_header->" field_name "]"
271           | "[msg_part->type]"
272           | "[msg_part->body]"
273           | "[previous_email]"
274           | "[sender]"
275           | "[subscriber->" subscriber_key_word "]"
276           | "[topic]"
277           | "[topic_auto]"
278           | "[topic_editor]"
279           | "[topic_needed]"
280           | "[topic_sender]"
281           | "[user->" user_key_word "]"
282           | "[user_attributes->" user_attributes_keyword "]"
283           | string
284
285       listname : "[listname]"
286           | listname_string
287           | listname_string "@" domain_string
288
289       date : "[date]"
290           | date_expr
291           | integer
292
293       user_key_word : "email"
294           | "gecos"
295           | "lang"
296           | "password"
297           | "cookie_delay_user"
298           | additional_user_fields
299
300       subscriber_key_word : "email"
301           | "date"
302           | "bounce"
303           | "gecos"
304           | "reception"
305           | "update_date"
306           | "visibility"
307           | additional_subscriber_fields
308
309       list_key_word : "name"
310           | "address"
311           | "domain"
312           | "lang"
313           | "max_size"
314           | "priority"
315           | "reply_to"
316           | "status"
317           | "subject"
318           | "total"
319           | "account"
320
321       conf_key_word : "domain"
322           | "default_list_priority"
323           | "email"
324           | "lang"
325           | "listmaster"
326           | "max_size"
327           | "request_priority"
328           | "sympa_priority"
329
330       # Authentication methods
331
332       auth_list : auth "," auth_list
333           | auth
334           | ""
335
336       auth : "smtp"
337           | "dkim"
338           | "md5"
339           | "smime"
340
341       # Actions
342
343       action : "do_it" ( "," "quiet" | "," "notify" )*
344           | "editor" [ "," "quiet" ]
345           | "editorkey" [ "," "quiet" ]
346           | "listmaster" [ "," "notify" ]
347           | "owner" [ "," "quiet" ]
348           | "reject" (
349                 "(" "reason=" reason_key ")"
350               | "(" "tt2=" tpl_name ")"
351               | "," "quiet"
352             )*
353           | "reject(tt2=" tpl_name ")" [ "," "quiet" ]
354           | "request_auth" [ "([email])" ]
355

FILES

357       $EXPLDIR"/"list path"/scenari"
358       $SYSCONFDIR"/"virtual host"/scenari"
359       $SYSCONFDIR"/scenari"
360       $DEFAULTDIR"/scenari"
361           Path of scenario files: List, robot and site levels, and
362           distribution defaults.
363

SEE ALSO

365       Sympa::Scenario.
366

HISTORY

368       Original contents of this document were partially taken from a chapter
369       "Authorization scenarios" in Sympa, Mailing List Management Software -
370       Reference manual.
371
372
373
3746.2.64                            2021-07-15                 SYMPA_SCENARIO(5)
Impressum