1SYMPA_SCENARIO(5) sympa 6.2.68 SYMPA_SCENARIO(5)
2
3
4
6 sympa_scenario - Authorization scenario
7
9 An example del.auth file:
10
11 title deletion performed only by list owners, need authentication
12 title.es eliminacin reservada slo para el propietario, necesita autentificacin
13
14 is_owner([listname],[sender]) smtp -> request_auth
15 is_listmaster([sender]) smtp -> request_auth
16 true() md5,smime -> do_it
17
19 File format
20 Basically, a scenario file is composed of titles on the first lines and
21 a set of rules on the following lines.
22
23 Rules consist of one or more line in the form:
24
25 condition authentication_methods -> action
26
27 Some terms of conditions may take one or more arguments. The arguments
28 are variables or literals (see "Terms of conditions", "Variables").
29
30 Authentication methods is a comma-separated list of one or more methods
31 (see "Authentication methods").
32
33 Some actions may have optional modifiers (see "Actions").
34
35 Terms of conditions
36
37 "true" "(" ")"
38 Always returns true.
39
40 "equal" "(" var1"," var2 ")"
41 Tests if two arguments are equal.
42
43 "is_subscriber" "(" listname"," var ")"
44 "is_owner" "(" listname"," var ")"
45 "is_editor" "(" listname"," var ")"
46 Tests if var is the subscriber, owner or editor of the list
47 listname. listname is the variable "[listname]" or list address,
48 "name" or "name"@"domain".
49
50 "is_listmaster" "(" var ")"
51 Tests if var is the listmaster.
52
53 "less_than" "(" var1"," var2 ")"
54 Tests if var1 is less than var2.
55
56 "match" "(" var"," "/"perl_regexp"/" ")"
57 Tests if var matches with perl_regexp.
58
59 perl_regexp is a perl regular expression. Don't forget to escape
60 special characters ("^", "$", "{", "(", ...): Check perlre(1) for
61 regular expression syntax. It can contain the string "[domain]"
62 (interpreted at run time as the list or robot domain).
63
64 Note: Sympa prior to 6.2.32 recognized "[host]" instead of
65 "[domain]".
66
67 "newer" "(" date"," date ")"
68 Returns true if first date is posterior to the second
69
70 "older" "(" date"," date ")"
71 Returns true if first date is anterior to the second date
72
73 date is Unix time or the string "n"y"n"m"n"d"n"h"n"min"n"sec"",
74 where each n is a number.
75
76 "search" "(" named_filter_file"," var")"
77 Tests if var is found by named filter.
78
79 named_filter_file is a file name ending with ".ldap", ".sql" or
80 ".txt".
81
82 "verify_netmask" "(" network_block ")"
83 Tests if "REMOTE_ADDR" CGI environment variable matches with
84 network_block.
85
86 This allows the user to configure their local network to only be
87 accessible to those that are members of it.
88
89 "CustomCondition::"package_name "(" arguments, ... ")"
90 Evaluates custom condition. package_name is the name of a Perl
91 package in $SYSCONFDIR/custom_conditions/ (lowercase).
92
93 Variables
94
95 "[custom_vars->"custom_var_name"]"
96 Allows you to introduce custom parameters in your scenario.
97 custom_var_name is the name of the custom parameter you want to
98 use.
99
100 "[date]"
101 Date of reception of the message.
102
103 "[domain]"
104 Mail domain of current list.
105
106 Note: This variable was introduced by Sympa 6.2.32. Previous
107 versions used a variable "[conf->host]" (obsoleted) instead.
108
109 "[env->"env_var"]"
110 env_var is the name of CGI environment variable (note that it is
111 case-sensitive).
112
113 "[is_bcc]"
114 Set to 1 if the list is neither in To: nor Cc: field.
115
116 "[listname]"
117 Name of current list.
118
119 "[msg_encrypted]"
120 Set to ""smime"" if the message was S/MIME encrypted.
121
122 "[msg_header->"field_name"]"
123 "[msg_header->"field_name"]["index"]"
124 Value of message header field, available only when evaluating the
125 authorization scenario for sending messages. It can be used, for
126 example, to require editor validation for multipart messages.
127 Optional index may be integer (may be less than 0) to choose
128 particular entry from multiple fields.
129
130 "[msg_part->type]"
131 "[msg_part->body]"
132 The MIME content types and bodies; the body is available for MIME
133 parts in text/xxx format only.
134
135 "[previous_email]"
136 Old email when changing subscription email in preference page.
137
138 "[sender]"
139 The email address of the current user (used on web or mail
140 interface). Default value is "nobody".
141
142 "[topic]"
143 Topic of the message. This variable has a value if any of the
144 following "[topic_*]" variables has a value.
145
146 "[topic_auto]"
147 Topic of the message if it has been automatically tagged.
148
149 "[topic_editor]"
150 Topic of the message if it has been tagged by editor.
151
152 "[topic_needed]"
153 The message has not got any topic and message topic are required
154 for the list.
155
156 "[topic_sender]"
157 Topic of the message if it has been tagged by sender.
158
159 "[user_attributes->"user_attributes_key_word"]"
160 user_attributes_key_word is one of the names of user attributes
161 provided by the SSO system via environment variables. Available
162 only if user authenticated with a "generic_sso".
163
164 Authentication methods
165
166 The e-mail of authenticated user is given by "[sender]" variable. If
167 it is not given, '"nobody"' will be set.
168
169 "smtp"
170 Default method. No actual authentication, and if any, sender of
171 the message is used.
172
173 "dkim"
174 Authenticated by DKIM signature.
175
176 "md5"
177 Authenticated by web authentication (password), or by
178 authentication key in e-mail message.
179
180 "smime"
181 Authenticated by S/MIME signature, or TLS client certificate.
182
183 Actions
184
185 An action consists of an action name and optional modifiers.
186
187 Action names:
188
189 "do_it"
190 Allows operation.
191
192 "editor"
193 The message will be forwarded to list editor.
194
195 "editorkey"
196 The message will be held for moderation by list editor.
197
198 "listmaster"
199 Same as "do_it" but makes newly created list be pending.
200
201 "owner"
202 The operation is held and waits for approval by list owner.
203
204 "reject"
205 Denies operation.
206
207 "request_auth"
208 The operation is held and waits for confirmation by the user.
209
210 Modifiers:
211
212 "([email])"
213 Only for "request_auth" action. Sends authentication request to
214 the target user of operation (given as the value of ""[email]""
215 variable) instead of original sender.
216
217 Note that "[email]" is a literal and no other variable names can't
218 be used.
219
220 "," "notify"
221 Only for "do_it" and "listmaster" actions. Sends a notification to
222 list owner.
223
224 "," "quiet"
225 Sends no notification to the message sender.
226
227 "(reason='"reason_key"')"
228 Only for "reject" action. Matches a key in
229 mail_tt2/authorization_reject.tt2 template corresponding to an
230 information message about the reason of the reject of the user.
231 reason_key have to be a static string enclosed by '...'.
232
233 "(tt2='"tpl_name"')"
234 Only for "reject" action. Corresponding template (tpl_name".tt2")
235 is sent to the sender. tpl_name have to be a static string
236 enclosed by '...'.
237
238 Formal syntax
239 # Below is the formal syntax definition by modified BNF.
240
241 rule : condition spaces auth_list "->" action
242
243 # Condition
244
245 condition : "!" condition
246 | "true" "(" ")"
247 | "equal" "(" var "," var ")"
248 | "is_editor" "(" listname "," var ")"
249 | "is_listmaster" "(" var ")"
250 | "is_owner" "(" listname "," var ")"
251 | "is_subscriber" "(" listname "," var ")"
252 | "less_than" "(" var "," var ")"
253 | "match" "(" var "," "/" perl_regexp "/" ")"
254 | "newer" "(" date "," date ")"
255 | "older" "(" date "," date ")"
256 | "search" "(" named_filter_file ")"
257 | "verify_netmask" "(" network_block ")"
258 | "CustomCondition::" package_name "(" var* ")"
259
260 var : "[email]"
261 | "[conf->" conf_key_word "]"
262 | "[current_date]"
263 | "[custom_vars->" custom_var_name "]"
264 | "[env->" env_var "]"
265 | "[is_bcc]"
266 | "[list->" list_key_word "]"
267 | "[msg_body]"
268 | "[msg_encrypted]"
269 | "[msg_header->" field_name "]" "[" index "]"
270 | "[msg_header->" field_name "]"
271 | "[msg_part->type]"
272 | "[msg_part->body]"
273 | "[previous_email]"
274 | "[sender]"
275 | "[subscriber->" subscriber_key_word "]"
276 | "[topic]"
277 | "[topic_auto]"
278 | "[topic_editor]"
279 | "[topic_needed]"
280 | "[topic_sender]"
281 | "[user->" user_key_word "]"
282 | "[user_attributes->" user_attributes_keyword "]"
283 | string
284
285 listname : "[listname]"
286 | listname_string
287 | listname_string "@" domain_string
288
289 date : "[date]"
290 | date_expr
291 | integer
292
293 user_key_word : "email"
294 | "gecos"
295 | "lang"
296 | "password"
297 | "cookie_delay_user"
298 | additional_user_fields
299
300 subscriber_key_word : "email"
301 | "date"
302 | "bounce"
303 | "gecos"
304 | "reception"
305 | "update_date"
306 | "visibility"
307 | additional_subscriber_fields
308
309 list_key_word : "name"
310 | "address"
311 | "domain"
312 | "lang"
313 | "max_size"
314 | "priority"
315 | "reply_to"
316 | "status"
317 | "subject"
318 | "total"
319 | "account"
320
321 conf_key_word : "domain"
322 | "default_list_priority"
323 | "email"
324 | "lang"
325 | "listmaster"
326 | "max_size"
327 | "request_priority"
328 | "sympa_priority"
329
330 # Authentication methods
331
332 auth_list : auth "," auth_list
333 | auth
334 | ""
335
336 auth : "smtp"
337 | "dkim"
338 | "md5"
339 | "smime"
340
341 # Actions
342
343 action : "do_it" ( "," "quiet" | "," "notify" )*
344 | "editor" [ "," "quiet" ]
345 | "editorkey" [ "," "quiet" ]
346 | "listmaster" [ "," "notify" ]
347 | "owner" [ "," "quiet" ]
348 | "reject" (
349 "(" "reason=" reason_key ")"
350 | "(" "tt2=" tpl_name ")"
351 | "," "quiet"
352 )*
353 | "reject(tt2=" tpl_name ")" [ "," "quiet" ]
354 | "request_auth" [ "([email])" ]
355
357 $EXPLDIR"/"list path"/scenari"
358 $SYSCONFDIR"/"virtual host"/scenari"
359 $SYSCONFDIR"/scenari"
360 $DEFAULTDIR"/scenari"
361 Path of scenario files: List, robot and site levels, and
362 distribution defaults.
363
365 Sympa::Scenario.
366
368 Original contents of this document were partially taken from a chapter
369 "Authorization scenarios" in Sympa, Mailing List Management Software -
370 Reference manual.
371
372
373
3746.2.68 2022-01-25 SYMPA_SCENARIO(5)