Provided by: sympa_6.2.70~dfsg-2_amd64 bug

NAME

       sympa_scenario - Authorization scenario

SYNOPSIS

       An example del.auth file:

         title    deletion performed only by list owners, need authentication
         title.es eliminacin reservada slo para el propietario, necesita autentificacin

         is_owner([listname],[sender])  smtp       -> request_auth
         is_listmaster([sender])        smtp       -> request_auth
         true()                         md5,smime  -> do_it

DESCRIPTION

   File format
       Basically, a scenario file is composed of titles on the first lines and a set of rules on
       the following lines.

       Rules consist of one or more line in the form:

         condition authentication_methods -> action

       Some terms of conditions may take one or more arguments.  The arguments are variables or
       literals (see "Terms of conditions", "Variables").

       Authentication methods is a comma-separated list of one or more methods (see
       "Authentication methods").

       Some actions may have optional modifiers (see "Actions").

       Terms of conditions

       "true" "(" ")"
           Always returns true.

       "equal" "(" var1"," var2 ")"
           Tests if two arguments are equal.

       "is_subscriber" "(" listname"," var ")"
       "is_owner" "(" listname"," var ")"
       "is_editor" "(" listname"," var ")"
           Tests if var is the subscriber, owner or editor of the list listname.  listname is the
           variable "[listname]" or list address, "name" or "name"@"domain".

       "is_listmaster" "(" var ")"
           Tests if var is the listmaster.

       "less_than" "(" var1"," var2 ")"
           Tests if var1 is less than var2.

       "match" "(" var"," "/"perl_regexp"/" ")"
           Tests if var matches with perl_regexp.

           perl_regexp is a perl regular expression.  Don't forget to escape special characters
           ("^", "$", "{", "(", ...): Check perlre(1) for regular expression syntax.  It can
           contain the string "[domain]" (interpreted at run time as the list or robot domain).

           Note: Sympa prior to 6.2.32 recognized "[host]" instead of "[domain]".

       "newer" "(" date"," date ")"
           Returns true if first date is posterior to the second

       "older" "(" date"," date ")"
           Returns true if first date is anterior to the second date

           date is Unix time or the string "n"y"n"m"n"d"n"h"n"min"n"sec"", where each n is a
           number.

       "search" "(" named_filter_file"," var")"
           Tests if var is found by named filter.

           named_filter_file is a file name ending with ".ldap", ".sql" or ".txt".

       "verify_netmask" "(" network_block ")"
           Tests if "REMOTE_ADDR" CGI environment variable matches with network_block.

           This allows the user to configure their local network to only be accessible to those
           that are members of it.

       "CustomCondition::"package_name "(" arguments, ... ")"
           Evaluates custom condition.  package_name is the name of a Perl package in
           $SYSCONFDIR/custom_conditions/ (lowercase).

       Variables

       "[custom_vars->"custom_var_name"]"
           Allows you to introduce custom parameters in your scenario.  custom_var_name is the
           name of the custom parameter you want to use.

       "[date]"
           Date of reception of the message.

       "[domain]"
           Mail domain of current list.

           Note: This variable was introduced by Sympa 6.2.32.  Previous versions used a variable
           "[conf->host]" (obsoleted) instead.

       "[env->"env_var"]"
           env_var is the name of CGI environment variable (note that it is case-sensitive).

       "[is_bcc]"
           Set to 1 if the list is neither in To: nor Cc: field.

       "[listname]"
           Name of current list.

       "[msg_encrypted]"
           Set to ""smime"" if the message was S/MIME encrypted.

       "[msg_header->"field_name"]"
       "[msg_header->"field_name"]["index"]"
           Value of message header field, available only when evaluating the authorization
           scenario for sending messages.  It can be used, for example, to require editor
           validation for multipart messages.  Optional index may be integer (may be less than 0)
           to choose particular entry from multiple fields.

       "[msg_part->type]"
       "[msg_part->body]"
           The MIME content types and bodies; the body is available for MIME parts in text/xxx
           format only.

       "[previous_email]"
           Old email when changing subscription email in preference page.

       "[sender]"
           The email address of the current user (used on web or mail interface).  Default value
           is "nobody".

       "[topic]"
           Topic of the message.  This variable has a value if any of the following "[topic_*]"
           variables has a value.

       "[topic_auto]"
           Topic of the message if it has been automatically tagged.

       "[topic_editor]"
           Topic of the message if it has been tagged by editor.

       "[topic_needed]"
           The message has not got any topic and message topic are required for the list.

       "[topic_sender]"
           Topic of the message if it has been tagged by sender.

       "[user_attributes->"user_attributes_key_word"]"
           user_attributes_key_word is one of the names of user attributes provided by the SSO
           system via environment variables.  Available only if user authenticated with a
           "generic_sso".

       Authentication methods

       The e-mail of authenticated user is given by "[sender]" variable.  If it is not given,
       '"nobody"' will be set.

       "smtp"
           Default method.  No actual authentication, and if any, sender of the message is used.

       "dkim"
           Authenticated by DKIM signature.

       "md5"
           Authenticated by web authentication (password), or by authentication key in e-mail
           message.

       "smime"
           Authenticated by S/MIME signature, or TLS client certificate.

       Actions

       An action consists of an action name and optional modifiers.

       Action names:

       "do_it"
           Allows operation.

       "editor"
           The message will be forwarded to list editor.

       "editorkey"
           The message will be held for moderation by list editor.

       "listmaster"
           Same as "do_it" but makes newly created list be pending.

       "owner"
           The operation is held and waits for approval by list owner.

       "reject"
           Denies operation.

       "request_auth"
           The operation is held and waits for confirmation by the user.

       Modifiers:

       "([email])"
           Only for "request_auth" action.  Sends authentication request to the target user of
           operation (given as the value of ""[email]"" variable) instead of original sender.

           Note that "[email]" is a literal and no other variable names can't be used.

       "," "notify"
           Only for "do_it" and "listmaster" actions.  Sends a notification to list owner.

       "," "quiet"
           Sends no notification to the message sender.

       "(reason='"reason_key"')"
           Only for "reject" action.  Matches a key in mail_tt2/authorization_reject.tt2 template
           corresponding to an information message about the reason of the reject of the user.
           reason_key have to be a static string enclosed by '...'.

       "(tt2='"tpl_name"')"
           Only for "reject" action.  Corresponding template (tpl_name".tt2") is sent to the
           sender.  tpl_name have to be a static string enclosed by '...'.

   Formal syntax
       # Below is the formal syntax definition by modified BNF.

       rule : condition spaces auth_list "->" action

       # Condition

       condition : "!" condition
           | "true" "(" ")"
           | "equal" "(" var "," var ")"
           | "is_editor" "(" listname "," var ")"
           | "is_listmaster" "(" var ")"
           | "is_owner" "(" listname "," var ")"
           | "is_subscriber" "(" listname "," var ")"
           | "less_than" "(" var "," var ")"
           | "match" "(" var "," "/" perl_regexp "/" ")"
           | "newer" "(" date "," date ")"
           | "older" "(" date "," date ")"
           | "search" "(" named_filter_file ")"
           | "verify_netmask" "(" network_block ")"
           | "CustomCondition::" package_name "(" var* ")"

       var : "[email]"
           | "[conf->" conf_key_word "]"
           | "[current_date]"
           | "[custom_vars->" custom_var_name "]"
           | "[env->" env_var "]"
           | "[is_bcc]"
           | "[list->" list_key_word "]"
           | "[msg_body]"
           | "[msg_encrypted]"
           | "[msg_header->" field_name "]" "[" index "]"
           | "[msg_header->" field_name "]"
           | "[msg_part->type]"
           | "[msg_part->body]"
           | "[previous_email]"
           | "[sender]"
           | "[subscriber->" subscriber_key_word "]"
           | "[topic]"
           | "[topic_auto]"
           | "[topic_editor]"
           | "[topic_needed]"
           | "[topic_sender]"
           | "[user->" user_key_word "]"
           | "[user_attributes->" user_attributes_keyword "]"
           | string

       listname : "[listname]"
           | listname_string
           | listname_string "@" domain_string

       date : "[date]"
           | date_expr
           | integer

       user_key_word : "email"
           | "gecos"
           | "lang"
           | "password"
           | "cookie_delay_user"
           | additional_user_fields

       subscriber_key_word : "email"
           | "date"
           | "bounce"
           | "gecos"
           | "reception"
           | "update_date"
           | "visibility"
           | additional_subscriber_fields

       list_key_word : "name"
           | "address"
           | "domain"
           | "lang"
           | "max_size"
           | "priority"
           | "reply_to"
           | "status"
           | "subject"
           | "total"
           | "account"

       conf_key_word : "domain"
           | "default_list_priority"
           | "email"
           | "lang"
           | "listmaster"
           | "max_size"
           | "request_priority"
           | "sympa_priority"

       # Authentication methods

       auth_list : auth "," auth_list
           | auth
           | ""

       auth : "smtp"
           | "dkim"
           | "md5"
           | "smime"

       # Actions

       action : "do_it" ( "," "quiet" | "," "notify" )*
           | "editor" [ "," "quiet" ]
           | "editorkey" [ "," "quiet" ]
           | "listmaster" [ "," "notify" ]
           | "owner" [ "," "quiet" ]
           | "reject" (
                 "(" "reason=" reason_key ")"
               | "(" "tt2=" tpl_name ")"
               | "," "quiet"
             )*
           | "reject(tt2=" tpl_name ")" [ "," "quiet" ]
           | "request_auth" [ "([email])" ]

FILES

       $EXPLDIR"/"list path"/scenari"
       $SYSCONFDIR"/"virtual host"/scenari"
       $SYSCONFDIR"/scenari"
       $DEFAULTDIR"/scenari"
           Path of scenario files: List, robot and site levels, and distribution defaults.

SEE ALSO

       Sympa::Scenario.

HISTORY

       Original contents of this document were partially taken from a chapter "Authorization
       scenarios" in Sympa, Mailing List Management Software - Reference manual.