Close the listeners on exit.

[apps/pfixtools.git] / main-postlicyd.c

diff --git a/main-postlicyd.c b/main-postlicyd.c
index 6810bba..deb90b3 100644 (file)
--- a/main-postlicyd.c
+++ b/main-postlicyd.c
@@ -31,78 +31,300 @@
 
 /*
  * Copyright © 2006-2007 Pierre Habouzit
+ * Copyright © 2008 Florent Bruneau
  */
 
-#include <signal.h>
-#include <time.h>
 #include <getopt.h>
 
+#include "buffer.h"
 #include "common.h"
+#include "epoll.h"
+#include "tokens.h"
+#include "server.h"
 
-/* administrivia {{{ */
+#define DAEMON_NAME             "postlicyd"
+#define DEFAULT_PORT            10000
+#define RUNAS_USER              "nobody"
+#define RUNAS_GROUP             "nogroup"
+
+DECLARE_MAIN
+
+enum smtp_state {
+    SMTP_UNKNOWN,
+    SMTP_CONNECT,
+    SMTP_EHLO,
+    SMTP_HELO = SMTP_EHLO,
+    SMTP_MAIL,
+    SMTP_RCPT,
+    SMTP_DATA,
+    SMTP_END_OF_MESSAGE,
+    SMTP_VRFY,
+    SMTP_ETRN,
+};
+
+/* \see http://www.postfix.org/SMTPD_POLICY_README.html */
+typedef struct query_t {
+    unsigned state : 4;
+    unsigned esmtp : 1;
+
+    const char *helo_name;
+    const char *queue_id;
+    const char *sender;
+    const char *recipient;
+    const char *recipient_count;
+    const char *client_address;
+    const char *client_name;
+    const char *reverse_client_name;
+    const char *instance;
+
+    /* postfix 2.2+ */
+    const char *sasl_method;
+    const char *sasl_username;
+    const char *sasl_sender;
+    const char *size;
+    const char *ccert_subject;
+    const char *ccert_issuer;
+    const char *ccert_fingerprint;
+
+    /* postfix 2.3+ */
+    const char *encryption_protocol;
+    const char *encryption_cipher;
+    const char *encryption_keysize;
+    const char *etrn_domain;
 
-static int main_initialize(void)
+    /* postfix 2.5+ */
+    const char *stress;
+
+    const char *eoq;
+} query_t;
+
+static query_t *query_new(void)
 {
-    openlog("postlicyd", LOG_PID, LOG_MAIL);
-    signal(SIGPIPE, SIG_IGN);
-    signal(SIGINT,  &common_sighandler);
-    signal(SIGTERM, &common_sighandler);
-    signal(SIGSEGV, &common_sighandler);
-    syslog(LOG_INFO, "Starting...");
-    return 0;
+    return p_new(query_t, 1);
 }
 
-static void main_shutdown(void)
+static void query_delete(query_t **query)
 {
-    closelog();
+    if (*query) {
+        p_delete(query);
+    }
 }
 
-module_init(main_initialize);
-module_exit(main_shutdown);
+static void *query_starter(server_t* server)
+{
+    return query_new();
+}
 
-/* }}} */
+static int postfix_parsejob(query_t *query, char *p)
+{
+#define PARSE_CHECK(expr, error, ...)                                        \
+    do {                                                                     \
+        if (!(expr)) {                                                       \
+            syslog(LOG_ERR, error, ##__VA_ARGS__);                           \
+            return -1;                                                       \
+        }                                                                    \
+    } while (0)
+
+    p_clear(query, 1);
+    while (*p != '\n') {
+        char *k, *v;
+        int klen, vlen, vtk;
+
+        while (isblank(*p))
+            p++;
+        p = strchr(k = p, '=');
+        PARSE_CHECK(p, "could not find '=' in line");
+        for (klen = p - k; klen && isblank(k[klen]); klen--);
+        p += 1; /* skip = */
+
+        while (isblank(*p))
+            p++;
+        p = strchr(v = p, '\n');
+        PARSE_CHECK(p, "could not find final \\n in line");
+        for (vlen = p - v; vlen && isblank(v[vlen]); vlen--);
+        p += 1; /* skip \n */
+
+        vtk = tokenize(v, vlen);
+        switch (tokenize(k, klen)) {
+#define CASE(up, low)  case PTK_##up: query->low = v; v[vlen] = '\0'; break;
+            CASE(HELO_NAME,           helo_name);
+            CASE(QUEUE_ID,            queue_id);
+            CASE(SENDER,              sender);
+            CASE(RECIPIENT,           recipient);
+            CASE(RECIPIENT_COUNT,     recipient_count);
+            CASE(CLIENT_ADDRESS,      client_address);
+            CASE(CLIENT_NAME,         client_name);
+            CASE(REVERSE_CLIENT_NAME, reverse_client_name);
+            CASE(INSTANCE,            instance);
+            CASE(SASL_METHOD,         sasl_method);
+            CASE(SASL_USERNAME,       sasl_username);
+            CASE(SASL_SENDER,         sasl_sender);
+            CASE(SIZE,                size);
+            CASE(CCERT_SUBJECT,       ccert_subject);
+            CASE(CCERT_ISSUER,        ccert_issuer);
+            CASE(CCERT_FINGERPRINT,   ccert_fingerprint);
+            CASE(ENCRYPTION_PROTOCOL, encryption_protocol);
+            CASE(ENCRYPTION_CIPHER,   encryption_cipher);
+            CASE(ENCRYPTION_KEYSIZE,  encryption_keysize);
+            CASE(ETRN_DOMAIN,         etrn_domain);
+            CASE(STRESS,              stress);
+#undef CASE
+
+          case PTK_REQUEST:
+            PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY,
+                        "unexpected `request' value: %.*s", vlen, v);
+            break;
+
+          case PTK_PROTOCOL_NAME:
+            PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP,
+                        "unexpected `protocol_name' value: %.*s", vlen, v);
+            query->esmtp = vtk == PTK_ESMTP;
+            break;
+
+          case PTK_PROTOCOL_STATE:
+            switch (vtk) {
+#define CASE(name)  case PTK_##name: query->state = SMTP_##name; break;
+                CASE(CONNECT);
+                CASE(EHLO);
+                CASE(HELO);
+                CASE(MAIL);
+                CASE(RCPT);
+                CASE(DATA);
+                CASE(END_OF_MESSAGE);
+                CASE(VRFY);
+                CASE(ETRN);
+              default:
+                PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s",
+                            vlen, v);
+#undef CASE
+            }
+            break;
+
+          default:
+            syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k);
+            continue;
+        }
+    }
+
+    return query->state == SMTP_UNKNOWN ? -1 : 0;
+#undef PARSE_CHECK
+}
 
-void *job_run(void *_fd)
+__attribute__((format(printf,2,0)))
+static void policy_answer(server_t *pcy, const char *fmt, ...)
 {
-    int fd = (intptr_t)_fd;
+    va_list args;
+    const query_t* query = pcy->data;
 
-    close(fd);
-    return NULL;
+    buffer_addstr(&pcy->obuf, "action=");
+    va_start(args, fmt);
+    buffer_addvf(&pcy->obuf, fmt, args);
+    va_end(args);
+    buffer_addstr(&pcy->obuf, "\n\n");
+    buffer_consume(&pcy->ibuf, query->eoq - pcy->ibuf.data);
+    epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy);
 }
 
-static void main_loop(void)
+static bool policy_run_filter(const query_t* query, void* filter, void* conf)
 {
-    int sock = -1;
+    return false;
+}
 
-    while (!sigint) {
-        int fd = accept(sock, NULL, 0);
-        pthread_attr_t attr;
-        pthread_t dummy;
+static void policy_process(server_t *pcy)
+{
+    const query_t* query = pcy->data;
+    if (!policy_run_filter(query, NULL, NULL)) {
+        policy_answer(pcy, "DUNNO");
+    }
+}
 
-        if (fd < 0) {
-            if (errno != EINTR || errno != EAGAIN)
-                UNIXERR("accept");
-            continue;
-        }
+static int policy_run(server_t *pcy, void* config)
+{
+    ssize_t search_offs = MAX(0, pcy->ibuf.len - 1);
+    int nb = buffer_read(&pcy->ibuf, pcy->fd, -1);
+    const char *eoq;
+    query_t* query = pcy->data;
 
-        pthread_attr_init(&attr);
-        pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
-        pthread_create(&dummy, &attr, job_run, (void *)(intptr_t)fd);
-        pthread_attr_destroy(&attr);
+    if (nb < 0) {
+        if (errno == EAGAIN || errno == EINTR)
+            return 0;
+        UNIXERR("read");
+        return -1;
+    }
+    if (nb == 0) {
+        if (pcy->ibuf.len)
+            syslog(LOG_ERR, "unexpected end of data");
+        return -1;
     }
 
-    close(sock);
+    if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n")))
+        return 0;
+
+    if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0)
+        return -1;
+    query->eoq = eoq + strlen("\n\n");
+    epoll_modify(pcy->fd, 0, pcy);
+    policy_process(pcy);
+    return 0;
 }
 
-int main(void)
+int start_listener(int port)
 {
-    if (atexit(common_shutdown)) {
-        fputs("Cannot hook my atexit function, quitting !\n", stderr);
+    return start_server(port, NULL, NULL);
+}
+
+/* administrivia {{{ */
+
+void usage(void)
+{
+    fputs("usage: "DAEMON_NAME" [options] config\n"
+          "\n"
+          "Options:\n"
+          "    -l <port>    port to listen to\n"
+          "    -p <pidfile> file to write our pid to\n"
+          "    -f           stay in foreground\n"
+         , stderr);
+}
+
+/* }}} */
+
+int main(int argc, char *argv[])
+{
+    bool unsafe = false;
+    const char *pidfile = NULL;
+    bool daemonize = true;
+    int port = DEFAULT_PORT;
+
+    for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) {
+        switch (c) {
+          case 'p':
+            pidfile = optarg;
+            break;
+          case 'u':
+            unsafe = true;
+            break;
+          case 'l':
+            port = atoi(optarg);
+            break;
+          case 'f':
+            daemonize = false;
+            break;
+          default:
+            usage();
+            return EXIT_FAILURE;
+        }
+    }
+
+    if (argc - optind != 1) {
+        usage();
         return EXIT_FAILURE;
     }
 
-    common_initialize();
-    main_loop();
-    syslog(LOG_INFO, "Stopping...");
-    return EXIT_SUCCESS;
+    if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP,
+                     daemonize) != EXIT_SUCCESS
+        || start_listener(port) < 0) {
+        return EXIT_FAILURE;
+    }
+    return server_loop(query_starter, (delete_client_t)query_delete,
+                       policy_run, NULL);
 }