#include "config.h"
#define DAEMON_NAME "postlicyd"
+#define DAEMON_VERSION "0.2"
#define DEFAULT_PORT 10000
#define RUNAS_USER "nobody"
#define RUNAS_GROUP "nogroup"
return query_new();
}
-static int postfix_parsejob(query_t *query, char *p)
+static bool config_refresh(void *config)
{
-#define PARSE_CHECK(expr, error, ...) \
- do { \
- if (!(expr)) { \
- syslog(LOG_ERR, error, ##__VA_ARGS__); \
- return -1; \
- } \
- } while (0)
-
- p_clear(query, 1);
- query->state = SMTP_UNKNOWN;
- while (*p != '\n') {
- char *k, *v;
- int klen, vlen, vtk;
-
- while (isblank(*p))
- p++;
- p = strchr(k = p, '=');
- PARSE_CHECK(p, "could not find '=' in line");
- for (klen = p - k; klen && isblank(k[klen]); klen--);
- p += 1; /* skip = */
-
- while (isblank(*p))
- p++;
- p = strchr(v = p, '\n');
- PARSE_CHECK(p, "could not find final \\n in line");
- for (vlen = p - v; vlen && isblank(v[vlen]); vlen--);
- p += 1; /* skip \n */
-
- vtk = policy_tokenize(v, vlen);
- switch (policy_tokenize(k, klen)) {
-#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; syslog(LOG_DEBUG, "%s = %s", ptokens[PTK_##up], query->low); break;
- CASE(HELO_NAME, helo_name);
- CASE(QUEUE_ID, queue_id);
- CASE(SENDER, sender);
- CASE(RECIPIENT, recipient);
- CASE(RECIPIENT_COUNT, recipient_count);
- CASE(CLIENT_ADDRESS, client_address);
- CASE(CLIENT_NAME, client_name);
- CASE(REVERSE_CLIENT_NAME, reverse_client_name);
- CASE(INSTANCE, instance);
- CASE(SASL_METHOD, sasl_method);
- CASE(SASL_USERNAME, sasl_username);
- CASE(SASL_SENDER, sasl_sender);
- CASE(SIZE, size);
- CASE(CCERT_SUBJECT, ccert_subject);
- CASE(CCERT_ISSUER, ccert_issuer);
- CASE(CCERT_FINGERPRINT, ccert_fingerprint);
- CASE(ENCRYPTION_PROTOCOL, encryption_protocol);
- CASE(ENCRYPTION_CIPHER, encryption_cipher);
- CASE(ENCRYPTION_KEYSIZE, encryption_keysize);
- CASE(ETRN_DOMAIN, etrn_domain);
- CASE(STRESS, stress);
-#undef CASE
-
- case PTK_REQUEST:
- PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY,
- "unexpected `request' value: %.*s", vlen, v);
- break;
-
- case PTK_PROTOCOL_NAME:
- PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP,
- "unexpected `protocol_name' value: %.*s", vlen, v);
- query->esmtp = vtk == PTK_ESMTP;
- break;
-
- case PTK_PROTOCOL_STATE:
- switch (vtk) {
-#define CASE(name) case PTK_##name: query->state = SMTP_##name; break;
- CASE(CONNECT);
- CASE(EHLO);
- CASE(HELO);
- CASE(MAIL);
- CASE(RCPT);
- CASE(DATA);
- CASE(END_OF_MESSAGE);
- CASE(VRFY);
- CASE(ETRN);
- default:
- PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s",
- vlen, v);
-#undef CASE
- }
- break;
-
- default:
- syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k);
- continue;
- }
- }
-
- return query->state == SMTP_UNKNOWN ? -1 : 0;
-#undef PARSE_CHECK
+ return config_reload(config);
}
__attribute__((format(printf,2,0)))
const query_t* query = pcy->data;
const filter_t *filter;
if (config->entry_points[query->state] == -1) {
- syslog(LOG_WARNING, "no filter defined for current protocol_state (%d)", query->state);
+ warn("no filter defined for current protocol_state (%d)", query->state);
return false;
}
filter = array_ptr(config->filters, config->entry_points[query->state]);
while (true) {
const filter_hook_t *hook = filter_run(filter, query);
if (hook == NULL) {
- syslog(LOG_WARNING, "request aborted");
+ warn("request client=%s, from=<%s>, to=<%s>: aborted",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient);
return false;
} else if (hook->postfix) {
+ info("request client=%s, from=<%s>, to=<%s>: "
+ "awswer %s from filter %s: \"%s\"",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient,
+ htokens[hook->type], filter->name, hook->value);
policy_answer(pcy, "%s", hook->value);
return true;
} else {
+ debug("request client=%s, from=<%s>, to=<%s>: "
+ "awswer %s from filter %s: next filter %s",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient,
+ htokens[hook->type], filter->name,
+ (array_ptr(config->filters, hook->filter_id))->name);
filter = array_ptr(config->filters, hook->filter_id);
}
}
static int policy_run(server_t *pcy, void* vconfig)
{
- ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1));
+ int search_offs = MAX(0, (int)(pcy->ibuf.len - 1));
int nb = buffer_read(&pcy->ibuf, pcy->fd, -1);
const char *eoq;
query_t *query = pcy->data;
}
if (nb == 0) {
if (pcy->ibuf.len)
- syslog(LOG_ERR, "unexpected end of data");
+ err("unexpected end of data");
return -1;
}
if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n")))
return 0;
- if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0)
+ if (!query_parse(pcy->data, pcy->ibuf.data))
return -1;
query->eoq = eoq + strlen("\n\n");
epoll_modify(pcy->fd, 0, pcy);
" -l <port> port to listen to\n"
" -p <pidfile> file to write our pid to\n"
" -f stay in foreground\n"
+ " -d grow logging level\n"
+ " -u unsafe mode (don't drop privileges)\n"
, stderr);
}
const char *pidfile = NULL;
bool daemonize = true;
int port = DEFAULT_PORT;
+ bool port_from_cli = false;
- for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) {
+ for (int c = 0; (c = getopt(argc, argv, "ufd" "l:p:")) >= 0; ) {
switch (c) {
case 'p':
pidfile = optarg;
break;
case 'l':
port = atoi(optarg);
+ port_from_cli = true;
break;
case 'f':
daemonize = false;
break;
+ case 'd':
+ ++log_level;
+ break;
default:
usage();
return EXIT_FAILURE;
}
}
+ if (!daemonize) {
+ log_syslog = false;
+ }
+
if (argc - optind != 1) {
usage();
return EXIT_FAILURE;
}
+ info("starting %s v%s...", DAEMON_NAME, DAEMON_VERSION);
+
+ if (pidfile_open(pidfile) < 0) {
+ crit("unable to write pidfile %s", pidfile);
+ return EXIT_FAILURE;
+ }
+
+ if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+ crit("unable to drop privileges");
+ return EXIT_FAILURE;
+ }
+
config_t *config = config_read(argv[optind]);
if (config == NULL) {
return EXIT_FAILURE;
}
+ if (port_from_cli || config->port == 0) {
+ config->port = port;
+ }
- if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP,
- daemonize) != EXIT_SUCCESS
- || start_listener(port) < 0) {
+ if (daemonize && daemon_detach() < 0) {
+ crit("unable to fork");
return EXIT_FAILURE;
}
- {
- int res = server_loop(query_starter, (delete_client_t)query_delete,
- policy_run, config);
- config_delete(&config);
- return res;
+
+ pidfile_refresh();
+
+ if (start_listener(config->port) < 0) {
+ return EXIT_FAILURE;
+ } else {
+ return server_loop(query_starter, (delete_client_t)query_delete,
+ policy_run, config_refresh, config);
}
}