X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=main-postlicyd.c;h=51f56ef08411added585fd1b549ae353bc1401e3;hb=5b35e40e54a14d1a0fe4bc01b22c04066cb36b66;hp=6810bbabd8d18aeda351e57ae55d84ea2a54dd53;hpb=c693c0b0d26eac89aef4e4c6740feca3627e2d26;p=apps%2Fpfixtools.git diff --git a/main-postlicyd.c b/main-postlicyd.c index 6810bba..51f56ef 100644 --- a/main-postlicyd.c +++ b/main-postlicyd.c @@ -33,11 +33,196 @@ * Copyright © 2006-2007 Pierre Habouzit */ -#include -#include #include +#include "buffer.h" #include "common.h" +#include "threads.h" +#include "tokens.h" + +#define DAEMON_NAME "postlicyd" +#define DEFAULT_PORT 10000 +#define RUNAS_USER "nobody" +#define RUNAS_GROUP "nogroup" + +enum smtp_state { + SMTP_UNKNOWN, + SMTP_CONNECT, + SMTP_EHLO, + SMTP_HELO = SMTP_EHLO, + SMTP_MAIL, + SMTP_RCPT, + SMTP_DATA, + SMTP_END_OF_MESSAGE, + SMTP_VRFY, + SMTP_ETRN, +}; + +/* \see http://www.postfix.org/SMTPD_POLICY_README.html */ +typedef struct query_t { + unsigned state : 4; + unsigned esmtp : 1; + + const char *helo_name; + const char *queue_id; + const char *sender; + const char *recipient; + const char *recipient_count; + const char *client_address; + const char *client_name; + const char *rclient_name; + const char *instance; + + /* postfix 2.2+ */ + const char *sasl_method; + const char *sasl_username; + const char *sasl_sender; + const char *size; + const char *ccert_subject; + const char *ccert_issuer; + const char *ccsert_fingerprint; + + /* postfix 2.3+ */ + const char *encryption_protocol; + const char *encryption_cipher; + const char *encryption_keysize; + const char *etrn_domain; +} query_t; + +static int postfix_parsejob(query_t *query, char *p) +{ +#define PARSE_CHECK(expr, error, ...) \ + do { \ + if (!(expr)) { \ + syslog(LOG_ERR, error, ##__VA_ARGS__); \ + return -1; \ + } \ + } while (0) + + p_clear(&query, 1); + while (p[0] != '\r' || p[1] != '\n') { + char *k, *v; + int klen, vlen, vtk; + + while (isblank(*p)) + p++; + p = strchr(k = p, '='); + PARSE_CHECK(p, "could not find '=' in line"); + for (klen = p - k; klen && isblank(k[klen]); klen--); + p += 1; /* skip = */ + + while (isblank(*p)) + p++; + p = strstr(v = p, "\r\n"); + PARSE_CHECK(p, "could not find final \\r\\n in line"); + for (vlen = p - v; vlen && isblank(v[vlen]); vlen--); + p += 2; /* skip \r\n */ + + vtk = tokenize(v, vlen); + switch (tokenize(k, klen)) { +#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; break; + CASE(HELO_NAME, helo_name); + CASE(QUEUE_ID, queue_id); + CASE(SENDER, sender); + CASE(RECIPIENT, recipient); + CASE(RECIPIENT_COUNT, recipient_count); + CASE(CLIENT_ADDRESS, client_address); + CASE(CLIENT_NAME, client_name); + CASE(RCLIENT_NAME, rclient_name); + CASE(INSTANCE, instance); + CASE(SASL_METHOD, sasl_method); + CASE(SASL_USERNAME, sasl_username); + CASE(SASL_SENDER, sasl_sender); + CASE(SIZE, size); + CASE(CCERT_SUBJECT, ccert_subject); + CASE(CCERT_ISSUER, ccert_issuer); + CASE(CCSERT_FINGERPRINT, ccsert_fingerprint); + CASE(ENCRYPTION_PROTOCOL, encryption_protocol); + CASE(ENCRYPTION_CIPHER, encryption_cipher); + CASE(ENCRYPTION_KEYSIZE, encryption_keysize); + CASE(ETRN_DOMAIN, etrn_domain); +#undef CASE + + case PTK_REQUEST: + PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY, + "unexpected `request' value: %.*s", vlen, v); + break; + + case PTK_PROTOCOL_NAME: + PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP, + "unexpected `protocol_name' value: %.*s", vlen, v); + query->esmtp = vtk == PTK_ESMTP; + break; + + case PTK_PROTOCOL_STATE: + switch (vtk) { +#define CASE(name) case PTK_##name: query->state = SMTP_##name; break; + CASE(CONNECT); + CASE(EHLO); + CASE(HELO); + CASE(MAIL); + CASE(RCPT); + CASE(DATA); + CASE(END_OF_MESSAGE); + CASE(VRFY); + CASE(ETRN); + default: + PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s", + vlen, v); +#undef CASE + } + break; + + default: + syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); + break; + } + } + + return query->state == SMTP_UNKNOWN ? -1 : 0; +#undef PARSE_CHECK +} + +static void *policy_run(int fd, void *data) +{ + buffer_t buf; + + buffer_init(&buf); + for (;;) { + int nb = buffer_read(&buf, fd, -1); + const char *eoq; + query_t q; + + if (nb < 0) { + if (errno == EAGAIN || errno == EINTR) + continue; + UNIXERR("read"); + break; + } + if (nb == 0) { + if (buf.len) + syslog(LOG_ERR, "unexpected end of data"); + break; + } + + eoq = strstr(buf.data + MAX(0, buf.len - 3), "\r\n\r\n"); + if (!eoq) + continue; + + if (postfix_parsejob(&q, buf.data) < 0) + break; + + buffer_consume(&buf, eoq + strlen("\r\n\r\n") - buf.data); + if (xwrite(fd, "DUNNO\r\n", strlen("DUNNO\r\n"))) { + UNIXERR("write"); + break; + } + } + buffer_wipe(&buf); + + close(fd); + return NULL; +} /* administrivia {{{ */ @@ -60,49 +245,86 @@ static void main_shutdown(void) module_init(main_initialize); module_exit(main_shutdown); -/* }}} */ - -void *job_run(void *_fd) +void usage(void) { - int fd = (intptr_t)_fd; - - close(fd); - return NULL; + fputs("usage: "DAEMON_NAME" [options] config\n" + "\n" + "Options:\n" + " -l port to listen to\n" + " -p file to write our pid to\n" + " -f stay in foreground\n" + , stderr); } -static void main_loop(void) +/* }}} */ + +int main(int argc, char *argv[]) { + struct sockaddr_in addr = { + .sin_family = AF_INET, + .sin_addr = { htonl(INADDR_LOOPBACK) }, + }; + const char *pidfile = NULL; + bool daemonize = true; + int port = DEFAULT_PORT; int sock = -1; + for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) { + switch (c) { + case 'p': + pidfile = optarg; + break; + case 'l': + port = atoi(optarg); + break; + case 'f': + daemonize = false; + break; + default: + usage(); + return EXIT_FAILURE; + } + } + + if (argc - optind != 1) { + usage(); + return EXIT_FAILURE; + } + + if (pidfile_open(pidfile) < 0) { + syslog(LOG_CRIT, "unable to write pidfile %s", pidfile); + return EXIT_FAILURE; + } + + if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) { + syslog(LOG_CRIT, "unable to drop privileges"); + return EXIT_FAILURE; + } + + if (daemonize && daemon_detach() < 0) { + syslog(LOG_CRIT, "unable to fork"); + return EXIT_FAILURE; + } + + pidfile_refresh(); + + addr.sin_port = htons(port); + sock = tcp_listen((struct sockaddr *)&addr, sizeof(addr)); + if (sock < 0) + return EXIT_FAILURE; + while (!sigint) { int fd = accept(sock, NULL, 0); - pthread_attr_t attr; - pthread_t dummy; - if (fd < 0) { - if (errno != EINTR || errno != EAGAIN) + if (errno != EINTR && errno != EAGAIN) UNIXERR("accept"); continue; } - - pthread_attr_init(&attr); - pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); - pthread_create(&dummy, &attr, job_run, (void *)(intptr_t)fd); - pthread_attr_destroy(&attr); + thread_launch(policy_run, fd, NULL); + threads_join(); } close(sock); -} - -int main(void) -{ - if (atexit(common_shutdown)) { - fputs("Cannot hook my atexit function, quitting !\n", stderr); - return EXIT_FAILURE; - } - - common_initialize(); - main_loop(); syslog(LOG_INFO, "Stopping..."); return EXIT_SUCCESS; }