X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=main-postlicyd.c;h=deb90b3614a2b570c881b656c6fb4668427f9c7c;hb=8edd7234e1c30a16d914292dc652046ee581fa5b;hp=39adf81145c62ef39e0e7284365b778bcd0be307;hpb=b9983db8164466ba74eaf52285fe932846fb9f05;p=apps%2Fpfixtools.git diff --git a/main-postlicyd.c b/main-postlicyd.c index 39adf81..deb90b3 100644 --- a/main-postlicyd.c +++ b/main-postlicyd.c @@ -31,6 +31,7 @@ /* * Copyright © 2006-2007 Pierre Habouzit + * Copyright © 2008 Florent Bruneau */ #include @@ -38,14 +39,16 @@ #include "buffer.h" #include "common.h" #include "epoll.h" -#include "threads.h" #include "tokens.h" +#include "server.h" #define DAEMON_NAME "postlicyd" #define DEFAULT_PORT 10000 #define RUNAS_USER "nobody" #define RUNAS_GROUP "nogroup" +DECLARE_MAIN + enum smtp_state { SMTP_UNKNOWN, SMTP_CONNECT, @@ -81,43 +84,36 @@ typedef struct query_t { const char *size; const char *ccert_subject; const char *ccert_issuer; - const char *ccsert_fingerprint; + const char *ccert_fingerprint; /* postfix 2.3+ */ const char *encryption_protocol; const char *encryption_cipher; const char *encryption_keysize; const char *etrn_domain; -} query_t; -typedef struct plicyd_t { - unsigned listener : 1; - unsigned watchwr : 1; - int fd; - buffer_t ibuf; - buffer_t obuf; -} plicyd_t; + /* postfix 2.5+ */ + const char *stress; + const char *eoq; +} query_t; -static plicyd_t *plicyd_new(void) +static query_t *query_new(void) { - plicyd_t *plicyd = p_new(plicyd_t, 1); - plicyd->fd = -1; - return plicyd; + return p_new(query_t, 1); } -#if 0 -static void plicyd_delete(plicyd_t **plicyd) +static void query_delete(query_t **query) { - if (*plicyd) { - if ((*plicyd)->fd >= 0) - close((*plicyd)->fd); - buffer_wipe(&(*plicyd)->ibuf); - buffer_wipe(&(*plicyd)->obuf); - p_delete(plicyd); + if (*query) { + p_delete(query); } } -#endif + +static void *query_starter(server_t* server) +{ + return query_new(); +} static int postfix_parsejob(query_t *query, char *p) { @@ -166,11 +162,12 @@ static int postfix_parsejob(query_t *query, char *p) CASE(SIZE, size); CASE(CCERT_SUBJECT, ccert_subject); CASE(CCERT_ISSUER, ccert_issuer); - CASE(CCSERT_FINGERPRINT, ccsert_fingerprint); + CASE(CCERT_FINGERPRINT, ccert_fingerprint); CASE(ENCRYPTION_PROTOCOL, encryption_protocol); CASE(ENCRYPTION_CIPHER, encryption_cipher); CASE(ENCRYPTION_KEYSIZE, encryption_keysize); CASE(ETRN_DOMAIN, etrn_domain); + CASE(STRESS, stress); #undef CASE case PTK_REQUEST: @@ -205,7 +202,7 @@ static int postfix_parsejob(query_t *query, char *p) default: syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); - break; + continue; } } @@ -213,94 +210,70 @@ static int postfix_parsejob(query_t *query, char *p) #undef PARSE_CHECK } -static void *policy_run(int fd, void *data) +__attribute__((format(printf,2,0))) +static void policy_answer(server_t *pcy, const char *fmt, ...) { - buffer_t buf; - - buffer_init(&buf); - for (;;) { - ssize_t search_offs = MAX(0, buf.len - 1); - int nb = buffer_read(&buf, fd, -1); - const char *eoq; - query_t q; - - if (nb < 0) { - if (errno == EAGAIN || errno == EINTR) - continue; - UNIXERR("read"); - break; - } - if (nb == 0) { - if (buf.len) - syslog(LOG_ERR, "unexpected end of data"); - break; - } - - eoq = strstr(buf.data + search_offs, "\n\n"); - if (!eoq) - continue; + va_list args; + const query_t* query = pcy->data; + + buffer_addstr(&pcy->obuf, "action="); + va_start(args, fmt); + buffer_addvf(&pcy->obuf, fmt, args); + va_end(args); + buffer_addstr(&pcy->obuf, "\n\n"); + buffer_consume(&pcy->ibuf, query->eoq - pcy->ibuf.data); + epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy); +} - if (postfix_parsejob(&q, buf.data) < 0) - break; +static bool policy_run_filter(const query_t* query, void* filter, void* conf) +{ + return false; +} - buffer_consume(&buf, eoq + strlen("\n\n") - buf.data); - if (xwrite(fd, "DUNNO\n\n", strlen("DUNNO\n\n"))) { - UNIXERR("write"); - break; - } +static void policy_process(server_t *pcy) +{ + const query_t* query = pcy->data; + if (!policy_run_filter(query, NULL, NULL)) { + policy_answer(pcy, "DUNNO"); } - buffer_wipe(&buf); - - close(fd); - return NULL; } -int start_listener(int port) +static int policy_run(server_t *pcy, void* config) { - struct sockaddr_in addr = { - .sin_family = AF_INET, - .sin_addr = { htonl(INADDR_LOOPBACK) }, - }; - struct epoll_event evt = { .events = EPOLLIN }; - plicyd_t *tmp; - int sock; - - addr.sin_port = htons(port); - sock = tcp_listen_nonblock((const struct sockaddr *)&addr, sizeof(addr)); - if (sock < 0) { + ssize_t search_offs = MAX(0, pcy->ibuf.len - 1); + int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); + const char *eoq; + query_t* query = pcy->data; + + if (nb < 0) { + if (errno == EAGAIN || errno == EINTR) + return 0; + UNIXERR("read"); return -1; } - - evt.data.ptr = tmp = plicyd_new(); - tmp->fd = sock; - tmp->listener = true; - if (epoll_ctl(epollfd, EPOLL_CTL_ADD, sock, &evt) < 0) { - UNIXERR("epoll_ctl"); + if (nb == 0) { + if (pcy->ibuf.len) + syslog(LOG_ERR, "unexpected end of data"); return -1; } - return 0; -} -/* administrivia {{{ */ -static int main_initialize(void) -{ - openlog("postlicyd", LOG_PID, LOG_MAIL); - signal(SIGPIPE, SIG_IGN); - signal(SIGINT, &common_sighandler); - signal(SIGTERM, &common_sighandler); - signal(SIGHUP, &common_sighandler); - signal(SIGSEGV, &common_sighandler); - syslog(LOG_INFO, "Starting..."); + if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n"))) + return 0; + + if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0) + return -1; + query->eoq = eoq + strlen("\n\n"); + epoll_modify(pcy->fd, 0, pcy); + policy_process(pcy); return 0; } -static void main_shutdown(void) +int start_listener(int port) { - closelog(); + return start_server(port, NULL, NULL); } -module_init(main_initialize); -module_exit(main_shutdown); +/* administrivia {{{ */ void usage(void) { @@ -317,6 +290,7 @@ void usage(void) int main(int argc, char *argv[]) { + bool unsafe = false; const char *pidfile = NULL; bool daemonize = true; int port = DEFAULT_PORT; @@ -326,6 +300,9 @@ int main(int argc, char *argv[]) case 'p': pidfile = optarg; break; + case 'u': + unsafe = true; + break; case 'l': port = atoi(optarg); break; @@ -343,57 +320,11 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } - if (pidfile_open(pidfile) < 0) { - syslog(LOG_CRIT, "unable to write pidfile %s", pidfile); - return EXIT_FAILURE; - } - - if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) { - syslog(LOG_CRIT, "unable to drop privileges"); - return EXIT_FAILURE; - } - - if (daemonize && daemon_detach() < 0) { - syslog(LOG_CRIT, "unable to fork"); + if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP, + daemonize) != EXIT_SUCCESS + || start_listener(port) < 0) { return EXIT_FAILURE; } - - pidfile_refresh(); - - if (start_listener(port) < 0) - return EXIT_FAILURE; - - while (!sigint) { - struct epoll_event evts[1024]; - int n; - - n = epoll_wait(epollfd, evts, countof(evts), -1); - if (n < 0) { - if (errno != EAGAIN && errno != EINTR) { - UNIXERR("epoll_wait"); - return EXIT_FAILURE; - } - continue; - } - - while (--n >= 0) { - plicyd_t *d = evts[n].data.ptr; - - if (d->listener) { - int fd = accept(d->fd, NULL, 0); - if (fd < 0) { - if (errno != EINTR && errno != EAGAIN) { - UNIXERR("accept"); - return EXIT_FAILURE; - } - continue; - } - thread_launch(policy_run, fd, NULL); - } - } - threads_join(); - } - - syslog(LOG_INFO, "Stopping..."); - return EXIT_SUCCESS; + return server_loop(query_starter, (delete_client_t)query_delete, + policy_run, NULL); }