X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=main-postlicyd.c;h=deb90b3614a2b570c881b656c6fb4668427f9c7c;hb=8edd7234e1c30a16d914292dc652046ee581fa5b;hp=ecf60f0c130cd1e6de3420045a5709c52174da42;hpb=5583c0d0fb57a40dd1b35d9556877ed6848192ac;p=apps%2Fpfixtools.git diff --git a/main-postlicyd.c b/main-postlicyd.c index ecf60f0..deb90b3 100644 --- a/main-postlicyd.c +++ b/main-postlicyd.c @@ -31,84 +31,284 @@ /* * Copyright © 2006-2007 Pierre Habouzit + * Copyright © 2008 Florent Bruneau */ #include +#include "buffer.h" +#include "common.h" #include "epoll.h" -#include "threads.h" +#include "tokens.h" +#include "server.h" #define DAEMON_NAME "postlicyd" +#define DEFAULT_PORT 10000 +#define RUNAS_USER "nobody" +#define RUNAS_GROUP "nogroup" -/* administrivia {{{ */ +DECLARE_MAIN + +enum smtp_state { + SMTP_UNKNOWN, + SMTP_CONNECT, + SMTP_EHLO, + SMTP_HELO = SMTP_EHLO, + SMTP_MAIL, + SMTP_RCPT, + SMTP_DATA, + SMTP_END_OF_MESSAGE, + SMTP_VRFY, + SMTP_ETRN, +}; + +/* \see http://www.postfix.org/SMTPD_POLICY_README.html */ +typedef struct query_t { + unsigned state : 4; + unsigned esmtp : 1; + + const char *helo_name; + const char *queue_id; + const char *sender; + const char *recipient; + const char *recipient_count; + const char *client_address; + const char *client_name; + const char *reverse_client_name; + const char *instance; + + /* postfix 2.2+ */ + const char *sasl_method; + const char *sasl_username; + const char *sasl_sender; + const char *size; + const char *ccert_subject; + const char *ccert_issuer; + const char *ccert_fingerprint; -static int main_initialize(void) + /* postfix 2.3+ */ + const char *encryption_protocol; + const char *encryption_cipher; + const char *encryption_keysize; + const char *etrn_domain; + + /* postfix 2.5+ */ + const char *stress; + + const char *eoq; +} query_t; + +static query_t *query_new(void) { - openlog("postlicyd", LOG_PID, LOG_MAIL); - signal(SIGPIPE, SIG_IGN); - signal(SIGINT, &common_sighandler); - signal(SIGTERM, &common_sighandler); - signal(SIGSEGV, &common_sighandler); - syslog(LOG_INFO, "Starting..."); - return 0; + return p_new(query_t, 1); } -static void main_shutdown(void) +static void query_delete(query_t **query) { - closelog(); + if (*query) { + p_delete(query); + } } -module_init(main_initialize); -module_exit(main_shutdown); +static void *query_starter(server_t* server) +{ + return query_new(); +} -void usage(void) +static int postfix_parsejob(query_t *query, char *p) { - fputs("usage: "DAEMON_NAME" [options] config\n" - "\n" - "Options:\n" - " -p file to write our pid to\n" - , stderr); +#define PARSE_CHECK(expr, error, ...) \ + do { \ + if (!(expr)) { \ + syslog(LOG_ERR, error, ##__VA_ARGS__); \ + return -1; \ + } \ + } while (0) + + p_clear(query, 1); + while (*p != '\n') { + char *k, *v; + int klen, vlen, vtk; + + while (isblank(*p)) + p++; + p = strchr(k = p, '='); + PARSE_CHECK(p, "could not find '=' in line"); + for (klen = p - k; klen && isblank(k[klen]); klen--); + p += 1; /* skip = */ + + while (isblank(*p)) + p++; + p = strchr(v = p, '\n'); + PARSE_CHECK(p, "could not find final \\n in line"); + for (vlen = p - v; vlen && isblank(v[vlen]); vlen--); + p += 1; /* skip \n */ + + vtk = tokenize(v, vlen); + switch (tokenize(k, klen)) { +#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; break; + CASE(HELO_NAME, helo_name); + CASE(QUEUE_ID, queue_id); + CASE(SENDER, sender); + CASE(RECIPIENT, recipient); + CASE(RECIPIENT_COUNT, recipient_count); + CASE(CLIENT_ADDRESS, client_address); + CASE(CLIENT_NAME, client_name); + CASE(REVERSE_CLIENT_NAME, reverse_client_name); + CASE(INSTANCE, instance); + CASE(SASL_METHOD, sasl_method); + CASE(SASL_USERNAME, sasl_username); + CASE(SASL_SENDER, sasl_sender); + CASE(SIZE, size); + CASE(CCERT_SUBJECT, ccert_subject); + CASE(CCERT_ISSUER, ccert_issuer); + CASE(CCERT_FINGERPRINT, ccert_fingerprint); + CASE(ENCRYPTION_PROTOCOL, encryption_protocol); + CASE(ENCRYPTION_CIPHER, encryption_cipher); + CASE(ENCRYPTION_KEYSIZE, encryption_keysize); + CASE(ETRN_DOMAIN, etrn_domain); + CASE(STRESS, stress); +#undef CASE + + case PTK_REQUEST: + PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY, + "unexpected `request' value: %.*s", vlen, v); + break; + + case PTK_PROTOCOL_NAME: + PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP, + "unexpected `protocol_name' value: %.*s", vlen, v); + query->esmtp = vtk == PTK_ESMTP; + break; + + case PTK_PROTOCOL_STATE: + switch (vtk) { +#define CASE(name) case PTK_##name: query->state = SMTP_##name; break; + CASE(CONNECT); + CASE(EHLO); + CASE(HELO); + CASE(MAIL); + CASE(RCPT); + CASE(DATA); + CASE(END_OF_MESSAGE); + CASE(VRFY); + CASE(ETRN); + default: + PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s", + vlen, v); +#undef CASE + } + break; + + default: + syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); + continue; + } + } + + return query->state == SMTP_UNKNOWN ? -1 : 0; +#undef PARSE_CHECK } -/* }}} */ +__attribute__((format(printf,2,0))) +static void policy_answer(server_t *pcy, const char *fmt, ...) +{ + va_list args; + const query_t* query = pcy->data; + + buffer_addstr(&pcy->obuf, "action="); + va_start(args, fmt); + buffer_addvf(&pcy->obuf, fmt, args); + va_end(args); + buffer_addstr(&pcy->obuf, "\n\n"); + buffer_consume(&pcy->ibuf, query->eoq - pcy->ibuf.data); + epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy); +} -void *job_run(int fd, void *data) +static bool policy_run_filter(const query_t* query, void* filter, void* conf) { - close(fd); - return NULL; + return false; } -static int main_loop(void) +static void policy_process(server_t *pcy) { - int exitcode = EXIT_SUCCESS; - int sock = -1; - - while (!sigint) { - int fd = accept(sock, NULL, 0); - if (fd < 0) { - if (errno != EINTR || errno != EAGAIN) - UNIXERR("accept"); - continue; - } + const query_t* query = pcy->data; + if (!policy_run_filter(query, NULL, NULL)) { + policy_answer(pcy, "DUNNO"); + } +} + +static int policy_run(server_t *pcy, void* config) +{ + ssize_t search_offs = MAX(0, pcy->ibuf.len - 1); + int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); + const char *eoq; + query_t* query = pcy->data; - thread_launch(job_run, fd, NULL); - threads_join(); + if (nb < 0) { + if (errno == EAGAIN || errno == EINTR) + return 0; + UNIXERR("read"); + return -1; } + if (nb == 0) { + if (pcy->ibuf.len) + syslog(LOG_ERR, "unexpected end of data"); + return -1; + } + + if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n"))) + return 0; - close(sock); - return exitcode; + if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0) + return -1; + query->eoq = eoq + strlen("\n\n"); + epoll_modify(pcy->fd, 0, pcy); + policy_process(pcy); + return 0; } +int start_listener(int port) +{ + return start_server(port, NULL, NULL); +} + +/* administrivia {{{ */ + +void usage(void) +{ + fputs("usage: "DAEMON_NAME" [options] config\n" + "\n" + "Options:\n" + " -l port to listen to\n" + " -p file to write our pid to\n" + " -f stay in foreground\n" + , stderr); +} + +/* }}} */ + int main(int argc, char *argv[]) { + bool unsafe = false; const char *pidfile = NULL; - int res; + bool daemonize = true; + int port = DEFAULT_PORT; - for (int c = 0; (c = getopt(argc, argv, "h" "p:")) >= 0; ) { + for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) { switch (c) { case 'p': pidfile = optarg; break; + case 'u': + unsafe = true; + break; + case 'l': + port = atoi(optarg); + break; + case 'f': + daemonize = false; + break; default: usage(); return EXIT_FAILURE; @@ -120,18 +320,11 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } - if (pidfile_open(pidfile) < 0) { - syslog(LOG_CRIT, "unable to write pidfile %s", pidfile); + if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP, + daemonize) != EXIT_SUCCESS + || start_listener(port) < 0) { return EXIT_FAILURE; } - - if (daemon_detach() < 0) { - syslog(LOG_CRIT, "unable to fork"); - return EXIT_FAILURE; - } - - pidfile_refresh(); - res = main_loop(); - syslog(LOG_INFO, "Stopping..."); - return res; + return server_loop(query_starter, (delete_client_t)query_delete, + policy_run, NULL); }