X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=34b4fbbcfab42c00cc6b5f290d02409cfa3775f9;hb=e4947fba7dd007870a0cdc55ec35cf849a2216c1;hp=5f46e76e2377171cd1d242f6e3976fcccdb1c4f1;hpb=2520de08ed80b941f28c9ccb97a3785a507a831d;p=apps%2Fpfixtools.git diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c index 5f46e76..34b4fbb 100644 --- a/postlicyd/main-postlicyd.c +++ b/postlicyd/main-postlicyd.c @@ -45,6 +45,7 @@ #include "config.h" #define DAEMON_NAME "postlicyd" +#define DAEMON_VERSION "0.2" #define DEFAULT_PORT 10000 #define RUNAS_USER "nobody" #define RUNAS_GROUP "nogroup" @@ -61,102 +62,6 @@ static bool config_refresh(void *config) return config_reload(config); } -static int postfix_parsejob(query_t *query, char *p) -{ -#define PARSE_CHECK(expr, error, ...) \ - do { \ - if (!(expr)) { \ - syslog(LOG_ERR, error, ##__VA_ARGS__); \ - return -1; \ - } \ - } while (0) - - p_clear(query, 1); - query->state = SMTP_UNKNOWN; - while (*p != '\n') { - char *k, *v; - int klen, vlen, vtk; - - while (isblank(*p)) - p++; - p = strchr(k = p, '='); - PARSE_CHECK(p, "could not find '=' in line"); - for (klen = p - k; klen && isblank(k[klen]); klen--); - p += 1; /* skip = */ - - while (isblank(*p)) - p++; - p = strchr(v = p, '\n'); - PARSE_CHECK(p, "could not find final \\n in line"); - for (vlen = p - v; vlen && isblank(v[vlen]); vlen--); - p += 1; /* skip \n */ - - vtk = policy_tokenize(v, vlen); - switch (policy_tokenize(k, klen)) { -#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; syslog(LOG_DEBUG, "%s = %s", ptokens[PTK_##up], query->low); break; - CASE(HELO_NAME, helo_name); - CASE(QUEUE_ID, queue_id); - CASE(SENDER, sender); - CASE(RECIPIENT, recipient); - CASE(RECIPIENT_COUNT, recipient_count); - CASE(CLIENT_ADDRESS, client_address); - CASE(CLIENT_NAME, client_name); - CASE(REVERSE_CLIENT_NAME, reverse_client_name); - CASE(INSTANCE, instance); - CASE(SASL_METHOD, sasl_method); - CASE(SASL_USERNAME, sasl_username); - CASE(SASL_SENDER, sasl_sender); - CASE(SIZE, size); - CASE(CCERT_SUBJECT, ccert_subject); - CASE(CCERT_ISSUER, ccert_issuer); - CASE(CCERT_FINGERPRINT, ccert_fingerprint); - CASE(ENCRYPTION_PROTOCOL, encryption_protocol); - CASE(ENCRYPTION_CIPHER, encryption_cipher); - CASE(ENCRYPTION_KEYSIZE, encryption_keysize); - CASE(ETRN_DOMAIN, etrn_domain); - CASE(STRESS, stress); -#undef CASE - - case PTK_REQUEST: - PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY, - "unexpected `request' value: %.*s", vlen, v); - break; - - case PTK_PROTOCOL_NAME: - PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP, - "unexpected `protocol_name' value: %.*s", vlen, v); - query->esmtp = vtk == PTK_ESMTP; - break; - - case PTK_PROTOCOL_STATE: - switch (vtk) { -#define CASE(name) case PTK_##name: query->state = SMTP_##name; break; - CASE(CONNECT); - CASE(EHLO); - CASE(HELO); - CASE(MAIL); - CASE(RCPT); - CASE(DATA); - CASE(END_OF_MESSAGE); - CASE(VRFY); - CASE(ETRN); - default: - PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s", - vlen, v); -#undef CASE - } - break; - - default: - syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); - continue; - } - } - - return query->state == SMTP_UNKNOWN ? -1 : 0; -#undef PARSE_CHECK -} - __attribute__((format(printf,2,0))) static void policy_answer(server_t *pcy, const char *fmt, ...) { @@ -177,19 +82,35 @@ static bool policy_process(server_t *pcy, const config_t *config) const query_t* query = pcy->data; const filter_t *filter; if (config->entry_points[query->state] == -1) { - syslog(LOG_WARNING, "no filter defined for current protocol_state (%d)", query->state); + warn("no filter defined for current protocol_state (%d)", query->state); return false; } filter = array_ptr(config->filters, config->entry_points[query->state]); while (true) { const filter_hook_t *hook = filter_run(filter, query); if (hook == NULL) { - syslog(LOG_WARNING, "request aborted"); + warn("request client=%s, from=<%s>, to=<%s>: aborted", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient); return false; } else if (hook->postfix) { + info("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: \"%s\"", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, hook->value); policy_answer(pcy, "%s", hook->value); return true; } else { + debug("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: next filter %s", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, + (array_ptr(config->filters, hook->filter_id))->name); filter = array_ptr(config->filters, hook->filter_id); } } @@ -197,7 +118,7 @@ static bool policy_process(server_t *pcy, const config_t *config) static int policy_run(server_t *pcy, void* vconfig) { - ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1)); + int search_offs = MAX(0, (int)(pcy->ibuf.len - 1)); int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); const char *eoq; query_t *query = pcy->data; @@ -211,14 +132,14 @@ static int policy_run(server_t *pcy, void* vconfig) } if (nb == 0) { if (pcy->ibuf.len) - syslog(LOG_ERR, "unexpected end of data"); + err("unexpected end of data"); return -1; } if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n"))) return 0; - if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0) + if (!query_parse(pcy->data, pcy->ibuf.data)) return -1; query->eoq = eoq + strlen("\n\n"); epoll_modify(pcy->fd, 0, pcy); @@ -240,6 +161,8 @@ void usage(void) " -l port to listen to\n" " -p file to write our pid to\n" " -f stay in foreground\n" + " -d grow logging level\n" + " -u unsafe mode (don't drop privileges)\n" , stderr); } @@ -253,7 +176,7 @@ int main(int argc, char *argv[]) int port = DEFAULT_PORT; bool port_from_cli = false; - for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) { + for (int c = 0; (c = getopt(argc, argv, "ufd" "l:p:")) >= 0; ) { switch (c) { case 'p': pidfile = optarg; @@ -268,17 +191,36 @@ int main(int argc, char *argv[]) case 'f': daemonize = false; break; + case 'd': + ++log_level; + break; default: usage(); return EXIT_FAILURE; } } + if (!daemonize) { + log_syslog = false; + } + if (argc - optind != 1) { usage(); return EXIT_FAILURE; } + info("starting %s v%s...", DAEMON_NAME, DAEMON_VERSION); + + if (pidfile_open(pidfile) < 0) { + crit("unable to write pidfile %s", pidfile); + return EXIT_FAILURE; + } + + if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) { + crit("unable to drop privileges"); + return EXIT_FAILURE; + } + config_t *config = config_read(argv[optind]); if (config == NULL) { return EXIT_FAILURE; @@ -287,16 +229,17 @@ int main(int argc, char *argv[]) config->port = port; } - if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP, - daemonize) != EXIT_SUCCESS - || start_listener(config->port) < 0) { - config_delete(&config); + if (daemonize && daemon_detach() < 0) { + crit("unable to fork"); return EXIT_FAILURE; } - { - int res = server_loop(query_starter, (delete_client_t)query_delete, - policy_run, config_refresh, config); - config_delete(&config); - return res; + + pidfile_refresh(); + + if (start_listener(config->port) < 0) { + return EXIT_FAILURE; + } else { + return server_loop(query_starter, (delete_client_t)query_delete, + policy_run, config_refresh, config); } }