X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=677307095e965bb2cea8a06509d2b23d8f8af4b2;hb=ae0c2eb5d2ea501fd9e458fc138696c268a14569;hp=60ecb3a765979ddf4516893ac5d4bc9e89fc7274;hpb=44d04c83a53af19faecb1620cf0f9ed53054da5c;p=apps%2Fpfixtools.git

diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c
index 60ecb3a..6773070 100644
--- a/postlicyd/main-postlicyd.c
+++ b/postlicyd/main-postlicyd.c
@@ -41,10 +41,11 @@
 #include "epoll.h"
 #include "policy_tokens.h"
 #include "server.h"
-#include "query.h"
 #include "config.h"
+#include "postlicyd.h"
 
 #define DAEMON_NAME             "postlicyd"
+#define DAEMON_VERSION          "0.2"
 #define DEFAULT_PORT            10000
 #define RUNAS_USER              "nobody"
 #define RUNAS_GROUP             "nogroup"
@@ -53,7 +54,18 @@ DECLARE_MAIN
 
 static void *query_starter(server_t* server)
 {
-    return query_new();
+    query_context_t *context = p_new(query_context_t, 1);
+    filter_context_prepare(&context->context, context);
+    return context;
+}
+
+static void query_stopper(void *data)
+{
+    query_context_t **context = data;
+    if (*context) {
+        filter_context_wipe(&(*context)->context);
+        p_delete(context);
+    }
 }
 
 static bool config_refresh(void *config)
@@ -65,7 +77,8 @@ __attribute__((format(printf,2,0)))
 static void policy_answer(server_t *pcy, const char *fmt, ...)
 {
     va_list args;
-    const query_t* query = pcy->data;
+    query_context_t *context = pcy->data;
+    const query_t* query = &context->query;
 
     buffer_addstr(&pcy->obuf, "action=");
     va_start(args, fmt);
@@ -78,22 +91,51 @@ static void policy_answer(server_t *pcy, const char *fmt, ...)
 
 static bool policy_process(server_t *pcy, const config_t *config)
 {
-    const query_t* query = pcy->data;
+    query_context_t *context = pcy->data;
+    const query_t* query = &context->query;
     const filter_t *filter;
     if (config->entry_points[query->state] == -1) {
-        syslog(LOG_WARNING, "no filter defined for current protocol_state (%d)", query->state);
+        warn("no filter defined for current protocol_state (%d)", query->state);
         return false;
     }
-    filter = array_ptr(config->filters, config->entry_points[query->state]);
+    if (context->context.current_filter != NULL) {
+        filter = context->context.current_filter;
+    } else {
+        filter = array_ptr(config->filters, config->entry_points[query->state]);
+    }
     while (true) {
-        const filter_hook_t *hook = filter_run(filter, query);
+        const filter_hook_t *hook = filter_run(filter, query, &context->context);
         if (hook == NULL) {
-            syslog(LOG_WARNING, "request aborted");
+            warn("request client=%s, from=<%s>, to=<%s>: aborted",
+                 query->client_name,
+                 query->sender == NULL ? "undefined" : query->sender,
+                 query->recipient == NULL ? "undefined" : query->recipient);
             return false;
+        } else if (hook->async) {
+            debug("request client=%s, from=<%s>, to=<%s>: "
+                  "asynchronous filter from filter %s",
+                   query->client_name,
+                   query->sender == NULL ? "undefined" : query->sender,
+                   query->recipient == NULL ? "undefined" : query->recipient,
+                   filter->name);
+            return true;
         } else if (hook->postfix) {
+            info("request client=%s, from=<%s>, to=<%s>: "
+                 "awswer %s from filter %s: \"%s\"",
+                 query->client_name,
+                 query->sender == NULL ? "undefined" : query->sender,
+                 query->recipient == NULL ? "undefined" : query->recipient,
+                 htokens[hook->type], filter->name, hook->value);
             policy_answer(pcy, "%s", hook->value);
             return true;
         } else {
+            debug("request client=%s, from=<%s>, to=<%s>: "
+                   "awswer %s from filter %s: next filter %s",
+                   query->client_name,
+                   query->sender == NULL ? "undefined" : query->sender,
+                   query->recipient == NULL ? "undefined" : query->recipient,
+                   htokens[hook->type], filter->name,
+                   (array_ptr(config->filters, hook->filter_id))->name);
             filter = array_ptr(config->filters, hook->filter_id);
         }
     }
@@ -101,10 +143,11 @@ static bool policy_process(server_t *pcy, const config_t *config)
 
 static int policy_run(server_t *pcy, void* vconfig)
 {
-    ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1));
+    int search_offs = MAX(0, (int)(pcy->ibuf.len - 1));
     int nb = buffer_read(&pcy->ibuf, pcy->fd, -1);
     const char *eoq;
-    query_t  *query  = pcy->data;
+    query_context_t *context = pcy->data;
+    query_t  *query  = &context->query;
     const config_t *config = vconfig;
 
     if (nb < 0) {
@@ -115,7 +158,7 @@ static int policy_run(server_t *pcy, void* vconfig)
     }
     if (nb == 0) {
         if (pcy->ibuf.len)
-            syslog(LOG_ERR, "unexpected end of data");
+            err("unexpected end of data");
         return -1;
     }
 
@@ -129,6 +172,15 @@ static int policy_run(server_t *pcy, void* vconfig)
     return policy_process(pcy, config) ? 0 : -1;
 }
 
+static bool policy_event(server_t *event, void *config)
+{
+    if (!policy_process(event, config)) {
+        server_release(event);
+        return true;
+    }
+    return true;
+}
+
 int start_listener(int port)
 {
     return start_server(port, NULL, NULL);
@@ -144,6 +196,8 @@ void usage(void)
           "    -l <port>    port to listen to\n"
           "    -p <pidfile> file to write our pid to\n"
           "    -f           stay in foreground\n"
+          "    -d           grow logging level\n"
+          "    -u           unsafe mode (don't drop privileges)\n"
          , stderr);
 }
 
@@ -157,7 +211,7 @@ int main(int argc, char *argv[])
     int port = DEFAULT_PORT;
     bool port_from_cli = false;
 
-    for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) {
+    for (int c = 0; (c = getopt(argc, argv, "ufd" "l:p:")) >= 0; ) {
         switch (c) {
           case 'p':
             pidfile = optarg;
@@ -172,19 +226,33 @@ int main(int argc, char *argv[])
           case 'f':
             daemonize = false;
             break;
+          case 'd':
+            ++log_level;
+            break;
           default:
             usage();
             return EXIT_FAILURE;
         }
     }
 
+    if (!daemonize) {
+        log_syslog = false;
+    }
+
     if (argc - optind != 1) {
         usage();
         return EXIT_FAILURE;
     }
 
+    info("starting %s v%s...", DAEMON_NAME, DAEMON_VERSION);
+
+    if (pidfile_open(pidfile) < 0) {
+        crit("unable to write pidfile %s", pidfile);
+        return EXIT_FAILURE;
+    }
+
     if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
-        syslog(LOG_CRIT, "unable to drop privileges");
+        crit("unable to drop privileges");
         return EXIT_FAILURE;
     }
 
@@ -196,14 +264,17 @@ int main(int argc, char *argv[])
         config->port = port;
     }
 
-    if (common_setup(pidfile, true, NULL, NULL, daemonize) != EXIT_SUCCESS
-        || start_listener(config->port) < 0) {
-        config_delete(&config);
+    if (daemonize && daemon_detach() < 0) {
+        crit("unable to fork");
+        return EXIT_FAILURE;
+    }
+
+    pidfile_refresh();
+
+    if (start_listener(config->port) < 0) {
         return EXIT_FAILURE;
     } else {
-        int res = server_loop(query_starter, (delete_client_t)query_delete,
-                              policy_run, config_refresh, config);
-        config_delete(&config);
-        return res;
+        return server_loop(query_starter, query_stopper,
+                           policy_run, policy_event, config_refresh, config);
     }
 }