X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=9baf34ab93d8beef280eb832c5afe709f066c701;hb=b0194db8ea91d49b9e50319f6e20b8f580e338ed;hp=9ff1bc504b72d1a636afe6dd7150df2db90f8da1;hpb=f47b916bf7581b0070431eb70f43710e4c79fc98;p=apps%2Fpfixtools.git diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c index 9ff1bc5..9baf34a 100644 --- a/postlicyd/main-postlicyd.c +++ b/postlicyd/main-postlicyd.c @@ -38,90 +38,171 @@ #include "buffer.h" #include "common.h" -#include "epoll.h" #include "policy_tokens.h" #include "server.h" -#include "query.h" #include "config.h" +#include "postlicyd.h" #define DAEMON_NAME "postlicyd" +#define DAEMON_VERSION "0.3" #define DEFAULT_PORT 10000 #define RUNAS_USER "nobody" #define RUNAS_GROUP "nogroup" DECLARE_MAIN +static config_t *config = NULL; +static bool refresh = false; +static PA(server_t) busy = ARRAY_INIT; + static void *query_starter(server_t* server) { - return query_new(); + query_context_t *context = p_new(query_context_t, 1); + filter_context_prepare(&context->context, context); + return context; +} + +static void query_stopper(void *data) +{ + query_context_t **context = data; + if (*context) { + filter_context_wipe(&(*context)->context); + p_delete(context); + } } -static bool config_refresh(void *config) +static bool config_refresh(void *mconfig) { - return config_reload(config); + refresh = true; + if (filter_running > 0) { + return true; + } + bool ret = config_reload(mconfig); + foreach (server_t **server, busy) { + server_ro(*server); + }} + array_len(busy) = 0; + refresh = false; + return ret; } -__attribute__((format(printf,2,0))) -static void policy_answer(server_t *pcy, const char *fmt, ...) +static void policy_answer(server_t *pcy, const char *message) { - va_list args; - const query_t* query = pcy->data; + query_context_t *context = pcy->data; + const query_t* query = &context->query; buffer_addstr(&pcy->obuf, "action="); - va_start(args, fmt); - buffer_addvf(&pcy->obuf, fmt, args); - va_end(args); + buffer_ensure(&pcy->obuf, m_strlen(message) + 64); + + ssize_t size = array_size(pcy->obuf) - array_len(pcy->obuf); + ssize_t format_size = query_format(array_ptr(pcy->obuf, array_len(pcy->obuf)), + size, message, query); + if (format_size == -1) { + buffer_addstr(&pcy->obuf, message); + } else if (format_size > size) { + buffer_ensure(&pcy->obuf, format_size + 1); + query_format(array_ptr(pcy->obuf, array_len(pcy->obuf)), + array_size(pcy->obuf) - array_len(pcy->obuf), + message, query); + array_len(pcy->obuf) += format_size; + } else { + array_len(pcy->obuf) += format_size; + } buffer_addstr(&pcy->obuf, "\n\n"); buffer_consume(&pcy->ibuf, query->eoq - pcy->ibuf.data); - epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy); + server_rw(pcy); } -static bool policy_process(server_t *pcy, const config_t *config) +static const filter_t *next_filter(server_t *pcy, const filter_t *filter, + const query_t *query, const filter_hook_t *hook, bool *ok) { + if (hook != NULL) { + query_context_t *context = pcy->data; + if (hook->counter >= 0 && hook->counter < MAX_COUNTERS && hook->cost > 0) { + context->context.counters[hook->counter] += hook->cost; + debug("request client=%s, from=<%s>, to=<%s>: added %d to counter %d (now %u)", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + hook->cost, hook->counter, context->context.counters[hook->counter]); + } + } + if (hook == NULL) { + warn("request client=%s, from=<%s>, to=<%s>: aborted", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient); + *ok = false; + return NULL; + } else if (hook->async) { + debug("request client=%s, from=<%s>, to=<%s>: " + "asynchronous filter from filter %s", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + filter->name); + *ok = true; + return NULL; + } else if (hook->postfix) { + info("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: \"%s\"", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, hook->value); + policy_answer(pcy, hook->value); + *ok = true; + return NULL; + } else { + debug("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: next filter %s", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, + (array_ptr(config->filters, hook->filter_id))->name); + return array_ptr(config->filters, hook->filter_id); + } +} + +static bool policy_process(server_t *pcy, const config_t *mconfig) { - const query_t* query = pcy->data; + query_context_t *context = pcy->data; + const query_t* query = &context->query; const filter_t *filter; - if (config->entry_points[query->state] == -1) { + if (mconfig->entry_points[query->state] == -1) { warn("no filter defined for current protocol_state (%d)", query->state); return false; } - filter = array_ptr(config->filters, config->entry_points[query->state]); + if (context->context.current_filter != NULL) { + filter = context->context.current_filter; + } else { + filter = array_ptr(mconfig->filters, mconfig->entry_points[query->state]); + } + context->context.current_filter = NULL; while (true) { - const filter_hook_t *hook = filter_run(filter, query); - if (hook == NULL) { - warn("request client=%s, from=<%s>, to=<%s>: aborted", - query->client_name, - query->sender == NULL ? "undefined" : query->sender, - query->recipient == NULL ? "undefined" : query->recipient); - return false; - } else if (hook->postfix) { - info("request client=%s, from=<%s>, to=<%s>: " - "awswer %s from filter %s: \"%s\"", - query->client_name, - query->sender == NULL ? "undefined" : query->sender, - query->recipient == NULL ? "undefined" : query->recipient, - htokens[hook->type], filter->name, hook->value); - policy_answer(pcy, "%s", hook->value); - return true; - } else { - notice("request client=%s, from=<%s>, to=<%s>: " - "awswer %s from filter %s: next filter %s", - query->client_name, - query->sender == NULL ? "undefined" : query->sender, - query->recipient == NULL ? "undefined" : query->recipient, - htokens[hook->type], filter->name, - (array_ptr(config->filters, hook->filter_id))->name); - filter = array_ptr(config->filters, hook->filter_id); + bool ok = false; + const filter_hook_t *hook = filter_run(filter, query, &context->context); + filter = next_filter(pcy, filter, query, hook, &ok); + if (filter == NULL) { + return ok; } } } static int policy_run(server_t *pcy, void* vconfig) { - ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1)); + if (refresh) { + array_add(busy, pcy); + return 0; + } + + int search_offs = MAX(0, (int)(pcy->ibuf.len - 1)); int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); const char *eoq; - query_t *query = pcy->data; - const config_t *config = vconfig; + query_context_t *context = pcy->data; + query_t *query = &context->query; + context->server = pcy; + const config_t *mconfig = vconfig; if (nb < 0) { if (errno == EAGAIN || errno == EINTR) @@ -141,10 +222,48 @@ static int policy_run(server_t *pcy, void* vconfig) if (!query_parse(pcy->data, pcy->ibuf.data)) return -1; query->eoq = eoq + strlen("\n\n"); - epoll_modify(pcy->fd, 0, pcy); - return policy_process(pcy, config) ? 0 : -1; + if (query->instance == NULL || strcmp(context->context.instance, query->instance) != 0) { + filter_context_clean(&context->context); + m_strcat(context->context.instance, 64, query->instance); + } + server_none(pcy); + return policy_process(pcy, mconfig) ? 0 : -1; +} + +static void policy_async_handler(filter_context_t *context, + const filter_hook_t *hook) +{ + bool ok = false; + const filter_t *filter = context->current_filter; + query_context_t *qctx = context->data; + query_t *query = &qctx->query; + server_t *server = qctx->server; + + context->current_filter = next_filter(server, filter, query, hook, &ok); + if (context->current_filter != NULL) { + ok = policy_process(server, config); + } + if (!ok) { + server_release(server); + } + if (refresh && filter_running == 0) { + config_refresh(config); + } } +static int postlicyd_init(void) +{ + filter_async_handler_register(policy_async_handler); + return 0; +} + +static void postlicyd_shutdown(void) +{ + array_deep_wipe(busy, server_delete); +} +module_init(postlicyd_init); +module_exit(postlicyd_shutdown); + int start_listener(int port) { return start_server(port, NULL, NULL); @@ -199,11 +318,17 @@ int main(int argc, char *argv[]) } } + if (!daemonize) { + log_syslog = false; + } + if (argc - optind != 1) { usage(); return EXIT_FAILURE; } + info("starting %s v%s...", DAEMON_NAME, DAEMON_VERSION); + if (pidfile_open(pidfile) < 0) { crit("unable to write pidfile %s", pidfile); return EXIT_FAILURE; @@ -214,7 +339,7 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } - config_t *config = config_read(argv[optind]); + config = config_read(argv[optind]); if (config == NULL) { return EXIT_FAILURE; } @@ -232,7 +357,7 @@ int main(int argc, char *argv[]) if (start_listener(config->port) < 0) { return EXIT_FAILURE; } else { - return server_loop(query_starter, (delete_client_t)query_delete, + return server_loop(query_starter, query_stopper, policy_run, config_refresh, config); } }