X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=9bdc391ca7c6d57a72bfd809c4c342b939673d01;hb=59b8220d0227fe68537a563b3e5fa2e63e26bc0d;hp=7d6970de1e37c482f2cb14cb511e6fcf613f3e84;hpb=9b993811fe1fd208afd954e86c0bfc81a78af04f;p=apps%2Fpfixtools.git diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c index 7d6970d..9bdc391 100644 --- a/postlicyd/main-postlicyd.c +++ b/postlicyd/main-postlicyd.c @@ -42,6 +42,7 @@ #include "policy_tokens.h" #include "server.h" #include "query.h" +#include "config.h" #define DAEMON_NAME "postlicyd" #define DEFAULT_PORT 10000 @@ -55,99 +56,9 @@ static void *query_starter(server_t* server) return query_new(); } -static int postfix_parsejob(query_t *query, char *p) +static bool config_refresh(void *config) { -#define PARSE_CHECK(expr, error, ...) \ - do { \ - if (!(expr)) { \ - syslog(LOG_ERR, error, ##__VA_ARGS__); \ - return -1; \ - } \ - } while (0) - - p_clear(query, 1); - while (*p != '\n') { - char *k, *v; - int klen, vlen, vtk; - - while (isblank(*p)) - p++; - p = strchr(k = p, '='); - PARSE_CHECK(p, "could not find '=' in line"); - for (klen = p - k; klen && isblank(k[klen]); klen--); - p += 1; /* skip = */ - - while (isblank(*p)) - p++; - p = strchr(v = p, '\n'); - PARSE_CHECK(p, "could not find final \\n in line"); - for (vlen = p - v; vlen && isblank(v[vlen]); vlen--); - p += 1; /* skip \n */ - - vtk = policy_tokenize(v, vlen); - switch (policy_tokenize(k, klen)) { -#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; break; - CASE(HELO_NAME, helo_name); - CASE(QUEUE_ID, queue_id); - CASE(SENDER, sender); - CASE(RECIPIENT, recipient); - CASE(RECIPIENT_COUNT, recipient_count); - CASE(CLIENT_ADDRESS, client_address); - CASE(CLIENT_NAME, client_name); - CASE(REVERSE_CLIENT_NAME, reverse_client_name); - CASE(INSTANCE, instance); - CASE(SASL_METHOD, sasl_method); - CASE(SASL_USERNAME, sasl_username); - CASE(SASL_SENDER, sasl_sender); - CASE(SIZE, size); - CASE(CCERT_SUBJECT, ccert_subject); - CASE(CCERT_ISSUER, ccert_issuer); - CASE(CCERT_FINGERPRINT, ccert_fingerprint); - CASE(ENCRYPTION_PROTOCOL, encryption_protocol); - CASE(ENCRYPTION_CIPHER, encryption_cipher); - CASE(ENCRYPTION_KEYSIZE, encryption_keysize); - CASE(ETRN_DOMAIN, etrn_domain); - CASE(STRESS, stress); -#undef CASE - - case PTK_REQUEST: - PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY, - "unexpected `request' value: %.*s", vlen, v); - break; - - case PTK_PROTOCOL_NAME: - PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP, - "unexpected `protocol_name' value: %.*s", vlen, v); - query->esmtp = vtk == PTK_ESMTP; - break; - - case PTK_PROTOCOL_STATE: - switch (vtk) { -#define CASE(name) case PTK_##name: query->state = SMTP_##name; break; - CASE(CONNECT); - CASE(EHLO); - CASE(HELO); - CASE(MAIL); - CASE(RCPT); - CASE(DATA); - CASE(END_OF_MESSAGE); - CASE(VRFY); - CASE(ETRN); - default: - PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s", - vlen, v); -#undef CASE - } - break; - - default: - syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); - continue; - } - } - - return query->state == SMTP_UNKNOWN ? -1 : 0; -#undef PARSE_CHECK + return config_reload(config); } __attribute__((format(printf,2,0))) @@ -165,25 +76,52 @@ static void policy_answer(server_t *pcy, const char *fmt, ...) epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy); } -static bool policy_run_filter(const query_t* query, void* filter, void* conf) -{ - return false; -} - -static void policy_process(server_t *pcy) +static bool policy_process(server_t *pcy, const config_t *config) { const query_t* query = pcy->data; - if (!policy_run_filter(query, NULL, NULL)) { - policy_answer(pcy, "DUNNO"); + const filter_t *filter; + if (config->entry_points[query->state] == -1) { + warn("no filter defined for current protocol_state (%d)", query->state); + return false; + } + filter = array_ptr(config->filters, config->entry_points[query->state]); + while (true) { + const filter_hook_t *hook = filter_run(filter, query); + if (hook == NULL) { + warn("request client=%s, from=<%s>, to=<%s>: aborted", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient); + return false; + } else if (hook->postfix) { + info("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: \"%s\"", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, hook->value); + policy_answer(pcy, "%s", hook->value); + return true; + } else { + notice("request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s: next filter %s", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name, + (array_ptr(config->filters, hook->filter_id))->name); + filter = array_ptr(config->filters, hook->filter_id); + } } } -static int policy_run(server_t *pcy, void* config) +static int policy_run(server_t *pcy, void* vconfig) { - ssize_t search_offs = MAX(0, pcy->ibuf.len - 1); + int search_offs = MAX(0, (int)(pcy->ibuf.len - 1)); int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); const char *eoq; - query_t* query = pcy->data; + query_t *query = pcy->data; + const config_t *config = vconfig; if (nb < 0) { if (errno == EAGAIN || errno == EINTR) @@ -193,19 +131,18 @@ static int policy_run(server_t *pcy, void* config) } if (nb == 0) { if (pcy->ibuf.len) - syslog(LOG_ERR, "unexpected end of data"); + err("unexpected end of data"); return -1; } if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n"))) return 0; - if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0) + if (!query_parse(pcy->data, pcy->ibuf.data)) return -1; query->eoq = eoq + strlen("\n\n"); epoll_modify(pcy->fd, 0, pcy); - policy_process(pcy); - return 0; + return policy_process(pcy, config) ? 0 : -1; } int start_listener(int port) @@ -223,6 +160,8 @@ void usage(void) " -l port to listen to\n" " -p file to write our pid to\n" " -f stay in foreground\n" + " -d grow logging level\n" + " -u unsafe mode (don't drop privileges)\n" , stderr); } @@ -234,8 +173,9 @@ int main(int argc, char *argv[]) const char *pidfile = NULL; bool daemonize = true; int port = DEFAULT_PORT; + bool port_from_cli = false; - for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) { + for (int c = 0; (c = getopt(argc, argv, "ufd" "l:p:")) >= 0; ) { switch (c) { case 'p': pidfile = optarg; @@ -245,10 +185,14 @@ int main(int argc, char *argv[]) break; case 'l': port = atoi(optarg); + port_from_cli = true; break; case 'f': daemonize = false; break; + case 'd': + ++log_level; + break; default: usage(); return EXIT_FAILURE; @@ -260,11 +204,35 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } - if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP, - daemonize) != EXIT_SUCCESS - || start_listener(port) < 0) { + if (pidfile_open(pidfile) < 0) { + crit("unable to write pidfile %s", pidfile); + return EXIT_FAILURE; + } + + if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) { + crit("unable to drop privileges"); + return EXIT_FAILURE; + } + + config_t *config = config_read(argv[optind]); + if (config == NULL) { + return EXIT_FAILURE; + } + if (port_from_cli || config->port == 0) { + config->port = port; + } + + if (daemonize && daemon_detach() < 0) { + crit("unable to fork"); + return EXIT_FAILURE; + } + + pidfile_refresh(); + + if (start_listener(config->port) < 0) { return EXIT_FAILURE; + } else { + return server_loop(query_starter, (delete_client_t)query_delete, + policy_run, config_refresh, config); } - return server_loop(query_starter, (delete_client_t)query_delete, - policy_run, NULL); }