X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=cfe2c56c735c3db09c67920100258fab0dfe5a0a;hb=8ad7a11fd6ad8b8f5edfbde9da16a18b7a846738;hp=d6c5cc4c383f4deae5fd8111ac2823a5aa644096;hpb=6154a392a1f0d96d4599a45f1c37d84dbe5bfa4d;p=apps%2Fpfixtools.git diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c index d6c5cc4..cfe2c56 100644 --- a/postlicyd/main-postlicyd.c +++ b/postlicyd/main-postlicyd.c @@ -56,100 +56,9 @@ static void *query_starter(server_t* server) return query_new(); } -static int postfix_parsejob(query_t *query, char *p) +static bool config_refresh(void *config) { -#define PARSE_CHECK(expr, error, ...) \ - do { \ - if (!(expr)) { \ - syslog(LOG_ERR, error, ##__VA_ARGS__); \ - return -1; \ - } \ - } while (0) - - p_clear(query, 1); - query->state = SMTP_UNKNOWN; - while (*p != '\n') { - char *k, *v; - int klen, vlen, vtk; - - while (isblank(*p)) - p++; - p = strchr(k = p, '='); - PARSE_CHECK(p, "could not find '=' in line"); - for (klen = p - k; klen && isblank(k[klen]); klen--); - p += 1; /* skip = */ - - while (isblank(*p)) - p++; - p = strchr(v = p, '\n'); - PARSE_CHECK(p, "could not find final \\n in line"); - for (vlen = p - v; vlen && isblank(v[vlen]); vlen--); - p += 1; /* skip \n */ - - vtk = policy_tokenize(v, vlen); - switch (policy_tokenize(k, klen)) { -#define CASE(up, low) case PTK_##up: query->low = v; v[vlen] = '\0'; syslog(LOG_DEBUG, "%s = %s", ptokens[PTK_##up], query->low); break; - CASE(HELO_NAME, helo_name); - CASE(QUEUE_ID, queue_id); - CASE(SENDER, sender); - CASE(RECIPIENT, recipient); - CASE(RECIPIENT_COUNT, recipient_count); - CASE(CLIENT_ADDRESS, client_address); - CASE(CLIENT_NAME, client_name); - CASE(REVERSE_CLIENT_NAME, reverse_client_name); - CASE(INSTANCE, instance); - CASE(SASL_METHOD, sasl_method); - CASE(SASL_USERNAME, sasl_username); - CASE(SASL_SENDER, sasl_sender); - CASE(SIZE, size); - CASE(CCERT_SUBJECT, ccert_subject); - CASE(CCERT_ISSUER, ccert_issuer); - CASE(CCERT_FINGERPRINT, ccert_fingerprint); - CASE(ENCRYPTION_PROTOCOL, encryption_protocol); - CASE(ENCRYPTION_CIPHER, encryption_cipher); - CASE(ENCRYPTION_KEYSIZE, encryption_keysize); - CASE(ETRN_DOMAIN, etrn_domain); - CASE(STRESS, stress); -#undef CASE - - case PTK_REQUEST: - PARSE_CHECK(vtk == PTK_SMTPD_ACCESS_POLICY, - "unexpected `request' value: %.*s", vlen, v); - break; - - case PTK_PROTOCOL_NAME: - PARSE_CHECK(vtk == PTK_SMTP || vtk == PTK_ESMTP, - "unexpected `protocol_name' value: %.*s", vlen, v); - query->esmtp = vtk == PTK_ESMTP; - break; - - case PTK_PROTOCOL_STATE: - switch (vtk) { -#define CASE(name) case PTK_##name: query->state = SMTP_##name; break; - CASE(CONNECT); - CASE(EHLO); - CASE(HELO); - CASE(MAIL); - CASE(RCPT); - CASE(DATA); - CASE(END_OF_MESSAGE); - CASE(VRFY); - CASE(ETRN); - default: - PARSE_CHECK(false, "unexpected `protocol_state` value: %.*s", - vlen, v); -#undef CASE - } - break; - - default: - syslog(LOG_WARNING, "unexpected key, skipped: %.*s", klen, k); - continue; - } - } - - return query->state == SMTP_UNKNOWN ? -1 : 0; -#undef PARSE_CHECK + return config_reload(config); } __attribute__((format(printf,2,0))) @@ -179,9 +88,18 @@ static bool policy_process(server_t *pcy, const config_t *config) while (true) { const filter_hook_t *hook = filter_run(filter, query); if (hook == NULL) { - syslog(LOG_WARNING, "request aborted"); + syslog(LOG_WARNING, "request client=%s, from=<%s>, to=<%s>: aborted", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient); return false; } else if (hook->postfix) { + syslog(LOG_INFO, "request client=%s, from=<%s>, to=<%s>: " + "awswer %s from filter %s", + query->client_name, + query->sender == NULL ? "undefined" : query->sender, + query->recipient == NULL ? "undefined" : query->recipient, + htokens[hook->type], filter->name); policy_answer(pcy, "%s", hook->value); return true; } else { @@ -192,7 +110,7 @@ static bool policy_process(server_t *pcy, const config_t *config) static int policy_run(server_t *pcy, void* vconfig) { - ssize_t search_offs = MAX(0, pcy->ibuf.len - 1); + ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1)); int nb = buffer_read(&pcy->ibuf, pcy->fd, -1); const char *eoq; query_t *query = pcy->data; @@ -213,7 +131,7 @@ static int policy_run(server_t *pcy, void* vconfig) if (!(eoq = strstr(pcy->ibuf.data + search_offs, "\n\n"))) return 0; - if (postfix_parsejob(pcy->data, pcy->ibuf.data) < 0) + if (!query_parse(pcy->data, pcy->ibuf.data)) return -1; query->eoq = eoq + strlen("\n\n"); epoll_modify(pcy->fd, 0, pcy); @@ -246,6 +164,7 @@ int main(int argc, char *argv[]) const char *pidfile = NULL; bool daemonize = true; int port = DEFAULT_PORT; + bool port_from_cli = false; for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) { switch (c) { @@ -257,6 +176,7 @@ int main(int argc, char *argv[]) break; case 'l': port = atoi(optarg); + port_from_cli = true; break; case 'f': daemonize = false; @@ -272,19 +192,26 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } + if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) { + syslog(LOG_CRIT, "unable to drop privileges"); + return EXIT_FAILURE; + } + config_t *config = config_read(argv[optind]); if (config == NULL) { return EXIT_FAILURE; } + if (port_from_cli || config->port == 0) { + config->port = port; + } - if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP, - daemonize) != EXIT_SUCCESS - || start_listener(port) < 0) { + if (common_setup(pidfile, true, NULL, NULL, daemonize) != EXIT_SUCCESS + || start_listener(config->port) < 0) { + config_delete(&config); return EXIT_FAILURE; - } - { + } else { int res = server_loop(query_starter, (delete_client_t)query_delete, - policy_run, config); + policy_run, config_refresh, config); config_delete(&config); return res; }