X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Fmatch.c;h=d50b12ac4d7e9cb73898cb748b17299340ee337d;hb=59b8220d0227fe68537a563b3e5fa2e63e26bc0d;hp=ae0561fb9bdb3f05b36bebc1ea6b6b9d61934216;hpb=e2ed1a31651a4f3e31d005005ca8677b15cec19d;p=apps%2Fpfixtools.git diff --git a/postlicyd/match.c b/postlicyd/match.c index ae0561f..d50b12a 100644 --- a/postlicyd/match.c +++ b/postlicyd/match.c @@ -54,6 +54,15 @@ typedef struct match_condition_t { } match_condition_t; ARRAY(match_condition_t) +static const char *condition_names[] = { + "unknown", + "equals to", + "differs from", + "contains", + "is contained", + "is empty" +}; + #define CONDITION_INIT { PTK_UNKNOWN, false, MATCH_UNKNOWN, NULL, 0 } typedef struct match_config_t { @@ -86,8 +95,8 @@ static bool match_filter_constructor(filter_t *filter) #define PARSE_CHECK(Expr, Str, ...) \ if (!(Expr)) { \ - syslog(LOG_ERR, Str, ##__VA_ARGS__); \ - match_config_delete(&config); \ + err(Str, ##__VA_ARGS__); \ + match_config_delete(&config); \ return false; \ } @@ -115,18 +124,17 @@ static bool match_filter_constructor(filter_t *filter) #define IS_OP_END(N) \ ((N) == '=' || (N) == 'i') match_condition_t condition = CONDITION_INIT; - const char *p = m_strnextsp(param->value); + const char *p = skipspaces(param->value); const char *n = p + 1; PARSE_CHECK(isalnum(*p), "invalid field name"); for (n = p + 1 ; *n && (isalnum(*n) || *n == '_') ; ++n); - PARSE_CHECK(*n && - (isspace(*n) || IS_OP_START(*n)), + PARSE_CHECK(*n && (isspace(*n) || IS_OP_START(*n)), "invalid condition, expected operator after field name"); condition.field = policy_tokenize(p, n - p); PARSE_CHECK(condition.field >= PTK_HELO_NAME && condition.field < PTK_SMTPD_ACCESS_POLICY, - "invalid field name %.*s", n - p, p); - p = m_strnextsp(n); + "invalid field name %.*s", (int)(n - p), p); + p = skipspaces(n); n = p + 1; PARSE_CHECK(IS_OP_START(*p) && IS_OP_END(*n), "invalid operator %2s", p); @@ -141,13 +149,13 @@ static bool match_filter_constructor(filter_t *filter) CASE_OP('!', DIFFER); CASE_OP('>', CONTAINS); CASE_OP('<', CONTAINED); - CASE_OP('1', EMPTY); + CASE_OP('#', EMPTY); #undef CASE_OP } PARSE_CHECK(condition.condition != MATCH_UNKNOWN, "invalid operator"); if (condition.condition != MATCH_EMPTY) { - p = m_strnextsp(n + 1); + p = skipspaces(n + 1); PARSE_CHECK(*p, "no value defined to check the condition"); condition.value_len = param->value_len - (p - param->value); condition.value = p_dupstr(p, condition.value_len); @@ -174,7 +182,83 @@ static void match_filter_destructor(filter_t *filter) static inline bool match_condition(const match_condition_t *cond, const query_t *query) { -// const char *field = NULL; + const char *field = NULL; + switch (cond->field) { +#define CASE(Up, Low) \ + case PTK_ ## Up: field = query->Low; break; + CASE(HELO_NAME, helo_name) + CASE(QUEUE_ID, queue_id) + CASE(SENDER, sender) + CASE(SENDER_DOMAIN, sender_domain) + CASE(RECIPIENT, recipient) + CASE(RECIPIENT_DOMAIN, recipient_domain) + CASE(RECIPIENT_COUNT, recipient_count) + CASE(CLIENT_ADDRESS, client_address) + CASE(CLIENT_NAME, client_name) + CASE(REVERSE_CLIENT_NAME, reverse_client_name) + CASE(INSTANCE, instance) + CASE(SASL_METHOD, sasl_method) + CASE(SASL_USERNAME, sasl_username) + CASE(SASL_SENDER, sasl_sender) + CASE(SIZE, size) + CASE(CCERT_SUBJECT, ccert_subject) + CASE(CCERT_ISSUER, ccert_issuer) + CASE(CCERT_FINGERPRINT, ccert_fingerprint) + CASE(ENCRYPTION_PROTOCOL, encryption_protocol) + CASE(ENCRYPTION_CIPHER, encryption_cipher) + CASE(ENCRYPTION_KEYSIZE, encryption_keysize) + CASE(ETRN_DOMAIN, etrn_domain) + CASE(STRESS, stress) +#undef CASE + default: return false; + } + debug("running condition: \"%s\" %s %s\"%s\"", + field, condition_names[cond->condition], + cond->case_sensitive ? "" : "(alternative) ", + cond->value ? cond->value : "(none)"); + switch (cond->condition) { + case MATCH_EQUAL: + case MATCH_DIFFER: + if (field == NULL) { + return cond->condition != MATCH_DIFFER; + } + if (cond->case_sensitive) { + return !!((strcmp(field, cond->value) == 0) + ^ (cond->condition == MATCH_DIFFER)); + } else { + return !!((ascii_strcasecmp(field, cond->value) == 0) + ^ (cond->condition == MATCH_DIFFER)); + } + break; + + case MATCH_CONTAINS: + if (field == NULL) { + return false; + } + if (cond->case_sensitive) { + return strstr(field, cond->value); + } else { + return m_stristrn(field, cond->value, cond->value_len); + } + break; + + case MATCH_CONTAINED: + if (field == NULL) { + return false; + } + if (cond->case_sensitive) { + return strstr(cond->value, field); + } else { + return m_stristr(cond->value, field); + } + break; + + case MATCH_EMPTY: + return !!((field == NULL || *field == '\0') ^ (!cond->case_sensitive)); + + default: + assert(false && "invalid condition type"); + } return true; } @@ -184,15 +268,19 @@ static filter_result_t match_filter(const filter_t *filter, const query_t *query foreach (const match_condition_t *condition, config->conditions) { bool r = match_condition(condition, query); if (!r && config->match_all) { - return HTK_FALSE; + debug("condition failed, match_all failed"); + return HTK_FAIL; } else if (r && !(config->match_all)) { - return HTK_TRUE; + debug("condition succeed, not-match_all succeed"); + return HTK_MATCH; } }} if (config->match_all) { - return HTK_TRUE; + debug("all conditions matched, match_all succeed"); + return HTK_MATCH; } else { - return HTK_FALSE; + debug("no condition matched, not-match_all failed"); + return HTK_FAIL; } } @@ -204,8 +292,8 @@ static int match_init(void) */ (void)filter_hook_register(type, "abort"); (void)filter_hook_register(type, "error"); - (void)filter_hook_register(type, "true"); - (void)filter_hook_register(type, "false"); + (void)filter_hook_register(type, "match"); + (void)filter_hook_register(type, "fail"); /* Parameters. */