1 /******************************************************************************/
2 /* pfixtools: a collection of postfix related tools */
4 /* ________________________________________________________________________ */
6 /* Redistribution and use in source and binary forms, with or without */
7 /* modification, are permitted provided that the following conditions */
10 /* 1. Redistributions of source code must retain the above copyright */
11 /* notice, this list of conditions and the following disclaimer. */
12 /* 2. Redistributions in binary form must reproduce the above copyright */
13 /* notice, this list of conditions and the following disclaimer in the */
14 /* documentation and/or other materials provided with the distribution. */
15 /* 3. The names of its contributors may not be used to endorse or promote */
16 /* products derived from this software without specific prior written */
19 /* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND */
20 /* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE */
21 /* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR */
22 /* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS */
23 /* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR */
24 /* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF */
25 /* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS */
26 /* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN */
27 /* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) */
28 /* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF */
29 /* THE POSSIBILITY OF SUCH DAMAGE. */
30 /******************************************************************************/
33 * Copyright © 2008 Florent Bruneau
38 #include "policy_tokens.h"
40 typedef struct match_condition_t {
41 postlicyd_token field;
55 ARRAY(match_condition_t)
57 #define CONDITION_INIT { PTK_UNKNOWN, false, MATCH_UNKNOWN, NULL, 0 }
59 typedef struct match_config_t {
60 A(match_condition_t) conditions;
64 static match_config_t *match_config_new(void)
66 return p_new(match_config_t, 1);
69 static inline void match_condition_wipe(match_condition_t *condition)
71 p_delete(&condition->value);
72 condition->value_len = 0;
75 static void match_config_delete(match_config_t **config)
78 array_deep_wipe((*config)->conditions, match_condition_wipe);
83 static bool match_filter_constructor(filter_t *filter)
85 match_config_t *config = match_config_new();
87 #define PARSE_CHECK(Expr, Str, ...) \
89 syslog(LOG_ERR, Str, ##__VA_ARGS__); \
90 match_config_delete(&config); \
94 foreach (filter_param_t *param, filter->params) {
95 switch (param->type) {
96 FILTER_PARAM_PARSE_BOOLEAN(MATCH_ALL, config->match_all);
98 /* condition parameter is:
99 * field_name OPERATOR value.
100 * valid operators are:
101 * == field_name is strictly equal to
102 * =i field_name is case insensitively equal to
103 * != field_name is not equal to
104 * !i field_name is not case insensitively equal to
105 * >= field_name contains
106 * >i field_name contains case insensitively
107 * <= field_name is contained
108 * <i field_name is contained case insensitively
109 * #= field_name is empty or not set
110 * #i field_name is not empty
112 case ATK_CONDITION: {
113 #define IS_OP_START(N) \
114 ((N) == '=' || (N) == '!' || (N) == '>' || (N) == '<' || (N) == '#')
115 #define IS_OP_END(N) \
116 ((N) == '=' || (N) == 'i')
117 match_condition_t condition = CONDITION_INIT;
118 const char *p = m_strnextsp(param->value);
119 const char *n = p + 1;
120 PARSE_CHECK(isalnum(*p), "invalid field name");
121 for (n = p + 1 ; *n && (isalnum(*n) || *n == '_') ; ++n);
123 (isspace(*n) || IS_OP_START(*n)),
124 "invalid condition, expected operator after field name");
125 condition.field = policy_tokenize(p, n - p);
126 PARSE_CHECK(condition.field >= PTK_HELO_NAME
127 && condition.field < PTK_SMTPD_ACCESS_POLICY,
128 "invalid field name %.*s", n - p, p);
131 PARSE_CHECK(IS_OP_START(*p) && IS_OP_END(*n),
132 "invalid operator %2s", p);
134 #define CASE_OP(C, Value) \
136 condition.condition = MATCH_ ## Value; \
137 PARSE_CHECK(*n == '=' || *n == 'i', "invalid operator modifier %c", *n);\
138 condition.case_sensitive = !!(*n == '='); \
141 CASE_OP('!', DIFFER);
142 CASE_OP('>', CONTAINS);
143 CASE_OP('<', CONTAINED);
147 PARSE_CHECK(condition.condition != MATCH_UNKNOWN,
149 if (condition.condition != MATCH_EMPTY) {
150 p = m_strnextsp(n + 1);
151 PARSE_CHECK(*p, "no value defined to check the condition");
152 condition.value_len = param->value_len - (p - param->value);
153 condition.value = p_dupstr(p, condition.value_len);
155 array_add(config->conditions, condition);
162 PARSE_CHECK(config->conditions.len > 0,
163 "no condition defined");
164 filter->data = config;
168 static void match_filter_destructor(filter_t *filter)
170 match_config_t *config = filter->data;
171 match_config_delete(&config);
172 filter->data = config;
175 static inline bool match_condition(const match_condition_t *cond, const query_t *query)
177 const char *field = NULL;
178 switch (cond->field) {
179 #define CASE(Up, Low) \
180 case PTK_ ## Up: field = query->Low; break;
181 CASE(HELO_NAME, helo_name)
182 CASE(QUEUE_ID, queue_id)
184 CASE(RECIPIENT, recipient)
185 CASE(RECIPIENT_COUNT, recipient_count)
186 CASE(CLIENT_ADDRESS, client_address)
187 CASE(CLIENT_NAME, client_name)
188 CASE(REVERSE_CLIENT_NAME, reverse_client_name)
189 CASE(INSTANCE, instance)
190 CASE(SASL_METHOD, sasl_method)
191 CASE(SASL_USERNAME, sasl_username)
192 CASE(SASL_SENDER, sasl_sender)
194 CASE(CCERT_SUBJECT, ccert_subject)
195 CASE(CCERT_ISSUER, ccert_issuer)
196 CASE(CCERT_FINGERPRINT, ccert_fingerprint)
197 CASE(ENCRYPTION_PROTOCOL, encryption_protocol)
198 CASE(ENCRYPTION_CIPHER, encryption_cipher)
199 CASE(ENCRYPTION_KEYSIZE, encryption_keysize)
200 CASE(ETRN_DOMAIN, etrn_domain)
203 default: return false;
205 switch (cond->condition) {
209 return cond->condition != MATCH_DIFFER;
211 if (cond->case_sensitive) {
212 return !!((strcmp(field, cond->value) == 0)
213 ^ (cond->condition == MATCH_DIFFER));
215 return !!((ascii_strcasecmp(field, cond->value) == 0)
216 ^ (cond->condition == MATCH_DIFFER));
224 if (cond->case_sensitive) {
225 return strstr(field, cond->value);
227 return m_stristrn(field, cond->value, cond->value_len);
231 case MATCH_CONTAINED:
235 if (cond->case_sensitive) {
236 return strstr(cond->value, field);
238 return m_stristr(cond->value, field);
243 return !!(!!(field == NULL || *field == '\0')) ^ (!!cond->case_sensitive);
246 assert(false && "invalid condition type");
251 static filter_result_t match_filter(const filter_t *filter, const query_t *query)
253 const match_config_t *config = filter->data;
254 foreach (const match_condition_t *condition, config->conditions) {
255 bool r = match_condition(condition, query);
256 if (!r && config->match_all) {
258 } else if (r && !(config->match_all)) {
262 if (config->match_all) {
269 static int match_init(void)
271 filter_type_t type = filter_register("match", match_filter_constructor,
272 match_filter_destructor, match_filter);
275 (void)filter_hook_register(type, "abort");
276 (void)filter_hook_register(type, "error");
277 (void)filter_hook_register(type, "true");
278 (void)filter_hook_register(type, "false");
282 (void)filter_param_register(type, "match_all");
283 (void)filter_param_register(type, "condition");
286 module_init(match_init);