#include "epoll.h"
#include "policy_tokens.h"
#include "server.h"
-#include "query.h"
#include "config.h"
+#include "postlicyd.h"
#define DAEMON_NAME "postlicyd"
+#define DAEMON_VERSION "0.2"
#define DEFAULT_PORT 10000
#define RUNAS_USER "nobody"
#define RUNAS_GROUP "nogroup"
DECLARE_MAIN
+static config_t *config = NULL;
+
+
static void *query_starter(server_t* server)
{
- return query_new();
+ query_context_t *context = p_new(query_context_t, 1);
+ filter_context_prepare(&context->context, context);
+ return context;
}
-static bool config_refresh(void *config)
+static void query_stopper(void *data)
{
- return config_reload(config);
+ query_context_t **context = data;
+ if (*context) {
+ filter_context_wipe(&(*context)->context);
+ p_delete(context);
+ }
+}
+
+static bool config_refresh(void *mconfig)
+{
+ return config_reload(mconfig);
}
__attribute__((format(printf,2,0)))
static void policy_answer(server_t *pcy, const char *fmt, ...)
{
va_list args;
- const query_t* query = pcy->data;
+ query_context_t *context = pcy->data;
+ const query_t* query = &context->query;
buffer_addstr(&pcy->obuf, "action=");
va_start(args, fmt);
epoll_modify(pcy->fd, EPOLLIN | EPOLLOUT, pcy);
}
-static bool policy_process(server_t *pcy, const config_t *config)
+static bool policy_process(server_t *pcy, const config_t *mconfig)
{
- const query_t* query = pcy->data;
+ query_context_t *context = pcy->data;
+ const query_t* query = &context->query;
const filter_t *filter;
- if (config->entry_points[query->state] == -1) {
- syslog(LOG_WARNING, "no filter defined for current protocol_state (%d)", query->state);
+ if (mconfig->entry_points[query->state] == -1) {
+ warn("no filter defined for current protocol_state (%d)", query->state);
return false;
}
- filter = array_ptr(config->filters, config->entry_points[query->state]);
+ if (context->context.current_filter != NULL) {
+ filter = context->context.current_filter;
+ } else {
+ filter = array_ptr(mconfig->filters, mconfig->entry_points[query->state]);
+ }
+ context->context.current_filter = NULL;
while (true) {
- const filter_hook_t *hook = filter_run(filter, query);
+ const filter_hook_t *hook = filter_run(filter, query, &context->context);
if (hook == NULL) {
- syslog(LOG_WARNING, "request client=%s, from=<%s>, to=<%s>: aborted",
- query->client_name,
- query->sender == NULL ? "undefined" : query->sender,
- query->recipient == NULL ? "undefined" : query->recipient);
+ warn("request client=%s, from=<%s>, to=<%s>: aborted",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient);
return false;
- } else if (hook->postfix) {
- syslog(LOG_INFO, "request client=%s, from=<%s>, to=<%s>: "
- "awswer %s from filter %s",
+ } else if (hook->async) {
+ debug("request client=%s, from=<%s>, to=<%s>: "
+ "asynchronous filter from filter %s",
query->client_name,
query->sender == NULL ? "undefined" : query->sender,
query->recipient == NULL ? "undefined" : query->recipient,
- htokens[hook->type], filter->name);
+ filter->name);
+ return true;
+ } else if (hook->postfix) {
+ info("request client=%s, from=<%s>, to=<%s>: "
+ "awswer %s from filter %s: \"%s\"",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient,
+ htokens[hook->type], filter->name, hook->value);
policy_answer(pcy, "%s", hook->value);
return true;
} else {
- filter = array_ptr(config->filters, hook->filter_id);
+ debug("request client=%s, from=<%s>, to=<%s>: "
+ "awswer %s from filter %s: next filter %s",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient,
+ htokens[hook->type], filter->name,
+ (array_ptr(mconfig->filters, hook->filter_id))->name);
+ filter = array_ptr(mconfig->filters, hook->filter_id);
}
}
}
static int policy_run(server_t *pcy, void* vconfig)
{
- ssize_t search_offs = MAX(0, (ssize_t)(pcy->ibuf.len - 1));
+ int search_offs = MAX(0, (int)(pcy->ibuf.len - 1));
int nb = buffer_read(&pcy->ibuf, pcy->fd, -1);
const char *eoq;
- query_t *query = pcy->data;
- const config_t *config = vconfig;
+ query_context_t *context = pcy->data;
+ query_t *query = &context->query;
+ context->server = pcy;
+ const config_t *mconfig = vconfig;
if (nb < 0) {
if (errno == EAGAIN || errno == EINTR)
}
if (nb == 0) {
if (pcy->ibuf.len)
- syslog(LOG_ERR, "unexpected end of data");
+ err("unexpected end of data");
return -1;
}
return -1;
query->eoq = eoq + strlen("\n\n");
epoll_modify(pcy->fd, 0, pcy);
- return policy_process(pcy, config) ? 0 : -1;
+ return policy_process(pcy, mconfig) ? 0 : -1;
+}
+
+static void policy_async_handler(filter_context_t *context,
+ const filter_hook_t *hook)
+{
+ const filter_t *filter = context->current_filter;
+ query_context_t *qctx = context->data;
+ query_t *query = &qctx->query;
+ server_t *server = qctx->server;
+
+ debug("request client=%s, from=<%s>, to=<%s>: "
+ "awswer %s from filter %s: next filter %s",
+ query->client_name,
+ query->sender == NULL ? "undefined" : query->sender,
+ query->recipient == NULL ? "undefined" : query->recipient,
+ htokens[hook->type], filter->name,
+ (array_ptr(config->filters, hook->filter_id))->name);
+ context->current_filter = array_ptr(config->filters, hook->filter_id);
+
+ if (!policy_process(server, config)) {
+ server_release(server);
+ }
}
+static int postlicyd_init(void)
+{
+ filter_async_handler_register(policy_async_handler);
+ return 0;
+}
+module_init(postlicyd_init);
+
int start_listener(int port)
{
return start_server(port, NULL, NULL);
" -l <port> port to listen to\n"
" -p <pidfile> file to write our pid to\n"
" -f stay in foreground\n"
+ " -d grow logging level\n"
+ " -u unsafe mode (don't drop privileges)\n"
, stderr);
}
int port = DEFAULT_PORT;
bool port_from_cli = false;
- for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) {
+ for (int c = 0; (c = getopt(argc, argv, "ufd" "l:p:")) >= 0; ) {
switch (c) {
case 'p':
pidfile = optarg;
case 'f':
daemonize = false;
break;
+ case 'd':
+ ++log_level;
+ break;
default:
usage();
return EXIT_FAILURE;
}
}
+ if (!daemonize) {
+ log_syslog = false;
+ }
+
if (argc - optind != 1) {
usage();
return EXIT_FAILURE;
}
+ info("starting %s v%s...", DAEMON_NAME, DAEMON_VERSION);
+
+ if (pidfile_open(pidfile) < 0) {
+ crit("unable to write pidfile %s", pidfile);
+ return EXIT_FAILURE;
+ }
+
if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
- syslog(LOG_CRIT, "unable to drop privileges");
+ crit("unable to drop privileges");
return EXIT_FAILURE;
}
- config_t *config = config_read(argv[optind]);
+ config = config_read(argv[optind]);
if (config == NULL) {
return EXIT_FAILURE;
}
config->port = port;
}
- if (common_setup(pidfile, true, NULL, NULL, daemonize) != EXIT_SUCCESS
- || start_listener(config->port) < 0) {
- config_delete(&config);
+ if (daemonize && daemon_detach() < 0) {
+ crit("unable to fork");
+ return EXIT_FAILURE;
+ }
+
+ pidfile_refresh();
+
+ if (start_listener(config->port) < 0) {
return EXIT_FAILURE;
} else {
- int res = server_loop(query_starter, (delete_client_t)query_delete,
- policy_run, config_refresh, config);
- config_delete(&config);
- return res;
+ return server_loop(query_starter, query_stopper,
+ policy_run, config_refresh, config);
}
}
projects / apps / pfixtools.git / blobdiff