mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14015 Commits
28 Branches
Tree: 110f02f449
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '110f02f449'
${ noResults }
rspamd/src/controller.c

controller.c 101KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "libserver/dynamic_cfg.h"

  18. #include "libserver/cfg_file_private.h"

  19. #include "libutil/rrd.h"

  20. #include "libutil/map.h"

  21. #include "libutil/map_helpers.h"

  22. #include "libutil/map_private.h"

  23. #include "libutil/http_private.h"

  24. #include "libstat/stat_api.h"

  25. #include "rspamd.h"

  26. #include "libserver/worker_util.h"

  27. #include "worker_private.h"

  28. #include "lua/lua_common.h"

  29. #include "cryptobox.h"

  30. #include "ottery.h"

  31. #include "fuzzy_wire.h"

  32. #include "unix-std.h"

  33. #include "utlist.h"

  34. #include "libmime/lang_detection.h"

  35. #include <math.h>

  36. 

  37. /* 60 seconds for worker's IO */

  38. #define DEFAULT_WORKER_IO_TIMEOUT 60000

  39. 

  40. #define DEFAULT_STATS_PATH RSPAMD_DBDIR "/stats.ucl"

  41. 

  42. /* HTTP paths */

  43. #define PATH_AUTH "/auth"

  44. #define PATH_SYMBOLS "/symbols"

  45. #define PATH_ACTIONS "/actions"

  46. #define PATH_MAPS "/maps"

  47. #define PATH_GET_MAP "/getmap"

  48. #define PATH_GRAPH "/graph"

  49. #define PATH_PIE_CHART "/pie"

  50. #define PATH_HISTORY "/history"

  51. #define PATH_HISTORY_RESET "/historyreset"

  52. #define PATH_LEARN_SPAM "/learnspam"

  53. #define PATH_LEARN_HAM "/learnham"

  54. #define PATH_SAVE_ACTIONS "/saveactions"

  55. #define PATH_SAVE_SYMBOLS "/savesymbols"

  56. #define PATH_SAVE_MAP "/savemap"

  57. #define PATH_SCAN "/scan"

  58. #define PATH_CHECK "/check"

  59. #define PATH_CHECKV2 "/checkv2"

  60. #define PATH_STAT "/stat"

  61. #define PATH_STAT_RESET "/statreset"

  62. #define PATH_COUNTERS "/counters"

  63. #define PATH_ERRORS "/errors"

  64. #define PATH_NEIGHBOURS "/neighbours"

  65. #define PATH_PLUGINS "/plugins"

  66. #define PATH_PING "/ping"

  67. 

  68. #define msg_err_session(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \

  69.         session->pool->tag.tagname, session->pool->tag.uid, \

  70.         G_STRFUNC, \

  71.         __VA_ARGS__)

  72. #define msg_warn_session(...)   rspamd_default_log_function (G_LOG_LEVEL_WARNING, \

  73.         session->pool->tag.tagname, session->pool->tag.uid, \

  74.         G_STRFUNC, \

  75.         __VA_ARGS__)

  76. #define msg_info_session(...)   rspamd_default_log_function (G_LOG_LEVEL_INFO, \

  77.         session->pool->tag.tagname, session->pool->tag.uid, \

  78.         G_STRFUNC, \

  79.         __VA_ARGS__)

  80. #define msg_err_ctx(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \

  81.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  82.         G_STRFUNC, \

  83.         __VA_ARGS__)

  84. #define msg_warn_ctx(...)   rspamd_default_log_function (G_LOG_LEVEL_WARNING, \

  85.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  86.         G_STRFUNC, \

  87.         __VA_ARGS__)

  88. #define msg_info_ctx(...)   rspamd_default_log_function (G_LOG_LEVEL_INFO, \

  89.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  90.         G_STRFUNC, \

  91.         __VA_ARGS__)

  92. 

  93. #define msg_debug_session(...)  rspamd_conditional_debug_fast (NULL, session->from_addr, \

  94.         rspamd_controller_log_id, "controller", session->pool->tag.uid, \

  95.         G_STRFUNC, \

  96.         __VA_ARGS__)

  97. 

  98. INIT_LOG_MODULE(controller)

  99. 

  100. /* Graph colors */

  101. #define COLOR_CLEAN "#58A458"

  102. #define COLOR_PROBABLE_SPAM "#D67E7E"

  103. #define COLOR_GREYLIST "#A0A0A0"

  104. #define COLOR_REJECT "#CB4B4B"

  105. #define COLOR_TOTAL "#9440ED"

  106. 

  107. const struct timeval rrd_update_time = {

  108. 		.tv_sec = 1,

  109. 		.tv_usec = 0

  110. };

  111. 

  112. const guint64 rspamd_controller_ctx_magic = 0xf72697805e6941faULL;

  113. 

  114. extern void fuzzy_stat_command (struct rspamd_task *task);

  115. 

  116. gpointer init_controller_worker (struct rspamd_config *cfg);

  117. void start_controller_worker (struct rspamd_worker *worker);

  118. 

  119. worker_t controller_worker = {

  120. 	"controller",                   /* Name */

  121. 	init_controller_worker,         /* Init function */

  122. 	start_controller_worker,        /* Start function */

  123. 	RSPAMD_WORKER_HAS_SOCKET | RSPAMD_WORKER_KILLABLE |

  124. 			RSPAMD_WORKER_SCANNER | RSPAMD_WORKER_CONTROLLER,

  125. 	RSPAMD_WORKER_SOCKET_TCP,       /* TCP socket */

  126. 	RSPAMD_WORKER_VER       /* Version info */

  127. };

  128. /*

  129.  * Worker's context

  130.  */

  131. struct rspamd_controller_worker_ctx {

  132. 	guint64 magic;

  133. 	/* Events base */

  134. 	struct event_base *ev_base;

  135. 	/* DNS resolver */

  136. 	struct rspamd_dns_resolver *resolver;

  137. 	/* Config */

  138. 	struct rspamd_config *cfg;

  139. 	/* END OF COMMON PART */

  140. 	guint32 timeout;

  141. 	struct timeval io_tv;

  142. 	/* Whether we use ssl for this server */

  143. 	gboolean use_ssl;

  144. 	/* Webui password */

  145. 	gchar *password;

  146. 	/* Privilleged password */

  147. 	gchar *enable_password;

  148. 	/* Cached versions of the passwords */

  149. 	rspamd_ftok_t cached_password;

  150. 	rspamd_ftok_t cached_enable_password;

  151. 	/* HTTP server */

  152. 	struct rspamd_http_connection_router *http;

  153. 	/* Server's start time */

  154. 	time_t start_time;

  155. 	/* Main server */

  156. 	struct rspamd_main *srv;

  157. 	/* SSL cert */

  158. 	gchar *ssl_cert;

  159. 	/* SSL private key */

  160. 	gchar *ssl_key;

  161. 	/* A map of secure IP */

  162. 	const ucl_object_t *secure_ip;

  163. 	struct rspamd_radix_map_helper *secure_map;

  164. 

  165. 	/* Static files dir */

  166. 	gchar *static_files_dir;

  167. 

  168. 	/* Saved statistics path */

  169. 	gchar *saved_stats_path;

  170. 

  171. 	/* Custom commands registered by plugins */

  172. 	GHashTable *custom_commands;

  173. 

  174. 	/* Plugins registered from lua */

  175. 	GHashTable *plugins;

  176. 

  177. 	/* Worker */

  178. 	struct rspamd_worker *worker;

  179. 

  180. 	/* Local keypair */

  181. 	gpointer key;

  182. 

  183. 	struct event *rrd_event;

  184. 	struct rspamd_rrd_file *rrd;

  185. 	struct event save_stats_event;

  186. 	struct rspamd_lang_detector *lang_det;

  187. 	gdouble task_timeout;

  188. };

  189. 

  190. struct rspamd_controller_plugin_cbdata {

  191. 	lua_State *L;

  192. 	struct rspamd_controller_worker_ctx *ctx;

  193. 	gchar *plugin;

  194. 	struct ucl_lua_funcdata *handler;

  195. 	ucl_object_t *obj;

  196. 	gboolean is_enable;

  197. 	gboolean need_task;

  198. 	guint version;

  199. };

  200. 

  201. static gboolean

  202. rspamd_is_encrypted_password (const gchar *password,

  203. 		struct rspamd_controller_pbkdf const **pbkdf)

  204. {

  205. 	const gchar *start, *end;

  206. 	gint64 id;

  207. 	gsize size, i;

  208. 	gboolean ret = FALSE;

  209. 	const struct rspamd_controller_pbkdf *p;

  210. 

  211. 	if (password[0] == '$') {

  212. 		/* Parse id */

  213. 		start = password + 1;

  214. 		end = start;

  215. 		size = 0;

  216. 

  217. 		while (*end != '\0' && g_ascii_isdigit (*end)) {

  218. 			size++;

  219. 			end++;

  220. 		}

  221. 

  222. 		if (size > 0) {

  223. 			gchar *endptr;

  224. 			id = strtoul (start, &endptr, 10);

  225. 

  226. 			if ((endptr == NULL || *endptr == *end)) {

  227. 				for (i = 0; i < RSPAMD_PBKDF_ID_MAX - 1; i ++) {

  228. 					p = &pbkdf_list[i];

  229. 

  230. 					if (p->id == id) {

  231. 						ret = TRUE;

  232. 						if (pbkdf != NULL) {

  233. 							*pbkdf = &pbkdf_list[i];

  234. 						}

  235. 

  236. 						break;

  237. 					}

  238. 				}

  239. 			}

  240. 		}

  241. 	}

  242. 

  243. 	return ret;

  244. }

  245. 

  246. static const gchar *

  247. rspamd_encrypted_password_get_str (const gchar * password, gsize skip,

  248. 		gsize * length)

  249. {

  250. 	const gchar *str, *start, *end;

  251. 	gsize size;

  252. 

  253. 	start = password + skip;

  254. 	end = start;

  255. 	size = 0;

  256. 

  257. 	while (*end != '\0' && g_ascii_isalnum (*end)) {

  258. 		size++;

  259. 		end++;

  260. 	}

  261. 

  262. 	if (size) {

  263. 		str = start;

  264. 		*length = size;

  265. 	}

  266. 	else {

  267. 		str = NULL;

  268. 	}

  269. 

  270. 	return str;

  271. }

  272. 

  273. static gboolean

  274. rspamd_check_encrypted_password (struct rspamd_controller_worker_ctx *ctx,

  275. 		const rspamd_ftok_t * password, const gchar * check,

  276. 		const struct rspamd_controller_pbkdf *pbkdf,

  277. 		gboolean is_enable)

  278. {

  279. 	const gchar *salt, *hash;

  280. 	gchar *salt_decoded, *key_decoded;

  281. 	gsize salt_len = 0, key_len = 0;

  282. 	gboolean ret = TRUE;

  283. 	guchar *local_key;

  284. 	rspamd_ftok_t *cache;

  285. 	gpointer m;

  286. 

  287. 	/* First of all check cached versions to save resources */

  288. 	if (is_enable && ctx->cached_enable_password.len != 0) {

  289. 		if (password->len != ctx->cached_enable_password.len ||

  290. 				!rspamd_constant_memcmp (password->begin,

  291. 						ctx->cached_enable_password.begin, password->len)) {

  292. 			msg_info_ctx ("incorrect or absent enable password has been specified");

  293. 			return FALSE;

  294. 		}

  295. 

  296. 		return TRUE;

  297. 	}

  298. 	else if (!is_enable && ctx->cached_password.len != 0) {

  299. 		if (password->len != ctx->cached_password.len ||

  300. 				!rspamd_constant_memcmp (password->begin,

  301. 						ctx->cached_password.begin, password->len)) {

  302. 			/* We still need to check enable password here */

  303. 			if (ctx->cached_enable_password.len != 0) {

  304. 				if (password->len != ctx->cached_enable_password.len ||

  305. 						!rspamd_constant_memcmp (password->begin,

  306. 								ctx->cached_enable_password.begin,

  307. 								password->len)) {

  308. 					msg_info_ctx (

  309. 							"incorrect or absent password has been specified");

  310. 

  311. 					return FALSE;

  312. 				}

  313. 				else {

  314. 					/* Cached matched */

  315. 					return TRUE;

  316. 				}

  317. 			}

  318. 			else {

  319. 				/* We might want to check uncached version */

  320. 				goto check_uncached;

  321. 			}

  322. 		}

  323. 		else {

  324. 			/* Cached matched */

  325. 			return TRUE;

  326. 		}

  327. 	}

  328. 

  329. check_uncached:

  330. 	g_assert (pbkdf != NULL);

  331. 	/* get salt */

  332. 	salt = rspamd_encrypted_password_get_str (check, 3, &salt_len);

  333. 	/* get hash */

  334. 	hash = rspamd_encrypted_password_get_str (check, 3 + salt_len + 1,

  335. 			&key_len);

  336. 	if (salt != NULL && hash != NULL) {

  337. 

  338. 		/* decode salt */

  339. 		salt_decoded = rspamd_decode_base32 (salt, salt_len, &salt_len);

  340. 

  341. 		if (salt_decoded == NULL || salt_len != pbkdf->salt_len) {

  342. 			/* We have some unknown salt here */

  343. 			msg_info_ctx ("incorrect salt: %z, while %z expected",

  344. 					salt_len, pbkdf->salt_len);

  345. 			return FALSE;

  346. 		}

  347. 

  348. 		key_decoded = rspamd_decode_base32 (hash, key_len, &key_len);

  349. 

  350. 		if (key_decoded == NULL || key_len != pbkdf->key_len) {

  351. 			/* We have some unknown salt here */

  352. 			msg_info_ctx ("incorrect key: %z, while %z expected",

  353. 					key_len, pbkdf->key_len);

  354. 			return FALSE;

  355. 		}

  356. 

  357. 		local_key = g_alloca (pbkdf->key_len);

  358. 		rspamd_cryptobox_pbkdf (password->begin, password->len,

  359. 				salt_decoded, salt_len,

  360. 				local_key, pbkdf->key_len, pbkdf->complexity,

  361. 				pbkdf->type);

  362. 

  363. 		if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {

  364. 			msg_info_ctx ("incorrect or absent password has been specified");

  365. 			ret = FALSE;

  366. 		}

  367. 

  368. 		g_free (salt_decoded);

  369. 		g_free (key_decoded);

  370. 	}

  371. 

  372. 	if (ret) {

  373. 		/* Save cached version */

  374. 		cache = is_enable ? &ctx->cached_enable_password : &ctx->cached_password;

  375. 

  376. 		if (cache->len == 0) {

  377. 			/* Mmap region */

  378. #ifdef MAP_NOCORE

  379. 			m = mmap (NULL, password->len, PROT_WRITE,

  380. 					MAP_PRIVATE | MAP_ANON | MAP_NOCORE, -1, 0);

  381. #else

  382. 			m = mmap (NULL, password->len, PROT_WRITE,

  383. 					MAP_PRIVATE | MAP_ANON, -1, 0);

  384. #endif

  385. 			if (m != MAP_FAILED) {

  386. 				memcpy (m, password->begin, password->len);

  387. 				(void)mprotect (m, password->len, PROT_READ);

  388. 				(void)mlock (m, password->len);

  389. 				cache->begin = m;

  390. 				cache->len = password->len;

  391. 			}

  392. 			else {

  393. 				msg_err_ctx ("cannot store cached password, mmap failed: %s",

  394. 						strerror (errno));

  395. 			}

  396. 		}

  397. 	}

  398. 

  399. 	return ret;

  400. }

  401. 

  402. /**

  403.  * Checks for X-Forwarded-For header and update client's address if needed

  404.  *

  405.  * This function is intended to be called for a trusted client to ensure that

  406.  * a request is not proxied through it

  407.  * @return 0 if no forwarded found, 1 if forwarded found and it is yet trusted

  408.  * and -1 if forwarded is denied

  409.  */

  410. static gint

  411. rspamd_controller_check_forwarded (struct rspamd_controller_session *session,

  412. 		struct rspamd_http_message *msg,

  413. 		struct rspamd_controller_worker_ctx *ctx)

  414. {

  415. 	const rspamd_ftok_t *hdr;

  416. 	const gchar *comma;

  417. 	const char *hdr_name = "X-Forwarded-For", *alt_hdr_name = "X-Real-IP";

  418. 	char ip_buf[INET6_ADDRSTRLEN + 1];

  419. 	rspamd_inet_addr_t *addr = NULL;

  420. 	gint ret = 0;

  421. 

  422. 	hdr = rspamd_http_message_find_header (msg, hdr_name);

  423. 

  424. 	if (hdr) {

  425. 		/*

  426. 		 * We need to parse and update the header

  427. 		 * X-Forwarded-For: client, proxy1, proxy2

  428. 		 */

  429. 		comma = rspamd_memrchr (hdr->begin, ',', hdr->len);

  430. 		if (comma != NULL) {

  431. 			while (comma < hdr->begin + hdr->len &&

  432. 					(*comma == ',' || g_ascii_isspace (*comma))) {

  433. 				comma ++;

  434. 			}

  435. 		}

  436. 		else {

  437. 			comma = hdr->begin;

  438. 		}

  439. 		if (rspamd_parse_inet_address (&addr, comma,

  440. 				(hdr->begin + hdr->len) - comma)) {

  441. 			/* We have addr now, so check if it is still trusted */

  442. 			if (ctx->secure_map &&

  443. 					rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {

  444. 				/* rspamd_inet_address_to_string is not reentrant */

  445. 				rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),

  446. 						sizeof (ip_buf));

  447. 				msg_info_session ("allow unauthorized proxied connection "

  448. 						"from a trusted IP %s via %s",

  449. 						ip_buf,

  450. 						rspamd_inet_address_to_string (session->from_addr));

  451. 				ret = 1;

  452. 			}

  453. 			else {

  454. 				ret = -1;

  455. 			}

  456. 

  457. 			rspamd_inet_address_free (addr);

  458. 		}

  459. 		else {

  460. 			msg_warn_session ("cannot parse forwarded IP: %T", hdr);

  461. 			ret = -1;

  462. 		}

  463. 	}

  464. 	else {

  465. 		/* Try also X-Real-IP */

  466. 		hdr = rspamd_http_message_find_header (msg, alt_hdr_name);

  467. 

  468. 		if (hdr) {

  469. 			if (rspamd_parse_inet_address (&addr, hdr->begin, hdr->len)) {

  470. 				/* We have addr now, so check if it is still trusted */

  471. 				if (ctx->secure_map &&

  472. 						rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {

  473. 					/* rspamd_inet_address_to_string is not reentrant */

  474. 					rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),

  475. 							sizeof (ip_buf));

  476. 					msg_info_session ("allow unauthorized proxied connection "

  477. 							"from a trusted IP %s via %s",

  478. 							ip_buf,

  479. 							rspamd_inet_address_to_string (session->from_addr));

  480. 					ret = 1;

  481. 				}

  482. 				else {

  483. 					ret = -1;

  484. 				}

  485. 

  486. 				rspamd_inet_address_free (addr);

  487. 			}

  488. 			else {

  489. 				msg_warn_session ("cannot parse real IP: %T", hdr);

  490. 				ret = -1;

  491. 			}

  492. 		}

  493. 	}

  494. 

  495. 	return ret;

  496. }

  497. 

  498. /* Check for password if it is required by configuration */

  499. static gboolean

  500. rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,

  501. 		struct rspamd_controller_session *session,

  502. 		struct rspamd_http_message *msg, gboolean is_enable)

  503. {

  504. 	const gchar *check;

  505. 	const rspamd_ftok_t *password;

  506. 	rspamd_ftok_t lookup;

  507. 	GHashTable *query_args = NULL;

  508. 	struct rspamd_controller_worker_ctx *ctx = session->ctx;

  509. 	gboolean check_normal = TRUE, check_enable = TRUE, ret = TRUE,

  510. 		use_enable = FALSE;

  511. 	const struct rspamd_controller_pbkdf *pbkdf = NULL;

  512. 

  513. 	/* Access list logic */

  514. 	if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {

  515. 		ret = rspamd_controller_check_forwarded (session, msg, ctx);

  516. 

  517. 		if (ret == 1) {

  518. 			session->is_enable = TRUE;

  519. 

  520. 			return TRUE;

  521. 		}

  522. 		else if (ret == 0) {

  523. 			/* No forwarded found */

  524. 			msg_info_session ("allow unauthorized connection from a unix socket");

  525. 			session->is_enable = TRUE;

  526. 

  527. 			return TRUE;

  528. 		}

  529. 	}

  530. 	else if (ctx->secure_map

  531. 			&& rspamd_match_radix_map_addr (ctx->secure_map, session->from_addr)

  532. 					!= NULL) {

  533. 		ret = rspamd_controller_check_forwarded (session, msg, ctx);

  534. 

  535. 		if (ret == 1) {

  536. 			session->is_enable = TRUE;

  537. 

  538. 			return TRUE;

  539. 		}

  540. 		else if (ret == 0) {

  541. 			/* No forwarded found */

  542. 			msg_info_session ("allow unauthorized connection from a trusted IP %s",

  543. 							rspamd_inet_address_to_string (session->from_addr));

  544. 			session->is_enable = TRUE;

  545. 

  546. 			return TRUE;

  547. 		}

  548. 	}

  549. 

  550. 	/* Password logic */

  551. 	password = rspamd_http_message_find_header (msg, "Password");

  552. 

  553. 	if (password == NULL) {

  554. 		/* Try to get password from query args */

  555. 		query_args = rspamd_http_message_parse_query (msg);

  556. 

  557. 		lookup.begin = (gchar *)"password";

  558. 		lookup.len = sizeof ("password") - 1;

  559. 

  560. 		password = g_hash_table_lookup (query_args, &lookup);

  561. 	}

  562. 

  563. 	if (password == NULL) {

  564. 		if (ctx->secure_map == NULL) {

  565. 			if (ctx->password == NULL && !is_enable) {

  566. 				return TRUE;

  567. 			}

  568. 			else if (is_enable && (ctx->password == NULL &&

  569. 					ctx->enable_password == NULL)) {

  570. 				session->is_enable = TRUE;

  571. 				return TRUE;

  572. 			}

  573. 		}

  574. 

  575. 		msg_info_session ("absent password has been specified");

  576. 		ret = FALSE;

  577. 	}

  578. 	else {

  579. 		if (rspamd_ftok_cstr_equal (password, "q1", FALSE) ||

  580. 				rspamd_ftok_cstr_equal (password, "q2", FALSE)) {

  581. 			msg_info_session ("deny default password for remote access");

  582. 			ret = FALSE;

  583. 			goto end;

  584. 		}

  585. 

  586. 		if (is_enable) {

  587. 			/* For privileged commands we strictly require enable password */

  588. 			if (ctx->enable_password != NULL) {

  589. 				check = ctx->enable_password;

  590. 				use_enable = TRUE;

  591. 			}

  592. 			else {

  593. 				/* Use just a password (legacy mode) */

  594. 				msg_info(

  595. 						"using password as enable_password for a privileged command");

  596. 				check = ctx->password;

  597. 			}

  598. 

  599. 			if (check != NULL) {

  600. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  601. 					ret = FALSE;

  602. 

  603. 					if (strlen (check) == password->len) {

  604. 						ret = rspamd_constant_memcmp (password->begin, check,

  605. 								password->len);

  606. 					}

  607. 				}

  608. 				else {

  609. 					ret = rspamd_check_encrypted_password (ctx, password, check,

  610. 							pbkdf, use_enable);

  611. 				}

  612. 			}

  613. 			else {

  614. 				msg_warn_session (

  615. 						"no password to check while executing a privileged command");

  616. 				ret = FALSE;

  617. 			}

  618. 

  619. 			if (ret) {

  620. 				session->is_enable = TRUE;

  621. 			}

  622. 		}

  623. 		else {

  624. 			/* Accept both normal and enable passwords */

  625. 			if (ctx->password != NULL) {

  626. 				check = ctx->password;

  627. 

  628. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  629. 					check_normal = FALSE;

  630. 

  631. 					if (strlen (check) == password->len) {

  632. 						check_normal = rspamd_constant_memcmp (password->begin,

  633. 								check,

  634. 								password->len);

  635. 					}

  636. 				}

  637. 				else {

  638. 					check_normal = rspamd_check_encrypted_password (ctx,

  639. 							password,

  640. 							check, pbkdf, FALSE);

  641. 				}

  642. 

  643. 			}

  644. 			else {

  645. 				check_normal = FALSE;

  646. 			}

  647. 

  648. 			if (ctx->enable_password != NULL) {

  649. 				check = ctx->enable_password;

  650. 

  651. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  652. 					check_enable = FALSE;

  653. 

  654. 					if (strlen (check) == password->len) {

  655. 						check_enable = rspamd_constant_memcmp (password->begin,

  656. 								check,

  657. 								password->len);

  658. 					}

  659. 				}

  660. 				else {

  661. 					check_enable = rspamd_check_encrypted_password (ctx,

  662. 							password,

  663. 							check, pbkdf, TRUE);

  664. 				}

  665. 

  666. 				if (check_enable) {

  667. 					session->is_enable = TRUE;

  668. 				}

  669. 			}

  670. 			else {

  671. 				check_enable = FALSE;

  672. 

  673. 				if (check_normal) {

  674. 					/*

  675. 					 * If no enable password is specified use normal password as

  676. 					 * enable password

  677. 					 */

  678. 					session->is_enable = TRUE;

  679. 				}

  680. 			}

  681. 		}

  682. 	}

  683. 

  684. 	if (check_normal == FALSE && check_enable == FALSE) {

  685. 		msg_info ("absent or incorrect password has been specified");

  686. 		ret = FALSE;

  687. 	}

  688. 

  689. end:

  690. 	if (query_args != NULL) {

  691. 		g_hash_table_unref (query_args);

  692. 	}

  693. 

  694. 	if (!ret) {

  695. 		rspamd_controller_send_error (entry, 403, "Unauthorized");

  696. 	}

  697. 

  698. 	return ret;

  699. }

  700. 

  701. /* Command handlers */

  702. 

  703. /*

  704.  * Auth command handler:

  705.  * request: /auth

  706.  * headers: Password

  707.  * reply: json {"auth": "ok", "version": "0.5.2", "uptime": "some uptime", "error": "none"}

  708.  */

  709. static int

  710. rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,

  711. 	struct rspamd_http_message *msg)

  712. {

  713. 	struct rspamd_controller_session *session = conn_ent->ud;

  714. 	struct rspamd_stat *st;

  715. 	int64_t uptime;

  716. 	gulong data[5];

  717. 	ucl_object_t *obj;

  718. 

  719. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  720. 		return 0;

  721. 	}

  722. 

  723. 	obj = ucl_object_typed_new (UCL_OBJECT);

  724. 	st = session->ctx->srv->stat;

  725. 	data[0] = st->actions_stat[METRIC_ACTION_NOACTION];

  726. 	data[1] = st->actions_stat[METRIC_ACTION_ADD_HEADER] +

  727. 		st->actions_stat[METRIC_ACTION_REWRITE_SUBJECT];

  728. 	data[2] = st->actions_stat[METRIC_ACTION_GREYLIST];

  729. 	data[3] = st->actions_stat[METRIC_ACTION_REJECT];

  730. 	data[4] = st->actions_stat[METRIC_ACTION_SOFT_REJECT];

  731. 

  732. 	/* Get uptime */

  733. 	uptime = time (NULL) - session->ctx->start_time;

  734. 

  735. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  736. 			RVERSION),			   "version",  0, false);

  737. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  738. 			"ok"),				   "auth",	   0, false);

  739. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  740. 			uptime),			   "uptime",   0, false);

  741. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  742. 			data[0]),			   "clean",	   0, false);

  743. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  744. 			data[1]),			   "probable", 0, false);

  745. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  746. 			data[2]),			   "greylist", 0, false);

  747. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  748. 			data[3]),			   "reject",   0, false);

  749. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  750. 			data[4]),			   "soft_reject",   0, false);

  751. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  752. 			st->messages_scanned), "scanned",  0, false);

  753. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  754. 			st->messages_learned), "learned",  0, false);

  755. 	ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable),

  756. 			"read_only", 0, false);

  757. 	ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum),

  758. 			"config_id", 0, false);

  759. 

  760. 	rspamd_controller_send_ucl (conn_ent, obj);

  761. 	ucl_object_unref (obj);

  762. 

  763. 	return 0;

  764. }

  765. 

  766. /*

  767.  * Symbols command handler:

  768.  * request: /symbols

  769.  * reply: json [{

  770.  *  "name": "group_name",

  771.  *  "symbols": [

  772.  *      {

  773.  *      "name": "name",

  774.  *      "weight": 0.1,

  775.  *      "description": "description of symbol"

  776.  *      },

  777.  *      {...}

  778.  * },

  779.  * {...}]

  780.  */

  781. static int

  782. rspamd_controller_handle_symbols (struct rspamd_http_connection_entry *conn_ent,

  783. 	struct rspamd_http_message *msg)

  784. {

  785. 	struct rspamd_controller_session *session = conn_ent->ud;

  786. 	GHashTableIter it, sit;

  787. 	struct rspamd_symbols_group *gr;

  788. 	struct rspamd_symbol *sym;

  789. 	ucl_object_t *obj, *top, *sym_obj, *group_symbols;

  790. 	gpointer k, v;

  791. 

  792. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  793. 		return 0;

  794. 	}

  795. 

  796. 	top = ucl_object_typed_new (UCL_ARRAY);

  797. 

  798. 	/* Go through all symbols groups in the default metric */

  799. 	g_hash_table_iter_init (&it, session->cfg->groups);

  800. 

  801. 	while (g_hash_table_iter_next (&it, &k, &v)) {

  802. 		gr = v;

  803. 		obj = ucl_object_typed_new (UCL_OBJECT);

  804. 		ucl_object_insert_key (obj, ucl_object_fromstring (

  805. 				gr->name), "group", 0, false);

  806. 		/* Iterate through all symbols */

  807. 

  808. 		g_hash_table_iter_init (&sit, gr->symbols);

  809. 		group_symbols = ucl_object_typed_new (UCL_ARRAY);

  810. 

  811. 		while (g_hash_table_iter_next (&sit, &k, &v)) {

  812. 			gdouble tm = 0.0, freq = 0, freq_dev = 0;

  813. 

  814. 			sym = v;

  815. 			sym_obj = ucl_object_typed_new (UCL_OBJECT);

  816. 

  817. 			ucl_object_insert_key (sym_obj, ucl_object_fromstring (sym->name),

  818. 				"symbol", 0, false);

  819. 			ucl_object_insert_key (sym_obj,

  820. 				ucl_object_fromdouble (*sym->weight_ptr),

  821. 				"weight", 0, false);

  822. 			if (sym->description) {

  823. 				ucl_object_insert_key (sym_obj,

  824. 					ucl_object_fromstring (sym->description),

  825. 					"description", 0, false);

  826. 			}

  827. 

  828. 			if (rspamd_symcache_stat_symbol (session->ctx->cfg->cache,

  829. 					sym->name, &freq, &freq_dev, &tm, NULL)) {

  830. 				ucl_object_insert_key (sym_obj,

  831. 						ucl_object_fromdouble (freq),

  832. 						"frequency", 0, false);

  833. 				ucl_object_insert_key (sym_obj,

  834. 						ucl_object_fromdouble (freq_dev),

  835. 						"frequency_stddev", 0, false);

  836. 				ucl_object_insert_key (sym_obj,

  837. 						ucl_object_fromdouble (tm),

  838. 						"time", 0, false);

  839. 			}

  840. 

  841. 			ucl_array_append (group_symbols, sym_obj);

  842. 		}

  843. 

  844. 		ucl_object_insert_key (obj, group_symbols, "rules", 0, false);

  845. 		ucl_array_append (top, obj);

  846. 	}

  847. 

  848. 	rspamd_controller_send_ucl (conn_ent, top);

  849. 	ucl_object_unref (top);

  850. 

  851. 	return 0;

  852. }

  853. 

  854. /*

  855.  * Actions command handler:

  856.  * request: /actions

  857.  * reply: json [{

  858.  *  "action": "no action",

  859.  *  "value": 1.1

  860.  * },

  861.  * {...}]

  862.  */

  863. static int

  864. rspamd_controller_handle_actions (struct rspamd_http_connection_entry *conn_ent,

  865. 	struct rspamd_http_message *msg)

  866. {

  867. 	struct rspamd_controller_session *session = conn_ent->ud;

  868. 	struct rspamd_action *act, *tmp;

  869. 	ucl_object_t *obj, *top;

  870. 

  871. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  872. 		return 0;

  873. 	}

  874. 

  875. 	top = ucl_object_typed_new (UCL_ARRAY);

  876. 

  877. 	HASH_ITER (hh, session->cfg->actions, act, tmp) {

  878. 		obj = ucl_object_typed_new (UCL_OBJECT);

  879. 		ucl_object_insert_key (obj,

  880. 				ucl_object_fromstring (act->name),

  881. 				"action", 0, false);

  882. 		ucl_object_insert_key (obj,

  883. 				ucl_object_fromdouble (act->threshold),

  884. 				"value", 0, false);

  885. 		ucl_array_append (top, obj);

  886. 	}

  887. 

  888. 	rspamd_controller_send_ucl (conn_ent, top);

  889. 	ucl_object_unref (top);

  890. 

  891. 	return 0;

  892. }

  893. 

  894. static gboolean

  895. rspamd_controller_can_edit_map (struct rspamd_map_backend *bk)

  896. {

  897. 	gchar *fpath;

  898. 

  899. 	if (access (bk->uri, W_OK) == 0) {

  900. 		return TRUE;

  901. 	}

  902. 	else if (access (bk->uri, R_OK) == -1 && errno == ENOENT) {

  903. 		fpath = g_path_get_dirname (bk->uri);

  904. 

  905. 		if (fpath) {

  906. 			if (access (fpath, W_OK) == 0) {

  907. 				g_free (fpath);

  908. 

  909. 				return TRUE;

  910. 			}

  911. 

  912. 			g_free (fpath);

  913. 		}

  914. 	}

  915. 

  916. 	return FALSE;

  917. }

  918. 

  919. /*

  920.  * Maps command handler:

  921.  * request: /maps

  922.  * headers: Password

  923.  * reply: json [

  924.  *      {

  925.  *      "map": "name",

  926.  *      "description": "description",

  927.  *      "editable": true

  928.  *      },

  929.  *      {...}

  930.  * ]

  931.  */

  932. static int

  933. rspamd_controller_handle_maps (struct rspamd_http_connection_entry *conn_ent,

  934. 	struct rspamd_http_message *msg)

  935. {

  936. 	struct rspamd_controller_session *session = conn_ent->ud;

  937. 	GList *cur;

  938. 	struct rspamd_map *map;

  939. 	struct rspamd_map_backend *bk;

  940. 	guint i;

  941. 	gboolean editable;

  942. 	ucl_object_t *obj, *top;

  943. 

  944. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  945. 		return 0;

  946. 	}

  947. 

  948. 	top = ucl_object_typed_new (UCL_ARRAY);

  949. 

  950. 	/* Iterate over all maps */

  951. 	cur = session->ctx->cfg->maps;

  952. 	while (cur) {

  953. 		map = cur->data;

  954. 

  955. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  956. 

  957. 			if (bk->protocol == MAP_PROTO_FILE) {

  958. 				editable = rspamd_controller_can_edit_map (bk);

  959. 

  960. 				if (!editable && access (bk->uri, R_OK) == -1) {

  961. 					/* Skip unreadable and non-existing maps */

  962. 					continue;

  963. 				}

  964. 

  965. 				obj = ucl_object_typed_new (UCL_OBJECT);

  966. 				ucl_object_insert_key (obj,	   ucl_object_fromint (bk->id),

  967. 						"map", 0, false);

  968. 				if (map->description) {

  969. 					ucl_object_insert_key (obj, ucl_object_fromstring (map->description),

  970. 							"description", 0, false);

  971. 				}

  972. 				ucl_object_insert_key (obj, ucl_object_fromstring (bk->uri),

  973. 						"uri", 0, false);

  974. 				ucl_object_insert_key (obj,	  ucl_object_frombool (editable),

  975. 						"editable", 0, false);

  976. 				ucl_array_append (top, obj);

  977. 			}

  978. 		}

  979. 		cur = g_list_next (cur);

  980. 	}

  981. 

  982. 	rspamd_controller_send_ucl (conn_ent, top);

  983. 	ucl_object_unref (top);

  984. 

  985. 	return 0;

  986. }

  987. 

  988. /*

  989.  * Get map command handler:

  990.  * request: /getmap

  991.  * headers: Password, Map

  992.  * reply: plain-text

  993.  */

  994. static int

  995. rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,

  996. 	struct rspamd_http_message *msg)

  997. {

  998. 	struct rspamd_controller_session *session = conn_ent->ud;

  999. 	GList *cur;

  1000. 	struct rspamd_map *map;

  1001. 	struct rspamd_map_backend *bk;

  1002. 	const rspamd_ftok_t *idstr;

  1003. 	struct stat st;

  1004. 	gint fd;

  1005. 	gulong id, i;

  1006. 	gboolean found = FALSE;

  1007. 	struct rspamd_http_message *reply;

  1008. 

  1009. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1010. 		return 0;

  1011. 	}

  1012. 

  1013. 	idstr = rspamd_http_message_find_header (msg, "Map");

  1014. 

  1015. 	if (idstr == NULL) {

  1016. 		msg_info_session ("absent map id");

  1017. 		rspamd_controller_send_error (conn_ent, 400, "Id header missing");

  1018. 		return 0;

  1019. 	}

  1020. 

  1021. 	if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {

  1022. 		msg_info_session ("invalid map id");

  1023. 		rspamd_controller_send_error (conn_ent, 400, "Invalid map id");

  1024. 		return 0;

  1025. 	}

  1026. 

  1027. 	/* Now let's be sure that we have map defined in configuration */

  1028. 	cur = session->ctx->cfg->maps;

  1029. 	while (cur && !found) {

  1030. 		map = cur->data;

  1031. 

  1032. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  1033. 			if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {

  1034. 				found = TRUE;

  1035. 				break;

  1036. 			}

  1037. 		}

  1038. 

  1039. 		cur = g_list_next (cur);

  1040. 	}

  1041. 

  1042. 	if (!found) {

  1043. 		msg_info_session ("map not found");

  1044. 		rspamd_controller_send_error (conn_ent, 404, "Map not found");

  1045. 		return 0;

  1046. 	}

  1047. 

  1048. 	if (stat (bk->uri, &st) == -1 || (fd = open (bk->uri, O_RDONLY)) == -1) {

  1049. 		reply = rspamd_http_new_message (HTTP_RESPONSE);

  1050. 		reply->date = time (NULL);

  1051. 		reply->code = 200;

  1052. 	}

  1053. 	else {

  1054. 

  1055. 		reply = rspamd_http_new_message (HTTP_RESPONSE);

  1056. 		reply->date = time (NULL);

  1057. 		reply->code = 200;

  1058. 

  1059. 		if (st.st_size > 0) {

  1060. 			if (!rspamd_http_message_set_body_from_fd (reply, fd)) {

  1061. 				close (fd);

  1062. 				rspamd_http_message_unref (reply);

  1063. 				msg_err_session ("cannot read map %s: %s", bk->uri, strerror (errno));

  1064. 				rspamd_controller_send_error (conn_ent, 500, "Map read error");

  1065. 				return 0;

  1066. 			}

  1067. 		}

  1068. 		else {

  1069. 			rspamd_fstring_t *empty_body = rspamd_fstring_new_init ("", 0);

  1070. 			rspamd_http_message_set_body_from_fstring_steal (reply, empty_body);

  1071. 		}

  1072. 

  1073. 		close (fd);

  1074. 	}

  1075. 

  1076. 	rspamd_http_connection_reset (conn_ent->conn);

  1077. 	rspamd_http_router_insert_headers (conn_ent->rt, reply);

  1078. 	rspamd_http_connection_write_message (conn_ent->conn, reply, NULL,

  1079. 		"text/plain", conn_ent, conn_ent->conn->fd,

  1080. 		conn_ent->rt->ptv, conn_ent->rt->ev_base);

  1081. 	conn_ent->is_reply = TRUE;

  1082. 

  1083. 	return 0;

  1084. }

  1085. 

  1086. static ucl_object_t *

  1087. rspamd_controller_pie_element (enum rspamd_action_type action,

  1088. 		const char *label, gdouble data)

  1089. {

  1090. 	ucl_object_t *res = ucl_object_typed_new (UCL_OBJECT);

  1091. 	const char *colors[METRIC_ACTION_MAX] = {

  1092. 		[METRIC_ACTION_REJECT] = "#FF0000",

  1093. 		[METRIC_ACTION_SOFT_REJECT] = "#cc9966",

  1094. 		[METRIC_ACTION_REWRITE_SUBJECT] = "#ff6600",

  1095. 		[METRIC_ACTION_ADD_HEADER] = "#FFD700",

  1096. 		[METRIC_ACTION_GREYLIST] = "#436EEE",

  1097. 		[METRIC_ACTION_NOACTION] = "#66cc00"

  1098. 	};

  1099. 

  1100. 	ucl_object_insert_key (res, ucl_object_fromstring (colors[action]),

  1101. 			"color", 0, false);

  1102. 	ucl_object_insert_key (res, ucl_object_fromstring (label), "label", 0, false);

  1103. 	ucl_object_insert_key (res, ucl_object_fromdouble (data), "data", 0, false);

  1104. 	ucl_object_insert_key (res, ucl_object_fromdouble (data), "value", 0, false);

  1105. 

  1106. 	return res;

  1107. }

  1108. 

  1109. /*

  1110.  * Pie chart command handler:

  1111.  * request: /pie

  1112.  * headers: Password

  1113.  * reply: json [

  1114.  *      { label: "Foo", data: 11 },

  1115.  *      { label: "Bar", data: 20 },

  1116.  *      {...}

  1117.  * ]

  1118.  */

  1119. static int

  1120. rspamd_controller_handle_pie_chart (

  1121. 	struct rspamd_http_connection_entry *conn_ent,

  1122. 	struct rspamd_http_message *msg)

  1123. {

  1124. 	struct rspamd_controller_session *session = conn_ent->ud;

  1125. 	struct rspamd_controller_worker_ctx *ctx;

  1126. 	gdouble data[5], total;

  1127. 	ucl_object_t *top;

  1128. 

  1129. 	ctx = session->ctx;

  1130. 

  1131. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1132. 		return 0;

  1133. 	}

  1134. 

  1135. 	top = ucl_object_typed_new (UCL_ARRAY);

  1136. 	total = ctx->srv->stat->messages_scanned;

  1137. 	if (total != 0) {

  1138. 

  1139. 		data[0] = ctx->srv->stat->actions_stat[METRIC_ACTION_NOACTION];

  1140. 		data[1] = ctx->srv->stat->actions_stat[METRIC_ACTION_SOFT_REJECT];

  1141. 		data[2] = (ctx->srv->stat->actions_stat[METRIC_ACTION_ADD_HEADER] +

  1142. 			ctx->srv->stat->actions_stat[METRIC_ACTION_REWRITE_SUBJECT]);

  1143. 		data[3] = ctx->srv->stat->actions_stat[METRIC_ACTION_GREYLIST];

  1144. 		data[4] = ctx->srv->stat->actions_stat[METRIC_ACTION_REJECT];

  1145. 	}

  1146. 	else {

  1147. 		memset (data, 0, sizeof (data));

  1148. 	}

  1149. 	ucl_array_append (top, rspamd_controller_pie_element (

  1150. 			METRIC_ACTION_NOACTION, "Clean", data[0]));

  1151. 	ucl_array_append (top, rspamd_controller_pie_element (

  1152. 			METRIC_ACTION_SOFT_REJECT, "Temporarily rejected", data[1]));

  1153. 	ucl_array_append (top, rspamd_controller_pie_element (

  1154. 			METRIC_ACTION_ADD_HEADER, "Probable spam", data[2]));

  1155. 	ucl_array_append (top, rspamd_controller_pie_element (

  1156. 			METRIC_ACTION_GREYLIST, "Greylisted", data[3]));

  1157. 	ucl_array_append (top, rspamd_controller_pie_element (

  1158. 			METRIC_ACTION_REJECT, "Rejected", data[4]));

  1159. 

  1160. 	rspamd_controller_send_ucl (conn_ent, top);

  1161. 	ucl_object_unref (top);

  1162. 

  1163. 	return 0;

  1164. }

  1165. 

  1166. void

  1167. rspamd_controller_graph_point (gulong t, gulong step,

  1168. 		struct rspamd_rrd_query_result* rrd_result,

  1169. 		gdouble *acc,

  1170. 		ucl_object_t **elt)

  1171. {

  1172. 	guint nan_cnt;

  1173. 	gdouble sum = 0.0, yval;

  1174. 	ucl_object_t* data_elt;

  1175. 	guint i, j;

  1176. 

  1177. 	for (i = 0; i < rrd_result->ds_count; i++) {

  1178. 		sum = 0.0;

  1179. 		nan_cnt = 0;

  1180. 		data_elt = ucl_object_typed_new (UCL_OBJECT);

  1181. 		ucl_object_insert_key (data_elt, ucl_object_fromint (t), "x", 1, false);

  1182. 

  1183. 		for (j = 0; j < step; j++) {

  1184. 			yval = acc[i + j * rrd_result->ds_count];

  1185. 			if (!isfinite (yval)) {

  1186. 				nan_cnt++;

  1187. 			}

  1188. 			else {

  1189. 				sum += yval;

  1190. 			}

  1191. 		}

  1192. 		if (nan_cnt == step) {

  1193. 			ucl_object_insert_key (data_elt, ucl_object_typed_new (UCL_NULL),

  1194. 					"y", 1, false);

  1195. 		}

  1196. 		else {

  1197. 			ucl_object_insert_key (data_elt,

  1198. 					ucl_object_fromdouble (sum / (gdouble) step), "y", 1,

  1199. 					false);

  1200. 		}

  1201. 		ucl_array_append (elt[i], data_elt);

  1202. 	}

  1203. }

  1204. 

  1205. /*

  1206.  * Graph command handler:

  1207.  * request: /graph?type=<hourly|daily|weekly|monthly>

  1208.  * headers: Password

  1209.  * reply: json [

  1210.  *      { label: "Foo", data: 11 },

  1211.  *      { label: "Bar", data: 20 },

  1212.  *      {...}

  1213.  * ]

  1214.  */

  1215. static int

  1216. rspamd_controller_handle_graph (

  1217. 		struct rspamd_http_connection_entry *conn_ent,

  1218. 		struct rspamd_http_message *msg)

  1219. {

  1220. 	GHashTable *query;

  1221. 	struct rspamd_controller_session *session = conn_ent->ud;

  1222. 	struct rspamd_controller_worker_ctx *ctx;

  1223. 	rspamd_ftok_t srch, *value;

  1224. 	struct rspamd_rrd_query_result *rrd_result;

  1225. 	gulong i, k, start_row, cnt, t, ts, step;

  1226. 	gdouble *acc;

  1227. 	ucl_object_t *res, *elt[METRIC_ACTION_MAX];

  1228. 	enum {

  1229. 		rra_hourly = 0,

  1230. 		rra_daily,

  1231. 		rra_weekly,

  1232. 		rra_monthly,

  1233. 		rra_invalid

  1234. 	} rra_num = rra_invalid;

  1235. 	/* How many points are we going to send to display */

  1236. 	static const guint desired_points = 500;

  1237. 

  1238. 	ctx = session->ctx;

  1239. 

  1240. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1241. 		return 0;

  1242. 	}

  1243. 

  1244. 	if (ctx->rrd == NULL) {

  1245. 		msg_err_session ("no rrd configured");

  1246. 		rspamd_controller_send_error (conn_ent, 404, "No rrd configured for graphs");

  1247. 

  1248. 		return 0;

  1249. 	}

  1250. 

  1251. 	query = rspamd_http_message_parse_query (msg);

  1252. 	srch.begin = (gchar *)"type";

  1253. 	srch.len = 4;

  1254. 

  1255. 	if (query == NULL || (value = g_hash_table_lookup (query, &srch)) == NULL) {

  1256. 		msg_err_session ("absent graph type query");

  1257. 		rspamd_controller_send_error (conn_ent, 400, "Absent graph type");

  1258. 

  1259. 		if (query) {

  1260. 			g_hash_table_unref (query);

  1261. 		}

  1262. 

  1263. 		return 0;

  1264. 	}

  1265. 

  1266. 	if (value->len == 6 && rspamd_lc_cmp (value->begin, "hourly", value->len) == 0) {

  1267. 		rra_num = rra_hourly;

  1268. 	}

  1269. 	else if (value->len == 5 && rspamd_lc_cmp (value->begin, "daily", value->len) == 0) {

  1270. 		rra_num = rra_daily;

  1271. 	}

  1272. 	else if (value->len == 6 && rspamd_lc_cmp (value->begin, "weekly", value->len) == 0) {

  1273. 		rra_num = rra_weekly;

  1274. 	}

  1275. 	else if (value->len == 7 && rspamd_lc_cmp (value->begin, "monthly", value->len) == 0) {

  1276. 		rra_num = rra_monthly;

  1277. 	}

  1278. 

  1279. 	g_hash_table_unref (query);

  1280. 

  1281. 	if (rra_num == rra_invalid) {

  1282. 		msg_err_session ("invalid graph type query");

  1283. 		rspamd_controller_send_error (conn_ent, 400, "Invalid graph type");

  1284. 

  1285. 		return 0;

  1286. 	}

  1287. 

  1288. 	rrd_result = rspamd_rrd_query (ctx->rrd, rra_num);

  1289. 

  1290. 	if (rrd_result == NULL) {

  1291. 		msg_err_session ("cannot query rrd");

  1292. 		rspamd_controller_send_error (conn_ent, 500, "Cannot query rrd");

  1293. 

  1294. 		return 0;

  1295. 	}

  1296. 

  1297. 	g_assert (rrd_result->ds_count == G_N_ELEMENTS (elt));

  1298. 

  1299. 	res = ucl_object_typed_new (UCL_ARRAY);

  1300. 	/* How much full updates happened since the last update */

  1301. 	ts = rrd_result->last_update / rrd_result->pdp_per_cdp - rrd_result->rra_rows;

  1302. 

  1303. 	for (i = 0; i < rrd_result->ds_count; i ++) {

  1304. 		elt[i] = ucl_object_typed_new (UCL_ARRAY);

  1305. 	}

  1306. 

  1307. 	start_row = rrd_result->cur_row == rrd_result->rra_rows - 1 ?

  1308. 				0 : rrd_result->cur_row;

  1309. 	t = ts * rrd_result->pdp_per_cdp;

  1310. 	k = 0;

  1311. 

  1312. 	/* Create window */

  1313. 	step = ceil (((gdouble)rrd_result->rra_rows) / desired_points);

  1314. 	g_assert (step >= 1);

  1315. 	acc = g_malloc0 (sizeof (double) * rrd_result->ds_count * step);

  1316. 

  1317. 	for (i = start_row, cnt = 0; cnt < rrd_result->rra_rows;

  1318. 			cnt ++) {

  1319. 

  1320. 		memcpy (&acc[k * rrd_result->ds_count],

  1321. 				&rrd_result->data[i * rrd_result->ds_count],

  1322. 				sizeof (gdouble) * rrd_result->ds_count);

  1323. 

  1324. 		if (k < step - 1) {

  1325. 			k ++;

  1326. 		}

  1327. 		else {

  1328. 			t = ts * rrd_result->pdp_per_cdp;

  1329. 

  1330. 			/* Need a fresh point */

  1331. 			rspamd_controller_graph_point (t, step, rrd_result, acc, elt);

  1332. 			k = 0;

  1333. 		}

  1334. 

  1335. 		if (i == rrd_result->rra_rows - 1) {

  1336. 			i = 0;

  1337. 		}

  1338. 		else {

  1339. 			i ++;

  1340. 		}

  1341. 

  1342. 		ts ++;

  1343. 	}

  1344. 

  1345. 	if (k > 0) {

  1346. 		rspamd_controller_graph_point (t, k, rrd_result, acc, elt);

  1347. 	}

  1348. 

  1349. 	for (i = 0; i < rrd_result->ds_count; i++) {

  1350. 		ucl_array_append (res, elt[i]);

  1351. 	}

  1352. 

  1353. 	rspamd_controller_send_ucl (conn_ent, res);

  1354. 	ucl_object_unref (res);

  1355. 	g_free (acc);

  1356. 

  1357. 	return 0;

  1358. }

  1359. 

  1360. static void

  1361. rspamd_controller_handle_legacy_history (

  1362. 		struct rspamd_controller_session *session,

  1363. 		struct rspamd_controller_worker_ctx *ctx,

  1364. 		struct rspamd_http_connection_entry *conn_ent,

  1365. 		struct rspamd_http_message *msg)

  1366. {

  1367. 	struct roll_history_row *row, *copied_rows;

  1368. 	guint i, rows_proc, row_num;

  1369. 	struct tm tm;

  1370. 	gchar timebuf[32], **syms;

  1371. 	ucl_object_t *top, *obj;

  1372. 

  1373. 	top = ucl_object_typed_new (UCL_ARRAY);

  1374. 

  1375. 	/* Set lock on history */

  1376. 	copied_rows = g_malloc (sizeof (*copied_rows) * ctx->srv->history->nrows);

  1377. 	memcpy (copied_rows, ctx->srv->history->rows,

  1378. 			sizeof (*copied_rows) * ctx->srv->history->nrows);

  1379. 

  1380. 	/* Go through all rows */

  1381. 	row_num = ctx->srv->history->cur_row;

  1382. 

  1383. 	for (i = 0, rows_proc = 0; i < ctx->srv->history->nrows; i++, row_num++) {

  1384. 		if (row_num == ctx->srv->history->nrows) {

  1385. 			row_num = 0;

  1386. 		}

  1387. 		row = &copied_rows[row_num];

  1388. 		/* Get only completed rows */

  1389. 		if (row->completed) {

  1390. 			rspamd_localtime (row->tv.tv_sec, &tm);

  1391. 			strftime (timebuf, sizeof (timebuf) - 1, "%Y-%m-%d %H:%M:%S", &tm);

  1392. 			obj = ucl_object_typed_new (UCL_OBJECT);

  1393. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  1394. 					timebuf),		  "time", 0, false);

  1395. 			ucl_object_insert_key (obj, ucl_object_fromint (

  1396. 					row->tv.tv_sec), "unix_time", 0, false);

  1397. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  1398. 					row->message_id), "id",	  0, false);

  1399. 			ucl_object_insert_key (obj, ucl_object_fromstring (row->from_addr),

  1400. 					"ip", 0, false);

  1401. 			ucl_object_insert_key (obj,

  1402. 					ucl_object_fromstring (rspamd_action_to_str (

  1403. 							row->action)), "action", 0, false);

  1404. 

  1405. 			if (!isnan (row->score)) {

  1406. 				ucl_object_insert_key (obj, ucl_object_fromdouble (

  1407. 						row->score),		  "score",			0, false);

  1408. 			}

  1409. 			else {

  1410. 				ucl_object_insert_key (obj,

  1411. 						ucl_object_fromdouble (0.0), "score", 0, false);

  1412. 			}

  1413. 

  1414. 			if (!isnan (row->required_score)) {

  1415. 				ucl_object_insert_key (obj,

  1416. 						ucl_object_fromdouble (

  1417. 								row->required_score), "required_score", 0, false);

  1418. 			}

  1419. 			else {

  1420. 				ucl_object_insert_key (obj,

  1421. 						ucl_object_fromdouble (0.0), "required_score", 0, false);

  1422. 			}

  1423. 

  1424. 			syms = g_strsplit_set (row->symbols, ", ", -1);

  1425. 

  1426. 			if (syms) {

  1427. 				guint nelts = g_strv_length (syms);

  1428. 				ucl_object_t *syms_obj = ucl_object_typed_new (UCL_OBJECT);

  1429. 				ucl_object_reserve (syms_obj, nelts);

  1430. 

  1431. 				for (guint j = 0; j < nelts; j++) {

  1432. 					g_strstrip (syms[j]);

  1433. 

  1434. 					if (strlen (syms[j]) == 0) {

  1435. 						/* Empty garbadge */

  1436. 						continue;

  1437. 					}

  1438. 

  1439. 					ucl_object_t *cur = ucl_object_typed_new (UCL_OBJECT);

  1440. 

  1441. 					ucl_object_insert_key (cur, ucl_object_fromdouble (0.0),

  1442. 							"score", 0, false);

  1443. 					ucl_object_insert_key (syms_obj, cur, syms[j], 0, true);

  1444. 				}

  1445. 

  1446. 				ucl_object_insert_key (obj, syms_obj, "symbols", 0, false);

  1447. 				g_strfreev (syms);

  1448. 			}

  1449. 

  1450. 			ucl_object_insert_key (obj, ucl_object_fromint (row->len),

  1451. 					"size", 0, false);

  1452. 			ucl_object_insert_key (obj,

  1453. 					ucl_object_fromdouble (row->scan_time),

  1454. 					"scan_time", 0, false);

  1455. 

  1456. 			if (row->user[0] != '\0') {

  1457. 				ucl_object_insert_key (obj, ucl_object_fromstring (row->user),

  1458. 						"user", 0, false);

  1459. 			}

  1460. 			if (row->from_addr[0] != '\0') {

  1461. 				ucl_object_insert_key (obj, ucl_object_fromstring (

  1462. 						row->from_addr), "from", 0, false);

  1463. 			}

  1464. 			ucl_array_append (top, obj);

  1465. 			rows_proc++;

  1466. 		}

  1467. 	}

  1468. 

  1469. 	rspamd_controller_send_ucl (conn_ent, top);

  1470. 	ucl_object_unref (top);

  1471. 	g_free (copied_rows);

  1472. }

  1473. 

  1474. static gboolean

  1475. rspamd_controller_history_lua_fin_task (void *ud)

  1476. {

  1477. 	return TRUE;

  1478. }

  1479. 

  1480. static void

  1481. rspamd_controller_handle_lua_history (lua_State *L,

  1482. 		struct rspamd_controller_session *session,

  1483. 		struct rspamd_controller_worker_ctx *ctx,

  1484. 		struct rspamd_http_connection_entry *conn_ent,

  1485. 		struct rspamd_http_message *msg,

  1486. 		gboolean reset)

  1487. {

  1488. 	struct rspamd_task *task, **ptask;

  1489. 	struct rspamd_http_connection_entry **pconn_ent;

  1490. 	GHashTable *params;

  1491. 	rspamd_ftok_t srch, *found;

  1492. 	glong from = 0, to = -1;

  1493. 

  1494. 	params = rspamd_http_message_parse_query (msg);

  1495. 

  1496. 	if (params) {

  1497. 		/* Check from and to */

  1498. 		RSPAMD_FTOK_ASSIGN (&srch, "from");

  1499. 		found = g_hash_table_lookup (params, &srch);

  1500. 

  1501. 		if (found) {

  1502. 			rspamd_strtol (found->begin, found->len, &from);

  1503. 		}

  1504. 		RSPAMD_FTOK_ASSIGN (&srch, "to");

  1505. 		found = g_hash_table_lookup (params, &srch);

  1506. 

  1507. 		if (found) {

  1508. 			rspamd_strtol (found->begin, found->len, &to);

  1509. 		}

  1510. 

  1511. 		g_hash_table_unref (params);

  1512. 	}

  1513. 

  1514. 	lua_getglobal (L, "rspamd_plugins");

  1515. 

  1516. 	if (lua_istable (L, -1)) {

  1517. 		lua_pushstring (L, "history");

  1518. 		lua_gettable (L, -2);

  1519. 

  1520. 		if (lua_istable (L, -1)) {

  1521. 			lua_pushstring (L, "handler");

  1522. 			lua_gettable (L, -2);

  1523. 

  1524. 			if (lua_isfunction (L, -1)) {

  1525. 				task = rspamd_task_new (session->ctx->worker, session->cfg,

  1526. 						session->pool, ctx->lang_det, ctx->ev_base);

  1527. 

  1528. 				task->resolver = ctx->resolver;

  1529. 				task->s = rspamd_session_create (session->pool,

  1530. 						rspamd_controller_history_lua_fin_task,

  1531. 						NULL,

  1532. 						(event_finalizer_t )rspamd_task_free,

  1533. 						task);

  1534. 				task->fin_arg = conn_ent;

  1535. 

  1536. 				ptask = lua_newuserdata (L, sizeof (*ptask));

  1537. 				*ptask = task;

  1538. 				rspamd_lua_setclass (L, "rspamd{task}", -1);

  1539. 				pconn_ent = lua_newuserdata (L, sizeof (*pconn_ent));

  1540. 				*pconn_ent = conn_ent;

  1541. 				rspamd_lua_setclass (L, "rspamd{csession}", -1);

  1542. 				lua_pushinteger (L, from);

  1543. 				lua_pushinteger (L, to);

  1544. 				lua_pushboolean (L, reset);

  1545. 

  1546. 				if (lua_pcall (L, 5, 0, 0) != 0) {

  1547. 					msg_err_session ("call to history function failed: %s",

  1548. 							lua_tostring (L, -1));

  1549. 					lua_settop (L, 0);

  1550. 					rspamd_task_free (task);

  1551. 

  1552. 					goto err;

  1553. 				}

  1554. 

  1555. 				task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  1556. 				task->sock = -1;

  1557. 				session->task = task;

  1558. 

  1559. 				rspamd_session_pending (task->s);

  1560. 			}

  1561. 			else {

  1562. 				msg_err_session ("rspamd_plugins.history.handler is not a function");

  1563. 				lua_settop (L, 0);

  1564. 				goto err;

  1565. 			}

  1566. 		}

  1567. 		else {

  1568. 			msg_err_session ("rspamd_plugins.history is not a table");

  1569. 			lua_settop (L, 0);

  1570. 			goto err;

  1571. 		}

  1572. 	}

  1573. 	else {

  1574. 		msg_err_session ("rspamd_plugins is absent or has incorrect type");

  1575. 		lua_settop (L, 0);

  1576. 		goto err;

  1577. 	}

  1578. 

  1579. 	lua_settop (L, 0);

  1580. 

  1581. 	return;

  1582. err:

  1583. 	rspamd_controller_send_error (conn_ent, 500, "Internal error");

  1584. }

  1585. 

  1586. /*

  1587.  * History command handler:

  1588.  * request: /history

  1589.  * headers: Password

  1590.  * reply: json [

  1591.  *      { label: "Foo", data: 11 },

  1592.  *      { label: "Bar", data: 20 },

  1593.  *      {...}

  1594.  * ]

  1595.  */

  1596. static int

  1597. rspamd_controller_handle_history (struct rspamd_http_connection_entry *conn_ent,

  1598. 	struct rspamd_http_message *msg)

  1599. {

  1600. 	struct rspamd_controller_session *session = conn_ent->ud;

  1601. 	struct rspamd_controller_worker_ctx *ctx;

  1602. 	lua_State *L;

  1603. 	ctx = session->ctx;

  1604. 

  1605. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1606. 		return 0;

  1607. 	}

  1608. 

  1609. 	L = ctx->cfg->lua_state;

  1610. 

  1611. 	if (!ctx->srv->history->disabled) {

  1612. 		rspamd_controller_handle_legacy_history (session, ctx, conn_ent, msg);

  1613. 	}

  1614. 	else {

  1615. 		rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,

  1616. 				FALSE);

  1617. 	}

  1618. 

  1619. 	return 0;

  1620. }

  1621. 

  1622. /*

  1623.  * Errors command handler:

  1624.  * request: /errors

  1625.  * headers: Password

  1626.  * reply: json [

  1627.  *      { ts: 100500, type: normal, pid: 100, module: lua, message: bad things },

  1628.  *      {...}

  1629.  * ]

  1630.  */

  1631. static int

  1632. rspamd_controller_handle_errors (struct rspamd_http_connection_entry *conn_ent,

  1633. 	struct rspamd_http_message *msg)

  1634. {

  1635. 	struct rspamd_controller_session *session = conn_ent->ud;

  1636. 	struct rspamd_controller_worker_ctx *ctx;

  1637. 	ucl_object_t *top;

  1638. 

  1639. 	ctx = session->ctx;

  1640. 

  1641. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1642. 		return 0;

  1643. 	}

  1644. 

  1645. 	top = rspamd_log_errorbuf_export (ctx->worker->srv->logger);

  1646. 	rspamd_controller_send_ucl (conn_ent, top);

  1647. 	ucl_object_unref (top);

  1648. 

  1649. 	return 0;

  1650. }

  1651. 

  1652. /*

  1653.  * Neighbours command handler:

  1654.  * request: /neighbours

  1655.  * headers: Password

  1656.  * reply: json {name: {url: "http://...", host: "host"}}

  1657.  */

  1658. static int

  1659. rspamd_controller_handle_neighbours (struct rspamd_http_connection_entry *conn_ent,

  1660. 	struct rspamd_http_message *msg)

  1661. {

  1662. 	struct rspamd_controller_session *session = conn_ent->ud;

  1663. 	struct rspamd_controller_worker_ctx *ctx;

  1664. 

  1665. 	ctx = session->ctx;

  1666. 

  1667. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1668. 		return 0;

  1669. 	}

  1670. 

  1671. 	rspamd_controller_send_ucl (conn_ent, ctx->cfg->neighbours);

  1672. 

  1673. 	return 0;

  1674. }

  1675. 

  1676. 

  1677. static int

  1678. rspamd_controller_handle_history_reset (struct rspamd_http_connection_entry *conn_ent,

  1679. 		struct rspamd_http_message *msg)

  1680. {

  1681. 	struct rspamd_controller_session *session = conn_ent->ud;

  1682. 	struct rspamd_controller_worker_ctx *ctx;

  1683. 	struct roll_history_row *row;

  1684. 	guint start_row, i, t;

  1685. 	lua_State *L;

  1686. 

  1687. 	ctx = session->ctx;

  1688. 	L = ctx->cfg->lua_state;

  1689. 

  1690. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1691. 		return 0;

  1692. 	}

  1693. 

  1694. 	if (!ctx->srv->history->disabled) {

  1695. 		/* Clean from start to the current row */

  1696. 		start_row = g_atomic_int_get (&ctx->srv->history->cur_row);

  1697. 

  1698. 		for (i = 0; i < start_row; i ++) {

  1699. 			t = g_atomic_int_get (&ctx->srv->history->cur_row);

  1700. 

  1701. 			/* We somehow come to the race condition */

  1702. 			if (i >= t) {

  1703. 				break;

  1704. 			}

  1705. 

  1706. 			row = &ctx->srv->history->rows[i];

  1707. 			memset (row, 0, sizeof (*row));

  1708. 		}

  1709. 

  1710. 		start_row = g_atomic_int_get (&ctx->srv->history->cur_row);

  1711. 		/* Optimistically set all bytes to zero (might cause race) */

  1712. 		memset (ctx->srv->history->rows,

  1713. 				0,

  1714. 				sizeof (*row) * (ctx->srv->history->nrows - start_row));

  1715. 

  1716. 		msg_info_session ("<%s> reset history",

  1717. 				rspamd_inet_address_to_string (session->from_addr));

  1718. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1719. 	}

  1720. 	else {

  1721. 		rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,

  1722. 				TRUE);

  1723. 	}

  1724. 

  1725. 	return 0;

  1726. }

  1727. 

  1728. static gboolean

  1729. rspamd_controller_lua_fin_task (void *ud)

  1730. {

  1731. 	struct rspamd_task *task = ud;

  1732. 	struct rspamd_http_connection_entry *conn_ent;

  1733. 

  1734. 	conn_ent = task->fin_arg;

  1735. 

  1736. 	if (task->err != NULL) {

  1737. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1738. 				task->err->message);

  1739. 	}

  1740. 

  1741. 	return TRUE;

  1742. }

  1743. 

  1744. static int

  1745. rspamd_controller_handle_lua (struct rspamd_http_connection_entry *conn_ent,

  1746. 		struct rspamd_http_message *msg)

  1747. {

  1748. 	struct rspamd_controller_session *session = conn_ent->ud;

  1749. 	struct rspamd_task *task, **ptask;

  1750. 	struct rspamd_http_connection_entry **pconn;

  1751. 	struct rspamd_controller_worker_ctx *ctx;

  1752. 	gchar filebuf[PATH_MAX], realbuf[PATH_MAX];

  1753. 	struct http_parser_url u;

  1754. 	rspamd_ftok_t lookup;

  1755. 	struct stat st;

  1756. 	lua_State *L;

  1757. 

  1758. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1759. 		return 0;

  1760. 	}

  1761. 

  1762. 	ctx = session->ctx;

  1763. 	L = ctx->cfg->lua_state;

  1764. 

  1765. 	/* Find lua script */

  1766. 	if (msg->url != NULL && msg->url->len != 0) {

  1767. 

  1768. 		http_parser_parse_url (RSPAMD_FSTRING_DATA (msg->url),

  1769. 				RSPAMD_FSTRING_LEN (msg->url), TRUE, &u);

  1770. 

  1771. 		if (u.field_set & (1 << UF_PATH)) {

  1772. 			lookup.begin = RSPAMD_FSTRING_DATA (msg->url) +

  1773. 					u.field_data[UF_PATH].off;

  1774. 			lookup.len = u.field_data[UF_PATH].len;

  1775. 		}

  1776. 		else {

  1777. 			lookup.begin = RSPAMD_FSTRING_DATA (msg->url);

  1778. 			lookup.len = RSPAMD_FSTRING_LEN (msg->url);

  1779. 		}

  1780. 

  1781. 		rspamd_snprintf (filebuf, sizeof (filebuf), "%s%c%T",

  1782. 				ctx->static_files_dir, G_DIR_SEPARATOR, &lookup);

  1783. 

  1784. 		if (realpath (filebuf, realbuf) == NULL ||

  1785. 				lstat (realbuf, &st) == -1) {

  1786. 			rspamd_controller_send_error (conn_ent, 404, "Cannot find path: %s",

  1787. 					strerror (errno));

  1788. 

  1789. 			return 0;

  1790. 		}

  1791. 

  1792. 		/* TODO: add caching here, should be trivial */

  1793. 		/* Now we load and execute the code fragment, which should return a function */

  1794. 		if (luaL_loadfile (L, realbuf) != 0) {

  1795. 			rspamd_controller_send_error (conn_ent, 500, "Cannot load path: %s",

  1796. 					lua_tostring (L, -1));

  1797. 			lua_settop (L, 0);

  1798. 

  1799. 			return 0;

  1800. 		}

  1801. 

  1802. 		if (lua_pcall (L, 0, 1, 0) != 0) {

  1803. 			rspamd_controller_send_error (conn_ent, 501, "Cannot run path: %s",

  1804. 					lua_tostring (L, -1));

  1805. 			lua_settop (L, 0);

  1806. 

  1807. 			return 0;

  1808. 		}

  1809. 

  1810. 		if (lua_type (L, -1) != LUA_TFUNCTION) {

  1811. 			rspamd_controller_send_error (conn_ent, 502, "Bad return type: %s",

  1812. 					lua_typename (L, lua_type (L, -1)));

  1813. 			lua_settop (L, 0);

  1814. 

  1815. 			return 0;

  1816. 		}

  1817. 

  1818. 	}

  1819. 	else {

  1820. 		rspamd_controller_send_error (conn_ent, 404, "Empty path is not permitted");

  1821. 

  1822. 		return 0;

  1823. 	}

  1824. 

  1825. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  1826. 			ctx->lang_det, ctx->ev_base);

  1827. 

  1828. 	task->resolver = ctx->resolver;

  1829. 	task->s = rspamd_session_create (session->pool,

  1830. 			rspamd_controller_lua_fin_task,

  1831. 			NULL,

  1832. 			(event_finalizer_t )rspamd_task_free,

  1833. 			task);

  1834. 	task->fin_arg = conn_ent;

  1835. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  1836. 	task->sock = -1;

  1837. 	session->task = task;

  1838. 

  1839. 	if (msg->body_buf.len > 0) {

  1840. 		if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  1841. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1842. 					task->err->message);

  1843. 			return 0;

  1844. 		}

  1845. 	}

  1846. 

  1847. 	ptask = lua_newuserdata (L, sizeof (*ptask));

  1848. 	rspamd_lua_setclass (L, "rspamd{task}", -1);

  1849. 	*ptask = task;

  1850. 

  1851. 	pconn = lua_newuserdata (L, sizeof (*pconn));

  1852. 	rspamd_lua_setclass (L, "rspamd{csession}", -1);

  1853. 	*pconn = conn_ent;

  1854. 

  1855. 	if (lua_pcall (L, 2, 0, 0) != 0) {

  1856. 		rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",

  1857. 				lua_tostring (L, -1));

  1858. 		lua_settop (L, 0);

  1859. 

  1860. 		return 0;

  1861. 	}

  1862. 

  1863. 	rspamd_session_pending (task->s);

  1864. 

  1865. 	return 0;

  1866. }

  1867. 

  1868. static gboolean

  1869. rspamd_controller_learn_fin_task (void *ud)

  1870. {

  1871. 	struct rspamd_task *task = ud;

  1872. 	struct rspamd_controller_session *session;

  1873. 	struct rspamd_http_connection_entry *conn_ent;

  1874. 

  1875. 	conn_ent = task->fin_arg;

  1876. 	session = conn_ent->ud;

  1877. 

  1878. 	if (task->err != NULL) {

  1879. 		msg_info_session ("cannot learn <%s>: %e", task->message_id, task->err);

  1880. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1881. 				task->err->message);

  1882. 

  1883. 		return TRUE;

  1884. 	}

  1885. 

  1886. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1887. 		/* Successful learn */

  1888. 		msg_info_task ("<%s> learned message as %s: %s",

  1889. 				rspamd_inet_address_to_string (session->from_addr),

  1890. 				session->is_spam ? "spam" : "ham",

  1891. 						task->message_id);

  1892. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1893. 		return TRUE;

  1894. 	}

  1895. 

  1896. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {

  1897. 		msg_info_task ("cannot learn <%s>: %e", task->message_id, task->err);

  1898. 

  1899. 		if (task->err) {

  1900. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1901. 					task->err->message);

  1902. 		}

  1903. 		else {

  1904. 			rspamd_controller_send_error (conn_ent, 500,

  1905. 								"Internal error");

  1906. 		}

  1907. 	}

  1908. 

  1909. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1910. 		if (task->err) {

  1911. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1912. 					task->err->message);

  1913. 		}

  1914. 		else {

  1915. 			msg_info_task ("<%s> learned message as %s: %s",

  1916. 					rspamd_inet_address_to_string (session->from_addr),

  1917. 					session->is_spam ? "spam" : "ham",

  1918. 							task->message_id);

  1919. 			rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1920. 		}

  1921. 

  1922. 		return TRUE;

  1923. 	}

  1924. 

  1925. 	/* One more iteration */

  1926. 	return FALSE;

  1927. }

  1928. 

  1929. static void

  1930. rspamd_controller_scan_reply (struct rspamd_task *task)

  1931. {

  1932. 	struct rspamd_http_message *msg;

  1933. 	struct rspamd_http_connection_entry *conn_ent;

  1934. 

  1935. 	conn_ent = task->fin_arg;

  1936. 	msg = rspamd_http_new_message (HTTP_RESPONSE);

  1937. 	msg->date = time (NULL);

  1938. 	msg->code = 200;

  1939. 	rspamd_protocol_http_reply (msg, task, NULL);

  1940. 	rspamd_http_connection_reset (conn_ent->conn);

  1941. 	rspamd_http_router_insert_headers (conn_ent->rt, msg);

  1942. 	rspamd_http_connection_write_message (conn_ent->conn, msg, NULL,

  1943. 			"application/json", conn_ent, conn_ent->conn->fd, conn_ent->rt->ptv,

  1944. 			conn_ent->rt->ev_base);

  1945. 	conn_ent->is_reply = TRUE;

  1946. }

  1947. 

  1948. static gboolean

  1949. rspamd_controller_check_fin_task (void *ud)

  1950. {

  1951. 	struct rspamd_task *task = ud;

  1952. 	struct rspamd_http_connection_entry *conn_ent;

  1953. 

  1954. 	msg_debug_task ("finish task");

  1955. 	conn_ent = task->fin_arg;

  1956. 

  1957. 	if (task->err) {

  1958. 		msg_info_task ("cannot check <%s>: %e", task->message_id, task->err);

  1959. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1960. 				task->err->message);

  1961. 		return TRUE;

  1962. 	}

  1963. 

  1964. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1965. 		rspamd_controller_scan_reply (task);

  1966. 		return TRUE;

  1967. 	}

  1968. 

  1969. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {

  1970. 		rspamd_controller_scan_reply (task);

  1971. 		return TRUE;

  1972. 	}

  1973. 

  1974. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1975. 		rspamd_controller_scan_reply (task);

  1976. 		return TRUE;

  1977. 	}

  1978. 

  1979. 	/* One more iteration */

  1980. 	return FALSE;

  1981. }

  1982. 

  1983. static int

  1984. rspamd_controller_handle_learn_common (

  1985. 	struct rspamd_http_connection_entry *conn_ent,

  1986. 	struct rspamd_http_message *msg,

  1987. 	gboolean is_spam)

  1988. {

  1989. 	struct rspamd_controller_session *session = conn_ent->ud;

  1990. 	struct rspamd_controller_worker_ctx *ctx;

  1991. 	struct rspamd_task *task;

  1992. 	const rspamd_ftok_t *cl_header;

  1993. 

  1994. 	ctx = session->ctx;

  1995. 

  1996. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1997. 		return 0;

  1998. 	}

  1999. 

  2000. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2001. 		msg_err_session ("got zero length body, cannot continue");

  2002. 		rspamd_controller_send_error (conn_ent,

  2003. 			400,

  2004. 			"Empty body is not permitted");

  2005. 		return 0;

  2006. 	}

  2007. 

  2008. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2009. 			session->ctx->lang_det, ctx->ev_base);

  2010. 

  2011. 	task->resolver = ctx->resolver;

  2012. 	task->s = rspamd_session_create (session->pool,

  2013. 			rspamd_controller_learn_fin_task,

  2014. 			NULL,

  2015. 			(event_finalizer_t )rspamd_task_free,

  2016. 			task);

  2017. 	task->fin_arg = conn_ent;

  2018. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  2019. 	task->sock = -1;

  2020. 	session->task = task;

  2021. 

  2022. 	cl_header = rspamd_http_message_find_header (msg, "classifier");

  2023. 	if (cl_header) {

  2024. 		session->classifier = rspamd_mempool_ftokdup (session->pool, cl_header);

  2025. 	}

  2026. 	else {

  2027. 		session->classifier = NULL;

  2028. 	}

  2029. 

  2030. 	if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  2031. 		goto end;

  2032. 	}

  2033. 

  2034. 	rspamd_learn_task_spam (task, is_spam, session->classifier, NULL);

  2035. 

  2036. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {

  2037. 		msg_warn_session ("<%s> message cannot be processed", task->message_id);

  2038. 		goto end;

  2039. 	}

  2040. 

  2041. end:

  2042. 	session->is_spam = is_spam;

  2043. 	rspamd_session_pending (task->s);

  2044. 

  2045. 	return 0;

  2046. }

  2047. 

  2048. /*

  2049.  * Learn spam command handler:

  2050.  * request: /learnspam

  2051.  * headers: Password

  2052.  * input: plaintext data

  2053.  * reply: json {"success":true} or {"error":"error message"}

  2054.  */

  2055. static int

  2056. rspamd_controller_handle_learnspam (

  2057. 	struct rspamd_http_connection_entry *conn_ent,

  2058. 	struct rspamd_http_message *msg)

  2059. {

  2060. 	return rspamd_controller_handle_learn_common (conn_ent, msg, TRUE);

  2061. }

  2062. /*

  2063.  * Learn ham command handler:

  2064.  * request: /learnham

  2065.  * headers: Password

  2066.  * input: plaintext data

  2067.  * reply: json {"success":true} or {"error":"error message"}

  2068.  */

  2069. static int

  2070. rspamd_controller_handle_learnham (

  2071. 	struct rspamd_http_connection_entry *conn_ent,

  2072. 	struct rspamd_http_message *msg)

  2073. {

  2074. 	return rspamd_controller_handle_learn_common (conn_ent, msg, FALSE);

  2075. }

  2076. 

  2077. /*

  2078.  * Scan command handler:

  2079.  * request: /scan

  2080.  * headers: Password

  2081.  * input: plaintext data

  2082.  * reply: json {scan data} or {"error":"error message"}

  2083.  */

  2084. static int

  2085. rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,

  2086. 	struct rspamd_http_message *msg)

  2087. {

  2088. 	struct rspamd_controller_session *session = conn_ent->ud;

  2089. 	struct rspamd_controller_worker_ctx *ctx;

  2090. 	struct rspamd_task *task;

  2091. 

  2092. 	ctx = session->ctx;

  2093. 

  2094. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2095. 		return 0;

  2096. 	}

  2097. 

  2098. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2099. 		msg_err_session ("got zero length body, cannot continue");

  2100. 		rspamd_controller_send_error (conn_ent,

  2101. 			400,

  2102. 			"Empty body is not permitted");

  2103. 		return 0;

  2104. 	}

  2105. 

  2106. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2107. 			ctx->lang_det, ctx->ev_base);

  2108. 

  2109. 	task->resolver = ctx->resolver;

  2110. 	task->s = rspamd_session_create (session->pool,

  2111. 			rspamd_controller_check_fin_task,

  2112. 			NULL,

  2113. 			(event_finalizer_t )rspamd_task_free,

  2114. 			task);

  2115. 	task->fin_arg = conn_ent;

  2116. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);

  2117. 	task->sock = conn_ent->conn->fd;

  2118. 	task->flags |= RSPAMD_TASK_FLAG_MIME;

  2119. 	task->resolver = ctx->resolver;

  2120. 

  2121. 	if (!rspamd_protocol_handle_request (task, msg)) {

  2122. 		goto end;

  2123. 	}

  2124. 

  2125. 	if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  2126. 		goto end;

  2127. 	}

  2128. 

  2129. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {

  2130. 		goto end;

  2131. 	}

  2132. 

  2133. 	if (ctx->task_timeout > 0.0) {

  2134. 		struct timeval task_tv;

  2135. 

  2136. 		event_set (&task->timeout_ev, -1, EV_TIMEOUT, rspamd_task_timeout,

  2137. 				task);

  2138. 		event_base_set (ctx->ev_base, &task->timeout_ev);

  2139. 		double_to_tv (ctx->task_timeout, &task_tv);

  2140. 		event_add (&task->timeout_ev, &task_tv);

  2141. 	}

  2142. 

  2143. end:

  2144. 	session->task = task;

  2145. 	rspamd_session_pending (task->s);

  2146. 

  2147. 	return 0;

  2148. }

  2149. 

  2150. /*

  2151.  * Save actions command handler:

  2152.  * request: /saveactions

  2153.  * headers: Password

  2154.  * input: json array [<spam>,<probable spam>,<greylist>]

  2155.  * reply: json {"success":true} or {"error":"error message"}

  2156.  */

  2157. static int

  2158. rspamd_controller_handle_saveactions (

  2159. 	struct rspamd_http_connection_entry *conn_ent,

  2160. 	struct rspamd_http_message *msg)

  2161. {

  2162. 	struct rspamd_controller_session *session = conn_ent->ud;

  2163. 	struct ucl_parser *parser;

  2164. 	ucl_object_t *obj;

  2165. 	const ucl_object_t *cur;

  2166. 	struct rspamd_controller_worker_ctx *ctx;

  2167. 	const gchar *error;

  2168. 	gdouble score;

  2169. 	gint i, added = 0;

  2170. 	enum rspamd_action_type act;

  2171. 	ucl_object_iter_t it = NULL;

  2172. 

  2173. 	ctx = session->ctx;

  2174. 

  2175. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2176. 		return 0;

  2177. 	}

  2178. 

  2179. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2180. 		msg_err_session ("got zero length body, cannot continue");

  2181. 		rspamd_controller_send_error (conn_ent,

  2182. 			400,

  2183. 			"Empty body is not permitted");

  2184. 		return 0;

  2185. 	}

  2186. 

  2187. 	parser = ucl_parser_new (0);

  2188. 	if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {

  2189. 		if ((error = ucl_parser_get_error (parser)) != NULL) {

  2190. 			msg_err_session ("cannot parse input: %s", error);

  2191. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2192. 			ucl_parser_free (parser);

  2193. 			return 0;

  2194. 		}

  2195. 

  2196. 		msg_err_session ("cannot parse input: unknown error");

  2197. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2198. 		ucl_parser_free (parser);

  2199. 		return 0;

  2200. 	}

  2201. 

  2202. 	obj = ucl_parser_get_object (parser);

  2203. 	ucl_parser_free (parser);

  2204. 

  2205. 	if (obj->type != UCL_ARRAY || obj->len != 4) {

  2206. 		msg_err_session ("input is not an array of 4 elements");

  2207. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2208. 		ucl_object_unref (obj);

  2209. 		return 0;

  2210. 	}

  2211. 

  2212. 	it = ucl_object_iterate_new (obj);

  2213. 

  2214. 	for (i = 0; i < 4; i++) {

  2215. 		cur = ucl_object_iterate_safe (it, TRUE);

  2216. 

  2217. 		switch (i) {

  2218. 		case 0:

  2219. 			act = METRIC_ACTION_REJECT;

  2220. 			break;

  2221. 		case 1:

  2222. 			act = METRIC_ACTION_REWRITE_SUBJECT;

  2223. 			break;

  2224. 		case 2:

  2225. 			act = METRIC_ACTION_ADD_HEADER;

  2226. 			break;

  2227. 		case 3:

  2228. 			act = METRIC_ACTION_GREYLIST;

  2229. 			break;

  2230. 		}

  2231. 

  2232. 		if (ucl_object_type (cur) == UCL_NULL) {

  2233. 			/* Assume NaN */

  2234. 			score = NAN;

  2235. 		}

  2236. 		else {

  2237. 			score = ucl_object_todouble (cur);

  2238. 		}

  2239. 

  2240. 		if ((isnan (session->cfg->actions[act].threshold) != isnan (score)) ||

  2241. 				(session->cfg->actions[act].threshold != score)) {

  2242. 			add_dynamic_action (ctx->cfg, DEFAULT_METRIC, act, score);

  2243. 			added ++;

  2244. 		}

  2245. 		else {

  2246. 			if (remove_dynamic_action (ctx->cfg, DEFAULT_METRIC, act)) {

  2247. 				added ++;

  2248. 			}

  2249. 		}

  2250. 	}

  2251. 

  2252. 	ucl_object_iterate_free (it);

  2253. 

  2254. 	if (dump_dynamic_config (ctx->cfg)) {

  2255. 		msg_info_session ("<%s> modified %d actions",

  2256. 			rspamd_inet_address_to_string (session->from_addr),

  2257. 			added);

  2258. 

  2259. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2260. 	}

  2261. 	else {

  2262. 		rspamd_controller_send_error (conn_ent, 500, "Save error");

  2263. 	}

  2264. 

  2265. 	ucl_object_unref (obj);

  2266. 

  2267. 	return 0;

  2268. }

  2269. 

  2270. /*

  2271.  * Save symbols command handler:

  2272.  * request: /savesymbols

  2273.  * headers: Password

  2274.  * input: json data

  2275.  * reply: json {"success":true} or {"error":"error message"}

  2276.  */

  2277. static int

  2278. rspamd_controller_handle_savesymbols (

  2279. 	struct rspamd_http_connection_entry *conn_ent,

  2280. 	struct rspamd_http_message *msg)

  2281. {

  2282. 	struct rspamd_controller_session *session = conn_ent->ud;

  2283. 	struct ucl_parser *parser;

  2284. 	ucl_object_t *obj;

  2285. 	const ucl_object_t *cur, *jname, *jvalue;

  2286. 	ucl_object_iter_t iter = NULL;

  2287. 	struct rspamd_controller_worker_ctx *ctx;

  2288. 	const gchar *error;

  2289. 	gdouble val;

  2290. 	struct rspamd_symbol *sym;

  2291. 	int added = 0;

  2292. 

  2293. 	ctx = session->ctx;

  2294. 

  2295. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2296. 		return 0;

  2297. 	}

  2298. 

  2299. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2300. 		msg_err_session ("got zero length body, cannot continue");

  2301. 		rspamd_controller_send_error (conn_ent,

  2302. 			400,

  2303. 			"Empty body is not permitted");

  2304. 		return 0;

  2305. 	}

  2306. 

  2307. 	parser = ucl_parser_new (0);

  2308. 	if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {

  2309. 		if ((error = ucl_parser_get_error (parser)) != NULL) {

  2310. 			msg_err_session ("cannot parse input: %s", error);

  2311. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2312. 			ucl_parser_free (parser);

  2313. 			return 0;

  2314. 		}

  2315. 

  2316. 		msg_err_session ("cannot parse input: unknown error");

  2317. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2318. 		ucl_parser_free (parser);

  2319. 		return 0;

  2320. 	}

  2321. 

  2322. 	obj = ucl_parser_get_object (parser);

  2323. 	ucl_parser_free (parser);

  2324. 

  2325. 	if (obj->type != UCL_ARRAY) {

  2326. 		msg_err_session ("input is not an array");

  2327. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2328. 		ucl_object_unref (obj);

  2329. 		return 0;

  2330. 	}

  2331. 

  2332. 	iter = ucl_object_iterate_new (obj);

  2333. 

  2334. 	while ((cur = ucl_object_iterate_safe (iter, true))) {

  2335. 		if (cur->type != UCL_OBJECT) {

  2336. 			msg_err_session ("json array data error");

  2337. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2338. 			ucl_object_unref (obj);

  2339. 			ucl_object_iterate_free (iter);

  2340. 

  2341. 			return 0;

  2342. 		}

  2343. 

  2344. 		jname = ucl_object_lookup (cur, "name");

  2345. 		jvalue = ucl_object_lookup (cur, "value");

  2346. 		val = ucl_object_todouble (jvalue);

  2347. 		sym = g_hash_table_lookup (session->cfg->symbols, ucl_object_tostring (jname));

  2348. 

  2349. 		if (sym && fabs (*sym->weight_ptr - val) > 0.01) {

  2350. 			if (!add_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,

  2351. 				ucl_object_tostring (jname), val)) {

  2352. 				msg_err_session ("add symbol failed for %s",

  2353. 					ucl_object_tostring (jname));

  2354. 				rspamd_controller_send_error (conn_ent, 506,

  2355. 					"Add symbol failed");

  2356. 				ucl_object_unref (obj);

  2357. 				ucl_object_iterate_free (iter);

  2358. 

  2359. 				return 0;

  2360. 			}

  2361. 			added ++;

  2362. 		}

  2363. 		else if (sym && ctx->cfg->dynamic_conf) {

  2364. 			if (remove_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,

  2365. 					ucl_object_tostring (jname))) {

  2366. 				added ++;

  2367. 			}

  2368. 		}

  2369. 	}

  2370. 

  2371. 	ucl_object_iterate_free (iter);

  2372. 

  2373. 	if (added > 0) {

  2374. 		if (ctx->cfg->dynamic_conf) {

  2375. 			if (dump_dynamic_config (ctx->cfg)) {

  2376. 				msg_info_session ("<%s> modified %d symbols",

  2377. 						rspamd_inet_address_to_string (session->from_addr),

  2378. 						added);

  2379. 

  2380. 				rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2381. 			}

  2382. 			else {

  2383. 				rspamd_controller_send_error (conn_ent, 500, "Save error");

  2384. 			}

  2385. 		}

  2386. 		else {

  2387. 			rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2388. 		}

  2389. 	}

  2390. 	else {

  2391. 		msg_err_session ("no symbols to save");

  2392. 		rspamd_controller_send_error (conn_ent, 404, "No symbols to save");

  2393. 	}

  2394. 

  2395. 	ucl_object_unref (obj);

  2396. 

  2397. 	return 0;

  2398. }

  2399. 

  2400. /*

  2401.  * Save map command handler:

  2402.  * request: /savemap

  2403.  * headers: Password, Map

  2404.  * input: plaintext data

  2405.  * reply: json {"success":true} or {"error":"error message"}

  2406.  */

  2407. static int

  2408. rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,

  2409. 	struct rspamd_http_message *msg)

  2410. {

  2411. 	struct rspamd_controller_session *session = conn_ent->ud;

  2412. 	GList *cur;

  2413. 	struct rspamd_map *map;

  2414. 	struct rspamd_map_backend *bk;

  2415. 	struct rspamd_controller_worker_ctx *ctx;

  2416. 	const rspamd_ftok_t *idstr;

  2417. 	gulong id, i, ntries = 0;

  2418. 	gboolean found = FALSE;

  2419. 	gint fd;

  2420. 

  2421. 	ctx = session->ctx;

  2422. 

  2423. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2424. 		return 0;

  2425. 	}

  2426. 

  2427. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2428. 		msg_err_session ("got zero length body, cannot continue");

  2429. 		rspamd_controller_send_error (conn_ent,

  2430. 			400,

  2431. 			"Empty body is not permitted");

  2432. 		return 0;

  2433. 	}

  2434. 

  2435. 	idstr = rspamd_http_message_find_header (msg, "Map");

  2436. 

  2437. 	if (idstr == NULL) {

  2438. 		msg_info_session ("absent map id");

  2439. 		rspamd_controller_send_error (conn_ent, 400, "Map id not specified");

  2440. 		return 0;

  2441. 	}

  2442. 

  2443. 	if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {

  2444. 		msg_info_session ("invalid map id: %T", idstr);

  2445. 		rspamd_controller_send_error (conn_ent, 400, "Map id is invalid");

  2446. 		return 0;

  2447. 	}

  2448. 

  2449. 	/* Now let's be sure that we have map defined in configuration */

  2450. 	cur = ctx->cfg->maps;

  2451. 	while (cur && !found) {

  2452. 		map = cur->data;

  2453. 

  2454. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  2455. 			if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {

  2456. 				found = TRUE;

  2457. 				break;

  2458. 			}

  2459. 		}

  2460. 		cur = g_list_next (cur);

  2461. 	}

  2462. 

  2463. 	if (!found) {

  2464. 		msg_info_session ("map not found: %L", id);

  2465. 		rspamd_controller_send_error (conn_ent, 404, "Map id not found");

  2466. 		return 0;

  2467. 	}

  2468. 

  2469. 	while (g_atomic_int_compare_and_exchange (map->locked, 0, 1)) {

  2470. 		struct timespec sleep_ts = {

  2471. 			.tv_sec = 0,

  2472. 			.tv_nsec = 100000000ULL,

  2473. 		};

  2474. 

  2475. 		if (ntries > 5) {

  2476. 			msg_info_session ("map locked: %s", bk->uri);

  2477. 			rspamd_controller_send_error (conn_ent, 404, "Map is locked");

  2478. 			return 0;

  2479. 		}

  2480. 

  2481. 		ntries ++;

  2482. 		nanosleep (&sleep_ts, NULL);

  2483. 	}

  2484. 

  2485. 	/* Set lock */

  2486. 	fd = open (bk->uri, O_WRONLY | O_TRUNC | O_CREAT, 00644);

  2487. 

  2488. 	if (fd == -1) {

  2489. 		g_atomic_int_set (map->locked, 0);

  2490. 		msg_info_session ("map %s open error: %s", bk->uri, strerror (errno));

  2491. 		rspamd_controller_send_error (conn_ent, 404, "Cannot open map: %s",

  2492. 				strerror (errno));

  2493. 		return 0;

  2494. 	}

  2495. 

  2496. 	if (write (fd, msg->body_buf.begin, msg->body_buf.len) == -1) {

  2497. 		msg_info_session ("map %s write error: %s", bk->uri, strerror (errno));

  2498. 		close (fd);

  2499. 		g_atomic_int_set (map->locked, 0);

  2500. 		rspamd_controller_send_error (conn_ent, 500, "Map write error: %s",

  2501. 				strerror (errno));

  2502. 		return 0;

  2503. 	}

  2504. 

  2505. 	msg_info_session ("<%s>, map %s saved",

  2506. 		rspamd_inet_address_to_string (session->from_addr),

  2507. 		bk->uri);

  2508. 	/* Close and unlock */

  2509. 	close (fd);

  2510. 	g_atomic_int_set (map->locked, 0);

  2511. 

  2512. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2513. 

  2514. 	return 0;

  2515. }

  2516. 

  2517. struct rspamd_stat_cbdata {

  2518. 	struct rspamd_http_connection_entry *conn_ent;

  2519. 	ucl_object_t *top;

  2520. 	ucl_object_t *stat;

  2521. 	struct rspamd_task *task;

  2522. 	guint64 learned;

  2523. };

  2524. 

  2525. static gboolean

  2526. rspamd_controller_stat_fin_task (void *ud)

  2527. {

  2528. 	struct rspamd_stat_cbdata *cbdata = ud;

  2529. 	struct rspamd_http_connection_entry *conn_ent;

  2530. 	ucl_object_t *top, *ar;

  2531. 	GList *fuzzy_elts, *cur;

  2532. 	struct rspamd_fuzzy_stat_entry *entry;

  2533. 

  2534. 	conn_ent = cbdata->conn_ent;

  2535. 	top = cbdata->top;

  2536. 

  2537. 	ucl_object_insert_key (top,

  2538. 			ucl_object_fromint (cbdata->learned), "total_learns", 0, false);

  2539. 

  2540. 	if (cbdata->stat) {

  2541. 		ucl_object_insert_key (top, cbdata->stat, "statfiles", 0, false);

  2542. 	}

  2543. 

  2544. 	fuzzy_elts = rspamd_mempool_get_variable (cbdata->task->task_pool, "fuzzy_stat");

  2545. 

  2546. 	if (fuzzy_elts) {

  2547. 		ar = ucl_object_typed_new (UCL_OBJECT);

  2548. 

  2549. 		for (cur = fuzzy_elts; cur != NULL; cur = g_list_next (cur)) {

  2550. 			entry = cur->data;

  2551. 

  2552. 			if (entry->name) {

  2553. 				ucl_object_insert_key (ar, ucl_object_fromint (entry->fuzzy_cnt),

  2554. 						entry->name, 0, true);

  2555. 			}

  2556. 		}

  2557. 

  2558. 		ucl_object_insert_key (top, ar, "fuzzy_hashes", 0, false);

  2559. 	}

  2560. 

  2561. 	rspamd_controller_send_ucl (conn_ent, top);

  2562. 

  2563. 

  2564. 	return TRUE;

  2565. }

  2566. 

  2567. static void

  2568. rspamd_controller_stat_cleanup_task (void *ud)

  2569. {

  2570. 	struct rspamd_stat_cbdata *cbdata = ud;

  2571. 

  2572. 	rspamd_task_free (cbdata->task);

  2573. 	ucl_object_unref (cbdata->top);

  2574. }

  2575. 

  2576. /*

  2577.  * Stat command handler:

  2578.  * request: /stat (/resetstat)

  2579.  * headers: Password

  2580.  * reply: json data

  2581.  */

  2582. static int

  2583. rspamd_controller_handle_stat_common (

  2584. 	struct rspamd_http_connection_entry *conn_ent,

  2585. 	struct rspamd_http_message *msg,

  2586. 	gboolean do_reset)

  2587. {

  2588. 	struct rspamd_controller_session *session = conn_ent->ud;

  2589. 	ucl_object_t *top, *sub;

  2590. 	gint i;

  2591. 	guint64 spam = 0, ham = 0;

  2592. 	rspamd_mempool_stat_t mem_st;

  2593. 	struct rspamd_stat *stat, stat_copy;

  2594. 	struct rspamd_controller_worker_ctx *ctx;

  2595. 	struct rspamd_task *task;

  2596. 	struct rspamd_stat_cbdata *cbdata;

  2597. 

  2598. 	memset (&mem_st, 0, sizeof (mem_st));

  2599. 	rspamd_mempool_stat (&mem_st);

  2600. 	memcpy (&stat_copy, session->ctx->worker->srv->stat, sizeof (stat_copy));

  2601. 	stat = &stat_copy;

  2602. 	ctx = session->ctx;

  2603. 

  2604. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2605. 			ctx->lang_det, ctx->ev_base);

  2606. 	task->resolver = ctx->resolver;

  2607. 	cbdata = rspamd_mempool_alloc0 (session->pool, sizeof (*cbdata));

  2608. 	cbdata->conn_ent = conn_ent;

  2609. 	cbdata->task = task;

  2610. 	top = ucl_object_typed_new (UCL_OBJECT);

  2611. 	cbdata->top = top;

  2612. 

  2613. 	task->s = rspamd_session_create (session->pool,

  2614. 			rspamd_controller_stat_fin_task,

  2615. 			NULL,

  2616. 			rspamd_controller_stat_cleanup_task,

  2617. 			cbdata);

  2618. 	task->fin_arg = cbdata;

  2619. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  2620. 	task->sock = conn_ent->conn->fd;

  2621. 

  2622. 	ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),

  2623. 			"read_only", 0, false);

  2624. 	ucl_object_insert_key (top, ucl_object_fromint (

  2625. 			stat->messages_scanned), "scanned", 0, false);

  2626. 	ucl_object_insert_key (top, ucl_object_fromint (

  2627. 			stat->messages_learned), "learned", 0, false);

  2628. 

  2629. 	if (stat->messages_scanned > 0) {

  2630. 		sub = ucl_object_typed_new (UCL_OBJECT);

  2631. 		for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {

  2632. 			ucl_object_insert_key (sub,

  2633. 				ucl_object_fromint (stat->actions_stat[i]),

  2634. 				rspamd_action_to_str (i), 0, false);

  2635. 			if (i < METRIC_ACTION_GREYLIST) {

  2636. 				spam += stat->actions_stat[i];

  2637. 			}

  2638. 			else {

  2639. 				ham += stat->actions_stat[i];

  2640. 			}

  2641. 			if (do_reset) {

  2642. #ifndef HAVE_ATOMIC_BUILTINS

  2643. 				session->ctx->worker->srv->stat->actions_stat[i] = 0;

  2644. #else

  2645. 				__atomic_store_n(&session->ctx->worker->srv->stat->actions_stat[i],

  2646. 						0, __ATOMIC_RELEASE);

  2647. #endif

  2648. 			}

  2649. 		}

  2650. 		ucl_object_insert_key (top, sub, "actions", 0, false);

  2651. 	}

  2652. 

  2653. 	ucl_object_insert_key (top, ucl_object_fromint (

  2654. 			spam), "spam_count", 0, false);

  2655. 	ucl_object_insert_key (top, ucl_object_fromint (

  2656. 			ham),  "ham_count",	 0, false);

  2657. 	ucl_object_insert_key (top,

  2658. 		ucl_object_fromint (stat->connections_count), "connections", 0, false);

  2659. 	ucl_object_insert_key (top,

  2660. 		ucl_object_fromint (stat->control_connections_count),

  2661. 		"control_connections", 0, false);

  2662. 

  2663. 	ucl_object_insert_key (top,

  2664. 		ucl_object_fromint (mem_st.pools_allocated), "pools_allocated", 0,

  2665. 		false);

  2666. 	ucl_object_insert_key (top,

  2667. 		ucl_object_fromint (mem_st.pools_freed), "pools_freed", 0, false);

  2668. 	ucl_object_insert_key (top,

  2669. 		ucl_object_fromint (mem_st.bytes_allocated), "bytes_allocated", 0,

  2670. 		false);

  2671. 	ucl_object_insert_key (top,

  2672. 		ucl_object_fromint (

  2673. 			mem_st.chunks_allocated), "chunks_allocated", 0, false);

  2674. 	ucl_object_insert_key (top,

  2675. 		ucl_object_fromint (mem_st.shared_chunks_allocated),

  2676. 		"shared_chunks_allocated", 0, false);

  2677. 	ucl_object_insert_key (top,

  2678. 		ucl_object_fromint (mem_st.chunks_freed), "chunks_freed", 0, false);

  2679. 	ucl_object_insert_key (top,

  2680. 		ucl_object_fromint (

  2681. 			mem_st.oversized_chunks), "chunks_oversized", 0, false);

  2682. 	ucl_object_insert_key (top,

  2683. 			ucl_object_fromint (mem_st.fragmented_size), "fragmented", 0, false);

  2684. 

  2685. 	if (do_reset) {

  2686. 		session->ctx->srv->stat->messages_scanned = 0;

  2687. 		session->ctx->srv->stat->messages_learned = 0;

  2688. 		session->ctx->srv->stat->connections_count = 0;

  2689. 		session->ctx->srv->stat->control_connections_count = 0;

  2690. 		rspamd_mempool_stat_reset ();

  2691. 	}

  2692. 

  2693. 	fuzzy_stat_command (task);

  2694. 

  2695. 	/* Now write statistics for each statfile */

  2696. 	rspamd_stat_statistics (task, session->ctx->cfg, &cbdata->learned,

  2697. 			&cbdata->stat);

  2698. 	session->task = task;

  2699. 	rspamd_session_pending (task->s);

  2700. 

  2701. 	return 0;

  2702. }

  2703. 

  2704. static int

  2705. rspamd_controller_handle_stat (struct rspamd_http_connection_entry *conn_ent,

  2706. 	struct rspamd_http_message *msg)

  2707. {

  2708. 	struct rspamd_controller_session *session = conn_ent->ud;

  2709. 

  2710. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2711. 		return 0;

  2712. 	}

  2713. 

  2714. 	return rspamd_controller_handle_stat_common (conn_ent, msg, FALSE);

  2715. }

  2716. 

  2717. static int

  2718. rspamd_controller_handle_statreset (

  2719. 	struct rspamd_http_connection_entry *conn_ent,

  2720. 	struct rspamd_http_message *msg)

  2721. {

  2722. 	struct rspamd_controller_session *session = conn_ent->ud;

  2723. 

  2724. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2725. 		return 0;

  2726. 	}

  2727. 

  2728. 	msg_info_session ("<%s> reset stat",

  2729. 			rspamd_inet_address_to_string (session->from_addr));

  2730. 	return rspamd_controller_handle_stat_common (conn_ent, msg, TRUE);

  2731. }

  2732. 

  2733. 

  2734. /*

  2735.  * Counters command handler:

  2736.  * request: /counters

  2737.  * headers: Password

  2738.  * reply: json array of all counters

  2739.  */

  2740. static int

  2741. rspamd_controller_handle_counters (

  2742. 	struct rspamd_http_connection_entry *conn_ent,

  2743. 	struct rspamd_http_message *msg)

  2744. {

  2745. 	struct rspamd_controller_session *session = conn_ent->ud;

  2746. 	ucl_object_t *top;

  2747. 	struct rspamd_symcache *cache;

  2748. 

  2749. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2750. 		return 0;

  2751. 	}

  2752. 

  2753. 	cache = session->ctx->cfg->cache;

  2754. 

  2755. 	if (cache != NULL) {

  2756. 		top = rspamd_symcache_counters (cache);

  2757. 		rspamd_controller_send_ucl (conn_ent, top);

  2758. 		ucl_object_unref (top);

  2759. 	}

  2760. 	else {

  2761. 		rspamd_controller_send_error (conn_ent, 500, "Invalid cache");

  2762. 	}

  2763. 

  2764. 	return 0;

  2765. }

  2766. 

  2767. static int

  2768. rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,

  2769. 	struct rspamd_http_message *msg)

  2770. {

  2771. 	struct rspamd_controller_session *session = conn_ent->ud;

  2772. 	struct rspamd_custom_controller_command *cmd;

  2773. 	gchar *url_str;

  2774. 	struct http_parser_url u;

  2775. 	rspamd_ftok_t lookup;

  2776. 

  2777. 	http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);

  2778. 

  2779. 	if (u.field_set & (1 << UF_PATH)) {

  2780. 		guint unnorm_len;

  2781. 		lookup.begin = msg->url->str + u.field_data[UF_PATH].off;

  2782. 		lookup.len = u.field_data[UF_PATH].len;

  2783. 

  2784. 		rspamd_http_normalize_path_inplace ((gchar *)lookup.begin,

  2785. 				lookup.len,

  2786. 				&unnorm_len);

  2787. 		lookup.len = unnorm_len;

  2788. 	}

  2789. 	else {

  2790. 		lookup.begin = msg->url->str;

  2791. 		lookup.len = msg->url->len;

  2792. 	}

  2793. 

  2794. 	url_str = rspamd_ftok_cstr (&lookup);

  2795. 	cmd = g_hash_table_lookup (session->ctx->custom_commands, url_str);

  2796. 	g_free (url_str);

  2797. 

  2798. 	if (cmd == NULL || cmd->handler == NULL) {

  2799. 		msg_err_session ("custom command %T has not been found", &lookup);

  2800. 		rspamd_controller_send_error (conn_ent, 404, "No command associated");

  2801. 		return 0;

  2802. 	}

  2803. 

  2804. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  2805. 		cmd->privilleged)) {

  2806. 		return 0;

  2807. 	}

  2808. 	if (cmd->require_message && (rspamd_http_message_get_body (msg, NULL) == NULL)) {

  2809. 		msg_err_session ("got zero length body, cannot continue");

  2810. 		rspamd_controller_send_error (conn_ent,

  2811. 			400,

  2812. 			"Empty body is not permitted");

  2813. 		return 0;

  2814. 	}

  2815. 

  2816. 	/* Transfer query arguments to headers */

  2817. 	if (u.field_set & (1u << UF_QUERY)) {

  2818. 		GHashTable *query_args;

  2819. 		GHashTableIter it;

  2820. 		gpointer k, v;

  2821. 		rspamd_ftok_t *key, *value;

  2822. 

  2823. 		/* In case if we have a query, we need to store it somewhere */

  2824. 		query_args = rspamd_http_message_parse_query (msg);

  2825. 

  2826. 		/* Insert the rest of query params as HTTP headers */

  2827. 		g_hash_table_iter_init (&it, query_args);

  2828. 

  2829. 		while (g_hash_table_iter_next (&it, &k, &v)) {

  2830. 			key = k;

  2831. 			value = v;

  2832. 			/* Steal strings */

  2833. 			g_hash_table_iter_steal (&it);

  2834. 			url_str = rspamd_ftok_cstr (key);

  2835. 			rspamd_http_message_add_header_len (msg, url_str,

  2836. 					value->begin, value->len);

  2837. 			g_free (url_str);

  2838. 		}

  2839. 

  2840. 		g_hash_table_unref (query_args);

  2841. 	}

  2842. 

  2843. 	return cmd->handler (conn_ent, msg, cmd->ctx);

  2844. }

  2845. 

  2846. static int

  2847. rspamd_controller_handle_plugins (struct rspamd_http_connection_entry *conn_ent,

  2848. 	struct rspamd_http_message *msg)

  2849. {

  2850. 	struct rspamd_controller_session *session = conn_ent->ud;

  2851. 	struct rspamd_controller_plugin_cbdata *cbd;

  2852. 	GHashTableIter it;

  2853. 	gpointer k, v;

  2854. 	ucl_object_t *plugins;

  2855. 

  2856. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  2857. 			FALSE)) {

  2858. 		return 0;

  2859. 	}

  2860. 

  2861. 	plugins = ucl_object_typed_new (UCL_OBJECT);

  2862. 	g_hash_table_iter_init (&it, session->ctx->plugins);

  2863. 

  2864. 	while (g_hash_table_iter_next (&it, &k, &v)) {

  2865. 		ucl_object_t *elt, *npath;

  2866. 

  2867. 		cbd = v;

  2868. 		elt = (ucl_object_t *)ucl_object_lookup (plugins, cbd->plugin);

  2869. 

  2870. 		if (elt == NULL) {

  2871. 			elt = ucl_object_typed_new (UCL_OBJECT);

  2872. 			ucl_object_insert_key (elt, ucl_object_fromint (cbd->version),

  2873. 					"version", 0, false);

  2874. 			npath = ucl_object_typed_new (UCL_ARRAY);

  2875. 			ucl_object_insert_key (elt, npath, "paths", 0, false);

  2876. 			ucl_object_insert_key (plugins, elt, cbd->plugin, 0, false);

  2877. 		}

  2878. 		else {

  2879. 			npath = (ucl_object_t *)ucl_object_lookup (elt, "paths");

  2880. 		}

  2881. 

  2882. 		g_assert (npath != NULL);

  2883. 		ucl_array_append (npath, ucl_object_fromstring (k));

  2884. 	}

  2885. 

  2886. 	rspamd_controller_send_ucl (conn_ent, plugins);

  2887. 	ucl_object_unref (plugins);

  2888. 

  2889. 	return 0;

  2890. }

  2891. 

  2892. static int

  2893. rspamd_controller_handle_ping (struct rspamd_http_connection_entry *conn_ent,

  2894. 		struct rspamd_http_message *msg)

  2895. {

  2896. 	struct rspamd_http_message *rep_msg;

  2897. 	rspamd_fstring_t *reply;

  2898. 

  2899. 	rep_msg = rspamd_http_new_message (HTTP_RESPONSE);

  2900. 	rep_msg->date = time (NULL);

  2901. 	rep_msg->code = 200;

  2902. 	rep_msg->status = rspamd_fstring_new_init ("OK", 2);

  2903. 	reply = rspamd_fstring_new_init ("pong" CRLF, strlen ("pong" CRLF));

  2904. 	rspamd_http_message_set_body_from_fstring_steal (rep_msg, reply);

  2905. 	rspamd_http_connection_reset (conn_ent->conn);

  2906. 	rspamd_http_router_insert_headers (conn_ent->rt, rep_msg);

  2907. 	rspamd_http_connection_write_message (conn_ent->conn,

  2908. 			rep_msg,

  2909. 			NULL,

  2910. 			"text/plain",

  2911. 			conn_ent,

  2912. 			conn_ent->conn->fd,

  2913. 			conn_ent->rt->ptv,

  2914. 			conn_ent->rt->ev_base);

  2915. 	conn_ent->is_reply = TRUE;

  2916. 

  2917. 	return 0;

  2918. }

  2919. 

  2920. /*

  2921.  * Called on unknown methods and is used to deal with CORS as per

  2922.  * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

  2923.  */

  2924. static int

  2925. rspamd_controller_handle_unknown (struct rspamd_http_connection_entry *conn_ent,

  2926. 	struct rspamd_http_message *msg)

  2927. {

  2928. 	struct rspamd_http_message *rep;

  2929. 

  2930. 	if (msg->method == HTTP_OPTIONS) {

  2931. 		/* Assume CORS request */

  2932. 

  2933. 		rep = rspamd_http_new_message (HTTP_RESPONSE);

  2934. 		rep->date = time (NULL);

  2935. 		rep->code = 200;

  2936. 		rep->status = rspamd_fstring_new_init ("OK", 2);

  2937. 		rspamd_http_message_add_header (rep, "Access-Control-Allow-Methods",

  2938. 				"POST, GET, OPTIONS");

  2939. 		rspamd_http_message_add_header (rep, "Access-Control-Allow-Headers",

  2940. 						"Content-Type,Password,Map,Weight,Flag");

  2941. 		rspamd_http_connection_reset (conn_ent->conn);

  2942. 		rspamd_http_router_insert_headers (conn_ent->rt, rep);

  2943. 		rspamd_http_connection_write_message (conn_ent->conn,

  2944. 				rep,

  2945. 				NULL,

  2946. 				"text/plain",

  2947. 				conn_ent,

  2948. 				conn_ent->conn->fd,

  2949. 				conn_ent->rt->ptv,

  2950. 				conn_ent->rt->ev_base);

  2951. 		conn_ent->is_reply = TRUE;

  2952. 	}

  2953. 	else {

  2954. 		rep = rspamd_http_new_message (HTTP_RESPONSE);

  2955. 		rep->date = time (NULL);

  2956. 		rep->code = 500;

  2957. 		rep->status = rspamd_fstring_new_init ("Invalid method",

  2958. 				strlen ("Invalid method"));

  2959. 		rspamd_http_connection_reset (conn_ent->conn);

  2960. 		rspamd_http_router_insert_headers (conn_ent->rt, rep);

  2961. 		rspamd_http_connection_write_message (conn_ent->conn,

  2962. 				rep,

  2963. 				NULL,

  2964. 				"text/plain",

  2965. 				conn_ent,

  2966. 				conn_ent->conn->fd,

  2967. 				conn_ent->rt->ptv,

  2968. 				conn_ent->rt->ev_base);

  2969. 		conn_ent->is_reply = TRUE;

  2970. 	}

  2971. 

  2972. 	return 0;

  2973. }

  2974. 

  2975. static int

  2976. rspamd_controller_handle_lua_plugin (struct rspamd_http_connection_entry *conn_ent,

  2977. 	struct rspamd_http_message *msg)

  2978. {

  2979. 	struct rspamd_controller_session *session = conn_ent->ud;

  2980. 	struct rspamd_controller_plugin_cbdata *cbd;

  2981. 	struct rspamd_task *task, **ptask;

  2982. 	struct rspamd_http_connection_entry **pconn;

  2983. 	struct rspamd_controller_worker_ctx *ctx;

  2984. 	lua_State *L;

  2985. 	gchar *url_str;

  2986. 

  2987. 	url_str = rspamd_fstring_cstr (msg->url);

  2988. 	cbd = g_hash_table_lookup (session->ctx->plugins, url_str);

  2989. 	g_free (url_str);

  2990. 

  2991. 	if (cbd == NULL || cbd->handler == NULL) {

  2992. 		msg_err_session ("plugin handler %V has not been found", msg->url);

  2993. 		rspamd_controller_send_error (conn_ent, 404, "No command associated");

  2994. 		return 0;

  2995. 	}

  2996. 

  2997. 	L = cbd->L;

  2998. 	ctx = cbd->ctx;

  2999. 

  3000. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  3001. 		cbd->is_enable)) {

  3002. 		return 0;

  3003. 	}

  3004. 	if (cbd->need_task && (rspamd_http_message_get_body (msg, NULL) == NULL)) {

  3005. 		msg_err_session ("got zero length body, cannot continue");

  3006. 		rspamd_controller_send_error (conn_ent,

  3007. 			400,

  3008. 			"Empty body is not permitted");

  3009. 		return 0;

  3010. 	}

  3011. 

  3012. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  3013. 			ctx->lang_det, ctx->ev_base);

  3014. 

  3015. 	task->resolver = ctx->resolver;

  3016. 	task->s = rspamd_session_create (session->pool,

  3017. 			rspamd_controller_lua_fin_task,

  3018. 			NULL,

  3019. 			(event_finalizer_t )rspamd_task_free,

  3020. 			task);

  3021. 	task->fin_arg = conn_ent;

  3022. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  3023. 	task->sock = -1;

  3024. 	session->task = task;

  3025. 

  3026. 	if (msg->body_buf.len > 0) {

  3027. 		if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  3028. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  3029. 					task->err->message);

  3030. 			return 0;

  3031. 		}

  3032. 	}

  3033. 

  3034. 	/* Callback */

  3035. 	lua_rawgeti (L, LUA_REGISTRYINDEX, cbd->handler->idx);

  3036. 

  3037. 	ptask = lua_newuserdata (L, sizeof (*ptask));

  3038. 	rspamd_lua_setclass (L, "rspamd{task}", -1);

  3039. 	*ptask = task;

  3040. 

  3041. 	pconn = lua_newuserdata (L, sizeof (*pconn));

  3042. 	rspamd_lua_setclass (L, "rspamd{csession}", -1);

  3043. 	*pconn = conn_ent;

  3044. 

  3045. 	if (lua_pcall (L, 2, 0, 0) != 0) {

  3046. 		rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",

  3047. 				lua_tostring (L, -1));

  3048. 		lua_settop (L, 0);

  3049. 

  3050. 		return 0;

  3051. 	}

  3052. 

  3053. 	rspamd_session_pending (task->s);

  3054. 

  3055. 	return 0;

  3056. }

  3057. 

  3058. 

  3059. static void

  3060. rspamd_controller_error_handler (struct rspamd_http_connection_entry *conn_ent,

  3061. 	GError *err)

  3062. {

  3063. 	struct rspamd_controller_session *session = conn_ent->ud;

  3064. 

  3065. 	msg_err_session ("http error occurred: %s", err->message);

  3066. }

  3067. 

  3068. static void

  3069. rspamd_controller_finish_handler (struct rspamd_http_connection_entry *conn_ent)

  3070. {

  3071. 	struct rspamd_controller_session *session = conn_ent->ud;

  3072. 

  3073. 	session->ctx->worker->srv->stat->control_connections_count++;

  3074. 

  3075. 	if (session->task != NULL) {

  3076. 		rspamd_session_destroy (session->task->s);

  3077. 	}

  3078. 

  3079. 	session->wrk->nconns --;

  3080. 	rspamd_inet_address_free (session->from_addr);

  3081. 	REF_RELEASE (session->cfg);

  3082. 

  3083. 	if (session->pool) {

  3084. 		msg_debug_session ("destroy session %p", session);

  3085. 		rspamd_mempool_delete (session->pool);

  3086. 	}

  3087. 

  3088. 	g_free (session);

  3089. }

  3090. 

  3091. static void

  3092. rspamd_controller_accept_socket (gint fd, short what, void *arg)

  3093. {

  3094. 	struct rspamd_worker *worker = (struct rspamd_worker *) arg;

  3095. 	struct rspamd_controller_worker_ctx *ctx;

  3096. 	struct rspamd_controller_session *session;

  3097. 	rspamd_inet_addr_t *addr;

  3098. 	gint nfd;

  3099. 

  3100. 	ctx = worker->ctx;

  3101. 

  3102. 	if ((nfd =

  3103. 		rspamd_accept_from_socket (fd, &addr, worker->accept_events)) == -1) {

  3104. 		msg_warn_ctx ("accept failed: %s", strerror (errno));

  3105. 		return;

  3106. 	}

  3107. 	/* Check for EAGAIN */

  3108. 	if (nfd == 0) {

  3109. 		return;

  3110. 	}

  3111. 

  3112. 	session = g_malloc0 (sizeof (struct rspamd_controller_session));

  3113. 	session->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (),

  3114. 			"csession");

  3115. 	session->ctx = ctx;

  3116. 	session->cfg = ctx->cfg;

  3117. 	session->lang_det = ctx->lang_det;

  3118. 	REF_RETAIN (session->cfg);

  3119. 

  3120. 	session->from_addr = addr;

  3121. 	session->wrk = worker;

  3122. 	worker->nconns ++;

  3123. 

  3124. 	rspamd_http_router_handle_socket (ctx->http, nfd, session);

  3125. }

  3126. 

  3127. static void

  3128. rspamd_controller_rrd_update (gint fd, short what, void *arg)

  3129. {

  3130. 	struct rspamd_controller_worker_ctx *ctx = arg;

  3131. 	struct rspamd_stat *stat;

  3132. 	GArray ar;

  3133. 	gdouble points[METRIC_ACTION_MAX];

  3134. 	GError *err = NULL;

  3135. 	guint i;

  3136. 

  3137. 	g_assert (ctx->rrd != NULL);

  3138. 	stat = ctx->srv->stat;

  3139. 

  3140. 	for (i = METRIC_ACTION_REJECT; i < METRIC_ACTION_MAX; i ++) {

  3141. 		points[i] = stat->actions_stat[i];

  3142. 	}

  3143. 

  3144. 	ar.data = (gchar *)points;

  3145. 	ar.len = sizeof (points);

  3146. 

  3147. 	if (!rspamd_rrd_add_record (ctx->rrd, &ar, rspamd_get_calendar_ticks (),

  3148. 			&err)) {

  3149. 		msg_err_ctx ("cannot update rrd file: %e", err);

  3150. 		g_error_free (err);

  3151. 	}

  3152. 

  3153. 	/* Plan new event */

  3154. 	event_del (ctx->rrd_event);

  3155. 	evtimer_add (ctx->rrd_event, &rrd_update_time);

  3156. }

  3157. 

  3158. static void

  3159. rspamd_controller_load_saved_stats (struct rspamd_controller_worker_ctx *ctx)

  3160. {

  3161. 	struct ucl_parser *parser;

  3162. 	ucl_object_t *obj;

  3163. 	const ucl_object_t *elt, *subelt;

  3164. 	struct rspamd_stat *stat, stat_copy;

  3165. 	gint i;

  3166. 

  3167. 	g_assert (ctx->saved_stats_path != NULL);

  3168. 

  3169. 	if (access (ctx->saved_stats_path, R_OK) == -1) {

  3170. 		msg_err_ctx ("cannot load controller stats from %s: %s",

  3171. 				ctx->saved_stats_path, strerror (errno));

  3172. 		return;

  3173. 	}

  3174. 

  3175. 	parser = ucl_parser_new (0);

  3176. 

  3177. 	if (!ucl_parser_add_file (parser, ctx->saved_stats_path)) {

  3178. 		msg_err_ctx ("cannot parse controller stats from %s: %s",

  3179. 				ctx->saved_stats_path, ucl_parser_get_error (parser));

  3180. 		ucl_parser_free (parser);

  3181. 

  3182. 		return;

  3183. 	}

  3184. 

  3185. 	obj = ucl_parser_get_object (parser);

  3186. 	ucl_parser_free (parser);

  3187. 

  3188. 	stat = ctx->srv->stat;

  3189. 	memcpy (&stat_copy, stat, sizeof (stat_copy));

  3190. 

  3191. 	elt = ucl_object_lookup (obj, "scanned");

  3192. 

  3193. 	if (elt != NULL && ucl_object_type (elt) == UCL_INT) {

  3194. 		stat_copy.messages_scanned = ucl_object_toint (elt);

  3195. 	}

  3196. 

  3197. 	elt = ucl_object_lookup (obj, "learned");

  3198. 

  3199. 	if (elt != NULL && ucl_object_type (elt) == UCL_INT) {

  3200. 		stat_copy.messages_learned = ucl_object_toint (elt);

  3201. 	}

  3202. 

  3203. 	elt = ucl_object_lookup (obj, "actions");

  3204. 

  3205. 	if (elt != NULL) {

  3206. 		for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {

  3207. 			subelt = ucl_object_lookup (elt, rspamd_action_to_str (i));

  3208. 

  3209. 			if (subelt && ucl_object_type (subelt) == UCL_INT) {

  3210. 				stat_copy.actions_stat[i] = ucl_object_toint (subelt);

  3211. 			}

  3212. 		}

  3213. 	}

  3214. 

  3215. 	elt = ucl_object_lookup (obj, "connections_count");

  3216. 

  3217. 	if (elt != NULL && ucl_object_type (elt) == UCL_INT) {

  3218. 		stat_copy.connections_count = ucl_object_toint (elt);

  3219. 	}

  3220. 

  3221. 	elt = ucl_object_lookup (obj, "control_connections_count");

  3222. 

  3223. 	if (elt != NULL && ucl_object_type (elt) == UCL_INT) {

  3224. 		stat_copy.control_connections_count = ucl_object_toint (elt);

  3225. 	}

  3226. 

  3227. 	ucl_object_unref (obj);

  3228. 	memcpy (stat, &stat_copy, sizeof (stat_copy));

  3229. }

  3230. 

  3231. static void

  3232. rspamd_controller_store_saved_stats (struct rspamd_controller_worker_ctx *ctx)

  3233. {

  3234. 	struct rspamd_stat *stat;

  3235. 	ucl_object_t *top, *sub;

  3236. 	struct ucl_emitter_functions *efuncs;

  3237. 	gint i, fd;

  3238. 

  3239. 	g_assert (ctx->saved_stats_path != NULL);

  3240. 

  3241. 	fd = open (ctx->saved_stats_path, O_WRONLY|O_CREAT|O_TRUNC, 00644);

  3242. 

  3243. 	if (fd == -1) {

  3244. 		msg_err_ctx ("cannot open for writing controller stats from %s: %s",

  3245. 				ctx->saved_stats_path, strerror (errno));

  3246. 		return;

  3247. 	}

  3248. 

  3249. 	if (rspamd_file_lock (fd, FALSE) == -1) {

  3250. 		msg_err_ctx ("cannot lock controller stats in %s: %s",

  3251. 				ctx->saved_stats_path, strerror (errno));

  3252. 		close (fd);

  3253. 

  3254. 		return;

  3255. 	}

  3256. 

  3257. 	stat = ctx->srv->stat;

  3258. 

  3259. 	top = ucl_object_typed_new (UCL_OBJECT);

  3260. 	ucl_object_insert_key (top, ucl_object_fromint (

  3261. 			stat->messages_scanned), "scanned", 0, false);

  3262. 	ucl_object_insert_key (top, ucl_object_fromint (

  3263. 			stat->messages_learned), "learned", 0, false);

  3264. 

  3265. 	if (stat->messages_scanned > 0) {

  3266. 		sub = ucl_object_typed_new (UCL_OBJECT);

  3267. 		for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {

  3268. 			ucl_object_insert_key (sub,

  3269. 					ucl_object_fromint (stat->actions_stat[i]),

  3270. 					rspamd_action_to_str (i), 0, false);

  3271. 		}

  3272. 		ucl_object_insert_key (top, sub, "actions", 0, false);

  3273. 	}

  3274. 

  3275. 	ucl_object_insert_key (top,

  3276. 			ucl_object_fromint (stat->connections_count), "connections", 0, false);

  3277. 	ucl_object_insert_key (top,

  3278. 			ucl_object_fromint (stat->control_connections_count),

  3279. 			"control_connections", 0, false);

  3280. 

  3281. 

  3282. 	efuncs = ucl_object_emit_fd_funcs (fd);

  3283. 	ucl_object_emit_full (top, UCL_EMIT_JSON_COMPACT,

  3284. 			efuncs, NULL);

  3285. 

  3286. 	ucl_object_unref (top);

  3287. 	rspamd_file_unlock (fd, FALSE);

  3288. 	close (fd);

  3289. 	ucl_object_emit_funcs_free (efuncs);

  3290. }

  3291. 

  3292. static void

  3293. rspamd_controller_stats_save_periodic (int fd, short what, gpointer ud)

  3294. {

  3295. 	struct rspamd_controller_worker_ctx *ctx = ud;

  3296. 

  3297. 	rspamd_controller_store_saved_stats (ctx);

  3298. }

  3299. 

  3300. static void

  3301. rspamd_controller_password_sane (struct rspamd_controller_worker_ctx *ctx,

  3302. 		const gchar *password, const gchar *type)

  3303. {

  3304. 	const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0];

  3305. 

  3306. 	if (password == NULL) {

  3307. 		msg_warn_ctx ("%s is not set, so you should filter controller "

  3308. 				"availability "

  3309. 				"by using of firewall or `secure_ip` option", type);

  3310. 		return;

  3311. 	}

  3312. 

  3313. 	g_assert (pbkdf != NULL);

  3314. 

  3315. 	if (!rspamd_is_encrypted_password (password, NULL)) {

  3316. 		/* Suggest encryption to a user */

  3317. 

  3318. 		msg_warn_ctx ("your %s is not encrypted, we strongly "

  3319. 				"recommend to replace it with the encrypted one", type);

  3320. 	}

  3321. }

  3322. 

  3323. gpointer

  3324. init_controller_worker (struct rspamd_config *cfg)

  3325. {

  3326. 	struct rspamd_controller_worker_ctx *ctx;

  3327. 	GQuark type;

  3328. 

  3329. 	type = g_quark_try_string ("controller");

  3330. 

  3331. 	ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,

  3332. 			sizeof (struct rspamd_controller_worker_ctx));

  3333. 

  3334. 	ctx->magic = rspamd_controller_ctx_magic;

  3335. 	ctx->timeout = DEFAULT_WORKER_IO_TIMEOUT;

  3336. 	ctx->task_timeout = NAN;

  3337. 

  3338. 	rspamd_rcl_register_worker_option (cfg,

  3339. 			type,

  3340. 			"password",

  3341. 			rspamd_rcl_parse_struct_string,

  3342. 			ctx,

  3343. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, password),

  3344. 			0,

  3345. 			"Password for read-only commands");

  3346. 

  3347. 	rspamd_rcl_register_worker_option (cfg,

  3348. 			type,

  3349. 			"enable_password",

  3350. 			rspamd_rcl_parse_struct_string,

  3351. 			ctx,

  3352. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3353. 					enable_password),

  3354. 			0,

  3355. 			"Password for read and write commands");

  3356. 

  3357. 	rspamd_rcl_register_worker_option (cfg,

  3358. 			type,

  3359. 			"ssl",

  3360. 			rspamd_rcl_parse_struct_boolean,

  3361. 			ctx,

  3362. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, use_ssl),

  3363. 			0,

  3364. 			"Unimplemented");

  3365. 

  3366. 	rspamd_rcl_register_worker_option (cfg,

  3367. 			type,

  3368. 			"ssl_cert",

  3369. 			rspamd_rcl_parse_struct_string,

  3370. 			ctx,

  3371. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_cert),

  3372. 			0,

  3373. 			"Unimplemented");

  3374. 

  3375. 	rspamd_rcl_register_worker_option (cfg,

  3376. 			type,

  3377. 			"ssl_key",

  3378. 			rspamd_rcl_parse_struct_string,

  3379. 			ctx,

  3380. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_key),

  3381. 			0,

  3382. 			"Unimplemented");

  3383. 	rspamd_rcl_register_worker_option (cfg,

  3384. 			type,

  3385. 			"timeout",

  3386. 			rspamd_rcl_parse_struct_time,

  3387. 			ctx,

  3388. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3389. 					timeout),

  3390. 			RSPAMD_CL_FLAG_TIME_INTEGER,

  3391. 			"Protocol timeout");

  3392. 

  3393. 	rspamd_rcl_register_worker_option (cfg,

  3394. 			type,

  3395. 			"secure_ip",

  3396. 			rspamd_rcl_parse_struct_ucl,

  3397. 			ctx,

  3398. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),

  3399. 			0,

  3400. 			"List of IP addresses that are allowed for password-less access");

  3401. 

  3402. 	rspamd_rcl_register_worker_option (cfg,

  3403. 			type,

  3404. 			"trusted_ips",

  3405. 			rspamd_rcl_parse_struct_ucl,

  3406. 			ctx,

  3407. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),

  3408. 			0,

  3409. 			"List of IP addresses that are allowed for password-less access");

  3410. 

  3411. 	rspamd_rcl_register_worker_option (cfg,

  3412. 			type,

  3413. 			"static_dir",

  3414. 			rspamd_rcl_parse_struct_string,

  3415. 			ctx,

  3416. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3417. 					static_files_dir),

  3418. 			0,

  3419. 			"Directory for static files served by controller's HTTP server");

  3420. 

  3421. 	rspamd_rcl_register_worker_option (cfg,

  3422. 			type,

  3423. 			"keypair",

  3424. 			rspamd_rcl_parse_struct_keypair,

  3425. 			ctx,

  3426. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3427. 					key),

  3428. 			0,

  3429. 			"Encryption keypair");

  3430. 

  3431. 	rspamd_rcl_register_worker_option (cfg,

  3432. 			type,

  3433. 			"stats_path",

  3434. 			rspamd_rcl_parse_struct_string,

  3435. 			ctx,

  3436. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3437. 					saved_stats_path),

  3438. 			0,

  3439. 			"Directory where controller saves server's statistics between restarts");

  3440. 

  3441. 	rspamd_rcl_register_worker_option (cfg,

  3442. 			type,

  3443. 			"task_timeout",

  3444. 			rspamd_rcl_parse_struct_time,

  3445. 			ctx,

  3446. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3447. 					task_timeout),

  3448. 			RSPAMD_CL_FLAG_TIME_FLOAT,

  3449. 			"Maximum task processing time, default: 8.0 seconds");

  3450. 

  3451. 	return ctx;

  3452. }

  3453. 

  3454. /* Lua bindings */

  3455. LUA_FUNCTION_DEF (csession, get_ev_base);

  3456. LUA_FUNCTION_DEF (csession, get_cfg);

  3457. LUA_FUNCTION_DEF (csession, send_ucl);

  3458. LUA_FUNCTION_DEF (csession, send_string);

  3459. LUA_FUNCTION_DEF (csession, send_error);

  3460. 

  3461. static const struct luaL_reg lua_csessionlib_m[] = {

  3462. 	LUA_INTERFACE_DEF (csession, get_ev_base),

  3463. 	LUA_INTERFACE_DEF (csession, get_cfg),

  3464. 	LUA_INTERFACE_DEF (csession, send_ucl),

  3465. 	LUA_INTERFACE_DEF (csession, send_string),

  3466. 	LUA_INTERFACE_DEF (csession, send_error),

  3467. 	{"__tostring", rspamd_lua_class_tostring},

  3468. 	{NULL, NULL}

  3469. };

  3470. 

  3471. /* Basic functions of LUA API for worker object */

  3472. static void

  3473. luaopen_controller (lua_State * L)

  3474. {

  3475. 	rspamd_lua_new_class (L, "rspamd{csession}", lua_csessionlib_m);

  3476. 	lua_pop (L, 1);

  3477. }

  3478. 

  3479. struct rspamd_http_connection_entry *

  3480. lua_check_controller_entry (lua_State * L, gint pos)

  3481. {

  3482. 	void *ud = luaL_checkudata (L, pos, "rspamd{csession}");

  3483. 	luaL_argcheck (L, ud != NULL, pos, "'csession' expected");

  3484. 	return ud ? *((struct rspamd_http_connection_entry **)ud) : NULL;

  3485. }

  3486. 

  3487. static int

  3488. lua_csession_get_ev_base (lua_State *L)

  3489. {

  3490. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3491. 	struct event_base **pbase;

  3492. 	struct rspamd_controller_session *s;

  3493. 

  3494. 	if (c) {

  3495. 		s = c->ud;

  3496. 		pbase = lua_newuserdata (L, sizeof (struct event_base *));

  3497. 		rspamd_lua_setclass (L, "rspamd{ev_base}", -1);

  3498. 		*pbase = s->ctx->ev_base;

  3499. 	}

  3500. 	else {

  3501. 		return luaL_error (L, "invalid arguments");

  3502. 	}

  3503. 

  3504. 	return 1;

  3505. }

  3506. 

  3507. static int

  3508. lua_csession_get_cfg (lua_State *L)

  3509. {

  3510. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3511. 	struct rspamd_config **pcfg;

  3512. 	struct rspamd_controller_session *s;

  3513. 

  3514. 	if (c) {

  3515. 		s = c->ud;

  3516. 		pcfg = lua_newuserdata (L, sizeof (gpointer));

  3517. 		rspamd_lua_setclass (L, "rspamd{config}", -1);

  3518. 		*pcfg = s->ctx->cfg;

  3519. 	}

  3520. 	else {

  3521. 		return luaL_error (L, "invalid arguments");

  3522. 	}

  3523. 

  3524. 	return 1;

  3525. }

  3526. 

  3527. static int

  3528. lua_csession_send_ucl (lua_State *L)

  3529. {

  3530. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3531. 	ucl_object_t *obj = ucl_object_lua_import_escape (L, 2);

  3532. 

  3533. 	if (c) {

  3534. 		rspamd_controller_send_ucl (c, obj);

  3535. 	}

  3536. 	else {

  3537. 		ucl_object_unref (obj);

  3538. 		return luaL_error (L, "invalid arguments");

  3539. 	}

  3540. 

  3541. 	ucl_object_unref (obj);

  3542. 

  3543. 	return 0;

  3544. }

  3545. 

  3546. static int

  3547. lua_csession_send_error (lua_State *L)

  3548. {

  3549. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3550. 	guint err_code = lua_tonumber (L, 2);

  3551. 	const gchar *err_str = lua_tostring (L, 3);

  3552. 

  3553. 	if (c) {

  3554. 		rspamd_controller_send_error (c, err_code, "%s", err_str);

  3555. 	}

  3556. 	else {

  3557. 		return luaL_error (L, "invalid arguments");

  3558. 	}

  3559. 

  3560. 	return 0;

  3561. }

  3562. 

  3563. static int

  3564. lua_csession_send_string (lua_State *L)

  3565. {

  3566. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3567. 	const gchar *str = lua_tostring (L, 2);

  3568. 

  3569. 	if (c) {

  3570. 		rspamd_controller_send_string (c, str);

  3571. 	}

  3572. 	else {

  3573. 		return luaL_error (L, "invalid arguments");

  3574. 	}

  3575. 

  3576. 	return 0;

  3577. }

  3578. 

  3579. static gboolean

  3580. rspamd_controller_on_terminate (struct rspamd_worker *worker)

  3581. {

  3582. 	struct rspamd_controller_worker_ctx *ctx = worker->ctx;

  3583. 

  3584. 	rspamd_controller_store_saved_stats (ctx);

  3585. 

  3586. 	if (ctx->rrd) {

  3587. 		msg_info ("closing rrd file: %s", ctx->rrd->filename);

  3588. 		event_del (ctx->rrd_event);

  3589. 		rspamd_rrd_close (ctx->rrd);

  3590. 	}

  3591. 

  3592. 	return FALSE;

  3593. }

  3594. 

  3595. static void

  3596. rspamd_plugin_cbdata_dtor (gpointer p)

  3597. {

  3598. 	struct rspamd_controller_plugin_cbdata *cbd = p;

  3599. 

  3600. 	g_free (cbd->plugin);

  3601. 	ucl_object_unref (cbd->obj); /* This also releases lua references */

  3602. 	g_free (cbd);

  3603. }

  3604. 

  3605. static void

  3606. rspamd_controller_register_plugin_path (lua_State *L,

  3607. 		struct rspamd_controller_worker_ctx *ctx,

  3608. 		const ucl_object_t *webui_data,

  3609. 		const ucl_object_t *handler,

  3610. 		const gchar *path,

  3611. 		const gchar *plugin_name)

  3612. {

  3613. 	struct rspamd_controller_plugin_cbdata *cbd;

  3614. 	const ucl_object_t *elt;

  3615. 	GString *full_path;

  3616. 

  3617. 	cbd = g_malloc0 (sizeof (*cbd));

  3618. 	cbd->L = L;

  3619. 	cbd->ctx = ctx;

  3620. 	cbd->handler = ucl_object_toclosure (handler);

  3621. 	cbd->plugin = g_strdup (plugin_name);

  3622. 	cbd->obj = ucl_object_ref (webui_data);

  3623. 

  3624. 	elt = ucl_object_lookup (webui_data, "version");

  3625. 

  3626. 	if (elt) {

  3627. 		cbd->version = ucl_object_toint (elt);

  3628. 	}

  3629. 

  3630. 	elt = ucl_object_lookup (webui_data, "enable");

  3631. 

  3632. 	if (elt && ucl_object_toboolean (elt)) {

  3633. 		cbd->is_enable = TRUE;

  3634. 	}

  3635. 

  3636. 	elt = ucl_object_lookup (webui_data, "need_task");

  3637. 

  3638. 	if (elt && !!ucl_object_toboolean (elt)) {

  3639. 		cbd->need_task = TRUE;

  3640. 	}

  3641. 

  3642. 	full_path = g_string_new ("/plugins/");

  3643. 	rspamd_printf_gstring (full_path, "%s/%s",

  3644. 			plugin_name, path);

  3645. 

  3646. 	rspamd_http_router_add_path (ctx->http,

  3647. 			full_path->str,

  3648. 			rspamd_controller_handle_lua_plugin);

  3649. 	g_hash_table_insert (ctx->plugins, full_path->str, cbd);

  3650. 	g_string_free (full_path, FALSE); /* Do not free data */

  3651. }

  3652. 

  3653. static void

  3654. rspamd_controller_register_plugins_paths (struct rspamd_controller_worker_ctx *ctx)

  3655. {

  3656. 	lua_State *L = ctx->cfg->lua_state;

  3657. 	ucl_object_t *webui_data;

  3658. 	const ucl_object_t *handler_obj, *cur;

  3659. 	ucl_object_iter_t it = NULL;

  3660. 

  3661. 	lua_getglobal (L, "rspamd_plugins");

  3662. 

  3663. 	if (lua_istable (L, -1)) {

  3664. 

  3665. 		for (lua_pushnil (L); lua_next (L, -2); lua_pop (L, 2)) {

  3666. 			lua_pushvalue (L, -2); /* Store key */

  3667. 

  3668. 			lua_pushstring (L, "webui");

  3669. 			lua_gettable (L, -3); /* value is at -3 index */

  3670. 

  3671. 			if (lua_istable (L, -1)) {

  3672. 				webui_data = ucl_object_lua_import_escape (L, -1);

  3673. 

  3674. 				while ((cur = ucl_object_iterate (webui_data, &it, true)) != NULL) {

  3675. 					handler_obj = ucl_object_lookup (cur, "handler");

  3676. 

  3677. 					if (handler_obj && ucl_object_key (cur)) {

  3678. 						rspamd_controller_register_plugin_path (L, ctx,

  3679. 								cur, handler_obj, ucl_object_key (cur),

  3680. 								lua_tostring (L, -2));

  3681. 					}

  3682. 					else {

  3683. 						msg_err_ctx ("bad webui definition for plugin: %s",

  3684. 								lua_tostring (L, -2));

  3685. 					}

  3686. 				}

  3687. 

  3688. 				ucl_object_unref (webui_data);

  3689. 			}

  3690. 

  3691. 			lua_pop (L, 1); /* remove table value */

  3692. 		}

  3693. 	}

  3694. 

  3695. 	lua_pop (L, 1); /* rspamd_plugins global */

  3696. }

  3697. 

  3698. /*

  3699.  * Start worker process

  3700.  */

  3701. void

  3702. start_controller_worker (struct rspamd_worker *worker)

  3703. {

  3704. 	struct rspamd_controller_worker_ctx *ctx = worker->ctx;

  3705. 	struct module_ctx *mctx;

  3706. 	GHashTableIter iter;

  3707. 	gpointer key, value;

  3708. 	guint i;

  3709. 	struct rspamd_keypair_cache *cache;

  3710. 	struct timeval stv;

  3711. 	const guint save_stats_interval = 60 * 1000; /* 1 minute */

  3712. 	gpointer m;

  3713. 

  3714. 	ctx->ev_base = rspamd_prepare_worker (worker,

  3715. 			"controller",

  3716. 			rspamd_controller_accept_socket);

  3717. 	msec_to_tv (ctx->timeout, &ctx->io_tv);

  3718. 

  3719. 	ctx->start_time = time (NULL);

  3720. 	ctx->worker = worker;

  3721. 	ctx->cfg = worker->srv->cfg;

  3722. 	ctx->srv = worker->srv;

  3723. 	ctx->custom_commands = g_hash_table_new (rspamd_strcase_hash,

  3724. 			rspamd_strcase_equal);

  3725. 	ctx->plugins = g_hash_table_new_full (rspamd_strcase_hash,

  3726. 				rspamd_strcase_equal, g_free,

  3727. 				rspamd_plugin_cbdata_dtor);

  3728. 

  3729. 	if (isnan (ctx->task_timeout)) {

  3730. 		if (isnan (ctx->cfg->task_timeout)) {

  3731. 			ctx->task_timeout = 0;

  3732. 		}

  3733. 		else {

  3734. 			ctx->task_timeout = ctx->cfg->task_timeout;

  3735. 		}

  3736. 	}

  3737. 

  3738. 	if (ctx->secure_ip != NULL) {

  3739. 		rspamd_config_radix_from_ucl (ctx->cfg, ctx->secure_ip,

  3740. 				"Allow unauthenticated requests from these addresses",

  3741. 				&ctx->secure_map, NULL);

  3742. 	}

  3743. 

  3744. 	if (ctx->saved_stats_path == NULL) {

  3745. 		/* Assume default path */

  3746. 		ctx->saved_stats_path = rspamd_mempool_strdup (worker->srv->cfg->cfg_pool,

  3747. 				DEFAULT_STATS_PATH);

  3748. 	}

  3749. 

  3750. 	g_ptr_array_add (worker->finish_actions,

  3751. 			(gpointer)rspamd_controller_on_terminate);

  3752. 	rspamd_controller_load_saved_stats (ctx);

  3753. 	ctx->lang_det = ctx->cfg->lang_det;

  3754. 

  3755. 	/* RRD collector */

  3756. 	if (ctx->cfg->rrd_file && worker->index == 0) {

  3757. 		GError *rrd_err = NULL;

  3758. 

  3759. 		ctx->rrd = rspamd_rrd_file_default (ctx->cfg->rrd_file, &rrd_err);

  3760. 

  3761. 		if (ctx->rrd) {

  3762. 			ctx->rrd_event = g_malloc0 (sizeof (*ctx->rrd_event));

  3763. 			evtimer_set (ctx->rrd_event, rspamd_controller_rrd_update, ctx);

  3764. 			event_base_set (ctx->ev_base, ctx->rrd_event);

  3765. 			event_add (ctx->rrd_event, &rrd_update_time);

  3766. 		}

  3767. 		else if (rrd_err) {

  3768. 			msg_err ("cannot load rrd from %s: %e", ctx->cfg->rrd_file,

  3769. 					rrd_err);

  3770. 			g_error_free (rrd_err);

  3771. 		}

  3772. 		else {

  3773. 			msg_err ("cannot load rrd from %s: unknown error", ctx->cfg->rrd_file);

  3774. 		}

  3775. 	}

  3776. 	else {

  3777. 		ctx->rrd = NULL;

  3778. 	}

  3779. 

  3780. 	rspamd_controller_password_sane (ctx, ctx->password, "normal password");

  3781. 	rspamd_controller_password_sane (ctx, ctx->enable_password, "enable "

  3782. 			"password");

  3783. 

  3784. 	/* Accept event */

  3785. 	cache = rspamd_keypair_cache_new (256);

  3786. 	ctx->http = rspamd_http_router_new (rspamd_controller_error_handler,

  3787. 			rspamd_controller_finish_handler, &ctx->io_tv, ctx->ev_base,

  3788. 			ctx->static_files_dir, cache);

  3789. 

  3790. 	/* Add callbacks for different methods */

  3791. 	rspamd_http_router_add_path (ctx->http,

  3792. 			PATH_AUTH,

  3793. 			rspamd_controller_handle_auth);

  3794. 	rspamd_http_router_add_path (ctx->http,

  3795. 			PATH_SYMBOLS,

  3796. 			rspamd_controller_handle_symbols);

  3797. 	rspamd_http_router_add_path (ctx->http,

  3798. 			PATH_ACTIONS,

  3799. 			rspamd_controller_handle_actions);

  3800. 	rspamd_http_router_add_path (ctx->http,

  3801. 			PATH_MAPS,

  3802. 			rspamd_controller_handle_maps);

  3803. 	rspamd_http_router_add_path (ctx->http,

  3804. 			PATH_GET_MAP,

  3805. 			rspamd_controller_handle_get_map);

  3806. 	rspamd_http_router_add_path (ctx->http,

  3807. 			PATH_PIE_CHART,

  3808. 			rspamd_controller_handle_pie_chart);

  3809. 	rspamd_http_router_add_path (ctx->http,

  3810. 			PATH_GRAPH,

  3811. 			rspamd_controller_handle_graph);

  3812. 	rspamd_http_router_add_path (ctx->http,

  3813. 			PATH_HISTORY,

  3814. 			rspamd_controller_handle_history);

  3815. 	rspamd_http_router_add_path (ctx->http,

  3816. 			PATH_HISTORY_RESET,

  3817. 			rspamd_controller_handle_history_reset);

  3818. 	rspamd_http_router_add_path (ctx->http,

  3819. 			PATH_LEARN_SPAM,

  3820. 			rspamd_controller_handle_learnspam);

  3821. 	rspamd_http_router_add_path (ctx->http,

  3822. 			PATH_LEARN_HAM,

  3823. 			rspamd_controller_handle_learnham);

  3824. 	rspamd_http_router_add_path (ctx->http,

  3825. 			PATH_SAVE_ACTIONS,

  3826. 			rspamd_controller_handle_saveactions);

  3827. 	rspamd_http_router_add_path (ctx->http,

  3828. 			PATH_SAVE_SYMBOLS,

  3829. 			rspamd_controller_handle_savesymbols);

  3830. 	rspamd_http_router_add_path (ctx->http,

  3831. 			PATH_SAVE_MAP,

  3832. 			rspamd_controller_handle_savemap);

  3833. 	rspamd_http_router_add_path (ctx->http,

  3834. 			PATH_SCAN,

  3835. 			rspamd_controller_handle_scan);

  3836. 	rspamd_http_router_add_path (ctx->http,

  3837. 			PATH_CHECK,

  3838. 			rspamd_controller_handle_scan);

  3839. 	rspamd_http_router_add_path (ctx->http,

  3840. 			PATH_CHECKV2,

  3841. 			rspamd_controller_handle_scan);

  3842. 	rspamd_http_router_add_path (ctx->http,

  3843. 			PATH_STAT,

  3844. 			rspamd_controller_handle_stat);

  3845. 	rspamd_http_router_add_path (ctx->http,

  3846. 			PATH_STAT_RESET,

  3847. 			rspamd_controller_handle_statreset);

  3848. 	rspamd_http_router_add_path (ctx->http,

  3849. 			PATH_COUNTERS,

  3850. 			rspamd_controller_handle_counters);

  3851. 	rspamd_http_router_add_path (ctx->http,

  3852. 			PATH_ERRORS,

  3853. 			rspamd_controller_handle_errors);

  3854. 	rspamd_http_router_add_path (ctx->http,

  3855. 			PATH_NEIGHBOURS,

  3856. 			rspamd_controller_handle_neighbours);

  3857. 	rspamd_http_router_add_path (ctx->http,

  3858. 			PATH_PLUGINS,

  3859. 			rspamd_controller_handle_plugins);

  3860. 	rspamd_http_router_add_path (ctx->http,

  3861. 			PATH_PING,

  3862. 			rspamd_controller_handle_ping);

  3863. 	rspamd_controller_register_plugins_paths (ctx);

  3864. 

  3865. #if 0

  3866. 	rspamd_regexp_t *lua_re = rspamd_regexp_new ("^/.*/.*\\.lua$", NULL, NULL);

  3867. 	rspamd_http_router_add_regexp (ctx->http, lua_re,

  3868. 			rspamd_controller_handle_lua);

  3869. 	rspamd_regexp_unref (lua_re);

  3870. #endif

  3871. 	luaopen_controller (ctx->cfg->lua_state);

  3872. 

  3873. 	if (ctx->key) {

  3874. 		rspamd_http_router_set_key (ctx->http, ctx->key);

  3875. 	}

  3876. 

  3877. 	PTR_ARRAY_FOREACH (ctx->cfg->c_modules, i, mctx) {

  3878. 		if (mctx->mod->module_attach_controller_func != NULL) {

  3879. 			mctx->mod->module_attach_controller_func (mctx,

  3880. 					ctx->custom_commands);

  3881. 		}

  3882. 	}

  3883. 

  3884. 	g_hash_table_iter_init (&iter, ctx->custom_commands);

  3885. 	while (g_hash_table_iter_next (&iter, &key, &value)) {

  3886. 		rspamd_http_router_add_path (ctx->http,

  3887. 			key,

  3888. 			rspamd_controller_handle_custom);

  3889. 	}

  3890. 

  3891. 	if (worker->srv->cfg->neighbours && worker->srv->cfg->neighbours->len > 0) {

  3892. 		rspamd_http_router_add_header (ctx->http,

  3893. 				"Access-Control-Allow-Origin", "*");

  3894. 	}

  3895. 

  3896. 	rspamd_http_router_set_unknown_handler (ctx->http,

  3897. 			rspamd_controller_handle_unknown);

  3898. 

  3899. 	ctx->resolver = dns_resolver_init (worker->srv->logger,

  3900. 			ctx->ev_base,

  3901. 			worker->srv->cfg);

  3902. 

  3903. 	rspamd_upstreams_library_config (worker->srv->cfg, worker->srv->cfg->ups_ctx,

  3904. 			ctx->ev_base, ctx->resolver->r);

  3905. 	rspamd_symcache_start_refresh (worker->srv->cfg->cache, ctx->ev_base,

  3906. 			worker);

  3907. 	rspamd_stat_init (worker->srv->cfg, ctx->ev_base);

  3908. 

  3909. 	if (worker->index == 0) {

  3910. 		if (!ctx->cfg->disable_monitored) {

  3911. 			rspamd_worker_init_monitored (worker, ctx->ev_base, ctx->resolver);

  3912. 		}

  3913. 

  3914. 		rspamd_map_watch (worker->srv->cfg, ctx->ev_base,

  3915. 				ctx->resolver, worker, TRUE);

  3916. 

  3917. 		/* Schedule periodic stats saving, see #1823 */

  3918. 		event_set (&ctx->save_stats_event, -1, EV_PERSIST,

  3919. 				rspamd_controller_stats_save_periodic,

  3920. 				ctx);

  3921. 		event_base_set (ctx->ev_base, &ctx->save_stats_event);

  3922. 		msec_to_tv (save_stats_interval, &stv);

  3923. 		evtimer_add (&ctx->save_stats_event, &stv);

  3924. 	}

  3925. 	else {

  3926. 		rspamd_map_watch (worker->srv->cfg, ctx->ev_base,

  3927. 				ctx->resolver, worker, FALSE);

  3928. 	}

  3929. 

  3930. 	rspamd_lua_run_postloads (ctx->cfg->lua_state, ctx->cfg, ctx->ev_base, worker);

  3931. 

  3932. 	/* Start event loop */

  3933. 	event_base_loop (ctx->ev_base, 0);

  3934. 	rspamd_worker_block_signals ();

  3935. 

  3936. 	rspamd_stat_close ();

  3937. 	rspamd_http_router_free (ctx->http);

  3938. 

  3939. 	if (ctx->cached_password.len > 0) {

  3940. 		m = (gpointer)ctx->cached_password.begin;

  3941. 		munmap (m, ctx->cached_password.len);

  3942. 	}

  3943. 

  3944. 	if (ctx->cached_enable_password.len > 0) {

  3945. 		m = (gpointer) ctx->cached_enable_password.begin;

  3946. 		munmap (m, ctx->cached_enable_password.len);

  3947. 	}

  3948. 

  3949. 	g_hash_table_unref (ctx->plugins);

  3950. 	g_hash_table_unref (ctx->custom_commands);

  3951. 	REF_RELEASE (ctx->cfg);

  3952. 	rspamd_log_close (worker->srv->logger, TRUE);

  3953. 

  3954. 	exit (EXIT_SUCCESS);

  3955. }