1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240 |
- /*-
- * Copyright 2016 Vsevolod Stakhov
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- #include "config.h"
- #include "libserver/dynamic_cfg.h"
- #include "libserver/cfg_file_private.h"
- #include "libutil/rrd.h"
- #include "libserver/maps/map.h"
- #include "libserver/maps/map_helpers.h"
- #include "libserver/maps/map_private.h"
- #include "libserver/http/http_private.h"
- #include "libserver/http/http_router.h"
- #include "libstat/stat_api.h"
- #include "rspamd.h"
- #include "libserver/worker_util.h"
- #include "worker_private.h"
- #include "lua/lua_common.h"
- #include "cryptobox.h"
- #include "ottery.h"
- #include "fuzzy_wire.h"
- #include "unix-std.h"
- #include "utlist.h"
- #include "libmime/lang_detection.h"
- #include <math.h>
-
- /* 60 seconds for worker's IO */
- #define DEFAULT_WORKER_IO_TIMEOUT 60000
-
- /* HTTP paths */
- #define PATH_AUTH "/auth"
- #define PATH_SYMBOLS "/symbols"
- #define PATH_ACTIONS "/actions"
- #define PATH_MAPS "/maps"
- #define PATH_GET_MAP "/getmap"
- #define PATH_GRAPH "/graph"
- #define PATH_PIE_CHART "/pie"
- #define PATH_HEALTHY "/healthy"
- #define PATH_HISTORY "/history"
- #define PATH_HISTORY_RESET "/historyreset"
- #define PATH_LEARN_SPAM "/learnspam"
- #define PATH_LEARN_HAM "/learnham"
- #define PATH_METRICS "/metrics"
- #define PATH_READY "/ready"
- #define PATH_SAVE_ACTIONS "/saveactions"
- #define PATH_SAVE_SYMBOLS "/savesymbols"
- #define PATH_SAVE_MAP "/savemap"
- #define PATH_SCAN "/scan"
- #define PATH_CHECK "/check"
- #define PATH_CHECKV2 "/checkv2"
- #define PATH_STAT "/stat"
- #define PATH_STAT_RESET "/statreset"
- #define PATH_COUNTERS "/counters"
- #define PATH_ERRORS "/errors"
- #define PATH_NEIGHBOURS "/neighbours"
- #define PATH_PLUGINS "/plugins"
- #define PATH_PING "/ping"
-
- #define msg_err_session(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \
- session->pool->tag.tagname, session->pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
- #define msg_warn_session(...) rspamd_default_log_function (G_LOG_LEVEL_WARNING, \
- session->pool->tag.tagname, session->pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
- #define msg_info_session(...) rspamd_default_log_function (G_LOG_LEVEL_INFO, \
- session->pool->tag.tagname, session->pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
- #define msg_err_ctx(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \
- "controller", ctx->cfg->cfg_pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
- #define msg_warn_ctx(...) rspamd_default_log_function (G_LOG_LEVEL_WARNING, \
- "controller", ctx->cfg->cfg_pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
- #define msg_info_ctx(...) rspamd_default_log_function (G_LOG_LEVEL_INFO, \
- "controller", ctx->cfg->cfg_pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
-
- #define msg_debug_session(...) rspamd_conditional_debug_fast (NULL, session->from_addr, \
- rspamd_controller_log_id, "controller", session->pool->tag.uid, \
- G_STRFUNC, \
- __VA_ARGS__)
-
- INIT_LOG_MODULE(controller)
-
- /* Graph colors */
- #define COLOR_CLEAN "#58A458"
- #define COLOR_PROBABLE_SPAM "#D67E7E"
- #define COLOR_GREYLIST "#A0A0A0"
- #define COLOR_REJECT "#CB4B4B"
- #define COLOR_TOTAL "#9440ED"
-
- static const guint64 rspamd_controller_ctx_magic = 0xf72697805e6941faULL;
-
- extern void fuzzy_stat_command (struct rspamd_task *task);
-
- gpointer init_controller_worker (struct rspamd_config *cfg);
- void start_controller_worker (struct rspamd_worker *worker);
-
- worker_t controller_worker = {
- "controller", /* Name */
- init_controller_worker, /* Init function */
- start_controller_worker, /* Start function */
- RSPAMD_WORKER_HAS_SOCKET | RSPAMD_WORKER_KILLABLE |
- RSPAMD_WORKER_SCANNER | RSPAMD_WORKER_CONTROLLER,
- RSPAMD_WORKER_SOCKET_TCP, /* TCP socket */
- RSPAMD_WORKER_VER /* Version info */
- };
- /*
- * Worker's context
- */
- struct rspamd_controller_worker_ctx {
- guint64 magic;
- /* Events base */
- struct ev_loop *event_loop;
- /* DNS resolver */
- struct rspamd_dns_resolver *resolver;
- /* Config */
- struct rspamd_config *cfg;
- /* END OF COMMON PART */
- ev_tstamp timeout;
- /* Whether we use ssl for this server */
- gboolean use_ssl;
- /* Webui password */
- gchar *password;
- /* Privilleged password */
- gchar *enable_password;
- /* Cached versions of the passwords */
- rspamd_ftok_t cached_password;
- rspamd_ftok_t cached_enable_password;
- /* HTTP server */
- struct rspamd_http_context *http_ctx;
- struct rspamd_http_connection_router *http;
- /* Server's start time */
- ev_tstamp start_time;
- /* Main server */
- struct rspamd_main *srv;
- /* SSL cert */
- gchar *ssl_cert;
- /* SSL private key */
- gchar *ssl_key;
- /* A map of secure IP */
- const ucl_object_t *secure_ip;
- struct rspamd_radix_map_helper *secure_map;
-
- /* Static files dir */
- gchar *static_files_dir;
-
- /* Custom commands registered by plugins */
- GHashTable *custom_commands;
-
- /* Plugins registered from lua */
- GHashTable *plugins;
-
- /* Worker */
- struct rspamd_worker *worker;
-
- /* Local keypair */
- gpointer key;
-
- struct rspamd_rrd_file *rrd;
- struct rspamd_lang_detector *lang_det;
- gdouble task_timeout;
-
- /* Health check stuff */
- guint workers_count;
- guint scanners_count;
- guint workers_hb_lost;
- ev_timer health_check_timer;
- };
-
- struct rspamd_controller_plugin_cbdata {
- lua_State *L;
- struct rspamd_controller_worker_ctx *ctx;
- gchar *plugin;
- struct ucl_lua_funcdata *handler;
- ucl_object_t *obj;
- gboolean is_enable;
- gboolean need_task;
- guint version;
- };
-
- static gboolean
- rspamd_is_encrypted_password (const gchar *password,
- struct rspamd_controller_pbkdf const **pbkdf)
- {
- const gchar *start, *end;
- gint64 id;
- gsize size, i;
- gboolean ret = FALSE;
- const struct rspamd_controller_pbkdf *p;
-
- if (password[0] == '$') {
- /* Parse id */
- start = password + 1;
- end = start;
- size = 0;
-
- while (*end != '\0' && g_ascii_isdigit (*end)) {
- size++;
- end++;
- }
-
- if (size > 0) {
- gchar *endptr;
- id = strtoul (start, &endptr, 10);
-
- if ((endptr == NULL || *endptr == *end)) {
- for (i = 0; i < RSPAMD_PBKDF_ID_MAX - 1; i ++) {
- p = &pbkdf_list[i];
-
- if (p->id == id) {
- ret = TRUE;
- if (pbkdf != NULL) {
- *pbkdf = &pbkdf_list[i];
- }
-
- break;
- }
- }
- }
- }
- }
-
- return ret;
- }
-
- static const gchar *
- rspamd_encrypted_password_get_str (const gchar * password, gsize skip,
- gsize * length)
- {
- const gchar *str, *start, *end;
- gsize size;
-
- start = password + skip;
- end = start;
- size = 0;
-
- while (*end != '\0' && g_ascii_isalnum (*end)) {
- size++;
- end++;
- }
-
- if (size) {
- str = start;
- *length = size;
- }
- else {
- str = NULL;
- }
-
- return str;
- }
-
- static gboolean
- rspamd_check_encrypted_password (struct rspamd_controller_worker_ctx *ctx,
- const rspamd_ftok_t * password, const gchar * check,
- const struct rspamd_controller_pbkdf *pbkdf,
- gboolean is_enable)
- {
- const gchar *salt, *hash;
- gchar *salt_decoded, *key_decoded;
- gsize salt_len = 0, key_len = 0;
- gboolean ret = TRUE;
- guchar *local_key;
- rspamd_ftok_t *cache;
- gpointer m;
-
- /* First of all check cached versions to save resources */
- if (is_enable && ctx->cached_enable_password.len != 0) {
- if (password->len != ctx->cached_enable_password.len ||
- !rspamd_constant_memcmp (password->begin,
- ctx->cached_enable_password.begin, password->len)) {
- msg_info_ctx ("incorrect or absent enable password has been specified");
- return FALSE;
- }
-
- return TRUE;
- }
- else if (!is_enable && ctx->cached_password.len != 0) {
- if (password->len != ctx->cached_password.len ||
- !rspamd_constant_memcmp (password->begin,
- ctx->cached_password.begin, password->len)) {
- /* We still need to check enable password here */
- if (ctx->cached_enable_password.len != 0) {
- if (password->len != ctx->cached_enable_password.len ||
- !rspamd_constant_memcmp (password->begin,
- ctx->cached_enable_password.begin,
- password->len)) {
- msg_info_ctx (
- "incorrect or absent password has been specified");
-
- return FALSE;
- }
- else {
- /* Cached matched */
- return TRUE;
- }
- }
- else {
- /* We might want to check uncached version */
- goto check_uncached;
- }
- }
- else {
- /* Cached matched */
- return TRUE;
- }
- }
-
- check_uncached:
- g_assert (pbkdf != NULL);
- /* get salt */
- salt = rspamd_encrypted_password_get_str (check, 3, &salt_len);
- /* get hash */
- hash = rspamd_encrypted_password_get_str (check, 3 + salt_len + 1,
- &key_len);
- if (salt != NULL && hash != NULL) {
-
- /* decode salt */
- salt_decoded = rspamd_decode_base32 (salt, salt_len, &salt_len, RSPAMD_BASE32_DEFAULT);
-
- if (salt_decoded == NULL || salt_len != pbkdf->salt_len) {
- /* We have some unknown salt here */
- msg_info_ctx ("incorrect salt: %z, while %z expected",
- salt_len, pbkdf->salt_len);
- g_free (salt_decoded);
-
- return FALSE;
- }
-
- key_decoded = rspamd_decode_base32 (hash, key_len, &key_len, RSPAMD_BASE32_DEFAULT);
-
- if (key_decoded == NULL || key_len != pbkdf->key_len) {
- /* We have some unknown salt here */
- msg_info_ctx ("incorrect key: %z, while %z expected",
- key_len, pbkdf->key_len);
- g_free (salt_decoded);
- g_free (key_decoded); /* valid even if key_decoded == NULL */
-
- return FALSE;
- }
-
- local_key = g_alloca (pbkdf->key_len);
- rspamd_cryptobox_pbkdf (password->begin, password->len,
- salt_decoded, salt_len,
- local_key, pbkdf->key_len, pbkdf->complexity,
- pbkdf->type);
-
- if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {
- msg_info_ctx ("incorrect or absent password has been specified");
- ret = FALSE;
- }
-
- g_free (salt_decoded);
- g_free (key_decoded);
- }
-
- if (ret) {
- /* Save cached version */
- cache = is_enable ? &ctx->cached_enable_password : &ctx->cached_password;
-
- if (cache->len == 0) {
- /* Mmap region */
- #ifdef MAP_NOCORE
- m = mmap (NULL, password->len, PROT_WRITE,
- MAP_PRIVATE | MAP_ANON | MAP_NOCORE, -1, 0);
- #else
- m = mmap (NULL, password->len, PROT_WRITE,
- MAP_PRIVATE | MAP_ANON, -1, 0);
- #endif
- if (m != MAP_FAILED) {
- memcpy (m, password->begin, password->len);
- (void)mprotect (m, password->len, PROT_READ);
- (void)mlock (m, password->len);
- cache->begin = m;
- cache->len = password->len;
- }
- else {
- msg_err_ctx ("cannot store cached password, mmap failed: %s",
- strerror (errno));
- }
- }
- }
-
- return ret;
- }
-
- /**
- * Checks for X-Forwarded-For header and update client's address if needed
- *
- * This function is intended to be called for a trusted client to ensure that
- * a request is not proxied through it
- * @return 0 if no forwarded found, 1 if forwarded found and it is yet trusted
- * and -1 if forwarded is denied
- */
- static gint
- rspamd_controller_check_forwarded (struct rspamd_controller_session *session,
- struct rspamd_http_message *msg,
- struct rspamd_controller_worker_ctx *ctx)
- {
- const rspamd_ftok_t *hdr;
- const gchar *comma;
- const char *hdr_name = "X-Forwarded-For", *alt_hdr_name = "X-Real-IP";
- char ip_buf[INET6_ADDRSTRLEN + 1];
- rspamd_inet_addr_t *addr = NULL;
- gint ret = 0;
-
- hdr = rspamd_http_message_find_header (msg, hdr_name);
-
- if (hdr) {
- /*
- * We need to parse and update the header
- * X-Forwarded-For: client, proxy1, proxy2
- */
- comma = rspamd_memrchr (hdr->begin, ',', hdr->len);
- if (comma != NULL) {
- while (comma < hdr->begin + hdr->len &&
- (*comma == ',' || g_ascii_isspace (*comma))) {
- comma ++;
- }
- }
- else {
- comma = hdr->begin;
- }
- if (rspamd_parse_inet_address (&addr, comma,
- (hdr->begin + hdr->len) - comma,
- RSPAMD_INET_ADDRESS_PARSE_NO_UNIX)) {
- /* We have addr now, so check if it is still trusted */
- if (ctx->secure_map &&
- rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {
- /* rspamd_inet_address_to_string is not reentrant */
- rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),
- sizeof (ip_buf));
- msg_info_session ("allow unauthorized proxied connection "
- "from a trusted IP %s via %s",
- ip_buf,
- rspamd_inet_address_to_string (session->from_addr));
- ret = 1;
- }
- else {
- ret = -1;
- }
-
- rspamd_inet_address_free (addr);
- }
- else {
- msg_warn_session ("cannot parse forwarded IP: %T", hdr);
- ret = -1;
- }
- }
- else {
- /* Try also X-Real-IP */
- hdr = rspamd_http_message_find_header (msg, alt_hdr_name);
-
- if (hdr) {
- if (rspamd_parse_inet_address (&addr, hdr->begin, hdr->len,
- RSPAMD_INET_ADDRESS_PARSE_NO_UNIX)) {
- /* We have addr now, so check if it is still trusted */
- if (ctx->secure_map &&
- rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {
- /* rspamd_inet_address_to_string is not reentrant */
- rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),
- sizeof (ip_buf));
- msg_info_session ("allow unauthorized proxied connection "
- "from a trusted IP %s via %s",
- ip_buf,
- rspamd_inet_address_to_string (session->from_addr));
- ret = 1;
- }
- else {
- ret = -1;
- }
-
- rspamd_inet_address_free (addr);
- }
- else {
- msg_warn_session ("cannot parse real IP: %T", hdr);
- ret = -1;
- }
- }
- }
-
- return ret;
- }
-
- /* Check for password if it is required by configuration */
- static gboolean
- rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
- struct rspamd_controller_session *session,
- struct rspamd_http_message *msg, gboolean is_enable)
- {
- const gchar *check;
- const rspamd_ftok_t *password;
- rspamd_ftok_t lookup;
- GHashTable *query_args = NULL;
- struct rspamd_controller_worker_ctx *ctx = session->ctx;
- gboolean check_normal = TRUE, check_enable = TRUE, ret = TRUE,
- use_enable = FALSE;
- const struct rspamd_controller_pbkdf *pbkdf = NULL;
-
- /* Access list logic */
- if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {
- ret = rspamd_controller_check_forwarded (session, msg, ctx);
-
- if (ret == 1) {
- session->is_enable = TRUE;
-
- return TRUE;
- }
- else if (ret == 0) {
- /* No forwarded found */
- msg_info_session ("allow unauthorized connection from a unix socket");
- session->is_enable = TRUE;
-
- return TRUE;
- }
- }
- else if (ctx->secure_map
- && rspamd_match_radix_map_addr (ctx->secure_map, session->from_addr)
- != NULL) {
- ret = rspamd_controller_check_forwarded (session, msg, ctx);
-
- if (ret == 1) {
- session->is_enable = TRUE;
-
- return TRUE;
- }
- else if (ret == 0) {
- /* No forwarded found */
- msg_info_session ("allow unauthorized connection from a trusted IP %s",
- rspamd_inet_address_to_string (session->from_addr));
- session->is_enable = TRUE;
-
- return TRUE;
- }
- }
-
- /* Password logic */
- password = rspamd_http_message_find_header (msg, "Password");
-
- if (password == NULL) {
- /* Try to get password from query args */
- query_args = rspamd_http_message_parse_query (msg);
-
- lookup.begin = (gchar *)"password";
- lookup.len = sizeof ("password") - 1;
-
- password = g_hash_table_lookup (query_args, &lookup);
- }
-
- if (password == NULL) {
- if (ctx->secure_map == NULL) {
- if (ctx->password == NULL && !is_enable) {
- return TRUE;
- }
- else if (is_enable && (ctx->password == NULL &&
- ctx->enable_password == NULL)) {
- session->is_enable = TRUE;
- return TRUE;
- }
- }
-
- msg_info_session ("absent password has been specified; source ip: %s",
- rspamd_inet_address_to_string_pretty (session->from_addr));
- ret = FALSE;
- }
- else {
- if (rspamd_ftok_cstr_equal (password, "q1", FALSE) ||
- rspamd_ftok_cstr_equal (password, "q2", FALSE)) {
- msg_info_session ("deny default password for remote access; source ip: %s",
- rspamd_inet_address_to_string_pretty (session->from_addr));
- ret = FALSE;
- goto end;
- }
-
- if (is_enable) {
- /* For privileged commands we strictly require enable password */
- if (ctx->enable_password != NULL) {
- check = ctx->enable_password;
- use_enable = TRUE;
- }
- else {
- /* Use just a password (legacy mode) */
- msg_info(
- "using password as enable_password for a privileged command");
- check = ctx->password;
- }
-
- if (check != NULL) {
- if (!rspamd_is_encrypted_password (check, &pbkdf)) {
- ret = FALSE;
-
- if (strlen (check) == password->len) {
- ret = rspamd_constant_memcmp (password->begin, check,
- password->len);
- }
- }
- else {
- ret = rspamd_check_encrypted_password (ctx, password, check,
- pbkdf, use_enable);
- }
- }
- else {
- msg_warn_session (
- "no password to check while executing a privileged command; source ip: %s",
- rspamd_inet_address_to_string_pretty (session->from_addr));
- ret = FALSE;
- }
-
- if (ret) {
- session->is_enable = TRUE;
- }
- }
- else {
- /* Accept both normal and enable passwords */
- if (ctx->password != NULL) {
- check = ctx->password;
-
- if (!rspamd_is_encrypted_password (check, &pbkdf)) {
- check_normal = FALSE;
-
- if (strlen (check) == password->len) {
- check_normal = rspamd_constant_memcmp (password->begin,
- check,
- password->len);
- }
- }
- else {
- check_normal = rspamd_check_encrypted_password (ctx,
- password,
- check, pbkdf, FALSE);
- }
-
- }
- else {
- check_normal = FALSE;
- }
-
- if (ctx->enable_password != NULL) {
- check = ctx->enable_password;
-
- if (!rspamd_is_encrypted_password (check, &pbkdf)) {
- check_enable = FALSE;
-
- if (strlen (check) == password->len) {
- check_enable = rspamd_constant_memcmp (password->begin,
- check,
- password->len);
- }
- }
- else {
- check_enable = rspamd_check_encrypted_password (ctx,
- password,
- check, pbkdf, TRUE);
- }
-
- if (check_enable) {
- session->is_enable = TRUE;
- }
- }
- else {
- check_enable = FALSE;
-
- if (check_normal) {
- /*
- * If no enable password is specified use normal password as
- * enable password
- */
- session->is_enable = TRUE;
- }
- }
- }
- }
-
- if (check_normal == FALSE && check_enable == FALSE) {
- msg_info ("absent or incorrect password has been specified; source ip: %s",
- rspamd_inet_address_to_string_pretty (session->from_addr));
- ret = FALSE;
- }
-
- end:
- if (query_args != NULL) {
- g_hash_table_unref (query_args);
- }
-
- if (!ret) {
- rspamd_controller_send_error (entry, 403, "Unauthorized");
- }
-
- return ret;
- }
-
- /* Command handlers */
-
- /*
- * Auth command handler:
- * request: /auth
- * headers: Password
- * reply: json {"auth": "ok", "version": "0.5.2", "uptime": "some uptime", "error": "none"}
- */
- static int
- rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_stat *st;
- int64_t uptime;
- gulong data[5];
- ucl_object_t *obj;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- obj = ucl_object_typed_new (UCL_OBJECT);
- st = session->ctx->srv->stat;
- data[0] = st->actions_stat[METRIC_ACTION_NOACTION];
- data[1] = st->actions_stat[METRIC_ACTION_ADD_HEADER] +
- st->actions_stat[METRIC_ACTION_REWRITE_SUBJECT];
- data[2] = st->actions_stat[METRIC_ACTION_GREYLIST];
- data[3] = st->actions_stat[METRIC_ACTION_REJECT];
- data[4] = st->actions_stat[METRIC_ACTION_SOFT_REJECT];
-
- /* Get uptime */
- uptime = ev_time () - session->ctx->start_time;
-
- ucl_object_insert_key (obj, ucl_object_fromstring (
- RVERSION), "version", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromstring (
- "ok"), "auth", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- uptime), "uptime", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- data[0]), "clean", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- data[1]), "probable", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- data[2]), "greylist", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- data[3]), "reject", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- data[4]), "soft_reject", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- st->messages_scanned), "scanned", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- st->messages_learned), "learned", 0, false);
- ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable),
- "read_only", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum),
- "config_id", 0, false);
-
- rspamd_controller_send_ucl (conn_ent, obj);
- ucl_object_unref (obj);
-
- return 0;
- }
-
- /*
- * Symbols command handler:
- * request: /symbols
- * reply: json [{
- * "name": "group_name",
- * "symbols": [
- * {
- * "name": "name",
- * "weight": 0.1,
- * "description": "description of symbol"
- * },
- * {...}
- * },
- * {...}]
- */
- static int
- rspamd_controller_handle_symbols (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- GHashTableIter it, sit;
- struct rspamd_symbols_group *gr;
- struct rspamd_symbol *sym;
- ucl_object_t *obj, *top, *sym_obj, *group_symbols;
- gpointer k, v;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- top = ucl_object_typed_new (UCL_ARRAY);
-
- /* Go through all symbols groups in the default metric */
- g_hash_table_iter_init (&it, session->cfg->groups);
-
- while (g_hash_table_iter_next (&it, &k, &v)) {
- gr = v;
- obj = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (obj, ucl_object_fromstring (
- gr->name), "group", 0, false);
- /* Iterate through all symbols */
-
- g_hash_table_iter_init (&sit, gr->symbols);
- group_symbols = ucl_object_typed_new (UCL_ARRAY);
-
- while (g_hash_table_iter_next (&sit, &k, &v)) {
- gdouble tm = 0.0, freq = 0, freq_dev = 0;
-
- sym = v;
- sym_obj = ucl_object_typed_new (UCL_OBJECT);
-
- ucl_object_insert_key (sym_obj, ucl_object_fromstring (sym->name),
- "symbol", 0, false);
- ucl_object_insert_key (sym_obj,
- ucl_object_fromdouble (*sym->weight_ptr),
- "weight", 0, false);
- if (sym->description) {
- ucl_object_insert_key (sym_obj,
- ucl_object_fromstring (sym->description),
- "description", 0, false);
- }
-
- if (rspamd_symcache_stat_symbol (session->ctx->cfg->cache,
- sym->name, &freq, &freq_dev, &tm, NULL)) {
- ucl_object_insert_key (sym_obj,
- ucl_object_fromdouble (freq),
- "frequency", 0, false);
- ucl_object_insert_key (sym_obj,
- ucl_object_fromdouble (freq_dev),
- "frequency_stddev", 0, false);
- ucl_object_insert_key (sym_obj,
- ucl_object_fromdouble (tm),
- "time", 0, false);
- }
-
- ucl_array_append (group_symbols, sym_obj);
- }
-
- ucl_object_insert_key (obj, group_symbols, "rules", 0, false);
- ucl_array_append (top, obj);
- }
-
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
-
- return 0;
- }
-
- /*
- * Actions command handler:
- * request: /actions
- * reply: json [{
- * "action": "no action",
- * "value": 1.1
- * },
- * {...}]
- */
- static int
- rspamd_controller_handle_actions (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_action *act, *tmp;
- ucl_object_t *obj, *top;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- top = ucl_object_typed_new (UCL_ARRAY);
-
- HASH_ITER (hh, session->cfg->actions, act, tmp) {
- obj = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (obj,
- ucl_object_fromstring (act->name),
- "action", 0, false);
- ucl_object_insert_key (obj,
- ucl_object_fromdouble (act->threshold),
- "value", 0, false);
- ucl_array_append (top, obj);
- }
-
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
-
- return 0;
- }
-
- static gboolean
- rspamd_controller_can_edit_map (struct rspamd_map_backend *bk)
- {
- gchar *fpath;
-
- if (access (bk->uri, W_OK) == 0) {
- return TRUE;
- }
- else if (access (bk->uri, R_OK) == -1 && errno == ENOENT) {
- fpath = g_path_get_dirname (bk->uri);
-
- if (fpath) {
- if (access (fpath, W_OK) == 0) {
- g_free (fpath);
-
- return TRUE;
- }
-
- g_free (fpath);
- }
- }
-
- return FALSE;
- }
-
- /*
- * Maps command handler:
- * request: /maps
- * headers: Password
- * reply: json [
- * {
- * "map": "name",
- * "description": "description",
- * "editable": true
- * },
- * {...}
- * ]
- */
- static int
- rspamd_controller_handle_maps (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- GList *cur;
- struct rspamd_map *map;
- struct rspamd_map_backend *bk;
- guint i;
- gboolean editable;
- ucl_object_t *obj, *top;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- top = ucl_object_typed_new (UCL_ARRAY);
-
- /* Iterate over all maps */
- cur = session->ctx->cfg->maps;
- while (cur) {
- map = cur->data;
-
- PTR_ARRAY_FOREACH (map->backends, i, bk) {
-
- if (bk->protocol == MAP_PROTO_FILE) {
- editable = rspamd_controller_can_edit_map (bk);
-
- if (!editable && access (bk->uri, R_OK) == -1) {
- /* Skip unreadable and non-existing maps */
- continue;
- }
-
- obj = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (obj, ucl_object_fromint (bk->id),
- "map", 0, false);
- if (map->description) {
- ucl_object_insert_key (obj, ucl_object_fromstring (map->description),
- "description", 0, false);
- }
- ucl_object_insert_key (obj, ucl_object_fromstring (bk->uri),
- "uri", 0, false);
- ucl_object_insert_key (obj, ucl_object_frombool (editable),
- "editable", 0, false);
- ucl_array_append (top, obj);
- }
- }
- cur = g_list_next (cur);
- }
-
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
-
- return 0;
- }
-
- /*
- * Get map command handler:
- * request: /getmap
- * headers: Password, Map
- * reply: plain-text
- */
- static int
- rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- GList *cur;
- struct rspamd_map *map;
- struct rspamd_map_backend *bk = NULL;
- const rspamd_ftok_t *idstr;
- struct stat st;
- gint fd;
- gulong id, i;
- gboolean found = FALSE;
- struct rspamd_http_message *reply;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- idstr = rspamd_http_message_find_header (msg, "Map");
-
- if (idstr == NULL) {
- msg_info_session ("absent map id");
- rspamd_controller_send_error (conn_ent, 400, "Id header missing");
- return 0;
- }
-
- if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {
- msg_info_session ("invalid map id");
- rspamd_controller_send_error (conn_ent, 400, "Invalid map id");
- return 0;
- }
-
- /* Now let's be sure that we have map defined in configuration */
- cur = session->ctx->cfg->maps;
- while (cur && !found) {
- map = cur->data;
-
- PTR_ARRAY_FOREACH (map->backends, i, bk) {
- if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {
- found = TRUE;
- break;
- }
- }
-
- cur = g_list_next (cur);
- }
-
- if (!found || bk == NULL) {
- msg_info_session ("map not found");
- rspamd_controller_send_error (conn_ent, 404, "Map not found");
- return 0;
- }
-
- if (stat (bk->uri, &st) == -1 || (fd = open (bk->uri, O_RDONLY)) == -1) {
- reply = rspamd_http_new_message (HTTP_RESPONSE);
- reply->date = time (NULL);
- reply->code = 200;
- }
- else {
-
- reply = rspamd_http_new_message (HTTP_RESPONSE);
- reply->date = time (NULL);
- reply->code = 200;
-
- if (st.st_size > 0) {
- if (!rspamd_http_message_set_body_from_fd (reply, fd)) {
- close (fd);
- rspamd_http_message_unref (reply);
- msg_err_session ("cannot read map %s: %s", bk->uri, strerror (errno));
- rspamd_controller_send_error (conn_ent, 500, "Map read error");
- return 0;
- }
- }
- else {
- rspamd_fstring_t *empty_body = rspamd_fstring_new_init ("", 0);
- rspamd_http_message_set_body_from_fstring_steal (reply, empty_body);
- }
-
- close (fd);
- }
-
- rspamd_http_connection_reset (conn_ent->conn);
- rspamd_http_router_insert_headers (conn_ent->rt, reply);
- rspamd_http_connection_write_message (conn_ent->conn, reply, NULL,
- "text/plain", conn_ent,
- conn_ent->rt->timeout);
- conn_ent->is_reply = TRUE;
-
- return 0;
- }
-
- static ucl_object_t *
- rspamd_controller_pie_element (enum rspamd_action_type action,
- const char *label, gdouble data)
- {
- ucl_object_t *res = ucl_object_typed_new (UCL_OBJECT);
- const char *colors[METRIC_ACTION_MAX] = {
- [METRIC_ACTION_REJECT] = "#FF0000",
- [METRIC_ACTION_SOFT_REJECT] = "#cc9966",
- [METRIC_ACTION_REWRITE_SUBJECT] = "#ff6600",
- [METRIC_ACTION_ADD_HEADER] = "#FFD700",
- [METRIC_ACTION_GREYLIST] = "#436EEE",
- [METRIC_ACTION_NOACTION] = "#66cc00"
- };
-
- ucl_object_insert_key (res, ucl_object_fromstring (colors[action]),
- "color", 0, false);
- ucl_object_insert_key (res, ucl_object_fromstring (label), "label", 0, false);
- ucl_object_insert_key (res, ucl_object_fromdouble (data), "data", 0, false);
- ucl_object_insert_key (res, ucl_object_fromdouble (data), "value", 0, false);
-
- return res;
- }
-
- /*
- * Pie chart command handler:
- * request: /pie
- * headers: Password
- * reply: json [
- * { label: "Foo", data: 11 },
- * { label: "Bar", data: 20 },
- * {...}
- * ]
- */
- static int
- rspamd_controller_handle_pie_chart (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- gdouble data[5], total;
- ucl_object_t *top;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- top = ucl_object_typed_new (UCL_ARRAY);
- total = ctx->srv->stat->messages_scanned;
- if (total != 0) {
-
- data[0] = ctx->srv->stat->actions_stat[METRIC_ACTION_NOACTION];
- data[1] = ctx->srv->stat->actions_stat[METRIC_ACTION_SOFT_REJECT];
- data[2] = (ctx->srv->stat->actions_stat[METRIC_ACTION_ADD_HEADER] +
- ctx->srv->stat->actions_stat[METRIC_ACTION_REWRITE_SUBJECT]);
- data[3] = ctx->srv->stat->actions_stat[METRIC_ACTION_GREYLIST];
- data[4] = ctx->srv->stat->actions_stat[METRIC_ACTION_REJECT];
- }
- else {
- memset (data, 0, sizeof (data));
- }
- ucl_array_append (top, rspamd_controller_pie_element (
- METRIC_ACTION_NOACTION, "Clean", data[0]));
- ucl_array_append (top, rspamd_controller_pie_element (
- METRIC_ACTION_SOFT_REJECT, "Temporarily rejected", data[1]));
- ucl_array_append (top, rspamd_controller_pie_element (
- METRIC_ACTION_ADD_HEADER, "Probable spam", data[2]));
- ucl_array_append (top, rspamd_controller_pie_element (
- METRIC_ACTION_GREYLIST, "Greylisted", data[3]));
- ucl_array_append (top, rspamd_controller_pie_element (
- METRIC_ACTION_REJECT, "Rejected", data[4]));
-
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
-
- return 0;
- }
-
- void
- rspamd_controller_graph_point (gulong t, gulong step,
- struct rspamd_rrd_query_result* rrd_result,
- gdouble *acc,
- ucl_object_t **elt)
- {
- guint nan_cnt;
- gdouble sum = 0.0, yval;
- ucl_object_t* data_elt;
- guint i, j;
-
- for (i = 0; i < rrd_result->ds_count; i++) {
- sum = 0.0;
- nan_cnt = 0;
- data_elt = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (data_elt, ucl_object_fromint (t), "x", 1, false);
-
- for (j = 0; j < step; j++) {
- yval = acc[i + j * rrd_result->ds_count];
- if (!isfinite (yval)) {
- nan_cnt++;
- }
- else {
- sum += yval;
- }
- }
- if (nan_cnt == step) {
- ucl_object_insert_key (data_elt, ucl_object_typed_new (UCL_NULL),
- "y", 1, false);
- }
- else {
- ucl_object_insert_key (data_elt,
- ucl_object_fromdouble (sum / (gdouble) step), "y", 1,
- false);
- }
- ucl_array_append (elt[i], data_elt);
- }
- }
-
- /*
- * Graph command handler:
- * request: /graph?type=<day|week|month|year>
- * headers: Password
- * reply: json [
- * { label: "Foo", data: 11 },
- * { label: "Bar", data: 20 },
- * {...}
- * ]
- */
- static int
- rspamd_controller_handle_graph (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- GHashTable *query;
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- rspamd_ftok_t srch, *value;
- struct rspamd_rrd_query_result *rrd_result;
- gulong i, k, start_row, cnt, t, ts, step;
- gdouble *acc;
- ucl_object_t *res, *elt[METRIC_ACTION_MAX];
- enum {
- rra_day = 0,
- rra_week,
- rra_month,
- rra_year,
- rra_invalid
- } rra_num = rra_invalid;
- /* How many points are we going to send to display */
- static const guint desired_points = 500;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- if (ctx->rrd == NULL) {
- msg_err_session ("no rrd configured");
- rspamd_controller_send_error (conn_ent, 404, "No rrd configured for graphs");
-
- return 0;
- }
-
- query = rspamd_http_message_parse_query (msg);
- srch.begin = (gchar *)"type";
- srch.len = 4;
-
- if (query == NULL || (value = g_hash_table_lookup (query, &srch)) == NULL) {
- msg_err_session ("absent graph type query");
- rspamd_controller_send_error (conn_ent, 400, "Absent graph type");
-
- if (query) {
- g_hash_table_unref (query);
- }
-
- return 0;
- }
-
- if (value->len == 3 && rspamd_lc_cmp (value->begin, "day", value->len) == 0) {
- rra_num = rra_day;
- }
- else if (value->len == 4 && rspamd_lc_cmp (value->begin, "week", value->len) == 0) {
- rra_num = rra_week;
- }
- else if (value->len == 5 && rspamd_lc_cmp (value->begin, "month", value->len) == 0) {
- rra_num = rra_month;
- }
- else if (value->len == 4 && rspamd_lc_cmp (value->begin, "year", value->len) == 0) {
- rra_num = rra_year;
- }
-
- g_hash_table_unref (query);
-
- if (rra_num == rra_invalid) {
- msg_err_session ("invalid graph type query");
- rspamd_controller_send_error (conn_ent, 400, "Invalid graph type");
-
- return 0;
- }
-
- rrd_result = rspamd_rrd_query (ctx->rrd, rra_num);
-
- if (rrd_result == NULL) {
- msg_err_session ("cannot query rrd");
- rspamd_controller_send_error (conn_ent, 500, "Cannot query rrd");
-
- return 0;
- }
-
- g_assert (rrd_result->ds_count == G_N_ELEMENTS (elt));
-
- res = ucl_object_typed_new (UCL_ARRAY);
- /* How much full updates happened since the last update */
- ts = rrd_result->last_update / rrd_result->pdp_per_cdp - rrd_result->rra_rows;
-
- for (i = 0; i < rrd_result->ds_count; i ++) {
- elt[i] = ucl_object_typed_new (UCL_ARRAY);
- }
-
- start_row = rrd_result->cur_row == rrd_result->rra_rows - 1 ?
- 0 : rrd_result->cur_row;
- t = ts * rrd_result->pdp_per_cdp;
- k = 0;
-
- /* Create window */
- step = ceil (((gdouble)rrd_result->rra_rows) / desired_points);
- g_assert (step >= 1);
- acc = g_malloc0 (sizeof (double) * rrd_result->ds_count * step);
-
- for (i = start_row, cnt = 0; cnt < rrd_result->rra_rows;
- cnt ++) {
-
- memcpy (&acc[k * rrd_result->ds_count],
- &rrd_result->data[i * rrd_result->ds_count],
- sizeof (gdouble) * rrd_result->ds_count);
-
- if (k < step - 1) {
- k ++;
- }
- else {
- t = ts * rrd_result->pdp_per_cdp;
-
- /* Need a fresh point */
- rspamd_controller_graph_point (t, step, rrd_result, acc, elt);
- k = 0;
- }
-
- if (i == rrd_result->rra_rows - 1) {
- i = 0;
- }
- else {
- i ++;
- }
-
- ts ++;
- }
-
- if (k > 0) {
- rspamd_controller_graph_point (t, k, rrd_result, acc, elt);
- }
-
- for (i = 0; i < rrd_result->ds_count; i++) {
- ucl_array_append (res, elt[i]);
- }
-
- rspamd_controller_send_ucl (conn_ent, res);
- ucl_object_unref (res);
- g_free (acc);
- g_free (rrd_result);
-
- return 0;
- }
-
- static void
- rspamd_controller_handle_legacy_history (
- struct rspamd_controller_session *session,
- struct rspamd_controller_worker_ctx *ctx,
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct roll_history_row *row, *copied_rows;
- guint i, rows_proc, row_num;
- struct tm tm;
- gchar timebuf[32], **syms;
- ucl_object_t *top, *obj;
-
- top = ucl_object_typed_new (UCL_ARRAY);
-
- /* Set lock on history */
- copied_rows = g_malloc (sizeof (*copied_rows) * ctx->srv->history->nrows);
- memcpy (copied_rows, ctx->srv->history->rows,
- sizeof (*copied_rows) * ctx->srv->history->nrows);
-
- /* Go through all rows */
- row_num = ctx->srv->history->cur_row;
-
- for (i = 0, rows_proc = 0; i < ctx->srv->history->nrows; i++, row_num++) {
- if (row_num == ctx->srv->history->nrows) {
- row_num = 0;
- }
- row = &copied_rows[row_num];
- /* Get only completed rows */
- if (row->completed) {
- rspamd_localtime (row->timestamp, &tm);
- strftime (timebuf, sizeof (timebuf) - 1, "%Y-%m-%d %H:%M:%S", &tm);
- obj = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (obj, ucl_object_fromstring (
- timebuf), "time", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromint (
- row->timestamp), "unix_time", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromstring (
- row->message_id), "id", 0, false);
- ucl_object_insert_key (obj, ucl_object_fromstring (row->from_addr),
- "ip", 0, false);
- ucl_object_insert_key (obj,
- ucl_object_fromstring (rspamd_action_to_str (
- row->action)), "action", 0, false);
-
- if (!isnan (row->score)) {
- ucl_object_insert_key (obj, ucl_object_fromdouble (
- row->score), "score", 0, false);
- }
- else {
- ucl_object_insert_key (obj,
- ucl_object_fromdouble (0.0), "score", 0, false);
- }
-
- if (!isnan (row->required_score)) {
- ucl_object_insert_key (obj,
- ucl_object_fromdouble (
- row->required_score), "required_score", 0, false);
- }
- else {
- ucl_object_insert_key (obj,
- ucl_object_fromdouble (0.0), "required_score", 0, false);
- }
-
- syms = g_strsplit_set (row->symbols, ", ", -1);
-
- if (syms) {
- guint nelts = g_strv_length (syms);
- ucl_object_t *syms_obj = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_reserve (syms_obj, nelts);
-
- for (guint j = 0; j < nelts; j++) {
- g_strstrip (syms[j]);
-
- if (strlen (syms[j]) == 0) {
- /* Empty garbadge */
- continue;
- }
-
- ucl_object_t *cur = ucl_object_typed_new (UCL_OBJECT);
-
- ucl_object_insert_key (cur, ucl_object_fromdouble (0.0),
- "score", 0, false);
- ucl_object_insert_key (syms_obj, cur, syms[j], 0, true);
- }
-
- ucl_object_insert_key (obj, syms_obj, "symbols", 0, false);
- g_strfreev (syms);
- }
-
- ucl_object_insert_key (obj, ucl_object_fromint (row->len),
- "size", 0, false);
- ucl_object_insert_key (obj,
- ucl_object_fromdouble (row->scan_time),
- "scan_time", 0, false);
-
- if (row->user[0] != '\0') {
- ucl_object_insert_key (obj, ucl_object_fromstring (row->user),
- "user", 0, false);
- }
- if (row->from_addr[0] != '\0') {
- ucl_object_insert_key (obj, ucl_object_fromstring (
- row->from_addr), "from", 0, false);
- }
- ucl_array_append (top, obj);
- rows_proc++;
- }
- }
-
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
- g_free (copied_rows);
- }
-
- static gboolean
- rspamd_controller_history_lua_fin_task (void *ud)
- {
- return TRUE;
- }
-
- static void
- rspamd_controller_handle_lua_history (lua_State *L,
- struct rspamd_controller_session *session,
- struct rspamd_controller_worker_ctx *ctx,
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg,
- gboolean reset)
- {
- struct rspamd_task *task, **ptask;
- struct rspamd_http_connection_entry **pconn_ent;
- GHashTable *params;
- rspamd_ftok_t srch, *found;
- glong from = 0, to = -1;
-
- params = rspamd_http_message_parse_query (msg);
-
- if (params) {
- /* Check from and to */
- RSPAMD_FTOK_ASSIGN (&srch, "from");
- found = g_hash_table_lookup (params, &srch);
-
- if (found) {
- rspamd_strtol (found->begin, found->len, &from);
- }
- RSPAMD_FTOK_ASSIGN (&srch, "to");
- found = g_hash_table_lookup (params, &srch);
-
- if (found) {
- rspamd_strtol (found->begin, found->len, &to);
- }
-
- g_hash_table_unref (params);
- }
-
- lua_getglobal (L, "rspamd_plugins");
-
- if (lua_istable (L, -1)) {
- lua_pushstring (L, "history");
- lua_gettable (L, -2);
-
- if (lua_istable (L, -1)) {
- lua_pushstring (L, "handler");
- lua_gettable (L, -2);
-
- if (lua_isfunction (L, -1)) {
- task = rspamd_task_new (session->ctx->worker, session->cfg,
- session->pool, ctx->lang_det, ctx->event_loop, FALSE);
-
- task->resolver = ctx->resolver;
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_history_lua_fin_task,
- NULL,
- (event_finalizer_t )rspamd_task_free,
- task);
- task->fin_arg = conn_ent;
-
- ptask = lua_newuserdata (L, sizeof (*ptask));
- *ptask = task;
- rspamd_lua_setclass (L, "rspamd{task}", -1);
- pconn_ent = lua_newuserdata (L, sizeof (*pconn_ent));
- *pconn_ent = conn_ent;
- rspamd_lua_setclass (L, "rspamd{csession}", -1);
- lua_pushinteger (L, from);
- lua_pushinteger (L, to);
- lua_pushboolean (L, reset);
-
- if (lua_pcall (L, 5, 0, 0) != 0) {
- msg_err_session ("call to history function failed: %s",
- lua_tostring (L, -1));
- lua_settop (L, 0);
- rspamd_task_free (task);
-
- goto err;
- }
-
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = -1;
- session->task = task;
-
- rspamd_session_pending (task->s);
- }
- else {
- msg_err_session ("rspamd_plugins.history.handler is not a function");
- lua_settop (L, 0);
- goto err;
- }
- }
- else {
- msg_err_session ("rspamd_plugins.history is not a table");
- lua_settop (L, 0);
- goto err;
- }
- }
- else {
- msg_err_session ("rspamd_plugins is absent or has incorrect type");
- lua_settop (L, 0);
- goto err;
- }
-
- lua_settop (L, 0);
-
- return;
- err:
- rspamd_controller_send_error (conn_ent, 500, "Internal error");
- }
-
- /*
- * Healthy command handler:
- * request: /healthy
- * headers: Password
- * reply: json {"success":true}
- */
- static int
- rspamd_controller_handle_healthy (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- if (session->ctx->workers_hb_lost != 0) {
- rspamd_controller_send_error (conn_ent, 500,
- "%d workers are not responding", session->ctx->workers_hb_lost);
- }
- else {
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
-
- return 0;
- }
-
- /*
- * Ready command handler:
- * request: /ready
- * headers: Password
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_ready (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- if (session->ctx->scanners_count == 0) {
- rspamd_controller_send_error (conn_ent, 500, "no healthy scanner workers are running");
- }
- else {
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
-
- return 0;
- }
-
- /*
- * History command handler:
- * request: /history
- * headers: Password
- * reply: json [
- * { label: "Foo", data: 11 },
- * { label: "Bar", data: 20 },
- * {...}
- * ]
- */
- static int
- rspamd_controller_handle_history (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- lua_State *L;
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- L = ctx->cfg->lua_state;
-
- if (!ctx->srv->history->disabled) {
- rspamd_controller_handle_legacy_history (session, ctx, conn_ent, msg);
- }
- else {
- rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,
- FALSE);
- }
-
- return 0;
- }
-
- /*
- * Errors command handler:
- * request: /errors
- * headers: Password
- * reply: json [
- * { ts: 100500, type: normal, pid: 100, module: lua, message: bad things },
- * {...}
- * ]
- */
- static int
- rspamd_controller_handle_errors (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- ucl_object_t *top;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- top = rspamd_log_errorbuf_export (ctx->worker->srv->logger);
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
-
- return 0;
- }
-
- /*
- * Neighbours command handler:
- * request: /neighbours
- * headers: Password
- * reply: json {name: {url: "http://...", host: "host"}}
- */
- static int
- rspamd_controller_handle_neighbours (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- rspamd_controller_send_ucl (conn_ent, ctx->cfg->neighbours);
-
- return 0;
- }
-
-
- static int
- rspamd_controller_handle_history_reset (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- struct roll_history_row *row;
- guint completed_rows, i, t;
- lua_State *L;
-
- ctx = session->ctx;
- L = ctx->cfg->lua_state;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- if (!ctx->srv->history->disabled) {
- /* Clean from start to the current row */
- completed_rows = g_atomic_int_get (&ctx->srv->history->cur_row);
-
- completed_rows = MIN (completed_rows, ctx->srv->history->nrows - 1);
-
- for (i = 0; i <= completed_rows; i ++) {
- t = g_atomic_int_get (&ctx->srv->history->cur_row);
-
- /* We somehow come to the race condition */
- if (i > t) {
- break;
- }
-
- row = &ctx->srv->history->rows[i];
- memset (row, 0, sizeof (*row));
- }
-
- msg_info_session ("<%s> cleared %d entries from history",
- rspamd_inet_address_to_string (session->from_addr),
- completed_rows);
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
- else {
- rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,
- TRUE);
- }
-
- return 0;
- }
-
- static gboolean
- rspamd_controller_lua_fin_task (void *ud)
- {
- struct rspamd_task *task = ud;
- struct rspamd_http_connection_entry *conn_ent;
-
- conn_ent = task->fin_arg;
-
- if (task->err != NULL) {
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- }
-
- return TRUE;
- }
-
- static int
- rspamd_controller_handle_lua (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_task *task, **ptask;
- struct rspamd_http_connection_entry **pconn;
- struct rspamd_controller_worker_ctx *ctx;
- gchar filebuf[PATH_MAX], realbuf[PATH_MAX];
- struct http_parser_url u;
- rspamd_ftok_t lookup;
- struct stat st;
- lua_State *L;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- ctx = session->ctx;
- L = ctx->cfg->lua_state;
-
- /* Find lua script */
- if (msg->url != NULL && msg->url->len != 0) {
-
- http_parser_parse_url (RSPAMD_FSTRING_DATA (msg->url),
- RSPAMD_FSTRING_LEN (msg->url), TRUE, &u);
-
- if (u.field_set & (1 << UF_PATH)) {
- lookup.begin = RSPAMD_FSTRING_DATA (msg->url) +
- u.field_data[UF_PATH].off;
- lookup.len = u.field_data[UF_PATH].len;
- }
- else {
- lookup.begin = RSPAMD_FSTRING_DATA (msg->url);
- lookup.len = RSPAMD_FSTRING_LEN (msg->url);
- }
-
- rspamd_snprintf (filebuf, sizeof (filebuf), "%s%c%T",
- ctx->static_files_dir, G_DIR_SEPARATOR, &lookup);
-
- if (realpath (filebuf, realbuf) == NULL ||
- lstat (realbuf, &st) == -1) {
- rspamd_controller_send_error (conn_ent, 404, "Cannot find path: %s",
- strerror (errno));
-
- return 0;
- }
-
- /* TODO: add caching here, should be trivial */
- /* Now we load and execute the code fragment, which should return a function */
- if (luaL_loadfile (L, realbuf) != 0) {
- rspamd_controller_send_error (conn_ent, 500, "Cannot load path: %s",
- lua_tostring (L, -1));
- lua_settop (L, 0);
-
- return 0;
- }
-
- if (lua_pcall (L, 0, 1, 0) != 0) {
- rspamd_controller_send_error (conn_ent, 501, "Cannot run path: %s",
- lua_tostring (L, -1));
- lua_settop (L, 0);
-
- return 0;
- }
-
- if (lua_type (L, -1) != LUA_TFUNCTION) {
- rspamd_controller_send_error (conn_ent, 502, "Bad return type: %s",
- lua_typename (L, lua_type (L, -1)));
- lua_settop (L, 0);
-
- return 0;
- }
-
- }
- else {
- rspamd_controller_send_error (conn_ent, 404, "Empty path is not permitted");
-
- return 0;
- }
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- ctx->lang_det, ctx->event_loop, FALSE);
-
- task->resolver = ctx->resolver;
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_lua_fin_task,
- NULL,
- (event_finalizer_t )rspamd_task_free,
- task);
- task->fin_arg = conn_ent;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = -1;
- session->task = task;
-
- if (msg->body_buf.len > 0) {
- if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- return 0;
- }
- }
-
- ptask = lua_newuserdata (L, sizeof (*ptask));
- rspamd_lua_setclass (L, "rspamd{task}", -1);
- *ptask = task;
-
- pconn = lua_newuserdata (L, sizeof (*pconn));
- rspamd_lua_setclass (L, "rspamd{csession}", -1);
- *pconn = conn_ent;
-
- if (lua_pcall (L, 2, 0, 0) != 0) {
- rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",
- lua_tostring (L, -1));
- lua_settop (L, 0);
-
- return 0;
- }
-
- rspamd_session_pending (task->s);
-
- return 0;
- }
-
- static gboolean
- rspamd_controller_learn_fin_task (void *ud)
- {
- struct rspamd_task *task = ud;
- struct rspamd_controller_session *session;
- struct rspamd_http_connection_entry *conn_ent;
-
- conn_ent = task->fin_arg;
- session = conn_ent->ud;
-
- if (task->err != NULL) {
- msg_info_session ("cannot learn <%s>: %e",
- MESSAGE_FIELD (task, message_id), task->err);
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
-
- return TRUE;
- }
-
- if (RSPAMD_TASK_IS_PROCESSED (task)) {
- /* Successful learn */
- msg_info_task ("<%s> learned message as %s: %s",
- rspamd_inet_address_to_string (session->from_addr),
- session->is_spam ? "spam" : "ham",
- MESSAGE_FIELD (task, message_id));
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- return TRUE;
- }
-
- if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {
- msg_info_task ("cannot learn <%s>: %e",
- MESSAGE_FIELD (task, message_id), task->err);
-
- if (task->err) {
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- }
- else {
- rspamd_controller_send_error (conn_ent, 500,
- "Internal error");
- }
- }
-
- if (RSPAMD_TASK_IS_PROCESSED (task)) {
- if (task->err) {
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- }
- else {
- msg_info_task ("<%s> learned message as %s: %s",
- rspamd_inet_address_to_string (session->from_addr),
- session->is_spam ? "spam" : "ham",
- MESSAGE_FIELD (task, message_id));
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
-
- return TRUE;
- }
-
- /* One more iteration */
- return FALSE;
- }
-
- static void
- rspamd_controller_scan_reply (struct rspamd_task *task)
- {
- struct rspamd_http_message *msg;
- struct rspamd_http_connection_entry *conn_ent;
-
- conn_ent = task->fin_arg;
- msg = rspamd_http_new_message (HTTP_RESPONSE);
- msg->date = time (NULL);
- msg->code = 200;
- rspamd_protocol_http_reply (msg, task, NULL);
- rspamd_http_connection_reset (conn_ent->conn);
- rspamd_http_router_insert_headers (conn_ent->rt, msg);
- rspamd_http_connection_write_message (conn_ent->conn, msg, NULL,
- "application/json", conn_ent, conn_ent->rt->timeout);
- conn_ent->is_reply = TRUE;
- }
-
- static gboolean
- rspamd_controller_check_fin_task (void *ud)
- {
- struct rspamd_task *task = ud;
- struct rspamd_http_connection_entry *conn_ent;
-
- msg_debug_task ("finish task");
- conn_ent = task->fin_arg;
-
- if (task->err) {
- msg_info_task ("cannot check <%s>: %e",
- MESSAGE_FIELD_CHECK (task, message_id), task->err);
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- return TRUE;
- }
-
- if (RSPAMD_TASK_IS_PROCESSED (task)) {
- rspamd_controller_scan_reply (task);
- return TRUE;
- }
-
- if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {
- rspamd_controller_scan_reply (task);
- return TRUE;
- }
-
- if (RSPAMD_TASK_IS_PROCESSED (task)) {
- rspamd_controller_scan_reply (task);
- return TRUE;
- }
-
- /* One more iteration */
- return FALSE;
- }
-
- static int
- rspamd_controller_handle_learn_common (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg,
- gboolean is_spam)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_task *task;
- const rspamd_ftok_t *cl_header;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- if (rspamd_http_message_get_body (msg, NULL) == NULL) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- session->ctx->lang_det, ctx->event_loop, FALSE);
-
- task->resolver = ctx->resolver;
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_learn_fin_task,
- NULL,
- (event_finalizer_t )rspamd_task_free,
- task);
- task->fin_arg = conn_ent;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = -1;
- session->task = task;
-
- cl_header = rspamd_http_message_find_header (msg, "classifier");
- if (cl_header) {
- session->classifier = rspamd_mempool_ftokdup (session->pool, cl_header);
- }
- else {
- session->classifier = NULL;
- }
-
- if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {
- goto end;
- }
-
- rspamd_learn_task_spam (task, is_spam, session->classifier, NULL);
-
- if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {
- msg_warn_session ("<%s> message cannot be processed",
- MESSAGE_FIELD (task, message_id));
- goto end;
- }
-
- end:
- session->is_spam = is_spam;
- rspamd_session_pending (task->s);
-
- return 0;
- }
-
- /*
- * Learn spam command handler:
- * request: /learnspam
- * headers: Password
- * input: plaintext data
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_learnspam (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- return rspamd_controller_handle_learn_common (conn_ent, msg, TRUE);
- }
- /*
- * Learn ham command handler:
- * request: /learnham
- * headers: Password
- * input: plaintext data
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_learnham (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- return rspamd_controller_handle_learn_common (conn_ent, msg, FALSE);
- }
-
- /*
- * Scan command handler:
- * request: /scan
- * headers: Password
- * input: plaintext data
- * reply: json {scan data} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_task *task;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- ctx->lang_det, ctx->event_loop, FALSE);
-
- task->resolver = ctx->resolver;
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_check_fin_task,
- NULL,
- (event_finalizer_t )rspamd_task_free,
- task);
- task->fin_arg = conn_ent;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);
- task->sock = conn_ent->conn->fd;
- task->flags |= RSPAMD_TASK_FLAG_MIME;
- task->resolver = ctx->resolver;
-
- if (!rspamd_protocol_handle_request (task, msg)) {
- goto end;
- }
-
- if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {
- goto end;
- }
-
- if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {
- goto end;
- }
-
- if (ctx->task_timeout > 0.0) {
- task->timeout_ev.data = task;
- ev_timer_init (&task->timeout_ev, rspamd_task_timeout,
- ctx->task_timeout, ctx->task_timeout);
- ev_timer_start (task->event_loop, &task->timeout_ev);
- ev_set_priority (&task->timeout_ev, EV_MAXPRI);
- }
-
- end:
- session->task = task;
- rspamd_session_pending (task->s);
-
- return 0;
- }
-
- /*
- * Save actions command handler:
- * request: /saveactions
- * headers: Password
- * input: json array [<spam>,<probable spam>,<greylist>]
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_saveactions (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct ucl_parser *parser;
- ucl_object_t *obj;
- const ucl_object_t *cur;
- struct rspamd_controller_worker_ctx *ctx;
- const gchar *error;
- gdouble score;
- gint i, added = 0;
- enum rspamd_action_type act;
- ucl_object_iter_t it = NULL;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- if (rspamd_http_message_get_body (msg, NULL) == NULL) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- parser = ucl_parser_new (0);
- if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {
- if ((error = ucl_parser_get_error (parser)) != NULL) {
- msg_err_session ("cannot parse input: %s", error);
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_parser_free (parser);
- return 0;
- }
-
- msg_err_session ("cannot parse input: unknown error");
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_parser_free (parser);
- return 0;
- }
-
- obj = ucl_parser_get_object (parser);
- ucl_parser_free (parser);
-
- if (obj->type != UCL_ARRAY || obj->len != 4) {
- msg_err_session ("input is not an array of 4 elements");
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_object_unref (obj);
- return 0;
- }
-
- it = ucl_object_iterate_new (obj);
-
- for (i = 0; i < 4; i++) {
- cur = ucl_object_iterate_safe (it, TRUE);
-
- switch (i) {
- case 0:
- default:
- act = METRIC_ACTION_REJECT;
- break;
- case 1:
- act = METRIC_ACTION_REWRITE_SUBJECT;
- break;
- case 2:
- act = METRIC_ACTION_ADD_HEADER;
- break;
- case 3:
- act = METRIC_ACTION_GREYLIST;
- break;
- }
-
- if (ucl_object_type (cur) == UCL_NULL) {
- /* Assume NaN */
- score = NAN;
- }
- else {
- score = ucl_object_todouble (cur);
- }
-
- if ((isnan (session->cfg->actions[act].threshold) != isnan (score)) ||
- (session->cfg->actions[act].threshold != score)) {
- add_dynamic_action (ctx->cfg, DEFAULT_METRIC, act, score);
- added ++;
- }
- else {
- if (remove_dynamic_action (ctx->cfg, DEFAULT_METRIC, act)) {
- added ++;
- }
- }
- }
-
- ucl_object_iterate_free (it);
-
- if (dump_dynamic_config (ctx->cfg)) {
- msg_info_session ("<%s> modified %d actions",
- rspamd_inet_address_to_string (session->from_addr),
- added);
-
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
- else {
- rspamd_controller_send_error (conn_ent, 500, "Save error");
- }
-
- ucl_object_unref (obj);
-
- return 0;
- }
-
- /*
- * Save symbols command handler:
- * request: /savesymbols
- * headers: Password
- * input: json data
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_savesymbols (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct ucl_parser *parser;
- ucl_object_t *obj;
- const ucl_object_t *cur, *jname, *jvalue;
- ucl_object_iter_t iter = NULL;
- struct rspamd_controller_worker_ctx *ctx;
- const gchar *error;
- gdouble val;
- struct rspamd_symbol *sym;
- int added = 0;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- if (rspamd_http_message_get_body (msg, NULL) == NULL) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- parser = ucl_parser_new (0);
- if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {
- if ((error = ucl_parser_get_error (parser)) != NULL) {
- msg_err_session ("cannot parse input: %s", error);
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_parser_free (parser);
- return 0;
- }
-
- msg_err_session ("cannot parse input: unknown error");
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_parser_free (parser);
- return 0;
- }
-
- obj = ucl_parser_get_object (parser);
- ucl_parser_free (parser);
-
- if (obj->type != UCL_ARRAY) {
- msg_err_session ("input is not an array");
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_object_unref (obj);
- return 0;
- }
-
- iter = ucl_object_iterate_new (obj);
-
- while ((cur = ucl_object_iterate_safe (iter, true))) {
- if (cur->type != UCL_OBJECT) {
- msg_err_session ("json array data error");
- rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
- ucl_object_unref (obj);
- ucl_object_iterate_free (iter);
-
- return 0;
- }
-
- jname = ucl_object_lookup (cur, "name");
- jvalue = ucl_object_lookup (cur, "value");
- val = ucl_object_todouble (jvalue);
- sym = g_hash_table_lookup (session->cfg->symbols, ucl_object_tostring (jname));
-
- if (sym && fabs (*sym->weight_ptr - val) > 0.01) {
- if (!add_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,
- ucl_object_tostring (jname), val)) {
- msg_err_session ("add symbol failed for %s",
- ucl_object_tostring (jname));
- rspamd_controller_send_error (conn_ent, 506,
- "Add symbol failed");
- ucl_object_unref (obj);
- ucl_object_iterate_free (iter);
-
- return 0;
- }
- added ++;
- }
- else if (sym && ctx->cfg->dynamic_conf) {
- if (remove_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,
- ucl_object_tostring (jname))) {
- added ++;
- }
- }
- }
-
- ucl_object_iterate_free (iter);
-
- if (added > 0) {
- if (ctx->cfg->dynamic_conf) {
- if (dump_dynamic_config (ctx->cfg)) {
- msg_info_session ("<%s> modified %d symbols",
- rspamd_inet_address_to_string (session->from_addr),
- added);
-
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
- else {
- rspamd_controller_send_error (conn_ent, 500, "Save error");
- }
- }
- else {
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
- }
- }
- else {
- msg_err_session ("no symbols to save");
- rspamd_controller_send_error (conn_ent, 404, "No symbols to save");
- }
-
- ucl_object_unref (obj);
-
- return 0;
- }
-
- /*
- * Save map command handler:
- * request: /savemap
- * headers: Password, Map
- * input: plaintext data
- * reply: json {"success":true} or {"error":"error message"}
- */
- static int
- rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- GList *cur;
- struct rspamd_map *map = NULL;
- struct rspamd_map_backend *bk;
- struct rspamd_controller_worker_ctx *ctx;
- const rspamd_ftok_t *idstr;
- gulong id, i;
- gboolean found = FALSE;
- gchar tempname[PATH_MAX];
- gint fd;
-
- ctx = session->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- if (rspamd_http_message_get_body (msg, NULL) == NULL) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- idstr = rspamd_http_message_find_header (msg, "Map");
-
- if (idstr == NULL) {
- msg_info_session ("absent map id");
- rspamd_controller_send_error (conn_ent, 400, "Map id not specified");
- return 0;
- }
-
- if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {
- msg_info_session ("invalid map id: %T", idstr);
- rspamd_controller_send_error (conn_ent, 400, "Map id is invalid");
- return 0;
- }
-
- /* Now let's be sure that we have map defined in configuration */
- cur = ctx->cfg->maps;
- while (cur && !found) {
- map = cur->data;
-
- PTR_ARRAY_FOREACH (map->backends, i, bk) {
- if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {
- found = TRUE;
- break;
- }
- }
- cur = g_list_next (cur);
- }
-
- if (!found) {
- msg_info_session ("map not found: %L", id);
- rspamd_controller_send_error (conn_ent, 404, "Map id not found");
- return 0;
- }
-
- rspamd_snprintf (tempname, sizeof (tempname), "%s.newXXXXXX", bk->uri);
- fd = g_mkstemp_full (tempname, O_WRONLY, 00644);
-
- if (fd == -1) {
- msg_info_session ("map %s open error: %s", tempname, strerror (errno));
- rspamd_controller_send_error (conn_ent, 404,
- "Cannot open map: %s",
- strerror (errno));
- return 0;
- }
-
- if (write (fd, msg->body_buf.begin, msg->body_buf.len) == -1) {
- msg_info_session ("map %s write error: %s", tempname, strerror (errno));
- unlink (tempname);
- close (fd);
- rspamd_controller_send_error (conn_ent, 500, "Map write error: %s",
- strerror (errno));
- return 0;
- }
-
- /* Rename */
- if (rename (tempname, bk->uri) == -1) {
- msg_info_session ("map %s rename error: %s", tempname, strerror (errno));
- unlink (tempname);
- close (fd);
- rspamd_controller_send_error (conn_ent, 500, "Map rename error: %s",
- strerror (errno));
- return 0;
- }
-
- msg_info_session ("<%s>, map %s saved",
- rspamd_inet_address_to_string (session->from_addr),
- bk->uri);
- close (fd);
-
- rspamd_controller_send_string (conn_ent, "{\"success\":true}");
-
- return 0;
- }
-
- struct rspamd_stat_cbdata {
- struct rspamd_http_connection_entry *conn_ent;
- ucl_object_t *top;
- ucl_object_t *stat;
- struct rspamd_task *task;
- guint64 learned;
- };
-
- static gboolean
- rspamd_controller_stat_fin_task (void *ud)
- {
- struct rspamd_stat_cbdata *cbdata = ud;
- struct rspamd_http_connection_entry *conn_ent;
- ucl_object_t *top, *ar;
- GList *fuzzy_elts, *cur;
- struct rspamd_fuzzy_stat_entry *entry;
-
- conn_ent = cbdata->conn_ent;
- top = cbdata->top;
-
- ucl_object_insert_key (top,
- ucl_object_fromint (cbdata->learned), "total_learns", 0, false);
-
- if (cbdata->stat) {
- ucl_object_insert_key (top, cbdata->stat, "statfiles", 0, false);
- }
-
- fuzzy_elts = rspamd_mempool_get_variable (cbdata->task->task_pool, "fuzzy_stat");
-
- if (fuzzy_elts) {
- ar = ucl_object_typed_new (UCL_OBJECT);
-
- for (cur = fuzzy_elts; cur != NULL; cur = g_list_next (cur)) {
- entry = cur->data;
-
- if (entry->name) {
- ucl_object_insert_key (ar, ucl_object_fromint (entry->fuzzy_cnt),
- entry->name, 0, true);
- }
- }
-
- ucl_object_insert_key (top, ar, "fuzzy_hashes", 0, false);
- }
-
- rspamd_controller_send_ucl (conn_ent, top);
-
-
- return TRUE;
- }
-
- static void
- rspamd_controller_stat_cleanup_task (void *ud)
- {
- struct rspamd_stat_cbdata *cbdata = ud;
-
- rspamd_task_free (cbdata->task);
- ucl_object_unref (cbdata->top);
- }
-
- /*
- * Stat command handler:
- * request: /stat (/resetstat)
- * headers: Password
- * reply: json data
- */
- static int
- rspamd_controller_handle_stat_common (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg,
- gboolean do_reset)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- ucl_object_t *top, *sub;
- gint i;
- int64_t uptime;
- guint64 spam = 0, ham = 0;
- rspamd_mempool_stat_t mem_st;
- struct rspamd_stat *stat, stat_copy;
- struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_task *task;
- struct rspamd_stat_cbdata *cbdata;
-
- memset (&mem_st, 0, sizeof (mem_st));
- rspamd_mempool_stat (&mem_st);
- memcpy (&stat_copy, session->ctx->worker->srv->stat, sizeof (stat_copy));
- stat = &stat_copy;
- ctx = session->ctx;
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- ctx->lang_det, ctx->event_loop, FALSE);
- task->resolver = ctx->resolver;
- cbdata = rspamd_mempool_alloc0 (session->pool, sizeof (*cbdata));
- cbdata->conn_ent = conn_ent;
- cbdata->task = task;
- top = ucl_object_typed_new (UCL_OBJECT);
- cbdata->top = top;
-
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_stat_fin_task,
- NULL,
- rspamd_controller_stat_cleanup_task,
- cbdata);
- task->fin_arg = cbdata;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = conn_ent->conn->fd;
-
- ucl_object_insert_key (top, ucl_object_fromstring (
- RVERSION), "version", 0, false);
- ucl_object_insert_key (top, ucl_object_fromstring (
- session->ctx->cfg->checksum), "config_id", 0, false);
- uptime = ev_time () - session->ctx->start_time;
- ucl_object_insert_key (top, ucl_object_fromint (
- uptime), "uptime", 0, false);
- ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
- "read_only", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- stat->messages_scanned), "scanned", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- stat->messages_learned), "learned", 0, false);
-
- if (stat->messages_scanned > 0) {
- sub = ucl_object_typed_new (UCL_OBJECT);
- for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {
- ucl_object_insert_key (sub,
- ucl_object_fromint (stat->actions_stat[i]),
- rspamd_action_to_str (i), 0, false);
- if (i < METRIC_ACTION_GREYLIST) {
- spam += stat->actions_stat[i];
- }
- else {
- ham += stat->actions_stat[i];
- }
- if (do_reset) {
- #ifndef HAVE_ATOMIC_BUILTINS
- session->ctx->worker->srv->stat->actions_stat[i] = 0;
- #else
- __atomic_store_n(&session->ctx->worker->srv->stat->actions_stat[i],
- 0, __ATOMIC_RELEASE);
- #endif
- }
- }
- ucl_object_insert_key (top, sub, "actions", 0, false);
- }
-
- ucl_object_insert_key (top, ucl_object_fromint (
- spam), "spam_count", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- ham), "ham_count", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (stat->connections_count), "connections", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (stat->control_connections_count),
- "control_connections", 0, false);
-
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.pools_allocated), "pools_allocated", 0,
- false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.pools_freed), "pools_freed", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.bytes_allocated), "bytes_allocated", 0,
- false);
- ucl_object_insert_key (top,
- ucl_object_fromint (
- mem_st.chunks_allocated), "chunks_allocated", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.shared_chunks_allocated),
- "shared_chunks_allocated", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.chunks_freed), "chunks_freed", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (
- mem_st.oversized_chunks), "chunks_oversized", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.fragmented_size), "fragmented", 0, false);
-
- if (do_reset) {
- session->ctx->srv->stat->messages_scanned = 0;
- session->ctx->srv->stat->messages_learned = 0;
- session->ctx->srv->stat->connections_count = 0;
- session->ctx->srv->stat->control_connections_count = 0;
- rspamd_mempool_stat_reset ();
- }
-
- fuzzy_stat_command (task);
-
- /* Now write statistics for each statfile */
- rspamd_stat_statistics (task, session->ctx->cfg, &cbdata->learned,
- &cbdata->stat);
- session->task = task;
- rspamd_session_pending (task->s);
-
- return 0;
- }
-
- static int
- rspamd_controller_handle_stat (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- return rspamd_controller_handle_stat_common (conn_ent, msg, FALSE);
- }
-
- static int
- rspamd_controller_handle_statreset (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {
- return 0;
- }
-
- msg_info_session ("<%s> reset stat",
- rspamd_inet_address_to_string (session->from_addr));
- return rspamd_controller_handle_stat_common (conn_ent, msg, TRUE);
- }
-
- /*
- * Metrics command handler:
- * request: /metrics
- * headers: Password
- * reply: OpenMetrics
- */
-
- static gboolean
- rspamd_controller_metrics_fin_task (void *ud) {
- struct rspamd_stat_cbdata *cbdata = ud;
- struct rspamd_http_connection_entry *conn_ent;
- ucl_object_t *top;
- GList *fuzzy_elts, *cur;
- struct rspamd_fuzzy_stat_entry *entry;
- rspamd_fstring_t *output;
- gint i;
-
- conn_ent = cbdata->conn_ent;
- top = cbdata->top;
-
- ucl_object_insert_key (top,
- ucl_object_fromint (cbdata->learned), "total_learns", 0, false);
-
- output = rspamd_fstring_sized_new (1024);
- rspamd_printf_fstring (&output, "# HELP rspamd_build_info A metric with a constant '1' value labeled by version from which rspamd was built.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_build_info gauge\n");
- rspamd_printf_fstring (&output, "rspamd_build_info{version=\"%s\"} 1\n",
- ucl_object_tostring (ucl_object_lookup (top, "version")));
- rspamd_printf_fstring (&output, "# HELP rspamd_config A metric with a constant '1' value labeled by id of the current config.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_config gauge\n");
- rspamd_printf_fstring (&output, "rspamd_config{id=\"%s\"} 1\n",
- ucl_object_tostring (ucl_object_lookup (top, "config_id")));
- rspamd_printf_fstring (&output, "# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.\n");
- rspamd_printf_fstring (&output, "# TYPE process_start_time_seconds gauge\n");
- rspamd_printf_fstring (&output, "process_start_time_seconds %L\n",
- ucl_object_toint (ucl_object_lookup (top, "start_time")));
- rspamd_printf_fstring (&output, "# HELP rspamd_read_only Whether the rspamd instance is read-only.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_read_only gauge\n");
- rspamd_printf_fstring (&output, "rspamd_read_only %L\n",
- ucl_object_toint (ucl_object_lookup (top, "read_only")));
- rspamd_printf_fstring (&output, "# HELP rspamd_scanned_total Scanned messages.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_scanned_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_scanned_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "scanned")));
- rspamd_printf_fstring (&output, "# HELP rspamd_learned_total Learned messages.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_learned_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_learned_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "learned")));
- rspamd_printf_fstring (&output, "# HELP rspamd_spam_total Messages classified as spam.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_spam_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_spam_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "spam_count")));
- rspamd_printf_fstring (&output, "# HELP rspamd_ham_total Messages classified as ham.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_ham_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_ham_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "ham_count")));
- rspamd_printf_fstring (&output, "# HELP rspamd_connections Active connections.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_connections gauge\n");
- rspamd_printf_fstring (&output, "rspamd_connections %L\n",
- ucl_object_toint (ucl_object_lookup (top, "connections")));
- rspamd_printf_fstring (&output, "# HELP rspamd_control_connections_total Control connections.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_control_connections_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_control_connections_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "control_connections")));
- rspamd_printf_fstring (&output, "# HELP rspamd_pools_allocated Pools allocated.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_pools_allocated gauge\n");
- rspamd_printf_fstring (&output, "rspamd_pools_allocated %L\n",
- ucl_object_toint (ucl_object_lookup (top, "pools_allocated")));
- rspamd_printf_fstring (&output, "# HELP rspamd_pools_freed Pools freed.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_pools_freed gauge\n");
- rspamd_printf_fstring (&output, "rspamd_pools_freed %L\n",
- ucl_object_toint (ucl_object_lookup (top, "pools_freed")));
- rspamd_printf_fstring (&output, "# HELP rspamd_allocated_bytes Bytes allocated.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_allocated_bytes gauge\n");
- rspamd_printf_fstring (&output, "rspamd_allocated_bytes %L\n",
- ucl_object_toint (ucl_object_lookup (top, "bytes_allocated")));
- rspamd_printf_fstring (&output, "# HELP rspamd_chunks_allocated Chunks allocated.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_chunks_allocated gauge\n");
- rspamd_printf_fstring (&output, "rspamd_chunks_allocated %L\n",
- ucl_object_toint (ucl_object_lookup (top, "chunks_allocated")));
- rspamd_printf_fstring (&output, "# HELP rspamd_shared_chunks_allocated Shared chunks allocated.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_shared_chunks_allocated gauge\n");
- rspamd_printf_fstring (&output, "rspamd_shared_chunks_allocated %L\n",
- ucl_object_toint (ucl_object_lookup (top, "shared_chunks_allocated")));
- rspamd_printf_fstring (&output, "# HELP rspamd_chunks_freed Chunks freed.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_chunks_freed gauge\n");
- rspamd_printf_fstring (&output, "rspamd_chunks_freed %L\n",
- ucl_object_toint (ucl_object_lookup (top, "chunks_freed")));
- rspamd_printf_fstring (&output, "# HELP rspamd_chunks_oversized Chunks oversized.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_chunks_oversized gauge\n");
- rspamd_printf_fstring (&output, "rspamd_chunks_oversized %L\n",
- ucl_object_toint (ucl_object_lookup (top, "chunks_oversized")));
- rspamd_printf_fstring (&output, "# HELP rspamd_fragmented Fragmented.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_fragmented gauge\n");
- rspamd_printf_fstring (&output, "rspamd_fragmented %L\n",
- ucl_object_toint (ucl_object_lookup (top, "fragmented")));
- rspamd_printf_fstring (&output, "# HELP rspamd_learns_total Total learns.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_learns_total counter\n");
- rspamd_printf_fstring (&output, "rspamd_learns_total %L\n",
- ucl_object_toint (ucl_object_lookup (top, "total_learns")));
-
- const ucl_object_t *acts_obj = ucl_object_lookup (top, "actions");
-
- if (acts_obj) {
- rspamd_printf_fstring (&output, "# HELP rspamd_actions_total Actions labelled by action type.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_actions_total counter\n");
- for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {
- const char *str_act = rspamd_action_to_str (i);
- const ucl_object_t *act = ucl_object_lookup (acts_obj, str_act);
-
- if (act) {
- rspamd_printf_fstring(&output, "rspamd_actions_total{type=\"%s\"} %L\n",
- str_act,
- ucl_object_toint(act));
- }
- else {
- rspamd_printf_fstring (&output, "rspamd_actions_total{type=\"%s\"} 0\n",
- str_act);
- }
- }
- }
-
- if (cbdata->stat) {
- const ucl_object_t *cur_elt;
- ucl_object_iter_t it = NULL;
- rspamd_fstring_t *revision;
- rspamd_fstring_t *used;
- rspamd_fstring_t *total;
- rspamd_fstring_t *size;
- rspamd_fstring_t *languages;
- rspamd_fstring_t *users;
-
- revision = rspamd_fstring_sized_new (16);
- used = rspamd_fstring_sized_new (16);
- total = rspamd_fstring_sized_new (16);
- size = rspamd_fstring_sized_new (16);
- languages = rspamd_fstring_sized_new (16);
- users = rspamd_fstring_sized_new (16);
-
- while ((cur_elt = ucl_object_iterate (cbdata->stat, &it, true))) {
- const char *sym = ucl_object_tostring (ucl_object_lookup (cur_elt, "symbol"));
- const char *type = ucl_object_tostring (ucl_object_lookup (cur_elt, "type"));
-
- if (sym && type) {
- rspamd_printf_fstring (&revision, "rspamd_statfiles_revision{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "revision")));
- rspamd_printf_fstring (&used, "rspamd_statfiles_used{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "used")));
- rspamd_printf_fstring (&total, "rspamd_statfiles_totals{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "total")));
- rspamd_printf_fstring (&size, "rspamd_statfiles_size{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "size")));
- rspamd_printf_fstring (&languages, "rspamd_statfiles_languages{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "languages")));
- rspamd_printf_fstring (&users, "rspamd_statfiles_users{symbol=\"%s\",type=\"%s\"} %L\n",
- sym,
- type,
- ucl_object_toint (ucl_object_lookup (cur_elt, "users")));
- }
- }
-
- if (RSPAMD_FSTRING_LEN(revision) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_revision Stat files revision.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_revision gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(revision), RSPAMD_FSTRING_LEN(revision));
- }
- if (RSPAMD_FSTRING_LEN(used) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_used Stat files used.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_used gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(used), RSPAMD_FSTRING_LEN(used));
- }
- if (RSPAMD_FSTRING_LEN(total) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_totals Stat files total.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_totals gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(total), RSPAMD_FSTRING_LEN(total));
- }
- if (RSPAMD_FSTRING_LEN(size) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_size Stat files size.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_size gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(size), RSPAMD_FSTRING_LEN(size));
- }
- if (RSPAMD_FSTRING_LEN(languages) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_languages Stat files languages.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_languages gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(languages), RSPAMD_FSTRING_LEN(languages));
- }
- if (RSPAMD_FSTRING_LEN(users) > 0) {
- rspamd_printf_fstring (&output, "# HELP rspamd_statfiles_users Stat files users.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_statfiles_users gauge\n");
- output = rspamd_fstring_append (output,
- RSPAMD_FSTRING_DATA(users), RSPAMD_FSTRING_LEN(users));
- }
-
- rspamd_fstring_free (revision);
- rspamd_fstring_free (used);
- rspamd_fstring_free (total);
- rspamd_fstring_free (size);
- rspamd_fstring_free (languages);
- rspamd_fstring_free (users);
- }
-
- fuzzy_elts = rspamd_mempool_get_variable (cbdata->task->task_pool, "fuzzy_stat");
-
- if (fuzzy_elts) {
- rspamd_printf_fstring (&output, "# HELP rspamd_fuzzy_stat Fuzzy stat labelled by storage.\n");
- rspamd_printf_fstring (&output, "# TYPE rspamd_fuzzy_stat gauge\n");
- for (cur = fuzzy_elts; cur != NULL; cur = g_list_next (cur)) {
- entry = cur->data;
-
- if (entry->name) {
- rspamd_printf_fstring (&output, "rspamd_fuzzy_stat{storage=\"%s\"} %ud\n",
- entry->name, entry->fuzzy_cnt);
- }
- }
- }
-
- rspamd_printf_fstring (&output, "# EOF\n");
-
- rspamd_controller_send_openmetrics (conn_ent, output);
-
- return TRUE;
- }
-
- static int
- rspamd_controller_handle_metrics_common (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg,
- gboolean do_reset)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- ucl_object_t *top, *sub;
- gint i;
- int64_t uptime;
- guint64 spam = 0, ham = 0;
- rspamd_mempool_stat_t mem_st;
- struct rspamd_stat *stat, stat_copy;
- struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_task *task;
- struct rspamd_stat_cbdata *cbdata;
-
- memset (&mem_st, 0, sizeof (mem_st));
- rspamd_mempool_stat (&mem_st);
- memcpy (&stat_copy, session->ctx->worker->srv->stat, sizeof (stat_copy));
- stat = &stat_copy;
- ctx = session->ctx;
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- ctx->lang_det, ctx->event_loop, FALSE);
- task->resolver = ctx->resolver;
- cbdata = rspamd_mempool_alloc0 (session->pool, sizeof (*cbdata));
- cbdata->conn_ent = conn_ent;
- cbdata->task = task;
- top = ucl_object_typed_new (UCL_OBJECT);
- cbdata->top = top;
-
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_metrics_fin_task,
- NULL,
- rspamd_controller_stat_cleanup_task,
- cbdata);
- task->fin_arg = cbdata;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = conn_ent->conn->fd;
-
- ucl_object_insert_key (top, ucl_object_fromstring (
- RVERSION), "version", 0, false);
- ucl_object_insert_key (top, ucl_object_fromstring (
- session->ctx->cfg->checksum), "config_id", 0, false);
- uptime = ev_time () - session->ctx->start_time;
- ucl_object_insert_key (top, ucl_object_fromint (
- uptime), "uptime", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- session->ctx->start_time), "start_time", 0, false);
- ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
- "read_only", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- stat->messages_scanned), "scanned", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- stat->messages_learned), "learned", 0, false);
-
- if (stat->messages_scanned > 0) {
- sub = ucl_object_typed_new (UCL_OBJECT);
- for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {
- ucl_object_insert_key (sub,
- ucl_object_fromint (stat->actions_stat[i]),
- rspamd_action_to_str (i), 0, false);
- if (i < METRIC_ACTION_GREYLIST) {
- spam += stat->actions_stat[i];
- }
- else {
- ham += stat->actions_stat[i];
- }
- if (do_reset) {
- #ifndef HAVE_ATOMIC_BUILTINS
- session->ctx->worker->srv->stat->actions_stat[i] = 0;
- #else
- __atomic_store_n(&session->ctx->worker->srv->stat->actions_stat[i],
- 0, __ATOMIC_RELEASE);
- #endif
- }
- }
- ucl_object_insert_key (top, sub, "actions", 0, false);
- }
-
- ucl_object_insert_key (top, ucl_object_fromint (
- spam), "spam_count", 0, false);
- ucl_object_insert_key (top, ucl_object_fromint (
- ham), "ham_count", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (stat->connections_count), "connections", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (stat->control_connections_count),
- "control_connections", 0, false);
-
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.pools_allocated), "pools_allocated", 0,
- false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.pools_freed), "pools_freed", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.bytes_allocated), "bytes_allocated", 0,
- false);
- ucl_object_insert_key (top,
- ucl_object_fromint (
- mem_st.chunks_allocated), "chunks_allocated", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.shared_chunks_allocated),
- "shared_chunks_allocated", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.chunks_freed), "chunks_freed", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (
- mem_st.oversized_chunks), "chunks_oversized", 0, false);
- ucl_object_insert_key (top,
- ucl_object_fromint (mem_st.fragmented_size), "fragmented", 0, false);
-
- if (do_reset) {
- session->ctx->srv->stat->messages_scanned = 0;
- session->ctx->srv->stat->messages_learned = 0;
- session->ctx->srv->stat->connections_count = 0;
- session->ctx->srv->stat->control_connections_count = 0;
- rspamd_mempool_stat_reset ();
- }
-
- fuzzy_stat_command (task);
-
- /* Now write statistics for each statfile */
- rspamd_stat_statistics (task, session->ctx->cfg, &cbdata->learned,
- &cbdata->stat);
- session->task = task;
-
- rspamd_session_pending (task->s);
-
-
- return 0;
- }
-
-
- static int
- rspamd_controller_handle_metrics (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
- return rspamd_controller_handle_metrics_common (conn_ent, msg, FALSE);
- }
-
-
- /*
- * Counters command handler:
- * request: /counters
- * headers: Password
- * reply: json array of all counters
- */
- static int
- rspamd_controller_handle_counters (
- struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- ucl_object_t *top;
- struct rspamd_symcache *cache;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {
- return 0;
- }
-
- cache = session->ctx->cfg->cache;
-
- if (cache != NULL) {
- top = rspamd_symcache_counters (cache);
- rspamd_controller_send_ucl (conn_ent, top);
- ucl_object_unref (top);
- }
- else {
- rspamd_controller_send_error (conn_ent, 500, "Invalid cache");
- }
-
- return 0;
- }
-
- static int
- rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_custom_controller_command *cmd;
- gchar *url_str;
- struct http_parser_url u;
- rspamd_ftok_t lookup;
-
- http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);
-
- if (u.field_set & (1 << UF_PATH)) {
- gsize unnorm_len;
- lookup.begin = msg->url->str + u.field_data[UF_PATH].off;
- lookup.len = u.field_data[UF_PATH].len;
-
- rspamd_http_normalize_path_inplace ((gchar *)lookup.begin,
- lookup.len,
- &unnorm_len);
- lookup.len = unnorm_len;
- }
- else {
- lookup.begin = msg->url->str;
- lookup.len = msg->url->len;
- }
-
- url_str = rspamd_ftok_cstr (&lookup);
- cmd = g_hash_table_lookup (session->ctx->custom_commands, url_str);
- g_free (url_str);
-
- if (cmd == NULL || cmd->handler == NULL) {
- msg_err_session ("custom command %T has not been found", &lookup);
- rspamd_controller_send_error (conn_ent, 404, "No command associated");
- return 0;
- }
-
- if (!rspamd_controller_check_password (conn_ent, session, msg,
- cmd->privilleged)) {
- return 0;
- }
- if (cmd->require_message && (rspamd_http_message_get_body (msg, NULL) == NULL)) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- /* Transfer query arguments to headers */
- if (u.field_set & (1u << UF_QUERY)) {
- GHashTable *query_args;
- GHashTableIter it;
- gpointer k, v;
- rspamd_ftok_t *key, *value;
-
- /* In case if we have a query, we need to store it somewhere */
- query_args = rspamd_http_message_parse_query (msg);
-
- /* Insert the rest of query params as HTTP headers */
- g_hash_table_iter_init (&it, query_args);
-
- while (g_hash_table_iter_next (&it, &k, &v)) {
- key = k;
- value = v;
- /* Steal strings */
- g_hash_table_iter_steal (&it);
- url_str = rspamd_ftok_cstr (key);
- rspamd_http_message_add_header_len (msg, url_str,
- value->begin, value->len);
- g_free (url_str);
- }
-
- g_hash_table_unref (query_args);
- }
-
- return cmd->handler (conn_ent, msg, cmd->ctx);
- }
-
- static int
- rspamd_controller_handle_plugins (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_plugin_cbdata *cbd;
- GHashTableIter it;
- gpointer k, v;
- ucl_object_t *plugins;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg,
- FALSE)) {
- return 0;
- }
-
- plugins = ucl_object_typed_new (UCL_OBJECT);
- g_hash_table_iter_init (&it, session->ctx->plugins);
-
- while (g_hash_table_iter_next (&it, &k, &v)) {
- ucl_object_t *elt, *npath;
-
- cbd = v;
- elt = (ucl_object_t *)ucl_object_lookup (plugins, cbd->plugin);
-
- if (elt == NULL) {
- elt = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (elt, ucl_object_fromint (cbd->version),
- "version", 0, false);
- npath = ucl_object_typed_new (UCL_ARRAY);
- ucl_object_insert_key (elt, npath, "paths", 0, false);
- ucl_object_insert_key (plugins, elt, cbd->plugin, 0, false);
- }
- else {
- npath = (ucl_object_t *)ucl_object_lookup (elt, "paths");
- }
-
- g_assert (npath != NULL);
- rspamd_ftok_t *key_tok = (rspamd_ftok_t *)k;
- ucl_array_append (npath, ucl_object_fromlstring (key_tok->begin, key_tok->len));
- }
-
- rspamd_controller_send_ucl (conn_ent, plugins);
- ucl_object_unref (plugins);
-
- return 0;
- }
-
- static int
- rspamd_controller_handle_ping (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_http_message *rep_msg;
- rspamd_fstring_t *reply;
-
- rep_msg = rspamd_http_new_message (HTTP_RESPONSE);
- rep_msg->date = time (NULL);
- rep_msg->code = 200;
- rep_msg->status = rspamd_fstring_new_init ("OK", 2);
- reply = rspamd_fstring_new_init ("pong" CRLF, strlen ("pong" CRLF));
- rspamd_http_message_set_body_from_fstring_steal (rep_msg, reply);
- rspamd_http_connection_reset (conn_ent->conn);
- rspamd_http_router_insert_headers (conn_ent->rt, rep_msg);
- rspamd_http_connection_write_message (conn_ent->conn,
- rep_msg,
- NULL,
- "text/plain",
- conn_ent,
- conn_ent->rt->timeout);
- conn_ent->is_reply = TRUE;
-
- return 0;
- }
-
- /*
- * Called on unknown methods and is used to deal with CORS as per
- * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
- */
- static int
- rspamd_controller_handle_unknown (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_http_message *rep;
-
- if (msg->method == HTTP_OPTIONS) {
- /* Assume CORS request */
-
- rep = rspamd_http_new_message (HTTP_RESPONSE);
- rep->date = time (NULL);
- rep->code = 200;
- rep->status = rspamd_fstring_new_init ("OK", 2);
- rspamd_http_message_add_header (rep, "Access-Control-Allow-Methods",
- "POST, GET, OPTIONS");
- rspamd_http_message_add_header (rep, "Access-Control-Allow-Headers",
- "Content-Type,Password,Map,Weight,Flag");
- rspamd_http_connection_reset (conn_ent->conn);
- rspamd_http_router_insert_headers (conn_ent->rt, rep);
- rspamd_http_connection_write_message (conn_ent->conn,
- rep,
- NULL,
- "text/plain",
- conn_ent,
- conn_ent->rt->timeout);
- conn_ent->is_reply = TRUE;
- }
- else {
- rep = rspamd_http_new_message (HTTP_RESPONSE);
- rep->date = time (NULL);
- rep->code = 500;
- rep->status = rspamd_fstring_new_init ("Invalid method",
- strlen ("Invalid method"));
- rspamd_http_connection_reset (conn_ent->conn);
- rspamd_http_router_insert_headers (conn_ent->rt, rep);
- rspamd_http_connection_write_message (conn_ent->conn,
- rep,
- NULL,
- "text/plain",
- conn_ent,
- conn_ent->rt->timeout);
- conn_ent->is_reply = TRUE;
- }
-
- return 0;
- }
-
- static int
- rspamd_controller_handle_lua_plugin (struct rspamd_http_connection_entry *conn_ent,
- struct rspamd_http_message *msg)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
- struct rspamd_controller_plugin_cbdata *cbd;
- struct rspamd_task *task, **ptask;
- struct rspamd_http_connection_entry **pconn;
- struct rspamd_controller_worker_ctx *ctx;
- lua_State *L;
- struct http_parser_url u;
- rspamd_ftok_t lookup;
-
-
- http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);
-
- if (u.field_set & (1 << UF_PATH)) {
- gsize unnorm_len;
- lookup.begin = msg->url->str + u.field_data[UF_PATH].off;
- lookup.len = u.field_data[UF_PATH].len;
-
- rspamd_http_normalize_path_inplace ((gchar *)lookup.begin,
- lookup.len,
- &unnorm_len);
- lookup.len = unnorm_len;
- }
- else {
- lookup.begin = msg->url->str;
- lookup.len = msg->url->len;
- }
-
- cbd = g_hash_table_lookup (session->ctx->plugins, &lookup);
-
- if (cbd == NULL || cbd->handler == NULL) {
- msg_err_session ("plugin handler %T has not been found", &lookup);
- rspamd_controller_send_error (conn_ent, 404, "No command associated");
- return 0;
- }
-
- L = cbd->L;
- ctx = cbd->ctx;
-
- if (!rspamd_controller_check_password (conn_ent, session, msg,
- cbd->is_enable)) {
- return 0;
- }
- if (cbd->need_task && (rspamd_http_message_get_body (msg, NULL) == NULL)) {
- msg_err_session ("got zero length body, cannot continue");
- rspamd_controller_send_error (conn_ent,
- 400,
- "Empty body is not permitted");
- return 0;
- }
-
- task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,
- ctx->lang_det, ctx->event_loop, FALSE);
-
- task->resolver = ctx->resolver;
- task->s = rspamd_session_create (session->pool,
- rspamd_controller_lua_fin_task,
- NULL,
- (event_finalizer_t )rspamd_task_free,
- task);
- task->fin_arg = conn_ent;
- task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;
- task->sock = -1;
- session->task = task;
-
- if (msg->body_buf.len > 0) {
- if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {
- rspamd_controller_send_error (conn_ent, task->err->code, "%s",
- task->err->message);
- return 0;
- }
- }
-
- /* Callback */
- lua_rawgeti (L, LUA_REGISTRYINDEX, cbd->handler->idx);
-
- /* Task */
- ptask = lua_newuserdata (L, sizeof (*ptask));
- rspamd_lua_setclass (L, "rspamd{task}", -1);
- *ptask = task;
-
- /* Connection */
- pconn = lua_newuserdata (L, sizeof (*pconn));
- rspamd_lua_setclass (L, "rspamd{csession}", -1);
- *pconn = conn_ent;
-
- /* Query arguments */
- GHashTable *params;
- GHashTableIter it;
- gpointer k, v;
-
- params = rspamd_http_message_parse_query (msg);
- lua_createtable (L, g_hash_table_size (params), 0);
- g_hash_table_iter_init (&it, params);
-
- while (g_hash_table_iter_next (&it, &k, &v)) {
- rspamd_ftok_t *key_tok = (rspamd_ftok_t *)k,
- *value_tok = (rspamd_ftok_t *)v;
-
- lua_pushlstring (L, key_tok->begin, key_tok->len);
- /* TODO: consider rspamd_text here */
- lua_pushlstring (L, value_tok->begin, value_tok->len);
- lua_settable (L, -3);
- }
-
- g_hash_table_unref (params);
-
- if (lua_pcall (L, 3, 0, 0) != 0) {
- rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",
- lua_tostring (L, -1));
- lua_settop (L, 0);
-
- return 0;
- }
-
- rspamd_session_pending (task->s);
-
- return 0;
- }
-
-
- static void
- rspamd_controller_error_handler (struct rspamd_http_connection_entry *conn_ent,
- GError *err)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- msg_err_session ("http error occurred: %s", err->message);
- }
-
- static void
- rspamd_controller_finish_handler (struct rspamd_http_connection_entry *conn_ent)
- {
- struct rspamd_controller_session *session = conn_ent->ud;
-
- session->ctx->worker->srv->stat->control_connections_count++;
-
- if (session->task != NULL) {
- rspamd_session_destroy (session->task->s);
- }
-
- session->wrk->nconns --;
- rspamd_inet_address_free (session->from_addr);
- REF_RELEASE (session->cfg);
-
- if (session->pool) {
- msg_debug_session ("destroy session %p", session);
- rspamd_mempool_delete (session->pool);
- }
-
- g_free (session);
- }
-
- static void
- rspamd_controller_accept_socket (EV_P_ ev_io *w, int revents)
- {
- struct rspamd_worker *worker = (struct rspamd_worker *)w->data;
- struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_controller_session *session;
- rspamd_inet_addr_t *addr = NULL;
- gint nfd;
-
- ctx = worker->ctx;
-
- if ((nfd =
- rspamd_accept_from_socket (w->fd, &addr,
- rspamd_worker_throttle_accept_events, worker->accept_events)) == -1) {
- msg_warn_ctx ("accept failed: %s", strerror (errno));
- return;
- }
- /* Check for EAGAIN */
- if (nfd == 0) {
- rspamd_inet_address_free (addr);
- return;
- }
-
- session = g_malloc0 (sizeof (struct rspamd_controller_session));
- session->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (),
- "csession", 0);
- session->ctx = ctx;
- session->cfg = ctx->cfg;
- session->lang_det = ctx->lang_det;
- REF_RETAIN (session->cfg);
-
- session->from_addr = addr;
- session->wrk = worker;
- worker->nconns ++;
-
- rspamd_http_router_handle_socket (ctx->http, nfd, session);
- }
-
- static void
- rspamd_controller_password_sane (struct rspamd_controller_worker_ctx *ctx,
- const gchar *password, const gchar *type)
- {
- const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0];
-
- if (password == NULL) {
- msg_warn_ctx ("%s is not set, so you should filter controller "
- "availability "
- "by using of firewall or `secure_ip` option", type);
- return;
- }
-
- g_assert (pbkdf != NULL);
-
- if (!rspamd_is_encrypted_password (password, NULL)) {
- /* Suggest encryption to a user */
-
- msg_warn_ctx ("your %s is not encrypted, we strongly "
- "recommend to replace it with the encrypted one", type);
- }
- }
-
- gpointer
- init_controller_worker (struct rspamd_config *cfg)
- {
- struct rspamd_controller_worker_ctx *ctx;
- GQuark type;
-
- type = g_quark_try_string ("controller");
-
- ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,
- sizeof (struct rspamd_controller_worker_ctx));
-
- ctx->magic = rspamd_controller_ctx_magic;
- ctx->timeout = DEFAULT_WORKER_IO_TIMEOUT;
- ctx->task_timeout = NAN;
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "password",
- rspamd_rcl_parse_struct_string,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, password),
- 0,
- "Password for read-only commands");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "enable_password",
- rspamd_rcl_parse_struct_string,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,
- enable_password),
- 0,
- "Password for read and write commands");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "ssl",
- rspamd_rcl_parse_struct_boolean,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, use_ssl),
- 0,
- "Unimplemented");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "ssl_cert",
- rspamd_rcl_parse_struct_string,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_cert),
- 0,
- "Unimplemented");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "ssl_key",
- rspamd_rcl_parse_struct_string,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_key),
- 0,
- "Unimplemented");
- rspamd_rcl_register_worker_option (cfg,
- type,
- "timeout",
- rspamd_rcl_parse_struct_time,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,
- timeout),
- RSPAMD_CL_FLAG_TIME_FLOAT,
- "Protocol timeout");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "secure_ip",
- rspamd_rcl_parse_struct_ucl,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),
- 0,
- "List of IP addresses that are allowed for password-less access");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "trusted_ips",
- rspamd_rcl_parse_struct_ucl,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),
- 0,
- "List of IP addresses that are allowed for password-less access");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "static_dir",
- rspamd_rcl_parse_struct_string,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,
- static_files_dir),
- 0,
- "Directory for static files served by controller's HTTP server");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "keypair",
- rspamd_rcl_parse_struct_keypair,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,
- key),
- 0,
- "Encryption keypair");
-
- rspamd_rcl_register_worker_option (cfg,
- type,
- "task_timeout",
- rspamd_rcl_parse_struct_time,
- ctx,
- G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,
- task_timeout),
- RSPAMD_CL_FLAG_TIME_FLOAT,
- "Maximum task processing time, default: 8.0 seconds");
-
- return ctx;
- }
-
- /* Lua bindings */
- LUA_FUNCTION_DEF (csession, get_ev_base);
- LUA_FUNCTION_DEF (csession, get_cfg);
- LUA_FUNCTION_DEF (csession, send_ucl);
- LUA_FUNCTION_DEF (csession, send_string);
- LUA_FUNCTION_DEF (csession, send_error);
-
- static const struct luaL_reg lua_csessionlib_m[] = {
- LUA_INTERFACE_DEF (csession, get_ev_base),
- LUA_INTERFACE_DEF (csession, get_cfg),
- LUA_INTERFACE_DEF (csession, send_ucl),
- LUA_INTERFACE_DEF (csession, send_string),
- LUA_INTERFACE_DEF (csession, send_error),
- {"__tostring", rspamd_lua_class_tostring},
- {NULL, NULL}
- };
-
- /* Basic functions of LUA API for worker object */
- static void
- luaopen_controller (lua_State * L)
- {
- rspamd_lua_new_class (L, "rspamd{csession}", lua_csessionlib_m);
- lua_pop (L, 1);
- }
-
- struct rspamd_http_connection_entry *
- lua_check_controller_entry (lua_State * L, gint pos)
- {
- void *ud = rspamd_lua_check_udata (L, pos, "rspamd{csession}");
- luaL_argcheck (L, ud != NULL, pos, "'csession' expected");
- return ud ? *((struct rspamd_http_connection_entry **)ud) : NULL;
- }
-
- static int
- lua_csession_get_ev_base (lua_State *L)
- {
- struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);
- struct ev_loop **pbase;
- struct rspamd_controller_session *s;
-
- if (c) {
- s = c->ud;
- pbase = lua_newuserdata (L, sizeof (struct ev_loop *));
- rspamd_lua_setclass (L, "rspamd{ev_base}", -1);
- *pbase = s->ctx->event_loop;
- }
- else {
- return luaL_error (L, "invalid arguments");
- }
-
- return 1;
- }
-
- static int
- lua_csession_get_cfg (lua_State *L)
- {
- struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);
- struct rspamd_config **pcfg;
- struct rspamd_controller_session *s;
-
- if (c) {
- s = c->ud;
- pcfg = lua_newuserdata (L, sizeof (gpointer));
- rspamd_lua_setclass (L, "rspamd{config}", -1);
- *pcfg = s->ctx->cfg;
- }
- else {
- return luaL_error (L, "invalid arguments");
- }
-
- return 1;
- }
-
- static int
- lua_csession_send_ucl (lua_State *L)
- {
- struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);
- ucl_object_t *obj = ucl_object_lua_import_escape (L, 2);
-
- if (c) {
- rspamd_controller_send_ucl (c, obj);
- }
- else {
- ucl_object_unref (obj);
- return luaL_error (L, "invalid arguments");
- }
-
- ucl_object_unref (obj);
-
- return 0;
- }
-
- static int
- lua_csession_send_error (lua_State *L)
- {
- struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);
- guint err_code = lua_tonumber (L, 2);
- const gchar *err_str = lua_tostring (L, 3);
-
- if (c) {
- rspamd_controller_send_error (c, err_code, "%s", err_str);
- }
- else {
- return luaL_error (L, "invalid arguments");
- }
-
- return 0;
- }
-
- static int
- lua_csession_send_string (lua_State *L)
- {
- struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);
- const gchar *str = lua_tostring (L, 2);
-
- if (c) {
- rspamd_controller_send_string (c, str);
- }
- else {
- return luaL_error (L, "invalid arguments");
- }
-
- return 0;
- }
-
- static void
- rspamd_plugin_cbdata_dtor (gpointer p)
- {
- struct rspamd_controller_plugin_cbdata *cbd = p;
-
- g_free (cbd->plugin);
- ucl_object_unref (cbd->obj); /* This also releases lua references */
- g_free (cbd);
- }
-
- static void
- rspamd_controller_register_plugin_path (lua_State *L,
- struct rspamd_controller_worker_ctx *ctx,
- const ucl_object_t *webui_data,
- const ucl_object_t *handler,
- const gchar *path,
- const gchar *plugin_name)
- {
- struct rspamd_controller_plugin_cbdata *cbd;
- const ucl_object_t *elt;
- rspamd_fstring_t *full_path;
-
- cbd = g_malloc0 (sizeof (*cbd));
- cbd->L = L;
- cbd->ctx = ctx;
- cbd->handler = ucl_object_toclosure (handler);
- cbd->plugin = g_strdup (plugin_name);
- cbd->obj = ucl_object_ref (webui_data);
-
- elt = ucl_object_lookup (webui_data, "version");
-
- if (elt) {
- cbd->version = ucl_object_toint (elt);
- }
-
- elt = ucl_object_lookup (webui_data, "enable");
-
- if (elt && ucl_object_toboolean (elt)) {
- cbd->is_enable = TRUE;
- }
-
- elt = ucl_object_lookup (webui_data, "need_task");
-
- if (elt && !!ucl_object_toboolean (elt)) {
- cbd->need_task = TRUE;
- }
-
- full_path = rspamd_fstring_new_init ("/plugins/", sizeof ("/plugins/") - 1);
- /* Zero terminated */
- rspamd_printf_fstring (&full_path, "%s/%s%c",
- plugin_name, path, '\0');
-
- rspamd_http_router_add_path (ctx->http,
- full_path->str,
- rspamd_controller_handle_lua_plugin);
- rspamd_ftok_t *key_tok = rspamd_ftok_map (full_path);
- /* Truncate stupid \0 symbol to enable lookup */
- key_tok->len --;
- g_hash_table_insert (ctx->plugins, key_tok, cbd);
- }
-
- static void
- rspamd_controller_register_plugins_paths (struct rspamd_controller_worker_ctx *ctx)
- {
- lua_State *L = ctx->cfg->lua_state;
- ucl_object_t *webui_data;
- const ucl_object_t *handler_obj, *cur;
- ucl_object_iter_t it = NULL;
-
- lua_getglobal (L, "rspamd_plugins");
-
- if (lua_istable (L, -1)) {
-
- for (lua_pushnil (L); lua_next (L, -2); lua_pop (L, 2)) {
- lua_pushvalue (L, -2); /* Store key */
-
- lua_pushstring (L, "webui");
- lua_gettable (L, -3); /* value is at -3 index */
-
- if (lua_istable (L, -1)) {
- webui_data = ucl_object_lua_import_escape (L, -1);
-
- while ((cur = ucl_object_iterate (webui_data, &it, true)) != NULL) {
- handler_obj = ucl_object_lookup (cur, "handler");
-
- if (handler_obj && ucl_object_key (cur)) {
- rspamd_controller_register_plugin_path (L, ctx,
- cur, handler_obj, ucl_object_key (cur),
- lua_tostring (L, -2));
- }
- else {
- msg_err_ctx ("bad webui definition for plugin: %s",
- lua_tostring (L, -2));
- }
- }
-
- ucl_object_unref (webui_data);
- }
-
- lua_pop (L, 1); /* remove table value */
- }
- }
-
- lua_pop (L, 1); /* rspamd_plugins global */
- }
-
- static void
- rspamd_controller_health_rep (struct rspamd_worker *worker,
- struct rspamd_srv_reply *rep, gint rep_fd,
- gpointer ud)
- {
- struct rspamd_controller_worker_ctx *ctx = (struct rspamd_controller_worker_ctx *)ud;
-
- ctx->workers_count = rep->reply.health.workers_count;
- ctx->scanners_count = rep->reply.health.scanners_count;
- ctx->workers_hb_lost = rep->reply.health.workers_hb_lost;
-
- ev_timer_again (ctx->event_loop, &ctx->health_check_timer);
- }
-
- static void
- rspamd_controller_health_timer (EV_P_ ev_timer *w, int revents)
- {
- struct rspamd_controller_worker_ctx *ctx = (struct rspamd_controller_worker_ctx *)w->data;
- struct rspamd_srv_command srv_cmd;
-
- memset (&srv_cmd, 0, sizeof (srv_cmd));
- srv_cmd.type = RSPAMD_SRV_HEALTH;
- rspamd_srv_send_command (ctx->worker, ctx->event_loop, &srv_cmd, -1,
- rspamd_controller_health_rep, ctx);
- ev_timer_stop (EV_A_ w);
- }
-
- /*
- * Start worker process
- */
- __attribute__((noreturn))
- void
- start_controller_worker (struct rspamd_worker *worker)
- {
- struct rspamd_controller_worker_ctx *ctx = worker->ctx;
- struct module_ctx *mctx;
- GHashTableIter iter;
- gpointer key, value;
- guint i;
- gpointer m;
-
- g_assert (rspamd_worker_check_context (worker->ctx, rspamd_controller_ctx_magic));
- ctx->event_loop = rspamd_prepare_worker (worker,
- "controller",
- rspamd_controller_accept_socket);
-
- ctx->start_time = ev_time ();
- ctx->worker = worker;
- ctx->cfg = worker->srv->cfg;
- ctx->srv = worker->srv;
- ctx->custom_commands = g_hash_table_new (rspamd_strcase_hash,
- rspamd_strcase_equal);
- ctx->plugins = g_hash_table_new_full (rspamd_ftok_icase_hash,
- rspamd_ftok_icase_equal, rspamd_fstring_mapped_ftok_free,
- rspamd_plugin_cbdata_dtor);
-
- if (isnan (ctx->task_timeout)) {
- if (isnan (ctx->cfg->task_timeout)) {
- ctx->task_timeout = 0;
- }
- else {
- ctx->task_timeout = ctx->cfg->task_timeout;
- }
- }
-
- if (ctx->secure_ip != NULL) {
- rspamd_config_radix_from_ucl (ctx->cfg, ctx->secure_ip,
- "Allow unauthenticated requests from these addresses",
- &ctx->secure_map,
- NULL,
- worker, "controller secure ip");
- }
-
- ctx->lang_det = ctx->cfg->lang_det;
-
- rspamd_controller_password_sane (ctx, ctx->password, "normal password");
- rspamd_controller_password_sane (ctx, ctx->enable_password, "enable "
- "password");
-
- /* Accept event */
- ctx->http_ctx = rspamd_http_context_create (ctx->cfg, ctx->event_loop,
- ctx->cfg->ups_ctx);
- rspamd_mempool_add_destructor (ctx->cfg->cfg_pool,
- (rspamd_mempool_destruct_t)rspamd_http_context_free,
- ctx->http_ctx);
- ctx->http = rspamd_http_router_new (rspamd_controller_error_handler,
- rspamd_controller_finish_handler, ctx->timeout,
- ctx->static_files_dir, ctx->http_ctx);
-
- /* Add callbacks for different methods */
- rspamd_http_router_add_path (ctx->http,
- PATH_AUTH,
- rspamd_controller_handle_auth);
- rspamd_http_router_add_path (ctx->http,
- PATH_SYMBOLS,
- rspamd_controller_handle_symbols);
- rspamd_http_router_add_path (ctx->http,
- PATH_ACTIONS,
- rspamd_controller_handle_actions);
- rspamd_http_router_add_path (ctx->http,
- PATH_MAPS,
- rspamd_controller_handle_maps);
- rspamd_http_router_add_path (ctx->http,
- PATH_GET_MAP,
- rspamd_controller_handle_get_map);
- rspamd_http_router_add_path (ctx->http,
- PATH_PIE_CHART,
- rspamd_controller_handle_pie_chart);
- rspamd_http_router_add_path (ctx->http,
- PATH_GRAPH,
- rspamd_controller_handle_graph);
- rspamd_http_router_add_path (ctx->http,
- PATH_HEALTHY,
- rspamd_controller_handle_healthy);
- rspamd_http_router_add_path (ctx->http,
- PATH_READY,
- rspamd_controller_handle_ready);
- rspamd_http_router_add_path (ctx->http,
- PATH_HISTORY,
- rspamd_controller_handle_history);
- rspamd_http_router_add_path (ctx->http,
- PATH_HISTORY_RESET,
- rspamd_controller_handle_history_reset);
- rspamd_http_router_add_path (ctx->http,
- PATH_LEARN_SPAM,
- rspamd_controller_handle_learnspam);
- rspamd_http_router_add_path (ctx->http,
- PATH_LEARN_HAM,
- rspamd_controller_handle_learnham);
- rspamd_http_router_add_path (ctx->http,
- PATH_METRICS,
- rspamd_controller_handle_metrics);
- rspamd_http_router_add_path (ctx->http,
- PATH_SAVE_ACTIONS,
- rspamd_controller_handle_saveactions);
- rspamd_http_router_add_path (ctx->http,
- PATH_SAVE_SYMBOLS,
- rspamd_controller_handle_savesymbols);
- rspamd_http_router_add_path (ctx->http,
- PATH_SAVE_MAP,
- rspamd_controller_handle_savemap);
- rspamd_http_router_add_path (ctx->http,
- PATH_SCAN,
- rspamd_controller_handle_scan);
- rspamd_http_router_add_path (ctx->http,
- PATH_CHECK,
- rspamd_controller_handle_scan);
- rspamd_http_router_add_path (ctx->http,
- PATH_CHECKV2,
- rspamd_controller_handle_scan);
- rspamd_http_router_add_path (ctx->http,
- PATH_STAT,
- rspamd_controller_handle_stat);
- rspamd_http_router_add_path (ctx->http,
- PATH_STAT_RESET,
- rspamd_controller_handle_statreset);
- rspamd_http_router_add_path (ctx->http,
- PATH_COUNTERS,
- rspamd_controller_handle_counters);
- rspamd_http_router_add_path (ctx->http,
- PATH_ERRORS,
- rspamd_controller_handle_errors);
- rspamd_http_router_add_path (ctx->http,
- PATH_NEIGHBOURS,
- rspamd_controller_handle_neighbours);
- rspamd_http_router_add_path (ctx->http,
- PATH_PLUGINS,
- rspamd_controller_handle_plugins);
- rspamd_http_router_add_path (ctx->http,
- PATH_PING,
- rspamd_controller_handle_ping);
- rspamd_controller_register_plugins_paths (ctx);
-
- #if 0
- rspamd_regexp_t *lua_re = rspamd_regexp_new ("^/.*/.*\\.lua$", NULL, NULL);
- rspamd_http_router_add_regexp (ctx->http, lua_re,
- rspamd_controller_handle_lua);
- rspamd_regexp_unref (lua_re);
- #endif
- luaopen_controller (ctx->cfg->lua_state);
-
- if (ctx->key) {
- rspamd_http_router_set_key (ctx->http, ctx->key);
- }
-
- PTR_ARRAY_FOREACH (ctx->cfg->c_modules, i, mctx) {
- if (mctx->mod->module_attach_controller_func != NULL) {
- mctx->mod->module_attach_controller_func (mctx,
- ctx->custom_commands);
- }
- }
-
- g_hash_table_iter_init (&iter, ctx->custom_commands);
- while (g_hash_table_iter_next (&iter, &key, &value)) {
- rspamd_http_router_add_path (ctx->http,
- key,
- rspamd_controller_handle_custom);
- }
-
- if (worker->srv->cfg->neighbours && worker->srv->cfg->neighbours->len > 0) {
- rspamd_http_router_add_header (ctx->http,
- "Access-Control-Allow-Origin", "*");
- }
-
- /* Disable all results caching, see #3330 */
- rspamd_http_router_add_header (ctx->http,
- "Cache-Control", "no-store");
-
- rspamd_http_router_set_unknown_handler (ctx->http,
- rspamd_controller_handle_unknown);
-
- ctx->resolver = rspamd_dns_resolver_init (worker->srv->logger,
- ctx->event_loop,
- worker->srv->cfg);
-
- rspamd_upstreams_library_config (worker->srv->cfg, worker->srv->cfg->ups_ctx,
- ctx->event_loop, ctx->resolver->r);
- rspamd_symcache_start_refresh (worker->srv->cfg->cache, ctx->event_loop,
- worker);
- rspamd_stat_init (worker->srv->cfg, ctx->event_loop);
- rspamd_worker_init_controller (worker, &ctx->rrd);
- rspamd_lua_run_postloads (ctx->cfg->lua_state, ctx->cfg, ctx->event_loop, worker);
-
- /* TODO: maybe make it configurable */
- ev_timer_init (&ctx->health_check_timer, rspamd_controller_health_timer,
- 1.0, 60.0);
- ctx->health_check_timer.data = ctx;
- ev_timer_start (ctx->event_loop, &ctx->health_check_timer);
-
- #ifdef WITH_HYPERSCAN
- rspamd_control_worker_add_cmd_handler (worker,
- RSPAMD_CONTROL_HYPERSCAN_LOADED,
- rspamd_worker_hyperscan_ready,
- NULL);
- #endif
-
- /* Start event loop */
- ev_loop (ctx->event_loop, 0);
- rspamd_worker_block_signals ();
- rspamd_controller_on_terminate (worker, ctx->rrd);
-
- rspamd_stat_close ();
- rspamd_http_router_free (ctx->http);
-
- if (ctx->cached_password.len > 0) {
- m = (gpointer)ctx->cached_password.begin;
- munmap (m, ctx->cached_password.len);
- }
-
- if (ctx->cached_enable_password.len > 0) {
- m = (gpointer) ctx->cached_enable_password.begin;
- munmap (m, ctx->cached_enable_password.len);
- }
-
- g_hash_table_unref (ctx->plugins);
- g_hash_table_unref (ctx->custom_commands);
-
- REF_RELEASE (ctx->cfg);
- rspamd_log_close (worker->srv->logger);
-
- exit (EXIT_SUCCESS);
- }
|