mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3096 Commits
29 Branches
Tree: 82f9e6dff5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82f9e6dff5'
${ noResults }
rspamd/src/controller.c

controller.c 46KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711 
  1. /* Copyright (c) 2010-2012, Vsevolod Stakhov

  2.  * All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions are met:

  6.  *       * Redistributions of source code must retain the above copyright

  7.  *         notice, this list of conditions and the following disclaimer.

  8.  *       * Redistributions in binary form must reproduce the above copyright

  9.  *         notice, this list of conditions and the following disclaimer in the

  10.  *         documentation and/or other materials provided with the distribution.

  11.  *

  12.  * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY

  13.  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

  14.  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  15.  * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY

  16.  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

  17.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  18.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

  19.  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  20.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

  21.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  22.  */

  23. 

  24. 

  25. #include "config.h"

  26. #include "libserver/dynamic_cfg.h"

  27. #include "libutil/rrd.h"

  28. #include "libutil/map.h"

  29. #include "libstat/stat_api.h"

  30. #include "main.h"

  31. 

  32. #ifdef WITH_GPERF_TOOLS

  33. #   include <glib/gprintf.h>

  34. #endif

  35. 

  36. /* 60 seconds for worker's IO */

  37. #define DEFAULT_WORKER_IO_TIMEOUT 60000

  38. 

  39. /* HTTP paths */

  40. #define PATH_AUTH "/auth"

  41. #define PATH_SYMBOLS "/symbols"

  42. #define PATH_ACTIONS "/actions"

  43. #define PATH_MAPS "/maps"

  44. #define PATH_GET_MAP "/getmap"

  45. #define PATH_GRAPH "/graph"

  46. #define PATH_PIE_CHART "/pie"

  47. #define PATH_HISTORY "/history"

  48. #define PATH_LEARN_SPAM "/learnspam"

  49. #define PATH_LEARN_HAM "/learnham"

  50. #define PATH_SAVE_ACTIONS "/saveactions"

  51. #define PATH_SAVE_SYMBOLS "/savesymbols"

  52. #define PATH_SAVE_MAP "/savemap"

  53. #define PATH_SCAN "/scan"

  54. #define PATH_CHECK "/check"

  55. #define PATH_STAT "/stat"

  56. #define PATH_STAT_RESET "/statreset"

  57. #define PATH_COUNTERS "/counters"

  58. 

  59. /* Graph colors */

  60. #define COLOR_CLEAN "#58A458"

  61. #define COLOR_PROBABLE_SPAM "#D67E7E"

  62. #define COLOR_GREYLIST "#A0A0A0"

  63. #define COLOR_REJECT "#CB4B4B"

  64. #define COLOR_TOTAL "#9440ED"

  65. 

  66. gpointer init_controller_worker (struct rspamd_config *cfg);

  67. void start_controller_worker (struct rspamd_worker *worker);

  68. 

  69. worker_t controller_worker = {

  70. 	"controller",                   /* Name */

  71. 	init_controller_worker,         /* Init function */

  72. 	start_controller_worker,        /* Start function */

  73. 	TRUE,                   /* Has socket */

  74. 	TRUE,                   /* Non unique */

  75. 	FALSE,                  /* Non threaded */

  76. 	TRUE,                   /* Killable */

  77. 	SOCK_STREAM             /* TCP socket */

  78. };

  79. /*

  80.  * Worker's context

  81.  */

  82. struct rspamd_controller_worker_ctx {

  83. 	guint32 timeout;

  84. 	struct timeval io_tv;

  85. 	/* DNS resolver */

  86. 	struct rspamd_dns_resolver *resolver;

  87. 	/* Events base */

  88. 	struct event_base *ev_base;

  89. 	/* Whether we use ssl for this server */

  90. 	gboolean use_ssl;

  91. 	/* Webui password */

  92. 	gchar *password;

  93. 	/* Privilleged password */

  94. 	gchar *enable_password;

  95. 	/* HTTP server */

  96. 	struct rspamd_http_connection_router *http;

  97. 	/* Server's start time */

  98. 	time_t start_time;

  99. 	/* Main server */

  100. 	struct rspamd_main *srv;

  101. 	/* Configuration */

  102. 	struct rspamd_config *cfg;

  103. 	/* SSL cert */

  104. 	gchar *ssl_cert;

  105. 	/* SSL private key */

  106. 	gchar *ssl_key;

  107. 	/* A map of secure IP */

  108. 	gchar *secure_ip;

  109. 	radix_compressed_t *secure_map;

  110. 

  111. 	/* Static files dir */

  112. 	gchar *static_files_dir;

  113. 

  114. 	/* Custom commands registered by plugins */

  115. 	GHashTable *custom_commands;

  116. 

  117. 	/* Worker */

  118. 	struct rspamd_worker *worker;

  119. 

  120. 	/* Local keypair */

  121. 	gpointer key;

  122. };

  123. 

  124. struct rspamd_controller_session {

  125. 	struct rspamd_controller_worker_ctx *ctx;

  126. 	rspamd_mempool_t *pool;

  127. 	struct rspamd_task *task;

  128. 	struct rspamd_classifier_config *cl;

  129. 	rspamd_inet_addr_t from_addr;

  130. 	gboolean is_spam;

  131. };

  132. 

  133. /* Check for password if it is required by configuration */

  134. static gboolean

  135. rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,

  136. 	struct rspamd_controller_session *session, struct rspamd_http_message *msg,

  137. 	gboolean is_enable)

  138. {

  139. 	const gchar *password, *check;

  140. 	struct rspamd_controller_worker_ctx *ctx = session->ctx;

  141. 	gboolean ret = TRUE;

  142. 

  143. 	/* Access list logic */

  144. 	if (!session->from_addr.af == AF_UNIX) {

  145. 		msg_info ("allow unauthorized connection from a unix socket");

  146. 		return TRUE;

  147. 	}

  148. 	else if (ctx->secure_map && radix_find_compressed_addr (ctx->secure_map,

  149. 		&session->from_addr) != RADIX_NO_VALUE) {

  150. 		msg_info ("allow unauthorized connection from a trusted IP %s",

  151. 			rspamd_inet_address_to_string (&session->from_addr));

  152. 		return TRUE;

  153. 	}

  154. 

  155. 	/* Password logic */

  156. 	if (is_enable) {

  157. 		/* For privileged commands we strictly require enable password */

  158. 		password = rspamd_http_message_find_header (msg, "Password");

  159. 		if (ctx->enable_password == NULL) {

  160. 			/* Use just a password (legacy mode) */

  161. 			msg_info (

  162. 				"using password as enable_password for a privileged command");

  163. 			check = ctx->password;

  164. 		}

  165. 		else {

  166. 			check = ctx->enable_password;

  167. 		}

  168. 		if (check != NULL) {

  169. 			if (password == NULL || strcmp (password, check) != 0) {

  170. 				msg_info ("incorrect or absent password has been specified");

  171. 				ret = FALSE;

  172. 			}

  173. 		}

  174. 		else {

  175. 			msg_warn (

  176. 				"no password to check while executing a privileged command");

  177. 			if (ctx->secure_map) {

  178. 				msg_info ("deny unauthorized connection");

  179. 				ret = FALSE;

  180. 			}

  181. 		}

  182. 	}

  183. 	else {

  184. 		password = rspamd_http_message_find_header (msg, "Password");

  185. 		if (ctx->password != NULL) {

  186. 			/* Accept both normal and enable passwords */

  187. 			check = ctx->password;

  188. 			if (password == NULL) {

  189. 				msg_info ("absent password has been specified");

  190. 				ret = FALSE;

  191. 			}

  192. 			else if (strcmp (password, check) != 0) {

  193. 				if (ctx->enable_password != NULL) {

  194. 					check = ctx->enable_password;

  195. 					if (strcmp (password, check) != 0) {

  196. 						msg_info ("incorrect password has been specified");

  197. 						ret = FALSE;

  198. 					}

  199. 				}

  200. 				else {

  201. 					msg_info ("incorrect or absent password has been specified");

  202. 					ret = FALSE;

  203. 				}

  204. 			}

  205. 		}

  206. 		/* No password specified, allowing this command */

  207. 	}

  208. 

  209. 

  210. 	if (!ret) {

  211. 		rspamd_controller_send_error (entry, 403, "Unauthorized");

  212. 	}

  213. 

  214. 	return ret;

  215. }

  216. 

  217. /* Command handlers */

  218. 

  219. /*

  220.  * Auth command handler:

  221.  * request: /auth

  222.  * headers: Password

  223.  * reply: json {"auth": "ok", "version": "0.5.2", "uptime": "some uptime", "error": "none"}

  224.  */

  225. static int

  226. rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,

  227. 	struct rspamd_http_message *msg)

  228. {

  229. 	struct rspamd_controller_session *session = conn_ent->ud;

  230. 	struct rspamd_stat *st;

  231. 	int64_t uptime;

  232. 	gulong data[4];

  233. 	ucl_object_t *obj;

  234. 

  235. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  236. 		return 0;

  237. 	}

  238. 

  239. 	obj = ucl_object_typed_new (UCL_OBJECT);

  240. 	st = session->ctx->srv->stat;

  241. 	data[0] = st->actions_stat[METRIC_ACTION_NOACTION];

  242. 	data[1] = st->actions_stat[METRIC_ACTION_ADD_HEADER] +

  243. 		st->actions_stat[METRIC_ACTION_REWRITE_SUBJECT];

  244. 	data[2] = st->actions_stat[METRIC_ACTION_GREYLIST];

  245. 	data[3] = st->actions_stat[METRIC_ACTION_REJECT];

  246. 

  247. 	/* Get uptime */

  248. 	uptime = time (NULL) - session->ctx->start_time;

  249. 

  250. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  251. 			RVERSION),			   "version",  0, false);

  252. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  253. 			"ok"),				   "auth",	   0, false);

  254. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  255. 			uptime),			   "uptime",   0, false);

  256. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  257. 			data[0]),			   "clean",	   0, false);

  258. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  259. 			data[1]),			   "probable", 0, false);

  260. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  261. 			data[2]),			   "greylist", 0, false);

  262. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  263. 			data[3]),			   "reject",   0, false);

  264. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  265. 			st->messages_scanned), "scanned",  0, false);

  266. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  267. 			st->messages_learned), "learned",  0, false);

  268. 

  269. 	rspamd_controller_send_ucl (conn_ent, obj);

  270. 	ucl_object_unref (obj);

  271. 

  272. 	return 0;

  273. }

  274. 

  275. /*

  276.  * Symbols command handler:

  277.  * request: /symbols

  278.  * reply: json [{

  279.  *  "name": "group_name",

  280.  *  "symbols": [

  281.  *      {

  282.  *      "name": "name",

  283.  *      "weight": 0.1,

  284.  *      "description": "description of symbol"

  285.  *      },

  286.  *      {...}

  287.  * },

  288.  * {...}]

  289.  */

  290. static int

  291. rspamd_controller_handle_symbols (struct rspamd_http_connection_entry *conn_ent,

  292. 	struct rspamd_http_message *msg)

  293. {

  294. 	struct rspamd_controller_session *session = conn_ent->ud;

  295. 	GList *cur_gr, *cur_sym;

  296. 	struct rspamd_symbols_group *gr;

  297. 	struct rspamd_symbol_def *sym;

  298. 	ucl_object_t *obj, *top, *sym_obj;

  299. 

  300. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  301. 		return 0;

  302. 	}

  303. 

  304. 	top = ucl_object_typed_new (UCL_ARRAY);

  305. 

  306. 	/* Go through all symbols groups */

  307. 	cur_gr = session->ctx->cfg->symbols_groups;

  308. 	while (cur_gr) {

  309. 		gr = cur_gr->data;

  310. 		obj = ucl_object_typed_new (UCL_OBJECT);

  311. 		ucl_object_insert_key (obj, ucl_object_fromstring (

  312. 				gr->name), "group", 0, false);

  313. 		/* Iterate through all symbols */

  314. 		cur_sym = gr->symbols;

  315. 		while (cur_sym) {

  316. 			sym_obj = ucl_object_typed_new (UCL_OBJECT);

  317. 			sym = cur_sym->data;

  318. 

  319. 			ucl_object_insert_key (sym_obj, ucl_object_fromstring (sym->name),

  320. 				"symbol", 0, false);

  321. 			ucl_object_insert_key (sym_obj,

  322. 				ucl_object_fromdouble (*sym->weight_ptr),

  323. 				"weight", 0, false);

  324. 			if (sym->description) {

  325. 				ucl_object_insert_key (sym_obj,

  326. 					ucl_object_fromstring (sym->description),

  327. 					"description", 0, false);

  328. 			}

  329. 

  330. 			ucl_object_insert_key (obj, sym_obj, "rules", 0, false);

  331. 			cur_sym = g_list_next (cur_sym);

  332. 		}

  333. 		cur_gr = g_list_next (cur_gr);

  334. 		ucl_array_append (top, obj);

  335. 	}

  336. 

  337. 	rspamd_controller_send_ucl (conn_ent, top);

  338. 	ucl_object_unref (top);

  339. 

  340. 	return 0;

  341. }

  342. 

  343. /*

  344.  * Actions command handler:

  345.  * request: /actions

  346.  * reply: json [{

  347.  *  "action": "no action",

  348.  *  "value": 1.1

  349.  * },

  350.  * {...}]

  351.  */

  352. static int

  353. rspamd_controller_handle_actions (struct rspamd_http_connection_entry *conn_ent,

  354. 	struct rspamd_http_message *msg)

  355. {

  356. 	struct rspamd_controller_session *session = conn_ent->ud;

  357. 	struct metric *metric;

  358. 	struct metric_action *act;

  359. 	gint i;

  360. 	ucl_object_t *obj, *top;

  361. 

  362. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  363. 		return 0;

  364. 	}

  365. 

  366. 	top = ucl_object_typed_new (UCL_ARRAY);

  367. 

  368. 	/* Get actions for default metric */

  369. 	metric = g_hash_table_lookup (session->ctx->cfg->metrics, DEFAULT_METRIC);

  370. 	if (metric != NULL) {

  371. 		for (i = METRIC_ACTION_REJECT; i < METRIC_ACTION_MAX; i++) {

  372. 			act = &metric->actions[i];

  373. 			if (act->score >= 0) {

  374. 				obj = ucl_object_typed_new (UCL_OBJECT);

  375. 				ucl_object_insert_key (obj,

  376. 					ucl_object_fromstring (rspamd_action_to_str (

  377. 						act->action)), "action", 0, false);

  378. 				ucl_object_insert_key (obj, ucl_object_fromdouble (

  379. 						act->score), "value", 0, false);

  380. 				ucl_array_append (top, obj);

  381. 			}

  382. 		}

  383. 	}

  384. 

  385. 	rspamd_controller_send_ucl (conn_ent, top);

  386. 	ucl_object_unref (top);

  387. 

  388. 	return 0;

  389. }

  390. /*

  391.  * Maps command handler:

  392.  * request: /maps

  393.  * headers: Password

  394.  * reply: json [

  395.  *      {

  396.  *      "map": "name",

  397.  *      "description": "description",

  398.  *      "editable": true

  399.  *      },

  400.  *      {...}

  401.  * ]

  402.  */

  403. static int

  404. rspamd_controller_handle_maps (struct rspamd_http_connection_entry *conn_ent,

  405. 	struct rspamd_http_message *msg)

  406. {

  407. 	struct rspamd_controller_session *session = conn_ent->ud;

  408. 	GList *cur, *tmp = NULL;

  409. 	struct rspamd_map *map;

  410. 	gboolean editable;

  411. 	ucl_object_t *obj, *top;

  412. 

  413. 

  414. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  415. 		return 0;

  416. 	}

  417. 

  418. 	top = ucl_object_typed_new (UCL_ARRAY);

  419. 	/* Iterate over all maps */

  420. 	cur = session->ctx->cfg->maps;

  421. 	while (cur) {

  422. 		map = cur->data;

  423. 		if (map->protocol == MAP_PROTO_FILE) {

  424. 			if (access (map->uri, R_OK) == 0) {

  425. 				tmp = g_list_prepend (tmp, map);

  426. 			}

  427. 		}

  428. 		cur = g_list_next (cur);

  429. 	}

  430. 	/* Iterate over selected maps */

  431. 	cur = tmp;

  432. 	while (cur) {

  433. 		map = cur->data;

  434. 		editable = (access (map->uri, W_OK) == 0);

  435. 

  436. 		obj = ucl_object_typed_new (UCL_OBJECT);

  437. 		ucl_object_insert_key (obj,	   ucl_object_fromint (map->id),

  438. 			"map", 0, false);

  439. 		if (map->description) {

  440. 			ucl_object_insert_key (obj, ucl_object_fromstring (map->description),

  441. 					"description", 0, false);

  442. 		}

  443. 		ucl_object_insert_key (obj,	  ucl_object_frombool (editable),

  444. 			"editable", 0, false);

  445. 		ucl_array_append (top, obj);

  446. 

  447. 		cur = g_list_next (cur);

  448. 	}

  449. 

  450. 	if (tmp) {

  451. 		g_list_free (tmp);

  452. 	}

  453. 

  454. 	rspamd_controller_send_ucl (conn_ent, top);

  455. 	ucl_object_unref (top);

  456. 

  457. 	return 0;

  458. }

  459. 

  460. /*

  461.  * Get map command handler:

  462.  * request: /getmap

  463.  * headers: Password, Map

  464.  * reply: plain-text

  465.  */

  466. static int

  467. rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,

  468. 	struct rspamd_http_message *msg)

  469. {

  470. 	struct rspamd_controller_session *session = conn_ent->ud;

  471. 	GList *cur;

  472. 	struct rspamd_map *map;

  473. 	const gchar *idstr;

  474. 	gchar *errstr;

  475. 	struct stat st;

  476. 	gint fd;

  477. 	guint32 id;

  478. 	gboolean found = FALSE;

  479. 	struct rspamd_http_message *reply;

  480. 

  481. 

  482. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  483. 		return 0;

  484. 	}

  485. 

  486. 	idstr = rspamd_http_message_find_header (msg, "Map");

  487. 

  488. 	if (idstr == NULL) {

  489. 		msg_info ("absent map id");

  490. 		rspamd_controller_send_error (conn_ent, 400, "400 id header missing");

  491. 		return 0;

  492. 	}

  493. 

  494. 	id = strtoul (idstr, &errstr, 10);

  495. 	if (*errstr != '\0') {

  496. 		msg_info ("invalid map id");

  497. 		rspamd_controller_send_error (conn_ent, 400, "400 invalid map id");

  498. 		return 0;

  499. 	}

  500. 

  501. 	/* Now let's be sure that we have map defined in configuration */

  502. 	cur = session->ctx->cfg->maps;

  503. 	while (cur) {

  504. 		map = cur->data;

  505. 		if (map->id == id && map->protocol == MAP_PROTO_FILE) {

  506. 			found = TRUE;

  507. 			break;

  508. 		}

  509. 		cur = g_list_next (cur);

  510. 	}

  511. 

  512. 	if (!found) {

  513. 		msg_info ("map not found");

  514. 		rspamd_controller_send_error (conn_ent, 404, "404 map not found");

  515. 		return 0;

  516. 	}

  517. 

  518. 	if (stat (map->uri, &st) == -1 || (fd = open (map->uri, O_RDONLY)) == -1) {

  519. 		msg_err ("cannot open map %s: %s", map->uri, strerror (errno));

  520. 		rspamd_controller_send_error (conn_ent, 500, "500 map open error");

  521. 		return 0;

  522. 	}

  523. 

  524. 	reply = rspamd_http_new_message (HTTP_RESPONSE);

  525. 	reply->date = time (NULL);

  526. 	reply->code = 200;

  527. 	reply->body = g_string_sized_new (st.st_size);

  528. 

  529. 	/* Read the whole buffer */

  530. 	if (read (fd, reply->body->str, st.st_size) == -1) {

  531. 		close (fd);

  532. 		rspamd_http_message_free (reply);

  533. 		msg_err ("cannot read map %s: %s", map->uri, strerror (errno));

  534. 		rspamd_controller_send_error (conn_ent, 500, "500 map read error");

  535. 		return 0;

  536. 	}

  537. 

  538. 	reply->body->len = st.st_size;

  539. 	reply->body->str[reply->body->len] = '\0';

  540. 

  541. 	close (fd);

  542. 

  543. 	rspamd_http_connection_reset (conn_ent->conn);

  544. 	rspamd_http_connection_write_message (conn_ent->conn, reply, NULL,

  545. 		"text/plain", conn_ent, conn_ent->conn->fd,

  546. 		conn_ent->rt->ptv, conn_ent->rt->ev_base);

  547. 	conn_ent->is_reply = TRUE;

  548. 

  549. 	return 0;

  550. }

  551. 

  552. static ucl_object_t *

  553. rspamd_controller_pie_element (enum rspamd_metric_action action,

  554. 		const char *label, gdouble data)

  555. {

  556. 	ucl_object_t *res = ucl_object_typed_new (UCL_OBJECT);

  557. 	const char *colors[METRIC_ACTION_MAX] = {

  558. 		[METRIC_ACTION_REJECT] = "#993300",

  559. 		[METRIC_ACTION_SOFT_REJECT] = "#cc9966",

  560. 		[METRIC_ACTION_REWRITE_SUBJECT] = "#ff6600",

  561. 		[METRIC_ACTION_ADD_HEADER] = "#ffcc66",

  562. 		[METRIC_ACTION_GREYLIST] = "#6666cc",

  563. 		[METRIC_ACTION_NOACTION] = "#66cc00"

  564. 	};

  565. 

  566. 	ucl_object_insert_key (res, ucl_object_fromstring (colors[action]),

  567. 			"color", 0, false);

  568. 	ucl_object_insert_key (res, ucl_object_fromstring (label), "label", 0, false);

  569. 	ucl_object_insert_key (res, ucl_object_fromdouble (data), "data", 0, false);

  570. 

  571. 	return res;

  572. }

  573. 

  574. /*

  575.  * Pie chart command handler:

  576.  * request: /pie

  577.  * headers: Password

  578.  * reply: json [

  579.  *      { label: "Foo", data: 11 },

  580.  *      { label: "Bar", data: 20 },

  581.  *      {...}

  582.  * ]

  583.  */

  584. static int

  585. rspamd_controller_handle_pie_chart (

  586. 	struct rspamd_http_connection_entry *conn_ent,

  587. 	struct rspamd_http_message *msg)

  588. {

  589. 	struct rspamd_controller_session *session = conn_ent->ud;

  590. 	struct rspamd_controller_worker_ctx *ctx;

  591. 	gdouble data[5], total;

  592. 	ucl_object_t *top;

  593. 

  594. 	ctx = session->ctx;

  595. 

  596. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  597. 		return 0;

  598. 	}

  599. 

  600. 	top = ucl_object_typed_new (UCL_ARRAY);

  601. 	total = ctx->srv->stat->messages_scanned;

  602. 	if (total != 0) {

  603. 

  604. 		data[0] = ctx->srv->stat->actions_stat[METRIC_ACTION_NOACTION] / total *

  605. 			100.;

  606. 		data[1] = ctx->srv->stat->actions_stat[METRIC_ACTION_SOFT_REJECT] / total *

  607. 			100.;

  608. 		data[2] = (ctx->srv->stat->actions_stat[METRIC_ACTION_ADD_HEADER] +

  609. 			ctx->srv->stat->actions_stat[METRIC_ACTION_REWRITE_SUBJECT]) /

  610. 			total * 100.;

  611. 		data[3] = ctx->srv->stat->actions_stat[METRIC_ACTION_GREYLIST] / total *

  612. 			100.;

  613. 		data[4] = ctx->srv->stat->actions_stat[METRIC_ACTION_REJECT] / total *

  614. 			100.;

  615. 	}

  616. 	else {

  617. 		memset (data, 0, sizeof (data));

  618. 	}

  619. 	ucl_array_append (top, rspamd_controller_pie_element (

  620. 			METRIC_ACTION_NOACTION, "Clean", data[0]));

  621. 	ucl_array_append (top, rspamd_controller_pie_element (

  622. 			METRIC_ACTION_SOFT_REJECT, "Temporary rejected", data[1]));

  623. 	ucl_array_append (top, rspamd_controller_pie_element (

  624. 			METRIC_ACTION_ADD_HEADER, "Probable spam", data[2]));

  625. 	ucl_array_append (top, rspamd_controller_pie_element (

  626. 			METRIC_ACTION_GREYLIST, "Greylisted", data[3]));

  627. 	ucl_array_append (top, rspamd_controller_pie_element (

  628. 			METRIC_ACTION_REJECT, "Rejected", data[4]));

  629. 

  630. 	rspamd_controller_send_ucl (conn_ent, top);

  631. 	ucl_object_unref (top);

  632. 

  633. 	return 0;

  634. }

  635. 

  636. /*

  637.  * History command handler:

  638.  * request: /history

  639.  * headers: Password

  640.  * reply: json [

  641.  *      { label: "Foo", data: 11 },

  642.  *      { label: "Bar", data: 20 },

  643.  *      {...}

  644.  * ]

  645.  */

  646. static int

  647. rspamd_controller_handle_history (struct rspamd_http_connection_entry *conn_ent,

  648. 	struct rspamd_http_message *msg)

  649. {

  650. 	struct rspamd_controller_session *session = conn_ent->ud;

  651. 	struct rspamd_controller_worker_ctx *ctx;

  652. 	struct roll_history_row *row;

  653. 	struct roll_history copied_history;

  654. 	gint i, rows_proc, row_num;

  655. 	struct tm *tm;

  656. 	gchar timebuf[32];

  657. 	ucl_object_t *top, *obj;

  658. 

  659. 	ctx = session->ctx;

  660. 

  661. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  662. 		return 0;

  663. 	}

  664. 

  665. 	top = ucl_object_typed_new (UCL_ARRAY);

  666. 

  667. 	/* Set lock on history */

  668. 	rspamd_mempool_lock_mutex (ctx->srv->history->mtx);

  669. 	ctx->srv->history->need_lock = TRUE;

  670. 	/* Copy locked */

  671. 	memcpy (&copied_history, ctx->srv->history, sizeof (copied_history));

  672. 	rspamd_mempool_unlock_mutex (ctx->srv->history->mtx);

  673. 

  674. 	/* Go through all rows */

  675. 	row_num = copied_history.cur_row;

  676. 	for (i = 0, rows_proc = 0; i < HISTORY_MAX_ROWS; i++, row_num++) {

  677. 		if (row_num == HISTORY_MAX_ROWS) {

  678. 			row_num = 0;

  679. 		}

  680. 		row = &copied_history.rows[row_num];

  681. 		/* Get only completed rows */

  682. 		if (row->completed) {

  683. 			tm = localtime (&row->tv.tv_sec);

  684. 			strftime (timebuf, sizeof (timebuf) - 1, "%Y-%m-%d %H:%M:%S", tm);

  685. 			obj = ucl_object_typed_new (UCL_OBJECT);

  686. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  687. 					timebuf),		  "time", 0, false);

  688. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  689. 					row->message_id), "id",	  0, false);

  690. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  691. 					rspamd_inet_address_to_string (&row->from_addr)),

  692. 					"ip", 0, false);

  693. 			ucl_object_insert_key (obj,

  694. 				ucl_object_fromstring (rspamd_action_to_str (

  695. 					row->action)), "action", 0, false);

  696. 			ucl_object_insert_key (obj, ucl_object_fromdouble (

  697. 					row->score),		  "score",			0, false);

  698. 			ucl_object_insert_key (obj,

  699. 				ucl_object_fromdouble (

  700. 					row->required_score), "required_score", 0, false);

  701. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  702. 					row->symbols),		  "symbols",		0, false);

  703. 			ucl_object_insert_key (obj,	   ucl_object_fromint (

  704. 					row->len),			  "size",			0, false);

  705. 			ucl_object_insert_key (obj,	   ucl_object_fromint (

  706. 					row->scan_time),	  "scan_time",		0, false);

  707. 			if (row->user[0] != '\0') {

  708. 				ucl_object_insert_key (obj, ucl_object_fromstring (

  709. 						row->user), "user", 0, false);

  710. 			}

  711. 			ucl_array_append (top, obj);

  712. 			rows_proc++;

  713. 		}

  714. 	}

  715. 

  716. 	rspamd_controller_send_ucl (conn_ent, top);

  717. 	ucl_object_unref (top);

  718. 

  719. 	return 0;

  720. }

  721. 

  722. static gboolean

  723. rspamd_controller_learn_fin_task (void *ud)

  724. {

  725. 	struct rspamd_task *task = ud;

  726. 	struct rspamd_controller_session *session;

  727. 	struct rspamd_http_connection_entry *conn_ent;

  728. 	GError *err = NULL;

  729. 

  730. 	conn_ent = task->fin_arg;

  731. 	session = conn_ent->ud;

  732. 

  733. 	if (!rspamd_learn_task_spam (session->cl, task, session->is_spam, &err)) {

  734. 		rspamd_controller_send_error (conn_ent, 500 + err->code, err->message);

  735. 		return TRUE;

  736. 	}

  737. 	/* Successful learn */

  738. 	msg_info ("<%s> learned message: %s",

  739. 		rspamd_inet_address_to_string (&session->from_addr),

  740. 		task->message_id);

  741. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  742. 

  743. 	return TRUE;

  744. }

  745. 

  746. static gboolean

  747. rspamd_controller_check_fin_task (void *ud)

  748. {

  749. 	struct rspamd_task *task = ud;

  750. 	struct rspamd_http_connection_entry *conn_ent;

  751. 	struct rspamd_http_message *msg;

  752. 

  753. 	rspamd_process_statistics (task);

  754. 	conn_ent = task->fin_arg;

  755. 	msg = rspamd_http_new_message (HTTP_RESPONSE);

  756. 	msg->date = time (NULL);

  757. 	msg->code = 200;

  758. 	rspamd_protocol_http_reply (msg, task);

  759. 	rspamd_http_connection_reset (conn_ent->conn);

  760. 	rspamd_http_connection_write_message (conn_ent->conn, msg, NULL,

  761. 		"application/json", conn_ent, conn_ent->conn->fd, conn_ent->rt->ptv,

  762. 		conn_ent->rt->ev_base);

  763. 	conn_ent->is_reply = TRUE;

  764. 

  765. 	return TRUE;

  766. }

  767. 

  768. static int

  769. rspamd_controller_handle_learn_common (

  770. 	struct rspamd_http_connection_entry *conn_ent,

  771. 	struct rspamd_http_message *msg,

  772. 	gboolean is_spam)

  773. {

  774. 	struct rspamd_controller_session *session = conn_ent->ud;

  775. 	struct rspamd_controller_worker_ctx *ctx;

  776. 	struct rspamd_classifier_config *cl;

  777. 	struct rspamd_task *task;

  778. 	const gchar *classifier;

  779. 

  780. 	ctx = session->ctx;

  781. 

  782. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  783. 		return 0;

  784. 	}

  785. 

  786. 	if (msg->body == NULL || msg->body->len == 0) {

  787. 		msg_err ("got zero length body, cannot continue");

  788. 		rspamd_controller_send_error (conn_ent,

  789. 			400,

  790. 			"Empty body is not permitted");

  791. 		return 0;

  792. 	}

  793. 

  794. 	if ((classifier =

  795. 		rspamd_http_message_find_header (msg, "Classifier")) == NULL) {

  796. 		classifier = "bayes";

  797. 	}

  798. 

  799. 	cl = rspamd_config_find_classifier (ctx->cfg, classifier);

  800. 	if (cl == NULL) {

  801. 		rspamd_controller_send_error (conn_ent, 400, "Classifier not found");

  802. 		return 0;

  803. 	}

  804. 

  805. 	task = rspamd_task_new (session->ctx->worker);

  806. 

  807. 	task->resolver = ctx->resolver;

  808. 	task->ev_base = ctx->ev_base;

  809. 

  810. 

  811. 	task->s = new_async_session (session->pool,

  812. 			rspamd_controller_learn_fin_task,

  813. 			NULL,

  814. 			rspamd_task_free_hard,

  815. 			task);

  816. 	task->s->wanna_die = TRUE;

  817. 	task->fin_arg = conn_ent;

  818. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  819. 	task->sock = conn_ent->conn->fd;

  820. 

  821. 

  822. 	/* XXX: Handle encrypted messages */

  823. 	if (!rspamd_task_process (task, msg, msg->body->str, msg->body->len, NULL, FALSE)) {

  824. 		msg_warn ("filters cannot be processed for %s", task->message_id);

  825. 		rspamd_controller_send_error (conn_ent, 500, task->last_error);

  826. 		destroy_session (task->s);

  827. 		return 0;

  828. 	}

  829. 

  830. 	session->task = task;

  831. 	session->cl = cl;

  832. 	session->is_spam = is_spam;

  833. 	check_session_pending (task->s);

  834. 

  835. 	return 0;

  836. }

  837. 

  838. /*

  839.  * Learn spam command handler:

  840.  * request: /learnspam

  841.  * headers: Password

  842.  * input: plaintext data

  843.  * reply: json {"success":true} or {"error":"error message"}

  844.  */

  845. static int

  846. rspamd_controller_handle_learnspam (

  847. 	struct rspamd_http_connection_entry *conn_ent,

  848. 	struct rspamd_http_message *msg)

  849. {

  850. 	return rspamd_controller_handle_learn_common (conn_ent, msg, TRUE);

  851. }

  852. /*

  853.  * Learn ham command handler:

  854.  * request: /learnham

  855.  * headers: Password

  856.  * input: plaintext data

  857.  * reply: json {"success":true} or {"error":"error message"}

  858.  */

  859. static int

  860. rspamd_controller_handle_learnham (

  861. 	struct rspamd_http_connection_entry *conn_ent,

  862. 	struct rspamd_http_message *msg)

  863. {

  864. 	return rspamd_controller_handle_learn_common (conn_ent, msg, FALSE);

  865. }

  866. 

  867. /*

  868.  * Scan command handler:

  869.  * request: /scan

  870.  * headers: Password

  871.  * input: plaintext data

  872.  * reply: json {scan data} or {"error":"error message"}

  873.  */

  874. static int

  875. rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,

  876. 	struct rspamd_http_message *msg)

  877. {

  878. 	struct rspamd_controller_session *session = conn_ent->ud;

  879. 	struct rspamd_controller_worker_ctx *ctx;

  880. 	struct rspamd_task *task;

  881. 

  882. 	ctx = session->ctx;

  883. 

  884. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  885. 		return 0;

  886. 	}

  887. 

  888. 	if (msg->body == NULL || msg->body->len == 0) {

  889. 		msg_err ("got zero length body, cannot continue");

  890. 		rspamd_controller_send_error (conn_ent,

  891. 			400,

  892. 			"Empty body is not permitted");

  893. 		return 0;

  894. 	}

  895. 

  896. 	task = rspamd_task_new (session->ctx->worker);

  897. 	task->ev_base = session->ctx->ev_base;

  898. 

  899. 	task->resolver = ctx->resolver;

  900. 	task->ev_base = ctx->ev_base;

  901. 

  902. 	task->s = new_async_session (session->pool,

  903. 			rspamd_controller_check_fin_task,

  904. 			NULL,

  905. 			rspamd_task_free_hard,

  906. 			task);

  907. 	task->s->wanna_die = TRUE;

  908. 	task->fin_arg = conn_ent;

  909. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);

  910. 	task->sock = conn_ent->conn->fd;

  911. 

  912. 	/* XXX: handle encrypted messages */

  913. 	if (!rspamd_task_process (task, msg, msg->body->str, msg->body->len, NULL, FALSE)) {

  914. 		msg_warn ("filters cannot be processed for %s", task->message_id);

  915. 		rspamd_controller_send_error (conn_ent, 500, task->last_error);

  916. 		destroy_session (task->s);

  917. 		return 0;

  918. 	}

  919. 

  920. 	session->task = task;

  921. 	check_session_pending (task->s);

  922. 

  923. 	return 0;

  924. }

  925. 

  926. /*

  927.  * Save actions command handler:

  928.  * request: /saveactions

  929.  * headers: Password

  930.  * input: json array [<spam>,<probable spam>,<greylist>]

  931.  * reply: json {"success":true} or {"error":"error message"}

  932.  */

  933. static int

  934. rspamd_controller_handle_saveactions (

  935. 	struct rspamd_http_connection_entry *conn_ent,

  936. 	struct rspamd_http_message *msg)

  937. {

  938. 	struct rspamd_controller_session *session = conn_ent->ud;

  939. 	struct ucl_parser *parser;

  940. 	struct metric *metric;

  941. 	ucl_object_t *obj;

  942. 	const ucl_object_t *cur;

  943. 	struct rspamd_controller_worker_ctx *ctx;

  944. 	const gchar *error;

  945. 	gdouble score;

  946. 	gint i, added = 0;

  947. 	enum rspamd_metric_action act;

  948. 	ucl_object_iter_t it = NULL;

  949. 

  950. 	ctx = session->ctx;

  951. 

  952. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  953. 		return 0;

  954. 	}

  955. 

  956. 	if (msg->body == NULL || msg->body->len == 0) {

  957. 		msg_err ("got zero length body, cannot continue");

  958. 		rspamd_controller_send_error (conn_ent,

  959. 			400,

  960. 			"Empty body is not permitted");

  961. 		return 0;

  962. 	}

  963. 

  964. 	metric = g_hash_table_lookup (ctx->cfg->metrics, DEFAULT_METRIC);

  965. 	if (metric == NULL) {

  966. 		msg_err ("cannot find default metric");

  967. 		rspamd_controller_send_error (conn_ent, 500,

  968. 			"Default metric is absent");

  969. 		return 0;

  970. 	}

  971. 

  972. 	/* Now check for dynamic config */

  973. 	if (!ctx->cfg->dynamic_conf) {

  974. 		msg_err ("dynamic conf has not been defined");

  975. 		rspamd_controller_send_error (conn_ent,

  976. 			500,

  977. 			"No dynamic_rules setting defined");

  978. 		return 0;

  979. 	}

  980. 

  981. 	parser = ucl_parser_new (0);

  982. 	ucl_parser_add_chunk (parser, msg->body->str, msg->body->len);

  983. 

  984. 	if ((error = ucl_parser_get_error (parser)) != NULL) {

  985. 		msg_err ("cannot parse input: %s", error);

  986. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  987. 		ucl_parser_free (parser);

  988. 		return 0;

  989. 	}

  990. 

  991. 	obj = ucl_parser_get_object (parser);

  992. 	ucl_parser_free (parser);

  993. 

  994. 	if (obj->type != UCL_ARRAY || obj->len != 3) {

  995. 		msg_err ("input is not an array of 3 elements");

  996. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  997. 		ucl_object_unref (obj);

  998. 		return 0;

  999. 	}

  1000. 

  1001. 	for (i = 0; i < 3; i++) {

  1002. 		cur = ucl_iterate_object (obj, &it, TRUE);

  1003. 		if (cur == NULL) {

  1004. 			break;

  1005. 		}

  1006. 		switch (i) {

  1007. 		case 0:

  1008. 			act = METRIC_ACTION_REJECT;

  1009. 			break;

  1010. 		case 1:

  1011. 			act = METRIC_ACTION_ADD_HEADER;

  1012. 			break;

  1013. 		case 2:

  1014. 			act = METRIC_ACTION_GREYLIST;

  1015. 			break;

  1016. 		}

  1017. 		score = ucl_object_todouble (cur);

  1018. 		if (metric->actions[act].score != score) {

  1019. 			add_dynamic_action (ctx->cfg, DEFAULT_METRIC, act, score);

  1020. 			added ++;

  1021. 		}

  1022. 	}

  1023. 

  1024. 	dump_dynamic_config (ctx->cfg);

  1025. 	msg_info ("<%s> modified %d actions",

  1026. 		rspamd_inet_address_to_string (&session->from_addr),

  1027. 		added);

  1028. 

  1029. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1030. 

  1031. 	return 0;

  1032. }

  1033. 

  1034. /*

  1035.  * Save symbols command handler:

  1036.  * request: /savesymbols

  1037.  * headers: Password

  1038.  * input: json data

  1039.  * reply: json {"success":true} or {"error":"error message"}

  1040.  */

  1041. static int

  1042. rspamd_controller_handle_savesymbols (

  1043. 	struct rspamd_http_connection_entry *conn_ent,

  1044. 	struct rspamd_http_message *msg)

  1045. {

  1046. 	struct rspamd_controller_session *session = conn_ent->ud;

  1047. 	struct ucl_parser *parser;

  1048. 	struct metric *metric;

  1049. 	ucl_object_t *obj;

  1050. 	const ucl_object_t *cur, *jname, *jvalue;

  1051. 	ucl_object_iter_t iter = NULL;

  1052. 	struct rspamd_controller_worker_ctx *ctx;

  1053. 	const gchar *error;

  1054. 	gdouble val;

  1055. 	struct rspamd_symbol_def *sym;

  1056. 	int added = 0;

  1057. 

  1058. 	ctx = session->ctx;

  1059. 

  1060. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1061. 		return 0;

  1062. 	}

  1063. 

  1064. 	if (msg->body == NULL || msg->body->len == 0) {

  1065. 		msg_err ("got zero length body, cannot continue");

  1066. 		rspamd_controller_send_error (conn_ent,

  1067. 			400,

  1068. 			"Empty body is not permitted");

  1069. 		return 0;

  1070. 	}

  1071. 

  1072. 	metric = g_hash_table_lookup (ctx->cfg->metrics, DEFAULT_METRIC);

  1073. 	if (metric == NULL) {

  1074. 		msg_err ("cannot find default metric");

  1075. 		rspamd_controller_send_error (conn_ent, 500,

  1076. 			"Default metric is absent");

  1077. 		return 0;

  1078. 	}

  1079. 

  1080. 	/* Now check for dynamic config */

  1081. 	if (!ctx->cfg->dynamic_conf) {

  1082. 		msg_err ("dynamic conf has not been defined");

  1083. 		rspamd_controller_send_error (conn_ent,

  1084. 			500,

  1085. 			"No dynamic_rules setting defined");

  1086. 		return 0;

  1087. 	}

  1088. 

  1089. 	parser = ucl_parser_new (0);

  1090. 	ucl_parser_add_chunk (parser, msg->body->str, msg->body->len);

  1091. 

  1092. 	if ((error = ucl_parser_get_error (parser)) != NULL) {

  1093. 		msg_err ("cannot parse input: %s", error);

  1094. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  1095. 		ucl_parser_free (parser);

  1096. 		return 0;

  1097. 	}

  1098. 

  1099. 	obj = ucl_parser_get_object (parser);

  1100. 	ucl_parser_free (parser);

  1101. 

  1102. 	if (obj->type != UCL_ARRAY) {

  1103. 		msg_err ("input is not an array");

  1104. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  1105. 		ucl_object_unref (obj);

  1106. 		return 0;

  1107. 	}

  1108. 

  1109. 	while ((cur = ucl_iterate_object (obj, &iter, true))) {

  1110. 		if (cur->type != UCL_OBJECT) {

  1111. 			msg_err ("json array data error");

  1112. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  1113. 			ucl_object_unref (obj);

  1114. 			return 0;

  1115. 		}

  1116. 		jname = ucl_object_find_key (cur, "name");

  1117. 		jvalue = ucl_object_find_key (cur, "value");

  1118. 		val = ucl_object_todouble (jvalue);

  1119. 		sym =

  1120. 			g_hash_table_lookup (metric->symbols, ucl_object_tostring (jname));

  1121. 		if (sym && fabs (*sym->weight_ptr - val) > 0.01) {

  1122. 			if (!add_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,

  1123. 				ucl_object_tostring (jname), val)) {

  1124. 				msg_err ("add symbol failed for %s",

  1125. 					ucl_object_tostring (jname));

  1126. 				rspamd_controller_send_error (conn_ent, 506,

  1127. 					"Add symbol failed");

  1128. 				ucl_object_unref (obj);

  1129. 				return 0;

  1130. 			}

  1131. 			added ++;

  1132. 		}

  1133. 	}

  1134. 

  1135. 	dump_dynamic_config (ctx->cfg);

  1136. 	msg_info ("<%s> modified %d symbols",

  1137. 			rspamd_inet_address_to_string (&session->from_addr),

  1138. 			added);

  1139. 

  1140. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1141. 

  1142. 	return 0;

  1143. }

  1144. 

  1145. /*

  1146.  * Save map command handler:

  1147.  * request: /savemap

  1148.  * headers: Password, Map

  1149.  * input: plaintext data

  1150.  * reply: json {"success":true} or {"error":"error message"}

  1151.  */

  1152. static int

  1153. rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,

  1154. 	struct rspamd_http_message *msg)

  1155. {

  1156. 	struct rspamd_controller_session *session = conn_ent->ud;

  1157. 	GList *cur;

  1158. 	struct rspamd_map *map;

  1159. 	struct rspamd_controller_worker_ctx *ctx;

  1160. 	const gchar *idstr;

  1161. 	gchar *errstr;

  1162. 	guint32 id;

  1163. 	gboolean found = FALSE;

  1164. 	gint fd;

  1165. 

  1166. 	ctx = session->ctx;

  1167. 

  1168. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1169. 		return 0;

  1170. 	}

  1171. 

  1172. 	if (msg->body == NULL || msg->body->len == 0) {

  1173. 		msg_err ("got zero length body, cannot continue");

  1174. 		rspamd_controller_send_error (conn_ent,

  1175. 			400,

  1176. 			"Empty body is not permitted");

  1177. 		return 0;

  1178. 	}

  1179. 

  1180. 	idstr = rspamd_http_message_find_header (msg, "Map");

  1181. 

  1182. 	if (idstr == NULL) {

  1183. 		msg_info ("absent map id");

  1184. 		rspamd_controller_send_error (conn_ent, 400, "Map id not specified");

  1185. 		return 0;

  1186. 	}

  1187. 

  1188. 	id = strtoul (idstr, &errstr, 10);

  1189. 	if (*errstr != '\0') {

  1190. 		msg_info ("invalid map id");

  1191. 		rspamd_controller_send_error (conn_ent, 400, "Map id is invalid");

  1192. 		return 0;

  1193. 	}

  1194. 

  1195. 	/* Now let's be sure that we have map defined in configuration */

  1196. 	cur = ctx->cfg->maps;

  1197. 	while (cur) {

  1198. 		map = cur->data;

  1199. 		if (map->id == id && map->protocol == MAP_PROTO_FILE) {

  1200. 			found = TRUE;

  1201. 			break;

  1202. 		}

  1203. 		cur = g_list_next (cur);

  1204. 	}

  1205. 

  1206. 	if (!found) {

  1207. 		msg_info ("map not found: %d", id);

  1208. 		rspamd_controller_send_error (conn_ent, 404, "Map id not found");

  1209. 		return 0;

  1210. 	}

  1211. 

  1212. 	if (g_atomic_int_get (map->locked)) {

  1213. 		msg_info ("map locked: %s", map->uri);

  1214. 		rspamd_controller_send_error (conn_ent, 404, "Map is locked");

  1215. 		return 0;

  1216. 	}

  1217. 

  1218. 	/* Set lock */

  1219. 	g_atomic_int_set (map->locked, 1);

  1220. 	fd = open (map->uri, O_WRONLY | O_TRUNC);

  1221. 	if (fd == -1) {

  1222. 		g_atomic_int_set (map->locked, 0);

  1223. 		msg_info ("map %s open error: %s", map->uri, strerror (errno));

  1224. 		rspamd_controller_send_error (conn_ent, 404, "Map id not found");

  1225. 		return 0;

  1226. 	}

  1227. 

  1228. 	if (write (fd, msg->body->str, msg->body->len) == -1) {

  1229. 		msg_info ("map %s write error: %s", map->uri, strerror (errno));

  1230. 		close (fd);

  1231. 		g_atomic_int_set (map->locked, 0);

  1232. 		rspamd_controller_send_error (conn_ent, 500, "Map write error");

  1233. 		return 0;

  1234. 	}

  1235. 

  1236. 	msg_info ("<%s>, map %s saved",

  1237. 		rspamd_inet_address_to_string (&session->from_addr),

  1238. 		map->uri);

  1239. 	/* Close and unlock */

  1240. 	close (fd);

  1241. 	g_atomic_int_set (map->locked, 0);

  1242. 

  1243. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1244. 

  1245. 	return 0;

  1246. }

  1247. 

  1248. /*

  1249.  * Stat command handler:

  1250.  * request: /stat (/resetstat)

  1251.  * headers: Password

  1252.  * reply: json data

  1253.  */

  1254. static int

  1255. rspamd_controller_handle_stat_common (

  1256. 	struct rspamd_http_connection_entry *conn_ent,

  1257. 	struct rspamd_http_message *msg,

  1258. 	gboolean do_reset)

  1259. {

  1260. 	struct rspamd_controller_session *session = conn_ent->ud;

  1261. 	ucl_object_t *top, *sub;

  1262. 	gint i;

  1263. 	guint64 learned  = 0, spam = 0, ham = 0;

  1264. 	rspamd_mempool_stat_t mem_st;

  1265. 	struct rspamd_stat *stat, stat_copy;

  1266. 

  1267. 	rspamd_mempool_stat (&mem_st);

  1268. 	memcpy (&stat_copy, session->ctx->worker->srv->stat, sizeof (stat_copy));

  1269. 	stat = &stat_copy;

  1270. 	top = ucl_object_typed_new (UCL_OBJECT);

  1271. 

  1272. 	ucl_object_insert_key (top, ucl_object_fromint (

  1273. 			stat->messages_scanned), "scanned", 0, false);

  1274. 	if (stat->messages_scanned > 0) {

  1275. 		sub = ucl_object_typed_new (UCL_OBJECT);

  1276. 		for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {

  1277. 			ucl_object_insert_key (sub,

  1278. 				ucl_object_fromint (stat->actions_stat[i]),

  1279. 				rspamd_action_to_str (i), 0, false);

  1280. 			if (i < METRIC_ACTION_GREYLIST) {

  1281. 				spam += stat->actions_stat[i];

  1282. 			}

  1283. 			else {

  1284. 				ham += stat->actions_stat[i];

  1285. 			}

  1286. 			if (do_reset) {

  1287. 				session->ctx->worker->srv->stat->actions_stat[i] = 0;

  1288. 			}

  1289. 		}

  1290. 		ucl_object_insert_key (top, sub, "actions", 0, false);

  1291. 	}

  1292. 

  1293. 	ucl_object_insert_key (top, ucl_object_fromint (

  1294. 			spam), "spam_count", 0, false);

  1295. 	ucl_object_insert_key (top, ucl_object_fromint (

  1296. 			ham),  "ham_count",	 0, false);

  1297. 	ucl_object_insert_key (top,

  1298. 		ucl_object_fromint (stat->connections_count), "connections", 0, false);

  1299. 	ucl_object_insert_key (top,

  1300. 		ucl_object_fromint (stat->control_connections_count),

  1301. 		"control_connections", 0, false);

  1302. 

  1303. 	ucl_object_insert_key (top,

  1304. 		ucl_object_fromint (mem_st.pools_allocated), "pools_allocated", 0,

  1305. 		false);

  1306. 	ucl_object_insert_key (top,

  1307. 		ucl_object_fromint (mem_st.pools_freed), "pools_freed", 0, false);

  1308. 	ucl_object_insert_key (top,

  1309. 		ucl_object_fromint (mem_st.bytes_allocated), "bytes_allocated", 0,

  1310. 		false);

  1311. 	ucl_object_insert_key (top,

  1312. 		ucl_object_fromint (

  1313. 			mem_st.chunks_allocated), "chunks_allocated", 0, false);

  1314. 	ucl_object_insert_key (top,

  1315. 		ucl_object_fromint (mem_st.shared_chunks_allocated),

  1316. 		"shared_chunks_allocated", 0, false);

  1317. 	ucl_object_insert_key (top,

  1318. 		ucl_object_fromint (mem_st.chunks_freed), "chunks_freed", 0, false);

  1319. 	ucl_object_insert_key (top,

  1320. 		ucl_object_fromint (

  1321. 			mem_st.oversized_chunks), "chunks_oversized", 0, false);

  1322. 	ucl_object_insert_key (top,

  1323. 		ucl_object_fromint (stat->fuzzy_hashes), "fuzzy_stored", 0, false);

  1324. 	ucl_object_insert_key (top,

  1325. 		ucl_object_fromint (

  1326. 			stat->fuzzy_hashes_expired), "fuzzy_expired", 0, false);

  1327. 

  1328. 	/* Now write statistics for each statfile */

  1329. 

  1330. 	sub = rspamd_stat_statistics (session->ctx->cfg, &learned);

  1331. 	ucl_object_insert_key (top, sub, "statfiles", 0, false);

  1332. 	ucl_object_insert_key (top,

  1333. 			ucl_object_fromint (learned), "total_learns", 0, false);

  1334. 

  1335. 	if (do_reset) {

  1336. 		session->ctx->srv->stat->messages_scanned = 0;

  1337. 		session->ctx->srv->stat->messages_learned = 0;

  1338. 		session->ctx->srv->stat->connections_count = 0;

  1339. 		session->ctx->srv->stat->control_connections_count = 0;

  1340. 		rspamd_mempool_stat_reset ();

  1341. 	}

  1342. 

  1343. 	rspamd_controller_send_ucl (conn_ent, top);

  1344. 	ucl_object_unref (top);

  1345. 

  1346. 	return 0;

  1347. }

  1348. 

  1349. static int

  1350. rspamd_controller_handle_stat (struct rspamd_http_connection_entry *conn_ent,

  1351. 	struct rspamd_http_message *msg)

  1352. {

  1353. 	struct rspamd_controller_session *session = conn_ent->ud;

  1354. 

  1355. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1356. 		return 0;

  1357. 	}

  1358. 

  1359. 	return rspamd_controller_handle_stat_common (conn_ent, msg, FALSE);

  1360. }

  1361. 

  1362. static int

  1363. rspamd_controller_handle_statreset (

  1364. 	struct rspamd_http_connection_entry *conn_ent,

  1365. 	struct rspamd_http_message *msg)

  1366. {

  1367. 	struct rspamd_controller_session *session = conn_ent->ud;

  1368. 

  1369. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1370. 		return 0;

  1371. 	}

  1372. 

  1373. 	msg_info ("<%s> reset stat",

  1374. 			rspamd_inet_address_to_string (&session->from_addr));

  1375. 	return rspamd_controller_handle_stat_common (conn_ent, msg, TRUE);

  1376. }

  1377. 

  1378. static ucl_object_t *

  1379. rspamd_controller_cache_item_to_ucl (struct cache_item *item)

  1380. {

  1381. 	ucl_object_t *obj;

  1382. 

  1383. 	obj = ucl_object_typed_new (UCL_OBJECT);

  1384. 	ucl_object_insert_key (obj, ucl_object_fromstring (item->s->symbol),

  1385. 		"symbol", 0, false);

  1386. 	ucl_object_insert_key (obj, ucl_object_fromdouble (item->s->weight),

  1387. 		"weight", 0, false);

  1388. 	ucl_object_insert_key (obj,	   ucl_object_fromint (item->s->frequency),

  1389. 		"frequency", 0, false);

  1390. 	ucl_object_insert_key (obj, ucl_object_fromdouble (item->s->avg_time),

  1391. 		"time", 0, false);

  1392. 

  1393. 	return obj;

  1394. }

  1395. 

  1396. /*

  1397.  * Counters command handler:

  1398.  * request: /counters

  1399.  * headers: Password

  1400.  * reply: json array of all counters

  1401.  */

  1402. static int

  1403. rspamd_controller_handle_counters (

  1404. 	struct rspamd_http_connection_entry *conn_ent,

  1405. 	struct rspamd_http_message *msg)

  1406. {

  1407. 	struct rspamd_controller_session *session = conn_ent->ud;

  1408. 	ucl_object_t *top;

  1409. 	GList *cur;

  1410. 	struct cache_item *item;

  1411. 	struct symbols_cache *cache;

  1412. 

  1413. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1414. 		return 0;

  1415. 	}

  1416. 

  1417. 	cache = session->ctx->cfg->cache;

  1418. 	top = ucl_object_typed_new (UCL_ARRAY);

  1419. 	if (cache != NULL) {

  1420. 		cur = cache->negative_items;

  1421. 		while (cur) {

  1422. 			item = cur->data;

  1423. 			if (!item->is_callback) {

  1424. 				ucl_array_append (top, rspamd_controller_cache_item_to_ucl (

  1425. 						item));

  1426. 			}

  1427. 			cur = g_list_next (cur);

  1428. 		}

  1429. 		cur = cache->static_items;

  1430. 		while (cur) {

  1431. 			item = cur->data;

  1432. 			if (!item->is_callback) {

  1433. 				ucl_array_append (top, rspamd_controller_cache_item_to_ucl (

  1434. 						item));

  1435. 			}

  1436. 			cur = g_list_next (cur);

  1437. 		}

  1438. 	}

  1439. 	rspamd_controller_send_ucl (conn_ent, top);

  1440. 	ucl_object_unref (top);

  1441. 

  1442. 	return 0;

  1443. }

  1444. 

  1445. static int

  1446. rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,

  1447. 	struct rspamd_http_message *msg)

  1448. {

  1449. 	struct rspamd_controller_session *session = conn_ent->ud;

  1450. 	struct rspamd_custom_controller_command *cmd;

  1451. 

  1452. 	cmd = g_hash_table_lookup (session->ctx->custom_commands, msg->url->str);

  1453. 	if (cmd == NULL || cmd->handler == NULL) {

  1454. 		msg_err ("custom command %V has not been found", msg->url);

  1455. 		rspamd_controller_send_error (conn_ent, 404, "No command associated");

  1456. 		return 0;

  1457. 	}

  1458. 

  1459. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  1460. 		cmd->privilleged)) {

  1461. 		return 0;

  1462. 	}

  1463. 	if (cmd->require_message && (msg->body == NULL || msg->body->len == 0)) {

  1464. 		msg_err ("got zero length body, cannot continue");

  1465. 		rspamd_controller_send_error (conn_ent,

  1466. 			400,

  1467. 			"Empty body is not permitted");

  1468. 		return 0;

  1469. 	}

  1470. 

  1471. 	return cmd->handler (conn_ent, msg, cmd->ctx);

  1472. }

  1473. 

  1474. static void

  1475. rspamd_controller_error_handler (struct rspamd_http_connection_entry *conn_ent,

  1476. 	GError *err)

  1477. {

  1478. 	msg_err ("http error occurred: %s", err->message);

  1479. }

  1480. 

  1481. static void

  1482. rspamd_controller_finish_handler (struct rspamd_http_connection_entry *conn_ent)

  1483. {

  1484. 	struct rspamd_controller_session *session = conn_ent->ud;

  1485. 

  1486. 	session->ctx->worker->srv->stat->control_connections_count++;

  1487. 	if (session->task != NULL) {

  1488. 		destroy_session (session->task->s);

  1489. 	}

  1490. 	if (session->pool) {

  1491. 		rspamd_mempool_delete (session->pool);

  1492. 	}

  1493. 

  1494. 	g_slice_free1 (sizeof (struct rspamd_controller_session), session);

  1495. }

  1496. 

  1497. static void

  1498. rspamd_controller_accept_socket (gint fd, short what, void *arg)

  1499. {

  1500. 	struct rspamd_worker *worker = (struct rspamd_worker *) arg;

  1501. 	struct rspamd_controller_worker_ctx *ctx;

  1502. 	struct rspamd_controller_session *nsession;

  1503. 	rspamd_inet_addr_t addr;

  1504. 	gint nfd;

  1505. 

  1506. 	ctx = worker->ctx;

  1507. 

  1508. 	if ((nfd =

  1509. 		rspamd_accept_from_socket (fd, &addr)) == -1) {

  1510. 		msg_warn ("accept failed: %s", strerror (errno));

  1511. 		return;

  1512. 	}

  1513. 	/* Check for EAGAIN */

  1514. 	if (nfd == 0) {

  1515. 		return;

  1516. 	}

  1517. 

  1518. 	nsession = g_slice_alloc0 (sizeof (struct rspamd_controller_session));

  1519. 	nsession->pool = rspamd_mempool_new (rspamd_mempool_suggest_size ());

  1520. 	nsession->ctx = ctx;

  1521. 

  1522. 	memcpy (&nsession->from_addr, &addr, sizeof (addr));

  1523. 

  1524. 	rspamd_http_router_handle_socket (ctx->http, nfd, nsession);

  1525. }

  1526. 

  1527. gpointer

  1528. init_controller_worker (struct rspamd_config *cfg)

  1529. {

  1530. 	struct rspamd_controller_worker_ctx *ctx;

  1531. 	GQuark type;

  1532. 

  1533. 	type = g_quark_try_string ("controller");

  1534. 

  1535. 	ctx = g_malloc0 (sizeof (struct rspamd_controller_worker_ctx));

  1536. 

  1537. 	ctx->timeout = DEFAULT_WORKER_IO_TIMEOUT;

  1538. 

  1539. 	rspamd_rcl_register_worker_option (cfg, type, "password",

  1540. 		rspamd_rcl_parse_struct_string, ctx,

  1541. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, password), 0);

  1542. 

  1543. 	rspamd_rcl_register_worker_option (cfg, type, "enable_password",

  1544. 		rspamd_rcl_parse_struct_string, ctx,

  1545. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, password), 0);

  1546. 

  1547. 	rspamd_rcl_register_worker_option (cfg, type, "ssl",

  1548. 		rspamd_rcl_parse_struct_boolean, ctx,

  1549. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, use_ssl), 0);

  1550. 

  1551. 	rspamd_rcl_register_worker_option (cfg, type, "ssl_cert",

  1552. 		rspamd_rcl_parse_struct_string, ctx,

  1553. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_cert), 0);

  1554. 

  1555. 	rspamd_rcl_register_worker_option (cfg, type, "ssl_key",

  1556. 		rspamd_rcl_parse_struct_string, ctx,

  1557. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_key), 0);

  1558. 	rspamd_rcl_register_worker_option (cfg, type, "timeout",

  1559. 		rspamd_rcl_parse_struct_time, ctx,

  1560. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  1561. 		timeout), RSPAMD_CL_FLAG_TIME_INTEGER);

  1562. 

  1563. 	rspamd_rcl_register_worker_option (cfg, type, "secure_ip",

  1564. 		rspamd_rcl_parse_struct_string, ctx,

  1565. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip), 0);

  1566. 

  1567. 	rspamd_rcl_register_worker_option (cfg, type, "static_dir",

  1568. 		rspamd_rcl_parse_struct_string, ctx,

  1569. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  1570. 		static_files_dir), 0);

  1571. 

  1572. 	rspamd_rcl_register_worker_option (cfg, type, "keypair",

  1573. 		rspamd_rcl_parse_struct_keypair, ctx,

  1574. 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  1575. 		key), 0);

  1576. 

  1577. 	return ctx;

  1578. }

  1579. 

  1580. /*

  1581.  * Start worker process

  1582.  */

  1583. void

  1584. start_controller_worker (struct rspamd_worker *worker)

  1585. {

  1586. 	struct rspamd_controller_worker_ctx *ctx = worker->ctx;

  1587. 	GList *cur;

  1588. 	struct filter *f;

  1589. 	struct module_ctx *mctx;

  1590. 	GHashTableIter iter;

  1591. 	gpointer key, value;

  1592. 

  1593. 

  1594. 	ctx->ev_base = rspamd_prepare_worker (worker,

  1595. 			"controller",

  1596. 			rspamd_controller_accept_socket);

  1597. 	msec_to_tv (ctx->timeout, &ctx->io_tv);

  1598. 

  1599. 	ctx->start_time = time (NULL);

  1600. 	ctx->worker = worker;

  1601. 	ctx->cfg = worker->srv->cfg;

  1602. 	ctx->srv = worker->srv;

  1603. 	ctx->custom_commands = g_hash_table_new (rspamd_strcase_hash,

  1604. 			rspamd_strcase_equal);

  1605. 	if (ctx->secure_ip != NULL) {

  1606. 		if (!rspamd_map_add (worker->srv->cfg, ctx->secure_ip,

  1607. 			"Allow webui access from the specified IP",

  1608. 			rspamd_radix_read, rspamd_radix_fin, (void **)&ctx->secure_map)) {

  1609. 			if (!radix_add_generic_iplist (ctx->secure_ip,

  1610. 				&ctx->secure_map)) {

  1611. 				msg_warn ("cannot load or parse ip list from '%s'",

  1612. 					ctx->secure_ip);

  1613. 			}

  1614. 		}

  1615. 	}

  1616. 	/* Accept event */

  1617. 	ctx->http = rspamd_http_router_new (rspamd_controller_error_handler,

  1618. 			rspamd_controller_finish_handler, &ctx->io_tv, ctx->ev_base,

  1619. 			ctx->static_files_dir);

  1620. 

  1621. 	/* Add callbacks for different methods */

  1622. 	rspamd_http_router_add_path (ctx->http,

  1623. 				PATH_AUTH,

  1624. 		rspamd_controller_handle_auth);

  1625. 	rspamd_http_router_add_path (ctx->http,

  1626. 			 PATH_SYMBOLS,

  1627. 		rspamd_controller_handle_symbols);

  1628. 	rspamd_http_router_add_path (ctx->http,

  1629. 			 PATH_ACTIONS,

  1630. 		rspamd_controller_handle_actions);

  1631. 	rspamd_http_router_add_path (ctx->http,

  1632. 				PATH_MAPS,

  1633. 		rspamd_controller_handle_maps);

  1634. 	rspamd_http_router_add_path (ctx->http,

  1635. 			 PATH_GET_MAP,

  1636. 		rspamd_controller_handle_get_map);

  1637. 	rspamd_http_router_add_path (ctx->http,

  1638. 		   PATH_PIE_CHART,

  1639. 		rspamd_controller_handle_pie_chart);

  1640. 	rspamd_http_router_add_path (ctx->http,

  1641. 			 PATH_HISTORY,

  1642. 		rspamd_controller_handle_history);

  1643. 	rspamd_http_router_add_path (ctx->http,

  1644. 		  PATH_LEARN_SPAM,

  1645. 		rspamd_controller_handle_learnspam);

  1646. 	rspamd_http_router_add_path (ctx->http,

  1647. 		   PATH_LEARN_HAM,

  1648. 		rspamd_controller_handle_learnham);

  1649. 	rspamd_http_router_add_path (ctx->http,

  1650. 		PATH_SAVE_ACTIONS,

  1651. 		rspamd_controller_handle_saveactions);

  1652. 	rspamd_http_router_add_path (ctx->http,

  1653. 		PATH_SAVE_SYMBOLS,

  1654. 		rspamd_controller_handle_savesymbols);

  1655. 	rspamd_http_router_add_path (ctx->http,

  1656. 			PATH_SAVE_MAP,

  1657. 		rspamd_controller_handle_savemap);

  1658. 	rspamd_http_router_add_path (ctx->http,

  1659. 				PATH_SCAN,

  1660. 		rspamd_controller_handle_scan);

  1661. 	rspamd_http_router_add_path (ctx->http,

  1662. 			   PATH_CHECK,

  1663. 		rspamd_controller_handle_scan);

  1664. 	rspamd_http_router_add_path (ctx->http,

  1665. 				PATH_STAT,

  1666. 		rspamd_controller_handle_stat);

  1667. 	rspamd_http_router_add_path (ctx->http,

  1668. 		  PATH_STAT_RESET,

  1669. 		rspamd_controller_handle_statreset);

  1670. 	rspamd_http_router_add_path (ctx->http,

  1671. 			PATH_COUNTERS,

  1672. 		rspamd_controller_handle_counters);

  1673. 

  1674. 	if (ctx->key) {

  1675. 		rspamd_http_router_set_key (ctx->http, ctx->key);

  1676. 	}

  1677. 

  1678. 	/* Attach plugins */

  1679. 	cur = g_list_first (ctx->cfg->filters);

  1680. 	while (cur) {

  1681. 		f = cur->data;

  1682. 		mctx = g_hash_table_lookup (ctx->cfg->c_modules, f->module->name);

  1683. 		if (mctx != NULL && f->module->module_attach_controller_func != NULL) {

  1684. 			f->module->module_attach_controller_func (mctx,

  1685. 				ctx->custom_commands);

  1686. 		}

  1687. 		cur = g_list_next (cur);

  1688. 	}

  1689. 

  1690. 	g_hash_table_iter_init (&iter, ctx->custom_commands);

  1691. 	while (g_hash_table_iter_next (&iter, &key, &value)) {

  1692. 		rspamd_http_router_add_path (ctx->http,

  1693. 			key,

  1694. 			rspamd_controller_handle_custom);

  1695. 	}

  1696. 

  1697. 	ctx->resolver = dns_resolver_init (worker->srv->logger,

  1698. 			ctx->ev_base,

  1699. 			worker->srv->cfg);

  1700. 

  1701. 	rspamd_upstreams_library_init (ctx->resolver->r, ctx->ev_base);

  1702. 	rspamd_upstreams_library_config (worker->srv->cfg);

  1703. 	/* Maps events */

  1704. 	rspamd_map_watch (worker->srv->cfg, ctx->ev_base);

  1705. 

  1706. 	event_base_loop (ctx->ev_base, 0);

  1707. 

  1708. 	g_mime_shutdown ();

  1709. 	rspamd_log_close (rspamd_main->logger);

  1710. 	exit (EXIT_SUCCESS);

  1711. }