123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296 |
- --[[
- Copyright (c) 2019, Vsevolod Stakhov <vsevolod@highsecure.ru>
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ]]--
-
- --[[[
- -- @module lua_settings
- -- This module contains internal helpers for the settings infrastructure in Rspamd
- -- More details at https://rspamd.com/doc/configuration/settings.html
- --]]
-
- local exports = {}
- local known_ids = {}
- local post_init_added = false
- local post_init_performed = false
- local all_symbols
- local default_symbols
-
- local fun = require "fun"
- local lua_util = require "lua_util"
- local rspamd_logger = require "rspamd_logger"
-
- local function register_settings_cb()
- if not post_init_performed then
- all_symbols = rspamd_config:get_symbols()
-
- default_symbols = fun.totable(fun.filter(function(_, v)
- return not v.allowed_ids or #v.allowed_ids == 0 or v.flags.explicit_disable
- end,all_symbols))
-
- local explicit_symbols = lua_util.keys(fun.filter(function(k, v)
- return v.flags.explicit_disable
- end, all_symbols))
-
- local symnames = lua_util.list_to_hash(lua_util.keys(all_symbols))
-
- for _,set in pairs(known_ids) do
- local s = set.settings.apply or {}
- set.symbols = lua_util.shallowcopy(symnames)
- local enabled_symbols = {}
- local seen_enabled = false
- local disabled_symbols = {}
- local seen_disabled = false
-
- -- Enabled map
- if s.symbols_enabled then
- -- Remove all symbols from set.symbols aside of explicit_disable symbols
- set.symbols = lua_util.list_to_hash(explicit_symbols)
- for _,sym in ipairs(s.symbols_enabled) do
- enabled_symbols[sym] = true
- set.symbols[sym] = true
- seen_enabled = true
- end
- end
- if s.groups_enabled then
- for _,gr in ipairs(s.groups_enabled) do
- local syms = rspamd_config:get_group_symbols(gr)
-
- if syms then
- for _,sym in ipairs(syms) do
- enabled_symbols[sym] = true
- set.symbols[sym] = true
- seen_enabled = true
- end
- end
- end
- end
-
- -- Disabled map
- if s.symbols_disabled then
- for _,sym in ipairs(s.symbols_disabled) do
- disabled_symbols[sym] = true
- set.symbols[sym] = false
- seen_disabled = true
- end
- end
- if s.groups_disabled then
- for _,gr in ipairs(s.groups_disabled) do
- local syms = rspamd_config:get_group_symbols(gr)
-
- if syms then
- for _,sym in ipairs(syms) do
- disabled_symbols[sym] = true
- seen_disabled = true
- set.symbols[sym] = false
- end
- end
- end
- end
-
- -- Deal with complexity to avoid mess in C
- if not seen_enabled then enabled_symbols = nil end
- if not seen_disabled then disabled_symbols = nil end
-
- if enabled_symbols or disabled_symbols then
- -- Specify what symbols are really enabled for this settings id
- set.has_specific_symbols = true
- end
-
- rspamd_config:register_settings_id(set.name, enabled_symbols, disabled_symbols)
-
- -- Remove to avoid clash
- s.symbols_disabled = nil
- s.symbols_enabled = nil
- s.groups_enabled = nil
- s.groups_disabled = nil
- end
-
- -- We now iterate over all symbols and check for allowed_ids/forbidden_ids
- for k,v in pairs(all_symbols) do
- if v.allowed_ids and not v.flags.explicit_disable then
- for _,id in ipairs(v.allowed_ids) do
- if known_ids[id] then
- local set = known_ids[id]
- if not set.has_specific_symbols then
- set.has_specific_symbols = true
- end
- set.symbols[k] = true
- else
- rspamd_logger.errx(rspamd_config, 'symbol %s is allowed at unknown settings id %s',
- k, id)
- end
- end
- end
- if v.forbidden_ids then
- for _,id in ipairs(v.forbidden_ids) do
- if known_ids[id] then
- local set = known_ids[id]
- if not set.has_specific_symbols then
- set.has_specific_symbols = true
- end
- set.symbols[k] = false
- else
- rspamd_logger.errx(rspamd_config, 'symbol %s is denied at unknown settings id %s',
- k, id)
- end
- end
- end
- end
-
- -- Now we create lists of symbols for each settings and digest
- for _,set in pairs(known_ids) do
- set.symbols = lua_util.keys(fun.filter(function(_, v) return v end, set.symbols))
- table.sort(set.symbols)
- set.digest = lua_util.table_digest(set.symbols)
- end
-
- post_init_performed = true
- end
- end
-
- -- Returns numeric representation of the settings id
- local function numeric_settings_id(str)
- local cr = require "rspamd_cryptobox_hash"
- local util = require "rspamd_util"
- local ret = util.unpack("I4",
- cr.create_specific('xxh64'):update(str):bin())
-
- return ret
- end
-
- -- Used to do the following:
- -- If there is a group of symbols_allowed, it checks if that is an array
- -- If that is a hash table then we transform it to a normal list, probably adding symbols to adjust scores
- local function transform_settings_maybe(settings, name)
- if settings.apply then
- local apply = settings.apply
-
- if apply.symbols_enabled then
- local senabled = apply.symbols_enabled
-
- if not senabled[1] then
- -- Transform map to a list
- local nlist = {}
- if not apply.scores then
- apply.scores = {}
- end
- for k,v in pairs(senabled) do
- if tonumber(v) then
- -- Move to symbols as well
- apply.scores[k] = tonumber(v)
- lua_util.debugm('settings', rspamd_config,
- 'set symbol %s -> %s for settings %s', k, v, name)
- end
- nlist[#nlist + 1] = k
- end
- -- Convert
- apply.symbols_enabled = nlist
- end
-
- local symhash = lua_util.list_to_hash(apply.symbols_enabled)
-
- if apply.symbols then
- -- Check if added symbols are enabled
- for k,v in pairs(apply.symbols) do
- local s
- -- Check if we have ["sym1", "sym2" ...] or {"sym1": xx, "sym2": yy}
- if type(k) == 'string' then
- s = k
- else
- s = v
- end
- if not symhash[s] then
- lua_util.debugm('settings', rspamd_config,
- 'added symbol %s to symbols_enabled for %s', s, name)
- apply.symbols_enabled[#apply.symbols_enabled + 1] = s
- end
- end
- end
- end
- end
-
- return settings
- end
-
- local function register_settings_id(str, settings)
- local numeric_id = numeric_settings_id(str)
-
- if known_ids[numeric_id] then
- -- Might be either rewrite or a collision
- if known_ids[numeric_id].name ~= str then
- local logger = require "rspamd_logger"
-
- logger.errx(rspamd_config, 'settings ID clash! id %s maps to %s and conflicts with %s',
- numeric_id, known_ids[numeric_id].name, str)
-
- return nil
- end
- else
- known_ids[numeric_id] = {
- name = str,
- settings = transform_settings_maybe(settings, str),
- symbols = {}
- }
- end
-
- if not post_init_added then
- rspamd_config:add_post_init(register_settings_cb)
- rspamd_config:add_config_unload(function()
- if post_init_added then
- known_ids = {}
- post_init_added = false
- end
- post_init_performed = false
- end)
-
- post_init_added = true
- end
-
- return numeric_id
- end
-
- exports.register_settings_id = register_settings_id
-
-
- local function settings_by_id(id)
- if not post_init_performed then
- register_settings_cb()
- end
- return known_ids[id]
- end
-
-
- exports.settings_by_id = settings_by_id
- exports.all_settings = function()
- if not post_init_performed then
- register_settings_cb()
- end
- return known_ids
- end
- exports.all_symbols = function()
- if not post_init_performed then
- register_settings_cb()
- end
- return all_symbols
- end
- -- What is enabled when no settings are there
- exports.default_symbols = function()
- if not post_init_performed then
- register_settings_cb()
- end
- return default_symbols
- end
-
- return exports
|