mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17546 Commits
28 Branches
Tree: f84b86d901
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f84b86d901'
${ noResults }
rspamd/src/controller.c

controller.c 96KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "libserver/dynamic_cfg.h"

  18. #include "libserver/cfg_file_private.h"

  19. #include "libutil/rrd.h"

  20. #include "libserver/maps/map.h"

  21. #include "libserver/maps/map_helpers.h"

  22. #include "libserver/maps/map_private.h"

  23. #include "libserver/http/http_private.h"

  24. #include "libserver/http/http_router.h"

  25. #include "libstat/stat_api.h"

  26. #include "rspamd.h"

  27. #include "libserver/worker_util.h"

  28. #include "worker_private.h"

  29. #include "lua/lua_common.h"

  30. #include "cryptobox.h"

  31. #include "ottery.h"

  32. #include "fuzzy_wire.h"

  33. #include "unix-std.h"

  34. #include "utlist.h"

  35. #include "libmime/lang_detection.h"

  36. #include <math.h>

  37. 

  38. /* 60 seconds for worker's IO */

  39. #define DEFAULT_WORKER_IO_TIMEOUT 60000

  40. 

  41. /* HTTP paths */

  42. #define PATH_AUTH "/auth"

  43. #define PATH_SYMBOLS "/symbols"

  44. #define PATH_ACTIONS "/actions"

  45. #define PATH_MAPS "/maps"

  46. #define PATH_GET_MAP "/getmap"

  47. #define PATH_GRAPH "/graph"

  48. #define PATH_PIE_CHART "/pie"

  49. #define PATH_HISTORY "/history"

  50. #define PATH_HISTORY_RESET "/historyreset"

  51. #define PATH_LEARN_SPAM "/learnspam"

  52. #define PATH_LEARN_HAM "/learnham"

  53. #define PATH_SAVE_ACTIONS "/saveactions"

  54. #define PATH_SAVE_SYMBOLS "/savesymbols"

  55. #define PATH_SAVE_MAP "/savemap"

  56. #define PATH_SCAN "/scan"

  57. #define PATH_CHECK "/check"

  58. #define PATH_CHECKV2 "/checkv2"

  59. #define PATH_STAT "/stat"

  60. #define PATH_STAT_RESET "/statreset"

  61. #define PATH_COUNTERS "/counters"

  62. #define PATH_ERRORS "/errors"

  63. #define PATH_NEIGHBOURS "/neighbours"

  64. #define PATH_PLUGINS "/plugins"

  65. #define PATH_PING "/ping"

  66. 

  67. #define msg_err_session(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \

  68.         session->pool->tag.tagname, session->pool->tag.uid, \

  69.         G_STRFUNC, \

  70.         __VA_ARGS__)

  71. #define msg_warn_session(...)   rspamd_default_log_function (G_LOG_LEVEL_WARNING, \

  72.         session->pool->tag.tagname, session->pool->tag.uid, \

  73.         G_STRFUNC, \

  74.         __VA_ARGS__)

  75. #define msg_info_session(...)   rspamd_default_log_function (G_LOG_LEVEL_INFO, \

  76.         session->pool->tag.tagname, session->pool->tag.uid, \

  77.         G_STRFUNC, \

  78.         __VA_ARGS__)

  79. #define msg_err_ctx(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \

  80.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  81.         G_STRFUNC, \

  82.         __VA_ARGS__)

  83. #define msg_warn_ctx(...)   rspamd_default_log_function (G_LOG_LEVEL_WARNING, \

  84.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  85.         G_STRFUNC, \

  86.         __VA_ARGS__)

  87. #define msg_info_ctx(...)   rspamd_default_log_function (G_LOG_LEVEL_INFO, \

  88.         "controller", ctx->cfg->cfg_pool->tag.uid, \

  89.         G_STRFUNC, \

  90.         __VA_ARGS__)

  91. 

  92. #define msg_debug_session(...)  rspamd_conditional_debug_fast (NULL, session->from_addr, \

  93.         rspamd_controller_log_id, "controller", session->pool->tag.uid, \

  94.         G_STRFUNC, \

  95.         __VA_ARGS__)

  96. 

  97. INIT_LOG_MODULE(controller)

  98. 

  99. /* Graph colors */

  100. #define COLOR_CLEAN "#58A458"

  101. #define COLOR_PROBABLE_SPAM "#D67E7E"

  102. #define COLOR_GREYLIST "#A0A0A0"

  103. #define COLOR_REJECT "#CB4B4B"

  104. #define COLOR_TOTAL "#9440ED"

  105. 

  106. static const guint64 rspamd_controller_ctx_magic = 0xf72697805e6941faULL;

  107. 

  108. extern void fuzzy_stat_command (struct rspamd_task *task);

  109. 

  110. gpointer init_controller_worker (struct rspamd_config *cfg);

  111. void start_controller_worker (struct rspamd_worker *worker);

  112. 

  113. worker_t controller_worker = {

  114. 	"controller",                   /* Name */

  115. 	init_controller_worker,         /* Init function */

  116. 	start_controller_worker,        /* Start function */

  117. 	RSPAMD_WORKER_HAS_SOCKET | RSPAMD_WORKER_KILLABLE |

  118. 			RSPAMD_WORKER_SCANNER | RSPAMD_WORKER_CONTROLLER,

  119. 	RSPAMD_WORKER_SOCKET_TCP,       /* TCP socket */

  120. 	RSPAMD_WORKER_VER       /* Version info */

  121. };

  122. /*

  123.  * Worker's context

  124.  */

  125. struct rspamd_controller_worker_ctx {

  126. 	guint64 magic;

  127. 	/* Events base */

  128. 	struct ev_loop *event_loop;

  129. 	/* DNS resolver */

  130. 	struct rspamd_dns_resolver *resolver;

  131. 	/* Config */

  132. 	struct rspamd_config *cfg;

  133. 	/* END OF COMMON PART */

  134. 	ev_tstamp timeout;

  135. 	/* Whether we use ssl for this server */

  136. 	gboolean use_ssl;

  137. 	/* Webui password */

  138. 	gchar *password;

  139. 	/* Privilleged password */

  140. 	gchar *enable_password;

  141. 	/* Cached versions of the passwords */

  142. 	rspamd_ftok_t cached_password;

  143. 	rspamd_ftok_t cached_enable_password;

  144. 	/* HTTP server */

  145. 	struct rspamd_http_context *http_ctx;

  146. 	struct rspamd_http_connection_router *http;

  147. 	/* Server's start time */

  148. 	ev_tstamp start_time;

  149. 	/* Main server */

  150. 	struct rspamd_main *srv;

  151. 	/* SSL cert */

  152. 	gchar *ssl_cert;

  153. 	/* SSL private key */

  154. 	gchar *ssl_key;

  155. 	/* A map of secure IP */

  156. 	const ucl_object_t *secure_ip;

  157. 	struct rspamd_radix_map_helper *secure_map;

  158. 

  159. 	/* Static files dir */

  160. 	gchar *static_files_dir;

  161. 

  162. 	/* Custom commands registered by plugins */

  163. 	GHashTable *custom_commands;

  164. 

  165. 	/* Plugins registered from lua */

  166. 	GHashTable *plugins;

  167. 

  168. 	/* Worker */

  169. 	struct rspamd_worker *worker;

  170. 

  171. 	/* Local keypair */

  172. 	gpointer key;

  173. 

  174. 	struct rspamd_rrd_file *rrd;

  175. 	struct rspamd_lang_detector *lang_det;

  176. 	gdouble task_timeout;

  177. };

  178. 

  179. struct rspamd_controller_plugin_cbdata {

  180. 	lua_State *L;

  181. 	struct rspamd_controller_worker_ctx *ctx;

  182. 	gchar *plugin;

  183. 	struct ucl_lua_funcdata *handler;

  184. 	ucl_object_t *obj;

  185. 	gboolean is_enable;

  186. 	gboolean need_task;

  187. 	guint version;

  188. };

  189. 

  190. static gboolean

  191. rspamd_is_encrypted_password (const gchar *password,

  192. 		struct rspamd_controller_pbkdf const **pbkdf)

  193. {

  194. 	const gchar *start, *end;

  195. 	gint64 id;

  196. 	gsize size, i;

  197. 	gboolean ret = FALSE;

  198. 	const struct rspamd_controller_pbkdf *p;

  199. 

  200. 	if (password[0] == '$') {

  201. 		/* Parse id */

  202. 		start = password + 1;

  203. 		end = start;

  204. 		size = 0;

  205. 

  206. 		while (*end != '\0' && g_ascii_isdigit (*end)) {

  207. 			size++;

  208. 			end++;

  209. 		}

  210. 

  211. 		if (size > 0) {

  212. 			gchar *endptr;

  213. 			id = strtoul (start, &endptr, 10);

  214. 

  215. 			if ((endptr == NULL || *endptr == *end)) {

  216. 				for (i = 0; i < RSPAMD_PBKDF_ID_MAX - 1; i ++) {

  217. 					p = &pbkdf_list[i];

  218. 

  219. 					if (p->id == id) {

  220. 						ret = TRUE;

  221. 						if (pbkdf != NULL) {

  222. 							*pbkdf = &pbkdf_list[i];

  223. 						}

  224. 

  225. 						break;

  226. 					}

  227. 				}

  228. 			}

  229. 		}

  230. 	}

  231. 

  232. 	return ret;

  233. }

  234. 

  235. static const gchar *

  236. rspamd_encrypted_password_get_str (const gchar * password, gsize skip,

  237. 		gsize * length)

  238. {

  239. 	const gchar *str, *start, *end;

  240. 	gsize size;

  241. 

  242. 	start = password + skip;

  243. 	end = start;

  244. 	size = 0;

  245. 

  246. 	while (*end != '\0' && g_ascii_isalnum (*end)) {

  247. 		size++;

  248. 		end++;

  249. 	}

  250. 

  251. 	if (size) {

  252. 		str = start;

  253. 		*length = size;

  254. 	}

  255. 	else {

  256. 		str = NULL;

  257. 	}

  258. 

  259. 	return str;

  260. }

  261. 

  262. static gboolean

  263. rspamd_check_encrypted_password (struct rspamd_controller_worker_ctx *ctx,

  264. 		const rspamd_ftok_t * password, const gchar * check,

  265. 		const struct rspamd_controller_pbkdf *pbkdf,

  266. 		gboolean is_enable)

  267. {

  268. 	const gchar *salt, *hash;

  269. 	gchar *salt_decoded, *key_decoded;

  270. 	gsize salt_len = 0, key_len = 0;

  271. 	gboolean ret = TRUE;

  272. 	guchar *local_key;

  273. 	rspamd_ftok_t *cache;

  274. 	gpointer m;

  275. 

  276. 	/* First of all check cached versions to save resources */

  277. 	if (is_enable && ctx->cached_enable_password.len != 0) {

  278. 		if (password->len != ctx->cached_enable_password.len ||

  279. 				!rspamd_constant_memcmp (password->begin,

  280. 						ctx->cached_enable_password.begin, password->len)) {

  281. 			msg_info_ctx ("incorrect or absent enable password has been specified");

  282. 			return FALSE;

  283. 		}

  284. 

  285. 		return TRUE;

  286. 	}

  287. 	else if (!is_enable && ctx->cached_password.len != 0) {

  288. 		if (password->len != ctx->cached_password.len ||

  289. 				!rspamd_constant_memcmp (password->begin,

  290. 						ctx->cached_password.begin, password->len)) {

  291. 			/* We still need to check enable password here */

  292. 			if (ctx->cached_enable_password.len != 0) {

  293. 				if (password->len != ctx->cached_enable_password.len ||

  294. 						!rspamd_constant_memcmp (password->begin,

  295. 								ctx->cached_enable_password.begin,

  296. 								password->len)) {

  297. 					msg_info_ctx (

  298. 							"incorrect or absent password has been specified");

  299. 

  300. 					return FALSE;

  301. 				}

  302. 				else {

  303. 					/* Cached matched */

  304. 					return TRUE;

  305. 				}

  306. 			}

  307. 			else {

  308. 				/* We might want to check uncached version */

  309. 				goto check_uncached;

  310. 			}

  311. 		}

  312. 		else {

  313. 			/* Cached matched */

  314. 			return TRUE;

  315. 		}

  316. 	}

  317. 

  318. check_uncached:

  319. 	g_assert (pbkdf != NULL);

  320. 	/* get salt */

  321. 	salt = rspamd_encrypted_password_get_str (check, 3, &salt_len);

  322. 	/* get hash */

  323. 	hash = rspamd_encrypted_password_get_str (check, 3 + salt_len + 1,

  324. 			&key_len);

  325. 	if (salt != NULL && hash != NULL) {

  326. 

  327. 		/* decode salt */

  328. 		salt_decoded = rspamd_decode_base32 (salt, salt_len, &salt_len, RSPAMD_BASE32_DEFAULT);

  329. 

  330. 		if (salt_decoded == NULL || salt_len != pbkdf->salt_len) {

  331. 			/* We have some unknown salt here */

  332. 			msg_info_ctx ("incorrect salt: %z, while %z expected",

  333. 					salt_len, pbkdf->salt_len);

  334. 			return FALSE;

  335. 		}

  336. 

  337. 		key_decoded = rspamd_decode_base32 (hash, key_len, &key_len, RSPAMD_BASE32_DEFAULT);

  338. 

  339. 		if (key_decoded == NULL || key_len != pbkdf->key_len) {

  340. 			/* We have some unknown salt here */

  341. 			msg_info_ctx ("incorrect key: %z, while %z expected",

  342. 					key_len, pbkdf->key_len);

  343. 			return FALSE;

  344. 		}

  345. 

  346. 		local_key = g_alloca (pbkdf->key_len);

  347. 		rspamd_cryptobox_pbkdf (password->begin, password->len,

  348. 				salt_decoded, salt_len,

  349. 				local_key, pbkdf->key_len, pbkdf->complexity,

  350. 				pbkdf->type);

  351. 

  352. 		if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {

  353. 			msg_info_ctx ("incorrect or absent password has been specified");

  354. 			ret = FALSE;

  355. 		}

  356. 

  357. 		g_free (salt_decoded);

  358. 		g_free (key_decoded);

  359. 	}

  360. 

  361. 	if (ret) {

  362. 		/* Save cached version */

  363. 		cache = is_enable ? &ctx->cached_enable_password : &ctx->cached_password;

  364. 

  365. 		if (cache->len == 0) {

  366. 			/* Mmap region */

  367. #ifdef MAP_NOCORE

  368. 			m = mmap (NULL, password->len, PROT_WRITE,

  369. 					MAP_PRIVATE | MAP_ANON | MAP_NOCORE, -1, 0);

  370. #else

  371. 			m = mmap (NULL, password->len, PROT_WRITE,

  372. 					MAP_PRIVATE | MAP_ANON, -1, 0);

  373. #endif

  374. 			if (m != MAP_FAILED) {

  375. 				memcpy (m, password->begin, password->len);

  376. 				(void)mprotect (m, password->len, PROT_READ);

  377. 				(void)mlock (m, password->len);

  378. 				cache->begin = m;

  379. 				cache->len = password->len;

  380. 			}

  381. 			else {

  382. 				msg_err_ctx ("cannot store cached password, mmap failed: %s",

  383. 						strerror (errno));

  384. 			}

  385. 		}

  386. 	}

  387. 

  388. 	return ret;

  389. }

  390. 

  391. /**

  392.  * Checks for X-Forwarded-For header and update client's address if needed

  393.  *

  394.  * This function is intended to be called for a trusted client to ensure that

  395.  * a request is not proxied through it

  396.  * @return 0 if no forwarded found, 1 if forwarded found and it is yet trusted

  397.  * and -1 if forwarded is denied

  398.  */

  399. static gint

  400. rspamd_controller_check_forwarded (struct rspamd_controller_session *session,

  401. 		struct rspamd_http_message *msg,

  402. 		struct rspamd_controller_worker_ctx *ctx)

  403. {

  404. 	const rspamd_ftok_t *hdr;

  405. 	const gchar *comma;

  406. 	const char *hdr_name = "X-Forwarded-For", *alt_hdr_name = "X-Real-IP";

  407. 	char ip_buf[INET6_ADDRSTRLEN + 1];

  408. 	rspamd_inet_addr_t *addr = NULL;

  409. 	gint ret = 0;

  410. 

  411. 	hdr = rspamd_http_message_find_header (msg, hdr_name);

  412. 

  413. 	if (hdr) {

  414. 		/*

  415. 		 * We need to parse and update the header

  416. 		 * X-Forwarded-For: client, proxy1, proxy2

  417. 		 */

  418. 		comma = rspamd_memrchr (hdr->begin, ',', hdr->len);

  419. 		if (comma != NULL) {

  420. 			while (comma < hdr->begin + hdr->len &&

  421. 					(*comma == ',' || g_ascii_isspace (*comma))) {

  422. 				comma ++;

  423. 			}

  424. 		}

  425. 		else {

  426. 			comma = hdr->begin;

  427. 		}

  428. 		if (rspamd_parse_inet_address (&addr, comma,

  429. 				(hdr->begin + hdr->len) - comma,

  430. 				RSPAMD_INET_ADDRESS_PARSE_NO_UNIX)) {

  431. 			/* We have addr now, so check if it is still trusted */

  432. 			if (ctx->secure_map &&

  433. 					rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {

  434. 				/* rspamd_inet_address_to_string is not reentrant */

  435. 				rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),

  436. 						sizeof (ip_buf));

  437. 				msg_info_session ("allow unauthorized proxied connection "

  438. 						"from a trusted IP %s via %s",

  439. 						ip_buf,

  440. 						rspamd_inet_address_to_string (session->from_addr));

  441. 				ret = 1;

  442. 			}

  443. 			else {

  444. 				ret = -1;

  445. 			}

  446. 

  447. 			rspamd_inet_address_free (addr);

  448. 		}

  449. 		else {

  450. 			msg_warn_session ("cannot parse forwarded IP: %T", hdr);

  451. 			ret = -1;

  452. 		}

  453. 	}

  454. 	else {

  455. 		/* Try also X-Real-IP */

  456. 		hdr = rspamd_http_message_find_header (msg, alt_hdr_name);

  457. 

  458. 		if (hdr) {

  459. 			if (rspamd_parse_inet_address (&addr, hdr->begin, hdr->len,

  460. 					RSPAMD_INET_ADDRESS_PARSE_NO_UNIX)) {

  461. 				/* We have addr now, so check if it is still trusted */

  462. 				if (ctx->secure_map &&

  463. 						rspamd_match_radix_map_addr (ctx->secure_map, addr) != NULL) {

  464. 					/* rspamd_inet_address_to_string is not reentrant */

  465. 					rspamd_strlcpy (ip_buf, rspamd_inet_address_to_string (addr),

  466. 							sizeof (ip_buf));

  467. 					msg_info_session ("allow unauthorized proxied connection "

  468. 							"from a trusted IP %s via %s",

  469. 							ip_buf,

  470. 							rspamd_inet_address_to_string (session->from_addr));

  471. 					ret = 1;

  472. 				}

  473. 				else {

  474. 					ret = -1;

  475. 				}

  476. 

  477. 				rspamd_inet_address_free (addr);

  478. 			}

  479. 			else {

  480. 				msg_warn_session ("cannot parse real IP: %T", hdr);

  481. 				ret = -1;

  482. 			}

  483. 		}

  484. 	}

  485. 

  486. 	return ret;

  487. }

  488. 

  489. /* Check for password if it is required by configuration */

  490. static gboolean

  491. rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,

  492. 		struct rspamd_controller_session *session,

  493. 		struct rspamd_http_message *msg, gboolean is_enable)

  494. {

  495. 	const gchar *check;

  496. 	const rspamd_ftok_t *password;

  497. 	rspamd_ftok_t lookup;

  498. 	GHashTable *query_args = NULL;

  499. 	struct rspamd_controller_worker_ctx *ctx = session->ctx;

  500. 	gboolean check_normal = TRUE, check_enable = TRUE, ret = TRUE,

  501. 		use_enable = FALSE;

  502. 	const struct rspamd_controller_pbkdf *pbkdf = NULL;

  503. 

  504. 	/* Access list logic */

  505. 	if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {

  506. 		ret = rspamd_controller_check_forwarded (session, msg, ctx);

  507. 

  508. 		if (ret == 1) {

  509. 			session->is_enable = TRUE;

  510. 

  511. 			return TRUE;

  512. 		}

  513. 		else if (ret == 0) {

  514. 			/* No forwarded found */

  515. 			msg_info_session ("allow unauthorized connection from a unix socket");

  516. 			session->is_enable = TRUE;

  517. 

  518. 			return TRUE;

  519. 		}

  520. 	}

  521. 	else if (ctx->secure_map

  522. 			&& rspamd_match_radix_map_addr (ctx->secure_map, session->from_addr)

  523. 					!= NULL) {

  524. 		ret = rspamd_controller_check_forwarded (session, msg, ctx);

  525. 

  526. 		if (ret == 1) {

  527. 			session->is_enable = TRUE;

  528. 

  529. 			return TRUE;

  530. 		}

  531. 		else if (ret == 0) {

  532. 			/* No forwarded found */

  533. 			msg_info_session ("allow unauthorized connection from a trusted IP %s",

  534. 							rspamd_inet_address_to_string (session->from_addr));

  535. 			session->is_enable = TRUE;

  536. 

  537. 			return TRUE;

  538. 		}

  539. 	}

  540. 

  541. 	/* Password logic */

  542. 	password = rspamd_http_message_find_header (msg, "Password");

  543. 

  544. 	if (password == NULL) {

  545. 		/* Try to get password from query args */

  546. 		query_args = rspamd_http_message_parse_query (msg);

  547. 

  548. 		lookup.begin = (gchar *)"password";

  549. 		lookup.len = sizeof ("password") - 1;

  550. 

  551. 		password = g_hash_table_lookup (query_args, &lookup);

  552. 	}

  553. 

  554. 	if (password == NULL) {

  555. 		if (ctx->secure_map == NULL) {

  556. 			if (ctx->password == NULL && !is_enable) {

  557. 				return TRUE;

  558. 			}

  559. 			else if (is_enable && (ctx->password == NULL &&

  560. 					ctx->enable_password == NULL)) {

  561. 				session->is_enable = TRUE;

  562. 				return TRUE;

  563. 			}

  564. 		}

  565. 

  566. 		msg_info_session ("absent password has been specified; source ip: %s",

  567. 				rspamd_inet_address_to_string_pretty (session->from_addr));

  568. 		ret = FALSE;

  569. 	}

  570. 	else {

  571. 		if (rspamd_ftok_cstr_equal (password, "q1", FALSE) ||

  572. 				rspamd_ftok_cstr_equal (password, "q2", FALSE)) {

  573. 			msg_info_session ("deny default password for remote access; source ip: %s",

  574. 					rspamd_inet_address_to_string_pretty (session->from_addr));

  575. 			ret = FALSE;

  576. 			goto end;

  577. 		}

  578. 

  579. 		if (is_enable) {

  580. 			/* For privileged commands we strictly require enable password */

  581. 			if (ctx->enable_password != NULL) {

  582. 				check = ctx->enable_password;

  583. 				use_enable = TRUE;

  584. 			}

  585. 			else {

  586. 				/* Use just a password (legacy mode) */

  587. 				msg_info(

  588. 						"using password as enable_password for a privileged command");

  589. 				check = ctx->password;

  590. 			}

  591. 

  592. 			if (check != NULL) {

  593. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  594. 					ret = FALSE;

  595. 

  596. 					if (strlen (check) == password->len) {

  597. 						ret = rspamd_constant_memcmp (password->begin, check,

  598. 								password->len);

  599. 					}

  600. 				}

  601. 				else {

  602. 					ret = rspamd_check_encrypted_password (ctx, password, check,

  603. 							pbkdf, use_enable);

  604. 				}

  605. 			}

  606. 			else {

  607. 				msg_warn_session (

  608. 						"no password to check while executing a privileged command; source ip: %s",

  609. 						rspamd_inet_address_to_string_pretty (session->from_addr));

  610. 				ret = FALSE;

  611. 			}

  612. 

  613. 			if (ret) {

  614. 				session->is_enable = TRUE;

  615. 			}

  616. 		}

  617. 		else {

  618. 			/* Accept both normal and enable passwords */

  619. 			if (ctx->password != NULL) {

  620. 				check = ctx->password;

  621. 

  622. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  623. 					check_normal = FALSE;

  624. 

  625. 					if (strlen (check) == password->len) {

  626. 						check_normal = rspamd_constant_memcmp (password->begin,

  627. 								check,

  628. 								password->len);

  629. 					}

  630. 				}

  631. 				else {

  632. 					check_normal = rspamd_check_encrypted_password (ctx,

  633. 							password,

  634. 							check, pbkdf, FALSE);

  635. 				}

  636. 

  637. 			}

  638. 			else {

  639. 				check_normal = FALSE;

  640. 			}

  641. 

  642. 			if (ctx->enable_password != NULL) {

  643. 				check = ctx->enable_password;

  644. 

  645. 				if (!rspamd_is_encrypted_password (check, &pbkdf)) {

  646. 					check_enable = FALSE;

  647. 

  648. 					if (strlen (check) == password->len) {

  649. 						check_enable = rspamd_constant_memcmp (password->begin,

  650. 								check,

  651. 								password->len);

  652. 					}

  653. 				}

  654. 				else {

  655. 					check_enable = rspamd_check_encrypted_password (ctx,

  656. 							password,

  657. 							check, pbkdf, TRUE);

  658. 				}

  659. 

  660. 				if (check_enable) {

  661. 					session->is_enable = TRUE;

  662. 				}

  663. 			}

  664. 			else {

  665. 				check_enable = FALSE;

  666. 

  667. 				if (check_normal) {

  668. 					/*

  669. 					 * If no enable password is specified use normal password as

  670. 					 * enable password

  671. 					 */

  672. 					session->is_enable = TRUE;

  673. 				}

  674. 			}

  675. 		}

  676. 	}

  677. 

  678. 	if (check_normal == FALSE && check_enable == FALSE) {

  679. 		msg_info ("absent or incorrect password has been specified; source ip: %s",

  680. 				rspamd_inet_address_to_string_pretty (session->from_addr));

  681. 		ret = FALSE;

  682. 	}

  683. 

  684. end:

  685. 	if (query_args != NULL) {

  686. 		g_hash_table_unref (query_args);

  687. 	}

  688. 

  689. 	if (!ret) {

  690. 		rspamd_controller_send_error (entry, 403, "Unauthorized");

  691. 	}

  692. 

  693. 	return ret;

  694. }

  695. 

  696. /* Command handlers */

  697. 

  698. /*

  699.  * Auth command handler:

  700.  * request: /auth

  701.  * headers: Password

  702.  * reply: json {"auth": "ok", "version": "0.5.2", "uptime": "some uptime", "error": "none"}

  703.  */

  704. static int

  705. rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,

  706. 	struct rspamd_http_message *msg)

  707. {

  708. 	struct rspamd_controller_session *session = conn_ent->ud;

  709. 	struct rspamd_stat *st;

  710. 	int64_t uptime;

  711. 	gulong data[5];

  712. 	ucl_object_t *obj;

  713. 

  714. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  715. 		return 0;

  716. 	}

  717. 

  718. 	obj = ucl_object_typed_new (UCL_OBJECT);

  719. 	st = session->ctx->srv->stat;

  720. 	data[0] = st->actions_stat[METRIC_ACTION_NOACTION];

  721. 	data[1] = st->actions_stat[METRIC_ACTION_ADD_HEADER] +

  722. 		st->actions_stat[METRIC_ACTION_REWRITE_SUBJECT];

  723. 	data[2] = st->actions_stat[METRIC_ACTION_GREYLIST];

  724. 	data[3] = st->actions_stat[METRIC_ACTION_REJECT];

  725. 	data[4] = st->actions_stat[METRIC_ACTION_SOFT_REJECT];

  726. 

  727. 	/* Get uptime */

  728. 	uptime = ev_time () - session->ctx->start_time;

  729. 

  730. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  731. 			RVERSION),			   "version",  0, false);

  732. 	ucl_object_insert_key (obj, ucl_object_fromstring (

  733. 			"ok"),				   "auth",	   0, false);

  734. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  735. 			uptime),			   "uptime",   0, false);

  736. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  737. 			data[0]),			   "clean",	   0, false);

  738. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  739. 			data[1]),			   "probable", 0, false);

  740. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  741. 			data[2]),			   "greylist", 0, false);

  742. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  743. 			data[3]),			   "reject",   0, false);

  744. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  745. 			data[4]),			   "soft_reject",   0, false);

  746. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  747. 			st->messages_scanned), "scanned",  0, false);

  748. 	ucl_object_insert_key (obj,	   ucl_object_fromint (

  749. 			st->messages_learned), "learned",  0, false);

  750. 	ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable),

  751. 			"read_only", 0, false);

  752. 	ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum),

  753. 			"config_id", 0, false);

  754. 

  755. 	rspamd_controller_send_ucl (conn_ent, obj);

  756. 	ucl_object_unref (obj);

  757. 

  758. 	return 0;

  759. }

  760. 

  761. /*

  762.  * Symbols command handler:

  763.  * request: /symbols

  764.  * reply: json [{

  765.  *  "name": "group_name",

  766.  *  "symbols": [

  767.  *      {

  768.  *      "name": "name",

  769.  *      "weight": 0.1,

  770.  *      "description": "description of symbol"

  771.  *      },

  772.  *      {...}

  773.  * },

  774.  * {...}]

  775.  */

  776. static int

  777. rspamd_controller_handle_symbols (struct rspamd_http_connection_entry *conn_ent,

  778. 	struct rspamd_http_message *msg)

  779. {

  780. 	struct rspamd_controller_session *session = conn_ent->ud;

  781. 	GHashTableIter it, sit;

  782. 	struct rspamd_symbols_group *gr;

  783. 	struct rspamd_symbol *sym;

  784. 	ucl_object_t *obj, *top, *sym_obj, *group_symbols;

  785. 	gpointer k, v;

  786. 

  787. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  788. 		return 0;

  789. 	}

  790. 

  791. 	top = ucl_object_typed_new (UCL_ARRAY);

  792. 

  793. 	/* Go through all symbols groups in the default metric */

  794. 	g_hash_table_iter_init (&it, session->cfg->groups);

  795. 

  796. 	while (g_hash_table_iter_next (&it, &k, &v)) {

  797. 		gr = v;

  798. 		obj = ucl_object_typed_new (UCL_OBJECT);

  799. 		ucl_object_insert_key (obj, ucl_object_fromstring (

  800. 				gr->name), "group", 0, false);

  801. 		/* Iterate through all symbols */

  802. 

  803. 		g_hash_table_iter_init (&sit, gr->symbols);

  804. 		group_symbols = ucl_object_typed_new (UCL_ARRAY);

  805. 

  806. 		while (g_hash_table_iter_next (&sit, &k, &v)) {

  807. 			gdouble tm = 0.0, freq = 0, freq_dev = 0;

  808. 

  809. 			sym = v;

  810. 			sym_obj = ucl_object_typed_new (UCL_OBJECT);

  811. 

  812. 			ucl_object_insert_key (sym_obj, ucl_object_fromstring (sym->name),

  813. 				"symbol", 0, false);

  814. 			ucl_object_insert_key (sym_obj,

  815. 				ucl_object_fromdouble (*sym->weight_ptr),

  816. 				"weight", 0, false);

  817. 			if (sym->description) {

  818. 				ucl_object_insert_key (sym_obj,

  819. 					ucl_object_fromstring (sym->description),

  820. 					"description", 0, false);

  821. 			}

  822. 

  823. 			if (rspamd_symcache_stat_symbol (session->ctx->cfg->cache,

  824. 					sym->name, &freq, &freq_dev, &tm, NULL)) {

  825. 				ucl_object_insert_key (sym_obj,

  826. 						ucl_object_fromdouble (freq),

  827. 						"frequency", 0, false);

  828. 				ucl_object_insert_key (sym_obj,

  829. 						ucl_object_fromdouble (freq_dev),

  830. 						"frequency_stddev", 0, false);

  831. 				ucl_object_insert_key (sym_obj,

  832. 						ucl_object_fromdouble (tm),

  833. 						"time", 0, false);

  834. 			}

  835. 

  836. 			ucl_array_append (group_symbols, sym_obj);

  837. 		}

  838. 

  839. 		ucl_object_insert_key (obj, group_symbols, "rules", 0, false);

  840. 		ucl_array_append (top, obj);

  841. 	}

  842. 

  843. 	rspamd_controller_send_ucl (conn_ent, top);

  844. 	ucl_object_unref (top);

  845. 

  846. 	return 0;

  847. }

  848. 

  849. /*

  850.  * Actions command handler:

  851.  * request: /actions

  852.  * reply: json [{

  853.  *  "action": "no action",

  854.  *  "value": 1.1

  855.  * },

  856.  * {...}]

  857.  */

  858. static int

  859. rspamd_controller_handle_actions (struct rspamd_http_connection_entry *conn_ent,

  860. 	struct rspamd_http_message *msg)

  861. {

  862. 	struct rspamd_controller_session *session = conn_ent->ud;

  863. 	struct rspamd_action *act, *tmp;

  864. 	ucl_object_t *obj, *top;

  865. 

  866. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  867. 		return 0;

  868. 	}

  869. 

  870. 	top = ucl_object_typed_new (UCL_ARRAY);

  871. 

  872. 	HASH_ITER (hh, session->cfg->actions, act, tmp) {

  873. 		obj = ucl_object_typed_new (UCL_OBJECT);

  874. 		ucl_object_insert_key (obj,

  875. 				ucl_object_fromstring (act->name),

  876. 				"action", 0, false);

  877. 		ucl_object_insert_key (obj,

  878. 				ucl_object_fromdouble (act->threshold),

  879. 				"value", 0, false);

  880. 		ucl_array_append (top, obj);

  881. 	}

  882. 

  883. 	rspamd_controller_send_ucl (conn_ent, top);

  884. 	ucl_object_unref (top);

  885. 

  886. 	return 0;

  887. }

  888. 

  889. static gboolean

  890. rspamd_controller_can_edit_map (struct rspamd_map_backend *bk)

  891. {

  892. 	gchar *fpath;

  893. 

  894. 	if (access (bk->uri, W_OK) == 0) {

  895. 		return TRUE;

  896. 	}

  897. 	else if (access (bk->uri, R_OK) == -1 && errno == ENOENT) {

  898. 		fpath = g_path_get_dirname (bk->uri);

  899. 

  900. 		if (fpath) {

  901. 			if (access (fpath, W_OK) == 0) {

  902. 				g_free (fpath);

  903. 

  904. 				return TRUE;

  905. 			}

  906. 

  907. 			g_free (fpath);

  908. 		}

  909. 	}

  910. 

  911. 	return FALSE;

  912. }

  913. 

  914. /*

  915.  * Maps command handler:

  916.  * request: /maps

  917.  * headers: Password

  918.  * reply: json [

  919.  *      {

  920.  *      "map": "name",

  921.  *      "description": "description",

  922.  *      "editable": true

  923.  *      },

  924.  *      {...}

  925.  * ]

  926.  */

  927. static int

  928. rspamd_controller_handle_maps (struct rspamd_http_connection_entry *conn_ent,

  929. 	struct rspamd_http_message *msg)

  930. {

  931. 	struct rspamd_controller_session *session = conn_ent->ud;

  932. 	GList *cur;

  933. 	struct rspamd_map *map;

  934. 	struct rspamd_map_backend *bk;

  935. 	guint i;

  936. 	gboolean editable;

  937. 	ucl_object_t *obj, *top;

  938. 

  939. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  940. 		return 0;

  941. 	}

  942. 

  943. 	top = ucl_object_typed_new (UCL_ARRAY);

  944. 

  945. 	/* Iterate over all maps */

  946. 	cur = session->ctx->cfg->maps;

  947. 	while (cur) {

  948. 		map = cur->data;

  949. 

  950. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  951. 

  952. 			if (bk->protocol == MAP_PROTO_FILE) {

  953. 				editable = rspamd_controller_can_edit_map (bk);

  954. 

  955. 				if (!editable && access (bk->uri, R_OK) == -1) {

  956. 					/* Skip unreadable and non-existing maps */

  957. 					continue;

  958. 				}

  959. 

  960. 				obj = ucl_object_typed_new (UCL_OBJECT);

  961. 				ucl_object_insert_key (obj,	   ucl_object_fromint (bk->id),

  962. 						"map", 0, false);

  963. 				if (map->description) {

  964. 					ucl_object_insert_key (obj, ucl_object_fromstring (map->description),

  965. 							"description", 0, false);

  966. 				}

  967. 				ucl_object_insert_key (obj, ucl_object_fromstring (bk->uri),

  968. 						"uri", 0, false);

  969. 				ucl_object_insert_key (obj,	  ucl_object_frombool (editable),

  970. 						"editable", 0, false);

  971. 				ucl_array_append (top, obj);

  972. 			}

  973. 		}

  974. 		cur = g_list_next (cur);

  975. 	}

  976. 

  977. 	rspamd_controller_send_ucl (conn_ent, top);

  978. 	ucl_object_unref (top);

  979. 

  980. 	return 0;

  981. }

  982. 

  983. /*

  984.  * Get map command handler:

  985.  * request: /getmap

  986.  * headers: Password, Map

  987.  * reply: plain-text

  988.  */

  989. static int

  990. rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,

  991. 	struct rspamd_http_message *msg)

  992. {

  993. 	struct rspamd_controller_session *session = conn_ent->ud;

  994. 	GList *cur;

  995. 	struct rspamd_map *map;

  996. 	struct rspamd_map_backend *bk = NULL;

  997. 	const rspamd_ftok_t *idstr;

  998. 	struct stat st;

  999. 	gint fd;

  1000. 	gulong id, i;

  1001. 	gboolean found = FALSE;

  1002. 	struct rspamd_http_message *reply;

  1003. 

  1004. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1005. 		return 0;

  1006. 	}

  1007. 

  1008. 	idstr = rspamd_http_message_find_header (msg, "Map");

  1009. 

  1010. 	if (idstr == NULL) {

  1011. 		msg_info_session ("absent map id");

  1012. 		rspamd_controller_send_error (conn_ent, 400, "Id header missing");

  1013. 		return 0;

  1014. 	}

  1015. 

  1016. 	if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {

  1017. 		msg_info_session ("invalid map id");

  1018. 		rspamd_controller_send_error (conn_ent, 400, "Invalid map id");

  1019. 		return 0;

  1020. 	}

  1021. 

  1022. 	/* Now let's be sure that we have map defined in configuration */

  1023. 	cur = session->ctx->cfg->maps;

  1024. 	while (cur && !found) {

  1025. 		map = cur->data;

  1026. 

  1027. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  1028. 			if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {

  1029. 				found = TRUE;

  1030. 				break;

  1031. 			}

  1032. 		}

  1033. 

  1034. 		cur = g_list_next (cur);

  1035. 	}

  1036. 

  1037. 	if (!found || bk == NULL) {

  1038. 		msg_info_session ("map not found");

  1039. 		rspamd_controller_send_error (conn_ent, 404, "Map not found");

  1040. 		return 0;

  1041. 	}

  1042. 

  1043. 	if (stat (bk->uri, &st) == -1 || (fd = open (bk->uri, O_RDONLY)) == -1) {

  1044. 		reply = rspamd_http_new_message (HTTP_RESPONSE);

  1045. 		reply->date = time (NULL);

  1046. 		reply->code = 200;

  1047. 	}

  1048. 	else {

  1049. 

  1050. 		reply = rspamd_http_new_message (HTTP_RESPONSE);

  1051. 		reply->date = time (NULL);

  1052. 		reply->code = 200;

  1053. 

  1054. 		if (st.st_size > 0) {

  1055. 			if (!rspamd_http_message_set_body_from_fd (reply, fd)) {

  1056. 				close (fd);

  1057. 				rspamd_http_message_unref (reply);

  1058. 				msg_err_session ("cannot read map %s: %s", bk->uri, strerror (errno));

  1059. 				rspamd_controller_send_error (conn_ent, 500, "Map read error");

  1060. 				return 0;

  1061. 			}

  1062. 		}

  1063. 		else {

  1064. 			rspamd_fstring_t *empty_body = rspamd_fstring_new_init ("", 0);

  1065. 			rspamd_http_message_set_body_from_fstring_steal (reply, empty_body);

  1066. 		}

  1067. 

  1068. 		close (fd);

  1069. 	}

  1070. 

  1071. 	rspamd_http_connection_reset (conn_ent->conn);

  1072. 	rspamd_http_router_insert_headers (conn_ent->rt, reply);

  1073. 	rspamd_http_connection_write_message (conn_ent->conn, reply, NULL,

  1074. 			"text/plain", conn_ent,

  1075. 			conn_ent->rt->timeout);

  1076. 	conn_ent->is_reply = TRUE;

  1077. 

  1078. 	return 0;

  1079. }

  1080. 

  1081. static ucl_object_t *

  1082. rspamd_controller_pie_element (enum rspamd_action_type action,

  1083. 		const char *label, gdouble data)

  1084. {

  1085. 	ucl_object_t *res = ucl_object_typed_new (UCL_OBJECT);

  1086. 	const char *colors[METRIC_ACTION_MAX] = {

  1087. 		[METRIC_ACTION_REJECT] = "#FF0000",

  1088. 		[METRIC_ACTION_SOFT_REJECT] = "#cc9966",

  1089. 		[METRIC_ACTION_REWRITE_SUBJECT] = "#ff6600",

  1090. 		[METRIC_ACTION_ADD_HEADER] = "#FFD700",

  1091. 		[METRIC_ACTION_GREYLIST] = "#436EEE",

  1092. 		[METRIC_ACTION_NOACTION] = "#66cc00"

  1093. 	};

  1094. 

  1095. 	ucl_object_insert_key (res, ucl_object_fromstring (colors[action]),

  1096. 			"color", 0, false);

  1097. 	ucl_object_insert_key (res, ucl_object_fromstring (label), "label", 0, false);

  1098. 	ucl_object_insert_key (res, ucl_object_fromdouble (data), "data", 0, false);

  1099. 	ucl_object_insert_key (res, ucl_object_fromdouble (data), "value", 0, false);

  1100. 

  1101. 	return res;

  1102. }

  1103. 

  1104. /*

  1105.  * Pie chart command handler:

  1106.  * request: /pie

  1107.  * headers: Password

  1108.  * reply: json [

  1109.  *      { label: "Foo", data: 11 },

  1110.  *      { label: "Bar", data: 20 },

  1111.  *      {...}

  1112.  * ]

  1113.  */

  1114. static int

  1115. rspamd_controller_handle_pie_chart (

  1116. 	struct rspamd_http_connection_entry *conn_ent,

  1117. 	struct rspamd_http_message *msg)

  1118. {

  1119. 	struct rspamd_controller_session *session = conn_ent->ud;

  1120. 	struct rspamd_controller_worker_ctx *ctx;

  1121. 	gdouble data[5], total;

  1122. 	ucl_object_t *top;

  1123. 

  1124. 	ctx = session->ctx;

  1125. 

  1126. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1127. 		return 0;

  1128. 	}

  1129. 

  1130. 	top = ucl_object_typed_new (UCL_ARRAY);

  1131. 	total = ctx->srv->stat->messages_scanned;

  1132. 	if (total != 0) {

  1133. 

  1134. 		data[0] = ctx->srv->stat->actions_stat[METRIC_ACTION_NOACTION];

  1135. 		data[1] = ctx->srv->stat->actions_stat[METRIC_ACTION_SOFT_REJECT];

  1136. 		data[2] = (ctx->srv->stat->actions_stat[METRIC_ACTION_ADD_HEADER] +

  1137. 			ctx->srv->stat->actions_stat[METRIC_ACTION_REWRITE_SUBJECT]);

  1138. 		data[3] = ctx->srv->stat->actions_stat[METRIC_ACTION_GREYLIST];

  1139. 		data[4] = ctx->srv->stat->actions_stat[METRIC_ACTION_REJECT];

  1140. 	}

  1141. 	else {

  1142. 		memset (data, 0, sizeof (data));

  1143. 	}

  1144. 	ucl_array_append (top, rspamd_controller_pie_element (

  1145. 			METRIC_ACTION_NOACTION, "Clean", data[0]));

  1146. 	ucl_array_append (top, rspamd_controller_pie_element (

  1147. 			METRIC_ACTION_SOFT_REJECT, "Temporarily rejected", data[1]));

  1148. 	ucl_array_append (top, rspamd_controller_pie_element (

  1149. 			METRIC_ACTION_ADD_HEADER, "Probable spam", data[2]));

  1150. 	ucl_array_append (top, rspamd_controller_pie_element (

  1151. 			METRIC_ACTION_GREYLIST, "Greylisted", data[3]));

  1152. 	ucl_array_append (top, rspamd_controller_pie_element (

  1153. 			METRIC_ACTION_REJECT, "Rejected", data[4]));

  1154. 

  1155. 	rspamd_controller_send_ucl (conn_ent, top);

  1156. 	ucl_object_unref (top);

  1157. 

  1158. 	return 0;

  1159. }

  1160. 

  1161. void

  1162. rspamd_controller_graph_point (gulong t, gulong step,

  1163. 		struct rspamd_rrd_query_result* rrd_result,

  1164. 		gdouble *acc,

  1165. 		ucl_object_t **elt)

  1166. {

  1167. 	guint nan_cnt;

  1168. 	gdouble sum = 0.0, yval;

  1169. 	ucl_object_t* data_elt;

  1170. 	guint i, j;

  1171. 

  1172. 	for (i = 0; i < rrd_result->ds_count; i++) {

  1173. 		sum = 0.0;

  1174. 		nan_cnt = 0;

  1175. 		data_elt = ucl_object_typed_new (UCL_OBJECT);

  1176. 		ucl_object_insert_key (data_elt, ucl_object_fromint (t), "x", 1, false);

  1177. 

  1178. 		for (j = 0; j < step; j++) {

  1179. 			yval = acc[i + j * rrd_result->ds_count];

  1180. 			if (!isfinite (yval)) {

  1181. 				nan_cnt++;

  1182. 			}

  1183. 			else {

  1184. 				sum += yval;

  1185. 			}

  1186. 		}

  1187. 		if (nan_cnt == step) {

  1188. 			ucl_object_insert_key (data_elt, ucl_object_typed_new (UCL_NULL),

  1189. 					"y", 1, false);

  1190. 		}

  1191. 		else {

  1192. 			ucl_object_insert_key (data_elt,

  1193. 					ucl_object_fromdouble (sum / (gdouble) step), "y", 1,

  1194. 					false);

  1195. 		}

  1196. 		ucl_array_append (elt[i], data_elt);

  1197. 	}

  1198. }

  1199. 

  1200. /*

  1201.  * Graph command handler:

  1202.  * request: /graph?type=<day|week|month|year>

  1203.  * headers: Password

  1204.  * reply: json [

  1205.  *      { label: "Foo", data: 11 },

  1206.  *      { label: "Bar", data: 20 },

  1207.  *      {...}

  1208.  * ]

  1209.  */

  1210. static int

  1211. rspamd_controller_handle_graph (

  1212. 		struct rspamd_http_connection_entry *conn_ent,

  1213. 		struct rspamd_http_message *msg)

  1214. {

  1215. 	GHashTable *query;

  1216. 	struct rspamd_controller_session *session = conn_ent->ud;

  1217. 	struct rspamd_controller_worker_ctx *ctx;

  1218. 	rspamd_ftok_t srch, *value;

  1219. 	struct rspamd_rrd_query_result *rrd_result;

  1220. 	gulong i, k, start_row, cnt, t, ts, step;

  1221. 	gdouble *acc;

  1222. 	ucl_object_t *res, *elt[METRIC_ACTION_MAX];

  1223. 	enum {

  1224. 		rra_day = 0,

  1225. 		rra_week,

  1226. 		rra_month,

  1227. 		rra_year,

  1228. 		rra_invalid

  1229. 	} rra_num = rra_invalid;

  1230. 	/* How many points are we going to send to display */

  1231. 	static const guint desired_points = 500;

  1232. 

  1233. 	ctx = session->ctx;

  1234. 

  1235. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1236. 		return 0;

  1237. 	}

  1238. 

  1239. 	if (ctx->rrd == NULL) {

  1240. 		msg_err_session ("no rrd configured");

  1241. 		rspamd_controller_send_error (conn_ent, 404, "No rrd configured for graphs");

  1242. 

  1243. 		return 0;

  1244. 	}

  1245. 

  1246. 	query = rspamd_http_message_parse_query (msg);

  1247. 	srch.begin = (gchar *)"type";

  1248. 	srch.len = 4;

  1249. 

  1250. 	if (query == NULL || (value = g_hash_table_lookup (query, &srch)) == NULL) {

  1251. 		msg_err_session ("absent graph type query");

  1252. 		rspamd_controller_send_error (conn_ent, 400, "Absent graph type");

  1253. 

  1254. 		if (query) {

  1255. 			g_hash_table_unref (query);

  1256. 		}

  1257. 

  1258. 		return 0;

  1259. 	}

  1260. 

  1261. 	if (value->len == 3 && rspamd_lc_cmp (value->begin, "day", value->len) == 0) {

  1262. 		rra_num = rra_day;

  1263. 	}

  1264. 	else if (value->len == 4 && rspamd_lc_cmp (value->begin, "week", value->len) == 0) {

  1265. 		rra_num = rra_week;

  1266. 	}

  1267. 	else if (value->len == 5 && rspamd_lc_cmp (value->begin, "month", value->len) == 0) {

  1268. 		rra_num = rra_month;

  1269. 	}

  1270. 	else if (value->len == 4 && rspamd_lc_cmp (value->begin, "year", value->len) == 0) {

  1271. 		rra_num = rra_year;

  1272. 	}

  1273. 

  1274. 	g_hash_table_unref (query);

  1275. 

  1276. 	if (rra_num == rra_invalid) {

  1277. 		msg_err_session ("invalid graph type query");

  1278. 		rspamd_controller_send_error (conn_ent, 400, "Invalid graph type");

  1279. 

  1280. 		return 0;

  1281. 	}

  1282. 

  1283. 	rrd_result = rspamd_rrd_query (ctx->rrd, rra_num);

  1284. 

  1285. 	if (rrd_result == NULL) {

  1286. 		msg_err_session ("cannot query rrd");

  1287. 		rspamd_controller_send_error (conn_ent, 500, "Cannot query rrd");

  1288. 

  1289. 		return 0;

  1290. 	}

  1291. 

  1292. 	g_assert (rrd_result->ds_count == G_N_ELEMENTS (elt));

  1293. 

  1294. 	res = ucl_object_typed_new (UCL_ARRAY);

  1295. 	/* How much full updates happened since the last update */

  1296. 	ts = rrd_result->last_update / rrd_result->pdp_per_cdp - rrd_result->rra_rows;

  1297. 

  1298. 	for (i = 0; i < rrd_result->ds_count; i ++) {

  1299. 		elt[i] = ucl_object_typed_new (UCL_ARRAY);

  1300. 	}

  1301. 

  1302. 	start_row = rrd_result->cur_row == rrd_result->rra_rows - 1 ?

  1303. 				0 : rrd_result->cur_row;

  1304. 	t = ts * rrd_result->pdp_per_cdp;

  1305. 	k = 0;

  1306. 

  1307. 	/* Create window */

  1308. 	step = ceil (((gdouble)rrd_result->rra_rows) / desired_points);

  1309. 	g_assert (step >= 1);

  1310. 	acc = g_malloc0 (sizeof (double) * rrd_result->ds_count * step);

  1311. 

  1312. 	for (i = start_row, cnt = 0; cnt < rrd_result->rra_rows;

  1313. 			cnt ++) {

  1314. 

  1315. 		memcpy (&acc[k * rrd_result->ds_count],

  1316. 				&rrd_result->data[i * rrd_result->ds_count],

  1317. 				sizeof (gdouble) * rrd_result->ds_count);

  1318. 

  1319. 		if (k < step - 1) {

  1320. 			k ++;

  1321. 		}

  1322. 		else {

  1323. 			t = ts * rrd_result->pdp_per_cdp;

  1324. 

  1325. 			/* Need a fresh point */

  1326. 			rspamd_controller_graph_point (t, step, rrd_result, acc, elt);

  1327. 			k = 0;

  1328. 		}

  1329. 

  1330. 		if (i == rrd_result->rra_rows - 1) {

  1331. 			i = 0;

  1332. 		}

  1333. 		else {

  1334. 			i ++;

  1335. 		}

  1336. 

  1337. 		ts ++;

  1338. 	}

  1339. 

  1340. 	if (k > 0) {

  1341. 		rspamd_controller_graph_point (t, k, rrd_result, acc, elt);

  1342. 	}

  1343. 

  1344. 	for (i = 0; i < rrd_result->ds_count; i++) {

  1345. 		ucl_array_append (res, elt[i]);

  1346. 	}

  1347. 

  1348. 	rspamd_controller_send_ucl (conn_ent, res);

  1349. 	ucl_object_unref (res);

  1350. 	g_free (acc);

  1351. 

  1352. 	return 0;

  1353. }

  1354. 

  1355. static void

  1356. rspamd_controller_handle_legacy_history (

  1357. 		struct rspamd_controller_session *session,

  1358. 		struct rspamd_controller_worker_ctx *ctx,

  1359. 		struct rspamd_http_connection_entry *conn_ent,

  1360. 		struct rspamd_http_message *msg)

  1361. {

  1362. 	struct roll_history_row *row, *copied_rows;

  1363. 	guint i, rows_proc, row_num;

  1364. 	struct tm tm;

  1365. 	gchar timebuf[32], **syms;

  1366. 	ucl_object_t *top, *obj;

  1367. 

  1368. 	top = ucl_object_typed_new (UCL_ARRAY);

  1369. 

  1370. 	/* Set lock on history */

  1371. 	copied_rows = g_malloc (sizeof (*copied_rows) * ctx->srv->history->nrows);

  1372. 	memcpy (copied_rows, ctx->srv->history->rows,

  1373. 			sizeof (*copied_rows) * ctx->srv->history->nrows);

  1374. 

  1375. 	/* Go through all rows */

  1376. 	row_num = ctx->srv->history->cur_row;

  1377. 

  1378. 	for (i = 0, rows_proc = 0; i < ctx->srv->history->nrows; i++, row_num++) {

  1379. 		if (row_num == ctx->srv->history->nrows) {

  1380. 			row_num = 0;

  1381. 		}

  1382. 		row = &copied_rows[row_num];

  1383. 		/* Get only completed rows */

  1384. 		if (row->completed) {

  1385. 			rspamd_localtime (row->timestamp, &tm);

  1386. 			strftime (timebuf, sizeof (timebuf) - 1, "%Y-%m-%d %H:%M:%S", &tm);

  1387. 			obj = ucl_object_typed_new (UCL_OBJECT);

  1388. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  1389. 					timebuf),		  "time", 0, false);

  1390. 			ucl_object_insert_key (obj, ucl_object_fromint (

  1391. 					row->timestamp), "unix_time", 0, false);

  1392. 			ucl_object_insert_key (obj, ucl_object_fromstring (

  1393. 					row->message_id), "id",	  0, false);

  1394. 			ucl_object_insert_key (obj, ucl_object_fromstring (row->from_addr),

  1395. 					"ip", 0, false);

  1396. 			ucl_object_insert_key (obj,

  1397. 					ucl_object_fromstring (rspamd_action_to_str (

  1398. 							row->action)), "action", 0, false);

  1399. 

  1400. 			if (!isnan (row->score)) {

  1401. 				ucl_object_insert_key (obj, ucl_object_fromdouble (

  1402. 						row->score),		  "score",			0, false);

  1403. 			}

  1404. 			else {

  1405. 				ucl_object_insert_key (obj,

  1406. 						ucl_object_fromdouble (0.0), "score", 0, false);

  1407. 			}

  1408. 

  1409. 			if (!isnan (row->required_score)) {

  1410. 				ucl_object_insert_key (obj,

  1411. 						ucl_object_fromdouble (

  1412. 								row->required_score), "required_score", 0, false);

  1413. 			}

  1414. 			else {

  1415. 				ucl_object_insert_key (obj,

  1416. 						ucl_object_fromdouble (0.0), "required_score", 0, false);

  1417. 			}

  1418. 

  1419. 			syms = g_strsplit_set (row->symbols, ", ", -1);

  1420. 

  1421. 			if (syms) {

  1422. 				guint nelts = g_strv_length (syms);

  1423. 				ucl_object_t *syms_obj = ucl_object_typed_new (UCL_OBJECT);

  1424. 				ucl_object_reserve (syms_obj, nelts);

  1425. 

  1426. 				for (guint j = 0; j < nelts; j++) {

  1427. 					g_strstrip (syms[j]);

  1428. 

  1429. 					if (strlen (syms[j]) == 0) {

  1430. 						/* Empty garbadge */

  1431. 						continue;

  1432. 					}

  1433. 

  1434. 					ucl_object_t *cur = ucl_object_typed_new (UCL_OBJECT);

  1435. 

  1436. 					ucl_object_insert_key (cur, ucl_object_fromdouble (0.0),

  1437. 							"score", 0, false);

  1438. 					ucl_object_insert_key (syms_obj, cur, syms[j], 0, true);

  1439. 				}

  1440. 

  1441. 				ucl_object_insert_key (obj, syms_obj, "symbols", 0, false);

  1442. 				g_strfreev (syms);

  1443. 			}

  1444. 

  1445. 			ucl_object_insert_key (obj, ucl_object_fromint (row->len),

  1446. 					"size", 0, false);

  1447. 			ucl_object_insert_key (obj,

  1448. 					ucl_object_fromdouble (row->scan_time),

  1449. 					"scan_time", 0, false);

  1450. 

  1451. 			if (row->user[0] != '\0') {

  1452. 				ucl_object_insert_key (obj, ucl_object_fromstring (row->user),

  1453. 						"user", 0, false);

  1454. 			}

  1455. 			if (row->from_addr[0] != '\0') {

  1456. 				ucl_object_insert_key (obj, ucl_object_fromstring (

  1457. 						row->from_addr), "from", 0, false);

  1458. 			}

  1459. 			ucl_array_append (top, obj);

  1460. 			rows_proc++;

  1461. 		}

  1462. 	}

  1463. 

  1464. 	rspamd_controller_send_ucl (conn_ent, top);

  1465. 	ucl_object_unref (top);

  1466. 	g_free (copied_rows);

  1467. }

  1468. 

  1469. static gboolean

  1470. rspamd_controller_history_lua_fin_task (void *ud)

  1471. {

  1472. 	return TRUE;

  1473. }

  1474. 

  1475. static void

  1476. rspamd_controller_handle_lua_history (lua_State *L,

  1477. 		struct rspamd_controller_session *session,

  1478. 		struct rspamd_controller_worker_ctx *ctx,

  1479. 		struct rspamd_http_connection_entry *conn_ent,

  1480. 		struct rspamd_http_message *msg,

  1481. 		gboolean reset)

  1482. {

  1483. 	struct rspamd_task *task, **ptask;

  1484. 	struct rspamd_http_connection_entry **pconn_ent;

  1485. 	GHashTable *params;

  1486. 	rspamd_ftok_t srch, *found;

  1487. 	glong from = 0, to = -1;

  1488. 

  1489. 	params = rspamd_http_message_parse_query (msg);

  1490. 

  1491. 	if (params) {

  1492. 		/* Check from and to */

  1493. 		RSPAMD_FTOK_ASSIGN (&srch, "from");

  1494. 		found = g_hash_table_lookup (params, &srch);

  1495. 

  1496. 		if (found) {

  1497. 			rspamd_strtol (found->begin, found->len, &from);

  1498. 		}

  1499. 		RSPAMD_FTOK_ASSIGN (&srch, "to");

  1500. 		found = g_hash_table_lookup (params, &srch);

  1501. 

  1502. 		if (found) {

  1503. 			rspamd_strtol (found->begin, found->len, &to);

  1504. 		}

  1505. 

  1506. 		g_hash_table_unref (params);

  1507. 	}

  1508. 

  1509. 	lua_getglobal (L, "rspamd_plugins");

  1510. 

  1511. 	if (lua_istable (L, -1)) {

  1512. 		lua_pushstring (L, "history");

  1513. 		lua_gettable (L, -2);

  1514. 

  1515. 		if (lua_istable (L, -1)) {

  1516. 			lua_pushstring (L, "handler");

  1517. 			lua_gettable (L, -2);

  1518. 

  1519. 			if (lua_isfunction (L, -1)) {

  1520. 				task = rspamd_task_new (session->ctx->worker, session->cfg,

  1521. 						session->pool, ctx->lang_det, ctx->event_loop, FALSE);

  1522. 

  1523. 				task->resolver = ctx->resolver;

  1524. 				task->s = rspamd_session_create (session->pool,

  1525. 						rspamd_controller_history_lua_fin_task,

  1526. 						NULL,

  1527. 						(event_finalizer_t )rspamd_task_free,

  1528. 						task);

  1529. 				task->fin_arg = conn_ent;

  1530. 

  1531. 				ptask = lua_newuserdata (L, sizeof (*ptask));

  1532. 				*ptask = task;

  1533. 				rspamd_lua_setclass (L, "rspamd{task}", -1);

  1534. 				pconn_ent = lua_newuserdata (L, sizeof (*pconn_ent));

  1535. 				*pconn_ent = conn_ent;

  1536. 				rspamd_lua_setclass (L, "rspamd{csession}", -1);

  1537. 				lua_pushinteger (L, from);

  1538. 				lua_pushinteger (L, to);

  1539. 				lua_pushboolean (L, reset);

  1540. 

  1541. 				if (lua_pcall (L, 5, 0, 0) != 0) {

  1542. 					msg_err_session ("call to history function failed: %s",

  1543. 							lua_tostring (L, -1));

  1544. 					lua_settop (L, 0);

  1545. 					rspamd_task_free (task);

  1546. 

  1547. 					goto err;

  1548. 				}

  1549. 

  1550. 				task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  1551. 				task->sock = -1;

  1552. 				session->task = task;

  1553. 

  1554. 				rspamd_session_pending (task->s);

  1555. 			}

  1556. 			else {

  1557. 				msg_err_session ("rspamd_plugins.history.handler is not a function");

  1558. 				lua_settop (L, 0);

  1559. 				goto err;

  1560. 			}

  1561. 		}

  1562. 		else {

  1563. 			msg_err_session ("rspamd_plugins.history is not a table");

  1564. 			lua_settop (L, 0);

  1565. 			goto err;

  1566. 		}

  1567. 	}

  1568. 	else {

  1569. 		msg_err_session ("rspamd_plugins is absent or has incorrect type");

  1570. 		lua_settop (L, 0);

  1571. 		goto err;

  1572. 	}

  1573. 

  1574. 	lua_settop (L, 0);

  1575. 

  1576. 	return;

  1577. err:

  1578. 	rspamd_controller_send_error (conn_ent, 500, "Internal error");

  1579. }

  1580. 

  1581. /*

  1582.  * History command handler:

  1583.  * request: /history

  1584.  * headers: Password

  1585.  * reply: json [

  1586.  *      { label: "Foo", data: 11 },

  1587.  *      { label: "Bar", data: 20 },

  1588.  *      {...}

  1589.  * ]

  1590.  */

  1591. static int

  1592. rspamd_controller_handle_history (struct rspamd_http_connection_entry *conn_ent,

  1593. 	struct rspamd_http_message *msg)

  1594. {

  1595. 	struct rspamd_controller_session *session = conn_ent->ud;

  1596. 	struct rspamd_controller_worker_ctx *ctx;

  1597. 	lua_State *L;

  1598. 	ctx = session->ctx;

  1599. 

  1600. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1601. 		return 0;

  1602. 	}

  1603. 

  1604. 	L = ctx->cfg->lua_state;

  1605. 

  1606. 	if (!ctx->srv->history->disabled) {

  1607. 		rspamd_controller_handle_legacy_history (session, ctx, conn_ent, msg);

  1608. 	}

  1609. 	else {

  1610. 		rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,

  1611. 				FALSE);

  1612. 	}

  1613. 

  1614. 	return 0;

  1615. }

  1616. 

  1617. /*

  1618.  * Errors command handler:

  1619.  * request: /errors

  1620.  * headers: Password

  1621.  * reply: json [

  1622.  *      { ts: 100500, type: normal, pid: 100, module: lua, message: bad things },

  1623.  *      {...}

  1624.  * ]

  1625.  */

  1626. static int

  1627. rspamd_controller_handle_errors (struct rspamd_http_connection_entry *conn_ent,

  1628. 	struct rspamd_http_message *msg)

  1629. {

  1630. 	struct rspamd_controller_session *session = conn_ent->ud;

  1631. 	struct rspamd_controller_worker_ctx *ctx;

  1632. 	ucl_object_t *top;

  1633. 

  1634. 	ctx = session->ctx;

  1635. 

  1636. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1637. 		return 0;

  1638. 	}

  1639. 

  1640. 	top = rspamd_log_errorbuf_export (ctx->worker->srv->logger);

  1641. 	rspamd_controller_send_ucl (conn_ent, top);

  1642. 	ucl_object_unref (top);

  1643. 

  1644. 	return 0;

  1645. }

  1646. 

  1647. /*

  1648.  * Neighbours command handler:

  1649.  * request: /neighbours

  1650.  * headers: Password

  1651.  * reply: json {name: {url: "http://...", host: "host"}}

  1652.  */

  1653. static int

  1654. rspamd_controller_handle_neighbours (struct rspamd_http_connection_entry *conn_ent,

  1655. 	struct rspamd_http_message *msg)

  1656. {

  1657. 	struct rspamd_controller_session *session = conn_ent->ud;

  1658. 	struct rspamd_controller_worker_ctx *ctx;

  1659. 

  1660. 	ctx = session->ctx;

  1661. 

  1662. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  1663. 		return 0;

  1664. 	}

  1665. 

  1666. 	rspamd_controller_send_ucl (conn_ent, ctx->cfg->neighbours);

  1667. 

  1668. 	return 0;

  1669. }

  1670. 

  1671. 

  1672. static int

  1673. rspamd_controller_handle_history_reset (struct rspamd_http_connection_entry *conn_ent,

  1674. 		struct rspamd_http_message *msg)

  1675. {

  1676. 	struct rspamd_controller_session *session = conn_ent->ud;

  1677. 	struct rspamd_controller_worker_ctx *ctx;

  1678. 	struct roll_history_row *row;

  1679. 	guint completed_rows, i, t;

  1680. 	lua_State *L;

  1681. 

  1682. 	ctx = session->ctx;

  1683. 	L = ctx->cfg->lua_state;

  1684. 

  1685. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1686. 		return 0;

  1687. 	}

  1688. 

  1689. 	if (!ctx->srv->history->disabled) {

  1690. 		/* Clean from start to the current row */

  1691. 		completed_rows = g_atomic_int_get (&ctx->srv->history->cur_row);

  1692. 

  1693. 		completed_rows = MIN (completed_rows, ctx->srv->history->nrows - 1);

  1694. 

  1695. 		for (i = 0; i <= completed_rows; i ++) {

  1696. 			t = g_atomic_int_get (&ctx->srv->history->cur_row);

  1697. 

  1698. 			/* We somehow come to the race condition */

  1699. 			if (i > t) {

  1700. 				break;

  1701. 			}

  1702. 

  1703. 			row = &ctx->srv->history->rows[i];

  1704. 			memset (row, 0, sizeof (*row));

  1705. 		}

  1706. 

  1707. 		msg_info_session ("<%s> cleared %d entries from history",

  1708. 				rspamd_inet_address_to_string (session->from_addr),

  1709. 				completed_rows);

  1710. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1711. 	}

  1712. 	else {

  1713. 		rspamd_controller_handle_lua_history (L, session, ctx, conn_ent, msg,

  1714. 				TRUE);

  1715. 	}

  1716. 

  1717. 	return 0;

  1718. }

  1719. 

  1720. static gboolean

  1721. rspamd_controller_lua_fin_task (void *ud)

  1722. {

  1723. 	struct rspamd_task *task = ud;

  1724. 	struct rspamd_http_connection_entry *conn_ent;

  1725. 

  1726. 	conn_ent = task->fin_arg;

  1727. 

  1728. 	if (task->err != NULL) {

  1729. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1730. 				task->err->message);

  1731. 	}

  1732. 

  1733. 	return TRUE;

  1734. }

  1735. 

  1736. static int

  1737. rspamd_controller_handle_lua (struct rspamd_http_connection_entry *conn_ent,

  1738. 		struct rspamd_http_message *msg)

  1739. {

  1740. 	struct rspamd_controller_session *session = conn_ent->ud;

  1741. 	struct rspamd_task *task, **ptask;

  1742. 	struct rspamd_http_connection_entry **pconn;

  1743. 	struct rspamd_controller_worker_ctx *ctx;

  1744. 	gchar filebuf[PATH_MAX], realbuf[PATH_MAX];

  1745. 	struct http_parser_url u;

  1746. 	rspamd_ftok_t lookup;

  1747. 	struct stat st;

  1748. 	lua_State *L;

  1749. 

  1750. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1751. 		return 0;

  1752. 	}

  1753. 

  1754. 	ctx = session->ctx;

  1755. 	L = ctx->cfg->lua_state;

  1756. 

  1757. 	/* Find lua script */

  1758. 	if (msg->url != NULL && msg->url->len != 0) {

  1759. 

  1760. 		http_parser_parse_url (RSPAMD_FSTRING_DATA (msg->url),

  1761. 				RSPAMD_FSTRING_LEN (msg->url), TRUE, &u);

  1762. 

  1763. 		if (u.field_set & (1 << UF_PATH)) {

  1764. 			lookup.begin = RSPAMD_FSTRING_DATA (msg->url) +

  1765. 					u.field_data[UF_PATH].off;

  1766. 			lookup.len = u.field_data[UF_PATH].len;

  1767. 		}

  1768. 		else {

  1769. 			lookup.begin = RSPAMD_FSTRING_DATA (msg->url);

  1770. 			lookup.len = RSPAMD_FSTRING_LEN (msg->url);

  1771. 		}

  1772. 

  1773. 		rspamd_snprintf (filebuf, sizeof (filebuf), "%s%c%T",

  1774. 				ctx->static_files_dir, G_DIR_SEPARATOR, &lookup);

  1775. 

  1776. 		if (realpath (filebuf, realbuf) == NULL ||

  1777. 				lstat (realbuf, &st) == -1) {

  1778. 			rspamd_controller_send_error (conn_ent, 404, "Cannot find path: %s",

  1779. 					strerror (errno));

  1780. 

  1781. 			return 0;

  1782. 		}

  1783. 

  1784. 		/* TODO: add caching here, should be trivial */

  1785. 		/* Now we load and execute the code fragment, which should return a function */

  1786. 		if (luaL_loadfile (L, realbuf) != 0) {

  1787. 			rspamd_controller_send_error (conn_ent, 500, "Cannot load path: %s",

  1788. 					lua_tostring (L, -1));

  1789. 			lua_settop (L, 0);

  1790. 

  1791. 			return 0;

  1792. 		}

  1793. 

  1794. 		if (lua_pcall (L, 0, 1, 0) != 0) {

  1795. 			rspamd_controller_send_error (conn_ent, 501, "Cannot run path: %s",

  1796. 					lua_tostring (L, -1));

  1797. 			lua_settop (L, 0);

  1798. 

  1799. 			return 0;

  1800. 		}

  1801. 

  1802. 		if (lua_type (L, -1) != LUA_TFUNCTION) {

  1803. 			rspamd_controller_send_error (conn_ent, 502, "Bad return type: %s",

  1804. 					lua_typename (L, lua_type (L, -1)));

  1805. 			lua_settop (L, 0);

  1806. 

  1807. 			return 0;

  1808. 		}

  1809. 

  1810. 	}

  1811. 	else {

  1812. 		rspamd_controller_send_error (conn_ent, 404, "Empty path is not permitted");

  1813. 

  1814. 		return 0;

  1815. 	}

  1816. 

  1817. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  1818. 			ctx->lang_det, ctx->event_loop, FALSE);

  1819. 

  1820. 	task->resolver = ctx->resolver;

  1821. 	task->s = rspamd_session_create (session->pool,

  1822. 			rspamd_controller_lua_fin_task,

  1823. 			NULL,

  1824. 			(event_finalizer_t )rspamd_task_free,

  1825. 			task);

  1826. 	task->fin_arg = conn_ent;

  1827. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  1828. 	task->sock = -1;

  1829. 	session->task = task;

  1830. 

  1831. 	if (msg->body_buf.len > 0) {

  1832. 		if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  1833. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1834. 					task->err->message);

  1835. 			return 0;

  1836. 		}

  1837. 	}

  1838. 

  1839. 	ptask = lua_newuserdata (L, sizeof (*ptask));

  1840. 	rspamd_lua_setclass (L, "rspamd{task}", -1);

  1841. 	*ptask = task;

  1842. 

  1843. 	pconn = lua_newuserdata (L, sizeof (*pconn));

  1844. 	rspamd_lua_setclass (L, "rspamd{csession}", -1);

  1845. 	*pconn = conn_ent;

  1846. 

  1847. 	if (lua_pcall (L, 2, 0, 0) != 0) {

  1848. 		rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",

  1849. 				lua_tostring (L, -1));

  1850. 		lua_settop (L, 0);

  1851. 

  1852. 		return 0;

  1853. 	}

  1854. 

  1855. 	rspamd_session_pending (task->s);

  1856. 

  1857. 	return 0;

  1858. }

  1859. 

  1860. static gboolean

  1861. rspamd_controller_learn_fin_task (void *ud)

  1862. {

  1863. 	struct rspamd_task *task = ud;

  1864. 	struct rspamd_controller_session *session;

  1865. 	struct rspamd_http_connection_entry *conn_ent;

  1866. 

  1867. 	conn_ent = task->fin_arg;

  1868. 	session = conn_ent->ud;

  1869. 

  1870. 	if (task->err != NULL) {

  1871. 		msg_info_session ("cannot learn <%s>: %e",

  1872. 				MESSAGE_FIELD (task, message_id), task->err);

  1873. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1874. 				task->err->message);

  1875. 

  1876. 		return TRUE;

  1877. 	}

  1878. 

  1879. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1880. 		/* Successful learn */

  1881. 		msg_info_task ("<%s> learned message as %s: %s",

  1882. 				rspamd_inet_address_to_string (session->from_addr),

  1883. 				session->is_spam ? "spam" : "ham",

  1884. 				MESSAGE_FIELD (task, message_id));

  1885. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1886. 		return TRUE;

  1887. 	}

  1888. 

  1889. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {

  1890. 		msg_info_task ("cannot learn <%s>: %e",

  1891. 				MESSAGE_FIELD (task, message_id), task->err);

  1892. 

  1893. 		if (task->err) {

  1894. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1895. 					task->err->message);

  1896. 		}

  1897. 		else {

  1898. 			rspamd_controller_send_error (conn_ent, 500,

  1899. 								"Internal error");

  1900. 		}

  1901. 	}

  1902. 

  1903. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1904. 		if (task->err) {

  1905. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1906. 					task->err->message);

  1907. 		}

  1908. 		else {

  1909. 			msg_info_task ("<%s> learned message as %s: %s",

  1910. 					rspamd_inet_address_to_string (session->from_addr),

  1911. 					session->is_spam ? "spam" : "ham",

  1912. 					MESSAGE_FIELD (task, message_id));

  1913. 			rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  1914. 		}

  1915. 

  1916. 		return TRUE;

  1917. 	}

  1918. 

  1919. 	/* One more iteration */

  1920. 	return FALSE;

  1921. }

  1922. 

  1923. static void

  1924. rspamd_controller_scan_reply (struct rspamd_task *task)

  1925. {

  1926. 	struct rspamd_http_message *msg;

  1927. 	struct rspamd_http_connection_entry *conn_ent;

  1928. 

  1929. 	conn_ent = task->fin_arg;

  1930. 	msg = rspamd_http_new_message (HTTP_RESPONSE);

  1931. 	msg->date = time (NULL);

  1932. 	msg->code = 200;

  1933. 	rspamd_protocol_http_reply (msg, task, NULL);

  1934. 	rspamd_http_connection_reset (conn_ent->conn);

  1935. 	rspamd_http_router_insert_headers (conn_ent->rt, msg);

  1936. 	rspamd_http_connection_write_message (conn_ent->conn, msg, NULL,

  1937. 			"application/json", conn_ent, conn_ent->rt->timeout);

  1938. 	conn_ent->is_reply = TRUE;

  1939. }

  1940. 

  1941. static gboolean

  1942. rspamd_controller_check_fin_task (void *ud)

  1943. {

  1944. 	struct rspamd_task *task = ud;

  1945. 	struct rspamd_http_connection_entry *conn_ent;

  1946. 

  1947. 	msg_debug_task ("finish task");

  1948. 	conn_ent = task->fin_arg;

  1949. 

  1950. 	if (task->err) {

  1951. 		msg_info_task ("cannot check <%s>: %e",

  1952. 				MESSAGE_FIELD_CHECK (task, message_id), task->err);

  1953. 		rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  1954. 				task->err->message);

  1955. 		return TRUE;

  1956. 	}

  1957. 

  1958. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1959. 		rspamd_controller_scan_reply (task);

  1960. 		return TRUE;

  1961. 	}

  1962. 

  1963. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {

  1964. 		rspamd_controller_scan_reply (task);

  1965. 		return TRUE;

  1966. 	}

  1967. 

  1968. 	if (RSPAMD_TASK_IS_PROCESSED (task)) {

  1969. 		rspamd_controller_scan_reply (task);

  1970. 		return TRUE;

  1971. 	}

  1972. 

  1973. 	/* One more iteration */

  1974. 	return FALSE;

  1975. }

  1976. 

  1977. static int

  1978. rspamd_controller_handle_learn_common (

  1979. 	struct rspamd_http_connection_entry *conn_ent,

  1980. 	struct rspamd_http_message *msg,

  1981. 	gboolean is_spam)

  1982. {

  1983. 	struct rspamd_controller_session *session = conn_ent->ud;

  1984. 	struct rspamd_controller_worker_ctx *ctx;

  1985. 	struct rspamd_task *task;

  1986. 	const rspamd_ftok_t *cl_header;

  1987. 

  1988. 	ctx = session->ctx;

  1989. 

  1990. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  1991. 		return 0;

  1992. 	}

  1993. 

  1994. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  1995. 		msg_err_session ("got zero length body, cannot continue");

  1996. 		rspamd_controller_send_error (conn_ent,

  1997. 			400,

  1998. 			"Empty body is not permitted");

  1999. 		return 0;

  2000. 	}

  2001. 

  2002. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2003. 			session->ctx->lang_det, ctx->event_loop, FALSE);

  2004. 

  2005. 	task->resolver = ctx->resolver;

  2006. 	task->s = rspamd_session_create (session->pool,

  2007. 			rspamd_controller_learn_fin_task,

  2008. 			NULL,

  2009. 			(event_finalizer_t )rspamd_task_free,

  2010. 			task);

  2011. 	task->fin_arg = conn_ent;

  2012. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  2013. 	task->sock = -1;

  2014. 	session->task = task;

  2015. 

  2016. 	cl_header = rspamd_http_message_find_header (msg, "classifier");

  2017. 	if (cl_header) {

  2018. 		session->classifier = rspamd_mempool_ftokdup (session->pool, cl_header);

  2019. 	}

  2020. 	else {

  2021. 		session->classifier = NULL;

  2022. 	}

  2023. 

  2024. 	if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  2025. 		goto end;

  2026. 	}

  2027. 

  2028. 	rspamd_learn_task_spam (task, is_spam, session->classifier, NULL);

  2029. 

  2030. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {

  2031. 		msg_warn_session ("<%s> message cannot be processed",

  2032. 				MESSAGE_FIELD (task, message_id));

  2033. 		goto end;

  2034. 	}

  2035. 

  2036. end:

  2037. 	session->is_spam = is_spam;

  2038. 	rspamd_session_pending (task->s);

  2039. 

  2040. 	return 0;

  2041. }

  2042. 

  2043. /*

  2044.  * Learn spam command handler:

  2045.  * request: /learnspam

  2046.  * headers: Password

  2047.  * input: plaintext data

  2048.  * reply: json {"success":true} or {"error":"error message"}

  2049.  */

  2050. static int

  2051. rspamd_controller_handle_learnspam (

  2052. 	struct rspamd_http_connection_entry *conn_ent,

  2053. 	struct rspamd_http_message *msg)

  2054. {

  2055. 	return rspamd_controller_handle_learn_common (conn_ent, msg, TRUE);

  2056. }

  2057. /*

  2058.  * Learn ham command handler:

  2059.  * request: /learnham

  2060.  * headers: Password

  2061.  * input: plaintext data

  2062.  * reply: json {"success":true} or {"error":"error message"}

  2063.  */

  2064. static int

  2065. rspamd_controller_handle_learnham (

  2066. 	struct rspamd_http_connection_entry *conn_ent,

  2067. 	struct rspamd_http_message *msg)

  2068. {

  2069. 	return rspamd_controller_handle_learn_common (conn_ent, msg, FALSE);

  2070. }

  2071. 

  2072. /*

  2073.  * Scan command handler:

  2074.  * request: /scan

  2075.  * headers: Password

  2076.  * input: plaintext data

  2077.  * reply: json {scan data} or {"error":"error message"}

  2078.  */

  2079. static int

  2080. rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,

  2081. 	struct rspamd_http_message *msg)

  2082. {

  2083. 	struct rspamd_controller_session *session = conn_ent->ud;

  2084. 	struct rspamd_controller_worker_ctx *ctx;

  2085. 	struct rspamd_task *task;

  2086. 

  2087. 	ctx = session->ctx;

  2088. 

  2089. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2090. 		return 0;

  2091. 	}

  2092. 

  2093. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2094. 			ctx->lang_det, ctx->event_loop, FALSE);

  2095. 

  2096. 	task->resolver = ctx->resolver;

  2097. 	task->s = rspamd_session_create (session->pool,

  2098. 			rspamd_controller_check_fin_task,

  2099. 			NULL,

  2100. 			(event_finalizer_t )rspamd_task_free,

  2101. 			task);

  2102. 	task->fin_arg = conn_ent;

  2103. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);

  2104. 	task->sock = conn_ent->conn->fd;

  2105. 	task->flags |= RSPAMD_TASK_FLAG_MIME;

  2106. 	task->resolver = ctx->resolver;

  2107. 

  2108. 	if (!rspamd_protocol_handle_request (task, msg)) {

  2109. 		goto end;

  2110. 	}

  2111. 

  2112. 	if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  2113. 		goto end;

  2114. 	}

  2115. 

  2116. 	if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {

  2117. 		goto end;

  2118. 	}

  2119. 

  2120. 	if (ctx->task_timeout > 0.0) {

  2121. 		task->timeout_ev.data = task;

  2122. 		ev_timer_init (&task->timeout_ev, rspamd_task_timeout,

  2123. 				ctx->task_timeout, ctx->task_timeout);

  2124. 		ev_timer_start (task->event_loop, &task->timeout_ev);

  2125. 		ev_set_priority (&task->timeout_ev, EV_MAXPRI);

  2126. 	}

  2127. 

  2128. end:

  2129. 	session->task = task;

  2130. 	rspamd_session_pending (task->s);

  2131. 

  2132. 	return 0;

  2133. }

  2134. 

  2135. /*

  2136.  * Save actions command handler:

  2137.  * request: /saveactions

  2138.  * headers: Password

  2139.  * input: json array [<spam>,<probable spam>,<greylist>]

  2140.  * reply: json {"success":true} or {"error":"error message"}

  2141.  */

  2142. static int

  2143. rspamd_controller_handle_saveactions (

  2144. 	struct rspamd_http_connection_entry *conn_ent,

  2145. 	struct rspamd_http_message *msg)

  2146. {

  2147. 	struct rspamd_controller_session *session = conn_ent->ud;

  2148. 	struct ucl_parser *parser;

  2149. 	ucl_object_t *obj;

  2150. 	const ucl_object_t *cur;

  2151. 	struct rspamd_controller_worker_ctx *ctx;

  2152. 	const gchar *error;

  2153. 	gdouble score;

  2154. 	gint i, added = 0;

  2155. 	enum rspamd_action_type act;

  2156. 	ucl_object_iter_t it = NULL;

  2157. 

  2158. 	ctx = session->ctx;

  2159. 

  2160. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2161. 		return 0;

  2162. 	}

  2163. 

  2164. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2165. 		msg_err_session ("got zero length body, cannot continue");

  2166. 		rspamd_controller_send_error (conn_ent,

  2167. 			400,

  2168. 			"Empty body is not permitted");

  2169. 		return 0;

  2170. 	}

  2171. 

  2172. 	parser = ucl_parser_new (0);

  2173. 	if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {

  2174. 		if ((error = ucl_parser_get_error (parser)) != NULL) {

  2175. 			msg_err_session ("cannot parse input: %s", error);

  2176. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2177. 			ucl_parser_free (parser);

  2178. 			return 0;

  2179. 		}

  2180. 

  2181. 		msg_err_session ("cannot parse input: unknown error");

  2182. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2183. 		ucl_parser_free (parser);

  2184. 		return 0;

  2185. 	}

  2186. 

  2187. 	obj = ucl_parser_get_object (parser);

  2188. 	ucl_parser_free (parser);

  2189. 

  2190. 	if (obj->type != UCL_ARRAY || obj->len != 4) {

  2191. 		msg_err_session ("input is not an array of 4 elements");

  2192. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2193. 		ucl_object_unref (obj);

  2194. 		return 0;

  2195. 	}

  2196. 

  2197. 	it = ucl_object_iterate_new (obj);

  2198. 

  2199. 	for (i = 0; i < 4; i++) {

  2200. 		cur = ucl_object_iterate_safe (it, TRUE);

  2201. 

  2202. 		switch (i) {

  2203. 		case 0:

  2204. 		default:

  2205. 			act = METRIC_ACTION_REJECT;

  2206. 			break;

  2207. 		case 1:

  2208. 			act = METRIC_ACTION_REWRITE_SUBJECT;

  2209. 			break;

  2210. 		case 2:

  2211. 			act = METRIC_ACTION_ADD_HEADER;

  2212. 			break;

  2213. 		case 3:

  2214. 			act = METRIC_ACTION_GREYLIST;

  2215. 			break;

  2216. 		}

  2217. 

  2218. 		if (ucl_object_type (cur) == UCL_NULL) {

  2219. 			/* Assume NaN */

  2220. 			score = NAN;

  2221. 		}

  2222. 		else {

  2223. 			score = ucl_object_todouble (cur);

  2224. 		}

  2225. 

  2226. 		if ((isnan (session->cfg->actions[act].threshold) != isnan (score)) ||

  2227. 				(session->cfg->actions[act].threshold != score)) {

  2228. 			add_dynamic_action (ctx->cfg, DEFAULT_METRIC, act, score);

  2229. 			added ++;

  2230. 		}

  2231. 		else {

  2232. 			if (remove_dynamic_action (ctx->cfg, DEFAULT_METRIC, act)) {

  2233. 				added ++;

  2234. 			}

  2235. 		}

  2236. 	}

  2237. 

  2238. 	ucl_object_iterate_free (it);

  2239. 

  2240. 	if (dump_dynamic_config (ctx->cfg)) {

  2241. 		msg_info_session ("<%s> modified %d actions",

  2242. 			rspamd_inet_address_to_string (session->from_addr),

  2243. 			added);

  2244. 

  2245. 		rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2246. 	}

  2247. 	else {

  2248. 		rspamd_controller_send_error (conn_ent, 500, "Save error");

  2249. 	}

  2250. 

  2251. 	ucl_object_unref (obj);

  2252. 

  2253. 	return 0;

  2254. }

  2255. 

  2256. /*

  2257.  * Save symbols command handler:

  2258.  * request: /savesymbols

  2259.  * headers: Password

  2260.  * input: json data

  2261.  * reply: json {"success":true} or {"error":"error message"}

  2262.  */

  2263. static int

  2264. rspamd_controller_handle_savesymbols (

  2265. 	struct rspamd_http_connection_entry *conn_ent,

  2266. 	struct rspamd_http_message *msg)

  2267. {

  2268. 	struct rspamd_controller_session *session = conn_ent->ud;

  2269. 	struct ucl_parser *parser;

  2270. 	ucl_object_t *obj;

  2271. 	const ucl_object_t *cur, *jname, *jvalue;

  2272. 	ucl_object_iter_t iter = NULL;

  2273. 	struct rspamd_controller_worker_ctx *ctx;

  2274. 	const gchar *error;

  2275. 	gdouble val;

  2276. 	struct rspamd_symbol *sym;

  2277. 	int added = 0;

  2278. 

  2279. 	ctx = session->ctx;

  2280. 

  2281. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2282. 		return 0;

  2283. 	}

  2284. 

  2285. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2286. 		msg_err_session ("got zero length body, cannot continue");

  2287. 		rspamd_controller_send_error (conn_ent,

  2288. 			400,

  2289. 			"Empty body is not permitted");

  2290. 		return 0;

  2291. 	}

  2292. 

  2293. 	parser = ucl_parser_new (0);

  2294. 	if (!ucl_parser_add_chunk (parser, msg->body_buf.begin, msg->body_buf.len)) {

  2295. 		if ((error = ucl_parser_get_error (parser)) != NULL) {

  2296. 			msg_err_session ("cannot parse input: %s", error);

  2297. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2298. 			ucl_parser_free (parser);

  2299. 			return 0;

  2300. 		}

  2301. 

  2302. 		msg_err_session ("cannot parse input: unknown error");

  2303. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2304. 		ucl_parser_free (parser);

  2305. 		return 0;

  2306. 	}

  2307. 

  2308. 	obj = ucl_parser_get_object (parser);

  2309. 	ucl_parser_free (parser);

  2310. 

  2311. 	if (obj->type != UCL_ARRAY) {

  2312. 		msg_err_session ("input is not an array");

  2313. 		rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2314. 		ucl_object_unref (obj);

  2315. 		return 0;

  2316. 	}

  2317. 

  2318. 	iter = ucl_object_iterate_new (obj);

  2319. 

  2320. 	while ((cur = ucl_object_iterate_safe (iter, true))) {

  2321. 		if (cur->type != UCL_OBJECT) {

  2322. 			msg_err_session ("json array data error");

  2323. 			rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");

  2324. 			ucl_object_unref (obj);

  2325. 			ucl_object_iterate_free (iter);

  2326. 

  2327. 			return 0;

  2328. 		}

  2329. 

  2330. 		jname = ucl_object_lookup (cur, "name");

  2331. 		jvalue = ucl_object_lookup (cur, "value");

  2332. 		val = ucl_object_todouble (jvalue);

  2333. 		sym = g_hash_table_lookup (session->cfg->symbols, ucl_object_tostring (jname));

  2334. 

  2335. 		if (sym && fabs (*sym->weight_ptr - val) > 0.01) {

  2336. 			if (!add_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,

  2337. 				ucl_object_tostring (jname), val)) {

  2338. 				msg_err_session ("add symbol failed for %s",

  2339. 					ucl_object_tostring (jname));

  2340. 				rspamd_controller_send_error (conn_ent, 506,

  2341. 					"Add symbol failed");

  2342. 				ucl_object_unref (obj);

  2343. 				ucl_object_iterate_free (iter);

  2344. 

  2345. 				return 0;

  2346. 			}

  2347. 			added ++;

  2348. 		}

  2349. 		else if (sym && ctx->cfg->dynamic_conf) {

  2350. 			if (remove_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,

  2351. 					ucl_object_tostring (jname))) {

  2352. 				added ++;

  2353. 			}

  2354. 		}

  2355. 	}

  2356. 

  2357. 	ucl_object_iterate_free (iter);

  2358. 

  2359. 	if (added > 0) {

  2360. 		if (ctx->cfg->dynamic_conf) {

  2361. 			if (dump_dynamic_config (ctx->cfg)) {

  2362. 				msg_info_session ("<%s> modified %d symbols",

  2363. 						rspamd_inet_address_to_string (session->from_addr),

  2364. 						added);

  2365. 

  2366. 				rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2367. 			}

  2368. 			else {

  2369. 				rspamd_controller_send_error (conn_ent, 500, "Save error");

  2370. 			}

  2371. 		}

  2372. 		else {

  2373. 			rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2374. 		}

  2375. 	}

  2376. 	else {

  2377. 		msg_err_session ("no symbols to save");

  2378. 		rspamd_controller_send_error (conn_ent, 404, "No symbols to save");

  2379. 	}

  2380. 

  2381. 	ucl_object_unref (obj);

  2382. 

  2383. 	return 0;

  2384. }

  2385. 

  2386. /*

  2387.  * Save map command handler:

  2388.  * request: /savemap

  2389.  * headers: Password, Map

  2390.  * input: plaintext data

  2391.  * reply: json {"success":true} or {"error":"error message"}

  2392.  */

  2393. static int

  2394. rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,

  2395. 	struct rspamd_http_message *msg)

  2396. {

  2397. 	struct rspamd_controller_session *session = conn_ent->ud;

  2398. 	GList *cur;

  2399. 	struct rspamd_map *map = NULL;

  2400. 	struct rspamd_map_backend *bk;

  2401. 	struct rspamd_controller_worker_ctx *ctx;

  2402. 	const rspamd_ftok_t *idstr;

  2403. 	gulong id, i;

  2404. 	gboolean found = FALSE;

  2405. 	gchar tempname[PATH_MAX];

  2406. 	gint fd;

  2407. 

  2408. 	ctx = session->ctx;

  2409. 

  2410. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2411. 		return 0;

  2412. 	}

  2413. 

  2414. 	if (rspamd_http_message_get_body (msg, NULL) == NULL) {

  2415. 		msg_err_session ("got zero length body, cannot continue");

  2416. 		rspamd_controller_send_error (conn_ent,

  2417. 			400,

  2418. 			"Empty body is not permitted");

  2419. 		return 0;

  2420. 	}

  2421. 

  2422. 	idstr = rspamd_http_message_find_header (msg, "Map");

  2423. 

  2424. 	if (idstr == NULL) {

  2425. 		msg_info_session ("absent map id");

  2426. 		rspamd_controller_send_error (conn_ent, 400, "Map id not specified");

  2427. 		return 0;

  2428. 	}

  2429. 

  2430. 	if (!rspamd_strtoul (idstr->begin, idstr->len, &id)) {

  2431. 		msg_info_session ("invalid map id: %T", idstr);

  2432. 		rspamd_controller_send_error (conn_ent, 400, "Map id is invalid");

  2433. 		return 0;

  2434. 	}

  2435. 

  2436. 	/* Now let's be sure that we have map defined in configuration */

  2437. 	cur = ctx->cfg->maps;

  2438. 	while (cur && !found) {

  2439. 		map = cur->data;

  2440. 

  2441. 		PTR_ARRAY_FOREACH (map->backends, i, bk) {

  2442. 			if (bk->id == id && bk->protocol == MAP_PROTO_FILE) {

  2443. 				found = TRUE;

  2444. 				break;

  2445. 			}

  2446. 		}

  2447. 		cur = g_list_next (cur);

  2448. 	}

  2449. 

  2450. 	if (!found) {

  2451. 		msg_info_session ("map not found: %L", id);

  2452. 		rspamd_controller_send_error (conn_ent, 404, "Map id not found");

  2453. 		return 0;

  2454. 	}

  2455. 

  2456. 	rspamd_snprintf (tempname, sizeof (tempname), "%s.newXXXXXX", bk->uri);

  2457. 	fd = g_mkstemp_full (tempname, O_WRONLY, 00644);

  2458. 

  2459. 	if (fd == -1) {

  2460. 		msg_info_session ("map %s open error: %s", tempname, strerror (errno));

  2461. 		rspamd_controller_send_error (conn_ent, 404,

  2462. 				"Cannot open map: %s",

  2463. 				strerror (errno));

  2464. 		return 0;

  2465. 	}

  2466. 

  2467. 	if (write (fd, msg->body_buf.begin, msg->body_buf.len) == -1) {

  2468. 		msg_info_session ("map %s write error: %s", tempname, strerror (errno));

  2469. 		unlink (tempname);

  2470. 		close (fd);

  2471. 		rspamd_controller_send_error (conn_ent, 500, "Map write error: %s",

  2472. 				strerror (errno));

  2473. 		return 0;

  2474. 	}

  2475. 

  2476. 	/* Rename */

  2477. 	if (rename (tempname, bk->uri) == -1) {

  2478. 		msg_info_session ("map %s rename error: %s", tempname, strerror (errno));

  2479. 		unlink (tempname);

  2480. 		close (fd);

  2481. 		rspamd_controller_send_error (conn_ent, 500, "Map rename error: %s",

  2482. 				strerror (errno));

  2483. 		return 0;

  2484. 	}

  2485. 

  2486. 	msg_info_session ("<%s>, map %s saved",

  2487. 			rspamd_inet_address_to_string (session->from_addr),

  2488. 			bk->uri);

  2489. 	close (fd);

  2490. 

  2491. 	rspamd_controller_send_string (conn_ent, "{\"success\":true}");

  2492. 

  2493. 	return 0;

  2494. }

  2495. 

  2496. struct rspamd_stat_cbdata {

  2497. 	struct rspamd_http_connection_entry *conn_ent;

  2498. 	ucl_object_t *top;

  2499. 	ucl_object_t *stat;

  2500. 	struct rspamd_task *task;

  2501. 	guint64 learned;

  2502. };

  2503. 

  2504. static gboolean

  2505. rspamd_controller_stat_fin_task (void *ud)

  2506. {

  2507. 	struct rspamd_stat_cbdata *cbdata = ud;

  2508. 	struct rspamd_http_connection_entry *conn_ent;

  2509. 	ucl_object_t *top, *ar;

  2510. 	GList *fuzzy_elts, *cur;

  2511. 	struct rspamd_fuzzy_stat_entry *entry;

  2512. 

  2513. 	conn_ent = cbdata->conn_ent;

  2514. 	top = cbdata->top;

  2515. 

  2516. 	ucl_object_insert_key (top,

  2517. 			ucl_object_fromint (cbdata->learned), "total_learns", 0, false);

  2518. 

  2519. 	if (cbdata->stat) {

  2520. 		ucl_object_insert_key (top, cbdata->stat, "statfiles", 0, false);

  2521. 	}

  2522. 

  2523. 	fuzzy_elts = rspamd_mempool_get_variable (cbdata->task->task_pool, "fuzzy_stat");

  2524. 

  2525. 	if (fuzzy_elts) {

  2526. 		ar = ucl_object_typed_new (UCL_OBJECT);

  2527. 

  2528. 		for (cur = fuzzy_elts; cur != NULL; cur = g_list_next (cur)) {

  2529. 			entry = cur->data;

  2530. 

  2531. 			if (entry->name) {

  2532. 				ucl_object_insert_key (ar, ucl_object_fromint (entry->fuzzy_cnt),

  2533. 						entry->name, 0, true);

  2534. 			}

  2535. 		}

  2536. 

  2537. 		ucl_object_insert_key (top, ar, "fuzzy_hashes", 0, false);

  2538. 	}

  2539. 

  2540. 	rspamd_controller_send_ucl (conn_ent, top);

  2541. 

  2542. 

  2543. 	return TRUE;

  2544. }

  2545. 

  2546. static void

  2547. rspamd_controller_stat_cleanup_task (void *ud)

  2548. {

  2549. 	struct rspamd_stat_cbdata *cbdata = ud;

  2550. 

  2551. 	rspamd_task_free (cbdata->task);

  2552. 	ucl_object_unref (cbdata->top);

  2553. }

  2554. 

  2555. /*

  2556.  * Stat command handler:

  2557.  * request: /stat (/resetstat)

  2558.  * headers: Password

  2559.  * reply: json data

  2560.  */

  2561. static int

  2562. rspamd_controller_handle_stat_common (

  2563. 	struct rspamd_http_connection_entry *conn_ent,

  2564. 	struct rspamd_http_message *msg,

  2565. 	gboolean do_reset)

  2566. {

  2567. 	struct rspamd_controller_session *session = conn_ent->ud;

  2568. 	ucl_object_t *top, *sub;

  2569. 	gint i;

  2570. 	int64_t uptime;

  2571. 	guint64 spam = 0, ham = 0;

  2572. 	rspamd_mempool_stat_t mem_st;

  2573. 	struct rspamd_stat *stat, stat_copy;

  2574. 	struct rspamd_controller_worker_ctx *ctx;

  2575. 	struct rspamd_task *task;

  2576. 	struct rspamd_stat_cbdata *cbdata;

  2577. 

  2578. 	memset (&mem_st, 0, sizeof (mem_st));

  2579. 	rspamd_mempool_stat (&mem_st);

  2580. 	memcpy (&stat_copy, session->ctx->worker->srv->stat, sizeof (stat_copy));

  2581. 	stat = &stat_copy;

  2582. 	ctx = session->ctx;

  2583. 

  2584. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  2585. 			ctx->lang_det, ctx->event_loop, FALSE);

  2586. 	task->resolver = ctx->resolver;

  2587. 	cbdata = rspamd_mempool_alloc0 (session->pool, sizeof (*cbdata));

  2588. 	cbdata->conn_ent = conn_ent;

  2589. 	cbdata->task = task;

  2590. 	top = ucl_object_typed_new (UCL_OBJECT);

  2591. 	cbdata->top = top;

  2592. 

  2593. 	task->s = rspamd_session_create (session->pool,

  2594. 			rspamd_controller_stat_fin_task,

  2595. 			NULL,

  2596. 			rspamd_controller_stat_cleanup_task,

  2597. 			cbdata);

  2598. 	task->fin_arg = cbdata;

  2599. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  2600. 	task->sock = conn_ent->conn->fd;

  2601. 

  2602. 	ucl_object_insert_key (top, ucl_object_fromstring (

  2603. 			RVERSION), "version",  0, false);

  2604. 	ucl_object_insert_key (top, ucl_object_fromstring (

  2605. 			session->ctx->cfg->checksum), "config_id", 0, false);

  2606. 	uptime = ev_time () - session->ctx->start_time;

  2607. 	ucl_object_insert_key (top, ucl_object_fromint (

  2608. 			uptime), "uptime", 0, false);

  2609. 	ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),

  2610. 			"read_only", 0, false);

  2611. 	ucl_object_insert_key (top, ucl_object_fromint (

  2612. 			stat->messages_scanned), "scanned", 0, false);

  2613. 	ucl_object_insert_key (top, ucl_object_fromint (

  2614. 			stat->messages_learned), "learned", 0, false);

  2615. 

  2616. 	if (stat->messages_scanned > 0) {

  2617. 		sub = ucl_object_typed_new (UCL_OBJECT);

  2618. 		for (i = METRIC_ACTION_REJECT; i <= METRIC_ACTION_NOACTION; i++) {

  2619. 			ucl_object_insert_key (sub,

  2620. 				ucl_object_fromint (stat->actions_stat[i]),

  2621. 				rspamd_action_to_str (i), 0, false);

  2622. 			if (i < METRIC_ACTION_GREYLIST) {

  2623. 				spam += stat->actions_stat[i];

  2624. 			}

  2625. 			else {

  2626. 				ham += stat->actions_stat[i];

  2627. 			}

  2628. 			if (do_reset) {

  2629. #ifndef HAVE_ATOMIC_BUILTINS

  2630. 				session->ctx->worker->srv->stat->actions_stat[i] = 0;

  2631. #else

  2632. 				__atomic_store_n(&session->ctx->worker->srv->stat->actions_stat[i],

  2633. 						0, __ATOMIC_RELEASE);

  2634. #endif

  2635. 			}

  2636. 		}

  2637. 		ucl_object_insert_key (top, sub, "actions", 0, false);

  2638. 	}

  2639. 

  2640. 	ucl_object_insert_key (top, ucl_object_fromint (

  2641. 			spam), "spam_count", 0, false);

  2642. 	ucl_object_insert_key (top, ucl_object_fromint (

  2643. 			ham),  "ham_count",	 0, false);

  2644. 	ucl_object_insert_key (top,

  2645. 		ucl_object_fromint (stat->connections_count), "connections", 0, false);

  2646. 	ucl_object_insert_key (top,

  2647. 		ucl_object_fromint (stat->control_connections_count),

  2648. 		"control_connections", 0, false);

  2649. 

  2650. 	ucl_object_insert_key (top,

  2651. 		ucl_object_fromint (mem_st.pools_allocated), "pools_allocated", 0,

  2652. 		false);

  2653. 	ucl_object_insert_key (top,

  2654. 		ucl_object_fromint (mem_st.pools_freed), "pools_freed", 0, false);

  2655. 	ucl_object_insert_key (top,

  2656. 		ucl_object_fromint (mem_st.bytes_allocated), "bytes_allocated", 0,

  2657. 		false);

  2658. 	ucl_object_insert_key (top,

  2659. 		ucl_object_fromint (

  2660. 			mem_st.chunks_allocated), "chunks_allocated", 0, false);

  2661. 	ucl_object_insert_key (top,

  2662. 		ucl_object_fromint (mem_st.shared_chunks_allocated),

  2663. 		"shared_chunks_allocated", 0, false);

  2664. 	ucl_object_insert_key (top,

  2665. 		ucl_object_fromint (mem_st.chunks_freed), "chunks_freed", 0, false);

  2666. 	ucl_object_insert_key (top,

  2667. 		ucl_object_fromint (

  2668. 			mem_st.oversized_chunks), "chunks_oversized", 0, false);

  2669. 	ucl_object_insert_key (top,

  2670. 			ucl_object_fromint (mem_st.fragmented_size), "fragmented", 0, false);

  2671. 

  2672. 	if (do_reset) {

  2673. 		session->ctx->srv->stat->messages_scanned = 0;

  2674. 		session->ctx->srv->stat->messages_learned = 0;

  2675. 		session->ctx->srv->stat->connections_count = 0;

  2676. 		session->ctx->srv->stat->control_connections_count = 0;

  2677. 		rspamd_mempool_stat_reset ();

  2678. 	}

  2679. 

  2680. 	fuzzy_stat_command (task);

  2681. 

  2682. 	/* Now write statistics for each statfile */

  2683. 	rspamd_stat_statistics (task, session->ctx->cfg, &cbdata->learned,

  2684. 			&cbdata->stat);

  2685. 	session->task = task;

  2686. 	rspamd_session_pending (task->s);

  2687. 

  2688. 	return 0;

  2689. }

  2690. 

  2691. static int

  2692. rspamd_controller_handle_stat (struct rspamd_http_connection_entry *conn_ent,

  2693. 	struct rspamd_http_message *msg)

  2694. {

  2695. 	struct rspamd_controller_session *session = conn_ent->ud;

  2696. 

  2697. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2698. 		return 0;

  2699. 	}

  2700. 

  2701. 	return rspamd_controller_handle_stat_common (conn_ent, msg, FALSE);

  2702. }

  2703. 

  2704. static int

  2705. rspamd_controller_handle_statreset (

  2706. 	struct rspamd_http_connection_entry *conn_ent,

  2707. 	struct rspamd_http_message *msg)

  2708. {

  2709. 	struct rspamd_controller_session *session = conn_ent->ud;

  2710. 

  2711. 	if (!rspamd_controller_check_password (conn_ent, session, msg, TRUE)) {

  2712. 		return 0;

  2713. 	}

  2714. 

  2715. 	msg_info_session ("<%s> reset stat",

  2716. 			rspamd_inet_address_to_string (session->from_addr));

  2717. 	return rspamd_controller_handle_stat_common (conn_ent, msg, TRUE);

  2718. }

  2719. 

  2720. 

  2721. /*

  2722.  * Counters command handler:

  2723.  * request: /counters

  2724.  * headers: Password

  2725.  * reply: json array of all counters

  2726.  */

  2727. static int

  2728. rspamd_controller_handle_counters (

  2729. 	struct rspamd_http_connection_entry *conn_ent,

  2730. 	struct rspamd_http_message *msg)

  2731. {

  2732. 	struct rspamd_controller_session *session = conn_ent->ud;

  2733. 	ucl_object_t *top;

  2734. 	struct rspamd_symcache *cache;

  2735. 

  2736. 	if (!rspamd_controller_check_password (conn_ent, session, msg, FALSE)) {

  2737. 		return 0;

  2738. 	}

  2739. 

  2740. 	cache = session->ctx->cfg->cache;

  2741. 

  2742. 	if (cache != NULL) {

  2743. 		top = rspamd_symcache_counters (cache);

  2744. 		rspamd_controller_send_ucl (conn_ent, top);

  2745. 		ucl_object_unref (top);

  2746. 	}

  2747. 	else {

  2748. 		rspamd_controller_send_error (conn_ent, 500, "Invalid cache");

  2749. 	}

  2750. 

  2751. 	return 0;

  2752. }

  2753. 

  2754. static int

  2755. rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,

  2756. 	struct rspamd_http_message *msg)

  2757. {

  2758. 	struct rspamd_controller_session *session = conn_ent->ud;

  2759. 	struct rspamd_custom_controller_command *cmd;

  2760. 	gchar *url_str;

  2761. 	struct http_parser_url u;

  2762. 	rspamd_ftok_t lookup;

  2763. 

  2764. 	http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);

  2765. 

  2766. 	if (u.field_set & (1 << UF_PATH)) {

  2767. 		guint unnorm_len;

  2768. 		lookup.begin = msg->url->str + u.field_data[UF_PATH].off;

  2769. 		lookup.len = u.field_data[UF_PATH].len;

  2770. 

  2771. 		rspamd_http_normalize_path_inplace ((gchar *)lookup.begin,

  2772. 				lookup.len,

  2773. 				&unnorm_len);

  2774. 		lookup.len = unnorm_len;

  2775. 	}

  2776. 	else {

  2777. 		lookup.begin = msg->url->str;

  2778. 		lookup.len = msg->url->len;

  2779. 	}

  2780. 

  2781. 	url_str = rspamd_ftok_cstr (&lookup);

  2782. 	cmd = g_hash_table_lookup (session->ctx->custom_commands, url_str);

  2783. 	g_free (url_str);

  2784. 

  2785. 	if (cmd == NULL || cmd->handler == NULL) {

  2786. 		msg_err_session ("custom command %T has not been found", &lookup);

  2787. 		rspamd_controller_send_error (conn_ent, 404, "No command associated");

  2788. 		return 0;

  2789. 	}

  2790. 

  2791. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  2792. 		cmd->privilleged)) {

  2793. 		return 0;

  2794. 	}

  2795. 	if (cmd->require_message && (rspamd_http_message_get_body (msg, NULL) == NULL)) {

  2796. 		msg_err_session ("got zero length body, cannot continue");

  2797. 		rspamd_controller_send_error (conn_ent,

  2798. 			400,

  2799. 			"Empty body is not permitted");

  2800. 		return 0;

  2801. 	}

  2802. 

  2803. 	/* Transfer query arguments to headers */

  2804. 	if (u.field_set & (1u << UF_QUERY)) {

  2805. 		GHashTable *query_args;

  2806. 		GHashTableIter it;

  2807. 		gpointer k, v;

  2808. 		rspamd_ftok_t *key, *value;

  2809. 

  2810. 		/* In case if we have a query, we need to store it somewhere */

  2811. 		query_args = rspamd_http_message_parse_query (msg);

  2812. 

  2813. 		/* Insert the rest of query params as HTTP headers */

  2814. 		g_hash_table_iter_init (&it, query_args);

  2815. 

  2816. 		while (g_hash_table_iter_next (&it, &k, &v)) {

  2817. 			key = k;

  2818. 			value = v;

  2819. 			/* Steal strings */

  2820. 			g_hash_table_iter_steal (&it);

  2821. 			url_str = rspamd_ftok_cstr (key);

  2822. 			rspamd_http_message_add_header_len (msg, url_str,

  2823. 					value->begin, value->len);

  2824. 			g_free (url_str);

  2825. 		}

  2826. 

  2827. 		g_hash_table_unref (query_args);

  2828. 	}

  2829. 

  2830. 	return cmd->handler (conn_ent, msg, cmd->ctx);

  2831. }

  2832. 

  2833. static int

  2834. rspamd_controller_handle_plugins (struct rspamd_http_connection_entry *conn_ent,

  2835. 	struct rspamd_http_message *msg)

  2836. {

  2837. 	struct rspamd_controller_session *session = conn_ent->ud;

  2838. 	struct rspamd_controller_plugin_cbdata *cbd;

  2839. 	GHashTableIter it;

  2840. 	gpointer k, v;

  2841. 	ucl_object_t *plugins;

  2842. 

  2843. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  2844. 			FALSE)) {

  2845. 		return 0;

  2846. 	}

  2847. 

  2848. 	plugins = ucl_object_typed_new (UCL_OBJECT);

  2849. 	g_hash_table_iter_init (&it, session->ctx->plugins);

  2850. 

  2851. 	while (g_hash_table_iter_next (&it, &k, &v)) {

  2852. 		ucl_object_t *elt, *npath;

  2853. 

  2854. 		cbd = v;

  2855. 		elt = (ucl_object_t *)ucl_object_lookup (plugins, cbd->plugin);

  2856. 

  2857. 		if (elt == NULL) {

  2858. 			elt = ucl_object_typed_new (UCL_OBJECT);

  2859. 			ucl_object_insert_key (elt, ucl_object_fromint (cbd->version),

  2860. 					"version", 0, false);

  2861. 			npath = ucl_object_typed_new (UCL_ARRAY);

  2862. 			ucl_object_insert_key (elt, npath, "paths", 0, false);

  2863. 			ucl_object_insert_key (plugins, elt, cbd->plugin, 0, false);

  2864. 		}

  2865. 		else {

  2866. 			npath = (ucl_object_t *)ucl_object_lookup (elt, "paths");

  2867. 		}

  2868. 

  2869. 		g_assert (npath != NULL);

  2870. 		rspamd_ftok_t *key_tok = (rspamd_ftok_t *)k;

  2871. 		ucl_array_append (npath, ucl_object_fromlstring (key_tok->begin, key_tok->len));

  2872. 	}

  2873. 

  2874. 	rspamd_controller_send_ucl (conn_ent, plugins);

  2875. 	ucl_object_unref (plugins);

  2876. 

  2877. 	return 0;

  2878. }

  2879. 

  2880. static int

  2881. rspamd_controller_handle_ping (struct rspamd_http_connection_entry *conn_ent,

  2882. 		struct rspamd_http_message *msg)

  2883. {

  2884. 	struct rspamd_http_message *rep_msg;

  2885. 	rspamd_fstring_t *reply;

  2886. 

  2887. 	rep_msg = rspamd_http_new_message (HTTP_RESPONSE);

  2888. 	rep_msg->date = time (NULL);

  2889. 	rep_msg->code = 200;

  2890. 	rep_msg->status = rspamd_fstring_new_init ("OK", 2);

  2891. 	reply = rspamd_fstring_new_init ("pong" CRLF, strlen ("pong" CRLF));

  2892. 	rspamd_http_message_set_body_from_fstring_steal (rep_msg, reply);

  2893. 	rspamd_http_connection_reset (conn_ent->conn);

  2894. 	rspamd_http_router_insert_headers (conn_ent->rt, rep_msg);

  2895. 	rspamd_http_connection_write_message (conn_ent->conn,

  2896. 			rep_msg,

  2897. 			NULL,

  2898. 			"text/plain",

  2899. 			conn_ent,

  2900. 			conn_ent->rt->timeout);

  2901. 	conn_ent->is_reply = TRUE;

  2902. 

  2903. 	return 0;

  2904. }

  2905. 

  2906. /*

  2907.  * Called on unknown methods and is used to deal with CORS as per

  2908.  * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

  2909.  */

  2910. static int

  2911. rspamd_controller_handle_unknown (struct rspamd_http_connection_entry *conn_ent,

  2912. 	struct rspamd_http_message *msg)

  2913. {

  2914. 	struct rspamd_http_message *rep;

  2915. 

  2916. 	if (msg->method == HTTP_OPTIONS) {

  2917. 		/* Assume CORS request */

  2918. 

  2919. 		rep = rspamd_http_new_message (HTTP_RESPONSE);

  2920. 		rep->date = time (NULL);

  2921. 		rep->code = 200;

  2922. 		rep->status = rspamd_fstring_new_init ("OK", 2);

  2923. 		rspamd_http_message_add_header (rep, "Access-Control-Allow-Methods",

  2924. 				"POST, GET, OPTIONS");

  2925. 		rspamd_http_message_add_header (rep, "Access-Control-Allow-Headers",

  2926. 						"Content-Type,Password,Map,Weight,Flag");

  2927. 		rspamd_http_connection_reset (conn_ent->conn);

  2928. 		rspamd_http_router_insert_headers (conn_ent->rt, rep);

  2929. 		rspamd_http_connection_write_message (conn_ent->conn,

  2930. 				rep,

  2931. 				NULL,

  2932. 				"text/plain",

  2933. 				conn_ent,

  2934. 				conn_ent->rt->timeout);

  2935. 		conn_ent->is_reply = TRUE;

  2936. 	}

  2937. 	else {

  2938. 		rep = rspamd_http_new_message (HTTP_RESPONSE);

  2939. 		rep->date = time (NULL);

  2940. 		rep->code = 500;

  2941. 		rep->status = rspamd_fstring_new_init ("Invalid method",

  2942. 				strlen ("Invalid method"));

  2943. 		rspamd_http_connection_reset (conn_ent->conn);

  2944. 		rspamd_http_router_insert_headers (conn_ent->rt, rep);

  2945. 		rspamd_http_connection_write_message (conn_ent->conn,

  2946. 				rep,

  2947. 				NULL,

  2948. 				"text/plain",

  2949. 				conn_ent,

  2950. 				conn_ent->rt->timeout);

  2951. 		conn_ent->is_reply = TRUE;

  2952. 	}

  2953. 

  2954. 	return 0;

  2955. }

  2956. 

  2957. static int

  2958. rspamd_controller_handle_lua_plugin (struct rspamd_http_connection_entry *conn_ent,

  2959. 	struct rspamd_http_message *msg)

  2960. {

  2961. 	struct rspamd_controller_session *session = conn_ent->ud;

  2962. 	struct rspamd_controller_plugin_cbdata *cbd;

  2963. 	struct rspamd_task *task, **ptask;

  2964. 	struct rspamd_http_connection_entry **pconn;

  2965. 	struct rspamd_controller_worker_ctx *ctx;

  2966. 	lua_State *L;

  2967. 	struct http_parser_url u;

  2968. 	rspamd_ftok_t lookup;

  2969. 

  2970. 

  2971. 	http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);

  2972. 

  2973. 	if (u.field_set & (1 << UF_PATH)) {

  2974. 		guint unnorm_len;

  2975. 		lookup.begin = msg->url->str + u.field_data[UF_PATH].off;

  2976. 		lookup.len = u.field_data[UF_PATH].len;

  2977. 

  2978. 		rspamd_http_normalize_path_inplace ((gchar *)lookup.begin,

  2979. 				lookup.len,

  2980. 				&unnorm_len);

  2981. 		lookup.len = unnorm_len;

  2982. 	}

  2983. 	else {

  2984. 		lookup.begin = msg->url->str;

  2985. 		lookup.len = msg->url->len;

  2986. 	}

  2987. 

  2988. 	cbd = g_hash_table_lookup (session->ctx->plugins, &lookup);

  2989. 

  2990. 	if (cbd == NULL || cbd->handler == NULL) {

  2991. 		msg_err_session ("plugin handler %T has not been found", &lookup);

  2992. 		rspamd_controller_send_error (conn_ent, 404, "No command associated");

  2993. 		return 0;

  2994. 	}

  2995. 

  2996. 	L = cbd->L;

  2997. 	ctx = cbd->ctx;

  2998. 

  2999. 	if (!rspamd_controller_check_password (conn_ent, session, msg,

  3000. 		cbd->is_enable)) {

  3001. 		return 0;

  3002. 	}

  3003. 	if (cbd->need_task && (rspamd_http_message_get_body (msg, NULL) == NULL)) {

  3004. 		msg_err_session ("got zero length body, cannot continue");

  3005. 		rspamd_controller_send_error (conn_ent,

  3006. 			400,

  3007. 			"Empty body is not permitted");

  3008. 		return 0;

  3009. 	}

  3010. 

  3011. 	task = rspamd_task_new (session->ctx->worker, session->cfg, session->pool,

  3012. 			ctx->lang_det, ctx->event_loop, FALSE);

  3013. 

  3014. 	task->resolver = ctx->resolver;

  3015. 	task->s = rspamd_session_create (session->pool,

  3016. 			rspamd_controller_lua_fin_task,

  3017. 			NULL,

  3018. 			(event_finalizer_t )rspamd_task_free,

  3019. 			task);

  3020. 	task->fin_arg = conn_ent;

  3021. 	task->http_conn = rspamd_http_connection_ref (conn_ent->conn);;

  3022. 	task->sock = -1;

  3023. 	session->task = task;

  3024. 

  3025. 	if (msg->body_buf.len > 0) {

  3026. 		if (!rspamd_task_load_message (task, msg, msg->body_buf.begin, msg->body_buf.len)) {

  3027. 			rspamd_controller_send_error (conn_ent, task->err->code, "%s",

  3028. 					task->err->message);

  3029. 			return 0;

  3030. 		}

  3031. 	}

  3032. 

  3033. 	/* Callback */

  3034. 	lua_rawgeti (L, LUA_REGISTRYINDEX, cbd->handler->idx);

  3035. 

  3036. 	/* Task */

  3037. 	ptask = lua_newuserdata (L, sizeof (*ptask));

  3038. 	rspamd_lua_setclass (L, "rspamd{task}", -1);

  3039. 	*ptask = task;

  3040. 

  3041. 	/* Connection */

  3042. 	pconn = lua_newuserdata (L, sizeof (*pconn));

  3043. 	rspamd_lua_setclass (L, "rspamd{csession}", -1);

  3044. 	*pconn = conn_ent;

  3045. 

  3046. 	/* Query arguments */

  3047. 	GHashTable *params;

  3048. 	GHashTableIter it;

  3049. 	gpointer k, v;

  3050. 

  3051. 	params = rspamd_http_message_parse_query (msg);

  3052. 	lua_createtable (L, g_hash_table_size (params), 0);

  3053. 	g_hash_table_iter_init (&it, params);

  3054. 

  3055. 	while (g_hash_table_iter_next (&it, &k, &v)) {

  3056. 		rspamd_ftok_t *key_tok = (rspamd_ftok_t *)k,

  3057. 			*value_tok = (rspamd_ftok_t *)v;

  3058. 

  3059. 		lua_pushlstring (L, key_tok->begin, key_tok->len);

  3060. 		/* TODO: consider rspamd_text here */

  3061. 		lua_pushlstring (L, value_tok->begin, value_tok->len);

  3062. 		lua_settable (L, -3);

  3063. 	}

  3064. 

  3065. 	g_hash_table_unref (params);

  3066. 

  3067. 	if (lua_pcall (L, 3, 0, 0) != 0) {

  3068. 		rspamd_controller_send_error (conn_ent, 503, "Cannot run callback: %s",

  3069. 				lua_tostring (L, -1));

  3070. 		lua_settop (L, 0);

  3071. 

  3072. 		return 0;

  3073. 	}

  3074. 

  3075. 	rspamd_session_pending (task->s);

  3076. 

  3077. 	return 0;

  3078. }

  3079. 

  3080. 

  3081. static void

  3082. rspamd_controller_error_handler (struct rspamd_http_connection_entry *conn_ent,

  3083. 	GError *err)

  3084. {

  3085. 	struct rspamd_controller_session *session = conn_ent->ud;

  3086. 

  3087. 	msg_err_session ("http error occurred: %s", err->message);

  3088. }

  3089. 

  3090. static void

  3091. rspamd_controller_finish_handler (struct rspamd_http_connection_entry *conn_ent)

  3092. {

  3093. 	struct rspamd_controller_session *session = conn_ent->ud;

  3094. 

  3095. 	session->ctx->worker->srv->stat->control_connections_count++;

  3096. 

  3097. 	if (session->task != NULL) {

  3098. 		rspamd_session_destroy (session->task->s);

  3099. 	}

  3100. 

  3101. 	session->wrk->nconns --;

  3102. 	rspamd_inet_address_free (session->from_addr);

  3103. 	REF_RELEASE (session->cfg);

  3104. 

  3105. 	if (session->pool) {

  3106. 		msg_debug_session ("destroy session %p", session);

  3107. 		rspamd_mempool_delete (session->pool);

  3108. 	}

  3109. 

  3110. 	g_free (session);

  3111. }

  3112. 

  3113. static void

  3114. rspamd_controller_accept_socket (EV_P_ ev_io *w, int revents)

  3115. {

  3116. 	struct rspamd_worker *worker = (struct rspamd_worker *)w->data;

  3117. 	struct rspamd_controller_worker_ctx *ctx;

  3118. 	struct rspamd_controller_session *session;

  3119. 	rspamd_inet_addr_t *addr;

  3120. 	gint nfd;

  3121. 

  3122. 	ctx = worker->ctx;

  3123. 

  3124. 	if ((nfd =

  3125. 		rspamd_accept_from_socket (w->fd, &addr,

  3126. 				rspamd_worker_throttle_accept_events, worker->accept_events)) == -1) {

  3127. 		msg_warn_ctx ("accept failed: %s", strerror (errno));

  3128. 		return;

  3129. 	}

  3130. 	/* Check for EAGAIN */

  3131. 	if (nfd == 0) {

  3132. 		return;

  3133. 	}

  3134. 

  3135. 	session = g_malloc0 (sizeof (struct rspamd_controller_session));

  3136. 	session->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (),

  3137. 			"csession", 0);

  3138. 	session->ctx = ctx;

  3139. 	session->cfg = ctx->cfg;

  3140. 	session->lang_det = ctx->lang_det;

  3141. 	REF_RETAIN (session->cfg);

  3142. 

  3143. 	session->from_addr = addr;

  3144. 	session->wrk = worker;

  3145. 	worker->nconns ++;

  3146. 

  3147. 	rspamd_http_router_handle_socket (ctx->http, nfd, session);

  3148. }

  3149. 

  3150. static void

  3151. rspamd_controller_password_sane (struct rspamd_controller_worker_ctx *ctx,

  3152. 		const gchar *password, const gchar *type)

  3153. {

  3154. 	const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0];

  3155. 

  3156. 	if (password == NULL) {

  3157. 		msg_warn_ctx ("%s is not set, so you should filter controller "

  3158. 				"availability "

  3159. 				"by using of firewall or `secure_ip` option", type);

  3160. 		return;

  3161. 	}

  3162. 

  3163. 	g_assert (pbkdf != NULL);

  3164. 

  3165. 	if (!rspamd_is_encrypted_password (password, NULL)) {

  3166. 		/* Suggest encryption to a user */

  3167. 

  3168. 		msg_warn_ctx ("your %s is not encrypted, we strongly "

  3169. 				"recommend to replace it with the encrypted one", type);

  3170. 	}

  3171. }

  3172. 

  3173. gpointer

  3174. init_controller_worker (struct rspamd_config *cfg)

  3175. {

  3176. 	struct rspamd_controller_worker_ctx *ctx;

  3177. 	GQuark type;

  3178. 

  3179. 	type = g_quark_try_string ("controller");

  3180. 

  3181. 	ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,

  3182. 			sizeof (struct rspamd_controller_worker_ctx));

  3183. 

  3184. 	ctx->magic = rspamd_controller_ctx_magic;

  3185. 	ctx->timeout = DEFAULT_WORKER_IO_TIMEOUT;

  3186. 	ctx->task_timeout = NAN;

  3187. 

  3188. 	rspamd_rcl_register_worker_option (cfg,

  3189. 			type,

  3190. 			"password",

  3191. 			rspamd_rcl_parse_struct_string,

  3192. 			ctx,

  3193. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, password),

  3194. 			0,

  3195. 			"Password for read-only commands");

  3196. 

  3197. 	rspamd_rcl_register_worker_option (cfg,

  3198. 			type,

  3199. 			"enable_password",

  3200. 			rspamd_rcl_parse_struct_string,

  3201. 			ctx,

  3202. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3203. 					enable_password),

  3204. 			0,

  3205. 			"Password for read and write commands");

  3206. 

  3207. 	rspamd_rcl_register_worker_option (cfg,

  3208. 			type,

  3209. 			"ssl",

  3210. 			rspamd_rcl_parse_struct_boolean,

  3211. 			ctx,

  3212. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, use_ssl),

  3213. 			0,

  3214. 			"Unimplemented");

  3215. 

  3216. 	rspamd_rcl_register_worker_option (cfg,

  3217. 			type,

  3218. 			"ssl_cert",

  3219. 			rspamd_rcl_parse_struct_string,

  3220. 			ctx,

  3221. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_cert),

  3222. 			0,

  3223. 			"Unimplemented");

  3224. 

  3225. 	rspamd_rcl_register_worker_option (cfg,

  3226. 			type,

  3227. 			"ssl_key",

  3228. 			rspamd_rcl_parse_struct_string,

  3229. 			ctx,

  3230. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, ssl_key),

  3231. 			0,

  3232. 			"Unimplemented");

  3233. 	rspamd_rcl_register_worker_option (cfg,

  3234. 			type,

  3235. 			"timeout",

  3236. 			rspamd_rcl_parse_struct_time,

  3237. 			ctx,

  3238. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3239. 					timeout),

  3240. 			RSPAMD_CL_FLAG_TIME_FLOAT,

  3241. 			"Protocol timeout");

  3242. 

  3243. 	rspamd_rcl_register_worker_option (cfg,

  3244. 			type,

  3245. 			"secure_ip",

  3246. 			rspamd_rcl_parse_struct_ucl,

  3247. 			ctx,

  3248. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),

  3249. 			0,

  3250. 			"List of IP addresses that are allowed for password-less access");

  3251. 

  3252. 	rspamd_rcl_register_worker_option (cfg,

  3253. 			type,

  3254. 			"trusted_ips",

  3255. 			rspamd_rcl_parse_struct_ucl,

  3256. 			ctx,

  3257. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip),

  3258. 			0,

  3259. 			"List of IP addresses that are allowed for password-less access");

  3260. 

  3261. 	rspamd_rcl_register_worker_option (cfg,

  3262. 			type,

  3263. 			"static_dir",

  3264. 			rspamd_rcl_parse_struct_string,

  3265. 			ctx,

  3266. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3267. 					static_files_dir),

  3268. 			0,

  3269. 			"Directory for static files served by controller's HTTP server");

  3270. 

  3271. 	rspamd_rcl_register_worker_option (cfg,

  3272. 			type,

  3273. 			"keypair",

  3274. 			rspamd_rcl_parse_struct_keypair,

  3275. 			ctx,

  3276. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3277. 					key),

  3278. 			0,

  3279. 			"Encryption keypair");

  3280. 

  3281. 	rspamd_rcl_register_worker_option (cfg,

  3282. 			type,

  3283. 			"task_timeout",

  3284. 			rspamd_rcl_parse_struct_time,

  3285. 			ctx,

  3286. 			G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx,

  3287. 					task_timeout),

  3288. 			RSPAMD_CL_FLAG_TIME_FLOAT,

  3289. 			"Maximum task processing time, default: 8.0 seconds");

  3290. 

  3291. 	return ctx;

  3292. }

  3293. 

  3294. /* Lua bindings */

  3295. LUA_FUNCTION_DEF (csession, get_ev_base);

  3296. LUA_FUNCTION_DEF (csession, get_cfg);

  3297. LUA_FUNCTION_DEF (csession, send_ucl);

  3298. LUA_FUNCTION_DEF (csession, send_string);

  3299. LUA_FUNCTION_DEF (csession, send_error);

  3300. 

  3301. static const struct luaL_reg lua_csessionlib_m[] = {

  3302. 	LUA_INTERFACE_DEF (csession, get_ev_base),

  3303. 	LUA_INTERFACE_DEF (csession, get_cfg),

  3304. 	LUA_INTERFACE_DEF (csession, send_ucl),

  3305. 	LUA_INTERFACE_DEF (csession, send_string),

  3306. 	LUA_INTERFACE_DEF (csession, send_error),

  3307. 	{"__tostring", rspamd_lua_class_tostring},

  3308. 	{NULL, NULL}

  3309. };

  3310. 

  3311. /* Basic functions of LUA API for worker object */

  3312. static void

  3313. luaopen_controller (lua_State * L)

  3314. {

  3315. 	rspamd_lua_new_class (L, "rspamd{csession}", lua_csessionlib_m);

  3316. 	lua_pop (L, 1);

  3317. }

  3318. 

  3319. struct rspamd_http_connection_entry *

  3320. lua_check_controller_entry (lua_State * L, gint pos)

  3321. {

  3322. 	void *ud = rspamd_lua_check_udata (L, pos, "rspamd{csession}");

  3323. 	luaL_argcheck (L, ud != NULL, pos, "'csession' expected");

  3324. 	return ud ? *((struct rspamd_http_connection_entry **)ud) : NULL;

  3325. }

  3326. 

  3327. static int

  3328. lua_csession_get_ev_base (lua_State *L)

  3329. {

  3330. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3331. 	struct ev_loop **pbase;

  3332. 	struct rspamd_controller_session *s;

  3333. 

  3334. 	if (c) {

  3335. 		s = c->ud;

  3336. 		pbase = lua_newuserdata (L, sizeof (struct ev_loop *));

  3337. 		rspamd_lua_setclass (L, "rspamd{ev_base}", -1);

  3338. 		*pbase = s->ctx->event_loop;

  3339. 	}

  3340. 	else {

  3341. 		return luaL_error (L, "invalid arguments");

  3342. 	}

  3343. 

  3344. 	return 1;

  3345. }

  3346. 

  3347. static int

  3348. lua_csession_get_cfg (lua_State *L)

  3349. {

  3350. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3351. 	struct rspamd_config **pcfg;

  3352. 	struct rspamd_controller_session *s;

  3353. 

  3354. 	if (c) {

  3355. 		s = c->ud;

  3356. 		pcfg = lua_newuserdata (L, sizeof (gpointer));

  3357. 		rspamd_lua_setclass (L, "rspamd{config}", -1);

  3358. 		*pcfg = s->ctx->cfg;

  3359. 	}

  3360. 	else {

  3361. 		return luaL_error (L, "invalid arguments");

  3362. 	}

  3363. 

  3364. 	return 1;

  3365. }

  3366. 

  3367. static int

  3368. lua_csession_send_ucl (lua_State *L)

  3369. {

  3370. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3371. 	ucl_object_t *obj = ucl_object_lua_import_escape (L, 2);

  3372. 

  3373. 	if (c) {

  3374. 		rspamd_controller_send_ucl (c, obj);

  3375. 	}

  3376. 	else {

  3377. 		ucl_object_unref (obj);

  3378. 		return luaL_error (L, "invalid arguments");

  3379. 	}

  3380. 

  3381. 	ucl_object_unref (obj);

  3382. 

  3383. 	return 0;

  3384. }

  3385. 

  3386. static int

  3387. lua_csession_send_error (lua_State *L)

  3388. {

  3389. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3390. 	guint err_code = lua_tonumber (L, 2);

  3391. 	const gchar *err_str = lua_tostring (L, 3);

  3392. 

  3393. 	if (c) {

  3394. 		rspamd_controller_send_error (c, err_code, "%s", err_str);

  3395. 	}

  3396. 	else {

  3397. 		return luaL_error (L, "invalid arguments");

  3398. 	}

  3399. 

  3400. 	return 0;

  3401. }

  3402. 

  3403. static int

  3404. lua_csession_send_string (lua_State *L)

  3405. {

  3406. 	struct rspamd_http_connection_entry *c = lua_check_controller_entry (L, 1);

  3407. 	const gchar *str = lua_tostring (L, 2);

  3408. 

  3409. 	if (c) {

  3410. 		rspamd_controller_send_string (c, str);

  3411. 	}

  3412. 	else {

  3413. 		return luaL_error (L, "invalid arguments");

  3414. 	}

  3415. 

  3416. 	return 0;

  3417. }

  3418. 

  3419. static void

  3420. rspamd_plugin_cbdata_dtor (gpointer p)

  3421. {

  3422. 	struct rspamd_controller_plugin_cbdata *cbd = p;

  3423. 

  3424. 	g_free (cbd->plugin);

  3425. 	ucl_object_unref (cbd->obj); /* This also releases lua references */

  3426. 	g_free (cbd);

  3427. }

  3428. 

  3429. static void

  3430. rspamd_controller_register_plugin_path (lua_State *L,

  3431. 		struct rspamd_controller_worker_ctx *ctx,

  3432. 		const ucl_object_t *webui_data,

  3433. 		const ucl_object_t *handler,

  3434. 		const gchar *path,

  3435. 		const gchar *plugin_name)

  3436. {

  3437. 	struct rspamd_controller_plugin_cbdata *cbd;

  3438. 	const ucl_object_t *elt;

  3439. 	rspamd_fstring_t *full_path;

  3440. 

  3441. 	cbd = g_malloc0 (sizeof (*cbd));

  3442. 	cbd->L = L;

  3443. 	cbd->ctx = ctx;

  3444. 	cbd->handler = ucl_object_toclosure (handler);

  3445. 	cbd->plugin = g_strdup (plugin_name);

  3446. 	cbd->obj = ucl_object_ref (webui_data);

  3447. 

  3448. 	elt = ucl_object_lookup (webui_data, "version");

  3449. 

  3450. 	if (elt) {

  3451. 		cbd->version = ucl_object_toint (elt);

  3452. 	}

  3453. 

  3454. 	elt = ucl_object_lookup (webui_data, "enable");

  3455. 

  3456. 	if (elt && ucl_object_toboolean (elt)) {

  3457. 		cbd->is_enable = TRUE;

  3458. 	}

  3459. 

  3460. 	elt = ucl_object_lookup (webui_data, "need_task");

  3461. 

  3462. 	if (elt && !!ucl_object_toboolean (elt)) {

  3463. 		cbd->need_task = TRUE;

  3464. 	}

  3465. 

  3466. 	full_path = rspamd_fstring_new_init ("/plugins/", sizeof ("/plugins/") - 1);

  3467. 	/* Zero terminated */

  3468. 	rspamd_printf_fstring (&full_path, "%s/%s%c",

  3469. 			plugin_name, path, '\0');

  3470. 

  3471. 	rspamd_http_router_add_path (ctx->http,

  3472. 			full_path->str,

  3473. 			rspamd_controller_handle_lua_plugin);

  3474. 	rspamd_ftok_t *key_tok = rspamd_ftok_map (full_path);

  3475. 	/* Truncate stupid \0 symbol to enable lookup */

  3476. 	key_tok->len --;

  3477. 	g_hash_table_insert (ctx->plugins, key_tok, cbd);

  3478. }

  3479. 

  3480. static void

  3481. rspamd_controller_register_plugins_paths (struct rspamd_controller_worker_ctx *ctx)

  3482. {

  3483. 	lua_State *L = ctx->cfg->lua_state;

  3484. 	ucl_object_t *webui_data;

  3485. 	const ucl_object_t *handler_obj, *cur;

  3486. 	ucl_object_iter_t it = NULL;

  3487. 

  3488. 	lua_getglobal (L, "rspamd_plugins");

  3489. 

  3490. 	if (lua_istable (L, -1)) {

  3491. 

  3492. 		for (lua_pushnil (L); lua_next (L, -2); lua_pop (L, 2)) {

  3493. 			lua_pushvalue (L, -2); /* Store key */

  3494. 

  3495. 			lua_pushstring (L, "webui");

  3496. 			lua_gettable (L, -3); /* value is at -3 index */

  3497. 

  3498. 			if (lua_istable (L, -1)) {

  3499. 				webui_data = ucl_object_lua_import_escape (L, -1);

  3500. 

  3501. 				while ((cur = ucl_object_iterate (webui_data, &it, true)) != NULL) {

  3502. 					handler_obj = ucl_object_lookup (cur, "handler");

  3503. 

  3504. 					if (handler_obj && ucl_object_key (cur)) {

  3505. 						rspamd_controller_register_plugin_path (L, ctx,

  3506. 								cur, handler_obj, ucl_object_key (cur),

  3507. 								lua_tostring (L, -2));

  3508. 					}

  3509. 					else {

  3510. 						msg_err_ctx ("bad webui definition for plugin: %s",

  3511. 								lua_tostring (L, -2));

  3512. 					}

  3513. 				}

  3514. 

  3515. 				ucl_object_unref (webui_data);

  3516. 			}

  3517. 

  3518. 			lua_pop (L, 1); /* remove table value */

  3519. 		}

  3520. 	}

  3521. 

  3522. 	lua_pop (L, 1); /* rspamd_plugins global */

  3523. }

  3524. 

  3525. /*

  3526.  * Start worker process

  3527.  */

  3528. __attribute__((noreturn))

  3529. void

  3530. start_controller_worker (struct rspamd_worker *worker)

  3531. {

  3532. 	struct rspamd_controller_worker_ctx *ctx = worker->ctx;

  3533. 	struct module_ctx *mctx;

  3534. 	GHashTableIter iter;

  3535. 	gpointer key, value;

  3536. 	guint i;

  3537. 	gpointer m;

  3538. 

  3539. 	g_assert (rspamd_worker_check_context (worker->ctx, rspamd_controller_ctx_magic));

  3540. 	ctx->event_loop = rspamd_prepare_worker (worker,

  3541. 			"controller",

  3542. 			rspamd_controller_accept_socket);

  3543. 

  3544. 	ctx->start_time = ev_time ();

  3545. 	ctx->worker = worker;

  3546. 	ctx->cfg = worker->srv->cfg;

  3547. 	ctx->srv = worker->srv;

  3548. 	ctx->custom_commands = g_hash_table_new (rspamd_strcase_hash,

  3549. 			rspamd_strcase_equal);

  3550. 	ctx->plugins = g_hash_table_new_full (rspamd_ftok_icase_hash,

  3551. 			rspamd_ftok_icase_equal, rspamd_fstring_mapped_ftok_free,

  3552. 			rspamd_plugin_cbdata_dtor);

  3553. 

  3554. 	if (isnan (ctx->task_timeout)) {

  3555. 		if (isnan (ctx->cfg->task_timeout)) {

  3556. 			ctx->task_timeout = 0;

  3557. 		}

  3558. 		else {

  3559. 			ctx->task_timeout = ctx->cfg->task_timeout;

  3560. 		}

  3561. 	}

  3562. 

  3563. 	if (ctx->secure_ip != NULL) {

  3564. 		rspamd_config_radix_from_ucl (ctx->cfg, ctx->secure_ip,

  3565. 				"Allow unauthenticated requests from these addresses",

  3566. 				&ctx->secure_map,

  3567. 				NULL,

  3568. 				worker, "controller secure ip");

  3569. 	}

  3570. 

  3571. 	ctx->lang_det = ctx->cfg->lang_det;

  3572. 

  3573. 	rspamd_controller_password_sane (ctx, ctx->password, "normal password");

  3574. 	rspamd_controller_password_sane (ctx, ctx->enable_password, "enable "

  3575. 			"password");

  3576. 

  3577. 	/* Accept event */

  3578. 	ctx->http_ctx = rspamd_http_context_create (ctx->cfg, ctx->event_loop,

  3579. 			ctx->cfg->ups_ctx);

  3580. 	rspamd_mempool_add_destructor (ctx->cfg->cfg_pool,

  3581. 			(rspamd_mempool_destruct_t)rspamd_http_context_free,

  3582. 			ctx->http_ctx);

  3583. 	ctx->http = rspamd_http_router_new (rspamd_controller_error_handler,

  3584. 			rspamd_controller_finish_handler, ctx->timeout,

  3585. 			ctx->static_files_dir, ctx->http_ctx);

  3586. 

  3587. 	/* Add callbacks for different methods */

  3588. 	rspamd_http_router_add_path (ctx->http,

  3589. 			PATH_AUTH,

  3590. 			rspamd_controller_handle_auth);

  3591. 	rspamd_http_router_add_path (ctx->http,

  3592. 			PATH_SYMBOLS,

  3593. 			rspamd_controller_handle_symbols);

  3594. 	rspamd_http_router_add_path (ctx->http,

  3595. 			PATH_ACTIONS,

  3596. 			rspamd_controller_handle_actions);

  3597. 	rspamd_http_router_add_path (ctx->http,

  3598. 			PATH_MAPS,

  3599. 			rspamd_controller_handle_maps);

  3600. 	rspamd_http_router_add_path (ctx->http,

  3601. 			PATH_GET_MAP,

  3602. 			rspamd_controller_handle_get_map);

  3603. 	rspamd_http_router_add_path (ctx->http,

  3604. 			PATH_PIE_CHART,

  3605. 			rspamd_controller_handle_pie_chart);

  3606. 	rspamd_http_router_add_path (ctx->http,

  3607. 			PATH_GRAPH,

  3608. 			rspamd_controller_handle_graph);

  3609. 	rspamd_http_router_add_path (ctx->http,

  3610. 			PATH_HISTORY,

  3611. 			rspamd_controller_handle_history);

  3612. 	rspamd_http_router_add_path (ctx->http,

  3613. 			PATH_HISTORY_RESET,

  3614. 			rspamd_controller_handle_history_reset);

  3615. 	rspamd_http_router_add_path (ctx->http,

  3616. 			PATH_LEARN_SPAM,

  3617. 			rspamd_controller_handle_learnspam);

  3618. 	rspamd_http_router_add_path (ctx->http,

  3619. 			PATH_LEARN_HAM,

  3620. 			rspamd_controller_handle_learnham);

  3621. 	rspamd_http_router_add_path (ctx->http,

  3622. 			PATH_SAVE_ACTIONS,

  3623. 			rspamd_controller_handle_saveactions);

  3624. 	rspamd_http_router_add_path (ctx->http,

  3625. 			PATH_SAVE_SYMBOLS,

  3626. 			rspamd_controller_handle_savesymbols);

  3627. 	rspamd_http_router_add_path (ctx->http,

  3628. 			PATH_SAVE_MAP,

  3629. 			rspamd_controller_handle_savemap);

  3630. 	rspamd_http_router_add_path (ctx->http,

  3631. 			PATH_SCAN,

  3632. 			rspamd_controller_handle_scan);

  3633. 	rspamd_http_router_add_path (ctx->http,

  3634. 			PATH_CHECK,

  3635. 			rspamd_controller_handle_scan);

  3636. 	rspamd_http_router_add_path (ctx->http,

  3637. 			PATH_CHECKV2,

  3638. 			rspamd_controller_handle_scan);

  3639. 	rspamd_http_router_add_path (ctx->http,

  3640. 			PATH_STAT,

  3641. 			rspamd_controller_handle_stat);

  3642. 	rspamd_http_router_add_path (ctx->http,

  3643. 			PATH_STAT_RESET,

  3644. 			rspamd_controller_handle_statreset);

  3645. 	rspamd_http_router_add_path (ctx->http,

  3646. 			PATH_COUNTERS,

  3647. 			rspamd_controller_handle_counters);

  3648. 	rspamd_http_router_add_path (ctx->http,

  3649. 			PATH_ERRORS,

  3650. 			rspamd_controller_handle_errors);

  3651. 	rspamd_http_router_add_path (ctx->http,

  3652. 			PATH_NEIGHBOURS,

  3653. 			rspamd_controller_handle_neighbours);

  3654. 	rspamd_http_router_add_path (ctx->http,

  3655. 			PATH_PLUGINS,

  3656. 			rspamd_controller_handle_plugins);

  3657. 	rspamd_http_router_add_path (ctx->http,

  3658. 			PATH_PING,

  3659. 			rspamd_controller_handle_ping);

  3660. 	rspamd_controller_register_plugins_paths (ctx);

  3661. 

  3662. #if 0

  3663. 	rspamd_regexp_t *lua_re = rspamd_regexp_new ("^/.*/.*\\.lua$", NULL, NULL);

  3664. 	rspamd_http_router_add_regexp (ctx->http, lua_re,

  3665. 			rspamd_controller_handle_lua);

  3666. 	rspamd_regexp_unref (lua_re);

  3667. #endif

  3668. 	luaopen_controller (ctx->cfg->lua_state);

  3669. 

  3670. 	if (ctx->key) {

  3671. 		rspamd_http_router_set_key (ctx->http, ctx->key);

  3672. 	}

  3673. 

  3674. 	PTR_ARRAY_FOREACH (ctx->cfg->c_modules, i, mctx) {

  3675. 		if (mctx->mod->module_attach_controller_func != NULL) {

  3676. 			mctx->mod->module_attach_controller_func (mctx,

  3677. 					ctx->custom_commands);

  3678. 		}

  3679. 	}

  3680. 

  3681. 	g_hash_table_iter_init (&iter, ctx->custom_commands);

  3682. 	while (g_hash_table_iter_next (&iter, &key, &value)) {

  3683. 		rspamd_http_router_add_path (ctx->http,

  3684. 			key,

  3685. 			rspamd_controller_handle_custom);

  3686. 	}

  3687. 

  3688. 	if (worker->srv->cfg->neighbours && worker->srv->cfg->neighbours->len > 0) {

  3689. 		rspamd_http_router_add_header (ctx->http,

  3690. 				"Access-Control-Allow-Origin", "*");

  3691. 	}

  3692. 

  3693. 	/* Disable all results caching, see #3330 */

  3694. 	rspamd_http_router_add_header (ctx->http,

  3695. 			"Cache-Control", "no-store");

  3696. 

  3697. 	rspamd_http_router_set_unknown_handler (ctx->http,

  3698. 			rspamd_controller_handle_unknown);

  3699. 

  3700. 	ctx->resolver = rspamd_dns_resolver_init (worker->srv->logger,

  3701. 			ctx->event_loop,

  3702. 			worker->srv->cfg);

  3703. 

  3704. 	rspamd_upstreams_library_config (worker->srv->cfg, worker->srv->cfg->ups_ctx,

  3705. 			ctx->event_loop, ctx->resolver->r);

  3706. 	rspamd_symcache_start_refresh (worker->srv->cfg->cache, ctx->event_loop,

  3707. 			worker);

  3708. 	rspamd_stat_init (worker->srv->cfg, ctx->event_loop);

  3709. 	rspamd_worker_init_controller (worker, &ctx->rrd);

  3710. 	rspamd_lua_run_postloads (ctx->cfg->lua_state, ctx->cfg, ctx->event_loop, worker);

  3711. 

  3712. #ifdef WITH_HYPERSCAN

  3713. 	rspamd_control_worker_add_cmd_handler (worker,

  3714. 			RSPAMD_CONTROL_HYPERSCAN_LOADED,

  3715. 			rspamd_worker_hyperscan_ready,

  3716. 			NULL);

  3717. #endif

  3718. 

  3719. 	/* Start event loop */

  3720. 	ev_loop (ctx->event_loop, 0);

  3721. 	rspamd_worker_block_signals ();

  3722. 	rspamd_controller_on_terminate (worker, ctx->rrd);

  3723. 

  3724. 	rspamd_stat_close ();

  3725. 	rspamd_http_router_free (ctx->http);

  3726. 

  3727. 	if (ctx->cached_password.len > 0) {

  3728. 		m = (gpointer)ctx->cached_password.begin;

  3729. 		munmap (m, ctx->cached_password.len);

  3730. 	}

  3731. 

  3732. 	if (ctx->cached_enable_password.len > 0) {

  3733. 		m = (gpointer) ctx->cached_enable_password.begin;

  3734. 		munmap (m, ctx->cached_enable_password.len);

  3735. 	}

  3736. 

  3737. 	g_hash_table_unref (ctx->plugins);

  3738. 	g_hash_table_unref (ctx->custom_commands);

  3739. 

  3740. 	REF_RELEASE (ctx->cfg);

  3741. 	rspamd_log_close (worker->srv->logger);

  3742. 

  3743. 	exit (EXIT_SUCCESS);

  3744. }