diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-02-12 15:02:41 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-02-12 15:02:41 +0000 |
commit | 1485bf2c42c3104696ec3a6c5e61ebe627a71c21 (patch) | |
tree | daff0411f4abfe503975ae34f29f1c6628594819 | |
parent | a84fef624d9de5faf21bcc393cb4156c4a65a010 (diff) | |
download | rspamd-1485bf2c42c3104696ec3a6c5e61ebe627a71c21.tar.gz rspamd-1485bf2c42c3104696ec3a6c5e61ebe627a71c21.zip |
[Rework] Move local IPs check
-rw-r--r-- | src/client/rspamc.c | 12 | ||||
-rw-r--r-- | src/libserver/cfg_file.h | 6 | ||||
-rw-r--r-- | src/libserver/cfg_utils.c | 25 | ||||
-rw-r--r-- | src/libutil/addr.c | 23 | ||||
-rw-r--r-- | src/libutil/addr.h | 20 | ||||
-rw-r--r-- | src/lua/lua_ip.c | 21 | ||||
-rw-r--r-- | src/plugins/dkim_check.c | 2 | ||||
-rw-r--r-- | src/rspamd.h | 4 | ||||
-rw-r--r-- | src/rspamd_proxy.c | 5 | ||||
-rw-r--r-- | src/worker.c | 2 |
10 files changed, 78 insertions, 42 deletions
diff --git a/src/client/rspamc.c b/src/client/rspamc.c index f759ec610..6947d5604 100644 --- a/src/client/rspamc.c +++ b/src/client/rspamc.c @@ -17,6 +17,7 @@ #include "libutil/util.h" #include "libserver/http/http_connection.h" #include "libserver/http/http_private.h" +#include "libserver/cfg_file.h" #include "rspamdclient.h" #include "utlist.h" #include "unix-std.h" @@ -168,17 +169,6 @@ static GOptionEntry entries[] = { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL } }; -/* Copy to avoid linking with librspamdserver */ -enum rspamd_action_type { - METRIC_ACTION_REJECT = 0, - METRIC_ACTION_SOFT_REJECT, - METRIC_ACTION_REWRITE_SUBJECT, - METRIC_ACTION_ADD_HEADER, - METRIC_ACTION_GREYLIST, - METRIC_ACTION_NOACTION, - METRIC_ACTION_MAX -}; - static void rspamc_symbols_output (FILE *out, ucl_object_t *obj); static void rspamc_uptime_output (FILE *out, ucl_object_t *obj); static void rspamc_counters_output (FILE *out, ucl_object_t *obj); diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h index 4a8ab5bfc..1d782dd8b 100644 --- a/src/libserver/cfg_file.h +++ b/src/libserver/cfg_file.h @@ -846,6 +846,12 @@ gboolean rspamd_libs_reset_compression (struct rspamd_external_libs_ctx *ctx); void rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx); /** + * Returns TRUE if an address belongs to some local address + */ +gboolean rspamd_ip_is_local_cfg (struct rspamd_config *cfg, + const rspamd_inet_addr_t *addr); + +/** * Configure libraries */ gboolean rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c index 204e9bd55..d8237b88e 100644 --- a/src/libserver/cfg_utils.c +++ b/src/libserver/cfg_utils.c @@ -2998,4 +2998,27 @@ rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx) g_free (ctx); } -}
\ No newline at end of file +} + +gboolean +rspamd_ip_is_local_cfg (struct rspamd_config *cfg, + const rspamd_inet_addr_t *addr) +{ + struct rspamd_radix_map_helper *local_addrs = NULL; + + if (cfg && cfg->libs_ctx) { + local_addrs = *(struct rspamd_radix_map_helper**)cfg->libs_ctx->local_addrs; + } + + if (rspamd_inet_address_is_local (addr)) { + return TRUE; + } + + if (local_addrs) { + if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) { + return TRUE; + } + } + + return FALSE; +} diff --git a/src/libutil/addr.c b/src/libutil/addr.c index c0cb2d19d..4a540fefc 100644 --- a/src/libutil/addr.c +++ b/src/libutil/addr.c @@ -16,10 +16,6 @@ #include "config.h" #include "addr.h" #include "util.h" -/* - * TODO: fix this cross dependency! - */ -#include "libserver/maps/map_helpers.h" #include "logger.h" #include "cryptobox.h" #include "unix-std.h" @@ -32,7 +28,7 @@ #include <grp.h> #endif -static struct rspamd_radix_map_helper *local_addrs; +static void *local_addrs; enum { RSPAMD_IPV6_UNDEFINED = 0, @@ -1879,8 +1875,7 @@ rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b) #endif gboolean -rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr, - gboolean check_laddrs) +rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr) { if (addr == NULL) { return FALSE; @@ -1904,23 +1899,23 @@ rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr, return TRUE; } } - - if (check_laddrs && local_addrs) { - if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) { - return TRUE; - } - } } return FALSE; } -struct rspamd_radix_map_helper ** +void ** rspamd_inet_library_init (void) { return &local_addrs; } +void * +rspamd_inet_library_get_lib_ctx (void) +{ + return local_addrs; +} + void rspamd_inet_library_destroy (void) { diff --git a/src/libutil/addr.h b/src/libutil/addr.h index 6a33ad7ec..c0910ad03 100644 --- a/src/libutil/addr.h +++ b/src/libutil/addr.h @@ -44,10 +44,19 @@ extern "C" { */ typedef struct rspamd_inet_addr_s rspamd_inet_addr_t; -struct rspamd_radix_map_helper; - -struct rspamd_radix_map_helper **rspamd_inet_library_init (void); - +/** + * Returns pointer storage for global singleton (map for local addresses) + * @return + */ +void **rspamd_inet_library_init (void); +/** + * Returns local addresses singleton + * @return + */ +void *rspamd_inet_library_get_lib_ctx (void); +/** + * Cleanup library (currently it does nothing) + */ void rspamd_inet_library_destroy (void); /** @@ -323,8 +332,7 @@ gboolean rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b); /** * Returns TRUE if an address belongs to some local address */ -gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr, - gboolean check_laddrs); +gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr); /** * Returns size of storage required to store a complete IP address diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c index fb6845519..2604aa100 100644 --- a/src/lua/lua_ip.c +++ b/src/lua/lua_ip.c @@ -14,6 +14,7 @@ * limitations under the License. */ #include "lua_common.h" +#include "libserver/maps/map_helpers.h" /*** * @module rspamd_ip @@ -530,8 +531,24 @@ lua_ip_is_local (lua_State *L) check_laddrs = lua_toboolean (L, 2); } - lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr, - check_laddrs)); + if ( rspamd_inet_address_is_local (ip->addr)) { + lua_pushboolean (L, true); + + return 1; + } + else if (check_laddrs) { + struct rspamd_radix_map_helper *local_addrs = + rspamd_inet_library_get_lib_ctx (); + if (local_addrs) { + if (rspamd_match_radix_map_addr (local_addrs, ip->addr) != NULL) { + lua_pushboolean (L, true); + + return 1; + } + } + } + + lua_pushboolean (L, false); } else { lua_pushnil (L); diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c index 9313b643f..da7e092f7 100644 --- a/src/plugins/dkim_check.c +++ b/src/plugins/dkim_check.c @@ -1144,7 +1144,7 @@ dkim_symbol_callback (struct rspamd_task *task, /* First check if plugin should be enabled */ if ((!dkim_module_ctx->check_authed && task->user != NULL) || (!dkim_module_ctx->check_local && - rspamd_inet_address_is_local (task->from_addr, TRUE))) { + rspamd_ip_is_local_cfg (task->cfg, task->from_addr))) { msg_info_task ("skip DKIM checks for local networks and authorized users"); rspamd_symcache_finalize_item (task, item); diff --git a/src/rspamd.h b/src/rspamd.h index be96f0755..8885480c2 100644 --- a/src/rspamd.h +++ b/src/rspamd.h @@ -354,10 +354,8 @@ struct zstd_dictionary { guint id; }; -struct rspamd_radix_map_helper; - struct rspamd_external_libs_ctx { - struct rspamd_radix_map_helper **local_addrs; + void **local_addrs; struct rspamd_cryptobox_library_ctx *crypto_ctx; struct ottery_config *ottery_cfg; SSL_CTX *ssl_ctx; diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c index f1a557133..e9ce9ef5e 100644 --- a/src/rspamd_proxy.c +++ b/src/rspamd_proxy.c @@ -1415,8 +1415,7 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session) } if (m->local || - rspamd_inet_address_is_local ( - rspamd_upstream_addr_cur (bk_conn->up), FALSE)) { + rspamd_inet_address_is_local (rspamd_upstream_addr_cur (bk_conn->up))) { if (session->fname) { rspamd_http_message_add_header (msg, "File", session->fname); @@ -1951,7 +1950,7 @@ retry: if (backend->local || rspamd_inet_address_is_local ( rspamd_upstream_addr_cur ( - session->master_conn->up), FALSE)) { + session->master_conn->up))) { if (session->fname) { rspamd_http_message_add_header (msg, "File", session->fname); diff --git a/src/worker.c b/src/worker.c index 4cfe27771..ad7f12674 100644 --- a/src/worker.c +++ b/src/worker.c @@ -371,7 +371,7 @@ accept_socket (EV_P_ ev_io *w, int revents) session->ctx = ctx; session->worker = worker; - if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) { + if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr)) { http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION; } |