aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/rspamd.c255
1 files changed, 8 insertions, 247 deletions
diff --git a/src/rspamd.c b/src/rspamd.c
index 5b4b3e2c3..88deef429 100644
--- a/src/rspamd.c
+++ b/src/rspamd.c
@@ -70,11 +70,8 @@
#endif
#ifdef HAVE_OPENSSL
-#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
#endif
#define msg_err_main(...) rspamd_default_log_function (G_LOG_LEVEL_CRITICAL, \
@@ -791,223 +788,21 @@ load_rspamd_config (struct rspamd_config *cfg, gboolean init_modules)
static gint
perform_lua_tests (struct rspamd_config *cfg)
{
- gint i, tests_num, res = EXIT_SUCCESS;
- gchar *cur_script;
- lua_State *L = cfg->lua_state;
-
- tests_num = g_strv_length (lua_tests);
-
- for (i = 0; i < tests_num; i++) {
-
- if (luaL_loadfile (L, lua_tests[i]) != 0) {
- msg_err_main ("load of %s failed: %s", lua_tests[i],
- lua_tostring (L, -1));
- res = EXIT_FAILURE;
- continue;
- }
-
- cur_script = g_strdup (lua_tests[i]);
- lua_pushstring (L, cur_script);
- lua_setglobal (L, "test_script");
- lua_pushstring (L, dirname (cur_script));
- lua_setglobal (L, "test_dir");
- g_free (cur_script);
-
- /* do the call (0 arguments, N result) */
- if (lua_pcall (L, 0, LUA_MULTRET, 0) != 0) {
- msg_info_main ("init of %s failed: %s", lua_tests[i], lua_tostring (L,
- -1));
- res = EXIT_FAILURE;
- continue;
- }
- if (lua_gettop (L) != 0) {
- if (lua_tonumber (L, -1) == -1) {
- msg_info_main ("%s returned -1 that indicates configuration error",
- lua_tests[i]);
- res = EXIT_FAILURE;
- continue;
- }
- lua_pop (L, lua_gettop (L));
- }
- }
-
- return res;
+ rspamd_fprintf (stderr, "use rspamadm lua for this operation\n");
+ return EXIT_FAILURE;
}
static gint
perform_configs_sign (void)
{
-#ifndef HAVE_OPENSSL
- msg_err_main ("cannot sign files without openssl support");
+ rspamd_fprintf (stderr, "use rspamadm sign for this operation\n");
return EXIT_FAILURE;
-#else
-# if (OPENSSL_VERSION_NUMBER < 0x10000000L)
- msg_err_main ("must have openssl at least 1.0.0 to perform this action");
- return EXIT_FAILURE;
-# else
- gint i, tests_num, res = EXIT_SUCCESS, fd;
- guint diglen;
- gchar *cur_file, in_file[PATH_MAX],
- out_file[PATH_MAX], dig[EVP_MAX_MD_SIZE];
- gsize siglen;
- struct stat st;
- gpointer map, sig;
- EVP_PKEY *key = NULL;
- BIO *fbio;
- EVP_PKEY_CTX *key_ctx = NULL;
- EVP_MD_CTX *sign_ctx = NULL;
-
- /* Load private key */
- fbio = BIO_new_file (privkey, "r");
- if (fbio == NULL) {
- msg_err_main ("cannot open private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
- if (!PEM_read_bio_PrivateKey (fbio, &key, rspamd_read_passphrase, NULL)) {
- msg_err_main ("cannot read private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
-
- key_ctx = EVP_PKEY_CTX_new (key, NULL);
- if (key_ctx == NULL) {
- msg_err_main ("cannot parse private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
-
- if (EVP_PKEY_sign_init (key_ctx) <= 0) {
- msg_err_main ("cannot parse private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
- if (EVP_PKEY_CTX_set_rsa_padding (key_ctx, RSA_PKCS1_PADDING) <= 0) {
- msg_err_main ("cannot init private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
- if (EVP_PKEY_CTX_set_signature_md (key_ctx, EVP_sha256 ()) <= 0) {
- msg_err_main ("cannot init signature private key %s, %s", privkey,
- ERR_error_string (ERR_get_error (), NULL));
- return ERR_get_error ();
- }
-
- sign_ctx = EVP_MD_CTX_create ();
-
- tests_num = g_strv_length (sign_configs);
-
- for (i = 0; i < tests_num; i++) {
- cur_file = sign_configs[i];
- if (realpath (cur_file, in_file) == NULL) {
- msg_err_main ("cannot resolve %s: %s", cur_file, strerror (errno));
- continue;
- }
- if (stat (in_file, &st) == -1) {
- msg_err_main ("cannot stat %s: %s", in_file, strerror (errno));
- continue;
- }
- if ((fd = open (in_file, O_RDONLY)) == -1) {
- msg_err_main ("cannot open %s: %s", in_file, strerror (errno));
- continue;
- }
-
- if ((map =
- mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd,
- 0)) == MAP_FAILED) {
- close (fd);
- msg_err_main ("cannot mmap %s: %s", in_file, strerror (errno));
- continue;
- }
-
- close (fd);
- /* Now try to sign */
- EVP_DigestInit (sign_ctx, EVP_sha256 ());
- EVP_DigestUpdate (sign_ctx, map, st.st_size);
- EVP_DigestFinal (sign_ctx, dig, &diglen);
-
- munmap (map, st.st_size);
-
- if (EVP_PKEY_sign (key_ctx, NULL, &siglen, dig, diglen) <= 0) {
- msg_err_main ("cannot sign %s using private key %s, %s",
- in_file,
- privkey,
- ERR_error_string (ERR_get_error (), NULL));
- continue;
- }
-
- sig = OPENSSL_malloc (siglen);
- if (EVP_PKEY_sign (key_ctx, sig, &siglen, dig, diglen) <= 0) {
- msg_err_main ("cannot sign %s using private key %s, %s",
- in_file,
- privkey,
- ERR_error_string (ERR_get_error (), NULL));
- OPENSSL_free (sig);
- continue;
- }
-
- rspamd_snprintf (out_file, sizeof (out_file), "%s.sig", in_file);
- fd = open (out_file, O_WRONLY | O_CREAT | O_TRUNC, 00644);
- if (fd == -1) {
- msg_err_main ("cannot open output file %s: %s", out_file, strerror (
- errno));
- OPENSSL_free (sig);
- continue;
- }
- if (write (fd, sig, siglen) == -1) {
- msg_err_main ("cannot write to output file %s: %s", out_file,
- strerror (errno));
- }
- OPENSSL_free (sig);
- close (fd);
- }
-
- /* Cleanup */
- EVP_MD_CTX_destroy (sign_ctx);
- EVP_PKEY_CTX_free (key_ctx);
- EVP_PKEY_free (key);
- BIO_free (fbio);
-
- return res;
-# endif
-#endif
}
static void
do_encrypt_password (void)
{
- const struct rspamd_controller_pbkdf *pbkdf;
- guchar *salt, *key;
- gchar *encoded_salt, *encoded_key;
- gchar password[8192];
- gsize plen;
-
- pbkdf = &pbkdf_list[0];
- g_assert (pbkdf != NULL);
-
- plen = rspamd_read_passphrase (password, sizeof (password), 0, NULL);
-
- if (plen == 0) {
- fprintf (stderr, "Invalid password\n");
- exit (EXIT_FAILURE);
- }
-
- salt = g_alloca (pbkdf->salt_len);
- key = g_alloca (pbkdf->key_len);
- ottery_rand_bytes (salt, pbkdf->salt_len);
- /* Derive key */
- rspamd_cryptobox_pbkdf (password, strlen (password),
- salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->rounds);
-
- encoded_salt = rspamd_encode_base32 (salt, pbkdf->salt_len);
- encoded_key = rspamd_encode_base32 (key, pbkdf->key_len);
-
- rspamd_printf ("$%d$%s$%s\n", pbkdf->id, encoded_salt,
- encoded_key);
-
- g_free (encoded_salt);
- g_free (encoded_key);
- rspamd_explicit_memzero (password, sizeof (password));
+ rspamd_fprintf (stderr, "use rspamadm pw for this operation\n");
}
/* Signal handlers */
@@ -1134,8 +929,6 @@ main (gint argc, gchar **argv, gchar **env)
struct sigaction signals, sigpipe_act;
worker_t **pworker;
GQuark type;
- gpointer keypair;
- GString *keypair_out;
rspamd_inet_addr_t *control_addr = NULL;
struct event_base *ev_base;
struct event term_ev, int_ev, cld_ev, hup_ev, usr1_ev, control_ev;
@@ -1228,16 +1021,8 @@ main (gint argc, gchar **argv, gchar **env)
/* Same for keypair creation */
if (gen_keypair) {
- keypair = rspamd_http_connection_gen_key ();
- if (keypair == NULL) {
- exit (EXIT_FAILURE);
- }
- keypair_out = rspamd_http_connection_print_key (keypair,
- RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_PRIVKEY |
- RSPAMD_KEYPAIR_ID |
- RSPAMD_KEYPAIR_BASE32 | RSPAMD_KEYPAIR_HUMAN);
- rspamd_printf ("%v", keypair_out);
- exit (EXIT_SUCCESS);
+ rspamd_fprintf (stderr, "use rspamadm keypair for this operation\n");
+ exit (EXIT_FAILURE);
}
if (encrypt_password) {
@@ -1246,32 +1031,8 @@ main (gint argc, gchar **argv, gchar **env)
}
if (rspamd_main->cfg->config_test || dump_cache) {
- if (!load_rspamd_config (rspamd_main->cfg, FALSE)) {
- exit (EXIT_FAILURE);
- }
-
- res = TRUE;
-
- rspamd_symbols_cache_init (rspamd_main->cfg->cache);
-
- if (!rspamd_init_filters (rspamd_main->cfg, FALSE)) {
- res = FALSE;
- }
-
- /* Insert classifiers symbols */
- rspamd_config_insert_classify_symbols (rspamd_main->cfg);
-
- if (!rspamd_symbols_cache_validate (rspamd_main->cfg->cache,
- rspamd_main->cfg,
- FALSE)) {
- res = FALSE;
- }
- if (dump_cache) {
- msg_err_main ("Use rspamc counters for dumping cache");
- exit (EXIT_FAILURE);
- }
- fprintf (stderr, "syntax %s\n", res ? "OK" : "BAD");
- return res ? EXIT_SUCCESS : EXIT_FAILURE;
+ rspamd_fprintf (stderr, "use rspamadm configtest for this operation\n");
+ exit (EXIT_FAILURE);
}
/* Load config */