aboutsummaryrefslogtreecommitdiffstats
path: root/src/controller.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/controller.c')
-rw-r--r--src/controller.c169
1 files changed, 106 insertions, 63 deletions
diff --git a/src/controller.c b/src/controller.c
index b92f1e5ff..3907b2755 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -58,6 +58,39 @@
#define PATH_STAT_RESET "/statreset"
#define PATH_COUNTERS "/counters"
+#define msg_err_session(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \
+ session->pool->tag.tagname, session->pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_warn_session(...) rspamd_default_log_function (G_LOG_LEVEL_WARNING, \
+ session->pool->tag.tagname, session->pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_info_session(...) rspamd_default_log_function (G_LOG_LEVEL_INFO, \
+ session->pool->tag.tagname, session->pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_debug_session(...) rspamd_default_log_function (G_LOG_LEVEL_DEBUG, \
+ session->pool->tag.tagname, session->pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_err_ctx(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \
+ "controller", ctx->cfg->cfg_pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_warn_ctx(...) rspamd_default_log_function (G_LOG_LEVEL_WARNING, \
+ "controller", ctx->cfg->cfg_pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_info_ctx(...) rspamd_default_log_function (G_LOG_LEVEL_INFO, \
+ "controller", ctx->cfg->cfg_pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+#define msg_debug_ctx(...) rspamd_default_log_function (G_LOG_LEVEL_DEBUG, \
+ "controller", ctx->cfg->cfg_pool->tag.uid, \
+ G_STRFUNC, \
+ __VA_ARGS__)
+
/* Graph colors */
#define COLOR_CLEAN "#58A458"
#define COLOR_PROBABLE_SPAM "#D67E7E"
@@ -233,8 +266,10 @@ rspamd_encrypted_password_get_str (const gchar * password, gsize skip,
return str;
}
-static gboolean rspamd_check_encrypted_password (const GString * password,
- const gchar * check, const struct rspamd_controller_pbkdf *pbkdf)
+static gboolean
+rspamd_check_encrypted_password (struct rspamd_controller_worker_ctx *ctx,
+ const GString * password, const gchar * check,
+ const struct rspamd_controller_pbkdf *pbkdf)
{
const gchar *salt, *hash;
gchar *salt_decoded, *key_decoded;
@@ -255,7 +290,7 @@ static gboolean rspamd_check_encrypted_password (const GString * password,
if (salt_decoded == NULL || salt_len != pbkdf->salt_len) {
/* We have some unknown salt here */
- msg_info ("incorrect salt: %z, while %z expected",
+ msg_info_ctx ("incorrect salt: %z, while %z expected",
salt_len, pbkdf->salt_len);
return FALSE;
}
@@ -264,7 +299,7 @@ static gboolean rspamd_check_encrypted_password (const GString * password,
if (key_decoded == NULL || key_len != pbkdf->key_len) {
/* We have some unknown salt here */
- msg_info ("incorrect key: %z, while %z expected",
+ msg_info_ctx ("incorrect key: %z, while %z expected",
key_len, pbkdf->key_len);
return FALSE;
}
@@ -275,7 +310,7 @@ static gboolean rspamd_check_encrypted_password (const GString * password,
local_key, pbkdf->key_len, pbkdf->rounds);
if (!rspamd_constant_memcmp (key_decoded, local_key, pbkdf->key_len)) {
- msg_info ("incorrect or absent password has been specified");
+ msg_info_ctx ("incorrect or absent password has been specified");
ret = FALSE;
}
@@ -302,13 +337,13 @@ static gboolean rspamd_controller_check_password(
/* Access list logic */
if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {
- msg_info ("allow unauthorized connection from a unix socket");
+ msg_info_session ("allow unauthorized connection from a unix socket");
return TRUE;
}
else if (ctx->secure_map
&& radix_find_compressed_addr (ctx->secure_map, session->from_addr)
!= RADIX_NO_VALUE) {
- msg_info ("allow unauthorized connection from a trusted IP %s",
+ msg_info_session ("allow unauthorized connection from a trusted IP %s",
rspamd_inet_address_to_string (session->from_addr));
return TRUE;
}
@@ -341,7 +376,7 @@ static gboolean rspamd_controller_check_password(
return TRUE;
}
}
- msg_info ("absent password has been specified");
+ msg_info_session ("absent password has been specified");
ret = FALSE;
}
else {
@@ -361,12 +396,12 @@ static gboolean rspamd_controller_check_password(
ret = rspamd_constant_memcmp (password->str, check, password->len);
}
else {
- ret = rspamd_check_encrypted_password (password, check,
+ ret = rspamd_check_encrypted_password (ctx, password, check,
pbkdf);
}
}
else {
- msg_warn (
+ msg_warn_session (
"no password to check while executing a privileged command");
if (ctx->secure_map) {
msg_info("deny unauthorized connection");
@@ -384,7 +419,8 @@ static gboolean rspamd_controller_check_password(
password->len);
}
else {
- check_normal = rspamd_check_encrypted_password (password,
+ check_normal = rspamd_check_encrypted_password (ctx,
+ password,
check, pbkdf);
}
@@ -399,7 +435,8 @@ static gboolean rspamd_controller_check_password(
password->len);
}
else {
- check_enable = rspamd_check_encrypted_password (password,
+ check_enable = rspamd_check_encrypted_password (ctx,
+ password,
check, pbkdf);
}
}
@@ -705,14 +742,14 @@ rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,
idstr = rspamd_http_message_find_header (msg, "Map");
if (idstr == NULL) {
- msg_info ("absent map id");
+ msg_info_session ("absent map id");
rspamd_controller_send_error (conn_ent, 400, "400 id header missing");
return 0;
}
id = strtoul (idstr->str, &errstr, 10);
if (*errstr != '\0' && !g_ascii_isspace (*errstr)) {
- msg_info ("invalid map id");
+ msg_info_session ("invalid map id");
rspamd_controller_send_error (conn_ent, 400, "400 invalid map id");
return 0;
}
@@ -729,13 +766,13 @@ rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,
}
if (!found) {
- msg_info ("map not found");
+ msg_info_session ("map not found");
rspamd_controller_send_error (conn_ent, 404, "404 map not found");
return 0;
}
if (stat (map->uri, &st) == -1 || (fd = open (map->uri, O_RDONLY)) == -1) {
- msg_err ("cannot open map %s: %s", map->uri, strerror (errno));
+ msg_err_session ("cannot open map %s: %s", map->uri, strerror (errno));
rspamd_controller_send_error (conn_ent, 500, "500 map open error");
return 0;
}
@@ -749,7 +786,7 @@ rspamd_controller_handle_get_map (struct rspamd_http_connection_entry *conn_ent,
if (read (fd, reply->body->str, st.st_size) == -1) {
close (fd);
rspamd_http_message_free (reply);
- msg_err ("cannot read map %s: %s", map->uri, strerror (errno));
+ msg_err_session ("cannot read map %s: %s", map->uri, strerror (errno));
rspamd_controller_send_error (conn_ent, 500, "500 map read error");
return 0;
}
@@ -950,13 +987,13 @@ rspamd_controller_learn_fin_task (void *ud)
if (rspamd_learn_task_spam (session->cl, task, session->is_spam, &err) ==
RSPAMD_STAT_PROCESS_ERROR) {
- msg_info ("cannot learn <%s>: %e", task->message_id, err);
+ msg_info_session ("cannot learn <%s>: %e", task->message_id, err);
rspamd_controller_send_error (conn_ent, err->code, err->message);
return TRUE;
}
/* Successful learn */
- msg_info ("<%s> learned message as %s: %s",
+ msg_info_session ("<%s> learned message as %s: %s",
rspamd_inet_address_to_string (session->from_addr),
session->is_spam ? "spam" : "ham",
task->message_id);
@@ -1010,7 +1047,7 @@ rspamd_controller_handle_learn_common (
}
if (msg->body == NULL || msg->body->len == 0) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1047,7 +1084,7 @@ rspamd_controller_handle_learn_common (
}
if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_LEARN)) {
- msg_warn ("message cannot be processed for %s", task->message_id);
+ msg_warn_session ("message cannot be processed for %s", task->message_id);
rspamd_controller_send_error (conn_ent, task->err->code, task->err->message);
rspamd_session_destroy (task->s);
return 0;
@@ -1112,7 +1149,7 @@ rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,
}
if (msg->body == NULL || msg->body->len == 0) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1141,7 +1178,7 @@ rspamd_controller_handle_scan (struct rspamd_http_connection_entry *conn_ent,
}
if (!rspamd_task_process (task, RSPAMD_TASK_PROCESS_ALL)) {
- msg_warn ("message cannot be processed for %s", task->message_id);
+ msg_warn_session ("message cannot be processed for %s", task->message_id);
rspamd_controller_send_error (conn_ent, task->err->code, task->err->message);
rspamd_session_destroy (task->s);
return 0;
@@ -1184,7 +1221,7 @@ rspamd_controller_handle_saveactions (
}
if (msg->body == NULL || msg->body->len == 0) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1193,7 +1230,7 @@ rspamd_controller_handle_saveactions (
metric = g_hash_table_lookup (ctx->cfg->metrics, DEFAULT_METRIC);
if (metric == NULL) {
- msg_err ("cannot find default metric");
+ msg_err_session ("cannot find default metric");
rspamd_controller_send_error (conn_ent, 500,
"Default metric is absent");
return 0;
@@ -1201,7 +1238,7 @@ rspamd_controller_handle_saveactions (
/* Now check for dynamic config */
if (!ctx->cfg->dynamic_conf) {
- msg_err ("dynamic conf has not been defined");
+ msg_err_session ("dynamic conf has not been defined");
rspamd_controller_send_error (conn_ent,
500,
"No dynamic_rules setting defined");
@@ -1212,7 +1249,7 @@ rspamd_controller_handle_saveactions (
ucl_parser_add_chunk (parser, msg->body->str, msg->body->len);
if ((error = ucl_parser_get_error (parser)) != NULL) {
- msg_err ("cannot parse input: %s", error);
+ msg_err_session ("cannot parse input: %s", error);
rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
ucl_parser_free (parser);
return 0;
@@ -1222,7 +1259,7 @@ rspamd_controller_handle_saveactions (
ucl_parser_free (parser);
if (obj->type != UCL_ARRAY || obj->len != 3) {
- msg_err ("input is not an array of 3 elements");
+ msg_err_session ("input is not an array of 3 elements");
rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
ucl_object_unref (obj);
return 0;
@@ -1252,7 +1289,7 @@ rspamd_controller_handle_saveactions (
}
if (dump_dynamic_config (ctx->cfg)) {
- msg_info ("<%s> modified %d actions",
+ msg_info_session ("<%s> modified %d actions",
rspamd_inet_address_to_string (session->from_addr),
added);
@@ -1298,7 +1335,7 @@ rspamd_controller_handle_savesymbols (
}
if (msg->body == NULL || msg->body->len == 0) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1307,7 +1344,7 @@ rspamd_controller_handle_savesymbols (
metric = g_hash_table_lookup (ctx->cfg->metrics, DEFAULT_METRIC);
if (metric == NULL) {
- msg_err ("cannot find default metric");
+ msg_err_session ("cannot find default metric");
rspamd_controller_send_error (conn_ent, 500,
"Default metric is absent");
return 0;
@@ -1315,7 +1352,7 @@ rspamd_controller_handle_savesymbols (
/* Now check for dynamic config */
if (!ctx->cfg->dynamic_conf) {
- msg_err ("dynamic conf has not been defined");
+ msg_err_session ("dynamic conf has not been defined");
rspamd_controller_send_error (conn_ent,
500,
"No dynamic_rules setting defined");
@@ -1326,7 +1363,7 @@ rspamd_controller_handle_savesymbols (
ucl_parser_add_chunk (parser, msg->body->str, msg->body->len);
if ((error = ucl_parser_get_error (parser)) != NULL) {
- msg_err ("cannot parse input: %s", error);
+ msg_err_session ("cannot parse input: %s", error);
rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
ucl_parser_free (parser);
return 0;
@@ -1336,7 +1373,7 @@ rspamd_controller_handle_savesymbols (
ucl_parser_free (parser);
if (obj->type != UCL_ARRAY) {
- msg_err ("input is not an array");
+ msg_err_session ("input is not an array");
rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
ucl_object_unref (obj);
return 0;
@@ -1344,7 +1381,7 @@ rspamd_controller_handle_savesymbols (
while ((cur = ucl_iterate_object (obj, &iter, true))) {
if (cur->type != UCL_OBJECT) {
- msg_err ("json array data error");
+ msg_err_session ("json array data error");
rspamd_controller_send_error (conn_ent, 400, "Cannot parse input");
ucl_object_unref (obj);
return 0;
@@ -1357,7 +1394,7 @@ rspamd_controller_handle_savesymbols (
if (sym && fabs (*sym->weight_ptr - val) > 0.01) {
if (!add_dynamic_symbol (ctx->cfg, DEFAULT_METRIC,
ucl_object_tostring (jname), val)) {
- msg_err ("add symbol failed for %s",
+ msg_err_session ("add symbol failed for %s",
ucl_object_tostring (jname));
rspamd_controller_send_error (conn_ent, 506,
"Add symbol failed");
@@ -1370,7 +1407,7 @@ rspamd_controller_handle_savesymbols (
if (added > 0) {
if (dump_dynamic_config (ctx->cfg)) {
- msg_info ("<%s> modified %d symbols",
+ msg_info_session ("<%s> modified %d symbols",
rspamd_inet_address_to_string (session->from_addr),
added);
@@ -1381,7 +1418,7 @@ rspamd_controller_handle_savesymbols (
}
}
else {
- msg_err ("no symbols to save");
+ msg_err_session ("no symbols to save");
rspamd_controller_send_error (conn_ent, 404, "No symbols to save");
}
@@ -1418,7 +1455,7 @@ rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,
}
if (msg->body == NULL || msg->body->len == 0) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1428,14 +1465,14 @@ rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,
idstr = rspamd_http_message_find_header (msg, "Map");
if (idstr == NULL) {
- msg_info ("absent map id");
+ msg_info_session ("absent map id");
rspamd_controller_send_error (conn_ent, 400, "Map id not specified");
return 0;
}
id = strtoul (idstr->str, &errstr, 10);
if (*errstr != '\0' && !g_ascii_isspace (*errstr)) {
- msg_info ("invalid map id: %V", idstr);
+ msg_info_session ("invalid map id: %V", idstr);
rspamd_controller_send_error (conn_ent, 400, "Map id is invalid");
return 0;
}
@@ -1452,13 +1489,13 @@ rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,
}
if (!found) {
- msg_info ("map not found: %d", id);
+ msg_info_session ("map not found: %d", id);
rspamd_controller_send_error (conn_ent, 404, "Map id not found");
return 0;
}
if (g_atomic_int_get (map->locked)) {
- msg_info ("map locked: %s", map->uri);
+ msg_info_session ("map locked: %s", map->uri);
rspamd_controller_send_error (conn_ent, 404, "Map is locked");
return 0;
}
@@ -1468,20 +1505,20 @@ rspamd_controller_handle_savemap (struct rspamd_http_connection_entry *conn_ent,
fd = open (map->uri, O_WRONLY | O_TRUNC);
if (fd == -1) {
g_atomic_int_set (map->locked, 0);
- msg_info ("map %s open error: %s", map->uri, strerror (errno));
+ msg_info_session ("map %s open error: %s", map->uri, strerror (errno));
rspamd_controller_send_error (conn_ent, 404, "Map id not found");
return 0;
}
if (write (fd, msg->body->str, msg->body->len) == -1) {
- msg_info ("map %s write error: %s", map->uri, strerror (errno));
+ msg_info_session ("map %s write error: %s", map->uri, strerror (errno));
close (fd);
g_atomic_int_set (map->locked, 0);
rspamd_controller_send_error (conn_ent, 500, "Map write error");
return 0;
}
- msg_info ("<%s>, map %s saved",
+ msg_info_session ("<%s>, map %s saved",
rspamd_inet_address_to_string (session->from_addr),
map->uri);
/* Close and unlock */
@@ -1697,7 +1734,7 @@ rspamd_controller_handle_statreset (
return 0;
}
- msg_info ("<%s> reset stat",
+ msg_info_session ("<%s> reset stat",
rspamd_inet_address_to_string (session->from_addr));
return rspamd_controller_handle_stat_common (conn_ent, msg, TRUE);
}
@@ -1745,7 +1782,7 @@ rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,
cmd = g_hash_table_lookup (session->ctx->custom_commands, msg->url->str);
if (cmd == NULL || cmd->handler == NULL) {
- msg_err ("custom command %V has not been found", msg->url);
+ msg_err_session ("custom command %V has not been found", msg->url);
rspamd_controller_send_error (conn_ent, 404, "No command associated");
return 0;
}
@@ -1755,7 +1792,7 @@ rspamd_controller_handle_custom (struct rspamd_http_connection_entry *conn_ent,
return 0;
}
if (cmd->require_message && (msg->body == NULL || msg->body->len == 0)) {
- msg_err ("got zero length body, cannot continue");
+ msg_err_session ("got zero length body, cannot continue");
rspamd_controller_send_error (conn_ent,
400,
"Empty body is not permitted");
@@ -1769,7 +1806,9 @@ static void
rspamd_controller_error_handler (struct rspamd_http_connection_entry *conn_ent,
GError *err)
{
- msg_err ("http error occurred: %s", err->message);
+ struct rspamd_controller_session *session = conn_ent->ud;
+
+ msg_err_session ("http error occurred: %s", err->message);
}
static void
@@ -1794,7 +1833,7 @@ rspamd_controller_accept_socket (gint fd, short what, void *arg)
{
struct rspamd_worker *worker = (struct rspamd_worker *) arg;
struct rspamd_controller_worker_ctx *ctx;
- struct rspamd_controller_session *nsession;
+ struct rspamd_controller_session *session;
rspamd_inet_addr_t *addr;
gint nfd;
@@ -1802,7 +1841,7 @@ rspamd_controller_accept_socket (gint fd, short what, void *arg)
if ((nfd =
rspamd_accept_from_socket (fd, &addr)) == -1) {
- msg_warn ("accept failed: %s", strerror (errno));
+ msg_warn_ctx ("accept failed: %s", strerror (errno));
return;
}
/* Check for EAGAIN */
@@ -1810,17 +1849,19 @@ rspamd_controller_accept_socket (gint fd, short what, void *arg)
return;
}
- nsession = g_slice_alloc0 (sizeof (struct rspamd_controller_session));
- nsession->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (), NULL);
- nsession->ctx = ctx;
+ session = g_slice_alloc0 (sizeof (struct rspamd_controller_session));
+ session->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (),
+ "csession");
+ session->ctx = ctx;
- nsession->from_addr = addr;
+ session->from_addr = addr;
- rspamd_http_router_handle_socket (ctx->http, nfd, nsession);
+ rspamd_http_router_handle_socket (ctx->http, nfd, session);
}
static void
-rspamd_controller_password_sane (const gchar *password, const gchar *type)
+rspamd_controller_password_sane (struct rspamd_controller_worker_ctx *ctx,
+ const gchar *password, const gchar *type)
{
const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0];
GString *msg;
@@ -1828,7 +1869,8 @@ rspamd_controller_password_sane (const gchar *password, const gchar *type)
gchar *encoded_salt, *encoded_key;
if (password == NULL) {
- msg_warn ("%s is not set, so you should filter controller availability "
+ msg_warn_ctx ("%s is not set, so you should filter controller "
+ "availability "
"by using of firewall or `secure_ip` option", type);
return;
}
@@ -1854,7 +1896,7 @@ rspamd_controller_password_sane (const gchar *password, const gchar *type)
rspamd_printf_gstring (msg, "$%d$%s$%s", pbkdf->id, encoded_salt,
encoded_key);
- msg_warn ("%v", msg);
+ msg_warn_ctx ("%v", msg);
g_string_free (msg, TRUE);
g_free (encoded_salt);
@@ -1953,7 +1995,7 @@ start_controller_worker (struct rspamd_worker *worker)
/* Fallback to the plain IP */
if (!radix_add_generic_iplist (secure_ip,
&ctx->secure_map)) {
- msg_warn ("cannot load or parse ip list from '%s'",
+ msg_warn_ctx ("cannot load or parse ip list from '%s'",
secure_ip);
}
}
@@ -1961,8 +2003,9 @@ start_controller_worker (struct rspamd_worker *worker)
}
}
- rspamd_controller_password_sane (ctx->password, "normal password");
- rspamd_controller_password_sane (ctx->enable_password, "enable password");
+ rspamd_controller_password_sane (ctx, ctx->password, "normal password");
+ rspamd_controller_password_sane (ctx, ctx->enable_password, "enable "
+ "password");
/* Accept event */
cache = rspamd_keypair_cache_new (256);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 00:48:07 +0000