diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/client/rspamdclient.c | 3 | ||||
-rw-r--r-- | src/fuzzy_storage.c | 12 | ||||
-rw-r--r-- | src/libserver/rspamd_control.c | 9 | ||||
-rw-r--r-- | src/libutil/http.c | 136 | ||||
-rw-r--r-- | src/libutil/http.h | 65 | ||||
-rw-r--r-- | src/libutil/map.c | 10 | ||||
-rw-r--r-- | src/libutil/ssl_util.c | 2 | ||||
-rw-r--r-- | src/lua/lua_http.c | 10 | ||||
-rw-r--r-- | src/plugins/surbl.c | 7 | ||||
-rw-r--r-- | src/rspamadm/control.c | 10 | ||||
-rw-r--r-- | src/rspamd_proxy.c | 23 | ||||
-rw-r--r-- | src/worker.c | 14 |
12 files changed, 203 insertions, 98 deletions
diff --git a/src/client/rspamdclient.c b/src/client/rspamdclient.c index 5932da38b..753f64c74 100644 --- a/src/client/rspamdclient.c +++ b/src/client/rspamdclient.c @@ -167,7 +167,8 @@ rspamd_client_init (struct event_base *ev_base, const gchar *name, rspamd_client_finish_handler, 0, RSPAMD_HTTP_CLIENT, - conn->keys_cache); + conn->keys_cache, + NULL); conn->server_name = g_string_new (name); if (port != 0) { diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index b49a35984..04498f84d 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -363,13 +363,13 @@ rspamd_fuzzy_send_update_mirror (struct rspamd_fuzzy_storage_ctx *ctx, msg = rspamd_http_new_message (HTTP_REQUEST); rspamd_printf_fstring (&msg->url, "/update_v1/%s", m->name); - conn->http_conn = rspamd_http_connection_new ( - NULL, + conn->http_conn = rspamd_http_connection_new (NULL, fuzzy_mirror_error_handler, fuzzy_mirror_finish_handler, RSPAMD_HTTP_CLIENT_SIMPLE, RSPAMD_HTTP_CLIENT, - ctx->keypair_cache); + ctx->keypair_cache, + NULL); rspamd_http_connection_set_key (conn->http_conn, ctx->sync_keypair); @@ -1200,13 +1200,13 @@ accept_fuzzy_mirror_socket (gint fd, short what, void *arg) } session = g_slice_alloc0 (sizeof (*session)); - http_conn = rspamd_http_connection_new ( - NULL, + http_conn = rspamd_http_connection_new (NULL, rspamd_fuzzy_mirror_error_handler, rspamd_fuzzy_mirror_finish_handler, 0, RSPAMD_HTTP_SERVER, - ctx->keypair_cache); + ctx->keypair_cache, + NULL); rspamd_http_connection_set_key (http_conn, ctx->sync_keypair); session->ctx = ctx; diff --git a/src/libserver/rspamd_control.c b/src/libserver/rspamd_control.c index a925c0bb1..da573fa94 100644 --- a/src/libserver/rspamd_control.c +++ b/src/libserver/rspamd_control.c @@ -503,8 +503,13 @@ rspamd_control_process_client_socket (struct rspamd_main *rspamd_main, session = g_slice_alloc0 (sizeof (*session)); session->fd = fd; - session->conn = rspamd_http_connection_new (NULL, rspamd_control_error_handler, - rspamd_control_finish_handler, 0, RSPAMD_HTTP_SERVER, NULL); + session->conn = rspamd_http_connection_new (NULL, + rspamd_control_error_handler, + rspamd_control_finish_handler, + 0, + RSPAMD_HTTP_SERVER, + NULL, + NULL); session->rspamd_main = rspamd_main; rspamd_http_connection_read_message (session->conn, session, session->fd, &io_timeout, rspamd_main->ev_base); diff --git a/src/libutil/http.c b/src/libutil/http.c index 57618653a..46ebf486c 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -24,6 +24,7 @@ #include "keypair_private.h" #include "cryptobox.h" #include "unix-std.h" +#include "libutil/ssl_util.h" #define ENCRYPTED_VERSION " HTTP/1.0" @@ -42,6 +43,8 @@ enum rspamd_http_priv_flags { #define IS_CONN_RESETED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_RESETED) struct rspamd_http_connection_private { + gpointer ssl_ctx; + struct rspamd_ssl_connection *ssl; struct _rspamd_http_privbuf *buf; struct rspamd_cryptobox_pubkey *peer_key; struct rspamd_cryptobox_keypair *local_key; @@ -834,9 +837,15 @@ static void rspamd_http_simple_client_helper (struct rspamd_http_connection *conn) { struct event_base *base; + struct rspamd_http_connection_private *priv; + gpointer ssl; + priv = conn->priv; base = conn->priv->ev.ev_base; + ssl = priv->ssl; + priv->ssl = NULL; rspamd_http_connection_reset (conn); + priv->ssl = ssl; /* Plan read message */ rspamd_http_connection_read_message (conn, conn->ud, conn->fd, conn->priv->ptv, base); @@ -952,6 +961,16 @@ rspamd_http_try_read (gint fd, } static void +rspamd_http_ssl_err_handler (gpointer ud, GError *err) +{ + struct rspamd_http_connection *conn = (struct rspamd_http_connection *)ud; + + rspamd_http_connection_ref (conn); + conn->error_handler (conn, err); + rspamd_http_connection_unref (conn); +} + +static void rspamd_http_event_handler (int fd, short what, gpointer ud) { struct rspamd_http_connection *conn = (struct rspamd_http_connection *)ud; @@ -1084,39 +1103,42 @@ rspamd_http_parser_reset (struct rspamd_http_connection *conn) } struct rspamd_http_connection * -rspamd_http_connection_new (rspamd_http_body_handler_t body_handler, - rspamd_http_error_handler_t error_handler, - rspamd_http_finish_handler_t finish_handler, - unsigned opts, - enum rspamd_http_connection_type type, - struct rspamd_keypair_cache *cache) -{ - struct rspamd_http_connection *new; +rspamd_http_connection_new ( + rspamd_http_body_handler_t body_handler, + rspamd_http_error_handler_t error_handler, + rspamd_http_finish_handler_t finish_handler, + unsigned opts, + enum rspamd_http_connection_type type, + struct rspamd_keypair_cache *cache, + gpointer ssl_ctx) +{ + struct rspamd_http_connection *conn; struct rspamd_http_connection_private *priv; if (error_handler == NULL || finish_handler == NULL) { return NULL; } - new = g_slice_alloc0 (sizeof (struct rspamd_http_connection)); - new->opts = opts; - new->type = type; - new->body_handler = body_handler; - new->error_handler = error_handler; - new->finish_handler = finish_handler; - new->fd = -1; - new->ref = 1; - new->finished = FALSE; - new->cache = cache; + conn = g_slice_alloc0 (sizeof (struct rspamd_http_connection)); + conn->opts = opts; + conn->type = type; + conn->body_handler = body_handler; + conn->error_handler = error_handler; + conn->finish_handler = finish_handler; + conn->fd = -1; + conn->ref = 1; + conn->finished = FALSE; + conn->cache = cache; /* Init priv */ priv = g_slice_alloc0 (sizeof (struct rspamd_http_connection_private)); - new->priv = priv; + conn->priv = priv; + priv->ssl_ctx = ssl_ctx; - rspamd_http_parser_reset (new); - priv->parser.data = new; + rspamd_http_parser_reset (conn); + priv->parser.data = conn; - return new; + return conn; } void @@ -1156,6 +1178,11 @@ rspamd_http_connection_reset (struct rspamd_http_connection *conn) priv->out = NULL; } + if (priv->ssl) { + rspamd_ssl_connection_free (priv->ssl); + priv->ssl = NULL; + } + priv->flags |= RSPAMD_HTTP_CONN_FLAG_RESETED; } @@ -1504,6 +1531,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn guchar *np = NULL, *mp = NULL, *meth_pos = NULL; struct rspamd_cryptobox_pubkey *peer_key = NULL; enum rspamd_cryptobox_mode mode; + GError *err; conn->fd = fd; conn->ud = ud; @@ -1900,18 +1928,51 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn } } + priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED; + if (base != NULL && event_get_base (&priv->ev) == base) { event_del (&priv->ev); } - event_set (&priv->ev, fd, EV_WRITE, rspamd_http_event_handler, conn); + if (msg->flags & RSPAMD_HTTP_FLAG_SSL) { + if (base != NULL) { + event_base_set (base, &priv->ev); + } + if (!priv->ssl_ctx) { + err = g_error_new (HTTP_ERROR, errno, "ssl message requested " + "with no ssl ctx"); + rspamd_http_connection_ref (conn); + conn->error_handler (conn, err); + rspamd_http_connection_unref (conn); + g_error_free (err); + return; + } + else { + priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx); + g_assert (priv->ssl != NULL); + + if (!rspamd_ssl_connect_fd (priv->ssl, fd, host, &priv->ev, + priv->ptv, rspamd_http_event_handler, + rspamd_http_ssl_err_handler, conn)) { - if (base != NULL) { - event_base_set (base, &priv->ev); + err = g_error_new (HTTP_ERROR, errno, "ssl connection error"); + rspamd_http_connection_ref (conn); + conn->error_handler (conn, err); + rspamd_http_connection_unref (conn); + g_error_free (err); + return; + } + } } + else { + event_set (&priv->ev, fd, EV_WRITE, rspamd_http_event_handler, conn); - priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED; - event_add (&priv->ev, priv->ptv); + if (base != NULL) { + event_base_set (base, &priv->ev); + } + + event_add (&priv->ev, priv->ptv); + } } void @@ -1961,6 +2022,7 @@ rspamd_http_message_from_url (const gchar *url) struct rspamd_http_message *msg; const gchar *host, *path; size_t pathlen, urllen; + guint flags = 0; if (url == NULL) { return NULL; @@ -1977,6 +2039,14 @@ rspamd_http_message_from_url (const gchar *url) msg_warn ("no host argument in URL: %s", url); return NULL; } + + if ((pu.field_set & (1 << UF_SCHEMA))) { + if (pu.field_data[UF_SCHEMA].len == sizeof ("https") - 1 && + memcmp (url + pu.field_data[UF_SCHEMA].off, "https", 5) == 0) { + flags |= RSPAMD_HTTP_FLAG_SSL; + } + } + if ((pu.field_set & (1 << UF_PATH)) == 0) { path = "/"; pathlen = 1; @@ -1988,13 +2058,19 @@ rspamd_http_message_from_url (const gchar *url) msg = rspamd_http_new_message (HTTP_REQUEST); host = url + pu.field_data[UF_HOST].off; + msg->flags = flags; if ((pu.field_set & (1 << UF_PORT)) != 0) { msg->port = pu.port; } else { /* XXX: magic constant */ - msg->port = 80; + if (flags & RSPAMD_HTTP_FLAG_SSL) { + msg->port = 443; + } + else { + msg->port = 80; + } } msg->host = rspamd_fstring_new_init (host, pu.field_data[UF_HOST].len); @@ -2724,7 +2800,9 @@ rspamd_http_router_handle_socket (struct rspamd_http_connection_router *router, rspamd_http_router_error_handler, rspamd_http_router_finish_handler, 0, - RSPAMD_HTTP_SERVER, router->cache); + RSPAMD_HTTP_SERVER, + router->cache, + NULL); if (router->key) { rspamd_http_connection_set_key (conn->conn, router->key); diff --git a/src/libutil/http.h b/src/libutil/http.h index 4cbcaf5fb..e85e7ccee 100644 --- a/src/libutil/http.h +++ b/src/libutil/http.h @@ -53,6 +53,10 @@ struct rspamd_http_connection_entry; * Store body of the message in an immutable shared memory segment */ #define RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE (1 << 3) +/** + * Use tls for this message + */ +#define RSPAMD_HTTP_FLAG_SSL (1 << 4) /** * Options for HTTP connection @@ -64,24 +68,24 @@ enum rspamd_http_options { }; typedef int (*rspamd_http_body_handler_t) (struct rspamd_http_connection *conn, - struct rspamd_http_message *msg, - const gchar *chunk, - gsize len); + struct rspamd_http_message *msg, + const gchar *chunk, + gsize len); typedef void (*rspamd_http_error_handler_t) (struct rspamd_http_connection *conn, - GError *err); + GError *err); typedef int (*rspamd_http_finish_handler_t) (struct rspamd_http_connection *conn, - struct rspamd_http_message *msg); + struct rspamd_http_message *msg); typedef int (*rspamd_http_router_handler_t) (struct rspamd_http_connection_entry - *conn_ent, - struct rspamd_http_message *msg); + *conn_ent, + struct rspamd_http_message *msg); typedef void (*rspamd_http_router_error_handler_t) (struct - rspamd_http_connection_entry *conn_ent, - GError *err); + rspamd_http_connection_entry *conn_ent, + GError *err); typedef void (*rspamd_http_router_finish_handler_t) (struct - rspamd_http_connection_entry *conn_ent); + rspamd_http_connection_entry *conn_ent); /** * HTTP connection structure @@ -127,13 +131,14 @@ struct rspamd_http_connection_router { * @param opts options * @return new connection structure */ -struct rspamd_http_connection * rspamd_http_connection_new ( - rspamd_http_body_handler_t body_handler, - rspamd_http_error_handler_t error_handler, - rspamd_http_finish_handler_t finish_handler, - unsigned opts, - enum rspamd_http_connection_type type, - struct rspamd_keypair_cache *cache); +struct rspamd_http_connection *rspamd_http_connection_new ( + rspamd_http_body_handler_t body_handler, + rspamd_http_error_handler_t error_handler, + rspamd_http_finish_handler_t finish_handler, + unsigned opts, + enum rspamd_http_connection_type type, + struct rspamd_keypair_cache *cache, + gpointer ssl_ctx); /** @@ -335,8 +340,8 @@ gboolean rspamd_http_message_append_body (struct rspamd_http_message *msg, * @param value */ void rspamd_http_message_add_header (struct rspamd_http_message *msg, - const gchar *name, - const gchar *value); + const gchar *name, + const gchar *value); /** * Search for a specified header in message @@ -354,7 +359,7 @@ const rspamd_ftok_t * rspamd_http_message_find_header ( * @return */ gboolean rspamd_http_message_remove_header (struct rspamd_http_message *msg, - const gchar *name); + const gchar *name); /** * Free HTTP message @@ -390,12 +395,12 @@ time_t rspamd_http_parse_date (const gchar *header, gsize len); * @return */ struct rspamd_http_connection_router * rspamd_http_router_new ( - rspamd_http_router_error_handler_t eh, - rspamd_http_router_finish_handler_t fh, - struct timeval *timeout, - struct event_base *base, - const char *default_fs_path, - struct rspamd_keypair_cache *cache); + rspamd_http_router_error_handler_t eh, + rspamd_http_router_finish_handler_t fh, + struct timeval *timeout, + struct event_base *base, + const char *default_fs_path, + struct rspamd_keypair_cache *cache); /** * Set encryption key for the HTTP router @@ -409,7 +414,7 @@ void rspamd_http_router_set_key (struct rspamd_http_connection_router *router, * Add new path to the router */ void rspamd_http_router_add_path (struct rspamd_http_connection_router *router, - const gchar *path, rspamd_http_router_handler_t handler); + const gchar *path, rspamd_http_router_handler_t handler); /** * Handle new accepted socket @@ -418,9 +423,9 @@ void rspamd_http_router_add_path (struct rspamd_http_connection_router *router, * @param ud opaque userdata */ void rspamd_http_router_handle_socket ( - struct rspamd_http_connection_router *router, - gint fd, - gpointer ud); + struct rspamd_http_connection_router *router, + gint fd, + gpointer ud); /** * Free router and all connections associated diff --git a/src/libutil/map.c b/src/libutil/map.c index b747b6a96..6bc0ef257 100644 --- a/src/libutil/map.c +++ b/src/libutil/map.c @@ -646,9 +646,13 @@ rspamd_map_dns_callback (struct rdns_reply *reply, void *arg) if (cbd->fd != -1) { cbd->stage = map_load_file; cbd->conn = rspamd_http_connection_new (http_map_read, - http_map_error, http_map_finish, - RSPAMD_HTTP_BODY_PARTIAL|RSPAMD_HTTP_CLIENT_SIMPLE, - RSPAMD_HTTP_CLIENT, NULL); + http_map_error, + http_map_finish, + RSPAMD_HTTP_BODY_PARTIAL | + RSPAMD_HTTP_CLIENT_SIMPLE, + RSPAMD_HTTP_CLIENT, + NULL, + NULL); write_http_request (cbd); } diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c index d0f73a907..6c426761b 100644 --- a/src/libutil/ssl_util.c +++ b/src/libutil/ssl_util.c @@ -363,7 +363,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud) /* Verify certificate */ if (rspamd_ssl_peer_verify (c)) { c->state = ssl_conn_connected; - c->handler (fd, what, c->handler_data); + c->handler (fd, EV_WRITE, c->handler_data); } else { /* Error handler has been called from peer verify */ diff --git a/src/lua/lua_http.c b/src/lua/lua_http.c index 0e9c99cc7..298da5a47 100644 --- a/src/lua/lua_http.c +++ b/src/lua/lua_http.c @@ -201,9 +201,13 @@ lua_http_make_connection (struct lua_http_cbdata *cbd) return FALSE; } cbd->fd = fd; - cbd->conn = rspamd_http_connection_new (NULL, lua_http_error_handler, - lua_http_finish_handler, RSPAMD_HTTP_CLIENT_SIMPLE, - RSPAMD_HTTP_CLIENT, NULL); + cbd->conn = rspamd_http_connection_new (NULL, + lua_http_error_handler, + lua_http_finish_handler, + RSPAMD_HTTP_CLIENT_SIMPLE, + RSPAMD_HTTP_CLIENT, + NULL, + NULL); rspamd_http_connection_write_message (cbd->conn, cbd->msg, NULL, cbd->mime_type, cbd, fd, &cbd->tv, cbd->ev_base); diff --git a/src/plugins/surbl.c b/src/plugins/surbl.c index 4cd594b8f..1e0eacff1 100644 --- a/src/plugins/surbl.c +++ b/src/plugins/surbl.c @@ -1329,10 +1329,13 @@ register_redirector_call (struct rspamd_url *url, struct rspamd_task *task, sizeof (struct redirector_param)); param->url = url; param->task = task; - param->conn = rspamd_http_connection_new (NULL, surbl_redirector_error, + param->conn = rspamd_http_connection_new (NULL, + surbl_redirector_error, surbl_redirector_finish, RSPAMD_HTTP_CLIENT_SIMPLE, - RSPAMD_HTTP_CLIENT, NULL); + RSPAMD_HTTP_CLIENT, + NULL, + NULL); msg = rspamd_http_new_message (HTTP_REQUEST); msg->url = rspamd_fstring_assign (msg->url, url->string, url->urllen); param->sock = s; diff --git a/src/rspamadm/control.c b/src/rspamadm/control.c index 52fec99c6..2bdccc876 100644 --- a/src/rspamadm/control.c +++ b/src/rspamadm/control.c @@ -230,9 +230,13 @@ rspamadm_control (gint argc, gchar **argv) L = rspamd_lua_init (); - conn = rspamd_http_connection_new (NULL, rspamd_control_error_handler, - rspamd_control_finish_handler, RSPAMD_HTTP_CLIENT_SIMPLE, - RSPAMD_HTTP_CLIENT, NULL); + conn = rspamd_http_connection_new (NULL, + rspamd_control_error_handler, + rspamd_control_finish_handler, + RSPAMD_HTTP_CLIENT_SIMPLE, + RSPAMD_HTTP_CLIENT, + NULL, + NULL); msg = rspamd_http_new_message (HTTP_REQUEST); msg->url = rspamd_fstring_new_init (path, strlen (path)); double_to_tv (timeout, &tv); diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c index 8290795f8..b7e0c9618 100644 --- a/src/rspamd_proxy.c +++ b/src/rspamd_proxy.c @@ -1023,13 +1023,13 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session) rspamd_http_message_add_header (msg, "Settings-ID", m->settings_id); } - bk_conn->backend_conn = rspamd_http_connection_new ( - NULL, + bk_conn->backend_conn = rspamd_http_connection_new (NULL, proxy_backend_mirror_error_handler, proxy_backend_mirror_finish_handler, RSPAMD_HTTP_CLIENT_SIMPLE, RSPAMD_HTTP_CLIENT, - session->ctx->keys_cache); + session->ctx->keys_cache, + NULL); rspamd_http_connection_set_key (bk_conn->backend_conn, session->ctx->local_key); @@ -1219,7 +1219,8 @@ proxy_client_finish_handler (struct rspamd_http_connection *conn, proxy_backend_master_finish_handler, RSPAMD_HTTP_CLIENT_SIMPLE, RSPAMD_HTTP_CLIENT, - session->ctx->keys_cache); + session->ctx->keys_cache, + NULL); session->master_conn->parser_from_ref = backend->parser_from_ref; session->master_conn->parser_to_ref = backend->parser_to_ref; @@ -1291,13 +1292,13 @@ proxy_accept_socket (gint fd, short what, void *arg) session->mirror_conns = g_ptr_array_sized_new (ctx->mirrors->len); session->pool = rspamd_mempool_new (rspamd_mempool_suggest_size (), "proxy"); - session->client_conn = rspamd_http_connection_new ( - NULL, - proxy_client_error_handler, - proxy_client_finish_handler, - 0, - RSPAMD_HTTP_SERVER, - ctx->keys_cache); + session->client_conn = rspamd_http_connection_new (NULL, + proxy_client_error_handler, + proxy_client_finish_handler, + 0, + RSPAMD_HTTP_SERVER, + ctx->keys_cache, + NULL); session->ctx = ctx; if (ctx->key) { diff --git a/src/worker.c b/src/worker.c index 81c5b1c63..a099e8177 100644 --- a/src/worker.c +++ b/src/worker.c @@ -298,13 +298,13 @@ accept_socket (gint fd, short what, void *arg) /* TODO: allow to disable autolearn in protocol */ task->flags |= RSPAMD_TASK_FLAG_LEARN_AUTO; - task->http_conn = rspamd_http_connection_new ( - rspamd_worker_body_handler, - rspamd_worker_error_handler, - rspamd_worker_finish_handler, - 0, - RSPAMD_HTTP_SERVER, - ctx->keys_cache); + task->http_conn = rspamd_http_connection_new (rspamd_worker_body_handler, + rspamd_worker_error_handler, + rspamd_worker_finish_handler, + 0, + RSPAMD_HTTP_SERVER, + ctx->keys_cache, + NULL); task->ev_base = ctx->ev_base; worker->nconns++; rspamd_mempool_add_destructor (task->task_pool, |