/*-
* Copyright 2017 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "config.h"
#include "milter.h"
#include "milter_internal.h"
#include "email_addr.h"
#include "addr.h"
#include "unix-std.h"
#include "logger.h"
#include "ottery.h"
#include "libserver/http/http_connection.h"
#include "libserver/http/http_private.h"
#include "libserver/protocol_internal.h"
#include "libserver/cfg_file_private.h"
#include "libmime/scan_result.h"
#include "libserver/worker_util.h"
#include "utlist.h"
#define msg_err_milter(...) rspamd_default_log_function(G_LOG_LEVEL_CRITICAL, \
"milter", priv->pool->tag.uid, \
RSPAMD_LOG_FUNC, \
__VA_ARGS__)
#define msg_warn_milter(...) rspamd_default_log_function(G_LOG_LEVEL_WARNING, \
"milter", priv->pool->tag.uid, \
RSPAMD_LOG_FUNC, \
__VA_ARGS__)
#define msg_info_milter(...) rspamd_default_log_function(G_LOG_LEVEL_INFO, \
"milter", priv->pool->tag.uid, \
RSPAMD_LOG_FUNC, \
__VA_ARGS__)
#define msg_debug_milter(...) rspamd_conditional_debug_fast(NULL, NULL, \
rspamd_milter_log_id, "milter", priv->pool->tag.uid, \
RSPAMD_LOG_FUNC, \
__VA_ARGS__)
INIT_LOG_MODULE(milter)
static const struct rspamd_milter_context *milter_ctx = NULL;
static gboolean rspamd_milter_handle_session(
struct rspamd_milter_session *session,
struct rspamd_milter_private *priv);
static inline void rspamd_milter_plan_io(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv, gshort what);
static GQuark
rspamd_milter_quark(void)
{
return g_quark_from_static_string("milter");
}
static void
rspamd_milter_obuf_free(struct rspamd_milter_outbuf *obuf)
{
if (obuf) {
if (obuf->buf) {
rspamd_fstring_free(obuf->buf);
}
g_free(obuf);
}
}
#define RSPAMD_MILTER_RESET_COMMON (1 << 0)
#define RSPAMD_MILTER_RESET_IO (1 << 1)
#define RSPAMD_MILTER_RESET_ADDR (1 << 2)
#define RSPAMD_MILTER_RESET_MACRO (1 << 3)
#define RSPAMD_MILTER_RESET_ALL (RSPAMD_MILTER_RESET_COMMON | \
RSPAMD_MILTER_RESET_IO | \
RSPAMD_MILTER_RESET_ADDR | \
RSPAMD_MILTER_RESET_MACRO)
#define RSPAMD_MILTER_RESET_QUIT_NC (RSPAMD_MILTER_RESET_COMMON | \
RSPAMD_MILTER_RESET_ADDR | \
RSPAMD_MILTER_RESET_MACRO)
#define RSPAMD_MILTER_RESET_ABORT (RSPAMD_MILTER_RESET_COMMON)
static void
rspamd_milter_session_reset(struct rspamd_milter_session *session,
guint how)
{
struct rspamd_milter_outbuf *obuf, *obuf_tmp;
struct rspamd_milter_private *priv = session->priv;
struct rspamd_email_address *cur;
guint i;
if (how & RSPAMD_MILTER_RESET_IO) {
msg_debug_milter("cleanup IO on abort");
DL_FOREACH_SAFE(priv->out_chain, obuf, obuf_tmp)
{
rspamd_milter_obuf_free(obuf);
}
priv->out_chain = NULL;
if (priv->parser.buf) {
priv->parser.buf->len = 0;
}
}
if (how & RSPAMD_MILTER_RESET_COMMON) {
msg_debug_milter("cleanup common data on abort");
if (session->message) {
session->message->len = 0;
msg_debug_milter("cleanup message on abort");
}
if (session->rcpts) {
PTR_ARRAY_FOREACH(session->rcpts, i, cur)
{
rspamd_email_address_free(cur);
}
msg_debug_milter("cleanup %d recipients on abort",
(gint) session->rcpts->len);
g_ptr_array_free(session->rcpts, TRUE);
session->rcpts = NULL;
}
if (session->from) {
msg_debug_milter("cleanup from");
rspamd_email_address_free(session->from);
session->from = NULL;
}
if (priv->headers) {
msg_debug_milter("cleanup headers");
gchar *k;
GArray *ar;
kh_foreach(priv->headers, k, ar, {
g_free(k);
g_array_free(ar, TRUE);
});
kh_clear(milter_headers_hash_t, priv->headers);
}
priv->cur_hdr = 0;
}
if (how & RSPAMD_MILTER_RESET_ADDR) {
if (session->addr) {
msg_debug_milter("cleanup addr");
rspamd_inet_address_free(session->addr);
session->addr = NULL;
}
if (session->hostname) {
msg_debug_milter("cleanup hostname");
session->hostname->len = 0;
}
}
if (how & RSPAMD_MILTER_RESET_MACRO) {
if (session->macros) {
msg_debug_milter("cleanup macros");
g_hash_table_unref(session->macros);
session->macros = NULL;
}
}
}
static void
rspamd_milter_session_dtor(struct rspamd_milter_session *session)
{
struct rspamd_milter_private *priv;
if (session) {
priv = session->priv;
msg_debug_milter("destroying milter session");
rspamd_ev_watcher_stop(priv->event_loop, &priv->ev);
rspamd_milter_session_reset(session, RSPAMD_MILTER_RESET_ALL);
close(priv->fd);
if (priv->parser.buf) {
rspamd_fstring_free(priv->parser.buf);
}
if (session->message) {
rspamd_fstring_free(session->message);
}
if (session->helo) {
rspamd_fstring_free(session->helo);
}
if (session->hostname) {
rspamd_fstring_free(session->hostname);
}
if (priv->headers) {
gchar *k;
GArray *ar;
kh_foreach(priv->headers, k, ar, {
g_free(k);
g_array_free(ar, TRUE);
});
kh_destroy(milter_headers_hash_t, priv->headers);
}
if (milter_ctx->sessions_cache) {
rspamd_worker_session_cache_remove(milter_ctx->sessions_cache,
session);
}
rspamd_mempool_delete(priv->pool);
g_free(priv);
g_free(session);
}
}
static void
rspamd_milter_on_protocol_error(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv, GError *err)
{
msg_debug_milter("protocol error: %e", err);
priv->state = RSPAMD_MILTER_WANNA_DIE;
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
rspamd_milter_plan_io(session, priv, EV_WRITE);
}
static void
rspamd_milter_on_protocol_ping(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv)
{
GError *err = NULL;
static const gchar reply[] = "HTTP/1.1 200 OK\r\n"
"Connection: close\r\n"
"Server: rspamd/2.7 (milter mode)\r\n"
"Content-Length: 6\r\n"
"Content-Type: text/plain\r\n"
"\r\n"
"pong\r\n";
if (write(priv->fd, reply, sizeof(reply)) == -1) {
gint serrno = errno;
msg_err_milter("cannot write pong reply: %s", strerror(serrno));
g_set_error(&err, rspamd_milter_quark(), serrno, "ping command IO error: %s",
strerror(serrno));
priv->state = RSPAMD_MILTER_WANNA_DIE;
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
}
else {
priv->state = RSPAMD_MILTER_PONG_AND_DIE;
rspamd_milter_plan_io(session, priv, EV_WRITE);
}
}
static gint
rspamd_milter_http_on_url(http_parser *parser, const gchar *at, size_t length)
{
GString *url = (GString *) parser->data;
g_string_append_len(url, at, length);
return 0;
}
static void
rspamd_milter_io_handler(gint fd, gshort what, void *ud)
{
struct rspamd_milter_session *session = ud;
struct rspamd_milter_private *priv;
GError *err;
priv = session->priv;
if (what == EV_TIMEOUT) {
msg_debug_milter("connection timed out");
err = g_error_new(rspamd_milter_quark(), ETIMEDOUT, "connection "
"timed out");
rspamd_milter_on_protocol_error(session, priv, err);
}
else {
rspamd_milter_handle_session(session, priv);
}
}
static inline void
rspamd_milter_plan_io(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv, gshort what)
{
rspamd_ev_watcher_reschedule(priv->event_loop, &priv->ev, what);
}
#define READ_INT_32(pos, var) \
do { \
memcpy(&(var), (pos), sizeof(var)); \
(pos) += sizeof(var); \
(var) = ntohl(var); \
} while (0)
#define READ_INT_16(pos, var) \
do { \
memcpy(&(var), (pos), sizeof(var)); \
(pos) += sizeof(var); \
(var) = ntohs(var); \
} while (0)
static gboolean
rspamd_milter_process_command(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv)
{
GError *err;
rspamd_fstring_t *buf;
const guchar *pos, *end, *zero;
guint cmdlen;
guint32 version, actions, protocol;
buf = priv->parser.buf;
pos = buf->str + priv->parser.cmd_start;
cmdlen = priv->parser.datalen;
end = pos + cmdlen;
switch (priv->parser.cur_cmd) {
case RSPAMD_MILTER_CMD_ABORT:
msg_debug_milter("got abort command");
rspamd_milter_session_reset(session, RSPAMD_MILTER_RESET_ABORT);
break;
case RSPAMD_MILTER_CMD_BODY:
if (!session->message) {
session->message = rspamd_fstring_sized_new(
RSPAMD_MILTER_MESSAGE_CHUNK);
}
msg_debug_milter("got body chunk: %d bytes", (int) cmdlen);
session->message = rspamd_fstring_append(session->message,
pos, cmdlen);
break;
case RSPAMD_MILTER_CMD_CONNECT:
msg_debug_milter("got connect command");
/*
* char hostname[]: Hostname, NUL terminated
* char family: Protocol family
* uint16 port: Port number (SMFIA_INET or SMFIA_INET6 only)
* char address[]: IP address (ASCII) or unix socket path, NUL terminated
*/
zero = memchr(pos, '\0', cmdlen);
if (zero == NULL || zero > (end - sizeof(guint16) + 1)) {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"connect command (no name)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
else {
guchar proto;
guint16 port;
gchar ip6_str[INET6_ADDRSTRLEN + 3];
gsize r;
/*
* Important notice: Postfix do NOT use this command to pass
* client's info (e.g. hostname is not really here)
* Sendmail will pass it here
*/
if (session->hostname == NULL) {
session->hostname = rspamd_fstring_new_init(pos, zero - pos);
msg_debug_milter("got hostname on connect phase: %V",
session->hostname);
}
else {
session->hostname = rspamd_fstring_assign(session->hostname,
pos, zero - pos);
msg_debug_milter("rewrote hostname on connect phase: %V",
session->hostname);
}
pos = zero + 1;
proto = *pos++;
if (proto == RSPAMD_MILTER_CONN_UNKNOWN) {
/* We have no information about host */
msg_debug_milter("unknown connect address");
}
else {
READ_INT_16(pos, port);
if (pos >= end) {
/* No IP somehow */
msg_debug_milter("unknown connect IP/socket");
}
else {
zero = memchr(pos, '\0', end - pos);
if (zero == NULL) {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"connect command (no zero terminated IP)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
switch (proto) {
case RSPAMD_MILTER_CONN_UNIX:
session->addr = rspamd_inet_address_new(AF_UNIX,
pos);
break;
case RSPAMD_MILTER_CONN_INET:
session->addr = rspamd_inet_address_new(AF_INET, NULL);
if (!rspamd_parse_inet_address_ip(pos, zero - pos,
session->addr)) {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"invalid connect command (bad IPv4)");
rspamd_milter_on_protocol_error(session, priv,
err);
return FALSE;
}
rspamd_inet_address_set_port(session->addr, port);
break;
case RSPAMD_MILTER_CONN_INET6:
session->addr = rspamd_inet_address_new(AF_INET6, NULL);
if (zero - pos > sizeof("IPv6:") &&
rspamd_lc_cmp(pos, "IPv6:",
sizeof("IPv6:") - 1) == 0) {
/* Kill sendmail please */
pos += sizeof("IPv6:") - 1;
if (*pos != '[') {
/* Add explicit braces */
r = rspamd_snprintf(ip6_str, sizeof(ip6_str),
"[%*s]", (int) (zero - pos), pos);
}
else {
r = rspamd_strlcpy(ip6_str, pos, sizeof(ip6_str));
}
}
else {
r = rspamd_strlcpy(ip6_str, pos, sizeof(ip6_str));
}
if (!rspamd_parse_inet_address_ip(ip6_str, r,
session->addr)) {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"invalid connect command (bad IPv6)");
rspamd_milter_on_protocol_error(session, priv,
err);
return FALSE;
}
rspamd_inet_address_set_port(session->addr, port);
break;
default:
err = g_error_new(rspamd_milter_quark(), EINVAL,
"invalid connect command (bad protocol: %c)",
proto);
rspamd_milter_on_protocol_error(session, priv,
err);
return FALSE;
}
}
}
msg_info_milter("got connection from %s",
rspamd_inet_address_to_string_pretty(session->addr));
}
break;
case RSPAMD_MILTER_CMD_MACRO:
msg_debug_milter("got macro command");
/*
* Format is
* 1 byte - command associated (we don't care about it)
* 0-terminated name
* 0-terminated value
* ...
*/
if (session->macros == NULL) {
session->macros = g_hash_table_new_full(rspamd_ftok_icase_hash,
rspamd_ftok_icase_equal,
rspamd_fstring_mapped_ftok_free,
rspamd_fstring_mapped_ftok_free);
}
/* Ignore one byte */
pos++;
while (pos < end) {
zero = memchr(pos, '\0', cmdlen);
if (zero == NULL || zero >= end) {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"macro command (no name)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
else {
rspamd_fstring_t *name, *value;
rspamd_ftok_t *name_tok, *value_tok;
const guchar *zero_val;
zero_val = memchr(zero + 1, '\0', end - zero - 1);
if (zero_val != NULL && end > zero_val) {
name = rspamd_fstring_new_init(pos, zero - pos);
value = rspamd_fstring_new_init(zero + 1,
zero_val - zero - 1);
name_tok = rspamd_ftok_map(name);
value_tok = rspamd_ftok_map(value);
g_hash_table_replace(session->macros, name_tok, value_tok);
msg_debug_milter("got macro: %T -> %T",
name_tok, value_tok);
cmdlen -= zero_val - pos;
pos = zero_val + 1;
}
else {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"invalid macro command (bad value)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
}
}
break;
case RSPAMD_MILTER_CMD_BODYEOB:
msg_debug_milter("got eob command");
REF_RETAIN(session);
priv->fin_cb(priv->fd, session, priv->ud);
REF_RELEASE(session);
break;
case RSPAMD_MILTER_CMD_HELO:
msg_debug_milter("got helo command");
if (end > pos && *(end - 1) == '\0') {
if (session->helo == NULL) {
session->helo = rspamd_fstring_new_init(pos, cmdlen - 1);
}
else {
session->helo = rspamd_fstring_assign(session->helo,
pos, cmdlen - 1);
}
}
else if (end > pos) {
/* Should not happen */
if (session->helo == NULL) {
session->helo = rspamd_fstring_new_init(pos, cmdlen);
}
else {
session->helo = rspamd_fstring_assign(session->helo,
pos, cmdlen);
}
}
msg_debug_milter("got helo value: %V", session->helo);
break;
case RSPAMD_MILTER_CMD_QUIT_NC:
/* We need to reset session and start over */
msg_debug_milter("got quit_nc command");
rspamd_milter_session_reset(session, RSPAMD_MILTER_RESET_QUIT_NC);
break;
case RSPAMD_MILTER_CMD_HEADER:
msg_debug_milter("got header command");
if (!session->message) {
session->message = rspamd_fstring_sized_new(
RSPAMD_MILTER_MESSAGE_CHUNK);
}
zero = memchr(pos, '\0', cmdlen);
if (zero == NULL) {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"header command (no name)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
else {
if (end > zero && *(end - 1) == '\0') {
khiter_t k;
gint res;
k = kh_get(milter_headers_hash_t, priv->headers, (gchar *) pos);
if (k == kh_end(priv->headers)) {
GArray *ar;
k = kh_put(milter_headers_hash_t, priv->headers,
g_strdup(pos), &res);
ar = g_array_new(FALSE, FALSE, sizeof(gint));
g_array_append_val(ar, priv->cur_hdr);
kh_value(priv->headers, k) = ar;
}
else {
g_array_append_val(kh_value(priv->headers, k),
priv->cur_hdr);
}
rspamd_printf_fstring(&session->message, "%*s: %*s\r\n",
(int) (zero - pos), pos,
(int) (end - zero - 2), zero + 1);
priv->cur_hdr++;
}
else {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"header command (bad value)");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
}
break;
case RSPAMD_MILTER_CMD_MAIL:
msg_debug_milter("mail command");
while (pos < end) {
struct rspamd_email_address *addr;
gchar *cpy;
zero = memchr(pos, '\0', end - pos);
if (zero && zero > pos) {
cpy = rspamd_mempool_alloc(priv->pool, zero - pos);
memcpy(cpy, pos, zero - pos);
msg_debug_milter("got mail: %*s", (int) (zero - pos), cpy);
addr = rspamd_email_address_from_smtp(cpy, zero - pos);
if (addr) {
session->from = addr;
}
/* TODO: parse esmtp arguments */
break;
}
else {
msg_debug_milter("got weird from: %*s", (int) (end - pos),
pos);
/* That actually should not happen */
cpy = rspamd_mempool_alloc(priv->pool, end - pos);
memcpy(cpy, pos, end - pos);
addr = rspamd_email_address_from_smtp(cpy, end - pos);
if (addr) {
session->from = addr;
}
break;
}
}
break;
case RSPAMD_MILTER_CMD_EOH:
msg_debug_milter("got eoh command");
if (!session->message) {
session->message = rspamd_fstring_sized_new(
RSPAMD_MILTER_MESSAGE_CHUNK);
}
session->message = rspamd_fstring_append(session->message,
"\r\n", 2);
break;
case RSPAMD_MILTER_CMD_OPTNEG:
if (cmdlen != sizeof(guint32) * 3) {
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"optneg command");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
READ_INT_32(pos, version);
READ_INT_32(pos, actions);
READ_INT_32(pos, protocol);
msg_debug_milter("optneg: version: %d, actions: %d, protocol: %d",
version, actions, protocol);
if (version < RSPAMD_MILTER_PROTO_VER) {
msg_warn_milter("MTA specifies too old protocol: %d, "
"aborting connection",
version);
err = g_error_new(rspamd_milter_quark(), EINVAL, "invalid "
"protocol version: %d",
version);
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
version = RSPAMD_MILTER_PROTO_VER;
actions |= RSPAMD_MILTER_ACTIONS_MASK;
protocol = RSPAMD_MILTER_FLAG_NOREPLY_MASK;
return rspamd_milter_send_action(session, RSPAMD_MILTER_OPTNEG,
version, actions, protocol);
break;
case RSPAMD_MILTER_CMD_QUIT:
if (priv->out_chain) {
msg_debug_milter("quit command, refcount: %d, "
"some output buffers left - draining",
session->ref.refcount);
priv->state = RSPAMD_MILTER_WRITE_AND_DIE;
}
else {
msg_debug_milter("quit command, refcount: %d",
session->ref.refcount);
priv->state = RSPAMD_MILTER_WANNA_DIE;
REF_RETAIN(session);
priv->fin_cb(priv->fd, session, priv->ud);
REF_RELEASE(session);
return FALSE;
}
break;
case RSPAMD_MILTER_CMD_RCPT:
msg_debug_milter("rcpt command");
while (pos < end) {
struct rspamd_email_address *addr;
gchar *cpy;
zero = memchr(pos, '\0', end - pos);
if (zero && zero > pos) {
cpy = rspamd_mempool_alloc(priv->pool, end - pos);
memcpy(cpy, pos, end - pos);
msg_debug_milter("got rcpt: %*s", (int) (zero - pos), cpy);
addr = rspamd_email_address_from_smtp(cpy, zero - pos);
if (addr) {
if (!session->rcpts) {
session->rcpts = g_ptr_array_sized_new(1);
}
g_ptr_array_add(session->rcpts, addr);
}
pos = zero + 1;
}
else {
cpy = rspamd_mempool_alloc(priv->pool, end - pos);
memcpy(cpy, pos, end - pos);
msg_debug_milter("got weird rcpt: %*s", (int) (end - pos),
pos);
/* That actually should not happen */
addr = rspamd_email_address_from_smtp(cpy, end - pos);
if (addr) {
if (!session->rcpts) {
session->rcpts = g_ptr_array_sized_new(1);
}
g_ptr_array_add(session->rcpts, addr);
}
break;
}
}
break;
case RSPAMD_MILTER_CMD_DATA:
if (!session->message) {
session->message = rspamd_fstring_sized_new(
RSPAMD_MILTER_MESSAGE_CHUNK);
}
msg_debug_milter("got data command");
/* We do not need reply as specified */
break;
default:
msg_debug_milter("got bad command: %c", priv->parser.cur_cmd);
break;
}
return TRUE;
}
static gboolean
rspamd_milter_is_valid_cmd(guchar c)
{
switch (c) {
case RSPAMD_MILTER_CMD_ABORT:
case RSPAMD_MILTER_CMD_BODY:
case RSPAMD_MILTER_CMD_CONNECT:
case RSPAMD_MILTER_CMD_MACRO:
case RSPAMD_MILTER_CMD_BODYEOB:
case RSPAMD_MILTER_CMD_HELO:
case RSPAMD_MILTER_CMD_QUIT_NC:
case RSPAMD_MILTER_CMD_HEADER:
case RSPAMD_MILTER_CMD_MAIL:
case RSPAMD_MILTER_CMD_EOH:
case RSPAMD_MILTER_CMD_OPTNEG:
case RSPAMD_MILTER_CMD_QUIT:
case RSPAMD_MILTER_CMD_RCPT:
case RSPAMD_MILTER_CMD_DATA:
case RSPAMD_MILTER_CMD_UNKNOWN:
return TRUE;
default:
break;
}
return FALSE;
}
static gboolean
rspamd_milter_consume_input(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv)
{
const guchar *p, *end;
GError *err;
p = priv->parser.buf->str + priv->parser.pos;
end = priv->parser.buf->str + priv->parser.buf->len;
while (p < end) {
msg_debug_milter("offset: %d, state: %d",
(gint) (p - (const guchar *) priv->parser.buf->str),
priv->parser.state);
switch (priv->parser.state) {
case st_len_1:
/* The first length byte in big endian order */
priv->parser.datalen = 0;
priv->parser.datalen |= ((gsize) *p) << 24;
priv->parser.state = st_len_2;
p++;
break;
case st_len_2:
/* The second length byte in big endian order */
priv->parser.datalen |= ((gsize) *p) << 16;
priv->parser.state = st_len_3;
p++;
break;
case st_len_3:
/* The third length byte in big endian order */
priv->parser.datalen |= ((gsize) *p) << 8;
priv->parser.state = st_len_4;
p++;
break;
case st_len_4:
/* The fourth length byte in big endian order */
priv->parser.datalen |= ((gsize) *p);
priv->parser.state = st_read_cmd;
p++;
break;
case st_read_cmd:
priv->parser.cur_cmd = *p;
priv->parser.state = st_read_data;
if (priv->parser.datalen < 1) {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"Command length is too short");
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
else {
/* Eat command itself */
priv->parser.datalen--;
}
p++;
priv->parser.cmd_start = p - (const guchar *) priv->parser.buf->str;
break;
case st_read_data:
/* We might need some more data in buffer for further steps */
if (priv->parser.datalen >
RSPAMD_MILTER_MESSAGE_CHUNK * 2) {
/* Check if we have HTTP input instead of milter */
if (priv->parser.buf->len > sizeof("GET") &&
memcmp(priv->parser.buf->str, "GET", 3) == 0) {
struct http_parser http_parser;
struct http_parser_settings http_callbacks;
GString *url = g_string_new(NULL);
/* Hack, hack, hack */
/*
* This code is assumed to read `/ping` command and
* handle it to monitor port's availability since
* milter protocol is stupid and does not allow to do that
* This code also assumes that HTTP request can be read
* as as single data chunk which is not true in some cases
* In general, don't use it for anything but ping checks
*/
memset(&http_callbacks, 0, sizeof(http_callbacks));
http_parser.data = url;
http_parser_init(&http_parser, HTTP_REQUEST);
http_callbacks.on_url = rspamd_milter_http_on_url;
http_parser_execute(&http_parser, &http_callbacks,
priv->parser.buf->str, priv->parser.buf->len);
if (url->len == sizeof("/ping") - 1 &&
rspamd_lc_cmp(url->str, "/ping", url->len) == 0) {
rspamd_milter_on_protocol_ping(session, priv);
g_string_free(url, TRUE);
return TRUE;
}
else {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"HTTP GET request is not supported in milter mode, url: %s",
url->str);
}
g_string_free(url, TRUE);
}
else if (priv->parser.buf->len > sizeof("POST") &&
memcmp(priv->parser.buf->str, "POST", 4) == 0) {
err = g_error_new(rspamd_milter_quark(), EINVAL,
"HTTP POST request is not supported in milter mode");
}
else {
err = g_error_new(rspamd_milter_quark(), E2BIG,
"Command length is too big: %zd",
priv->parser.datalen);
}
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
if (!rspamd_milter_is_valid_cmd(priv->parser.cur_cmd)) {
err = g_error_new(rspamd_milter_quark(), E2BIG,
"Unvalid command: %c",
priv->parser.cur_cmd);
rspamd_milter_on_protocol_error(session, priv, err);
return FALSE;
}
if (priv->parser.buf->allocated < priv->parser.datalen) {
priv->parser.pos = p - (const guchar *) priv->parser.buf->str;
priv->parser.buf = rspamd_fstring_grow(priv->parser.buf,
priv->parser.buf->len + priv->parser.datalen);
/* This can realloc buffer */
rspamd_milter_plan_io(session, priv, EV_READ);
goto end;
}
else {
/* We may have the full command available */
if (p + priv->parser.datalen <= end) {
/* We can process command */
if (!rspamd_milter_process_command(session, priv)) {
return FALSE;
}
p += priv->parser.datalen;
priv->parser.state = st_len_1;
priv->parser.cur_cmd = '\0';
priv->parser.cmd_start = 0;
}
else {
/* Need to read more */
priv->parser.pos = p - (const guchar *) priv->parser.buf->str;
rspamd_milter_plan_io(session, priv, EV_READ);
goto end;
}
}
break;
}
}
/* Leftover */
switch (priv->parser.state) {
case st_read_data:
if (p + priv->parser.datalen <= end) {
if (!rspamd_milter_process_command(session, priv)) {
return FALSE;
}
priv->parser.state = st_len_1;
priv->parser.cur_cmd = '\0';
priv->parser.cmd_start = 0;
}
break;
default:
/* No need to do anything */
break;
}
if (p == end) {
priv->parser.buf->len = 0;
priv->parser.pos = 0;
priv->parser.cmd_start = 0;
}
if (priv->out_chain) {
rspamd_milter_plan_io(session, priv, EV_READ | EV_WRITE);
}
else {
rspamd_milter_plan_io(session, priv, EV_READ);
}
end:
return TRUE;
}
static gboolean
rspamd_milter_handle_session(struct rspamd_milter_session *session,
struct rspamd_milter_private *priv)
{
struct rspamd_milter_outbuf *obuf, *obuf_tmp;
gssize r, to_write;
GError *err;
g_assert(session != NULL);
switch (priv->state) {
case RSPAMD_MILTER_READ_MORE:
if (priv->parser.buf->len >= priv->parser.buf->allocated) {
priv->parser.buf = rspamd_fstring_grow(priv->parser.buf,
priv->parser.buf->len * 2);
}
r = read(priv->fd, priv->parser.buf->str + priv->parser.buf->len,
priv->parser.buf->allocated - priv->parser.buf->len);
msg_debug_milter("read %z bytes, %z remain, %z allocated",
r, priv->parser.buf->len, priv->parser.buf->allocated);
if (r == -1) {
if (errno == EAGAIN || errno == EINTR) {
rspamd_milter_plan_io(session, priv, EV_READ);
return TRUE;
}
else {
/* Fatal IO error */
err = g_error_new(rspamd_milter_quark(), errno,
"IO read error: %s", strerror(errno));
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
REF_RELEASE(session);
return FALSE;
}
}
else if (r == 0) {
err = g_error_new(rspamd_milter_quark(), ECONNRESET,
"Unexpected EOF");
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
REF_RELEASE(session);
return FALSE;
}
else {
priv->parser.buf->len += r;
return rspamd_milter_consume_input(session, priv);
}
break;
case RSPAMD_MILTER_WRITE_REPLY:
case RSPAMD_MILTER_WRITE_AND_DIE:
if (priv->out_chain == NULL) {
if (priv->state == RSPAMD_MILTER_WRITE_AND_DIE) {
/* Finished writing, let's die finally */
msg_debug_milter("output drained, terminating, refcount: %d",
session->ref.refcount);
/* Session should be destroyed by fin_cb... */
REF_RETAIN(session);
priv->fin_cb(priv->fd, session, priv->ud);
REF_RELEASE(session);
return FALSE;
}
else {
/* We have written everything, so we can read something */
priv->state = RSPAMD_MILTER_READ_MORE;
rspamd_milter_plan_io(session, priv, EV_READ);
}
}
else {
DL_FOREACH_SAFE(priv->out_chain, obuf, obuf_tmp)
{
to_write = obuf->buf->len - obuf->pos;
g_assert(to_write > 0);
r = write(priv->fd, obuf->buf->str + obuf->pos, to_write);
if (r == -1) {
if (errno == EAGAIN || errno == EINTR) {
rspamd_milter_plan_io(session, priv, EV_WRITE);
}
else {
/* Fatal IO error */
err = g_error_new(rspamd_milter_quark(), errno,
"IO write error: %s", strerror(errno));
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
REF_RELEASE(session);
return FALSE;
}
}
else if (r == 0) {
err = g_error_new(rspamd_milter_quark(), ECONNRESET,
"Unexpected EOF");
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
REF_RELEASE(session);
return FALSE;
}
else {
if (r == to_write) {
/* We have done with this buf */
DL_DELETE(priv->out_chain, obuf);
rspamd_milter_obuf_free(obuf);
}
else {
/* We need to plan another write */
obuf->pos += r;
rspamd_milter_plan_io(session, priv, EV_WRITE);
return TRUE;
}
}
}
/* Here we have written everything, so we can plan reading */
priv->state = RSPAMD_MILTER_READ_MORE;
rspamd_milter_plan_io(session, priv, EV_READ);
}
break;
case RSPAMD_MILTER_WANNA_DIE:
/* We are here after processing everything, so release session */
REF_RELEASE(session);
return FALSE;
break;
case RSPAMD_MILTER_PONG_AND_DIE:
err = g_error_new(rspamd_milter_quark(), 0,
"ping command");
REF_RETAIN(session);
priv->err_cb(priv->fd, session, priv->ud, err);
REF_RELEASE(session);
g_error_free(err);
REF_RELEASE(session);
return FALSE;
break;
}
return TRUE;
}
gboolean
rspamd_milter_handle_socket(gint fd, ev_tstamp timeout,
rspamd_mempool_t *pool,
struct ev_loop *ev_base, rspamd_milter_finish finish_cb,
rspamd_milter_error error_cb, void *ud)
{
struct rspamd_milter_session *session;
struct rspamd_milter_private *priv;
gint nfd = dup(fd);
if (nfd == -1) {
GError *err = g_error_new(rspamd_milter_quark(), errno,
"dup failed: %s", strerror(errno));
error_cb(fd, NULL, ud, err);
return FALSE;
}
g_assert(finish_cb != NULL);
g_assert(error_cb != NULL);
g_assert(milter_ctx != NULL);
session = g_malloc0(sizeof(*session));
priv = g_malloc0(sizeof(*priv));
priv->fd = nfd;
priv->ud = ud;
priv->fin_cb = finish_cb;
priv->err_cb = error_cb;
priv->parser.state = st_len_1;
priv->parser.buf = rspamd_fstring_sized_new(RSPAMD_MILTER_MESSAGE_CHUNK + 5);
priv->event_loop = ev_base;
priv->state = RSPAMD_MILTER_READ_MORE;
priv->pool = rspamd_mempool_new(rspamd_mempool_suggest_size(), "milter", 0);
priv->discard_on_reject = milter_ctx->discard_on_reject;
priv->quarantine_on_reject = milter_ctx->quarantine_on_reject;
priv->ev.timeout = timeout;
rspamd_ev_watcher_init(&priv->ev, priv->fd, EV_READ | EV_WRITE,
rspamd_milter_io_handler, session);
if (pool) {
/* Copy tag */
memcpy(priv->pool->tag.uid, pool->tag.uid, sizeof(pool->tag.uid));
}
priv->headers = kh_init(milter_headers_hash_t);
kh_resize(milter_headers_hash_t, priv->headers, 32);
session->priv = priv;
REF_INIT_RETAIN(session, rspamd_milter_session_dtor);
if (milter_ctx->sessions_cache) {
rspamd_worker_session_cache_add(milter_ctx->sessions_cache,
priv->pool->tag.uid, &session->ref.refcount, session);
}
return rspamd_milter_handle_session(session, priv);
}
gboolean
rspamd_milter_set_reply(struct rspamd_milter_session *session,
rspamd_fstring_t *rcode,
rspamd_fstring_t *xcode,
rspamd_fstring_t *reply)
{
GString *buf;
gboolean ret;
buf = g_string_sized_new(xcode->len + rcode->len + reply->len + 2);
rspamd_printf_gstring(buf, "%V %V %V", rcode, xcode, reply);
ret = rspamd_milter_send_action(session, RSPAMD_MILTER_REPLYCODE,
buf);
g_string_free(buf, TRUE);
return ret;
}
#define SET_COMMAND(cmd, sz, reply, pos) \
do { \
guint32 _len; \
_len = (sz) + 1; \
(reply) = rspamd_fstring_sized_new(sizeof(_len) + _len); \
(reply)->len = sizeof(_len) + _len; \
_len = htonl(_len); \
memcpy((reply)->str, &_len, sizeof(_len)); \
(reply)->str[sizeof(_len)] = (cmd); \
(pos) = (guchar *) (reply)->str + sizeof(_len) + 1; \
} while (0)
gboolean
rspamd_milter_send_action(struct rspamd_milter_session *session,
enum rspamd_milter_reply act, ...)
{
guint32 ver, actions, protocol, idx;
va_list ap;
guchar cmd, *pos;
rspamd_fstring_t *reply = NULL;
gsize len;
GString *name, *value;
const char *reason, *body_str;
struct rspamd_milter_outbuf *obuf;
struct rspamd_milter_private *priv = session->priv;
va_start(ap, act);
cmd = act;
switch (act) {
case RSPAMD_MILTER_ACCEPT:
case RSPAMD_MILTER_CONTINUE:
case RSPAMD_MILTER_DISCARD:
case RSPAMD_MILTER_PROGRESS:
case RSPAMD_MILTER_REJECT:
case RSPAMD_MILTER_TEMPFAIL:
/* No additional arguments */
msg_debug_milter("send %c command", cmd);
SET_COMMAND(cmd, 0, reply, pos);
break;
case RSPAMD_MILTER_QUARANTINE:
reason = va_arg(ap, const char *);
if (reason == NULL) {
reason = "";
}
len = strlen(reason);
msg_debug_milter("send quarantine action %s", reason);
SET_COMMAND(cmd, len + 1, reply, pos);
memcpy(pos, reason, len + 1);
break;
case RSPAMD_MILTER_ADDHEADER:
name = va_arg(ap, GString *);
value = va_arg(ap, GString *);
/* Name and value must be zero terminated */
msg_debug_milter("add header command - \"%v\"=\"%v\"", name, value);
SET_COMMAND(cmd, name->len + value->len + 2, reply, pos);
memcpy(pos, name->str, name->len + 1);
pos += name->len + 1;
memcpy(pos, value->str, value->len + 1);
break;
case RSPAMD_MILTER_CHGHEADER:
case RSPAMD_MILTER_INSHEADER:
idx = va_arg(ap, guint32);
name = va_arg(ap, GString *);
value = va_arg(ap, GString *);
msg_debug_milter("change/insert header command pos = %d- \"%v\"=\"%v\"",
idx, name, value);
/* Name and value must be zero terminated */
SET_COMMAND(cmd, name->len + value->len + 2 + sizeof(guint32),
reply, pos);
idx = htonl(idx);
memcpy(pos, &idx, sizeof(idx));
pos += sizeof(idx);
memcpy(pos, name->str, name->len + 1);
pos += name->len + 1;
memcpy(pos, value->str, value->len + 1);
break;
case RSPAMD_MILTER_REPLBODY:
len = va_arg(ap, gsize);
body_str = va_arg(ap, const char *);
msg_debug_milter("want to change body; size = %uz",
len);
SET_COMMAND(cmd, len, reply, pos);
memcpy(pos, body_str, len);
break;
case RSPAMD_MILTER_REPLYCODE:
case RSPAMD_MILTER_ADDRCPT:
case RSPAMD_MILTER_DELRCPT:
case RSPAMD_MILTER_CHGFROM:
/* Single GString * argument */
value = va_arg(ap, GString *);
msg_debug_milter("command %c; value=%v", cmd, value);
SET_COMMAND(cmd, value->len + 1, reply, pos);
memcpy(pos, value->str, value->len + 1);
break;
case RSPAMD_MILTER_OPTNEG:
ver = va_arg(ap, guint32);
actions = va_arg(ap, guint32);
protocol = va_arg(ap, guint32);
msg_debug_milter("optneg reply: ver=%d, actions=%d, protocol=%d",
ver, actions, protocol);
ver = htonl(ver);
actions = htonl(actions);
protocol = htonl(protocol);
SET_COMMAND(cmd, sizeof(guint32) * 3, reply, pos);
memcpy(pos, &ver, sizeof(ver));
pos += sizeof(ver);
memcpy(pos, &actions, sizeof(actions));
pos += sizeof(actions);
memcpy(pos, &protocol, sizeof(protocol));
break;
default:
msg_err_milter("invalid command: %c", cmd);
break;
}
va_end(ap);
if (reply) {
obuf = g_malloc(sizeof(*obuf));
obuf->buf = reply;
obuf->pos = 0;
DL_APPEND(priv->out_chain, obuf);
priv->state = RSPAMD_MILTER_WRITE_REPLY;
rspamd_milter_plan_io(session, priv, EV_WRITE);
return TRUE;
}
return FALSE;
}
gboolean
rspamd_milter_add_header(struct rspamd_milter_session *session,
GString *name, GString *value)
{
return rspamd_milter_send_action(session, RSPAMD_MILTER_ADDHEADER,
name, value);
}
gboolean
rspamd_milter_del_header(struct rspamd_milter_session *session,
GString *name)
{
GString value;
guint32 idx = 1;
value.str = (gchar *) "";
value.len = 0;
return rspamd_milter_send_action(session, RSPAMD_MILTER_CHGHEADER,
idx, name, &value);
}
void rspamd_milter_session_unref(struct rspamd_milter_session *session)
{
REF_RELEASE(session);
}
struct rspamd_milter_session *
rspamd_milter_session_ref(struct rspamd_milter_session *session)
{
REF_RETAIN(session);
return session;
}
#define IF_MACRO(lit) \
RSPAMD_FTOK_ASSIGN(&srch, (lit)); \
found = g_hash_table_lookup(session->macros, &srch); \
if (found)
static void
rspamd_milter_macro_http(struct rspamd_milter_session *session,
struct rspamd_http_message *msg)
{
rspamd_ftok_t *found, srch;
struct rspamd_milter_private *priv = session->priv;
/*
* We assume postfix macros here, sendmail ones might be slightly
* different
*/
if (!session->macros) {
return;
}
IF_MACRO("{i}")
{
rspamd_http_message_add_header_len(msg, QUEUE_ID_HEADER,
found->begin, found->len);
}
else
{
IF_MACRO("i")
{
rspamd_http_message_add_header_len(msg, QUEUE_ID_HEADER,
found->begin, found->len);
}
}
IF_MACRO("{v}")
{
rspamd_http_message_add_header_len(msg, USER_AGENT_HEADER,
found->begin, found->len);
}
else
{
IF_MACRO("v")
{
rspamd_http_message_add_header_len(msg, USER_AGENT_HEADER,
found->begin, found->len);
}
}
IF_MACRO("{cipher}")
{
rspamd_http_message_add_header_len(msg, TLS_CIPHER_HEADER,
found->begin, found->len);
}
IF_MACRO("{tls_version}")
{
rspamd_http_message_add_header_len(msg, TLS_VERSION_HEADER,
found->begin, found->len);
}
IF_MACRO("{auth_authen}")
{
rspamd_http_message_add_header_len(msg, USER_HEADER,
found->begin, found->len);
}
IF_MACRO("{rcpt_mailer}")
{
rspamd_http_message_add_header_len(msg, MAILER_HEADER,
found->begin, found->len);
}
if (milter_ctx->client_ca_name) {
IF_MACRO("{cert_issuer}")
{
rspamd_http_message_add_header_len(msg, CERT_ISSUER_HEADER,
found->begin, found->len);
if (found->len == strlen(milter_ctx->client_ca_name) &&
rspamd_cryptobox_memcmp(found->begin,
milter_ctx->client_ca_name, found->len) == 0) {
msg_debug_milter("process certificate issued by %T", found);
IF_MACRO("{cert_subject}")
{
rspamd_http_message_add_header_len(msg, USER_HEADER,
found->begin, found->len);
}
}
else {
msg_debug_milter("skip certificate issued by %T", found);
}
}
}
else {
IF_MACRO("{cert_issuer}")
{
rspamd_http_message_add_header_len(msg, CERT_ISSUER_HEADER,
found->begin, found->len);
}
}
if (!session->hostname || session->hostname->len == 0) {
IF_MACRO("{client_name}")
{
if (!(found->len == sizeof("unknown") - 1 &&
memcmp(found->begin, "unknown",
sizeof("unknown") - 1) == 0)) {
rspamd_http_message_add_header_len(msg, HOSTNAME_HEADER,
found->begin, found->len);
}
else {
msg_debug_milter("skip unknown hostname from being added");
}
}
}
IF_MACRO("{daemon_name}")
{
/* Postfix style */
rspamd_http_message_add_header_len(msg, MTA_NAME_HEADER,
found->begin, found->len);
}
else
{
/* Sendmail style */
IF_MACRO("{j}")
{
rspamd_http_message_add_header_len(msg, MTA_NAME_HEADER,
found->begin, found->len);
}
else
{
IF_MACRO("j")
{
rspamd_http_message_add_header_len(msg, MTA_NAME_HEADER,
found->begin, found->len);
}
}
}
}
struct rspamd_http_message *
rspamd_milter_to_http(struct rspamd_milter_session *session)
{
struct rspamd_http_message *msg;
guint i;
struct rspamd_email_address *rcpt;
struct rspamd_milter_private *priv = session->priv;
g_assert(session != NULL);
msg = rspamd_http_new_message(HTTP_REQUEST);
msg->url = rspamd_fstring_assign(msg->url, "/" MSG_CMD_CHECK_V2,
sizeof("/" MSG_CMD_CHECK_V2) - 1);
if (session->message) {
rspamd_http_message_set_body_from_fstring_steal(msg, session->message);
session->message = NULL;
}
if (session->hostname && RSPAMD_FSTRING_LEN(session->hostname) > 0) {
if (!(session->hostname->len == sizeof("unknown") - 1 &&
memcmp(RSPAMD_FSTRING_DATA(session->hostname), "unknown",
sizeof("unknown") - 1) == 0)) {
rspamd_http_message_add_header_fstr(msg, HOSTNAME_HEADER,
session->hostname);
}
else {
msg_debug_milter("skip unknown hostname from being added");
}
}
if (session->helo && session->helo->len > 0) {
rspamd_http_message_add_header_fstr(msg, HELO_HEADER,
session->helo);
}
if (session->from) {
rspamd_http_message_add_header_len(msg, FROM_HEADER,
session->from->raw, session->from->raw_len);
}
if (session->rcpts) {
PTR_ARRAY_FOREACH(session->rcpts, i, rcpt)
{
rspamd_http_message_add_header_len(msg, RCPT_HEADER,
rcpt->raw, rcpt->raw_len);
}
}
if (session->addr) {
if (rspamd_inet_address_get_af(session->addr) != AF_UNIX) {
rspamd_http_message_add_header(msg, IP_ADDR_HEADER,
rspamd_inet_address_to_string_pretty(session->addr));
}
else {
rspamd_http_message_add_header(msg, IP_ADDR_HEADER,
rspamd_inet_address_to_string(session->addr));
}
}
rspamd_milter_macro_http(session, msg);
rspamd_http_message_add_header(msg, FLAGS_HEADER, "milter,body_block");
return msg;
}
void *
rspamd_milter_update_userdata(struct rspamd_milter_session *session,
void *ud)
{
struct rspamd_milter_private *priv = session->priv;
void *prev_ud;
prev_ud = priv->ud;
priv->ud = ud;
return prev_ud;
}
static void
rspamd_milter_remove_header_safe(struct rspamd_milter_session *session,
const gchar *key, gint nhdr)
{
gint i;
GString *hname, *hvalue;
struct rspamd_milter_private *priv = session->priv;
khiter_t k;
GArray *ar;
k = kh_get(milter_headers_hash_t, priv->headers, (char *) key);
if (k != kh_end(priv->headers)) {
ar = kh_val(priv->headers, k);
hname = g_string_new(key);
hvalue = g_string_new("");
if (nhdr > 0) {
if (ar->len >= nhdr) {
rspamd_milter_send_action(session,
RSPAMD_MILTER_CHGHEADER,
nhdr, hname, hvalue);
priv->cur_hdr--;
}
}
else if (nhdr == 0) {
/* We need to clear all headers */
for (i = ar->len; i > 0; i--) {
rspamd_milter_send_action(session,
RSPAMD_MILTER_CHGHEADER,
i, hname, hvalue);
priv->cur_hdr--;
}
}
else {
/* Remove from the end */
if (nhdr >= -(ar->len)) {
rspamd_milter_send_action(session,
RSPAMD_MILTER_CHGHEADER,
ar->len + nhdr + 1, hname, hvalue);
priv->cur_hdr--;
}
}
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
if (priv->cur_hdr < 0) {
msg_err_milter("negative header count after removing %s", key);
priv->cur_hdr = 0;
}
}
}
static void
rspamd_milter_extract_single_header(struct rspamd_milter_session *session,
const gchar *hdr, const ucl_object_t *obj)
{
GString *hname, *hvalue;
struct rspamd_milter_private *priv = session->priv;
gint idx = -1;
const ucl_object_t *val;
val = ucl_object_lookup(obj, "value");
if (val && ucl_object_type(val) == UCL_STRING) {
const ucl_object_t *idx_obj;
gboolean has_idx = FALSE;
idx_obj = ucl_object_lookup_any(obj, "order",
"index", NULL);
if (idx_obj && (ucl_object_type(idx_obj) == UCL_INT || ucl_object_type(idx_obj) == UCL_FLOAT)) {
idx = ucl_object_toint(idx_obj);
has_idx = TRUE;
}
hname = g_string_new(hdr);
hvalue = g_string_new(ucl_object_tostring(val));
if (has_idx) {
if (idx >= 0) {
rspamd_milter_send_action(session,
RSPAMD_MILTER_INSHEADER,
idx,
hname, hvalue);
}
else {
/* Calculate negative offset */
if (idx == -1) {
rspamd_milter_send_action(session,
RSPAMD_MILTER_ADDHEADER,
hname, hvalue);
}
else if (-idx <= priv->cur_hdr) {
/*
* Note: We should account MTA's own "Received:" field
* which wasn't passed by Milter's header command.
*/
rspamd_milter_send_action(session,
RSPAMD_MILTER_INSHEADER,
priv->cur_hdr + idx + 2,
hname, hvalue);
}
else {
rspamd_milter_send_action(session,
RSPAMD_MILTER_INSHEADER,
0,
hname, hvalue);
}
}
}
else {
rspamd_milter_send_action(session,
RSPAMD_MILTER_ADDHEADER,
hname, hvalue);
}
priv->cur_hdr++;
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
}
}
/*
* Returns `TRUE` if action has been processed internally by this function
*/
static gboolean
rspamd_milter_process_milter_block(struct rspamd_milter_session *session,
const ucl_object_t *obj, struct rspamd_action *action)
{
const ucl_object_t *elt, *cur;
ucl_object_iter_t it;
struct rspamd_milter_private *priv = session->priv;
GString *hname, *hvalue;
if (obj && ucl_object_type(obj) == UCL_OBJECT) {
elt = ucl_object_lookup(obj, "remove_headers");
/*
* remove_headers: {"name": 1, ... }
* where number is the header's position starting from '1'
*/
if (elt && ucl_object_type(elt) == UCL_OBJECT) {
it = NULL;
while ((cur = ucl_object_iterate(elt, &it, true)) != NULL) {
if (ucl_object_type(cur) == UCL_INT) {
rspamd_milter_remove_header_safe(session,
ucl_object_key(cur),
ucl_object_toint(cur));
}
}
}
elt = ucl_object_lookup(obj, "add_headers");
/*
* add_headers: {"name": "value", ... }
* name could have multiple values
* -or- (since 1.7)
* {"name": {"value": "val", "order": 0}, ... }
*/
if (elt && ucl_object_type(elt) == UCL_OBJECT) {
it = NULL;
while ((cur = ucl_object_iterate(elt, &it, true)) != NULL) {
const char *key_name = ucl_object_key(cur);
if (ucl_object_type(cur) == UCL_STRING) {
/*
* Legacy support of {"name": "value", ... } with
* multiple names under the same name
*/
ucl_object_iter_t *elt_it;
const ucl_object_t *cur_elt;
elt_it = ucl_object_iterate_new(cur);
while ((cur_elt = ucl_object_iterate_safe(elt_it, false)) != NULL) {
if (ucl_object_type(cur_elt) == UCL_STRING) {
hname = g_string_new(key_name);
hvalue = g_string_new(ucl_object_tostring(cur_elt));
rspamd_milter_send_action(session,
RSPAMD_MILTER_ADDHEADER,
hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
}
else {
msg_warn_milter("legacy header with name %s, that has not a string value: %s",
key_name, ucl_object_type_to_string(cur_elt->type));
}
}
ucl_object_iterate_free(elt_it);
}
else {
if (ucl_object_type(cur) == UCL_OBJECT) {
rspamd_milter_extract_single_header(session,
key_name, cur);
}
else if (ucl_object_type(cur) == UCL_ARRAY) {
/* Multiple values for the same key */
ucl_object_iter_t *array_it;
const ucl_object_t *array_elt;
array_it = ucl_object_iterate_new(cur);
while ((array_elt = ucl_object_iterate_safe(array_it,
true)) != NULL) {
rspamd_milter_extract_single_header(session,
key_name, array_elt);
}
ucl_object_iterate_free(array_it);
}
else {
msg_warn_milter("non-legacy header with name %s, that has unsupported value type: %s",
key_name, ucl_object_type_to_string(cur->type));
}
}
}
}
elt = ucl_object_lookup(obj, "change_from");
if (elt && ucl_object_type(elt) == UCL_STRING) {
hvalue = g_string_new(ucl_object_tostring(elt));
rspamd_milter_send_action(session,
RSPAMD_MILTER_CHGFROM,
hvalue);
g_string_free(hvalue, TRUE);
}
elt = ucl_object_lookup(obj, "add_rcpt");
if (elt && ucl_object_type(elt) == UCL_ARRAY) {
it = NULL;
while ((cur = ucl_object_iterate(elt, &it, true)) != NULL) {
hvalue = g_string_new(ucl_object_tostring(cur));
rspamd_milter_send_action(session,
RSPAMD_MILTER_ADDRCPT,
hvalue);
g_string_free(hvalue, TRUE);
}
}
elt = ucl_object_lookup(obj, "del_rcpt");
if (elt && ucl_object_type(elt) == UCL_ARRAY) {
it = NULL;
while ((cur = ucl_object_iterate(elt, &it, true)) != NULL) {
hvalue = g_string_new(ucl_object_tostring(cur));
rspamd_milter_send_action(session,
RSPAMD_MILTER_DELRCPT,
hvalue);
g_string_free(hvalue, TRUE);
}
}
elt = ucl_object_lookup(obj, "reject");
if (elt && ucl_object_type(elt) == UCL_STRING) {
if (strcmp(ucl_object_tostring(elt), "discard") == 0) {
priv->discard_on_reject = TRUE;
msg_info_milter("discard message instead of rejection");
}
else if (strcmp(ucl_object_tostring(elt), "quarantine") == 0) {
priv->quarantine_on_reject = TRUE;
msg_info_milter("quarantine message instead of rejection");
}
else {
priv->discard_on_reject = FALSE;
priv->quarantine_on_reject = FALSE;
}
}
elt = ucl_object_lookup(obj, "no_action");
if (elt && ucl_object_type(elt) == UCL_BOOLEAN) {
priv->no_action = ucl_object_toboolean(elt);
}
}
if (action->action_type == METRIC_ACTION_ADD_HEADER) {
elt = ucl_object_lookup(obj, "spam_header");
if (elt) {
if (ucl_object_type(elt) == UCL_STRING) {
rspamd_milter_remove_header_safe(session,
milter_ctx->spam_header,
0);
hname = g_string_new(milter_ctx->spam_header);
hvalue = g_string_new(ucl_object_tostring(elt));
rspamd_milter_send_action(session, RSPAMD_MILTER_CHGHEADER,
(guint32) 1, hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
return TRUE;
}
else if (ucl_object_type(elt) == UCL_OBJECT) {
it = NULL;
while ((cur = ucl_object_iterate(elt, &it, true)) != NULL) {
rspamd_milter_remove_header_safe(session,
ucl_object_key(cur),
0);
hname = g_string_new(ucl_object_key(cur));
hvalue = g_string_new(ucl_object_tostring(cur));
rspamd_milter_send_action(session, RSPAMD_MILTER_CHGHEADER,
(guint32) 1, hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
}
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
return TRUE;
}
}
}
return FALSE;
}
void rspamd_milter_send_task_results(struct rspamd_milter_session *session,
const ucl_object_t *results,
const gchar *new_body,
gsize bodylen)
{
const ucl_object_t *elt;
struct rspamd_milter_private *priv = session->priv;
const gchar *str_action;
struct rspamd_action *action;
rspamd_fstring_t *xcode = NULL, *rcode = NULL, *reply = NULL;
GString *hname, *hvalue;
gboolean processed = FALSE;
if (results == NULL) {
msg_err_milter("cannot find scan results, tempfail");
rspamd_milter_send_action(session, RSPAMD_MILTER_TEMPFAIL);
goto cleanup;
}
elt = ucl_object_lookup(results, "action");
if (!elt) {
msg_err_milter("cannot find action in results, tempfail");
rspamd_milter_send_action(session, RSPAMD_MILTER_TEMPFAIL);
goto cleanup;
}
str_action = ucl_object_tostring(elt);
action = rspamd_config_get_action(milter_ctx->cfg, str_action);
if (action == NULL) {
msg_err_milter("action %s has not been registered", str_action);
rspamd_milter_send_action(session, RSPAMD_MILTER_TEMPFAIL);
goto cleanup;
}
elt = ucl_object_lookup(results, "messages");
if (elt) {
const ucl_object_t *smtp_res;
const gchar *msg;
gsize len = 0;
smtp_res = ucl_object_lookup(elt, "smtp_message");
if (smtp_res) {
msg = ucl_object_tolstring(smtp_res, &len);
reply = rspamd_fstring_new_init(msg, len);
}
}
/* Deal with milter headers */
elt = ucl_object_lookup(results, "milter");
if (elt) {
processed = rspamd_milter_process_milter_block(session, elt, action);
}
/* DKIM-Signature */
elt = ucl_object_lookup(results, "dkim-signature");
if (elt) {
hname = g_string_new(RSPAMD_MILTER_DKIM_HEADER);
if (ucl_object_type(elt) == UCL_STRING) {
hvalue = g_string_new(ucl_object_tostring(elt));
rspamd_milter_send_action(session, RSPAMD_MILTER_INSHEADER,
1, hname, hvalue);
g_string_free(hvalue, TRUE);
}
else {
ucl_object_iter_t it;
const ucl_object_t *cur;
int i = 1;
it = ucl_object_iterate_new(elt);
while ((cur = ucl_object_iterate_safe(it, true)) != NULL) {
hvalue = g_string_new(ucl_object_tostring(cur));
rspamd_milter_send_action(session, RSPAMD_MILTER_INSHEADER,
i++, hname, hvalue);
g_string_free(hvalue, TRUE);
}
ucl_object_iterate_free(it);
}
g_string_free(hname, TRUE);
}
if (processed) {
goto cleanup;
}
if (new_body) {
rspamd_milter_send_action(session, RSPAMD_MILTER_REPLBODY,
bodylen, new_body);
}
if (priv->no_action) {
msg_info_milter("do not apply action %s, no_action is set",
str_action);
hname = g_string_new(RSPAMD_MILTER_ACTION_HEADER);
hvalue = g_string_new(str_action);
rspamd_milter_send_action(session, RSPAMD_MILTER_ADDHEADER,
hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
goto cleanup;
}
switch (action->action_type) {
case METRIC_ACTION_REJECT:
if (priv->discard_on_reject) {
rspamd_milter_send_action(session, RSPAMD_MILTER_DISCARD);
}
else if (priv->quarantine_on_reject) {
/* TODO: be more flexible about SMTP messages */
rspamd_milter_send_action(session, RSPAMD_MILTER_QUARANTINE,
RSPAMD_MILTER_QUARANTINE_MESSAGE);
/* Quarantine also requires accept action, all hail Sendmail */
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
}
else {
rcode = rspamd_fstring_new_init(RSPAMD_MILTER_RCODE_REJECT,
sizeof(RSPAMD_MILTER_RCODE_REJECT) - 1);
xcode = rspamd_fstring_new_init(RSPAMD_MILTER_XCODE_REJECT,
sizeof(RSPAMD_MILTER_XCODE_REJECT) - 1);
if (!reply) {
if (milter_ctx->reject_message == NULL) {
reply = rspamd_fstring_new_init(
RSPAMD_MILTER_REJECT_MESSAGE,
sizeof(RSPAMD_MILTER_REJECT_MESSAGE) - 1);
}
else {
reply = rspamd_fstring_new_init(milter_ctx->reject_message,
strlen(milter_ctx->reject_message));
}
}
rspamd_milter_set_reply(session, rcode, xcode, reply);
}
break;
case METRIC_ACTION_SOFT_REJECT:
rcode = rspamd_fstring_new_init(RSPAMD_MILTER_RCODE_TEMPFAIL,
sizeof(RSPAMD_MILTER_RCODE_TEMPFAIL) - 1);
xcode = rspamd_fstring_new_init(RSPAMD_MILTER_XCODE_TEMPFAIL,
sizeof(RSPAMD_MILTER_XCODE_TEMPFAIL) - 1);
if (!reply) {
reply = rspamd_fstring_new_init(RSPAMD_MILTER_TEMPFAIL_MESSAGE,
sizeof(RSPAMD_MILTER_TEMPFAIL_MESSAGE) - 1);
}
rspamd_milter_set_reply(session, rcode, xcode, reply);
break;
case METRIC_ACTION_REWRITE_SUBJECT:
elt = ucl_object_lookup(results, "subject");
if (elt) {
hname = g_string_new("Subject");
hvalue = g_string_new(ucl_object_tostring(elt));
rspamd_milter_send_action(session, RSPAMD_MILTER_CHGHEADER,
(guint32) 1, hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
}
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
break;
case METRIC_ACTION_ADD_HEADER:
/* Remove existing headers */
rspamd_milter_remove_header_safe(session,
milter_ctx->spam_header,
0);
hname = g_string_new(milter_ctx->spam_header);
hvalue = g_string_new("Yes");
rspamd_milter_send_action(session, RSPAMD_MILTER_CHGHEADER,
(guint32) 1, hname, hvalue);
g_string_free(hname, TRUE);
g_string_free(hvalue, TRUE);
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
break;
case METRIC_ACTION_QUARANTINE:
/* TODO: be more flexible about SMTP messages */
rspamd_milter_send_action(session, RSPAMD_MILTER_QUARANTINE,
RSPAMD_MILTER_QUARANTINE_MESSAGE);
/* Quarantine also requires accept action, all hail Sendmail */
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
break;
case METRIC_ACTION_DISCARD:
rspamd_milter_send_action(session, RSPAMD_MILTER_DISCARD);
break;
case METRIC_ACTION_GREYLIST:
case METRIC_ACTION_NOACTION:
default:
rspamd_milter_send_action(session, RSPAMD_MILTER_ACCEPT);
break;
}
cleanup:
rspamd_fstring_free(rcode);
rspamd_fstring_free(xcode);
rspamd_fstring_free(reply);
rspamd_milter_session_reset(session, RSPAMD_MILTER_RESET_ABORT);
}
void rspamd_milter_init_library(const struct rspamd_milter_context *ctx)
{
milter_ctx = ctx;
}
rspamd_mempool_t *
rspamd_milter_get_session_pool(struct rspamd_milter_session *session)
{
struct rspamd_milter_private *priv = session->priv;
return priv->pool;
}