1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
--[[
Copyright (c) 2016, Vsevolod Stakhov <vsevolod@highsecure.ru>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
]]--
if confighelp then
return
end
-- This plugin implements dynamic updates for rspamd
local ucl = require "ucl"
local fun = require "fun"
local rspamd_logger = require "rspamd_logger"
local rspamd_config = rspamd_config
local hash = require "rspamd_cryptobox_hash"
local lua_util = require "lua_util"
local N = "rspamd_update"
local rspamd_version = rspamd_version
local maps = {}
local allow_rules = false -- Deny for now
local global_priority = 1 -- Default for local rules
local function process_symbols(obj, priority)
fun.each(function(sym, score)
rspamd_config:set_metric_symbol({
name = sym,
score = score,
priority = priority
})
end, obj)
end
local function process_actions(obj, priority)
fun.each(function(act, score)
rspamd_config:set_metric_action({
action = act,
score = score,
priority = priority
})
end, obj)
end
local function process_rules(obj)
fun.each(function(key, code)
local f = load(code)
if f then
f()
else
rspamd_logger(rspamd_config, 'cannot load rules for %s', key)
end
end, obj)
end
local function check_version(obj)
local ret = true
if not obj then
return false
end
if obj['min_version'] then
if rspamd_version('cmp', obj['min_version']) > 0 then
ret = false
rspamd_logger.errx(rspamd_config, 'updates require at least %s version of rspamd',
obj['min_version'])
end
end
if obj['max_version'] then
if rspamd_version('cmp', obj['max_version']) < 0 then
ret = false
rspamd_logger.errx(rspamd_config, 'updates require maximum %s version of rspamd',
obj['max_version'])
end
end
return ret
end
local function gen_callback()
return function(data)
local parser = ucl.parser()
local res,err = parser:parse_string(data)
if not res then
rspamd_logger.warnx(rspamd_config, 'cannot parse updates map: ' .. err)
else
local h = hash.create()
h:update(data)
local obj = parser:get_object()
if check_version(obj) then
if obj['symbols'] then
process_symbols(obj['symbols'], global_priority)
end
if obj['actions'] then
process_actions(obj['actions'], global_priority)
end
if allow_rules and obj['rules'] then
process_rules(obj['rules'])
end
rspamd_logger.infox(rspamd_config, 'loaded new rules with hash "%s"',
h:hex())
end
end
return res
end
end
-- Configuration part
local section = rspamd_config:get_all_opt("rspamd_update")
if section then
local trusted_key
fun.each(function(k, elt)
if k == 'key' then
trusted_key = elt
else
local map = rspamd_config:add_map(elt, "rspamd updates map", nil, "callback")
if not map then
rspamd_logger.errx(rspamd_config, 'cannot load updates from %1', elt)
else
map:set_callback(gen_callback(map))
maps['elt'] = map
end
end
end, section)
fun.each(function(k, map)
-- Check sanity for maps
local proto = map:get_proto()
if (proto == 'http' or proto == 'https') and not map:get_sign_key() then
if trusted_key then
map:set_sign_key(trusted_key)
else
rspamd_logger.warnx(rspamd_config, 'Map %s is loaded by HTTP and it is not signed', k)
end
end
end, maps)
else
rspamd_logger.infox(rspamd_config, 'Module is unconfigured')
lua_util.disable_module(N, "config")
end
|