commit 1485bf2: [Rework] Move local IPs check

Vsevolod Stakhov vsevolod at highsecure.ru
Wed Feb 12 15:07:08 UTC 2020


Author: Vsevolod Stakhov
Date: 2020-02-12 15:02:41 +0000
URL: https://github.com/rspamd/rspamd/commit/1485bf2c42c3104696ec3a6c5e61ebe627a71c21 (HEAD -> master)

[Rework] Move local IPs check

---
 src/client/rspamc.c       | 12 +-----------
 src/libserver/cfg_file.h  |  6 ++++++
 src/libserver/cfg_utils.c | 25 ++++++++++++++++++++++++-
 src/libutil/addr.c        | 23 +++++++++--------------
 src/libutil/addr.h        | 20 ++++++++++++++------
 src/lua/lua_ip.c          | 21 +++++++++++++++++++--
 src/plugins/dkim_check.c  |  2 +-
 src/rspamd.h              |  4 +---
 src/rspamd_proxy.c        |  5 ++---
 src/worker.c              |  2 +-
 10 files changed, 78 insertions(+), 42 deletions(-)

diff --git a/src/client/rspamc.c b/src/client/rspamc.c
index f759ec610..6947d5604 100644
--- a/src/client/rspamc.c
+++ b/src/client/rspamc.c
@@ -17,6 +17,7 @@
 #include "libutil/util.h"
 #include "libserver/http/http_connection.h"
 #include "libserver/http/http_private.h"
+#include "libserver/cfg_file.h"
 #include "rspamdclient.h"
 #include "utlist.h"
 #include "unix-std.h"
@@ -168,17 +169,6 @@ static GOptionEntry entries[] =
 	{ NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
 };
 
-/* Copy to avoid linking with librspamdserver */
-enum rspamd_action_type {
-	METRIC_ACTION_REJECT = 0,
-	METRIC_ACTION_SOFT_REJECT,
-	METRIC_ACTION_REWRITE_SUBJECT,
-	METRIC_ACTION_ADD_HEADER,
-	METRIC_ACTION_GREYLIST,
-	METRIC_ACTION_NOACTION,
-	METRIC_ACTION_MAX
-};
-
 static void rspamc_symbols_output (FILE *out, ucl_object_t *obj);
 static void rspamc_uptime_output (FILE *out, ucl_object_t *obj);
 static void rspamc_counters_output (FILE *out, ucl_object_t *obj);
diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h
index 4a8ab5bfc..1d782dd8b 100644
--- a/src/libserver/cfg_file.h
+++ b/src/libserver/cfg_file.h
@@ -845,6 +845,12 @@ gboolean rspamd_libs_reset_compression (struct rspamd_external_libs_ctx *ctx);
  */
 void rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx);
 
+/**
+ * Returns TRUE if an address belongs to some local address
+ */
+gboolean rspamd_ip_is_local_cfg (struct rspamd_config *cfg,
+		const rspamd_inet_addr_t *addr);
+
 /**
  * Configure libraries
  */
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c
index 204e9bd55..d8237b88e 100644
--- a/src/libserver/cfg_utils.c
+++ b/src/libserver/cfg_utils.c
@@ -2998,4 +2998,27 @@ rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx)
 
 		g_free (ctx);
 	}
-}
\ No newline at end of file
+}
+
+gboolean
+rspamd_ip_is_local_cfg (struct rspamd_config *cfg,
+								 const rspamd_inet_addr_t *addr)
+{
+	struct rspamd_radix_map_helper *local_addrs = NULL;
+
+	if (cfg && cfg->libs_ctx) {
+		local_addrs = *(struct rspamd_radix_map_helper**)cfg->libs_ctx->local_addrs;
+	}
+
+	if (rspamd_inet_address_is_local (addr)) {
+		return TRUE;
+	}
+
+	if (local_addrs) {
+		if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) {
+			return TRUE;
+		}
+	}
+
+	return FALSE;
+}
diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index c0cb2d19d..4a540fefc 100644
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -16,10 +16,6 @@
 #include "config.h"
 #include "addr.h"
 #include "util.h"
-/*
- * TODO: fix this cross dependency!
- */
-#include "libserver/maps/map_helpers.h"
 #include "logger.h"
 #include "cryptobox.h"
 #include "unix-std.h"
@@ -32,7 +28,7 @@
 #include <grp.h>
 #endif
 
-static struct rspamd_radix_map_helper *local_addrs;
+static void *local_addrs;
 
 enum {
 	RSPAMD_IPV6_UNDEFINED = 0,
@@ -1879,8 +1875,7 @@ rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b)
 #endif
 
 gboolean
-rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
-		gboolean check_laddrs)
+rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr)
 {
 	if (addr == NULL) {
 		return FALSE;
@@ -1904,23 +1899,23 @@ rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
 				return TRUE;
 			}
 		}
-
-		if (check_laddrs && local_addrs) {
-			if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) {
-				return TRUE;
-			}
-		}
 	}
 
 	return FALSE;
 }
 
-struct rspamd_radix_map_helper **
+void **
 rspamd_inet_library_init (void)
 {
 	return &local_addrs;
 }
 
+void *
+rspamd_inet_library_get_lib_ctx (void)
+{
+	return local_addrs;
+}
+
 void
 rspamd_inet_library_destroy (void)
 {
diff --git a/src/libutil/addr.h b/src/libutil/addr.h
index 6a33ad7ec..c0910ad03 100644
--- a/src/libutil/addr.h
+++ b/src/libutil/addr.h
@@ -44,10 +44,19 @@ extern "C" {
  */
 typedef struct rspamd_inet_addr_s rspamd_inet_addr_t;
 
-struct rspamd_radix_map_helper;
-
-struct rspamd_radix_map_helper **rspamd_inet_library_init (void);
-
+/**
+ * Returns pointer storage for global singleton (map for local addresses)
+ * @return
+ */
+void **rspamd_inet_library_init (void);
+/**
+ * Returns local addresses singleton
+ * @return
+ */
+void *rspamd_inet_library_get_lib_ctx (void);
+/**
+ * Cleanup library (currently it does nothing)
+ */
 void rspamd_inet_library_destroy (void);
 
 /**
@@ -323,8 +332,7 @@ gboolean rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b);
 /**
  * Returns TRUE if an address belongs to some local address
  */
-gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
-									   gboolean check_laddrs);
+gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr);
 
 /**
  * Returns size of storage required to store a complete IP address
diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c
index fb6845519..2604aa100 100644
--- a/src/lua/lua_ip.c
+++ b/src/lua/lua_ip.c
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 #include "lua_common.h"
+#include "libserver/maps/map_helpers.h"
 
 /***
  * @module rspamd_ip
@@ -530,8 +531,24 @@ lua_ip_is_local (lua_State *L)
 			check_laddrs = lua_toboolean (L, 2);
 		}
 
-		lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr,
-				check_laddrs));
+		if ( rspamd_inet_address_is_local (ip->addr)) {
+			lua_pushboolean (L, true);
+
+			return 1;
+		}
+		else if (check_laddrs) {
+			struct rspamd_radix_map_helper *local_addrs =
+					rspamd_inet_library_get_lib_ctx ();
+			if (local_addrs) {
+				if (rspamd_match_radix_map_addr (local_addrs, ip->addr) != NULL) {
+					lua_pushboolean (L, true);
+
+					return 1;
+				}
+			}
+		}
+
+		lua_pushboolean (L, false);
 	}
 	else {
 		lua_pushnil (L);
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 9313b643f..da7e092f7 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -1144,7 +1144,7 @@ dkim_symbol_callback (struct rspamd_task *task,
 	/* First check if plugin should be enabled */
 	if ((!dkim_module_ctx->check_authed && task->user != NULL)
 			|| (!dkim_module_ctx->check_local &&
-					rspamd_inet_address_is_local (task->from_addr, TRUE))) {
+			rspamd_ip_is_local_cfg (task->cfg, task->from_addr))) {
 		msg_info_task ("skip DKIM checks for local networks and authorized users");
 		rspamd_symcache_finalize_item (task, item);
 
diff --git a/src/rspamd.h b/src/rspamd.h
index be96f0755..8885480c2 100644
--- a/src/rspamd.h
+++ b/src/rspamd.h
@@ -354,10 +354,8 @@ struct zstd_dictionary {
 	guint id;
 };
 
-struct rspamd_radix_map_helper;
-
 struct rspamd_external_libs_ctx {
-	struct rspamd_radix_map_helper **local_addrs;
+	void **local_addrs;
 	struct rspamd_cryptobox_library_ctx *crypto_ctx;
 	struct ottery_config *ottery_cfg;
 	SSL_CTX *ssl_ctx;
diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c
index f1a557133..e9ce9ef5e 100644
--- a/src/rspamd_proxy.c
+++ b/src/rspamd_proxy.c
@@ -1415,8 +1415,7 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session)
 		}
 
 		if (m->local ||
-				rspamd_inet_address_is_local (
-						rspamd_upstream_addr_cur (bk_conn->up), FALSE)) {
+				rspamd_inet_address_is_local (rspamd_upstream_addr_cur (bk_conn->up))) {
 
 			if (session->fname) {
 				rspamd_http_message_add_header (msg, "File", session->fname);
@@ -1951,7 +1950,7 @@ retry:
 		if (backend->local ||
 				rspamd_inet_address_is_local (
 						rspamd_upstream_addr_cur (
-								session->master_conn->up), FALSE)) {
+								session->master_conn->up))) {
 
 			if (session->fname) {
 				rspamd_http_message_add_header (msg, "File", session->fname);
diff --git a/src/worker.c b/src/worker.c
index 4cfe27771..ad7f12674 100644
--- a/src/worker.c
+++ b/src/worker.c
@@ -371,7 +371,7 @@ accept_socket (EV_P_ ev_io *w, int revents)
 	session->ctx = ctx;
 	session->worker = worker;
 
-	if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) {
+	if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr)) {
 		http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION;
 	}
 


More information about the Commits mailing list