Re: [PATCH] check_policy_service "virtual hosts" feature

Markus Benning Wed, 02 Sep 2015 09:51:07 -0700

On Wed, Sep 02, 2015 at 11:46:10AM -0400, Wietse Venema wrote:
> Reusing the same client socket for multiple policy clients requires
> a reference-counting mechanism that is best implemented in the lower
> layers of the Postfix infrastructure. It is a unlikely that one
> Postfix daemon process will be making multiple simultaneous requests
> to the same endpoint, but it if does at some point in the future,
> then the *_clnt APIs would need to be updated with an extra flag
> to prevent client endpoint sharing.


Thanks for pointing that out.

Would that connection reuse feature be specific to the attr_clnt
or is it better implemented in auto_clnt?

It looks like the auto_clnt is also used in other places.
If we add reuse to auto_clnt_create do we need a reuse flag
to disable the new behavior in other places?

> Can you update the patch?

The attached patch has updated parameter names.

Now it will look like that:

  check_policy_service { inet:localhost:12345, timeout=10s,
    default_action=DUNNO, policy_context=accounting }

and:

  request=smtpd_access_policy
  policy_context=reputation
  ...

I'll implement the policy_context attribute in mtpolicyd
and release a new version after some testing.

BTW: is it possible to add a link to mtpolicyd.org on
<http://www.postfix.org/addon.html>?

 Markus

-- 
Markus Benning, https://markusbenning.de/

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 9abc4fa..03ff5e8 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -2967,6 +2967,10 @@ extern int var_smtpd_policy_try_delay;
 #define DEF_SMTPD_POLICY_DEF_ACTION	"451 4.3.5 Server configuration problem"
 extern char *var_smtpd_policy_def_action;
 
+#define VAR_SMTPD_POLICY_PCTX	"smtpd_policy_service_policy_context"
+#define DEF_SMTPD_POLICY_PCTX	""
+extern char *var_smtpd_policy_policy_context;
+
 #define CHECK_POLICY_SERVICE		"check_policy_service"
 
  /*
diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h
index c360906..cdd10f5 100644
--- a/postfix/src/global/mail_proto.h
+++ b/postfix/src/global/mail_proto.h
@@ -122,6 +122,7 @@ extern char *mail_pathname(const char *, const char *);
   * Attribute names.
   */
 #define MAIL_ATTR_REQ		"request"
+#define MAIL_ATTR_PCTX		"policy_context"
 #define MAIL_ATTR_NREQ		"nrequest"
 #define MAIL_ATTR_STATUS	"status"
 
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index c0c6e3e..1dfe63b 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -1272,6 +1272,7 @@ int     var_smtpd_policy_req_limit;
 int     var_smtpd_policy_try_limit;
 int     var_smtpd_policy_try_delay;
 char   *var_smtpd_policy_def_action;
+char   *var_smtpd_policy_policy_context;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xclient_hosts;
@@ -5774,6 +5775,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0,
 	VAR_SMTPD_UPROXY_PROTO, DEF_SMTPD_UPROXY_PROTO, &var_smtpd_uproxy_proto, 0, 0,
 	VAR_SMTPD_POLICY_DEF_ACTION, DEF_SMTPD_POLICY_DEF_ACTION, &var_smtpd_policy_def_action, 1, 0,
+	VAR_SMTPD_POLICY_PCTX, DEF_SMTPD_POLICY_PCTX, &var_smtpd_policy_policy_context, 0, 0,
 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
 	0,
     };
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 9a32490..82bd1f3 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -462,6 +462,7 @@ double  smtpd_space_multf = 1.5;
 typedef struct {
     ATTR_CLNT *client;			/* client handle */
     char   *def_action;			/* default action */
+    char   *policy_context; /* context of policy request */
 } SMTPD_POLICY_CLNT;
 
  /*
@@ -483,6 +484,7 @@ static ATTR_OVER_INT int_table[] = {
 };
 static ATTR_OVER_STR str_table[] = {
     21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+    21 + VAR_SMTPD_POLICY_PCTX, 0, 1, 0,
     0,
 };
 
@@ -498,6 +500,7 @@ static ATTR_OVER_STR str_table[] = {
 #define smtpd_policy_try_limit_offset	1
 
 #define smtpd_policy_def_action_offset	0
+#define smtpd_policy_policy_context_offset	1
 
 /* policy_client_register - register policy service endpoint */
 
@@ -527,6 +530,7 @@ static void policy_client_register(const char *name)
 	int     smtpd_policy_req_limit = var_smtpd_policy_req_limit;
 	int     smtpd_policy_try_limit = var_smtpd_policy_try_limit;
 	const char *smtpd_policy_def_action = var_smtpd_policy_def_action;
+	const char *smtpd_policy_policy_context = var_smtpd_policy_policy_context;
 
 	link_override_table_to_variable(time_table, smtpd_policy_tmout);
 	link_override_table_to_variable(time_table, smtpd_policy_idle);
@@ -535,6 +539,7 @@ static void policy_client_register(const char *name)
 	link_override_table_to_variable(int_table, smtpd_policy_req_limit);
 	link_override_table_to_variable(int_table, smtpd_policy_try_limit);
 	link_override_table_to_variable(str_table, smtpd_policy_def_action);
+	link_override_table_to_variable(str_table, smtpd_policy_policy_context);
 
 	if (*name == parens[0]) {
 	    cp = saved_name = mystrdup(name);
@@ -551,10 +556,10 @@ static void policy_client_register(const char *name)
 	    policy_name = name;
 	}
 	if (msg_verbose)
-	    msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
+	    msg_info("%s: name=\"%s\" policy_context=\"%s\" default_action=\"%s\" max_idle=%d "
 		     "max_ttl=%d request_limit=%d retry_delay=%d "
 		     "timeout=%d try_limit=%d",
-		     myname, policy_name, smtpd_policy_def_action,
+		     myname, policy_name, smtpd_policy_policy_context, smtpd_policy_def_action,
 		     smtpd_policy_idle, smtpd_policy_ttl,
 		     smtpd_policy_req_limit, smtpd_policy_try_delay,
 		     smtpd_policy_tmout, smtpd_policy_try_limit);
@@ -574,6 +579,7 @@ static void policy_client_register(const char *name)
 			  ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
 			  ATTR_CLNT_CTL_END);
 	policy_client->def_action = mystrdup(smtpd_policy_def_action);
+	policy_client->policy_context = mystrdup(smtpd_policy_policy_context);
 	htable_enter(policy_clnt_table, name, (void *) policy_client);
 	if (saved_name)
 	    myfree(saved_name);
@@ -3895,6 +3901,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
     if (attr_clnt_request(policy_clnt->client,
 			  ATTR_FLAG_NONE,	/* Query attributes. */
 			SEND_ATTR_STR(MAIL_ATTR_REQ, "smtpd_access_policy"),
+			SEND_ATTR_STR(MAIL_ATTR_PCTX,
+        policy_clnt->policy_context ? policy_clnt->policy_context : "" ),
 			  SEND_ATTR_STR(MAIL_ATTR_PROTO_STATE, state->where),
 		   SEND_ATTR_STR(MAIL_ATTR_ACT_PROTO_NAME, state->protocol),
 		      SEND_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, state->addr),
@@ -5447,6 +5455,7 @@ char   *var_relay_ccerts = "";
 char   *var_mynetworks = "";
 char   *var_notify_classes = "";
 char   *var_smtpd_policy_def_action = "";
+char   *var_smtpd_policy_policy_context = "";
 
  /*
   * String-valued configuration parameters.

Re: [PATCH] check_policy_service "virtual hosts" feature

Reply via email to