From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 43D2F92418 for ; Thu, 1 Feb 2024 16:37:02 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8D6E512DA1 for ; Thu, 1 Feb 2024 16:37:01 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 1 Feb 2024 16:36:59 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2623341FE1 for ; Thu, 1 Feb 2024 16:36:59 +0100 (CET) From: Dominik Csapak To: pmg-devel@lists.proxmox.com Date: Thu, 1 Feb 2024 16:36:52 +0100 Message-Id: <20240201153657.1067215-7-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240201153657.1067215-1-d.csapak@proxmox.com> References: <20240201153657.1067215-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.020 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pmg-devel] [RFC PATCH pmg-api 06/11] add rule attributes and/invert (for each relevant type) X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2024 15:37:02 -0000 like with the objectgroups, add an attributes table for groups, and an 'and'/'invert' attribute for each relevant object type (what/when/from/to). This is intended to modify the behaviour for the matching regarding object groups, so that one has more choice in the logical matching. Signed-off-by: Dominik Csapak --- src/PMG/API2/RuleDB.pm | 4 +++ src/PMG/API2/Rules.pm | 53 ++++++++++++++++++++++++++- src/PMG/DBTools.pm | 15 ++++++++ src/PMG/RuleDB.pm | 82 ++++++++++++++++++++++++++++++++++-------- 4 files changed, 139 insertions(+), 15 deletions(-) diff --git a/src/PMG/API2/RuleDB.pm b/src/PMG/API2/RuleDB.pm index 928b690..b1a7890 100644 --- a/src/PMG/API2/RuleDB.pm +++ b/src/PMG/API2/RuleDB.pm @@ -178,6 +178,10 @@ __PACKAGE__->register_method({ my $rule = PMG::RuleDB::Rule->new ( $param->{name}, $param->{priority}, $param->{active}, $param->{direction}); + for my $key (keys get_rule_params()->%*) { + $rule->{$key} = $param->{$key} if defined($param->{$key}); + } + return $rdb->save_rule($rule); }}); diff --git a/src/PMG/API2/Rules.pm b/src/PMG/API2/Rules.pm index f9e69e2..dba2cd9 100644 --- a/src/PMG/API2/Rules.pm +++ b/src/PMG/API2/Rules.pm @@ -155,6 +155,54 @@ my $rule_params = { type => 'boolean', optional => 1, }, + 'what-and' => { + description => "Flag to 'and' combine WHAT group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'what-invert' => { + description => "Flag to invert WHAT group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'when-and' => { + description => "Flag to 'and' combine WHEN group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'when-invert' => { + description => "Flag to invert WHEN group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'from-and' => { + description => "Flag to 'and' combine FROM group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'from-invert' => { + description => "Flag to invert FROM group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'to-and' => { + description => "Flag to 'and' combine TO group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, + 'to-invert' => { + description => "Flag to invert TO group matches.", + type => 'boolean', + default => 0, + optional => 1, + }, }; sub get_rule_params { @@ -202,7 +250,10 @@ __PACKAGE__->register_method ({ my $rule = $rdb->load_rule($id); - for my $key (qw(name active direction priority)) { + my $keys = ["name"]; + push $keys->@*, keys get_rule_params()->%*; + + for my $key ($keys->@*) { $rule->{$key} = $param->{$key} if defined($param->{$key}); } diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm index 0d3d9c3..605eb71 100644 --- a/src/PMG/DBTools.pm +++ b/src/PMG/DBTools.pm @@ -295,6 +295,18 @@ my $userprefs_ctablecmd = <<__EOD; __EOD +my $rule_attributes_cmd = <<__EOD; + CREATE TABLE Rule_Attributes ( + Rule_ID INTEGER NOT NULL, + Name VARCHAR(20) NOT NULL, + Value BYTEA NULL, + PRIMARY KEY (Rule_ID, Name) + ); + + CREATE INDEX Rule_Attributes_Rule_ID_Index ON Rule_Attributes(Rule_ID); + +__EOD + my $object_group_attributes_cmd = <<__EOD; CREATE TABLE Objectgroup_Attributes ( Objectgroup_ID INTEGER NOT NULL, @@ -452,6 +464,8 @@ sub create_ruledb { $virusinfo_stat_ctablecmd; + $rule_attributes_cmd; + $object_group_attributes_cmd; EOD ); @@ -508,6 +522,7 @@ sub upgradedb { 'CStatistic', $cstatistic_ctablecmd, 'ClusterInfo', $clusterinfo_ctablecmd, 'VirusInfo', $virusinfo_stat_ctablecmd, + 'Rule_Attributes', $rule_attributes_cmd, 'Objectgroup_Attributes', $object_group_attributes_cmd, }; diff --git a/src/PMG/RuleDB.pm b/src/PMG/RuleDB.pm index cc69915..e26e7c0 100644 --- a/src/PMG/RuleDB.pm +++ b/src/PMG/RuleDB.pm @@ -640,6 +640,35 @@ sub delete_object { return 1; } +sub update_rule_attributes { + my ($self, $rule) = @_; + + my $types = [qw(what when from to)]; + my $attributes = [qw(and invert)]; + + for my $type ($types->@*) { + for my $attribute ($attributes->@*) { + my $prop = "$type-$attribute"; + + # only save the values if they're set to 1 + if ($rule->{$prop}) { + $self->{dbh}->do( + "INSERT INTO Rule_Attributes (Rule_ID, Name, Value) " . + "VALUES (?, ?, ?) ". + "ON CONFLICT (Rule_ID, Name) DO UPDATE SET Value = ?", undef, + $rule->{id}, $prop, $rule->{$prop}, $rule->{$prop}, + ); + } else { + $self->{dbh}->do( + "DELETE FROM Rule_Attributes " . + "WHERE Rule_ID = ? AND Name = ?", undef, + $rule->{id}, $prop, + ); + } + } + } +} + sub save_rule { my ($self, $rule) = @_; @@ -654,28 +683,53 @@ sub save_rule { my $rulename = encode('UTF-8', $rule->{name}); if (defined($rule->{id})) { + $self->{dbh}->begin_work; - $self->{dbh}->do( - "UPDATE Rule " . - "SET Name = ?, Priority = ?, Active = ?, Direction = ? " . - "WHERE ID = ?", undef, - $rulename, $rule->{priority}, $rule->{active}, - $rule->{direction}, $rule->{id}); + eval { + $self->{dbh}->do( + "UPDATE Rule " . + "SET Name = ?, Priority = ?, Active = ?, Direction = ? " . + "WHERE ID = ?", undef, + $rulename, $rule->{priority}, $rule->{active}, + $rule->{direction}, $rule->{id}); + + $self->update_rule_attributes($rule); - return $rule->{id}; + $self->{dbh}->commit; + }; + if (my $err = $@) { + $self->{dbh}->rollback; + syslog('err', $err); + return undef; + } } else { - my $sth = $self->{dbh}->prepare( - "INSERT INTO Rule (Name, Priority, Active, Direction) " . - "VALUES (?, ?, ?, ?);"); + $self->{dbh}->begin_work; + + eval { + my $sth = $self->{dbh}->prepare( + "INSERT INTO Rule (Name, Priority, Active, Direction) " . + "VALUES (?, ?, ?, ?);"); + + $sth->execute($rulename, $rule->priority, $rule->active, + $rule->direction); + + + $rule->{id} = PMG::Utils::lastid($self->{dbh}, 'rule_id_seq'); - $sth->execute($rulename, $rule->priority, $rule->active, - $rule->direction); + $self->update_rule_attributes($rule); - return $rule->{id} = PMG::Utils::lastid($self->{dbh}, 'rule_id_seq'); + $self->{dbh}->commit; + }; + + if (my $err = $@) { + $self->{dbh}->rollback; + syslog('err', $err); + return undef; + } } - return undef; + return $rule->{id}; } sub delete_rule { -- 2.30.2