dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 0:96a9758165cd original

Initial revision

author	carl
date	Tue, 20 Apr 2004 20:02:29 -0700
parents
children	bd0b1a153f67

comparison

equal deleted inserted replaced

--1:000000000000
+:96a9758165cd
+/*
+Copyright (c) 2004 Carl Byington - 510 Software Group, released under
+the GPL version 2 or any later version at your choice available at
+http://www.fsf.org/licenses/gpl.txt
+Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
+suppliers.  Inspired by the DCC by Rhyolite Software
+-p port  The port through which the MTA will connect to this milter.
+-t sec   The timeout value.
+TODO:
+1) Add "include-dcc NAME fn" to read a dcc whiteclnt file looking
+for many substitute mail-host domain, and add the equivalent "env_from
+domain black" into the NAME mapping. That allows clients to use just the
+DCC for white/blacklisting, but the backup mx machines can use dnsbl
+and get the same effect.
+*/
+// from sendmail sample
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+// needed for socket io
+#include <sys/ioctl.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+#include <sys/socket.h>
+// needed for thread
+#include <pthread.h>
+// needed for std c++ collections
+#include <set>
+#include <map>
+#include <list>
+// for the dns resolver
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+// misc stuff needed here
+#include <ctype.h>
+#include <fstream>
+#include <syslog.h>
+using namespace std;
+extern "C" {
+#include "libmilter/mfapi.h"
+sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
+sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
+sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
+sfsistat mlfi_eom_or_abort(SMFICTX *ctx);
+sfsistat mlfi_close(SMFICTX *ctx);
+}
+#ifndef bool
+# define bool   int
+# define TRUE   1
+# define FALSE  0
+#endif /* ! bool */
+struct ltstr {
+bool operator()(char* s1, char* s2) const {
+return strcmp(s1, s2) < 0;
+}
+};
+struct DNSBL {
+char    *suffix;    // blacklist suffix like blackholes.five-ten-sg.com
+char    *message;   // error message with one or two %s operators for the ip address replacement
+DNSBL(char *s, char *m);
+};
+DNSBL::DNSBL(char *s, char *m) {
+suffix  = s;
+message = m;
+}
+typedef DNSBL *                           DNSBLP;
+typedef list<DNSBLP>                      DNSBLL;
+typedef DNSBLL *                          DNSBLLP;
+typedef map<char *, char *, ltstr>        string_map;
+typedef map<char *, string_map *, ltstr>  from_map;
+typedef map<char *, DNSBLP, ltstr>        dnsblp_map;
+typedef map<char *, DNSBLLP, ltstr>       dnsbllp_map;
+typedef set<char *, ltstr>                string_set;
+typedef list<char *>                      string_list;
+struct CONFIG {
+// the only mutable stuff once it has been loaded from the config file
+int         reference_count;    // protected by the global config_mutex
+// all the rest is constant after loading from the config file
+time_t      load_time;
+string_list config_files;
+dnsblp_map  dnsbls;
+dnsbllp_map dnsblls;
+from_map    env_from;
+string_map  env_to_dnsbll;      // map recipient to a named dnsbll
+string_map  env_to_chkfrom;     // map recipient to a named from map
+CONFIG();
+~CONFIG();
+};
+CONFIG::CONFIG() {
+reference_count = 0;
+load_time       = 0;
+}
+CONFIG::~CONFIG() {
+for (dnsblp_map::iterator i=dnsbls.begin(); i!=dnsbls.end(); i++) {
+DNSBLP d = (*i).second;
+delete d;
+}
+for (dnsbllp_map::iterator i=dnsblls.begin(); i!=dnsblls.end(); i++) {
+DNSBLLP d = (*i).second;
+delete d;
+}
+for (from_map::iterator i=env_from.begin(); i!=env_from.end(); i++) {
+string_map *d = (*i).second;
+delete d;
+}
+}
+static string_set all_strings;      // owns all the strings, only modified by the config loader thread
+static CONFIG * config = NULL;      // protected by the config_mutex
+static pthread_mutex_t  config_mutex;
+static pthread_mutex_t  syslog_mutex;
+static pthread_mutex_t  resolve_mutex;
+////////////////////////////////////////////////
+// predefined names
+//
+#define DEFAULT "default"
+#define WHITE   "white"
+#define BLACK   "black"
+////////////////////////////////////////////////
+// mail filter private data, held for us by sendmail
+//
+enum status {oksofar,   // not rejected yet
+white,     // whitelisted by envelope from
+black,     // blacklisted by envelope from or to
+reject};   // rejected by a dns list
+struct mlfiPriv
+{
+CONFIG  *pc;            // global context with our maps
+int     ip;             // ip4 address of the smtp client
+char    *mailaddr;      // envelope from value
+bool    authenticated;  // client authenticated? if so, suppress all dnsbl checks
+map<DNSBLP, status> checked;    // status from those lists
+mlfiPriv();
+~mlfiPriv();
+};
+mlfiPriv::mlfiPriv() {
+pthread_mutex_lock(&config_mutex);
+pc = config;
+pc->reference_count++;
+pthread_mutex_unlock(&config_mutex);
+ip       = 0;
+mailaddr = NULL;
+}
+mlfiPriv::~mlfiPriv() {
+pthread_mutex_lock(&config_mutex);
+pc->reference_count--;
+pthread_mutex_unlock(&config_mutex);
+if (mailaddr) free(mailaddr);
+}
+#define MLFIPRIV    ((struct mlfiPriv *) smfi_getpriv(ctx))
+////////////////////////////////////////////////
+// syslog a message
+//
+static void my_syslog(char *text);
+static void my_syslog(char *text) {
+pthread_mutex_lock(&syslog_mutex);
+openlog("dnsbl", LOG_PID, LOG_MAIL);
+syslog(LOG_NOTICE, "%s", text);
+closelog();
+pthread_mutex_unlock(&syslog_mutex);
+}
+////////////////////////////////////////////////
+// register a global string
+//
+static char* register_string(char *name);
+static char* register_string(char *name) {
+string_set::iterator i = all_strings.find(name);
+if (i != all_strings.end()) return *i;
+char *x = strdup(name);
+all_strings.insert(x);
+return x;
+}
+static char* next_token(char *delim);
+static char* next_token(char *delim) {
+char *name = strtok(NULL, delim);
+if (!name) return name;
+return register_string(name);
+}
+////////////////////////////////////////////////
+// lookup an email address in the env_from or env_to maps
+//
+static char* lookup1(char *email, string_map map);
+static char* lookup1(char *email, string_map map) {
+string_map::iterator i = map.find(email);
+if (i != map.end()) return (*i).second;
+char *x = strchr(email, '@');
+if (!x) return DEFAULT;
+x++;
+i = map.find(x);
+if (i != map.end()) return (*i).second;
+return DEFAULT;
+}
+////////////////////////////////////////////////
+// lookup an email address in the env_from or env_to maps
+// this email address is passed in from sendmail, and will
+// always be enclosed in <>. It may have mixed case, just
+// as the mail client sent it.
+//
+static char* lookup(char* email, string_map map);
+static char* lookup(char* email, string_map map) {
+int n = strlen(email)-2;
+if (n < 1) return DEFAULT;  // malformed
+char *key = strdup(email+1);
+key[n] = '\0';
+for (int i=0; i<n; i++) key[i] = tolower(key[i]);
+char *rc = lookup1(key, map);
+free(key);
+return rc;
+}
+////////////////////////////////////////////////
+//  find the dnsbl with a specific name
+//
+static DNSBLP find_dnsbl(CONFIG &dc, char *name);
+static DNSBLP find_dnsbl(CONFIG &dc, char *name) {
+dnsblp_map::iterator i = dc.dnsbls.find(name);
+if (i == dc.dnsbls.end()) return NULL;
+return (*i).second;
+}
+////////////////////////////////////////////////
+//  find the dnsbll with a specific name
+//
+static DNSBLLP find_dnsbll(CONFIG &dc, char *name);
+static DNSBLLP find_dnsbll(CONFIG &dc, char *name) {
+dnsbllp_map::iterator i = dc.dnsblls.find(name);
+if (i == dc.dnsblls.end()) return NULL;
+return (*i).second;
+}
+////////////////////////////////////////////////
+//  find the envfrom map with a specific name
+//
+static string_map* find_from_map(CONFIG &dc, char *name);
+static string_map* find_from_map(CONFIG &dc, char *name) {
+from_map::iterator i = dc.env_from.find(name);
+if (i == dc.env_from.end()) return NULL;
+return (*i).second;
+}
+static string_map& really_find_from_map(CONFIG &dc, char *name);
+static string_map& really_find_from_map(CONFIG &dc, char *name) {
+string_map *sm = find_from_map(dc, name);
+if (!sm) {
+sm = new string_map;
+dc.env_from[name] = sm;
+}
+return *sm;
+}
+////////////////////////////////////////////////
+//  check a single dnsbl - we don't try very hard, just
+//  using the default resolver retry settings. If we cannot
+//  get an answer, we just accept the mail. The caller
+//  must ensure thread safety.
+//
+static status check_single(int ip, DNSBL &bl);
+static status check_single(int ip, DNSBL &bl) {
+// make a dns question
+const u_char *src = (const u_char *)&ip;
+if (src[0] == 127) return oksofar;  // don't do dns lookups on localhost
+char question[NS_MAXDNAME];
+snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], bl.suffix);
+// ask the question
+u_char answer[NS_PACKETSZ];
+int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer));
+if (length < 0) return oksofar;     // error in getting answer
+// parse the answer
+ns_msg handle;
+ns_rr  rr;
+if (ns_initparse(answer, length, &handle) != 0) return oksofar;
+int rrnum = 0;
+while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
+if (ns_rr_type(rr) == ns_t_a) {
+// we see an A record, implies blacklisted ip address
+return reject;
+}
+}
+return oksofar;
+}
+////////////////////////////////////////////////
+//  check the dnsbls specified for this recipient
+//
+static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist);
+static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist) {
+if (priv.authenticated) return oksofar;
+if (!dnsbllp)           return oksofar;
+DNSBLL &dnsbll = *dnsbllp;
+for (DNSBLL::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
+DNSBLP dp = *i;     // non null by construction
+status st;
+map<DNSBLP, status>::iterator f = priv.checked.find(dp);
+if (f == priv.checked.end()) {
+// have not checked this list yet
+pthread_mutex_lock(&resolve_mutex);
+st = check_single(priv.ip, *dp);
+pthread_mutex_unlock(&resolve_mutex);
+rejectlist = dp;
+priv.checked[dp] = st;
+}
+else {
+st = (*f).second;
+rejectlist = (*f).first;
+}
+if (st == reject) return st;
+}
+return oksofar;
+}
+////////////////////////////////////////////////
+// start of sendmail milter interfaces
+//
+sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
+{
+// allocate some private memory
+mlfiPriv *priv = new mlfiPriv;
+if (hostaddr->sa_family == AF_INET) {
+priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
+}
+// save the private data
+smfi_setpriv(ctx, (void*)priv);
+// continue processing
+return SMFIS_CONTINUE;
+}
+sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
+{
+mlfiPriv &priv = *MLFIPRIV;
+priv.mailaddr      = strdup(from[0]);
+priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
+return SMFIS_CONTINUE;
+}
+sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
+{
+DNSBLP rejectlist = NULL;   // list that caused the reject
+status st = oksofar;
+mlfiPriv &priv = *MLFIPRIV;
+CONFIG &dc = *priv.pc;
+char *rcptaddr = rcpt[0];
+char *dnsname  = lookup(rcptaddr, dc.env_to_dnsbll);
+char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
+if ((strcmp(dnsname,  BLACK) == 0) ||
+(strcmp(fromname, BLACK) == 0)) {
+st = black; // two options to blacklist this recipient
+}
+else if (strcmp(fromname, WHITE) == 0) {
+st = white;
+}
+else {
+// check an env_from map
+string_map *sm = find_from_map(dc, fromname);
+if (sm != NULL) {
+fromname = lookup(priv.mailaddr, *sm);  // returns default if name not in map
+if (strcmp(fromname, BLACK) == 0) {
+st = black; // blacklist this envelope from value
+}
+if (strcmp(fromname, WHITE) == 0) {
+st = white; // blacklist this envelope from value
+}
+}
+}
+if ((st == oksofar) && (strcmp(dnsname, WHITE) != 0)) {
+// check dns lists
+st = check_dnsbl(priv, find_dnsbll(dc, dnsname), rejectlist);
+}
+if (st == reject) {
+// reject the recipient based on some dnsbl
+char adr[sizeof "255.255.255.255"];
+adr[0] = '\0';
+const char *rc = inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
+char buf[2000];
+snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
+smfi_setreply(ctx, "550", "5.7.1", buf);
+return SMFIS_REJECT;
+}
+else if (st == black) {
+// reject the recipient based on blacklisting either from or to
+smfi_setreply(ctx, "550", "5.7.1", "no such user");
+return SMFIS_REJECT;
+}
+else {
+// accept the recipient
+return SMFIS_CONTINUE;
+}
+}
+sfsistat mlfi_eom_or_abort(SMFICTX *ctx)
+{
+mlfiPriv &priv = *MLFIPRIV;
+if (priv.mailaddr) {
+free(priv.mailaddr);
+priv.mailaddr = NULL;
+}
+return SMFIS_CONTINUE;
+}
+sfsistat mlfi_close(SMFICTX *ctx)
+{
+mlfiPriv *priv = MLFIPRIV;
+if (!priv) return SMFIS_CONTINUE;
+delete priv;
+smfi_setpriv(ctx, NULL);
+return SMFIS_CONTINUE;
+}
+struct smfiDesc smfilter =
+{
+"DNSBL",            // filter name
+SMFI_VERSION,       // version code -- do not change
+SMFIF_DELRCPT,      // flags
+mlfi_connect,       // connection info filter
+NULL,               // SMTP HELO command filter
+mlfi_envfrom,       // envelope sender filter
+mlfi_envrcpt,       // envelope recipient filter
+NULL,               // header filter
+NULL,               // end of header
+NULL,               // body block filter
+mlfi_eom_or_abort,  // end of message
+mlfi_eom_or_abort,  // message aborted
+mlfi_close,         // connection cleanup
+};
+static void dumpit(char *name, string_map map);
+static void dumpit(char *name, string_map map) {
+fprintf(stderr, "\n");
+for (string_map::iterator i=map.begin(); i!=map.end(); i++) {
+fprintf(stderr, "%s %s->%s\n", name, (*i).first, (*i).second);
+}
+}
+static void dumpit(from_map map);
+static void dumpit(from_map map) {
+fprintf(stderr, "\n");
+for (from_map::iterator i=map.begin(); i!=map.end(); i++) {
+fprintf(stderr, "envfrom map %s\n", (*i).first);
+string_map *sm = (*i).second;
+dumpit("envelope from", *sm);
+}
+}
+static void dumpit();
+static void dumpit() {
+CONFIG &dc = *config;
+fprintf(stderr, "dnsbls\n");
+for (dnsblp_map::iterator i=dc.dnsbls.begin(); i!=dc.dnsbls.end(); i++) {
+fprintf(stderr, "%s %s %s\n", (*i).first, (*i).second->suffix, (*i).second->message);
+}
+fprintf(stderr, "dnsbl_lists\n");
+for (dnsbllp_map::iterator i=dc.dnsblls.begin(); i!=dc.dnsblls.end(); i++) {
+char *name = (*i).first;
+DNSBLL &dl = *((*i).second);
+fprintf(stderr, "%s", name);
+for (DNSBLL::iterator j=dl.begin(); j!=dl.end(); j++) {
+DNSBL &d = **j;
+fprintf(stderr, " %s", d.suffix);
+}
+fprintf(stderr, "\n");
+}
+}
+////////////////////////////////////////////////
+//  load a single config file
+//
+static void load_conf(CONFIG &dc, char *fn);
+static void load_conf(CONFIG &dc, char *fn) {
+dc.config_files.push_back(fn);
+map<char*, int, ltstr> commands;
+enum {dummy, dnsbl, dnsbll, envfrom, envto, include};
+commands["dnsbl"     ] = dnsbl;
+commands["dnsbl_list"] = dnsbll;
+commands["env_from"  ] = envfrom;
+commands["env_to"    ] = envto;
+commands["include"   ] = include;
+const int LINE_SIZE = 2000;
+ifstream is(fn);
+if (is.fail()) return;
+char line[LINE_SIZE];
+char orig[LINE_SIZE];
+char *delim = " \t";
+int curline = 0;
+while (!is.eof()) {
+is.getline(line, LINE_SIZE);
+snprintf(orig, sizeof(orig), "%s", line);
+curline++;
+int n = strlen(line);
+for (int i=0; i<n; i++) line[i] = tolower(line[i]);
+char *cmd = strtok(line, delim);
+if (cmd && (cmd[0] != '#') && (cmd[0] != '\0')) {
+// have a decent command
+bool processed = false;
+switch (commands[cmd]) {
+case dnsbl: {
+// have a new dnsbl to use
+char *name = next_token(delim);
+if (!name) break;                           // no name name
+if (find_dnsbl(dc, name)) break;            // duplicate entry
+char *suff = strtok(NULL, delim);
+if (!suff) break;                           // no dns suffic
+char *msg = suff + strlen(suff);
+if ((msg - line) >= strlen(orig)) break;    // line ended with the dns suffix
+msg  = strchr(msg+1, '\'');
+if (!msg) break;                            // no reply message template
+msg++; // move over the leading '
+if ((msg - line) >= strlen(orig)) break;    // line ended with the leading quote
+char *last = strchr(msg, '\'');
+if (!last) break;                           // no trailing quote
+*last = '\0';                               // make it a null terminator
+dc.dnsbls[name] = new DNSBL(register_string(suff), register_string(msg));
+processed = true;
+} break;
+case dnsbll: {
+// define a new combination of dnsbls
+char *name = next_token(delim);
+if (!name) break;
+if (find_dnsbll(dc, name)) break;               // duplicate entry
+char *list = next_token(delim);
+if (!list || (*list == '\0') || (*list == '#')) break;
+DNSBLLP d = new DNSBLL;
+DNSBLP p = find_dnsbl(dc, list);
+if (p) d->push_back(p);
+while (true) {
+list = next_token(delim);
+if (!list || (*list == '\0') || (*list == '#')) break;
+DNSBLP p = find_dnsbl(dc, list);
+if (p) d->push_back(p);
+}
+dc.dnsblls[name] = d;
+processed = true;
+} break;
+case envfrom: {
+// add an entry into the named string_map
+char *name = next_token(delim);
+if (!name) break;
+char *from = next_token(delim);
+if (!from) break;
+char *list = next_token(delim);
+if (!list) break;
+if ((strcmp(list, WHITE) == 0) ||
+(strcmp(list, BLACK) == 0)) {
+string_map &fm = really_find_from_map(dc, name);
+fm[from] = list;
+processed = true;
+}
+else {
+// list may be the name of a previously defined from_map
+string_map *m = find_from_map(dc, list);
+if (m && (strcmp(list,name) != 0)) {
+string_map &pm = *m;
+string_map &fm = really_find_from_map(dc, name);
+fm.insert(pm.begin(), pm.end());
+processed = true;
+}
+}
+} break;
+case envto: {
+// define the dnsbl_list and env_from maps to use for this recipient
+char *to   = next_token(delim);
+if (!to) break;
+char *list = next_token(delim);
+if (!list) break;
+char *from = next_token(delim);
+if (!from) break;
+dc.env_to_dnsbll[to]  = list;
+dc.env_to_chkfrom[to] = from;
+processed = true;
+} break;
+case include: {
+char *fn = next_token(delim);
+if (fn) {
+bool ok = true;
+for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
+char *f = *i;
+if (strcmp(f, fn) == 0) {
+my_syslog("recursive include file detected");
+ok = false;
+break;
+}
+}
+if (ok) {
+load_conf(dc, fn);
+processed = true;
+}
+}
+} break;
+default: {
+} break;
+}
+if (!processed) {
+pthread_mutex_lock(&syslog_mutex);
+openlog("dnsbl", LOG_PID, LOG_MAIL);
+syslog(LOG_ERR, "ignoring file %s line %d : %s\n", fn, curline, orig);
+closelog();
+pthread_mutex_unlock(&syslog_mutex);
+}
+}
+}
+is.close();
+}
+////////////////////////////////////////////////
+//  reload the config
+//
+static CONFIG* new_conf();
+static CONFIG* new_conf() {
+my_syslog("loading new configuration");
+CONFIG *newc = new CONFIG;
+load_conf(*newc, "dnsbl.conf");
+newc->load_time = time(NULL);
+return newc;
+}
+////////////////////////////////////////////////
+//  thread to watch the old config files for changes
+//  and reload when needed. we also cleanup old
+//  configs whose reference count has gone to zero.
+//
+static void* config_loader(void *arg);
+static void* config_loader(void *arg) {
+typedef set<CONFIG *> configp_set;
+configp_set old_configs;
+while (true) {
+sleep(180);  // look for modifications every 3 minutes
+CONFIG &dc = *config;
+time_t then = dc.load_time;
+struct stat st;
+bool reload = false;
+for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
+char *fn = *i;
+if (stat(fn, &st))           reload = true; // file disappeared
+else if (st.st_mtime > then) reload = true; // file modified
+if (reload) break;
+}
+if (reload) {
+CONFIG *newc = new_conf();
+// replace the global config pointer
+pthread_mutex_lock(&config_mutex);
+CONFIG *old = config;
+config = newc;
+pthread_mutex_unlock(&config_mutex);
+// dumpit(env_from);
+// dumpit("envelope to dnsbl", env_to_dnsbl);
+// dumpit("envelope to check from", env_to_chkfrom);
+// dumpit();
+if (old) old_configs.insert(old);
+}
+// now look for old configs with zero ref counts
+for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
+CONFIG *old = *i;
+if (!old->reference_count) {
+delete old; // destructor does all the work
+old_configs.erase(i++);
+}
+else i++;
+}
+}
+}
+static void usage(char *prog);
+static void usage(char *prog)
+{
+fprintf(stderr, "Usage: %s  -p socket-addr [-t timeout]\n", prog);
+fprintf(stderr, "where socket-addr is for the connection to sendmail and should be one of\n");
+fprintf(stderr, "   inet:port@local-ip-address\n");
+fprintf(stderr, "   local:local-domain-socket-file-name\n");
+}
+int main(int argc, char**argv)
+{
+bool setconn  = FALSE;
+int c;
+const char *args = "p:s:h";
+extern char *optarg;
+// Process command line options
+while ((c = getopt(argc, argv, args)) != -1) {
+switch (c) {
+case 'p':
+if (optarg == NULL || *optarg == '\0') {
+fprintf(stderr, "Illegal conn: %s\n", optarg);
+exit(EX_USAGE);
+}
+if (smfi_setconn(optarg) == MI_FAILURE) {
+fprintf(stderr, "smfi_setconn failed\n");
+exit(EX_SOFTWARE);
+}
+if (strncasecmp(optarg, "unix:", 5) == 0)  unlink(optarg + 5);
+else if (strncasecmp(optarg, "local:", 6) == 0) unlink(optarg + 6);
+setconn = TRUE;
+break;
+case 't':
+if (optarg == NULL || *optarg == '\0') {
+fprintf(stderr, "Illegal timeout: %s\n", optarg);
+exit(EX_USAGE);
+}
+if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
+fprintf(stderr, "smfi_settimeout failed\n");
+exit(EX_SOFTWARE);
+}
+break;
+case 'h':
+default:
+usage(argv[0]);
+exit(EX_USAGE);
+}
+}
+if (!setconn) {
+fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
+usage(argv[0]);
+exit(EX_USAGE);
+}
+if (smfi_register(smfilter) == MI_FAILURE) {
+fprintf(stderr, "smfi_register failed\n");
+exit(EX_UNAVAILABLE);
+}
+// switch to background mode
+if (daemon(1,0) < 0) {
+fprintf(stderr, "daemon() call failed\n");
+exit(EX_UNAVAILABLE);
+}
+// initialize the thread sync objects
+pthread_mutex_init(&config_mutex, 0);
+pthread_mutex_init(&syslog_mutex, 0);
+pthread_mutex_init(&resolve_mutex, 0);
+// load the initial config
+config = new_conf();
+// only create threads after the fork() in daemon
+pthread_t tid;
+if (pthread_create(&tid, 0, config_loader, 0))
+my_syslog("failed to create config loader thread");
+if (pthread_detach(tid))
+my_syslog("failed to detach config loader thread");
+// write the pid
+const char *pidpath = "/var/run/dnsbl.pid";
+unlink(pidpath);
+FILE *f = fopen(pidpath, "w");
+if (f) {
+fprintf(f, "-%d\n", (u_int)getpgrp());
+fclose(f);
+}
+int rc = smfi_main();
+}

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 0:96a9758165cd original