dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 382:c378e9d03f37

start parsing spf txt records

author	Carl Byington <carl@five-ten-sg.com>
date	Mon, 06 Mar 2017 12:21:05 -0800
parents	879a470c6ac3
children	7b7066a51c33

comparison

equal deleted inserted replaced

-:879a470c6ac3
+:c378e9d03f37
 rates       rcpt_daily_counts;              // protected with rate_mutex
 auth_addresses auth_hourly_addresses;       // protected with rate_mutex
 auth_addresses auth_daily_addresses;        // protected with rate_mutex
-struct ns_map {
-// all the strings are owned by the keys/values in the ns_host string map
-string_map  ns_host;    // nameserver name -> host name that uses this name server
-ns_mapper   ns_ip;      // nameserver name -> ipv4 address of the name server
-~ns_map();
-void add(const char *name, const char *refer);
-};
 ns_map::~ns_map() {
 for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
 const char *x = (*i).first;
 const char *y = (*i).second;
 }
 pthread_mutex_unlock(&rate_mutex);
 }
-void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip);
+void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip);
-void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip) {
+void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip) {
 pthread_mutex_lock(&rate_mutex);
 auth_addresses::iterator i = auth_hourly_addresses.find(user);
 if (i == auth_hourly_addresses.end()) {
 user = strdup(user);
-auth_hourly_addresses[user] = new int32_t_set;
+auth_hourly_addresses[user] = new uint32_t_set;
 auth_hourly_addresses[user]->insert(ip);
 hourly = 1;
 }
 else {
-int32_t_set::iterator k = ((*i).second)->find(ip);
+uint32_t_set::iterator k = ((*i).second)->find(ip);
 if (k == ((*i).second)->end()) ((*i).second)->insert(ip);
 hourly = ((*i).second)->size();
 }
 auth_addresses::iterator j = auth_daily_addresses.find(user);
 if (j == auth_daily_addresses.end()) {
 user = strdup(user);
-auth_daily_addresses[user] = new int32_t_set;
+auth_daily_addresses[user] = new uint32_t_set;
 auth_daily_addresses[user]->insert(ip);
 daily = 1;
 }
 else {
-int32_t_set::iterator k = ((*j).second)->find(ip);
+uint32_t_set::iterator k = ((*j).second)->find(ip);
 if (k == ((*j).second)->end()) ((*j).second)->insert(ip);
 daily = ((*j).second)->size();
 }
 pthread_mutex_unlock(&rate_mutex);
 }
 //  Ask a dns question and get an A record answer in network byte order.
 //  We don't try very hard, just using the default resolver retry settings.
 //  If we cannot get an answer, we just accept the mail.
 //  If the qtype is ns_t_txt, the answer is placed in txt_answer which
 //  must be non-null, and the return value can be ignored.
+//  A null string is returned in txt_answer in the case of errors.
 //  If the qtype is ns_t_a, the ip address is returned in network byte order.
+//  IP address 0 is returned in case of errors.
 //
-uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip = false, ns_map *nameservers = NULL, char *txt_answer = NULL, size_t txt_size = 0);
 uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip, ns_map *nameservers, char *txt_answer, size_t txt_size) {
+if (txt_answer) txt_answer[0] = '\0';   // return null string if there are no txt answers
 // tell sendmail we are still working
 #if _FFR_SMFI_PROGRESS
 if (priv.eom) smfi_progress(priv.ctx);
 #endif
 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
 ret_address = address;
 }
 }
 }
-if ((qtype == ns_t_txt) && (txt_answer) && (txt_size > 5)) {
+if ((qtype == ns_t_txt) && (txt_answer) && (txt_size > 7)) {
+txt_answer[0] = '\0';  // return null string if there are no txt answers
 txt_size--; // allow room for terminating null;
-txt_answer[0] = '\0';   // return null string if there are no answers
 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
 size_t offset = 0;
 if (ns_rr_type(rr) == qtype) {
 size_t rdlen = ns_rr_rdlen(rr);
 const unsigned char *rdata = ns_rr_rdata(rr);
 rdata  += m;
 rdlen  -= m;
 }
 }
 txt_answer[offset] = '\0';  // trailing null
-if (strcasecmp(txt_answer, "v=spf1 ") == 0) break;
+if (strncasecmp(txt_answer, "v=spf1 ", 7) == 0) break;
+}
+if (strncasecmp(txt_answer, "v=spf1 ", 7) != 0) {
+txt_answer[0] = '\0';  // return null string if there are no spf1 txt answers
 }
 }
 }
 pthread_mutex_unlock(&resolve_mutex);
 #ifdef RESOLVER_DEBUG
 if (res_result < 0) glom.length = 0;   // represent all errors as zero length answers
 else                glom.length = (size_t)res_result;
 #else
 glom.length = sizeof(glom.answer);
 glom.answer = 0;
-struct hostent *host = gethostbyname(question+1);
+int t = int8_t(question[0]);
-if (host && (host->h_addrtype == AF_INET)) {
+if (t != ns_t_a) {
-memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
+glom.length = 0;
+}
+else {
+struct hostent *host = gethostbyname(question+1);
+if (host && (host->h_addrtype == AF_INET)) {
+memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
+}
 }
 #endif
 // write the answer
 char *buf = (char *)&glom;
 ////////////////////////////////////////////////
 //  check a single dns list, return ip address in network byte order
 //
-uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix);
+uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix);
-uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) {
+uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix) {
 // make a dns question
 const u_char *src = (const u_char *)&ip;
 if (src[0] == 127) return 0;    // don't do dns lookups on localhost
 if (src[0] == 10)  return 0;    // don't do dns lookups on rfc1918 space
 if ((src[0] == 192) && (src[1] == 168)) return 0;
 ////////////////////////////////////////////////
 //  check a single dnsbl
 //
-bool check_single(mlfiPriv &priv, int32_t ip, DNSBL &bl);
+bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl);
-bool check_single(mlfiPriv &priv, int32_t ip, DNSBL &bl) {
+bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl) {
 return check_single(priv, ip, bl.suffix);
 }
 ////////////////////////////////////////////////
 //  check a single dnswl
 //
-bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl);
+bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl);
-bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl) {
+bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl) {
 uint32_t r = ntohl(check_single(priv, ip, wl.suffix));
 uint32_t v = (uint32_t)0x7f000000;
 uint32_t m = (uint32_t)0xffff0000;
 uint32_t m2 = (uint32_t)0x000000ff;
 if ((r & m) == v) {
 ////////////////////////////////////////////////
 //  check the hosts from the body against the content filter and uribl dnsbls
 //
 //
-bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, int32_t &ip, const char *&found);
+bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found);
-bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, int32_t &ip, const char *&found) {
+bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found) {
 found = NULL;   // normally ip address style
 if (!priv.content_suffix && !priv.uribl_suffix) return false;   // nothing to check
 string_set &hosts  = priv.memory->get_hosts();
 string_set &ignore = *priv.content_host_ignore;
 int count = 0;
 int   cnt = hosts.size();   // number of hosts we could look at
-int32_t_set ips;
+uint32_t_set ips;
 ns_map  nameservers;
 for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
 host = *i;  // a reference into hosts, which will live until this smtp transaction is closed
 // don't bother looking up hosts on the ignore list
 snprintf(buf, sizeof(buf), "host %s not found", host);
 }
 my_syslog(&priv, buf);
 }
 if (ip) {
-int32_t_set::iterator i = ips.find(ip);
+uint32_t_set::iterator i = ips.find(ip);
 if (i == ips.end()) {
 // we haven't looked this up yet
 ips.insert(ip);
 // check dnsbl style list
 if (priv.content_suffix && check_single(priv, ip, priv.content_suffix)) {
 snprintf(buf, sizeof(buf), "ns %s not found", host);
 }
 my_syslog(&priv, buf);
 }
 if (ip) {
-int32_t_set::iterator i = ips.find(ip);
+uint32_t_set::iterator i = ips.find(ip);
 if (i == ips.end()) {
 ips.insert(ip);
 if (check_single(priv, ip, priv.content_suffix)) {
 msg = priv.content_message;
 string_map::iterator j = nameservers.ns_host.find(host);
 sfsistat mlfi_eom(SMFICTX *ctx)
 {
 sfsistat  rc;
 mlfiPriv   &priv = *MLFIPRIV;
 const char *host = NULL;
-int32_t     ip;
+uint32_t    ip;
 // process end of message
 priv.eom = true;
 if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
 else {
 // assert env_to not empty, it contains the
 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) {
 (*i).second = 0;
 }
 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) {
 delete (*j).second;
-(*j).second = new int32_t_set;
+(*j).second = new uint32_t_set;
 }
 pthread_mutex_unlock(&rate_mutex);
 loop1 = 0;
 }
 if (loop2 == 480) {
 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) {
 (*i).second = 0;
 }
 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) {
 delete (*j).second;
-(*j).second = new int32_t_set;
+(*j).second = new uint32_t_set;
 }
 pthread_mutex_unlock(&rate_mutex);
 loop2 = 0;
 }
 CONFIG &dc = *config;

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 382:c378e9d03f37