domain.c revision 3ee0e49223f178da635734759b9167f924321ff0
/*
* Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <sendmail.h>
#if NAMED_BIND
#else /* NAMED_BIND */
#endif /* NAMED_BIND */
#if NAMED_BIND
/*
** The standard udp packet size PACKETSZ (512) is not sufficient for some
** nameserver answers containing very many resource records. The resolver
** may switch to tcp and retry if it detects udp packet overflow.
** Also note that the resolver routines res_query and res_search return
** the size of the *un*truncated answer in case the supplied answer buffer
** it not big enough to accommodate the entire answer.
*/
# ifndef MAXPACKET
# endif /* ! MAXPACKET */
typedef union
{
} querybuf;
# ifndef MXHOSTBUFSIZE
# endif /* ! MXHOSTBUFSIZE */
static char MXHostBuf[MXHOSTBUFSIZE];
#endif /* (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2) */
# ifndef MAXDNSRCH
# endif /* ! MAXDNSRCH */
# ifndef RES_DNSRCH_VARIABLE
# endif /* ! RES_DNSRCH_VARIABLE */
# ifndef NO_DATA
# define NO_DATA NO_ADDRESS
# endif /* ! NO_DATA */
# ifndef HFIXEDSZ
# endif /* ! HFIXEDSZ */
# define RES_UNC_T char *
# else /* defined(__RES) && (__RES >= 19940415) */
# define RES_UNC_T unsigned char *
# endif /* defined(__RES) && (__RES >= 19940415) */
static int fallbackmxrr __P((int, unsigned short *, char **));
/*
** GETFALLBACKMXRR -- get MX resource records for fallback MX host.
**
** We have to initialize this once before doing anything else.
** Moreover, we have to repeat this from time to time to avoid
** stale data, e.g., in persistent queue runners.
** This should be done in a parent process so the child
** processes have the right data.
**
** Parameters:
** host -- the name of the fallback MX host.
**
** Returns:
** number of MX records.
**
** Side Effects:
** Populates NumFallbackMXHosts and fbhosts.
** Sets renewal time (based on TTL).
*/
int NumFallbackMXHosts = 0; /* Number of fallback MX hosts (after MX expansion) */
int
char *host;
{
int i, rcode;
int ttl;
#if 0
/* This is currently done before this function is called. */
return 0;
#endif /* 0 */
return NumFallbackMXHosts;
if (host[0] == '[')
{
NumFallbackMXHosts = 1;
}
else
{
/* free old data */
for (i = 0; i < NumFallbackMXHosts; i++)
/* get new data */
for (i = 0; i < NumFallbackMXHosts; i++)
}
return NumFallbackMXHosts;
}
/*
** FALLBACKMXRR -- add MX resource records for fallback MX host to list.
**
** Parameters:
** nmx -- current number of MX records.
** prefs -- array of preferences.
** mxhosts -- array of MX hosts (maximum size: MAXMXHOSTS)
**
** Returns:
** new number of MX records.
**
** Side Effects:
** If FallbackMX was set, it appends the MX records for
** that host to mxhosts (and modifies prefs accordingly).
*/
static int
int nmx;
unsigned short *prefs;
char **mxhosts;
{
int i;
{
if (nmx > 0)
else
}
return nmx;
}
/*
** GETMXRR -- get MX resource records for a domain
**
** Parameters:
** host -- the name of the host to MX.
** mxhosts -- a pointer to a return buffer of MX records.
** mxprefs -- a pointer to a return buffer of MX preferences.
** If NULL, don't try to populate.
** droplocalhost -- If true, all MX records less preferred
** than the local host (as determined by $=w) will
** be discarded.
** rcode -- a pointer to an EX_ status code.
** tryfallback -- add also fallback MX host?
** pttl -- pointer to return TTL (can be NULL).
**
** Returns:
** The number of MX records found.
** -1 if there is an internal failure.
** If no MX records are found, mxhosts[0] is set to host
** and 1 is returned.
**
** Side Effects:
** The entries made for mxhosts point to a static array
** MXHostBuf[MXHOSTBUFSIZE], so the data needs to be copied,
** if it must be preserved across calls to this function.
*/
int
char *host;
char **mxhosts;
unsigned short *mxprefs;
bool droplocalhost;
int *rcode;
bool tryfallback;
int *pttl;
{
register int i, j, n;
int nmx = 0;
register char *bp;
bool seenlocal = false;
unsigned short localpref = 256;
char *fallbackMX = FallbackMX;
bool trycanon = false;
unsigned short *prefs;
unsigned short prefer[MAXMXHOSTS];
int weight[MAXMXHOSTS];
int ttl = 0;
extern int res_query(), res_search();
sm_dprintf("getmxrr(%s, droplocalhost=%d)\n",
*pttl = SM_DEFAULT_TTL;
if (*host == '\0')
return 0;
{
/* don't use fallback for this pass */
fallbackMX = NULL;
}
else
/* efficiency hack -- numeric or non-MX lookups */
if (host[0] == '[')
goto punt;
/*
** If we don't have MX records in our host switch, don't
** try for MX records. Note that this really isn't "right",
** since we might be set up to try NIS first and then DNS;
** if the host is found in NIS we really shouldn't be doing
** MX lookups. However, that should be a degenerate case.
*/
if (!UseNameServer)
goto punt;
else
errno = 0;
sizeof(answer));
if (n < 0)
{
sm_dprintf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n",
switch (h_errno)
{
case NO_DATA:
trycanon = true;
/* FALLTHROUGH */
case NO_RECOVERY:
/* no MX data on this host */
goto punt;
case HOST_NOT_FOUND:
# if BROKEN_RES_SEARCH
case 0: /* Ultrix resolver retns failure w/ h_errno=0 */
# endif /* BROKEN_RES_SEARCH */
trycanon = true;
goto punt;
case TRY_AGAIN:
case -1:
/* couldn't connect to the name server */
if (fallbackMX != NULL)
{
/* name server is hosed -- push to fallback */
}
/* it might come up later; better queue it up */
*rcode = EX_TEMPFAIL;
break;
default:
syserr("getmxrr: res_search (%s) failed with impossible h_errno (%d)",
break;
}
/* irreconcilable differences */
return -1;
}
/* avoid problems after truncation in tcp packets */
if (n > sizeof(answer))
n = sizeof(answer);
/* find first satisfactory answer */
qdcount--;
{
goto punt;
}
/* NOTE: see definition of MXHostBuf! */
/* See RFC 1035 for layout of RRs. */
/* XXX leave room for FallbackMX ? */
{
break;
cp += n;
{
sm_dprintf("unexpected answer type %d, size %d\n",
type, n);
cp += n;
continue;
}
break;
cp += n;
# if 0
/* Can this happen? */
if (n == 0)
{
if (LogLevel > 4)
"MX records for %s contain empty string",
host);
continue;
}
# endif /* 0 */
{
sm_dprintf("found localhost (%s) in MX list, pref=%d\n",
if (droplocalhost)
{
seenlocal = true;
continue;
}
}
else
bp += n;
{
*bp++ = '.';
n++;
}
*bp++ = '\0';
if (buflen < n + 1)
{
/* don't want to wrap buflen */
break;
}
buflen -= n + 1;
}
/* return only one TTL entry, that should be sufficient */
/* sort the records */
for (i = 0; i < nmx; i++)
{
for (j = i + 1; j < nmx; j++)
{
{
register int temp;
register char *temp1;
}
}
{
/* truncate higher preference part of list */
nmx = i;
}
}
/* delete duplicates from list (yes, some bozos have duplicates) */
for (i = 0; i < nmx - 1; )
{
i++;
else
{
/* compress out duplicate */
for (j = i + 1; j < nmx; j++)
{
}
nmx--;
}
}
if (nmx == 0)
{
punt:
if (seenlocal)
{
/*
** If we have deleted all MX entries, this is
** an error -- we should NEVER send to a host that
** has an MX, and this should have been caught
** earlier in the config file.
**
** Some sites prefer to go ahead and try the
** A record anyway; that case is handled by
** setting TryNullMXList. I believe this is a
** bad idea, but it's up to you....
*/
if (TryNullMXList)
{
SM_SET_H_ERRNO(0);
errno = 0;
if (h == NULL)
{
(errno == ECONNREFUSED &&
{
*rcode = EX_TEMPFAIL;
return -1;
}
# if NETINET6
SM_SET_H_ERRNO(0);
errno = 0;
if (h == NULL &&
(errno == ECONNREFUSED &&
{
*rcode = EX_TEMPFAIL;
return -1;
}
# endif /* NETINET6 */
}
}
if (h == NULL)
{
syserr("MX list for %s points back to %s",
host, MyHostName);
return -1;
}
# if NETINET6
freehostent(h);
h = NULL;
# endif /* NETINET6 */
}
{
syserr("Host name %s too long",
return -1;
}
prefs[0] = 0;
if (host[0] == '[')
{
register char *p;
# if NETINET6
struct sockaddr_in6 tmp6;
# endif /* NETINET6 */
/* this may be an MX suppression-style address */
if (p != NULL)
{
*p = '\0';
{
nmx++;
*p = ']';
}
# if NETINET6
{
nmx++;
*p = ']';
}
# endif /* NETINET6 */
else
{
trycanon = true;
mxhosts[0]++;
}
}
}
if (trycanon &&
{
/* XXX MXHostBuf == "" ? is that possible? */
{
*bp++ = '.';
*bp = '\0';
}
nmx = 1;
}
}
/* if we have a default lowest preference, include that */
{
}
return nmx;
}
/*
** MXRAND -- create a randomizer for equal MX preferences
**
** If two MX hosts have equal preferences we want to randomize
** the selection. But in order for signatures to be the same,
** we need to randomize the same way each time. This function
** computes a pseudo-random hash function from the host name.
**
** Parameters:
** host -- the name of the host.
**
** Returns:
** A random but repeatable value based on the host name.
*/
static int
register char *host;
{
int hfunc;
static unsigned int seed;
if (seed == 0)
{
if (seed == 0)
seed++;
}
while (*host != '\0')
{
int c = *host++;
c = tolower(c);
}
hfunc &= 0xff;
hfunc++;
return hfunc;
}
/*
** BESTMX -- find the best MX for a name
**
** This is really a hack, but I don't see any obvious way
** to generalize it at the moment.
*/
/* ARGSUSED3 */
char *
char *name;
char **av;
int *statp;
{
int nmx;
int i;
char *result;
char *buf;
#else /* _FFR_BESTMX_BETTER_TRUNCATION */
char *p;
#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
if (nmx <= 0)
return NULL;
/*
** We were given a -z flag (return all MXs) and there are multiple
** ones. We need to build them all into a list.
*/
for (i = 0; i < nmx; i++)
{
{
syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
return NULL;
}
if (len < 0)
{
break;
}
}
{
*statp = EX_UNAVAILABLE;
return NULL;
}
*buf = '\0';
for (i = 0; i < nmx; i++)
{
int end;
{
}
}
/* Cleanly truncate for rulesets */
#else /* _FFR_BESTMX_BETTER_TRUNCATION */
p = buf;
for (i = 0; i < nmx; i++)
{
{
syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
return NULL;
}
break;
if (i > 0)
{
*p++ = map->map_coldelim;
len++;
}
p += slen;
}
#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
return result;
}
/*
** DNS_GETCANONNAME -- get the canonical name for named host using DNS
**
** This algorithm tries to be smart about wildcard MX records.
** This is hard to do because DNS doesn't tell is if we matched
** against a wildcard or a specific MX.
**
** We always prefer A & CNAME records, since these are presumed
** to be specific.
**
** If we match an MX in one pass and lose it in the next, we use
** the old one. For example, consider an MX matching *.FOO.BAR.COM.
** A hostname bletch.foo.bar.com will match against this MX, but
** will stop matching when we try bletch.bar.com -- so we know
** that bletch.foo.bar.com must have been right. This fails if
** there was also an MX record matching *.BAR.COM, but there are
** some things that just can't be fixed.
**
** Parameters:
** host -- a buffer containing the name of the host.
** This is a value-result parameter.
** hbsize -- the size of the host buffer.
** trymx -- if set, try MX records as well as A and CNAME.
** statp -- pointer to place to store status.
** pttl -- pointer to return TTL (can be NULL).
**
** Returns:
** true -- if the host matched.
** false -- otherwise.
*/
bool
char *host;
int hbsize;
bool trymx;
int *statp;
int *pttl;
{
register char *cp;
register int n;
int ret;
char **domain;
int type;
int ttl = 0;
char **dp;
char *mxmatch;
bool amatch;
bool gotmx = false;
int qtype;
int initial;
int loopcnt;
{
*statp = EX_UNAVAILABLE;
return false;
}
/*
** Initialize domain search list. If there is at least one
** dot in the name, search the unmodified name first so we
** find "vse.CS" in Czechoslovakia instead of in the local
** domain (e.g., vse.CS.Berkeley.EDU). Note that there is no
** longer a country named Czechoslovakia but this type of problem
** is still present.
**
** Older versions of the resolver could create this
** list by tearing apart the host name.
*/
loopcnt = 0;
/* Check for dots in the name */
if (*cp == '.')
n++;
/*
** Build the search list.
** If there is at least one dot in name, start with a null
** domain to search the unmodified name first.
** If name does not end with a dot and search up local domain
** tree desired, append each local domain component to the
** search list; if name contains no dots and default domain
** name is desired, append default domain name to search list;
** else if name ends in a dot, remove that dot.
*/
dp = searchlist;
if (n > 0)
*dp++ = "";
{
/* make sure there are less than MAXDNSRCH domains */
ret++)
}
{
}
else if (*cp == '.')
{
*cp = '\0';
}
/*
** Now loop through the search list, appending each domain in turn
** name and searching for a match.
*/
# if NETINET6
# endif /* NETINET6 */
{
gotmx = false;
sm_dprintf("dns_getcanonname: trying %s.%s (%s)\n",
# if NETINET6
# endif /* NETINET6 */
"???");
errno = 0;
if (ret <= 0)
{
int save_errno = errno;
sm_dprintf("\tNO: errno=%d, h_errno=%d\n",
{
/*
** the name server seems to be down or broken.
*/
if (**dp == '\0')
{
*statp = EX_TEMPFAIL;
goto nexttype;
}
*statp = EX_TEMPFAIL;
if (WorkAroundBrokenAAAA)
{
/*
** Only return if not TRY_AGAIN as an
** attempt with a different qtype may
** succeed (res_querydomain() calls
** res_query() calls res_send() which
** sets errno to ETIMEDOUT if the
** nameservers could be contacted but
** didn't give an answer).
*/
if (save_errno != ETIMEDOUT)
return false;
}
else
return false;
}
if (h_errno != HOST_NOT_FOUND)
{
/* might have another type of interest */
# if NETINET6
{
continue;
}
else
# endif /* NETINET6 */
{
continue;
}
}
/* definite no -- try the next domain */
dp++;
continue;
}
sm_dprintf("\tYES\n");
/* avoid problems after truncation in tcp packets */
/*
** Appear to have a match. Confirm it by searching for A or
** CNAME records. If we don't have a local domain
** wild card MX record, we will accept MX as well.
*/
/* skip question part of response -- we know what we asked */
qdcount--;
{
{
sm_dprintf("qdcount failure (%d)\n",
*statp = EX_SOFTWARE;
return false; /* ???XXX??? */
}
}
amatch = false;
ap += n)
{
if (n < 0)
break;
ap += n;
switch (type)
{
case T_MX:
gotmx = true;
{
/*
** If we are using MX matches and have
** not yet gotten one, save this one
** but keep searching for an A or
** CNAME match.
*/
continue;
}
/*
** If we did not append a domain name, this
** must have been a canonical name to start
** with. Even if we did append a domain name,
** in the absence of a wildcard MX this must
** still be a real MX match.
** Such MX matches are as good as an A match,
** fall through.
*/
/* FALLTHROUGH */
# if NETINET6
case T_AAAA:
# endif /* NETINET6 */
case T_A:
/* Flag that a good match was found */
amatch = true;
/* continue in case a CNAME also exists */
continue;
case T_CNAME:
if (DontExpandCnames)
{
/* got CNAME -- guaranteed canonical */
amatch = true;
break;
}
if (loopcnt++ > MAXCNAMEDEPTH)
{
/*XXX should notify postmaster XXX*/
message("DNS failure: CNAME loop for %s",
host);
{
(void) sm_snprintf(ebuf,
sizeof ebuf,
"Deferred: DNS failure: CNAME loop for %.100s",
host);
}
return false;
}
/* value points at name */
sizeof(nbuf))) < 0)
break;
/*
** RFC 1034 section 3.6 specifies that CNAME
** should point at the canonical name -- but
** urges software to try again anyway.
*/
goto cnameloop;
default:
/* not a record of interest */
continue;
}
}
if (amatch)
{
/*
** Got a good match -- either an A, CNAME, or an
** exact MX record. Save it and get out of here.
*/
break;
}
/*
** Nothing definitive yet.
** If this was a T_A query and we haven't yet found a MX
** match, try T_MX if allowed to do so.
** Otherwise, try the next domain.
*/
# if NETINET6
else
# endif /* NETINET6 */
else
{
dp++;
}
}
/* if nothing was found, we are done */
{
return false;
}
/*
** Create canonical name and return.
** If saved domain name is null, name was already canonical.
** Otherwise append the saved domain name.
*/
/* return only one TTL entry, that should be sufficient */
return true;
}
#endif /* NAMED_BIND */