1 /* 2 * Copyright (c) 1998-2004, 2006, 2010 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 #include "map.h" 16 17 #if NAMED_BIND 18 SM_RCSID("@(#)$Id: domain.c,v 8.205 2013/11/22 20:51:55 ca Exp $ (with name server)") 19 #else /* NAMED_BIND */ 20 SM_RCSID("@(#)$Id: domain.c,v 8.205 2013/11/22 20:51:55 ca Exp $ (without name server)") 21 #endif /* NAMED_BIND */ 22 23 #if NAMED_BIND 24 25 # include <arpa/inet.h> 26 27 28 # ifndef MXHOSTBUFSIZE 29 # define MXHOSTBUFSIZE (128 * MAXMXHOSTS) 30 # endif /* ! MXHOSTBUFSIZE */ 31 32 static char MXHostBuf[MXHOSTBUFSIZE]; 33 #if (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2) 34 ERROR: _MXHOSTBUFSIZE is out of range 35 #endif /* (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2) */ 36 37 # ifndef MAXDNSRCH 38 # define MAXDNSRCH 6 /* number of possible domains to search */ 39 # endif /* ! MAXDNSRCH */ 40 41 # ifndef RES_DNSRCH_VARIABLE 42 # define RES_DNSRCH_VARIABLE _res.dnsrch 43 # endif /* ! RES_DNSRCH_VARIABLE */ 44 45 # ifndef NO_DATA 46 # define NO_DATA NO_ADDRESS 47 # endif /* ! NO_DATA */ 48 49 # ifndef HFIXEDSZ 50 # define HFIXEDSZ 12 /* sizeof(HEADER) */ 51 # endif /* ! HFIXEDSZ */ 52 53 # define MAXCNAMEDEPTH 10 /* maximum depth of CNAME recursion */ 54 55 # if defined(__RES) && (__RES >= 19940415) 56 # define RES_UNC_T char * 57 # else /* defined(__RES) && (__RES >= 19940415) */ 58 # define RES_UNC_T unsigned char * 59 # endif /* defined(__RES) && (__RES >= 19940415) */ 60 61 static int mxrand __P((char *)); 62 static int fallbackmxrr __P((int, unsigned short *, char **)); 63 64 /* 65 ** GETFALLBACKMXRR -- get MX resource records for fallback MX host. 66 ** 67 ** We have to initialize this once before doing anything else. 68 ** Moreover, we have to repeat this from time to time to avoid 69 ** stale data, e.g., in persistent queue runners. 70 ** This should be done in a parent process so the child 71 ** processes have the right data. 72 ** 73 ** Parameters: 74 ** host -- the name of the fallback MX host. 75 ** 76 ** Returns: 77 ** number of MX records. 78 ** 79 ** Side Effects: 80 ** Populates NumFallbackMXHosts and fbhosts. 81 ** Sets renewal time (based on TTL). 82 */ 83 84 int NumFallbackMXHosts = 0; /* Number of fallback MX hosts (after MX expansion) */ 85 static char *fbhosts[MAXMXHOSTS + 1]; 86 87 int 88 getfallbackmxrr(host) 89 char *host; 90 { 91 int i, rcode; 92 int ttl; 93 static time_t renew = 0; 94 95 #if 0 96 /* This is currently done before this function is called. */ 97 if (host == NULL || *host == '\0') 98 return 0; 99 #endif /* 0 */ 100 if (NumFallbackMXHosts > 0 && renew > curtime()) 101 return NumFallbackMXHosts; 102 if (host[0] == '[') 103 { 104 fbhosts[0] = host; 105 NumFallbackMXHosts = 1; 106 } 107 else 108 { 109 /* free old data */ 110 for (i = 0; i < NumFallbackMXHosts; i++) 111 sm_free(fbhosts[i]); 112 113 /* get new data */ 114 NumFallbackMXHosts = getmxrr(host, fbhosts, NULL, false, 115 &rcode, false, &ttl); 116 renew = curtime() + ttl; 117 for (i = 0; i < NumFallbackMXHosts; i++) 118 fbhosts[i] = newstr(fbhosts[i]); 119 } 120 return NumFallbackMXHosts; 121 } 122 123 /* 124 ** FALLBACKMXRR -- add MX resource records for fallback MX host to list. 125 ** 126 ** Parameters: 127 ** nmx -- current number of MX records. 128 ** prefs -- array of preferences. 129 ** mxhosts -- array of MX hosts (maximum size: MAXMXHOSTS) 130 ** 131 ** Returns: 132 ** new number of MX records. 133 ** 134 ** Side Effects: 135 ** If FallbackMX was set, it appends the MX records for 136 ** that host to mxhosts (and modifies prefs accordingly). 137 */ 138 139 static int 140 fallbackmxrr(nmx, prefs, mxhosts) 141 int nmx; 142 unsigned short *prefs; 143 char **mxhosts; 144 { 145 int i; 146 147 for (i = 0; i < NumFallbackMXHosts && nmx < MAXMXHOSTS; i++) 148 { 149 if (nmx > 0) 150 prefs[nmx] = prefs[nmx - 1] + 1; 151 else 152 prefs[nmx] = 0; 153 mxhosts[nmx++] = fbhosts[i]; 154 } 155 return nmx; 156 } 157 158 /* 159 ** GETMXRR -- get MX resource records for a domain 160 ** 161 ** Parameters: 162 ** host -- the name of the host to MX. 163 ** mxhosts -- a pointer to a return buffer of MX records. 164 ** mxprefs -- a pointer to a return buffer of MX preferences. 165 ** If NULL, don't try to populate. 166 ** droplocalhost -- If true, all MX records less preferred 167 ** than the local host (as determined by $=w) will 168 ** be discarded. 169 ** rcode -- a pointer to an EX_ status code. 170 ** tryfallback -- add also fallback MX host? 171 ** pttl -- pointer to return TTL (can be NULL). 172 ** 173 ** Returns: 174 ** The number of MX records found. 175 ** -1 if there is an internal failure. 176 ** If no MX records are found, mxhosts[0] is set to host 177 ** and 1 is returned. 178 ** 179 ** Side Effects: 180 ** The entries made for mxhosts point to a static array 181 ** MXHostBuf[MXHOSTBUFSIZE], so the data needs to be copied, 182 ** if it must be preserved across calls to this function. 183 */ 184 185 int 186 getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode, tryfallback, pttl) 187 char *host; 188 char **mxhosts; 189 unsigned short *mxprefs; 190 bool droplocalhost; 191 int *rcode; 192 bool tryfallback; 193 int *pttl; 194 { 195 register unsigned char *eom, *cp; 196 register int i, j, n; 197 int nmx = 0; 198 register char *bp; 199 HEADER *hp; 200 querybuf answer; 201 int ancount, qdcount, buflen; 202 bool seenlocal = false; 203 unsigned short pref, type; 204 unsigned short localpref = 256; 205 char *fallbackMX = FallbackMX; 206 bool trycanon = false; 207 unsigned short *prefs; 208 int (*resfunc) __P((const char *, int, int, u_char *, int)); 209 unsigned short prefer[MAXMXHOSTS]; 210 int weight[MAXMXHOSTS]; 211 int ttl = 0; 212 extern int res_query(), res_search(); 213 214 if (tTd(8, 2)) 215 sm_dprintf("getmxrr(%s, droplocalhost=%d)\n", 216 host, droplocalhost); 217 *rcode = EX_OK; 218 if (pttl != NULL) 219 *pttl = SM_DEFAULT_TTL; 220 if (*host == '\0') 221 return 0; 222 223 if ((fallbackMX != NULL && droplocalhost && 224 wordinclass(fallbackMX, 'w')) || !tryfallback) 225 { 226 /* don't use fallback for this pass */ 227 fallbackMX = NULL; 228 } 229 230 if (mxprefs != NULL) 231 prefs = mxprefs; 232 else 233 prefs = prefer; 234 235 /* efficiency hack -- numeric or non-MX lookups */ 236 if (host[0] == '[') 237 goto punt; 238 239 /* 240 ** If we don't have MX records in our host switch, don't 241 ** try for MX records. Note that this really isn't "right", 242 ** since we might be set up to try NIS first and then DNS; 243 ** if the host is found in NIS we really shouldn't be doing 244 ** MX lookups. However, that should be a degenerate case. 245 */ 246 247 if (!UseNameServer) 248 goto punt; 249 if (HasWildcardMX && ConfigLevel >= 6) 250 resfunc = res_query; 251 else 252 resfunc = res_search; 253 254 errno = 0; 255 n = (*resfunc)(host, C_IN, T_MX, (unsigned char *) &answer, 256 sizeof(answer)); 257 if (n < 0) 258 { 259 if (tTd(8, 1)) 260 sm_dprintf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n", 261 host, errno, h_errno); 262 switch (h_errno) 263 { 264 case NO_DATA: 265 trycanon = true; 266 /* FALLTHROUGH */ 267 268 case NO_RECOVERY: 269 /* no MX data on this host */ 270 goto punt; 271 272 case HOST_NOT_FOUND: 273 # if BROKEN_RES_SEARCH 274 case 0: /* Ultrix resolver retns failure w/ h_errno=0 */ 275 # endif /* BROKEN_RES_SEARCH */ 276 /* host doesn't exist in DNS; might be in /etc/hosts */ 277 trycanon = true; 278 *rcode = EX_NOHOST; 279 goto punt; 280 281 case TRY_AGAIN: 282 case -1: 283 /* couldn't connect to the name server */ 284 if (fallbackMX != NULL) 285 { 286 /* name server is hosed -- push to fallback */ 287 return fallbackmxrr(nmx, prefs, mxhosts); 288 } 289 /* it might come up later; better queue it up */ 290 *rcode = EX_TEMPFAIL; 291 break; 292 293 default: 294 syserr("getmxrr: res_search (%s) failed with impossible h_errno (%d)", 295 host, h_errno); 296 *rcode = EX_OSERR; 297 break; 298 } 299 300 /* irreconcilable differences */ 301 return -1; 302 } 303 304 /* avoid problems after truncation in tcp packets */ 305 if (n > sizeof(answer)) 306 n = sizeof(answer); 307 308 /* find first satisfactory answer */ 309 hp = (HEADER *)&answer; 310 cp = (unsigned char *)&answer + HFIXEDSZ; 311 eom = (unsigned char *)&answer + n; 312 for (qdcount = ntohs((unsigned short) hp->qdcount); 313 qdcount--; 314 cp += n + QFIXEDSZ) 315 { 316 if ((n = dn_skipname(cp, eom)) < 0) 317 goto punt; 318 } 319 320 /* NOTE: see definition of MXHostBuf! */ 321 buflen = sizeof(MXHostBuf) - 1; 322 SM_ASSERT(buflen > 0); 323 bp = MXHostBuf; 324 ancount = ntohs((unsigned short) hp->ancount); 325 326 /* See RFC 1035 for layout of RRs. */ 327 /* XXX leave room for FallbackMX ? */ 328 while (--ancount >= 0 && cp < eom && nmx < MAXMXHOSTS - 1) 329 { 330 if ((n = dn_expand((unsigned char *)&answer, eom, cp, 331 (RES_UNC_T) bp, buflen)) < 0) 332 break; 333 cp += n; 334 GETSHORT(type, cp); 335 cp += INT16SZ; /* skip over class */ 336 GETLONG(ttl, cp); 337 GETSHORT(n, cp); /* rdlength */ 338 if (type != T_MX) 339 { 340 if (tTd(8, 8) || _res.options & RES_DEBUG) 341 sm_dprintf("unexpected answer type %d, size %d\n", 342 type, n); 343 cp += n; 344 continue; 345 } 346 GETSHORT(pref, cp); 347 if ((n = dn_expand((unsigned char *)&answer, eom, cp, 348 (RES_UNC_T) bp, buflen)) < 0) 349 break; 350 cp += n; 351 n = strlen(bp); 352 # if 0 353 /* Can this happen? */ 354 if (n == 0) 355 { 356 if (LogLevel > 4) 357 sm_syslog(LOG_ERR, NOQID, 358 "MX records for %s contain empty string", 359 host); 360 continue; 361 } 362 # endif /* 0 */ 363 if (wordinclass(bp, 'w')) 364 { 365 if (tTd(8, 3)) 366 sm_dprintf("found localhost (%s) in MX list, pref=%d\n", 367 bp, pref); 368 if (droplocalhost) 369 { 370 if (!seenlocal || pref < localpref) 371 localpref = pref; 372 seenlocal = true; 373 continue; 374 } 375 weight[nmx] = 0; 376 } 377 else 378 weight[nmx] = mxrand(bp); 379 prefs[nmx] = pref; 380 mxhosts[nmx++] = bp; 381 bp += n; 382 if (bp[-1] != '.') 383 { 384 *bp++ = '.'; 385 n++; 386 } 387 *bp++ = '\0'; 388 if (buflen < n + 1) 389 { 390 /* don't want to wrap buflen */ 391 break; 392 } 393 buflen -= n + 1; 394 } 395 396 /* return only one TTL entry, that should be sufficient */ 397 if (ttl > 0 && pttl != NULL) 398 *pttl = ttl; 399 400 /* sort the records */ 401 for (i = 0; i < nmx; i++) 402 { 403 for (j = i + 1; j < nmx; j++) 404 { 405 if (prefs[i] > prefs[j] || 406 (prefs[i] == prefs[j] && weight[i] > weight[j])) 407 { 408 register int temp; 409 register char *temp1; 410 411 temp = prefs[i]; 412 prefs[i] = prefs[j]; 413 prefs[j] = temp; 414 temp1 = mxhosts[i]; 415 mxhosts[i] = mxhosts[j]; 416 mxhosts[j] = temp1; 417 temp = weight[i]; 418 weight[i] = weight[j]; 419 weight[j] = temp; 420 } 421 } 422 if (seenlocal && prefs[i] >= localpref) 423 { 424 /* truncate higher preference part of list */ 425 nmx = i; 426 } 427 } 428 429 /* delete duplicates from list (yes, some bozos have duplicates) */ 430 for (i = 0; i < nmx - 1; ) 431 { 432 if (sm_strcasecmp(mxhosts[i], mxhosts[i + 1]) != 0) 433 i++; 434 else 435 { 436 /* compress out duplicate */ 437 for (j = i + 1; j < nmx; j++) 438 { 439 mxhosts[j] = mxhosts[j + 1]; 440 prefs[j] = prefs[j + 1]; 441 } 442 nmx--; 443 } 444 } 445 446 if (nmx == 0) 447 { 448 punt: 449 if (seenlocal) 450 { 451 struct hostent *h = NULL; 452 453 /* 454 ** If we have deleted all MX entries, this is 455 ** an error -- we should NEVER send to a host that 456 ** has an MX, and this should have been caught 457 ** earlier in the config file. 458 ** 459 ** Some sites prefer to go ahead and try the 460 ** A record anyway; that case is handled by 461 ** setting TryNullMXList. I believe this is a 462 ** bad idea, but it's up to you.... 463 */ 464 465 if (TryNullMXList) 466 { 467 SM_SET_H_ERRNO(0); 468 errno = 0; 469 h = sm_gethostbyname(host, AF_INET); 470 if (h == NULL) 471 { 472 if (errno == ETIMEDOUT || 473 h_errno == TRY_AGAIN || 474 (errno == ECONNREFUSED && 475 UseNameServer)) 476 { 477 *rcode = EX_TEMPFAIL; 478 return -1; 479 } 480 # if NETINET6 481 SM_SET_H_ERRNO(0); 482 errno = 0; 483 h = sm_gethostbyname(host, AF_INET6); 484 if (h == NULL && 485 (errno == ETIMEDOUT || 486 h_errno == TRY_AGAIN || 487 (errno == ECONNREFUSED && 488 UseNameServer))) 489 { 490 *rcode = EX_TEMPFAIL; 491 return -1; 492 } 493 # endif /* NETINET6 */ 494 } 495 } 496 497 if (h == NULL) 498 { 499 *rcode = EX_CONFIG; 500 syserr("MX list for %s points back to %s", 501 host, MyHostName); 502 return -1; 503 } 504 # if NETINET6 505 freehostent(h); 506 h = NULL; 507 # endif /* NETINET6 */ 508 } 509 if (strlen(host) >= sizeof(MXHostBuf)) 510 { 511 *rcode = EX_CONFIG; 512 syserr("Host name %s too long", 513 shortenstring(host, MAXSHORTSTR)); 514 return -1; 515 } 516 (void) sm_strlcpy(MXHostBuf, host, sizeof(MXHostBuf)); 517 mxhosts[0] = MXHostBuf; 518 prefs[0] = 0; 519 if (host[0] == '[') 520 { 521 register char *p; 522 # if NETINET6 523 struct sockaddr_in6 tmp6; 524 # endif /* NETINET6 */ 525 526 /* this may be an MX suppression-style address */ 527 p = strchr(MXHostBuf, ']'); 528 if (p != NULL) 529 { 530 *p = '\0'; 531 532 if (inet_addr(&MXHostBuf[1]) != INADDR_NONE) 533 { 534 nmx++; 535 *p = ']'; 536 } 537 # if NETINET6 538 else if (anynet_pton(AF_INET6, &MXHostBuf[1], 539 &tmp6.sin6_addr) == 1) 540 { 541 nmx++; 542 *p = ']'; 543 } 544 # endif /* NETINET6 */ 545 else 546 { 547 trycanon = true; 548 mxhosts[0]++; 549 } 550 } 551 } 552 if (trycanon && 553 getcanonname(mxhosts[0], sizeof(MXHostBuf) - 2, false, pttl)) 554 { 555 /* XXX MXHostBuf == "" ? is that possible? */ 556 bp = &MXHostBuf[strlen(MXHostBuf)]; 557 if (bp[-1] != '.') 558 { 559 *bp++ = '.'; 560 *bp = '\0'; 561 } 562 nmx = 1; 563 } 564 } 565 566 /* if we have a default lowest preference, include that */ 567 if (fallbackMX != NULL && !seenlocal) 568 { 569 nmx = fallbackmxrr(nmx, prefs, mxhosts); 570 } 571 return nmx; 572 } 573 /* 574 ** MXRAND -- create a randomizer for equal MX preferences 575 ** 576 ** If two MX hosts have equal preferences we want to randomize 577 ** the selection. But in order for signatures to be the same, 578 ** we need to randomize the same way each time. This function 579 ** computes a pseudo-random hash function from the host name. 580 ** 581 ** Parameters: 582 ** host -- the name of the host. 583 ** 584 ** Returns: 585 ** A random but repeatable value based on the host name. 586 */ 587 588 static int 589 mxrand(host) 590 register char *host; 591 { 592 int hfunc; 593 static unsigned int seed; 594 595 if (seed == 0) 596 { 597 seed = (int) curtime() & 0xffff; 598 if (seed == 0) 599 seed++; 600 } 601 602 if (tTd(17, 9)) 603 sm_dprintf("mxrand(%s)", host); 604 605 hfunc = seed; 606 while (*host != '\0') 607 { 608 int c = *host++; 609 610 if (isascii(c) && isupper(c)) 611 c = tolower(c); 612 hfunc = ((hfunc << 1) ^ c) % 2003; 613 } 614 615 hfunc &= 0xff; 616 hfunc++; 617 618 if (tTd(17, 9)) 619 sm_dprintf(" = %d\n", hfunc); 620 return hfunc; 621 } 622 /* 623 ** BESTMX -- find the best MX for a name 624 ** 625 ** This is really a hack, but I don't see any obvious way 626 ** to generalize it at the moment. 627 */ 628 629 /* ARGSUSED3 */ 630 char * 631 bestmx_map_lookup(map, name, av, statp) 632 MAP *map; 633 char *name; 634 char **av; 635 int *statp; 636 { 637 int nmx; 638 int saveopts = _res.options; 639 int i; 640 ssize_t len = 0; 641 char *result; 642 char *mxhosts[MAXMXHOSTS + 1]; 643 #if _FFR_BESTMX_BETTER_TRUNCATION 644 char *buf; 645 #else /* _FFR_BESTMX_BETTER_TRUNCATION */ 646 char *p; 647 char buf[PSBUFSIZE / 2]; 648 #endif /* _FFR_BESTMX_BETTER_TRUNCATION */ 649 650 _res.options &= ~(RES_DNSRCH|RES_DEFNAMES); 651 nmx = getmxrr(name, mxhosts, NULL, false, statp, false, NULL); 652 _res.options = saveopts; 653 if (nmx <= 0) 654 return NULL; 655 if (bitset(MF_MATCHONLY, map->map_mflags)) 656 return map_rewrite(map, name, strlen(name), NULL); 657 if ((map->map_coldelim == '\0') || (nmx == 1)) 658 return map_rewrite(map, mxhosts[0], strlen(mxhosts[0]), av); 659 660 /* 661 ** We were given a -z flag (return all MXs) and there are multiple 662 ** ones. We need to build them all into a list. 663 */ 664 665 #if _FFR_BESTMX_BETTER_TRUNCATION 666 for (i = 0; i < nmx; i++) 667 { 668 if (strchr(mxhosts[i], map->map_coldelim) != NULL) 669 { 670 syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X", 671 mxhosts[i], map->map_coldelim); 672 return NULL; 673 } 674 len += strlen(mxhosts[i]) + 1; 675 if (len < 0) 676 { 677 len -= strlen(mxhosts[i]) + 1; 678 break; 679 } 680 } 681 buf = (char *) sm_malloc(len); 682 if (buf == NULL) 683 { 684 *statp = EX_UNAVAILABLE; 685 return NULL; 686 } 687 *buf = '\0'; 688 for (i = 0; i < nmx; i++) 689 { 690 int end; 691 692 end = sm_strlcat(buf, mxhosts[i], len); 693 if (i != nmx && end + 1 < len) 694 { 695 buf[end] = map->map_coldelim; 696 buf[end + 1] = '\0'; 697 } 698 } 699 700 /* Cleanly truncate for rulesets */ 701 truncate_at_delim(buf, PSBUFSIZE / 2, map->map_coldelim); 702 #else /* _FFR_BESTMX_BETTER_TRUNCATION */ 703 p = buf; 704 for (i = 0; i < nmx; i++) 705 { 706 size_t slen; 707 708 if (strchr(mxhosts[i], map->map_coldelim) != NULL) 709 { 710 syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X", 711 mxhosts[i], map->map_coldelim); 712 return NULL; 713 } 714 slen = strlen(mxhosts[i]); 715 if (len + slen + 2 > sizeof(buf)) 716 break; 717 if (i > 0) 718 { 719 *p++ = map->map_coldelim; 720 len++; 721 } 722 (void) sm_strlcpy(p, mxhosts[i], sizeof(buf) - len); 723 p += slen; 724 len += slen; 725 } 726 #endif /* _FFR_BESTMX_BETTER_TRUNCATION */ 727 728 result = map_rewrite(map, buf, len, av); 729 #if _FFR_BESTMX_BETTER_TRUNCATION 730 sm_free(buf); 731 #endif /* _FFR_BESTMX_BETTER_TRUNCATION */ 732 return result; 733 } 734 /* 735 ** DNS_GETCANONNAME -- get the canonical name for named host using DNS 736 ** 737 ** This algorithm tries to be smart about wildcard MX records. 738 ** This is hard to do because DNS doesn't tell is if we matched 739 ** against a wildcard or a specific MX. 740 ** 741 ** We always prefer A & CNAME records, since these are presumed 742 ** to be specific. 743 ** 744 ** If we match an MX in one pass and lose it in the next, we use 745 ** the old one. For example, consider an MX matching *.FOO.BAR.COM. 746 ** A hostname bletch.foo.bar.com will match against this MX, but 747 ** will stop matching when we try bletch.bar.com -- so we know 748 ** that bletch.foo.bar.com must have been right. This fails if 749 ** there was also an MX record matching *.BAR.COM, but there are 750 ** some things that just can't be fixed. 751 ** 752 ** Parameters: 753 ** host -- a buffer containing the name of the host. 754 ** This is a value-result parameter. 755 ** hbsize -- the size of the host buffer. 756 ** trymx -- if set, try MX records as well as A and CNAME. 757 ** statp -- pointer to place to store status. 758 ** pttl -- pointer to return TTL (can be NULL). 759 ** 760 ** Returns: 761 ** true -- if the host matched. 762 ** false -- otherwise. 763 */ 764 765 bool 766 dns_getcanonname(host, hbsize, trymx, statp, pttl) 767 char *host; 768 int hbsize; 769 bool trymx; 770 int *statp; 771 int *pttl; 772 { 773 register unsigned char *eom, *ap; 774 register char *cp; 775 register int n; 776 HEADER *hp; 777 querybuf answer; 778 int ancount, qdcount; 779 int ret; 780 char **domain; 781 int type; 782 int ttl = 0; 783 char **dp; 784 char *mxmatch; 785 bool amatch; 786 bool gotmx = false; 787 int qtype; 788 int initial; 789 int loopcnt; 790 char nbuf[SM_MAX(MAXPACKET, MAXDNAME*2+2)]; 791 char *searchlist[MAXDNSRCH + 2]; 792 793 if (tTd(8, 2)) 794 sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx); 795 796 if ((_res.options & RES_INIT) == 0 && res_init() == -1) 797 { 798 *statp = EX_UNAVAILABLE; 799 return false; 800 } 801 802 *statp = EX_OK; 803 804 /* 805 ** Initialize domain search list. If there is at least one 806 ** dot in the name, search the unmodified name first so we 807 ** find "vse.CS" in Czechoslovakia instead of in the local 808 ** domain (e.g., vse.CS.Berkeley.EDU). Note that there is no 809 ** longer a country named Czechoslovakia but this type of problem 810 ** is still present. 811 ** 812 ** Older versions of the resolver could create this 813 ** list by tearing apart the host name. 814 */ 815 816 loopcnt = 0; 817 cnameloop: 818 /* Check for dots in the name */ 819 for (cp = host, n = 0; *cp != '\0'; cp++) 820 if (*cp == '.') 821 n++; 822 823 /* 824 ** Build the search list. 825 ** If there is at least one dot in name, start with a null 826 ** domain to search the unmodified name first. 827 ** If name does not end with a dot and search up local domain 828 ** tree desired, append each local domain component to the 829 ** search list; if name contains no dots and default domain 830 ** name is desired, append default domain name to search list; 831 ** else if name ends in a dot, remove that dot. 832 */ 833 834 dp = searchlist; 835 if (n > 0) 836 *dp++ = ""; 837 if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options)) 838 { 839 /* make sure there are less than MAXDNSRCH domains */ 840 for (domain = RES_DNSRCH_VARIABLE, ret = 0; 841 *domain != NULL && ret < MAXDNSRCH; 842 ret++) 843 *dp++ = *domain++; 844 } 845 else if (n == 0 && bitset(RES_DEFNAMES, _res.options)) 846 { 847 *dp++ = _res.defdname; 848 } 849 else if (*cp == '.') 850 { 851 *cp = '\0'; 852 } 853 *dp = NULL; 854 855 /* 856 ** Now loop through the search list, appending each domain in turn 857 ** name and searching for a match. 858 */ 859 860 mxmatch = NULL; 861 initial = T_A; 862 # if NETINET6 863 if (InetMode == AF_INET6) 864 initial = T_AAAA; 865 # endif /* NETINET6 */ 866 qtype = initial; 867 868 for (dp = searchlist; *dp != NULL; ) 869 { 870 if (qtype == initial) 871 gotmx = false; 872 if (tTd(8, 5)) 873 sm_dprintf("dns_getcanonname: trying %s.%s (%s)\n", 874 host, *dp, 875 # if NETINET6 876 qtype == T_AAAA ? "AAAA" : 877 # endif /* NETINET6 */ 878 qtype == T_A ? "A" : 879 qtype == T_MX ? "MX" : 880 "???"); 881 errno = 0; 882 ret = res_querydomain(host, *dp, C_IN, qtype, 883 answer.qb2, sizeof(answer.qb2)); 884 if (ret <= 0) 885 { 886 int save_errno = errno; 887 888 if (tTd(8, 7)) 889 sm_dprintf("\tNO: errno=%d, h_errno=%d\n", 890 save_errno, h_errno); 891 892 if (save_errno == ECONNREFUSED || h_errno == TRY_AGAIN) 893 { 894 /* 895 ** the name server seems to be down or broken. 896 */ 897 898 SM_SET_H_ERRNO(TRY_AGAIN); 899 if (**dp == '\0') 900 { 901 if (*statp == EX_OK) 902 *statp = EX_TEMPFAIL; 903 goto nexttype; 904 } 905 *statp = EX_TEMPFAIL; 906 907 if (WorkAroundBrokenAAAA) 908 { 909 /* 910 ** Only return if not TRY_AGAIN as an 911 ** attempt with a different qtype may 912 ** succeed (res_querydomain() calls 913 ** res_query() calls res_send() which 914 ** sets errno to ETIMEDOUT if the 915 ** nameservers could be contacted but 916 ** didn't give an answer). 917 */ 918 919 if (save_errno != ETIMEDOUT) 920 return false; 921 } 922 else 923 return false; 924 } 925 926 nexttype: 927 if (h_errno != HOST_NOT_FOUND) 928 { 929 /* might have another type of interest */ 930 # if NETINET6 931 if (qtype == T_AAAA) 932 { 933 qtype = T_A; 934 continue; 935 } 936 else 937 # endif /* NETINET6 */ 938 if (qtype == T_A && !gotmx && 939 (trymx || **dp == '\0')) 940 { 941 qtype = T_MX; 942 continue; 943 } 944 } 945 946 /* definite no -- try the next domain */ 947 dp++; 948 qtype = initial; 949 continue; 950 } 951 else if (tTd(8, 7)) 952 sm_dprintf("\tYES\n"); 953 954 /* avoid problems after truncation in tcp packets */ 955 if (ret > sizeof(answer)) 956 ret = sizeof(answer); 957 SM_ASSERT(ret >= 0); 958 959 /* 960 ** Appear to have a match. Confirm it by searching for A or 961 ** CNAME records. If we don't have a local domain 962 ** wild card MX record, we will accept MX as well. 963 */ 964 965 hp = (HEADER *) &answer; 966 ap = (unsigned char *) &answer + HFIXEDSZ; 967 eom = (unsigned char *) &answer + ret; 968 969 /* skip question part of response -- we know what we asked */ 970 for (qdcount = ntohs((unsigned short) hp->qdcount); 971 qdcount--; 972 ap += ret + QFIXEDSZ) 973 { 974 if ((ret = dn_skipname(ap, eom)) < 0) 975 { 976 if (tTd(8, 20)) 977 sm_dprintf("qdcount failure (%d)\n", 978 ntohs((unsigned short) hp->qdcount)); 979 *statp = EX_SOFTWARE; 980 return false; /* ???XXX??? */ 981 } 982 } 983 984 amatch = false; 985 for (ancount = ntohs((unsigned short) hp->ancount); 986 --ancount >= 0 && ap < eom; 987 ap += n) 988 { 989 n = dn_expand((unsigned char *) &answer, eom, ap, 990 (RES_UNC_T) nbuf, sizeof(nbuf)); 991 if (n < 0) 992 break; 993 ap += n; 994 GETSHORT(type, ap); 995 ap += INT16SZ; /* skip over class */ 996 GETLONG(ttl, ap); 997 GETSHORT(n, ap); /* rdlength */ 998 switch (type) 999 { 1000 case T_MX: 1001 gotmx = true; 1002 if (**dp != '\0' && HasWildcardMX) 1003 { 1004 /* 1005 ** If we are using MX matches and have 1006 ** not yet gotten one, save this one 1007 ** but keep searching for an A or 1008 ** CNAME match. 1009 */ 1010 1011 if (trymx && mxmatch == NULL) 1012 mxmatch = *dp; 1013 continue; 1014 } 1015 1016 /* 1017 ** If we did not append a domain name, this 1018 ** must have been a canonical name to start 1019 ** with. Even if we did append a domain name, 1020 ** in the absence of a wildcard MX this must 1021 ** still be a real MX match. 1022 ** Such MX matches are as good as an A match, 1023 ** fall through. 1024 */ 1025 /* FALLTHROUGH */ 1026 1027 # if NETINET6 1028 case T_AAAA: 1029 # endif /* NETINET6 */ 1030 case T_A: 1031 /* Flag that a good match was found */ 1032 amatch = true; 1033 1034 /* continue in case a CNAME also exists */ 1035 continue; 1036 1037 case T_CNAME: 1038 if (DontExpandCnames) 1039 { 1040 /* got CNAME -- guaranteed canonical */ 1041 amatch = true; 1042 break; 1043 } 1044 1045 if (loopcnt++ > MAXCNAMEDEPTH) 1046 { 1047 /*XXX should notify postmaster XXX*/ 1048 message("DNS failure: CNAME loop for %s", 1049 host); 1050 if (CurEnv->e_message == NULL) 1051 { 1052 char ebuf[MAXLINE]; 1053 1054 (void) sm_snprintf(ebuf, 1055 sizeof(ebuf), 1056 "Deferred: DNS failure: CNAME loop for %.100s", 1057 host); 1058 CurEnv->e_message = 1059 sm_rpool_strdup_x( 1060 CurEnv->e_rpool, ebuf); 1061 } 1062 SM_SET_H_ERRNO(NO_RECOVERY); 1063 *statp = EX_CONFIG; 1064 return false; 1065 } 1066 1067 /* value points at name */ 1068 if ((ret = dn_expand((unsigned char *)&answer, 1069 eom, ap, (RES_UNC_T) nbuf, 1070 sizeof(nbuf))) < 0) 1071 break; 1072 (void) sm_strlcpy(host, nbuf, hbsize); 1073 1074 /* 1075 ** RFC 1034 section 3.6 specifies that CNAME 1076 ** should point at the canonical name -- but 1077 ** urges software to try again anyway. 1078 */ 1079 1080 goto cnameloop; 1081 1082 default: 1083 /* not a record of interest */ 1084 continue; 1085 } 1086 } 1087 1088 if (amatch) 1089 { 1090 /* 1091 ** Got a good match -- either an A, CNAME, or an 1092 ** exact MX record. Save it and get out of here. 1093 */ 1094 1095 mxmatch = *dp; 1096 break; 1097 } 1098 1099 /* 1100 ** Nothing definitive yet. 1101 ** If this was a T_A query and we haven't yet found a MX 1102 ** match, try T_MX if allowed to do so. 1103 ** Otherwise, try the next domain. 1104 */ 1105 1106 # if NETINET6 1107 if (qtype == T_AAAA) 1108 qtype = T_A; 1109 else 1110 # endif /* NETINET6 */ 1111 if (qtype == T_A && !gotmx && (trymx || **dp == '\0')) 1112 qtype = T_MX; 1113 else 1114 { 1115 qtype = initial; 1116 dp++; 1117 } 1118 } 1119 1120 /* if nothing was found, we are done */ 1121 if (mxmatch == NULL) 1122 { 1123 if (*statp == EX_OK) 1124 *statp = EX_NOHOST; 1125 return false; 1126 } 1127 1128 /* 1129 ** Create canonical name and return. 1130 ** If saved domain name is null, name was already canonical. 1131 ** Otherwise append the saved domain name. 1132 */ 1133 1134 (void) sm_snprintf(nbuf, sizeof(nbuf), "%.*s%s%.*s", MAXDNAME, host, 1135 *mxmatch == '\0' ? "" : ".", 1136 MAXDNAME, mxmatch); 1137 (void) sm_strlcpy(host, nbuf, hbsize); 1138 if (tTd(8, 5)) 1139 sm_dprintf("dns_getcanonname: %s\n", host); 1140 *statp = EX_OK; 1141 1142 /* return only one TTL entry, that should be sufficient */ 1143 if (ttl > 0 && pttl != NULL) 1144 *pttl = ttl; 1145 return true; 1146 } 1147 #endif /* NAMED_BIND */ 1148